diff --git a/flake.lock b/flake.lock index 425358b..6ad590c 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1709485962, - "narHash": "sha256-rmFB4uE10+LJbcVE4ePgiuHOBlUIjQOeZt4VQVJTU8M=", + "lastModified": 1709204054, + "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", "owner": "nix-community", "repo": "home-manager", - "rev": "d579633ff9915a8f4058d5c439281097e92380a8", + "rev": "2f3367769a93b226c467551315e9e270c3f78b15", "type": "github" }, "original": { @@ -200,11 +200,11 @@ ] }, "locked": { - "lastModified": 1709110024, - "narHash": "sha256-5gJQgQAYZPvT5vzSrR2yHD4wGCQNO7Pds618MMGUTD8=", + "lastModified": 1706522977, + "narHash": "sha256-Tq69CQ+uutfY477w8uCRyF/2V0Wh/+zHzM3qwcVmqsk=", "owner": "rouven0", "repo": "TruckSimulatorBot-images", - "rev": "05f98442b21c771c90699b55eed8f1e1c0dd50cd", + "rev": "d54a772d48a329a402433cc90502700a6699008e", "type": "github" }, "original": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1709435391, - "narHash": "sha256-s4itTkIVxn5lYeTzwkbAgl99atnjdZv1idI1118vdzA=", + "lastModified": 1708830466, + "narHash": "sha256-nGKe3Y1/jkLR2eh1aRSVBtKadMBNv8kOnB52UXqRy6A=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "93554c04c2f1c02f4a383538e8848d511c3129e9", + "rev": "f070c7eeec3bde8c8c8baa9c02b6d3d5e114d73b", "type": "github" }, "original": { @@ -296,11 +296,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709237383, - "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", + "lastModified": 1709150264, + "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", + "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08", "type": "github" }, "original": { @@ -347,11 +347,11 @@ ] }, "locked": { - "lastModified": 1709373109, - "narHash": "sha256-2f0am1RlTxz8UKNwftzNjJLhgShoW2I5SofA7FwC4Nw=", + "lastModified": 1698315015, + "narHash": "sha256-RWYymaHHx6pi4HRLfJJTF3u4Im22uUtVZDUvTbP0Qrc=", "owner": "rouven0", "repo": "pfersel", - "rev": "b4d086d43545f5d1735f863eb3aa1e81ca6272ba", + "rev": "40292aa59ed9f6630dc39405f318842a9c8e7cb3", "type": "github" }, "original": { @@ -398,11 +398,11 @@ ] }, "locked": { - "lastModified": 1709309729, - "narHash": "sha256-W6RjXe2/LGFnNGfY9ML4YCDasmqksUWKoMRVPHkIguM=", + "lastModified": 1706780558, + "narHash": "sha256-tZRNaZKENRzd83oLgqgG/G2A+7FgsISFhgblGjFM244=", "owner": "rouven0", "repo": "purge", - "rev": "0d083d35316101755d2ecb9bba32fefc42df914d", + "rev": "3875053bd588aeee14849c50c60f6a33ac784da3", "type": "github" }, "original": { @@ -488,11 +488,11 @@ ] }, "locked": { - "lastModified": 1709309746, - "narHash": "sha256-janCP2IoaBQIYQVn/LSYXncheCQ2l7u8E7V2XgHz2G8=", + "lastModified": 1708375524, + "narHash": "sha256-6XxKJhGupxakfrz8GBJJ/l9RvLs3tt9wuj3c8MZoSuo=", "owner": "rouven0", "repo": "TruckSimulatorBot", - "rev": "6a6bd63946a031ac020a9463cddb3a99de9385fd", + "rev": "6b33532486100f83fc9c7f2da3d1b54ea4fe5986", "type": "github" }, "original": { diff --git a/hosts/falkenstein/modules/mail/default.nix b/hosts/falkenstein/modules/mail/default.nix index 1e96bae..256d899 100644 --- a/hosts/falkenstein/modules/mail/default.nix +++ b/hosts/falkenstein/modules/mail/default.nix @@ -81,6 +81,7 @@ in smtpd_sasl_path = "/var/lib/postfix/auth"; smtpd_sasl_type = "dovecot"; mailbox_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp"; + }; }; @@ -202,26 +203,31 @@ in password = "$2$g1jh7t5cxschj11set5wksd656ixd5ie$cgwrj53hfb87xndqbh5r3ow9qfi1ejii8dxok1ihbnhamccn1rxy"; ''; "redis.conf".text = '' - read_servers = "/run/redis-rspamd/redis.sock"; - write_servers = "/run/redis-rspamd/redis.sock"; + read_servers = "127.0.0.1"; + write_servers = "127.0.0.1"; ''; "milter_headers.conf".text = '' use = ["x-spam-level", "x-spam-status", "x-spamd-result", "authentication-results" ]; ''; "dmarc.conf".text = '' reporting { - enabled = true; - email = 'reports@${config.networking.domain}'; - domain = '${config.networking.domain}'; - org_name = '${config.networking.domain}'; + # Required attributes + enabled = true; # Enable reports in general + email = 'reports@${config.networking.domain}'; # Source of DMARC reports + domain = '${config.networking.domain}'; # Domain to serve + org_name = '${config.networking.domain}'; # Organisation from_name = 'DMARC Aggregate Report'; } ''; "dkim_signing.conf".text = '' selector = "rspamd"; allow_username_mismatch = true; - allow_hdrfrom_mismatch = true; - path = /var/lib/rspamd/dkim/$domain.key; + domain { + rfive.de { + path = /var/lib/rspamd/dkim/rfive.key; + selector = "rspamd"; + } + } ''; }; }; @@ -229,6 +235,7 @@ in vmOverCommit = true; servers.rspamd = { enable = true; + port = 6379; }; }; }; @@ -255,7 +262,6 @@ in }; }; }; - users.users.rspamd.extraGroups = [ "redis-rspamd" ]; systemd = { services.rspamd-dmarc-report = { description = "rspamd dmarc reporter"; @@ -265,7 +271,16 @@ in User = "rspamd"; Group = "rspamd"; }; - startAt = "daily"; }; + timers.rspamd-dmarc-report = { + description = "Timer for daily dmarc reports"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Unit = "rspamd-dmarc-report.service"; + }; + + }; + }; } diff --git a/hosts/falkenstein/modules/pfersel/default.nix b/hosts/falkenstein/modules/pfersel/default.nix index b203b59..1c6dc0d 100644 --- a/hosts/falkenstein/modules/pfersel/default.nix +++ b/hosts/falkenstein/modules/pfersel/default.nix @@ -2,6 +2,7 @@ { age.secrets.pfersel = { file = ../../../../secrets/falkenstein/pfersel.age; + owner = "pfersel"; }; services.pfersel = { enable = true; diff --git a/secrets/thinkpad/ifsr-apb-auth.age b/secrets/thinkpad/ifsr-apb-auth.age index d372fd2..153cab0 100644 Binary files a/secrets/thinkpad/ifsr-apb-auth.age and b/secrets/thinkpad/ifsr-apb-auth.age differ diff --git a/shared/nix.nix b/shared/nix.nix index cb5c735..ba3d866 100644 --- a/shared/nix.nix +++ b/shared/nix.nix @@ -11,12 +11,11 @@ experimental-features = [ "nix-command" "flakes" "repl-flake" ]; substituters = [ "https://cache.rfive.de" - # temp disabled until logging error is resolved - # "https://cache.ifsr.de" + "https://cache.ifsr.de" ]; trusted-public-keys = [ "cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw=" - # "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg=" + "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg=" ]; }; }; diff --git a/shared/systemd.nix b/shared/systemd.nix index 45193d8..4adfba9 100644 --- a/shared/systemd.nix +++ b/shared/systemd.nix @@ -13,10 +13,6 @@ enableRootSlice = true; enableUserSlices = true; }; - watchdog = { - runtimeTime = "30s"; - rebootTime = "10m"; - }; }; } diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index d66570a..429861a 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -29,7 +29,6 @@ tdesktop gajim gomuks - profanity fractal tuba # mastodon client