From cb11bc0764042e04e866546f6e90d90a309debce Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 4 Mar 2024 20:04:18 +0100
Subject: [PATCH 1/7] mail: a lot of improvements

---
 hosts/falkenstein/modules/mail/default.nix | 35 +++++++---------------
 1 file changed, 10 insertions(+), 25 deletions(-)

diff --git a/hosts/falkenstein/modules/mail/default.nix b/hosts/falkenstein/modules/mail/default.nix
index 256d899..1e96bae 100644
--- a/hosts/falkenstein/modules/mail/default.nix
+++ b/hosts/falkenstein/modules/mail/default.nix
@@ -81,7 +81,6 @@ in
         smtpd_sasl_path = "/var/lib/postfix/auth";
         smtpd_sasl_type = "dovecot";
         mailbox_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
-
       };
     };
 
@@ -203,31 +202,26 @@ in
           password = "$2$g1jh7t5cxschj11set5wksd656ixd5ie$cgwrj53hfb87xndqbh5r3ow9qfi1ejii8dxok1ihbnhamccn1rxy";
         '';
         "redis.conf".text = ''
-          read_servers = "127.0.0.1";
-          write_servers = "127.0.0.1";
+          read_servers = "/run/redis-rspamd/redis.sock";
+          write_servers = "/run/redis-rspamd/redis.sock";
         '';
         "milter_headers.conf".text = ''
           use = ["x-spam-level", "x-spam-status", "x-spamd-result", "authentication-results" ];
         '';
         "dmarc.conf".text = ''
           reporting {
-            # Required attributes
-            enabled = true; # Enable reports in general
-            email = 'reports@${config.networking.domain}'; # Source of DMARC reports
-            domain = '${config.networking.domain}'; # Domain to serve
-            org_name = '${config.networking.domain}'; # Organisation
+            enabled = true;
+            email = 'reports@${config.networking.domain}';
+            domain = '${config.networking.domain}';
+            org_name = '${config.networking.domain}';
             from_name = 'DMARC Aggregate Report';
           }
         '';
         "dkim_signing.conf".text = ''
           selector = "rspamd";
           allow_username_mismatch = true;
-          domain {
-            rfive.de {
-              path = /var/lib/rspamd/dkim/rfive.key;
-              selector = "rspamd";
-            }
-          }
+          allow_hdrfrom_mismatch = true;
+          path = /var/lib/rspamd/dkim/$domain.key;
         '';
       };
     };
@@ -235,7 +229,6 @@ in
       vmOverCommit = true;
       servers.rspamd = {
         enable = true;
-        port = 6379;
       };
     };
   };
@@ -262,6 +255,7 @@ in
       };
     };
   };
+  users.users.rspamd.extraGroups = [ "redis-rspamd" ];
   systemd = {
     services.rspamd-dmarc-report = {
       description = "rspamd dmarc reporter";
@@ -271,16 +265,7 @@ in
         User = "rspamd";
         Group = "rspamd";
       };
+      startAt = "daily";
     };
-    timers.rspamd-dmarc-report = {
-      description = "Timer for daily dmarc reports";
-      wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnCalendar = "daily";
-        Unit = "rspamd-dmarc-report.service";
-      };
-
-    };
-
   };
 }

From 521c4ffa213b68b0a688653d022e256ca12f73e6 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 4 Mar 2024 20:04:42 +0100
Subject: [PATCH 2/7] network: fix ifsr auth

---
 secrets/thinkpad/ifsr-apb-auth.age | Bin 657 -> 711 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/secrets/thinkpad/ifsr-apb-auth.age b/secrets/thinkpad/ifsr-apb-auth.age
index 153cab03cc731da0c4d76a9abc71e263f2549c70..d372fd2fe9fb026e927095ce5813032b77170623 100644
GIT binary patch
delta 679
zcmV;Y0$BZ#1;+)DEPq*NZ8UaGGg47QS8gvfaaBcXP<U`RW^8X-P%lkbRzxpOY+6Qh
zX<2M&a|%pFZf#6NSSv(kZA4FDN@!$bbudyiMQ?UXXHivEWkEM>F=aA%O>%TmK?*HC
zAaiqQEoEdfH8n9gAVpSsbU9HVX+c*wMsH+BL`O7bc|>wmPk%*aMR`qbHF0clYg0{b
za#nC_G<s-eT31I!3U*^nQg(Q9PEkc?Xi;u=GI~`)bY)d?K}J|JayC(PQf@{>P;xU(
zRZe+l3N0-yAWmmaGi+o?Qc6x~VrnosYGzVYYgtHkIBH}!I9fwPb#qQ@Wo~vdYi(Ld
z3gHBx59vnAtA7$iMxIzhii(5~pehA1Uz%~+i<S#BA1B5l=DHmVTdc^^UaCWzp2!Sy
zg9YnQS-EWojuxexgc2W0U!Os9tep{l0)nHic`th9SKqD>mpQ)mYRDhtgP2RfvT833
zV=VI!HjwRYpWVAk>&FYP`^?{b!}+fmK^pPcIKy<mfPW||p%lU2R(b8Gdf9y?f08N5
z96hG+J{LflIEE6}4-`cpCv?M<UV9>Q3Ae88!cEPmrZ<GF?Q4_PdbPTNE+s7yO<d3(
zhFXqY)2u4aQ^l{LBo+FEnplRFxK`Eg2I`hhwNBH&1}yIdY6q<Y5{S|b<WavN(XPee
zLOgl}*nizif2rCisWPfIVW7zlea2~p7Q&fhxGmli3(jF}ET5a63jzOLt3>EGn|WeN
z&oKZ@CZSehz40({khPDENRgov`zJstOc=f?t$dX*hFW0;LOF-*%lSo*xSA*h^vyOd
zj`-27Jr3M*yWAj>+kI~wr;r^JR;&d0wZ=S$oghcl95B3e)hL?}q>bpiZ&v%6Lp$eZ
NEo8p-0|hegg^P4w9!CHG

delta 624
zcmV-$0+0R21(5}iEPrx%c}a3;R8B`|N<=wrMmc6~K}<noZBJuvHgZB%YHoQ{I8Iks
zMs!3oYYI3qF-|s1O>as|b8s_kW;s?gF;XitIWK2*Ze>SoM^|`7PH<v)VKQlNa|$g!
zAaiqQEoEdfH8n9gAVpSsbU9HVZf|9CN^^QLZ$vawNL6)JS${%kbwO%VWH?xGGcr|U
zXE{SrQCCwlM|ns|3QA-!acFH?XKFA*L2GhrNLE@kRA)zGOhaQzNmDg3XnHe6I5#;p
zcU3lP3N0-yAW~;)bz(_5OLkLmVMI+vFfv#%S!YyDY)^DGO=(VXWKnG}H*Rk)Z+dED
z3MGQ?F+xvvL4P+|_35ydf^9@pY{*Om@~w!lOcuv!Zo6j8j-PUZBF-ex_m)1AVFu9D
z9~_^crR|RIs$5@}!xMz6qzjtn;3q7&_$_>5&kqcF>*sp9Tp;RyhsYl{A|McKe`4qy
z4d!c*0r~YrquS5Asm)({gD1LGp&9Ca@RTq|yKI8^JAVdgw7hZK%f=J>?uxdt*lUAj
zeJdstcGpD#r!iyq{?$y2<DHhT`yui;ln0%wolv`ms#SZ0VSqf9I7RjgSBjyC6mh;d
zJ>Tzrq5}Qm+H}s>9_)05e|@UUb<pnH-5bU@hqbt~WbvD25~7jmlH3l<49bqzDsQKD
zXGyLxPH8+nq_*eH<acZmJie|Hz1sZzt`5h3H5-jf=LHkt1$1c6E?Q^^<%7E}I|nAQ
zbOeiZ)`dLt<Bi}qU;u}HF>Pc#3)i$TP2o0l1zLnrTR&Box83OhjMD5og#JCc%p%NM
KmxwKj^Ku#h-wsRw


From 7536c6398a045cb21934543baa4cb10da583ce4b Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 4 Mar 2024 20:05:00 +0100
Subject: [PATCH 3/7] ifsr cache: disable

---
 shared/nix.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/shared/nix.nix b/shared/nix.nix
index ba3d866..cb5c735 100644
--- a/shared/nix.nix
+++ b/shared/nix.nix
@@ -11,11 +11,12 @@
       experimental-features = [ "nix-command" "flakes" "repl-flake" ];
       substituters = [
         "https://cache.rfive.de"
-        "https://cache.ifsr.de"
+        # temp disabled until logging error is resolved
+        # "https://cache.ifsr.de"
       ];
       trusted-public-keys = [
         "cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw="
-        "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg="
+        # "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg="
       ];
     };
   };

From a85d214498a25a69aa5adb5a6efc6007c189363a Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 4 Mar 2024 20:05:39 +0100
Subject: [PATCH 4/7] pfersel: remove secret owner

---
 hosts/falkenstein/modules/pfersel/default.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hosts/falkenstein/modules/pfersel/default.nix b/hosts/falkenstein/modules/pfersel/default.nix
index 1c6dc0d..b203b59 100644
--- a/hosts/falkenstein/modules/pfersel/default.nix
+++ b/hosts/falkenstein/modules/pfersel/default.nix
@@ -2,7 +2,6 @@
 {
   age.secrets.pfersel = {
     file = ../../../../secrets/falkenstein/pfersel.age;
-    owner = "pfersel";
   };
   services.pfersel = {
     enable = true;

From ccdda35325dac23d49e996f6b15e540aca4d8751 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 4 Mar 2024 20:06:38 +0100
Subject: [PATCH 5/7] systemd: enable watchdog

---
 shared/systemd.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/shared/systemd.nix b/shared/systemd.nix
index 4adfba9..45193d8 100644
--- a/shared/systemd.nix
+++ b/shared/systemd.nix
@@ -13,6 +13,10 @@
       enableRootSlice = true;
       enableUserSlices = true;
     };
+    watchdog = {
+      runtimeTime = "30s";
+      rebootTime = "10m";
+    };
   };
 
 }

From 9568038d82a1fe7ef371a6ebae79318e40cb1039 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 4 Mar 2024 20:06:57 +0100
Subject: [PATCH 6/7] user: init profanity

---
 users/rouven/modules/packages.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix
index 429861a..d66570a 100644
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@@ -29,6 +29,7 @@
     tdesktop
     gajim
     gomuks
+    profanity
     fractal
     tuba # mastodon client
 

From d3fd3e9b1772bc1bf259dbb39a257a57ff91585c Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Mon, 4 Mar 2024 20:07:10 +0100
Subject: [PATCH 7/7] flake: update

---
 flake.lock | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/flake.lock b/flake.lock
index 6ad590c..425358b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -180,11 +180,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709204054,
-        "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
+        "lastModified": 1709485962,
+        "narHash": "sha256-rmFB4uE10+LJbcVE4ePgiuHOBlUIjQOeZt4VQVJTU8M=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
+        "rev": "d579633ff9915a8f4058d5c439281097e92380a8",
         "type": "github"
       },
       "original": {
@@ -200,11 +200,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706522977,
-        "narHash": "sha256-Tq69CQ+uutfY477w8uCRyF/2V0Wh/+zHzM3qwcVmqsk=",
+        "lastModified": 1709110024,
+        "narHash": "sha256-5gJQgQAYZPvT5vzSrR2yHD4wGCQNO7Pds618MMGUTD8=",
         "owner": "rouven0",
         "repo": "TruckSimulatorBot-images",
-        "rev": "d54a772d48a329a402433cc90502700a6699008e",
+        "rev": "05f98442b21c771c90699b55eed8f1e1c0dd50cd",
         "type": "github"
       },
       "original": {
@@ -281,11 +281,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1708830466,
-        "narHash": "sha256-nGKe3Y1/jkLR2eh1aRSVBtKadMBNv8kOnB52UXqRy6A=",
+        "lastModified": 1709435391,
+        "narHash": "sha256-s4itTkIVxn5lYeTzwkbAgl99atnjdZv1idI1118vdzA=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "f070c7eeec3bde8c8c8baa9c02b6d3d5e114d73b",
+        "rev": "93554c04c2f1c02f4a383538e8848d511c3129e9",
         "type": "github"
       },
       "original": {
@@ -296,11 +296,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1709150264,
-        "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
+        "lastModified": 1709237383,
+        "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
+        "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
         "type": "github"
       },
       "original": {
@@ -347,11 +347,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1698315015,
-        "narHash": "sha256-RWYymaHHx6pi4HRLfJJTF3u4Im22uUtVZDUvTbP0Qrc=",
+        "lastModified": 1709373109,
+        "narHash": "sha256-2f0am1RlTxz8UKNwftzNjJLhgShoW2I5SofA7FwC4Nw=",
         "owner": "rouven0",
         "repo": "pfersel",
-        "rev": "40292aa59ed9f6630dc39405f318842a9c8e7cb3",
+        "rev": "b4d086d43545f5d1735f863eb3aa1e81ca6272ba",
         "type": "github"
       },
       "original": {
@@ -398,11 +398,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706780558,
-        "narHash": "sha256-tZRNaZKENRzd83oLgqgG/G2A+7FgsISFhgblGjFM244=",
+        "lastModified": 1709309729,
+        "narHash": "sha256-W6RjXe2/LGFnNGfY9ML4YCDasmqksUWKoMRVPHkIguM=",
         "owner": "rouven0",
         "repo": "purge",
-        "rev": "3875053bd588aeee14849c50c60f6a33ac784da3",
+        "rev": "0d083d35316101755d2ecb9bba32fefc42df914d",
         "type": "github"
       },
       "original": {
@@ -488,11 +488,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1708375524,
-        "narHash": "sha256-6XxKJhGupxakfrz8GBJJ/l9RvLs3tt9wuj3c8MZoSuo=",
+        "lastModified": 1709309746,
+        "narHash": "sha256-janCP2IoaBQIYQVn/LSYXncheCQ2l7u8E7V2XgHz2G8=",
         "owner": "rouven0",
         "repo": "TruckSimulatorBot",
-        "rev": "6b33532486100f83fc9c7f2da3d1b54ea4fe5986",
+        "rev": "6a6bd63946a031ac020a9463cddb3a99de9385fd",
         "type": "github"
       },
       "original": {