flake.lock

@@ -180,11 +180,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709485962,
+        "lastModified": 1709204054,
-        "narHash": "sha256-rmFB4uE10+LJbcVE4ePgiuHOBlUIjQOeZt4VQVJTU8M=",
+        "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d579633ff9915a8f4058d5c439281097e92380a8",
+        "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
         "type": "github"
       },
       "original": {
@@ -200,11 +200,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709110024,
+        "lastModified": 1706522977,
-        "narHash": "sha256-5gJQgQAYZPvT5vzSrR2yHD4wGCQNO7Pds618MMGUTD8=",
+        "narHash": "sha256-Tq69CQ+uutfY477w8uCRyF/2V0Wh/+zHzM3qwcVmqsk=",
         "owner": "rouven0",
         "repo": "TruckSimulatorBot-images",
-        "rev": "05f98442b21c771c90699b55eed8f1e1c0dd50cd",
+        "rev": "d54a772d48a329a402433cc90502700a6699008e",
         "type": "github"
       },
       "original": {
@@ -281,11 +281,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709435391,
+        "lastModified": 1708830466,
-        "narHash": "sha256-s4itTkIVxn5lYeTzwkbAgl99atnjdZv1idI1118vdzA=",
+        "narHash": "sha256-nGKe3Y1/jkLR2eh1aRSVBtKadMBNv8kOnB52UXqRy6A=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "93554c04c2f1c02f4a383538e8848d511c3129e9",
+        "rev": "f070c7eeec3bde8c8c8baa9c02b6d3d5e114d73b",
         "type": "github"
       },
       "original": {
@@ -296,11 +296,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1709237383,
+        "lastModified": 1709150264,
-        "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
+        "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
+        "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
         "type": "github"
       },
       "original": {
@@ -347,11 +347,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709373109,
+        "lastModified": 1698315015,
-        "narHash": "sha256-2f0am1RlTxz8UKNwftzNjJLhgShoW2I5SofA7FwC4Nw=",
+        "narHash": "sha256-RWYymaHHx6pi4HRLfJJTF3u4Im22uUtVZDUvTbP0Qrc=",
         "owner": "rouven0",
         "repo": "pfersel",
-        "rev": "b4d086d43545f5d1735f863eb3aa1e81ca6272ba",
+        "rev": "40292aa59ed9f6630dc39405f318842a9c8e7cb3",
         "type": "github"
       },
       "original": {
@@ -398,11 +398,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709309729,
+        "lastModified": 1706780558,
-        "narHash": "sha256-W6RjXe2/LGFnNGfY9ML4YCDasmqksUWKoMRVPHkIguM=",
+        "narHash": "sha256-tZRNaZKENRzd83oLgqgG/G2A+7FgsISFhgblGjFM244=",
         "owner": "rouven0",
         "repo": "purge",
-        "rev": "0d083d35316101755d2ecb9bba32fefc42df914d",
+        "rev": "3875053bd588aeee14849c50c60f6a33ac784da3",
         "type": "github"
       },
       "original": {
@@ -488,11 +488,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709309746,
+        "lastModified": 1708375524,
-        "narHash": "sha256-janCP2IoaBQIYQVn/LSYXncheCQ2l7u8E7V2XgHz2G8=",
+        "narHash": "sha256-6XxKJhGupxakfrz8GBJJ/l9RvLs3tt9wuj3c8MZoSuo=",
         "owner": "rouven0",
         "repo": "TruckSimulatorBot",
-        "rev": "6a6bd63946a031ac020a9463cddb3a99de9385fd",
+        "rev": "6b33532486100f83fc9c7f2da3d1b54ea4fe5986",
         "type": "github"
       },
       "original": {

hosts/falkenstein/modules/mail/default.nix

@@ -81,6 +81,7 @@ in
         smtpd_sasl_path = "/var/lib/postfix/auth";
         smtpd_sasl_type = "dovecot";
         mailbox_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
+
       };
     };
 
@@ -202,26 +203,31 @@ in
           password = "$2$g1jh7t5cxschj11set5wksd656ixd5ie$cgwrj53hfb87xndqbh5r3ow9qfi1ejii8dxok1ihbnhamccn1rxy";
         '';
         "redis.conf".text = ''
-          read_servers = "/run/redis-rspamd/redis.sock";
+          read_servers = "127.0.0.1";
-          write_servers = "/run/redis-rspamd/redis.sock";
+          write_servers = "127.0.0.1";
         '';
         "milter_headers.conf".text = ''
           use = ["x-spam-level", "x-spam-status", "x-spamd-result", "authentication-results" ];
         '';
         "dmarc.conf".text = ''
           reporting {
-            enabled = true;
+            # Required attributes
-            email = 'reports@${config.networking.domain}';
+            enabled = true; # Enable reports in general
-            domain = '${config.networking.domain}';
+            email = 'reports@${config.networking.domain}'; # Source of DMARC reports
-            org_name = '${config.networking.domain}';
+            domain = '${config.networking.domain}'; # Domain to serve
+            org_name = '${config.networking.domain}'; # Organisation
             from_name = 'DMARC Aggregate Report';
           }
         '';
         "dkim_signing.conf".text = ''
           selector = "rspamd";
           allow_username_mismatch = true;
-          allow_hdrfrom_mismatch = true;
+          domain {
-          path = /var/lib/rspamd/dkim/$domain.key;
+            rfive.de {
+              path = /var/lib/rspamd/dkim/rfive.key;
+              selector = "rspamd";
+            }
+          }
         '';
       };
     };
@@ -229,6 +235,7 @@ in
       vmOverCommit = true;
       servers.rspamd = {
         enable = true;
+        port = 6379;
       };
     };
   };
@@ -255,7 +262,6 @@ in
       };
     };
   };
-  users.users.rspamd.extraGroups = [ "redis-rspamd" ];
   systemd = {
     services.rspamd-dmarc-report = {
       description = "rspamd dmarc reporter";
@@ -265,7 +271,16 @@ in
         User = "rspamd";
         Group = "rspamd";
       };
-      startAt = "daily";
     };
+    timers.rspamd-dmarc-report = {
+      description = "Timer for daily dmarc reports";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "daily";
+        Unit = "rspamd-dmarc-report.service";
+      };
+
+    };
+
   };
 }

hosts/falkenstein/modules/pfersel/default.nix

@@ -2,6 +2,7 @@
 {
   age.secrets.pfersel = {
     file = ../../../../secrets/falkenstein/pfersel.age;
+    owner = "pfersel";
   };
   services.pfersel = {
     enable = true;

shared/nix.nix

@@ -11,12 +11,11 @@
       experimental-features = [ "nix-command" "flakes" "repl-flake" ];
       substituters = [
         "https://cache.rfive.de"
-        # temp disabled until logging error is resolved
+        "https://cache.ifsr.de"
-        # "https://cache.ifsr.de"
       ];
       trusted-public-keys = [
         "cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw="
-        # "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg="
+        "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg="
       ];
     };
   };

shared/systemd.nix

@@ -13,10 +13,6 @@
       enableRootSlice = true;
       enableUserSlices = true;
     };
-    watchdog = {
-      runtimeTime = "30s";
-      rebootTime = "10m";
-    };
   };
 
 }

users/rouven/modules/packages.nix

@@ -29,7 +29,6 @@
     tdesktop
     gajim
     gomuks
-    profanity
     fractal
     tuba # mastodon client