diff --git a/flake.lock b/flake.lock index 16cdc90..be1cd3c 100644 --- a/flake.lock +++ b/flake.lock @@ -39,11 +39,11 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1746874492, - "narHash": "sha256-Gm2Eb5KBxAL6y9WJj7phRMXNAZzVkKlm9Dky9WDZHtQ=", + "lastModified": 1746770624, + "narHash": "sha256-40c1p1EiveXd8P4MsG21+M4x/0QOCGQJP0ISyx9L1QE=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "2ef24fac993808a1a57f367ef58ac0f5254c3489", + "rev": "0b5a36483867e2473a40610d0dcb7cb06260a6cf", "type": "github" }, "original": { @@ -85,26 +85,6 @@ "type": "github" } }, - "caddy-patched": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1746901403, - "narHash": "sha256-2tkRHeNEkaE1x0ayfi30+nrIQv4Nio/NeT8U3i3qeQA=", - "owner": "rouven0", - "repo": "nixos-caddy-patched", - "rev": "ad2df7623e62ee4595c8f523b30cf6914a2cb6bd", - "type": "github" - }, - "original": { - "owner": "rouven0", - "repo": "nixos-caddy-patched", - "type": "github" - } - }, "crane": { "locked": { "lastModified": 1731098351, @@ -299,11 +279,11 @@ ] }, "locked": { - "lastModified": 1746892839, - "narHash": "sha256-0b9us0bIOgA1j/s/6zlxVyP3m97yAh0U+YwKayJ6mmU=", + "lastModified": 1746798521, + "narHash": "sha256-axfz/jBEH9XHpS7YSumstV7b2PrPf7L8bhWUtLBv3nA=", "owner": "nix-community", "repo": "home-manager", - "rev": "12e67385964d9c9304daa81d0ad5ba3b01fdd35e", + "rev": "e95a7c5b6fa93304cd2fd78cf676c4f6d23c422c", "type": "github" }, "original": { @@ -636,7 +616,6 @@ "inputs": { "agenix": "agenix", "authentik": "authentik", - "caddy-patched": "caddy-patched", "dns": "dns", "home-manager": "home-manager", "impermanence": "impermanence", diff --git a/flake.nix b/flake.nix index 61d6a1b..ea13a0e 100644 --- a/flake.nix +++ b/flake.nix @@ -47,10 +47,6 @@ url = "github:nix-community/lanzaboote/v0.4.2"; inputs.nixpkgs.follows = "nixpkgs"; }; - caddy-patched = { - url = "github:rouven0/nixos-caddy-patched"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = @@ -66,7 +62,6 @@ , purge , trucksimulatorbot , pfersel - , caddy-patched , ... }@attrs: { packages.x86_64-linux = { diff --git a/hosts/falkenstein/modules/caddy/default.nix b/hosts/falkenstein/modules/caddy/default.nix index 2099cad..b5126b1 100644 --- a/hosts/falkenstein/modules/caddy/default.nix +++ b/hosts/falkenstein/modules/caddy/default.nix @@ -1,4 +1,4 @@ -{ config, caddy-patched, ... }: +{ config, ... }: let # matrix homeserver discovery matrix_domain = "matrix.${config.networking.domain}"; diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix index 80db608..e9dfcda 100644 --- a/hosts/falkenstein/modules/dns/default.nix +++ b/hosts/falkenstein/modules/dns/default.nix @@ -11,8 +11,7 @@ let { nameServer = "ns.rfive.de."; adminEmail = "hostmaster@rfive.de"; - # serial = lib.strings.toInt (builtins.substring 0 8 self.sourceInfo.lastModifiedDate + toString ((modulo self.sourceInfo.lastModified 86400) / 864)); - serial = 2025051079; + serial = lib.strings.toInt (builtins.substring 0 8 self.sourceInfo.lastModifiedDate + toString ((modulo self.sourceInfo.lastModified 86400) / 864)); refresh = 10800; retry = 3600; expire = 604800; @@ -34,17 +33,10 @@ let (spf.soft [ "mx" ]) ]; - subdomains = let - # fetches all VgetVirtualHosts from the caddy config getVirtualHosts = hostname: map (name: builtins.substring 0 (builtins.stringLength name - (builtins.stringLength domain + 1)) name) (builtins.attrNames self.nixosConfigurations."${hostname}".config.services.caddy.virtualHosts); - # generate CNAMES from caddy service to host genCNAMEs = hostname: lib.attrsets.genAttrs (getVirtualHosts hostname) (_label: { CNAME = [ "${hostname}.${domain}." ]; }); - # generate ACME challenge recorsd for every VirtualHost - genACMECNAMEs = hostname: lib.attrsets.genAttrs (getVirtualHosts hostname) (_label: { subdomains._acme-challenge.CNAME = [ "challenge.acme.${domain}." ]; }); - # fuckery to merge the generated attribute lists - mergeRecords = recordList: lib.attrsets.mapAttrs (_host: records: lib.attrsets.mergeAttrsList records) (lib.attrsets.zipAttrs recordList); in lib.attrsets.mergeAttrsList [ rec { @@ -62,17 +54,9 @@ let mail = falkenstein; _dmarc.TXT = [ "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" ]; _domainkey.subdomains.rspamd.TXT = [ "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" ]; - "*".subdomains."_acme-challenge".CNAME = [ "challenge.acme.rfive.de" ]; } - (mergeRecords [ - (builtins.removeAttrs (genCNAMEs "nuc") ([ ":2018" ] ++ (builtins.filter (host: lib.strings.hasInfix "vpn" host) (getVirtualHosts "nuc")))) - (builtins.removeAttrs (genACMECNAMEs "nuc") ([ ":2018" ])) - ]) - (mergeRecords [ - (builtins.removeAttrs (genCNAMEs "falkenstein") ([ ":2018" "mail" ])) - (builtins.removeAttrs (genACMECNAMEs "falkenstein") ([ ":2018" "mail" ])) - ]) - (builtins.removeAttrs (genACMECNAMEs "fujitsu") ([ ":2018" ])) + (builtins.removeAttrs (genCNAMEs "nuc") [ ":2018" ]) + (builtins.removeAttrs (genCNAMEs "falkenstein") [ "mail" ":2018" ]) ]; }); in @@ -101,9 +85,6 @@ in dnssec-policy split-keys; inline-signing yes; serial-update-method date; - update-policy { - grant caddy. name challenge.acme.rfive.de. txt; - }; ''; file = "${directory}/rfive.de.zone.txt"; }; diff --git a/hosts/fujitsu/modules/jellyfin/default.nix b/hosts/fujitsu/modules/jellyfin/default.nix index 12f003e..fdb5880 100644 --- a/hosts/fujitsu/modules/jellyfin/default.nix +++ b/hosts/fujitsu/modules/jellyfin/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, ... }: let domain = "media.vpn.rfive.de"; in @@ -6,7 +6,7 @@ in services.jellyfin = { enable = true; }; - services.caddy.virtualHosts."${domain}".extraConfig = '' + services.caddy.virtualHosts."http://${domain}".extraConfig = '' reverse_proxy 127.0.0.1:8096 ''; } diff --git a/hosts/nuc/modules/adguard/default.nix b/hosts/nuc/modules/adguard/default.nix index 193e99d..86ef790 100644 --- a/hosts/nuc/modules/adguard/default.nix +++ b/hosts/nuc/modules/adguard/default.nix @@ -13,7 +13,7 @@ in http.address = "127.0.0.1:${toString port}"; }; }; - services.caddy.virtualHosts."${domain}".extraConfig = '' + services.caddy.virtualHosts."http://${domain}".extraConfig = '' reverse_proxy 127.0.0.1:${toString port} ''; } diff --git a/hosts/nuc/modules/atuin/default.nix b/hosts/nuc/modules/atuin/default.nix index 4e48bf9..96442cf 100644 --- a/hosts/nuc/modules/atuin/default.nix +++ b/hosts/nuc/modules/atuin/default.nix @@ -6,7 +6,7 @@ in services.atuin = { enable = true; }; - services.caddy.virtualHosts."${domain}".extraConfig = '' + services.caddy.virtualHosts."http://${domain}".extraConfig = '' reverse_proxy 127.0.0.1:${toString config.services.atuin.port} ''; } diff --git a/hosts/nuc/modules/indexing/prowlarr.nix b/hosts/nuc/modules/indexing/prowlarr.nix index 4c66610..5a2910b 100644 --- a/hosts/nuc/modules/indexing/prowlarr.nix +++ b/hosts/nuc/modules/indexing/prowlarr.nix @@ -6,7 +6,7 @@ in services.prowlarr = { enable = true; }; - services.caddy.virtualHosts."${domain}".extraConfig = '' + services.caddy.virtualHosts."http://${domain}".extraConfig = '' reverse_proxy 127.0.0.1:${toString config.services.prowlarr.settings.server.port} ''; } diff --git a/hosts/nuc/modules/indexing/radarr.nix b/hosts/nuc/modules/indexing/radarr.nix index f334ce4..1eda08e 100644 --- a/hosts/nuc/modules/indexing/radarr.nix +++ b/hosts/nuc/modules/indexing/radarr.nix @@ -6,7 +6,7 @@ in services.radarr = { enable = true; }; - services.caddy.virtualHosts."${domain}".extraConfig = '' + services.caddy.virtualHosts."http://${domain}".extraConfig = '' reverse_proxy 127.0.0.1:${toString config.services.radarr.settings.server.port} ''; } diff --git a/hosts/nuc/modules/indexing/sonarr.nix b/hosts/nuc/modules/indexing/sonarr.nix index ebc3e5d..2596e14 100644 --- a/hosts/nuc/modules/indexing/sonarr.nix +++ b/hosts/nuc/modules/indexing/sonarr.nix @@ -6,7 +6,7 @@ in services.sonarr = { enable = true; }; - services.caddy.virtualHosts."${domain}".extraConfig = '' + services.caddy.virtualHosts."http://${domain}".extraConfig = '' reverse_proxy 127.0.0.1:${toString config.services.sonarr.settings.server.port} ''; } diff --git a/hosts/nuc/modules/torrent/default.nix b/hosts/nuc/modules/torrent/default.nix index 38db1f9..dd9e081 100644 --- a/hosts/nuc/modules/torrent/default.nix +++ b/hosts/nuc/modules/torrent/default.nix @@ -125,7 +125,7 @@ in SystemCallFilter = "@system-service"; }; }; - services.caddy.virtualHosts."${domain}".extraConfig = '' + services.caddy.virtualHosts."http://${domain}".extraConfig = '' reverse_proxy 127.0.0.1:${toString cfg.port} ''; systemd.tmpfiles.rules = [ diff --git a/overlays/default.nix b/overlays/default.nix index 871c5cb..51143f3 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,6 +1,7 @@ _final: prev: let inherit (prev) callPackage; + inherit (prev) fetchFromGitHub; inherit (prev) fetchpatch; in { @@ -11,7 +12,6 @@ in rm $out/share/applications/pcmanfm-desktop-pref.desktop ''; }); - # fix slow escape key zsh-vi-mode = prev.zsh-vi-mode.overrideAttrs (_: { patches = [ (fetchpatch { @@ -24,7 +24,31 @@ in ianny = callPackage ../pkgs/ianny { }; tpm2-pkcs11 = prev.tpm2-pkcs11.override { fapiSupport = false; }; + zsh-fzf-tab = prev.zsh-fzf-tab.overrideAttrs (_: rec { + version = "1.1.1"; + src = fetchFromGitHub { + owner = "Aloxaf"; + repo = "fzf-tab"; + rev = "v${version}"; + sha256 = "sha256-0/YOL1/G2SWncbLNaclSYUz7VyfWu+OB8TYJYm4NYkM="; + }; + + }); + gnome-break-timer = callPackage ../pkgs/gnome-break-timer { }; jmri = callPackage ../pkgs/jmri { }; adguardian-term = callPackage ../pkgs/adguardian-term { }; + python312 = prev.python312.override { + packageOverrides = _final: prev: { + pysaml2 = prev.pysaml2.overridePythonAttrs (orig: { + disabledTests = + orig.disabledTests + ++ [ + "test_encrypted_response_6" + "test_validate_cert_chains" + "test_validate_with_root_cert" + ]; + }); + }; + }; } diff --git a/shared/caddy/default.nix b/shared/caddy/default.nix index bf4aa0d..ef52dd7 100644 --- a/shared/caddy/default.nix +++ b/shared/caddy/default.nix @@ -1,8 +1,7 @@ -{ config, caddy-patched, ... }: +{ config, ... }: { services.caddy = { enable = true; - # package = caddy-patched.packages.x86_64-linux.default; email = "ca@${config.networking.domain}"; logFormat = "format console"; globalConfig = ''