From f0cae501f90a1927b25a432d7d2ce5172491939e Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 22 Jan 2024 01:10:47 +0100 Subject: [PATCH 1/5] pull in latest fix for trucksim v2 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 1099d0c..14b12f7 100644 --- a/flake.lock +++ b/flake.lock @@ -488,11 +488,11 @@ ] }, "locked": { - "lastModified": 1705882164, - "narHash": "sha256-HAjEar8nN4HtOTEeA6LRjq40SPS84YWrfXMBBh7jCF8=", + "lastModified": 1705882231, + "narHash": "sha256-OyWYOsl876tAJ443p9lKSDIrBtq80JZ/OlmrVVdIHF4=", "owner": "therealr5", "repo": "TruckSimulatorBot", - "rev": "b59e230bdec747dbff7e15447cf68791a31c323f", + "rev": "9ae3c21b72b1f49f0b15808eb61b10600e00a845", "type": "github" }, "original": { From 7a8e304ca1d48e0b874f97418198e37e178def51 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Thu, 25 Jan 2024 18:19:48 +0100 Subject: [PATCH 2/5] nuc: disable dnssec as it breaks matrix --- hosts/nuc/modules/matrix/default.nix | 3 +++ hosts/nuc/modules/networks/default.nix | 3 ++- hosts/nuc/modules/prometheus/default.nix | 18 +++++++++--------- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/hosts/nuc/modules/matrix/default.nix b/hosts/nuc/modules/matrix/default.nix index ec40060..86f4ff2 100644 --- a/hosts/nuc/modules/matrix/default.nix +++ b/hosts/nuc/modules/matrix/default.nix @@ -27,6 +27,9 @@ in enable = true; configureRedisLocally = true; extraConfigFiles = [ config.age.secrets."matrix/shared".path ]; + log = { + root.level = "WARNING"; + }; settings = { server_name = config.networking.domain; diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix index 6a39bcb..a900607 100644 --- a/hosts/nuc/modules/networks/default.nix +++ b/hosts/nuc/modules/networks/default.nix @@ -14,7 +14,8 @@ }; services.resolved = { enable = true; - dnssec = "true"; + # dnssec is broken + # dnssec = "true"; fallbackDns = [ "9.9.9.9" "149.112.112.112" diff --git a/hosts/nuc/modules/prometheus/default.nix b/hosts/nuc/modules/prometheus/default.nix index 2b068b7..3d4f2af 100644 --- a/hosts/nuc/modules/prometheus/default.nix +++ b/hosts/nuc/modules/prometheus/default.nix @@ -10,7 +10,7 @@ in enable = true; enabledCollectors = [ "systemd" ]; }; - postgres.enable = true; + # postgres.enable = true; }; scrapeConfigs = [ { @@ -21,14 +21,14 @@ in } ]; } - { - job_name = "postgres"; - static_configs = [ - { - targets = [ "127.0.0.1:${toString exportersConfig.postgres.port}" ]; - } - ]; - } + # { + # job_name = "postgres"; + # static_configs = [ + # { + # targets = [ "127.0.0.1:${toString exportersConfig.postgres.port}" ]; + # } + # ]; + # } ]; }; From 0fb57287bdc7027eb6d6b9e2f0b1680c8c002a88 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Thu, 25 Jan 2024 18:20:24 +0100 Subject: [PATCH 3/5] falkenstein: add some spoofing restrictions --- hosts/falkenstein/modules/mail/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/falkenstein/modules/mail/default.nix b/hosts/falkenstein/modules/mail/default.nix index d1aff0c..54302df 100644 --- a/hosts/falkenstein/modules/mail/default.nix +++ b/hosts/falkenstein/modules/mail/default.nix @@ -12,6 +12,10 @@ let /^\s*X-Originating-IP/ IGNORE /^\s*Mime-Version/ IGNORE ''; + login_maps = pkgs.writeText "login_maps.pcre" '' + # basic username => username@rfive.de + /^([^@+]*)(\+[^@]*)?@rfive\.de$/ ''${1} + ''; in { networking.firewall.allowedTCPPorts = [ @@ -93,6 +97,10 @@ in "permit_mynetworks" "reject_unauth_destination" ]; + smtpd_sender_restrictions = [ + "reject_authenticated_sender_login_mismatch" + ]; + smtpd_sender_login_maps = [ "pcre:${login_maps}" ]; smtp_header_checks = "pcre:${header_cleanup}"; alias_maps = [ "hash:/etc/aliases" ]; From a420d6c154072f424806899d936903d141d77ea8 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Thu, 25 Jan 2024 18:21:20 +0100 Subject: [PATCH 4/5] user: install typst and just --- users/rouven/modules/helix/default.nix | 1 + users/rouven/modules/packages.nix | 2 ++ 2 files changed, 3 insertions(+) diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix index 5ea866f..2fc2ee1 100644 --- a/users/rouven/modules/helix/default.nix +++ b/users/rouven/modules/helix/default.nix @@ -5,6 +5,7 @@ lldb rust-analyzer rnix-lsp + typst-lsp (python3.withPackages (ps: with ps; [ pyls-isort pylsp-mypy diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index e538165..b20a00e 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -53,6 +53,7 @@ mosh ansible plover.dev + typst # programming languages cargo @@ -63,6 +64,7 @@ nodejs_20 gnumake go + just ]; From ea1f8c7bd1cf48f98ae42b5c1d3c6ff67e170e2f Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Thu, 25 Jan 2024 18:21:51 +0100 Subject: [PATCH 5/5] flake updates --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 14b12f7..5b54bca 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1705879479, - "narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=", + "lastModified": 1706134977, + "narHash": "sha256-KwNb1Li3K6vuVwZ77tFjZ89AWBo7AiCs9t0Cens4BsM=", "owner": "nix-community", "repo": "home-manager", - "rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913", + "rev": "6359d40f6ec0b72a38e02b333f343c3d4929ec10", "type": "github" }, "original": { @@ -296,11 +296,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705677747, - "narHash": "sha256-eyM3okYtMgYDgmYukoUzrmuoY4xl4FUujnsv/P6I/zI=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bbe7d8f876fbbe7c959c90ba2ae2852220573261", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": {