flake updates

flake.lock

@@ -180,11 +180,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1705879479,
+        "lastModified": 1706134977,
-        "narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=",
+        "narHash": "sha256-KwNb1Li3K6vuVwZ77tFjZ89AWBo7AiCs9t0Cens4BsM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913",
+        "rev": "6359d40f6ec0b72a38e02b333f343c3d4929ec10",
         "type": "github"
       },
       "original": {
@@ -296,11 +296,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1705677747,
+        "lastModified": 1705856552,
-        "narHash": "sha256-eyM3okYtMgYDgmYukoUzrmuoY4xl4FUujnsv/P6I/zI=",
+        "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "bbe7d8f876fbbe7c959c90ba2ae2852220573261",
+        "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
         "type": "github"
       },
       "original": {
@@ -488,11 +488,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1705882164,
+        "lastModified": 1705882231,
-        "narHash": "sha256-HAjEar8nN4HtOTEeA6LRjq40SPS84YWrfXMBBh7jCF8=",
+        "narHash": "sha256-OyWYOsl876tAJ443p9lKSDIrBtq80JZ/OlmrVVdIHF4=",
         "owner": "therealr5",
         "repo": "TruckSimulatorBot",
-        "rev": "b59e230bdec747dbff7e15447cf68791a31c323f",
+        "rev": "9ae3c21b72b1f49f0b15808eb61b10600e00a845",
         "type": "github"
       },
       "original": {

hosts/falkenstein/modules/mail/default.nix

@@ -12,6 +12,10 @@ let
     /^\s*X-Originating-IP/ IGNORE
     /^\s*Mime-Version/ IGNORE
   '';
+  login_maps = pkgs.writeText "login_maps.pcre" ''
+    # basic username => username@rfive.de
+    /^([^@+]*)(\+[^@]*)?@rfive\.de$/ ''${1}
+  '';
 in
 {
   networking.firewall.allowedTCPPorts = [
@@ -93,6 +97,10 @@ in
           "permit_mynetworks"
           "reject_unauth_destination"
         ];
+        smtpd_sender_restrictions = [
+          "reject_authenticated_sender_login_mismatch"
+        ];
+        smtpd_sender_login_maps = [ "pcre:${login_maps}" ];
         smtp_header_checks = "pcre:${header_cleanup}";
 
         alias_maps = [ "hash:/etc/aliases" ];

hosts/nuc/modules/matrix/default.nix

@@ -27,6 +27,9 @@ in
       enable = true;
       configureRedisLocally = true;
       extraConfigFiles = [ config.age.secrets."matrix/shared".path ];
+      log = {
+        root.level = "WARNING";
+      };
 
       settings = {
         server_name = config.networking.domain;

hosts/nuc/modules/networks/default.nix

@@ -14,7 +14,8 @@
   };
   services.resolved = {
     enable = true;
-    dnssec = "true";
+    # dnssec is broken
+    # dnssec = "true";
     fallbackDns = [
       "9.9.9.9"
       "149.112.112.112"

hosts/nuc/modules/prometheus/default.nix

@@ -10,7 +10,7 @@ in
         enable = true;
         enabledCollectors = [ "systemd" ];
       };
-      postgres.enable = true;
+      # postgres.enable = true;
     };
     scrapeConfigs = [
       {
@@ -21,14 +21,14 @@ in
           }
         ];
       }
-      {
+      # {
-        job_name = "postgres";
+      #   job_name = "postgres";
-        static_configs = [
+      #   static_configs = [
-          {
+      #     {
-            targets = [ "127.0.0.1:${toString exportersConfig.postgres.port}" ];
+      #       targets = [ "127.0.0.1:${toString exportersConfig.postgres.port}" ];
-          }
+      #     }
-        ];
+      #   ];
-      }
+      # }
     ];
 
   };

users/rouven/modules/helix/default.nix

@@ -5,6 +5,7 @@
     lldb
     rust-analyzer
     rnix-lsp
+    typst-lsp
     (python3.withPackages (ps: with ps; [
       pyls-isort
       pylsp-mypy

users/rouven/modules/packages.nix

@@ -53,6 +53,7 @@
     mosh
     ansible
     plover.dev
+    typst
 
     # programming languages
     cargo
@@ -63,6 +64,7 @@
     nodejs_20
     gnumake
     go
+    just
 
   ];