From 2f4e82c131414dda878284385d0de2e8db7c5c56 Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Fri, 26 Jan 2024 09:14:45 +0000 Subject: [PATCH] some misc patches --- authorizedKeys.nix | 1 + configuration.nix | 12 +++------ flake.lock | 58 +++++++++++++++++++++---------------------- modules/mjolnir.nix | 2 ++ modules/nextcloud.nix | 8 +++--- modules/puffer.nix | 2 +- 6 files changed, 42 insertions(+), 41 deletions(-) diff --git a/authorizedKeys.nix b/authorizedKeys.nix index 3f57310..a7b42af 100644 --- a/authorizedKeys.nix +++ b/authorizedKeys.nix @@ -2,4 +2,5 @@ # todo: use post-quantum keys for ssh (not possible yet, yikes) [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClLZhya2A7SoRSX2DNNM6OWgnGhtOFUor/WdyY59L0l6u5tEo9VyX5bCR84eo+uN4jyahSiGD1WC3RGIoNtHuSkKPxr0rqQhlbuyxraHGj7hOLhcGWRd2eIdsntbma7uPsn4zC0skKjpVNR7PU4LfSxti0gBhgq6uQhMtlfywwJshmwt55q7oT/zC449Uz2vyviy7sQ53R9YoOWEjB/+vU8jHxGlqLatXhOGKlBtrQxKm8PZ6jBYxAC6sGA4APIHWC3KC0S0X7wlmi42Dx9bbBm0rUjy095vRZ22fkE8x9OSTKDY/vFTLw5vwVMa8dACfA1Kc0+EpgOK77lZddeTvD grimmauld.de" ] diff --git a/configuration.nix b/configuration.nix index c96a3b1..c7e3aae 100644 --- a/configuration.nix +++ b/configuration.nix @@ -10,6 +10,8 @@ in { ./hardware-configuration.nix ]; + boot.kernelPackages = pkgs.linuxPackages_hardened; + users.users.grimmauld = { isNormalUser = true; description = "grimmauld"; @@ -24,21 +26,15 @@ in { programs.xonsh.enable = true; environment.systemPackages = with pkgs; [ wget + vulnix tree - vim git file git-lfs util-linux btop - cached-nix-shell - cloud-utils - parted - visualvm mkpasswd linuxPackages.perf - lshw - pciutils gitea matrix-synapse-tools.synadm matrix-synapse @@ -46,7 +42,7 @@ in { pufferpanel (writeShellScriptBin "pufferpanel-nix" "pufferpanel --workDir /var/lib/pufferpanel $@") - pypy3 + (writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@") ]; environment.sessionVariables = { diff --git a/flake.lock b/flake.lock index 1a269a4..fb7d745 100644 --- a/flake.lock +++ b/flake.lock @@ -101,16 +101,16 @@ "blobs": "blobs", "flake-compat": "flake-compat", "nixpkgs": "nixpkgs_2", - "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": "nixpkgs-23_11", "utils": "utils" }, "locked": { - "lastModified": 1703666786, - "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=", + "lastModified": 1706219574, + "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", "ref": "refs/heads/master", - "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4", - "revCount": 575, + "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", + "revCount": 576, "type": "git", "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver" }, @@ -155,28 +155,13 @@ "type": "github" } }, - "nixpkgs-22_11": { - "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, "nixpkgs-23_05": { "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" }, "original": { @@ -185,6 +170,21 @@ "type": "indirect" } }, + "nixpkgs-23_11": { + "locked": { + "lastModified": 1706098335, + "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.11", + "type": "indirect" + } + }, "nixpkgs-lib": { "locked": { "lastModified": 1673743903, @@ -202,11 +202,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1670751203, - "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -217,11 +217,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1703438236, - "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { diff --git a/modules/mjolnir.nix b/modules/mjolnir.nix index ac887bb..2b74052 100644 --- a/modules/mjolnir.nix +++ b/modules/mjolnir.nix @@ -36,6 +36,7 @@ in { }; }; + services.logrotate.checkConfig = false; # needed or this explodes containers.mjolnirtle = let baseurl = config.services.matrix-synapse-next.settings.public_baseurl; pass_file = config.age.secrets.matrix_mjolnir_tle_pass.path; @@ -46,6 +47,7 @@ in { config = { config, ... }: { system.stateVersion = "unstable"; # tle mjolnir + services.logrotate.checkConfig = false; services.mjolnir = { enable = true; homeserverUrl = baseurl; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index da30f2d..18710c6 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ...} : +{ lib, pkgs, config, ...} : let root_host = "grimmauld.de"; nextcloud_host = "cloud.${root_host}"; @@ -50,11 +50,13 @@ in { # news contacts calendar tasks; # ]; config = { - overwriteProtocol = "https"; adminpassFile = config.age.secrets.nextcloud_admin_pass.path; - dbport = config.services.postgresql.port; dbuser = "nextcloud"; + dbhost= "localhost:${builtins.toString config.services.postgresql.port}"; dbtype = "pgsql"; + }; + extraOptions = { + overwriteProtocol = "https"; defaultPhoneRegion = "DE"; }; phpOptions = { diff --git a/modules/puffer.nix b/modules/puffer.nix index 131da82..5955067 100644 --- a/modules/puffer.nix +++ b/modules/puffer.nix @@ -27,7 +27,7 @@ in { }; }; security.acme.certs."${root_host}".extraDomainNames = [ puffer_host ]; - networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 ]; + networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 ]; # virtualisation.podman.enable = true; virtualisation.docker.enable = true;