some misc patches
This commit is contained in:
parent
74ff3d0d23
commit
2f4e82c131
6 changed files with 42 additions and 41 deletions
|
|
@ -2,4 +2,5 @@
|
||||||
# todo: use post-quantum keys for ssh (not possible yet, yikes)
|
# todo: use post-quantum keys for ssh (not possible yet, yikes)
|
||||||
[
|
[
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClLZhya2A7SoRSX2DNNM6OWgnGhtOFUor/WdyY59L0l6u5tEo9VyX5bCR84eo+uN4jyahSiGD1WC3RGIoNtHuSkKPxr0rqQhlbuyxraHGj7hOLhcGWRd2eIdsntbma7uPsn4zC0skKjpVNR7PU4LfSxti0gBhgq6uQhMtlfywwJshmwt55q7oT/zC449Uz2vyviy7sQ53R9YoOWEjB/+vU8jHxGlqLatXhOGKlBtrQxKm8PZ6jBYxAC6sGA4APIHWC3KC0S0X7wlmi42Dx9bbBm0rUjy095vRZ22fkE8x9OSTKDY/vFTLw5vwVMa8dACfA1Kc0+EpgOK77lZddeTvD grimmauld.de"
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,8 @@ in {
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.kernelPackages = pkgs.linuxPackages_hardened;
|
||||||
|
|
||||||
users.users.grimmauld = {
|
users.users.grimmauld = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "grimmauld";
|
description = "grimmauld";
|
||||||
|
|
@ -24,21 +26,15 @@ in {
|
||||||
programs.xonsh.enable = true;
|
programs.xonsh.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget
|
wget
|
||||||
|
vulnix
|
||||||
tree
|
tree
|
||||||
vim
|
|
||||||
git
|
git
|
||||||
file
|
file
|
||||||
git-lfs
|
git-lfs
|
||||||
util-linux
|
util-linux
|
||||||
btop
|
btop
|
||||||
cached-nix-shell
|
|
||||||
cloud-utils
|
|
||||||
parted
|
|
||||||
visualvm
|
|
||||||
mkpasswd
|
mkpasswd
|
||||||
linuxPackages.perf
|
linuxPackages.perf
|
||||||
lshw
|
|
||||||
pciutils
|
|
||||||
gitea
|
gitea
|
||||||
matrix-synapse-tools.synadm
|
matrix-synapse-tools.synadm
|
||||||
matrix-synapse
|
matrix-synapse
|
||||||
|
|
@ -46,7 +42,7 @@ in {
|
||||||
|
|
||||||
pufferpanel
|
pufferpanel
|
||||||
(writeShellScriptBin "pufferpanel-nix" "pufferpanel --workDir /var/lib/pufferpanel $@")
|
(writeShellScriptBin "pufferpanel-nix" "pufferpanel --workDir /var/lib/pufferpanel $@")
|
||||||
pypy3
|
(writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@")
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.sessionVariables = {
|
environment.sessionVariables = {
|
||||||
|
|
|
||||||
58
flake.lock
58
flake.lock
|
|
@ -101,16 +101,16 @@
|
||||||
"blobs": "blobs",
|
"blobs": "blobs",
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"nixpkgs-22_11": "nixpkgs-22_11",
|
|
||||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||||
|
"nixpkgs-23_11": "nixpkgs-23_11",
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703666786,
|
"lastModified": 1706219574,
|
||||||
"narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
|
"narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
|
"rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
|
||||||
"revCount": 575,
|
"revCount": 576,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver"
|
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver"
|
||||||
},
|
},
|
||||||
|
|
@ -155,28 +155,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-22_11": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1669558522,
|
|
||||||
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"id": "nixpkgs",
|
|
||||||
"ref": "nixos-22.11",
|
|
||||||
"type": "indirect"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs-23_05": {
|
"nixpkgs-23_05": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684782344,
|
"lastModified": 1704290814,
|
||||||
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
|
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
|
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -185,6 +170,21 @@
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-23_11": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1706098335,
|
||||||
|
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-23.11",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673743903,
|
"lastModified": 1673743903,
|
||||||
|
|
@ -202,11 +202,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1670751203,
|
"lastModified": 1705856552,
|
||||||
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
|
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
|
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -217,11 +217,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703438236,
|
"lastModified": 1705856552,
|
||||||
"narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=",
|
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b",
|
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,7 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.logrotate.checkConfig = false; # needed or this explodes
|
||||||
containers.mjolnirtle = let
|
containers.mjolnirtle = let
|
||||||
baseurl = config.services.matrix-synapse-next.settings.public_baseurl;
|
baseurl = config.services.matrix-synapse-next.settings.public_baseurl;
|
||||||
pass_file = config.age.secrets.matrix_mjolnir_tle_pass.path;
|
pass_file = config.age.secrets.matrix_mjolnir_tle_pass.path;
|
||||||
|
|
@ -46,6 +47,7 @@ in {
|
||||||
config = { config, ... }: {
|
config = { config, ... }: {
|
||||||
system.stateVersion = "unstable";
|
system.stateVersion = "unstable";
|
||||||
# tle mjolnir
|
# tle mjolnir
|
||||||
|
services.logrotate.checkConfig = false;
|
||||||
services.mjolnir = {
|
services.mjolnir = {
|
||||||
enable = true;
|
enable = true;
|
||||||
homeserverUrl = baseurl;
|
homeserverUrl = baseurl;
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, config, ...} :
|
{ lib, pkgs, config, ...} :
|
||||||
let
|
let
|
||||||
root_host = "grimmauld.de";
|
root_host = "grimmauld.de";
|
||||||
nextcloud_host = "cloud.${root_host}";
|
nextcloud_host = "cloud.${root_host}";
|
||||||
|
|
@ -50,11 +50,13 @@ in {
|
||||||
# news contacts calendar tasks;
|
# news contacts calendar tasks;
|
||||||
# ];
|
# ];
|
||||||
config = {
|
config = {
|
||||||
overwriteProtocol = "https";
|
|
||||||
adminpassFile = config.age.secrets.nextcloud_admin_pass.path;
|
adminpassFile = config.age.secrets.nextcloud_admin_pass.path;
|
||||||
dbport = config.services.postgresql.port;
|
|
||||||
dbuser = "nextcloud";
|
dbuser = "nextcloud";
|
||||||
|
dbhost= "localhost:${builtins.toString config.services.postgresql.port}";
|
||||||
dbtype = "pgsql";
|
dbtype = "pgsql";
|
||||||
|
};
|
||||||
|
extraOptions = {
|
||||||
|
overwriteProtocol = "https";
|
||||||
defaultPhoneRegion = "DE";
|
defaultPhoneRegion = "DE";
|
||||||
};
|
};
|
||||||
phpOptions = {
|
phpOptions = {
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
security.acme.certs."${root_host}".extraDomainNames = [ puffer_host ];
|
security.acme.certs."${root_host}".extraDomainNames = [ puffer_host ];
|
||||||
networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 ];
|
networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 ];
|
||||||
|
|
||||||
# virtualisation.podman.enable = true;
|
# virtualisation.podman.enable = true;
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue