some misc patches
This commit is contained in:
parent
74ff3d0d23
commit
2f4e82c131
6 changed files with 42 additions and 41 deletions
|
@ -2,4 +2,5 @@
|
|||
# todo: use post-quantum keys for ssh (not possible yet, yikes)
|
||||
[
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClLZhya2A7SoRSX2DNNM6OWgnGhtOFUor/WdyY59L0l6u5tEo9VyX5bCR84eo+uN4jyahSiGD1WC3RGIoNtHuSkKPxr0rqQhlbuyxraHGj7hOLhcGWRd2eIdsntbma7uPsn4zC0skKjpVNR7PU4LfSxti0gBhgq6uQhMtlfywwJshmwt55q7oT/zC449Uz2vyviy7sQ53R9YoOWEjB/+vU8jHxGlqLatXhOGKlBtrQxKm8PZ6jBYxAC6sGA4APIHWC3KC0S0X7wlmi42Dx9bbBm0rUjy095vRZ22fkE8x9OSTKDY/vFTLw5vwVMa8dACfA1Kc0+EpgOK77lZddeTvD grimmauld.de"
|
||||
]
|
||||
|
|
|
@ -10,6 +10,8 @@ in {
|
|||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_hardened;
|
||||
|
||||
users.users.grimmauld = {
|
||||
isNormalUser = true;
|
||||
description = "grimmauld";
|
||||
|
@ -24,21 +26,15 @@ in {
|
|||
programs.xonsh.enable = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
vulnix
|
||||
tree
|
||||
vim
|
||||
git
|
||||
file
|
||||
git-lfs
|
||||
util-linux
|
||||
btop
|
||||
cached-nix-shell
|
||||
cloud-utils
|
||||
parted
|
||||
visualvm
|
||||
mkpasswd
|
||||
linuxPackages.perf
|
||||
lshw
|
||||
pciutils
|
||||
gitea
|
||||
matrix-synapse-tools.synadm
|
||||
matrix-synapse
|
||||
|
@ -46,7 +42,7 @@ in {
|
|||
|
||||
pufferpanel
|
||||
(writeShellScriptBin "pufferpanel-nix" "pufferpanel --workDir /var/lib/pufferpanel $@")
|
||||
pypy3
|
||||
(writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@")
|
||||
];
|
||||
|
||||
environment.sessionVariables = {
|
||||
|
|
58
flake.lock
58
flake.lock
|
@ -101,16 +101,16 @@
|
|||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-22_11": "nixpkgs-22_11",
|
||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||
"nixpkgs-23_11": "nixpkgs-23_11",
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703666786,
|
||||
"narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
|
||||
"lastModified": 1706219574,
|
||||
"narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
|
||||
"revCount": 575,
|
||||
"rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
|
||||
"revCount": 576,
|
||||
"type": "git",
|
||||
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver"
|
||||
},
|
||||
|
@ -155,28 +155,13 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-22_11": {
|
||||
"locked": {
|
||||
"lastModified": 1669558522,
|
||||
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-22.11",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-23_05": {
|
||||
"locked": {
|
||||
"lastModified": 1684782344,
|
||||
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
|
||||
"lastModified": 1704290814,
|
||||
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
|
||||
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -185,6 +170,21 @@
|
|||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-23_11": {
|
||||
"locked": {
|
||||
"lastModified": 1706098335,
|
||||
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-23.11",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1673743903,
|
||||
|
@ -202,11 +202,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1670751203,
|
||||
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
|
||||
"lastModified": 1705856552,
|
||||
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
|
||||
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -217,11 +217,11 @@
|
|||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1703438236,
|
||||
"narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=",
|
||||
"lastModified": 1705856552,
|
||||
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b",
|
||||
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -36,6 +36,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
services.logrotate.checkConfig = false; # needed or this explodes
|
||||
containers.mjolnirtle = let
|
||||
baseurl = config.services.matrix-synapse-next.settings.public_baseurl;
|
||||
pass_file = config.age.secrets.matrix_mjolnir_tle_pass.path;
|
||||
|
@ -46,6 +47,7 @@ in {
|
|||
config = { config, ... }: {
|
||||
system.stateVersion = "unstable";
|
||||
# tle mjolnir
|
||||
services.logrotate.checkConfig = false;
|
||||
services.mjolnir = {
|
||||
enable = true;
|
||||
homeserverUrl = baseurl;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, ...} :
|
||||
{ lib, pkgs, config, ...} :
|
||||
let
|
||||
root_host = "grimmauld.de";
|
||||
nextcloud_host = "cloud.${root_host}";
|
||||
|
@ -50,11 +50,13 @@ in {
|
|||
# news contacts calendar tasks;
|
||||
# ];
|
||||
config = {
|
||||
overwriteProtocol = "https";
|
||||
adminpassFile = config.age.secrets.nextcloud_admin_pass.path;
|
||||
dbport = config.services.postgresql.port;
|
||||
dbuser = "nextcloud";
|
||||
dbhost= "localhost:${builtins.toString config.services.postgresql.port}";
|
||||
dbtype = "pgsql";
|
||||
};
|
||||
extraOptions = {
|
||||
overwriteProtocol = "https";
|
||||
defaultPhoneRegion = "DE";
|
||||
};
|
||||
phpOptions = {
|
||||
|
|
|
@ -27,7 +27,7 @@ in {
|
|||
};
|
||||
};
|
||||
security.acme.certs."${root_host}".extraDomainNames = [ puffer_host ];
|
||||
networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 ];
|
||||
networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 ];
|
||||
|
||||
# virtualisation.podman.enable = true;
|
||||
virtualisation.docker.enable = true;
|
||||
|
|
Loading…
Reference in a new issue