some misc patches

This commit is contained in:
Grimmauld 2024-01-26 09:14:45 +00:00
parent 74ff3d0d23
commit 2f4e82c131
6 changed files with 42 additions and 41 deletions

View file

@ -2,4 +2,5 @@
# todo: use post-quantum keys for ssh (not possible yet, yikes)
[
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClLZhya2A7SoRSX2DNNM6OWgnGhtOFUor/WdyY59L0l6u5tEo9VyX5bCR84eo+uN4jyahSiGD1WC3RGIoNtHuSkKPxr0rqQhlbuyxraHGj7hOLhcGWRd2eIdsntbma7uPsn4zC0skKjpVNR7PU4LfSxti0gBhgq6uQhMtlfywwJshmwt55q7oT/zC449Uz2vyviy7sQ53R9YoOWEjB/+vU8jHxGlqLatXhOGKlBtrQxKm8PZ6jBYxAC6sGA4APIHWC3KC0S0X7wlmi42Dx9bbBm0rUjy095vRZ22fkE8x9OSTKDY/vFTLw5vwVMa8dACfA1Kc0+EpgOK77lZddeTvD grimmauld.de"
]

View file

@ -10,6 +10,8 @@ in {
./hardware-configuration.nix
];
boot.kernelPackages = pkgs.linuxPackages_hardened;
users.users.grimmauld = {
isNormalUser = true;
description = "grimmauld";
@ -24,21 +26,15 @@ in {
programs.xonsh.enable = true;
environment.systemPackages = with pkgs; [
wget
vulnix
tree
vim
git
file
git-lfs
util-linux
btop
cached-nix-shell
cloud-utils
parted
visualvm
mkpasswd
linuxPackages.perf
lshw
pciutils
gitea
matrix-synapse-tools.synadm
matrix-synapse
@ -46,7 +42,7 @@ in {
pufferpanel
(writeShellScriptBin "pufferpanel-nix" "pufferpanel --workDir /var/lib/pufferpanel $@")
pypy3
(writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@")
];
environment.sessionVariables = {

View file

@ -101,16 +101,16 @@
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"nixpkgs-23_11": "nixpkgs-23_11",
"utils": "utils"
},
"locked": {
"lastModified": 1703666786,
"narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
"lastModified": 1706219574,
"narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
"ref": "refs/heads/master",
"rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
"revCount": 575,
"rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
"revCount": 576,
"type": "git",
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver"
},
@ -155,28 +155,13 @@
"type": "github"
}
},
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1684782344,
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
"lastModified": 1704290814,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github"
},
"original": {
@ -185,6 +170,21 @@
"type": "indirect"
}
},
"nixpkgs-23_11": {
"locked": {
"lastModified": 1706098335,
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11",
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1673743903,
@ -202,11 +202,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1670751203,
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
"lastModified": 1705856552,
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
"type": "github"
},
"original": {
@ -217,11 +217,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1703438236,
"narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=",
"lastModified": 1705856552,
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b",
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
"type": "github"
},
"original": {

View file

@ -36,6 +36,7 @@ in {
};
};
services.logrotate.checkConfig = false; # needed or this explodes
containers.mjolnirtle = let
baseurl = config.services.matrix-synapse-next.settings.public_baseurl;
pass_file = config.age.secrets.matrix_mjolnir_tle_pass.path;
@ -46,6 +47,7 @@ in {
config = { config, ... }: {
system.stateVersion = "unstable";
# tle mjolnir
services.logrotate.checkConfig = false;
services.mjolnir = {
enable = true;
homeserverUrl = baseurl;

View file

@ -1,4 +1,4 @@
{ pkgs, config, ...} :
{ lib, pkgs, config, ...} :
let
root_host = "grimmauld.de";
nextcloud_host = "cloud.${root_host}";
@ -50,11 +50,13 @@ in {
# news contacts calendar tasks;
# ];
config = {
overwriteProtocol = "https";
adminpassFile = config.age.secrets.nextcloud_admin_pass.path;
dbport = config.services.postgresql.port;
dbuser = "nextcloud";
dbhost= "localhost:${builtins.toString config.services.postgresql.port}";
dbtype = "pgsql";
};
extraOptions = {
overwriteProtocol = "https";
defaultPhoneRegion = "DE";
};
phpOptions = {

View file

@ -27,7 +27,7 @@ in {
};
};
security.acme.certs."${root_host}".extraDomainNames = [ puffer_host ];
networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 ];
networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 ];
# virtualisation.podman.enable = true;
virtualisation.docker.enable = true;