From 1ac083a5fd2c9e09ba469a51ecdb3b465242914f Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Fri, 23 Aug 2024 15:04:04 +0200 Subject: [PATCH 01/18] Add jinja plugin --- users/jalr/modules/neovim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/jalr/modules/neovim.nix b/users/jalr/modules/neovim.nix index deb6fe2..ee25579 100644 --- a/users/jalr/modules/neovim.nix +++ b/users/jalr/modules/neovim.nix @@ -84,6 +84,7 @@ in NeoSolarized deoplete-nvim editorconfig-vim + jinja-vim nvim-lspconfig { plugin = telescope-nvim; From a1ca116b489dbd1d049cc46095ccdd2a2b02f087 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Mon, 26 Aug 2024 18:07:05 +0200 Subject: [PATCH 02/18] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/4e719b38fa7c85f4f65d0308ca7084c91e7bdd6d' (2024-08-19) → 'github:nix-community/disko/b09eb605e376c9e95c87c0ef3fcb8008e11c8368' (2024-08-26) • Updated input 'nix-pre-commit-hooks': 'github:cachix/git-hooks.nix/bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba' (2024-08-16) → 'github:cachix/git-hooks.nix/c8a54057aae480c56e28ef3e14e4960628ac495b' (2024-08-23) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/b09c46430ffcf18d575acf5c339b38ac4e1db5d2' (2024-08-19) → 'github:nixos/nixos-hardware/9fc19be21f0807d6be092d70bf0b1de0c00ac895' (2024-08-25) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/c42fcfbdfeae23e68fc520f9182dde9f38ad1890' (2024-08-17) → 'github:nixos/nixpkgs/797f7dc49e0bc7fab4b57c021cdf68f595e47841' (2024-08-22) • Updated input 'nixpkgsMaster': 'github:NixOS/nixpkgs/1bc1437a085748a3b24c8f25047eb2eac4068318' (2024-08-20) → 'github:NixOS/nixpkgs/94930d463b3c7b50eb6a6a8a25089759a8431f59' (2024-08-26) • Updated input 'nur': 'github:nix-community/NUR/0ba1aacb815bd8574f6bd25032fdb4fd77d6e630' (2024-08-20) → 'github:nix-community/NUR/b88e43567b88e61760055808ce2f3f8928a06fd1' (2024-08-26) • Updated input 'poetry2nix': 'github:nix-community/poetry2nix/5ee730a8752264e463c0eaf06cc060fd07f6dae9' (2024-08-20) → 'github:nix-community/poetry2nix/7619e43c2b48c29e24b88a415256f09df96ec276' (2024-08-23) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index af034e9..53f7881 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1724031427, - "narHash": "sha256-o1HdAf+7IGv9M13R3c+zc/sJ0QgeEnhsvHBcodI4UpM=", + "lastModified": 1724639687, + "narHash": "sha256-L2h46/z8WExNvtCEdZ8YuMu5TwfAGsKXXgM7pyIShvs=", "owner": "nix-community", "repo": "disko", - "rev": "4e719b38fa7c85f4f65d0308ca7084c91e7bdd6d", + "rev": "b09eb605e376c9e95c87c0ef3fcb8008e11c8368", "type": "github" }, "original": { @@ -298,11 +298,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1723803910, - "narHash": "sha256-yezvUuFiEnCFbGuwj/bQcqg7RykIEqudOy/RBrId0pc=", + "lastModified": 1724440431, + "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "bfef0ada09e2c8ac55bbcd0831bd0c9d42e651ba", + "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724067415, - "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", + "lastModified": 1724575805, + "narHash": "sha256-OB/kEL3GAhUZmUfkbPfsPhKs0pRqJKs0EEBiLfyKZw8=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", + "rev": "9fc19be21f0807d6be092d70bf0b1de0c00ac895", "type": "github" }, "original": { @@ -330,11 +330,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723938990, - "narHash": "sha256-9tUadhnZQbWIiYVXH8ncfGXGvkNq3Hag4RCBEMUk7MI=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c42fcfbdfeae23e68fc520f9182dde9f38ad1890", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixpkgsMaster": { "locked": { - "lastModified": 1724145953, - "narHash": "sha256-WamuitHHkmPp/fzwAdZxprYR7BOhtNytGmDuCp0UoHg=", + "lastModified": 1724684795, + "narHash": "sha256-Y0L/3OCfiD20VCgY/ZXWkijmaXGUpp1QjijZqL4aJS8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1bc1437a085748a3b24c8f25047eb2eac4068318", + "rev": "94930d463b3c7b50eb6a6a8a25089759a8431f59", "type": "github" }, "original": { @@ -410,11 +410,11 @@ }, "nur": { "locked": { - "lastModified": 1724135985, - "narHash": "sha256-yImm/xJDDBganXyJawdIbwG1hCFYbeaLEwDLMSCdUvg=", + "lastModified": 1724686814, + "narHash": "sha256-OwcY7S/yNv0nJL+YRw6ZZF0ptpQw8o9ctCGYwQfBtsA=", "owner": "nix-community", "repo": "NUR", - "rev": "0ba1aacb815bd8574f6bd25032fdb4fd77d6e630", + "rev": "b88e43567b88e61760055808ce2f3f8928a06fd1", "type": "github" }, "original": { @@ -436,11 +436,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1724134185, - "narHash": "sha256-nDqpGjz7cq3ThdC98BPe1ANCNlsJds/LLZ3/MdIXjA0=", + "lastModified": 1724417163, + "narHash": "sha256-gD0N0pnKxWJcKtbetlkKOIumS0Zovgxx/nMfOIJIzoI=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "5ee730a8752264e463c0eaf06cc060fd07f6dae9", + "rev": "7619e43c2b48c29e24b88a415256f09df96ec276", "type": "github" }, "original": { From 4166d39a3e87decf73e12c48476caa1442b41f21 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Tue, 27 Aug 2024 20:32:06 +0200 Subject: [PATCH 03/18] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/b09eb605e376c9e95c87c0ef3fcb8008e11c8368' (2024-08-26) → 'github:nix-community/disko/b89a61129f3976d6440e2356ac5d3e30930f7012' (2024-08-27) • Updated input 'nix-pre-commit-hooks': 'github:cachix/git-hooks.nix/c8a54057aae480c56e28ef3e14e4960628ac495b' (2024-08-23) → 'github:cachix/git-hooks.nix/1cd12de659fab215624c630c37d1c62aa2b7824e' (2024-08-27) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/797f7dc49e0bc7fab4b57c021cdf68f595e47841' (2024-08-22) → 'github:nixos/nixpkgs/2527da1ef492c495d5391f3bcf9c1dd9f4514e32' (2024-08-24) • Updated input 'nixpkgsMaster': 'github:NixOS/nixpkgs/94930d463b3c7b50eb6a6a8a25089759a8431f59' (2024-08-26) → 'github:NixOS/nixpkgs/3745928ba909559bd73779e29c3448d553818e7c' (2024-08-27) • Updated input 'nur': 'github:nix-community/NUR/b88e43567b88e61760055808ce2f3f8928a06fd1' (2024-08-26) → 'github:nix-community/NUR/95f1862227c883581265a8801ea28af99635dd97' (2024-08-27) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 53f7881..5972978 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1724639687, - "narHash": "sha256-L2h46/z8WExNvtCEdZ8YuMu5TwfAGsKXXgM7pyIShvs=", + "lastModified": 1724769572, + "narHash": "sha256-K+HQbC2/hnGngIB019mX6f4XUrf7dB1eBfiUHW4Vx48=", "owner": "nix-community", "repo": "disko", - "rev": "b09eb605e376c9e95c87c0ef3fcb8008e11c8368", + "rev": "b89a61129f3976d6440e2356ac5d3e30930f7012", "type": "github" }, "original": { @@ -298,11 +298,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1724440431, - "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", + "lastModified": 1724763886, + "narHash": "sha256-SzBtZs5z+YGM50oyt67R78qLhxG/wG5/SlVRsCF5kRc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", + "rev": "1cd12de659fab215624c630c37d1c62aa2b7824e", "type": "github" }, "original": { @@ -330,11 +330,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "lastModified": 1724531977, + "narHash": "sha256-XROVLf9ti4rrNCFLr+DmXRZtPjCQTW4cYy59owTEmxk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "rev": "2527da1ef492c495d5391f3bcf9c1dd9f4514e32", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixpkgsMaster": { "locked": { - "lastModified": 1724684795, - "narHash": "sha256-Y0L/3OCfiD20VCgY/ZXWkijmaXGUpp1QjijZqL4aJS8=", + "lastModified": 1724783408, + "narHash": "sha256-PZyawI4vmyjG3yRJoU8T3xetBifB5b23y/JsgY2w85g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "94930d463b3c7b50eb6a6a8a25089759a8431f59", + "rev": "3745928ba909559bd73779e29c3448d553818e7c", "type": "github" }, "original": { @@ -410,11 +410,11 @@ }, "nur": { "locked": { - "lastModified": 1724686814, - "narHash": "sha256-OwcY7S/yNv0nJL+YRw6ZZF0ptpQw8o9ctCGYwQfBtsA=", + "lastModified": 1724775364, + "narHash": "sha256-agN3Oaph2+2DH3+m6Jp4d1ji5s93joohKcV35DfJWQk=", "owner": "nix-community", "repo": "NUR", - "rev": "b88e43567b88e61760055808ce2f3f8928a06fd1", + "rev": "95f1862227c883581265a8801ea28af99635dd97", "type": "github" }, "original": { From d1d11a3eeef3e90e936c1639d4a44fe609c94398 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Mon, 2 Sep 2024 11:45:49 +0200 Subject: [PATCH 04/18] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/b89a61129f3976d6440e2356ac5d3e30930f7012' (2024-08-27) → 'github:nix-community/disko/96073e6423623d4a8027e9739d2af86d6422ea7a' (2024-09-02) • Updated input 'nix-pre-commit-hooks': 'github:cachix/git-hooks.nix/1cd12de659fab215624c630c37d1c62aa2b7824e' (2024-08-27) → 'github:cachix/git-hooks.nix/4509ca64f1084e73bc7a721b20c669a8d4c5ebe6' (2024-08-28) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/9fc19be21f0807d6be092d70bf0b1de0c00ac895' (2024-08-25) → 'github:nixos/nixos-hardware/95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef' (2024-08-28) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/2527da1ef492c495d5391f3bcf9c1dd9f4514e32' (2024-08-24) → 'github:nixos/nixpkgs/6e99f2a27d600612004fbd2c3282d614bfee6421' (2024-08-30) • Updated input 'nixpkgsMaster': 'github:NixOS/nixpkgs/3745928ba909559bd73779e29c3448d553818e7c' (2024-08-27) → 'github:NixOS/nixpkgs/e4a2b7892d0614864f49a2ad5f832eda82f7c471' (2024-09-02) • Updated input 'nur': 'github:nix-community/NUR/95f1862227c883581265a8801ea28af99635dd97' (2024-08-27) → 'github:nix-community/NUR/22e350ecdc47dc5dbba7dfe0e63cf58c3482a0bd' (2024-09-02) • Updated input 'poetry2nix': 'github:nix-community/poetry2nix/7619e43c2b48c29e24b88a415256f09df96ec276' (2024-08-23) → 'github:nix-community/poetry2nix/0d3fad5740d892487805cd2d60d8e4ed828486e9' (2024-09-02) • Updated input 'sops-nix': 'github:Mic92/sops-nix/be0eec2d27563590194a9206f551a6f73d52fa34' (2024-08-12) → 'github:Mic92/sops-nix/5db5921e40ae382d6716dce591ea23b0a39d96f7' (2024-09-01) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 5972978..66bb545 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1724769572, - "narHash": "sha256-K+HQbC2/hnGngIB019mX6f4XUrf7dB1eBfiUHW4Vx48=", + "lastModified": 1725242307, + "narHash": "sha256-a2iTMBngegEZvaNAzzxq5Gc5Vp3UWoGUqWtK11Txbic=", "owner": "nix-community", "repo": "disko", - "rev": "b89a61129f3976d6440e2356ac5d3e30930f7012", + "rev": "96073e6423623d4a8027e9739d2af86d6422ea7a", "type": "github" }, "original": { @@ -298,11 +298,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1724763886, - "narHash": "sha256-SzBtZs5z+YGM50oyt67R78qLhxG/wG5/SlVRsCF5kRc=", + "lastModified": 1724857454, + "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "1cd12de659fab215624c630c37d1c62aa2b7824e", + "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724575805, - "narHash": "sha256-OB/kEL3GAhUZmUfkbPfsPhKs0pRqJKs0EEBiLfyKZw8=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "9fc19be21f0807d6be092d70bf0b1de0c00ac895", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -330,11 +330,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724531977, - "narHash": "sha256-XROVLf9ti4rrNCFLr+DmXRZtPjCQTW4cYy59owTEmxk=", + "lastModified": 1725001927, + "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2527da1ef492c495d5391f3bcf9c1dd9f4514e32", + "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixpkgsMaster": { "locked": { - "lastModified": 1724783408, - "narHash": "sha256-PZyawI4vmyjG3yRJoU8T3xetBifB5b23y/JsgY2w85g=", + "lastModified": 1725270189, + "narHash": "sha256-czWe/ldomeJqX8SgdLPhpGu71ST+g4tJRjGNWMCIPGg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3745928ba909559bd73779e29c3448d553818e7c", + "rev": "e4a2b7892d0614864f49a2ad5f832eda82f7c471", "type": "github" }, "original": { @@ -410,11 +410,11 @@ }, "nur": { "locked": { - "lastModified": 1724775364, - "narHash": "sha256-agN3Oaph2+2DH3+m6Jp4d1ji5s93joohKcV35DfJWQk=", + "lastModified": 1725267338, + "narHash": "sha256-PM8w4aivrIjfkrmMY2ndIlVhvcJD6XFsNBthfoIC0y4=", "owner": "nix-community", "repo": "NUR", - "rev": "95f1862227c883581265a8801ea28af99635dd97", + "rev": "22e350ecdc47dc5dbba7dfe0e63cf58c3482a0bd", "type": "github" }, "original": { @@ -436,11 +436,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1724417163, - "narHash": "sha256-gD0N0pnKxWJcKtbetlkKOIumS0Zovgxx/nMfOIJIzoI=", + "lastModified": 1725253878, + "narHash": "sha256-HwXut4WbOUAjmybhui2eNSE6+Wb0nigYgDzBBOZaPG4=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "7619e43c2b48c29e24b88a415256f09df96ec276", + "rev": "0d3fad5740d892487805cd2d60d8e4ed828486e9", "type": "github" }, "original": { @@ -526,11 +526,11 @@ "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1725201042, + "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", "type": "github" }, "original": { From 07bd344eb8701347810cc6406ec998ddabf5abb7 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Tue, 3 Sep 2024 22:01:31 +0200 Subject: [PATCH 05/18] Add bridge interface --- hosts/iron/configuration.nix | 22 ++++++++++++++-------- hosts/iron/interfaces.nix | 4 ++++ hosts/iron/services/dnsmasq.nix | 3 ++- hosts/iron/services/dyndns.nix | 5 ++++- hosts/iron/services/unifi-controller.nix | 3 ++- 5 files changed, 26 insertions(+), 11 deletions(-) create mode 100644 hosts/iron/interfaces.nix diff --git a/hosts/iron/configuration.nix b/hosts/iron/configuration.nix index 31d5069..5963afe 100644 --- a/hosts/iron/configuration.nix +++ b/hosts/iron/configuration.nix @@ -1,5 +1,6 @@ { inputs, config, pkgs, lib, ... }: let + interfaces = import ./interfaces.nix; zfsKernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; disks = [ "ata-Samsung_SSD_870_QVO_8TB_S5SSNG0R103837K" @@ -46,14 +47,19 @@ with lib; { useDHCP = false; networkmanager.enable = false; + bridges = { + "${interfaces.lan}" = { + interfaces = [ "enp2s4" "enp3s5" ]; + }; + }; vlans = { iot = { id = 20; - interface = "enp2s4"; + interface = interfaces.lan; }; }; interfaces = { - enp2s4.ipv4.addresses = [{ + "${interfaces.lan}".ipv4.addresses = [{ address = "192.168.42.1"; prefixLength = 24; }]; @@ -61,16 +67,16 @@ with lib; { address = "10.20.0.1"; prefixLength = 20; }]; - enp3s5 = { + "${interfaces.wan}" = { useDHCP = true; }; }; nat = { enable = true; - externalInterface = "enp3s5"; + externalInterface = interfaces.wan; internalInterfaces = [ - "enp2s4" + interfaces.lan ]; }; @@ -82,7 +88,7 @@ with lib; { services.radvd = { enable = true; config = '' - interface enp2s4 { + interface ${interfaces.lan} { AdvSendAdvert on; prefix ::/64 { AdvOnLink on; @@ -97,10 +103,10 @@ with lib; { noipv6rs waitip 6 - interface enp3s5 + interface ${interfaces.wan} ipv6rs ia_na 1 - ia_pd 1/::/64 enp2s4/0/64 + ia_pd 1/::/64 ${interfaces.lan}/0/64 ''; boot = { diff --git a/hosts/iron/interfaces.nix b/hosts/iron/interfaces.nix new file mode 100644 index 0000000..dec89ae --- /dev/null +++ b/hosts/iron/interfaces.nix @@ -0,0 +1,4 @@ +{ + lan = "br0"; + wan = "enp0s25"; +} diff --git a/hosts/iron/services/dnsmasq.nix b/hosts/iron/services/dnsmasq.nix index 8e7ca67..15d6710 100644 --- a/hosts/iron/services/dnsmasq.nix +++ b/hosts/iron/services/dnsmasq.nix @@ -1,6 +1,7 @@ { lib, pkgs, ... }: let + interfaces = import ../interfaces.nix; stateDir = "/var/lib/dnsmasq"; in { @@ -41,7 +42,7 @@ in }; networking.firewall.interfaces = lib.attrsets.genAttrs [ - "enp2s4" + interfaces.lan "iot" ] ( diff --git a/hosts/iron/services/dyndns.nix b/hosts/iron/services/dyndns.nix index 9b4aebf..710aceb 100644 --- a/hosts/iron/services/dyndns.nix +++ b/hosts/iron/services/dyndns.nix @@ -1,4 +1,7 @@ { config, ... }: +let + interfaces = import ../interfaces.nix; +in { sops.secrets.duckdns-secret = { sopsFile = ../secrets.yaml; @@ -11,7 +14,7 @@ username = "nouser"; passwordFile = config.sops.secrets.duckdns-secret.path; domains = [ "jalr-bw" ]; - use = "if, if=enp3s5"; + use = "if, if=${interfaces.wan}"; #usev6=ifv6, ifv6=enp3s4 }; } diff --git a/hosts/iron/services/unifi-controller.nix b/hosts/iron/services/unifi-controller.nix index bb5417f..6eeed31 100644 --- a/hosts/iron/services/unifi-controller.nix +++ b/hosts/iron/services/unifi-controller.nix @@ -2,13 +2,14 @@ args@{ pkgs, custom-utils, ... }: let ports = import ../ports.nix args; + interfaces = import ../interfaces.nix; in { services.unifi = { enable = true; unifiPackage = pkgs.unifi8; }; - networking.firewall.interfaces.enp2s4.allowedTCPPorts = [ + networking.firewall.interfaces."${interfaces.lan}".allowedTCPPorts = [ ports.unifi-http.tcp ports.unifi-https.tcp ]; From e373b452dab71900b458af8ecb673da806afa66d Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Sun, 8 Sep 2024 01:09:57 +0200 Subject: [PATCH 06/18] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/96073e6423623d4a8027e9739d2af86d6422ea7a' (2024-09-02) → 'github:nix-community/disko/e55f9a8678adc02024a4877c2a403e3f6daf24fe' (2024-09-03) • Updated input 'gomod2nix': 'github:nix-community/gomod2nix/4e08ca09253ef996bd4c03afa383b23e35fe28a1' (2024-08-02) → 'github:nix-community/gomod2nix/1c6fd4e862bf2f249c9114ad625c64c6c29a8a08' (2024-09-05) • Updated input 'home-manager': 'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03) → 'github:nix-community/home-manager/208df2e558b73b6a1f0faec98493cb59a25f62ba' (2024-09-07) • Updated input 'nix-pre-commit-hooks': 'github:cachix/git-hooks.nix/4509ca64f1084e73bc7a721b20c669a8d4c5ebe6' (2024-08-28) → 'github:cachix/git-hooks.nix/7570de7b9b504cfe92025dd1be797bf546f66528' (2024-09-05) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef' (2024-08-28) → 'github:nixos/nixos-hardware/04a1cda0c1725094a4db703cccbb956b7558f5a6' (2024-09-07) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/6e99f2a27d600612004fbd2c3282d614bfee6421' (2024-08-30) → 'github:nixos/nixpkgs/6f6c45b5134a8ee2e465164811e451dcb5ad86e3' (2024-09-03) • Updated input 'nixpkgsMaster': 'github:NixOS/nixpkgs/e4a2b7892d0614864f49a2ad5f832eda82f7c471' (2024-09-02) → 'github:NixOS/nixpkgs/193565cfe3ff415029ee805fbcbe1c2b2e1a01e3' (2024-09-07) • Updated input 'nur': 'github:nix-community/NUR/22e350ecdc47dc5dbba7dfe0e63cf58c3482a0bd' (2024-09-02) → 'github:nix-community/NUR/c92b904814d4a89d323c90e249c84ef6629ffade' (2024-09-07) • Updated input 'poetry2nix': 'github:nix-community/poetry2nix/0d3fad5740d892487805cd2d60d8e4ed828486e9' (2024-09-02) → 'github:nix-community/poetry2nix/a313fd7169ae43ecd1a2ea2f1e4899fe3edba4d2' (2024-09-05) • Updated input 'sops-nix': 'github:Mic92/sops-nix/5db5921e40ae382d6716dce591ea23b0a39d96f7' (2024-09-01) → 'github:Mic92/sops-nix/d9d781523a1463965cd1e1333a306e70d9feff07' (2024-09-05) --- flake.lock | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 66bb545..d7bdd94 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1725242307, - "narHash": "sha256-a2iTMBngegEZvaNAzzxq5Gc5Vp3UWoGUqWtK11Txbic=", + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", "owner": "nix-community", "repo": "disko", - "rev": "96073e6423623d4a8027e9739d2af86d6422ea7a", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", "type": "github" }, "original": { @@ -183,11 +183,11 @@ ] }, "locked": { - "lastModified": 1722589758, - "narHash": "sha256-sbbA8b6Q2vB/t/r1znHawoXLysCyD4L/6n6/RykiSnA=", + "lastModified": 1725515722, + "narHash": "sha256-+gljgHaflZhQXtr3WjJrGn8NXv7MruVPAORSufuCFnw=", "owner": "nix-community", "repo": "gomod2nix", - "rev": "4e08ca09253ef996bd4c03afa383b23e35fe28a1", + "rev": "1c6fd4e862bf2f249c9114ad625c64c6c29a8a08", "type": "github" }, "original": { @@ -203,11 +203,11 @@ ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "lastModified": 1725703823, + "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba", "type": "github" }, "original": { @@ -298,11 +298,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1724857454, - "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=", + "lastModified": 1725513492, + "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6", + "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724878143, - "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", + "lastModified": 1725716377, + "narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", + "rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6", "type": "github" }, "original": { @@ -330,11 +330,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725001927, - "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", + "lastModified": 1725407940, + "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", + "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixpkgsMaster": { "locked": { - "lastModified": 1725270189, - "narHash": "sha256-czWe/ldomeJqX8SgdLPhpGu71ST+g4tJRjGNWMCIPGg=", + "lastModified": 1725749909, + "narHash": "sha256-z6tE76iVykVY8tGoNZnvm0q50VjxDPhn6YQNPFH1K2c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4a2b7892d0614864f49a2ad5f832eda82f7c471", + "rev": "193565cfe3ff415029ee805fbcbe1c2b2e1a01e3", "type": "github" }, "original": { @@ -410,11 +410,11 @@ }, "nur": { "locked": { - "lastModified": 1725267338, - "narHash": "sha256-PM8w4aivrIjfkrmMY2ndIlVhvcJD6XFsNBthfoIC0y4=", + "lastModified": 1725741028, + "narHash": "sha256-/CornZK9spEoVBOXdR/Rf36Hm5WqyIM9u+JXU1ffMEs=", "owner": "nix-community", "repo": "NUR", - "rev": "22e350ecdc47dc5dbba7dfe0e63cf58c3482a0bd", + "rev": "c92b904814d4a89d323c90e249c84ef6629ffade", "type": "github" }, "original": { @@ -436,11 +436,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1725253878, - "narHash": "sha256-HwXut4WbOUAjmybhui2eNSE6+Wb0nigYgDzBBOZaPG4=", + "lastModified": 1725532428, + "narHash": "sha256-dCfawQDwpukcwQw++Cn/3LIh/RZMmH+k3fm91Oc5Pf0=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "0d3fad5740d892487805cd2d60d8e4ed828486e9", + "rev": "a313fd7169ae43ecd1a2ea2f1e4899fe3edba4d2", "type": "github" }, "original": { @@ -526,11 +526,11 @@ "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { - "lastModified": 1725201042, - "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", + "lastModified": 1725540166, + "narHash": "sha256-htc9rsTMSAY5ek+DB3tpntdD/es0eam2hJgO92bWSys=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", + "rev": "d9d781523a1463965cd1e1333a306e70d9feff07", "type": "github" }, "original": { From acc04548f05ce5b06ac3366ba8ac54f9c7248b42 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Mon, 9 Sep 2024 14:02:33 +0200 Subject: [PATCH 07/18] Fix udev rule --- modules/dji-goggles.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/dji-goggles.nix b/modules/dji-goggles.nix index 00a735b..951482a 100644 --- a/modules/dji-goggles.nix +++ b/modules/dji-goggles.nix @@ -1,6 +1,6 @@ { services.udev.extraRules = '' # DJI Goggles - SUBSYSTEM=="usb", ATTRS{idVendor}=="2ca3", ATTRS{idProduct}=="001f", GROUP="video", MODE="0660" + SUBSYSTEM=="usb", ATTR{idVendor}=="2ca3", ATTR{idProduct}=="001f", MODE="0660", GROUP="plugdev" ''; } From c5517cfaf76e765b07b1af652c6d94e95f9e31f3 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Mon, 9 Sep 2024 14:02:56 +0200 Subject: [PATCH 08/18] Add user to plugdev group --- users/jalr/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/jalr/default.nix b/users/jalr/default.nix index 09de610..a2d2a83 100644 --- a/users/jalr/default.nix +++ b/users/jalr/default.nix @@ -16,6 +16,7 @@ in "libvirtd" "lp" "networkmanager" + "plugdev" "scanner" "video" "wheel" From 80698ceebd5a0ed1879bb39bbda55a77cb5a490c Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Mon, 9 Sep 2024 14:03:25 +0200 Subject: [PATCH 09/18] Add scripts configured in UI --- hosts/iron/services/home-assistant.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/iron/services/home-assistant.nix b/hosts/iron/services/home-assistant.nix index acbb59d..c7f304a 100644 --- a/hosts/iron/services/home-assistant.nix +++ b/hosts/iron/services/home-assistant.nix @@ -135,7 +135,7 @@ in platform = "bluetooth_le_tracker"; } ]; - script = [ + "script nix" = [ { lights_off_except = { icon = "mdi:home-lightbulb"; @@ -159,6 +159,7 @@ in }; } ]; + "script ui" = "!include scripts.yaml"; calendar = [ { platform = "caldav"; From 0006377763530da6f1fbd6be9023922938c8d9b3 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 11 Sep 2024 13:00:08 +0200 Subject: [PATCH 10/18] Define default applications for mime types --- users/jalr/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/users/jalr/default.nix b/users/jalr/default.nix index a2d2a83..175fdf0 100644 --- a/users/jalr/default.nix +++ b/users/jalr/default.nix @@ -57,6 +57,14 @@ in pwgen ]; + xdg.mimeApps = { + enable = true; + defaultApplications = { + "application/pdf" = "org.gnome.Evince.desktop"; + "image/svg+xml" = "org.inkscape.Inkscape.desktop"; + }; + }; + accounts.email.accounts = { "jalr" = { primary = true; From 2db35dfc54aff58bc8becc78f301acbf517235c2 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 11 Sep 2024 18:21:25 +0200 Subject: [PATCH 11/18] Add Matrix sliding-sync service --- hosts/iron/ports.nix | 1 + hosts/iron/secrets.yaml | 5 +++-- hosts/iron/services/matrix.nix | 7 +++++++ hosts/magnesium/services/webserver.nix | 3 ++- modules/matrix/default.nix | 11 +++++++++++ modules/matrix/sliding-sync.nix | 18 ++++++++++++++++++ 6 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 modules/matrix/sliding-sync.nix diff --git a/hosts/iron/ports.nix b/hosts/iron/ports.nix index 6b38336..0a751fc 100644 --- a/hosts/iron/ports.nix +++ b/hosts/iron/ports.nix @@ -7,6 +7,7 @@ custom-utils.validatePortAttrset { home-assistant.tcp = 8123; jellyfin.tcp = 8096; matrix-synapse.tcp = 8008; + matrix-sliding-sync.tcp = 8009; mautrix-signal.tcp = 29319; mautrix-whatsapp.tcp = 29318; navidrome.tcp = 4533; diff --git a/hosts/iron/secrets.yaml b/hosts/iron/secrets.yaml index 33595e2..4e19154 100644 --- a/hosts/iron/secrets.yaml +++ b/hosts/iron/secrets.yaml @@ -8,6 +8,7 @@ rspamd-worker-controller: ENC[AES256_GCM,data:7tS8bEr9i5F+YZoj3uPQa6Xd2SCsuC+jE5 dkim-keys: jalr.de.default: ENC[AES256_GCM,data:mnApsYKXYGtUAHddccmNmU9yZQtekDkTiTXbJ0UJxC0rFxzQCtGsinQslIROJdNUxsxciR1ilNzxawzjJD7AaWJbcAq2TYObGJJOQZBif7t/XEN/rIxEmnAFmdeAyrSONmFb9DiEn59m6DpsU+/9Y+hnc/uwwbzueO34WHJnTqmmsxFVNQZfGR+cbSckHS3wZrfjZSKKzCRt+9DU/xxJ4voyowXLO77w00LHVkyU5liwONi0v2XJ+QeP/jIMmJeKjujZcH+qvUm/kukijqyWKGrZoAYPC2cBlL/UrNECuVdSLMXvr4KBDDTCRZCSMRgUPJ0TAfpQPTPitKJ/0igK7qQl9n/6hckY7VyP8KDS7J7G2Z2XVxfZrAR4X/7ya9B2kneVr2CNx3w954EdTcV1/lD7rcKRjKynyl3ddf8gxJFJ21k1ybo2RLnftGCRVq25qNwhyfjU8x5c7AEs+YTPDrcnmxZ/Ui276eLwpMj61oZzTp8QQhiBVwS/+ruRLC+78pu2gb1gBF/Oo3nuvQD1SOpCRikLVewCYDvfXj/hrjo+oCsjTOj+9tWRcRAEDVlhkXWCMuPXDYrdt3HrIWbQuP8NW1ezd1Ll0r1ujjtPJeSwdd8cVcUSBIoA5gU+eXnYjFaSx9BZ+sIfKqG//W3S+aBYDqAEK/z4N5q66sReb5mtSQYfbZuIZDmox9bwNMG3tJmQX0lJZgEIiuJ5/ef4ra0sj9JsRFldmIn9KUmjW9OlIwzQ42cNNvQSMD/6haNiYsE6TPzVylJ/B2kNu9Qh5FfpCIPtVORv2BAGoNvZlyhjyEiXBEZ4x2hx1l5cBwGOaGhoJ0p+1wqn2zDalIBaEFjbBVdIB6DPC6/lccvpqSwF7HvW2ugyYhW+u92vgic71/BsI4i0OlsJV18gU/zVg0Yj8SK69kEwm4wkJTrkM/I4+kkUIc5OiSAknRfjOFJc0etkh3nO34xpHLOkSv9DrKfXSAGmGZtCLtVL5LGdZeCd/g6EK0JJh6bd9Gu9koSJVq5vjdDJJFf+sgk39TCvHAvk8k1/FgdK5jMJ+pR8heJtP8G96ay3DFVm5hpbjuNKqfBvbf2rkyV6++ywRFnAQGPUiMn9g6Q4F5Ks7CC1D0Ubl7b3dCUk6BDi8rHjxy9QS0/25Yz9cF0bFd6XQDfblnyRLMi9aB36M9Vp38Oh5aB16MyvNUHzcxpaAak0yknE6OuuEMBPQZgFVADCITfy9eUXl2FoXrMWEnBO78GybQ+cV8nhynn5t0U+3koMy2E8ju5kiEofQxXylys3Q76iKRRUbQqFkh/ndWtJVVfGNpi1GrUr1w1YZM0hBY9FqqeBjf7ckj+9BdiwWJ0XauuR70o7odm02mydk1/T3Hfzt3OE5nHIXnVbum9KyPx8wXj9qc6JGFm558pQOcRUgGUi+EzGoGckkoLx4Onl+XeGysW5sXP9dbYgMBug0Tjmdo9xkoBti6znDnN/zh93bbzWITNvxMgVs8zSWEhlM0c7F02UeUXSekbTFue5FOaMdYObMvPeb53jAKBOYLr34GVFvucJhKajIaNzDvfiI6fGCMxcSsWk+P3co7gdbRlWYZELsKDu2scktZsHr/gRwRiDZXAWOLiWZL4jswQ1vXSFXJgdblEV//hr2DwsAtCAsyFcgO/LGq30xi3xNqHTkUZXo6cZYSb6EVaIywMCI5ySEnTLAp/xedySANHuo8yyVqyLxkDPI7CnnSS7JcnQF3K5z+NZ0KnIpc1ewGupOhS0fKj31XxUkoSsHEY/iWJPLNA8+4VsBkADnGdkYXHTvy/yAGV6w1k1qtjiWhDAGcE9/o6NOHctYm3cx8CVsLpve/WFUaCkGgjWJdC8XP92xsUQoE6PENn6ZzFaqGHs7hgQqE1kBcEj8N5WkEqkoMo82giHE33iYoVUdkjOTkV4iDGEqyjg1BoM0GedR2A832LseDkP7u4DjIAQfpIDu7PaeiDh7xWkPRwIMV0oDTakXTdPkPGdgFikzTaxkTzRlpCbQuV769eITqVT04kJDp7+0Rb6dtjeXc0Ennv68wZSiyrlmXbrJntg7g1wrebq28q9NMIZETAPugfK6wNDu/Iw1q1kZn2ELo6xaDlcIxHDcpzK7e2VAYYuP1k3sYnSLU3oeq54j3/yS2z1me5FEqWlPOCrjdnLkE3/GjbeMsYo2YTYJEUEd2ncacSCoXUaUoxpBnjRYcHLRUV+6jy7Amp0/52rAPzSeVlBzc+SdNiKLYA2UQ74WrMU596Gkhw1SD8jSM5QqSBhH9sL+oE4GjhjLhstMUPdkNgiwxXDTZLKcIyjN1cn+RSmvNA2KXMH6MoXrkqSkJ9u2s0QAhla51zR/LZwWbzwGOO0dkh3rwh2x+pcCfuzvlk3lYr/x5XOF2k1n8yvehXY5zIX8nk6djjLbvAzzSr/yalS7R0WYIc6CjzoUl3qz+PlneMfKHcaX00hkOlIub/ZFQf1RE+JzZxi0qQq4M8Nt1XRKGDeS448Z6znDpedStUH29krZcnjMtyLmPX7ETTsjr3HLpCOd7MQ2K1rfhmvh5BtJkn1KSUf94puZbkLH7X+WnWN0hsc+KbSXnYZvqwJ8G0/7ptp/Q+wGljqhjv+HhOeA3NUwANv1xWgbiymVIlxCodXtQwn8mxS+jxSvslGwOnyUkTT76IbFbv/IpW6PNvj/xqwOqey8a/4WCGcqs403Y7TKQ+xCflG6K3tL7U5UbMnMgXTeZvoK+DooS2eIepF2WB5XqTuOZJV2OQ6GHfaBMjXN9iGVNLi6XgkbpmcMLQ4TZq+dVmgleJb14IaTFD3n74OfmbcT9lmRfPRJEpFEMNeL3ghH54P2a91zJFASgE7x+Uv2cGcmKFtMbyc/rrhH1F/Ixlv/R37huFo1T2dPMEZ/1ouuPpbUQ5oz/JlOWw3NOxd0O6oG0x9Xib+9KxSFOusLWcFEgx70jrBQKj8s2Jj+W0gZYv+BJtPMPY0KAkRj1amt4Fd6ZrPOEXJ392EHSAEv5jssO5ba52OHKA+QkYvPPL04rwkxSAQiTl57scnEj2WEIP+Lz0/qsMnwF+3rWuz856doJZcXX+U9iuzBCaYQqA1P3BojAYhEHnXBPeolHOA3BmhT9E2TJsZ6P9SQ+GaqyLm0i4vRXGlArlkLwRBs9EZv/l4DT8q0YHha53O4rhRzGJZKAOO252Dpha1YN7+FubYGAZjaUT5O0R/7xSPrGyBejddtM8asW8+NClAn4Y6xvj1IgUg6VRpEy7ZIpZEQ+UyDWt0A4nsipaz2NyZKZ5Vxza2v1qZDdYODK8nm/zj7fR/JykaNVEVj7ceTSHdaQlajfeEWWTs92msIBcqPUXqlaR005hoVvXm+WCnzIMIXLGiyRKRsAPIDYh2hGCtvfXLSq5TYm3bnGAImL0KW3Yllt1qSqSbOYsvm5QfDmTrrccvtSLGRj0rOU3Z8f4WXjf+1YgxjZ9h8fKL+LKA8x1S6M8fl0JVGBIAU8Xe8c4+r2F1VcygJp7h+0v8o8GudM6in4djAdeMLWBgXid7r0q744joFucP56opwYQp3Lu0oFEo0omS6Rh9yPfOjdGBU2eUdjcCNXXuEJD9yHSyebviSAvDw/KH1AxYSWYnjMWACCfcbOlXf3ej7PuQgq5MdFwF7+QawXm0john4YusUon4/0fqd/IFLd6oHYYesxcFdm1jN6DeS4SAqRgeEPuEWDFERgXjLHBxl5Xdi5n+NOR3Vc7ziJ9j9/CA1DKdwmsFBBDcVKMnr2FibXpN5WsSdlBng0L2zhkL22wRH9xbz8Xk5shN20/EHoxHB5HJvwfOgHIC7ooWKOUUuNTZH43+gVN+wzRzlMfiF4X71Edw+lTnQRp6Lh03M2k9do6JPoX2+UU0h6mOYiAFkhHKzCmK3DY12c4Smx+qLJNbUGhoMgthu/WnXObm0Hr+myCooTYSVNTJx6vVjI3GZtMcat2o8B9k38u/Y5/FxqTYmyXhROwS4v3W5fXwTAaxBqQy6Xj5s4V37omBBh/Z9a43nc2VlT7dKR1wIvNB/gqhiYyYrVMtYMJqGLkeCbu50LUWT4qXyR8uaqbZTVjyJCQRxZd6fd3Zfe9wIeYe3N5qKIXkFD3n1U2Q/EyRfb3TpiA+eYkAtl6JGK0vpeWpN5M2LJ3/V79e3cIG7B7/p6BrRxKxHDnBZcu57KKaN8XM+v2KTz7XdF8bjgeu1V/B9WoBwnpzCM+3s5ffNceuUcb2gJgRAUpZvcSDLYy+9aluGU2Tvsm49fCzr851p3VSEJepgPpnvuq874AX/MbPvqidF8Y21Kss1RUbl5wrlq5IihKdM+xCSq6mjvtSPVHRvw==,iv:2NBiTTW9slOH9BvM+kVbMB/+8EiS/Dc/eaqrtiwn4HY=,tag:0rc2+ZWy9XZYE7RK/oSo3g==,type:str] synapse-turn-shared-secret: ENC[AES256_GCM,data:Q1XRds3Zud1kYkvD6s9WUzP+kNDNsxB5SHd6oCAaLCHhHhYENSAYTZOF+rGjCPNyKFL0e/A=,iv:zScRQrz+pXHNUh/BGOaV+TVnDR3wu1Z/UO1zXarKwtA=,tag:ckpVziE+yb0FjctcT7tAkg==,type:str] +matrix-sliding-sync: ENC[AES256_GCM,data:CmR8Q5NL1m+eixenK4u1n3MfVh49/Q3ZIRmWfSbuFMr3u79rIGrtFf2EjaThCwBHQyXdYw1wyTouxhGZql1Fcp/HYma8u4w5nJOaJa1TXg==,iv:/kFqA/+kpCkhHZKJdhadjH11pZwh4MFiQPjY96t8M5k=,tag:aZkDCcbtonHMTv4TdBv1sQ==,type:str] rmfakecloud: ENC[AES256_GCM,data:ktKBKb6cRv1VF8tRvXIpxIy9hPinVPKK05mgvYzz18PEdcrCLpldm5xf7ffHtY5XzDOAMXDCiz6x4xyv7071frrF0spOEPnIzVhxwG8H2Ck=,iv:qJdHjv0RziAs4G9UGeRwGQ4GE5kaObJWpIYWpRKhr9c=,tag:PXgvU1hZK/gvWGyFJaHekg==,type:str] esphome: ENC[AES256_GCM,data:ufIZkZo1aP/Th/8a+9srkJBqLqPQI/ymElIEBmTKzqsJ3HE/mx9QJ1aH0vGVed9W/wSJ+7+huFpB+pNAebJMohK/fAmAVG3lzgT0wKWw8g4u33VHb6X8FIW6q1+CYRnOCQsocgM4EX26YfzaxVpw9P4PF/abwB1bVzr9xnEL2JdJfstzxnR70dKO88WTolykysc443iDW80i0scH+sCh8JIfDrV+V0l3jT+woAeTw1VA0hFa5x9i3tdfrHpzc/sN1/OW6F1CsMVS2pwUTkr7pKp5nfjxhEPi94iLMmakm0XWPZpay2213FQEUYiRqCIGmD1Oiyq0nSVcOAkc66TNwsqrdPCkCL8OPTXuTd+yIfAuU3267kUMNcN2A9kqGMx4Inj8JGlmvxuoQueuXIA4gvVFhJFBdovpl10HY/YkG/cGM0gazfF2+5xG93RgD9Uryq1g61XTFOkOaH7XtGs8Q13xnnXVwfq2pK/vnx9kQkgXJJQRU1Ng8PAg+Rw1VK6bzVz5ugj6q1ei56orNy4A8FU1z1aGyChfPT3XPaDwLr0pEXvc2Vz/6CxAosSpNHIQ6fO0XBM7nvIs/2jHZssXSVo2iwYRZsgZft60cg0FfBmDyc3QH6pVjYhoQGsBlfQt5CtW7XX3rJjQTcDLfzUlO8Ykax7TXZKnDcvtNonRm45bmV+1CqS9KLrBHouWN0axtweabAVW8dld9EnL3CrclE/RbTI0nPOR00S+Ip7wNuBto30yTACxaPHYF79izHu4rQjmm2N5Jt+nI8maEVva6IbAog16NUw6fYDaMwBDeSszBZm0BwNMf36EP/Mcp+MXrBfP1kOYe6HGjftMRDky83XYvP6Cx7FJcPXIZdsMQydxsXB3LKroFqoS2HsHBnCgQbbraQ5UWi40vKXANlKbgFcutqkATvoPW6Hbh07vfiLVfDeuHU9DUCFlgK7KHPWk/g+Uo+TUmgTVKNhbGU/vFu/9h4kIrbf/ocqL/tyMjwA5Yp9e0rQCez8w5Zqfbtqm4N1WB518Q7p52r8C+yLBAua7yB0gAc7SENXWFafkbHClchZXi3c0hY64YvuweDp8G/bPFT/yLuY/yBvA3F2G3CxZXzCMvhMVQfm2yzJeOL20vWumZ8LuIaXJ/13AzLp+lUrc8RmJvU/Hrp6xsEqzXz34qMiBNUR1BKjNAS86WJ1rzD3QtejeETGDwsw016jNbyIMcShgxiEMHnD6HXzWnfTv2fO5xICiAG/VMm5h+vC3MweW2XO01P3O0/Rq/OSy3R8ZlEFErlhR1HiXhc2CdxuuxqDySi0/rP/Jpxf25Zi8mY9YBTFlV0T9ApzJoTwlobMmmxHmqq+vQSKAxLq0lJ/bpO+8utchHbnQNUICveCkX4w+rK9Vnls3zbiLTBnsf+J4y5zpLZ5HkDCUNcEnD29ZR30IYoBTLUG3PlfyH++rLl5ynW5QKUWLnUdjvf9ZwS2veFAZw6tfHelzjkZ5tps5BkjS8YAi/x70Jw4qs3fzZudq6Lej4fsMdkBnYSSN2s7Sc3A1,iv:jSR/M4KS+cZMQgtTZWtPcpmKFD5QNr7s8ClAbXzpR2s=,tag:sp3BnZi+b9WuIiCPapG6Bw==,type:str] home-assistant: ENC[AES256_GCM,data:wcFMxDdRCHf/shO9v2WaGgrsa9J2WP62xFs=,iv:9ckeIO62cFZUo8fPyQj445CrJVTooNlwLapM/oTsrkk=,tag:mlfxtXDPsB3T79P9BX9oJQ==,type:str] @@ -26,8 +27,8 @@ sops: SU1USkxFUUY2NVhmUHBhZkdrNDR1Q0kKiXIicInELRjDR3tuyA+lnXeCcd9lYvbV GnBRGPM7BNO/6AA7HhAei48Kt+XE6+jQX66yTXyviKhK7Lpjrlb2YQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-06T15:25:14Z" - mac: ENC[AES256_GCM,data:JfgVZ7I/S22cN4yiXqE5nJY0KBq+ZLJABlMTi58VUw5jGf1vUmyTDkzm67QmZtVVL3R/xodrSMJw5CodF7wgVvJFilSvez/ygr1P8KKo7CDMxzl5VTO5uHq5aszOmRFF5N9ZGfUFZxjl3iuCwQofckcMKgeyG/1wOIf37H4Gstw=,iv:oLS4yQdl0LE363gVIkRUieFJ5M2N8Fc4Rge7SuTN85k=,tag:N4uxXbKIHfZonkiV1GxckQ==,type:str] + lastmodified: "2024-09-11T16:10:31Z" + mac: ENC[AES256_GCM,data:7STJaln+9X6xZFAyLSoMCw2PKNiRr4GNhxGbZRPRf+nKfkFh7wJRS3YWVrxd9iOonSPsuHfPnBrAPiq7ILXqwfjNcyf2HtOIPxHz0utE6b0X7KvEwmLSRMOQG9rpsETE5UBQ+DgtU9IwZzTXgh9CGZpHWQAPeOI+lK4OKLlXvkk=,iv:E++ECn4SJy43lW5RWxjSDc7dj0LWDXIuO+5fVFE3+zU=,tag:QFvao9PWSllzXXhGwFQgrw==,type:str] pgp: - created_at: "2024-01-31T01:20:30Z" enc: |- diff --git a/hosts/iron/services/matrix.nix b/hosts/iron/services/matrix.nix index 7214d0d..115277f 100644 --- a/hosts/iron/services/matrix.nix +++ b/hosts/iron/services/matrix.nix @@ -9,12 +9,19 @@ in owner = "matrix-synapse"; sopsFile = ../secrets.yaml; }; + matrix-sliding-sync = { + sopsFile = ../secrets.yaml; + }; }; jalr.matrix = { enable = true; fqdn = "matrix.jalr.de"; domain = "jalr.de"; synapse.port = ports.matrix-synapse.tcp; + sliding-sync = { + port = ports.matrix-sliding-sync.tcp; + secretFile = config.sops.secrets.matrix-sliding-sync.path; + }; turn = { host = "turn.jalr.de"; sharedSecretFile = config.sops.secrets.synapse-turn-shared-secret.path; diff --git a/hosts/magnesium/services/webserver.nix b/hosts/magnesium/services/webserver.nix index 9c55514..8ab2c50 100644 --- a/hosts/magnesium/services/webserver.nix +++ b/hosts/magnesium/services/webserver.nix @@ -44,7 +44,7 @@ in add_header Content-Type application/json; return 200 '${builtins.toJSON { "m.server" = "${matrixDomain}:443"; - }}'; + }}'; ''; "=/.well-known/matrix/client".extraConfig = '' ${parentHeaders} @@ -52,6 +52,7 @@ in add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON { "m.homeserver"."base_url" = "https://${matrixDomain}"; + "org.matrix.msc3575.proxy"."url" = "https://${matrixDomain}"; }}'; ''; }; diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index d237ca5..48dae11 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -21,6 +21,16 @@ in }; }; }; + sliding-sync = { + port = mkOption { + description = "TCP port for synapse service."; + type = port; + }; + secretFile = mkOption { + type = path; + description = "Location of the file to set secret environment variables."; + }; + }; fqdn = mkOption { type = str; description = '' @@ -82,6 +92,7 @@ in imports = [ ./mautrix-signal.nix ./mautrix-whatsapp.nix + ./sliding-sync.nix ./synapse.nix ]; } diff --git a/modules/matrix/sliding-sync.nix b/modules/matrix/sliding-sync.nix new file mode 100644 index 0000000..9ab2cba --- /dev/null +++ b/modules/matrix/sliding-sync.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.jalr.matrix; +in +lib.mkIf cfg.enable { + services.matrix-sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = "https://${cfg.fqdn}"; + SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.sliding-sync.port}"; + }; + environmentFile = cfg.sliding-sync.secretFile; + }; + services.nginx.virtualHosts."${cfg.fqdn}".locations."/_matrix/client/unstable/org.matrix.msc3575/sync" = { + proxyPass = "http://127.0.0.1:${toString cfg.sliding-sync.port}"; + }; +} From d870abcd3fe763b1de86f895840c3e86fce6db29 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 11 Sep 2024 18:23:21 +0200 Subject: [PATCH 12/18] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/04a1cda0c1725094a4db703cccbb956b7558f5a6' (2024-09-07) → 'github:nixos/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/6f6c45b5134a8ee2e465164811e451dcb5ad86e3' (2024-09-03) → 'github:nixos/nixpkgs/44a71ff39c182edaf25a7ace5c9454e7cba2c658' (2024-09-10) • Updated input 'nixpkgsMaster': 'github:NixOS/nixpkgs/193565cfe3ff415029ee805fbcbe1c2b2e1a01e3' (2024-09-07) → 'github:NixOS/nixpkgs/ee9a6df34035b1d24a2171869de9912904b65e03' (2024-09-11) • Updated input 'nur': 'github:nix-community/NUR/c92b904814d4a89d323c90e249c84ef6629ffade' (2024-09-07) → 'github:nix-community/NUR/458b5f46020cce18c46452b8ec16721c57142936' (2024-09-11) • Updated input 'sops-nix': 'github:Mic92/sops-nix/d9d781523a1463965cd1e1333a306e70d9feff07' (2024-09-05) → 'github:Mic92/sops-nix/cede1a08039178ac12957733e97ab1006c6b6892' (2024-09-09) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/556533a23879fc7e5f98dd2e0b31a6911a213171' (2024-07-21) → 'github:NixOS/nixpkgs/dc454045f5b5d814e5862a6d057e7bb5c29edc05' (2024-09-08) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index d7bdd94..e819fdf 100644 --- a/flake.lock +++ b/flake.lock @@ -314,11 +314,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725716377, - "narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -330,11 +330,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725407940, - "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", + "lastModified": 1725930920, + "narHash": "sha256-RVhD9hnlTT2nJzPHlAqrWqCkA7T6CYrP41IoVRkciZM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", + "rev": "44a71ff39c182edaf25a7ace5c9454e7cba2c658", "type": "github" }, "original": { @@ -378,11 +378,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixpkgsMaster": { "locked": { - "lastModified": 1725749909, - "narHash": "sha256-z6tE76iVykVY8tGoNZnvm0q50VjxDPhn6YQNPFH1K2c=", + "lastModified": 1726071450, + "narHash": "sha256-iKjWcP3Y+W4AX2UmumaChive9Dc0WAvMwY1SXLv7wO8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "193565cfe3ff415029ee805fbcbe1c2b2e1a01e3", + "rev": "ee9a6df34035b1d24a2171869de9912904b65e03", "type": "github" }, "original": { @@ -410,11 +410,11 @@ }, "nur": { "locked": { - "lastModified": 1725741028, - "narHash": "sha256-/CornZK9spEoVBOXdR/Rf36Hm5WqyIM9u+JXU1ffMEs=", + "lastModified": 1726069811, + "narHash": "sha256-CATlLfKFs6vA7SSG+uaiT/rSGBwWMCI5S5kdUvQK9qE=", "owner": "nix-community", "repo": "NUR", - "rev": "c92b904814d4a89d323c90e249c84ef6629ffade", + "rev": "458b5f46020cce18c46452b8ec16721c57142936", "type": "github" }, "original": { @@ -526,11 +526,11 @@ "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { - "lastModified": 1725540166, - "narHash": "sha256-htc9rsTMSAY5ek+DB3tpntdD/es0eam2hJgO92bWSys=", + "lastModified": 1725922448, + "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d9d781523a1463965cd1e1333a306e70d9feff07", + "rev": "cede1a08039178ac12957733e97ab1006c6b6892", "type": "github" }, "original": { From 32c28d8577dd99cf22775ce1ad57c9bf846e36ac Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 11 Sep 2024 22:40:02 +0200 Subject: [PATCH 13/18] Enable Signal --- hosts/iron/services/matrix.nix | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/hosts/iron/services/matrix.nix b/hosts/iron/services/matrix.nix index 115277f..79a184d 100644 --- a/hosts/iron/services/matrix.nix +++ b/hosts/iron/services/matrix.nix @@ -2,6 +2,8 @@ args@{ config, pkgs, custom-utils, ... }: let ports = import ../ports.nix args; + signalPhoneNumber = "+4915566437153"; + signalUser = "jalr"; in { sops.secrets = { @@ -38,7 +40,7 @@ in }; }; mautrix-signal = { - enable = false; + enable = true; port = ports.mautrix-signal.tcp; settings.bridge = { permissions = { @@ -50,4 +52,27 @@ in }; }; }; + + systemd.services.signal-cli-receive = { + description = "Run signal-cli to receive messages"; + serviceConfig = { + Type = "oneshot"; + User = signalUser; + CapabilityBoundingSet = null; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + SystemCallFilter = "@system-service"; + }; + script = "${pkgs.signal-cli}/bin/signal-cli -u ${signalPhoneNumber} receive"; + }; + systemd.timers.signal-cli-receive = { + description = "Run signal-cli to receive messages"; + after = [ "network.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + Persistent = true; + OnCalendar = "*-*-* *:00:00"; + Unit = config.systemd.services.signal-cli-receive.name; + }; + }; } From 9e95b2595a021c3e2ad53d9afc23580c487c2ded Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 11 Sep 2024 22:40:53 +0200 Subject: [PATCH 14/18] Add libvirt --- hosts/iron/configuration.nix | 17 ++++++++++++++--- hosts/iron/services/dnsmasq.nix | 1 + 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/hosts/iron/configuration.nix b/hosts/iron/configuration.nix index 5963afe..d2a78b8 100644 --- a/hosts/iron/configuration.nix +++ b/hosts/iron/configuration.nix @@ -77,12 +77,20 @@ with lib; { externalInterface = interfaces.wan; internalInterfaces = [ interfaces.lan + "virbr0" ]; }; - firewall.extraForwardRules = '' - tcp flags syn tcp option maxseg size set rt mtu - ''; + firewall = { + allowedTCPPorts = [ 5201 ]; + extraForwardRules = '' + tcp flags syn tcp option maxseg size set rt mtu + ''; + interfaces.virbr0 = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 67 ]; + }; + }; }; services.radvd = { @@ -225,5 +233,8 @@ with lib; { memoryPercent = 60; priority = 1; }; + + + jalr.libvirt.enable = true; }; } diff --git a/hosts/iron/services/dnsmasq.nix b/hosts/iron/services/dnsmasq.nix index 15d6710..b277cf4 100644 --- a/hosts/iron/services/dnsmasq.nix +++ b/hosts/iron/services/dnsmasq.nix @@ -8,6 +8,7 @@ in services.dnsmasq = { enable = true; settings = { + bind-interfaces = true; listen-address = [ "192.168.42.1" "10.20.0.1" From 476c0990444efa54182b03212474f7d75375f5c9 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 11 Sep 2024 22:42:07 +0200 Subject: [PATCH 15/18] Remove nano --- modules/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/default.nix b/modules/default.nix index bd73bc6..ae19e75 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -67,6 +67,8 @@ ]; }; + programs.nano.enable = false; + security.acme = { acceptTerms = true; defaults = { From 6b8a8c73c5bcccd08722804eb1bb338a2d46b3c1 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Tue, 17 Sep 2024 13:48:22 +0200 Subject: [PATCH 16/18] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/e55f9a8678adc02024a4877c2a403e3f6daf24fe' (2024-09-03) → 'github:nix-community/disko/22ee467a54a3ab7fa9d637ccad5330c6c087e9dc' (2024-09-16) • Updated input 'flake-utils': 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11) → 'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09) → 'github:nixos/nixos-hardware/dc8b0296f68f72f3fe77469c549a6f098555c2e9' (2024-09-16) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/44a71ff39c182edaf25a7ace5c9454e7cba2c658' (2024-09-10) → 'github:nixos/nixpkgs/8f7492cce28977fbf8bd12c72af08b1f6c7c3e49' (2024-09-14) • Updated input 'nixpkgsMaster': 'github:NixOS/nixpkgs/ee9a6df34035b1d24a2171869de9912904b65e03' (2024-09-11) → 'github:NixOS/nixpkgs/06e78ca76feaa97082b905d330265d495eefc9f7' (2024-09-17) • Updated input 'nur': 'github:nix-community/NUR/458b5f46020cce18c46452b8ec16721c57142936' (2024-09-11) → 'github:nix-community/NUR/48b58426a0fb447bad367813e742247dc860bed6' (2024-09-17) • Updated input 'poetry2nix': 'github:nix-community/poetry2nix/a313fd7169ae43ecd1a2ea2f1e4899fe3edba4d2' (2024-09-05) → 'github:nix-community/poetry2nix/a0cbe913ce184bef7cd739f75ba5d123e1f41ef2' (2024-09-15) • Updated input 'sops-nix': 'github:Mic92/sops-nix/cede1a08039178ac12957733e97ab1006c6b6892' (2024-09-09) → 'github:Mic92/sops-nix/e2d404a7ea599a013189aa42947f66cede0645c8' (2024-09-16) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index e819fdf..83e4427 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1725377834, - "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "lastModified": 1726524467, + "narHash": "sha256-xkPPPvfHhHK7BNX5ZrQ9N6AIEixCmFzRZHduDf0zv30=", "owner": "nix-community", "repo": "disko", - "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "rev": "22ee467a54a3ab7fa9d637ccad5330c6c087e9dc", "type": "github" }, "original": { @@ -99,11 +99,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725885300, - "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", + "lastModified": 1726489388, + "narHash": "sha256-JBHtN+n1HzKawpnOQAz6jdgvrtYV9c/kyzgoIdguQGo=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", + "rev": "dc8b0296f68f72f3fe77469c549a6f098555c2e9", "type": "github" }, "original": { @@ -330,11 +330,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725930920, - "narHash": "sha256-RVhD9hnlTT2nJzPHlAqrWqCkA7T6CYrP41IoVRkciZM=", + "lastModified": 1726320982, + "narHash": "sha256-RuVXUwcYwaUeks6h3OLrEmg14z9aFXdWppTWPMTwdQw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "44a71ff39c182edaf25a7ace5c9454e7cba2c658", + "rev": "8f7492cce28977fbf8bd12c72af08b1f6c7c3e49", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixpkgsMaster": { "locked": { - "lastModified": 1726071450, - "narHash": "sha256-iKjWcP3Y+W4AX2UmumaChive9Dc0WAvMwY1SXLv7wO8=", + "lastModified": 1726573629, + "narHash": "sha256-O4fWqykLSQrGcNmx7HCElAmrYC6riGbhdCzk1dmj4qs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee9a6df34035b1d24a2171869de9912904b65e03", + "rev": "06e78ca76feaa97082b905d330265d495eefc9f7", "type": "github" }, "original": { @@ -410,11 +410,11 @@ }, "nur": { "locked": { - "lastModified": 1726069811, - "narHash": "sha256-CATlLfKFs6vA7SSG+uaiT/rSGBwWMCI5S5kdUvQK9qE=", + "lastModified": 1726569072, + "narHash": "sha256-x33fIaVSJGc/kLiXh+a8x97GrMN1DtnRd8Ar50sDaNs=", "owner": "nix-community", "repo": "NUR", - "rev": "458b5f46020cce18c46452b8ec16721c57142936", + "rev": "48b58426a0fb447bad367813e742247dc860bed6", "type": "github" }, "original": { @@ -436,11 +436,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1725532428, - "narHash": "sha256-dCfawQDwpukcwQw++Cn/3LIh/RZMmH+k3fm91Oc5Pf0=", + "lastModified": 1726394406, + "narHash": "sha256-RUzT5OUT+sCNl/fA4u6u/SPc1Bye7MU96Vtu6jksfxs=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "a313fd7169ae43ecd1a2ea2f1e4899fe3edba4d2", + "rev": "a0cbe913ce184bef7cd739f75ba5d123e1f41ef2", "type": "github" }, "original": { @@ -526,11 +526,11 @@ "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { - "lastModified": 1725922448, - "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", + "lastModified": 1726524647, + "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cede1a08039178ac12957733e97ab1006c6b6892", + "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", "type": "github" }, "original": { From 13b86afac1ff740e1c007bffd8850c6435b58f3f Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Tue, 17 Sep 2024 14:35:31 +0200 Subject: [PATCH 17/18] Use implicit TLS port for SMTP client connection --- hosts/iron/ports.nix | 2 +- hosts/weinturm-pretix-prod/ports.nix | 2 +- modules/mailserver/postfix.nix | 4 ++-- users/jalr/default.nix | 12 ++++++------ 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/hosts/iron/ports.nix b/hosts/iron/ports.nix index 0a751fc..b5d9466 100644 --- a/hosts/iron/ports.nix +++ b/hosts/iron/ports.nix @@ -14,7 +14,7 @@ custom-utils.validatePortAttrset { nginx-http.tcp = 80; nginx-https.tcp = 443; postfix-relay.tcp = 25; - postfix-submission.tcp = [ 465 587 ]; + postfix-submission.tcp = [ 465 ]; qbittorrent-torrent.tcp = 59832; qbittorrent-webui.tcp = 8099; radicale.tcp = 5232; diff --git a/hosts/weinturm-pretix-prod/ports.nix b/hosts/weinturm-pretix-prod/ports.nix index 9c3e0e7..5de5641 100644 --- a/hosts/weinturm-pretix-prod/ports.nix +++ b/hosts/weinturm-pretix-prod/ports.nix @@ -4,5 +4,5 @@ custom-utils.validatePortAttrset { nginx-http.tcp = 80; nginx-https.tcp = 443; ports.postfix-relay.tcp = 25; - ports.postfix-submission.tcp = [ 465 587 ]; + ports.postfix-submission.tcp = [ 465 ]; } diff --git a/modules/mailserver/postfix.nix b/modules/mailserver/postfix.nix index e09a48a..62b7eaa 100644 --- a/modules/mailserver/postfix.nix +++ b/modules/mailserver/postfix.nix @@ -41,7 +41,7 @@ lib.mkIf cfg.enable { relayPort = cfg.relayPort; - enableSubmission = true; # plain/STARTTLS (latter is forced in submissionOptions) + enableSubmission = false; # plain/STARTTLS (latter is forced in submissionOptions) enableSubmissions = true; # submission with implicit TLS (TCP/465) hostname = cfg.fqdn; @@ -147,7 +147,7 @@ lib.mkIf cfg.enable { networking.firewall.allowedTCPPorts = [ 25 # SMTP - 587 # SMTP submission + 465 # SMTPS (implicit TLS) ]; systemd.services.postfix = { diff --git a/users/jalr/default.nix b/users/jalr/default.nix index 175fdf0..9d83727 100644 --- a/users/jalr/default.nix +++ b/users/jalr/default.nix @@ -81,10 +81,10 @@ in }; smtp = { host = "hha.jalr.de"; - port = 587; + port = 465; tls = { enable = true; - useStartTls = true; + useStartTls = false; }; }; thunderbird = { @@ -106,10 +106,10 @@ in }; smtp = { host = "mail.agenturserver.de"; - port = 587; + port = 465; tls = { enable = true; - useStartTls = true; + useStartTls = false; }; }; thunderbird = { @@ -156,10 +156,10 @@ in }; smtp = { host = "hha.jalr.de"; - port = 587; + port = 465; tls = { enable = true; - useStartTls = true; + useStartTls = false; }; }; thunderbird = { From 2ba33e485169a7fab15ad4ddf28485484819ae9d Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Tue, 17 Sep 2024 13:46:44 +0200 Subject: [PATCH 18/18] Add forgejo --- hosts/iron/secrets/mail-users.nix | Bin 1342 -> 1524 bytes hosts/magnesium/ports.nix | 3 +- hosts/magnesium/secrets.yaml | 7 +-- hosts/magnesium/services/default.nix | 1 + hosts/magnesium/services/forgejo.nix | 68 +++++++++++++++++++++++++++ 5 files changed, 75 insertions(+), 4 deletions(-) create mode 100644 hosts/magnesium/services/forgejo.nix diff --git a/hosts/iron/secrets/mail-users.nix b/hosts/iron/secrets/mail-users.nix index 4caac0272ba9b7f6a486d618340f3c1cbb23dc09..0046b885874d45c973507b8b794424d0d4864c26 100644 GIT binary patch literal 1524 zcmZQ@_Y83kiVO&05aO?RHS60mha(MQ3{4+T=?i|@zlCi^Pg7RM2ib)dlm6&S?Anst zC%e+CtYMOOcG-i#gwIX2{J%8lCH3b3_zG?*)zrLy#`|)S(kF&FX__-Vwo;quD z`h?BvV}I^De(6S0$?jU|oi}Ej_Sw6sZ3TzfMW;EpDy&%@kIw2c`_9&N=61Pk#60K8 z-}&roN~)KZ^vz6m?J|)sa(|a`HRaNbf3MtF>yAI@o)`Q7;`b!8f6ZrumHZY=_h>O{(Olw-N7jfZ2%7IU_ z+ONB8te7ja<71wPt&Y5=ab28YuQ;*ex;4!o7<%u!80-?Z|^r<^|tEBr1|}=FwRt8| zelj~^n4=^*L#lsdW$4FDJuiFxV$Hp{tXI4lrZ2ON{+~`c{n6xtlCRg#Wi3ZS55>D_ z{NB|$F);OOSct^xzcp!>KF|DDo}Xa(A+6eXg(>~pNk&ET2!KD7}izh1a)-6s9(c-x0Of$dHqSIee8wA$o=l3`_P1z_qe{;3WJK>!M)9;9D$XuT% zb@i|E)(6WRr53#Mcp}e~y^(KO&NkKP2*wW|@$g|JeRM{>qPA+E0I7(bjH0S)ZAEJ!`?1l#~nEXP4dPx!uwI(nUi(v?cGu^u=#t z7nfa#LB92Xc_oJci(f*r~ z){|x`X!1T^+jT+d`>gy@`!h>zEUy0(Teg zteOA4=E2rAb{`La++I6{d0wYTish+WFGG?#H*j12{#J0{x17}b{YyFCv{O3+Unrl34NA5 zm!2(Xlufnt(4H`9ev;JGn`}4bB272NO`C8pwzYhwoUU@qqQwiy}j<>krkHnY?d;Nulsx$DKV#yc1qJ))vL_ zXeP~Eb>(dgyWeN;TWYop!9J&}Tt02tm&+8zV?HCpV53<2n^O1n2LpEm%=(*_a4(r* z<;Rn4DtexctEZ){y7o$Hw)D=KYxfoX-E4BEyzlDmFX2sxxI{$j9B!S|Bz z%87Nodrv-_X5;=&XO{fc%o@Iig}Xvuu$S0wc6MX_BzC-oyC-M=?xPZ|J0unc3L0Ms zEc`lS*RusVYGoa*!YBI{?D(>I_n!j64Lr%~!m_xg&fV(46g*EmL#M>W;M^peOZPra zi=N4GEx5QmMeNtymG_0s#Ts-@v9t?CyjWl7onUNyu<*Fe?Hx~zg-sUgmzUgs?cQ{8 zuW8~f<^wCT<##`K{!17}=FR7@E~BC(FSzYZ@Zqqxrm^ySg5FJ;CB?3AWTt0!_};Jg>$5*kX>wO_ zH0ZtRulC;h&Gxw;Pp4fDy}xUg-oB%PEi4^wAGfI6OKjt3*lNtf{Qk5Ruj)Fz)R4o? zQtnl*shrc4Iody12`%P1G{>yGI`R7f1J%qNsRJhZFIH8utZJFYH*41$CYvHXK8-yt zt+(fW`?t;3W24^X0yo2}7mTI{Mjp195HRa)!Oz7%Dt#}`l=!H**<+7$*0Vi}0%xpe zpY_tocII7=<860N%)G8XEyyit@$_upIt`^G8F`8q1&BagXL-C$JdO8uDa2M7{Y_$CbNFBX0lUXJ-#_dOd;9t9<}2+B1XF9|m(yB3gXPHl;5Bx^Dk7)U8T<+qHw3+pEoRl7 z@XPhe{q7mbNfwX)epupA+xfe>z~$S#_j(KN&S;S9Z@SG|$P?YhU4F#!6(7&53vH8^ zq?sw++`TaC826r+U$U0Xk+YV|S$cHyGM8`eN!3eSohk*=&eX76m*U$lB={nEvCWa< zecky?;xCj^t}R)_ep!-jChL4_+q_Mu>n6Ko7#!4oq}aVBb-iz{u<>*;nO`ev`}VyH Q?w;cG^UtJ+(uJ}103