Compare commits

...

60 Commits

Author SHA1 Message Date
Simon Bruder bf7403204f
vueko/mail: Add alias 2024-04-28 23:28:53 +02:00
Simon Bruder ed8ec88f6e
renge/mastodon: Init 2024-04-28 11:38:51 +02:00
Simon Bruder 909f274ea2
vueko/mail: Add alias 2024-04-28 11:31:13 +02:00
Simon Bruder 6b31c22be7
Do not use gpg-agent for ssh on headless systems 2024-04-26 11:41:42 +02:00
Simon Bruder 6e7782b479
vueko/mail: Add alias 2024-04-22 19:53:34 +02:00
Simon Bruder 025f36503b
vueko/mail: Add alias 2024-04-19 18:44:54 +02:00
Simon Bruder 26953a0276
vueko/mail: Add alias 2024-04-19 12:31:10 +02:00
Simon Bruder 5b26434dce
vueko/mail: Add alias 2024-04-17 17:41:54 +02:00
Simon Bruder 16cf73afb9
okarin: Migrate to different VPS
Previously, it was hosted on Ionos’s VMware-based infrastructure. I
already had a VPS on their new KVM-based infrastructure, as I was
planning to migrate okarin to it eventually (as it is cheaper). However,
the new infrastructure does not offer PTR records for IPv6 addresses.
Therefore, I was waiting until they would implement that feature (as the
support promised me they would to in the near future).

However, they are now migrating the (at least my) guests from their
VMware hypervisors onto the KVM ones, assigning new IPv6 addresses to
them. This makes the old VPS essentially the same as the old one, but
with less memory and more expensive. So I decided to migrate now.
2024-04-17 12:40:46 +02:00
Simon Bruder 853e817901
sbruder.xyz: Remove deprecated services 2024-04-16 23:40:39 +02:00
Simon Bruder 7daad927e8
yuzuru/static-sites: Migrate okarin’s sites 2024-04-16 23:40:37 +02:00
Simon Bruder ae35e82369
vueko/mail: Add alias 2024-04-14 17:24:11 +02:00
Simon Bruder 670ff94dda
tools: Fix reptyr build in qemu-user-aarch64
This was already fixed in NixOS unstable:
https://github.com/NixOS/nixpkgs/pull/292342
2024-04-13 12:23:36 +02:00
Simon Bruder 62c26e06a5
neovim: Switch to nixd
rnix-lsp is no longer maintained and the package is currently broken in
nixpkgs as it depends on an insecure Nix version.
2024-04-13 12:09:36 +02:00
Simon Bruder 5f81e9db4b
renge/invidious: Remove patch
It is included in the newer version.
2024-04-13 12:08:36 +02:00
Simon Bruder 10f2e5638f
flake.lock: Update
Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28)
  → 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11)
• Updated input 'home-manager':
    'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
  → 'github:nix-community/home-manager/d6bb9f934f2870e5cbc5b94c79e9db22246141ff' (2024-04-06)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/cf111d1a849ddfc38e9155be029519b0e2329615' (2024-03-06)
  → 'github:nix-community/home-manager/40ab43ae98cb3e6f07eaeaa3f3ed56d589da21b0' (2024-04-13)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/5df5a70ad7575f6601d91f0efec95dd9bc619431' (2024-02-15)
  → 'github:cachix/pre-commit-hooks.nix/40e6053ecb65fcbf12863338a6dcefb3f55f1bf8' (2024-04-12)
• Updated input 'nix-pre-commit-hooks/gitignore':
    'github:hercules-ci/gitignore.nix/43e1aa1308018f37118e34d3a9cb4f5e75dc11d5' (2023-12-29)
  → 'github:hercules-ci/gitignore.nix/637db329424fd7e46cf4185293b9cc8c88c95394' (2024-02-28)
• Updated input 'nix-pre-commit-hooks/nixpkgs-stable':
    'github:NixOS/nixpkgs/3dc440faeee9e889fe2d1b4d25ad0f430d449356' (2024-01-10)
  → 'github:NixOS/nixpkgs/614b4613980a522ba49f0d194531beddbb7220d3' (2024-03-17)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/59e37017b9ed31dee303dbbd4531c594df95cfbc' (2024-03-02)
  → 'github:nixos/nixos-hardware/f58b25254be441cd2a9b4b444ed83f1e51244f1f' (2024-04-12)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/880992dcc006a5e00dd0591446fdf723e6a51a64' (2024-03-05)
  → 'github:nixos/nixpkgs/b2cf36f43f9ef2ded5711b30b1f393ac423d8f72' (2024-04-10)
• Updated input 'nixpkgs-overlay':
    'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=32ef4fd545a29cdcb2613934525b97470818b42e' (2024-01-01)
  → 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=2bcb2b6c7b0e04f4ef8e51e00fd93a5e5cb00bf8' (2024-04-12)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/9df3e30ce24fd28c7b3e2de0d986769db5d6225d' (2024-03-06)
  → 'github:nixos/nixpkgs/1042fd8b148a9105f3c0aca3a6177fd1d9360ba5' (2024-04-10)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/25dd60fdd08fcacee2567a26ba6b91fe098941dc' (2024-03-06)
  → 'github:Mic92/sops-nix/538c114cfdf1f0458f507087b1dcf018ce1c0c4c' (2024-04-08)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/66d65cb00b82ffa04ee03347595aa20e41fe3555' (2024-03-03)
  → 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06)
2024-04-13 10:39:56 +02:00
Simon Bruder 1f75062bc2
vueko/mail: Add alias 2024-04-04 16:00:01 +02:00
Simon Bruder 526db3d97b
vueko/mail: Add alias 2024-04-02 19:13:43 +02:00
Simon Bruder ad209fa0f7
vueko/mail: Add alias 2024-04-02 15:41:23 +02:00
Simon Bruder 00bada7b12
renge: Fix invidious
The patch is already in upstream, but for multiple reasons, I decided to
only apply the patch and not update.
2024-03-31 19:57:09 +02:00
Simon Bruder f30318869b
vueko/mail: Add alias 2024-03-31 13:07:27 +02:00
Simon Bruder 709f8d5676
ncmpcpp: Follow now playing lyrics 2024-03-31 13:03:35 +02:00
Simon Bruder 51e8dd4169
vueko/mail: Add alias 2024-03-15 14:05:28 +01:00
Simon Bruder fc7f0f8648
co2_exporter: Fix typo in doCheck 2024-03-15 14:01:32 +01:00
Simon Bruder 11d0870f5c
vueko/mail: Add alias 2024-03-14 10:59:43 +01:00
Simon Bruder a1645314f4
games: Drop yuzu
It is dead[1].

[1]: https://arstechnica.com/gaming/2024/03/switch-emulator-makers-agree-to-pay-2-4-million-to-settle-nintendo-lawsuit/
2024-03-07 11:59:36 +01:00
Simon Bruder 47cb7b4b32
flake.lock: Update
Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/1ef2e671c3b0c19053962c07dbda38332dcebf26' (2024-01-15)
  → 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/043ba285c6dc20f36441d48525402bcb9743c498' (2024-02-14)
  → 'github:nix-community/home-manager/cf111d1a849ddfc38e9155be029519b0e2329615' (2024-03-06)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/0db2e67ee49910adfa13010e7f012149660af7f0' (2024-02-07)
  → 'github:cachix/pre-commit-hooks.nix/5df5a70ad7575f6601d91f0efec95dd9bc619431' (2024-02-15)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/f1b2f71c86a5b1941d20608db0b1e88a07d31303' (2024-02-13)
  → 'github:nixos/nixos-hardware/59e37017b9ed31dee303dbbd4531c594df95cfbc' (2024-03-02)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/01885a071465e223f8f68971f864b15829988504' (2024-02-13)
  → 'github:nixos/nixpkgs/880992dcc006a5e00dd0591446fdf723e6a51a64' (2024-03-05)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/35ff7e87ee05199a8003f438ec11a174bcbd98ea' (2024-02-13)
  → 'github:nixos/nixpkgs/9df3e30ce24fd28c7b3e2de0d986769db5d6225d' (2024-03-06)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/48afd3264ec52bee85231a7122612e2c5202fa74' (2024-02-13)
  → 'github:Mic92/sops-nix/25dd60fdd08fcacee2567a26ba6b91fe098941dc' (2024-03-06)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
  → 'github:NixOS/nixpkgs/66d65cb00b82ffa04ee03347595aa20e41fe3555' (2024-03-03)
2024-03-07 09:50:31 +01:00
Simon Bruder 07cac97bef
vueko/mail: Add alias 2024-03-02 11:47:52 +01:00
Simon Bruder 4c119f0b80
authoritative-dns: Drop INWX secondaries 2024-02-27 15:57:04 +01:00
Simon Bruder 939df6ae2a
wordclock-dimmer: Make logging less verbose
The time is already stored in the journal, so it does not need to be
logged. Only logging changed values makes the log less polluted once a
fixed value has been reached ((3, 3, 3) or (3, 0, 0)):
2024-02-24 20:57:49 +01:00
Simon Bruder 8f1d0a149c
node_exporter: Disable ARP netlink collector
It currently fails (logging an error message on every scrape). This
disables the netlink collector, making it fall back to reading ARP
entries from /proc/net/arp.
2024-02-24 20:52:38 +01:00
Simon Bruder a9f86e7ced
Fix resolving FQDN when resolved is enabled 2024-02-24 19:21:56 +01:00
Simon Bruder 3816e6fc5d
authoritative-dns: Add renge, yuzuru to secondaries 2024-02-24 13:22:17 +01:00
Simon Bruder bb8152d772
vueko/mail: Add alias 2024-02-23 19:21:13 +01:00
Simon Bruder 06958ad544
vueko/mail: Remove alias 2024-02-23 19:21:12 +01:00
Simon Bruder 5375a858bd
Replace steam with flatpak
I am no longer willing to accept hours upon hours of debugging just to
get the client to work. I don’t get why they would ship a 32-bit GTK2
executable that uses CEF with its sandbox disabled in 2024. Obviously,
this makes debugging quite hard as things don’t work well, even when
they work. This leaves red herrings everywhere (“Is this segfault a
symptom of the issue I’m facing or is that also happening to other users
where it works fine?”).

Flatpak also seems to have quite good sandboxing features when Flatseal
is used for every application to take away any unnecessary permissions.
2024-02-23 19:21:11 +01:00
Simon Bruder ef2c667bfe
shinobu: Add NTP server
This also changes the firewall rules for the IoT network to no longer
accept connections to ntp.org pool hosts over 123/UDP. All clients
should use the local NTP server.
2024-02-15 13:39:42 +01:00
Simon Bruder 7f8859f85b
mailserver/postfix: Update copyright year
This was forgotten in c944812a68 and
242a2315be.
2024-02-15 13:10:42 +01:00
Simon Bruder c4a9d39a15
flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/10cd9c53115061aa6a0a90aad0b0dde6a999cdb9' (2024-01-19)
  → 'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/6b28ab2d798c1c84e24053d95f4ee1dd9d81e2fb' (2024-01-24)
  → 'github:nix-community/home-manager/043ba285c6dc20f36441d48525402bcb9743c498' (2024-02-14)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/f56597d53fd174f796b5a7d3ee0b494f9e2285cc' (2024-01-20)
  → 'github:cachix/pre-commit-hooks.nix/0db2e67ee49910adfa13010e7f012149660af7f0' (2024-02-07)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/e756ff62c2e9db4f7c197bc1849a02024a7bfb2e' (2024-01-24)
  → 'github:nixos/nixos-hardware/f1b2f71c86a5b1941d20608db0b1e88a07d31303' (2024-02-13)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d7f206b723e42edb09d9d753020a84b3061a79d8' (2024-01-22)
  → 'github:nixos/nixpkgs/01885a071465e223f8f68971f864b15829988504' (2024-02-13)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/612f97239e2cc474c13c9dafa0df378058c5ad8d' (2024-01-21)
  → 'github:nixos/nixpkgs/35ff7e87ee05199a8003f438ec11a174bcbd98ea' (2024-02-13)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/ae171b54e76ced88d506245249609f8c87305752' (2024-01-21)
  → 'github:Mic92/sops-nix/48afd3264ec52bee85231a7122612e2c5202fa74' (2024-02-13)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
  → 'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
2024-02-15 11:32:16 +01:00
Simon Bruder a5ae1bf7cd
contact-page: Update git hosters 2024-02-14 15:00:25 +01:00
Simon Bruder 74e5dd2639
Add license exceptions to readme 2024-02-14 14:54:46 +01:00
Simon Bruder badd33a312
vueko/mail: Add alias 2024-02-12 11:28:35 +01:00
Simon Bruder db24be0a69
vueko/mail: Add alias 2024-02-12 11:18:49 +01:00
Simon Bruder 0696d74877
vueko/mail: Add alias 2024-02-11 10:58:54 +01:00
Simon Bruder d645aca536
vueko/mail: Add alias 2024-02-09 11:55:45 +01:00
Simon Bruder 4752437cf5
vueko/mail: Add alias 2024-02-04 14:10:12 +01:00
Simon Bruder 242a2315be
mailserver: Disallow requesting DSN over SMTP
This still allows requesting a DSN over submission, so trusted clients
are not affected. It only affects sending DSN to other systems, which
now no longer takes place. This is done to avoid leaking rspamd
internals.
2024-02-03 01:15:17 +01:00
Simon Bruder c944812a68
mailserver: Extend Received header with TLS info 2024-02-03 00:12:05 +01:00
Simon Bruder 0e870e7188
vueko/mail: Add alias 2024-02-02 12:30:29 +01:00
Simon Bruder ef3939403a
yuzuru/static-sites: Add salespointframework
This had previously been hosted on a separate machine that was now
decommissioned.
2024-02-01 00:40:56 +01:00
Simon Bruder a2cf57ec47
vueko/mail: Drop aliases 2024-01-31 12:07:57 +01:00
Simon Bruder f454aafa20
vueko/mail: Drop aliases 2024-01-27 22:56:33 +01:00
Simon Bruder c5f3b172f3
vueko/mail: Add alias 2024-01-27 22:08:11 +01:00
Simon Bruder 7c4b4a5a9b
vueko/mail: Drop aliases 2024-01-27 22:06:25 +01:00
Simon Bruder 7c26753c04
vueko/mail: Add alias 2024-01-27 20:17:40 +01:00
Simon Bruder eecb609dab
vueko/mail: Drop aliases 2024-01-27 19:00:50 +01:00
Simon Bruder 9caef40c21
wkd: Init 2024-01-27 17:22:53 +01:00
Simon Bruder 0d9e100d01
Replace key for SOPS with minimal key
It was exported with
gpg --armor --export-options export-minimal --export KEYID
2024-01-27 11:10:49 +01:00
Simon Bruder a09967c1c4
pass: Enable browserpass for librewolf 2024-01-27 10:33:27 +01:00
Simon Bruder 4ff453a133
flake.lock: Update
Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/4022d587cbbfd70fe950c1e2083a02621806a725' (2023-12-04)
  → 'github:numtide/flake-utils/1ef2e671c3b0c19053962c07dbda38332dcebf26' (2024-01-15)
• Updated input 'home-manager':
    'github:nix-community/home-manager/7e398b3d76bc1503171b1364c9d4a07ac06f3851' (2024-01-01)
  → 'github:nix-community/home-manager/10cd9c53115061aa6a0a90aad0b0dde6a999cdb9' (2024-01-19)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/6e91c5df192395753d8e6d55a0352109cb559790' (2024-01-01)
  → 'github:nix-community/home-manager/6b28ab2d798c1c84e24053d95f4ee1dd9d81e2fb' (2024-01-24)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/9d3d7e18c6bc4473d7520200d4ddab12f8402d38' (2023-12-30)
  → 'github:cachix/pre-commit-hooks.nix/f56597d53fd174f796b5a7d3ee0b494f9e2285cc' (2024-01-20)
• Updated input 'nix-pre-commit-hooks/flake-compat':
    'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17)
  → 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04)
• Updated input 'nix-pre-commit-hooks/gitignore':
    'github:hercules-ci/gitignore.nix/a20de23b925fd8264fd7fad6454652e142fd7f73' (2022-08-14)
  → 'github:hercules-ci/gitignore.nix/43e1aa1308018f37118e34d3a9cb4f5e75dc11d5' (2023-12-29)
• Updated input 'nix-pre-commit-hooks/nixpkgs-stable':
    'github:NixOS/nixpkgs/c37ca420157f4abc31e26f436c1145f8951ff373' (2023-06-03)
  → 'github:NixOS/nixpkgs/3dc440faeee9e889fe2d1b4d25ad0f430d449356' (2024-01-10)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/f752581d6723a10da7dfe843e917a3b5e4d8115a' (2024-01-01)
  → 'github:nixos/nixos-hardware/e756ff62c2e9db4f7c197bc1849a02024a7bfb2e' (2024-01-24)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/32f63574c85fbc80e4ba1fbb932cde9619bad25e' (2023-12-31)
  → 'github:nixos/nixpkgs/d7f206b723e42edb09d9d753020a84b3061a79d8' (2024-01-22)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/b0d36bd0a420ecee3bc916c91886caca87c894e9' (2023-12-30)
  → 'github:nixos/nixpkgs/612f97239e2cc474c13c9dafa0df378058c5ad8d' (2024-01-21)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6' (2023-12-31)
  → 'github:Mic92/sops-nix/ae171b54e76ced88d506245249609f8c87305752' (2024-01-21)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/0aad9113182747452dbfc68b93c86e168811fa6c' (2023-12-30)
  → 'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
2024-01-24 13:26:28 +01:00
41 changed files with 472 additions and 411 deletions

View File

@ -15,7 +15,7 @@ keys:
- &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3 - &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3
- &renge 06a917fc4a2a1b6b0f69a830285075cac85b7035 - &renge 06a917fc4a2a1b6b0f69a830285075cac85b7035
- &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b - &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
- &okarin 868497ac4266a4d137e0718ae5fc3caa3b8107aa - &okarin e7370b48016c961ef8ad792fda66b19d845b3156
- &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7 - &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7
- &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c - &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c
- &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4 - &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4

View File

@ -143,3 +143,10 @@ so always consult the file header and other resources as specified in the REUSE
Please note that those licensing terms only apply to the source files in this repository, Please note that those licensing terms only apply to the source files in this repository,
not any build outputs, like system or package closures. not any build outputs, like system or package closures.
They might be licensed differently, depending on their source. They might be licensed differently, depending on their source.
If you think you have a compelling reason
why you should be able to use part of this repository under a more permissive license,
please contact me,
so we can figure something out.
Please note, that I can only offer this for files that are solely authored by me,
as I do not own the rights to other peoples code.

View File

@ -26,11 +26,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1696426674,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -44,11 +44,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1710146030,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -65,11 +65,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1660459072, "lastModified": 1709087332,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "gitignore.nix", "repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -85,11 +85,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1704099619, "lastModified": 1712386041,
"narHash": "sha256-QRVMkdxLmv+aKGjcgeEg31xtJEIsYq4i1Kbyw5EPS6g=", "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "7e398b3d76bc1503171b1364c9d4a07ac06f3851", "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -106,11 +106,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1704100519, "lastModified": 1712989663,
"narHash": "sha256-SgZC3cxquvwTN07vrYYT9ZkfvuhS5Y1k1F4+AMsuflc=", "narHash": "sha256-r2X/DIAyKOLiHoncjcxUk1TENWDTTaigRBaY53Cts/w=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "6e91c5df192395753d8e6d55a0352109cb559790", "rev": "40ab43ae98cb3e6f07eaeaa3f3ed56d589da21b0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -215,11 +215,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1703939133, "lastModified": 1712897695,
"narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=", "narHash": "sha256-nMirxrGteNAl9sWiOhoN5tIHyjBbVi5e2tgZUgZlK3Y=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38", "rev": "40e6053ecb65fcbf12863338a6dcefb3f55f1bf8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -231,11 +231,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1704124233, "lastModified": 1712909959,
"narHash": "sha256-lBHs/yUtkcGgapHRS31oOb5NqvnVrikvktGOW8rK+sE=", "narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "f752581d6723a10da7dfe843e917a3b5e4d8115a", "rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -247,11 +247,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703992652, "lastModified": 1712741485,
"narHash": "sha256-C0o8AUyu8xYgJ36kOxJfXIroy9if/G6aJbNOpA5W0+M=", "narHash": "sha256-bCs0+MSTra80oXAsnM6Oq62WsirOIaijQ/BbUY59tR4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "32f63574c85fbc80e4ba1fbb932cde9619bad25e", "rev": "b2cf36f43f9ef2ded5711b30b1f393ac423d8f72",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -275,11 +275,11 @@
"poetry2nix": "poetry2nix" "poetry2nix": "poetry2nix"
}, },
"locked": { "locked": {
"lastModified": 1704120598, "lastModified": 1712934106,
"narHash": "sha256-9g7bZbVHAjMPNUWD2okeOdTmTrC9pkCeVe1zFyvtvqo=", "narHash": "sha256-JubHgaV6HUZarwwq4y2rxJaaj2a6euErJfCqpmhrhWk=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "32ef4fd545a29cdcb2613934525b97470818b42e", "rev": "2bcb2b6c7b0e04f4ef8e51e00fd93a5e5cb00bf8",
"revCount": 65, "revCount": 66,
"type": "git", "type": "git",
"url": "https://git.sbruder.de/simon/nixpkgs-overlay" "url": "https://git.sbruder.de/simon/nixpkgs-overlay"
}, },
@ -290,43 +290,43 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1685801374, "lastModified": 1710695816,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373", "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.05", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1703950681, "lastModified": 1712437997,
"narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=", "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0aad9113182747452dbfc68b93c86e168811fa6c", "rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "release-23.05", "ref": "release-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1703961334, "lastModified": 1712791164,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -453,11 +453,11 @@
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1703991717, "lastModified": 1712617241,
"narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=", "narHash": "sha256-a4hbls4vlLRMciv62YrYT/Xs/3Cubce8WFHPUDWwzf8=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6", "rev": "538c114cfdf1f0458f507087b1dcf018ce1c0c4c",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -1,28 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEACgnoiAZQChPJOD9Bh4VxtX+/KWZXBrw9HhK1aufLH2Q4bS+mrg xsFNBAAAAAABEADJ6iuUnKyoNZU26YWhsIHwTIkhxnNCNDHrq42wSqDgBFU8QyzC
Te5SgFrfsiiYOvo8O2rESmMIWAHRSGxcdcT09+ZZtZxlxW7dmoUXLaPY+Xft0oDT Nd8c34QghVGeqCFr/Md5xXMtgCmoNzFCMullb6PwDIYZ+9SP03B2seoqhnRwp1WG
ekLBs/g3N9qAXYq8XC/YNw0R1FzhComq/enQT2OTcaWES3b2OlFAkn8SVSTTdKgG twejt/dP3QgOBP3G4Tr8uxcdHFnLDvkzN66QyV+LcnzrEf0Dw/9y31Nuo5TlG7UT
jfmPPjDuTTYWPDPPmVRhaRkT/AcByyRcEcYxw4Zn+62iY9ZuV8FG0O0UcR2I/vEw cUCg36a3l+1tTlc3VnGwjt5jc59teD619h1s5tU5zMlcgjhFMMVKHXH1oc8zK0Q4
KwYxHBC4IiqWvCmeJ3mEcf2NBbLwp2hB79dyo9RN8zxbu2mwrCNNO0hbkJGsxom1 va2YyfW+yWZx9Fm9BWF3VLuBdVlPuHVSCZ/Qf/ykDs8nm7Jvwi/I2TQiAeFN7ln9
NjKh7KZz0eaIpb/WAesimHCaAXcB9ovGiyyHjECmZkvKlAXMttrPkF5QJZW2Iao7 vPAYy4z0SQP/w44kVLCe5Mkw4H53LRocPBgxSflzqnJuuEQGroq0xgbP8+xJ8R0h
jcdcT0CNhC9fUwdBPIVRVjQQPyCWrqZEas+zG0tU8nbMy+uI/rT8ALC0zSgQMVyr 5WPqLuy86PhslFsuIfKJgzVsNsz3svBxHO6G5bIsVgIjdfT4QPGxVQSvXG0RpdV0
YDIM7tYHbuBjgHja8gvwAa116L+uTXzkCTuH3OQHowtuvDjorXDKNs5akqJpAPHF HzhUKojENcS2MEB7MJOLu200Ce3tjuaZD+nPUyH9LilNVgEJXMN0+9SfXmzyH1mE
a/fhXzjtY6RfLVp0Hj1+fnwrzMs0D1YdlJEjsBxvpieMTGPXH0YA5ondK/OsHsQD ENW6JWUC+oDgweodltJJ2z3kiaXf0GUNWFEv5P0uxkky3nsed4lDmEs0j0nT3YoS
uzUgKzgGpq8Kp7hXhxi8gevHmNgVN1F4CNlTy0qOkFgD8U11Fk9O4svI+OtzslPr 0hemgdK8X3ZRMuLAxGLCL0SykmsbOdTTzZ/QCak8/0jI8iko9eDrmJ4rNkrQYT4+
/EXRC/faJeFdT20M0BIqhQVWZFiRRMMsHJgZ04mWG40Wysm8esZ3dwS53QARAQAB TM0JEpI3wA4ksl5WcB2cpM/G8buw/zNTycgbjcKoYL+E2K+L7JeR9F1DgQARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQ5fw8qjuBB6oCGw8CGQEAAOyUEAAHW0hbAjCKylnIaezMqNiG AQgAFgUCAAAAAAkQ2maxnYRbMVYCGw8CGQEAAMkCEAClRHcH4fUUpdXroevY9qpR
yDwfM+MpNXaqB4sG0UUiIdgSUTk06PN5dlQ0Jfvh1I7P9y8CxqamlqCUXiqqWEOR O6op26pqBZ839HoD9f4kaZXerhURWVGPcV81uUapR5/B8Pk/OK9LskBetDvoc+J1
Am3Q7oxQKQdSDz//2ijWLdNFcT7bxZvNKQ/T78UYka/qmuLHx2jSuakAX2pAUrOf +B3vM34cRIzbSs55BVrx/Mk6Vn9utPoyutlaJ/b5VMCmz4f2zU/XwPbXOzouvVrn
K7mbElSu8LD0y8hIDEyxuzB/aL13sHh1LkOUCSEgZ977EEfIEgPidPwEtGJvEbhN uy/bqY7aNz0eoeU7lKXrXc9as+VoJgc3Ty9Tt1vPi8lfTeQfmxUDtoer47dhn89C
DaP94cLNapv/lWux8+O5dzKi4R7ghXl6IvrP2LPXQSPF7C3mMZ1ZSX1nFxRjALXi 3fL9R5/4utKt5nRtweOh6+z9T36jNodeHy3VhpuMnUBKsWSQn6Op2sLoeb6FJbh0
xiFbrJFkwEQQmVro/3wX9BZSmt6VnFRKkXnsCLlf9eT0aTmTirtqHgfet0PHqTNt t5Tz1AZhqjT4HY8bGWK8v2i916BmGseFjge7CECYg9M5MydznHl9z87sBUiruGs4
CxrlLKTZFN3ZFropGZ070ESs4i6WZUBpTdsYh/htyo5bWMcHO8J+K+Ttd1M8btM4 fQTZi8IQySaQ8jCqCx+PB1PYUAsZj4j3o74mx2/erAw8gxBlrme44CuikVdbEKMV
RtpAc/2UXa4+dVpLOGqdqkmUEJLVLyGnj9wZZgkx3tWGhjnSohCW3YqffQYlXUFn qYzW/jVJ6EPobtmq+XN8UzU/arf5/BelcU73sQK9fbvCqi47ZMyjC/3UqZ0O12xt
xuiQQ8jKM6luuunMXLt6D9dzOch70z9bnjOm1Z6q/S3PIzn++awzA6N3VTKNuUBP uUjf2IcDl8TyWZ3nSSUV7npXrrT05kC6WMK46TwO9wv8F3v3/35UmonAJt8qp/lw
Phs6hlcAeqdQ6Q2EiS5iXKqPdK1nd9cPKzHOJf1fwlaRPSKeCtXUgkjAClu+heEn 2PNR5W8Sqxr2s+yhkOsh2xwuqBQkdxhqRKeqTv4+kdGAk6ZUmuHmGa1Qni6VsaKT
rst1nggIhCBs+rHc518BVZvISLNVlj5LVwN0mKOk9YPuZItBCGX96WWJZdMHeZk0 TuNRRTEBfQ0QiqF8+lleT2dP4cKI2vAbI0zvyjX6KvNGRb1VlJw3D6Pa0nXW/YQU
MsxjN+we2woCXG5SJGYOyA== NxR1Jvm5bnGfUcnNlzoB4Q==
=UTw1 =6o0h
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

View File

@ -5,67 +5,39 @@ EKpaQ5+0H1NpbW9uIEJydWRlciA8c2ltb25Ac2JydWRlci5kZT6InAQTFgoARAIb
AQUJA8JnAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgBYhBNSKGsqxzb0XAVFm AQUJA8JnAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgBYhBNSKGsqxzb0XAVFm
K7GgtKRYhaAxBQJlrXkpAhkBAAoJELGgtKRYhaAxe14BAMF2Sj/NbHEfPPj/FH0/ K7GgtKRYhaAxBQJlrXkpAhkBAAoJELGgtKRYhaAxe14BAMF2Sj/NbHEfPPj/FH0/
Pndzxihc7T7JOO9TxwsHMdidAP9eGoz3DgjA4gOtJUDwK70G6XwGnXrY8k42AcNE Pndzxihc7T7JOO9TxwsHMdidAP9eGoz3DgjA4gOtJUDwK70G6XwGnXrY8k42AcNE
B0JHBIkCMwQQAQoAHRYhBEfnVZ4DejVlLbv4qo08gvnzCfjsBQJlrZp3AAoJEI08 B0JHBLQxU2ltb24gQnJ1ZGVyIDxzaW1vbi5icnVkZXJAbWFpbGJveC50dS1kcmVz
gvnzCfjsE2IP/RZoV3xvTi9ks5mpClnxdofGR4r2IVFw8TMQLSFfAHAtEJQ+R8fx ZGVuLmRlPoiZBBMWCgBBFiEE1IoayrHNvRcBUWYrsaC0pFiFoDEFAmWtd20CGwEF
0Yk+yoBNjt6JFKsvVVyVTZsK5cZcECSaX8E5gAYIB0+5S7TAC+DL9lDhWqhJnvOk CQPCZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQsaC0pFiFoDGUqAEA
5nWIM6gdey6H4lmwjMQT9deWFBlHI/4+eEv65B2tlPZH7x2EbXywe5TgAmCAuXBI vqCjV1Fti5v6XpFFX/YU3160v4GYwD1vSdNJTTFfm3kBAO3hu30ecM3rWZf0SJmC
7YOCebPh66n0ezJkw0SkEmz5+yMfj/vQNQxvRUpGpMEPDAUvIWEJ+Mb1XRuSZlYy xizTcSJIOEng0z39uk75PV4MuDMEZa13mRYJKwYBBAHaRw8BAQdA1st2Ull8qExF
Z8fNh0lMuvDf/GAwoFLiQM8ToprYT1vVnZ+IzEHkjYA1/nDTj1rDxiFCz+FCc+/k xFBS4ZtAxCP4a0yvany8hfclRDuM2W2I9QQYFgoAJgIbAhYhBNSKGsqxzb0XAVFm
+7fjbtbmX1rSLu90jQZx3h0JEb9t4Zd0X9aOstVnqTi9pMWWyFcUgA71+21VqbIQ K7GgtKRYhaAxBQJlrud2BQkB4qNdAIF2IAQZFgoAHRYhBF8781AR60Ih56rcrDR/
LccjaPZ0YK75on5YaD5ZmtHAl5ZD1VIXL0vnyN/XQYa4GUiN0qVwdG9QSEEe8gu8 +Gmc2gd2BQJlrXeZAAoJEDR/+Gmc2gd2WGkA/1q7AL8NUkvEOXRXOdHUhFkC2AXp
jjAWClU8BroyOtWamOlQWs/RPZsg1G5Nv5KcPJbw67sWzJZYvJhytRMg9yMWM/uC V9deFHxrszMWgIxhAQD7QPihv5Cm8SPkClDMeKFnGwlMpeZNM/XYn5FqyLPrBwkQ
uSC30u/gA49YP2N32XsxwFo8LAUrqn22/WdgcR1NIhHDjzT4SWSTS/ec5lSB998e saC0pFiFoDG2mQD8CMU8iakviZHNDspU2nZLVRp5RWBGtbeqiq2+KUYzgCEA/REV
xw+41h4hDHwZn75HYi89FytjS0Sc8C4b2GPw8eqbhKHKMlPKJah2enFXkR85AZJ1 SAd0ks7DaVVxtHY4cn/oN76QeX3RXUAvfTsiPD0CuDgEZa13whIKKwYBBAGXVQEF
wJGGhHhUS1mZ9e5SbY5ugtYj8v3Q3RMf47pqSHsO1Z9ojWBpAYforhTEtDFTaW1v AQEHQCz6uVsYw1gvKcMfmofGvK8uv4t+PsL0N6jlrPtY/Qt2AwEIB4h+BBgWCgAm
biBCcnVkZXIgPHNpbW9uLmJydWRlckBtYWlsYm94LnR1LWRyZXNkZW4uZGU+iJkE FiEE1IoayrHNvRcBUWYrsaC0pFiFoDEFAmWtd8ICGwwFCQPCZwAACgkQsaC0pFiF
ExYKAEEWIQTUihrKsc29FwFRZiuxoLSkWIWgMQUCZa13bQIbAQUJA8JnAAULCQgH oDFfVwEA7ijxFOSx7RhdE9XqNfDk+Gl4s6ste20j0MW3J+jAKTcBALUk/F0OYJIv
AgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRCxoLSkWIWgMZSoAQC+oKNXUW2Lm/pe E6njUIuZlz4wFKJHDpursKIJu91QjzoFuDMEZa14JhYJKwYBBAHaRw8BAQdATUqx
kUVf9hTfXrS/gZjAPW9J00lNMV+beQEA7eG7fR5wzetZl/RImYLGLNNxIkg4SeDT HSmDAt+Fs/8EN7JvsIuciptaJpLnZApQ5gu2KgeIfgQYFgoAJhYhBNSKGsqxzb0X
Pf26Tvk9XgyJAjMEEAEKAB0WIQRH51WeA3o1ZS27+KqNPIL58wn47AUCZa2afQAK AVFmK7GgtKRYhaAxBQJlrXgmAhsgBQkB4TOAAAoJELGgtKRYhaAxMBoBAN7lVHou
CRCNPIL58wn47JgND/0aTHhLlT7QGE9O6RV1kS81YeiQD5UvrJcYh9/wb7plXV/R WPLuO6NNPHL8fXYG+9LFrIfVn/ztEKGwhOkhAQDcmy+3iHVaO4JPz6NJcojZzyDp
+AJ9QUxnw9SKeyyFGjwQeWIkkdJccq8ov5ekz++ErCsFlQtvhzNMa+ZRRJ5XG1m9 nn/R4uqdSVJ1qNy3Bbg4BGWteO4SCisGAQQBl1UBBQEBB0DVD2QambSi9HXWmBts
dyFUKAvZ9vo5EnYOTO72l3TEel4L3V5t6qeUGdJQoVBC3cmLHJ7Vs92cTrmrQnF6 FDf75LrjJa5WTn1my6SVSODaYQMBCAeIdQQYFgoAJxYhBNSKGsqxzb0XAVFmK7Gg
JXVgoj41iSmgnHdf8l0rsHc4/ODYDpZpOQjQj24Teb6Hj8jkjhNejGm6Ackcy6UF tKRYhaAxBQJlrXjuAxsABAUJAeEzgAAAA8UBAPjW4ZDp+ITJ9z/v7aL+wLdI0CY4
KIX4ZDQD2k9SlxDt2LGLjF2rHar4NFYNJwgzO1tMazjTDAV1J9zx44NFaC1dm4oj w2I+LYP/VVtUr8JHAQCRFzzkBSz2IXoMKuRvpcJRLMRPS5gTAbrDC/96eGVGBLgz
0Nz/xSYyyYyBoeqIG29qZrmWj5yIee64I+POX5REuLvf//64atEAkvODqg8ZhrXB BGWtfDQWCSsGAQQB2kcPAQEHQOtp4pbIVjjXN7J277+pm5EyzIQVD5aHpoi45J1P
Jd7BTtsRpUkkzwBv/ZHYJyEwLrUKLXpyx6GejksJ4fX4ftyWAgUOkDI06WI4WnQl NVCLiH4EGBYKACYWIQTUihrKsc29FwFRZiuxoLSkWIWgMQUCZa18NAIbIAUJAeEz
WzTOqIWwbub3M53F8eOGvXLUd6PD3p8ARiCFG+5cqRimmd3WZ5g0C9YWnuKRAOrT gAAKCRCxoLSkWIWgMRecAQC6fz9nPhVe1ncJyNn/c2RcZra0sEWwzwRiem7wieOU
mrquAFhAeaanp+MRihB9d0nj5Lfx3mtfLAWDHYTj+yXL7de1xJ8p2D4WekJJ9NRJ GgEAhEOJxdEMbNv6mw4kSdLnFmC5VCvTEeLQF7uxP37ADwq4OARlrXuTEgorBgEE
f8b9d+wswth/1NV/ly64J7aiGpVzE+WcpNGl9pcsisSiXOCGJatPvrl9h6vgU+Oj AZdVAQUBAQdAb2sZjRbDkcC3IhREZfUpXR5931F0csq5A6lTNSHyclcDAQgHiHUE
2HhE5vf9WmvHxkUwut1Tw2cw5KoukugDZWos8AZ671QebmfnebDUsmSfhkOymbgz GBYKACcWIQTUihrKsc29FwFRZiuxoLSkWIWgMQUCZa17kwMbAAQFCQHhM4AAAMSe
BGWtd5kWCSsGAQQB2kcPAQEHQNbLdlJZfKhMRcRQUuGbQMQj+GtMr2p8vIX3JUQ7 AQCwkhOqxIjsIJ5DBgybQ4HTu52y3IkCVnx+ikcef8DMowEAgA5A3aSX8x9+p34t
jNltiPUEGBYKACYWIQTUihrKsc29FwFRZiuxoLSkWIWgMQUCZa13mQIbAgUJA8Jn 6ZX1dbgItWYS1a2bvqlEkvUBnwa4MwRlrX8yFgkrBgEEAdpHDwEBB0D37Ln0CHRc
AACBCRCxoLSkWIWgMXYgBBkWCgAdFiEEXzvzUBHrQiHnqtysNH/4aZzaB3YFAmWt 1itQdbnpQs7fFyWqLm5UT59YI2b7pkhK/oh+BBgWCgAmFiEE1IoayrHNvRcBUWYr
d5kACgkQNH/4aZzaB3ZYaQD/WrsAvw1SS8Q5dFc50dSEWQLYBelX114UfGuzMxaA saC0pFiFoDEFAmWtfzICGyAFCQPCZwAACgkQsaC0pFiFoDFaJgEAmtpmq5QnshEE
jGEBAPtA+KG/kKbxI+QKUMx4oWcbCUyl5k0z9difkWrIs+sH8p0A/j2fQV8DVJsn HDs9yBTxWAnrYfPnvyOi4KID6FbJTI0BAPNohV+XiBbQKmmKrWb5ui0BXNISPCYk
fnyFdmEIS14LaLyBTQ411CLkOVI4l5yBAP0Xue1JzV1Spm8Ib5rbAB5l2Q39xwsZ H6R7fxacajUC
IkGsiN85Wq7cA4j1BBgWCgAmAhsCFiEE1IoayrHNvRcBUWYrsaC0pFiFoDEFAmWu =361S
53YFCQHio10AgXYgBBkWCgAdFiEEXzvzUBHrQiHnqtysNH/4aZzaB3YFAmWtd5kA
CgkQNH/4aZzaB3ZYaQD/WrsAvw1SS8Q5dFc50dSEWQLYBelX114UfGuzMxaAjGEB
APtA+KG/kKbxI+QKUMx4oWcbCUyl5k0z9difkWrIs+sHCRCxoLSkWIWgMbaZAPwI
xTyJqS+Jkc0OylTadktVGnlFYEa1t6qKrb4pRjOAIQD9ERVIB3SSzsNpVXG0djhy
f+g3vpB5fdFdQC99OyI8PQK4OARlrXfCEgorBgEEAZdVAQUBAQdALPq5WxjDWC8p
wx+ah8a8ry6/i34+wvQ3qOWs+1j9C3YDAQgHiH4EGBYKACYWIQTUihrKsc29FwFR
ZiuxoLSkWIWgMQUCZa13wgIbDAUJA8JnAAAKCRCxoLSkWIWgMV9XAQDuKPEU5LHt
GF0T1eo18OT4aXizqy17bSPQxbcn6MApNwEAtST8XQ5gki8TqeNQi5mXPjAUokcO
m6uwogm73VCPOgW4MwRlrXgmFgkrBgEEAdpHDwEBB0BNSrEdKYMC34Wz/wQ3sm+w
i5yKm1omkudkClDmC7YqB4h+BBgWCgAmFiEE1IoayrHNvRcBUWYrsaC0pFiFoDEF
AmWteCYCGyAFCQHhM4AACgkQsaC0pFiFoDEwGgEA3uVUei5Y8u47o008cvx9dgb7
0sWsh9Wf/O0QobCE6SEBANybL7eIdVo7gk/Po0lyiNnPIOmef9Hi6p1JUnWo3LcF
uDgEZa147hIKKwYBBAGXVQEFAQEHQNUPZBqZtKL0ddaYG2wUN/vkuuMlrlZOfWbL
pJVI4NphAwEIB4h1BBgWCgAnFiEE1IoayrHNvRcBUWYrsaC0pFiFoDEFAmWteO4D
GwAEBQkB4TOAAAADxQEA+NbhkOn4hMn3P+/tov7At0jQJjjDYj4tg/9VW1SvwkcB
AJEXPOQFLPYhegwq5G+lwlEsxE9LmBMBusML/3p4ZUYEuDMEZa18NBYJKwYBBAHa
Rw8BAQdA62nilshWONc3snbvv6mbkTLMhBUPloemiLjknU81UIuIfgQYFgoAJhYh
BNSKGsqxzb0XAVFmK7GgtKRYhaAxBQJlrXw0AhsgBQkB4TOAAAoJELGgtKRYhaAx
F5wBALp/P2c+FV7WdwnI2f9zZFxmtrSwRbDPBGJ6bvCJ45QaAQCEQ4nF0Qxs2/qb
DiRJ0ucWYLlUK9MR4tAXu7E/fsAPCrg4BGWte5MSCisGAQQBl1UBBQEBB0BvaxmN
FsORwLciFERl9SldHn3fUXRyyrkDqVM1IfJyVwMBCAeIdQQYFgoAJxYhBNSKGsqx
zb0XAVFmK7GgtKRYhaAxBQJlrXuTAxsABAUJAeEzgAAAxJ4BALCSE6rEiOwgnkMG
DJtDgdO7nbLciQJWfH6KRx5/wMyjAQCADkDdpJfzH36nfi3plfV1uAi1ZhLVrZu+
qUSS9QGfBrgzBGWtfzIWCSsGAQQB2kcPAQEHQPfsufQIdFzWK1B1uelCzt8XJaou
blRPn1gjZvumSEr+iH4EGBYKACYWIQTUihrKsc29FwFRZiuxoLSkWIWgMQUCZa1/
MgIbIAUJA8JnAAAKCRCxoLSkWIWgMVomAQCa2marlCeyEQQcOz3IFPFYCeth8+e/
I6LgogPoVslMjQEA82iFX5eIFtAqaYqtZvm6LQFc0hI8JiQfpHt/FpxqNQI=
=1z2B
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

View File

@ -1,5 +1,5 @@
<!-- <!--
SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de> SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
SPDX-License-Identifier: CC-BY-SA-4.0 SPDX-License-Identifier: CC-BY-SA-4.0
--> -->
@ -8,7 +8,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0
## Hardware ## Hardware
[Ionos Cloud VPS](https://cloud.ionos.de/server/vps) S (1 Xeon Gold Gold 5120 vCPU, “512MB” = 443MiB RAM, 10 GB SSD). [Ionos VPS Linux XS](https://www.ionos.de/server/vps) S (1 Xeon Skylake vCPU, 1GiB RAM, 10GB SSD).
## Purpose ## Purpose
@ -22,32 +22,50 @@ Okabe Rintaro is a mad scientist from *Steins;Gate*
Much like the namesake, Much like the namesake,
this server requires a “mad scientist” approach to set up. this server requires a “mad scientist” approach to set up.
However, it is much easier than setting up its predecessor,
which had just above 400MiB usable memory.
Ionos does not offer any NixOS installation media. Ionos does not offer any NixOS installation media.
I could only choose between a Debian installation media, Knoppix and GParted. I could only choose between various installation media and rescue systems.
Also, installing with a very low amount of memory is quite hard. Also, installing NixOS with a low amount of memory is problematic.
I therefore created a VM locally with a disk image exactly 10737418240 Bytes in size. I therefore created a VM locally with a disk image exactly 10737418240 Bytes in size.
On there, I installed NixOS. On there, I installed NixOS.
Because encryption with `argon2id` as PBKDF is quite memory intensive, I had to tune the parameters some. Because encryption with `argon2id` as PBKDF is quite memory intensive,
What I settled on was I had to tune the parameters to ensure decryption was still possible on the target.
`cryptsetup luksFormat --pbkdf argon2id --iter-time 10000 --pbkdf-memory 250000 /dev/sda3`. This can be done quite easily by interactively running the following command on the build VM:
To make btrfs use its SSD optimizations, cryptsetup luksChangeKey --pbkdf-memory 100747 --pbkdf-parallel 1 --pbkdf-force-iterations 29 /dev/vda3
I had to force the kernel to see the device as non-rotational:
`echo 0 > /sys/block/dm-0/queue/rotational`
Another problem was the usage of VMware by Ionos. The memory size was obtained by a successful run of `cryptsetup benchmark` inside the initrd on the target.
The VM I set this up with was obviously using KVM/QEMU,
so it needed different kernel modules at boot. However, since those parameters are not ideal,
What worked was setting it up in the local VM with both libvirt and vmware modules, the following should later be run on the target host itself:
and then removing the libvirt modules once it was installed on the target.
cryptsetup luksChangeKey --pbkdf-parallel 1 -i 10000 /dev/vda3
This will determine the memory usage automatically,
use one thread
and set the parameters so that decryption takes 10 seconds (10000ms).
The memory usage will not be as high as it could,
but it will be better.
Getting the disk image onto the server was done Getting the disk image onto the server was done
by first `rsync`ing the image to another server (to allow for incremental iterations), by first `rsync`ing the image to another server (to allow for incremental iterations),
which then provided it via HTTP. which then provided it via HTTP.
Using the Knoppix live image (booted with `knoppix 2` to avoid starting the gui), Using the Debian installation media in rescue mode
it was possible to just `curl http://server/okarin.img > /dev/sda`. (as for some reason most other options tried to cache the file in memory and became very slow)
it was possible to write the image to disk with `wget -O /dev/sda http://server/okarin.img`.
Because of all the pitfalls of this, Because of all the pitfalls of this,
you probably need more than one try. you probably need more than one try.
To make debugging easier on the target, the following option can be set:
```nix
{ pkgs, ... }:
{
boot.initrd.preLVMCommands = ''
${pkgs.bashInteractive}/bin/bash
'';
}
```

View File

@ -9,7 +9,6 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../modules ../../modules
./services/static-sites.nix
./services/proxy.nix ./services/proxy.nix
]; ];
@ -22,7 +21,7 @@
networking.hostName = "okarin"; networking.hostName = "okarin";
system.stateVersion = "22.11"; system.stateVersion = "23.11";
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 80

View File

@ -5,6 +5,10 @@
{ lib, modulesPath, ... }: { lib, modulesPath, ... }:
{ {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
sbruder.machine.isVm = true; sbruder.machine.isVm = true;
boot = { boot = {
@ -12,41 +16,34 @@
extraModulePackages = [ ]; extraModulePackages = [ ];
kernelParams = [ "ip=dhcp" ]; kernelParams = [ "ip=dhcp" ];
initrd = { initrd = {
availableKernelModules = [ "aesni_intel" "ahci" "sd_mod" "vmxnet3" "vmw_pvscsi" "vmw_vmci" ]; availableKernelModules = [ "aesni_intel" "ahci" "sd_mod" "sr_mod" "virtio_net" "virtio_pci" "xhci_pci" ];
kernelModules = [ "dm-snapshot" "vmw_balloon" ]; kernelModules = [ ];
network = { network = {
enable = true; # remote unlocking enable = true; # remote unlocking
# for some reason, the DHCP server does not transmit the static route to the gateway in a form udhcpc understands # for some reason, the DHCP server does not transmit the static route to the gateway in a form udhcpc understands
# this works around this, but is arguably quite hacky # this works around this, but is arguably quite hacky
postCommands = '' postCommands = ''
ip route add 10.255.255.1 dev eth0 ip route add 85.215.165.1 dev eth0
ip route add default via 10.255.255.1 dev eth0 ip route add default via 85.215.165.1 dev eth0
''; '';
}; };
luks.devices."root".device = "/dev/disk/by-uuid/67f2990c-636a-4d80-9f6d-7096fec9e267"; luks.devices."root".device = "/dev/disk/by-uuid/1dcb9ee1-5594-4174-98a7-a362da09f131";
}; };
loader.grub.device = "/dev/sda"; loader.grub.device = "/dev/vda";
}; };
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/8e3082d1-4af3-4d5d-9fde-d30dc7552d41"; device = "/dev/disk/by-uuid/3ab8f4a7-952c-4b6c-93c6-7b307d5bb88b";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "discard" "noatime" ]; options = [ "compress=zstd" "discard" "noatime" "ssd" ]; # for some reason, the kernel assumes rotational
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/883c77e8-53bf-4330-bd9e-89ef71ad9518"; device = "/dev/disk/by-uuid/97aec56b-5fea-4445-83dc-4a20dcf482ce";
fsType = "ext2"; fsType = "ext2";
}; };
}; };
swapDevices = [
{
device = "/dev/disk/by-partuuid/d9cf5716-25c8-4f72-80e3-696e0dfe1079";
randomEncryption.enable = true;
}
];
zramSwap = { zramSwap = {
enable = true; enable = true;
memoryPercent = 150; memoryPercent = 150;
@ -63,11 +60,6 @@
name = "eth0"; name = "eth0";
DHCP = "yes"; DHCP = "yes";
domains = [ "sbruder.de" ]; domains = [ "sbruder.de" ];
address = [ "2001:8d8:1800:8627::1/64" ];
gateway = [ "fe80::1" ];
networkConfig = {
IPv6AcceptRA = "no";
};
}; };
}; };
}; };

View File

@ -1,80 +1,80 @@
wg-home-private-key: ENC[AES256_GCM,data:4L8aIvgFi+mBjnyVy5IkPaeJRadJ5NCKZprSkBPwMNiVaIscjAdp2yinBSk=,iv:6pBo+6M4EkEjz184XvisWXEoomqJXa4M8Qa4nJHI65U=,tag:3DEsmA2xxAlx/PSbD3HOIA==,type:str] wg-home-private-key: ENC[AES256_GCM,data:RkdgneGhH7prr/tkvHJeChQku2eXve9pV/SvtwsOjeinYO9veHw0rimdonY=,iv:vK6zNpu8F+TSLDTaif686Awjhs8WS2XJHzMtlvqlsIM=,tag:aKhV+kspVu+0CgPmYersxw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2023-05-06T08:49:32Z" lastmodified: "2023-12-25T22:06:33Z"
mac: ENC[AES256_GCM,data:B7e3sh96p2DlqM2SgHWoJ7RZ2q5tnZ6lohNc7UKmwG1HTkrPKW/6jobW2InQnbZn1bPmCERoJIF9QyUz+OxotTiKIXxSL7BJkkfpIkWy9IgjIeADjevHkplm2rXONiXaM2sD46bPKbuRzuhbCZtNwUH74gTVfKPVLVrzpnPRC74=,iv:TTXlBGhO7xLCC3Ad+xiQKmy4b0n0vuQRaCdoe7vpzSE=,tag:dZCharRGK//w48ePu7d2eQ==,type:str] mac: ENC[AES256_GCM,data:VbjyqrqDLCBDD9vGOHxSzsr9a5ZFFBJUkBRxJYBLereMDvInPFZnTwplHHkS5TdDFFAsjrcCgpCuPsUIbDdxFUNNtjdIe5JJwFMwT8XEFrgcswMGSKD6mIH2VBWop5pqoAV0eQ3YfKtDyhNHwixR8a+Z+hbGAY01Z19yteo51ZM=,iv:69EeBag+iUEoa18I0w1HeJKRwSQVCMRqUdV2CzUzMnY=,tag:WViKXJExL33jQAIWHUS8xw==,type:str]
pgp: pgp:
- created_at: "2024-01-22T00:20:17Z" - created_at: "2024-01-24T12:19:03Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DLHeEFiC484ASAQdALOHWjRYEy+oURe+ERyiQYDjFPDniV0awCBMahhaLzCMw hF4DLHeEFiC484ASAQdA4PdmtZTlpcdfuYKSuKN6X4EGjh/l2D8Jxt7dg1y/Z0kw
faMYpJTpirKixpFnPQ1W0aIiQ2/grcEJ4qYyXYG7GrqLcFMQfZOV8humZOLnZNB6 ScG/nWs9hVMFTBeqSM0eHgFfcZhBB/L85eNf9thktTUbcWq0GEUcz5mwUqILtkfA
hF4Dub78fMESoMASAQdAhpmpD8cyJSauuTHM/RTjLybR1VUGcIY7kLqrB33QLG8w hF4Dub78fMESoMASAQdAMcVZokes0YKtbUZp7b9zq303WXPga5yn8LbhnaRrHycw
aLu7q0wjY0Rs+7PtJiSKd6O4VOBRrsBmLc7QuBZ4cgBwUfE38g8LuXayuOLZQNb1 +ECn4t8y8SXFICpAZ5n+xj5U8MdmdKOzhNQLleFKIHtWdyeUlwFi0qYYP8MRCLTB
hF4DM6AcvgVUx2MSAQdARr9S5DSGRJOcv2IgYMzko8fkMHlIR9uIJdJLMdcJER4w hF4DM6AcvgVUx2MSAQdAIzXqgZ8WiIxIV05BumWLsyZUChwvDQc47NMd5ehhBEQw
RjcC/s5+P0b7wy9bIaAv3vk3FX4hw56QzhqAXcA1zU1kyjEHPnv3qsiiQbcKDjb0 I1LY11LTNENypr5q0mhy615kIbsdhpzAVLf4Bkf921zABsfFzuY5zJHqi8SKVm7/
1GYBCQIQG5VczwWUidoTYkHgZveZhkVyYIiZc/YQrY6n71OrVnUKaH5kZn1XrMKE 1GYBCQIQHPC99/GrpHG703gozt2I0P2XMhlRpzj359qStWaQZ8NBL5Ugo5BLvphf
zRzcc4XCiu8CaSkQp68eqKeHwI8U5N/LAtjHbACxAq6GHatf/+LvJx4CbUrPZxw2 1/WYAlvnH4Uov2TxKdQs65IJSadQgs7lBWB5gqHklZ76E4Q+00oMQxwGjzMdddA/
PWZwSFBCZEg= hRlLbnUDE1Q=
=r7sK =ol1Y
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 6CD375BD0741F67E5A289BC333A01CBE0554C763 fp: 6CD375BD0741F67E5A289BC333A01CBE0554C763
- created_at: "2024-01-22T00:20:17Z" - created_at: "2024-01-24T12:19:03Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DLHeEFiC484ASAQdAGdRYvRfki1zKA2YHnPprf1ld5kJkai4fzxuuH1D3DRQw hF4DLHeEFiC484ASAQdAaXq+nn0DDx+RAkEC+x+yeP5xbCIdXkR9tQCgWx1s0jkw
zt5XhSFMx5ii7C3LIVjGgKnn6A6KTe1Tj314OYtrLeCGV8Eli+eOiSgi4c0nL709 VRgFkiBa6IsS0vmYknobXkizETtNjEhJ8vNw9nP0zPdjuUZBId2/bJZa7aFdIFRU
hF4Dub78fMESoMASAQdAb38j/KxQlLRJLrtE5mS1XVCmaEIvyJU1uVcSVU3Bdhgw hF4Dub78fMESoMASAQdAMLbBcLnc+5UVDsx50SgCVjQoHO4JGE53DE6Q+frDEiow
f3iepOZgggHOCiHOCs+UWRmiudwoYqMzXF8G9pb6ESsy01cc1y6mXPh6sftKc6Iz rVFbLxWlJ/aw9baRdKUMkIUJftnImUQgolXvEfUjdS/oOdY69r4psLlHLQX11Ow1
hF4DM6AcvgVUx2MSAQdAhq0ynXfS/eYrDAYdxj/qyEg8c2lHFYSaUVtr6v3B/Rcw hF4DM6AcvgVUx2MSAQdAUZV3q/IXwUbRv9EokTe+4o83XzeS1h4GK3/3wjnKDHkw
Su08ppwK9wSbVaEL6p4NPJ0q9mt/36OsvZNaEWL2i7kkrD6q+2yvaGwh/fPcokWI xHFJR2clEMDlaq7Rx3FTr2a7MlzSnzBLtIwdw5b9ytuRvHjD5q7zCf5bihYnvdjV
1GYBCQIQRzg0YDKpmBGZY0sC37nIkUC4blEpFTgl+lma0ZQ9PUfbRP3ijRrxyPv/ 1GYBCQIQFt+CYziUXtEHjJFC1t+S3qkyPRAsVgZL8WlxbKzteW0NOdIZofHx6skG
aNkUpVAVxjh3VnV/NEm2s03x62iO4uiGoU0BUeI8Jjy4Tvuuodvmfpd4wZw7Mq+V Ebn8aadKcGg534DkwEt5DpIosXKUx4LN5xsCNoU9dHFYMSFE2nzJE4KNFJ8tzRQk
B8h2L/JR7Yo= G+tyNMgCYhM=
=/wMt =2QnY
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0 fp: 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0
- created_at: "2024-01-22T00:20:17Z" - created_at: "2024-01-24T12:19:03Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DLHeEFiC484ASAQdAoM3SQYYUQq6OGImJaecw42BZOwOec75IWS00ZorR31ww hF4DLHeEFiC484ASAQdA6ojEbZ8HccTtorNbyw9aVKO73AJy6jTGV/qLt+FWoRgw
uaRdi54liGiKpjaebhPcLkX+0TKcW0h11kw6X1wrru1JWi3YLbjohv0qCtfa4wpc SsOLiL0UmF1OV7zmXE0ihkWivPqLHtp1U89aYucpAA69DIh4+6M7GUk1xDMxFfRo
hF4Dub78fMESoMASAQdASH4+jxa7Qr9AkJpHHPmMx9cj3XyPXLpfzXJ7Yb40pHMw hF4Dub78fMESoMASAQdAV2z2DgUz2xWopnDzXywdpHb9eMe9ZxdABxpOJ0ECeBww
zBiVmQApa4K+ZOVw/vpcSNaN6FufFoDb5IguwHIq+9vILvjvku6YFgAJ4gC76LOP wOC1x+IKIbIRZBDL7jbVUOk1G+GzCL4M7/G7XFSTFYMKvMKkc0Rh69pywFuGaqG8
hF4DM6AcvgVUx2MSAQdAZGNp/j1sF0rmHhImhnuhgpn9NgRuFtL+BH5dorvrPwIw hF4DM6AcvgVUx2MSAQdA7bKGjcW81bzf58FlGGVDy/HjNyuEPNSVZXy0M+/WZAcw
mK5LsWHvyBFyC+SDNe4mrRkdia/xPECmcWrbvptGVjqlZnjmUbtrYhG+j5O6/817 3iXR9MecA97bKKKhLyNSdYmYlAjZJVIdwd6vjNWjxaB7BIWTYhudTjHesLMxB0vc
1GYBCQIQ/du7No+ULrBrjWc3q826ju8AqekySHtteKZclRmcHSNP4UEXcmTEMRNL 1GYBCQIQlp1TDaBVxalDkeCEjDMRFatgJ3CwulzzW9B8qywOooS0BNtNbtTKGwEh
8lMJYK0G3uA9FXO9+2E39k/nIatBGuoaukW7zCouB3bLARZE00Oqh6qHCWVyFJ/S AxDL+wdeqkPABQ0wQ8hYGOw5z665jEOC2JbqbQ7N6LPQZRx/MowO2dGT/kKh2U9H
Gzwk8dC0wdc= VOK1Bc67BzU=
=BWUr =3z3V
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 403215E0F99D2582C7055C512C77841620B8F380 fp: 403215E0F99D2582C7055C512C77841620B8F380
- created_at: "2024-01-22T00:20:17Z" - created_at: "2024-01-24T12:19:03Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA+X8PKo7gQeqARAAhtUvR20r2NV8SNWVuVSopTfCGwaJV99+PEp/l0UjHX6B hQIMA9pmsZ2EWzFWAQ/9Gl4dO83SmvGHyhEfile6G9ZUmhxwU2RFpPwEmjh4CV/v
lpHgQNHegP6YEsAj5HNFEcV3vM+nbC0hbTtcERBZoxTkyDPOaRAyJpNfGniZVxxp z1k2zgdF200a6tj96977VhjhIG/LZioEi41M1QdIqgkGsKy89DluCY9RDTqMmqzo
jxSr/unCN6aJCbdqJZZZlitq84brMQWUE373Rb9B4cNdTYONabZbzZmwTDyzkVR0 w65JhI+PQqdQuKlsbUh2VLql7LijoIUxuBPowWG1lULZtEvRuCchM5rLFiBSC2YO
ctjmkdBG0upqNn7vukSIg7DM7D9pFolS9142reF7e5jTlxBFWR1Jt+O9A1zypfvq DA0T73kC2P89CNZlOllZNnVRCRrxm7IsEO6Mo1yOeJL16mYqC9qGGKnvYEbsSm4n
tK2z9C1pM9LDRmUrKJ/HOKwu6P6USeTKFrp7Gfjr1UkmbgNunxgsdI6gwKY38SpJ 7ZZJvxXGnNzaXisyyjcJNgtsJAUX4TTlPH+Y2jpkhdHUvOkiwVQEokmnqTIKUp0e
T+tELs68oC5pGFpZufnYkrGL313HC7Vp/+2+m+W5qXbyNqhDS6uVQHjqz/ROqByb 7Dc6ZXApFQ1DlMMsjLwy+5AQJQZbY4p4jo9rvmON5i5DLPy4rN5yf8W7zwkuy2gN
YwJw+x7810nL8+SleXst8oZpxDNDm+TnvWQAH6WiRBSpgVwy945SMvGG+1FLYps2 Id53gxDZxHw0+mRsfYRrdOvmfUqqz79TyWVV8bvHR2Mo3shdL1fsWOzTlm66Y9Vt
qOsRMjr+titLZAaUpmIh/oDHG/XOpKPQflcc4/V7t2HK6vLX+xvPIQU8Y5TJkr1T 4coJxgUsJEFdnsnXAFep2V18Ypg36b9wQXtZDXWtTg36UliZZ95sUAG2vHQDS50b
nIIh7sMZBUldnUGUfFE3ksP5Gje5OHqK8xoFwYHFGK4QQzXFjPFN2QNvni2z9Y4R 5XG07m1w8YgQSeiCObteAt4PqxEs1GYWmtRUmr4jvRQQzmVXCQP6+o0QJ5WK9bKl
LLMvyEavqgIa6AeseqMnLuB2hz6wy/JNU/EPUalNca6RleoVA0DjKgjgDTlhQ5Al auwT+H7POBJ3l+h9ykvmOidkAzeN7EWIirzvhDHsxvCklGCyo+Y3W5ZaLaFGfc/3
a6sRTy+KmXFfzdO97MJJEkNgA1Hbi1/IpREeA50lYtrDqUvhxw+l1V8N7jw+ZWTS pdj1G/REVT6aQMtSuYUsD7QoZeiNNBNJXAtUuUS6mWxch8RnkW718wxYZLvi03jS
VgHYyLUxdmOUsqEgQPVA7jiqWePwFEuEDEDVE+d6CcuvFuHFNV1jJEjit3R0wJOd VgHaVWepbw/q0COmjyofCt1qZH+WMKSAguiQ6PHWAdP3hnzGgd7Qo84W54Fb3m1R
QpqnfxW4QTD+JFNJgrD7bj4y1Gu9Z6Lg1IBnHnOwDIoCJoAHp0y6 da72FFnILc3IYImbJI6QgJxAeS2K95nIWKdSix07c+m0zzFkemnB
=sy/X =F0pC
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 868497ac4266a4d137e0718ae5fc3caa3b8107aa fp: e7370b48016c961ef8ad792fda66b19d845b3156
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1

View File

@ -6,9 +6,7 @@
let let
proxyMap = { proxyMap = {
"sbruder.xyz" = "renge"; "sbruder.xyz" = "renge";
"nitter.sbruder.xyz" = "renge";
"iv.sbruder.xyz" = "renge"; "iv.sbruder.xyz" = "renge";
"libreddit.sbruder.xyz" = "renge";
}; };
in in
{ {

View File

@ -1,20 +0,0 @@
# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ config, ... }:
{
sbruder.static-webserver.vhosts = {
"maggus.bayern".user = {
name = "maggus";
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWGXaMijpnm3RSH/PIVxkBRDIi1f5nMW/aS26g3b71M nils"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEF8o2ezSEXwWoAcdoeJs+wsZM/u8x+vtRNU3FXOMIT nils"
] ++ config.sbruder.pubkeys.trustedKeys;
};
"arbeitskampf.work".user = {
name = "arbeitskampf";
};
};
}

View File

@ -17,6 +17,7 @@
./services/grafana.nix ./services/grafana.nix
./services/hedgedoc.nix ./services/hedgedoc.nix
./services/invidious ./services/invidious
./services/mastodon.nix
./services/matrix ./services/matrix
./services/murmur.nix ./services/murmur.nix
./services/password-hash-self-service.nix ./services/password-hash-self-service.nix
@ -33,6 +34,9 @@
}; };
wireguard.home.enable = true; wireguard.home.enable = true;
infovhost.enable = true; infovhost.enable = true;
wkd = {
enable = true;
};
}; };
networking.hostName = "renge"; networking.hostName = "renge";

View File

@ -2,6 +2,7 @@ forgejo-mail: ENC[AES256_GCM,data:3AlFHzVBA5TE4qv5ubG39K0varV8/HabO0q/RJZSD5o=,i
go-neb-overrides: ENC[AES256_GCM,data:1xy+SdsSTuerRox4skitg1mKLr1MoANFoCzz76TKSA31ORo/oUWVGrYxfusZxrFQWjYGRFpSYzmkzPn1RoWmbXyfwPEcisvjenXLNvwcyoontBd7TiiLdukEtya6RfGLRGKc8tfCzbDUWgiYz5IDMFBvKGnewFjB+au0/Ge2+2DTw6M4negjCz343TO/vbyTr5xT/5smmKz7Ouk9SbEo7yEuHkQPQfedGw2PYT82zdXd/Eje3Zq2EB4xcUU7beGrF1zkOdXQ4OVqB8XnkCnuLtNlnJtsffm0rbPDPD3/nhHKpJ8jXrN54V14dSnHW7yOifGMIus0VFMRZcIT7A+BroM9qzJhW3F4gsF1Bwp0CF+6zLLRjgpA0EOyvOwpLIftBZfMIpveAH62MVY0IBfwDdkI1itEOjj9EhTrOGxBx45Cj6Qk3Mk6ncyr15+E+KAmQRxZJrEW8Grk4PyzuxtxYd0n8LSaRUe1eNVUhHkQNpo/zvAPgrzcRnM91EwIoMvlNmwyC63j1h+OBKlXQgChAaB1O6HFXQY=,iv:pnw0jIcMqA771woDYNHxWMWE6wHGaNsXi5aBXOFAHJU=,tag:Wbcqb0FsctZWOS6u5s82mQ==,type:str] go-neb-overrides: ENC[AES256_GCM,data:1xy+SdsSTuerRox4skitg1mKLr1MoANFoCzz76TKSA31ORo/oUWVGrYxfusZxrFQWjYGRFpSYzmkzPn1RoWmbXyfwPEcisvjenXLNvwcyoontBd7TiiLdukEtya6RfGLRGKc8tfCzbDUWgiYz5IDMFBvKGnewFjB+au0/Ge2+2DTw6M4negjCz343TO/vbyTr5xT/5smmKz7Ouk9SbEo7yEuHkQPQfedGw2PYT82zdXd/Eje3Zq2EB4xcUU7beGrF1zkOdXQ4OVqB8XnkCnuLtNlnJtsffm0rbPDPD3/nhHKpJ8jXrN54V14dSnHW7yOifGMIus0VFMRZcIT7A+BroM9qzJhW3F4gsF1Bwp0CF+6zLLRjgpA0EOyvOwpLIftBZfMIpveAH62MVY0IBfwDdkI1itEOjj9EhTrOGxBx45Cj6Qk3Mk6ncyr15+E+KAmQRxZJrEW8Grk4PyzuxtxYd0n8LSaRUe1eNVUhHkQNpo/zvAPgrzcRnM91EwIoMvlNmwyC63j1h+OBKlXQgChAaB1O6HFXQY=,iv:pnw0jIcMqA771woDYNHxWMWE6wHGaNsXi5aBXOFAHJU=,tag:Wbcqb0FsctZWOS6u5s82mQ==,type:str]
hcloud_exporter-environment: ENC[AES256_GCM,data:5gDTeg4C08BgNxBFtzZ7ma6JiafwF4ly5URAG4WxUTlRaUmF32fmbPdAZmveKiKBA8cc6ewcEIfIVJ7d5tbbqCEX+vbf9nr1fuhN05Z6lfsJNLoATclX,iv:GzEnudGDc6+6BJgDtaNnOnT7IK8Z0fsYfs/oJzKO2UA=,tag:LYCvRxNeKdMmNve0aWswrw==,type:str] hcloud_exporter-environment: ENC[AES256_GCM,data:5gDTeg4C08BgNxBFtzZ7ma6JiafwF4ly5URAG4WxUTlRaUmF32fmbPdAZmveKiKBA8cc6ewcEIfIVJ7d5tbbqCEX+vbf9nr1fuhN05Z6lfsJNLoATclX,iv:GzEnudGDc6+6BJgDtaNnOnT7IK8Z0fsYfs/oJzKO2UA=,tag:LYCvRxNeKdMmNve0aWswrw==,type:str]
invidious-extra-settings: ENC[AES256_GCM,data:bThgfyu5ESIyTLD7Q09Qici9ZZw/QYfCyBSjtbNb1EglCy0KHZrvDDAN4uDpdKrHxv8ctoN5Db7tRf5LUl6iyW7A5z9uYg481EXq3Sx6tZztepX0vg==,iv:FZ33tQWRsNEPjwuy/mH/N4e4PyjLx7sbv2G+9S5uigY=,tag:0GQn3AgoM2BPC5iCt5py8w==,type:str] invidious-extra-settings: ENC[AES256_GCM,data:bThgfyu5ESIyTLD7Q09Qici9ZZw/QYfCyBSjtbNb1EglCy0KHZrvDDAN4uDpdKrHxv8ctoN5Db7tRf5LUl6iyW7A5z9uYg481EXq3Sx6tZztepX0vg==,iv:FZ33tQWRsNEPjwuy/mH/N4e4PyjLx7sbv2G+9S5uigY=,tag:0GQn3AgoM2BPC5iCt5py8w==,type:str]
mastodon-mail: ENC[AES256_GCM,data:RT/fS7cqbcePd2qe7CR5jRh2jtKaS81ICbMUOlPUQsY=,iv:C7GYMB0U2KIfXuEnYaoIEfV89/EnJS6V9iG97X8zkPk=,tag:L4SVe6aYGcarvX1hmMqQOw==,type:str]
murmur-superuser: ENC[AES256_GCM,data:hPuMK8wbqD/3qKXQbOActq/VJZ+6jFlddQ==,iv:68ZhkpkfxakCOYxFXkCSP/sBamETeSs4CGTRaoBS6co=,tag:5UuYCxDiJ6e2CXjDV5/5yA==,type:str] murmur-superuser: ENC[AES256_GCM,data:hPuMK8wbqD/3qKXQbOActq/VJZ+6jFlddQ==,iv:68ZhkpkfxakCOYxFXkCSP/sBamETeSs4CGTRaoBS6co=,tag:5UuYCxDiJ6e2CXjDV5/5yA==,type:str]
netbox-secret-key: ENC[AES256_GCM,data:lOE95j6CGkbfJQTLeG41g3BPKNhm0arqxIGAzwvXQyeZLBauAdqufQGKD7D4kPNzdZs=,iv:6HWXEr6Ju4IywP+2jpuTfER/bYI2oUgMSZEJCkq4XX8=,tag:TPD5TTr4Sew8lxPS5WIu5Q==,type:str] netbox-secret-key: ENC[AES256_GCM,data:lOE95j6CGkbfJQTLeG41g3BPKNhm0arqxIGAzwvXQyeZLBauAdqufQGKD7D4kPNzdZs=,iv:6HWXEr6Ju4IywP+2jpuTfER/bYI2oUgMSZEJCkq4XX8=,tag:TPD5TTr4Sew8lxPS5WIu5Q==,type:str]
prometheus-htpasswd: ENC[AES256_GCM,data:tiewfUfpvrmbrgk6AsBdiP4ng4TqG5UYf1mFcWOzuk8oO55rfZu+Naummz5RRYhJZil43nHFvn5LfIWkJv+CyPMZjpj7xRp4vb4/OCCAFjEzHhrzYVBYNkHM+ZLUTewEXuPVtZ6CZ5uviTExLN2V1moG3ExJdIoyUD16qh4=,iv:SkH609VxIVKJLmHUUNzICEjxHSyjLdwXfw0b7iU6png=,tag:BfNGcUZmk9ZXUvhoQZn6iQ==,type:str] prometheus-htpasswd: ENC[AES256_GCM,data:tiewfUfpvrmbrgk6AsBdiP4ng4TqG5UYf1mFcWOzuk8oO55rfZu+Naummz5RRYhJZil43nHFvn5LfIWkJv+CyPMZjpj7xRp4vb4/OCCAFjEzHhrzYVBYNkHM+ZLUTewEXuPVtZ6CZ5uviTExLN2V1moG3ExJdIoyUD16qh4=,iv:SkH609VxIVKJLmHUUNzICEjxHSyjLdwXfw0b7iU6png=,tag:BfNGcUZmk9ZXUvhoQZn6iQ==,type:str]
@ -16,8 +17,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-01-10T18:29:17Z" lastmodified: "2024-04-26T10:40:21Z"
mac: ENC[AES256_GCM,data:jsYCPL7/AFxg9mRM/mKhwiy4eH6ZGMyCCSBu+jSfIk/T8RSd9zh0AZ/p5rAwfbW20AzetivzRB4bSgcymLIcCr900EQLdPIuaZgxeGcbZ80N/7I0zF4u8K8oa1pKhyr1UUj48XjL55IdvVOsyvfq/I/KSbIbO7+fBHeQ51crCeo=,iv:CNmKwvZ61PdeyOvGP7elm/yvokll//fiKxdWFe2cfPo=,tag:PVQRV0G3VtBsD0tk34DHig==,type:str] mac: ENC[AES256_GCM,data:rjLzGWhG6YTq8hJWvQeyl2pIGcy/2+UN4Hi1c5Cah8Z+LenYS93MIDVAwcb1c28ZWTKA6SiFyMd5pdMVMVMZP+WccnlwRvPySZhfyGtLXG8gR8yk35pUF+9WvrTvnY6geTPGoQTp/CeujEX9ceZ/s5Wq2vnt8JWdUIhLK7A8hiM=,iv:yhbtxFm1AbolC7t0m3S6hRJQ3paz/c9A3dA02e2l5mg=,tag:CoS0jG38DIdJTrFGcM/Hxw==,type:str]
pgp: pgp:
- created_at: "2024-01-22T00:20:10Z" - created_at: "2024-01-22T00:20:10Z"
enc: |- enc: |-

View File

@ -0,0 +1,32 @@
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ config, lib, ... }:
{
sops.secrets.mastodon-mail = {
owner = config.services.mastodon.user;
sopsFile = ../secrets.yaml;
};
services.mastodon = {
enable = true;
configureNginx = true;
localDomain = "procrastination.space";
smtp = {
createLocally = false;
host = "vueko.sbruder.de";
port = 465;
user = "mastodon@sbruder.de";
passwordFile = config.sops.secrets.mastodon-mail.path;
fromAddress = config.services.mastodon.smtp.user;
authenticate = true;
};
streamingProcesses = 5;
extraConfig = {
SMTP_TLS = "true";
RAILS_LOG_LEVEL = "warn";
};
};
}

View File

@ -136,8 +136,10 @@ in
{ {
job_name = "knot"; job_name = "knot";
static_configs = mkStaticTargets [ static_configs = mkStaticTargets [
"okarin.vpn.sbruder.de:9433"
"vueko.vpn.sbruder.de:9433" "vueko.vpn.sbruder.de:9433"
"renge.vpn.sbruder.de:9433"
"okarin.vpn.sbruder.de:9433"
"yuzuru.vpn.sbruder.de:9433"
]; ];
relabel_configs = lib.singleton { relabel_configs = lib.singleton {
target_label = "instance"; target_label = "instance";

View File

@ -3,11 +3,7 @@
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
{ config, pkgs, ... }: { config, pkgs, ... }:
let
goneVhost = {
locations."~ .*".return = "303 'https://sbruder.xyz/#history'";
};
in
{ {
imports = [ imports = [
./blocks.nix ./blocks.nix
@ -58,7 +54,4 @@ in
}; };
}; };
}; };
services.nginx.virtualHosts."nitter.sbruder.xyz" = goneVhost;
services.nginx.virtualHosts."libreddit.sbruder.xyz" = goneVhost;
} }

View File

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@ -9,6 +9,7 @@
../../modules ../../modules
./services/co2_exporter.nix ./services/co2_exporter.nix
./services/ntp.nix
./services/router ./services/router
./services/snmp-exporter.nix ./services/snmp-exporter.nix
./services/wordclock-dimmer.nix ./services/wordclock-dimmer.nix

View File

@ -0,0 +1,11 @@
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{
services.ntp = {
enable = true;
};
networking.firewall.allowedUDPPorts = [ 123 ];
}

View File

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@ -41,16 +41,16 @@ in
cfg.vlan); cfg.vlan);
dhcp-option = lib.flatten (lib.mapAttrsToList dhcp-option = lib.flatten (lib.mapAttrsToList
(name: { subnet, ... }: [ (name: { subnet, ... }: [
# Gateway
"tag:br-${name},option:router,${subnet.v4.gateway}" "tag:br-${name},option:router,${subnet.v4.gateway}"
"tag:br-${name},option6:dns-server,${subnet.v6.gateway}" "tag:br-${name},option6:dns-server,${subnet.v6.gateway}"
# NTP server (runs on gateway)
"tag:br-${name},option:ntp-server,${subnet.v4.gateway}"
"tag:br-${name},option6:ntp-server,${subnet.v6.gateway}"
]) ])
cfg.vlan); cfg.vlan);
nftset = [
"/pool.ntp.org/4#inet#filter#iot_ntp4"
"/pool.ntp.org/6#inet#filter#iot_ntp6" # does not work
];
server = [ server = [
"127.0.0.1#5053" "127.0.0.1#5053"
]; ];

View File

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@ -7,16 +7,6 @@ define PHYSICAL_WAN = "enp1s0"
define NAT_WAN_IFACES = { $PHYSICAL_WAN } define NAT_WAN_IFACES = { $PHYSICAL_WAN }
table inet filter { table inet filter {
# These two sets are dynamically managed by dnsmasq
set iot_ntp4 {
type ipv4_addr
comment "IPv4 addresses of resolved NTP servers"
}
set iot_ntp6 {
type ipv6_addr
comment "IPv6 addresses of resolved NTP servers"
}
chain forward { chain forward {
type filter hook forward priority filter; policy drop type filter hook forward priority filter; policy drop
@ -31,8 +21,6 @@ table inet filter {
iifname "br-lan" oifname $VLAN_BRIDGES counter accept; iifname "br-lan" oifname $VLAN_BRIDGES counter accept;
iifname $VLAN_BRIDGES oifname "br-lan" ct state established,related counter accept iifname $VLAN_BRIDGES oifname "br-lan" ct state established,related counter accept
iifname "br-iot" ip daddr @iot_ntp4 udp dport 123 counter accept
iifname "br-iot" ip6 daddr @iot_ntp6 udp dport 123 counter accept
iifname $NAT_WAN_IFACES oifname "br-iot" ct state established,related counter accept iifname $NAT_WAN_IFACES oifname "br-iot" ct state established,related counter accept
} }
} }

View File

@ -1,7 +1,9 @@
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
{ config, ... }:
{ {
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"brennende.autos" = { "brennende.autos" = {
@ -19,9 +21,34 @@
}; };
sbruder.static-webserver.vhosts = { sbruder.static-webserver.vhosts = {
"arbeitskampf.work".user = {
name = "arbeitskampf";
};
"maggus.bayern".user = {
name = "maggus";
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWGXaMijpnm3RSH/PIVxkBRDIi1f5nMW/aS26g3b71M nils"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEF8o2ezSEXwWoAcdoeJs+wsZM/u8x+vtRNU3FXOMIT nils"
] ++ config.sbruder.pubkeys.trustedKeys;
};
"psycho-power-papagei.de" = { "psycho-power-papagei.de" = {
user.name = "papagei"; user.name = "papagei";
imprint.enable = true; imprint.enable = true;
}; };
"salespointframework.org" = {
redirects = [
"www.salespointframework.org"
"salespointframe.work"
"www.salespointframe.work"
"verkaufspunktrahmenwerk.de"
"www.verkaufspunktrahmenwerk.de"
"verkaufspuntrahmenwerk.de"
"www.verkaufspuntrahmenwerk.de"
];
user.name = "salespoint";
};
}; };
} }

View File

@ -7,14 +7,16 @@ let
cfg = config.sbruder.knot; cfg = config.sbruder.knot;
primaryHost = "vueko"; primaryHost = "vueko";
secondaryHosts = [ "okarin" ]; secondaryHosts = [ "renge" "okarin" "yuzuru" ];
isPrimaryHost = config.networking.hostName == primaryHost; isPrimaryHost = config.networking.hostName == primaryHost;
isSecondaryHost = lib.elem config.networking.hostName secondaryHosts; isSecondaryHost = lib.elem config.networking.hostName secondaryHosts;
addresses = { addresses = {
vueko = [ "168.119.176.53" "2a01:4f8:c012:2f4::1" ]; vueko = [ "168.119.176.53" "2a01:4f8:c012:2f4::1" ];
okarin = [ "82.165.242.252" "2001:8d8:1800:8627::1" ]; renge = [ "152.53.13.113" "2a03:4000:6b:d2::1" ];
okarin = [ "85.215.165.213" "2a01:239:24b:1c00::1" ];
yuzuru = [ "85.215.73.203" "2a02:247a:272:1600::1" ];
}; };
in in
{ {
@ -65,12 +67,7 @@ in
id = host; id = host;
address = hostAddresses; address = hostAddresses;
}) })
addresses) ++ lib.optional isPrimaryHost { addresses);
id = "inwx";
# INWX only allows the specification of one primary DNS,
# which limits the IP protocol usable for zone transfers to one.
address = lib.singleton "185.181.104.96";
};
} }
(lib.mkIf isPrimaryHost { (lib.mkIf isPrimaryHost {
policy = lib.singleton { policy = lib.singleton {
@ -88,7 +85,7 @@ in
zonefile-load = "difference-no-serial"; zonefile-load = "difference-no-serial";
journal-content = "all"; journal-content = "all";
# secondary # secondary
notify = [ "inwx" ] ++ secondaryHosts; notify = secondaryHosts;
# dnssec # dnssec
dnssec-signing = true; dnssec-signing = true;
dnssec-policy = "default"; dnssec-policy = "default";

View File

@ -35,6 +35,7 @@
./cups.nix ./cups.nix
./docker.nix ./docker.nix
./fancontrol.nix ./fancontrol.nix
./flatpak.nix
./fonts.nix ./fonts.nix
./games.nix ./games.nix
./grub.nix ./grub.nix
@ -67,6 +68,7 @@
./udev.nix ./udev.nix
./unfree.nix ./unfree.nix
./wireguard ./wireguard
./wkd
]; ];
config = lib.mkMerge [ config = lib.mkMerge [
@ -108,6 +110,8 @@
# Support for exotic file systems # Support for exotic file systems
boot.supportedFilesystems = lib.optional config.sbruder.full "ntfs"; boot.supportedFilesystems = lib.optional config.sbruder.full "ntfs";
programs.ssh.startAgent = lib.mkDefault (!config.sbruder.gui.enable);
# When this is set to true (default), routing everything through a # When this is set to true (default), routing everything through a
# wireguard tunnel does not work. # wireguard tunnel does not work.
networking.firewall.checkReversePath = false; networking.firewall.checkReversePath = false;
@ -165,5 +169,15 @@
(lib.mkIf (!config.sbruder.full) { (lib.mkIf (!config.sbruder.full) {
documentation.enable = lib.mkDefault false; documentation.enable = lib.mkDefault false;
}) })
(lib.mkIf (config.services.resolved.enable) {
# With NixOSs default database order for hosts,
# resolving the FQDN with hostname -f always returns “localhost”
# when resolved is enabled.
# This changes the priority of the files database,
# which fixes this.
# This workaround was taken from
# https://github.com/NixOS/nixpkgs/issues/132646#issuecomment-1782684381
system.nssDatabases.hosts = lib.mkOrder 500 [ "files" ];
})
]; ];
} }

19
modules/flatpak.nix Normal file
View File

@ -0,0 +1,19 @@
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Flatpak is only used for programs that are not easily installable natively.
# They should always be confined as much as possible using Flatseal.
#
# To make Flatpak work with Flathub,
# the following command must be run imperatively:
#
# flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
#
# The full guide is available on https://flathub.org/setup/NixOS,
# though the restart step is not necessary.
{ config, lib, ... }:
lib.mkIf config.sbruder.gui.enable {
services.flatpak.enable = true;
}

View File

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@ -95,6 +95,7 @@ lib.mkIf cfg.enable {
smtpd_tls_protocols = "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"; smtpd_tls_protocols = "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1";
smtpd_tls_mandatory_ciphers = "medium"; smtpd_tls_mandatory_ciphers = "medium";
smtpd_tls_loglevel = "1"; smtpd_tls_loglevel = "1";
smtpd_tls_received_header = "yes"; # add TLS connection details to Received header
tls_medium_cipherlist = listToString [ tls_medium_cipherlist = listToString [
"ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-ECDSA-AES128-GCM-SHA256"
@ -140,6 +141,7 @@ lib.mkIf cfg.enable {
# Postscreen # Postscreen
smtpd = { smtpd = {
type = "pass"; type = "pass";
args = [ "-o" "smtpd_discard_ehlo_keywords=silent-discard,dsn" ];
}; };
smtp_inet = { smtp_inet = {
# Partially overrides upstream # Partially overrides upstream

View File

@ -8,7 +8,10 @@
enable = config.sbruder.wireguard.home.enable; enable = config.sbruder.wireguard.home.enable;
listenAddress = config.sbruder.wireguard.home.address; listenAddress = config.sbruder.wireguard.home.address;
enabledCollectors = [ "systemd" ]; enabledCollectors = [ "systemd" ];
disabledCollectors = [ "rapl" ]; disabledCollectors = [
"arp.netlink" # https://github.com/prometheus/node_exporter/issues/2849
"rapl"
];
}; };
systemd.services.prometheus-node-exporter.after = [ "wireguard-wg-home.service" ]; systemd.services.prometheus-node-exporter.after = [ "wireguard-wg-home.service" ];

View File

@ -60,12 +60,12 @@
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUEVBJcEibRdQzp0bDXpPqLGQ8vtQTKTcpGZU07W4eo"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUEVBJcEibRdQzp0bDXpPqLGQ8vtQTKTcpGZU07W4eo";
}; };
okarin = { okarin = {
hostNames = [ "okarin" "okarin.sbruder.xyz" "okarin.vpn.sbruder.de" ]; hostNames = [ "okarin" "okarin.sbruder.de" "okarin.vpn.sbruder.de" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaev8K5KhRovW75IdZ0HYlzvxxo0haeCM0xCVEOuDSa"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJvRAiEAV0Oulii0w3xcHCb0/oHqpA0hz3bn//BQnR8T";
}; };
okarin-initrd = { okarin-initrd = {
hostNames = [ "[okarin.sbruder.de]:2222" ]; hostNames = [ "[okarin.sbruder.de]:2222" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJbp0kZJEXf1gSVcBsef1Bihd5iCzhzSbjgyrC1SXXT"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOV+azRrT1zICmDe9D7bm3pOaFzaT+cVXCvxgY1bAbP";
}; };
shinobu = { shinobu = {
hostNames = [ "shinobu" "shinobu.lan.shinonome-lab.de" "shinobu.vpn.sbruder.de" ]; hostNames = [ "shinobu" "shinobu.lan.shinonome-lab.de" "shinobu.vpn.sbruder.de" ];

View File

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2020-2023 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@ -50,7 +50,7 @@
lm_sensors # temperature sensors lm_sensors # temperature sensors
parted # partition manager parted # partition manager
pciutils # lspci pciutils # lspci
reptyr # move process to current terminal (reptyr.overrideAttrs (o: o // { doCheck = false; })) # move process to current terminal # tests fail on qemu-user-aarch64 (TODO 24.05: remove)
smartmontools # hard drive monitoring smartmontools # hard drive monitoring
tcpdump # package inspector tcpdump # package inspector
tio # serial console tio # serial console

View File

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@ -41,9 +41,6 @@ in
# games (okay if they run sandboxed) # games (okay if they run sandboxed)
"osu-lazer" # also is free except for one dependency "osu-lazer" # also is free except for one dependency
"steam"
"steam-original"
"steam-runtime"
] ]
)); ));
}; };

View File

@ -33,8 +33,8 @@ let
publicKey = "LscDAJR0IjOzNuwX3geYgcvxyvaNhAOc/ojgvGyunT8="; publicKey = "LscDAJR0IjOzNuwX3geYgcvxyvaNhAOc/ojgvGyunT8=";
}; };
okarin = { okarin = {
address = "10.80.0.10"; address = "10.80.0.14";
publicKey = "KjDdTOVZ9RadDrNjJ11BWsY8SNBmDbuNoKm72wh9uCk="; publicKey = "QOxkngtrkuXVMZyqWeGKh2ozn3x7GJsxwrlKje7jDmA=";
}; };
shinobu = { shinobu = {
address = "10.80.0.12"; address = "10.80.0.12";

49
modules/wkd/default.nix Normal file
View File

@ -0,0 +1,49 @@
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ config, lib, ... }:
let
cfg = config.sbruder.wkd;
toFqdn = domain: "openpgpkey.${domain}";
in
{
options.sbruder.wkd = {
enable = lib.mkEnableOption "Web Key Directory";
domain = lib.mkOption {
type = lib.types.str;
description = "The main domain to listen on. The actual fqdn will be openpgpkey.<domain>.";
default = "sbruder.de";
};
domains = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Additional domains to serve.";
default = [ ];
};
};
config = lib.mkIf cfg.enable {
sbruder.static-webserver.vhosts."${toFqdn cfg.domain}" = {
redirects = map toFqdn cfg.domains;
user.name = "wkd";
};
services.nginx.virtualHosts."${toFqdn cfg.domain}" = {
locations."^~ /.well-known/openpgpkey" =
let
# workaround for nginx dropping parent headers
# see https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
parentHeaders = lib.concatStringsSep "\n" (lib.filter
(lib.hasPrefix "add_header ")
(lib.splitString "\n" config.services.nginx.commonHttpConfig));
in
{
extraConfig = ''
${parentHeaders}
add_header Access-Control-Allow-Origin * always;
'';
};
};
};
}

View File

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2022-2023 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2022-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@ -19,7 +19,7 @@ buildGoModule rec {
vendorHash = "sha256-CMo6FBzw0/OMKEX12oNqhbF/0dRRFR6W3VRp+EU6Q68="; vendorHash = "sha256-CMo6FBzw0/OMKEX12oNqhbF/0dRRFR6W3VRp+EU6Q68=";
oCheck = false; # no tests doCheck = false; # no tests
meta = with lib; { meta = with lib; {
license = licenses.mit; license = licenses.mit;

View File

@ -25,15 +25,23 @@ SPDX-License-Identifier: CC-BY-SA-4.0
<td><a id="matrix" href="#">(requires javascript)</a></td> <td><a id="matrix" href="#">(requires javascript)</a></td>
</tr> </tr>
<tr> <tr>
<td>GitHub</td> <td>Fediverse</td>
<td><a rel="me" href="https://procrastination.space/@simon">@simon@procrastination.space</a></td>
</tr>
<tr>
<td>Codeberg</td>
<td><a href="https://codeberg.org/sbruder">sbruder</a></td>
</tr>
<tr>
<td>(GitHub)</td>
<td><a href="https://github.com/sbruder">sbruder</a></td> <td><a href="https://github.com/sbruder">sbruder</a></td>
</tr> </tr>
<tr> <tr>
<td>GitLab</td> <td>(GitLab)</td>
<td><a href="https://gitlab.com/sbruder">sbruder</a></td> <td><a href="https://gitlab.com/sbruder">sbruder</a></td>
</tr> </tr>
<tr> <tr>
<td>Gitea</td> <td>Forgejo</td>
<td><a href="https://git.sbruder.de/simon">git.sbruder.de</a></td> <td><a href="https://git.sbruder.de/simon">git.sbruder.de</a></td>
</tr> </tr>
<tr> <tr>

View File

@ -61,15 +61,6 @@ def get_color_for_time(time: datetime.time, base=(60, 60, 60)) -> (int, int, int
) )
def update(client: mqtt.Client):
time = datetime.datetime.now().time()
color = get_color_for_time(time)
print(f"{time}: setting color to {color}")
sys.stdout.flush()
set_color(client, *color)
pass
client = mqtt.Client("wordclock.py") client = mqtt.Client("wordclock.py")
user = os.environ["WORDCLOCK_MQTT_USER"] user = os.environ["WORDCLOCK_MQTT_USER"]
@ -83,6 +74,15 @@ host = os.environ["WORDCLOCK_MQTT_HOST"]
client.username_pw_set(user, password) client.username_pw_set(user, password)
client.connect(host, 1883, 60) client.connect(host, 1883, 60)
color = (0, 0, 0)
while True: while True:
update(client) time = datetime.datetime.now().time()
new_color = get_color_for_time(time)
if new_color != color:
color = new_color
print(f"setting color to {color}")
sys.stdout.flush()
set_color(client, *color)
sleep(300) sleep(300)

View File

@ -1,98 +1,41 @@
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
#
# Steam is installed as a flatpak,
# as this seems to be the only method that does not force me
# to spend hours debugging various issues with the client.
#
# Installation instructions for steam:
#
# 1. Run flatpak install flathub com.valvesoftware.Steam
# 2. Use Flatseal to revoke all filesystem permissions,
# development syscalls
# and bluetooth.
# 3. Add GDK_SCALE=2 as an environment variable (hack for sways Xwayland)
# 4. If you previously used steam-sandbox,
# you need to copy the files to the flatpak location.
# For this, start steam once (you can close it early),
# so it creates the new structure.
# Then, run the following commands:
# rm -rf ~/.var/app/com.valvesoftware.Steam/.local/share/Steam
# mv ~/.local/share/steam-sandbox/.local/share/Steam ~/.var/app/com.valvesoftware.Steam/.local/share/
# You might want to copy additional files of games,
# that do not store files inside of Steams directories.
# Afterwards, you can delete ~/.local/share/steam-sandbox
#
# For MangoHud, the following steps are also necessary:
# 1. Run flatpak install org.freedesktop.Platform.VulkanLayer.MangoHud
# 2. Add xdg-config/MangoHud:ro as filesystem mount to Steam in Flatseal
# 4. For Intel Arc systems,
# add /run/wrappers/bin/intel_gpu_top:ro as filiesystem mount
# and /run/wrappers/bin to the PATH environment variable in Flatseal
# 3. Add MANGOHUD=1 as a launch options to all games where MangoHud should be
# available
{ lib, nixosConfig, pkgs, ... }: { lib, nixosConfig, pkgs, ... }:
let let
cfg = nixosConfig.sbruder.games; cfg = nixosConfig.sbruder.games;
inherit (nixosConfig.sbruder) unfree; inherit (nixosConfig.sbruder) unfree;
steam-sandbox = pkgs.writeShellScriptBin "steam-sandbox" /* bash */ ''
set -euo pipefail
shopt -s nullglob # make for loop work for glob if files do not exist
base_dir="''${XDG_DATA_HOME:-$HOME/.local/share}/steam-sandbox"
mkdir -p "$base_dir"/{.local/share,.steam,.config,.factorio,data}
bubblewrap_args=(
# sandboxing
--unshare-all
--share-net
--die-with-parent
--new-session
# basic filesystem
--tmpfs /tmp
--proc /proc
--dev /dev
--dir "$HOME"
--dir "$XDG_RUNTIME_DIR"
--ro-bind /nix/store /nix/store
# path
--ro-bind /run/current-system/sw /run/current-system/sw
--ro-bind /etc/profiles/per-user/$USER/bin /etc/profiles/per-user/$USER/bin
# system-wide configuration
--ro-bind /etc/fonts /etc/fonts
--ro-bind /etc/localtime /etc/localtime
--ro-bind /etc/machine-id /etc/machine-id
--ro-bind /etc/os-release /etc/os-release
--ro-bind /etc/passwd /etc/passwd
--ro-bind /etc/resolv.conf /etc/resolv.conf
--ro-bind /etc/ssl/certs /etc/ssl/certs
--ro-bind /etc/static /etc/static
# gui
--ro-bind /tmp/.X11-unix /tmp/.X11-unix
--ro-bind "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"
--dev-bind /dev/dri /dev/dri
--ro-bind /run/opengl-driver /run/opengl-driver
--ro-bind-try /run/opengl-driver-32 /run/opengl-driver-32
# audio
--ro-bind "$XDG_RUNTIME_DIR/pulse" "$XDG_RUNTIME_DIR/pulse"
--setenv PULSE_SERVER "$XDG_RUNTIME_DIR/pulse/native"
--ro-bind "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie" "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie"
--setenv PULSE_COOKIE "''${XDG_CONFIG_HOME:-$HOME/.config}/pulse/cookie/pulse/cookie"
--ro-bind-try /etc/asound.conf /etc/asound.conf
--ro-bind-try /etc/alsa/conf.d /etc/alsa/conf.d
--ro-bind-try "$XDG_RUNTIME_DIR/pipewire-0" "$XDG_RUNTIME_DIR/pipewire-0"
# dbus
--ro-bind /run/dbus/system_bus_socket /run/dbus/system_bus_socket
--ro-bind "$XDG_RUNTIME_DIR/bus" "$XDG_RUNTIME_DIR/bus"
# shared data
--bind "$base_dir/.local/share" "$HOME/.local/share"
--bind "$base_dir/.steam" "$HOME/.steam"
--bind "$base_dir/.config" "$HOME/.config"
--bind "$base_dir/.factorio" "$HOME/.factorio"
--bind "$base_dir/data" "$HOME/data"
--ro-bind-try "$HOME/.config/MangoHud" "$HOME/.config/MangoHud"
# input
--dev-bind /dev/input /dev/input
--dev-bind-try /dev/uinput /dev/uinput
--ro-bind /sys /sys # required for discovery
)
for hidraw in /dev/hidraw*; do
bubblewrap_args+=(--dev-bind $hidraw $hidraw)
done
unset SDL_VIDEODRIVER QT_QPA_PLATFORM # games generally dont support wayland
export PATH="${pkgs.unstable.mangohud}/bin:$PATH"
${pkgs.bubblewrap}/bin/bwrap \
"''${bubblewrap_args[@]}" \
''${SANDBOX_COMMAND:-${pkgs.unstable.steam}/bin/steam} \
"$@"
'';
steam-sandbox-with-icons = pkgs.runCommand "steam-sandbox-with-icons" { } ''
mkdir -p $out/{bin,share}
ln -s ${pkgs.steamPackages.steam}/share/icons $out/share
ln -s ${pkgs.steamPackages.steam}/share/pixmaps $out/share
ln -s ${steam-sandbox}/bin/steam-sandbox $out/bin/steam-sandbox
'';
in in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
@ -105,9 +48,7 @@ lib.mkIf cfg.enable {
pcsx2 pcsx2
] ++ lib.optionals (cfg.performanceIndex >= 8) [ ] ++ lib.optionals (cfg.performanceIndex >= 8) [
unstable.ryujinx unstable.ryujinx
unstable.yuzu-mainline
] ++ lib.optionals unfree.allowSoftware [ ] ++ lib.optionals unfree.allowSoftware [
unstable.osu-lazer-sandbox unstable.osu-lazer-sandbox
steam-sandbox-with-icons
]; ];
} }

View File

@ -2,7 +2,7 @@
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
{ nixosConfig, pkgs, ... }: { lib, nixosConfig, pkgs, ... }:
{ {
programs.gpg = { programs.gpg = {
@ -18,7 +18,7 @@
services.gpg-agent = rec { services.gpg-agent = rec {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
enableSshSupport = true; enableSshSupport = lib.mkDefault nixosConfig.sbruder.gui.enable;
pinentryFlavor = if nixosConfig.sbruder.gui.enable then "gnome3" else "curses"; pinentryFlavor = if nixosConfig.sbruder.gui.enable then "gnome3" else "curses";

View File

@ -73,6 +73,7 @@ lib.mkIf nixosConfig.sbruder.gui.enable {
# Lyrics # Lyrics
lyrics_directory = "${config.services.mpd.musicDirectory}/lyrics"; lyrics_directory = "${config.services.mpd.musicDirectory}/lyrics";
follow_now_playing_lyrics = true;
# Misc # Misc
external_editor = "nvim"; external_editor = "nvim";

View File

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2020-2023 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@ -54,7 +54,7 @@ in
haskell-language-server haskell-language-server
jdt-language-server jdt-language-server
unstable.ltex-ls unstable.ltex-ls
rnix-lsp nixd
rust-analyzer rust-analyzer
(python3.withPackages (ps: with ps; [ (python3.withPackages (ps: with ps; [
pyls-isort pyls-isort

View File

@ -1,4 +1,4 @@
-- SPDX-FileCopyrightText: 2018-2023 Simon Bruder <simon@sbruder.de> -- SPDX-FileCopyrightText: 2018-2024 Simon Bruder <simon@sbruder.de>
-- --
-- SPDX-License-Identifier: AGPL-3.0-or-later -- SPDX-License-Identifier: AGPL-3.0-or-later
@ -348,7 +348,7 @@ lsp.ltex.setup {
lsp.pylsp.setup { lsp.pylsp.setup {
on_attach = on_attach, on_attach = on_attach,
} }
lsp.rnix.setup { lsp.nixd.setup {
on_attach = on_attach, on_attach = on_attach,
} }
lsp.rust_analyzer.setup { lsp.rust_analyzer.setup {

View File

@ -14,4 +14,9 @@
PASSWORD_STORE_DIR = "$HOME/.password-store"; PASSWORD_STORE_DIR = "$HOME/.password-store";
}; };
}; };
programs.browserpass = {
enable = true;
browsers = [ "librewolf" ];
};
} }