Compare commits

..

22 commits

Author SHA1 Message Date
Simon Bruder 758502f606
librewolf: Fix browserpass
Thanks to snd for showing me this.
2024-11-09 23:27:58 +01:00
Simon Bruder dacfba1921
koyomi/haproxy: Add missing vhosts 2024-11-09 12:35:47 +01:00
Simon Bruder 972b1db287
programs: Add signal desktop 2024-11-09 12:29:29 +01:00
Simon Bruder b38ff867bd
vueko/mail: Add alias 2024-11-03 17:33:35 +01:00
Simon Bruder 3e48cf2027
vueko/mail: Add alias 2024-11-02 11:03:42 +01:00
Simon Bruder fe4a9df4dd
vueko/mail: Add alias 2024-10-27 10:19:47 +01:00
Simon Bruder b8dd3a3d2f
vueko/mail: Add alias 2024-10-24 19:47:24 +02:00
Simon Bruder 7153722d5a
vueko/mail: Add alias 2024-10-23 18:27:41 +02:00
Simon Bruder 7c2491ecb4
vueko/mail: Add alias 2024-10-15 21:34:18 +02:00
Simon Bruder 69223a4aac
vueko/mail: Add alias 2024-10-13 20:09:35 +02:00
Simon Bruder 02e74f1915
sbruder.xyz: Remove transparency location
Its service is no longer public and therefore no longer applying the
blocks.
2024-10-12 12:34:49 +02:00
Simon Bruder 915d2ed7da
renge/schabernack: Simplify and migrate to yuzuru 2024-10-12 12:32:56 +02:00
Simon Bruder 83b12e1977
nginx: Lower default error log severity 2024-10-12 12:32:37 +02:00
Simon Bruder 70bd878298
Migrate phss to hiroshi 2024-10-12 12:31:45 +02:00
Simon Bruder 5975cfd348
fuuko/paperless: Add manual scan endpoint 2024-10-12 12:13:18 +02:00
Simon Bruder 718e647cbd
renge: Permit insecure olm 2024-10-12 12:13:18 +02:00
Simon Bruder f90ff9690b
flake.lock: Update
Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11)
  → 'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17)
• Updated input 'home-manager':
    'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03)
  → 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/c2cd2a52e02f1dfa1c88f95abeb89298d46023be' (2024-08-23)
  → 'github:nix-community/home-manager/038630363e7de57c36c417fd2f5d7c14773403e4' (2024-10-07)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/1cd12de659fab215624c630c37d1c62aa2b7824e' (2024-08-27)
  → 'github:cachix/pre-commit-hooks.nix/1211305a5b237771e13fcca0c51e60ad47326a9a' (2024-10-05)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/9fc19be21f0807d6be092d70bf0b1de0c00ac895' (2024-08-25)
  → 'github:nixos/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/2527da1ef492c495d5391f3bcf9c1dd9f4514e32' (2024-08-24)
  → 'github:nixos/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c' (2024-10-07)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/d0e1602ddde669d5beb01aec49d71a51937ed7be' (2024-08-24)
  → 'github:nixos/nixpkgs/c31898adf5a8ed202ce5bea9f347b1c6871f32d1' (2024-10-06)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/be0eec2d27563590194a9206f551a6f73d52fa34' (2024-08-12)
  → 'github:Mic92/sops-nix/06535d0e3d0201e6a8080dd32dbfde339b94f01b' (2024-10-08)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/556533a23879fc7e5f98dd2e0b31a6911a213171' (2024-07-21)
  → 'github:NixOS/nixpkgs/17ae88b569bb15590549ff478bab6494dde4a907' (2024-10-05)
2024-10-12 12:13:17 +02:00
Simon Bruder 7a0deb214c
vueko/mail: Add alias 2024-10-12 12:13:16 +02:00
Simon Bruder f73e7b4cbe
fuuko/paperless: Enable advanced options 2024-10-12 12:13:15 +02:00
Simon Bruder 4837424909
renge/mastodon: Drop
I didn’t use it much and it used quite a large amount of resources.
2024-10-08 22:45:01 +02:00
Simon Bruder ba8b4cb918
yuzuru: Remove salespoint typo domain 2024-10-08 22:32:42 +02:00
Simon Bruder 7b7b4fb0ee
cups: Statically add bro
Dynamic resolution often fails or at least takes a long time (for
reasons I can’t comprehend).
2024-10-08 22:31:55 +02:00
18 changed files with 77 additions and 131 deletions

View file

@ -44,11 +44,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1726560853,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -85,11 +85,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720042825, "lastModified": 1726989464,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -106,11 +106,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724435763, "lastModified": 1728337164,
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "rev": "038630363e7de57c36c417fd2f5d7c14773403e4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -212,11 +212,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1724763886, "lastModified": 1728092656,
"narHash": "sha256-SzBtZs5z+YGM50oyt67R78qLhxG/wG5/SlVRsCF5kRc=", "narHash": "sha256-eMeCTJZ5xBeQ0f9Os7K8DThNVSo9gy4umZLDfF5q6OM=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "1cd12de659fab215624c630c37d1c62aa2b7824e", "rev": "1211305a5b237771e13fcca0c51e60ad47326a9a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -228,11 +228,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1724575805, "lastModified": 1728269138,
"narHash": "sha256-OB/kEL3GAhUZmUfkbPfsPhKs0pRqJKs0EEBiLfyKZw8=", "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "9fc19be21f0807d6be092d70bf0b1de0c00ac895", "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -244,11 +244,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1724531977, "lastModified": 1728328465,
"narHash": "sha256-XROVLf9ti4rrNCFLr+DmXRZtPjCQTW4cYy59owTEmxk=", "narHash": "sha256-a0a0M1TmXMK34y3M0cugsmpJ4FJPT/xsblhpiiX1CXo=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2527da1ef492c495d5391f3bcf9c1dd9f4514e32", "rev": "1bfbbbe5bbf888d675397c66bfdb275d0b99361c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -303,11 +303,11 @@
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1721524707, "lastModified": 1728156290,
"narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "rev": "17ae88b569bb15590549ff478bab6494dde4a907",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -319,11 +319,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1724479785, "lastModified": 1728241625,
"narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -450,11 +450,11 @@
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1723501126, "lastModified": 1728345710,
"narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -24,6 +24,9 @@
PAPERLESS_TIME_ZONE = "Europe/Berlin"; PAPERLESS_TIME_ZONE = "Europe/Berlin";
PAPERLESS_FILENAME_FORMAT = "{correspondent}/{document_type}/{created}_{title}_{doc_pk}"; PAPERLESS_FILENAME_FORMAT = "{correspondent}/{document_type}/{created}_{title}_{doc_pk}";
PAPERLESS_CONSUMER_RECURSIVE = true; PAPERLESS_CONSUMER_RECURSIVE = true;
PAPERLESS_CONSUMER_ENABLE_BARCODES = true;
PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE = true;
PAPERLESS_CONSUMER_ENABLE_COLLATE_DOUBLE_SIDED = true;
PAPERLESS_OCR_USER_ARGS = builtins.toJSON { PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
invalidate_digital_signatures = true; invalidate_digital_signatures = true;
}; };
@ -50,6 +53,17 @@
''; '';
}; };
"/static".root = "${config.services.paperless.package}/lib/paperless-ngx"; "/static".root = "${config.services.paperless.package}/lib/paperless-ngx";
"/manual-scan/" = {
alias = "/var/lib/scans/manual/";
extraConfig = ''
autoindex on;
allow 10.80.1.0/24;
allow 2001:470:73b9:1::/64;
deny all;
'';
};
}; };
}; };
@ -69,7 +83,9 @@
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/lib/scans 0555 scan root -" "d /var/lib/scans 0555 scan root -"
"d /var/lib/scans/paperless 0775 scan paperless -" "d /var/lib/scans/paperless 0770 scan paperless -"
"d /var/lib/scans/paperless/double-sided 0770 scan paperless -"
"d /var/lib/scans/manual 0750 scan nginx 7d"
"L /var/lib/paperless/consume/ftp - - - - /var/lib/scans/paperless" "L /var/lib/paperless/consume/ftp - - - - /var/lib/scans/paperless"
]; ];

View file

@ -12,6 +12,7 @@
./services/bang-evaluator.nix ./services/bang-evaluator.nix
./services/languagetool.nix ./services/languagetool.nix
./services/li7y.nix ./services/li7y.nix
./services/password-hash-self-service.nix
]; ];
sbruder = { sbruder = {

View file

@ -8,7 +8,9 @@ let
backends = { backends = {
hiroshi = [ hiroshi = [
"bangs.sbruder.de" "bangs.sbruder.de"
"i7y.eu"
"languagetool.sbruder.de" "languagetool.sbruder.de"
"phss.sbruder.de"
]; ];
}; };

View file

@ -16,12 +16,9 @@
./services/grafana.nix ./services/grafana.nix
./services/hedgedoc.nix ./services/hedgedoc.nix
./services/invidious ./services/invidious
./services/mastodon.nix
./services/matrix ./services/matrix
./services/password-hash-self-service.nix
./services/prometheus.nix ./services/prometheus.nix
./services/sbruder.xyz ./services/sbruder.xyz
./services/schabernack.nix
]; ];
sbruder = { sbruder = {

View file

@ -2,7 +2,6 @@ forgejo-mail: ENC[AES256_GCM,data:3AlFHzVBA5TE4qv5ubG39K0varV8/HabO0q/RJZSD5o=,i
go-neb-overrides: ENC[AES256_GCM,data:1xy+SdsSTuerRox4skitg1mKLr1MoANFoCzz76TKSA31ORo/oUWVGrYxfusZxrFQWjYGRFpSYzmkzPn1RoWmbXyfwPEcisvjenXLNvwcyoontBd7TiiLdukEtya6RfGLRGKc8tfCzbDUWgiYz5IDMFBvKGnewFjB+au0/Ge2+2DTw6M4negjCz343TO/vbyTr5xT/5smmKz7Ouk9SbEo7yEuHkQPQfedGw2PYT82zdXd/Eje3Zq2EB4xcUU7beGrF1zkOdXQ4OVqB8XnkCnuLtNlnJtsffm0rbPDPD3/nhHKpJ8jXrN54V14dSnHW7yOifGMIus0VFMRZcIT7A+BroM9qzJhW3F4gsF1Bwp0CF+6zLLRjgpA0EOyvOwpLIftBZfMIpveAH62MVY0IBfwDdkI1itEOjj9EhTrOGxBx45Cj6Qk3Mk6ncyr15+E+KAmQRxZJrEW8Grk4PyzuxtxYd0n8LSaRUe1eNVUhHkQNpo/zvAPgrzcRnM91EwIoMvlNmwyC63j1h+OBKlXQgChAaB1O6HFXQY=,iv:pnw0jIcMqA771woDYNHxWMWE6wHGaNsXi5aBXOFAHJU=,tag:Wbcqb0FsctZWOS6u5s82mQ==,type:str] go-neb-overrides: ENC[AES256_GCM,data:1xy+SdsSTuerRox4skitg1mKLr1MoANFoCzz76TKSA31ORo/oUWVGrYxfusZxrFQWjYGRFpSYzmkzPn1RoWmbXyfwPEcisvjenXLNvwcyoontBd7TiiLdukEtya6RfGLRGKc8tfCzbDUWgiYz5IDMFBvKGnewFjB+au0/Ge2+2DTw6M4negjCz343TO/vbyTr5xT/5smmKz7Ouk9SbEo7yEuHkQPQfedGw2PYT82zdXd/Eje3Zq2EB4xcUU7beGrF1zkOdXQ4OVqB8XnkCnuLtNlnJtsffm0rbPDPD3/nhHKpJ8jXrN54V14dSnHW7yOifGMIus0VFMRZcIT7A+BroM9qzJhW3F4gsF1Bwp0CF+6zLLRjgpA0EOyvOwpLIftBZfMIpveAH62MVY0IBfwDdkI1itEOjj9EhTrOGxBx45Cj6Qk3Mk6ncyr15+E+KAmQRxZJrEW8Grk4PyzuxtxYd0n8LSaRUe1eNVUhHkQNpo/zvAPgrzcRnM91EwIoMvlNmwyC63j1h+OBKlXQgChAaB1O6HFXQY=,iv:pnw0jIcMqA771woDYNHxWMWE6wHGaNsXi5aBXOFAHJU=,tag:Wbcqb0FsctZWOS6u5s82mQ==,type:str]
hcloud_exporter-environment: ENC[AES256_GCM,data:5gDTeg4C08BgNxBFtzZ7ma6JiafwF4ly5URAG4WxUTlRaUmF32fmbPdAZmveKiKBA8cc6ewcEIfIVJ7d5tbbqCEX+vbf9nr1fuhN05Z6lfsJNLoATclX,iv:GzEnudGDc6+6BJgDtaNnOnT7IK8Z0fsYfs/oJzKO2UA=,tag:LYCvRxNeKdMmNve0aWswrw==,type:str] hcloud_exporter-environment: ENC[AES256_GCM,data:5gDTeg4C08BgNxBFtzZ7ma6JiafwF4ly5URAG4WxUTlRaUmF32fmbPdAZmveKiKBA8cc6ewcEIfIVJ7d5tbbqCEX+vbf9nr1fuhN05Z6lfsJNLoATclX,iv:GzEnudGDc6+6BJgDtaNnOnT7IK8Z0fsYfs/oJzKO2UA=,tag:LYCvRxNeKdMmNve0aWswrw==,type:str]
invidious-extra-settings: ENC[AES256_GCM,data:bThgfyu5ESIyTLD7Q09Qici9ZZw/QYfCyBSjtbNb1EglCy0KHZrvDDAN4uDpdKrHxv8ctoN5Db7tRf5LUl6iyW7A5z9uYg481EXq3Sx6tZztepX0vg==,iv:FZ33tQWRsNEPjwuy/mH/N4e4PyjLx7sbv2G+9S5uigY=,tag:0GQn3AgoM2BPC5iCt5py8w==,type:str] invidious-extra-settings: ENC[AES256_GCM,data:bThgfyu5ESIyTLD7Q09Qici9ZZw/QYfCyBSjtbNb1EglCy0KHZrvDDAN4uDpdKrHxv8ctoN5Db7tRf5LUl6iyW7A5z9uYg481EXq3Sx6tZztepX0vg==,iv:FZ33tQWRsNEPjwuy/mH/N4e4PyjLx7sbv2G+9S5uigY=,tag:0GQn3AgoM2BPC5iCt5py8w==,type:str]
mastodon-mail: ENC[AES256_GCM,data:RT/fS7cqbcePd2qe7CR5jRh2jtKaS81ICbMUOlPUQsY=,iv:C7GYMB0U2KIfXuEnYaoIEfV89/EnJS6V9iG97X8zkPk=,tag:L4SVe6aYGcarvX1hmMqQOw==,type:str]
netbox-secret-key: ENC[AES256_GCM,data:lOE95j6CGkbfJQTLeG41g3BPKNhm0arqxIGAzwvXQyeZLBauAdqufQGKD7D4kPNzdZs=,iv:6HWXEr6Ju4IywP+2jpuTfER/bYI2oUgMSZEJCkq4XX8=,tag:TPD5TTr4Sew8lxPS5WIu5Q==,type:str] netbox-secret-key: ENC[AES256_GCM,data:lOE95j6CGkbfJQTLeG41g3BPKNhm0arqxIGAzwvXQyeZLBauAdqufQGKD7D4kPNzdZs=,iv:6HWXEr6Ju4IywP+2jpuTfER/bYI2oUgMSZEJCkq4XX8=,tag:TPD5TTr4Sew8lxPS5WIu5Q==,type:str]
prometheus-htpasswd: ENC[AES256_GCM,data:tiewfUfpvrmbrgk6AsBdiP4ng4TqG5UYf1mFcWOzuk8oO55rfZu+Naummz5RRYhJZil43nHFvn5LfIWkJv+CyPMZjpj7xRp4vb4/OCCAFjEzHhrzYVBYNkHM+ZLUTewEXuPVtZ6CZ5uviTExLN2V1moG3ExJdIoyUD16qh4=,iv:SkH609VxIVKJLmHUUNzICEjxHSyjLdwXfw0b7iU6png=,tag:BfNGcUZmk9ZXUvhoQZn6iQ==,type:str] prometheus-htpasswd: ENC[AES256_GCM,data:tiewfUfpvrmbrgk6AsBdiP4ng4TqG5UYf1mFcWOzuk8oO55rfZu+Naummz5RRYhJZil43nHFvn5LfIWkJv+CyPMZjpj7xRp4vb4/OCCAFjEzHhrzYVBYNkHM+ZLUTewEXuPVtZ6CZ5uviTExLN2V1moG3ExJdIoyUD16qh4=,iv:SkH609VxIVKJLmHUUNzICEjxHSyjLdwXfw0b7iU6png=,tag:BfNGcUZmk9ZXUvhoQZn6iQ==,type:str]
synapse-registration-shared-secret: ENC[AES256_GCM,data:qwUjGPINIuBC3KYqMPmnU3l9uJ85DJsJFixvTFQTSuR+fcq6DEjx03Xk41ff7NJftAi+Gt0QLdqKp+viJfW7eU6iHKyfcgPE/nj46UECCWLM8HISxPFQ9IrP+DIo02k=,iv:C9jhBPexth+gnAs6+DBtEmP2qsWZoKmgw6ILbtXUScA=,tag:M3U+03I0Bj8Nhuu4GB98xw==,type:str] synapse-registration-shared-secret: ENC[AES256_GCM,data:qwUjGPINIuBC3KYqMPmnU3l9uJ85DJsJFixvTFQTSuR+fcq6DEjx03Xk41ff7NJftAi+Gt0QLdqKp+viJfW7eU6iHKyfcgPE/nj46UECCWLM8HISxPFQ9IrP+DIo02k=,iv:C9jhBPexth+gnAs6+DBtEmP2qsWZoKmgw6ILbtXUScA=,tag:M3U+03I0Bj8Nhuu4GB98xw==,type:str]
@ -15,8 +14,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-08-22T16:40:55Z" lastmodified: "2024-10-08T20:39:38Z"
mac: ENC[AES256_GCM,data:yAeinIiWZEc2jXEopgYwDbA4YrRvrNTGWoQOSp7HuPGX2qCQDryzk6bwRRvzHn22T+79L+0l/5bTa0rdCR5zIm9XZ3nR0ozvC9qXu+KbMsnsNqQ7kUZyrFenekh8GiM+de2k5rXhn8T/RHphD+B3GK9tphqLZOzIby3ICtWD38g=,iv:gMi9D5nBCJ2UQrdO1+DU3dBbOCtRvfD12TmUG8+6oaM=,tag:H+TkwH2rqtyZkII6FBPLcA==,type:str] mac: ENC[AES256_GCM,data:tgrvHkBsuxvkOe65YUkA/7iOcuwE3Vd6l46wLRSXK2DVED2FAdvO/cXvwsUKzIRKjrs/QXUl4T+lWGQC024Wiy6gXQB3edjxDT6aiGSzXWQAOmTI8/oLzxNTeuysTKNtIAxbz5x6d88JFx5PswtuYUb8x60xMPp3LTJbKnao/LI=,iv:l48P6gmEyeqSOHotLRCmYb7aZgnANceUvveVvGgpAyE=,tag:X5fFIxDxW9sIO4yF4B0C5Q==,type:str]
pgp: pgp:
- created_at: "2024-01-22T00:20:10Z" - created_at: "2024-01-22T00:20:10Z"
enc: |- enc: |-

View file

@ -1,32 +0,0 @@
# SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ config, lib, ... }:
{
sops.secrets.mastodon-mail = {
owner = config.services.mastodon.user;
sopsFile = ../secrets.yaml;
};
services.mastodon = {
enable = true;
configureNginx = true;
localDomain = "procrastination.space";
smtp = {
createLocally = false;
host = "vueko.sbruder.de";
port = 465;
user = "mastodon@sbruder.de";
passwordFile = config.sops.secrets.mastodon-mail.path;
fromAddress = config.services.mastodon.smtp.user;
authenticate = true;
};
streamingProcesses = 5;
extraConfig = {
SMTP_TLS = "true";
RAILS_LOG_LEVEL = "warn";
};
};
}

View file

@ -8,4 +8,9 @@
./mautrix-whatsapp.nix ./mautrix-whatsapp.nix
./go-neb.nix ./go-neb.nix
]; ];
# required by mautrix-whatsapp and go-neb
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
} }

View file

@ -41,13 +41,6 @@
locations = { locations = {
"/imprint/".alias = "${pkgs.sbruder.imprint}/"; "/imprint/".alias = "${pkgs.sbruder.imprint}/";
"/transparency/" = {
alias = "/var/www/transparency/";
extraConfig = ''
autoindex on;
charset utf-8;
'';
};
}; };
}; };
} }

View file

@ -1,48 +0,0 @@
# SPDX-FileCopyrightText: 2021-2022 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ config, lib, pkgs, ... }:
let
domain = "schulischer-schabernack.de";
in
{
services.nginx = {
commonHttpConfig = ''
# privacy-aware log format
log_format schabernack '$remote_addr_schabernack - - [$time_local] "$request" $status $body_bytes_sent "-" "$http_user_agent"';
# anonymise ip address
map $remote_addr $remote_addr_schabernack {
~(?P<ip>\d+\.\d+)\. $ip.0.0;
~(?P<ip>[^:]+:[^:]+): $ip::;
default 0.0.0.0;
}
'';
virtualHosts = {
${domain} = {
forceSSL = true;
enableACME = true;
root = "/var/www/schabernack";
# only log page views, rss feed access, media file download and embed views
extraConfig = ''
location ~ index\.html|rss\.xml|\.(opus|m4a|ogg|mp3|\.podlove.json)$ {
access_log /var/log/nginx/schabernack.log schabernack;
}
'';
};
"www.${domain}" = {
forceSSL = true;
enableACME = true;
globalRedirect = domain;
extraConfig = ''
access_log off;
'';
};
};
};
}

View file

@ -49,12 +49,18 @@
"www.salespointframe.work" "www.salespointframe.work"
"verkaufspunktrahmenwerk.de" "verkaufspunktrahmenwerk.de"
"www.verkaufspunktrahmenwerk.de" "www.verkaufspunktrahmenwerk.de"
"verkaufspuntrahmenwerk.de"
"www.verkaufspuntrahmenwerk.de"
]; ];
user.name = "salespoint"; user.name = "salespoint";
}; };
"schulischer-schabernack.de" = {
redirects = [
"www.schulischer-schabernack.de"
"staging.schulischer-schabernack.de"
];
user.name = "schabernack";
};
"share.sbruder.de" = { "share.sbruder.de" = {
redirects = [ ]; redirects = [ ];
user.name = "share"; user.name = "share";

View file

@ -52,6 +52,12 @@ in
deviceUri = "ipps://fuuko.lan.shinonome-lab.de:631/printers/etikettierviech"; deviceUri = "ipps://fuuko.lan.shinonome-lab.de:631/printers/etikettierviech";
description = "SII SLP 650"; description = "SII SLP 650";
} }
{
name = "bro";
model = "everywhere";
deviceUri = "ipps://bro.printer.shinonome-lab.de";
description = "brother DCP-L2660DW";
}
]; ];
}) })
]; ];

View file

@ -35,9 +35,12 @@ in
''; '';
}) })
(lib.mkIf cfg.privacy.enable { (lib.mkIf cfg.privacy.enable {
services.nginx.commonHttpConfig = '' services.nginx = {
logError = "stderr crit"; # error (the default severity) logs potential PII (IP addresses) on 404 errors
commonHttpConfig = ''
access_log off; access_log off;
''; '';
};
}) })
(lib.mkIf cfg.recommended.enable { (lib.mkIf cfg.recommended.enable {
services.nginx = { services.nginx = {

View file

@ -24,10 +24,6 @@ SPDX-License-Identifier: CC-BY-SA-4.0
<td>Matrix</td> <td>Matrix</td>
<td><a id="matrix" href="#">(requires javascript)</a></td> <td><a id="matrix" href="#">(requires javascript)</a></td>
</tr> </tr>
<tr>
<td>Fediverse</td>
<td><a rel="me" href="https://procrastination.space/@simon">@simon@procrastination.space</a></td>
</tr>
<tr> <tr>
<td>Codeberg</td> <td>Codeberg</td>
<td><a href="https://codeberg.org/sbruder">sbruder</a></td> <td><a href="https://codeberg.org/sbruder">sbruder</a></td>

View file

@ -2,7 +2,7 @@
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
{ config, lib, nixosConfig, ... }: { config, lib, nixosConfig, pkgs, ... }:
let let
mkOverridesFile = prefs: '' mkOverridesFile = prefs: ''
// Generated by Home Manager. // Generated by Home Manager.
@ -17,6 +17,7 @@ in
lib.mkIf nixosConfig.sbruder.gui.enable { lib.mkIf nixosConfig.sbruder.gui.enable {
programs.librewolf = { programs.librewolf = {
enable = true; enable = true;
package = pkgs.librewolf.override { nativeMessagingHosts = with pkgs; [ browserpass ]; };
settings = { settings = {
"accessibility.force_disabled" = 1; "accessibility.force_disabled" = 1;
"browser.uidensity" = 1; # more compact layout "browser.uidensity" = 1; # more compact layout

View file

@ -119,6 +119,7 @@ in
# communication # communication
linphone # sip softphone linphone # sip softphone
mumble # VoIP group chat mumble # VoIP group chat
signal-desktop # Signal desktop client
# creative/design # creative/design
openscad # parametric/procedural 3d modelling openscad # parametric/procedural 3d modelling