From d1309a4e463d448cdfc07974d2aa96a39d4a366e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Wed, 11 Sep 2024 12:41:12 +0200 Subject: System update --- nixos/configurations/binky.nix | 8 +++++++- nixos/configurations/lipwig.nix | 26 ++++++++++++++------------ nixos/modules/desktop.nix | 6 +++--- nixos/modules/develop.nix | 1 + nixos/modules/router.nix | 8 ++++++-- nixos/modules/users.nix | 7 +++++-- nixos/modules/wireguad.nix | 5 +---- 7 files changed, 37 insertions(+), 24 deletions(-) (limited to 'nixos') diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix index 4b552d5..7765d01 100644 --- a/nixos/configurations/binky.nix +++ b/nixos/configurations/binky.nix @@ -1,4 +1,8 @@ -{lib, ...}: let +{ + lib, + pkgs, + ... +}: let inherit (lib) mkDefault; in { nixpkgs.hostPlatform.system = "x86_64-linux"; @@ -94,4 +98,6 @@ in { dataDir = "/home/cynerd"; configDir = "/home/cynerd/.config/syncthing"; }; + + environment.systemPackages = [pkgs.heroic]; } diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 6368ebc..1a137db 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -107,7 +107,7 @@ root = "${pkgs.cgit}/cgit"; locations."/".tryFiles = "$uri @cgit"; locations."@cgit".extraConfig = '' - fastcgi_pass unix:${config.services.fcgiwrap.cgit.socket.address}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; @@ -137,9 +137,9 @@ }; }; }; - services.fcgiwrap.cgit = { + services.fcgiwrap.instances.cgit = { process.user = "git"; - socket.user = config.services.nginx.group; + socket = {inherit (config.services.nginx) user group;}; }; security.acme = { acceptTerms = true; @@ -250,19 +250,19 @@ # Additional modules can be fetched with: # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab" passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz"; - sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7"; - license = "gpl3"; + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.7.0/passwords.tar.gz"; + sha256 = "1RwLOE2aUwISMF/WcYmL8sKs+KXBlYv0OHw8PizrGCY="; + license = "agpl3Plus"; }; integration_github = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz"; - sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6"; - license = "gpl3"; + url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.7/integration_github-v2.0.7.tar.gz"; + sha256 = "x4BrBdrvmbdwZcZL6FLAY27B5OpkXIsw92XsD076Aqg="; + license = "agpl3Plus"; }; integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz"; - sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi"; - license = "gpl3"; + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.0.1/integration_gitlab-v3.0.1.tar.gz"; + sha256 = "FAF5CHwAVm55QS9NO8B5zsvJ0BWa7Mwfw6kYr2js0Es="; + license = "agpl3Plus"; }; }; }; @@ -271,12 +271,14 @@ services.postgresql = { enable = true; ensureUsers = [ + {name = "cynerd";} { name = "nextcloud"; ensureDBOwnership = true; } ]; ensureDatabases = ["nextcloud"]; + extraPlugins = ps: with ps; [timescaledb]; }; # SearX #################################################################### diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index 7b21c7d..4a8c7dd 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -70,7 +70,7 @@ in { msmtp notmuch astroid - taskwarrior + taskwarrior3 vdirsyncer khal khard @@ -79,7 +79,7 @@ in { pinentry-curses (pass.withExtensions (exts: [ exts.pass-otp - #exts.pass-audit + exts.pass-audit ])) chromium @@ -113,7 +113,7 @@ in { adwaita-icon-theme vanilla-dmz sound-theme-freedesktop - gnome.gnome-characters + gnome-characters gucharmap (sdcv.withDictionaries [stardict-en-cz stardict-de-cz stardict-cz]) diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index 971d219..446d205 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -21,6 +21,7 @@ in { # Tools gitlint tig + gitg gource glab github-cli diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index cd37d8b..224037b 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -56,6 +56,8 @@ in { }; config = mkIf cnf.enable { + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; + networking = { useNetworkd = true; firewall = { @@ -114,9 +116,10 @@ in { matchConfig.Name = "home"; networkConfig = { Address = "${cnf.lanIP}/${toString cnf.lanPrefix}"; - IPForward = "yes"; + IPv4Forwarding = "yes"; DHCPServer = "yes"; DHCPPrefixDelegation = "yes"; + IPv6Forwarding = "yes"; IPv6SendRA = "yes"; IPv6AcceptRA = "no"; }; @@ -143,9 +146,10 @@ in { matchConfig.Name = "guest"; networkConfig = { Address = "192.168.1.1/24"; - IPForward = "yes"; + IPv4Forwarding = "yes"; DHCPServer = "yes"; DHCPPrefixDelegation = "yes"; + IPv6Forwarding = "yes"; IPv6SendRA = "yes"; IPv6AcceptRA = "no"; }; diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix index d098ec7..1c143bb 100644 --- a/nixos/modules/users.nix +++ b/nixos/modules/users.nix @@ -64,10 +64,13 @@ in { syntaxHighlighting.enable = isNative; }; shellrc = true; - vim.defaultEditor = isArm; + vim = { + enable = isArm; + defaultEditor = isArm; + }; neovim = { enable = !isArm; - defaultEditor = true; + defaultEditor = !isArm; withNodeJs = true; }; diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix index 69e1ccd..1b1db90 100644 --- a/nixos/modules/wireguad.nix +++ b/nixos/modules/wireguad.nix @@ -66,10 +66,7 @@ in { matchConfig.Name = "wg"; networkConfig = { Address = "${config.cynerd.hosts.wg."${hostName}"}/24"; - IPForward = is_endpoint; - #DNS = mkIf (hostName != "dean") ["10.0.20.30" "10.0.20.31"]; - #DNSSEC = false; - #Domains = mkIf (hostName != "dean") "~elektroline.cz"; + IPv4Forwarding = "yes"; }; routes = (optional (hostName != "lipwig") { -- cgit v1.2.3