From d1309a4e463d448cdfc07974d2aa96a39d4a366e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Wed, 11 Sep 2024 12:41:12 +0200
Subject: System update

---
 nixos/configurations/binky.nix  |  8 +++++++-
 nixos/configurations/lipwig.nix | 26 ++++++++++++++------------
 nixos/modules/desktop.nix       |  6 +++---
 nixos/modules/develop.nix       |  1 +
 nixos/modules/router.nix        |  8 ++++++--
 nixos/modules/users.nix         |  7 +++++--
 nixos/modules/wireguad.nix      |  5 +----
 7 files changed, 37 insertions(+), 24 deletions(-)

(limited to 'nixos')

diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix
index 4b552d5..7765d01 100644
--- a/nixos/configurations/binky.nix
+++ b/nixos/configurations/binky.nix
@@ -1,4 +1,8 @@
-{lib, ...}: let
+{
+  lib,
+  pkgs,
+  ...
+}: let
   inherit (lib) mkDefault;
 in {
   nixpkgs.hostPlatform.system = "x86_64-linux";
@@ -94,4 +98,6 @@ in {
     dataDir = "/home/cynerd";
     configDir = "/home/cynerd/.config/syncthing";
   };
+
+  environment.systemPackages = [pkgs.heroic];
 }
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index 6368ebc..1a137db 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -107,7 +107,7 @@
           root = "${pkgs.cgit}/cgit";
           locations."/".tryFiles = "$uri @cgit";
           locations."@cgit".extraConfig = ''
-            fastcgi_pass unix:${config.services.fcgiwrap.cgit.socket.address};
+            fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address};
             fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
             fastcgi_param PATH_INFO    $uri;
             fastcgi_param QUERY_STRING $args;
@@ -137,9 +137,9 @@
         };
       };
     };
-    services.fcgiwrap.cgit = {
+    services.fcgiwrap.instances.cgit = {
       process.user = "git";
-      socket.user = config.services.nginx.group;
+      socket = {inherit (config.services.nginx) user group;};
     };
     security.acme = {
       acceptTerms = true;
@@ -250,19 +250,19 @@
         # Additional modules can be fetched with:
         # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab"
         passwords = pkgs.fetchNextcloudApp {
-          url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz";
-          sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7";
-          license = "gpl3";
+          url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.7.0/passwords.tar.gz";
+          sha256 = "1RwLOE2aUwISMF/WcYmL8sKs+KXBlYv0OHw8PizrGCY=";
+          license = "agpl3Plus";
         };
         integration_github = pkgs.fetchNextcloudApp {
-          url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
-          sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
-          license = "gpl3";
+          url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.7/integration_github-v2.0.7.tar.gz";
+          sha256 = "x4BrBdrvmbdwZcZL6FLAY27B5OpkXIsw92XsD076Aqg=";
+          license = "agpl3Plus";
         };
         integration_gitlab = pkgs.fetchNextcloudApp {
-          url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
-          sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
-          license = "gpl3";
+          url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.0.1/integration_gitlab-v3.0.1.tar.gz";
+          sha256 = "FAF5CHwAVm55QS9NO8B5zsvJ0BWa7Mwfw6kYr2js0Es=";
+          license = "agpl3Plus";
         };
       };
     };
@@ -271,12 +271,14 @@
     services.postgresql = {
       enable = true;
       ensureUsers = [
+        {name = "cynerd";}
         {
           name = "nextcloud";
           ensureDBOwnership = true;
         }
       ];
       ensureDatabases = ["nextcloud"];
+      extraPlugins = ps: with ps; [timescaledb];
     };
 
     # SearX ####################################################################
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index 7b21c7d..4a8c7dd 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -70,7 +70,7 @@ in {
             msmtp
             notmuch
             astroid
-            taskwarrior
+            taskwarrior3
             vdirsyncer
             khal
             khard
@@ -79,7 +79,7 @@ in {
             pinentry-curses
             (pass.withExtensions (exts: [
               exts.pass-otp
-              #exts.pass-audit
+              exts.pass-audit
             ]))
 
             chromium
@@ -113,7 +113,7 @@ in {
             adwaita-icon-theme
             vanilla-dmz
             sound-theme-freedesktop
-            gnome.gnome-characters
+            gnome-characters
             gucharmap
 
             (sdcv.withDictionaries [stardict-en-cz stardict-de-cz stardict-cz])
diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix
index 971d219..446d205 100644
--- a/nixos/modules/develop.nix
+++ b/nixos/modules/develop.nix
@@ -21,6 +21,7 @@ in {
       # Tools
       gitlint
       tig
+      gitg
       gource
       glab
       github-cli
diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix
index cd37d8b..224037b 100644
--- a/nixos/modules/router.nix
+++ b/nixos/modules/router.nix
@@ -56,6 +56,8 @@ in {
   };
 
   config = mkIf cnf.enable {
+    boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
+
     networking = {
       useNetworkd = true;
       firewall = {
@@ -114,9 +116,10 @@ in {
           matchConfig.Name = "home";
           networkConfig = {
             Address = "${cnf.lanIP}/${toString cnf.lanPrefix}";
-            IPForward = "yes";
+            IPv4Forwarding = "yes";
             DHCPServer = "yes";
             DHCPPrefixDelegation = "yes";
+            IPv6Forwarding = "yes";
             IPv6SendRA = "yes";
             IPv6AcceptRA = "no";
           };
@@ -143,9 +146,10 @@ in {
           matchConfig.Name = "guest";
           networkConfig = {
             Address = "192.168.1.1/24";
-            IPForward = "yes";
+            IPv4Forwarding = "yes";
             DHCPServer = "yes";
             DHCPPrefixDelegation = "yes";
+            IPv6Forwarding = "yes";
             IPv6SendRA = "yes";
             IPv6AcceptRA = "no";
           };
diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix
index d098ec7..1c143bb 100644
--- a/nixos/modules/users.nix
+++ b/nixos/modules/users.nix
@@ -64,10 +64,13 @@ in {
       syntaxHighlighting.enable = isNative;
     };
     shellrc = true;
-    vim.defaultEditor = isArm;
+    vim = {
+      enable = isArm;
+      defaultEditor = isArm;
+    };
     neovim = {
       enable = !isArm;
-      defaultEditor = true;
+      defaultEditor = !isArm;
       withNodeJs = true;
     };
 
diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix
index 69e1ccd..1b1db90 100644
--- a/nixos/modules/wireguad.nix
+++ b/nixos/modules/wireguad.nix
@@ -66,10 +66,7 @@ in {
         matchConfig.Name = "wg";
         networkConfig = {
           Address = "${config.cynerd.hosts.wg."${hostName}"}/24";
-          IPForward = is_endpoint;
-          #DNS = mkIf (hostName != "dean") ["10.0.20.30" "10.0.20.31"];
-          #DNSSEC = false;
-          #Domains = mkIf (hostName != "dean") "~elektroline.cz";
+          IPv4Forwarding = "yes";
         };
         routes =
           (optional (hostName != "lipwig") {
-- 
cgit v1.2.3