some fixes

2024-01-29 19:46:40 +01:00
parent b622a620be
commit 270880c4f2
12 changed files with 45 additions and 39 deletions
--- a/hosts/fw.cloonar.com/modules/openconnect.nix
+++ b/hosts/fw.cloonar.com/modules/openconnect.nix
@@ -15,6 +15,7 @@ in
      protocol = "anyconnect";
      user = "exdpolakovics@wrwks.local";
      extraOptions = {
+        authgroup = "WRWKS-SSL-VPN-Service";
        script = "${vpnc}";
      };
    };
--- a/hosts/fw.cloonar.com/modules/unbound.nix
+++ b/hosts/fw.cloonar.com/modules/unbound.nix
@@ -29,6 +29,7 @@ let
        "\"fw.cloonar.com A 10.42.97.1\""
        "\"fw A 10.42.97.1\""

+        "\"omada.cloonar.com IN A 10.42.97.2\""
        "\"switch.cloonar.com IN A 10.42.97.10\""
        "\"mopidy.cloonar.com IN A 10.42.97.20\""
        "\"deconz.cloonar.com IN A 10.42.97.25\""
--- a/hosts/nb-01.cloonar.com/configuration.nix
+++ b/hosts/nb-01.cloonar.com/configuration.nix
@@ -31,6 +31,10 @@
    "electron-24.8.6"
  ];

+  fonts.packages = with pkgs; [
+    open-sans
+  ];
+
  virtualisation.waydroid.enable = true;

  # security.sudo.wheelNeedsPassword = false;
@@ -187,27 +191,27 @@
       ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
     '';
  };
-  networking.wireguard.interfaces = {
-    wg0 = {
-      # Determines the IP address and subnet of the client's end of the tunnel interface.
-      ips = [ "10.42.98.201/32" ];
-      # Path to the private key file.
-      #
-      # Note: The private key can also be included inline via the privateKey option,
-      # but this makes the private key world-readable; thus, using privateKeyFile is
-      # recommended.
-      privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
-
-      peers = [
-        {
-          publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
-          allowedIPs = [ "10.42.97.0/20" "10.14.0.0/16" "10.25.0.0/16" ];
-          endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
+  # networking.wireguard.interfaces = {
+  #   wg0 = {
+  #     # Determines the IP address and subnet of the client's end of the tunnel interface.
+  #     ips = [ "10.42.98.201/32" ];
+  #     # Path to the private key file.
+  #     #
+  #     # Note: The private key can also be included inline via the privateKey option,
+  #     # but this makes the private key world-readable; thus, using privateKeyFile is
+  #     # recommended.
+  #     privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
+  #
+  #     peers = [
+  #       {
+  #         publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
+  #         allowedIPs = [ "10.42.97.0/20" "10.14.0.0/16" "10.25.0.0/16" ];
+  #         endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
+  #         persistentKeepalive = 25;
+  #       }
+  #     ];
+  #   };
+  # };

  # Facial recognition "Windows hello"
  # services.ir-toggle.enable = true;
--- a/hosts/nb-01.cloonar.com/pkgs/bento.nix
+++ b/hosts/nb-01.cloonar.com/pkgs/bento.nix
@@ -5,8 +5,8 @@ stdenv.mkDerivation rec {
  name = "bento";

  src = fetchgit {
-    url = "https://github.com/rapenne-s/bento.git";
-    rev = "6418bd64ecabbfa720c7a87ec39ee1a8b46a907e";
+    url = "https://github.com/dpolakovics/bento.git";
+    rev = "54d55f079e485c3be7bc0239806bb64203a911bf";
    sha256 = "69b056298cf570debd3718b2e2cb7e63ad9465919c8190cf38043791ce61d0d6";
  };

--- a/hosts/nb-01.cloonar.com/pkgs/bento/default.nix
+++ b/hosts/nb-01.cloonar.com/pkgs/bento/default.nix
@@ -5,9 +5,9 @@ stdenv.mkDerivation rec {
  name = "bento";

  src = fetchgit {
-    url = "https://github.com/rapenne-s/bento.git";
-    rev = "6418bd64ecabbfa720c7a87ec39ee1a8b46a907e";
-    sha256 = "sha256-gLWoZh7fMn3cpIYSJFSVOQHA6qUIJikHXmucHX7P2WI=";
+    url = "https://github.com/dpolakovics/bento.git";
+    rev = "54d55f079e485c3be7bc0239806bb64203a911bf";
+    sha256 = "sha256-47+MM5uuWhMGKGiWK43lF7ynI392aTgLwCPccHMWlC8=";
  };

  buildInputs = [ ];
--- a/hosts/web-01.cloonar.com/configuration.nix
+++ b/hosts/web-01.cloonar.com/configuration.nix
@@ -32,10 +32,10 @@
    ./sites/gbv-aktuell.at.nix
    ./sites/matomo.cloonar.com.nix
    ./sites/optiprot.eu.nix
-    ./sites/paraclub.at.nix
-    ./sites/api.paraclub.at.nix
-    ./sites/tandem.paraclub.at.nix
-    ./sites/module.paraclub.at.nix
+    # ./sites/paraclub.at.nix
+    # ./sites/api.paraclub.at.nix
+    # ./sites/tandem.paraclub.at.nix
+    # ./sites/module.paraclub.at.nix

    ./sites/api.optiprot.cloonar.dev.nix
    ./sites/cloonar.dev.nix
--- a/hosts/web-01.cloonar.com/sites/gbv-aktuell.at.nix
+++ b/hosts/web-01.cloonar.com/sites/gbv-aktuell.at.nix
@@ -3,7 +3,7 @@
  services.typo3.instances."gbv-aktuell.at" = {
    domainAliases = [ "www.gbv-aktuell.at" ];
    authorizedKeys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMglRMPCWQv8t67o6U8bU87HF34MPSaXZXAJZPdvtsYqXj8Z2/Xc47DQK98pAPHAFekjG9JK2m97FaV+h9E6uEF0Tg0sjWmqf9ApCNFA5igZgxJvlOTI4AJlQ4PtUY8dBGdiFFEdHf92RLg/FrsROLV5p4GTebpBxxBgQ/gbsZe3Dknfh8LuCUS/awN85j05T36dwp37Z1txly1NpkLsoToqeDBCTrvCZGyyOasVnp2SKPnQID8KgfU2sbzluUJz2lvIYEvfrDaB1jrkhDhhfoIRkJpzyB0Y1p9fuI2P9xKhharxVJ5soiIrvNPSk+Ytld6YhfKGDx/DwIzKiVm18+yGWLy3BOnm2ILugU1hq2H2/qPMa8yShcXp/STXZfdfPxiHfdYjOD4vu1fPNt1qs955vQCR+lO+HBP46QCszrebKvxGo1Qh5nRddU/6DjKrE24aDMbSfQxwiufYklZRFZjhLggs0qE/sMAanhDqfl5cXuFFYoQ8anfHplS40S84E="
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHYyLbVv9l/LhpNhmE3QO0f9Lg8d2Y8JiDdn/cNcmyfO"
    ];
    phpPackage = pkgs.php81;
  };
--- a/hosts/web-01.cloonar.com/sites/gbv-aktuell.cloonar.dev.nix
+++ b/hosts/web-01.cloonar.com/sites/gbv-aktuell.cloonar.dev.nix
@@ -3,7 +3,7 @@
  services.typo3.instances."gbv-aktuell.cloonar.dev" = {
    domainAliases = [ "typo3-gbv-aktuell.cloonar.com" ];
    authorizedKeys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMglRMPCWQv8t67o6U8bU87HF34MPSaXZXAJZPdvtsYqXj8Z2/Xc47DQK98pAPHAFekjG9JK2m97FaV+h9E6uEF0Tg0sjWmqf9ApCNFA5igZgxJvlOTI4AJlQ4PtUY8dBGdiFFEdHf92RLg/FrsROLV5p4GTebpBxxBgQ/gbsZe3Dknfh8LuCUS/awN85j05T36dwp37Z1txly1NpkLsoToqeDBCTrvCZGyyOasVnp2SKPnQID8KgfU2sbzluUJz2lvIYEvfrDaB1jrkhDhhfoIRkJpzyB0Y1p9fuI2P9xKhharxVJ5soiIrvNPSk+Ytld6YhfKGDx/DwIzKiVm18+yGWLy3BOnm2ILugU1hq2H2/qPMa8yShcXp/STXZfdfPxiHfdYjOD4vu1fPNt1qs955vQCR+lO+HBP46QCszrebKvxGo1Qh5nRddU/6DjKrE24aDMbSfQxwiufYklZRFZjhLggs0qE/sMAanhDqfl5cXuFFYoQ8anfHplS40S84E="
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcDedq/yqC2ROzvZGTyR/tDSnTcL3LB32O2QhkgQmfn"
    ];
    phpPackage = pkgs.php81;
  };
--- a/hosts/web-01.cloonar.com/sites/matomo.cloonar.com.nix
+++ b/hosts/web-01.cloonar.com/sites/matomo.cloonar.com.nix
@@ -21,8 +21,8 @@ in {
      "catch_workers_output" = true;
      "access.log" = "/var/log/$pool.access.log";
    };
-    phpPackage = pkgs.php81;
-    phpEnv."PATH" = lib.makeBinPath [ pkgs.php81 ];
+    phpPackage = pkgs.php83;
+    phpEnv."PATH" = lib.makeBinPath [ pkgs.php83 ];
  };

  services.nginx.virtualHosts."${domain}" = {
@@ -109,7 +109,7 @@ in {
    serviceConfig = {
      Type = "oneshot";
      User = "${domain}";
-      ExecStart = "${pkgs.php81}/bin/php /var/www/${domain}/console --matomo-domain=matomo.cloonar.com core:archive";
+      ExecStart = "${pkgs.php83}/bin/php /var/www/${domain}/console --matomo-domain=matomo.cloonar.com core:archive";
    };
  };

--- a/hosts/web-01.cloonar.com/sites/paraclub.cloonar.dev.nix
+++ b/hosts/web-01.cloonar.com/sites/paraclub.cloonar.dev.nix
@@ -37,7 +37,7 @@ in {
    group  = "nginx";
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbSqS0TrJnmihjuIwLY74jKmuErF5jarQeVEQbnl7k8DDfVXP6DKybK2wVRIrAMN2VQzgXWWyRj2wNZrvq1whZon6CrEDxDVN/VDGS99pazczbrypmycVnPsevtS3wrEhiQrwCplkPxoZGlSAPGtx3SOzql+iG7xrhJfuPDCgwIboKf8Tir170aflH7ZfXqUX+V5QMbOn+roT8Tj7vUd/za3o3okJQrW3NUHT6/0TDkGsn+lJp30e94GF5RDLUJgM8pBf45WM94dv1uEfRI7+AQJZRta3X2VNSbb8I2dPNLmgxYQaW1VtwGP/RfxoFESdQubN74p+VxNeP7z5AFiZfhEYb0yiAwXiavN7fStXX/MKXxMicS2fdGzieXLWpLol70xx19492kOnlzoiPKJRosNw8N60R+AkbPYdwl5z5uKDn1ve79YaWB3KWS5Pcr9IT1wZAc48UePL6QtcDppHe8tUflPP5h/LCKOmAioWG59YF5pKfYNLSXJzmiudzzrs="
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtMqcJDygWT16b7wF0qaagWUHj1+s6whMq0YRv47WA5"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6QT0k58R90NrmDIjP1bNalHnwr9Y++tOhV9kRUVivI"
    ];
  };
  users.groups.${domain} = {};
--- a/utils/modules/netdata.nix
+++ b/utils/modules/netdata.nix
@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
-    python39
+    python312
  ];

  services.netdata.configDir."python.d.conf" = pkgs.writeText "python.d.conf" ''
--- a/utils/pkgs/bento/default.nix
+++ b/utils/pkgs/bento/default.nix
@@ -6,8 +6,8 @@ stdenv.mkDerivation rec {

  src = fetchgit {
    url = "https://github.com/dpolakovics/bento.git";
-    rev = "e9f254ad25b5d57522a2e45ef6305abb0738ff83";
-    sha256 = "sha256-VBi3hFelSNXQ4bzSSzhho3EBEBsQuP7/f9TDIwmf+1I=";
+    rev = "54d55f079e485c3be7bc0239806bb64203a911bf";
+    sha256 = "sha256-47+MM5uuWhMGKGiWK43lF7ynI392aTgLwCPccHMWlC8=";
  };

  buildInputs = [ ];