diff --git a/hosts/fw.cloonar.com/modules/openconnect.nix b/hosts/fw.cloonar.com/modules/openconnect.nix index 877563e..7d06676 100644 --- a/hosts/fw.cloonar.com/modules/openconnect.nix +++ b/hosts/fw.cloonar.com/modules/openconnect.nix @@ -15,6 +15,7 @@ in protocol = "anyconnect"; user = "exdpolakovics@wrwks.local"; extraOptions = { + authgroup = "WRWKS-SSL-VPN-Service"; script = "${vpnc}"; }; }; diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index 9fff2d4..3cf9cd7 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -29,6 +29,7 @@ let "\"fw.cloonar.com A 10.42.97.1\"" "\"fw A 10.42.97.1\"" + "\"omada.cloonar.com IN A 10.42.97.2\"" "\"switch.cloonar.com IN A 10.42.97.10\"" "\"mopidy.cloonar.com IN A 10.42.97.20\"" "\"deconz.cloonar.com IN A 10.42.97.25\"" diff --git a/hosts/nb-01.cloonar.com/configuration.nix b/hosts/nb-01.cloonar.com/configuration.nix index 878f19d..da64784 100644 --- a/hosts/nb-01.cloonar.com/configuration.nix +++ b/hosts/nb-01.cloonar.com/configuration.nix @@ -31,6 +31,10 @@ "electron-24.8.6" ]; + fonts.packages = with pkgs; [ + open-sans + ]; + virtualisation.waydroid.enable = true; # security.sudo.wheelNeedsPassword = false; @@ -187,27 +191,27 @@ ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true ''; }; - networking.wireguard.interfaces = { - wg0 = { - # Determines the IP address and subnet of the client's end of the tunnel interface. - ips = [ "10.42.98.201/32" ]; - # Path to the private key file. - # - # Note: The private key can also be included inline via the privateKey option, - # but this makes the private key world-readable; thus, using privateKeyFile is - # recommended. - privateKeyFile = config.sops.secrets.wg-cloonar-key.path; - - peers = [ - { - publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q="; - allowedIPs = [ "10.42.97.0/20" "10.14.0.0/16" "10.25.0.0/16" ]; - endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 - persistentKeepalive = 25; - } - ]; - }; - }; + # networking.wireguard.interfaces = { + # wg0 = { + # # Determines the IP address and subnet of the client's end of the tunnel interface. + # ips = [ "10.42.98.201/32" ]; + # # Path to the private key file. + # # + # # Note: The private key can also be included inline via the privateKey option, + # # but this makes the private key world-readable; thus, using privateKeyFile is + # # recommended. + # privateKeyFile = config.sops.secrets.wg-cloonar-key.path; + # + # peers = [ + # { + # publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q="; + # allowedIPs = [ "10.42.97.0/20" "10.14.0.0/16" "10.25.0.0/16" ]; + # endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 + # persistentKeepalive = 25; + # } + # ]; + # }; + # }; # Facial recognition "Windows hello" # services.ir-toggle.enable = true; diff --git a/hosts/nb-01.cloonar.com/pkgs/bento.nix b/hosts/nb-01.cloonar.com/pkgs/bento.nix index 5c8683b..d51d708 100644 --- a/hosts/nb-01.cloonar.com/pkgs/bento.nix +++ b/hosts/nb-01.cloonar.com/pkgs/bento.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation rec { name = "bento"; src = fetchgit { - url = "https://github.com/rapenne-s/bento.git"; - rev = "6418bd64ecabbfa720c7a87ec39ee1a8b46a907e"; + url = "https://github.com/dpolakovics/bento.git"; + rev = "54d55f079e485c3be7bc0239806bb64203a911bf"; sha256 = "69b056298cf570debd3718b2e2cb7e63ad9465919c8190cf38043791ce61d0d6"; }; diff --git a/hosts/nb-01.cloonar.com/pkgs/bento/default.nix b/hosts/nb-01.cloonar.com/pkgs/bento/default.nix index 17757ad..27027b0 100644 --- a/hosts/nb-01.cloonar.com/pkgs/bento/default.nix +++ b/hosts/nb-01.cloonar.com/pkgs/bento/default.nix @@ -5,9 +5,9 @@ stdenv.mkDerivation rec { name = "bento"; src = fetchgit { - url = "https://github.com/rapenne-s/bento.git"; - rev = "6418bd64ecabbfa720c7a87ec39ee1a8b46a907e"; - sha256 = "sha256-gLWoZh7fMn3cpIYSJFSVOQHA6qUIJikHXmucHX7P2WI="; + url = "https://github.com/dpolakovics/bento.git"; + rev = "54d55f079e485c3be7bc0239806bb64203a911bf"; + sha256 = "sha256-47+MM5uuWhMGKGiWK43lF7ynI392aTgLwCPccHMWlC8="; }; buildInputs = [ ]; diff --git a/hosts/web-01.cloonar.com/configuration.nix b/hosts/web-01.cloonar.com/configuration.nix index cbec04b..32a94ce 100644 --- a/hosts/web-01.cloonar.com/configuration.nix +++ b/hosts/web-01.cloonar.com/configuration.nix @@ -32,10 +32,10 @@ ./sites/gbv-aktuell.at.nix ./sites/matomo.cloonar.com.nix ./sites/optiprot.eu.nix - ./sites/paraclub.at.nix - ./sites/api.paraclub.at.nix - ./sites/tandem.paraclub.at.nix - ./sites/module.paraclub.at.nix + # ./sites/paraclub.at.nix + # ./sites/api.paraclub.at.nix + # ./sites/tandem.paraclub.at.nix + # ./sites/module.paraclub.at.nix ./sites/api.optiprot.cloonar.dev.nix ./sites/cloonar.dev.nix diff --git a/hosts/web-01.cloonar.com/sites/gbv-aktuell.at.nix b/hosts/web-01.cloonar.com/sites/gbv-aktuell.at.nix index 744e886..df92214 100644 --- a/hosts/web-01.cloonar.com/sites/gbv-aktuell.at.nix +++ b/hosts/web-01.cloonar.com/sites/gbv-aktuell.at.nix @@ -3,7 +3,7 @@ services.typo3.instances."gbv-aktuell.at" = { domainAliases = [ "www.gbv-aktuell.at" ]; authorizedKeys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMglRMPCWQv8t67o6U8bU87HF34MPSaXZXAJZPdvtsYqXj8Z2/Xc47DQK98pAPHAFekjG9JK2m97FaV+h9E6uEF0Tg0sjWmqf9ApCNFA5igZgxJvlOTI4AJlQ4PtUY8dBGdiFFEdHf92RLg/FrsROLV5p4GTebpBxxBgQ/gbsZe3Dknfh8LuCUS/awN85j05T36dwp37Z1txly1NpkLsoToqeDBCTrvCZGyyOasVnp2SKPnQID8KgfU2sbzluUJz2lvIYEvfrDaB1jrkhDhhfoIRkJpzyB0Y1p9fuI2P9xKhharxVJ5soiIrvNPSk+Ytld6YhfKGDx/DwIzKiVm18+yGWLy3BOnm2ILugU1hq2H2/qPMa8yShcXp/STXZfdfPxiHfdYjOD4vu1fPNt1qs955vQCR+lO+HBP46QCszrebKvxGo1Qh5nRddU/6DjKrE24aDMbSfQxwiufYklZRFZjhLggs0qE/sMAanhDqfl5cXuFFYoQ8anfHplS40S84E=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHYyLbVv9l/LhpNhmE3QO0f9Lg8d2Y8JiDdn/cNcmyfO" ]; phpPackage = pkgs.php81; }; diff --git a/hosts/web-01.cloonar.com/sites/gbv-aktuell.cloonar.dev.nix b/hosts/web-01.cloonar.com/sites/gbv-aktuell.cloonar.dev.nix index e18f655..9943432 100644 --- a/hosts/web-01.cloonar.com/sites/gbv-aktuell.cloonar.dev.nix +++ b/hosts/web-01.cloonar.com/sites/gbv-aktuell.cloonar.dev.nix @@ -3,7 +3,7 @@ services.typo3.instances."gbv-aktuell.cloonar.dev" = { domainAliases = [ "typo3-gbv-aktuell.cloonar.com" ]; authorizedKeys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMglRMPCWQv8t67o6U8bU87HF34MPSaXZXAJZPdvtsYqXj8Z2/Xc47DQK98pAPHAFekjG9JK2m97FaV+h9E6uEF0Tg0sjWmqf9ApCNFA5igZgxJvlOTI4AJlQ4PtUY8dBGdiFFEdHf92RLg/FrsROLV5p4GTebpBxxBgQ/gbsZe3Dknfh8LuCUS/awN85j05T36dwp37Z1txly1NpkLsoToqeDBCTrvCZGyyOasVnp2SKPnQID8KgfU2sbzluUJz2lvIYEvfrDaB1jrkhDhhfoIRkJpzyB0Y1p9fuI2P9xKhharxVJ5soiIrvNPSk+Ytld6YhfKGDx/DwIzKiVm18+yGWLy3BOnm2ILugU1hq2H2/qPMa8yShcXp/STXZfdfPxiHfdYjOD4vu1fPNt1qs955vQCR+lO+HBP46QCszrebKvxGo1Qh5nRddU/6DjKrE24aDMbSfQxwiufYklZRFZjhLggs0qE/sMAanhDqfl5cXuFFYoQ8anfHplS40S84E=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcDedq/yqC2ROzvZGTyR/tDSnTcL3LB32O2QhkgQmfn" ]; phpPackage = pkgs.php81; }; diff --git a/hosts/web-01.cloonar.com/sites/matomo.cloonar.com.nix b/hosts/web-01.cloonar.com/sites/matomo.cloonar.com.nix index bb94e4a..5f03a88 100644 --- a/hosts/web-01.cloonar.com/sites/matomo.cloonar.com.nix +++ b/hosts/web-01.cloonar.com/sites/matomo.cloonar.com.nix @@ -21,8 +21,8 @@ in { "catch_workers_output" = true; "access.log" = "/var/log/$pool.access.log"; }; - phpPackage = pkgs.php81; - phpEnv."PATH" = lib.makeBinPath [ pkgs.php81 ]; + phpPackage = pkgs.php83; + phpEnv."PATH" = lib.makeBinPath [ pkgs.php83 ]; }; services.nginx.virtualHosts."${domain}" = { @@ -109,7 +109,7 @@ in { serviceConfig = { Type = "oneshot"; User = "${domain}"; - ExecStart = "${pkgs.php81}/bin/php /var/www/${domain}/console --matomo-domain=matomo.cloonar.com core:archive"; + ExecStart = "${pkgs.php83}/bin/php /var/www/${domain}/console --matomo-domain=matomo.cloonar.com core:archive"; }; }; diff --git a/hosts/web-01.cloonar.com/sites/paraclub.cloonar.dev.nix b/hosts/web-01.cloonar.com/sites/paraclub.cloonar.dev.nix index f3bcfa0..a18d6b3 100644 --- a/hosts/web-01.cloonar.com/sites/paraclub.cloonar.dev.nix +++ b/hosts/web-01.cloonar.com/sites/paraclub.cloonar.dev.nix @@ -37,7 +37,7 @@ in { group = "nginx"; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbSqS0TrJnmihjuIwLY74jKmuErF5jarQeVEQbnl7k8DDfVXP6DKybK2wVRIrAMN2VQzgXWWyRj2wNZrvq1whZon6CrEDxDVN/VDGS99pazczbrypmycVnPsevtS3wrEhiQrwCplkPxoZGlSAPGtx3SOzql+iG7xrhJfuPDCgwIboKf8Tir170aflH7ZfXqUX+V5QMbOn+roT8Tj7vUd/za3o3okJQrW3NUHT6/0TDkGsn+lJp30e94GF5RDLUJgM8pBf45WM94dv1uEfRI7+AQJZRta3X2VNSbb8I2dPNLmgxYQaW1VtwGP/RfxoFESdQubN74p+VxNeP7z5AFiZfhEYb0yiAwXiavN7fStXX/MKXxMicS2fdGzieXLWpLol70xx19492kOnlzoiPKJRosNw8N60R+AkbPYdwl5z5uKDn1ve79YaWB3KWS5Pcr9IT1wZAc48UePL6QtcDppHe8tUflPP5h/LCKOmAioWG59YF5pKfYNLSXJzmiudzzrs=" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtMqcJDygWT16b7wF0qaagWUHj1+s6whMq0YRv47WA5" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6QT0k58R90NrmDIjP1bNalHnwr9Y++tOhV9kRUVivI" ]; }; users.groups.${domain} = {}; diff --git a/utils/modules/netdata.nix b/utils/modules/netdata.nix index cc2a7f9..5a81dcf 100644 --- a/utils/modules/netdata.nix +++ b/utils/modules/netdata.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { environment.systemPackages = with pkgs; [ - python39 + python312 ]; services.netdata.configDir."python.d.conf" = pkgs.writeText "python.d.conf" '' diff --git a/utils/pkgs/bento/default.nix b/utils/pkgs/bento/default.nix index 3643740..ee5732e 100644 --- a/utils/pkgs/bento/default.nix +++ b/utils/pkgs/bento/default.nix @@ -6,8 +6,8 @@ stdenv.mkDerivation rec { src = fetchgit { url = "https://github.com/dpolakovics/bento.git"; - rev = "e9f254ad25b5d57522a2e45ef6305abb0738ff83"; - sha256 = "sha256-VBi3hFelSNXQ4bzSSzhho3EBEBsQuP7/f9TDIwmf+1I="; + rev = "54d55f079e485c3be7bc0239806bb64203a911bf"; + sha256 = "sha256-47+MM5uuWhMGKGiWK43lF7ynI392aTgLwCPccHMWlC8="; }; buildInputs = [ ];