From 4a183af66c62cdf25ffd0fa1583e0a80276f20f3 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Mon, 8 Jul 2024 17:36:11 +0200 Subject: [PATCH] many changes --- hosts/fw.cloonar.com/modules/unbound.nix | 1 + hosts/fw.cloonar.com/modules/wol.nix | 2 +- hosts/mail.cloonar.com/modules/openldap.nix | 95 +++++++++++---------- hosts/mail.cloonar.com/secrets.yaml | 7 +- hosts/nb-new.cloonar.com/configuration.nix | 3 +- hosts/nb-new.cloonar.com/users/dominik.nix | 26 +++--- papa-nb.md | 7 ++ utils/modules/netdata.nix | 14 ++- utils/modules/sops.nix | 3 +- 9 files changed, 85 insertions(+), 73 deletions(-) create mode 100644 papa-nb.md diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index 93846a7..13424c5 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -117,6 +117,7 @@ let "\"shellybulbduo-toilet-1.cloonar.smart IN A 10.42.100.82\"" # storage "\"shelly1-storage-1.cloonar.smart IN A 10.42.100.97\"" + "\"shellyplug-storage-1.cloonar.smart IN A 10.42.100.98\"" "\"ddl-warez.to IN A 172.67.184.30\"" "\"cdnjs.cloudflare.com IN A 104.17.24.14\"" diff --git a/hosts/fw.cloonar.com/modules/wol.nix b/hosts/fw.cloonar.com/modules/wol.nix index 8d2ed58..365b635 100644 --- a/hosts/fw.cloonar.com/modules/wol.nix +++ b/hosts/fw.cloonar.com/modules/wol.nix @@ -1,7 +1,7 @@ { pkgs, ... }: let wolScript = pkgs.writeScriptBin "wol-script" '' - IP=$(cat /var/lib/kea/dhcp4.leases | grep $1 | awk -F, '{print $1}' | tail -n 1); + IP=$(cat /var/lib/kea/dhcp4.leases | grep $1 | awk -F, '{print $1}' | awk -F. 'OFS="." {print $1,$2,$3,255}' | tail -n 1); MAC=$(cat /var/lib/kea/dhcp4.leases | grep $1 | awk -F, '{print $2}' | tail -n 1); ${pkgs.wol}/bin/wol -i $IP $MAC ''; diff --git a/hosts/mail.cloonar.com/modules/openldap.nix b/hosts/mail.cloonar.com/modules/openldap.nix index a696611..032507e 100644 --- a/hosts/mail.cloonar.com/modules/openldap.nix +++ b/hosts/mail.cloonar.com/modules/openldap.nix @@ -104,6 +104,44 @@ in { ]; }; + "olcDatabase={3}mdb".attrs = { + objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; + + olcDatabase = "{3}mdb"; + olcDbDirectory = "/var/lib/openldap/data"; + + olcSuffix = "dc=ghetto,dc=at"; + + olcAccess = [ + '' + {0}to attrs=userPassword + by self write + by anonymous auth + by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write + by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write + by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read + by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write + by * none + '' + '' + {1}to * + by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read + by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write + by * read + '' + ]; + }; + "olcOverlay=memberof,olcDatabase={3}mdb".attrs = { + objectClass = [ "olcOverlayConfig" "olcMemberOf" ]; + olcOverlay = "memberof"; + olcMemberOfRefint = "TRUE"; + }; + "olcOverlay=ppolicy,olcDatabase={3}mdb".attrs = { + objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ]; + olcOverlay = "ppolicy"; + olcPPolicyHashCleartext = "TRUE"; + }; + "olcDatabase={4}mdb".attrs = { objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; @@ -141,42 +179,6 @@ in { olcPPolicyHashCleartext = "TRUE"; }; - "olcDatabase={5}mdb".attrs = { - objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; - - olcDatabase = "{5}mdb"; - olcDbDirectory = "/var/lib/openldap/data"; - - olcSuffix = "dc=optiprot,dc=eu"; - - olcAccess = [ - '' - {0}to attrs=userPassword - by self write - by anonymous auth - by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * none - '' - '' - {1}to * - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - ]; - }; - "olcOverlay=memberof,olcDatabase={5}mdb".attrs = { - objectClass = [ "olcOverlayConfig" "olcMemberOf" ]; - olcOverlay = "memberof"; - olcMemberOfRefint = "TRUE"; - }; - "olcOverlay=ppolicy,olcDatabase={5}mdb".attrs = { - objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ]; - olcOverlay = "ppolicy"; - olcPPolicyHashCleartext = "TRUE"; - }; "olcDatabase={6}mdb".attrs = { objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; @@ -204,16 +206,16 @@ in { '' ]; }; - "olcOverlay=memberof,olcDatabase={6}mdb".attrs = { - objectClass = [ "olcOverlayConfig" "olcMemberOf" ]; - olcOverlay = "memberof"; - olcMemberOfRefint = "TRUE"; - }; - "olcOverlay=ppolicy,olcDatabase={6}mdb".attrs = { - objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ]; - olcOverlay = "ppolicy"; - olcPPolicyHashCleartext = "TRUE"; - }; + # "olcOverlay=memberof,olcDatabase={6}mdb".attrs = { + # objectClass = [ "olcOverlayConfig" "olcMemberOf" ]; + # olcOverlay = "memberof"; + # olcMemberOfRefint = "TRUE"; + # }; + # "olcOverlay=ppolicy,olcDatabase={6}mdb".attrs = { + # objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ]; + # olcOverlay = "ppolicy"; + # olcPPolicyHashCleartext = "TRUE"; + # }; "olcDatabase={7}mdb".attrs = { objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; @@ -253,6 +255,7 @@ in { # olcPPolicyHashCleartext = "TRUE"; # }; + # "cn=module{0},cn=config" = { # attrs = { # objectClass = "olcModuleList"; diff --git a/hosts/mail.cloonar.com/secrets.yaml b/hosts/mail.cloonar.com/secrets.yaml index 920c42d..a68e84c 100644 --- a/hosts/mail.cloonar.com/secrets.yaml +++ b/hosts/mail.cloonar.com/secrets.yaml @@ -1,5 +1,6 @@ borg-passphrase: ENC[AES256_GCM,data:D6+ZedxUQ7m/m0YkM5m/B4kFsNySJjFyh8Gmhn3Mpe+mqEzzMRjAbwmGzx9i9Lnr1dTjRElUOgevnnvW5J2KRA==,iv:cG4w1KsEm1SOTni9bsbSW1+ypzjjs2Q42I+4xvcCAu0=,tag:WkkNVa27Uy5nFpmXaIH6ww==,type:str] borg-ssh-key: ENC[AES256_GCM,data:T/EPWSuY9Ocj6D8nL2pfPg7r/lN4TyS7SiAqhQhkr10Y3R2mzfgMrOZTg/MrYv3/uNCt5h9TBDxwmiAwSmBzBSms0T5qD8aSxLgbmc6MAG7FSm7cGFf6x/7fMgVn7DAlwMz+4t/PkVk1iCRG4IwzimXwBvq73yIZuAiIARq0Azin7YAoSKjxnZ8ACkyRVCecf45pk7ModRmPLSDK8MZcT7bcHpZt6gQKx72OXSCJTD5FRUX180miUaywf7SxF1goEGRSmwtFDhyVs8iThiqyz0IsElB/dPGR+vYQwlFNWOFUshfAifz5tHXkvaKt08EJKyVV2TUqEsUETfFEqQW+8YNym3wBvrlnXm05DrHnfjz9GOEeUr35d9ESNgS+J5SzWVDitK29ca7QiaQ+YfaDn4/4mOGKSbPUnqOgRBoqXhJMV4ddV0lTKgBrg9isBVPgaye2prcHGjtUkVw2Kyh1omT3RKv6y7X+jfOpeOWOiByN73PCsZF7g+FFlP0K5jcfm4y4yaD8y6NlEaozrabuCIpY2ZUdZ/aH11vzLAk+LB8XE6lJ5MKMNPjNRftErJ9iE3OaOyan1ovTzaGqzaEwGtx/MZpk5hWNUwcSrJvZDqDuKO4+OhwMedvCCRKtNFIbEZ49EJrtp326Y1EelhfWgls5nJFPXukHo/C17ybsP4uFySFz/M13RVTIRntn7WKoh0bH7na2XgVGtXmI2plqVA5zppCbVTzr9+pAAD9RvXTX7t12gA1iNmdxM8alOeoZ41JXHd6BDF4bvDLVMhFhlslDLZ3wNV/QPWcSczinpJlvEQ13/WFN/NTO25Y16p+oxY9g8QD3pNEkAVLOMYjnEUlV6+DQcZbxzU8RCfpEzfVsOqbztTihDgHD5ldWt/VpN4ncm/WCVCWBlT33iiTxufC8htY3SjXt8JULEt0049HNIbNwj1awZwqTgT4z06okf7sz0m8Y/U8D5MCu8uNpt7QJBftVHxCKSUmQ4NJRicMDhlrpEJklQYlRtsvKlL/ntnyf5ZoUnkX03AoG0zh4Dh0LydGKC9RsKfwJeU+684d3opBI9eIYL6Rp/XB60LKcUA6Q+m7BgB7Tjck2YbG8nFPLaV3PdmIejlE0agICJ8Hef8rnqdU/r6X92gCEBvGXNbuqsKJvDTYPafQP8U6rXc7Tq+g68zfCOijIuHyKjkzdtIom8KMi5MUdFBSXK22xB1q4ye+QaCaAdN/1Xe6KDxWiafPG+BkpExh7hXbqZU1MyiTYMExpilY30e+CmPXMdxAWmygOxwUk+mPbuWrF0oh16DYN0dS38gUbo2Z4fjRvYIoZea1pu8niQRfhTVgLZVpEN07pYPu2farsPCPIXPalXVcijVO/yi2Dg4uhTsjzW/aRZ6XDIoXRd59v5hG+L27l7gTIXfTx1+htwClRJjYxFy6hTL+ZjcKdNrz/jezXPrR7kRHNEEfJM/ysv8d/7Ghpt+wITgc22bdnxKJv9rWnoKDEQ/FRGm6Y/eMisOttUFFlznQi2lqShOxPXnnuOnpndklcxPM8FowlL4FMDN7QUW3kdXJ2j0GgN4o34oKhqvXjtjf9Dk5r5KB+GTeOhf3SJXgeR4llaSAQXjzGdZqk0g34YTa3qb8rVxDSBKEHOnKs+Cr/4H09k62S/3SzZfrBIaaZ6Ey1b+bFfnbJJlD/Y/1Hwd5IhNbMHj7bfOKC8VabieeHwMbWfkGdnnmdY5LLJqXAwANrCIYZrEpm38pYJiKes5GrAz8caK2rPIhAPShURwkjCsvowmadTvnEbO/KoaUIcqk40wYdM6NAlVme6dLXxeVN7Y3K6UAWFIIZtYarAog0Axncs30shIoy1CGd6dN87tuK+/twO/jr458fJInumXSMRy2X2K0MKPLONF9FcP/EWENa+H43Zcfo1y42HkoYxI70R2YqOlpbtJUk8/8PqVSlJBrbgpBZNzAMCbsIjhrBevISerf8Sa8X6WC/KjwswjfGJ7h+FEnrPutKJg/ajDywAI+RZ3H+5zWm/CZxBYT6k4w6gAWZva0Nlx6jWQExONGQfUBkrRrRfIHhWl3c+k5VrhyzwW9fmAB9XmT1iYbk9T+ZNU/O8HY1bAZWufS4G7GaHchbPIvz3edMvP+zrGBZXPPJE3abls9oUcVZ223NFU1RPMZwG7LqL0fzfHXl4zx82TEXn14dAIBBVr67RAejz5xOGf8I2MpYQ6RAxvfhc7bjWY9/FU1RU09ob7usJCZphm51oa4TR7kz0AH1HxSOGfCJKLdYjBxbylR1GxY1bUTokLVWEYHalCr6d4lyEmUHM3+1vBUQQ6aq81njW33yGvwclUvhWj4sB51WPaREcYQsPkYnftN/dRSKVQoEZckgmIvML3lUwiVMLGlXlcUViyQpktnWAWxXgw5GH6KXMqoI43jRmxTeR3KrVyZRJBlDj/AnGWOD37fndGuMdpmAIGX/1fZnUUCxNhhuou20LvOr8BnjcHP9pBjtRPxu4o9fFmnzNCt43SC2ivMDOLxL/Uq6batacYrRnLtK4XnNqzfpCqe1bkfBsmTbRGnwPIJrA7TThfHH322DLy/GueYiddIa5spqdIH2jI8nfjKq4SxLtwsNZ4GUG/z83YQEg0Z8I/CQhYh3Y8Gcjb4ZUrOg9n84iLADDOn2j9CI1QfsyJAt+qLEDPRJ9yMRefmq7BAxvGbNq+4YUbj4Fo6K2FwaO2quUVl7RpfVgT/WvXTJS4pAndPJt4PrG03X56ra3yOTtlZqPvGR+XGjp56hG5I5AtQ27JmB6S30EncH9sDLDPucNtEzn57cY90kAZSdDYjBkJ5/lC3xJOB4UiAs582UgyIiVlL/mvjXd1kajAcchfUYnjEUkgFuOoRysWDO/rq8aDFYg/jokUNOn4ent7xXzlfEXkpMZ00coZ7gi+CjKOf29+/ZE1wCfbRhBds/mCmAerWJo24vb632lTCWKImbHo36WuBAvKqofFNpVyMRQ+OKm9Bzr2jQD7W4+1CUk/ZatGVWJHCPsEGWt/L0Fj8K3NzF135c9d8aZ9HqC9XNqOKTZpNe9QSMc5S+tD1ZUxHVrDHny0fOKaWGVHtgyNkcyte0l16wet1z+xZcPCKr8ieMSqh+HgfT2/kWjpb1hlmyEDFmPnnbmhCDD2QWstX8vCa9JTdd0OLb3rTgPMlbxPPIiWQGSBc6tig7X3mZbebweRz5ktqrdMvK3ter9bVC9T2TF6EiCktxw+IdS9MONajvoGAaR2k1nGbfKDSVIKk1ialfv1FGJu1gUA8J0pvXqbrTJfSPOH4iuJrWJut0UpJeHrUuh0ODguNriBivobZeaRamUA/PPNvM5KCSUQUtefDnVINsJSoT4yXn55fkRwvb2957AfHI8yMRg9KtNIYj8i5KsEsw4gE53Lr+NU7Wq2O08+v2mUSNjP0REWgu0Dw0M4/Q9eykLV/ZRnhRcbUZyA==,iv:yA1CkRMapP1S3zMwu6Tj0/0/HHpwD1yRAm/qrZx/kPs=,tag:SYg2IoXeD9fMYb35J/AJ1Q==,type:str] +netdata-claim-token: ENC[AES256_GCM,data:ECx8zLnU/dj08vfA76oVbVzL3JG9MLBoFmxSjtjiFbSiFtdaHtG/8u5FEuyQ1bQMQntV91xj7x1kY8fAp7VNbWyC13pOEOrt6rvJYch14eM3bqNvfGeqgJsHmAaRbY6mBrxJBkiRJBLYVil4e1oDNZVnzFQ4ditXZbMGtAV2063K1MRI/48p,iv:viE84mOp5KSdj8vdK5XxR0W9A54oPxQO5ahnpPLeAdE=,tag:WjzKjGXRRAc7vlzreFHbng==,type:str] openldap-rootpw: ENC[AES256_GCM,data:W0em1Dffg+IUoynwwPD4NjFksR38ZO4mhWFI83ALvYcwYIplxw/gDRLGCqbSt6TR5C65CKr1sOUiU+4Xq3UWmw==,iv:BHQhISTIYuwSM3KiSb0mEEo3BMNo6FXEDXoIvI3SZrU=,tag:tX8gfnk1JYnaNionk/jrLg==,type:str] dovecot-ldap-password: ENC[AES256_GCM,data:JYAt8/WggwclNEPO9CaWfQsvQBA8DDJCU2km93HpowoVwIdvQ/0lQHeXndPYe1EmJGJ3vLErie+Zn2kDINIMqQ==,iv:HR0QJ0GgQks3NzhfXwjHupCKcPOekkiTcp5Jxbz7CxI=,tag:19m7F6TjGUPOuHQJuUq2pw==,type:str] sops: @@ -44,8 +45,8 @@ sops: eC80bWxndE85RlZGRUFTcDdaZ2J1VE0KZ0FERlT1kdUE+WxSi57YowqDQtA9BoV1 MZoPePwGkRr27MHnPYIhoniUXC7mhQ4rqvcbFy6i1n4r1CqkRFBM3g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-19T12:50:38Z" - mac: ENC[AES256_GCM,data:4GtrWeB4m2fO+eQFt/bSoCN0MRR9XdayWLuJVdg8rBZ6iDx3Kf4qSMPsFyaTCRhNC72dCz4k9v011Yco4W6Jkd/iBm4tPHxLeldSRAtgt1X7U03ye6ZqAKZA/F5OjZMGPYsE2gypXAOkLbpQ5qeYuInWc64Ox0RTULhwzsXKxLA=,iv:SmqJUiHh0GJjegFTCXLPH3RKabvsJZ1y+EnbMnbGlOE=,tag:M+v+3GxNqiV/fnpVKn2I+g==,type:str] + lastmodified: "2024-07-08T11:20:50Z" + mac: ENC[AES256_GCM,data:GPUwpSAz6fj7mRxX1ebEb2sLAMLkQLuKPXk+B3+zZmA6+D7gAKrrBGUWHqYA9DMMY0r32OZSccGRmeKqdA7sWmzdIJTcBu8EyER1nJqVFJiXcOOdTkCLdOM4xW969YE0lBKpIAQ40E7YXYYwkI1JINneIBTuXkvIBmSQ3Bt2+ak=,iv:VEPNQxDLzxyTxkn8dI6xNDe9ESk2RojSNYYEwT+Ggas=,tag:cfUEKU3arSJl+lEOa+4iRA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/hosts/nb-new.cloonar.com/configuration.nix b/hosts/nb-new.cloonar.com/configuration.nix index cf5542f..ec70a01 100644 --- a/hosts/nb-new.cloonar.com/configuration.nix +++ b/hosts/nb-new.cloonar.com/configuration.nix @@ -73,9 +73,8 @@ in { services.openssh.enable = true; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.defaultSopsFile = ./secrets.yaml; - sops.age.keyFile = "/var/lib/sops-nix/key.txt"; - sops.age.generateKey = true; sops.secrets.epicenter_vpn_ca = {}; sops.secrets.epicenter_vpn_cert = {}; diff --git a/hosts/nb-new.cloonar.com/users/dominik.nix b/hosts/nb-new.cloonar.com/users/dominik.nix index 1daa618..f9911e3 100644 --- a/hosts/nb-new.cloonar.com/users/dominik.nix +++ b/hosts/nb-new.cloonar.com/users/dominik.nix @@ -90,22 +90,22 @@ in home.persistence."/nix/persist/user/dominik" = { allowOther = true; directories = [ + ".ApacheDirectoryStudio" ".config/github-copilot" ".config/libreoffice" ".config/Nextcloud" ".config/rustdesk" ".config/Signal" + ".config/sops" ".local/share/keyrings" ".mozilla" + ".ssh" ".thunderbird" "cloud.cloonar.com" "cloud.epicenter.works" "projects" "go" ]; - files = [ - ".ssh/known_hosts" - ]; }; gtk = { @@ -330,6 +330,8 @@ in home.activation.projects = lib.hm.dag.entryAfter ["writeBoundary"] '' PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH" set +eu + ssh-keygen -R git.cloonar.com + ssh-keyscan git.cloonar.com >> ~/.ssh/known_hosts git clone gitea@git.cloonar.com:Cloonar/support-invoiced.git /nix/persist/user/dominik/projects/cloonar/support-invoiced 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/nixos.git /nix/persist/user/dominik/projects/cloonar/cloonar-nixos 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/website.git /nix/persist/user/dominik/projects/cloonar/cloonar-website 2>/dev/null @@ -343,6 +345,8 @@ in git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git /nix/persist/user/dominik/projects/cloonar/amz/amz-frontend 2>/dev/null git clone gitea@git.cloonar.com:myhidden.life/web.git /nix/persist/user/dominik/projects/myhidden.life/myhidden.life-web 2>/dev/null + ssh-keygen -R gitlab.epicenter.works + ssh-keyscan gitlab.epicenter.works >> ~/.ssh/known_hosts git clone git@gitlab.epicenter.works:epicenter.works/campaigntool.git /nix/persist/user/dominik/projects/epicenter.works/campaigntool 2>/dev/null git clone git@gitlab.epicenter.works:epicenter.works/website.git /nix/persist/user/dominik/projects/epicenter.works/epicenter.works 2>/dev/null git clone git@gitlab.epicenter.works:epicenter.works/nixos.git /nix/persist/user/dominik/projects/epicenter.works/epicenter-nixos 2>/dev/null @@ -361,51 +365,45 @@ in matchBlocks = { "git.cloonar.com" = { user = "git"; - identityFile = "/nix/persist/user/dominik/.ssh/id_rsa"; identitiesOnly = true; }; "gitlab.epicenter.works" = { user = "git"; - identityFile = "/nix/persist/user/dominik/.ssh/id_rsa"; identitiesOnly = true; }; "tools.epicenter.works" = { user = "root"; - identityFile = "/nix/persist/user/dominik/.ssh/epicenter.id_rsa"; + identityFile = "epicenter.id_rsa"; }; "*.epicenter.works !tools.epicenter.works" = { user = "dominik"; - identityFile = "/nix/persist/user/dominik/.ssh/epicenter.id_rsa"; + identityFile = "epicenter.id_rsa"; }; "*.dearmep.eu" = { user = "root"; - identityFile = "/nix/persist/user/dominik/.ssh/epicenter.id_rsa"; + identityFile = "epicenter.id_rsa"; }; "*.akvorrat.at" = { user = "dominik"; setEnv = { TERM = "xterm-256color"; }; - identityFile = "/nix/persist/user/dominik/.ssh/epicenter.id_rsa"; + identityFile = "epicenter.id_rsa"; }; "*.cloonar.com" = { user = "root"; - identityFile = "/nix/persist/user/dominik/.ssh/id_rsa"; }; "*.cloonar.smart" = { user = "root"; - identityFile = "/nix/persist/user/dominik/.ssh/id_rsa"; }; "*.wsw.at" = { user = "wswdpolakovics"; - identityFile = "/nix/persist/user/dominik/.ssh/id_rsa"; setEnv = { TERM = "xterm-256color"; }; }; "*.nycro.net" = { user = "hilgenberg-gmbh.de_kk33i9d2xv"; # prod - identityFile = "/nix/persist/user/dominik/.ssh/id_rsa"; #user = "hilgenberg.gmbh.de_pci2n5aqzt"; # stage setEnv = { TERM = "xterm-256color"; @@ -413,11 +411,9 @@ in }; "amz-websrv-01.amz.at" = { user = "ebs"; - identityFile = "/nix/persist/user/dominik/.ssh/id_rsa"; }; "u149513.your-backup.de" = { user = "u149513"; - identityFile = "/nix/persist/user/dominik/.ssh/id_rsa"; # user = "u149513-sub2"; # fw.cloonar.com port = 23; }; diff --git a/papa-nb.md b/papa-nb.md new file mode 100644 index 0000000..abc7f57 --- /dev/null +++ b/papa-nb.md @@ -0,0 +1,7 @@ +excel +überweisungen +email - outlook +remote desktop +cewe fotobuch + + diff --git a/utils/modules/netdata.nix b/utils/modules/netdata.nix index 5a81dcf..1038b24 100644 --- a/utils/modules/netdata.nix +++ b/utils/modules/netdata.nix @@ -1,16 +1,22 @@ { config, pkgs, ... }: +let + unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { + config = { allowUnfree = true; }; + }; +in { - environment.systemPackages = with pkgs; [ - python312 - ]; - services.netdata.configDir."python.d.conf" = pkgs.writeText "python.d.conf" '' postfix: yes ''; + sops.secrets.netdata-claim-token = { }; + services.netdata = { enable = true; + package = unstable.netdata; + # claimTokenFile = config.sops.secrets.netdata-claim-token.path; + python.enable = true; config = { diff --git a/utils/modules/sops.nix b/utils/modules/sops.nix index 65c2dc2..c3f8032 100644 --- a/utils/modules/sops.nix +++ b/utils/modules/sops.nix @@ -1,6 +1,5 @@ { imports = [ - "${builtins.fetchTarball "https://github.com/Mic92/sops-nix/archive/master.tar.gz"}/modules/sops" + "${builtins.fetchTarball "https://github.com/Mic92/sops-nix/archive/b549832718b8946e875c016a4785d204fcfc2e53.tar.gz"}/modules/sops" ]; - }