diff --git a/.sops.yaml b/.sops.yaml index 99fcf13..9746bad 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -64,13 +64,6 @@ creation_rules: - *dominik - *dominik2 - *ldap-server-arm - - path_regex: hosts/fw/modules/web/[^/]+\.yaml$ - key_groups: - - age: - - *bitwarden - - *dominik - - *dominik2 - - *web-02 - path_regex: utils/modules/lego/[^/]+\.yaml$ key_groups: - age: diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index 1104f1d..f41f098 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -90,8 +90,7 @@ address = [ "/fw.cloonar.com/${config.networkPrefix}.97.1" "/omada.cloonar.com/${config.networkPrefix}.97.2" - "/web-02.cloonar.com/${config.networkPrefix}.97.5" - "/phpldapadmin.cloonar.com/${config.networkPrefix}.97.5" + "/pc.cloonar.com/${config.networkPrefix}.96.5" "/home-assistant.cloonar.com/${config.networkPrefix}.97.20" "/mopidy.cloonar.com/${config.networkPrefix}.97.21" "/snapcast.cloonar.com/${config.networkPrefix}.97.21" diff --git a/hosts/fw/modules/web/default.nix b/hosts/fw/modules/web/default.nix index 4957903..3fcfad8 100644 --- a/hosts/fw/modules/web/default.nix +++ b/hosts/fw/modules/web/default.nix @@ -54,7 +54,6 @@ in { ../../utils/modules/lego/lego.nix # ../../utils/modules/borgbackup.nix - ./phpldapadmin.nix ./zammad.nix ./proxies.nix ./matrix.nix @@ -62,9 +61,6 @@ in { networkPrefix = config.networkPrefix; - sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; - sops.defaultSopsFile = ./secrets.yaml; - time.timeZone = "Europe/Vienna"; systemd.network.networks."10-lan" = { @@ -120,6 +116,10 @@ in { # backups # borgbackup.repo = "u149513-sub2@u149513-sub2.your-backup.de:borg"; + + sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; + sops.defaultSopsFile = ./secrets.yaml; + networking.firewall = { enable = true; allowedTCPPorts = [ 22 80 443 ]; diff --git a/hosts/fw/modules/web/phpldapadmin.nix b/hosts/fw/modules/web/phpldapadmin.nix deleted file mode 100644 index 76023ca..0000000 --- a/hosts/fw/modules/web/phpldapadmin.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - phpldapadmin = pkgs.callPackage ../../pkgs/phpldapadmin.nix {}; - fpm = config.services.phpfpm.pools.phpldapadmin; - stateDir = "/var/lib/phpldapadmin"; - domain = "phpldapadmin.cloonar.com"; -in -{ - - users.users.phpldapadmin = { - description = "PHPLdapAdmin Service"; - home = stateDir; - useDefaultShell = true; - group = "phpldapadmin"; - isSystemUser = true; - }; - - users.groups.phpldapadmin = { }; - - sops.secrets.phpldapadmin.owner = "phpldapadmin"; - - environment.etc."phpldapadmin/env".source = config.sops.secrets.phpldapadmin.path; - - services.nginx = { - enable = true; - virtualHosts = { - "${domain}" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - root = stateDir; - locations."/" = { - root = "${phpldapadmin}/public"; - index = "index.php"; - extraConfig = '' - location ~* \.php(/|$) { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${fpm.socket}; - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - - include ${pkgs.nginx}/conf/fastcgi_params; - include ${pkgs.nginx}/conf/fastcgi.conf; - } - ''; - }; - }; - }; - }; - - environment.etc.nginx_allowed_groups = { - text = "employees"; - mode = "0444"; - }; - - security.pam.services.nginx.text = '' - # auth required pam_listfile.so \ - # item=group sense=allow onerr=fail file=/etc/nginx_allowed_groups - auth required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so - account required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so - ''; - - services.phpfpm.pools.phpldapadmin = { - user = "phpldapadmin"; - phpOptions = '' - error_log = 'stderr' - log_errors = on - ''; - settings = mapAttrs (name: mkDefault) { - "listen.owner" = "nginx"; - "listen.group" = "nginx"; - "listen.mode" = "0660"; - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 1; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; - "catch_workers_output" = true; - }; - phpEnv."PATH" = pkgs.lib.makeBinPath [ - pkgs.which - phpldapadmin - ]; - }; - - systemd.tmpfiles.rules = [ - "d '${stateDir}' 0750 phpldapadmin phpldapadmin - -" - ]; - -} diff --git a/hosts/fw/modules/web/secrets.yaml b/hosts/fw/modules/web/secrets.yaml index 23eb14d..db256f4 100644 --- a/hosts/fw/modules/web/secrets.yaml +++ b/hosts/fw/modules/web/secrets.yaml @@ -3,46 +3,32 @@ borg-ssh-key: ENC[AES256_GCM,data:b/xZnUTfi85IG1s897CBF1HD7BTswQUatbotyZfLmbhxXx zammad-key-base: ENC[AES256_GCM,data:HO9MuwcwjryuXr5No8sCPfso5bpLtQCoczrC/R214ecVIFwwH1uhMeNO8Tlh6EjRLPo7aVTSz87Vx5yaNVezvHCs55G6TT9mcNS/v/V7sbFz9dNIgbFblY3gFIAa4cViioYc71wdb7d4Tta7qhse5zQ41KhAqCWuGDgFErQA4Oc=,iv:b1wY8fW0psircSlNXwDjPzNWK8NyAMNqegitNcqV6U4=,tag:oQ7nyO9TKOOu6IF7ODzpPA==,type:str] dendrite-private-key: ENC[AES256_GCM,data:ZHDIa/iYSZGofE67JU63fHRdKbs/ZyEJY45tV6H8WZAOcduGafPYBo2NCZ7nqLbc2Z9dUUgsrpzvkQ3+VaWqFUv7YsE+CbCx4CeiLGMkj8EAGzX4rkJGHMzkkc2UT7v9znCnKACS3fZtU69trqVMcf1PzgqepOHMBku37dzpwOQC/Tc3UTuO72M=,iv:Ljun1/ruY9cDBm9vu62riUrpGjrWtFFx90GeE7uc3Yo=,tag:FF4xPb1SDhK/4ITr/idvYg==,type:str] matrix-shared-secret: ENC[AES256_GCM,data:HeS4PT0R+TRU6Htwa5TChjK1VAjAdgSS8tSnva+ga3f+mEfJPTQ02pEvS2WFvcnchmEjNYy39zL/rbtX,iv:4yR+VgdJY3VcvLg18v+5jbJDSkFzaeyLNAZ0k8ivjdQ=,tag:RA96iSFDUdlXq30c/vkvpA==,type:str] -phpldapadmin: ENC[AES256_GCM,data:CJBFQfi0qJmPQcxPcneHcXFsIku0a+xdv7rmrKzC0XsBcn3N/dP8cGBbkC/GcH2OWBhRWFNFm0GOEALbJa/1z/hFxbxn1QJlfglglaXHNjiwJqND51GmNzd+5GJ39RHR7w06fVABgCrDM60DChJLy0Iql/eCITYhZUGpoLd4I+fKXy9zggVIzAA3tTYziJNuaBQuMe/i8V8AIt0DBefrEBITyl3wi/+Y4utLXiEUPOWPGCYfS+Xp7LcHiTJ2rZzwKJjYPiPs+7UYx2IsT2+ksJtSHR0+ibUHXNzebBTmAZ3+YBoyeBvdw2VmsgJeCUTC2SLnBAsR4J3AoSDQcZ0XrHq2oIzZC/Mf5g==,iv:iHx495CM8LHqrsiNPwzFXZQxWJZ5kCgWYvgwirjy7Uw=,tag:c7FvYuYzYjqH/Bqs7FbMzA==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZmRBZm8wL3ZQdUZMSjRG - cnFWTjNhc2gvd3pURkdjdEpZdUE2ZE9nVFdnCnEvRGlScFJVUGZRenV3VXI5cU85 - NkZ6clplbzZnR1ZWY0YvMy84WWRiMUEKLS0tIHliOE9KYTdlUlFEb2NuRE0yYWJm - OEhCZmphWVVjU3k1VHRDMnJWTUpQQVUK1M7fgK+d/KlbTzvt9CKj6cGgzZ+vwsfE - zqUbyJ/5UpmrU/3kQMxBMBmb8HsA8b/1itzOn4F54SF1Xm7CFDLTUQ== - -----END AGE ENCRYPTED FILE----- - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaEpvdkdvSHZQTXZXbXZa - ckZrTW9qNW9SMzN2TkVaZTRlT1NKSm56Q1JzCnIxY1k3Q2VjTy9OSlZPbEZkVDBi - UWVCRHE5bWlDaVEyWERXeUdsL1BFYkUKLS0tIEhoK05uMVpzYXJFZHBRcDlZb296 - YWRTZmljUTJEQW5lUzdMa3N0Y045MlUK0lAs4L5D0DIKuxuHJmGbOu6SX1Y4KNJo - VsgVUd9wU9r/ApoiaicAPNn0jyH3B8sGk1JGtrisL5eldc6Z5phR4g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVEdRWkR4YzJNU2Z3ZW9t - VGNHM3gxZUM0SDlaMzBleHU3a3lsZ1M0dlNJCnF3R1JtUUZCZE9CV2NUVG9la2I5 - R0hadEw2RldTS3J3cDdDQkp0OG4vZmsKLS0tIHl4UVpBejlFbkRycEZjSTNyditY - S3VRckhkNGRzR0VOOVBaRmZCT1lxM0kKThIJN/jw3tjaqaf1C5s6+K5BMBrMer2z - YNhhar3iomZbWvwJ5OW4dneU9p0drrcl5LR9tSAoTiSxIbfBZf+d0A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUWdTYlRjWDJvemF5Q2sr + VCtrS2dTTGRwUlNIWHd0WkVCRkRMcGhuTzE0ClNic1FmQ05UNWQwbGc4TUFMNGlI + K0RhK2pqUGY3UElmK1pNUEkxV2xGUTQKLS0tIFRORE9JTDRZK0MwZUJoc2xlcHFH + bmp3ZW14TVdCMHhkSi84NE5neDdrY3cKYfgu7aqvG6wQmEFhmzieXFGoQpyffPXj + jiHrAPjBBFy21wdYf0nQXNMzekqOMJwOj0oNA2b5omprPxjB9uns4Q== -----END AGE ENCRYPTED FILE----- - recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzOEhSaklkdnJoY0dOU3dt - T1lyVVdVZ1VoRmQ4RURPN1ZjYWhPeU01T2gwCjFmbHZ3SThub2psTjBHOWk3M0hP - WFk2RXFnM3AzSHhraEJmRmxWZzRFVE0KLS0tIDdteWVZKzJVNXdyZDJTbE43Zldr - WDdHb1I5dVFCcHJ0ejVhOXFIb1pKRlUKkCS05OVL7xvkZ1oh16GTCnateuXao9ZK - 6sMZ7/c9tafLH52psnjeUEJK15Bw8DihFjFctyIh242j8TtXXqxBYg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUjQxWnBMQXo3QmF1STUw + bHh1NDhvQXZIQ2RiOUx5OU5Wc3BVSEJDUEZVCmVzeFk5SWpMbVV4VUdsRmhiaWwz + bTJDY1pJRXJvNUdCSXJqQ3Byd3lWN2sKLS0tIHRKdXRNc1BYcURBRVNlenk1OEl3 + Q05BN0VnQ0haeHBobWhRV0EzL3dLSEkKWlALiX5mvG8y0WUc8yFWMbcpSRrSGoQx + SHaOlDCjYvViZ7GPRLqnSwDGZ1clC6JsTbwKXrMsWdZBKvSO/VIWQw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-10T11:35:59Z" - mac: ENC[AES256_GCM,data:1r8IFSyvVmwSR9j9DROAbN6GmnQo8cg+Z1wCvg2hv/lql5FbeLgFUvVHYQvPGJK6cRUTM+7T010AZOZSWKJM2K3KqiinWLdVVM1G1Bvhv8T4epL2RHq65OgMd5jJFrMLYoyJmHUp3AkzlPeYJDtrvxGCB5B88H1L+ifZtV0pKJQ=,iv:uOnWxuPiPJkmc+wBf4EYihTLeugcyM4MX4AkYncfAFg=,tag:HWHGROye6YMR/cLm/C2G1Q==,type:str] + lastmodified: "2024-10-14T16:53:41Z" + mac: ENC[AES256_GCM,data:DUi6zUrZBMVaYZ/BvWny7RwPgXe+vQ+odO30fGe8iZHj9d3gzB95F75CqIgENi4gVOA4CQDADE+p45z/mtl04HAh7RiT0/k21RSdQcH2W9AX525fOzeqbxbPA/tXJOctwGrytFwlK9UdJULXkJCwYrJnwNc0XPnBk1FodTykXWs=,iv:q/eapgTVL/rifrrZeIcXT5VO9bEoS4EmmEhYJ2xHvQ4=,tag:xb0Qj/wu17cLTkvefsDqiw==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.8.1 diff --git a/hosts/fw/pkgs/phpldapadmin.nix b/hosts/fw/pkgs/phpldapadmin.nix deleted file mode 100644 index 2a0bf15..0000000 --- a/hosts/fw/pkgs/phpldapadmin.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ fetchurl, lib, stdenv, nodejs_24, php, phpPackages }: - -stdenv.mkDerivation rec { - pname = "phpLDAPadmin"; - version = "2.1.4"; - - src = fetchurl { - url = "https://github.com/leenooks/phpLDAPadmin/archive/${version}.tar.gz"; - sha256 = "sha256-hkigC458YSgAZVCzVznix8ktDBuQm+UH3ujXn9Umylc="; - }; - - # Pull in PHP itself and Composer - buildInputs = [ php nodejs_24 ]; - nativeBuildInputs = [ phpPackages.composer ]; - - # Let composer do its work - buildPhase = '' - # install all PHP dependencies into vendor/ - npm i - npm run prod - composer i --no-dev - ''; - - installPhase = '' - mkdir -p $out - # copy everything—including the newly created vendor/ directory - cp -r . $out/ - ln -sf /etc/phpldapadmin/env $out/.env - ''; - - meta = { - description = "phpLDAPadmin"; - license = lib.licenses.gpl3; - platforms = lib.platforms.all; - }; -} diff --git a/hosts/mail/modules/openldap.nix b/hosts/mail/modules/openldap.nix index 2fbd175..70fbd89 100644 --- a/hosts/mail/modules/openldap.nix +++ b/hosts/mail/modules/openldap.nix @@ -55,28 +55,20 @@ in { by * none '' '' - {1}to attrs=pgpPublicKey - by self write - by anonymous read - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - '' - {2}to attrs=loginShell + {1}to attrs=loginShell by self write by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by * none '' '' - {3}to dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" + {2}to dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by * none '' '' - {4}to * + {3}to * by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by dn="cn=admin,dc=cloonar,dc=com" write by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write @@ -131,15 +123,7 @@ in { by * none '' '' - {1}to attrs=pgpPublicKey - by self write - by anonymous read - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - '' - {2}to * + {1}to * by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by * read @@ -176,15 +160,7 @@ in { by * none '' '' - {1}to attrs=pgpPublicKey - by self write - by anonymous read - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - '' - {2}to * + {1}to * by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by * read @@ -222,15 +198,7 @@ in { by * none '' '' - {1}to attrs=pgpPublicKey - by self write - by anonymous read - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - '' - {2}to * + {1}to * by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by * read @@ -268,15 +236,7 @@ in { by * none '' '' - {1}to attrs=pgpPublicKey - by self write - by anonymous read - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - '' - {2}to * + {1}to * by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by * read @@ -314,15 +274,7 @@ in { by * none '' '' - {1}to attrs=pgpPublicKey - by self write - by anonymous read - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - '' - {2}to * + {1}to * by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write by * read @@ -347,7 +299,7 @@ in { (1.3.6.1.4.1.28298.1.2.4 NAME 'cloonarUser' SUP (mailAccount) AUXILIARY DESC 'Cloonar Account' - MAY (sshPublicKey $ pgpPublicKey $ ownCloudQuota $ quota)) + MAY (sshPublicKey $ ownCloudQuota $ quota)) '' ]; }; @@ -422,22 +374,14 @@ in { EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) '' - '' - (1.3.6.1.4.1.24552.500.1.1.1.14 - NAME 'pgpPublicKey' - DESC 'PGP/GPG Public key' - EQUALITY octetStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) - '' ]; olcObjectClasses = [ '' (1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY - DESC 'SSH and PGP Public Key Support' - MUST ( uid ) - MAY ( sshPublicKey $ pgpPublicKey )) + DESC 'MANDATORY: OpenSSH LPK objectclass' + MUST ( sshPublicKey $ uid )) '' ]; }; diff --git a/hosts/nb/configuration.nix b/hosts/nb/configuration.nix index 59307d2..cb5feb6 100644 --- a/hosts/nb/configuration.nix +++ b/hosts/nb/configuration.nix @@ -12,15 +12,17 @@ in { security.pki.certificates = [ "/home/dominik/.local/share/mkcert/rootCA.pem" ]; imports = - [ + [ # Include the results of the hardware scan. "${impermanence}/nixos.nix" + # (import ).nixosModules.default ./utils/bento.nix ./utils/modules/sops.nix ./utils/modules/nur.nix ./modules/appimage.nix ./modules/desktop - ./modules/development + ./modules/development/default.nix + # ./modules/printer.nix # ./modules/cyberghost.nix ./utils/modules/autoupgrade.nix ./modules/puppeteer.nix @@ -28,14 +30,19 @@ in { ./modules/ollama.nix ./modules/qdrant.nix + # ./modules/development + ./cachix.nix ./users + # coding + # ./modules/steam.nix ./modules/fingerprint.nix - ./modules/set-nix-channel.nix + ./modules/set-nix-channel.nix # Automatically manage nix-channel from /var/bento/channel ./hardware-configuration.nix + ]; # services.snap.enable = true; @@ -166,6 +173,7 @@ in { networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.extraHosts = '' 77.119.230.30 vpn.cloonar.com + 10.25.0.25 archive.zeichnemit.at ''; # Set your time zone. @@ -180,7 +188,20 @@ in { environment.systemPackages = with pkgs; [ alsa-utils - sshpass + bento + docker-compose + drone-cli + git-filter-repo + nix-prefetch-git + openaudible + openmanus + unzip + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + wireguard-tools + wineWowPackages.stable + wineWowPackages.fonts + winetricks pinentry-curses # ykfde ]; @@ -237,8 +258,6 @@ in { # epicenter.works "10.14.0.0/16" "10.25.0.0/16" - "188.34.191.144/32" # web-arm - "91.107.201.241" # mail ]; endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 persistentKeepalive = 25; @@ -264,7 +283,7 @@ in { # autoOptimiseStore = true; gc = { automatic = true; - dates = "daily"; + dates = "weekly"; options = "--delete-older-than 30d"; }; # Free up to 1GiB whenever there is less than 100MiB left. diff --git a/hosts/nb/modules/desktop/default.nix b/hosts/nb/modules/desktop/default.nix index b42f598..c0ec148 100644 --- a/hosts/nb/modules/desktop/default.nix +++ b/hosts/nb/modules/desktop/default.nix @@ -1,5 +1,8 @@ { config, pkgs, lib, ... }: let + apache-ds-pin = import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/9aec01027f7ea2bca07bb51d5ed83e78088871c1.tar.gz"; + }) {}; in { imports = [ ../sway/sway.nix @@ -13,7 +16,7 @@ in { environment.systemPackages = with pkgs; [ alacritty - apache-directory-studio + apache-ds-pin.apache-directory-studio cryptomator fontforge freecad diff --git a/hosts/nb/modules/development/default.nix b/hosts/nb/modules/development/default.nix index 670ec19..b1e58b2 100644 --- a/hosts/nb/modules/development/default.nix +++ b/hosts/nb/modules/development/default.nix @@ -13,38 +13,27 @@ in { ./nvim/default.nix ]; environment.systemPackages = with pkgs; [ - bento ddev - docker-compose - drone-cli gcc git - git-filter-repo glib go + nodejs_22 + rbw + bento + docker-compose + drone-cli + git-filter-repo + nix-prefetch-git jq mkcert mqttui - nix-prefetch-git - nodejs_22 - rbw - sops - unzip vim wget wireguard-tools + unzip wol ]; virtualisation.docker.enable = true; - - virtualisation.libvirtd = { - enable = true; # Turn on the libvirtd daemon - qemu = { - ovmf = { - enable = true; # Enable OVMF firmware support - }; - # swtpm.enable = true; # enable if you need TPM emulation, etc. - }; - }; } diff --git a/hosts/nb/users/configs/project_history b/hosts/nb/users/configs/project_history index 9af5e08..c2a00fb 100644 --- a/hosts/nb/users/configs/project_history +++ b/hosts/nb/users/configs/project_history @@ -9,7 +9,6 @@ /home/dominik/projects/cloonar/cloonar-assistant-customers /home/dominik/projects/cloonar/updns /home/dominik/projects/cloonar/mcp-servers-nix -/home/dominik/projects/cloonar/ldap2vcard /home/dominik/projects/cloonar/flow/flow-docs /home/dominik/projects/cloonar/flow/flow-user-service diff --git a/hosts/nb/users/dominik.nix b/hosts/nb/users/dominik.nix index a66dba0..7b867e8 100644 --- a/hosts/nb/users/dominik.nix +++ b/hosts/nb/users/dominik.nix @@ -606,7 +606,6 @@ in git clone gitea@git.cloonar.com:Cloonar/cloonar-assistant-customers.git ${persistHome}/projects/cloonar/cloonar-assistant-customers 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/updns.git ${persistHome}/projects/cloonar/updns 2>/dev/null git clone git@github.com:dpolakovics/mcp-servers-nix.git ${persistHome}/cloonar/mcp-servers-nix 2>/dev/null - git clone gitea@git.cloonar.com:Cloonar/ldap2vcard.git ${persistHome}/projects/cloonar/ldap2vcard 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/flow-docs.git ${persistHome}/projects/cloonar/flow/flow-docs 2>/dev/null git clone gitea@git.cloonar.com:Cloonar/flow-user-service.git ${persistHome}/projects/cloonar/flow/flow-user-service 2>/dev/null diff --git a/hosts/web-arm/sites/dialog-relations.cloonar.dev.nix b/hosts/web-arm/sites/dialog-relations.cloonar.dev.nix index b44fc07..9c1bf20 100644 --- a/hosts/web-arm/sites/dialog-relations.cloonar.dev.nix +++ b/hosts/web-arm/sites/dialog-relations.cloonar.dev.nix @@ -5,6 +5,6 @@ authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma" ]; - phpPackage = pkgs.php84; + phpPackage = pkgs.php83; }; } diff --git a/hosts/web-arm/sites/dialog-relations.pub b/hosts/web-arm/sites/dialog-relations.pub new file mode 100644 index 0000000..b3433b2 --- /dev/null +++ b/hosts/web-arm/sites/dialog-relations.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1jkPi2LbnzP5hM4Mpt6rh+Vq5pTe63+zS3QvVyA4Ma dominik@nb-01 diff --git a/hosts/web-arm/sites/paraclub.at.nix b/hosts/web-arm/sites/paraclub.at.nix index cec6869..d108d2f 100644 --- a/hosts/web-arm/sites/paraclub.at.nix +++ b/hosts/web-arm/sites/paraclub.at.nix @@ -23,7 +23,7 @@ in { locations."/".extraConfig = '' index index.html; - error_page 404 /de/404.html; + error_page 404 /404.html; ''; locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = ''