From 02a81c1dd493c5f66f1fb3ed1c68e91da9dbe6e7 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Sun, 17 Jul 2022 20:30:45 +0200 Subject: [PATCH] Bump to 22.05 --- flake.lock | 22 +++--- flake.nix | 4 +- hosts/architect/default.nix | 2 +- hosts/architect/hardware.nix.bk | 50 +++++++++++++ hosts/architect/matrix.nix | 125 ++++++++++++++++---------------- hosts/architect/nextcloud.nix | 2 +- roles/acme.nix | 10 ++- 7 files changed, 136 insertions(+), 79 deletions(-) create mode 100644 hosts/architect/hardware.nix.bk diff --git a/flake.lock b/flake.lock index 6751657..a96418b 100644 --- a/flake.lock +++ b/flake.lock @@ -7,27 +7,27 @@ ] }, "locked": { - "lastModified": 1651519540, - "narHash": "sha256-3k6p8VsTwwRPQjE8rrMh+o2AZACZn/eeYJ7ivdQ/Iro=", + "lastModified": 1656169755, + "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=", "owner": "rycee", "repo": "home-manager", - "rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0", + "rev": "4a3d01fb53f52ac83194081272795aa4612c2381", "type": "github" }, "original": { "owner": "rycee", - "ref": "release-21.11", + "ref": "release-22.05", "repo": "home-manager", "type": "github" } }, "nixos-unstable": { "locked": { - "lastModified": 1657132020, - "narHash": "sha256-MkDlX9c9FxgHsCAbtJtk92BKk2GjosrNPEePmbh1A4I=", + "lastModified": 1658080881, + "narHash": "sha256-/7XjFg4o/ftRrL8WyVR+s40WLvbreqTuf2TP0qGOkrk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2039758aae57dbd5f2f4a6e79daa85a69441b544", + "rev": "fdefff339156333838395975d55d5b55ae391b41", "type": "github" }, "original": { @@ -39,16 +39,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656782578, - "narHash": "sha256-1eMCBEqJplPotTo/SZ/t5HU6Sf2I8qKlZi9MX7jv9fw=", + "lastModified": 1657815135, + "narHash": "sha256-+5Jby1ayRjtSgsM5IpRNeUgdcIutCKQWR6sypRtd1RE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "573603b7fdb9feb0eb8efc16ee18a015c667ab1b", + "rev": "c06d5fa9c605d143b15cafdbbb61c7c95388d76e", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-21.11", + "ref": "nixos-22.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index b2feb00..7fe3a67 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,9 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05"; nixos-unstable.url = "github:NixOS/nixpkgs/master"; home-manager = { - url = "github:rycee/home-manager/release-21.11"; + url = "github:rycee/home-manager/release-22.05"; inputs.nixpkgs.follows = "nixpkgs"; }; }; diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix index aa702df..5a5a59d 100644 --- a/hosts/architect/default.nix +++ b/hosts/architect/default.nix @@ -149,7 +149,7 @@ in { openssh = { enable = true; passwordAuthentication = false; - challengeResponseAuthentication = false; + kbdInteractiveAuthentication = false; extraConfig = '' MaxAuthTries 15 ''; diff --git a/hosts/architect/hardware.nix.bk b/hosts/architect/hardware.nix.bk new file mode 100644 index 0000000..6f331cb --- /dev/null +++ b/hosts/architect/hardware.nix.bk @@ -0,0 +1,50 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = + [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "zpool/nixos/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "zpool/data/home"; + fsType = "zfs"; + }; + + fileSystems."/media" = { + device = "datapool/media"; + fsType = "zfs"; + }; + + fileSystems."/secrets" = { + device = "backedpool/secrets"; + fsType = "zfs"; + }; + + fileSystems."/var/lib" = { + device = "backedpool/services"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/AF19-5616"; + fsType = "vfat"; + }; + +# swapDevices = [{ +# device = "/dev/sdc1"; +# size = 10000; +# }]; + +} diff --git a/hosts/architect/matrix.nix b/hosts/architect/matrix.nix index 687d341..358abf2 100644 --- a/hosts/architect/matrix.nix +++ b/hosts/architect/matrix.nix @@ -8,68 +8,71 @@ in { services = { matrix-synapse = { enable = true; - server_name = "${domain}"; - database_name = "synapse"; - public_baseurl = "https://${domain}"; - registration_shared_secret = "runas!"; - url_preview_enabled = true; - dynamic_thumbnails = true; - withJemalloc = true; - # enable_registration = true; - app_service_config_files = [ - "/var/lib/matrix-synapse/discord-registration.yaml" -# "/var/lib/matrix-synapse/hookshot-registration.yml" - # "/var/lib/matrix-synapse/telegram-registration.yaml" - ]; - extraConfig = '' - auto_join_rooms: - - "#general:matrix.giugl.io" - max_upload_size: "50M" - ''; - listeners = [{ - port = 8008; - bind_address = "::1"; - type = "http"; - tls = false; - x_forwarded = true; - resources = [{ - names = [ "client" "federation" ]; - compress = false; + settings = { + server_name = "${domain}"; + database_name = "synapse"; + public_baseurl = "https://${domain}"; + registration_shared_secret = "runas!"; + url_preview_enabled = true; + dynamic_thumbnails = true; + withJemalloc = true; + # enable_registration = true; + app_service_config_files = [ + "/var/lib/matrix-synapse/discord-registration.yaml" + # "/var/lib/matrix-synapse/hookshot-registration.yml" + # "/var/lib/matrix-synapse/telegram-registration.yaml" + ]; + # log_config = '' + # version: 1 + + # # In systemd's journal, loglevel is implicitly stored, so let's omit it + # # from the message text. + # formatters: + # journal_fmt: + # format: '%(name)s: [%(request)s] %(message)s' + + # filters: + # context: + # (): synapse.util.logcontext.LoggingContextFilter + # request: "" + + # handlers: + # journal: + # class: systemd.journal.JournalHandler + # formatter: journal_fmt + # filters: [context] + # SYSLOG_IDENTIFIER: synapse + + # root: + # level: WARN + # handlers: [journal] + + # disable_existing_loggers: False + # ''; + listeners = [{ + port = 8008; + bind_addresses = ["127.0.0.1"]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [{ + names = [ "client" "federation" ]; + compress = false; + }]; }]; - }]; - turn_uris = [ - "turns:turn.giugl.io:5349?transport=udp" - "turns:turn.giugl.io:5349?transport=tcp" - ]; - turn_shared_secret = "69duck duck fuck420"; - turn_user_lifetime = "1h"; - logConfig = '' - version: 1 - - # In systemd's journal, loglevel is implicitly stored, so let's omit it - # from the message text. - formatters: - journal_fmt: - format: '%(name)s: [%(request)s] %(message)s' - - filters: - context: - (): synapse.util.logcontext.LoggingContextFilter - request: "" - - handlers: - journal: - class: systemd.journal.JournalHandler - formatter: journal_fmt - filters: [context] - SYSLOG_IDENTIFIER: synapse - - root: - level: WARN - handlers: [journal] - - disable_existing_loggers: False - ''; + }; + + #extraConfig = '' + # auto_join_rooms: + # - "#general:matrix.giugl.io" + # max_upload_size: "50M" + #''; + # turn_uris = [ + # "turns:turn.giugl.io:5349?transport=udp" + # "turns:turn.giugl.io:5349?transport=tcp" + # ]; + # turn_shared_secret = "69duck duck fuck420"; + # turn_user_lifetime = "1h"; }; postgresql = { diff --git a/hosts/architect/nextcloud.nix b/hosts/architect/nextcloud.nix index 3b80b14..ee7bdcf 100644 --- a/hosts/architect/nextcloud.nix +++ b/hosts/architect/nextcloud.nix @@ -8,7 +8,7 @@ in { mysql.enable = true; mysql.package = pkgs.unstable.mysql80; - redis.enable = true; + redis.servers."default".enable = true; nextcloud = { enable = true; diff --git a/roles/acme.nix b/roles/acme.nix index 055270e..1a620f0 100644 --- a/roles/acme.nix +++ b/roles/acme.nix @@ -1,4 +1,8 @@ -{ ... }: { - security.acme.acceptTerms = true; - security.acme.email = "sysadmin@giugl.io"; +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "sysadmin@giugl.io"; + }; + }; }