diff --git a/flake.lock b/flake.lock index e190bf6..3fc54a5 100644 --- a/flake.lock +++ b/flake.lock @@ -619,6 +619,22 @@ "type": "github" } }, + "nixpkgs-2405": { + "locked": { + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-lib": { "locked": { "dir": "lib", @@ -825,11 +841,12 @@ "nix-vscode-extensions": "nix-vscode-extensions", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ - "nixpkgs-2311" + "nixpkgs-2405" ], "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2305": "nixpkgs-2305", "nixpkgs-2311": "nixpkgs-2311", + "nixpkgs-2405": "nixpkgs-2405", "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-vscodium": "nixpkgs-vscodium", "nixpkgs-wayland": "nixpkgs-wayland", diff --git a/flake.nix b/flake.nix index d333b92..75cd5b0 100644 --- a/flake.nix +++ b/flake.nix @@ -11,8 +11,9 @@ radicalePkgs.follows = "nixpkgs-2211"; nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs-2405.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.follows = "nixpkgs-2311"; + nixpkgs.follows = "nixpkgs-2405"; flake-parts.url = "github:hercules-ci/flake-parts"; get-flake.url = "github:ursi/get-flake"; diff --git a/nix/home-manager/profiles/gnome-desktop.nix b/nix/home-manager/profiles/gnome-desktop.nix index b0a7a7b..b803ea5 100644 --- a/nix/home-manager/profiles/gnome-desktop.nix +++ b/nix/home-manager/profiles/gnome-desktop.nix @@ -23,7 +23,7 @@ in { # Hidden=true # ''; - services.gpg-agent.pinentryFlavor = "gnome3"; + services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3; dconf.settings = let manualKeybindings = [ diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index 8942c65..6581006 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -36,7 +36,7 @@ in { enable = true; }; - services.gpg-agent.pinentryFlavor = "gnome3"; + services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3; home.packages = [ pkgs.swayidle diff --git a/nix/home-manager/programs/gpg-agent.nix b/nix/home-manager/programs/gpg-agent.nix index da4ce37..069c7ca 100644 --- a/nix/home-manager/programs/gpg-agent.nix +++ b/nix/home-manager/programs/gpg-agent.nix @@ -4,17 +4,9 @@ config, ... }: { - home.packages = - [ - pkgs.gcr - ] - ++ ( - if config.services.gpg-agent.pinentryFlavor == "gtk2" - then [pkgs.pinentry-gtk2] - else if config.services.gpg-agent.pinentryFlavor == "gnome3" - then [pkgs.pinentry-gnome] - else [] - ); + home.packages = [ + pkgs.gcr + ]; programs.gpg.enable = true; services.gpg-agent = { @@ -22,7 +14,7 @@ enableScDaemon = true; enableSshSupport = true; grabKeyboardAndMouse = true; - pinentryFlavor = lib.mkDefault "gtk2"; + pinentryPackage = lib.mkDefault pkgs.pinentry-gtk2; extraConfig = '' no-allow-external-cache ''; diff --git a/nix/os/containers/mailserver.nix b/nix/os/containers/mailserver.nix index d113925..48483a1 100644 --- a/nix/os/containers/mailserver.nix +++ b/nix/os/containers/mailserver.nix @@ -1,15 +1,17 @@ { - repoFlake, + specialArgs, hostAddress, localAddress, imapsPort ? 993, sievePort ? 4190, autoStart ? false, }: { + inherit specialArgs; config = { pkgs, config, lib, + repoFlake, ... }: { system.stateVersion = "21.11"; # Did you read the comment? @@ -21,6 +23,12 @@ ../profiles/common/user.nix ]; + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + imapsPort + sievePort + ]; + # FIXME: find out how to use the `defaultSopsFile` so i don't have to specify each secret separately # sops.defaultSopsFile = ./mailserver_secrets.yaml; diff --git a/nix/os/containers/syncthing.nix b/nix/os/containers/syncthing.nix index 72aaab8..d2fc85f 100644 --- a/nix/os/containers/syncthing.nix +++ b/nix/os/containers/syncthing.nix @@ -1,10 +1,12 @@ { + specialArgs, hostAddress, localAddress, syncthingPort ? 22000, syncthingLocalAnnouncePort ? 21027, autoStart ? false, }: { + inherit specialArgs; config = { config, pkgs, diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index df3c445..4a7de86 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -1,5 +1,5 @@ { - repoFlake, + specialArgs, hostAddress, localAddress, httpPort ? 80, @@ -8,10 +8,12 @@ }: let domain = "www.stefanjunker.de"; in { + inherit specialArgs; config = { config, pkgs, lib, + repoFlake, ... }: { system.stateVersion = "22.05"; # Did you read the comment? @@ -22,7 +24,11 @@ in { repoFlake.inputs.sops-nix.nixosModules.sops ]; - networking.firewall.enable = false; + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + httpPort + httpsPort + ]; sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sops.secrets.hedgedoc_environment_file = { diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 37e1468..305e361 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -58,7 +58,6 @@ in { home.packages = [ pkgs.nil - pkgs.rnix-lsp pkgs.nixd pkgs.nixpkgs-fmt pkgs.alejandra diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix index c481d5d..93f93d0 100644 --- a/nix/os/devices/sj-srv1/system.nix +++ b/nix/os/devices/sj-srv1/system.nix @@ -3,6 +3,7 @@ lib, config, repoFlake, + nodeFlake, nodeName, ... }: { @@ -73,7 +74,9 @@ containers = { mailserver = import ../../containers/mailserver.nix { - inherit repoFlake; + specialArgs = { + inherit repoFlake nodeFlake; + }; autoStart = true; @@ -87,7 +90,9 @@ webserver = import ../../containers/webserver.nix { - inherit repoFlake; + specialArgs = { + inherit repoFlake nodeFlake; + }; autoStart = true; @@ -99,6 +104,9 @@ }; syncthing = import ../../containers/syncthing.nix { + specialArgs = { + inherit repoFlake nodeFlake; + }; autoStart = true; hostAddress = "192.168.100.14"; @@ -108,10 +116,6 @@ }; }; - home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { - inherit pkgs; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nix/os/profiles/containers/configuration.nix b/nix/os/profiles/containers/configuration.nix index 7462c08..6c0b092 100644 --- a/nix/os/profiles/containers/configuration.nix +++ b/nix/os/profiles/containers/configuration.nix @@ -3,6 +3,7 @@ imports = [ ../../snippets/systemd-resolved.nix + ../../snippets/nix-settings.nix # ../../modules/ddclient-ovh.nix # ../../modules/ddclient-hetzner.nix ]; diff --git a/nix/os/snippets/mycelium.nix b/nix/os/snippets/mycelium.nix index 64bfae5..4d1a173 100644 --- a/nix/os/snippets/mycelium.nix +++ b/nix/os/snippets/mycelium.nix @@ -7,7 +7,6 @@ ... }: { imports = [ - "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/networking/mycelium.nix" ]; sops.secrets.mycelium-key = {