diff --git a/flake.lock b/flake.lock index 7609277..bf57302 100644 --- a/flake.lock +++ b/flake.lock @@ -279,21 +279,6 @@ "type": "indirect" } }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1704290814, - "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, "nixpkgs-droid": { "locked": { "lastModified": 1702350026, @@ -344,11 +329,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1705316053, - "narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=", + "lastModified": 1702312524, + "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370", + "rev": "a9bf124c46ef298113270b1f84a164865987a91c", "type": "github" }, "original": { @@ -440,20 +425,22 @@ "flake-compat": "flake-compat", "nixpkgs": "nixpkgs_2", "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_05": [ + "nixpkgs" + ], "utils": "utils_2" }, "locked": { - "lastModified": 1703666786, - "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=", + "lastModified": 1687462267, + "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4", + "rev": "24128c3052090311688b09a400aa408ba61c6ee5", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "master", + "ref": "nixos-23.05", "repo": "nixos-mailserver", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index 1b9ab49..e717092 100644 --- a/flake.nix +++ b/flake.nix @@ -16,8 +16,8 @@ # simple mailserver snm = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; - # inputs.nixpkgs-23_05.follows = "nixpkgs"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; + inputs.nixpkgs-23_05.follows = "nixpkgs"; }; nix-on-droid = { @@ -42,46 +42,41 @@ }; }; - outputs = - { home-manager, nixpkgs, nixpkgs-unstable, agenix, snm, ... }@inputs: { - nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = let - postfix-overlay = final: prev: { - postfix = nixpkgs-unstable.legacyPackages."x86_64-linux".postfix; + outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: { + nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ({ inputs, lib, ... }: { + nixpkgs = { + config.allowUnfree = true; + overlays = with inputs; [ emacs.overlay ]; }; - in [ - ({ inputs, lib, ... }: { - nixpkgs = { - config.allowUnfree = true; - overlays = with inputs; [ emacs.overlay postfix-overlay ]; - }; - nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs; - }) - snm.nixosModule - ./modules/security.nix - ./hosts/thrall - agenix.nixosModules.age - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.alex = import ./home/cli.nix; - } + nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs; + }) + snm.nixosModule + ./modules/security.nix + ./hosts/thrall + agenix.nixosModules.age + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.alex = import ./home/cli.nix; + } + ]; + }; + + nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; }; + homeConfigurations = import ./outputs/homeConfigurations inputs; + + nixOnDroidConfigurations.default = with inputs; + nix-on-droid.lib.nixOnDroidConfiguration { + modules = [ + ./hosts/redmi + { nix.registry.nixpkgs.flake = nixpkgs-droid; } + { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; } ]; }; - - nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; }; - homeConfigurations = import ./outputs/homeConfigurations inputs; - - nixOnDroidConfigurations.default = with inputs; - nix-on-droid.lib.nixOnDroidConfiguration { - modules = [ - ./hosts/redmi - { nix.registry.nixpkgs.flake = nixpkgs-droid; } - { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; } - ]; - }; - }; + }; } diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix index 0d6b3ad..ddd9fe2 100644 --- a/hosts/thrall/default.nix +++ b/hosts/thrall/default.nix @@ -14,7 +14,7 @@ in { nix.package = pkgs.nixUnstable; nix.extraOptions = '' - experimental-features = nix-command flakes repl-flake ca-derivations + experimental-features = nix-command flakes ca-derivations ''; # nix.registry.nixpkgs.flake = nixpkgs; @@ -322,19 +322,8 @@ in { services.fail2ban = { enable = true; maxretry = 5; - - bantime = "1h"; - bantime-increment.enable = true; - ignoreIP = [ "127.0.0.0/8" "195.90.211.228/22" "10.0.0.0/8" "192.168.0.0/16" ]; - - jails.postfix = '' - filter = postfix - maxretry = 3 - action = iptables[name=postfix, port=smtp, protocol=tcp] - enabled = true - ''; }; services.syncthing = {