diff --git a/hosts/dregil/configuration.nix b/hosts/dregil/configuration.nix index 3974771..0c532fd 100644 --- a/hosts/dregil/configuration.nix +++ b/hosts/dregil/configuration.nix @@ -93,28 +93,7 @@ in extraGroups = [ "wheel" # Enable ‘sudo’ for the user. "input" ]; - packages = with pkgs; [ - # gui tool - alacritty - firefox - jitsi-meet-electron - - # editing - helix - nil # nix language server - - # system tools - htop-vim # htop with vim bindings - erdtree # du+tree had sex - dua # ncdu but better - bat # better cat - uhk-agent - - # gaming support - lutris - #inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat" - ]; - }; + }; # List packages installed in system profile. To search, run: # $ nix search wget @@ -123,6 +102,7 @@ in ripgrep git nvidia-offload + pinentry ]; # adjust channels to nixpkgs used on this system via this flake @@ -134,10 +114,10 @@ in # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; programs.neovim = { enable = true; diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix index 9631cb7..bc3c402 100644 --- a/hosts/thrall/default.nix +++ b/hosts/thrall/default.nix @@ -36,6 +36,7 @@ in { age.secrets = { mailPass.file = ../../secrets/mailPass.age; + paperless-mail.file = ../../secrets/paperless-mail.age; wireguard-thrall.file = ../../secrets/wireguard-thrall.age; }; @@ -134,6 +135,7 @@ in { htop tmux git + git-annex #agenix.defaultPackage.x86_64-linux restic # fast and secure backup rclone @@ -175,25 +177,56 @@ in { services.restic.backups = { }; services.keybase = { enable = true; }; - services.nginx.enable = true; services.nginx = { + enable = true; + + statusPage = true; + clientMaxBodySize = "64m"; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; }; services.nginx.virtualHosts = { + # main site "failco.de" = { forceSSL = true; enableACME = true; root = "/srv/www/failco.de"; serverAliases = [ "www.failco.de" "mail.failco.de" ]; + extraConfig = '' + add_header X-Frame-Options 'SAMEORIGIN'; + ''; }; + "www.jakalx.net" = { + forceSSL = true; + enableACME = true; + root = "/srv/www/jakalx.net"; + serverAliases = [ "jakalx.net" ]; + extraConfig = '' + add_header X-Frame-Options 'SAMEORIGIN'; + ''; + }; + + # gitea "git.failco.de" = { forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://127.0.0.1:3001/"; }; + locations."/" = { + proxyPass = "http://127.0.0.1:3001/"; + proxyWebsockets = true; + }; + }; + + # paperless + "docs.failco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3002/"; + proxyWebsockets = true; + }; }; }; @@ -206,7 +239,28 @@ in { httpAddress = "127.0.0.1"; httpPort = 3001; - settings.service.DISABLE_REGISTRATION = true; + settings = { + service.DISABLE_REGISTRATION = true; + + mailer = { + ENABLED = true; + MAILER_TYPE = "smtp"; + FROM = "git@failco.de"; + HOST = "thrall.failco.de:25"; + IS_TLS_ENABLED = false; + }; + }; + }; + + services.paperless = { + enable = true; + address = "127.0.0.1"; + port = 3002; + consumptionDirIsPublic = true; + extraConfig = { + PAPERLESS_OCR_LANGUAGE = "deu+eng"; + PAPERLESS_URL = "https://docs.failco.de"; + }; }; services.fail2ban = { @@ -252,7 +306,17 @@ in { aliases = [ "lx@failco.de" "alex@failco.de" ]; - catchAll = [ "failco.de" "jakalx.net" ]; + catchAll = [ "failco.de" ]; + }; + + "alex@jakalx.net" = { + hashedPasswordFile = config.age.secrets.mailPass.path; + + catchAll = [ "jakalx.net" ]; + }; + + "archive@failco.de" = { + hashedPasswordFile = config.age.secrets.paperless-mail.path; }; }; diff --git a/modules/common-system.nix b/modules/common-system.nix index fb4273f..a640d0f 100644 --- a/modules/common-system.nix +++ b/modules/common-system.nix @@ -14,16 +14,12 @@ fd fzf bat + lshw + pciutils ]; networking.firewall.enable = true; - users.users.alex = { - isNormalUser = true; - extraGroups = [ "wheel" "input" ]; - shell = pkgs.zsh; - }; - nix = { gc = { automatic = true; diff --git a/outputs/homeConfigurations/default.nix b/outputs/homeConfigurations/default.nix index 4fe9a2a..ea49a02 100644 --- a/outputs/homeConfigurations/default.nix +++ b/outputs/homeConfigurations/default.nix @@ -17,12 +17,50 @@ in username = "alex"; homeDirectory = "/home/alex"; stateVersion = "22.11"; - packages = with pkgs; [ + alacritty # fast terminal + firefox # the browser with the fox + + # social + jitsi-meet-electron # jitsi as a stand-alone app + discord # talk to other people + #inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat" + + # editing + helix # vim like editor + nil # nix language server + + # system tools + htop-vim # htop with vim bindings + erdtree # du+tree had sex + dua # ncdu but better + bat # better cat + uhk-agent # my keyboard + mosh # ssh via udp + + # gaming support lutris ]; }; + programs.bash = { + enable = true; + }; + + programs.zsh = { + enable = true; + }; + + programs.git = { + enable = true; + userName = "Alexander Kobjolke"; + userEmail = "me@failco.de"; + }; + + programs.password-store = { + enable = true; + }; + # do not show home-manager notifications news.display = "silent"; } diff --git a/secrets/paperless-mail.age b/secrets/paperless-mail.age new file mode 100644 index 0000000..ae80b74 Binary files /dev/null and b/secrets/paperless-mail.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0d7b55f..794f07e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,10 +1,12 @@ let thrall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re"; + alex = "age13uv5phqjuvd90rr3aa7mg3xsmcmyx8cfz9v52w2a782qecssja9sw9nt8a"; systems = [ thrall ]; - users = []; + users = [ alex ]; in { "mailPass.age".publicKeys = users ++ systems; + "paperless-mail.age".publicKeys = users ++ systems; "wireguard-thrall.age".publicKeys = [thrall]; }