From c72baa173c49a28248b9262b13e411802f583890 Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Wed, 5 Apr 2023 20:53:52 +0200
Subject: [PATCH 1/9] dregil: Add discord, lutris and mosh

---
 modules/common-system.nix              | 2 ++
 outputs/homeConfigurations/default.nix | 9 ++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/modules/common-system.nix b/modules/common-system.nix
index fb4273f..2210474 100644
--- a/modules/common-system.nix
+++ b/modules/common-system.nix
@@ -14,6 +14,8 @@
     fd
     fzf
     bat
+    lshw
+    pciutils
   ];
 
   networking.firewall.enable = true;
diff --git a/outputs/homeConfigurations/default.nix b/outputs/homeConfigurations/default.nix
index 4fe9a2a..5c8a4f9 100644
--- a/outputs/homeConfigurations/default.nix
+++ b/outputs/homeConfigurations/default.nix
@@ -17,12 +17,19 @@ in
           username = "alex";
           homeDirectory = "/home/alex";
           stateVersion = "22.11";
-
           packages = with pkgs; [
             lutris
+            discord
+            mosh
           ];
         };
 
+        programs.git = {
+          enable = true;
+          userName = "Alexander Kobjolke";
+          userEmail = "me@failco.de";
+        };
+
         # do not show home-manager notifications
         news.display = "silent";
       }

From e4d81ba462e506b52e170460d46b4ec916165d3a Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Thu, 6 Apr 2023 23:51:39 +0200
Subject: [PATCH 2/9] dregil: Enable gnupg agent

---
 hosts/dregil/configuration.nix | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/hosts/dregil/configuration.nix b/hosts/dregil/configuration.nix
index 3974771..b01e985 100644
--- a/hosts/dregil/configuration.nix
+++ b/hosts/dregil/configuration.nix
@@ -123,6 +123,7 @@ in
      ripgrep
      git
      nvidia-offload
+     pinentry
   ];
 
   # adjust channels to nixpkgs used on this system via this flake
@@ -134,10 +135,10 @@ in
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
+  programs.gnupg.agent = {
+     enable = true;
+     enableSSHSupport = true;
+  };
 
   programs.neovim = {
     enable = true;

From d0e012e79b1901171d219a32d9ee2d0e0d8ccccf Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Fri, 7 Apr 2023 00:40:59 +0200
Subject: [PATCH 3/9] dregil: Move packages for alex from system config to hm
 config

---
 hosts/dregil/configuration.nix         | 23 +----------------
 modules/common-system.nix              |  6 -----
 outputs/homeConfigurations/default.nix | 35 ++++++++++++++++++++++++--
 3 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/hosts/dregil/configuration.nix b/hosts/dregil/configuration.nix
index b01e985..0c532fd 100644
--- a/hosts/dregil/configuration.nix
+++ b/hosts/dregil/configuration.nix
@@ -93,28 +93,7 @@ in
     extraGroups = [ "wheel" # Enable ‘sudo’ for the user.
                     "input"
                   ];
-    packages = with pkgs; [
-      # gui tool
-      alacritty
-      firefox
-      jitsi-meet-electron
-
-      # editing
-      helix
-      nil          # nix language server
-
-      # system tools
-      htop-vim     # htop with vim bindings
-      erdtree      # du+tree had sex
-      dua          # ncdu but better
-      bat          # better cat
-      uhk-agent
-      
-      # gaming support
-      lutris
-      #inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat"
-    ];
-  };
+ };
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
diff --git a/modules/common-system.nix b/modules/common-system.nix
index 2210474..a640d0f 100644
--- a/modules/common-system.nix
+++ b/modules/common-system.nix
@@ -20,12 +20,6 @@
 
   networking.firewall.enable = true;
 
-  users.users.alex = {
-      isNormalUser = true;
-      extraGroups = [ "wheel" "input" ];
-      shell = pkgs.zsh;
-  };
-
   nix = {
       gc = {
         automatic = true;
diff --git a/outputs/homeConfigurations/default.nix b/outputs/homeConfigurations/default.nix
index 5c8a4f9..ea49a02 100644
--- a/outputs/homeConfigurations/default.nix
+++ b/outputs/homeConfigurations/default.nix
@@ -18,18 +18,49 @@ in
           homeDirectory = "/home/alex";
           stateVersion = "22.11";
           packages = with pkgs; [
+            alacritty           # fast terminal
+            firefox             # the browser with the fox
+
+            # social
+            jitsi-meet-electron # jitsi as a stand-alone app
+            discord             # talk to other people
+            #inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat"
+
+            # editing
+            helix        # vim like editor
+            nil          # nix language server
+
+            # system tools
+            htop-vim     # htop with vim bindings
+            erdtree      # du+tree had sex
+            dua          # ncdu but better
+            bat          # better cat
+            uhk-agent    # my keyboard
+            mosh         # ssh via udp
+
+            # gaming support
             lutris
-            discord
-            mosh
           ];
         };
 
+        programs.bash = {
+          enable = true;
+        };
+
+        programs.zsh = {
+          enable = true;
+        };
+
         programs.git = {
           enable = true;
           userName = "Alexander Kobjolke";
           userEmail = "me@failco.de";
         };
 
+        programs.password-store = {
+          enable = true;
+        };
+
         # do not show home-manager notifications
         news.display = "silent";
       }

From 91547ac4b61bd36eb7130f82dfa86745aef038b5 Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Fri, 7 Apr 2023 01:07:48 +0200
Subject: [PATCH 4/9] thrall: Configure smtp for Gitea

---
 hosts/thrall/default.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix
index 9631cb7..028c2db 100644
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@@ -206,7 +206,18 @@ in {
     httpAddress = "127.0.0.1";
     httpPort = 3001;
 
-    settings.service.DISABLE_REGISTRATION = true;
+    settings = {
+      service.DISABLE_REGISTRATION = true;
+
+      mailer = {
+        ENABLED = true;
+        MAILER_TYPE = "smtp";
+        FROM = "git@failco.de";
+        HOST = "thrall.failco.de:25";
+        IS_TLS_ENABLED = false;
+        SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
+      };
+    };
   };
 
   services.fail2ban = {

From ceba9e08833c5e3d904c94802791cb6ff9357997 Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Sat, 8 Apr 2023 18:27:30 +0200
Subject: [PATCH 5/9] thrall: Configure paperless on docs.failco.de

---
 hosts/thrall/default.nix | 36 +++++++++++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix
index 028c2db..74c4298 100644
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@@ -175,25 +175,46 @@ in {
   services.restic.backups = { };
   services.keybase = { enable = true; };
 
-  services.nginx.enable = true;
   services.nginx = {
+    enable = true;
+
+    statusPage = true;
+    clientMaxBodySize = "64m";
     recommendedTlsSettings = true;
     recommendedOptimisation = true;
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
   };
   services.nginx.virtualHosts = {
+    # main site
     "failco.de" = {
       forceSSL = true;
       enableACME = true;
       root = "/srv/www/failco.de";
       serverAliases = [ "www.failco.de" "mail.failco.de" ];
+      extraConfig = ''
+        add_header X-Frame-Options 'SAMEORIGIN';
+      '';
     };
 
+    # gitea
     "git.failco.de" = {
       forceSSL = true;
       enableACME = true;
-      locations."/" = { proxyPass = "http://127.0.0.1:3001/"; };
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3001/";
+        proxyWebsockets = true;
+      };
+    };
+
+    # paperless
+    "docs.failco.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3002/";
+        proxyWebsockets = true;
+      };
     };
   };
 
@@ -215,11 +236,20 @@ in {
         FROM = "git@failco.de";
         HOST = "thrall.failco.de:25";
         IS_TLS_ENABLED = false;
-        SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
       };
     };
   };
 
+  services.paperless = {
+    enable = true;
+    address = "127.0.0.1";
+    port = 3002;
+    extraConfig = {
+      PAPERLESS_OCR_LANGUAGE = "deu+eng";
+      PAPERLESS_URL = "https://docs.failco.de";
+    };
+  };
+
   services.fail2ban = {
     enable = true;
     maxretry = 5;

From ae1983ab82c7671d65f108186a985b9d30ca0131 Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Sat, 8 Apr 2023 21:56:02 +0200
Subject: [PATCH 6/9] thrall: Migrate mail and web server from jakalx.net

---
 hosts/thrall/default.nix | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix
index 74c4298..c8f98e2 100644
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@@ -197,6 +197,16 @@ in {
       '';
     };
 
+    "www.jakalx.net" = {
+      forceSSL = true;
+      enableACME = true;
+      root = "/srv/www/jakalx.net";
+      serverAliases = [ "jakalx.net" ];
+      extraConfig = ''
+        add_header X-Frame-Options 'SAMEORIGIN';
+      '';
+    };
+
     # gitea
     "git.failco.de" = {
       forceSSL = true;
@@ -293,7 +303,13 @@ in {
 
         aliases = [ "lx@failco.de" "alex@failco.de" ];
 
-        catchAll = [ "failco.de" "jakalx.net" ];
+        catchAll = [ "failco.de" ];
+      };
+
+      "alex@jakalx.net" = {
+        hashedPasswordFile = config.age.secrets.mailPass.path;
+
+        catchAll = [ "jakalx.net" ];
       };
     };
 

From d51551aa4e01c838e5bd6798eabf71fd63944d1d Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Sun, 9 Apr 2023 12:04:30 +0200
Subject: [PATCH 7/9] thrall: Make git-annex available globally

---
 hosts/thrall/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix
index c8f98e2..ce11aa8 100644
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@@ -134,6 +134,7 @@ in {
     htop
     tmux
     git
+    git-annex
     #agenix.defaultPackage.x86_64-linux
     restic # fast and secure backup
     rclone

From a257e533c4b34153979d7baff167e75d77ff5c0a Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Tue, 11 Apr 2023 00:51:44 +0200
Subject: [PATCH 8/9] thrall: Add archive@failco.de email account

---
 hosts/thrall/default.nix   |   5 +++++
 secrets/paperless-mail.age | Bin 0 -> 502 bytes
 secrets/secrets.nix        |   4 +++-
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 secrets/paperless-mail.age

diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix
index ce11aa8..ec2adbe 100644
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@@ -36,6 +36,7 @@ in {
 
   age.secrets = {
     mailPass.file = ../../secrets/mailPass.age;
+    paperless-mail.file = ../../secrets/paperless-mail.age;
     wireguard-thrall.file = ../../secrets/wireguard-thrall.age;
   };
 
@@ -312,6 +313,10 @@ in {
 
         catchAll = [ "jakalx.net" ];
       };
+
+      "archive@failco.de" = {
+        hashedPasswordFile = config.age.secrets.paperless-mail.path;
+      };
     };
 
     certificateScheme = 3;
diff --git a/secrets/paperless-mail.age b/secrets/paperless-mail.age
new file mode 100644
index 0000000000000000000000000000000000000000..ae80b7460133ab66e0bced600e933469f9085351
GIT binary patch
literal 502
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR2FFfuhYv{dko@bY!^%uh+mGK~y&O*U{b
z^2{#x(Y8n`EetKucJ_+!Pt%U_^Q&^o3FRuz*LF(^N{VzX@$@g(_b5u$&-e5Wa?i;M
z35oE{E%J*fGB?f%uBdSJ2?g0uT%4hsngX%L&$&uF-BBUbtimTKB+SFu#kIn-px9Nv
z$k(GPD9PB!#njO~D5NShG0G^@)J#7&vz#l%)!U`aHQO>O+qB5JATr6PEZE#KB(=)N
zE4;Ka%EUM<%*)Ir&m+U5JRf9RRD!NzNO_2XZhBE_VsR>$NlJd8X=+tic#>C%cfN<K
zNkMT+S*DpqdZuq#Mune|kzu5vNnlY<m3C28rHO}swnd_2gpqHOwqHO=re&5kS81VJ
zk*`I8Yes&Nd5A%!x4T!Qw?Sz|Vz`q}Kx#p1X1bGMWMo8QXm(&)PGVjpm#(g^f=6aS
zL3X}-nsZr1RZ&<`fO}?knSpP4MOcubv2U4QNxD-;qDyF=OL%BD7w?9^=1u<oIc9cJ
z0i|m$Fb5azaO?ZEX-+}=GSi)(YEvGjZQH56<odfbHOIF<-tMhD<Co4QGW`m_C({Ni
mr?m6Ip?euzd7twg)teVy?Iy8Tcyeh=gppY7v5o%s<^lk_FR#P^

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 0d7b55f..794f07e 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,10 +1,12 @@
 let
   thrall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re";
+  alex = "age13uv5phqjuvd90rr3aa7mg3xsmcmyx8cfz9v52w2a782qecssja9sw9nt8a";
   systems = [ thrall ];
 
-  users = [];
+  users = [ alex ];
 in
 {
   "mailPass.age".publicKeys = users ++ systems;
+  "paperless-mail.age".publicKeys = users ++ systems;
   "wireguard-thrall.age".publicKeys = [thrall];
 }

From 591c0d68ab7d6c4ea029c64cca594a77c7d18559 Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Tue, 11 Apr 2023 00:55:22 +0200
Subject: [PATCH 9/9] thrall: Make paperless consumption dir public

---
 hosts/thrall/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix
index ce11aa8..b534b9f 100644
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@@ -255,6 +255,7 @@ in {
     enable = true;
     address = "127.0.0.1";
     port = 3002;
+    consumptionDirIsPublic = true;
     extraConfig = {
       PAPERLESS_OCR_LANGUAGE = "deu+eng";
       PAPERLESS_URL = "https://docs.failco.de";