...

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-09-14 16:06:00 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-09-14 16:06:00 +0200
commit: 410a63cf1baf627a0b99c34a955b3d02efabb48f (patch)
tree: 0b8a0f16f6de3ea7e1495c373b647c3966e3f4fb
parent: b931543508377c0e48a6801e4ea217eb523e2b03 (diff)
download: nixos-410a63cf1baf627a0b99c34a955b3d02efabb48f.tar
nixos-410a63cf1baf627a0b99c34a955b3d02efabb48f.tar.gz
nixos-410a63cf1baf627a0b99c34a955b3d02efabb48f.tar.bz2
nixos-410a63cf1baf627a0b99c34a955b3d02efabb48f.tar.xz
nixos-410a63cf1baf627a0b99c34a955b3d02efabb48f.zip
11 files changed, 43 insertions, 60 deletions
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix
index 0265190b..24d1f18c 100644
--- a/accounts/gkleen@sif/ssh-hosts.nix
+++ b/accounts/gkleen@sif/ssh-hosts.nix
@@ -378,6 +378,10 @@
    { hostname = "mail-mi01.mathinst.loc";
      proxyJump = "mathw0h";
    };
+  "mail-www02" =
+    { hostname = "mail-www02.mathinst.loc";
+      proxyJump = "mathw0h";
+    };
  "dpl-fai01" =
    { hostname = "dpl-fai01.mathinst.loc";
      user = "root";
diff --git a/flake.lock b/flake.lock
index 0443ac7c..7a0dd9c1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -11,11 +11,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1653594315,
+        "lastModified": 1659725433,
-        "narHash": "sha256-kJ0ENmnQJ4qL2FeYKZba9kvv1KmIuB3NVpBwMeI7AJQ=",
+        "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "184349d8149436748986d1bdba087e4149e9c160",
+        "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb",
        "type": "github"
      },
      "original": {
@@ -80,11 +80,11 @@
        "utils": "utils_2"
      },
      "locked": {
-        "lastModified": 1658924727,
+        "lastModified": 1662759269,
-        "narHash": "sha256-Fhh9FK9CvuCLxG1WkWJPoendDeXKI4gHYTfezo1n2Zg=",
+        "narHash": "sha256-lt8bAfEZudCQb+MxoNKmenhMTXhu3RCCyLYxU9t5FFk=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0e2f7876d2f2ae98a67d89a8bef8c49332aae5af",
+        "rev": "9f7fe353b613d0e45d7a5cdbd1f13c96c15803dd",
        "type": "github"
      },
      "original": {
@@ -105,11 +105,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1657089034,
+        "lastModified": 1662635943,
-        "narHash": "sha256-qSjk1iOi14ijAOP6QuGfE3fvy08aVxsgus+ArwgiyuU=",
+        "narHash": "sha256-1OBBlBzZ894or8eHZjyADOMnGH89pPUKYGVVS5rwW/0=",
        "owner": "DavHau",
        "repo": "mach-nix",
-        "rev": "51caf584f26acdfaa51bbf7ee1ffa365aea7bc64",
+        "rev": "65266b5cc867fec2cb6a25409dd7cd12251f6107",
        "type": "github"
      },
      "original": {
@@ -121,11 +121,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1659009481,
+        "lastModified": 1663071011,
-        "narHash": "sha256-BRM5R7AMKa58NAJnZsmWsVhDxuGllnhTvpVEZ+sP49I=",
+        "narHash": "sha256-HjPb5iEwKwyNpnkn4Wo2hptAU5TAmfXd30mxemXPBtg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2d9b7cb5f0a41da95fccc120acf730fd20d8598d",
+        "rev": "0caf7675ec9b90ab9ad309d7a993a13798eeaa26",
        "type": "github"
      },
      "original": {
@@ -137,11 +137,11 @@
    },
    "nixpkgs-22_05": {
      "locked": {
-        "lastModified": 1658634393,
+        "lastModified": 1662864125,
-        "narHash": "sha256-VW7edeFzA9VU8gZPxPFGpoPsM2AQLYHKhA9H5+OYtno=",
+        "narHash": "sha256-AtjyEFK7Zp9+hOOUNO1/YZRADV/wC94R3yeKN8saUK4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2e14bc76ab41c60ba57fd57ff52badaa29d349f5",
+        "rev": "e6f053b6079c16e7df97531e3e0524ace1304d4d",
        "type": "github"
      },
      "original": {
@@ -179,11 +179,11 @@
    "pypi-deps-db": {
      "flake": false,
      "locked": {
-        "lastModified": 1658996715,
+        "lastModified": 1663059297,
-        "narHash": "sha256-U5WLiaMoEMvbkGHSHmNVRNzpXPJ0S87ZsB4iwZtp6eI=",
+        "narHash": "sha256-JaD4mhUOLJRNaepE50fOUfaSYRNwMhobyj8HGIxosiQ=",
        "owner": "DavHau",
        "repo": "pypi-deps-db",
-        "rev": "3c9aa49a06c1c80791ea412e04fbd9d71e463f9c",
+        "rev": "8aa6ec60bf7ed12c1e1705a2f28be63d8eee4386",
        "type": "github"
      },
      "original": {
@@ -212,11 +212,11 @@
        "nixpkgs-22_05": "nixpkgs-22_05"
      },
      "locked": {
-        "lastModified": 1658635258,
+        "lastModified": 1662870301,
-        "narHash": "sha256-EC8y3Rg+l9IzIUdOaFSA0LMdDipTRoweg1Y2EL8XhMc=",
+        "narHash": "sha256-O+ABD+WzEBLVH6FwxKCIpps0hsR6b5dpYe6fB3e3Ju8=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "d7f8cf1b77ebe5f287884f17b1ee4cc4f48bad1d",
+        "rev": "20929e1c5722a6db2f2dbe4cd36d4af0de0a9df0",
        "type": "github"
      },
      "original": {
diff --git a/flake.nix b/flake.nix
index e7557b2d..defcd864 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,7 +14,6 @@
      repo = "home-manager";
      ref = "master";
      inputs = {
-        flake-compat.follows = "flake-compat";
        nixpkgs.follows = "nixpkgs";
      };
    };
@@ -78,11 +77,11 @@
      inherit (lib) nixosSystem mkIf splitString filterAttrs listToAttrs mapAttrsToList nameValuePair concatMap composeManyExtensions mapAttrs mapAttrs' recursiveUpdate genAttrs unique elem optionalAttrs isDerivation concatLists concatStringsSep fix filter makeOverridable foldr;
      inherit (lib.strings) escapeNixString;
-      accountUserName = accountName: 
+      accountUserName = accountName:
        let
          accountName' = splitString "@" accountName;
        in elemAt accountName' 0;
-      accountHostName = accountName: 
+      accountHostName = accountName:
        let
          accountName' = splitString "@" accountName;
        in elemAt accountName' 1;
@@ -132,7 +131,7 @@
                       (outputs: { _file = dir + "/${path}"; }
                              // outputs
                              // { imports = defaultUserProfiles userName ++ (outputs.imports or []); });
-      
      mkUserProfile = userName: dir: path: profileName:
        let
          profileModule = overrideModule (import (dir + "/${path}"))
diff --git a/hosts/surtr/email/ca/.gitignore b/hosts/surtr/email/ca/.gitignore
index adafac92..af29cdfa 100644
--- a/hosts/surtr/email/ca/.gitignore
+++ b/hosts/surtr/email/ca/.gitignore
@@ -3,4 +3,6 @@
 *.old
 *.crt
 *.pkcs12
-certs
-\ No newline at end of file
+*.p12
+certs
+index.txt.bak
+\ No newline at end of file
diff --git a/hosts/surtr/email/ca/index.txt b/hosts/surtr/email/ca/index.txt
index 40c9605a..cbaf96b2 100644
--- a/hosts/surtr/email/ca/index.txt
+++ b/hosts/surtr/email/ca/index.txt
@@ -1,2 +1,3 @@
 V       320513204402Z           03      unknown /CN=gkleen
 V       320515063648Z           04      unknown /CN=nmuehlbauer
+V       320910104724Z           05      unknown /CN=mwgnr
diff --git a/hosts/surtr/email/ca/serial b/hosts/surtr/email/ca/serial
index eeee65ec..cd672a53 100644
--- a/hosts/surtr/email/ca/serial
+++ b/hosts/surtr/email/ca/serial
@@ -1 +1 @@
-05
+06
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index e3a52f9a..46c2f338 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -111,7 +111,7 @@ with lib;
        ProtectClock = true;
        ProtectHostname = true;
-        ProtectHome = "tmpfs";
+        ProtectHome = true;
        ProtectKernelLogs = true;
        ProtectProc = "invisible";
@@ -123,7 +123,7 @@ with lib;
        SystemCallArchitectures = "native";
        SystemCallFilter = ["@system-service" "~@privileged @resources @obsolete"];
-        
        RestrictSUIDSGID = true;
        RemoveIPC = true;
        NoNewPrivileges = true;
@@ -174,7 +174,7 @@ with lib;
              ${corsHeaders}
            '';
            return = "200 '${builtins.toJSON {
-              "m.server" = "synapse.li:443"; 
+              "m.server" = "synapse.li:443";
            }}'";
          };
          "= /.well-known/matrix/client" = {
@@ -198,7 +198,7 @@ with lib;
        sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem";
        extraConfig = ''
          add_header Strict-Transport-Security "max-age=63072000" always;
-          
          add_header X-Frame-Options SAMEORIGIN;
          add_header X-Content-Type-Options nosniff;
          add_header X-XSS-Protection "1; mode=block";
@@ -240,7 +240,7 @@ with lib;
      "synapse.li".certCfg = {
        postRun = ''
          ${pkgs.systemd}/bin/systemctl try-restart nginx.service
-        '';       
+        '';
      };
    };
diff --git a/overlays/lego.nix b/overlays/lego.nix
deleted file mode 100644
index 363b32da..00000000
--- a/overlays/lego.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ prev, ... }: {
-  lego = prev.lego.override {
-    buildGoModule = args: prev.buildGoModule (args // {
-      patches = (args.patches or []) ++ prev.lib.lists.singleton (prev.fetchpatch {
-        url = "https://patch-diff.githubusercontent.com/raw/go-acme/lego/pull/1501.patch";
-        hash = "sha256-hLuWX607T8tcqljpBzEADViZd2FABkCgjNCLXMyWpuA=";
-      });
-    });
-  };
-}
diff --git a/overlays/postfix-mta-sts-resolver.nix b/overlays/postfix-mta-sts-resolver.nix
index 1d8f0188..a06dace5 100644
--- a/overlays/postfix-mta-sts-resolver.nix
+++ b/overlays/postfix-mta-sts-resolver.nix
@@ -22,5 +22,7 @@
        });
      })
    ];
+    _.pyparsing.buildInputs.add = with final.python310Packages; [ flit-core ];
  };
 }
diff --git a/overlays/prometheus-node-exporter.nix b/overlays/prometheus-node-exporter.nix
deleted file mode 100644
index de5b15f2..00000000
--- a/overlays/prometheus-node-exporter.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ prev, ... }: {
-  prometheus-systemd-exporter = prev.prometheus-systemd-exporter.overrideAttrs (oldAttrs: {
-    patches = oldAttrs.patches or [] ++ [
-      (prev.runCommand "cpu-unified.diff" {
-        src = prev.fetchurl {
-          url = "https://github.com/pelov/systemd_exporter/commit/2880a8dd1ca4909e51a569093284fad47343016a.diff";
-          hash = "sha256-i6sptiCdXmOqK5kfjLbIupctM34RqDahAE/39+35dRI=";
-        };
-        buildInputs = with prev; [ patchutils ];
-      } ''
-        filterdiff -x '**/CHANGELOG.md' $src > $out
-      '')
-    ];
-  });
-}
diff --git a/overlays/spm/default.nix b/overlays/spm/default.nix
index 5c820d9c..05a8f013 100644
--- a/overlays/spm/default.nix
+++ b/overlays/spm/default.nix
@@ -4,9 +4,9 @@ let
    # defaultPackages = (import ./stackage.nix {});
    # haskellPackages = defaultPackages // argumentPackages;
    # haskellPackages = argumentPackages;
-    haskellPackages = final.haskell.packages.ghc923.override {
+    haskellPackages = final.haskell.packages.ghc924.override {
      overrides = self: super: {
-         warp-systemd = final.haskell.lib.doJailbreak (super.warp-systemd.overrideAttrs (oldAttrs: { meta = oldAttrs.meta // { broken = false; }; })); 
+         warp-systemd = final.haskell.lib.doJailbreak (super.warp-systemd.overrideAttrs (oldAttrs: { meta = oldAttrs.meta // { broken = false; }; }));
         servant-server = super.servant-server.overrideAttrs (oldAttrs: {
           patches = [];
         });
@@ -34,7 +34,7 @@ let
      in path: _type: builtins.match "^frontend(/.*)?$" (relPath path) == null;
      src = ./.;
    };
-    
    postPatch = ''
      ${oldAttrs.postPatch or ""}
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-09-14 16:06:00 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-09-14 16:06:00 +0200
commit	410a63cf1baf627a0b99c34a955b3d02efabb48f (patch)
tree	0b8a0f16f6de3ea7e1495c373b647c3966e3f4fb
parent	b931543508377c0e48a6801e4ea217eb523e2b03 (diff)
download	nixos-410a63cf1baf627a0b99c34a955b3d02efabb48f.tar nixos-410a63cf1baf627a0b99c34a955b3d02efabb48f.tar.gz nixos-410a63cf1baf627a0b99c34a955b3d02efabb48f.tar.bz2 nixos-410a63cf1baf627a0b99c34a955b3d02efabb48f.tar.xz nixos-410a63cf1baf627a0b99c34a955b3d02efabb48f.zip