From 410a63cf1baf627a0b99c34a955b3d02efabb48f Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 14 Sep 2022 16:06:00 +0200
Subject: ...

---
 accounts/gkleen@sif/ssh-hosts.nix     |  4 ++++
 flake.lock                            | 42 +++++++++++++++++------------------
 flake.nix                             |  7 +++---
 hosts/surtr/email/ca/.gitignore       |  4 +++-
 hosts/surtr/email/ca/index.txt        |  1 +
 hosts/surtr/email/ca/serial           |  2 +-
 hosts/surtr/matrix/default.nix        | 10 ++++-----
 overlays/lego.nix                     | 10 ---------
 overlays/postfix-mta-sts-resolver.nix |  2 ++
 overlays/prometheus-node-exporter.nix | 15 -------------
 overlays/spm/default.nix              |  6 ++---
 11 files changed, 43 insertions(+), 60 deletions(-)
 delete mode 100644 overlays/lego.nix
 delete mode 100644 overlays/prometheus-node-exporter.nix

diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix
index 0265190b..24d1f18c 100644
--- a/accounts/gkleen@sif/ssh-hosts.nix
+++ b/accounts/gkleen@sif/ssh-hosts.nix
@@ -378,6 +378,10 @@
     { hostname = "mail-mi01.mathinst.loc";
       proxyJump = "mathw0h";
     };
+  "mail-www02" =
+    { hostname = "mail-www02.mathinst.loc";
+      proxyJump = "mathw0h";
+    };
   "dpl-fai01" =
     { hostname = "dpl-fai01.mathinst.loc";
       user = "root";
diff --git a/flake.lock b/flake.lock
index 0443ac7c..7a0dd9c1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -11,11 +11,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1653594315,
-        "narHash": "sha256-kJ0ENmnQJ4qL2FeYKZba9kvv1KmIuB3NVpBwMeI7AJQ=",
+        "lastModified": 1659725433,
+        "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "184349d8149436748986d1bdba087e4149e9c160",
+        "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb",
         "type": "github"
       },
       "original": {
@@ -80,11 +80,11 @@
         "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1658924727,
-        "narHash": "sha256-Fhh9FK9CvuCLxG1WkWJPoendDeXKI4gHYTfezo1n2Zg=",
+        "lastModified": 1662759269,
+        "narHash": "sha256-lt8bAfEZudCQb+MxoNKmenhMTXhu3RCCyLYxU9t5FFk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0e2f7876d2f2ae98a67d89a8bef8c49332aae5af",
+        "rev": "9f7fe353b613d0e45d7a5cdbd1f13c96c15803dd",
         "type": "github"
       },
       "original": {
@@ -105,11 +105,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1657089034,
-        "narHash": "sha256-qSjk1iOi14ijAOP6QuGfE3fvy08aVxsgus+ArwgiyuU=",
+        "lastModified": 1662635943,
+        "narHash": "sha256-1OBBlBzZ894or8eHZjyADOMnGH89pPUKYGVVS5rwW/0=",
         "owner": "DavHau",
         "repo": "mach-nix",
-        "rev": "51caf584f26acdfaa51bbf7ee1ffa365aea7bc64",
+        "rev": "65266b5cc867fec2cb6a25409dd7cd12251f6107",
         "type": "github"
       },
       "original": {
@@ -121,11 +121,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1659009481,
-        "narHash": "sha256-BRM5R7AMKa58NAJnZsmWsVhDxuGllnhTvpVEZ+sP49I=",
+        "lastModified": 1663071011,
+        "narHash": "sha256-HjPb5iEwKwyNpnkn4Wo2hptAU5TAmfXd30mxemXPBtg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2d9b7cb5f0a41da95fccc120acf730fd20d8598d",
+        "rev": "0caf7675ec9b90ab9ad309d7a993a13798eeaa26",
         "type": "github"
       },
       "original": {
@@ -137,11 +137,11 @@
     },
     "nixpkgs-22_05": {
       "locked": {
-        "lastModified": 1658634393,
-        "narHash": "sha256-VW7edeFzA9VU8gZPxPFGpoPsM2AQLYHKhA9H5+OYtno=",
+        "lastModified": 1662864125,
+        "narHash": "sha256-AtjyEFK7Zp9+hOOUNO1/YZRADV/wC94R3yeKN8saUK4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2e14bc76ab41c60ba57fd57ff52badaa29d349f5",
+        "rev": "e6f053b6079c16e7df97531e3e0524ace1304d4d",
         "type": "github"
       },
       "original": {
@@ -179,11 +179,11 @@
     "pypi-deps-db": {
       "flake": false,
       "locked": {
-        "lastModified": 1658996715,
-        "narHash": "sha256-U5WLiaMoEMvbkGHSHmNVRNzpXPJ0S87ZsB4iwZtp6eI=",
+        "lastModified": 1663059297,
+        "narHash": "sha256-JaD4mhUOLJRNaepE50fOUfaSYRNwMhobyj8HGIxosiQ=",
         "owner": "DavHau",
         "repo": "pypi-deps-db",
-        "rev": "3c9aa49a06c1c80791ea412e04fbd9d71e463f9c",
+        "rev": "8aa6ec60bf7ed12c1e1705a2f28be63d8eee4386",
         "type": "github"
       },
       "original": {
@@ -212,11 +212,11 @@
         "nixpkgs-22_05": "nixpkgs-22_05"
       },
       "locked": {
-        "lastModified": 1658635258,
-        "narHash": "sha256-EC8y3Rg+l9IzIUdOaFSA0LMdDipTRoweg1Y2EL8XhMc=",
+        "lastModified": 1662870301,
+        "narHash": "sha256-O+ABD+WzEBLVH6FwxKCIpps0hsR6b5dpYe6fB3e3Ju8=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "d7f8cf1b77ebe5f287884f17b1ee4cc4f48bad1d",
+        "rev": "20929e1c5722a6db2f2dbe4cd36d4af0de0a9df0",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index e7557b2d..defcd864 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,7 +14,6 @@
       repo = "home-manager";
       ref = "master";
       inputs = {
-        flake-compat.follows = "flake-compat";
         nixpkgs.follows = "nixpkgs";
       };
     };
@@ -78,11 +77,11 @@
       inherit (lib) nixosSystem mkIf splitString filterAttrs listToAttrs mapAttrsToList nameValuePair concatMap composeManyExtensions mapAttrs mapAttrs' recursiveUpdate genAttrs unique elem optionalAttrs isDerivation concatLists concatStringsSep fix filter makeOverridable foldr;
       inherit (lib.strings) escapeNixString;
 
-      accountUserName = accountName: 
+      accountUserName = accountName:
         let
           accountName' = splitString "@" accountName;
         in elemAt accountName' 0;
-      accountHostName = accountName: 
+      accountHostName = accountName:
         let
           accountName' = splitString "@" accountName;
         in elemAt accountName' 1;
@@ -132,7 +131,7 @@
                        (outputs: { _file = dir + "/${path}"; }
                               // outputs
                               // { imports = defaultUserProfiles userName ++ (outputs.imports or []); });
-      
+
       mkUserProfile = userName: dir: path: profileName:
         let
           profileModule = overrideModule (import (dir + "/${path}"))
diff --git a/hosts/surtr/email/ca/.gitignore b/hosts/surtr/email/ca/.gitignore
index adafac92..af29cdfa 100644
--- a/hosts/surtr/email/ca/.gitignore
+++ b/hosts/surtr/email/ca/.gitignore
@@ -3,4 +3,6 @@
 *.old
 *.crt
 *.pkcs12
-certs
\ No newline at end of file
+*.p12
+certs
+index.txt.bak
\ No newline at end of file
diff --git a/hosts/surtr/email/ca/index.txt b/hosts/surtr/email/ca/index.txt
index 40c9605a..cbaf96b2 100644
--- a/hosts/surtr/email/ca/index.txt
+++ b/hosts/surtr/email/ca/index.txt
@@ -1,2 +1,3 @@
 V	320513204402Z		03	unknown	/CN=gkleen
 V	320515063648Z		04	unknown	/CN=nmuehlbauer
+V	320910104724Z		05	unknown	/CN=mwgnr
diff --git a/hosts/surtr/email/ca/serial b/hosts/surtr/email/ca/serial
index eeee65ec..cd672a53 100644
--- a/hosts/surtr/email/ca/serial
+++ b/hosts/surtr/email/ca/serial
@@ -1 +1 @@
-05
+06
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index e3a52f9a..46c2f338 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -111,7 +111,7 @@ with lib;
         ProtectClock = true;
         ProtectHostname = true;
 
-        ProtectHome = "tmpfs";
+        ProtectHome = true;
         ProtectKernelLogs = true;
 
         ProtectProc = "invisible";
@@ -123,7 +123,7 @@ with lib;
 
         SystemCallArchitectures = "native";
         SystemCallFilter = ["@system-service" "~@privileged @resources @obsolete"];
-        
+
         RestrictSUIDSGID = true;
         RemoveIPC = true;
         NoNewPrivileges = true;
@@ -174,7 +174,7 @@ with lib;
               ${corsHeaders}
             '';
             return = "200 '${builtins.toJSON {
-              "m.server" = "synapse.li:443"; 
+              "m.server" = "synapse.li:443";
             }}'";
           };
           "= /.well-known/matrix/client" = {
@@ -198,7 +198,7 @@ with lib;
         sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem";
         extraConfig = ''
           add_header Strict-Transport-Security "max-age=63072000" always;
-          
+
           add_header X-Frame-Options SAMEORIGIN;
           add_header X-Content-Type-Options nosniff;
           add_header X-XSS-Protection "1; mode=block";
@@ -240,7 +240,7 @@ with lib;
       "synapse.li".certCfg = {
         postRun = ''
           ${pkgs.systemd}/bin/systemctl try-restart nginx.service
-        '';       
+        '';
       };
     };
 
diff --git a/overlays/lego.nix b/overlays/lego.nix
deleted file mode 100644
index 363b32da..00000000
--- a/overlays/lego.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ prev, ... }: {
-  lego = prev.lego.override {
-    buildGoModule = args: prev.buildGoModule (args // {
-      patches = (args.patches or []) ++ prev.lib.lists.singleton (prev.fetchpatch {
-        url = "https://patch-diff.githubusercontent.com/raw/go-acme/lego/pull/1501.patch";
-        hash = "sha256-hLuWX607T8tcqljpBzEADViZd2FABkCgjNCLXMyWpuA=";
-      });
-    });
-  };
-}
diff --git a/overlays/postfix-mta-sts-resolver.nix b/overlays/postfix-mta-sts-resolver.nix
index 1d8f0188..a06dace5 100644
--- a/overlays/postfix-mta-sts-resolver.nix
+++ b/overlays/postfix-mta-sts-resolver.nix
@@ -22,5 +22,7 @@
         });
       })
     ];
+
+    _.pyparsing.buildInputs.add = with final.python310Packages; [ flit-core ];
   };
 }
diff --git a/overlays/prometheus-node-exporter.nix b/overlays/prometheus-node-exporter.nix
deleted file mode 100644
index de5b15f2..00000000
--- a/overlays/prometheus-node-exporter.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ prev, ... }: {
-  prometheus-systemd-exporter = prev.prometheus-systemd-exporter.overrideAttrs (oldAttrs: {
-    patches = oldAttrs.patches or [] ++ [
-      (prev.runCommand "cpu-unified.diff" {
-        src = prev.fetchurl {
-          url = "https://github.com/pelov/systemd_exporter/commit/2880a8dd1ca4909e51a569093284fad47343016a.diff";
-          hash = "sha256-i6sptiCdXmOqK5kfjLbIupctM34RqDahAE/39+35dRI=";
-        };
-        buildInputs = with prev; [ patchutils ];
-      } ''
-        filterdiff -x '**/CHANGELOG.md' $src > $out
-      '')
-    ];
-  });
-}
diff --git a/overlays/spm/default.nix b/overlays/spm/default.nix
index 5c820d9c..05a8f013 100644
--- a/overlays/spm/default.nix
+++ b/overlays/spm/default.nix
@@ -4,9 +4,9 @@ let
     # defaultPackages = (import ./stackage.nix {});
     # haskellPackages = defaultPackages // argumentPackages;
     # haskellPackages = argumentPackages;
-    haskellPackages = final.haskell.packages.ghc923.override {
+    haskellPackages = final.haskell.packages.ghc924.override {
       overrides = self: super: {
-         warp-systemd = final.haskell.lib.doJailbreak (super.warp-systemd.overrideAttrs (oldAttrs: { meta = oldAttrs.meta // { broken = false; }; })); 
+         warp-systemd = final.haskell.lib.doJailbreak (super.warp-systemd.overrideAttrs (oldAttrs: { meta = oldAttrs.meta // { broken = false; }; }));
          servant-server = super.servant-server.overrideAttrs (oldAttrs: {
            patches = [];
          });
@@ -34,7 +34,7 @@ let
       in path: _type: builtins.match "^frontend(/.*)?$" (relPath path) == null;
       src = ./.;
     };
-    
+
     postPatch = ''
       ${oldAttrs.postPatch or ""}
 
-- 
cgit v1.2.3