diff --git a/flake.lock b/flake.lock deleted file mode 100644 index f7a95ae..0000000 --- a/flake.lock +++ /dev/null @@ -1,520 +0,0 @@ -{ - "nodes": { - "arion": { - "inputs": { - "flake-parts": "flake-parts", - "haskell-flake": "haskell-flake", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1682181677, - "narHash": "sha256-El8WQ2ccxWwkSrjuwKNR0gD/O7vS/KLBY4Q2/nF8m1c=", - "owner": "hercules-ci", - "repo": "arion", - "rev": "6a1f03329c400327b3b2e0ed5e1efff11037ba67", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "arion", - "type": "github" - } - }, - "easymacros": { - "inputs": { - "flake-utils": "flake-utils", - "naersk": "naersk", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1662552013, - "narHash": "sha256-ENoDCKs6gKcGYa06LhCVhro0FVntcy5GBvShS+TPvMY=", - "ref": "refs/heads/main", - "rev": "43405b3bcf786513adc6534ed0e6618c458ba2cb", - "revCount": 38, - "type": "git", - "url": "https://gitlab.com/obsidianical/easymacros.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/obsidianical/easymacros.git" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "arion", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1675933616, - "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "locked": { - "lastModified": 1656065134, - "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "flake-utils_3": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "gumseite": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1680175611, - "narHash": "sha256-0VevgW7qjE3rDSudFr/XIQrMmPowDgLO9jkM4AFkR/o=", - "ref": "refs/heads/master", - "rev": "57f43b774151e34bbf3de5f159924aca93750561", - "revCount": 2, - "type": "git", - "url": "https://gitlab.com/schrottkatze/gum-schulsachen.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/schrottkatze/gum-schulsachen.git" - } - }, - "haskell-flake": { - "locked": { - "lastModified": 1675296942, - "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=", - "owner": "srid", - "repo": "haskell-flake", - "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e", - "type": "github" - }, - "original": { - "owner": "srid", - "ref": "0.1.0", - "repo": "haskell-flake", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1687365523, - "narHash": "sha256-2l/cPXDCDVcLNm+EvCRGJcJ9YxxyLbc2vfTah/t8Qwc=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "1fefd7bb8da0eec6755747f410fa491411a94296", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "karton": { - "inputs": { - "naersk": "naersk_2", - "nixpkgs": "nixpkgs_6", - "utils": "utils" - }, - "locked": { - "lastModified": 1683146576, - "narHash": "sha256-ZaXE/mmVWgZkfnlY56PFuuCMDyUhNtkKuLzkle6Lg8s=", - "ref": "refs/heads/master", - "rev": "5002f11bf360e4508fc73c28fa0aa0f80bf0713d", - "revCount": 188, - "type": "git", - "url": "https://gitlab.com/obsidianical/microbin.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/obsidianical/microbin.git" - } - }, - "mac-brcm-fw": { - "flake": false, - "locked": { - "lastModified": 1668279146, - "narHash": "sha256-KP2cgNVty0t+8laUc8nxefOk8O60fw/mBt7qStSyPNA=", - "path": "/home/jade/mac-brcm-fw", - "type": "path" - }, - "original": { - "path": "./mac-brcm-fw", - "type": "path" - } - }, - "meowsite": { - "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_7" - }, - "locked": { - "lastModified": 1678920998, - "narHash": "sha256-YM7MdYYoL/Wgmg8nmMVnAm33WwzdA2JFwMHKfOxNBXs=", - "ref": "refs/heads/master", - "rev": "f40a32b22bc96b07cb78fb5751cf92d5f30b1c24", - "revCount": 11, - "type": "git", - "url": "https://gitlab.com/obsidianical/meowsite.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/obsidianical/meowsite.git" - } - }, - "naersk": { - "inputs": { - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1655042882, - "narHash": "sha256-9BX8Fuez5YJlN7cdPO63InoyBy7dm3VlJkkmTt6fS1A=", - "owner": "nix-community", - "repo": "naersk", - "rev": "cddffb5aa211f50c4b8750adbec0bbbdfb26bb9f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "naersk", - "type": "github" - } - }, - "naersk_2": { - "inputs": { - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1671096816, - "narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=", - "owner": "nix-community", - "repo": "naersk", - "rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "naersk", - "type": "github" - } - }, - "naersk_3": { - "inputs": { - "nixpkgs": "nixpkgs_9" - }, - "locked": { - "lastModified": 1671096816, - "narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=", - "owner": "nix-community", - "repo": "naersk", - "rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "naersk", - "type": "github" - } - }, - "nixos-hardware": { - "locked": { - "lastModified": 1686944904, - "narHash": "sha256-EDJXlYJ+JQ/xPQ+4Qr2QW647O5pc1t9iiRwSL0/8fFE=", - "owner": "networkException", - "repo": "nixos-hardware", - "rev": "3d1af7f444f37b990226a44838da3b8e00d6b61e", - "type": "github" - }, - "original": { - "owner": "networkException", - "ref": "apple-t2-init", - "repo": "nixos-hardware", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1676300157, - "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1687288566, - "narHash": "sha256-VckkiJ88Gzdc2cstm0z5eFcrHbvkm4VjxavHBGssvZI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b6c73c5fe53bb3afbf65e870541e0645e9145171", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "nixpkgs_10": { - "locked": { - "lastModified": 1675614288, - "narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d25de6654a34d99dceb02e71e6db516b3b545be6", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1656755932, - "narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1656755932, - "narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1679966490, - "narHash": "sha256-k0jV+y1jawE6w4ZvKgXDNg4+O9NNtcaWwzw8gufv0b4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5b7cd5c39befee629be284970415b6eb3b0ff000", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1677852945, - "narHash": "sha256-liiVJjkBTuBTAkRW3hrI8MbPD2ImYzwUpa7kvteiKhM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f5ffd5787786dde3a8bf648c7a1b5f78c4e01abb", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1677852945, - "narHash": "sha256-liiVJjkBTuBTAkRW3hrI8MbPD2ImYzwUpa7kvteiKhM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f5ffd5787786dde3a8bf648c7a1b5f78c4e01abb", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1674407282, - "narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ab1254087f4cdf4af74b552d7fc95175d9bdbb49", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1686960236, - "narHash": "sha256-AYCC9rXNLpUWzD9hm+askOfpliLEC9kwAo7ITJc4HIw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "04af42f3b31dba0ef742d254456dc4c14eedac86", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, - "nixpkgs_9": { - "locked": { - "lastModified": 1675614288, - "narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d25de6654a34d99dceb02e71e6db516b3b545be6", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "root": { - "inputs": { - "arion": "arion", - "easymacros": "easymacros", - "gumseite": "gumseite", - "home-manager": "home-manager", - "karton": "karton", - "mac-brcm-fw": "mac-brcm-fw", - "meowsite": "meowsite", - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_8", - "nixpkgs-stable": "nixpkgs-stable", - "wordsofgod": "wordsofgod" - } - }, - "utils": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_2": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "wordsofgod": { - "inputs": { - "naersk": "naersk_3", - "nixpkgs": "nixpkgs_10", - "utils": "utils_2" - }, - "locked": { - "lastModified": 1675936524, - "narHash": "sha256-cr6lknWz+2N4mq6csfdYLUBNTxB2MbaEGH8yQyk3XbA=", - "ref": "refs/heads/master", - "rev": "93c03cbe6f7bac22c7c5023d4bcba3af837ce43b", - "revCount": 8, - "type": "git", - "url": "https://gitlab.com/obsidianical/wordsofgod.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/obsidianical/wordsofgod.git" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix index f4ba512..07c4501 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ # nixpkgs.url = "nixpkgs/nixos-22.11"; nixpkgs-stable.url = "nixpkgs/nixos-23.05"; home-manager = { - url = "github:nix-community/home-manager"; + url = "github:nix-community/home-manager/release-22.11"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:networkException/nixos-hardware/apple-t2-init"; diff --git a/hosts/schrottserver/configuration.nix b/hosts/schrottserver/configuration.nix index a426de4..df7eb1e 100644 --- a/hosts/schrottserver/configuration.nix +++ b/hosts/schrottserver/configuration.nix @@ -30,7 +30,7 @@ }; services = { - openssh.permitRootLogin = "no"; + openssh.permitRootLogin = "without-password"; fail2ban = { enable = true; bantime-increment.enable = true; diff --git a/hosts/schrottserver/nextcloud.nix b/hosts/schrottserver/nextcloud.nix index 9f4be80..dd4e04c 100644 --- a/hosts/schrottserver/nextcloud.nix +++ b/hosts/schrottserver/nextcloud.nix @@ -7,7 +7,7 @@ dbuser = "nextcloud"; dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself dbname = "nextcloud"; - adminpassFile = "${../secret-data/nextcloud-admin-pass}"; + adminpassFile = "${../../secret-data/nextcloud-admin-pass}"; adminuser = "root"; }; package = pkgs.nextcloud25; diff --git a/hosts/schrottserver/penpot.nix b/hosts/schrottserver/penpot.nix index 865f6ec..2e7f227 100644 --- a/hosts/schrottserver/penpot.nix +++ b/hosts/schrottserver/penpot.nix @@ -33,7 +33,7 @@ "PENPOT_SMTP_HOST" = "smtp.migadu.com"; "PENPOT_SMTP_PORT" = "587"; "PENPOT_SMTP_USERNAME" = "noreply-pp@schrottkatze.de"; - "PENPOT_SMTP_PASSWORD" = "${builtins.readFile ../secret-data/penpot-smtp-pass}"; + "PENPOT_SMTP_PASSWORD" = "${builtins.readFile ../../secret-data/penpot-smtp-pass}"; "PENPOT_SMTP_TLS" = "true"; "PENPOT_SMTP_SSL" = "false"; }; diff --git a/hosts/schrottserver/vaultwarden.nix b/hosts/schrottserver/vaultwarden.nix index a581d0f..a9b4edf 100644 --- a/hosts/schrottserver/vaultwarden.nix +++ b/hosts/schrottserver/vaultwarden.nix @@ -13,7 +13,7 @@ SIGNUPS_VERIFY = true; ROCKET_LOG = "debug"; ENABLE_WAL = false; - ADMIN_TOKEN = builtins.readFile ../secret-data/vaultwarden-admin-token; + ADMIN_TOKEN = builtins.readFile ../../secret-data/vaultwarden-admin-token; DOMAIN = "https://vw.schrottkatze.de"; SMTP_TIMEOUT = 15; ROCKET_PORT = 8812;