diff --git a/flake.lock b/flake.lock deleted file mode 100644 index c5ea79a..0000000 --- a/flake.lock +++ /dev/null @@ -1,653 +0,0 @@ -{ - "nodes": { - "arion": { - "inputs": { - "flake-parts": "flake-parts", - "haskell-flake": "haskell-flake", - "hercules-ci-effects": "hercules-ci-effects", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1692787336, - "narHash": "sha256-WabgeYsUiMRbpb1bCT3oY6GJEciZQIf3tYD8RQAUf2c=", - "owner": "hercules-ci", - "repo": "arion", - "rev": "28902d348807c494115177595f812a3e54cc913b", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "arion", - "type": "github" - } - }, - "easymacros": { - "inputs": { - "flake-utils": "flake-utils", - "naersk": "naersk", - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1662552013, - "narHash": "sha256-ENoDCKs6gKcGYa06LhCVhro0FVntcy5GBvShS+TPvMY=", - "ref": "refs/heads/main", - "rev": "43405b3bcf786513adc6534ed0e6618c458ba2cb", - "revCount": 38, - "type": "git", - "url": "https://gitlab.com/obsidianical/easymacros.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/obsidianical/easymacros.git" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "arion", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1675933616, - "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1688466019, - "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "arion", - "hercules-ci-effects", - "hercules-ci-agent", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1688466019, - "narHash": "sha256-VeM2akYrBYMsb4W/MmBo1zmaMfgbL4cH3Pu8PGyIwJ0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8e8d955c22df93dbe24f19ea04f47a74adbdc5ec", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "locked": { - "lastModified": 1656065134, - "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "flake-utils_3": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "gumseite": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1680175611, - "narHash": "sha256-0VevgW7qjE3rDSudFr/XIQrMmPowDgLO9jkM4AFkR/o=", - "ref": "refs/heads/master", - "rev": "57f43b774151e34bbf3de5f159924aca93750561", - "revCount": 2, - "type": "git", - "url": "https://gitlab.com/schrottkatze/gum-schulsachen.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/schrottkatze/gum-schulsachen.git" - } - }, - "haskell-flake": { - "locked": { - "lastModified": 1675296942, - "narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=", - "owner": "srid", - "repo": "haskell-flake", - "rev": "c2cafce9d57bfca41794dc3b99c593155006c71e", - "type": "github" - }, - "original": { - "owner": "srid", - "ref": "0.1.0", - "repo": "haskell-flake", - "type": "github" - } - }, - "haskell-flake_2": { - "locked": { - "lastModified": 1684780604, - "narHash": "sha256-2uMZsewmRn7rRtAnnQNw1lj0uZBMh4m6Cs/7dV5YF08=", - "owner": "srid", - "repo": "haskell-flake", - "rev": "74210fa80a49f1b6f67223debdbf1494596ff9f2", - "type": "github" - }, - "original": { - "owner": "srid", - "ref": "0.3.0", - "repo": "haskell-flake", - "type": "github" - } - }, - "hercules-ci-agent": { - "inputs": { - "flake-parts": "flake-parts_3", - "haskell-flake": "haskell-flake_2", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1688568579, - "narHash": "sha256-ON0M56wtY/TIIGPkXDlJboAmuYwc73Hi8X9iJGtxOhM=", - "owner": "hercules-ci", - "repo": "hercules-ci-agent", - "rev": "367dd8cd649b57009a6502e878005a1e54ad78c5", - "type": "github" - }, - "original": { - "id": "hercules-ci-agent", - "type": "indirect" - } - }, - "hercules-ci-effects": { - "inputs": { - "flake-parts": "flake-parts_2", - "hercules-ci-agent": "hercules-ci-agent", - "nixpkgs": [ - "arion", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1689397210, - "narHash": "sha256-fVxZnqxMbsDkB4GzGAs/B41K0wt/e+B/fLxmTFF/S20=", - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "rev": "0a63bfa3f00a3775ea3a6722b247880f1ffe91ce", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1695550077, - "narHash": "sha256-xoxR/iY69/3lTnnZDP6gf3J46DUKPcf+Y1jH03tfZXE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "a88df2fb101778bfd98a17556b3a2618c6c66091", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "karton": { - "inputs": { - "naersk": "naersk_2", - "nixpkgs": "nixpkgs_7", - "utils": "utils" - }, - "locked": { - "lastModified": 1683146576, - "narHash": "sha256-ZaXE/mmVWgZkfnlY56PFuuCMDyUhNtkKuLzkle6Lg8s=", - "ref": "refs/heads/master", - "rev": "5002f11bf360e4508fc73c28fa0aa0f80bf0713d", - "revCount": 188, - "type": "git", - "url": "https://gitlab.com/obsidianical/microbin.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/obsidianical/microbin.git" - } - }, - "mac-brcm-fw": { - "flake": false, - "locked": { - "lastModified": 1, - "narHash": "sha256-ewzM8IBKNFCx73ah5rflcdx605ukRF3oTWwih2CTsvs=", - "path": "./mac-brcm-fw", - "type": "path" - }, - "original": { - "path": "./mac-brcm-fw", - "type": "path" - } - }, - "meowsite": { - "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_8" - }, - "locked": { - "lastModified": 1678920998, - "narHash": "sha256-YM7MdYYoL/Wgmg8nmMVnAm33WwzdA2JFwMHKfOxNBXs=", - "ref": "refs/heads/master", - "rev": "f40a32b22bc96b07cb78fb5751cf92d5f30b1c24", - "revCount": 11, - "type": "git", - "url": "https://gitlab.com/obsidianical/meowsite.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/obsidianical/meowsite.git" - } - }, - "naersk": { - "inputs": { - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1655042882, - "narHash": "sha256-9BX8Fuez5YJlN7cdPO63InoyBy7dm3VlJkkmTt6fS1A=", - "owner": "nix-community", - "repo": "naersk", - "rev": "cddffb5aa211f50c4b8750adbec0bbbdfb26bb9f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "naersk", - "type": "github" - } - }, - "naersk_2": { - "inputs": { - "nixpkgs": "nixpkgs_6" - }, - "locked": { - "lastModified": 1671096816, - "narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=", - "owner": "nix-community", - "repo": "naersk", - "rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "naersk", - "type": "github" - } - }, - "naersk_3": { - "inputs": { - "nixpkgs": "nixpkgs_10" - }, - "locked": { - "lastModified": 1671096816, - "narHash": "sha256-ezQCsNgmpUHdZANDCILm3RvtO1xH8uujk/+EqNvzIOg=", - "owner": "nix-community", - "repo": "naersk", - "rev": "d998160d6a076cfe8f9741e56aeec7e267e3e114", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "naersk", - "type": "github" - } - }, - "nixos-hardware": { - "locked": { - "lastModified": 1687903496, - "narHash": "sha256-4PPwbFM4dNqso3zBya5rgfRvnBoIbN2J7qZ2ZpRyOUc=", - "owner": "networkException", - "repo": "nixos-hardware", - "rev": "8e28b9ee431b265d1fc74b8b819ea0816344c4a1", - "type": "github" - }, - "original": { - "owner": "networkException", - "ref": "apple-t2-init", - "repo": "nixos-hardware", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1688322751, - "narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0fbe93c5a7cac99f90b60bdf5f149383daaa615f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "dir": "lib", - "lastModified": 1688049487, - "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1695559356, - "narHash": "sha256-kXZ1pUoImD9OEbPCwpTz4tHsNTr4CIyIfXb3ocuR8sI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "261abe8a44a7e8392598d038d2e01f7b33cf26d0", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "nixpkgs_10": { - "locked": { - "lastModified": 1675614288, - "narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d25de6654a34d99dceb02e71e6db516b3b545be6", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1675614288, - "narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d25de6654a34d99dceb02e71e6db516b3b545be6", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1676300157, - "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1656755932, - "narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1656755932, - "narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1679966490, - "narHash": "sha256-k0jV+y1jawE6w4ZvKgXDNg4+O9NNtcaWwzw8gufv0b4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5b7cd5c39befee629be284970415b6eb3b0ff000", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1677852945, - "narHash": "sha256-liiVJjkBTuBTAkRW3hrI8MbPD2ImYzwUpa7kvteiKhM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f5ffd5787786dde3a8bf648c7a1b5f78c4e01abb", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1677852945, - "narHash": "sha256-liiVJjkBTuBTAkRW3hrI8MbPD2ImYzwUpa7kvteiKhM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f5ffd5787786dde3a8bf648c7a1b5f78c4e01abb", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1674407282, - "narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ab1254087f4cdf4af74b552d7fc95175d9bdbb49", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_9": { - "locked": { - "lastModified": 1695360818, - "narHash": "sha256-JlkN3R/SSoMTa+CasbxS1gq+GpGxXQlNZRUh9+LIy/0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e35dcc04a3853da485a396bdd332217d0ac9054f", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, - "root": { - "inputs": { - "arion": "arion", - "easymacros": "easymacros", - "gumseite": "gumseite", - "home-manager": "home-manager", - "karton": "karton", - "mac-brcm-fw": "mac-brcm-fw", - "meowsite": "meowsite", - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_9", - "nixpkgs-stable": "nixpkgs-stable", - "wordsofgod": "wordsofgod" - } - }, - "utils": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_2": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "wordsofgod": { - "inputs": { - "naersk": "naersk_3", - "nixpkgs": "nixpkgs_11", - "utils": "utils_2" - }, - "locked": { - "lastModified": 1675936524, - "narHash": "sha256-cr6lknWz+2N4mq6csfdYLUBNTxB2MbaEGH8yQyk3XbA=", - "ref": "refs/heads/master", - "rev": "93c03cbe6f7bac22c7c5023d4bcba3af837ce43b", - "revCount": 8, - "type": "git", - "url": "https://gitlab.com/obsidianical/wordsofgod.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/obsidianical/wordsofgod.git" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix index cb5c0bb..6d9d40c 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ # nixpkgs.url = "nixpkgs/nixos-22.11"; nixpkgs-stable.url = "nixpkgs/nixos-23.05"; home-manager = { - url = "github:nix-community/home-manager"; + url = "github:nix-community/home-manager/release-22.11"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:networkException/nixos-hardware/apple-t2-init"; diff --git a/hosts/schrottserver/configuration.nix b/hosts/schrottserver/configuration.nix index a426de4..df7eb1e 100644 --- a/hosts/schrottserver/configuration.nix +++ b/hosts/schrottserver/configuration.nix @@ -30,7 +30,7 @@ }; services = { - openssh.permitRootLogin = "no"; + openssh.permitRootLogin = "without-password"; fail2ban = { enable = true; bantime-increment.enable = true; diff --git a/hosts/schrottserver/nextcloud.nix b/hosts/schrottserver/nextcloud.nix index 9f4be80..dd4e04c 100644 --- a/hosts/schrottserver/nextcloud.nix +++ b/hosts/schrottserver/nextcloud.nix @@ -7,7 +7,7 @@ dbuser = "nextcloud"; dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself dbname = "nextcloud"; - adminpassFile = "${../secret-data/nextcloud-admin-pass}"; + adminpassFile = "${../../secret-data/nextcloud-admin-pass}"; adminuser = "root"; }; package = pkgs.nextcloud25; diff --git a/hosts/schrottserver/penpot.nix b/hosts/schrottserver/penpot.nix index 865f6ec..2e7f227 100644 --- a/hosts/schrottserver/penpot.nix +++ b/hosts/schrottserver/penpot.nix @@ -33,7 +33,7 @@ "PENPOT_SMTP_HOST" = "smtp.migadu.com"; "PENPOT_SMTP_PORT" = "587"; "PENPOT_SMTP_USERNAME" = "noreply-pp@schrottkatze.de"; - "PENPOT_SMTP_PASSWORD" = "${builtins.readFile ../secret-data/penpot-smtp-pass}"; + "PENPOT_SMTP_PASSWORD" = "${builtins.readFile ../../secret-data/penpot-smtp-pass}"; "PENPOT_SMTP_TLS" = "true"; "PENPOT_SMTP_SSL" = "false"; }; diff --git a/hosts/schrottserver/vaultwarden.nix b/hosts/schrottserver/vaultwarden.nix index a581d0f..a9b4edf 100644 --- a/hosts/schrottserver/vaultwarden.nix +++ b/hosts/schrottserver/vaultwarden.nix @@ -13,7 +13,7 @@ SIGNUPS_VERIFY = true; ROCKET_LOG = "debug"; ENABLE_WAL = false; - ADMIN_TOKEN = builtins.readFile ../secret-data/vaultwarden-admin-token; + ADMIN_TOKEN = builtins.readFile ../../secret-data/vaultwarden-admin-token; DOMAIN = "https://vw.schrottkatze.de"; SMTP_TIMEOUT = 15; ROCKET_PORT = 8812;