From 69705431bfb4486e7b2c593e12f74304f3c0e8ce Mon Sep 17 00:00:00 2001 From: danny Date: Thu, 25 Sep 2025 19:58:19 +0800 Subject: [PATCH] feat: add self-hosted cache server --- flake.lock | 235 +++++++++++++++++++++------- flake.nix | 9 ++ home/scripts/remoteRebuild.nix | 10 ++ home/user/shell.nix | 2 + system/dev/dn-lap/default.nix | 1 + system/dev/dn-pre7780/default.nix | 23 +-- system/dev/dn-pre7780/hyprland.nix | 26 +++ system/dev/dn-pre7780/secret.yaml | 6 +- system/dev/dn-server/atticd.nix | 40 +++++ system/dev/dn-server/default.nix | 3 +- system/dev/dn-server/secret.yaml | 6 +- system/dev/dn-server/sops-conf.nix | 1 + system/dev/skydrive-lap/default.nix | 6 +- system/modules/nixsettings.nix | 9 ++ system/modules/printer.nix | 23 +++ system/modules/stalwart.nix | 8 +- 16 files changed, 313 insertions(+), 95 deletions(-) create mode 100644 home/scripts/remoteRebuild.nix create mode 100644 system/dev/dn-pre7780/hyprland.nix create mode 100644 system/dev/dn-server/atticd.nix create mode 100644 system/modules/printer.nix diff --git a/flake.lock b/flake.lock index 53483ab..89f3f37 100644 --- a/flake.lock +++ b/flake.lock @@ -75,6 +75,31 @@ "type": "github" } }, + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1757683818, + "narHash": "sha256-q7q0pWT+wu5AUU1Qlbwq8Mqb+AzHKhaMCVUq/HNZfo8=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "7c5d79ad62cda340cb8c80c99b921b7b7ffacf69", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -212,6 +237,21 @@ } }, "crane": { + "locked": { + "lastModified": 1751562746, + "narHash": "sha256-smpugNIkmDeicNz301Ll1bD7nFOty97T79m4GUMUczA=", + "owner": "ipetkov", + "repo": "crane", + "rev": "aed2020fd3dc26e1e857d4107a5a67a33ab6c1fd", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { "locked": { "lastModified": 1731098351, "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", @@ -248,7 +288,7 @@ }, "firefox": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "lib-aggregate": "lib-aggregate", "nixpkgs": [ "nixpkgs" @@ -285,21 +325,6 @@ } }, "flake-compat": { - "locked": { - "lastModified": 1746162366, - "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -315,6 +340,37 @@ "type": "github" } }, + "flake-compat_10": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "locked": { + "lastModified": 1746162366, + "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_3": { "flake": false, "locked": { @@ -334,11 +390,11 @@ "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -350,11 +406,11 @@ "flake-compat_5": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -396,22 +452,6 @@ } }, "flake-compat_8": { - "flake": false, - "locked": { - "lastModified": 1751685974, - "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=", - "ref": "refs/heads/main", - "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1", - "revCount": 92, - "type": "git", - "url": "https://git.lix.systems/lix-project/flake-compat.git" - }, - "original": { - "type": "git", - "url": "https://git.lix.systems/lix-project/flake-compat.git" - } - }, - "flake-compat_9": { "flake": false, "locked": { "lastModified": 1747046372, @@ -427,7 +467,44 @@ "type": "github" } }, + "flake-compat_9": { + "flake": false, + "locked": { + "lastModified": 1751685974, + "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=", + "ref": "refs/heads/main", + "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1", + "revCount": 92, + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + } + }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -448,7 +525,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "neovim-nightly-overlay", @@ -469,7 +546,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "neovim-nightly-overlay", @@ -490,7 +567,7 @@ "type": "indirect" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -508,7 +585,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": [ "nvf", @@ -529,7 +606,7 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -705,7 +782,7 @@ }, "ghostty": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" @@ -729,7 +806,7 @@ }, "git-hooks": { "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_7", "gitignore": "gitignore_3", "nixpkgs": [ "neovim-nightly-overlay", @@ -835,7 +912,7 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "nixpkgs": [ "neovim-nightly-overlay", "nixpkgs" @@ -1373,7 +1450,7 @@ }, "jovian": { "inputs": { - "nix-github-actions": "nix-github-actions", + "nix-github-actions": "nix-github-actions_2", "nixpkgs": [ "chaotic", "nixpkgs" @@ -1395,9 +1472,9 @@ }, "lanzaboote": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts", + "crane": "crane_2", + "flake-compat": "flake-compat_5", + "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ], @@ -1493,8 +1570,8 @@ }, "neovim-nightly-overlay": { "inputs": { - "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts_2", + "flake-compat": "flake-compat_6", + "flake-parts": "flake-parts_3", "git-hooks": "git-hooks", "hercules-ci-effects": "hercules-ci-effects", "neovim-src": "neovim-src", @@ -1532,6 +1609,27 @@ } }, "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737420293, + "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-github-actions_2": { "inputs": { "nixpkgs": [ "chaotic", @@ -1576,7 +1674,7 @@ }, "nix-minecraft": { "inputs": { - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_8", "flake-utils": "flake-utils_5", "nixpkgs": "nixpkgs_5" }, @@ -1614,7 +1712,7 @@ }, "nixd": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "flake-root": "flake-root", "nixpkgs": [ "nixpkgs" @@ -1679,6 +1777,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1751741127, + "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "29e290002bfff26af1db6f64d070698019460302", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -1878,8 +1992,8 @@ }, "nvf": { "inputs": { - "flake-compat": "flake-compat_8", - "flake-parts": "flake-parts_5", + "flake-compat": "flake-compat_9", + "flake-parts": "flake-parts_6", "mnw": "mnw", "nixpkgs": [ "nixpkgs" @@ -1902,7 +2016,7 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "gitignore": "gitignore", "nixpkgs": [ "hyprland", @@ -1934,7 +2048,7 @@ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1731363552, @@ -1975,6 +2089,7 @@ "inputs": { "Hyprspace": "Hyprspace", "actual-budget-api": "actual-budget-api", + "attic": "attic", "caelestia-shell": "caelestia-shell", "chaotic": "chaotic", "disko": "disko", @@ -2128,7 +2243,7 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_7", "gnome-shell": "gnome-shell", "nixpkgs": [ "nixpkgs" @@ -2157,7 +2272,7 @@ }, "swww": { "inputs": { - "flake-compat": "flake-compat_9", + "flake-compat": "flake-compat_10", "nixpkgs": "nixpkgs_9", "rust-overlay": "rust-overlay_3" }, diff --git a/flake.nix b/flake.nix index d0e8979..4c3f89e 100644 --- a/flake.nix +++ b/flake.nix @@ -129,6 +129,11 @@ flake = false; }; # ======================== # + + attic = { + url = "github:zhaofengli/attic"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -161,6 +166,7 @@ inputs.chaotic.nixosModules.default inputs.actual-budget-api.nixosModules.default inputs.stylix.nixosModules.stylix + inputs.attic.nixosModules.atticd ]; args = { inherit @@ -294,6 +300,9 @@ nixpkgs.lib.nixosSystem { modules = [ { + environment.systemPackages = [ + inputs.attic.packages.${system}.attic + ]; system.stateVersion = nix-version; home-manager = { backupFileExtension = "backup-hm"; diff --git a/home/scripts/remoteRebuild.nix b/home/scripts/remoteRebuild.nix new file mode 100644 index 0000000..157df9f --- /dev/null +++ b/home/scripts/remoteRebuild.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +pkgs.writeShellScriptBin "rRebuild" '' + TARGET=$1 + BUILD=$2 + + shift + shift + + nixos-rebuild switch --target-host "$TARGET" --build-host "$BUILD" --sudo --ask-sudo-password $@ +'' diff --git a/home/user/shell.nix b/home/user/shell.nix index ac4bf7f..a8bac32 100644 --- a/home/user/shell.nix +++ b/home/user/shell.nix @@ -1,11 +1,13 @@ { osConfig, pkgs, ... }: let shellAlias = import ./shellAlias.nix { hostname = osConfig.networking.hostName; }; + remoteRebuld = pkgs.callPackage ../scripts/remoteRebuild.nix { }; in { home.packages = with pkgs; [ # Shell grc + remoteRebuld ]; programs = { diff --git a/system/dev/dn-lap/default.nix b/system/dev/dn-lap/default.nix index e2f3f17..1ae7d00 100644 --- a/system/dev/dn-lap/default.nix +++ b/system/dev/dn-lap/default.nix @@ -13,6 +13,7 @@ in ./hardware-configuration.nix ./boot.nix ./sops-conf.nix + ../../modules/printer.nix ../../modules/presets/basic.nix ../../modules/gaming.nix ../../modules/virtualization.nix diff --git a/system/dev/dn-pre7780/default.nix b/system/dev/dn-pre7780/default.nix index 608a49a..424b649 100644 --- a/system/dev/dn-pre7780/default.nix +++ b/system/dev/dn-pre7780/default.nix @@ -2,6 +2,8 @@ pkgs, username, config, + system, + inputs, lib, ... }: @@ -12,9 +14,6 @@ let "desc:ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271" "desc:Acer Technologies XV272U V3 1322131231233" ]; - memeSelector = pkgs.callPackage ../../../home/scripts/memeSelector.nix { - url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/"; - }; in { networking.firewall.allowedTCPPortRanges = [ @@ -90,7 +89,6 @@ in }; environment.systemPackages = with pkgs; [ - memeSelector rustdesk ((blender.override { cudaSupport = true; }).overrideAttrs (prev: { postInstall = '' @@ -177,22 +175,7 @@ in # Hyprland (import ../../../home/user/hyprland.nix { inherit monitors; }) - { - wayland.windowManager.hyprland = { - settings = { - monitor = [ - ''desc:ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271, 2560x1440@165, 0x0, 1'' - ''desc:Acer Technologies XV272U V3 1322131231233, 2560x1440@180, -1440x-600, 1, transform, 1'' - ]; - misc = { - vrr = 0; - }; - bind = [ - "$mainMod ctrl, M, exec, ${memeSelector}/bin/memeSelector" - ]; - }; - }; - } + ./hyprland.nix # Git (import ../../../home/user/git.nix { diff --git a/system/dev/dn-pre7780/hyprland.nix b/system/dev/dn-pre7780/hyprland.nix new file mode 100644 index 0000000..42ac30d --- /dev/null +++ b/system/dev/dn-pre7780/hyprland.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: +let + memeSelector = pkgs.callPackage ../../../home/scripts/memeSelector.nix { + url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/"; + }; +in +{ + home.packages = [ + memeSelector + ]; + + wayland.windowManager.hyprland = { + settings = { + monitor = [ + ''desc:ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271, 2560x1440@165, 0x0, 1'' + ''desc:Acer Technologies XV272U V3 1322131231233, 2560x1440@180, -1440x-600, 1, transform, 1'' + ]; + misc = { + vrr = 0; + }; + bind = [ + "$mainMod ctrl, M, exec, ${memeSelector}/bin/memeSelector" + ]; + }; + }; +} diff --git a/system/dev/dn-pre7780/secret.yaml b/system/dev/dn-pre7780/secret.yaml index a1fa457..3f533bc 100644 --- a/system/dev/dn-pre7780/secret.yaml +++ b/system/dev/dn-pre7780/secret.yaml @@ -9,7 +9,7 @@ openldap: lam: env: ENC[AES256_GCM,data:f1LlC/VvilH8o2Ra7MrSHsMEGlGw3LOV2O9JJf9f,iv:u7cXM8n3jJeLBfxXtA0QMyijBqTcC+yJeW/OO9JuZMI=,tag:QL5FkcCPI5Gxudi0NmCZWg==,type:str] stalwart: - adminPassword: ENC[AES256_GCM,data:6tUL7b2s3gLtF4Ors9CgYQ==,iv:9UQowgXKr9HR/poELP6SZijp3c2HVTHzEfwf1tZI/3w=,tag:KIOiYEwLsZLH31E2Xb478A==,type:str] + adminPassword: ENC[AES256_GCM,data:hHQlmztndbB8Ct5Zig8BChz1,iv:kDgSVglIKxEghV/lkcKKxKCzgwVJqcH4l8aXYt7k+W8=,tag:vD14vP2iJEOG4WR6djab1A==,type:str] tsig: ENC[AES256_GCM,data:wxsM/dbkW2fNf86b6TsLRNAce19h7mBEuSzFT84aIlaVZA/S29g1U4/CAwD4b+h/XfBgpZQCJf/9yT3yo6dbGAIAk5UgjV2cNY9pO1/uF1T6xoKDgfRZxA==,iv:9BvP8vQkTTEaNgYUPfQcfEMcWqDyD045EPBr7NyHmO4=,tag:coBBAe62kpe/L0S6V8NhXg==,type:str] db: ENC[AES256_GCM,data:ZRZ2ZzUotYMe2GfkMS7o7dz0aGg=,iv:ys6ogueueESp0y6A+hUG9zTnqmCVobuIzyqA4WVtewo=,tag:p74G+8XhMcpgDnIfh1aXTg==,type:str] dkimKey: ENC[AES256_GCM,data:oi+XvZ9hMMsgMtFnGPMbVBGagkwQzcPQDi1b0Zd54615V5yuOLHZxpLT5Z3LYlCOQmOcrCaIwn8lQKIZbAuAq6HDUVlNabjgnHeoq3XRIvcswO/B9pljL/22JCZleSrWSBh+WE+RwQIcqUIr0eNerXCUaAQLTE8lYn6mJMa/OoHJJ3R498OGyM/8rbuIMfKj5eqJnctsd9lRWeNmiq7hpQKJ8syLXMsRM9y79NJTPGJrIAJ/5F8SfUJ256/S2N25Cq61pkaXWxTcZzXFgAGU/sa3zsY86BRwEnFEVRMnygJWrVZW/ABYgRjL99r6OBQM8WTFpE8cK9GZTpylTm+QCS9lHsAA2rnUfLTs/09z41klbGSAu5jfokM5jhyFIjmDm9h3hEk4l0F4KTWgQ7avWqGVx4yVPktrVS6eh6W7+I0V6BOUhzH0Pp9xXWwhbFrMPYAYK5MQSLAS5nd3RCQWrxZwWh//ATiWdngUeWPyObxXSTmoV254k230sT39jQmqmTK5zIkOBvokPps9q3nPq1i3UIkSAXo0ZWI+GHiL1rnzJkMMGViugJdGEwUf8nWlYMcYkHmDRUZam6DIxzkf5svtd+kbDTxRa4GzeJrOYizgwDGpD5vRA9u8i7MYBS1Rhw3UVqZ9gkjtv8mqoOkDqVnHVnS2UPtsircecvjHmhu4Tq4hn8phX3F+2I8lhXUIalzPng5zjPGNUcDT+SoCbNeHuSWDDmMYQtzM3/xwae9quP9FXhr9IGGygmFUPGsl3cuxSJ3+Cq9/Hhd7bnTYnxYfv781qTmZsFclMUWNxUJQWLJ+5BQz6u1zW64wh+5SHUGrw7CHFsdgNAKv7YN+GJMNTHOjZr9RTL9R8opDm8Iho5IyQjMP401+DY30mOCq03WKJiC8qehgoaH16ssNV6ZuoHldu2N6JKmiwywgTRq8zQEo8jPnro772CQ9Tg0/5PnkhdlLdphDEIp60IbM+XWqMNwHY57fm6U+81PcgtsoRmI5OklrrhQjv+1aRgz0vRM80FOHMv7kxgEdNkb1x15B4g0ocBXEdLuxJEVaW4uWlP9EIivXOWwaPZf1QjT8ISuUQlFMXvtNj/V3SraW3K1bErJL5JnI16z803kdoAqYijf3IrRK49SKoCq6B2V8yo8iCRod2GFt1P3ADKb/uvJ6iCBSlFRFwiJYr8qu7TPXFCpsoySEmr1edBQdAkzXxFZLDMczHq2BzUo2RPfwtDubG1GMWxzrbZ1T6N3j1+GXiyTX7XuKdpSpFlXtPuJcCIrX4D4xnjv1SqqXEcKJO9oUcdMK6+Eem7wtVDBDDYpWellT+bLmtouvdEgjYE8VG5UGJJ5NpYoJAce9c7RE5/ozuvUH+uMfqfb8igZQlBMl6hbqO7j8m11i+ijS9T6Wu2DCSVIqqBHu8bouz1vyfq8l/whJCl1BkaZtiE5+NLkHoYSOuXGtVvEuXwMhvCWdnkxJtHZxxXQuCcBcVkD9Edg0YTslGv+XUvaYRlfZUqypqYZ9zJ21en9XPK3zafZ5gRLdY0xhXN4OKbGrXXL4cm5jfroTeez9iIL4fJGcA80PRHUGoLfK7ht2z0Lq3U91F4jz5KEhbaDtWDcMryr1Bwb6UXgLrezNM290g8J3GpXLBAdvqDXK79jSdPNqptGYt++VDeCdtA+P3z9K6aMWZzPURkLXxZ1bWy5YXP03MIkUpZWsc5lQmccUiyFe/Y+d9RSAZClmVxsQAY5y90d42EhkrOag06geziV9aaxgr57LdoPJQabD48bIbFFvimhV2DS3Gf/7gFtCXlm9oZiIqSHG+1TMKRp8XVwn6f70d76/Ba5Uiu0EX8V2x0Dsnin6GGynMBFCPKPXssHRe71SfRVxPJrzlLjtfTdPuzW5Q2k/U//z9SWd6Ao3+mzsbTC8MAYGeIzeE4GdsTs4ViEQWg5sSMSfjeKOFfgpTQi20LGomjF4gtTfnchEUBcUAarV6+hT/inYG2SlglyWwr2+LE3Ua5FWRXsZu4tBHcfE0axIb6Ju5KeogPVPo6cNoJCR2XLPNQakB9ONniCxPTW6zOx8h/A2UeIWMgbAn/jNYdd4kFu1IWBAQaZg5kSg1KmSAtnKgFmhb8A0Ope8h5fKfdX5tf0ulW0bjBz+rqNf2FQwcB/ScuEc65LSX+b0bzvIILuZfSRytFQpaQ4svjjA6mP4VIRoPRkkRl+gTEO+Ue4No4VZGE9+YdRFZ7OmtH6S1e5vu1rBiLuTVayHjuSWRu0OmxDiErP6uXPy8Q==,iv:Q5g9kxJKEKLHge2mcgk/UnTNMDFjzeLFLNjlY8KWe60=,tag:yL03NWRK2whOxNjcR3cPyA==,type:str] @@ -29,7 +29,7 @@ sops: MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-20T11:44:16Z" - mac: ENC[AES256_GCM,data:ZNSn4h4r1d+9YBBpjJfI+AsYGOcC8r+A61KmmRf9JfyQiI0U8Le9C+ut45YQCMW3Q57a5q8NUN1GA72iCaXUk00UuESl4ybuqotrs0SVQ/QUbQCCANkItFck7XiNJ3AJY2zbWT09tI4FlnoW/ZHXMlSiPvo+hzCAEtAaM83JpIs=,iv:QKDsRjrJ7AVOY8TZm9O/g1vc81WD8xLYFBS9A/pfxZE=,tag:IMhI59NUHKH52Rs06TTZYg==,type:str] + lastmodified: "2025-09-22T14:30:13Z" + mac: ENC[AES256_GCM,data:Ak9QKKRWDFQk9GNkk2yiN+42DB/Gj7dXmiNOna0BKRwI7gkVl+ie4Iis6jhZ2aEe1vO8rgBurcSQd9xVyFOIJa16p7L1GD1doZWn0Gq3yerIwzjtaQMoS84e/cTTiWnj9shAe+Sm7vhk3ZJzJzbpYtBTspVE+iyZ+LafIE3XSCc=,iv:j53phA/h5cqWEiEviIjgbLxcPPOGWUq+UHFG1tCWkrw=,tag:Z5fnbnE2hfeHQ74Li3EVVw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/system/dev/dn-server/atticd.nix b/system/dev/dn-server/atticd.nix new file mode 100644 index 0000000..337496d --- /dev/null +++ b/system/dev/dn-server/atticd.nix @@ -0,0 +1,40 @@ +{ + config, + inputs, + system, + ... +}: +let + listenPort = 30098; +in +{ + services.atticd = { + enable = true; + environmentFile = config.sops.secrets."atticd/secret".path; + settings = { + listen = "127.0.0.1:${toString listenPort}"; + jwt = { }; + + chunking = { + nar-size-threshold = 64 * 1024; + min-size = 16 * 1024; + avg-size = 64 * 1024; + max-size = 256 * 1024; + }; + }; + }; + + services.nginx.virtualHosts."cache.${config.networking.domain}" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://127.0.0.1:${toString listenPort}"; + extraConfig = '' + client_max_body_size 10240M; + ''; + }; + + environment.systemPackages = with inputs.attic.packages.${system}; [ + attic-server + attic + ]; +} diff --git a/system/dev/dn-server/default.nix b/system/dev/dn-server/default.nix index 190866c..82e027d 100644 --- a/system/dev/dn-server/default.nix +++ b/system/dev/dn-server/default.nix @@ -25,6 +25,7 @@ in ./services.nix ./nginx.nix ./step-ca.nix + ./atticd.nix ../../modules/presets/minimal.nix ../../modules/bluetooth.nix ../../modules/gc.nix @@ -96,7 +97,7 @@ in mail-server = { enable = true; - configuraACME = true; + configureACME = true; mailDir = "~/Maildir"; caFile = "" + ../../extra/ca.crt; virtualMailDir = "/var/mail/vhosts"; diff --git a/system/dev/dn-server/secret.yaml b/system/dev/dn-server/secret.yaml index 142caa4..e5eec72 100644 --- a/system/dev/dn-server/secret.yaml +++ b/system/dev/dn-server/secret.yaml @@ -28,6 +28,8 @@ prometheus: nginxAuth: ENC[AES256_GCM,data:rYwuXHboAe3rf5e3kcJliKKXZ/Kcg60vnPGP+wukpaDdN8yJ00kk9cCNCjcvIyINEtL7TpEDjBX9oRsZT/E/FfWI6s133tDY,iv:Z/IiEi6oZm1Hv3m8c522GK6eYFf0syFn3A0o4S58DUI=,tag:y4n0Fm+l0OgGVHG+yttHfg==,type:str] paperless: adminPassword: ENC[AES256_GCM,data:4qeisBDEa4omAk6TrxmZfA==,iv:Mn6GJWzkd72xsvqlG0bD/3pp9YICqov356ZmlTda2eA=,tag:yLp5JE3nZ715QjIYrv5OeA==,type:str] +atticd: + secret: ENC[AES256_GCM,data:RfEztA2Nj+/1GU14TKmj0DhMyDh/d8YjXIAAs/our6DXjT/Oc/45s2yh6TX7gTY6sg+sQJ0xwLv13BaO2BL+o85rWt1BTWEWBnhR4ctlxtljDp0vsjM0NW37cXuq9AyUxEnPA3f5oxuBW+nqdPrJ8hppxz4NEg82CWdPpky/PdIz5pBaXS1PvrUtwPFMx2JzT2n9apf1iC3i6KkVIzdEa+WFI68hZAEKm1fVVCnxSGqfGJWEapBtY2O1NDOsjxP9QlyR3yad+dAQZ7aTJ1gY93cDggaxiOutjilKBtx3MxHLjIFzS9B0Q0VOnAdYJmxbeN+fGoimcam02ssoPAwso+12I3nrLBIslBoeJ5JPI2FypHqwkdIO0MWVvsD2vGcomdrnytaWyF8FS1RvtYQajv6YTjQ3RywsO8AqX7QqHu311/u2gx+ykIiSyIqnnbSZANVk2yXLjtdvkYTnq9Y8aF9qae3wJ9CC9nU2myjFqghjDKHH9HdnYjci1MvIOxR7Lgj1Zw+SS7+OHJ/RY9YVwGsoyJcZlUKR1es/jRRFFLx14kfv/AbEoZqkWie/Yx/Q5HSBvIoR4VPP2v1+gEDVIGsgOZ/tetRqw0tHdmDKLiu+vyW1m8UweIEn/XPz2B73636eGOlykEKEAbIzdOs9StifpgcnrkFADe+sWhYknWZ5lj3ihhANVSeqEQQ/NuUwGkmPiPJ3oH5fqVHB8HLgWA1fKRZOyk9wsEHUul+GUlSCS8+i5MlySunK7zy/C1+ZTbXZTLCDGWQo9XLPBnMS+AbkTRbLX+2RgWxaeZYb5PwlIIcGUIPkIHRXfaRaaQ9zt20fJ9S3Fo/o+wzO9ImInGupwuZ+3YI+iJLVi4FYpqpbHfiUsiHdIBlMeAXK2KeTQcv6MFMRJ8DlFrz6QUcmUs/ZwmJnXtYG+rxzgQQYO0RCQ+bJUwFMvdHCM4dZLVN26GsIyQIaQjYUxNW9PdXzAcuQYeV/iy+gLCN9LHmVpNWD+nvBnvfCp+pbDbznnU5twzx+T0GU9j7gBiUCLge9D+oGoIjzUYSxxS+v2g3uaa+kJnuYwFsyzafQnoKowqIXmJ0CKvoOwy3h1LAUVZXiDoi4/DI7cbl9GkEjA0SdunJZsZqdN21Jllc/Z7XvFRXuL3aW746DoBb1iPsYHvljXIGaEwP8ZAhx4+cAXUgp2hJBWIBZ0L4LGfMGIPwJd7DfpH90/brXHQB3lk9VOJigSFNeePYhm8bVD2oi1lsQFXKnNA6SRqzBda8V/z6XJVS5TBqZQ/kvxoQFLEQCHtTJK8se/UfWdWkqEvqKrAW8NTnTeAzozTEK8NLTB0GlKUMQdU/B5PjZYvhU8wBG4HaQc0gVC8tghOnBWV+i0VoDGUV/zZkb3LvTtnyRcFM+1zPbtqksHN3yafaU8nrHFL5Tzd7yVnC3cL+1MNqk1lZkwRAJsuCVm8Yp/nQqVoj+eVZP6WDc8AVxKjFth+eKaBxqg+YJzJEIDX86dlWEzEQeZfRFnIuuvOWO/GWr5s0KXYnTV5PQ7TZwqY+F2vX8jTW0/cRwvLp+y83p+DaOWVz9kOayW9IOKa3nXJvuMhLd7KbJEfIDdmrOEqRd5TDJ8KZPxsBEz3xkL5s/7uUqlXGJv4bO7D0+4xYqV1PMGrEx+fCFpjIMvyaJaFEW0F1DFRMBoTq9WFSQwQqBULeGdpXtORvgTSeFQgMoMaUnSZJVP55x+Kbpz+RSbw++LF+eSCkH015dIgNB9I2p3OzhdFL43r5K7TAqOj2JWJ7Res7+1fKIS0bK8pPqTyR3iDu8LMVmkJbUXcesGBhEEdprceP9rc8UUO5a/wdYWTaZFrn9Xq9qD12FkPjk1MFnXmiusCnq1aboL4N72WpIci5TSgrkDYFL05u1Jhh0Gqgw/VeK2PIWQ5v+JGb/gdYaJBBXWGFejKBLWZxQthoy1+SghzBOK9TGiGzD1gkCY1a2lZ3H+9Z8h3hSa7HBoSYHq1Rnk5qVuVmH0f4rtB8Qg89uw9jVj+ElF8WCOMlB3pxX3zmVue/GLAWRygk5iTZI9A1Rza7ENGetIF9muGIa0mPIDLNGtIaIIcJ8AAhELXlCuqpvyg+pqMZSA9eMU5pwCf/xmm5IansRhZhXqyns+224ftWPUd7XQY6CSHgeeWqy9DrbffAxzhUIFMHShEGOVfCOP7GXRP4j45nysu4BxXg/3El023huB9FCV7CcHXYxsTjHf8/2J2swROjxOe/FXadst/A7DGjWLGpRRVgBk5fqlSdmQcYNv6Fnu9Av9SuZJUJaF5OufMqaj0gOWutpFOzr6CFDzvrygZXgEsFeUP+kWwMr4WxXSXeTSj0TDhIfB+1eWBYCw+mB0teWAtFHFnB2skFL0d1SCp1zxW6wtAsOPApQcprIPNAccV6Y+GusrNRQehQ39SxplPJA/LPGTv3zz/buIsMvYFkOUxjEKYdCQFbz6gpjlz6nMerqy5V/fmYL0op6lg/VgZpK4Vdpm1dZyH5KXIc4BcygC8spA0hY5yTzplugyMZlJ2kdDhkst/jgiopo+l3kt/Kv//AgAbE9Fj7GEB/ZqrWkL3qxegesl0OHiHXZXQt9aZ0Dctpy8d+vj3pT4O76F8LuJlvwtesQayJTHWvOb0lMlzDByN2ehIYFRG1eXxbi9zqurRS8ZwO2/tU5RbXMgAfU/nd4TUY99DIWfz4zkFd1GBer0qySTlEyTH+XwqsQU590sUdO0H6oZrYwUFaylvfd6fSj49Zy80rBjcWdSFZmWU44/Kf0XS9bIuOUhTT+nXBiWEf7+phowRZSjtkKv+KBTRr6T7jOhh/ShY4b1ozrDhu6uQPMfw2fQp59wyBkRnuR5r+UL3sL4ToRbB6fmXFs2tmCz7XGmYmA1bmj49B03U6GO/vO7P1HRX/EgGWerIbULyq1DKxXgqAftjm7v88NKNR/aN5qzYwN5aE7ApJ9Apc3kxUve42Z39L+iRaGEM6eSz0/0jS+9DuHwMdF531oFcrgVbZllu6HRq5Zu6hYqUTpOxCq9fHOy6+GmKkLbGsWV0ta7ogj9S7q0oXzCgM4KG7Bm3IEjdirLRtqnkh8Cvy1vTfzR6SOgx3aYD9unyg9LctoZUTQzVBTkrNTozbPRw7qWQHfczmQNVdPH6UdaUfvvl671V91koFRcgCjWv2XFD88i4CVoqeFeDvGb5OoHdRBRkPrxO0NAMvqPnvlpYt9LukXXcF7z7mjNtURhBhP0BXmtXOpzbDZmCNSqp5iacLLqQkPiuccBln4eECu7qdhBDc5X0RnH/504dsbxhKyuJ0qTRSLnfN79HbqyFZa5IoVLURFpmTxOK9gf0MX+m3X//aFAuKEwf5xJyOEoz5WMzfQzQCRrmK25SF8j6BemjqKtQlYJDsih8l0eyLeYssD3Vkfae/UHnVslq/CAoN0mbjgQmZsOOpf/EMJSwvn+rf8YzgrWz6DqhuzlOCPvreGW34HvAd8cFVishVC8Tf1kDZRyIP+iR/7Kd4QWlbE4VyzlY5RPnCd+WyJtnyzl68OSBBlRF56TY7sLEyou9d2mUN8aqogfm1wOthlue4hgwbTeUEsXUKkoWNkrWHYD3sy9TLmJum1Kwg9IzhIlv+WZJXbt04pYSSelKYWzYvktrY3WSJV8A0ZNmAQeFfTOJJx+dfeK6xw41gA/0qgU3ubt9Rf+83Z5hfwQWfbszh7rrpFccLOfgnI9Zj5unNb64weV9aI8lZD5xv42dylVwHR4ikEpVqWyeHNVZw35ntstwJxr/wWgJss1W+GgJmClk0EhWrbcnLGywrbHrVEWOiDFqgyYrej97RTfs0zetyv3EcvqUXbEKpXYDsEXEXq+R6fJQ6Ve/dOHT7aIukDOHCOasnueDIrQkjoIE3En85Y1WYUGW1V6zEEa4O+NNPQ+uRVVkgN2PGDOG9QqR4sTqx9GBeJ/XgdIRZvP96KiGhJzbWprGBoH2FZqWLBc+jHmwm3RLfG2s02ntdQEHKghi/jfSdGo4sgZpBfnxTq3ZHGAK0aHE0aIWLezZDUp7Da3Fnnp3qAK7LySHi0zZFQf+gfJY4XdG0WNMEfUKqCEsYq1rlvsBHsCgLINAsxxD8uXwrqAlO3cXYBYA6A3wtr/Qpu45nD9mjTNJnT7+qLxj0kNlUINMUl1eCpOYYwqscuIV4XHVKUyQMI5XAh18iN7eBQ6ZRS7TZxLkg56F3P3TRZ3UWalMbBmiuFkOHQ8nLoMeMl50WTancKl4KJ6svNA4D/I9SmJsFolOiNH5P/nXhYAE65yjO5kiSmsxeGb64gqgn1ydC0ZQsvT4Kmx3LoJD1zNWG+v6Q1uFa7CZ6u1XfmlQPvmkFFwbkxih9/v/uk5++E8r8BtTLvUlMpqxI0X9Ai+g46/y/1qSe3gwHSLzSmnHwPJfV6pzwmtq3DL6Ci6O+CbfNBA8aFqKxZ4F/xS79LzVwDC+fdKYtT5YeUc8CFn7d6Bjc4ixvQZzG7rDa8LER/VzKKw86m+k90LCCScIE+MncAd2FqjLoyDOh6cLIaxf+BaemGVt68SmBH6//Zj5yVnAoku4g9Vdm/wgy0gjFJJKUdVwTXmgxhBhq8gwxu/OkF6BB6muhx/VOpQysIfovipEyp9aIq018BwDItc+Ya+oxd8IoJ86unA6xKf/PZWtznOT5wk358KH637t1Rzww4D8G2MSY2FhHG8Sv4m1MERYUuuKCX1OGLNTenM9rt1AF8QTuYSsjSiLvMWt49h6RluKToAVkzt0Fta527PMTPF9yienx3P6m96IOb1Lg03Js0pgD2PuyjhrvA4I8FkMiKzSsJyKAONtH2HyFXcAGXbyDNnJkbF3aCLuKukSECpoWoLQc/PFFIWdY4lFBEnM0xnEImwjFkRBToWWAt1ZV6CfVVObLxEFZb3ysDilaFk6/qevZzJhGZa9qB+qJ2f5EAUK26g9NA8ksNcYqg7PW6vvz5zlvcR8TceVxRc/JDMQ07DaMZs3zz2hpII33lVFGttrvKn/0G/RUROw/2OAzsPDHCditmXdDNMmU+7cE1yVLJ4y5vhdjuwzCS4O4YH8BIez+gGdQiLhM6zDcFENNdgxgPF7O1LD1LgqJ2mQFjKvEu7eQdFisHhDupYPhcAS6KeIRhS4a7zEduPXUXgAkBW7GOU2cWd102AUMVUkrgzs6VtKrTeXVt6DcnHY9EyaK7kwvsFOfRnxU22KyN9VLkOfWQXVKrXIt/2aSf3dS4b8Vlt0Fcik3y9Xbebv+bzOzjsdJuWDUkTxdOpX6Zea3DEReBZ1+N7VYA0fWddPmPXLMAuZJ25fI9g9b37NoK7MaIsmMjqjhPTuH/+xf2d6bRE7FbtbyzdL/bmX5/Gbdx7NDjmbTzA5raQWQ5kKTxokO4Ks02RaeRV6wSNzED1FrE6ZvDxdbXXKsopAA5+T8jnXyRZKaZMqGsn+hheLHMpBCNZ+q/cJmcS6pcOuIDrT9qqAPH5YrIBVV5F78tjp7j3JhMqklivkNLj+M8fLGwAYB8vqd5MJerc/yCYTzb3ra6iY8oBJcri+3nFKjZHHE+x7r694IXVqgibGs1WMMjJKA50hNJeLBzzMR0djR5qRkgKbMKTqbDAaxGrocNFE/YTXvgsC/Kx6vGp9dIBIsrvwbw35Fjd0/y6/CGyM87jZ+LEXCc8UTeBRhUuKCvlGD4Z97f2DTeAWeh2JeDNxef+XIhzcyCXdCd0K09z/UH1HfspdHzMxsG6VLzJ4+f9UQ+yVwyGG3MO6b6yWo9JFNdpxQCtwfuu1vkRdNOKLTiv16pEt8=,iv:WVSTjMjzmtQTs7s9RUO4q3QY0ECP3yhNrWIu+fOb8jQ=,tag:qetrngB95vK+J2ARZvC+bg==,type:str] sops: age: - recipient: age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw @@ -48,7 +50,7 @@ sops: OTRiU0cxeXp5K1FjaWRGTnBHcnpUYmcKVVlueEj/DELe9Xi9iaBddpPPRmoUmD48 wyjtlvKzS20zishE/D7GkHZ2ZdNsLD3AOnYZ6r6ATAndssC2YT/SXA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-29T07:40:00Z" - mac: ENC[AES256_GCM,data:QeQ5NOrcq3uNmt+MiVF+Jr3JWWBNGPw5A8pSdd1WR426WWqHTRP7NHAaVbS3st9VSmoYY5NI6JKeizuAq/NCvzOZL3Idy9mP+3HD9VZwn1GNSEGfhn+KZT02AY0JHq29KxcZlAYiWZOL4p+blG2aWfGm9+zy1GHoEXoo3OVhaEg=,iv:8uIoOE0ZJZYGZoQaskCXQKr7vl6wjsmJ4iudhvtgqtY=,tag:fRLGalP92dDyF8q+zT97BQ==,type:str] + lastmodified: "2025-09-22T15:01:33Z" + mac: ENC[AES256_GCM,data:miZfJnqlk3SGTmf1c2n6r40eU/sBAgjVV0nusZGry22YEd5eKNEsWISg6mKTVvx7g8Xcp53sjz7kDJKbLdJed3WvMveho+8bpuNkbG0vaoZKISr0bcyiQ3x/wRcW/zdm3an/obtytY8abP18yBMEeBClax8wEvmE+xgCzU32WxQ=,iv:394nUuehcLr1QaLJTsYixe21LwpU5hzcDpq99eE9KQs=,tag:/v2fMvNGqtbYF87RFparYg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/system/dev/dn-server/sops-conf.nix b/system/dev/dn-server/sops-conf.nix index 88b27f3..98e3cf8 100644 --- a/system/dev/dn-server/sops-conf.nix +++ b/system/dev/dn-server/sops-conf.nix @@ -63,6 +63,7 @@ in "paperless/adminPassword" = mkIf config.services.paperless.enable { owner = config.services.paperless.user; }; + "atticd/secret" = mkIf config.services.atticd.enable { }; }; }; } diff --git a/system/dev/skydrive-lap/default.nix b/system/dev/skydrive-lap/default.nix index b663308..6390665 100644 --- a/system/dev/skydrive-lap/default.nix +++ b/system/dev/skydrive-lap/default.nix @@ -9,8 +9,9 @@ let inherit (lib) optionalString; geVersion = "10-15"; faceIcon = pkgs.fetchurl { - url = "https://instagram.ftpe7-1.fna.fbcdn.net/v/t51.2885-19/424428026_677208484625994_7040235245478168411_n.jpg?efg=eyJ2ZW5jb2RlX3RhZyI6InByb2ZpbGVfcGljLmRqYW5nby4xMDA4LmMyIn0&_nc_ht=instagram.ftpe7-1.fna.fbcdn.net&_nc_cat=106&_nc_oc=Q6cZ2QE3VBo0agfb2uRkv76VZxrXrKy3ZqOgrbVuuGMU_OUraKQBrsxhJCQdBRCwxri_CkI&_nc_ohc=p8gNQ2JIMw8Q7kNvwHo_GSn&_nc_gid=gdlrYsCRM-aXXlo0UnZp9Q&edm=ALGbJPMBAAAA&ccb=7-5&oh=00_AfYdDCxoYilhrom6hx55-j-HgfN-XbizFuIjg52Ci14P8Q&oe=68D0471D&_nc_sid=7d3ac5"; - hash = "sha256-qea72vVrZJ3DPH0h4i8TORXZjQZMyQnOlM7xi/0Enw0="; + url = "https://files.net.dn/skydrive.jpg"; + hash = "sha256-aMjl6VL1Zy+r3ElfFyhFOlJKWn42JOnAFfBXF+GPB/Q="; + curlOpts = "-k"; }; memeSelector = pkgs.callPackage ../../../home/scripts/memeSelector.nix { @@ -37,6 +38,7 @@ in ./boot.nix # Extra Boot Options ./disk.nix ./sops-conf.nix + ../../modules/printer.nix ../../modules/gaming.nix ../../modules/wine.nix ../../modules/localsend.nix diff --git a/system/modules/nixsettings.nix b/system/modules/nixsettings.nix index 584c481..410387c 100644 --- a/system/modules/nixsettings.nix +++ b/system/modules/nixsettings.nix @@ -3,7 +3,16 @@ documentation.nixos.enable = false; nix = { settings = { + substituters = [ + "https://cache.net.dn/dn-main" + ]; + trusted-public-keys = [ + "dn-main:ZjQmZEOWpe0TjZgHGwkgtPdOUXpN82RL9wy30EW1V7k=" + ]; warn-dirty = false; + trusted-users = [ + "@wheel" + ]; experimental-features = [ "nix-command" "flakes" diff --git a/system/modules/printer.nix b/system/modules/printer.nix new file mode 100644 index 0000000..8f22f84 --- /dev/null +++ b/system/modules/printer.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +{ + services.printing = { + enable = true; + drivers = with pkgs; [ + gutenprint + gutenprintBin + brlaser + brgenml1lpr + brgenml1cupswrapper + splix + hplip + epson-escpr2 + epson-escpr + ]; + }; + + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; +} diff --git a/system/modules/stalwart.nix b/system/modules/stalwart.nix index 65104d2..24274fc 100644 --- a/system/modules/stalwart.nix +++ b/system/modules/stalwart.nix @@ -103,7 +103,7 @@ in acme."letsencrypt" = mkIf (acmeConf != null) acmeConf; session.auth = { - mechanisms = "[PLAIN LOGIN OAUTHBEARER]"; + mechanisms = "[plain login oauthbearer]"; directory = mkCondition "listener != 'smtp'" "'ldap'" false; require = mkCondition "listener != 'smtp'" true false; }; @@ -117,12 +117,6 @@ in "in-memory" = { type = "memory"; principals = [ - { - name = "danny"; - class = "individual"; - secret = "%{file:${adminPassFile}}%"; - email = [ "danny@${domain}" ]; - } { name = "postmaster"; class = "individual";