diff --git a/agenix/hosts/tanker/config.nix b/agenix/hosts/tanker/config.nix index 9cc896b..ca8bd21 100644 --- a/agenix/hosts/tanker/config.nix +++ b/agenix/hosts/tanker/config.nix @@ -14,6 +14,10 @@ file = ./tailscale/authkey.age; }; + msmtp-password = { + file = ./msmtp/password.age; + }; + atuin-environment = { file = ./atuin/environment.age; }; diff --git a/agenix/hosts/tanker/msmtp/password.age b/agenix/hosts/tanker/msmtp/password.age new file mode 100644 index 0000000..051b053 --- /dev/null +++ b/agenix/hosts/tanker/msmtp/password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g 5c/NSUkybDx2UKB5fJ9MJQo/C9jl6jF3QGZqZ5aOxAA +O6i3E3GW9D7XLkyH5YR/wLrbxdvuxHtT5HtJDW9bn18 +-> ssh-ed25519 iO8/4g L/le4ctTqR6cy6WSJXW6xVZe4/UKW6ta2LEN9ePkUxk +J9ShrIEux+7c916xYKvnAHLjuTN0Kr0fP31bW6gdxdI +-> &qro-grease +E1A9qzYNBDP3tUE8vw/ZDIwjaiibl4yH/qQe1UpF +--- 2uYCd8++YtmpoHjVat1DB67GC2bELX8Drbk0Y6KdJ+Y +.$c%WS ˏGXbR>'JhUjqITRwxq9FSPf70 \ No newline at end of file diff --git a/container/matrix/default.nix b/container/matrix/default.nix index a2d7248..ca5463b 100644 --- a/container/matrix/default.nix +++ b/container/matrix/default.nix @@ -32,6 +32,20 @@ }; }; + systemd.services = { + podman-signald.restartTriggers = [ + "${config.age.secrets.signald-environment.file}" + ]; + + podman-matrix-signal.restartTriggers = [ + "${config.age.secrets.mautrix-signal-config.file}" + ]; + + podman-matrix-whatsapp.restartTriggers = [ + "${config.age.secrets.mautrix-whatsapp-config.file}" + ]; + }; + systemd.tmpfiles.rules = [ "d /var/lib/matrix-bridges/signald 0775 0 0" "d /var/lib/matrix-bridges/signal 0775 1337 1337" diff --git a/container/proxitok/default.nix b/container/proxitok/default.nix index 212009f..dbdee2d 100644 --- a/container/proxitok/default.nix +++ b/container/proxitok/default.nix @@ -25,6 +25,10 @@ }; }; + systemd.services.podman-proxitok-web.restartTriggers = [ + "${config.age.secrets.proxitok-environment.file}" + ]; + systemd.tmpfiles.rules = [ "d /etc/container-proxitok/cache 0755 33 33" ]; diff --git a/flake.lock b/flake.lock index 2cd9da3..900679f 100644 --- a/flake.lock +++ b/flake.lock @@ -110,11 +110,11 @@ ] }, "locked": { - "lastModified": 1687385522, - "narHash": "sha256-GR8mqsqYcdZ67dCcII5SWcwHqPAJRWXPmqsuMl7+KA4=", + "lastModified": 1687517837, + "narHash": "sha256-Ea+JTy6NSf+wWIFrgC8gnOnyt01xwmtDEn2KecvaBkg=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "bc346a67d34a336ca3c507570875cc88038e6120", + "rev": "6460468e7a3e1290f132fee4170ebeaa127f6f32", "type": "github" }, "original": { @@ -276,11 +276,11 @@ ] }, "locked": { - "lastModified": 1687444533, - "narHash": "sha256-9IdCN7s7Dr1uKt0uRoYT15cpOjN1qYHpTRPKRHCMc3o=", + "lastModified": 1687506590, + "narHash": "sha256-CSou9mrG9h/WVRjCptfTrATVxvhmtdQXElmWV/ZkrAs=", "owner": "nix-community", "repo": "home-manager", - "rev": "6c78ba7932567331fb8ebabf34a143b998bb5f23", + "rev": "d2b6f2d154bf6b27a93ed895392f80c503df7cfa", "type": "github" }, "original": { @@ -299,11 +299,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1687421929, - "narHash": "sha256-XMYjDlLTSvI2H4HZjf9jhWXmsCyDq8nujLt6jom89k0=", + "lastModified": 1687473626, + "narHash": "sha256-9RacG3kFwJoxAeTcSU4DSuISk8jIO/7uarTe/M7/gZs=", "owner": "neovim", "repo": "neovim", - "rev": "4d3a04279d32bc97d18ab2883c678c94f80487bc", + "rev": "3688735c2b63337ab8d8b12ac08b4e6e064e98a2", "type": "github" }, "original": { @@ -324,11 +324,11 @@ "weewx-proxy-flake": "weewx-proxy-flake" }, "locked": { - "lastModified": 1687421950, - "narHash": "sha256-Xjg80TuYSF5CcNJefPExG/lz5y4QQmI/4J7LYUf6z8k=", + "lastModified": 1687508546, + "narHash": "sha256-FU40rzPZcwdfXxMh8t00pdvAwFZtG38LuSC3oh0bD48=", "owner": "nifoc", "repo": "nix-overlay", - "rev": "67dbe7962aaecb76d99a286583e64cd56045f616", + "rev": "313011c66b28d90f3c35bf01fd0fa45c9602f94e", "type": "github" }, "original": { @@ -355,11 +355,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1687392660, - "narHash": "sha256-E4bsKvHGFsKYegkfJ/FwR64OMtpjTWHM4CvCyWSTlnM=", + "lastModified": 1687518131, + "narHash": "sha256-KirltRIc4SFfk8bTNudIqgKAALH5oqpW3PefmkfWK5M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3fb3ce0b6b84d3b4e7b49e142da9c5764b563058", + "rev": "3d8a93602bc54ece7a4e689d9aea1a574e2bbc24", "type": "github" }, "original": { diff --git a/hardware/hosts/tanker.nix b/hardware/hosts/tanker.nix index 1ed908a..1a5c6b7 100644 --- a/hardware/hosts/tanker.nix +++ b/hardware/hosts/tanker.nix @@ -31,6 +31,7 @@ "net.ipv4.tcp_timestamps" = 1; "net.ipv4.tcp_window_scaling" = 1; "net.core.rmem_max" = 2500000; + "vm.overcommit_memory" = 1; }; }; } diff --git a/home/hosts/Styx.nix b/home/hosts/Styx.nix index 3cf92f6..ed050ad 100644 --- a/home/hosts/Styx.nix +++ b/home/hosts/Styx.nix @@ -59,6 +59,7 @@ args@{ pkgs, config, lib, ... }: hyperfine lnav mtr + nix-output-monitor nurl parallel q @@ -75,4 +76,6 @@ args@{ pkgs, config, lib, ... }: programs = { zoxide.enable = true; }; + + manual.manpages.enable = false; } diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix index c596e2d..a2ee05b 100644 --- a/home/programs/nvim/plugins.nix +++ b/home/programs/nvim/plugins.nix @@ -85,12 +85,12 @@ in }; leap-nvim = buildVimPluginFrom2Nix { pname = "leap.nvim"; - version = "2023-06-21"; + version = "2023-06-22"; src = fetchFromGitHub { owner = "ggandor"; repo = "leap.nvim"; - rev = "2d7d35ea0da1b4478436dfbbb7440be91605b503"; - sha256 = "0ihy5xpxzdg603dd31vbzcdj48gc5khr2d72r97ryc57afmriy28"; + rev = "0e5a8b684b577a1d1af53499007e9b84f6323e45"; + sha256 = "14mqp0l6gwhgg6sz592cdzkrh82gv2wa6l094spyyhz6f598rz62"; fetchSubmodules = false; }; }; @@ -107,12 +107,12 @@ in }; nvim-treesitter = buildVimPluginFrom2Nix { pname = "nvim-treesitter"; - version = "2023-06-22"; + version = "2023-06-23"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter"; - rev = "ae0415331483bd143f80c186401fb2aa783f33df"; - sha256 = "0wqfnlvjsj61z60i9zgsdkw9vdqwl31k52yjfvbvn6q54v0ahnxm"; + rev = "f03db67aa400940a4e39f138a20cc9d0843528d3"; + sha256 = "0g4nkd8l7hqhhxin05pp0da39kfs5zm29bj5pb87fxvbm8zmrijc"; fetchSubmodules = false; }; }; @@ -220,12 +220,12 @@ in }; nvim-lspconfig = buildVimPluginFrom2Nix { pname = "nvim-lspconfig"; - version = "2023-06-22"; + version = "2023-06-23"; src = fetchFromGitHub { owner = "neovim"; repo = "nvim-lspconfig"; - rev = "11a1be0e5f180b57079db56de10a20b4323111ae"; - sha256 = "0wzf7rk4ff6gkwd40q84as09hxh5w1k4z9nshhz41fgvp9yh46iq"; + rev = "b6b34b9acf84949f0ac1c00747765e62b81fb38d"; + sha256 = "12p1flmk9qp71kmy9sgv8a5izdwk1n4fggdpmiz42wyg7znzjxmp"; fetchSubmodules = false; }; }; @@ -319,23 +319,23 @@ in }; nvim-cmp = buildVimPluginFrom2Nix { pname = "nvim-cmp"; - version = "2023-06-21"; + version = "2023-06-23"; src = fetchFromGitHub { owner = "hrsh7th"; repo = "nvim-cmp"; - rev = "8a1694ff330ed58ed29716686fcef79c28090354"; - sha256 = "00zxvwc244njvkbwbvxffrcqam37xi93r0pvcvzin4kc9npaygaq"; + rev = "e1f1b40790a8cb7e64091fb12cc5ffe350363aa0"; + sha256 = "1gz02cy11r5bdrr0bz0xl0cmph6kpb3fv4xdnsbnxzq5jwia24m9"; fetchSubmodules = false; }; }; cmp-nvim-lsp = buildVimPluginFrom2Nix { pname = "cmp-nvim-lsp"; - version = "2023-02-06"; + version = "2023-06-23"; src = fetchFromGitHub { owner = "hrsh7th"; repo = "cmp-nvim-lsp"; - rev = "0e6b2ed705ddcff9738ec4ea838141654f12eeef"; - sha256 = "0gpwwc3rhfckaava83hpl7pw4rspicblxs7hy3y57gb560ymq6hg"; + rev = "44b16d11215dce86f253ce0c30949813c0a90765"; + sha256 = "1ny64ls3z9pcflsg3sd7xnd795mcfbqhyan3bk4ymxgv5jh2qkcr"; fetchSubmodules = false; }; }; diff --git a/home/programs/scripts/nixpkgs-switch b/home/programs/scripts/nixpkgs-switch index d4a4209..93a75ec 100755 --- a/home/programs/scripts/nixpkgs-switch +++ b/home/programs/scripts/nixpkgs-switch @@ -1,8 +1,9 @@ #!/usr/bin/env fish -set -f os (uname) +set -f nix_os (uname) +set -f nix_hostname (hostname -s) -switch $os +switch $nix_os case Darwin set -f config_dir "$HOME/.config/nixpkgs" case Linux @@ -15,10 +16,11 @@ end pushd "$config_dir" rm -rf result -switch $os +switch $nix_os case Darwin git pull - env TERM=xterm-256color darwin-rebuild switch --flake . + nom build ".#darwinConfigurations.$nix_hostname.config.system.build.toplevel" + env TERM=xterm-256color darwin-rebuild switch --flake ".#$nix_hostname" case Linux sudo git pull sudo nixos-rebuild switch --flake . diff --git a/secrets.nix b/secrets.nix index 1fca677..4132aab 100644 --- a/secrets.nix +++ b/secrets.nix @@ -19,6 +19,8 @@ in "agenix/hosts/tanker/tailscale/authkey.age".publicKeys = tanker; + "agenix/hosts/tanker/msmtp/password.age".publicKeys = tanker; + "agenix/hosts/tanker/atuin/environment.age".publicKeys = tanker; "agenix/hosts/tanker/atticd/environment.age".publicKeys = tanker; diff --git a/system/hosts/tanker.nix b/system/hosts/tanker.nix index 4d3f5c8..7f6a550 100644 --- a/system/hosts/tanker.nix +++ b/system/hosts/tanker.nix @@ -11,6 +11,7 @@ in ../../agenix/hosts/tanker/config.nix ../shared/show-update-changelog.nix ../nixos/ssh.nix + ../nixos/msmtp.nix ../nixos/git.nix diff --git a/system/nixos/msmtp.nix b/system/nixos/msmtp.nix new file mode 100644 index 0000000..bad786e --- /dev/null +++ b/system/nixos/msmtp.nix @@ -0,0 +1,26 @@ +{ config, ... }: + +{ + programs.msmtp = { + enable = true; + setSendmail = true; + + defaults = { + tls = true; + }; + + accounts = { + default = { + auth = true; + host = "smtp.mailgun.org"; + port = 465; + tls_starttls = false; + user = "postmaster@mg.kempkens.io"; + passwordeval = "cat ${config.age.secrets.msmtp-password.path}"; + + set_from_header = true; + from = "tanker@mg.kempkens.io"; + }; + }; + }; +} diff --git a/system/nixos/zfs.nix b/system/nixos/zfs.nix index a18366f..bf462e1 100644 --- a/system/nixos/zfs.nix +++ b/system/nixos/zfs.nix @@ -8,5 +8,12 @@ monthly = 3; }; + + autoScrub = { + enable = true; + interval = "monthly"; + + pools = [ "zroot" ]; + }; }; }