diff --git a/config/profiles/base/nix.nix b/config/profiles/base/nix.nix index 6ac4c585..4e47537e 100644 --- a/config/profiles/base/nix.nix +++ b/config/profiles/base/nix.nix @@ -5,28 +5,30 @@ boot.loader.systemd-boot.configurationLimit = 8; nix = { - extraOptions = lib.optionalString (lib.versionAtLeast config.nix.package.version "2.4") '' - experimental-features = nix-command flakes - ''; nixPath = [ "nixpkgs=${inputs.nixpkgs}" "nur=${inputs.nur}" "arc=${inputs.arcexprs}" "ci=${inputs.ci}" ]; - sandboxPaths = [ - "/var/run/nscd/socket" - ]; - - binaryCaches = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org" "https://nixcache.reflex-frp.org" ]; - binaryCachePublicKeys = - [ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ]; - autoOptimiseStore = true; + registry = { + nixpkgs.flake = inputs.nixpkgs; + nur.flake = inputs.nur; + arc.flake = inputs.arcexprs; + ci.flake = inputs.ci; + }; + settings = { + experimental-features = lib.optional (lib.versionAtLeast config.nix.package.version "2.4") "nix-command flakes"; + substituters = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org" "https://nixcache.reflex-frp.org" ]; + trusted-public-keys = + [ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ]; + auto-optimise-store = true; + trusted-users = [ "root" "@wheel" ]; + }; gc = { automatic = lib.mkDefault false; dates = lib.mkDefault "weekly"; options = lib.mkDefault "--delete-older-than 1w"; }; - trustedUsers = [ "root" "@wheel" ]; }; } diff --git a/config/profiles/base/ssh.nix b/config/profiles/base/ssh.nix index d1ff411e..4635e52a 100644 --- a/config/profiles/base/ssh.nix +++ b/config/profiles/base/ssh.nix @@ -30,7 +30,7 @@ with lib; enable = true; ports = lib.mkDefault [ 62954 ]; passwordAuthentication = false; - challengeResponseAuthentication = false; + kbdInteractiveAuthentication = false; permitRootLogin = lib.mkDefault "prohibit-password"; kexAlgorithms = [ "curve25519-sha256@libssh.org" ]; extraConfig = '' diff --git a/config/profiles/cross/arm-common.nix b/config/profiles/cross/arm-common.nix index 22fe7a6f..5150820b 100644 --- a/config/profiles/cross/arm-common.nix +++ b/config/profiles/cross/arm-common.nix @@ -1,6 +1,6 @@ { config, ... }: { - nix = { - binaryCaches = [ "https://thefloweringash-armv7.cachix.org/" ]; - binaryCachePublicKeys = [ "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" ]; + nix.settings = { + substituters = [ "https://thefloweringash-armv7.cachix.org/" ]; + trusted-public-keys = [ "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" ]; }; } diff --git a/config/profiles/cross/armv6.nix b/config/profiles/cross/armv6.nix index 7fb88614..cf16ced0 100644 --- a/config/profiles/cross/armv6.nix +++ b/config/profiles/cross/armv6.nix @@ -1,7 +1,7 @@ { config, ... }: { - nix = { - binaryCaches = [ "https://arm.cachix.org/" ]; - binaryCachePublicKeys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ]; + nix.settings = { + substituters = [ "https://arm.cachix.org/" ]; + trusted-public-keys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ]; }; boot.binfmt = { emulatedSystems = [ "armv6l-linux" ]; diff --git a/config/profiles/cross/armv7.nix b/config/profiles/cross/armv7.nix index 482fe54d..77cd0043 100644 --- a/config/profiles/cross/armv7.nix +++ b/config/profiles/cross/armv7.nix @@ -1,7 +1,7 @@ { config, ... }: { - nix = { - binaryCaches = [ "https://arm.cachix.org/" ]; - binaryCachePublicKeys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ]; + nix.settings = { + substituters = [ "https://arm.cachix.org/" ]; + trusted-public-keys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ]; }; boot.binfmt = { emulatedSystems = [ "armv7l-linux" ]; diff --git a/config/profiles/vfio/profile.nix b/config/profiles/vfio/profile.nix index a5e5e8d6..f05b9f22 100644 --- a/config/profiles/vfio/profile.nix +++ b/config/profiles/vfio/profile.nix @@ -154,10 +154,6 @@ in { kernelModules = [ "i2c-dev" ]; # i2c-dev is required for DDC/CI for screenstub kernelPatches = with pkgs.kernelPatches; [ (mkIf config.deploy.profile.hardware.acs-override acs-override) - { - name = "clocksource-reduce-tsc-tolerance"; - patch = ./tsc-tolerance.patch; - } ]; } (mkIf (config.deploy.profile.hardware.amdgpu) { diff --git a/config/services/mail/rspamd.nix b/config/services/mail/rspamd.nix index a05b3876..da40cbac 100644 --- a/config/services/mail/rspamd.nix +++ b/config/services/mail/rspamd.nix @@ -14,7 +14,7 @@ in extended_spam_headers = yes; ''; }; "redis.conf" = { text = '' - servers = "127.0.0.1:${toString config.services.redis.port}"; + servers = "127.0.0.1:${toString config.services.redis.servers.rspamd.port}"; ''; }; "classifier-bayes.conf" = { text = '' cache { @@ -67,7 +67,7 @@ in }; - services.redis.enable = true; + services.redis.servers.rspamd.enable = true; systemd.services.rspamd = { requires = [ "redis.service" ]; diff --git a/config/services/mail/sogo.nix b/config/services/mail/sogo.nix index 5386374c..e83626e2 100644 --- a/config/services/mail/sogo.nix +++ b/config/services/mail/sogo.nix @@ -54,6 +54,7 @@ "postgresql://sogo@/sogo/sogo_sessions_folder"; SOGoMailingMechanism = "smtp"; SOGoForceExternalLoginWithEmail = YES; + SOGoSMTPAuthenticationType = PLAIN; SOGoSMTPServer = "smtps://${config.network.addresses.public.domain}:465"; SOGoIMAPServer = "imaps://${config.network.addresses.public.domain}:993"; SOGoUserSources = ( diff --git a/config/services/murmur.nix b/config/services/murmur.nix index 36890423..4f14b25e 100644 --- a/config/services/murmur.nix +++ b/config/services/murmur.nix @@ -90,7 +90,7 @@ in systemd.services.murmur = { description = "Murmur Chat Service"; wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target " ]; + after = [ "network-online.target" ]; serviceConfig = { # murmurd doesn't fork when logging to the console. diff --git a/config/services/nginx.nix b/config/services/nginx.nix index e7257106..e946f9b2 100644 --- a/config/services/nginx.nix +++ b/config/services/nginx.nix @@ -39,8 +39,8 @@ with lib; }; security.acme = { - #defaults.email = config.network.dns.email; - email = config.network.dns.email; + defaults.email = config.network.dns.email; + #email = config.network.dns.email; acceptTerms = true; }; } diff --git a/config/tf b/config/tf index c37443d5..bf30d9da 160000 --- a/config/tf +++ b/config/tf @@ -1 +1 @@ -Subproject commit c37443d54bb36efa3ca23847b3c515c3ece0a943 +Subproject commit bf30d9da585eae6fa6140a482e0012d1e46127ba diff --git a/config/users/kat/i3/polybar.nix b/config/users/kat/i3/polybar.nix index e8865114..94705500 100644 --- a/config/users/kat/i3/polybar.nix +++ b/config/users/kat/i3/polybar.nix @@ -259,7 +259,7 @@ padding = 1; background = background_light; }; - interval = 60; + interval = 1; date = "%a, %F"; time = "%T"; }; @@ -288,7 +288,7 @@ set -eu set -o pipefail if gpg --card-status &> /dev/null; then - user="$(gpg --card-status | grep 'Login data' | awk '{print $NF}')"; + #user="$(gpg --card-status | grep 'Login data' | awk '{print $NF}')"; status='%{B${string}}  %{B-}' else status='%{B${variable}}  %{B-}' diff --git a/config/users/kat/personal/packages.nix b/config/users/kat/personal/packages.nix index a2266e70..3f112c25 100644 --- a/config/users/kat/personal/packages.nix +++ b/config/users/kat/personal/packages.nix @@ -3,7 +3,6 @@ { home.packages = with pkgs; [ pinentry.gtk2 - niv borgbackup ]; } diff --git a/config/users/kat/personal/shell.nix b/config/users/kat/personal/shell.nix index 27d947cc..dd9ce7b9 100644 --- a/config/users/kat/personal/shell.nix +++ b/config/users/kat/personal/shell.nix @@ -6,7 +6,5 @@ ${pkgs.kitty}/bin/kitty +kitten icat ${./nano.png} ''; }; - programs.zsh = { - shellAliases = mapListToAttrs (attr: nameValuePair "abby${attr}" "mpv $(bitw get secrets/abby -f ${attr})") [ "radio" "tv" ]; - }; + home.packages = map (attr: pkgs.writeShellScriptBin "abby${attr}" "mpv $(bitw get secrets/abby -f ${attr})") [ "radio" "tv" ]; } diff --git a/flake.lock b/flake.lock index 03d357f8..8d3a8121 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ "arcexprs": { "flake": false, "locked": { - "lastModified": 1641269180, - "narHash": "sha256-yxKrSjZIsagr6DoiTSfHk9FTMNmMWd6/eCdIbANQUY8=", + "lastModified": 1644261878, + "narHash": "sha256-V0Dn63YTjvWdPvdmtMsYZWPkxmkRK8C1xGCQV4Sf3qw=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "ae4a52292edbcc49e39e9d40f70f2b27948ef4a6", + "rev": "a8ad4007716a9b1bd796394c7f3e92faf6f4c75c", "type": "github" }, "original": { @@ -37,11 +37,11 @@ "ci": { "flake": false, "locked": { - "lastModified": 1638109861, - "narHash": "sha256-i87WzlLPk8bG5ampBaL9Qj5Fu6BN9QN/qkyF1FUtWG0=", + "lastModified": 1643398418, + "narHash": "sha256-j7Z+k1dUg65vvBhME+c3ve1Oxlu5GeI4oNwdo1NGL10=", "owner": "arcnmx", "repo": "ci", - "rev": "58ffa52cb91df95120734019cc1af800ee585b80", + "rev": "1d38e73657284793de5251738adbe2c04a151c08", "type": "github" }, "original": { @@ -86,11 +86,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1638984290, - "narHash": "sha256-T+LusWWmE7NrGtMsxORMJzgKrZYooQJZIJRppjuCnLI=", + "lastModified": 1644315846, + "narHash": "sha256-/DVsxnczKZdY6neJO5a0tjYR+rjmNHtTSb5NXqYHzzI=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4f68299096f42f9499f615f97ac295b218ecae21", + "rev": "b95461861c8b5b7432cfc13306477d17c684d80d", "type": "github" }, "original": { @@ -199,11 +199,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1627913399, - "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "lastModified": 1641205782, + "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "type": "github" }, "original": { @@ -264,11 +264,11 @@ ] }, "locked": { - "lastModified": 1638959036, - "narHash": "sha256-d75Ow/rV3nq4penfTJz9H3/OlIHttoKoJUDEfink/8k=", + "lastModified": 1644255659, + "narHash": "sha256-VuPFOttrBRTOJqPY5yboxVdk1xZjSSlOSDDbBCMKioo=", "owner": "nix-community", "repo": "home-manager", - "rev": "829e89a16f4f96428d1b94e68d4c06107b5491c0", + "rev": "1ca6293c8fb1dbe13c48fe518440c288256cd562", "type": "github" }, "original": { @@ -280,11 +280,11 @@ }, "impermanence": { "locked": { - "lastModified": 1638981861, - "narHash": "sha256-rDEn/hU9ayDig2HMYKN71InhY1LV5slxp9Zy2iPBysQ=", + "lastModified": 1644014516, + "narHash": "sha256-PkD35S6lduaU6mLcraFY0vj608RPv1kQp5uaFd/s26o=", "owner": "nix-community", "repo": "impermanence", - "rev": "df5038f20c9efd442944fe26b93f41c0dc5217da", + "rev": "ff540dbe20556f6119d80f5c79796a0698a4ee38", "type": "github" }, "original": { @@ -391,11 +391,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1638806821, - "narHash": "sha256-v2qd2Bsmzft53s43eCbN+4ocrLksRdFLyF/MAGuWuDA=", + "lastModified": 1644278373, + "narHash": "sha256-9riYZyVing7OQUUWELSojlbt9u0xDh0Xm5Eg8FQn0fc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bc5d68306b40b8522ffb69ba6cff91898c2fbbff", + "rev": "60c52a73f1d5858020ac4f161cd5bf1c9650f8b8", "type": "github" }, "original": { @@ -423,11 +423,11 @@ }, "nur": { "locked": { - "lastModified": 1639003260, - "narHash": "sha256-orrydgXlevz6XdtcsMk1F3CjXFFQPrRInzDgTgXH9/A=", + "lastModified": 1644334785, + "narHash": "sha256-QxpTrls9SaQMKdIyV2c8WkkEkacqT3WLQXt/Fbo/T3g=", "owner": "nix-community", "repo": "nur", - "rev": "c67a780f8b0ca614ec7e1800d8a597f26e595668", + "rev": "9855bc140c3a4b5abd9cd9698fb4ef0da912af19", "type": "github" }, "original": { @@ -587,11 +587,11 @@ "tf-nix": { "flake": false, "locked": { - "lastModified": 1639529339, - "narHash": "sha256-r+nIyHAKUZA3bWOlpNpu2ferhXYx4f3TbtMEJpVfbVg=", + "lastModified": 1644337454, + "narHash": "sha256-jghbOdIc8b49am3pP6zzDBh707HDzJHHIRHufXfhNPw=", "owner": "arcnmx", "repo": "tf-nix", - "rev": "932837bbc371389ff3597a2e5b4791b45b5e18bd", + "rev": "550c741369a13095208b04333866348b1cbaf1a6", "type": "github" }, "original": { diff --git a/overlays/local/vm.nix b/overlays/local/vm.nix index bed43611..71748c8b 100644 --- a/overlays/local/vm.nix +++ b/overlays/local/vm.nix @@ -9,7 +9,7 @@ writeShellScriptBin "win10-vm" '' -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \ -machine pc-q35-5.1,accel=kvm,usb=off,vmport=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \ -monitor stdio \ - -cpu host,migratable=no,topoext=on,host-cache-info=on,+invtsc,hv_time,hv_relaxed,hv_vpindex,hv_synic,hv_spinlocks=0x1fff,hv_vendor_id=ab12341234ab$,hv_vapic,-amd-stibp \ + -cpu host,topoext=on,host-cache-info=on,+invtsc,smep=off,hv_time,hv_relaxed,hv_spinlocks=0x1fff,hv_vendor_id=ab12341234ab$,hv_vapic,-amd-stibp \ -m 12288 \ -mem-path /dev/hugepages1G/qemu-win10-vm -mem-prealloc \ -smp 8,sockets=1,dies=1,cores=4,threads=2 \ diff --git a/trusted/flake.lock b/trusted/flake.lock index 218865c3..6eff745b 100644 --- a/trusted/flake.lock +++ b/trusted/flake.lock @@ -413,12 +413,12 @@ ] }, "locked": { - "narHash": "sha256-Ivl7zeruE4IBziVoN45np+79Mqme7APYC+fVgHqjvyg=", - "path": "/nix/store/njggqc0knm08q2cmxxn2009ig1gnirgz-source", + "narHash": "sha256-2cZ6237JhyatPQObd0Q2FVqoXnXYDcKiCpzWxkF5eRk=", + "path": "/nix/store/zkwg2mlqw200n2v8170738q69lk45yj2-source", "type": "path" }, "original": { - "path": "/nix/store/njggqc0knm08q2cmxxn2009ig1gnirgz-source", + "path": "/nix/store/zkwg2mlqw200n2v8170738q69lk45yj2-source", "type": "path" } }, @@ -624,11 +624,11 @@ "trusted": { "flake": false, "locked": { - "lastModified": 1637629540, - "narHash": "sha256-uWqbVzpZB9PJSyswP+k7cTSdGR5kz0rYBzGzWQxIhco=", + "lastModified": 1639598693, + "narHash": "sha256-stR1xQiJCt1PM0JocMpdSC14/2QcDFKjIX4wRJJzQRE=", "ref": "main", - "rev": "4a7020983e7c7d246971edde580b8d3914bd2563", - "revCount": 88, + "rev": "1b831ed778fad5919d09cb8b70fc3ede0851729d", + "revCount": 89, "type": "git", "url": "ssh://git@github.com/kittywitch/nixfiles-trusted" },