From ee88a3fbd5479d71e2ea9edd7ee162f699e574e1 Mon Sep 17 00:00:00 2001 From: Kjetil Orbekk Date: Tue, 31 May 2022 18:10:56 -0400 Subject: Update to nixos-22.05 --- modules/common.nix | 10 +++------- modules/desktop.nix | 7 ++++--- modules/login.nix | 46 ---------------------------------------------- modules/nextcloud.nix | 2 +- modules/vpn.nix | 6 +++--- modules/yubikey.nix | 2 +- 6 files changed, 12 insertions(+), 61 deletions(-) delete mode 100644 modules/login.nix (limited to 'modules') diff --git a/modules/common.nix b/modules/common.nix index 72c146f..24eb8b8 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -5,11 +5,6 @@ orbekk.secrets.enable = true; - nixpkgs.config.packageOverrides = pkgs: { - libsignal-protocol-c = pkgs.callPackage ../pkgs/libsignal-c/default.nix { }; - keycloak = pkgs.callPackage ../pkgs/keycloak/default.nix { }; - }; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgvHMjYQ5Ty7Em2Seji6dvYhgQUIbyhiHdzRINYpiOUMuVA8wgJOV0ZggmFFTO5zfJ83m7E5nc/zMuBVHwkx1gJz5ic8YdO9eLIhymQn9R+9fyLA+g+h8uwTi7UlFmQp+My7MYYxdA2tet1wwgm39Yu49mxi8lARUgi4awXn5K/ZFy08GyjGia2E/YKx2gXPKhHsWFKWPO5u8ik0v8AFCliY2wXiG4jkZE2zI0gI5FUp66tpxkaOSZqreH+lVJw+S+GAJIqzGI99zqZsAdpr7m4WALZEYwj9D7/lattSG14CAjXxjqcMSsfi6fV0ZsF1O40eoZ9mNQpIvatXtL6HBSN3kuUfraQMeB8o5kbxwyXt2Fr5hMKtEGYlMv5uPqdn+yHcC51F3RkUxFJplOFwZ3Rh/AjLLMKo+vEtL9UjhTuYiSQ0ySunY5JbBVkJY4z3pLT9MOPnq+KIfBMFBI/eYE6yeMNTHxIFMDaNMFOxWc0SoBDhgZJX5eblYidt/YWMOEPbqJNCrWIzQwtDsiYsF9JS/3D5civwTP/oaASaiJWTAvluwbibMFAC1OSBFb20xM5gD0C1q05pxVMN3Ioy1P0CIvJMLWfQR1yrNbnmoGUGHeSA/gwaxqMg7G+P/SBIheDAYEu5fzXXgFgO3sI8JvIdc1NTJMmHktahb/ecG1MQ== cardno:000605483586" ]; @@ -37,7 +32,8 @@ dnsutils binutils #emacs - emacsPgtkNativeComp + #emacsPgtkNativeComp + pkgs.unstable.emacsNativeComp exa fd fzf @@ -78,7 +74,7 @@ services = { postgresql = { package = pkgs.postgresql_12; }; openssh.passwordAuthentication = false; - openssh.challengeResponseAuthentication = false; + openssh.kbdInteractiveAuthentication = false; }; systemd.services.nix-gc.serviceConfig = { diff --git a/modules/desktop.nix b/modules/desktop.nix index 59b26d2..d0d3314 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -58,7 +58,8 @@ in { fonts = with pkgs; [ fira-code dejavu_fonts - steamPackages.steam-fonts + # Do these no longer exist? + # steamPackages.steam-fonts wqy_microhei ]; fontconfig = { @@ -96,7 +97,7 @@ in { rofi rxvt_unicode-with-plugins unstable.signal-desktop - sshfsFuse + sshfs-fuse trayer vlc wirelesstools @@ -107,7 +108,7 @@ in { xorg.xbacklight xorg.xev xclip - xlibs.libXft + xorg.libXft xscreensaver xsel # used by urxvt clipboard xss-lock diff --git a/modules/login.nix b/modules/login.nix deleted file mode 100644 index d2a6de3..0000000 --- a/modules/login.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.orbekk.login; - aliases = import ../data/aliases.nix; -in -{ - options = { - orbekk.login = { - enable = lib.mkEnableOption "Enable login server"; - loginPort = lib.mkOption { - type = lib.types.int; - default = aliases.services.login.port; - }; - loginDomain = lib.mkOption { - type = lib.types.str; - default = "login.orbekk.com"; - }; - }; - }; - - config = lib.mkIf cfg.enable { - services.keycloak = { - enable = false; - httpPort = "8080"; - bindAddress = "127.0.0.1"; - database.type = "postgresql"; - database.passwordFile = "/opt/secret/keycloak/db_password"; - frontendUrl = "http://localhost/auth"; - }; - - environment.systemPackages = with pkgs; [ - xmlstarlet - libtidy - jq - ]; - - # services.nginx.virtualHosts.${cfg.loginDomain} = { - # enableACME = true; - # forceSSL = true; - # locations."/" = { - # proxyPass = "http://127.0.0.1:${toString cfg.loginPort}"; - # proxyWebsockets = true; - # }; - # }; - }; -} diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 03051a9..e38401b 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -12,7 +12,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud23; + package = pkgs.nextcloud24; hostName = "nextcloud.orbekk.com"; config = { dbtype = "pgsql"; diff --git a/modules/vpn.nix b/modules/vpn.nix index a3df88a..47c269c 100644 --- a/modules/vpn.nix +++ b/modules/vpn.nix @@ -9,13 +9,13 @@ let ips = [ "${vpn-prefix}::${ip}/128" ]; publicKey = (builtins.readFile ../secrets/${host}-wireguard-key.pub); endpoint = null; - relay = false; + router = false; }; hosts = { dragon = mkConfig "dragon" "d" // { endpoint = "dragon.orbekk.com:${toString cfg.listenPort}"; - relay = true; + router = true; }; tiny1 = mkConfig "tiny1" "1001" // { endpoint = "tiny1.orbekk.com:${toString cfg.listenPort}"; @@ -26,7 +26,7 @@ let mkPeer = hostConfig: { inherit (hostConfig) publicKey endpoint; - allowedIPs = hostConfig.ips ++ (lib.optionals (hostConfig.relay && !cfg.is_server) [ "::/0" ]); + allowedIPs = if hostConfig.router && !cfg.is_server then [ "::/0" ] else hostConfig.ips; }; getPeers = host: diff --git a/modules/yubikey.nix b/modules/yubikey.nix index 971ac1f..1e6aa22 100644 --- a/modules/yubikey.nix +++ b/modules/yubikey.nix @@ -6,7 +6,7 @@ let ccid libu2f-host libusb - rng_tools + rng-tools yubikey-manager yubikey-personalization gnupg -- cgit v1.2.3