2022-11-10

3 files changed, 161 insertions, 91 deletions

diff --git a/configurations/manwe/mailserver.nix b/configurations/manwe/mailserver.nix
index 83713f9..966c21c 100644
--- a/configurations/manwe/mailserver.nix
+++ b/configurations/manwe/mailserver.nix
@@ -7,90 +7,90 @@
 with lib; {
   imports = [inputs.simple-nixos-mailserver.nixosModule];
 
-  config = {
-    secrets = {
-      dkim-key-azahi-cc = {
-        file = "${inputs.self}/secrets/dkim-key-azahi-cc";
-        path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
-      dkim-key-rohan-net = {
-        file = "${inputs.self}/secrets/dkim-key-rohan-net";
-        path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
-      dkim-key-gondor-net = {
-        file = "${inputs.self}/secrets/dkim-key-gondor-net";
-        path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
-      dkim-key-shire-me = {
-        file = "${inputs.self}/secrets/dkim-key-shire-me";
-        path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
-        owner = "opendkim";
-        group = "opendkim";
-      };
+  secrets = {
+    dkim-key-azahi-cc = {
+      file = "${inputs.self}/secrets/dkim-key-azahi-cc";
+      path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
+    };
+    dkim-key-rohan-net = {
+      file = "${inputs.self}/secrets/dkim-key-rohan-net";
+      path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
+    };
+    dkim-key-gondor-net = {
+      file = "${inputs.self}/secrets/dkim-key-gondor-net";
+      path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
+    };
+    dkim-key-shire-me = {
+      file = "${inputs.self}/secrets/dkim-key-shire-me";
+      path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
+      owner = "opendkim";
+      group = "opendkim";
     };
+  };
 
-    nixfiles.modules.acme.enable = true;
+  nixfiles.modules.acme.enable = true;
 
-    mailserver = let
-      cert = config.certs.${my.domain.shire};
-    in {
-      enable = true;
+  mailserver = let
+    cert = config.certs.${my.domain.shire};
+  in {
+    enable = true;
 
-      fqdn = config.networking.domain;
-      domains = with my.domain; [azahi gondor rohan shire];
+    fqdn = config.networking.domain;
+    domains = with my.domain; [azahi gondor rohan shire];
 
-      localDnsResolver = false;
+    localDnsResolver = false;
 
-      certificateScheme = 1;
-      certificateFile = "${cert.directory}/fullchain.pem";
-      keyFile = "${cert.directory}/key.pem";
+    certificateScheme = 1;
+    certificateFile = "${cert.directory}/fullchain.pem";
+    keyFile = "${cert.directory}/key.pem";
 
-      lmtpSaveToDetailMailbox = "no";
+    lmtpSaveToDetailMailbox = "no";
 
-      loginAccounts = with my.domain; {
-        "azahi@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          aliases = [
-            "@${azahi}"
-            "@${rohan}"
-            "@${gondor}"
-            "abuse@${shire}"
-            "admin@${shire}"
-            "ceo@${shire}"
-            "postmaster@${shire}"
-          ];
-        };
-        "samwise@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          aliases = ["chad@${shire}"];
-          quota = "1G";
-        };
-        "pippin@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          quota = "1G";
-        };
-        "meriadoc@${shire}" = {
-          hashedPassword = "@HASHED_PASSWORD@";
-          quota = "1G";
-        };
+    loginAccounts = with my.domain; {
+      "azahi@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        aliases = [
+          "@${azahi}"
+          "@${rohan}"
+          "@${gondor}"
+          "abuse@${shire}"
+          "admin@${shire}"
+          "ceo@${shire}"
+          "postmaster@${shire}"
+        ];
+      };
+      "samwise@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        aliases = ["chad@${shire}"];
+        quota = "1G";
+      };
+      "pippin@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        quota = "1G";
+      };
+      "meriadoc@${shire}" = {
+        hashedPassword = "@HASHED_PASSWORD@";
+        quota = "1G";
       };
     };
+  };
 
-    services.fail2ban.jails = {
-      dovecot = ''
-        enabled = true
-        mode = aggressive
-      '';
-      postfix = ''
-        enabled = true
-        mode = aggressive
-      '';
-    };
+  services.fail2ban.jails = {
+    dovecot = ''
+      enabled = true
+      mode = aggressive
+    '';
+    postfix = ''
+      enabled = true
+      mode = aggressive
+    '';
   };
+
+  system.extraDependencies = [inputs.simple-nixos-mailserver];
 }
diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix
index dde3e63..e1ee425 100644
--- a/configurations/manwe/webserver.nix
+++ b/configurations/manwe/webserver.nix
@@ -4,7 +4,7 @@
   ...
 }:
 with lib; {
-  config.nixfiles.modules.nginx.virtualHosts = with my.domain;
+  nixfiles.modules.nginx.virtualHosts = with my.domain;
     {
       ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ";
       "git.${shire}".locations."/".return = "301 https://git.${azahi}";
@@ -20,4 +20,6 @@ with lib; {
       ${gondor}.locations."/".return = concatStrings [frodo gondor];
       ${rohan}.locations."/".return = concatStrings [frodo rohan];
     });
+
+  system.extraDependencies = [inputs.azahi-cc];
 }
diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix
index 3ef0e46..bfdc42e 100644
--- a/configurations/melian/default.nix
+++ b/configurations/melian/default.nix
@@ -1,4 +1,5 @@
 {
+  config,
   lib,
   pkgs,
   ...
@@ -14,6 +15,7 @@ with lib; {
 
     syncthing.enable = true;
 
+    android.enable = true;
     beets.enable = true;
     bluetooth.enable = true;
     libvirtd.enable = true;
@@ -29,6 +31,68 @@ with lib; {
       wlan0.useDHCP = true;
     };
 
+    networkmanager = {
+      enable = true;
+      wifi.backend = "iwd";
+
+      # Spent three days trying to make this work but still getting "No SSO
+      # handler" even on the HEAD version that 100% has SSO support baked in.
+      # It's all so tiresome[1]... aaand KDE is not supported[2].
+      #
+      # I fucking hate AnyConnect, truly an example of how shit is is non-free
+      # software. SAML also sucks balls. I also hate my company for using this
+      # shit, guess I have no other choice but to use the absolute dogshit
+      # Ubuntu laptop they gave me.
+      #
+      # [1]: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect
+      # [1]: https://gitlab.com/openconnect/openconnect/-/issues/424
+      # [2]: https://groups.google.com/g/linux.debian.bugs.dist/c/lK8u-LMY7n4
+      # [2]: https://bugs.kde.org/show_bug.cgi?id=448153
+      #
+      # plugins = with pkgs; [
+      #   ((networkmanager-openconnect.override {
+      #     withGnome = false;
+      #     openconnect = openconnect.overrideAttrs (_: super: {
+      #       version = "unstable-2022-10-23";
+      #       src = fetchFromGitLab {
+      #         owner = "openconnect";
+      #         repo = "openconnect";
+      #         rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae";
+      #         hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM=";
+      #       };
+      #     });
+      #   }).overrideAttrs (_: super: {
+      #     version = "unstable-2022-09-10";
+      #     src = fetchFromGitLab {
+      #       domain = "gitlab.gnome.org";
+      #       owner = "GNOME";
+      #       repo = "NetworkManager-openconnect";
+      #       rev = "3c1590786518e9acca33c250660ad21cae565acd";
+      #       hash = "sha256-YTUN46QHsHkXPAhImPG/MMLMqjlSRknapVO8u43nnWk=";
+      #     };
+      #     buildInputs = super.buildInputs ++ [
+      #       (webkitgtk_4_1.override {
+      #         libsoup = gnome.libsoup;
+      #       })
+      #     ];
+      #     nativeBuildInputs = super.nativeBuildInputs ++ [
+      #       autoreconfHook
+      #     ];
+      #     postPatch = ''
+      #       substituteInPlace configure.ac \
+      #         --replace "PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18)" ""
+      #     '';
+      #     preAutoreconf = ''
+      #       autoupdate
+      #     '';
+      #     preConfigure = ''
+      #       NOCONFIGURE=x ./autogen.sh
+      #       touch gtk4/nm-openconnect-dialog.ui
+      #     '';
+      #   }))
+      # ];
+    };
+
     wireless = {
       enable = false;
       iwd.enable = true;
@@ -59,23 +123,27 @@ with lib; {
     powerUpCommands = "${modprobe} xhci_pci";
   };
 
-  services.thinkfan = {
-    enable = true;
-
-    settings = {
-      sensors = [
-        {
-          hwmon = "/sys/class/hwmon";
-          name = "coretemp";
-          indices = [1];
-        }
-      ];
-      fans = [{tpacpi = "/proc/acpi/ibm/fan";}];
-      levels = [
-        ["level auto" 0 50]
-        ["level disengaged" 50 32767]
-      ];
+  services = {
+    thinkfan = {
+      enable = true;
+
+      settings = {
+        sensors = [
+          {
+            hwmon = "/sys/class/hwmon";
+            name = "coretemp";
+            indices = [1];
+          }
+        ];
+        fans = [{tpacpi = "/proc/acpi/ibm/fan";}];
+        levels = [
+          ["level auto" 0 50]
+          ["level disengaged" 50 32767]
+        ];
+      };
     };
+
+    fwupd.enable = true;
   };
 
   boot = {