summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/common/common/nix/default.nix7
-rw-r--r--modules/darwin/common/nix.nix2
-rw-r--r--modules/nixos/common/security.nix2
-rw-r--r--modules/nixos/common/xdg.nix5
-rw-r--r--modules/nixos/matrix/dendrite.nix14
-rw-r--r--modules/nixos/matrix/synapse.nix14
-rw-r--r--modules/nixos/nsd.nix58
-rw-r--r--modules/nixos/sound.nix4
8 files changed, 75 insertions, 31 deletions
diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix
index 723a2b8..0c49034 100644
--- a/modules/common/common/nix/default.nix
+++ b/modules/common/common/nix/default.nix
@@ -4,7 +4,7 @@
lib,
localUsername ? lib.my.username,
pkgs,
- pkgsPR,
+ pkgsPr,
this,
...
}:
@@ -25,7 +25,7 @@ with lib; {
repo = "nixpkgs";
inherit rev hash;
});
- pkgsPR = pr: pkgsRev "refs/pull/${toString pr}/head";
+ pkgsPr = pr: pkgsRev "refs/pull/${toString pr}/head";
};
nix = let
@@ -38,6 +38,7 @@ with lib; {
"flakes"
"nix-command"
"recursive-nix"
+ "repl-flake"
];
keep-derivations =
if this.isHeadful
@@ -115,7 +116,7 @@ with lib; {
]);
});
- inherit (pkgsPR "228852" "sha256-NKZySJ3IVMMeSmpc1zYwse52kxGg0dIrsHTMcO8a73Y=") soju;
+ inherit (pkgsPr "228852" "sha256-NKZySJ3IVMMeSmpc1zYwse52kxGg0dIrsHTMcO8a73Y=") soju;
}
// (with super; let
np = nodePackages;
diff --git a/modules/darwin/common/nix.nix b/modules/darwin/common/nix.nix
index 2b39e7d..b291d11 100644
--- a/modules/darwin/common/nix.nix
+++ b/modules/darwin/common/nix.nix
@@ -23,7 +23,7 @@ with lib; {
repo = "nixpkgs";
inherit rev hash;
});
- pkgsPRx86 = pr: pkgsRevx86 "refs/pull/${toString pr}/head";
+ pkgsPrx86 = pr: pkgsRevx86 "refs/pull/${toString pr}/head";
};
nix = {
diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix
index 7a3d3b3..2272e12 100644
--- a/modules/nixos/common/security.nix
+++ b/modules/nixos/common/security.nix
@@ -25,5 +25,7 @@ with lib; {
});
'';
};
+
+ rtkit.enable = true;
};
}
diff --git a/modules/nixos/common/xdg.nix b/modules/nixos/common/xdg.nix
index 8ddf1ac..d74bf82 100644
--- a/modules/nixos/common/xdg.nix
+++ b/modules/nixos/common/xdg.nix
@@ -15,6 +15,11 @@ with lib; {
(mkAliasOptionModule ["userDirs"] (withBase "userDirs"))
];
+ xdg.portal = mkIf this.isHeadful {
+ enable = true;
+ xdgOpenUsePortal = true;
+ };
+
hm.xdg = mkMerge [
{
enable = true;
diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix
index bd19f8b..d9c4914 100644
--- a/modules/nixos/matrix/dendrite.nix
+++ b/modules/nixos/matrix/dendrite.nix
@@ -52,20 +52,18 @@ in {
extraConfig = ''
add_header Content-Type application/json;
'';
- return = "200 '${
- generators.toJSON {} {"m.server" = "${cfg.domain}:443";}
- }'";
+ return = "200 '${generators.toJSON {} {
+ "m.server" = "${cfg.domain}:443";
+ }}'";
};
"= /.well-known/matrix/client" = {
extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
'';
- return = "200 '${
- generators.toJSON {} {
- "m.homeserver".base_url = "https://${cfg.domain}";
- }
- }'";
+ return = "200 '${generators.toJSON {} {
+ "m.homeserver".base_url = "https://${cfg.domain}";
+ }}'";
};
};
};
diff --git a/modules/nixos/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix
index a74ebb4..40595a0 100644
--- a/modules/nixos/matrix/synapse.nix
+++ b/modules/nixos/matrix/synapse.nix
@@ -33,20 +33,18 @@ in {
extraConfig = ''
add_header Content-Type application/json;
'';
- return = "200 '${
- generators.toJSON {} {"m.server" = "${cfg.domain}:443";}
- }'";
+ return = "200 '${generators.toJSON {} {
+ "m.server" = "${cfg.domain}:443";
+ }}'";
};
"= /.well-known/matrix/client" = {
extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
'';
- return = "200 '${
- generators.toJSON {} {
- "m.homeserver".base_url = "https://${cfg.domain}";
- }
- }'";
+ return = "200 '${generators.toJSON {} {
+ "m.homeserver".base_url = "https://${cfg.domain}";
+ }}'";
};
};
};
diff --git a/modules/nixos/nsd.nix b/modules/nixos/nsd.nix
index 255c787..f8d9e4b 100644
--- a/modules/nixos/nsd.nix
+++ b/modules/nixos/nsd.nix
@@ -19,6 +19,27 @@ in {
};
config = mkIf cfg.enable {
+ nixfiles.modules.nginx = let
+ domain = my.domain.shire;
+ in {
+ enable = true;
+ virtualHosts = mapAttrs' (_: v:
+ nameValuePair "mta-sts.${v}" {
+ locations."= /.well-known/mta-sts.txt" = {
+ extraConfig = ''
+ add_header default_type text/plain;
+ '';
+ return = "200 '${concatStringsSep "\\r\\n" [
+ "version: STSv1"
+ "mode: enforce"
+ "max_age: 2419200"
+ "mx: ${domain}"
+ ]}'";
+ };
+ })
+ my.domain;
+ };
+
services = {
nsd = {
enable = true;
@@ -40,8 +61,8 @@ in {
domain ? my.domain.shire,
dkimKey ? null,
}: {
- MX = [(mx.mx 10 "${domain}.")];
- TXT = [(spf.strict ["a" "mx"])];
+ MX = [(mx.mx 10 "${my.domain.shire}.")];
+ TXT = [(spf.soft ["a"])];
DMARC = [
{
p = "quarantine";
@@ -54,6 +75,7 @@ in {
selector = "mail";
p = dkimKey;
};
+ subdomains._mta-sts.TXT = ["v=STSv1; id=20230506134541Z"];
};
mkZone = {
@@ -88,10 +110,11 @@ in {
ariadneIdProof.TXT = ["openpgp4fpr:${my.pgp.fingerprint}"];
in
mkMerge [
- (mkZone {
+ (mkZone rec {
domain = my.domain.shire;
extra = mkMerge [
(mkEmailEntries {
+ inherit domain;
dkimKey = "@DKIM_KEY@";
})
{
@@ -103,6 +126,8 @@ in {
yavanna = ips "yavanna";
"*.yavanna" = yavanna;
+ mta-sts = manwe;
+
ns1 = manwe;
# ns2 = varda;
@@ -124,37 +149,52 @@ in {
}
];
})
- (mkZone {
+ (mkZone rec {
domain = my.domain.azahi;
extra = mkMerge [
(mkEmailEntries {
+ inherit domain;
dkimKey = "@DKIM_KEY@";
})
ariadneIdProof
{
- subdomains.git = ips "manwe";
+ subdomains = {
+ mta-sts = ips "manwe";
+
+ git = ips "manwe";
+ };
}
];
})
- (mkZone {
+ (mkZone rec {
domain = my.domain.gondor;
extra = mkMerge [
(mkEmailEntries {
+ inherit domain;
dkimKey = "@DKIM_KEY@";
})
{
- subdomains.frodo = ips "manwe" // ariadneIdProof;
+ subdomains = {
+ mta-sts = ips "manwe";
+
+ frodo = ips "manwe" // ariadneIdProof;
+ };
}
];
})
- (mkZone {
+ (mkZone rec {
domain = my.domain.rohan;
extra = mkMerge [
(mkEmailEntries {
+ inherit domain;
dkimKey = "@DKIM_KEY@";
})
{
- subdomains.frodo = ips "manwe" // ariadneIdProof;
+ subdomains = {
+ mta-sts = ips "manwe";
+
+ frodo = ips "manwe" // ariadneIdProof;
+ };
}
];
})
diff --git a/modules/nixos/sound.nix b/modules/nixos/sound.nix
index ae35e44..073d59c 100644
--- a/modules/nixos/sound.nix
+++ b/modules/nixos/sound.nix
@@ -13,8 +13,8 @@ in {
services.pipewire = {
enable = true;
- alsa.enable = false;
- jack.enable = false;
+ alsa.enable = true;
+ jack.enable = true;
pulse.enable = true;
};
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 04:41:16 +0000