update

2022-07-03 03:10:37 +02:00 · 2022-07-03 03:10:37 +02:00 · 746af4aea4
commit 746af4aea4
parent 87d484016c
3 changed files with 178 additions and 202 deletions
--- a/flake.lock
+++ b/flake.lock
@ -98,11 +98,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1655290946,
-        "narHash": "sha256-MIumtZzaSSzomOchMTSKAiA/hCfqpaMGj3TX0TwAchE=",
+        "lastModified": 1656787767,
+        "narHash": "sha256-uMMSFTMfdTNOFd0VImM+9LT9V8gFygJx2XbjvuqWKrY=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
-        "rev": "5a16283b229aa4e7403a35b01ef2cc538c33dc03",
+        "rev": "bfa98bb7e829b62c915e0652fff75564170e3a22",
        "type": "github"
      },
      "original": {
@ -127,29 +127,13 @@
        "type": "github"
      }
    },
-    "flake-compat_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1650374568,
-        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
    "flake-utils": {
      "locked": {
-        "lastModified": 1653893745,
-        "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+        "lastModified": 1656065134,
+        "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+        "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c",
        "type": "github"
      },
      "original": {
@ -175,20 +159,17 @@
    },
    "home-manager": {
      "inputs": {
-        "flake-compat": "flake-compat",
        "nixpkgs": [
          "nixpkgs"
        ],
-        "nmd": "nmd",
-        "nmt": "nmt",
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1655199284,
-        "narHash": "sha256-R/g2ZWplGWVOfm2TyB4kR+YcOE/uWkgjkYrl/RYgJ/U=",
+        "lastModified": 1656367977,
+        "narHash": "sha256-0hV17V9Up9pnAtPJ+787FhrsPnawxoTPA/VxgjRMrjc=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "87d30c164849a7471d99749aa4d2d28b81564f69",
+        "rev": "3bf16c0fd141c28312be52945d1543f9ce557bb1",
        "type": "github"
      },
      "original": {
@ -243,11 +224,11 @@
      },
      "locked": {
        "dir": "contrib",
-        "lastModified": 1655277632,
-        "narHash": "sha256-8kkFQneMC/mamq/hPqBIvPb4EVnnFvDffPYIai9w3jY=",
+        "lastModified": 1656735907,
+        "narHash": "sha256-6tDUHALUyszphRnZFCD7c78eESphfRX2L6FnWCVVNIc=",
        "owner": "neovim",
        "repo": "neovim",
-        "rev": "504d7decbdef55d58e62217a0a54cbee2a0944cc",
+        "rev": "a9de89894a2ff43dd511b38f20ab2815d6c7e2bd",
        "type": "github"
      },
      "original": {
@ -259,18 +240,18 @@
    },
    "neovim-nightly-overlay": {
      "inputs": {
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat",
        "neovim-flake": "neovim-flake",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1655281072,
-        "narHash": "sha256-lz4q1WLAXRKeheyQbpGX4g3hFwWN3lw7F/Y4iKGch5c=",
+        "lastModified": 1656749719,
+        "narHash": "sha256-r/3k68MkeV1T6lSp2R9ewT+Bj1a6N3ZjUXE4y7fjJLk=",
        "owner": "nix-community",
        "repo": "neovim-nightly-overlay",
-        "rev": "734cf3649cbb8276301deb8edbddf735a73e0192",
+        "rev": "25b1177974a2d13c5bf3109f17940ce07c1cd043",
        "type": "github"
      },
      "original": {
@ -281,11 +262,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1654057797,
-        "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=",
+        "lastModified": 1656702262,
+        "narHash": "sha256-BdVdx6LoGgAeIYrHnzk+AgbtkaVlV3JNcC6+vltLuh0=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af",
+        "rev": "c5308381432cdbf14d5b1128747a2845f5c6871e",
        "type": "github"
      },
      "original": {
@ -297,11 +278,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1655273078,
-        "narHash": "sha256-jlcD35mFKn7CQHUgUa0E79QrS5+5A+/Gh3BI2y/PC3U=",
+        "lastModified": 1656755932,
+        "narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "29399e5ad1660668b61247c99894fc2fb97b4e74",
+        "rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152",
        "type": "github"
      },
      "original": {
@ -311,11 +292,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1655318135,
-        "narHash": "sha256-kFs/bujjrbLqitmsHIOIarUSo9cHX4HMcfkOly4L0AE=",
+        "lastModified": 1656815032,
+        "narHash": "sha256-6w4aLQ4aVzTW7TMEi3t0wx+GUjr8bBiQu5A031LoWqI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "abb346a417c334bb093ac77e907a2920f8e3289d",
+        "rev": "fff5ad2010544057c8efbcd31278d3a9e828fdc3",
        "type": "github"
      },
      "original": {
@ -327,11 +308,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1655221618,
-        "narHash": "sha256-ht8HRFthDKzYt+il+sGgkBwrv+Ex2l8jdGVpsrPfFME=",
+        "lastModified": 1656753965,
+        "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "6616de389ed55fba6eeba60377fc04732d5a207c",
+        "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb",
        "type": "github"
      },
      "original": {
@ -341,46 +322,14 @@
        "type": "github"
      }
    },
-    "nmd": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1653339422,
-        "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=",
-        "owner": "rycee",
-        "repo": "nmd",
-        "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd",
-        "type": "gitlab"
-      },
-      "original": {
-        "owner": "rycee",
-        "repo": "nmd",
-        "type": "gitlab"
-      }
-    },
-    "nmt": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1648075362,
-        "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
-        "owner": "rycee",
-        "repo": "nmt",
-        "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
-        "type": "gitlab"
-      },
-      "original": {
-        "owner": "rycee",
-        "repo": "nmt",
-        "type": "gitlab"
-      }
-    },
    "nnn-vim": {
      "flake": false,
      "locked": {
-        "lastModified": 1641252513,
-        "narHash": "sha256-ZWvTTioLoA+/HXTghp1EH2PH4A0mLDLtqzPKGsGB+ZY=",
+        "lastModified": 1656124614,
+        "narHash": "sha256-Zb9GAqwp2GoO1SpXqaRDm5K62OxG+SwJl9L2uTGnC2I=",
        "owner": "mcchrish",
        "repo": "nnn.vim",
-        "rev": "169951733371abd152d76d1ce65e2dd867156e2d",
+        "rev": "bc6e2e34d9114c93ce50782949d260b4d4f0e2b6",
        "type": "github"
      },
      "original": {
@ -483,11 +432,11 @@
    },
    "utils_3": {
      "locked": {
-        "lastModified": 1653893745,
-        "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+        "lastModified": 1656065134,
+        "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+        "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c",
        "type": "github"
      },
      "original": {
@ -503,11 +452,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1655319100,
-        "narHash": "sha256-VHbaDVdBcINgROmTIu0XWtwNHs4Hzog7Kqwtpc1q6xM=",
+        "lastModified": 1656815045,
+        "narHash": "sha256-tyJN8h++L7WCxElY7vxmJqm80epsfRaKrY6GC5UCE9s=",
        "owner": "thexyno",
        "repo": "blog",
-        "rev": "41be85a2b23f5e68bdf1a6d9c2a1fc052a32ee72",
+        "rev": "c020d6752f6735721ca0107eb6e183929cd0e861",
        "type": "github"
      },
      "original": {
@ -519,11 +468,11 @@
    "zsh-completions": {
      "flake": false,
      "locked": {
-        "lastModified": 1655214296,
-        "narHash": "sha256-PdqeudPZfOxByLPi5RVkHQD5vjkulEGhj2zXAy3eorc=",
+        "lastModified": 1656752981,
+        "narHash": "sha256-qSobM4PRXjfsvoXY6ENqJGI9NEAaFFzlij6MPeTfT0o=",
        "owner": "zsh-users",
        "repo": "zsh-completions",
-        "rev": "fcf490292e512061343bea10831b674adad12f4a",
+        "rev": "0331b2908f93556453e45fa5a899aa21e0a7f64d",
        "type": "github"
      },
      "original": {
--- a/hm-imports/cli.nix
+++ b/hm-imports/cli.nix
@ -1,120 +1,122 @@
 { inputs, config, lib, pkgs, ... }:
 {
+
+  home.stateVersion = "21.05";
  home.packages = with pkgs; [

-      my.scripts
-      jq
-      nnn
-      bat
-      htop
-      exa
-      curl
-      fd
-      file
-      lorri
-      fzf
-      git
-      neofetch
-      ripgrep
-      direnv # needed for lorri
-      unzip
-      pv
-      killall
-      lefthook
-      yt-dlp
-      aria2
-      libqalculate
+    my.scripts
+    jq
+    nnn
+    bat
+    htop
+    exa
+    curl
+    fd
+    file
+    lorri
+    fzf
+    git
+    neofetch
+    ripgrep
+    direnv # needed for lorri
+    unzip
+    pv
+    killall
+    lefthook
+    yt-dlp
+    aria2
+    libqalculate
  ];
-    home.shellAliases = {
-      v = "nvim";
-      vim = "nvim";
-      gpl = "git pull";
-      gp = "git push";
-      lg = "lazygit";
-      gc = "git commit -v";
-      kb = "git commit -m \"\$(curl -s http://whatthecommit.com/index.txt)\"";
-      gs = "git status -v";
-      gfc = "git fetch && git checkout";
-      gl = "git log --graph";
-      l = "exa -la --git";
-      la = "exa -la --git";
-      ls = "exa";
-      ll = "exa -l --git";
-      cat = "bat";
+  home.shellAliases = {
+    v = "nvim";
+    vim = "nvim";
+    gpl = "git pull";
+    gp = "git push";
+    lg = "lazygit";
+    gc = "git commit -v";
+    kb = "git commit -m \"\$(curl -s http://whatthecommit.com/index.txt)\"";
+    gs = "git status -v";
+    gfc = "git fetch && git checkout";
+    gl = "git log --graph";
+    l = "exa -la --git";
+    la = "exa -la --git";
+    ls = "exa";
+    ll = "exa -l --git";
+    cat = "bat";
+  };
+
+  programs = {
+    gpg = {
+      enable = true;
+      settings = {
+        cert-digest-algo = "SHA512";
+        charset = "utf-8";
+        default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
+        fixed-list-mode = true;
+        keyserver = "hkps://keyserver.ubuntu.com:443";
+        list-options = [ "show-uid-validity" "show-unusable-subkeys" ];
+        no-comments = true;
+        no-emit-version = true;
+        no-greeting = true;
+        no-symkey-cache = true;
+        personal-cipher-preferences = "AES256 AES192 AES";
+        personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";
+        personal-digest-preferences = "SHA512 SHA384 SHA256";
+        require-cross-certification = true;
+        s2k-cipher-algo = "AES256";
+        s2k-digest-algo = "SHA512";
+        throw-keyids = true;
+        use-agent = true;
+        verbose = true;
+        verify-options = "show-uid-validity";
+        with-fingerprint = true;
+        with-key-origin = true;
+      };
+    };
+    bat = {
+      enable = true;
+      config.theme = "gruvbox-dark";
+    };
+    fzf = {
+      enable = true;
+      enableZshIntegration = true;
+      defaultOptions = [
+        "--height 40%"
+        "--layout=reverse"
+        "--border"
+        "--inline-info"
+      ];
+    };
+    git = {
+      enable = true;
+      lfs.enable = true;
+
+      # Default configs
+      extraConfig = {
+        commit.gpgSign = true;
+
+        user.name = "Philipp Hochkamp";
+        user.email = "git@phochkamp.de";
+        user.signingKey = "DA5D9235BD5BD4BD6F4C2EA868066BFF4EA525F1";
+
+        # Set default "git pull" behaviour so it doesn't try to default to
+        # either "git fetch; git merge" (default) or "git fetch; git rebase".
+        pull.ff = "only";
+      };
+    };
+    # Htop configurations
+    htop = {
+      enable = true;
+      settings = {
+        hide_userland_threads = true;
+        highlight_base_name = true;
+        shadow_other_users = true;
+        show_program_path = false;
+        tree_view = false;
+      };
    };

-        programs = {
-          gpg = {
-            enable = true;
-            settings = {
-              cert-digest-algo = "SHA512";
-              charset = "utf-8";
-              default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
-              fixed-list-mode = true;
-              keyserver = "hkps://keyserver.ubuntu.com:443";
-              list-options = [ "show-uid-validity" "show-unusable-subkeys" ];
-              no-comments = true;
-              no-emit-version = true;
-              no-greeting = true;
-              no-symkey-cache = true;
-              personal-cipher-preferences = "AES256 AES192 AES";
-              personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";
-              personal-digest-preferences = "SHA512 SHA384 SHA256";
-              require-cross-certification = true;
-              s2k-cipher-algo = "AES256";
-              s2k-digest-algo = "SHA512";
-              throw-keyids = true;
-              use-agent = true;
-              verbose = true;
-              verify-options = "show-uid-validity";
-              with-fingerprint = true;
-              with-key-origin = true;
-            };
-          };
-          bat = {
-            enable = true;
-            config.theme = "gruvbox-dark";
-          };
-          fzf = {
-            enable = true;
-            enableZshIntegration = true;
-            defaultOptions = [
-              "--height 40%"
-              "--layout=reverse"
-              "--border"
-              "--inline-info"
-            ];
-          };
-          git = {
-            enable = true;
-            lfs.enable = true;

-            # Default configs
-            extraConfig = {
-              commit.gpgSign = true;
-
-              user.name = "Philipp Hochkamp";
-              user.email = "git@phochkamp.de";
-              user.signingKey = "DA5D9235BD5BD4BD6F4C2EA868066BFF4EA525F1";
-
-              # Set default "git pull" behaviour so it doesn't try to default to
-              # either "git fetch; git merge" (default) or "git fetch; git rebase".
-              pull.ff = "only";
-            };
-          };
-          # Htop configurations
-          htop = {
-            enable = true;
-            settings = {
-              hide_userland_threads = true;
-              highlight_base_name = true;
-              shadow_other_users = true;
-              show_program_path = false;
-              tree_view = false;
-            };
-          };
-
-
-        };
+  };
 }

--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@ -52,6 +52,31 @@
    locations."/".proxyPass = "http://[::1]${config.services.xynoblog.listen}";
  };

+  services.nginx.appendHttpConfig = ''
+    map $remote_addr $ip_anonym1 {
+     default 0.0.0;
+     "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip;
+     "~(?P<ip>[^:]+:[^:]+):" $ip;
+    }
+
+    map $remote_addr $ip_anonym2 {
+     default .0;
+     "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0;
+     "~(?P<ip>[^:]+:[^:]+):" ::;
+    }
+
+    map $ip_anonym1$ip_anonym2 $ip_anonymized {
+     default 0.0.0.0;
+     "~(?P<ip>.*)" $ip;
+    }
+
+    log_format anonymized '$ip_anonymized - $remote_user [$time_local] '
+       '"$request" $status $body_bytes_sent '
+       '"$http_referer" "$http_user_agent"';
+
+    access_log /var/log/nginx/access.log anonymized;
+  '';
+
  services.restic.backups."picard" = {
    passwordFile = config.age.secrets.picardResticPassword.path;
    extraOptions = [
@ -97,7 +122,7 @@
      gitlab.enable = false; # TODO gitlab-runner
      synapse.enable = true;
      tailscale.enable = true;
-      hedgedoc.enable = true;
+      hedgedoc.enable = false;
      ts3.enable = true;
      nginx.enable = true;
      nginx.domain = "ragon.xyz";