From 746af4aea4b0a172a050f6ec775ee22a920dd601 Mon Sep 17 00:00:00 2001 From: Philipp Hochkamp Date: Sun, 3 Jul 2022 03:10:37 +0200 Subject: [PATCH] update --- flake.lock | 131 +++++++---------------- hm-imports/cli.nix | 222 ++++++++++++++++++++------------------- hosts/picard/default.nix | 27 ++++- 3 files changed, 178 insertions(+), 202 deletions(-) diff --git a/flake.lock b/flake.lock index a311f118..70892c34 100644 --- a/flake.lock +++ b/flake.lock @@ -98,11 +98,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1655290946, - "narHash": "sha256-MIumtZzaSSzomOchMTSKAiA/hCfqpaMGj3TX0TwAchE=", + "lastModified": 1656787767, + "narHash": "sha256-uMMSFTMfdTNOFd0VImM+9LT9V8gFygJx2XbjvuqWKrY=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "5a16283b229aa4e7403a35b01ef2cc538c33dc03", + "rev": "bfa98bb7e829b62c915e0652fff75564170e3a22", "type": "github" }, "original": { @@ -127,29 +127,13 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1656065134, + "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", "type": "github" }, "original": { @@ -175,20 +159,17 @@ }, "home-manager": { "inputs": { - "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs" ], - "nmd": "nmd", - "nmt": "nmt", "utils": "utils" }, "locked": { - "lastModified": 1655199284, - "narHash": "sha256-R/g2ZWplGWVOfm2TyB4kR+YcOE/uWkgjkYrl/RYgJ/U=", + "lastModified": 1656367977, + "narHash": "sha256-0hV17V9Up9pnAtPJ+787FhrsPnawxoTPA/VxgjRMrjc=", "owner": "nix-community", "repo": "home-manager", - "rev": "87d30c164849a7471d99749aa4d2d28b81564f69", + "rev": "3bf16c0fd141c28312be52945d1543f9ce557bb1", "type": "github" }, "original": { @@ -243,11 +224,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1655277632, - "narHash": "sha256-8kkFQneMC/mamq/hPqBIvPb4EVnnFvDffPYIai9w3jY=", + "lastModified": 1656735907, + "narHash": "sha256-6tDUHALUyszphRnZFCD7c78eESphfRX2L6FnWCVVNIc=", "owner": "neovim", "repo": "neovim", - "rev": "504d7decbdef55d58e62217a0a54cbee2a0944cc", + "rev": "a9de89894a2ff43dd511b38f20ab2815d6c7e2bd", "type": "github" }, "original": { @@ -259,18 +240,18 @@ }, "neovim-nightly-overlay": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "neovim-flake": "neovim-flake", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1655281072, - "narHash": "sha256-lz4q1WLAXRKeheyQbpGX4g3hFwWN3lw7F/Y4iKGch5c=", + "lastModified": 1656749719, + "narHash": "sha256-r/3k68MkeV1T6lSp2R9ewT+Bj1a6N3ZjUXE4y7fjJLk=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "734cf3649cbb8276301deb8edbddf735a73e0192", + "rev": "25b1177974a2d13c5bf3109f17940ce07c1cd043", "type": "github" }, "original": { @@ -281,11 +262,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1654057797, - "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=", + "lastModified": 1656702262, + "narHash": "sha256-BdVdx6LoGgAeIYrHnzk+AgbtkaVlV3JNcC6+vltLuh0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af", + "rev": "c5308381432cdbf14d5b1128747a2845f5c6871e", "type": "github" }, "original": { @@ -297,11 +278,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1655273078, - "narHash": "sha256-jlcD35mFKn7CQHUgUa0E79QrS5+5A+/Gh3BI2y/PC3U=", + "lastModified": 1656755932, + "narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "29399e5ad1660668b61247c99894fc2fb97b4e74", + "rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152", "type": "github" }, "original": { @@ -311,11 +292,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1655318135, - "narHash": "sha256-kFs/bujjrbLqitmsHIOIarUSo9cHX4HMcfkOly4L0AE=", + "lastModified": 1656815032, + "narHash": "sha256-6w4aLQ4aVzTW7TMEi3t0wx+GUjr8bBiQu5A031LoWqI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "abb346a417c334bb093ac77e907a2920f8e3289d", + "rev": "fff5ad2010544057c8efbcd31278d3a9e828fdc3", "type": "github" }, "original": { @@ -327,11 +308,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1655221618, - "narHash": "sha256-ht8HRFthDKzYt+il+sGgkBwrv+Ex2l8jdGVpsrPfFME=", + "lastModified": 1656753965, + "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6616de389ed55fba6eeba60377fc04732d5a207c", + "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", "type": "github" }, "original": { @@ -341,46 +322,14 @@ "type": "github" } }, - "nmd": { - "flake": false, - "locked": { - "lastModified": 1653339422, - "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=", - "owner": "rycee", - "repo": "nmd", - "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmd", - "type": "gitlab" - } - }, - "nmt": { - "flake": false, - "locked": { - "lastModified": 1648075362, - "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", - "owner": "rycee", - "repo": "nmt", - "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmt", - "type": "gitlab" - } - }, "nnn-vim": { "flake": false, "locked": { - "lastModified": 1641252513, - "narHash": "sha256-ZWvTTioLoA+/HXTghp1EH2PH4A0mLDLtqzPKGsGB+ZY=", + "lastModified": 1656124614, + "narHash": "sha256-Zb9GAqwp2GoO1SpXqaRDm5K62OxG+SwJl9L2uTGnC2I=", "owner": "mcchrish", "repo": "nnn.vim", - "rev": "169951733371abd152d76d1ce65e2dd867156e2d", + "rev": "bc6e2e34d9114c93ce50782949d260b4d4f0e2b6", "type": "github" }, "original": { @@ -483,11 +432,11 @@ }, "utils_3": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1656065134, + "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", "type": "github" }, "original": { @@ -503,11 +452,11 @@ ] }, "locked": { - "lastModified": 1655319100, - "narHash": "sha256-VHbaDVdBcINgROmTIu0XWtwNHs4Hzog7Kqwtpc1q6xM=", + "lastModified": 1656815045, + "narHash": "sha256-tyJN8h++L7WCxElY7vxmJqm80epsfRaKrY6GC5UCE9s=", "owner": "thexyno", "repo": "blog", - "rev": "41be85a2b23f5e68bdf1a6d9c2a1fc052a32ee72", + "rev": "c020d6752f6735721ca0107eb6e183929cd0e861", "type": "github" }, "original": { @@ -519,11 +468,11 @@ "zsh-completions": { "flake": false, "locked": { - "lastModified": 1655214296, - "narHash": "sha256-PdqeudPZfOxByLPi5RVkHQD5vjkulEGhj2zXAy3eorc=", + "lastModified": 1656752981, + "narHash": "sha256-qSobM4PRXjfsvoXY6ENqJGI9NEAaFFzlij6MPeTfT0o=", "owner": "zsh-users", "repo": "zsh-completions", - "rev": "fcf490292e512061343bea10831b674adad12f4a", + "rev": "0331b2908f93556453e45fa5a899aa21e0a7f64d", "type": "github" }, "original": { diff --git a/hm-imports/cli.nix b/hm-imports/cli.nix index 5e166364..fc335aa7 100644 --- a/hm-imports/cli.nix +++ b/hm-imports/cli.nix @@ -1,120 +1,122 @@ { inputs, config, lib, pkgs, ... }: { + + home.stateVersion = "21.05"; home.packages = with pkgs; [ - my.scripts - jq - nnn - bat - htop - exa - curl - fd - file - lorri - fzf - git - neofetch - ripgrep - direnv # needed for lorri - unzip - pv - killall - lefthook - yt-dlp - aria2 - libqalculate + my.scripts + jq + nnn + bat + htop + exa + curl + fd + file + lorri + fzf + git + neofetch + ripgrep + direnv # needed for lorri + unzip + pv + killall + lefthook + yt-dlp + aria2 + libqalculate ]; - home.shellAliases = { - v = "nvim"; - vim = "nvim"; - gpl = "git pull"; - gp = "git push"; - lg = "lazygit"; - gc = "git commit -v"; - kb = "git commit -m \"\$(curl -s http://whatthecommit.com/index.txt)\""; - gs = "git status -v"; - gfc = "git fetch && git checkout"; - gl = "git log --graph"; - l = "exa -la --git"; - la = "exa -la --git"; - ls = "exa"; - ll = "exa -l --git"; - cat = "bat"; + home.shellAliases = { + v = "nvim"; + vim = "nvim"; + gpl = "git pull"; + gp = "git push"; + lg = "lazygit"; + gc = "git commit -v"; + kb = "git commit -m \"\$(curl -s http://whatthecommit.com/index.txt)\""; + gs = "git status -v"; + gfc = "git fetch && git checkout"; + gl = "git log --graph"; + l = "exa -la --git"; + la = "exa -la --git"; + ls = "exa"; + ll = "exa -l --git"; + cat = "bat"; + }; + + programs = { + gpg = { + enable = true; + settings = { + cert-digest-algo = "SHA512"; + charset = "utf-8"; + default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed"; + fixed-list-mode = true; + keyserver = "hkps://keyserver.ubuntu.com:443"; + list-options = [ "show-uid-validity" "show-unusable-subkeys" ]; + no-comments = true; + no-emit-version = true; + no-greeting = true; + no-symkey-cache = true; + personal-cipher-preferences = "AES256 AES192 AES"; + personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed"; + personal-digest-preferences = "SHA512 SHA384 SHA256"; + require-cross-certification = true; + s2k-cipher-algo = "AES256"; + s2k-digest-algo = "SHA512"; + throw-keyids = true; + use-agent = true; + verbose = true; + verify-options = "show-uid-validity"; + with-fingerprint = true; + with-key-origin = true; + }; + }; + bat = { + enable = true; + config.theme = "gruvbox-dark"; + }; + fzf = { + enable = true; + enableZshIntegration = true; + defaultOptions = [ + "--height 40%" + "--layout=reverse" + "--border" + "--inline-info" + ]; + }; + git = { + enable = true; + lfs.enable = true; + + # Default configs + extraConfig = { + commit.gpgSign = true; + + user.name = "Philipp Hochkamp"; + user.email = "git@phochkamp.de"; + user.signingKey = "DA5D9235BD5BD4BD6F4C2EA868066BFF4EA525F1"; + + # Set default "git pull" behaviour so it doesn't try to default to + # either "git fetch; git merge" (default) or "git fetch; git rebase". + pull.ff = "only"; + }; + }; + # Htop configurations + htop = { + enable = true; + settings = { + hide_userland_threads = true; + highlight_base_name = true; + shadow_other_users = true; + show_program_path = false; + tree_view = false; + }; }; - programs = { - gpg = { - enable = true; - settings = { - cert-digest-algo = "SHA512"; - charset = "utf-8"; - default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed"; - fixed-list-mode = true; - keyserver = "hkps://keyserver.ubuntu.com:443"; - list-options = [ "show-uid-validity" "show-unusable-subkeys" ]; - no-comments = true; - no-emit-version = true; - no-greeting = true; - no-symkey-cache = true; - personal-cipher-preferences = "AES256 AES192 AES"; - personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed"; - personal-digest-preferences = "SHA512 SHA384 SHA256"; - require-cross-certification = true; - s2k-cipher-algo = "AES256"; - s2k-digest-algo = "SHA512"; - throw-keyids = true; - use-agent = true; - verbose = true; - verify-options = "show-uid-validity"; - with-fingerprint = true; - with-key-origin = true; - }; - }; - bat = { - enable = true; - config.theme = "gruvbox-dark"; - }; - fzf = { - enable = true; - enableZshIntegration = true; - defaultOptions = [ - "--height 40%" - "--layout=reverse" - "--border" - "--inline-info" - ]; - }; - git = { - enable = true; - lfs.enable = true; - # Default configs - extraConfig = { - commit.gpgSign = true; - - user.name = "Philipp Hochkamp"; - user.email = "git@phochkamp.de"; - user.signingKey = "DA5D9235BD5BD4BD6F4C2EA868066BFF4EA525F1"; - - # Set default "git pull" behaviour so it doesn't try to default to - # either "git fetch; git merge" (default) or "git fetch; git rebase". - pull.ff = "only"; - }; - }; - # Htop configurations - htop = { - enable = true; - settings = { - hide_userland_threads = true; - highlight_base_name = true; - shadow_other_users = true; - show_program_path = false; - tree_view = false; - }; - }; - - - }; + }; } diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index 4c6fe5eb..95704f82 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -52,6 +52,31 @@ locations."/".proxyPass = "http://[::1]${config.services.xynoblog.listen}"; }; + services.nginx.appendHttpConfig = '' + map $remote_addr $ip_anonym1 { + default 0.0.0; + "~(?P(\d+)\.(\d+)\.(\d+))\.\d+" $ip; + "~(?P[^:]+:[^:]+):" $ip; + } + + map $remote_addr $ip_anonym2 { + default .0; + "~(?P(\d+)\.(\d+)\.(\d+))\.\d+" .0; + "~(?P[^:]+:[^:]+):" ::; + } + + map $ip_anonym1$ip_anonym2 $ip_anonymized { + default 0.0.0.0; + "~(?P.*)" $ip; + } + + log_format anonymized '$ip_anonymized - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + + access_log /var/log/nginx/access.log anonymized; + ''; + services.restic.backups."picard" = { passwordFile = config.age.secrets.picardResticPassword.path; extraOptions = [ @@ -97,7 +122,7 @@ gitlab.enable = false; # TODO gitlab-runner synapse.enable = true; tailscale.enable = true; - hedgedoc.enable = true; + hedgedoc.enable = false; ts3.enable = true; nginx.enable = true; nginx.domain = "ragon.xyz";