diff --git a/flake.lock b/flake.lock index edfe1e8..fc02edb 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -57,15 +57,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "lastModified": 1737234286, + "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", + "rev": "079528098f5998ba13c88821a2eca1005c1695de", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" } }, "lix-module": { @@ -78,15 +78,15 @@ ] }, "locked": { - "lastModified": 1729360442, - "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", - "rev": "9098ac95768f7006d7e070b88bae76939f6034e6", + "lastModified": 1742943028, + "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", + "rev": "868d97695bab9d21f6070b03957bcace249fbe3c", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz?rev=868d97695bab9d21f6070b03957bcace249fbe3c" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz" } }, "niri": { @@ -103,11 +103,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1743791363, - "narHash": "sha256-hGETu0Ilugf0f7S5fFETUP+sS0ATrKcm+7YHs7GBwx4=", + "lastModified": 1743943715, + "narHash": "sha256-9xCTf79Naq7mxvqtjgbcU9ZlNwubAep0qlwrL3GqZQQ=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "f160e322673614c928e1187c268add9ef038a513", + "rev": "f53eac2ea3c72dd4e9739228660f661eb27359d0", "type": "github" }, "original": { @@ -136,11 +136,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1743774669, - "narHash": "sha256-xrg3m1RP7mvBi0sLPJjnn9UiCqN+NKqU94DZJMoaXZU=", + "lastModified": 1743923080, + "narHash": "sha256-Hb3t6FoJycnqIZmu3c6K1bJGndBsrDw8IQtM2ieLbzU=", "owner": "YaLTeR", "repo": "niri", - "rev": "e8da89a430f4af0accfe80efe286b2cffd20a4aa", + "rev": "430b155929a60644ea223012ee0c1389fc5e3755", "type": "github" }, "original": { @@ -151,11 +151,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743703532, - "narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=", + "lastModified": 1743813633, + "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bdb91860de2f719b57eef819b5617762f7120c70", + "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", "type": "github" }, "original": { @@ -170,7 +170,8 @@ "home-manager": "home-manager", "lix-module": "lix-module", "niri": "niri", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "zerforschen-plus": "zerforschen-plus" } }, "systems": { @@ -220,6 +221,26 @@ "repo": "xwayland-satellite", "type": "github" } + }, + "zerforschen-plus": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744047745, + "narHash": "sha256-hde60MbFtTb4IR6D2fMkyYZmN/fXGk7/Jc7DK/6LTTk=", + "ref": "refs/heads/main", + "rev": "f739fdfd3b6184cb489910492ff3bc99d319f64d", + "revCount": 6, + "type": "git", + "url": "https://git.berlin.ccc.de/vinzenz/zerforschen.plus" + }, + "original": { + "type": "git", + "url": "https://git.berlin.ccc.de/vinzenz/zerforschen.plus" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 703576d..8091440 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,6 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; - # nixos-hardware.url = "github:NixOS/nixos-hardware/master"; home-manager = { url = "github:nix-community/home-manager/release-24.11"; @@ -9,7 +8,7 @@ }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -18,15 +17,21 @@ inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs-stable.follows = "nixpkgs"; }; + + zerforschen-plus = { + url = "git+https://git.berlin.ccc.de/vinzenz/zerforschen.plus"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = - { + inputs@{ self, nixpkgs, home-manager, lix-module, niri, + zerforschen-plus, }: let devices = { @@ -46,6 +51,9 @@ device: system: nixpkgs.lib.nixosSystem { inherit system; + specialArgs = { + inherit inputs; + }; modules = [ lix-module.nixosModules.default diff --git a/hosts/vinzenz-lpt2/configuration.nix b/hosts/vinzenz-lpt2/configuration.nix index 5ec706e..773d0c5 100644 --- a/hosts/vinzenz-lpt2/configuration.nix +++ b/hosts/vinzenz-lpt2/configuration.nix @@ -1,6 +1,6 @@ { ... }: { - imports = [ ./nginx.nix ]; + imports = [ ./zerforschen-plus.nix ]; config = { networking.networkmanager.enable = true; @@ -37,5 +37,7 @@ }; }; }; + + networking.firewall.allowedTCPPorts = [ 8776 ]; }; } diff --git a/hosts/vinzenz-lpt2/zerforschen-plus.nix b/hosts/vinzenz-lpt2/zerforschen-plus.nix new file mode 100644 index 0000000..af3ea3c --- /dev/null +++ b/hosts/vinzenz-lpt2/zerforschen-plus.nix @@ -0,0 +1,40 @@ +{ + pkgs, + system, + inputs, + ... +}: +{ + security.acme = { + acceptTerms = true; + defaults.email = "acme@zerforschen.plus"; + }; + + security.pam.services.nginx.setEnvironment = false; + systemd.services.nginx.serviceConfig = { + SupplementaryGroups = [ "shadow" ]; + }; + + services.nginx = { + enable = true; + additionalModules = [ pkgs.nginxModules.pam ]; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts = { + "zerforschen.plus" = { + #addSSL = true; + #enableACME = true; + root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content; + }; + }; + }; + + #networking.firewall.allowedTCPPorts = [ + # 80 + # 443 + #]; +}