diff options
author | tzlil <tzlils@protonmail.com> | 2023-08-20 15:30:07 +0300 |
---|---|---|
committer | tzlil <tzlils@protonmail.com> | 2023-08-20 15:30:07 +0300 |
commit | 6197695dfb24f1ae3269359fb9e189b24fdd86a3 (patch) | |
tree | 159fbc9b14a87048b5b820044a62f95030b2edb6 | |
parent | 61a06724bc39e94da259efba3693857bae21949f (diff) |
fix dendrite, disable dhcpv6 dns servers
-rw-r--r-- | flake.lock | 42 | ||||
-rw-r--r-- | hosts/navi/default.nix | 2 | ||||
-rw-r--r-- | hosts/vps/services/git.nix | 7 | ||||
-rw-r--r-- | hosts/vps/services/matrix.nix | 16 | ||||
-rw-r--r-- | profiles/network.nix | 1 |
5 files changed, 39 insertions, 29 deletions
diff --git a/flake.lock b/flake.lock index 4dc22d2..ece33dc 100644 --- a/flake.lock +++ b/flake.lock @@ -49,11 +49,11 @@ ] }, "locked": { - "lastModified": 1690739034, - "narHash": "sha256-roW02IaiQ3gnEEDMCDWL5YyN+C4nBf/te6vfL7rG0jk=", + "lastModified": 1692199161, + "narHash": "sha256-GqKApvQ1JCf5DzH/Q+P4nwuHb6MaQGaWTu41lYzveF4=", "owner": "nix-community", "repo": "disko", - "rev": "4015740375676402a2ee6adebc3c30ea625b9a94", + "rev": "4eed2457b053c4bbad7d90d2b3a1d539c2c9009c", "type": "github" }, "original": { @@ -71,11 +71,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1691056147, - "narHash": "sha256-VK/l/h18Ab9diaJCQUpZaaSDpFD9o7CPzlOw/0WfTdM=", + "lastModified": 1692516032, + "narHash": "sha256-uHb5nfjwqJ1Hu6T4dmKZ26SheiUdHQlW0OEVHurez/8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "24bfc65664c50b81ead652db87f6f58c4eacdde8", + "rev": "833fe10dfceca22fdf9cfd417f634736e5f3b993", "type": "gitlab" }, "original": { @@ -102,11 +102,11 @@ }, "hardware": { "locked": { - "lastModified": 1690957133, - "narHash": "sha256-0Y4CiOIszhHDDXHFmvHUpmhUotKOIn0m3jpMlm6zUTE=", + "lastModified": 1692373088, + "narHash": "sha256-EPgCecdc9I8aTdmDNoO1l7R72r2WPhZRcesV4nzxBj8=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "24f9162b26f0debd163f6d94752aa2acb9db395a", + "rev": "7f1836531b126cfcf584e7d7d71bf8758bb58969", "type": "github" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1691039228, - "narHash": "sha256-iPNZJ1LvfUf1Y456ewC0DXgf99TNssG8OLObOyqxO6M=", + "lastModified": 1692503956, + "narHash": "sha256-MOA6FKc1YgfGP3ESnjSYfsyJ1BXlwV5pGlY/u5XdJfY=", "owner": "nix-community", "repo": "home-manager", - "rev": "86dd48d70a2e2c17e84e747ba4faa92453e68d4a", + "rev": "958c06303f43cf0625694326b7f7e5475b1a2d5c", "type": "github" }, "original": { @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1690687539, - "narHash": "sha256-Lnwz9XKtshm+5OeWqCbj/3tKuKK+DL5tUTdKSRrKBlY=", + "lastModified": 1692503351, + "narHash": "sha256-FdG0wnizM9mAUgi58KP1tXaX4ogVooPDS6VwsGEqZ9s=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "d74b8171153ae35d7d323a9b1ad6c4cf7a995591", + "rev": "4becac130db930e9de8c3fe58bfa245c119b9eeb", "type": "github" }, "original": { @@ -229,11 +229,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1691006197, - "narHash": "sha256-DbtxVWPt+ZP5W0Usg7jAyTomIM//c3Jtfa59Ht7AV8s=", + "lastModified": 1692447944, + "narHash": "sha256-fkJGNjEmTPvqBs215EQU4r9ivecV5Qge5cF/QDLVn3U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "66aedfd010204949cb225cf749be08cb13ce1813", + "rev": "d680ded26da5cf104dd2735a51e88d2d8f487b4d", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "rizin-nixpkgs": { "locked": { - "lastModified": 1691591679, - "narHash": "sha256-8ogXuB804eBXZIxJYPJ9EELzA/8Sp4VUbGfVfwybo/E=", + "lastModified": 1691963731, + "narHash": "sha256-2zgxhN4Z6OPgrq7Ea+BgSc6RXhATclbxO1Gnjw1VIWk=", "owner": "chayleaf", "repo": "nixpkgs", - "rev": "005275fa3703887cd4224b517bf37eb6676faee7", + "rev": "c0f04a3fad5d1e5dc0043c9253428cb67ed5f3a2", "type": "github" }, "original": { diff --git a/hosts/navi/default.nix b/hosts/navi/default.nix index 755d06b..a5ad367 100644 --- a/hosts/navi/default.nix +++ b/hosts/navi/default.nix @@ -54,7 +54,7 @@ dhcpV4Config = { UseDNS = false; }; - ipv6AcceptRAConfig = { + dhcpV6Config = { UseDNS = false; }; }; diff --git a/hosts/vps/services/git.nix b/hosts/vps/services/git.nix index 2b6d0a2..84c4241 100644 --- a/hosts/vps/services/git.nix +++ b/hosts/vps/services/git.nix @@ -3,7 +3,8 @@ config, ... }: { - config = let cgit = pkgs.cgit-pink; + config = let + cgit = pkgs.cgit-pink; in { users.groups.git = {}; users.users.git = { @@ -56,6 +57,8 @@ transport fastcgi { env SCRIPT_FILENAME ${cgit}/cgit/cgit.cgi env CGIT_CONFIG ${pkgs.writeText "cgitrc" (pkgs.lib.generators.toKeyValue {} { + about-filter = "${cgit}/lib/cgit/filters/about-formatting.py"; + source-filter = "${cgit}/lib/cgit/filters/syntax-highlighting.py"; css = "/cgit.css"; logo = "/cgit.png"; favicon = "/favicon.ico"; @@ -69,8 +72,6 @@ root-title = "tzlil.net"; root-desc = "Tzlil's Git Repositories"; scan-path = config.users.users.git.home; - about-filter = "${cgit}/lib/cgit/filters/about-formatting.py"; - source-filter = "${cgit}/lib/cgit/filters/syntax-highlighting.py"; logo-link = "/"; readme = ":README.md"; })} diff --git a/hosts/vps/services/matrix.nix b/hosts/vps/services/matrix.nix index 005040f..af38f58 100644 --- a/hosts/vps/services/matrix.nix +++ b/hosts/vps/services/matrix.nix @@ -102,9 +102,17 @@ ensureDatabases = ["dendrite"]; }; + users.groups.dendrite = {}; + users.users.dendrite = { + isSystemUser = true; + description = "dendrite"; + group = "dendrite"; + }; # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service - # systemd.services.dendrite.serviceConfig.User = "dendrite"; - # systemd.services.dendrite.serviceConfig.Group = "dendrite"; + systemd.services.dendrite.serviceConfig.User = "dendrite"; + systemd.services.dendrite.serviceConfig.Group = "dendrite"; + systemd.services.dendrite.serviceConfig.DynamicUser = lib.mkForce "false"; + environment.persistence."/nix/persist".directories = [ { directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; @@ -114,8 +122,8 @@ { directory = "/var/lib/private/dendrite"; - user = "root"; - group = "root"; + user = "dendrite"; + group = "dendrite"; } ]; diff --git a/profiles/network.nix b/profiles/network.nix index 04f8dc0..1fe645b 100644 --- a/profiles/network.nix +++ b/profiles/network.nix @@ -31,6 +31,7 @@ systemd = { targets.network-online.wantedBy = pkgs.lib.mkForce []; # Normally ["multi-user.target"] services.NetworkManager-wait-online.wantedBy = pkgs.lib.mkForce []; # Normally ["network-online.target"] + services.systemd-networkd-wait-online.wantedBy = pkgs.lib.mkForce []; }; services.dnscrypt-proxy2 = { |