summary refs log tree commit diff
diff options
context:
space:
mode:
authortzlil <tzlils@protonmail.com>2023-08-20 15:30:07 +0300
committertzlil <tzlils@protonmail.com>2023-08-20 15:30:07 +0300
commit6197695dfb24f1ae3269359fb9e189b24fdd86a3 (patch)
tree159fbc9b14a87048b5b820044a62f95030b2edb6
parent61a06724bc39e94da259efba3693857bae21949f (diff)
fix dendrite, disable dhcpv6 dns servers
-rw-r--r--flake.lock42
-rw-r--r--hosts/navi/default.nix2
-rw-r--r--hosts/vps/services/git.nix7
-rw-r--r--hosts/vps/services/matrix.nix16
-rw-r--r--profiles/network.nix1
5 files changed, 39 insertions, 29 deletions
diff --git a/flake.lock b/flake.lock
index 4dc22d2..ece33dc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -49,11 +49,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1690739034,
-        "narHash": "sha256-roW02IaiQ3gnEEDMCDWL5YyN+C4nBf/te6vfL7rG0jk=",
+        "lastModified": 1692199161,
+        "narHash": "sha256-GqKApvQ1JCf5DzH/Q+P4nwuHb6MaQGaWTu41lYzveF4=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "4015740375676402a2ee6adebc3c30ea625b9a94",
+        "rev": "4eed2457b053c4bbad7d90d2b3a1d539c2c9009c",
         "type": "github"
       },
       "original": {
@@ -71,11 +71,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1691056147,
-        "narHash": "sha256-VK/l/h18Ab9diaJCQUpZaaSDpFD9o7CPzlOw/0WfTdM=",
+        "lastModified": 1692516032,
+        "narHash": "sha256-uHb5nfjwqJ1Hu6T4dmKZ26SheiUdHQlW0OEVHurez/8=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "24bfc65664c50b81ead652db87f6f58c4eacdde8",
+        "rev": "833fe10dfceca22fdf9cfd417f634736e5f3b993",
         "type": "gitlab"
       },
       "original": {
@@ -102,11 +102,11 @@
     },
     "hardware": {
       "locked": {
-        "lastModified": 1690957133,
-        "narHash": "sha256-0Y4CiOIszhHDDXHFmvHUpmhUotKOIn0m3jpMlm6zUTE=",
+        "lastModified": 1692373088,
+        "narHash": "sha256-EPgCecdc9I8aTdmDNoO1l7R72r2WPhZRcesV4nzxBj8=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "24f9162b26f0debd163f6d94752aa2acb9db395a",
+        "rev": "7f1836531b126cfcf584e7d7d71bf8758bb58969",
         "type": "github"
       },
       "original": {
@@ -143,11 +143,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1691039228,
-        "narHash": "sha256-iPNZJ1LvfUf1Y456ewC0DXgf99TNssG8OLObOyqxO6M=",
+        "lastModified": 1692503956,
+        "narHash": "sha256-MOA6FKc1YgfGP3ESnjSYfsyJ1BXlwV5pGlY/u5XdJfY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "86dd48d70a2e2c17e84e747ba4faa92453e68d4a",
+        "rev": "958c06303f43cf0625694326b7f7e5475b1a2d5c",
         "type": "github"
       },
       "original": {
@@ -178,11 +178,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1690687539,
-        "narHash": "sha256-Lnwz9XKtshm+5OeWqCbj/3tKuKK+DL5tUTdKSRrKBlY=",
+        "lastModified": 1692503351,
+        "narHash": "sha256-FdG0wnizM9mAUgi58KP1tXaX4ogVooPDS6VwsGEqZ9s=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "d74b8171153ae35d7d323a9b1ad6c4cf7a995591",
+        "rev": "4becac130db930e9de8c3fe58bfa245c119b9eeb",
         "type": "github"
       },
       "original": {
@@ -229,11 +229,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1691006197,
-        "narHash": "sha256-DbtxVWPt+ZP5W0Usg7jAyTomIM//c3Jtfa59Ht7AV8s=",
+        "lastModified": 1692447944,
+        "narHash": "sha256-fkJGNjEmTPvqBs215EQU4r9ivecV5Qge5cF/QDLVn3U=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "66aedfd010204949cb225cf749be08cb13ce1813",
+        "rev": "d680ded26da5cf104dd2735a51e88d2d8f487b4d",
         "type": "github"
       },
       "original": {
@@ -245,11 +245,11 @@
     },
     "rizin-nixpkgs": {
       "locked": {
-        "lastModified": 1691591679,
-        "narHash": "sha256-8ogXuB804eBXZIxJYPJ9EELzA/8Sp4VUbGfVfwybo/E=",
+        "lastModified": 1691963731,
+        "narHash": "sha256-2zgxhN4Z6OPgrq7Ea+BgSc6RXhATclbxO1Gnjw1VIWk=",
         "owner": "chayleaf",
         "repo": "nixpkgs",
-        "rev": "005275fa3703887cd4224b517bf37eb6676faee7",
+        "rev": "c0f04a3fad5d1e5dc0043c9253428cb67ed5f3a2",
         "type": "github"
       },
       "original": {
diff --git a/hosts/navi/default.nix b/hosts/navi/default.nix
index 755d06b..a5ad367 100644
--- a/hosts/navi/default.nix
+++ b/hosts/navi/default.nix
@@ -54,7 +54,7 @@
       dhcpV4Config = {
         UseDNS = false;
       };
-      ipv6AcceptRAConfig = {
+      dhcpV6Config = {
         UseDNS = false;
       };
     };
diff --git a/hosts/vps/services/git.nix b/hosts/vps/services/git.nix
index 2b6d0a2..84c4241 100644
--- a/hosts/vps/services/git.nix
+++ b/hosts/vps/services/git.nix
@@ -3,7 +3,8 @@
   config,
   ...
 }: {
-  config = let cgit = pkgs.cgit-pink;
+  config = let
+    cgit = pkgs.cgit-pink;
   in {
     users.groups.git = {};
     users.users.git = {
@@ -56,6 +57,8 @@
              transport fastcgi {
                env SCRIPT_FILENAME ${cgit}/cgit/cgit.cgi
                env CGIT_CONFIG ${pkgs.writeText "cgitrc" (pkgs.lib.generators.toKeyValue {} {
+            about-filter = "${cgit}/lib/cgit/filters/about-formatting.py";
+            source-filter = "${cgit}/lib/cgit/filters/syntax-highlighting.py";
             css = "/cgit.css";
             logo = "/cgit.png";
             favicon = "/favicon.ico";
@@ -69,8 +72,6 @@
             root-title = "tzlil.net";
             root-desc = "Tzlil's Git Repositories";
             scan-path = config.users.users.git.home;
-            about-filter = "${cgit}/lib/cgit/filters/about-formatting.py";
-            source-filter = "${cgit}/lib/cgit/filters/syntax-highlighting.py";
             logo-link = "/";
             readme = ":README.md";
           })}
diff --git a/hosts/vps/services/matrix.nix b/hosts/vps/services/matrix.nix
index 005040f..af38f58 100644
--- a/hosts/vps/services/matrix.nix
+++ b/hosts/vps/services/matrix.nix
@@ -102,9 +102,17 @@
       ensureDatabases = ["dendrite"];
     };
 
+    users.groups.dendrite = {};
+    users.users.dendrite = {
+      isSystemUser = true;
+      description = "dendrite";
+      group = "dendrite";
+    };
     # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service
-    # systemd.services.dendrite.serviceConfig.User = "dendrite";
-    # systemd.services.dendrite.serviceConfig.Group = "dendrite";
+    systemd.services.dendrite.serviceConfig.User = "dendrite";
+    systemd.services.dendrite.serviceConfig.Group = "dendrite";
+    systemd.services.dendrite.serviceConfig.DynamicUser = lib.mkForce "false";
+
     environment.persistence."/nix/persist".directories = [
       {
         directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
@@ -114,8 +122,8 @@
 
       {
         directory = "/var/lib/private/dendrite";
-        user = "root";
-        group = "root";
+        user = "dendrite";
+        group = "dendrite";
       }
     ];
 
diff --git a/profiles/network.nix b/profiles/network.nix
index 04f8dc0..1fe645b 100644
--- a/profiles/network.nix
+++ b/profiles/network.nix
@@ -31,6 +31,7 @@
     systemd = {
       targets.network-online.wantedBy = pkgs.lib.mkForce []; # Normally ["multi-user.target"]
       services.NetworkManager-wait-online.wantedBy = pkgs.lib.mkForce []; # Normally ["network-online.target"]
+      services.systemd-networkd-wait-online.wantedBy = pkgs.lib.mkForce [];
     };
 
     services.dnscrypt-proxy2 = {