diff --git a/configuration.nix b/configuration.nix index fbb1675..a39b2ae 100644 --- a/configuration.nix +++ b/configuration.nix @@ -41,6 +41,6 @@ }; }; - security.acme.email = "stubbfel@posteo.de"; + security.acme.defaults.email = "stubbfel@posteo.de"; security.acme.acceptTerms = true; } diff --git a/programs/installed.nix b/programs/installed.nix index ca26796..635616a 100644 --- a/programs/installed.nix +++ b/programs/installed.nix @@ -1,8 +1,12 @@ { config, pkgs, ... }: +let + unstable = import { config = { allowUnfree = true; }; }; +in + { environment.systemPackages = with pkgs; [ - wget curl vim nano zsh fzf tmux git exa progress tldr htop docker-compose + wget curl vim nano zsh fzf tmux git exa progress tldr htop unstable.docker-compose ]; imports = diff --git a/services/enabled.nix b/services/enabled.nix index f39d8e5..e4500f2 100644 --- a/services/enabled.nix +++ b/services/enabled.nix @@ -22,5 +22,6 @@ ./mailcow.nix ./unciv.nix ./hydra.nix + ./postgres.nix ]; } diff --git a/services/mailcow.nix b/services/mailcow.nix index ea0a159..2505f1a 100644 --- a/services/mailcow.nix +++ b/services/mailcow.nix @@ -1,5 +1,9 @@ { config, pkgs, ... }: +let + unstable = import { config = { allowUnfree = true; }; }; +in + { services.nginx.virtualHosts."mailcow.stubbe.rocks" = { enableACME = true; @@ -43,7 +47,7 @@ security.acme.certs."v22017115146555724.happysrv.de".postRun = '' pkgs.curl pkgs.gawk pkgs.docker - pkgs.docker-compose + unstable.docker-compose pkgs.which pkgs.coreutils-full pkgs.unixtools.ping diff --git a/services/nextcloud.nix b/services/nextcloud.nix index 03cb183..10cc73d 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -32,6 +32,20 @@ let ${myPhp}/bin/php \ occ "$@" ''; + + daf = pkgs.writeScriptBin "nextcloud-daf" '' + #! ${pkgs.runtimeShell} + cd /var/www/nextcloud-tools/rescue + sudo=exec + if [[ "$USER" != nextcloud ]]; then + sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS' + fi + export NEXTCLOUD_CONFIG_DIR="/var/www/nextcloud/config" + $sudo \ + ${myPhp}/bin/php \ + decrypt-all-files.php "$@" + ''; + in { @@ -165,7 +179,7 @@ in }; }; - environment.systemPackages = [ occ ]; + environment.systemPackages = [ occ daf ]; # Option I: PHP-FPM pool for Nextcloud services.phpfpm.pools.nextcloud = let @@ -195,7 +209,7 @@ in }; services.cron.enable = true; -services.redis.enable = true; +services.redis.servers."".enable = true; systemd.timers.nextcloud-cron = { wantedBy = [ "timers.target" ]; diff --git a/services/nexus.nix b/services/nexus.nix index 614a5c5..52d97d2 100644 --- a/services/nexus.nix +++ b/services/nexus.nix @@ -5,11 +5,11 @@ let lPort = 9081; nexusPkgs = pkgs.nexus.overrideAttrs (oldAttrs: rec { pname = "nexus"; - version = "3.38.0-01"; + version = "3.41.1-01"; sourceRoot = "${pname}-${version}"; src = pkgs.fetchurl { url = "https://sonatype-download.global.ssl.fastly.net/nexus/3/nexus-${version}-unix.tar.gz"; - sha256 = "0vycfzv50nmyhikl97ahcbb28g9ii1yykhcw9vyqrb1kf8nmxvnp"; + sha256 = "1aig93k0kvayk0xlk5mrirqaba899x89xjwwz3kha47lhgc5zm0s"; }; installPhase = '' runHook preInstall diff --git a/services/sshd.nix b/services/sshd.nix index 16bb036..dfd5095 100644 --- a/services/sshd.nix +++ b/services/sshd.nix @@ -3,6 +3,6 @@ { services.openssh.enable = true; services.openssh.passwordAuthentication = false; - services.openssh.challengeResponseAuthentication = false; + services.openssh.kbdInteractiveAuthentication = false; services.openssh.permitRootLogin = "no"; }