diff --git a/flake.lock b/flake.lock
index 24a59fd..ae66c91 100644
--- a/flake.lock
+++ b/flake.lock
@@ -27,16 +27,17 @@
"inputs": {
"crane": "crane_3",
"flake-compat": "flake-compat_3",
- "flake-utils": "flake-utils_4",
+ "flake-parts": "flake-parts",
+ "nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
- "lastModified": 1711742460,
- "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
+ "lastModified": 1731270564,
+ "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=",
"owner": "zhaofengli",
"repo": "attic",
- "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
+ "rev": "47752427561f1c34debb16728a210d378f0ece36",
"type": "github"
},
"original": {
@@ -78,11 +79,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
- "lastModified": 1728653546,
- "narHash": "sha256-1lrQEr0mNEs8L2GAm+2tOwLCdHVOuYEGOgoN6O409Dw=",
+ "lastModified": 1730678249,
+ "narHash": "sha256-Xn1BnCbwbRFhqcFJ4GvSmB+H509fiHFhTJcpi4G+2oo=",
"owner": "famedly",
"repo": "conduit",
- "rev": "12ada1c86abee99dbe333c88a68f0ceb65ba6fc8",
+ "rev": "e952522a39883e4431e74c42cef3d9bc562752f8",
"type": "gitlab"
},
"original": {
@@ -145,11 +146,11 @@
]
},
"locked": {
- "lastModified": 1702918879,
- "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
+ "lastModified": 1722960479,
+ "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov",
"repo": "crane",
- "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
+ "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
@@ -159,18 +160,12 @@
}
},
"crane_4": {
- "inputs": {
- "nixpkgs": [
- "grapevine",
- "nixpkgs"
- ]
- },
"locked": {
- "lastModified": 1716569590,
- "narHash": "sha256-5eDbq8TuXFGGO3mqJFzhUbt5zHVTf5zilQoyW5jnJwo=",
+ "lastModified": 1731098351,
+ "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
- "rev": "109987da061a1bf452f435f1653c47511587d919",
+ "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
@@ -183,11 +178,11 @@
"draupnirSrc": {
"flake": false,
"locked": {
- "lastModified": 1729943224,
- "narHash": "sha256-d9K0fSQTfdRNhfrAx7MuOR0yDGC9m+kRfygwijrScZs=",
+ "lastModified": 1732902980,
+ "narHash": "sha256-2OaOOnVx/EiBp3FnpTzmUikYsV+I1oJYeDNOT+oV1BE=",
"owner": "the-draupnir-project",
"repo": "Draupnir",
- "rev": "c2786e2c4817818f5e84255f5e3a362f7b3bea77",
+ "rev": "402c39c708d48ed4c204eca1090729aca32e8ee7",
"type": "github"
},
"original": {
@@ -228,11 +223,11 @@
"rust-analyzer-src": "rust-analyzer-src_2"
},
"locked": {
- "lastModified": 1716359173,
- "narHash": "sha256-pYcjP6Gy7i6jPWrjiWAVV0BCQp+DdmGaI/k65lBb/kM=",
+ "lastModified": 1731738660,
+ "narHash": "sha256-tIXhc9lX1b030v812yVJanSR37OnpTb/OY5rU3TbShA=",
"owner": "nix-community",
"repo": "fenix",
- "rev": "b6fc5035b28e36a98370d0eac44f4ef3fd323df6",
+ "rev": "e10ba121773f754a30d31b6163919a3e404a434f",
"type": "github"
},
"original": {
@@ -277,11 +272,11 @@
"flake-compat_3": {
"flake": false,
"locked": {
- "lastModified": 1673956053,
- "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
- "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@@ -323,6 +318,28 @@
"type": "github"
}
},
+ "flake-parts": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "grapevine",
+ "attic",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1722555600,
+ "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
"flake-utils": {
"locked": {
"lastModified": 1667395993,
@@ -361,11 +378,11 @@
"systems": "systems_2"
},
"locked": {
- "lastModified": 1726560853,
- "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -375,30 +392,15 @@
}
},
"flake-utils_4": {
- "locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_5": {
"inputs": {
"systems": "systems_3"
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -408,7 +410,7 @@
"type": "github"
}
},
- "flake-utils_6": {
+ "flake-utils_5": {
"inputs": {
"systems": "systems_4"
},
@@ -432,18 +434,19 @@
"crane": "crane_4",
"fenix": "fenix_2",
"flake-compat": "flake-compat_4",
- "flake-utils": "flake-utils_5",
+ "flake-utils": "flake-utils_4",
"nix-filter": "nix-filter_2",
"nixpkgs": "nixpkgs_4",
+ "rocksdb": "rocksdb",
"rust-manifest": "rust-manifest"
},
"locked": {
"host": "gitlab.computer.surgery",
- "lastModified": 1730496352,
- "narHash": "sha256-u//x8skrHIkVW8VnOmFTbwocTR+Cye5L4c7fqv325UE=",
+ "lastModified": 1732905593,
+ "narHash": "sha256-mcW64goCqTVFnBOWRZzLsx8uYrPmyrbwQr0WAQeSfRg=",
"owner": "matrix",
"repo": "grapevine-fork",
- "rev": "d42a5ec1f0e40d79f0569363cad487e3960287d1",
+ "rev": "2f8e0e3e52620bf36756989f2d71d03b75fe8f50",
"type": "gitlab"
},
"original": {
@@ -458,11 +461,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
- "lastModified": 1730490306,
- "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=",
+ "lastModified": 1732884235,
+ "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "1743615b61c7285976f85b303a36cdf88a556503",
+ "rev": "819f682269f4e002884702b87e445c82840c68f2",
"type": "github"
},
"original": {
@@ -492,11 +495,11 @@
"nhekoSrc": {
"flake": false,
"locked": {
- "lastModified": 1730250607,
- "narHash": "sha256-BcQ7XxmtxTo2fdgVcSLhGluRaVFF9l+nK8Ai3kI8zmU=",
+ "lastModified": 1732928703,
+ "narHash": "sha256-zPXR7HrWs1x1+7fz43uqTGmueT33JJ84sOICpHHqxek=",
"owner": "Nheko-reborn",
"repo": "nheko",
- "rev": "1a00d913167fb9f10b5ff15204c189cb4cfb82d1",
+ "rev": "2ded62f77d23a14f86802270204bce372892cff0",
"type": "github"
},
"original": {
@@ -523,11 +526,11 @@
},
"nix-filter_2": {
"locked": {
- "lastModified": 1710156097,
- "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
+ "lastModified": 1731533336,
+ "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
"owner": "numtide",
"repo": "nix-filter",
- "rev": "3342559a24e85fc164b295c3444e8a139924675b",
+ "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
"type": "github"
},
"original": {
@@ -537,18 +540,40 @@
"type": "github"
}
},
+ "nix-github-actions": {
+ "inputs": {
+ "nixpkgs": [
+ "grapevine",
+ "attic",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1729742964,
+ "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+ "owner": "nix-community",
+ "repo": "nix-github-actions",
+ "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "nix-github-actions",
+ "type": "github"
+ }
+ },
"nixos-wsl": {
"inputs": {
"flake-compat": "flake-compat_5",
- "flake-utils": "flake-utils_6",
+ "flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_6"
},
"locked": {
- "lastModified": 1730453870,
- "narHash": "sha256-d+kIgz4BvTXb7emjSFV3zjNydGmLUmuluQjdBb51R9o=",
+ "lastModified": 1731682434,
+ "narHash": "sha256-HnZFPB7akVIy0KuPq/tEkiB+Brt1qi0DUIDzR8z25qI=",
"owner": "nix-community",
"repo": "NixOS-WSL",
- "rev": "adb6bc4b661a43328752b4575be4968a4990c033",
+ "rev": "a6b9cf0b7805e2c50829020a73e7bde683fd36dd",
"type": "github"
},
"original": {
@@ -623,11 +648,11 @@
},
"nixpkgs-master": {
"locked": {
- "lastModified": 1730600844,
- "narHash": "sha256-+Cg5lsY+nOGBdNOxxEVWpoykimE0j1IioFG90OPs9A8=",
+ "lastModified": 1732989265,
+ "narHash": "sha256-uJH9OjABOf4k4Nt6tqQlBVUPGdDakN01L4qNq7lTed4=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "ff7219bf791835caa59ca34b6d897c58c21f6754",
+ "rev": "9b3a550e96b95e03585b8dd15e38eb324fedbe8b",
"type": "github"
},
"original": {
@@ -655,32 +680,16 @@
},
"nixpkgs-stable_2": {
"locked": {
- "lastModified": 1711460390,
- "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
+ "lastModified": 1724316499,
+ "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
+ "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-23.11",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs-stable_3": {
- "locked": {
- "lastModified": 1729973466,
- "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "release-24.05",
+ "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
@@ -703,11 +712,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1711401922,
- "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
+ "lastModified": 1726042813,
+ "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "07262b18b97000d16a4bdb003418bd2fb067a932",
+ "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"type": "github"
},
"original": {
@@ -719,11 +728,11 @@
},
"nixpkgs_4": {
"locked": {
- "lastModified": 1716330097,
- "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
+ "lastModified": 1731676054,
+ "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
+ "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"type": "github"
},
"original": {
@@ -735,11 +744,11 @@
},
"nixpkgs_5": {
"locked": {
- "lastModified": 1729880355,
- "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=",
+ "lastModified": 1732521221,
+ "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "18536bf04cd71abd345f9579158841376fdd0c5a",
+ "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
"type": "github"
},
"original": {
@@ -767,11 +776,11 @@
},
"nixpkgs_7": {
"locked": {
- "lastModified": 1730200266,
- "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
+ "lastModified": 1732758367,
+ "narHash": "sha256-RzaI1RO0UXqLjydtz3GAXSTzHkpb/lLD1JD8a0W4Wpo=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
+ "rev": "fa42b5a5f401aab8a32bd33c9a4de0738180dc59",
"type": "github"
},
"original": {
@@ -783,11 +792,11 @@
},
"nixpkgs_8": {
"locked": {
- "lastModified": 1729951556,
- "narHash": "sha256-bpb6r3GjzhNW8l+mWtRtLNg5PhJIae041sPyqcFNGb4=",
+ "lastModified": 1731763621,
+ "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "4e0eec54db79d4d0909f45a88037210ff8eaffee",
+ "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
"type": "github"
},
"original": {
@@ -797,6 +806,23 @@
"type": "github"
}
},
+ "rocksdb": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1730475155,
+ "narHash": "sha256-u5uuShM2SxHc9/zL4UU56IhCcR/ZQbzde0LgOYS44bM=",
+ "owner": "facebook",
+ "repo": "rocksdb",
+ "rev": "3c27a3dde0993210c5cc30d99717093f7537916f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "facebook",
+ "ref": "v9.7.4",
+ "repo": "rocksdb",
+ "type": "github"
+ }
+ },
"root": {
"inputs": {
"botcore-v4": "botcore-v4",
@@ -836,11 +862,11 @@
"rust-analyzer-src_2": {
"flake": false,
"locked": {
- "lastModified": 1716107283,
- "narHash": "sha256-NJgrwLiLGHDrCia5AeIvZUHUY7xYGVryee0/9D3Ir1I=",
+ "lastModified": 1731693936,
+ "narHash": "sha256-uHUUS1WPyW6ohp5Bt3dAZczUlQ22vOn7YZF8vaPKIEw=",
"owner": "rust-lang",
"repo": "rust-analyzer",
- "rev": "21ec8f523812b88418b2bfc64240c62b3dd967bd",
+ "rev": "1b90e979aeee8d1db7fe14603a00834052505497",
"type": "github"
},
"original": {
@@ -864,15 +890,14 @@
},
"sops-nix": {
"inputs": {
- "nixpkgs": "nixpkgs_8",
- "nixpkgs-stable": "nixpkgs-stable_3"
+ "nixpkgs": "nixpkgs_8"
},
"locked": {
- "lastModified": 1729999681,
- "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
+ "lastModified": 1732575825,
+ "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
+ "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 1940892..d670894 100755
--- a/flake.nix
+++ b/flake.nix
@@ -9,6 +9,7 @@
inputs = {
# Different nixpkgs versions
nixpkgs = {
+ #url = "github:NixOS/nixpkgs?rev=18536bf04cd71abd345f9579158841376fdd0c5a";
url = "github:NixOS/nixpkgs/nixos-unstable";
};
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix
index f0fb7a7..465936c 100644
--- a/host/Rory-desktop/configuration.nix
+++ b/host/Rory-desktop/configuration.nix
@@ -25,7 +25,7 @@ args@{
./optional/gui/wayland.nix
./printing.nix
- #./ollama.nix
+ ./ollama.nix
];
boot = {
@@ -152,7 +152,8 @@ args@{
gimp
# - Languages
- dotnet-sdk_8
+ #dotnet-sdk_8
+ dotnetCorePackages.sdk_9_0
#games
osu-lazer-bin
@@ -196,6 +197,7 @@ args@{
p11-kit
opensc
eid-mw
+ jitsi-meet-electron
];
environment.etc."pkcs11/modules/opensc-pkcs11".text = ''
module: ${pkgs.opensc}/lib/opensc-pkcs11.so
@@ -228,7 +230,8 @@ args@{
};
fonts = {
packages = with pkgs; [
- (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+ #(nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+ nerd-fonts.jetbrains-mono
noto-fonts-monochrome-emoji
];
fontconfig.defaultFonts.monospace = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
@@ -245,6 +248,8 @@ args@{
permittedInsecurePackages = [
"electron-25.9.0"
"olm-3.2.16"
+ "dotnet-sdk-wrapped-7.0.410"
+ "dotnet-sdk-7.0.410"
];
};
};
diff --git a/host/Rory-desktop/ollama.nix b/host/Rory-desktop/ollama.nix
index 0670617..94ec8cc 100755
--- a/host/Rory-desktop/ollama.nix
+++ b/host/Rory-desktop/ollama.nix
@@ -21,7 +21,7 @@
#];
services.ollama = {
- enable = false;
+ enable = true;
home = "/data/ollama/home";
models = "/data/ollama/home/models";
environmentVariables = {
@@ -35,4 +35,8 @@
group = "ollama";
acceleration = "rocm";
};
+
+ #services.nextjs-ollama-llm-ui = {
+
+ #};
}
diff --git a/host/Rory-desktop/optional/hardware-specific/amd.nix b/host/Rory-desktop/optional/hardware-specific/amd.nix
index 3ae47d2..509ff14 100644
--- a/host/Rory-desktop/optional/hardware-specific/amd.nix
+++ b/host/Rory-desktop/optional/hardware-specific/amd.nix
@@ -32,9 +32,9 @@
enable32Bit = true;
extraPackages = with pkgs; [
rocmPackages.clr.icd
- amdvlk
+ #amdvlk
];
- extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
+ #extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
};
};
diff --git a/host/Rory-nginx/services/email/maddy.conf b/host/Rory-nginx/services/email/maddy.conf
new file mode 100644
index 0000000..1d3eb2f
--- /dev/null
+++ b/host/Rory-nginx/services/email/maddy.conf
@@ -0,0 +1,124 @@
+
+# Minimal configuration with TLS disabled, adapted from upstream example
+# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
+# Do not use this in production!
+
+auth.pass_table local_authdb {
+ table sql_table {
+ driver sqlite3
+ dsn credentials.db
+ table_name passwords
+ }
+}
+
+storage.imapsql local_mailboxes {
+ driver sqlite3
+ dsn imapsql.db
+}
+
+table.chain local_rewrites {
+ optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
+ optional_step static {
+ entry postmaster root@$(primary_domain)
+ }
+ optional_step file /etc/maddy/aliases
+}
+
+msgpipeline local_routing {
+ destination postmaster $(local_domains) {
+ modify {
+ replace_rcpt &local_rewrites
+ }
+ deliver_to &local_mailboxes
+ }
+ default_destination {
+ reject 550 5.1.1 "User doesn't exist"
+ }
+}
+
+smtp tcp://0.0.0.0:25 {
+ limits {
+ all rate 20 1s
+ all concurrency 10
+ }
+ dmarc yes
+ check {
+ require_mx_record
+ dkim
+ spf
+ }
+ source $(local_domains) {
+ reject 501 5.1.8 "Use Submission for outgoing SMTP"
+ }
+ default_source {
+ destination postmaster $(local_domains) {
+ deliver_to &local_routing
+ }
+ default_destination {
+ reject 550 5.1.1 "User doesn't exist"
+ }
+ }
+}
+
+submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
+ limits {
+ all rate 50 1s
+ }
+ auth &local_authdb
+ source $(local_domains) {
+ check {
+ authorize_sender {
+ prepare_email &local_rewrites
+ user_to_email identity
+ }
+ }
+ destination postmaster $(local_domains) {
+ deliver_to &local_routing
+ }
+ default_destination {
+ modify {
+ dkim $(primary_domain) $(local_domains) default
+ }
+ deliver_to &remote_queue
+ }
+ }
+ default_source {
+ reject 501 5.1.8 "Non-local sender domain"
+ }
+}
+
+target.remote outbound_delivery {
+ limits {
+ destination rate 20 1s
+ destination concurrency 10
+ }
+ mx_auth {
+ dane
+ mtasts {
+ cache fs
+ fs_dir mtasts_cache/
+ }
+ local_policy {
+ min_tls_level encrypted
+ min_mx_level none
+ }
+ }
+}
+
+target.queue remote_queue {
+ target &outbound_delivery
+ autogenerated_msg_domain $(primary_domain)
+ bounce {
+ destination postmaster $(local_domains) {
+ deliver_to &local_routing
+ }
+ default_destination {
+ reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
+ }
+ }
+}
+
+imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
+ auth &local_authdb
+ storage &local_mailboxes
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/email/maddy.nix b/host/Rory-nginx/services/email/maddy.nix
index 0dfc2e4..8f89405 100644
--- a/host/Rory-nginx/services/email/maddy.nix
+++ b/host/Rory-nginx/services/email/maddy.nix
@@ -15,15 +15,17 @@
ensureCredentials = {
"root@rory.gay".passwordFile = "/var/lib/maddy/passwd/root";
};
- config =
+ config = #builtins.readFile ./maddy.conf;
builtins.replaceStrings
[
"imap tcp://0.0.0.0:143"
"submission tcp://0.0.0.0:587"
+ "entry postmaster postmaster@$(primary_domain)"
]
[
"imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
"submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
+ "entry postmaster root@$(primary_domain)"
]
options.services.maddy.config.default;
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
index 5b3d4bf..fd75817 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
@@ -21,7 +21,7 @@ let
"~ ^/_matrix/federation/(v1|v2)/send_leave/"
"~ ^/_matrix/federation/v1/make_knock/"
"~ ^/_matrix/federation/v1/send_knock/"
- "~ ^/_matrix/federation/(v1|v2)/invite/"
+ # "~ ^/_matrix/federation/(v1|v2)/invite/" # Needs special handling, define manually
"~ ^/_matrix/federation/(v1|v2)/query_auth/"
"~ ^/_matrix/federation/(v1|v2)/event_auth/"
"~ ^/_matrix/federation/v1/timestamp_to_event/"
@@ -134,6 +134,14 @@ in
)
)
);
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations."~ ^/_matrix/federation/(v1|v2)/invite/" = {
+ proxyPass = "http://${workerName}-federation";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
};
};
}
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/module.nix b/host/Rory-nginx/services/matrix/synapse/workers/module.nix
index 32f2095..d761421 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/module.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/module.nix
@@ -68,6 +68,12 @@ in
default = null;
description = "The virtual host name for the nginx server";
};
+
+ allowedRemoteInviteOrigins = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [];
+ description = "List of allowed remote invite origins";
+ };
};
config = {
@@ -110,5 +116,20 @@ in
message = "Only one shared stream writer is supported";
}
];
+
+ # Matrix utility maps
+ services.nginx.httpConfig = ''
+ # Map authorization header to origin name
+ map $http_authorization $mx_origin_name {
+ default "";
+ "~*X-Matrix origin=(?<origin>[^,]+)" $origin;
+ }
+
+ # Map origin name to whether it can invite
+ map $mx_origin_name $mx_can_invite {
+ default 0;
+ ${lib.concatMapStringsSep "\n" (origin: " \"${origin}\" 1;") cfg.allowedRemoteInviteOrigins}
+ }
+ '';
};
}
diff --git a/modules/base-client.nix b/modules/base-client.nix
index 6537f92..44f30b2 100755
--- a/modules/base-client.nix
+++ b/modules/base-client.nix
@@ -43,7 +43,8 @@
];
fonts.packages = with pkgs; [
- (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+ #(nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+ nerd-fonts.jetbrains-mono
cozette
];
|