zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: zuckerberg:a34238b3a9ec03891e8c93da81601c753800fd60
Branches Tags
zuckerberg:master
zuckerberg:stage
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client
...
compare: zuckerberg:1065cc4b594b8d0184e2a698a7a82d257f729f5e
Branches Tags
zuckerberg:stage
zuckerberg:master
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client

2 Commits
a34238b3a9 ... 1065cc4b59

Author SHA1 Message Date
Zuckerberg
1065cc4b59 Enable gitea email notifications 2023-04-09 22:05:23 -06:00
Zuckerberg
154b37879b Cross off finished TODOs 2023-04-09 22:04:51 -06:00
5 changed files with 20 additions and 16 deletions
Show Stats Expand all files Collapse all files

12
TODO.md
View File

@ -10,24 +10,13 @@
- https://nixos.wiki/wiki/Comparison_of_NixOS_setups
### Housekeeping
- Format everything here using nixfmt
- Cleanup the line between hardware-configuration.nix and configuration.nix in machine config
- CI https://gvolpe.com/blog/nixos-binary-cache-ci/
- remove `options.currentSystem`
- allow `hostname` option for webservices to be null to disable configuring nginx
### NAS
- helios64 extra led lights
- safely turn off NAS on power disconnect
- hardware de/encoding for rk3399 helios64 https://forum.pine64.org/showthread.php?tid=14018
- tor unlock
### bcachefs
- bcachefs health alerts via email
- bcachefs periodic snapshotting
- use mount.bcachefs command for mounting
- bcachefs native encryption
- just need a kernel module? https://github.com/firestack/bcachefs-tools-flake/blob/kf/dev/mvp/nixos/module/bcachefs.nix#L40
### Shell Comands
- tailexitnode = `sudo tailscale up --exit-node=<exit-node-ip> --exit-node-allow-lan-access=true`
@ -53,7 +42,6 @@
- replace nextcloud with seafile
### Archive
- https://www.backblaze.com/b2/cloud-storage.html
- email
- https://github.com/Disassembler0/dovecot-archive/blob/main/src/dovecot_archive.py
- http://kb.unixservertech.com/software/dovecot/archiveserver

15
common/server/gitea.nix
View File

@ -32,12 +32,19 @@ in
};
mailer = {
ENABLED = true;
MAILER_TYPE = "sendmail";
FROM = "do-not-reply@neet.dev";
SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
SENDMAIL_ARGS = "--";
MAILER_TYPE = "smtp";
SMTP_ADDR = "mail.neet.dev";
SMTP_PORT = "465";
IS_TLS_ENABLED = true;
USER = "robot@runyan.org";
FROM = "no-reply@neet.dev";
};
};
mailerPasswordFile = "/run/agenix/robots-email-pw";
};
age.secrets.robots-email-pw = {
file = ../../secrets/robots-email-pw.age;
owner = config.services.gitea.user;
};
# backups

8
common/server/mailserver.nix
View File

@ -37,6 +37,14 @@ in
# catchall for all domains
aliases = map (domain: "@${domain}") domains;
};
"robot@runyan.org" = {
aliases = [
"no-reply@neet.dev"
"robot@neet.dev"
];
sendOnly = true;
hashedPassword = "$2b$05$hkmwXGJSKuG/1.SmLecWSuzlq1F5pjp2ScoipQoVLR0ssSN5MgRs.";
};
};
rejectRecipients = [
"george@runyan.org"

BIN
secrets/robots-email-pw.age Normal file
View File

Binary file not shown.

1
secrets/secrets.nix
View File

@ -15,6 +15,7 @@ in
# email
"email-pw.age".publicKeys = all;
"sasl_relay_passwd.age".publicKeys = all;
"robots-email-pw.age".publicKeys = all;
# vpn
"iodine.age".publicKeys = all;