From 6ede343e56010240e6d5d9f3533a0a16a576f172 Mon Sep 17 00:00:00 2001 From: Stefan Kempinger Date: Tue, 17 Feb 2026 08:53:50 +0100 Subject: [PATCH 1/3] Enable Snowflake proxy with capacity 50 --- heimserver/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/heimserver/configuration.nix b/heimserver/configuration.nix index f4580cf..c244737 100644 --- a/heimserver/configuration.nix +++ b/heimserver/configuration.nix @@ -894,6 +894,11 @@ # }; }; }; + + services.snowflake-proxy = { + enable = true; + capacity = 50; + }; nixpkgs.config.allowUnfree = true; From 40642acf030df89cd343a1f59f86e8726b90c3aa Mon Sep 17 00:00:00 2001 From: Stefan Kempinger Date: Wed, 18 Feb 2026 01:05:05 +0100 Subject: [PATCH 2/3] fix jmap setup --- heimserver/configuration.nix | 46 ++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/heimserver/configuration.nix b/heimserver/configuration.nix index c244737..d45ec88 100644 --- a/heimserver/configuration.nix +++ b/heimserver/configuration.nix @@ -102,14 +102,14 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at" ]; }; - + users.users."stalwart-mail".extraGroups = [ - "acme" - ]; - + "acme" + ]; + users.users."nginx".extraGroups = [ - "acme" - ]; + "acme" + ]; users.users.immich.extraGroups = [ "video" @@ -206,17 +206,19 @@ virtualHosts."webadmin.kempinger.at" = { forceSSL = true; useACMEHost = "webadmin.kempinger.at"; - #acmeRoot = null; serverAliases = [ "mta-sts.kempinger.at" "autoconfig.kempinger.at" "autodiscover.kempinger.at" - "mail.kempinger.at" "imap.kempinger.at" "mx1.kempinger.at" + "mail.kempinger.at" ]; locations."/" = { proxyPass = "http://127.0.0.1:8090"; + }; + locations."/jmap" = { + proxyPass = "http://127.0.0.1:8091/jmap"; }; }; virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = { @@ -842,7 +844,7 @@ openFirewall = true; settings = { server = { - hostname = "mx1.kempinger.at"; + hostname = "mail.kempinger.at"; tls = { enable = true; implicit = true; @@ -858,12 +860,12 @@ tls.implicit = true; }; imaps = { - bind = "[::]:993"; + bind = "192.168.69.69:993"; protocol = "imap"; tls.implicit = true; }; jmap = { - bind = "0.0.0.0:8091"; + bind = "127.0.0.1:8091"; url = "https://mail.kempinger.at"; protocol = "http"; }; @@ -873,28 +875,32 @@ }; }; }; - resolver.type = "custom"; - resolver.custom = [ "udp://127.0.0.1:53" ]; + resolver = { + type = "custom"; + custom = [ "udp://127.0.0.1:53" ]; + }; + + http.base-url = "'https://' + config_get('server.hostname')"; certificate."default" = { cert = "%{file:${config.security.acme.certs."webadmin.kempinger.at".directory}/fullchain.pem}%"; private-key = "%{file:${config.security.acme.certs."webadmin.kempinger.at".directory}/key.pem}%"; }; - + lookup.default = { - hostname = "mx1.kempinger.at"; + hostname = "mail.kempinger.at"; domain = "kempinger.at"; }; session.rcpt.directory = "'internal'"; directory."imap".lookup.domains = [ "kempinger.at" ]; - # authentication.fallback-admin = { - # user = "admin"; - # secret = "bcrypt-hash"; - # }; + authentication.fallback-admin = { + user = "admin"; + secret = "$2b$10$f3gV764s.cE9Dqb0OW2SeOIO5eJdrBlTu/lDH7IlvFUYlUZF.CxXW"; + }; }; }; - + services.snowflake-proxy = { enable = true; capacity = 50; From 6b5dc94ad8e3cd3e2f1cb458f934f6464e3abecb Mon Sep 17 00:00:00 2001 From: Stefan Kempinger Date: Mon, 23 Feb 2026 10:42:49 +0100 Subject: [PATCH 3/3] Update flake.lock and enable System76 scheduler Bump several flake inputs to newer revisions (crane, lanzaboote, nixos-hardware, nixpkgs, pre-commit-hooks.nix, rust-overlay). Add users.groups.kemp and enable services.system76-scheduler. Tidy minor whitespace. --- flake.lock | 36 ++++++++++++++++++------------------ kemptop/configuration.nix | 11 ++++++++--- 2 files changed, 26 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index d7e1add..e5d196b 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "crane": { "locked": { - "lastModified": 1770419512, - "narHash": "sha256-o8Vcdz6B6bkiGUYkZqFwH3Pv1JwZyXht3dMtS7RchIo=", + "lastModified": 1771121070, + "narHash": "sha256-aIlv7FRXF9q70DNJPI237dEDAznSKaXmL5lfK/Id/bI=", "owner": "ipetkov", "repo": "crane", - "rev": "2510f2cbc3ccd237f700bb213756a8f35c32d8d7", + "rev": "a2812c19f1ed2e5ed5ce2ef7109798b575c180e1", "type": "github" }, "original": { @@ -65,11 +65,11 @@ ] }, "locked": { - "lastModified": 1770734117, - "narHash": "sha256-PNXSnK507MRj+hYMgnUR7InNJzVCmOfsjHV4YXZgpwQ=", + "lastModified": 1771492583, + "narHash": "sha256-nQzvnU4BGu8dA6BsPPCqmVcab/3ebVmHtX3ZWbW3Hxc=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "2038a9a19adb886eccba775321b055fdbdc5029d", + "rev": "5e9380994665ef66c87ab8e22c913ff837174ce4", "type": "github" }, "original": { @@ -80,11 +80,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1770631810, - "narHash": "sha256-b7iK/x+zOXbjhRqa+XBlYla4zFvPZyU5Ln2HJkiSnzc=", + "lastModified": 1771423359, + "narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2889685785848de940375bf7fea5e7c5a3c8d502", + "rev": "740a22363033e9f1bb6270fbfb5a9574067af15b", "type": "github" }, "original": { @@ -95,11 +95,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "lastModified": 1771369470, + "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "rev": "0182a361324364ae3f436a63005877674cf45efb", "type": "github" }, "original": { @@ -119,11 +119,11 @@ ] }, "locked": { - "lastModified": 1769939035, - "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", + "lastModified": 1770726378, + "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "a8ca480175326551d6c4121498316261cbb5b260", + "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", "type": "github" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1770693064, - "narHash": "sha256-Pomhlz+3/6uRJUhKz/kJwmJUux8GTWbXlCX4/RxlXLo=", + "lastModified": 1771729765, + "narHash": "sha256-HNsDSR5bhLSrIpi9bTb2uTK1qnPo1xFSBxs6YmFyprk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "a5f6d8a6a6868db2a3055cfe2b5dd01422780433", + "rev": "be926cb1a76e8450ab2b92121b2e88d09fa4d41c", "type": "github" }, "original": { diff --git a/kemptop/configuration.nix b/kemptop/configuration.nix index 025f4bb..cba48be 100644 --- a/kemptop/configuration.nix +++ b/kemptop/configuration.nix @@ -24,8 +24,8 @@ # Use the systemd-boot EFI boot loader. boot = { binfmt.emulatedSystems = [ "aarch64-linux" ]; - binfmt.preferStaticEmulators = true; - + binfmt.preferStaticEmulators = true; + plymouth = { enable = true; theme = "abstract_ring_alt"; @@ -100,6 +100,10 @@ ]; }; + users.groups.kemp = { + members = [ "kemp" ]; + }; + environment.systemPackages = with pkgs; [ wget usbutils @@ -194,6 +198,7 @@ }; services.desktopManager.cosmic.enable = true; services.desktopManager.cosmic.xwayland.enable = true; + services.system76-scheduler.enable = true; services.fwupd.enable = true; services.pipewire.enable = true; services.fprintd.enable = true; @@ -249,7 +254,7 @@ virtualisation.spiceUSBRedirection.enable = true; virtualisation.libvirtd.enable = true; virtualisation.libvirtd.qemu.vhostUserPackages = [ pkgs.virtiofsd ]; - + systemd.user.extraConfig = '' DefaultEnvironment="PATH=/run/wrappers/bin:/home/%u/.nix-profile/bin:/nix/profile/bin:/home/%u/.local/state/nix/profile/bin:/etc/profiles/per-user/%u/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" '';