diff --git a/flake.lock b/flake.lock index 6c6634f3..9bdb5d55 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1718194053, - "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", "owner": "serokell", "repo": "deploy-rs", - "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1725377834, - "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "lastModified": 1727531434, + "narHash": "sha256-b+GBgCWd2N6pkiTkRZaMFOPztPO4IVTaclYPrQl2uLk=", "owner": "nix-community", "repo": "disko", - "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "rev": "b709e1cc33fcde71c7db43850a55ebe6449d0959", "type": "github" }, "original": { @@ -360,11 +360,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -484,11 +484,11 @@ ] }, "locked": { - "lastModified": 1725703823, - "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -568,11 +568,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1725600800, - "narHash": "sha256-wst7p3RZ9kZUNzN22d27wU8YSBB7Grlx6Q03A7boRaU=", + "lastModified": 1727453186, + "narHash": "sha256-nZRCfVEZ9osWXsCD0xCpU66M8JkabMTukBzPRrD/CTA=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "2d050e65a71e02a1f19d1a35c086bd2e3dfb2cdb", + "rev": "3390ff2632d0d8a14c92473db60fa52bf881f979", "type": "github" }, "original": { @@ -612,11 +612,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1725192674, - "narHash": "sha256-xEAVzgkjtdi9b4nl1yHWtiaPqYuvB7pwU9OurXv9Lls=", + "lastModified": 1727007123, + "narHash": "sha256-B2WqDa4Sd7EVrGfxnVSCL39yOKWqn14vhhTGlbtd+48=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "3f10d853f98081feec35b736e38da91202a87c3a", + "rev": "e4bb2b4962e79814c38862dce5eca90af3de6a3c", "type": "github" }, "original": { @@ -654,11 +654,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1723372011, - "narHash": "sha256-zqenoufFiPfobw74idorZMG8AXG3DnFzbHplt/Nkvrg=", + "lastModified": 1726859423, + "narHash": "sha256-7H4u29z/Qwi/KsXS3ucrvXr/gx2fqT48i8EpKMBpMvs=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "8802412b8747633e9d80639897e4d58fa6290909", + "rev": "6684d2074e3cde8a180ef87fac284d6f02ac16d0", "type": "github" }, "original": { @@ -713,11 +713,11 @@ }, "nixlib": { "locked": { - "lastModified": 1725152544, - "narHash": "sha256-Tm344cnFM9f2YZsgWtJduvhIrvLr3Bi8J4Xc+UZDKYE=", + "lastModified": 1726966855, + "narHash": "sha256-25ByioeOBFcnitO5lM/Mufnv/u7YtHEHEM8QFuiS40k=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "7f0b9e4fbd91826cb9ce6babbc11c87903191051", + "rev": "575704ff85d3a41dc5bfef7b55380cbc7b87f3c2", "type": "github" }, "original": { @@ -734,11 +734,11 @@ ] }, "locked": { - "lastModified": 1725497951, - "narHash": "sha256-fayKyVs/9FQdYH+3SCOkQM1GCsEPPVE+lSiVGlYQ7i0=", + "lastModified": 1727312535, + "narHash": "sha256-exnTgS6OBYvEa8v5x8UsLQK2ERdDFwXNFQHoT2cqycY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "15a07ebf4a041bf232026263f1f96f2af390f3bc", + "rev": "f31447cd3f8e54674bd1675969e97e6043a309bc", "type": "github" }, "original": { @@ -749,11 +749,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725716377, - "narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=", + "lastModified": 1727595438, + "narHash": "sha256-bAvkJYuZKeDwW/J/Ga/axplEbYbQhq6jdQBVdGcpuO8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6", + "rev": "8e8c6cbad12ef805268b4e380a7298fbc275898d", "type": "github" }, "original": { @@ -765,11 +765,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723991338, - "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", + "lastModified": 1726755586, + "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a3354191c0d7144db9756a74755672387b702ba", + "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", "type": "github" }, "original": { @@ -781,11 +781,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1725152544, - "narHash": "sha256-Tm344cnFM9f2YZsgWtJduvhIrvLr3Bi8J4Xc+UZDKYE=", + "lastModified": 1726966855, + "narHash": "sha256-25ByioeOBFcnitO5lM/Mufnv/u7YtHEHEM8QFuiS40k=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "7f0b9e4fbd91826cb9ce6babbc11c87903191051", + "rev": "575704ff85d3a41dc5bfef7b55380cbc7b87f3c2", "type": "github" }, "original": { @@ -812,11 +812,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", "type": "github" }, "original": { @@ -828,11 +828,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1727348695, + "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", "type": "github" }, "original": { @@ -849,11 +849,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1725743916, - "narHash": "sha256-ftc57SVHxwTPRqVKoOCXXGRVRDOc1O67ZEE0znTugW0=", + "lastModified": 1727472280, + "narHash": "sha256-SKMFwHkYYldzzZQbquB7FUyfrB43D/BGH3xeZ8hfFCc=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "048313828f04289121f9c5e5e4ab042be74db77f", + "rev": "811af6abf4990f27919f39319f8950a4f2f57aab", "type": "github" }, "original": { @@ -864,11 +864,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1725407940, - "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", + "lastModified": 1727540905, + "narHash": "sha256-40J9tW7Y794J7Uw4GwcAKlMxlX2xISBl6IBigo83ih8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", + "rev": "fbca5e745367ae7632731639de5c21f29c8744ed", "type": "github" }, "original": { @@ -895,11 +895,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1727348695, + "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", "type": "github" }, "original": { @@ -927,11 +927,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1725194671, - "narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", + "lastModified": 1725534445, + "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c", + "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", "type": "github" }, "original": { @@ -985,11 +985,11 @@ }, "nur": { "locked": { - "lastModified": 1725741028, - "narHash": "sha256-/CornZK9spEoVBOXdR/Rf36Hm5WqyIM9u+JXU1ffMEs=", + "lastModified": 1727596560, + "narHash": "sha256-222fcWG6s13RXuAK711nbrHs6wOb3UORXJ/vt3rCM60=", "owner": "nix-community", "repo": "NUR", - "rev": "c92b904814d4a89d323c90e249c84ef6629ffade", + "rev": "6acf80f88c3f8fbf4f95f5df7a936a488a7bca12", "type": "github" }, "original": { @@ -1006,11 +1006,11 @@ ] }, "locked": { - "lastModified": 1725727445, - "narHash": "sha256-f5TrY73wfL4kvRmEtZXpzgCuxVFlNqMUNY6QSX16IPA=", + "lastModified": 1727463368, + "narHash": "sha256-5glMknkwQejUrKy28iy/kCFlSMwHcVyf/whmxqD0ggk=", "owner": "pjones", "repo": "plasma-manager", - "rev": "1b9c8200d6438c98c427536abbc5b6fd6a5250c8", + "rev": "29ad64f0ac4ae84710dfeb1d37572d95c94cbfd8", "type": "github" }, "original": { @@ -1092,11 +1092,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1725540166, - "narHash": "sha256-htc9rsTMSAY5ek+DB3tpntdD/es0eam2hJgO92bWSys=", + "lastModified": 1727423009, + "narHash": "sha256-+4B/dQm2EnORIk0k2wV3aHGaE0WXTBjColXjj7qWh10=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d9d781523a1463965cd1e1333a306e70d9feff07", + "rev": "127a96f49ddc377be6ba76964411bab11ae27803", "type": "github" }, "original": { diff --git a/nixos/hosts/frankfurt-linode-01/firewall.nix b/nixos/hosts/frankfurt-linode-01/firewall.nix index 6b0b00f3..31473f6c 100644 --- a/nixos/hosts/frankfurt-linode-01/firewall.nix +++ b/nixos/hosts/frankfurt-linode-01/firewall.nix @@ -51,6 +51,265 @@ }; environment.systemPackages = [ pkgs.cacert ]; + + environment.etc."haproxy/blocked-ips" = '' + # https://openai.com/searchbot.json + 20.42.10.176/28 + 172.203.190.128/28 + 51.8.102.0/24 + + # https://openai.com/chatgpt-user.json + 23.98.142.176/28 + 40.84.180.224/28 + 13.65.240.240/28 + 20.97.189.96/28 + 20.161.75.208/28 + 52.225.75.208/28 + 52.156.77.144/28 + 40.84.221.208/28 + 40.84.221.224/28 + 40.84.180.64/28 + 23.98.179.16/28 + + # https://openai.com/gptbot.json + 52.230.152.0/24 + 52.233.106.0/24 + 20.171.206.0/24 + + # https://developers.google.com/search/apis/ipranges/googlebot.json + 2001:4860:4801:10::/64 + 2001:4860:4801:11::/64 + 2001:4860:4801:12::/64 + 2001:4860:4801:13::/64 + 2001:4860:4801:14::/64 + 2001:4860:4801:15::/64 + 2001:4860:4801:16::/64 + 2001:4860:4801:17::/64 + 2001:4860:4801:18::/64 + 2001:4860:4801:19::/64 + 2001:4860:4801:1a::/64 + 2001:4860:4801:1b::/64 + 2001:4860:4801:1c::/64 + 2001:4860:4801:1d::/64 + 2001:4860:4801:1e::/64 + 2001:4860:4801:1f::/64 + 2001:4860:4801:20::/64 + 2001:4860:4801:21::/64 + 2001:4860:4801:22::/64 + 2001:4860:4801:23::/64 + 2001:4860:4801:24::/64 + 2001:4860:4801:25::/64 + 2001:4860:4801:26::/64 + 2001:4860:4801:27::/64 + 2001:4860:4801:28::/64 + 2001:4860:4801:29::/64 + 2001:4860:4801:2::/64 + 2001:4860:4801:2a::/64 + 2001:4860:4801:2b::/64 + 2001:4860:4801:2c::/64 + 2001:4860:4801:2d::/64 + 2001:4860:4801:2e::/64 + 2001:4860:4801:2f::/64 + 2001:4860:4801:31::/64 + 2001:4860:4801:32::/64 + 2001:4860:4801:33::/64 + 2001:4860:4801:34::/64 + 2001:4860:4801:35::/64 + 2001:4860:4801:36::/64 + 2001:4860:4801:37::/64 + 2001:4860:4801:38::/64 + 2001:4860:4801:39::/64 + 2001:4860:4801:3a::/64 + 2001:4860:4801:3b::/64 + 2001:4860:4801:3c::/64 + 2001:4860:4801:3d::/64 + 2001:4860:4801:3e::/64 + 2001:4860:4801:40::/64 + 2001:4860:4801:41::/64 + 2001:4860:4801:42::/64 + 2001:4860:4801:43::/64 + 2001:4860:4801:44::/64 + 2001:4860:4801:45::/64 + 2001:4860:4801:46::/64 + 2001:4860:4801:47::/64 + 2001:4860:4801:48::/64 + 2001:4860:4801:49::/64 + 2001:4860:4801:4a::/64 + 2001:4860:4801:50::/64 + 2001:4860:4801:51::/64 + 2001:4860:4801:53::/64 + 2001:4860:4801:54::/64 + 2001:4860:4801:55::/64 + 2001:4860:4801:60::/64 + 2001:4860:4801:61::/64 + 2001:4860:4801:62::/64 + 2001:4860:4801:63::/64 + 2001:4860:4801:64::/64 + 2001:4860:4801:65::/64 + 2001:4860:4801:66::/64 + 2001:4860:4801:67::/64 + 2001:4860:4801:68::/64 + 2001:4860:4801:69::/64 + 2001:4860:4801:6a::/64 + 2001:4860:4801:6b::/64 + 2001:4860:4801:6c::/64 + 2001:4860:4801:6d::/64 + 2001:4860:4801:6e::/64 + 2001:4860:4801:6f::/64 + 2001:4860:4801:70::/64 + 2001:4860:4801:71::/64 + 2001:4860:4801:72::/64 + 2001:4860:4801:73::/64 + 2001:4860:4801:74::/64 + 2001:4860:4801:75::/64 + 2001:4860:4801:76::/64 + 2001:4860:4801:77::/64 + 2001:4860:4801:78::/64 + 2001:4860:4801:79::/64 + 2001:4860:4801:80::/64 + 2001:4860:4801:81::/64 + 2001:4860:4801:82::/64 + 2001:4860:4801:83::/64 + 2001:4860:4801:84::/64 + 2001:4860:4801:85::/64 + 2001:4860:4801:86::/64 + 2001:4860:4801:87::/64 + 2001:4860:4801:88::/64 + 2001:4860:4801:90::/64 + 2001:4860:4801:91::/64 + 2001:4860:4801:92::/64 + 2001:4860:4801:93::/64 + 2001:4860:4801:c::/64 + 2001:4860:4801:f::/64 + 192.178.5.0/27 + 192.178.6.0/27 + 34.100.182.96/28 + 34.101.50.144/28 + 34.118.254.0/28 + 34.118.66.0/28 + 34.126.178.96/28 + 34.146.150.144/28 + 34.147.110.144/28 + 34.151.74.144/28 + 34.152.50.64/28 + 34.154.114.144/28 + 34.155.98.32/28 + 34.165.18.176/28 + 34.175.160.64/28 + 34.176.130.16/28 + 34.22.85.0/27 + 34.64.82.64/28 + 34.65.242.112/28 + 34.80.50.80/28 + 34.88.194.0/28 + 34.89.10.80/28 + 34.89.198.80/28 + 34.96.162.48/28 + 35.247.243.240/28 + 66.249.64.0/27 + 66.249.64.128/27 + 66.249.64.160/27 + 66.249.64.224/27 + 66.249.64.32/27 + 66.249.64.64/27 + 66.249.64.96/27 + 66.249.65.0/27 + 66.249.65.160/27 + 66.249.65.192/27 + 66.249.65.224/27 + 66.249.65.32/27 + 66.249.65.64/27 + 66.249.65.96/27 + 66.249.66.0/27 + 66.249.66.160/27 + 66.249.66.192/27 + 66.249.66.32/27 + 66.249.66.64/27 + 66.249.66.96/27 + 66.249.68.0/27 + 66.249.68.32/27 + 66.249.68.64/27 + 66.249.69.0/27 + 66.249.69.128/27 + 66.249.69.160/27 + 66.249.69.192/27 + 66.249.69.224/27 + 66.249.69.32/27 + 66.249.69.64/27 + 66.249.69.96/27 + 66.249.70.0/27 + 66.249.70.128/27 + 66.249.70.160/27 + 66.249.70.192/27 + 66.249.70.224/27 + 66.249.70.32/27 + 66.249.70.64/27 + 66.249.70.96/27 + 66.249.71.0/27 + 66.249.71.128/27 + 66.249.71.160/27 + 66.249.71.192/27 + 66.249.71.224/27 + 66.249.71.32/27 + 66.249.71.64/27 + 66.249.71.96/27 + 66.249.72.0/27 + 66.249.72.128/27 + 66.249.72.160/27 + 66.249.72.192/27 + 66.249.72.224/27 + 66.249.72.32/27 + 66.249.72.64/27 + 66.249.72.96/27 + 66.249.73.0/27 + 66.249.73.128/27 + 66.249.73.160/27 + 66.249.73.192/27 + 66.249.73.224/27 + 66.249.73.32/27 + 66.249.73.64/27 + 66.249.73.96/27 + 66.249.74.0/27 + 66.249.74.128/27 + 66.249.74.32/27 + 66.249.74.64/27 + 66.249.74.96/27 + 66.249.75.0/27 + 66.249.75.128/27 + 66.249.75.160/27 + 66.249.75.192/27 + 66.249.75.224/27 + 66.249.75.32/27 + 66.249.75.64/27 + 66.249.75.96/27 + 66.249.76.0/27 + 66.249.76.128/27 + 66.249.76.160/27 + 66.249.76.192/27 + 66.249.76.224/27 + 66.249.76.32/27 + 66.249.76.64/27 + 66.249.76.96/27 + 66.249.77.0/27 + 66.249.77.128/27 + 66.249.77.160/27 + 66.249.77.192/27 + 66.249.77.224/27 + 66.249.77.32/27 + 66.249.77.64/27 + 66.249.77.96/27 + 66.249.78.0/27 + 66.249.78.32/27 + 66.249.79.0/27 + 66.249.79.128/27 + 66.249.79.160/27 + 66.249.79.192/27 + 66.249.79.224/27 + 66.249.79.32/27 + 66.249.79.64/27 + 66.249.79.96/27 + + ''; services.haproxy = { enable = true; @@ -66,6 +325,10 @@ mode http bind :80 bind :443 ssl crt /Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/combined.pem + + acl is-blocked-ip src -f /etc/haproxy/blocked-ips + http-request deny if is-blocked-ip + http-request redirect scheme https unless { ssl_fc } default_backend backend_http backend backend_http diff --git a/stylix/themes/default/home-manager/plasma6.nix b/stylix/themes/default/home-manager/plasma6.nix new file mode 100644 index 00000000..4c689f6a --- /dev/null +++ b/stylix/themes/default/home-manager/plasma6.nix @@ -0,0 +1,8 @@ +{ lib, ... }: { + programs.bash.sessionVariables = { + GTK_THEME = lib.mkForce "Breeze"; # To set the firefox theme + }; + programs.fish.shellInit = '' + set GTK_THEME "Breeze" + ''; +}