network: rework wpa supplicant

2024-11-14 21:03:10 +01:00 · 2024-08-22 11:39:42 +02:00 · 2024-08-22 11:39:42 +02:00 · 076a7cacfe
parent f8561e3246
commit 076a7cacfe
4 changed files with 90 additions and 85 deletions
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -20,7 +20,6 @@
    "soft-reboot.target"
    "systemd-soft-reboot.service"
  ];
-
  # Use the systemd-boot EFI boot loader.
  boot = {
    kernelModules = [ "v4l2loopback" ];
@ -107,7 +106,7 @@


  services = {
-    # envfs.enable = true; #usr/bin fixes
+    envfs.enable = true; #usr/bin fixes
    blueman.enable = true; # bluetooth
    devmon.enable = true; # automount stuff
    upower.enable = true;
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -36,7 +36,7 @@
      "2620:fe::9"
    ];
    # allow downgrade since fritzbox at home doesn't support it (yet?)
-    dnssec = "allow-downgrade";
+    # dnssec = "allow-downgrade";
  };
  networking = {
    nftables.enable = true;
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
  age.secrets = {
    tud.file = ../../../../secrets/thinkpad/tud.age;
@ -8,15 +8,12 @@
    };
  };
  networking = {
-    supplicant = rec {
-      enp0s31f6 = {
+    supplicant = {
+      "LAN" = {
        userControlled.enable = true;
        driver = "wired";
        configFile.path = config.age.secrets.dyport-auth.path;
      };
-      # ugly way to add more interfaces
-      # "enp0s13f0u2u1" = enp0s31f6;
-      # "enp0s13f0u3u1" = enp0s31f6;
    };
    wireless.networks = {
      eduroam = {
@ -143,5 +140,9 @@
        LockPersonality = true;
      };
    };
+    # fix systemd dependencies for supplicant services
+    "supplicant-lan@" = {
+      wantedBy = lib.mkForce [ ];
+    };
  };
 }
--- a/shared/zsh.nix
+++ b/shared/zsh.nix
@ -1,4 +1,19 @@
 { pkgs, config, lib, ... }:
+let
+  switch = pkgs.writeShellScript "switch.sh" ''
+    OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s)
+    ${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH
+    ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH
+    $OUT_PATH/bin/switch-to-configuration switch 
+    unlink $OUT_PATH
+  '';
+  garbage = pkgs.writeShellScript "garbage.sh" ''
+    nix-collect-garbage -d
+    echo Cleaning up boot entries...
+    /run/current-system/bin/switch-to-configuration boot
+    echo Done
+  '';
+in
 {
  programs.command-not-found.enable = false;
  programs.nix-index-database.comma.enable = true;
@ -15,88 +30,78 @@
  programs.fzf = {
    keybindings = true;
  };
-  programs.zsh = {
-    enable = true;
-    shellAliases = {
-      rm = "trash";
-      ls = "eza --icons";
-      l = "ls -l";
-      ll = "ls -la";
-      la = "ls -a";
-      less = "bat";
-      update = "cd /etc/nixos && nix flake update";
-      msh = "f() {mosh $1 zsh};f";
-    };
-    histSize = 100000;
-    histFile = "~/.local/share/zsh/history";
-    syntaxHighlighting.enable = true;
-    autosuggestions = {
+  programs.zsh =
+    {
      enable = true;
-      highlightStyle = "fg=#00bbbb,bold";
-    };
-    shellInit = ''
-      zsh-newuser-install () {}
-    '';
+      shellAliases = {
+        rm = "trash";
+        ls = "eza --icons";
+        l = "ls -l";
+        ll = "ls -la";
+        la = "ls -a";
+        less = "bat";
+        run0 = "run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE";
+        update = "cd /etc/nixos && nix flake update";
+        switch = "run0 ${switch}";
+      };
+      histSize = 100000;
+      histFile = "~/.local/share/zsh/history";
+      syntaxHighlighting.enable = true;
+      autosuggestions = {
+        enable = true;
+        highlightStyle = "fg=#00bbbb,bold";
+      };
+      shellInit = ''
+        zsh-newuser-install () {}
+      '';

-    interactiveShellInit =
-      ''
-        export MCFLY_KEY_SCHEME=vim
-        export MCFLY_FUZZY=2
-        export MCFLY_DISABLE_MENU=TRUE
-        export MCFLY_RESULTS=30
-        export MCFLY_INTERFACE_VIEW=BOTTOM
-        export MCFLY_PROMPT="❯"
-        # fix for networkctl
-        zstyle ':completion:*:complete:networkctl:*' list-grouped true
-        source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
-        source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
-        unsetopt extendedglob
+      interactiveShellInit =
+        ''
+          export MCFLY_KEY_SCHEME=vim
+          export MCFLY_FUZZY=2
+          export MCFLY_DISABLE_MENU=TRUE
+          export MCFLY_RESULTS=30
+          export MCFLY_INTERFACE_VIEW=BOTTOM
+          export MCFLY_PROMPT="❯"
+          # fix for networkctl
+          zstyle ':completion:*:complete:networkctl:*' list-grouped true
+          source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
+          source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
+          unsetopt extendedglob

      
-        function svpn() {
-          unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}')
-          if [ $(systemctl is-active $unit) = "inactive" ]; then
-            systemctl start $unit
-          else
-            systemctl stop $unit
-          fi
-        }
+          function svpn() {
+            unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}')
+            if [ $(systemctl is-active $unit) = "inactive" ]; then
+              systemctl start $unit
+            else
+              systemctl stop $unit
+            fi
+          }

-        prompt_dir() {
-            prompt_segment blue $CURRENT_FG '%c'
-        }
+          prompt_dir() {
+              prompt_segment blue $CURRENT_FG '%c'
+          }

-        switch() {
-          sudo true # ask the password so we can leave during the (sometimes quite long) build process
-          OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s)
-          ${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH
-          sudo ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH
-          sudo $OUT_PATH/bin/switch-to-configuration switch 
-          unlink $OUT_PATH
-        }
+          garbage() {
+            ${pkgs.home-manager}/bin/home-manager expire-generations "-0 days"
+            run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE ${garbage}
+          }

-        garbage() {
-          ${pkgs.home-manager}/bin/home-manager expire-generations "-0 days"
-          sudo nix-collect-garbage -d
-          echo Cleaning up boot entries...
-          sudo /run/current-system/bin/switch-to-configuration boot
-          echo Done
-        }
-
-        sysdiff() {
-          echo System package diff:
-          ${config.nix.package}/bin/nix store diff-closures $(command ls -d /nix/var/nix/profiles/system-* | tail -2)
-        }
-      '';
-    promptInit =
-      ''
-        # if [[ "$(hostname)" == "thinkpad" ]]
-        # then
-        #   cat ${../images/cat.sixel}
-        # fi
-        eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
-        eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
-      '';
-  };
+          sysdiff() {
+            echo System package diff:
+            ${config.nix.package}/bin/nix store diff-closures $(command ls -d /nix/var/nix/profiles/system-* | tail -2)
+          }
+        '';
+      promptInit =
+        ''
+          # if [[ "$(hostname)" == "thinkpad" ]]
+          # then
+          #   cat ${../images/cat.sixel}
+          # fi
+          eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
+          eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
+        '';
+    };
 }