network: rework wpa supplicant

2024-11-15 05:13:10 +01:00 · 2024-08-22 11:39:42 +02:00 · 2024-08-22 11:39:42 +02:00 · 076a7cacfe
parent f8561e3246
commit 076a7cacfe
4 changed files with 90 additions and 85 deletions
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -20,7 +20,6 @@
    "soft-reboot.target"
    "systemd-soft-reboot.service"
  ];
  # Use the systemd-boot EFI boot loader.
  boot = {
    kernelModules = [ "v4l2loopback" ];
@ -107,7 +106,7 @@
  services = {
-    # envfs.enable = true; #usr/bin fixes
+    envfs.enable = true; #usr/bin fixes
    blueman.enable = true; # bluetooth
    devmon.enable = true; # automount stuff
    upower.enable = true;
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -36,7 +36,7 @@
      "2620:fe::9"
    ];
    # allow downgrade since fritzbox at home doesn't support it (yet?)
-    dnssec = "allow-downgrade";
+    # dnssec = "allow-downgrade";
  };
  networking = {
    nftables.enable = true;
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
  age.secrets = {
    tud.file = ../../../../secrets/thinkpad/tud.age;
@ -8,15 +8,12 @@
    };
  };
  networking = {
-    supplicant = rec {
+    supplicant = {
-      enp0s31f6 = {
+      "LAN" = {
        userControlled.enable = true;
        driver = "wired";
        configFile.path = config.age.secrets.dyport-auth.path;
      };
      # ugly way to add more interfaces
      # "enp0s13f0u2u1" = enp0s31f6;
      # "enp0s13f0u3u1" = enp0s31f6;
    };
    wireless.networks = {
      eduroam = {
@ -143,5 +140,9 @@
        LockPersonality = true;
      };
    };
    # fix systemd dependencies for supplicant services
    "supplicant-lan@" = {
      wantedBy = lib.mkForce [ ];
    };
  };
 }
--- a/shared/zsh.nix
+++ b/shared/zsh.nix
@ -1,4 +1,19 @@
 { pkgs, config, lib, ... }:
 let
  switch = pkgs.writeShellScript "switch.sh" ''
    OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s)
    ${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH
    ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH
    $OUT_PATH/bin/switch-to-configuration switch 
    unlink $OUT_PATH
  '';
  garbage = pkgs.writeShellScript "garbage.sh" ''
    nix-collect-garbage -d
    echo Cleaning up boot entries...
    /run/current-system/bin/switch-to-configuration boot
    echo Done
  '';
 in
 {
  programs.command-not-found.enable = false;
  programs.nix-index-database.comma.enable = true;
@ -15,88 +30,78 @@
  programs.fzf = {
    keybindings = true;
  };
-  programs.zsh = {
+  programs.zsh =
-    enable = true;
+    {
    shellAliases = {
      rm = "trash";
      ls = "eza --icons";
      l = "ls -l";
      ll = "ls -la";
      la = "ls -a";
      less = "bat";
      update = "cd /etc/nixos && nix flake update";
      msh = "f() {mosh $1 zsh};f";
    };
    histSize = 100000;
    histFile = "~/.local/share/zsh/history";
    syntaxHighlighting.enable = true;
    autosuggestions = {
      enable = true;
-      highlightStyle = "fg=#00bbbb,bold";
+      shellAliases = {
-    };
+        rm = "trash";
-    shellInit = ''
+        ls = "eza --icons";
-      zsh-newuser-install () {}
+        l = "ls -l";
-    '';
+        ll = "ls -la";
        la = "ls -a";
        less = "bat";
        run0 = "run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE";
        update = "cd /etc/nixos && nix flake update";
        switch = "run0 ${switch}";
      };
      histSize = 100000;
      histFile = "~/.local/share/zsh/history";
      syntaxHighlighting.enable = true;
      autosuggestions = {
        enable = true;
        highlightStyle = "fg=#00bbbb,bold";
      };
      shellInit = ''
        zsh-newuser-install () {}
      '';
-    interactiveShellInit =
+      interactiveShellInit =
-      ''
+        ''
-        export MCFLY_KEY_SCHEME=vim
+          export MCFLY_KEY_SCHEME=vim
-        export MCFLY_FUZZY=2
+          export MCFLY_FUZZY=2
-        export MCFLY_DISABLE_MENU=TRUE
+          export MCFLY_DISABLE_MENU=TRUE
-        export MCFLY_RESULTS=30
+          export MCFLY_RESULTS=30
-        export MCFLY_INTERFACE_VIEW=BOTTOM
+          export MCFLY_INTERFACE_VIEW=BOTTOM
-        export MCFLY_PROMPT="❯"
+          export MCFLY_PROMPT="❯"
-        # fix for networkctl
+          # fix for networkctl
-        zstyle ':completion:*:complete:networkctl:*' list-grouped true
+          zstyle ':completion:*:complete:networkctl:*' list-grouped true
-        source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
+          source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
-        source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
+          source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
-        unsetopt extendedglob
+          unsetopt extendedglob
-        function svpn() {
+          function svpn() {
-          unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}')
+            unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}')
-          if [ $(systemctl is-active $unit) = "inactive" ]; then
+            if [ $(systemctl is-active $unit) = "inactive" ]; then
-            systemctl start $unit
+              systemctl start $unit
-          else
+            else
-            systemctl stop $unit
+              systemctl stop $unit
-          fi
+            fi
-        }
+          }
-        prompt_dir() {
+          prompt_dir() {
-            prompt_segment blue $CURRENT_FG '%c'
+              prompt_segment blue $CURRENT_FG '%c'
-        }
+          }
-        switch() {
+          garbage() {
-          sudo true # ask the password so we can leave during the (sometimes quite long) build process
+            ${pkgs.home-manager}/bin/home-manager expire-generations "-0 days"
-          OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s)
+            run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE ${garbage}
-          ${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH
+          }
          sudo ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH
          sudo $OUT_PATH/bin/switch-to-configuration switch 
          unlink $OUT_PATH
        }
-        garbage() {
+          sysdiff() {
-          ${pkgs.home-manager}/bin/home-manager expire-generations "-0 days"
+            echo System package diff:
-          sudo nix-collect-garbage -d
+            ${config.nix.package}/bin/nix store diff-closures $(command ls -d /nix/var/nix/profiles/system-* | tail -2)
-          echo Cleaning up boot entries...
+          }
-          sudo /run/current-system/bin/switch-to-configuration boot
+        '';
-          echo Done
+      promptInit =
-        }
+        ''
-
+          # if [[ "$(hostname)" == "thinkpad" ]]
-        sysdiff() {
+          # then
-          echo System package diff:
+          #   cat ${../images/cat.sixel}
-          ${config.nix.package}/bin/nix store diff-closures $(command ls -d /nix/var/nix/profiles/system-* | tail -2)
+          # fi
-        }
+          eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
-      '';
+          eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
-    promptInit =
+        '';
-      ''
+    };
        # if [[ "$(hostname)" == "thinkpad" ]]
        # then
        #   cat ${../images/cat.sixel}
        # fi
        eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
        eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
      '';
  };
 }