From 28526d5db2d36e26f9345259f9111d1d4beb9adb Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Wed, 31 Jul 2024 14:16:33 +0200
Subject: [PATCH] a lot of updates and misc fixes

---
 flake.lock                                  |  81 +++++++++-----------
 flake.nix                                   |   4 +-
 hosts/thinkpad/default.nix                  |  52 +++++++++++++
 hosts/thinkpad/modules/networks/uni.nix     |   6 +-
 hosts/thinkpad/modules/security/default.nix |   8 +-
 hosts/thinkpad/modules/sound/default.nix    |   3 +-
 overlays/default.nix                        |   2 +-
 secrets/thinkpad/agdsn.age                  |  15 ++--
 secrets/thinkpad/wireless.age               | Bin 634 -> 678 bytes
 shared/nix.nix                              |  44 +++++------
 shared/zsh.nix                              |   2 +-
 users/rouven/modules/packages.nix           |   3 +
 12 files changed, 133 insertions(+), 87 deletions(-)

diff --git a/flake.lock b/flake.lock
index d8b6e65..2f96b6b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1718371084,
-        "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
+        "lastModified": 1722339003,
+        "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "3a56735779db467538fb2e577eda28a9daacaca6",
+        "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
         "type": "github"
       },
       "original": {
@@ -38,16 +38,15 @@
         "poetry2nix": "poetry2nix"
       },
       "locked": {
-        "lastModified": 1719402686,
-        "narHash": "sha256-MkHcXybi0aEydeLvLKNtJBa3oOy8oCq1uarrLgQzUCM=",
+        "lastModified": 1720784813,
+        "narHash": "sha256-8/6yU/wbf6lsUFOLisLVADD6QHHmMDUM85c7hPnPBZA=",
         "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "1646cf92cefa0eb6e74f33afe61ae4b2d0d20afe",
+        "rev": "89cfaf2eb197a39d12422e773f867d1a7c99b048",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "node-22",
         "repo": "authentik-nix",
         "type": "github"
       }
@@ -55,16 +54,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1719398211,
-        "narHash": "sha256-d4UsYRqHRNabhh28GZZRijmZ1pd9D/o1a4L4d7Yn39M=",
+        "lastModified": 1720727154,
+        "narHash": "sha256-SMupiJGJbkBn33JP4WLF3IsBdt3SN3JvZg/EYlz443g=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "5afceaa55f4d831db0cf9d80562e86eb43b622ec",
+        "rev": "9075270b01e784d25f2ec08b82e73f1ce3086184",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2024.4.3",
+        "ref": "version/2024.6.1",
         "repo": "authentik",
         "type": "github"
       }
@@ -186,11 +185,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1712014858,
-        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+        "lastModified": 1719745305,
+        "narHash": "sha256-xwgjVUpqSviudEkpQnioeez1Uo2wzrsMaJKJClh+Bls=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+        "rev": "c3c5ecc05edc7dafba779c6c1a61cd08ac6583e9",
         "type": "github"
       },
       "original": {
@@ -300,11 +299,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1720045378,
-        "narHash": "sha256-lmE7B+QXw7lWdBu5GQlUABSpzPk3YBb9VbV+IYK5djk=",
+        "lastModified": 1722407237,
+        "narHash": "sha256-wcpVHUc2nBSSgOM7UJSpcRbyus4duREF31xlzHV5T+A=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0a30138c694ab3b048ac300794c2eb599dc40266",
+        "rev": "58cef3796271aaeabaed98884d4abaab5d9d162d",
         "type": "github"
       },
       "original": {
@@ -387,11 +386,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703102458,
-        "narHash": "sha256-3pOV731qi34Q2G8e2SqjUXqnftuFrbcq+NdagEZXISo=",
+        "lastModified": 1717929455,
+        "narHash": "sha256-BiI5xWygriOJuNISnGAeL0KYxrEMnjgpg+7wDskVBhI=",
         "owner": "nix-community",
         "repo": "napalm",
-        "rev": "edcb26c266ca37c9521f6a97f33234633cbec186",
+        "rev": "e1babff744cd278b56abe8478008b4a9e23036cf",
         "type": "github"
       },
       "original": {
@@ -448,11 +447,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1719832725,
-        "narHash": "sha256-dr8DkeS74KVNTgi8BE0BiUKALb+EKlMIV86G2xPYO64=",
+        "lastModified": 1722136042,
+        "narHash": "sha256-x3FmT4QSyK28itMiR5zfYhUrG5nY+2dv+AIcKfmSp5A=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "2917972ed34ce292309b3a4976286f8b5c08db27",
+        "rev": "c0ca47e8523b578464014961059999d8eddd4aae",
         "type": "github"
       },
       "original": {
@@ -463,11 +462,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1719848872,
-        "narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
+        "lastModified": 1722185531,
+        "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
+        "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
         "type": "github"
       },
       "original": {
@@ -478,20 +477,14 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "dir": "lib",
-        "lastModified": 1711703276,
-        "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
-        "type": "github"
+        "lastModified": 1717284937,
+        "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
       },
       "original": {
-        "dir": "lib",
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
       }
     },
     "nixpkgs-lib_2": {
@@ -560,11 +553,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1715017507,
-        "narHash": "sha256-RN2Vsba56PfX02DunWcZYkMLsipp928h+LVAWMYmbZg=",
+        "lastModified": 1719549552,
+        "narHash": "sha256-efvBV+45uQA6r7aov48H6MhvKp1QUIyIX5gh9oueUzs=",
         "owner": "nix-community",
         "repo": "poetry2nix",
-        "rev": "e6b36523407ae6a7a4dfe29770c30b3a3563b43a",
+        "rev": "4fd045cdb85f2a0173021a4717dc01d92d7ab2b2",
         "type": "github"
       },
       "original": {
@@ -729,11 +722,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714058656,
-        "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
+        "lastModified": 1718522839,
+        "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
+        "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index c3d92c7..e72336b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,7 +3,6 @@
   inputs = {
 
     nixpkgs.url = "nixpkgs/nixos-unstable";
-
     nix-index-database = {
       url = "github:nix-community/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -28,8 +27,7 @@
 
     nix-colors.url = "github:Misterio77/nix-colors";
     authentik = {
-      # branch to fix https://github.com/nix-community/authentik-nix/issues/24
-      url = "github:nix-community/authentik-nix/node-22";
+      url = "github:nix-community/authentik-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index 7d7080d..523a542 100755
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -54,6 +54,58 @@
   console.keyMap = "dvorak";
 
 
+  # services.openldap = {
+  #   enable = true;
+  #   urlList = [ "ldap:///" ];
+  #   settings = {
+  #     attrs = {
+  #       olcLogLevel = "conns config";
+  #     };
+  #     children = {
+  #       "cn=schema".includes = [
+  #         "${pkgs.openldap}/etc/schema/core.ldif"
+  #         # attributetype ( 9999.1.1 NAME 'isMemberOf'
+  #         # DESC 'back-reference to groups this user is a member of'
+  #         # SUP distinguishedName )
+  #         "${pkgs.openldap}/etc/schema/cosine.ldif"
+  #         "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
+  #         "${pkgs.openldap}/etc/schema/nis.ldif"
+  #         # "${pkgs.writeText "openssh.schema" ''
+  #         # 	attributetype ( 9999.1.2 NAME 'sshPublicKey'
+  #         # 		DESC 'SSH public key used by this user'
+  #         # 		SUP name )
+  #         # ''}"
+  #       ];
+
+  #       "olcDatabase={1}mdb".attrs = {
+  #         objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
+
+  #         olcDatabase = "{1}mdb";
+  #         olcDbDirectory = "/var/lib/openldap/data";
+
+  #         olcSuffix = "dc=ifsr,dc=de";
+
+  #         /* your admin account, do not use writeText on a production system */
+  #         olcRootDN = "cn=portunus,dc=ifsr,dc=de";
+  #         olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";
+
+  #         olcAccess = [
+  #           /* custom access rules for userPassword attributes */
+  #           ''{0}to attrs=userPassword
+  #               by self write
+  #               by anonymous auth
+  #               by * none''
+
+  #           /* allow read on anything else */
+  #           ''{1}to *
+  #               by * read''
+  #         ];
+  #       };
+  #     };
+  #   };
+  # };
+
+
   services = {
     blueman.enable = true; # bluetooth
     devmon.enable = true; # automount stuff
diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix
index 086e477..68f9af6 100644
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@@ -57,6 +57,10 @@
         '';
         authProtocols = [ "WPA-EAP" ];
       };
+      agdsn_fritzbox = {
+        psk = "@AGDSN_FRITZBOX_PSK@";
+        authProtocols = [ "WPA-PSK" ];
+      };
       FSR = {
         psk = "@FSR_PSK@";
         authProtocols = [ "WPA-PSK" ];
@@ -91,7 +95,7 @@
   systemd.services = {
     openfortivpn-agdsn = {
       description = "AG DSN Fortinet VPN";
-      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password)";
+      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert f49ac8a174c758737c3e27d93bc2f5de37e634e2f04029a85bdb629c0ebeed31";
       requires = [ "network-online.target" ];
       after = [ "network.target" "network-online.target" ];
       serviceConfig = {
diff --git a/hosts/thinkpad/modules/security/default.nix b/hosts/thinkpad/modules/security/default.nix
index f67a81f..3812ff2 100644
--- a/hosts/thinkpad/modules/security/default.nix
+++ b/hosts/thinkpad/modules/security/default.nix
@@ -14,10 +14,10 @@
     pam = {
       u2f = {
         enable = true;
-      };
-      services = {
-        login.u2fAuth = true;
-        sudo.u2fAuth = true;
+        cue = true;
+        # settings = {
+        #   cue = true;
+        # };
       };
     };
     krb5 = {
diff --git a/hosts/thinkpad/modules/sound/default.nix b/hosts/thinkpad/modules/sound/default.nix
index d70ffeb..43fd7ec 100644
--- a/hosts/thinkpad/modules/sound/default.nix
+++ b/hosts/thinkpad/modules/sound/default.nix
@@ -1,6 +1,5 @@
 { pkgs, ... }:
 {
-  sound.enable = true;
   services.pipewire = {
     enable = true;
     alsa.enable = true;
@@ -9,7 +8,7 @@
   };
   environment.systemPackages = with pkgs; [
     helvum
-    easyeffects
+    # easyeffects
     pavucontrol
   ];
 }
diff --git a/overlays/default.nix b/overlays/default.nix
index 571d99c..8f8c7ad 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -83,7 +83,7 @@ in
       gunicorn
       markdown
       bleach
-      python-ldap
+      # python-ldap
       pyopenssl
       (buildPythonPackage rec {
         pname = "djangosaml2";
diff --git a/secrets/thinkpad/agdsn.age b/secrets/thinkpad/agdsn.age
index d1ad2e5..a48d392 100644
--- a/secrets/thinkpad/agdsn.age
+++ b/secrets/thinkpad/agdsn.age
@@ -1,10 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 uWbAHQ EGfkKwo45AWNHNFi67C9S4qBuk7/vUcux6p9zwV9nxM
-JdpzKDYUdDyzCUsaNnWxBf3HCFoPOgPT02/gcG7gtyc
--> ssh-ed25519 EVzt9Q IE+sr7AE1LaPwej6vo1N6i6cSda0hetTiEfJtaodPh0
-ttrgi/C8BIcV20D9tF3rd8TcByzczbqo4Ez4qbpgQ5A
--> e-grease <e(L>-d 5#8HBk F~8O<n
-LlHHkS6QsTkMnd7x18sJfXPNSpJBA1567JFZx2Ok58um4zR/EAZ7U9YHQ6jFB13X
-Ud938yc5aCceAqKwOS3edHlf6vqUVYVYg1ogQWZnvcA
---- y6f7wlWYcpgK30XLjVS/lruIwAONt4wECDEd9spBn2A
-��,SA�f�����;GH͆Y��\�TAŪ�	�N���Ov�ciZ
drޖD̛�8xs��
\ No newline at end of file
+-> ssh-ed25519 uWbAHQ XEUSI/RYeut/hSIYv4TB2PBA6VHhaNZdtVr1N1XAvmc
+M47o4tHJG5d62pYYJQDQ8BHUbFWMkePQXOL9oWbXISU
+-> ssh-ed25519 EVzt9Q fXvnKAFWGxu11gpi7i30PMXNc7j8FDsPWW8YBsm4xRk
+yYjzx8C649/Oe5TQUP0VFFH2RTQELClIjUhJd+BPxhw
+--- aEgkJpsat4NAA+Xv45CLbYsdWQUVJNestqmRXuANayY
+�"�8�y�UT��fX���pRz/��A�I&7�٨X��'ޥ9s�è8X�«k"o�Z�ILh����t�
\ No newline at end of file
diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age
index b21cdfbace1f8b41055e05b45ffc4bdc9999701a..3ef23f0fc17b675d3cc6f5a04c95d75255819994 100644
GIT binary patch
delta 645
zcmV;00($-W1f~U$EPr`5HFGd9H8L+xFjaL@RWxoZNJ>t4X*OtCQg2Cgd3G^UZE$m8
zNHk1SV+v$4M{Y=VQbtTMG(uWdL~dv?Fk^3LHfJzuPH}WKRCQ!*Vp>isHfdsbYYHts
zAaiqQEoEdfH8n9gAVpSsbU9HVQd&=1bWw0OO<7@ONmV&?IDb`eNmfxYV^?=eT1QJx
zQ%q1oWpi?KP+3B63Ufwoay3ItRZd25ZbMQ}axrZ|OgU0YR5WaANi}41crSNiQ({&#
zct|--3N0-yAVxB3H8WFVHdtmcMsPNDPijRlW=>I4S5t2^Vp2A4b3#}_Su|5~Mk{k~
z3N_V9G%oRcSAS{OAl)@8F~4J7yscIb@Y@>S)X{QX|B;-7x&vowaFLAO=Eqs%DCkKI
zmAsYAh9XNpu~{by+Ov`m4N|W)t-^WTbm)9r;**-$PEJelZ%P?regFJE^=jh)wkARl
zg~`v*Z+QT{NG}0+V8uI~Ym|>RNdsh@itG7t*7Q@sD1UU+SKjY3q=u}flYLmc>0n#P
z#A+TnTC{8lG&0oLNNU!||D%hD{btUB&4Dv$o@rZl3>rsEF^H~DVvV+eaWtrle(&&`
zK7?lE?o!Lwi=xhb!Q2ktgTi=^Ba^GW7wQ#QNLAL85G=$?d$`H<ze?~x;cGlH@|<_L
zxAl&=*?u8LVK2Yx(+?i|oTbHqBF~dC-F|`43*<m`3ChM%z;-B+ihu@lWNm?$3_*|)
zKt{i@7zr=V#<+D#n6%`U43H0Py(%ghRab%cN*jb81kd1E;30IKwI6ahX|htm@r-l~
f9ezZF1?8?)IhL2plr)#mi4f*#e&|C>AFj$tT(lLF

delta 601
zcmV-f0;c_@1^NV#EPrxTOGrUaT6RH8Sa4%@SxQiGGAmSbZ&X5TW@J%hR5dhVbZ~f8
za%^mFQ3_T#PgPS{MOtucHe^g~ax_*@D@;~NcPlnFI7UWzWmQ&bP%=zaSTsj8X9_Jo
zAaiqQEoEdfH8n9gAVpSsbU9HVOIma?Rb*OLNo`DJOEzhGMt^!XMmI+{O>{CfW^PGv
zOK(GPMK)McGeUY*3TIPoSaVBhSxZ@AX?Jj1T1Zt-P()&QL3TDnOj%}hS6Ne3O+s=;
zId@P&3N0-yAZ>YZGb?d3FLf|!NLDpvc|%Y&S~X2hZA4>rPEt5lGc`FYMs8{{D`Zhw
z3J2@JS>6gog@0y`@3<we*pytbPqMUy5PNj}c)z=78~dYg9ZZ`5hI#&dE=;j%6tUq#
z(2`8y2RW7sfHnS#fqxpCt*5Z3T8$oEO!_lLFnB|#1zhR>HsGP5M*@U2OkU}59(zk0
zO`G@a{|N|H^%^#s2hdCbw0md!#O6u|Q;}`8I9V-1IDf_q&OJBMW2Bg->$zrFP}ofi
z-1n2wuy%xfezH&uJ7H%sc<evcdPL0V)Z=@nRs1verCy%5k;v~*NR`M5{{TD^-6$0<
z;FgJZ@a!xF9Y*b2?ieP>gDBTHK8eJioFmbGe#5lQ6kkQw@&2vjIsK(L7f(>!lo7**
zoNk2urcy<dygBb<vK*5yhp5E?wbjNxB2zXcUM2h9?60r0uQeSZGzmR8`D!eh0KOsd
nUoZK#e&v`0XuCMBswX-4`~v3@7rI5??h(zoUH!|lIoiLe)6f2?

diff --git a/shared/nix.nix b/shared/nix.nix
index 28ab055..4a69065 100644
--- a/shared/nix.nix
+++ b/shared/nix.nix
@@ -19,27 +19,27 @@
         "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg="
       ];
     };
-    buildMachines = [
-      # {
-      #   hostName = "quitte.ifsr.de";
-      #   sshUser = "rouven.seifert";
-      #   system = "x86_64-linux";
-      #   protocol = "ssh-ng";
-      #   supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-      #   maxJobs = 4;
-      #   speedFactor = 10;
-      # }
-      {
-        hostName = "fujitsu.vpn.rfive.de";
-        system = "x86_64-linux";
-        protocol = "ssh-ng";
-        supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-        maxJobs = 4;
-        speedFactor = 5;
-      }
-    ];
-    extraOptions = ''
-      builders-use-substitutes = true
-    '';
+    # buildMachines = [
+    #   # {
+    #   #   hostName = "quitte.ifsr.de";
+    #   #   sshUser = "rouven.seifert";
+    #   #   system = "x86_64-linux";
+    #   #   protocol = "ssh-ng";
+    #   #   supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+    #   #   maxJobs = 4;
+    #   #   speedFactor = 10;
+    #   # }
+    #   {
+    #     hostName = "fujitsu.vpn.rfive.de";
+    #     system = "x86_64-linux";
+    #     protocol = "ssh-ng";
+    #     supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+    #     maxJobs = 4;
+    #     speedFactor = 5;
+    #   }
+    # ];
+    # extraOptions = ''
+    #   builders-use-substitutes = true
+    # '';
   };
 }
diff --git a/shared/zsh.nix b/shared/zsh.nix
index d62b914..69530b7 100644
--- a/shared/zsh.nix
+++ b/shared/zsh.nix
@@ -92,7 +92,7 @@
       ''
         # if [[ "$(hostname)" == "thinkpad" ]]
         # then
-          # cat ${../images/cat.sixel}
+        #   cat ${../images/cat.sixel}
         # fi
         eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
         eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix
index 3fd950a..45756ff 100644
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@@ -19,6 +19,7 @@
     ffmpeg
     jellyfin-media-player
     imv
+    drawio
 
     # bluetooth
     blueman
@@ -29,6 +30,7 @@
 
     # messaging
     tdesktop
+    profanity
 
     # games
     prismlauncher
@@ -47,6 +49,7 @@
     typst
     hut
     wine
+    ansible
 
     # programming languages
     cargo