remove helix flake, add openwrt to router

2024-11-15 05:13:10 +01:00 · 2023-10-13 00:28:39 +02:00 · 2023-10-13 00:28:39 +02:00 · 2bacb74cc1
parent af80cf73db
commit 2bacb74cc1
8 changed files with 47 additions and 40 deletions
--- a/flake.lock
+++ b/flake.lock
@ -171,11 +171,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1696737557,
-        "narHash": "sha256-YD/pjDjj/BNmisEvRdM/vspkCU3xyyeGVAUWhvVSi5Y=",
+        "lastModified": 1696940889,
+        "narHash": "sha256-p2Wic74A1tZpFcld1wSEbFQQbrZ/tPDuLieCnspamQo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "3c1d8758ac3f55ab96dcaf4d271c39da4b6e836d",
+        "rev": "6bba64781e4b7c1f91a733583defbd3e46b49408",
        "type": "github"
      },
      "original": {
@ -287,11 +287,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1696614066,
-        "narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=",
+        "lastModified": 1697100850,
+        "narHash": "sha256-qSAzJVzNRIo+r3kBjL8TcpJctcgcHlnZyqdzpWgtg0M=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0",
+        "rev": "fb6af288f6cf0f00d3af60cf9d5110433b954565",
        "type": "github"
      },
      "original": {
@ -301,11 +301,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1696604326,
-        "narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
+        "lastModified": 1696879762,
+        "narHash": "sha256-Ud6bH4DMcYHUDKavNMxAhcIpDGgHMyL/yaDEAVSImQY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
+        "rev": "f99e5f03cc0aa231ab5950a15ed02afec45ed51a",
        "type": "github"
      },
      "original": {
@ -481,11 +481,11 @@
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
-        "lastModified": 1696734395,
-        "narHash": "sha256-O/g/wwBqqSS7RQ53bE6Ssf0pXVTCYfN7NnJDhKfggQY=",
+        "lastModified": 1697064251,
+        "narHash": "sha256-xxp2sB+4vqB6S6zC/L5J8LlRKgVbgIZOcYl9/TDrEzI=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "d7380c38d407eaf06d111832f4368ba3486b800e",
+        "rev": "f995ea159252a53b25fa99824f2891e3b479d511",
        "type": "github"
      },
      "original": {
--- a/hosts/falkenstein-1/default.nix
+++ b/hosts/falkenstein-1/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, helix, ... }:
+{ config, pkgs, ... }:
 {
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  imports =
@ -36,7 +36,7 @@
    vim
    wget
    htop-vim
-    helix.packages.x86_64-linux.default
+    helix
    lsof
    python3
  ];
--- a/hosts/iso/default.nix
+++ b/hosts/iso/default.nix
@ -1,4 +1,4 @@
-{ pkgs, config, modulesPath, ... }:
+{ lib, pkgs, config, modulesPath, ... }:
 {
  imports = [
    "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
@ -16,6 +16,7 @@

  # in case we need to rescue a zfs machine
  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+  boot.swraid.enable = lib.mkForce false;


 }
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, helix, ... }:
+{ config, pkgs, lib, ... }:
 {
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  imports =
@ -56,7 +56,7 @@
    vim
    wget
    htop-vim
-    helix.packages.x86_64-linux.default
+    helix
    lsof
    btdu
  ];
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -39,12 +39,10 @@
      experimental-features = [ "nix-command" "flakes" ];
      auto-optimise-store = true;
      substituters = [
-        "https://helix.cachix.org"
        "ssh://nuc.lan"
      ];
      trusted-public-keys = [
        "nuc.lan:a9UkVw3AizAKCER1CfNGhx8UOMF4t4UGE3GJ9dmHwJc="
-        "helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
      ];
    };
    # distributedBuilds = true;
@ -131,10 +129,6 @@
  sound.enable = true;
  #hardware.pulseaudio.enable = true;
  hardware.bluetooth.enable = true;
-  # hardware.opentabletdriver = {
-  #   enable = true;
-  #   daemon.enable = true;
-  # };

  security = {
    polkit.enable = true;
@ -236,8 +230,12 @@
    sbctl

    deploy-rs
+    man-pages
+    man-pages-posix
  ];
  programs.java.enable = true;
+  documentation.dev.enable = true;
+

  system.stateVersion = "22.11";
 }
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -39,7 +39,7 @@
        };
        "@DORM_SSID@" = {
          psk = "@DORM_PSK@";
-          authProtocols = [ "WPA-PSK" ];
+          authProtocols = [ "SAE" ];
        };
        "@PIXEL_SSID@" = {
          psk = "@PIXEL_PSK@";
@ -50,6 +50,7 @@
  };
  systemd.network = {
    enable = true;
+    wait-online.anyInterface = true;
    networks."10-loopback" = {
      matchConfig.Name = "lo";
      linkConfig.RequiredForOnline = false;
@ -114,10 +115,11 @@
      wireguardPeers = [
        {
          wireguardPeerConfig = {
-            PublicKey = "vUmworuJFHjB4KUdkucQ+nzqO2ysARLomq4UuK1n430=";
+            PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ=";
            PresharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path;
-            Endpoint = "dorm.vpn.rfive.de:51820";
-            AllowedIPs = "10.10.10.0/24, 192.168.10.0/24"; # seems to be broken, has no effect on routes
+            Endpoint = "141.30.227.6:51820";
+            # Endpoint = "dorm.vpn.rfive.de:51820";
+            AllowedIPs = "192.168.2.0/24, 192.168.1.0/24";
          };
        }
      ];
@ -125,18 +127,19 @@
    networks."30-dorm" = {
      matchConfig.Name = "dorm";
      networkConfig = {
-        DNS = "192.168.10.1";
+        DNS = "192.168.1.1";
      };
      addresses = [
        {
          addressConfig = {
-            Address = "10.10.10.3/24";
+            Address = "192.168.2.3/24";
            RouteMetric = 30;
          };
        }
      ];
      routes = [
-        { routeConfig = { Gateway = "0.0.0.0"; Destination = "192.168.10.0/24"; Metric = 30; }; }
+        # allowedIPs is somewhat broken
+        { routeConfig = { Gateway = "0.0.0.0"; Destination = "192.168.1.0/24"; Metric = 30; }; }
      ];
    };
  };
--- a/secrets/thinkpad.yaml
+++ b/secrets/thinkpad.yaml
@ -3,8 +3,8 @@ uni:
    zih: ENC[AES256_GCM,data:KoiT/w5SsUEFAC5beCs3R5o=,iv:qQRZfdtbiAIWUAkdgrpdR8AWDdedn9yl9NcRm0ymE2A=,tag:uyhy5n40PgsWuaEofJjmog==,type:str]
 wireguard:
    dorm:
-        private: ENC[AES256_GCM,data:l2SEIEoljGLrEDWEVdfJiVdLafyAmlR4wKzKtz/xsLL6kEGveK/dgsDvjiU=,iv:5YktJB0g/2Agd+0+synPjZUsxxa5JPorFn975Vr/PF4=,tag:c6CmppUVMcjrip4YraBurQ==,type:str]
-        preshared: ENC[AES256_GCM,data:sb6vHcYO6c+m2jegangICr3v2toTFdSwt/rgCKD7q4UB/qR8U5CaAEjQdXY=,iv:QwQbNxx4+xTL14ID10bS7HWxKWzkoMSV6wHu8qytbEU=,tag:ozsK2gqayY56uOTGZtCNqQ==,type:str]
+        private: ENC[AES256_GCM,data:qZ8HCTv14z3+2AL1dHLd60MVUsUV458QdQteZJYQLVC1KMlzGe7KbgM1U8c=,iv:HMGxB4l7D/PL5Xt8A6jKIejJRL0QZF3x3eb2BtttXWM=,tag:KDyQWfk2EO5AR997JKdW+Q==,type:str]
+        preshared: ENC[AES256_GCM,data:5nEsJczcv6yl/0vQQYruv/di+qzrPNX4iAqZ/khXBZTh+095QNv5iStG7e0=,iv:pJof85k/bXuD04VvpSyn75uzvibGJ5h4HZOMta24FBk=,tag:YZ5SsLgkqaHLVU8tgvvhTw==,type:str]
 borg:
    passphrase: ENC[AES256_GCM,data:jhn7XwzEai+MISQpMnUDre6nJg6Gtx7B,iv:B7CDuHICxcnQJCY5fECTyAeSqh2YEmVqiCrzklmCF8w=,tag:DdtVluSE9ot2BiYtq0eUNg==,type:str]
    key: ENC[AES256_GCM,data:rce8JHkx8JU83MJKYkMG9ylv1FdIbwSbKzD4JXxU+BEsHMGIHmqy95OASYasKRFJ8VjXiMoJbz2BtS6A5xcBbAKqrHx+ejgQ1qA70x7HFBMebRkBHZYP8n5p4zb2a+wD4pBKCHP2U3qq7A6ywU/2eVwNUPIqrJpTZ4VDxXZGpiz1KhDc60ryqzBZHZHX5QBLLQX+YWkNKd2P25+bZ1ub16VVGVUKA2VNK9prkD4vEtCbVZl/HjjS08bBwUzCvDxGRyqFPB6wtdE+L5tn5hY3/9A2lq0fisjo9tf6+XC8uH2gjgNjE+kzBqBLBk+974OI9BGRrx5mjIhSrx9HVDN/p10vAF7nuQeInIdH5P6vTfu5mEmwF8h6VoJ9UwDeuz82m+XwfvCRVSZh+nV5c7hMYEF255gEOt146BMXkJf2tKE+dBb2J/zr7zI5zHm9PcaDN5/Y57XCdDww2DQzxSCpleXcJhJl4xw3SXRNyZsnhD62INPzlF/ZSroj6QhDFJhDhLWcK7dGlQWgR6YbEiY0iJPNjAB/MeCv6jodyj6xlLBCcwEp8RA+dVIJxDVElFRTSAdmW0b/co3BeyEnjF1k8lExkUpyoVC1qWxanytlVM2lPy9//6iocQcniAFSQBMi9U89BRONMuopFZMGRc3/uEqnvoBq2GHVgj2xtc7R9fLyAOXw8jG+mT06XBNtrVWbjkY3Wl1A6n/rZ2y4No2rISm1PwQidPpNaiUYZJyccB7PZKY4F/E49n3jV3fmg2l/D33PRl347MhRg4Ae6itWc4uzU8/D3xU1LWe9W4AUTHYflpzlQ+xbLNCC4f3NQMbkxNDsks1MePuBW15erUaahsdkcoeqL7D/ry7NtOb1vk5cS181/IVL1F2MFGa/7Jk3b9RpvIByF9qIbR+I2noaSymPfTGDXHkC5urfUSMojzOxzm5dayBGuvHMkoCjfyIv47ZqyYegW1fM/DPn/bo+ck84zYQuj3zJY5ph/A3g7KcwVYNWRs7XQtSYyKm9Ytf2TKBaZBdIlqq2RJIQ0iHiN5W1OCRgKPEk6u9HvxTte7tqTLiV+aJ8vy9235Q=,iv:vRfpAtZoOAfTFLHdLYSUzftX1OaEr5cdm6L4FOKuFUE=,tag:TRpS0iMdU8wIFIBSkLtyJA==,type:str]
@ -23,8 +23,8 @@ sops:
            YW1scVZDOUFaNUJ4UkFNT2U4eFh6VGsKfv6BaEvr0ibn1cSqE9GeUe4BrYwY9RTB
            PNnqxnwBX01rCitKFfpNe1rBHazp+DDh9Dw2N+m/hH6gXvu7LjcwGQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-30T13:44:51Z"
-    mac: ENC[AES256_GCM,data:kddokPxPpClyToDm6a3Iu0UfTFxqN2oRsGYLBgzW3iuScz0NpOJXYfHyOXmzTLyj7LSFr4xuE86/KsaWeGxse8CCqnbnbsj2Ok7nEjWqT26L7fUDklBkTb3EZQqgz1v+rl35mlto+GfsA5kskwwUOiQGuwxqWPZTznf3WqWq6pI=,iv:8qaKsXRh9O57zeWVJQqW4m4U6OgRjMaEQKclnt8jrIQ=,tag:rrC1JqCZH8br3hYlxBCRYA==,type:str]
+    lastmodified: "2023-10-12T14:52:25Z"
+    mac: ENC[AES256_GCM,data:qhbViFDE+ULCCjRs1axPoVlywU5FgU9rV1dPoG4AxWyEPj33SX0fBFai3u8HTLzDYHmTcyjVwvACxT7DljCZXXVr4SZTFGoFARORMeBltu3GxLZkX0F/h1kb99CTHcRaUeKlDymtHikPfLBxce1gndHGTt8T+n5awS+sBODUbKE=,iv:Xpu6PUF8Rtkgh3uv/iy/KbSUlC47eL3esbl6UW+dq+o=,tag:FZu+h0Uq1WQIcTLyOmiGEg==,type:str]
    pgp:
        - created_at: "2023-08-02T14:13:52Z"
          enc: |-
@ -47,4 +47,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09
    unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.8.0
--- a/users/rouven/modules/ssh/default.nix
+++ b/users/rouven/modules/ssh/default.nix
@ -49,12 +49,21 @@ in
          RemoteCommand = "zsh -i";
        };
      };
+      "quitte-notty" = {
+        hostname = "quitte.ifsr.de";
+        user = "root";
+      };
      "tomate" = {
        hostname = "tomate.ifsr.de";
        user = "root";
      };
      "nuc" = {
-        hostname = "192.168.10.2";
+        hostname = "192.168.1.2";
+        user = "root";
+      };
+      "router" = matchBlocks."cudy";
+      "cudy" = {
+        hostname = "192.168.1.1";
        user = "root";
      };
      "git@raspi" = {
@ -65,10 +74,6 @@ in
        match = "Host ifsr.de User git";
        identityFile = git;
      };
-      "git@staging.ifsr.de" = {
-        match = "Host staging.ifsr.de User git";
-        identityFile = git;
-      };
    };
    extraConfig = ''
      PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so