something something cumulative updates

flake.lock

@@ -37,11 +37,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1737810234,
-        "narHash": "sha256-zTS99/ZE8khNnIWFEsF21E6seR9IizGYkY19t6iK7z4=",
+        "lastModified": 1742246110,
+        "narHash": "sha256-bjJDxW3Z3clNIkgwEktWhFSpU9UyftisDfK3XYzdRps=",
         "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "1fa3cbed36fb03d2f6ceab981d083af98b5c7d0f",
+        "rev": "04f5e14643b8b37304966767074fbe0efcadab9f",
         "type": "github"
       },
       "original": {
@@ -53,16 +53,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1736440980,
-        "narHash": "sha256-Z3rFFrXrOKaF9NpY/fInsEbzdOWnWqLfEYl7YX9hFEU=",
+        "lastModified": 1742236492,
+        "narHash": "sha256-Uz7qldS44pxduLcYKf+cCq4WvjoslDR4PwRqivY/4uI=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "9d81f0598c7735e2b4616ee865ab896056a67408",
+        "rev": "3adf79c4939276e108c25c719843b6174e9e22fd",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2024.12.2",
+        "ref": "version/2025.2.2",
         "repo": "authentik",
         "type": "github"
       }
@@ -178,11 +178,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1736143030,
-        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
+        "lastModified": 1738453229,
+        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
+        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
         "type": "github"
       },
       "original": {
@@ -277,11 +277,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737968762,
-        "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=",
+        "lastModified": 1742825959,
+        "narHash": "sha256-wgnQZMrLLQJlZ+htTXzoQtoz9EzL15Z2crH3+OnRmMk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e",
+        "rev": "908e055e157a0b35466faf4125d7e7410ff56160",
         "type": "github"
       },
       "original": {
@@ -425,11 +425,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737861961,
-        "narHash": "sha256-LIRtMvAwLGb8pBoamzgEF67oKlNPz4LuXiRPVZf+TpE=",
+        "lastModified": 1742701275,
+        "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "79b7b8eae3243fc5aa9aad34ba6b9bbb2266f523",
+        "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6",
         "type": "github"
       },
       "original": {
@@ -440,11 +440,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1737632463,
-        "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=",
+        "lastModified": 1740367490,
+        "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9",
+        "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
         "type": "github"
       },
       "original": {
@@ -456,14 +456,14 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1735774519,
-        "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
+        "lastModified": 1738452942,
+        "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
       },
       "original": {
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
       }
     },
     "nixpkgs-lib_2": {
@@ -499,11 +499,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1737885589,
-        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
+        "lastModified": 1742669843,
+        "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
+        "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
         "type": "github"
       },
       "original": {
@@ -550,11 +550,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1736884309,
-        "narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=",
+        "lastModified": 1739883580,
+        "narHash": "sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k=",
         "owner": "nix-community",
         "repo": "poetry2nix",
-        "rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b",
+        "rev": "d90f9db68a4bda31c346be16dfd8d3263be4547e",
         "type": "github"
       },
       "original": {

hosts/falkenstein/modules/dns/default.nix

@@ -43,6 +43,9 @@ let
           nuc = {
             A = [ "141.30.227.6" ];
           };
+          avm = {
+            A = [ "141.30.30.20" ];
+          };
           falkenstein = {
             A = [ "23.88.121.184" ];
             AAAA = [ "2a01:4f8:c012:49de::1" ];

hosts/falkenstein/modules/mail/dovecot2.nix

@@ -7,6 +7,9 @@ in
     993
     4190
   ];
+  environment.systemPackages = [
+    pkgs.dovecot_pigeonhole
+  ];
   services = {
     dovecot2 = {
       enable = true;
@@ -50,9 +53,6 @@ in
           specialUse = "Archive";
         };
       };
-      modules = [
-        pkgs.dovecot_pigeonhole
-      ];
       sieve = {
         # just pot something in here to prevent empty strings
         extensions = [ "notify" ];

hosts/nuc/modules/authentik/default.nix

@@ -6,9 +6,9 @@ in
   age.secrets.authentik-core = {
     file = ../../../../secrets/nuc/authentik/core.age;
   };
-  age.secrets.authentik-ldap = {
-    file = ../../../../secrets/nuc/authentik/ldap.age;
-  };
+  # age.secrets.authentik-ldap = {
+  #   file = ../../../../secrets/nuc/authentik/ldap.age;
+  # };
   services.authentik = {
     enable = true;
     environmentFile = config.age.secrets.authentik-core.path;
@@ -21,10 +21,10 @@ in
     "${domain}.key:/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${domain}/${domain}.key"
   ];
 
-  services.authentik-ldap = {
-    enable = true;
-    environmentFile = config.age.secrets.authentik-ldap.path;
-  };
+  # services.authentik-ldap = {
+  #   enable = true;
+  #   environmentFile = config.age.secrets.authentik-ldap.path;
+  # };
   services.caddy.virtualHosts."${domain}".extraConfig = ''
     reverse_proxy localhost:9000
   '';

hosts/nuc/modules/mautrix-telegram/default.nix

@@ -63,12 +63,12 @@ in
 
   # If we don't explicitly set {a,h}s_token, mautrix-telegram will try to read them from the registrationFile
   # and write them to the settingsFile in /nix/store, which obviously fails.
-  systemd.services.mautrix-telegram.serviceConfig.ExecStart =
-    lib.mkForce (pkgs.writeShellScript "start" ''
-      export MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=$(grep as_token ${registrationFileMautrix} | cut -d' ' -f2-)
-      export MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=$(grep hs_token ${registrationFileMautrix} | cut -d' ' -f2-)
+  # systemd.services.mautrix-telegram.serviceConfig.ExecStart =
+  #   lib.mkForce (pkgs.writeShellScript "start" ''
+  #     export MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=$(grep as_token ${registrationFileMautrix} | cut -d' ' -f2-)
+  #     export MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=$(grep hs_token ${registrationFileMautrix} | cut -d' ' -f2-)
 
-      ${pkgs.mautrix-telegram}/bin/mautrix-telegram --config='${settingsFile}'
-    '');
+  #     ${pkgs.mautrix-telegram}/bin/mautrix-telegram --config='${settingsFile}'
+  #   '');
 }
 

hosts/thinkpad/default.nix

@@ -8,12 +8,17 @@
       ./modules/graphics
       ./modules/greetd
       ./modules/networks
-      ./modules/printing
+      # ./modules/printing
       ./modules/security
       ./modules/sound
       ./modules/virtualisation
     ];
 
+
+  # services.influxdb2 = {
+  #   enable = true;
+  # };
+
   nix.settings.system-features = [ "gccarch-tigerlake" ];
   systemd.additionalUpstreamSystemUnits = [
     "soft-reboot.target"
@@ -147,10 +152,6 @@
     fwupd.enable = true; # firmware updates
     avahi.enable = true;
     btrfs.autoScrub.enable = true;
-    mullvad-vpn = {
-      enable = true;
-      enableExcludeWrapper = false;
-    };
   };
   hardware.bluetooth = {
     enable = true;
@@ -184,4 +185,5 @@
   };
   environment.systemPackages = [ pkgs.man-pages ];
   system.stateVersion = "22.11";
+  # programs.java.enable = true;
 }

hosts/thinkpad/modules/networks/uni.nix

@@ -97,6 +97,10 @@
         authProtocols = [ "WPA-PSK" ];
         extraConfig = "disabled=1";
       };
+      "RoboLab Playground" = {
+        psk = "ext:ROBOLAB_PSK";
+        authProtocols = [ "WPA-PSK" ];
+      };
     };
   };
   systemd.services = {

overlays/default.nix

@@ -2,6 +2,7 @@ _final: prev:
 let
   inherit (prev) callPackage;
   inherit (prev) fetchFromGitHub;
+  inherit (prev) fetchpatch;
 in
 {
 
@@ -15,10 +16,6 @@ in
   ianny = callPackage ../pkgs/ianny { };
 
   tpm2-pkcs11 = prev.tpm2-pkcs11.override { fapiSupport = false; };
-  # imv = prev.imv.override {
-  #   # freeimage is broken
-  #   withBackends = [ "libtiff" "libjpeg" "libpng" "librsvg" "libheif" ];
-  # };
   zsh-fzf-tab = prev.zsh-fzf-tab.overrideAttrs (_: rec {
     version = "1.1.1";
     src = fetchFromGitHub {
@@ -46,5 +43,4 @@ in
       });
     };
   };
-  # matrix-synapse-unwrapped = prev.matrix-synapse-unwrapped.overridePythonAttrs { doCheck = false; }; # todo skip right tests
 }

pkgs/ianny/default.nix

@@ -5,10 +5,10 @@ rustPlatform.buildRustPackage rec {
   src = fetchFromGitHub {
     owner = "zefr0x";
     repo = pname;
-    rev = "370bea372c35610e65426f5a1c45db99584dfb9a";
-    hash = "sha256-oWwRCQSP0g6IJh3cEgD32AIBF/pfN9QGJ9LANjCthMw=";
+    rev = "v2.0.0";
+    hash = "sha256-F8Uc2BsQ5f7yaUXXDhLvyyYKUDAuvP9cCR2h3vblr0g=";
   };
-  cargoHash = "sha256-5/Sb2ds+xfcYFqTF3RObPScDzK4FdBNk8T1Z5YcQgCM=";
+  cargoHash = "sha256-6rcibPoO5EQcT8HGgHge/4wrXyBA9JCk4+aiCFz+kXM=";
   buildInputs = [
     dbus
     ninja

users/rouven/modules/helix/default.nix

@@ -2,7 +2,7 @@
 {
   home.packages = with pkgs; [
     gdb
-    lldb
+    # lldb
     rust-analyzer
     nil
     nixpkgs-fmt

users/rouven/modules/packages.nix

@@ -27,6 +27,7 @@
     # internet
     google-chrome
     liferea
+    openvpn
 
     # messaging
     tdesktop
@@ -40,8 +41,7 @@
 
     # cryptography
     yubikey-manager
-    # python311Packages.pyhanko # broken, TODO fix
-    bitwarden-cli
+    # bitwarden-cli
 
     # misc
     xournalpp
@@ -118,6 +118,7 @@
         "x-scheme-handler/http" = browsers;
         "x-scheme-handler/https" = browsers;
         "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];
+        "x-scheme-handler/tonsite" = [ "org.telegram.desktop.desktop" ];
       };
   };
 }

users/rouven/modules/ssh/default.nix

@@ -8,7 +8,7 @@ in
     package = pkgs.openssh_gssapi;
     compression = true;
     controlMaster = "auto";
-    controlPersist = "10m";
+    controlPersist = "90m";
     extraConfig = ''
       CanonicalizeHostname yes
       CanonicalDomains agdsn.network vpn.rfive.de net.tu-dresden.de

users/rouven/modules/theme/default.nix

@@ -5,6 +5,11 @@
 
   # theme hardcoded to dracula, too lazy to make all this base16
   systemd.user.sessionVariables.GTK_THEME = "Dracula";
+  dconf.settings = {
+    "org/gnome/desktop/interface" = {
+      color-scheme = "prefer-dark";
+    };
+  };
   qt = {
     enable = true;
     platformTheme.name = "gtk";