diff --git a/flake.lock b/flake.lock index 42e8093..dabfcbc 100644 --- a/flake.lock +++ b/flake.lock @@ -37,11 +37,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1737810234, - "narHash": "sha256-zTS99/ZE8khNnIWFEsF21E6seR9IizGYkY19t6iK7z4=", + "lastModified": 1742246110, + "narHash": "sha256-bjJDxW3Z3clNIkgwEktWhFSpU9UyftisDfK3XYzdRps=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "1fa3cbed36fb03d2f6ceab981d083af98b5c7d0f", + "rev": "04f5e14643b8b37304966767074fbe0efcadab9f", "type": "github" }, "original": { @@ -53,16 +53,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1736440980, - "narHash": "sha256-Z3rFFrXrOKaF9NpY/fInsEbzdOWnWqLfEYl7YX9hFEU=", + "lastModified": 1742236492, + "narHash": "sha256-Uz7qldS44pxduLcYKf+cCq4WvjoslDR4PwRqivY/4uI=", "owner": "goauthentik", "repo": "authentik", - "rev": "9d81f0598c7735e2b4616ee865ab896056a67408", + "rev": "3adf79c4939276e108c25c719843b6174e9e22fd", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2024.12.2", + "ref": "version/2025.2.2", "repo": "authentik", "type": "github" } @@ -178,11 +178,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1737968762, - "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=", + "lastModified": 1742825959, + "narHash": "sha256-wgnQZMrLLQJlZ+htTXzoQtoz9EzL15Z2crH3+OnRmMk=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e", + "rev": "908e055e157a0b35466faf4125d7e7410ff56160", "type": "github" }, "original": { @@ -425,11 +425,11 @@ ] }, "locked": { - "lastModified": 1737861961, - "narHash": "sha256-LIRtMvAwLGb8pBoamzgEF67oKlNPz4LuXiRPVZf+TpE=", + "lastModified": 1742701275, + "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "79b7b8eae3243fc5aa9aad34ba6b9bbb2266f523", + "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6", "type": "github" }, "original": { @@ -440,11 +440,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737632463, - "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", + "lastModified": 1740367490, + "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", + "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05", "type": "github" }, "original": { @@ -456,14 +456,14 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1735774519, - "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", + "lastModified": 1738452942, + "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" } }, "nixpkgs-lib_2": { @@ -499,11 +499,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1737885589, - "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { @@ -550,11 +550,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1736884309, - "narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=", + "lastModified": 1739883580, + "narHash": "sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b", + "rev": "d90f9db68a4bda31c346be16dfd8d3263be4547e", "type": "github" }, "original": { diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix index 9144e4c..e9dfcda 100644 --- a/hosts/falkenstein/modules/dns/default.nix +++ b/hosts/falkenstein/modules/dns/default.nix @@ -43,6 +43,9 @@ let nuc = { A = [ "141.30.227.6" ]; }; + avm = { + A = [ "141.30.30.20" ]; + }; falkenstein = { A = [ "23.88.121.184" ]; AAAA = [ "2a01:4f8:c012:49de::1" ]; diff --git a/hosts/falkenstein/modules/mail/dovecot2.nix b/hosts/falkenstein/modules/mail/dovecot2.nix index ab2d049..7c75da2 100644 --- a/hosts/falkenstein/modules/mail/dovecot2.nix +++ b/hosts/falkenstein/modules/mail/dovecot2.nix @@ -7,6 +7,9 @@ in 993 4190 ]; + environment.systemPackages = [ + pkgs.dovecot_pigeonhole + ]; services = { dovecot2 = { enable = true; @@ -50,9 +53,6 @@ in specialUse = "Archive"; }; }; - modules = [ - pkgs.dovecot_pigeonhole - ]; sieve = { # just pot something in here to prevent empty strings extensions = [ "notify" ]; diff --git a/hosts/nuc/modules/authentik/default.nix b/hosts/nuc/modules/authentik/default.nix index 5ee7e45..99ed27e 100644 --- a/hosts/nuc/modules/authentik/default.nix +++ b/hosts/nuc/modules/authentik/default.nix @@ -6,9 +6,9 @@ in age.secrets.authentik-core = { file = ../../../../secrets/nuc/authentik/core.age; }; - age.secrets.authentik-ldap = { - file = ../../../../secrets/nuc/authentik/ldap.age; - }; + # age.secrets.authentik-ldap = { + # file = ../../../../secrets/nuc/authentik/ldap.age; + # }; services.authentik = { enable = true; environmentFile = config.age.secrets.authentik-core.path; @@ -21,10 +21,10 @@ in "${domain}.key:/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${domain}/${domain}.key" ]; - services.authentik-ldap = { - enable = true; - environmentFile = config.age.secrets.authentik-ldap.path; - }; + # services.authentik-ldap = { + # enable = true; + # environmentFile = config.age.secrets.authentik-ldap.path; + # }; services.caddy.virtualHosts."${domain}".extraConfig = '' reverse_proxy localhost:9000 ''; diff --git a/hosts/nuc/modules/mautrix-telegram/default.nix b/hosts/nuc/modules/mautrix-telegram/default.nix index b54feae..ed71fdc 100644 --- a/hosts/nuc/modules/mautrix-telegram/default.nix +++ b/hosts/nuc/modules/mautrix-telegram/default.nix @@ -63,12 +63,12 @@ in # If we don't explicitly set {a,h}s_token, mautrix-telegram will try to read them from the registrationFile # and write them to the settingsFile in /nix/store, which obviously fails. - systemd.services.mautrix-telegram.serviceConfig.ExecStart = - lib.mkForce (pkgs.writeShellScript "start" '' - export MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=$(grep as_token ${registrationFileMautrix} | cut -d' ' -f2-) - export MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=$(grep hs_token ${registrationFileMautrix} | cut -d' ' -f2-) + # systemd.services.mautrix-telegram.serviceConfig.ExecStart = + # lib.mkForce (pkgs.writeShellScript "start" '' + # export MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=$(grep as_token ${registrationFileMautrix} | cut -d' ' -f2-) + # export MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=$(grep hs_token ${registrationFileMautrix} | cut -d' ' -f2-) - ${pkgs.mautrix-telegram}/bin/mautrix-telegram --config='${settingsFile}' - ''); + # ${pkgs.mautrix-telegram}/bin/mautrix-telegram --config='${settingsFile}' + # ''); } diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 9c68457..7e25bd6 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -8,12 +8,17 @@ ./modules/graphics ./modules/greetd ./modules/networks - ./modules/printing + # ./modules/printing ./modules/security ./modules/sound ./modules/virtualisation ]; + + # services.influxdb2 = { + # enable = true; + # }; + nix.settings.system-features = [ "gccarch-tigerlake" ]; systemd.additionalUpstreamSystemUnits = [ "soft-reboot.target" @@ -147,10 +152,6 @@ fwupd.enable = true; # firmware updates avahi.enable = true; btrfs.autoScrub.enable = true; - mullvad-vpn = { - enable = true; - enableExcludeWrapper = false; - }; }; hardware.bluetooth = { enable = true; @@ -184,4 +185,5 @@ }; environment.systemPackages = [ pkgs.man-pages ]; system.stateVersion = "22.11"; + # programs.java.enable = true; } diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 09e8989..6a44542 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -97,6 +97,10 @@ authProtocols = [ "WPA-PSK" ]; extraConfig = "disabled=1"; }; + "RoboLab Playground" = { + psk = "ext:ROBOLAB_PSK"; + authProtocols = [ "WPA-PSK" ]; + }; }; }; systemd.services = { diff --git a/overlays/default.nix b/overlays/default.nix index cf1ac6e..3679a03 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -2,6 +2,7 @@ _final: prev: let inherit (prev) callPackage; inherit (prev) fetchFromGitHub; + inherit (prev) fetchpatch; in { @@ -15,10 +16,6 @@ in ianny = callPackage ../pkgs/ianny { }; tpm2-pkcs11 = prev.tpm2-pkcs11.override { fapiSupport = false; }; - # imv = prev.imv.override { - # # freeimage is broken - # withBackends = [ "libtiff" "libjpeg" "libpng" "librsvg" "libheif" ]; - # }; zsh-fzf-tab = prev.zsh-fzf-tab.overrideAttrs (_: rec { version = "1.1.1"; src = fetchFromGitHub { @@ -46,5 +43,4 @@ in }); }; }; - # matrix-synapse-unwrapped = prev.matrix-synapse-unwrapped.overridePythonAttrs { doCheck = false; }; # todo skip right tests } diff --git a/pkgs/ianny/default.nix b/pkgs/ianny/default.nix index 97866c4..6258fd7 100644 --- a/pkgs/ianny/default.nix +++ b/pkgs/ianny/default.nix @@ -5,10 +5,10 @@ rustPlatform.buildRustPackage rec { src = fetchFromGitHub { owner = "zefr0x"; repo = pname; - rev = "370bea372c35610e65426f5a1c45db99584dfb9a"; - hash = "sha256-oWwRCQSP0g6IJh3cEgD32AIBF/pfN9QGJ9LANjCthMw="; + rev = "v2.0.0"; + hash = "sha256-F8Uc2BsQ5f7yaUXXDhLvyyYKUDAuvP9cCR2h3vblr0g="; }; - cargoHash = "sha256-5/Sb2ds+xfcYFqTF3RObPScDzK4FdBNk8T1Z5YcQgCM="; + cargoHash = "sha256-6rcibPoO5EQcT8HGgHge/4wrXyBA9JCk4+aiCFz+kXM="; buildInputs = [ dbus ninja diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age index cb0faba..1b0610c 100644 Binary files a/secrets/thinkpad/wireless.age and b/secrets/thinkpad/wireless.age differ diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix index e027ff8..bc774be 100644 --- a/users/rouven/modules/helix/default.nix +++ b/users/rouven/modules/helix/default.nix @@ -2,7 +2,7 @@ { home.packages = with pkgs; [ gdb - lldb + # lldb rust-analyzer nil nixpkgs-fmt diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 7e1c152..5fc6ae8 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -27,6 +27,7 @@ # internet google-chrome liferea + openvpn # messaging tdesktop @@ -40,8 +41,7 @@ # cryptography yubikey-manager - # python311Packages.pyhanko # broken, TODO fix - bitwarden-cli + # bitwarden-cli # misc xournalpp @@ -118,6 +118,7 @@ "x-scheme-handler/http" = browsers; "x-scheme-handler/https" = browsers; "x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ]; + "x-scheme-handler/tonsite" = [ "org.telegram.desktop.desktop" ]; }; }; } diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix index af2dfe8..d9fd003 100644 --- a/users/rouven/modules/ssh/default.nix +++ b/users/rouven/modules/ssh/default.nix @@ -8,7 +8,7 @@ in package = pkgs.openssh_gssapi; compression = true; controlMaster = "auto"; - controlPersist = "10m"; + controlPersist = "90m"; extraConfig = '' CanonicalizeHostname yes CanonicalDomains agdsn.network vpn.rfive.de net.tu-dresden.de diff --git a/users/rouven/modules/theme/default.nix b/users/rouven/modules/theme/default.nix index 1a2fc02..11e794f 100644 --- a/users/rouven/modules/theme/default.nix +++ b/users/rouven/modules/theme/default.nix @@ -5,6 +5,11 @@ # theme hardcoded to dracula, too lazy to make all this base16 systemd.user.sessionVariables.GTK_THEME = "Dracula"; + dconf.settings = { + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + }; + }; qt = { enable = true; platformTheme.name = "gtk";