updates

flake.lock

@@ -37,11 +37,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1733851514,
-        "narHash": "sha256-fQt/HzF+OBC8xLRYeHiYLSEzjrgOLNWhyd102aY2oLU=",
+        "lastModified": 1736445563,
+        "narHash": "sha256-+f1MWPtja+LRlTHJP/i/3yxmnzo2LGtZmxtJJTdAp8o=",
         "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "b059e1d6e7a94bbeabb4e87d47b5f5097fd61823",
+        "rev": "bf5a5bf42189ff5f468f0ff26c9296233a97eb6c",
         "type": "github"
       },
       "original": {
@@ -53,16 +53,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1733849292,
-        "narHash": "sha256-gJYgrRxytoGHkjeEsiKY/tl06D8XOnZZ9SDpK1WSyUw=",
+        "lastModified": 1736440980,
+        "narHash": "sha256-Z3rFFrXrOKaF9NpY/fInsEbzdOWnWqLfEYl7YX9hFEU=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "0edd7531a152910e6bdd4f7d3d0cde3ed5fdd956",
+        "rev": "9d81f0598c7735e2b4616ee865ab896056a67408",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2024.10.5",
+        "ref": "version/2024.12.2",
         "repo": "authentik",
         "type": "github"
       }
@@ -301,11 +301,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735381016,
-        "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=",
+        "lastModified": 1736508663,
+        "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2",
+        "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc",
         "type": "github"
       },
       "original": {
@@ -336,11 +336,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1734945620,
-        "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=",
+        "lastModified": 1736688610,
+        "narHash": "sha256-1Zl9xahw399UiZSJ9Vxs1W4WRFjO1SsNdVZQD4nghz0=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "d000479f4f41390ff7cf9204979660ad5dd16176",
+        "rev": "c64bed13b562fc3bb454b48773d4155023ac31b7",
         "type": "github"
       },
       "original": {
@@ -450,11 +450,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735443188,
-        "narHash": "sha256-AydPpRBh8+NOkrLylG7vTsHrGO2b5L7XkMEL5HlzcA8=",
+        "lastModified": 1736652904,
+        "narHash": "sha256-8uolHABgroXqzs03QdulHp8H9e5kWQZnnhcda1MKbBM=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "55ab1e1df5daf2476e6b826b69a82862dcbd7544",
+        "rev": "271e5bd7c57e1f001693799518b10a02d1123b12",
         "type": "github"
       },
       "original": {
@@ -465,11 +465,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1730200266,
-        "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
+        "lastModified": 1735834308,
+        "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
+        "rev": "6df24922a1400241dae323af55f30e4318a6ca65",
         "type": "github"
       },
       "original": {
@@ -524,11 +524,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1735471104,
-        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
+        "lastModified": 1736701207,
+        "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
+        "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6",
         "type": "github"
       },
       "original": {
@@ -575,11 +575,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1730284601,
-        "narHash": "sha256-eHYcKVLIRRv3J1vjmxurS6HVdGphB53qxUeAkylYrZY=",
+        "lastModified": 1735164664,
+        "narHash": "sha256-DaWy+vo3c4TQ93tfLjUgcpPaSoDw4qV4t76Y3Mhu84I=",
         "owner": "nix-community",
         "repo": "poetry2nix",
-        "rev": "43a898b4d76f7f3f70df77a2cc2d40096bc9d75e",
+        "rev": "1fb01e90771f762655be7e0e805516cd7fa4d58e",
         "type": "github"
       },
       "original": {

hosts/falkenstein/modules/dns/default.nix

@@ -96,11 +96,17 @@ in
       };
     };
   };
-  systemd.services.bind.preStart = ''
-    # copy the file manually to its destination since signing requires a writable directory
-    ${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
-    ${pkgs.coreutils}/bin/chown named:named ${config.services.bind.directory}/rfive.de.zone.txt
-  '';
+  systemd.services.bind-zonefile = {
+    script = ''      
+      # copy the file manually to its destination since signing requires a writable directory
+      ${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
+      ${pkgs.coreutils}/bin/chown named:named ${config.services.bind.directory}/rfive.de.zone.txt
+    '';
+  };
+  systemd.services.bind = {
+    after = [ "bind-zonefile.service" ];
+    requires = [ "bind-zonefile.service" ];
+  };
   networking.firewall.extraInputRules = ''
     ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers"
     ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers"

hosts/thinkpad/default.nix

@@ -31,7 +31,6 @@
     # '';
     tmp.useTmpfs = true;
   };
-  services.lldpd.enable = true;
 
   environment.persistence."/nix/persist/system" = {
     directories = [

hosts/thinkpad/modules/networks/default.nix

@@ -25,7 +25,7 @@
     nmap
     curlFull
     wireguard-tools
-    # etherape
+    etherape
   ];
   services.timesyncd.servers = lib.mkForce [ ];
   services.resolved = {
@@ -187,12 +187,12 @@
     package = pkgs.wireshark-qt;
   };
   programs.wavemon.enable = true;
-  # # users.groups.etherape = { };
-  # security.wrappers.etherape = {
-  #   source = "${pkgs.etherape}/bin/etherape";
-  #   capabilities = "cap_net_raw,cap_net_admin+eip";
-  #   owner = "root";
-  #   group = "etherape";
-  #   permissions = "u+rx,g+x";
-  # };
+  users.groups.etherape = { };
+  security.wrappers.etherape = {
+    source = "${pkgs.etherape}/bin/etherape";
+    capabilities = "cap_net_raw,cap_net_admin+eip";
+    owner = "root";
+    group = "etherape";
+    permissions = "u+rx,g+x";
+  };
 }

overlays/default.nix

@@ -33,4 +33,18 @@ in
   gnome-break-timer = callPackage ../pkgs/gnome-break-timer { };
   jmri = callPackage ../pkgs/jmri { };
   adguardian-term = callPackage ../pkgs/adguardian-term { };
+  python312 = prev.python312.override {
+    packageOverrides = final: prev: {
+      pysaml2 = prev.pysaml2.overridePythonAttrs (orig: {
+        disabledTests =
+          orig.disabledTests
+          ++ [
+            "test_encrypted_response_6"
+            "test_validate_cert_chains"
+            "test_validate_with_root_cert"
+          ];
+      });
+    };
+  };
+  matrix-synapse-unwrapped = prev.matrix-synapse-unwrapped.overridePythonAttrs { doCheck = false; }; # todo skip right tests
 }

users/rouven/modules/helix/default.nix

@@ -49,6 +49,8 @@
         line-number = "relative";
         cursor-shape.insert = "bar";
         completion-trigger-len = 0;
+        end-of-line-diagnostics = "hint";
+        inline-diagnostics.cursor-line = "error";
         lsp = {
           display-messages = true;
           display-inlay-hints = true;

users/rouven/modules/packages.nix

@@ -52,7 +52,7 @@
     hut
     wine
     ansible
-    # ansible-lint
+    ansible-lint
 
     # programming languages
     cargo