diff --git a/flake.lock b/flake.lock index b075537..8f9e29e 100644 --- a/flake.lock +++ b/flake.lock @@ -37,11 +37,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1733851514, - "narHash": "sha256-fQt/HzF+OBC8xLRYeHiYLSEzjrgOLNWhyd102aY2oLU=", + "lastModified": 1736445563, + "narHash": "sha256-+f1MWPtja+LRlTHJP/i/3yxmnzo2LGtZmxtJJTdAp8o=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "b059e1d6e7a94bbeabb4e87d47b5f5097fd61823", + "rev": "bf5a5bf42189ff5f468f0ff26c9296233a97eb6c", "type": "github" }, "original": { @@ -53,16 +53,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1733849292, - "narHash": "sha256-gJYgrRxytoGHkjeEsiKY/tl06D8XOnZZ9SDpK1WSyUw=", + "lastModified": 1736440980, + "narHash": "sha256-Z3rFFrXrOKaF9NpY/fInsEbzdOWnWqLfEYl7YX9hFEU=", "owner": "goauthentik", "repo": "authentik", - "rev": "0edd7531a152910e6bdd4f7d3d0cde3ed5fdd956", + "rev": "9d81f0598c7735e2b4616ee865ab896056a67408", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2024.10.5", + "ref": "version/2024.12.2", "repo": "authentik", "type": "github" } @@ -301,11 +301,11 @@ ] }, "locked": { - "lastModified": 1735381016, - "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", + "lastModified": 1736508663, + "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", "owner": "nix-community", "repo": "home-manager", - "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", + "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", "type": "github" }, "original": { @@ -336,11 +336,11 @@ }, "impermanence": { "locked": { - "lastModified": 1734945620, - "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", + "lastModified": 1736688610, + "narHash": "sha256-1Zl9xahw399UiZSJ9Vxs1W4WRFjO1SsNdVZQD4nghz0=", "owner": "nix-community", "repo": "impermanence", - "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", + "rev": "c64bed13b562fc3bb454b48773d4155023ac31b7", "type": "github" }, "original": { @@ -450,11 +450,11 @@ ] }, "locked": { - "lastModified": 1735443188, - "narHash": "sha256-AydPpRBh8+NOkrLylG7vTsHrGO2b5L7XkMEL5HlzcA8=", + "lastModified": 1736652904, + "narHash": "sha256-8uolHABgroXqzs03QdulHp8H9e5kWQZnnhcda1MKbBM=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "55ab1e1df5daf2476e6b826b69a82862dcbd7544", + "rev": "271e5bd7c57e1f001693799518b10a02d1123b12", "type": "github" }, "original": { @@ -465,11 +465,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1735834308, + "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "6df24922a1400241dae323af55f30e4318a6ca65", "type": "github" }, "original": { @@ -524,11 +524,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1735471104, - "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", + "lastModified": 1736701207, + "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", + "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6", "type": "github" }, "original": { @@ -575,11 +575,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1730284601, - "narHash": "sha256-eHYcKVLIRRv3J1vjmxurS6HVdGphB53qxUeAkylYrZY=", + "lastModified": 1735164664, + "narHash": "sha256-DaWy+vo3c4TQ93tfLjUgcpPaSoDw4qV4t76Y3Mhu84I=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "43a898b4d76f7f3f70df77a2cc2d40096bc9d75e", + "rev": "1fb01e90771f762655be7e0e805516cd7fa4d58e", "type": "github" }, "original": { diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix index 208c311..cb11a66 100644 --- a/hosts/falkenstein/modules/dns/default.nix +++ b/hosts/falkenstein/modules/dns/default.nix @@ -96,11 +96,17 @@ in }; }; }; - systemd.services.bind.preStart = '' - # copy the file manually to its destination since signing requires a writable directory - ${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt - ${pkgs.coreutils}/bin/chown named:named ${config.services.bind.directory}/rfive.de.zone.txt - ''; + systemd.services.bind-zonefile = { + script = '' + # copy the file manually to its destination since signing requires a writable directory + ${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt + ${pkgs.coreutils}/bin/chown named:named ${config.services.bind.directory}/rfive.de.zone.txt + ''; + }; + systemd.services.bind = { + after = [ "bind-zonefile.service" ]; + requires = [ "bind-zonefile.service" ]; + }; networking.firewall.extraInputRules = '' ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers" ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers" diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 3d17437..1f60883 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -31,7 +31,6 @@ # ''; tmp.useTmpfs = true; }; - services.lldpd.enable = true; environment.persistence."/nix/persist/system" = { directories = [ diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index d8b31ee..f4b7af7 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -25,7 +25,7 @@ nmap curlFull wireguard-tools - # etherape + etherape ]; services.timesyncd.servers = lib.mkForce [ ]; services.resolved = { @@ -187,12 +187,12 @@ package = pkgs.wireshark-qt; }; programs.wavemon.enable = true; - # # users.groups.etherape = { }; - # security.wrappers.etherape = { - # source = "${pkgs.etherape}/bin/etherape"; - # capabilities = "cap_net_raw,cap_net_admin+eip"; - # owner = "root"; - # group = "etherape"; - # permissions = "u+rx,g+x"; - # }; + users.groups.etherape = { }; + security.wrappers.etherape = { + source = "${pkgs.etherape}/bin/etherape"; + capabilities = "cap_net_raw,cap_net_admin+eip"; + owner = "root"; + group = "etherape"; + permissions = "u+rx,g+x"; + }; } diff --git a/overlays/default.nix b/overlays/default.nix index 1cd7f2b..7f850db 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -33,4 +33,18 @@ in gnome-break-timer = callPackage ../pkgs/gnome-break-timer { }; jmri = callPackage ../pkgs/jmri { }; adguardian-term = callPackage ../pkgs/adguardian-term { }; + python312 = prev.python312.override { + packageOverrides = final: prev: { + pysaml2 = prev.pysaml2.overridePythonAttrs (orig: { + disabledTests = + orig.disabledTests + ++ [ + "test_encrypted_response_6" + "test_validate_cert_chains" + "test_validate_with_root_cert" + ]; + }); + }; + }; + matrix-synapse-unwrapped = prev.matrix-synapse-unwrapped.overridePythonAttrs { doCheck = false; }; # todo skip right tests } diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix index 0c68222..c4f7814 100644 --- a/users/rouven/modules/helix/default.nix +++ b/users/rouven/modules/helix/default.nix @@ -49,6 +49,8 @@ line-number = "relative"; cursor-shape.insert = "bar"; completion-trigger-len = 0; + end-of-line-diagnostics = "hint"; + inline-diagnostics.cursor-line = "error"; lsp = { display-messages = true; display-inlay-hints = true; diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 68786c1..505d04b 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -52,7 +52,7 @@ hut wine ansible - # ansible-lint + ansible-lint # programming languages cargo