From 5d94104678c508fc4295624ace5520c48811abc0 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 28 Jan 2025 21:12:11 +0100
Subject: [PATCH] y

---
 flake.lock                                  |  12 +++----
 hosts/thinkpad/default.nix                  |  36 ++++++++++++++++++--
 hosts/thinkpad/modules/networks/default.nix |   4 +++
 secrets/thinkpad/wireless.age               | Bin 692 -> 710 bytes
 shared/nix.nix                              |   2 ++
 users/rouven/modules/helix/default.nix      |   2 +-
 6 files changed, 47 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index 700345d..42e8093 100644
--- a/flake.lock
+++ b/flake.lock
@@ -277,11 +277,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737762889,
-        "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
+        "lastModified": 1737968762,
+        "narHash": "sha256-xiPARGKwocaMtv+U/rgi+h2g56CZZEmrcl7ldRaslq8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
+        "rev": "e1ae908bcc30af792b0bb0a52e53b03d2577255e",
         "type": "github"
       },
       "original": {
@@ -499,11 +499,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1737746512,
-        "narHash": "sha256-nU6AezEX4EuahTO1YopzueAXfjFfmCHylYEFCagduHU=",
+        "lastModified": 1737885589,
+        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "825479c345a7f806485b7f00dbe3abb50641b083",
+        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
         "type": "github"
       },
       "original": {
diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index 8ac927b..9c68457 100755
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -43,6 +43,8 @@
     ];
     files = [
       "/etc/machine-id"
+      # fix for systemd v257 panicking when /usr is empty
+      "/usr/dummy"
     ];
   };
 
@@ -71,11 +73,23 @@
   #         "${pkgs.openldap}/etc/schema/cosine.ldif"
   #         "${pkgs.openldap}/etc/schema/inetorgperson.ldif"
   #         "${pkgs.openldap}/etc/schema/nis.ldif"
-  #         # "${pkgs.writeText "openssh.schema" ''
+  #         # "${pkgs.writeText "openssh.ldif" ''
+  #         #   dn: cn={4}openssh
+  #         #   objectClass: olcSchemaConfig
+  #         #   cn: {4}openssh
   #         # 	attributetype ( 9999.1.2 NAME 'sshPublicKey'
   #         # 		DESC 'SSH public key used by this user'
   #         # 		SUP name )
   #         # ''}"
+  #         "${pkgs.writeText "openssh.ldif" ''
+  #           dn: cn=openssh,cn=schema,cn=config
+  #           objectClass: olcSchemaConfig
+  #           cn: openssh
+  #           olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
+  #               DESC 'MANDATORY: OpenSSH Public key'
+  #               EQUALITY octetStringMatch
+  #               SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+  #         ''}"
   #       ];
 
   #       "olcDatabase={1}mdb".attrs = {
@@ -88,7 +102,7 @@
 
   #         /* your admin account, do not use writeText on a production system */
   #         olcRootDN = "cn=portunus,dc=ifsr,dc=de";
-  #         olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";
+  #         olcRootPW = "test";
 
   #         olcAccess = [
   #           /* custom access rules for userPassword attributes */
@@ -102,6 +116,24 @@
   #               by * read''
   #         ];
   #       };
+
+  #       "olcOverlay={3}memberof,olcDatabase={1}mdb".attrs = {
+  #         objectClass = [ "olcConfig" "olcOverlayConfig" "olcMemberOf" "top" ];
+  #         olcOverlay = "{3}memberof";
+  #         olcMemberOfRefInt = "TRUE";
+  #         olcMemberOfDangling = "ignore";
+  #         olcMemberOfGroupOC = "groupOfNames";
+  #         olcMemberOfMemberAD = "member";
+  #         olcMemberOfMemberOfAD = "memberOf";
+  #       };
+
+  #       "olcOverlay={4}refint,olcDatabase={1}mdb".attrs = {
+  #         objectClass = [ "olcOverlayConfig" "olcRefintConfig" "top" ];
+  #         olcOverlay = "{4}refint";
+  #         olcRefintAttribute = "memberof member manager owner";
+  #       };
+
+
   #     };
   #   };
   # };
diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix
index f4b7af7..cd2ead1 100644
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@@ -74,6 +74,10 @@
           pskRaw = "ext:PIXEL_PSK";
           authProtocols = [ "WPA-PSK" ];
         };
+        "C3D2" = {
+          pskRaw = "ext:C3D2_PSK";
+          authProtocols = [ "WPA-PSK" ];
+        };
         "WIFI@DB" = {
           authProtocols = [ "NONE" ];
         };
diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age
index d9967a86ee7f69c55460042fd9fc3281a0ce62f3..cb0faba34f7d784ba97dbf91ab30457e07b8e131 100644
GIT binary patch
delta 678
zcmV;X0$KgE1;z!CEPqE*L^e5YbaGNNYjjRHLuE@)c{M9FPDpWDY+71!FElw)Wp;E^
zd3ZNeI0{X1Ye++5H)(EXZf!AbWO*`5Yj<yAP)%xWdQy3DIdX4qZ&+4#L~B<=YYHts
zAaiqQEoEdfH8n9gAVpSsbU9HVc1ACDQcZR*On7=oT1GH8YJXO9bTUviPg++mXi7m;
zQA;x`R#s6-No7@Y3QRP5V`ecpGH6CkMr${Acr!y&QbSctbW(6rYfW)gc~ELNFfemN
zYDZ6J3N0-yATUiebVXz`I8$$VF>+>6cV;&>Sw&VfY(Z^qH*#1xR8UNCZZ=tOQ%^~6
z3fCV0Sr^cQ_<xxSLWOekLpOvPty#rWL;ebc3=ke32XrKWYH9^WrUR947sOg>9xJXI
z(VGin06IdXtNpx|MB$$<WIvRYrBsv8$snsB-T-*K(>~rFqjW*(xoA<-Z47C2fmiM^
z$V(jItBfDLwc6}u-Hej=Ly*#?=<s<4PlE0d1QB#J>whmUs7^aBlo!(fv^0YNhD`b8
z2OA2#O(Jw+{EDGPk*vZA$~yG}#9usFP_XYJpeKJ0N@6FDt?x+;XzoOAqb^vSsgOl1
zx)!(e$Xl(D$FsAj<U3PFagqZ~ha$ax#q5sA*l_1Bw`dAFAU}d<RJQ;UXCb?LMT&5y
z;wyV^gnzfIMkG>s7ap$~Zri`d51^F^X)G63ZcKT(@rZNoCW<Atiy$$9e)`M%42i=f
zj9^Rh^<vzNi#26S+j(l6v|fFZNpD;Wy=1c9pZ=8g1jy%w6q6kNmL28`OeUW$L{|%r
zw%2%S_U%viX4Czfh8WF`A#CCj)+f63%LSq|{~tuVJqFCZzwY>_;{UReIy5zU5l)8e
M-3wY1O24$Jld+f{o&W#<

delta 660
zcmV;F0&D%o1+)c_EPqiec42mST1iD}aBeU-O+`gVX*5H1cSve*X+<zAWN&aWa57bA
zK~i~lI0{mCcv4DiWl&T~W=42PaW;Bsc5QewbxS#BT0~MqSW9_Pd0J^WQFl*mQ3@?S
zAaiqQEoEdfH8n9gAVpSsbU9HVWK3&Gc|ui3XJ}1lN@-><OMf(DcuF%tY)WfcZ&oo^
zcuq7kPe)~UcS1yO3RPKYD^GfHQEzxzZE!d;VsSEYNo`e1L2+6)V{LYMRcl#AZ&XP)
zQ$uZM3N0-yAVX|ZO)_ahOh;LGX>3YiLUm(FHbHhlR%>Q@F>^^tHc&%tT5L3EOm%Hl
z3i%|m2EjVLIe&XWMnRN~w?-KiIbr3Us;K%(o*JT>WXP7YSHow|Tf6iPt>8OXxro0b
z43vOru*J~uiB@a2$D&33*3*t6FKy&N&4H9W!lPW!fBhXE4HmzEJ(W(Bv^<uPDcEg3
z1)ZSpX~Q$(G-ioE&%V1RyX4o0+l#a#Ykb25{itStg@5v%%@j}2U@gg`PhmRZ!2Pg3
zeq57WB)-g=1CPCXvA<z)dmg4RPyyO#EUCx=9J|Z`9Ap)<p-ot<x&>&D;dr`*dDjnI
z4Kq9WaTTphI!c*?IABq{@v29B-xf3CcLQ#yX^gD=RG%>hSj&YZ6)u%&&J*y}<w6;M
zn2+YTPk#=7uxoQ|6;$y>Ft?KeFhJcH$-C_0mc{ucKI%|v>3?91Bm^7W*$Jg!r)G#(
zpkx?^dsI<ZVer7%bIl}<dq%X_m#g`$_Zpv@j!nqcID}J@f#C*Z6e|PjW7y#`{A|%q
uICO>k^kEJj(VN+`UCW4?e5VtIGw6A2r<UL6(hbS|AF(3%oQ*kuFdn5Whah<X

diff --git a/shared/nix.nix b/shared/nix.nix
index f85d054..885d63c 100644
--- a/shared/nix.nix
+++ b/shared/nix.nix
@@ -15,10 +15,12 @@
       substituters = [
         "https://cache.rfive.de"
         "https://cache.ifsr.de"
+        "https://nix-community.cachix.org"
       ];
       trusted-public-keys = [
         "cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw="
         "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       ];
       trusted-users = [
         "@wheel"
diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix
index c4f7814..e027ff8 100644
--- a/users/rouven/modules/helix/default.nix
+++ b/users/rouven/modules/helix/default.nix
@@ -6,7 +6,7 @@
     rust-analyzer
     nil
     nixpkgs-fmt
-    typst-lsp
+    tinymist
     (python3.withPackages (ps: with ps; [
       pyls-isort
       pylsp-mypy