From 60586106be2708d0d83d375f79b1549d8b46041a Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Tue, 31 Dec 2024 16:02:29 +0100 Subject: [PATCH] lots of updates --- flake.lock | 44 +++++++++---------- hosts/nuc/default.nix | 8 ++++ hosts/nuc/modules/matrix/default.nix | 4 -- hosts/nuc/modules/monitoring/default.nix | 2 +- hosts/nuc/modules/torrent/default.nix | 1 + hosts/thinkpad/default.nix | 4 +- hosts/thinkpad/modules/networks/default.nix | 19 ++++---- hosts/thinkpad/modules/networks/uni.nix | 2 +- .../modules/virtualisation/default.nix | 6 +-- shared/nix.nix | 5 +++ users/rouven/modules/packages.nix | 2 +- 11 files changed, 55 insertions(+), 42 deletions(-) diff --git a/flake.lock b/flake.lock index d760e15..b075537 100644 --- a/flake.lock +++ b/flake.lock @@ -37,11 +37,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1732215451, - "narHash": "sha256-P2VVlzRGKBNsiHsN1yMZcSMXpwtIx9ysMFZAqKFJ14o=", + "lastModified": 1733851514, + "narHash": "sha256-fQt/HzF+OBC8xLRYeHiYLSEzjrgOLNWhyd102aY2oLU=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "9d9c0a3a94a91cfed654a18239e27cf56970daa4", + "rev": "b059e1d6e7a94bbeabb4e87d47b5f5097fd61823", "type": "github" }, "original": { @@ -53,16 +53,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1732213300, - "narHash": "sha256-4Pv35cnZGiTxe6j2O0F9L9sHzxVIC1SazeAUD5kWeBs=", + "lastModified": 1733849292, + "narHash": "sha256-gJYgrRxytoGHkjeEsiKY/tl06D8XOnZZ9SDpK1WSyUw=", "owner": "goauthentik", "repo": "authentik", - "rev": "527e584699abc93712114b05f70f59c5187caa66", + "rev": "0edd7531a152910e6bdd4f7d3d0cde3ed5fdd956", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2024.10.4", + "ref": "version/2024.10.5", "repo": "authentik", "type": "github" } @@ -134,11 +134,11 @@ ] }, "locked": { - "lastModified": 1726867691, - "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=", + "lastModified": 1733919067, + "narHash": "sha256-ZsL5pKwEDhcZhVJh+3IwgHus7kSW/N8qOlBscwB6BCI=", "owner": "nix-community", "repo": "dns.nix", - "rev": "a3196708a56dee76186a9415c187473b94e6cbae", + "rev": "a23f43f9762aa96d3e35c8eeefa7610bd0cdf456", "type": "github" }, "original": { @@ -301,11 +301,11 @@ ] }, "locked": { - "lastModified": 1733045511, - "narHash": "sha256-n8AldXJRNVMm2UZ6yN0HwVxlARY2Cm/uhdOw76tQ0OI=", + "lastModified": 1735381016, + "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=", "owner": "nix-community", "repo": "home-manager", - "rev": "4964f3c6fc17ae4578e762d3dc86b10fe890860e", + "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2", "type": "github" }, "original": { @@ -336,11 +336,11 @@ }, "impermanence": { "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "lastModified": 1734945620, + "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", "owner": "nix-community", "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", "type": "github" }, "original": { @@ -450,11 +450,11 @@ ] }, "locked": { - "lastModified": 1733024876, - "narHash": "sha256-vy9Q41hBE7Zg0yakF79neVgb3i3PQMSMR7uHPpPywFE=", + "lastModified": 1735443188, + "narHash": "sha256-AydPpRBh8+NOkrLylG7vTsHrGO2b5L7XkMEL5HlzcA8=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "6e0b7f81367069589a480b91603a10bcf71f3103", + "rev": "55ab1e1df5daf2476e6b826b69a82862dcbd7544", "type": "github" }, "original": { @@ -524,11 +524,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1732837521, - "narHash": "sha256-jNRNr49UiuIwaarqijgdTR2qLPifxsVhlJrKzQ8XUIE=", + "lastModified": 1735471104, + "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "970e93b9f82e2a0f3675757eb0bfc73297cc6370", + "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", "type": "github" }, "original": { diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 4af982b..b77564b 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -20,6 +20,14 @@ ]; nix.settings.system-features = [ "gccarch-tigerlake" ]; + nixpkgs.config.permittedInsecurePackages = [ + "aspnetcore-runtime-wrapped-6.0.36" + "aspnetcore-runtime-6.0.36" + "dotnet-sdk-wrapped-6.0.428" + "dotnet-sdk-6.0.428" + "jitsi-meet-1.0.8043" + "olm-3.2.16" + ]; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; diff --git a/hosts/nuc/modules/matrix/default.nix b/hosts/nuc/modules/matrix/default.nix index 99ca51d..4a7745b 100644 --- a/hosts/nuc/modules/matrix/default.nix +++ b/hosts/nuc/modules/matrix/default.nix @@ -16,10 +16,6 @@ in owner = config.systemd.services.matrix-synapse.serviceConfig.User; }; }; - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - "olm-3.2.16" - ]; services = { postgresql = { diff --git a/hosts/nuc/modules/monitoring/default.nix b/hosts/nuc/modules/monitoring/default.nix index aab1cf9..9097c6f 100644 --- a/hosts/nuc/modules/monitoring/default.nix +++ b/hosts/nuc/modules/monitoring/default.nix @@ -64,7 +64,7 @@ in auth_url = "https://auth.rfive.de/application/o/authorize/"; token_url = "https://auth.rfive.de/application/o/token/"; api_url = "https://auth.rfive.de/application/o/userinfo/"; - role_attribute_path = "contains(roles, 'Grafana Admin') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"; + role_attribute_path = "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"; }; diff --git a/hosts/nuc/modules/torrent/default.nix b/hosts/nuc/modules/torrent/default.nix index 0b7c0e0..08b580e 100644 --- a/hosts/nuc/modules/torrent/default.nix +++ b/hosts/nuc/modules/torrent/default.nix @@ -42,6 +42,7 @@ in }; # scripted wireguard since systemd-networkd doesn't support netns yet + networking.wireguard.useNetworkd = false; networking.wireguard.interfaces."wg0-mullvad" = { # Funny Mole privateKeyFile = config.age.secrets.mullvad.path; diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index ef7f22b..3d17437 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -14,7 +14,6 @@ ./modules/virtualisation ]; - nix.settings.system-features = [ "gccarch-tigerlake" ]; systemd.additionalUpstreamSystemUnits = [ "soft-reboot.target" @@ -50,6 +49,9 @@ time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "en_US.UTF-8"; + programs.direnv = { + enable = true; + }; console.keyMap = "dvorak"; diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index c1fbc64..d8b31ee 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -25,7 +25,7 @@ nmap curlFull wireguard-tools - etherape + # etherape ]; services.timesyncd.servers = lib.mkForce [ ]; services.resolved = { @@ -186,12 +186,13 @@ enable = true; package = pkgs.wireshark-qt; }; - users.groups.etherape = { }; - security.wrappers.etherape = { - source = "${pkgs.etherape}/bin/etherape"; - capabilities = "cap_net_raw,cap_net_admin+eip"; - owner = "root"; - group = "etherape"; - permissions = "u+rx,g+x"; - }; + programs.wavemon.enable = true; + # # users.groups.etherape = { }; + # security.wrappers.etherape = { + # source = "${pkgs.etherape}/bin/etherape"; + # capabilities = "cap_net_raw,cap_net_admin+eip"; + # owner = "root"; + # group = "etherape"; + # permissions = "u+rx,g+x"; + # }; } diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 41f4ab8..dfef8f2 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -140,7 +140,7 @@ systemd.services = { openfortivpn-agdsn = { description = "AG DSN Fortinet VPN"; - script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 249db14f96c8ea6174d80a3b964868bfbe8c56bc27bf031bf0afb9aeca8eb978"; + script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 2edda9c8797e09af039bbefeb083a9238c353cbc913210ad8a4f737820c35a91"; requires = [ "network-online.target" ]; after = [ "network.target" "network-online.target" ]; serviceConfig = { diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix index 9a96170..edda2ae 100644 --- a/hosts/thinkpad/modules/virtualisation/default.nix +++ b/hosts/thinkpad/modules/virtualisation/default.nix @@ -13,9 +13,9 @@ qemu = { runAsRoot = false; swtpm.enable = true; - ovmf.packages = [ - (pkgs.OVMF.override ({ tpmSupport = true; secureBoot = true; })).fd - ]; + # ovmf.packages = [ + # (pkgs.OVMF.override ({ tpmSupport = true; secureBoot = true; })).fd + # ]; }; }; spiceUSBRedirection.enable = true; diff --git a/shared/nix.nix b/shared/nix.nix index fe7070a..f85d054 100644 --- a/shared/nix.nix +++ b/shared/nix.nix @@ -8,7 +8,9 @@ nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; distributedBuilds = true; settings = { + extra-platforms = [ "aarch64-linux" ]; auto-optimise-store = true; + system-features = [ "big-parallel" ]; experimental-features = [ "nix-command" "flakes" ]; substituters = [ "https://cache.rfive.de" @@ -18,6 +20,9 @@ "cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw=" "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg=" ]; + trusted-users = [ + "@wheel" + ]; }; # buildMachines = [ # # { diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 505d04b..68786c1 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -52,7 +52,7 @@ hut wine ansible - ansible-lint + # ansible-lint # programming languages cargo