lots of updates

hosts/nuc/default.nix

@@ -20,6 +20,14 @@
     ];
 
   nix.settings.system-features = [ "gccarch-tigerlake" ];
+  nixpkgs.config.permittedInsecurePackages = [
+    "aspnetcore-runtime-wrapped-6.0.36"
+    "aspnetcore-runtime-6.0.36"
+    "dotnet-sdk-wrapped-6.0.428"
+    "dotnet-sdk-6.0.428"
+    "jitsi-meet-1.0.8043"
+    "olm-3.2.16"
+  ];
   boot = {
     loader.systemd-boot.enable = true;
     loader.efi.canTouchEfiVariables = true;

hosts/nuc/modules/matrix/default.nix

@@ -16,10 +16,6 @@ in
       owner = config.systemd.services.matrix-synapse.serviceConfig.User;
     };
   };
-  nixpkgs.config.permittedInsecurePackages = [
-    "jitsi-meet-1.0.8043"
-    "olm-3.2.16"
-  ];
 
   services = {
     postgresql = {

hosts/nuc/modules/monitoring/default.nix

@@ -64,7 +64,7 @@ in
         auth_url = "https://auth.rfive.de/application/o/authorize/";
         token_url = "https://auth.rfive.de/application/o/token/";
         api_url = "https://auth.rfive.de/application/o/userinfo/";
-        role_attribute_path = "contains(roles, 'Grafana Admin') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'";
+        role_attribute_path = "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'";
 
       };
 

hosts/nuc/modules/torrent/default.nix

@@ -42,6 +42,7 @@ in
   };
 
   # scripted wireguard since systemd-networkd doesn't support netns yet
+  networking.wireguard.useNetworkd = false;
   networking.wireguard.interfaces."wg0-mullvad" = {
     # Funny Mole
     privateKeyFile = config.age.secrets.mullvad.path;

hosts/thinkpad/default.nix

@@ -14,7 +14,6 @@
       ./modules/virtualisation
     ];
 
-
   nix.settings.system-features = [ "gccarch-tigerlake" ];
   systemd.additionalUpstreamSystemUnits = [
     "soft-reboot.target"
@@ -50,6 +49,9 @@
 
   time.timeZone = "Europe/Berlin";
   i18n.defaultLocale = "en_US.UTF-8";
+  programs.direnv = {
+    enable = true;
+  };
 
   console.keyMap = "dvorak";
 

hosts/thinkpad/modules/networks/default.nix

@@ -25,7 +25,7 @@
     nmap
     curlFull
     wireguard-tools
-    etherape
+    # etherape
   ];
   services.timesyncd.servers = lib.mkForce [ ];
   services.resolved = {
@@ -186,12 +186,13 @@
     enable = true;
     package = pkgs.wireshark-qt;
   };
-  users.groups.etherape = { };
-  security.wrappers.etherape = {
-    source = "${pkgs.etherape}/bin/etherape";
-    capabilities = "cap_net_raw,cap_net_admin+eip";
-    owner = "root";
-    group = "etherape";
-    permissions = "u+rx,g+x";
-  };
+  programs.wavemon.enable = true;
+  # # users.groups.etherape = { };
+  # security.wrappers.etherape = {
+  #   source = "${pkgs.etherape}/bin/etherape";
+  #   capabilities = "cap_net_raw,cap_net_admin+eip";
+  #   owner = "root";
+  #   group = "etherape";
+  #   permissions = "u+rx,g+x";
+  # };
 }

hosts/thinkpad/modules/networks/uni.nix

@@ -140,7 +140,7 @@
   systemd.services = {
     openfortivpn-agdsn = {
       description = "AG DSN Fortinet VPN";
-      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 249db14f96c8ea6174d80a3b964868bfbe8c56bc27bf031bf0afb9aeca8eb978";
+      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 2edda9c8797e09af039bbefeb083a9238c353cbc913210ad8a4f737820c35a91";
       requires = [ "network-online.target" ];
       after = [ "network.target" "network-online.target" ];
       serviceConfig = {

hosts/thinkpad/modules/virtualisation/default.nix

@@ -13,9 +13,9 @@
       qemu = {
         runAsRoot = false;
         swtpm.enable = true;
-        ovmf.packages = [
-          (pkgs.OVMF.override ({ tpmSupport = true; secureBoot = true; })).fd
-        ];
+        # ovmf.packages = [
+        #   (pkgs.OVMF.override ({ tpmSupport = true; secureBoot = true; })).fd
+        # ];
       };
     };
     spiceUSBRedirection.enable = true;