lots of updates

2025-01-18 09:01:39 +01:00 · 2024-12-31 16:02:29 +01:00 · 2024-12-31 16:02:29 +01:00 · 60586106be
commit 60586106be
parent 91f700f9a5
11 changed files with 55 additions and 42 deletions
--- a/flake.lock
+++ b/flake.lock
@ -37,11 +37,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1732215451,
+        "lastModified": 1733851514,
-        "narHash": "sha256-P2VVlzRGKBNsiHsN1yMZcSMXpwtIx9ysMFZAqKFJ14o=",
+        "narHash": "sha256-fQt/HzF+OBC8xLRYeHiYLSEzjrgOLNWhyd102aY2oLU=",
        "owner": "nix-community",
        "repo": "authentik-nix",
-        "rev": "9d9c0a3a94a91cfed654a18239e27cf56970daa4",
+        "rev": "b059e1d6e7a94bbeabb4e87d47b5f5097fd61823",
        "type": "github"
      },
      "original": {
@ -53,16 +53,16 @@
    "authentik-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1732213300,
+        "lastModified": 1733849292,
-        "narHash": "sha256-4Pv35cnZGiTxe6j2O0F9L9sHzxVIC1SazeAUD5kWeBs=",
+        "narHash": "sha256-gJYgrRxytoGHkjeEsiKY/tl06D8XOnZZ9SDpK1WSyUw=",
        "owner": "goauthentik",
        "repo": "authentik",
-        "rev": "527e584699abc93712114b05f70f59c5187caa66",
+        "rev": "0edd7531a152910e6bdd4f7d3d0cde3ed5fdd956",
        "type": "github"
      },
      "original": {
        "owner": "goauthentik",
-        "ref": "version/2024.10.4",
+        "ref": "version/2024.10.5",
        "repo": "authentik",
        "type": "github"
      }
@ -134,11 +134,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1726867691,
+        "lastModified": 1733919067,
-        "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=",
+        "narHash": "sha256-ZsL5pKwEDhcZhVJh+3IwgHus7kSW/N8qOlBscwB6BCI=",
        "owner": "nix-community",
        "repo": "dns.nix",
-        "rev": "a3196708a56dee76186a9415c187473b94e6cbae",
+        "rev": "a23f43f9762aa96d3e35c8eeefa7610bd0cdf456",
        "type": "github"
      },
      "original": {
@ -301,11 +301,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1733045511,
+        "lastModified": 1735381016,
-        "narHash": "sha256-n8AldXJRNVMm2UZ6yN0HwVxlARY2Cm/uhdOw76tQ0OI=",
+        "narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "4964f3c6fc17ae4578e762d3dc86b10fe890860e",
+        "rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2",
        "type": "github"
      },
      "original": {
@ -336,11 +336,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1731242966,
+        "lastModified": 1734945620,
-        "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=",
+        "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
+        "rev": "d000479f4f41390ff7cf9204979660ad5dd16176",
        "type": "github"
      },
      "original": {
@ -450,11 +450,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1733024876,
+        "lastModified": 1735443188,
-        "narHash": "sha256-vy9Q41hBE7Zg0yakF79neVgb3i3PQMSMR7uHPpPywFE=",
+        "narHash": "sha256-AydPpRBh8+NOkrLylG7vTsHrGO2b5L7XkMEL5HlzcA8=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "6e0b7f81367069589a480b91603a10bcf71f3103",
+        "rev": "55ab1e1df5daf2476e6b826b69a82862dcbd7544",
        "type": "github"
      },
      "original": {
@ -524,11 +524,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1732837521,
+        "lastModified": 1735471104,
-        "narHash": "sha256-jNRNr49UiuIwaarqijgdTR2qLPifxsVhlJrKzQ8XUIE=",
+        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "970e93b9f82e2a0f3675757eb0bfc73297cc6370",
+        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
        "type": "github"
      },
      "original": {
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@ -20,6 +20,14 @@
    ];
  nix.settings.system-features = [ "gccarch-tigerlake" ];
  nixpkgs.config.permittedInsecurePackages = [
    "aspnetcore-runtime-wrapped-6.0.36"
    "aspnetcore-runtime-6.0.36"
    "dotnet-sdk-wrapped-6.0.428"
    "dotnet-sdk-6.0.428"
    "jitsi-meet-1.0.8043"
    "olm-3.2.16"
  ];
  boot = {
    loader.systemd-boot.enable = true;
    loader.efi.canTouchEfiVariables = true;
--- a/hosts/nuc/modules/matrix/default.nix
+++ b/hosts/nuc/modules/matrix/default.nix
@ -16,10 +16,6 @@ in
      owner = config.systemd.services.matrix-synapse.serviceConfig.User;
    };
  };
  nixpkgs.config.permittedInsecurePackages = [
    "jitsi-meet-1.0.8043"
    "olm-3.2.16"
  ];
  services = {
    postgresql = {
--- a/hosts/nuc/modules/monitoring/default.nix
+++ b/hosts/nuc/modules/monitoring/default.nix
@ -64,7 +64,7 @@ in
        auth_url = "https://auth.rfive.de/application/o/authorize/";
        token_url = "https://auth.rfive.de/application/o/token/";
        api_url = "https://auth.rfive.de/application/o/userinfo/";
-        role_attribute_path = "contains(roles, 'Grafana Admin') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'";
+        role_attribute_path = "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'";
      };
--- a/hosts/nuc/modules/torrent/default.nix
+++ b/hosts/nuc/modules/torrent/default.nix
@ -42,6 +42,7 @@ in
  };
  # scripted wireguard since systemd-networkd doesn't support netns yet
  networking.wireguard.useNetworkd = false;
  networking.wireguard.interfaces."wg0-mullvad" = {
    # Funny Mole
    privateKeyFile = config.age.secrets.mullvad.path;
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -14,7 +14,6 @@
      ./modules/virtualisation
    ];
  nix.settings.system-features = [ "gccarch-tigerlake" ];
  systemd.additionalUpstreamSystemUnits = [
    "soft-reboot.target"
@ -50,6 +49,9 @@
  time.timeZone = "Europe/Berlin";
  i18n.defaultLocale = "en_US.UTF-8";
  programs.direnv = {
    enable = true;
  };
  console.keyMap = "dvorak";
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -25,7 +25,7 @@
    nmap
    curlFull
    wireguard-tools
-    etherape
+    # etherape
  ];
  services.timesyncd.servers = lib.mkForce [ ];
  services.resolved = {
@ -186,12 +186,13 @@
    enable = true;
    package = pkgs.wireshark-qt;
  };
-  users.groups.etherape = { };
+  programs.wavemon.enable = true;
-  security.wrappers.etherape = {
+  # # users.groups.etherape = { };
-    source = "${pkgs.etherape}/bin/etherape";
+  # security.wrappers.etherape = {
-    capabilities = "cap_net_raw,cap_net_admin+eip";
+  #   source = "${pkgs.etherape}/bin/etherape";
-    owner = "root";
+  #   capabilities = "cap_net_raw,cap_net_admin+eip";
-    group = "etherape";
+  #   owner = "root";
-    permissions = "u+rx,g+x";
+  #   group = "etherape";
-  };
+  #   permissions = "u+rx,g+x";
  # };
 }
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -140,7 +140,7 @@
  systemd.services = {
    openfortivpn-agdsn = {
      description = "AG DSN Fortinet VPN";
-      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 249db14f96c8ea6174d80a3b964868bfbe8c56bc27bf031bf0afb9aeca8eb978";
+      script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 2edda9c8797e09af039bbefeb083a9238c353cbc913210ad8a4f737820c35a91";
      requires = [ "network-online.target" ];
      after = [ "network.target" "network-online.target" ];
      serviceConfig = {
--- a/hosts/thinkpad/modules/virtualisation/default.nix
+++ b/hosts/thinkpad/modules/virtualisation/default.nix
@ -13,9 +13,9 @@
      qemu = {
        runAsRoot = false;
        swtpm.enable = true;
-        ovmf.packages = [
+        # ovmf.packages = [
-          (pkgs.OVMF.override ({ tpmSupport = true; secureBoot = true; })).fd
+        #   (pkgs.OVMF.override ({ tpmSupport = true; secureBoot = true; })).fd
-        ];
+        # ];
      };
    };
    spiceUSBRedirection.enable = true;
--- a/shared/nix.nix
+++ b/shared/nix.nix
@ -8,7 +8,9 @@
    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
    distributedBuilds = true;
    settings = {
      extra-platforms = [ "aarch64-linux" ];
      auto-optimise-store = true;
      system-features = [ "big-parallel" ];
      experimental-features = [ "nix-command" "flakes" ];
      substituters = [
        "https://cache.rfive.de"
@ -18,6 +20,9 @@
        "cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw="
        "cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg="
      ];
      trusted-users = [
        "@wheel"
      ];
    };
    # buildMachines = [
    #   # {
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@ -52,7 +52,7 @@
    hut
    wine
    ansible
-    ansible-lint
+    # ansible-lint
    # programming languages
    cargo