mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2024-11-25 17:11:06 +01:00
updates
This commit is contained in:
parent
28526d5db2
commit
efe00fc184
32
flake.lock
32
flake.lock
|
@ -38,11 +38,11 @@
|
|||
"poetry2nix": "poetry2nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720784813,
|
||||
"narHash": "sha256-8/6yU/wbf6lsUFOLisLVADD6QHHmMDUM85c7hPnPBZA=",
|
||||
"lastModified": 1722879849,
|
||||
"narHash": "sha256-Hg1I6vmrxWz6RrVROXn1RDCPniOJx93QQg99x/wSkjY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "authentik-nix",
|
||||
"rev": "89cfaf2eb197a39d12422e773f867d1a7c99b048",
|
||||
"rev": "80fc87361809f78b8a8cd7e57a14b66a726379ef",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -54,16 +54,16 @@
|
|||
"authentik-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1720727154,
|
||||
"narHash": "sha256-SMupiJGJbkBn33JP4WLF3IsBdt3SN3JvZg/EYlz443g=",
|
||||
"lastModified": 1722875733,
|
||||
"narHash": "sha256-LPNcvKiVrwPwc3G/j0a7KoMKAMScbzui0C3IgWXP+g4=",
|
||||
"owner": "goauthentik",
|
||||
"repo": "authentik",
|
||||
"rev": "9075270b01e784d25f2ec08b82e73f1ce3086184",
|
||||
"rev": "8f207c75046d722c17dee2bcf65fa386b06f5b9a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "goauthentik",
|
||||
"ref": "version/2024.6.1",
|
||||
"ref": "version/2024.6.3",
|
||||
"repo": "authentik",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -299,11 +299,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1722407237,
|
||||
"narHash": "sha256-wcpVHUc2nBSSgOM7UJSpcRbyus4duREF31xlzHV5T+A=",
|
||||
"lastModified": 1723015306,
|
||||
"narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "58cef3796271aaeabaed98884d4abaab5d9d162d",
|
||||
"rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -447,11 +447,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1722136042,
|
||||
"narHash": "sha256-x3FmT4QSyK28itMiR5zfYhUrG5nY+2dv+AIcKfmSp5A=",
|
||||
"lastModified": 1722740924,
|
||||
"narHash": "sha256-UQPgA5d8azLZuDHZMPmvDszhuKF1Ek89SrTRtqsQ4Ss=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "c0ca47e8523b578464014961059999d8eddd4aae",
|
||||
"rev": "97ca0a0fca0391de835f57e44f369a283e37890f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -462,11 +462,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1722185531,
|
||||
"narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
|
||||
"lastModified": 1722813957,
|
||||
"narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
|
||||
"rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
url = "github:ryantm/agenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.home-manager.follows = "home-manager";
|
||||
|
||||
};
|
||||
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
|
|
|
@ -3,15 +3,19 @@
|
|||
age.secrets = {
|
||||
tud.file = ../../../../secrets/thinkpad/tud.age;
|
||||
agdsn.file = ../../../../secrets/thinkpad/agdsn.age;
|
||||
ifsr-apb-auth = {
|
||||
file = ../../../../secrets/thinkpad/ifsr-apb-auth.age;
|
||||
dyport-auth = {
|
||||
file = ../../../../secrets/thinkpad/dyport-auth.age;
|
||||
};
|
||||
};
|
||||
networking = {
|
||||
supplicant."enp0s31f6" = {
|
||||
userControlled.enable = true;
|
||||
driver = "wired";
|
||||
configFile.path = config.age.secrets.ifsr-apb-auth.path;
|
||||
supplicant = rec {
|
||||
enp0s31f6 = {
|
||||
userControlled.enable = true;
|
||||
driver = "wired";
|
||||
configFile.path = config.age.secrets.dyport-auth.path;
|
||||
};
|
||||
# ugly way to add more interfaces
|
||||
"enp0s13f0u2u1" = enp0s31f6;
|
||||
};
|
||||
wireless.networks = {
|
||||
eduroam = {
|
||||
|
@ -90,6 +94,17 @@
|
|||
compression = "stateless";
|
||||
};
|
||||
};
|
||||
ZIH = {
|
||||
protocol = "anyconnect";
|
||||
gateway = "vpn2.zih.tu-dresden.de";
|
||||
user = "rose159e@zih-ma-vpn";
|
||||
passwordFile = config.age.secrets.tud.path;
|
||||
autoStart = false;
|
||||
extraOptions = {
|
||||
authgroup = "A-Tunnel-TU-Networks";
|
||||
compression = "stateless";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.services = {
|
||||
|
|
|
@ -14,10 +14,9 @@
|
|||
pam = {
|
||||
u2f = {
|
||||
enable = true;
|
||||
cue = true;
|
||||
# settings = {
|
||||
# cue = true;
|
||||
# };
|
||||
settings = {
|
||||
cue = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
krb5 = {
|
||||
|
@ -45,9 +44,10 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
services = {
|
||||
fprintd.enable = true; # log in using fingerprint
|
||||
};
|
||||
# broken again
|
||||
# services = {
|
||||
# fprintd.enable = true; # log in using fingerprint
|
||||
# };
|
||||
environment.systemPackages = with pkgs; [
|
||||
agenix.packages.x86_64-linux.default
|
||||
tpm2-tools
|
||||
|
|
|
@ -9,7 +9,7 @@ in
|
|||
"secrets/thinkpad/wireless.age".publicKeys = [ rouven thinkpad ];
|
||||
"secrets/thinkpad/tud.age".publicKeys = [ rouven thinkpad ];
|
||||
"secrets/thinkpad/agdsn.age".publicKeys = [ rouven thinkpad ];
|
||||
"secrets/thinkpad/ifsr-apb-auth.age".publicKeys = [ rouven thinkpad ];
|
||||
"secrets/thinkpad/dyport-auth.age".publicKeys = [ rouven thinkpad ];
|
||||
"secrets/thinkpad/wireguard/dorm/private.age".publicKeys = [ rouven thinkpad ];
|
||||
"secrets/thinkpad/wireguard/dorm/preshared.age".publicKeys = [ rouven thinkpad ];
|
||||
"secrets/thinkpad/borg/passphrase.age".publicKeys = [ rouven thinkpad ];
|
||||
|
|
BIN
secrets/thinkpad/dyport-auth.age
Normal file
BIN
secrets/thinkpad/dyport-auth.age
Normal file
Binary file not shown.
Binary file not shown.
|
@ -37,6 +37,7 @@
|
|||
# home manager needs dconf
|
||||
programs.dconf.enable = true;
|
||||
# fixes pam entries for swaylock
|
||||
# auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
|
||||
security.pam.services.swaylock.text = ''
|
||||
# Account management.
|
||||
account required pam_unix.so
|
||||
|
@ -45,7 +46,6 @@
|
|||
|
||||
auth sufficient pam_unix.so nullok likeauth try_first_pass
|
||||
auth sufficient ${pkgs.pam_u2f}/lib/security/pam_u2f.so
|
||||
auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
|
||||
auth required pam_deny.so
|
||||
|
||||
# Password management.
|
||||
|
|
|
@ -36,13 +36,15 @@ in
|
|||
hostname = "login.zih.tu-dresden.de";
|
||||
user = "rose159e";
|
||||
};
|
||||
"mininet" = {
|
||||
hostname = "internet.netd.cs.tu-dresden.de";
|
||||
user = "root";
|
||||
port = 2133;
|
||||
extraOptions = {
|
||||
ProxyJump = "tud";
|
||||
};
|
||||
"*.zih.tu-dresden.de" = {
|
||||
user = "rose159e";
|
||||
};
|
||||
"*.net.tu-dresden.de" = {
|
||||
user = "rose159e";
|
||||
};
|
||||
"git@gitlab.hrz.tu-chemnitz.de" = {
|
||||
match = "Host gitlab.hrz.tu-chemnitz.de User git";
|
||||
identityFile = git;
|
||||
};
|
||||
|
||||
# iFSR
|
||||
|
|
Loading…
Reference in a new issue