updates

2024-11-14 21:03:10 +01:00 · 2024-08-07 13:40:02 +02:00 · 2024-08-07 13:40:02 +02:00 · efe00fc184
parent 28526d5db2
commit efe00fc184
9 changed files with 55 additions and 39 deletions
--- a/flake.lock
+++ b/flake.lock
@ -38,11 +38,11 @@
        "poetry2nix": "poetry2nix"
      },
      "locked": {
-        "lastModified": 1720784813,
-        "narHash": "sha256-8/6yU/wbf6lsUFOLisLVADD6QHHmMDUM85c7hPnPBZA=",
+        "lastModified": 1722879849,
+        "narHash": "sha256-Hg1I6vmrxWz6RrVROXn1RDCPniOJx93QQg99x/wSkjY=",
        "owner": "nix-community",
        "repo": "authentik-nix",
-        "rev": "89cfaf2eb197a39d12422e773f867d1a7c99b048",
+        "rev": "80fc87361809f78b8a8cd7e57a14b66a726379ef",
        "type": "github"
      },
      "original": {
@ -54,16 +54,16 @@
    "authentik-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1720727154,
-        "narHash": "sha256-SMupiJGJbkBn33JP4WLF3IsBdt3SN3JvZg/EYlz443g=",
+        "lastModified": 1722875733,
+        "narHash": "sha256-LPNcvKiVrwPwc3G/j0a7KoMKAMScbzui0C3IgWXP+g4=",
        "owner": "goauthentik",
        "repo": "authentik",
-        "rev": "9075270b01e784d25f2ec08b82e73f1ce3086184",
+        "rev": "8f207c75046d722c17dee2bcf65fa386b06f5b9a",
        "type": "github"
      },
      "original": {
        "owner": "goauthentik",
-        "ref": "version/2024.6.1",
+        "ref": "version/2024.6.3",
        "repo": "authentik",
        "type": "github"
      }
@ -299,11 +299,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1722407237,
-        "narHash": "sha256-wcpVHUc2nBSSgOM7UJSpcRbyus4duREF31xlzHV5T+A=",
+        "lastModified": 1723015306,
+        "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "58cef3796271aaeabaed98884d4abaab5d9d162d",
+        "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e",
        "type": "github"
      },
      "original": {
@ -447,11 +447,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1722136042,
-        "narHash": "sha256-x3FmT4QSyK28itMiR5zfYhUrG5nY+2dv+AIcKfmSp5A=",
+        "lastModified": 1722740924,
+        "narHash": "sha256-UQPgA5d8azLZuDHZMPmvDszhuKF1Ek89SrTRtqsQ4Ss=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "c0ca47e8523b578464014961059999d8eddd4aae",
+        "rev": "97ca0a0fca0391de835f57e44f369a283e37890f",
        "type": "github"
      },
      "original": {
@ -462,11 +462,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1722185531,
-        "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
+        "lastModified": 1722813957,
+        "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
+        "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -11,7 +11,6 @@
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.home-manager.follows = "home-manager";
-
    };

    impermanence.url = "github:nix-community/impermanence";
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -3,15 +3,19 @@
  age.secrets = {
    tud.file = ../../../../secrets/thinkpad/tud.age;
    agdsn.file = ../../../../secrets/thinkpad/agdsn.age;
-    ifsr-apb-auth = {
-      file = ../../../../secrets/thinkpad/ifsr-apb-auth.age;
+    dyport-auth = {
+      file = ../../../../secrets/thinkpad/dyport-auth.age;
    };
  };
  networking = {
-    supplicant."enp0s31f6" = {
+    supplicant = rec {
+      enp0s31f6 = {
        userControlled.enable = true;
        driver = "wired";
-      configFile.path = config.age.secrets.ifsr-apb-auth.path;
+        configFile.path = config.age.secrets.dyport-auth.path;
+      };
+      # ugly way to add more interfaces
+      "enp0s13f0u2u1" = enp0s31f6;
    };
    wireless.networks = {
      eduroam = {
@ -90,6 +94,17 @@
          compression = "stateless";
        };
      };
+      ZIH = {
+        protocol = "anyconnect";
+        gateway = "vpn2.zih.tu-dresden.de";
+        user = "rose159e@zih-ma-vpn";
+        passwordFile = config.age.secrets.tud.path;
+        autoStart = false;
+        extraOptions = {
+          authgroup = "A-Tunnel-TU-Networks";
+          compression = "stateless";
+        };
+      };
    };
  };
  systemd.services = {
--- a/hosts/thinkpad/modules/security/default.nix
+++ b/hosts/thinkpad/modules/security/default.nix
@ -14,10 +14,9 @@
    pam = {
      u2f = {
        enable = true;
+        settings = {
          cue = true;
-        # settings = {
-        #   cue = true;
-        # };
+        };
      };
    };
    krb5 = {
@ -45,9 +44,10 @@
      };
    };
  };
-  services = {
-    fprintd.enable = true; # log in using fingerprint
-  };
+  # broken again
+  # services = {
+  #   fprintd.enable = true; # log in using fingerprint
+  # };
  environment.systemPackages = with pkgs; [
    agenix.packages.x86_64-linux.default
    tpm2-tools
--- a/secrets.nix
+++ b/secrets.nix
@ -9,7 +9,7 @@ in
  "secrets/thinkpad/wireless.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/tud.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/agdsn.age".publicKeys = [ rouven thinkpad ];
-  "secrets/thinkpad/ifsr-apb-auth.age".publicKeys = [ rouven thinkpad ];
+  "secrets/thinkpad/dyport-auth.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/wireguard/dorm/private.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/wireguard/dorm/preshared.age".publicKeys = [ rouven thinkpad ];
  "secrets/thinkpad/borg/passphrase.age".publicKeys = [ rouven thinkpad ];
--- a/secrets/thinkpad/dyport-auth.age
+++ b/secrets/thinkpad/dyport-auth.age
--- a/secrets/thinkpad/ifsr-apb-auth.age
+++ b/secrets/thinkpad/ifsr-apb-auth.age
--- a/users/rouven/fixes.nix
+++ b/users/rouven/fixes.nix
@ -37,6 +37,7 @@
  # home manager needs dconf
  programs.dconf.enable = true;
  # fixes pam entries for swaylock
+  # auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
  security.pam.services.swaylock.text = ''
    # Account management.
    account required pam_unix.so
@ -45,7 +46,6 @@

    auth sufficient pam_unix.so nullok likeauth try_first_pass
    auth sufficient ${pkgs.pam_u2f}/lib/security/pam_u2f.so
-    auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
    auth required pam_deny.so

    # Password management.
--- a/users/rouven/modules/ssh/default.nix
+++ b/users/rouven/modules/ssh/default.nix
@ -36,13 +36,15 @@ in
        hostname = "login.zih.tu-dresden.de";
        user = "rose159e";
      };
-      "mininet" = {
-        hostname = "internet.netd.cs.tu-dresden.de";
-        user = "root";
-        port = 2133;
-        extraOptions = {
-          ProxyJump = "tud";
+      "*.zih.tu-dresden.de" = {
+        user = "rose159e";
      };
+      "*.net.tu-dresden.de" = {
+        user = "rose159e";
+      };
+      "git@gitlab.hrz.tu-chemnitz.de" = {
+        match = "Host gitlab.hrz.tu-chemnitz.de User git";
+        identityFile = git;
      };

      # iFSR