diff --git a/flake.lock b/flake.lock index 1480148..18e7d61 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1722339003, - "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { @@ -32,9 +32,7 @@ "flake-parts": "flake-parts", "flake-utils": "flake-utils", "napalm": "napalm", - "nixpkgs": [ - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "poetry2nix": "poetry2nix" }, "locked": { @@ -299,11 +297,11 @@ ] }, "locked": { - "lastModified": 1723015306, - "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=", + "lastModified": 1723399884, + "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=", "owner": "nix-community", "repo": "home-manager", - "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e", + "rev": "086f619dd991a4d355c07837448244029fc2d9ab", "type": "github" }, "original": { @@ -447,11 +445,11 @@ ] }, "locked": { - "lastModified": 1722740924, - "narHash": "sha256-UQPgA5d8azLZuDHZMPmvDszhuKF1Ek89SrTRtqsQ4Ss=", + "lastModified": 1723352546, + "narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "97ca0a0fca0391de835f57e44f369a283e37890f", + "rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06", "type": "github" }, "original": { @@ -462,17 +460,18 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722813957, - "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", + "lastModified": 1720542800, + "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", + "rev": "feb2849fdeb70028c70d73b848214b00d324a497", "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "NixOS", "ref": "nixos-unstable", - "type": "indirect" + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-lib": { @@ -518,6 +517,21 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1723362943, + "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a58bc8ad779655e790115244571758e8de055e3d", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "pfersel": { "inputs": { "nixpkgs": [ @@ -623,7 +637,7 @@ "lanzaboote": "lanzaboote", "nix-colors": "nix-colors", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "pfersel": "pfersel", "purge": "purge", "trucksimulatorbot": "trucksimulatorbot" diff --git a/flake.nix b/flake.nix index ec3a775..708802a 100644 --- a/flake.nix +++ b/flake.nix @@ -27,7 +27,7 @@ nix-colors.url = "github:Misterio77/nix-colors"; authentik = { url = "github:nix-community/authentik-nix"; - inputs.nixpkgs.follows = "nixpkgs"; + # inputs.nixpkgs.follows = "nixpkgs"; }; purge = { diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 523a542..759bb3c 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -107,6 +107,7 @@ services = { + # envfs.enable = true; #usr/bin fixes blueman.enable = true; # bluetooth devmon.enable = true; # automount stuff upower.enable = true; diff --git a/hosts/thinkpad/modules/graphics/default.nix b/hosts/thinkpad/modules/graphics/default.nix index 96944ca..e835627 100644 --- a/hosts/thinkpad/modules/graphics/default.nix +++ b/hosts/thinkpad/modules/graphics/default.nix @@ -37,7 +37,7 @@ colors.base07 ]; }; - hardware.opengl.extraPackages = with pkgs; [ + hardware.graphics.extraPackages = with pkgs; [ intel-compute-runtime intel-media-driver ]; diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index 85228fa..98541a0 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -66,6 +66,10 @@ authProtocols = [ "SAE" ]; extraConfig = "disabled=1"; }; + "LKG-Gast" = { + psk = "@LKGDD_GUEST_PSK@"; + authProtocols = [ "WPA-PSK" ]; + }; "@PIXEL_SSID@" = { psk = "@PIXEL_PSK@"; authProtocols = [ "WPA-PSK" ]; diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 4de970c..74374dd 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -15,7 +15,8 @@ configFile.path = config.age.secrets.dyport-auth.path; }; # ugly way to add more interfaces - "enp0s13f0u2u1" = enp0s31f6; + # "enp0s13f0u2u1" = enp0s31f6; + # "enp0s13f0u3u1" = enp0s31f6; }; wireless.networks = { eduroam = { @@ -59,6 +60,7 @@ password="@AGDSN_AUTH@" phase2="auth=PAP" ''; + extraConfig = "disabled=1"; authProtocols = [ "WPA-EAP" ]; }; agdsn_fritzbox = { @@ -105,6 +107,17 @@ compression = "stateless"; }; }; + iFSR = { + protocol = "anyconnect"; + gateway = "vpn2.zih.tu-dresden.de"; + user = "rose159e@apb-ifsr-vpn"; + passwordFile = config.age.secrets.tud.path; + autoStart = false; + extraOptions = { + authgroup = "A-Tunnel-TU-Networks"; + compression = "stateless"; + }; + }; }; }; systemd.services = { diff --git a/hosts/thinkpad/modules/printing/default.nix b/hosts/thinkpad/modules/printing/default.nix index de2c4ad..c713406 100644 --- a/hosts/thinkpad/modules/printing/default.nix +++ b/hosts/thinkpad/modules/printing/default.nix @@ -1,10 +1,10 @@ { pkgs, ... }: { # environment.systemPackages = with pkgs; [ cups ]; - services.avahi = { - enable = true; - nssmdns4 = true; - }; + # services.avahi = { + # enable = true; + # nssmdns4 = true; + # }; services.printing = { enable = true; stateless = true; diff --git a/hosts/thinkpad/modules/security/default.nix b/hosts/thinkpad/modules/security/default.nix index 546985d..6675e21 100644 --- a/hosts/thinkpad/modules/security/default.nix +++ b/hosts/thinkpad/modules/security/default.nix @@ -45,9 +45,9 @@ }; }; # broken again - # services = { - # fprintd.enable = true; # log in using fingerprint - # }; + services = { + fprintd.enable = true; # log in using fingerprint + }; environment.systemPackages = with pkgs; [ agenix.packages.x86_64-linux.default tpm2-tools diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix index 7536dfc..a2e9188 100644 --- a/hosts/thinkpad/modules/virtualisation/default.nix +++ b/hosts/thinkpad/modules/virtualisation/default.nix @@ -1,10 +1,10 @@ { pkgs, ... }: { virtualisation = { - podman = { - enable = true; - defaultNetwork.settings.dns_enabled = true; - }; + # podman = { + # enable = true; + # defaultNetwork.settings.dns_enabled = true; + # }; libvirtd = { enable = true; qemu = { diff --git a/pkgs/adguardian-term/default.nix b/pkgs/adguardian-term/default.nix index 74fb635..886a637 100644 --- a/pkgs/adguardian-term/default.nix +++ b/pkgs/adguardian-term/default.nix @@ -9,7 +9,7 @@ rustPlatform.buildRustPackage rec { rev = version; hash = "sha256-r7dh31fZgcUBffzwoBqIoV9XhZOjJRb9aWZUuuiz7y8="; }; - cargoSha256 = "sha256-GB3CQ9VPBkKbT5Edq/jJlGEkVGICWSQloIt+nkHRDJU="; + cargoHash = "sha256-GB3CQ9VPBkKbT5Edq/jJlGEkVGICWSQloIt+nkHRDJU="; meta = with lib; { description = "Terminal-based, real-time traffic monitoring and statistics for your AdGuard Home instance Resources"; diff --git a/pkgs/ianny/default.nix b/pkgs/ianny/default.nix index 077b76a..97866c4 100644 --- a/pkgs/ianny/default.nix +++ b/pkgs/ianny/default.nix @@ -1,4 +1,4 @@ -{ rustPlatform, fetchFromGitHub, lib, ninja, dbus, pkg-config, gettext }: +{ rustPlatform, fetchFromGitHub, lib, ninja, dbus, pkg-config }: rustPlatform.buildRustPackage rec { pname = "ianny"; version = "unstable-2023-12-16"; @@ -8,7 +8,7 @@ rustPlatform.buildRustPackage rec { rev = "370bea372c35610e65426f5a1c45db99584dfb9a"; hash = "sha256-oWwRCQSP0g6IJh3cEgD32AIBF/pfN9QGJ9LANjCthMw="; }; - cargoSha256 = "sha256-5/Sb2ds+xfcYFqTF3RObPScDzK4FdBNk8T1Z5YcQgCM="; + cargoHash = "sha256-5/Sb2ds+xfcYFqTF3RObPScDzK4FdBNk8T1Z5YcQgCM="; buildInputs = [ dbus ninja diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age index 3ef23f0..14524a5 100644 Binary files a/secrets/thinkpad/wireless.age and b/secrets/thinkpad/wireless.age differ diff --git a/users/rouven/fixes.nix b/users/rouven/fixes.nix index 9699a26..469d8cf 100644 --- a/users/rouven/fixes.nix +++ b/users/rouven/fixes.nix @@ -1,6 +1,5 @@ { pkgs, lib, ... }: { - # fixes qt and themes environment.variables = { "QT_STYLE_OVERRIDE" = lib.mkForce "kvantum"; @@ -9,10 +8,10 @@ "GTK_THEME" = "Dracula"; }; # open ports for kde connect - networking.firewall = rec { - allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; - allowedUDPPortRanges = allowedTCPPortRanges; - }; + # networking.firewall = rec { + # allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; + # allowedUDPPortRanges = allowedTCPPortRanges; + # }; # enable xdg portals for sway xdg.portal = { enable = true; @@ -37,24 +36,7 @@ # home manager needs dconf programs.dconf.enable = true; # fixes pam entries for swaylock - # auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so - security.pam.services.swaylock.text = '' - # Account management. - account required pam_unix.so - - # Authentication management. - - auth sufficient pam_unix.so nullok likeauth try_first_pass - auth sufficient ${pkgs.pam_u2f}/lib/security/pam_u2f.so - auth required pam_deny.so - - # Password management. - password sufficient pam_unix.so nullok sha512 - - # Session management. - session required pam_env.so conffile=/etc/pam/environment readenv=0 - session required pam_unix.so - ''; + security.pam.services.swaylock = { }; # global wrapper for ausweisapp programs.ausweisapp = { enable = true; @@ -64,5 +46,5 @@ programs.steam.enable = true; # enable java black magic - programs.java.enable = true; + # programs.java.enable = true; } diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 45756ff..514638f 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -50,6 +50,7 @@ hut wine ansible + ansible-lint # programming languages cargo diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix index bb97aab..d91e1fe 100644 --- a/users/rouven/modules/ssh/default.nix +++ b/users/rouven/modules/ssh/default.nix @@ -11,7 +11,7 @@ in controlPersist = "10m"; extraConfig = '' CanonicalizeHostname yes - CanonicalDomains agdsn.network vpn.rfive.de + CanonicalDomains agdsn.network vpn.rfive.de net.tu-dresden.de PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so IdentityFile ~/.ssh/id_ed25519 SetEnv TERM=xterm-256color