diff --git a/flake.lock b/flake.lock
index 18e7d61..21690fc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -297,11 +297,11 @@
]
},
"locked": {
- "lastModified": 1723399884,
- "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
+ "lastModified": 1723986931,
+ "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
+ "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671",
"type": "github"
},
"original": {
@@ -332,11 +332,11 @@
},
"impermanence": {
"locked": {
- "lastModified": 1719091691,
- "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
+ "lastModified": 1724146542,
+ "narHash": "sha256-MLxtqDtu+y/4UDhXX5pFypX9/qbH54TDP6Z90oFzd/A=",
"owner": "nix-community",
"repo": "impermanence",
- "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
+ "rev": "03fe473c731cda2900bae9894b8dfc68e3492db5",
"type": "github"
},
"original": {
@@ -445,11 +445,11 @@
]
},
"locked": {
- "lastModified": 1723352546,
- "narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=",
+ "lastModified": 1723950649,
+ "narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=",
"owner": "nix-community",
"repo": "nix-index-database",
- "rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06",
+ "rev": "392828aafbed62a6ea6ccab13728df2e67481805",
"type": "github"
},
"original": {
@@ -519,11 +519,11 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1723362943,
- "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
+ "lastModified": 1724224976,
+ "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "a58bc8ad779655e790115244571758e8de055e3d",
+ "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62",
"type": "github"
},
"original": {
diff --git a/hosts/nuc/modules/matrix/default.nix b/hosts/nuc/modules/matrix/default.nix
index 161c056..d46c038 100644
--- a/hosts/nuc/modules/matrix/default.nix
+++ b/hosts/nuc/modules/matrix/default.nix
@@ -19,6 +19,10 @@ in
file = ../../../../secrets/nuc/matrix/sync.age;
};
};
+ nixpkgs.config.permittedInsecurePackages = [
+ "jitsi-meet-1.0.8043"
+ "olm-3.2.16"
+ ];
services = {
postgresql = {
diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index 759bb3c..c9bee3f 100755
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -20,7 +20,6 @@
"soft-reboot.target"
"systemd-soft-reboot.service"
];
-
# Use the systemd-boot EFI boot loader.
boot = {
kernelModules = [ "v4l2loopback" ];
@@ -107,7 +106,7 @@
services = {
- # envfs.enable = true; #usr/bin fixes
+ envfs.enable = true; #usr/bin fixes
blueman.enable = true; # bluetooth
devmon.enable = true; # automount stuff
upower.enable = true;
diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix
index 98541a0..b46ab04 100644
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@@ -36,7 +36,7 @@
"2620:fe::9"
];
# allow downgrade since fritzbox at home doesn't support it (yet?)
- dnssec = "allow-downgrade";
+ # dnssec = "allow-downgrade";
};
networking = {
nftables.enable = true;
diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix
index 74374dd..67ad168 100644
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
{
age.secrets = {
tud.file = ../../../../secrets/thinkpad/tud.age;
@@ -8,15 +8,12 @@
};
};
networking = {
- supplicant = rec {
- enp0s31f6 = {
+ supplicant = {
+ "LAN" = {
userControlled.enable = true;
driver = "wired";
configFile.path = config.age.secrets.dyport-auth.path;
};
- # ugly way to add more interfaces
- # "enp0s13f0u2u1" = enp0s31f6;
- # "enp0s13f0u3u1" = enp0s31f6;
};
wireless.networks = {
eduroam = {
@@ -143,5 +140,9 @@
LockPersonality = true;
};
};
+ # fix systemd dependencies for supplicant services
+ "supplicant-lan@" = {
+ wantedBy = lib.mkForce [ ];
+ };
};
}
diff --git a/secrets/thinkpad/agdsn.age b/secrets/thinkpad/agdsn.age
index a48d392..c889e19 100644
--- a/secrets/thinkpad/agdsn.age
+++ b/secrets/thinkpad/agdsn.age
@@ -1,7 +1,7 @@
age-encryption.org/v1
--> ssh-ed25519 uWbAHQ XEUSI/RYeut/hSIYv4TB2PBA6VHhaNZdtVr1N1XAvmc
-M47o4tHJG5d62pYYJQDQ8BHUbFWMkePQXOL9oWbXISU
--> ssh-ed25519 EVzt9Q fXvnKAFWGxu11gpi7i30PMXNc7j8FDsPWW8YBsm4xRk
-yYjzx8C649/Oe5TQUP0VFFH2RTQELClIjUhJd+BPxhw
---- aEgkJpsat4NAA+Xv45CLbYsdWQUVJNestqmRXuANayY
-�"�8�y���U��T���f�X���pRz/��A�I&7�٨X��'ޥ9s�è8X�«�k"�o�Z��ILh����t�
\ No newline at end of file
+-> ssh-ed25519 uWbAHQ CYNcEOainhjcR0gW9fxxL+ihROvKf33R1DUSwFJFAic
+RCNur+5AwHEridGGQ4FT+yMCbdp5pzcKFLUUIK1wfiM
+-> ssh-ed25519 EVzt9Q B4ySqjgdMczmNntu41PjCGflCcjc5jiHGLZGCKjgDRc
+NrFUs0fZedEv9ME8U7RM81J2EK5D6zh5Ij40J9lFHCs
+--- k0WJYU3YSywMkgZkb7J662elPiqMOAgm3A9kYbatJBg
+���i���#��/)�J��H��� ��/V��E��C���H�@���1�����0�d��aZ&�
\ No newline at end of file
diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age
index 14524a5..6af948e 100644
--- a/secrets/thinkpad/wireless.age
+++ b/secrets/thinkpad/wireless.age
@@ -1,9 +1,8 @@
age-encryption.org/v1
--> ssh-ed25519 uWbAHQ OJer2K9rSPiptuu6vDRY6MkDjAcREgAEsHfe0n8/60U
-Iy5Wt1tRvuxa3SmiTFL8JRpSHi/28H6GkY5VaL22mx8
--> ssh-ed25519 EVzt9Q a1jqUct0MJjWkyAIlQ2tNUNYAMxFICKWn4KgBmRFeyA
-b1Rgtbdf/oZxggv0EiB94163+rRSZJ85UYOAVHKg/6A
---- KpZ1Y81pv1927dqkhp0z5KQmQ25wIZ7MAqX3A9AQf4c
-��N�9p����Ek�
-[go�l��;�u5�d��78�,�q�9[��ڜ�c9��U�M�}����[q����&��8�%�D0�0Y�<�`���+���N���4]o�T�Ծ��J��d
-H#���o�m�n���P�C�K.%8���Igm�Vp��������R,���/���ww�Yu%�[k�:z�6�$�����F�V+���f]O��GW�t�����*�2.m��z���OPg ~>�����������NӬ�N1�z�*���H:q�Kr�����ӆௌ`���)ƚ ����=�Xc�Vu%�rH� �y���w���r�#w�x����]o�t�(�zS`nA�%@�F�[���o�Q��x�D��y�p��p� i9���l���Q�|&����3��V7�� �bG3ʶI�S��]T�VXg�6/I�@]���0w����-��X?�Zw���
\ No newline at end of file
+-> ssh-ed25519 uWbAHQ muOQ5i0nARsD73P9bhSDgDQexbfFDytBZkFxIuXlW1Y
+jwBHWuamzErrFLTo59gfx0nqEoEtiXDjgp06oP4K+rg
+-> ssh-ed25519 EVzt9Q WZaS+fKkU8h4T99jiG2QTqwpSSjY7PJ8lP0EGzi6+g0
+7L5krKrWu7YWpl8vaHvi7QDAsbQ94hv2/waFPa9//Vk
+--- pP0tP461mvMsDH6yrHjU6Z1BhX2jU6lMGCNF6AZ00uw
+�F��T��`����I�9;n��z�1��cq��D���4 U��Q���z��]�<����Vs:i�?�-��,t,�bm��襆�scZ���.a�t�e�$>���>�ڼ����q{�5��ؠ��l��Q�8��D�.zb�dljj��%����|���⪚�����%����9��ɏݝ) ����i�=���T�Թ�|Ұ���=@�T���/R�s�7���$�t�*����}Fy!s+Q>r��n����)�r�}�|g��}!���OVx�6�>�f��J@�����G�����_���������.�2���^P��Q�
+���r9�� #�O�ZY��.����hzѧ%�%4c;�#�㖎��u�Z�T��l��`����zו�t�,�*��O���Zȥ�
����=R��$�4��A�phP�!4���?��;��֔8����(欺R
\ No newline at end of file
diff --git a/shared/zsh.nix b/shared/zsh.nix
index 69530b7..38508fa 100644
--- a/shared/zsh.nix
+++ b/shared/zsh.nix
@@ -1,4 +1,19 @@
{ pkgs, config, lib, ... }:
+let
+ switch = pkgs.writeShellScript "switch.sh" ''
+ OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s)
+ ${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH
+ ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH
+ $OUT_PATH/bin/switch-to-configuration switch
+ unlink $OUT_PATH
+ '';
+ garbage = pkgs.writeShellScript "garbage.sh" ''
+ nix-collect-garbage -d
+ echo Cleaning up boot entries...
+ /run/current-system/bin/switch-to-configuration boot
+ echo Done
+ '';
+in
{
programs.command-not-found.enable = false;
programs.nix-index-database.comma.enable = true;
@@ -15,88 +30,78 @@
programs.fzf = {
keybindings = true;
};
- programs.zsh = {
- enable = true;
- shellAliases = {
- rm = "trash";
- ls = "eza --icons";
- l = "ls -l";
- ll = "ls -la";
- la = "ls -a";
- less = "bat";
- update = "cd /etc/nixos && nix flake update";
- msh = "f() {mosh $1 zsh};f";
- };
- histSize = 100000;
- histFile = "~/.local/share/zsh/history";
- syntaxHighlighting.enable = true;
- autosuggestions = {
+ programs.zsh =
+ {
enable = true;
- highlightStyle = "fg=#00bbbb,bold";
- };
- shellInit = ''
- zsh-newuser-install () {}
- '';
+ shellAliases = {
+ rm = "trash";
+ ls = "eza --icons";
+ l = "ls -l";
+ ll = "ls -la";
+ la = "ls -a";
+ less = "bat";
+ run0 = "run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE";
+ update = "cd /etc/nixos && nix flake update";
+ switch = "run0 ${switch}";
+ };
+ histSize = 100000;
+ histFile = "~/.local/share/zsh/history";
+ syntaxHighlighting.enable = true;
+ autosuggestions = {
+ enable = true;
+ highlightStyle = "fg=#00bbbb,bold";
+ };
+ shellInit = ''
+ zsh-newuser-install () {}
+ '';
- interactiveShellInit =
- ''
- export MCFLY_KEY_SCHEME=vim
- export MCFLY_FUZZY=2
- export MCFLY_DISABLE_MENU=TRUE
- export MCFLY_RESULTS=30
- export MCFLY_INTERFACE_VIEW=BOTTOM
- export MCFLY_PROMPT="❯"
- # fix for networkctl
- zstyle ':completion:*:complete:networkctl:*' list-grouped true
- source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
- source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
- unsetopt extendedglob
+ interactiveShellInit =
+ ''
+ export MCFLY_KEY_SCHEME=vim
+ export MCFLY_FUZZY=2
+ export MCFLY_DISABLE_MENU=TRUE
+ export MCFLY_RESULTS=30
+ export MCFLY_INTERFACE_VIEW=BOTTOM
+ export MCFLY_PROMPT="❯"
+ # fix for networkctl
+ zstyle ':completion:*:complete:networkctl:*' list-grouped true
+ source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
+ source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
+ unsetopt extendedglob
- function svpn() {
- unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}')
- if [ $(systemctl is-active $unit) = "inactive" ]; then
- systemctl start $unit
- else
- systemctl stop $unit
- fi
- }
+ function svpn() {
+ unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}')
+ if [ $(systemctl is-active $unit) = "inactive" ]; then
+ systemctl start $unit
+ else
+ systemctl stop $unit
+ fi
+ }
- prompt_dir() {
- prompt_segment blue $CURRENT_FG '%c'
- }
+ prompt_dir() {
+ prompt_segment blue $CURRENT_FG '%c'
+ }
- switch() {
- sudo true # ask the password so we can leave during the (sometimes quite long) build process
- OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s)
- ${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH
- sudo ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH
- sudo $OUT_PATH/bin/switch-to-configuration switch
- unlink $OUT_PATH
- }
+ garbage() {
+ ${pkgs.home-manager}/bin/home-manager expire-generations "-0 days"
+ run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE ${garbage}
+ }
- garbage() {
- ${pkgs.home-manager}/bin/home-manager expire-generations "-0 days"
- sudo nix-collect-garbage -d
- echo Cleaning up boot entries...
- sudo /run/current-system/bin/switch-to-configuration boot
- echo Done
- }
-
- sysdiff() {
- echo System package diff:
- ${config.nix.package}/bin/nix store diff-closures $(command ls -d /nix/var/nix/profiles/system-* | tail -2)
- }
- '';
- promptInit =
- ''
- # if [[ "$(hostname)" == "thinkpad" ]]
- # then
- # cat ${../images/cat.sixel}
- # fi
- eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
- eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
- '';
- };
+ sysdiff() {
+ echo System package diff:
+ ${config.nix.package}/bin/nix store diff-closures $(command ls -d /nix/var/nix/profiles/system-* | tail -2)
+ }
+ '';
+ promptInit =
+ ''
+ # if [[ "$(hostname)" == "thinkpad" ]]
+ # then
+ # cat ${../images/cat.sixel}
+ # fi
+ eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
+ eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
+ '';
+ };
}
diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix
index 0c68222..a8cf083 100644
--- a/users/rouven/modules/helix/default.nix
+++ b/users/rouven/modules/helix/default.nix
@@ -6,7 +6,7 @@
rust-analyzer
nil
nixpkgs-fmt
- typst-lsp
+ # typst-lsp
(python3.withPackages (ps: with ps; [
pyls-isort
pylsp-mypy