Compare commits

...

5 commits

Author SHA1 Message Date
Rouven Seifert 83b95d3e72 updates 2024-08-22 11:40:23 +02:00
Rouven Seifert 076a7cacfe network: rework wpa supplicant 2024-08-22 11:39:42 +02:00
Rouven Seifert f8561e3246 typst-lsp: remove
broken
2024-08-22 11:36:59 +02:00
Rouven Seifert a9d36b3b10 matrix: allow insecure packages 2024-08-22 11:35:09 +02:00
Rouven Seifert 56d2c495c6 rotate secrets 2024-08-22 11:34:46 +02:00
9 changed files with 120 additions and 112 deletions

View file

@ -297,11 +297,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723399884, "lastModified": 1723986931,
"narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=", "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "086f619dd991a4d355c07837448244029fc2d9ab", "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -332,11 +332,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1719091691, "lastModified": 1724146542,
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=", "narHash": "sha256-MLxtqDtu+y/4UDhXX5pFypX9/qbH54TDP6Z90oFzd/A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a", "rev": "03fe473c731cda2900bae9894b8dfc68e3492db5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -445,11 +445,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723352546, "lastModified": 1723950649,
"narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=", "narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06", "rev": "392828aafbed62a6ea6ccab13728df2e67481805",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -519,11 +519,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1723362943, "lastModified": 1724224976,
"narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=", "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a58bc8ad779655e790115244571758e8de055e3d", "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -19,6 +19,10 @@ in
file = ../../../../secrets/nuc/matrix/sync.age; file = ../../../../secrets/nuc/matrix/sync.age;
}; };
}; };
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
services = { services = {
postgresql = { postgresql = {

View file

@ -20,7 +20,6 @@
"soft-reboot.target" "soft-reboot.target"
"systemd-soft-reboot.service" "systemd-soft-reboot.service"
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot = { boot = {
kernelModules = [ "v4l2loopback" ]; kernelModules = [ "v4l2loopback" ];
@ -107,7 +106,7 @@
services = { services = {
# envfs.enable = true; #usr/bin fixes envfs.enable = true; #usr/bin fixes
blueman.enable = true; # bluetooth blueman.enable = true; # bluetooth
devmon.enable = true; # automount stuff devmon.enable = true; # automount stuff
upower.enable = true; upower.enable = true;

View file

@ -36,7 +36,7 @@
"2620:fe::9" "2620:fe::9"
]; ];
# allow downgrade since fritzbox at home doesn't support it (yet?) # allow downgrade since fritzbox at home doesn't support it (yet?)
dnssec = "allow-downgrade"; # dnssec = "allow-downgrade";
}; };
networking = { networking = {
nftables.enable = true; nftables.enable = true;

View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
{ {
age.secrets = { age.secrets = {
tud.file = ../../../../secrets/thinkpad/tud.age; tud.file = ../../../../secrets/thinkpad/tud.age;
@ -8,15 +8,12 @@
}; };
}; };
networking = { networking = {
supplicant = rec { supplicant = {
enp0s31f6 = { "LAN" = {
userControlled.enable = true; userControlled.enable = true;
driver = "wired"; driver = "wired";
configFile.path = config.age.secrets.dyport-auth.path; configFile.path = config.age.secrets.dyport-auth.path;
}; };
# ugly way to add more interfaces
# "enp0s13f0u2u1" = enp0s31f6;
# "enp0s13f0u3u1" = enp0s31f6;
}; };
wireless.networks = { wireless.networks = {
eduroam = { eduroam = {
@ -143,5 +140,9 @@
LockPersonality = true; LockPersonality = true;
}; };
}; };
# fix systemd dependencies for supplicant services
"supplicant-lan@" = {
wantedBy = lib.mkForce [ ];
};
}; };
} }

View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 uWbAHQ XEUSI/RYeut/hSIYv4TB2PBA6VHhaNZdtVr1N1XAvmc -> ssh-ed25519 uWbAHQ CYNcEOainhjcR0gW9fxxL+ihROvKf33R1DUSwFJFAic
M47o4tHJG5d62pYYJQDQ8BHUbFWMkePQXOL9oWbXISU RCNur+5AwHEridGGQ4FT+yMCbdp5pzcKFLUUIK1wfiM
-> ssh-ed25519 EVzt9Q fXvnKAFWGxu11gpi7i30PMXNc7j8FDsPWW8YBsm4xRk -> ssh-ed25519 EVzt9Q B4ySqjgdMczmNntu41PjCGflCcjc5jiHGLZGCKjgDRc
yYjzx8C649/Oe5TQUP0VFFH2RTQELClIjUhJd+BPxhw NrFUs0fZedEv9ME8U7RM81J2EK5D6zh5Ij40J9lFHCs
--- aEgkJpsat4NAA+Xv45CLbYsdWQUVJNestqmRXuANayY --- k0WJYU3YSywMkgZkb7J662elPiqMOAgm3A9kYbatJBg
à"À8™yåU —fX«ðƒpRz/¥©AI&7—Ù¨X<C2A8>'Þ¥9sÚè8X¹Â« k"o¯ZÒILhŸ®¢ ýiČó#š‹/)ŮJó ©Ů/V»šE˛”CâćĂHÂ@éĚé1 ÝŢ0őd aZ&

View file

@ -1,9 +1,8 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 uWbAHQ OJer2K9rSPiptuu6vDRY6MkDjAcREgAEsHfe0n8/60U -> ssh-ed25519 uWbAHQ muOQ5i0nARsD73P9bhSDgDQexbfFDytBZkFxIuXlW1Y
Iy5Wt1tRvuxa3SmiTFL8JRpSHi/28H6GkY5VaL22mx8 jwBHWuamzErrFLTo59gfx0nqEoEtiXDjgp06oP4K+rg
-> ssh-ed25519 EVzt9Q a1jqUct0MJjWkyAIlQ2tNUNYAMxFICKWn4KgBmRFeyA -> ssh-ed25519 EVzt9Q WZaS+fKkU8h4T99jiG2QTqwpSSjY7PJ8lP0EGzi6+g0
b1Rgtbdf/oZxggv0EiB94163+rRSZJ85UYOAVHKg/6A 7L5krKrWu7YWpl8vaHvi7QDAsbQ94hv2/waFPa9//Vk
--- KpZ1Y81pv1927dqkhp0z5KQmQ25wIZ7MAqX3A9AQf4c --- pP0tP461mvMsDH6yrHjU6Z1BhX2jU6lMGCNF6AZ00uw
¡N¶9pÜ<>EkÚ éƒFØTß`î“™´ÌIà9;n¸åzå<7A>1­¾cq»DüçÝ4 Uî®QÚüþzéœ]ý<ýª•åVs:i?ø-Óõ,t,¹bmÞÀ襆scZæ.aøtÍe¾$> Í><3E>Ú¼©—q{ 5ËÒØ £ló—Q´8ä† D¾.zbÜdljj¿Œ%­´£ü|Ú⪚€£´%š­ï9ÒÉ<C392>Ý<EFBFBD>) •¸ÁÇi¿=§ÛT Ô¹ó|Ò°äÃ=@ËTð…/Rîs<C3AE>7Óí$ÃtÚ*ÑÍÍ}Fy!s+Q>r‡nìŠ)ãrª}À|gë<67>Ù}!²ÍOVxð6Í>¶fJ@Öþ<C396>èGŠ¸¾<C2B8>_<>ÌÙ÷æÝùƒ.À2ñ^PüQï©
[goül˜¶;Èu5¬dÌù78Å,äqñ9[¿ÖÚœ c9ªUŠM}¸ž¹£[qü†Ë&ÌÕ8%D0“0YÐ<Š`ÀãÛ+»ûNú¤4]oTÔ¾Ž¸Jd ŒÓâr9ƒ¹ #OÝZYäà.üÃ÷Þhzѧ%%4c;ù#ôã–ŽÂu¿ZæT±õl<C3B5>¡`”³Øõz×t,Ì* O<>¡Zȥؠ³Š‰=R»ó$é4 ©AphP!4¤?åµ;¡³Ö”8¤äù (欺R
H#Á”om„n Á±PÍCšK.%8¨«Igm´Vp¡ýÐÎÇãî±R,÷õ/áëwwŽYu%[kÌ:z×6­ FåV+æ<>f]OÁGWÊtü—ÿÓ*<2A>2.m¸©zá‡ÞOPg ~>¡úƒ²«½ëˆËNÓ¬N1™zø*<2A>žH:qÀKr‰ìҶӆௌ`ž ²)Æš …‰Ä= Xc<58>Vu%•rHú ðy·ë¢w“½Ör#wßxà„žÇ]oÇt (´zS`nAÄ%@<40>Fñ[Ÿ<>Šo»QãšÍxDéy…pp§ i9¤·lî¼<C3AE>Ó©Qï±|&¬ùþ•3 V7Á® ¯bG3ʶIS±ø]TVXgú6/IÉ@]øë·æ0w½ðX?ËZwÈÕ

View file

@ -1,4 +1,19 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let
switch = pkgs.writeShellScript "switch.sh" ''
OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s)
${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH
${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH
$OUT_PATH/bin/switch-to-configuration switch
unlink $OUT_PATH
'';
garbage = pkgs.writeShellScript "garbage.sh" ''
nix-collect-garbage -d
echo Cleaning up boot entries...
/run/current-system/bin/switch-to-configuration boot
echo Done
'';
in
{ {
programs.command-not-found.enable = false; programs.command-not-found.enable = false;
programs.nix-index-database.comma.enable = true; programs.nix-index-database.comma.enable = true;
@ -15,88 +30,78 @@
programs.fzf = { programs.fzf = {
keybindings = true; keybindings = true;
}; };
programs.zsh = { programs.zsh =
enable = true; {
shellAliases = {
rm = "trash";
ls = "eza --icons";
l = "ls -l";
ll = "ls -la";
la = "ls -a";
less = "bat";
update = "cd /etc/nixos && nix flake update";
msh = "f() {mosh $1 zsh};f";
};
histSize = 100000;
histFile = "~/.local/share/zsh/history";
syntaxHighlighting.enable = true;
autosuggestions = {
enable = true; enable = true;
highlightStyle = "fg=#00bbbb,bold"; shellAliases = {
rm = "trash";
ls = "eza --icons";
l = "ls -l";
ll = "ls -la";
la = "ls -a";
less = "bat";
run0 = "run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE";
update = "cd /etc/nixos && nix flake update";
switch = "run0 ${switch}";
};
histSize = 100000;
histFile = "~/.local/share/zsh/history";
syntaxHighlighting.enable = true;
autosuggestions = {
enable = true;
highlightStyle = "fg=#00bbbb,bold";
};
shellInit = ''
zsh-newuser-install () {}
'';
interactiveShellInit =
''
export MCFLY_KEY_SCHEME=vim
export MCFLY_FUZZY=2
export MCFLY_DISABLE_MENU=TRUE
export MCFLY_RESULTS=30
export MCFLY_INTERFACE_VIEW=BOTTOM
export MCFLY_PROMPT=""
# fix for networkctl
zstyle ':completion:*:complete:networkctl:*' list-grouped true
source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
unsetopt extendedglob
function svpn() {
unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}')
if [ $(systemctl is-active $unit) = "inactive" ]; then
systemctl start $unit
else
systemctl stop $unit
fi
}
prompt_dir() {
prompt_segment blue $CURRENT_FG '%c'
}
garbage() {
${pkgs.home-manager}/bin/home-manager expire-generations "-0 days"
run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE ${garbage}
}
sysdiff() {
echo System package diff:
${config.nix.package}/bin/nix store diff-closures $(command ls -d /nix/var/nix/profiles/system-* | tail -2)
}
'';
promptInit =
''
# if [[ "$(hostname)" == "thinkpad" ]]
# then
# cat ${../images/cat.sixel}
# fi
eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
'';
}; };
shellInit = ''
zsh-newuser-install () {}
'';
interactiveShellInit =
''
export MCFLY_KEY_SCHEME=vim
export MCFLY_FUZZY=2
export MCFLY_DISABLE_MENU=TRUE
export MCFLY_RESULTS=30
export MCFLY_INTERFACE_VIEW=BOTTOM
export MCFLY_PROMPT=""
# fix for networkctl
zstyle ':completion:*:complete:networkctl:*' list-grouped true
source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc
source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh
unsetopt extendedglob
function svpn() {
unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}')
if [ $(systemctl is-active $unit) = "inactive" ]; then
systemctl start $unit
else
systemctl stop $unit
fi
}
prompt_dir() {
prompt_segment blue $CURRENT_FG '%c'
}
switch() {
sudo true # ask the password so we can leave during the (sometimes quite long) build process
OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s)
${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH
sudo ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH
sudo $OUT_PATH/bin/switch-to-configuration switch
unlink $OUT_PATH
}
garbage() {
${pkgs.home-manager}/bin/home-manager expire-generations "-0 days"
sudo nix-collect-garbage -d
echo Cleaning up boot entries...
sudo /run/current-system/bin/switch-to-configuration boot
echo Done
}
sysdiff() {
echo System package diff:
${config.nix.package}/bin/nix store diff-closures $(command ls -d /nix/var/nix/profiles/system-* | tail -2)
}
'';
promptInit =
''
# if [[ "$(hostname)" == "thinkpad" ]]
# then
# cat ${../images/cat.sixel}
# fi
eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
'';
};
} }

View file

@ -6,7 +6,7 @@
rust-analyzer rust-analyzer
nil nil
nixpkgs-fmt nixpkgs-fmt
typst-lsp # typst-lsp
(python3.withPackages (ps: with ps; [ (python3.withPackages (ps: with ps; [
pyls-isort pyls-isort
pylsp-mypy pylsp-mypy