updates

network: rework wpa supplicant
typst-lsp: remove
2024-11-15 05:13:10 +01:00 · 2024-08-22 11:40:23 +02:00 · 2024-08-22 11:39:42 +02:00 · 2024-08-22 11:36:59 +02:00 · 2024-08-22 11:35:09 +02:00 · 2024-08-22 11:34:46 +02:00
9 changed files with 120 additions and 112 deletions
--- a/flake.lock
+++ b/flake.lock
@ -297,11 +297,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723399884,
-        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
+        "lastModified": 1723986931,
+        "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
+        "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671",
        "type": "github"
      },
      "original": {
@ -332,11 +332,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1719091691,
-        "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
+        "lastModified": 1724146542,
+        "narHash": "sha256-MLxtqDtu+y/4UDhXX5pFypX9/qbH54TDP6Z90oFzd/A=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
+        "rev": "03fe473c731cda2900bae9894b8dfc68e3492db5",
        "type": "github"
      },
      "original": {
@ -445,11 +445,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723352546,
-        "narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=",
+        "lastModified": 1723950649,
+        "narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06",
+        "rev": "392828aafbed62a6ea6ccab13728df2e67481805",
        "type": "github"
      },
      "original": {
@ -519,11 +519,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1723362943,
-        "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
+        "lastModified": 1724224976,
+        "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a58bc8ad779655e790115244571758e8de055e3d",
+        "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62",
        "type": "github"
      },
      "original": {
--- a/hosts/nuc/modules/matrix/default.nix
+++ b/hosts/nuc/modules/matrix/default.nix
@ -19,6 +19,10 @@ in
      file = ../../../../secrets/nuc/matrix/sync.age;
    };
  };
+  nixpkgs.config.permittedInsecurePackages = [
+    "jitsi-meet-1.0.8043"
+    "olm-3.2.16"
+  ];

  services = {
    postgresql = {
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -20,7 +20,6 @@
    "soft-reboot.target"
    "systemd-soft-reboot.service"
  ];
-
  # Use the systemd-boot EFI boot loader.
  boot = {
    kernelModules = [ "v4l2loopback" ];
@ -107,7 +106,7 @@


  services = {
-    # envfs.enable = true; #usr/bin fixes
+    envfs.enable = true; #usr/bin fixes
    blueman.enable = true; # bluetooth
    devmon.enable = true; # automount stuff
    upower.enable = true;
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -36,7 +36,7 @@
      "2620:fe::9"
    ];
    # allow downgrade since fritzbox at home doesn't support it (yet?)
-    dnssec = "allow-downgrade";
+    # dnssec = "allow-downgrade";
  };
  networking = {
    nftables.enable = true;
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
  age.secrets = {
    tud.file = ../../../../secrets/thinkpad/tud.age;
@ -8,15 +8,12 @@
    };
  };
  networking = {
-    supplicant = rec {
-      enp0s31f6 = {
+    supplicant = {
+      "LAN" = {
        userControlled.enable = true;
        driver = "wired";
        configFile.path = config.age.secrets.dyport-auth.path;
      };
-      # ugly way to add more interfaces
-      # "enp0s13f0u2u1" = enp0s31f6;
-      # "enp0s13f0u3u1" = enp0s31f6;
    };
    wireless.networks = {
      eduroam = {
@ -143,5 +140,9 @@
        LockPersonality = true;
      };
    };
+    # fix systemd dependencies for supplicant services
+    "supplicant-lan@" = {
+      wantedBy = lib.mkForce [ ];
+    };
  };
 }
--- a/secrets/thinkpad/agdsn.age
+++ b/secrets/thinkpad/agdsn.age
@ -1,7 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 uWbAHQ XEUSI/RYeut/hSIYv4TB2PBA6VHhaNZdtVr1N1XAvmc
-M47o4tHJG5d62pYYJQDQ8BHUbFWMkePQXOL9oWbXISU
-> ssh-ed25519 EVzt9Q fXvnKAFWGxu11gpi7i30PMXNc7j8FDsPWW8YBsm4xRk
-yYjzx8C649/Oe5TQUP0VFFH2RTQELClIjUhJd+BPxhw
--- aEgkJpsat4NAA+Xv45CLbYsdWQUVJNestqmRXuANayY
-à"À8™yåUTç—fX«ðƒpRz/¥©A‹I&7—Ù¨X<C2A8>–'Þ¥9sÚÃ¨8X¹Â«k"o¯ZÒILhŸ®¢‘tñ
+-> ssh-ed25519 uWbAHQ CYNcEOainhjcR0gW9fxxL+ihROvKf33R1DUSwFJFAic
+RCNur+5AwHEridGGQ4FT+yMCbdp5pzcKFLUUIK1wfiM
+-> ssh-ed25519 EVzt9Q B4ySqjgdMczmNntu41PjCGflCcjc5jiHGLZGCKjgDRc
+NrFUs0fZedEv9ME8U7RM81J2EK5D6zh5Ij40J9lFHCs
+--- k0WJYU3YSywMkgZkb7J662elPiqMOAgm3A9kYbatJBg
+ý‹iČó#š‹/)ŮJóHí	©Ů/V»šE˛”Câ‹ćĂHÂ@éĚé1ÝŢ0őd aZ&
--- a/secrets/thinkpad/wireless.age
+++ b/secrets/thinkpad/wireless.age
@ -1,9 +1,8 @@
 age-encryption.org/v1
-> ssh-ed25519 uWbAHQ OJer2K9rSPiptuu6vDRY6MkDjAcREgAEsHfe0n8/60U
-Iy5Wt1tRvuxa3SmiTFL8JRpSHi/28H6GkY5VaL22mx8
-> ssh-ed25519 EVzt9Q a1jqUct0MJjWkyAIlQ2tNUNYAMxFICKWn4KgBmRFeyA
-b1Rgtbdf/oZxggv0EiB94163+rRSZJ85UYOAVHKg/6A
--- KpZ1Y81pv1927dqkhp0z5KQmQ25wIZ7MAqX3A9AQf4c
-¡N¶9pÜ‘<>EkÚ
-[goül˜¶;Èu5¬dÌù78Å,äqñ9[¿ÖÚœc9ªUŠM}¸ž¹£[qü†Ë&ÌÕ8%–D0“0YÐ<Š`ÀãÛ+»ûNú¤’4]oTÔ¾Ž¸Jd
-H#Á”›om„nÁ±PÍCšK.%8¨«–Igm´Vp¡ýÐÎÇãî±R,÷õ/áëwwŽYu%[kÌ:z×6$ÞÌFåV+æ<>f]OÁGWÊtü—ÿÓ*<2A>2.m¸©zá‡ÞOPg	~>¡úƒ²«½ëˆËNÓ¬–N1™zø*<2A>žH:qÀKr‰ìÒ¶Ó†à¯Œ`ž ²)Æš	…‰Ä=Xc<58>Vu%•rHú ðy·ë¢w“½Ör#wßxà„žÇ]oÇt (´zS`nAÄ%@<40>Fñ[Ÿ<>Šo»QãšÍx‚Déy…pp§	i9¤·lî¼<C3AE>Ó©Qï±|&¬ùþ•3V7Á® ¯bG3Ê¶IS±ø]T‘VXgú6/IÉ@]øë·æ0w›½ð-ÛX?ËZwÈÕ
+-> ssh-ed25519 uWbAHQ muOQ5i0nARsD73P9bhSDgDQexbfFDytBZkFxIuXlW1Y
+jwBHWuamzErrFLTo59gfx0nqEoEtiXDjgp06oP4K+rg
+-> ssh-ed25519 EVzt9Q WZaS+fKkU8h4T99jiG2QTqwpSSjY7PJ8lP0EGzi6+g0
+7L5krKrWu7YWpl8vaHvi7QDAsbQ94hv2/waFPa9//Vk
+--- pP0tP461mvMsDH6yrHjU6Z1BhX2jU6lMGCNF6AZ00uw
+éƒF‘ØTß`î“™‚´ÌIà9;n¸åzå<7A>1¾cq»DüçÝ4 Uî®QÚüþzéœ]ý<ýª•åVs:i?ø-Óõ,t,¹bmÞÀè¥†scZæ.aøtÍe¾$>Í><3E>Ú¼©—›q{ 5ËÒØ £ló—Q´8ä†D¾.zbÜdÇ‰j¿Œ%´£ü|Ãšâªš€£´%–šï9ÒÉ<C392>Ý<EFBFBD>) •¸ÁÇi¿=§ÛTÔ¹ó|Ò°äÃ=@ËTð…/Rîs<C3AE>7Óí$ÃtÚ*ÑÍÍ}Fy!s+Q>r‹‡nìŠ)ãrª}À|gë<67>Ù}!²ÍOVxð6Í>¶fJ@Öþ<C396>èGŠ¸¾<C2B8>_<>ÌÙ÷‹æÝùƒ.À2›ñ^PüQï©
+ŒÓâr9ƒ¹	#OÝZYäà.üÃ÷ÞhzÑ§%%4c;ù#ôã–ŽÂu¿ZæT±õl<C3B5>¡`”³Øõz×•t,Ì*O<>–¡ZÈ¥Ø‚Â
³Š‰=R»ó$é4©AphP!4Â¤?åµ;¡³Ö”8¤äù(æ¬ºR
--- a/shared/zsh.nix
+++ b/shared/zsh.nix
@ -1,4 +1,19 @@
 { pkgs, config, lib, ... }:
+let
+  switch = pkgs.writeShellScript "switch.sh" ''
+    OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s)
+    ${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH
+    ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH
+    $OUT_PATH/bin/switch-to-configuration switch 
+    unlink $OUT_PATH
+  '';
+  garbage = pkgs.writeShellScript "garbage.sh" ''
+    nix-collect-garbage -d
+    echo Cleaning up boot entries...
+    /run/current-system/bin/switch-to-configuration boot
+    echo Done
+  '';
+in
 {
  programs.command-not-found.enable = false;
  programs.nix-index-database.comma.enable = true;
@ -15,7 +30,8 @@
  programs.fzf = {
    keybindings = true;
  };
-  programs.zsh = {
+  programs.zsh =
+    {
      enable = true;
      shellAliases = {
        rm = "trash";
@ -24,8 +40,9 @@
        ll = "ls -la";
        la = "ls -a";
        less = "bat";
+        run0 = "run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE";
        update = "cd /etc/nixos && nix flake update";
-      msh = "f() {mosh $1 zsh};f";
+        switch = "run0 ${switch}";
      };
      histSize = 100000;
      histFile = "~/.local/share/zsh/history";
@ -66,21 +83,9 @@
              prompt_segment blue $CURRENT_FG '%c'
          }

-        switch() {
-          sudo true # ask the password so we can leave during the (sometimes quite long) build process
-          OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s)
-          ${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH
-          sudo ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH
-          sudo $OUT_PATH/bin/switch-to-configuration switch 
-          unlink $OUT_PATH
-        }
-
          garbage() {
            ${pkgs.home-manager}/bin/home-manager expire-generations "-0 days"
-          sudo nix-collect-garbage -d
-          echo Cleaning up boot entries...
-          sudo /run/current-system/bin/switch-to-configuration boot
-          echo Done
+            run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE ${garbage}
          }

          sysdiff() {
--- a/users/rouven/modules/helix/default.nix
+++ b/users/rouven/modules/helix/default.nix
@ -6,7 +6,7 @@
    rust-analyzer
    nil
    nixpkgs-fmt
-    typst-lsp
+    # typst-lsp
    (python3.withPackages (ps: with ps; [
      pyls-isort
      pylsp-mypy
Author	SHA1	Message	Date
Rouven Seifert	83b95d3e72	updates	2024-08-22 11:40:23 +02:00
Rouven Seifert	076a7cacfe	network: rework wpa supplicant	2024-08-22 11:39:42 +02:00
Rouven Seifert	f8561e3246	typst-lsp: remove broken	2024-08-22 11:36:59 +02:00
Rouven Seifert	a9d36b3b10	matrix: allow insecure packages	2024-08-22 11:35:09 +02:00
Rouven Seifert	56d2c495c6	rotate secrets	2024-08-22 11:34:46 +02:00