flake.lock

@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1723293904,
+        "lastModified": 1722339003,
-        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+        "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+        "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
         "type": "github"
       },
       "original": {
@@ -32,7 +32,9 @@
         "flake-parts": "flake-parts",
         "flake-utils": "flake-utils",
         "napalm": "napalm",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
         "poetry2nix": "poetry2nix"
       },
       "locked": {
@@ -297,11 +299,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723399884,
+        "lastModified": 1723015306,
-        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
+        "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
+        "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e",
         "type": "github"
       },
       "original": {
@@ -445,11 +447,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723352546,
+        "lastModified": 1722740924,
-        "narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=",
+        "narHash": "sha256-UQPgA5d8azLZuDHZMPmvDszhuKF1Ek89SrTRtqsQ4Ss=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06",
+        "rev": "97ca0a0fca0391de835f57e44f369a283e37890f",
         "type": "github"
       },
       "original": {
@@ -460,18 +462,17 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1720542800,
+        "lastModified": 1722813957,
-        "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=",
+        "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "feb2849fdeb70028c70d73b848214b00d324a497",
+        "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
         "type": "github"
       },
       "original": {
-        "owner": "NixOS",
+        "id": "nixpkgs",
         "ref": "nixos-unstable",
-        "repo": "nixpkgs",
+        "type": "indirect"
-        "type": "github"
       }
     },
     "nixpkgs-lib": {
@@ -517,21 +518,6 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1723362943,
-        "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a58bc8ad779655e790115244571758e8de055e3d",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-unstable",
-        "type": "indirect"
-      }
-    },
     "pfersel": {
       "inputs": {
         "nixpkgs": [
@@ -637,7 +623,7 @@
         "lanzaboote": "lanzaboote",
         "nix-colors": "nix-colors",
         "nix-index-database": "nix-index-database",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
         "pfersel": "pfersel",
         "purge": "purge",
         "trucksimulatorbot": "trucksimulatorbot"

flake.nix

@@ -27,7 +27,7 @@
     nix-colors.url = "github:Misterio77/nix-colors";
     authentik = {
       url = "github:nix-community/authentik-nix";
-      # inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs";
     };
 
     purge = {

hosts/nuc/default.nix

@@ -12,6 +12,7 @@
       ./modules/matrix
       ./modules/mautrix-telegram
       ./modules/monitoring
+      ./modules/seafile
       ./modules/torrent
       ./modules/vaultwarden
       ./modules/caddy

hosts/nuc/modules/seafile/default.nix

@@ -0,0 +1,46 @@
+{ config, pkgs, ... }:
+let
+  domain = "seafile.${config.networking.domain}";
+in
+{
+  services.seafile = {
+    enable = true;
+    adminEmail = "admin@rfive.de";
+    initialAdminPassword = "unused garbage";
+    ccnetSettings.General.SERVICE_URL = "https://${domain}";
+    ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
+    seafileSettings.fileserver.port = 8083;
+    seahubExtraConf = ''
+      ENABLE_OAUTH = True
+      OAUTH_ENABLE_INSECURE_TRANSPORT = True
+
+      OAUTH_CLIENT_ID = "seafile"
+      with open('/var/lib/seafile/.oidcSecret') as f:
+        OAUTH_CLIENT_SECRET = f.readline().rstrip()
+      OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
+ 
+      OAUTH_PROVIDER_DOMAIN   = 'seafile.rfive.de'
+      OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/application/o/authorize/'
+      OAUTH_TOKEN_URL         = 'https://auth.rfive.de/application/o/token/'
+      OAUTH_USER_INFO_URL     = 'https://auth.rfive.de/application/o/userinfo/'
+      OAUTH_SCOPE = [ "openid", "profile", "email"]
+      OAUTH_ATTRIBUTE_MAP = {
+          "id":    (False, "not used"),
+          "name":  (False, "full name"),
+          "email": (True, "email"),
+      }
+    '';
+  };
+  services.caddy.virtualHosts."${domain}".extraConfig = ''
+    redir /accounts/login /oauth/login
+    reverse_proxy unix//run/seahub/gunicorn.sock
+    route /media/* {
+      root * ${pkgs.seahub}
+    }
+
+    route /seafhttp/* {
+      uri strip_prefix /seafhttp
+      reverse_proxy 127.0.0.1:${toString config.services.seafile.seafileSettings.fileserver.port}
+    }
+  '';
+}

hosts/thinkpad/default.nix

@@ -107,7 +107,6 @@
 
 
   services = {
-    # envfs.enable = true; #usr/bin fixes
     blueman.enable = true; # bluetooth
     devmon.enable = true; # automount stuff
     upower.enable = true;

hosts/thinkpad/modules/graphics/default.nix

@@ -37,7 +37,7 @@
         colors.base07
       ];
   };
-  hardware.graphics.extraPackages = with pkgs; [
+  hardware.opengl.extraPackages = with pkgs; [
     intel-compute-runtime
     intel-media-driver
   ];

hosts/thinkpad/modules/networks/default.nix

@@ -66,10 +66,6 @@
           authProtocols = [ "SAE" ];
           extraConfig = "disabled=1";
         };
-        "LKG-Gast" = {
-          psk = "@LKGDD_GUEST_PSK@";
-          authProtocols = [ "WPA-PSK" ];
-        };
         "@PIXEL_SSID@" = {
           psk = "@PIXEL_PSK@";
           authProtocols = [ "WPA-PSK" ];

hosts/thinkpad/modules/networks/uni.nix

@@ -15,8 +15,7 @@
         configFile.path = config.age.secrets.dyport-auth.path;
       };
       # ugly way to add more interfaces
-      # "enp0s13f0u2u1" = enp0s31f6;
+      "enp0s13f0u2u1" = enp0s31f6;
-      # "enp0s13f0u3u1" = enp0s31f6;
     };
     wireless.networks = {
       eduroam = {
@@ -60,7 +59,6 @@
           password="@AGDSN_AUTH@"
           phase2="auth=PAP"
         '';
-        extraConfig = "disabled=1";
         authProtocols = [ "WPA-EAP" ];
       };
       agdsn_fritzbox = {
@@ -107,17 +105,6 @@
           compression = "stateless";
         };
       };
-      iFSR = {
-        protocol = "anyconnect";
-        gateway = "vpn2.zih.tu-dresden.de";
-        user = "rose159e@apb-ifsr-vpn";
-        passwordFile = config.age.secrets.tud.path;
-        autoStart = false;
-        extraOptions = {
-          authgroup = "A-Tunnel-TU-Networks";
-          compression = "stateless";
-        };
-      };
     };
   };
   systemd.services = {

hosts/thinkpad/modules/printing/default.nix

@@ -1,10 +1,10 @@
 { pkgs, ... }:
 {
   # environment.systemPackages = with pkgs; [ cups ];
-  # services.avahi = {
+  services.avahi = {
-  #   enable = true;
+    enable = true;
-  #   nssmdns4 = true;
+    nssmdns4 = true;
-  # };
+  };
   services.printing = {
     enable = true;
     stateless = true;

hosts/thinkpad/modules/security/default.nix

@@ -45,9 +45,9 @@
     };
   };
   # broken again
-  services = {
+  # services = {
-    fprintd.enable = true; # log in using fingerprint
+  #   fprintd.enable = true; # log in using fingerprint
-  };
+  # };
   environment.systemPackages = with pkgs; [
     agenix.packages.x86_64-linux.default
     tpm2-tools

hosts/thinkpad/modules/virtualisation/default.nix

@@ -1,10 +1,10 @@
 { pkgs, ... }:
 {
   virtualisation = {
-    # podman = {
+    podman = {
-    #   enable = true;
+      enable = true;
-    #   defaultNetwork.settings.dns_enabled = true;
+      defaultNetwork.settings.dns_enabled = true;
-    # };
+    };
     libvirtd = {
       enable = true;
       qemu = {

overlays/default.nix

@@ -2,6 +2,9 @@ _final: prev:
 let
   inherit (prev) callPackage;
   inherit (prev) fetchFromGitHub;
+  inherit (prev) fetchPypi;
+  inherit (prev) makeWrapper;
+  inherit (prev) python3Packages;
 in
 {
 
@@ -33,4 +36,80 @@ in
   gnome-break-timer = callPackage ../pkgs/gnome-break-timer { };
   jmri = callPackage ../pkgs/jmri { };
   adguardian-term = callPackage ../pkgs/adguardian-term { };
+
+  # upstream package is broken and can't be fixed by overriding attrs. so I just completely redo it in here
+  seahub = (python3Packages.buildPythonApplication rec {
+    pname = "seahub";
+    version = "11.0.1";
+    format = "other";
+    src = fetchFromGitHub {
+      owner = "haiwen";
+      repo = "seahub";
+      rev = "v11.0.1-pro";
+      sha256 = "sha256-dxMvbiAdECMZIf+HgA5P2gZYI9l+k+nhmdzfg90037A=";
+    };
+
+
+    dontBuild = true;
+
+    doCheck = false; # disabled because it requires a ccnet environment
+
+    nativeBuildInputs = [
+      makeWrapper
+    ];
+
+    propagatedBuildInputs = with python3Packages; [
+      django
+      future
+      django-compressor
+      django-statici18n
+      django-webpack-loader
+      django-simple-captcha
+      django-picklefield
+      django-formtools
+      mysqlclient
+      pillow
+      python-dateutil
+      djangorestframework
+      openpyxl
+      requests
+      requests-oauthlib
+      chardet
+      pyjwt
+      pycryptodome
+      qrcode
+      pysearpc
+      seaserv
+      gunicorn
+      markdown
+      bleach
+      # python-ldap
+      pyopenssl
+      (buildPythonPackage rec {
+        pname = "djangosaml2";
+        version = "1.7.0";
+        doCheck = false;
+        propagatedBuildInputs = [
+          pysaml2
+          django
+          defusedxml
+        ];
+        src = fetchPypi {
+          inherit pname version;
+          sha256 = "sha256-WiMl2UvbOskLA5o5LXPrBF2VktlDnlBNdc42eZ62Fko=";
+        };
+      })
+    ];
+
+    installPhase = ''
+      cp -dr --no-preserve='ownership' . $out/
+      wrapProgram $out/manage.py \
+        --prefix PYTHONPATH : "$PYTHONPATH:$out/thirdpart:"
+    '';
+
+    passthru = rec {
+      python = prev.python3;
+      pythonPath = python.pkgs.makePythonPath propagatedBuildInputs;
+    };
+  });
 }

pkgs/adguardian-term/default.nix

@@ -9,7 +9,7 @@ rustPlatform.buildRustPackage rec {
     rev = version;
     hash = "sha256-r7dh31fZgcUBffzwoBqIoV9XhZOjJRb9aWZUuuiz7y8=";
   };
-  cargoHash = "sha256-GB3CQ9VPBkKbT5Edq/jJlGEkVGICWSQloIt+nkHRDJU=";
+  cargoSha256 = "sha256-GB3CQ9VPBkKbT5Edq/jJlGEkVGICWSQloIt+nkHRDJU=";
 
   meta = with lib; {
     description = "Terminal-based, real-time traffic monitoring and statistics for your AdGuard Home instance  Resources";

pkgs/ianny/default.nix

@@ -1,4 +1,4 @@
-{ rustPlatform, fetchFromGitHub, lib, ninja, dbus, pkg-config }:
+{ rustPlatform, fetchFromGitHub, lib, ninja, dbus, pkg-config, gettext }:
 rustPlatform.buildRustPackage rec {
   pname = "ianny";
   version = "unstable-2023-12-16";
@@ -8,7 +8,7 @@ rustPlatform.buildRustPackage rec {
     rev = "370bea372c35610e65426f5a1c45db99584dfb9a";
     hash = "sha256-oWwRCQSP0g6IJh3cEgD32AIBF/pfN9QGJ9LANjCthMw=";
   };
-  cargoHash = "sha256-5/Sb2ds+xfcYFqTF3RObPScDzK4FdBNk8T1Z5YcQgCM=";
+  cargoSha256 = "sha256-5/Sb2ds+xfcYFqTF3RObPScDzK4FdBNk8T1Z5YcQgCM=";
   buildInputs = [
     dbus
     ninja

users/rouven/fixes.nix

@@ -1,5 +1,6 @@
 { pkgs, lib, ... }:
 {
+
   # fixes qt and themes
   environment.variables = {
     "QT_STYLE_OVERRIDE" = lib.mkForce "kvantum";
@@ -8,10 +9,10 @@
     "GTK_THEME" = "Dracula";
   };
   # open ports for kde connect
-  # networking.firewall = rec {
+  networking.firewall = rec {
-  #   allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
+    allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
-  #   allowedUDPPortRanges = allowedTCPPortRanges;
+    allowedUDPPortRanges = allowedTCPPortRanges;
-  # };
+  };
   # enable xdg portals for sway
   xdg.portal = {
     enable = true;
@@ -36,7 +37,24 @@
   # home manager needs dconf
   programs.dconf.enable = true;
   # fixes pam entries for swaylock
-  security.pam.services.swaylock = { };
+  # auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
+  security.pam.services.swaylock.text = ''
+    # Account management.
+    account required pam_unix.so
+
+    # Authentication management.
+
+    auth sufficient pam_unix.so nullok likeauth try_first_pass
+    auth sufficient ${pkgs.pam_u2f}/lib/security/pam_u2f.so
+    auth required pam_deny.so
+
+    # Password management.
+    password sufficient pam_unix.so nullok sha512
+
+    # Session management.
+    session required pam_env.so conffile=/etc/pam/environment readenv=0
+    session required pam_unix.so
+  '';
   # global wrapper for ausweisapp
   programs.ausweisapp = {
     enable = true;
@@ -46,5 +64,5 @@
   programs.steam.enable = true;
 
   # enable java black magic 
-  # programs.java.enable = true;
+  programs.java.enable = true;
 }

users/rouven/modules/packages.nix

@@ -11,6 +11,7 @@
     pcmanfm
     xdg-utils # used for xdg-open
     appimage-run
+    seafile-client
 
     # graphics
     (zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; })
@@ -49,7 +50,6 @@
     hut
     wine
     ansible
-    ansible-lint
 
     # programming languages
     cargo

users/rouven/modules/ssh/default.nix

@@ -11,7 +11,7 @@ in
     controlPersist = "10m";
     extraConfig = ''
       CanonicalizeHostname yes
-      CanonicalDomains agdsn.network vpn.rfive.de net.tu-dresden.de
+      CanonicalDomains agdsn.network vpn.rfive.de
       PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so
       IdentityFile ~/.ssh/id_ed25519
       SetEnv TERM=xterm-256color