diff --git a/flake.lock b/flake.lock index 21690fc..18e7d61 100644 --- a/flake.lock +++ b/flake.lock @@ -297,11 +297,11 @@ ] }, "locked": { - "lastModified": 1723986931, - "narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=", + "lastModified": 1723399884, + "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=", "owner": "nix-community", "repo": "home-manager", - "rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671", + "rev": "086f619dd991a4d355c07837448244029fc2d9ab", "type": "github" }, "original": { @@ -332,11 +332,11 @@ }, "impermanence": { "locked": { - "lastModified": 1724146542, - "narHash": "sha256-MLxtqDtu+y/4UDhXX5pFypX9/qbH54TDP6Z90oFzd/A=", + "lastModified": 1719091691, + "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=", "owner": "nix-community", "repo": "impermanence", - "rev": "03fe473c731cda2900bae9894b8dfc68e3492db5", + "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a", "type": "github" }, "original": { @@ -445,11 +445,11 @@ ] }, "locked": { - "lastModified": 1723950649, - "narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=", + "lastModified": 1723352546, + "narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "392828aafbed62a6ea6ccab13728df2e67481805", + "rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06", "type": "github" }, "original": { @@ -519,11 +519,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1723362943, + "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "a58bc8ad779655e790115244571758e8de055e3d", "type": "github" }, "original": { diff --git a/hosts/nuc/modules/matrix/default.nix b/hosts/nuc/modules/matrix/default.nix index d46c038..161c056 100644 --- a/hosts/nuc/modules/matrix/default.nix +++ b/hosts/nuc/modules/matrix/default.nix @@ -19,10 +19,6 @@ in file = ../../../../secrets/nuc/matrix/sync.age; }; }; - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - "olm-3.2.16" - ]; services = { postgresql = { diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index c9bee3f..759bb3c 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -20,6 +20,7 @@ "soft-reboot.target" "systemd-soft-reboot.service" ]; + # Use the systemd-boot EFI boot loader. boot = { kernelModules = [ "v4l2loopback" ]; @@ -106,7 +107,7 @@ services = { - envfs.enable = true; #usr/bin fixes + # envfs.enable = true; #usr/bin fixes blueman.enable = true; # bluetooth devmon.enable = true; # automount stuff upower.enable = true; diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index b46ab04..98541a0 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -36,7 +36,7 @@ "2620:fe::9" ]; # allow downgrade since fritzbox at home doesn't support it (yet?) - # dnssec = "allow-downgrade"; + dnssec = "allow-downgrade"; }; networking = { nftables.enable = true; diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 67ad168..74374dd 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: { age.secrets = { tud.file = ../../../../secrets/thinkpad/tud.age; @@ -8,12 +8,15 @@ }; }; networking = { - supplicant = { - "LAN" = { + supplicant = rec { + enp0s31f6 = { userControlled.enable = true; driver = "wired"; configFile.path = config.age.secrets.dyport-auth.path; }; + # ugly way to add more interfaces + # "enp0s13f0u2u1" = enp0s31f6; + # "enp0s13f0u3u1" = enp0s31f6; }; wireless.networks = { eduroam = { @@ -140,9 +143,5 @@ LockPersonality = true; }; }; - # fix systemd dependencies for supplicant services - "supplicant-lan@" = { - wantedBy = lib.mkForce [ ]; - }; }; } diff --git a/secrets/thinkpad/agdsn.age b/secrets/thinkpad/agdsn.age index c889e19..a48d392 100644 --- a/secrets/thinkpad/agdsn.age +++ b/secrets/thinkpad/agdsn.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 uWbAHQ CYNcEOainhjcR0gW9fxxL+ihROvKf33R1DUSwFJFAic -RCNur+5AwHEridGGQ4FT+yMCbdp5pzcKFLUUIK1wfiM --> ssh-ed25519 EVzt9Q B4ySqjgdMczmNntu41PjCGflCcjc5jiHGLZGCKjgDRc -NrFUs0fZedEv9ME8U7RM81J2EK5D6zh5Ij40J9lFHCs ---- k0WJYU3YSywMkgZkb7J662elPiqMOAgm3A9kYbatJBg -i#/)JH /VECH@1 0daZ& \ No newline at end of file +-> ssh-ed25519 uWbAHQ XEUSI/RYeut/hSIYv4TB2PBA6VHhaNZdtVr1N1XAvmc +M47o4tHJG5d62pYYJQDQ8BHUbFWMkePQXOL9oWbXISU +-> ssh-ed25519 EVzt9Q fXvnKAFWGxu11gpi7i30PMXNc7j8FDsPWW8YBsm4xRk +yYjzx8C649/Oe5TQUP0VFFH2RTQELClIjUhJd+BPxhw +--- aEgkJpsat4NAA+Xv45CLbYsdWQUVJNestqmRXuANayY +"8yUT fXpRz/AI&7٨X'ޥ9sè8X« k"oZILht \ No newline at end of file diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age index 6af948e..14524a5 100644 --- a/secrets/thinkpad/wireless.age +++ b/secrets/thinkpad/wireless.age @@ -1,8 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 uWbAHQ muOQ5i0nARsD73P9bhSDgDQexbfFDytBZkFxIuXlW1Y -jwBHWuamzErrFLTo59gfx0nqEoEtiXDjgp06oP4K+rg --> ssh-ed25519 EVzt9Q WZaS+fKkU8h4T99jiG2QTqwpSSjY7PJ8lP0EGzi6+g0 -7L5krKrWu7YWpl8vaHvi7QDAsbQ94hv2/waFPa9//Vk ---- pP0tP461mvMsDH6yrHjU6Z1BhX2jU6lMGCNF6AZ00uw -FT`I9;nz1cqD4 UQz] >ڼq{5ؠlQ8 D.zbdljj%|⪚%9ɏݝ) i=T Թ|Ұ=@T/Rs7$t*}Fy!s+Q>rn)r}|g}!OVx6>fJ@G_.2^PQ -r9 #OZY.hzѧ%%4c;#㖎uZTl`zוt,* OZȥ؂ =R$4 AphP!4?;֔8 (欺R \ No newline at end of file +-> ssh-ed25519 uWbAHQ OJer2K9rSPiptuu6vDRY6MkDjAcREgAEsHfe0n8/60U +Iy5Wt1tRvuxa3SmiTFL8JRpSHi/28H6GkY5VaL22mx8 +-> ssh-ed25519 EVzt9Q a1jqUct0MJjWkyAIlQ2tNUNYAMxFICKWn4KgBmRFeyA +b1Rgtbdf/oZxggv0EiB94163+rRSZJ85UYOAVHKg/6A +--- KpZ1Y81pv1927dqkhp0z5KQmQ25wIZ7MAqX3A9AQf4c +N9pEk +[gol;u5d78,q9[ڜ c9UM}[q&8%D00Y<`+N4]oTԾJd +H#omn PCK.%8IgmVpR,/wwYu%[k:z6$  FV+f]OGWt*2.mzOPg ~>NӬN1z*H:qKrӆௌ`)ƚ = XcVu%rH ywr#wx]ot(zS`nA%@F[oQxDypp i9lQ|&3 V7 bG3ʶIS]TVXg6/I@]0w-X?Zw \ No newline at end of file diff --git a/shared/zsh.nix b/shared/zsh.nix index 38508fa..69530b7 100644 --- a/shared/zsh.nix +++ b/shared/zsh.nix @@ -1,19 +1,4 @@ { pkgs, config, lib, ... }: -let - switch = pkgs.writeShellScript "switch.sh" '' - OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s) - ${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH - ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH - $OUT_PATH/bin/switch-to-configuration switch - unlink $OUT_PATH - ''; - garbage = pkgs.writeShellScript "garbage.sh" '' - nix-collect-garbage -d - echo Cleaning up boot entries... - /run/current-system/bin/switch-to-configuration boot - echo Done - ''; -in { programs.command-not-found.enable = false; programs.nix-index-database.comma.enable = true; @@ -30,78 +15,88 @@ in programs.fzf = { keybindings = true; }; - programs.zsh = - { + programs.zsh = { + enable = true; + shellAliases = { + rm = "trash"; + ls = "eza --icons"; + l = "ls -l"; + ll = "ls -la"; + la = "ls -a"; + less = "bat"; + update = "cd /etc/nixos && nix flake update"; + msh = "f() {mosh $1 zsh};f"; + }; + histSize = 100000; + histFile = "~/.local/share/zsh/history"; + syntaxHighlighting.enable = true; + autosuggestions = { enable = true; - shellAliases = { - rm = "trash"; - ls = "eza --icons"; - l = "ls -l"; - ll = "ls -la"; - la = "ls -a"; - less = "bat"; - run0 = "run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE"; - update = "cd /etc/nixos && nix flake update"; - switch = "run0 ${switch}"; - }; - histSize = 100000; - histFile = "~/.local/share/zsh/history"; - syntaxHighlighting.enable = true; - autosuggestions = { - enable = true; - highlightStyle = "fg=#00bbbb,bold"; - }; - shellInit = '' - zsh-newuser-install () {} - ''; + highlightStyle = "fg=#00bbbb,bold"; + }; + shellInit = '' + zsh-newuser-install () {} + ''; - interactiveShellInit = - '' - export MCFLY_KEY_SCHEME=vim - export MCFLY_FUZZY=2 - export MCFLY_DISABLE_MENU=TRUE - export MCFLY_RESULTS=30 - export MCFLY_INTERFACE_VIEW=BOTTOM - export MCFLY_PROMPT="❯" - # fix for networkctl - zstyle ':completion:*:complete:networkctl:*' list-grouped true - source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc - source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh - unsetopt extendedglob + interactiveShellInit = + '' + export MCFLY_KEY_SCHEME=vim + export MCFLY_FUZZY=2 + export MCFLY_DISABLE_MENU=TRUE + export MCFLY_RESULTS=30 + export MCFLY_INTERFACE_VIEW=BOTTOM + export MCFLY_PROMPT="❯" + # fix for networkctl + zstyle ':completion:*:complete:networkctl:*' list-grouped true + source ${pkgs.agdsn-zsh-config}/etc/zsh/zshrc + source ${pkgs.zsh-fzf-tab}/share/fzf-tab/fzf-tab.plugin.zsh + unsetopt extendedglob - function svpn() { - unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}') - if [ $(systemctl is-active $unit) = "inactive" ]; then - systemctl start $unit - else - systemctl stop $unit - fi - } + function svpn() { + unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}') + if [ $(systemctl is-active $unit) = "inactive" ]; then + systemctl start $unit + else + systemctl stop $unit + fi + } - prompt_dir() { - prompt_segment blue $CURRENT_FG '%c' - } + prompt_dir() { + prompt_segment blue $CURRENT_FG '%c' + } - garbage() { - ${pkgs.home-manager}/bin/home-manager expire-generations "-0 days" - run0 --setenv=PATH=$PATH --setenv=LOCALE_ARCHIVE=$LOCALE_ARCHIVE ${garbage} - } + switch() { + sudo true # ask the password so we can leave during the (sometimes quite long) build process + OUT_PATH=/tmp/nixos-rebuild-nom-$(date +%s) + ${lib.getExe pkgs.nix-output-monitor} build /etc/nixos\#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel -o $OUT_PATH + sudo ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $OUT_PATH + sudo $OUT_PATH/bin/switch-to-configuration switch + unlink $OUT_PATH + } - sysdiff() { - echo System package diff: - ${config.nix.package}/bin/nix store diff-closures $(command ls -d /nix/var/nix/profiles/system-* | tail -2) - } - ''; - promptInit = - '' - # if [[ "$(hostname)" == "thinkpad" ]] - # then - # cat ${../images/cat.sixel} - # fi - eval "$(${pkgs.mcfly}/bin/mcfly init zsh)" - eval "$(${pkgs.zoxide}/bin/zoxide init zsh)" - ''; - }; + garbage() { + ${pkgs.home-manager}/bin/home-manager expire-generations "-0 days" + sudo nix-collect-garbage -d + echo Cleaning up boot entries... + sudo /run/current-system/bin/switch-to-configuration boot + echo Done + } + + sysdiff() { + echo System package diff: + ${config.nix.package}/bin/nix store diff-closures $(command ls -d /nix/var/nix/profiles/system-* | tail -2) + } + ''; + promptInit = + '' + # if [[ "$(hostname)" == "thinkpad" ]] + # then + # cat ${../images/cat.sixel} + # fi + eval "$(${pkgs.mcfly}/bin/mcfly init zsh)" + eval "$(${pkgs.zoxide}/bin/zoxide init zsh)" + ''; + }; } diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix index a8cf083..0c68222 100644 --- a/users/rouven/modules/helix/default.nix +++ b/users/rouven/modules/helix/default.nix @@ -6,7 +6,7 @@ rust-analyzer nil nixpkgs-fmt - # typst-lsp + typst-lsp (python3.withPackages (ps: with ps; [ pyls-isort pylsp-mypy