diff --git a/flake.lock b/flake.lock index 7c7fa3d..7da9f33 100644 --- a/flake.lock +++ b/flake.lock @@ -134,11 +134,11 @@ ] }, "locked": { - "lastModified": 1726867691, - "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=", + "lastModified": 1719459426, + "narHash": "sha256-4Kn9Pb3lvsik/VYsEAYgXpkcmLhrr0tTE6oIT2PMSPA=", "owner": "nix-community", "repo": "dns.nix", - "rev": "a3196708a56dee76186a9415c187473b94e6cbae", + "rev": "e6693931023206f1f3c2bfc57d2c98b5f27f52e6", "type": "github" }, "original": { @@ -301,11 +301,11 @@ ] }, "locked": { - "lastModified": 1727346017, - "narHash": "sha256-z7OCFXXxIseJhEHiCkkUOkYxD9jtLU8Kf5Q9WC0SjJ8=", + "lastModified": 1725948275, + "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", "owner": "nix-community", "repo": "home-manager", - "rev": "c124568e1054a62c20fbe036155cc99237633327", + "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", "type": "github" }, "original": { @@ -336,11 +336,11 @@ }, "impermanence": { "locked": { - "lastModified": 1727198257, - "narHash": "sha256-/qMVI+SG9zvhLbQFOnqb4y4BH6DdK3DQHZU5qGptehc=", + "lastModified": 1725690722, + "narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=", "owner": "nix-community", "repo": "impermanence", - "rev": "8514fff0f048557723021ffeb31ca55f69b67de3", + "rev": "63f4d0443e32b0dd7189001ee1894066765d18a5", "type": "github" }, "original": { @@ -450,11 +450,11 @@ ] }, "locked": { - "lastModified": 1726975622, - "narHash": "sha256-bPDZosnom0+02ywmMZAvmj7zvsQ6mVv/5kmvSgbTkaY=", + "lastModified": 1725765290, + "narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "c7515c2fdaf2e1f3f49856cef6cec95bb2138417", + "rev": "642275444c5a9defce57219c944b3179bf2adaa9", "type": "github" }, "original": { @@ -524,11 +524,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1727122398, - "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { diff --git a/hosts/falkenstein/modules/mail/postfix.nix b/hosts/falkenstein/modules/mail/postfix.nix index 7cab1a4..fb060b1 100644 --- a/hosts/falkenstein/modules/mail/postfix.nix +++ b/hosts/falkenstein/modules/mail/postfix.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: let domain = config.networking.domain; @@ -39,9 +39,8 @@ in # home_mailbox = "Maildir/"; smtp_helo_name = config.networking.fqdn; smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name"; - smtp_tls_security_level = "may"; - smtpd_tls_security_level = lib.mkForce "encrypt"; - smtpd_tls_auth_only = true; + smtp_use_tls = true; + smtpd_use_tls = true; smtpd_tls_protocols = [ "!SSLv2" "!SSLv3" diff --git a/hosts/nuc/modules/monitoring/default.nix b/hosts/nuc/modules/monitoring/default.nix index 8c7c03c..84bd804 100644 --- a/hosts/nuc/modules/monitoring/default.nix +++ b/hosts/nuc/modules/monitoring/default.nix @@ -93,19 +93,6 @@ in enable = true; enabledCollectors = [ "systemd" ]; }; - json = { - enable = true; - configFile = pkgs.writeText "json-exporter.yml" '' - --- - modules: - pegelstand: - metrics: - - name: pegelstand_elbe_dresden - path: '{ $.pegel }' - type: value - help: Pegelstand in Dresden - ''; - }; }; scrapeConfigs = [ { @@ -140,20 +127,6 @@ in targets = [ "nuc.vpn.rfive.de:9300" ]; }]; } - { - job_name = "pegel_dresden"; - metrics_path = "/probe"; - params = { - module = [ "pegelstand" ]; - target = [ - "https://api.stramke.com/wasserstand/sachsen/Dresden" - ]; - }; - static_configs = [{ - targets = [ "nuc.vpn.rfive.de:7979" ]; - }]; - scrape_interval = "5m"; - } { job_name = "caddy"; static_configs = [{ diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index c9bee3f..ddc413d 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -53,56 +53,56 @@ console.keyMap = "dvorak"; - # services.openldap = { - # enable = true; - # urlList = [ "ldap:///" ]; - # settings = { - # attrs = { - # olcLogLevel = "conns config"; - # }; - # children = { - # "cn=schema".includes = [ - # "${pkgs.openldap}/etc/schema/core.ldif" - # # attributetype ( 9999.1.1 NAME 'isMemberOf' - # # DESC 'back-reference to groups this user is a member of' - # # SUP distinguishedName ) - # "${pkgs.openldap}/etc/schema/cosine.ldif" - # "${pkgs.openldap}/etc/schema/inetorgperson.ldif" - # "${pkgs.openldap}/etc/schema/nis.ldif" - # # "${pkgs.writeText "openssh.schema" '' - # # attributetype ( 9999.1.2 NAME 'sshPublicKey' - # # DESC 'SSH public key used by this user' - # # SUP name ) - # # ''}" - # ]; + services.openldap = { + enable = true; + urlList = [ "ldap:///" ]; + settings = { + attrs = { + olcLogLevel = "conns config"; + }; + children = { + "cn=schema".includes = [ + "${pkgs.openldap}/etc/schema/core.ldif" + # attributetype ( 9999.1.1 NAME 'isMemberOf' + # DESC 'back-reference to groups this user is a member of' + # SUP distinguishedName ) + "${pkgs.openldap}/etc/schema/cosine.ldif" + "${pkgs.openldap}/etc/schema/inetorgperson.ldif" + "${pkgs.openldap}/etc/schema/nis.ldif" + # "${pkgs.writeText "openssh.schema" '' + # attributetype ( 9999.1.2 NAME 'sshPublicKey' + # DESC 'SSH public key used by this user' + # SUP name ) + # ''}" + ]; - # "olcDatabase={1}mdb".attrs = { - # objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; + "olcDatabase={1}mdb".attrs = { + objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; - # olcDatabase = "{1}mdb"; - # olcDbDirectory = "/var/lib/openldap/data"; + olcDatabase = "{1}mdb"; + olcDbDirectory = "/var/lib/openldap/data"; - # olcSuffix = "dc=ifsr,dc=de"; + olcSuffix = "dc=ifsr,dc=de"; - # /* your admin account, do not use writeText on a production system */ - # olcRootDN = "cn=portunus,dc=ifsr,dc=de"; - # olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32"; + /* your admin account, do not use writeText on a production system */ + olcRootDN = "cn=portunus,dc=ifsr,dc=de"; + olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32"; - # olcAccess = [ - # /* custom access rules for userPassword attributes */ - # ''{0}to attrs=userPassword - # by self write - # by anonymous auth - # by * none'' + olcAccess = [ + /* custom access rules for userPassword attributes */ + ''{0}to attrs=userPassword + by self write + by anonymous auth + by * none'' - # /* allow read on anything else */ - # ''{1}to * - # by * read'' - # ]; - # }; - # }; - # }; - # }; + /* allow read on anything else */ + ''{1}to * + by * read'' + ]; + }; + }; + }; + }; services = { diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index c1fbc64..58f1953 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -49,29 +49,29 @@ userControlled.enable = true; # sadly broken on my machine scanOnLowSignal = false; - secretsFile = config.age.secrets.wireless.path; + environmentFile = config.age.secrets.wireless.path; networks = { - "Smoerrebroed" = { - pskRaw = "ext:HOME_PSK"; + "@HOME_SSID@" = { + psk = "@HOME_PSK@"; authProtocols = [ "WPA-PSK" ]; }; - "Cudy-6140" = { - pskRaw = "ext:DORM_PSK"; + "@DORM_SSID@" = { + psk = "@DORM_PSK@"; authProtocols = [ "SAE" ]; extraConfig = "disabled=1"; }; - "Cudy-6150" = { + "@DORM5_SSID@" = { priority = 5; - pskRaw = "ext:DORM_PSK"; + psk = "@DORM_PSK@"; authProtocols = [ "SAE" ]; extraConfig = "disabled=1"; }; "LKG-Gast" = { - pskRaw = "ext:LKGDD_GUEST_PSK"; + psk = "@LKGDD_GUEST_PSK@"; authProtocols = [ "WPA-PSK" ]; }; - "Pxl" = { - pskRaw = "ext:PIXEL_PSK"; + "@PIXEL_SSID@" = { + psk = "@PIXEL_PSK@"; authProtocols = [ "WPA-PSK" ]; }; "WIFI@DB" = { diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 7db4fbd..d4e3f2b 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -12,36 +12,7 @@ "LAN" = { userControlled.enable = true; driver = "wired"; - configFile.path = pkgs.writeText "supplicant-lan.conf" '' - ctrl_interface=/run/wpa_supplicant - ap_scan=0 - network={ - ssid="apb-ifsr" - key_mgmt=IEEE8021X - eap=TTLS - anonymous_identity="rose159e@apb-ifsr" - ca_cert="/etc/ssl/certs/ca-certificates.crt" - domain_suffix_match="radius-tud.zih.tu-dresden.de" - identity="rose159e@apb-ifsr" - password=ext:TUD_AUTH - phase2="auth=PAP" - disabled=1 - } - network={ - ssid="zih-ma" - key_mgmt=IEEE8021X - eap=TTLS - anonymous_identity="rose159e@zih-ma" - ca_cert="/etc/ssl/certs/ca-certificates.crt" - domain_suffix_match="radius-tud.zih.tu-dresden.de" - identity="rose159e@zih-ma" - password=ext:TUD_AUTH - phase2="auth=PAP" - disabled=1 - } - ext_password_backend=file:${config.age.secrets.dyport-auth.path} - ''; - # configFile.path = config.age.secrets.dyport-auth.path; + configFile.path = config.age.secrets.dyport-auth.path; }; }; wireless.networks = { @@ -52,7 +23,7 @@ ca_cert="/etc/ssl/certs/ca-certificates.crt" domain_suffix_match="radius-eduroam.zih.tu-dresden.de" identity="rose159e@tu-dresden.de" - password=ext:EDUROAM_AUTH + password="@EDUROAM_AUTH@" phase2="auth=PAP" bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db 7c:5a:1c:02:3d:8b ''; @@ -68,7 +39,7 @@ ca_cert="/etc/ssl/certs/ca-certificates.crt" domain_suffix_match="radius.agdsn.de" identity="r5" - password=ext:AGDSN_WIFI_AUTH + password="@AGDSN_WIFI_AUTH@" phase2="auth=PAP" bssid_ignore=b8:3a:5a:8b:96:c2 ''; @@ -83,18 +54,18 @@ domain_suffix_match="radius.agdsn.de" identity="r5" proto=WPA2 - password=ext:AGDSN_AUTH + password="@AGDSN_AUTH@" phase2="auth=PAP" ''; extraConfig = "disabled=1"; authProtocols = [ "WPA-EAP" ]; }; agdsn_fritzbox = { - psk = "ext:AGDSN_FRITZBOX_PSK"; + psk = "@AGDSN_FRITZBOX_PSK@"; authProtocols = [ "WPA-PSK" ]; }; FSR = { - psk = "ext:FSR_PSK"; + psk = "@FSR_PSK@"; authProtocols = [ "WPA-PSK" ]; }; }; diff --git a/secrets/thinkpad/dyport-auth.age b/secrets/thinkpad/dyport-auth.age index 3ce1f2e..4fba776 100644 Binary files a/secrets/thinkpad/dyport-auth.age and b/secrets/thinkpad/dyport-auth.age differ diff --git a/secrets/thinkpad/wireless.age b/secrets/thinkpad/wireless.age index 89bc53a..36d09c9 100644 Binary files a/secrets/thinkpad/wireless.age and b/secrets/thinkpad/wireless.age differ diff --git a/users/rouven/modules/foot/default.nix b/users/rouven/modules/foot/default.nix index 19ba10b..899c959 100644 --- a/users/rouven/modules/foot/default.nix +++ b/users/rouven/modules/foot/default.nix @@ -41,8 +41,8 @@ shell = "${pkgs.zsh}/bin/zsh"; # dpi-aware = "yes"; font = "monospace:family=Iosevka Nerd Font:size=12"; + notify = "${lib.getExe pkgs.libnotify} -a \${app-id} -i \${app-id} \${title} \${body}"; }; - desktop-notifications.command = "${lib.getExe pkgs.libnotify} -a \${app-id} -i \${app-id} \${title} \${body}"; cursor.color = "${colors.background} ${colors.foreground}"; url = { launch = "${pkgs.xdg-utils}/bin/xdg-open \${url}"; diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix index 0c68222..a8cf083 100644 --- a/users/rouven/modules/helix/default.nix +++ b/users/rouven/modules/helix/default.nix @@ -6,7 +6,7 @@ rust-analyzer nil nixpkgs-fmt - typst-lsp + # typst-lsp (python3.withPackages (ps: with ps; [ pyls-isort pylsp-mypy diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index f02aee1..3ed7da5 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -5,7 +5,6 @@ # essentials htop-vim lsof - postgresql zip unzip