treewide: cleanups and updates

user: remove docker group
zsh: attempt to fix fzf-tab
2024-11-15 05:13:10 +01:00 · 2024-04-11 11:58:50 +02:00 · 2024-04-11 11:58:29 +02:00 · 2024-04-11 11:58:00 +02:00 · 2024-04-11 11:52:03 +02:00 · 2024-04-10 12:57:15 +02:00
18 changed files with 128 additions and 102 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,5 @@
 # Rouven's NixOS configuration files

-![image](https://user-images.githubusercontent.com/72568063/213921069-670965f7-ad51-43ad-a211-63bb45a02648.png)
-
 ## Specs
 - **Operating System:** [NixOS](https://nixos.org)
 - **Window Manager:** [River](https://github.com/riverwm/river)
--- a/flake.lock
+++ b/flake.lock
@ -180,11 +180,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1712016346,
-        "narHash": "sha256-O2nO7pD+krq+4HgkLB4VThRtAucIPfXDs/jJqCGlK1w=",
+        "lastModified": 1712759992,
+        "narHash": "sha256-2APpO3ZW4idlgtlb8hB04u/rmIcKA8O7pYqxF66xbNY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "4be0464472675212654dedf3e021bd5f1d58b92f",
+        "rev": "31357486b0ef6f4e161e002b6893eeb4fafc3ca9",
        "type": "github"
      },
      "original": {
@ -200,17 +200,17 @@
        ]
      },
      "locked": {
-        "lastModified": 1711658384,
-        "narHash": "sha256-CbIPdqcX4k7DfnRaicJy6IlaszWyDIxiQMAxB6OGGK4=",
-        "owner": "rouven0",
-        "repo": "TruckSimulatorBot-images",
-        "rev": "7f57bdee9a22d4b2bb46ed1eae5aba11dfe34976",
-        "type": "github"
+        "lastModified": 1712701678,
+        "narHash": "sha256-L/sr5Wi+ePvB2huYOxRUWR2D3BnCSAdl0RdbChRTrqs=",
+        "owner": "~rouven",
+        "repo": "trucksimulator-images",
+        "rev": "f8622b0a9f7541dee806113c005b69cd08e5a0bd",
+        "type": "sourcehut"
      },
      "original": {
-        "owner": "rouven0",
-        "repo": "TruckSimulatorBot-images",
-        "type": "github"
+        "owner": "~rouven",
+        "repo": "trucksimulator-images",
+        "type": "sourcehut"
      }
    },
    "impermanence": {
@ -281,11 +281,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1711854532,
-        "narHash": "sha256-JPStavwlT7TfxxiXHk6Q7sbNxtnXAIjXQJMLO0KB6M0=",
+        "lastModified": 1712459390,
+        "narHash": "sha256-e12bNDottaGoBgd0AdH/bQvk854xunlWAdZwr/oHO1c=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "2844b5f3ad3b478468151bd101370b9d8ef8a3a7",
+        "rev": "4676d72d872459e1e3a248d049609f110c570e9a",
        "type": "github"
      },
      "original": {
@ -296,11 +296,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1711703276,
-        "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
+        "lastModified": 1712608508,
+        "narHash": "sha256-vMZ5603yU0wxgyQeHJryOI+O61yrX2AHwY6LOFyV1gM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
+        "rev": "4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6",
        "type": "github"
      },
      "original": {
@ -347,17 +347,17 @@
        ]
      },
      "locked": {
-        "lastModified": 1709373109,
-        "narHash": "sha256-2f0am1RlTxz8UKNwftzNjJLhgShoW2I5SofA7FwC4Nw=",
-        "owner": "rouven0",
+        "lastModified": 1712775079,
+        "narHash": "sha256-1j3haJ7/J1V3Lt4gyGgoDSxfFmf6x7A1zXl/QxZ+kSI=",
+        "owner": "~rouven",
        "repo": "pfersel",
-        "rev": "b4d086d43545f5d1735f863eb3aa1e81ca6272ba",
-        "type": "github"
+        "rev": "4ef4893c290c5f83f1497d6e4c0d162759500ae7",
+        "type": "sourcehut"
      },
      "original": {
-        "owner": "rouven0",
+        "owner": "~rouven",
        "repo": "pfersel",
-        "type": "github"
+        "type": "sourcehut"
      }
    },
    "pre-commit-hooks-nix": {
@ -398,27 +398,27 @@
        ]
      },
      "locked": {
-        "lastModified": 1711961571,
-        "narHash": "sha256-kYcs9KKTbN0ACPYTmeAF+EIj62kGBiimffHmFgOeQJo=",
-        "owner": "rouven0",
+        "lastModified": 1712775102,
+        "narHash": "sha256-kQF0HpU4Bis+Q1gE+OUJk1T3UJgDwTZc9rCDHRam9h4=",
+        "owner": "~rouven",
        "repo": "purge",
-        "rev": "6ce3c6cedb0f31885fc3775c96fb8cfca403bc93",
-        "type": "github"
+        "rev": "2959391aa4a1438b3f27669c6930feec58171eab",
+        "type": "sourcehut"
      },
      "original": {
-        "owner": "rouven0",
+        "owner": "~rouven",
        "repo": "purge",
-        "type": "github"
+        "type": "sourcehut"
      }
    },
    "river": {
      "flake": false,
      "locked": {
-        "lastModified": 1712003303,
-        "narHash": "sha256-RP8PxNti9MF4dIgfGCogiyyRW2+FfJu551jEGf2sbl0=",
+        "lastModified": 1712665127,
+        "narHash": "sha256-uACc9Cb1tSw3I0fMlEMX74NfU+Tg3It74tb+nc51AZ4=",
        "ref": "refs/heads/master",
-        "rev": "8b8ac27c4534f3989aa8c789bd282fa7f31597a8",
-        "revCount": 1226,
+        "rev": "14e941bae16b1ca478c32198c131c4297157f888",
+        "revCount": 1238,
        "submodules": true,
        "type": "git",
        "url": "https://github.com/riverwm/river"
@ -507,17 +507,17 @@
        ]
      },
      "locked": {
-        "lastModified": 1711961583,
-        "narHash": "sha256-ClezUJ0pH/DMU0u3e3t0qAgm+HQ9v6BmH1y5z8W6TZg=",
-        "owner": "rouven0",
-        "repo": "TruckSimulatorBot",
-        "rev": "eeffe63c4948769034a28cf0cd04885c754eba97",
-        "type": "github"
+        "lastModified": 1712701713,
+        "narHash": "sha256-q++FP8VC5TTQrUa+0l2TQKmafZpDy1L3rzUynFaAn/4=",
+        "owner": "~rouven",
+        "repo": "trucksimulator",
+        "rev": "af43589e9a0ae0f868a4eff3c738201ed1041788",
+        "type": "sourcehut"
      },
      "original": {
-        "owner": "rouven0",
-        "repo": "TruckSimulatorBot",
-        "type": "github"
+        "owner": "~rouven",
+        "repo": "trucksimulator",
+        "type": "sourcehut"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -26,15 +26,15 @@
    nix-colors.url = "github:Misterio77/nix-colors";

    purge = {
-      url = "github:rouven0/purge";
+      url = "sourcehut:~rouven/purge";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    trucksimulatorbot = {
-      url = "github:rouven0/TruckSimulatorBot";
+      url = "sourcehut:~rouven/trucksimulator";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    pfersel = {
-      url = "github:rouven0/pfersel";
+      url = "sourcehut:~rouven/pfersel";
      inputs.nixpkgs.follows = "nixpkgs";
    };

--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@ -6,7 +6,7 @@ let
    $ORIGIN rfive.de.

    rfive.de.   86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. (
-      2024040103 ; serial
+      2024040800 ; serial
      10800      ; refresh
      3600       ; retry
      604800     ; expire
@ -35,7 +35,7 @@ let
    mail AAAA 2a01:4f8:c012:49de::1

    @                 TXT "v=spf1 mx ~all"
-    rspamd._domainkey TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB"
+    rspamd._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB"
    _dmarc            TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de"

    cache      CNAME nuc.rfive.de.
--- a/hosts/falkenstein/modules/networks/default.nix
+++ b/hosts/falkenstein/modules/networks/default.nix
@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 {
  age.secrets = {
    "wireguard/dorm/private" = {
@ -11,6 +11,12 @@
    };

  };
+  environment.systemPackages = with pkgs; [
+    mtr
+    inetutils
+    dnsutils
+    wireguard-tools
+  ];
  networking = {
    hostName = "falkenstein";
    nftables.enable = true;
@ -18,6 +24,7 @@
    useNetworkd = true;
    enableIPv6 = true;
    firewall = {
+      allowedUDPPorts = [ 51820 ];
      extraInputRules = ''
        ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
      '';
@ -31,10 +38,6 @@
      "2620:fe::fe"
      "2620:fe::9"
    ];
-    extraConfig = ''
-      [Resolve]
-      DNSStubListener=no
-    '';
  };
  systemd.network = {
    enable = true;
@ -86,8 +89,9 @@
      matchConfig.Name = "wg0";
      networkConfig = {
        Address = "192.168.43.4/32";
-        DNS = "192.168.42.1";
-        DNSSEC = true;
+        DNS = "192.168.43.1";
+        Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa";
+        DNSSEC = false;
        BindCarrier = [ "ens3" ];
      };
    };
--- a/hosts/nuc/modules/adguard/default.nix
+++ b/hosts/nuc/modules/adguard/default.nix
@ -5,6 +5,9 @@
  services.adguardhome = {
    enable = true;
    openFirewall = true;
-    settings.bind_port = 3000;
+    settings = {
+      dns.bind_hosts = [ "192.168.42.2" ];
+      http.address = "0.0.0.0:3000";
+    };
  };
 }
--- a/hosts/nuc/modules/networks/default.nix
+++ b/hosts/nuc/modules/networks/default.nix
@ -14,17 +14,12 @@
  };
  services.resolved = {
    enable = true;
-    # dnssec = "allow-downgrade";
    fallbackDns = [
      "9.9.9.9"
      "149.112.112.112"
      "2620:fe::fe"
      "2620:fe::9"
    ];
-    extraConfig = ''
-      [Resolve]
-      DNSStubListener=no
-    '';
  };
  systemd.network = {
    enable = true;
@ -38,6 +33,7 @@
        DHCP = "yes";
        LLDP = true;
        EmitLLDP = "nearest-bridge";
+        DNSSEC = false;
      };
    };
  };
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -90,7 +90,6 @@

  documentation = {
    dev.enable = true;
-    man.generateCaches = true;
  };
  environment.systemPackages = [ pkgs.man-pages ];
  system.stateVersion = "22.11";
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ pkgs, config, lib, ... }:
 {
  imports = [ ./uni.nix ];

@ -26,6 +26,7 @@
    curlFull
    wireguard-tools
  ];
+  services.timesyncd.servers = lib.mkForce [ ];
  services.resolved = {
    fallbackDns = [
      "9.9.9.9"
@ -56,11 +57,13 @@
        "@DORM_SSID@" = {
          psk = "@DORM_PSK@";
          authProtocols = [ "SAE" ];
+          extraConfig = "disabled=1";
        };
        "@DORM5_SSID@" = {
          priority = 5;
          psk = "@DORM_PSK@";
          authProtocols = [ "SAE" ];
+          extraConfig = "disabled=1";
        };
        "@PIXEL_SSID@" = {
          psk = "@PIXEL_PSK@";
@ -134,7 +137,6 @@

    };

-    # some wireguard interfaces
    netdevs."30-wg0" = {
      netdevConfig = {
        Kind = "wireguard";
@ -159,13 +161,12 @@
    };
    networks."30-wg0" = {
      matchConfig.Name = "wg0";
-      linkConfig.RequiredForOnline = "carrier";
+      linkConfig.RequiredForOnline = false;
      networkConfig = {
        Address = "192.168.43.3/32";
        DNS = "192.168.43.1";
        Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa";
        DNSSEC = false;
-        BindCarrier = [ "wlp9s0" ];
      };
    };
  };
--- a/hosts/thinkpad/modules/virtualisation/default.nix
+++ b/hosts/thinkpad/modules/virtualisation/default.nix
@ -2,8 +2,13 @@
 {
  virtualisation = {
    docker = {
-      enable = true;
-      extraOptions = "--iptables=false";
+      rootless = {
+        enable = true;
+        setSocketVariable = true;
+        daemon.settings = {
+          iptables = false;
+        };
+      };
    };
    libvirtd = {
      enable = true;
@ -18,7 +23,7 @@
    spiceUSBRedirection.enable = true;
  };
  # allow libvirts internal network stuff
-  networking.firewall.trustedInterfaces = [ "virbr0" "br0" "docker0" ];
+  networking.firewall.trustedInterfaces = [ "virbr0" ];
  programs.virt-manager.enable = true;
  environment.systemPackages = with pkgs; [
    virt-viewer
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -7,6 +7,13 @@ let
  inherit (prev) python3Packages;
 in
 {
+
+  pcmanfm = prev.pcmanfm.overrideAttrs (_: {
+    # remove deskop preferences shortcut
+    postInstall = ''
+      rm $out/share/applications/pcmanfm-desktop-pref.desktop
+    '';
+  });
  pww = callPackage ../pkgs/pww { };
  ianny = callPackage ../pkgs/ianny { };

@ -40,6 +47,17 @@ in
    withHiredis = false;
  };

+  zsh-fzf-tab = prev.zsh-fzf-tab.overrideAttrs (_: rec {
+    version = "1.1.1";
+    src = fetchFromGitHub {
+      owner = "Aloxaf";
+      repo = "fzf-tab";
+      rev = "v${version}";
+      sha256 = "sha256-0/YOL1/G2SWncbLNaclSYUz7VyfWu+OB8TYJYm4NYkM=";
+    };
+
+  });
+
  gnome-break-timer = callPackage ../pkgs/gnome-break-timer { };
  jmri = callPackage ../pkgs/jmri { };
  adguardian-term = callPackage ../pkgs/adguardian-term { };
--- a/pkgs/ssh3/client.nix
+++ b/pkgs/ssh3/client.nix
@ -1,23 +1,18 @@
 { lib, buildGoModule, fetchFromGitHub, playerctl }:
 buildGoModule rec {
  pname = "ssh3";
-  version = "0.1.4";
+  version = "0.1.7";

  src = fetchFromGitHub {
    owner = "francoismichel";
    repo = "ssh3";
    rev = "v${version}";
-    hash = "sha256-0bd2hdvgapTGEGM7gdpVwxelN5BRbmdcgANbRHZ/nRw=";
+    hash = "sha256-ZtQAJwGvNlJWUoDa6bS3AEdM3zbNMPQGdaIhR+yIonw=";
  };

-  subPackages = [ "cli/client" ];
+  subPackages = [ "cmd/ssh3" ];

-
-
-  vendorHash = "sha256-ZtKxAKNyMnZ8v96GUUm4EukdIJD+ITDW9kHOez7nYmg=";
-  postInstall = ''
-    mv $out/bin/client $out/bin/ssh3
-  '';
+  vendorHash = "sha256-VUNvb7m1nnH+mXUsnIKyPKJEVSMXBAaS4ihi5DZeFiI=";

  meta = with lib; {
    description = "Faster and rich secure shell using HTTP/3";
--- a/pkgs/ssh3/server.nix
+++ b/pkgs/ssh3/server.nix
@ -1,25 +1,20 @@
 { lib, buildGoModule, libxcrypt, fetchFromGitHub, playerctl }:
 buildGoModule rec {
  pname = "ssh3-server";
-  version = "0.1.4";
+  version = "0.1.7";

  src = fetchFromGitHub {
    owner = "francoismichel";
    repo = "ssh3";
    rev = "v${version}";
-    hash = "sha256-0bd2hdvgapTGEGM7gdpVwxelN5BRbmdcgANbRHZ/nRw=";
+    hash = "sha256-ZtQAJwGvNlJWUoDa6bS3AEdM3zbNMPQGdaIhR+yIonw=";
  };

-  subPackages = [ "cli/server" ];
+  subPackages = [ "cmd/ssh3-server" ];

  buildInputs = [ libxcrypt ];

-
-
-  vendorHash = "sha256-ZtKxAKNyMnZ8v96GUUm4EukdIJD+ITDW9kHOez7nYmg=";
-  postInstall = ''
-    mv $out/bin/server $out/bin/ssh3-server
-  '';
+  vendorHash = "sha256-VUNvb7m1nnH+mXUsnIKyPKJEVSMXBAaS4ihi5DZeFiI=";

  meta = with lib; {
    description = "Faster and rich secure shell using HTTP/3";
--- a/shared/zsh.nix
+++ b/shared/zsh.nix
@ -3,7 +3,6 @@
  programs.command-not-found.enable = false;
  programs.nix-index-database.comma.enable = true;
  environment.systemPackages = with pkgs; [
-    # fzf
    bat
    eza
    duf
@ -12,9 +11,7 @@
    iperf
  ];
  users.defaultUserShell = pkgs.zsh;
-  programs.fzf = {
-    keybindings = true;
-  };
+  programs.fzf.enable = true;
  programs.zsh = {
    enable = true;
    shellAliases = {
@ -52,7 +49,7 @@

      
        function svpn() {
-          unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | fzf --preview 'systemctl status {}')
+          unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}')
          if [ $(systemctl is-active $unit) = "inactive" ]; then
            systemctl start $unit
          else
@ -88,10 +85,10 @@
      '';
    promptInit =
      ''
-        if [[ "$(hostname)" == "thinkpad" ]]
-        then
-          cat ${../images/cat.sixel}
-        fi
+        # if [[ "$(hostname)" == "thinkpad" ]]
+        # then
+          # cat ${../images/cat.sixel}
+        # fi
        eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
        eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
      '';
--- a/users/rouven/default.nix
+++ b/users/rouven/default.nix
@ -5,7 +5,16 @@
  users.users.rouven = {
    description = "Rouven Seifert";
    isNormalUser = true;
-    extraGroups = [ "wheel" "video" "dialout" "libvirtd" "tss" "input" "wireshark" "etherape" "docker" ];
+    extraGroups = [
+      "wheel"
+      "video"
+      "dialout"
+      "libvirtd"
+      "tss"
+      "input"
+      "wireshark"
+      "etherape"
+    ];
    initialHashedPassword = "$6$X3XERQv28Nt1UUT5$MjdMBDuXyEwexkuKqmNFweez69q4enY5cjMXSbBxOc6Bq7Fhhp7OqmCm02k3OGjoZFXzPV9ZHuMSGKZOtwYIk1";
  };
  home-manager.useUserPackages = true;
--- a/users/rouven/modules/helix/default.nix
+++ b/users/rouven/modules/helix/default.nix
@ -10,7 +10,7 @@
    (python3.withPackages (ps: with ps; [
      pyls-isort
      pylsp-mypy
-      python-lsp-black
+      # python-lsp-black
      python-lsp-server

      # pylsp optional dependencies
--- a/users/rouven/modules/packages.nix
+++ b/users/rouven/modules/packages.nix
@ -45,6 +45,7 @@
    mosh
    typst
    typst-preview
+    hut

    # programming languages
    cargo
@ -55,6 +56,7 @@
    nodejs_20
    gnumake
    go
+    pre-commit

    # fancy tools
    just
--- a/users/rouven/modules/ssh/default.nix
+++ b/users/rouven/modules/ssh/default.nix
@ -21,6 +21,10 @@ in
        match = "Host github.com User git";
        identityFile = git;
      };
+      "git@git.sr.ht" = {
+        match = "Host git.sr.ht User git";
+        identityFile = git;
+      };
      # iFSR
      "fsr" = {
        hostname = "ifsr.de";
Author	SHA1	Message	Date
Rouven Seifert	321b85242f	treewide: cleanups and updates	2024-04-11 11:58:50 +02:00
Rouven Seifert	c2f4aad686	user: remove docker group	2024-04-11 11:58:29 +02:00
Rouven Seifert	1474c79742	zsh: attempt to fix fzf-tab	2024-04-11 11:58:00 +02:00
Rouven Seifert	2297f6506d	docker: enable rootless	2024-04-11 11:52:03 +02:00
Rouven Seifert	1b1a02caa0	nix: flake update	2024-04-10 12:57:15 +02:00
Rouven Seifert	3fddc4e807	user: package and ssh fixes	2024-04-10 00:34:03 +02:00
Rouven Seifert	16a9362aba	thinkpad: minor networking fixes	2024-04-10 00:33:33 +02:00
Rouven Seifert	ea7971a6e5	switch a lot of stuff to sourcehut	2024-04-10 00:33:10 +02:00
Rouven Seifert	96ea95585e	nix: flake updates	2024-04-10 00:32:51 +02:00
Rouven Seifert	6a78a9039d	nuc: fix dns setup for adguard	2024-04-10 00:31:05 +02:00
Rouven Seifert	358220a12e	falkenstein: fix dkim record and wireguard dns	2024-04-10 00:30:35 +02:00
Rouven Seifert	34104a42fb	pkgs.ssh3: 0.1.7 -> 0.1.7	2024-04-10 00:30:18 +02:00
Rouven Seifert	a2d754d2d1	readme: remove image	2024-04-09 23:23:22 +02:00