seafile: remove

flake.lock

@@ -12,11 +12,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1722339003,
+        "lastModified": 1723293904,
-        "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
+        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
+        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
         "type": "github"
       },
       "original": {
@@ -32,9 +32,7 @@
         "flake-parts": "flake-parts",
         "flake-utils": "flake-utils",
         "napalm": "napalm",
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs",
-          "nixpkgs"
-        ],
         "poetry2nix": "poetry2nix"
       },
       "locked": {
@@ -299,11 +297,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1723015306,
+        "lastModified": 1723399884,
-        "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=",
+        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e",
+        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
         "type": "github"
       },
       "original": {
@@ -447,11 +445,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722740924,
+        "lastModified": 1723352546,
-        "narHash": "sha256-UQPgA5d8azLZuDHZMPmvDszhuKF1Ek89SrTRtqsQ4Ss=",
+        "narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "97ca0a0fca0391de835f57e44f369a283e37890f",
+        "rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06",
         "type": "github"
       },
       "original": {
@@ -462,17 +460,18 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1722813957,
+        "lastModified": 1720542800,
-        "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
+        "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
+        "rev": "feb2849fdeb70028c70d73b848214b00d324a497",
         "type": "github"
       },
       "original": {
-        "id": "nixpkgs",
+        "owner": "NixOS",
         "ref": "nixos-unstable",
-        "type": "indirect"
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "nixpkgs-lib": {
@@ -518,6 +517,21 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1723362943,
+        "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a58bc8ad779655e790115244571758e8de055e3d",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
     "pfersel": {
       "inputs": {
         "nixpkgs": [
@@ -623,7 +637,7 @@
         "lanzaboote": "lanzaboote",
         "nix-colors": "nix-colors",
         "nix-index-database": "nix-index-database",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "pfersel": "pfersel",
         "purge": "purge",
         "trucksimulatorbot": "trucksimulatorbot"

flake.nix

@@ -27,7 +27,7 @@
     nix-colors.url = "github:Misterio77/nix-colors";
     authentik = {
       url = "github:nix-community/authentik-nix";
-      inputs.nixpkgs.follows = "nixpkgs";
+      # inputs.nixpkgs.follows = "nixpkgs";
     };
 
     purge = {

hosts/nuc/default.nix

@@ -12,7 +12,6 @@
       ./modules/matrix
       ./modules/mautrix-telegram
       ./modules/monitoring
-      ./modules/seafile
       ./modules/torrent
       ./modules/vaultwarden
       ./modules/caddy

hosts/nuc/modules/seafile/default.nix

@@ -1,46 +0,0 @@
-{ config, pkgs, ... }:
-let
-  domain = "seafile.${config.networking.domain}";
-in
-{
-  services.seafile = {
-    enable = true;
-    adminEmail = "admin@rfive.de";
-    initialAdminPassword = "unused garbage";
-    ccnetSettings.General.SERVICE_URL = "https://${domain}";
-    ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
-    seafileSettings.fileserver.port = 8083;
-    seahubExtraConf = ''
-      ENABLE_OAUTH = True
-      OAUTH_ENABLE_INSECURE_TRANSPORT = True
-
-      OAUTH_CLIENT_ID = "seafile"
-      with open('/var/lib/seafile/.oidcSecret') as f:
-        OAUTH_CLIENT_SECRET = f.readline().rstrip()
-      OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
- 
-      OAUTH_PROVIDER_DOMAIN   = 'seafile.rfive.de'
-      OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/application/o/authorize/'
-      OAUTH_TOKEN_URL         = 'https://auth.rfive.de/application/o/token/'
-      OAUTH_USER_INFO_URL     = 'https://auth.rfive.de/application/o/userinfo/'
-      OAUTH_SCOPE = [ "openid", "profile", "email"]
-      OAUTH_ATTRIBUTE_MAP = {
-          "id":    (False, "not used"),
-          "name":  (False, "full name"),
-          "email": (True, "email"),
-      }
-    '';
-  };
-  services.caddy.virtualHosts."${domain}".extraConfig = ''
-    redir /accounts/login /oauth/login
-    reverse_proxy unix//run/seahub/gunicorn.sock
-    route /media/* {
-      root * ${pkgs.seahub}
-    }
-
-    route /seafhttp/* {
-      uri strip_prefix /seafhttp
-      reverse_proxy 127.0.0.1:${toString config.services.seafile.seafileSettings.fileserver.port}
-    }
-  '';
-}

hosts/thinkpad/default.nix

@@ -107,6 +107,7 @@
 
 
   services = {
+    # envfs.enable = true; #usr/bin fixes
     blueman.enable = true; # bluetooth
     devmon.enable = true; # automount stuff
     upower.enable = true;

hosts/thinkpad/modules/graphics/default.nix

@@ -37,7 +37,7 @@
         colors.base07
       ];
   };
-  hardware.opengl.extraPackages = with pkgs; [
+  hardware.graphics.extraPackages = with pkgs; [
     intel-compute-runtime
     intel-media-driver
   ];

hosts/thinkpad/modules/networks/default.nix

@@ -66,6 +66,10 @@
           authProtocols = [ "SAE" ];
           extraConfig = "disabled=1";
         };
+        "LKG-Gast" = {
+          psk = "@LKGDD_GUEST_PSK@";
+          authProtocols = [ "WPA-PSK" ];
+        };
         "@PIXEL_SSID@" = {
           psk = "@PIXEL_PSK@";
           authProtocols = [ "WPA-PSK" ];

hosts/thinkpad/modules/networks/uni.nix

@@ -15,7 +15,8 @@
         configFile.path = config.age.secrets.dyport-auth.path;
       };
       # ugly way to add more interfaces
-      "enp0s13f0u2u1" = enp0s31f6;
+      # "enp0s13f0u2u1" = enp0s31f6;
+      # "enp0s13f0u3u1" = enp0s31f6;
     };
     wireless.networks = {
       eduroam = {
@@ -59,6 +60,7 @@
           password="@AGDSN_AUTH@"
           phase2="auth=PAP"
         '';
+        extraConfig = "disabled=1";
         authProtocols = [ "WPA-EAP" ];
       };
       agdsn_fritzbox = {
@@ -105,6 +107,17 @@
           compression = "stateless";
         };
       };
+      iFSR = {
+        protocol = "anyconnect";
+        gateway = "vpn2.zih.tu-dresden.de";
+        user = "rose159e@apb-ifsr-vpn";
+        passwordFile = config.age.secrets.tud.path;
+        autoStart = false;
+        extraOptions = {
+          authgroup = "A-Tunnel-TU-Networks";
+          compression = "stateless";
+        };
+      };
     };
   };
   systemd.services = {

hosts/thinkpad/modules/printing/default.nix

@@ -1,10 +1,10 @@
 { pkgs, ... }:
 {
   # environment.systemPackages = with pkgs; [ cups ];
-  services.avahi = {
+  # services.avahi = {
-    enable = true;
+  #   enable = true;
-    nssmdns4 = true;
+  #   nssmdns4 = true;
-  };
+  # };
   services.printing = {
     enable = true;
     stateless = true;

hosts/thinkpad/modules/security/default.nix

@@ -45,9 +45,9 @@
     };
   };
   # broken again
-  # services = {
+  services = {
-  #   fprintd.enable = true; # log in using fingerprint
+    fprintd.enable = true; # log in using fingerprint
-  # };
+  };
   environment.systemPackages = with pkgs; [
     agenix.packages.x86_64-linux.default
     tpm2-tools

hosts/thinkpad/modules/virtualisation/default.nix

@@ -1,10 +1,10 @@
 { pkgs, ... }:
 {
   virtualisation = {
-    podman = {
+    # podman = {
-      enable = true;
+    #   enable = true;
-      defaultNetwork.settings.dns_enabled = true;
+    #   defaultNetwork.settings.dns_enabled = true;
-    };
+    # };
     libvirtd = {
       enable = true;
       qemu = {

overlays/default.nix

@@ -2,9 +2,6 @@ _final: prev:
 let
   inherit (prev) callPackage;
   inherit (prev) fetchFromGitHub;
-  inherit (prev) fetchPypi;
-  inherit (prev) makeWrapper;
-  inherit (prev) python3Packages;
 in
 {
 
@@ -36,80 +33,4 @@ in
   gnome-break-timer = callPackage ../pkgs/gnome-break-timer { };
   jmri = callPackage ../pkgs/jmri { };
   adguardian-term = callPackage ../pkgs/adguardian-term { };
-
-  # upstream package is broken and can't be fixed by overriding attrs. so I just completely redo it in here
-  seahub = (python3Packages.buildPythonApplication rec {
-    pname = "seahub";
-    version = "11.0.1";
-    format = "other";
-    src = fetchFromGitHub {
-      owner = "haiwen";
-      repo = "seahub";
-      rev = "v11.0.1-pro";
-      sha256 = "sha256-dxMvbiAdECMZIf+HgA5P2gZYI9l+k+nhmdzfg90037A=";
-    };
-
-
-    dontBuild = true;
-
-    doCheck = false; # disabled because it requires a ccnet environment
-
-    nativeBuildInputs = [
-      makeWrapper
-    ];
-
-    propagatedBuildInputs = with python3Packages; [
-      django
-      future
-      django-compressor
-      django-statici18n
-      django-webpack-loader
-      django-simple-captcha
-      django-picklefield
-      django-formtools
-      mysqlclient
-      pillow
-      python-dateutil
-      djangorestframework
-      openpyxl
-      requests
-      requests-oauthlib
-      chardet
-      pyjwt
-      pycryptodome
-      qrcode
-      pysearpc
-      seaserv
-      gunicorn
-      markdown
-      bleach
-      # python-ldap
-      pyopenssl
-      (buildPythonPackage rec {
-        pname = "djangosaml2";
-        version = "1.7.0";
-        doCheck = false;
-        propagatedBuildInputs = [
-          pysaml2
-          django
-          defusedxml
-        ];
-        src = fetchPypi {
-          inherit pname version;
-          sha256 = "sha256-WiMl2UvbOskLA5o5LXPrBF2VktlDnlBNdc42eZ62Fko=";
-        };
-      })
-    ];
-
-    installPhase = ''
-      cp -dr --no-preserve='ownership' . $out/
-      wrapProgram $out/manage.py \
-        --prefix PYTHONPATH : "$PYTHONPATH:$out/thirdpart:"
-    '';
-
-    passthru = rec {
-      python = prev.python3;
-      pythonPath = python.pkgs.makePythonPath propagatedBuildInputs;
-    };
-  });
 }

pkgs/adguardian-term/default.nix

@@ -9,7 +9,7 @@ rustPlatform.buildRustPackage rec {
     rev = version;
     hash = "sha256-r7dh31fZgcUBffzwoBqIoV9XhZOjJRb9aWZUuuiz7y8=";
   };
-  cargoSha256 = "sha256-GB3CQ9VPBkKbT5Edq/jJlGEkVGICWSQloIt+nkHRDJU=";
+  cargoHash = "sha256-GB3CQ9VPBkKbT5Edq/jJlGEkVGICWSQloIt+nkHRDJU=";
 
   meta = with lib; {
     description = "Terminal-based, real-time traffic monitoring and statistics for your AdGuard Home instance  Resources";

pkgs/ianny/default.nix

@@ -1,4 +1,4 @@
-{ rustPlatform, fetchFromGitHub, lib, ninja, dbus, pkg-config, gettext }:
+{ rustPlatform, fetchFromGitHub, lib, ninja, dbus, pkg-config }:
 rustPlatform.buildRustPackage rec {
   pname = "ianny";
   version = "unstable-2023-12-16";
@@ -8,7 +8,7 @@ rustPlatform.buildRustPackage rec {
     rev = "370bea372c35610e65426f5a1c45db99584dfb9a";
     hash = "sha256-oWwRCQSP0g6IJh3cEgD32AIBF/pfN9QGJ9LANjCthMw=";
   };
-  cargoSha256 = "sha256-5/Sb2ds+xfcYFqTF3RObPScDzK4FdBNk8T1Z5YcQgCM=";
+  cargoHash = "sha256-5/Sb2ds+xfcYFqTF3RObPScDzK4FdBNk8T1Z5YcQgCM=";
   buildInputs = [
     dbus
     ninja

users/rouven/fixes.nix

@@ -1,6 +1,5 @@
 { pkgs, lib, ... }:
 {
-
   # fixes qt and themes
   environment.variables = {
     "QT_STYLE_OVERRIDE" = lib.mkForce "kvantum";
@@ -9,10 +8,10 @@
     "GTK_THEME" = "Dracula";
   };
   # open ports for kde connect
-  networking.firewall = rec {
+  # networking.firewall = rec {
-    allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
+  #   allowedTCPPortRanges = [{ from = 1714; to = 1764; }];
-    allowedUDPPortRanges = allowedTCPPortRanges;
+  #   allowedUDPPortRanges = allowedTCPPortRanges;
-  };
+  # };
   # enable xdg portals for sway
   xdg.portal = {
     enable = true;
@@ -37,24 +36,7 @@
   # home manager needs dconf
   programs.dconf.enable = true;
   # fixes pam entries for swaylock
-  # auth sufficient ${pkgs.fprintd}/lib/security/pam_fprintd.so
+  security.pam.services.swaylock = { };
-  security.pam.services.swaylock.text = ''
-    # Account management.
-    account required pam_unix.so
-
-    # Authentication management.
-
-    auth sufficient pam_unix.so nullok likeauth try_first_pass
-    auth sufficient ${pkgs.pam_u2f}/lib/security/pam_u2f.so
-    auth required pam_deny.so
-
-    # Password management.
-    password sufficient pam_unix.so nullok sha512
-
-    # Session management.
-    session required pam_env.so conffile=/etc/pam/environment readenv=0
-    session required pam_unix.so
-  '';
   # global wrapper for ausweisapp
   programs.ausweisapp = {
     enable = true;
@@ -64,5 +46,5 @@
   programs.steam.enable = true;
 
   # enable java black magic 
-  programs.java.enable = true;
+  # programs.java.enable = true;
 }

users/rouven/modules/packages.nix

@@ -11,7 +11,6 @@
     pcmanfm
     xdg-utils # used for xdg-open
     appimage-run
-    seafile-client
 
     # graphics
     (zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; })
@@ -50,6 +49,7 @@
     hut
     wine
     ansible
+    ansible-lint
 
     # programming languages
     cargo

users/rouven/modules/ssh/default.nix

@@ -11,7 +11,7 @@ in
     controlPersist = "10m";
     extraConfig = ''
       CanonicalizeHostname yes
-      CanonicalDomains agdsn.network vpn.rfive.de
+      CanonicalDomains agdsn.network vpn.rfive.de net.tu-dresden.de
       PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so
       IdentityFile ~/.ssh/id_ed25519
       SetEnv TERM=xterm-256color