diff --git a/.envrc b/.envrc index 1d953f4..051d09d 100644 --- a/.envrc +++ b/.envrc @@ -1 +1 @@ -use nix +eval "$(lorri direnv)" diff --git a/_archive/environments/dev/rust/.envrc b/_archive/environments/dev/rust/.envrc index 1d953f4..051d09d 100644 --- a/_archive/environments/dev/rust/.envrc +++ b/_archive/environments/dev/rust/.envrc @@ -1 +1 @@ -use nix +eval "$(lorri direnv)" diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 544f85b..64dfa02 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -65,7 +65,6 @@ in { PATH=pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" - "$HOME/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/bin" "$HOME/.cargo/bin" "$HOME/.gem/ruby/2.3.0/bin" "$HOME/.npm-packages/bin" diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 43c25c2..d501d0d 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -25,6 +25,7 @@ in { }; programs.direnv.enable = true; + services.lorri.enable = true; home.sessionVariables = { NIXPKGS_ALLOW_UNFREE = "1"; diff --git a/nix/os/devices/steveej-t480s-work/system.nix b/nix/os/devices/steveej-t480s-work/system.nix index 2f0dcae..c68cb26 100644 --- a/nix/os/devices/steveej-t480s-work/system.nix +++ b/nix/os/devices/steveej-t480s-work/system.nix @@ -91,4 +91,48 @@ in { "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ../../../../certificates/sat-r220-02.lab.eng.rdu2.redhat.com.crt ]; + + services.xserver.videoDrivers = [ "modesetting" ]; + boot.kernelPackages = lib.mkForce pkgs.linuxPackages; + + krb5 = { + enable = true; + config = let + pkinit_crt = pkgs.fetchurl { + url = "https://password.corp.redhat.com/ipa.crt"; + sha256 = "0cflhkb7szzlakjmz2rmw8l8j5jqsyy2rl7ciclmi5fdfjrrx1cd"; + }; + in '' + [libdefaults] + default_realm = IPA.REDHAT.COM + dns_lookup_realm = true + dns_lookup_kdc = true + rdns = false + dns_canonicalize_hostname = true + ticket_lifetime = 24h + forwardable = true + udp_preference_limit = 0 + default_ccache_name = KEYRING:persistent:%{uid} + + [realms] + REDHAT.COM = { + default_domain = redhat.com + dns_lookup_kdc = true + master_kdc = kerberos.corp.redhat.com + admin_server = kerberos.corp.redhat.com + } + + #make sure to save the IPA CA cert + #mkdir /etc/ipa && curl -o /etc/ipa/ca.crt https://password.corp.redhat.com/ipa.crt + IPA.REDHAT.COM = { + pkinit_anchors = FILE:${pkinit_crt} + pkinit_pool = FILE:${pkinit_crt} + default_domain = ipa.redhat.com + dns_lookup_kdc = true + # Trust tickets issued by legacy realm on this host + auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*// + auth_to_local = DEFAULT + } + ''; + }; } diff --git a/nix/os/devices/steveej-t480s-work/versions.nix b/nix/os/devices/steveej-t480s-work/versions.nix index 7a9321e..1dabb6a 100644 --- a/nix/os/devices/steveej-t480s-work/versions.nix +++ b/nix/os/devices/steveej-t480s-work/versions.nix @@ -1,20 +1,20 @@ { channelsNixosStable = { ref = "nixos-19.09"; - rev = "f7d050ed4e3af90502c88bf0ae1fef62dcbde265"; + rev = "8731aaaf8b30888bc24994096db830993090d7c4"; }; channelsNixosUnstable = { ref = "nixos-unstable"; - rev = "100012e55bc2a82fc680cba31a426ad38ead6fab"; + rev = "8130f3c1c2bb0e533b5e150c39911d6e61dcecc2"; }; nixpkgsMaster = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "0834d16531df583e161bd53ad5aee86854ad85b0"; + rev = "329102c47bd1c68f0acdf4feec64232202948c7a"; }; homeManagerModule = { url = "https://github.com/rycee/home-manager"; ref = "release-19.09"; - rev = "8d663335eb7b5032f637d8b719416ae4f2c1f612"; + rev = "0d1ca254d0f213a118459c5be8ae465018132f74"; }; } diff --git a/nix/pkgs/duplicacy/.envrc b/nix/pkgs/duplicacy/.envrc index 1d953f4..051d09d 100644 --- a/nix/pkgs/duplicacy/.envrc +++ b/nix/pkgs/duplicacy/.envrc @@ -1 +1 @@ -use nix +eval "$(lorri direnv)" diff --git a/services/home-ch/router-wan.lan/Justfile b/services/home-ch/router-wan.lan/Justfile index 79a278a..8792f32 100644 --- a/services/home-ch/router-wan.lan/Justfile +++ b/services/home-ch/router-wan.lan/Justfile @@ -6,3 +6,4 @@ post-setup: just -v _run_ssh_cmd "opkg install luci-ssl" just -v _run_ssh_cmd "opkg install luci-app-samba samba36-server" just -v _run_ssh_cmd "opkg install block-mount blockd kmod-fs-vfat kmod-usb-storage usbutils" + just -v _run_ssh_cmd "/etc/init.d/uhttpd restart"