From 6e8014e0b510dabb3dd2064a204c9b3a64a511e4 Mon Sep 17 00:00:00 2001
From: gwg313 <gwg313@pm.me>
Date: Fri, 20 Sep 2024 15:26:06 -0400
Subject: [PATCH] some updates

---
 common/networking/default.nix                 |  2 +
 common/networking/wireless.nix                | 44 +++++++++++++++
 common/nixos/laptop.nix                       |  6 +-
 common/nixos/ssh/ssh.nix                      | 56 +++++++++++++++++--
 common/nixos/ssh/ssh_client.nix               |  1 +
 home-manager/modules/neovim/plugins/cmp.nix   |  4 +-
 .../modules/neovim/plugins/default.nix        |  1 +
 home-manager/modules/neovim/plugins/lsp.nix   |  2 +
 .../modules/neovim/plugins/vimtex.nix         | 15 +++++
 home-manager/modules/tmux/tmux.nix            | 18 ++++++
 home-manager/modules/zsh.nix                  |  8 ++-
 hosts/candlekeep/configuration.nix            |  3 +-
 secrets/secrets.yaml                          |  7 ++-
 13 files changed, 153 insertions(+), 14 deletions(-)
 create mode 100644 common/networking/wireless.nix
 create mode 100644 home-manager/modules/neovim/plugins/vimtex.nix

diff --git a/common/networking/default.nix b/common/networking/default.nix
index 5552711..0590c0c 100644
--- a/common/networking/default.nix
+++ b/common/networking/default.nix
@@ -2,8 +2,10 @@
   imports = [
     ./zerotier.nix
     ./firewall.nix
+    ./wireless.nix
   ];
 
   zerotier.enable = lib.mkDefault true;
   firewall.enable = lib.mkDefault true;
+  wireless.enable = lib.mkDefault false;
 }
diff --git a/common/networking/wireless.nix b/common/networking/wireless.nix
new file mode 100644
index 0000000..3318f2b
--- /dev/null
+++ b/common/networking/wireless.nix
@@ -0,0 +1,44 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  options = {
+    wireless.enable = lib.mkEnableOption "Enables Wifi and adds my networks";
+  };
+  config = lib.mkIf config.wireless.enable {
+    sops.secrets."wireless.env" = {};
+    networking.wireless.enable = true;
+    environment.systemPackages = with pkgs; [wpa_supplicant_gui];
+    networking.wireless.userControlled.enable = true;
+    networking.wireless.environmentFile = config.sops.secrets."wireless.env".path;
+    networking.wireless.networks = {
+      "@home_uuid@" = {
+        psk = "@home_psk@";
+        priority = 99;
+      };
+      "@school_uuid@" = {
+        auth = ''
+          key_mgmt=WPA-EAP
+          eap=PEAP
+          phase2="auth=MSCHAPV2"
+          identity="@school_identity@"
+          password="@school_password@"
+        '';
+        priority = 89;
+      };
+
+      "eduroam" = {
+        auth = ''
+          key_mgmt=WPA-EAP
+          eap=PEAP
+          phase2="auth=MSCHAPV2"
+          identity="@eduroam_identity@"
+          password="@school_password@"
+        '';
+        priority = 79;
+      };
+    };
+  };
+}
diff --git a/common/nixos/laptop.nix b/common/nixos/laptop.nix
index 1dbf5d3..fa5cbc4 100644
--- a/common/nixos/laptop.nix
+++ b/common/nixos/laptop.nix
@@ -3,7 +3,10 @@
   lib,
   ...
 }: {
-  imports = [./bluetooth.nix];
+  imports = [
+    ./bluetooth.nix
+    ../networking/wireless.nix
+  ];
   options = {
     laptop.enable = lib.mkEnableOption "Enables Laptop options";
   };
@@ -16,5 +19,6 @@
     services.tlp.enable = true;
 
     bluetooth.enable = true;
+    wireless.enable = true;
   };
 }
diff --git a/common/nixos/ssh/ssh.nix b/common/nixos/ssh/ssh.nix
index 45e5b6a..00864b1 100644
--- a/common/nixos/ssh/ssh.nix
+++ b/common/nixos/ssh/ssh.nix
@@ -58,7 +58,17 @@
         PermitRootLogin = "no";
 
         # nix enables pam by default
-        #UsePam = true;
+        # UsePAM = false;
+
+        # challenge-response authentication backend it not configured by default
+        # therefore, it is set to "no" by default to avoid the use of an unconfigured backend
+        ChallengeResponseAuthentication = false;
+
+        # set maximum authentication retries to prevent brute force attacks
+        MaxAuthTries = 3;
+
+        # disallow connecting using empty passwords
+        PermitEmptyPasswords = false;
 
         ########## Cryptography ##########
 
@@ -66,9 +76,28 @@
         # AES CTR modes have been removed to mitigate the Terrapin attack
         #   https://terrapin-attack.com/
 
-        Ciphers = ["aes256-gcm@openssh.com" "aes128-gcm@openssh.com"];
-        Macs = ["hmac-sha2-256-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com"];
-        KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org" "diffie-hellman-group16-sha512" "diffie-hellman-group18-sha512"];
+        Ciphers = [
+          "aes256-gcm@openssh.com"
+          "aes128-gcm@openssh.com"
+        ];
+        Macs = [
+          "hmac-sha2-256-etm@openssh.com"
+          "hmac-sha2-512-etm@openssh.com"
+          "umac-128-etm@openssh.com"
+        ];
+        KexAlgorithms = [
+          "sntrup761x25519-sha512@openssh.com"
+          "curve25519-sha256"
+          "curve25519-sha256@libssh.org"
+          "diffie-hellman-group16-sha512"
+          "diffie-hellman-group18-sha512"
+        ];
+
+        # hostKeyAlgorithms = [
+        #   "rsa-sha2-512"
+        #   "rsa-sha2-256"
+        #   "ssh-ed25519"
+        # ];
 
         ########## Connection Preferences ##########
 
@@ -97,7 +126,26 @@
 
         # allow a maximum of two multiplexed sessions over a single TCP connection
         MaxSessions = 2;
+
+        # let ClientAliveInterval handle keepalive
+        TCPKeepAlive = false;
+
+        # disable reverse DNS lookups
+        # UseDNS = false;
       };
+      extraConfig = ''
+        ########## Features ##########
+
+        # accept locale-related environment variables
+        AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+        AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+        AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+        AcceptEnv XMODIFIERS
+
+        ########## Connection Preferences ##########
+        # disable reverse DNS lookups
+        UseDNS no
+      '';
     };
   };
 }
diff --git a/common/nixos/ssh/ssh_client.nix b/common/nixos/ssh/ssh_client.nix
index 6939cea..6aab355 100644
--- a/common/nixos/ssh/ssh_client.nix
+++ b/common/nixos/ssh/ssh_client.nix
@@ -34,6 +34,7 @@
         "umac-128-etm@openssh.com"
       ];
       kexAlgorithms = [
+        "sntrup761x25519-sha512@openssh.com"
         "curve25519-sha256"
         "curve25519-sha256@libssh.org"
         "diffie-hellman-group16-sha512"
diff --git a/home-manager/modules/neovim/plugins/cmp.nix b/home-manager/modules/neovim/plugins/cmp.nix
index dd36150..75d6f98 100644
--- a/home-manager/modules/neovim/plugins/cmp.nix
+++ b/home-manager/modules/neovim/plugins/cmp.nix
@@ -40,7 +40,7 @@
       cmp-nvim-lsp.enable = true;
       cmp-nvim-lua.enable = true;
       cmp_luasnip.enable = true;
-      cmp-path.enable = true;
+      # cmp-path.enable = true;
       cmp-latex-symbols.enable = true;
       cmp-buffer.enable = true;
       cmp = {
@@ -62,7 +62,7 @@
 
             {name = "buffer";}
 
-            {name = "path";}
+            # { name = "path"; }
           ];
 
           mapping = {
diff --git a/home-manager/modules/neovim/plugins/default.nix b/home-manager/modules/neovim/plugins/default.nix
index b2651cb..fcdf8dd 100644
--- a/home-manager/modules/neovim/plugins/default.nix
+++ b/home-manager/modules/neovim/plugins/default.nix
@@ -34,5 +34,6 @@ _: {
     ./which-key.nix
     ./undotree.nix
     ./yazi.nix
+    ./vimtex.nix
   ];
 }
diff --git a/home-manager/modules/neovim/plugins/lsp.nix b/home-manager/modules/neovim/plugins/lsp.nix
index d406ee7..2d4694a 100644
--- a/home-manager/modules/neovim/plugins/lsp.nix
+++ b/home-manager/modules/neovim/plugins/lsp.nix
@@ -74,6 +74,8 @@
           pyright.enable = true;
           hls.enable = true;
           leanls.enable = true;
+          texlab.enable = true;
+          html.enable = true;
         };
       };
       which-key.settings.spec = [
diff --git a/home-manager/modules/neovim/plugins/vimtex.nix b/home-manager/modules/neovim/plugins/vimtex.nix
new file mode 100644
index 0000000..6d20146
--- /dev/null
+++ b/home-manager/modules/neovim/plugins/vimtex.nix
@@ -0,0 +1,15 @@
+{...}: {
+  programs.nixvim = {
+    plugins.vimtex = {
+      enable = true;
+      settings = {
+        compiler_method = "latexrun";
+        toc_config = {
+          split_pos = "vert topleft";
+          split_width = 40;
+        };
+        view_method = "zathura";
+      };
+    };
+  };
+}
diff --git a/home-manager/modules/tmux/tmux.nix b/home-manager/modules/tmux/tmux.nix
index 217c6f2..fd95065 100644
--- a/home-manager/modules/tmux/tmux.nix
+++ b/home-manager/modules/tmux/tmux.nix
@@ -163,5 +163,23 @@
       tksv = "tmux kill-server";
       tkss = "tmux kill-session -t";
     };
+
+    initExtra = ''
+      function sesh-sessions() {
+        {
+          exec </dev/tty
+          exec <&1
+          local session
+          session=$(sesh list -t -c | fzf --height 40% --reverse --border-label ' sesh ' --border --prompt '⚡  ')
+          [[ -z "$session" ]] && return
+          sesh connect $session
+        }
+      }
+
+      zle     -N             sesh-sessions
+      bindkey -M emacs '\es' sesh-sessions
+      bindkey -M vicmd '\es' sesh-sessions
+      bindkey -M viins '\es' sesh-sessions
+    '';
   };
 }
diff --git a/home-manager/modules/zsh.nix b/home-manager/modules/zsh.nix
index 679ed87..6bc6bb1 100644
--- a/home-manager/modules/zsh.nix
+++ b/home-manager/modules/zsh.nix
@@ -61,7 +61,10 @@
 
     oh-my-zsh = {
       enable = true;
-      plugins = ["git"];
+      plugins = [
+        "git"
+        "copyfile"
+      ];
       theme = "robbyrussell";
     };
 
@@ -69,7 +72,6 @@
       size = 10000;
       path = "${config.xdg.dataHome}/zsh/history";
     };
-    initExtra = ''
-    '';
+    initExtra = '''';
   };
 }
diff --git a/hosts/candlekeep/configuration.nix b/hosts/candlekeep/configuration.nix
index 60141de..5fd269e 100644
--- a/hosts/candlekeep/configuration.nix
+++ b/hosts/candlekeep/configuration.nix
@@ -6,6 +6,7 @@
   lib,
   config,
   user,
+  pkgs,
   ...
 }: {
   # You can import other NixOS modules here
@@ -104,7 +105,7 @@
     config.nix.registry;
 
   networking.hostName = "candlekeep";
-  networking.networkmanager.enable = true;
+  # networking.networkmanager.enable = true;
 
   users.users = {
     gwg313 = {
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index 1143195..ab2c479 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,4 +1,5 @@
 restic_key: ENC[AES256_GCM,data:DzpWvFP5gyhrnLVIYgu9ouotWqkOAHehihSKf/TqJE+sHTD4vnIScfhzoKzdkoDoWfkcmQ==,iv:q83qNYuP/3mngvg+kUfOVToogL8VTvZ6HiGIztpnP/s=,tag:YNWwbma0HmPKqYCS1L5kQQ==,type:str]
+wireless.env: ENC[AES256_GCM,data:LzvMh6lfM9pnS3joSK3SUqEZDfP+Qk7NQmROWny1XhvQ0SkihvlM40YgA4ZGtwcPO1OnrDy6Srfvy+fuOqqt1XEK6qIOSir6cODkGQbKBa1Ui347P28tw6hgEHM57EYTAfMMwaHTtglPAvN/7YvdMPMT+EwcoyCzj5efRR6pZ0FeLSOtzKeYwe4oaRX1MP+THooSzw+zuoGmU6x3Dq4E8hruFd2o0ug3OEj2r95LVmGnnUiiLxU8YhDd+PXXyz8T6fFdapN1,iv:pdXqMqiR3qEQG1LvXqXWB8vpM6d2/Curv4gvuLOOatI=,tag:7H2wST9Mx9C3RCsOeUD1Vw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -14,8 +15,8 @@ sops:
             US9oa0pORXRVWWlyYlZZTGhXdTdOaWsKClqIK/YNJIIGFqOO0t4oni8dRTTXQniG
             ioIwAOdEgE/n0vcYhHXxLxWlTeqGZF076g7EFfIqiSNqrDtacRnazg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-16T17:19:46Z"
-    mac: ENC[AES256_GCM,data:6nDxe2yQZswjX7LAry3DAfOpVUoQvZ52iIp8F7/Z1r69acXT2Eif/pEtyQ3KXBPl4ape15FrDyzpr0FW2Gmrj7vwITC2xBV68SmTuBp5Ou4QHftVpO6s4Y6ucXcdpkFx+UQ/lpkvNibrV+K6yPB7QfIP+sTpjhREJColwD7Meeo=,iv:WWpmoDXF6yiRsRase2O3HZwixxO9IPwkWLDPwlxNRdo=,tag:KPR5NreED05GK3uCHK5kXg==,type:str]
+    lastmodified: "2024-09-13T19:21:22Z"
+    mac: ENC[AES256_GCM,data:dzWc9v24u1tT8ZeVCXawKn3IovFxlfs6B8yrgzkn7rZGtZDN5iAwTStuZtRYW8tydNuY7KZa9dH/9+Eh7YW9iGsumzQ3ewCHCyg9kdBpC9yGGDkIw41mKG3aweFERtXfq0WWnqDHnr7ZGrtPfsEOxvMG+uKU7K3lslhlcyeQf+U=,iv:BNXwcKP5vOHxbKX8fD3lbEuzhuHqAI5qi8mXtleG6p4=,tag:7WPAxw8IfE+flxzAentE6Q==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0