diff --git a/flake.lock b/flake.lock index 447dfa1..d608a5c 100644 --- a/flake.lock +++ b/flake.lock @@ -7,18 +7,18 @@ "flake-parts": "flake-parts", "flake-utils": "flake-utils", "napalm": "napalm", - "nixpkgs": "nixpkgs", - "pyproject-build-systems": "pyproject-build-systems", - "pyproject-nix": "pyproject-nix", - "systems": "systems", - "uv2nix": "uv2nix" + "nixpkgs": [ + "nixpkgs" + ], + "poetry2nix": "poetry2nix", + "systems": "systems" }, "locked": { - "lastModified": 1746874492, - "narHash": "sha256-Gm2Eb5KBxAL6y9WJj7phRMXNAZzVkKlm9Dky9WDZHtQ=", + "lastModified": 1739612324, + "narHash": "sha256-3RQgKLNSKlcLtdfAo7Zx3+Q+3Bwgy8rx3gZ6ejTeh1w=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "2ef24fac993808a1a57f367ef58ac0f5254c3489", + "rev": "efd801f6faecf6caf489fa03dbd6e32e416bec6d", "type": "github" }, "original": { @@ -30,27 +30,33 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1745954192, - "narHash": "sha256-QuIgeu3CN6S44/zSiaj+iIkDz2494mb1MWvD3eYYkVE=", + "lastModified": 1738183650, + "narHash": "sha256-4XdYlqfd23TVPaJ0R5tEBIpDXLV4mFHdXhIWp5dIvIE=", "owner": "goauthentik", "repo": "authentik", - "rev": "22412729e2379d645da2ac0c0270a0ac6147945e", + "rev": "f1b7a9f934e6b58a1884ba753575eac6267f4b6e", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.4.0", + "ref": "version/2024.12.3", "repo": "authentik", "type": "github" } }, "crane": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1731098351, - "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "lastModified": 1717535930, + "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", "owner": "ipetkov", "repo": "crane", - "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", "type": "github" }, "original": { @@ -96,11 +102,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "type": "github" }, "original": { @@ -117,11 +123,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "type": "github" }, "original": { @@ -173,6 +179,24 @@ "inputs": { "systems": "systems_3" }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, "locked": { "lastModified": 1731533236, "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", @@ -229,23 +253,24 @@ "crane": "crane", "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1737639419, - "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", + "lastModified": 1718178907, + "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", + "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v0.4.2", + "ref": "v0.4.1", "repo": "lanzaboote", "type": "github" } @@ -253,11 +278,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1747347117, - "narHash": "sha256-wsPOuwczt+kJ4vuf3mm6uMv4wnfWP/RNV5Cp/P5nqQw=", - "rev": "3f355b8fd1ffbe670d756bcf976a38cbe80bb77b", + "lastModified": 1739546930, + "narHash": "sha256-m9s8XjIFd9ByX45/mnsryQa0G5ncMjOBJE4kAOHPoUI=", + "rev": "1077bc626e8dfc153524da40eddad46ef893d66e", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/3f355b8fd1ffbe670d756bcf976a38cbe80bb77b.tar.gz?rev=3f355b8fd1ffbe670d756bcf976a38cbe80bb77b" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1077bc626e8dfc153524da40eddad46ef893d66e.tar.gz?rev=1077bc626e8dfc153524da40eddad46ef893d66e" }, "original": { "type": "tarball", @@ -266,21 +291,21 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "flakey-profile": "flakey-profile", "lix": [ "lix" ], "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs" ] }, "locked": { - "lastModified": 1746839253, - "narHash": "sha256-pRwi8Wn8Yofj459gq+3oIRy8F3SXeEJ6mzfIAUgM9nA=", - "rev": "58baedd53f9da81fd728a4f3b08c378e5ba9ae58", + "lastModified": 1738176840, + "narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", + "rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/58baedd53f9da81fd728a4f3b08c378e5ba9ae58.tar.gz?rev=58baedd53f9da81fd728a4f3b08c378e5ba9ae58" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/621aae0f3cceaffa6d73a4fb0f89c08d338d729e.tar.gz?rev=621aae0f3cceaffa6d73a4fb0f89c08d338d729e" }, "original": { "type": "tarball", @@ -298,15 +323,16 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1747016581, - "narHash": "sha256-iQrEuBs23Cd+bSfcY85GLykHP0vmGrkVfMwUlzvqMQQ=", + "lastModified": 1712366957, + "narHash": "sha256-7W3D1Gk6mGlwtV07n6YB/7s3tThcBYknlvDPcoJJSe4=", "owner": "astro", "repo": "microvm.nix", - "rev": "5aff25e6e861e7d96ce10452ca976c16d073cf16", + "rev": "1e746a8987eb893adc8dd317b84e73d72803b650", "type": "github" }, "original": { "owner": "astro", + "ref": "v0.5.0", "repo": "microvm.nix", "type": "github" } @@ -337,13 +363,35 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1747129300, - "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", + "lastModified": 1738816619, + "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e81fd167b33121269149c57806599045fd33eeed", + "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", "type": "github" }, "original": { @@ -355,74 +403,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746141548, - "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "lastModified": 1739484910, + "narHash": "sha256-wjWLzdM7PIq4ZAe7k3vyjtgVJn6b0UeodtRFlM/6W5U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1747179050, - "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1747209494, - "narHash": "sha256-fLise+ys+bpyjuUUkbwqo5W/UyIELvRz9lPBPoB0fbM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5d736263df906c5da72ab0f372427814de2f52f8", + "rev": "0b73e36b1962620a8ac551a37229dd8662dac5c8", "type": "github" }, "original": { @@ -432,6 +417,81 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1738452942, + "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1739446958, + "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "authentik-nix", + "flake-utils" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ], + "systems": [ + "authentik-nix", + "systems" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1738741221, + "narHash": "sha256-UiTOA89yQV5YNlO1ZAp4IqJUGWOnTyBC83netvt8rQE=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "be1fe795035d3d36359ca9135b26dcc5321b31fb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -446,11 +506,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", "type": "github" }, "original": { @@ -459,56 +519,6 @@ "type": "github" } }, - "pyproject-build-systems": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ], - "pyproject-nix": [ - "authentik-nix", - "pyproject-nix" - ], - "uv2nix": [ - "authentik-nix", - "uv2nix" - ] - }, - "locked": { - "lastModified": 1744599653, - "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=", - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "type": "github" - } - }, - "pyproject-nix": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1746146146, - "narHash": "sha256-60+mzI2lbgn+G8F5mz+cmkDvHFn4s5oqcOna1SzYy74=", - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "rev": "3e9623bdd86a3c545e82b7f97cfdba5f07232d9a", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "type": "github" - } - }, "root": { "inputs": { "authentik-nix": "authentik-nix", @@ -518,7 +528,7 @@ "lix-module": "lix-module", "microvm": "microvm", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix", "tmux-yank": "tmux-yank", @@ -527,17 +537,21 @@ }, "rust-overlay": { "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], "nixpkgs": [ "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1731897198, - "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", + "lastModified": 1717813066, + "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", + "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", "type": "github" }, "original": { @@ -553,11 +567,11 @@ ] }, "locked": { - "lastModified": 1746485181, - "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "lastModified": 1739262228, + "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", "type": "github" }, "original": { @@ -569,11 +583,11 @@ "spectrum": { "flake": false, "locked": { - "lastModified": 1746869549, - "narHash": "sha256-BKZ/yZO/qeLKh9YqVkKB6wJiDQJAZNN5rk5NsMImsWs=", + "lastModified": 1708358594, + "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=", "ref": "refs/heads/main", - "rev": "d927e78530892ec8ed389e8fae5f38abee00ad87", - "revCount": 862, + "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c", + "revCount": 614, "type": "git", "url": "https://spectrum-os.org/git/spectrum" }, @@ -627,6 +641,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tmux-yank": { "flake": false, "locked": { @@ -643,28 +672,25 @@ "type": "github" } }, - "uv2nix": { + "treefmt-nix": { "inputs": { "nixpkgs": [ "authentik-nix", + "poetry2nix", "nixpkgs" - ], - "pyproject-nix": [ - "authentik-nix", - "pyproject-nix" ] }, "locked": { - "lastModified": 1746048139, - "narHash": "sha256-LdCLyiihLg6P2/mjzP0+W7RtraDSIaJJPTy6SCtW5Ag=", - "owner": "pyproject-nix", - "repo": "uv2nix", - "rev": "680e2f8e637bc79b84268949d2f2b2f5e5f1d81c", + "lastModified": 1730120726, + "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15", "type": "github" }, "original": { - "owner": "pyproject-nix", - "repo": "uv2nix", + "owner": "numtide", + "repo": "treefmt-nix", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 8672d2d..0038003 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; microvm = { - url = "github:astro/microvm.nix"; + url = "github:astro/microvm.nix/v0.5.0"; inputs = { nixpkgs.follows = "nixpkgs"; flake-utils.follows = "flake-utils"; @@ -21,12 +21,13 @@ }; lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.2"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; + url = "github:nix-community/lanzaboote/v0.4.1"; + inputs.nixpkgs.follows = "nixpkgs"; }; authentik-nix = { url = "github:nix-community/authentik-nix"; + inputs.nixpkgs.follows = "nixpkgs"; }; lix = { @@ -36,7 +37,7 @@ lix-module = { url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; + inputs.nixpkgs.follows = "nixpkgs"; inputs.lix.follows = "lix"; }; @@ -60,7 +61,6 @@ microvm, nixos-hardware, nixpkgs, - nixpkgs-unstable, sops-nix, ... }: @@ -68,21 +68,19 @@ { nixosConfigurations = let - microvm-stable-list = [ + microvm-list = [ + "auth" "conduwuit" "forgejo" + "immich" "miniflux" "radicale" ]; - microvm-unstable-list = [ - "auth" - "immich" - ]; - microvm-builder = (nixpkgs-ver: vm-list: builtins.listToAttrs ( + microvms = builtins.listToAttrs ( map (vm: { name = vm; - value = nixpkgs-ver.lib.nixosSystem { + value = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs; }; modules = [ @@ -94,14 +92,12 @@ ./modules/wg ]; }; - }) vm-list - )); - microvms = (microvm-builder nixpkgs microvm-stable-list) - // (microvm-builder nixpkgs-unstable microvm-unstable-list); + }) microvm-list + ); in microvms // { - toaster = nixpkgs-unstable.lib.nixosSystem { + toaster = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs; }; modules = [ @@ -121,7 +117,8 @@ ./modules/science.nix ./modules/tlp.nix ./modules/virtualization.nix - ./modules/emacs.nix + ./hosts/toaster/secure-boot.nix + ./modules/chromium.nix ./modules/mail ./modules/wg ]; @@ -156,7 +153,7 @@ ./modules/wg { - config.microvm.autostart = microvm-stable-list ++ microvm-unstable-list; + config.microvm.autostart = microvm-list; } ]; }; diff --git a/hosts/forgejo/default.nix b/hosts/forgejo/default.nix index f6de473..5e02678 100644 --- a/hosts/forgejo/default.nix +++ b/hosts/forgejo/default.nix @@ -18,7 +18,7 @@ in microvm = { hypervisor = "qemu"; mem = 3 * 1024; - balloon = true; + balloonMem = 4 * 1024; vcpu = 4; interfaces = [ { diff --git a/hosts/immich/immich.nix b/hosts/immich/immich.nix index 11a69b6..40243ae 100644 --- a/hosts/immich/immich.nix +++ b/hosts/immich/immich.nix @@ -1,7 +1,12 @@ { config, + inputs, + pkgs, ... }: +let + immich-latest = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich; +in { sops.secrets."immich.yaml" = { sopsFile = ./immich.yaml; @@ -11,6 +16,7 @@ services.immich = { enable = true; + package = immich-latest; host = "10.89.88.13"; redis.enable = true; database.createDB = true; diff --git a/hosts/toaster/0xa-home.nix b/hosts/toaster/0xa-home.nix deleted file mode 100644 index b3ff5eb..0000000 --- a/hosts/toaster/0xa-home.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, ... }: -{ - home.stateVersion = "24.11"; - - home.pointerCursor = { - name = "Banana"; - size = 32; - package = pkgs.banana-cursor; - x11.enable = true; - gtk.enable = true; - }; - - gtk = { - enable = true; - cursorTheme = { - name = "Banana"; - size = 32; - package = pkgs.banana-cursor; - }; - }; -} diff --git a/hosts/toaster/default.nix b/hosts/toaster/default.nix index 7e78114..17f8f09 100644 --- a/hosts/toaster/default.nix +++ b/hosts/toaster/default.nix @@ -46,11 +46,6 @@ supportedLocales = [ "all" ]; }; - # support ddc brigtness control - hardware.i2c.enable = true; - boot.kernelModules = [ "i2c-dev" ]; - environment.systemPackages = [ pkgs.ddcutil ]; - users.users."0xa" = { extraGroups = [ "wheel" @@ -60,7 +55,6 @@ "bluetooth" "libvirtd" "qemu-libvirtd" - "i2c" ]; group = "users"; home = "/home/0xa"; @@ -69,6 +63,8 @@ shell = pkgs.fish; }; + services.emacs.defaultEditor = false; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/toaster/hardware-configuration.nix b/hosts/toaster/hardware-configuration.nix index 318ff03..1b0fbb0 100644 --- a/hosts/toaster/hardware-configuration.nix +++ b/hosts/toaster/hardware-configuration.nix @@ -49,12 +49,6 @@ options = [ "zfsutil" ]; }; - fileSystems."/tmp" = { - device = "zpool/nocomp/tmp"; - fsType = "zfs"; - options = [ "zfsutil" ]; - }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/A170-F83D"; fsType = "vfat"; diff --git a/hosts/toaster/network/full-networkd.nix b/hosts/toaster/network/full-networkd.nix deleted file mode 100644 index ee0bdbe..0000000 --- a/hosts/toaster/network/full-networkd.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ lib, pkgs, ... }: -{ - imports = [ - ./mullvad.nix - ./dumpdvb.nix - ./zw.nix - ]; - - environment.systemPackages = with pkgs; [ - iwgtk - impala - ]; - - # kick out networkmanager - networking.networkmanager.enable = lib.mkForce false; - networking.useNetworkd = true; - systemd.network.enable = true; - - networking = { - hostName = "toaster"; - firewall.enable = true; - wireguard.enable = true; - wireless.iwd.enable = true; - }; - - services.resolved = { - enable = true; - dnssec = "false"; - fallbackDns = [ - "9.9.9.9" - "2620:fe::fe" - "149.112.112.112" - "2620:fe::9" - ]; - }; - - # we might have no interwebs at all - systemd.network.wait-online.enable = false; - - # uplinks - systemd.network.networks = { - "10-ether-uplink" = { - matchConfig.Name = "enp1s0f0"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - }; - "10-dock-uplink" = { - matchConfig.Name = "enp5s0f4u1u1"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - dhcpV4Config = { - RouteMetric = 666; - }; - dhcpV6Config = { - RouteMetric = 666; - }; - }; - "wlan-uplink" = { - matchConfig.Name = "wlan0"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - }; - }; - }; - -} diff --git a/hosts/toaster/zfs.nix b/hosts/toaster/zfs.nix index 1970bbf..70cc5c9 100644 --- a/hosts/toaster/zfs.nix +++ b/hosts/toaster/zfs.nix @@ -19,7 +19,6 @@ supportedFilesystems = [ "zfs" ]; kernelParams = [ "nohibernate" ]; plymouth.enable = false; - tmp.useTmpfs = false; - tmp.cleanOnBoot = true; + tmp.useTmpfs = true; }; } diff --git a/modules/basic-tools/default.nix b/modules/basic-tools/default.nix index a917168..3ea8833 100644 --- a/modules/basic-tools/default.nix +++ b/modules/basic-tools/default.nix @@ -39,6 +39,7 @@ exfatprogs nmap bind + nnn lf man-pages unzip @@ -49,17 +50,8 @@ sshfs whois mtr - joshuto ] - ++ ( - if config.networking.hostName == "toaster" then - [ - gitFull - git-lfs - ] - else - [ git ] - ); + ++ (if config.networking.hostName == "toaster" then [ gitFull git-lfs ] else [ git ]); environment.variables = let diff --git a/modules/basic-tools/fish.nix b/modules/basic-tools/fish.nix index 5e06de3..5099bbd 100644 --- a/modules/basic-tools/fish.nix +++ b/modules/basic-tools/fish.nix @@ -5,7 +5,7 @@ fzf fishPlugins.done fishPlugins.fzf-fish - fishPlugins.tide + fishPlugins.hydro ]; programs.fish = { diff --git a/modules/basic-tools/nix.nix b/modules/basic-tools/nix.nix index a67c6a8..980ab76 100644 --- a/modules/basic-tools/nix.nix +++ b/modules/basic-tools/nix.nix @@ -1,5 +1,7 @@ { + lib, pkgs, + inputs, ... }: { @@ -14,10 +16,14 @@ # nix output-monitor environment.systemPackages = [ pkgs.nix-output-monitor ]; - nixpkgs.flake = { - setFlakeRegistry = true; - setNixPath = true; - }; + # override default nix shell nixpkgs# behaviour to use current flake lock + nix.registry = + let + flakes = lib.filterAttrs (_name: value: value ? outputs) inputs.self.inputs; + in + builtins.mapAttrs (_name: v: { flake = v; }) flakes; + + nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value.outPath}") inputs.self.inputs; nixpkgs.config.allowUnfree = true; } diff --git a/modules/chromium.nix b/modules/chromium.nix index 5c971c6..30d6faf 100644 --- a/modules/chromium.nix +++ b/modules/chromium.nix @@ -2,23 +2,24 @@ { environment.systemPackages = with pkgs; [ - (chromium.override { enableWideVine = true; }) + chromium ]; - nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --ignore-gpu-blocklist --enable-gpu-rasterization --enable-zero-copy --enable-features=VaapiVideoDecoder,VaapiVideoEncoder,CanvasOopRasterization,WebUIDarkMode"; + nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --force-dark-mode --ignore-gpu-blocklist --enable-gpu-rasterization --enable-zero-copy --enable-features=VaapiVideoDecoder,VaapiVideoEncoder,CanvasOopRasterization,WebUIDarkMode"; programs.chromium = { enable = true; extensions = [ + # "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" # privacy badger "ekhagklcjbdpajgpjgmbionohlpdbjgc" # zotero connector "nngceckbapebfimnlniiiahkandclblb" # bitwarden - "ddkjiahejlhfcafbddmgiahcphecmpfh" # ublock lite + # "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + # "ddkjiahejlhfcafbddmgiahcphecmpfh" # ublock lite "mnjggcdmjocbbbhaepdhchncahnbgone" # sponsorblock - "khncfooichmfjbepaaaebmommgaepoid" # unhook ]; extraOpts = { "BrowserSignin" = 0; - "SyncDisabled" = true; + # "SyncDisabled" = true; "PasswordManagerEnabled" = false; "TranslateEnabled" = false; "AutofillAddressEnabled" = false; @@ -26,15 +27,10 @@ "AutoplayAllowed" = false; "DefaultNotificationSetting" = 2; "BackgroundModeEnabled" = false; - "DefaultSearchProviderEnabled" = true; + # "DefaultSearchProviderEnabled" = true; # "DefaultSearchProviderSearchURL" = "https://google.com/search?q={searchTerms}"; - "DefaultSearchProviderSearchURL" = "https://duckduckgo.com/?q={searchTerms}"; + # "DefaultSearchProviderSearchURL" = "https://duckduckgo.com/?q={searchTerms}"; "SearchSuggestEnable" = false; - "BlockThirdPartyCookies" = true; - "PrivacySandboxAdMeasurementEnabled" = false; - "PrivacySandboxAdTopicsEnabled" = false; - "PrivacySandboxPromptEnabled" = false; - "PrivacySandboxSiteEnabledAdsEnabled" = false; }; }; } diff --git a/modules/desktop-software.nix b/modules/desktop-software.nix index cbb902e..0ee2847 100644 --- a/modules/desktop-software.nix +++ b/modules/desktop-software.nix @@ -1,26 +1,23 @@ { pkgs, ... }: { - imports = [ - ./chromium.nix - ]; environment.systemPackages = with pkgs; [ - audacity blender dino ffmpeg-full + firefox-wayland + vivaldi + vivaldi-ffmpeg-codecs gimp inkscape signal-desktop - telegram-desktop + tdesktop tor-browser wl-clipboard yt-dlp element-desktop discord + spotify mpv - # dwarf-fortress-packages.dwarf-fortress-full - obs-studio - firefox ]; programs.steam.enable = true; } diff --git a/modules/devtools.nix b/modules/devtools.nix index a003e6e..8288862 100644 --- a/modules/devtools.nix +++ b/modules/devtools.nix @@ -1,5 +1,8 @@ { pkgs, + inputs, + config, + lib, ... }: { @@ -13,6 +16,11 @@ kikit-library ]; }; + + # binwalk v3 on 24.11 + sys_ver = config.system.nixos.release; + unstablepkgs = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}; + binwalkv3 = if lib.versionOlder "25.05" sys_ver then binwalk else unstablepkgs.binwalk; in [ # general @@ -21,7 +29,7 @@ gef gdb binutils - binwalk + binwalkv3 clang clang-tools direnv @@ -33,7 +41,7 @@ kikit freecad-wayland imhex - python3Full + python313Full nixfmt-rfc-style treefmt android-tools diff --git a/modules/emacs.nix b/modules/emacs.nix deleted file mode 100644 index 8841e44..0000000 --- a/modules/emacs.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - pkgs, - lib, - ... -}: - -{ - environment.systemPackages = with pkgs; [ - direnv - mu - ]; - - services.emacs = { - install = true; - enable = false; - package = - with pkgs; - ( - (emacsPackagesFor ( - emacs-pgtk.overrideAttrs (old: { - passthru = old.passthru // { - treeSitter = true; - }; - }) - )).emacsWithPackages - ( - epkgs: with epkgs; [ - treesit-grammars.with-all-grammars - vterm - pdf-tools - mu4e - ] - ) - ); - defaultEditor = lib.mkDefault true; - }; -} diff --git a/modules/fonts.nix b/modules/fonts.nix index 32ae853..7ee909b 100644 --- a/modules/fonts.nix +++ b/modules/fonts.nix @@ -1,7 +1,6 @@ { pkgs, ... }: { fonts.packages = with pkgs; [ - adwaita-fonts monoid font-awesome dejavu_fonts @@ -27,8 +26,7 @@ twemoji-color-font twitter-color-emoji iosevka-bin - cozette - nerd-fonts.hack + (nerdfonts.override { fonts = [ "Hack" ]; }) ]; fonts.enableDefaultPackages = true; diff --git a/modules/gnome.nix b/modules/gnome.nix index f70c270..897c4d3 100644 --- a/modules/gnome.nix +++ b/modules/gnome.nix @@ -8,17 +8,12 @@ environment.systemPackages = with pkgs; [ amberol celluloid - ddcutil gnome-console gnome-obfuscate gnome-boxes gnome-tweaks qbittorrent gnomeExtensions.caffeine - gnomeExtensions.brightness-control-using-ddcutil - spotify - ghostty - fractal ]; environment.gnome.excludePackages = with pkgs; [ @@ -42,6 +37,12 @@ }; }; + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + services.xserver = { enable = true; desktopManager.gnome.enable = true; diff --git a/modules/radio.nix b/modules/radio.nix index aea167c..391e98b 100644 --- a/modules/radio.nix +++ b/modules/radio.nix @@ -5,7 +5,7 @@ gnuradio gqrx cubicsdr - # sdrangel # broken package + sdrangel multimon-ng sox diff --git a/modules/niri.nix b/modules/sway.nix similarity index 56% rename from modules/niri.nix rename to modules/sway.nix index c3438fc..1ce6f63 100644 --- a/modules/niri.nix +++ b/modules/sway.nix @@ -1,74 +1,30 @@ # General Desktop-related config -{ pkgs, inputs, ... }: +{ pkgs, ... }: { - nixpkgs.overlays = [ inputs.niri.overlays.niri ]; - - programs.niri.enable = true; - imports = [ ./desktop-software.nix ./fonts.nix ]; - environment.systemPackages = - let - xwayland-satellite-git = pkgs.xwayland-satellite.overrideAttrs ( - final: prev: { - version = "git"; - cargoHash = "sha256-MaF2FyR3HvQAKkZKa8OO/5jbO64/Ncv7+JqHda4jN50="; - src = pkgs.fetchFromGitHub { - owner = "Supreeeme"; - repo = "xwayland-satellite"; - rev = "cca74a5f6b23742d77dc5db4312dfc40fd4a0fcc"; - sha256 = "sha256-YZ+axsuNsgIKWfnRkt6Qa9UoKfUOIWf42vNUonXxmxM="; - }; - cargoDeps = pkgs.rustPlatform.fetchCargoTarball { - inherit (final) pname src version; - hash = final.cargoHash; - }; - } - ); - in - with pkgs; - [ - screen-message - qbittorrent - gajim - imv - mpv - evince - brightnessctl - pulsemixer - cmus - termusic - gsettings-desktop-schemas - xdg-utils - qt5.qtwayland - bashmount - audacity - spotify-player - zathura - ncdu - adwaita-icon-theme - bluetui - gammastep - graphicsmagick - i3status-rust - impala - kanshi - pamixer - swayidle - swaylock - wl-clipboard - xfce.thunar - banana-cursor - fuzzel - alacritty - i3bar-river - mako - swww - oculante - xwayland-satellite-git - ]; + environment.systemPackages = with pkgs; [ + screen-message + qbittorrent + gajim + imv + swayimg + mpv + evince + brightnessctl + pulsemixer + cmus + termusic + gsettings-desktop-schemas + xdg-utils + foot + qt5.qtwayland + bashmount + nautilus + audacity + ]; # Enable sound. security.rtkit.enable = true; @@ -92,14 +48,45 @@ programs.light.enable = true; programs.xwayland.enable = true; - + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland-egl + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + export QT_QPA_PLATFORMTHEME="gnome" + export QT_STYLE_OVERRIDE="adwaita-dark" + # export WLR_DRM_NO_ATOMIC=1 + ''; + extraPackages = with pkgs; [ + adwaita-icon-theme + alacritty + bluetui + foot + gammastep + graphicsmagick + grim + i3status-rust + impala + kanshi + mako + pamixer + rofi-wayland + slurp + swayidle + swaylock + wl-clipboard + wl-mirror + ]; + }; environment.sessionVariables = { GTK_THEME = "Adwaita:dark"; }; xdg.portal = { enable = true; wlr.enable = true; - extraPortals = [ pkgs.xdg-desktop-portal-gnome ]; + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; }; services.udisks2.enable = true; @@ -127,7 +114,7 @@ enable = true; settings = { default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --greeting \"$(${pkgs.fortune}/bin/fortune -s)\" --cmd ${pkgs.niri-stable}/bin/niri-session"; + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --greeting \"$(${pkgs.fortune}/bin/fortune -s)\" --cmd ${pkgs.sway}/bin/sway"; }; }; };