From 2830b98729b27f0fb35f0cf3c1f8b200e73622e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 7 Jul 2025 23:24:33 +0200 Subject: [PATCH] chore: update flake, introduce dev input --- SwarselSystems.org | 64 ++++-- flake.lock | 335 ++++++++++++------------------ flake.nix | 1 + modules/home/common/packages.nix | 2 +- modules/nixos/client/network.nix | 8 +- modules/nixos/client/sway.nix | 2 +- modules/nixos/common/settings.nix | 3 + modules/nixos/optional/work.nix | 2 +- nix/overlays.nix | 8 + secrets/general/secrets.yaml | 6 +- 10 files changed, 198 insertions(+), 233 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 09e9ee7..479b343 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -224,13 +224,13 @@ Here I give a brief overview over the hostmachines that I am using. This is held |💻 **nbl-imba-2** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop | |💻 **nbm-imba-166** | MacBook Pro 2016 | MacOS Sandbox | |🖥️ **winters** | ASRock J4105-ITX, 32GB RAM | Main homeserver and data storgae | - |🖥️ **sync** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | + |🖥️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks | |🖥️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services | |📱 **magicant** | Samsung Galaxy Z Flip 6 | Phone | |💿 **drugstore** | - | ISO installer configuration | |❔ **chaotheatre** | - | Demo config for checking out my configurtion | |❔ **toto** | - | Helper configuration for bootstrapping a new system | - |🏠 **home** | - | Reference configuration for a home-manager only host | + |🏠 **Treehouse** | - | Reference configuration for a home-manager only host | #+end_src ** Programs @@ -391,6 +391,7 @@ When setting this option normally, the password would normally be written world- }; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-dev.url = "github:Swarsel/nixpkgs/main"; nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; @@ -920,7 +921,7 @@ The structure of =globals.nix.enc= requires a toplevel =globals=. connections = [ (mkConnection "moonside" "wan") (mkConnection "pfsense" "wan") - (mkConnection "sync" "wan") + (mkConnection "milkywell" "wan") (mkConnection "toto" "bootstrapper") (mkConnection "chaostheatre" "demo host") ]; @@ -928,7 +929,7 @@ The structure of =globals.nix.enc= requires a toplevel =globals=. chaostheatre.interfaces."demo host" = { }; toto.interfaces."bootstrapper" = { }; - sync.interfaces.wan = { }; + milkywell.interfaces.wan = { }; moonside.interfaces.wan = { }; pfsense = mkRouter "pfSense" { @@ -1390,6 +1391,13 @@ Lastly, I add some of my own library functions to be used alongside the function }; }; + nixpkgs-dev = final: _: { + dev = import inputs.nixpkgs-dev { + inherit (final) system; + config.allowUnfree = true; + }; + }; + nixpkgs-kernel = final: _: { kernel = import inputs.nixpkgs-kernel { inherit (final) system; @@ -1419,6 +1427,7 @@ Lastly, I add some of my own library functions to be used alongside the function (additions final prev) // (modifications final prev) // (nixpkgs-stable final prev) + // (nixpkgs-dev final prev) // (nixpkgs-kernel final prev) // (nixpkgs-stable24_05 final prev) // (nixpkgs-stable24_11 final prev) @@ -2169,7 +2178,7 @@ My server setup was originally built on Proxmox VE; back when I started, I creat I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI (mostly sync for medium-important data) and one other machine that I left for now as a reference. -**** Sync (OCI) +**** Milkywell (OCI) :PROPERTIES: :CUSTOM_ID: h:4c5febb0-fdf6-44c5-8d51-7ea0f8930abf :END: @@ -2188,7 +2197,7 @@ This machine mainly acts as an external sync helper. It manages the following th :CUSTOM_ID: h:922105c3-a604-47d9-918b-db1803784c75 :END: -#+begin_src nix-ts :tangle hosts/nixos/sync/default.nix +#+begin_src nix-ts :tangle hosts/nixos/milkywell/default.nix { lib, config, globals, ... }: let primaryUser = config.swarselsystems.mainUser; @@ -2206,7 +2215,7 @@ This machine mainly acts as an external sync helper. It manages the following th ]; sops = { - defaultSopsFile = lib.mkForce "/root/.dotfiles/secrets/sync/secrets.yaml"; + defaultSopsFile = lib.mkForce "/root/.dotfiles/secrets/milkywell/secrets.yaml"; }; boot = { @@ -2217,7 +2226,7 @@ This machine mainly acts as an external sync helper. It manages the following th networking = { nftables.enable = lib.mkForce false; - hostName = "sync"; + hostName = "milkywell"; enableIPv6 = false; domain = "subnet03112148.vcn03112148.oraclevcn.com"; firewall = { @@ -2352,7 +2361,7 @@ This machine mainly acts as an external sync helper. It manages the following th isSecureBoot = false; isCrypted = false; profiles = { - server.sync = true; + server.milkywell = true; }; } sharedOptions; @@ -2372,7 +2381,7 @@ This machine mainly acts as an external sync helper. It manages the following th :CUSTOM_ID: h:64dddedd-9b13-4b74-baf0-1d54d5a89d3b :END: -#+begin_src nix-ts :tangle hosts/nixos/sync/hardware-configuration.nix +#+begin_src nix-ts :tangle hosts/nixos/milkywell/hardware-configuration.nix { config, lib, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") @@ -3836,6 +3845,7 @@ A breakdown of the flags being set: config = lib.mkIf config.swarselsystems.modules.general (lib.recursiveUpdate { + sops.secrets.github-api-token = lib.mkIf (!minimal) { }; nix = { package = pkgs.nixVersions.nix_2_28; @@ -3859,6 +3869,8 @@ A breakdown of the flags being set: patches = (o.patches or []) ++ ["${self}/nix/nix-plugins.patch"]; })}/lib/nix/plugins extra-builtins-file = ${self + /nix/extra-builtins.nix} + '' + lib.optionalString (!minimal) '' + !include ${config.sops.secrets.github-api-token.path} ''; }; @@ -4551,7 +4563,7 @@ Pipewire handles communication on Wayland. This enables several sound tools as w Here I only enable =networkmanager= and a few default networks. The rest of the network config is done separately in [[#h:88bf4b90-e94b-46fb-aaf1-a381a512860d][System specific configuration]]. #+begin_src nix-ts :tangle modules/nixos/client/network.nix - { self, lib, config, ... }: + { self, lib, pkgs, config, ... }: let certsSopsFile = self + /secrets/certs/secrets.yaml; clientSopsFile = self + /secrets/${config.networking.hostName}/secrets.yaml; @@ -4634,6 +4646,12 @@ Here I only enable =networkmanager= and a few default networks. The rest of the networkmanager = { enable = true; wifi.backend = "iwd"; + plugins = [ + # list of plugins: https://search.nixos.org/packages?query=networkmanager- + # docs https://networkmanager.dev/docs/vpn/ + pkgs.networkmanager-openconnect + pkgs.networkmanager-openvpn + ]; ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { environmentFiles = [ "${config.sops.templates."network-manager.env".path}" @@ -5513,7 +5531,7 @@ This is used to better integrate Sway into the system on NixOS hosts. On the hom config = lib.mkIf config.swarselsystems.modules.sway { programs.sway = { enable = true; - package = pkgs.swayfx; + package = pkgs.dev.swayfx; wrapperFeatures = { base = true; gtk = true; @@ -7326,7 +7344,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= "magicant" = { id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; }; - "sync@oracle" = { + "milkywell@oracle" = { id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; }; "${workHostName}" = { @@ -7341,7 +7359,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= path = "${cfg.dataDir}/Sync"; type = "receiveonly"; versioning = null; - devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "default"; }; "Obsidian" = { @@ -7351,7 +7369,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "yjvni-9eaa7"; }; "Org" = { @@ -7361,7 +7379,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "a7xnl-zjj3d"; }; "Vpn" = { @@ -7371,7 +7389,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; id = "hgp9s-fyq3p"; }; # "Documents" = { @@ -9922,7 +9940,7 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9 govc terraform opentofu - terragrunt + dev.terragrunt graphviz azure-cli @@ -10472,7 +10490,7 @@ This holds packages that I can use as provided, or with small modifications (as (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) # browser - vieb + stable24_11.vieb mgba # utilities @@ -10768,7 +10786,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This hostname = "130.61.119.129"; user = "opc"; }; - "sync" = { + "milkywell" = { hostname = "193.122.53.173"; user = "root"; }; @@ -14921,7 +14939,7 @@ This program sets up a new NixOS host remotely. It also takes care of secret man rm modules/home/common/mail.nix rm modules/home/common/yubikey.nix rm modules/nixos/server/restic.nix - rm hosts/nixos/sync/default.nix + rm hosts/nixos/milkywell/default.nix rm -rf modules/nixos/server rm -rf modules/home/server nix flake update vbc-nix @@ -16096,8 +16114,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a #+begin_src nix-ts :tangle profiles/nixos/syncserver/default.nix :mkdirp yes { lib, config, ... }: { - options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server"; - config = lib.mkIf config.swarselsystems.profiles.server.sync { + options.swarselsystems.profiles.server.milkywell = lib.mkEnableOption "is this a oci milkywell server"; + config = lib.mkIf config.swarselsystems.profiles.server.milkywell { swarselsystems = { modules = { general = lib.mkDefault true; diff --git a/flake.lock b/flake.lock index 76d3b20..7d75b88 100644 --- a/flake.lock +++ b/flake.lock @@ -84,11 +84,11 @@ }, "crane_2": { "locked": { - "lastModified": 1748970125, - "narHash": "sha256-UDyigbDGv8fvs9aS95yzFfOKkEjx1LO3PL3DsKopohA=", + "lastModified": 1750266157, + "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", "owner": "ipetkov", "repo": "crane", - "rev": "323b5746d89e04b22554b061522dfce9e4c49b18", + "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", "type": "github" }, "original": { @@ -145,11 +145,11 @@ ] }, "locked": { - "lastModified": 1750903843, - "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", + "lastModified": 1751854533, + "narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=", "owner": "nix-community", "repo": "disko", - "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", + "rev": "16b74a1e304197248a1bc663280f2548dbfcae3c", "type": "github" }, "original": { @@ -166,11 +166,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1750930065, - "narHash": "sha256-BRkcx5a0RUv3su63lMWRVlKUPCrwukeigdkyF+VeXT4=", + "lastModified": 1751908357, + "narHash": "sha256-7JeYhMYTdfzHsFfGZRUM+t0nx4HdYa3oaMH2B/qz9MA=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "b4529390e2e53bae6bfa7a6884dcfa5583b5b858", + "rev": "8e4ecd7c43c5e061dd2fc4d9d1994ec4d67cab2e", "type": "github" }, "original": { @@ -274,31 +274,16 @@ "type": "github" } }, - "flake-compat_6": { - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -406,12 +391,15 @@ } }, "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -422,7 +410,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1731533236, @@ -476,32 +464,6 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "stylix", - "flake-compat" - ], - "gitignore": "gitignore_4", - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -567,41 +529,19 @@ "type": "github" } }, - "gitignore_4": { - "inputs": { - "nixpkgs": [ - "stylix", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "gnome-shell": { "flake": false, "locked": { - "lastModified": 1744584021, - "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", "type": "github" }, "original": { "owner": "GNOME", - "ref": "48.1", + "ref": "48.2", "repo": "gnome-shell", "type": "github" } @@ -613,11 +553,11 @@ ] }, "locked": { - "lastModified": 1750798083, - "narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=", + "lastModified": 1751824240, + "narHash": "sha256-aDDC0CHTlL7QDKWWhdbEgVPK6KwWt+ca0QkmHYZxMzI=", "owner": "nix-community", "repo": "home-manager", - "rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82", + "rev": "fd9e55f5fac45a26f6169310afca64d56b681935", "type": "github" }, "original": { @@ -647,27 +587,6 @@ "type": "github" } }, - "home-manager_3": { - "inputs": { - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748737919, - "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "5675a9686851d9626560052a032c4e14e533c1fa", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -693,11 +612,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1750866260, - "narHash": "sha256-fo5NvfutMEw9OV+5rGYuCKjlNNjcnD3cKMbOfzusO/E=", + "lastModified": 1751381593, + "narHash": "sha256-js1XwtJpYhvQrrTaVzViybpztkHJVZ63aXOlFAcTENM=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "f40a3401f86d117affeeb8ca6f0ce5cd1ca3cc24", + "rev": "f4eb75540307c2b33521322c04b7fea74e48a66f", "type": "github" }, "original": { @@ -733,11 +652,11 @@ ] }, "locked": { - "lastModified": 1750618568, - "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", "type": "github" }, "original": { @@ -797,11 +716,11 @@ ] }, "locked": { - "lastModified": 1750565152, - "narHash": "sha256-A6ZIoIgaPPkzIVxKuaxwEJicPOeTwC/MD9iuC3FVhDM=", + "lastModified": 1751774635, + "narHash": "sha256-DuOznGdgMxeSlPpUu6Wkq0ZD5e2Cfv9XRZeZlHWMd1s=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "78cd697acc2e492b4e92822a4913ffad279c20e6", + "rev": "85686025ba6d18df31cc651a91d5adef63378978", "type": "github" }, "original": { @@ -881,11 +800,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1713543440, - "narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=", + "lastModified": 1751696036, + "narHash": "sha256-hXq4IOgSdAAaF/9q/2U8TBDL7aXZyQmtq4wl6USZjKo=", "owner": "guibou", "repo": "nixGL", - "rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a", + "rev": "d47b0db35dfa693c10f7c378043dcc6121d3f4ec", "type": "github" }, "original": { @@ -917,11 +836,11 @@ ] }, "locked": { - "lastModified": 1747663185, - "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", "type": "github" }, "original": { @@ -932,11 +851,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750837715, - "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", + "lastModified": 1751432711, + "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", + "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", "type": "github" }, "original": { @@ -948,11 +867,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750576544, - "narHash": "sha256-8myT+IxNWIB1B66NNDzQCXc5apy6pIXLW49m4qCRHFs=", + "lastModified": 1751203939, + "narHash": "sha256-omYD+H5LlSihz2DRfv90I8Oeo7JNEwvcHPHX+6nMIM4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e2d9c5bd3cd01115da3fc48c5d46b508a2c5deb1", + "rev": "650e71cbf76de8dd16f5648a96981b726c4ef8fe", "type": "github" }, "original": { @@ -962,6 +881,22 @@ "type": "github" } }, + "nixpkgs-dev": { + "locked": { + "lastModified": 1751913235, + "narHash": "sha256-4iJDKcKd57CuisFTQRMTS1EfiBlwbyUzXlCkQQ63g54=", + "owner": "Swarsel", + "repo": "nixpkgs", + "rev": "2c18d068b3df6bc0fb461583c327b7b94ff4df08", + "type": "github" + }, + "original": { + "owner": "Swarsel", + "ref": "main", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-docs": { "locked": { "lastModified": 1705957679, @@ -996,6 +931,7 @@ }, "nixpkgs-kernel": { "locked": { + "lastModified": 1748026106, "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", "owner": "NixOS", "repo": "nixpkgs", @@ -1012,11 +948,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1748740939, - "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", "type": "github" }, "original": { @@ -1039,11 +975,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1750646418, - "narHash": "sha256-4UAN+W0Lp4xnUiHYXUXAPX18t+bn6c4Btry2RqM9JHY=", + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1f426f65ac4e6bf808923eb6f8b8c2bfba3d18c5", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", "type": "github" }, "original": { @@ -1071,11 +1007,11 @@ }, "nixpkgs-stable24_11": { "locked": { - "lastModified": 1750646418, - "narHash": "sha256-4UAN+W0Lp4xnUiHYXUXAPX18t+bn6c4Btry2RqM9JHY=", + "lastModified": 1751274312, + "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1f426f65ac4e6bf808923eb6f8b8c2bfba3d18c5", + "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", "type": "github" }, "original": { @@ -1087,11 +1023,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1750838302, - "narHash": "sha256-aVkL3/yu50oQzi2YuKo0ceiCypVZpZXYd2P2p1FMJM4=", + "lastModified": 1751741127, + "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7284e2decc982b81a296ab35aa46e804baaa1cfe", + "rev": "29e290002bfff26af1db6f64d070698019460302", "type": "github" }, "original": { @@ -1103,11 +1039,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1749401433, - "narHash": "sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc=", + "lastModified": 1750865895, + "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "08fcb0dcb59df0344652b38ea6326a2d8271baff", + "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff", "type": "github" }, "original": { @@ -1151,11 +1087,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1660551188, - "narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=", + "lastModified": 1746378225, + "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "441dc5d512153039f19ef198e662e4f3dbb9fd65", + "rev": "93e8cdce7afc64297cfec447c311470788131cd9", "type": "github" }, "original": { @@ -1166,11 +1102,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1750776420, - "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", "type": "github" }, "original": { @@ -1198,11 +1134,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1750776420, - "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", "type": "github" }, "original": { @@ -1320,15 +1256,14 @@ "nur": { "inputs": { "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_7", - "treefmt-nix": "treefmt-nix" + "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1750928207, - "narHash": "sha256-Rd0528TViqq1hyWyTLNYngeAXRA+1fsGyU87ZW/yVCM=", + "lastModified": 1751906969, + "narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=", "owner": "nix-community", "repo": "NUR", - "rev": "1a83c7bef385585fc29dbd4d18fc2e2ca32eefc3", + "rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25", "type": "github" }, "original": { @@ -1347,7 +1282,7 @@ "stylix", "nixpkgs" ], - "treefmt-nix": "treefmt-nix_2" + "treefmt-nix": "treefmt-nix" }, "locked": { "lastModified": 1748730660, @@ -1403,11 +1338,11 @@ ] }, "locked": { - "lastModified": 1749636823, - "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "623c56286de5a3193aa38891a6991b28f9bab056", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -1458,6 +1393,7 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_5", + "nixpkgs-dev": "nixpkgs-dev", "nixpkgs-kernel": "nixpkgs-kernel", "nixpkgs-stable": "nixpkgs-stable_2", "nixpkgs-stable24_05": "nixpkgs-stable24_05", @@ -1467,7 +1403,7 @@ "pre-commit-hooks": "pre-commit-hooks_2", "sops-nix": "sops-nix", "stylix": "stylix", - "systems": "systems_3", + "systems": "systems_4", "vbc-nix": "vbc-nix", "zjstatus": "zjstatus" } @@ -1480,11 +1416,11 @@ ] }, "locked": { - "lastModified": 1750560265, - "narHash": "sha256-jQCojKl1/TzqE6ANOu6rP2qqxOcGK2xs6hpxZ77wrR8=", + "lastModified": 1751165203, + "narHash": "sha256-3QhlpAk2yn+ExwvRLtaixWsVW1q3OX3KXXe0l8VMLl4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "076fdb0d45a9de3f379a626f51a62c78afe7efb1", + "rev": "90f547b90e73d3c6025e66c5b742d6db51c418c3", "type": "github" }, "original": { @@ -1501,11 +1437,11 @@ ] }, "locked": { - "lastModified": 1749436897, - "narHash": "sha256-OkDtaCGQQVwVFz5HWfbmrMJR99sFIMXHCHEYXzUJEJY=", + "lastModified": 1750905536, + "narHash": "sha256-Mo7yXM5IvMGNvJPiNkFsVT2UERmnvjsKgnY6UyDdySQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e7876c387e35dc834838aff254d8e74cf5bd4f19", + "rev": "2fa7c0aabd15fa0ccc1dc7e675a4fcf0272ad9a1", "type": "github" }, "original": { @@ -1535,11 +1471,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1750119275, - "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "type": "github" }, "original": { @@ -1555,14 +1491,11 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat_6", "flake-parts": "flake-parts_5", - "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", - "home-manager": "home-manager_3", "nixpkgs": "nixpkgs_9", "nur": "nur_2", - "systems": "systems_2", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1570,11 +1503,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1750902586, - "narHash": "sha256-6m9WvGLL7pX5KHb0hXgmHvS1RHunImrKQ/MUWLs2tk8=", + "lastModified": 1751906932, + "narHash": "sha256-vRZH3bq24I/heef0AIFnaBmDGdQSpTmyjT4vtpa7qqk=", "owner": "danth", "repo": "stylix", - "rev": "0f93e58628596297711954ba5ba6d3a3ef9cf3dd", + "rev": "c538d1a3571386eaaca31aef7bb5fd5c155327b0", "type": "github" }, "original": { @@ -1629,6 +1562,21 @@ } }, "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -1643,7 +1591,7 @@ "type": "github" } }, - "systems_5": { + "systems_6": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1740,27 +1688,6 @@ } }, "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { "inputs": { "nixpkgs": [ "stylix", @@ -1787,7 +1714,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1742477270, @@ -1812,11 +1739,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1750360050, - "narHash": "sha256-/BT5MJqy+e0jHjALBNL8YT4kQ9wlaSedxPapYvKyeyw=", + "lastModified": 1750957292, + "narHash": "sha256-2CYTG+jxP5e7GHAj1t5aMsgb0Rom4jdOb3rsdLKpVNA=", "owner": "dj95", "repo": "zjstatus", - "rev": "857ada14fc8f652300571272c6db7c12620c33c0", + "rev": "abd848f23eff00d21ec09278072111d97dfd7fe6", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 863994f..708e8eb 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,7 @@ }; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-dev.url = "github:Swarsel/nixpkgs/main"; nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05"; diff --git a/modules/home/common/packages.nix b/modules/home/common/packages.nix index 6caf23e..f01c6ee 100644 --- a/modules/home/common/packages.nix +++ b/modules/home/common/packages.nix @@ -26,7 +26,7 @@ (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) # browser - vieb + stable24_11.vieb mgba # utilities diff --git a/modules/nixos/client/network.nix b/modules/nixos/client/network.nix index 880479d..e8eceb6 100644 --- a/modules/nixos/client/network.nix +++ b/modules/nixos/client/network.nix @@ -1,4 +1,4 @@ -{ self, lib, config, ... }: +{ self, lib, pkgs, config, ... }: let certsSopsFile = self + /secrets/certs/secrets.yaml; clientSopsFile = self + /secrets/${config.networking.hostName}/secrets.yaml; @@ -81,6 +81,12 @@ in networkmanager = { enable = true; wifi.backend = "iwd"; + plugins = [ + # list of plugins: https://search.nixos.org/packages?query=networkmanager- + # docs https://networkmanager.dev/docs/vpn/ + pkgs.networkmanager-openconnect + pkgs.networkmanager-openvpn + ]; ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) { environmentFiles = [ "${config.sops.templates."network-manager.env".path}" diff --git a/modules/nixos/client/sway.nix b/modules/nixos/client/sway.nix index a71a8a2..afd8157 100644 --- a/modules/nixos/client/sway.nix +++ b/modules/nixos/client/sway.nix @@ -4,7 +4,7 @@ config = lib.mkIf config.swarselsystems.modules.sway { programs.sway = { enable = true; - package = pkgs.swayfx; + package = pkgs.dev.swayfx; wrapperFeatures = { base = true; gtk = true; diff --git a/modules/nixos/common/settings.nix b/modules/nixos/common/settings.nix index 23ec3aa..65ab5e8 100644 --- a/modules/nixos/common/settings.nix +++ b/modules/nixos/common/settings.nix @@ -54,6 +54,7 @@ in config = lib.mkIf config.swarselsystems.modules.general (lib.recursiveUpdate { + sops.secrets.github-api-token = lib.mkIf (!minimal) { }; nix = { package = pkgs.nixVersions.nix_2_28; @@ -77,6 +78,8 @@ in patches = (o.patches or []) ++ ["${self}/nix/nix-plugins.patch"]; })}/lib/nix/plugins extra-builtins-file = ${self + /nix/extra-builtins.nix} + '' + lib.optionalString (!minimal) '' + !include ${config.sops.secrets.github-api-token.path} ''; }; diff --git a/modules/nixos/optional/work.nix b/modules/nixos/optional/work.nix index 6ea83f2..fdf85d4 100644 --- a/modules/nixos/optional/work.nix +++ b/modules/nixos/optional/work.nix @@ -195,7 +195,7 @@ in govc terraform opentofu - terragrunt + dev.terragrunt graphviz azure-cli diff --git a/nix/overlays.nix b/nix/overlays.nix index 6d32b78..5559021 100644 --- a/nix/overlays.nix +++ b/nix/overlays.nix @@ -45,6 +45,13 @@ in }; }; + nixpkgs-dev = final: _: { + dev = import inputs.nixpkgs-dev { + inherit (final) system; + config.allowUnfree = true; + }; + }; + nixpkgs-kernel = final: _: { kernel = import inputs.nixpkgs-kernel { inherit (final) system; @@ -74,6 +81,7 @@ in (additions final prev) // (modifications final prev) // (nixpkgs-stable final prev) + // (nixpkgs-dev final prev) // (nixpkgs-kernel final prev) // (nixpkgs-stable24_05 final prev) // (nixpkgs-stable24_11 final prev) diff --git a/secrets/general/secrets.yaml b/secrets/general/secrets.yaml index e7127e4..5247a7d 100644 --- a/secrets/general/secrets.yaml +++ b/secrets/general/secrets.yaml @@ -18,6 +18,8 @@ github-notifications-token: ENC[AES256_GCM,data:RYXPsn4Lqr0sFKC2J/+LOaqvWG8u/Xnr u2f-keys: ENC[AES256_GCM,data:4UPXyOYEQR1oybxPLR3JW8ro5gTzq0YQse1lnAP020Nm4JG4ElR7iLGhEduXLZSuRcBGy9x/8FIr6UenR6vjFvlt/F+vV7WM2U6rXuUqLeplZksfvYDUi1LNVbj21DUvLddryIbXOfiya9lTPBlbCtOeT5eG2yzp9uzxkIshieH3izU8H5poR2aZiPcd5v9H3aAosrWKhUAR9V6C2s1L5CvlRxKeF0rN3eocCfLFQw9xLVPmyBpOJE6JbKaZgu/9nRB5cp7/xVgLwIvCv09liF3wwqR/O9sBzA3vaTIrZiFI7CeNG++i7HhdABCtvtVb8fh8OqtTi5J4uFRZ4eI4+t5MacVbYnAlmA2U5MHPYweXogIHWMbXZtYt3gb5yreD1+VVNxSHD8ZjkJ9JRazHEkVtDHUQUeVktArxQst7hdpfqYFXY8ZnhLGWhU6mXd/5UDanfVPWhVt4lDg0OY3W9fNM8crIR3g7vwbtxTq3w3pMG5nI/Ia2kxZjpbrIY26tb780ar0lbprCmKTpmjz3zkYFVQ4j8G0/fHJ7ndP8gOhtksPrGNhE4kdF8ORxzDnpjWBCGz7Nr7B+AJuwvgf06mRNvaNDFLA+Bq9qIAZ05bwEx+B2SUJjgdLAOkDSQGD5nJQRjUg589Mzgah7oqsmKSp4y25e29BnrbLTWzYBhzi40pkC5mNyo1yeo+D/Vl1IhQvjQGidyQBg6fxQjk9+kmBybAKTyVn/DSbnoNsl7CKkcL1J0dfP0FW7FTfpNt3gqcWvR4qcvPJagyA2fQ==,iv:31oBmnpgnLuvtlmYDe6BE3q7aLIHah2fBZmhNW43IOE=,tag:9H++b6LYoQqC5nDh8sSziw==,type:str] #ENC[AES256_GCM,data:NoqAfw==,iv:myxrEPllN9zwXn5iCxL89qX7wSN8C0foFdxvvitq7b0=,tag:Yud5HDjWvEMrw1lMp21hMg==,type:comment] croc-password: ENC[AES256_GCM,data:uz7vI2rrPi1uTKEks4IPnWOt/R6ydlp/cQ==,iv:ZE01XcS6nF1sqz04rC1o20l+1DpNSRVjhC40ZmTVCww=,tag:REjnDQBcDkUzLg2ZsiDUvA==,type:str] +#ENC[AES256_GCM,data:qsBNKxd3Ng==,iv:1fNMDJt7vgKFSdghYBZsuDoZ1sWvzj1Zu8NmkjX6Zh8=,tag:0D7EsgN8B1z7/y4iZS/PtQ==,type:comment] +github-api-token: ENC[AES256_GCM,data:9AhHkmv4JUjmir77INYflGvjNWW/E17FmfoXs5IUnAlL7B/l8s7UlVob0Az4lOUnm3+R0RWJz0HKMvOdZVZjd3RakdoWqvBHFqOVNF1MNthg2izIiaERsnDXcxj54qJfpD505xFSBWmnTKWVwRZlW5WEsFPuvaVy,iv:wzXT+qsn4VG+R8tGU33EWoaMKs4c/BB5W7f2JvuX2eY=,tag:EEhbktsmWHBwh0iBtfaXlA==,type:str] sops: age: - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 @@ -74,8 +76,8 @@ sops: azY5dGFTUWhiQ083VlBzdVRrSmZFNTQKqoJy8eP+beb/86Dg7BLaYEmZJG2oMS/I y1tSw+Ij5TfghzbtKcK++88L7ZPJLRocnKXftFbjutHNKmWW3+oW7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-05T11:50:26Z" - mac: ENC[AES256_GCM,data:9We7i769wGZZS3D7c1BvruKwuepeVR9NatmIAbusNvvyM417YkLgggTyzNL00XFRYC1at+Wg7wAwajoFH0Eomt1gKLC8LRqYpetGja0m3+toZwpLAk1ByrknRgeueeV/LPbKZpd0DxHYHXm1AP2zUcDYUC4jikk54Kdt9G3nfEg=,iv:2QQvQNmhQlYtXo6/O/iuMeof2Cwt6aaopLNa7PHtxQc=,tag:XELS4r3bstTxHXsyjyYBAA==,type:str] + lastmodified: "2025-07-07T15:40:09Z" + mac: ENC[AES256_GCM,data:IgodPXcdFB7zYwt1dbRXkuQ2Ko2cAy4L6BvObuP8sWRO26Sn0CRvBtfwEtJLRMoXyS3hXJ25hzTeQOUaTVRw/5GEViM4SxdUuE9b5rX1J7tRftgdI45f12tsBMJQhk4NDtxpm4CSUvh11XqNdBkBjFUMxfZVweXFhoZ7tJ3oElg=,iv:9WNevYqRUe5DtCWN6mMNNwQvxB4Z8ac/zKPocjMa33A=,tag:n/DL3B8WB/YKfcbo6ArMDw==,type:str] pgp: - created_at: "2025-06-14T18:15:57Z" enc: |-