chore: update flake

2025-12-06 00:57:22 +01:00 · 2025-09-15 15:55:39 +02:00 · 2025-09-15 15:55:39 +02:00 · d0f432b717
commit d0f432b717
parent 0848f04326
25 changed files with 2787 additions and 999 deletions
--- a/modules/home/common/packages.nix
+++ b/modules/home/common/packages.nix
@ -81,7 +81,7 @@
      # spotify
      vesktop # discord client
      # nextcloud-client # enables a systemd service that I do not want
-      stable.spotify-player
+      spotify-player
      element-desktop
      nicotine-plus
      stable.transmission_3
--- a/modules/home/common/settings.nix
+++ b/modules/home/common/settings.nix
@ -7,10 +7,14 @@ in
  config = lib.mkIf config.swarselmodules.general {
    nix = lib.mkIf (!config.swarselsystems.isNixos) {
      package = lib.mkForce pkgs.nixVersions.nix_2_28;
+      # extraOptions = ''
+      #   plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
+      #   extra-builtins-file = ${self + /nix/extra-builtins.nix}
+      # '';
      extraOptions = ''
        plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
-          buildInputs = [pkgs.nixVersions.nix_2_28 pkgs.boost];
-          patches = (o.patches or []) ++ ["${self}/nix/nix-plugins.patch"];
+          buildInputs = [config.nix.package pkgs.boost];
+          patches = o.patches or [];
        })}/lib/nix/plugins
        extra-builtins-file = ${self + /nix/extra-builtins.nix}
      '';
--- a/modules/home/common/spicetify.nix
+++ b/modules/home/common/spicetify.nix
@ -8,7 +8,8 @@ in
  config = lib.mkIf config.swarselmodules.${moduleName} {
    programs.spicetify = {
      enable = true;
-      spotifyPackage = pkgs.stable24_11.spotify;
+      # spotifyPackage = pkgs.stable24_11.spotify;
+      spotifyPackage = pkgs.spotify;
      enabledExtensions = with spicePkgs.extensions; [
        fullAppDisplay
        shuffle
--- a/modules/home/common/ssh.nix
+++ b/modules/home/common/ssh.nix
@ -4,12 +4,24 @@
  config = lib.mkIf config.swarselmodules.ssh {
    programs.ssh = {
      enable = true;
-      forwardAgent = true;
+      enableDefaultConfig = false;
      extraConfig = ''
        SetEnv TERM=xterm-256color
        ServerAliveInterval 20
      '';
      matchBlocks = {
+        "*" = {
+          forwardAgent = true;
+          addKeysToAgent = "no";
+          compression = false;
+          serverAliveInterval = 0;
+          serverAliveCountMax = 3;
+          hashKnownHosts = false;
+          userKnownHostsFile = "~/.ssh/known_hosts";
+          controlMaster = "no";
+          controlPath = "~/.ssh/master-%r@%n:%p";
+          controlPersist = "no";
+        };
        "pfsense" = {
          hostname = "192.168.1.1";
          user = "root";
--- a/modules/home/common/sway.nix
+++ b/modules/home/common/sway.nix
@ -262,7 +262,7 @@ in
            { app_id = "pavucontrol"; }
            { app_id = "syncthingtray"; }
            { app_id = "Element"; }
-            { class = "1Password"; }
+            { app_id = "1Password"; }
            { app_id = "com.nextcloud.desktopclient.nextcloud"; }
            { title = "(?:Open|Save) (?:File|Folder|As)"; }
            { title = "^Add$"; }
--- a/modules/nixos/client/lid.nix
+++ b/modules/nixos/client/lid.nix
@ -2,9 +2,9 @@
 {
  options.swarselmodules.lid = lib.mkEnableOption "lid config";
  config = lib.mkIf config.swarselmodules.lid {
-    services.logind = {
-      lidSwitch = "suspend";
-      lidSwitchDocked = "ignore";
+    services.logind.settings.Login = {
+      HandleLidSwitch = "suspend";
+      HandleLidSwitchDocked = "ignore";
    };
    services.acpid = {
      enable = true;
--- a/modules/nixos/client/nvd-rebuild.nix
+++ b/modules/nixos/client/nvd-rebuild.nix
@ -7,12 +7,12 @@
      pkgs.nvd
    ];

-    system.activationScripts.diff = {
-      supportsDryActivation = true;
-      text = ''
-        ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \
-             /run/current-system "$systemConfig"
-      '';
-    };
+    # system.activationScripts.diff = {
+    #   supportsDryActivation = true;
+    #   text = ''
+    #     ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff \
+    #          /run/current-system "$systemConfig"
+    #   '';
+    # };
  };
 }
--- a/modules/nixos/client/xdg-portal.nix
+++ b/modules/nixos/client/xdg-portal.nix
@ -4,11 +4,11 @@
  config = lib.mkIf config.swarselmodules.xdg-portal {
    xdg.portal = {
      enable = true;
-      # config = {
-      #   common = {
-      #     default = "wlr";
-      #   };
-      # };
+      config = {
+        common = {
+          default = "wlr";
+        };
+      };
      wlr.enable = true;
      wlr.settings.screencast = {
        output_name = "eDP-1";
--- a/modules/nixos/common/settings.nix
+++ b/modules/nixos/common/settings.nix
@ -73,13 +73,15 @@ in
            trusted-users = [ "@wheel" "${config.swarselsystems.mainUser}" ];
          };
          # extraOptions = ''
-          #   plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins
+          #   plugin-files = ${pkgs.dev.nix-plugins}/lib/nix/plugins
          #   extra-builtins-file = ${self + /nix/extra-builtins.nix}
+          # '' + lib.optionalString (!minimal) ''
+          #   !include ${config.sops.secrets.github-api-token.path}
          # '';
          extraOptions = ''
            plugin-files = ${pkgs.nix-plugins.overrideAttrs (o: {
-              buildInputs = [pkgs.nixVersions.nix_2_28 pkgs.boost];
-              patches = (o.patches or []) ++ ["${self}/nix/nix-plugins.patch"];
+              buildInputs = [config.nix.package pkgs.boost];
+              patches = o.patches or [];
            })}/lib/nix/plugins
            extra-builtins-file = ${self + /nix/extra-builtins.nix}
          '' + lib.optionalString (!minimal) ''
--- a/modules/nixos/server/immich.nix
+++ b/modules/nixos/server/immich.nix
@ -1,4 +1,4 @@
-{ lib, config, globals, ... }:
+{ lib, pkgs, config, globals, ... }:
 let
  servicePort = 3001;
  serviceUser = "immich";
@ -19,6 +19,7 @@ in

    services.${serviceName} = {
      enable = true;
+      package = pkgs.stable.immich;
      host = "0.0.0.0";
      port = servicePort;
      openFirewall = true;
--- a/modules/nixos/server/kanidm.nix
+++ b/modules/nixos/server/kanidm.nix
@ -50,7 +50,7 @@ in

    services = {
      ${serviceName} = {
-        package = pkgs.kanidmWithSecretProvisioning;
+        package = pkgs.kanidmWithSecretProvisioning_1_7;
        enableServer = true;
        serverSettings = {
          domain = serviceDomain;
--- a/modules/nixos/server/nginx.nix
+++ b/modules/nixos/server/nginx.nix
@ -20,7 +20,6 @@ in

    security.acme = {
      acceptTerms = true;
-      preliminarySelfsigned = false;
      defaults = {
        inherit dnsProvider;
        email = address3;
--- a/modules/nixos/server/settings.nix
+++ b/modules/nixos/server/settings.nix
@ -15,11 +15,9 @@ in

    environment.shellAliases = lib.recursiveUpdate
      {
-        npswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
-        nswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch;";
-        npiswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
-        nipswitch = "cd ${flakePath}; git pull; sudo nixos-rebuild --flake .#$(hostname) switch --impure; cd -;";
-        niswitch = "sudo nixos-rebuild --flake ${flakePath}#$(hostname) switch --impure;";
+        nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
+        nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;";
+        ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;";
      }
      config.swarselsystems.shellAliases;

--- a/modules/nixos/server/shlink.nix
+++ b/modules/nixos/server/shlink.nix
@ -3,6 +3,7 @@ let
  servicePort = 8081;
  serviceName = "shlink";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceDir = "/var/lib/shlink";

  containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a";

@ -42,12 +43,23 @@ in
        config.sops.templates.shlink-env.path
      ];
      ports = [ "${builtins.toString servicePort}:${builtins.toString servicePort}" ];
-      volumes = [ ];
+      volumes = [
+        "${serviceDir}/data:/etc/shlink/data"
+      ];
    };

+    systemd.tmpfiles.rules = [
+      "d ${serviceDir}/data 0750 1001 root - -"
+      "d ${serviceDir}/data/cache 0750 1001 root - -"
+      "d ${serviceDir}/data/locks 0750 1001 root - -"
+      "d ${serviceDir}/data/log 0750 1001 root - -"
+      "d ${serviceDir}/data/proxies 0750 1001 root - -"
+    ];
+
    networking.firewall.allowedTCPPorts = [ servicePort ];

    environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
+      { directory = serviceDir; }
      { directory = "/var/lib/containers"; }
    ];

--- a/modules/nixos/server/slink.nix
+++ b/modules/nixos/server/slink.nix
@ -65,7 +65,6 @@ in
          locations = {
            "/" = {
              proxyPass = "http://${serviceName}";
-              setOauth2Headers = false;
            };
            "/image" = {
              proxyPass = "http://${serviceName}";
--- a/modules/shared/vars.nix
+++ b/modules/shared/vars.nix
@ -77,7 +77,7 @@
            browserpass
            clearurls
            darkreader
-            enhancer-for-youtube
+            # enhancer-for-youtube
            istilldontcareaboutcookies
            translate-web-pages
            ublock-origin
@ -90,7 +90,7 @@
            enhanced-github
            unpaywall
            don-t-fuck-with-paste
-            plasma-integration
+            # plasma-integration
            noscript

            # configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut