From 2388205a248f8c86ce267b2eaddd8348d6a59249 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com> Date: Sun, 18 May 2025 16:26:46 +0200 Subject: [PATCH 01/10] chore(home): remove teams-for-linux --- home/felschr.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/home/felschr.nix b/home/felschr.nix index f5ee504..81884fd 100644 --- a/home/felschr.nix +++ b/home/felschr.nix @@ -56,9 +56,6 @@ tabbed curtail - # work - teams-for-linux - # dev & admin pods # gaphor From b012eb8a6a639ebb321fe8b16b6183ac09e9f8ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com> Date: Sun, 18 May 2025 16:27:26 +0200 Subject: [PATCH 02/10] feat(home): replace yubikey-manager-qt with yubioath-flutter --- home/felschr.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/home/felschr.nix b/home/felschr.nix index 81884fd..d71d143 100644 --- a/home/felschr.nix +++ b/home/felschr.nix @@ -79,8 +79,7 @@ raider gnome-obfuscate yubikey-manager - yubikey-manager-qt - # yubioath-flutter # TODO conflicts with fluffychat + yubioath-flutter magic-wormhole-rs warp # onionshare-gui From 1ace6186cfcac08c06bf82e5456360751432661f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com> Date: Sun, 18 May 2025 16:27:49 +0200 Subject: [PATCH 03/10] feat(home): replace warp with localsend & onionshare-gui --- home/felschr.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/felschr.nix b/home/felschr.nix index d71d143..4654366 100644 --- a/home/felschr.nix +++ b/home/felschr.nix @@ -81,8 +81,8 @@ yubikey-manager yubioath-flutter magic-wormhole-rs - warp - # onionshare-gui + localsend + onionshare-gui transmission_4-gtk unstable.qbittorrent fragments From 418fc173e634dde00afa5866df186a13c8d843c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com> Date: Sun, 18 May 2025 17:07:53 +0200 Subject: [PATCH 04/10] chore: upgrade to NixOS 25.05 --- flake.lock | 16 ++--- flake.nix | 4 +- home/browsers/firefox.nix | 7 +- home/browsers/mullvad-browser.nix | 116 +++++++++++++++++------------- home/desktop/mimeapps.nix | 4 +- home/felschr-server.nix | 6 +- home/felschr-work.nix | 6 +- home/felschr.nix | 6 +- home/shell/zellij.nix | 5 +- home/shell/zsh.nix | 2 +- home/signal.nix | 2 +- services/authelia.nix | 3 +- system/fonts.nix | 2 +- system/sound.nix | 2 +- 14 files changed, 99 insertions(+), 82 deletions(-) diff --git a/flake.lock b/flake.lock index cb3b0a6..e11f71c 100644 --- a/flake.lock +++ b/flake.lock @@ -294,16 +294,16 @@ ] }, "locked": { - "lastModified": 1747331121, - "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=", + "lastModified": 1747556831, + "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", "owner": "nix-community", "repo": "home-manager", - "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608", + "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } @@ -386,16 +386,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747335874, - "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", + "lastModified": 1747428706, + "narHash": "sha256-XVds9FkRrY59xRNNq14FNsFGqDiexXX/mlHcX4hPyyk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", + "rev": "2e1496bf8652ff4af4e4d4737277f71e4a4f5cb2", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 7d68912..7262eb3 100644 --- a/flake.nix +++ b/flake.nix @@ -15,7 +15,7 @@ rec { }; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; @@ -29,7 +29,7 @@ rec { flake-utils.url = "github:numtide/flake-utils"; home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/home/browsers/firefox.nix b/home/browsers/firefox.nix index 2b1dd05..7f551a3 100644 --- a/home/browsers/firefox.nix +++ b/home/browsers/firefox.nix @@ -65,15 +65,16 @@ in private = { id = 0; extraConfig = sharedExtraConfig; - extensions = commonExtensions; + extensions.packages = commonExtensions; }; work = { id = 1; extraConfig = sharedExtraConfig; - extensions = + extensions.packages = commonExtensions ++ (with firefox-addons; [ - bitwarden + # dashlane + # bitwarden react-devtools reduxdevtools ]); diff --git a/home/browsers/mullvad-browser.nix b/home/browsers/mullvad-browser.nix index d5d5bf2..f5614c7 100644 --- a/home/browsers/mullvad-browser.nix +++ b/home/browsers/mullvad-browser.nix @@ -50,124 +50,145 @@ let commonSearch = { force = true; # TODO defaults don't work - default = "Qwant"; - privateDefault = "Qwant"; + default = "qwant"; + privateDefault = "qwant"; order = [ - "Qwant" - "Ecosia" - "DuckDuckGo" - "Startpage" + "qwant" + "ecosia" + "ddg" + "startpage" "kagi" ]; engines = { # builtin - "Startpage".metaData.alias = "@s"; - "DuckDuckGo".metaData.alias = "@d"; + startpage.metaData.alias = "@s"; + ddg.metaData.alias = "@d"; # extra - "Qwant" = { + qwant = { + name = "Qwant"; urls = [ { template = "https://www.qwant.com/?q={searchTerms}"; } ]; - iconURL = "https://www.qwant.com/favicon.ico"; + iconMapObj."16" = "https://www.qwant.com/favicon.ico"; definedAliases = [ "@q" ]; }; - "Ecosia" = { + ecosia = { + name = "Ecosia"; urls = [ { template = "https://www.ecosia.org/search?q={searchTerms}"; } ]; - iconURL = "https://www.ecosia.org/favicon.ico"; + iconMapObj."16" = "https://www.ecosia.org/favicon.ico"; definedAliases = [ "@e" ]; }; - "kagi" = { + kagi = { + name = "Kagi"; urls = [ { template = "https://kagi.com/search?q={searchTerms}"; } ]; - iconURL = "https://kagi.com/favicon.ico"; + iconMapObj."16" = "https://kagi.com/favicon.ico"; definedAliases = [ "@k" ]; }; - "GitHub" = { + github = { + name = "GitHub"; urls = [ { template = "https://github.com/search?q={searchTerms}"; } ]; - iconURL = "https://github.com/favicon.ico"; + iconMapObj."16" = "https://github.com/favicon.ico"; definedAliases = [ "@gh" ]; }; - "GitLab" = { + gitlab = { + name = "GitLab"; urls = [ { template = "https://gitlab.com/search?search={searchTerms}"; } ]; - iconURL = "https://gitlab.com/favicon.ico"; + iconMapObj."16" = "https://gitlab.com/favicon.ico"; definedAliases = [ "@gl" ]; }; - "Codeberg" = { + codeberg = { + name = "Codeberg"; urls = [ { template = "https://codeberg.org/explore/repos?q={searchTerms}"; } ]; - iconURL = "https://codeberg.org/favicon.ico"; + iconMapObj."16" = "https://codeberg.org/favicon.ico"; definedAliases = [ "@cb" ]; }; - "Nix Packages" = { + nix-packages = { + name = "Nix Packages"; urls = [ { template = "https://search.nixos.org/packages?query={searchTerms}"; } ]; icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@np" ]; }; - "NixOS Options" = { + nixos-options = { + name = "NixOS Options"; urls = [ { template = "https://search.nixos.org/options?query={searchTerms}"; } ]; icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@no" ]; }; - "Nix Flakes: Packages" = { + nix-flakes-packages = { + name = "Nix Flakes: Packages"; urls = [ { template = "https://search.nixos.org/flakes?type=packages&query={searchTerms}"; } ]; icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@nfp" ]; }; - "Nix Flakes: Options" = { + nix-flakes-options = { + name = "Nix Flakes: Options"; urls = [ { template = "https://search.nixos.org/flakes?type=options&query={searchTerms}"; } ]; icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@nfo" ]; }; - "NixOS Wiki" = { + nixos-wiki = { + name = "NixOS Wiki"; urls = [ { template = "https://wiki.nixos.org/w/index.php?search={searchTerms}"; } ]; icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@nw" ]; }; - "Crates.io" = { + crates-io = { + name = "Crates.io"; urls = [ { template = "https://crates.io/search?q={searchTerms}"; } ]; - iconURL = "https://crates.io/favicon.ico"; + iconMapObj."16" = "https://crates.io/favicon.ico"; definedAliases = [ "@rc" ]; }; - "Docs.rs" = { + docs-rs = { + name = "Docs.rs"; urls = [ { template = "https://docs.rs/releases/search?query={searchTerms}"; } ]; - iconURL = "https://docs.rs/favicon.ico"; + iconMapObj."16" = "https://docs.rs/favicon.ico"; definedAliases = [ "@rd" ]; }; - "Rust Book" = { + rust-book = { + name = "Rust Book"; urls = [ { template = "https://doc.rust-lang.org/book/?search={searchTerms}"; } ]; - iconURL = "https://doc.rust-lang.org/book/favicon.svg"; + iconMapObj."16" = "https://doc.rust-lang.org/book/favicon.svg"; definedAliases = [ "@rb" ]; }; - "Rust std" = { + rust-std = { + name = "Rust std"; urls = [ { template = "https://doc.rust-lang.org/stable/std/?search={searchTerms}"; } ]; - iconURL = "https://www.rust-lang.org/static/images/favicon.svg"; + iconMapObj."16" = "https://www.rust-lang.org/static/images/favicon.svg"; definedAliases = [ "@rs" ]; }; - "npm" = { + npm = { + name = "npm"; urls = [ { template = "https://www.npmjs.com/search?q={searchTerms}"; } ]; - iconURL = "https://static-production.npmjs.com/da3ab40fb0861d15c83854c29f5f2962.png"; + iconMapObj."16" = "https://static-production.npmjs.com/da3ab40fb0861d15c83854c29f5f2962.png"; definedAliases = [ "@npm" ]; }; - "PyPI" = { + pypi = { + name = "PyPI"; urls = [ { template = "https://pypi.org/search/?q={searchTerms}"; } ]; - iconURL = "https://pypi.org/favicon.ico"; + iconMapObj."16" = "https://pypi.org/favicon.ico"; definedAliases = [ "@pypi" ]; }; - "Stack Overflow" = { + stack-overflow = { + name = "Stack Overflow"; urls = [ { template = "https://stackoverflow.com/search?q={searchTerms}"; } ]; - iconURL = "https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico"; + iconMapObj."16" = "https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico"; definedAliases = [ "@so" ]; }; - "Wikipedia" = { + wikipedia = { + name = "Wikipedia"; urls = [ { template = "https://en.wikipedia.org/wiki/{searchTerms}"; } ]; - iconURL = "https://en.wikipedia.org/favicon.ico"; + iconMapObj."16" = "https://en.wikipedia.org/favicon.ico"; definedAliases = [ "@w" ]; }; - "Wolfram Alpha" = { + wolfram-alpha = { + name = "Wolfram Alpha"; urls = [ { template = "https://www.wolframalpha.com/input?i={searchTerms}"; } ]; - iconURL = "https://www.wolframalpha.com/_next/static/images/favicon_1zbE9hjk.ico"; + iconMapObj."16" = "https://www.wolframalpha.com/_next/static/images/favicon_1zbE9hjk.ico"; definedAliases = [ "@wa" ]; }; - "Reddit" = { + reddit = { + name = "Reddit"; urls = [ { template = "https://www.reddit.com/search/?q={searchTerms}"; } ]; - iconURL = "https://www.reddit.com/favicon.ico"; + iconMapObj."16" = "https://www.reddit.com/favicon.ico"; definedAliases = [ "@r" ]; }; }; @@ -191,13 +212,12 @@ in id = 0; settings = commonSettings; search = commonSearch; - extensions = commonExtensions; + extensions.packages = commonExtensions; }; work = { id = 1; settings = commonSettings; - search = commonSearch; - extensions = + extensions.packages = commonExtensions ++ (with firefox-addons; [ bitwarden diff --git a/home/desktop/mimeapps.nix b/home/desktop/mimeapps.nix index 901b0f1..d974caf 100644 --- a/home/desktop/mimeapps.nix +++ b/home/desktop/mimeapps.nix @@ -26,7 +26,7 @@ let pdf = [ "re.sonny.Junction.desktop" ] ++ browsers; ebook = [ "com.github.johnfactotum.Foliate.desktop" ]; magnet = [ "transmission-gtk.desktop" ]; - signal = [ "signal-desktop.desktop" ]; + signal = [ "signal.desktop" ]; }; mimeMap = { @@ -89,7 +89,7 @@ let pdf = [ "application/pdf" ]; ebook = [ "application/epub+zip" ]; magnet = [ "x-scheme-handler/magnet" ]; - signal = [ "signal-desktop.desktop" ]; + signal = [ "signal.desktop" ]; }; associations = diff --git a/home/felschr-server.nix b/home/felschr-server.nix index 068d8fb..fbaeeb2 100644 --- a/home/felschr-server.nix +++ b/home/felschr-server.nix @@ -26,9 +26,9 @@ sshKeys = [ "3C48489F3B0FBB44E72180D4B1D7541C201C9987" ]; defaultCacheTtl = 600; defaultCacheTtlSsh = 600; - pinentryPackage = pkgs.pinentry-curses; + pinentry.package = pkgs.pinentry-curses; }; - programs.zsh.initExtra = '' + programs.zsh.initContent = '' export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh ''; @@ -44,5 +44,5 @@ } ''; - home.stateVersion = "24.11"; + home.stateVersion = "25.05"; } diff --git a/home/felschr-work.nix b/home/felschr-work.nix index 6d7011e..db68ce4 100644 --- a/home/felschr-work.nix +++ b/home/felschr-work.nix @@ -28,9 +28,9 @@ with pkgs; sshKeys = [ "8A6213DCDAF86BD3A63549FCFDF71B2C92DAE02C" ]; defaultCacheTtl = 600; defaultCacheTtlSsh = 600; - pinentryPackage = pkgs.pinentry-gnome3; + pinentry.package = pkgs.pinentry-gnome3; }; - programs.zsh.initExtra = '' + programs.zsh.initContent = '' export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh ''; @@ -75,5 +75,5 @@ with pkgs; emblem ]; - home.stateVersion = "24.11"; + home.stateVersion = "25.05"; } diff --git a/home/felschr.nix b/home/felschr.nix index 4654366..b9b43b2 100644 --- a/home/felschr.nix +++ b/home/felschr.nix @@ -28,9 +28,9 @@ ]; defaultCacheTtl = 600; defaultCacheTtlSsh = 600; - pinentryPackage = pkgs.pinentry-gnome3; + pinentry.package = pkgs.pinentry-gnome3; }; - programs.zsh.initExtra = '' + programs.zsh.initContent = '' export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh ''; @@ -96,5 +96,5 @@ emblem ]; - home.stateVersion = "24.11"; + home.stateVersion = "25.05"; } diff --git a/home/shell/zellij.nix b/home/shell/zellij.nix index 1555ef8..03c1740 100644 --- a/home/shell/zellij.nix +++ b/home/shell/zellij.nix @@ -4,6 +4,7 @@ programs.zellij.enable = true; programs.zellij.package = pkgs.unstable.zellij; programs.zellij.enableZshIntegration = true; + programs.zellij.exitShellOnExit = true; programs.zellij.settings = { default_layout = "compact"; # or default default_mode = "normal"; @@ -17,8 +18,4 @@ strider.path = "strider"; }; }; - - home.sessionVariables = { - ZELLIJ_AUTO_EXIT = "true"; - }; } diff --git a/home/shell/zsh.nix b/home/shell/zsh.nix index d997075..acd0cb2 100644 --- a/home/shell/zsh.nix +++ b/home/shell/zsh.nix @@ -29,7 +29,7 @@ in file = "share/zsh-history-substring-search/zsh-history-substring-search.zsh"; } ]; - initExtra = '' + initContent = '' export KEYTIMEOUT=1 ZSH_AUTOSUGGEST_USE_ASYNC=1 diff --git a/home/signal.nix b/home/signal.nix index 265d6f4..d355c37 100644 --- a/home/signal.nix +++ b/home/signal.nix @@ -4,7 +4,7 @@ home.packages = with pkgs; [ signal-desktop (makeAutostartItem { - name = "signal-desktop"; + name = "signal"; package = signal-desktop; prependExtraArgs = [ "--start-in-tray" ]; }) diff --git a/services/authelia.nix b/services/authelia.nix index ff8e4c3..011bfb1 100644 --- a/services/authelia.nix +++ b/services/authelia.nix @@ -100,8 +100,7 @@ in settings = { theme = "dark"; server = { - host = "::1"; - inherit port; + address = "tcp://[::1]:${toString port}"; }; default_2fa_method = "webauthn"; default_redirection_url = "https://${domain}"; diff --git a/system/fonts.nix b/system/fonts.nix index 496155b..b3fbb75 100644 --- a/system/fonts.nix +++ b/system/fonts.nix @@ -6,7 +6,7 @@ noto-fonts-extra noto-fonts-cjk-sans noto-fonts-emoji - (nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; }) + nerd-fonts.symbols-only fira-code ]; fonts.fontconfig.defaultFonts = { diff --git a/system/sound.nix b/system/sound.nix index 75a1b7b..d9ef316 100644 --- a/system/sound.nix +++ b/system/sound.nix @@ -6,8 +6,8 @@ }: { - hardware.pulseaudio.enable = false; security.rtkit.enable = true; + services.pulseaudio.enable = false; services.pipewire = { enable = true; alsa.enable = true; From e34e0cae221f8abb2462151abe0894ecff73f54b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com> Date: Sun, 18 May 2025 17:18:53 +0200 Subject: [PATCH 05/10] refactor(desktop): migrate from cosmic-nix to upstream NixOS module --- desktop/cosmic.nix | 6 ++-- flake.lock | 79 +--------------------------------------------- flake.nix | 7 ---- 3 files changed, 3 insertions(+), 89 deletions(-) diff --git a/desktop/cosmic.nix b/desktop/cosmic.nix index 6a8a1c0..335fe10 100644 --- a/desktop/cosmic.nix +++ b/desktop/cosmic.nix @@ -1,10 +1,8 @@ -{ inputs, lib, ... }: +{ pkgs, lib, ... }: { - imports = [ inputs.nixos-cosmic.nixosModules.default ]; + services.desktopManager.cosmic.enable = true; - # TODO at the moment COSMIC cannot be used alongside Gnome - # https://github.com/lilyinstarlight/nixos-cosmic/issues/17 specialisation = { cosmic.configuration = { services.xserver.displayManager.gdm.enable = lib.mkForce false; diff --git a/flake.lock b/flake.lock index e11f71c..6e0a257 100644 --- a/flake.lock +++ b/flake.lock @@ -155,22 +155,6 @@ } }, "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1746162366, - "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_4": { "flake": false, "locked": { "lastModified": 1696426674, @@ -346,29 +330,6 @@ "type": "github" } }, - "nixos-cosmic": { - "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1747566515, - "narHash": "sha256-mBT3EypUn1HZ5iRGDmZQPtVNYxQxnkIsasggSCndYjw=", - "owner": "lilyinstarlight", - "repo": "nixos-cosmic", - "rev": "93f3add95306179d15f8a6b1cfc87bfdc1702a33", - "type": "github" - }, - "original": { - "owner": "lilyinstarlight", - "repo": "nixos-cosmic", - "type": "github" - } - }, "nixos-hardware": { "locked": { "lastModified": 1747129300, @@ -400,22 +361,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1747335874, - "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1747327360, @@ -472,7 +417,7 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" @@ -502,7 +447,6 @@ "flake-utils": "flake-utils", "home-manager": "home-manager_2", "matrix-appservices": "matrix-appservices", - "nixos-cosmic": "nixos-cosmic", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", @@ -511,27 +455,6 @@ "pre-commit-hooks": "pre-commit-hooks" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "nixos-cosmic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747535902, - "narHash": "sha256-rKWBtLcqQeu8PpfKIBn1ORXS2udSH/MwnQFwfSpFOLg=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "b7a99615d26b82c39b73ccc9026545c3f3403b71", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 7262eb3..e7a3933 100644 --- a/flake.nix +++ b/flake.nix @@ -4,12 +4,10 @@ rec { nixConfig = { extra-substituters = [ "https://nix-community.cachix.org" - "https://cosmic.cachix.org/" "https://felschr.cachix.org" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" "felschr.cachix.org-1:raomy5XA2tsVkBoG6wo70ARIn+V24IXhWaSe3QZo12A=" ]; }; @@ -69,11 +67,6 @@ rec { flake = false; }; - nixos-cosmic = { - url = "github:lilyinstarlight/nixos-cosmic"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - openwrt-imagebuilder = { url = "github:astro/nix-openwrt-imagebuilder"; inputs.nixpkgs.follows = "nixpkgs"; From a04fca65d8aace5c0355fbfec9489b9115028a01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com> Date: Sun, 18 May 2025 17:24:44 +0200 Subject: [PATCH 06/10] feat(home): use home-manager's new flake module --- home/flake-module.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/flake-module.nix b/home/flake-module.nix index 6722451..763fe14 100644 --- a/home/flake-module.nix +++ b/home/flake-module.nix @@ -17,6 +17,8 @@ let ); in { + imports = [ inputs.home-manager.flakeModules.home-manager ]; + flake = { homeModules = { git = import ./modules/git.nix; From f25ca7a488fc7735d9fb113d2060fff73723a5fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com> Date: Sun, 18 May 2025 19:30:30 +0200 Subject: [PATCH 07/10] fix: share pkgs & overlays with home-manager --- flake.nix | 14 ++--------- home/felschr-server.nix | 6 ----- home/felschr-work.nix | 6 ----- home/felschr.nix | 6 ----- home/flake-module.nix | 47 ++++++++++++++++++++++++----------- home/modules/nixpkgs.nix | 11 ++++++++ hosts/home-pc/default.nix | 2 -- hosts/home-server/default.nix | 2 -- overlays.nix | 14 ----------- overlays/flake-module.nix | 27 ++++++++++++++++++++ system/nix.nix | 2 ++ 11 files changed, 74 insertions(+), 63 deletions(-) create mode 100644 home/modules/nixpkgs.nix delete mode 100644 overlays.nix create mode 100644 overlays/flake-module.nix diff --git a/flake.nix b/flake.nix index e7a3933..c897492 100644 --- a/flake.nix +++ b/flake.nix @@ -75,12 +75,7 @@ rec { }; outputs = - { - self, - nixpkgs, - nixpkgs-unstable, - ... - }@inputs: + inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" @@ -91,7 +86,7 @@ rec { ./lib/flake-module.nix ./hosts/flake-module.nix ./home/flake-module.nix - ./overlays.nix + ./overlays/flake-module.nix ]; flake = { inherit nixConfig; @@ -110,11 +105,6 @@ rec { ... }: { - _module.args.pkgs = import nixpkgs { - inherit system; - config.allowUnfree = true; - }; - devShells.default = pkgs.mkShell { inherit (config.checks.pre-commit) shellHook; }; checks = { diff --git a/home/felschr-server.nix b/home/felschr-server.nix index fbaeeb2..82c0de5 100644 --- a/home/felschr-server.nix +++ b/home/felschr-server.nix @@ -38,11 +38,5 @@ programs.git.defaultProfile = "private"; - xdg.configFile."nixpkgs/config.nix".text = '' - { - allowUnfree = true; - } - ''; - home.stateVersion = "25.05"; } diff --git a/home/felschr-work.nix b/home/felschr-work.nix index db68ce4..43fd5e1 100644 --- a/home/felschr-work.nix +++ b/home/felschr-work.nix @@ -40,12 +40,6 @@ with pkgs; defaultProfile = "work"; }; - xdg.configFile."nixpkgs/config.nix".text = '' - { - allowUnfree = true; - } - ''; - home.packages = with pkgs; [ fh diff --git a/home/felschr.nix b/home/felschr.nix index b9b43b2..49eb332 100644 --- a/home/felschr.nix +++ b/home/felschr.nix @@ -38,12 +38,6 @@ programs.git.defaultProfile = "private"; - xdg.configFile."nixpkgs/config.nix".text = '' - { - allowUnfree = true; - } - ''; - home.packages = with pkgs; [ # system gparted diff --git a/home/flake-module.nix b/home/flake-module.nix index 763fe14..f6b54ac 100644 --- a/home/flake-module.nix +++ b/home/flake-module.nix @@ -1,26 +1,38 @@ { self, inputs, - pkgs, + lib, ... }: let - createHomeConfig = - name: args: - inputs.home-manager.lib.homeManagerConfiguration ( - { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - } - // args - ); + mkHomeConfiguration = + { + user, + system, + modules, + }: + inputs.home-manager.lib.homeManagerConfiguration { + pkgs = self.pkgsFor system; + extraSpecialArgs = { inherit inputs; }; + + modules = + (with self.homeModules; [ nixpkgs ]) + ++ [ + { + home.username = user; + home.homeDirectory = "/home/${user}"; + } + ] + ++ modules; + }; in { imports = [ inputs.home-manager.flakeModules.home-manager ]; flake = { homeModules = { + nixpkgs = import ./modules/nixpkgs.nix; git = import ./modules/git.nix; firefox = import ./modules/firefox/firefox.nix; tor-browser = import ./modules/firefox/tor-browser.nix; @@ -32,26 +44,31 @@ in felschr-work = import ./felschr-work.nix; }; homeConfigurations = { - felschr = createHomeConfig { + felschr = mkHomeConfiguration { + user = "felschr"; + system = "x86_64-linux"; modules = [ self.homeModules.git self.homeModules.felschr ]; }; - felschr-server = createHomeConfig { + felschr-server = mkHomeConfiguration { + user = "felschr"; + system = "x86_64-linux"; modules = [ self.homeModules.git self.homeModules.felschr-server ]; }; - felschr-work = createHomeConfig { + felschr-work = mkHomeConfiguration { + user = "felschr"; + system = "x86_64-linux"; modules = [ self.homeModules.git self.homeModules.felschr-work ]; }; }; - # HINT alias for deprecated output - homeManagerModules = self.homeModules; + homeManagerModules = lib.warn "`homeManagerModules` is deprecated. Use `homeModules` instead." self.homeModules; }; } diff --git a/home/modules/nixpkgs.nix b/home/modules/nixpkgs.nix new file mode 100644 index 0000000..de2d9c2 --- /dev/null +++ b/home/modules/nixpkgs.nix @@ -0,0 +1,11 @@ +_: + +{ + nixpkgs.config.allowUnfree = true; + + xdg.configFile."nixpkgs/config.nix".text = '' + { + allowUnfree = true; + } + ''; +} diff --git a/hosts/home-pc/default.nix b/hosts/home-pc/default.nix index 7ff949f..2a26cfd 100644 --- a/hosts/home-pc/default.nix +++ b/hosts/home-pc/default.nix @@ -22,8 +22,6 @@ ../../services/open-webui.nix ]; - nixpkgs.config.allowUnfree = true; - boot.loader.systemd-boot.memtest86.enable = true; # running binaries for other architectures diff --git a/hosts/home-server/default.nix b/hosts/home-server/default.nix index e8a4eda..e947b56 100644 --- a/hosts/home-server/default.nix +++ b/hosts/home-server/default.nix @@ -50,8 +50,6 @@ in age.secrets.cloudflare.file = ../../secrets/cloudflare.age; age.secrets.hostKey.file = ../../secrets/home-server/hostKey.age; - nixpkgs.config.allowUnfree = true; - networking.domain = "home.felschr.com"; networking.firewall.allowedTCPPorts = [ diff --git a/overlays.nix b/overlays.nix deleted file mode 100644 index a317b32..0000000 --- a/overlays.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ inputs, ... }: - -{ - flake = { - overlays.default = final: prev: { - unstable = import inputs.nixpkgs-unstable { - inherit (prev) system; - config.allowUnfree = true; - }; - inherit (inputs.self.packages.${prev.system}) deconz brlaser; - vimPlugins = prev.vimPlugins // final.callPackage ./pkgs/vim-plugins { inherit inputs; }; - }; - }; -} diff --git a/overlays/flake-module.nix b/overlays/flake-module.nix new file mode 100644 index 0000000..93e5b19 --- /dev/null +++ b/overlays/flake-module.nix @@ -0,0 +1,27 @@ +{ self, inputs, ... }: + +{ + flake = { + overlays.default = final: prev: { + unstable = import inputs.nixpkgs-unstable { + inherit (prev) system; + config.allowUnfree = true; + }; + inherit (inputs.self.packages.${prev.system}) deconz brlaser; + vimPlugins = prev.vimPlugins // final.callPackage ../pkgs/vim-plugins { inherit inputs; }; + }; + pkgsFor = + system: + import inputs.nixpkgs { + inherit system; + overlays = [ self.overlays.default ]; + config.allowUnfree = true; + }; + }; + + perSystem = + { system, ... }: + { + _module.args.pkgs = self.pkgsFor system; + }; +} diff --git a/system/nix.nix b/system/nix.nix index 6cdf0c9..3a8a7f5 100644 --- a/system/nix.nix +++ b/system/nix.nix @@ -4,6 +4,8 @@ let inherit (inputs.self.outputs) nixConfig; in { + nixpkgs.config.allowUnfree = true; + nix.gc = { automatic = true; dates = "04:00"; From cf42ef54d8acf25e4177fe4b8a58dec1c05f40ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com> Date: Sun, 18 May 2025 19:42:46 +0200 Subject: [PATCH 08/10] chore: remove custom brlaser NixOS 25.05 has switched to Owl-Maintain's fork of brlaser with the latest release that includes the fix for my duplex printing issues. --- overlays/flake-module.nix | 2 +- pkgs/brlaser/default.nix | 119 -------------------------------------- pkgs/flake-module.nix | 1 - 3 files changed, 1 insertion(+), 121 deletions(-) delete mode 100644 pkgs/brlaser/default.nix diff --git a/overlays/flake-module.nix b/overlays/flake-module.nix index 93e5b19..8eabafb 100644 --- a/overlays/flake-module.nix +++ b/overlays/flake-module.nix @@ -7,7 +7,7 @@ inherit (prev) system; config.allowUnfree = true; }; - inherit (inputs.self.packages.${prev.system}) deconz brlaser; + inherit (inputs.self.packages.${prev.system}) deconz; vimPlugins = prev.vimPlugins // final.callPackage ../pkgs/vim-plugins { inherit inputs; }; }; pkgsFor = diff --git a/pkgs/brlaser/default.nix b/pkgs/brlaser/default.nix deleted file mode 100644 index 5b98d51..0000000 --- a/pkgs/brlaser/default.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ - lib, - stdenv, - fetchFromGitHub, - cmake, - zlib, - cups, - ... -}: - -# maintained fork of brlaser with newer drivers (including Brother HL-L2370DN) -stdenv.mkDerivation (finalAttrs: { - pname = "brlaser"; - version = "6.2.6"; - - src = fetchFromGitHub { - owner = "Owl-Maintain"; - repo = "brlaser"; - rev = "v${finalAttrs.version}"; - hash = "sha256-+W84s3Nulj0kz2h1WE7/QGysVylKkN/xNqcNvrQz6D8="; - }; - - nativeBuildInputs = [ cmake ]; - buildInputs = [ - zlib - cups - ]; - - cmakeFlags = [ - "-DCUPS_SERVER_BIN=lib/cups" - "-DCUPS_DATA_DIR=share/cups" - ]; - - meta = with lib; { - description = "A CUPS driver for Brother laser printers"; - longDescription = '' - While most Brother printers can use standard printer languages like PCL or PostScript, some models do not. If you have a monochrome Brother laser printer (or multi-function device) and the other open-source drivers are not working, brlaser might be able to help. Additionally, there have been reports of some non-Brother printers working with this driver. - - The following printers have been reported to work with this driver: - - Brother DCP-1510 series - Brother DCP-1600 series - Brother DCP-1610W series - Brother DCP-7020 - Brother DCP-7030 - Brother DCP-7040 - Brother DCP-7055 - Brother DCP-7055W - Brother DCP-7060D - Brother DCP-7065DN - Brother DCP-7070DW - Brother DCP-7080 - Brother DCP-7080D - Brother DCP-8065DN - Brother DCP-L2500D series - Brother DCP-L2510D series - Brother DCP-L2520D series - Brother DCP-L2520DW series - Brother DCP-L2537DW - Brother DCP-L2540DW series - Brother DCP-L2550DW series - Brother FAX-2820 - Brother FAX-2840 - Brother HL-1110 series - Brother HL-1200 series - Brother HL-2030 series - Brother HL-2130 series - Brother HL-2140 series - Brother HL-2220 series - Brother HL-2230 series - Brother HL-2240D series - Brother HL-2250DN series - Brother HL-2260 - Brother HL-2270DW series - Brother HL-2280DW - Brother HL-5030 series - Brother HL-5040 series - Brother HL-L2300D series - Brother HL-L2305 series - Brother HL-L2310D series - Brother HL-L2320D series - Brother HL-L2335D series - Brother HL-L2340D series - Brother HL-L2350DW series - Brother HL-L2360D series - Brother HL-L2370DN series - Brother HL-L2375DW series - Brother HL-L2380DW series - Brother HL-L2390DW - Brother HL-L5000D series - Brother MFC-1810 series - Brother MFC-1910W series - Brother MFC-7240 - Brother MFC-7320 - Brother MFC-7340 - Brother MFC-7360N - Brother MFC-7365DN - Brother MFC-7420 - Brother MFC-7440N - Brother MFC-7460DN - Brother MFC-7860DW - Brother MFC-8710DW - Brother MFC-8860DN - Brother MFC-9160 - Brother MFC-L2700DN series - Brother MFC-L2700DW series - Brother MFC-L2710DN series - Brother MFC-L2710DW series - Brother MFC-L2750DW series - Fuji Xerox DocuPrint P265 dw - Lenovo LJ2650DN - ''; - homepage = "https://github.com/Owl-Maintain/brlaser"; - license = licenses.gpl2; - platforms = platforms.linux; - maintainers = with maintainers; [ felschr ]; - changelog = "https://github.com/Owl-Maintain/brlaser/releases/tag/${finalAttrs.src.rStijnDWev}"; - }; -}) diff --git a/pkgs/flake-module.nix b/pkgs/flake-module.nix index 4dabd8b..b97b0fd 100644 --- a/pkgs/flake-module.nix +++ b/pkgs/flake-module.nix @@ -4,7 +4,6 @@ { self', pkgs, ... }: { packages = { - brlaser = pkgs.callPackage ./brlaser { }; deconz = pkgs.qt5.callPackage ./deconz { }; }; From 3e711ad9981e54b5f261d334bc544abaaf93a722 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com> Date: Sun, 18 May 2025 19:50:24 +0200 Subject: [PATCH 09/10] fix: ignore .envrc for shellcheck --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index c897492..30a3d2f 100644 --- a/flake.nix +++ b/flake.nix @@ -112,7 +112,10 @@ rec { src = ./.; hooks = { nixfmt-rfc-style.enable = true; - shellcheck.enable = true; + shellcheck = { + enable = true; + excludes = [ ".envrc" ]; + }; }; }; }; From 67fa717ca2b1f777269e326f2348e3e135225b7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com> Date: Sun, 18 May 2025 20:23:46 +0200 Subject: [PATCH 10/10] feat(scripts): improve create-gpg-key --- scripts/create-gpg-key | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/scripts/create-gpg-key b/scripts/create-gpg-key index eac9946..31aeb09 100755 --- a/scripts/create-gpg-key +++ b/scripts/create-gpg-key @@ -1,21 +1,39 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i bash -p bash gnupg +#! /usr/bin/env bash # shellcheck shell=bash set -euo pipefail -EMAIL=$0 +read -rp 'enter email address: ' email -# create master key -gpg2 --quick-gen-key "Felix Schröter <$EMAIL>" ed25519 sign 1y +echo "$email" + +# create main key +gpg2 --quick-gen-key "Felix Schröter <$email>" ed25519 sign 1y || true + +keyid=$(gpg2 --list-keys --with-colons "$email" | grep "^pub:" | cut -d: -f5) +fpr=$(gpg2 --list-keys --with-colons "$email" | grep "^fpr:" | cut -d: -f10) # create subkeys -gpg2 --quick-add-key KEYID cv25519 encr 1y -gpg2 --quick-add-key KEYID ed25519 auth 1y -gpg2 --quick-add-key KEYID ed25519 sign 1y +gpg2 --quick-add-key "$fpr" cv25519 encr 1y +gpg2 --quick-add-key "$fpr" ed25519 auth 1y +gpg2 --quick-add-key "$fpr" ed25519 sign 1y -# for signing git commits use the sign subkey -# and add the public sign subkey to GitHub/GitLab +echo "created keys:" +gpg2 --list-keys --with-subkey-fingerprint "$keyid" -# show info -gpg2 --list-keys --with-subkey-fingerprint +sign=$(gpg2 --list-keys --with-colons "$email" | grep "::s::" -A 1) +sign_keyid=$(echo "$sign" | grep "^sub:" | cut -d: -f5) + +auth=$(gpg2 --list-keys --with-colons "$email" | grep "::a::" -A 1) +auth_keyid=$(echo "$auth" | grep "^sub:" | cut -d: -f5) + +pub_sign=$(gpg2 --armor --export "$sign_keyid!") +pub_ssh=$(gpg2 --export-ssh-key "$auth_keyid") + +echo "public PGP key with signing subkey:" +echo "$pub_sign" +echo "" + +echo "public SSH key for authenticating with git forges:" +echo "$pub_ssh" +echo ""