diff --git a/flake.lock b/flake.lock index d7fbb10..afd77bd 100644 --- a/flake.lock +++ b/flake.lock @@ -129,11 +129,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1753070653, - "narHash": "sha256-vp4Svdpb90eEYkUKxjVROgcJ92u/2sVF8hnpsiKJEhI=", + "lastModified": 1751256218, + "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "87f5912350a5bac28eacc1b89bb1767ca1a77e7e", + "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", "type": "gitlab" }, "original": { @@ -198,11 +198,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -314,11 +314,11 @@ ] }, "locked": { - "lastModified": 1753055804, - "narHash": "sha256-KerePGJYX47ex6OY3CWsid4AltO2gDtQROunYJ0eCEE=", + "lastModified": 1750792728, + "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=", "owner": "nix-community", "repo": "home-manager", - "rev": "adf195f021a8cbb0c317f75b52e96c82616526f9", + "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557", "type": "github" }, "original": { @@ -405,11 +405,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1752666637, - "narHash": "sha256-P8J72psdc/rWliIvp8jUpoQ6qRDlVzgSDDlgkaXQ0Fw=", + "lastModified": 1750837715, + "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d1bfa8f6ccfb5c383e1eba609c1eb67ca24ed153", + "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", "type": "github" }, "original": { @@ -420,11 +420,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752866191, - "narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=", + "lastModified": 1751211869, + "narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f01fe91b0108a7aff99c99f2e9abbc45db0adc2a", + "rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51", "type": "github" }, "original": { @@ -436,11 +436,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", + "lastModified": 1751011381, + "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", + "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", "type": "github" }, "original": { @@ -475,11 +475,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1753086528, - "narHash": "sha256-5RMRU6J7fiaHzA0Bz/xStfuLLQ1AtJfIagxHqEhAb2c=", + "lastModified": 1751271961, + "narHash": "sha256-Ka+zyYx1UeDccCv4ZlW7LAvVJdJGnSzKjZQt04fCIoQ=", "owner": "astro", "repo": "nix-openwrt-imagebuilder", - "rev": "09b9e58d8b4e98193590aa02f60b41881fad840d", + "rev": "8e3ee0a40fb019ec95bec661c45b9d4940d27583", "type": "github" }, "original": { diff --git a/hardware/base.nix b/hardware/base.nix index 679f042..95d1c07 100644 --- a/hardware/base.nix +++ b/hardware/base.nix @@ -1,4 +1,4 @@ -_: +{ lib, pkgs, ... }: { imports = [ @@ -7,6 +7,19 @@ _: ./zsa.nix ]; + boot.supportedFilesystems = lib.mkDefault [ "btrfs" ]; + boot.kernelPackages = lib.mkOverride 800 pkgs.linuxPackages_latest; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.systemd.enable = true; + + boot.plymouth.enable = true; + + # prevents `systemd-vconsole-setup` failing during systemd initrd + console.earlySetup = true; + systemd.services.systemd-vconsole-setup.unitConfig.After = "local-fs.target"; + services.smartd.enable = true; services.smartd.notifications.x11.enable = true; } diff --git a/home/browsers/mullvad-browser.nix b/home/browsers/mullvad-browser.nix index 887e85e..f5614c7 100644 --- a/home/browsers/mullvad-browser.nix +++ b/home/browsers/mullvad-browser.nix @@ -217,7 +217,6 @@ in work = { id = 1; settings = commonSettings; - search = commonSearch; extensions.packages = commonExtensions ++ (with firefox-addons; [ diff --git a/home/editors/lsp.nix b/home/editors/lsp.nix index a002117..491a001 100644 --- a/home/editors/lsp.nix +++ b/home/editors/lsp.nix @@ -8,7 +8,7 @@ unstable.nixd nls terraform-ls - unstable.tofu-ls + unstable.opentofu-ls pyright nodePackages.bash-language-server nodePackages.vim-language-server diff --git a/home/felschr-work.nix b/home/felschr-work.nix index 924a8e2..fe1969e 100644 --- a/home/felschr-work.nix +++ b/home/felschr-work.nix @@ -68,7 +68,6 @@ with pkgs; # entertainment celluloid - spotify # ai unstable.alpaca diff --git a/hosts/cmdframe/default.nix b/hosts/cmdframe/default.nix index 4efec24..e1750c8 100644 --- a/hosts/cmdframe/default.nix +++ b/hosts/cmdframe/default.nix @@ -5,7 +5,7 @@ ./disk-config.nix ../../hardware/base.nix ../../hardware/bluetooth.nix - ../../system/laptop.nix + ../../system/desktop.nix ../../system/printing/home.nix ../../desktop ../../desktop/cosmic.nix @@ -13,7 +13,6 @@ ../../virtualisation/podman.nix ../../virtualisation/libvirt.nix ../../modules/systemdNotify.nix - ../../services/llm.nix inputs.seven-modules.nixosModules.seven ]; @@ -40,11 +39,6 @@ "--operator=felschr" ]; - services.ollama = { - acceleration = "rocm"; - rocmOverrideGfx = "11.5.0"; - }; - seven = { enable = true; wireguard = { diff --git a/hosts/home-pc/default.nix b/hosts/home-pc/default.nix index 19d2a7a..0cbba48 100644 --- a/hosts/home-pc/default.nix +++ b/hosts/home-pc/default.nix @@ -20,7 +20,7 @@ ../../services/samba/home-pc.nix ../../services/restic/home-pc.nix ../../services/pcscd.nix - ../../services/llm.nix + ../../services/open-webui.nix inputs.seven-modules.nixosModules.seven ]; @@ -61,11 +61,6 @@ "87.98.162.88" = [ "portcheck.transmissionbt.com" ]; }; - services.ollama = { - acceleration = "rocm"; - rocmOverrideGfx = "10.3.1"; - }; - seven = { enable = true; wireguard = { diff --git a/services/adguardhome.nix b/services/adguardhome.nix index 50feaed..4bbf1ad 100644 --- a/services/adguardhome.nix +++ b/services/adguardhome.nix @@ -59,12 +59,12 @@ in { name = "OISD (Big)"; url = "https://big.oisd.nl"; - enabled = true; + enabled = false; } { name = "AdGuard DNS filter"; url = "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt"; - enabled = true; + enabled = false; } ]; whitelist_filters = [ diff --git a/services/llm.nix b/services/open-webui.nix similarity index 91% rename from services/llm.nix rename to services/open-webui.nix index a4d7e63..67794c8 100644 --- a/services/llm.nix +++ b/services/open-webui.nix @@ -19,6 +19,8 @@ services.ollama = { enable = true; package = pkgs.unstable.ollama; + acceleration = "rocm"; + rocmOverrideGfx = "10.3.1"; }; services.open-webui = { diff --git a/system/boot.nix b/system/boot.nix deleted file mode 100644 index 126ef4c..0000000 --- a/system/boot.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, pkgs, ... }: - -{ - boot.supportedFilesystems = lib.mkDefault [ "btrfs" ]; - boot.kernelPackages = lib.mkOverride 800 pkgs.linuxPackages_latest; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.systemd.enable = true; - - boot.plymouth.enable = true; - - # prevents `systemd-vconsole-setup` failing during systemd initrd - console.earlySetup = true; - systemd.services.systemd-vconsole-setup.unitConfig.After = "local-fs.target"; -} diff --git a/system/common.nix b/system/common.nix index e6609c8..2d8bded 100644 --- a/system/common.nix +++ b/system/common.nix @@ -2,7 +2,6 @@ { imports = [ - ./boot.nix ./zram.nix ./i18n.nix ./nix.nix diff --git a/system/hardened.nix b/system/hardened.nix index 5bc2b25..cf94bc4 100644 --- a/system/hardened.nix +++ b/system/hardened.nix @@ -12,16 +12,8 @@ # @TODO hardened kernel causes Bluetooth issues boot.kernelPackages = lib.mkOverride 900 pkgs.linuxPackages; - security = { - # Xbox Controller not working via Bluetooth if enabled - lockKernelModules = lib.mkOverride 900 false; - - sudo.enable = false; - sudo-rs = { - enable = true; - execWheelOnly = true; - }; - }; + # Xbox Controller not working via Bluetooth if enabled + security.lockKernelModules = lib.mkOverride 900 false; boot.loader.systemd-boot.editor = lib.mkDefault false; diff --git a/system/laptop.nix b/system/laptop.nix deleted file mode 100644 index 74eeef9..0000000 --- a/system/laptop.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: - -{ - imports = [ - ./desktop.nix - ./lid.nix - ]; -} diff --git a/system/lid.nix b/system/lid.nix deleted file mode 100644 index ccdc5c9..0000000 --- a/system/lid.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, ... }: - -{ - services.acpid = lib.mkIf config.services.fprintd.enable { - enable = true; - handlers.lidClosed = { - event = "button/lid \\w+ close"; - action = '' - echo "Lid closed. Disabling fprintd." - systemctl stop fprintd - ln -s /dev/null /run/systemd/transient/fprintd.service - systemctl daemon-reload - ''; - }; - handlers.lidOpen = { - event = "button/lid \\w+ open"; - action = '' - if ! $(systemctl is-active --quiet fprintd); then - echo "Lid open. Enabling fprintd." - rm -f /run/systemd/transient/fprintd.service - systemctl daemon-reload - systemctl start fprintd - fi - ''; - }; - }; -} diff --git a/system/networking.nix b/system/networking.nix index 831e5a3..7524edf 100644 --- a/system/networking.nix +++ b/system/networking.nix @@ -35,24 +35,6 @@ let "fd7a:115c:a1e0::a0a1:203c#dns.felschr.com" ]; }; - - mkPublicWifiProfile = ssid: { - connection = { - id = ssid; - type = "wifi"; - }; - wifi = { - mode = "infrastructure"; - inherit ssid; - }; - ipv4 = { - method = "auto"; - }; - ipv6 = { - method = "auto"; - addr-gen-mode = "stable-privacy"; - }; - }; in { networking = { @@ -64,11 +46,6 @@ in 5353 # mDNS ]; networkmanager.dns = "systemd-resolved"; - networkmanager.ensureProfiles.profiles = { - "WIFIonICE" = mkPublicWifiProfile "WIFIonICE"; - "WIFI@DB" = mkPublicWifiProfile "WIFI@DB"; - "metronom free WLAN" = mkPublicWifiProfile "metronom free WLAN"; - }; }; systemd.network = { @@ -119,20 +96,4 @@ in dig wireguard-tools ]; - - networking.networkmanager.dispatcherScripts = [ - { - #!/usr/bin/env bash - source = pkgs.writeText "connect_ice" '' - set -euxo pipefail - ACTION="$2" - if [[ "$ACTION" == "up" ]]; then - if [[ "$CONNECTION_ID" =~ "WIFIonICE|WIFI@DB" ]]; then - ${pkgs.curl}/bin/curl 'https://login.wifionice.de/cna/logon' -sSL -X POST - fi - fi - ''; - type = "basic"; - } - ]; } diff --git a/system/nix.nix b/system/nix.nix index 335dc93..927b138 100644 --- a/system/nix.nix +++ b/system/nix.nix @@ -18,18 +18,17 @@ in nixpkgs.config.allowUnfree = true; - nix = { - settings = { - trusted-users = [ "@wheel" ]; - substituters = nixConfig.extra-substituters; - trusted-public-keys = nixConfig.extra-trusted-public-keys; - }; - optimise.automatic = true; - gc = { - automatic = true; - dates = "04:00"; - options = "--delete-older-than 30d"; - }; + nix.gc = { + automatic = true; + dates = "04:00"; + options = "--delete-older-than 30d"; + }; + + nix.settings = { + trusted-users = [ "@wheel" ]; + auto-optimise-store = true; + substituters = nixConfig.extra-substituters; + trusted-public-keys = nixConfig.extra-trusted-public-keys; }; system.autoUpgrade = { @@ -55,8 +54,4 @@ in '' nix flake update ${inputsToUpdateStr} --flake ${config.system.autoUpgrade.flake} ''; - - environment.systemPackages = with pkgs; [ - unstable.nix-tree - ]; }