steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

toplevel,steveej-x13s,sj-srv1: bump to nixos 25.05

Browse source
This commit is contained in:
steveej 2025-05-28 21:17:22 +02:00
parent a1df9205d5
commit 08817d93bc
16 changed files with 154 additions and 279 deletions
Download patch file Download diff file Expand all files Collapse all files

239
flake.lock generated
View file

@ -28,11 +28,11 @@
"stable": "stable"
},
"locked": {
"lastModified": 1731527002,
"narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=",
"lastModified": 1746816769,
"narHash": "sha256-ymQzXrfHVT8/RJiGbfrNjEeuzXQan46lUJdxEhgivdM=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "e3ad42138015fcdf2524518dd564a13145c72ea1",
"rev": "df694ee23be7ed7b2d8b42c245a640f0724eb06c",
"type": "github"
},
"original": {
@ -56,27 +56,6 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -184,20 +163,6 @@
"type": "github"
}
},
"flake-compat_4": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
@ -267,11 +232,11 @@
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github"
},
"original": {
@ -318,7 +283,7 @@
},
"flake-utils_10": {
"inputs": {
"systems": "systems_5"
"systems": "systems_6"
},
"locked": {
"lastModified": 1710146030,
@ -478,79 +443,6 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"nixvim",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732021966,
"narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nixvim",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733175814,
"narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bf23fe41082aa0289c209169302afd3397092f22",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
@ -565,16 +457,16 @@
]
},
"locked": {
"lastModified": 1729958008,
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
"lastModified": 1737371634,
"narHash": "sha256-fTVAWzT1UMm1lT+YxHuVPtH+DATrhYfea3B0MxG/cGw=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
"rev": "a1176e2a10ce745ff8f63e4af124ece8fe0b1648",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.6",
"ref": "v0.0.7",
"repo": "ixx",
"type": "github"
}
@ -614,27 +506,6 @@
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733105089,
"narHash": "sha256-Qs3YmoLYUJ8g4RkFj2rMrzrP91e4ShAioC9s+vG6ENM=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "c6b65d946097baf3915dd51373251de98199280d",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts_3",
@ -974,6 +845,22 @@
"type": "github"
}
},
"nixpkgs-2505": {
"locked": {
"lastModified": 1747953325,
"narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "55d1f923c480dadce40f5231feb472e81b0bab48",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-gimp": {
"locked": {
"lastModified": 1735507908,
@ -1136,24 +1023,19 @@
},
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4",
"git-hooks": "git-hooks",
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix_3"
"systems": "systems_5"
},
"locked": {
"lastModified": 1733355056,
"narHash": "sha256-EOldkOLdgUVIa8ZJiHkqjD6yaW+AZiZwd94aBqfZERY=",
"lastModified": 1748175278,
"narHash": "sha256-nXrZ25veLlj1WwVblFO28oHSOabjORGn8YLQ/9OtuSA=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "277dbeb607210f6a6db656ac7eee9eef3143070c",
"rev": "f54941e333ea2afd0b03ba09f5cb90bb1c6f8130",
"type": "github"
},
"original": {
@ -1168,7 +1050,7 @@
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_4"
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1737225765,
@ -1194,11 +1076,11 @@
]
},
"locked": {
"lastModified": 1733006402,
"narHash": "sha256-BC1CecAQISV5Q4LZK72Gx0+faemOwaChiD9rMVfDPoA=",
"lastModified": 1745046075,
"narHash": "sha256-8v4y6k16Ra/fiecb4DxhsoOGtzLKgKlS+9/XJ9z0T2I=",
"owner": "NuschtOS",
"repo": "search",
"rev": "16307548b7a1247291c84ae6a12c0aacb07dfba2",
"rev": "066afe8643274470f4a294442aadd988356a478f",
"type": "github"
},
"original": {
@ -1276,10 +1158,11 @@
"nixago": "nixago",
"nixos-anywhere": "nixos-anywhere",
"nixpkgs": [
"nixpkgs-2411"
"nixpkgs-2505"
],
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-2411": "nixpkgs-2411",
"nixpkgs-2505": "nixpkgs-2505",
"nixpkgs-gimp": "nixpkgs-gimp",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixpkgs-vscodium": "nixpkgs-vscodium",
@ -1295,7 +1178,7 @@
"rperf": "rperf",
"sops-nix": "sops-nix",
"srvos": "srvos",
"treefmt-nix": "treefmt-nix_5",
"treefmt-nix": "treefmt-nix_4",
"yofi": "yofi"
}
},
@ -1392,16 +1275,16 @@
},
"stable": {
"locked": {
"lastModified": 1730883749,
"narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
"lastModified": 1746557022,
"narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
"rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
@ -1481,6 +1364,21 @@
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -1525,27 +1423,6 @@
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732894027,
"narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "6209c381904cab55796c5d7350e89681d3b2a8ef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_4": {
"inputs": {
"nixpkgs": [
"nur",
@ -1566,7 +1443,7 @@
"type": "github"
}
},
"treefmt-nix_5": {
"treefmt-nix_4": {
"inputs": {
"nixpkgs": [
"nixpkgs"

114
flake.nix
View file

@ -11,8 +11,9 @@
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
radicalePkgs.follows = "nixpkgs-2211";
nixpkgs-2411.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-2505.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.follows = "nixpkgs-2411";
nixpkgs.follows = "nixpkgs-2505";
flake-parts.url = "github:hercules-ci/flake-parts";
get-flake.url = "github:ursi/get-flake";
@ -132,7 +133,7 @@
flake-parts.lib.mkFlake { inherit inputs; } (
{ withSystem, ... }:
{
flake.colmena =
flake.colmenaHive = inputs.colmena.lib.makeHive (
lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur)
{ meta.nixpkgs = import inputs.nixpkgs.outPath { system = builtins.elemAt systems 0; }; }
# FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import
@ -162,19 +163,50 @@
"sj-srv1"
]
);
)
);
flake.lib = {
inherit withSystem;
prsFn =
{
lib,
prs,
skim,
rustPlatform,
makeWrapper,
}:
prs.overrideAttrs (attrs: rec {
pname = "prs";
src = self.inputs.prs;
version = self.inputs.prs.shortRev;
nativeBuildInputs = attrs.nativeBuildInputs ++ [
makeWrapper
];
cargoDeps = rustPlatform.fetchCargoVendor {
inherit src;
hash = "sha256-6kCqrwcHFy7cEl2JM+CzTWDM9abepumzdcJLq1ChzUk=";
};
postFixup = ''
wrapProgram $out/bin/prs \
--prefix PATH : ${lib.makeBinPath [ skim ]}
'';
});
};
# this makes nixos-anywhere work
flake.nixosConfigurations =
let
colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes;
colmenaHiveNodes = self.outputs.colmenaHive.nodes;
router0-dmz0 = (inputs.get-flake (self + "/nix/os/devices/router0-dmz0")).nixosConfigurations;
in
colmenaHive
colmenaHiveNodes
// {
router0-dmz0 = router0-dmz0.native;
@ -211,72 +243,6 @@
craneLib = craneLibFn inputs'.fenix.packages.stable.toolchain;
_prsPackage =
{
lib,
rustPlatform,
installShellFiles,
pkg-config,
python3,
glib,
gpgme,
gtk3,
stdenv,
cargoHash ? "sha256-T57RqIzurpYLHyeFhvqxmC+DoB6zUf+iTu1YkMmwtp8=",
src,
version,
makeWrapper,
skim,
}:
rustPlatform.buildRustPackage rec {
pname = "prs";
inherit src version cargoHash;
nativeBuildInputs = [
gpgme
installShellFiles
pkg-config
python3
makeWrapper
];
cargoBuildFlags = [
"--no-default-features"
"--features=alias,backend-gpgme,clipboard,notify,select-fzf-bin,select-skim-bin,tomb,totp"
];
buildInputs = [
glib
gpgme
gtk3
];
postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
for shell in bash fish zsh; do
installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout)
done
'';
postFixup = ''
wrapProgram $out/bin/prs \
--prefix PATH : ${lib.makeBinPath [ skim ]}
'';
meta = with lib; {
description = "Secure, fast & convenient password manager CLI using GPG and git to sync";
homepage = "https://gitlab.com/timvisee/prs";
changelog = "https://gitlab.com/timvisee/prs/-/blob/v${version}/CHANGELOG.md";
license = with licenses; [
lgpl3Only # lib
gpl3Only # everything else
];
maintainers = with maintainers; [ dotlambda ];
mainProgram = "prs";
};
};
local-xwayland = pkgs.writeShellScriptBin "local-xwayland" ''
set -x
${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \
@ -293,12 +259,6 @@
inherit (inputs'.colmena.packages) colmena;
prs = pkgs.callPackage _prsPackage {
src = inputs.prs;
version = inputs.prs.shortRev;
cargoHash = "sha256-oXuAKOHIfwUvcS0qXDTe68DN+MUNS4TAKV986vxdeh8=";
};
nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6;
ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" ''

2
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -131,7 +131,7 @@ in
# FIXME: depends on insecure openssl 1.1.1t
# kotatogram-desktop
pkgsUnstable.tdesktop
pkgsUnstable.signal-desktop-source
pkgsUnstable.signal-desktop
# Virtualization
virt-manager

2
nix/home-manager/profiles/gnome-desktop.nix
View file

@ -16,7 +16,7 @@
# Hidden=true
# '';
services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
services.gpg-agent.pinentry.package = pkgs.pinentry-gnome3;
dconf.settings =
let

2
nix/home-manager/profiles/sway-desktop.nix
View file

@ -39,7 +39,7 @@ in
enable = true;
};
services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
services.gpg-agent.pinentry.package = pkgs.pinentry-gnome3;
home.packages = [
pkgs.swayidle

39
nix/home-manager/programs/firefox.nix
View file

@ -40,14 +40,20 @@ let
search = {
force = true;
default = "DuckDuckGo";
privateDefault = "DuckDuckGo";
default = "ddg";
privateDefault = "ddg";
order = [
"ddg"
"ecosia"
"google"
];
};
mkProfile =
override:
lib.recursiveUpdate {
extensions = ryceeAddons ++ customAddons;
extensions.packages = ryceeAddons ++ customAddons;
inherit search;
settings = {
@ -321,7 +327,7 @@ in
};
programs.firefox = {
enable = true;
package = pkgs.firefox-esr;
package = pkgs.firefox;
profiles = mkProfiles {
"personal" = mkProfile {
@ -377,8 +383,33 @@ in
id = 12;
color = colors.pink;
};
"tech-research" = mkProfile {
id = 13;
color = colors.purple;
};
};
# policies = {
# # search via policy. the other one doesn't always work because of schema version mismatch
# SearchEngines = {
# Default = "Qwant";
# PreventInstalls = true;
# Add = [
# {
# Method = "GET";
# Alias = "qwant";
# Description = "Description";
# # PostData= "name=value&q={searchTerms}";
# Name = "Qwant";
# SuggestURLTemplate = "https://api.qwant.com/api/suggest/?q={searchTerms}";
# URLTemplate = "https://www.qwant.com/?q={searchTerms}";
# }
# ];
# };
# };
};
# create one desktop entry for each profile

2
nix/home-manager/programs/gpg-agent.nix
View file

@ -13,7 +13,7 @@
enableScDaemon = !osConfig.services.pcscd.enable;
enableSshSupport = true;
grabKeyboardAndMouse = true;
pinentryPackage = lib.mkDefault pkgs.pinentry-gtk2;
pinentry.package = lib.mkDefault pkgs.pinentry-gtk2;
extraConfig = ''
no-allow-external-cache
'';

2
nix/home-manager/programs/neovim.nix
View file

@ -68,6 +68,8 @@
# This plugin trims trailing whitespace and lines.
trim.enable = true;
web-devicons.enable = true;
};
# plugins = with pkgs;

7
nix/home-manager/programs/pass.nix
View file

@ -5,12 +5,13 @@
# home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
# programs.browserpass.enable = true;
home.packages = with pkgs; [
gnupg
home.packages = [
pkgs.gnupg
# broken on wayland
# rofi-pass
repoFlake.packages.${pkgs.system}.prs
(pkgs.callPackage repoFlake.lib.prsFn {
})
];
}

2
nix/home-manager/programs/vscode/default.nix
View file

@ -12,7 +12,7 @@ in
programs.vscode = {
enable = true;
package = pkgsVscodium.vscodium;
extensions =
profiles.default.extensions =
with pkgsVscodium.vscode-extensions;
[
eamodio.gitlens

4
nix/home-manager/programs/zsh.nix
View file

@ -48,8 +48,8 @@ in
# will be called again by oh-my-zsh
enableCompletion = false;
enableAutosuggestions = true;
initExtra =
autosuggestion.enable = true;
initContent =
let
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in

5
nix/os/containers/mailserver.nix
View file

@ -66,7 +66,6 @@
services.dovecot2 = {
enable = true;
modules = [ pkgs.dovecot_pigeonhole ];
protocols = [ "sieve" ];
enableImap = true;
@ -98,6 +97,10 @@
'';
};
environment.systemPackages = [
pkgs.dovecot_pigeonhole
];
environment.etc."dovecot/users".source = config.sops.secrets.email_dovecot_steveej.path;
systemd.services.steveej-getmail-stefanjunker = {

1
nix/os/devices/sj-srv1/default.nix
View file

@ -17,6 +17,7 @@ in
${nodeName} = {
deployment.targetHost = "${nodeName}.dmz.internal";
# deployment.targetHost = "www.stefanjunker.de";
deployment.replaceUnknownProfiles = false;
imports = [

8
nix/os/devices/steveej-x13s/flake.lock generated
View file

@ -317,11 +317,11 @@
"x13s-bt-linux-firmware": "x13s-bt-linux-firmware"
},
"locked": {
"lastModified": 1747744086,
"narHash": "sha256-0LrtJ8neM2t4aDEBsARQiLPIOTjJYiishSPGyMag6a8=",
"lastModified": 1748099804,
"narHash": "sha256-InLtMaIZdbAvLM/q3xgaCAdgf6dWQxZD0CIVZTixENI=",
"ref": "bump",
"rev": "e1bba11447f2322dbfcc81f64e70c6b0acf87c92",
"revCount": 149,
"rev": "077e9017236b6a7d9f6e658060099892628863d3",
"revCount": 150,
"type": "git",
"url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git"
},

2
nix/os/profiles/graphical/system.nix
View file

@ -19,7 +19,7 @@
# hardware related services
services.pcscd.enable = true;
hardware.opengl.enable = true;
hardware.graphics.enable = true;
services.udev.packages = [
pkgs.libu2f-host

2
nix/os/snippets/sway-desktop.nix
View file

@ -16,7 +16,7 @@ in
Option "OffTime" "0"
'';
hardware.opengl.enable = true;
hardware.graphics.enable = true;
services.gvfs = {
enable = true;