bump nixos; add timezone secret; add alejandra; reconfigure nix for build testing

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "nixEnvSelector.nixFile": "${workspaceRoot}/shell.nix"
+}

nix/default.nix

@@ -8,7 +8,8 @@
       inherit name;
       inherit (channelVersion) url ref rev;
     };
-  nixPath = builtins.concatStringsSep ":" (builtins.map (elemName: let
+  nixPath = builtins.concatStringsSep ":" (builtins.map
+    (elemName: let
       elem = builtins.getAttr elemName channelVersions;
       elemPath = mkChannelSource elemName;
       suffix =

nix/home-manager/configuration/graphical-fullblown.nix

@@ -107,10 +107,12 @@ in
         aspellDicts.de
         skypeforlinux
         unstablepkgs.jitsi-meet-electron
-        unstablepkgs.zoom-us
         thunderbird
         evolution # gnome4.glib_networking
         kotatogram-desktop
+        zoom-us
+        thunderbird
+        evolution # gnome4.glib_networking
         gnome.cheese
         masterpkgs.discord
 

nix/home-manager/profiles/common.nix

@@ -7,10 +7,15 @@ in {
   nixpkgs.overlays = builtins.attrValues (import ../../overlays);
 
   nixpkgs.config = {
-    allowBroken = true;
+    allowBroken = false;
     allowUnfree = true;
+
+    permittedInsecurePackages = [];
   };
 
+  nix.settings.experimental-features = ["nix-command" "flakes" "impure-derivations" "ca-derivations" "recursive-nix"];
+  nix.settings.sandbox = "relaxed";
+
   home.keyboard = {
     layout = "us";
     variant = "altgr-intl";
@@ -48,4 +53,6 @@ in {
       ripgrep
       du-dust
     ]);
+
+  home.stateVersion = "22.05";
 }

nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix

@@ -5,7 +5,8 @@
   ...
 }: let
   repoBareLocal =
-    pkgs.runCommand "fetchbare" {
+    pkgs.runCommand "fetchbare"
+    {
       outputHashMode = "recursive";
       outputHashAlgo = "sha256";
       outputHash = "0000000000000000000000000000000000000000000000000000";

nix/home-manager/profiles/qtile-desktop.nix

@@ -1,4 +1,6 @@
 {pkgs, ...}: let
+  passwords = import ../../variables/passwords.crypt.nix;
+
   inherit (import ../lib.nix {}) mkSimpleTrayService;
 
   audio = pkgs.writeShellScript "audio" ''
@@ -208,9 +210,9 @@
             widget.WindowName(),
             widget.Prompt(),
             widget.CPUGraph(),
-            widget.ThermalSensor(),
+            widget.ThermalSensor(tag_sensor = "CPU"),
             widget.Memory(),
-            widget.Net(interface='eth0'),
+            # widget.Net(interface='eth0'),
             widget.Net(interface='wlan0'),
             widget.Clock(format='%Y-%m-%d %a %I:%M %p'),
         ]
@@ -253,6 +255,8 @@ in {
     services = {};
   };
 
+  # systemd.user.sockets.gpg-agent.Socket.Accept = true;
+
   services = {
     gnome-keyring.enable = true;
     blueman-applet.enable = true;
@@ -270,14 +274,16 @@ in {
       grabKeyboardAndMouse = true;
       pinentryFlavor = "gtk2";
       extraConfig = "";
+
+      defaultCacheTtl = 0;
+      maxCacheTtl = 0;
     };
     flameshot.enable = true;
     pasystray.enable = true;
     cbatticon.enable = true;
     redshift = {
       enable = true;
-      longitude = "9.1698";
-      latitude = "47.6691";
+      inherit (passwords.location.stefan) longitude latitude;
       temperature = {
         day = 6700;
         night = 3700;

nix/home-manager/programs/vscode/default.nix

@@ -469,7 +469,7 @@ in {
       ;
   };
 
-  home.packages = [pkgs.nixpkgs-fmt];
+  home.packages = [pkgs.nixpkgs-fmt pkgs.alejandra];
 }
 # TODO: automate
 # rustup install stable

nix/os/devices/steveej-t14/boot.nix

@@ -6,4 +6,9 @@
   boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
   boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+
+  # boot.tmpOnTmpfs = lib.mkForce false;
+  boot.tmpOnTmpfsSize = "100%";
+  # TODO: make this work
+  # systemd.tmpfiles.rules = lib.mkForce [ "d /tmp 1777 root root 1d" ];
 }

nix/os/devices/steveej-t14/system.nix

@@ -5,6 +5,7 @@
   ...
 }: let
   keys = import ../../../variables/keys.nix;
+  passwords = import ../../../variables/passwords.crypt.nix;
 in {
   nix = {
     binaryCaches = ["https://holochain-ci.cachix.org" "https://cache.holo.host/"];
@@ -13,6 +14,9 @@ in {
       "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
       "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ="
     ];
+
+    settings.extra-experimental-features = ["impure-derivations"];
+    settings.system-features = ["recursive-nix"];
   };
 
   # TASK: new device
@@ -78,5 +82,7 @@ in {
     Option "OffTime" "0"
   '';
 
+  time.timeZone = lib.mkForce passwords.timeZone.stefan;
+
   hardware.ledger.enable = true;
 }

nix/os/devices/steveej-t14/user.nix

@@ -11,4 +11,6 @@ in {
     uid = 1001;
     openssh.authorizedKeys.keys = keys.users.steveej.openssh;
   };
+
+  nix.settings.trusted-users = ["steveej"];
 }

nix/os/devices/steveej-t14/versions.nix

@@ -1,9 +1,9 @@
 let
   nixpkgs = {
     url = "https://github.com/NixOS/nixpkgs/";
-    ref = "nixos-22.05";
+    ref = "nixos-22.11";
     rev = ''
-      c5091eec689acc45d4d818109236da31d3685ca2'';
+      0218941ea68b4c625533bead7bbb94ccce52dceb'';
   };
 in {
   inherit nixpkgs;
@@ -13,24 +13,24 @@ in {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable";
     rev = ''
-      5f588eb4a958f1a526ed8da02d6ea1bea0047b9f'';
+      2caf4ef5005ecc68141ecb4aac271079f7371c44'';
   };
   "channels-nixos-unstable-small" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable-small";
     rev = ''
-      fc07622617a373a742ed96d4dd536849d4bc1ec6'';
+      e7c66e1d78fdc7da61dc04ca0f94a8d59b034d5a'';
   };
   "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
     rev = ''
-      b8e83fd7e16529ee331313993508c3bf918f1d57'';
+      3efe76e8efa1c2ac1f8f766ce1812a40a7861878'';
   };
   "home-manager-module" = {
     url = "https://github.com/nix-community/home-manager";
-    ref = "release-22.05";
+    ref = "release-22.11";
     rev = ''
-      6639e3a837fc5deb6f99554072789724997bc8e5'';
+      65c47ced082e3353113614f77b1bc18822dc731f'';
   };
 }

nix/os/devices/steveej-t14/versions.tmpl.nix

@@ -1,9 +1,9 @@
 let
   nixpkgs = {
     url = "https://github.com/NixOS/nixpkgs/";
-    ref = "nixos-22.05";
+    ref = "nixos-22.11";
     rev = ''
-      <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
+      <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d '
       ' -%>'';
   };
 in {
@@ -33,9 +33,9 @@ in {
   };
   "home-manager-module" = {
     url = "https://github.com/nix-community/home-manager";
-    ref = "release-22.05";
+    ref = "release-22.11";
     rev = ''
-      <% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '
+      <% git ls-remote https://github.com/nix-community/home-manager.git release-22.11 | awk '{ print $1 }' | tr -d '
       ' -%>'';
   };
 }

nix/os/profiles/common/system.nix

@@ -21,7 +21,6 @@
   nix.maxJobs = lib.mkDefault "auto";
   nix.buildCores = lib.mkDefault 0;
   nix.useSandbox = true;
-  nix.package = pkgs.nixUnstable;
 
   environment.etc."lvm/lvm.conf".text = ''
     devices {
@@ -37,7 +36,7 @@
   console.font = "lat9w-16";
 
   i18n = {defaultLocale = "en_US.UTF-8";};
-  time.timeZone = "Europe/Berlin";
+  time.timeZone = "Etc/UTC";
   services.gpm.enable = true;
 
   services.packagekit.enable = true;

nix/pkgs/default.nix

@@ -50,7 +50,8 @@ in rec {
     };
     php5 =
       (pkgs.callPackage
-        "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" {
+        "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix"
+        {
           config = pkgs.lib.attrsets.recursiveUpdate pkgs.config {
             php = {
               imap = false;

nix/pkgs/staruml.nix

@@ -37,7 +37,8 @@ in
     src =
       if stdenv.system == "i686-linux"
       then
-        fetchurl {
+        fetchurl
+        {
           url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-32-bit.deb";
           sha256 = "0vb3k9m3l6pmsid4shlk0xdjsriq3gxzm8q7l04didsppg0vvq1n";
         }

nix/sources.nix

@@ -8,7 +8,8 @@ let
   in
     if spec.builtin or true
     then
-      builtins_fetchurl {
+      builtins_fetchurl
+      {
         inherit (spec) url sha256;
         name = name';
       }
@@ -23,7 +24,8 @@ let
   in
     if spec.builtin or true
     then
-      builtins_fetchTarball {
+      builtins_fetchTarball
+      {
         name = name';
         inherit (spec) url sha256;
       }
@@ -54,9 +56,11 @@ let
       emptyArgWithWarning =
         if submodules == true
         then
-          builtins.trace (''The niv input "${name}" uses submodules ''
+          builtins.trace
+          (''The niv input "${name}" uses submodules ''
             + "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
-            + "does not support them") {}
+            + "does not support them")
+          {}
         else {};
     in
       if nixSupportsSubmodules
@@ -100,7 +104,8 @@ let
   mkPkgs = sources: system: let
     sourcesNixpkgs =
       import
-      (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;}) {
+      (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;})
+      {
         inherit system;
       };
     hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
@@ -220,7 +225,8 @@ let
 
   # Create the final "sources" from the config
   mkSources = config:
-    mapAttrs (name: spec:
+    mapAttrs
+    (name: spec:
       if builtins.hasAttr "outPath" spec
       then
         abort

nix/variables/versions.nix

@@ -1,8 +1,8 @@
 let
   nixpkgs = {
     url = "https://github.com/NixOS/nixpkgs/";
-    ref = "nixos-22.05";
-    rev = "08950a6e29cf7bddee466592eb790a417550f7f9";
+    ref = "nixos-22.11";
+    rev = "dac57a4eccf1442e8bf4030df6fcbb55883cb682";
   };
 in {
   inherit nixpkgs;
@@ -11,16 +11,16 @@ in {
   "channels-nixos-unstable" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable";
-    rev = "f1c167688a6f81f4a51ab542e5f476c8c595e457";
+    rev = "1eb875e811dd59e21e77f6337f2c1592889b48b3";
   };
   "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
-    rev = "5ebfb1845b1a77716ecd706b8f589c722584ed2a";
+    rev = "590321a5defbbabe96f8def70013d5b45406dee4";
   };
   "home-manager-module" = {
     url = "https://github.com/nix-community/home-manager";
-    ref = "release-22.05";
-    rev = "ac2287df5a2d6f0a44bbcbd11701dbbf6ec43675";
+    ref = "release-22.11";
+    rev = "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706";
   };
 }

nix/variables/versions.tmpl.nix

@@ -1,9 +1,9 @@
 let
   nixpkgs = {
     url = "https://github.com/NixOS/nixpkgs/";
-    ref = "nixos-22.05";
+    ref = "nixos-22.11";
     rev = ''
-      <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
+      <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d '
       ' -%>'';
   };
 in {
@@ -26,9 +26,9 @@ in {
   };
   "home-manager-module" = {
     url = "https://github.com/nix-community/home-manager";
-    ref = "release-22.05";
+    ref = "release-22.11";
     rev = ''
-      <% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '
+      <% git ls-remote https://github.com/nix-community/home-manager.git release-22.11 | awk '{ print $1 }' | tr -d '
       ' -%>'';
   };
 }