andreijiroh.dev / nixops-config
NixOS + home-manager configs, mirrored from GitLab SaaS. gitlab.com/andreijiroh-dev/nixops-config
nix-flake nixos home-manager nixpkgs nix-flakes
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

chore: config updates and then some

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@andreijiroh.dev>

andreijiroh.dev 71af1a96 ffa161eb

+137 -93
+25 -25
flake.lock
··· 15 15 ] 16 16 }, 17 17 "locked": { 18 - "lastModified": 1757596240, 19 - "narHash": "sha256-CMFqnVrMPYc80BzKwRUB1aCvybWOu1lbylC1BhnI8bI=", 20 - "rev": "a4cef6a17f863c12d8b2f664e32474c6abd85419", 21 - "revCount": 303, 18 + "lastModified": 1757699119, 19 + "narHash": "sha256-iOOoVdrkcyk95Xg68TuPeAwpz+v80mgZCqil0jpPZuY=", 20 + "rev": "1e16c8f8a44573bb0648c76b6c98352436f5171e", 21 + "revCount": 304, 22 22 "type": "tarball", 23 - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.303%2Brev-a4cef6a17f863c12d8b2f664e32474c6abd85419/019938e9-097d-76e7-a5fb-159ea87ba22c/source.tar.gz" 23 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.304%2Brev-1e16c8f8a44573bb0648c76b6c98352436f5171e/01993f0a-7700-7763-ad8f-f73df821cc00/source.tar.gz" 24 24 }, 25 25 "original": { 26 26 "type": "tarball", ··· 30 30 "determinate-nixd-aarch64-darwin": { 31 31 "flake": false, 32 32 "locked": { 33 - "narHash": "sha256-Dym4kTLMTxAxNyZcrHRKRVMBINQPA7qgr+7dHozNrps=", 33 + "narHash": "sha256-q1tqDvmfjDgLk/wbYf4pRhyHDS94iY85Q79FPBtcv7g=", 34 34 "type": "file", 35 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/macOS" 35 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/macOS" 36 36 }, 37 37 "original": { 38 38 "type": "file", 39 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/macOS" 39 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/macOS" 40 40 } 41 41 }, 42 42 "determinate-nixd-aarch64-linux": { 43 43 "flake": false, 44 44 "locked": { 45 - "narHash": "sha256-eYVSpk+ly2YRSYvgT47ABmFRwG0DliNO/8ntBkoRmjI=", 45 + "narHash": "sha256-E1vGfcQ5dqtRG9EDP6eOQWCnCIRB2XFkFBp2C4FgQ8c=", 46 46 "type": "file", 47 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/aarch64-linux" 47 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/aarch64-linux" 48 48 }, 49 49 "original": { 50 50 "type": "file", 51 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/aarch64-linux" 51 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/aarch64-linux" 52 52 } 53 53 }, 54 54 "determinate-nixd-x86_64-linux": { 55 55 "flake": false, 56 56 "locked": { 57 - "narHash": "sha256-ZvRoKG/v0WS2XrDgkV+/hq3ARGokGisyelncKwlefvk=", 57 + "narHash": "sha256-GtxtkI0cOC2A30Xw6gCDTN7JxN1zJGh7/eIXr6AlTSA=", 58 58 "type": "file", 59 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/x86_64-linux" 59 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/x86_64-linux" 60 60 }, 61 61 "original": { 62 62 "type": "file", 63 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/x86_64-linux" 63 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/x86_64-linux" 64 64 } 65 65 }, 66 66 "flake-compat": { ··· 153 153 ] 154 154 }, 155 155 "locked": { 156 - "lastModified": 1757650187, 157 - "narHash": "sha256-OrythrqccPKtuVt0mj26rr83Qo3Ljb4ZmwLdPGjzjMU=", 156 + "lastModified": 1757920978, 157 + "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", 158 158 "owner": "nix-community", 159 159 "repo": "home-manager", 160 - "rev": "9eab59f3e71ea3a725e4817d8dcf0da0824ad19d", 160 + "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", 161 161 "type": "github" 162 162 }, 163 163 "original": { ··· 191 191 "nixpkgs-regression": "nixpkgs-regression" 192 192 }, 193 193 "locked": { 194 - "lastModified": 1757029043, 195 - "narHash": "sha256-/XtKs/hpYXJPeT3WppFVFZH1WvPDmeTt11hMWt/Bwas=", 196 - "rev": "7143558a0989008c8e08cc27c3cb6a031f30b356", 197 - "revCount": 22309, 194 + "lastModified": 1757694985, 195 + "narHash": "sha256-3Ia+y7Hbwnzcuf1hyuVnFtbnSR6ErQeFjemHdVxjCNE=", 196 + "rev": "766f43aa6acb1b3578db488c19fbbedf04ed9f24", 197 + "revCount": 22340, 198 198 "type": "tarball", 199 - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.11.1/01991737-661d-7932-b7c9-d3a0499b4c3f/source.tar.gz" 199 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.11.2/01993ee9-f8e7-7b80-80df-ec0a20a32514/source.tar.gz" 200 200 }, 201 201 "original": { 202 202 "type": "tarball", ··· 261 261 }, 262 262 "nixos-hardware": { 263 263 "locked": { 264 - "lastModified": 1757103352, 265 - "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", 264 + "lastModified": 1757943327, 265 + "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", 266 266 "owner": "NixOS", 267 267 "repo": "nixos-hardware", 268 - "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", 268 + "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", 269 269 "type": "github" 270 270 }, 271 271 "original": {
+21 -2
flake.nix
··· 58 58 }; 59 59 60 60 outputs = 61 - { 61 + inputs@{ 62 62 self, 63 63 nixpkgs, 64 64 home-manager, ··· 80 80 ./hosts/recoverykit/configuration.nix 81 81 "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" 82 82 ]; 83 + 84 + specialArgs = { 85 + zen-browser = zen-browser; 86 + }; 83 87 }; 84 88 85 89 portable-amd64-256gb = nixpkgs.lib.nixosSystem { ··· 96 100 # one-liners? 97 101 { programs.nix-ld.dev.enable = true; } 98 102 ]; 103 + 104 + specialArgs = { 105 + zen-browser = zen-browser; 106 + }; 99 107 }; 100 108 101 109 stellapent-cier = nixpkgs.lib.nixosSystem { 102 - inherit zen-browser; 103 110 # for some reason, zen-browser needs to be imported before nixos-hardware 104 111 # otherwise, it fails to build with some missing dependencies 105 112 system = "x86_64-linux"; ··· 115 122 # one-liners? 116 123 { programs.nix-ld.dev.enable = true; } 117 124 ]; 125 + specialArgs = { 126 + zen-browser = zen-browser; 127 + }; 118 128 }; 119 129 }; 120 130 homeConfigurations = { ··· 135 145 }; 136 146 } 137 147 ]; 148 + specialArgs = { 149 + zen-browser = zen-browser; 150 + }; 138 151 }; 139 152 140 153 # Usage ··· 151 164 home.homeDirectory = "/home/ajhalili2006"; 152 165 } 153 166 ]; 167 + specialArgs = { 168 + zen-browser = zen-browser; 169 + }; 154 170 }; 155 171 156 172 # Usage ··· 167 183 home.homeDirectory = "/home/ajhalili2006"; 168 184 } 169 185 ]; 186 + specialArgs = { 187 + zen-browser = zen-browser; 188 + }; 170 189 }; 171 190 }; 172 191
+5 -1
hosts/stellapent-cier/broadcom.nix
··· 12 12 broadcom-bt-firmware 13 13 ]; 14 14 15 - # required due to security warnings 15 + # required due to security warnings, also maintained here for reproducibility instead of 16 + # messing around --impure CLI flag + exporting NIXPKGS_ALLOW_INSECURE=1 16 17 nixpkgs.config.permittedInsecurePackages = [ 17 18 "broadcom-sta-6.30.223.271-57-6.15.7" 18 19 "broadcom-sta-6.30.223.271-57-6.16.3" 20 + "broadcom-sta-6.30.223.271-57-6.16.4" 21 + "broadcom-sta-6.30.223.271-57-6.16.5" 22 + "broadcom-sta-6.30.223.271-57-6.16.6" 19 23 ]; 20 24 }
+43 -30
hosts/stellapent-cier/configuration.nix
··· 2 2 # your system. Help is available in the configuration.nix(5) man page 3 3 # and in the NixOS manual (accessible by running ‘nixos-help’). 4 4 5 - { self, config, pkgs, lib, ... }: 5 + { 6 + self, 7 + config, 8 + pkgs, 9 + lib, 10 + ... 11 + }: 6 12 7 13 let 8 14 # localhost + local network in HaliliFam WiFi network 9 - baseHostsFile = with import ../../shared/hosts-file.nix; { 10 - "127.0.0.1" = localhost ++ [ 11 - "stellapent-cier.local" 12 - "stellapent-cier.tailnet" 13 - "stellapent-cier.fawn-cod.ts.net" 14 - ]; 15 - } // localNetwork.halilifam; 15 + baseHostsFile = 16 + with import ../../shared/hosts-file.nix; 17 + { 18 + "127.0.0.1" = localhost ++ [ 19 + "stellapent-cier.local" 20 + "stellapent-cier.tailnet" 21 + "stellapent-cier.fawn-cod.ts.net" 22 + ]; 23 + } 24 + // localNetwork.halilifam; 16 25 17 26 # tailnet, blocking ads via blackholing to 0.0.0.0, etc. 18 - extraHosts = with import ../../shared/hosts-file.nix; 19 - tailnet; 27 + extraHosts = with import ../../shared/hosts-file.nix; tailnet; 20 28 21 29 # them merge them all together 22 30 hostsFile = baseHostsFile // extraHosts; 23 31 in 24 32 { 25 - imports = 26 - [ 27 - ./hardware-configuration.nix 28 - ./broadcom.nix 29 - ../../shared/meta.nix 30 - ../../shared/desktop/base.nix 31 - ../../shared/desktop/kde-plasma.nix 32 - ../../shared/server/ssh.nix 33 - ../../shared/server/tailscale.nix 34 - ../../shared/server/devenv.nix 35 - ../../shared/server/cockpit.nix 36 - ]; 33 + imports = [ 34 + ./hardware-configuration.nix 35 + ./broadcom.nix 36 + ../../shared/meta.nix 37 + ../../shared/desktop/base.nix 38 + ../../shared/desktop/kde-plasma.nix 39 + ../../shared/server/ssh.nix 40 + ../../shared/server/tailscale.nix 41 + ../../shared/server/devenv.nix 42 + ../../shared/server/cockpit.nix 43 + ]; 37 44 38 45 # Bootloader 39 46 boot = { ··· 106 113 users.users.gildedguy = { 107 114 isNormalUser = true; 108 115 description = "Gildedguy (Michael Moy)"; # We're not impersonating the animatior here lol. 109 - extraGroups = [ "networkmanager" "wheel" "docker"]; 116 + extraGroups = [ 117 + "networkmanager" 118 + "wheel" 119 + "docker" 120 + ]; 110 121 openssh = { 111 122 authorizedKeys.keys = with import ../../shared/ssh-keys.nix; [ 112 123 personal.y2022 ··· 116 127 ]; 117 128 }; 118 129 linger = true; 119 - 130 + 120 131 }; 121 132 home-manager.users.gildedguy = import ./users/gildedguy.nix; 122 133 #programs.home-manager.enable = true; # allow home-manager to manage itself 123 134 124 135 # logind adjustments for this laptop to run as a headless server while 125 136 # the lid is closed. 126 - services.logind = { 127 - lidSwitchExternalPower = "ignore"; 128 - lidSwitchDocked = "ignore"; 129 - lidSwitch = "ignore"; 137 + services.logind.settings.Login = { 138 + HandleLidSwitch = "ignore"; 139 + HandleLidSwitchDocked = "ignore"; 140 + HandleLidSwitchExternalPower = "ignore"; 130 141 }; 131 142 132 143 # Some programs need SUID wrappers, can be configured further or are 133 144 # started in user sessions. 134 145 programs.mtr.enable = true; 135 146 136 - system.nixos.tags = [ "laptop" "homelab" ]; 147 + system.nixos.tags = [ 148 + "laptop" 149 + "homelab" 150 + ]; 137 151 } 138 -
+9
shared/appimages.nix
··· 1 + { ... }: 2 + 3 + { 4 + # AppImages supprot via binfmt_misc 5 + programs.appimage = { 6 + enable = true; 7 + binfmt = true; 8 + }; 9 + }
+4 -12
shared/desktop/base.nix
··· 3 3 { 4 4 imports = [ 5 5 ./bluetooth.nix 6 - ./firefox.nix 6 + ./browsers.nix 7 7 ./firewall.nix 8 8 ./fonts.nix 9 9 ./yubikey.nix ··· 14 14 environment.systemPackages = with pkgs; [ 15 15 thunderbird 16 16 17 - # browsers (firefox is in ./firefox.nix) 18 - google-chrome 19 - microsoft-edge 20 - 21 17 libreoffice-qt6-fresh 22 18 hunspell 23 19 hunspellDicts.en_US 24 - 20 + 25 21 # android tools 26 22 android-tools 27 23 adbtuifm 28 - ]; 29 24 30 - # AppImages supprot via binfmt_misc 31 - programs.appimage = { 32 - enable = true; 33 - binfmt = true; 34 - }; 25 + termius 26 + ]; 35 27 }
+14
shared/desktop/browsers.nix
··· 1 + { pkgs, ... }: 2 + 3 + { 4 + imports = [ 5 + ./firefox.nix # firefox and friends go here 6 + ]; 7 + 8 + environment.systemPackages = with pkgs; [ 9 + google-chrome 10 + # Commented out MS Edge due to sync issues with M365 school accounts atm 11 + #microsoft-edge 12 + vivaldi 13 + ]; 14 + }
+14 -23
shared/home-manager/main.nix
··· 2 2 # some home.{username,userDirectory} configs to ensure portability between 3 3 # hosts 4 4 5 - { config, pkgs, lib, home-manager, ... }: 5 + { 6 + config, 7 + pkgs, 8 + lib, 9 + home-manager, 10 + ... 11 + }: 6 12 7 13 { 8 14 imports = [ ··· 29 35 # You should not change this value, even if you update Home Manager. If you do 30 36 # want to update the value, then make sure to first check the Home Manager 31 37 # release notes. 32 - home.stateVersion = "24.11"; # Please read the comment before changing. 38 + home.stateVersion = "25.05"; # Please read the comment before changing. 33 39 34 40 home.sessionPath = [ 35 41 "$HOME/bin" ··· 40 46 41 47 # Let Home Manager install and manage itself. 42 48 programs.home-manager.enable = true; 43 - 49 + 44 50 programs.vscode = { 45 51 enable = true; 46 52 package = pkgs.vscode; 47 - enableExtensionUpdateCheck = true; 53 + profiles = { 54 + default = { 55 + enableExtensionUpdateCheck = true; 56 + }; 57 + }; 48 58 mutableExtensionsDir = true; 49 - # userSettings = { 50 - # "nix.enableLanguageServer" = true; 51 - # "nix.serverPath" = "nil"; 52 - # "window.customTitleBarVisibility" = "auto"; 53 - # "window.titleBarStyle" = "custom"; 54 - # "window.menuBarVisibility" = "classic"; 55 - # "redhat.telemetry.enabled" = true; 56 - # "github.copilot.editor.enableAutoCompletions" = false; 57 - # "github.copilot.chat.followUps" = "always"; 58 - # "github.copilot.chat.terminalChatLocation" = "terminal"; 59 - # "git.confirmSync" = false; 60 - # "microsoft-authentication.implementation" = "msal"; 61 - # "workbench.colorTheme" = "GitHub Dark Colorblind (Beta)"; 62 - # "workbench.iconTheme" = "material-icon-theme"; 63 - # "workbench.productIconTheme" = "material-product-icons"; 64 - # }; 65 - # We're importing what's generated from nix4vscode here as a workaround 66 - # for now. 67 - #extensions = lib.attrsets.mapAttrsToList (_: v: v) vscExts; 68 59 }; 69 60 }
+1
shared/home-manager/packages.nix
··· 43 43 # imported from my nix profile list to avoid conflicts # 44 44 gpgme 45 45 jq 46 + termius 46 47 47 48 ## programming languages 48 49 # js
+1
shared/meta.nix
··· 8 8 ./1password.nix 9 9 ./meta-configs.nix 10 10 ./flatpak.nix 11 + ./appimages.nix 11 12 ./gnupg.nix 12 13 ./locale.nix 13 14 ./networking.nix