Merge pull request 'Upgrade to nixos 25.05' (#4) from nixos-25.05 into main

Reviewed-on: #4

common/auto-upgrade.nix

@@ -7,7 +7,7 @@
     flags = [
       # Override nixpkgs (only). Notably does not include home-manager, sops or other utility/application flake inputs.
       "--refresh"
-      "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-24.11"
+      "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-25.05"
       "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable"
       "--no-write-lock-file"
     ];

flake.lock

@@ -74,16 +74,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1747688870,
-        "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=",
+        "lastModified": 1748665073,
+        "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d5f1f641b289553927b3801580598d200a501863",
+        "rev": "282e1e029cb6ab4811114fc85110613d72771dea",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.11",
+        "ref": "release-25.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -136,16 +136,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1739553546,
-        "narHash": "sha256-L4ou3xfOr17EAe836djRoQ7auVkYOREMtiQa82wVGqU=",
+        "lastModified": 1748373722,
+        "narHash": "sha256-qi6aDGP2W6GyAUNEhg+slQWEpUiJ8LNIrQkmxHpzadI=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "353846417f985e74fdc060555f17939e4472ea2c",
+        "rev": "75b99daa12b1fffd646d6c3cf13b06f1fa5cef63",
         "type": "github"
       },
       "original": {
         "owner": "lnl7",
-        "ref": "nix-darwin-24.11",
+        "ref": "nix-darwin-25.05",
         "repo": "nix-darwin",
         "type": "github"
       }
@@ -243,16 +243,16 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1747676747,
-        "narHash": "sha256-LXkWBVqilgx7Pohwqu/ABxDVw+Cmi5/Mj2S2mpUH0Fw=",
+        "lastModified": 1748889542,
+        "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "72841a4a8761d1aed92ef6169a636872c986c76d",
+        "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
         "repo": "nixpkgs",
         "type": "github"
       }

flake.nix

@@ -2,14 +2,14 @@
   description = "Felixalb System flake";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; # Remember to update ./common/auto-upgrade.nix
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; # Remember to update ./common/auto-upgrade.nix
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     nixpkgs-2211.url = "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz"; # old nixpgks for e.g. remmina
 
-    nix-darwin.url = "github:lnl7/nix-darwin/nix-darwin-24.11";
+    nix-darwin.url = "github:lnl7/nix-darwin/nix-darwin-25.05";
     nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
 
-    home-manager.url = "github:nix-community/home-manager/release-24.11";
+    home-manager.url = "github:nix-community/home-manager/release-25.05";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
     matrix-synapse-next.url = "github:dali99/nixos-matrix-modules/v0.6.0";
@@ -104,7 +104,7 @@
         felixalbpc = normalSys "felixalbpc" { };
 
         # Work laptop
-        felixalbpc = normalSys "fa-t14-2025" { };
+        fa-t14-2025 = normalSys "fa-t14-2025" { };
 
         # Web host
         malcolm = normalSys "malcolm" { };

home/zsh.nix

@@ -34,7 +34,7 @@
         ];
       };
 
-      initExtra = ''
+      initContent = ''
         # Autocomplete ../
         zstyle ':completion:*' special-dirs true
         export PATH="$HOME/.config/emacs/bin:$HOME/.cargo/bin:$PATH"

hosts/challenger/configuration.nix

@@ -45,6 +45,8 @@
   virtualisation.docker.enable = true;
   virtualisation.oci-containers.backend = "docker";
 
+  security.polkit.enable = true; # Required for nextcloud
+
   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
        "nvidia-x11"
        "nvidia-settings"

hosts/challenger/services/jellyfin.nix

@@ -6,10 +6,6 @@
 
   users.users.${config.services.jellyfin.user}.extraGroups = [ "video" "render" ];
 
-  systemd.services.jellyfin.serviceConfig = {
-    DeviceAllow = lib.mkForce [ "/dev/dri/card0" "/dev/dri/card1" ];
-  };
-
   services.nginx.virtualHosts."jellyfin.home.feal.no" = {
     serverAliases = [ "jf.feal.no" ];
     locations = {

hosts/challenger/services/komga.nix

@@ -1,16 +1,18 @@
 { config, lib, pkgs, ... }:
 let
   domain = "komga.home.feal.no";
-  cfg = config.services.komga;
+  port = 5001;
 in {
   services.komga = {
     enable = true;
     stateDir = "/tank/media/komga";
-    port = 5001;
+    settings.server = {
+      inherit port;
+    };
   };
 
   services.nginx.virtualHosts.${domain} = {
-    locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
+    locations."/".proxyPass = "http://127.0.0.1:${toString port}";
 
     extraConfig = ''
       client_max_body_size 512M;

hosts/challenger/services/nextcloud.nix

@@ -5,7 +5,7 @@ let
 in {
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud30;
+    package = pkgs.nextcloud31;
     inherit hostName;
     home = "/tank/nextcloud";
     https = true;
@@ -46,7 +46,9 @@ in {
       oidc_login_filter_allowed_values = [ "nextcloud-user" ];
       oidc_login_disable_registration = false;
 
-      "memories.exiftool" = "${cfg.home}/store-apps/memories/bin-ext/exiftool-amd64-glibc";
+      "memories.exiftool" = pkgs.writeShellScript "exiftool-perl" ''
+        ${lib.getExe pkgs.perl} ${cfg.home}/store-apps/memories/bin-ext/exiftool/exiftool "$@"
+      '';
       "memories.exiftool_no_local" = false;
       "memories.vod.disable" = false;
       "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";

hosts/defiant/configuration.nix

@@ -18,17 +18,17 @@
       ./services/wireguard.nix
 
       # Services
-      ./services/flame.nix
+      # ./services/flame.nix
       ./services/gitea.nix
       ./services/hedgedoc.nix
       ./services/home-assistant.nix
       ./services/keycloak.nix
-      ./services/koillection.nix
+      # ./services/koillection.nix
       ./services/matrix
       ./services/microbin.nix
       ./services/minecraft/home.nix
       ./services/monitoring
-      ./services/rtl-tcp.nix
+      # ./services/rtl-tcp.nix
       ./services/searx.nix
       ./services/vaultwarden.nix
   ];

hosts/defiant/filesystems.nix

@@ -15,13 +15,15 @@
 
   fileSystems = {
     "/mnt/feal-syn1/backup" = {
-      device = "feal-syn1.home.feal.no:/volume2/backup";
+      device = "192.168.10.162:/volume2/backup";
       fsType = "nfs";
       options = [
         "defaults"
         "noatime"
         "rw"
         "nfsvers=3"
+        "x-systemd.automount"
+        "noauto"
       ];
     };
   };

hosts/defiant/services/home-assistant.nix

@@ -8,7 +8,7 @@ in {
 
   virtualisation.oci-containers.containers = {
     homeassistant = {
-      image = "ghcr.io/home-assistant/home-assistant:2024.1";
+      image = "ghcr.io/home-assistant/home-assistant:2025.5.3";
       extraOptions = [
         "--network=host"
         "--device=/dev/ttyUSB0" # Sonoff Zigbee 3.0 USB

hosts/fa-t14-2025/desktop.nix

@@ -23,8 +23,6 @@
     pulse.enable = true;
     jack.enable = true;
   };
-  hardware.pulseaudio.enable = false;
-
 
   # Fonts
   fonts = {
@@ -36,11 +34,7 @@
       font-awesome
       fira-code
       hack-font
-      (nerdfonts.override {
-        fonts = [
-          "Hack"
-        ];
-      })
+      nerd-fonts.hack
     ];
   };
 

hosts/fa-t14-2025/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/75dd0e39-9411-48c9-822d-bf3c897d0f61";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/3ecaedab-415c-4cce-a3a9-9f3782acb682";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0800-59D9";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  networking.useDHCP = lib.mkDefault false;
+  # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/fa-t14-2025/home.nix

@@ -25,8 +25,15 @@ in {
     virt-manager
     w3m
 
+    (unstable.microsoft-edge.overrideAttrs ({ installPhase ? "", ... }: {
+      installPhase = installPhase + ''
+        ln -s $out/bin/microsoft-edge $out/bin/microsoft-edge-stable
+      '';
+    }))
+
     # Window Manager Extras
     bibata-cursors
+    brightnessctl
     cliphist
     hyprcursor
     hypridle

hosts/malcolm/configuration.nix

@@ -10,6 +10,7 @@
 
     ./services/mysql.nix
     ./services/nginx.nix
+    ./services/www-ctf-feal-no.nix
     ./services/www-kinealbrigtsen-no.nix
   ];
 

hosts/malcolm/services/www-ctf-feal-no.nix

@@ -0,0 +1,14 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services.nginx.virtualHosts."ctf.feal.no" = {
+    locations = {
+      "/".return = "302 https://www.feal.no/";
+      "/cc/" = {
+        alias = "${pkgs.cyberchef}/share/cyberchef/";
+        index = "index.html";
+      };
+      "= /cc".return = "302 /cc/";
+    };
+  };
+}

hosts/malcolm/services/www-kinealbrigtsen-no.nix

@@ -83,7 +83,6 @@
       set_real_ip_from 192.168.11.0/24;
       real_ip_header X-Forwarded-For;
 
-      add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
       add_header 'Referrer-Policy' 'origin-when-cross-origin';
       add_header X-Frame-Options DENY;
       add_header X-Content-Type-Options nosniff;

hosts/sisko/configuration.nix

@@ -11,15 +11,16 @@
 
   networking = {
     hostName = "sisko";
-    defaultGateway = "192.168.10.1";
-    interfaces.enp14s0 = {
-      ipv4 = {
-        addresses = [
-          { address = "192.168.10.172"; prefixLength = 24; }
-        ];
-      };
-      wakeOnLan.enable = true;
-    };
+    networkmanager.enable = true;
+    # defaultGateway = "192.168.10.1";
+    # interfaces.enp14s0 = {
+    #   ipv4 = {
+    #     addresses = [
+    #       { address = "192.168.10.172"; prefixLength = 24; }
+    #     ];
+    #   };
+    #   wakeOnLan.enable = true;
+    # };
     hostId = "b716d781";
   };
 
@@ -27,7 +28,7 @@
   sops.defaultSopsFile = ../../secrets/sisko/sisko.yaml;
   environment.variables = { EDITOR = "vim"; };
 
-  users.users.felixalb.extraGroups = [ "dialout" ];
+  users.users.felixalb.extraGroups = [ "dialout" "networkmanager" ];
 
   programs = {
     gamemode.enable = true;
@@ -57,6 +58,9 @@
       "steam-unwrapped"
       "tlclient"
     ];
+    permittedInsecurePackages = [
+      "openssl-1.1.1w"
+    ];
   };
 
 

hosts/sisko/desktop.nix

@@ -29,17 +29,13 @@
   fonts = {
     fontDir.enable = true;
     packages = with pkgs; [
-      noto-fonts
-      noto-fonts-emoji
-      noto-fonts-cjk-sans
-      font-awesome
       fira-code
+      font-awesome
       hack-font
-      (nerdfonts.override {
-        fonts = [
-          "Hack"
-        ];
-      })
+      nerd-fonts.hack
+      noto-fonts
+      noto-fonts-cjk-sans
+      noto-fonts-emoji
     ];
   };
 

hosts/sisko/home.nix

@@ -8,31 +8,37 @@
 
   home.packages = with pkgs; [
     # GUI Applications
+    cantata
     chromium
     discord
     easyeffects
     element-desktop
     emacs-gtk
-    papers
+    feishin
     jellyfin-media-player
     kitty
     libreoffice
     mpv
     mumble
+    papers
     pavucontrol
     picard
     prismlauncher
-    swayimg
+    runelite
     spotify
+    swayimg
     thunderbird
+    tor-browser
+    unstable.bolt-launcher
 
     exiftool
     ghidra
-    pwndbg-gdb-alias
+    # pwndbg-gdb-alias # Broken in 25.05
     snicat
 
     # Window Manager Extras
     bibata-cursors
+    cliphist
     hyprcursor
     hypridle
     hyprlock
@@ -45,9 +51,9 @@
     swaynotificationcenter
     waybar
     wl-clipboard
-    cliphist
 
     # Misc tools
+    abcde
     bc
     catimg
     dante

hosts/worf/configuration.nix

@@ -8,6 +8,8 @@
   nixpkgs.config.allowUnfree = true;
 
   nix = {
+    enable = true;
+
     # gc = {
     #   automatic = true;
     #   options = "--delete-older-than 2d";
@@ -74,6 +76,8 @@
     };
   };
 
+  ids.gids.nixbld = 30000;
+  system.primaryUser = "felixalb";
   users.users.felixalb = {
     home = "/Users/felixalb";
     shell = pkgs.zsh;
@@ -84,16 +88,11 @@
 
 
   fonts.packages = with pkgs; [
-    noto-fonts
-    font-awesome
     fira-code
+    font-awesome
     hack-font
-
-    (nerdfonts.override {
-      fonts = [
-        "Hack"
-      ];
-    })
+    nerd-fonts.hack
+    noto-fonts
   ];
 
   system.defaults = {
@@ -139,9 +138,7 @@
     remapCapsLockToControl = true;
   };
 
-  # Auto upgrade nix package and the daemon service.
-  services.nix-daemon.enable = true;
-  nix.package = pkgs.nix;
+  # nix.package = pkgs.nix;
 
   system.stateVersion = 5;
 }