common/auto-upgrade.nix

@@ -7,7 +7,7 @@
     flags = [
       # Override nixpkgs (only). Notably does not include home-manager, sops or other utility/application flake inputs.
       "--refresh"
-      "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-25.05"
+      "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-24.11"
       "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable"
       "--no-write-lock-file"
     ];

flake.lock

@@ -74,16 +74,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1748665073,
+        "lastModified": 1747688870,
-        "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=",
+        "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "282e1e029cb6ab4811114fc85110613d72771dea",
+        "rev": "d5f1f641b289553927b3801580598d200a501863",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-24.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -136,16 +136,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1748373722,
+        "lastModified": 1739553546,
-        "narHash": "sha256-qi6aDGP2W6GyAUNEhg+slQWEpUiJ8LNIrQkmxHpzadI=",
+        "narHash": "sha256-L4ou3xfOr17EAe836djRoQ7auVkYOREMtiQa82wVGqU=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "75b99daa12b1fffd646d6c3cf13b06f1fa5cef63",
+        "rev": "353846417f985e74fdc060555f17939e4472ea2c",
         "type": "github"
       },
       "original": {
         "owner": "lnl7",
-        "ref": "nix-darwin-25.05",
+        "ref": "nix-darwin-24.11",
         "repo": "nix-darwin",
         "type": "github"
       }
@@ -243,16 +243,16 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1748889542,
+        "lastModified": 1747676747,
-        "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=",
+        "narHash": "sha256-LXkWBVqilgx7Pohwqu/ABxDVw+Cmi5/Mj2S2mpUH0Fw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922",
+        "rev": "72841a4a8761d1aed92ef6169a636872c986c76d",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-25.05",
+        "ref": "nixos-24.11",
         "repo": "nixpkgs",
         "type": "github"
       }

flake.nix

@@ -2,14 +2,14 @@
   description = "Felixalb System flake";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; # Remember to update ./common/auto-upgrade.nix
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; # Remember to update ./common/auto-upgrade.nix
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     nixpkgs-2211.url = "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz"; # old nixpgks for e.g. remmina
 
-    nix-darwin.url = "github:lnl7/nix-darwin/nix-darwin-25.05";
+    nix-darwin.url = "github:lnl7/nix-darwin/nix-darwin-24.11";
     nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
 
-    home-manager.url = "github:nix-community/home-manager/release-25.05";
+    home-manager.url = "github:nix-community/home-manager/release-24.11";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
     matrix-synapse-next.url = "github:dali99/nixos-matrix-modules/v0.6.0";
@@ -104,7 +104,7 @@
         felixalbpc = normalSys "felixalbpc" { };
 
         # Work laptop
-        fa-t14-2025 = normalSys "fa-t14-2025" { };
+        felixalbpc = normalSys "fa-t14-2025" { };
 
         # Web host
         malcolm = normalSys "malcolm" { };

home/zsh.nix

@@ -34,7 +34,7 @@
         ];
       };
 
-      initContent = ''
+      initExtra = ''
         # Autocomplete ../
         zstyle ':completion:*' special-dirs true
         export PATH="$HOME/.config/emacs/bin:$HOME/.cargo/bin:$PATH"

hosts/challenger/configuration.nix

@@ -45,8 +45,6 @@
   virtualisation.docker.enable = true;
   virtualisation.oci-containers.backend = "docker";
 
-  security.polkit.enable = true; # Required for nextcloud
-
   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
        "nvidia-x11"
        "nvidia-settings"

hosts/challenger/services/jellyfin.nix

@@ -6,6 +6,10 @@
 
   users.users.${config.services.jellyfin.user}.extraGroups = [ "video" "render" ];
 
+  systemd.services.jellyfin.serviceConfig = {
+    DeviceAllow = lib.mkForce [ "/dev/dri/card0" "/dev/dri/card1" ];
+  };
+
   services.nginx.virtualHosts."jellyfin.home.feal.no" = {
     serverAliases = [ "jf.feal.no" ];
     locations = {

hosts/challenger/services/komga.nix

@@ -1,18 +1,16 @@
 { config, lib, pkgs, ... }:
 let
   domain = "komga.home.feal.no";
-  port = 5001;
+  cfg = config.services.komga;
 in {
   services.komga = {
     enable = true;
     stateDir = "/tank/media/komga";
-    settings.server = {
+    port = 5001;
-      inherit port;
-    };
   };
 
   services.nginx.virtualHosts.${domain} = {
-    locations."/".proxyPass = "http://127.0.0.1:${toString port}";
+    locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
 
     extraConfig = ''
       client_max_body_size 512M;

hosts/challenger/services/nextcloud.nix

@@ -5,7 +5,7 @@ let
 in {
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud31;
+    package = pkgs.nextcloud30;
     inherit hostName;
     home = "/tank/nextcloud";
     https = true;
@@ -46,9 +46,7 @@ in {
       oidc_login_filter_allowed_values = [ "nextcloud-user" ];
       oidc_login_disable_registration = false;
 
-      "memories.exiftool" = pkgs.writeShellScript "exiftool-perl" ''
+      "memories.exiftool" = "${cfg.home}/store-apps/memories/bin-ext/exiftool-amd64-glibc";
-        ${lib.getExe pkgs.perl} ${cfg.home}/store-apps/memories/bin-ext/exiftool/exiftool "$@"
-      '';
       "memories.exiftool_no_local" = false;
       "memories.vod.disable" = false;
       "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";

hosts/defiant/configuration.nix

@@ -18,17 +18,17 @@
       ./services/wireguard.nix
 
       # Services
-      # ./services/flame.nix
+      ./services/flame.nix
       ./services/gitea.nix
       ./services/hedgedoc.nix
       ./services/home-assistant.nix
       ./services/keycloak.nix
-      # ./services/koillection.nix
+      ./services/koillection.nix
       ./services/matrix
       ./services/microbin.nix
       ./services/minecraft/home.nix
       ./services/monitoring
-      # ./services/rtl-tcp.nix
+      ./services/rtl-tcp.nix
       ./services/searx.nix
       ./services/vaultwarden.nix
   ];

hosts/defiant/filesystems.nix

@@ -15,15 +15,13 @@
 
   fileSystems = {
     "/mnt/feal-syn1/backup" = {
-      device = "192.168.10.162:/volume2/backup";
+      device = "feal-syn1.home.feal.no:/volume2/backup";
       fsType = "nfs";
       options = [
         "defaults"
         "noatime"
         "rw"
         "nfsvers=3"
-        "x-systemd.automount"
-        "noauto"
       ];
     };
   };

hosts/defiant/services/home-assistant.nix

@@ -8,7 +8,7 @@ in {
 
   virtualisation.oci-containers.containers = {
     homeassistant = {
-      image = "ghcr.io/home-assistant/home-assistant:2025.5.3";
+      image = "ghcr.io/home-assistant/home-assistant:2024.1";
       extraOptions = [
         "--network=host"
         "--device=/dev/ttyUSB0" # Sonoff Zigbee 3.0 USB

hosts/fa-t14-2025/desktop.nix

@@ -23,6 +23,8 @@
     pulse.enable = true;
     jack.enable = true;
   };
+  hardware.pulseaudio.enable = false;
+
 
   # Fonts
   fonts = {
@@ -34,7 +36,11 @@
       font-awesome
       fira-code
       hack-font
-      nerd-fonts.hack
+      (nerdfonts.override {
+        fonts = [
+          "Hack"
+        ];
+      })
     ];
   };
 

hosts/fa-t14-2025/hardware-configuration.nix

@@ -1,37 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/75dd0e39-9411-48c9-822d-bf3c897d0f61";
-      fsType = "ext4";
-    };
-
-  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/3ecaedab-415c-4cce-a3a9-9f3782acb682";
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/0800-59D9";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices = [ ];
-
-  networking.useDHCP = lib.mkDefault false;
-  # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/fa-t14-2025/home.nix

@@ -25,15 +25,8 @@ in {
     virt-manager
     w3m
 
-    (unstable.microsoft-edge.overrideAttrs ({ installPhase ? "", ... }: {
-      installPhase = installPhase + ''
-        ln -s $out/bin/microsoft-edge $out/bin/microsoft-edge-stable
-      '';
-    }))
-
     # Window Manager Extras
     bibata-cursors
-    brightnessctl
     cliphist
     hyprcursor
     hypridle

hosts/malcolm/configuration.nix

@@ -10,7 +10,6 @@
 
     ./services/mysql.nix
     ./services/nginx.nix
-    ./services/www-ctf-feal-no.nix
     ./services/www-kinealbrigtsen-no.nix
   ];
 

hosts/malcolm/services/www-ctf-feal-no.nix

@@ -1,14 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  services.nginx.virtualHosts."ctf.feal.no" = {
-    locations = {
-      "/".return = "302 https://www.feal.no/";
-      "/cc/" = {
-        alias = "${pkgs.cyberchef}/share/cyberchef/";
-        index = "index.html";
-      };
-      "= /cc".return = "302 /cc/";
-    };
-  };
-}

hosts/malcolm/services/www-kinealbrigtsen-no.nix

@@ -83,6 +83,7 @@
       set_real_ip_from 192.168.11.0/24;
       real_ip_header X-Forwarded-For;
 
+      add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
       add_header 'Referrer-Policy' 'origin-when-cross-origin';
       add_header X-Frame-Options DENY;
       add_header X-Content-Type-Options nosniff;

hosts/sisko/configuration.nix

@@ -11,16 +11,15 @@
 
   networking = {
     hostName = "sisko";
-    networkmanager.enable = true;
+    defaultGateway = "192.168.10.1";
-    # defaultGateway = "192.168.10.1";
+    interfaces.enp14s0 = {
-    # interfaces.enp14s0 = {
+      ipv4 = {
-    #   ipv4 = {
+        addresses = [
-    #     addresses = [
+          { address = "192.168.10.172"; prefixLength = 24; }
-    #       { address = "192.168.10.172"; prefixLength = 24; }
+        ];
-    #     ];
+      };
-    #   };
+      wakeOnLan.enable = true;
-    #   wakeOnLan.enable = true;
+    };
-    # };
     hostId = "b716d781";
   };
 
@@ -28,7 +27,7 @@
   sops.defaultSopsFile = ../../secrets/sisko/sisko.yaml;
   environment.variables = { EDITOR = "vim"; };
 
-  users.users.felixalb.extraGroups = [ "dialout" "networkmanager" ];
+  users.users.felixalb.extraGroups = [ "dialout" ];
 
   programs = {
     gamemode.enable = true;
@@ -58,9 +57,6 @@
       "steam-unwrapped"
       "tlclient"
     ];
-    permittedInsecurePackages = [
-      "openssl-1.1.1w"
-    ];
   };
 
 

hosts/sisko/desktop.nix

@@ -29,13 +29,17 @@
   fonts = {
     fontDir.enable = true;
     packages = with pkgs; [
-      fira-code
-      font-awesome
-      hack-font
-      nerd-fonts.hack
       noto-fonts
-      noto-fonts-cjk-sans
       noto-fonts-emoji
+      noto-fonts-cjk-sans
+      font-awesome
+      fira-code
+      hack-font
+      (nerdfonts.override {
+        fonts = [
+          "Hack"
+        ];
+      })
     ];
   };
 

hosts/sisko/home.nix

@@ -8,37 +8,31 @@
 
   home.packages = with pkgs; [
     # GUI Applications
-    cantata
     chromium
     discord
     easyeffects
     element-desktop
     emacs-gtk
-    feishin
+    papers
     jellyfin-media-player
     kitty
     libreoffice
     mpv
     mumble
-    papers
     pavucontrol
     picard
     prismlauncher
-    runelite
-    spotify
     swayimg
+    spotify
     thunderbird
-    tor-browser
-    unstable.bolt-launcher
 
     exiftool
     ghidra
-    # pwndbg-gdb-alias # Broken in 25.05
+    pwndbg-gdb-alias
     snicat
 
     # Window Manager Extras
     bibata-cursors
-    cliphist
     hyprcursor
     hypridle
     hyprlock
@@ -51,9 +45,9 @@
     swaynotificationcenter
     waybar
     wl-clipboard
+    cliphist
 
     # Misc tools
-    abcde
     bc
     catimg
     dante

hosts/worf/configuration.nix

@@ -8,8 +8,6 @@
   nixpkgs.config.allowUnfree = true;
 
   nix = {
-    enable = true;
-
     # gc = {
     #   automatic = true;
     #   options = "--delete-older-than 2d";
@@ -76,8 +74,6 @@
     };
   };
 
-  ids.gids.nixbld = 30000;
-  system.primaryUser = "felixalb";
   users.users.felixalb = {
     home = "/Users/felixalb";
     shell = pkgs.zsh;
@@ -88,11 +84,16 @@
 
 
   fonts.packages = with pkgs; [
-    fira-code
-    font-awesome
-    hack-font
-    nerd-fonts.hack
     noto-fonts
+    font-awesome
+    fira-code
+    hack-font
+
+    (nerdfonts.override {
+      fonts = [
+        "Hack"
+      ];
+    })
   ];
 
   system.defaults = {
@@ -138,7 +139,9 @@
     remapCapsLockToControl = true;
   };
 
-  # nix.package = pkgs.nix;
+  # Auto upgrade nix package and the daemon service.
+  services.nix-daemon.enable = true;
+  nix.package = pkgs.nix;
 
   system.stateVersion = 5;
 }