From 9c0ea93934e96d689e973408419c2aaaea72abd6 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Sun, 30 Nov 2025 23:54:27 +0100 Subject: [PATCH 01/10] flake: update to 25.11. Breaks worf/darwin. --- common/auto-upgrade.nix | 2 +- flake.lock | 100 +++++++++++++++++----------------- flake.nix | 20 ++++--- home/base.nix | 2 +- hosts/sisko/configuration.nix | 1 - hosts/sisko/home.nix | 2 +- hosts/worf/configuration.nix | 15 ++--- hosts/worf/home.nix | 2 +- hosts/worf/yabai.nix | 1 - 9 files changed, 72 insertions(+), 73 deletions(-) diff --git a/common/auto-upgrade.nix b/common/auto-upgrade.nix index 65ddbb9..d8c7042 100644 --- a/common/auto-upgrade.nix +++ b/common/auto-upgrade.nix @@ -7,7 +7,7 @@ flags = [ # Override nixpkgs (only). Notably does not include home-manager, sops or other utility/application flake inputs. "--refresh" - "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-25.05" + "--override-input" "nixpkgs" "github:NixOS/nixpkgs/nixos-25.11" "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable" "--no-write-lock-file" ]; diff --git a/flake.lock b/flake.lock index c6f3ebc..4b1873c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,28 +1,13 @@ { "nodes": { - "extra-config": { - "locked": { - "lastModified": 1745649002, - "narHash": "sha256-XNBExt3+U3o4lip+yj6oorCEPZ9Qe8PzBSFM5ZzVtSA=", - "ref": "refs/heads/main", - "rev": "50c9c15db2b309d299b1c19089c962979e01f45b", - "revCount": 13, - "type": "git", - "url": "file:///home/felixalb/nix-extra-config" - }, - "original": { - "type": "git", - "url": "file:///home/felixalb/nix-extra-config" - } - }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -36,11 +21,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -52,20 +37,20 @@ "home-manager": { "inputs": { "nixpkgs": [ - "nixpkgs" + "nixpkgs-unstable" ] }, "locked": { - "lastModified": 1758463745, - "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", + "lastModified": 1764536451, + "narHash": "sha256-BgtcUkBfItu9/yU14IgUaj4rYOanTOUZjUfBP20/ZB4=", "owner": "nix-community", "repo": "home-manager", - "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", + "rev": "3fdd076e08049a9c7a83149b270440d9787d2df5", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", + "ref": "release-25.11", "repo": "home-manager", "type": "github" } @@ -92,20 +77,20 @@ "nix-darwin": { "inputs": { "nixpkgs": [ - "nixpkgs" + "nixpkgs-unstable" ] }, "locked": { - "lastModified": 1749744770, - "narHash": "sha256-MEM9XXHgBF/Cyv1RES1t6gqAX7/tvayBC1r/KPyK1ls=", + "lastModified": 1764161084, + "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "536f951efb1ccda9b968e3c9dee39fbeb6d3fdeb", + "rev": "e95de00a471d07435e0527ff4db092c84998698e", "type": "github" }, "original": { "owner": "lnl7", - "ref": "nix-darwin-25.05", + "ref": "master", "repo": "nix-darwin", "type": "github" } @@ -117,11 +102,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1734314370, - "narHash": "sha256-9PhjDAAuXP4tuJg+kM1AozKwBFyHHJ8ZqhQD+peqGtg=", + "lastModified": 1764208886, + "narHash": "sha256-voOx8RsK3miw3EHw05nwuOS4ltzeH8tKJnVr+mxtTPQ=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "616634de04e87b621bc3d495af114c4e9c6ccd36", + "rev": "7da8a2d675f9cc56b3f6d654b4cccdca5016ac8e", "type": "github" }, "original": { @@ -147,7 +132,6 @@ }, "nixpkgs-2211": { "locked": { - "lastModified": 1658083977, "narHash": "sha256-yqLXI+viN5+Vx5YpG9gNapKL3/+P6Pkprc36xNdyqSU=", "type": "tarball", "url": "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz" @@ -157,13 +141,29 @@ "url": "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz" } }, - "nixpkgs-unstable": { + "nixpkgs-darwin": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1764491476, + "narHash": "sha256-E4rtgPS7fntINb6fVJ5qQdkhfbZn8pzMYNdmiXqZmCo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "54f09efd2ca0dd5bb9c5fafc89573ab3ac44701d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-25.11-darwin", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1715266358, - "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f1010e0469db743d14519a1efd37e23f8513d714", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -191,29 +191,29 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "lastModified": 1764494334, + "narHash": "sha256-x2xCEXUlU4Ap56+t5HaoReOQ/bV/bIQ5rzTn/m+V3HQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "rev": "d542db745310b6929708d9abea513f3ff19b1341", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } }, "root": { "inputs": { - "extra-config": "extra-config", "home-manager": "home-manager", "matrix-synapse-next": "matrix-synapse-next", "nix-darwin": "nix-darwin", "nix-minecraft": "nix-minecraft", "nixpkgs": "nixpkgs_3", "nixpkgs-2211": "nixpkgs-2211", + "nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix" } @@ -225,11 +225,11 @@ ] }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1764483358, + "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "5aca6ff67264321d47856a2ed183729271107c9c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f715b39..414679e 100644 --- a/flake.nix +++ b/flake.nix @@ -2,20 +2,23 @@ description = "Felixalb System flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; # Remember to update ./common/auto-upgrade.nix - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; # Remember to update ./common/auto-upgrade.nix + nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-25.11-darwin"; nixpkgs-2211.url = "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz"; # old nixpgks for e.g. remmina + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nix-darwin.url = "github:lnl7/nix-darwin/nix-darwin-25.05"; + # nix-darwin.url = "github:lnl7/nix-darwin/nix-darwin-25.11"; # TODO - Uncomment when available + # nix-darwin.inputs.nixpkgs.follows = "nixpkgs-darwin"; + nix-darwin.url = "github:lnl7/nix-darwin/master"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; - home-manager.url = "github:nix-community/home-manager/release-25.05"; + home-manager.url = "github:nix-community/home-manager/release-25.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; matrix-synapse-next.url = "github:dali99/nixos-matrix-modules/v0.7.1"; nix-minecraft.url = "github:Infinidoge/nix-minecraft"; - extra-config.url = "git+file:///home/felixalb/nix-extra-config"; + # extra-config.url = "git+file:///home/felixalb/nix-extra-config"; # TODO - Re-add on challenger sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; @@ -29,9 +32,10 @@ , nix-darwin , nixpkgs , nixpkgs-2211 + , nixpkgs-darwin , nixpkgs-unstable , sops-nix - , extra-config + # , extra-config , ... }@inputs: let pkgs-overlay = final: prev: { @@ -52,7 +56,7 @@ { nixosConfigurations = let normalSys = name: hostConfig: nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + system = "x86_64-linux"; # TODO - Handle specialArgs = { inherit inputs; }; @@ -85,7 +89,7 @@ # Media / storage server challenger = normalSys "challenger" { modules = [ - extra-config.nixosModules.default + # extra-config.nixosModules.default ]; }; diff --git a/home/base.nix b/home/base.nix index 8479206..0d52432 100644 --- a/home/base.nix +++ b/home/base.nix @@ -32,7 +32,7 @@ programs.git = { enable = true; - extraConfig = { + settings = { pull.rebase = true; push.autoSetupRemote = true; color.ui = "auto"; diff --git a/hosts/sisko/configuration.nix b/hosts/sisko/configuration.nix index a51788c..5ad6a51 100644 --- a/hosts/sisko/configuration.nix +++ b/hosts/sisko/configuration.nix @@ -39,7 +39,6 @@ programs = { alvr = { enable = true; - package = pkgs.unstable.alvr; openFirewall = true; }; diff --git a/hosts/sisko/home.nix b/hosts/sisko/home.nix index a4c2958..15b77e6 100644 --- a/hosts/sisko/home.nix +++ b/hosts/sisko/home.nix @@ -19,7 +19,7 @@ jellyfin-media-player kitty libreoffice - unstable.lutris + lutris mpv mumble orca-slicer diff --git a/hosts/worf/configuration.nix b/hosts/worf/configuration.nix index ee86ec8..3d25304 100644 --- a/hosts/worf/configuration.nix +++ b/hosts/worf/configuration.nix @@ -111,13 +111,6 @@ }; - # firewall settings - alf = { - # 0 = disabled 1 = enabled 2 = blocks all connections except for essential services - globalstate = 1; - loggingenabled = 0; - }; - # dock settings dock = { autohide = true; @@ -133,12 +126,16 @@ }; }; + # firewall settings + networking.applicationFirewall = { + enable = true; + blockAllIncoming = true; + }; + system.keyboard = { enableKeyMapping = true; remapCapsLockToControl = true; }; - # nix.package = pkgs.nix; - system.stateVersion = 5; } diff --git a/hosts/worf/home.nix b/hosts/worf/home.nix index 5594ecf..407d362 100644 --- a/hosts/worf/home.nix +++ b/hosts/worf/home.nix @@ -26,7 +26,7 @@ prismlauncher restic snicat - spotify + # spotify # TODO - broken in 25.11 tldr w3m zellij diff --git a/hosts/worf/yabai.nix b/hosts/worf/yabai.nix index a3582c5..cf6d66e 100644 --- a/hosts/worf/yabai.nix +++ b/hosts/worf/yabai.nix @@ -5,7 +5,6 @@ let in { services.yabai = { enable = true; - package = pkgs.unstable.yabai; enableScriptingAddition = true; config = { -- 2.51.2 From 774bd0c0d8d022a5eee56fbedb6fc636230018f5 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Mon, 1 Dec 2025 00:02:06 +0100 Subject: [PATCH 02/10] morn: update to 25.11 --- common/auto-upgrade.nix | 2 +- flake.lock | 4 ++-- hosts/morn/services/miniflux.nix | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/common/auto-upgrade.nix b/common/auto-upgrade.nix index d8c7042..a16a1d7 100644 --- a/common/auto-upgrade.nix +++ b/common/auto-upgrade.nix @@ -3,7 +3,7 @@ { system.autoUpgrade = { enable = true; - flake = "git+https://git.feal.no/felixalb/nixos-config.git"; + flake = "git+https://git.feal.no/felixalb/nixos-config.git?ref=nixos-25.11"; # TODO - restore to main flags = [ # Override nixpkgs (only). Notably does not include home-manager, sops or other utility/application flake inputs. "--refresh" diff --git a/flake.lock b/flake.lock index 4b1873c..2c00a06 100644 --- a/flake.lock +++ b/flake.lock @@ -37,7 +37,7 @@ "home-manager": { "inputs": { "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs" ] }, "locked": { @@ -77,7 +77,7 @@ "nix-darwin": { "inputs": { "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs" ] }, "locked": { diff --git a/hosts/morn/services/miniflux.nix b/hosts/morn/services/miniflux.nix index 3886975..1279314 100644 --- a/hosts/morn/services/miniflux.nix +++ b/hosts/morn/services/miniflux.nix @@ -9,7 +9,7 @@ in { enable = true; adminCredentialsFile = config.sops.secrets."miniflux/env".path; config = { - CREATE_ADMIN = "1"; + CREATE_ADMIN = true; LISTEN_ADDR = listen_addr; BASE_URL = "http://${domain}"; -- 2.51.2 From d9b62f7c0af04da8db59cf29632a55eac050851d Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Mon, 1 Dec 2025 00:24:11 +0100 Subject: [PATCH 03/10] sisko: Update to nixos 25.11 --- hosts/fa-t14-2025/desktop.nix | 2 +- hosts/fa-t14-2025/home.nix | 1 - hosts/sisko/desktop.nix | 2 +- hosts/sisko/home.nix | 3 --- 4 files changed, 2 insertions(+), 6 deletions(-) diff --git a/hosts/fa-t14-2025/desktop.nix b/hosts/fa-t14-2025/desktop.nix index c3063cd..69ed1d4 100644 --- a/hosts/fa-t14-2025/desktop.nix +++ b/hosts/fa-t14-2025/desktop.nix @@ -29,7 +29,7 @@ fontDir.enable = true; packages = with pkgs; [ noto-fonts - noto-fonts-emoji + noto-fonts-color-emoji noto-fonts-cjk-sans font-awesome fira-code diff --git a/hosts/fa-t14-2025/home.nix b/hosts/fa-t14-2025/home.nix index 820801d..2c8d705 100644 --- a/hosts/fa-t14-2025/home.nix +++ b/hosts/fa-t14-2025/home.nix @@ -44,7 +44,6 @@ in { hyprlock hyprpaper hyprshot - hyprswitch nautilus rofi-rbw-wayland swaynotificationcenter diff --git a/hosts/sisko/desktop.nix b/hosts/sisko/desktop.nix index 2cc8986..6ed3c66 100644 --- a/hosts/sisko/desktop.nix +++ b/hosts/sisko/desktop.nix @@ -34,7 +34,7 @@ nerd-fonts.hack noto-fonts noto-fonts-cjk-sans - noto-fonts-emoji + noto-fonts-color-emoji ]; }; diff --git a/hosts/sisko/home.nix b/hosts/sisko/home.nix index 15b77e6..d4d84a6 100644 --- a/hosts/sisko/home.nix +++ b/hosts/sisko/home.nix @@ -16,7 +16,6 @@ emacs-gtk feishin gqrx - jellyfin-media-player kitty libreoffice lutris @@ -49,7 +48,6 @@ hyprlock hyprpaper hyprshot - hyprswitch nautilus networkmanager rofi-rbw-wayland @@ -105,7 +103,6 @@ rofi = { enable = true; theme = "iggy"; - package = pkgs.rofi-wayland; }; zsh = { shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config"; -- 2.51.2 From 1af2ea355211c1a720f62084602f44a1a44ae14f Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Mon, 1 Dec 2025 23:17:25 +0100 Subject: [PATCH 04/10] malcolm: remove host (superceded by leonard) --- flake.nix | 3 - hosts/malcolm/configuration.nix | 49 ---------- hosts/malcolm/hardware-configuration.nix | 30 ------ hosts/malcolm/home.nix | 12 --- hosts/malcolm/services/mysql.nix | 10 -- hosts/malcolm/services/nginx.nix | 17 ---- hosts/malcolm/services/www-ctf-feal-no.nix | 14 --- .../services/www-kinealbrigtsen-no.nix | 95 ------------------- 8 files changed, 230 deletions(-) delete mode 100644 hosts/malcolm/configuration.nix delete mode 100644 hosts/malcolm/hardware-configuration.nix delete mode 100644 hosts/malcolm/home.nix delete mode 100644 hosts/malcolm/services/mysql.nix delete mode 100644 hosts/malcolm/services/nginx.nix delete mode 100644 hosts/malcolm/services/www-ctf-feal-no.nix delete mode 100644 hosts/malcolm/services/www-kinealbrigtsen-no.nix diff --git a/flake.nix b/flake.nix index 414679e..8840ca3 100644 --- a/flake.nix +++ b/flake.nix @@ -107,9 +107,6 @@ # Web host leonard = normalSys "leonard" { }; - # Web host - malcolm = normalSys "malcolm" { }; - # General application server morn = normalSys "morn" { }; diff --git a/hosts/malcolm/configuration.nix b/hosts/malcolm/configuration.nix deleted file mode 100644 index 8f29b6f..0000000 --- a/hosts/malcolm/configuration.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./hardware-configuration.nix - - ../../base.nix - ../../common/auto-upgrade.nix - ../../common/metrics-exporters.nix - - ./services/mysql.nix - ./services/nginx.nix - ./services/www-ctf-feal-no.nix - ./services/www-kinealbrigtsen-no.nix - ]; - - networking = { - hostName = "malcolm"; - bridges.br0.interfaces = [ "ens18" ]; - interfaces.br0.useDHCP = false; - interfaces.br0.ipv4.addresses = [ - { address = "192.168.11.106"; prefixLength = 24; } - ]; - - hostId = "620c42d0"; - defaultGateway = "192.168.11.1"; - - # Prepend the following output rules to disallow talking to other devices on LAN - firewall.extraCommands = lib.strings.concatLines ([ - "iptables -F OUTPUT" - ] ++ (map (addr: "iptables -A OUTPUT -p udp --dport 53 -d ${addr} -j nixos-fw-accept") config.networking.nameservers) ++ [ # Exception for DNS - "iptables -A OUTPUT -p tcp --dport 3100 -d 192.168.10.175 -j nixos-fw-accept" # Exception for loki logging - "iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT" - "iptables -A OUTPUT -d 192.168.10.0/24 -j nixos-fw-refuse" - "iptables -A OUTPUT -d 192.168.11.0/24 -j nixos-fw-refuse" - ]); - }; - - # virtualisation.oci-containers.backend = "docker"; - # systemd.services.docker.postStart = lib.concatMapStringsSep "\n" (rule: "${pkgs.iptables}/bin/iptables ${rule}") ([ - # "-F DOCKER-USER" - # ] ++ (map (addr: "-A DOCKER-USER -p udp --dport 53 -d ${addr} -j RETURN") config.networking.nameservers) ++ [ - # "-A DOCKER-USER -d 192.168.10.0/24 -j REJECT" - # "-A DOCKER-USER -d 192.168.11.0/24 -j REJECT" - # "-A DOCKER-USER -j RETURN" - # ]); - - system.stateVersion = "24.05"; -} diff --git a/hosts/malcolm/hardware-configuration.nix b/hosts/malcolm/hardware-configuration.nix deleted file mode 100644 index f4a4021..0000000 --- a/hosts/malcolm/hardware-configuration.nix +++ /dev/null @@ -1,30 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/7240554f-d9d9-457a-91d5-c70c09d96595"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/88C2-BAC8"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = [ ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/malcolm/home.nix b/hosts/malcolm/home.nix deleted file mode 100644 index 04b5729..0000000 --- a/hosts/malcolm/home.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, lib, ... }: -{ - imports = [ - ./../../home/base.nix - ]; - - programs = { - zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config"; - }; - - home.stateVersion = "24.05"; -} diff --git a/hosts/malcolm/services/mysql.nix b/hosts/malcolm/services/mysql.nix deleted file mode 100644 index 128f2d6..0000000 --- a/hosts/malcolm/services/mysql.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - services.mysql = { - enable = true; - package = pkgs.mariadb; - }; - - # TODO: services.mysqlBackup -} diff --git a/hosts/malcolm/services/nginx.nix b/hosts/malcolm/services/nginx.nix deleted file mode 100644 index 78acbfa..0000000 --- a/hosts/malcolm/services/nginx.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, values, ... }: -{ - services.nginx = { - enable = true; - - clientMaxBodySize = "100m"; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts."kinealbrigtsen.no".default = true; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; -} diff --git a/hosts/malcolm/services/www-ctf-feal-no.nix b/hosts/malcolm/services/www-ctf-feal-no.nix deleted file mode 100644 index cbf8d4c..0000000 --- a/hosts/malcolm/services/www-ctf-feal-no.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - services.nginx.virtualHosts."ctf.feal.no" = { - locations = { - "/".return = "302 https://www.feal.no/"; - "/cc/" = { - alias = "${pkgs.cyberchef}/share/cyberchef/"; - index = "index.html"; - }; - "= /cc".return = "302 /cc/"; - }; - }; -} diff --git a/hosts/malcolm/services/www-kinealbrigtsen-no.nix b/hosts/malcolm/services/www-kinealbrigtsen-no.nix deleted file mode 100644 index f970fd4..0000000 --- a/hosts/malcolm/services/www-kinealbrigtsen-no.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - users.users.www-kinealbrigtsen-no = { - isSystemUser = true; - group = "www-kinealbrigtsen-no"; - }; - - users.groups.www-kinealbrigtsen-no = { }; - - services.mysql.ensureDatabases = [ - "www_kinealbrigtsen_no" - ]; - services.mysql.ensureUsers = [ - { - name = "www-kinealbrigtsen-no"; - ensurePermissions = { - # "www_kinealbrigtsen_no.*" = "ALL PRIVILEGES"; # For upgrades and special procedures - "www_kinealbrigtsen_no.*" = "SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX"; - }; - } - ]; - - services.phpfpm.pools.www-kinealbrigtsen-no = { - user = "www-kinealbrigtsen-no"; - group = "www-kinealbrigtsen-no"; - phpOptions = lib.generators.toKeyValue {} { - upload_max_filesize = "1000M"; - post_max_size = "1000M"; - memory_limit = "1000M"; - }; - - settings = { - "listen.owner" = config.services.nginx.user; - "listen.group" = config.services.nginx.group; - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 4; - "pm.process_idle_timeout" = "10s"; - "pm.max_requests" = 1000; - }; - }; - - services.nginx.virtualHosts."kinealbrigtsen.no" = { - serverAliases = [ "www.kinealbrigtsen.no" ]; - root = "/var/www/www-kinealbrigtsen-no"; - locations = { - "/".extraConfig = '' - try_files $uri $uri/ /index.php?$args; - ''; - - "~ \\.php$".extraConfig = '' - include ${config.services.nginx.package}/conf/fastcgi_params; - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass unix:${config.services.phpfpm.pools.www-kinealbrigtsen-no.socket}; - ''; - - "~ /\\.ht".extraConfig = '' - deny all; - ''; - - "/favicon.ico".extraConfig = '' - log_not_found off; - access_log off; - ''; - - "/robots.txt".extraConfig = '' - allow all; - log_not_found off; - access_log off; - ''; - - "~* \\.(js|css|png|jpg|jpeg|gif|ico)$".extraConfig = '' - expires max; - log_not_found off; - ''; - }; - extraConfig = '' - index index.php index.html; - set_real_ip_from 192.168.11.0/24; - real_ip_header X-Forwarded-For; - - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - ''; - }; - - # TODO: - # - Configure a mailer so wp_mail() works - # - Enable periodic backups -} -- 2.51.2 From f7ce8585b5c7b78b6feb11af424ffeade79c5779 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Mon, 1 Dec 2025 23:22:05 +0100 Subject: [PATCH 05/10] burnham: remove host --- README.md | 3 +- flake.nix | 7 ---- hosts/burnham/configuration.nix | 40 ------------------- hosts/burnham/hardware-configuration.nix | 30 -------------- hosts/burnham/home.nix | 12 ------ hosts/burnham/services/dyndns.nix | 11 ----- hosts/burnham/services/nginx.nix | 19 --------- hosts/burnham/services/thelounge.nix | 21 ---------- hosts/burnham/services/wireguard.nix | 38 ------------------ .../services/monitoring/prometheus.nix | 2 - 10 files changed, 2 insertions(+), 181 deletions(-) delete mode 100644 hosts/burnham/configuration.nix delete mode 100644 hosts/burnham/hardware-configuration.nix delete mode 100644 hosts/burnham/home.nix delete mode 100644 hosts/burnham/services/dyndns.nix delete mode 100644 hosts/burnham/services/nginx.nix delete mode 100644 hosts/burnham/services/thelounge.nix delete mode 100644 hosts/burnham/services/wireguard.nix diff --git a/README.md b/README.md index 84f8f56..ef2f592 100644 --- a/README.md +++ b/README.md @@ -37,8 +37,9 @@ Other installed packages and tools are described in the config files (like ./hos ## Networking - I use *nginx* as a web server and reverse proxy. The configuration is mostly distributed throughout the services that use it ([example](https://git.feal.no/felixalb/nixos-config/src/commit/3a05681d10a6999f73cbef59c3999742b81947a6/hosts/defiant/services/hedgedoc.nix#L98)). -- I recently switched from Tailscale(actually [headscale](https://github.com/juanfont/headscale)) to *WireGuard*, configured [here](./hosts/defiant/services/wireguard.nix) and [here](./hosts/burnham/services/wireguard.nix). +- A long time ago, I switched from Tailscale(actually [headscale](https://github.com/juanfont/headscale)) to *WireGuard*, configured [here](./hosts/defiant/services/wireguard.nix). - PiHole ([source](./hosts/defiant/services/pihole.nix)) run my internal DNS (\*.home.feal.no) and ad blocking. +- A simple custom DynDNS thing is defined [here](./common/domeneshop-dyndns.nix) and used [here](./hosts/defiant/services/dyndns.nix). ## Monitoring diff --git a/flake.nix b/flake.nix index 8840ca3..cc0e6be 100644 --- a/flake.nix +++ b/flake.nix @@ -79,13 +79,6 @@ }; in { - # Networking / VPN Gateway - burnham = normalSys "burnham" { - modules = [ - ./common/domeneshop-dyndns.nix - ]; - }; - # Media / storage server challenger = normalSys "challenger" { modules = [ diff --git a/hosts/burnham/configuration.nix b/hosts/burnham/configuration.nix deleted file mode 100644 index a5796af..0000000 --- a/hosts/burnham/configuration.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - imports = - [ - ../../base.nix - ../../common/metrics-exporters.nix - ./hardware-configuration.nix - - # Infrastructure - ./services/wireguard.nix - - # Other - ./services/dyndns.nix - ./services/nginx.nix - ./services/thelounge.nix - ]; - - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - - networking = { - hostName = "burnham"; - defaultGateway = "192.168.11.1"; - interfaces.ens18.ipv4 = { - addresses = [ - { address = "192.168.11.109"; prefixLength = 24; } - ]; - }; - hostId = "8e24f235"; - }; - - sops.defaultSopsFile = ../../secrets/burnham/burnham.yaml; - - environment.variables = { EDITOR = "vim"; }; - - system.stateVersion = "23.11"; -} - diff --git a/hosts/burnham/hardware-configuration.nix b/hosts/burnham/hardware-configuration.nix deleted file mode 100644 index 73cc5f5..0000000 --- a/hosts/burnham/hardware-configuration.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/31ff6d37-52d6-43c3-a214-5d38a6c38b0e"; - fsType = "ext4"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/cce59ee7-7c83-4165-a9b0-f950cd2e3273"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - #networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/burnham/home.nix b/hosts/burnham/home.nix deleted file mode 100644 index 963c567..0000000 --- a/hosts/burnham/home.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, lib, ... }: -{ - imports = [ - ./../../home/base.nix - ]; - - programs = { - zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config"; - }; - - home.stateVersion = "23.05"; -} diff --git a/hosts/burnham/services/dyndns.nix b/hosts/burnham/services/dyndns.nix deleted file mode 100644 index 3e7ac60..0000000 --- a/hosts/burnham/services/dyndns.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - sops.secrets."domeneshop/netrc" = { }; - - services.domeneshop-dyndns = { - enable = true; - domain = "site2.feal.no"; - netrcFile = config.sops.secrets."domeneshop/netrc".path; - }; -} diff --git a/hosts/burnham/services/nginx.nix b/hosts/burnham/services/nginx.nix deleted file mode 100644 index e4f4a00..0000000 --- a/hosts/burnham/services/nginx.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, values, ... }: -{ - services.nginx = { - enable = true; - enableReload = true; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - security.acme = { - acceptTerms = true; - defaults.email = "felix@albrigtsen.it"; - }; -} diff --git a/hosts/burnham/services/thelounge.nix b/hosts/burnham/services/thelounge.nix deleted file mode 100644 index ecfa4d8..0000000 --- a/hosts/burnham/services/thelounge.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, pkgs, lib, ... }: -let - cfg = config.services.thelounge.extraConfig; - domain = "irc.home.feal.no"; -in { - services.thelounge = { - enable = true; - - extraConfig = { - public = false; - host = "127.0.1.2"; - port = 9000; - reverseProxy = true; - }; - }; - - services.nginx.virtualHosts.${domain} = { - locations."/".proxyPass = "http://${cfg.host}:${toString cfg.port}"; - }; -} - diff --git a/hosts/burnham/services/wireguard.nix b/hosts/burnham/services/wireguard.nix deleted file mode 100644 index ef75a2d..0000000 --- a/hosts/burnham/services/wireguard.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, lib, ... }: -let - cfg = config.networking.wireguard.interfaces."wg0"; -in { - networking = { - nat = { - enable = true; - externalInterface = "ens18"; - internalInterfaces = [ "wg0" ]; - }; - firewall.allowedUDPPorts = [ cfg.listenPort ]; - - wireguard.interfaces."wg0" = { - ips = [ "10.100.0.2/24" ]; - listenPort = 51820; - privateKeyFile = "/etc/wireguard/burnham.private"; - - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -d 192.168.11.0/24 -o eth0 -j MASQUERADE - ''; - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -d 192.168.11.0/24 -o eth0 -j MASQUERADE - ''; - - peers = [ - { # Defiant - publicKey = "8/711GhmN9+NcduHF4JPkfoZPE0qsDLuwhABcPyjNxI="; - persistentKeepalive = 120; - allowedIPs = [ - "10.100.0.1/32" - "192.168.10.0/24" - ]; - endpoint = "site3.feal.no:51902"; - } - ] ++ (import ../../../common/wireguard-peers.nix); - }; - }; -} diff --git a/hosts/defiant/services/monitoring/prometheus.nix b/hosts/defiant/services/monitoring/prometheus.nix index db5e65e..42b57f2 100644 --- a/hosts/defiant/services/monitoring/prometheus.nix +++ b/hosts/defiant/services/monitoring/prometheus.nix @@ -17,14 +17,12 @@ in { static_configs = [ { targets = [ - "burnham.home.feal.no:9100" "challenger.home.feal.no:9100" "defiant.home.feal.no:9100" "leonard.home.feal.no:9100" "morn.home.feal.no:9100" "scotty.home.feal.no:9100" "sisko.home.feal.no:9100" - "sulu.home.feal.no:9100" ]; } ]; -- 2.51.2 From 8aa123303cd5671d50a0b7f6bad7ae5ade859276 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Tue, 2 Dec 2025 00:14:36 +0100 Subject: [PATCH 06/10] challenger: update to nixos 25.11. Update to nextcloud 32 --- flake.lock | 16 ++++++++++++++++ flake.nix | 6 +++--- hosts/challenger/services/nextcloud.nix | 2 +- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 2c00a06..3b4c7e8 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,20 @@ { "nodes": { + "extra-config": { + "locked": { + "lastModified": 1745649002, + "narHash": "sha256-XNBExt3+U3o4lip+yj6oorCEPZ9Qe8PzBSFM5ZzVtSA=", + "ref": "refs/heads/main", + "rev": "50c9c15db2b309d299b1c19089c962979e01f45b", + "revCount": 13, + "type": "git", + "url": "file:///home/felixalb/nix-extra-config" + }, + "original": { + "type": "git", + "url": "file:///home/felixalb/nix-extra-config" + } + }, "flake-compat": { "flake": false, "locked": { @@ -207,6 +222,7 @@ }, "root": { "inputs": { + "extra-config": "extra-config", "home-manager": "home-manager", "matrix-synapse-next": "matrix-synapse-next", "nix-darwin": "nix-darwin", diff --git a/flake.nix b/flake.nix index cc0e6be..24c91ca 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,7 @@ matrix-synapse-next.url = "github:dali99/nixos-matrix-modules/v0.7.1"; nix-minecraft.url = "github:Infinidoge/nix-minecraft"; - # extra-config.url = "git+file:///home/felixalb/nix-extra-config"; # TODO - Re-add on challenger + extra-config.url = "git+file:///home/felixalb/nix-extra-config"; # TODO - Re-add on challenger sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; @@ -35,7 +35,7 @@ , nixpkgs-darwin , nixpkgs-unstable , sops-nix - # , extra-config + , extra-config , ... }@inputs: let pkgs-overlay = final: prev: { @@ -82,7 +82,7 @@ # Media / storage server challenger = normalSys "challenger" { modules = [ - # extra-config.nixosModules.default + extra-config.nixosModules.default ]; }; diff --git a/hosts/challenger/services/nextcloud.nix b/hosts/challenger/services/nextcloud.nix index f510638..73af9ad 100644 --- a/hosts/challenger/services/nextcloud.nix +++ b/hosts/challenger/services/nextcloud.nix @@ -5,7 +5,7 @@ let in { services.nextcloud = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; inherit hostName; home = "/tank/nextcloud"; https = true; -- 2.51.2 From aca430fb18dfac3098bcb8058d2cfd0115234037 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Tue, 2 Dec 2025 19:38:08 +0100 Subject: [PATCH 07/10] challenger/audiobookshelf: fix mount order --- hosts/challenger/services/audiobookshelf.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/challenger/services/audiobookshelf.nix b/hosts/challenger/services/audiobookshelf.nix index 61696dd..2597380 100644 --- a/hosts/challenger/services/audiobookshelf.nix +++ b/hosts/challenger/services/audiobookshelf.nix @@ -18,6 +18,7 @@ in { }; systemd.services.audiobookshelf = { + requires = [ "var-lib-audiobookshelf.mount" ]; serviceConfig = { # Better safe than sorry :) CapabilityBoundingSet = ""; -- 2.51.2 From b4b8fa23099193881cdfe128f17c8211b06aec72 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Thu, 4 Dec 2025 17:22:33 +0100 Subject: [PATCH 08/10] worf: fix 25.11. Clean flake. --- flake.lock | 87 ++++++++++++++++----------------------------- flake.nix | 13 +++---- hosts/worf/home.nix | 2 +- 3 files changed, 38 insertions(+), 64 deletions(-) diff --git a/flake.lock b/flake.lock index 3b4c7e8..7ad6df4 100644 --- a/flake.lock +++ b/flake.lock @@ -56,11 +56,11 @@ ] }, "locked": { - "lastModified": 1764536451, - "narHash": "sha256-BgtcUkBfItu9/yU14IgUaj4rYOanTOUZjUfBP20/ZB4=", + "lastModified": 1764776959, + "narHash": "sha256-d+5CGloq7Lo1u2SkzhF8oiOdUc6Z5emh22nTXUB9CFA=", "owner": "nix-community", "repo": "home-manager", - "rev": "3fdd076e08049a9c7a83149b270440d9787d2df5", + "rev": "e1680d594a9281651cbf7d126941a8c8e2396183", "type": "github" }, "original": { @@ -72,7 +72,9 @@ }, "matrix-synapse-next": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1753216555, @@ -92,20 +94,20 @@ "nix-darwin": { "inputs": { "nixpkgs": [ - "nixpkgs" + "nixpkgs-darwin" ] }, "locked": { "lastModified": 1764161084, "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", - "owner": "lnl7", + "owner": "nix-darwin", "repo": "nix-darwin", "rev": "e95de00a471d07435e0527ff4db092c84998698e", "type": "github" }, "original": { - "owner": "lnl7", - "ref": "master", + "owner": "nix-darwin", + "ref": "nix-darwin-25.11", "repo": "nix-darwin", "type": "github" } @@ -114,14 +116,16 @@ "inputs": { "flake-compat": "flake-compat", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1764208886, - "narHash": "sha256-voOx8RsK3miw3EHw05nwuOS4ltzeH8tKJnVr+mxtTPQ=", + "lastModified": 1764813963, + "narHash": "sha256-Vs7Mamto+T8r1evk9myHepgHGNJkS2Kr0BF64NIei94=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "7da8a2d675f9cc56b3f6d654b4cccdca5016ac8e", + "rev": "491200d6848402bbab1421cccbc15a46f08c7f78", "type": "github" }, "original": { @@ -132,17 +136,18 @@ }, "nixpkgs": { "locked": { - "lastModified": 1706098335, - "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", + "lastModified": 1764677808, + "narHash": "sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", + "rev": "1aab89277eb2d87823d5b69bae631a2496cff57a", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-23.11", - "type": "indirect" + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-2211": { @@ -158,11 +163,11 @@ }, "nixpkgs-darwin": { "locked": { - "lastModified": 1764491476, - "narHash": "sha256-E4rtgPS7fntINb6fVJ5qQdkhfbZn8pzMYNdmiXqZmCo=", + "lastModified": 1764806471, + "narHash": "sha256-NsPsz003eWD8wp8vj5BnQzPoDyeQKRUfS2dvan2Y30M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54f09efd2ca0dd5bb9c5fafc89573ab3ac44701d", + "rev": "6707b1809330d0f912f5813963bb29f6f194ee81", "type": "github" }, "original": { @@ -174,11 +179,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1764667669, + "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "418468ac9527e799809c900eda37cbff999199b6", "type": "github" }, "original": { @@ -188,38 +193,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1764494334, - "narHash": "sha256-x2xCEXUlU4Ap56+t5HaoReOQ/bV/bIQ5rzTn/m+V3HQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d542db745310b6929708d9abea513f3ff19b1341", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "extra-config": "extra-config", @@ -227,7 +200,7 @@ "matrix-synapse-next": "matrix-synapse-next", "nix-darwin": "nix-darwin", "nix-minecraft": "nix-minecraft", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs", "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-unstable": "nixpkgs-unstable", diff --git a/flake.nix b/flake.nix index 24c91ca..6258ba5 100644 --- a/flake.nix +++ b/flake.nix @@ -7,18 +7,19 @@ nixpkgs-2211.url = "https://github.com/NixOS/nixpkgs/archive/34bfa9403e42eece93d1a3740e9d8a02fceafbca.tar.gz"; # old nixpgks for e.g. remmina nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - # nix-darwin.url = "github:lnl7/nix-darwin/nix-darwin-25.11"; # TODO - Uncomment when available - # nix-darwin.inputs.nixpkgs.follows = "nixpkgs-darwin"; - nix-darwin.url = "github:lnl7/nix-darwin/master"; - nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; + nix-darwin.url = "github:nix-darwin/nix-darwin/nix-darwin-25.11"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs-darwin"; home-manager.url = "github:nix-community/home-manager/release-25.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; matrix-synapse-next.url = "github:dali99/nixos-matrix-modules/v0.7.1"; - nix-minecraft.url = "github:Infinidoge/nix-minecraft"; + matrix-synapse-next.inputs.nixpkgs.follows = "nixpkgs"; - extra-config.url = "git+file:///home/felixalb/nix-extra-config"; # TODO - Re-add on challenger + nix-minecraft.url = "github:Infinidoge/nix-minecraft"; + nix-minecraft.inputs.nixpkgs.follows = "nixpkgs"; + + extra-config.url = "git+file:///home/felixalb/nix-extra-config"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/worf/home.nix b/hosts/worf/home.nix index 407d362..edb4e35 100644 --- a/hosts/worf/home.nix +++ b/hosts/worf/home.nix @@ -61,7 +61,7 @@ apps = pkgs.buildEnv { name = "home-manager-applications"; paths = config.home.packages; - pathsToLink = "/Applications"; + pathsToLink = [ "/Applications" ] ; }; in lib.hm.dag.entryAfter [ "writeBoundary" ] '' -- 2.51.2 From 77cdedf958f5d976a15419357141e00a6b8c6a45 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Mon, 8 Dec 2025 20:59:46 +0100 Subject: [PATCH 09/10] defiant: update to nixos 25.11 --- flake.lock | 7 +++---- flake.nix | 2 +- hosts/defiant/configuration.nix | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 7ad6df4..d5071d8 100644 --- a/flake.lock +++ b/flake.lock @@ -77,16 +77,15 @@ ] }, "locked": { - "lastModified": 1753216555, - "narHash": "sha256-qfgVfgXjVPV7vEER4PVFiGUOUW08GHH71CVXgYW8EVc=", + "lastModified": 1765214213, + "narHash": "sha256-WSk8CTdIDFFP5VMJj9beve19nPMMdTsWnkCHVXqO/3E=", "owner": "dali99", "repo": "nixos-matrix-modules", - "rev": "099db715d1eba526a464f271b05cead5166fd9a9", + "rev": "82959f612ffd523a49c92f84358a9980a851747b", "type": "github" }, "original": { "owner": "dali99", - "ref": "v0.7.1", "repo": "nixos-matrix-modules", "type": "github" } diff --git a/flake.nix b/flake.nix index 6258ba5..a3f2df7 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ home-manager.url = "github:nix-community/home-manager/release-25.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; - matrix-synapse-next.url = "github:dali99/nixos-matrix-modules/v0.7.1"; + matrix-synapse-next.url = "github:dali99/nixos-matrix-modules"; # TODO: Lock to release matrix-synapse-next.inputs.nixpkgs.follows = "nixpkgs"; nix-minecraft.url = "github:Infinidoge/nix-minecraft"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index a4e17dd..198f37c 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -27,7 +27,7 @@ # ./services/minecraft/home.nix ./services/monitoring # ./services/rtl-tcp.nix - ./services/searx.nix + # ./services/searx.nix ./services/vaultwarden.nix ]; -- 2.51.2 From bd05773d1a0550fc31a91dca011863982fc90566 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Mon, 8 Dec 2025 21:05:23 +0100 Subject: [PATCH 10/10] auto-upgrade: point back to the main branch --- common/auto-upgrade.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/auto-upgrade.nix b/common/auto-upgrade.nix index a16a1d7..d8c7042 100644 --- a/common/auto-upgrade.nix +++ b/common/auto-upgrade.nix @@ -3,7 +3,7 @@ { system.autoUpgrade = { enable = true; - flake = "git+https://git.feal.no/felixalb/nixos-config.git?ref=nixos-25.11"; # TODO - restore to main + flake = "git+https://git.feal.no/felixalb/nixos-config.git"; flags = [ # Override nixpkgs (only). Notably does not include home-manager, sops or other utility/application flake inputs. "--refresh" -- 2.51.2