From b18f341935d042c4aa8decc988c4f442dc96c40c Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Mon, 10 Mar 2025 21:43:58 +0400 Subject: [PATCH 01/12] laptop: add extra boot params, remove old boot entries --- hosts/laptop/configuration.nix | 26 ------------------------- hosts/laptop/hardware-configuration.nix | 1 + 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 9a14dd5..23821d7 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -34,32 +34,6 @@ in efiInstallAsRemovable = true; extraPerEntryConfig = "acpi ($drive1)//dsdt.aml"; # useOSProber = true; - extraEntries = - '' - menuentry 'Windows 10' --class windows --class os { - insmod part_gpt - insmod fat - set root='hd0,gpt4' - if [ x$feature_platform_search_hint = xy ]; then - search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 8D94-2A4E - else - search --no-floppy --fs-uuid --set=root 8D94-2A4E - fi - chainloader /EFI/Microsoft/Boot/bootmgfw.efi - } - menuentry 'Ventoy' { - insmod part_gpt - insmod fat - # set root='hd0,gpt4' - # if [ x$feature_platform_search_hint = xy ]; then - # search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 BDAD-470D - # else - # search --no-floppy --fs-uuid --set=root BDAD-470D - # fi - search --no-floppy --fs-uuid --set=root BDAD-470D - chainloader /EFI/BOOT/BOOTX64.EFI - } - ''; }; diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index 8b69dbb..5cf85d2 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -16,6 +16,7 @@ in boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; + boot.kernelParams = [ "intel_idle.max_cstate=4" "ahci.mobile_lpm_policy=1" ]; boot.extraModulePackages = [ ]; fileSystems."/" = From e09feb85c453fa050c2865398e227f3ec80ead3a Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Mon, 10 Mar 2025 21:45:44 +0400 Subject: [PATCH 02/12] laptop: enable Nitrokey support, use updated udev rules --- flake.nix | 14 ++++++++++++++ hosts/laptop/configuration.nix | 7 ++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index c56e166..010b11b 100644 --- a/flake.nix +++ b/flake.nix @@ -62,9 +62,23 @@ overlay-vaapiIntel = final: prev: { vaapiIntel = prev.vaapiIntel.override { enableHybridCodec = true; }; }; + overlay-nitrokey-udev-update = final: prev: { + nitrokey-udev-rules = prev.nitrokey-udev-rules.overrideAttrs(old: { + version = "1.1.0"; + src = prev.fetchFromGitHub { + owner = "Nitrokey"; + repo = "nitrokey-udev-rules"; + rev = "v1.1.0"; + hash = "sha256-LKpd6O9suAc2+FFgpuyTClEgL/JiZiokH3DV8P3C7Aw="; + }; + dontBuild = true; + doCheck = false; + }); + }; my-overlays = [ overlay-stable overlay-vaapiIntel + overlay-nitrokey-udev-update ]; inherit (inputs.nix-cfg-extra.lib) extra-data; inherit (inputs.nix-cfg-extra.lib) extra-host-modules; diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 23821d7..9bc5ef3 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -328,8 +328,13 @@ in # }; }; - # OnlyKey + # Hardware keys hardware.onlykey.enable = true; + hardware.nitrokey.enable = true; + services.pcscd = { + enable = true; + plugins = [ pkgs.ccid ]; + }; # List packages installed in system profile. To search, run: # $ nix search wget From 4ae9a96d1a104443e93b85ea63aa16014c52c868 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Mon, 10 Mar 2025 21:57:12 +0400 Subject: [PATCH 03/12] laptop: remove kernel/grub params --- hosts/laptop/configuration.nix | 1 - hosts/laptop/hardware-configuration.nix | 1 - 2 files changed, 2 deletions(-) diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 9bc5ef3..025fa40 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -32,7 +32,6 @@ in hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0="; }}/src/catppuccin-macchiato-grub-theme/"; efiInstallAsRemovable = true; - extraPerEntryConfig = "acpi ($drive1)//dsdt.aml"; # useOSProber = true; }; diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index 5cf85d2..8b69dbb 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -16,7 +16,6 @@ in boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; - boot.kernelParams = [ "intel_idle.max_cstate=4" "ahci.mobile_lpm_policy=1" ]; boot.extraModulePackages = [ ]; fileSystems."/" = From 216bb8b5a84f381942158994473fad530fe2db97 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Tue, 11 Mar 2025 23:43:49 +0400 Subject: [PATCH 04/12] laptop: move boot partition, adjust boot settings --- hosts/laptop/configuration.nix | 3 +-- hosts/laptop/hardware-configuration.nix | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 025fa40..99d6650 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -20,7 +20,7 @@ in # https://nixos.org/manual/nixos/stable/#sec-installation # boot.loader.efi.efiSysMountPoint = "/boot"; boot.loader.systemd-boot.enable = false; - boot.loader.efi.canTouchEfiVariables = false; + boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; device = "nodev"; @@ -31,7 +31,6 @@ in rev = "803c5df0e83aba61668777bb96d90ab8f6847106"; hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0="; }}/src/catppuccin-macchiato-grub-theme/"; - efiInstallAsRemovable = true; # useOSProber = true; }; diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index 8b69dbb..ac0f1af 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -43,9 +43,8 @@ in }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/E095-34D8"; + { device = "/dev/disk/by-uuid/7C85-2DFB"; fsType = "vfat"; - options = [ "noauto" ]; }; swapDevices = From 28e385a1470499d34d9d747cee2ddd7fd404b9da Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Sun, 16 Mar 2025 13:06:46 +0400 Subject: [PATCH 05/12] laptop: change storage mounts --- hosts/laptop/mounts.nix | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/hosts/laptop/mounts.nix b/hosts/laptop/mounts.nix index 273b946..71781ce 100644 --- a/hosts/laptop/mounts.nix +++ b/hosts/laptop/mounts.nix @@ -1,16 +1,15 @@ { - systemd.mounts = [ - { - where = "/mounts/my_data"; - what = "/dev/disk/by-label/My_Data"; - type = "ntfs3"; - options = "defaults,exec,noauto,prealloc,uid=1000,gid=100"; - } - { - where = "/mounts/windows"; - what = "/dev/disk/by-label/WinPart"; - type = "ntfs3"; - options = "defaults,exec,noauto,prealloc,uid=1000,gid=100"; - } - ]; + environment.etc.crypttab = { + mode = "0600"; + text = '' + shared PARTUUID=7572b70e-36d1-41a8-b425-540b96092ff6 /dev/null tcrypt,tcrypt-veracrypt,tcrypt-keyfile=/root/shared_keyfile + ''; + }; + + fileSystems."/mounts/shared" = + { device = "/dev/mapper/shared"; + fsType = "ntfs3"; + options = [ "defaults,exec,nosuid,nodev,prealloc,uid=1000,gid=100" ]; + }; + } From d2266ad0adc643d6aa1a2609fff7e41027f6e9bc Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Sun, 16 Mar 2025 13:07:47 +0400 Subject: [PATCH 06/12] laptop: add windows boot menuentry and add initrd modules --- hosts/laptop/configuration.nix | 23 +++++++++++++++++++---- hosts/laptop/hardware-configuration.nix | 2 +- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 99d6650..9b3eaab 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -32,6 +32,21 @@ in hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0="; }}/src/catppuccin-macchiato-grub-theme/"; # useOSProber = true; + extraEntries = + '' + menuentry 'Veracrypt Boot Manager' --class windows --class os $menuentry_id_option 'osprober-efi-7C85-2DFB' { + insmod part_gpt + insmod fat + search --no-floppy --fs-uuid --set=root 7C85-2DFB + chainloader /EFI/VeraCrypt/DcsBoot.efi + } + menuentry 'Windows Boot Manager' --class windows --class os $menuentry_id_option 'osprober-efi-7C85-2DFB' { + insmod part_gpt + insmod fat + search --no-floppy --fs-uuid --set=root 7C85-2DFB + chainloader /EFI/Microsoft/Boot/bootmgfw.efi + } + ''; }; @@ -219,6 +234,8 @@ in programs.wireshark.enable = true; programs.wireshark.package = pkgs.wireshark; + programs.ladybird.enable = true; + # fish programs.fish = { enable = true; @@ -399,9 +416,9 @@ in # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; - # enableSSHSupport = true; + enableSSHSupport = true; }; - programs.ssh.startAgent = true; + programs.ssh.startAgent = false; zramSwap = { enable = true; @@ -440,8 +457,6 @@ in enable = true; }; - services.logind.lidSwitchExternalPower = "lock"; - hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = true; diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index ac0f1af..ba6a15e 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -13,7 +13,7 @@ in [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; From afc66b54ad5fbbf530eb2b309e11e8942b7d72e0 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Sun, 16 Mar 2025 13:15:08 +0400 Subject: [PATCH 07/12] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'authentik-nix': 'github:nix-community/authentik-nix/c79e9b78104e9d8c406445d575623c2770d7d99a?narHash=sha256-ZfSnVdW2S9G4dYFxnW7sB/XgBe2SR17WHTb0eDNkkOk%3D' (2025-02-24) → 'github:nix-community/authentik-nix/bfcad34becd76d148e1ad537b5dcbd58d858a5bb?narHash=sha256-YQ8lMeT/KkMDavXrqPvoO6pKQdfSSAZBcNp/Cer4vWc%3D' (2025-02-26) • Updated input 'authentik-nix/authentik-src': 'github:goauthentik/authentik/5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5?narHash=sha256-eafk3lCFG3l1OKt8xoKZjbDFcOUFQgpivMMT4GjaNWU%3D' (2025-02-24) → 'github:goauthentik/authentik/31fe0e59234e487a42012510d1a4e4819b9aba26?narHash=sha256-KZalpsM9rvki9GD%2Burf8idHOEnvBJtkSvE1b2b4KL/4%3D' (2025-02-26) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/32ea77a06711b758da0ad9bd6a844c5740a87abd?narHash=sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm%2BzmZ7vxbJdo%3D' (2025-02-01) → 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9?narHash=sha256-%2Bu2UunDA4Cl5Fci3m7S643HzKmIDAe%2BfiXrLqYsR2fs%3D' (2025-03-07) • Updated input 'flake-parts/nixpkgs-lib': 'https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz?narHash=sha256-vJzFZGaCpnmo7I6i416HaBLpC%2BhvcURh/BQwROcGIp8%3D' (2025-02-01) → 'github:nix-community/nixpkgs.lib/147dee35aab2193b174e4c0868bd80ead5ce755c?narHash=sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk%3D' (2025-03-02) • Updated input 'home-manager': 'github:nix-community/home-manager/6d3163aea47fdb1fe19744e91306a2ea4f602292?narHash=sha256-0UdSDV/TBY%2BGuxXLbrLq3l2Fq02ciyKCIMy4qmnfJXQ%3D' (2025-02-14) → 'github:nix-community/home-manager/4e12151c9e014e2449e0beca2c0e9534b96a26b4?narHash=sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY%3D' (2025-03-14) • Updated input 'mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/8c1c4640b878c692dd3d8055e8cdea0a2bbd8cf3?narHash=sha256-EmJhpy9U8sVlepl2QPjG019VfG67HcucsQNItTqW6cA%3D' (2025-02-09) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/90539a1a993a7ec16563139e82fa66f1c439ba0f?narHash=sha256-V/OjvrJHCuTcPsT/JA/GGhDSrdOdUQp2HS4kk/7t1hQ%3D' (2025-03-14) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/2ff53fe64443980e139eaa286017f53f88336dd0?narHash=sha256-%2B/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc%3D' (2025-02-13) → 'github:NixOS/nixpkgs/bd9298af7fc8f144ff834d6dad746e6fb4e227d3?narHash=sha256-ErKa5qzdqAWqb0OPDYD8%2B/%2BYleTSu8xHP9ldKkr7Opo%3D' (2025-03-14) • Updated input 'sops-nix': 'github:Mic92/sops-nix/07af005bb7d60c7f118d9d9f5530485da5d1e975?narHash=sha256-7JAGezJ0Dn5qIyA2%2BT4Dt/xQgAbhCglh6lzCekTVMeU%3D' (2025-02-11) → 'github:Mic92/sops-nix/d016ce0365b87d848a57c12ffcfdc71da7a2b55f?narHash=sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0%3D' (2025-03-13) --- flake.lock | 59 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 31 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 031070d..e38587a 100644 --- a/flake.lock +++ b/flake.lock @@ -16,11 +16,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1740420811, - "narHash": "sha256-ZfSnVdW2S9G4dYFxnW7sB/XgBe2SR17WHTb0eDNkkOk=", + "lastModified": 1740601740, + "narHash": "sha256-YQ8lMeT/KkMDavXrqPvoO6pKQdfSSAZBcNp/Cer4vWc=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "c79e9b78104e9d8c406445d575623c2770d7d99a", + "rev": "bfcad34becd76d148e1ad537b5dcbd58d858a5bb", "type": "github" }, "original": { @@ -32,16 +32,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1740398117, - "narHash": "sha256-eafk3lCFG3l1OKt8xoKZjbDFcOUFQgpivMMT4GjaNWU=", + "lastModified": 1740599692, + "narHash": "sha256-KZalpsM9rvki9GD+urf8idHOEnvBJtkSvE1b2b4KL/4=", "owner": "goauthentik", "repo": "authentik", - "rev": "5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5", + "rev": "31fe0e59234e487a42012510d1a4e4819b9aba26", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.2.0", + "ref": "version/2025.2.1", "repo": "authentik", "type": "github" } @@ -98,11 +98,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1739571712, - "narHash": "sha256-0UdSDV/TBY+GuxXLbrLq3l2Fq02ciyKCIMy4qmnfJXQ=", + "lastModified": 1741955947, + "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "owner": "nix-community", "repo": "home-manager", - "rev": "6d3163aea47fdb1fe19744e91306a2ea4f602292", + "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "type": "github" }, "original": { @@ -185,11 +185,11 @@ "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { - "lastModified": 1739121270, - "narHash": "sha256-EmJhpy9U8sVlepl2QPjG019VfG67HcucsQNItTqW6cA=", + "lastModified": 1741986986, + "narHash": "sha256-V/OjvrJHCuTcPsT/JA/GGhDSrdOdUQp2HS4kk/7t1hQ=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "8c1c4640b878c692dd3d8055e8cdea0a2bbd8cf3", + "rev": "90539a1a993a7ec16563139e82fa66f1c439ba0f", "type": "gitlab" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739446958, - "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", + "lastModified": 1741985373, + "narHash": "sha256-ErKa5qzdqAWqb0OPDYD8+/+YleTSu8xHP9ldKkr7Opo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", + "rev": "bd9298af7fc8f144ff834d6dad746e6fb4e227d3", "type": "github" }, "original": { @@ -295,14 +295,17 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1738452942, - "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "lastModified": 1740877520, + "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" } }, "nixpkgs-stable": { @@ -375,11 +378,11 @@ ] }, "locked": { - "lastModified": 1739262228, - "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", + "lastModified": 1741861888, + "narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", + "rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f", "type": "github" }, "original": { From 46d60d17ea77c92ff96cd79a268edc644d0a5937 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Sun, 30 Mar 2025 14:11:55 +0400 Subject: [PATCH 08/12] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'authentik-nix': 'github:nix-community/authentik-nix/bfcad34becd76d148e1ad537b5dcbd58d858a5bb?narHash=sha256-YQ8lMeT/KkMDavXrqPvoO6pKQdfSSAZBcNp/Cer4vWc%3D' (2025-02-26) → 'github:nix-community/authentik-nix/b4916a86d4e650401e67dc03556eadb4a3cb248a?narHash=sha256-I6//hyls5T6Y93IgwbWn5izeT29o%2Byza4yRgBcmNars%3D' (2025-03-28) • Updated input 'authentik-nix/authentik-src': 'github:goauthentik/authentik/31fe0e59234e487a42012510d1a4e4819b9aba26?narHash=sha256-KZalpsM9rvki9GD%2Burf8idHOEnvBJtkSvE1b2b4KL/4%3D' (2025-02-26) → 'github:goauthentik/authentik/748a8e560f2eb93f7ec15d6762d4e5931fc1fa2a?narHash=sha256-aaSAlFIc5Gn5PJPVuObi24Y86/3N3yFJVQTx1tV2i2A%3D' (2025-03-28) • Updated input 'home-manager': 'github:nix-community/home-manager/4e12151c9e014e2449e0beca2c0e9534b96a26b4?narHash=sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY%3D' (2025-03-14) → 'github:nix-community/home-manager/717030011980e9eb31eb8ce011261dd532bce92c?narHash=sha256-hKKz07d4RV9gzxzE5Qu3RQWX8a7XpzRrP5timoxoGRQ%3D' (2025-03-30) • Updated input 'mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/90539a1a993a7ec16563139e82fa66f1c439ba0f?narHash=sha256-V/OjvrJHCuTcPsT/JA/GGhDSrdOdUQp2HS4kk/7t1hQ%3D' (2025-03-14) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/b4fbffe79c00f19be94b86b4144ff67541613659?narHash=sha256-NkhM9GVu3HL%2BMiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU%3D' (2025-03-19) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bd9298af7fc8f144ff834d6dad746e6fb4e227d3?narHash=sha256-ErKa5qzdqAWqb0OPDYD8%2B/%2BYleTSu8xHP9ldKkr7Opo%3D' (2025-03-14) → 'github:NixOS/nixpkgs/5e5402ecbcb27af32284d4a62553c019a3a49ea6?narHash=sha256-gWd4urRoLRe8GLVC/3rYRae1h%2BxfQzt09xOfb0PaHSk%3D' (2025-03-27) • Updated input 'sops-nix': 'github:Mic92/sops-nix/d016ce0365b87d848a57c12ffcfdc71da7a2b55f?narHash=sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0%3D' (2025-03-13) → 'github:Mic92/sops-nix/8e873886bbfc32163fe027b8676c75637b7da114?narHash=sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo%3D' (2025-03-30) --- flake.lock | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index e38587a..08ed8d6 100644 --- a/flake.lock +++ b/flake.lock @@ -16,11 +16,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1740601740, - "narHash": "sha256-YQ8lMeT/KkMDavXrqPvoO6pKQdfSSAZBcNp/Cer4vWc=", + "lastModified": 1743172544, + "narHash": "sha256-I6//hyls5T6Y93IgwbWn5izeT29o+yza4yRgBcmNars=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "bfcad34becd76d148e1ad537b5dcbd58d858a5bb", + "rev": "b4916a86d4e650401e67dc03556eadb4a3cb248a", "type": "github" }, "original": { @@ -32,16 +32,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1740599692, - "narHash": "sha256-KZalpsM9rvki9GD+urf8idHOEnvBJtkSvE1b2b4KL/4=", + "lastModified": 1743169792, + "narHash": "sha256-aaSAlFIc5Gn5PJPVuObi24Y86/3N3yFJVQTx1tV2i2A=", "owner": "goauthentik", "repo": "authentik", - "rev": "31fe0e59234e487a42012510d1a4e4819b9aba26", + "rev": "748a8e560f2eb93f7ec15d6762d4e5931fc1fa2a", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.2.1", + "ref": "version/2025.2.3", "repo": "authentik", "type": "github" } @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1741955947, - "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", + "lastModified": 1743295846, + "narHash": "sha256-hKKz07d4RV9gzxzE5Qu3RQWX8a7XpzRrP5timoxoGRQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", + "rev": "717030011980e9eb31eb8ce011261dd532bce92c", "type": "github" }, "original": { @@ -185,11 +185,11 @@ "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { - "lastModified": 1741986986, - "narHash": "sha256-V/OjvrJHCuTcPsT/JA/GGhDSrdOdUQp2HS4kk/7t1hQ=", + "lastModified": 1742413977, + "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "90539a1a993a7ec16563139e82fa66f1c439ba0f", + "rev": "b4fbffe79c00f19be94b86b4144ff67541613659", "type": "gitlab" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741985373, - "narHash": "sha256-ErKa5qzdqAWqb0OPDYD8+/+YleTSu8xHP9ldKkr7Opo=", + "lastModified": 1743095683, + "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd9298af7fc8f144ff834d6dad746e6fb4e227d3", + "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", "type": "github" }, "original": { @@ -378,11 +378,11 @@ ] }, "locked": { - "lastModified": 1741861888, - "narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=", + "lastModified": 1743305778, + "narHash": "sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f", + "rev": "8e873886bbfc32163fe027b8676c75637b7da114", "type": "github" }, "original": { From b7cf5f8ac1fb8c090ee0f030ffaf6a0326099c1b Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Fri, 4 Apr 2025 18:28:44 +0400 Subject: [PATCH 09/12] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9?narHash=sha256-%2Bu2UunDA4Cl5Fci3m7S643HzKmIDAe%2BfiXrLqYsR2fs%3D' (2025-03-07) → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5?narHash=sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY%3D' (2025-04-01) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/147dee35aab2193b174e4c0868bd80ead5ce755c?narHash=sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk%3D' (2025-03-02) → 'github:nix-community/nixpkgs.lib/e4822aea2a6d1cdd36653c134cacfd64c97ff4fa?narHash=sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc%3D' (2025-03-30) • Updated input 'home-manager': 'github:nix-community/home-manager/717030011980e9eb31eb8ce011261dd532bce92c?narHash=sha256-hKKz07d4RV9gzxzE5Qu3RQWX8a7XpzRrP5timoxoGRQ%3D' (2025-03-30) → 'github:nix-community/home-manager/66a6ec65f84255b3defb67ff45af86c844dd451b?narHash=sha256-LJm6FoIcUoBw3w25ty12/sBfut4zZuNGdN0phYj/ekU%3D' (2025-04-03) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5e5402ecbcb27af32284d4a62553c019a3a49ea6?narHash=sha256-gWd4urRoLRe8GLVC/3rYRae1h%2BxfQzt09xOfb0PaHSk%3D' (2025-03-27) → 'github:NixOS/nixpkgs/2c8d3f48d33929642c1c12cd243df4cc7d2ce434?narHash=sha256-F7n4%2BKOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE%3D' (2025-04-02) • Updated input 'sops-nix': 'github:Mic92/sops-nix/8e873886bbfc32163fe027b8676c75637b7da114?narHash=sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo%3D' (2025-03-30) → 'github:Mic92/sops-nix/cff8437c5fe8c68fc3a840a21bf1f4dc801da40d?narHash=sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU%3D' (2025-04-04) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 08ed8d6..4b901c1 100644 --- a/flake.lock +++ b/flake.lock @@ -98,11 +98,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1743295846, - "narHash": "sha256-hKKz07d4RV9gzxzE5Qu3RQWX8a7XpzRrP5timoxoGRQ=", + "lastModified": 1743717835, + "narHash": "sha256-LJm6FoIcUoBw3w25ty12/sBfut4zZuNGdN0phYj/ekU=", "owner": "nix-community", "repo": "home-manager", - "rev": "717030011980e9eb31eb8ce011261dd532bce92c", + "rev": "66a6ec65f84255b3defb67ff45af86c844dd451b", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743095683, - "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", + "lastModified": 1743583204, + "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", + "rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434", "type": "github" }, "original": { @@ -295,11 +295,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1740877520, - "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", "type": "github" }, "original": { @@ -378,11 +378,11 @@ ] }, "locked": { - "lastModified": 1743305778, - "narHash": "sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo=", + "lastModified": 1743756170, + "narHash": "sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8e873886bbfc32163fe027b8676c75637b7da114", + "rev": "cff8437c5fe8c68fc3a840a21bf1f4dc801da40d", "type": "github" }, "original": { From 0c565157500fafdf2845751e7009741cd2fab675 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Fri, 11 Apr 2025 18:32:16 +0400 Subject: [PATCH 10/12] laptop: add thinkpad-specific things --- hosts/laptop/configuration.nix | 4 ++++ hosts/laptop/hardware-configuration.nix | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 9b3eaab..9c5b09c 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -310,6 +310,10 @@ in #media-session.enable = true; }; + services.thinkfan = { + enable = true; + }; + # Enable touchpad support (enabled default in most desktopManager). services.libinput.enable = true; diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index ba6a15e..bb94530 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -16,7 +16,8 @@ in boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.kernelParams = [ "i915.enable_psr=0" ]; + boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; fileSystems."/" = { device = root; From ef45ed92b697fae29f15996ffb3423ad1a23ed6a Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Fri, 11 Apr 2025 18:43:40 +0400 Subject: [PATCH 11/12] laptop: switch to Zen kernel --- hosts/laptop/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 9c5b09c..eb59d82 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -13,7 +13,7 @@ in ./mounts.nix ./akkotest.nix ]; - # boot.kernelPackages = pkgs.linuxPackages_zen; + boot.kernelPackages = pkgs.linuxPackages_zen; # Use the systemd-boot EFI boot loader. # NOT! Let's use GRUB instead From 9b6b95c01007453416753c2cf5529b7bf72bc585 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Fri, 11 Apr 2025 18:44:32 +0400 Subject: [PATCH 12/12] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'authentik-nix': 'github:nix-community/authentik-nix/b4916a86d4e650401e67dc03556eadb4a3cb248a?narHash=sha256-I6//hyls5T6Y93IgwbWn5izeT29o%2Byza4yRgBcmNars%3D' (2025-03-28) → 'github:nix-community/authentik-nix/105b3b6c004ce00d1d3c7a88669bea4aadfd4580?narHash=sha256-xvWbdTctLu5YWgcp%2BlNTh51GAY3vB2XEXUFKRMJUiCM%3D' (2025-04-11) • Updated input 'authentik-nix/authentik-src': 'github:goauthentik/authentik/748a8e560f2eb93f7ec15d6762d4e5931fc1fa2a?narHash=sha256-aaSAlFIc5Gn5PJPVuObi24Y86/3N3yFJVQTx1tV2i2A%3D' (2025-03-28) → 'github:goauthentik/authentik/74eab55c615b156e4191ee98dc789e2d58c016f9?narHash=sha256-7wvoCRhLipX4qzrb/ctsozG565yckx%2BmoxiF6vRo84I%3D' (2025-04-08) • Updated input 'authentik-nix/poetry2nix': 'github:nix-community/poetry2nix/d90f9db68a4bda31c346be16dfd8d3263be4547e?narHash=sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k%3D' (2025-02-18) → 'github:nix-community/poetry2nix/ce2369db77f45688172384bbeb962bc6c2ea6f94?narHash=sha256-cX98bUuKuihOaRp8dNV1Mq7u6/CQZWTPth2IJPATBXc%3D' (2025-04-03) • Updated input 'home-manager': 'github:nix-community/home-manager/66a6ec65f84255b3defb67ff45af86c844dd451b?narHash=sha256-LJm6FoIcUoBw3w25ty12/sBfut4zZuNGdN0phYj/ekU%3D' (2025-04-03) → 'github:nix-community/home-manager/e43c6bcb101ba3301522439c459288c4a248f624?narHash=sha256-cXjAUuAfQDPSLSsckZuTioQ986iqSPTzx8D7dLAcC%2BQ%3D' (2025-04-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/2c8d3f48d33929642c1c12cd243df4cc7d2ce434?narHash=sha256-F7n4%2BKOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE%3D' (2025-04-02) → 'github:NixOS/nixpkgs/f675531bc7e6657c10a18b565cfebd8aa9e24c14?narHash=sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U%3D' (2025-04-09) • Updated input 'sops-nix': 'github:Mic92/sops-nix/cff8437c5fe8c68fc3a840a21bf1f4dc801da40d?narHash=sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU%3D' (2025-04-04) → 'github:Mic92/sops-nix/69d5a5a4635c27dae5a742f36108beccc506c1ba?narHash=sha256-SR6%2BqjkPjGQG%2B8eM4dCcVtss8r9bre/LAxFMPJpaZeU%3D' (2025-04-08) --- flake.lock | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 4b901c1..aab45a9 100644 --- a/flake.lock +++ b/flake.lock @@ -16,11 +16,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1743172544, - "narHash": "sha256-I6//hyls5T6Y93IgwbWn5izeT29o+yza4yRgBcmNars=", + "lastModified": 1744375272, + "narHash": "sha256-xvWbdTctLu5YWgcp+lNTh51GAY3vB2XEXUFKRMJUiCM=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "b4916a86d4e650401e67dc03556eadb4a3cb248a", + "rev": "105b3b6c004ce00d1d3c7a88669bea4aadfd4580", "type": "github" }, "original": { @@ -32,16 +32,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1743169792, - "narHash": "sha256-aaSAlFIc5Gn5PJPVuObi24Y86/3N3yFJVQTx1tV2i2A=", + "lastModified": 1744135136, + "narHash": "sha256-7wvoCRhLipX4qzrb/ctsozG565yckx+moxiF6vRo84I=", "owner": "goauthentik", "repo": "authentik", - "rev": "748a8e560f2eb93f7ec15d6762d4e5931fc1fa2a", + "rev": "74eab55c615b156e4191ee98dc789e2d58c016f9", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.2.3", + "ref": "version/2025.2.4", "repo": "authentik", "type": "github" } @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1743717835, - "narHash": "sha256-LJm6FoIcUoBw3w25ty12/sBfut4zZuNGdN0phYj/ekU=", + "lastModified": 1744380363, + "narHash": "sha256-cXjAUuAfQDPSLSsckZuTioQ986iqSPTzx8D7dLAcC+Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "66a6ec65f84255b3defb67ff45af86c844dd451b", + "rev": "e43c6bcb101ba3301522439c459288c4a248f624", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743583204, - "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", + "lastModified": 1744232761, + "narHash": "sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434", + "rev": "f675531bc7e6657c10a18b565cfebd8aa9e24c14", "type": "github" }, "original": { @@ -342,11 +342,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1739883580, - "narHash": "sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k=", + "lastModified": 1743690424, + "narHash": "sha256-cX98bUuKuihOaRp8dNV1Mq7u6/CQZWTPth2IJPATBXc=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "d90f9db68a4bda31c346be16dfd8d3263be4547e", + "rev": "ce2369db77f45688172384bbeb962bc6c2ea6f94", "type": "github" }, "original": { @@ -378,11 +378,11 @@ ] }, "locked": { - "lastModified": 1743756170, - "narHash": "sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU=", + "lastModified": 1744103455, + "narHash": "sha256-SR6+qjkPjGQG+8eM4dCcVtss8r9bre/LAxFMPJpaZeU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cff8437c5fe8c68fc3a840a21bf1f4dc801da40d", + "rev": "69d5a5a4635c27dae5a742f36108beccc506c1ba", "type": "github" }, "original": {