flake.lock: Update

Flake lock file updates:

• Updated input 'authentik-nix':
    'github:nix-community/authentik-nix/b4916a86d4e650401e67dc03556eadb4a3cb248a?narHash=sha256-I6//hyls5T6Y93IgwbWn5izeT29o%2Byza4yRgBcmNars%3D' (2025-03-28)
  → 'github:nix-community/authentik-nix/105b3b6c004ce00d1d3c7a88669bea4aadfd4580?narHash=sha256-xvWbdTctLu5YWgcp%2BlNTh51GAY3vB2XEXUFKRMJUiCM%3D' (2025-04-11)
• Updated input 'authentik-nix/authentik-src':
    'github:goauthentik/authentik/748a8e560f2eb93f7ec15d6762d4e5931fc1fa2a?narHash=sha256-aaSAlFIc5Gn5PJPVuObi24Y86/3N3yFJVQTx1tV2i2A%3D' (2025-03-28)
  → 'github:goauthentik/authentik/74eab55c615b156e4191ee98dc789e2d58c016f9?narHash=sha256-7wvoCRhLipX4qzrb/ctsozG565yckx%2BmoxiF6vRo84I%3D' (2025-04-08)
• Updated input 'authentik-nix/poetry2nix':
    'github:nix-community/poetry2nix/d90f9db68a4bda31c346be16dfd8d3263be4547e?narHash=sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k%3D' (2025-02-18)
  → 'github:nix-community/poetry2nix/ce2369db77f45688172384bbeb962bc6c2ea6f94?narHash=sha256-cX98bUuKuihOaRp8dNV1Mq7u6/CQZWTPth2IJPATBXc%3D' (2025-04-03)
• Updated input 'home-manager':
    'github:nix-community/home-manager/66a6ec65f84255b3defb67ff45af86c844dd451b?narHash=sha256-LJm6FoIcUoBw3w25ty12/sBfut4zZuNGdN0phYj/ekU%3D' (2025-04-03)
  → 'github:nix-community/home-manager/e43c6bcb101ba3301522439c459288c4a248f624?narHash=sha256-cXjAUuAfQDPSLSsckZuTioQ986iqSPTzx8D7dLAcC%2BQ%3D' (2025-04-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/2c8d3f48d33929642c1c12cd243df4cc7d2ce434?narHash=sha256-F7n4%2BKOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE%3D' (2025-04-02)
  → 'github:NixOS/nixpkgs/f675531bc7e6657c10a18b565cfebd8aa9e24c14?narHash=sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U%3D' (2025-04-09)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/cff8437c5fe8c68fc3a840a21bf1f4dc801da40d?narHash=sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU%3D' (2025-04-04)
  → 'github:Mic92/sops-nix/69d5a5a4635c27dae5a742f36108beccc506c1ba?narHash=sha256-SR6%2BqjkPjGQG%2B8eM4dCcVtss8r9bre/LAxFMPJpaZeU%3D' (2025-04-08)

flake.lock

@@ -16,11 +16,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1740420811,
-        "narHash": "sha256-ZfSnVdW2S9G4dYFxnW7sB/XgBe2SR17WHTb0eDNkkOk=",
+        "lastModified": 1744375272,
+        "narHash": "sha256-xvWbdTctLu5YWgcp+lNTh51GAY3vB2XEXUFKRMJUiCM=",
         "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "c79e9b78104e9d8c406445d575623c2770d7d99a",
+        "rev": "105b3b6c004ce00d1d3c7a88669bea4aadfd4580",
         "type": "github"
       },
       "original": {
@@ -32,16 +32,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1740398117,
-        "narHash": "sha256-eafk3lCFG3l1OKt8xoKZjbDFcOUFQgpivMMT4GjaNWU=",
+        "lastModified": 1744135136,
+        "narHash": "sha256-7wvoCRhLipX4qzrb/ctsozG565yckx+moxiF6vRo84I=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5",
+        "rev": "74eab55c615b156e4191ee98dc789e2d58c016f9",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2025.2.0",
+        "ref": "version/2025.2.4",
         "repo": "authentik",
         "type": "github"
       }
@@ -98,11 +98,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1738453229,
-        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
+        "lastModified": 1743550720,
+        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
+        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739571712,
-        "narHash": "sha256-0UdSDV/TBY+GuxXLbrLq3l2Fq02ciyKCIMy4qmnfJXQ=",
+        "lastModified": 1744380363,
+        "narHash": "sha256-cXjAUuAfQDPSLSsckZuTioQ986iqSPTzx8D7dLAcC+Q=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6d3163aea47fdb1fe19744e91306a2ea4f602292",
+        "rev": "e43c6bcb101ba3301522439c459288c4a248f624",
         "type": "github"
       },
       "original": {
@@ -185,11 +185,11 @@
         "nixpkgs-24_11": "nixpkgs-24_11"
       },
       "locked": {
-        "lastModified": 1739121270,
-        "narHash": "sha256-EmJhpy9U8sVlepl2QPjG019VfG67HcucsQNItTqW6cA=",
+        "lastModified": 1742413977,
+        "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "8c1c4640b878c692dd3d8055e8cdea0a2bbd8cf3",
+        "rev": "b4fbffe79c00f19be94b86b4144ff67541613659",
         "type": "gitlab"
       },
       "original": {
@@ -264,11 +264,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1739446958,
-        "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=",
+        "lastModified": 1744232761,
+        "narHash": "sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2ff53fe64443980e139eaa286017f53f88336dd0",
+        "rev": "f675531bc7e6657c10a18b565cfebd8aa9e24c14",
         "type": "github"
       },
       "original": {
@@ -295,14 +295,17 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1738452942,
-        "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
+        "lastModified": 1743296961,
+        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
+        "type": "github"
       },
       "original": {
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
       }
     },
     "nixpkgs-stable": {
@@ -339,11 +342,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1739883580,
-        "narHash": "sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k=",
+        "lastModified": 1743690424,
+        "narHash": "sha256-cX98bUuKuihOaRp8dNV1Mq7u6/CQZWTPth2IJPATBXc=",
         "owner": "nix-community",
         "repo": "poetry2nix",
-        "rev": "d90f9db68a4bda31c346be16dfd8d3263be4547e",
+        "rev": "ce2369db77f45688172384bbeb962bc6c2ea6f94",
         "type": "github"
       },
       "original": {
@@ -375,11 +378,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739262228,
-        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
+        "lastModified": 1744103455,
+        "narHash": "sha256-SR6+qjkPjGQG+8eM4dCcVtss8r9bre/LAxFMPJpaZeU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
+        "rev": "69d5a5a4635c27dae5a742f36108beccc506c1ba",
         "type": "github"
       },
       "original": {

flake.nix

@@ -62,9 +62,23 @@
     overlay-vaapiIntel = final: prev: {
       vaapiIntel = prev.vaapiIntel.override { enableHybridCodec = true; };
     };
+    overlay-nitrokey-udev-update = final: prev: {
+      nitrokey-udev-rules = prev.nitrokey-udev-rules.overrideAttrs(old: {
+        version = "1.1.0";
+        src = prev.fetchFromGitHub {
+          owner = "Nitrokey";
+          repo = "nitrokey-udev-rules";
+          rev = "v1.1.0";
+          hash = "sha256-LKpd6O9suAc2+FFgpuyTClEgL/JiZiokH3DV8P3C7Aw=";
+        };
+        dontBuild = true;
+        doCheck = false;
+      });
+    };
     my-overlays = [
       overlay-stable
       overlay-vaapiIntel
+      overlay-nitrokey-udev-update
     ];
     inherit (inputs.nix-cfg-extra.lib) extra-data;
     inherit (inputs.nix-cfg-extra.lib) extra-host-modules;

hosts/laptop/configuration.nix

@@ -13,14 +13,14 @@ in
     ./mounts.nix
     ./akkotest.nix
   ];
-  # boot.kernelPackages = pkgs.linuxPackages_zen;
+  boot.kernelPackages = pkgs.linuxPackages_zen;
 
   # Use the systemd-boot EFI boot loader.
   # NOT! Let's use GRUB instead
   # https://nixos.org/manual/nixos/stable/#sec-installation
   # boot.loader.efi.efiSysMountPoint = "/boot";
   boot.loader.systemd-boot.enable = false;
-  boot.loader.efi.canTouchEfiVariables = false;
+  boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.grub = {
     enable = true;
     device = "nodev";
@@ -31,33 +31,20 @@ in
       rev = "803c5df0e83aba61668777bb96d90ab8f6847106";
       hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0=";
     }}/src/catppuccin-macchiato-grub-theme/";
-    efiInstallAsRemovable = true;
-    extraPerEntryConfig = "acpi ($drive1)//dsdt.aml";
     # useOSProber = true;
     extraEntries =
     ''
-    menuentry 'Windows 10' --class windows --class os {
+    menuentry 'Veracrypt Boot Manager' --class windows --class os $menuentry_id_option 'osprober-efi-7C85-2DFB' {
       insmod part_gpt
       insmod fat
-      set root='hd0,gpt4'
-      if [ x$feature_platform_search_hint = xy ]; then
-        search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 8D94-2A4E
-      else
-        search --no-floppy --fs-uuid --set=root 8D94-2A4E
-      fi
-      chainloader /EFI/Microsoft/Boot/bootmgfw.efi
+      search --no-floppy --fs-uuid --set=root 7C85-2DFB
+      chainloader /EFI/VeraCrypt/DcsBoot.efi
     }
-    menuentry 'Ventoy' {
+    menuentry 'Windows Boot Manager' --class windows --class os $menuentry_id_option 'osprober-efi-7C85-2DFB' {
       insmod part_gpt
       insmod fat
-      # set root='hd0,gpt4'
-      # if [ x$feature_platform_search_hint = xy ]; then
-      #   search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 BDAD-470D
-      # else
-      #   search --no-floppy --fs-uuid --set=root BDAD-470D
-      # fi
-      search --no-floppy --fs-uuid --set=root BDAD-470D
-      chainloader /EFI/BOOT/BOOTX64.EFI
+      search --no-floppy --fs-uuid --set=root 7C85-2DFB
+      chainloader /EFI/Microsoft/Boot/bootmgfw.efi
     }
     '';
   };
@@ -247,6 +234,8 @@ in
   programs.wireshark.enable = true;
   programs.wireshark.package = pkgs.wireshark;
 
+  programs.ladybird.enable = true;
+
   # fish
   programs.fish = {
     enable = true;
@@ -321,6 +310,10 @@ in
     #media-session.enable = true;
   };
 
+  services.thinkfan = {
+    enable = true;
+  };
+
 
   # Enable touchpad support (enabled default in most desktopManager).
   services.libinput.enable = true;
@@ -354,8 +347,13 @@ in
     # };
   };
 
-  # OnlyKey
+  # Hardware keys
   hardware.onlykey.enable = true;
+  hardware.nitrokey.enable = true;
+  services.pcscd = {
+    enable = true;
+    plugins = [ pkgs.ccid ];
+  };
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
@@ -422,9 +420,9 @@ in
   # programs.mtr.enable = true;
   programs.gnupg.agent = {
     enable = true;
-    # enableSSHSupport = true;
+    enableSSHSupport = true;
   };
-  programs.ssh.startAgent = true;
+  programs.ssh.startAgent = false;
 
   zramSwap = {
     enable = true;
@@ -463,8 +461,6 @@ in
     enable = true;
   };
 
-  services.logind.lidSwitchExternalPower = "lock";
-
   hardware.bluetooth.enable = true;
   hardware.bluetooth.powerOnBoot = true;
 

hosts/laptop/hardware-configuration.nix

@@ -13,10 +13,11 @@ in
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" "rtsx_pci_sdmmc" ];
   boot.initrd.kernelModules = [ "dm-snapshot" ];
   boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
+  boot.kernelParams = [ "i915.enable_psr=0" ];
+  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
 
   fileSystems."/" =
     { device = root;
@@ -43,9 +44,8 @@ in
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/E095-34D8";
+    { device = "/dev/disk/by-uuid/7C85-2DFB";
       fsType = "vfat";
-      options = [ "noauto" ];
     };
 
   swapDevices =

hosts/laptop/mounts.nix

@@ -1,16 +1,15 @@
 {
-  systemd.mounts =  [
-    {
-      where = "/mounts/my_data";
-      what = "/dev/disk/by-label/My_Data";
-      type = "ntfs3";
-      options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
-    }
-    {
-      where = "/mounts/windows";
-      what = "/dev/disk/by-label/WinPart";
-      type = "ntfs3";
-      options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
-    }
-  ];
+  environment.etc.crypttab = {
+    mode = "0600";
+    text = ''
+      shared PARTUUID=7572b70e-36d1-41a8-b425-540b96092ff6 /dev/null tcrypt,tcrypt-veracrypt,tcrypt-keyfile=/root/shared_keyfile
+    '';
+  };
+
+  fileSystems."/mounts/shared" =
+    { device = "/dev/mapper/shared";
+      fsType = "ntfs3";
+      options = [ "defaults,exec,nosuid,nodev,prealloc,uid=1000,gid=100" ];
+    };
+
 }