From c1fbe7ca651ca85d84b6bbb754bb7b6907c77286 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Thu, 13 Feb 2025 23:34:04 +0400 Subject: [PATCH 1/8] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'authentik-nix': 'github:nix-community/authentik-nix/e87750273754e7ee9249785ffc7151510e1d64c7?narHash=sha256-d58ioZQgJMmRfp7KIQKIy5G8uio7nCQPP%2BYsLEbxIgg%3D' (2025-01-30) → 'github:nix-community/authentik-nix/bc62d5509989f5dca633c65b58aa0ac79a48db3e?narHash=sha256-1yrVbGLBMBPl34EibVARkUB9Gak1GjLRLZXJk9jbHxU%3D' (2025-02-02) • Updated input 'home-manager': 'github:nix-community/home-manager/18fa9f323d8adbb0b7b8b98a8488db308210ed93?narHash=sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg%3D' (2025-02-01) → 'github:nix-community/home-manager/5031c6d2978109336637977c165f82aa49fa16a7?narHash=sha256-NxNe32VB4XI/xIXrsKmIfrcgtEx5r/5s52pL3CpEcA4%3D' (2025-02-13) • Updated input 'mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/6b425d13f5a9d73cb63973d3609acacef4d1e261?narHash=sha256-VrUfCXBXYV%2BYmQ2OvVTeML9EnmaPRtH%2BPOrNIcJp6yo%3D' (2025-01-24) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/8c1c4640b878c692dd3d8055e8cdea0a2bbd8cf3?narHash=sha256-EmJhpy9U8sVlepl2QPjG019VfG67HcucsQNItTqW6cA%3D' (2025-02-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/3a228057f5b619feb3186e986dbe76278d707b6e?narHash=sha256-xvTo0Aw0%2Bveek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc%3D' (2025-02-01) → 'github:NixOS/nixpkgs/64e75cd44acf21c7933d61d7721e812eac1b5a0a?narHash=sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM%3D' (2025-02-10) • Updated input 'sops-nix': 'github:Mic92/sops-nix/4c1251904d8a08c86ac6bc0d72cc09975e89aef7?narHash=sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320%3D' (2025-01-31) → 'github:Mic92/sops-nix/07af005bb7d60c7f118d9d9f5530485da5d1e975?narHash=sha256-7JAGezJ0Dn5qIyA2%2BT4Dt/xQgAbhCglh6lzCekTVMeU%3D' (2025-02-11) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 6d9047c..0f5089c 100644 --- a/flake.lock +++ b/flake.lock @@ -16,11 +16,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1738262370, - "narHash": "sha256-d58ioZQgJMmRfp7KIQKIy5G8uio7nCQPP+YsLEbxIgg=", + "lastModified": 1738503522, + "narHash": "sha256-1yrVbGLBMBPl34EibVARkUB9Gak1GjLRLZXJk9jbHxU=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "e87750273754e7ee9249785ffc7151510e1d64c7", + "rev": "bc62d5509989f5dca633c65b58aa0ac79a48db3e", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1738448366, - "narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=", + "lastModified": 1739470101, + "narHash": "sha256-NxNe32VB4XI/xIXrsKmIfrcgtEx5r/5s52pL3CpEcA4=", "owner": "nix-community", "repo": "home-manager", - "rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93", + "rev": "5031c6d2978109336637977c165f82aa49fa16a7", "type": "github" }, "original": { @@ -185,11 +185,11 @@ "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { - "lastModified": 1737736848, - "narHash": "sha256-VrUfCXBXYV+YmQ2OvVTeML9EnmaPRtH+POrNIcJp6yo=", + "lastModified": 1739121270, + "narHash": "sha256-EmJhpy9U8sVlepl2QPjG019VfG67HcucsQNItTqW6cA=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "6b425d13f5a9d73cb63973d3609acacef4d1e261", + "rev": "8c1c4640b878c692dd3d8055e8cdea0a2bbd8cf3", "type": "gitlab" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738410390, - "narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", + "lastModified": 1739214665, + "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3a228057f5b619feb3186e986dbe76278d707b6e", + "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", "type": "github" }, "original": { @@ -375,11 +375,11 @@ ] }, "locked": { - "lastModified": 1738291974, - "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", + "lastModified": 1739262228, + "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", + "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", "type": "github" }, "original": { From 6752f29b5ed0ab40491ae80dc6d8b268b92d04cd Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Sat, 15 Feb 2025 12:46:20 +0400 Subject: [PATCH 2/8] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/5031c6d2978109336637977c165f82aa49fa16a7?narHash=sha256-NxNe32VB4XI/xIXrsKmIfrcgtEx5r/5s52pL3CpEcA4%3D' (2025-02-13) → 'github:nix-community/home-manager/6d3163aea47fdb1fe19744e91306a2ea4f602292?narHash=sha256-0UdSDV/TBY%2BGuxXLbrLq3l2Fq02ciyKCIMy4qmnfJXQ%3D' (2025-02-14) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/64e75cd44acf21c7933d61d7721e812eac1b5a0a?narHash=sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM%3D' (2025-02-10) → 'github:NixOS/nixpkgs/2ff53fe64443980e139eaa286017f53f88336dd0?narHash=sha256-%2B/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc%3D' (2025-02-13) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0f5089c..24ad52c 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1739470101, - "narHash": "sha256-NxNe32VB4XI/xIXrsKmIfrcgtEx5r/5s52pL3CpEcA4=", + "lastModified": 1739571712, + "narHash": "sha256-0UdSDV/TBY+GuxXLbrLq3l2Fq02ciyKCIMy4qmnfJXQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "5031c6d2978109336637977c165f82aa49fa16a7", + "rev": "6d3163aea47fdb1fe19744e91306a2ea4f602292", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739214665, - "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", + "lastModified": 1739446958, + "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", + "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", "type": "github" }, "original": { From 3386acbc113fe25a21ccf7e35e345aa5a9f0545d Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Sun, 23 Feb 2025 15:37:57 +0400 Subject: [PATCH 3/8] laptop: enable removable boot --- hosts/laptop/configuration.nix | 8 +++++--- hosts/laptop/hardware-configuration.nix | 8 +++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 62a734d..ca41c37 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -20,7 +20,7 @@ in # https://nixos.org/manual/nixos/stable/#sec-installation # boot.loader.efi.efiSysMountPoint = "/boot"; boot.loader.systemd-boot.enable = false; - boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.canTouchEfiVariables = false; boot.loader.grub = { enable = true; device = "nodev"; @@ -31,7 +31,8 @@ in rev = "803c5df0e83aba61668777bb96d90ab8f6847106"; hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0="; }}/src/catppuccin-macchiato-grub-theme/"; - efiInstallAsRemovable = false; + efiInstallAsRemovable = true; + extraPerEntryConfig = "acpi ($drive1)//dsdt.aml"; # useOSProber = true; extraEntries = '' @@ -90,7 +91,8 @@ in # boot.initrd.luks.fido2Support = true; boot.initrd.luks.devices = { crypted = { - device = "/dev/disk/by-path/pci-0000:02:00.0-nvme-1"; + # device = "/dev/disk/by-path/pci-0000:02:00.0-nvme-1"; + device = "/dev/disk/by-label/NixCryptRoot"; preLVM = true; crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ]; # fido2.credential = ""; diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index 387c040..848ea97 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -13,7 +13,7 @@ in [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; @@ -37,8 +37,9 @@ in }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/12CE-A600"; + { device = "/dev/disk/by-uuid/E095-34D8"; fsType = "vfat"; + options = [ "noauto" ]; }; swapDevices = @@ -50,10 +51,7 @@ in # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } From 1ab7506d5558fce775f65e420a0099afbae51128 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Sun, 23 Feb 2025 15:38:27 +0400 Subject: [PATCH 4/8] laptop: add bunch of KDE packages and kdiskmark --- hosts/laptop/configuration.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index ca41c37..feaf081 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -262,6 +262,13 @@ in # programs.partition-manager.enable = true; programs.kdeconnect.enable = true; + programs.kde-pim = { + enable = true; + kmail = true; + kontact = true; + merkuro = true; + }; + programs.adb.enable = true; # Steam @@ -356,6 +363,12 @@ in kdePackages.kaccounts-providers kdePackages.kaccounts-integration + kdePackages.qtwebengine + kdePackages.pimcommon + kdePackages.libkdepim + kdePackages.calendarsupport + kdePackages.kdepim-addons + kdePackages.akonadi-import-wizard git git-crypt @@ -373,6 +386,8 @@ in # graalvm17-ce distrobox + kdiskmark + (let base = pkgs.appimageTools.defaultFhsEnvArgs; in pkgs.buildFHSEnv (base // { name = "fhs"; From 80b57880d41af80281cef3a5771868a7f3ef6e2a Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Sun, 23 Feb 2025 15:42:12 +0400 Subject: [PATCH 5/8] laptop: enable joycond --- hosts/laptop/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index feaf081..bf732ef 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -432,6 +432,8 @@ in # Enable the OpenSSH daemon. # services.openssh.enable = true; + services.joycond.enable = true; + services.openssh = { enable = true; settings.PermitRootLogin = "no"; From 0a14bb42089925ebe22379d2dc4b26ffe0fe3b94 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Wed, 26 Feb 2025 01:34:43 +0400 Subject: [PATCH 6/8] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'authentik-nix': 'github:nix-community/authentik-nix/bc62d5509989f5dca633c65b58aa0ac79a48db3e?narHash=sha256-1yrVbGLBMBPl34EibVARkUB9Gak1GjLRLZXJk9jbHxU%3D' (2025-02-02) → 'github:nix-community/authentik-nix/c79e9b78104e9d8c406445d575623c2770d7d99a?narHash=sha256-ZfSnVdW2S9G4dYFxnW7sB/XgBe2SR17WHTb0eDNkkOk%3D' (2025-02-24) • Updated input 'authentik-nix/authentik-src': 'github:goauthentik/authentik/f1b7a9f934e6b58a1884ba753575eac6267f4b6e?narHash=sha256-4XdYlqfd23TVPaJ0R5tEBIpDXLV4mFHdXhIWp5dIvIE%3D' (2025-01-29) → 'github:goauthentik/authentik/5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5?narHash=sha256-eafk3lCFG3l1OKt8xoKZjbDFcOUFQgpivMMT4GjaNWU%3D' (2025-02-24) • Updated input 'authentik-nix/poetry2nix': 'github:nix-community/poetry2nix/75d0515332b7ca269f6d7abfd2c44c47a7cbca7b?narHash=sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv%2BVX5k%3D' (2025-01-14) → 'github:nix-community/poetry2nix/d90f9db68a4bda31c346be16dfd8d3263be4547e?narHash=sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k%3D' (2025-02-18) --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 24ad52c..031070d 100644 --- a/flake.lock +++ b/flake.lock @@ -16,11 +16,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1738503522, - "narHash": "sha256-1yrVbGLBMBPl34EibVARkUB9Gak1GjLRLZXJk9jbHxU=", + "lastModified": 1740420811, + "narHash": "sha256-ZfSnVdW2S9G4dYFxnW7sB/XgBe2SR17WHTb0eDNkkOk=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "bc62d5509989f5dca633c65b58aa0ac79a48db3e", + "rev": "c79e9b78104e9d8c406445d575623c2770d7d99a", "type": "github" }, "original": { @@ -32,16 +32,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1738183650, - "narHash": "sha256-4XdYlqfd23TVPaJ0R5tEBIpDXLV4mFHdXhIWp5dIvIE=", + "lastModified": 1740398117, + "narHash": "sha256-eafk3lCFG3l1OKt8xoKZjbDFcOUFQgpivMMT4GjaNWU=", "owner": "goauthentik", "repo": "authentik", - "rev": "f1b7a9f934e6b58a1884ba753575eac6267f4b6e", + "rev": "5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2024.12.3", + "ref": "version/2025.2.0", "repo": "authentik", "type": "github" } @@ -339,11 +339,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1736884309, - "narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=", + "lastModified": 1739883580, + "narHash": "sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b", + "rev": "d90f9db68a4bda31c346be16dfd8d3263be4547e", "type": "github" }, "original": { From ce59cf311cf336725d1e17a57633f7ea53206e44 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Wed, 26 Feb 2025 02:37:13 +0400 Subject: [PATCH 7/8] vps1: add another user, enable podman, nix settings allowed users change --- hosts/vps1/configuration.nix | 22 ++++++++++++++++++++++ hosts/vps1/services/git.nix | 4 +--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/hosts/vps1/configuration.nix b/hosts/vps1/configuration.nix index 41f0d8d..05e4cb3 100644 --- a/hosts/vps1/configuration.nix +++ b/hosts/vps1/configuration.nix @@ -35,6 +35,7 @@ in programs.fish.enable = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.allowed-users = [ "@wheel" ]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -156,10 +157,31 @@ in extraGroups = [ "wheel" "docker" + "podman" config.services.openvscode-server.group ]; shell = pkgs.fish; }; + + users.users.mikprin = { + isNormalUser = true; + extraGroups = [ + "podman" + ]; + shell = pkgs.fish; + }; + + # TODO move to separate + virtualisation.docker.enable = true; + + virtualisation.containers.enable = true; + virtualisation = { + podman = { + enable = true; + dockerCompat = false; + defaultNetwork.settings.dns_enabled = true; + }; + }; nixpkgs.config.allowUnfree = true; diff --git a/hosts/vps1/services/git.nix b/hosts/vps1/services/git.nix index 149471b..d1bb995 100644 --- a/hosts/vps1/services/git.nix +++ b/hosts/vps1/services/git.nix @@ -137,9 +137,7 @@ in ]; }; }; - # TODO move to separate - virtualisation.docker.enable = true; - + sops.secrets."forgejo/email_password" = sops_opts; sops.secrets."forgejo/db_password" = sops_opts; From 03f91f3817690b55094848801eed7ee578c9ea17 Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Wed, 26 Feb 2025 03:05:08 +0400 Subject: [PATCH 8/8] vps1: zsh for mikprin --- hosts/vps1/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/vps1/configuration.nix b/hosts/vps1/configuration.nix index 05e4cb3..b9e0afd 100644 --- a/hosts/vps1/configuration.nix +++ b/hosts/vps1/configuration.nix @@ -33,6 +33,7 @@ in ]; programs.fish.enable = true; + programs.zsh.enable = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.allowed-users = [ "@wheel" ]; @@ -168,7 +169,7 @@ in extraGroups = [ "podman" ]; - shell = pkgs.fish; + shell = pkgs.zsh; }; # TODO move to separate