vps1: zsh for mikprin

Flake lock file updates:

• Updated input 'authentik-nix':
    'github:nix-community/authentik-nix/bc62d5509989f5dca633c65b58aa0ac79a48db3e?narHash=sha256-1yrVbGLBMBPl34EibVARkUB9Gak1GjLRLZXJk9jbHxU%3D' (2025-02-02)
  → 'github:nix-community/authentik-nix/c79e9b78104e9d8c406445d575623c2770d7d99a?narHash=sha256-ZfSnVdW2S9G4dYFxnW7sB/XgBe2SR17WHTb0eDNkkOk%3D' (2025-02-24)
• Updated input 'authentik-nix/authentik-src':
    'github:goauthentik/authentik/f1b7a9f934e6b58a1884ba753575eac6267f4b6e?narHash=sha256-4XdYlqfd23TVPaJ0R5tEBIpDXLV4mFHdXhIWp5dIvIE%3D' (2025-01-29)
  → 'github:goauthentik/authentik/5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5?narHash=sha256-eafk3lCFG3l1OKt8xoKZjbDFcOUFQgpivMMT4GjaNWU%3D' (2025-02-24)
• Updated input 'authentik-nix/poetry2nix':
    'github:nix-community/poetry2nix/75d0515332b7ca269f6d7abfd2c44c47a7cbca7b?narHash=sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv%2BVX5k%3D' (2025-01-14)
  → 'github:nix-community/poetry2nix/d90f9db68a4bda31c346be16dfd8d3263be4547e?narHash=sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k%3D' (2025-02-18)

flake.lock

@@ -16,11 +16,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1738262370,
+        "lastModified": 1740420811,
-        "narHash": "sha256-d58ioZQgJMmRfp7KIQKIy5G8uio7nCQPP+YsLEbxIgg=",
+        "narHash": "sha256-ZfSnVdW2S9G4dYFxnW7sB/XgBe2SR17WHTb0eDNkkOk=",
         "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "e87750273754e7ee9249785ffc7151510e1d64c7",
+        "rev": "c79e9b78104e9d8c406445d575623c2770d7d99a",
         "type": "github"
       },
       "original": {
@@ -32,16 +32,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1738183650,
+        "lastModified": 1740398117,
-        "narHash": "sha256-4XdYlqfd23TVPaJ0R5tEBIpDXLV4mFHdXhIWp5dIvIE=",
+        "narHash": "sha256-eafk3lCFG3l1OKt8xoKZjbDFcOUFQgpivMMT4GjaNWU=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "f1b7a9f934e6b58a1884ba753575eac6267f4b6e",
+        "rev": "5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2024.12.3",
+        "ref": "version/2025.2.0",
         "repo": "authentik",
         "type": "github"
       }
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738448366,
+        "lastModified": 1739571712,
-        "narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=",
+        "narHash": "sha256-0UdSDV/TBY+GuxXLbrLq3l2Fq02ciyKCIMy4qmnfJXQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93",
+        "rev": "6d3163aea47fdb1fe19744e91306a2ea4f602292",
         "type": "github"
       },
       "original": {
@@ -185,11 +185,11 @@
         "nixpkgs-24_11": "nixpkgs-24_11"
       },
       "locked": {
-        "lastModified": 1737736848,
+        "lastModified": 1739121270,
-        "narHash": "sha256-VrUfCXBXYV+YmQ2OvVTeML9EnmaPRtH+POrNIcJp6yo=",
+        "narHash": "sha256-EmJhpy9U8sVlepl2QPjG019VfG67HcucsQNItTqW6cA=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "6b425d13f5a9d73cb63973d3609acacef4d1e261",
+        "rev": "8c1c4640b878c692dd3d8055e8cdea0a2bbd8cf3",
         "type": "gitlab"
       },
       "original": {
@@ -264,11 +264,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1738410390,
+        "lastModified": 1739446958,
-        "narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=",
+        "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3a228057f5b619feb3186e986dbe76278d707b6e",
+        "rev": "2ff53fe64443980e139eaa286017f53f88336dd0",
         "type": "github"
       },
       "original": {
@@ -339,11 +339,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1736884309,
+        "lastModified": 1739883580,
-        "narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=",
+        "narHash": "sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k=",
         "owner": "nix-community",
         "repo": "poetry2nix",
-        "rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b",
+        "rev": "d90f9db68a4bda31c346be16dfd8d3263be4547e",
         "type": "github"
       },
       "original": {
@@ -375,11 +375,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1738291974,
+        "lastModified": 1739262228,
-        "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
+        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
+        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
         "type": "github"
       },
       "original": {

hosts/laptop/configuration.nix

@@ -20,7 +20,7 @@ in
   # https://nixos.org/manual/nixos/stable/#sec-installation
   # boot.loader.efi.efiSysMountPoint = "/boot";
   boot.loader.systemd-boot.enable = false;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.canTouchEfiVariables = false;
   boot.loader.grub = {
     enable = true;
     device = "nodev";
@@ -31,7 +31,8 @@ in
       rev = "803c5df0e83aba61668777bb96d90ab8f6847106";
       hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0=";
     }}/src/catppuccin-macchiato-grub-theme/";
-    efiInstallAsRemovable = false;
+    efiInstallAsRemovable = true;
+    extraPerEntryConfig = "acpi ($drive1)//dsdt.aml";
     # useOSProber = true;
     extraEntries =
     ''
@@ -90,7 +91,8 @@ in
   # boot.initrd.luks.fido2Support = true;
   boot.initrd.luks.devices = {
     crypted = {
-      device = "/dev/disk/by-path/pci-0000:02:00.0-nvme-1";
+      # device = "/dev/disk/by-path/pci-0000:02:00.0-nvme-1";
+      device = "/dev/disk/by-label/NixCryptRoot";
       preLVM = true;
       crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ];
       # fido2.credential = "";
@@ -260,6 +262,13 @@ in
   # programs.partition-manager.enable = true;
   programs.kdeconnect.enable = true;
 
+  programs.kde-pim = {
+    enable = true;
+    kmail = true;
+    kontact = true;
+    merkuro = true;
+  };
+
   programs.adb.enable = true;
 
   # Steam
@@ -354,6 +363,12 @@ in
 
     kdePackages.kaccounts-providers
     kdePackages.kaccounts-integration
+    kdePackages.qtwebengine
+    kdePackages.pimcommon
+    kdePackages.libkdepim
+    kdePackages.calendarsupport
+    kdePackages.kdepim-addons
+    kdePackages.akonadi-import-wizard
 
     git
     git-crypt
@@ -371,6 +386,8 @@ in
     # graalvm17-ce
     distrobox
 
+    kdiskmark
+
     (let base = pkgs.appimageTools.defaultFhsEnvArgs; in
       pkgs.buildFHSEnv (base // {
       name = "fhs";
@@ -415,6 +432,8 @@ in
   # Enable the OpenSSH daemon.
   # services.openssh.enable = true;
 
+  services.joycond.enable = true;
+
   services.openssh = {
     enable = true;
     settings.PermitRootLogin = "no";

hosts/laptop/hardware-configuration.nix

@@ -13,7 +13,7 @@ in
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" ];
   boot.initrd.kernelModules = [ "dm-snapshot" ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
@@ -37,8 +37,9 @@ in
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/12CE-A600";
+    { device = "/dev/disk/by-uuid/E095-34D8";
       fsType = "vfat";
+      options = [ "noauto" ];
     };
 
   swapDevices =
@@ -50,10 +51,7 @@ in
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
   networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

hosts/vps1/configuration.nix

@@ -33,8 +33,10 @@ in
   ];
 
   programs.fish.enable = true;
+  programs.zsh.enable = true;
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.allowed-users = [ "@wheel" ];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
@@ -156,11 +158,32 @@ in
     extraGroups = [
       "wheel"
       "docker"
+      "podman"
       config.services.openvscode-server.group
     ];
     shell = pkgs.fish;
   };
   
+  users.users.mikprin = {
+    isNormalUser = true;
+    extraGroups = [
+      "podman"
+    ];
+    shell = pkgs.zsh;
+  };
+
+  # TODO move to separate
+  virtualisation.docker.enable = true;
+
+  virtualisation.containers.enable = true;
+  virtualisation = {
+    podman = {
+      enable = true;
+      dockerCompat = false;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+
   nixpkgs.config.allowUnfree = true;
 
   system.stateVersion = "23.11";

hosts/vps1/services/git.nix

@@ -137,8 +137,6 @@ in
       ];
     };
   };
-  # TODO move to separate
-  virtualisation.docker.enable = true;
   
   sops.secrets."forgejo/email_password" = sops_opts;