2025-12-16 16:38:19 +01:00
5 changed files with 77 additions and 89 deletions
--- a/flake.lock
+++ b/flake.lock
@ -16,11 +16,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1744375272,
-        "narHash": "sha256-xvWbdTctLu5YWgcp+lNTh51GAY3vB2XEXUFKRMJUiCM=",
+        "lastModified": 1740420811,
+        "narHash": "sha256-ZfSnVdW2S9G4dYFxnW7sB/XgBe2SR17WHTb0eDNkkOk=",
        "owner": "nix-community",
        "repo": "authentik-nix",
-        "rev": "105b3b6c004ce00d1d3c7a88669bea4aadfd4580",
+        "rev": "c79e9b78104e9d8c406445d575623c2770d7d99a",
        "type": "github"
      },
      "original": {
@ -32,16 +32,16 @@
    "authentik-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1744135136,
-        "narHash": "sha256-7wvoCRhLipX4qzrb/ctsozG565yckx+moxiF6vRo84I=",
+        "lastModified": 1740398117,
+        "narHash": "sha256-eafk3lCFG3l1OKt8xoKZjbDFcOUFQgpivMMT4GjaNWU=",
        "owner": "goauthentik",
        "repo": "authentik",
-        "rev": "74eab55c615b156e4191ee98dc789e2d58c016f9",
+        "rev": "5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5",
        "type": "github"
      },
      "original": {
        "owner": "goauthentik",
-        "ref": "version/2025.2.4",
+        "ref": "version/2025.2.0",
        "repo": "authentik",
        "type": "github"
      }
@ -98,11 +98,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1743550720,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "lastModified": 1738453229,
+        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
        "type": "github"
      },
      "original": {
@ -159,11 +159,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744380363,
-        "narHash": "sha256-cXjAUuAfQDPSLSsckZuTioQ986iqSPTzx8D7dLAcC+Q=",
+        "lastModified": 1739571712,
+        "narHash": "sha256-0UdSDV/TBY+GuxXLbrLq3l2Fq02ciyKCIMy4qmnfJXQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e43c6bcb101ba3301522439c459288c4a248f624",
+        "rev": "6d3163aea47fdb1fe19744e91306a2ea4f602292",
        "type": "github"
      },
      "original": {
@ -185,11 +185,11 @@
        "nixpkgs-24_11": "nixpkgs-24_11"
      },
      "locked": {
-        "lastModified": 1742413977,
-        "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=",
+        "lastModified": 1739121270,
+        "narHash": "sha256-EmJhpy9U8sVlepl2QPjG019VfG67HcucsQNItTqW6cA=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "b4fbffe79c00f19be94b86b4144ff67541613659",
+        "rev": "8c1c4640b878c692dd3d8055e8cdea0a2bbd8cf3",
        "type": "gitlab"
      },
      "original": {
@ -264,11 +264,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1744232761,
-        "narHash": "sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U=",
+        "lastModified": 1739446958,
+        "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "f675531bc7e6657c10a18b565cfebd8aa9e24c14",
+        "rev": "2ff53fe64443980e139eaa286017f53f88336dd0",
        "type": "github"
      },
      "original": {
@ -295,17 +295,14 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1743296961,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
-        "type": "github"
+        "lastModified": 1738452942,
+        "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
      },
      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
      }
    },
    "nixpkgs-stable": {
@ -342,11 +339,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1743690424,
-        "narHash": "sha256-cX98bUuKuihOaRp8dNV1Mq7u6/CQZWTPth2IJPATBXc=",
+        "lastModified": 1739883580,
+        "narHash": "sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k=",
        "owner": "nix-community",
        "repo": "poetry2nix",
-        "rev": "ce2369db77f45688172384bbeb962bc6c2ea6f94",
+        "rev": "d90f9db68a4bda31c346be16dfd8d3263be4547e",
        "type": "github"
      },
      "original": {
@ -378,11 +375,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744103455,
-        "narHash": "sha256-SR6+qjkPjGQG+8eM4dCcVtss8r9bre/LAxFMPJpaZeU=",
+        "lastModified": 1739262228,
+        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "69d5a5a4635c27dae5a742f36108beccc506c1ba",
+        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -62,23 +62,9 @@
    overlay-vaapiIntel = final: prev: {
      vaapiIntel = prev.vaapiIntel.override { enableHybridCodec = true; };
    };
-    overlay-nitrokey-udev-update = final: prev: {
-      nitrokey-udev-rules = prev.nitrokey-udev-rules.overrideAttrs(old: {
-        version = "1.1.0";
-        src = prev.fetchFromGitHub {
-          owner = "Nitrokey";
-          repo = "nitrokey-udev-rules";
-          rev = "v1.1.0";
-          hash = "sha256-LKpd6O9suAc2+FFgpuyTClEgL/JiZiokH3DV8P3C7Aw=";
-        };
-        dontBuild = true;
-        doCheck = false;
-      });
-    };
    my-overlays = [
      overlay-stable
      overlay-vaapiIntel
-      overlay-nitrokey-udev-update
    ];
    inherit (inputs.nix-cfg-extra.lib) extra-data;
    inherit (inputs.nix-cfg-extra.lib) extra-host-modules;
--- a/hosts/laptop/configuration.nix
+++ b/hosts/laptop/configuration.nix
@ -13,14 +13,14 @@ in
    ./mounts.nix
    ./akkotest.nix
  ];
-  boot.kernelPackages = pkgs.linuxPackages_zen;
+  # boot.kernelPackages = pkgs.linuxPackages_zen;

  # Use the systemd-boot EFI boot loader.
  # NOT! Let's use GRUB instead
  # https://nixos.org/manual/nixos/stable/#sec-installation
  # boot.loader.efi.efiSysMountPoint = "/boot";
  boot.loader.systemd-boot.enable = false;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.canTouchEfiVariables = false;
  boot.loader.grub = {
    enable = true;
    device = "nodev";
@ -31,21 +31,34 @@ in
      rev = "803c5df0e83aba61668777bb96d90ab8f6847106";
      hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0=";
    }}/src/catppuccin-macchiato-grub-theme/";
+    efiInstallAsRemovable = true;
+    extraPerEntryConfig = "acpi ($drive1)//dsdt.aml";
    # useOSProber = true;
    extraEntries =
    ''
-    menuentry 'Veracrypt Boot Manager' --class windows --class os $menuentry_id_option 'osprober-efi-7C85-2DFB' {
+    menuentry 'Windows 10' --class windows --class os {
      insmod part_gpt
      insmod fat
-      search --no-floppy --fs-uuid --set=root 7C85-2DFB
-      chainloader /EFI/VeraCrypt/DcsBoot.efi
-    }
-    menuentry 'Windows Boot Manager' --class windows --class os $menuentry_id_option 'osprober-efi-7C85-2DFB' {
-      insmod part_gpt
-      insmod fat
-      search --no-floppy --fs-uuid --set=root 7C85-2DFB
+      set root='hd0,gpt4'
+      if [ x$feature_platform_search_hint = xy ]; then
+        search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 8D94-2A4E
+      else
+        search --no-floppy --fs-uuid --set=root 8D94-2A4E
+      fi
      chainloader /EFI/Microsoft/Boot/bootmgfw.efi
    }
+    menuentry 'Ventoy' {
+      insmod part_gpt
+      insmod fat
+      # set root='hd0,gpt4'
+      # if [ x$feature_platform_search_hint = xy ]; then
+      #   search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 BDAD-470D
+      # else
+      #   search --no-floppy --fs-uuid --set=root BDAD-470D
+      # fi
+      search --no-floppy --fs-uuid --set=root BDAD-470D
+      chainloader /EFI/BOOT/BOOTX64.EFI
+    }
    '';
  };

@ -234,8 +247,6 @@ in
  programs.wireshark.enable = true;
  programs.wireshark.package = pkgs.wireshark;

-  programs.ladybird.enable = true;
-
  # fish
  programs.fish = {
    enable = true;
@ -310,10 +321,6 @@ in
    #media-session.enable = true;
  };

-  services.thinkfan = {
-    enable = true;
-  };
-

  # Enable touchpad support (enabled default in most desktopManager).
  services.libinput.enable = true;
@ -347,13 +354,8 @@ in
    # };
  };

-  # Hardware keys
+  # OnlyKey
  hardware.onlykey.enable = true;
-  hardware.nitrokey.enable = true;
-  services.pcscd = {
-    enable = true;
-    plugins = [ pkgs.ccid ];
-  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
@ -420,9 +422,9 @@ in
  # programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
-    enableSSHSupport = true;
+    # enableSSHSupport = true;
  };
-  programs.ssh.startAgent = false;
+  programs.ssh.startAgent = true;

  zramSwap = {
    enable = true;
@ -461,6 +463,8 @@ in
    enable = true;
  };

+  services.logind.lidSwitchExternalPower = "lock";
+
  hardware.bluetooth.enable = true;
  hardware.bluetooth.powerOnBoot = true;

--- a/hosts/laptop/hardware-configuration.nix
+++ b/hosts/laptop/hardware-configuration.nix
@ -13,11 +13,10 @@ in
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" "rtsx_pci_sdmmc" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-intel" ];
-  boot.kernelParams = [ "i915.enable_psr=0" ];
-  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
+  boot.extraModulePackages = [ ];

  fileSystems."/" =
    { device = root;
@ -44,8 +43,9 @@ in
    };

  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/7C85-2DFB";
+    { device = "/dev/disk/by-uuid/E095-34D8";
      fsType = "vfat";
+      options = [ "noauto" ];
    };

  swapDevices =
--- a/hosts/laptop/mounts.nix
+++ b/hosts/laptop/mounts.nix
@ -1,15 +1,16 @@
 {
-  environment.etc.crypttab = {
-    mode = "0600";
-    text = ''
-      shared PARTUUID=7572b70e-36d1-41a8-b425-540b96092ff6 /dev/null tcrypt,tcrypt-veracrypt,tcrypt-keyfile=/root/shared_keyfile
-    '';
-  };
-
-  fileSystems."/mounts/shared" =
-    { device = "/dev/mapper/shared";
-      fsType = "ntfs3";
-      options = [ "defaults,exec,nosuid,nodev,prealloc,uid=1000,gid=100" ];
-    };
-
+  systemd.mounts =  [
+    {
+      where = "/mounts/my_data";
+      what = "/dev/disk/by-label/My_Data";
+      type = "ntfs3";
+      options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
+    }
+    {
+      where = "/mounts/windows";
+      what = "/dev/disk/by-label/WinPart";
+      type = "ntfs3";
+      options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
+    }
+  ];
 }