flake.lock

@@ -16,11 +16,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1744375272,
+        "lastModified": 1740420811,
-        "narHash": "sha256-xvWbdTctLu5YWgcp+lNTh51GAY3vB2XEXUFKRMJUiCM=",
+        "narHash": "sha256-ZfSnVdW2S9G4dYFxnW7sB/XgBe2SR17WHTb0eDNkkOk=",
         "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "105b3b6c004ce00d1d3c7a88669bea4aadfd4580",
+        "rev": "c79e9b78104e9d8c406445d575623c2770d7d99a",
         "type": "github"
       },
       "original": {
@@ -32,16 +32,16 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1744135136,
+        "lastModified": 1740398117,
-        "narHash": "sha256-7wvoCRhLipX4qzrb/ctsozG565yckx+moxiF6vRo84I=",
+        "narHash": "sha256-eafk3lCFG3l1OKt8xoKZjbDFcOUFQgpivMMT4GjaNWU=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "74eab55c615b156e4191ee98dc789e2d58c016f9",
+        "rev": "5c5cc1c7daa4248c5a2c29ac47f3639d4eaa8ff5",
         "type": "github"
       },
       "original": {
         "owner": "goauthentik",
-        "ref": "version/2025.2.4",
+        "ref": "version/2025.2.0",
         "repo": "authentik",
         "type": "github"
       }
@@ -98,11 +98,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1743550720,
+        "lastModified": 1738453229,
-        "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
+        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "c621e8422220273271f52058f618c94e405bb0f5",
+        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1744380363,
+        "lastModified": 1739571712,
-        "narHash": "sha256-cXjAUuAfQDPSLSsckZuTioQ986iqSPTzx8D7dLAcC+Q=",
+        "narHash": "sha256-0UdSDV/TBY+GuxXLbrLq3l2Fq02ciyKCIMy4qmnfJXQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e43c6bcb101ba3301522439c459288c4a248f624",
+        "rev": "6d3163aea47fdb1fe19744e91306a2ea4f602292",
         "type": "github"
       },
       "original": {
@@ -185,11 +185,11 @@
         "nixpkgs-24_11": "nixpkgs-24_11"
       },
       "locked": {
-        "lastModified": 1742413977,
+        "lastModified": 1739121270,
-        "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=",
+        "narHash": "sha256-EmJhpy9U8sVlepl2QPjG019VfG67HcucsQNItTqW6cA=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "b4fbffe79c00f19be94b86b4144ff67541613659",
+        "rev": "8c1c4640b878c692dd3d8055e8cdea0a2bbd8cf3",
         "type": "gitlab"
       },
       "original": {
@@ -264,11 +264,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1744232761,
+        "lastModified": 1739446958,
-        "narHash": "sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U=",
+        "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f675531bc7e6657c10a18b565cfebd8aa9e24c14",
+        "rev": "2ff53fe64443980e139eaa286017f53f88336dd0",
         "type": "github"
       },
       "original": {
@@ -295,17 +295,14 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1743296961,
+        "lastModified": 1738452942,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+        "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
-        "owner": "nix-community",
+        "type": "tarball",
-        "repo": "nixpkgs.lib",
+        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
-        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
-        "type": "github"
       },
       "original": {
-        "owner": "nix-community",
+        "type": "tarball",
-        "repo": "nixpkgs.lib",
+        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
-        "type": "github"
       }
     },
     "nixpkgs-stable": {
@@ -342,11 +339,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1743690424,
+        "lastModified": 1739883580,
-        "narHash": "sha256-cX98bUuKuihOaRp8dNV1Mq7u6/CQZWTPth2IJPATBXc=",
+        "narHash": "sha256-3ydikhrNaWy8j0cqHju/94PcD4GZ9T4Ju4rHh34oz3k=",
         "owner": "nix-community",
         "repo": "poetry2nix",
-        "rev": "ce2369db77f45688172384bbeb962bc6c2ea6f94",
+        "rev": "d90f9db68a4bda31c346be16dfd8d3263be4547e",
         "type": "github"
       },
       "original": {
@@ -378,11 +375,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1744103455,
+        "lastModified": 1739262228,
-        "narHash": "sha256-SR6+qjkPjGQG+8eM4dCcVtss8r9bre/LAxFMPJpaZeU=",
+        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "69d5a5a4635c27dae5a742f36108beccc506c1ba",
+        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
         "type": "github"
       },
       "original": {

flake.nix

@@ -62,23 +62,9 @@
     overlay-vaapiIntel = final: prev: {
       vaapiIntel = prev.vaapiIntel.override { enableHybridCodec = true; };
     };
-    overlay-nitrokey-udev-update = final: prev: {
-      nitrokey-udev-rules = prev.nitrokey-udev-rules.overrideAttrs(old: {
-        version = "1.1.0";
-        src = prev.fetchFromGitHub {
-          owner = "Nitrokey";
-          repo = "nitrokey-udev-rules";
-          rev = "v1.1.0";
-          hash = "sha256-LKpd6O9suAc2+FFgpuyTClEgL/JiZiokH3DV8P3C7Aw=";
-        };
-        dontBuild = true;
-        doCheck = false;
-      });
-    };
     my-overlays = [
       overlay-stable
       overlay-vaapiIntel
-      overlay-nitrokey-udev-update
     ];
     inherit (inputs.nix-cfg-extra.lib) extra-data;
     inherit (inputs.nix-cfg-extra.lib) extra-host-modules;

hosts/laptop/configuration.nix

@@ -13,14 +13,14 @@ in
     ./mounts.nix
     ./akkotest.nix
   ];
-  boot.kernelPackages = pkgs.linuxPackages_zen;
+  # boot.kernelPackages = pkgs.linuxPackages_zen;
 
   # Use the systemd-boot EFI boot loader.
   # NOT! Let's use GRUB instead
   # https://nixos.org/manual/nixos/stable/#sec-installation
   # boot.loader.efi.efiSysMountPoint = "/boot";
   boot.loader.systemd-boot.enable = false;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.canTouchEfiVariables = false;
   boot.loader.grub = {
     enable = true;
     device = "nodev";
@@ -31,21 +31,34 @@ in
       rev = "803c5df0e83aba61668777bb96d90ab8f6847106";
       hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0=";
     }}/src/catppuccin-macchiato-grub-theme/";
+    efiInstallAsRemovable = true;
+    extraPerEntryConfig = "acpi ($drive1)//dsdt.aml";
     # useOSProber = true;
     extraEntries =
     ''
-    menuentry 'Veracrypt Boot Manager' --class windows --class os $menuentry_id_option 'osprober-efi-7C85-2DFB' {
+    menuentry 'Windows 10' --class windows --class os {
       insmod part_gpt
       insmod fat
-      search --no-floppy --fs-uuid --set=root 7C85-2DFB
+      set root='hd0,gpt4'
-      chainloader /EFI/VeraCrypt/DcsBoot.efi
+      if [ x$feature_platform_search_hint = xy ]; then
-    }
+        search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 8D94-2A4E
-    menuentry 'Windows Boot Manager' --class windows --class os $menuentry_id_option 'osprober-efi-7C85-2DFB' {
+      else
-      insmod part_gpt
+        search --no-floppy --fs-uuid --set=root 8D94-2A4E
-      insmod fat
+      fi
-      search --no-floppy --fs-uuid --set=root 7C85-2DFB
       chainloader /EFI/Microsoft/Boot/bootmgfw.efi
     }
+    menuentry 'Ventoy' {
+      insmod part_gpt
+      insmod fat
+      # set root='hd0,gpt4'
+      # if [ x$feature_platform_search_hint = xy ]; then
+      #   search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt4 --hint-efi=hd0,gpt4 --hint-baremetal=ahci0,gpt4 BDAD-470D
+      # else
+      #   search --no-floppy --fs-uuid --set=root BDAD-470D
+      # fi
+      search --no-floppy --fs-uuid --set=root BDAD-470D
+      chainloader /EFI/BOOT/BOOTX64.EFI
+    }
     '';
   };
 
@@ -234,8 +247,6 @@ in
   programs.wireshark.enable = true;
   programs.wireshark.package = pkgs.wireshark;
 
-  programs.ladybird.enable = true;
-
   # fish
   programs.fish = {
     enable = true;
@@ -310,10 +321,6 @@ in
     #media-session.enable = true;
   };
 
-  services.thinkfan = {
-    enable = true;
-  };
-
 
   # Enable touchpad support (enabled default in most desktopManager).
   services.libinput.enable = true;
@@ -347,13 +354,8 @@ in
     # };
   };
 
-  # Hardware keys
+  # OnlyKey
   hardware.onlykey.enable = true;
-  hardware.nitrokey.enable = true;
-  services.pcscd = {
-    enable = true;
-    plugins = [ pkgs.ccid ];
-  };
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
@@ -420,9 +422,9 @@ in
   # programs.mtr.enable = true;
   programs.gnupg.agent = {
     enable = true;
-    enableSSHSupport = true;
+    # enableSSHSupport = true;
   };
-  programs.ssh.startAgent = false;
+  programs.ssh.startAgent = true;
 
   zramSwap = {
     enable = true;
@@ -461,6 +463,8 @@ in
     enable = true;
   };
 
+  services.logind.lidSwitchExternalPower = "lock";
+
   hardware.bluetooth.enable = true;
   hardware.bluetooth.powerOnBoot = true;
 

hosts/laptop/hardware-configuration.nix

@@ -13,11 +13,10 @@ in
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" "rtsx_pci_sdmmc" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "uas" "usb_storage" ];
   boot.initrd.kernelModules = [ "dm-snapshot" ];
   boot.kernelModules = [ "kvm-intel" ];
-  boot.kernelParams = [ "i915.enable_psr=0" ];
+  boot.extraModulePackages = [ ];
-  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
 
   fileSystems."/" =
     { device = root;
@@ -44,8 +43,9 @@ in
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/7C85-2DFB";
+    { device = "/dev/disk/by-uuid/E095-34D8";
       fsType = "vfat";
+      options = [ "noauto" ];
     };
 
   swapDevices =

hosts/laptop/mounts.nix

@@ -1,15 +1,16 @@
 {
-  environment.etc.crypttab = {
+  systemd.mounts =  [
-    mode = "0600";
+    {
-    text = ''
+      where = "/mounts/my_data";
-      shared PARTUUID=7572b70e-36d1-41a8-b425-540b96092ff6 /dev/null tcrypt,tcrypt-veracrypt,tcrypt-keyfile=/root/shared_keyfile
+      what = "/dev/disk/by-label/My_Data";
-    '';
+      type = "ntfs3";
-  };
+      options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
-
+    }
-  fileSystems."/mounts/shared" =
+    {
-    { device = "/dev/mapper/shared";
+      where = "/mounts/windows";
-      fsType = "ntfs3";
+      what = "/dev/disk/by-label/WinPart";
-      options = [ "defaults,exec,nosuid,nodev,prealloc,uid=1000,gid=100" ];
+      type = "ntfs3";
-    };
+      options = "defaults,exec,noauto,prealloc,uid=1000,gid=100";
-
+    }
+  ];
 }