fix groups/default.nix should be groups/all/default.nix

2026-02-12 14:21:45 +10:00 · 2026-02-12 14:21:45 +10:00 · 27bc2ec0af
commit 27bc2ec0af
parent 9757cd823d
7 changed files with 111 additions and 94 deletions
--- a/flake.lock
+++ b/flake.lock
@ -17,8 +17,8 @@
        ]
      },
      "locked": {
-        "lastModified": 1770866677,
-        "narHash": "sha256-5DN5PxKnkHkCLQrm/XPtORgUNZ0izTOFCtgxVJB98vU=",
+        "lastModified": 1770869519,
+        "narHash": "sha256-3NyegyJeuQQSFuQMZKNCJhTw2qhJUjUL6ep432EOgJY=",
        "path": "/home/me/agribit/nexus/Cerulean",
        "type": "path"
      },
@ -170,16 +170,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1763992789,
-        "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
+        "lastModified": 1770260404,
+        "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
+        "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
@ -317,16 +317,16 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1770536720,
-        "narHash": "sha256-pbmbaQUuoG+v37b91lqcNcz05YUvVif7iWjIx9lF8R4=",
-        "owner": "NixOS",
+        "lastModified": 1770770419,
+        "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=",
+        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "3c64ab24b22579c833895b6030c9563837e41a70",
+        "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -4,11 +4,11 @@
  inputs = {
    systems.url = "github:nix-systems/default";

-    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

    home-manager = {
-      url = "github:nix-community/home-manager/release-25.05";
+      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

@ -47,26 +47,39 @@
    };
  };

+  nixConfig = {
+    extra-experimental-features = "pipe-operators";
+  };
+
  outputs = {
    cerulean,
    home-manager,
    grub2-themes,
+    dobutterfliescry-net,
    ...
-  }: let
-    groups = {
-      cryos = {
-        # oh frick i cried again
-        cryde = {};
-      };
-      server = {};
-    };
-  in
-    cerulean.mkNexus ./. {
+  }:
+    cerulean.mkNexus ./. (self: {
      nexus = {
-        inherit groups;
-        overlays = import ./overlays;
+        overlays =
+          import ./overlays
+          ++ [
+            dobutterfliescry-net.overlays.default
+          ];

-        nodes = {
+        groups = {
+          cryos = {
+            # oh frick i cried again
+            cryde = {};
+          };
+          server = {};
+        };
+
+        nodes = let
+          inherit
+            (self.nexus)
+            groups
+            ;
+        in {
          # my laptop <3 :3
          lolcathost = {
            system = "x86_64-linux";
@ -109,5 +122,5 @@
          # };
        };
      };
-    };
+    });
 }
--- a/groups/all/default.nix
+++ b/groups/all/default.nix
@ -1,5 +1,66 @@
-{lib, ...}: {
+{
+  root,
+  inputs,
+  config,
+  pkgs,
+  upkgs,
+  lib,
+  ...
+}: {
  # NOTE: mkDefault is 1000 and mkForce is 50
  # NOTE: so this is like a second mkDefault
  security.sudo.wheelNeedsPassword = lib.mkOverride 900 true;
+
+  networking = {
+    networkmanager.enable = true;
+
+    nftables.enable = true;
+    firewall.enable = lib.mkDefault true;
+
+    # Use CloudFlare's WARP+ 1.1.1.1 DNS service
+    nameservers = [
+      "1.1.1.1"
+      "1.0.0.1"
+    ];
+  };
+
+  nix.settings = {
+    # make wheel group trusted users allows my "ae" user
+    # to import packages not signed by a trusted key
+    # (aka super duper easier to remote deploy)
+    trusted-users = ["root" "@wheel"];
+    experimental-features = [
+      "nix-command"
+      "flakes"
+      "pipe-operators"
+    ];
+    download-buffer-size = 524288000; # 500 MiB
+  };
+
+  time.timeZone = lib.mkDefault "Australia/Brisbane";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  users.defaultUserShell = pkgs.bash;
+
+  home-manager = {
+    users =
+      config.users.users
+      |> builtins.attrNames
+      |> builtins.filter (x: builtins.pathExists (root + "/homes/${x}"))
+      |> (x: lib.genAttrs x (y: import (root + "/homes/${y}")));
+
+    extraSpecialArgs = {inherit inputs pkgs upkgs;};
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    vim
+    wget
+    tree
+  ];
 }
--- a/groups/default.nix
+++ b/groups/default.nix
@ -1,49 +0,0 @@
-{
-  root,
-  pkgs,
-  upkgs,
-  lib,
-  inputs,
-  config,
-  ...
-}: {
-  nix.settings = {
-    # make wheel group trusted users allows my "ae" user
-    # to import packages not signed by a trusted key
-    # (aka super duper easier to remote deploy)
-    trusted-users = ["root" "@wheel"];
-    experimental-features = [
-      "nix-command"
-      "flakes"
-      "pipe-operators"
-    ];
-    download-buffer-size = 524288000; # 500 MiB
-  };
-
-  time.timeZone = lib.mkDefault "Australia/Brisbane";
-
-  i18n.defaultLocale = "en_US.UTF-8";
-  console = {
-    font = "Lat2-Terminus16";
-    keyMap = "us";
-  };
-
-  users.defaultUserShell = pkgs.bash;
-
-  home-manager = {
-    users =
-      config.users.users
-      |> builtins.attrNames
-      |> builtins.filter (x: builtins.pathExists (root + "/homes/${x}"))
-      |> lib.genAttrs (x: import (root + "/homes/${x}"));
-
-    extraSpecialArgs = {inherit inputs pkgs upkgs;};
-  };
-
-  environment.systemPackages = with pkgs; [
-    git
-    vim
-    wget
-    tree
-  ];
-}
--- a/groups/server/default.nix
+++ b/groups/server/default.nix
@ -1,19 +1,8 @@
 {lib, ...}: {
-  networking = {
-    networkmanager.enable = true;
-
-    # Use CloudFlare's WARP+ 1.1.1.1 DNS service
-    nameservers = [
-      "1.1.1.1"
-      "1.0.0.1"
+  networking.firewall = {
+    allowedTCPPorts = [
+      22
    ];
-
-    firewall = {
-      enable = lib.mkDefault true;
-      allowedTCPPorts = [
-        22
-      ];
-    };
  };

  security = {
@ -29,7 +18,7 @@
    };
    # allow SSH keys for passwordless auth
    pam = {
-      enableSSHAgentAuth = true;
+      sshAgentAuth.enable = true;
      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
    };
  };
@ -41,7 +30,7 @@
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
-        # AllowUsers = ["cry"]; # DO NOT ALLOW ALL
+        AllowUsers = ["cry"]; # DO NOT ALLOW ALL
        UseDns = true;
        X11Forwarding = false;
      };
--- a/hosts/butterfly/services/nginx.nix
+++ b/hosts/butterfly/services/nginx.nix
@ -22,7 +22,6 @@
    # package = pkgs.nginxStable.override {openssl = pkgs.libressl;};

    recommendedGzipSettings = true;
-    recommendedZstdSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
--- a/packages/sddm-theme-corners/default.nix
+++ b/packages/sddm-theme-corners/default.nix
@ -17,4 +17,8 @@ pkgs.stdenv.mkDerivation {
  buildInputs = with pkgs; [
    libsForQt5.qt5.qtgraphicaleffects
  ];
+
+  nativeBuildInputs = with pkgs; [
+    qt5.wrapQtAppsHook
+  ];
 }