diff --git a/flake.lock b/flake.lock index 7071611..e0c1171 100644 --- a/flake.lock +++ b/flake.lock @@ -17,8 +17,8 @@ ] }, "locked": { - "lastModified": 1770866677, - "narHash": "sha256-5DN5PxKnkHkCLQrm/XPtORgUNZ0izTOFCtgxVJB98vU=", + "lastModified": 1770869519, + "narHash": "sha256-3NyegyJeuQQSFuQMZKNCJhTw2qhJUjUL6ep432EOgJY=", "path": "/home/me/agribit/nexus/Cerulean", "type": "path" }, @@ -170,16 +170,16 @@ ] }, "locked": { - "lastModified": 1763992789, - "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", + "lastModified": 1770260404, + "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", "owner": "nix-community", "repo": "home-manager", - "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", + "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", + "ref": "release-25.11", "repo": "home-manager", "type": "github" } @@ -317,16 +317,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1770536720, - "narHash": "sha256-pbmbaQUuoG+v37b91lqcNcz05YUvVif7iWjIx9lF8R4=", - "owner": "NixOS", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "3c64ab24b22579c833895b6030c9563837e41a70", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 91d57f6..100114b 100644 --- a/flake.nix +++ b/flake.nix @@ -4,11 +4,11 @@ inputs = { systems.url = "github:nix-systems/default"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; home-manager = { - url = "github:nix-community/home-manager/release-25.05"; + url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -47,26 +47,39 @@ }; }; + nixConfig = { + extra-experimental-features = "pipe-operators"; + }; + outputs = { cerulean, home-manager, grub2-themes, + dobutterfliescry-net, ... - }: let - groups = { - cryos = { - # oh frick i cried again - cryde = {}; - }; - server = {}; - }; - in - cerulean.mkNexus ./. { + }: + cerulean.mkNexus ./. (self: { nexus = { - inherit groups; - overlays = import ./overlays; + overlays = + import ./overlays + ++ [ + dobutterfliescry-net.overlays.default + ]; - nodes = { + groups = { + cryos = { + # oh frick i cried again + cryde = {}; + }; + server = {}; + }; + + nodes = let + inherit + (self.nexus) + groups + ; + in { # my laptop <3 :3 lolcathost = { system = "x86_64-linux"; @@ -109,5 +122,5 @@ # }; }; }; - }; + }); } diff --git a/groups/all/default.nix b/groups/all/default.nix index 225997d..b367245 100644 --- a/groups/all/default.nix +++ b/groups/all/default.nix @@ -1,5 +1,66 @@ -{lib, ...}: { +{ + root, + inputs, + config, + pkgs, + upkgs, + lib, + ... +}: { # NOTE: mkDefault is 1000 and mkForce is 50 # NOTE: so this is like a second mkDefault security.sudo.wheelNeedsPassword = lib.mkOverride 900 true; + + networking = { + networkmanager.enable = true; + + nftables.enable = true; + firewall.enable = lib.mkDefault true; + + # Use CloudFlare's WARP+ 1.1.1.1 DNS service + nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; + }; + + nix.settings = { + # make wheel group trusted users allows my "ae" user + # to import packages not signed by a trusted key + # (aka super duper easier to remote deploy) + trusted-users = ["root" "@wheel"]; + experimental-features = [ + "nix-command" + "flakes" + "pipe-operators" + ]; + download-buffer-size = 524288000; # 500 MiB + }; + + time.timeZone = lib.mkDefault "Australia/Brisbane"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + users.defaultUserShell = pkgs.bash; + + home-manager = { + users = + config.users.users + |> builtins.attrNames + |> builtins.filter (x: builtins.pathExists (root + "/homes/${x}")) + |> (x: lib.genAttrs x (y: import (root + "/homes/${y}"))); + + extraSpecialArgs = {inherit inputs pkgs upkgs;}; + }; + + environment.systemPackages = with pkgs; [ + git + vim + wget + tree + ]; } diff --git a/groups/default.nix b/groups/default.nix deleted file mode 100644 index 0dfb8f8..0000000 --- a/groups/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - root, - pkgs, - upkgs, - lib, - inputs, - config, - ... -}: { - nix.settings = { - # make wheel group trusted users allows my "ae" user - # to import packages not signed by a trusted key - # (aka super duper easier to remote deploy) - trusted-users = ["root" "@wheel"]; - experimental-features = [ - "nix-command" - "flakes" - "pipe-operators" - ]; - download-buffer-size = 524288000; # 500 MiB - }; - - time.timeZone = lib.mkDefault "Australia/Brisbane"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - users.defaultUserShell = pkgs.bash; - - home-manager = { - users = - config.users.users - |> builtins.attrNames - |> builtins.filter (x: builtins.pathExists (root + "/homes/${x}")) - |> lib.genAttrs (x: import (root + "/homes/${x}")); - - extraSpecialArgs = {inherit inputs pkgs upkgs;}; - }; - - environment.systemPackages = with pkgs; [ - git - vim - wget - tree - ]; -} diff --git a/groups/server/default.nix b/groups/server/default.nix index e9ad3ac..5c447fc 100644 --- a/groups/server/default.nix +++ b/groups/server/default.nix @@ -1,19 +1,8 @@ {lib, ...}: { - networking = { - networkmanager.enable = true; - - # Use CloudFlare's WARP+ 1.1.1.1 DNS service - nameservers = [ - "1.1.1.1" - "1.0.0.1" + networking.firewall = { + allowedTCPPorts = [ + 22 ]; - - firewall = { - enable = lib.mkDefault true; - allowedTCPPorts = [ - 22 - ]; - }; }; security = { @@ -29,7 +18,7 @@ }; # allow SSH keys for passwordless auth pam = { - enableSSHAgentAuth = true; + sshAgentAuth.enable = true; services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module }; }; @@ -41,7 +30,7 @@ settings = { PasswordAuthentication = false; PermitRootLogin = "no"; - # AllowUsers = ["cry"]; # DO NOT ALLOW ALL + AllowUsers = ["cry"]; # DO NOT ALLOW ALL UseDns = true; X11Forwarding = false; }; diff --git a/hosts/butterfly/services/nginx.nix b/hosts/butterfly/services/nginx.nix index 6d0205d..ba78c0a 100644 --- a/hosts/butterfly/services/nginx.nix +++ b/hosts/butterfly/services/nginx.nix @@ -22,7 +22,6 @@ # package = pkgs.nginxStable.override {openssl = pkgs.libressl;}; recommendedGzipSettings = true; - recommendedZstdSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; diff --git a/packages/sddm-theme-corners/default.nix b/packages/sddm-theme-corners/default.nix index da1ebfc..b0e3789 100755 --- a/packages/sddm-theme-corners/default.nix +++ b/packages/sddm-theme-corners/default.nix @@ -17,4 +17,8 @@ pkgs.stdenv.mkDerivation { buildInputs = with pkgs; [ libsForQt5.qt5.qtgraphicaleffects ]; + + nativeBuildInputs = with pkgs; [ + qt5.wrapQtAppsHook + ]; }