added back stable branch, broken though because cerulean no support channel overrides

flake.lock

@@ -145,7 +145,7 @@
       "inputs": {
         "deploy-rs": "deploy-rs",
         "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs"
         ],
         "nixpkgs-unstable": [
           "nixpkgs-unstable"
@@ -1257,6 +1257,22 @@
       }
     },
     "nixpkgs_10": {
+      "locked": {
+        "lastModified": 1771043024,
+        "narHash": "sha256-O1XDr7EWbRp+kHrNNgLWgIrB0/US5wvw9K6RERWAj6I=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3aadb7ca9eac2891d52a9dec199d9580a6e2bf44",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_11": {
       "locked": {
         "lastModified": 1769461804,
         "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
@@ -1473,6 +1489,7 @@
         "nix-alien": "nix-alien",
         "nixcats": "nixcats",
         "nixcord": "nixcord",
+        "nixpkgs": "nixpkgs_10",
         "nixpkgs-staging": "nixpkgs-staging",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "sddm-silent": "sddm-silent",
@@ -1739,7 +1756,7 @@
     "zen": {
       "inputs": {
         "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs_10"
+        "nixpkgs": "nixpkgs_11"
       },
       "locked": {
         "lastModified": 1770910552,

flake.nix

@@ -4,6 +4,7 @@
   inputs = {
     systems.url = "github:nix-systems/default";
 
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     nixpkgs-staging.url = "github:NixOS/nixpkgs/staging-next";
 
@@ -16,7 +17,7 @@
       url = "github:emilelcb/Cerulean";
       inputs = {
         systems.follows = "systems";
-        nixpkgs.follows = "nixpkgs-unstable";
+        nixpkgs.follows = "nixpkgs";
         nixpkgs-unstable.follows = "nixpkgs-unstable";
       };
     };

groups/all/default.nix

@@ -0,0 +1,6 @@
+{ ... }: {
+  nix.settings = {
+    experimental-features = ["nix-command" "flakes"];
+    download-buffer-size = 524288000;
+  };
+}

groups/servers/default.nix

@@ -0,0 +1,17 @@
+{ ... }: {
+  nix.settings = {
+    trusted-users = ["root" "@wheel"];
+  };
+
+  security = {
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = true;
+    };
+
+    pam = {
+      sshAgentAuth.enable = true;
+      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
+    };
+  };
+}

groups/unstable-base/default.nix

@@ -0,0 +1,5 @@
+{lib, config, ...}: {
+  nixpkgs.channels.default = {
+    default = lib.mkForce config.nixpkgs-unstable.channels.default.pkgs;
+  };
+}

hosts/arcturus/default.nix

@@ -6,12 +6,6 @@
 
   networking.hostName = "arcturus";
 
-  nix.settings = {
-    experimental-features = ["nix-command" "flakes"];
-    download-buffer-size = 524288000;
-    trusted-users = ["root" "@wheel"];
-  };
-
   time.timeZone = "Europe/London";
   i18n.defaultLocale = "en_US.UTF-8";
   console = {
@@ -27,18 +21,6 @@
     };
   };
 
-  security = {
-    sudo = {
-      enable = true;
-      wheelNeedsPassword = true;
-    };
-
-    pam = {
-      sshAgentAuth.enable = true;
-      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
-    };
-  };
-
   networking = {
     useNetworkd = false;
     useDHCP = false;

hosts/lyra/default.nix

@@ -6,12 +6,6 @@
 
   networking.hostName = "lyra";
 
-  nix.settings = {
-    experimental-features = ["nix-command" "flakes"];
-    download-buffer-size = 524288000;
-    trusted-users = ["root" "@wheel"];
-  };
-
   time.timeZone = "Europe/London";
   i18n.defaultLocale = "en_US.UTF-8";
   console = {
@@ -27,18 +21,6 @@
     };
   };
 
-  security = {
-    sudo = {
-      enable = true;
-      wheelNeedsPassword = true;
-    };
-
-    pam = {
-      sshAgentAuth.enable = true;
-      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
-    };
-  };
-
   networking = {
     networkmanager.enable = true;
 

hosts/nixarawrui/default.nix

@@ -10,12 +10,6 @@
     ./modules/amdgpu-ignore-ctx-privileges.nix
   ];
 
-  # Enable the Flakes feature and the accompaying new nix command-line tool
-  nix.settings = {
-    experimental-features = ["nix-command" "flakes"];
-    download-buffer-size = 524288000;
-  };
-
   # Use the systemd-boot EFI boot loader.
   boot = rec {
     initrd.kernelModules = ["amdgpu"];
@@ -335,27 +329,5 @@
     inputs.nix-alien.packages.${stdenv.hostPlatform.system}.nix-alien
   ];
 
-  # Copy the NixOS configuration file and link it from the resulting system
+  system.stateVersion = "24.11";
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # This option defines the first version of NixOS you have installed on this particular machine,
-  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
-  #
-  # Most users should NEVER change this value after the initial install, for any reason,
-  # even if you've upgraded your system to a new NixOS release.
-  #
-  # This value does NOT affect the Nixupkgs version your packages and OS are pulled from,
-  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
-  # to actually do that.
-  #
-  # This value being lower than the current NixOS release does NOT mean your system is
-  # out of date, out of support, or vulnerable.
-  #
-  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
-  # and migrated your data accordingly.
-  #
-  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
-  system.stateVersion = "24.11"; # Did you read the comment?
 }

nixpkgs.nix

@@ -5,6 +5,15 @@
 } @ args: {
   nixpkgs.channels.default = rec {
     default = upkgs;
+
+    # nixpkgs
+    pkgs = {
+      inherit system;
+      source = inputs.nixpkgs;
+      overlays = [];
+      config.allowUnfree = true;
+    };
+
     # nixpkgs-unstable
     upkgs = {
       inherit system;
@@ -19,6 +28,7 @@
 
       config.allowUnfree = true;
     };
+
     # nixpkgs-staging
     spkgs = {
       inherit system;

snow.nix

@@ -7,9 +7,25 @@ cerulean.mkNexus ./. (self: {
       home-manager.nixosModules.home-manager
     ];
 
-    nodes = {
+    groups = {
+      unstable-base = {};
+      servers = {};
+    };
+
+    nodes = let
+      inherit
+        (self.nexus)
+        groups
+        ;
+      in
+      {
       nixarawrui = {
         system = "x86_64-linux";
+
+        groups = [
+          groups.unstable-base
+        ];
+
         extraModules = with inputs; [
           sddm-silent.nixosModules.default
         ];
@@ -17,6 +33,11 @@ cerulean.mkNexus ./. (self: {
 
       arcturus = {
         system = "x86_64-linux";
+
+        groups = [
+          groups.servers
+        ];
+
         deploy.ssh = {
           host = "10.16.1.163";
           port = 2222;
@@ -26,6 +47,11 @@ cerulean.mkNexus ./. (self: {
 
       lyra = {
         system = "x86_64-linux";
+
+        groups = [
+          groups.servers
+        ];
+
         deploy.ssh = {
           host = "10.16.1.58";
           port = 2222;