fix groups/default.nix should be groups/all/default.nix

2026-02-12 14:21:45 +10:00 · 2026-02-12 14:21:45 +10:00 · 27bc2ec0af
commit 27bc2ec0af
parent 9757cd823d
7 changed files with 111 additions and 94 deletions
--- a/flake.lock
+++ b/flake.lock
@ -17,8 +17,8 @@
        ]
      },
      "locked": {
-        "lastModified": 1770866677,
+        "lastModified": 1770869519,
-        "narHash": "sha256-5DN5PxKnkHkCLQrm/XPtORgUNZ0izTOFCtgxVJB98vU=",
+        "narHash": "sha256-3NyegyJeuQQSFuQMZKNCJhTw2qhJUjUL6ep432EOgJY=",
        "path": "/home/me/agribit/nexus/Cerulean",
        "type": "path"
      },
@ -170,16 +170,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1763992789,
+        "lastModified": 1770260404,
-        "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
+        "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
+        "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
@ -317,16 +317,16 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1770536720,
+        "lastModified": 1770770419,
-        "narHash": "sha256-pbmbaQUuoG+v37b91lqcNcz05YUvVif7iWjIx9lF8R4=",
+        "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=",
-        "owner": "NixOS",
+        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "3c64ab24b22579c833895b6030c9563837e41a70",
+        "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -4,11 +4,11 @@
  inputs = {
    systems.url = "github:nix-systems/default";
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    home-manager = {
-      url = "github:nix-community/home-manager/release-25.05";
+      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
@ -47,26 +47,39 @@
    };
  };
  nixConfig = {
    extra-experimental-features = "pipe-operators";
  };
  outputs = {
    cerulean,
    home-manager,
    grub2-themes,
    dobutterfliescry-net,
    ...
-  }: let
+  }:
-    groups = {
+    cerulean.mkNexus ./. (self: {
      cryos = {
        # oh frick i cried again
        cryde = {};
      };
      server = {};
    };
  in
    cerulean.mkNexus ./. {
      nexus = {
-        inherit groups;
+        overlays =
-        overlays = import ./overlays;
+          import ./overlays
          ++ [
            dobutterfliescry-net.overlays.default
          ];
-        nodes = {
+        groups = {
          cryos = {
            # oh frick i cried again
            cryde = {};
          };
          server = {};
        };
        nodes = let
          inherit
            (self.nexus)
            groups
            ;
        in {
          # my laptop <3 :3
          lolcathost = {
            system = "x86_64-linux";
@ -109,5 +122,5 @@
          # };
        };
      };
-    };
+    });
 }
--- a/groups/all/default.nix
+++ b/groups/all/default.nix
@ -1,5 +1,66 @@
-{lib, ...}: {
+{
  root,
  inputs,
  config,
  pkgs,
  upkgs,
  lib,
  ...
 }: {
  # NOTE: mkDefault is 1000 and mkForce is 50
  # NOTE: so this is like a second mkDefault
  security.sudo.wheelNeedsPassword = lib.mkOverride 900 true;
  networking = {
    networkmanager.enable = true;
    nftables.enable = true;
    firewall.enable = lib.mkDefault true;
    # Use CloudFlare's WARP+ 1.1.1.1 DNS service
    nameservers = [
      "1.1.1.1"
      "1.0.0.1"
    ];
  };
  nix.settings = {
    # make wheel group trusted users allows my "ae" user
    # to import packages not signed by a trusted key
    # (aka super duper easier to remote deploy)
    trusted-users = ["root" "@wheel"];
    experimental-features = [
      "nix-command"
      "flakes"
      "pipe-operators"
    ];
    download-buffer-size = 524288000; # 500 MiB
  };
  time.timeZone = lib.mkDefault "Australia/Brisbane";
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };
  users.defaultUserShell = pkgs.bash;
  home-manager = {
    users =
      config.users.users
      |> builtins.attrNames
      |> builtins.filter (x: builtins.pathExists (root + "/homes/${x}"))
      |> (x: lib.genAttrs x (y: import (root + "/homes/${y}")));
    extraSpecialArgs = {inherit inputs pkgs upkgs;};
  };
  environment.systemPackages = with pkgs; [
    git
    vim
    wget
    tree
  ];
 }
--- a/groups/default.nix
+++ b/groups/default.nix
@ -1,49 +0,0 @@
 {
  root,
  pkgs,
  upkgs,
  lib,
  inputs,
  config,
  ...
 }: {
  nix.settings = {
    # make wheel group trusted users allows my "ae" user
    # to import packages not signed by a trusted key
    # (aka super duper easier to remote deploy)
    trusted-users = ["root" "@wheel"];
    experimental-features = [
      "nix-command"
      "flakes"
      "pipe-operators"
    ];
    download-buffer-size = 524288000; # 500 MiB
  };
  time.timeZone = lib.mkDefault "Australia/Brisbane";
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };
  users.defaultUserShell = pkgs.bash;
  home-manager = {
    users =
      config.users.users
      |> builtins.attrNames
      |> builtins.filter (x: builtins.pathExists (root + "/homes/${x}"))
      |> lib.genAttrs (x: import (root + "/homes/${x}"));
    extraSpecialArgs = {inherit inputs pkgs upkgs;};
  };
  environment.systemPackages = with pkgs; [
    git
    vim
    wget
    tree
  ];
 }
--- a/groups/server/default.nix
+++ b/groups/server/default.nix
@ -1,19 +1,8 @@
 {lib, ...}: {
-  networking = {
+  networking.firewall = {
-    networkmanager.enable = true;
+    allowedTCPPorts = [
-
+      22
    # Use CloudFlare's WARP+ 1.1.1.1 DNS service
    nameservers = [
      "1.1.1.1"
      "1.0.0.1"
    ];
    firewall = {
      enable = lib.mkDefault true;
      allowedTCPPorts = [
        22
      ];
    };
  };
  security = {
@ -29,7 +18,7 @@
    };
    # allow SSH keys for passwordless auth
    pam = {
-      enableSSHAgentAuth = true;
+      sshAgentAuth.enable = true;
      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
    };
  };
@ -41,7 +30,7 @@
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
-        # AllowUsers = ["cry"]; # DO NOT ALLOW ALL
+        AllowUsers = ["cry"]; # DO NOT ALLOW ALL
        UseDns = true;
        X11Forwarding = false;
      };
--- a/hosts/butterfly/services/nginx.nix
+++ b/hosts/butterfly/services/nginx.nix
@ -22,7 +22,6 @@
    # package = pkgs.nginxStable.override {openssl = pkgs.libressl;};
    recommendedGzipSettings = true;
    recommendedZstdSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
--- a/packages/sddm-theme-corners/default.nix
+++ b/packages/sddm-theme-corners/default.nix
@ -17,4 +17,8 @@ pkgs.stdenv.mkDerivation {
  buildInputs = with pkgs; [
    libsForQt5.qt5.qtgraphicaleffects
  ];
  nativeBuildInputs = with pkgs; [
    qt5.wrapQtAppsHook
  ];
 }