diff --git a/flake.lock b/flake.lock index e0c1171..3b22954 100644 --- a/flake.lock +++ b/flake.lock @@ -17,8 +17,8 @@ ] }, "locked": { - "lastModified": 1770869519, - "narHash": "sha256-3NyegyJeuQQSFuQMZKNCJhTw2qhJUjUL6ep432EOgJY=", + "lastModified": 1770594166, + "narHash": "sha256-ijsAdvC9/0873gCkqNpTjUDl+Gk8oKovgvpnnQfA+/A=", "path": "/home/me/agribit/nexus/Cerulean", "type": "path" }, @@ -170,16 +170,16 @@ ] }, "locked": { - "lastModified": 1770260404, - "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", + "lastModified": 1763992789, + "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", "owner": "nix-community", "repo": "home-manager", - "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", + "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } @@ -317,16 +317,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1770770419, - "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", - "owner": "nixos", + "lastModified": 1770536720, + "narHash": "sha256-pbmbaQUuoG+v37b91lqcNcz05YUvVif7iWjIx9lF8R4=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", + "rev": "3c64ab24b22579c833895b6030c9563837e41a70", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } @@ -354,8 +354,8 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1770855466, - "narHash": "sha256-hZyD4m2Iix0FKWiRtzNFhbgdaULq52oysD68LmtT5H4=", + "lastModified": 1770593961, + "narHash": "sha256-Q2rRlN6yZiatLwEfYyCKJ/SImva+vbXr8DVA0qvix4c=", "path": "/home/me/agribit/nexus/nt", "type": "path" }, diff --git a/flake.nix b/flake.nix index 100114b..91d57f6 100644 --- a/flake.nix +++ b/flake.nix @@ -4,11 +4,11 @@ inputs = { systems.url = "github:nix-systems/default"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; home-manager = { - url = "github:nix-community/home-manager/release-25.11"; + url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -47,39 +47,26 @@ }; }; - nixConfig = { - extra-experimental-features = "pipe-operators"; - }; - outputs = { cerulean, home-manager, grub2-themes, - dobutterfliescry-net, ... - }: - cerulean.mkNexus ./. (self: { + }: let + groups = { + cryos = { + # oh frick i cried again + cryde = {}; + }; + server = {}; + }; + in + cerulean.mkNexus ./. { nexus = { - overlays = - import ./overlays - ++ [ - dobutterfliescry-net.overlays.default - ]; + inherit groups; + overlays = import ./overlays; - groups = { - cryos = { - # oh frick i cried again - cryde = {}; - }; - server = {}; - }; - - nodes = let - inherit - (self.nexus) - groups - ; - in { + nodes = { # my laptop <3 :3 lolcathost = { system = "x86_64-linux"; @@ -122,5 +109,5 @@ # }; }; }; - }); + }; } diff --git a/groups/all/default.nix b/groups/all/default.nix index b367245..225997d 100644 --- a/groups/all/default.nix +++ b/groups/all/default.nix @@ -1,66 +1,5 @@ -{ - root, - inputs, - config, - pkgs, - upkgs, - lib, - ... -}: { +{lib, ...}: { # NOTE: mkDefault is 1000 and mkForce is 50 # NOTE: so this is like a second mkDefault security.sudo.wheelNeedsPassword = lib.mkOverride 900 true; - - networking = { - networkmanager.enable = true; - - nftables.enable = true; - firewall.enable = lib.mkDefault true; - - # Use CloudFlare's WARP+ 1.1.1.1 DNS service - nameservers = [ - "1.1.1.1" - "1.0.0.1" - ]; - }; - - nix.settings = { - # make wheel group trusted users allows my "ae" user - # to import packages not signed by a trusted key - # (aka super duper easier to remote deploy) - trusted-users = ["root" "@wheel"]; - experimental-features = [ - "nix-command" - "flakes" - "pipe-operators" - ]; - download-buffer-size = 524288000; # 500 MiB - }; - - time.timeZone = lib.mkDefault "Australia/Brisbane"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - users.defaultUserShell = pkgs.bash; - - home-manager = { - users = - config.users.users - |> builtins.attrNames - |> builtins.filter (x: builtins.pathExists (root + "/homes/${x}")) - |> (x: lib.genAttrs x (y: import (root + "/homes/${y}"))); - - extraSpecialArgs = {inherit inputs pkgs upkgs;}; - }; - - environment.systemPackages = with pkgs; [ - git - vim - wget - tree - ]; } diff --git a/groups/default.nix b/groups/default.nix new file mode 100644 index 0000000..0dfb8f8 --- /dev/null +++ b/groups/default.nix @@ -0,0 +1,49 @@ +{ + root, + pkgs, + upkgs, + lib, + inputs, + config, + ... +}: { + nix.settings = { + # make wheel group trusted users allows my "ae" user + # to import packages not signed by a trusted key + # (aka super duper easier to remote deploy) + trusted-users = ["root" "@wheel"]; + experimental-features = [ + "nix-command" + "flakes" + "pipe-operators" + ]; + download-buffer-size = 524288000; # 500 MiB + }; + + time.timeZone = lib.mkDefault "Australia/Brisbane"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + users.defaultUserShell = pkgs.bash; + + home-manager = { + users = + config.users.users + |> builtins.attrNames + |> builtins.filter (x: builtins.pathExists (root + "/homes/${x}")) + |> lib.genAttrs (x: import (root + "/homes/${x}")); + + extraSpecialArgs = {inherit inputs pkgs upkgs;}; + }; + + environment.systemPackages = with pkgs; [ + git + vim + wget + tree + ]; +} diff --git a/groups/server/default.nix b/groups/server/default.nix index 5c447fc..e9ad3ac 100644 --- a/groups/server/default.nix +++ b/groups/server/default.nix @@ -1,8 +1,19 @@ {lib, ...}: { - networking.firewall = { - allowedTCPPorts = [ - 22 + networking = { + networkmanager.enable = true; + + # Use CloudFlare's WARP+ 1.1.1.1 DNS service + nameservers = [ + "1.1.1.1" + "1.0.0.1" ]; + + firewall = { + enable = lib.mkDefault true; + allowedTCPPorts = [ + 22 + ]; + }; }; security = { @@ -18,7 +29,7 @@ }; # allow SSH keys for passwordless auth pam = { - sshAgentAuth.enable = true; + enableSSHAgentAuth = true; services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module }; }; @@ -30,7 +41,7 @@ settings = { PasswordAuthentication = false; PermitRootLogin = "no"; - AllowUsers = ["cry"]; # DO NOT ALLOW ALL + # AllowUsers = ["cry"]; # DO NOT ALLOW ALL UseDns = true; X11Forwarding = false; }; diff --git a/hosts/butterfly/services/nginx.nix b/hosts/butterfly/services/nginx.nix index ba78c0a..6d0205d 100644 --- a/hosts/butterfly/services/nginx.nix +++ b/hosts/butterfly/services/nginx.nix @@ -22,6 +22,7 @@ # package = pkgs.nginxStable.override {openssl = pkgs.libressl;}; recommendedGzipSettings = true; + recommendedZstdSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; diff --git a/packages/sddm-theme-corners/default.nix b/packages/sddm-theme-corners/default.nix index b0e3789..da1ebfc 100755 --- a/packages/sddm-theme-corners/default.nix +++ b/packages/sddm-theme-corners/default.nix @@ -17,8 +17,4 @@ pkgs.stdenv.mkDerivation { buildInputs = with pkgs; [ libsForQt5.qt5.qtgraphicaleffects ]; - - nativeBuildInputs = with pkgs; [ - qt5.wrapQtAppsHook - ]; }