From 29410d8ff91d022f184119c102d92282eaf37981 Mon Sep 17 00:00:00 2001 From: _cry64 Date: Sat, 7 Mar 2026 23:44:03 +1000 Subject: [PATCH 1/4] replace sudo -> sudo-rs --- groups/all/default.nix | 7 ++++--- groups/cryos/default.nix | 5 +---- groups/server/default.nix | 4 ---- hosts/myputer/default.nix | 2 +- 4 files changed, 6 insertions(+), 12 deletions(-) diff --git a/groups/all/default.nix b/groups/all/default.nix index fac958f..0ba6d11 100644 --- a/groups/all/default.nix +++ b/groups/all/default.nix @@ -7,9 +7,10 @@ ./modules/flatpak.nix ]; - # NOTE: mkDefault is 1000 and mkForce is 50 - # NOTE: so this is like a second mkDefault - security.sudo.wheelNeedsPassword = true; + security.sudo-rs = { + enable = true; + wheelNeedsPassword = lib.mkOverride 200 true; + }; networking = { networkmanager.enable = true; diff --git a/groups/cryos/default.nix b/groups/cryos/default.nix index 1f37683..cadbee6 100644 --- a/groups/cryos/default.nix +++ b/groups/cryos/default.nix @@ -86,10 +86,7 @@ }; }; - security = { - rtkit.enable = true; # I *think* this is for pipewire - sudo.wheelNeedsPassword = lib.mkDefault true; - }; + security.rtkit.enable = true; # I *think* this is for pipewire # ---- ENVIRONMENT VARIABLES ---- environment = { diff --git a/groups/server/default.nix b/groups/server/default.nix index 18f1256..cb55017 100644 --- a/groups/server/default.nix +++ b/groups/server/default.nix @@ -19,10 +19,6 @@ defaults.email = "eclarkboman@gmail.com"; }; - sudo = { - enable = true; - wheelNeedsPassword = true; - }; # allow SSH keys for passwordless auth pam = { sshAgentAuth.enable = true; diff --git a/hosts/myputer/default.nix b/hosts/myputer/default.nix index a5a28e5..1a05530 100755 --- a/hosts/myputer/default.nix +++ b/hosts/myputer/default.nix @@ -46,7 +46,7 @@ }; }; - security.sudo.wheelNeedsPassword = lib.mkForce false; + security.sudo-rs.wheelNeedsPassword = lib.mkForce false; # ---- SYSTEM PACKAGES ----- environment.systemPackages = with pkgs; [ From 123edfa6bee364a62a6a7b69d37f11d6724a0d68 Mon Sep 17 00:00:00 2001 From: _cry64 Date: Sat, 7 Mar 2026 23:45:05 +1000 Subject: [PATCH 2/4] cerulean now enables useGlobalPkgs --- flake.lock | 16 ++++++---------- flake.nix | 3 ++- homes/cry/default.nix | 4 ---- homes/me/default.nix | 9 --------- 4 files changed, 8 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index e1c84df..553a9ce 100644 --- a/flake.lock +++ b/flake.lock @@ -105,18 +105,14 @@ ] }, "locked": { - "lastModified": 1772870050, - "narHash": "sha256-il+K3xjwpb68ojPNt5yEF+TqTHWAiIBaXU0QMhw5ek8=", - "owner": "cry128", - "repo": "cerulean", - "rev": "7bd81f84e6c0c47e62e3498508e018d2a1a8c7e4", - "type": "github" + "lastModified": 1772890888, + "narHash": "sha256-fJ73wGR6h71ItlUIXlHvQpGbbwE6WA5Bjjs3n4kJ6tM=", + "path": "/home/me/cry/mk/cerulean", + "type": "path" }, "original": { - "owner": "cry128", - "ref": "bleeding", - "repo": "cerulean", - "type": "github" + "path": "/home/me/cry/mk/cerulean", + "type": "path" } }, "curl-src": { diff --git a/flake.nix b/flake.nix index cd28d3d..c901398 100644 --- a/flake.nix +++ b/flake.nix @@ -16,7 +16,8 @@ nt.url = "git+https://tearforge.net/cry/nt"; cerulean = { - url = "github:cry128/cerulean/bleeding"; + # url = "github:cry128/cerulean/bleeding"; + url = "/home/me/cry/mk/cerulean"; inputs = { nt.follows = "nt"; systems.follows = "systems"; diff --git a/homes/cry/default.nix b/homes/cry/default.nix index 4ff9b0a..2403b1d 100644 --- a/homes/cry/default.nix +++ b/homes/cry/default.nix @@ -1,8 +1,4 @@ {...}: { - nixpkgs = { - config.allowUnfree = false; - }; - imports = [ ../modules/fish.nix ../modules/bat.nix diff --git a/homes/me/default.nix b/homes/me/default.nix index 32130dc..3a9855a 100755 --- a/homes/me/default.nix +++ b/homes/me/default.nix @@ -27,15 +27,8 @@ ../modules/mako.nix ]; - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.GetName pkg) [ - # "vscode-extension-ms-dotnettools-csharp" - "spotify" - ]; - home = { username = "me"; - homeDirectory = "/home/me"; shellAliases = { # rebuild = "sudo nixos-rebuild switch --flake /home/me/flake --show-trace"; @@ -49,7 +42,6 @@ sessionVariables = { NIX_SHELL_PRESERVE_PROMPT = 1; }; - pointerCursor = { gtk.enable = true; # x11.enable = true # dont enable since im on hyprland @@ -101,7 +93,6 @@ programs = { # these are both required for home-manager to work home-manager.enable = true; - hyfetch = { enable = true; settings = { From ce0766e709132823b06ccdf91f06a1b474992ff5 Mon Sep 17 00:00:00 2001 From: _cry64 Date: Sat, 7 Mar 2026 23:45:19 +1000 Subject: [PATCH 3/4] cerulean manages trivial home options --- homes/me/default.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/homes/me/default.nix b/homes/me/default.nix index 3a9855a..835f509 100755 --- a/homes/me/default.nix +++ b/homes/me/default.nix @@ -28,8 +28,6 @@ ]; home = { - username = "me"; - shellAliases = { # rebuild = "sudo nixos-rebuild switch --flake /home/me/flake --show-trace"; # trybuild = "sudo nixos-rebuild test --flake /home/me/flake --show-trace"; @@ -39,9 +37,6 @@ man = "batman"; # bat + man }; - sessionVariables = { - NIX_SHELL_PRESERVE_PROMPT = 1; - }; pointerCursor = { gtk.enable = true; # x11.enable = true # dont enable since im on hyprland @@ -91,8 +86,6 @@ }; programs = { - # these are both required for home-manager to work - home-manager.enable = true; hyfetch = { enable = true; settings = { @@ -177,8 +170,6 @@ }; # the ssh-agent won't set this for itself... # systemd.user.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/ssh-agent"; - # Nicely reload system units when changing configs - systemd.user.startServices = "sd-switch"; home.stateVersion = "24.05"; # don't change this } From b2b49c3bdaef1119acec3a8463c1a28dd1dca441 Mon Sep 17 00:00:00 2001 From: _cry64 Date: Sat, 7 Mar 2026 23:45:27 +1000 Subject: [PATCH 4/4] migrate to cerubld user --- snow.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/snow.nix b/snow.nix index ec6e9d8..07a453c 100644 --- a/snow.nix +++ b/snow.nix @@ -47,8 +47,9 @@ groups = groups: [groups.server]; deploy.ssh = { host = "dobutterfliescry.net"; - user = "cry"; port = 42069; + # XXX: WARNING: TEMP: this public key is temporary and used solely for debugging + publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJqtXaBWEM6nte+Bci/PizXvv/n8abYKUCKaS/x1st1 me@myputer"]; }; }; @@ -58,7 +59,8 @@ groups = groups: [groups.server]; deploy.ssh = { host = "hyrule.dobutterfliescry.net"; - user = "cry"; + # XXX: WARNING: TEMP: this public key is temporary and used solely for debugging + publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJqtXaBWEM6nte+Bci/PizXvv/n8abYKUCKaS/x1st1 me@myputer"]; }; }; @@ -70,7 +72,8 @@ remoteBuild = true; ssh = { host = "192.168.88.250"; # <- DEBUG: TEMP: TODO: switch to `matcha.dobutterfliescry.net` - user = "emile"; + # XXX: WARNING: TEMP: this public key is temporary and used solely for debugging + publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJqtXaBWEM6nte+Bci/PizXvv/n8abYKUCKaS/x1st1 me@myputer"]; }; }; };