added back stable branch, broken though because cerulean no support channel overrides

2026-02-15 11:12:16 +00:00 · 2026-02-15 11:12:16 +00:00 · 75f907f61b
commit 75f907f61b
parent 2db81681ee
10 changed files with 87 additions and 69 deletions
--- a/flake.lock
+++ b/flake.lock
@ -145,7 +145,7 @@
      "inputs": {
        "deploy-rs": "deploy-rs",
        "nixpkgs": [
-          "nixpkgs-unstable"
+          "nixpkgs"
        ],
        "nixpkgs-unstable": [
          "nixpkgs-unstable"
@ -1257,6 +1257,22 @@
      }
    },
    "nixpkgs_10": {
+      "locked": {
+        "lastModified": 1771043024,
+        "narHash": "sha256-O1XDr7EWbRp+kHrNNgLWgIrB0/US5wvw9K6RERWAj6I=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3aadb7ca9eac2891d52a9dec199d9580a6e2bf44",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_11": {
      "locked": {
        "lastModified": 1769461804,
        "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
@ -1473,6 +1489,7 @@
        "nix-alien": "nix-alien",
        "nixcats": "nixcats",
        "nixcord": "nixcord",
+        "nixpkgs": "nixpkgs_10",
        "nixpkgs-staging": "nixpkgs-staging",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "sddm-silent": "sddm-silent",
@ -1739,7 +1756,7 @@
    "zen": {
      "inputs": {
        "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs_10"
+        "nixpkgs": "nixpkgs_11"
      },
      "locked": {
        "lastModified": 1770910552,
--- a/flake.nix
+++ b/flake.nix
@ -4,6 +4,7 @@
  inputs = {
    systems.url = "github:nix-systems/default";

+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixpkgs-staging.url = "github:NixOS/nixpkgs/staging-next";

@ -16,7 +17,7 @@
      url = "github:emilelcb/Cerulean";
      inputs = {
        systems.follows = "systems";
-        nixpkgs.follows = "nixpkgs-unstable";
+        nixpkgs.follows = "nixpkgs";
        nixpkgs-unstable.follows = "nixpkgs-unstable";
      };
    };
--- a/groups/all/default.nix
+++ b/groups/all/default.nix
@ -0,0 +1,6 @@
+{ ... }: {
+  nix.settings = {
+    experimental-features = ["nix-command" "flakes"];
+    download-buffer-size = 524288000;
+  };
+}
--- a/groups/servers/default.nix
+++ b/groups/servers/default.nix
@ -0,0 +1,17 @@
+{ ... }: {
+  nix.settings = {
+    trusted-users = ["root" "@wheel"];
+  };
+
+  security = {
+    sudo = {
+      enable = true;
+      wheelNeedsPassword = true;
+    };
+
+    pam = {
+      sshAgentAuth.enable = true;
+      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
+    };
+  };
+}
--- a/groups/unstable-base/default.nix
+++ b/groups/unstable-base/default.nix
@ -0,0 +1,5 @@
+{lib, config, ...}: {
+  nixpkgs.channels.default = {
+    default = lib.mkForce config.nixpkgs-unstable.channels.default.pkgs;
+  };
+}
--- a/hosts/arcturus/default.nix
+++ b/hosts/arcturus/default.nix
@ -6,12 +6,6 @@

  networking.hostName = "arcturus";

-  nix.settings = {
-    experimental-features = ["nix-command" "flakes"];
-    download-buffer-size = 524288000;
-    trusted-users = ["root" "@wheel"];
-  };
-
  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
@ -27,18 +21,6 @@
    };
  };

-  security = {
-    sudo = {
-      enable = true;
-      wheelNeedsPassword = true;
-    };
-
-    pam = {
-      sshAgentAuth.enable = true;
-      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
-    };
-  };
-
  networking = {
    useNetworkd = false;
    useDHCP = false;
--- a/hosts/lyra/default.nix
+++ b/hosts/lyra/default.nix
@ -6,12 +6,6 @@

  networking.hostName = "lyra";

-  nix.settings = {
-    experimental-features = ["nix-command" "flakes"];
-    download-buffer-size = 524288000;
-    trusted-users = ["root" "@wheel"];
-  };
-
  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
@ -27,18 +21,6 @@
    };
  };

-  security = {
-    sudo = {
-      enable = true;
-      wheelNeedsPassword = true;
-    };
-
-    pam = {
-      sshAgentAuth.enable = true;
-      services.sudo.sshAgentAuth = true; # pam_ssh_agent_auth module
-    };
-  };
-
  networking = {
    networkmanager.enable = true;

--- a/hosts/nixarawrui/default.nix
+++ b/hosts/nixarawrui/default.nix
@ -10,12 +10,6 @@
    ./modules/amdgpu-ignore-ctx-privileges.nix
  ];

-  # Enable the Flakes feature and the accompaying new nix command-line tool
-  nix.settings = {
-    experimental-features = ["nix-command" "flakes"];
-    download-buffer-size = 524288000;
-  };
-
  # Use the systemd-boot EFI boot loader.
  boot = rec {
    initrd.kernelModules = ["amdgpu"];
@ -335,27 +329,5 @@
    inputs.nix-alien.packages.${stdenv.hostPlatform.system}.nix-alien
  ];

-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # This option defines the first version of NixOS you have installed on this particular machine,
-  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
-  #
-  # Most users should NEVER change this value after the initial install, for any reason,
-  # even if you've upgraded your system to a new NixOS release.
-  #
-  # This value does NOT affect the Nixupkgs version your packages and OS are pulled from,
-  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
-  # to actually do that.
-  #
-  # This value being lower than the current NixOS release does NOT mean your system is
-  # out of date, out of support, or vulnerable.
-  #
-  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
-  # and migrated your data accordingly.
-  #
-  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
-  system.stateVersion = "24.11"; # Did you read the comment?
+  system.stateVersion = "24.11";
 }
--- a/nixpkgs.nix
+++ b/nixpkgs.nix
@ -5,6 +5,15 @@
 } @ args: {
  nixpkgs.channels.default = rec {
    default = upkgs;
+
+    # nixpkgs
+    pkgs = {
+      inherit system;
+      source = inputs.nixpkgs;
+      overlays = [];
+      config.allowUnfree = true;
+    };
+
    # nixpkgs-unstable
    upkgs = {
      inherit system;
@ -19,6 +28,7 @@

      config.allowUnfree = true;
    };
+
    # nixpkgs-staging
    spkgs = {
      inherit system;
--- a/snow.nix
+++ b/snow.nix
@ -7,9 +7,25 @@ cerulean.mkNexus ./. (self: {
      home-manager.nixosModules.home-manager
    ];

-    nodes = {
+    groups = {
+      unstable-base = {};
+      servers = {};
+    };
+
+    nodes = let
+      inherit
+        (self.nexus)
+        groups
+        ;
+      in
+      {
      nixarawrui = {
        system = "x86_64-linux";
+
+        groups = [
+          groups.unstable-base
+        ];
+
        extraModules = with inputs; [
          sddm-silent.nixosModules.default
        ];
@ -17,6 +33,11 @@ cerulean.mkNexus ./. (self: {

      arcturus = {
        system = "x86_64-linux";
+
+        groups = [
+          groups.servers
+        ];
+
        deploy.ssh = {
          host = "10.16.1.163";
          port = 2222;
@ -26,6 +47,11 @@ cerulean.mkNexus ./. (self: {

      lyra = {
        system = "x86_64-linux";
+
+        groups = [
+          groups.servers
+        ];
+
        deploy.ssh = {
          host = "10.16.1.58";
          port = 2222;