genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 01:17:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #574 from genebean/updates

Browse source 
Upgrade to Nix 25.11 + general updates
This commit is contained in:
Gene Liverman 2025-12-01 12:14:10 -05:00 committed by GitHub
commit 125048f9b8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 87 additions and 184 deletions
Download patch file Download diff file Expand all files Collapse all files

144
flake.lock generated
View file

@ -19,16 +19,16 @@
"brew-src": {
"flake": false,
"locked": {
"lastModified": 1761551821,
"narHash": "sha256-N3Zj73TAxclhLGgADbPVwcVrhYIBKUgAxjfQuOXre6s=",
"lastModified": 1763638478,
"narHash": "sha256-n/IMowE9S23ovmTkKX7KhxXC2Yq41EAVFR2FBIXPcT8=",
"owner": "Homebrew",
"repo": "brew",
"rev": "8f6719274133c5bcc24c058c5a6bcbb3b0cd48b3",
"rev": "fbfdbaba008189499958a7aeb1e2c36ab10c067d",
"type": "github"
},
"original": {
"owner": "Homebrew",
"ref": "4.6.19",
"ref": "5.0.3",
"repo": "brew",
"type": "github"
}
@ -76,11 +76,11 @@
]
},
"locked": {
"lastModified": 1762276996,
"narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
"lastModified": 1764350888,
"narHash": "sha256-6Rp18zavTlnlZzcoLoBTJMBahL2FycVkw2rAEs3cQvo=",
"owner": "nix-community",
"repo": "disko",
"rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
"rev": "2055a08fd0e2fd41318279a5355eb8a161accf26",
"type": "github"
},
"original": {
@ -290,16 +290,16 @@
]
},
"locked": {
"lastModified": 1758463745,
"narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
"lastModified": 1764536451,
"narHash": "sha256-BgtcUkBfItu9/yU14IgUaj4rYOanTOUZjUfBP20/ZB4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
"rev": "3fdd076e08049a9c7a83149b270440d9787d2df5",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
@ -311,16 +311,16 @@
]
},
"locked": {
"lastModified": 1759509947,
"narHash": "sha256-4XifSIHfpJKcCf5bZZRhj8C4aCpjNBaE3kXr02s4rHU=",
"lastModified": 1764161084,
"narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "000eadb231812ad6ea6aebd7526974aaf4e79355",
"rev": "e95de00a471d07435e0527ff4db092c84998698e",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "nix-darwin-25.05",
"ref": "nix-darwin-25.11",
"repo": "nix-darwin",
"type": "github"
}
@ -345,11 +345,11 @@
"brew-src": "brew-src"
},
"locked": {
"lastModified": 1761927470,
"narHash": "sha256-KsFDGRGD8j1R6TvJ4HkebKsh3HXLY0XazanLrhO3wqE=",
"lastModified": 1764473698,
"narHash": "sha256-C91gPgv6udN5WuIZWNehp8qdLqlrzX6iF/YyboOj6XI=",
"owner": "zhaofengli-wip",
"repo": "nix-homebrew",
"rev": "3cae36b3a17b09a66435291619dce8cf2c4728ca",
"rev": "6a8ab60bfd66154feeaa1021fc3b32684814a62a",
"type": "github"
},
"original": {
@ -424,11 +424,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1762463231,
"narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=",
"lastModified": 1764440730,
"narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226",
"rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
"type": "github"
},
"original": {
@ -454,68 +454,13 @@
"type": "github"
}
},
"nixpkgs-1_0": {
"locked": {
"lastModified": 1705033721,
"narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-1_6": {
"locked": {
"lastModified": 1735651292,
"narHash": "sha256-YLbzcBtYo1/FEzFsB3AnM16qFc6fWPMIoOuSoDwvg9g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0da3c44a9460a26d2025ec3ed2ec60a895eb1114",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-terraform": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-1_0": "nixpkgs-1_0",
"nixpkgs-1_6": "nixpkgs-1_6",
"systems": "systems"
},
"locked": {
"lastModified": 1762393044,
"narHash": "sha256-atZ3k0YQntCZwpWr09nkDj847W4T9e/k+SG+wSlsAsM=",
"owner": "stackbuilders",
"repo": "nixpkgs-terraform",
"rev": "f2731398b3c4c7086e215f4adf0bda243977ecb1",
"type": "github"
},
"original": {
"owner": "stackbuilders",
"repo": "nixpkgs-terraform",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1762482733,
"narHash": "sha256-g/da4FzvckvbiZT075Sb1/YDNDr+tGQgh4N8i5ceYMg=",
"lastModified": 1764557259,
"narHash": "sha256-fhD/QUtJ0HKs3oLvfnD+/SrBV5Y7YEkCYnDjOVUjLys=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e1ebeec86b771e9d387dd02d82ffdc77ac753abc",
"rev": "0d70460758949966e91d9ecb823b821f963cefbb",
"type": "github"
},
"original": {
@ -527,16 +472,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1762498405,
"narHash": "sha256-Zg/SCgCaAioc0/SVZQJxuECGPJy+OAeBcGeA5okdYDc=",
"lastModified": 1764522689,
"narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6faeb062ee4cf4f105989d490831713cc5a43ee1",
"rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
@ -599,7 +544,6 @@
"nixos-cosmic": "nixos-cosmic",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs-terraform": "nixpkgs-terraform",
"nixpkgs-unstable": "nixpkgs-unstable",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix"
@ -650,22 +594,19 @@
"git-hooks": "git-hooks",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-25_05": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1755110674,
"narHash": "sha256-PigqTAGkdBYXVFWsJnqcirrLeFqRFN4PFigLA8FzxeI=",
"lastModified": 1764185122,
"narHash": "sha256-+HUOwSIFLoyett2cvRjuFIbhobpHallfP9J2cia1apo=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "f5936247dbdb8501221978562ab0b302dd75456c",
"rev": "a14fe3b293ec2720e5b7fc72ad136d22967e12ba",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-25.05",
"ref": "nixos-25.11",
"repo": "nixos-mailserver",
"type": "gitlab"
}
@ -677,11 +618,11 @@
]
},
"locked": {
"lastModified": 1762659808,
"narHash": "sha256-2Kv2mANf+FRisqhpfeZ8j9firBxb23ZvEXwdcunbpGI=",
"lastModified": 1764483358,
"narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "524312bc62e3f34bd9231a2f66622663d3355133",
"rev": "5aca6ff67264321d47856a2ed183729271107c9c",
"type": "github"
},
"original": {
@ -689,21 +630,6 @@
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

15
flake.nix
View file

@ -3,7 +3,7 @@
inputs = {
# Where we get most of our software. Giant mono repo with recipes
# called derivations that say how to build software.
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
compose2nix = {
@ -29,13 +29,13 @@
# Manages things in home directory
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
# Controls system level software and settings including fonts on macOS
nix-darwin = {
url = "github:lnl7/nix-darwin/nix-darwin-25.05";
url = "github:lnl7/nix-darwin/nix-darwin-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -56,14 +56,8 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixpkgs-terraform = {
url = "github:stackbuilders/nixpkgs-terraform";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05";
inputs.nixpkgs-25_05.follows = "nixpkgs";
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -86,7 +80,6 @@
allowUnfree = true;
permittedInsecurePackages = [ "olm-3.2.16" "electron-21.4.4" ];
};
overlays = [ inputs.nixpkgs-terraform.overlays.default ];
};
} // additionalSpecialArgs;
modules = [

1
lib/nixpkgs-settings.nix
View file

@ -8,6 +8,5 @@
"python3.12-ecdsa-0.19.1"
];
};
overlays = [ inputs.nixpkgs-terraform.overlays.default ];
};
}

2
modules/hosts/common/all-gui.nix
View file

@ -3,7 +3,7 @@
# nothing here right now
];
programs = {
git.aliases = {
git.settings.aliases = {
kraken = "!gitkraken -p $(cd \"\${1:-.}\" && git rev-parse --show-toplevel)";
};
};

20
modules/hosts/common/default.nix
View file

@ -1,5 +1,5 @@
{ inputs, pkgs, username, ... }: let
sqlite_lib = if builtins.elem pkgs.system [
sqlite_lib = if builtins.elem pkgs.stdenv.hostPlatform.system [
"aarch64-darwin"
"x86_64-darwin"
]
@ -14,8 +14,8 @@ in {
colordiff
dogdns
dos2unix
du-dust
duf
dust
esptool
fd
f2
@ -37,7 +37,6 @@ in {
nix-search
nix-zsh-completions
nodejs
nodePackages.npm
nurl
nvd
onefetch
@ -90,6 +89,10 @@ in {
};
bottom.enable = true;
broot.enable = true;
diff-so-fancy = {
enable = true;
enableGitIntegration = true;
};
direnv = {
enable = true;
enableZshIntegration = true;
@ -100,8 +103,7 @@ in {
gh.enable = true;
git = {
enable = true;
diff-so-fancy.enable = true;
extraConfig = {
settings = {
diff.sopsdiffer.textconv = "sops --config /dev/null --decrypt";
};
ignores = [
@ -111,9 +113,8 @@ in {
];
includes = [ { path = "~/.gitconfig-local"; }];
lfs.enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "Gene Liverman";
extraConfig = {
package = pkgs.gitFull;
settings = {
init = {
defaultBranch = "main";
};
@ -124,6 +125,9 @@ in {
pull = {
rebase = false;
};
user = {
name = "Gene Liverman";
};
};
}; # end git
irssi.enable = true;

2
modules/hosts/darwin/default.nix
View file

@ -107,13 +107,11 @@
"https://cache.nixos.org" # default one
"https://cache.flox.dev"
"https://cache.thalheim.io"
"https://nixpkgs-terraform.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" # default one
"flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
"cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="
"nixpkgs-terraform.cachix.org-1:8Sit092rIdAVENA3ZVeH9hzSiqI/jng6JiCrQ1Dmusw="
];
trusted-users = [ "@admin" "${username}" ];
};

3
modules/hosts/darwin/mightymac/default.nix
View file

@ -5,13 +5,12 @@
systemPackages = with pkgs; [
chart-testing
goreleaser
inputs.flox.packages.${pkgs.system}.default
inputs.flox.packages.${pkgs.stdenv.hostPlatform.system}.default
kopia
kubectx
#reposurgeon # Nix is a major version behind brew
rpiboot
step-cli
# terraform-versions."1.5.7"
terraformer
];
};

12
modules/hosts/darwin/mightymac/home-gene.liverman.nix
View file

@ -1,10 +1,10 @@
{ username, ... }: {
{ config, ... }: {
home.stateVersion = "23.11";
programs = {
go = {
enable = true;
goPath = "go";
env.GOPATH = "${config.home.homeDirectory}/go";
};
k9s.enable = true;
};
@ -12,10 +12,10 @@
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
i2cssh_config.path = "/Users/${username}/.i2csshrc";
local_git_config.path = "/Users/${username}/.gitconfig-local";
local_private_env.path = "/Users/${username}/.private-env";
user_nix_conf.path = "/Users/${username}/.config/nix/nix.conf";
i2cssh_config.path = "${config.home.homeDirectory}/.i2csshrc";
local_git_config.path = "${config.home.homeDirectory}/.gitconfig-local";
local_private_env.path = "${config.home.homeDirectory}/.private-env";
user_nix_conf.path = "${config.home.homeDirectory}/.config/nix/nix.conf";
};
};
}

2
modules/hosts/nixos/default.nix
View file

@ -53,14 +53,12 @@
"https://cache.flox.dev"
"https://cache.thalheim.io"
"https://cosmic.cachix.org/"
"https://nixpkgs-terraform.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" # default one
"cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
"flox-cache-public-1:7F4OyH7ZCnFhcze3fJdfyXYLQw/aV7GEed86nQ7IsOs="
"nixpkgs-terraform.cachix.org-1:8Sit092rIdAVENA3ZVeH9hzSiqI/jng6JiCrQ1Dmusw="
];
trusted-users = [ "${username}" ];
};

9
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -23,14 +23,7 @@ in {
"indianspringsbsa.org"
"pack1828.org"
];
forwards = {
"webmaster@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com";
"newsletter@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com";
"@alt.${domain}" = "gene+alt.${domain}@geneliverman.com";
"${username}@localhost" = "${username}@technicalissues.us";
"root@localhost" = "root@technicalissues.us";
"root@${config.networking.hostName}" = "root@technicalissues.us";
};
stateVersion = 3;
# Use Let's Encrypt certificates from Nginx
certificateScheme = "acme";

2
modules/hosts/nixos/hetznix01/post-install/nginx.nix
View file

@ -43,7 +43,7 @@ in {
listen 0.0.0.0:9333;
listen [::]:8333;
listen [::]:9333;
proxy_pass ${private_btc}:9333;
proxy_pass ${private_btc}:8333;
}
server {

31
modules/hosts/nixos/nixnuc/default.nix
View file

@ -31,8 +31,10 @@ in {
};
};
environment.systemPackages = with pkgs; [
inputs.compose2nix.packages.${pkgs.system}.default
environment = {
sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };
systemPackages = with pkgs; [
inputs.compose2nix.packages.${pkgs.stdenv.hostPlatform.system}.default
docker-compose
intel-gpu-tools
jellyfin
@ -45,15 +47,15 @@ in {
podman-tui # status of containers in the terminal
yt-dlp
];
};
# https://wiki.nixos.org/wiki/Jellyfin
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
intel-compute-runtime-legacy1 # pre-13th gen cpu
intel-media-driver # For Broadwell and newer (ca. 2014+), use with LIBVA_DRIVER_NAME=iHD:
intel-ocl # Generic OpenCL support
];
};
@ -70,6 +72,7 @@ in {
"root@localhost" = "root@technicalissues.us";
"root@${config.networking.hostName}" = "root@technicalissues.us";
};
stateVersion = 3;
# Use Let's Encrypt certificates from Nginx
certificateScheme = "acme";
@ -122,17 +125,6 @@ in {
};
};
# Hardware Transcoding for Jellyfin
nixpkgs.overlays = [
(self: super: {
# "vaapiIntel" is in some docs, but that is an alias
# to intel-vaapi-driver as of 2023-05-31
intel-vaapi-driver = super.intel-vaapi-driver.override {
enableHybridCodec = true;
};
})
];
# Enable sound with pipewire.
security.rtkit.enable = true;
services.pipewire = {
@ -721,6 +713,7 @@ in {
};
systemd.services = {
jellyfin.environment.LIBVA_DRIVER_NAME = "iHD";
"mealie" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
@ -752,7 +745,7 @@ in {
# Compose based apps were crashing with podman compose, so back to Docker...
virtualisation.docker.enable = true;
virtualisation.docker.package = pkgs.docker_26;
virtualisation.docker.package = pkgs.docker;
virtualisation.podman = {
enable = true;

4
modules/hosts/nixos/rainbow-planet/default.nix
View file

@ -36,7 +36,7 @@
go
hubble
hugo
inputs.flox.packages.${pkgs.system}.default
inputs.flox.packages.${pkgs.stdenv.hostPlatform.system}.default
kdePackages.bluedevil
kdePackages.bluez-qt
kdePackages.kdenlive
@ -189,7 +189,7 @@
containers.enable = true;
docker = {
enable = true;
package = pkgs.docker_26;
package = pkgs.docker;
};
libvirtd = {
enable = true;