mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upd

Browse Source
This commit is contained in:
Matt Jallen
2026-03-25 16:02:04 -05:00
parent 18e781d388
commit 981b03b955
7 changed files with 119 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
flake.lock generated
View File

@@ -33,11 +33,11 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1772909021,
"narHash": "sha256-hcstQ1Z9aQSJM3AVCLb0/OPTicbME9nhP01GiPrOjZM=",
"lastModified": 1774079362,
"narHash": "sha256-HkoEWTxU5gNigcnhIa3GXukHqC5xGmgVaLICGUKlpdo=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "7e4730351fb6df479c46a1bf7e23d46a0b0c5d46",
"rev": "1f279763d8b4a9138c01f1021f53e09bc2c54eb9",
"type": "github"
},
"original": {
@@ -151,11 +151,11 @@
"cachyos-kernel": {
"flake": false,
"locked": {
"lastModified": 1773637879,
"narHash": "sha256-hFKu2SaRoqt6+zbmcFW6A0AbBENIX8XooJLXQWa3sLc=",
"lastModified": 1774160598,
"narHash": "sha256-ArPoVPHpXauFDGsz7nGBiXljj7keGcp/O4Pf4ZU4/30=",
"owner": "CachyOS",
"repo": "linux-cachyos",
"rev": "fa09a5bc69d3e7feeed9b1402c7df06c8170402a",
"rev": "1caa0b77871d4537f0d629a2ce30edb2f6178d19",
"type": "github"
},
"original": {
@@ -167,11 +167,11 @@
"cachyos-kernel-patches": {
"flake": false,
"locked": {
"lastModified": 1773635524,
"narHash": "sha256-JErpxWTdoHq4JuDerfsbPA60FmWOxK4oX9UL9CcsP/Q=",
"lastModified": 1774023710,
"narHash": "sha256-Oc+4K6edCv0fdvfe6UW+OpJiXYWkXRrOH9TDMNwi+J8=",
"owner": "CachyOS",
"repo": "kernel-patches",
"rev": "5544a0679fd6f6fb714e275514449c4ab9db2a53",
"rev": "a4e26fa95257ac09bd42930334399b0eabd5b5b1",
"type": "github"
},
"original": {
@@ -568,11 +568,11 @@
]
},
"locked": {
"lastModified": 1774007980,
"narHash": "sha256-FOnZjElEI8pqqCvB6K/1JRHTE8o4rer8driivTpq2uo=",
"lastModified": 1774379316,
"narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9670de2921812bc4e0452f6e3efd8c859696c183",
"rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7",
"type": "github"
},
"original": {
@@ -588,11 +588,11 @@
]
},
"locked": {
"lastModified": 1773963144,
"narHash": "sha256-WzBOBfSay3GYilUfKaUa1Mbf8/jtuAiJIedx7fWuIX4=",
"lastModified": 1774274588,
"narHash": "sha256-dnHvv5EMUgTzGZmA+3diYjQU2O6BEpGLEOgJ1Qe9LaY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a91b3ea73a765614d90360580b689c48102d1d33",
"rev": "cf9686ba26f5ef788226843bc31fda4cf72e373b",
"type": "github"
},
"original": {
@@ -609,11 +609,11 @@
]
},
"locked": {
"lastModified": 1774007980,
"narHash": "sha256-FOnZjElEI8pqqCvB6K/1JRHTE8o4rer8driivTpq2uo=",
"lastModified": 1774379316,
"narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9670de2921812bc4e0452f6e3efd8c859696c183",
"rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7",
"type": "github"
},
"original": {
@@ -663,11 +663,11 @@
"homebrew-cask": {
"flake": false,
"locked": {
"lastModified": 1774025771,
"narHash": "sha256-3eMajNhR25AX9Dc9DgR3+cW4215kj/KRIuVyP9+X2/I=",
"lastModified": 1774469069,
"narHash": "sha256-eDhFgg8kNcb5WCbpQT1RLbExDsnAs71z5tLA3zr2sGw=",
"owner": "homebrew",
"repo": "homebrew-cask",
"rev": "f69327f0a37edd3197c8e9cf1f34822025251627",
"rev": "2475fd2f679e2692875c2ba6fc4076af45db1dab",
"type": "github"
},
"original": {
@@ -679,11 +679,11 @@
"homebrew-core": {
"flake": false,
"locked": {
"lastModified": 1774028436,
"narHash": "sha256-mCYHZLfcOfLnNAfTOorW89fzXnmUTwOOwFmQxMViLoc=",
"lastModified": 1774467735,
"narHash": "sha256-C22BiuSwJsHS1Li0jhPAZ2ElGwD62TgiHkN/tIwJ9iw=",
"owner": "homebrew",
"repo": "homebrew-core",
"rev": "c5fc98d84606cc1ad94eeb0b61bc7b7c352f35ed",
"rev": "e469b9f7d6ea40e1c6a152b847a913ba1d400e7f",
"type": "github"
},
"original": {
@@ -719,11 +719,11 @@
]
},
"locked": {
"lastModified": 1773949806,
"narHash": "sha256-W25eg57cTQSwey9nEf1AhHy895Yiwq74PgyJl2EuY3Q=",
"lastModified": 1774333446,
"narHash": "sha256-jeAUd4mfLle7Zw8F3lDdXvw2cmeP3FgVphHq2XuEKbs=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "425b357e190632600ca2b2daea3bdf28d57e3047",
"rev": "79b45622eff2ae0437d7a712610044bbc7b87fa2",
"type": "github"
},
"original": {
@@ -809,11 +809,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1773804995,
"narHash": "sha256-LL6EG35pbxgjsqYIpwUnpHGDmKFYttE+BILBNhsEaJk=",
"lastModified": 1774290535,
"narHash": "sha256-dnFbucSiAjjWmPENgyIiK/ocCuYSp4sM6Sq4WCVjG+8=",
"owner": "xddxdd",
"repo": "nix-cachyos-kernel",
"rev": "3286b7ecf1d864e2be050af78aa633d4e3ae8fdb",
"rev": "c0fcdf5cab21b7e3157e84046b57407a60934415",
"type": "github"
},
"original": {
@@ -870,11 +870,11 @@
]
},
"locked": {
"lastModified": 1773552174,
"narHash": "sha256-mHSRNrT1rjeYBgkAlj07dW3+1nFEgAd8Gu6lgyfT9DU=",
"lastModified": 1774156144,
"narHash": "sha256-gdYe9wTPl4ignDyXUl1LlICWj41+S0GB5lG1fKP17+A=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "8faeb68130df077450451b6734a221ba0d6cde42",
"rev": "55b588747fa3d7fc351a11831c4b874dab992862",
"type": "github"
},
"original": {
@@ -927,11 +927,11 @@
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1773974569,
"narHash": "sha256-Y71Afv2mVpus+EqUj0qAwPgyaABIvEtjnUAlw5EUo3A=",
"lastModified": 1774406959,
"narHash": "sha256-LvsvRER3uhSMPFXm3d51j1HKtNvT5uaxeU2GiGhTx2Y=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "5b8548f9e2cbe14146df30858bd281404957846f",
"rev": "8e7124f1592e7f2cc8f76ce2639255f478d58838",
"type": "github"
},
"original": {
@@ -946,11 +946,11 @@
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1773418853,
"narHash": "sha256-ELGvz8LW3fEzBTO1FpojRAPqp7+9xs5lspZb9NoZrbY=",
"lastModified": 1774264319,
"narHash": "sha256-aAsO35YtqIdvBhCIKZ0a+OcC8wB0H1+mAoPKBY0jxeQ=",
"owner": "nix-community",
"repo": "nixos-apple-silicon",
"rev": "2fbdf62451bcd9fc83ca99c56a6e379df8c47c8d",
"rev": "9fe29a63b23005acfcd1324a9e78b6241226cdb1",
"type": "github"
},
"original": {
@@ -961,11 +961,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1774018263,
"narHash": "sha256-HHYEwK1A22aSaxv2ibhMMkKvrDGKGlA/qObG4smrSqc=",
"lastModified": 1774465523,
"narHash": "sha256-4v7HPm63Q90nNn4fgkgKsjW1AH2Klw7XzPtHJr562nM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2d4b4717b2534fad5c715968c1cece04a172b365",
"rev": "de895be946ad1d8aafa0bb6dfc7e7e0e9e466a29",
"type": "github"
},
"original": {
@@ -1055,11 +1055,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1773814637,
"narHash": "sha256-GNU+ooRmrHLfjlMsKdn0prEKVa0faVanm0jrgu1J/gY=",
"lastModified": 1774244481,
"narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fea3b367d61c1a6592bc47c72f40a9f3e6a53e96",
"rev": "4590696c8693fea477850fe379a01544293ca4e2",
"type": "github"
},
"original": {
@@ -1071,11 +1071,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1773821835,
"narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
"lastModified": 1774106199,
"narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
"rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655",
"type": "github"
},
"original": {
@@ -1087,11 +1087,11 @@
},
"nixpkgs_10": {
"locked": {
"lastModified": 1773507054,
"narHash": "sha256-Q8U5VXgrcxmCxPtCCJCIZkcAX3FCZwGh1GNVIXxMND0=",
"lastModified": 1773840656,
"narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e80236013dc8b77aa49ca90e7a12d86f5d8d64c9",
"rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512",
"type": "github"
},
"original": {
@@ -1135,11 +1135,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1773738184,
"narHash": "sha256-zWRjT5oPabNCiC1A3QkFXpfnsgUjyg6fUZWC+IiiZH0=",
"lastModified": 1774235121,
"narHash": "sha256-CzpSER+YKq4yD+RPom6Su9c/4FutF+sD4rEnls+4MyM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "41a2715cc472025a19bc0eb9dc4ee8b7406bfa6f",
"rev": "1116aed2cee959f7d054a462458513ad323b710a",
"type": "github"
},
"original": {
@@ -1199,11 +1199,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1768305791,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"lastModified": 1774106199,
"narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655",
"type": "github"
},
"original": {
@@ -1215,11 +1215,11 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1773821835,
"narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
"lastModified": 1774106199,
"narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
"rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655",
"type": "github"
},
"original": {
@@ -1286,11 +1286,11 @@
]
},
"locked": {
"lastModified": 1772893680,
"narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
"lastModified": 1774104215,
"narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
"rev": "f799ae951fde0627157f40aec28dec27b22076d0",
"type": "github"
},
"original": {
@@ -1435,11 +1435,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1773689564,
"narHash": "sha256-TJmDl89HPGum3srhggVbcfHV5oN6XL5SgN7/dI3kB4M=",
"lastModified": 1774472006,
"narHash": "sha256-PsAau0yCoQDNqFnCxCJhwbYMSYIDQEeE22BEBiJM5uw=",
"owner": "mjallen18",
"repo": "snowfall-lib",
"rev": "3dd4e430e291d9f7d0e9c69f89fea8c175041e44",
"rev": "342561701e62e4b57ffb4d52496d16743e16662f",
"type": "github"
},
"original": {
@@ -1453,11 +1453,11 @@
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1773889674,
"narHash": "sha256-+ycaiVAk3MEshJTg35cBTUa0MizGiS+bgpYw/f8ohkg=",
"lastModified": 1774303811,
"narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "29b6519f3e0780452bca0ac0be4584f04ac16cc5",
"rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042",
"type": "github"
},
"original": {
@@ -1510,11 +1510,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1773792048,
"narHash": "sha256-Oy9PCLG3vtflFBWcJd8c/EB3h5RU7ABAIDWn6JrGf6o=",
"lastModified": 1774124764,
"narHash": "sha256-Poz9WTjiRlqZIf197CrMMJfTifZhrZpbHFv0eU1Nhtg=",
"owner": "nix-community",
"repo": "stylix",
"rev": "3f2f9d307fe58c6abe2a16eb9b62c42d53ef5ee1",
"rev": "e31c79f571c5595a155f84b9d77ce53a84745494",
"type": "github"
},
"original": {

3
packages/edk2-basetools/default.nix
View File

@@ -1,7 +1,7 @@
{
stdenv,
lib,
src,
srcOverride ? null,
version ? "stable202511",
python3,
git,
@@ -10,6 +10,7 @@
let
pythonEnv = python3.withPackages (ps: [ ps.tkinter ]);
pname = "edk2-basetools";
src = srcOverride;
in
stdenv.mkDerivation rec {
inherit src pname version;

2
packages/edk2/default.nix
View File

@@ -33,7 +33,7 @@ let
baseTools = pkgs.${namespace}.edk2-basetools.override {
version = "stable202511";
src = edk2Src;
srcOverride = edk2Src;
};
armTrustedFirmware = pkgs.${namespace}.arm-trusted-firmware.override { inherit MODEL; };

2
packages/homeassistant/ha-govee/default.nix
View File

@@ -16,7 +16,7 @@ buildHomeAssistantComponent rec {
hash = "sha256-3SnYjjQU2qRBcKs40bCpN75Ad3HqMcn/hRj1faSSeHw=";
};
buildInputs = with python3Packages; [
nativeBuildInputs = with python3Packages; [
dacite
];

18
packages/librepods-beta/default.nix
View File

@@ -12,6 +12,8 @@
expat,
fontconfig,
freetype,
makeDesktopItem,
copyDesktopItems,
namespace,
system,
pkgs,
@@ -41,6 +43,7 @@ rustPlatform.buildRustPackage rec {
libpulseaudio
autoPatchelfHook
makeWrapper
copyDesktopItems
];
buildInputs = [
@@ -61,10 +64,25 @@ rustPlatform.buildRustPackage rec {
libxkbcommon
];
desktopItem = makeDesktopItem {
name = "librepods";
desktopName = "LibrePODS";
comment = "Open source alternative for AirPods";
exec = "librepods";
icon = "librepods";
terminal = false;
categories = [
"Audio"
"Utility"
];
};
postFixup = ''
wrapProgram $out/bin/librepods --suffix LD_LIBRARY_PATH : ${lib.makeLibraryPath buildInputs}
'';
passthru.imaging = desktopItem;
meta = with lib; {
description = "Open source alternative for AirPods";
homepage = "https://github.com/kavishdevar/librepods";

69
systems/x86_64-install-iso/graphical/default.nix
View File

@@ -1,86 +1,67 @@
{
lib,
pkgs,
modulesPath,
namespace,
...
}:
{
imports = [
"${modulesPath}/installer/cd-dvd/installation-cd-graphical-gnome.nix"
];
${namespace} = {
# ###################################################
# # Boot # #
# ###################################################
bootloader.lanzaboote.enable = true;
# ###################################################
# # Desktop # #
# ###################################################
desktop.cosmic.enable = false;
# ###################################################
# # Hardware # #
# ###################################################
hardware.disko = {
enable = true;
filesystem = "btrfs";
};
# ###################################################
# # Impermanence # #
# ###################################################
impermanence = {
enable = true;
};
# ###################################################
# # Network # #
# ###################################################
network = {
hostName = "nixos";
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ 22 ];
};
};
# ###################################################
# # Security # #
# ###################################################
security.tpm.enable = true;
# ###################################################
# # Services # #
# ###################################################
# ###################################################
# # User # #
# ###################################################
user = {
name = "nixos";
linger = true;
password = "nixos";
};
};
specialisation.graphical.configuration = {
${namespace}.desktop.cosmic.enable = true;
};
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
supportedFilesystems.zfs = false;
};
services.openssh = {
enable = lib.mkForce true;
settings = {
PermitRootLogin = lib.mkForce "yes";
PasswordAuthentication = lib.mkForce false;
};
};
fileSystems = {
"/etc".neededForBoot = true;
};
home-manager.users.nixos.snowfallorg.user.name = "nixos";
# ###################################################
# # Boot # #
# ###################################################
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
supportedFilesystems.zfs = false;
};
sops.defaultSopsFile = lib.mkForce "/dev/null";
sops.validateSopsFiles = false;
}

132
systems/x86_64-linux/iso-minimal/default.nix
View File

@@ -1,132 +0,0 @@
{
lib,
pkgs,
namespace,
...
}:
let
# SSH public keys sourced from sops secrets (ssh-keys-public section).
# Baked in here since sops is not available on a live install ISO
# (no persistent host key to decrypt with).
sopsPublicKeys = [
# macbook-macos
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop-windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# desktop-nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
# macbook-pro-nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBOhX3ds1QBC5qqqtPJDZgyGr8gfGjCGnGCiIhWZNNi4 matt@macbook-pro-nixos"
# pi5
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy7r49e2dqi1UFICKZwqSRGEvNPgVB2p2KZE5bCkFsh matt@pi5"
# deck
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINF1pqrxyLTGHxsdtXP8lXiE2iHDTSMV9JVgN8GVRLKK deck@nixos"
];
in
{
${namespace} = {
# ###################################################
# # Boot # #
# ###################################################
bootloader.lanzaboote.enable = true;
# ###################################################
# # Hardware # #
# ###################################################
hardware.disko = {
enable = true;
filesystem = "btrfs";
};
# ###################################################
# # Impermanence # #
# ###################################################
impermanence = {
enable = true;
};
# ###################################################
# # Network # #
# ###################################################
network = {
hostName = "nixos";
firewall = {
enable = true;
allowPing = true;
# Allow SSH (required for nixos-anywhere)
allowedTCPPorts = [ 22 ];
};
};
# ###################################################
# # Security # #
# ###################################################
security.tpm.enable = true;
# ###################################################
# # Services # #
# ###################################################
# ###################################################
# # User # #
# ###################################################
user = {
name = "nixos";
# Plain-text password for the live ISO session.
# The user module assertion requires at least one password method.
password = "nixos";
# Include all sops SSH public keys so any of your machines can connect.
# commonSshKeys from the user module are also enabled by default.
sshKeys = sopsPublicKeys;
};
};
specialisation.graphical.configuration = {
# ###################################################
# # Desktop # #
# ###################################################
${namespace}.desktop.cosmic.enable = true;
};
# ###################################################
# # Boot # #
# ###################################################
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
supportedFilesystems.zfs = false;
};
# ###################################################
# # SSH # #
# ###################################################
# Explicit openssh settings for nixos-anywhere compatibility.
# nixos-anywhere SSHes in as root to run the install, so root login must be
# permitted. Password auth is disabled — key-only access only.
services.openssh = {
enable = lib.mkForce true;
settings = {
PermitRootLogin = lib.mkForce "yes";
PasswordAuthentication = lib.mkForce false;
};
};
fileSystems = {
"/etc".neededForBoot = true;
};
# nixos-anywhere connects as root; ensure root also trusts all our keys.
# users.users.root.openssh.authorizedKeys.keys = sopsPublicKeys;
# Sops is not usable on a live ISO (no persistent host key to decrypt with).
# Disable sops validation to prevent build/boot failures.
sops.defaultSopsFile = lib.mkForce "/dev/null";
sops.validateSopsFiles = false;
}