diff --git a/flake.lock b/flake.lock index 7f028d7..906f07e 100644 --- a/flake.lock +++ b/flake.lock @@ -33,11 +33,11 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1772909021, - "narHash": "sha256-hcstQ1Z9aQSJM3AVCLb0/OPTicbME9nhP01GiPrOjZM=", + "lastModified": 1774079362, + "narHash": "sha256-HkoEWTxU5gNigcnhIa3GXukHqC5xGmgVaLICGUKlpdo=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "7e4730351fb6df479c46a1bf7e23d46a0b0c5d46", + "rev": "1f279763d8b4a9138c01f1021f53e09bc2c54eb9", "type": "github" }, "original": { @@ -151,11 +151,11 @@ "cachyos-kernel": { "flake": false, "locked": { - "lastModified": 1773637879, - "narHash": "sha256-hFKu2SaRoqt6+zbmcFW6A0AbBENIX8XooJLXQWa3sLc=", + "lastModified": 1774160598, + "narHash": "sha256-ArPoVPHpXauFDGsz7nGBiXljj7keGcp/O4Pf4ZU4/30=", "owner": "CachyOS", "repo": "linux-cachyos", - "rev": "fa09a5bc69d3e7feeed9b1402c7df06c8170402a", + "rev": "1caa0b77871d4537f0d629a2ce30edb2f6178d19", "type": "github" }, "original": { @@ -167,11 +167,11 @@ "cachyos-kernel-patches": { "flake": false, "locked": { - "lastModified": 1773635524, - "narHash": "sha256-JErpxWTdoHq4JuDerfsbPA60FmWOxK4oX9UL9CcsP/Q=", + "lastModified": 1774023710, + "narHash": "sha256-Oc+4K6edCv0fdvfe6UW+OpJiXYWkXRrOH9TDMNwi+J8=", "owner": "CachyOS", "repo": "kernel-patches", - "rev": "5544a0679fd6f6fb714e275514449c4ab9db2a53", + "rev": "a4e26fa95257ac09bd42930334399b0eabd5b5b1", "type": "github" }, "original": { @@ -568,11 +568,11 @@ ] }, "locked": { - "lastModified": 1774007980, - "narHash": "sha256-FOnZjElEI8pqqCvB6K/1JRHTE8o4rer8driivTpq2uo=", + "lastModified": 1774379316, + "narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=", "owner": "nix-community", "repo": "home-manager", - "rev": "9670de2921812bc4e0452f6e3efd8c859696c183", + "rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7", "type": "github" }, "original": { @@ -588,11 +588,11 @@ ] }, "locked": { - "lastModified": 1773963144, - "narHash": "sha256-WzBOBfSay3GYilUfKaUa1Mbf8/jtuAiJIedx7fWuIX4=", + "lastModified": 1774274588, + "narHash": "sha256-dnHvv5EMUgTzGZmA+3diYjQU2O6BEpGLEOgJ1Qe9LaY=", "owner": "nix-community", "repo": "home-manager", - "rev": "a91b3ea73a765614d90360580b689c48102d1d33", + "rev": "cf9686ba26f5ef788226843bc31fda4cf72e373b", "type": "github" }, "original": { @@ -609,11 +609,11 @@ ] }, "locked": { - "lastModified": 1774007980, - "narHash": "sha256-FOnZjElEI8pqqCvB6K/1JRHTE8o4rer8driivTpq2uo=", + "lastModified": 1774379316, + "narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=", "owner": "nix-community", "repo": "home-manager", - "rev": "9670de2921812bc4e0452f6e3efd8c859696c183", + "rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7", "type": "github" }, "original": { @@ -663,11 +663,11 @@ "homebrew-cask": { "flake": false, "locked": { - "lastModified": 1774025771, - "narHash": "sha256-3eMajNhR25AX9Dc9DgR3+cW4215kj/KRIuVyP9+X2/I=", + "lastModified": 1774469069, + "narHash": "sha256-eDhFgg8kNcb5WCbpQT1RLbExDsnAs71z5tLA3zr2sGw=", "owner": "homebrew", "repo": "homebrew-cask", - "rev": "f69327f0a37edd3197c8e9cf1f34822025251627", + "rev": "2475fd2f679e2692875c2ba6fc4076af45db1dab", "type": "github" }, "original": { @@ -679,11 +679,11 @@ "homebrew-core": { "flake": false, "locked": { - "lastModified": 1774028436, - "narHash": "sha256-mCYHZLfcOfLnNAfTOorW89fzXnmUTwOOwFmQxMViLoc=", + "lastModified": 1774467735, + "narHash": "sha256-C22BiuSwJsHS1Li0jhPAZ2ElGwD62TgiHkN/tIwJ9iw=", "owner": "homebrew", "repo": "homebrew-core", - "rev": "c5fc98d84606cc1ad94eeb0b61bc7b7c352f35ed", + "rev": "e469b9f7d6ea40e1c6a152b847a913ba1d400e7f", "type": "github" }, "original": { @@ -719,11 +719,11 @@ ] }, "locked": { - "lastModified": 1773949806, - "narHash": "sha256-W25eg57cTQSwey9nEf1AhHy895Yiwq74PgyJl2EuY3Q=", + "lastModified": 1774333446, + "narHash": "sha256-jeAUd4mfLle7Zw8F3lDdXvw2cmeP3FgVphHq2XuEKbs=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "425b357e190632600ca2b2daea3bdf28d57e3047", + "rev": "79b45622eff2ae0437d7a712610044bbc7b87fa2", "type": "github" }, "original": { @@ -809,11 +809,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1773804995, - "narHash": "sha256-LL6EG35pbxgjsqYIpwUnpHGDmKFYttE+BILBNhsEaJk=", + "lastModified": 1774290535, + "narHash": "sha256-dnFbucSiAjjWmPENgyIiK/ocCuYSp4sM6Sq4WCVjG+8=", "owner": "xddxdd", "repo": "nix-cachyos-kernel", - "rev": "3286b7ecf1d864e2be050af78aa633d4e3ae8fdb", + "rev": "c0fcdf5cab21b7e3157e84046b57407a60934415", "type": "github" }, "original": { @@ -870,11 +870,11 @@ ] }, "locked": { - "lastModified": 1773552174, - "narHash": "sha256-mHSRNrT1rjeYBgkAlj07dW3+1nFEgAd8Gu6lgyfT9DU=", + "lastModified": 1774156144, + "narHash": "sha256-gdYe9wTPl4ignDyXUl1LlICWj41+S0GB5lG1fKP17+A=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "8faeb68130df077450451b6734a221ba0d6cde42", + "rev": "55b588747fa3d7fc351a11831c4b874dab992862", "type": "github" }, "original": { @@ -927,11 +927,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1773974569, - "narHash": "sha256-Y71Afv2mVpus+EqUj0qAwPgyaABIvEtjnUAlw5EUo3A=", + "lastModified": 1774406959, + "narHash": "sha256-LvsvRER3uhSMPFXm3d51j1HKtNvT5uaxeU2GiGhTx2Y=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5b8548f9e2cbe14146df30858bd281404957846f", + "rev": "8e7124f1592e7f2cc8f76ce2639255f478d58838", "type": "github" }, "original": { @@ -946,11 +946,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1773418853, - "narHash": "sha256-ELGvz8LW3fEzBTO1FpojRAPqp7+9xs5lspZb9NoZrbY=", + "lastModified": 1774264319, + "narHash": "sha256-aAsO35YtqIdvBhCIKZ0a+OcC8wB0H1+mAoPKBY0jxeQ=", "owner": "nix-community", "repo": "nixos-apple-silicon", - "rev": "2fbdf62451bcd9fc83ca99c56a6e379df8c47c8d", + "rev": "9fe29a63b23005acfcd1324a9e78b6241226cdb1", "type": "github" }, "original": { @@ -961,11 +961,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1774018263, - "narHash": "sha256-HHYEwK1A22aSaxv2ibhMMkKvrDGKGlA/qObG4smrSqc=", + "lastModified": 1774465523, + "narHash": "sha256-4v7HPm63Q90nNn4fgkgKsjW1AH2Klw7XzPtHJr562nM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2d4b4717b2534fad5c715968c1cece04a172b365", + "rev": "de895be946ad1d8aafa0bb6dfc7e7e0e9e466a29", "type": "github" }, "original": { @@ -1055,11 +1055,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1773814637, - "narHash": "sha256-GNU+ooRmrHLfjlMsKdn0prEKVa0faVanm0jrgu1J/gY=", + "lastModified": 1774244481, + "narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fea3b367d61c1a6592bc47c72f40a9f3e6a53e96", + "rev": "4590696c8693fea477850fe379a01544293ca4e2", "type": "github" }, "original": { @@ -1071,11 +1071,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1773821835, - "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", "type": "github" }, "original": { @@ -1087,11 +1087,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1773507054, - "narHash": "sha256-Q8U5VXgrcxmCxPtCCJCIZkcAX3FCZwGh1GNVIXxMND0=", + "lastModified": 1773840656, + "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e80236013dc8b77aa49ca90e7a12d86f5d8d64c9", + "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512", "type": "github" }, "original": { @@ -1135,11 +1135,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1773738184, - "narHash": "sha256-zWRjT5oPabNCiC1A3QkFXpfnsgUjyg6fUZWC+IiiZH0=", + "lastModified": 1774235121, + "narHash": "sha256-CzpSER+YKq4yD+RPom6Su9c/4FutF+sD4rEnls+4MyM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "41a2715cc472025a19bc0eb9dc4ee8b7406bfa6f", + "rev": "1116aed2cee959f7d054a462458513ad323b710a", "type": "github" }, "original": { @@ -1199,11 +1199,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1768305791, - "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=", + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", "type": "github" }, "original": { @@ -1215,11 +1215,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1773821835, - "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", "type": "github" }, "original": { @@ -1286,11 +1286,11 @@ ] }, "locked": { - "lastModified": 1772893680, - "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", + "lastModified": 1774104215, + "narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", + "rev": "f799ae951fde0627157f40aec28dec27b22076d0", "type": "github" }, "original": { @@ -1435,11 +1435,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1773689564, - "narHash": "sha256-TJmDl89HPGum3srhggVbcfHV5oN6XL5SgN7/dI3kB4M=", + "lastModified": 1774472006, + "narHash": "sha256-PsAau0yCoQDNqFnCxCJhwbYMSYIDQEeE22BEBiJM5uw=", "owner": "mjallen18", "repo": "snowfall-lib", - "rev": "3dd4e430e291d9f7d0e9c69f89fea8c175041e44", + "rev": "342561701e62e4b57ffb4d52496d16743e16662f", "type": "github" }, "original": { @@ -1453,11 +1453,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1773889674, - "narHash": "sha256-+ycaiVAk3MEshJTg35cBTUa0MizGiS+bgpYw/f8ohkg=", + "lastModified": 1774303811, + "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=", "owner": "Mic92", "repo": "sops-nix", - "rev": "29b6519f3e0780452bca0ac0be4584f04ac16cc5", + "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042", "type": "github" }, "original": { @@ -1510,11 +1510,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1773792048, - "narHash": "sha256-Oy9PCLG3vtflFBWcJd8c/EB3h5RU7ABAIDWn6JrGf6o=", + "lastModified": 1774124764, + "narHash": "sha256-Poz9WTjiRlqZIf197CrMMJfTifZhrZpbHFv0eU1Nhtg=", "owner": "nix-community", "repo": "stylix", - "rev": "3f2f9d307fe58c6abe2a16eb9b62c42d53ef5ee1", + "rev": "e31c79f571c5595a155f84b9d77ce53a84745494", "type": "github" }, "original": { diff --git a/packages/edk2-basetools/default.nix b/packages/edk2-basetools/default.nix index 8f425c0..4c47213 100644 --- a/packages/edk2-basetools/default.nix +++ b/packages/edk2-basetools/default.nix @@ -1,7 +1,7 @@ { stdenv, lib, - src, + srcOverride ? null, version ? "stable202511", python3, git, @@ -10,6 +10,7 @@ let pythonEnv = python3.withPackages (ps: [ ps.tkinter ]); pname = "edk2-basetools"; + src = srcOverride; in stdenv.mkDerivation rec { inherit src pname version; diff --git a/packages/edk2/default.nix b/packages/edk2/default.nix index acc053e..bc3d99c 100644 --- a/packages/edk2/default.nix +++ b/packages/edk2/default.nix @@ -33,7 +33,7 @@ let baseTools = pkgs.${namespace}.edk2-basetools.override { version = "stable202511"; - src = edk2Src; + srcOverride = edk2Src; }; armTrustedFirmware = pkgs.${namespace}.arm-trusted-firmware.override { inherit MODEL; }; diff --git a/packages/homeassistant/ha-govee/default.nix b/packages/homeassistant/ha-govee/default.nix index a49ca3f..78f88c0 100644 --- a/packages/homeassistant/ha-govee/default.nix +++ b/packages/homeassistant/ha-govee/default.nix @@ -16,7 +16,7 @@ buildHomeAssistantComponent rec { hash = "sha256-3SnYjjQU2qRBcKs40bCpN75Ad3HqMcn/hRj1faSSeHw="; }; - buildInputs = with python3Packages; [ + nativeBuildInputs = with python3Packages; [ dacite ]; diff --git a/packages/librepods-beta/default.nix b/packages/librepods-beta/default.nix index 7acf5ce..0e322a6 100644 --- a/packages/librepods-beta/default.nix +++ b/packages/librepods-beta/default.nix @@ -12,6 +12,8 @@ expat, fontconfig, freetype, + makeDesktopItem, + copyDesktopItems, namespace, system, pkgs, @@ -41,6 +43,7 @@ rustPlatform.buildRustPackage rec { libpulseaudio autoPatchelfHook makeWrapper + copyDesktopItems ]; buildInputs = [ @@ -61,10 +64,25 @@ rustPlatform.buildRustPackage rec { libxkbcommon ]; + desktopItem = makeDesktopItem { + name = "librepods"; + desktopName = "LibrePODS"; + comment = "Open source alternative for AirPods"; + exec = "librepods"; + icon = "librepods"; + terminal = false; + categories = [ + "Audio" + "Utility" + ]; + }; + postFixup = '' wrapProgram $out/bin/librepods --suffix LD_LIBRARY_PATH : ${lib.makeLibraryPath buildInputs} ''; + passthru.imaging = desktopItem; + meta = with lib; { description = "Open source alternative for AirPods"; homepage = "https://github.com/kavishdevar/librepods"; diff --git a/systems/x86_64-install-iso/graphical/default.nix b/systems/x86_64-install-iso/graphical/default.nix index 26efd78..d59985c 100644 --- a/systems/x86_64-install-iso/graphical/default.nix +++ b/systems/x86_64-install-iso/graphical/default.nix @@ -1,86 +1,67 @@ { lib, pkgs, + modulesPath, namespace, ... }: { + imports = [ + "${modulesPath}/installer/cd-dvd/installation-cd-graphical-gnome.nix" + ]; + ${namespace} = { - # ################################################### - # # Boot # # - # ################################################### - bootloader.lanzaboote.enable = true; - # ################################################### - # # Desktop # # - # ################################################### - - desktop.cosmic.enable = false; - - # ################################################### - # # Hardware # # - # ################################################### - hardware.disko = { enable = true; filesystem = "btrfs"; }; - # ################################################### - # # Impermanence # # - # ################################################### - impermanence = { enable = true; }; - # ################################################### - # # Network # # - # ################################################### - network = { hostName = "nixos"; firewall = { enable = true; allowPing = true; + allowedTCPPorts = [ 22 ]; }; }; - # ################################################### - # # Security # # - # ################################################### - security.tpm.enable = true; - # ################################################### - # # Services # # - # ################################################### - - # ################################################### - # # User # # - # ################################################### - user = { name = "nixos"; - linger = true; password = "nixos"; }; }; + specialisation.graphical.configuration = { + ${namespace}.desktop.cosmic.enable = true; + }; + + boot = { + kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + supportedFilesystems.zfs = false; + }; + + services.openssh = { + enable = lib.mkForce true; + settings = { + PermitRootLogin = lib.mkForce "yes"; + PasswordAuthentication = lib.mkForce false; + }; + }; + fileSystems = { "/etc".neededForBoot = true; }; home-manager.users.nixos.snowfallorg.user.name = "nixos"; - # ################################################### - # # Boot # # - # ################################################### - - boot = { - kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - supportedFilesystems.zfs = false; - }; - + sops.defaultSopsFile = lib.mkForce "/dev/null"; + sops.validateSopsFiles = false; } diff --git a/systems/x86_64-linux/iso-minimal/default.nix b/systems/x86_64-linux/iso-minimal/default.nix deleted file mode 100644 index 9e90f8c..0000000 --- a/systems/x86_64-linux/iso-minimal/default.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ - lib, - pkgs, - namespace, - ... -}: -let - # SSH public keys sourced from sops secrets (ssh-keys-public section). - # Baked in here since sops is not available on a live install ISO - # (no persistent host key to decrypt with). - sopsPublicKeys = [ - # macbook-macos - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local" - # desktop-windows - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC" - # desktop-nixos - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos" - # macbook-pro-nixos - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBOhX3ds1QBC5qqqtPJDZgyGr8gfGjCGnGCiIhWZNNi4 matt@macbook-pro-nixos" - # pi5 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy7r49e2dqi1UFICKZwqSRGEvNPgVB2p2KZE5bCkFsh matt@pi5" - # deck - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINF1pqrxyLTGHxsdtXP8lXiE2iHDTSMV9JVgN8GVRLKK deck@nixos" - ]; -in -{ - ${namespace} = { - # ################################################### - # # Boot # # - # ################################################### - - bootloader.lanzaboote.enable = true; - - # ################################################### - # # Hardware # # - # ################################################### - - hardware.disko = { - enable = true; - filesystem = "btrfs"; - }; - - # ################################################### - # # Impermanence # # - # ################################################### - - impermanence = { - enable = true; - }; - - # ################################################### - # # Network # # - # ################################################### - - network = { - hostName = "nixos"; - firewall = { - enable = true; - allowPing = true; - # Allow SSH (required for nixos-anywhere) - allowedTCPPorts = [ 22 ]; - }; - }; - - # ################################################### - # # Security # # - # ################################################### - - security.tpm.enable = true; - - # ################################################### - # # Services # # - # ################################################### - - # ################################################### - # # User # # - # ################################################### - - user = { - name = "nixos"; - # Plain-text password for the live ISO session. - # The user module assertion requires at least one password method. - password = "nixos"; - # Include all sops SSH public keys so any of your machines can connect. - # commonSshKeys from the user module are also enabled by default. - sshKeys = sopsPublicKeys; - }; - }; - - specialisation.graphical.configuration = { - # ################################################### - # # Desktop # # - # ################################################### - ${namespace}.desktop.cosmic.enable = true; - }; - - # ################################################### - # # Boot # # - # ################################################### - - boot = { - kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - supportedFilesystems.zfs = false; - }; - - # ################################################### - # # SSH # # - # ################################################### - # Explicit openssh settings for nixos-anywhere compatibility. - # nixos-anywhere SSHes in as root to run the install, so root login must be - # permitted. Password auth is disabled — key-only access only. - services.openssh = { - enable = lib.mkForce true; - settings = { - PermitRootLogin = lib.mkForce "yes"; - PasswordAuthentication = lib.mkForce false; - }; - }; - - fileSystems = { - "/etc".neededForBoot = true; - }; - - # nixos-anywhere connects as root; ensure root also trusts all our keys. - # users.users.root.openssh.authorizedKeys.keys = sopsPublicKeys; - - # Sops is not usable on a live ISO (no persistent host key to decrypt with). - # Disable sops validation to prevent build/boot failures. - sops.defaultSopsFile = lib.mkForce "/dev/null"; - sops.validateSopsFiles = false; - -}