From aaef6b71361fbc829c66d1eb0c891049af8d81eb Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 18 Aug 2025 13:31:36 +0200 Subject: [PATCH 1/9] update flake lock --- flake.lock | 102 ++++++++++++++++++++++++++--------------------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/flake.lock b/flake.lock index ab510d1..59d7042 100644 --- a/flake.lock +++ b/flake.lock @@ -88,11 +88,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1754727511, - "narHash": "sha256-iRqRCeeXEQ5HSB6zI6Wja7ZfY0PPRx5yelgjtoX2iMo=", + "lastModified": 1755511413, + "narHash": "sha256-cBBF+nwGrSroN6ZewHPFaSThyCvwBxSZMdYEH8DxDx8=", "owner": "catppuccin", "repo": "nix", - "rev": "7b55c4947c02f79dfd249432ccb0ada2726c29e2", + "rev": "ca11a19d4e1d2ba5e6162f40cb71288551fd51dd", "type": "github" }, "original": { @@ -118,11 +118,11 @@ }, "crane_2": { "locked": { - "lastModified": 1750266157, - "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", "owner": "ipetkov", "repo": "crane", - "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", "type": "github" }, "original": { @@ -138,11 +138,11 @@ ] }, "locked": { - "lastModified": 1753140376, - "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", + "lastModified": 1755499523, + "narHash": "sha256-Bh+S72huB2jFEPsOGlFXKFn7/VaV864IqxOcqaZZue0=", "owner": "nix-community", "repo": "disko", - "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", + "rev": "f64ab1525b34d5d9202f5801db36f364075abde1", "type": "github" }, "original": { @@ -407,11 +407,11 @@ ] }, "locked": { - "lastModified": 1754613544, - "narHash": "sha256-ueR1mGX4I4DWfDRRxxMphbKDNisDeMPMusN72VV1+cc=", + "lastModified": 1755491080, + "narHash": "sha256-ib1Xi13NEalrFqQAHceRsb+6aIPANFuQq80SS/bY10M=", "owner": "nix-community", "repo": "home-manager", - "rev": "cc2fa2331aebf9661d22bb507d362b39852ac73f", + "rev": "f8af2cbe386f9b96dd9efa57ab15a09377f38f4d", "type": "github" }, "original": { @@ -427,11 +427,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1754639028, - "narHash": "sha256-w1+XzPBAZPbeGLMAgAlOjIquswo6Q42PMep9KSrRzOA=", + "lastModified": 1755151620, + "narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "d49809278138d17be77ab0ef5506b26dc477fa62", + "rev": "16e12d22754d97064867006acae6e16da7a142a6", "type": "github" }, "original": { @@ -492,11 +492,11 @@ ] }, "locked": { - "lastModified": 1754195341, - "narHash": "sha256-YL71IEf2OugH3gmAsxQox6BJI0KOcHKtW2QqT/+s2SA=", + "lastModified": 1755404379, + "narHash": "sha256-Q6ZxZDBmD/B988Jjbx7/NchxOKIpOKBBrx9Yb0zMzpQ=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "b7fcd4e26d67fca48e77de9b0d0f954b18ae9562", + "rev": "ebbc1c05f786ae39bb5e04e57bf2c10c44a649e3", "type": "github" }, "original": { @@ -543,11 +543,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1754564048, - "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -559,11 +559,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "lastModified": 1755027561, + "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", "type": "github" }, "original": { @@ -591,11 +591,11 @@ }, "nixpkgs-edge": { "locked": { - "lastModified": 1754746130, - "narHash": "sha256-HV0PzHvAhy6Nq667yrMl/VtsUpUL1R4GSieYr440YCE=", + "lastModified": 1755516526, + "narHash": "sha256-2SY3CaBf4e9HMbXBKfo8AQCa+lhNV5WbdnQ3lU5NNmU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "abc81cb62ac76ba2105e55ce969f6e7bd1a860d3", + "rev": "2d8c1331ab590433b8ac42174e84fe68db4af601", "type": "github" }, "original": { @@ -606,11 +606,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1754498491, - "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { @@ -622,11 +622,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "lastModified": 1755027561, + "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", "type": "github" }, "original": { @@ -654,11 +654,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1754498491, - "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { @@ -718,11 +718,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1750865895, - "narHash": "sha256-p2dWAQcLVzquy9LxYCZPwyUdugw78Qv3ChvnX755qHA=", + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "61c0f513911459945e2cb8bf333dc849f1b976ff", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", "type": "github" }, "original": { @@ -857,11 +857,11 @@ ] }, "locked": { - "lastModified": 1750905536, - "narHash": "sha256-Mo7yXM5IvMGNvJPiNkFsVT2UERmnvjsKgnY6UyDdySQ=", + "lastModified": 1754880555, + "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "2fa7c0aabd15fa0ccc1dc7e675a4fcf0272ad9a1", + "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", "type": "github" }, "original": { @@ -898,11 +898,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1754328224, - "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -930,11 +930,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1754597531, - "narHash": "sha256-OpC9/PBIuL2WEJUkcuD/wVxI8r+3o6f5RylSIefjHo4=", + "lastModified": 1755378131, + "narHash": "sha256-0GKZEzTUcaoama56xaagKnMk5hqMbTUfGF4KfzLwje4=", "owner": "danth", "repo": "stylix", - "rev": "63bb34a66ad7d1af2e95ee20dd675896b2074c32", + "rev": "82242e0f9b1d91b6f170807a6ec622cfdb816eac", "type": "github" }, "original": { @@ -1077,11 +1077,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1753722377, - "narHash": "sha256-L9CujCLS4PmpEhGKqezD4DognRNcYDz/oAL7T8jqCxk=", + "lastModified": 1754932774, + "narHash": "sha256-gJQZS6M2x5oPs089/9kAy0EIriEauUKEm0UNF7HEl6o=", "owner": "dj95", "repo": "zjstatus", - "rev": "f6c28d9b780891afa693d1b9be4384b16ae7a578", + "rev": "0a963622fa5cd3d62d6ee9b82f78eacd52ae5647", "type": "github" }, "original": { From d04143fd72f245474bca9ead7fcbe0bcba444ec6 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 19 Aug 2025 16:46:49 +0200 Subject: [PATCH 2/9] Disable nix-index, put some folder icons in place for plasma --- .../package-configs/plasma-desktop/default.nix | 16 ++++++++++++++++ nixos/desktop/default.nix | 2 +- nixos/hosts/wheatley/configuration.nix | 2 +- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/home-manager/desktop/package-configs/plasma-desktop/default.nix b/home-manager/desktop/package-configs/plasma-desktop/default.nix index ee3c721..721e0ba 100644 --- a/home-manager/desktop/package-configs/plasma-desktop/default.nix +++ b/home-manager/desktop/package-configs/plasma-desktop/default.nix @@ -28,6 +28,22 @@ target = ".config/kdeconnect/config"; force = true; }; + home.file."Games/.directory" = { + text = '' + [Desktop Entry] + Icon=folder-games + ''; + target = "Games/.directory"; + force = true; + }; + home.file."Code/.directory" = { + text = '' + [Desktop Entry] + Icon=folder-script + ''; + target = "Code/.directory"; + force = true; + }; programs.plasma = { enable = true; diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix index fbb0ea7..d04e588 100644 --- a/nixos/desktop/default.nix +++ b/nixos/desktop/default.nix @@ -107,7 +107,7 @@ programs = { # Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently command-not-found.enable = lib.mkForce false; - nix-index.enable = true; + # nix-index.enable = true; nix-index-database.comma.enable = true; direnv = { diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index b39a571..8b53eaf 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -29,7 +29,7 @@ programs = { # Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently command-not-found.enable = lib.mkForce false; - nix-index.enable = true; + # nix-index.enable = true; nix-index-database.comma.enable = true; }; services = { From d7ae543cc29dee5a423990f409048f8b6e844668 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 19 Aug 2025 16:56:10 +0200 Subject: [PATCH 3/9] update flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 59d7042..566889e 100644 --- a/flake.lock +++ b/flake.lock @@ -138,11 +138,11 @@ ] }, "locked": { - "lastModified": 1755499523, - "narHash": "sha256-Bh+S72huB2jFEPsOGlFXKFn7/VaV864IqxOcqaZZue0=", + "lastModified": 1755519972, + "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", "owner": "nix-community", "repo": "disko", - "rev": "f64ab1525b34d5d9202f5801db36f364075abde1", + "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", "type": "github" }, "original": { @@ -407,11 +407,11 @@ ] }, "locked": { - "lastModified": 1755491080, - "narHash": "sha256-ib1Xi13NEalrFqQAHceRsb+6aIPANFuQq80SS/bY10M=", + "lastModified": 1755601933, + "narHash": "sha256-iXZeeYyfy8NdpvH/OOW9V3C2AfsXE+fzDHfrIOHBPF0=", "owner": "nix-community", "repo": "home-manager", - "rev": "f8af2cbe386f9b96dd9efa57ab15a09377f38f4d", + "rev": "8af2e064f93234ee79df8b9858eeefbf84394488", "type": "github" }, "original": { @@ -591,11 +591,11 @@ }, "nixpkgs-edge": { "locked": { - "lastModified": 1755516526, - "narHash": "sha256-2SY3CaBf4e9HMbXBKfo8AQCa+lhNV5WbdnQ3lU5NNmU=", + "lastModified": 1755614705, + "narHash": "sha256-7HdM+nKdMw/F8sawPyDDhWaIhiEZpoq1UeH/L/SXFIs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2d8c1331ab590433b8ac42174e84fe68db4af601", + "rev": "8d36b325c265d26634e5d8936c40503be844018b", "type": "github" }, "original": { @@ -930,11 +930,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1755378131, - "narHash": "sha256-0GKZEzTUcaoama56xaagKnMk5hqMbTUfGF4KfzLwje4=", + "lastModified": 1755546184, + "narHash": "sha256-KxRj/8SydDk3gzamS0VEewo5pu8JAYhSZ5GPcImPGNQ=", "owner": "danth", "repo": "stylix", - "rev": "82242e0f9b1d91b6f170807a6ec622cfdb816eac", + "rev": "9810b32b9b7520e3b37358ff8e793fb5034c3299", "type": "github" }, "original": { From e6c6bd012ffa4502dc399a8be462bdaf6996f791 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Wed, 20 Aug 2025 14:30:52 +0200 Subject: [PATCH 4/9] make a little service to start the VPN only after network is connected to hopefully fix the VPN blocking wifi on shodan issue --- nixos/shared/default.nix | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/nixos/shared/default.nix b/nixos/shared/default.nix index 3730051..0cef737 100644 --- a/nixos/shared/default.nix +++ b/nixos/shared/default.nix @@ -188,6 +188,23 @@ }; }; + systemd.services."start-vpn-wg" = + if config.services.vpn-ip.enable + then { + path = with pkgs; [systemd]; + enable = true; + unitConfig = { + Wants = "network-online.target"; + After = "network-online.target"; + }; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl start wg-quick-wg0.service"; + RemainAfterExit = "yes"; + }; + } + else {}; + networking = if config.services.vpn-ip.enable then { @@ -195,7 +212,7 @@ wg-quick.interfaces = { wg0 = { - autostart = true; + autostart = false; address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"]; dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; listenPort = 51821; From 374bf4d63a87012c1ae9d69fd0174d7709036557 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 23 Aug 2025 12:23:12 +0200 Subject: [PATCH 5/9] set up the mullvad VPN for wheatley (untested) --- nixos/hosts/wheatley/configuration.nix | 49 +++++++++++++++++++++----- 1 file changed, 41 insertions(+), 8 deletions(-) diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index 8b53eaf..c0fc5de 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -220,6 +220,35 @@ # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg= # TODO: generate this dynamically based on other hosts + mullvad = { + address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"]; + listenPort = 51820; + privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path; + dns = ["100.64.0.7"]; + extraOptions = { + FwMark = 51820; + }; + + postUp = '' + ${pkgs.iproute2}/bin/ip rule add from 192.168.2.43 table main + ${pkgs.iptables}/bin/iptables -t mangle -A PREROUTING -i end0 -j CONNMARK --set-mark 51820 + ${pkgs.iptables}/bin/iptables -t mangle -A PREROUTING -m connmark --mark 51820 -j MARK --set-mark 51820 + ''; + + preDown = '' + ${pkgs.iproute2}/bin/ip rule del from 192.168.2.43 table main + ${pkgs.iptables}/bin/iptables -t mangle -D PREROUTING -i end0 -j CONNMARK --set-mark 51820 + ${pkgs.iptables}/bin/iptables -t mangle -D PREROUTING -m connmark --mark 51820 -j MARK --set-mark 51820 + ''; + + peers = [ + { + publicKey = "UrQiI9ISdPPzd4ARw1NHOPKKvKvxUhjwRjaI0JpJFgM="; + allowedIPs = ["0.0.0.0/0" "::0/0"]; + endpoint = "193.32.249.66:51820"; + } + ]; + }; wg1 = { # Determines the IP address and subnet of the server's end of the tunnel interface. address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"]; @@ -229,22 +258,26 @@ # This allows the wireguard server to route your traffic to the internet and hence be like a VPN postUp = '' - ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE - ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s mullvad -o end0 -j MASQUERADE + ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg1 -j ACCEPT + ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s mullvad -o end0 -j MASQUERADE ''; # Undo the above preDown = '' - ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE - ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s mullvad -o end0 -j MASQUERADE + ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg1 -j ACCEPT + ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s mullvad -o end0 -j MASQUERADE ''; privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path; + extraOptions = { + FwMark = 51820; + }; + peers = [ { #GLaDOS public key From 015061c001892ad034be527efbbd54f7389e1fe0 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Sat, 23 Aug 2025 15:26:59 +0200 Subject: [PATCH 6/9] remove endpoint from the mullvad because it doesn't need it --- nixos/hosts/wheatley/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index c0fc5de..a283a13 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -222,7 +222,6 @@ # TODO: generate this dynamically based on other hosts mullvad = { address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"]; - listenPort = 51820; privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path; dns = ["100.64.0.7"]; extraOptions = { From 9749e5bd5520059da41edb8e97ffc205cf164f1a Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 25 Aug 2025 12:15:58 +0200 Subject: [PATCH 7/9] do a small amount of refactoring, change versions to 25.11, and make a systemd unit to upgrade nextcloud daily on queen --- home-manager/hosts/EDI/lillian.nix | 2 +- home-manager/hosts/GLaDOS/lillian.nix | 2 +- home-manager/hosts/shodan/lillian.nix | 2 +- home-manager/hosts/wheatley/lillian.nix | 2 +- nixos/hosts/EDI/configuration.nix | 2 +- nixos/hosts/GLaDOS/configuration.nix | 2 +- nixos/hosts/queen/configuration.nix | 27 +++++++- nixos/hosts/shodan/configuration.nix | 2 +- nixos/hosts/wheatley/configuration.nix | 2 +- nixos/shared/default.nix | 90 +++++++++++++------------ 10 files changed, 81 insertions(+), 52 deletions(-) diff --git a/home-manager/hosts/EDI/lillian.nix b/home-manager/hosts/EDI/lillian.nix index 5aa1c76..6d2719a 100644 --- a/home-manager/hosts/EDI/lillian.nix +++ b/home-manager/hosts/EDI/lillian.nix @@ -20,5 +20,5 @@ ]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "25.05"; + home.stateVersion = "25.11"; } diff --git a/home-manager/hosts/GLaDOS/lillian.nix b/home-manager/hosts/GLaDOS/lillian.nix index cc55531..7097090 100644 --- a/home-manager/hosts/GLaDOS/lillian.nix +++ b/home-manager/hosts/GLaDOS/lillian.nix @@ -30,5 +30,5 @@ }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "25.05"; + home.stateVersion = "25.11"; } diff --git a/home-manager/hosts/shodan/lillian.nix b/home-manager/hosts/shodan/lillian.nix index d763022..7a115b0 100644 --- a/home-manager/hosts/shodan/lillian.nix +++ b/home-manager/hosts/shodan/lillian.nix @@ -110,5 +110,5 @@ programs.plasma.kscreenlocker.passwordRequired = false; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "25.05"; + home.stateVersion = "25.11"; } diff --git a/home-manager/hosts/wheatley/lillian.nix b/home-manager/hosts/wheatley/lillian.nix index 9bd29f7..d190612 100644 --- a/home-manager/hosts/wheatley/lillian.nix +++ b/home-manager/hosts/wheatley/lillian.nix @@ -35,5 +35,5 @@ }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "25.05"; + home.stateVersion = "25.11"; } diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix index d52551f..373915f 100644 --- a/nixos/hosts/EDI/configuration.nix +++ b/nixos/hosts/EDI/configuration.nix @@ -57,5 +57,5 @@ }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "25.05"; + system.stateVersion = "25.11"; } diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index ee0bf07..238dd13 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -95,5 +95,5 @@ users.users.lillian.extraGroups = ["gamemode"]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "25.05"; + system.stateVersion = "25.11"; } diff --git a/nixos/hosts/queen/configuration.nix b/nixos/hosts/queen/configuration.nix index 40d1028..e0041fa 100644 --- a/nixos/hosts/queen/configuration.nix +++ b/nixos/hosts/queen/configuration.nix @@ -3,6 +3,7 @@ outputs, lib, pkgs, + config, ... }: { imports = [ @@ -90,6 +91,30 @@ enable = false; }; + systemd = { + services."upgrade-nextcloud" = { + path = with pkgs; [nextcloud31]; + enable = true; + unitConfig = { + after = "nextcloud-setup.service"; + }; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${config.services.nextcloud.occ}/bin/nextcloud-occ upgrade"; + RemainAfterExit = "yes"; + }; + }; + + timers."upgrade-nextcloud" = { + wantedBy = ["timers.target"]; + partOf = ["upgrade-nextcloud.service"]; + timerConfig = { + OnCalendar = "daily"; + Unit = "nextcloud-setup.service"; + }; + }; + }; + networking = { domain = ""; @@ -192,5 +217,5 @@ }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "25.05"; + system.stateVersion = "25.11"; } diff --git a/nixos/hosts/shodan/configuration.nix b/nixos/hosts/shodan/configuration.nix index 1f5594c..accf28c 100644 --- a/nixos/hosts/shodan/configuration.nix +++ b/nixos/hosts/shodan/configuration.nix @@ -275,5 +275,5 @@ }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "25.05"; + system.stateVersion = "25.11"; } diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index a283a13..9402ef1 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -383,6 +383,6 @@ services.cage.enable = true; nixpkgs.config.kodi.enableAdvancedLauncher = true; - system.stateVersion = "25.05"; + system.stateVersion = "25.11"; nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; } diff --git a/nixos/shared/default.nix b/nixos/shared/default.nix index 0cef737..cd85ee7 100644 --- a/nixos/shared/default.nix +++ b/nixos/shared/default.nix @@ -4,7 +4,6 @@ lib, config, pkgs, - mkIf, ... }: { imports = [ @@ -91,13 +90,15 @@ # grub.enable = false; }; - programs.zsh = { - enable = true; - }; + programs = { + zsh = { + enable = true; + }; - programs.gnupg.agent = { - enable = true; - enableBrowserSocket = true; + gnupg.agent = { + enable = true; + enableBrowserSocket = true; + }; }; stylix = { @@ -174,36 +175,37 @@ # sansSerif = ["Atkinson Hyperlegible"]; # }; }; - - systemd.services."shutdown-zellij-zsh" = { - path = with pkgs; [killall]; - enable = true; - unitConfig = { - Before = "shutdown.target"; - }; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.killall}/bin/killall -SIGKILL zellij zsh"; - RemainAfterExit = "yes"; - }; - }; - - systemd.services."start-vpn-wg" = - if config.services.vpn-ip.enable - then { - path = with pkgs; [systemd]; + systemd = { + services."shutdown-zellij-zsh" = { + path = with pkgs; [killall]; enable = true; unitConfig = { - Wants = "network-online.target"; - After = "network-online.target"; + Before = "shutdown.target"; }; serviceConfig = { Type = "oneshot"; - ExecStart = "${pkgs.systemd}/bin/systemctl start wg-quick-wg0.service"; + ExecStart = "${pkgs.killall}/bin/killall -SIGKILL zellij zsh"; RemainAfterExit = "yes"; }; - } - else {}; + }; + + services."start-vpn-wg" = + if config.services.vpn-ip.enable + then { + path = with pkgs; [systemd]; + enable = true; + unitConfig = { + Wants = "network-online.target"; + After = "network-online.target"; + }; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl start wg-quick-wg0.service"; + RemainAfterExit = "yes"; + }; + } + else {}; + }; networking = if config.services.vpn-ip.enable @@ -252,20 +254,22 @@ }; users = { - users.lillian = { - isNormalUser = true; - extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"]; - shell = pkgs.zsh; - hashedPasswordFile = config.sops.secrets."lillian-password".path; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS" - ]; + users = { + lillian = { + isNormalUser = true; + extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"]; + shell = pkgs.zsh; + hashedPasswordFile = config.sops.secrets."lillian-password".path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS" + ]; + }; + + root = { + hashedPassword = "*"; + }; }; mutableUsers = false; - - users.root = { - hashedPassword = "*"; - }; }; } From ef966abfd4dd614b61099a46bdce307a1f358cfa Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 25 Aug 2025 14:58:36 +0200 Subject: [PATCH 8/9] update flake lock --- flake.lock | 66 +++++++++++++++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index 566889e..7ef6959 100644 --- a/flake.lock +++ b/flake.lock @@ -88,11 +88,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1755511413, - "narHash": "sha256-cBBF+nwGrSroN6ZewHPFaSThyCvwBxSZMdYEH8DxDx8=", + "lastModified": 1756028045, + "narHash": "sha256-j6ehEdta7YnXtk42cdYQEElCKfnbe24yfeHJwszgyes=", "owner": "catppuccin", "repo": "nix", - "rev": "ca11a19d4e1d2ba5e6162f40cb71288551fd51dd", + "rev": "ad015344f592b6ebb82de853b747dd577926ec77", "type": "github" }, "original": { @@ -138,11 +138,11 @@ ] }, "locked": { - "lastModified": 1755519972, - "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", + "lastModified": 1756115622, + "narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=", "owner": "nix-community", "repo": "disko", - "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", + "rev": "bafad29f89e83b2d861b493aa23034ea16595560", "type": "github" }, "original": { @@ -407,11 +407,11 @@ ] }, "locked": { - "lastModified": 1755601933, - "narHash": "sha256-iXZeeYyfy8NdpvH/OOW9V3C2AfsXE+fzDHfrIOHBPF0=", + "lastModified": 1756022458, + "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=", "owner": "nix-community", "repo": "home-manager", - "rev": "8af2e064f93234ee79df8b9858eeefbf84394488", + "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740", "type": "github" }, "original": { @@ -427,11 +427,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1755151620, - "narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=", + "lastModified": 1755931229, + "narHash": "sha256-j8ghatY34DbEnHe42r8VtAe05WyMUK+d66uGKsfLbbk=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "16e12d22754d97064867006acae6e16da7a142a6", + "rev": "bcad5af8eb475df936f6cf2d04b076dc6784af95", "type": "github" }, "original": { @@ -492,11 +492,11 @@ ] }, "locked": { - "lastModified": 1755404379, - "narHash": "sha256-Q6ZxZDBmD/B988Jjbx7/NchxOKIpOKBBrx9Yb0zMzpQ=", + "lastModified": 1756008611, + "narHash": "sha256-rfTBWuTXi9/X7GhtF562FKNXKh2kvKb6dwI5lV1SjPE=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "ebbc1c05f786ae39bb5e04e57bf2c10c44a649e3", + "rev": "52dec1cb33a614accb9e01307e17816be974d24d", "type": "github" }, "original": { @@ -559,11 +559,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755027561, - "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { @@ -591,11 +591,11 @@ }, "nixpkgs-edge": { "locked": { - "lastModified": 1755614705, - "narHash": "sha256-7HdM+nKdMw/F8sawPyDDhWaIhiEZpoq1UeH/L/SXFIs=", + "lastModified": 1756125962, + "narHash": "sha256-lPH73WcPmqs1o3tzczrqEAGKCIZmTrJG++uzrKb2rMk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8d36b325c265d26634e5d8936c40503be844018b", + "rev": "215c901e6caa3a87579dbab4edc6adcea4fb4359", "type": "github" }, "original": { @@ -606,11 +606,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { @@ -654,11 +654,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { @@ -879,11 +879,11 @@ "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { - "lastModified": 1754605910, - "narHash": "sha256-kVWxzm44ywJTb4REfwWCYXnROISykG0yE+X5A3Gov24=", + "lastModified": 1755996068, + "narHash": "sha256-+KP2Lu813lX0sfKTP6Nc4ulaE/EDIDmWUQVX9S850Yg=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "57d9624c71ca65bee69b30d72b11f6c5257e9500", + "rev": "cc5f1804270d138f268a6f2d64c383fb4cf59ad0", "type": "gitlab" }, "original": { @@ -930,11 +930,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1755546184, - "narHash": "sha256-KxRj/8SydDk3gzamS0VEewo5pu8JAYhSZ5GPcImPGNQ=", + "lastModified": 1755997543, + "narHash": "sha256-/fejmCQ7AWa655YxyPxRDbhdU7c5+wYsFSjmEMXoBCM=", "owner": "danth", "repo": "stylix", - "rev": "9810b32b9b7520e3b37358ff8e793fb5034c3299", + "rev": "f47c0edcf71e802378b1b7725fa57bb44fe85ee8", "type": "github" }, "original": { From 789d6a76679e960d902ae2e378735d70a48cac0c Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 25 Aug 2025 15:03:23 +0200 Subject: [PATCH 9/9] freetube is updated, replace it again --- nixos/desktop/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix index d04e588..41689cc 100644 --- a/nixos/desktop/default.nix +++ b/nixos/desktop/default.nix @@ -36,7 +36,6 @@ dvt servo restart - freetube-0236 # System tools aha @@ -92,7 +91,7 @@ #rustdesk ]) ++ (with pkgs-edge; [ - # freetube + freetube # list of latest packages from nixpkgs master # Can be used to install latest version of some packages ]);