Compare commits

..

3 Commits

Author SHA1 Message Date
Nathan McCarty 17ed0ea6fd
Upgrade linux systems to 23.05 2023-05-30 10:48:04 -04:00
Nathan McCarty 93c036600f
Update hardened kernel 2023-05-30 03:15:32 -04:00
Nathan McCarty 431018f079
Add iso image 2023-05-30 03:15:29 -04:00
17 changed files with 63 additions and 112 deletions

View File

@ -41,27 +41,6 @@
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1685254813,
"narHash": "sha256-Pod+U90fDJJml5cwoOvx/KKBF4HmWtK9Cttql5sfwFQ=",
"owner": "nix-community",
"repo": "fenix",
"rev": "2804d7ee704057959d831b038dea0e6845b18658",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -178,20 +157,19 @@
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
]
},
"locked": {
"lastModified": 1681092193,
"narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
"lastModified": 1685189510,
"narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
"rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-22.11",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
@ -221,11 +199,11 @@
]
},
"locked": {
"lastModified": 1685309749,
"narHash": "sha256-RcT9/GLpkMUp5P8tam16VsMbx+gKe5VYHXuL0/b3H90=",
"lastModified": 1685432784,
"narHash": "sha256-Ap5cHy51L+r2G0Io6OJKMPolQQaFGyPGgKYpONn4p8E=",
"owner": "idris-lang",
"repo": "idris2",
"rev": "360136ce25f1f81ed0c6c0e129dd9a6a93ab3efd",
"rev": "50c56eac8f2036f730224fe5eacb8c6e10345f76",
"type": "github"
},
"original": {
@ -239,14 +217,14 @@
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_2"
"utils": "utils"
},
"locked": {
"lastModified": 1685268130,
"narHash": "sha256-f/eYXYdUA394VQZpEO6KHJweDuaciC1T/qF8j0qUgU0=",
"lastModified": 1685440817,
"narHash": "sha256-Acryuxa+sxVYaNfC99xFuI2EO0jChcs2rdTJ1RtT7KI=",
"ref": "refs/heads/master",
"rev": "f91f4dacfef23969973aa4efaff03a17f90d667b",
"revCount": 38,
"rev": "5c755ffb77e7eb1cf59d4723f413ed685d64bb44",
"revCount": 39,
"type": "git",
"url": "https://git.stranger.systems/nix/java"
},
@ -261,7 +239,7 @@
"quilt-server",
"nixpkgs"
],
"utils": "utils_3"
"utils": "utils_2"
},
"locked": {
"lastModified": 1656122108,
@ -349,11 +327,11 @@
]
},
"locked": {
"lastModified": 1685000237,
"narHash": "sha256-pm+2xP9g9sh6wapk1ulg7/1DdENkTNDB7Kx+6lwGs/k=",
"lastModified": 1685446848,
"narHash": "sha256-vEU1jynjDXwOJESHeJyABqbY/Y+DoihZq9iDVtYgrMg=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "05bef004794f352ea12475a89f3f55b4102c0728",
"rev": "b6114e214e5b546c4cceccd33ee6b72294a76b60",
"type": "github"
},
"original": {
@ -427,11 +405,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1685168767,
"narHash": "sha256-wQgnxz0PdqbyKKpsWl/RU8T8QhJQcHfeC6lh1xRUTfk=",
"lastModified": 1685383865,
"narHash": "sha256-3uQytfnotO6QJv3r04ajSXbEFMII0dUtw0uqYlZ4dbk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e10802309bf9ae351eb27002c85cfdeb1be3b262",
"rev": "5e871d8aa6f57cc8e0dc087d1c5013f6e212b4ce",
"type": "github"
},
"original": {
@ -443,16 +421,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1685215858,
"narHash": "sha256-IRMFoDXA6cYx3ifVw3B2JcC4JrjT5v7tRAx2vro2Ffs=",
"lastModified": 1685356226,
"narHash": "sha256-f2clSOdqi0SvY1WSgbnl2YgCZmoCXOxeUjYeXp8p2zI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ba6e4ddeb3e8ad3f3e3bec63dafbc9fe558729bb",
"rev": "0f7f5ca1cdec8dea85bb4fa60378258171d019ad",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
@ -562,7 +540,6 @@
"inputs": {
"darwin": "darwin",
"emacs": "emacs",
"fenix": "fenix",
"flake-utils": "flake-utils_2",
"home-manager": "home-manager",
"idris2": "idris2",
@ -578,23 +555,6 @@
"wsl": "wsl"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1685177170,
"narHash": "sha256-bRURsRZZmBZtQo8OHD/PRslGQC04wed6lWroQaAPSPg=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "f6e3a87bf9478574f8c64ac2efec125bc19b1c64",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"scripts": {
"inputs": {
"flake-utils": "flake-utils_4",
@ -624,11 +584,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1685242617,
"narHash": "sha256-UBPXGfGwGMJm2Wj9kDj8+TMMK2PTouSM/TpiXYtaqtQ=",
"lastModified": 1685434555,
"narHash": "sha256-aZl0yeaYX3T2L3W3yXOd3S9OfpS+8YUOT2b1KwrSf6E=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3e016341d4dca6ce7c62316f90e66341841a30f9",
"rev": "876846cde9762ae563f018c17993354875e2538e",
"type": "github"
},
"original": {
@ -703,21 +663,6 @@
}
},
"utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"locked": {
"lastModified": 1653893745,
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",

View File

@ -2,11 +2,11 @@
description = "Nathan's system configurations";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware";
home-manager = {
url = "github:nix-community/home-manager/release-22.11";
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-on-droid = {
@ -21,10 +21,6 @@
url = "github:lnl7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";
};
emacs = {
url =
"github:nix-community/emacs-overlay/9b41f8296a3898bdb87b9d091f9df540a982b242";
@ -187,6 +183,15 @@
./hardware/productivity-vm.nix
];
};
# Installer iso
iso_x86_64 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix"
"${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
];
};
};
# Mac systems
darwinConfigurations = {

View File

@ -49,8 +49,6 @@ with nLib; {
home.packages = with pkgs; [
# Rustup for having the compiler around
rustup
# Install the latest rust analyzer
inputs.fenix.packages."${pkgs.system}".rust-analyzer
# Misc cargo utilites
cargo-binutils # Allow invoking the llvm tools included with the toolchain
cargo-edit # Command line Cargo.toml manipulation
@ -102,7 +100,8 @@ with nLib; {
(mkIf devel.haskell {
home.packages = with pkgs; [
(haskellPackages.ghcWithPackages
(p: with p; [ turtle cabal-install stack brittany hoogle ]))
# TODO: readd brittany when its not broken
(p: with p; [ turtle cabal-install stack hoogle ]))
haskell-language-server
hlint
];

View File

@ -18,10 +18,10 @@ in with lib; {
ALACRITTY = "1";
};
font = {
normal.family = "Iosevka Term";
bold.family = "Iosevka Term";
italic.family = "Iosevka Term";
bold_italic.family = "Iosevka Term";
normal.family = "Iosevka Nerd Font";
bold.family = "Iosevka Nerd Font";
italic.family = "Iosevka Nerd Font";
bold_italic.family = "Iosevka Nerd Font";
# Bigger on darwin
size = if pkgs.stdenv.isLinux then 10.0 else 12.0;
};

View File

@ -303,7 +303,7 @@ in with lib; {
#########################
## Mako (notifications)
#########################
programs.mako = {
services.mako = {
enable = true;
# Selenized color scheme
borderColor = "#f275be";

View File

@ -57,8 +57,6 @@
# Setup gitea
services.gitea = {
enable = true;
domain = "git.stranger.systems";
rootUrl = "https://git.stranger.systems";
appName = "Stranger Systems Git Mirror";
lfs.enable = true;
settings = {
@ -68,6 +66,10 @@
DISABLE_STARS = true;
ENABLE_PUSH_CREATE_ORG = true;
};
server = {
DOMAIN = "git.stranger.systems";
ROOT_URL = "https://git.stranger.systems";
};
};
};
services.nginx.virtualHosts."git.stranger.systems" = {

View File

@ -103,7 +103,7 @@
};
# Mako output configuration
programs.mako = {
services.mako = {
# Lock mako notifs to main display
output = "DP-1";
};

View File

@ -59,7 +59,6 @@
};
# Configure bootloader
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.loader.grub.forceInstall = true;
boot.loader.timeout = 10;

View File

@ -62,7 +62,7 @@
extraPackages = with pkgs; [ libva vaapiIntel libvdpau-va-gl vaapiVdpau ];
};
# Newer kernel
boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_2;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_3;
# Run plex and the like in containers, these applications get... a little fucky when run directly
# on nixos
virtualisation.oci-containers.containers = {

View File

@ -65,7 +65,7 @@
systemd.user.services = { };
# Mako output configuration
programs.mako = {
services.mako = {
# Lock mako notifs to main display
output = "Virtual-1";
};

View File

@ -14,7 +14,7 @@ with lib; {
(mkIf config.nathan.config.harden
(import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
(mkIf config.nathan.config.harden {
boot.kernelPackages = pkgs.linuxPackages_5_18_hardened;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_1_hardened;
security = {
allowSimultaneousMultithreading = true;
unprivilegedUsernsClone = true;

View File

@ -15,7 +15,6 @@ in with lib; {
boot.loader = {
grub = {
enable = true;
version = 2;
efiSupport = true;
# Go efi only
devices = [ "nodev" ];

View File

@ -36,7 +36,7 @@ in with lib; {
services.avahi = {
enable = true;
nssmdns = false;
interfaces = [ "enp6s0" ];
allowInterfaces = [ "enp6s0" ];
hostName = "levitation";
domainName = "local";
openFirewall = true;

View File

@ -16,8 +16,10 @@ in with lib; {
addr = "0.0.0.0";
port = 22;
}];
permitRootLogin = "no";
passwordAuthentication = false;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
# Enable mosh for connecting from phone or bad internet

View File

@ -50,7 +50,7 @@ in with lib; {
};
})
];
qt5.platformTheme = "qt5ct";
qt.platformTheme = "qt5ct";
# Enable and configure sway itself
programs.sway = {
enable = true;

View File

@ -17,7 +17,7 @@ in with lib; {
# })
# '';
};
environment.shells = [ pkgs.fish ];
programs.fish.enable = true;
users = {
mutableUsers = !nc.installUser;
# Configure our user, if enabled

View File

@ -5,7 +5,7 @@
, libXScrnSaver, libXcomposite, libXcursor, libXdamage, libXext, libXfixes
, libXi, libXrandr, libXrender, libXtst, libxcb, libxshmfence, mesa, nspr, nss
, pango, systemd, libappindicator-gtk3, libdbusmenu, writeScript
, common-updater-scripts, electron, nodePackages, libgcc, glibc }:
, common-updater-scripts, electron, nodePackages, gcc, glibc }:
let inherit binaryName;
in stdenv.mkDerivation rec {
@ -31,7 +31,7 @@ in stdenv.mkDerivation rec {
autoPatchelfHook
];
buildInputs = [ electron libgcc glibc ];
buildInputs = [ electron gcc.cc.libgcc glibc ];
dontWrapGApps = true;
@ -75,7 +75,7 @@ in stdenv.mkDerivation rec {
libXScrnSaver
libappindicator-gtk3
libdbusmenu
libgcc
gcc.cc.libgcc
];
installPhase = let electron_exec = "${electron}/bin/electron";