From 573b43b8e21f847638b6e62659da01ec9910a660 Mon Sep 17 00:00:00 2001 From: Grimmauld Date: Sat, 23 Nov 2024 17:06:12 +0100 Subject: [PATCH] tooling fixes --- common/gaming.nix | 2 +- common/graphics/sway.nix | 21 +- common/hardware/laptop.nix | 5 +- common/tooling/apparmor/default.nix | 9 +- common/tooling/c.nix | 2 + common/tooling/default.nix | 3 +- common/tooling/git.nix | 1 + common/tooling/java.nix | 3 + common/tooling/opensnitch/default.nix | 192 +++++++++++------- .../opensnitch/discord_hosts/hosts.list | 3 + common/tooling/wine.nix | 5 +- common/xdg/mime.nix | 2 +- configuration.nix | 2 + flake.lock | 49 +++-- flake.nix | 10 +- .../hardware-configuration.nix | 7 +- 16 files changed, 193 insertions(+), 123 deletions(-) diff --git a/common/gaming.nix b/common/gaming.nix index 2b966f9..9184308 100644 --- a/common/gaming.nix +++ b/common/gaming.nix @@ -39,7 +39,7 @@ in }; }; - programs.honkers-railway-launcher.enable = true; + # programs.honkers-railway-launcher.enable = true; services.udev.packages = [ pkgs.wooting-udev-rules ]; diff --git a/common/graphics/sway.nix b/common/graphics/sway.nix index 79628a1..d98d6ad 100644 --- a/common/graphics/sway.nix +++ b/common/graphics/sway.nix @@ -23,6 +23,7 @@ let isDerivation concatLines optional + singleton mkIf ; inherit (pkgs) writeShellScriptBin; @@ -117,12 +118,6 @@ in } ''; - dbus-sway-environment = pkgs.writeShellScriptBin "dbus-sway-environment" '' - dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway - systemctl --user stop xdg-desktop-portal xdg-desktop-portal-wlr - systemctl --user start xdg-desktop-portal xdg-desktop-portal-wlr - ''; - build_conf = sway_conf: let @@ -153,22 +148,21 @@ in "output ${value.id} mode ${value.mode}" + (optionalString (value.pos != null) " position ${value.pos}") ) screens) + ++ (singleton "include /etc/sway/config.d/*") ); conf_path = "sway.conf"; in mkIf (enable && sway.enable) { - environment.etc."${conf_path}".text = sway_conf; + environment.etc."sway/config".source = lib.mkForce (pkgs.writeText conf_path sway_conf); grimmShared.sway.config.execAlways = [ - dbus-sway-environment init_screens_auto ]; environment.systemPackages = [ waybar_full - dbus-sway-environment init_screens_min_fps init_screens_max_fps init_screens_auto @@ -197,7 +191,10 @@ in rm -rf /home/*/.cache/rmenu ''; - reloadTriggers = [ config.environment.etc."${conf_path}".source ]; + reloadTriggers = [ + # config.environment.etc."${conf_path}".source + config.environment.etc."sway/config".source + ]; }; # programs.waybar.enable = true; @@ -221,10 +218,6 @@ in wmenu waybar-mpris ]; - extraOptions = [ - "--config" - "/etc/${conf_path}" - ]; extraSessionCommands = '' # source /etc/profile # test -f $HOME/.profile && source $HOME/.profile diff --git a/common/hardware/laptop.nix b/common/hardware/laptop.nix index d702554..5715f73 100644 --- a/common/hardware/laptop.nix +++ b/common/hardware/laptop.nix @@ -56,8 +56,11 @@ in serviceConfig.Type = "oneshot"; }; + systemd.enableCgroupAccounting = true; + # systemd.enableUnifiedCgroupHierarchy = false; + boot = { - kernelParams = [ "quiet" ]; + kernelParams = [ "intel_iommu=on" "nohibernate" ]; loader.efi.canTouchEfiVariables = true; initrd.availableKernelModules = [ "xhci_pci" diff --git a/common/tooling/apparmor/default.nix b/common/tooling/apparmor/default.nix index 19bccc7..7d146a0 100644 --- a/common/tooling/apparmor/default.nix +++ b/common/tooling/apparmor/default.nix @@ -16,12 +16,15 @@ in security.auditd.enable = true; security.apparmor.enable = true; -# security.apparmor.enableCache = true; + security.apparmor.enableCache = true; security.apparmor.includes."tunables/alias.d/programs" = '' + # alias / -> @{nix_store}/, alias /bin/spotify -> ${pkgs.spotify}/share/spotify/spotify, ''; +# security.apparmor.aa-alias-manager.enable = false; + security.audit.backlogLimit = 512; security.apparmor_d = { @@ -43,7 +46,7 @@ in pkexec = "complain"; xdg-mime = "complain"; mimetype = "complain"; - sudo = "complain"; + # sudo = "complain"; "unix-chkpwd.apparmor.d" = "complain"; }; }; @@ -228,7 +231,7 @@ in }; osu-lazer = { - state = "enforce"; + state = "disable"; # enable = true; # enforce = true; profile = '' diff --git a/common/tooling/c.nix b/common/tooling/c.nix index bf7cc52..7ee4523 100644 --- a/common/tooling/c.nix +++ b/common/tooling/c.nix @@ -29,6 +29,8 @@ in clang clang-tools cmake + stdman + valgrind ] ++ optionals graphical [ libva-utils diff --git a/common/tooling/default.nix b/common/tooling/default.nix index a2e5708..9f0fca8 100644 --- a/common/tooling/default.nix +++ b/common/tooling/default.nix @@ -23,7 +23,7 @@ in ./lsp.nix ./helix.nix ./git.nix -# ./wine.nix + ./wine.nix ./c.nix ./java.nix ./opensnitch @@ -62,6 +62,7 @@ in parted expect gptfdisk + qrencode ] ++ optionals graphical [ wev diff --git a/common/tooling/git.nix b/common/tooling/git.nix index e75afa3..c0c6935 100644 --- a/common/tooling/git.nix +++ b/common/tooling/git.nix @@ -21,6 +21,7 @@ in pkgs.urlencode pkgs.tea pkgs.delta + pkgs.gh ]; programs.git = { diff --git a/common/tooling/java.nix b/common/tooling/java.nix index 358d933..b9aa770 100644 --- a/common/tooling/java.nix +++ b/common/tooling/java.nix @@ -20,8 +20,11 @@ in environment.systemPackages = [ pkgs.jdk17 pkgs.visualvm + pkgs.gradle_7 ] ++ optionals graphical [ pkgs.jetbrains.idea-community ]; + environment.sessionVariables.JAVA_HOME = pkgs.jdk17.home; + grimmShared.tooling.lang_servers = [ { lsp = { diff --git a/common/tooling/opensnitch/default.nix b/common/tooling/opensnitch/default.nix index f0292b6..ba6381b 100644 --- a/common/tooling/opensnitch/default.nix +++ b/common/tooling/opensnitch/default.nix @@ -5,7 +5,12 @@ ... }: let - inherit (config.grimmShared) enable tooling graphical network; + inherit (config.grimmShared) + enable + tooling + graphical + network + ; inherit (lib) optional getBin @@ -24,7 +29,12 @@ let isString ; - local_network = [ "192.168.0.0/16" "10.0.0.0/8" "172.16.0.0/12" "fc00::/7" ]; + local_network = [ + "192.168.0.0/16" + "10.0.0.0/8" + "172.16.0.0/12" + "fc00::/7" + ]; local_ips = pkgs.writeTextDir "local_ips.list" (concatLines local_network); created = "1970-01-01T00:00:00.0+00:00"; @@ -33,7 +43,7 @@ in config = mkIf (enable && tooling.enable && network) { environment.systemPackages = optional graphical pkgs.opensnitch-ui; grimmShared.sway.config.autolaunch = optional graphical pkgs.opensnitch-ui; - + services.opensnitch = { enable = true; settings = { @@ -43,30 +53,34 @@ in }; rules = { - firefox = let - cfg = config.programs.firefox; - pkg = (cfg.package.override (old: { - extraPrefsFiles = - old.extraPrefsFiles or [ ] - ++ cfg.autoConfigFiles - ++ [ (pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig) ]; - nativeMessagingHosts = old.nativeMessagingHosts or [ ] ++ cfg.nativeMessagingHosts.packages; - cfg = (old.cfg or { }) // cfg.wrapperConfig; - })); + firefox = + let + cfg = config.programs.firefox; + pkg = ( + cfg.package.override (old: { + extraPrefsFiles = + old.extraPrefsFiles or [ ] + ++ cfg.autoConfigFiles + ++ [ (pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig) ]; + nativeMessagingHosts = old.nativeMessagingHosts or [ ] ++ cfg.nativeMessagingHosts.packages; + cfg = (old.cfg or { }) // cfg.wrapperConfig; + }) + ); + in # pkg = pkgs.firefox-unwrapped; - in mkIf (config.programs.firefox.enable) { - name = "firefox"; - enabled = true; - action = "allow"; - duration = "always"; - inherit created; - operator = { - type ="simple"; - sensitive = false; - operand = "process.path"; - data = "${getBin pkg}/lib/firefox/firefox"; + mkIf (config.programs.firefox.enable) { + name = "firefox"; + enabled = true; + action = "allow"; + duration = "always"; + inherit created; + operator = { + type = "simple"; + sensitive = false; + operand = "process.path"; + data = "${getBin pkg}/lib/firefox/firefox"; + }; }; - }; block-list = { name = "block-list"; @@ -77,7 +91,7 @@ in operator = { type = "lists"; operand = "lists.domains"; - data = pkgs.callPackage ./block_lists.nix {}; + data = pkgs.callPackage ./block_lists.nix { }; }; }; @@ -92,7 +106,7 @@ in operand = "list"; list = [ { - type ="simple"; + type = "simple"; sensitive = false; operand = "process.path"; data = getExe pkgs.nsncd; @@ -105,7 +119,9 @@ in { type = "lists"; operand = "lists.nets"; - data = pkgs.writeTextDir "cidr_dns.list" (concatLines ((map (ip: "${ip}/32") config.networking.nameservers) ++ local_network)); + data = pkgs.writeTextDir "cidr_dns.list" ( + concatLines ((map (ip: "${ip}/32") config.networking.nameservers) ++ local_network) + ); } { type = "simple"; @@ -124,7 +140,7 @@ in precedence = true; inherit created; operator = { - type ="regexp"; + type = "regexp"; sensitive = false; operand = "dest.ip"; data = "^(127\\.0\\.0\\.1|::1)$"; @@ -139,7 +155,7 @@ in duration = "always"; inherit created; operator = { - type ="simple"; + type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.spotify}/share/spotify/.spotify-wrapped"; @@ -154,7 +170,7 @@ in duration = "always"; inherit created; operator = { - type ="regexp"; + type = "regexp"; sensitive = false; operand = "process.path"; data = "/nix/store/[a-z0-9]{32}-osu-lazer-bin-${escapeRegex (getVersion pkgs.osu-lazer-bin)}-extracted/usr/bin/osu!"; @@ -178,7 +194,7 @@ in data = "443|53"; } { - type ="regexp"; + type = "regexp"; sensitive = false; operand = "process.path"; data = "/nix/store/[a-z0-9]{32}-osu-lazer-bin-${escapeRegex (getVersion pkgs.osu-lazer-bin)}-extracted/usr/bin/osu!"; @@ -209,7 +225,7 @@ in data = "443|4070"; } { - type ="simple"; + type = "simple"; sensitive = false; operand = "process.path"; data = lib.getExe pkgs.ncspot; @@ -218,7 +234,7 @@ in type = "lists"; operand = "lists.domains_regexp"; data = ./spotify_hosts; - } + } ]; }; }; @@ -240,7 +256,7 @@ in data = "443|4070"; } { - type ="simple"; + type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.spotify}/share/spotify/.spotify-wrapped"; @@ -249,12 +265,11 @@ in type = "lists"; operand = "lists.domains_regexp"; data = ./spotify_hosts; - } + } ]; }; }; - spotify_allow_local = mkIf (config.grimmShared.spotify.enable && graphical) { name = "spotify-allow-local"; enabled = true; @@ -267,7 +282,7 @@ in operand = "list"; list = [ { - type ="simple"; + type = "simple"; sensitive = false; operand = "process.path"; data = "${lib.getBin pkgs.spotify}/share/spotify/.spotify-wrapped"; @@ -276,7 +291,7 @@ in type = "lists"; operand = "lists.nets"; data = local_ips; - } + } ]; }; }; @@ -289,7 +304,7 @@ in duration = "always"; inherit created; operator = { - type ="regexp"; + type = "regexp"; sensitive = false; operand = "process.command"; data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "${pkgs.vesktop}/opt/Vesktop/resources/app.asar"}"; @@ -308,7 +323,7 @@ in operand = "list"; list = [ { - type ="regexp"; + type = "regexp"; sensitive = false; operand = "process.command"; data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "${pkgs.vesktop}/opt/Vesktop/resources/app.asar"}"; @@ -317,7 +332,38 @@ in type = "lists"; operand = "lists.domains_regexp"; data = ./discord_hosts; - } + } + ]; + }; + }; + + vesktop_daemon_allow_udp = mkIf (graphical) { + name = "vesktop-allow-udp"; + enabled = true; + action = "allow"; + precedence = true; + duration = "always"; + # inherit created; + operator = { + type = "list"; + operand = "list"; + list = [ + { + type = "regexp"; + sensitive = false; + operand = "process.command"; + data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "--utility-sub-type=network.mojom.NetworkService"}.*--user-data-dir=/home/.+/\.config/vesktop.+"; + } + { + type = "simple"; + operand = "protocol"; + data = "udp"; + } + { + type = "regexp"; + operand = "dest.port"; + data = "500[0-9]{2}"; + } ]; }; }; @@ -330,14 +376,13 @@ in duration = "always"; inherit created; operator = { - type ="regexp"; + type = "regexp"; sensitive = false; operand = "process.command"; data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "--utility-sub-type=network.mojom.NetworkService"}.*--user-data-dir=/home/.+/\.config/vesktop.+"; }; }; - vesktop_daemon_allow = mkIf (graphical) { name = "vesktop-daemon-allow"; enabled = true; @@ -350,7 +395,7 @@ in operand = "list"; list = [ { - type ="regexp"; + type = "regexp"; sensitive = false; operand = "process.command"; data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "--utility-sub-type=network.mojom.NetworkService"}.*--user-data-dir=/home/.+/\.config/vesktop.+"; @@ -359,13 +404,11 @@ in type = "lists"; operand = "lists.domains_regexp"; data = ./discord_hosts; - } + } ]; }; }; - - avahi = mkIf (config.services.avahi.enable) { name = "avahi"; enabled = true; @@ -377,7 +420,7 @@ in operand = "list"; list = [ { - type ="simple"; + type = "simple"; sensitive = false; operand = "process.path"; data = getExe' config.services.avahi.package "avahi-daemon"; @@ -403,7 +446,7 @@ in duration = "always"; inherit created; operator = { - type ="regexp"; + type = "regexp"; operand = "protocol"; sensitive = false; data = "icmp(4|6)?"; @@ -421,21 +464,21 @@ in operand = "list"; list = [ { - type ="simple"; + type = "simple"; sensitive = false; operand = "process.path"; data = getExe' pkgs.networkmanager "networkmanager"; } { - type ="simple"; + type = "simple"; operand = "dest.port"; data = "547"; } - # { - # type ="simple"; - # operand = "dest.network"; - # data = "ff02::1:2"; - # } + # { + # type ="simple"; + # operand = "dest.network"; + # data = "ff02::1:2"; + # } ]; }; }; @@ -451,13 +494,13 @@ in operand = "list"; list = [ { - type ="simple"; + type = "simple"; sensitive = false; operand = "process.path"; data = getExe' pkgs.cups-filters "cups-browsed"; } { - type ="regexp"; + type = "regexp"; operand = "dest.port"; data = "53|631|80"; } @@ -484,18 +527,19 @@ in type = "simple"; sensitive = false; operand = "process.path"; - data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd"; } + data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd"; + } { - type ="regexp"; + type = "regexp"; operand = "dest.port"; data = "123|37|53"; } -# { -# type = "regexp"; -# sensitive = false; -# operand = "dest.host"; -# data = ".*\.nixos\.pool\.ntp\.org"; -# } + # { + # type = "regexp"; + # sensitive = false; + # operand = "dest.host"; + # data = ".*\.nixos\.pool\.ntp\.org"; + # } { type = "simple"; operand = "user.id"; @@ -504,9 +548,9 @@ in ]; }; }; - + nextcloud = mkIf (config.grimmShared.cloudSync.enable) { - name = "nextcloud"; + name = "nextcloud"; enabled = true; action = "allow"; duration = "always"; @@ -516,7 +560,7 @@ in operand = "list"; list = [ { - type ="simple"; + type = "simple"; sensitive = false; operand = "process.path"; data = getExe' pkgs.nextcloud-client ".nextcloudcmd-wrapped"; @@ -525,11 +569,15 @@ in type = "regexp"; sensitive = false; operand = "dest.host"; - data = let l = (filter isString (split "\\." config.grimmShared.cloudSync.server)); in (strings.replicate ((length l) - 1) "(") + (concatStringsSep "\\.)?" l); + data = + let + l = (filter isString (split "\\." config.grimmShared.cloudSync.server)); + in + (strings.replicate ((length l) - 1) "(") + (concatStringsSep "\\.)?" l); # config.grimmShared.cloudSync.server; } { - type ="regexp"; + type = "regexp"; operand = "dest.port"; data = "443|53"; } diff --git a/common/tooling/opensnitch/discord_hosts/hosts.list b/common/tooling/opensnitch/discord_hosts/hosts.list index 9ae3f9f..4a708cb 100644 --- a/common/tooling/opensnitch/discord_hosts/hosts.list +++ b/common/tooling/opensnitch/discord_hosts/hosts.list @@ -10,3 +10,6 @@ github.com githubusercontent.com scdn.co spotify.com +discord.media +media.tenor.co +media.tenor.com diff --git a/common/tooling/wine.nix b/common/tooling/wine.nix index cede6a0..842ecde 100644 --- a/common/tooling/wine.nix +++ b/common/tooling/wine.nix @@ -11,6 +11,7 @@ in { config = mkIf (enable && tooling.enable) { virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; virtualisation.spiceUSBRedirection.enable = true; @@ -20,14 +21,16 @@ in # uris = ["qemu:///system"]; # }; # }; + environment.systemPackages = with pkgs; [ winetricks wineWow64Packages.stagingFull dotnetCorePackages.dotnet_9.sdk - jetbrains.rider + # jetbrains.rider mono4 # (mono4.overrideAttrs { version="4.6.1"; sha256=""; }) + tesseract4 ]; }; } diff --git a/common/xdg/mime.nix b/common/xdg/mime.nix index 572c9eb..d4be56c 100644 --- a/common/xdg/mime.nix +++ b/common/xdg/mime.nix @@ -66,7 +66,7 @@ in freecad openscad vlc - blender + # blender thunderbird xdg-terminal-exec xdg-utils diff --git a/configuration.nix b/configuration.nix index 5f7c26e..34ac5ba 100644 --- a/configuration.nix +++ b/configuration.nix @@ -18,6 +18,8 @@ nix.package = pkgs.lix; nixpkgs.config.allowUnfree = true; + services.flatpak.enable = true; + grimmShared = { enable = true; locale = true; diff --git a/flake.lock b/flake.lock index f3520a4..da1f871 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1730472722, - "narHash": "sha256-/ut+TH7jZwgZEREMOZp/Wx7zXl6hgBJGGxQHU0KO6yY=", + "lastModified": 1731942996, + "narHash": "sha256-Ohh+GmEenm4Eu1p6+u/4qIw0wbgKm7Vk/yQwRnSmrFE=", "owner": "LordGrimmauld", "repo": "aa-alias-manager", - "rev": "f2ef05f2af456e247d2b37a0b3bf09edbe1788a9", + "rev": "e394c4882888f9b9306b3a2dfc59df03ab766473", "type": "github" }, "original": { @@ -30,11 +30,11 @@ ] }, "locked": { - "lastModified": 1728524457, - "narHash": "sha256-R+GJ3H1PvRUHLm45muY1KEezhfgIl8l7HJ36DySZMu0=", + "lastModified": 1731956781, + "narHash": "sha256-AAZiAMQ2LBCY375NnbQa8HHFJc3KLyfnlGiFXDdb1pE=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "5611dd61df02e0bc5d62bb3f5388821d8854faff", + "rev": "862c5b3acd097906cd242eedd9ddcc95ac9382cb", "type": "github" }, "original": { @@ -92,11 +92,11 @@ ] }, "locked": { - "lastModified": 1730390431, - "narHash": "sha256-M+rMhDB69Y35IlhmAMN4ErDige+wKPwhb6HDqpF14Rw=", + "lastModified": 1732150710, + "narHash": "sha256-H6ps/jlPn3kkGtrZeduLtfMnV8htI117/qUgMtUzJBM=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "40388a7427ee32af175c5169ae7587ffd2dec125", + "rev": "4621aec08aa50869a305e275c2b8a0c766f3b59b", "type": "github" }, "original": { @@ -241,11 +241,11 @@ ] }, "locked": { - "lastModified": 1730016908, - "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=", + "lastModified": 1732025103, + "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", "owner": "nix-community", "repo": "home-manager", - "rev": "e83414058edd339148dc142a8437edb9450574c8", + "rev": "a46e702093a5c46e192243edbd977d5749e7f294", "type": "github" }, "original": { @@ -263,11 +263,11 @@ ] }, "locked": { - "lastModified": 1730248099, - "narHash": "sha256-Fl7BSdpLk0uTXF6ol/MR0q1EB4XQ8tn0ftig0pyYh5Y=", + "lastModified": 1732032028, + "narHash": "sha256-NjyfJQQxs/a2a/KwTmXM44K7XjeJwGsf4YFtebueQzo=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "c11bab124fc55a37cbd854ed28ea121ed609231f", + "rev": "65dc04371cf914c9af4f073638821e4787303005", "type": "github" }, "original": { @@ -366,18 +366,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", - "type": "github" + "lastModified": 1732297877, + "narHash": "sha256-OCazAn/xPjPTMo6cyMzJthmfMBuoCjcZ4O+kAkW3ixI=", + "ref": "refs/heads/apparmor_module", + "rev": "43d89bd05155f93038565672464931594b9b4fcd", + "revCount": 710089, + "type": "git", + "url": "file:///home/grimmauld/coding/nixpkgs" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "git", + "url": "file:///home/grimmauld/coding/nixpkgs" } }, "nixpkgs-24_05": { diff --git a/flake.nix b/flake.nix index 556c053..8df05c0 100644 --- a/flake.nix +++ b/flake.nix @@ -3,8 +3,8 @@ inputs = { nixpkgs = { - url = "github:NixOS/nixpkgs/nixos-unstable"; - # url = "git+file:///home/grimmauld/coding/nixpkgs"; + # url = "github:NixOS/nixpkgs/nixos-unstable"; + url = "git+file:///home/grimmauld/coding/nixpkgs"; }; chaotic = { url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; @@ -37,7 +37,11 @@ outputs = inputs @ { self, agenix, nixpkgs, chaotic, aagl-gtk-on-nix, nixos-mailserver, nixos-matrix-modules, aa-alias-manager, ... }: let patches = [ - ./aa_mod.patch + # ./aa_mod.patch + { + url = "https://github.com/NixOS/nixpkgs/pull/357468.patch"; + hash = "sha256-t+/zVO/Jyink9biD61AuDOmVt0GF3biKxR5hCAyl4Fc="; + } ]; customNixosSystem = system: definitions: diff --git a/specific/grimm-nixos-ssd/hardware-configuration.nix b/specific/grimm-nixos-ssd/hardware-configuration.nix index 81c82cc..006a8a6 100644 --- a/specific/grimm-nixos-ssd/hardware-configuration.nix +++ b/specific/grimm-nixos-ssd/hardware-configuration.nix @@ -115,7 +115,12 @@ }; }; - swapDevices = [ ]; + swapDevices = [ + #{ + # device = "zpool/swap"; + # device = "/dev/zvol/zpool/swap"; + #} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's