flake.lock: Update

Flake lock file updates:

• Updated input 'home-manager-edge':
    'github:nix-community/home-manager/792757f643cedc13f02098d8ed506d82e19ec1da' (2024-07-28)
  → 'github:nix-community/home-manager/086f619dd991a4d355c07837448244029fc2d9ab' (2024-08-11)
• Updated input 'nix-index-database':
    'github:Mic92/nix-index-database/c0ca47e8523b578464014961059999d8eddd4aae' (2024-07-28)
  → 'github:Mic92/nix-index-database/ec78079a904d7d55e81a0468d764d0fffb50ac06' (2024-08-11)
• Updated input 'nixos-generators-2311':
    'github:nix-community/nixos-generators/75cbb2a5e19c18840d105a72d036c6c92fc46c5d' (2024-07-29)
  → 'github:nix-community/nixos-generators/a220fc3a6e144f12f0c3dc3e4d01d44c2e6b0b85' (2024-08-12)
• Updated input 'nixos-generators-2311/nixlib':
    'github:nix-community/nixpkgs.lib/d15f6f6021693898fcd2c6a9bb13707383da9bbc' (2024-07-28)
  → 'github:nix-community/nixpkgs.lib/8bebd4c74f368aacb047f0141db09ec6b339733c' (2024-08-04)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/eab049fe178c11395d65a858ba1b56461ba9652d' (2024-07-29)
  → 'github:NixOS/nixos-hardware/c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf' (2024-08-10)
• Updated input 'nixpkgs-2405':
    'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27)
  → 'github:NixOS/nixpkgs/4a92571f9207810b559c9eac203d1f4d79830073' (2024-08-13)
• Updated input 'nixpkgs-edge':
    'github:NixOS/nixpkgs/b73c2221a46c13557b1b3be9c2070cc42cf01eb3' (2024-07-27)
  → 'github:NixOS/nixpkgs/a58bc8ad779655e790115244571758e8de055e3d' (2024-08-11)
• Updated input 'sops-nix-2305':
    'github:Mic92/sops-nix/eb34eb588132d653e4c4925d862f1e5a227cc2ab' (2024-07-27)
  → 'github:Mic92/sops-nix/be0eec2d27563590194a9206f551a6f73d52fa34' (2024-08-12)
• Updated input 'sops-nix-2311':
    'github:Mic92/sops-nix/eb34eb588132d653e4c4925d862f1e5a227cc2ab' (2024-07-27)
  → 'github:Mic92/sops-nix/be0eec2d27563590194a9206f551a6f73d52fa34' (2024-08-12)
• Updated input 'sops-nix-2405':
    'github:Mic92/sops-nix/eb34eb588132d653e4c4925d862f1e5a227cc2ab' (2024-07-27)
  → 'github:Mic92/sops-nix/be0eec2d27563590194a9206f551a6f73d52fa34' (2024-08-12)
• Updated input 'sops-nix-edge':
    'github:Mic92/sops-nix/eb34eb588132d653e4c4925d862f1e5a227cc2ab' (2024-07-27)
  → 'github:Mic92/sops-nix/be0eec2d27563590194a9206f551a6f73d52fa34' (2024-08-12)

base.nix

@@ -72,6 +72,13 @@
       (!config.boot.isContainer or false)
     ]) true;
 
+  # no acme in VM mode:
+  virtualisation.vmVariant = {
+     /* users.users.root.initialPassword = "root"; */
+     security.acme.defaults.server = "https://127.0.0.1";
+     security.acme.preliminarySelfsigned = true;
+   };
+
   # System fonts
   # Nice to have when X-forwading on headless machines
   fonts.fontDir.enable = true; # creates /run/current-system/sw/share/X11/fonts

flake.lock

@@ -70,11 +70,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722203588,
-        "narHash": "sha256-91V5FMSQ4z9bkhTCf0f86Zjw0bh367daSf0mzCIW0vU=",
+        "lastModified": 1723399884,
+        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "792757f643cedc13f02098d8ed506d82e19ec1da",
+        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
         "type": "github"
       },
       "original": {
@@ -91,11 +91,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722136042,
-        "narHash": "sha256-x3FmT4QSyK28itMiR5zfYhUrG5nY+2dv+AIcKfmSp5A=",
+        "lastModified": 1723352546,
+        "narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "c0ca47e8523b578464014961059999d8eddd4aae",
+        "rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06",
         "type": "github"
       },
       "original": {
@@ -106,11 +106,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1722128034,
-        "narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=",
+        "lastModified": 1722732880,
+        "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "d15f6f6021693898fcd2c6a9bb13707383da9bbc",
+        "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c",
         "type": "github"
       },
       "original": {
@@ -127,11 +127,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722214420,
-        "narHash": "sha256-qfHC1p5hcErGcE672/KhBkyWYloekQpqIxtcbcUVYkA=",
+        "lastModified": 1723444610,
+        "narHash": "sha256-WzhuUR2ZwafNzBh0VAbk3+320xd2sNWdZdjZa0S9ydY=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "75cbb2a5e19c18840d105a72d036c6c92fc46c5d",
+        "rev": "a220fc3a6e144f12f0c3dc3e4d01d44c2e6b0b85",
         "type": "github"
       },
       "original": {
@@ -142,11 +142,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1722278305,
-        "narHash": "sha256-xLBAegsn9wbj+pQfbX07kykd5VBV3Ywk3IbObVAAlWA=",
+        "lastModified": 1723310128,
+        "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "eab049fe178c11395d65a858ba1b56461ba9652d",
+        "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf",
         "type": "github"
       },
       "original": {
@@ -334,11 +334,11 @@
     },
     "nixpkgs-2405": {
       "locked": {
-        "lastModified": 1722087241,
-        "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=",
+        "lastModified": 1723556749,
+        "narHash": "sha256-+CHVZnTnIYRLYsARInHYoWkujzcRkLY/gXm3s5bE52o=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8c50662509100d53229d4be607f1a3a31157fa12",
+        "rev": "4a92571f9207810b559c9eac203d1f4d79830073",
         "type": "github"
       },
       "original": {
@@ -350,11 +350,11 @@
     },
     "nixpkgs-edge": {
       "locked": {
-        "lastModified": 1722062969,
-        "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=",
+        "lastModified": 1723362943,
+        "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3",
+        "rev": "a58bc8ad779655e790115244571758e8de055e3d",
         "type": "github"
       },
       "original": {
@@ -419,11 +419,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722114803,
-        "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=",
+        "lastModified": 1723501126,
+        "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab",
+        "rev": "be0eec2d27563590194a9206f551a6f73d52fa34",
         "type": "github"
       },
       "original": {
@@ -442,11 +442,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722114803,
-        "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=",
+        "lastModified": 1723501126,
+        "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab",
+        "rev": "be0eec2d27563590194a9206f551a6f73d52fa34",
         "type": "github"
       },
       "original": {
@@ -465,11 +465,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722114803,
-        "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=",
+        "lastModified": 1723501126,
+        "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab",
+        "rev": "be0eec2d27563590194a9206f551a6f73d52fa34",
         "type": "github"
       },
       "original": {
@@ -488,11 +488,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722114803,
-        "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=",
+        "lastModified": 1723501126,
+        "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab",
+        "rev": "be0eec2d27563590194a9206f551a6f73d52fa34",
         "type": "github"
       },
       "original": {

hosts/noximilien/default.nix

@@ -11,7 +11,8 @@
 
     #./yt-dlp-archive.nix
 
-    #../../profiles/vpn-pbsds/headscale.nix # opens port 3478
+
+    #../../profiles/vpn-pbsds/headscale.nix # opens port 3478 # TODO: move outside of home net?
 
     ../../users/pbsds
     ../../users/jornane
@@ -23,7 +24,7 @@
 
     ../../profiles/shell.nix
 
-    #../../profiles/services/tmate-server.nix # opens port 42244
+    #../../profiles/services/tmate-server.nix # opens port 42244 # TODO: move outside of home net
 
     ../../profiles/http # enables nginx+acme, defines mkDomain
     ../../profiles/http/index

hosts/sopp/default.nix

@@ -5,7 +5,7 @@
   boot.loader.efi.canTouchEfiVariables = true;
 
   boot.kernel.sysctl."vm.swappiness" = lib.mkDefault 10; # 0-100, commonly 60
-  boot.kernelModules = [ "xhci_pci" ]; # fixes boot with usb hub attached https://github.com/NixOS/nixpkgs/issues/171625
+  boot.kernelModules = [ "xhci_pci" ]; # add driver to stage-1 to make the usb dock not prevent boot - https://github.com/NixOS/nixpkgs/issues/171625#issuecomment-2068283656
 
   services.xserver.displayManager.autoLogin.enable = true;
   services.xserver.displayManager.autoLogin.user = "pbsds";

profiles/desktop/gnome/default.nix

@@ -22,6 +22,7 @@
     lxterminal
     # TODO: shadow gnome-terminal
     ffmpegthumbnailer
+    libheif # HEIF thumbnails
     gnomeExtensions.appindicator
   ];
 

profiles/http/default.nix

@@ -28,7 +28,6 @@ in
   #security.acme.defaults.dnsProvider = "domeneshop";
   #security.acme.defaults.credentialsFile = "/var/lib/secrets/domeneshop.key"; # TODO: this file must be made by hand, containing env variables.
 
-
   services.nginx.enable = true;
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 

users/pbsds/home/profiles/git.nix

@@ -32,6 +32,8 @@
   programs.git.extraConfig.fetch.prune = true;
   programs.git.extraConfig.fetch.prunetags = true;
   programs.git.extraConfig.log.date = "iso";
+  /* programs.git.extraConfig.interactive.singleKey = true; */
+
 
   programs.git.iniContent.init.defaultBranch = "main";
   programs.git.ignores = [

users/pbsds/home/profiles/shell.nix

@@ -27,6 +27,27 @@
     if command -v tldr >/dev/null; then
       complete -F _command tldr
     fi
+
+    destore() {
+      for dst in "$@"; do
+        test -L "$dst" || continue
+        # TODO: assert dst is in the store
+        src="$(realpath "$dst")"
+        if test -d "$src"; then
+          (set -x
+            rm -v "$dst"
+            cp -r --dereference --one-file-system "$src/" "$dst/" )
+            chmod -R +rw "$dst"
+          )
+        elif test -f "$src"; then
+          (set -x
+            rm -v "$dst"
+            cp -v "$src" "$dst"
+            chmod -v +rw "$dst"
+          )
+        fi
+      done
+    }
   '';
 
   imports = [ ../modules/jump.nix ];