diff --git a/flake.lock b/flake.lock index 5201c0a..226aa05 100644 --- a/flake.lock +++ b/flake.lock @@ -133,16 +133,16 @@ ] }, "locked": { - "lastModified": 1763992789, - "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", + "lastModified": 1764536451, + "narHash": "sha256-BgtcUkBfItu9/yU14IgUaj4rYOanTOUZjUfBP20/ZB4=", "owner": "nix-community", "repo": "home-manager", - "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", + "rev": "3fdd076e08049a9c7a83149b270440d9787d2df5", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", + "ref": "release-25.11", "repo": "home-manager", "type": "github" } @@ -206,16 +206,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764316264, - "narHash": "sha256-82L+EJU+40+FIdeG4gmUlOF1jeSwlf2AwMarrpdHF6o=", + "lastModified": 1764494334, + "narHash": "sha256-x2xCEXUlU4Ap56+t5HaoReOQ/bV/bIQ5rzTn/m+V3HQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9a7b80b6f82a71ea04270d7ba11b48855681c4b0", + "rev": "d542db745310b6929708d9abea513f3ff19b1341", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 5fc4d58..a9d6064 100644 --- a/flake.nix +++ b/flake.nix @@ -2,14 +2,14 @@ description = "motiejus/config"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; flake-compat.url = "github:nix-community/flake-compat"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nur.url = "github:nix-community/NUR"; - home-manager.url = "github:nix-community/home-manager/release-25.05"; + home-manager.url = "github:nix-community/home-manager/release-25.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; agenix = { @@ -77,7 +77,6 @@ home-manager, nixos-hardware, nix-index-database, - pre-commit-hooks, nur, zig, kolide-launcher, @@ -111,7 +110,7 @@ go-raceless = super.callPackage ./pkgs/go-raceless { inherit (nicer) ; }; pkgs-unstable = import nixpkgs-unstable { - inherit (super) system; + inherit (super.stdenv.hostPlatform) system; config.allowUnfree = true; overlays = [ (_self: super: { diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix index 04fb9da..769520e 100644 --- a/hosts/fwminex/configuration.nix +++ b/hosts/fwminex/configuration.nix @@ -230,10 +230,10 @@ in }; services = { - logind = { - lidSwitch = "ignore"; - powerKey = "suspend"; - powerKeyLongPress = "poweroff"; + logind.settings.Login = { + HandleLidSwitch = "ignore"; + HandlePowerKey = "suspend"; + HandlePowerKeyLongPress = "poweroff"; }; plikd = { diff --git a/hosts/sqq1-desk2/configuration.nix b/hosts/sqq1-desk2/configuration.nix index 26d4c40..c868416 100644 --- a/hosts/sqq1-desk2/configuration.nix +++ b/hosts/sqq1-desk2/configuration.nix @@ -155,7 +155,7 @@ in extremetuxracer superTux superTuxKart - frozen-bubble + # frozen-bubble # broken in 25.11 (perl SDL tests segfault) neverball pingus supermariowar diff --git a/hosts/vm/configuration.nix b/hosts/vm/configuration.nix index 9f97bc3..e897e6e 100644 --- a/hosts/vm/configuration.nix +++ b/hosts/vm/configuration.nix @@ -28,23 +28,25 @@ boot.kernelPackages = pkgs.linuxPackages_latest; - isoImage = + image = let vsn = "${config.system.nixos.release}${lib.trivial.versionSuffix}"; in { - isoName = "toolshed-${vsn}.iso"; - - # as of writing zstd -19 reduces toolshed from 9.1G to 8.6G, but takes - # ~30min on fwminex, as opposed to ~10m with default settings. xz also - # yields 8.6G. - #squashfsCompression = "zstd -Xcompression-level 19"; - squashfsCompression = "zstd"; - appendToMenuLabel = " Toolshed ${vsn}"; - makeEfiBootable = true; # EFI booting - makeUsbBootable = true; # USB booting + fileName = "toolshed-${vsn}.iso"; }; + isoImage = { + # as of writing zstd -19 reduces toolshed from 9.1G to 8.6G, but takes + # ~30min on fwminex, as opposed to ~10m with default settings. xz also + # yields 8.6G. + #squashfsCompression = "zstd -Xcompression-level 19"; + squashfsCompression = "zstd"; + appendToMenuLabel = " Toolshed ${config.system.nixos.release}${lib.trivial.versionSuffix}"; + makeEfiBootable = true; # EFI booting + makeUsbBootable = true; # USB booting + }; + swapDevices = [ ]; services = { diff --git a/modules/base/default.nix b/modules/base/default.nix index c18608d..44a7ef3 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -173,13 +173,13 @@ in tcpdump testssl dnsutils - curlHTTP3 + curl bandwhich bridge-utils speedtest-cli nix-output-monitor - config.boot.kernelPackages.perf + perf config.boot.kernelPackages.vm-tools ] ]; diff --git a/modules/base/sshd/default.nix b/modules/base/sshd/default.nix index 270f014..00217e7 100644 --- a/modules/base/sshd/default.nix +++ b/modules/base/sshd/default.nix @@ -1,6 +1,5 @@ { lib, - config, myData, ... }: diff --git a/modules/profiles/desktop/default.nix b/modules/profiles/desktop/default.nix index 51f6913..aa87fe2 100644 --- a/modules/profiles/desktop/default.nix +++ b/modules/profiles/desktop/default.nix @@ -71,10 +71,10 @@ in package = pkgs.pulseaudioFull; }; - logind = { - powerKey = "suspend"; - powerKeyLongPress = "poweroff"; - lidSwitchExternalPower = "ignore"; + logind.settings.Login = { + HandlePowerKey = "suspend"; + HandlePowerKeyLongPress = "poweroff"; + HandleLidSwitchExternalPower = "ignore"; }; avahi = { @@ -224,7 +224,7 @@ in qalculate-qt # qalculate google-chrome wirelesstools - poppler_utils + poppler-utils squashfsTools joplin-desktop aspellDicts.en @@ -238,7 +238,7 @@ in netsurf-browser man-pages-posix gnome-calculator - libsForQt5.okular + kdePackages.okular nvtopPackages.amd age-plugin-yubikey nvtopPackages.intel @@ -330,11 +330,11 @@ in gtk = { enable = true; theme = { - package = pkgs.plasma5Packages.breeze-gtk; + package = pkgs.kdePackages.breeze-gtk; name = "Breeze"; }; cursorTheme = { - package = pkgs.plasma5Packages.breeze-icons; + package = pkgs.kdePackages.breeze-icons; name = "Breeze_Snow"; }; iconTheme = { diff --git a/modules/profiles/desktop/plasma.nix b/modules/profiles/desktop/plasma.nix index 9d3d8f1..37d53cd 100644 --- a/modules/profiles/desktop/plasma.nix +++ b/modules/profiles/desktop/plasma.nix @@ -67,7 +67,7 @@ let attrs: let args = configToArgs attrs; - argToCommand = arg: "${pkgs.plasma5Packages.kconfig}/bin/kwriteconfig5 ${arg}"; + argToCommand = arg: "${pkgs.kdePackages.kconfig}/bin/kwriteconfig6 ${arg}"; commands = builtins.map argToCommand args; in lib.strings.concatStringsSep "\n" commands; diff --git a/modules/profiles/workstation/default.nix b/modules/profiles/workstation/default.nix index 7bfff7d..d477858 100644 --- a/modules/profiles/workstation/default.nix +++ b/modules/profiles/workstation/default.nix @@ -66,7 +66,7 @@ in wasmtime bpftrace hyperfine - sloccount + loccount tesseract postgresql gcc_latest diff --git a/modules/profiles/xfce4/default.nix b/modules/profiles/xfce4/default.nix index 2575fff..cefe560 100644 --- a/modules/profiles/xfce4/default.nix +++ b/modules/profiles/xfce4/default.nix @@ -1,6 +1,5 @@ { lib, - config, ... }: { diff --git a/modules/services/frigate/default.nix b/modules/services/frigate/default.nix index c565ddb..1c11f0b 100644 --- a/modules/services/frigate/default.nix +++ b/modules/services/frigate/default.nix @@ -126,11 +126,15 @@ in days = 2; mode = "all"; }; - events = { - pre_capture = 5; - post_capture = 5; + alerts = { retain = { - default = 5; + days = 5; + mode = "motion"; + }; + }; + detections = { + retain = { + days = 5; mode = "motion"; }; }; diff --git a/modules/services/immich/default.nix b/modules/services/immich/default.nix index 0562830..a0c491a 100644 --- a/modules/services/immich/default.nix +++ b/modules/services/immich/default.nix @@ -42,6 +42,13 @@ in enable = true; port = myData.ports.immich-server; + # Database configuration for NixOS 25.11 + database = { + enable = true; + enableVectorChord = true; # New vector search backend (recommended) + enableVectors = false; # Disable deprecated pgvecto-rs + }; + # N.B. as of 24.11 default redis socket has permissions incompatible # with how immich is configured. # If immich can't find/connect to redis, it will fail on boot, so it's diff --git a/modules/services/postfix/default.nix b/modules/services/postfix/default.nix index ae68f62..99add88 100644 --- a/modules/services/postfix/default.nix +++ b/modules/services/postfix/default.nix @@ -17,22 +17,22 @@ services.postfix = { enable = true; enableSmtp = true; - networks = [ - "127.0.0.1/8" - "[::ffff:127.0.0.0]/104" - "[::1]/128" - myData.subnets.tailscale.cidr - ]; - hostname = "relay.jakstys.lt"; - extraConfig = '' - mydestination = - smtpd_relay_restrictions = permit_mynetworks, reject - smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination - smtp_tls_security_level = may - smtpd_helo_required = yes - disable_vrfy_command = yes - header_size_limit = 4096000 - ''; + settings.main = { + mynetworks = [ + "127.0.0.1/8" + "[::ffff:127.0.0.0]/104" + "[::1]/128" + myData.subnets.tailscale.cidr + ]; + myhostname = "relay.jakstys.lt"; + mydestination = ""; + smtpd_relay_restrictions = "permit_mynetworks, reject"; + smtpd_recipient_restrictions = "permit_mynetworks, reject_unauth_destination"; + smtp_tls_security_level = "may"; + smtpd_helo_required = "yes"; + disable_vrfy_command = "yes"; + header_size_limit = "4096000"; + }; }; }; } diff --git a/shared/home/default.nix b/shared/home/default.nix index 2572b21..ba81e22 100644 --- a/shared/home/default.nix +++ b/shared/home/default.nix @@ -141,13 +141,15 @@ in git = { enable = true; - userEmail = email; - userName = "Motiejus Jakštys"; - aliases = { - yolo = "commit --amend --no-edit -a"; - pushf = "push --force-with-lease"; - }; - extraConfig = { + settings = { + user = lib.mkMerge [ + { name = "Motiejus Jakštys"; } + (lib.mkIf (email != null) { inherit email; }) + ]; + alias = { + yolo = "commit --amend --no-edit -a"; + pushf = "push --force-with-lease"; + }; log.date = "iso-strict-local"; pull.ff = "only"; core.abbrev = 12; @@ -165,7 +167,6 @@ in confirm = "always"; suppresscc = "self"; }; - }; }; diff --git a/shared/work/default.nix b/shared/work/default.nix index 3e54793..c440fab 100644 --- a/shared/work/default.nix +++ b/shared/work/default.nix @@ -74,7 +74,7 @@ ANTHROPIC_VERTEX_PROJECT_ID = "chronosphere-rc-b"; }; programs = { - git.extraConfig = { + git.settings = { url."git@github.com:".insteadOf = "https://github.com"; user.useConfigOnly = true; };