commit aefab613a7fdb523a5ce52e633e72bf6469e9ed8 (tree)
parent de76f4a7d912e4ca2de8bcddb4038ec79c6b2589
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date: Tue, 2 Dec 2025 00:30:28 +0200
Merge branch '25.11'
Diffstat:
16 files changed, 82 insertions(+), 71 deletions(-)
diff --git a/flake.lock b/flake.lock
@@ -133,16 +133,16 @@
]
},
"locked": {
- "lastModified": 1763992789,
- "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
+ "lastModified": 1764536451,
+ "narHash": "sha256-BgtcUkBfItu9/yU14IgUaj4rYOanTOUZjUfBP20/ZB4=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
+ "rev": "3fdd076e08049a9c7a83149b270440d9787d2df5",
"type": "github"
},
"original": {
"owner": "nix-community",
- "ref": "release-25.05",
+ "ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
@@ -206,16 +206,16 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1764316264,
- "narHash": "sha256-82L+EJU+40+FIdeG4gmUlOF1jeSwlf2AwMarrpdHF6o=",
+ "lastModified": 1764494334,
+ "narHash": "sha256-x2xCEXUlU4Ap56+t5HaoReOQ/bV/bIQ5rzTn/m+V3HQ=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "9a7b80b6f82a71ea04270d7ba11b48855681c4b0",
+ "rev": "d542db745310b6929708d9abea513f3ff19b1341",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-25.05",
+ "ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
diff --git a/flake.nix b/flake.nix
@@ -2,14 +2,14 @@
description = "motiejus/config";
inputs = {
- nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
flake-compat.url = "github:nix-community/flake-compat";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nur.url = "github:nix-community/NUR";
- home-manager.url = "github:nix-community/home-manager/release-25.05";
+ home-manager.url = "github:nix-community/home-manager/release-25.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
agenix = {
@@ -77,7 +77,6 @@
home-manager,
nixos-hardware,
nix-index-database,
- pre-commit-hooks,
nur,
zig,
kolide-launcher,
@@ -111,7 +110,7 @@
go-raceless = super.callPackage ./pkgs/go-raceless { inherit (nicer) ; };
pkgs-unstable = import nixpkgs-unstable {
- inherit (super) system;
+ inherit (super.stdenv.hostPlatform) system;
config.allowUnfree = true;
overlays = [
(_self: super: {
diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
@@ -230,10 +230,10 @@ in
};
services = {
- logind = {
- lidSwitch = "ignore";
- powerKey = "suspend";
- powerKeyLongPress = "poweroff";
+ logind.settings.Login = {
+ HandleLidSwitch = "ignore";
+ HandlePowerKey = "suspend";
+ HandlePowerKeyLongPress = "poweroff";
};
plikd = {
diff --git a/hosts/sqq1-desk2/configuration.nix b/hosts/sqq1-desk2/configuration.nix
@@ -155,7 +155,7 @@ in
extremetuxracer
superTux
superTuxKart
- frozen-bubble
+ # frozen-bubble # broken in 25.11 (perl SDL tests segfault)
neverball
pingus
supermariowar
diff --git a/hosts/vm/configuration.nix b/hosts/vm/configuration.nix
@@ -28,23 +28,25 @@
boot.kernelPackages = pkgs.linuxPackages_latest;
- isoImage =
+ image =
let
vsn = "${config.system.nixos.release}${lib.trivial.versionSuffix}";
in
{
- isoName = "toolshed-${vsn}.iso";
-
- # as of writing zstd -19 reduces toolshed from 9.1G to 8.6G, but takes
- # ~30min on fwminex, as opposed to ~10m with default settings. xz also
- # yields 8.6G.
- #squashfsCompression = "zstd -Xcompression-level 19";
- squashfsCompression = "zstd";
- appendToMenuLabel = " Toolshed ${vsn}";
- makeEfiBootable = true; # EFI booting
- makeUsbBootable = true; # USB booting
+ fileName = "toolshed-${vsn}.iso";
};
+ isoImage = {
+ # as of writing zstd -19 reduces toolshed from 9.1G to 8.6G, but takes
+ # ~30min on fwminex, as opposed to ~10m with default settings. xz also
+ # yields 8.6G.
+ #squashfsCompression = "zstd -Xcompression-level 19";
+ squashfsCompression = "zstd";
+ appendToMenuLabel = " Toolshed ${config.system.nixos.release}${lib.trivial.versionSuffix}";
+ makeEfiBootable = true; # EFI booting
+ makeUsbBootable = true; # USB booting
+ };
+
swapDevices = [ ];
services = {
diff --git a/modules/base/default.nix b/modules/base/default.nix
@@ -173,13 +173,13 @@ in
tcpdump
testssl
dnsutils
- curlHTTP3
+ curl
bandwhich
bridge-utils
speedtest-cli
nix-output-monitor
- config.boot.kernelPackages.perf
+ perf
config.boot.kernelPackages.vm-tools
]
];
diff --git a/modules/base/sshd/default.nix b/modules/base/sshd/default.nix
@@ -1,6 +1,5 @@
{
lib,
- config,
myData,
...
}:
diff --git a/modules/profiles/desktop/default.nix b/modules/profiles/desktop/default.nix
@@ -71,10 +71,10 @@ in
package = pkgs.pulseaudioFull;
};
- logind = {
- powerKey = "suspend";
- powerKeyLongPress = "poweroff";
- lidSwitchExternalPower = "ignore";
+ logind.settings.Login = {
+ HandlePowerKey = "suspend";
+ HandlePowerKeyLongPress = "poweroff";
+ HandleLidSwitchExternalPower = "ignore";
};
avahi = {
@@ -224,7 +224,7 @@ in
qalculate-qt # qalculate
google-chrome
wirelesstools
- poppler_utils
+ poppler-utils
squashfsTools
joplin-desktop
aspellDicts.en
@@ -238,7 +238,7 @@ in
netsurf-browser
man-pages-posix
gnome-calculator
- libsForQt5.okular
+ kdePackages.okular
nvtopPackages.amd
age-plugin-yubikey
nvtopPackages.intel
@@ -330,11 +330,11 @@ in
gtk = {
enable = true;
theme = {
- package = pkgs.plasma5Packages.breeze-gtk;
+ package = pkgs.kdePackages.breeze-gtk;
name = "Breeze";
};
cursorTheme = {
- package = pkgs.plasma5Packages.breeze-icons;
+ package = pkgs.kdePackages.breeze-icons;
name = "Breeze_Snow";
};
iconTheme = {
diff --git a/modules/profiles/desktop/plasma.nix b/modules/profiles/desktop/plasma.nix
@@ -67,7 +67,7 @@ let
attrs:
let
args = configToArgs attrs;
- argToCommand = arg: "${pkgs.plasma5Packages.kconfig}/bin/kwriteconfig5 ${arg}";
+ argToCommand = arg: "${pkgs.kdePackages.kconfig}/bin/kwriteconfig6 ${arg}";
commands = builtins.map argToCommand args;
in
lib.strings.concatStringsSep "\n" commands;
diff --git a/modules/profiles/workstation/default.nix b/modules/profiles/workstation/default.nix
@@ -66,7 +66,7 @@ in
wasmtime
bpftrace
hyperfine
- sloccount
+ loccount
tesseract
postgresql
gcc_latest
diff --git a/modules/profiles/xfce4/default.nix b/modules/profiles/xfce4/default.nix
@@ -1,6 +1,5 @@
{
lib,
- config,
...
}:
{
diff --git a/modules/services/frigate/default.nix b/modules/services/frigate/default.nix
@@ -126,11 +126,15 @@ in
days = 2;
mode = "all";
};
- events = {
- pre_capture = 5;
- post_capture = 5;
+ alerts = {
retain = {
- default = 5;
+ days = 5;
+ mode = "motion";
+ };
+ };
+ detections = {
+ retain = {
+ days = 5;
mode = "motion";
};
};
diff --git a/modules/services/immich/default.nix b/modules/services/immich/default.nix
@@ -42,6 +42,13 @@ in
enable = true;
port = myData.ports.immich-server;
+ # Database configuration for NixOS 25.11
+ database = {
+ enable = true;
+ enableVectorChord = true; # New vector search backend (recommended)
+ enableVectors = false; # Disable deprecated pgvecto-rs
+ };
+
# N.B. as of 24.11 default redis socket has permissions incompatible
# with how immich is configured.
# If immich can't find/connect to redis, it will fail on boot, so it's
diff --git a/modules/services/postfix/default.nix b/modules/services/postfix/default.nix
@@ -17,22 +17,22 @@
services.postfix = {
enable = true;
enableSmtp = true;
- networks = [
- "127.0.0.1/8"
- "[::ffff:127.0.0.0]/104"
- "[::1]/128"
- myData.subnets.tailscale.cidr
- ];
- hostname = "relay.jakstys.lt";
- extraConfig = ''
- mydestination =
- smtpd_relay_restrictions = permit_mynetworks, reject
- smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
- smtp_tls_security_level = may
- smtpd_helo_required = yes
- disable_vrfy_command = yes
- header_size_limit = 4096000
- '';
+ settings.main = {
+ mynetworks = [
+ "127.0.0.1/8"
+ "[::ffff:127.0.0.0]/104"
+ "[::1]/128"
+ myData.subnets.tailscale.cidr
+ ];
+ myhostname = "relay.jakstys.lt";
+ mydestination = "";
+ smtpd_relay_restrictions = "permit_mynetworks, reject";
+ smtpd_recipient_restrictions = "permit_mynetworks, reject_unauth_destination";
+ smtp_tls_security_level = "may";
+ smtpd_helo_required = "yes";
+ disable_vrfy_command = "yes";
+ header_size_limit = "4096000";
+ };
};
};
}
diff --git a/shared/home/default.nix b/shared/home/default.nix
@@ -141,13 +141,15 @@ in
git = {
enable = true;
- userEmail = email;
- userName = "Motiejus Jakštys";
- aliases = {
- yolo = "commit --amend --no-edit -a";
- pushf = "push --force-with-lease";
- };
- extraConfig = {
+ settings = {
+ user = lib.mkMerge [
+ { name = "Motiejus Jakštys"; }
+ (lib.mkIf (email != null) { inherit email; })
+ ];
+ alias = {
+ yolo = "commit --amend --no-edit -a";
+ pushf = "push --force-with-lease";
+ };
log.date = "iso-strict-local";
pull.ff = "only";
core.abbrev = 12;
@@ -165,7 +167,6 @@ in
confirm = "always";
suppresscc = "self";
};
-
};
};
diff --git a/shared/work/default.nix b/shared/work/default.nix
@@ -74,7 +74,7 @@
ANTHROPIC_VERTEX_PROJECT_ID = "chronosphere-rc-b";
};
programs = {
- git.extraConfig = {
+ git.settings = {
url."git@github.com:".insteadOf = "https://github.com";
user.useConfigOnly = true;
};
