Merge branch '25.11'

2025-12-02 00:30:28 +02:00
parent de76f4a7d9 007c8bc9c1
commit aefab613a7
16 changed files with 82 additions and 71 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -133,16 +133,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1763992789,
-        "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
+        "lastModified": 1764536451,
+        "narHash": "sha256-BgtcUkBfItu9/yU14IgUaj4rYOanTOUZjUfBP20/ZB4=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
+        "rev": "3fdd076e08049a9c7a83149b270440d9787d2df5",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
@@ -206,16 +206,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1764316264,
-        "narHash": "sha256-82L+EJU+40+FIdeG4gmUlOF1jeSwlf2AwMarrpdHF6o=",
+        "lastModified": 1764494334,
+        "narHash": "sha256-x2xCEXUlU4Ap56+t5HaoReOQ/bV/bIQ5rzTn/m+V3HQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9a7b80b6f82a71ea04270d7ba11b48855681c4b0",
+        "rev": "d542db745310b6929708d9abea513f3ff19b1341",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@@ -2,14 +2,14 @@
  description = "motiejus/config";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
    flake-compat.url = "github:nix-community/flake-compat";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    nur.url = "github:nix-community/NUR";

-    home-manager.url = "github:nix-community/home-manager/release-25.05";
+    home-manager.url = "github:nix-community/home-manager/release-25.11";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";

    agenix = {
@@ -77,7 +77,6 @@
      home-manager,
      nixos-hardware,
      nix-index-database,
-      pre-commit-hooks,
      nur,
      zig,
      kolide-launcher,
@@ -111,7 +110,7 @@
          go-raceless = super.callPackage ./pkgs/go-raceless { inherit (nicer) ; };

          pkgs-unstable = import nixpkgs-unstable {
-            inherit (super) system;
+            inherit (super.stdenv.hostPlatform) system;
            config.allowUnfree = true;
            overlays = [
              (_self: super: {
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -230,10 +230,10 @@ in
  };

  services = {
-    logind = {
-      lidSwitch = "ignore";
-      powerKey = "suspend";
-      powerKeyLongPress = "poweroff";
+    logind.settings.Login = {
+      HandleLidSwitch = "ignore";
+      HandlePowerKey = "suspend";
+      HandlePowerKeyLongPress = "poweroff";
    };

    plikd = {
--- a/hosts/sqq1-desk2/configuration.nix
+++ b/hosts/sqq1-desk2/configuration.nix
@@ -155,7 +155,7 @@ in
      extremetuxracer
      superTux
      superTuxKart
-      frozen-bubble
+      # frozen-bubble # broken in 25.11 (perl SDL tests segfault)
      neverball
      pingus
      supermariowar
--- a/hosts/vm/configuration.nix
+++ b/hosts/vm/configuration.nix
@@ -28,23 +28,25 @@

  boot.kernelPackages = pkgs.linuxPackages_latest;

-  isoImage =
+  image =
    let
      vsn = "${config.system.nixos.release}${lib.trivial.versionSuffix}";
    in
    {
-      isoName = "toolshed-${vsn}.iso";
-
-      # as of writing zstd -19 reduces toolshed from 9.1G to 8.6G, but takes
-      # ~30min on fwminex, as opposed to ~10m with default settings. xz also
-      # yields 8.6G.
-      #squashfsCompression = "zstd -Xcompression-level 19";
-      squashfsCompression = "zstd";
-      appendToMenuLabel = " Toolshed ${vsn}";
-      makeEfiBootable = true; # EFI booting
-      makeUsbBootable = true; # USB booting
+      fileName = "toolshed-${vsn}.iso";
    };

+  isoImage = {
+    # as of writing zstd -19 reduces toolshed from 9.1G to 8.6G, but takes
+    # ~30min on fwminex, as opposed to ~10m with default settings. xz also
+    # yields 8.6G.
+    #squashfsCompression = "zstd -Xcompression-level 19";
+    squashfsCompression = "zstd";
+    appendToMenuLabel = " Toolshed ${config.system.nixos.release}${lib.trivial.versionSuffix}";
+    makeEfiBootable = true; # EFI booting
+    makeUsbBootable = true; # USB booting
+  };
+
  swapDevices = [ ];

  services = {
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@@ -173,13 +173,13 @@ in
            tcpdump
            testssl
            dnsutils
-            curlHTTP3
+            curl
            bandwhich
            bridge-utils
            speedtest-cli
            nix-output-monitor

-            config.boot.kernelPackages.perf
+            perf
            config.boot.kernelPackages.vm-tools
          ]
        ];
--- a/modules/base/sshd/default.nix
+++ b/modules/base/sshd/default.nix
@@ -1,6 +1,5 @@
 {
  lib,
-  config,
  myData,
  ...
 }:
--- a/modules/profiles/desktop/default.nix
+++ b/modules/profiles/desktop/default.nix
@@ -71,10 +71,10 @@ in
        package = pkgs.pulseaudioFull;
      };

-      logind = {
-        powerKey = "suspend";
-        powerKeyLongPress = "poweroff";
-        lidSwitchExternalPower = "ignore";
+      logind.settings.Login = {
+        HandlePowerKey = "suspend";
+        HandlePowerKeyLongPress = "poweroff";
+        HandleLidSwitchExternalPower = "ignore";
      };

      avahi = {
@@ -224,7 +224,7 @@ in
      qalculate-qt # qalculate
      google-chrome
      wirelesstools
-      poppler_utils
+      poppler-utils
      squashfsTools
      joplin-desktop
      aspellDicts.en
@@ -238,7 +238,7 @@ in
      netsurf-browser
      man-pages-posix
      gnome-calculator
-      libsForQt5.okular
+      kdePackages.okular
      nvtopPackages.amd
      age-plugin-yubikey
      nvtopPackages.intel
@@ -330,11 +330,11 @@ in
        gtk = {
          enable = true;
          theme = {
-            package = pkgs.plasma5Packages.breeze-gtk;
+            package = pkgs.kdePackages.breeze-gtk;
            name = "Breeze";
          };
          cursorTheme = {
-            package = pkgs.plasma5Packages.breeze-icons;
+            package = pkgs.kdePackages.breeze-icons;
            name = "Breeze_Snow";
          };
          iconTheme = {
--- a/modules/profiles/desktop/plasma.nix
+++ b/modules/profiles/desktop/plasma.nix
@@ -67,7 +67,7 @@ let
    attrs:
    let
      args = configToArgs attrs;
-      argToCommand = arg: "${pkgs.plasma5Packages.kconfig}/bin/kwriteconfig5 ${arg}";
+      argToCommand = arg: "${pkgs.kdePackages.kconfig}/bin/kwriteconfig6 ${arg}";
      commands = builtins.map argToCommand args;
    in
    lib.strings.concatStringsSep "\n" commands;
--- a/modules/profiles/workstation/default.nix
+++ b/modules/profiles/workstation/default.nix
@@ -66,7 +66,7 @@ in
        wasmtime
        bpftrace
        hyperfine
-        sloccount
+        loccount
        tesseract
        postgresql
        gcc_latest
--- a/modules/profiles/xfce4/default.nix
+++ b/modules/profiles/xfce4/default.nix
@@ -1,6 +1,5 @@
 {
  lib,
-  config,
  ...
 }:
 {
--- a/modules/services/frigate/default.nix
+++ b/modules/services/frigate/default.nix
@@ -126,11 +126,15 @@ in
            days = 2;
            mode = "all";
          };
-          events = {
-            pre_capture = 5;
-            post_capture = 5;
+          alerts = {
            retain = {
-              default = 5;
+              days = 5;
+              mode = "motion";
+            };
+          };
+          detections = {
+            retain = {
+              days = 5;
              mode = "motion";
            };
          };
--- a/modules/services/immich/default.nix
+++ b/modules/services/immich/default.nix
@@ -42,6 +42,13 @@ in
      enable = true;
      port = myData.ports.immich-server;

+      # Database configuration for NixOS 25.11
+      database = {
+        enable = true;
+        enableVectorChord = true; # New vector search backend (recommended)
+        enableVectors = false; # Disable deprecated pgvecto-rs
+      };
+
      # N.B. as of 24.11 default redis socket has permissions incompatible
      # with how immich is configured.
      # If immich can't find/connect to redis, it will fail on boot, so it's
--- a/modules/services/postfix/default.nix
+++ b/modules/services/postfix/default.nix
@@ -17,22 +17,22 @@
    services.postfix = {
      enable = true;
      enableSmtp = true;
-      networks = [
-        "127.0.0.1/8"
-        "[::ffff:127.0.0.0]/104"
-        "[::1]/128"
-        myData.subnets.tailscale.cidr
-      ];
-      hostname = "relay.jakstys.lt";
-      extraConfig = ''
-        mydestination =
-        smtpd_relay_restrictions = permit_mynetworks, reject
-        smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
-        smtp_tls_security_level = may
-        smtpd_helo_required = yes
-        disable_vrfy_command = yes
-        header_size_limit = 4096000
-      '';
+      settings.main = {
+        mynetworks = [
+          "127.0.0.1/8"
+          "[::ffff:127.0.0.0]/104"
+          "[::1]/128"
+          myData.subnets.tailscale.cidr
+        ];
+        myhostname = "relay.jakstys.lt";
+        mydestination = "";
+        smtpd_relay_restrictions = "permit_mynetworks, reject";
+        smtpd_recipient_restrictions = "permit_mynetworks, reject_unauth_destination";
+        smtp_tls_security_level = "may";
+        smtpd_helo_required = "yes";
+        disable_vrfy_command = "yes";
+        header_size_limit = "4096000";
+      };
    };
  };
 }
--- a/shared/home/default.nix
+++ b/shared/home/default.nix
@@ -141,13 +141,15 @@ in

      git = {
        enable = true;
-        userEmail = email;
-        userName = "Motiejus Jakštys";
-        aliases = {
-          yolo = "commit --amend --no-edit -a";
-          pushf = "push --force-with-lease";
-        };
-        extraConfig = {
+        settings = {
+          user = lib.mkMerge [
+            { name = "Motiejus Jakštys"; }
+            (lib.mkIf (email != null) { inherit email; })
+          ];
+          alias = {
+            yolo = "commit --amend --no-edit -a";
+            pushf = "push --force-with-lease";
+          };
          log.date = "iso-strict-local";
          pull.ff = "only";
          core.abbrev = 12;
@@ -165,7 +167,6 @@ in
            confirm = "always";
            suppresscc = "self";
          };
-
        };
      };

--- a/shared/work/default.nix
+++ b/shared/work/default.nix
@@ -74,7 +74,7 @@
      ANTHROPIC_VERTEX_PROJECT_ID = "chronosphere-rc-b";
    };
    programs = {
-      git.extraConfig = {
+      git.settings = {
        url."git@github.com:".insteadOf = "https://github.com";
        user.useConfigOnly = true;
      };