From eb0c38f508bfe5bd11d186b3aadbe32ec8df19fe Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Sun, 14 Dec 2025 15:07:20 -0600 Subject: [PATCH] again try --- hosts/i001/flake.nix | 16 ++-- hosts/i001/hardware-mounts.nix | 40 ++++++++-- hosts/lio/flake.lock | 36 ++++----- utilities/nixos-installers/flake.lock | 98 ++++++++++++------------ utilities/nixos-installers/flake.nix | 13 +++- utilities/nixos-installers/new-flake.nix | 40 ++++++++-- 6 files changed, 149 insertions(+), 94 deletions(-) diff --git a/hosts/i001/flake.nix b/hosts/i001/flake.nix index 0cbfc5ab..f1d0e684 100644 --- a/hosts/i001/flake.nix +++ b/hosts/i001/flake.nix @@ -42,14 +42,14 @@ ringofstorms-nvim.includeAllRuntimeDependencies = true; }) - inputs.de_plasma.nixosModules.default - ({ - ringofstorms.dePlasma = { - enable = true; - gpu.intel.enable = true; - sddm.autologinUser = "luser"; - }; - }) + # inputs.de_plasma.nixosModules.default + # ({ + # ringofstorms.dePlasma = { + # enable = true; + # gpu.intel.enable = true; + # sddm.autologinUser = "luser"; + # }; + # }) inputs.common.nixosModules.essentials inputs.common.nixosModules.git diff --git a/hosts/i001/hardware-mounts.nix b/hosts/i001/hardware-mounts.nix index 5aee445a..391542c0 100644 --- a/hosts/i001/hardware-mounts.nix +++ b/hosts/i001/hardware-mounts.nix @@ -6,7 +6,31 @@ let USB_KEY = "/dev/disk/by-uuid/9985-EBD1"; - escape = lib.mkDefault lib.escapeSystemdPath; + inherit (lib) + hasPrefix + removePrefix + removeSuffix + replaceStrings + stringToCharacters + ; + inherit (lib.strings) normalizePath escapeC; + # FROM https://github.com/NixOS/nixpkgs/blob/5384341652dc01f8b01a3d227ae29e2dfbe630ba/nixos/lib/utils.nix#L101C1-L120C9 + escapeSystemdPath = + s: + let + replacePrefix = + p: r: s: + (if (hasPrefix p s) then r + (removePrefix p s) else s); + trim = s: removeSuffix "/" (removePrefix "/" s); + normalizedPath = normalizePath s; + in + replaceStrings [ "/" ] [ "-" ] ( + replacePrefix "." (escapeC [ "." ] ".") ( + escapeC (stringToCharacters " !\"#$%&'()*+,;<=>=@[\\]^`{|}~-") ( + if normalizedPath == "/" then normalizedPath else trim normalizedPath + ) + ) + ); in { # BOOT @@ -91,12 +115,12 @@ in # 1. Disable the automatically generated unlock services boot.initrd.systemd.services = { # the module creates services named unlock-bcachefs- - "unlock-bcachefs-${escape "/"}".enable = false; - "unlock-bcachefs-${escape "/.old_roots"}".enable = false; - "unlock-bcachefs-${escape "/nix"}".enable = false; - "unlock-bcachefs-${escape "/.snapshots"}".enable = false; - "unlock-bcachefs-${escape "/.swap"}".enable = false; - "unlock-bcachefs-${escape "/persist"}".enable = false; + "unlock-bcachefs-${escapeSystemdPath "/"}".enable = false; + "unlock-bcachefs-${escapeSystemdPath "/.old_roots"}".enable = false; + "unlock-bcachefs-${escapeSystemdPath "/nix"}".enable = false; + "unlock-bcachefs-${escapeSystemdPath "/.snapshots"}".enable = false; + "unlock-bcachefs-${escapeSystemdPath "/.swap"}".enable = false; + "unlock-bcachefs-${escapeSystemdPath "/persist"}".enable = false; # 2. Your single custom unlock unit unlock-bcachefs-custom = { @@ -120,7 +144,7 @@ in # cat /key/bcachefs.key | ${pkgs.bcachefs-tools}/bin/bcachefs unlock ${PRIMARY}' # ''; -# We inline a script that roughly mimics tryUnlock + openCommand behavior, + # We inline a script that roughly mimics tryUnlock + openCommand behavior, # but uses a key file from the USB stick instead of systemd-ask-password. ExecStart = '' /bin/sh -eu diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index 5e17a25c..61507fd6 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -123,11 +123,11 @@ }, "locked": { "dir": "flakes/de_plasma", - "lastModified": 1765400596, - "narHash": "sha256-QNLyhnZiQLzCjR3GlkQ4vb1IHQrn4JR4F1zhgV2oIc4=", + "lastModified": 1765571070, + "narHash": "sha256-IG0P76zKSxqjaAltEI3obMwsyurr2FQcwnEboyWc2l0=", "ref": "refs/heads/master", - "rev": "bccce1dfad455c991093eafb3b0cc556bcdc88fd", - "revCount": 870, + "rev": "e4d26ecb0ca1e982ff7b35a9c57b16dafd7c5e90", + "revCount": 877, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -321,11 +321,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1765270179, - "narHash": "sha256-g2a4MhRKu4ymR4xwo+I+auTknXt/+j37Lnf0Mvfl1rE=", + "lastModified": 1765425892, + "narHash": "sha256-jlQpSkg2sK6IJVzTQBDyRxQZgKADC2HKMRfGCSgNMHo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "677fbe97984e7af3175b6c121f3c39ee5c8d62c9", + "rev": "5d6bdbddb4695a62f0d00a3620b37a15275a5093", "type": "github" }, "original": { @@ -1236,11 +1236,11 @@ }, "locked": { "dir": "flakes/opencode", - "lastModified": 1765400058, - "narHash": "sha256-NRCitp8qptDB6zhM2gGzUp2kbwkKp64OIIEtXpf9G4s=", + "lastModified": 1765640448, + "narHash": "sha256-2UxMcYonJvL//sioMphxXXgXbJNdWZ9oYK3e6CTw4d0=", "ref": "refs/heads/master", - "rev": "191503db73da572989554b268e3d54ef7e07bce2", - "revCount": 869, + "rev": "daa1188f381f6fa893e41e1b3be892d8387f19ca", + "revCount": 883, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, @@ -1255,11 +1255,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1765399732, - "narHash": "sha256-cYLaGukNd9MpJ9tR4Gg/6r2YwySDKB43bTzsYzvDkhM=", + "lastModified": 1765627459, + "narHash": "sha256-6dzzRiN/vwr5sKvEooIWbG3IqcDYG4uL0nvuZKmyr7M=", "owner": "sst", "repo": "opencode", - "rev": "6288a032fd5c0ea7085e2f31071212147fed1cfe", + "rev": "d8663a44c285a9165b9aa28061e24ba1fad02d66", "type": "github" }, "original": { @@ -1383,11 +1383,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1764777428, - "narHash": "sha256-wFfPnXo1P+NwSK+Y7xYVwt0mbYhe9uBrf80T5KpBV5Q=", + "lastModified": 1765641080, + "narHash": "sha256-AyPi7rZVfjTjQrhPHP+ugpVY8tcUzF3Lw1RjACuxAms=", "ref": "refs/heads/master", - "rev": "ee642c429fced7d51c5f9c9694034f6222a1186f", - "revCount": 324, + "rev": "224ad4e3ecd9421c7469c4f06ff5faf7f6e8bedb", + "revCount": 325, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/nvim" }, diff --git a/utilities/nixos-installers/flake.lock b/utilities/nixos-installers/flake.lock index 6d6d7dc2..5e107259 100644 --- a/utilities/nixos-installers/flake.lock +++ b/utilities/nixos-installers/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1764040936, - "narHash": "sha256-d1NFBVGQZ/Xb0pMviuzenqrfXymJs0m/pKrEg1tDGsE=", + "lastModified": 1764776358, + "narHash": "sha256-MxXSCRiV7DI5U3Ra1UxVJTTUyKsONAE8+8QdSXsGIhA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b9491974f02dadeb5acca22649ccbd89a6a81afb", + "rev": "0b8cec1eb2241336971009cdd4af641b930d0d97", "type": "github" }, "original": { @@ -82,11 +82,11 @@ "nvim_plugin-MeanderingProgrammer/render-markdown.nvim": { "flake": false, "locked": { - "lastModified": 1763430554, - "narHash": "sha256-0DwPuzqR+7R4lJFQ9f2xN26YhdQKg85Hw6+bPvloZoc=", + "lastModified": 1764732647, + "narHash": "sha256-jya61X22LbcT4hpeio3qE/oOI/lvqKpf09oGEHHvQdA=", "owner": "MeanderingProgrammer", "repo": "render-markdown.nvim", - "rev": "6e0e8902dac70fecbdd8ce557d142062a621ec38", + "rev": "b2b135347e299ffbf7f4123fb7811899b0c9f4b8", "type": "github" }, "original": { @@ -162,11 +162,11 @@ "nvim_plugin-b0o/schemastore.nvim": { "flake": false, "locked": { - "lastModified": 1763748041, - "narHash": "sha256-4KKj1zp+5Z2zbC31hpvw73BIuf4dW7rimepGOggmUp4=", + "lastModified": 1764655248, + "narHash": "sha256-9nUBzwbMkzLySMW/Y0EkFpvFgHeW5YDQ3J3moVQarjQ=", "owner": "b0o", "repo": "schemastore.nvim", - "rev": "aa25399c48236b77af71d4b64cdf157d2ba4e990", + "rev": "e9c00ea7813006dfa29f35c174f83f0184d45a93", "type": "github" }, "original": { @@ -178,11 +178,11 @@ "nvim_plugin-catppuccin/nvim": { "flake": false, "locked": { - "lastModified": 1763995197, - "narHash": "sha256-i4WmQzSNWeR5rh61yonzR55yyklJ3xOL8D/XyEnDa+E=", + "lastModified": 1764084803, + "narHash": "sha256-ds+Rm9H00s++RC1dH4OQpCg1FXSm4HuwDGzr4ah0YBU=", "owner": "catppuccin", "repo": "nvim", - "rev": "180e0435707cf1fed09a98a9739e5807d92b69be", + "rev": "ce4a8e0d5267e67056f9f4dcf6cb1d0933c8ca00", "type": "github" }, "original": { @@ -194,11 +194,11 @@ "nvim_plugin-chrisgrieser/nvim-early-retirement": { "flake": false, "locked": { - "lastModified": 1764013541, - "narHash": "sha256-Mzz1y7YYTYUWv9S/Yr26to7AuDCZ+9asHa3qzDz06D0=", + "lastModified": 1764104935, + "narHash": "sha256-mvs0uIoxidy3jfC6oymwhaZVRbJrW+/kuMcIpR8TI6M=", "owner": "chrisgrieser", "repo": "nvim-early-retirement", - "rev": "6fb7d87a965e439cfb4e04a5c0e5038010fc015b", + "rev": "cd29cf40af7473530a8598245ba1d348fd5e1fa0", "type": "github" }, "original": { @@ -370,11 +370,11 @@ "nvim_plugin-lewis6991/gitsigns.nvim": { "flake": false, "locked": { - "lastModified": 1763280728, - "narHash": "sha256-w2/osNJwbtmUxxQIXBsyqMYrvyNUaVzXrUNGYqGmzi4=", + "lastModified": 1764322768, + "narHash": "sha256-w3Q7nMFEbcjP6RmSTONg2Nw1dBXDEHnjQ69FuAPJRD8=", "owner": "lewis6991", "repo": "gitsigns.nvim", - "rev": "cdafc320f03f2572c40ab93a4eecb733d4016d07", + "rev": "5813e4878748805f1518cee7abb50fd7205a3a48", "type": "github" }, "original": { @@ -466,11 +466,11 @@ "nvim_plugin-mrcjkb/rustaceanvim": { "flake": false, "locked": { - "lastModified": 1763539887, - "narHash": "sha256-aMyjQEEY6MlTBMMxjR6NxNhdbWmvRhOcfpgE1w712nE=", + "lastModified": 1764542305, + "narHash": "sha256-t7xAQ9sczLyA1zODmD+nEuWuLnhrfSOoPu/4G/YTGdU=", "owner": "mrcjkb", "repo": "rustaceanvim", - "rev": "6b7e0e18ad8fa0598bc038aef7bb6bba288adbad", + "rev": "6c3785d6a230bec63f70c98bf8e2842bed924245", "type": "github" }, "original": { @@ -482,11 +482,11 @@ "nvim_plugin-neovim/nvim-lspconfig": { "flake": false, "locked": { - "lastModified": 1763880753, - "narHash": "sha256-huuWVUKo6CmxjXYRnGv8tUs+7bo85gNyL8vVnreiTAU=", + "lastModified": 1764477618, + "narHash": "sha256-IpVDEOr//Jy+r3Z5Qo8nxDa3fNO+BTBKzAmbqvxtCQE=", "owner": "neovim", "repo": "nvim-lspconfig", - "rev": "30a2b191bccf541ce1797946324c9329e90ec448", + "rev": "effe4bf2e1afb881ea67291c648b68dd3dfc927a", "type": "github" }, "original": { @@ -594,11 +594,11 @@ "nvim_plugin-nvim-telescope/telescope.nvim": { "flake": false, "locked": { - "lastModified": 1763414201, - "narHash": "sha256-6hrylUCc6KlcbnMgcJNJhbX2Cgu0YHKoMPOqpaKRljE=", + "lastModified": 1764418954, + "narHash": "sha256-e6XSJRv4KB0z+nzGWmlV/YZNwWsyrrpQTloePRKWmw4=", "owner": "nvim-telescope", "repo": "telescope.nvim", - "rev": "83a3a713d6b2d2a408491a1b959e55a7fa8678e8", + "rev": "e69b434b968a33815e2f02a5c7bd7b8dd4c7d4b2", "type": "github" }, "original": { @@ -610,11 +610,11 @@ "nvim_plugin-nvim-tree/nvim-tree.lua": { "flake": false, "locked": { - "lastModified": 1763712665, - "narHash": "sha256-YwaWMPQ3IC+z/utnkZ1Tfs5tZFex9Gdf/vS9sUaMDCA=", + "lastModified": 1764713359, + "narHash": "sha256-dSaO5esPKj1y4vNyLb3AK9egmFJsmWxkGOT+etJsbRA=", "owner": "nvim-tree", "repo": "nvim-tree.lua", - "rev": "3fb91e18a727ecc0385637895ec397dea90be42a", + "rev": "59088b96a32ea47caf4976e164dbd88b86447fb7", "type": "github" }, "original": { @@ -754,11 +754,11 @@ "nvim_plugin-stevearc/conform.nvim": { "flake": false, "locked": { - "lastModified": 1763939276, - "narHash": "sha256-2TLMJdbSbMbdGn6zhZwNSUZnxVGu+Y0ZYhTjinTc7Hs=", + "lastModified": 1764743081, + "narHash": "sha256-qCjrMt3fsRbLr/iM7nFHG7oKtyTTGcse4/cJbm3odJE=", "owner": "stevearc", "repo": "conform.nvim", - "rev": "6208aefd675939cc7c8f1a57176135974dad269f", + "rev": "ffe26e8df8115c9665d24231f8a49fadb2d611ce", "type": "github" }, "original": { @@ -866,11 +866,11 @@ "nvim_plugin-zbirenbaum/copilot.lua": { "flake": false, "locked": { - "lastModified": 1763512274, - "narHash": "sha256-NMIXOb/20aEmXvPgSDPzVuRIV+OUnJyfXVaVEuVAaTM=", + "lastModified": 1764638966, + "narHash": "sha256-wQ6SfAunVMd5tNeM7RMvrfPC2ELRibyEQboVQlU/fBs=", "owner": "zbirenbaum", "repo": "copilot.lua", - "rev": "4383e05a47493d7ff77b058c0548129eb38ec7fb", + "rev": "881f99b827d65b41f522eecc21b112cf518028ac", "type": "github" }, "original": { @@ -946,11 +946,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1764112623, - "narHash": "sha256-IBjor1S6fq2nwmzi7sRwJg6mRFlO9qwA1OhJhyHvwlw=", + "lastModified": 1764777428, + "narHash": "sha256-wFfPnXo1P+NwSK+Y7xYVwt0mbYhe9uBrf80T5KpBV5Q=", "ref": "refs/heads/master", - "rev": "d85f1e831e400b2d1ea574fe6e40deba39d4d750", - "revCount": 323, + "rev": "ee642c429fced7d51c5f9c9694034f6222a1186f", + "revCount": 324, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/nvim" }, @@ -967,11 +967,11 @@ ] }, "locked": { - "lastModified": 1764038373, - "narHash": "sha256-M6w2wNBRelcavoDAyFL2iO4NeWknD40ASkH1S3C0YGM=", + "lastModified": 1764729618, + "narHash": "sha256-z4RA80HCWv2los1KD346c+PwNPzMl79qgl7bCVgz8X0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ab3536fe850211a96673c6ffb2cb88aab8071cc9", + "rev": "52764074a85145d5001bf0aa30cb71936e9ad5b8", "type": "github" }, "original": { @@ -982,11 +982,11 @@ }, "stable": { "locked": { - "lastModified": 1763948260, - "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", + "lastModified": 1764939437, + "narHash": "sha256-4TLFHUwXraw9Df5mXC/vCrJgb50CRr3CzUzF0Mn3CII=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", + "rev": "00d2457e2f608b4be6fe8b470b0a36816324b0ae", "type": "github" }, "original": { @@ -998,11 +998,11 @@ }, "unstable": { "locked": { - "lastModified": 1763966396, - "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { diff --git a/utilities/nixos-installers/flake.nix b/utilities/nixos-installers/flake.nix index b2ca8f1a..b480c272 100644 --- a/utilities/nixos-installers/flake.nix +++ b/utilities/nixos-installers/flake.nix @@ -2,7 +2,7 @@ description = "NixOS installer ISOs with extra bits I like"; inputs = { - stable.url = "github:nixos/nixpkgs/nixos-25.05"; + stable.url = "github:nixos/nixpkgs/nixos-25.11"; unstable.url = "github:nixos/nixpkgs/nixos-unstable"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; }; @@ -23,7 +23,7 @@ unstable = unstable; }; - # Build a NixOS system that is an installation ISO with SSH enabled + # Build a NixOS system that is an installation ISO with SSH enabled and bcachefs minimal = { nixpkgs, system }: nixpkgs.lib.nixosSystem { @@ -34,7 +34,7 @@ { pkgs, modulesPath, ... }: { imports = [ - (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") + (modulesPath + "/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix") ]; nix.settings.experimental-features = [ @@ -45,7 +45,14 @@ environment.systemPackages = with pkgs; [ fastfetch fzf + + # bcachefs + # Required as a workaround for bug + # https://github.com/NixOS/nixpkgs/issues/32279 + keyutils ]; + boot.supportedFilesystems = [ "bcachefs" ]; + environment.shellAliases = { n = "nvim"; }; diff --git a/utilities/nixos-installers/new-flake.nix b/utilities/nixos-installers/new-flake.nix index 5717ee92..beeaa538 100644 --- a/utilities/nixos-installers/new-flake.nix +++ b/utilities/nixos-installers/new-flake.nix @@ -1,7 +1,9 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; - home-manager.url = "github:rycee/home-manager/release-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; + home-manager.url = "github:rycee/home-manager/release-25.11"; + + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; @@ -16,8 +18,7 @@ let configurationName = "MACHINE_HOST_NAME"; primaryUser = "luser"; - configLocation = "/etc/nixos"; - # configLocation = "/home/${primaryUser}/.config/nixos-config/hosts/${configurationName}"; + configLocation = "/home/${primaryUser}/.config/nixos-config/hosts/${configurationName}"; lib = inputs.nixpkgs.lib; in { @@ -28,6 +29,27 @@ inherit inputs; }; modules = [ + ({ + nixpkgs.overlays = [ + (final: prev: { + unstable = import inputs.nixpkgs-unstable { + inherit (final) system config; + }; + }) + ]; + }) + + # Bcachefs test, #TODO move to a module + ( + { pkgs, ... }: + { + boot.supportedFilesystems = [ "bcachefs" ]; + environment.systemPackages = with pkgs; [ + keyutils + ]; + } + ) + # inputs.impermanence.nixosModules.impermanence inputs.home-manager.nixosModules.default @@ -58,13 +80,16 @@ { config, pkgs, - upkgs, lib, ... }: rec { # TODO ensure matches configuration.nix, and add anything else from there that is needed - system.stateVersion = "25.05"; + system.stateVersion = "25.11"; + # TODO get latest or use linuxPackages_latest + # not sure what I should + # boot.kernelPackages = pkgs.linuxPackages_6_18; + # No ssh pub keys setup yet, allow password login, TODO remove services.openssh.settings.PasswordAuthentication = lib.mkForce true; @@ -75,7 +100,7 @@ backupFileExtension = "bak"; # add all normal users to home manager so it applies to them users = lib.mapAttrs (name: user: { - home.stateVersion = "25.05"; + home.stateVersion = "25.11"; programs.home-manager.enable = true; }) (lib.filterAttrs (name: user: user.isNormalUser or false) users.users); @@ -92,7 +117,6 @@ extraSpecialArgs = { inherit inputs; - inherit upkgs; }; };