diff --git a/flake.lock b/flake.lock index 257495d..f2dd283 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1746728054, - "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=", + "lastModified": 1768920986, + "narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=", "owner": "nix-community", "repo": "disko", - "rev": "ff442f5d1425feb86344c028298548024f21256d", + "rev": "de5708739256238fb912c62f03988815db89ec9a", "type": "github" }, "original": { @@ -21,16 +21,32 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1765495779, - "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "5635c32d666a59ec9a55cab87e898889869f7b71", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -47,11 +63,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1765911005, - "narHash": "sha256-avaLO3hlDITEagKvoUC0KtgZif3tyx8LpNSf9R5keNk=", + "lastModified": 1772974802, + "narHash": "sha256-SEe6mMTwceijwzeeQ4dauWuuEwkdqobSbDgiwqQwnxI=", "owner": "wamserma", "repo": "flake-programs-sqlite", - "rev": "c98fbcdffe90188fc52c54b04d06f5dff4a2852f", + "rev": "7ac37009c7b3fa6c1a1d076f3181a695401f7d31", "type": "github" }, "original": { @@ -60,6 +76,51 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nix-gaming", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nix-gaming", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -67,11 +128,11 @@ ] }, "locked": { - "lastModified": 1765860045, - "narHash": "sha256-7Lxp/PfOy4h3QIDtmWG/EgycaswqRSkDX4DGtet14NE=", + "lastModified": 1772985285, + "narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=", "owner": "nix-community", "repo": "home-manager", - "rev": "09de9577d47d8bffb11c449b6a3d24e32ac16c99", + "rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85", "type": "github" }, "original": { @@ -83,16 +144,17 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts", + "git-hooks": "git-hooks", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1765937051, - "narHash": "sha256-JBbnxGZDzLtYoqragAnTrpLMAEWMJoQAMpAx2k0hIYg=", + "lastModified": 1772937574, + "narHash": "sha256-Yw1tP/ASebNYuW2GcYDTgWf2Mg9qcUYo6MTagXyeFCs=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "64cbe149f26ca2c6687ca5ab4f294d0b87c6ffb8", + "rev": "d2b0b283deb24cdbb2750e658fa7001fee5ad586", "type": "github" }, "original": { @@ -103,11 +165,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765779637, - "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", + "lastModified": 1772773019, + "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", + "rev": "aca4d95fce4914b3892661bcb80b8087293536c6", "type": "github" }, "original": { @@ -119,11 +181,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -158,11 +220,11 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1765834918, - "narHash": "sha256-jCX7Pi9T3bwDfLgTM3xMFvjMXGGmAe5lBXPcxsmsLqI=", + "lastModified": 1772763464, + "narHash": "sha256-1IEO166bp1yLwyWE1tl6dJDzL6fniu4+OdeSJpkUwD4=", "owner": "pwndbg", "repo": "pwndbg", - "rev": "dfdfbd4f7bd45869d7b4b7d3e4418aede29359d2", + "rev": "2b1c3b4f91f05aca4ed8b17d0c7a634b55d8f754", "type": "github" }, "original": { @@ -187,11 +249,11 @@ ] }, "locked": { - "lastModified": 1757296493, - "narHash": "sha256-6nzSZl28IwH2Vx8YSmd3t6TREHpDbKlDPK+dq1LKIZQ=", + "lastModified": 1763662255, + "narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "5b8e37fe0077db5c1df3a5ee90a651345f085d38", + "rev": "042904167604c681a090c07eb6967b4dd4dae88c", "type": "github" }, "original": { @@ -208,11 +270,11 @@ ] }, "locked": { - "lastModified": 1757246327, - "narHash": "sha256-6pNlGhwOIMfhe/RLjHdpXveKS4FyLHvlGe+KtjDild4=", + "lastModified": 1769936401, + "narHash": "sha256-kwCOegKLZJM9v/e/7cqwg1p/YjjTAukKPqmxKnAZRgA=", "owner": "pyproject-nix", "repo": "pyproject.nix", - "rev": "8d77f342d66ad1601cdb9d97e9388b69f64d4c8e", + "rev": "b0d513eeeebed6d45b4f2e874f9afba2021f7812", "type": "github" }, "original": { @@ -240,11 +302,11 @@ ] }, "locked": { - "lastModified": 1765836173, - "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", + "lastModified": 1772944399, + "narHash": "sha256-xTzsSd3r5HBeufSZ3fszAn0ldfKctvsYG7tT2YJg5gY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", + "rev": "c8e69670b316d6788e435a3aa0bda74eb1b82cc0", "type": "github" }, "original": { @@ -253,13 +315,31 @@ "type": "github" } }, - "utils": { + "systems": { "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -280,11 +360,11 @@ ] }, "locked": { - "lastModified": 1756973152, - "narHash": "sha256-9JcKAA7T9J98LWdcxbXvmf+amQG3ZErxqQnBjEJI04I=", + "lastModified": 1769957392, + "narHash": "sha256-6PkqwwYf5K2CHi2V+faI/9pqjfz/HxUkI/MVid6hlOY=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "64298e806f4a5f63a51c625edc100348138491aa", + "rev": "d18bc50ae1c3d4be9c41c2d94ea765524400af75", "type": "github" }, "original": { diff --git a/overlays/default.nix b/overlays/default.nix index 74c86f4..8b5991f 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -6,12 +6,12 @@ nixpkgs.overlays = [ (self: super: { nsxiv = super.nsxiv.overrideAttrs (old: { - buildInputs = old.buildInputs ++ [super.xorg.libXcursor]; + buildInputs = old.buildInputs ++ [super.libxcursor]; env.NIX_LDFLAGS = "-lXcursor"; patches = [./nsxiv.diff]; }); maim = super.maim.overrideAttrs (old: { - buildInputs = old.buildInputs ++ [super.xorg.libXcursor]; + buildInputs = old.buildInputs ++ [super.libxcursor]; env.NIX_LDFLAGS = "-lXcursor"; }); ki = super.ki.overrideAttrs (old: { diff --git a/system/virt.nix b/system/virt.nix index caa7f19..9e1cb76 100644 --- a/system/virt.nix +++ b/system/virt.nix @@ -1,4 +1,9 @@ -{config, ...}: { +{ + config, + pkgs, + lib, + ... +}: { virtualisation.containers.enable = config.u.has.container; virtualisation = { podman = { @@ -8,6 +13,25 @@ }; }; virtualisation.libvirtd.enable = config.u.has.virt; + virtualisation.libvirtd.package = pkgs.libvirt.overrideAttrs (old: { + postPatch = + old.postPatch + + ( + let + script = pkgs.writeShellApplication { + name = "virt-secret-init-encryption-sh"; + runtimeInputs = [ + pkgs.coreutils + pkgs.systemd + ]; + text = ''exec ${pkgs.runtimeShell} "$@"''; + }; + in '' + substituteInPlace src/secret/virt-secret-init-encryption.service.in \ + --replace-fail /usr/bin/sh ${lib.getExe script} + '' + ); + }); programs.virt-manager.enable = config.u.has.graphical && config.u.has.virt; programs.nix-ld.enable = true; hardware.graphics.enable32Bit = config.u.has.graphical && config.u.has.wine; diff --git a/system/yubikey.nix b/system/yubikey.nix index 178f0ea..ecebad2 100644 --- a/system/yubikey.nix +++ b/system/yubikey.nix @@ -22,4 +22,13 @@ lib.mkIf config.u.has.yubikey { services.physlock.u2fAuth = false; }; programs.yubikey-touch-detector.enable = true; + systemd.services."polkit-agent-helper@".serviceConfig = { + PrivateDevices = lib.mkForce false; + DeviceAllow = [ + "/dev/urandom r" + "char-hidraw rw" + ]; + ProtectHome = lib.mkForce "read-only"; + StandardError = "journal"; + }; } diff --git a/user/activitywatch.nix b/user/activitywatch.nix index d03ee6a..89c093b 100644 --- a/user/activitywatch.nix +++ b/user/activitywatch.nix @@ -19,7 +19,7 @@ lib.mkIf config.u.has.activitywatch { }; home.packages = with pkgs; [ activitywatch - python312Packages.aw-client - python312Packages.aw-core + python3Packages.aw-client + python3Packages.aw-core ]; } diff --git a/user/packages.nix b/user/packages.nix index 81095a4..f5675d1 100644 --- a/user/packages.nix +++ b/user/packages.nix @@ -61,12 +61,12 @@ (config.u.lib.localHome vesktop "vesktop" "bin/vesktop") ] ++ lib.optionals config.u.has.wine [ - wineWowPackages.stable + wineWow64Packages.stable winetricks ] ++ lib.optionals config.u.has.jp [ anki ki - python312Packages.manga-ocr + python3Packages.manga-ocr ]; } diff --git a/user/prog.nix b/user/prog.nix index 98a21f9..e5c00fd 100644 --- a/user/prog.nix +++ b/user/prog.nix @@ -7,7 +7,7 @@ lib.mkIf config.u.has.prog { home.packages = with pkgs; [ - (python312.withPackages (python-pkgs: [ + (python3.withPackages (python-pkgs: [ python-pkgs.pwntools python-pkgs.requests python-pkgs.pyjwt