update nixpkgs, small changes

flake.lock

@@ -60,11 +60,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747155932,
-        "narHash": "sha256-NnPzzXEqfYjfrimLzK0JOBItfdEJdP/i6SNTuunCGgw=",
+        "lastModified": 1747559278,
+        "narHash": "sha256-10VfcILI2zYY1/ZlOx/cakDmpJgSEJYEG3gMrjzFREY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8d832ddfda9facf538f3dda9b6985fb0234f151c",
+        "rev": "ee85cfc5c132e2cf956a7b5ab156ddaedaefcbbc",
         "type": "github"
       },
       "original": {
@@ -112,11 +112,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1746904237,
-        "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
+        "lastModified": 1746461020,
+        "narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
+        "rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae",
         "type": "github"
       },
       "original": {
@@ -128,11 +128,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1746904237,
-        "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
+        "lastModified": 1747327360,
+        "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
+        "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46",
         "type": "github"
       },
       "original": {

mod/home-manager.nix

@@ -8,11 +8,17 @@
 {
   imports = [
     inputs.home-manager.nixosModules.home-manager
+    {
+      home-manager.users."hd" = lib.mkAliasDefinitions options.home;
+      # install to /etc/profiles, not ~/.nix-profile
+      home-manager.useUserPackages = true;
+      # dont use home.nixpkgs
+      home-manager.useGlobalPkgs = true;
+    }
   ];
 
   config = {
     home.home.stateVersion = config.system.stateVersion;
-    home-manager.users."hd" = lib.mkAliasDefinitions options.home;
   };
 
   options = {
@@ -21,5 +27,4 @@
       default = { };
     };
   };
-
 }

mod/nix-configuration.nix

@@ -5,18 +5,14 @@
   ...
 }:
 {
-  config = {
-    nix.settings = {
-      experimental-features = [
-        "nix-command"
-        "flakes"
-      ];
-      trusted-users = [
-        "root"
-      ];
-      auto-optimise-store = true;
-    };
-
-    nixpkgs.config.allowUnfree = false;
+  nix.settings = {
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    trusted-users = [ "root" ];
+    auto-optimise-store = true;
   };
+
+  nixpkgs.config.allowUnfree = false;
 }

mod/users.nix

@@ -23,6 +23,12 @@
     };
     users.root = {
       hashedPassword = "!";
+
+      # I don't like the unprivileged users to have unrestricted access to root
+      # but this is required for colmena. Better options are
+      #  - only authorize root's pubkey
+      #  - create password protected key
+      # TODO: do one of the above
       openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEG+dd4m98aKEWfFa/7VZUlJNX0axvIlHVihT8w7RLyY"
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIsoj2+esEebRwDV2PuNRt9Vz28oolOy+Hc2THwrWTAB"