From dbd88aea6642164316f8b1327215f8ede18579d4 Mon Sep 17 00:00:00 2001 From: Henri Dohmen Date: Sun, 18 May 2025 13:27:15 +0200 Subject: [PATCH] update nixpkgs, small changes --- flake.lock | 18 +++++++++--------- mod/home-manager.nix | 9 +++++++-- mod/nix-configuration.nix | 22 +++++++++------------- mod/users.nix | 6 ++++++ 4 files changed, 31 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 3d2c7c0..0679a7e 100644 --- a/flake.lock +++ b/flake.lock @@ -60,11 +60,11 @@ ] }, "locked": { - "lastModified": 1747155932, - "narHash": "sha256-NnPzzXEqfYjfrimLzK0JOBItfdEJdP/i6SNTuunCGgw=", + "lastModified": 1747559278, + "narHash": "sha256-10VfcILI2zYY1/ZlOx/cakDmpJgSEJYEG3gMrjzFREY=", "owner": "nix-community", "repo": "home-manager", - "rev": "8d832ddfda9facf538f3dda9b6985fb0234f151c", + "rev": "ee85cfc5c132e2cf956a7b5ab156ddaedaefcbbc", "type": "github" }, "original": { @@ -112,11 +112,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746904237, - "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "lastModified": 1746461020, + "narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae", "type": "github" }, "original": { @@ -128,11 +128,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1746904237, - "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "type": "github" }, "original": { diff --git a/mod/home-manager.nix b/mod/home-manager.nix index 2e6102e..4459f64 100644 --- a/mod/home-manager.nix +++ b/mod/home-manager.nix @@ -8,11 +8,17 @@ { imports = [ inputs.home-manager.nixosModules.home-manager + { + home-manager.users."hd" = lib.mkAliasDefinitions options.home; + # install to /etc/profiles, not ~/.nix-profile + home-manager.useUserPackages = true; + # dont use home.nixpkgs + home-manager.useGlobalPkgs = true; + } ]; config = { home.home.stateVersion = config.system.stateVersion; - home-manager.users."hd" = lib.mkAliasDefinitions options.home; }; options = { @@ -21,5 +27,4 @@ default = { }; }; }; - } diff --git a/mod/nix-configuration.nix b/mod/nix-configuration.nix index 0638c98..86b42fd 100644 --- a/mod/nix-configuration.nix +++ b/mod/nix-configuration.nix @@ -5,18 +5,14 @@ ... }: { - config = { - nix.settings = { - experimental-features = [ - "nix-command" - "flakes" - ]; - trusted-users = [ - "root" - ]; - auto-optimise-store = true; - }; - - nixpkgs.config.allowUnfree = false; + nix.settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ "root" ]; + auto-optimise-store = true; }; + + nixpkgs.config.allowUnfree = false; } diff --git a/mod/users.nix b/mod/users.nix index 9af7528..bcf37c0 100644 --- a/mod/users.nix +++ b/mod/users.nix @@ -23,6 +23,12 @@ }; users.root = { hashedPassword = "!"; + + # I don't like the unprivileged users to have unrestricted access to root + # but this is required for colmena. Better options are + # - only authorize root's pubkey + # - create password protected key + # TODO: do one of the above openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEG+dd4m98aKEWfFa/7VZUlJNX0axvIlHVihT8w7RLyY" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIsoj2+esEebRwDV2PuNRt9Vz28oolOy+Hc2THwrWTAB"