Minimize pkgs use, add stable channel for unstable systems, more separation and such

2025-03-27 08:53:35 -04:00 · 2025-03-27 08:53:35 -04:00 · 9190e09c93
commit 9190e09c93
parent e2c86171a5
23 changed files with 112 additions and 93 deletions
--- a/flake.lock
+++ b/flake.lock
@ -57,7 +57,7 @@
    "disko": {
      "inputs": {
        "nixpkgs": [
-          "nixpkgs"
+          "stable"
        ]
      },
      "locked": {
@ -222,10 +222,10 @@
        "type": "github"
      }
    },
-    "home-manager": {
+    "hm": {
      "inputs": {
        "nixpkgs": [
-          "nixpkgs"
+          "stable"
        ]
      },
      "locked": {
@ -265,7 +265,7 @@
        "flake-parts": "flake-parts",
        "flake-utils": "flake-utils",
        "nixpkgs": [
-          "nixpkgs"
+          "stable"
        ],
        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
        "rust-overlay": "rust-overlay"
@ -406,26 +406,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1742751704,
-        "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-24.11",
-        "type": "indirect"
-      }
-    },
-    "nixpkgs_5": {
-      "locked": {
-        "lastModified": 1742669843,
-        "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
+        "lastModified": 1742889210,
+        "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
+        "rev": "698214a32beb4f4c8e3942372c694f40848b360d",
        "type": "github"
      },
      "original": {
@ -438,15 +423,15 @@
    "nur": {
      "inputs": {
        "flake-parts": "flake-parts_2",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_4",
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1742962100,
-        "narHash": "sha256-uXXhBELlgUawUAVSNDtnKzoFo4lNoCOYS4JrQwFqnyI=",
+        "lastModified": 1743025561,
+        "narHash": "sha256-wbszHA2bJaA9TSLkiU1Gqby4noRNhhWi9CNoFqxSPj0=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "028c4f0ccf35ede826a3eff910cb4fe6b8e6cfb5",
+        "rev": "dcc6f70a7f8c69b50a266de40ca6228f01a50c88",
        "type": "github"
      },
      "original": {
@ -486,13 +471,13 @@
      "inputs": {
        "blender": "blender",
        "disko": "disko",
-        "home-manager": "home-manager",
+        "hm": "hm",
        "impermanence": "impermanence",
        "lanzaboote": "lanzaboote",
        "mailserver": "mailserver",
        "minecraft": "minecraft",
-        "nixpkgs": "nixpkgs_4",
        "nur": "nur",
+        "stable": "stable",
        "unstable": "unstable"
      }
    },
@ -521,6 +506,21 @@
        "type": "github"
      }
    },
+    "stable": {
+      "locked": {
+        "lastModified": 1742751704,
+        "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-24.11",
+        "type": "indirect"
+      }
+    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@ -574,11 +574,11 @@
    },
    "unstable": {
      "locked": {
-        "lastModified": 1742669843,
-        "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
+        "lastModified": 1742889210,
+        "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
+        "rev": "698214a32beb4f4c8e3942372c694f40848b360d",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -1,17 +1,17 @@
 {
  inputs = {
    # System inputs
-    nixpkgs.url = "nixpkgs/nixos-24.11";
+    stable.url = "nixpkgs/nixos-24.11";
    unstable.url = "nixpkgs/nixos-unstable";

    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.1";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "stable";
    };

    disko = {
      url = "github:nix-community/disko";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "stable";
    };

    impermanence.url = "github:nix-community/impermanence";
@ -19,9 +19,9 @@
    minecraft.url = "github:Infinidoge/nix-minecraft";

    # Home inputs
-    home-manager = {
+    hm = {
      url = "github:nix-community/home-manager/release-24.11";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "stable";
    };

    nur.url = "github:nix-community/NUR";
@ -29,30 +29,30 @@
  };

  outputs = {
-    nixpkgs,
+    stable,
    unstable,
    lanzaboote,
    disko,
    impermanence,
    mailserver,
    minecraft,
-    home-manager,
+    hm,
    nur,
    blender,
    ...
  }@inputs:

  let
-    mkNix = modules: nixpkgs.lib.nixosSystem {
+    mkNix = modules: stable.lib.nixosSystem {
      inherit modules;
      specialArgs = inputs;
    };
-    mkHome = modules: pkgs: home-manager.lib.homeManagerConfiguration {
+    mkHome = modules: pkgs: hm.lib.homeManagerConfiguration {
      inherit modules pkgs;
      extraSpecialArgs = inputs;
    };
  in {
-    # nixos-rebuild switch --flake /etc/nixos#hostname
+    # nh os switch /path --hostname=host
    nixosConfigurations = {
      tower = mkNix [ ./hosts/tower ]; # Main Desktop
      qemu = mkNix [ ./hosts/qemu ]; # Virtualization Testing
@ -67,10 +67,10 @@
      prophet = mkNix [ ./hosts/prophet ]; # Oracle Neoverse-N1
    };

-    # home-manager switch --flake /etc/nixos#arch
+    # nh home switch /path -c arch
    homeConfigurations = {
-      x86 = mkHome [ ./modules/home ] nixpkgs.legacyPackages.x86_64-linux;
-      aarch = mkHome [ ./modules/home ] nixpkgs.legacyPackages.aarch64-linux;
+      x86 = mkHome [ ./modules/home ] stable.legacyPackages.x86_64-linux;
+      aarch = mkHome [ ./modules/home ] stable.legacyPackages.aarch64-linux;
    };
  };
 }
--- a/hosts/intuos/default.nix
+++ b/hosts/intuos/default.nix
@ -11,7 +11,6 @@

  networking = {
    hostName = "intuos";
-    useDHCP = false;
    wireless.enable = true;
    interfaces."wlp1s0".ipv4.addresses = [{
      address = "10.2.0.102";
--- a/hosts/intuos/hardware/default.nix
+++ b/hosts/intuos/hardware/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

--- a/hosts/kitty/hardware/default.nix
+++ b/hosts/kitty/hardware/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

--- a/hosts/midas/firewall/default.nix
+++ b/hosts/midas/firewall/default.nix
@ -3,7 +3,7 @@
  networking.nftables.tables.forwarding = {
    family = "inet";
    content = ''
-      chain PREROUTING {
+      chain incoming {
        type nat hook prerouting priority dstnat; policy accept;
        tcp dport 2211 dnat ip to 10.2.0.100:22 comment "SSH to Tower"
        tcp dport 2222 dnat ip to 10.2.0.2:22 comment "SSH to Kitty"
@ -17,7 +17,7 @@
        udp dport { 37998, 37999, 38000 } dnat ip to 10.3.0.1 comment "VM Sunshine UDP"
      }

-      chain POSTROUTING {
+      chain forward {
        type nat hook postrouting priority 100; policy accept;
        oifname "enp0s31f6" masquerade
      }
--- a/hosts/pear/hardware/default.nix
+++ b/hosts/pear/hardware/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/hardware/network/broadcom-43xx.nix")
--- a/hosts/tower/boot/default.nix
+++ b/hosts/tower/boot/default.nix
@ -6,9 +6,6 @@ let
    "iommu=pt"
    "nested=1"

-    # Virtualization nonsense
-    "transparent_hugepage=never"
-
    # Isolate devices into IOMMU groups
    "pcie_acs_override=downstream,multifunction"
    "pci=routeirq"
@ -19,13 +16,14 @@ in {
    kernelPackages = pkgsUnstable.linuxPackages_xanmod_stable;
    kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];

-    # Load into GPU before NVIDIA driver
+    # Load into GPU before video driver
    initrd.kernelModules = [
      "vfio"
      "vfio_pci"
      "vfio_iommu_type1"
    ];

+    # Secure boot
    lanzaboote.enable = true;
  };

--- a/modules/home/programs/gui/rofi/scripts/default.nix
+++ b/modules/home/programs/gui/rofi/scripts/default.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 {
  home.packages = with pkgs; lib.mkIf config.programs.rofi.enable [
-    (pkgs.writeScriptBin "rofiscratch" ''
+    (writeScriptBin "rofiscratch" ''
      SCRATCHPADS=$(echo -e "Btop\nMusic\nSound\nEasyEffects" | rofi -dmenu -i -p "Scratchpads")
      case $SCRATCHPADS in
        Btop) foot -a btop -T Btop btop;;
@ -9,7 +9,7 @@
        Sound) foot -a sound -T Sound pulsemixer;;
      esac
    '')
-    (pkgs.writeScriptBin "rofipower" ''
+    (writeScriptBin "rofipower" ''
      POWER=$(echo -e "Shutdown\nReboot\nLock\nSleep\nKill" | rofi -dmenu -i -p "Power")
      case $POWER in
        Shutdown) poweroff;;
--- a/modules/home/programs/terminal/bat/default.nix
+++ b/modules/home/programs/terminal/bat/default.nix
@ -0,0 +1,7 @@
+{ ... }:
+{
+  programs.bat = {
+    enable = true;
+    config.paging = "never";
+  };
+}
--- a/modules/home/programs/terminal/default.nix
+++ b/modules/home/programs/terminal/default.nix
@ -1,6 +1,7 @@
 { ... }:
 {
  imports = [
+    ./bat
    ./btop
    ./eza
    ./fastfetch
--- a/modules/home/programs/terminal/fastfetch/small/default.nix
+++ b/modules/home/programs/terminal/fastfetch/small/default.nix
@ -1,5 +1,5 @@
 { pkgs, ... }:
 {
-  home.packages = with pkgs; [ (pkgs.writeScriptBin "pfetch" "fastfetch --config ~/.config/fastfetch/small.jsonc") ];
+  home.packages = with pkgs; [ (writeScriptBin "pfetch" "fastfetch --config ~/.config/fastfetch/small.jsonc") ];
  xdg.configFile."fastfetch/small.jsonc".source = ./small.jsonc;
 }
--- a/modules/home/programs/terminal/zsh/default.nix
+++ b/modules/home/programs/terminal/zsh/default.nix
@ -14,7 +14,6 @@
    };
    initExtra = ''
      pfetch
-      source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh
      source ${pkgs.zsh-you-should-use}/share/zsh/plugins/you-should-use/you-should-use.plugin.zsh
      setopt HIST_IGNORE_SPACE
      setopt RM_STAR_WAIT
--- a/modules/home/settings/aliases/default.nix
+++ b/modules/home/settings/aliases/default.nix
@ -9,7 +9,6 @@
    # Shortcuts
    ff = "clear && fastfetch";
    ip = "ip -c";
-    cat = "${pkgs.bat}/bin/bat --paging never";
    spotdl = "spotdl --m3u --format opus";
    copycat = "wl-copy <";
    myip = "curl ifconfig.co";
--- a/modules/home/settings/gtk/theme/default.nix
+++ b/modules/home/settings/gtk/theme/default.nix
@ -1,13 +1,13 @@
 { config, pkgs, ... }:
 {
-  gtk = {
+  gtk = with pkgs; {
    font = {
-      name = "${config.look.fonts.main}";
+      name = config.look.fonts.main;
      size = 11;
    };
    theme = {
      name = "Colloid-Dark";
-      package = pkgs.colloid-gtk-theme.override {
+      package = colloid-gtk-theme.override {
        themeVariants = [ "default" ];
        colorVariants = [ "dark" ];
        sizeVariants = [ "standard" ];
@ -20,8 +20,8 @@
    };
    iconTheme = {
      name = "Papirus-Dark";
-      package = pkgs.papirus-icon-theme.override {
-        color = "${config.look.colors.folder}";
+      package = papirus-icon-theme.override {
+        color = config.look.colors.folder;
      };
    };
  };
--- a/modules/home/settings/nix/channels/default.nix
+++ b/modules/home/settings/nix/channels/default.nix
@ -0,0 +1,14 @@
+{ config, lib, pkgs, stable, unstable, ... }:
+{
+  nix.registry.stable.flake = stable;
+  nix.registry.unstable.flake = unstable;
+
+  _module.args.pkgsStable = import stable {
+    inherit (pkgs.stdenv.hostPlatform) system;
+    inherit (config.nixpkgs) config;
+  };
+  _module.args.pkgsUnstable = import unstable {
+    inherit (pkgs.stdenv.hostPlatform) system;
+    inherit (config.nixpkgs) config;
+  };
+}
--- a/modules/home/settings/nix/default.nix
+++ b/modules/home/settings/nix/default.nix
@ -1,6 +1,9 @@
-{ config, lib, pkgs, unstable, ... }:
+{ config, lib, pkgs, ... }:
 {
-  imports = [ ./unfree ];
+  imports = [
+    ./channels
+    ./unfree
+  ];

  nix = {
    package = lib.mkForce pkgs.nix;
@ -8,11 +11,5 @@
      "nix-command"
      "flakes"
    ];
-    registry.unstable.flake = unstable;
-  };
-
-  _module.args.pkgsUnstable = import unstable {
-    inherit (pkgs.stdenv.hostPlatform) system;
-    inherit (config.nixpkgs) config;
  };
 }
--- a/modules/system/devices/networking/default.nix
+++ b/modules/system/devices/networking/default.nix
@ -8,16 +8,17 @@
    nftables.enable = true;
    firewall.allowPing = false;
    nameservers = [
-      "1.1.1.1#one.one.one.one"
-      "1.0.0.1#one.one.one.one"
+      "9.9.9.11#dns11.quad9.net"
+      "149.112.112.11#dns11.quad9.net"
+      "2620:fe::11#dns11.quad9.net"
+      "2620:fe::fe:11#dns11.quad9.net"
    ];
  };

  services.resolved = {
    enable = true;
    dnssec = "true";
-    domains = [ "~." ];
-    fallbackDns = config.networking.nameservers;
    dnsovertls = "true";
+    fallbackDns = config.networking.nameservers;
  };
 }
--- a/modules/system/devices/video/nvidia/default.nix
+++ b/modules/system/devices/video/nvidia/default.nix
@ -4,21 +4,17 @@

  config = lib.mkIf config.system.nvidia.enable {
    hardware.nvidia = {
-      package = config.boot.kernelPackages.nvidiaPackages.beta;
      modesetting.enable = true;
      nvidiaSettings = false;
-      open = false;
+      open = true;
    };

    services.xserver.videoDrivers = [ "nvidia" ];

-    boot.kernelParams = [ "nvidia_drm.fbdev=1" ];
-
    nixpkgs.allowUnfreePackages = [ "nvidia-x11" ];

-    specialisation.nouveau.configuration.config = {
-      system.nvidia.enable = lib.mkForce false;
-      environment.sessionVariables.NIXOS_OZONE_WL = lib.mkForce "";
-    };
+    boot.kernelParams = [ "nvidia_drm.fbdev=1" ];
+
+    specialisation.nouveau.configuration.config.system.nvidia.enable = lib.mkForce false;
  };
 }
--- a/modules/system/programs/home-manager/default.nix
+++ b/modules/system/programs/home-manager/default.nix
@ -1,10 +1,11 @@
-{ unstable, nur, blender, ... }:
+{ stable, unstable, nur, blender, ... }:
 {
  home-manager = {
    useUserPackages = true;
    backupFileExtension = "bak";
    extraSpecialArgs = {
      inherit
+	stable
        unstable
        nur
        blender
--- a/modules/system/settings/nix/channels/default.nix
+++ b/modules/system/settings/nix/channels/default.nix
@ -0,0 +1,11 @@
+{ config, lib, pkgs, stable, unstable, ... }:
+{
+  _module.args.pkgsStable = import stable {
+    inherit (pkgs.stdenv.hostPlatform) system;
+    inherit (config.nixpkgs) config;
+  };
+  _module.args.pkgsUnstable = import unstable {
+    inherit (pkgs.stdenv.hostPlatform) system;
+    inherit (config.nixpkgs) config;
+  };
+}
--- a/modules/system/settings/nix/default.nix
+++ b/modules/system/settings/nix/default.nix
@ -1,6 +1,7 @@
-{ config, lib, pkgs, unstable, ... }:
+{ pkgs, ... }:
 {
  imports = [
+    ./channels
    ./gc
    ./unfree
  ];
@ -16,9 +17,4 @@
      trusted-users = [ "@wheel" ];
    };
  };
-
-  _module.args.pkgsUnstable = import unstable {
-    inherit (pkgs.stdenv.hostPlatform) system;
-    inherit (config.nixpkgs) config;
-  };
 }
--- a/modules/system/users/default.nix
+++ b/modules/system/users/default.nix
@ -1,7 +1,7 @@
-{ home-manager, ... }:
+{ hm, ... }:
 {
  imports = [
    ./main
-    home-manager.nixosModules.home-manager
+    hm.nixosModules.home-manager
  ];
 }