n8r/nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 25.11, various fixes, converted to using gnome keyring

Browse Source
This commit is contained in:
Nate Anderson 2025-12-05 16:57:40 -07:00
parent 6dfc1553f6
commit 429b8ee99c
5 changed files with 90 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
flake.lock generated
View File

@ -1,25 +1,5 @@
{
"nodes": {
"auto-cpufreq": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1752998173,
"narHash": "sha256-ZlYpBp2WOe03UrpjJGz5KTOL/pp7A452hJO/Vc8C4/0=",
"owner": "AdnanHodzic",
"repo": "auto-cpufreq",
"rev": "562278377ffa96f3c1af49c7b499df028ce8d8bd",
"type": "github"
},
"original": {
"owner": "AdnanHodzic",
"repo": "auto-cpufreq",
"type": "github"
}
},
"catppuccin": {
"inputs": {
"nixpkgs": "nixpkgs"
@ -66,16 +46,16 @@
]
},
"locked": {
"lastModified": 1749154018,
"narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=",
"lastModified": 1764866045,
"narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111",
"rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
@ -114,11 +94,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1763966396,
"narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=",
"lastModified": 1764667669,
"narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5ae3b07d8d6527c42f17c876e404993199144b6a",
"rev": "418468ac9527e799809c900eda37cbff999199b6",
"type": "github"
},
"original": {
@ -130,16 +110,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1763948260,
"narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=",
"lastModified": 1764831616,
"narHash": "sha256-OtzF5wBvO0jgW1WW1rQU9cMGx7zuvkF7CAVJ1ypzkxA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c",
"rev": "c97c47f2bac4fa59e2cbdeba289686ae615f8ed4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
@ -182,7 +162,6 @@
},
"root": {
"inputs": {
"auto-cpufreq": "auto-cpufreq",
"catppuccin": "catppuccin",
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",

11
flake.nix
View File

@ -2,23 +2,19 @@
description = "NixOS system flake.";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
# bonus inputs
catppuccin.url = "github:catppuccin/nix";
nur.url = "github:nix-community/NUR";
auto-cpufreq = {
url = "github:AdnanHodzic/auto-cpufreq";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
};
outputs = { self, nixpkgs, nixpkgs-unstable, catppuccin, nur, home-manager, auto-cpufreq, nixos-hardware, ... } @ inputs:
outputs = { self, nixpkgs, nixpkgs-unstable, catppuccin, nur, home-manager, nixos-hardware, ... } @ inputs:
let
inherit (self) outputs;
system = "x86_64-linux";
@ -72,7 +68,6 @@
};
modules = [
catppuccin.nixosModules.catppuccin
auto-cpufreq.nixosModules.default
# Setup home manager
inputs.home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;

68
nate-work/modules/home-manager/home.nix
View File

@ -44,7 +44,6 @@
hyprhome = {
enable = true;
homePackages = with pkgs; [
chromium
#
# Dev Tools
#
@ -56,19 +55,19 @@
jq
gnumake
mariadb
lsp-ai
python3
nodejs_24
cmake
## nodejs frontend
nodejs_24
husky
pnpm
yarn
## dev services cli
gh
awscli2
# AI
## AI
unstable.claude-code
unstable.opencode
# proto
protobuf
protoc-gen-dart
# Go stuff
## Go stuff
go
unstable.delve
gotools
@ -78,14 +77,6 @@
go-swag
trivy
# clojure
jre17_minimal
clojure
clojure-lsp
cljfmt
leiningen
emacs
### LSP's
gopls
nil
@ -93,26 +84,19 @@
nodePackages_latest.bash-language-server
openscad-lsp
vscode-langservers-extracted # provides eslint, markdown, json, css, and html lsp
python311Packages.python-lsp-server
yaml-language-server
elixir-ls
ltex-ls
### Misc
usbutils
openscad
libxml2
nfs-utils
# For AnyConnect VPN
openconnect
networkmanager-openconnect
#
# Better Unix
#
bat
duf
du-dust
dust
fd
fzf
lsd
@ -146,14 +130,12 @@
#
# Other
#
chromium
keepassxc
obs-studio
prusa-slicer
gnome-disk-utility
kdePackages.filelight
hugo
unstable.llama-cpp
unstable.davinci-resolve-studio
# unstable.davinci-resolve-studio
#
# Style
@ -190,10 +172,9 @@
# Git setup
programs.git = {
enable = true;
userEmail = email;
userName = fullName;
extraConfig = {
include = { path = "${config.xdg.configHome}/macchiato.gitconfig"; };
settings = {
user.name = fullName;
user.email = email;
init = { defaultBranch = "main"; };
merge = { conflictStyle="zdiff3"; };
pull = { ff = "only"; };
@ -205,16 +186,18 @@
};
};
};
delta = {
enable = true;
options = {
side-by-side = true;
hyperlinks = true;
};
};
};
# Better git diffs with delta
programs.delta = {
enable = true;
enableGitIntegration = true;
options = {
side-by-side = true;
hyperlinks = true;
};
};
# direnv for auto nix flake shells
programs = {
direnv = {
enable = true;
@ -234,6 +217,9 @@
theme = "half-life";
};
initContent = ''
# integrate ssh-agent from gnome keyring
export SSH_AUTH_SOCK=/run/user/$UID/gcr/ssh
# direnv setup
eval "$(direnv hook zsh)"

6
nate-work/modules/hypr/hyprland.nix
View File

@ -92,8 +92,6 @@ in
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
};
};
spiceUSBRedirection.enable = true;
@ -127,7 +125,7 @@ in
programs.xfconf.enable = true;
programs.regreet.enable = true;
programs.zsh.enable = true;
programs.ssh.startAgent = true;
programs.ssh.startAgent = false; # Using GNOME Keyring's gcr-ssh-agent instead
programs.steam.enable = true;
programs.wshowkeys.enable = true;
services.printing = {
@ -154,7 +152,7 @@ in
};
};
# disable lid switch sleep when plugged into power, laptop docked
services.logind.lidSwitchExternalPower = "ignore";
services.logind.settings.Login.HandleLidSwitchExternalPower = "ignore";
# For yubioath desktop
services.pcscd.enable = true;
security.polkit.enable = true;

85
nate-work/modules/vpn-proxy/vpn-proxy.nix
View File

@ -163,52 +163,61 @@
}
stop_proxy() {
if [ ! -f "$PID_FILE" ]; then
echo "Proxy not running (no PID file)"
# Still try to clean up any orphaned processes
if pgrep -f "ssh -D $SOCKS_PORT" > /dev/null 2>&1; then
echo "Found orphaned SSH process, cleaning up..."
pkill -f "ssh -D $SOCKS_PORT"
if [ -f "$PID_FILE" ]; then
local pid
pid=$(cat "$PID_FILE" 2>/dev/null)
# Kill the specific SSH process
if [ -n "$pid" ] && ps -p "$pid" > /dev/null 2>&1; then
echo "Stopping VPN proxy (PID: $pid)..."
kill "$pid" 2>/dev/null
# Wait for process to die
local retry=0
while [ $retry -lt 5 ] && ps -p "$pid" > /dev/null 2>&1; do
sleep 1
retry=$((retry + 1))
done
# Force kill if still alive
if ps -p "$pid" > /dev/null 2>&1; then
echo "Process didn't stop gracefully, force killing..."
kill -9 "$pid" 2>/dev/null
fi
else
echo "PID $pid not found in process list"
fi
# Disable system proxy anyway
gsettings set org.gnome.system.proxy mode 'none'
return 1
fi
local pid
pid=$(cat "$PID_FILE" 2>/dev/null)
# Kill the specific SSH process
if [ -n "$pid" ] && ps -p "$pid" > /dev/null 2>&1; then
echo "Stopping VPN proxy (PID: $pid)..."
kill "$pid" 2>/dev/null
# Wait for process to die
local retry=0
while [ $retry -lt 5 ] && ps -p "$pid" > /dev/null 2>&1; do
sleep 1
retry=$((retry + 1))
done
# Force kill if still alive
if ps -p "$pid" > /dev/null 2>&1; then
echo "Process didn't stop gracefully, force killing..."
kill -9 "$pid" 2>/dev/null
fi
rm -f "$PID_FILE"
else
echo "PID $pid not found, cleaning up..."
echo "Proxy not running (no PID file found)"
fi
# Also kill by pattern as backup
pkill -f "ssh -D $SOCKS_PORT.*$VM_USER@$VM_IP" 2>/dev/null
# Always clean up orphaned SSH processes
if pgrep -f "ssh -D $SOCKS_PORT" > /dev/null 2>&1; then
echo "Cleaning up orphaned SSH processes..."
pkill -f "ssh -D $SOCKS_PORT"
fi
rm -f "$PID_FILE"
# Disable system proxy
# Always disable system proxy and clear SOCKS settings
echo "Clearing proxy settings..."
gsettings set org.gnome.system.proxy mode 'none'
gsettings set org.gnome.system.proxy.socks host ""
gsettings set org.gnome.system.proxy.socks port 0
echo " VPN proxy stopped"
# Verify settings are cleared
local proxy_mode
proxy_mode=$(gsettings get org.gnome.system.proxy mode 2>/dev/null)
if [ "$proxy_mode" = "'none'" ]; then
echo " System proxy disabled"
else
echo " Warning: Could not verify proxy was disabled (current mode: $proxy_mode)"
fi
echo " VPN proxy stopped and proxy settings cleared"
# Return success even if there was no PID file
return 0
}
status_proxy() {