From 429b8ee99c7e53db26e709dd71377d9a4eea20d9 Mon Sep 17 00:00:00 2001 From: Nate Anderson Date: Fri, 5 Dec 2025 16:57:40 -0700 Subject: [PATCH] update to 25.11, various fixes, converted to using gnome keyring --- flake.lock | 43 +++--------- flake.nix | 11 +-- nate-work/modules/home-manager/home.nix | 68 +++++++----------- nate-work/modules/hypr/hyprland.nix | 6 +- nate-work/modules/vpn-proxy/vpn-proxy.nix | 85 +++++++++++++---------- 5 files changed, 90 insertions(+), 123 deletions(-) diff --git a/flake.lock b/flake.lock index 0b26656..6742246 100644 --- a/flake.lock +++ b/flake.lock @@ -1,25 +1,5 @@ { "nodes": { - "auto-cpufreq": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1752998173, - "narHash": "sha256-ZlYpBp2WOe03UrpjJGz5KTOL/pp7A452hJO/Vc8C4/0=", - "owner": "AdnanHodzic", - "repo": "auto-cpufreq", - "rev": "562278377ffa96f3c1af49c7b499df028ce8d8bd", - "type": "github" - }, - "original": { - "owner": "AdnanHodzic", - "repo": "auto-cpufreq", - "type": "github" - } - }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs" @@ -66,16 +46,16 @@ ] }, "locked": { - "lastModified": 1749154018, - "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", + "lastModified": 1764866045, + "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=", "owner": "nix-community", "repo": "home-manager", - "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", + "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", + "ref": "release-25.11", "repo": "home-manager", "type": "github" } @@ -114,11 +94,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1763966396, - "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", + "lastModified": 1764667669, + "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", + "rev": "418468ac9527e799809c900eda37cbff999199b6", "type": "github" }, "original": { @@ -130,16 +110,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1763948260, - "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", + "lastModified": 1764831616, + "narHash": "sha256-OtzF5wBvO0jgW1WW1rQU9cMGx7zuvkF7CAVJ1ypzkxA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", + "rev": "c97c47f2bac4fa59e2cbdeba289686ae615f8ed4", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -182,7 +162,6 @@ }, "root": { "inputs": { - "auto-cpufreq": "auto-cpufreq", "catppuccin": "catppuccin", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index 46d7d83..52932fe 100644 --- a/flake.nix +++ b/flake.nix @@ -2,23 +2,19 @@ description = "NixOS system flake."; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; home-manager = { - url = "github:nix-community/home-manager/release-25.05"; + url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; # bonus inputs catppuccin.url = "github:catppuccin/nix"; nur.url = "github:nix-community/NUR"; - auto-cpufreq = { - url = "github:AdnanHodzic/auto-cpufreq"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, catppuccin, nur, home-manager, auto-cpufreq, nixos-hardware, ... } @ inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, catppuccin, nur, home-manager, nixos-hardware, ... } @ inputs: let inherit (self) outputs; system = "x86_64-linux"; @@ -72,7 +68,6 @@ }; modules = [ catppuccin.nixosModules.catppuccin - auto-cpufreq.nixosModules.default # Setup home manager inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; diff --git a/nate-work/modules/home-manager/home.nix b/nate-work/modules/home-manager/home.nix index c5e29eb..a37062b 100644 --- a/nate-work/modules/home-manager/home.nix +++ b/nate-work/modules/home-manager/home.nix @@ -44,7 +44,6 @@ hyprhome = { enable = true; homePackages = with pkgs; [ - chromium # # Dev Tools # @@ -56,19 +55,19 @@ jq gnumake mariadb - lsp-ai - python3 - nodejs_24 cmake + ## nodejs frontend + nodejs_24 + husky + pnpm + yarn + ## dev services cli gh awscli2 - # AI + ## AI unstable.claude-code unstable.opencode - # proto - protobuf - protoc-gen-dart - # Go stuff + ## Go stuff go unstable.delve gotools @@ -78,14 +77,6 @@ go-swag trivy - # clojure - jre17_minimal - clojure - clojure-lsp - cljfmt - leiningen - emacs - ### LSP's gopls nil @@ -93,26 +84,19 @@ nodePackages_latest.bash-language-server openscad-lsp vscode-langservers-extracted # provides eslint, markdown, json, css, and html lsp - python311Packages.python-lsp-server yaml-language-server - elixir-ls ltex-ls ### Misc usbutils - openscad - libxml2 nfs-utils - # For AnyConnect VPN - openconnect - networkmanager-openconnect # # Better Unix # bat duf - du-dust + dust fd fzf lsd @@ -146,14 +130,12 @@ # # Other # + chromium keepassxc obs-studio - prusa-slicer gnome-disk-utility - kdePackages.filelight hugo - unstable.llama-cpp - unstable.davinci-resolve-studio + # unstable.davinci-resolve-studio # # Style @@ -190,10 +172,9 @@ # Git setup programs.git = { enable = true; - userEmail = email; - userName = fullName; - extraConfig = { - include = { path = "${config.xdg.configHome}/macchiato.gitconfig"; }; + settings = { + user.name = fullName; + user.email = email; init = { defaultBranch = "main"; }; merge = { conflictStyle="zdiff3"; }; pull = { ff = "only"; }; @@ -205,16 +186,18 @@ }; }; }; - delta = { - enable = true; - options = { - side-by-side = true; - hyperlinks = true; - }; - }; }; - + # Better git diffs with delta + programs.delta = { + enable = true; + enableGitIntegration = true; + options = { + side-by-side = true; + hyperlinks = true; + }; + }; + # direnv for auto nix flake shells programs = { direnv = { enable = true; @@ -234,6 +217,9 @@ theme = "half-life"; }; initContent = '' + # integrate ssh-agent from gnome keyring + export SSH_AUTH_SOCK=/run/user/$UID/gcr/ssh + # direnv setup eval "$(direnv hook zsh)" diff --git a/nate-work/modules/hypr/hyprland.nix b/nate-work/modules/hypr/hyprland.nix index e0717cc..c75c3af 100644 --- a/nate-work/modules/hypr/hyprland.nix +++ b/nate-work/modules/hypr/hyprland.nix @@ -92,8 +92,6 @@ in enable = true; qemu = { swtpm.enable = true; - ovmf.enable = true; - ovmf.packages = [ pkgs.OVMFFull.fd ]; }; }; spiceUSBRedirection.enable = true; @@ -127,7 +125,7 @@ in programs.xfconf.enable = true; programs.regreet.enable = true; programs.zsh.enable = true; - programs.ssh.startAgent = true; + programs.ssh.startAgent = false; # Using GNOME Keyring's gcr-ssh-agent instead programs.steam.enable = true; programs.wshowkeys.enable = true; services.printing = { @@ -154,7 +152,7 @@ in }; }; # disable lid switch sleep when plugged into power, laptop docked - services.logind.lidSwitchExternalPower = "ignore"; + services.logind.settings.Login.HandleLidSwitchExternalPower = "ignore"; # For yubioath desktop services.pcscd.enable = true; security.polkit.enable = true; diff --git a/nate-work/modules/vpn-proxy/vpn-proxy.nix b/nate-work/modules/vpn-proxy/vpn-proxy.nix index 9278946..461aa8e 100644 --- a/nate-work/modules/vpn-proxy/vpn-proxy.nix +++ b/nate-work/modules/vpn-proxy/vpn-proxy.nix @@ -163,52 +163,61 @@ } stop_proxy() { - if [ ! -f "$PID_FILE" ]; then - echo "Proxy not running (no PID file)" - # Still try to clean up any orphaned processes - if pgrep -f "ssh -D $SOCKS_PORT" > /dev/null 2>&1; then - echo "Found orphaned SSH process, cleaning up..." - pkill -f "ssh -D $SOCKS_PORT" + if [ -f "$PID_FILE" ]; then + local pid + pid=$(cat "$PID_FILE" 2>/dev/null) + + # Kill the specific SSH process + if [ -n "$pid" ] && ps -p "$pid" > /dev/null 2>&1; then + echo "Stopping VPN proxy (PID: $pid)..." + kill "$pid" 2>/dev/null + + # Wait for process to die + local retry=0 + while [ $retry -lt 5 ] && ps -p "$pid" > /dev/null 2>&1; do + sleep 1 + retry=$((retry + 1)) + done + + # Force kill if still alive + if ps -p "$pid" > /dev/null 2>&1; then + echo "Process didn't stop gracefully, force killing..." + kill -9 "$pid" 2>/dev/null + fi + else + echo "PID $pid not found in process list" fi - # Disable system proxy anyway - gsettings set org.gnome.system.proxy mode 'none' - return 1 - fi - - local pid - pid=$(cat "$PID_FILE" 2>/dev/null) - - # Kill the specific SSH process - if [ -n "$pid" ] && ps -p "$pid" > /dev/null 2>&1; then - echo "Stopping VPN proxy (PID: $pid)..." - kill "$pid" 2>/dev/null - - # Wait for process to die - local retry=0 - while [ $retry -lt 5 ] && ps -p "$pid" > /dev/null 2>&1; do - sleep 1 - retry=$((retry + 1)) - done - - # Force kill if still alive - if ps -p "$pid" > /dev/null 2>&1; then - echo "Process didn't stop gracefully, force killing..." - kill -9 "$pid" 2>/dev/null - fi + rm -f "$PID_FILE" else - echo "PID $pid not found, cleaning up..." + echo "Proxy not running (no PID file found)" fi - # Also kill by pattern as backup - pkill -f "ssh -D $SOCKS_PORT.*$VM_USER@$VM_IP" 2>/dev/null + # Always clean up orphaned SSH processes + if pgrep -f "ssh -D $SOCKS_PORT" > /dev/null 2>&1; then + echo "Cleaning up orphaned SSH processes..." + pkill -f "ssh -D $SOCKS_PORT" + fi - rm -f "$PID_FILE" - - # Disable system proxy + # Always disable system proxy and clear SOCKS settings + echo "Clearing proxy settings..." gsettings set org.gnome.system.proxy mode 'none' + gsettings set org.gnome.system.proxy.socks host "" + gsettings set org.gnome.system.proxy.socks port 0 - echo "✓ VPN proxy stopped" + # Verify settings are cleared + local proxy_mode + proxy_mode=$(gsettings get org.gnome.system.proxy mode 2>/dev/null) + if [ "$proxy_mode" = "'none'" ]; then + echo "✓ System proxy disabled" + else + echo "⚠ Warning: Could not verify proxy was disabled (current mode: $proxy_mode)" + fi + + echo "✓ VPN proxy stopped and proxy settings cleared" + + # Return success even if there was no PID file + return 0 } status_proxy() {