From 7353eb481aeb830d245d555f7e8507f2eab794b6 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Tue, 9 Dec 2025 16:20:54 +0100 Subject: [PATCH 1/4] Use only post-quantum resistant algorithms --- modules/sshd.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/sshd.nix b/modules/sshd.nix index 040ed09..0d02cb4 100644 --- a/modules/sshd.nix +++ b/modules/sshd.nix @@ -13,11 +13,8 @@ ]; # Use key exchange algorithms recommended by `nixpkgs#ssh-audit` KexAlgorithms = [ - "curve25519-sha256" - "curve25519-sha256@libssh.org" - "diffie-hellman-group16-sha512" - "diffie-hellman-group18-sha512" "sntrup761x25519-sha512@openssh.com" + "mlkem768x25519-sha256" ]; PasswordAuthentication = false; StreamLocalBindUnlink = true; # unbind gnupg sockets if they exists From 7a5d7c20ef17d5a0179b3cd41f31acf19c2fc33f Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 10 Dec 2025 17:19:18 +0100 Subject: [PATCH 2/4] Fix ipv6 prefix delegation Prefix delegation was broken after Vodafone swapped the plastic router. I'm not sure if this change is required tbh but I'll leave it like that as it works now. --- hosts/iron/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/iron/configuration.nix b/hosts/iron/configuration.nix index 19eeef1..7b191f6 100644 --- a/hosts/iron/configuration.nix +++ b/hosts/iron/configuration.nix @@ -114,7 +114,7 @@ with lib; { interface ${interfaces.wan} ipv6rs ia_na 1 - ia_pd 1/::/64 ${interfaces.lan}/0/64 + ia_pd 2 ${interfaces.lan}/0 ''; jalr.luksUsbUnlock = { @@ -131,6 +131,7 @@ with lib; { boot = { kernel.sysctl = { "net.ipv6.conf.all.forwarding" = 1; + "net.ipv6.conf.enp0s25.accept_ra" = 1; }; initrd = { availableKernelModules = [ From 82ce9e9ac7a69d01c0747c0a48c992cc82b5a1d7 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Fri, 12 Dec 2025 13:00:03 +0100 Subject: [PATCH 3/4] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/8e68aa819d6a9964c8ac45172e68b943b597c52a?narHash=sha256-qw9iaIIz8D%2BlwsTO28VOaZBAJG97jH4%2Bci2pe7ZJR6Q%3D' (2025-12-09) → 'github:nix-community/disko/d64e5cdca35b5fad7c504f615357a7afe6d9c49e?narHash=sha256-fTLX9kDwLr9Y0rH/nG%2Bh1XG5UU%2BjBcy0PFYn5eneRX8%3D' (2025-12-10) • Updated input 'home-manager': 'github:nix-community/home-manager/20561be440a11ec57a89715480717baf19fe6343?narHash=sha256-O8VTGey1xxiRW%2BFpb%2BPs9zU7ShmxUA1a7cMTcENCVNg%3D' (2025-12-08) → 'github:nix-community/home-manager/44777152652bc9eacf8876976fa72cc77ca8b9d8?narHash=sha256-FuFtkJrW1Z7u%2B3lhzPRau69E0CNjADku1mLQQflUORo%3D' (2025-12-10) • Updated input 'nix-pre-commit-hooks': 'github:cachix/git-hooks.nix/548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c?narHash=sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ%3D' (2025-12-06) → 'github:cachix/git-hooks.nix/09e45f2598e1a8499c3594fe11ec2943f34fe509?narHash=sha256-dixPWKiHzh80PtD0aLuxYNQ0xP%2B843dfXG/yM3OzaYQ%3D' (2025-12-11) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454?narHash=sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o%3D' (2025-12-06) → 'github:nixos/nixpkgs/09eb77e94fa25202af8f3e81ddc7353d9970ac1b?narHash=sha256-mSD5Ob7a%2BT2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo%3D' (2025-12-09) • Updated input 'nixpkgsMaster': 'github:NixOS/nixpkgs/fe21dc532562a038547185b77a488f4d7c9cbbda?narHash=sha256-S%2BvuUUBr4KoL1R8dx%2BM1xCsnbc75DelRucLFQX%2BTGxE%3D' (2025-12-09) → 'github:NixOS/nixpkgs/27225de9f2030213246e0d8d62957c43d5229368?narHash=sha256-HTHfcqG8WsrJG0aW3edXF5nQJK3VjPWcUTEi/r0LV7o%3D' (2025-12-12) • Updated input 'nur': 'github:nix-community/NUR/70540c989599d334e4e096e19ee707433a698882?narHash=sha256-aJpZaiYIzOHFi0AG0dbCwFYTGm95kkmEcWY5aSc1Wqc%3D' (2025-12-09) → 'github:nix-community/NUR/b4d99f4da68e9ffd29862904825730ba31a79406?narHash=sha256-hqGAGgmlYxwQufnYSS8E8wH7xyqLoaSIWGqZgdROkZg%3D' (2025-12-12) • Updated input 'nur/nixpkgs': 'github:nixos/nixpkgs/f61125a668a320878494449750330ca58b78c557?narHash=sha256-BmPWzogsG2GsXZtlT%2BMTcAWeDK5hkbGRZTeZNW42fwA%3D' (2025-12-05) → 'github:nixos/nixpkgs/addf7cf5f383a3101ecfba091b98d0a1263dc9b8?narHash=sha256-hM20uyap1a0M9d344I692r%2Bik4gTMyj60cQWO%2BhAYP8%3D' (2025-12-08) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 85335dc..c5852ed 100644 --- a/flake.lock +++ b/flake.lock @@ -65,11 +65,11 @@ ] }, "locked": { - "lastModified": 1765270797, - "narHash": "sha256-qw9iaIIz8D+lwsTO28VOaZBAJG97jH4+ci2pe7ZJR6Q=", + "lastModified": 1765326679, + "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", "owner": "nix-community", "repo": "disko", - "rev": "8e68aa819d6a9964c8ac45172e68b943b597c52a", + "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", "type": "github" }, "original": { @@ -263,11 +263,11 @@ ] }, "locked": { - "lastModified": 1765170903, - "narHash": "sha256-O8VTGey1xxiRW+Fpb+Ps9zU7ShmxUA1a7cMTcENCVNg=", + "lastModified": 1765384171, + "narHash": "sha256-FuFtkJrW1Z7u+3lhzPRau69E0CNjADku1mLQQflUORo=", "owner": "nix-community", "repo": "home-manager", - "rev": "20561be440a11ec57a89715480717baf19fe6343", + "rev": "44777152652bc9eacf8876976fa72cc77ca8b9d8", "type": "github" }, "original": { @@ -386,11 +386,11 @@ ] }, "locked": { - "lastModified": 1765016596, - "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=", + "lastModified": 1765464257, + "narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c", + "rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509", "type": "github" }, "original": { @@ -418,11 +418,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764983851, - "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=", + "lastModified": 1765311797, + "narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454", + "rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b", "type": "github" }, "original": { @@ -434,11 +434,11 @@ }, "nixpkgsMaster": { "locked": { - "lastModified": 1765289907, - "narHash": "sha256-S+vuUUBr4KoL1R8dx+M1xCsnbc75DelRucLFQX+TGxE=", + "lastModified": 1765536405, + "narHash": "sha256-HTHfcqG8WsrJG0aW3edXF5nQJK3VjPWcUTEi/r0LV7o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe21dc532562a038547185b77a488f4d7c9cbbda", + "rev": "27225de9f2030213246e0d8d62957c43d5229368", "type": "github" }, "original": { @@ -466,11 +466,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764950072, - "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f61125a668a320878494449750330ca58b78c557", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -502,11 +502,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1765284801, - "narHash": "sha256-aJpZaiYIzOHFi0AG0dbCwFYTGm95kkmEcWY5aSc1Wqc=", + "lastModified": 1765540078, + "narHash": "sha256-hqGAGgmlYxwQufnYSS8E8wH7xyqLoaSIWGqZgdROkZg=", "owner": "nix-community", "repo": "NUR", - "rev": "70540c989599d334e4e096e19ee707433a698882", + "rev": "b4d99f4da68e9ffd29862904825730ba31a79406", "type": "github" }, "original": { From 81cbb02774948400184a934879982c89ec470129 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Fri, 12 Dec 2025 13:05:02 +0100 Subject: [PATCH 4/4] Add Resynthesizer plugin to GIMP --- users/jalr/modules/graphics/gimp.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/users/jalr/modules/graphics/gimp.nix b/users/jalr/modules/graphics/gimp.nix index c64e108..bb318b7 100644 --- a/users/jalr/modules/graphics/gimp.nix +++ b/users/jalr/modules/graphics/gimp.nix @@ -1,7 +1,13 @@ { nixosConfig, lib, pkgs, ... }: lib.mkIf nixosConfig.jalr.gui.enable { - home.packages = with pkgs; [ - gimp + home.packages = [ + ( + pkgs.gimp-with-plugins.override { + plugins = with pkgs.gimpPlugins; [ + resynthesizer + ]; + } + ) ]; }