jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jalr:e9bbfb3f75b5ff3ee79728b2399667bacf5c9e00
Branches Tags
jalr:main
jalr:25.11
jalr:vm
jalr:kauma
jalr:24.05
jalr:rotate-gpg-key
jalr:snapserver
jalr:hass
jalr:weinturm-pretix-23.11
jalr:aluminium-23.05
jalr:23.11
jalr:dynamic-colors
jalr:artwork
jalr:rmfakecloud
jalr:asterisk-test
jalr:waybar
jalr:mitel
jalr:lightburn
jalr:injury
jalr:pretix-test-vm
...
compare: jalr:81cbb02774948400184a934879982c89ec470129
Branches Tags
jalr:25.11
jalr:main
jalr:vm
jalr:kauma
jalr:24.05
jalr:rotate-gpg-key
jalr:snapserver
jalr:hass
jalr:weinturm-pretix-23.11
jalr:aluminium-23.05
jalr:23.11
jalr:dynamic-colors
jalr:artwork
jalr:rmfakecloud
jalr:asterisk-test
jalr:waybar
jalr:mitel
jalr:lightburn
jalr:injury
jalr:pretix-test-vm

4 commits
e9bbfb3f75 ... 81cbb02774

Author SHA1 Message Date
Jakob Lechner
81cbb02774 Add Resynthesizer plugin to GIMP 2025-12-12 13:05:02 +01:00
Jakob Lechner
82ce9e9ac7 flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/8e68aa819d6a9964c8ac45172e68b943b597c52a?narHash=sha256-qw9iaIIz8D%2BlwsTO28VOaZBAJG97jH4%2Bci2pe7ZJR6Q%3D' (2025-12-09)
  → 'github:nix-community/disko/d64e5cdca35b5fad7c504f615357a7afe6d9c49e?narHash=sha256-fTLX9kDwLr9Y0rH/nG%2Bh1XG5UU%2BjBcy0PFYn5eneRX8%3D' (2025-12-10)
• Updated input 'home-manager':
    'github:nix-community/home-manager/20561be440a11ec57a89715480717baf19fe6343?narHash=sha256-O8VTGey1xxiRW%2BFpb%2BPs9zU7ShmxUA1a7cMTcENCVNg%3D' (2025-12-08)
  → 'github:nix-community/home-manager/44777152652bc9eacf8876976fa72cc77ca8b9d8?narHash=sha256-FuFtkJrW1Z7u%2B3lhzPRau69E0CNjADku1mLQQflUORo%3D' (2025-12-10)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/git-hooks.nix/548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c?narHash=sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ%3D' (2025-12-06)
  → 'github:cachix/git-hooks.nix/09e45f2598e1a8499c3594fe11ec2943f34fe509?narHash=sha256-dixPWKiHzh80PtD0aLuxYNQ0xP%2B843dfXG/yM3OzaYQ%3D' (2025-12-11)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454?narHash=sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o%3D' (2025-12-06)
  → 'github:nixos/nixpkgs/09eb77e94fa25202af8f3e81ddc7353d9970ac1b?narHash=sha256-mSD5Ob7a%2BT2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo%3D' (2025-12-09)
• Updated input 'nixpkgsMaster':
    'github:NixOS/nixpkgs/fe21dc532562a038547185b77a488f4d7c9cbbda?narHash=sha256-S%2BvuUUBr4KoL1R8dx%2BM1xCsnbc75DelRucLFQX%2BTGxE%3D' (2025-12-09)
  → 'github:NixOS/nixpkgs/27225de9f2030213246e0d8d62957c43d5229368?narHash=sha256-HTHfcqG8WsrJG0aW3edXF5nQJK3VjPWcUTEi/r0LV7o%3D' (2025-12-12)
• Updated input 'nur':
    'github:nix-community/NUR/70540c989599d334e4e096e19ee707433a698882?narHash=sha256-aJpZaiYIzOHFi0AG0dbCwFYTGm95kkmEcWY5aSc1Wqc%3D' (2025-12-09)
  → 'github:nix-community/NUR/b4d99f4da68e9ffd29862904825730ba31a79406?narHash=sha256-hqGAGgmlYxwQufnYSS8E8wH7xyqLoaSIWGqZgdROkZg%3D' (2025-12-12)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/f61125a668a320878494449750330ca58b78c557?narHash=sha256-BmPWzogsG2GsXZtlT%2BMTcAWeDK5hkbGRZTeZNW42fwA%3D' (2025-12-05)
  → 'github:nixos/nixpkgs/addf7cf5f383a3101ecfba091b98d0a1263dc9b8?narHash=sha256-hM20uyap1a0M9d344I692r%2Bik4gTMyj60cQWO%2BhAYP8%3D' (2025-12-08)
 2025-12-12 13:00:03 +01:00
Jakob Lechner
7a5d7c20ef Fix ipv6 prefix delegation 
Prefix delegation was broken after Vodafone swapped the plastic router.
I'm not sure if this change is required tbh but I'll leave it like that
as it works now.
 2025-12-10 17:19:18 +01:00
Jakob Lechner
7353eb481a Use only post-quantum resistant algorithms 2025-12-09 16:20:54 +01:00
4 changed files with 32 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

42
flake.lock generated
View file

@ -65,11 +65,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1765270797, "lastModified": 1765326679,
"narHash": "sha256-qw9iaIIz8D+lwsTO28VOaZBAJG97jH4+ci2pe7ZJR6Q=", "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "8e68aa819d6a9964c8ac45172e68b943b597c52a", "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -263,11 +263,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1765170903, "lastModified": 1765384171,
"narHash": "sha256-O8VTGey1xxiRW+Fpb+Ps9zU7ShmxUA1a7cMTcENCVNg=", "narHash": "sha256-FuFtkJrW1Z7u+3lhzPRau69E0CNjADku1mLQQflUORo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "20561be440a11ec57a89715480717baf19fe6343", "rev": "44777152652bc9eacf8876976fa72cc77ca8b9d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -386,11 +386,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1765016596, "lastModified": 1765464257,
"narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=", "narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c", "rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -418,11 +418,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1764983851, "lastModified": 1765311797,
"narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=", "narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454", "rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -434,11 +434,11 @@
}, },
"nixpkgsMaster": { "nixpkgsMaster": {
"locked": { "locked": {
"lastModified": 1765289907, "lastModified": 1765536405,
"narHash": "sha256-S+vuUUBr4KoL1R8dx+M1xCsnbc75DelRucLFQX+TGxE=", "narHash": "sha256-HTHfcqG8WsrJG0aW3edXF5nQJK3VjPWcUTEi/r0LV7o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fe21dc532562a038547185b77a488f4d7c9cbbda", "rev": "27225de9f2030213246e0d8d62957c43d5229368",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -466,11 +466,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1764950072, "lastModified": 1765186076,
"narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f61125a668a320878494449750330ca58b78c557", "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -502,11 +502,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1765284801, "lastModified": 1765540078,
"narHash": "sha256-aJpZaiYIzOHFi0AG0dbCwFYTGm95kkmEcWY5aSc1Wqc=", "narHash": "sha256-hqGAGgmlYxwQufnYSS8E8wH7xyqLoaSIWGqZgdROkZg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "70540c989599d334e4e096e19ee707433a698882", "rev": "b4d99f4da68e9ffd29862904825730ba31a79406",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
hosts/iron/configuration.nix
View file

@ -114,7 +114,7 @@ with lib; {
interface ${interfaces.wan} interface ${interfaces.wan}
ipv6rs ipv6rs
ia_na 1 ia_na 1
ia_pd 1/::/64 ${interfaces.lan}/0/64 ia_pd 2 ${interfaces.lan}/0
''; '';
jalr.luksUsbUnlock = { jalr.luksUsbUnlock = {
@ -131,6 +131,7 @@ with lib; {
boot = { boot = {
kernel.sysctl = { kernel.sysctl = {
"net.ipv6.conf.all.forwarding" = 1; "net.ipv6.conf.all.forwarding" = 1;
"net.ipv6.conf.enp0s25.accept_ra" = 1;
}; };
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [

5
modules/sshd.nix
View file

@ -13,11 +13,8 @@
]; ];
# Use key exchange algorithms recommended by `nixpkgs#ssh-audit` # Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
KexAlgorithms = [ KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"sntrup761x25519-sha512@openssh.com" "sntrup761x25519-sha512@openssh.com"
"mlkem768x25519-sha256"
]; ];
PasswordAuthentication = false; PasswordAuthentication = false;
StreamLocalBindUnlink = true; # unbind gnupg sockets if they exists StreamLocalBindUnlink = true; # unbind gnupg sockets if they exists

10
users/jalr/modules/graphics/gimp.nix
View file

@ -1,7 +1,13 @@
{ nixosConfig, lib, pkgs, ... }: { nixosConfig, lib, pkgs, ... }:
lib.mkIf nixosConfig.jalr.gui.enable { lib.mkIf nixosConfig.jalr.gui.enable {
home.packages = with pkgs; [ home.packages = [
gimp (
pkgs.gimp-with-plugins.override {
plugins = with pkgs.gimpPlugins; [
resynthesizer
];
}
)
]; ];
} }