diff --git a/CLAUDE.md b/CLAUDE.md deleted file mode 100644 index f2c0fb4..0000000 --- a/CLAUDE.md +++ /dev/null @@ -1,233 +0,0 @@ -# CLAUDE.md - -This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. - -## Build and Deployment Commands - -### Building Configurations -```bash -# Build a NixOS configuration (creates ./result symlink) -just build -# or -nixos-rebuild build --flake .# - -# Build home-manager configuration -home-manager build --flake .#sajenim@ -``` - -### Deploying Changes -```bash -# Apply NixOS configuration locally (requires sudo) -just switch -# or -sudo nixos-rebuild switch --flake .# - -# Deploy to remote host -just deploy -# or -nixos-rebuild switch --flake .# --target-host --use-remote-sudo - -# Apply home-manager configuration -home-manager switch --flake .#sajenim@ -``` - -### Code Quality -```bash -# Format all Nix files using alejandra -nix fmt - -# Check flake and evaluate all configurations -nix flake check -``` - -### Secret Management -```bash -# Rekey secrets using YubiKey (after adding/modifying secrets) -agenix-rekey edit -agenix-rekey rekey -``` - -## Architecture Overview - -### Flake Structure -This is a NixOS flake-based configuration managing two hosts: -- **fuchsia**: Desktop workstation (gaming, development, XMonad) -- **viridian**: Server (multimedia, services, containers) - -The flake follows the standard structure from Misterio77's starter configs. - -### Configuration Layers - -**NixOS System Configuration** (`nixos/`): -``` -nixos/ -├── common/ -│ ├── global/ # Base system config for all hosts -│ │ ├── age.nix # Agenix secret management with YubiKey -│ │ ├── env.nix # Environment variables -│ │ ├── nix.nix # Nix daemon, flakes, garbage collection -│ │ └── ssh.nix # SSH server config -│ ├── optional/ # Opt-in features -│ │ ├── ephemeral-btrfs.nix # Impermanence with btrfs root wipe -│ │ ├── persist.nix # Persistence paths for ephemeral root -│ │ └── yubikey.nix # YubiKey support -│ └── users/ # User-specific system settings -├── fuchsia/ -│ ├── configuration.nix -│ └── services/ # Desktop services (X11, pipewire, flatpak, etc.) -└── viridian/ - ├── configuration.nix - ├── services/ # Server services (traefik, minecraft, IRC, etc.) - └── multimedia/ # *arr stack (sonarr, radarr, jellyfin, etc.) -``` - -**Home-Manager User Configuration** (`home-manager/`): -``` -home-manager/sajenim/ -├── global/ # Base home config -├── features/ # Modular user features -│ ├── cli/ # Shell, terminal utilities -│ ├── desktop/ # GUI applications, window manager -│ ├── editors/ # Text editors configuration -│ ├── games/ # Gaming-related configs -│ ├── printing/ # Printer utilities -│ └── university/ # Academic tools -├── fuchsia.nix # Desktop profile -└── viridian.nix # Server profile (minimal) -``` - -### Key Architectural Patterns - -**Module Organization**: Configuration is split between: -- `nixos/common/global/`: Imported by ALL hosts (mandatory base config) -- `nixos/common/optional/`: Opt-in features imported per-host -- `nixos//`: Host-specific hardware and services -- `home-manager/sajenim/features/`: Composable user environment features - -**Imports Pattern**: Each host's `configuration.nix` composes its full system by: -1. Importing `../common/global` (base system) -2. Importing selected `../common/optional/*` modules -3. Importing `../common/users/` (user accounts) -4. Importing host-specific services from `./services/` -5. Setting host-specific options (hostname, firewall, etc.) - -**Impermanence**: Uses opt-in persistence with ephemeral btrfs root: -- Root filesystem (`/`) wiped on every boot -- Only `/nix`, `/persist`, and `/boot` survive reboots -- Services must explicitly declare what to persist in `/persist` -- Secrets use persistent SSH keys at `/persist/etc/ssh/` for decryption - -**Secret Management**: -- Encrypted with agenix using host SSH keys -- Master key stored on YubiKey for rekeying -- Rekeyed secrets stored in `nixos/common/global/secrets/rekeyed//` -- Decryption happens during system activation using persistent SSH keys - -**Overlays**: Applied globally via `nixos/common/global/default.nix`: -- `additions`: Custom packages from `pkgs/` -- `modifications`: Patches to existing packages (e.g., dmenu theming) -- `unstable-packages`: Makes `pkgs.unstable.*` available for newer versions - -**Unfree Packages**: Allowlist is centralized in `nixos/common/global/default.nix` -- Default policy: only free software -- Exceptions listed explicitly (steam, minecraft-server) -- Do NOT use `allowUnfreePredicate` in other modules (won't merge) - -### Flake Inputs -External dependencies include: -- `nixpkgs` (25.05 stable), `nixpkgs-unstable` -- `home-manager` (follows nixpkgs) -- `agenix`, `agenix-rekey` (secret management) -- `impermanence` (ephemeral root filesystem) -- `crowdsec` (security) -- `nixvim` (personal Neovim config, external flake) -- `xmonad-config` (personal XMonad config, external flake) -- `nix-minecraft` (declarative Minecraft server) - -Personal flakes (nixvim, xmonad-config) are maintained in separate repositories -and imported as flake inputs. They are updated independently via `nix flake update`. - -## Working with This Configuration - -### Adding a New Host -1. Create `nixos//` directory -2. Add `configuration.nix` and `hardware-configuration.nix` -3. Add SSH host keys (ed25519 and RSA) to the host directory -4. Update `flake.nix` to add the new `nixosConfiguration` -5. Configure secrets: update age.rekey to include new host key - -### Adding a Service -Services are organized by host in `nixos//services/`: -- Create a subdirectory for complex services (e.g., `traefik/`) -- Each service gets its own `default.nix` -- Import in `nixos//services/default.nix` or `configuration.nix` -- Declare persistence paths if using ephemeral root -- Use agenix for any credentials - -### Modifying Packages -- **Custom packages**: Add to `pkgs/` and reference in `pkgs/default.nix` -- **Patching packages**: Add patches to `overlays/patches/`, modify overlay in - `overlays/default.nix` -- **Unfree packages**: Add to allowlist in `nixos/common/global/default.nix` - -### Testing Changes -1. **IMPORTANT**: Stage new files with git before building or checking - - Nix flakes only evaluate files tracked in git - - Run `git add ` for any new files before `nix flake check` or build -2. Build configuration: `just build ` -3. Check for evaluation errors: `nix flake check` -4. Review changes before switching -5. Switch: `just switch ` (local) or `just deploy ` (remote) - -### Managing Secrets -- Secrets are encrypted per-host and stored in - `nixos/common/global/secrets/rekeyed//` -- Edit secrets: `agenix-rekey edit ` -- After editing, rekey all hosts: `agenix-rekey rekey` -- YubiKey required for rekeying operations -- Host SSH keys at `/persist/etc/ssh/` are used for automatic decryption - -## Important Conventions - -### Network IP Allocation -This infrastructure uses the following IP range scheme to avoid conflicts: - -**Allocated Ranges:** -- `192.168.50.0/24` - Home router/main LAN -- `10.1.0.0/24` - Internet sharing from fuchsia (Ethernet to printer) -- `10.2.0.0/24` - Reserved for future internet sharing from another host -- `10.3.0.0/24` - Reserved for future internet sharing from another host -- `10.39.179.0/24` - WireGuard VPN on Raspberry Pi -- `172.17.0.0/16` - Docker default bridge network (viridian) - -**Conventions:** -- Internet connection sharing uses `10.N.0.0/24` where N is 1, 2, 3, etc. -- Gateway host is always `10.N.0.1` -- DHCP pools typically use `10.N.0.2` through `10.N.0.10` -- Keep VPN/tunnel ranges in the `10.30.0.0/16` and higher space - -### Line Length -Keep all Nix code to a maximum of 100 characters per line for consistency. - -### Module Naming -- System-level services: `nixos//services//default.nix` -- User-level features: `home-manager/sajenim/features//.nix` - -### Persistence Declarations -When adding services to hosts with ephemeral root, declare persistence: -```nix -environment.persistence."/persist" = { - directories = [ - "/var/lib/service-name" - ]; - files = [ - "/var/lib/service-name/config.conf" - ]; -}; -``` - -### Comments -This codebase uses structured comments to explain configuration choices: -- Block comments at file top explain module purpose -- Inline comments explain non-obvious configuration decisions -- Group related options with visual separators when helpful diff --git a/flake.lock b/flake.lock index 1613641..9ebab60 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -51,11 +51,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1762466517, - "narHash": "sha256-sFlWhpLBmORSIwdhIinu2nos0xhQkUzFkO3AOHRolps=", + "lastModified": 1766008910, + "narHash": "sha256-mrhbMNkrkvAPQsytce3zMeDF1UVkkcj8N/Bw9n4BFUo=", "owner": "sadjow", "repo": "claude-code-nix", - "rev": "c75a19ff3b5de3edc68512b31c406338c3c3ce65", + "rev": "e39652c800e82c4f8cae68ac0bacb7bdecace7f5", "type": "github" }, "original": { @@ -143,6 +143,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1765121682, + "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1747046372, @@ -464,16 +480,16 @@ ] }, "locked": { - "lastModified": 1758463745, - "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", + "lastModified": 1765979862, + "narHash": "sha256-/r9/1KamvbHJx6I40H4HsSXnEcBAkj46ZwibhBx9kg0=", "owner": "nix-community", "repo": "home-manager", - "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", + "rev": "d3135ab747fd9dac250ffb90b4a7e80634eacbe9", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", + "ref": "release-25.11", "repo": "home-manager", "type": "github" } @@ -547,16 +563,17 @@ }, "nix-jetbrains-plugins": { "inputs": { + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs_4", "systems": "systems_4" }, "locked": { - "lastModified": 1761996900, - "narHash": "sha256-1XURw0oFac/jDYP/TjxOOO5DWABOQ6HOuAnXS7GGP5k=", + "lastModified": 1765666486, + "narHash": "sha256-BZfXO+5aUgGgGKr85UdVMTUsUi2rgufzK6/jgqoEVDI=", "owner": "theCapypara", "repo": "nix-jetbrains-plugins", - "rev": "5a03f5a3d0ab9b465cdab58dc03da2a7b473bc8c", + "rev": "82c9b1d2e0f235d61f0941fdafd408a23483dc99", "type": "github" }, "original": { @@ -567,16 +584,16 @@ }, "nix-minecraft": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_4", "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1762480864, - "narHash": "sha256-OD3/2nATIXFEyTq3cxGUjZyBf8YlCSpIX/iJzSJbWag=", + "lastModified": 1766023574, + "narHash": "sha256-vx7KhTqR/UBnBUXAei3DKXJ4Nq3p7yLw+kZ03/inm8I=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "4f3414fdfce0ddf85c35e95d07809aeb93d2f0ad", + "rev": "5e0cae13ca72d3e4ef0f101b01725e25441c4ebd", "type": "github" }, "original": { @@ -633,11 +650,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1762363567, - "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", + "lastModified": 1765779637, + "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", + "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", "type": "github" }, "original": { @@ -681,11 +698,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1762361079, - "narHash": "sha256-lz718rr1BDpZBYk7+G8cE6wee3PiBUpn8aomG/vLLiY=", + "lastModified": 1765934234, + "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ffcdcf99d65c61956d882df249a9be53e5902ea5", + "rev": "af84f9d270d404c17699522fab95bbf928a2d92f", "type": "github" }, "original": { @@ -712,11 +729,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "lastModified": 1765472234, + "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", "type": "github" }, "original": { @@ -744,16 +761,16 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1762233356, - "narHash": "sha256-cGS3lLTYusbEP/IJIWGgnkzIl+FA5xDvtiHyjalGr4k=", + "lastModified": 1765838191, + "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ca534a76c4afb2bdc07b681dbc11b453bab21af8", + "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -792,11 +809,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1748460289, - "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { @@ -813,11 +830,11 @@ "nixvim": "nixvim_2" }, "locked": { - "lastModified": 1760970422, - "narHash": "sha256-w1pRoU2z0xkkGb2SFl16x1GVzLVErzgPiWunS+JHI+c=", + "lastModified": 1765715781, + "narHash": "sha256-iwCEwl0ak3J/yy063UlqSxh+fyWCeDfW60HCcBWOuGA=", "ref": "refs/heads/master", - "rev": "5e370bf24716430b66364666a9a512b07e249471", - "revCount": 109, + "rev": "ea07178de031c25a16e007564ad61cc1fd8b98e1", + "revCount": 110, "type": "git", "url": "https://git.sajenim.dev/jasmine/nixvim-config.git" }, @@ -923,11 +940,11 @@ "poetry2nix": "poetry2nix" }, "locked": { - "lastModified": 1760908465, - "narHash": "sha256-ZdyNTh/O7W7ZJJr8bAeG2kQBFREZGTQ2wXCyzr9z+RQ=", + "lastModified": 1765727347, + "narHash": "sha256-fiHH7CIgUSQgrPkcOzBK6B0ojDNbeFEc7IXdqGqm2IM=", "owner": "Scrybbling-together", "repo": "remarks", - "rev": "b8bfd751cf82a47ce24763c5b220a1f4f5ab90a6", + "rev": "9a6673d55df96d4985f13bc523e680df750b6e73", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index af3b7fc..a3e485b 100644 --- a/flake.nix +++ b/flake.nix @@ -3,12 +3,12 @@ inputs = { # Nixpkgs - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Home manager home-manager = { - url = "github:nix-community/home-manager/release-25.05"; + url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/home-manager/sajenim/features/cli/default.nix b/home-manager/sajenim/features/cli/default.nix index 731f1c7..ea6e42d 100644 --- a/home-manager/sajenim/features/cli/default.nix +++ b/home-manager/sajenim/features/cli/default.nix @@ -18,6 +18,6 @@ unstable.rmapi ] ++ [ - inputs.remarks.packages.${pkgs.system}.default + inputs.remarks.packages.${pkgs.stdenv.hostPlatform.system}.default ]; } diff --git a/home-manager/sajenim/features/cli/git.nix b/home-manager/sajenim/features/cli/git.nix index 252b99d..688bbe6 100644 --- a/home-manager/sajenim/features/cli/git.nix +++ b/home-manager/sajenim/features/cli/git.nix @@ -1,12 +1,14 @@ {...}: { programs.git = { enable = true; - userName = "jasmine"; - userEmail = "its.jassy@pm.me"; - extraConfig = { + settings = { init.defaultBranch = "master"; + user = { + name = "jasmine"; + email = "its.jassy@pm.me"; + signingkey = "8563E358D4E8040E"; + }; commit.gpgsign = "true"; - user.signingkey = "8563E358D4E8040E"; }; }; } diff --git a/home-manager/sajenim/features/cli/mpd.nix b/home-manager/sajenim/features/cli/mpd.nix index ebb9887..5613b4e 100644 --- a/home-manager/sajenim/features/cli/mpd.nix +++ b/home-manager/sajenim/features/cli/mpd.nix @@ -2,7 +2,7 @@ # Install some applications for managing mpd home.packages = with pkgs; [ - mpc-cli + mpc ncmpcpp ]; diff --git a/home-manager/sajenim/features/cli/ssh.nix b/home-manager/sajenim/features/cli/ssh.nix index acb6ee1..d5a081c 100644 --- a/home-manager/sajenim/features/cli/ssh.nix +++ b/home-manager/sajenim/features/cli/ssh.nix @@ -1,6 +1,8 @@ {...}: { programs.ssh = { enable = true; + enableDefaultConfig = false; + matchBlocks = { "viridian" = { hostname = "viridian.home.arpa"; diff --git a/home-manager/sajenim/features/cli/zsh.nix b/home-manager/sajenim/features/cli/zsh.nix index 2970b9d..cf2f9ae 100644 --- a/home-manager/sajenim/features/cli/zsh.nix +++ b/home-manager/sajenim/features/cli/zsh.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{pkgs, config, ...}: { imports = [ ./direnv.nix ./starship.nix @@ -21,7 +21,7 @@ enableCompletion = true; # Configuration directory - dotDir = ".config/zsh"; + dotDir = "${config.xdg.configHome}/zsh"; shellAliases = { # Single letter aliases diff --git a/home-manager/sajenim/features/editors/default.nix b/home-manager/sajenim/features/editors/default.nix index 4e4e900..4bf2d7f 100644 --- a/home-manager/sajenim/features/editors/default.nix +++ b/home-manager/sajenim/features/editors/default.nix @@ -27,10 +27,10 @@ ] ++ [ # Our personal neovim configuration. - inputs.nixvim.packages.${pkgs.system}.default + inputs.nixvim.packages.${pkgs.stdenv.hostPlatform.system}.default ] # Install jetbrains IDEs with plugins - ++ (with inputs.nix-jetbrains-plugins.lib."${system}"; [ + ++ (with inputs.nix-jetbrains-plugins.lib."${pkgs.stdenv.hostPlatform.system}"; [ (buildIdeWithPlugins pkgs.jetbrains "idea-ultimate" [ "IdeaVIM" "gruvbox-material-dark" diff --git a/nixos/common/users/sajenim/xmonad/default.nix b/nixos/common/users/sajenim/xmonad/default.nix index 202356a..7a31a9d 100644 --- a/nixos/common/users/sajenim/xmonad/default.nix +++ b/nixos/common/users/sajenim/xmonad/default.nix @@ -15,7 +15,7 @@ # Picture viewer pkgs.xfce.ristretto # Install our XMonad and Xmobar configuration - inputs.xmonad-config.packages.${pkgs.system}.default + inputs.xmonad-config.packages.${pkgs.stdenv.hostPlatform.system}.default ]; }; diff --git a/nixos/fuchsia/services/default.nix b/nixos/fuchsia/services/default.nix index 148168c..4fc5cd0 100644 --- a/nixos/fuchsia/services/default.nix +++ b/nixos/fuchsia/services/default.nix @@ -6,7 +6,6 @@ ./flatpak ./internet-sharing ./libinput - ./printing ./snapper ./ssh ./udev diff --git a/nixos/fuchsia/services/printing/default.nix b/nixos/fuchsia/services/printing/default.nix deleted file mode 100644 index 2878d06..0000000 --- a/nixos/fuchsia/services/printing/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{...}: { - # Enable CUPS for printing services. - services.printing = { - enable = true; - # Connect to a remote CUPS server. - clientConf = '' - ServerName 192.168.50.249 - ServerPort 631 - ''; - }; -} diff --git a/nixos/fuchsia/services/udev/default.nix b/nixos/fuchsia/services/udev/default.nix index 2122e6e..7620ba0 100644 --- a/nixos/fuchsia/services/udev/default.nix +++ b/nixos/fuchsia/services/udev/default.nix @@ -1,7 +1,6 @@ {pkgs, ...}: { # Enable necessary udev rules. services.udev.packages = with pkgs; [ - android-udev-rules openrgb unstable.qmk-udev-rules ]; diff --git a/nixos/viridian/hardware-configuration.nix b/nixos/viridian/hardware-configuration.nix index ecbe9a5..85b53a7 100644 --- a/nixos/viridian/hardware-configuration.nix +++ b/nixos/viridian/hardware-configuration.nix @@ -39,10 +39,10 @@ enable = true; extraPackages = with pkgs; [ intel-media-driver - vaapiIntel - vaapiVdpau libvdpau-va-gl + libva-vdpau-driver intel-compute-runtime + intel-vaapi-driver ]; }; diff --git a/nixos/viridian/services/crowdsec/default.nix b/nixos/viridian/services/crowdsec/default.nix index 2201c29..3d713d8 100644 --- a/nixos/viridian/services/crowdsec/default.nix +++ b/nixos/viridian/services/crowdsec/default.nix @@ -15,6 +15,11 @@ in { inputs.crowdsec.overlays.default ]; + disabledModules = [ + "services/security/crowdsec.nix" + "services/security/crowdsec-firewall-bouncer.nix" + ]; + age.secrets.enrollment-key = { rekeyFile = ./enrollment_key.age; owner = "crowdsec"; diff --git a/overlays/default.nix b/overlays/default.nix index ba218f6..06b5dcb 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -19,7 +19,7 @@ # be accessible through 'pkgs.unstable' unstable-packages = final: _prev: { unstable = import inputs.nixpkgs-unstable { - system = final.system; + system = final.stdenv.hostPlatform.system; config.allowUnfree = false; }; };