diff --git a/flake.lock b/flake.lock index 9445a9a..f2eef87 100644 --- a/flake.lock +++ b/flake.lock @@ -363,11 +363,11 @@ ] }, "locked": { - "lastModified": 1777031541, - "narHash": "sha256-KZ4s1kolHXFQrRGlnB503gDcTrVQMhiczO+LvvwKEPg=", + "lastModified": 1776200608, + "narHash": "sha256-broZ6RFQr4Fv0wT73gGmzNX14A43TmTFF8g4wDKlNss=", "owner": "nix-community", "repo": "naersk", - "rev": "5e73301621274c44798bf6c6211ed27fc2ced201", + "rev": "8b23250ab45c2a38cd91031aee26478ca4d0a28e", "type": "github" }, "original": { @@ -390,11 +390,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1777472199, - "narHash": "sha256-gJr/OrHv6s8ANqv915sb69LLThow1u5yAO/ouElVGGM=", + "lastModified": 1776879043, + "narHash": "sha256-M9RjuowtoqQbFRdQAm2P6GjFwgHjRcnWYcB7ChSjDms=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "323a80f2ce4541c595d491acbd15a8800201cbae", + "rev": "535ebbe038039215a5d1c6c0c67f833409a5be96", "type": "github" }, "original": { @@ -423,11 +423,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1777468255, - "narHash": "sha256-lBZc1UMy+1P1T/E41j3jQrpS7EFI3qegd+ktHZdamIg=", + "lastModified": 1776853441, + "narHash": "sha256-mSxfoEs7DiDhMCBzprI/1K7UXzMISuGq0b7T06LVJXE=", "owner": "YaLTeR", "repo": "niri", - "rev": "dd1c3bcb9f1ef416df33ffa22d1d9bcee1398e7d", + "rev": "74d2b18603366b98ec9045ecf4a632422f472365", "type": "github" }, "original": { @@ -458,11 +458,11 @@ ] }, "locked": { - "lastModified": 1777434090, - "narHash": "sha256-i7p7ajtdKF6oVjs3ERyECCg6m1lWEchHNPKQjgRW4h4=", + "lastModified": 1776828494, + "narHash": "sha256-gQ5+syn8ndyF/+c5g5ZpeAScNKhkTF4/63JsO2hqGHo=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "f32bb01e6a12b74fa67261e9d690ff9d0603d86b", + "rev": "ea6764d22ff5478f5db39ede57eeafc70d14e8e6", "type": "github" }, "original": { @@ -588,11 +588,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1777270315, - "narHash": "sha256-yKB4G6cKsQsWN7M6rZGk6gkJPDNPIzT05y4qzRyCDlI=", + "lastModified": 1776329215, + "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6368eda62c9775c38ef7f714b2555a741c20c72d", + "rev": "b86751bc4085f48661017fa226dee99fab6c651b", "type": "github" }, "original": { @@ -604,11 +604,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1777077449, - "narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=", + "lastModified": 1776734388, + "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160", + "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", "type": "github" }, "original": { @@ -643,11 +643,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1777479755, - "narHash": "sha256-rKha1HlZIYn+nhptqOSaSPGywXXdM5S462oiXh64EWM=", + "lastModified": 1777295064, + "narHash": "sha256-A+Ooli4ckGyiT+zh10Ybj3nY2ql4QX1p6q6HrKCDvpA=", "ref": "refs/heads/main", - "rev": "7ab784e101b69f35f65e300d5779888624f7a7a5", - "revCount": 596, + "rev": "adb6c21135c93e0c57517ba90a32dd8f6bf2704d", + "revCount": 578, "type": "git", "url": "https://git.berlin.ccc.de/vinzenz/nova-shell" }, @@ -666,11 +666,11 @@ ] }, "locked": { - "lastModified": 1777499139, - "narHash": "sha256-s817mwTTkW0VIReee1z41LJAz13AUw3DOK41jZooFGw=", + "lastModified": 1776893492, + "narHash": "sha256-V4r/mdAFHe6fRiu3D+3+UdclSH7LJoHfv+4Y1YNawK0=", "owner": "nix-community", "repo": "NUR", - "rev": "c0295550b00f0d0d4a9f41efd5e6c14d38a671fc", + "rev": "0aa8e8fc21887cc34a4c0e3816f08b56795f52ca", "type": "github" }, "original": { @@ -887,11 +887,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1776894428, - "narHash": "sha256-wuT915MyCtMTfLj+uo9y8wtCwkEgJXiXvcbSleFrlN0=", + "lastModified": 1775935110, + "narHash": "sha256-twTHKUFXjNNsaAvX0KoaIClt+923jXDRbfCd9PC/f0o=", "owner": "nix-community", "repo": "stylix", - "rev": "f34be27ce83efaa1c85ad1e5b1f8b6dea65b147d", + "rev": "14f248ad1a7668e7858c6d9163608c208b7daf02", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index dce3929..5a0fe15 100644 --- a/flake.nix +++ b/flake.nix @@ -129,9 +129,6 @@ damocles = { system = "x86_64-linux"; }; - damocles-lab = { - system = "x86_64-linux"; - }; epimetheus = { system = "aarch64-linux"; }; @@ -235,7 +232,7 @@ device, system, home-manager-users ? { }, - nixosSystem ? nixpkgs.lib.nixosSystem, + nixosSystem ? nixpkgs.lib.nixosSystem }: let specialArgs = inputs // { @@ -247,7 +244,7 @@ modules = [ { imports = [ - ./nixosConfigurations/${device} + ./nixosConfigurations/${device} self.nixosModules.global-settings ] ++ (lib.optionals (home-manager-users != { }) [ diff --git a/nixosConfigurations/aur0ra-installer/default.nix b/nixosConfigurations/aur0ra-installer/default.nix index b6c1e1a..5557fae 100644 --- a/nixosConfigurations/aur0ra-installer/default.nix +++ b/nixosConfigurations/aur0ra-installer/default.nix @@ -8,10 +8,10 @@ { imports = [ ../aur0ra - # nixos-images.nixosModules.sdimage-installer + # nixos-images.nixosModules.sdimage-installer ]; disabledModules = [ # disable the sd-image module that nixos-images uses - # (modulesPath + "/installer/sd-card/sd-image-aarch64-installer.nix") + # (modulesPath + "/installer/sd-card/sd-image-aarch64-installer.nix") ]; } diff --git a/nixosConfigurations/damocles-lab/default.nix b/nixosConfigurations/damocles-lab/default.nix deleted file mode 100644 index 705e31a..0000000 --- a/nixosConfigurations/damocles-lab/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ ../damocles/claude-container.nix ]; - - services.openssh = { - enable = true; - ports = [ 2222 ]; - # Path written into sshd_config as a string — not read at eval time. - # Key can be rotated without a rebuild. - authorizedKeysFiles = [ "/persist/damocles-ssh/id_ed25519.pub" ]; - }; - - environment.systemPackages = with pkgs; [ - - ]; -} diff --git a/nixosConfigurations/damocles/claude-container.nix b/nixosConfigurations/damocles/claude-container.nix deleted file mode 100644 index 17d599f..0000000 --- a/nixosConfigurations/damocles/claude-container.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - pkgs, - self, - lib, - ... -}: -{ - - nixpkgs.overlays = [ self.overlays.unstable-packages ]; - allowedUnfreePackages = [ "claude-code" ]; - - environment.systemPackages = with pkgs; [ - unstable.claude-code - git - python3 - coreutils-full - gawk - gnugrep - curl - ]; - - boot.isContainer = true; - - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - stdenv.cc.cc.lib - zlib - ]; - }; - - # Container shares host network namespace (privateNetwork = false), so the - # host's tailscale already covers this. Running a second tailscaled in the - # same netns fights over routing and breaks connectivity after sleep/wake. - services.tailscale.enable = lib.mkForce false; - networking.firewall.checkReversePath = lib.mkForce "strict"; - - users.users.muede = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; - - security.sudo.wheelNeedsPassword = false; -} diff --git a/nixosConfigurations/damocles/default.nix b/nixosConfigurations/damocles/default.nix index c5eff0a..75c5439 100644 --- a/nixosConfigurations/damocles/default.nix +++ b/nixosConfigurations/damocles/default.nix @@ -1,14 +1,45 @@ -{ pkgs, ... }: { - imports = [ - ./android-dev.nix - ./claude-container.nix - ]; + pkgs, + lib, + self, + ... +}: +{ + imports = [ ./android-dev.nix ]; + + nixpkgs.overlays = [ self.overlays.unstable-packages ]; + + boot.isContainer = true; + + # Container shares host network namespace (privateNetwork = false), so the + # host's tailscale already covers this. Running a second tailscaled in the + # same netns fights over routing and breaks connectivity after sleep/wake. + services.tailscale.enable = lib.mkForce false; + networking.firewall.checkReversePath = lib.mkForce "strict"; + + allowedUnfreePackages = [ "claude-code" ]; environment.systemPackages = with pkgs; [ - cargo - rustc - clippy - gh + unstable.claude-code + git + python3 + coreutils-full + gawk + gnugrep ]; + + users.users.muede = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + + security.sudo.wheelNeedsPassword = false; + + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + stdenv.cc.cc.lib + zlib + ]; + }; } diff --git a/nixosConfigurations/muede-lpt2/default.nix b/nixosConfigurations/muede-lpt2/default.nix index 711a578..19b2119 100644 --- a/nixosConfigurations/muede-lpt2/default.nix +++ b/nixosConfigurations/muede-lpt2/default.nix @@ -65,28 +65,6 @@ autoStart = false; privateNetwork = false; path = self.nixosConfigurations.damocles.config.system.build.toplevel; - bindMounts."/persist/damocles-ssh" = { - hostPath = "/persist/damocles-ssh"; - isReadOnly = true; - }; - bindMounts."/persist/damocles-lab" = { - hostPath = "/persist/damocles-lab"; - isReadOnly = false; - }; - }; - - containers.damocles-lab = { - autoStart = false; - privateNetwork = false; - path = self.nixosConfigurations.damocles-lab.config.system.build.toplevel; - bindMounts."/workspace" = { - hostPath = "/persist/damocles-lab"; - isReadOnly = false; - }; - bindMounts."/persist/damocles-ssh" = { - hostPath = "/persist/damocles-ssh"; - isReadOnly = true; - }; }; # Global DefaultTimeoutStopSec is 10s (modern-desktop.nix), which kills systemd-nspawn @@ -98,11 +76,6 @@ RestartSec = "5s"; }; - systemd.services."container@damocles-lab".serviceConfig = { - TimeoutStopSec = "60s"; - RestartSec = "5s"; - }; - boot.enableContainers = true; virtualisation.containers.enable = true; };