fix: revert updated option/package names for 24.11. Return to nixos-s…

…table 24.05
Lehmanator · Jul 24, 2024 · d9a4547 · d9a4547
1 parent 279e345
commit d9a4547
Show file tree

Hide file tree

Showing 12 changed files with 98 additions and 58 deletions.
diff --git a/common/profiles/nix/nixpkgs.nix b/common/profiles/nix/nixpkgs.nix
@@ -14,7 +14,10 @@
       electron_24 = pkgs.electron_26; # Electron v24 is end-of-life, forcing upgrade
       electron_25 = pkgs.electron_26; # Electron v25 is end-of-life, forcing upgrade
     };
-    permittedInsecurePackages = ["python3.12-youtube-dl-2021.12.17"];
+    permittedInsecurePackages = [
+      "python3.12-youtube-dl-2021.12.17"
+      "python3.11-youtube-dl-2021.12.17"
+    ];
   };
 
   #environment.sessionVariables.NIXPKGS_ALLOW_UNFREE = lib.mkIf config.nixpkgs.config.allowUnfree "1" ;

diff --git a/common/profiles/nix/registry.nix b/common/profiles/nix/registry.nix
@@ -6,17 +6,17 @@
   ];
 
   nix = {
-    generateNixPathFromInputs = true;
-    generateRegistryFromInputs = true;
-    linkInputs = true;
+    # generateNixPathFromInputs = lib.mkDefault true;
+    # generateRegistryFromInputs = lib.mkDefault true;
+    # linkInputs = lib.mkDefault true;
     #localRegistry = {
     #  enable = true;
     #  cacheGlobalRegistry = true;
     #  noGlobalRegistry = false;
     #};
     settings = {
-      use-registries = true;
-      flake-registry = lib.mkDefault "https://channels.nixos.org/flake-registry.json";
+      use-registries = lib.mkDefault true;
+      # flake-registry = lib.mkDefault "https://channels.nixos.org/flake-registry.json";
     };
   };
 }
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -62,7 +62,7 @@
     nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     nixos.follows = "nixos-stable";
     home.url = "github:nix-community/home-manager";
-    home.inputs.nixpkgs.follows = "nixpkgs";
+    home.inputs.nixpkgs.follows = "nixos";
     home-extra-xhmm.url = "github:schuelermine/xhmm";
     system-manager.url = "github:numtide/system-manager";
     system-manager.inputs.flake-utils.follows = "flake-utils";

diff --git a/hm/profiles/gnome/apps/developer.nix b/hm/profiles/gnome/apps/developer.nix
@@ -6,10 +6,16 @@
     pkgs.gitg #                  # Graphical Git client
     pkgs.gnome-builder #         # IDE for developing GNOME apps
     pkgs.gnome-doc-utils #       # Documentation utils
-    pkgs.dconf-editor #          # Dconf setting editor
-    pkgs.devhelp #               # Developer documentation viewer
-    pkgs.ghex #                  # GTK hex editor
-    pkgs.zenity #                #
+
+    # FIXME: unstable renamed pkgs
+    # pkgs.dconf-editor #          # Dconf setting editor
+    # pkgs.devhelp #               # Developer documentation viewer
+    # pkgs.ghex #                  # GTK hex editor
+    # pkgs.zenity #                #
+    pkgs.gnome.dconf-editor #    # Dconf setting editor
+    pkgs.gnome.devhelp           # Developer documentation viewer
+    pkgs.gnome.ghex #            # GTK hex editor
+    pkgs.gnome.zenity #          #
 
     pkgs.elastic #               # Design spring animations
     pkgs.meld #                  # Visual diff

diff --git a/hm/profiles/gnome/apps/gnome-calculator/default.nix b/hm/profiles/gnome/apps/gnome-calculator/default.nix
@@ -1,5 +1,6 @@
 { config, lib, pkgs, ... }: {
-  home.packages = [ pkgs.gnome-calculator ];
+  # home.packages = [ pkgs.gnome-calculator ]; # unstable
+  home.packages = [ pkgs.gnome.gnome-calculator ];
   dconf.settings."org/gnome/calculator" = {
     #button-mode = "programming";
     show-thousands = true;

diff --git a/hm/profiles/gnome/default.nix b/hm/profiles/gnome/default.nix
@@ -69,15 +69,22 @@ in
 
   home.packages = with pkgs; [
     gnome.gnome-boxes
-    simple-scan
     gnome.totem
     gnome.vinagre
 
-    gnome-autoar
-    gnome-dictionary
-    gnome-font-viewer # Includes thumbnailer
-    gnome-packagekit
-    gnome-tweaks
+    # FIXME: Renamed pkgs: 24.05 -> unstable
+    # gnome-autoar
+    # gnome-dictionary
+    # gnome-font-viewer # Includes thumbnailer
+    # gnome-packagekit
+    # gnome-tweaks
+    # simple-scan
+    gnome.gnome-autoar
+    gnome.gnome-dictionary
+    gnome.gnome-font-viewer # Includes thumbnailer
+    gnome.gnome-packagekit
+    gnome.gnome-tweaks
+    gnome.simple-scan
 
     gnome-connections
     #gnome-decoder

diff --git a/hm/profiles/gnome/keyring.nix b/hm/profiles/gnome/keyring.nix
@@ -1,18 +1,11 @@
-{ inputs
-, config
-, lib
-, pkgs
+{ config, lib, pkgs
 , ...
 }:
 {
-  imports = [
-  ];
-
-  home.sessionVariables.SSH_AUTH_SOCK = lib.mkIf config.services.gnome-keyring.enable "$XDG_RUNTIME_DIR/keyring/ssh";
-
-  services.gnome-keyring = {
-    enable = true;
-    components = [ "pkcs11" "secrets" "ssh" ];
-  };
-
+  # FIXME: Broken bc pkgs.gnome.gnome-keyring renamed to pkgs.gnome-keyring
+  # home.sessionVariables.SSH_AUTH_SOCK = lib.mkIf config.services.gnome-keyring.enable "$XDG_RUNTIME_DIR/keyring/ssh";
+  # services.gnome-keyring = {
+  #   enable = true;
+  #   components = [ "pkcs11" "secrets" "ssh" ];
+  # };
 }
diff --git a/hm/profiles/nix/default.nix b/hm/profiles/nix/default.nix
@@ -29,12 +29,12 @@ in {
     #settings.nix-path = (osConfig.nix.nixPath or [ ]) ++ [ "${config.xdg.configHome}/nix/inputs" ];
   };
 
-  xdg.configFile = lib.recursiveUpdate {
-    "nix/registry.json".text = mkRegistryJSON osConfig.nix.registry or config.nix.registry;
-  } (lib.mapAttrs' (name: value: {
-    name = "nix/inputs/${name}";
-    value = {source = value.outPath;};
-  }) inputs);
+  # xdg.configFile = lib.recursiveUpdate {
+  #   "nix/registry.json".text = mkRegistryJSON osConfig.nix.registry or config.nix.registry;
+  # } (lib.mapAttrs' (name: value: {
+  #   name = "nix/inputs/${name}";
+  #   value = {source = value.outPath;};
+  # }) inputs);
 
   # Keep legacy nix-channels in sync w/ flake inputs (for tooling compat)
   # TODO: Same for NixOS, conditionally if system is NixOS

diff --git a/nixos/profiles/boot/secureboot.nix b/nixos/profiles/boot/secureboot.nix
@@ -1,24 +1,54 @@
 { inputs
-, config
-, lib
-, pkgs
+, config, lib, pkgs
 , ...
 }:
+# 
+let
+  sbctl = lib.getExe pkgs.sbctl;
+  enroll-script = pkgs.writeShellApplication "secureboot-encroll.sh" ''
+    echo 'Creating keys...'
+    echo '> sbctl create-keys'
+    ${sbctl} create-keys
+      \ && echo 'Created keys.'
+      \ || echo 'Failed to create keys.'
+    ${sbctl} verify
+  '';
+in
 {
 
   # --- SecureBoot ---
+  # https://github.com/nix-community/lanzaboote
+  # https://github.com/nix-community/lanzaboote/blob/master/docs/QUICK_START.md
   # https://wiki.archlinux.org/title/Secure_Boot#Booting_an_installation_medium
   #
+  # Process:
+  # 1. Create keys
+  #   $ sudo sbctl create-keys
+  # 2. Configure NixOS secureboot (activate this profile)
+  # 3. Reboot into UEFI firmware settings
+  #   $ sudo systemctl reboot --firmware-setup
+  # 4. Enable Secure Boot in UEFI firmware
+  #   b. Select "Administrator Secure Boot"
+  #   c. Select "Erase all Secure Boot Settings"
+  #   d. Press "F10" to save and exit
+  # 4. Reboot
+  #   $ sudo systemctl reboot
+  # 5. Enroll keys
+  #   $ sudo sbctl enroll-keys --microsoft
+  # 6. Reboot
+  #   $ sudo systemctl reboot
+  # 7. Test
+  #   $ bootctl status
+  # 
+  #
   # TODO: Lanzaboote
   # TODO: TPM2.0 authenticated boot
   # TODO: Boot counting
   #
 
-  imports = [
-    # TODO: Determine whether lanzaboote options important/necessary for SecureBoot.
-    # TODO: Determine whether lanzaboote module import still necessary for SecureBoot. (Included by default yet?)
-    inputs.lanzaboote.nixosModules.lanzaboote
-  ];
+  # TODO: Determine whether lanzaboote options important/necessary for SecureBoot.
+  # TODO: Determine whether lanzaboote module import still necessary for SecureBoot. (Included by default yet?)
+  imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
 
   boot = {
     bootspec = {
@@ -42,14 +72,12 @@
         canTouchEfiVariables = true;
         efiSysMountPoint = "/boot/efi"; # Default: `/boot`  # TODO: `XBOOTLDR` / `ESP` splitting. # TODO: Rewrite to `/efi`?
       };
-      # Initially, SecureBoot was only supported on GRUB2. # TODO: Check if still true.
-      grub.enable = lib.mkForce false;
+      grub.enable         = lib.mkForce false;
       systemd-boot.enable = lib.mkForce false;
     };
   };
 
-  environment.systemPackages = [
-    pkgs.sbctl # Util to sign Secure Boot keys, etc.
-  ];
+  # Util to sign Secure Boot keys, etc.
+  environment.systemPackages = [ pkgs.sbctl ];
 
 }
diff --git a/nixos/profiles/desktop/gtk.nix b/nixos/profiles/desktop/gtk.nix
@@ -7,7 +7,9 @@
     pkgs.gcr
     pkgs.gcr_4
     pkgs.adw-gtk3
-    pkgs.adwaita-icon-theme
+    # pkgs.adwaita-icon-theme
+    # pkgs.gnome-themes-extra
+    pkgs.gnome.adwaita-icon-theme
     pkgs.gnome-themes-extra
     pkgs.simp1e-cursors
     #pkgs.nur.repos.federicoschonborn.morewaita

diff --git a/nixos/profiles/modules/default.nix b/nixos/profiles/modules/default.nix
@@ -5,7 +5,7 @@
     ./arion.nix
     #./colmena.nix
     #./disko.nix
-    ./flake-utils-plus.nix
+    # ./flake-utils-plus.nix
     ./home-manager.nix
     #./impermanence.nix
     ./lanzaboote.nix
@@ -14,7 +14,7 @@
     #./nixified-ai.nix
     #./nixos-generators.nix
     #./nixos-images.nix
-    # ./nixvim.nix
+    #./nixvim.nix
     #./quick-nix-registry.nix
     ./sops.nix