README.md

@@ -137,7 +137,7 @@ nixos-install --no-root-passwd --flake .#omega
 ### Upgrading
 Nixpkgs uses `stateVersion` so sparingly that auditing the entire nixpkgs repo
 is [easy
-enough](https://sourcegraph.com/search?q=context:global+repo:%5Egithub%5C.com/NixOS/nixpkgs%24+lang:Nix+stateVersion+AND+24.11&patternType=keyword&sm=0).
+enough](https://sourcegraph.com/search?q=context:global+repo:%5Egithub%5C.com/NixOS/nixpkgs%24+lang:Nix+stateVersion+AND+24.05&patternType=keyword&sm=0).
 Important changes to home-manager is available at
 <https://nix-community.github.io/home-manager/release-notes.xhtml> and
 <https://github.com/nix-community/home-manager/blob/master/modules/misc/news.nix>.

flake.lock

@@ -64,16 +64,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1733050161,
+        "lastModified": 1726989464,
-        "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=",
+        "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "62d536255879be574ebfe9b87c4ac194febf47c5",
+        "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.11",
+        "ref": "release-24.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -136,11 +136,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1733217105,
+        "lastModified": 1733139194,
-        "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=",
+        "narHash": "sha256-PVQW9ovo0CJbhuhCsrhFJGGdD1euwUornspKpBIgdok=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9",
+        "rev": "c6c90887f84c02ce9ebf33b95ca79ef45007bf88",
         "type": "github"
       },
       "original": {
@@ -152,16 +152,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1733120037,
+        "lastModified": 1733016324,
-        "narHash": "sha256-En+gSoVJ3iQKPDU1FHrR6zIxSLXKjzKY+pnh9tt+Yts=",
+        "narHash": "sha256-8qwPSE2g1othR1u4uP86NXxm6i7E9nHPyJX3m3lx7Q4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f9f0d5c5380be0a599b1fb54641fa99af8281539",
+        "rev": "7e1ca67996afd8233d9033edd26e442836cc2ad6",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -183,11 +183,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1733212471,
+        "lastModified": 1733015953,
-        "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
+        "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
+        "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff",
         "type": "github"
       },
       "original": {
@@ -214,11 +214,11 @@
     },
     "secrets": {
       "locked": {
-        "lastModified": 1733268738,
+        "lastModified": 1733184969,
-        "narHash": "sha256-JPyO3lnX3hOY/WZ1R8xoWWXgGmPtPg2dBdRKMbDINxw=",
+        "narHash": "sha256-8sKs5Ence3XJifkez+bB/j9acKTEF/rFLmCenffJKiY=",
         "ref": "refs/heads/master",
-        "rev": "3a98deadbce4005e49c80dc208794caab9b404d3",
+        "rev": "245ebe93e48c88b73fe3c46046b5717d21ac1a23",
-        "revCount": 52,
+        "revCount": 51,
         "type": "git",
         "url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
       },

flake.nix

@@ -6,7 +6,7 @@
       url = "git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git";
     };
     nixpkgs = {
-      url = "github:NixOS/nixpkgs/nixos-24.11";
+      url = "github:NixOS/nixpkgs/nixos-24.05";
     };
     nixpkgs-unstable = {
       url = "github:NixOS/nixpkgs/nixos-unstable";
@@ -32,7 +32,7 @@
       inputs.nixpkgs.follows = "nixpkgs"; # use the same nixpkgs as the system
     };
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.11";
+      url = "github:nix-community/home-manager/release-24.05";
       inputs.nixpkgs.follows = "nixpkgs"; # use the same nixpkgs as the system
     };
     home-manager-unstable = {
@@ -40,7 +40,6 @@
       inputs.nixpkgs.follows = "nixpkgs"; # use the same nixpkgs as the system
     };
     simple-nixos-mailserver = {
-      # TODO: upgrade to 24.11
       url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
       inputs.nixpkgs.follows = "nixpkgs"; # use the same nixpkgs as the system
     };

hosts/alpha/default.nix

@@ -29,7 +29,7 @@
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 
   # This value determines the Home Manager release that your
   # configuration is compatible with. This helps avoid breakage
@@ -38,5 +38,5 @@
   # You can update Home Manager without changing this value. See
   # the Home Manager release notes for a list of state version
   # changes in each release.
-  home-manager.users.caspervk.home.stateVersion = "24.11"; # Did you read the comment?
+  home-manager.users.caspervk.home.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/delta/default.nix

@@ -25,7 +25,7 @@
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 
   # This value determines the Home Manager release that your
   # configuration is compatible with. This helps avoid breakage
@@ -34,5 +34,5 @@
   # You can update Home Manager without changing this value. See
   # the Home Manager release notes for a list of state version
   # changes in each release.
-  home-manager.users.caspervk.home.stateVersion = "24.11"; # Did you read the comment?
+  home-manager.users.caspervk.home.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/mu/default.nix

@@ -27,7 +27,7 @@
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 
   # This value determines the Home Manager release that your
   # configuration is compatible with. This helps avoid breakage
@@ -36,5 +36,5 @@
   # You can update Home Manager without changing this value. See
   # the Home Manager release notes for a list of state version
   # changes in each release.
-  home-manager.users.caspervk.home.stateVersion = "24.11"; # Did you read the comment?
+  home-manager.users.caspervk.home.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/omega/default.nix

@@ -26,7 +26,7 @@
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 
   # This value determines the Home Manager release that your
   # configuration is compatible with. This helps avoid breakage
@@ -35,5 +35,5 @@
   # You can update Home Manager without changing this value. See
   # the Home Manager release notes for a list of state version
   # changes in each release.
-  home-manager.users.caspervk.home.stateVersion = "24.11"; # Did you read the comment?
+  home-manager.users.caspervk.home.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/omega/hardware.nix

@@ -54,12 +54,8 @@
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 
   # GPU
-  hardware.amdgpu = {
+  hardware.amdgpu.amdvlk = {
-    amdvlk = {
+    enable = true;
-      enable = true;
+    support32Bit.enable = true;
-      support32Bit.enable = true;
-      supportExperimental.enable = true;
-    };
-    opencl.enable = true;
   };
 }

hosts/sigma/default.nix

@@ -39,7 +39,7 @@
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 
   # This value determines the Home Manager release that your
   # configuration is compatible with. This helps avoid breakage
@@ -48,5 +48,5 @@
   # You can update Home Manager without changing this value. See
   # the Home Manager release notes for a list of state version
   # changes in each release.
-  home-manager.users.caspervk.home.stateVersion = "24.11"; # Did you read the comment?
+  home-manager.users.caspervk.home.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/sigma/matrix.nix

@@ -51,6 +51,16 @@
     };
   };
 
+  # https://github.com/matrix-org/sliding-sync
+  services.matrix-sliding-sync = {
+    # Unlike matrix-synapse, sliding-sync has createDatabase=true by default,
+    # which means we don't have to configure the database in the postgres
+    # service manually.
+    enable = true;
+    settings.SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
+    environmentFile = config.age.secrets.matrix-sliding-sync-environment-file.path;
+  };
+
   services.postgresql = {
     ensureDatabases = [
       # matrix-synapse expects the database to have the options `LC_COLLATE`
@@ -81,4 +91,11 @@
       }
     ];
   };
+
+  age.secrets.matrix-sliding-sync-environment-file = {
+    file = "${secrets}/secrets/matrix-sliding-sync-environment-file.age";
+    mode = "400";
+    owner = "root";
+    group = "root";
+  };
 }

hosts/sigma/postgresql.nix

@@ -5,7 +5,6 @@
   services.postgresql = {
     enable = true;
     # https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading
-    # https://wiki.nixos.org/wiki/PostgreSQL#Major_upgrades
     package = pkgs.postgresql_16;
   };
 

hosts/sigma/samba.nix

@@ -24,11 +24,11 @@
     # Disable discovery: don't reply to NetBIOS over IP name service requests
     # or participate in the browsing protocols which make up the Windows
     # “Network Neighborhood” view.
-    samba.enableNmbd = false;
+    enableNmbd = false;
     # Disable Samba’s winbindd, which provides a number of services to the Name
     # Service Switch capability found in most modern C libraries, to arbitrary
     # applications via PAM and ntlm_auth and to Samba itself.
-    winbindd.enable = false;
+    enableWinbindd = false;
     # https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
     extraConfig = ''
       # Only allow local access. This should also be enforced by the firewall.
@@ -43,7 +43,7 @@
       # Allow Windows clients to run .exe's
       acl allow execute always = True
     '';
-    services.samba.settings = {
+    shares = {
       downloads = {
         path = "/srv/torrents/downloads";
         # Use the 'torrent' group for access for all users connecting

hosts/tor/default.nix

@@ -24,7 +24,7 @@
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 
   # This value determines the Home Manager release that your
   # configuration is compatible with. This helps avoid breakage
@@ -33,5 +33,5 @@
   # You can update Home Manager without changing this value. See
   # the Home Manager release notes for a list of state version
   # changes in each release.
-  home-manager.users.caspervk.home.stateVersion = "24.11"; # Did you read the comment?
+  home-manager.users.caspervk.home.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/zeta/default.nix

@@ -25,7 +25,7 @@
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 
   # This value determines the Home Manager release that your
   # configuration is compatible with. This helps avoid breakage
@@ -34,5 +34,5 @@
   # You can update Home Manager without changing this value. See
   # the Home Manager release notes for a list of state version
   # changes in each release.
-  home-manager.users.caspervk.home.stateVersion = "24.11"; # Did you read the comment?
+  home-manager.users.caspervk.home.stateVersion = "24.05"; # Did you read the comment?
 }

modules/base/nix.nix

@@ -28,7 +28,7 @@
       auto-optimise-store = true;
 
       # Enable flakes
-      experimental-features = ["nix-command" "flakes"];
+      experimental-features = ["nix-command" "flakes" "repl-flake"];
 
       # Timeout connections to the binary cache instead of waiting forever
       connect-timeout = 5;

modules/desktop/docker.nix

@@ -7,6 +7,9 @@
     enable = true;
     # Automatically `docker system prune` weekly
     autoPrune.enable = true;
+    # Fix waiting for docker containers to exit on shutdown/reboot
+    # https://discourse.nixos.org/t/docker-hanging-on-reboot/18270/4
+    liveRestore = false;
   };
 
   # Being a member of the docker group is effectively equivalent to being root,

modules/desktop/foot.nix

@@ -1,53 +1,55 @@
-{...}: {
+{home-manager, ...}: {
   # Terminal emulator
   # https://codeberg.org/dnkl/foot
-  programs.foot = {
+  home-manager.users.caspervk = {
-    enable = true;
+    programs.foot = {
-    # https://man.archlinux.org/man/foot.ini.5.en
+      enable = true;
-    settings = {
+      # https://man.archlinux.org/man/foot.ini.5.en
-      main = {
+      settings = {
-        font = "monospace:size=10.25";
+        main = {
-        letter-spacing = "1";
+          font = "monospace:size=10.25";
-      };
+          letter-spacing = "1";
-      scrollback = {
+        };
-        lines = 10000;
+        scrollback = {
-      };
+          lines = 10000;
-      colors = {
+        };
-        # https://alacritty.org/config-alacritty.html
+        colors = {
-        foreground = "d8d8d8";
+          # https://alacritty.org/config-alacritty.html
-        background = "181818";
+          foreground = "d8d8d8";
-        regular0 = "181818"; # black
+          background = "181818";
-        regular1 = "ac4242"; # red
+          regular0 = "181818"; # black
-        regular2 = "90a959"; # green
+          regular1 = "ac4242"; # red
-        regular3 = "f4bf75"; # yellow
+          regular2 = "90a959"; # green
-        regular4 = "6a9fb5"; # blue
+          regular3 = "f4bf75"; # yellow
-        regular5 = "aa759f"; # magenta
+          regular4 = "6a9fb5"; # blue
-        regular6 = "75b5aa"; # cyan
+          regular5 = "aa759f"; # magenta
-        regular7 = "d8d8d8"; # white
+          regular6 = "75b5aa"; # cyan
-        bright0 = "6b6b6b"; # black
+          regular7 = "d8d8d8"; # white
-        bright1 = "c55555"; # red
+          bright0 = "6b6b6b"; # black
-        bright2 = "aac474"; # green
+          bright1 = "c55555"; # red
-        bright3 = "feca88"; # yellow
+          bright2 = "aac474"; # green
-        bright4 = "82b8c8"; # blue
+          bright3 = "feca88"; # yellow
-        bright5 = "c28cb8"; # magenta
+          bright4 = "82b8c8"; # blue
-        bright6 = "93d3c3"; # cyan
+          bright5 = "c28cb8"; # magenta
-        bright7 = "f8f8f8"; # white
+          bright6 = "93d3c3"; # cyan
-        dim0 = "0f0f0f"; # black
+          bright7 = "f8f8f8"; # white
-        dim1 = "712b2b"; # red
+          dim0 = "0f0f0f"; # black
-        dim2 = "5f6f3a"; # green
+          dim1 = "712b2b"; # red
-        dim3 = "a17e4d"; # yellow
+          dim2 = "5f6f3a"; # green
-        dim4 = "456877"; # blue
+          dim3 = "a17e4d"; # yellow
-        dim5 = "704d68"; # magenta
+          dim4 = "456877"; # blue
-        dim6 = "4d7770"; # cyan
+          dim5 = "704d68"; # magenta
-        dim7 = "8e8e8e"; # white
+          dim6 = "4d7770"; # cyan
-      };
+          dim7 = "8e8e8e"; # white
-      key-bindings = {
+        };
-        # HOW is this not the default?
+        key-bindings = {
-        scrollback-home = "Shift+Home";
+          # HOW is this not the default?
-        scrollback-end = "Shift+End";
+          scrollback-home = "Shift+Home";
-        # Pipe last command's output to the clipboard. Requires fish
+          scrollback-end = "Shift+End";
-        # integration, configured in modules/base/fish.nix.
+          # Pipe last command's output to the clipboard. Requires fish
-        pipe-command-output = "[wl-copy] Control+Shift+g";
+          # integration, configured in modules/base/fish.nix.
+          pipe-command-output = "[wl-copy] Control+Shift+g";
+        };
       };
     };
   };

modules/desktop/programs.nix

@@ -1,5 +1,7 @@
 {
+  home-manager,
   lib,
+  nixpkgs,
   pkgs,
   ...
 }: {
@@ -11,6 +13,7 @@
     aspellDicts.da
     aspellDicts.en
     aspellDicts.en-computers
+    aspellDicts.en-science
     black
     element-desktop
     firefox-wayland
@@ -47,12 +50,16 @@
       "steam"
       "steam-original"
       "steam-run"
-      "steam-unwrapped"
       "terraform"
     ];
 
   home-manager.users.caspervk = {
     home.sessionVariables = {
+      # The firefox-wayland package works with wayland without any further
+      # configuration, but tor-browser doesn't.
+      # TODO: remove when tor browser is based on firefox v121.
+      # https://www.mozilla.org/en-US/firefox/121.0/releasenotes/
+      MOZ_ENABLE_WAYLAND = 1;
       # https://wiki.archlinux.org/title/Sway#Java_applications
       _JAVA_AWT_WM_NONREPARENTING = 1;
       # https://wiki.nixos.org/wiki/Wayland

modules/desktop/sway.nix

@@ -279,6 +279,7 @@
     home.pointerCursor = {
       package = pkgs.catppuccin-cursors.latteLight;
       name = "catppuccin-latte-light-cursors";
+      size = 24;
       gtk.enable = true;
       x11.enable = true;
     };