feature(ssl/tls): add my homelab pki root ca to the trust store

Merge pull request 'feature(vpn): enable tailscaled on the system at startup' (#10 ) from feature/tailscale into main
Reviewed-on: #10
2026-01-23 20:20:12 +01:00 · 2026-01-16 19:25:43 +00:00 · 2026-01-16 20:22:48 +01:00 · 2026-01-15 20:45:49 +00:00 · 2026-01-15 21:30:55 +01:00 · 2026-01-10 22:51:49 +00:00
11 changed files with 98 additions and 23 deletions
--- a/README.md
+++ b/README.md
@@ -1,10 +1,10 @@
 # 0x29a nixos config
-My personal nixos configuration files.
+My personal nixos configuration files for different environments.
 ## basic system installation
- The installations in this repository are always luks encrypted
+- The installations presented in this repository are always luks encrypted
 - For simplicity I'm using device labels rather than uuids
 1. the partitioning layout should look somewhat like this after the installation
@@ -111,8 +111,24 @@ $ sudo nixos-rebuild --install-bootloader switch --flake .#host_name
 $ cd /path/to/repo
 $ sudo nix flake update
 $ sudo nixos-rebuild switch --flake .#host_name
 $ sudo nix-collect-garbage
 ```
 ## how to use nix-helper
 The tool nix-helper is installed by this configuration. It simplifies administrating nixos and adds more output to the rebuild command. It also features a diff after a successful build. The command uses the `NH_FLAKE` environment variable to be able to run from whatever directory.
 Basic commands with a set `NH_FLAKE` variable are:
 ```bash
 $ nh os switch
 $ nh os build
 $ nh os test
 $ nh clean all --keep 5
 ```
 There is also the option to interface with home-manager by using `nh home switch`but this isn't necessary since home-manager is imported as a module in this config.
 ## author
 aaron <aaron@0x29a.ch>
--- a/flake.lock
+++ b/flake.lock
@@ -28,11 +28,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766282146,
+        "lastModified": 1768434960,
-        "narHash": "sha256-0V/nKU93KdYGi+5LB/MVo355obBJw/2z9b2xS3bPJxY=",
+        "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "61fcc9de76b88e55578eb5d79fc80f2b236df707",
+        "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b",
        "type": "github"
      },
      "original": {
@@ -43,11 +43,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1766070988,
+        "lastModified": 1768305791,
-        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
+        "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
+        "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
        "type": "github"
      },
      "original": {
@@ -66,11 +66,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1766273987,
+        "lastModified": 1768486009,
-        "narHash": "sha256-Y8hL2zGyt7xn5J1V806GJ9tMEk6NgVlU7xe4dS4fThE=",
+        "narHash": "sha256-I7ymDe6UQooHy9I9wrafKCCDnRbox/EMWAgJgpm7fGs=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "ff00fe1512dfcb31b01d770738de9299b434449b",
+        "rev": "03a638205b5cb04ba9c2ed6c604e137b15f07fa1",
        "type": "github"
      },
      "original": {
@@ -86,11 +86,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1766317205,
+        "lastModified": 1768504094,
-        "narHash": "sha256-PYlMsenwZCG5TrxQSyTraPw8WQwk4FGnbyFdFMuAeYA=",
+        "narHash": "sha256-4BRzwk88XyTeM8IzfQm31AHxGu2YpAorLMG2dpsA6xs=",
        "owner": "noctalia-dev",
        "repo": "noctalia-shell",
-        "rev": "51aa9fe16b0cc0dc4daa7c447843b36923434f2e",
+        "rev": "c083b33dca0f8fc9c9647ee5cc88281a4bb8c69d",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "0x29a ecosystem NixOS flake";
+  description = "0x29a NixOS flake";
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
@@ -28,8 +28,6 @@
          ./hosts/default/configuration.nix
          home-manager.nixosModules.home-manager
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
            home-manager.extraSpecialArgs = { inherit inputs; };
            home-manager.users.aaron.imports = [
              nixvim.homeModules.nixvim
@@ -47,8 +45,6 @@
          ./hosts/neon/configuration.nix
          home-manager.nixosModules.home-manager
          {
            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;
            home-manager.extraSpecialArgs = { inherit inputs; };
            home-manager.users.aaron.imports = [
              nixvim.homeModules.nixvim
--- a/hosts/neon/configuration.nix
+++ b/hosts/neon/configuration.nix
@@ -4,10 +4,11 @@
  imports = [
    ../../modules/nixos/audio.nix
    ../../modules/nixos/bootloader.nix
-    ../../modules/nixos/compositor.nix
+    ../../modules/nixos/certificates.nix
    ../../modules/nixos/gnupg.nix
    ../../modules/nixos/locales.nix
    ../../modules/nixos/networking.nix
    ../../modules/nixos/niri.nix
    ../../modules/nixos/noctalia.nix
    ../../modules/nixos/openssh.nix
    ../../modules/nixos/packages.nix
--- a/modules/nixos/bootloader.nix
+++ b/modules/nixos/bootloader.nix
@@ -17,11 +17,13 @@
  };
  # kernel options
-  boot.kernelParams = [ "quiet" "loglevel=2" ];
+  boot.kernelParams = [ "quiet" "acpi.debug_level=0"];
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.consoleLogLevel = 2;
  # Add boot-related packages
  environment.systemPackages = with pkgs; [
    efibootmgr
    terminus_font
  ];
 }
--- a/modules/nixos/certificates.nix
+++ b/modules/nixos/certificates.nix
@@ -0,0 +1,22 @@
 { config, lib, pkgs, ... }:
 let
  caddyRootCA = ''
    -----BEGIN CERTIFICATE-----
    MIIBozCCAUmgAwIBAgIQf2N1DGp2HVOoPaGuGDEnwjAKBggqhkjOPQQDAjAwMS4w
    LAYDVQQDEyVDYWRkeSBMb2NhbCBBdXRob3JpdHkgLSAyMDI1IEVDQyBSb290MB4X
    DTI1MTEwNjE5NDA1OFoXDTM1MDkxNTE5NDA1OFowMDEuMCwGA1UEAxMlQ2FkZHkg
    TG9jYWwgQXV0aG9yaXR5IC0gMjAyNSBFQ0MgUm9vdDBZMBMGByqGSM49AgEGCCqG
    SM49AwEHA0IABGR9mSgKCSjvcv7LvvIcO84Wpf/KtC/aexT5shSKXd1R97kIyMI5
    SUYz0MzbRZHJ4QMpIeALirOK9Eoy2zht0dKjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
    BgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRHKfIfJrrA2DACFrunVSmdnJHO
    1zAKBggqhkjOPQQDAgNIADBFAiAoqc0+cHeq/8SQN16CKjVvXpZuMkg7NLDoWYMw
    KgmzowIhAJlkxzBdVngwnJu8uPrVizTGF6XtmUHdJ0NDeccEqUCr
    -----END CERTIFICATE-----
  '';
 in
 {
  security.pki.certificates = [
    caddyRootCA # self-signed pki ca for my home-lab
  ];
 }
--- a/modules/nixos/compositor.nix
+++ b/modules/nixos/compositor.nix
--- a/modules/nixos/packages.nix
+++ b/modules/nixos/packages.nix
@@ -9,6 +9,8 @@
    dnsutils
    ethtool
    file
    fwupd
    fwupd-efi
    ghostty
    git
    imagemagick
@@ -31,8 +33,10 @@
    pciutils
    sddm-astronaut
    socat
    sof-firmware
    strace
    sysstat
    terminus_font
    tree
    unzip
    usbutils
--- a/modules/nixos/services.nix
+++ b/modules/nixos/services.nix
@@ -5,5 +5,7 @@
  services = {
    tuned.enable = true;
    upower.enable = true;
    fwupd.enable = true;
    tailscale.enable = true;
  };
 }
--- a/modules/nixos/settings.nix
+++ b/modules/nixos/settings.nix
@@ -1,8 +1,36 @@
 { config, lib, pkgs, ... }:
 {
-  # use flakes and nix command
+  nix = {
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+    # nix settings
    settings = {
      # enable flakes and nix-command
      experimental-features = [ "nix-command" "flakes" ];
      # auto-optimize my nix-store
      auto-optimise-store = true;
      # use all cores
      max-jobs = "auto";  
      # use all available cores per job
      cores = 0;          
      # add trusted substituters (binary caches)
      substituters = [
        "https://cache.nixos.org"
        "https://nix-community.cachix.org"
      ];
      # add keys
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
    };
    # enable automatic garbage collection
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
  };
  # links /libexec from derivations to /run/current-system/sw
  environment.pathsToLink = [ "/libexec" ];
--- a/modules/nixos/steam.nix
+++ b/modules/nixos/steam.nix
@@ -10,6 +10,10 @@
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
    localNetworkGameTransfers.openFirewall = true;
    # add proton-glorious-eggroll
    extraCompatPackages = with pkgs; [
      proton-ge-bin
    ];
  };
  # fix black screen in steam when using xwayland-satellite
Author	SHA1	Message	Date
aaron	35319f58de	feature(ssl/tls): add my homelab pki root ca to the trust store	2026-01-23 20:20:12 +01:00
aaron	cfa9aa2e14	Merge pull request 'feature(vpn): enable tailscaled on the system at startup' (#10 ) from feature/tailscale into main Reviewed-on: #10	2026-01-16 19:25:43 +00:00
aaron	98617c4099	feature(vpn): enable tailscaled on the system at startup	2026-01-16 20:22:48 +01:00
aaron	61cebd469b	Merge pull request 'chore(flake): update flake lock to the latest commits' (#9 ) from feature/update_flake into main Reviewed-on: #9	2026-01-15 20:45:49 +00:00
aaron	86729827e8	chore(flake): update flake lock to the latest commits	2026-01-15 21:30:55 +01:00
aaron	60bf6173c7	Merge pull request 'feature/fix_boot_errors' (#8 ) from feature/fix_boot_errors into main Reviewed-on: #8	2026-01-10 22:51:49 +00:00
aaron	90df3e5ed9	feature(bootloader): add terminus-font to the bootloader dependencies	2026-01-10 23:51:29 +01:00
aaron	22df1df1d7	feature(terminal-font): add terminus terminal font for eye candy	2026-01-10 23:47:01 +01:00
aaron	f5d629d5f5	chore(bootloader): lets just not look at those acpi errors during boot	2026-01-10 23:46:12 +01:00
aaron	9885867cc2	Merge pull request 'feature(fwupd): install and enable fwupd for firmware upgrades' (#7 ) from feature/firmwareupdates into main Reviewed-on: #7	2026-01-09 20:14:11 +00:00
aaron	2cb495848f	feature(fwupd): install and enable fwupd for firmware upgrades	2026-01-09 21:12:55 +01:00
aaron	7e84ba21dc	Merge pull request 'chore(update): upgrade flake' (#6 ) from feature/nix_upgrade into main Reviewed-on: #6	2026-01-09 06:47:44 +00:00
aaron	54dc51eec4	chore(update): upgrade flake	2026-01-09 07:44:13 +01:00
aaron	3c3dd262ae	Merge pull request 'feature(steam): add proton-ge compatibility layer to steam' (#5 ) from feature/proton-ge into main Reviewed-on: #5	2026-01-04 12:04:53 +00:00
aaron	cd683bfa94	feature(steam): add proton-ge compatibility layer to steam	2026-01-04 13:02:44 +01:00
aaron	10a4b462b3	Merge pull request 'optimize build time' (#4 ) from feature/optimize into main Reviewed-on: #4	2025-12-31 10:20:21 +00:00
aaron	5111de5278	refactor(settings): remove redundant options	2025-12-31 11:17:31 +01:00
aaron	3a6b6091d6	feature(settings): add cache, use more cores, auto optimize the nix store	2025-12-31 11:09:09 +01:00
aaron	382cb2b096	refactor(flake): remove home-manager options from flake, since they are already defined in settings	2025-12-31 11:08:26 +01:00
aaron	05245ea56b	refactor(niri): rename the module to niri.nix for clarity	2025-12-31 11:07:37 +01:00
aaron	3ee5cfac97	Merge pull request 'feature(modules): split configuration into nix modules and home-manager modules' (#2 ) from feature/modularize into main Reviewed-on: #2	2025-12-30 17:51:29 +00:00
aaron	2e1c2524fc	refactor(readme): update the readme with a nix-helper section.	2025-12-30 18:50:30 +01:00
aaron	b87d881258	feature(flake): update flake file and update all packages	2025-12-30 18:49:25 +01:00