From 17158618ee6330e0063788e51d0d2fbe3eece2b0 Mon Sep 17 00:00:00 2001 From: aaron Date: Sat, 21 Mar 2026 16:37:31 +0100 Subject: [PATCH 1/9] refactor(docker): move the docker group to the respective nix module instead of adding the user per default --- modules/nixos/docker.nix | 3 +++ modules/nixos/users.nix | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/nixos/docker.nix b/modules/nixos/docker.nix index 4a95905..c9ea036 100644 --- a/modules/nixos/docker.nix +++ b/modules/nixos/docker.nix @@ -1,6 +1,9 @@ { config, lib, pkgs, ...}: { + # add docker group to user + users.users.aaron.extraGroups = [ "docker" ]; + virtualisation.docker = { enable = true; # Customize Docker daemon settings diff --git a/modules/nixos/users.nix b/modules/nixos/users.nix index 3cd98a3..de34ecc 100644 --- a/modules/nixos/users.nix +++ b/modules/nixos/users.nix @@ -5,7 +5,7 @@ users.users.aaron = { isNormalUser = true; group = "users"; - extraGroups = [ "wheel" "networkmanager" "docker" ]; + extraGroups = [ "wheel" "networkmanager" ]; shell = pkgs.zsh; }; -- 2.47.3 From 8b616b65afc88955ce52d0d570cb774e3f1fdca6 Mon Sep 17 00:00:00 2001 From: aaron Date: Sat, 21 Mar 2026 16:38:17 +0100 Subject: [PATCH 2/9] refactor(default): remove hardware import from default target since it is a dublicate --- hosts/default/configuration.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix index e8b1b3d..86182ac 100644 --- a/hosts/default/configuration.nix +++ b/hosts/default/configuration.nix @@ -3,11 +3,6 @@ { pkgs, lib, ... }: { - imports = - [ - ./hardware-configuration.nix - ]; - # use flakes nix.settings.experimental-features = [ "nix-command" "flakes" ]; -- 2.47.3 From a02da7f66d7efd2453facd510dfb9bb1d0795d7e Mon Sep 17 00:00:00 2001 From: aaron Date: Sat, 21 Mar 2026 16:38:55 +0100 Subject: [PATCH 3/9] refactor(programs): uninstall screenfetch since it is unmaintained software --- modules/home-manager/programs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home-manager/programs.nix b/modules/home-manager/programs.nix index d0ac262..82bcc76 100644 --- a/modules/home-manager/programs.nix +++ b/modules/home-manager/programs.nix @@ -6,7 +6,6 @@ discord fastfetch keepassxc - screenfetch devenv ]; -- 2.47.3 From 619c00e67865e8d1a5d79767fd46e7d33a1fd6b5 Mon Sep 17 00:00:00 2001 From: aaron Date: Sat, 21 Mar 2026 16:39:30 +0100 Subject: [PATCH 4/9] refactor(locales): fix internationalisation to switzerland norms --- modules/nixos/locales.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/nixos/locales.nix b/modules/nixos/locales.nix index 5c91d2d..2e81af9 100644 --- a/modules/nixos/locales.nix +++ b/modules/nixos/locales.nix @@ -4,18 +4,18 @@ # set the time zone time.timeZone = "Europe/Zurich"; - # set internationalisation properties + # keep system language in english, but use swiss locale for formatting i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; + LC_ADDRESS = "de_CH.UTF-8"; + LC_IDENTIFICATION = "de_CH.UTF-8"; + LC_MEASUREMENT = "de_CH.UTF-8"; + LC_MONETARY = "de_CH.UTF-8"; + LC_NAME = "de_CH.UTF-8"; + LC_NUMERIC = "de_CH.UTF-8"; + LC_PAPER = "de_CH.UTF-8"; + LC_TELEPHONE = "de_CH.UTF-8"; + LC_TIME = "de_CH.UTF-8"; }; # set console font and keymap -- 2.47.3 From 32a62aadd4890ab2cfb7a01595fa7beedb088614 Mon Sep 17 00:00:00 2001 From: aaron Date: Sat, 21 Mar 2026 16:40:24 +0100 Subject: [PATCH 5/9] refactor(networking): drop wireless enable since it installs wpa_supplicant and rely on networkmanager instead --- modules/nixos/networking.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/nixos/networking.nix b/modules/nixos/networking.nix index 27bad69..04d716e 100644 --- a/modules/nixos/networking.nix +++ b/modules/nixos/networking.nix @@ -8,9 +8,8 @@ networking.firewall.allowedTCPPorts = [ ]; networking.firewall.allowedUDPPorts = [ ]; - # enable wifi + # enable wifi firmware hardware.enableAllFirmware = true; - networking.wireless.enable = true; # enable bluetooth hardware.bluetooth.enable = true; -- 2.47.3 From b480e8224d20e43e96ed14c2d0032aab99546d61 Mon Sep 17 00:00:00 2001 From: aaron Date: Sat, 21 Mar 2026 16:41:34 +0100 Subject: [PATCH 6/9] refactor(flake): simplify nix flake by deduplication --- flake.nix | 78 +++++++++++++++++-------------------------------------- 1 file changed, 24 insertions(+), 54 deletions(-) diff --git a/flake.nix b/flake.nix index 9683f2f..be2e4a0 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { description = "0x29a NixOS flake"; - + inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; home-manager = { @@ -16,60 +16,30 @@ inputs.nixpkgs.follows = "nixpkgs"; }; }; - - outputs = { self, nixpkgs, home-manager, nixvim, ... }@inputs: { + + outputs = { self, nixpkgs, home-manager, nixvim, ... }@inputs: + let + mkHost = hostName: nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./hosts/${hostName}/hardware-configuration.nix + ./hosts/${hostName}/configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.users.aaron.imports = [ + nixvim.homeModules.nixvim + ./users/aaron/home.nix + ]; + } + ]; + }; + in { nixosConfigurations = { - - default = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/default/hardware-configuration.nix - ./hosts/default/configuration.nix - home-manager.nixosModules.home-manager - { - home-manager.extraSpecialArgs = { inherit inputs; }; - home-manager.users.aaron.imports = [ - nixvim.homeModules.nixvim - ./users/aaron/home.nix - ]; - } - ]; - }; - - neon = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/neon/hardware-configuration.nix - ./hosts/neon/configuration.nix - home-manager.nixosModules.home-manager - { - home-manager.extraSpecialArgs = { inherit inputs; }; - home-manager.users.aaron.imports = [ - nixvim.homeModules.nixvim - ./users/aaron/home.nix - ]; - } - ]; - }; - - argon = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/argon/hardware-configuration.nix - ./hosts/argon/configuration.nix - home-manager.nixosModules.home-manager - { - home-manager.extraSpecialArgs = { inherit inputs; }; - home-manager.users.aaron.imports = [ - nixvim.homeModules.nixvim - ./users/aaron/home.nix - ]; - } - ]; - }; + default = mkHost "default"; + neon = mkHost "neon"; + argon = mkHost "argon"; }; }; } -- 2.47.3 From 02a5d03d1aa49f0e081c9b866f262e36bd8b5010 Mon Sep 17 00:00:00 2001 From: aaron Date: Sat, 21 Mar 2026 16:43:05 +0100 Subject: [PATCH 7/9] refactor(packages): move installed packages to their respective nix modules --- modules/nixos/packages.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/modules/nixos/packages.nix b/modules/nixos/packages.nix index 9c17fd5..85a5a79 100644 --- a/modules/nixos/packages.nix +++ b/modules/nixos/packages.nix @@ -1,24 +1,19 @@ { config, lib, pkgs, ... }: { - # system packges + # system packages environment.systemPackages = with pkgs; [ - alacritty btop cowsay dnsutils ethtool file - fwupd - fwupd-efi - ghostty git imagemagick imv iperf3 jq kdePackages.qtmultimedia - kitty ldns lm_sensors lsof @@ -31,12 +26,10 @@ nvd p7zip pciutils - sddm-astronaut socat sof-firmware strace sysstat - terminus_font tree unzip usbutils -- 2.47.3 From 4e9ffcf6bdfd67e1ade61d430de96347f822a3fa Mon Sep 17 00:00:00 2001 From: aaron Date: Sat, 21 Mar 2026 16:43:43 +0100 Subject: [PATCH 8/9] refactor(unfree): move the unfree setting to the settings module --- modules/nixos/settings.nix | 5 +++-- modules/nixos/steam.nix | 3 --- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/nixos/settings.nix b/modules/nixos/settings.nix index 2a1a218..cf3bfb3 100644 --- a/modules/nixos/settings.nix +++ b/modules/nixos/settings.nix @@ -32,10 +32,11 @@ }; }; + # allow unfree packages (steam, protonvpn, discord, etc.) + nixpkgs.config.allowUnfree = true; + # links /libexec from derivations to /run/current-system/sw environment.pathsToLink = [ "/libexec" ]; - # set the default editor to vim - environment.variables.EDITOR = "vim"; # enable home-manager globally home-manager.useGlobalPkgs = true; diff --git a/modules/nixos/steam.nix b/modules/nixos/steam.nix index 55f5345..6e9d450 100644 --- a/modules/nixos/steam.nix +++ b/modules/nixos/steam.nix @@ -1,9 +1,6 @@ { config, lib, pkgs, ... }: { - # allow unfree to install steam - nixpkgs.config.allowUnfree = true; - # enable steam and open firewall programs.steam = { enable = true; -- 2.47.3 From 9a8090dac2e4108962052fde42a4f897ae4eee14 Mon Sep 17 00:00:00 2001 From: aaron Date: Sat, 21 Mar 2026 16:45:09 +0100 Subject: [PATCH 9/9] refactor(wireguard): set checkReversePath to loose instead of false --- modules/nixos/protonvpn.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/nixos/protonvpn.nix b/modules/nixos/protonvpn.nix index 19e8af8..956f120 100644 --- a/modules/nixos/protonvpn.nix +++ b/modules/nixos/protonvpn.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, ... }: { - networking.firewall.checkReversePath = false; + # protonvpn uses wireguard tunnels, which break strict reverse path filtering + # because packets arrive on the tunnel interface but may be routed back differently. + # "loose" checks that the source is routable through *any* interface (not necessarily + # the same one), which is sufficient for wireguard while still preventing IP spoofing. + networking.firewall.checkReversePath = "loose"; + environment.systemPackages = with pkgs; [ - wireguard-tools protonvpn-gui ]; } -- 2.47.3