From cd16985ddc763de89bc3eda4aeb9445b6cb059ee Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 13:53:57 -0300 Subject: [PATCH 1/3] use determinate nix --- aspects/base/nix.nix | 31 +-- flake.lock | 444 +++++++++++++++++++++++++++++++------------ flake.nix | 1 + 3 files changed, 340 insertions(+), 136 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 2442024..29feff8 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -3,24 +3,25 @@ flake.modules.nixos.nix = { inputs, pkgs, ... }: { - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + imports = [ + inputs.nixos-cli.nixosModules.nixos-cli + inputs.determinate.nixosModules.default + ]; - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; + nix.gc = { + automatic = true; + options = "--delete-older-than 8d"; }; + environment.etc."nix/nix.custom.conf".text = '' + auto-optimise-store = true + connect-timeout = 10 + log-lines = 25 + min-free = 128000000 + max-free = 1000000000 + trusted-users = @wheel + ''; + nixpkgs.config = { allowUnfree = true; enableParallelBuilding = true; diff --git a/flake.lock b/flake.lock index 20de064..8b17f1e 100644 --- a/flake.lock +++ b/flake.lock @@ -135,9 +135,66 @@ "type": "github" } }, + "determinate": { + "inputs": { + "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", + "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", + "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", + "nix": "nix", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1771014593, + "narHash": "sha256-NrCFwn20ewJwy/SZoREs+XylerizPCYP54n9qkr31/E=", + "rev": "69b4ff80ae2bbdd1e3f02ccd76a5f2988b118ed2", + "revCount": 397, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.16.0/019c58b5-64dc-77f9-b913-8738b7d338cc/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A" + } + }, + "determinate-nixd-aarch64-darwin": { + "flake": false, + "locked": { + "narHash": "sha256-PUo0u1iNMB8eTlBNFMCW8/UAn1sGKGqsIYlXaDRhx00=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" + } + }, + "determinate-nixd-aarch64-linux": { + "flake": false, + "locked": { + "narHash": "sha256-jiIWiM88xkEpBQeohSxhl83fn2xoZY0nFkrW6CUAIAI=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" + } + }, + "determinate-nixd-x86_64-linux": { + "flake": false, + "locked": { + "narHash": "sha256-qF/NNdHwh3tAHrKIOz2FRq5Q8GcSMzJeEY/PFvGf5vo=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" + } + }, "disko": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1769524058, @@ -170,6 +227,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1767039857, @@ -185,7 +258,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1747046372, @@ -202,6 +275,27 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "determinate", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "revCount": 377, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -219,7 +313,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -237,7 +331,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -258,7 +352,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -295,6 +389,32 @@ "type": "github" } }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": [ + "determinate", + "nix" + ], + "nixpkgs": [ + "determinate", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "revCount": 1026, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" + } + }, "gnome-shell": { "flake": false, "locked": { @@ -401,7 +521,7 @@ "impermanence": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1769548169, @@ -432,10 +552,31 @@ "type": "github" } }, + "nix": { + "inputs": { + "flake-parts": "flake-parts", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": "nixpkgs", + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1771010067, + "narHash": "sha256-Itk88UC3CxjGjjAb20KI6KrM9tRoGEpbv996fXwAWGo=", + "rev": "5c670e37e884c43e1da0405075c9b9c83d316a6c", + "revCount": 24629, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.16.0/019c589d-45e9-7337-9ff0-a8d78fecf63f/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" + } + }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -490,9 +631,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_6", "optnix": "optnix" }, "locked": { @@ -511,17 +652,31 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769330179, - "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", + "revCount": 811874, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" + } + }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" } }, @@ -555,6 +710,22 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1770770419, @@ -571,103 +742,7 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1770843696, - "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1767151656, - "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { + "nixpkgs_10": { "locked": { "lastModified": 1762111121, "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", @@ -683,7 +758,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_11": { "locked": { "lastModified": 1769461804, "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", @@ -699,6 +774,132 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1770537093, + "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "revCount": 942631, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.942631%2Brev-fef9403a3e4d31b0a23f0bacebbec52c248fbb51/019c4621-ce4f-799f-82f6-b3b29f099b09/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1770843696, + "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -746,8 +947,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_5" + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1765418479, @@ -766,8 +967,9 @@ "root": { "inputs": { "agenix": "agenix", + "determinate": "determinate", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", @@ -775,7 +977,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable", "noctalia": "noctalia", "stylix": "stylix", @@ -791,9 +993,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_9", "nur": "nur", "systems": "systems_3", "tinted-foot": "tinted-foot", @@ -893,7 +1095,7 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], @@ -1017,7 +1219,7 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_10", "systems": "systems_5" }, "locked": { @@ -1037,7 +1239,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1771000521, diff --git a/flake.nix b/flake.nix index 2036828..c2f801c 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,7 @@ # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; + determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; From 385586a376cdb9a78c0fb96a93d60f93b3957b69 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 14:03:58 -0300 Subject: [PATCH 2/3] add vagrant to libvirtd aspect; add libvirtd aspect to alexandria --- aspects/hosts/alexandria.nix | 2 +- aspects/libvirtd.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index c0c9f32..55867fa 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,7 +27,7 @@ # other aspects fwupd - lxc + libvirtd ]); }; } diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index 1135306..a21a23d 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -15,6 +15,8 @@ programs.virt-manager.enable = true; + environment.systemPackages = with pkgs; [ vagrant ]; + networking.firewall.trustedInterfaces = [ "virbr0" ]; users.users.user.extraGroups = [ From 79a6bd53bfa9e849bfbd0aa1e6b8340bed1171fc Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 14:56:42 -0300 Subject: [PATCH 3/3] lima instead of vagrant --- aspects/libvirtd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index a21a23d..360743d 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -15,7 +15,7 @@ programs.virt-manager.enable = true; - environment.systemPackages = with pkgs; [ vagrant ]; + environment.systemPackages = with pkgs; [ lima ]; networking.firewall.trustedInterfaces = [ "virbr0" ];