Updated vnc command to not force resize display

flake.lock

@@ -7,32 +7,48 @@
         ]
       },
       "locked": {
-        "lastModified": 1720042825,
-        "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
+        "lastModified": 1739757849,
+        "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
+        "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.05",
+        "ref": "release-24.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1736441705,
+        "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1725407940,
-        "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
+        "lastModified": 1740865531,
+        "narHash": "sha256-h00vGIh/jxcGl8aWdfnVRD74KuLpyY3mZgMFMy7iKIc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
+        "rev": "5ef6c425980847c78a80d759abc476e941a9bf42",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-24.05",
+        "ref": "nixos-24.11",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -40,17 +56,19 @@
     "root": {
       "inputs": {
         "home-manager": "home-manager",
+        "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
-        "unstable": "unstable"
+        "unstable": "unstable",
+        "update": "update"
       }
     },
     "unstable": {
       "locked": {
-        "lastModified": 1725432240,
-        "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=",
+        "lastModified": 1755186698,
+        "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "ad416d066ca1222956472ab7d0555a6946746a80",
+        "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
         "type": "github"
       },
       "original": {
@@ -59,6 +77,22 @@
         "repo": "nixpkgs",
         "type": "github"
       }
+    },
+    "update": {
+      "locked": {
+        "lastModified": 1751274312,
+        "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-24.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -2,26 +2,48 @@
   description = "NixOS configuration";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
+    update.url = "github:nixos/nixpkgs/nixos-24.11";
     unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.05";
+      url = "github:nix-community/home-manager/release-24.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 
-  outputs = inputs@{ nixpkgs, home-manager, unstable, ... }:
+  outputs = { nixpkgs, home-manager, unstable, update, nixos-hardware, ... }:
     let
       system = "x86_64-linux";
       pkgs = nixpkgs.legacyPackages.${system};
       unstablePkgs = unstable.legacyPackages.${system};
+      updatePkgs = import update { inherit system; config.allowUnfree = true; };
     in {
       nixosConfigurations = {
         sandy = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
-          specialArgs = { inherit unstablePkgs ; };
+          specialArgs = { inherit unstablePkgs updatePkgs nixos-hardware; };
           modules = [
-            ./configuration.nix
+            ./hosts/sandy/configuration.nix
+            home-manager.nixosModules.home-manager
+            {
+              home-manager = {
+                useGlobalPkgs = true;
+                useUserPackages = true;
+                users.nshields = import ./home.nix;
+                extraSpecialArgs = {
+                  inherit unstablePkgs;
+                };
+              };
+            }
+          ];
+        };
+
+        axl = nixpkgs.lib.nixosSystem {
+          system = "x86_64-linux";
+          specialArgs = { inherit unstablePkgs updatePkgs nixos-hardware; };
+          modules = [
+            ./hosts/axl/configuration.nix
             home-manager.nixosModules.home-manager
             {
               home-manager = {

home.nix

@@ -1,7 +1,7 @@
 { config, pkgs, unstablePkgs, ... }: {
   targets.genericLinux.enable = true;
   home = {
-    stateVersion = "23.11";
+    stateVersion = "24.11";
     file = {
       ".local/bin" = { source = ./scripts; };
     };
@@ -41,9 +41,7 @@
   fonts.fontconfig.enable = true;
 
   home.packages = with pkgs; [
-    cilium-cli
     go
-    packer
     podman
     podman-compose
     ansible
@@ -54,29 +52,16 @@
     htop
     jq
     k9s
-    krew
-    kubectl
-    kubernetes-helm
-    ovftool
     nixfmt
     ranger
     ripgrep
     shellcheck
     shfmt
-    sops
     sysz
     tealdeer
     tmux
-    # @Nikolai This apparently is affected by some vulnerability?
-    # CVE-2024-2660
-    # vault
     whois
-    zoom-us
-    slack
-    unstablePkgs.awscli2
-    unstablePkgs.clusterctl
-    unstablePkgs.fira-code-nerdfont
-  ];
+    ];
 
   programs = {
     home-manager.enable = true;

hosts/axl/configuration.nix

@@ -0,0 +1,73 @@
+{ config, pkgs, updatePkgs, unstablePkgs, nixos-hardware, ... }:
+let
+  keys = import ../../ssh-keys.nix;
+in
+{
+  imports = [
+    ../common/configuration.nix
+    ../common/vnc.nix
+    ./hardware-configuration.nix
+  ];
+
+  networking = {
+    hostId = "7be305c3";
+    hostName = "axl";
+    networkmanager.enable = true;
+  };
+
+  programs.nm-applet.enable = true;
+
+  users.users.nshields = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    description = "Nikolai Shields";
+    extraGroups = [ "lp" "docker" "networkmanager" "wheel" "podman" ];
+    openssh.authorizedKeys.keys = keys.nshields;
+  };
+
+  users.users.benson = {
+    isNormalUser = true;
+    shell = pkgs.bash;
+    description = "Benson Chu";
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = keys.benson;
+  };
+
+  # users.users.hodgson = {
+  #   isNormalUser = true;
+  #   shell = pkgs.zsh;
+  #   description = "[Ralph] Peter Hodgson";
+  #   extraGroups = [ "lp" "wheel" ];
+  #   openssh.authorizedKeys.keys = keys.hodgson;
+  # };
+
+  users.users.peter = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    description = "Peter Hodgson";
+    extraGroups = [ "lp" "wheel" "input" ];
+    openssh.authorizedKeys.keys = keys.hodgson;
+  };
+
+  users.users.zander = {
+    isNormalUser = true;
+    shell = pkgs.bash;
+    description = "Alexander Thannhauser";
+    extraGroups = [ "lp" "wheel" "input" ];
+    openssh.authorizedKeys.keys = keys.zander;
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    flake = "/home/benson/peter-nixos";
+    flags = [
+      "--update-input"
+      "unstable"
+      "-L" # print build logs
+    ];
+    dates = "02:00";
+    randomizedDelaySec = "45min";
+  };
+
+  system.stateVersion = "24.11"; # Did you read the comment?
+}

hosts/axl/hardware-configuration.nix

@@ -0,0 +1,59 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "zpool/root";
+      fsType = "zfs";
+      options = [ "zfsutil" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "zpool/nix";
+      fsType = "zfs";
+      options = [ "zfsutil" ];
+    };
+
+  fileSystems."/var" =
+    { device = "zpool/var";
+      fsType = "zfs";
+      options = [ "zfsutil" ];
+    };
+
+  fileSystems."/home/peter" =
+    { device = "zpool/home/peter";
+      fsType = "zfs";
+      options = [ "zfsutil" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/2882-CD45";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/6469740d-a7fb-4f97-8e96-fb3469a54b64"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/common/configuration.nix

@@ -1,18 +1,8 @@
-{ config, pkgs, unstablePkgs, ... }:
-let
-  keys = import ./ssh-keys.nix;
-in
+{ config, pkgs, updatePkgs, unstablePkgs, nixos-hardware, ... }:
 {
   imports = [
-    ./hardware-configuration.nix
   ];
 
-  networking = {
-    hostId = "7be305c3";
-    hostName = "sandy";
-    networkmanager.enable = true;
-  };
-
   boot.loader = {
     systemd-boot.enable = true;
     efi.canTouchEfiVariables = true;
@@ -38,7 +28,7 @@ in
   nixpkgs.config.allowUnfree = true;
 
   nix = {
-    package = pkgs.nixFlakes;
+    package = pkgs.nixVersions.stable;
     extraOptions = ''
       experimental-features = nix-command flakes
     '';
@@ -47,8 +37,14 @@ in
   programs.zsh.enable = true;
 
   services = {
-    openssh.enable = true;
+    openssh = {
+      enable = true;
+      settings = {
+        X11Forwarding = true;
+      };
+    };
     tailscale.enable = true;
+    # zfs set com.sun:auto-snapshot=true DATASET
     zfs.autoSnapshot.enable = true;
     hardware.bolt.enable = true;
     nscd.enable = true;
@@ -71,13 +67,20 @@ in
       enable = true;
       displayManager.lightdm.enable = true;
       displayManager.startx.enable = true;
-      desktopManager.plasma5.enable = true;
+      # desktopManager.plasma5.enable = true;
       desktopManager.mate.enable = true;
-      displayManager.defaultSession = "plasmawayland";
-      displayManager.autoLogin.enable = true;
-      displayManager.autoLogin.user = "hodgson";
-      layout = "us";
-      xkbVariant = "";
+      xkb = {
+        layout = "us";
+        variant = "";
+      };
+    };
+
+    displayManager = {
+      defaultSession = "mate";
+      autoLogin = {
+        enable = true;
+        user = "peter";
+      };
     };
 
     # emacs = {
@@ -88,7 +91,7 @@ in
 
     avahi = {
       enable = true;
-      nssmdns = true;
+      nssmdns4 = true;
       openFirewall = true;
       publish = {
         enable = true;
@@ -108,9 +111,10 @@ in
         gutenprint
       ];
     };
+
+    fwupd.enable = true;
   };
 
-  sound.enable = true;
   hardware = {
     pulseaudio.enable = false;
     printers = {
@@ -122,38 +126,20 @@ in
     };
   };
 
+  security.pam.services.kwallet = {
+    name = "kwallet";
+    enableKwallet = true;
+  };
+
   security = {
     rtkit.enable = true;
     sudo.wheelNeedsPassword = false;
   };
 
-  users.users.nshields = {
-    isNormalUser = true;
-    shell = pkgs.zsh;
-    description = "Nikolai Shields";
-    extraGroups = [ "lp" "docker" "networkmanager" "wheel" "podman" ];
-    openssh.authorizedKeys.keys = keys.nshields;
-  };
-
-  users.users.benson = {
-    isNormalUser = true;
-    shell = pkgs.zsh;
-    description = "Benson Chu";
-    extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = keys.benson;
-  };
-
-  users.users.hodgson = {
-    isNormalUser = true;
-    shell = pkgs.zsh;
-    description = "Peter Hodgson";
-    extraGroups = [ "lp" "wheel" ];
-    openssh.authorizedKeys.keys = keys.hodgson;
-  };
-
   environment.systemPackages = with pkgs; [
-    gnome.gnome-tweaks
-    gnome.networkmanager-openconnect
+    # why are these here anyway?
+    # gnome.gnome-tweaks
+    # gnome.networkmanager-openconnect
     nss
     htop
     sssd
@@ -163,7 +149,7 @@ in
     glibc
     glib
     openconnect
-    libsForQt5.plasma-thunderbolt
+    # libsForQt5.plasma-thunderbolt
 
     # essential
     git
@@ -172,6 +158,9 @@ in
     tmux
     unstablePkgs.signal-desktop
     gcc
+    tree
+    file
+    bind
 
     # emacs dependencies
     ispell
@@ -181,9 +170,12 @@ in
     libtool
 
     # browsers
-    google-chrome
-    firefox
+    updatePkgs.google-chrome
+    updatePkgs.firefox
     lynx
+    updatePkgs.chromium
+    unstablePkgs.zoom-us
+    audacity
 
     # networking
     curl
@@ -194,11 +186,12 @@ in
     # Other
     racket
     ruby
+    vlc
     (python311.withPackages (pythonPackages: with pythonPackages; [
       urwid
     ]))
 
-    (pkgs.callPackage ./mfcl2690dw/default.nix { })
+    (pkgs.callPackage ../../mfcl2690dw/default.nix { })
 
     tigervnc
   ];
@@ -210,6 +203,4 @@ in
   networking.hosts = {
     "10.0.0.142" = ["BRWBCF4D445BCC3.local"];
   };
-
-  system.stateVersion = "23.11"; # Did you read the comment?
 }

hosts/common/vnc.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+{
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 5900 ];
+  };
+
+  environment.shellAliases = {
+    startvnc = "x0vncserver -PasswordFile=$HOME/.vnc/passwd -rfbport=5900 -AcceptSetDesktopSize=0";
+  };
+}

hosts/sandy/configuration.nix

@@ -0,0 +1,61 @@
+{ config, pkgs, updatePkgs, unstablePkgs, nixos-hardware, ... }:
+let
+  keys = import ../../ssh-keys.nix;
+in
+{
+  imports = [
+    ../common/configuration.nix
+    ./hardware-configuration.nix
+    nixos-hardware.nixosModules.framework-11th-gen-intel
+  ];
+
+  boot.kernelPackages = pkgs.linuxPackages_6_12;
+
+  networking = {
+    hostId = "7be305c3";
+    hostName = "sandy";
+    networkmanager.enable = true;
+  };
+
+  users.users.nshields = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    description = "Nikolai Shields";
+    extraGroups = [ "lp" "docker" "networkmanager" "wheel" "podman" ];
+    openssh.authorizedKeys.keys = keys.nshields;
+  };
+
+  users.users.benson = {
+    isNormalUser = true;
+    shell = pkgs.bash;
+    description = "Benson Chu";
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = keys.benson;
+  };
+
+  users.users.hodgson = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    description = "[Ralph] Peter Hodgson";
+    extraGroups = [ "lp" "wheel" ];
+    openssh.authorizedKeys.keys = keys.hodgson;
+  };
+
+  users.users.peter = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    description = "Peter Hodgson";
+    extraGroups = [ "lp" "wheel" "input" ];
+    openssh.authorizedKeys.keys = keys.hodgson;
+  };
+
+  users.users.zander = {
+    isNormalUser = true;
+    shell = pkgs.bash;
+    description = "Alexander Thannhauser";
+    extraGroups = [ "lp" "wheel" "input" ];
+    openssh.authorizedKeys.keys = keys.zander;
+  };
+
+  system.stateVersion = "24.11"; # Did you read the comment?
+}

ssh-keys.nix

@@ -26,4 +26,8 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtQOHXIfltnEVMxgHlxgUNB/o6Bey6vdMWtwSfo+U4q"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90xfsjQSCH/nKyXlBujpJshZHb9yWzqDH8fLKKl9T2"
   ];
+
+  zander = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDG5Ktw21eX+iWQh0WcU3BUDO7RFwmKCqv39vhC4DdRKfRqCpG8nsv6xPJv9cnPauYLHYmlaJImf6ugejHtD4GrLjhFp2RD8U85TxbqZIKs2bMgqxCb+APeY9QVv0osw8YSoM6NjbgJbzAf9Va3h7ONYJU/Q0qEFip6bIQtDti26/iTi5EgoLWXIkgNL4QRxneC3JZ7Nh6vRNxfv8rXxGl50hgKLNg7eqw+INebk2+Pt0zifnJsgsKPmtiJwKih1+rGnHokk46I7ap/YiZJJiVIbEiGJCHd++qCnu+nsmkJw8TCw73xSkceC8hvtlAvi65+IQ+CLMZCQFz+99Lkq2+/Oe08xVdq9EZCeyL4baIUDpZSS5si7vFWDCIeFQpzSAGrpJzxCNie2ZO1K9lU1687OpcmkCrpmK9V9GxCJWc6LEDnk2Oz8BErFU5GzYsZQcnQ0jjYF5ZiFYXsuepziXtb05995qUSjBC8xgxCW98xMiimNuNelmpuatzI1csIPNU= zander@computer"
+  ];
 }

sunshine.nix

@@ -0,0 +1,39 @@
+{ config, pkgs, updatePkgs, unstablePkgs, ... }:
+{
+  systemd.user.services.sunshine = {
+    description = "Sunshine self-hosted game stream host for Moonlight";
+    wantedBy = ["graphical-session.target"];
+    partOf   = ["graphical-session.target"];
+    startLimitBurst = 5;
+    startLimitIntervalSec = 500;
+    serviceConfig = {
+      ExecStart = "${config.security.wrapperDir}/sunshine";
+      Restart = "on-failure";
+      RestartSec = "5s";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    pkgs.sunshine
+    pkgs.moonlight-qt
+  ];
+
+  security.wrappers.sunshine = {
+    owner = "root";
+    group = "root";
+    capabilities = "cap_sys_admin+p";
+    source = "${pkgs.sunshine}/bin/sunshine";
+  };
+
+  services.avahi.publish.enable = true;
+  services.avahi.publish.userServices = true;
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 47984 47989 47990 48010 ];
+    allowedUDPPortRanges = [
+      { from = 47998; to = 48010; }
+      #{ from = 8000; to = 8010; }
+    ];
+  };
+}