Add commit.gpgsign = true to git config

2026-01-10 08:44:05 +00:00 · 2025-12-14 11:56:13 -05:00
7 changed files with 71 additions and 107 deletions
--- a/README.md
+++ b/README.md
@@ -64,22 +64,3 @@ To cleanup previous files, run nix garbage collection:
 ```sh
 just clean
 ```
 ## Restoring from a live USB
 If the bootloader for some reason breaks (i.e. motherboard firmware upgrade), restore it from a live USB by running the following commands:
 ```console
 $ sudo cryptsetup luksOpen /dev/nvme0n1p2 crypted-nixos
 Enter passphrase for /dev/nvme0n1p2: ********
 $ sudo mount /dev/vg/root /mnt
 $ sudo mount /dev/nvme0n1p1 /mnt/boot/efi
 $ sudo nixos-enter --root /mnt
 $ hostname <hostname>
 ```
 Navigate to the nix-config directory and run:
 ```sh
 just rebuild-boot
 ```
--- a/common-packages.nix
+++ b/common-packages.nix
@@ -25,8 +25,6 @@
    github-cli
    hadolint
    lazygit
    macchina
    ncdu
    progress
    ripgrep
    shellcheck
@@ -87,6 +85,7 @@
    nvd
    # python
    poetry
    virtualenv
    # media
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767634391,
+        "lastModified": 1765066094,
-        "narHash": "sha256-owcSz2ICqTSvhBbhPP+1eWzi88e54rRZtfCNE5E/wwg=",
+        "narHash": "sha256-0YSU35gfRFJzx/lTGgOt6ubP8K6LeW0vaywzNNqxkl4=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "08585aacc3d6d6c280a02da195fdbd4b9cf083c2",
+        "rev": "688427b1aab9afb478ca07989dc754fa543e03d5",
        "type": "github"
      },
      "original": {
@@ -30,12 +30,12 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1766549083,
+        "lastModified": 1765254444,
-        "narHash": "sha256-G1Hljg7vIBt8n9cxO382YAZWtZU/mYfQcg3icdNG8RQ=",
+        "narHash": "sha256-kAO/ZeBnjaF+uqOP6qweXlRk2ylocLuv/9Dn8FsuPlU=",
-        "rev": "ba8999fac986e70f52b4cba15047be7bbb7b6346",
+        "rev": "3ccc0297525e51ac3d7905509e0616c9c8350108",
-        "revCount": 318,
+        "revCount": 316,
        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.1/019b4e8a-dc22-75db-aef5-a447efbb1a13/source.tar.gz"
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.14.0/019b0160-c5de-7941-9c26-cb47bc17eec3/source.tar.gz"
      },
      "original": {
        "type": "tarball",
@@ -45,37 +45,37 @@
    "determinate-nixd-aarch64-darwin": {
      "flake": false,
      "locked": {
-        "narHash": "sha256-uWDS94cAYprGj+AwuT42nuuDDicRLj1S0JwalZGeBRU=",
+        "narHash": "sha256-6PWoqx52nvlWzlElTjcn7KAPKitfcKZYEFSsC3PoEoE=",
        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS"
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/macOS"
      },
      "original": {
        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS"
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/macOS"
      }
    },
    "determinate-nixd-aarch64-linux": {
      "flake": false,
      "locked": {
-        "narHash": "sha256-uHBcZCh2/Bj5/88TDihupA336tSQDk7s5lVP66IDAX0=",
+        "narHash": "sha256-b1e25BUPL7Qf0QVbYlfZ/+QiClrP/SHIjMPtA47aOLc=",
        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux"
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/aarch64-linux"
      },
      "original": {
        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux"
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/aarch64-linux"
      }
    },
    "determinate-nixd-x86_64-linux": {
      "flake": false,
      "locked": {
-        "narHash": "sha256-y+l05H6GNv/1WcrMztDYem8VBWqjc9gNg4WjeQ1PQxo=",
+        "narHash": "sha256-8EI2f8IftPcRFlR6K4+cpIEAVf5UIeMCjHysEtVqDw0=",
        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux"
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/x86_64-linux"
      },
      "original": {
        "type": "file",
-        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux"
+        "url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/x86_64-linux"
      }
    },
    "flake-compat": {
@@ -123,11 +123,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1765835352,
+        "lastModified": 1765495779,
-        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
+        "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
+        "rev": "5635c32d666a59ec9a55cab87e898889869f7b71",
        "type": "github"
      },
      "original": {
@@ -203,11 +203,11 @@
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1767850628,
+        "lastModified": 1765605144,
-        "narHash": "sha256-D3QzdIT11J66I4mzwmIpAGLzPAcbCS2VaKN8fmOe6+E=",
+        "narHash": "sha256-RM2xs+1HdHxesjOelxoA3eSvXShC8pmBvtyTke4Ango=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "8c8a16d41353a174767c38b962359b51a56ca02e",
+        "rev": "90b62096f099b73043a747348c11dbfcfbdea949",
        "type": "github"
      },
      "original": {
@@ -254,12 +254,12 @@
        "nixpkgs-regression": "nixpkgs-regression"
      },
      "locked": {
-        "lastModified": 1766546676,
+        "lastModified": 1765252170,
-        "narHash": "sha256-GsC52VFF9Gi2pgP/haQyPdQoF5Qe2myk1tsPcuJZI28=",
+        "narHash": "sha256-p98D44tYJMgB5Qet5S8cTQFdffk/GmoaGkpQtZ3hqJU=",
-        "rev": "51dacdd248e8071cd0243a8245c8c42ac1f33307",
+        "rev": "1ddd28880651054346c34009d7bb9de36f1db2c1",
-        "revCount": 24299,
+        "revCount": 23362,
        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.1/019b4e84-d036-75db-b6c6-6bc2e2035c53/source.tar.gz"
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.14.0/019b0159-8907-7fab-a120-9d287c7e6d2e/source.tar.gz"
      },
      "original": {
        "type": "tarball",
@@ -298,11 +298,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1767873505,
+        "lastModified": 1765719588,
-        "narHash": "sha256-UP55tLruQPznPL6IMxTzRtx/jhvVhxMuF+CUpH78New=",
+        "narHash": "sha256-0VT36Ig9Z5rgXtQ4dgVgrDPS1UrASffWC/r4O9zFUaE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "f244e841501d61e8fda288c2a9f56ca46e4429de",
+        "rev": "f9a7fdd6101319fb1220d0905909aea54e5d8999",
        "type": "github"
      },
      "original": {
@@ -330,11 +330,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1767767207,
+        "lastModified": 1765472234,
-        "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
+        "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5912c1772a44e31bf1c63c0390b90501e5026886",
+        "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b",
        "type": "github"
      },
      "original": {
@@ -346,12 +346,12 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1766314097,
+        "lastModified": 1764611609,
-        "narHash": "sha256-laJftWbghBehazn/zxVJ8NdENVgjccsWAdAqKXhErrM=",
+        "narHash": "sha256-yU9BNcP0oadUKupw0UKmO9BKDOVIg9NStdJosEbXf8U=",
-        "rev": "306ea70f9eb0fb4e040f8540e2deab32ed7e2055",
+        "rev": "8c29968b3a942f2903f90797f9623737c215737c",
-        "revCount": 914780,
+        "revCount": 905078,
        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.914780%2Brev-306ea70f9eb0fb4e040f8540e2deab32ed7e2055/019b49b8-ed0f-724e-bdaf-5fd90cc1c590/source.tar.gz"
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.905078%2Brev-8c29968b3a942f2903f90797f9623737c215737c/019add91-3add-7a0d-8a25-9569cbe01efe/source.tar.gz"
      },
      "original": {
        "type": "tarball",
@@ -360,11 +360,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1767799921,
+        "lastModified": 1764983851,
-        "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=",
+        "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d351d0653aeb7877273920cd3e823994e7579b0b",
+        "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",
        "type": "github"
      },
      "original": {
@@ -376,11 +376,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1767799921,
+        "lastModified": 1765608474,
-        "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=",
+        "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d351d0653aeb7877273920cd3e823994e7579b0b",
+        "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71",
        "type": "github"
      },
      "original": {
@@ -416,11 +416,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1767448089,
+        "lastModified": 1765647805,
-        "narHash": "sha256-U1fHsZBnFrUil731NHD9Sg5HoiG+eSHau8OFuClhwW0=",
+        "narHash": "sha256-CdaiOfpBiS4kw/DR0Ut+02fpFnjM8hNZMZ53a1pavak=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "983751b66f255bbea1adc185364e9e7b73f82358",
+        "rev": "f0b0cc7cae2cf5d76608c9164ab8824a2387e146",
        "type": "github"
      },
      "original": {
@@ -516,11 +516,11 @@
        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
-        "lastModified": 1766183672,
+        "lastModified": 1764077616,
-        "narHash": "sha256-24+gJj4UsxwQmdxSS3Aqo2fl0Ep13sYrTDvcHY24mwA=",
+        "narHash": "sha256-5bhF1Pdrz5yq9mSMWzoPRKDx6fedRr55A8+v556MD/I=",
        "owner": "davegallant",
        "repo": "vpngate",
-        "rev": "a668484da6b969d29dd2f74d5a4f2323fb48beef",
+        "rev": "eda46dcce93b9246784e684e9cb7e8b96d53ee1d",
        "type": "github"
      },
      "original": {
--- a/home.nix
+++ b/home.nix
@@ -138,13 +138,11 @@ in
          set -x PATH $PATH $GOBIN
          source $HOME/work.fish
        # '';
-      shellInit = ''
+          atuin init fish | source
-        atuin init fish | source
+          helm completion fish | source
-        helm completion fish | source
+          kubectl completion fish | source
-        kubectl completion fish | source
+        # '';
      '';
      shellAliases = {
        ".." = "cd ..";
--- a/hosts/hephaestus.nix
+++ b/hosts/hephaestus.nix
@@ -1,5 +1,4 @@
 {
  config,
  lib,
  inputs,
@@ -55,7 +54,7 @@
      ];
      luks.devices."root" = {
        allowDiscards = true;
-        device = "/dev/disk/by-uuid/89a14ac5-7723-4a0a-bb95-fb2fb2e92160";
+        device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
        preLVM = true;
        keyFile = "./keyfile0.bin";
      };
@@ -70,7 +69,7 @@
    [
      bleachbit
      calibre
-      clamtk
+      chromium
      cryptsetup
      dbeaver-bin
      discord
@@ -79,10 +78,8 @@
      google-chrome
      hardinfo2
      httpie-desktop
      heroic
      iputils
      kdePackages.bluedevil
      kdePackages.kcalc
      kdePackages.kcharselect
      kdePackages.kclock
      kdePackages.kcolorchooser
@@ -99,13 +96,12 @@
      pika-backup
      pinentry-curses
      pinta
-      protonup-qt
+      protonvpn-gui
-      qbittorrent
+      qalculate-qt
      qemu
      traceroute
      unrar
      unstable.beszel
      unstable.ktailctl
      unstable.mcpelauncher-ui-qt
      unstable.obsidian
      unstable.podman
@@ -128,11 +124,15 @@
  fileSystems = {
    "/" = {
-      device = "/dev/disk/by-uuid/7f4f0948-041c-47e9-ab28-53132026f158";
+      device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
      fsType = "ext4";
    };
    "/home" = {
      device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
      fsType = "ext4";
    };
    "/boot/efi" = {
-      device = "/dev/disk/by-uuid/F1BD-5227";
+      device = "/dev/disk/by-uuid/3CFD-D749";
      fsType = "vfat";
    };
    "/mnt/synology-2b/media" = {
@@ -149,6 +149,7 @@
    dejavu_fonts
    fira-mono
    font-awesome
    google-fonts
    liberation_ttf
    nerd-fonts.droid-sans-mono
    nerd-fonts.fira-code
@@ -223,13 +224,6 @@
    };
  };
  services = {
     mullvad-vpn = {
       enable = true;
       package = pkgs.mullvad-vpn;
     };
  };
  system = {
    autoUpgrade.enable = true;
    stateVersion = "25.11";
@@ -248,7 +242,6 @@
  nix = {
    extraOptions = "experimental-features = nix-command flakes";
    settings.trusted-users = [ "root" "@wheel" ];
  };
  users.users.dave = {
@@ -256,6 +249,7 @@
    extraGroups = [
      "wheel"
      "libvirtd"
      "corectrl"
    ];
    shell = pkgs.fish;
  };
@@ -325,9 +319,6 @@
    package = unstable.tailscale;
  };
  services.clamav.daemon.enable = true;
  services.clamav.updater.enable = true;
  services.opensnitch = {
    enable = true;
    rules = {
--- a/hosts/zelus.nix
+++ b/hosts/zelus.nix
@@ -112,9 +112,8 @@
      "stats"
      "steam"
      "taskexplorer"
-      "tailscale-app"
+      "tailscale"
      "vlc"
      "whisky"
      "zed"
    ];
@@ -125,6 +124,5 @@
      "homebrew/cask-versions"
      "homebrew/services"
    ];
  };
 }
--- a/7
+++ b/7
@@ -5,13 +5,10 @@ alias r := rebuild
 arch := `uname -s`
-cmd := if arch == "Linux" { "nixos-rebuild --sudo" } else { "sudo darwin-rebuild" }
+cmd := if arch == "Linux" { "nixos-rebuild --sudo" } else { "darwin-rebuild" }
 rebuild:
-  $cmd switch --flake .
+  sudo $cmd switch --flake . -I nixos-config="hosts/$(hostname).nix" --show-trace
 rebuild-boot:
  $cmd boot --flake . --install-bootloader
 rollback:
  sudo $cmd switch --rollback --flake .