diff --git a/flake.lock b/flake.lock index b2469bc..1108c56 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1739757849, - "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "lastModified": 1744117652, + "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nix-flatpak": { "locked": { - "lastModified": 1739444422, - "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", + "lastModified": 1741903049, + "narHash": "sha256-8Y8brH04JjSLrCLvBEbhK9vOu7lhQhqUBW4kI3tifdI=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", + "rev": "42c7fb2702219b86a8f5969c3475ce594c28f5d0", "type": "github" }, "original": { @@ -59,11 +59,11 @@ ] }, "locked": { - "lastModified": 1737057290, - "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "type": "github" }, "original": { @@ -74,11 +74,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740089251, - "narHash": "sha256-Y78mDBWoO8CLLTjQfPfII+KXFb6lAmF9GrLbyVBsIMM=", + "lastModified": 1743420942, + "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "18e9f9753e9ae261bcc7d3abe15745686991fd30", + "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", "type": "github" }, "original": { @@ -88,29 +88,13 @@ "type": "github" } }, - "nixpkgs": { + "nixos-unstable": { "locked": { - "lastModified": 1739923778, - "narHash": "sha256-BqUY8tz0AQ4to2Z4+uaKczh81zsGZSYxjgvtw+fvIfM=", + "lastModified": 1743964447, + "narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "36864ed72f234b9540da4cf7a0c49e351d30d3f1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1739866667, - "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680", + "rev": "063dece00c5a77e4a0ea24e5e5a5bd75232806f8", "type": "github" }, "original": { @@ -120,14 +104,30 @@ "type": "github" } }, + "nixpkgs": { + "locked": { + "lastModified": 1743975612, + "narHash": "sha256-o4FjFOUmjSRMK7dn0TFdAT0RRWUWD+WsspPHa+qEQT8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a880f49904d68b5e53338d1e8c7bf80f59903928", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "home-manager": "home-manager", "nix-flatpak": "nix-flatpak", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixos-unstable": "nixos-unstable", + "nixpkgs": "nixpkgs" } } }, diff --git a/flake.nix b/flake.nix index b3ed743..b58165f 100644 --- a/flake.nix +++ b/flake.nix @@ -19,7 +19,7 @@ }; # NixOS unstable channel - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; # ready made hardware configurations. e.G.: Power saving nixos-hardware.url = "github:NixOS/nixos-hardware/master"; @@ -35,7 +35,7 @@ self, nixpkgs, nixos-hardware, - nixpkgs-unstable, + nixos-unstable, nix-flatpak, home-manager, nixos-generators, @@ -53,7 +53,7 @@ host_helper = hostname: { ${hostname} = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs;} // {inherit nixos-unstable;}; modules = [ ./hosts/${hostname}/${hostname}.nix ]; @@ -74,7 +74,7 @@ #nixosModules = import ./modules/nixos; # Reusable home-manager modules you might want to export # These are usually stuff you would upstream into home-manager - homeManagerModules = import ./modules/home-manager; + #homeManagerModules = import ./modules/home-manager; # NixOS configuration entrypoint # Available through 'nixos-rebuild --flake .#your-hostname' diff --git a/hosts/crocoite/boot.nix b/hosts/crocoite/boot.nix index 1961f9e..c722e65 100644 --- a/hosts/crocoite/boot.nix +++ b/hosts/crocoite/boot.nix @@ -1,4 +1,4 @@ -{...}: { +{ boot.loader = { systemd-boot.enable = true; systemd-boot.configurationLimit = 20; diff --git a/hosts/crocoite/crocoite.nix b/hosts/crocoite/crocoite.nix index c48608e..40e6bdf 100644 --- a/hosts/crocoite/crocoite.nix +++ b/hosts/crocoite/crocoite.nix @@ -2,6 +2,7 @@ pkgs, inputs, modulesPath, + nixos-unstable, ... }: { networking.hostName = "crocoite"; # Define your hostname. @@ -78,5 +79,7 @@ ../../modules/wm_and_de ../../modules/pkg_mgrmnt + + # ../../tests ]; } diff --git a/hosts/factorio/boot.nix b/hosts/factorio/boot.nix index 0c1d56d..52fae81 100644 --- a/hosts/factorio/boot.nix +++ b/hosts/factorio/boot.nix @@ -1,4 +1,4 @@ -{...}: { +{ # Use the GRUB 2 boot loader. #boot.loader.grub.enable = true; # Define on which hard drive you want to install Grub. diff --git a/modules/accessibility.nix b/modules/accessibility.nix index b26d138..01f1247 100644 --- a/modules/accessibility.nix +++ b/modules/accessibility.nix @@ -1,4 +1,4 @@ -{...}: { +{ services = { speechd.enable = true; orca.enable = true; diff --git a/modules/default.nix b/modules/default.nix index ef6fbfe..3d82f4f 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ #./plymouth.nix ./accessibility.nix diff --git a/modules/firewall.nix b/modules/firewall.nix index d61c660..cc4dba0 100644 --- a/modules/firewall.nix +++ b/modules/firewall.nix @@ -1,7 +1,9 @@ -{...}: { +{ + networking.firewall = { + enable = false; + # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [8080 10001 10002]; - networking.firewall.allowedUDPPorts = [8080 10001 10002]; - # Or disable the firewall altogether. - networking.firewall.enable = false; + allowedTCPPorts = [8080 10001 10002]; + allowedUDPPorts = [8080 10001 10002]; + }; } diff --git a/modules/hardware/bluetooth.nix b/modules/hardware/bluetooth.nix index d25a0ec..900e469 100644 --- a/modules/hardware/bluetooth.nix +++ b/modules/hardware/bluetooth.nix @@ -1,4 +1,4 @@ -{...}: { +{ hardware.bluetooth.enable = true; # enables support for Bluetooth hardware.bluetooth.powerOnBoot = false; # powers up the default Bluetooth controller on boot diff --git a/modules/hardware/default.nix b/modules/hardware/default.nix index 911e5ca..e24baff 100644 --- a/modules/hardware/default.nix +++ b/modules/hardware/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ ./bluetooth.nix ./fwupd.nix diff --git a/modules/hardware/fwupd.nix b/modules/hardware/fwupd.nix index e3754bf..ebb5ec3 100644 --- a/modules/hardware/fwupd.nix +++ b/modules/hardware/fwupd.nix @@ -1,4 +1,4 @@ -{...}: { +{ # A system daemon to allow session software to update firmware services.fwupd.enable = true; } diff --git a/modules/hardware/trackpoint.nix b/modules/hardware/trackpoint.nix index aca3024..fd76c03 100644 --- a/modules/hardware/trackpoint.nix +++ b/modules/hardware/trackpoint.nix @@ -1,4 +1,4 @@ -{...}: { +{ # probably does nothing on my amd laptop. need to check hardware.trackpoint.speed = 200; } diff --git a/modules/locale.nix b/modules/locale.nix index e3cae41..f4903ee 100644 --- a/modules/locale.nix +++ b/modules/locale.nix @@ -1,4 +1,4 @@ -{...}: { +{ # Set your time zone. time.timeZone = "Europe/Berlin"; diff --git a/modules/pkg_mgrmnt/default.nix b/modules/pkg_mgrmnt/default.nix index 57e40d2..49732db 100644 --- a/modules/pkg_mgrmnt/default.nix +++ b/modules/pkg_mgrmnt/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ ./flatpak.nix ./podman.nix diff --git a/modules/pkg_mgrmnt/flatpak.nix b/modules/pkg_mgrmnt/flatpak.nix index 54b2cef..023ed07 100644 --- a/modules/pkg_mgrmnt/flatpak.nix +++ b/modules/pkg_mgrmnt/flatpak.nix @@ -1,4 +1,4 @@ -{...}: { +{ services.flatpak = { enable = true; update.auto = { diff --git a/modules/pkg_mgrmnt/garbage-collect.nix b/modules/pkg_mgrmnt/garbage-collect.nix index 46a517b..1a5d7d5 100644 --- a/modules/pkg_mgrmnt/garbage-collect.nix +++ b/modules/pkg_mgrmnt/garbage-collect.nix @@ -1,4 +1,4 @@ -{...}: { +{ nix = { optimise = { automatic = true; diff --git a/modules/sec_auth/default.nix b/modules/sec_auth/default.nix index cadf739..2bfd404 100644 --- a/modules/sec_auth/default.nix +++ b/modules/sec_auth/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ ./apparmor.nix ./firejail.nix diff --git a/modules/software/android.nix b/modules/software/android.nix index 766f4f4..a31f709 100644 --- a/modules/software/android.nix +++ b/modules/software/android.nix @@ -1,4 +1,4 @@ -{...}: { +{ # for running android apps # also starts the systemd service waydroid-container virtualisation.waydroid.enable = true; diff --git a/modules/software/audio_video.nix b/modules/software/audio_video.nix deleted file mode 100644 index 49df916..0000000 --- a/modules/software/audio_video.nix +++ /dev/null @@ -1,62 +0,0 @@ -{pkgs, ...}: { - # Enable sound with pipewire - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa = { - enable = true; - support32Bit = true; - }; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - jack.enable = true; - extraConfig.pipewire."99-input-denoise" = { - "context.modules" = [ - { - "name" = "libpipewire-module-filter-chain"; - "args" = { - "node.description" = "Noise Canceling source"; - "media.name" = "Noise Canceling source"; - "filter.graph" = { - "nodes" = [ - { - "type" = "ladspa"; - "name" = "rnnoise"; - "plugin" = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"; - "label" = "noise_suppressor_stereo"; - "control" = { - "VAD Threshold (%)" = 75.0; - }; - } - ]; - }; - "audio.position" = [ - "FL" - "FR" - ]; - "capture.props" = { - "node.name" = "effect_input.rnnoise"; - "node.passive" = true; - }; - "playback.props" = { - "node.name" = "effect_output.rnnoise"; - "media.class" = "Audio/Source"; - }; - }; - } - ]; - }; - }; - environment.systemPackages = with pkgs; [ - helvum - pwvucontrol - lxqt.pavucontrol-qt - - qpwgraph - easyeffects - non - - roc-toolkit - ]; -} diff --git a/modules/software/audio_video/audio_video.nix b/modules/software/audio_video/audio_video.nix new file mode 100644 index 0000000..e878b5a --- /dev/null +++ b/modules/software/audio_video/audio_video.nix @@ -0,0 +1,30 @@ +{pkgs, ...}: { + # Enable sound with pipewire + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + + services.pipewire = { + enable = true; + + # If you want to use JACK applications, uncomment this + jack.enable = true; + pulse.enable = true; + + alsa = { + enable = true; + support32Bit = true; + }; + }; + + environment.systemPackages = with pkgs; [ + helvum + pwvucontrol + lxqt.pavucontrol-qt + + qpwgraph + easyeffects + non + + roc-toolkit + ]; +} diff --git a/modules/software/audio_video/default.nix b/modules/software/audio_video/default.nix new file mode 100644 index 0000000..2b439c3 --- /dev/null +++ b/modules/software/audio_video/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./audio_video.nix + ./noise_cancel.nix + ]; +} diff --git a/modules/software/audio_video/noise_cancel.nix b/modules/software/audio_video/noise_cancel.nix new file mode 100644 index 0000000..4dd4386 --- /dev/null +++ b/modules/software/audio_video/noise_cancel.nix @@ -0,0 +1,38 @@ +{pkgs, ...}: { + services.pipewire.extraConfig.pipewire."99-input-denoise" = { + "context.modules" = [ + { + "name" = "libpipewire-module-filter-chain"; + "args" = { + "node.description" = "Noise Canceling source"; + "media.name" = "Noise Canceling source"; + "filter.graph" = { + "nodes" = [ + { + "type" = "ladspa"; + "name" = "rnnoise"; + "plugin" = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"; + "label" = "noise_suppressor_stereo"; + "control" = { + "VAD Threshold (%)" = 75.0; + }; + } + ]; + }; + "audio.position" = [ + "FL" + "FR" + ]; + "capture.props" = { + "node.name" = "effect_input.rnnoise"; + "node.passive" = true; + }; + "playback.props" = { + "node.name" = "effect_output.rnnoise"; + "media.class" = "Audio/Source"; + }; + }; + } + ]; + }; +} diff --git a/modules/software/browser/default.nix b/modules/software/browser/default.nix index 41597c1..9903eb0 100644 --- a/modules/software/browser/default.nix +++ b/modules/software/browser/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ ./brave.nix ./firefox.nix diff --git a/modules/software/default.nix b/modules/software/default.nix index ea3ff15..792d1b1 100644 --- a/modules/software/default.nix +++ b/modules/software/default.nix @@ -1,14 +1,16 @@ -{...}: { +{ imports = [ - ./audio_video.nix - ./flatpak.nix - ./game.nix - ./obs-studio.nix - ./shell.nix - ./software.nix - ./virt.nix ./android.nix + ./audio_video + ./flatpak.nix + ./fonts.nix + ./game.nix #./mpv.nix ./neovim.nix + ./obs-studio.nix + ./packages.nix + ./programs.nix + ./shell.nix + ./virt.nix ]; } diff --git a/modules/software/flatpak.nix b/modules/software/flatpak.nix index 16af41f..c18767a 100644 --- a/modules/software/flatpak.nix +++ b/modules/software/flatpak.nix @@ -1,4 +1,4 @@ -{...}: { +{ services.flatpak = { packages = [ { @@ -17,7 +17,6 @@ origin = "flathub"; appId = "com.github.hugolabe.Wike"; } # Wikpedia, but in nice - #{ origin = "flathub"; appId = "com.jeffser.Alpaca"; } # Local chat AI { origin = "flathub"; appId = "io.gpt4all.gpt4all"; @@ -50,6 +49,10 @@ origin = "flathub"; appId = "com.etlegacy.ETLegacy"; } # shooter + { + origin = "flathub"; + appId = "org.js.nuclear.Nuclear"; + } #"com.obsproject.Studio" #this is another way to write it ]; diff --git a/modules/software/fonts.nix b/modules/software/fonts.nix new file mode 100644 index 0000000..ed1f806 --- /dev/null +++ b/modules/software/fonts.nix @@ -0,0 +1,19 @@ +{pkgs, ...}: { + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk-sans + noto-fonts-emoji + liberation_ttf + dina-font + proggyfonts + font-awesome + + jetbrains-mono + fira-code + fira-code-symbols + #droid-sans-mono + (nerdfonts.override { + fonts = ["FiraCode" "DroidSansMono" "JetBrainsMono"]; + }) + ]; +} diff --git a/modules/software/neovim.nix b/modules/software/neovim.nix index a91b259..8e9546e 100644 --- a/modules/software/neovim.nix +++ b/modules/software/neovim.nix @@ -1,4 +1,4 @@ -{...}: { +{ programs.neovim = { enable = true; viAlias = true; diff --git a/modules/software/nix-helper/default.nix b/modules/software/nix-helper/default.nix index 22e6296..3de729c 100644 --- a/modules/software/nix-helper/default.nix +++ b/modules/software/nix-helper/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ #./doc.nix ./index.nix diff --git a/modules/software/office/default.nix b/modules/software/office/default.nix index 786c7ca..fdf9d92 100644 --- a/modules/software/office/default.nix +++ b/modules/software/office/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ ./libreoffice.nix ]; diff --git a/modules/software/software.nix b/modules/software/packages.nix similarity index 61% rename from modules/software/software.nix rename to modules/software/packages.nix index b7c8920..139d933 100644 --- a/modules/software/software.nix +++ b/modules/software/packages.nix @@ -1,9 +1,4 @@ {pkgs, ...}: { - # also opens the TCP and UDP port from 1714 to 1764 - programs.kdeconnect.enable = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ # low level stuff efibootmgr @@ -51,6 +46,7 @@ # move to homemanager? unstable.mumble amberol + mpv nuclear #zathura sioyek @@ -64,22 +60,4 @@ timer prusa-slicer ]; - - fonts.packages = with pkgs; [ - noto-fonts - noto-fonts-cjk-sans - noto-fonts-emoji - liberation_ttf - dina-font - proggyfonts - font-awesome - - jetbrains-mono - fira-code - fira-code-symbols - #droid-sans-mono - (nerdfonts.override { - fonts = ["FiraCode" "DroidSansMono" "JetBrainsMono"]; - }) - ]; } diff --git a/modules/software/programs.nix b/modules/software/programs.nix new file mode 100644 index 0000000..b312ee4 --- /dev/null +++ b/modules/software/programs.nix @@ -0,0 +1,4 @@ +{ + # also opens the TCP and UDP port from 1714 to 1764 + programs.kdeconnect.enable = true; +} diff --git a/modules/software/shells/default.nix b/modules/software/shells/default.nix index 9bc0c56..1991480 100644 --- a/modules/software/shells/default.nix +++ b/modules/software/shells/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ ./zsh.nix ./fish.nix diff --git a/modules/software/shells/zsh.nix b/modules/software/shells/zsh.nix index 62b4a41..3b0fe29 100644 --- a/modules/software/shells/zsh.nix +++ b/modules/software/shells/zsh.nix @@ -1,4 +1,4 @@ -{...}: { +{ system.userActivationScripts.zshrc = "touch .zshrc"; programs.zsh = { diff --git a/modules/users/default.nix b/modules/users/default.nix index ade0a0f..dc0b97d 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ ./ranomier.nix ]; diff --git a/modules/wm_and_de/components/dbus.nix b/modules/wm_and_de/components/dbus.nix index f8aa5f1..92c1631 100644 --- a/modules/wm_and_de/components/dbus.nix +++ b/modules/wm_and_de/components/dbus.nix @@ -1,4 +1,4 @@ -{...}: { +{ services.dbus = { implementation = "broker"; apparmor = "enabled"; diff --git a/modules/wm_and_de/default.nix b/modules/wm_and_de/default.nix index f4baad5..aa3571f 100644 --- a/modules/wm_and_de/default.nix +++ b/modules/wm_and_de/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ imports = [ ./hyprland.nix #./qtile.nix diff --git a/overlays/default.nix b/overlays/default.nix index 7bfcb4c..69e7d0e 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -15,7 +15,7 @@ # When applied, the unstable nixpkgs set (declared in the flake inputs) will # be accessible through 'pkgs.unstable' unstable-packages = final: _prev: { - unstable = import inputs.nixpkgs-unstable { + unstable = import inputs.nixos-unstable { system = final.system; config.allowUnfree = true; }; diff --git a/tests/default.nix b/tests/default.nix new file mode 100644 index 0000000..186f961 --- /dev/null +++ b/tests/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./glitchtip-container.nix + ]; +} diff --git a/tests/glitchtip-container.nix b/tests/glitchtip-container.nix new file mode 100644 index 0000000..d8b37fd --- /dev/null +++ b/tests/glitchtip-container.nix @@ -0,0 +1,73 @@ +{ + nixos-unstable, + inputs, + ... +}: { + networking.nat = { + enable = true; + internalInterfaces = ["ve-+"]; + externalInterface = "ens3"; + # Lazy IPv6 connectivity for the container + enableIPv6 = true; + }; + + containers.glitchtip = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.11"; + hostAddress6 = "fc00::1"; + localAddress6 = "fc00::2"; + path = + (nixos-unstable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + { + boot.isContainer = true; + #services.glitchtip = { + # enable = true; + # listenAddress = "0.0.0.0"; + # settings = { + # GLITCHTIP_DOMAIN = "http://localhost"; + # }; + #}; + #services = { + # logrotate.enable = lib.mkForce false; + # httpd = { + # enable = true; + # adminAddr = "admin@example.org"; + # }; + #}; + + # imports = [ + # #(modulesPath + "/profiles/perlless.nix") + # (modulesPath + "/profiles/minimal.nix") + # { + # environment.defaultPackages = [ ]; + # boot.kernel.enable = false; + # boot.isContainer = true; + # nixpkgs.overlays = [ (self: super: { }) ]; + # } + # ]; + # disabledModules = [ + # (modulesPath + "/profiles/all-hardware.nix") + # (modulesPath + "/profiles/base.nix") + # ]; + + networking = { + firewall.allowedTCPPorts = [80]; + + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = false; + }; + + services.resolved.enable = true; + + system.stateVersion = "25.05"; + } + ]; + }) + .outPath; + }; +}