From 4a19d57765a0a1afbd95fcd5e64faf19ee555617 Mon Sep 17 00:00:00 2001 From: Daniel Langbein Date: Tue, 13 Aug 2024 14:46:55 +0200 Subject: [PATCH] NixOS 24.05: unfree packages fix --- hosts/yodaGaming/configuration.nix | 1 + hosts/yodaHedgehog/configuration.nix | 1 + hosts/yodaNas/configuration.nix | 1 + hosts/yodaTab/configuration.nix | 1 + hosts/yodaTux/configuration.nix | 4 +++- hosts/yodaYoga/configuration.nix | 1 + modules/base.nix | 3 ++- modules/games.nix | 4 ++-- modules/gnome-base.nix | 4 ++-- modules/kde.nix | 4 ++-- modules/nitrokey-gpg-smartcard.nix | 4 ++-- modules/nur-and-unstable.nix | 16 ++++++++-------- modules/obsidian.nix | 8 ++++---- modules/unfree.nix | 22 ++++++++++++++++++++++ modules/veracrypt.nix | 2 +- nix/sources.json | 18 +++++++++--------- 16 files changed, 62 insertions(+), 32 deletions(-) create mode 100644 modules/unfree.nix diff --git a/hosts/yodaGaming/configuration.nix b/hosts/yodaGaming/configuration.nix index 971de76..9bb907f 100644 --- a/hosts/yodaGaming/configuration.nix +++ b/hosts/yodaGaming/configuration.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix ../../modules/home-manager.nix ../../modules/nur-and-unstable.nix + ../../modules/unfree.nix ../../modules/base.nix ../../modules/base-bios.nix ../../modules/power-management.nix diff --git a/hosts/yodaHedgehog/configuration.nix b/hosts/yodaHedgehog/configuration.nix index 94e1c71..deb2eec 100644 --- a/hosts/yodaHedgehog/configuration.nix +++ b/hosts/yodaHedgehog/configuration.nix @@ -6,6 +6,7 @@ ./host-specific.nix ../../modules/home-manager.nix ../../modules/nur-and-unstable.nix + ../../modules/unfree.nix ../../modules/base.nix ../../modules/base-efi.nix ../../modules/headless.nix diff --git a/hosts/yodaNas/configuration.nix b/hosts/yodaNas/configuration.nix index 27163f9..4a6851d 100644 --- a/hosts/yodaNas/configuration.nix +++ b/hosts/yodaNas/configuration.nix @@ -6,6 +6,7 @@ ./host-specific.nix ../../modules/home-manager.nix ../../modules/nur-and-unstable.nix + ../../modules/unfree.nix ../../modules/base.nix ../../modules/base-efi.nix ../../modules/headless.nix diff --git a/hosts/yodaTab/configuration.nix b/hosts/yodaTab/configuration.nix index 2679c55..fff850c 100644 --- a/hosts/yodaTab/configuration.nix +++ b/hosts/yodaTab/configuration.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix ../../modules/home-manager.nix ../../modules/nur-and-unstable.nix + ../../modules/unfree.nix ../../modules/base.nix ../../modules/base-efi.nix ../../modules/xdg.nix diff --git a/hosts/yodaTux/configuration.nix b/hosts/yodaTux/configuration.nix index a2d3b5c..42ebb84 100644 --- a/hosts/yodaTux/configuration.nix +++ b/hosts/yodaTux/configuration.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix ../../modules/home-manager.nix ../../modules/nur-and-unstable.nix + ../../modules/unfree.nix ../../modules/base.nix ../../modules/base-efi.nix ../../modules/xdg.nix @@ -26,7 +27,8 @@ ../../modules/gnome-base.nix ../../modules/gnome-config.nix ../../modules/gnome-extensions.nix - ../../modules/gnome-fractional-scaling.nix + # TODO currently broken + #../../modules/gnome-fractional-scaling.nix ../../modules/fwupd-gnome.nix ../../modules/gnome-wallpaper.nix diff --git a/hosts/yodaYoga/configuration.nix b/hosts/yodaYoga/configuration.nix index 9a66c03..f4dcb33 100644 --- a/hosts/yodaYoga/configuration.nix +++ b/hosts/yodaYoga/configuration.nix @@ -6,6 +6,7 @@ ./host-specific.nix ../../modules/home-manager.nix ../../modules/nur-and-unstable.nix + ../../modules/unfree.nix ../../modules/base.nix ../../modules/base-efi.nix ../../modules/headless.nix diff --git a/modules/base.nix b/modules/base.nix index 2945cef..7b2bab5 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -11,7 +11,8 @@ # Defaults to `config.hardware.enableAllFirmware`. hardware.enableRedistributableFirmware = true; - # Allow unfree packages. + # Allow **all** unfree packages. + # To whitelist individual unfree packages, see ./unfree.nix nixpkgs.config.allowUnfree = false; # Enables wireless support via wpa_supplicant. diff --git a/modules/games.nix b/modules/games.nix index 669bf19..d46604d 100644 --- a/modules/games.nix +++ b/modules/games.nix @@ -20,9 +20,9 @@ # https://unknown-horizons.org/ (A 2D realtime strategy simulation with an emphasis on economy and city building.) # https://github.com/mgerdes/Open-Golf - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + allowUnfree = [ "SpaceCadetPinball" - "osu-lazer-bin-2023.1114.1" + "osu-lazer-bin" "warsow" "assaultcube" "ut2004-demo" diff --git a/modules/gnome-base.nix b/modules/gnome-base.nix index 679b13e..c24e8ec 100644 --- a/modules/gnome-base.nix +++ b/modules/gnome-base.nix @@ -51,8 +51,8 @@ ]); # Configure keymap in X11. - services.xserver = { + services.xserver.xkb = { layout = "de"; - xkbVariant = "nodeadkeys"; + variant = "nodeadkeys"; }; } diff --git a/modules/kde.nix b/modules/kde.nix index 0c379cf..608257e 100644 --- a/modules/kde.nix +++ b/modules/kde.nix @@ -43,9 +43,9 @@ }; # Configure keymap in X11. - services.xserver = { + services.xserver.xkb = { layout = "de"; - xkbVariant = "nodeadkeys"; + variant = "nodeadkeys"; }; # Enable Bluetooth support diff --git a/modules/nitrokey-gpg-smartcard.nix b/modules/nitrokey-gpg-smartcard.nix index d0a7e72..a3385c9 100644 --- a/modules/nitrokey-gpg-smartcard.nix +++ b/modules/nitrokey-gpg-smartcard.nix @@ -83,8 +83,8 @@ enable = true; # Sets SSH_AUTH_SOCK environment variable. enableSSHSupport = true; - #pinentryFlavor = "curses"; - pinentryFlavor = "gnome3"; + #pinentryPackage = pkgs.pinentry-curses; + pinentryPackage = pkgs.pinentry-gnome3; }; }; diff --git a/modules/nur-and-unstable.nix b/modules/nur-and-unstable.nix index 0835091..a108b58 100644 --- a/modules/nur-and-unstable.nix +++ b/modules/nur-and-unstable.nix @@ -20,14 +20,14 @@ # https://github.com/NixOS/nixpkgs/issues/69347#issuecomment-534573461 config = { - allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - # Required for unstable.obsidian (see obsidan.nix) - "obsidian" - ]; - permittedInsecurePackages = [ - # Required for unstable.obsidian (see obsidan.nix) - "electron-25.9.0" - ]; +# allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ +# # Required for unstable.obsidian (see obsidan.nix) +# "obsidian" +# ]; +# permittedInsecurePackages = [ +# # Required for unstable.obsidian (see obsidan.nix) +# "electron-25.9.0" +# ]; }; }; diff --git a/modules/obsidian.nix b/modules/obsidian.nix index 1c675d5..867ce4c 100644 --- a/modules/obsidian.nix +++ b/modules/obsidian.nix @@ -6,13 +6,13 @@ # This `config` is only for "stable" `nixpkgs`, not for "unstable". # See nur-and-unstable.nix for how to configure "unstable" `nixpkgs`. -# nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ -# "obsidian" -# ]; + allowUnfree = [ + "obsidian" + ]; users.users.yoda = { packages = with pkgs; [ - unstable.obsidian # Markdown notes + obsidian # Markdown notes ]; }; diff --git a/modules/unfree.nix b/modules/unfree.nix new file mode 100644 index 0000000..5df5fa1 --- /dev/null +++ b/modules/unfree.nix @@ -0,0 +1,22 @@ +{ config, lib, ... }: + +# See also: ./nur-and-unstable.nix to allow unfree packages from "unstable". +# See also: ./base.nix for unfree firmware. + +# This file adds the ability to whitelist unfree packages in different .nix config files. +# Example: Instead of +# nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ +# "obsidian" +# ]; +# add the following +# allowUnfree = [ "obsidian" ]; + +let + inherit (builtins) elem; + inherit (lib) getName mkOption; + inherit (lib.types) listOf str; +in +{ + options.allowUnfree = mkOption { type = listOf str; default = [ ]; }; + config.nixpkgs.config.allowUnfreePredicate = p: elem (getName p) config.allowUnfree; +} diff --git a/modules/veracrypt.nix b/modules/veracrypt.nix index 4dc23d7..661cbcf 100644 --- a/modules/veracrypt.nix +++ b/modules/veracrypt.nix @@ -7,7 +7,7 @@ # Alternatively, run Veracrypt with # NIXPKGS_ALLOW_UNFREE=1 nix-shell -p veracrypt # https://nixos.wiki/wiki/Unfree_Software - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + allowUnfree = [ "veracrypt" ]; diff --git a/nix/sources.json b/nix/sources.json index b3cadb2..f1fac75 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -5,10 +5,10 @@ "homepage": "https://nur.nix-community.org/", "owner": "nix-community", "repo": "NUR", - "rev": "f9b13b99b4e7d7f462a5291969bedbcba0b5b7c9", - "sha256": "0si2qy8fzysvcb7rj6yihb1b1dwaf9crfyl22vqz3pqwwj1afgyz", + "rev": "8511e95dfec45e3c770bd2528f5eb90fc8947e75", + "sha256": "1d8rgywwi1x7nj03i18mqa7qp24djyicxl99w611wdxppy9853v9", "type": "tarball", - "url": "https://github.com/nix-community/NUR/archive/f9b13b99b4e7d7f462a5291969bedbcba0b5b7c9.tar.gz", + "url": "https://github.com/nix-community/NUR/archive/8511e95dfec45e3c770bd2528f5eb90fc8947e75.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "home-manager": { @@ -29,10 +29,10 @@ "homepage": null, "owner": "NixOS", "repo": "nixpkgs", - "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4", - "sha256": "10y8ccyv76i9zhd3s8x792g58p5iw16xy3qz4f6gqk0svwlgwr09", + "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc", + "sha256": "1s0cb03j3rwgpgnl4jy1bjmx4gh70iin8h1kn84gw0x5lgavscm1", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a046c1202e11b62cbede5385ba64908feb7bfac4.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/a781ff33ae258bbcfd4ed6e673860c3e923bf2cc.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "unstable": { @@ -41,10 +41,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6794d064edc69918bb0fc0e0eda33ece324be17a", - "sha256": "1rfl5c9dj7wlzbk9bg8b99qqqfv7d3ak2yxw459gblja4zn1qv6b", + "rev": "154bcb95ad51bc257c2ce4043a725de6ca700ef6", + "sha256": "0gv8wgjqldh9nr3lvpjas7sk0ffyahmvfrz5g4wd8l2r15wyk67f", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/6794d064edc69918bb0fc0e0eda33ece324be17a.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/154bcb95ad51bc257c2ce4043a725de6ca700ef6.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } }