Update nixpkgs for wireless fix https://github.com/nixos/nixpkgs/issues/476906

Enable scanner support
Enable flakes in kexec image and comma integration
2026-01-27 19:14:40 -08:00 · 2026-01-25 13:11:01 -08:00 · 2026-01-24 15:02:42 -08:00 · 2026-01-24 15:01:16 -08:00 · 2026-01-24 14:59:57 -08:00 · 2026-01-24 14:58:40 -08:00
13 changed files with 105 additions and 201 deletions
--- a/12
+++ b/12
@@ -36,7 +36,17 @@ update-input:
 iso:
 	nix build .#packages.x86_64-linux.iso

-# Deploy a host by name (ex: 's0')
+# Build Custom kexec image
+.PHONY: kexec-img
+kexec-img:
+	nix build .#packages.x86_64-linux.kexec
+
+# Deploy a host by name (ex: 's0') but don't activate
 .PHONY: deploy
 deploy:
 	deploy --remote-build --boot --debug-logs --skip-checks .#$(filter-out $@,$(MAKECMDGOALS))
+
+# Deploy a host by name (ex: 's0')
+.PHONY: deploy-activate
+deploy-activate:
+	deploy --remote-build --debug-logs --skip-checks .#$(filter-out $@,$(MAKECMDGOALS))
--- a/common/pc/default.nix
+++ b/common/pc/default.nix
@@ -61,14 +61,22 @@ in

    # Networking
    networking.networkmanager.enable = true;
-    users.users.googlebot.extraGroups = [ "networkmanager" ];

    # Printing
    services.printing.enable = true;
    services.printing.drivers = with pkgs; [
      gutenprint
    ];
-    # Printer discovery
+
+    # Scanning
+    hardware.sane.enable = true;
+    hardware.sane.extraBackends = with pkgs; [
+      # Enable support for "driverless" scanners
+      # Check for support here: https://mfi.apple.com/account/airprint-search
+      sane-airscan
+    ];
+
+    # Printer/Scanner discovery
    services.avahi.enable = true;
    services.avahi.nssmdns4 = true;

@@ -94,5 +102,13 @@ in
    # SSH Ask pass
    programs.ssh.enableAskPassword = true;
    programs.ssh.askPassword = "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass";
+
+    users.users.googlebot.extraGroups = [
+      # Networking
+      "networkmanager"
+      # Scanning
+      "scanner"
+      "lp"
+    ];
  };
 }
--- a/common/pc/kde.nix
+++ b/common/pc/kde.nix
@@ -16,6 +16,7 @@ in
      # plasma5Packages.kmail-account-wizard
      kdePackages.kate
      kdePackages.kdeconnect-kde
+      kdePackages.skanpage
    ];
  };
 }
--- a/common/server/nextcloud.nix
+++ b/common/server/nextcloud.nix
@@ -110,10 +110,10 @@ in
          config.services.nextcloud.occ
        ];
        script = ''
-          nextcloud-occ -- config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
-          nextcloud-occ -- config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
-          nextcloud-occ -- config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
-          nextcloud-occ -- richdocuments:setup
+          nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
+          nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
+          nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
+          nextcloud-occ richdocuments:setup
        '';
        serviceConfig = {
          Type = "oneshot";
@@ -134,8 +134,8 @@ in
        config.services.nextcloud.occ
      ];
      script = ''
-        nextcloud-occ -- config:app:set whiteboard collabBackendUrl --value="https://${whiteboardHostname}"
-        nextcloud-occ -- config:app:set whiteboard jwt_secret_key --value="$JWT_SECRET_KEY"
+        nextcloud-occ config:app:set whiteboard collabBackendUrl --value="https://${whiteboardHostname}"
+        nextcloud-occ config:app:set whiteboard jwt_secret_key --value="$JWT_SECRET_KEY"
      '';
      serviceConfig = {
        Type = "oneshot";
--- a/common/shell.nix
+++ b/common/shell.nix
@@ -6,14 +6,11 @@
 # - add some handy shell commands

 {
-  environment.systemPackages = with pkgs; [
-    comma
-  ];
-
  # nix-index
  programs.nix-index.enable = true;
  programs.nix-index.enableFishIntegration = true;
  programs.command-not-found.enable = false;
+  programs.nix-index-database.comma.enable = true;

  programs.fish = {
    enable = true;
@@ -35,21 +32,4 @@

    llsblk = "lsblk -o +uuid,fsType";
  };
-
-  nixpkgs.overlays = [
-    (final: prev: {
-      # comma uses the "nix-index" package built into nixpkgs by default.
-      # That package doesn't use the prebuilt nix-index database so it needs to be changed.
-      comma = prev.comma.overrideAttrs (old: {
-        nativeBuildInputs = old.nativeBuildInputs ++ [
-          prev.makeWrapper
-        ];
-        postInstall = ''
-          wrapProgram $out/bin/comma \
-            --prefix PATH : ${lib.makeBinPath [ prev.fzy config.programs.nix-index.package ]}
-          ln -s $out/bin/comma $out/bin/,
-        '';
-      });
-    })
-  ];
 }
--- a/flake.lock
+++ b/flake.lock
@@ -239,6 +239,42 @@
        "type": "github"
      }
    },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1736643958,
+        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1764234087,
+        "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1767185284,
@@ -257,11 +293,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1768105724,
-        "narHash": "sha256-0edMCoDc1VpuqDjy0oz8cDa4kjRuhXE3040sac2iZW4=",
+        "lastModified": 1768250893,
+        "narHash": "sha256-fWNJYFx0QvnlGlcw54EoOYs/wv2icINHUz0FVdh9RIo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4c41b0361812441bf3b4427195e57ab271d5167f",
+        "rev": "3971af1a8fc3646b1d554cb1269b26c84539c22e",
        "type": "github"
      },
      "original": {
@@ -280,6 +316,7 @@
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
        "nix-index-database": "nix-index-database",
+        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
        "simple-nixos-mailserver": "simple-nixos-mailserver",
--- a/flake.nix
+++ b/flake.nix
@@ -3,6 +3,11 @@
    # nixpkgs
    nixpkgs.url = "github:NixOS/nixpkgs/master";

+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
    # Common Utils Among flake inputs
    systems.url = "github:nix-systems/default";
    flake-utils = {
@@ -84,7 +89,7 @@
            simple-nixos-mailserver.nixosModule
            agenix.nixosModules.default
            dailybuild_modules.nixosModule
-            nix-index-database.nixosModules.nix-index
+            nix-index-database.nixosModules.default
            home-manager.nixosModules.home-manager
            self.nixosModules.kernel-modules
            ({ lib, ... }: {
@@ -140,23 +145,22 @@
          machineHosts;

      packages =
+        with inputs;
        let
-          mkKexec = system:
-            (nixpkgs.lib.nixosSystem {
-              inherit system;
-              modules = [ ./machines/ephemeral/kexec.nix ];
-            }).config.system.build.kexec_tarball;
-          mkIso = system:
-            (nixpkgs.lib.nixosSystem {
-              inherit system;
-              modules = [ ./machines/ephemeral/iso.nix ];
-            }).config.system.build.isoImage;
+          mkEphemeral = system: format: nixos-generators.nixosGenerate {
+            inherit system;
+            inherit format;
+            modules = [
+              ./machines/ephemeral/minimal.nix
+              nix-index-database.nixosModules.default
+            ];
+          };
        in
        {
-          "x86_64-linux"."kexec" = mkKexec "x86_64-linux";
-          "x86_64-linux"."iso" = mkIso "x86_64-linux";
-          "aarch64-linux"."kexec" = mkKexec "aarch64-linux";
-          "aarch64-linux"."iso" = mkIso "aarch64-linux";
+          "x86_64-linux".kexec = mkEphemeral "x86_64-linux" "kexec-bundle";
+          "x86_64-linux".iso = mkEphemeral "x86_64-linux" "iso";
+          "aarch64-linux".kexec = mkEphemeral "aarch64-linux" "kexec-bundle";
+          "aarch64-linux".iso = mkEphemeral "aarch64-linux" "iso";
        };

      overlays.default = import ./overlays { inherit inputs; };
--- a/machines/ephemeral/iso.nix
+++ b/machines/ephemeral/iso.nix
@@ -1,12 +0,0 @@
-{ modulesPath, ... }:
-
-{
-  imports = [
-    (modulesPath + "/installer/cd-dvd/iso-image.nix")
-    ./minimal.nix
-  ];
-
-  isoImage.makeUsbBootable = true;
-
-  networking.hostName = "iso";
-}
--- a/machines/ephemeral/kexec.nix
+++ b/machines/ephemeral/kexec.nix
@@ -1,48 +0,0 @@
-# From https://mdleom.com/blog/2021/03/09/nixos-oracle/#Build-a-kexec-tarball
-# Builds a kexec img
-
-{ config, pkgs, modulesPath, ... }:
-{
-  imports = [
-    (modulesPath + "/installer/netboot/netboot.nix")
-    (modulesPath + "/profiles/qemu-guest.nix")
-    ./minimal.nix
-  ];
-
-  networking.hostName = "kexec";
-
-  # stripped down version of https://github.com/cleverca22/nix-tests/tree/master/kexec
-  system.build = rec {
-    image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } ''
-      mkdir $out
-      if [ -f ${config.system.build.kernel}/bzImage ]; then
-        cp ${config.system.build.kernel}/bzImage $out/kernel
-      else
-        cp ${config.system.build.kernel}/Image $out/kernel
-      fi
-      cp ${config.system.build.netbootRamdisk}/initrd $out/initrd
-      nuke-refs $out/kernel
-    '';
-    kexec_script = pkgs.writeTextFile {
-      executable = true;
-      name = "kexec-nixos";
-      text = ''
-        #!${pkgs.stdenv.shell}
-        set -e
-        ${pkgs.kexec-tools}/bin/kexec -l ${image}/kernel --initrd=${image}/initrd --append="init=${builtins.unsafeDiscardStringContext config.system.build.toplevel}/init ${toString config.boot.kernelParams}"
-        sync
-        echo "executing kernel, filesystems will be improperly umounted"
-        ${pkgs.kexec-tools}/bin/kexec -e
-      '';
-    };
-    kexec_tarball = pkgs.callPackage (modulesPath + "/../lib/make-system-tarball.nix") {
-      storeContents = [
-        {
-          object = config.system.build.kexec_script;
-          symlink = "/kexec_nixos";
-        }
-      ];
-      contents = [ ];
-    };
-  };
-}
--- a/machines/ephemeral/minimal.nix
+++ b/machines/ephemeral/minimal.nix
@@ -5,6 +5,8 @@
    (modulesPath + "/installer/cd-dvd/channel.nix")
    ../../common/machine-info
    ../../common/ssh.nix
+    ../../common/flakes.nix
+    ../../common/shell.nix
  ];

  boot.initrd.availableKernelModules = [
@@ -22,9 +24,7 @@
  boot.kernelParams = [
    "console=ttyS0,115200" # enable serial console
  ];
-  boot.kernel.sysctl."vm.overcommit_memory" = "1";
-
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  # boot.kernelPackages = pkgs.linuxPackages_latest;

  system.stateVersion = "21.11";

@@ -38,6 +38,7 @@
    git-lfs
    wget
    htop
+    btop
    dnsutils
    pciutils
    usbutils
@@ -46,7 +47,7 @@

  environment.variables.GC_INITIAL_HEAP_SIZE = "1M";

-  networking.useDHCP = true;
+  # networking.useDHCP = true;

  services.openssh = {
    enable = true;
@@ -56,6 +57,7 @@
    };
  };

-  services.getty.autologinUser = "root";
+  nix.flakes.enable = true;
+
  users.users.root.openssh.authorizedKeys.keys = config.machines.ssh.userKeys;
 }
--- a/machines/ephemeral/sdimg.nix
+++ b/machines/ephemeral/sdimg.nix
@@ -1,57 +0,0 @@
-{ config, modulesPath, pkgs, lib, ... }:
-
-let
-  pinecube-uboot = pkgs.buildUBoot {
-    defconfig = "pinecube_defconfig";
-    extraMeta.platforms = [ "armv7l-linux" ];
-    filesToInstall = [ "u-boot-sunxi-with-spl.bin" ];
-  };
-in
-{
-  imports = [
-    (modulesPath + "/installer/sd-card/sd-image.nix")
-    ./minimal.nix
-  ];
-
-  sdImage.populateFirmwareCommands = "";
-  sdImage.populateRootCommands = ''
-    mkdir -p ./files/boot
-    ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
-  '';
-  sdImage.postBuildCommands = ''
-    dd if=${pinecube-uboot}/u-boot-sunxi-with-spl.bin of=$img bs=1024 seek=8 conv=notrunc
-  '';
-
-  ###
-
-  networking.hostName = "pinecube";
-
-  boot.loader.grub.enable = false;
-  boot.loader.generic-extlinux-compatible.enable = true;
-  boot.consoleLogLevel = 7;
-
-  # cma is 64M by default which is waay too much and we can't even unpack initrd
-  boot.kernelParams = [ "console=ttyS0,115200n8" "cma=32M" ];
-
-  boot.kernelModules = [ "spi-nor" ]; # Not sure why this doesn't autoload. Provides SPI NOR at /dev/mtd0
-  boot.extraModulePackages = [ config.boot.kernelPackages.rtl8189es ];
-
-  zramSwap.enable = true; # 128MB is not much to work with
-
-  sound.enable = true;
-
-  environment.systemPackages = with pkgs; [
-    ffmpeg
-    (v4l_utils.override { withGUI = false; })
-    usbutils
-  ];
-
-  services.getty.autologinUser = lib.mkForce "googlebot";
-  users.users.googlebot = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" "networkmanager" "video" ];
-    openssh.authorizedKeys.keys = config.machines.ssh.userKeys;
-  };
-
-  networking.wireless.enable = true;
-}
--- a/machines/storage/s0/hardware-configuration.nix
+++ b/machines/storage/s0/hardware-configuration.nix
@@ -65,40 +65,11 @@
    # useNetworkd = true;
    dhcpcd.enable = true;
    interfaces."eth0".useDHCP = true;
-    interfaces."eth1".useDHCP = false;
-    interfaces."main@eth1".useDHCP = true;
-    interfaces."iot@eth1".useDHCP = true;
-    interfaces."management@eth1".useDHCP = true;
-
-    vlans = {
-      main = {
-        id = 5;
-        interface = "eth1";
-      };
-      iot = {
-        id = 2;
-        interface = "eth1";
-      };
-      management = {
-        id = 4;
-        interface = "eth1";
-      };
-    };
-
-    # interfaces.eth1.ipv4.addresses = [{
-    #   address = "192.168.1.2";
-    #   prefixLength = 21;
-    # }];
-    # interfaces.iot.ipv4.addresses = [{
-    #   address = "192.168.9.8";
-    #   prefixLength = 22;
-    # }];
+    interfaces."eth1".useDHCP = true;

    defaultGateway = {
-      # interface = "eth1";
      address = "192.168.1.1";
    };
-    # nameservers = [ "1.1.1.1" "8.8.8.8" ];
  };

  powerManagement.cpuFreqGovernor = "powersave";
--- a/secrets/digitalocean-dns-credentials.age
+++ b/secrets/digitalocean-dns-credentials.age
Author	SHA1	Message	Date
Zuckerberg	eb416ae409	Update nixpkgs for wireless fix https://github.com/nixos/nixpkgs/issues/476906 All checks were successful Check Flake / check-flake (push) Successful in 3m43s Details	2026-01-27 19:14:40 -08:00
Zuckerberg	ae2a62515a	Enable scanner support All checks were successful Check Flake / check-flake (push) Successful in 5m46s Details	2026-01-25 13:11:01 -08:00
Zuckerberg	2810ba1412	Enable flakes in kexec image and comma integration All checks were successful Check Flake / check-flake (push) Successful in 20m21s Details	2026-01-24 15:02:42 -08:00
Zuckerberg	e42e30d3cc	Fix nix-index autogenerated db comma integration	2026-01-24 15:01:16 -08:00
Zuckerberg	83b5d3b8c2	Update nextcloud occ command syntax	2026-01-24 14:59:57 -08:00
Zuckerberg	0b604fd99c	Add activate deploy command	2026-01-24 14:58:40 -08:00
Zuckerberg	51fbae98c5	Update digitalocean key All checks were successful Check Flake / check-flake (push) Successful in 5m51s Details	2026-01-14 19:32:21 -08:00
Zuckerberg	d8eff26864	VLAN workaround for now	2026-01-14 18:56:24 -08:00
Zuckerberg	5f7335c2a0	Simplify kexec and iso image generation	2026-01-14 18:54:55 -08:00