upgrade

flake.nix

@@ -121,7 +121,7 @@
               inputs.sops-nix.nixosModules.sops
               inputs.lix-module.nixosModules.default
             ];
-            specialArgs = { inherit self inputs self-nixpkgs; secrets = ./secrets; };
+            specialArgs = { inherit self inputs self-nixpkgs; secretsDir = ./secrets; };
           };
 
         patchesPath = map (x: ./patches + "/${x}");
@@ -172,7 +172,7 @@
 
           shared-patches = patchesPath [ ];
           unstable-patches = shared-patches ++ patchesPath [
-            "netbird-24.11.patch"
+            # "netbird-24.11.patch"
             "onlyoffice.patch"
             # "zen-kernels.patch"
           ];

machines/AMD-Workstation/default.nix

@@ -171,21 +171,21 @@
     home.stateVersion = "24.05";
   };
 
-  services.netbird.clients.priv = {
+  # services.netbird.clients.priv = {
-    interface = "wt0";
+  #   interface = "wt0";
-    port = 58467;
+  #   port = 58467;
-    hardened = false;
+  #   hardened = false;
-    ui.enable = true;
+  #   ui.enable = true;
-    autoStart = false;
+  #   autoStart = false;
-    config = {
+  #   config = {
-      AdminURL.Host = "net.ataraxiadev.com:443";
+  #     AdminURL.Host = "net.ataraxiadev.com:443";
-      AdminURL.Scheme = "https";
+  #     AdminURL.Scheme = "https";
-      ManagementURL.Host = "net.ataraxiadev.com:443";
+  #     ManagementURL.Host = "net.ataraxiadev.com:443";
-      ManagementURL.Scheme = "https";
+  #     ManagementURL.Scheme = "https";
-      RosenpassEnabled = true;
+  #     RosenpassEnabled = true;
-      RosenpassPermissive = true;
+  #     RosenpassPermissive = true;
-    };
+  #   };
-  };
+  # };
 
   persist.state = {
     directories = [ "/var/lib/netbird-priv" ];

machines/Dell-Laptop/boot.nix

@@ -11,11 +11,9 @@ in {
       supportedFilesystems = [ "zfs" ];
       luks.devices = {
         "cryptroot" = {
-          preLVM = true;
           keyFile = "/keyfile0.bin";
           allowDiscards = true;
           bypassWorkqueues = true;
-          fallbackToPassword = true;
         };
       };
       secrets = {
@@ -54,8 +52,19 @@ in {
 
   fileSystems."/home".neededForBoot = true;
   fileSystems."/persist".neededForBoot = true;
-  boot.initrd.postDeviceCommands = lib.mkAfter ''
+
-    zfs rollback -r rpool/nixos/root@empty
+  boot.initrd.systemd.enable = true;
-    zfs rollback -r rpool/user/home@empty
+  boot.initrd.systemd.services.rollback = {
-  '';
+    description = "Rollback zfs to a pristine state on boot";
+    wantedBy = [ "initrd.target" ];
+    after = [ "zfs-import-rpool.service" ];
+    before = [ "sysroot.mount" ];
+    path = [ config.boot.zfs.package ];
+    unitConfig.DefaultDependencies = "no";
+    serviceConfig.Type = "oneshot";
+    script = ''
+      zfs rollback -r rpool/nixos/root@empty && echo "  >>> rollback root <<<"
+      zfs rollback -r rpool/user/home@empty && echo "  >>> rollback home <<<"
+    '';
+  };
 }

machines/NixOS-VPS/services/tailscale.nix

@@ -3,16 +3,14 @@ let
   bridgeName = (import ../hardware/networks.nix).interfaces.main'.bridgeName;
   tailscalePort = config.services.tailscale.port;
   tailscaleIfname = config.services.tailscale.interfaceName;
-  netbirdPort = config.services.netbird.clients.priv.port;
-  netbirdIfname = config.services.netbird.clients.priv.interface;
   ssPort1 = 2234;
   ssPort2 = 2235;
 in {
   imports = [ inputs.ataraxiasjel-nur.nixosModules.rinetd ];
 
-  networking.firewall.trustedInterfaces = [ tailscaleIfname netbirdIfname ];
+  networking.firewall.trustedInterfaces = [ tailscaleIfname ];
   networking.firewall.interfaces.${bridgeName} = {
-    allowedUDPPorts = [ tailscalePort netbirdPort ];
+    allowedUDPPorts = [ tailscalePort ];
     allowedTCPPorts = [ ssPort1 ssPort2 ];
   };
 
@@ -28,24 +26,7 @@ in {
     useRoutingFeatures = "both";
   };
 
-  services.netbird.clients.priv = {
+  persist.state.directories = [ "/var/lib/tailscale" ];
-    interface = "wt0";
-    port = 52674;
-    hardened = false;
-    ui.enable = false;
-    config = {
-      AdminURL.Host = "net.ataraxiadev.com:443";
-      AdminURL.Scheme = "https";
-      ManagementURL.Host = "net.ataraxiadev.com:443";
-      ManagementURL.Scheme = "https";
-      DisableAutoConnect = false;
-      RosenpassEnabled = true;
-      RosenpassPermissive = true;
-    };
-  };
-  users.users.${config.mainuser}.extraGroups = [ "netbird-priv" ];
-
-  persist.state.directories = [ "/var/lib/tailscale" "/var/lib/netbird-priv" ];
 
   services.rinetd = {
     enable = true;

profiles/nix/default.nix

@@ -19,7 +19,7 @@
       flake-registry = ${inputs.flake-registry}/flake-registry.json
     '';
     settings = {
-      auto-optimise-store = false;
+      auto-optimise-store = true;
       require-sigs = true;
       substituters = [
         "https://cache.nixos.org"

profiles/overlay.nix

@@ -24,7 +24,6 @@ with lib; {
         nix-alien = inputs.nix-alien.packages.${system}.nix-alien;
         nix-fast-build = inputs.nix-fast-build.packages.${system}.default;
         nix-index-update = inputs.nix-alien.packages.${system}.nix-index-update;
-        open-webui = master.open-webui;
         prismlauncher = inputs.prismlauncher.packages.${system}.prismlauncher.override {
           jdks = [ pkgs.temurin-bin ];
         };

profiles/workspace/misc.nix

@@ -13,7 +13,7 @@ with config.deviceSpecific; {
 
   services.journald.extraConfig = "Compress=false";
   services.gvfs.enable = !isServer;
-  services.upower.enable = isLaptop;
+  services.upower.enable = lib.mkDefault isLaptop;
   xdg.portal.enable = true;
   xdg.portal.config.common.default = "*";
   # xdg.portal.xdgOpenUsePortal = true;