feat: add host 'nixos-unstable' as a testing VM

flake.lock

@@ -1,24 +1,93 @@
 {
   "nodes": {
-    "nixpkgs": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
       "locked": {
-        "lastModified": 1731755305,
-        "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
+        "lastModified": 1749154018,
+        "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-25.05",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1750431636,
+        "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=",
         "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
+        "repo": "nixos-hardware",
+        "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1749024892,
+        "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1751271578,
+        "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1750259320,
+        "narHash": "sha256-H8J4H2XCIMEJ5g6fZ179QfQvsc2dUqhqfBjC8RAHNRY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9ba04bda9249d5d5e5238303c9755de5a49a79c5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "root": {
       "inputs": {
-        "nixpkgs": "nixpkgs"
+        "home-manager": "home-manager",
+        "nixos-hardware": "nixos-hardware",
+        "nixpkgs": "nixpkgs_2",
+        "nixpkgs-unstable": "nixpkgs-unstable"
       }
     }
   },

flake.nix

@@ -1,9 +1,12 @@
 {
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    home-manager.url = "github:nix-community/home-manager/release-25.05";
+    nixos-hardware.url = "github:NixOS/nixos-hardware";
   };
 
-  outputs = inputs @ { self, nixpkgs }: {
+  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, ... }: {
     nixosConfigurations.affogato = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       modules = [
@@ -11,5 +14,10 @@
       ];
       specialArgs = { inherit inputs; };
     };
+    nixosConfigurations.nixos-unstable = nixpkgs-unstable.lib.nixosSystem {
+      modules = [
+        ./hosts/nixos-unstable
+      ];
+    };
   };
 }

hosts/affogato/default.nix

@@ -1,24 +1,29 @@
-{ pkgs, ... }: {
+{ inputs, pkgs, ... }: {
   imports = [
+    inputs.nixos-hardware.nixosModules.chuwi-minibook-x
     ./hardware-configuration.nix
     ./n100.nix
     ../../profiles/base
     ../../profiles/graphical
     ../../profiles/kde
+    ../../profiles/home-manager
     ../../users/transcaffeine
     ../../users/leona
   ];
 
+  # add nixpkgs overlay
+  nixpkgs.overlays = [
+    (import ../../pkgs)
+  ];
+
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-  #boot.kernelPackages = pkgs.linuxPackages_6_6;
+  boot.kernelPackages = pkgs.linuxPackages_6_13;
   boot.kernelParams = [
-    "fbcon=rotate:1"
    # disable panel self refresh for i915
-   # "i915.enable_psr=0"
+   #"i915.enable_psr=0"
    # set max cstate to 2 (suspend?)
    # "intel_idle.max_cstate=2"
     "nvme.noacpi=1"
@@ -30,21 +35,30 @@
     "78.94.116.221" = [
       "git.finally.coffee"
       "chat.finallycoffee.eu"
+      "matrix.finallycoffee.eu"
       "cloud.finallycoffee.eu"
     ];
   };
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 8883 ];
+    allowedUDPPorts = [ 2021 ];
+  };
 
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
   # Network
   networking.networkmanager.enable = true;
+  networking.networkmanager.unmanaged = [ "p2p-dev-wlp0s20f3" ];
   systemd.services.ModemManager.enable = true;
+  systemd.services.NetworkManager-wait-online.enable = false;
   services.printing.enable = true;
 
   services.avahi.enable = true;
   services.tailscale.enable = true;
   services.blueman.enable = true;
+  services.power-profiles-daemon.enable = true;
 
   # TODO: delete this later
   system.stateVersion = "23.05"; # Did you read the comment?

hosts/affogato/hardware-configuration.nix

@@ -36,7 +36,6 @@
   networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.enp0s20f0u1u3.useDHCP = lib.mkDefault true;
 
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 
   hardware.bluetooth.enable = true;

hosts/nixos-unstable/configuration.nix

@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Use latest kernel.
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  networking.hostName = "nixos-unstable"; # Define your hostname.
+
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  #   useXkbConfig = true; # use xkb.options in tty.
+  # };
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.mutableUsers = false;
+  users.users.root.hashedPassword = "$y$j9T$i4Yx7PqpLH9bPaNb4SVLm/$dv2gVHCHiRZv.Y00rbNx4QeIExunnfHp57WEnh8qLF1";
+  users.users.alice = {
+    isNormalUser = true;
+    hashedPassword = "";
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    packages = with pkgs; [
+      tree
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}

hosts/nixos-unstable/default.nix

@@ -0,0 +1,7 @@
+{ inputs, pkgs, ...}: {
+  imports = [
+    ./hardware-configuration.nix
+    ./configuration.nix
+    ../../profiles/base
+  ];
+}

hosts/nixos-unstable/hardware-configuration.nix

@@ -0,0 +1,35 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.initrd.systemd.enable = true;
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d696e6e0-64f1-4cb5-9ac6-57a3fd4634cc";
+      fsType = "btrfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/FA31-9186";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

pkgs/default.nix

@@ -0,0 +1,5 @@
+final: prev: {
+  cpupower = prev.cpupower.overrideAttrs (oldAttrs: {
+    nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ prev.which ];
+  });
+}

profiles/base/default.nix

@@ -1,7 +1,7 @@
 { inputs, pkgs, ...}: {
   nixpkgs.config.allowUnfree = true;
+  nixpkgs.flake.setFlakeRegistry = true;
   nix.settings.trusted-users = [ "root" "@wheel" ];
-  nix.registry.nixpkgs.flake = inputs.nixpkgs;
   nix.extraOptions = ''
     experimental-features = nix-command flakes
   '';
@@ -20,10 +20,12 @@
     };
   };
   environment.shellAliases = {
-    "nixos-switch" = "nixos-rebuild switch --flake .#";
-    "nom-affogato" = "nom build .#nixosConfigurations.affogato.config.system.build.toplevel";
+    "lah" = "ls --color=auto -lah";
+  };
+  environment.variables = {
+    EDITOR = "vim";
+    VISUAL = "vim";
   };
-
   environment.systemPackages = with pkgs; [
     python3
     vim
@@ -35,9 +37,9 @@
     bind.dnsutils
     openssl
     curl
+    wget
     htop
-    pinentry
-    gnupg
-    sequoia
+    usbutils
+    pciutils
   ];
 }

profiles/graphical/default.nix

@@ -6,10 +6,13 @@
     pulse.enable = true;
   };
 
+  services.usbmuxd.enable = true;
+
   environment.systemPackages = with pkgs; [
     firefox
     thunderbird
     vlc
+    orca-slicer
     usbutils
     pciutils
     pinentry-qt
@@ -18,8 +21,9 @@
     usb-modeswitch-data
     modemmanager
     xdg-desktop-portal
-    xdg-desktop-portal-kde
+    kdePackages.xdg-desktop-portal-kde
     grim
     wireguard-tools
+    libimobiledevice
   ];
 }

profiles/home-manager/default.nix

@@ -0,0 +1,5 @@
+{ inputs, config, pkgs, ... }: {
+  imports = [ inputs.home-manager.nixosModules.home-manager ];
+  home-manager.useGlobalPkgs = true;
+  home-manager.useUserPackages = true;
+}

profiles/kde/default.nix

@@ -2,10 +2,10 @@
   # Plasma
   services.xserver.enable = true;
   services.displayManager.sddm.enable = true;
-  services.xserver.desktopManager.plasma5.enable = true;
+  services.desktopManager.plasma6.enable = true;
 
   environment.systemPackages = with pkgs; [
     xdg-desktop-portal
-    xdg-desktop-portal-kde
+    kdePackages.xdg-desktop-portal-kde
   ];
 }

users/transcaffeine/default.nix

@@ -1,4 +1,8 @@
 { pkgs, ... }: {
+  environment.shellAliases = {
+    "nixos-switch" = "sudo nixos-rebuild switch --impure --flake .#";
+    "nom-affogato" = "nom build .#nixosConfigurations.affogato.config.system.build.toplevel --impure";
+  };
   users.users.transcaffeine = {
     isNormalUser = true;
     extraGroups = [ "wheel" ];
@@ -6,6 +10,9 @@
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnjrKWYc0bcIsTkdpyC+yAsxSeY9M1WxVDNm3I/R3BYqyvfFuzJMQyh5APhM52yKGMN9UOuJPNPz0C4P6EY3iC3ZqUHFJ6ILrZZxdLZBVxdy2F19Xv6XcZkZxLpRKWapVFECF5z/Bi0rg1uzNRyrHjfZWcHfHIvlqxUYiitvvTbbSMQKqEV8wlnshSzBoYzaKtV1+crwlgz6wCnXq8HIupEeWfUc9kc+zunpYnuHnU5Z3HhzQGBuIiPoVritDjOo7qYREftV4qQ15xFWdezsMZlR15edwZeyNdAEx044QgaGddC8uEMoi5cp4APIqH1cEkIvSU6Y+esdgZ4CHU6M5G5ub5PTT2TaKoUMLLFtpW6QImjVApixFTHWR7tUhqInplWWLqvviS4MoI1ppxgcDUg/bgPdeDBsoRkbESr2uT8ResNi9DlPlN2rlUjlb28awzHm7agFhwfPQZ1afnFSUh0tTFz1WeR7xIGhxR1xXc8sapJhgLnYYWpR2NaJzbYYdk7CWW/3rgEsJem7Kvll6HevnFgRP/uVhEyGZl9hw+tECzvwB/LEmQ/4raDMxqOB9XO9kusJX/jTnQIObrFubfKn3ToXlYbQxZX9+QobANvQ8huILz1bBeH8aKjf9RXu+j4VNyoCKhzU/v0MIdRCsgVWgjuYXMGRo0MFMFyMqQiw== transcaffeine-openpgp:0x353A3E5B"
     ];
     packages = with pkgs; [
+      pinentry
+      gnupg
+      sequoia
       pass
       spotify
       gimp-with-plugins
@@ -20,6 +27,8 @@
       wget
       nix-output-monitor
       nix-diff
+      jetbrains.idea-community
     ];
   };
+  home-manager.users.transcaffeine = import ./home-manager/default.nix;
 }

users/transcaffeine/home-manager/default.nix

@@ -0,0 +1,19 @@
+{ lib, pkgs, ... }: {
+  imports = [
+    ./git.nix
+    ./gnupg.nix
+  ];
+  home.stateVersion = "24.11";
+  services.darkman = {
+    enable = true;
+    settings = {
+      lat = 49.0800;
+      lng = 8.23300;
+      portal = true;
+      dbusserver = true;
+    };
+  };
+
+  home.preferXdgDirectories = true;
+  programs.firefox = import ./firefox.nix { inherit lib; };
+}

users/transcaffeine/home-manager/firefox.nix

@@ -0,0 +1,32 @@
+{ lib, ... }:
+
+{
+  profiles.default = {
+    id = 42;
+    isDefault = true;
+    name = "default";
+    containers = {
+      personal = {
+        id = 1;
+        color = "blue";
+        icon = "fingerprint";
+        name = "transcaffeine.me";
+      };
+      finallycoffee = {
+        id = 2;
+        color = "purple";
+        icon = "fingerprint";
+        name = "finally.coffee";
+      };
+    };
+    extensions = [
+      "uBlock0@raymondhill.net"
+      "uMatrix@raymondhill.net"
+      "{c607c8df-14a7-4f28-894f-29e8722976af}"
+      "default-theme@mozilla.org"
+      "addon@darkreader.org"
+      "@testpilot-containers"
+      "protoots@trans.rights"
+    ];
+  };
+}

users/transcaffeine/home-manager/git.nix

@@ -0,0 +1,31 @@
+{ lib, ... }: {
+  programs.git = let
+    gitconfig = builtins.fromTOML (
+      lib.readFile
+        ((builtins.fetchGit {
+          url = "https://git.finally.coffee/transcaffeine/dotfiles.git";
+          ref = "main";
+          rev = "3811febee134e62d3539c472005f04710d913611";
+          shallow = false;
+        }).outPath + "/config/git/gitconfig")
+    );
+    key = gitconfig.user.signingKey;
+    aliases = gitconfig.alias;
+  in {
+    enable = true;
+    userName = gitconfig.user.name;
+    userEmail = gitconfig.user.email;
+    signing = {
+      signByDefault = true;
+      inherit key;
+    };
+    inherit aliases;
+    extraConfig = {
+      format = gitconfig.format;
+      commit = gitconfig.commit;
+      tag = gitconfig.tag;
+      pull = gitconfig.pull;
+      rebase = gitconfig.rebase;
+    };
+  };
+}

users/transcaffeine/home-manager/gnupg.nix

@@ -0,0 +1,59 @@
+{ lib, config, ... }:
+
+let
+  repo = (builtins.fetchGit {
+        url = "https://git.finally.coffee/transcaffeine/dotfiles.git";
+        ref = "main";
+        shallow = true;
+  });
+  utils = import ../../../utils { inherit lib; };
+in {
+  programs.gpg = let
+    gpgconf = builtins.listToAttrs (
+      map (entry: {
+          name = toString (lib.sublist 0 1 (lib.splitString " " entry));
+          value = toString (lib.sublist 1 100 (lib.splitString " " entry));
+      }) (
+        builtins.filter (value: value != "") (
+          lib.splitString "\n" (
+            lib.readFile (repo.outPath + "/config/gnupg/gpg.conf")
+          )
+        )
+      )
+    );
+  in {
+    enable = true;
+    settings = gpgconf;
+  };
+  services.gpg-agent = let
+    gpg_agent_config = builtins.listToAttrs (
+      map (entry: let
+        val = toString (lib.sublist 1 100 (lib.splitString " " entry));
+        emptyStringToTrue = (x: if lib.isBool x then x else if x == "" then true else x);
+      in {
+        name = toString (lib.sublist 0 1 (lib.splitString " " entry));
+        value = emptyStringToTrue val;
+      }) (
+        builtins.filter (v: v != "") (
+          lib.splitString "\n" (
+            lib.readFile (repo.outPath + "/config/gnupg/gpg-agent.conf")
+          )
+        )
+      )
+    );
+  in {
+    enable = true;
+    enableSshSupport = gpg_agent_config."enable-ssh-support";
+    defaultCacheTtl = gpg_agent_config."default-cache-ttl" or 300;
+    maxCacheTtl = gpg_agent_config."max-cache-ttl" or 900;
+    defaultCacheTtlSsh = gpg_agent_config."default-cache-ttl-ssh" or 300;
+    maxCacheTtlSsh = gpg_agent_config."max-cache-ttl-ssh" or 900;
+    extraConfig = utils.attrsToConfig {
+      "ignore-cache-for-signing" = gpg_agent_config."ignore-cache-for-signing";
+      "no-allow-external-cache" = gpg_agent_config."no-allow-external-cache";
+    };
+  };
+
+  home.file."${config.programs.gpg.homedir}/gpg.conf".enable = false;
+  home.file."${config.programs.gpg.homedir}/gpg-agent.conf".enable = false;
+}

utils/default.nix

@@ -0,0 +1,14 @@
+{ lib, ...}:
+
+rec {
+  _tupleToEntry = x: x.name + (if lib.isBool x.value then "" else (" " + x.value));
+  attrsToConfig = attrs: (
+    lib.concatStringsSep "\n" (
+      map (_tupleToEntry) (
+        builtins.filter (e: e.value != false) (
+          lib.attrsToList attrs
+        )
+      )
+    )
+  );
+}