diff --git a/flake.lock b/flake.lock index 19f82df..f3b96e6 100644 --- a/flake.lock +++ b/flake.lock @@ -3,16 +3,16 @@ "brew-src": { "flake": false, "locked": { - "lastModified": 1748658199, - "narHash": "sha256-xmI9Bk8zDWgmvJlPpeHZk9yHCZPG5uxZH9VmdEdWCkU=", + "lastModified": 1753461463, + "narHash": "sha256-kGc7pRH0diLzKmOHsEFA8sZ9NJpgT+tqxAMsuqNd5Po=", "owner": "Homebrew", "repo": "brew", - "rev": "54c8b127ea2263fbbaf1354e3d8d86025e387ea6", + "rev": "4d14be89e99a45181c18e96a5f19a5b43343cc0f", "type": "github" }, "original": { "owner": "Homebrew", - "ref": "4.5.4", + "ref": "4.5.13", "repo": "brew", "type": "github" } @@ -24,11 +24,11 @@ ] }, "locked": { - "lastModified": 1749038741, - "narHash": "sha256-lD8lB9flJWTeeUcoEsCcwSGSowQUGrsbpj2d1rWxopA=", + "lastModified": 1756261190, + "narHash": "sha256-eiy0klFK5EVJLNilutR7grsZN/7Itj9DyD75eyOf83k=", "owner": "nix-community", "repo": "home-manager", - "rev": "3830a21aa2313239b582e4e4ac97f0b25243cb7a", + "rev": "77f348da3176dc68b20a73dab94852a417daf361", "type": "github" }, "original": { @@ -72,11 +72,11 @@ "homebrew-cask": { "flake": false, "locked": { - "lastModified": 1749044086, - "narHash": "sha256-1r9PseYgz8HEQrH13O0ug2ztggSReQMUx+764dehlss=", + "lastModified": 1756345226, + "narHash": "sha256-9ekCZyEW/hrAAKIUAbLWjZ7NUoPQX3SRa3uCXXWO5R0=", "owner": "homebrew", "repo": "homebrew-cask", - "rev": "010aab6f4721b21f4fcacc2566462d865d602fc4", + "rev": "1dc96f04bc756b87552916d3d9803b83b9470254", "type": "github" }, "original": { @@ -88,11 +88,11 @@ "homebrew-core": { "flake": false, "locked": { - "lastModified": 1749045561, - "narHash": "sha256-U26zJ8HEi+mjeUukR1Sn+AWWEax2C53OdLF3gSH1/0c=", + "lastModified": 1756346905, + "narHash": "sha256-LWc9gBtcscmgzFtv+h7Z1mx3fJ6V0RXJnLxuBSOIouc=", "owner": "homebrew", "repo": "homebrew-core", - "rev": "526f3d25ccf53720b84327ef5c7c8d3c1b941e29", + "rev": "427fbff45e5ddfb042b97cbdf036f29c83abe0e1", "type": "github" }, "original": { @@ -104,11 +104,11 @@ "homebrew-hauler": { "flake": false, "locked": { - "lastModified": 1746114847, - "narHash": "sha256-gx7y1vXeeDVl/ApGDCT7pOq7ge45z/zTjOehhM3J148=", + "lastModified": 1752524684, + "narHash": "sha256-PgrLRlK6rOKdK3dLadIbE+XfG1a9hbza9uLQoUBYJXk=", "owner": "hauler-dev", "repo": "homebrew-tap", - "rev": "6f8c16af9d55e799711b44e547f9317346351a12", + "rev": "7c822a194a6d79074df82ca8ce1d89e6ef8c4efb", "type": "github" }, "original": { @@ -120,11 +120,11 @@ "homebrew-siderolabs": { "flake": false, "locked": { - "lastModified": 1748520644, - "narHash": "sha256-enVGoYjFQBKtpX923ZmWyAIwOqeZcnVD7gd3jTaNOOE=", + "lastModified": 1756227065, + "narHash": "sha256-Q4Foh3RZTxZ2RqG21wsG0EvC1ikLxq74azdAglrwZlA=", "owner": "siderolabs", "repo": "homebrew-tap", - "rev": "396cc783756fc003cc1451c0dd78c1343f60ac78", + "rev": "928d8934f734196bc5facf5083dac60fc201c374", "type": "github" }, "original": { @@ -140,11 +140,11 @@ ] }, "locked": { - "lastModified": 1749012745, - "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", + "lastModified": 1755825449, + "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", + "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", "type": "github" }, "original": { @@ -158,11 +158,11 @@ "brew-src": "brew-src" }, "locked": { - "lastModified": 1748885738, - "narHash": "sha256-fsOHwWowjhajWL5zsWiN5SdeKPNQa0RD3+sQUoH5VgQ=", + "lastModified": 1754250993, + "narHash": "sha256-MEin+qoQKtFC1b0f4tnQ+Z82BQWSCgh6Ef7rpmH9gig=", "owner": "zhaofengli-wip", "repo": "nix-homebrew", - "rev": "29fe08d458f227200a62e38f5d5eafe625d7fda3", + "rev": "314d057294e79bc2596972126b84c6f9f144499a", "type": "github" }, "original": { @@ -173,11 +173,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748856973, - "narHash": "sha256-RlTsJUvvr8ErjPBsiwrGbbHYW8XbB/oek0Gi78XdWKg=", + "lastModified": 1756288264, + "narHash": "sha256-Om8adB1lfkU7D33VpR+/haZ2gI5r3Q+ZbIPzE5sYnwE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4b09e47ace7d87de083786b404bf232eb6c89d8", + "rev": "ddd1826f294a0ee5fdc198ab72c8306a0ea73aa9", "type": "github" }, "original": { diff --git a/modules/darwin/apps/homebrew.nix b/modules/darwin/apps/homebrew.nix index 6c116e7..af49a97 100644 --- a/modules/darwin/apps/homebrew.nix +++ b/modules/darwin/apps/homebrew.nix @@ -4,12 +4,14 @@ # Darwin-level Homebrew configuration homebrew = { enable = true; - onActivation.cleanup = "uninstall"; + # Change cleanup strategy to be less aggressive + onActivation.cleanup = "zap"; # Only remove uninstalled packages onActivation.autoUpdate = false; onActivation.upgrade = false; brews = [ "argoproj/homebrew-tap/kubectl-argo-rollouts" + "azure-cli" "gh" "git" "gnu-tar" @@ -32,7 +34,7 @@ "httpie" "joplin" "localsend" - "logi-options+" + "logi-options-plus" "meetingbar" "orbstack" "parsec" diff --git a/modules/darwin/security/default.nix b/modules/darwin/security/default.nix index 4e8836f..295670b 100644 --- a/modules/darwin/security/default.nix +++ b/modules/darwin/security/default.nix @@ -3,11 +3,11 @@ # Enable TouchID for PAM auth: you could also place security/pam or other service configs here: security.pam.services.sudo_local.touchIdAuth = true; - system.defaults.alf = { - allowsignedenabled = 1; # Allows any signed Application to accept incoming requests. Default is true. 0 = disabled 1 = enabled - allowdownloadsignedenabled = 0; # Allows any signed Application to accept incoming requests. Default is false. 0 = disabled 1 = enabled - globalstate = 1; # Enable the internal firewall to prevent unauthorised applications, programs and services from accepting incoming connections. 0 = disabled 1 = enabled 2 = blocks all connections except for essential services - loggingenabled = 0; # Enable logging of blocked incoming connections. 0 = disabled 1 = enabled - stealthenabled = 1; # Enable stealth mode. This will prevent the computer from responding to ICMP ping requests and will not answer to port scans. 0 = disabled 1 = enabled + networking.applicationFirewall = { + enable = true; + blockAllIncoming = false; # Set to true if you want to block all except essential services + allowSigned = true; + allowSignedApp = false; + enableStealthMode = true; }; } \ No newline at end of file diff --git a/modules/home/stephen/default.nix b/modules/home/stephen/default.nix index 1ff1896..96c6ff4 100644 --- a/modules/home/stephen/default.nix +++ b/modules/home/stephen/default.nix @@ -2,13 +2,13 @@ { imports = [ ./terminal/default.nix + ./shell.nix ]; home = { packages = with pkgs; [ _1password-cli awscli2 - azure-cli brave discord go diff --git a/modules/home/stephen/shell.nix b/modules/home/stephen/shell.nix index e69de29..eba2d1c 100644 --- a/modules/home/stephen/shell.nix +++ b/modules/home/stephen/shell.nix @@ -0,0 +1,12 @@ +{ config, pkgs, lib, ... }: + +{ + # Configure zsh through programs.zsh instead of home.file + programs.zsh = { + enable = true; + initContent = '' + eval "$(starship init zsh)" + export PATH="''${KREW_ROOT:-/Users/${config.home.username}/.krew}/bin:$PATH" + ''; + }; +} diff --git a/modules/home/stephen/terminal/default.nix b/modules/home/stephen/terminal/default.nix index 1b97048..4861d5d 100644 --- a/modules/home/stephen/terminal/default.nix +++ b/modules/home/stephen/terminal/default.nix @@ -59,12 +59,6 @@ [[ssh-keys]] vault = "Employee" ''; - - # Configure zsh - ".zshrc".text = '' - eval "$(starship init zsh)" - export PATH="''${KREW_ROOT:-/Users/${config.home.username}/.krew}/bin:$PATH" - ''; # Configure ghostty ".config/ghostty/config".text = ''