update Homebrew configuration: change cleanup strategy to 'zap', add azure-cli, and fix logi-options package name; add zsh configuration in shell.nix

update flake.lock with new versions for Homebrew and other dependencies; modify manage.sh to use sudo for rebuild commands; add gnu-tar and freelens to homebrew apps; set primary user in system configuration
2025-08-27 22:36:50 -04:00 · 2025-07-25 15:43:38 -04:00
8 changed files with 63 additions and 104 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -3,16 +3,16 @@
    "brew-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1742457334,
-        "narHash": "sha256-Gn7ruyb3NDFr+SsHBfA2NsJI8YkkWdECqLRj/xcjt+E=",
+        "lastModified": 1753461463,
+        "narHash": "sha256-kGc7pRH0diLzKmOHsEFA8sZ9NJpgT+tqxAMsuqNd5Po=",
        "owner": "Homebrew",
        "repo": "brew",
-        "rev": "f3bd91d3afe086824d24708230e1f0c7f943135a",
+        "rev": "4d14be89e99a45181c18e96a5f19a5b43343cc0f",
        "type": "github"
      },
      "original": {
        "owner": "Homebrew",
-        "ref": "4.4.25",
+        "ref": "4.5.13",
        "repo": "brew",
        "type": "github"
      }
@@ -24,11 +24,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744223888,
-        "narHash": "sha256-reYpe0J1J+wH34JFs7KKp0G5nP7+XSQ5z0ZLFJcfJr8=",
+        "lastModified": 1756261190,
+        "narHash": "sha256-eiy0klFK5EVJLNilutR7grsZN/7Itj9DyD75eyOf83k=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "79461936709b12e17adb9c91dd02d1c66d577f09",
+        "rev": "77f348da3176dc68b20a73dab94852a417daf361",
        "type": "github"
      },
      "original": {
@@ -56,11 +56,11 @@
    "homebrew-bundle": {
      "flake": false,
      "locked": {
-        "lastModified": 1742475687,
-        "narHash": "sha256-GoaP8X0livBYzfb8kRCyf3z61+sXSh6tE5gMZtxjLQA=",
+        "lastModified": 1745335228,
+        "narHash": "sha256-TIKR2UgtyUmHLNZp255/vLs+1I10hXe+sciMEbAGFwE=",
        "owner": "homebrew",
        "repo": "homebrew-bundle",
-        "rev": "dc4311afc4c34833b288cd4978421803ec2c9ff8",
+        "rev": "a3265c84b232e13048ecbf6fc18a2eedfadbeb08",
        "type": "github"
      },
      "original": {
@@ -72,11 +72,11 @@
    "homebrew-cask": {
      "flake": false,
      "locked": {
-        "lastModified": 1744236362,
-        "narHash": "sha256-eYe52jMTHwcSIzzq2BP2MEYot8sUkxFL1c66iFNAPlI=",
+        "lastModified": 1756345226,
+        "narHash": "sha256-9ekCZyEW/hrAAKIUAbLWjZ7NUoPQX3SRa3uCXXWO5R0=",
        "owner": "homebrew",
        "repo": "homebrew-cask",
-        "rev": "d9c1a4b97936816ad63b34cc46642e9fbc69d13c",
+        "rev": "1dc96f04bc756b87552916d3d9803b83b9470254",
        "type": "github"
      },
      "original": {
@@ -88,11 +88,11 @@
    "homebrew-core": {
      "flake": false,
      "locked": {
-        "lastModified": 1744243351,
-        "narHash": "sha256-dXBnP9Ei/3AyMHxercLSck4bR2xtOQ4dv874fEtXzmI=",
+        "lastModified": 1756346905,
+        "narHash": "sha256-LWc9gBtcscmgzFtv+h7Z1mx3fJ6V0RXJnLxuBSOIouc=",
        "owner": "homebrew",
        "repo": "homebrew-core",
-        "rev": "021b921b879a2676364115ab2b4a82be5b6954b0",
+        "rev": "427fbff45e5ddfb042b97cbdf036f29c83abe0e1",
        "type": "github"
      },
      "original": {
@@ -104,11 +104,11 @@
    "homebrew-hauler": {
      "flake": false,
      "locked": {
-        "lastModified": 1746114847,
-        "narHash": "sha256-gx7y1vXeeDVl/ApGDCT7pOq7ge45z/zTjOehhM3J148=",
+        "lastModified": 1752524684,
+        "narHash": "sha256-PgrLRlK6rOKdK3dLadIbE+XfG1a9hbza9uLQoUBYJXk=",
        "owner": "hauler-dev",
        "repo": "homebrew-tap",
-        "rev": "6f8c16af9d55e799711b44e547f9317346351a12",
+        "rev": "7c822a194a6d79074df82ca8ce1d89e6ef8c4efb",
        "type": "github"
      },
      "original": {
@@ -120,11 +120,11 @@
    "homebrew-siderolabs": {
      "flake": false,
      "locked": {
-        "lastModified": 1744120639,
-        "narHash": "sha256-+8s+yaOtkpuUl89EIIJ4nuPJuL9q3qBIC21TOWDSOBI=",
+        "lastModified": 1756227065,
+        "narHash": "sha256-Q4Foh3RZTxZ2RqG21wsG0EvC1ikLxq74azdAglrwZlA=",
        "owner": "siderolabs",
        "repo": "homebrew-tap",
-        "rev": "52c8208478314a9ff57935c710ec249187d4f096",
+        "rev": "928d8934f734196bc5facf5083dac60fc201c374",
        "type": "github"
      },
      "original": {
@@ -140,29 +140,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744224272,
-        "narHash": "sha256-cqePj5nuC7flJWNncaVAFq1YZncU0PSyO0DEqGn+vYc=",
+        "lastModified": 1755825449,
+        "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=",
        "owner": "LnL7",
        "repo": "nix-darwin",
-        "rev": "113883e37d985d26ecb65282766e5719f2539103",
-        "type": "github"
-      },
-      "original": {
-        "owner": "LnL7",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
-    "nix-darwin_2": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1716329735,
-        "narHash": "sha256-ap51w+VqG21vuzyQ04WrhI2YbWHd3UGz0e7dc/QQmoA=",
-        "owner": "LnL7",
-        "repo": "nix-darwin",
-        "rev": "eac4f25028c1975a939c8f8fba95c12f8a25e01c",
+        "rev": "8df64f819698c1fee0c2969696f54a843b2231e8",
        "type": "github"
      },
      "original": {
@@ -173,16 +155,14 @@
    },
    "nix-homebrew": {
      "inputs": {
-        "brew-src": "brew-src",
-        "nix-darwin": "nix-darwin_2",
-        "nixpkgs": "nixpkgs_2"
+        "brew-src": "brew-src"
      },
      "locked": {
-        "lastModified": 1742619394,
-        "narHash": "sha256-8uwIBjbKxeJ7u0VACSNs634HwtgRLxP6/+cIkUXmuyI=",
+        "lastModified": 1754250993,
+        "narHash": "sha256-MEin+qoQKtFC1b0f4tnQ+Z82BQWSCgh6Ef7rpmH9gig=",
        "owner": "zhaofengli-wip",
        "repo": "nix-homebrew",
-        "rev": "04b0536479d2d2e8d71dc8c8ee97c2b61f0c9987",
+        "rev": "314d057294e79bc2596972126b84c6f9f144499a",
        "type": "github"
      },
      "original": {
@@ -193,40 +173,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1687274257,
-        "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=",
-        "path": "/nix/store/22qgs3skscd9bmrxv9xv4q5d4wwm5ppx-source",
-        "rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5",
-        "type": "path"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "type": "indirect"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1716330097,
-        "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
+        "lastModified": 1756288264,
+        "narHash": "sha256-Om8adB1lfkU7D33VpR+/haZ2gI5r3Q+ZbIPzE5sYnwE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1744096231,
-        "narHash": "sha256-kUfx3FKU1Etnua3EaKvpeuXs7zoFiAcli1gBwkPvGSs=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "b2b0718004cc9a5bca610326de0a82e6ea75920b",
+        "rev": "ddd1826f294a0ee5fdc198ab72c8306a0ea73aa9",
        "type": "github"
      },
      "original": {
@@ -247,7 +198,7 @@
        "homebrew-siderolabs": "homebrew-siderolabs",
        "nix-darwin": "nix-darwin",
        "nix-homebrew": "nix-homebrew",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs"
      }
    }
  },
--- a/manage.sh
+++ b/manage.sh
@@ -21,13 +21,13 @@ case $choice in
        echo -e "${GREEN}Rebuilding configuration...${NC}"
        read -p "Enter hostname (default: swaphb-mba): " hostname
        hostname=${hostname:-swaphb-mba}
-        darwin-rebuild switch --flake .#$hostname
+        sudo darwin-rebuild switch --flake .#$hostname
        ;;
    2)
        echo -e "${GREEN}Updating flakes and rebuilding...${NC}"
        read -p "Enter hostname (default: swaphb-mba): " hostname
        hostname=${hostname:-swaphb-mba}
-        nix flake update && darwin-rebuild switch --flake .#$hostname
+        nix flake update && sudo darwin-rebuild switch --flake .#$hostname
        ;;
    3)
        echo -e "${GREEN}Cleaning nix store...${NC}"
--- a/modules/darwin/apps/homebrew.nix
+++ b/modules/darwin/apps/homebrew.nix
@@ -4,14 +4,17 @@
  # Darwin-level Homebrew configuration
  homebrew = {
    enable = true;
-    onActivation.cleanup = "uninstall";
+    # Change cleanup strategy to be less aggressive
+    onActivation.cleanup = "zap"; # Only remove uninstalled packages
    onActivation.autoUpdate = false;
    onActivation.upgrade = false;

    brews = [
      "argoproj/homebrew-tap/kubectl-argo-rollouts"
+      "azure-cli"
      "gh"
      "git"
+      "gnu-tar"
      "hauler-dev/homebrew-tap/hauler"
      "helm"
      "httpie"
@@ -26,11 +29,12 @@
      "citrix-workspace"
      "cursor"
      "elgato-wave-link"
+      "freelens"
      "ghostty"
      "httpie"
      "joplin"
      "localsend"
-      "logi-options+"
+      "logi-options-plus"
      "meetingbar"
      "orbstack"
      "parsec"
--- a/modules/darwin/security/default.nix
+++ b/modules/darwin/security/default.nix
@@ -3,11 +3,11 @@
  # Enable TouchID for PAM auth: you could also place security/pam or other service configs here:
  security.pam.services.sudo_local.touchIdAuth = true;

-  system.defaults.alf = {
-    allowsignedenabled = 1; # Allows any signed Application to accept incoming requests. Default is true. 0 = disabled 1 = enabled
-    allowdownloadsignedenabled = 0; # Allows any signed Application to accept incoming requests. Default is false. 0 = disabled 1 = enabled
-    globalstate = 1; # Enable the internal firewall to prevent unauthorised applications, programs and services from accepting incoming connections. 0 = disabled 1 = enabled 2 = blocks all connections except for essential services
-    loggingenabled = 0; # Enable logging of blocked incoming connections. 0 = disabled 1 = enabled
-    stealthenabled = 1; # Enable stealth mode. This will prevent the computer from responding to ICMP ping requests and will not answer to port scans. 0 = disabled 1 = enabled
+  networking.applicationFirewall = {
+    enable = true;
+    blockAllIncoming = false; # Set to true if you want to block all except essential services
+    allowSigned = true;
+    allowSignedApp = false;
+    enableStealthMode = true;
  };
 }
--- a/modules/darwin/system/system.nix
+++ b/modules/darwin/system/system.nix
@@ -1,6 +1,8 @@
 { config, lib, ... }:

-{ 
+{
+  system.primaryUser = config._module.args.username;
+ 
  system.defaults.screencapture = {
    location = "~/Documents/Screenshots"; # Set default screenshot location
    # Add more screencapture settings here
@@ -22,8 +24,4 @@
  system.defaults.WindowManager.EnableStandardClickToShowDesktop = false; # Disable/Enable standard click to show desktop
  # You can add more Mac defaults here as well...

-  system.activationScripts.postUserActivation.text = ''
-    # Following line should allow us to avoid a logout/login cycle
-    /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
-  ''; # Activate settings after user activation
 }
--- a/modules/home/stephen/default.nix
+++ b/modules/home/stephen/default.nix
@@ -2,13 +2,13 @@
 {
  imports = [
    ./terminal/default.nix
+    ./shell.nix
  ];

  home = {
    packages = with pkgs; [
      _1password-cli
      awscli2
-      azure-cli
      brave
      discord
      go
--- a/modules/home/stephen/shell.nix
+++ b/modules/home/stephen/shell.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Configure zsh through programs.zsh instead of home.file
+  programs.zsh = {
+    enable = true;
+    initContent = ''
+      eval "$(starship init zsh)"
+      export PATH="''${KREW_ROOT:-/Users/${config.home.username}/.krew}/bin:$PATH"
+    '';
+  };
+}
--- a/modules/home/stephen/terminal/default.nix
+++ b/modules/home/stephen/terminal/default.nix
@@ -59,12 +59,6 @@
      [[ssh-keys]]
      vault = "Employee"
    '';
-    
-    # Configure zsh
-    ".zshrc".text = ''
-      eval "$(starship init zsh)"
-      export PATH="''${KREW_ROOT:-/Users/${config.home.username}/.krew}/bin:$PATH"
-    '';

    # Configure ghostty
    ".config/ghostty/config".text = ''
Author	SHA1	Message	Date
swaphb	7b056f83ab	update Homebrew configuration: change cleanup strategy to 'zap', add azure-cli, and fix logi-options package name; add zsh configuration in shell.nix	2025-08-27 22:36:50 -04:00
swaphb	f292f26361	update flake.lock with new versions for Homebrew and other dependencies; modify manage.sh to use sudo for rebuild commands; add gnu-tar and freelens to homebrew apps; set primary user in system configuration	2025-07-25 15:43:38 -04:00