update flake.lock and homebrew.nix: bump Homebrew dependencies and add new packages (curseforge, dbeaver-community)

add Brave Browser to persistent apps and Homebrew casks; remove Brave from default packages
update Homebrew configuration: change cleanup strategy to 'zap', add azure-cli, and fix logi-options package name; add zsh configuration in shell.nix
2025-10-14 17:27:16 -04:00 · 2025-08-28 12:36:21 -04:00 · 2025-08-27 22:36:50 -04:00 · 2025-07-25 15:43:38 -04:00
9 changed files with 72 additions and 110 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -3,16 +3,16 @@
    "brew-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1742457334,
-        "narHash": "sha256-Gn7ruyb3NDFr+SsHBfA2NsJI8YkkWdECqLRj/xcjt+E=",
+        "lastModified": 1758543057,
+        "narHash": "sha256-lw3V2jOGYphUFHYQ5oARcb6urlbNpUCLJy1qhsGdUmc=",
        "owner": "Homebrew",
        "repo": "brew",
-        "rev": "f3bd91d3afe086824d24708230e1f0c7f943135a",
+        "rev": "5b236456eb93133c2bd0d60ef35ed63f1c0712f6",
        "type": "github"
      },
      "original": {
        "owner": "Homebrew",
-        "ref": "4.4.25",
+        "ref": "4.6.12",
        "repo": "brew",
        "type": "github"
      }
@@ -24,11 +24,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744223888,
-        "narHash": "sha256-reYpe0J1J+wH34JFs7KKp0G5nP7+XSQ5z0ZLFJcfJr8=",
+        "lastModified": 1760462439,
+        "narHash": "sha256-bks3rTsKGlqehk4l7rViIg2lBnUsY6we22O+ecRZB/c=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "79461936709b12e17adb9c91dd02d1c66d577f09",
+        "rev": "990e5ce6791ff1f497a61280a82eb66e3789e0e9",
        "type": "github"
      },
      "original": {
@@ -40,11 +40,11 @@
    "homebrew-argoproj": {
      "flake": false,
      "locked": {
-        "lastModified": 1742497132,
-        "narHash": "sha256-If6Bc/UyY1suAxC6B6C5UMIIBGurDCu4uicv8A09poc=",
+        "lastModified": 1756414928,
+        "narHash": "sha256-TzQt2B1RkVjDWf8lv+DYeigK5bIDC+Xz3kqVUQ5pNrc=",
        "owner": "argoproj",
        "repo": "homebrew-tap",
-        "rev": "c2558ee338377f8f95c21495d8437c6c560d91aa",
+        "rev": "fdc7edd03bb7d2719369be916f2682898b33ef83",
        "type": "github"
      },
      "original": {
@@ -56,11 +56,11 @@
    "homebrew-bundle": {
      "flake": false,
      "locked": {
-        "lastModified": 1742475687,
-        "narHash": "sha256-GoaP8X0livBYzfb8kRCyf3z61+sXSh6tE5gMZtxjLQA=",
+        "lastModified": 1745335228,
+        "narHash": "sha256-TIKR2UgtyUmHLNZp255/vLs+1I10hXe+sciMEbAGFwE=",
        "owner": "homebrew",
        "repo": "homebrew-bundle",
-        "rev": "dc4311afc4c34833b288cd4978421803ec2c9ff8",
+        "rev": "a3265c84b232e13048ecbf6fc18a2eedfadbeb08",
        "type": "github"
      },
      "original": {
@@ -72,11 +72,11 @@
    "homebrew-cask": {
      "flake": false,
      "locked": {
-        "lastModified": 1744236362,
-        "narHash": "sha256-eYe52jMTHwcSIzzq2BP2MEYot8sUkxFL1c66iFNAPlI=",
+        "lastModified": 1760475873,
+        "narHash": "sha256-NeoqHBS13ARF7gYaWQDk6wYpWS+LjoQ1TEV6wRGC8uo=",
        "owner": "homebrew",
        "repo": "homebrew-cask",
-        "rev": "d9c1a4b97936816ad63b34cc46642e9fbc69d13c",
+        "rev": "c0853818223614d9f1abac68abc770f552e77653",
        "type": "github"
      },
      "original": {
@@ -88,11 +88,11 @@
    "homebrew-core": {
      "flake": false,
      "locked": {
-        "lastModified": 1744243351,
-        "narHash": "sha256-dXBnP9Ei/3AyMHxercLSck4bR2xtOQ4dv874fEtXzmI=",
+        "lastModified": 1760474416,
+        "narHash": "sha256-EBgYlw+gadSAXnXM4oPhdQcu5r+2zKmDYqDVAjTidXE=",
        "owner": "homebrew",
        "repo": "homebrew-core",
-        "rev": "021b921b879a2676364115ab2b4a82be5b6954b0",
+        "rev": "c5d5de1246fe4f9720e55e939209e81a152f39c1",
        "type": "github"
      },
      "original": {
@@ -104,11 +104,11 @@
    "homebrew-hauler": {
      "flake": false,
      "locked": {
-        "lastModified": 1746114847,
-        "narHash": "sha256-gx7y1vXeeDVl/ApGDCT7pOq7ge45z/zTjOehhM3J148=",
+        "lastModified": 1752524684,
+        "narHash": "sha256-PgrLRlK6rOKdK3dLadIbE+XfG1a9hbza9uLQoUBYJXk=",
        "owner": "hauler-dev",
        "repo": "homebrew-tap",
-        "rev": "6f8c16af9d55e799711b44e547f9317346351a12",
+        "rev": "7c822a194a6d79074df82ca8ce1d89e6ef8c4efb",
        "type": "github"
      },
      "original": {
@@ -120,11 +120,11 @@
    "homebrew-siderolabs": {
      "flake": false,
      "locked": {
-        "lastModified": 1744120639,
-        "narHash": "sha256-+8s+yaOtkpuUl89EIIJ4nuPJuL9q3qBIC21TOWDSOBI=",
+        "lastModified": 1759238339,
+        "narHash": "sha256-ZWFluo9oxr3xsY5awb1ZlAD8io8DJvWrrAXMl6Ja6Tw=",
        "owner": "siderolabs",
        "repo": "homebrew-tap",
-        "rev": "52c8208478314a9ff57935c710ec249187d4f096",
+        "rev": "0cf0fdceeb7d438afee533e2aec078f5d7c079d3",
        "type": "github"
      },
      "original": {
@@ -140,29 +140,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744224272,
-        "narHash": "sha256-cqePj5nuC7flJWNncaVAFq1YZncU0PSyO0DEqGn+vYc=",
+        "lastModified": 1760338583,
+        "narHash": "sha256-IGwy02SH5K2hzIFrKMRsCmyvwOwWxrcquiv4DbKL1S4=",
        "owner": "LnL7",
        "repo": "nix-darwin",
-        "rev": "113883e37d985d26ecb65282766e5719f2539103",
-        "type": "github"
-      },
-      "original": {
-        "owner": "LnL7",
-        "repo": "nix-darwin",
-        "type": "github"
-      }
-    },
-    "nix-darwin_2": {
-      "inputs": {
-        "nixpkgs": "nixpkgs"
-      },
-      "locked": {
-        "lastModified": 1716329735,
-        "narHash": "sha256-ap51w+VqG21vuzyQ04WrhI2YbWHd3UGz0e7dc/QQmoA=",
-        "owner": "LnL7",
-        "repo": "nix-darwin",
-        "rev": "eac4f25028c1975a939c8f8fba95c12f8a25e01c",
+        "rev": "9a9ab01072f78823ca627ae5e895e40d493c3ecf",
        "type": "github"
      },
      "original": {
@@ -173,16 +155,14 @@
    },
    "nix-homebrew": {
      "inputs": {
-        "brew-src": "brew-src",
-        "nix-darwin": "nix-darwin_2",
-        "nixpkgs": "nixpkgs_2"
+        "brew-src": "brew-src"
      },
      "locked": {
-        "lastModified": 1742619394,
-        "narHash": "sha256-8uwIBjbKxeJ7u0VACSNs634HwtgRLxP6/+cIkUXmuyI=",
+        "lastModified": 1758598228,
+        "narHash": "sha256-qr60maXGbZ4FX5tejPRI3nr0bnRTnZ3AbbbfO6/6jq4=",
        "owner": "zhaofengli-wip",
        "repo": "nix-homebrew",
-        "rev": "04b0536479d2d2e8d71dc8c8ee97c2b61f0c9987",
+        "rev": "f36e5db56e117f7df701ab152d0d2036ea85218c",
        "type": "github"
      },
      "original": {
@@ -193,40 +173,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1687274257,
-        "narHash": "sha256-TutzPriQcZ8FghDhEolnHcYU2oHIG5XWF+/SUBNnAOE=",
-        "path": "/nix/store/22qgs3skscd9bmrxv9xv4q5d4wwm5ppx-source",
-        "rev": "2c9ecd1f0400076a4d6b2193ad468ff0a7e7fdc5",
-        "type": "path"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "type": "indirect"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1716330097,
-        "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
+        "lastModified": 1760349414,
+        "narHash": "sha256-W4Ri1ZwYuNcBzqQQa7NnWfrv0wHMo7rduTWjIeU9dZk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1744096231,
-        "narHash": "sha256-kUfx3FKU1Etnua3EaKvpeuXs7zoFiAcli1gBwkPvGSs=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "b2b0718004cc9a5bca610326de0a82e6ea75920b",
+        "rev": "c12c63cd6c5eb34c7b4c3076c6a99e00fcab86ec",
        "type": "github"
      },
      "original": {
@@ -247,7 +198,7 @@
        "homebrew-siderolabs": "homebrew-siderolabs",
        "nix-darwin": "nix-darwin",
        "nix-homebrew": "nix-homebrew",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs"
      }
    }
  },
--- a/manage.sh
+++ b/manage.sh
@@ -21,13 +21,13 @@ case $choice in
        echo -e "${GREEN}Rebuilding configuration...${NC}"
        read -p "Enter hostname (default: swaphb-mba): " hostname
        hostname=${hostname:-swaphb-mba}
-        darwin-rebuild switch --flake .#$hostname
+        sudo darwin-rebuild switch --flake .#$hostname
        ;;
    2)
        echo -e "${GREEN}Updating flakes and rebuilding...${NC}"
        read -p "Enter hostname (default: swaphb-mba): " hostname
        hostname=${hostname:-swaphb-mba}
-        nix flake update && darwin-rebuild switch --flake .#$hostname
+        nix flake update && sudo darwin-rebuild switch --flake .#$hostname
        ;;
    3)
        echo -e "${GREEN}Cleaning nix store...${NC}"
--- a/modules/darwin/apps/homebrew.nix
+++ b/modules/darwin/apps/homebrew.nix
@@ -4,14 +4,17 @@
  # Darwin-level Homebrew configuration
  homebrew = {
    enable = true;
-    onActivation.cleanup = "uninstall";
+    # Change cleanup strategy to be less aggressive
+    onActivation.cleanup = "zap"; # Only remove uninstalled packages
    onActivation.autoUpdate = false;
    onActivation.upgrade = false;

    brews = [
      "argoproj/homebrew-tap/kubectl-argo-rollouts"
+      "azure-cli"
      "gh"
      "git"
+      "gnu-tar"
      "hauler-dev/homebrew-tap/hauler"
      "helm"
      "httpie"
@@ -23,14 +26,18 @@
    casks = [
      "1password"
      "balenaetcher"
+      "brave-browser"
      "citrix-workspace"
+      "curseforge"
      "cursor"
+      "dbeaver-community"
      "elgato-wave-link"
+      "freelens"
      "ghostty"
      "httpie"
      "joplin"
      "localsend"
-      "logi-options+"
+      "logi-options-plus"
      "meetingbar"
      "orbstack"
      "parsec"
--- a/modules/darwin/security/default.nix
+++ b/modules/darwin/security/default.nix
@@ -3,11 +3,11 @@
  # Enable TouchID for PAM auth: you could also place security/pam or other service configs here:
  security.pam.services.sudo_local.touchIdAuth = true;

-  system.defaults.alf = {
-    allowsignedenabled = 1; # Allows any signed Application to accept incoming requests. Default is true. 0 = disabled 1 = enabled
-    allowdownloadsignedenabled = 0; # Allows any signed Application to accept incoming requests. Default is false. 0 = disabled 1 = enabled
-    globalstate = 1; # Enable the internal firewall to prevent unauthorised applications, programs and services from accepting incoming connections. 0 = disabled 1 = enabled 2 = blocks all connections except for essential services
-    loggingenabled = 0; # Enable logging of blocked incoming connections. 0 = disabled 1 = enabled
-    stealthenabled = 1; # Enable stealth mode. This will prevent the computer from responding to ICMP ping requests and will not answer to port scans. 0 = disabled 1 = enabled
+  networking.applicationFirewall = {
+    enable = true;
+    blockAllIncoming = false; # Set to true if you want to block all except essential services
+    allowSigned = true;
+    allowSignedApp = false;
+    enableStealthMode = true;
  };
 }
--- a/modules/darwin/system/appearance.nix
+++ b/modules/darwin/system/appearance.nix
@@ -8,11 +8,13 @@ in
    autohide = true;
    orientation = "bottom";
    persistent-apps = [
+      "/System/Applications/Launchpad.app"
      "/Applications/Vivaldi.app"
+      "/Applications/Brave Browser.app"
      "/Applications/Ghostty.app"
      "/Applications/Cursor.app"
+      "/Applications/Freelens.app"
      # Use the nixpkgs path to the app for apps installed via nix. This will automatically use the latest nix store path.
-      "/${pkgs.lens}/Applications/Lens.app"
      "/${pkgs.slack}/Applications/Slack.app"
      "/${pkgs.discord}/Applications/Discord.app"
      "/Applications/Spotify.app"
--- a/modules/darwin/system/system.nix
+++ b/modules/darwin/system/system.nix
@@ -1,6 +1,8 @@
 { config, lib, ... }:

 {
+  system.primaryUser = config._module.args.username;
+ 
  system.defaults.screencapture = {
    location = "~/Documents/Screenshots"; # Set default screenshot location
    # Add more screencapture settings here
@@ -22,8 +24,4 @@
  system.defaults.WindowManager.EnableStandardClickToShowDesktop = false; # Disable/Enable standard click to show desktop
  # You can add more Mac defaults here as well...

-  system.activationScripts.postUserActivation.text = ''
-    # Following line should allow us to avoid a logout/login cycle
-    /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
-  ''; # Activate settings after user activation
 }
--- a/modules/home/stephen/default.nix
+++ b/modules/home/stephen/default.nix
@@ -2,14 +2,13 @@
 {
  imports = [
    ./terminal/default.nix
+    ./shell.nix
  ];

  home = {
    packages = with pkgs; [
      _1password-cli
      awscli2
-      azure-cli
-      brave
      discord
      go
      google-cloud-sdk
@@ -21,7 +20,6 @@
      hcloud
      butane
      slack
-      # spotify
      teleport
      tenv
      vim
--- a/modules/home/stephen/shell.nix
+++ b/modules/home/stephen/shell.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Configure zsh through programs.zsh instead of home.file
+  programs.zsh = {
+    enable = true;
+    initContent = ''
+      eval "$(starship init zsh)"
+      export PATH="''${KREW_ROOT:-/Users/${config.home.username}/.krew}/bin:$PATH"
+    '';
+  };
+}
--- a/modules/home/stephen/terminal/default.nix
+++ b/modules/home/stephen/terminal/default.nix
@@ -60,12 +60,6 @@
      vault = "Employee"
    '';

-    # Configure zsh
-    ".zshrc".text = ''
-      eval "$(starship init zsh)"
-      export PATH="''${KREW_ROOT:-/Users/${config.home.username}/.krew}/bin:$PATH"
-    '';
-
    # Configure ghostty
    ".config/ghostty/config".text = ''
      background-opacity = 0.9
Author	SHA1	Message	Date
swaphb	2fc8f46e58	update flake.lock and homebrew.nix: bump Homebrew dependencies and add new packages (curseforge, dbeaver-community)	2025-10-14 17:27:16 -04:00
swaphb	da878dca01	add Brave Browser to persistent apps and Homebrew casks; remove Brave from default packages	2025-08-28 12:36:21 -04:00
swaphb	7b056f83ab	update Homebrew configuration: change cleanup strategy to 'zap', add azure-cli, and fix logi-options package name; add zsh configuration in shell.nix	2025-08-27 22:36:50 -04:00
swaphb	f292f26361	update flake.lock with new versions for Homebrew and other dependencies; modify manage.sh to use sudo for rebuild commands; add gnu-tar and freelens to homebrew apps; set primary user in system configuration	2025-07-25 15:43:38 -04:00