From 9a4b06a0054e4f9be0c693fda4ce90b5d30fa4df Mon Sep 17 00:00:00 2001 From: Kris Date: Wed, 25 Feb 2026 16:27:48 +0200 Subject: [PATCH] fix? --- hosts/server/configuration.nix | 50 +++++++++++++++++++++++++++++++- modules/stuff/zsh.nix | 53 ++++++++++++++++++++-------------- 2 files changed, 80 insertions(+), 23 deletions(-) diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 2853118..ca8da57 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -81,6 +81,51 @@ shell = pkgs.zsh; }; + nixpkgs.overlays = [ + (final: prev: { + nixos-rebuild = prev.writeShellScriptBin "nixos-rebuild" '' + set -euo pipefail + + action="''${1:-}" + case "$action" in + switch|boot|test|build|dry-activate) + needs_flake=1 + ;; + *) + needs_flake=0 + ;; + esac + + has_flake=0 + for arg in "$@"; do + case "$arg" in + --flake|--flake=*) + has_flake=1 + break + ;; + esac + done + + if [ "$needs_flake" -eq 1 ] && [ "$has_flake" -eq 0 ]; then + cat >&2 <<'EOF' + + 🚨🚨🚨 WARNING: DANGEROUS SYSTEM REBUILD 🚨🚨🚨 + This host is FLAKE-MANAGED. Do not attempt to rebuild the system from /etc/nixos. + + Please ensure you are running THIS EXACT COMMAND inside /home/ocbwoy3/config: + + sudo nixos-rebuild switch --flake /home/ocbwoy3/config#server --impure --cores 4 -L --upgrade + + Aborting unsafe nixos-rebuild invocation. + EOF + exit 64 + fi + + exec ${prev.nixos-rebuild}/bin/nixos-rebuild "$@" + ''; + }) + ]; + virtualisation.docker = { enable = true; daemon.settings = { @@ -134,7 +179,10 @@ ]; # Force resolver config to Cloudflare only. - networking.nameservers = lib.mkForce [ "1.1.1.1" "1.0.0.1" ]; + networking.nameservers = lib.mkForce [ + "1.1.1.1" + "1.0.0.1" + ]; environment.etc."resolv.conf".text = lib.mkForce '' nameserver 1.1.1.1 nameserver 1.0.0.1 diff --git a/modules/stuff/zsh.nix b/modules/stuff/zsh.nix index c8380d8..bd5065d 100644 --- a/modules/stuff/zsh.nix +++ b/modules/stuff/zsh.nix @@ -1,28 +1,37 @@ -{ config, inputs, pkgs, lib, ... }: +{ + config, + inputs, + pkgs, + lib, + ... +}: { - programs.direnv = { - enable = true; - enableZshIntegration = true; - }; + programs.direnv = { + enable = true; + enableZshIntegration = true; + }; - programs.zsh = { - enable = true; - autosuggestions.enable = true; - zsh-autoenv.enable = true; - syntaxHighlighting.enable = true; - ohMyZsh = { - enable = true; - plugins = [ "git" "direnv" ]; - theme = "robbyrussell"; - }; - shellAliases = { - # ultimate cpu killer 3000 - nixrebuild = "sudo nixos-rebuild switch --flake .#default --impure --cores 20 -L --upgrade"; - dangerous-nixrebuild-server = "sudo nixos-rebuild switch --flake .#server --impure --cores 4 -L --upgrade"; - neofetch = "fastfetch"; - }; - }; + programs.zsh = { + enable = true; + autosuggestions.enable = true; + zsh-autoenv.enable = true; + syntaxHighlighting.enable = true; + ohMyZsh = { + enable = true; + plugins = [ + "git" + "direnv" + ]; + theme = "robbyrussell"; + }; + shellAliases = { + # ultimate cpu killer 3000 + nixrebuild = "sudo nixos-rebuild switch --flake .#default --impure --cores 20 -L --upgrade"; + dangerous-nixrebuild-server = "sudo nixos-rebuild switch --flake /home/ocbwoy3/config#server --impure --cores 4 -L --upgrade"; + neofetch = "fastfetch"; + }; + }; }