deps: update to NixOS 25.05HEADmaster

I'm not sure why the Kodi user now needs to be in the `audio` group
but without it the user can only see a dummy device.

7 files changed, 98 insertions, 44 deletions

diff --git a/nixos/hosts/ev/kodi.nix b/nixos/hosts/ev/kodi.nix
index 2aea216..3862dfe 100644
--- a/nixos/hosts/ev/kodi.nix
+++ b/nixos/hosts/ev/kodi.nix
@@ -7,7 +7,10 @@ let
 in
 {
   config = {
-    users.extraUsers.kodi.isNormalUser = true;
+    users.users.kodi = {
+      isNormalUser = true;
+      extraGroups = ["audio"];
+    };
 
     services = {
       cage = {
diff --git a/nixos/hosts/hamac/default.nix b/nixos/hosts/hamac/default.nix
index d32ea58..9c4bde6 100644
--- a/nixos/hosts/hamac/default.nix
+++ b/nixos/hosts/hamac/default.nix
@@ -1,13 +1,8 @@
 # See the configuration.nix(5) man page and the NixOS manual (accessible by running `nixos-help`).
 
-let
-  sources = import <top/npins>;
-  pkgs-unstable = import sources.nixpkgs-unstable {};
-in
 { config, lib, pkgs, ... }:
 
 {
-  _module.args = { inherit pkgs-unstable; };
   imports = [
     ./hardware-configuration.nix
     <top/profiles/workstation>
diff --git a/nixos/npins/default.nix b/nixos/npins/default.nix
index 5e7d086..6592476 100644
--- a/nixos/npins/default.nix
+++ b/nixos/npins/default.nix
@@ -1,10 +1,53 @@
+/*
+  This file is provided under the MIT licence:
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
 # Generated by npins. Do not modify; will be overwritten regularly
 let
   data = builtins.fromJSON (builtins.readFile ./sources.json);
   version = data.version;
 
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
+  range =
+    first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
+  stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
+  stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
+  concatMapStrings = f: list: concatStrings (map f list);
+  concatStrings = builtins.concatStringsSep "";
+
+  # If the environment variable NPINS_OVERRIDE_${name} is set, then use
+  # the path directly as opposed to the fetched source.
+  # (Taken from Niv for compatibility)
+  mayOverride =
+    name: path:
+    let
+      envVarName = "NPINS_OVERRIDE_${saneName}";
+      saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
+      ersatz = builtins.getEnv envVarName;
+    in
+    if ersatz == "" then
+      path
+    else
+      # this turns the string into an actual Nix path (for both absolute and
+      # relative paths)
+      builtins.trace "Overriding path of \"${name}\" with \"${ersatz}\" due to set \"${envVarName}\"" (
+        if builtins.substring 0 1 ersatz == "/" then
+          /. + ersatz
+        else
+          /. + builtins.getEnv "PWD" + "/${ersatz}"
+      );
+
   mkSource =
-    spec:
+    name: spec:
     assert spec ? type;
     let
       path =
@@ -16,16 +59,19 @@ let
           mkPyPiSource spec
         else if spec.type == "Channel" then
           mkChannelSource spec
+        else if spec.type == "Tarball" then
+          mkTarballSource spec
         else
           builtins.throw "Unknown source type ${spec.type}";
     in
-    spec // { outPath = path; };
+    spec // { outPath = mayOverride name path; };
 
   mkGitSource =
     {
       repository,
       revision,
       url ? null,
+      submodules,
       hash,
       branch ? null,
       ...
@@ -33,31 +79,39 @@ let
     assert repository ? type;
     # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
     # In the latter case, there we will always be an url to the tarball
-    if url != null then
-      (builtins.fetchTarball {
+    if url != null && !submodules then
+      builtins.fetchTarball {
         inherit url;
         sha256 = hash; # FIXME: check nix version & use SRI hashes
-      })
+      }
     else
-      assert repository.type == "Git";
       let
+        url =
+          if repository.type == "Git" then
+            repository.url
+          else if repository.type == "GitHub" then
+            "https://github.com/${repository.owner}/${repository.repo}.git"
+          else if repository.type == "GitLab" then
+            "${repository.server}/${repository.repo_path}.git"
+          else
+            throw "Unrecognized repository type ${repository.type}";
         urlToName =
           url: rev:
           let
-            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" url;
 
             short = builtins.substring 0 7 rev;
 
             appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
           in
           "${if matched == null then "source" else builtins.head matched}${appendShort}";
-        name = urlToName repository.url revision;
+        name = urlToName url revision;
       in
       builtins.fetchGit {
-        url = repository.url;
         rev = revision;
         inherit name;
         # hash = hash;
+        inherit url submodules;
       };
 
   mkPyPiSource =
@@ -73,8 +127,20 @@ let
       inherit url;
       sha256 = hash;
     };
+
+  mkTarballSource =
+    {
+      url,
+      locked_url ? url,
+      hash,
+      ...
+    }:
+    builtins.fetchTarball {
+      url = locked_url;
+      sha256 = hash;
+    };
 in
-if version == 3 then
-  builtins.mapAttrs (_: mkSource) data.pins
+if version == 5 then
+  builtins.mapAttrs mkSource data.pins
 else
   throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
diff --git a/nixos/npins/sources.json b/nixos/npins/sources.json
index 592c651..c46c2fc 100644
--- a/nixos/npins/sources.json
+++ b/nixos/npins/sources.json
@@ -10,6 +10,7 @@
       "pre_releases": false,
       "version_upper_bound": null,
       "release_prefix": null,
+      "submodules": false,
       "version": "0.15.0",
       "revision": "564595d0ad4be7277e07fa63b5a991b3c645655d",
       "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.15.0",
@@ -22,6 +23,7 @@
         "url": "https://git.push-f.com/geopos.link"
       },
       "branch": "master",
+      "submodules": false,
       "revision": "ab9198d989e0889816e510b66dad1548ce0cfb48",
       "url": null,
       "hash": "1xq5sl6rsxk8716ff8hghb3aihdp41ynfwaihllnzqghc6qpigjw"
@@ -33,6 +35,7 @@
         "url": "https://git.push-f.com/lex-surf"
       },
       "branch": "master",
+      "submodules": false,
       "revision": "ef3318a78050ea8aa4f6a65dd4673958c0eadf85",
       "url": null,
       "hash": "0v1xmv3slsb965047wi968j3n58dzy227pc5y2g79g2zdppvx94d"
@@ -44,6 +47,7 @@
         "url": "https://git.push-f.com/osm-proposals"
       },
       "branch": "master",
+      "submodules": false,
       "revision": "0a531bcbd4778ef754583d52d1a6b525ee9702d4",
       "url": null,
       "hash": "0phmc0c4di6hial8l5017k03c9zn8iz2zk8cgrzsgypaw1wwsn67"
@@ -55,6 +59,7 @@
         "url": "https://git.push-f.com/rust-features"
       },
       "branch": "master",
+      "submodules": false,
       "revision": "60c929acab8bfcd3fdc355288f1a72c1ed303f11",
       "url": null,
       "hash": "1vnwhgqqi8ihic6fz6grzikc1dra6myl2b2aly2fgzrcbzrd5390"
@@ -66,28 +71,23 @@
         "url": "https://git.push-f.com/spec.pub"
       },
       "branch": "master",
+      "submodules": false,
       "revision": "152c8021bef7310ce2501e23de12e892c3ed5032",
       "url": null,
       "hash": "1z83lhqzr7yx07qb3icz0pph64aij9a1z17rqxzqmyvjsyyn8nfd"
     },
     "nixos": {
       "type": "Channel",
-      "name": "nixos-24.11",
-      "url": "https://releases.nixos.org/nixos/24.11/nixos-24.11.717608.bf3287dac860/nixexprs.tar.xz",
-      "hash": "1qf7ccpbad2p58q894g4zij3nvsqw503615apjb3iz06yribbrwb"
+      "name": "nixos-25.05",
+      "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.802985.a59eb7800787/nixexprs.tar.xz",
+      "hash": "1jsi0pqr5r6ysksswljkg6igb93sniq79bwg4s845c1kzziypyr6"
     },
     "nixos-small": {
       "type": "Channel",
-      "name": "nixos-24.11-small",
-      "url": "https://releases.nixos.org/nixos/24.11-small/nixos-24.11.714830.060b03c5d950/nixexprs.tar.xz",
-      "hash": "1lxm3y9jqkf8p63xrn6phyp5d763jfwcjxb3vpfqgc8iwq5z4cb9"
-    },
-    "nixpkgs-unstable": {
-      "type": "Channel",
-      "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre777917.b7ba7f9f45c5/nixexprs.tar.xz",
-      "hash": "0jb6b7sv66bn06pchj2l88z0i5dlz0c2vb3z6pjjlq2p8q11zigg"
+      "name": "nixos-25.05-small",
+      "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.803242.affe59411e12/nixexprs.tar.xz",
+      "hash": "0dm0dpzd42na772x3ki44hg11v2h1dw51r322c6zkq8ybbizibpy"
     }
   },
-  "version": 3
-}
\ No newline at end of file
+  "version": 5
+}
diff --git a/nixos/profiles/workstation/default.nix b/nixos/profiles/workstation/default.nix
index 833ce3c..8adade2 100644
--- a/nixos/profiles/workstation/default.nix
+++ b/nixos/profiles/workstation/default.nix
@@ -60,9 +60,5 @@ in
     # Age defaults to this anyway when openssh is enabled.
     # We're setting this here for workstations where openssh is disabled.
     age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-
-    # Using nix from git for --raw support in nix-instantiate --eval.
-    # FUTURE: remove once upgrading to NixOS 25.05
-    nix.package = nixGit.packages.${builtins.currentSystem}.default;
   };
 }
diff --git a/nixos/profiles/workstation/dev.nix b/nixos/profiles/workstation/dev.nix
index 92992cb..6c546b6 100644
--- a/nixos/profiles/workstation/dev.nix
+++ b/nixos/profiles/workstation/dev.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, pkgs-unstable, ... }:
+{ config, pkgs, ... }:
 
 {
   environment.systemPackages = with pkgs; [
@@ -22,11 +22,7 @@
     gcc # rustc fails if cc linker isn't found
     chromium
 
-    # FUTURE: Check if Linux kernel of NixOS 25.05 still has this amdgpu bug.
-    (pkgs.writeShellScriptBin "zed" ''
-      export ZED_PATH_SAMPLE_COUNT=0 # workaround for https://github.com/zed-industries/zed/issues/26143
-      exec ${pkgs-unstable.zed-editor}/bin/zeditor "$@"
-    '')
+    zed-editor
     vscodium
     # I'm installing extensions via my install-imperative script.
     platformio
diff --git a/nixos/rebuild b/nixos/rebuild
index cfc14cf..1bc6c39 100755
--- a/nixos/rebuild
+++ b/nixos/rebuild
@@ -12,9 +12,7 @@ if [ ! -f $configPath ]; then
 fi
 
 nix-eval() {
-    # FUTURE: use --raw when upgrading to NixOS 25.05
-    nix-instantiate --eval --read-write-mode "$@" \
-      | tr -d \"  # nix-instantiate has no raw output yet (like the experimental nix eval)
+    nix-instantiate --eval --raw --read-write-mode "$@"
 }
 
 channel=$(nix-eval --argstr host "$HOSTNAME" --expr '{host}: