10 files changed, 71 insertions, 19 deletions

diff --git a/nixos/profiles/common/basics.nix b/nixos/profiles/common/basics.nix
index aa6eff9..3f1859c 100644
--- a/nixos/profiles/common/basics.nix
+++ b/nixos/profiles/common/basics.nix
@@ -1,9 +1,10 @@
-{ config, pkgs, ... }:
+{ lib, config, pkgs, ... }:
 
 {
   environment.systemPackages = with pkgs; [
     git
-    vim
+    # lowPrio because we use vim-full in the workstation profile
+    (lowPrio vim)
 
     file
     htop
@@ -32,4 +33,7 @@
 
       ZDOTDIR = "${config}/zsh";
     };
+
+  # By default installs plugins that pull in GTK.
+  networking.networkmanager.plugins = lib.mkForce [];
 }
diff --git a/nixos/profiles/common/default.nix b/nixos/profiles/common/default.nix
index 2b07724..a508a32 100644
--- a/nixos/profiles/common/default.nix
+++ b/nixos/profiles/common/default.nix
@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 let
-  sources = import ../../npins;
+  sources = import <top/npins>;
 in
 {
   imports = [
diff --git a/nixos/profiles/common/nixpkgs/overlays.nix b/nixos/profiles/common/nixpkgs/overlays.nix
index 613338f..40f9041 100644
--- a/nixos/profiles/common/nixpkgs/overlays.nix
+++ b/nixos/profiles/common/nixpkgs/overlays.nix
@@ -1,4 +1,29 @@
 # https://nixos.org/manual/nixpkgs/stable/#sec-overlays-definition
+{ pkgs, ... }:
 [
+  # features
+  (final: prev: {
+    scc = prev.scc.overrideAttrs (old: {
+      # https://github.com/boyter/scc/pull/622
+      src = pkgs.fetchFromGitHub {
+        owner = "boyter";
+        repo = "scc";
+        rev = "b73ea06bdc5890821d03502a2cfc4224b19a9b67";
+        hash = "sha256-vcuoKrvludBE0KpXVLkKzB38n0mZJWVB8bYrgJDHKfY=";
+      };
+    });
+  })
 
+  # bug fixes
+  (final: prev: {
+    sway-unwrapped = prev.sway-unwrapped.overrideAttrs (old: {
+      patches = old.patches ++ [
+        # https://github.com/swaywm/sway/pull/8761
+        (pkgs.fetchpatch {
+          url = "https://github.com/swaywm/sway/commit/af7c6ec7b1daeeec67dd17e27fb75f1f1c347327.patch";
+          hash = "sha256-DxN/3IdswZ6q/ksBVr+wgwGe7ScJeg8gFHYQdQAueww=";
+        })
+      ];
+    });
+  })
 ]
diff --git a/nixos/profiles/common/sanix.nix b/nixos/profiles/common/sanix.nix
index a20db24..626aa73 100644
--- a/nixos/profiles/common/sanix.nix
+++ b/nixos/profiles/common/sanix.nix
@@ -2,14 +2,13 @@
   # Use the Nixpkgs config and overlays from the local files for this NixOS build
   nixpkgs = {
     config = import ./nixpkgs/config.nix;
-    overlays = import ./nixpkgs/overlays.nix;
+    overlays = import ./nixpkgs/overlays.nix { inherit pkgs; };
   };
 
   # Makes commands default to the same Nixpkgs, config, overlays and NixOS configuration
   nix.nixPath = [
     "nixpkgs=${pkgs.path}"
     "nixos-config=${toString <nixos-config>}"
-    "nixpkgs-overlays=${toString ./nixpkgs/overlays.nix}"
   ];
   environment.variables.NIXPKGS_CONFIG = lib.mkForce (toString ./nixpkgs/config.nix);
 
diff --git a/nixos/profiles/server/default.nix b/nixos/profiles/server/default.nix
index ac24e20..07dcd4b 100644
--- a/nixos/profiles/server/default.nix
+++ b/nixos/profiles/server/default.nix
@@ -13,4 +13,9 @@
       };
     };
   };
+
+  security.sudo.wheelNeedsPassword = false;
+
+  # For remote rebuilds with --target-host.
+  nix.settings.trusted-users = ["@wheel"];
 }
diff --git a/nixos/profiles/workstation/create.nix b/nixos/profiles/workstation/create.nix
index 924717f..1c955a6 100644
--- a/nixos/profiles/workstation/create.nix
+++ b/nixos/profiles/workstation/create.nix
@@ -4,8 +4,14 @@
   environment.systemPackages = with pkgs; [
     graphviz-nox # for dot
 
+    hugo
     typst
 
+    (inkscape-with-extensions.override {
+      inkscapeExtensions = [
+        inkscape-extensions.inkstitch
+      ];
+    })
     gimp
     krita
   ];
diff --git a/nixos/profiles/workstation/default.nix b/nixos/profiles/workstation/default.nix
index 0332200..9df5328 100644
--- a/nixos/profiles/workstation/default.nix
+++ b/nixos/profiles/workstation/default.nix
@@ -2,13 +2,7 @@
 
 let
   cfg = config.workstation;
-  sources = import ../../npins;
-  nixGit = import (pkgs.fetchFromGitHub {
-    owner = "NixOS";
-    repo = "nix";
-    rev = "7a8a28629c61c75af010ff0a5a88c16c4ce536c7";
-    sha256 = "sha256-oqG9AFPXBneKVmiWa9b9ai0hGZqHVKVFaFLdBZitSUA=";
-  });
+  sources = import <top/npins>;
 in
 {
   options.workstation = {
@@ -33,6 +27,7 @@ in
         "wheel"
         "networkmanager"
         "dialout"
+        "wireshark"
       ];
     };
 
@@ -44,6 +39,11 @@ in
     environment.systemPackages = with pkgs; [
       npins
       (callPackage "${sources.agenix}/pkgs/agenix.nix" {})
+      (callPackage sources.my-vdf {})
+
+      vim-full
+      skim
+      (writeShellScriptBin "ed" (builtins.readFile ./scripts/ed))
 
       unzip
 
@@ -60,9 +60,5 @@ in
     # Age defaults to this anyway when openssh is enabled.
     # We're setting this here for workstations where openssh is disabled.
     age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-
-    # Using nix from git for --raw support in nix-instantiate --eval.
-    # FUTURE: remove once upgrading to NixOS 25.05
-    nix.package = nixGit.packages.${builtins.currentSystem}.default;
   };
 }
diff --git a/nixos/profiles/workstation/dev.nix b/nixos/profiles/workstation/dev.nix
index e550a4c..a40d574 100644
--- a/nixos/profiles/workstation/dev.nix
+++ b/nixos/profiles/workstation/dev.nix
@@ -4,16 +4,19 @@
   environment.systemPackages = with pkgs; [
     rustup
     go
+    golangci-lint
     python313
     nodejs_22
 
     # CLI tools
+    skim
     docker-compose
     gnumake
     jq
+    pkgs-unstable.jujutsu
     just
     sqlite-interactive
-    tokei
+    scc
     fastmod
     license-generator
 
@@ -22,12 +25,21 @@
     gcc # rustc fails if cc linker isn't found
     chromium
 
-    pkgs-unstable.zed-editor
+    zed-editor
     vscodium
     # I'm installing extensions via my install-imperative script.
     platformio
+
+    # language servers
+    # rust-analyzer is installed via rustup
+    nixd
   ];
 
+  programs.wireshark = {
+    enable = true;
+    package = pkgs.wireshark;
+  };
+
   virtualisation.podman = {
     enable = true;
     dockerSocket.enable = true;
diff --git a/nixos/profiles/workstation/graphical.nix b/nixos/profiles/workstation/graphical.nix
index dc05f05..9e39092 100644
--- a/nixos/profiles/workstation/graphical.nix
+++ b/nixos/profiles/workstation/graphical.nix
@@ -32,7 +32,9 @@
 
     # graphical tools
     imv
-    mpv
+    (mpv.override {
+      youtubeSupport = false; # disable yt-dlp dependency
+    })
     zathura
     # TODO: zathura doesn't adjust zoom on PDF open even though adjust-open="best-fit" is the default according to zathurarc(5)
     element-desktop
@@ -67,6 +69,7 @@
     pulse.enable = true;
   };
   security.rtkit.enable = true; # recommended for PipeWire
+  hardware.bluetooth.enable = true;
 
   programs.thunderbird = {
     enable = true;
diff --git a/nixos/profiles/workstation/scripts/ed b/nixos/profiles/workstation/scripts/ed
new file mode 100644
index 0000000..a3dd433
--- /dev/null
+++ b/nixos/profiles/workstation/scripts/ed
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+$VISUAL $(find . -not -path "*/.*" | sk --no-info "$@")