youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: System updates and config tweaks

Browse source 
Updated all flake inputs and applied srveral improvements to the
system configurations.

*** Updates
- Ran =flake update= to bring all dependencies to their latest
  versions.
- Pinned =lix-module= to the stable =release-2.93= branch to
  prevent breakages from its main branch.

*** System Configuration
- ssh: Reworked the client configuration to use a global =*= match
  block for secure defaults. Disabled the default home-manager
  config for removing nixpkgs' wrannings.
- intel-vaapi-driver: Enabled =enableHybridCodec= override to avoid
  to build whole package from scratch.
- kde: Forced the Qt platform theme to =kde= to fix a visual bug
  with Stylix.
- onnxruntime: Disabled CUDA/NCCL support to avoid to build the
  whole package from scratch.

*** Application Changes
- firefox: Switched the default browser package to =firefox-beta=
  across the entire configuration (NixOS, home-manager, and niri).
- editor: Removed =hurl= and =cmake-language-server= from the
  editor runtime environment for broken packages.
This commit is contained in:
ulic-youthlic 2025-08-29 11:02:55 +08:00
parent dca4a1c944
commit d6380773b3
Signed by: youthlic
GPG key ID: 63E86C3C14A0D721
10 changed files with 115 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

14
home/david/modules/programs/openssh.nix
View file

@ -17,14 +17,26 @@ in
(lib.mkIf cfg.enable {
programs.ssh = {
enable = true;
hashKnownHosts = true;
extraOptionOverrides = {
HostKeyAlgorithms = "ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
KexAlgorithms = "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256";
MACs = "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com";
Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
};
enableDefaultConfig = false;
matchBlocks = {
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
"github.com" = {
hostname = "ssh.github.com";
port = 443;