fix(darwin): resolve nodejs-related build issues

common/system/default.nix

@@ -3,25 +3,35 @@
   pkgs,
   ...
 }: {
-  nix.gc = {
+  nix = {
-    automatic = true;
+    gc = {
-    options = "--delete-older-than 30d";
+      automatic = true;
+      options = "--delete-older-than 30d";
+    };
+    optimise.automatic = true;
+    settings = {
+      extra-experimental-features = [
+        "flakes"
+        "nix-command"
+      ];
+      keep-outputs = true;
+      log-lines = 25;
+      tarball-ttl = 43200;
+      trusted-users = [
+        "root"
+        config.my.user
+      ];
+    };
+    package = pkgs.nix;
   };
-  nix.optimise.automatic = true;
+
-  nix.settings = {
+  environment.systemPackages = with pkgs; [
-    extra-experimental-features = [
+    unstable.nh
-      "flakes"
+  ];
-      "nix-command"
+
-    ];
+  # TODO: make sure hostnames always match flake output name
-    keep-outputs = true;
+  environment.variables."NH_FLAKE" = ''${config.hm.home.homeDirectory}/Projects/nix-dots'';
-    log-lines = 25;
+
-    tarball-ttl = 43200;
-    trusted-users = [
-      "root"
-      config.my.user
-    ];
-  };
-  nix.package = pkgs.nix;
   programs.zsh.enable = true;
   time.timeZone = "America/New_York";
 }

darwin/sketchybar/default.nix

@@ -16,7 +16,7 @@ in {
     hm.my.sketchybar.enable = true;
 
     fonts.packages = with pkgs; [
-      sketchybar-app-font
+      unstable.sketchybar-app-font
     ];
   };
 }

flakes/darwin.nix

@@ -30,7 +30,7 @@
     );
 in {
   flake.darwinConfigurations = {
-    mac = mkDarwin {
+    neptune = mkDarwin {
       modules = [
         {
           hm = import ../user/environments/mac/home.nix;

machines/nova/configuration.nix

@@ -51,12 +51,6 @@
 
   programs.zsh.enable = true;
 
-  my.server = {
-    domain = "thomasfmly.org";
-    firewallInterface = "enp1s0";
-  };
-
-  my.services.keycloak.enable = true;
   my.services.mealie.enable = true;
   my.services.nextcloud.enable = true;
 

modules/services/mealie/default.nix

@@ -31,13 +31,12 @@ in {
 
         # OIDC
         OIDC_AUTH_ENABLED = true;
-        OIDC_CONFIGURATION_URL = "https://auth.thomasfmly.org/realms/gringotts/.well-known/openid-configuration";
+        OIDC_CONFIGURATION_URL = "https://authentik.thomasfmly.org/application/o/mealie/.well-known/openid-configuration";
-        OIDC_CLIENT_ID = "mealie";
+        OIDC_CLIENT_ID = "FLFfJCP0nWsxGfHpAf26XfoqMaIoUuaVdODJLW28";
-        OIDC_CLIENT_SECRET = "cBh876vWKoMgJSWLVJkVv6kPvUoNkvxD";
+        OIDC_CLIENT_SECRET = "YSEfBhGQUmzAKnrAEi9413NM4m8juF8u7e8zOLzfCA1JXZdRsgj8WWXTKLqEeGhCiQsVvD1iX52sFcWqOWo2r7tpolpUUVymj8O4kfMWampO1Nn65K2aPFtuXu3soUwB";
-        OIDC_GROUPS_CLAIM = "roles";
+        OIDC_ADMIN_GROUP = "Administrators";
-        OIDC_ADMIN_GROUP = "admin";
         OIDC_AUTO_REDIRECT = true;
-        OIDC_PROVIDER_NAME = "Keycloak";
+        OIDC_PROVIDER_NAME = "Authentik";
       };
     };
 

nixos/keycloak/default.nix

@@ -1,53 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-with lib; let
-  cfg = config.my.services.keycloak;
-  inherit (config.my.server) domain firewallInterface;
-  keycloakDomain = "auth.${domain}";
-  keycloakUrl = "https://${keycloakDomain}";
-in {
-  options.my.services.keycloak = {
-    enable = mkEnableOption "Keycloak";
-    proxy = mkEnableOption "Keycloak reverse proxy entry";
-    port = mkOption {
-      type = types.port;
-      default = 7654;
-      example = 8080;
-      description = "HTTP port for the Keycloak service.";
-    };
-  };
-
-  config = mkMerge [
-    (mkIf cfg.enable {
-      age.secrets.keycloakDb.file = ../../secrets/keycloak-db.age;
-      services.keycloak = {
-        enable = true;
-        package = pkgs.keycloak;
-        settings = {
-          hostname = keycloakUrl;
-          hostname-admin = keycloakUrl;
-          hostname-strict = false;
-          hostname-strict-https = false;
-          proxy-headers = "xforwarded";
-          http-enabled = true;
-          http-port = cfg.port;
-        };
-        database.passwordFile = config.age.secrets.keycloakDb.path;
-        themes = with pkgs; {
-          keywind = keycloak-theme-keywind;
-        };
-      };
-
-      networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port];
-    })
-    (mkIf cfg.proxy {
-      services.caddy.virtualHosts."${keycloakDomain}".extraConfig = ''
-        reverse_proxy http://${proxyIP}:${toString cfg.port}
-      '';
-    })
-  ];
-}

overlays/default.nix

@@ -1,7 +1,4 @@
 {inputs, ...}: {
-  rust-overlay = inputs.rust-overlay.overlays.default;
-  vscode-extensions = inputs.nix-vscode-extensions.overlays.default;
-
   # This one brings our custom packages from the 'pkgs' directory
   additions = final: prev:
     {
@@ -17,13 +14,18 @@
   # This one contains whatever you want to overlay
   # You can change versions, add patches, set compilation flags, anything really.
   # https://nixos.wiki/wiki/Overlays
-  modifications = final: prev:
+  modifications = final: prev: {
-    if prev.stdenv.isDarwin
+    # address build failure on darwin, remove after 25.05
-    then {
+    nodejs_20-slim = prev.nodejs-slim_22;
-      # avoid build failure on darwin
+    nodejs_20 = prev.nodejs_22;
-      inherit (final.unstable) ghostscript;
+    nodejs-slim = prev.nodejs-slim_22;
-    }
+    nodejs = prev.nodejs_22;
-    else {};
+  };
+
+  # External overlays
+  # Included after the above to ensure modifications are applied
+  rust-overlay = inputs.rust-overlay.overlays.default;
+  vscode-extensions = inputs.nix-vscode-extensions.overlays.default;
 
   # When applied, the unstable nixpkgs set (declared in the flake inputs) will
   # be accessible through 'pkgs.unstable'

pkgs/nvim/default.nix

@@ -8,7 +8,7 @@
   icons = import ./config/icons.nix;
   pkgsMaster = inputs.master.legacyPackages.${system};
   nixvimModule = {
-    pkgs = inputs.nixpkgs.legacyPackages.${system};
+    inherit pkgs;
     module = import ./config;
     extraSpecialArgs = {inherit icons pkgsMaster;};
   };

user/modules/git.nix

@@ -17,7 +17,7 @@
     userName = "Michael Thomas";
     extraConfig = {
       credential.helper = lib.mkDefault "store";
-      pull.rebase = "true";
+      pull.rebase = "false";
       init.defaultBranch = "main";
     };
   };