From 4cc18ec445338b15c02f0fa9e25374ce1b713651 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 3 Feb 2026 10:02:22 -0600 Subject: [PATCH 1/8] oscar: Remove NIXOS_OZONE_WL, now unneeded Per the Wiki, this has been unnecessary since 25.05, when Chromium and Electron started defaulting to Wayland-native on Wayland systems: https://wiki.nixos.org/wiki/Wayland#Electron_and_Chromium --- oscar/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index e0d8a4f..27354e7 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -98,7 +98,6 @@ }; environment.sessionVariables = { - NIXOS_OZONE_WL = "1"; BUILDKIT_PROGRESS = "plain"; }; From 4f529eb2f6793bcacce0ac512d36b17d00f50043 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 3 Feb 2026 10:12:00 -0600 Subject: [PATCH 2/8] sam: Add azcli bastion and ssh extensions I needed this for troubleshooting some bastion performance issues for Jacob. --- sam/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sam/configuration.nix b/sam/configuration.nix index 91b184d..85523d7 100644 --- a/sam/configuration.nix +++ b/sam/configuration.nix @@ -93,13 +93,13 @@ (azure-cli.withExtensions [ # azure-cli.extensions.automation azure-cli.extensions.azure-devops - # azure-cli.extensions.bastion + azure-cli.extensions.bastion # azure-cli.extensions.fleet # azure-cli.extensions.interactive # azure-cli.extensions.log-analytics azure-cli.extensions.resource-graph # azure-cli.extensions.serial-console - # azure-cli.extensions.ssh + azure-cli.extensions.ssh ]) iperf units From fdc7e241def89939b9accba846d8f73dd8eddcb4 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 3 Feb 2026 10:13:31 -0600 Subject: [PATCH 3/8] sam: Use home-manager first-class option to install Go --- sam/configuration.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sam/configuration.nix b/sam/configuration.nix index 85523d7..9d90a25 100644 --- a/sam/configuration.nix +++ b/sam/configuration.nix @@ -131,7 +131,6 @@ clang - go go-tools gopls @@ -142,6 +141,11 @@ historyControl = [ "ignoredups" "ignorespace" ]; }; + programs.go = { + enable = true; + env.GOPATH = [ "/home/chandler/.local/share/go" ]; + }; + programs.direnv = { enable = true; enableBashIntegration = true; From a0a3e0f7202821f9606dede8c69e84539bc42f22 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Fri, 6 Feb 2026 17:04:08 -0600 Subject: [PATCH 4/8] sam: Add kubectl completion and "k" alias --- sam/configuration.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sam/configuration.nix b/sam/configuration.nix index 9d90a25..c9959a5 100644 --- a/sam/configuration.nix +++ b/sam/configuration.nix @@ -139,6 +139,12 @@ programs.bash = { enable = true; historyControl = [ "ignoredups" "ignorespace" ]; + initExtra = '' + # https://kubernetes.io/docs/reference/kubectl/quick-reference/#bash + source <(kubectl completion bash) + alias k=kubectl + complete -o default -F __start_kubectl k + ''; }; programs.go = { From 052854db38ea367045bac4596124cba4d1c3205d Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 10 Feb 2026 10:28:50 -0600 Subject: [PATCH 5/8] sam: Echo command/context on `k` --- sam/configuration.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sam/configuration.nix b/sam/configuration.nix index c9959a5..de3e7ac 100644 --- a/sam/configuration.nix +++ b/sam/configuration.nix @@ -142,7 +142,16 @@ initExtra = '' # https://kubernetes.io/docs/reference/kubectl/quick-reference/#bash source <(kubectl completion bash) - alias k=kubectl + k() { + if [[ -t 1 ]]; then # stdout is a terminal + tput dim # Konsole's default theme requires some adjustment + printf "$ kubectl --context %q" "$(kubectl config current-context 2>/dev/null)" + printf " %q" "$@" + echo + tput sgr0 + fi + kubectl "$@" + } complete -o default -F __start_kubectl k ''; }; From b765bb1a97fde149f4c7db9d1db070ab71553fce Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 10 Feb 2026 10:30:04 -0600 Subject: [PATCH 6/8] Update addKeysToAgent key evaluation warning: chandler profile: The option `programs.ssh.addKeysToAgent' defined in `/home/chandler/projects/machine-config/sam/configuration.nix' has been renamed to `programs.ssh.matchBlocks.*.addKeysToAgent'. --- oscar/configuration.nix | 2 +- sam/configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 27354e7..12626de 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -286,7 +286,7 @@ programs.ssh = { enable = true; - addKeysToAgent = "yes"; + matchBlocks."*".addKeysToAgent = "yes"; matchBlocks = { bert = { user = "root"; diff --git a/sam/configuration.nix b/sam/configuration.nix index de3e7ac..2d9183c 100644 --- a/sam/configuration.nix +++ b/sam/configuration.nix @@ -221,7 +221,7 @@ programs.ssh = { enable = true; - addKeysToAgent = "yes"; + matchBlocks."*".addKeysToAgent = "yes"; includes = [ "config.d/*" ]; From 0f38e26d7f87f5be84335322bf783a3730b72189 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Tue, 10 Feb 2026 10:37:54 -0600 Subject: [PATCH 7/8] Update git settings to match renamed upstream vars evaluation warning: chandler profile: The option `programs.git.userName' defined in `/home/chandler/projects/machine-config/sam/configuration.nix' has been renamed to `programs.git.settings.user.name'. evaluation warning: chandler profile: The option `programs.git.extraConfig' defined in `/home/chandler/projects/machine-config/sam/configuration.nix' has been renamed to `programs.git.settings'. --- oscar/configuration.nix | 6 +++--- sam/configuration.nix | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 12626de..76dcc84 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -247,11 +247,11 @@ programs.git = { enable = true; - userEmail = "chandler@chandlerswift.com"; - userName = "Chandler Swift"; lfs.enable = true; # TODO: delta or diff-so-fancy or difftastic - extraConfig = { + settings = { + user.name = "Chandler Swift; + user.email = "chandler@chandlerswift.com"; init.defaultBranch = "main"; pull.ff = "only"; #init.templatedir = "~/.git-template"; # unsure what this was intended to do -- default hooks, maybe? diff --git a/sam/configuration.nix b/sam/configuration.nix index 2d9183c..9a5069e 100644 --- a/sam/configuration.nix +++ b/sam/configuration.nix @@ -169,10 +169,10 @@ programs.git = { enable = true; - userName = "Chandler Swift"; lfs.enable = true; # TODO: delta or diff-so-fancy or difftastic - extraConfig = { + settings = { + user.name = "Chandler Swift"; help.autoCorrect = "prompt"; init.defaultBranch = "main"; diff.wsErrorHighlight = "all"; From 7ffe208af9cf4a800170fee8fe85835161ebb120 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Wed, 11 Feb 2026 09:29:19 -0600 Subject: [PATCH 8/8] sam: Squelch post-quantum warn on Azure Devops SSH Connecting to ADO gives this warning: ** WARNING: connection is not using a post-quantum key exchange algorithm. ** This session may be vulnerable to "store now, decrypt later" attacks. ** The server may need to be upgraded. See https://openssh.com/pq.html ADO doesn't support any flavor of keys besides RSA. There are several issues open about this on their feedback site, and it's been radio silence: https://developercommunity.visualstudio.com/t/support-non-rsa-keys-for-ssh-authentication/365980 https://developercommunity.visualstudio.com/t/11032779 And Microsoft has nothing to say besides vague "we've routed your feedback to the appropriate product team". There's more information on the warning at OpenSSH's docs page: https://www.openssh.org/pq.html --- sam/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/sam/configuration.nix b/sam/configuration.nix index 9a5069e..45b1bbe 100644 --- a/sam/configuration.nix +++ b/sam/configuration.nix @@ -222,6 +222,7 @@ programs.ssh = { enable = true; matchBlocks."*".addKeysToAgent = "yes"; + matchBlocks."ssh.dev.azure.com".extraOptions.WarnWeakCrypto = "no-pq-kex"; includes = [ "config.d/*" ];