Qutebrowser fix, attic setup, beacon usb live setup

_machines/beacon.nix

@@ -0,0 +1,14 @@
+{
+  config,
+  inputs,
+  ...
+}: {
+  config.flake.nixosConfigurations.beacon = inputs.nixpkgs.lib.nixosSystem {
+    specialArgs = {
+      inherit inputs;
+      outputs = config.flake;
+      suiteModules = config.flake.modules;
+    };
+    modules = [../nixos/configuration-beacon.nix];
+  };
+}

features/attic/default.nix

@@ -0,0 +1,33 @@
+{...}: {
+  config.flake.modules.nixos.attic = {
+    lib,
+    config,
+    pkgs,
+    ...
+  }: {
+    options.azos.attic.enable = lib.mkOption {
+      default = false;
+      example = true;
+      type = lib.types.bool;
+    };
+
+    config = lib.mkIf config.azos.attic.enable {
+      environment.systemPackages = [pkgs.attic-client];
+
+      nix.settings = {
+        extra-substituters = ["https://attic.zakobar.com/main"];
+        extra-trusted-public-keys = ["main:9SZt/6plBU7jjQzz90J7O011I13hmJvOMYouxNqExNQ="];
+        netrc-file = "/etc/nix/attic-netrc";
+      };
+
+      environment.etc."nix/attic-netrc" = {
+        mode = "0600";
+        text = ''
+          machine attic.zakobar.com
+          login token
+          password eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjIwOTU3MDk0NDEsIm5iZiI6MTc4MDEzMzQ0MSwic3ViIjoibml4b3MtY2xpZW50IiwiaHR0cHM6Ly9qd3QuYXR0aWMucnMvdjEiOnsiY2FjaGVzIjp7IioiOnsiciI6MX19fX0.lqT_m2otoJQtA_AeJu62NT87u8cMWxgN-JhqtEtZ88s
+        '';
+      };
+    };
+  };
+}

features/qutebrowser/config.py

@@ -43,7 +43,7 @@ c.downloads.location.prompt = False
 c.editor.command = ['emacsclient', '-e', '(find-file "{}")']
 
 monospace = "10pt 'DejaVu Sans Mono'"
-c.fonts.completion.category = f"bold{monospace}"
+c.fonts.completion.category = f"bold {monospace}"
 c.fonts.completion.entry = monospace
 c.fonts.debug_console = monospace
 c.fonts.downloads = monospace

flake.lock

@@ -139,11 +139,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1779627636,
+        "lastModified": 1779969295,
-        "narHash": "sha256-J6JGf42zNzLo/CrRdKb5dNznpLI+eGxN/5KTLG1Mo5s=",
+        "narHash": "sha256-HwIJ3tOcwSMiV75L7KqJXciXR9UfT+d7rwOZMX7cTnA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "044c30c19550c0557997dece4ce9e54d2fa77ba1",
+        "rev": "61e2c9659324181e0f0ed911958c536333b1d4f6",
         "type": "github"
       },
       "original": {
@@ -203,11 +203,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1779258371,
+        "lastModified": 1779826373,
-        "narHash": "sha256-j1iZsLy6oFApqR1oiDmHhvkwxXqcNi0aoSJj643LuwU=",
+        "narHash": "sha256-3sRzgLX86qV5NlhWUAufLmHwkyP03tmL3VdZIM13dEo=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "c97bc4d15bd3473dd095e8e8ba57330ab1943a77",
+        "rev": "ef4efb84766a166c906bd55759574676bf91267c",
         "type": "github"
       },
       "original": {
@@ -263,11 +263,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1779508470,
+        "lastModified": 1779560665,
-        "narHash": "sha256-Ap9KJX+5xHIn3bPIpfNgT6MEXdAECECwo4/rmlQD74M=",
+        "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "29916453413845e54a65b8a1cf996842300cd299",
+        "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
         "type": "github"
       },
       "original": {
@@ -311,11 +311,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1779536132,
+        "lastModified": 1779877693,
-        "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=",
+        "narHash": "sha256-NOF9NAREhxr50bbBfVcVOq+ArCMSoe8dP79Pk2uyARk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456",
+        "rev": "4100e830e085863741bc69b156ec4ccd53ab5be0",
         "type": "github"
       },
       "original": {

flake.nix

@@ -2,6 +2,8 @@
   description = "Aner's NIX config for his systems!";
 
   inputs = {
+    self.submodules = true;
+
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
 
@@ -31,6 +33,7 @@
         (inputs.import-tree ./features)
         ./_machines/lauretta.nix
         ./_machines/vm.nix
+        ./_machines/beacon.nix
       ];
 
       systems = [

nixos/configuration-beacon.nix

@@ -0,0 +1,145 @@
+{
+  lib,
+  config,
+  pkgs,
+  modulesPath,
+  suiteModules,
+  ...
+}: {
+  imports = [
+    "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
+    suiteModules.nixos.attic
+  ];
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.cudaSupport = true;
+
+  nix.settings = {
+    experimental-features = "nix-command flakes";
+    auto-optimise-store = true;
+    substituters = [
+      "https://cache.nixos.org"
+      "https://cuda-maintainers.cachix.org"
+    ];
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
+    ];
+  };
+
+  networking.hostName = "beacon";
+  time.timeZone = "Asia/Jerusalem";
+
+  # NetworkManager is enabled by installation-cd-minimal; configure WiFi + static IP
+  # via a keyfile so it activates automatically on boot.
+  networking.useDHCP = false;
+  environment.etc."NetworkManager/system-connections/Zakobar.nmconnection" = {
+    mode = "0600";
+    text = ''
+      [connection]
+      id=Zakobar
+      type=wifi
+      autoconnect=true
+
+      [wifi]
+      mode=infrastructure
+      ssid=Zakobar
+
+      [wifi-security]
+      auth-alg=open
+      key-mgmt=wpa-psk
+      psk=0502711157
+
+      [ipv4]
+      method=manual
+      address1=192.168.1.200/24,192.168.1.1
+      dns=8.8.8.8;1.1.1.1;
+      ignore-auto-dns=true
+
+      [ipv6]
+      method=disabled
+    '';
+  };
+
+  # Storage drive (ext4, label "storage") provides persistent nix store and data dir.
+  # Prerequisites — run once on the storage drive before first boot:
+  #   mkfs.ext4 -L storage /dev/sdX
+  #   mount /dev/sdX /mnt/storage
+  #   mkdir -p /mnt/storage/nix-rw/store /mnt/storage/nix-rw/work /mnt/storage/data
+  #   umount /mnt/storage
+  # The drive is required to boot; boot halts if it is not plugged in.
+  fileSystems."/mnt/storage" = {
+    device = "/dev/disk/by-label/storage";
+    fsType = "ext4";
+    neededForBoot = true;
+    options = ["noatime"];
+  };
+
+  # Redirect the live CD's tmpfs rw-store to the storage drive so nix store
+  # writes survive across boots and don't consume RAM.
+  fileSystems."/nix/.rw-store" = lib.mkForce {
+    device = "/mnt/storage/nix-rw";
+    fsType = "none";
+    options = ["bind"];
+    depends = ["/mnt/storage"];
+    neededForBoot = true;
+  };
+
+  fileSystems."/data" = {
+    device = "/mnt/storage/data";
+    fsType = "none";
+    options = ["bind"];
+    depends = ["/mnt/storage"];
+  };
+
+  swapDevices = [
+    {
+      device = "/mnt/storage/swapfile";
+      size = 16384;
+    }
+  ];
+
+  # Ensure ext4 is available in initrd for the storage drive
+  boot.initrd.kernelModules = ["ext4"];
+
+  # NVIDIA RTX 4050 — Ada Lovelace supports open kernel modules
+  services.xserver.videoDrivers = ["nvidia"];
+  hardware.nvidia = {
+    open = true;
+    modesetting.enable = true;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+  hardware.graphics.enable = true;
+
+  services.getty.autologinUser = lib.mkForce "aner";
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+  };
+
+  users.users.aner = {
+    isNormalUser = true;
+    extraGroups = ["wheel" "video"];
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfzDDO5juINctECmWlsYtGghEiX/RnTJ1cazLvOWSrPfsTyEd+B1+Ig8kFefNryjkpApfRXqj5KtLPNlpLfdVBrOIfhIveEp2MGqhgOGZFNVxQyXnZgii8Zdh4cqZ2O3pZpMsaAQBaJ9nH6dK0dJjicWT5f6TqwrVcInywRc5SuyizoSxoFmg7ch2rnlVi0j5XMVqdh8XLzHXZ7yWCzXy7+hWl/d7pwpyuzoK8dBw2EU9TauhgRDruom5Q9vWJTLStALC9pAIb0v9UFj9y+1zwx7pXsXp5F1g73EYrE4QR+QQ6z2LebuK280W0t+VA/fSCEB13DnkmofgqZQxX5MSCmrxZ5lTFp1FjW6yJo7As9FheF/GECowYkMRIx4IiQsjjHjZqlLRpLas11yAp6tGoZnw59hFo6Lu0Kva39jGVVmioYHtAeE5rD5w+v5kseJR4jlQ8aKB5yOjYUQOIz2AHQyoidgaeR2jPWqZUeRQbACI+/p3CHO45r3hrjATtGloBg0xF95Qws7Be3mjHVhbBLOoob8MdZ8nYAGnhlWrZphlkvXsHC6OUkuDJW00tmMjWXRlFwhFJ+nqUQCgLVjxVHQJ5rq9GeXBUuNXAeCm5BKBsdq+9qqVlt7D9iGyfr0lcZ7peKz/96KwPCWpG2En1Ur0/cVcbWnXEfG/xWO10tQ== openpgp:0xFA67FAB0"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    rsync
+    tmux
+    vim
+    cudaPackages.cudatoolkit
+    python3
+  ];
+
+  azos.attic.enable = true;
+
+  system.stateVersion = "25.11";
+}

nixos/configuration.nix

@@ -19,6 +19,7 @@
     suiteModules.nixos.steam
     suiteModules.nixos.virtualization
     suiteModules.nixos.binfmt
+    suiteModules.nixos.attic
   ];
 
   boot.loader.systemd-boot.enable = true;
@@ -80,6 +81,7 @@
   };
 
   azos.suites.exwm.enable = true;
+  azos.attic.enable = true;
 
   home-manager = {
     extraSpecialArgs = {inherit inputs outputs suiteModules pkgs;};

shells/defaultShell.nix

@@ -11,5 +11,8 @@ pkgs.mkShell {
     (pkgs.writeShellScriptBin
       "azos-update"
       "nix flake update --flake '.?submodules=1'")
+    (pkgs.writeShellScriptBin
+      "azos-beacon-build-image"
+      "nix build '.?submodules=1#nixosConfigurations.beacon.config.system.build.isoImage'")
   ];
 }