Update nixpkgs 2025-11-18-02-03

flake.lock

@@ -666,11 +666,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1763421233,
+        "lastModified": 1763283776,
-        "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
+        "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
+        "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a",
         "type": "github"
       },
       "original": {

hosts/carbon/ppp-ncfttb.nix

@@ -60,10 +60,4 @@
     ip46tables -t mangle -A forward-mangle -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
   '';
 
-  networking.firewall.extraCommands = ''
-    # Reject all IPv4 traffic that tries to enter and leave the PPP tunnel
-    iptables -I INPUT -i ppp-ncfttb -j DROP
-    iptables -I OUTPUT -o ppp-ncfttb -j DROP
-  '';
-
 }

hosts/krypton/android.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+
+  services.udev.packages = [
+    pkgs.android-udev-rules
+  ];
+
+}

hosts/krypton/configuration.nix

@@ -5,6 +5,7 @@
     [
       ./hardware-configuration.nix
 
+      ./android.nix
       ./backup.nix
       ./etesync-dav.nix
       #./initrd.nix

pkgs/ds-lite-dhcpcd-hook/ds-lite-dhcpcd-hook.sh

@@ -83,7 +83,7 @@ if TUNNEL_INTERFACE_CONFIG="$(ip --json link show "${TUNNEL_INTERFACE_NAME}")";
 	if [[ "${TUNNEL_INTERFACE_ORIGIN_ADDRESS}" != "${WAN_INTERFACE_ADDRESS}" || "${TUNNEL_INTERFACE_REMOTE_ADDRESS}" != "${AFTR_ADDRESS}" || "${TUNNEL_INTERFACE_OPERSTATE}" != "UNKNOWN" ]]; then
 		log_tunnel "Bad configuration, fixing tunnel parameter"
 
-		ip tunnel change "${TUNNEL_INTERFACE_NAME}" mode ipip6 local "${WAN_INTERFACE_ADDRESS}" remote "${AFTR_ADDRESS}" encaplimit none
+		ip tunnel change "${TUNNEL_INTERFACE_NAME}" mode ipip6 local "${WAN_INTERFACE_ADDRESS}" remote "${AFTR_ADDRESS}"
 		ip link set "$TUNNEL_INTERFACE_NAME" up
 	else
 		log_tunnel "Tunnel already configured"
@@ -91,7 +91,7 @@ if TUNNEL_INTERFACE_CONFIG="$(ip --json link show "${TUNNEL_INTERFACE_NAME}")";
 else
 	log_tunnel "Setting up DS-Lite tunnel"
 
-	ip tunnel add "${TUNNEL_INTERFACE_NAME}" mode ipip6 local "${WAN_INTERFACE_ADDRESS}" remote "${AFTR_ADDRESS}" encaplimit none
+	ip tunnel add "${TUNNEL_INTERFACE_NAME}" mode ipip6 local "${WAN_INTERFACE_ADDRESS}" remote "${AFTR_ADDRESS}"
 	ip link set "$TUNNEL_INTERFACE_NAME" up
 fi
 

profiles/desktop/fonts.nix

@@ -11,7 +11,7 @@ with lib;
       roboto
       roboto-mono
       noto-fonts
-      noto-fonts-color-emoji
+      noto-fonts-emoji
       comfortaa
     ] ++ (if pkgs ? "noto-fonts-cjk-sans" then [ pkgs.noto-fonts-cjk-sans ] else [ pkgs.noto-fonts-cjk ]);
 

profiles/desktop/power.nix

@@ -8,7 +8,7 @@ with lib;
 
     boot.resumeDevice = lib.optionalString ((lib.length config.swapDevices) > 0) (lib.head config.swapDevices).device;
     services.logind = {
-      settings.Login.HandleLidSwitch = "suspend-then-hibernate";
+      lidSwitch = "suspend-then-hibernate";
     };
     systemd.sleep.extraConfig = ''
       HibernateDelaySec=30m

profiles/firefox/default.nix

@@ -12,6 +12,8 @@ with lib;
 
     programs.firefox.enable = true;
 
+    programs.firefox.package = pkgs.firefox-wayland;
+
     programs.firefox.policies = {
       AutofillAddressEnabled = false;
       AutofillCreditCardEnabled = false;

profiles/router/default.nix

@@ -11,10 +11,8 @@ with lib;
   config = mkIf config.profiles.clerie.router.enable {
 
     environment.systemPackages = with pkgs; [
-      conntrack-tools
-      iptstate # show conntrack table
-      tcpdump
       wireguard-tools
+      tcpdump
     ];
   
     boot.kernel.sysctl = {