From d675fd8d005ffd35880d075792b28570e05093c0 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 25 Sep 2024 22:24:21 +0200 Subject: [PATCH 1/5] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'deploy-rs': 'github:serokell/deploy-rs/3867348fa92bc892eba5d9ddb2d7a97b9e127a8a' (2024-06-12) → 'github:serokell/deploy-rs/aa07eb05537d4cd025e2310397a6adcedfe72c76' (2024-09-27) • Updated input 'disko': 'github:nix-community/disko/435737144be0259559ca3b43f7d72252b1fdcc1b' (2024-08-22) → 'github:nix-community/disko/48ebb577855fb2398653f033b3b2208a9249203d' (2024-10-05) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/8471fe90ad337a8074e957b69ca4d0089218391d' (2024-08-01) → 'github:hercules-ci/flake-parts/3d04084d54bedc3d6b8b736c70ef449225c361b1' (2024-10-01) • Updated input 'flake-parts/nixpkgs-lib': 'https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz?narHash=sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q%3D' (2024-08-01) → 'https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz?narHash=sha256-0xHYkMkeLVQAMa7gvkddbPqpxph%2BhDzdu1XdGPJR%2BOs%3D' (2024-10-01) • Updated input 'home-manager': 'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03) → 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22) • Updated input 'nix-darwin': 'github:lnl7/nix-darwin/a8968d88e5a537b0491f68ce910749cd870bdbef' (2024-08-22) → 'github:lnl7/nix-darwin/8c8388ade72e58efdeae71b4cbb79e872c23a56b' (2024-10-03) • Updated input 'nixos-flake': 'github:srid/nixos-flake/5734c1d9a5fe0bc8e8beaf389ad6227392ca0108' (2024-07-16) → 'github:srid/nixos-flake/47a26bc9118d17500bbe0c4adb5ebc26f776cc36' (2024-10-04) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/224042e9a3039291f22f4f2ded12af95a616cca0' (2024-08-21) → 'github:nixos/nixpkgs/6e6b3dd395c3b1eb9be9f2d096383a8d05add030' (2024-10-04) • Updated input 'unstable': 'github:nixos/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62' (2024-08-21) → 'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04) --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 7d27f12..1b44a1a 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1718194053, - "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", "owner": "serokell", "repo": "deploy-rs", - "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", "type": "github" }, "original": { @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1724349583, - "narHash": "sha256-zgB1Cfk46irIsto8666yLdKjqKdBrjR48Dd3lhQ0CnQ=", + "lastModified": 1728109432, + "narHash": "sha256-wmbErh8FG7dRKOtMMpHUqDtFjeqt9Zjx4zssSeTalwU=", "owner": "nix-community", "repo": "disko", - "rev": "435737144be0259559ca3b43f7d72252b1fdcc1b", + "rev": "48ebb577855fb2398653f033b3b2208a9249203d", "type": "github" }, "original": { @@ -185,11 +185,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -241,11 +241,11 @@ ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -304,11 +304,11 @@ ] }, "locked": { - "lastModified": 1724299755, - "narHash": "sha256-P5zMA17kD9tqiqMuNXwupkM7buM3gMNtoZ1VuJTRDE4=", + "lastModified": 1727999297, + "narHash": "sha256-LTJuQPCsSItZ/8TieFeP30iY+uaLoD0mT0tAj1gLeyQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "a8968d88e5a537b0491f68ce910749cd870bdbef", + "rev": "8c8388ade72e58efdeae71b4cbb79e872c23a56b", "type": "github" }, "original": { @@ -320,11 +320,11 @@ }, "nixos-flake": { "locked": { - "lastModified": 1721140942, - "narHash": "sha256-iEqZGdnkG+Hm0jZhS59NJwEyB6z9caVnudWPGHZ/FAE=", + "lastModified": 1728073820, + "narHash": "sha256-H6DC2OCW8BKzja+1oHGTjw9EN5w+4Op9PnVjKL8EJbI=", "owner": "srid", "repo": "nixos-flake", - "rev": "5734c1d9a5fe0bc8e8beaf389ad6227392ca0108", + "rev": "47a26bc9118d17500bbe0c4adb5ebc26f776cc36", "type": "github" }, "original": { @@ -335,11 +335,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724242322, - "narHash": "sha256-HMpK7hNjhEk4z5SFg5UtxEio9OWFocHdaQzCfW1pE7w=", + "lastModified": 1728067476, + "narHash": "sha256-/uJcVXuBt+VFCPQIX+4YnYrHaubJSx4HoNsJVNRgANM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "224042e9a3039291f22f4f2ded12af95a616cca0", + "rev": "6e6b3dd395c3b1eb9be9f2d096383a8d05add030", "type": "github" }, "original": { @@ -351,14 +351,14 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1722555339, - "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", + "lastModified": 1727825735, + "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" } }, "root": { @@ -483,11 +483,11 @@ }, "unstable": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1728018373, + "narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "bc947f541ae55e999ffdb4013441347d83b00feb", "type": "github" }, "original": { -- 2.44.1 From 37f210c96f83c47f0596b564e8ce1d403e7b9231 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 26 Sep 2024 15:57:23 +0200 Subject: [PATCH 2/5] security: add libolm to permittedInsecurePackages --- modules/core/nix.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/core/nix.nix b/modules/core/nix.nix index ece11ae..8640ec7 100644 --- a/modules/core/nix.nix +++ b/modules/core/nix.nix @@ -6,7 +6,10 @@ ... }: { - nixpkgs.config = lib.mkDefault { allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ ]; }; + nixpkgs.config = lib.mkDefault { + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ ]; + permittedInsecurePackages = [ "olm-3.2.16" ]; + }; nix = { # Use default version alias for nix package -- 2.44.1 From 8600fc64c57a2cfbf6ea3c4ca69d8eb8312435f8 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 27 Sep 2024 11:56:46 +0200 Subject: [PATCH 3/5] wireguard: fix trinkgenossin IPv4 address --- hosts/blue-shell/wireguard.nix | 2 +- hosts/delite/wireguard.nix | 2 +- hosts/metronom/wireguard.nix | 2 +- hosts/nachtigall/wireguard.nix | 2 +- hosts/tankstelle/wireguard.nix | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hosts/blue-shell/wireguard.nix b/hosts/blue-shell/wireguard.nix index dd351c0..34eff77 100644 --- a/hosts/blue-shell/wireguard.nix +++ b/hosts/blue-shell/wireguard.nix @@ -30,7 +30,7 @@ in "10.7.6.5/32" "fd00:fae:fae:fae:fae:5::/96" ]; - #endpoint = "80.244.242.5:51820"; + #endpoint = "85.215.152.22:51820"; endpoint = "[2a01:239:35d:f500::1]:51820"; persistentKeepalive = 15; } diff --git a/hosts/delite/wireguard.nix b/hosts/delite/wireguard.nix index 49eedf7..9756855 100644 --- a/hosts/delite/wireguard.nix +++ b/hosts/delite/wireguard.nix @@ -30,7 +30,7 @@ in "10.7.6.5/32" "fd00:fae:fae:fae:fae:5::/96" ]; - #endpoint = "80.244.242.5:51820"; + #endpoint = "85.215.152.22:51820"; endpoint = "[2a01:239:35d:f500::1]:51820"; persistentKeepalive = 15; } diff --git a/hosts/metronom/wireguard.nix b/hosts/metronom/wireguard.nix index 4b651f8..5591d38 100644 --- a/hosts/metronom/wireguard.nix +++ b/hosts/metronom/wireguard.nix @@ -35,7 +35,7 @@ "10.7.6.5/32" "fd00:fae:fae:fae:fae:5::/96" ]; - #endpoint = "80.244.242.5:51820"; + #endpoint = "85.215.152.22:51820"; endpoint = "[2a01:239:35d:f500::1]:51820"; persistentKeepalive = 15; } diff --git a/hosts/nachtigall/wireguard.nix b/hosts/nachtigall/wireguard.nix index 936cc71..0d40a24 100644 --- a/hosts/nachtigall/wireguard.nix +++ b/hosts/nachtigall/wireguard.nix @@ -35,7 +35,7 @@ "10.7.6.5/32" "fd00:fae:fae:fae:fae:5::/96" ]; - #endpoint = "80.244.242.5:51820"; + #endpoint = "85.215.152.22:51820"; endpoint = "[2a01:239:35d:f500::1]:51820"; persistentKeepalive = 15; } diff --git a/hosts/tankstelle/wireguard.nix b/hosts/tankstelle/wireguard.nix index b74a1b2..f771ecd 100644 --- a/hosts/tankstelle/wireguard.nix +++ b/hosts/tankstelle/wireguard.nix @@ -35,7 +35,7 @@ "10.7.6.5/32" "fd00:fae:fae:fae:fae:5::/96" ]; - #endpoint = "80.244.242.5:51820"; + #endpoint = "85.215.152.22:51820"; endpoint = "[2a01:239:35d:f500::1]:51820"; persistentKeepalive = 15; } -- 2.44.1 From 8c8a757f8f1429638ec19a4b16620d88595dbbcf Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 27 Sep 2024 12:43:18 +0200 Subject: [PATCH 4/5] garage: update to 1.0.1 https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.1 --- modules/garage/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/garage/default.nix b/modules/garage/default.nix index f50d687..ac435a7 100644 --- a/modules/garage/default.nix +++ b/modules/garage/default.nix @@ -88,7 +88,7 @@ services.garage = { enable = true; - package = pkgs.garage_1_0_0; + package = pkgs.garage_1_0_1; settings = { data_dir = "/var/lib/garage/data"; metadata_dir = "/var/lib/garage/meta"; -- 2.44.1 From df2f0d4442403e9dcce4e75bcb8d013156b97259 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 5 Oct 2024 13:54:05 +0200 Subject: [PATCH 5/5] flake: refactor, bye srid Refactor flake to work without nixos-flake and use native NixOS module system. This is because of recent changes to nixos-flake, like renaming it to nixos-unified and changing the API without a changelog or guide how to update. --- flake.lock | 16 ---------- flake.nix | 2 -- hosts/default.nix | 77 +++++++++++++++++++++++++++++++++++++++-------- 3 files changed, 64 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 1b44a1a..6cf7d74 100644 --- a/flake.lock +++ b/flake.lock @@ -318,21 +318,6 @@ "type": "github" } }, - "nixos-flake": { - "locked": { - "lastModified": 1728073820, - "narHash": "sha256-H6DC2OCW8BKzja+1oHGTjw9EN5w+4Op9PnVjKL8EJbI=", - "owner": "srid", - "repo": "nixos-flake", - "rev": "47a26bc9118d17500bbe0c4adb5ebc26f776cc36", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "nixos-flake", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1728067476, @@ -373,7 +358,6 @@ "keycloak-theme-pub-solar": "keycloak-theme-pub-solar", "maunium-stickerpicker": "maunium-stickerpicker", "nix-darwin": "nix-darwin", - "nixos-flake": "nixos-flake", "nixpkgs": "nixpkgs", "simple-nixos-mailserver": "simple-nixos-mailserver", "unstable": "unstable" diff --git a/flake.nix b/flake.nix index 49fa80c..a417b49 100644 --- a/flake.nix +++ b/flake.nix @@ -11,7 +11,6 @@ home-manager.inputs.nixpkgs.follows = "nixpkgs"; flake-parts.url = "github:hercules-ci/flake-parts"; - nixos-flake.url = "github:srid/nixos-flake"; deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; @@ -51,7 +50,6 @@ ]; imports = [ - inputs.nixos-flake.flakeModule ./logins ./lib ./overlays diff --git a/hosts/default.nix b/hosts/default.nix index b3bc145..05d9258 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,9 +1,35 @@ -{ self, ... }: +{ + self, + inputs, + config, + ... +}: { flake = { - nixosConfigurations = { - nachtigall = self.nixos-flake.lib.mkLinuxSystem { + nixosModules = { + home-manager = { imports = [ + inputs.home-manager.nixosModules.home-manager + ({ + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { + flake = { + inherit self inputs config; + }; + }; + }) + ]; + }; + }; + nixosConfigurations = { + nachtigall = self.inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + flake = { + inherit self inputs config; + }; + }; + modules = [ self.inputs.agenix.nixosModules.default self.nixosModules.home-manager ./nachtigall @@ -43,8 +69,13 @@ ]; }; - metronom = self.nixos-flake.lib.mkLinuxSystem { - imports = [ + metronom = self.inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + flake = { + inherit self inputs config; + }; + }; + modules = [ self.inputs.agenix.nixosModules.default self.nixosModules.home-manager ./metronom @@ -60,8 +91,13 @@ ]; }; - tankstelle = self.nixos-flake.lib.mkLinuxSystem { - imports = [ + tankstelle = self.inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + flake = { + inherit self inputs config; + }; + }; + modules = [ self.inputs.agenix.nixosModules.default self.nixosModules.home-manager ./tankstelle @@ -73,8 +109,13 @@ ]; }; - trinkgenossin = self.nixos-flake.lib.mkLinuxSystem { - imports = [ + trinkgenossin = self.inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + flake = { + inherit self inputs config; + }; + }; + modules = [ self.inputs.agenix.nixosModules.default self.nixosModules.home-manager ./trinkgenossin @@ -94,8 +135,13 @@ ]; }; - delite = self.nixos-flake.lib.mkLinuxSystem { - imports = [ + delite = self.inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + flake = { + inherit self inputs config; + }; + }; + modules = [ self.inputs.agenix.nixosModules.default self.inputs.disko.nixosModules.disko self.nixosModules.home-manager @@ -111,8 +157,13 @@ ]; }; - blue-shell = self.nixos-flake.lib.mkLinuxSystem { - imports = [ + blue-shell = self.inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + flake = { + inherit self inputs config; + }; + }; + modules = [ self.inputs.agenix.nixosModules.default self.inputs.disko.nixosModules.disko self.nixosModules.home-manager -- 2.44.1