initial work for 23.05

in theory this might be ready to deploy. Potential hazards & things to
know when actually doing so:

 1. the mysql version used by mattermost was updated (the old uses an
    openssl which is marked insecure). Might have to migrate a database
 2. lots of settings now use RFC 42-style settings, which might contain
    new typos
 3. this updates uffd (& changes the patches we apply). Since version
    dependencies of uffd are basically "whatever debian has" we have
    never bothered to match them, but afaik have also never updated uffd
    since the initial deploy some years ago. No guarantee it still
    works.
 4. tracktrain depends on haskellPackages.conferer-warp, which is
    currently marked broken. There is no reason for this (it builds
    fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1.
    cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a
    merge of haskell-updates into 23.05
This commit is contained in:
stuebinm 2023-06-06 02:04:11 +02:00
parent 74654f2fc0
commit 72ca5b2888
8 changed files with 312 additions and 155 deletions

View file

@ -27,13 +27,16 @@
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = lib.mkDefault [ 62954 ]; ports = lib.mkDefault [ 62954 ];
passwordAuthentication = false; settings = {
kbdInteractiveAuthentication = false; X11Forwarding = true;
permitRootLogin = lib.mkDefault "prohibit-password"; PermitRootLogin = "prohibit-password";
extraConfig = "StreamLocalBindUnlink yes"; PasswordAuthentication = false;
forwardX11 = true; KbdInteractiveAuthentication = false;
StreamLocalBindUnlink = true;
};
}; };
programs.mosh.enable = true; programs.mosh.enable = true;
programs.fish.enable = true;
security.sudo.wheelNeedsPassword = lib.mkDefault false; security.sudo.wheelNeedsPassword = lib.mkDefault false;
i18n.defaultLocale = "en_IE.UTF-8"; i18n.defaultLocale = "en_IE.UTF-8";

View file

@ -1,5 +1,27 @@
{ {
"nodes": { "nodes": {
"apple-silicon": {
"inputs": {
"nixpkgs": [
"nix-hexchen",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1683434835,
"narHash": "sha256-idBmY6LKkB5hTcTFroUi1oQdCK1/fDfJA+qNaivl1Wk=",
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"rev": "ef6f0de57ef175e0de8c7e846a95481ac6f4ce58",
"type": "github"
},
"original": {
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"type": "github"
}
},
"blobs": { "blobs": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -27,11 +49,11 @@
"stable": "stable" "stable": "stable"
}, },
"locked": { "locked": {
"lastModified": 1675730932, "lastModified": 1682737380,
"narHash": "sha256-XcmirehPIcZGS7PzkS3WvAYQ9GBlBvCxYToIOIV2PVE=", "narHash": "sha256-n3rZkHZls9BNr35o3veK00UsM1KSh/oNTJjLkFbEOY8=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "colmena", "repo": "colmena",
"rev": "e034c15825c439131e4489de5a82cf8e5398fa61", "rev": "be837ee341b6508c355035973d5f7c7e88d7c64f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -43,7 +65,6 @@
}, },
"cyberchaos": { "cyberchaos": {
"inputs": { "inputs": {
"digital-nftables": "digital-nftables",
"digital-secretFiles": "digital-secretFiles", "digital-secretFiles": "digital-secretFiles",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
@ -53,17 +74,16 @@
}, },
"locked": { "locked": {
"host": "cyberchaos.dev", "host": "cyberchaos.dev",
"lastModified": 1675679997, "lastModified": 1685564432,
"narHash": "sha256-Gr+YTufBFFdkA5LHX7h9FGLXp1rl99GH59VNst9rTSg=", "narHash": "sha256-k45MLYwvvNTQJTj8gbK+cM3vqkEbe7QL2ZIw4mwYGKw=",
"owner": "cyberchaoscreatures", "owner": "cyberchaoscreatures",
"repo": "nixlib", "repo": "nixlib",
"rev": "d27cf5ebde98528054adeec64cc757f59e6ce006", "rev": "dddb5e37038d49fffc5daae096d8bcfc4efe1ab8",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"host": "cyberchaos.dev", "host": "cyberchaos.dev",
"owner": "cyberchaoscreatures", "owner": "cyberchaoscreatures",
"ref": "update-akkoma",
"repo": "nixlib", "repo": "nixlib",
"type": "gitlab" "type": "gitlab"
} }
@ -77,11 +97,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1674127017, "lastModified": 1685948350,
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=", "narHash": "sha256-1FldJ059so0X/rScdbIiOlQbjjSNCCTdj2cUr5pHU4A=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77", "rev": "65211db63ba1199f09b4c9f27e5eba5ec50d76ac",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -90,31 +110,14 @@
"type": "github" "type": "github"
} }
}, },
"digital-nftables": {
"flake": false,
"locked": {
"lastModified": 1666650247,
"narHash": "sha256-qMeq9JD9B1Ay2KHn8+VX5ESO9nOduo3yFLS5bqzcnLw=",
"owner": "~digital",
"repo": "digital-nixfiles",
"rev": "937355ebc323c4b6db253ac7ac165e30ce6958a0",
"type": "sourcehut"
},
"original": {
"owner": "~digital",
"ref": "testing",
"repo": "digital-nixfiles",
"type": "sourcehut"
}
},
"digital-secretFiles": { "digital-secretFiles": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1665365432, "lastModified": 1685099578,
"narHash": "sha256-HF09GMEeDG7/EuLxsqzyR50OwNQY3jvsS86Q5dxl4uA=", "narHash": "sha256-fdJskOHI7RRu1sOoTVSuQaEqkuyAki15yJlhazvLGsk=",
"owner": "~digital", "owner": "~digital",
"repo": "secretFiles", "repo": "secretFiles",
"rev": "4146e87c049867c9f0786327a746e0a94fda85a7", "rev": "0ea5ae64359729812b967107eb118e59f8b248ae",
"type": "sourcehut" "type": "sourcehut"
}, },
"original": { "original": {
@ -318,22 +321,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
@ -350,12 +337,15 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1685518550,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -386,15 +376,14 @@
"nixpkgs": [ "nixpkgs": [
"nix-hexchen", "nix-hexchen",
"nixpkgs" "nixpkgs"
], ]
"utils": "utils_2"
}, },
"locked": { "locked": {
"lastModified": 1677783711, "lastModified": 1685553090,
"narHash": "sha256-eq5mOVk3gv5HITtLhPjKwi8bFnOaQplA3X0WFgHnmxE=", "narHash": "sha256-DsAYE1AaR4NcZeeotEIE1XlNVXAv8NxUVDxOb7t4wxU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "b9e3a29864798d55ec1d6579ab97876bb1ee9664", "rev": "f1490b8caf2ef6f59205c78cf1a8b68e776214a3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -403,6 +392,50 @@
"type": "github" "type": "github"
} }
}, },
"hyprland": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"nixpkgs": "nixpkgs",
"wlroots": "wlroots",
"xdph": "xdph"
},
"locked": {
"lastModified": 1681059564,
"narHash": "sha256-MKzadECNNhimo6sEjnt8AeJ0H4rH7W5hodd471NBy/Q=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "3ade6c4a9635a035ea243eab780e53d60e6897c3",
"type": "github"
},
"original": {
"owner": "hyprwm",
"ref": "v0.24.1",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"nix-hexchen",
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680997116,
"narHash": "sha256-nNyoatiHmTMczrCoHCH2LIRfSF8n9ZPZ1O7WNMxcbR4=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "d7d403b711b60e8136295b0d4229e89a115e80cc",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"mattermost-server": { "mattermost-server": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -443,7 +476,7 @@
"evil-org-mode": "evil-org-mode", "evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff", "evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode", "explain-pause-mode": "explain-pause-mode",
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_3",
"flake-utils": [ "flake-utils": [
"nix-hexchen", "nix-hexchen",
"flake-utils" "flake-utils"
@ -467,11 +500,11 @@
"ws-butler": "ws-butler" "ws-butler": "ws-butler"
}, },
"locked": { "locked": {
"lastModified": 1677814320, "lastModified": 1683249650,
"narHash": "sha256-Hr04bNG0Jf7tuRckPEESOUx6om+tyRwUnckpDTWqb6c=", "narHash": "sha256-NwBzz2CHNtT0oDqAGewByQ5OFnAWf+ewHUrK0F44xZk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-doom-emacs", "repo": "nix-doom-emacs",
"rev": "09abc89ec873802e20b8c88d883181ba35054ef3", "rev": "588ccf37fa9eb9d2ec787b91c989dcd6892983e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -482,6 +515,7 @@
}, },
"nix-hexchen": { "nix-hexchen": {
"inputs": { "inputs": {
"apple-silicon": "apple-silicon",
"colmena": "colmena", "colmena": "colmena",
"cyberchaos": "cyberchaos", "cyberchaos": "cyberchaos",
"deploy-rs": [ "deploy-rs": [
@ -497,12 +531,16 @@
"nix-doom-emacs", "nix-doom-emacs",
"emacs-overlay" "emacs-overlay"
], ],
"flake-compat": "flake-compat_3", "flake-compat": [
"deploy-rs",
"flake-compat"
],
"flake-utils": [ "flake-utils": [
"deploy-rs", "deploy-rs",
"utils" "utils"
], ],
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland",
"nix-doom-emacs": "nix-doom-emacs", "nix-doom-emacs": "nix-doom-emacs",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-mailserver": [ "nixos-mailserver": [
@ -511,17 +549,18 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
], ],
"pnpm2nix": "pnpm2nix",
"sops-nix": [ "sops-nix": [
"sops-nix" "sops-nix"
], ],
"waybar-iceportal": "waybar-iceportal" "waybar-iceportal": "waybar-iceportal"
}, },
"locked": { "locked": {
"lastModified": 1678222969, "lastModified": 1685626283,
"narHash": "sha256-i8JICE585uqHDZynMIg3xSBF2KaBl/wayVEm5R9LxNg=", "narHash": "sha256-1SsBdxzMdglGMCEcHLCD+7vXFcwV+ItK1SasnZ81QQs=",
"owner": "hexchen", "owner": "hexchen",
"repo": "nixfiles", "repo": "nixfiles",
"rev": "6aa51b1e80975bfd47dfbbf73dec0ee44c78aa36", "rev": "06d810238199d5a228dce142d7e04f5255b61b6c",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -548,11 +587,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1677591639, "lastModified": 1683965003,
"narHash": "sha256-DMlAyge+u3K+JOFLA5YfdjqagdAYJf29YGBWpy5izg4=", "narHash": "sha256-DrzSdOnLv/yFBvS2FqmwBA2xIbN/Lny/WlxHyoLR9zE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "77de4cd09db4dbee9551ed2853cfcf113d7dc5ce", "rev": "81cd886719e10d4822b2a6caa96e95d56cc915ef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -565,36 +604,60 @@
"nixos-mailserver": { "nixos-mailserver": {
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": [
"deploy-rs",
"flake-compat"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
], ],
"nixpkgs-22_05": [ "nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": [
"nixpkgs" "nixpkgs"
], ],
"utils": "utils_3" "utils": [
"deploy-rs",
"utils"
]
}, },
"locked": { "locked": {
"lastModified": 1655930346, "lastModified": 1685482651,
"narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=", "narHash": "sha256-x3W/EZftpdDzJw5dus6i3efIBBbGWFqWXEVfA3kcyyU=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d", "rev": "acc7791ee9f47f62529a874d8b46f09b5bce2ce0",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"ref": "nixos-22.05", "ref": "nixos-23.05",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"type": "gitlab" "type": "gitlab"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1678761643, "lastModified": 1680669251,
"narHash": "sha256-tapXZvg6Kg5Fm7Fm6i+7cRC5Exp2lX7cgMrqsfrGhuc=", "narHash": "sha256-AVNE+0u4HlI3v96KCXE9risH7NKqj0QDLLfSckYXIbA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c4aec3c021620d98861639946123214207e98344", "rev": "9c8ff8b426a8b07b9e0a131ac3218740dc85ba1e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -605,11 +668,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1678843226, "lastModified": 1685938391,
"narHash": "sha256-TkA5tsC8N38HNgaI/odBbSOJWkUrD1uIB2A7Yms72Is=", "narHash": "sha256-96Jw6TbWDLSopt5jqCW8w1Fc1cjQyZlhfBnJ3OZGpME=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "abb2ade261c33516716aa21068d8c10c48d03367", "rev": "31cd1b4afbaf0b1e81272ee9c31d1ab606503aed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -618,6 +681,21 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1685865905,
"narHash": "sha256-XJZ/o17eOd2sEsGif+/MQBnfa2DKmndWgJyc7CWajFc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e7603eba51f2c7820c0a182c6bbb351181caa8e7",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nose": { "nose": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -653,11 +731,11 @@
"org": { "org": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1677411834, "lastModified": 1683136293,
"narHash": "sha256-vJ1kF56IPRkVD+KTC7o8Sz8DpTQHQbWx65bwiWQFIFQ=", "narHash": "sha256-PMHNr3Qo62uqO5IUDAfxUoqa4Zvb9y2J76pRYDB/6Y4=",
"owner": "emacs-straight", "owner": "emacs-straight",
"repo": "org-mode", "repo": "org-mode",
"rev": "aa224978767251cf21b6bd085739297c622d53a6", "rev": "080710797ad25e76c4556d2b03cc0aa5313cd187",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -714,14 +792,30 @@
"type": "github" "type": "github"
} }
}, },
"pnpm2nix": {
"flake": false,
"locked": {
"lastModified": 1676829786,
"narHash": "sha256-ywnp/Y20Bv62Vs4v39NezJ4irSg6IJUR+J25hBMu+yA=",
"owner": "pupbrained",
"repo": "pnpm2nix",
"rev": "65e000773abd988f1f0cb99ff592d7945e7dd349",
"type": "github"
},
"original": {
"owner": "pupbrained",
"repo": "pnpm2nix",
"type": "github"
}
},
"revealjs": { "revealjs": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1677460223, "lastModified": 1681386605,
"narHash": "sha256-4Wfy1iD5RaJiU2ub1Dh4zp4UDp1/PNhuck1FDgvvfds=", "narHash": "sha256-9Q7aWgjAV37iJp6oYDz45e8J+RKwKY1Uvgg/BXwf5nQ=",
"owner": "hakimel", "owner": "hakimel",
"repo": "reveal.js", "repo": "reveal.js",
"rev": "0c9bdeab70cef5c83216132660b60b78ecf82f69", "rev": "0301ce58ab185f7191696e16b1b6389f58df2892",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -737,7 +831,7 @@
"mattermost-webapp": "mattermost-webapp", "mattermost-webapp": "mattermost-webapp",
"nix-hexchen": "nix-hexchen", "nix-hexchen": "nix-hexchen",
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"tracktrain": "tracktrain" "tracktrain": "tracktrain"
@ -759,6 +853,22 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay": {
"flake": false,
"locked": {
"lastModified": 1675132198,
"narHash": "sha256-izOVjdIfdv0OzcfO9rXX0lfGkQn4tdJ0eNm3P3LYo/o=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "48b1403150c3f5a9aeee8bc4c77c8926f29c6501",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sln-mode": { "sln-mode": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -785,11 +895,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1681821695, "lastModified": 1685848844,
"narHash": "sha256-uwyBGo/9IALi97AfMuzkJroQQhV6hkybaZVdw6pRNG4=", "narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "5698b06b0731a2c15ff8c2351644427f8ad33993", "rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -814,14 +924,29 @@
"type": "github" "type": "github"
} }
}, },
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tracktrain": { "tracktrain": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1678972003, "lastModified": 1685134031,
"narHash": "sha256-LcygaLOmX4YPn2mh312Jw3ZpFu7T/4w2+SyqgSl5Qlw=", "narHash": "sha256-pue+T755mMbzBmYL6nspiHaFvbKrjfG9I3XxhRegN7U=",
"ref": "main", "ref": "main",
"rev": "bd81153b3be98e6c8d514b2bfdd731637d821414", "rev": "c0128f357b5268cd31969b8ff630db3ccb3681de",
"revCount": 86, "revCount": 91,
"type": "git", "type": "git",
"url": "https://stuebinm.eu/git/tracktrain" "url": "https://stuebinm.eu/git/tracktrain"
}, },
@ -834,11 +959,11 @@
"ts-fold": { "ts-fold": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1677643855, "lastModified": 1681029086,
"narHash": "sha256-HHu4kVaf4badGzAPacWmZ5eGgxzAI2RzwQNEZlROPTc=", "narHash": "sha256-z3eVkAPFI6JYZZ+2XM496zBxwnujTp4Y4KNNfqgUC/E=",
"owner": "jcs-elpa", "owner": "jcs-elpa",
"repo": "ts-fold", "repo": "ts-fold",
"rev": "ad1d9b24127fe0105642790a1cacc779d70ec7a0", "rev": "5fd2a5afe2112ac23b58ee1b12730fcf16068df3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -862,36 +987,6 @@
"type": "github" "type": "github"
} }
}, },
"utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"waybar-iceportal": { "waybar-iceportal": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -913,6 +1008,24 @@
"type": "github" "type": "github"
} }
}, },
"wlroots": {
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1680810405,
"narHash": "sha256-LmI/4Yp/pOOoI4RxLRx9I90NBsiqdRLVOfbATKlgpkg=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "7abda952d0000b72d240fe1d41457b9288f0b6e5",
"type": "gitlab"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"type": "gitlab"
}
},
"ws-butler": { "ws-butler": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -928,6 +1041,33 @@
"repo": "ws-butler", "repo": "ws-butler",
"type": "github" "type": "github"
} }
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"nix-hexchen",
"hyprland",
"hyprland-protocols"
],
"nixpkgs": [
"nix-hexchen",
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673116118,
"narHash": "sha256-eR0yDSkR2XYMesfdRWJs25kAdXET2mbNNHu5t+KUcKA=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "d479c846531fd0e1d2357c9588b8310a2b859ef2",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View file

@ -7,10 +7,10 @@
mattermost-server.url = "github:mattermost/mattermost-server?ref=v7.8.11"; mattermost-server.url = "github:mattermost/mattermost-server?ref=v7.8.11";
mattermost-server.flake = false; mattermost-server.flake = false;
nixpkgs.url = "nixpkgs/nixos-22.11"; nixpkgs.url = "nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
nix-hexchen.url = "gitlab:hexchen/nixfiles"; nix-hexchen.url = "gitlab:hexchen/nixfiles";
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05"; nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main"; tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main";
tracktrain.flake = false; tracktrain.flake = false;
@ -29,11 +29,14 @@
doom-emacs.follows = "nix-hexchen/nix-doom-emacs/doom-emacs"; doom-emacs.follows = "nix-hexchen/nix-doom-emacs/doom-emacs";
emacs-overlay.follows = "nix-hexchen/nix-doom-emacs/emacs-overlay"; emacs-overlay.follows = "nix-hexchen/nix-doom-emacs/emacs-overlay";
flake-utils.follows = "/deploy-rs/utils"; flake-utils.follows = "/deploy-rs/utils";
flake-compat.follows = "/deploy-rs/flake-compat";
sops-nix.follows = "sops-nix"; sops-nix.follows = "sops-nix";
}; };
nixos-mailserver.inputs = { nixos-mailserver.inputs = {
"nixpkgs-22_05".follows = "nixpkgs"; "nixpkgs-23_05".follows = "nixpkgs";
nixpkgs.follows = "nixpkgs-unstable"; nixpkgs.follows = "nixpkgs-unstable";
utils.follows = "/deploy-rs/utils";
flake-compat.follows = "/deploy-rs/flake-compat";
}; };
}; };

View file

@ -41,7 +41,6 @@
sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];

View file

@ -2,14 +2,17 @@
python3Packages.buildPythonPackage rec { python3Packages.buildPythonPackage rec {
pname = "uffd"; pname = "uffd";
version = "2.0.1"; version = "2.2.0";
PACKAGE_VERSION = version;
src = fetchzip { src = fetchzip {
url = "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz"; url = "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz";
hash = "sha256-KP4J1bw5u7MklaPu2SBFRNyGgkKOBOpft5MMH+em5M4="; hash = "sha256-Bt0Q+4B2tbJmjnVQ4XZqEwDlXfd10QBo1AaK3EmZ5RY=";
}; };
patches = [ ./gitea-magic.patch ./fix-setuppy.patch ./fix-userinfo.patch ]; patches = [
./fix-userinfo.patch
];
propagatedBuildInputs = with python3Packages; [ propagatedBuildInputs = with python3Packages; [
flask flask
@ -23,6 +26,13 @@ python3Packages.buildPythonPackage rec {
itsdangerous itsdangerous
alembic alembic
Mako Mako
urllib3
pyasn1
certifi
idna
chardet
requests-oauthlib
prometheus-client
]; ];
postPatch = '' postPatch = ''

View file

@ -1,10 +1,12 @@
--- a/uffd/oauth2/views.py 2022-04-30 20:39:53.825474990 +0000 --- a/uffd/views/oauth2.py 2022-04-30 20:39:53.825474990 +0000
+++ b/uffd/oauth2/views.py 2022-04-30 20:40:12.632389377 +0000 +++ b/uffd/views/oauth2.py 2022-04-30 20:40:12.632389377 +0000
@@ -234,6 +234,7 @@ @@ -237,6 +237,9 @@
id=user.unix_uid, id=service_user.user.unix_uid,
name=user.displayname, name=service_user.user.displayname,
nickname=user.loginname, + full_name=service_user.user.displayname,
+ username=user.loginname, nickname=service_user.user.loginname,
email=user.mail, + username=service_user.user.loginname,
groups=[group.name for group in user.groups] + login=service_user.user.loginname,
email=service_user.email,
groups=[group.name for group in service_user.user.groups]
) )

View file

@ -26,9 +26,6 @@
services.gitea = { services.gitea = {
enable = true; enable = true;
appName = "0x0: git for all creatures"; appName = "0x0: git for all creatures";
rootUrl = "https://git.infra4future.de/";
httpAddress = "0.0.0.0";
httpPort = 3000;
lfs.enable = true; lfs.enable = true;
database.type = "postgres"; database.type = "postgres";
settings = { settings = {
@ -49,6 +46,9 @@
server = { server = {
LANDING_PAGE = "explore"; LANDING_PAGE = "explore";
OFFLINE_MODE = true; OFFLINE_MODE = true;
ROOT_URL = "https://git.infra4future.de";
HTTP_PORT = 3000;
HTTP_ADDR = "0.0.0.0";
}; };
security = { INSTALL_LOCK = true; }; security = { INSTALL_LOCK = true; };
other = { other = {
@ -79,14 +79,14 @@
}; };
services.openssh = { services.openssh = {
enable = true; enable = true;
passwordAuthentication = false;
listenAddresses = [ { listenAddresses = [ {
addr = "192.168.100.10"; addr = "192.168.100.10";
port = 22; port = 22;
} ]; } ];
extraConfig = '' settings = {
AcceptEnv GIT_PROTOCOL PasswordAuthentication = false;
''; AcceptEnv = "GIT_PROTOCOL";
};
}; };
}); });
}; };

View file

@ -29,7 +29,7 @@ in {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
systemd.services.mattermost.serviceConfig.EnvironmentFile = systemd.services.mattermost.serviceConfig.EnvironmentFile =
"/secrets/env"; lib.mkForce "/secrets/env";
# couldn't figure out how to actually overwrite modules, so now # couldn't figure out how to actually overwrite modules, so now
# there's two mattermost modules ... # there's two mattermost modules ...
@ -202,7 +202,7 @@ in {
name = "mattermost"; name = "mattermost";
ensurePermissions = { "mattermost.*" = "ALL PRIVILEGES"; }; ensurePermissions = { "mattermost.*" = "ALL PRIVILEGES"; };
} ]; } ];
package = pkgs.mysql80; package = pkgs.mysql;
dataDir = "/persist/mysql"; dataDir = "/persist/mysql";
}; };