hacc/haccfiles
8
0
Fork 1
Code Issues 1 Pull requests Projects Releases Wiki Activity

initial work for 23.05

Browse source 
in theory this might be ready to deploy. Potential hazards & things to
know when actually doing so:

 1. the mysql version used by mattermost was updated (the old uses an
    openssl which is marked insecure). Might have to migrate a database
 2. lots of settings now use RFC 42-style settings, which might contain
    new typos
 3. this updates uffd (& changes the patches we apply). Since version
    dependencies of uffd are basically "whatever debian has" we have
    never bothered to match them, but afaik have also never updated uffd
    since the initial deploy some years ago. No guarantee it still
    works.
 4. tracktrain depends on haskellPackages.conferer-warp, which is
    currently marked broken. There is no reason for this (it builds
    fine). Until fixed upstream, build with NIXPKGS_ALLOW_BROKEN=1.
    cf. https://github.com/NixOS/nixpkgs/pull/234784; waiting for a
    merge of haskell-updates into 23.05
This commit is contained in:
stuebinm 2023-06-06 02:04:11 +02:00
parent 74654f2fc0
commit 72ca5b2888
8 changed files with 312 additions and 155 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
common/default.nix
View file

@ -27,13 +27,16 @@
services.openssh = {
enable = true;
ports = lib.mkDefault [ 62954 ];
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
permitRootLogin = lib.mkDefault "prohibit-password";
extraConfig = "StreamLocalBindUnlink yes";
forwardX11 = true;
settings = {
X11Forwarding = true;
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
StreamLocalBindUnlink = true;
};
};
programs.mosh.enable = true;
programs.fish.enable = true;
security.sudo.wheelNeedsPassword = lib.mkDefault false;
i18n.defaultLocale = "en_IE.UTF-8";

390
flake.lock
View file

@ -1,5 +1,27 @@
{
"nodes": {
"apple-silicon": {
"inputs": {
"nixpkgs": [
"nix-hexchen",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1683434835,
"narHash": "sha256-idBmY6LKkB5hTcTFroUi1oQdCK1/fDfJA+qNaivl1Wk=",
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"rev": "ef6f0de57ef175e0de8c7e846a95481ac6f4ce58",
"type": "github"
},
"original": {
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
@ -27,11 +49,11 @@
"stable": "stable"
},
"locked": {
"lastModified": 1675730932,
"narHash": "sha256-XcmirehPIcZGS7PzkS3WvAYQ9GBlBvCxYToIOIV2PVE=",
"lastModified": 1682737380,
"narHash": "sha256-n3rZkHZls9BNr35o3veK00UsM1KSh/oNTJjLkFbEOY8=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "e034c15825c439131e4489de5a82cf8e5398fa61",
"rev": "be837ee341b6508c355035973d5f7c7e88d7c64f",
"type": "github"
},
"original": {
@ -43,7 +65,6 @@
},
"cyberchaos": {
"inputs": {
"digital-nftables": "digital-nftables",
"digital-secretFiles": "digital-secretFiles",
"flake-utils": "flake-utils_2",
"nixpkgs": [
@ -53,17 +74,16 @@
},
"locked": {
"host": "cyberchaos.dev",
"lastModified": 1675679997,
"narHash": "sha256-Gr+YTufBFFdkA5LHX7h9FGLXp1rl99GH59VNst9rTSg=",
"lastModified": 1685564432,
"narHash": "sha256-k45MLYwvvNTQJTj8gbK+cM3vqkEbe7QL2ZIw4mwYGKw=",
"owner": "cyberchaoscreatures",
"repo": "nixlib",
"rev": "d27cf5ebde98528054adeec64cc757f59e6ce006",
"rev": "dddb5e37038d49fffc5daae096d8bcfc4efe1ab8",
"type": "gitlab"
},
"original": {
"host": "cyberchaos.dev",
"owner": "cyberchaoscreatures",
"ref": "update-akkoma",
"repo": "nixlib",
"type": "gitlab"
}
@ -77,11 +97,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1674127017,
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
"lastModified": 1685948350,
"narHash": "sha256-1FldJ059so0X/rScdbIiOlQbjjSNCCTdj2cUr5pHU4A=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
"rev": "65211db63ba1199f09b4c9f27e5eba5ec50d76ac",
"type": "github"
},
"original": {
@ -90,31 +110,14 @@
"type": "github"
}
},
"digital-nftables": {
"flake": false,
"locked": {
"lastModified": 1666650247,
"narHash": "sha256-qMeq9JD9B1Ay2KHn8+VX5ESO9nOduo3yFLS5bqzcnLw=",
"owner": "~digital",
"repo": "digital-nixfiles",
"rev": "937355ebc323c4b6db253ac7ac165e30ce6958a0",
"type": "sourcehut"
},
"original": {
"owner": "~digital",
"ref": "testing",
"repo": "digital-nixfiles",
"type": "sourcehut"
}
},
"digital-secretFiles": {
"flake": false,
"locked": {
"lastModified": 1665365432,
"narHash": "sha256-HF09GMEeDG7/EuLxsqzyR50OwNQY3jvsS86Q5dxl4uA=",
"lastModified": 1685099578,
"narHash": "sha256-fdJskOHI7RRu1sOoTVSuQaEqkuyAki15yJlhazvLGsk=",
"owner": "~digital",
"repo": "secretFiles",
"rev": "4146e87c049867c9f0786327a746e0a94fda85a7",
"rev": "0ea5ae64359729812b967107eb118e59f8b248ae",
"type": "sourcehut"
},
"original": {
@ -318,22 +321,6 @@
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
@ -350,12 +337,15 @@
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
@ -386,15 +376,14 @@
"nixpkgs": [
"nix-hexchen",
"nixpkgs"
],
"utils": "utils_2"
]
},
"locked": {
"lastModified": 1677783711,
"narHash": "sha256-eq5mOVk3gv5HITtLhPjKwi8bFnOaQplA3X0WFgHnmxE=",
"lastModified": 1685553090,
"narHash": "sha256-DsAYE1AaR4NcZeeotEIE1XlNVXAv8NxUVDxOb7t4wxU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b9e3a29864798d55ec1d6579ab97876bb1ee9664",
"rev": "f1490b8caf2ef6f59205c78cf1a8b68e776214a3",
"type": "github"
},
"original": {
@ -403,6 +392,50 @@
"type": "github"
}
},
"hyprland": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"nixpkgs": "nixpkgs",
"wlroots": "wlroots",
"xdph": "xdph"
},
"locked": {
"lastModified": 1681059564,
"narHash": "sha256-MKzadECNNhimo6sEjnt8AeJ0H4rH7W5hodd471NBy/Q=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "3ade6c4a9635a035ea243eab780e53d60e6897c3",
"type": "github"
},
"original": {
"owner": "hyprwm",
"ref": "v0.24.1",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"nix-hexchen",
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680997116,
"narHash": "sha256-nNyoatiHmTMczrCoHCH2LIRfSF8n9ZPZ1O7WNMxcbR4=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "d7d403b711b60e8136295b0d4229e89a115e80cc",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"mattermost-server": {
"flake": false,
"locked": {
@ -443,7 +476,7 @@
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_3",
"flake-utils": [
"nix-hexchen",
"flake-utils"
@ -467,11 +500,11 @@
"ws-butler": "ws-butler"
},
"locked": {
"lastModified": 1677814320,
"narHash": "sha256-Hr04bNG0Jf7tuRckPEESOUx6om+tyRwUnckpDTWqb6c=",
"lastModified": 1683249650,
"narHash": "sha256-NwBzz2CHNtT0oDqAGewByQ5OFnAWf+ewHUrK0F44xZk=",
"owner": "nix-community",
"repo": "nix-doom-emacs",
"rev": "09abc89ec873802e20b8c88d883181ba35054ef3",
"rev": "588ccf37fa9eb9d2ec787b91c989dcd6892983e9",
"type": "github"
},
"original": {
@ -482,6 +515,7 @@
},
"nix-hexchen": {
"inputs": {
"apple-silicon": "apple-silicon",
"colmena": "colmena",
"cyberchaos": "cyberchaos",
"deploy-rs": [
@ -497,12 +531,16 @@
"nix-doom-emacs",
"emacs-overlay"
],
"flake-compat": "flake-compat_3",
"flake-compat": [
"deploy-rs",
"flake-compat"
],
"flake-utils": [
"deploy-rs",
"utils"
],
"home-manager": "home-manager",
"hyprland": "hyprland",
"nix-doom-emacs": "nix-doom-emacs",
"nixos-hardware": "nixos-hardware",
"nixos-mailserver": [
@ -511,17 +549,18 @@
"nixpkgs": [
"nixpkgs-unstable"
],
"pnpm2nix": "pnpm2nix",
"sops-nix": [
"sops-nix"
],
"waybar-iceportal": "waybar-iceportal"
},
"locked": {
"lastModified": 1678222969,
"narHash": "sha256-i8JICE585uqHDZynMIg3xSBF2KaBl/wayVEm5R9LxNg=",
"lastModified": 1685626283,
"narHash": "sha256-1SsBdxzMdglGMCEcHLCD+7vXFcwV+ItK1SasnZ81QQs=",
"owner": "hexchen",
"repo": "nixfiles",
"rev": "6aa51b1e80975bfd47dfbbf73dec0ee44c78aa36",
"rev": "06d810238199d5a228dce142d7e04f5255b61b6c",
"type": "gitlab"
},
"original": {
@ -548,11 +587,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1677591639,
"narHash": "sha256-DMlAyge+u3K+JOFLA5YfdjqagdAYJf29YGBWpy5izg4=",
"lastModified": 1683965003,
"narHash": "sha256-DrzSdOnLv/yFBvS2FqmwBA2xIbN/Lny/WlxHyoLR9zE=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "77de4cd09db4dbee9551ed2853cfcf113d7dc5ce",
"rev": "81cd886719e10d4822b2a6caa96e95d56cc915ef",
"type": "github"
},
"original": {
@ -565,36 +604,60 @@
"nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": [
"deploy-rs",
"flake-compat"
],
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-22_05": [
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": [
"nixpkgs"
],
"utils": "utils_3"
"utils": [
"deploy-rs",
"utils"
]
},
"locked": {
"lastModified": 1655930346,
"narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=",
"lastModified": 1685482651,
"narHash": "sha256-x3W/EZftpdDzJw5dus6i3efIBBbGWFqWXEVfA3kcyyU=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d",
"rev": "acc7791ee9f47f62529a874d8b46f09b5bce2ce0",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-22.05",
"ref": "nixos-23.05",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1678761643,
"narHash": "sha256-tapXZvg6Kg5Fm7Fm6i+7cRC5Exp2lX7cgMrqsfrGhuc=",
"lastModified": 1680669251,
"narHash": "sha256-AVNE+0u4HlI3v96KCXE9risH7NKqj0QDLLfSckYXIbA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c4aec3c021620d98861639946123214207e98344",
"rev": "9c8ff8b426a8b07b9e0a131ac3218740dc85ba1e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github"
},
"original": {
@ -605,11 +668,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1678843226,
"narHash": "sha256-TkA5tsC8N38HNgaI/odBbSOJWkUrD1uIB2A7Yms72Is=",
"lastModified": 1685938391,
"narHash": "sha256-96Jw6TbWDLSopt5jqCW8w1Fc1cjQyZlhfBnJ3OZGpME=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "abb2ade261c33516716aa21068d8c10c48d03367",
"rev": "31cd1b4afbaf0b1e81272ee9c31d1ab606503aed",
"type": "github"
},
"original": {
@ -618,6 +681,21 @@
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1685865905,
"narHash": "sha256-XJZ/o17eOd2sEsGif+/MQBnfa2DKmndWgJyc7CWajFc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e7603eba51f2c7820c0a182c6bbb351181caa8e7",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nose": {
"flake": false,
"locked": {
@ -653,11 +731,11 @@
"org": {
"flake": false,
"locked": {
"lastModified": 1677411834,
"narHash": "sha256-vJ1kF56IPRkVD+KTC7o8Sz8DpTQHQbWx65bwiWQFIFQ=",
"lastModified": 1683136293,
"narHash": "sha256-PMHNr3Qo62uqO5IUDAfxUoqa4Zvb9y2J76pRYDB/6Y4=",
"owner": "emacs-straight",
"repo": "org-mode",
"rev": "aa224978767251cf21b6bd085739297c622d53a6",
"rev": "080710797ad25e76c4556d2b03cc0aa5313cd187",
"type": "github"
},
"original": {
@ -714,14 +792,30 @@
"type": "github"
}
},
"pnpm2nix": {
"flake": false,
"locked": {
"lastModified": 1676829786,
"narHash": "sha256-ywnp/Y20Bv62Vs4v39NezJ4irSg6IJUR+J25hBMu+yA=",
"owner": "pupbrained",
"repo": "pnpm2nix",
"rev": "65e000773abd988f1f0cb99ff592d7945e7dd349",
"type": "github"
},
"original": {
"owner": "pupbrained",
"repo": "pnpm2nix",
"type": "github"
}
},
"revealjs": {
"flake": false,
"locked": {
"lastModified": 1677460223,
"narHash": "sha256-4Wfy1iD5RaJiU2ub1Dh4zp4UDp1/PNhuck1FDgvvfds=",
"lastModified": 1681386605,
"narHash": "sha256-9Q7aWgjAV37iJp6oYDz45e8J+RKwKY1Uvgg/BXwf5nQ=",
"owner": "hakimel",
"repo": "reveal.js",
"rev": "0c9bdeab70cef5c83216132660b60b78ecf82f69",
"rev": "0301ce58ab185f7191696e16b1b6389f58df2892",
"type": "github"
},
"original": {
@ -737,7 +831,7 @@
"mattermost-webapp": "mattermost-webapp",
"nix-hexchen": "nix-hexchen",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix",
"tracktrain": "tracktrain"
@ -759,6 +853,22 @@
"type": "github"
}
},
"rust-overlay": {
"flake": false,
"locked": {
"lastModified": 1675132198,
"narHash": "sha256-izOVjdIfdv0OzcfO9rXX0lfGkQn4tdJ0eNm3P3LYo/o=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "48b1403150c3f5a9aeee8bc4c77c8926f29c6501",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sln-mode": {
"flake": false,
"locked": {
@ -785,11 +895,11 @@
]
},
"locked": {
"lastModified": 1681821695,
"narHash": "sha256-uwyBGo/9IALi97AfMuzkJroQQhV6hkybaZVdw6pRNG4=",
"lastModified": 1685848844,
"narHash": "sha256-Iury+/SVbAwLES76QJSiKFiQDzmf/8Hsq8j54WF2qyw=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5698b06b0731a2c15ff8c2351644427f8ad33993",
"rev": "a522e12ee35e50fa7d902a164a9796e420e6e75b",
"type": "github"
},
"original": {
@ -814,14 +924,29 @@
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tracktrain": {
"flake": false,
"locked": {
"lastModified": 1678972003,
"narHash": "sha256-LcygaLOmX4YPn2mh312Jw3ZpFu7T/4w2+SyqgSl5Qlw=",
"lastModified": 1685134031,
"narHash": "sha256-pue+T755mMbzBmYL6nspiHaFvbKrjfG9I3XxhRegN7U=",
"ref": "main",
"rev": "bd81153b3be98e6c8d514b2bfdd731637d821414",
"revCount": 86,
"rev": "c0128f357b5268cd31969b8ff630db3ccb3681de",
"revCount": 91,
"type": "git",
"url": "https://stuebinm.eu/git/tracktrain"
},
@ -834,11 +959,11 @@
"ts-fold": {
"flake": false,
"locked": {
"lastModified": 1677643855,
"narHash": "sha256-HHu4kVaf4badGzAPacWmZ5eGgxzAI2RzwQNEZlROPTc=",
"lastModified": 1681029086,
"narHash": "sha256-z3eVkAPFI6JYZZ+2XM496zBxwnujTp4Y4KNNfqgUC/E=",
"owner": "jcs-elpa",
"repo": "ts-fold",
"rev": "ad1d9b24127fe0105642790a1cacc779d70ec7a0",
"rev": "5fd2a5afe2112ac23b58ee1b12730fcf16068df3",
"type": "github"
},
"original": {
@ -862,36 +987,6 @@
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"waybar-iceportal": {
"inputs": {
"nixpkgs": [
@ -913,6 +1008,24 @@
"type": "github"
}
},
"wlroots": {
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1680810405,
"narHash": "sha256-LmI/4Yp/pOOoI4RxLRx9I90NBsiqdRLVOfbATKlgpkg=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "7abda952d0000b72d240fe1d41457b9288f0b6e5",
"type": "gitlab"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"type": "gitlab"
}
},
"ws-butler": {
"flake": false,
"locked": {
@ -928,6 +1041,33 @@
"repo": "ws-butler",
"type": "github"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"nix-hexchen",
"hyprland",
"hyprland-protocols"
],
"nixpkgs": [
"nix-hexchen",
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673116118,
"narHash": "sha256-eR0yDSkR2XYMesfdRWJs25kAdXET2mbNNHu5t+KUcKA=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "d479c846531fd0e1d2357c9588b8310a2b859ef2",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
}
},
"root": "root",

9
flake.nix
View file

@ -7,10 +7,10 @@
mattermost-server.url = "github:mattermost/mattermost-server?ref=v7.8.11";
mattermost-server.flake = false;
nixpkgs.url = "nixpkgs/nixos-22.11";
nixpkgs.url = "nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
nix-hexchen.url = "gitlab:hexchen/nixfiles";
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05";
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main";
tracktrain.flake = false;
@ -29,11 +29,14 @@
doom-emacs.follows = "nix-hexchen/nix-doom-emacs/doom-emacs";
emacs-overlay.follows = "nix-hexchen/nix-doom-emacs/emacs-overlay";
flake-utils.follows = "/deploy-rs/utils";
flake-compat.follows = "/deploy-rs/flake-compat";
sops-nix.follows = "sops-nix";
};
nixos-mailserver.inputs = {
"nixpkgs-22_05".follows = "nixpkgs";
"nixpkgs-23_05".follows = "nixpkgs";
nixpkgs.follows = "nixpkgs-unstable";
utils.follows = "/deploy-rs/utils";
flake-compat.follows = "/deploy-rs/flake-compat";
};
};

1
hosts/parsons/configuration.nix
View file

@ -41,7 +41,6 @@
sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
boot.supportedFilesystems = [ "zfs" ];

16
pkgs/uffd/default.nix
View file

@ -2,14 +2,17 @@
python3Packages.buildPythonPackage rec {
pname = "uffd";
version = "2.0.1";
version = "2.2.0";
PACKAGE_VERSION = version;
src = fetchzip {
url = "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz";
hash = "sha256-KP4J1bw5u7MklaPu2SBFRNyGgkKOBOpft5MMH+em5M4=";
hash = "sha256-Bt0Q+4B2tbJmjnVQ4XZqEwDlXfd10QBo1AaK3EmZ5RY=";
};
patches = [ ./gitea-magic.patch ./fix-setuppy.patch ./fix-userinfo.patch ];
patches = [
./fix-userinfo.patch
];
propagatedBuildInputs = with python3Packages; [
flask
@ -23,6 +26,13 @@ python3Packages.buildPythonPackage rec {
itsdangerous
alembic
Mako
urllib3
pyasn1
certifi
idna
chardet
requests-oauthlib
prometheus-client
];
postPatch = ''

20
pkgs/uffd/fix-userinfo.patch
View file

@ -1,10 +1,12 @@
--- a/uffd/oauth2/views.py 2022-04-30 20:39:53.825474990 +0000
+++ b/uffd/oauth2/views.py 2022-04-30 20:40:12.632389377 +0000
@@ -234,6 +234,7 @@
id=user.unix_uid,
name=user.displayname,
nickname=user.loginname,
+ username=user.loginname,
email=user.mail,
groups=[group.name for group in user.groups]
--- a/uffd/views/oauth2.py 2022-04-30 20:39:53.825474990 +0000
+++ b/uffd/views/oauth2.py 2022-04-30 20:40:12.632389377 +0000
@@ -237,6 +237,9 @@
id=service_user.user.unix_uid,
name=service_user.user.displayname,
+ full_name=service_user.user.displayname,
nickname=service_user.user.loginname,
+ username=service_user.user.loginname,
+ login=service_user.user.loginname,
email=service_user.email,
groups=[group.name for group in service_user.user.groups]
)

14
services/gitea.nix
View file

@ -26,9 +26,6 @@
services.gitea = {
enable = true;
appName = "0x0: git for all creatures";
rootUrl = "https://git.infra4future.de/";
httpAddress = "0.0.0.0";
httpPort = 3000;
lfs.enable = true;
database.type = "postgres";
settings = {
@ -49,6 +46,9 @@
server = {
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
ROOT_URL = "https://git.infra4future.de";
HTTP_PORT = 3000;
HTTP_ADDR = "0.0.0.0";
};
security = { INSTALL_LOCK = true; };
other = {
@ -79,14 +79,14 @@
};
services.openssh = {
enable = true;
passwordAuthentication = false;
listenAddresses = [ {
addr = "192.168.100.10";
port = 22;
} ];
extraConfig = ''
AcceptEnv GIT_PROTOCOL
'';
settings = {
PasswordAuthentication = false;
AcceptEnv = "GIT_PROTOCOL";
};
};
});
};

4
services/mattermost.nix
View file

@ -29,7 +29,7 @@ in {
nixpkgs.config.allowUnfree = true;
systemd.services.mattermost.serviceConfig.EnvironmentFile =
"/secrets/env";
lib.mkForce "/secrets/env";
# couldn't figure out how to actually overwrite modules, so now
# there's two mattermost modules ...
@ -202,7 +202,7 @@ in {
name = "mattermost";
ensurePermissions = { "mattermost.*" = "ALL PRIVILEGES"; };
} ];
package = pkgs.mysql80;
package = pkgs.mysql;
dataDir = "/persist/mysql";
};