From 9d187d212a23bd439467caddfe130c434c111ed3 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Thu, 30 Nov 2023 17:43:48 +0100 Subject: [PATCH] initial work towards nixos 23.11 Note: this updates all postgres instances, since postgresql_11 no longer exists. --- common/default.nix | 2 +- flake.lock | 312 +++++++++++++++++++++++++++++++++--- flake.nix | 6 +- pkgs/default.nix | 1 + pkgs/mattermost/default.nix | 2 +- services/gitea.nix | 2 - services/hedgedoc-hacc.nix | 6 +- services/hedgedoc-i4f.nix | 6 +- services/mattermost.nix | 4 +- services/nextcloud.nix | 7 +- services/tracktrain.nix | 4 +- 11 files changed, 303 insertions(+), 49 deletions(-) diff --git a/common/default.nix b/common/default.nix index 71e8119..ece8f62 100644 --- a/common/default.nix +++ b/common/default.nix @@ -61,7 +61,7 @@ whois iperf fd - exa + eza socat tmux gnupg diff --git a/flake.lock b/flake.lock index d67714c..cd618bf 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,51 @@ "type": "github" } }, + "authentik-nix": { + "inputs": { + "authentik-src": "authentik-src", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "napalm": "napalm", + "nixpkgs": [ + "nix-hexchen", + "nixpkgs" + ], + "nixpkgs-23-05": "nixpkgs-23-05", + "poetry2nix": "poetry2nix" + }, + "locked": { + "lastModified": 1700588859, + "narHash": "sha256-gTai5mqxbTUX9GvrRXVqsPP7wqAgqdSP2idQC2xyUXE=", + "owner": "mayflower", + "repo": "authentik-nix", + "rev": "9663811618b8d86b395912b621ae09ecee1bdacc", + "type": "github" + }, + "original": { + "owner": "mayflower", + "repo": "authentik-nix", + "type": "github" + } + }, + "authentik-src": { + "flake": false, + "locked": { + "lastModified": 1700588304, + "narHash": "sha256-NsXYfXxn7ofl9EeLAQi1V0tKlOeVyQqH1W26uejjKV0=", + "owner": "goauthentik", + "repo": "authentik", + "rev": "a2a67161ac8b840d63cbaacdfbebb60fd48e901b", + "type": "github" + }, + "original": { + "owner": "goauthentik", + "ref": "version/2023.10.4", + "repo": "authentik", + "type": "github" + } + }, "blobs": { "flake": false, "locked": { @@ -41,8 +86,8 @@ }, "colmena": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils", + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nix-hexchen", "nixpkgs" @@ -67,7 +112,7 @@ "cyberchaos": { "inputs": { "digital-secretFiles": "digital-secretFiles", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nix-hexchen", "nixpkgs" @@ -294,6 +339,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1650374568, @@ -309,7 +370,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1673956053, @@ -325,7 +386,43 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1696343447, + "narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -340,9 +437,9 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { - "systems": "systems" + "systems": "systems_3" }, "locked": { "lastModified": 1685518550, @@ -426,6 +523,33 @@ "url": "https://releases.mattermost.com/8.1.6/mattermost-8.1.6-linux-amd64.tar.gz" } }, + "napalm": { + "inputs": { + "flake-utils": [ + "nix-hexchen", + "authentik-nix", + "flake-utils" + ], + "nixpkgs": [ + "nix-hexchen", + "authentik-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1693989153, + "narHash": "sha256-gx39Y3opGB25+44OjM+h1bdJyzgLD963va8ULGYlbhM=", + "owner": "nix-community", + "repo": "napalm", + "rev": "a8215ccf1c80070f51a92771f3bc637dd9b9f7ee", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "napalm", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -459,7 +583,7 @@ "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "flake-utils": [ "nix-hexchen", "flake-utils" @@ -496,9 +620,33 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "nix-hexchen", + "authentik-nix", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1693660503, + "narHash": "sha256-B/g2V4v6gjirFmy+I5mwB2bCYc0l3j5scVfwgl6WOl8=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "bd5bdbb52350e145c526108f4ef192eb8e554fa0", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-hexchen": { "inputs": { "apple-silicon": "apple-silicon", + "authentik-nix": "authentik-nix", "colmena": "colmena", "cyberchaos": "cyberchaos", "deploy-rs": [ @@ -538,11 +686,11 @@ "waybar-iceportal": "waybar-iceportal" }, "locked": { - "lastModified": 1700182193, - "narHash": "sha256-MRrgDh39QJlynhhD7Md6Xio31IgM0/olbjq8CrUX31s=", + "lastModified": 1701220872, + "narHash": "sha256-ZyzC9uTIEQSqr5wX1zfMATtBjlpox96HxNPd7Erl3eY=", "owner": "hexchen", "repo": "nixfiles", - "rev": "37b19422da8954bd748fd7205b79f6f5b78de982", + "rev": "ebe48cb7eaa891e85030f939f0a3dd52d183ccb6", "type": "gitlab" }, "original": { @@ -601,16 +749,16 @@ ] }, "locked": { - "lastModified": 1687462267, - "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", + "lastModified": 1700085753, + "narHash": "sha256-qtib7f3eRwfaUF+VziJXiBcZFqpHCAXS4HlrFsnzzl4=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "24128c3052090311688b09a400aa408ba61c6ee5", + "rev": "008d78cc21959e33d0d31f375b88353a7d7121ae", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.05", + "ref": "master", "repo": "nixos-mailserver", "type": "gitlab" } @@ -645,6 +793,40 @@ "type": "indirect" } }, + "nixpkgs-23-05": { + "locked": { + "lastModified": 1699291058, + "narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "41de143fda10e33be0f47eab2bfe08a50f234267", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1696019113, + "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-oldstable": { "locked": { "lastModified": 1678761643, @@ -678,26 +860,26 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1700403855, - "narHash": "sha256-Q0Uzjik9kUTN9pd/kp52XJi5kletBhy29ctBlAG+III=", + "lastModified": 1701263465, + "narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0c5678df521e1407884205fe3ce3cf1d7df297db", + "rev": "50aa30a13c4ab5e7ba282da460a3e3d44e9d0eb3", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "type": "indirect" } }, "nixpkgs_4": { "locked": { - "lastModified": 1700108881, - "narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=", + "lastModified": 1700856099, + "narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1", + "rev": "0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1", "type": "github" }, "original": { @@ -819,6 +1001,36 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "nix-hexchen", + "authentik-nix", + "flake-utils" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nix-hexchen", + "authentik-nix", + "nixpkgs" + ], + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1698324369, + "narHash": "sha256-rftG/00dnS+HHun11lDFtL33NNcGUE3XznYI78gU7dY=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "8f2c483f9a40db26011f6668559574a4b86ed499", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "revealjs": { "flake": false, "locked": { @@ -904,11 +1116,11 @@ ] }, "locked": { - "lastModified": 1700362823, - "narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=", + "lastModified": 1701127353, + "narHash": "sha256-qVNX0wOl0b7+I35aRu78xUphOyELh+mtUp1KBx89K1Q=", "owner": "Mic92", "repo": "sops-nix", - "rev": "49a87c6c827ccd21c225531e30745a9a6464775c", + "rev": "b1edbf5c0464b4cced90a3ba6f999e671f0af631", "type": "github" }, "original": { @@ -948,6 +1160,35 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tracktrain": { "flake": false, "locked": { @@ -965,6 +1206,29 @@ "url": "https://stuebinm.eu/git/tracktrain" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nix-hexchen", + "authentik-nix", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1697388351, + "narHash": "sha256-63N2eBpKaziIy4R44vjpUu8Nz5fCJY7okKrkixvDQmY=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "aae39f64f5ecbe89792d05eacea5cb241891292a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "ts-fold": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 6bf8a5b..8083a2c 100644 --- a/flake.nix +++ b/flake.nix @@ -7,11 +7,11 @@ mattermost-server.url = "github:mattermost/mattermost-server?ref=v8.1.6"; mattermost-server.flake = false; - nixpkgs.url = "nixpkgs/nixos-23.05"; + nixpkgs.url = "nixpkgs/nixos-23.11"; nixpkgs-oldstable.url = "github:/NixOS/nixpkgs?rev=c4aec3c021620d98861639946123214207e98344"; nix-hexchen.url = "gitlab:hexchen/nixfiles"; - nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; + nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main"; tracktrain.flake = false; @@ -47,6 +47,7 @@ pkgs = import ./pkgs { sources = inputs; system = "x86_64-linux"; + config.allowUnfree = true; }; evalConfig = config: (nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -55,7 +56,6 @@ nix-hexchen.nixosModules.network.nftables { nixpkgs.pkgs = pkgs.lib.mkForce pkgs; - nixpkgs.config.allowUnfree = true; imports = [ profiles.container profiles.nopersist ]; } ]; diff --git a/pkgs/default.nix b/pkgs/default.nix index a083909..e45732a 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -32,6 +32,7 @@ let mkdir -p $out cp * -r $out ''; + meta.mainProgram = "thelounge"; }; uffd = oldstable.callPackage ./uffd { }; diff --git a/pkgs/mattermost/default.nix b/pkgs/mattermost/default.nix index bf9a938..12e5ceb 100644 --- a/pkgs/mattermost/default.nix +++ b/pkgs/mattermost/default.nix @@ -9,7 +9,7 @@ let src = "${sources.mattermost-server}/server"; - vendorSha256 = "sha256-25nyneJ+ynM9WdnnLd4L3a720ecKdhJ1vyRG5lx2mgY="; + vendorHash = "sha256-25nyneJ+ynM9WdnnLd4L3a720ecKdhJ1vyRG5lx2mgY="; subPackages = [ "cmd/mattermost" ]; diff --git a/services/gitea.nix b/services/gitea.nix index 3ab5f31..db6430f 100644 --- a/services/gitea.nix +++ b/services/gitea.nix @@ -19,8 +19,6 @@ hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea"; - nixpkgs.config.allowUnfree = true; - services.gitea = { enable = true; appName = "0x0: git for all creatures"; diff --git a/services/hedgedoc-hacc.nix b/services/hedgedoc-hacc.nix index 354b83e..f72cf62 100644 --- a/services/hedgedoc-hacc.nix +++ b/services/hedgedoc-hacc.nix @@ -62,15 +62,13 @@ ensureDatabases = [ "codimd" ]; ensureUsers = [{ name = "codimd"; - ensurePermissions = { - "DATABASE codimd" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; }]; authentication = '' local all all trust host codimd codimd 127.0.0.1/32 trust ''; - package = pkgs.postgresql_11; + package = pkgs.postgresql_15; }; services.postgresqlBackup = { enable = true; diff --git a/services/hedgedoc-i4f.nix b/services/hedgedoc-i4f.nix index a37431f..99644f8 100644 --- a/services/hedgedoc-i4f.nix +++ b/services/hedgedoc-i4f.nix @@ -38,7 +38,7 @@ }; services.postgresql = { enable = true; - package = pkgs.postgresql_11; + package = pkgs.postgresql_15; authentication = '' local all all trust host hedgedoc hedgedoc 127.0.0.1/32 trust @@ -46,9 +46,7 @@ ensureDatabases = [ "hedgedoc" ]; ensureUsers = [{ name = "hedgedoc"; - ensurePermissions = { - "DATABASE hedgedoc" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; }]; }; services.postgresqlBackup = { diff --git a/services/mattermost.nix b/services/mattermost.nix index 1c135de..14fa029 100644 --- a/services/mattermost.nix +++ b/services/mattermost.nix @@ -198,11 +198,11 @@ services.postgresql = { enable = lib.mkForce true; # mattermost sets this to false. wtf. - package = pkgs.postgresql_11; + package = pkgs.postgresql_15; ensureDatabases = [ "mattermost" ]; ensureUsers = [ { name = "mattermost"; - ensurePermissions = { "DATABASE mattermost" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; authentication = lib.mkForce '' diff --git a/services/nextcloud.nix b/services/nextcloud.nix index b81a115..d552bd4 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -25,9 +25,6 @@ home = "/persist/nextcloud"; https = true; - # true by default for backwards-compatability, but we don't need it - enableBrokenCiphersForSSE = false; - hostName = "cloud.infra4future.de"; config = { dbtype = "pgsql"; @@ -61,13 +58,13 @@ services.postgresql = { enable = true; - package = pkgs.postgresql_11; + package = pkgs.postgresql_15; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { # by default, postgres has unix sockets enabled, and allows a # system user `nextcloud` to log in without other authentication name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + ensureDBOwnership = true; } ]; }; diff --git a/services/tracktrain.nix b/services/tracktrain.nix index 0431031..fc4e308 100644 --- a/services/tracktrain.nix +++ b/services/tracktrain.nix @@ -91,9 +91,7 @@ in ensureDatabases = [ "tracktrain" ]; ensureUsers = [ { name = "tracktrain"; - ensurePermissions = { - "DATABASE tracktrain" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; authentication = '' local all all trust