initial work towards nixos 23.11

Note: this updates all postgres instances, since postgresql_11 no longer
exists.
This commit is contained in:
stuebinm 2023-11-30 17:43:48 +01:00
parent 17149be4bd
commit 9d187d212a
11 changed files with 303 additions and 49 deletions

View file

@ -61,7 +61,7 @@
whois whois
iperf iperf
fd fd
exa eza
socat socat
tmux tmux
gnupg gnupg

View file

@ -23,6 +23,51 @@
"type": "github" "type": "github"
} }
}, },
"authentik-nix": {
"inputs": {
"authentik-src": "authentik-src",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nix-hexchen",
"nixpkgs"
],
"nixpkgs-23-05": "nixpkgs-23-05",
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1700588859,
"narHash": "sha256-gTai5mqxbTUX9GvrRXVqsPP7wqAgqdSP2idQC2xyUXE=",
"owner": "mayflower",
"repo": "authentik-nix",
"rev": "9663811618b8d86b395912b621ae09ecee1bdacc",
"type": "github"
},
"original": {
"owner": "mayflower",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1700588304,
"narHash": "sha256-NsXYfXxn7ofl9EeLAQi1V0tKlOeVyQqH1W26uejjKV0=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "a2a67161ac8b840d63cbaacdfbebb60fd48e901b",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2023.10.4",
"repo": "authentik",
"type": "github"
}
},
"blobs": { "blobs": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -41,8 +86,8 @@
}, },
"colmena": { "colmena": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nix-hexchen", "nix-hexchen",
"nixpkgs" "nixpkgs"
@ -67,7 +112,7 @@
"cyberchaos": { "cyberchaos": {
"inputs": { "inputs": {
"digital-secretFiles": "digital-secretFiles", "digital-secretFiles": "digital-secretFiles",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nix-hexchen", "nix-hexchen",
"nixpkgs" "nixpkgs"
@ -294,6 +339,22 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1650374568, "lastModified": 1650374568,
@ -309,7 +370,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": { "flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -325,7 +386,43 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1696343447,
"narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -340,9 +437,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1685518550, "lastModified": 1685518550,
@ -426,6 +523,33 @@
"url": "https://releases.mattermost.com/8.1.6/mattermost-8.1.6-linux-amd64.tar.gz" "url": "https://releases.mattermost.com/8.1.6/mattermost-8.1.6-linux-amd64.tar.gz"
} }
}, },
"napalm": {
"inputs": {
"flake-utils": [
"nix-hexchen",
"authentik-nix",
"flake-utils"
],
"nixpkgs": [
"nix-hexchen",
"authentik-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1693989153,
"narHash": "sha256-gx39Y3opGB25+44OjM+h1bdJyzgLD963va8ULGYlbhM=",
"owner": "nix-community",
"repo": "napalm",
"rev": "a8215ccf1c80070f51a92771f3bc637dd9b9f7ee",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "napalm",
"type": "github"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -459,7 +583,7 @@
"evil-org-mode": "evil-org-mode", "evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff", "evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode", "explain-pause-mode": "explain-pause-mode",
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"flake-utils": [ "flake-utils": [
"nix-hexchen", "nix-hexchen",
"flake-utils" "flake-utils"
@ -496,9 +620,33 @@
"type": "github" "type": "github"
} }
}, },
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"nix-hexchen",
"authentik-nix",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1693660503,
"narHash": "sha256-B/g2V4v6gjirFmy+I5mwB2bCYc0l3j5scVfwgl6WOl8=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "bd5bdbb52350e145c526108f4ef192eb8e554fa0",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-hexchen": { "nix-hexchen": {
"inputs": { "inputs": {
"apple-silicon": "apple-silicon", "apple-silicon": "apple-silicon",
"authentik-nix": "authentik-nix",
"colmena": "colmena", "colmena": "colmena",
"cyberchaos": "cyberchaos", "cyberchaos": "cyberchaos",
"deploy-rs": [ "deploy-rs": [
@ -538,11 +686,11 @@
"waybar-iceportal": "waybar-iceportal" "waybar-iceportal": "waybar-iceportal"
}, },
"locked": { "locked": {
"lastModified": 1700182193, "lastModified": 1701220872,
"narHash": "sha256-MRrgDh39QJlynhhD7Md6Xio31IgM0/olbjq8CrUX31s=", "narHash": "sha256-ZyzC9uTIEQSqr5wX1zfMATtBjlpox96HxNPd7Erl3eY=",
"owner": "hexchen", "owner": "hexchen",
"repo": "nixfiles", "repo": "nixfiles",
"rev": "37b19422da8954bd748fd7205b79f6f5b78de982", "rev": "ebe48cb7eaa891e85030f939f0a3dd52d183ccb6",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -601,16 +749,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1687462267, "lastModified": 1700085753,
"narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", "narHash": "sha256-qtib7f3eRwfaUF+VziJXiBcZFqpHCAXS4HlrFsnzzl4=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "24128c3052090311688b09a400aa408ba61c6ee5", "rev": "008d78cc21959e33d0d31f375b88353a7d7121ae",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"ref": "nixos-23.05", "ref": "master",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"type": "gitlab" "type": "gitlab"
} }
@ -645,6 +793,40 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-23-05": {
"locked": {
"lastModified": 1699291058,
"narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "41de143fda10e33be0f47eab2bfe08a50f234267",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1696019113,
"narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-oldstable": { "nixpkgs-oldstable": {
"locked": { "locked": {
"lastModified": 1678761643, "lastModified": 1678761643,
@ -678,26 +860,26 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1700403855, "lastModified": 1701263465,
"narHash": "sha256-Q0Uzjik9kUTN9pd/kp52XJi5kletBhy29ctBlAG+III=", "narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0c5678df521e1407884205fe3ce3cf1d7df297db", "rev": "50aa30a13c4ab5e7ba282da460a3e3d44e9d0eb3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-23.05", "ref": "nixos-23.11",
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1700108881, "lastModified": 1700856099,
"narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=", "narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1", "rev": "0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -819,6 +1001,36 @@
"type": "github" "type": "github"
} }
}, },
"poetry2nix": {
"inputs": {
"flake-utils": [
"nix-hexchen",
"authentik-nix",
"flake-utils"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nix-hexchen",
"authentik-nix",
"nixpkgs"
],
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1698324369,
"narHash": "sha256-rftG/00dnS+HHun11lDFtL33NNcGUE3XznYI78gU7dY=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "8f2c483f9a40db26011f6668559574a4b86ed499",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"revealjs": { "revealjs": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -904,11 +1116,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700362823, "lastModified": 1701127353,
"narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=", "narHash": "sha256-qVNX0wOl0b7+I35aRu78xUphOyELh+mtUp1KBx89K1Q=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "49a87c6c827ccd21c225531e30745a9a6464775c", "rev": "b1edbf5c0464b4cced90a3ba6f999e671f0af631",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -948,6 +1160,35 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tracktrain": { "tracktrain": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -965,6 +1206,29 @@
"url": "https://stuebinm.eu/git/tracktrain" "url": "https://stuebinm.eu/git/tracktrain"
} }
}, },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nix-hexchen",
"authentik-nix",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1697388351,
"narHash": "sha256-63N2eBpKaziIy4R44vjpUu8Nz5fCJY7okKrkixvDQmY=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "aae39f64f5ecbe89792d05eacea5cb241891292a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"ts-fold": { "ts-fold": {
"flake": false, "flake": false,
"locked": { "locked": {

View file

@ -7,11 +7,11 @@
mattermost-server.url = "github:mattermost/mattermost-server?ref=v8.1.6"; mattermost-server.url = "github:mattermost/mattermost-server?ref=v8.1.6";
mattermost-server.flake = false; mattermost-server.flake = false;
nixpkgs.url = "nixpkgs/nixos-23.05"; nixpkgs.url = "nixpkgs/nixos-23.11";
nixpkgs-oldstable.url = "github:/NixOS/nixpkgs?rev=c4aec3c021620d98861639946123214207e98344"; nixpkgs-oldstable.url = "github:/NixOS/nixpkgs?rev=c4aec3c021620d98861639946123214207e98344";
nix-hexchen.url = "gitlab:hexchen/nixfiles"; nix-hexchen.url = "gitlab:hexchen/nixfiles";
nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main"; tracktrain.url = "git+https://stuebinm.eu/git/tracktrain?ref=main";
tracktrain.flake = false; tracktrain.flake = false;
@ -47,6 +47,7 @@
pkgs = import ./pkgs { pkgs = import ./pkgs {
sources = inputs; sources = inputs;
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfree = true;
}; };
evalConfig = config: (nixpkgs.lib.nixosSystem { evalConfig = config: (nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@ -55,7 +56,6 @@
nix-hexchen.nixosModules.network.nftables nix-hexchen.nixosModules.network.nftables
{ {
nixpkgs.pkgs = pkgs.lib.mkForce pkgs; nixpkgs.pkgs = pkgs.lib.mkForce pkgs;
nixpkgs.config.allowUnfree = true;
imports = [ profiles.container profiles.nopersist ]; imports = [ profiles.container profiles.nopersist ];
} }
]; ];

View file

@ -32,6 +32,7 @@ let
mkdir -p $out mkdir -p $out
cp * -r $out cp * -r $out
''; '';
meta.mainProgram = "thelounge";
}; };
uffd = oldstable.callPackage ./uffd { }; uffd = oldstable.callPackage ./uffd { };

View file

@ -9,7 +9,7 @@ let
src = "${sources.mattermost-server}/server"; src = "${sources.mattermost-server}/server";
vendorSha256 = "sha256-25nyneJ+ynM9WdnnLd4L3a720ecKdhJ1vyRG5lx2mgY="; vendorHash = "sha256-25nyneJ+ynM9WdnnLd4L3a720ecKdhJ1vyRG5lx2mgY=";
subPackages = [ "cmd/mattermost" ]; subPackages = [ "cmd/mattermost" ];

View file

@ -19,8 +19,6 @@
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea"; hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";
nixpkgs.config.allowUnfree = true;
services.gitea = { services.gitea = {
enable = true; enable = true;
appName = "0x0: git for all creatures"; appName = "0x0: git for all creatures";

View file

@ -62,15 +62,13 @@
ensureDatabases = [ "codimd" ]; ensureDatabases = [ "codimd" ];
ensureUsers = [{ ensureUsers = [{
name = "codimd"; name = "codimd";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE codimd" = "ALL PRIVILEGES";
};
}]; }];
authentication = '' authentication = ''
local all all trust local all all trust
host codimd codimd 127.0.0.1/32 trust host codimd codimd 127.0.0.1/32 trust
''; '';
package = pkgs.postgresql_11; package = pkgs.postgresql_15;
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; enable = true;

View file

@ -38,7 +38,7 @@
}; };
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_11; package = pkgs.postgresql_15;
authentication = '' authentication = ''
local all all trust local all all trust
host hedgedoc hedgedoc 127.0.0.1/32 trust host hedgedoc hedgedoc 127.0.0.1/32 trust
@ -46,9 +46,7 @@
ensureDatabases = [ "hedgedoc" ]; ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{ ensureUsers = [{
name = "hedgedoc"; name = "hedgedoc";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE hedgedoc" = "ALL PRIVILEGES";
};
}]; }];
}; };
services.postgresqlBackup = { services.postgresqlBackup = {

View file

@ -198,11 +198,11 @@
services.postgresql = { services.postgresql = {
enable = lib.mkForce true; # mattermost sets this to false. wtf. enable = lib.mkForce true; # mattermost sets this to false. wtf.
package = pkgs.postgresql_11; package = pkgs.postgresql_15;
ensureDatabases = [ "mattermost" ]; ensureDatabases = [ "mattermost" ];
ensureUsers = [ { ensureUsers = [ {
name = "mattermost"; name = "mattermost";
ensurePermissions = { "DATABASE mattermost" = "ALL PRIVILEGES"; }; ensureDBOwnership = true;
} ]; } ];
authentication = lib.mkForce '' authentication = lib.mkForce ''

View file

@ -25,9 +25,6 @@
home = "/persist/nextcloud"; home = "/persist/nextcloud";
https = true; https = true;
# true by default for backwards-compatability, but we don't need it
enableBrokenCiphersForSSE = false;
hostName = "cloud.infra4future.de"; hostName = "cloud.infra4future.de";
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
@ -61,13 +58,13 @@
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_11; package = pkgs.postgresql_15;
ensureDatabases = [ "nextcloud" ]; ensureDatabases = [ "nextcloud" ];
ensureUsers = [ ensureUsers = [
{ # by default, postgres has unix sockets enabled, and allows a { # by default, postgres has unix sockets enabled, and allows a
# system user `nextcloud` to log in without other authentication # system user `nextcloud` to log in without other authentication
name = "nextcloud"; name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; ensureDBOwnership = true;
} }
]; ];
}; };

View file

@ -91,9 +91,7 @@ in
ensureDatabases = [ "tracktrain" ]; ensureDatabases = [ "tracktrain" ];
ensureUsers = [ { ensureUsers = [ {
name = "tracktrain"; name = "tracktrain";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE tracktrain" = "ALL PRIVILEGES";
};
} ]; } ];
authentication = '' authentication = ''
local all all trust local all all trust