From 8b91036fc1a2776a1a64226e2bf2d68c0e277729 Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Wed, 1 Dec 2021 12:22:20 +0100
Subject: [PATCH] bump nixpkgs to 21.11
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.

Some things to note:
 - syncthing's declarative config is gone. Instead, declarative and
   non-declarative configuration can now be mixed, but with
   `overrideDevices` set to true, it _should_ ignore non-declarative
   settings and basically behave the same as before (or at least that's
   how I understood the documentation on that)
 - some postfix options now require a lib.mkForce, since the mail module
   also wants to set them — we should probably look into if the mail
   module has nicer ways of handling our settings now (which I didn't
   do)
 - we no longer import the vaultwarden module from unstable, since it's
   included in nixos 21.11 as-is. We _do_ still import the vaultwarden
   package from unstable, since downgrading sounds like a bad idea.
 - nix build will print a warning that `literalExample` is now
   depricated, but we don't seem to use that — I guess at some point
   we'll have to search through our sources if it doesn't go away

This was not yet deployed, and should probably considered a
work-in-progress.

Building Nixda currently fails decklink seems to have disappeared.
---
 modules/default.nix         |  1 -
 nix/sources.json            | 22 +++++------
 pkgs/mattermost/default.nix |  7 ++--
 services/gitlab-runner.nix  |  1 +
 services/mail.nix           |  4 +-
 services/syncthing.nix      | 79 ++++++++++++++++++-------------------
 6 files changed, 55 insertions(+), 59 deletions(-)

diff --git a/modules/default.nix b/modules/default.nix
index 100b4f2..82850cb 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -5,7 +5,6 @@ in {
   imports = [
     ./nftnat
     ./decklink.nix
-    "${sources.nixpkgs-unstable}/nixos/modules/services/security/vaultwarden"
   ];
 
   # disabled since vaultwarden defines a dummy bitwarden_rs option that
diff --git a/nix/sources.json b/nix/sources.json
index 8b3bf44..7d19a78 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -11,10 +11,10 @@
         "homepage": "https://nix-community.github.io/home-manager/",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bcf03fa16a1f06b8a0abb27bf49afa8d6fffe8f1",
-        "sha256": "0nznlb2xgkvdav6d4qls2w81m3p3h4hdbwbp2nwqkiszkp7j1bln",
+        "rev": "7329ffc6e911106494183557fc249180d5422929",
+        "sha256": "1liqvc6bhfypscbvq953j8izw806xn4vklh86zyqpkmsa5ac0yvp",
         "type": "tarball",
-        "url": "https://github.com/nix-community/home-manager/archive/bcf03fa16a1f06b8a0abb27bf49afa8d6fffe8f1.tar.gz",
+        "url": "https://github.com/nix-community/home-manager/archive/7329ffc6e911106494183557fc249180d5422929.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "mattermost-server": {
@@ -23,7 +23,7 @@
         "homepage": "https://mattermost.com",
         "owner": "mattermost",
         "repo": "mattermost-server",
-        "rev": "b7a7d8e7b6f0986ffd6f1466909f31db2e39d268",
+        "rev": "a7c6fa13405b4d8dfd43646e53550b06e508cbd3",
         "sha256": "0ni10mv38qjyyrygs66ja3ayhn61rhbxxvvfr3rmkkn5mvpzyp92",
         "type": "tarball",
         "url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v6.1.0.tar.gz",
@@ -76,15 +76,15 @@
         "url_template": "<repo>/-/archive/<rev>.tar.gz"
     },
     "nixpkgs": {
-        "branch": "nixos-21.05",
+        "branch": "nixos-21.11",
         "description": "Nix Packages collection",
         "homepage": "",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "46251a79f752ae1d46ef733e8e9760b6d3429da4",
-        "sha256": "1xsp0xyrf8arjkf4wi09n96kbg0r8igsmzx8bhc1nj4nr078p0pg",
+        "rev": "96b4157790fc96e70d6e6c115e3f34bba7be490f",
+        "sha256": "05m0gn1dy0cdlamwyiq276s770bm2pw8qx6s0mfrv3khpcvv186l",
         "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/46251a79f752ae1d46ef733e8e9760b6d3429da4.tar.gz",
+        "url": "https://github.com/nixos/nixpkgs/archive/96b4157790fc96e70d6e6c115e3f34bba7be490f.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs-unstable": {
@@ -93,10 +93,10 @@
         "homepage": "",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "2deb07f3ac4eeb5de1c12c4ba2911a2eb1f6ed61",
-        "sha256": "0036sv1sc4ddf8mv8f8j9ifqzl3fhvsbri4z1kppn0f1zk6jv9yi",
+        "rev": "29d1f6e1f625d246dcf84a78ef97b4da3cafc6ea",
+        "sha256": "0vk85cwrmwlid7ks4rk9grb5rrd2cq3mzkx18j7ppkr9na6y1sh3",
         "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/2deb07f3ac4eeb5de1c12c4ba2911a2eb1f6ed61.tar.gz",
+        "url": "https://github.com/nixos/nixpkgs/archive/29d1f6e1f625d246dcf84a78ef97b4da3cafc6ea.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "workadventure": {
diff --git a/pkgs/mattermost/default.nix b/pkgs/mattermost/default.nix
index 870d9fe..8db6934 100644
--- a/pkgs/mattermost/default.nix
+++ b/pkgs/mattermost/default.nix
@@ -12,10 +12,9 @@ let
 
     goPackagePath = "github.com/mattermost/mattermost-server";
 
-    buildFlagsArray = ''
-      -ldflags=
-        -X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}
-    '';
+    ldflags = [
+        "-X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}"
+    ];
 
   };
 
diff --git a/services/gitlab-runner.nix b/services/gitlab-runner.nix
index 6968d1c..6a467d6 100644
--- a/services/gitlab-runner.nix
+++ b/services/gitlab-runner.nix
@@ -57,6 +57,7 @@
     home = "/persist/var/lib/gitlab-runner";
     extraGroups = [ "docker" ];
     isSystemUser = true;
+    group = "nogroup";
   };
 
   virtualisation.docker.storageDriver = "zfs";
diff --git a/services/mail.nix b/services/mail.nix
index 4fe190c..39b4a07 100644
--- a/services/mail.nix
+++ b/services/mail.nix
@@ -122,8 +122,8 @@
     # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
     virusScanning = false;
   };
-  services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
-  services.postfix.submissionsOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
+  services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
+  services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
   services.postfix.virtual = ''
     @4future.dev @hacc.space
     @4futu.re @hacc.space
diff --git a/services/syncthing.nix b/services/syncthing.nix
index d7d2be6..e453a58 100644
--- a/services/syncthing.nix
+++ b/services/syncthing.nix
@@ -6,50 +6,47 @@
     openDefaultPorts = true;
     configDir = "/persist/var/lib/syncthing/";
     dataDir = "/persist/data/syncthing/";
-    declarative = {
-      devices = {
-        # schweby
-        txsbcct = {
-          addresses = []; # empty = dynamic
-          id = "AQHOPTO-X3LWJXZ-2SPLSEW-MCVMX3R-VSLPPYE-NIOTDMW-QOYRSDZ-2LR7RAD";
-        };
-        octycs = {
-          addresses = []; # empty = dynamic
-          id = "KIJVGWZ-GRXPAUX-ZOTZDLS-KUKANCC-A2IBZRM-BT3RZK7-5M43O6R-OZD5IQE";
-        };
-        stuebinm-desktop = {
-          addresses = []; # empty = dynamic
-          id = "CWZTKG7-F45LE2O-TIT6IBC-RQD6MLH-K5ECUGJ-LOHJXF3-I2F4R6I-JVMRLAJ";
-        };
-        raphael-laptop = {
-          addresses = []; # empty = dynamic
-          id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
-        };
-        # zauberberg
-        conway = {
-          addresses = []; # empty = dynamic
-          id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
-        };
-        # hexchen
-        storah = {
-          addresses = [ "tcp://46.4.62.95:22000" "quic://46.4.62.95:22000" ];
-          id = "SGHQ2JA-7FJ6CKM-N3I54R4-UOJC5KO-7W22O62-YLTF26F-S7DLZG4-ZLP7HAM";
-        };
+    overrideDevices = true;
+    devices = {
+      # schweby
+      txsbcct = {
+        addresses = []; # empty = dynamic
+        id = "AQHOPTO-X3LWJXZ-2SPLSEW-MCVMX3R-VSLPPYE-NIOTDMW-QOYRSDZ-2LR7RAD";
       };
-
-      folders = {
-        "/persist/data/syncthing/hacc/" = {
-          id = "qt2ly-xvvvs";
-          devices = [ "txsbcct" "octycs" "stuebinm-desktop" "conway" "raphael-laptop" "storah" ];
-          type = "receiveonly";
-          versioning = {
-            type = "simple";
-            params.keep = "10";
-          };
-        };
+      octycs = {
+        addresses = []; # empty = dynamic
+        id = "KIJVGWZ-GRXPAUX-ZOTZDLS-KUKANCC-A2IBZRM-BT3RZK7-5M43O6R-OZD5IQE";
+      };
+      stuebinm-desktop = {
+        addresses = []; # empty = dynamic
+        id = "CWZTKG7-F45LE2O-TIT6IBC-RQD6MLH-K5ECUGJ-LOHJXF3-I2F4R6I-JVMRLAJ";
+      };
+      raphael-laptop = {
+        addresses = []; # empty = dynamic
+        id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
+      };
+      # zauberberg
+      conway = {
+        addresses = []; # empty = dynamic
+        id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
+      };
+      # hexchen
+      storah = {
+        addresses = [ "tcp://46.4.62.95:22000" "quic://46.4.62.95:22000" ];
+        id = "SGHQ2JA-7FJ6CKM-N3I54R4-UOJC5KO-7W22O62-YLTF26F-S7DLZG4-ZLP7HAM";
       };
-
     };
 
+    folders = {
+      "/persist/data/syncthing/hacc/" = {
+        id = "qt2ly-xvvvs";
+        devices = [ "txsbcct" "octycs" "stuebinm-desktop" "conway" "raphael-laptop" "storah" ];
+        type = "receiveonly";
+        versioning = {
+          type = "simple";
+          params.keep = "10";
+        };
+      };
+    };
   };
 }