bump nixpkgs to 21.11

This simply updates nixpkgs to 21.11 (along with a general update of other sources), then follows the hints given out in the build process until everything (on parsons) ran through fine. Some things to note: - syncthing's declarative config is gone. Instead, declarative and non-declarative configuration can now be mixed, but with `overrideDevices` set to true, it _should_ ignore non-declarative settings and basically behave the same as before (or at least that's how I understood the documentation on that) - some postfix options now require a lib.mkForce, since the mail module also wants to set them — we should probably look into if the mail module has nicer ways of handling our settings now (which I didn't do) - we no longer import the vaultwarden module from unstable, since it's included in nixos 21.11 as-is. We _do_ still import the vaultwarden package from unstable, since downgrading sounds like a bad idea. - nix build will print a warning that `literalExample` is now depricated, but we don't seem to use that — I guess at some point we'll have to search through our sources if it doesn't go away This was not yet deployed, and should probably considered a work-in-progress. Building Nixda currently fails decklink seems to have disappeared.
2021-12-01 12:22:20 +01:00 · 2021-12-01 12:22:20 +01:00 · dd9ae9587d
parent ae67b38304
commit dd9ae9587d
5 changed files with 48 additions and 63 deletions
--- a/nix/sources.json
+++ b/nix/sources.json
@ -76,7 +76,7 @@
        "url_template": "<repo>/-/archive/<rev>.tar.gz"
    },
    "nixpkgs": {
-        "branch": "nixos-21.05",
+        "branch": "nixos-21.11",
        "description": "Nix Packages collection",
        "homepage": "",
        "owner": "nixos",
@ -87,28 +87,16 @@
        "url": "https://github.com/nixos/nixpkgs/archive/7bca80140fc7732c7357b26002db3d87b3ba4c61.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
-    "nixpkgs-new": {
-        "branch": "nixos-21.11",
-        "description": "Nix Packages collection",
-        "homepage": "",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "8588b14a397e045692d0a87192810b6dddf53003",
-        "sha256": "15srsgbhgn27wa4kz4x0gfqbsdnwig0h0y8gj2h4nnw92nrxpvnm",
-        "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/8588b14a397e045692d0a87192810b6dddf53003.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
    "nixpkgs-unstable": {
        "branch": "nixos-unstable",
        "description": "Nix Packages collection",
        "homepage": "",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "ac169ec6371f0d835542db654a65e0f2feb07838",
-        "sha256": "0bwjyz15sr5f7z0niwls9127hikp2b6fggisysk0cnk3l6fa8abh",
+        "rev": "5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3",
+        "sha256": "0yb7l5p4k9q8avwiq0fgp87ij50d6yavgh4dfw14jh2lf8daqbmp",
        "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/ac169ec6371f0d835542db654a65e0f2feb07838.tar.gz",
+        "url": "https://github.com/nixos/nixpkgs/archive/5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "workadventure": {
--- a/pkgs/mattermost/default.nix
+++ b/pkgs/mattermost/default.nix
@ -12,10 +12,9 @@ let

    goPackagePath = "github.com/mattermost/mattermost-server";

-    buildFlagsArray = ''
-      -ldflags=
-        -X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}
-    '';
+    ldflags = [
+        "-X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}"
+    ];

  };

--- a/services/gitlab-runner.nix
+++ b/services/gitlab-runner.nix
@ -57,6 +57,7 @@
    home = "/persist/var/lib/gitlab-runner";
    extraGroups = [ "docker" ];
    isSystemUser = true;
+    group = "nogroup";
  };

  virtualisation.docker.storageDriver = "zfs";
--- a/services/mail.nix
+++ b/services/mail.nix
@ -124,8 +124,8 @@
    # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
    virusScanning = false;
  };
-  services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
-  services.postfix.submissionsOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
+  services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
+  services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
  services.postfix.virtual = ''
    @4future.dev @hacc.space
    @4futu.re @hacc.space
--- a/services/syncthing.nix
+++ b/services/syncthing.nix
@ -6,50 +6,47 @@
    openDefaultPorts = true;
    configDir = "/persist/var/lib/syncthing/";
    dataDir = "/persist/data/syncthing/";
-    declarative = {
-      devices = {
-        # schweby
-        txsbcct = {
-          addresses = []; # empty = dynamic
-          id = "AQHOPTO-X3LWJXZ-2SPLSEW-MCVMX3R-VSLPPYE-NIOTDMW-QOYRSDZ-2LR7RAD";
-        };
-        octycs = {
-          addresses = []; # empty = dynamic
-          id = "KIJVGWZ-GRXPAUX-ZOTZDLS-KUKANCC-A2IBZRM-BT3RZK7-5M43O6R-OZD5IQE";
-        };
-        stuebinm-desktop = {
-          addresses = []; # empty = dynamic
-          id = "CWZTKG7-F45LE2O-TIT6IBC-RQD6MLH-K5ECUGJ-LOHJXF3-I2F4R6I-JVMRLAJ";
-        };
-        raphael-laptop = {
-          addresses = []; # empty = dynamic
-          id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
-        };
-        # zauberberg
-        conway = {
-          addresses = []; # empty = dynamic
-          id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
-        };
-        # hexchen
-        storah = {
-          addresses = [ "tcp://46.4.62.95:22000" "quic://46.4.62.95:22000" ];
-          id = "SGHQ2JA-7FJ6CKM-N3I54R4-UOJC5KO-7W22O62-YLTF26F-S7DLZG4-ZLP7HAM";
-        };
+    overrideDevices = true;
+    devices = {
+      # schweby
+      txsbcct = {
+        addresses = []; # empty = dynamic
+        id = "AQHOPTO-X3LWJXZ-2SPLSEW-MCVMX3R-VSLPPYE-NIOTDMW-QOYRSDZ-2LR7RAD";
      };
-
-      folders = {
-        "/persist/data/syncthing/hacc/" = {
-          id = "qt2ly-xvvvs";
-          devices = [ "txsbcct" "octycs" "stuebinm-desktop" "conway" "raphael-laptop" "storah" ];
-          type = "receiveonly";
-          versioning = {
-            type = "simple";
-            params.keep = "10";
-          };
-        };
+      octycs = {
+        addresses = []; # empty = dynamic
+        id = "KIJVGWZ-GRXPAUX-ZOTZDLS-KUKANCC-A2IBZRM-BT3RZK7-5M43O6R-OZD5IQE";
+      };
+      stuebinm-desktop = {
+        addresses = []; # empty = dynamic
+        id = "CWZTKG7-F45LE2O-TIT6IBC-RQD6MLH-K5ECUGJ-LOHJXF3-I2F4R6I-JVMRLAJ";
+      };
+      raphael-laptop = {
+        addresses = []; # empty = dynamic
+        id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
+      };
+      # zauberberg
+      conway = {
+        addresses = []; # empty = dynamic
+        id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
+      };
+      # hexchen
+      storah = {
+        addresses = [ "tcp://46.4.62.95:22000" "quic://46.4.62.95:22000" ];
+        id = "SGHQ2JA-7FJ6CKM-N3I54R4-UOJC5KO-7W22O62-YLTF26F-S7DLZG4-ZLP7HAM";
      };
-
    };

+    folders = {
+      "/persist/data/syncthing/hacc/" = {
+        id = "qt2ly-xvvvs";
+        devices = [ "txsbcct" "octycs" "stuebinm-desktop" "conway" "raphael-laptop" "storah" ];
+        type = "receiveonly";
+        versioning = {
+          type = "simple";
+          params.keep = "10";
+        };
+      };
+    };
  };
 }