bump nixpkgs to 21.11

This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.

Some things to note:
 - syncthing's declarative config is gone. Instead, declarative and
   non-declarative configuration can now be mixed, but with
   `overrideDevices` set to true, it _should_ ignore non-declarative
   settings and basically behave the same as before (or at least that's
   how I understood the documentation on that)
 - some postfix options now require a lib.mkForce, since the mail module
   also wants to set them — we should probably look into if the mail
   module has nicer ways of handling our settings now (which I didn't
   do)
 - we no longer import the vaultwarden module from unstable, since it's
   included in nixos 21.11 as-is. We _do_ still import the vaultwarden
   package from unstable, since downgrading sounds like a bad idea.
 - nix build will print a warning that `literalExample` is now
   depricated, but we don't seem to use that — I guess at some point
   we'll have to search through our sources if it doesn't go away

This was not yet deployed, and should probably considered a
work-in-progress.

Building Nixda currently fails decklink seems to have disappeared.

nix/sources.json

@@ -76,7 +76,7 @@
         "url_template": "<repo>/-/archive/<rev>.tar.gz"
     },
     "nixpkgs": {
-        "branch": "nixos-21.05",
+        "branch": "nixos-21.11",
         "description": "Nix Packages collection",
         "homepage": "",
         "owner": "nixos",
@@ -87,28 +87,16 @@
         "url": "https://github.com/nixos/nixpkgs/archive/7bca80140fc7732c7357b26002db3d87b3ba4c61.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
-    "nixpkgs-new": {
-        "branch": "nixos-21.11",
-        "description": "Nix Packages collection",
-        "homepage": "",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "8588b14a397e045692d0a87192810b6dddf53003",
-        "sha256": "15srsgbhgn27wa4kz4x0gfqbsdnwig0h0y8gj2h4nnw92nrxpvnm",
-        "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/8588b14a397e045692d0a87192810b6dddf53003.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
     "nixpkgs-unstable": {
         "branch": "nixos-unstable",
         "description": "Nix Packages collection",
         "homepage": "",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "ac169ec6371f0d835542db654a65e0f2feb07838",
+        "rev": "5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3",
-        "sha256": "0bwjyz15sr5f7z0niwls9127hikp2b6fggisysk0cnk3l6fa8abh",
+        "sha256": "0yb7l5p4k9q8avwiq0fgp87ij50d6yavgh4dfw14jh2lf8daqbmp",
         "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/ac169ec6371f0d835542db654a65e0f2feb07838.tar.gz",
+        "url": "https://github.com/nixos/nixpkgs/archive/5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "workadventure": {

pkgs/mattermost/default.nix

@@ -12,10 +12,9 @@ let
 
     goPackagePath = "github.com/mattermost/mattermost-server";
 
-    buildFlagsArray = ''
+    ldflags = [
-      -ldflags=
+        "-X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}"
-        -X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}
+    ];
-    '';
 
   };
 

services/gitlab-runner.nix

@@ -57,6 +57,7 @@
     home = "/persist/var/lib/gitlab-runner";
     extraGroups = [ "docker" ];
     isSystemUser = true;
+    group = "nogroup";
   };
 
   virtualisation.docker.storageDriver = "zfs";

services/mail.nix

@@ -124,8 +124,8 @@
     # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
     virusScanning = false;
   };
-  services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
+  services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
-  services.postfix.submissionsOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
+  services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
   services.postfix.virtual = ''
     @4future.dev @hacc.space
     @4futu.re @hacc.space

services/syncthing.nix

@@ -6,50 +6,47 @@
     openDefaultPorts = true;
     configDir = "/persist/var/lib/syncthing/";
     dataDir = "/persist/data/syncthing/";
-    declarative = {
+    overrideDevices = true;
-      devices = {
+    devices = {
-        # schweby
+      # schweby
-        txsbcct = {
+      txsbcct = {
-          addresses = []; # empty = dynamic
+        addresses = []; # empty = dynamic
-          id = "AQHOPTO-X3LWJXZ-2SPLSEW-MCVMX3R-VSLPPYE-NIOTDMW-QOYRSDZ-2LR7RAD";
+        id = "AQHOPTO-X3LWJXZ-2SPLSEW-MCVMX3R-VSLPPYE-NIOTDMW-QOYRSDZ-2LR7RAD";
-        };
-        octycs = {
-          addresses = []; # empty = dynamic
-          id = "KIJVGWZ-GRXPAUX-ZOTZDLS-KUKANCC-A2IBZRM-BT3RZK7-5M43O6R-OZD5IQE";
-        };
-        stuebinm-desktop = {
-          addresses = []; # empty = dynamic
-          id = "CWZTKG7-F45LE2O-TIT6IBC-RQD6MLH-K5ECUGJ-LOHJXF3-I2F4R6I-JVMRLAJ";
-        };
-        raphael-laptop = {
-          addresses = []; # empty = dynamic
-          id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
-        };
-        # zauberberg
-        conway = {
-          addresses = []; # empty = dynamic
-          id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
-        };
-        # hexchen
-        storah = {
-          addresses = [ "tcp://46.4.62.95:22000" "quic://46.4.62.95:22000" ];
-          id = "SGHQ2JA-7FJ6CKM-N3I54R4-UOJC5KO-7W22O62-YLTF26F-S7DLZG4-ZLP7HAM";
-        };
       };
-
+      octycs = {
-      folders = {
+        addresses = []; # empty = dynamic
-        "/persist/data/syncthing/hacc/" = {
+        id = "KIJVGWZ-GRXPAUX-ZOTZDLS-KUKANCC-A2IBZRM-BT3RZK7-5M43O6R-OZD5IQE";
-          id = "qt2ly-xvvvs";
+      };
-          devices = [ "txsbcct" "octycs" "stuebinm-desktop" "conway" "raphael-laptop" "storah" ];
+      stuebinm-desktop = {
-          type = "receiveonly";
+        addresses = []; # empty = dynamic
-          versioning = {
+        id = "CWZTKG7-F45LE2O-TIT6IBC-RQD6MLH-K5ECUGJ-LOHJXF3-I2F4R6I-JVMRLAJ";
-            type = "simple";
+      };
-            params.keep = "10";
+      raphael-laptop = {
-          };
+        addresses = []; # empty = dynamic
-        };
+        id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
+      };
+      # zauberberg
+      conway = {
+        addresses = []; # empty = dynamic
+        id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
+      };
+      # hexchen
+      storah = {
+        addresses = [ "tcp://46.4.62.95:22000" "quic://46.4.62.95:22000" ];
+        id = "SGHQ2JA-7FJ6CKM-N3I54R4-UOJC5KO-7W22O62-YLTF26F-S7DLZG4-ZLP7HAM";
       };
-
     };
 
+    folders = {
+      "/persist/data/syncthing/hacc/" = {
+        id = "qt2ly-xvvvs";
+        devices = [ "txsbcct" "octycs" "stuebinm-desktop" "conway" "raphael-laptop" "storah" ];
+        type = "receiveonly";
+        versioning = {
+          type = "simple";
+          params.keep = "10";
+        };
+      };
+    };
   };
 }