Merge branch 'nixos-21.11' into 'main'

WIP: bump nixpkgs to 21.11 See merge request hacc/infra/haccfiles!84
2022-01-27 20:21:33 +00:00 · 2022-01-27 20:21:33 +00:00 · f6f9fbf288
parent 68afbe01b3 6de0b91beb
commit f6f9fbf288
12 changed files with 33 additions and 35 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -6,7 +6,6 @@ in {
    ./nftnat
    ./decklink.nix
    ./websites.nix
-    "${sources.nixpkgs-unstable}/nixos/modules/services/security/vaultwarden"
  ];

  # disabled since vaultwarden defines a dummy bitwarden_rs option that
--- a/nix/sources.json
+++ b/nix/sources.json
@ -23,7 +23,7 @@
        "homepage": "https://mattermost.com",
        "owner": "mattermost",
        "repo": "mattermost-server",
-        "rev": "3172adfce9d98fe8f9c98ccd0a0fdbb52291ae0a",
+        "rev": "8f352436049776b5bd7c006bb03992d8fe2f029f",
        "sha256": "1sy0kydp87pwby0whgq678jq1zpivqndip81787r9b3dqcyq47cp",
        "type": "tarball",
        "url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v6.1.2.tar.gz",
@ -70,27 +70,15 @@
        "url_template": "<repo>/-/archive/<rev>.tar.gz"
    },
    "nixpkgs": {
-        "branch": "nixos-21.05",
-        "description": "Nix Packages collection",
-        "homepage": "",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "7bca80140fc7732c7357b26002db3d87b3ba4c61",
-        "sha256": "0vyjpf1jw4cvw7kfbk055faq08q4swz6v1h2mf9zw4r8frhqa73w",
-        "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/7bca80140fc7732c7357b26002db3d87b3ba4c61.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "nixpkgs-new": {
        "branch": "nixos-21.11",
        "description": "Nix Packages collection",
        "homepage": "",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8588b14a397e045692d0a87192810b6dddf53003",
-        "sha256": "15srsgbhgn27wa4kz4x0gfqbsdnwig0h0y8gj2h4nnw92nrxpvnm",
+        "rev": "6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca",
+        "sha256": "1yl5gj0mzczhl1j8sl8iqpwa1jzsgr12fdszw9rq13cdig2a2r5f",
        "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/8588b14a397e045692d0a87192810b6dddf53003.tar.gz",
+        "url": "https://github.com/nixos/nixpkgs/archive/6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixpkgs-unstable": {
@ -99,10 +87,10 @@
        "homepage": "",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "ac169ec6371f0d835542db654a65e0f2feb07838",
-        "sha256": "0bwjyz15sr5f7z0niwls9127hikp2b6fggisysk0cnk3l6fa8abh",
+        "rev": "945ec499041db73043f745fad3b2a3a01e826081",
+        "sha256": "1ixv310sjw0r5vda4yfwp3snyha2i9h7aqygd43cyvdk2qsjk8pq",
        "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/ac169ec6371f0d835542db654a65e0f2feb07838.tar.gz",
+        "url": "https://github.com/nixos/nixpkgs/archive/945ec499041db73043f745fad3b2a3a01e826081.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "workadventure": {
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -4,7 +4,6 @@ let
  sources = import ../nix/sources.nix;
  pkgs = import sources.nixpkgs args;
  unstable = import sources.nixpkgs-unstable args;
-  new = import sources.nixpkgs-new args;

  callPackage = pkgs.lib.callPackageWith (pkgs // newpkgs);

--- a/pkgs/mattermost/default.nix
+++ b/pkgs/mattermost/default.nix
@ -12,10 +12,9 @@ let

    goPackagePath = "github.com/mattermost/mattermost-server";

-    buildFlagsArray = ''
-      -ldflags=
-        -X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}
-    '';
+    ldflags = [
+        "-X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}"
+    ];

  };

--- a/services/gitlab-runner.nix
+++ b/services/gitlab-runner.nix
@ -57,6 +57,7 @@
    home = "/persist/var/lib/gitlab-runner";
    extraGroups = [ "docker" ];
    isSystemUser = true;
+    group = "nogroup";
  };

  virtualisation.docker.storageDriver = "zfs";
--- a/services/hedgedoc-hacc.nix
+++ b/services/hedgedoc-hacc.nix
@ -42,7 +42,12 @@
          allowFreeURL = true;
          allowGravatar = false;
          allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ];
-          dbURL = "postgres://codimd:codimd@localhost:5432/codimd";
+          db = {
+            host = "/run/postgresql";
+            username = "codimd";
+            dialect = "postgres";
+            database = "codimd";
+          };
          defaultPermission = "limited";
          domain  = "pad.hacc.space";
          host = "0.0.0.0";
@ -74,6 +79,11 @@
            "DATABASE codimd" = "ALL PRIVILEGES";
          };
        }];
+        authentication = ''
+          local all all trust
+          host  codimd  codimd  127.0.0.1/32  trust
+        '';
+        package = pkgs.postgresql_11;
      };
      services.postgresqlBackup = {
        enable = true;
--- a/services/hedgedoc-i4f.nix
+++ b/services/hedgedoc-i4f.nix
@ -42,7 +42,11 @@
          allowFreeURL = true;
          allowGravatar = false;
          allowOrigin = [ "localhost" "pad.infra4future.de" "fff-muc.de" ];
-          dbURL = "postgres://hedgedoc:hedgedoc@localhost:5432/hedgedoc";
+          db = {
+            host = "/run/postgresql";
+            dialect = "postgres";
+            database = "hedgedoc";
+          };
          defaultPermission = "freely";
          domain  = "pad.infra4future.de";
          host = "0.0.0.0";
@ -56,6 +60,7 @@
      };
      services.postgresql = {
        enable = true;
+        package = pkgs.postgresql_11;
        authentication = ''
          local all       all                     trust
          host  hedgedoc  hedgedoc  127.0.0.1/32  trust
--- a/services/lantifa.nix
+++ b/services/lantifa.nix
@ -1,8 +1,6 @@
 { config, lib, pkgs, profiles, modules, evalConfig, ... }:

-let
-  new = import (import ../nix/sources.nix).nixpkgs-new {};
-in {
+{
  containers.lantifa = {
    autoStart = true;
    privateNetwork = true;
@ -37,7 +35,6 @@ in {
      services.mediawiki = {
        enable = true;
        name = "LANtifa";
-        package = new.mediawiki;
        database.createLocally = true;
        passwordFile = "/var/lib/mediawiki/mediawiki-password";
        extraConfig = let
--- a/services/mail.nix
+++ b/services/mail.nix
@ -124,8 +124,8 @@
    # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
    virusScanning = false;
  };
-  services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
-  services.postfix.submissionsOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
+  services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
+  services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
  services.postfix.virtual = ''
    @4future.dev @hacc.space
    @4futu.re @hacc.space
--- a/services/mattermost.nix
+++ b/services/mattermost.nix
@ -202,6 +202,7 @@ in {

      services.postgresql = {
        enable = lib.mkForce true; # mattermost sets this to false. wtf.
+        package = pkgs.postgresql_11;
        ensureDatabases = [ "mattermost" ];
        ensureUsers = [ {
          name = "mattermost";
--- a/services/nextcloud/default.nix
+++ b/services/nextcloud/default.nix
@ -102,6 +102,7 @@

      services.postgresql = {
        enable = true;
+        package = pkgs.postgresql_11;
        ensureDatabases = [ "nextcloud" ];
        ensureUsers = [
          { # by default, postgres has unix sockets enabled, and allows a
--- a/services/syncthing.nix
+++ b/services/syncthing.nix
@ -34,8 +34,6 @@
          };
        };
      };
-
    };
-
  };
 }