From c2c0bd366ae72e9ba69262a068c418137d0f1cf7 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Wed, 1 Dec 2021 12:22:20 +0100 Subject: [PATCH 1/7] bump nixpkgs to 21.11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This simply updates nixpkgs to 21.11 (along with a general update of other sources), then follows the hints given out in the build process until everything (on parsons) ran through fine. Some things to note: - syncthing's declarative config is gone. Instead, declarative and non-declarative configuration can now be mixed, but with `overrideDevices` set to true, it _should_ ignore non-declarative settings and basically behave the same as before (or at least that's how I understood the documentation on that) - some postfix options now require a lib.mkForce, since the mail module also wants to set them — we should probably look into if the mail module has nicer ways of handling our settings now (which I didn't do) - we no longer import the vaultwarden module from unstable, since it's included in nixos 21.11 as-is. We _do_ still import the vaultwarden package from unstable, since downgrading sounds like a bad idea. - nix build will print a warning that `literalExample` is now depricated, but we don't seem to use that — I guess at some point we'll have to search through our sources if it doesn't go away This was not yet deployed, and should probably considered a work-in-progress. Building Nixda currently fails decklink seems to have disappeared. --- nix/sources.json | 20 ++++---------------- pkgs/mattermost/default.nix | 7 +++---- services/gitlab-runner.nix | 1 + services/mail.nix | 4 ++-- services/syncthing.nix | 2 -- 5 files changed, 10 insertions(+), 24 deletions(-) diff --git a/nix/sources.json b/nix/sources.json index 8d192ec..04476be 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -70,7 +70,7 @@ "url_template": "/-/archive/.tar.gz" }, "nixpkgs": { - "branch": "nixos-21.05", + "branch": "nixos-21.11", "description": "Nix Packages collection", "homepage": "", "owner": "nixos", @@ -81,28 +81,16 @@ "url": "https://github.com/nixos/nixpkgs/archive/7bca80140fc7732c7357b26002db3d87b3ba4c61.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, - "nixpkgs-new": { - "branch": "nixos-21.11", - "description": "Nix Packages collection", - "homepage": "", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8588b14a397e045692d0a87192810b6dddf53003", - "sha256": "15srsgbhgn27wa4kz4x0gfqbsdnwig0h0y8gj2h4nnw92nrxpvnm", - "type": "tarball", - "url": "https://github.com/nixos/nixpkgs/archive/8588b14a397e045692d0a87192810b6dddf53003.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, "nixpkgs-unstable": { "branch": "nixos-unstable", "description": "Nix Packages collection", "homepage": "", "owner": "nixos", "repo": "nixpkgs", - "rev": "ac169ec6371f0d835542db654a65e0f2feb07838", - "sha256": "0bwjyz15sr5f7z0niwls9127hikp2b6fggisysk0cnk3l6fa8abh", + "rev": "5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3", + "sha256": "0yb7l5p4k9q8avwiq0fgp87ij50d6yavgh4dfw14jh2lf8daqbmp", "type": "tarball", - "url": "https://github.com/nixos/nixpkgs/archive/ac169ec6371f0d835542db654a65e0f2feb07838.tar.gz", + "url": "https://github.com/nixos/nixpkgs/archive/5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "workadventure": { diff --git a/pkgs/mattermost/default.nix b/pkgs/mattermost/default.nix index 870d9fe..8db6934 100644 --- a/pkgs/mattermost/default.nix +++ b/pkgs/mattermost/default.nix @@ -12,10 +12,9 @@ let goPackagePath = "github.com/mattermost/mattermost-server"; - buildFlagsArray = '' - -ldflags= - -X ${goPackagePath}/model.BuildNumber=nixpkgs-${version} - ''; + ldflags = [ + "-X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}" + ]; }; diff --git a/services/gitlab-runner.nix b/services/gitlab-runner.nix index 6968d1c..6a467d6 100644 --- a/services/gitlab-runner.nix +++ b/services/gitlab-runner.nix @@ -57,6 +57,7 @@ home = "/persist/var/lib/gitlab-runner"; extraGroups = [ "docker" ]; isSystemUser = true; + group = "nogroup"; }; virtualisation.docker.storageDriver = "zfs"; diff --git a/services/mail.nix b/services/mail.nix index a02ed7a..bdb754b 100644 --- a/services/mail.nix +++ b/services/mail.nix @@ -124,8 +124,8 @@ # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty) virusScanning = false; }; - services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; - services.postfix.submissionsOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; + services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; + services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit"; services.postfix.virtual = '' @4future.dev @hacc.space @4futu.re @hacc.space diff --git a/services/syncthing.nix b/services/syncthing.nix index 049af5c..9b05ace 100644 --- a/services/syncthing.nix +++ b/services/syncthing.nix @@ -34,8 +34,6 @@ }; }; }; - }; - }; } From 238c1b2c929e9b9fe9cf0a9b00651e7ccdd46cd0 Mon Sep 17 00:00:00 2001 From: schweby Date: Sun, 19 Dec 2021 23:10:13 +0100 Subject: [PATCH 2/7] mediawiki cleanup --- pkgs/default.nix | 1 - services/lantifa.nix | 5 +---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index f6ebdee..beb7bd8 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -4,7 +4,6 @@ let sources = import ../nix/sources.nix; pkgs = import sources.nixpkgs args; unstable = import sources.nixpkgs-unstable args; - new = import sources.nixpkgs-new args; callPackage = pkgs.lib.callPackageWith (pkgs // newpkgs); diff --git a/services/lantifa.nix b/services/lantifa.nix index f1f0997..3b7c04d 100644 --- a/services/lantifa.nix +++ b/services/lantifa.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, profiles, modules, evalConfig, ... }: -let - new = import (import ../nix/sources.nix).nixpkgs-new {}; -in { +{ containers.lantifa = { autoStart = true; privateNetwork = true; @@ -37,7 +35,6 @@ in { services.mediawiki = { enable = true; name = "LANtifa"; - package = new.mediawiki; database.createLocally = true; passwordFile = "/var/lib/mediawiki/mediawiki-password"; extraConfig = let From 569c5652f2a53238b2546f9e0251471c5a46a2ac Mon Sep 17 00:00:00 2001 From: schweby Date: Sun, 19 Dec 2021 23:28:28 +0100 Subject: [PATCH 3/7] sources: update --- nix/sources.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/sources.json b/nix/sources.json index 04476be..6f3b58c 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -75,10 +75,10 @@ "homepage": "", "owner": "nixos", "repo": "nixpkgs", - "rev": "7bca80140fc7732c7357b26002db3d87b3ba4c61", - "sha256": "0vyjpf1jw4cvw7kfbk055faq08q4swz6v1h2mf9zw4r8frhqa73w", + "rev": "8a053bc2255659c5ca52706b9e12e76a8f50dbdd", + "sha256": "087lqvl8icvwzk61a0sn87m48a7bmm1bhna3v61w12ad97an9shj", "type": "tarball", - "url": "https://github.com/nixos/nixpkgs/archive/7bca80140fc7732c7357b26002db3d87b3ba4c61.tar.gz", + "url": "https://github.com/nixos/nixpkgs/archive/8a053bc2255659c5ca52706b9e12e76a8f50dbdd.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs-unstable": { From 676ba4fc31ada6dcde64a732d8c5e493cfc212bc Mon Sep 17 00:00:00 2001 From: stuebinm Date: Wed, 12 Jan 2022 19:33:07 +0100 Subject: [PATCH 4/7] services/hedgedocs: use socket auth for postgres --- services/hedgedoc-hacc.nix | 6 +++++- services/hedgedoc-i4f.nix | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/services/hedgedoc-hacc.nix b/services/hedgedoc-hacc.nix index a4938d5..454b0f9 100644 --- a/services/hedgedoc-hacc.nix +++ b/services/hedgedoc-hacc.nix @@ -42,7 +42,11 @@ allowFreeURL = true; allowGravatar = false; allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ]; - dbURL = "postgres://codimd:codimd@localhost:5432/codimd"; + db = { + host = "/run/postgresql"; + dialect = "postgres"; + database = "codimd"; + }; defaultPermission = "limited"; domain = "pad.hacc.space"; host = "0.0.0.0"; diff --git a/services/hedgedoc-i4f.nix b/services/hedgedoc-i4f.nix index 0cdd526..af3f6c8 100644 --- a/services/hedgedoc-i4f.nix +++ b/services/hedgedoc-i4f.nix @@ -42,7 +42,11 @@ allowFreeURL = true; allowGravatar = false; allowOrigin = [ "localhost" "pad.infra4future.de" "fff-muc.de" ]; - dbURL = "postgres://hedgedoc:hedgedoc@localhost:5432/hedgedoc"; + db = { + host = "/run/postgresql"; + dialect = "postgres"; + database = "hedgedoc"; + }; defaultPermission = "freely"; domain = "pad.infra4future.de"; host = "0.0.0.0"; From 4ff0bdf3ec2bcc4210426e617464916db60a5b80 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Wed, 12 Jan 2022 23:59:15 +0100 Subject: [PATCH 5/7] whoops, apparently some rebase went wrong (fixing it back into a buildable state) --- modules/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/default.nix b/modules/default.nix index 10c2701..9e8e864 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -6,7 +6,6 @@ in { ./nftnat ./decklink.nix ./websites.nix - "${sources.nixpkgs-unstable}/nixos/modules/services/security/vaultwarden" ]; # disabled since vaultwarden defines a dummy bitwarden_rs option that From 9937d5ff94f7372133197edcaafcbdc60e850dde Mon Sep 17 00:00:00 2001 From: stuebinm Date: Wed, 12 Jan 2022 23:59:48 +0100 Subject: [PATCH 6/7] fixing pad.hacc.space (hopefully) (I haven't tested this, since I don't want to try the upgrade-adventure a second time today, but I think this should fix it) --- services/hedgedoc-hacc.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/hedgedoc-hacc.nix b/services/hedgedoc-hacc.nix index 454b0f9..f0287f5 100644 --- a/services/hedgedoc-hacc.nix +++ b/services/hedgedoc-hacc.nix @@ -78,6 +78,9 @@ "DATABASE codimd" = "ALL PRIVILEGES"; }; }]; + authentication = '' + local all all trust + ''; }; services.postgresqlBackup = { enable = true; From 6de0b91bebe6d46eda1cc1b75cb06b79a2e370c7 Mon Sep 17 00:00:00 2001 From: hexchen Date: Thu, 27 Jan 2022 20:20:25 +0000 Subject: [PATCH 7/7] fixer tous les things --- nix/sources.json | 14 +++++++------- services/hedgedoc-hacc.nix | 3 +++ services/hedgedoc-i4f.nix | 1 + services/mattermost.nix | 1 + services/nextcloud/default.nix | 1 + 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/nix/sources.json b/nix/sources.json index 6f3b58c..f3e3440 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -23,7 +23,7 @@ "homepage": "https://mattermost.com", "owner": "mattermost", "repo": "mattermost-server", - "rev": "3172adfce9d98fe8f9c98ccd0a0fdbb52291ae0a", + "rev": "8f352436049776b5bd7c006bb03992d8fe2f029f", "sha256": "1sy0kydp87pwby0whgq678jq1zpivqndip81787r9b3dqcyq47cp", "type": "tarball", "url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v6.1.2.tar.gz", @@ -75,10 +75,10 @@ "homepage": "", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a053bc2255659c5ca52706b9e12e76a8f50dbdd", - "sha256": "087lqvl8icvwzk61a0sn87m48a7bmm1bhna3v61w12ad97an9shj", + "rev": "6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca", + "sha256": "1yl5gj0mzczhl1j8sl8iqpwa1jzsgr12fdszw9rq13cdig2a2r5f", "type": "tarball", - "url": "https://github.com/nixos/nixpkgs/archive/8a053bc2255659c5ca52706b9e12e76a8f50dbdd.tar.gz", + "url": "https://github.com/nixos/nixpkgs/archive/6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs-unstable": { @@ -87,10 +87,10 @@ "homepage": "", "owner": "nixos", "repo": "nixpkgs", - "rev": "5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3", - "sha256": "0yb7l5p4k9q8avwiq0fgp87ij50d6yavgh4dfw14jh2lf8daqbmp", + "rev": "945ec499041db73043f745fad3b2a3a01e826081", + "sha256": "1ixv310sjw0r5vda4yfwp3snyha2i9h7aqygd43cyvdk2qsjk8pq", "type": "tarball", - "url": "https://github.com/nixos/nixpkgs/archive/5b091d4fbe3b7b7493c3b46fe0842e4b30ea24b3.tar.gz", + "url": "https://github.com/nixos/nixpkgs/archive/945ec499041db73043f745fad3b2a3a01e826081.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "workadventure": { diff --git a/services/hedgedoc-hacc.nix b/services/hedgedoc-hacc.nix index f0287f5..430e4fb 100644 --- a/services/hedgedoc-hacc.nix +++ b/services/hedgedoc-hacc.nix @@ -44,6 +44,7 @@ allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ]; db = { host = "/run/postgresql"; + username = "codimd"; dialect = "postgres"; database = "codimd"; }; @@ -80,7 +81,9 @@ }]; authentication = '' local all all trust + host codimd codimd 127.0.0.1/32 trust ''; + package = pkgs.postgresql_11; }; services.postgresqlBackup = { enable = true; diff --git a/services/hedgedoc-i4f.nix b/services/hedgedoc-i4f.nix index af3f6c8..4580b82 100644 --- a/services/hedgedoc-i4f.nix +++ b/services/hedgedoc-i4f.nix @@ -60,6 +60,7 @@ }; services.postgresql = { enable = true; + package = pkgs.postgresql_11; authentication = '' local all all trust host hedgedoc hedgedoc 127.0.0.1/32 trust diff --git a/services/mattermost.nix b/services/mattermost.nix index a8e4b82..4e9e41b 100644 --- a/services/mattermost.nix +++ b/services/mattermost.nix @@ -202,6 +202,7 @@ in { services.postgresql = { enable = lib.mkForce true; # mattermost sets this to false. wtf. + package = pkgs.postgresql_11; ensureDatabases = [ "mattermost" ]; ensureUsers = [ { name = "mattermost"; diff --git a/services/nextcloud/default.nix b/services/nextcloud/default.nix index aaac896..484e0c6 100644 --- a/services/nextcloud/default.nix +++ b/services/nextcloud/default.nix @@ -102,6 +102,7 @@ services.postgresql = { enable = true; + package = pkgs.postgresql_11; ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { # by default, postgres has unix sockets enabled, and allows a