From 73fbb131594e7bdbb1e07803729a4a35bf78e863 Mon Sep 17 00:00:00 2001 From: fi Date: Sat, 30 Nov 2024 20:43:41 +0100 Subject: [PATCH 1/4] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c?narHash=sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos%3D' (2024-11-21) → 'github:nix-community/nixos-generators/098e8b6ff72c86944a8d54b64ddd7b7e6635830a?narHash=sha256-/MNhZLR0eh9z/d3l%2Bammq%2BF5XxHln0RHgO4Bhtjr0IM%3D' (2024-11-25) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/b9f04e3cf71c23bea21d2768051e6b3068d44734?narHash=sha256-yhEMW4MBi%2BIAyEJyiKbnFvY1uARyMKJpLUhkczI49wk%3D' (2024-11-17) → 'github:nix-community/nixpkgs.lib/87b6978992e2eb605732fba842cad0a7e14b2047?narHash=sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck%3D' (2024-11-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/df94f897ffe1af1bcd60cb68697c5d8e6431346e?narHash=sha256-aspop5sCDNpDMS23BplGFtQDadwkSb/sOxpuC3lafvo%3D' (2024-11-22) → 'github:NixOS/nixpkgs/a8efa95d1333890ed4ae98f5d111bb06a6d65f75?narHash=sha256-gdO2r0%2BfFU%2B/1lMvMXrtzbpQQVn72KLu5L9trMze/OY%3D' (2024-11-30) • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/4a58b6f6b83d29354def3125c45530d7e1bda0fd?narHash=sha256-1wRCB9ZbD%2B9fQ/JL2nllb4vH6J3ojSHew6FazRPjqqc%3D' (2024-11-24) → 'github:NixOS/nixpkgs/5054b0739dea9b00d382b4ba38314df10bb398d4?narHash=sha256-AXsoqwHW7O8RXDednxutMFLgQhYgjrBWU1rRM/Y3Ywc%3D' (2024-11-30) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/2570b87e71ea16daadf0a93f1eae2d3ad4478a94?narHash=sha256-yXqgr%2BGiC/RBr8n/6Bn9eRagitXbKXNcoSaZUCovuwI%3D' (2024-11-24) → 'github:NixOS/nixpkgs/57feb2a16f705eeffb075888d92a986e66473012?narHash=sha256-ndq0dD5E6FkqwmNYFS1wUAHa/5HixS3jLjulogM%2B7/E%3D' (2024-11-30) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 8a0ffe5..9288d61 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ }, "nixlib": { "locked": { - "lastModified": 1731805462, - "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=", + "lastModified": 1732410305, + "narHash": "sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734", + "rev": "87b6978992e2eb605732fba842cad0a7e14b2047", "type": "github" }, "original": { @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1732151224, - "narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=", + "lastModified": 1732496924, + "narHash": "sha256-/MNhZLR0eh9z/d3l+ammq+F5XxHln0RHgO4Bhtjr0IM=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c", + "rev": "098e8b6ff72c86944a8d54b64ddd7b7e6635830a", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732244845, - "narHash": "sha256-aspop5sCDNpDMS23BplGFtQDadwkSb/sOxpuC3lafvo=", + "lastModified": 1732965619, + "narHash": "sha256-gdO2r0+fFU+/1lMvMXrtzbpQQVn72KLu5L9trMze/OY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "df94f897ffe1af1bcd60cb68697c5d8e6431346e", + "rev": "a8efa95d1333890ed4ae98f5d111bb06a6d65f75", "type": "github" }, "original": { @@ -101,11 +101,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1732479666, - "narHash": "sha256-1wRCB9ZbD+9fQ/JL2nllb4vH6J3ojSHew6FazRPjqqc=", + "lastModified": 1732995703, + "narHash": "sha256-AXsoqwHW7O8RXDednxutMFLgQhYgjrBWU1rRM/Y3Ywc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a58b6f6b83d29354def3125c45530d7e1bda0fd", + "rev": "5054b0739dea9b00d382b4ba38314df10bb398d4", "type": "github" }, "original": { @@ -117,11 +117,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1732446744, - "narHash": "sha256-yXqgr+GiC/RBr8n/6Bn9eRagitXbKXNcoSaZUCovuwI=", + "lastModified": 1732951447, + "narHash": "sha256-ndq0dD5E6FkqwmNYFS1wUAHa/5HixS3jLjulogM+7/E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2570b87e71ea16daadf0a93f1eae2d3ad4478a94", + "rev": "57feb2a16f705eeffb075888d92a986e66473012", "type": "github" }, "original": { From c750f33102f1621e4cb0e6592b20e37007232dfc Mon Sep 17 00:00:00 2001 From: fi Date: Sat, 30 Nov 2024 21:14:49 +0100 Subject: [PATCH 2/4] Set nixpkgs to 24.11 --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 5cf2232..bd9834f 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixos-generators = { From c973f90cb74d0fae559cf3ee09c19d207286afa2 Mon Sep 17 00:00:00 2001 From: fi Date: Sat, 30 Nov 2024 21:15:53 +0100 Subject: [PATCH 3/4] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a8efa95d1333890ed4ae98f5d111bb06a6d65f75?narHash=sha256-gdO2r0%2BfFU%2B/1lMvMXrtzbpQQVn72KLu5L9trMze/OY%3D' (2024-11-30) → 'github:NixOS/nixpkgs/809802e9ab4b56e7a3db576832e95e3f7b74781a?narHash=sha256-RvyWCxT6O9ugSqSXHAMaFTIZtKS7SBHdUHKLoPW1/xg%3D' (2024-11-30) • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/5054b0739dea9b00d382b4ba38314df10bb398d4?narHash=sha256-AXsoqwHW7O8RXDednxutMFLgQhYgjrBWU1rRM/Y3Ywc%3D' (2024-11-30) → 'github:NixOS/nixpkgs/33b9d57c656e65a9c88c5f34e4eb00b83e2b0ca9?narHash=sha256-9Vvu3a1ep1LB6F/kVE2hHH2HQzhSFtUyJYiJRkUkC4Q%3D' (2024-11-30) --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 9288d61..7f16841 100644 --- a/flake.lock +++ b/flake.lock @@ -70,16 +70,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732965619, - "narHash": "sha256-gdO2r0+fFU+/1lMvMXrtzbpQQVn72KLu5L9trMze/OY=", + "lastModified": 1732954812, + "narHash": "sha256-RvyWCxT6O9ugSqSXHAMaFTIZtKS7SBHdUHKLoPW1/xg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a8efa95d1333890ed4ae98f5d111bb06a6d65f75", + "rev": "809802e9ab4b56e7a3db576832e95e3f7b74781a", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05-small", + "ref": "nixos-24.11-small", "repo": "nixpkgs", "type": "github" } @@ -101,11 +101,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1732995703, - "narHash": "sha256-AXsoqwHW7O8RXDednxutMFLgQhYgjrBWU1rRM/Y3Ywc=", + "lastModified": 1732997066, + "narHash": "sha256-9Vvu3a1ep1LB6F/kVE2hHH2HQzhSFtUyJYiJRkUkC4Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5054b0739dea9b00d382b4ba38314df10bb398d4", + "rev": "33b9d57c656e65a9c88c5f34e4eb00b83e2b0ca9", "type": "github" }, "original": { From 74c12e9658bd456aa0a411653e07c01ee8ffc798 Mon Sep 17 00:00:00 2001 From: fi Date: Sun, 1 Dec 2024 00:35:31 +0100 Subject: [PATCH 4/4] Update module options to be compatible with nixpkgs 24.11 --- config/hosts/forgejo/forgejo.nix | 2 +- config/hosts/keycloak/keycloak.nix | 8 +++--- config/hosts/mail-1/configuration.nix | 36 ++++++++++---------------- config/hosts/mail-2/configuration.nix | 36 ++++++++++---------------- config/hosts/nextcloud/nextcloud.nix | 2 +- config/hosts/torrent/configuration.nix | 2 +- config/hosts/torrent/sonarr.nix | 15 +++++++++-- hosts.nix | 1 + 8 files changed, 47 insertions(+), 55 deletions(-) diff --git a/config/hosts/forgejo/forgejo.nix b/config/hosts/forgejo/forgejo.nix index 45961cf..0f07af2 100644 --- a/config/hosts/forgejo/forgejo.nix +++ b/config/hosts/forgejo/forgejo.nix @@ -3,7 +3,6 @@ services.forgejo = { enable = true; database.type = "postgres"; - mailerPasswordFile = "/secrets/forgejo-mailer-password.secret"; settings = { DEFAULT = { @@ -60,5 +59,6 @@ HOST = "redis+socket:///run/redis-forgejo/redis.sock"; }; }; + secrets.mailer.PASSWD = "/secrets/forgejo-mailer-password.secret"; }; } diff --git a/config/hosts/keycloak/keycloak.nix b/config/hosts/keycloak/keycloak.nix index 79e9a96..e8e38c3 100644 --- a/config/hosts/keycloak/keycloak.nix +++ b/config/hosts/keycloak/keycloak.nix @@ -3,10 +3,10 @@ services.keycloak = { enable = true; settings = { - hostname = "id.nekover.se"; - hostname-admin = "keycloak-admin.nekover.se"; - hostname-strict-backchannel = true; - proxy = "edge"; + hostname = "https://id.nekover.se"; + hostname-admin = "https://keycloak-admin.nekover.se"; + proxy-headers = "forwarded"; + http-enabled = true; http-host = "127.0.0.1"; http-port = 8080; }; diff --git a/config/hosts/mail-1/configuration.nix b/config/hosts/mail-1/configuration.nix index 2418afc..c94de3b 100644 --- a/config/hosts/mail-1/configuration.nix +++ b/config/hosts/mail-1/configuration.nix @@ -15,28 +15,20 @@ ]; routes = [ { - routeConfig = { - Gateway = "10.202.41.1"; - Destination = "10.201.0.0/16"; - }; + Gateway = "10.202.41.1"; + Destination = "10.201.0.0/16"; } { - routeConfig = { - Gateway = "10.202.41.1"; - Destination = "10.202.0.0/16"; - }; + Gateway = "10.202.41.1"; + Destination = "10.202.0.0/16"; } { - routeConfig = { - Gateway = "10.202.41.1"; - Destination = "172.21.87.0/24"; - }; + Gateway = "10.202.41.1"; + Destination = "172.21.87.0/24"; } { - routeConfig = { - Gateway = "10.202.41.1"; - Destination = "212.53.203.19/32"; - }; + Gateway = "10.202.41.1"; + Destination = "212.53.203.19/32"; } ]; linkConfig.RequiredForOnline = "routable"; @@ -62,13 +54,11 @@ PrivateKeyFile = "/secrets/wireguard-mail-1-wg0-privatekey.secret"; }; wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ="; - PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret"; - Endpoint = "212.53.203.19:51822"; - AllowedIPs = [ "0.0.0.0/0" ]; - PersistentKeepalive = 25; - }; + PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ="; + PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret"; + Endpoint = "212.53.203.19:51822"; + AllowedIPs = [ "0.0.0.0/0" ]; + PersistentKeepalive = 25; }]; }; }; diff --git a/config/hosts/mail-2/configuration.nix b/config/hosts/mail-2/configuration.nix index b4a7192..f1fa002 100644 --- a/config/hosts/mail-2/configuration.nix +++ b/config/hosts/mail-2/configuration.nix @@ -15,28 +15,20 @@ ]; routes = [ { - routeConfig = { - Gateway = "10.201.41.1"; - Destination = "10.201.0.0/16"; - }; + Gateway = "10.201.41.1"; + Destination = "10.201.0.0/16"; } { - routeConfig = { - Gateway = "10.201.41.1"; - Destination = "10.202.0.0/16"; - }; + Gateway = "10.201.41.1"; + Destination = "10.202.0.0/16"; } { - routeConfig = { - Gateway = "10.201.41.1"; - Destination = "172.21.87.0/24"; - }; + Gateway = "10.201.41.1"; + Destination = "172.21.87.0/24"; } { - routeConfig = { - Gateway = "10.201.41.1"; - Destination = "217.160.117.160/32"; - }; + Gateway = "10.201.41.1"; + Destination = "217.160.117.160/32"; } ]; linkConfig.RequiredForOnline = "routable"; @@ -62,13 +54,11 @@ PrivateKeyFile = "/secrets/wireguard-mail-2-wg0-privatekey.secret"; }; wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4="; - PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret"; - Endpoint = "217.160.117.160:51820"; - AllowedIPs = [ "0.0.0.0/0" ]; - PersistentKeepalive = 25; - }; + PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4="; + PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret"; + Endpoint = "217.160.117.160:51820"; + AllowedIPs = [ "0.0.0.0/0" ]; + PersistentKeepalive = 25; }]; }; }; diff --git a/config/hosts/nextcloud/nextcloud.nix b/config/hosts/nextcloud/nextcloud.nix index 0b1f3a2..6adfeae 100644 --- a/config/hosts/nextcloud/nextcloud.nix +++ b/config/hosts/nextcloud/nextcloud.nix @@ -2,7 +2,7 @@ { services.nextcloud = { enable = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; hostName = "cloud.nekover.se"; https = true; config = { diff --git a/config/hosts/torrent/configuration.nix b/config/hosts/torrent/configuration.nix index 610fde4..83dbdab 100644 --- a/config/hosts/torrent/configuration.nix +++ b/config/hosts/torrent/configuration.nix @@ -25,5 +25,5 @@ }; }; - system.stateVersion = "23.11"; + system.stateVersion = "24.11"; } diff --git a/config/hosts/torrent/sonarr.nix b/config/hosts/torrent/sonarr.nix index 83318db..19c66ca 100644 --- a/config/hosts/torrent/sonarr.nix +++ b/config/hosts/torrent/sonarr.nix @@ -1,8 +1,19 @@ -{ nixpkgs-unstable, ... }: +{ ... }: { + # The sonarr package is dependend on .NET 6 which is marked as insecure. + # It doesn't seem to build with the later .NET versions. + # In the meantime allow the installation of these insecure packages since sonarr is only reachable locally. + nixpkgs.config = { + permittedInsecurePackages = [ + "aspnetcore-runtime-wrapped-6.0.36" + "aspnetcore-runtime-6.0.36" + "dotnet-sdk-wrapped-6.0.428" + "dotnet-sdk-6.0.428" + ]; + }; + services.sonarr = { enable = true; - package = nixpkgs-unstable.legacyPackages."x86_64-linux".sonarr; user = "torrent"; group = "torrent"; }; diff --git a/hosts.nix b/hosts.nix index 5111f63..fc029b7 100644 --- a/hosts.nix +++ b/hosts.nix @@ -92,6 +92,7 @@ in environment = "proxmox"; }; torrent = { + hostNixpkgs = nixpkgs-unstable; site = "vs"; environment = "proxmox"; };