From 23aa8b483c557051475d752cc81ef42236bcc88c Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 28 Jan 2024 03:31:28 +0100 Subject: [PATCH 01/30] Add forgejo host --- config/hosts/forgejo/configuration.nix | 16 +++++ config/hosts/forgejo/default.nix | 9 +++ config/hosts/forgejo/forgejo.nix | 60 +++++++++++++++++++ config/hosts/forgejo/nginx.nix | 37 ++++++++++++ config/hosts/forgejo/redis.nix | 12 ++++ config/hosts/forgejo/secrets.nix | 13 ++++ config/hosts/mail-1/secrets.nix | 8 +++ .../hosts/mail-1/simple-nixos-mailserver.nix | 5 ++ config/hosts/web-public-2/nginx.nix | 1 + .../virtualHosts/acme-challenge.nix | 1 + hosts.nix | 4 ++ 11 files changed, 166 insertions(+) create mode 100644 config/hosts/forgejo/configuration.nix create mode 100644 config/hosts/forgejo/default.nix create mode 100644 config/hosts/forgejo/forgejo.nix create mode 100644 config/hosts/forgejo/nginx.nix create mode 100644 config/hosts/forgejo/redis.nix create mode 100644 config/hosts/forgejo/secrets.nix diff --git a/config/hosts/forgejo/configuration.nix b/config/hosts/forgejo/configuration.nix new file mode 100644 index 0000000..66a5736 --- /dev/null +++ b/config/hosts/forgejo/configuration.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "forgejo"; + firewall = { + allowedTCPPorts = [ 80 8443 ]; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/config/hosts/forgejo/default.nix b/config/hosts/forgejo/default.nix new file mode 100644 index 0000000..d71bcad --- /dev/null +++ b/config/hosts/forgejo/default.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ./forgejo.nix + ./redis.nix + ./nginx.nix + ]; +} diff --git a/config/hosts/forgejo/forgejo.nix b/config/hosts/forgejo/forgejo.nix new file mode 100644 index 0000000..d9f4a36 --- /dev/null +++ b/config/hosts/forgejo/forgejo.nix @@ -0,0 +1,60 @@ +{ ... }: +{ + services.forgejo = { + enable = true; + database.type = "postgres"; + mailerPasswordFile = "/secrets/forgejo-mailer-password.secret"; + + settings = { + DEFAULT = { + APP_NAME = "Nekoverse Git"; + }; + server = { + DOMAIN = "git.nekover.se"; + PROTOCOL = "http"; + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = 3000; + ROOT_URL = "https://git.nekover.se/"; + # LOCAL_ROOT_URL is apparently what Forgejo uses to access itself. + # Doesn't need to be set. + }; + admin = { + DISABLE_REGULAR_ORG_CREATION = false; + }; + session = { + COOKIE_SECURE = true; + }; + "ui.meta" = { + AUTHOR = "Nekoverse Git"; + DESCRIPTION = "Git instance of the Nekoverse."; + KEYWORDS = "git,forge,forgejo,nekoverse"; + }; + service = { + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + DEFAULT_USER_VISIBILITY = "limited"; + DEFAULT_KEEP_EMAIL_PRIVATE = true; + ENABLE_BASIC_AUTHENTICATION = false; + }; + repo = { + DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls"; + }; + actions = { + ENABLED = true; + ARTIFACT_RETENTION_DAYS = 30; + }; + mailer = { + ENABLED = true; + FROM = "nyareply@nekover.se"; + PROTOCOL = "smtps"; + SMTP_ADDR = "mail-1.grzb.de"; + SMTP_PORT = 465; + USER = "forgejo@nekover.se"; + }; + cache = { + ENABLED = true; + ADAPTER = "redis"; + HOST = "redis+socket:///run/redis-forgejo/redis.sock"; + }; + }; + }; +} diff --git a/config/hosts/forgejo/nginx.nix b/config/hosts/forgejo/nginx.nix new file mode 100644 index 0000000..6df90b1 --- /dev/null +++ b/config/hosts/forgejo/nginx.nix @@ -0,0 +1,37 @@ +{ config, ... }: +{ + services.nginx = { + enable = true; + virtualHosts."git.nekover.se" = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + extraParameters = [ "proxy_protocol" ]; + } + ]; + + locations."/" = { + proxyPass = "${config.services.forgejo.settings.server.PROTOCOL}://${config.services.forgejo.settings.server.HTTP_ADDR}:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}"; + }; + + # Disallow crawling archives to save disk space. + # See: https://forgejo.org/docs/latest/admin/search-engines-indexation/ + locations."/robots.txt" = { + return = "200 \"User-agent: *\\nDisallow: /*/*/archive/\\n\""; + }; + + extraConfig = '' + set_real_ip_from 10.202.41.100; + real_ip_header proxy_protocol; + ''; + }; + }; +} diff --git a/config/hosts/forgejo/redis.nix b/config/hosts/forgejo/redis.nix new file mode 100644 index 0000000..f1533bc --- /dev/null +++ b/config/hosts/forgejo/redis.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + services.redis.servers.forgejo = { + enable = true; + user = "forgejo"; + }; + + systemd.services.forgejo = { + after = [ "redis-forgejo.service" ]; + requires = [ "redis-forgejo.service" ]; + }; +} diff --git a/config/hosts/forgejo/secrets.nix b/config/hosts/forgejo/secrets.nix new file mode 100644 index 0000000..5c23295 --- /dev/null +++ b/config/hosts/forgejo/secrets.nix @@ -0,0 +1,13 @@ +{ keyCommandEnv, ... }: +{ + deployment.keys = { + "forgejo-mailer-password.secret" = { + keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ]; + destDir = "/secrets"; + user = "forgejo"; + group = "forgejo"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; + }; +} diff --git a/config/hosts/mail-1/secrets.nix b/config/hosts/mail-1/secrets.nix index abf9863..581461f 100644 --- a/config/hosts/mail-1/secrets.nix +++ b/config/hosts/mail-1/secrets.nix @@ -89,5 +89,13 @@ permissions = "0640"; uploadAt = "pre-activation"; }; + "mail-forgejo-nekover-se.secret" = { + keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ]; + destDir = "/secrets"; + user = "root"; + group = "root"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; }; } diff --git a/config/hosts/mail-1/simple-nixos-mailserver.nix b/config/hosts/mail-1/simple-nixos-mailserver.nix index 61066e9..a4b426a 100644 --- a/config/hosts/mail-1/simple-nixos-mailserver.nix +++ b/config/hosts/mail-1/simple-nixos-mailserver.nix @@ -56,6 +56,11 @@ sendOnly = true; aliases = [ "nyareply@nekover.se" ]; }; + "forgejo@nekover.se" = { + hashedPasswordFile = "/secrets/mail-forgejo-nekover-se.secret"; + sendOnly = true; + aliases = [ "nyareply@nekover.se" ]; + }; }; certificateScheme = "acme-nginx"; }; diff --git a/config/hosts/web-public-2/nginx.nix b/config/hosts/web-public-2/nginx.nix index dead4b7..8debb31 100644 --- a/config/hosts/web-public-2/nginx.nix +++ b/config/hosts/web-public-2/nginx.nix @@ -22,6 +22,7 @@ element.nekover.se 127.0.0.1:8443; gameserver.grzb.de 127.0.0.1:8443; git.grzb.de 127.0.0.1:8443; + git.nekover.se 10.202.41.106:8443; hydra.nekover.se 10.202.41.121:8443; id.nekover.se 10.202.41.124:8443; matrix.nekover.se 10.202.41.112:8443; diff --git a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix index d910998..558aa95 100644 --- a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix +++ b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix @@ -5,6 +5,7 @@ let "mail-1.grzb.de" = "mail-1.vs.grzb.de"; "matrix.nekover.se" = "matrix.vs.grzb.de"; "netbox.grzb.de" = "netbox.vs.grzb.de"; + "git.nekover.se" = "forgejo.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de"; "jackett.grzb.de" = "torrent.vs.grzb.de"; "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de"; diff --git a/hosts.nix b/hosts.nix index dd86f1c..80145ea 100644 --- a/hosts.nix +++ b/hosts.nix @@ -45,6 +45,10 @@ in site = "vs"; environment = "proxmox"; }; + forgejo = { + site = "vs"; + environment = "proxmox"; + }; keycloak = { site = "vs"; environment = "proxmox"; From 4c3f0e56a9f285aa81b7fd1e2a4c3799f8f8554c Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 28 Jan 2024 03:33:04 +0100 Subject: [PATCH 02/30] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/521fb4cdd8a2e1a00d1adf0fea7135d1faf04234' (2024-01-16) → 'github:nix-community/nixos-generators/896f6589db5b25023b812bbb6c1f5d3a499b1132' (2024-01-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c5b6c179f7b7adce1ee234df23e5cb9f1a78f87b' (2024-01-20) → 'github:NixOS/nixpkgs/11d4781721d16e949fbd61f67bc6b09341b7bfc6' (2024-01-26) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/7da66b359bcffc532b67035b54b49c25b0c0480c' (2024-01-21) → 'github:NixOS/nixpkgs/7ac72b3ee2af9bab80d66addd9b237277cc975c5' (2024-01-26) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/4bfb8eb058f098302c97b909df2d019926e11220' (2023-12-19) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/e47f3719f1db3e0961a4358d4cb234a0acaa7baf' (2024-01-25) • Updated input 'simple-nixos-mailserver/nixpkgs': 'github:NixOS/nixpkgs/64e0bf055f9d25928c31fb12924e59ff8ce71e60' (2022-12-11) → 'github:NixOS/nixpkgs/612f97239e2cc474c13c9dafa0df378058c5ad8d' (2024-01-21) • Removed input 'simple-nixos-mailserver/nixpkgs-22_11' • Updated input 'simple-nixos-mailserver/nixpkgs-23_05': 'github:NixOS/nixpkgs/8966c43feba2c701ed624302b6a935f97bcbdf88' (2023-05-22) → 'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03) • Updated input 'simple-nixos-mailserver/nixpkgs-23_11': 'github:NixOS/nixpkgs/1b64fc1287991a9cce717a01c1973ef86cb1af0b' (2024-01-20) → 'github:NixOS/nixpkgs/a77ab169a83a4175169d78684ddd2e54486ac651' (2024-01-24) --- flake.lock | 58 ++++++++++++++++++++---------------------------------- 1 file changed, 21 insertions(+), 37 deletions(-) diff --git a/flake.lock b/flake.lock index 818a43f..29dfa51 100644 --- a/flake.lock +++ b/flake.lock @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1705400161, - "narHash": "sha256-0MFaNIwwpVWB1N9m7cfHAM2pSVtYESQ7tlHxnDTOhM4=", + "lastModified": 1706085261, + "narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "521fb4cdd8a2e1a00d1adf0fea7135d1faf04234", + "rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705781397, - "narHash": "sha256-pOlDs1paCIAhr84QjFG72iv4iBsr0pIQyItxRHJhevE=", + "lastModified": 1706306662, + "narHash": "sha256-CVeZHdqbJ63Z+2l9FNcje6AfTdG4Y3WbFHuEn0RFUl0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5b6c179f7b7adce1ee234df23e5cb9f1a78f87b", + "rev": "11d4781721d16e949fbd61f67bc6b09341b7bfc6", "type": "github" }, "original": { @@ -84,21 +84,6 @@ "type": "github" } }, - "nixpkgs-22_11": { - "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, "nixpkgs-23-05": { "locked": { "lastModified": 1705033721, @@ -117,11 +102,11 @@ }, "nixpkgs-23_05": { "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" }, "original": { @@ -132,11 +117,11 @@ }, "nixpkgs-23_11": { "locked": { - "lastModified": 1705774713, - "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", + "lastModified": 1706098335, + "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", + "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", "type": "github" }, "original": { @@ -147,11 +132,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1705847418, - "narHash": "sha256-I0EzjhMl5D/PI54DYhL/9iXmFmNb75M7PJ8/yrU5Z1A=", + "lastModified": 1706275741, + "narHash": "sha256-53O2JHFdDTWHzTfLkZRAZVAk9ntChFhcTTnAtj6bJKE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7da66b359bcffc532b67035b54b49c25b0c0480c", + "rev": "7ac72b3ee2af9bab80d66addd9b237277cc975c5", "type": "github" }, "original": { @@ -163,11 +148,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1670751203, - "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -190,17 +175,16 @@ "blobs": "blobs", "flake-compat": "flake-compat", "nixpkgs": "nixpkgs_2", - "nixpkgs-22_11": "nixpkgs-22_11", "nixpkgs-23_05": "nixpkgs-23_05", "nixpkgs-23_11": "nixpkgs-23_11", "utils": "utils" }, "locked": { - "lastModified": 1703023684, - "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=", + "lastModified": 1706219574, + "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "4bfb8eb058f098302c97b909df2d019926e11220", + "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", "type": "gitlab" }, "original": { From 6ef85e03639ec6e93eab8990e17937c3c76894bd Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 28 Jan 2024 04:45:56 +0100 Subject: [PATCH 03/30] Use jackett packge from unstable to work around faulty test --- config/hosts/torrent/jackett.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/hosts/torrent/jackett.nix b/config/hosts/torrent/jackett.nix index 1b8707e..6aa6e5e 100644 --- a/config/hosts/torrent/jackett.nix +++ b/config/hosts/torrent/jackett.nix @@ -1,6 +1,8 @@ -{ ... }: +{ nixpkgs-unstable, ... }: { services.jackett = { enable = true; + # use package from unstable to work around faulty test in older jackett version + package = nixpkgs-unstable.legacyPackages."x86_64-linux".jackett; }; } From 6228a20bf988dab923562cae0ad611b6303af63b Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 28 Jan 2024 04:46:35 +0100 Subject: [PATCH 04/30] Update mastodon to 4.2.4 --- config/hosts/mastodon/mastodon.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/hosts/mastodon/mastodon.nix b/config/hosts/mastodon/mastodon.nix index 79c0da0..4bb680c 100644 --- a/config/hosts/mastodon/mastodon.nix +++ b/config/hosts/mastodon/mastodon.nix @@ -6,12 +6,12 @@ let }; mastodonNekoverseOverlay = final: prev: { mastodon = (prev.mastodon.override rec { - version = "4.2.3"; + version = "4.2.4"; srcOverride = final.applyPatches { src = final.fetchgit { url = "https://github.com/mastodon/mastodon.git"; rev = "v${version}"; - sha256 = "sha256-e8O4kxsrHf+wEtl4S57xIL1VEvhUSjyCbmz4r9p8Zhw="; + sha256 = "sha256-YPGOe9wywRls26PqEbqFeQRg7rcnRBO2NyiNW1fssts="; }; patches = [ "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch" From 4b660505e7125fc1f1f0a13f1cd7a13af881798b Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 28 Jan 2024 04:46:51 +0100 Subject: [PATCH 05/30] Update element-web to 1.11.55 --- config/hosts/web-public-2/virtualHosts/element.nekover.se.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix index 12a2abb..4d5e3b9 100644 --- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix @@ -1,9 +1,9 @@ { pkgs, ... }: let - elementWebVersion = "1.11.53"; + elementWebVersion = "1.11.55"; element-web = pkgs.fetchzip { url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz"; - sha256 = "sha256-asgx8g9xswBxdQCVnwaeQ2ycqNlfQzBiKc3Uk9GEWCM="; + sha256 = "sha256-lM1P23MTqAgrw3vjNSzDswmn0n8SRY6dBD0aELmoqsQ="; }; elementWebSecurityHeaders = '' # Configuration best practices From b131ca9ecb2f3de5981f5fa4d1f15aaa4f63671e Mon Sep 17 00:00:00 2001 From: yuri Date: Thu, 1 Feb 2024 18:05:58 +0100 Subject: [PATCH 06/30] Update mastodon to 4.2.5 --- config/hosts/mastodon/mastodon.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/hosts/mastodon/mastodon.nix b/config/hosts/mastodon/mastodon.nix index 4bb680c..7822faa 100644 --- a/config/hosts/mastodon/mastodon.nix +++ b/config/hosts/mastodon/mastodon.nix @@ -6,12 +6,12 @@ let }; mastodonNekoverseOverlay = final: prev: { mastodon = (prev.mastodon.override rec { - version = "4.2.4"; + version = "4.2.5"; srcOverride = final.applyPatches { src = final.fetchgit { url = "https://github.com/mastodon/mastodon.git"; rev = "v${version}"; - sha256 = "sha256-YPGOe9wywRls26PqEbqFeQRg7rcnRBO2NyiNW1fssts="; + sha256 = "sha256-dgC5V/CVE9F1ORTjPWUWc/JVcWCEj/pb4eWpDV0WliY="; }; patches = [ "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch" From 8b7fb23735269ae9275b0bf67e677db0eaff0470 Mon Sep 17 00:00:00 2001 From: yuri Date: Thu, 1 Feb 2024 18:06:17 +0100 Subject: [PATCH 07/30] Enable new Element calls in element-web --- .../virtualHosts/element-web-config/config.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/config/hosts/web-public-2/virtualHosts/element-web-config/config.json b/config/hosts/web-public-2/virtualHosts/element-web-config/config.json index 9877940..1da5a3e 100644 --- a/config/hosts/web-public-2/virtualHosts/element-web-config/config.json +++ b/config/hosts/web-public-2/virtualHosts/element-web-config/config.json @@ -27,7 +27,10 @@ "default_country_code": "DE", "show_labs_settings": true, "features": { - "feature_dehydration": true + "feature_dehydration": true, + "feature_video_rooms": true, + "feature_element_call_video_rooms": true, + "feature_group_calls": true }, "default_federate": true, "default_theme": "dark", @@ -47,4 +50,4 @@ "jitsi": { "preferredDomain": "meet.element.io" } -} +} \ No newline at end of file From 67d71bfec1b380c5ca7c4628983f4e4fe2e74601 Mon Sep 17 00:00:00 2001 From: yuri Date: Fri, 8 Mar 2024 00:27:23 +0100 Subject: [PATCH 08/30] Bump element-web to 1.11.58 --- config/hosts/web-public-2/virtualHosts/element.nekover.se.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix index 4d5e3b9..876a25e 100644 --- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix @@ -1,9 +1,9 @@ { pkgs, ... }: let - elementWebVersion = "1.11.55"; + elementWebVersion = "1.11.58"; element-web = pkgs.fetchzip { url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz"; - sha256 = "sha256-lM1P23MTqAgrw3vjNSzDswmn0n8SRY6dBD0aELmoqsQ="; + sha256 = "sha256-986R9DIGD0twoVXAVHyeO33uLz4CZsajgv5Gn2vd2gE="; }; elementWebSecurityHeaders = '' # Configuration best practices From a7aef45adf3b4d020040b4557737e4d7664a9867 Mon Sep 17 00:00:00 2001 From: yuri Date: Fri, 8 Mar 2024 00:27:55 +0100 Subject: [PATCH 09/30] Bump mastodon to 4.2.8 --- config/hosts/mastodon/mastodon.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/hosts/mastodon/mastodon.nix b/config/hosts/mastodon/mastodon.nix index 7822faa..7c055e6 100644 --- a/config/hosts/mastodon/mastodon.nix +++ b/config/hosts/mastodon/mastodon.nix @@ -6,12 +6,12 @@ let }; mastodonNekoverseOverlay = final: prev: { mastodon = (prev.mastodon.override rec { - version = "4.2.5"; + version = "4.2.8"; srcOverride = final.applyPatches { src = final.fetchgit { url = "https://github.com/mastodon/mastodon.git"; rev = "v${version}"; - sha256 = "sha256-dgC5V/CVE9F1ORTjPWUWc/JVcWCEj/pb4eWpDV0WliY="; + sha256 = "sha256-7/E7iHqJxmYSorXYti7h8EbP7wcOAaD04ToLeU2I/nY="; }; patches = [ "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch" From e12d341f6c805f22e3b2acd1d198be36293160a3 Mon Sep 17 00:00:00 2001 From: yuri Date: Fri, 8 Mar 2024 00:28:42 +0100 Subject: [PATCH 10/30] Add nixpkgs master channel --- flake.lock | 43 ++++++++++++++++++++++++++++++------------- flake.nix | 7 ++++--- 2 files changed, 34 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 29dfa51..05eff3a 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ }, "nixlib": { "locked": { - "lastModified": 1693701915, - "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", + "lastModified": 1708821942, + "narHash": "sha256-jd+E1SD59qty65pwqad2mftzkT6vW5nNFWVuvayh4Zw=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", + "rev": "479831ed8b3c9c7b80533999f880c7d0bf6a491b", "type": "github" }, "original": { @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1706085261, - "narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=", + "lastModified": 1708940320, + "narHash": "sha256-QOWRJlqT5FRESiaO42/QV/GbSRNKSa4XUDs3cNQsoWI=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132", + "rev": "5b7772406956f95e8a0e1f27218b1e7cf6e9164a", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1706306662, - "narHash": "sha256-CVeZHdqbJ63Z+2l9FNcje6AfTdG4Y3WbFHuEn0RFUl0=", + "lastModified": 1708905176, + "narHash": "sha256-pphkt8iO8CV/TugI7bsPOvFzi5mRSifkEQiwqYBK28s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "11d4781721d16e949fbd61f67bc6b09341b7bfc6", + "rev": "227a4c47bef2390a7925693c51489e84169b1957", "type": "github" }, "original": { @@ -130,13 +130,29 @@ "type": "indirect" } }, - "nixpkgs-unstable": { + "nixpkgs-master": { "locked": { - "lastModified": 1706275741, - "narHash": "sha256-53O2JHFdDTWHzTfLkZRAZVAk9ntChFhcTTnAtj6bJKE=", + "lastModified": 1708963602, + "narHash": "sha256-ODloNfAj9CUN44L1VEvjh5nwV6pseDUZ3/lI6IgYUeo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ac72b3ee2af9bab80d66addd9b237277cc975c5", + "rev": "cd2ec848a90ffdbe716c8829e6c4f75406c5b1a3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1708954320, + "narHash": "sha256-n3LXNMlz7ORCjfIrIUo19a844Fec2+yg7k6NspdVCxs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "94cda73bf2fd675de987db7c3ac81e861b892266", "type": "github" }, "original": { @@ -166,6 +182,7 @@ "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", "nixpkgs-23-05": "nixpkgs-23-05", + "nixpkgs-master": "nixpkgs-master", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } diff --git a/flake.nix b/flake.nix index 585b96e..c789cbb 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,7 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixpkgs-23-05.url = "github:NixOS/nixpkgs/nixos-23.05-small"; nixos-generators = { url = "github:nix-community/nixos-generators"; @@ -10,7 +11,7 @@ simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-23-05, nixos-generators, simple-nixos-mailserver, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixpkgs-23-05, nixos-generators, simple-nixos-mailserver, ... }@inputs: let hosts = import ./hosts.nix inputs; helper = import ./helper.nix inputs; @@ -28,7 +29,7 @@ nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts; specialArgs = { - inherit nixpkgs-unstable hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; # Provide environment for secret key command keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ]; @@ -38,7 +39,7 @@ hydraJobs = { nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host { - inherit nixpkgs-unstable hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; }) hosts; }; From 0582c1ea17f78388ad132c90860f147395980550 Mon Sep 17 00:00:00 2001 From: yuri Date: Fri, 8 Mar 2024 00:51:14 +0100 Subject: [PATCH 11/30] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/5b7772406956f95e8a0e1f27218b1e7cf6e9164a' (2024-02-26) → 'github:nix-community/nixos-generators/10e801a76fa611f8ce7937e2c9b7677888a54fa0' (2024-03-07) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/479831ed8b3c9c7b80533999f880c7d0bf6a491b' (2024-02-25) → 'github:nix-community/nixpkgs.lib/7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c' (2024-03-03) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/227a4c47bef2390a7925693c51489e84169b1957' (2024-02-25) → 'github:NixOS/nixpkgs/03e303468a0b89792bc40c2f3a7cd8a322b66fad' (2024-03-06) • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/cd2ec848a90ffdbe716c8829e6c4f75406c5b1a3' (2024-02-26) → 'github:NixOS/nixpkgs/c8cd65298e567e1e604431e4544361e365410f8c' (2024-03-07) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/94cda73bf2fd675de987db7c3ac81e861b892266' (2024-02-26) → 'github:NixOS/nixpkgs/413506a7ca983170cc8c7bc47f0845a2e6e03e95' (2024-03-07) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 05eff3a..ad3ce5b 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ }, "nixlib": { "locked": { - "lastModified": 1708821942, - "narHash": "sha256-jd+E1SD59qty65pwqad2mftzkT6vW5nNFWVuvayh4Zw=", + "lastModified": 1709426687, + "narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "479831ed8b3c9c7b80533999f880c7d0bf6a491b", + "rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c", "type": "github" }, "original": { @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1708940320, - "narHash": "sha256-QOWRJlqT5FRESiaO42/QV/GbSRNKSa4XUDs3cNQsoWI=", + "lastModified": 1709821158, + "narHash": "sha256-76L6tymnmFY3zDPBi0Mi5G6HcISHKw7xHuYYmzKrTK4=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "5b7772406956f95e8a0e1f27218b1e7cf6e9164a", + "rev": "10e801a76fa611f8ce7937e2c9b7677888a54fa0", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1708905176, - "narHash": "sha256-pphkt8iO8CV/TugI7bsPOvFzi5mRSifkEQiwqYBK28s=", + "lastModified": 1709763014, + "narHash": "sha256-CopSGZnFg+7n7WwBZ/iqIQhLJo0Xc59OWQo9zN9gmwo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "227a4c47bef2390a7925693c51489e84169b1957", + "rev": "03e303468a0b89792bc40c2f3a7cd8a322b66fad", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1708963602, - "narHash": "sha256-ODloNfAj9CUN44L1VEvjh5nwV6pseDUZ3/lI6IgYUeo=", + "lastModified": 1709855257, + "narHash": "sha256-1G57sSUmJ6Pi6WLlOEC3x43mEMECKU4NDkRfNdaHUs0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cd2ec848a90ffdbe716c8829e6c4f75406c5b1a3", + "rev": "c8cd65298e567e1e604431e4544361e365410f8c", "type": "github" }, "original": { @@ -148,11 +148,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1708954320, - "narHash": "sha256-n3LXNMlz7ORCjfIrIUo19a844Fec2+yg7k6NspdVCxs=", + "lastModified": 1709812245, + "narHash": "sha256-i/RysAZgUYsu8618g3yKG65J3CRUIOUPqo+TckMR6iE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "94cda73bf2fd675de987db7c3ac81e861b892266", + "rev": "413506a7ca983170cc8c7bc47f0845a2e6e03e95", "type": "github" }, "original": { From 212b674360d5523d510f60b7ba1c1bce7e2f8de0 Mon Sep 17 00:00:00 2001 From: yuri Date: Fri, 8 Mar 2024 01:22:37 +0100 Subject: [PATCH 12/30] Patch mastodon for longer profile descriptions --- config/hosts/mastodon/mastodon.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/config/hosts/mastodon/mastodon.nix b/config/hosts/mastodon/mastodon.nix index 7c055e6..f36e682 100644 --- a/config/hosts/mastodon/mastodon.nix +++ b/config/hosts/mastodon/mastodon.nix @@ -2,7 +2,7 @@ let mastodonNekoversePatches = pkgs.fetchgit { url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git"; - hash = "sha256-2ZTwgcApKrXnO6isJFZk2oLaFB8hm1OAlPxftxXL25g="; + hash = "sha256-Fcbuj5BGkQd3X/gViqqB+NRIvjUlUED32tNEJrzYh5o="; }; mastodonNekoverseOverlay = final: prev: { mastodon = (prev.mastodon.override rec { @@ -18,9 +18,8 @@ let "${mastodonNekoversePatches}/patches/002_disable_image_reprocessing.patch" "${mastodonNekoversePatches}/patches/003_make_toot_cute.patch" "${mastodonNekoversePatches}/patches/005_improve_custom_emoji_support.patch" - "${mastodonNekoversePatches}/patches/006_increase_display_name_character_limit.patch" + "${mastodonNekoversePatches}/patches/006_increase_profile_limits.patch" "${mastodonNekoversePatches}/patches/007_increase_toot_character_limit.patch" - "${mastodonNekoversePatches}/patches/008_increase_profile_metadata_limit.patch" ]; }; yarnHash = "sha256-qoLesubmSvRsXhKwMEWHHXcpcqRszqcdZgHQqnTpNPE="; From b751159789644736df7976637fc3d49c08077fa5 Mon Sep 17 00:00:00 2001 From: yuri Date: Fri, 8 Mar 2024 01:23:26 +0100 Subject: [PATCH 13/30] Bump element-web to 1.11.59 --- config/hosts/web-public-2/virtualHosts/element.nekover.se.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix index 876a25e..2c102a3 100644 --- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix @@ -1,9 +1,9 @@ { pkgs, ... }: let - elementWebVersion = "1.11.58"; + elementWebVersion = "1.11.59"; element-web = pkgs.fetchzip { url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz"; - sha256 = "sha256-986R9DIGD0twoVXAVHyeO33uLz4CZsajgv5Gn2vd2gE="; + sha256 = "sha256-iVTd5zWUJh9wkbKMh+5hq0ucQaLLY29w1xCLxDIdQ18="; }; elementWebSecurityHeaders = '' # Configuration best practices From cfbd7192f7809a8c3c2ae816d13a572f10e73fe8 Mon Sep 17 00:00:00 2001 From: yuri Date: Mon, 15 Apr 2024 20:02:16 +0200 Subject: [PATCH 14/30] bump flake.lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index ad3ce5b..8886adc 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ }, "nixlib": { "locked": { - "lastModified": 1709426687, - "narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=", + "lastModified": 1712450863, + "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c", + "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f", "type": "github" }, "original": { @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1709821158, - "narHash": "sha256-76L6tymnmFY3zDPBi0Mi5G6HcISHKw7xHuYYmzKrTK4=", + "lastModified": 1712537332, + "narHash": "sha256-yYlxv1sg/TNl6hghjAe0ct+/p5PwXiT1mpuaExjhR88=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "10e801a76fa611f8ce7937e2c9b7677888a54fa0", + "rev": "d942db8df8ee860556a38754f15b8d03bf7e6933", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709763014, - "narHash": "sha256-CopSGZnFg+7n7WwBZ/iqIQhLJo0Xc59OWQo9zN9gmwo=", + "lastModified": 1713180868, + "narHash": "sha256-5CSnPSCEWeUmrFiLuYIQIPQzPrpCB8x3VhE+oXLRO3k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "03e303468a0b89792bc40c2f3a7cd8a322b66fad", + "rev": "140546acf30a8212a03a88ded8506413fa3b5d21", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1709855257, - "narHash": "sha256-1G57sSUmJ6Pi6WLlOEC3x43mEMECKU4NDkRfNdaHUs0=", + "lastModified": 1713201277, + "narHash": "sha256-xHxbvpjepaDEc3DxJNMCWOFyBqW7yIANbUU+yWSL9+c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c8cd65298e567e1e604431e4544361e365410f8c", + "rev": "fc69edccf533e2731ab8850c59482907e0d4fc28", "type": "github" }, "original": { @@ -148,11 +148,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1709812245, - "narHash": "sha256-i/RysAZgUYsu8618g3yKG65J3CRUIOUPqo+TckMR6iE=", + "lastModified": 1713156337, + "narHash": "sha256-oPG4CUVQGc/8q0k4nS8YK44o2q14cqQSo9OijH1E+Vs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "413506a7ca983170cc8c7bc47f0845a2e6e03e95", + "rev": "b941d525061a6e4f43882318225799c901f1ad40", "type": "github" }, "original": { From 9dc6f69911c8c52cf0251a4a0e36ff51a89ae598 Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 5 May 2024 21:54:03 +0200 Subject: [PATCH 15/30] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/d942db8df8ee860556a38754f15b8d03bf7e6933' (2024-04-08) → 'github:nix-community/nixos-generators/722b512eb7e6915882f39fff0e4c9dd44f42b77e' (2024-04-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/140546acf30a8212a03a88ded8506413fa3b5d21' (2024-04-15) → 'github:NixOS/nixpkgs/1552982a8e5848fe2fec7d669d54ee86aa743101' (2024-05-05) • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/fc69edccf533e2731ab8850c59482907e0d4fc28' (2024-04-15) → 'github:NixOS/nixpkgs/f1edf105d0bde9776d5060b5f8dcc16aea86cb44' (2024-05-05) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/b941d525061a6e4f43882318225799c901f1ad40' (2024-04-15) → 'github:NixOS/nixpkgs/9f5a6d72fa3985e4cd8fca3926d14ae8b54bcf75' (2024-05-05) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8886adc..184a7b1 100644 --- a/flake.lock +++ b/flake.lock @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1712537332, - "narHash": "sha256-yYlxv1sg/TNl6hghjAe0ct+/p5PwXiT1mpuaExjhR88=", + "lastModified": 1713783234, + "narHash": "sha256-3yh0nqI1avYUmmtqqTW3EVfwaLE+9ytRWxsA5aWtmyI=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d942db8df8ee860556a38754f15b8d03bf7e6933", + "rev": "722b512eb7e6915882f39fff0e4c9dd44f42b77e", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713180868, - "narHash": "sha256-5CSnPSCEWeUmrFiLuYIQIPQzPrpCB8x3VhE+oXLRO3k=", + "lastModified": 1714902782, + "narHash": "sha256-TdQNxaviQZlGU1VakHpDq3qqhP+0HhieieYRGZN46Ec=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "140546acf30a8212a03a88ded8506413fa3b5d21", + "rev": "1552982a8e5848fe2fec7d669d54ee86aa743101", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1713201277, - "narHash": "sha256-xHxbvpjepaDEc3DxJNMCWOFyBqW7yIANbUU+yWSL9+c=", + "lastModified": 1714938357, + "narHash": "sha256-CZmX0Dm7HhEBNMoeRDQIS6Ltd+kVtRVMPIt5iW9urQQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fc69edccf533e2731ab8850c59482907e0d4fc28", + "rev": "f1edf105d0bde9776d5060b5f8dcc16aea86cb44", "type": "github" }, "original": { @@ -148,11 +148,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1713156337, - "narHash": "sha256-oPG4CUVQGc/8q0k4nS8YK44o2q14cqQSo9OijH1E+Vs=", + "lastModified": 1714923658, + "narHash": "sha256-f54abULm+mOb74m4iDMbXpEsIClOu56q5u6ijbiuIbs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b941d525061a6e4f43882318225799c901f1ad40", + "rev": "9f5a6d72fa3985e4cd8fca3926d14ae8b54bcf75", "type": "github" }, "original": { From ac7b440963ac7fc961a09cc1bdc9f45750300d30 Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 26 May 2024 14:23:25 +0200 Subject: [PATCH 16/30] Remove unifi-controller --- .../hosts/unifi-controller/configuration.nix | 23 ------------------- config/hosts/unifi-controller/default.nix | 7 ------ config/hosts/unifi-controller/unifi.nix | 12 ---------- hosts.nix | 4 ---- 4 files changed, 46 deletions(-) delete mode 100644 config/hosts/unifi-controller/configuration.nix delete mode 100644 config/hosts/unifi-controller/default.nix delete mode 100644 config/hosts/unifi-controller/unifi.nix diff --git a/config/hosts/unifi-controller/configuration.nix b/config/hosts/unifi-controller/configuration.nix deleted file mode 100644 index 565cdf7..0000000 --- a/config/hosts/unifi-controller/configuration.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: -{ - boot.loader.grub = { - enable = true; - device = "/dev/vda"; - }; - - networking = { - hostName = "unifi-controller"; - firewall = { - allowedTCPPorts = [ 53 8080 8443 8880 8843 6789 27117 ]; - allowedUDPPorts = [ 53 3478 5514 10001 1900 123 ]; - allowedUDPPortRanges = [ - { - from = 5656; - to = 5699; - } - ]; - }; - }; - - system.stateVersion = "23.11"; -} diff --git a/config/hosts/unifi-controller/default.nix b/config/hosts/unifi-controller/default.nix deleted file mode 100644 index f66e094..0000000 --- a/config/hosts/unifi-controller/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - imports = [ - ./configuration.nix - ./unifi.nix - ]; -} diff --git a/config/hosts/unifi-controller/unifi.nix b/config/hosts/unifi-controller/unifi.nix deleted file mode 100644 index 75a7094..0000000 --- a/config/hosts/unifi-controller/unifi.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, lib, ... }: -{ - services.unifi = { - enable = true; - unifiPackage = pkgs.unifi; - }; - - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "unifi-controller" - "mongodb" - ]; -} diff --git a/hosts.nix b/hosts.nix index 80145ea..4bebbbc 100644 --- a/hosts.nix +++ b/hosts.nix @@ -114,10 +114,6 @@ in site = "vs"; environment = "proxmox"; }; - unifi-controller = { - site = "wg"; - environment = "proxmox"; - }; valkyrie = { hostNixpkgs = nixpkgs-23-05; site = "af"; From 2a919ae848a37fe53ac774be8c89dd163c3d82a1 Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 26 May 2024 14:30:59 +0200 Subject: [PATCH 17/30] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/722b512eb7e6915882f39fff0e4c9dd44f42b77e' (2024-04-22) → 'github:nix-community/nixos-generators/d14b286322c7f4f897ca4b1726ce38cb68596c94' (2024-05-20) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1552982a8e5848fe2fec7d669d54ee86aa743101' (2024-05-05) → 'github:NixOS/nixpkgs/8ed72179617b1b4dbd15134371daf4e9c4c039ee' (2024-05-26) • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/f1edf105d0bde9776d5060b5f8dcc16aea86cb44' (2024-05-05) → 'github:NixOS/nixpkgs/61f95814d35e9faf61aa1dd81bd7acdf9a5514b9' (2024-05-26) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/9f5a6d72fa3985e4cd8fca3926d14ae8b54bcf75' (2024-05-05) → 'github:NixOS/nixpkgs/8debaa1f45995e3a621c1f55c09bf68e214f5878' (2024-05-26) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 184a7b1..52edb0e 100644 --- a/flake.lock +++ b/flake.lock @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1713783234, - "narHash": "sha256-3yh0nqI1avYUmmtqqTW3EVfwaLE+9ytRWxsA5aWtmyI=", + "lastModified": 1716210724, + "narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "722b512eb7e6915882f39fff0e4c9dd44f42b77e", + "rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714902782, - "narHash": "sha256-TdQNxaviQZlGU1VakHpDq3qqhP+0HhieieYRGZN46Ec=", + "lastModified": 1716702362, + "narHash": "sha256-1iExBg0gqYHqSEwALu4LYPOKlJMbUUbsfhsGZf2mi0M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1552982a8e5848fe2fec7d669d54ee86aa743101", + "rev": "8ed72179617b1b4dbd15134371daf4e9c4c039ee", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1714938357, - "narHash": "sha256-CZmX0Dm7HhEBNMoeRDQIS6Ltd+kVtRVMPIt5iW9urQQ=", + "lastModified": 1716726580, + "narHash": "sha256-qfzXu2ar19X9GUg//K2IrMbwHbmaZPVktSmtLtMSe7s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f1edf105d0bde9776d5060b5f8dcc16aea86cb44", + "rev": "61f95814d35e9faf61aa1dd81bd7acdf9a5514b9", "type": "github" }, "original": { @@ -148,11 +148,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1714923658, - "narHash": "sha256-f54abULm+mOb74m4iDMbXpEsIClOu56q5u6ijbiuIbs=", + "lastModified": 1716704148, + "narHash": "sha256-XsWxhtvSUsft43XbSkpSroSyUyXj4focTG2CFCx1wqE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f5a6d72fa3985e4cd8fca3926d14ae8b54bcf75", + "rev": "8debaa1f45995e3a621c1f55c09bf68e214f5878", "type": "github" }, "original": { From 65664b2f20f0298d7d7ce5fccf9f6188ef0882c0 Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 26 May 2024 16:03:05 +0200 Subject: [PATCH 18/30] Get keycloak 23.0.7 from master --- config/hosts/keycloak/keycloak.nix | 3 ++- flake.lock | 17 +++++++++++++++++ flake.nix | 7 ++++--- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/config/hosts/keycloak/keycloak.nix b/config/hosts/keycloak/keycloak.nix index 79e9a96..0937e24 100644 --- a/config/hosts/keycloak/keycloak.nix +++ b/config/hosts/keycloak/keycloak.nix @@ -1,7 +1,8 @@ -{ ... }: +{ nixpkgs-master-keycloak-23_0_7, ... }: { services.keycloak = { enable = true; + package = nixpkgs-master-keycloak-23_0_7.legacyPackages."x86_64-linux".keycloak; settings = { hostname = "id.nekover.se"; hostname-admin = "keycloak-admin.nekover.se"; diff --git a/flake.lock b/flake.lock index 52edb0e..0535751 100644 --- a/flake.lock +++ b/flake.lock @@ -146,6 +146,22 @@ "type": "github" } }, + "nixpkgs-master-keycloak-23_0_7": { + "locked": { + "lastModified": 1708610845, + "narHash": "sha256-2ta+qGOkQJOeDx00bzxmjP0XO38xkJjZDDA+hq/04SM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "edc6a7a312c4f914f9bded421efa6f0b1b715693", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "edc6a7a312c4f914f9bded421efa6f0b1b715693", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1716704148, @@ -183,6 +199,7 @@ "nixpkgs": "nixpkgs", "nixpkgs-23-05": "nixpkgs-23-05", "nixpkgs-master": "nixpkgs-master", + "nixpkgs-master-keycloak-23_0_7": "nixpkgs-master-keycloak-23_0_7", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } diff --git a/flake.nix b/flake.nix index c789cbb..9abb06c 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-master.url = "github:NixOS/nixpkgs/master"; + nixpkgs-master-keycloak-23_0_7.url = "github:NixOS/nixpkgs/edc6a7a312c4f914f9bded421efa6f0b1b715693"; nixpkgs-23-05.url = "github:NixOS/nixpkgs/nixos-23.05-small"; nixos-generators = { url = "github:nix-community/nixos-generators"; @@ -11,7 +12,7 @@ simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixpkgs-23-05, nixos-generators, simple-nixos-mailserver, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixpkgs-master-keycloak-23_0_7, nixpkgs-23-05, nixos-generators, simple-nixos-mailserver, ... }@inputs: let hosts = import ./hosts.nix inputs; helper = import ./helper.nix inputs; @@ -29,7 +30,7 @@ nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts; specialArgs = { - inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master nixpkgs-master-keycloak-23_0_7 hosts simple-nixos-mailserver; # Provide environment for secret key command keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ]; @@ -39,7 +40,7 @@ hydraJobs = { nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host { - inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master nixpkgs-master-keycloak-23_0_7 hosts simple-nixos-mailserver; }) hosts; }; From 1ac40436601c386cfabe55362cf63a6b1a42ad56 Mon Sep 17 00:00:00 2001 From: yuri Date: Sun, 26 May 2024 16:20:34 +0200 Subject: [PATCH 19/30] Bump element-web to 1.11.67 --- config/hosts/web-public-2/virtualHosts/element.nekover.se.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix index 2c102a3..3316006 100644 --- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix @@ -1,9 +1,9 @@ { pkgs, ... }: let - elementWebVersion = "1.11.59"; + elementWebVersion = "1.11.67"; element-web = pkgs.fetchzip { url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz"; - sha256 = "sha256-iVTd5zWUJh9wkbKMh+5hq0ucQaLLY29w1xCLxDIdQ18="; + sha256 = "sha256-Mleha39aEwa+qbJCVW1RmGDHb/noX9+Zo2IvjaLxhtE="; }; elementWebSecurityHeaders = '' # Configuration best practices From 17efcd53b70857bb342eac27eb1f42a40d3247a6 Mon Sep 17 00:00:00 2001 From: yuri Date: Fri, 31 May 2024 17:12:26 +0200 Subject: [PATCH 20/30] Bump mastodon to v4.2.9 --- config/hosts/mastodon/mastodon.nix | 4 ++-- flake.lock | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/config/hosts/mastodon/mastodon.nix b/config/hosts/mastodon/mastodon.nix index f36e682..cb13ab5 100644 --- a/config/hosts/mastodon/mastodon.nix +++ b/config/hosts/mastodon/mastodon.nix @@ -6,12 +6,12 @@ let }; mastodonNekoverseOverlay = final: prev: { mastodon = (prev.mastodon.override rec { - version = "4.2.8"; + version = "4.2.9"; srcOverride = final.applyPatches { src = final.fetchgit { url = "https://github.com/mastodon/mastodon.git"; rev = "v${version}"; - sha256 = "sha256-7/E7iHqJxmYSorXYti7h8EbP7wcOAaD04ToLeU2I/nY="; + sha256 = "sha256-VjR4lXlb1p8mmpOGxPqbmCCEaB7SP90ccPSMfGFx6IQ="; }; patches = [ "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch" diff --git a/flake.lock b/flake.lock index 0535751..791aca5 100644 --- a/flake.lock +++ b/flake.lock @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716702362, - "narHash": "sha256-1iExBg0gqYHqSEwALu4LYPOKlJMbUUbsfhsGZf2mi0M=", + "lastModified": 1717106496, + "narHash": "sha256-CXCHENGIy/SNEHBTLH2Pz/J9XvcTPnk73QROAEHtGM0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8ed72179617b1b4dbd15134371daf4e9c4c039ee", + "rev": "2ac5652e83ddfca412a4b338714cb9afb27357d0", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1716726580, - "narHash": "sha256-qfzXu2ar19X9GUg//K2IrMbwHbmaZPVktSmtLtMSe7s=", + "lastModified": 1717165608, + "narHash": "sha256-mm/4TxdqIzONGiXuJQQEIfoFdB72aW7SQUqiLJ6pEjE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "61f95814d35e9faf61aa1dd81bd7acdf9a5514b9", + "rev": "1ee0e2dcfecd93168f757deff4ed33d7d574484c", "type": "github" }, "original": { @@ -164,11 +164,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716704148, - "narHash": "sha256-XsWxhtvSUsft43XbSkpSroSyUyXj4focTG2CFCx1wqE=", + "lastModified": 1717112898, + "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8debaa1f45995e3a621c1f55c09bf68e214f5878", + "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", "type": "github" }, "original": { From ed52371cbe5e2a21f13329e1ca305eca1dca4119 Mon Sep 17 00:00:00 2001 From: yuri Date: Tue, 25 Jun 2024 22:56:12 +0200 Subject: [PATCH 21/30] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/4be04c4f5d112f662df788262113b488d21352ec' (2024-06-25) → 'github:NixOS/nixpkgs/8cce9d0ae31e51a5505650daa046fb22960766ed' (2024-06-25) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 791aca5..1995d10 100644 --- a/flake.lock +++ b/flake.lock @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1716210724, - "narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=", + "lastModified": 1718025593, + "narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94", + "rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717106496, - "narHash": "sha256-CXCHENGIy/SNEHBTLH2Pz/J9XvcTPnk73QROAEHtGM0=", + "lastModified": 1719160247, + "narHash": "sha256-mWvCCJFG7RFMFXyQHdxDX56RKYdzXmQ25sy69uRQ8BI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2ac5652e83ddfca412a4b338714cb9afb27357d0", + "rev": "74b529ef56db2bc5ac41b40dca2e57e222964e3a", "type": "github" }, "original": { @@ -132,11 +132,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1717165608, - "narHash": "sha256-mm/4TxdqIzONGiXuJQQEIfoFdB72aW7SQUqiLJ6pEjE=", + "lastModified": 1719348949, + "narHash": "sha256-uohZYX9g9MuEZlzME38gJyMpNK/bIixzuLkQn3CG5yg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1ee0e2dcfecd93168f757deff4ed33d7d574484c", + "rev": "8cce9d0ae31e51a5505650daa046fb22960766ed", "type": "github" }, "original": { @@ -164,11 +164,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1717112898, - "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", + "lastModified": 1719327525, + "narHash": "sha256-fPWiFM4aYbK9zGTt3KJ9CwX//iyElRiNHWNj2hk3i0E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", + "rev": "191a3fd9786d09c8d82e89ed68c4463e7be09b3e", "type": "github" }, "original": { From 81a478481662b540e9846b01a1000ac004aa750b Mon Sep 17 00:00:00 2001 From: yuri Date: Mon, 1 Jul 2024 15:57:16 +0200 Subject: [PATCH 22/30] Bump nix channel versions --- flake.nix | 7 +++---- hosts.nix | 3 +-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index 9abb06c..1520a61 100644 --- a/flake.nix +++ b/flake.nix @@ -1,18 +1,17 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixpkgs-master-keycloak-23_0_7.url = "github:NixOS/nixpkgs/edc6a7a312c4f914f9bded421efa6f0b1b715693"; - nixpkgs-23-05.url = "github:NixOS/nixpkgs/nixos-23.05-small"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixpkgs-master-keycloak-23_0_7, nixpkgs-23-05, nixos-generators, simple-nixos-mailserver, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixpkgs-master-keycloak-23_0_7, nixos-generators, simple-nixos-mailserver, ... }@inputs: let hosts = import ./hosts.nix inputs; helper = import ./helper.nix inputs; diff --git a/hosts.nix b/hosts.nix index 4bebbbc..5de4e6f 100644 --- a/hosts.nix +++ b/hosts.nix @@ -1,4 +1,4 @@ -{ nixpkgs, nixpkgs-unstable, nixpkgs-23-05, ... }: +{ nixpkgs, nixpkgs-unstable, ... }: let # Set of environment specific modules environments = { @@ -115,7 +115,6 @@ in environment = "proxmox"; }; valkyrie = { - hostNixpkgs = nixpkgs-23-05; site = "af"; environment = "openstack"; }; From 8c7f484512faad5766ed50dd94a4c455d40f94e1 Mon Sep 17 00:00:00 2001 From: yuri Date: Mon, 1 Jul 2024 15:58:50 +0200 Subject: [PATCH 23/30] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/35c20ba421dfa5059e20e0ef2343c875372bdcf3' (2024-06-10) → 'github:nix-community/nixos-generators/140dcc2b9a0eb87ba5e9011076a1a7af19179ab1' (2024-07-01) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/3c62b6a12571c9a7f65ab037173ee153d539905f' (2024-04-07) → 'github:nix-community/nixpkgs.lib/1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6' (2024-06-30) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/74b529ef56db2bc5ac41b40dca2e57e222964e3a' (2024-06-23) → 'github:NixOS/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e' (2024-07-01) • Removed input 'nixpkgs-23-05' • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/8cce9d0ae31e51a5505650daa046fb22960766ed' (2024-06-25) → 'github:NixOS/nixpkgs/79456ded62c3a1f6c25520799d5d822f8a6b0dc7' (2024-07-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/191a3fd9786d09c8d82e89ed68c4463e7be09b3e' (2024-06-25) → 'github:NixOS/nixpkgs/7f993cdf26ccef564eabf31fdb40d140821e12bc' (2024-07-01) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/e47f3719f1db3e0961a4358d4cb234a0acaa7baf' (2024-01-25) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/29916981e7b3b5782dc5085ad18490113f8ff63b' (2024-06-11) • Updated input 'simple-nixos-mailserver/flake-compat': 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17) → 'github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33' (2023-10-04) • Updated input 'simple-nixos-mailserver/nixpkgs': 'github:NixOS/nixpkgs/612f97239e2cc474c13c9dafa0df378058c5ad8d' (2024-01-21) → 'github:NixOS/nixpkgs/e8057b67ebf307f01bdcc8fba94d94f75039d1f6' (2024-06-05) • Removed input 'simple-nixos-mailserver/nixpkgs-23_05' • Removed input 'simple-nixos-mailserver/nixpkgs-23_11' • Added input 'simple-nixos-mailserver/nixpkgs-24_05': 'github:NixOS/nixpkgs/805a384895c696f802a9bf5bf4720f37385df547' (2024-05-31) • Updated input 'simple-nixos-mailserver/utils': 'github:numtide/flake-utils/5021eac20303a61fafe17224c087f5519baed54d' (2020-11-14) → 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28) • Added input 'simple-nixos-mailserver/utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) --- flake.lock | 123 +++++++++++++++++++++++------------------------------ 1 file changed, 54 insertions(+), 69 deletions(-) diff --git a/flake.lock b/flake.lock index 1995d10..df78fc6 100644 --- a/flake.lock +++ b/flake.lock @@ -19,11 +19,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -34,11 +34,11 @@ }, "nixlib": { "locked": { - "lastModified": 1712450863, - "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=", + "lastModified": 1719708727, + "narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f", + "rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6", "type": "github" }, "original": { @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1718025593, - "narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=", + "lastModified": 1719841141, + "narHash": "sha256-WOyohxFJJdfDvEB7N3eTcX44lNU2rZes1inHsyHL7mM=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3", + "rev": "140dcc2b9a0eb87ba5e9011076a1a7af19179ab1", "type": "github" }, "original": { @@ -70,73 +70,42 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719160247, - "narHash": "sha256-mWvCCJFG7RFMFXyQHdxDX56RKYdzXmQ25sy69uRQ8BI=", + "lastModified": 1719825363, + "narHash": "sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "74b529ef56db2bc5ac41b40dca2e57e222964e3a", + "rev": "10c832d0548e9e3a6df7eb51e68c2783212a303e", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11-small", + "ref": "nixos-24.05-small", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-23-05": { + "nixpkgs-24_05": { "locked": { - "lastModified": 1705033721, - "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1704290814, - "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "nixpkgs-23_11": { - "locked": { - "lastModified": 1706098335, - "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a77ab169a83a4175169d78684ddd2e54486ac651", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "type": "indirect" } }, "nixpkgs-master": { "locked": { - "lastModified": 1719348949, - "narHash": "sha256-uohZYX9g9MuEZlzME38gJyMpNK/bIixzuLkQn3CG5yg=", + "lastModified": 1719841698, + "narHash": "sha256-oxCNic7Lw+NKzqYO5r2knhU89PcQb22jUqu/N30Yam4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8cce9d0ae31e51a5505650daa046fb22960766ed", + "rev": "79456ded62c3a1f6c25520799d5d822f8a6b0dc7", "type": "github" }, "original": { @@ -164,11 +133,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1719327525, - "narHash": "sha256-fPWiFM4aYbK9zGTt3KJ9CwX//iyElRiNHWNj2hk3i0E=", + "lastModified": 1719824438, + "narHash": "sha256-pY0wosAgcr9W4vmGML0T3BVhQiGuKoozCbs2t+Je1zc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "191a3fd9786d09c8d82e89ed68c4463e7be09b3e", + "rev": "7f993cdf26ccef564eabf31fdb40d140821e12bc", "type": "github" }, "original": { @@ -180,11 +149,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1705856552, - "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -197,7 +166,6 @@ "inputs": { "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", - "nixpkgs-23-05": "nixpkgs-23-05", "nixpkgs-master": "nixpkgs-master", "nixpkgs-master-keycloak-23_0_7": "nixpkgs-master-keycloak-23_0_7", "nixpkgs-unstable": "nixpkgs-unstable", @@ -209,32 +177,49 @@ "blobs": "blobs", "flake-compat": "flake-compat", "nixpkgs": "nixpkgs_2", - "nixpkgs-23_05": "nixpkgs-23_05", - "nixpkgs-23_11": "nixpkgs-23_11", + "nixpkgs-24_05": "nixpkgs-24_05", "utils": "utils" }, "locked": { - "lastModified": 1706219574, - "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=", + "lastModified": 1718084203, + "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf", + "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixos-mailserver", "type": "gitlab" } }, - "utils": { + "systems": { "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { From cf76804cec45582ceb1d07c5cb739e765e1ae277 Mon Sep 17 00:00:00 2001 From: yuri Date: Thu, 4 Jul 2024 17:21:02 +0200 Subject: [PATCH 24/30] Update/fix keycloak, matrix, nextcloud, wireguard-nat-nftables --- config/hosts/keycloak/keycloak.nix | 3 +-- config/hosts/matrix/matrix-synapse.nix | 15 ++++++++------- config/hosts/nextcloud/nextcloud.nix | 6 +++--- flake.lock | 17 ----------------- flake.nix | 7 +++---- pkgs/wireguard-nat-nftables/default.nix | 12 +++--------- 6 files changed, 18 insertions(+), 42 deletions(-) diff --git a/config/hosts/keycloak/keycloak.nix b/config/hosts/keycloak/keycloak.nix index 0937e24..79e9a96 100644 --- a/config/hosts/keycloak/keycloak.nix +++ b/config/hosts/keycloak/keycloak.nix @@ -1,8 +1,7 @@ -{ nixpkgs-master-keycloak-23_0_7, ... }: +{ ... }: { services.keycloak = { enable = true; - package = nixpkgs-master-keycloak-23_0_7.legacyPackages."x86_64-linux".keycloak; settings = { hostname = "id.nekover.se"; hostname-admin = "keycloak-admin.nekover.se"; diff --git a/config/hosts/matrix/matrix-synapse.nix b/config/hosts/matrix/matrix-synapse.nix index 6527503..e719484 100644 --- a/config/hosts/matrix/matrix-synapse.nix +++ b/config/hosts/matrix/matrix-synapse.nix @@ -47,13 +47,6 @@ turn_user_lifetime = 86400000; turn_allow_guests = true; }; - sliding-sync = { - enable = true; - settings = { - SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl; - }; - environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret"; - }; extras = [ "oidc" ]; extraConfigFiles = [ "/secrets/matrix-registration-shared-secret.secret" @@ -62,4 +55,12 @@ "/secrets/matrix-keycloak-client-secret.secret" ]; }; + + services.matrix-sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl; + }; + environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret"; + }; } diff --git a/config/hosts/nextcloud/nextcloud.nix b/config/hosts/nextcloud/nextcloud.nix index 839d15d..0b1f3a2 100644 --- a/config/hosts/nextcloud/nextcloud.nix +++ b/config/hosts/nextcloud/nextcloud.nix @@ -2,13 +2,12 @@ { services.nextcloud = { enable = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud29; hostName = "cloud.nekover.se"; https = true; config = { dbtype = "pgsql"; adminpassFile = "/secrets/nextcloud-adminpass.secret"; - defaultPhoneRegion = "DE"; }; database.createLocally = true; configureRedis = true; @@ -17,7 +16,7 @@ inherit bookmarks contacts calendar tasks twofactor_webauthn user_oidc; }; maxUploadSize = "16G"; - extraOptions = { + settings = { mail_smtpmode = "smtp"; mail_sendmailmode = "smtp"; mail_smtpsecure = "ssl"; @@ -28,6 +27,7 @@ mail_smtphost = "mail-1.grzb.de"; mail_smtpport = 465; mail_smtpname = "cloud@nekover.se"; + default_phone_region = "DE"; }; # Only contains mail_smtppassword secretFile = "/secrets/nextcloud-secretfile.secret"; diff --git a/flake.lock b/flake.lock index df78fc6..aa5196f 100644 --- a/flake.lock +++ b/flake.lock @@ -115,22 +115,6 @@ "type": "github" } }, - "nixpkgs-master-keycloak-23_0_7": { - "locked": { - "lastModified": 1708610845, - "narHash": "sha256-2ta+qGOkQJOeDx00bzxmjP0XO38xkJjZDDA+hq/04SM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "edc6a7a312c4f914f9bded421efa6f0b1b715693", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "edc6a7a312c4f914f9bded421efa6f0b1b715693", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1719824438, @@ -167,7 +151,6 @@ "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", - "nixpkgs-master-keycloak-23_0_7": "nixpkgs-master-keycloak-23_0_7", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } diff --git a/flake.nix b/flake.nix index 1520a61..5cf2232 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,6 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-master.url = "github:NixOS/nixpkgs/master"; - nixpkgs-master-keycloak-23_0_7.url = "github:NixOS/nixpkgs/edc6a7a312c4f914f9bded421efa6f0b1b715693"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; @@ -11,7 +10,7 @@ simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixpkgs-master-keycloak-23_0_7, nixos-generators, simple-nixos-mailserver, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, ... }@inputs: let hosts = import ./hosts.nix inputs; helper = import ./helper.nix inputs; @@ -29,7 +28,7 @@ nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts; specialArgs = { - inherit nixpkgs-unstable nixpkgs-master nixpkgs-master-keycloak-23_0_7 hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; # Provide environment for secret key command keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ]; @@ -39,7 +38,7 @@ hydraJobs = { nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host { - inherit nixpkgs-unstable nixpkgs-master nixpkgs-master-keycloak-23_0_7 hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; }) hosts; }; diff --git a/pkgs/wireguard-nat-nftables/default.nix b/pkgs/wireguard-nat-nftables/default.nix index e687cee..3ce972e 100644 --- a/pkgs/wireguard-nat-nftables/default.nix +++ b/pkgs/wireguard-nat-nftables/default.nix @@ -1,17 +1,11 @@ { pkgs, ... }: -let - nftablesWithPythonOverlay = final: prev: { - nftables = (prev.nftables.override { withPython = true; }); - }; - pkgs-overlay = pkgs.extend nftablesWithPythonOverlay; -in -pkgs-overlay.python310Packages.buildPythonApplication { +pkgs.python3Packages.buildPythonApplication { pname = "wireguard-nat-nftables"; version = "0.0.1"; - propagatedBuildInputs = with pkgs-overlay; [ + propagatedBuildInputs = with pkgs; [ wireguard-tools - python310Packages.nftables + python3Packages.nftables ]; src = ./src; From 4881428974e7c2cb8af4da2201dcf63567a6e996 Mon Sep 17 00:00:00 2001 From: yuri Date: Thu, 4 Jul 2024 17:31:08 +0200 Subject: [PATCH 25/30] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/140dcc2b9a0eb87ba5e9011076a1a7af19179ab1' (2024-07-01) → 'github:nix-community/nixos-generators/168b220231a70e47cc1f0919048fa5914415fb18' (2024-07-04) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e' (2024-07-01) → 'github:NixOS/nixpkgs/8668e0cd7cdcd7c048aa0aedb8051feb44e04130' (2024-07-04) • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/79456ded62c3a1f6c25520799d5d822f8a6b0dc7' (2024-07-01) → 'github:NixOS/nixpkgs/0c811d5f56f318bdbc3241ead65ca3b88d6c4a70' (2024-07-04) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/7f993cdf26ccef564eabf31fdb40d140821e12bc' (2024-07-01) → 'github:NixOS/nixpkgs/1af787b0e7fda63e5313fb1a6815019e0c4d6f9b' (2024-07-04) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index aa5196f..66c0caf 100644 --- a/flake.lock +++ b/flake.lock @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1719841141, - "narHash": "sha256-WOyohxFJJdfDvEB7N3eTcX44lNU2rZes1inHsyHL7mM=", + "lastModified": 1720055043, + "narHash": "sha256-SKizewU4UeYrkZWPUjur8EoxscGoNb0pGcrNL4YzAIg=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "140dcc2b9a0eb87ba5e9011076a1a7af19179ab1", + "rev": "168b220231a70e47cc1f0919048fa5914415fb18", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719825363, - "narHash": "sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw=", + "lastModified": 1720054931, + "narHash": "sha256-scsZLzV/mGMbKdH1vrLmNuXtrQK8xo4vzAs05ZeGO40=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10c832d0548e9e3a6df7eb51e68c2783212a303e", + "rev": "8668e0cd7cdcd7c048aa0aedb8051feb44e04130", "type": "github" }, "original": { @@ -101,11 +101,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1719841698, - "narHash": "sha256-oxCNic7Lw+NKzqYO5r2knhU89PcQb22jUqu/N30Yam4=", + "lastModified": 1720105773, + "narHash": "sha256-YO8hXGHrwKe8xV272ztIjpg/nu6tYtMHCjQtmROC9ew=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "79456ded62c3a1f6c25520799d5d822f8a6b0dc7", + "rev": "0c811d5f56f318bdbc3241ead65ca3b88d6c4a70", "type": "github" }, "original": { @@ -117,11 +117,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1719824438, - "narHash": "sha256-pY0wosAgcr9W4vmGML0T3BVhQiGuKoozCbs2t+Je1zc=", + "lastModified": 1720067112, + "narHash": "sha256-RqDbuJnwe29ffD8KE810dLxzCyaX5cvXks8TaJZK4H4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7f993cdf26ccef564eabf31fdb40d140821e12bc", + "rev": "1af787b0e7fda63e5313fb1a6815019e0c4d6f9b", "type": "github" }, "original": { From d9e176169efe4904903b1a4a943d41d84848951a Mon Sep 17 00:00:00 2001 From: yuri Date: Thu, 4 Jul 2024 17:35:45 +0200 Subject: [PATCH 26/30] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Added input 'nixpkgs-mastodon-4-2-10': 'github:NixOS/nixpkgs/e8f680e000d5c5b4a0ff998e6423951bcf06ba35' (2024-07-04) --- flake.lock | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/flake.lock b/flake.lock index 66c0caf..773cd38 100644 --- a/flake.lock +++ b/flake.lock @@ -115,6 +115,22 @@ "type": "github" } }, + "nixpkgs-mastodon-4-2-10": { + "locked": { + "lastModified": 1720106533, + "narHash": "sha256-m1f/yXrCX3czYSVvBz5jdJ41dcCVsKlSIrnH0i83L6U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e8f680e000d5c5b4a0ff998e6423951bcf06ba35", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e8f680e000d5c5b4a0ff998e6423951bcf06ba35", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1720067112, @@ -151,6 +167,7 @@ "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", + "nixpkgs-mastodon-4-2-10": "nixpkgs-mastodon-4-2-10", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } From cf4279e7fbc810a2c1bc7a5719e1eb4f60d6d4e5 Mon Sep 17 00:00:00 2001 From: yuri Date: Thu, 4 Jul 2024 17:52:01 +0200 Subject: [PATCH 27/30] Update mastodo to 4.2.10 --- config/hosts/mastodon/mastodon.nix | 8 ++++---- flake.nix | 7 ++++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/config/hosts/mastodon/mastodon.nix b/config/hosts/mastodon/mastodon.nix index cb13ab5..a1d82d2 100644 --- a/config/hosts/mastodon/mastodon.nix +++ b/config/hosts/mastodon/mastodon.nix @@ -1,4 +1,4 @@ -{ pkgs, nixpkgs-unstable, ... }: +{ pkgs, nixpkgs-mastodon-4-2-10, ... }: let mastodonNekoversePatches = pkgs.fetchgit { url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git"; @@ -6,12 +6,12 @@ let }; mastodonNekoverseOverlay = final: prev: { mastodon = (prev.mastodon.override rec { - version = "4.2.9"; + version = "4.2.10"; srcOverride = final.applyPatches { src = final.fetchgit { url = "https://github.com/mastodon/mastodon.git"; rev = "v${version}"; - sha256 = "sha256-VjR4lXlb1p8mmpOGxPqbmCCEaB7SP90ccPSMfGFx6IQ="; + sha256 = "sha256-z3veI0CpZk6mBgygqXk8SN/5WWjy5VkKLxC7nOLnyZE="; }; patches = [ "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch" @@ -25,7 +25,7 @@ let yarnHash = "sha256-qoLesubmSvRsXhKwMEWHHXcpcqRszqcdZgHQqnTpNPE="; }); }; - pkgs-overlay = nixpkgs-unstable.legacyPackages."x86_64-linux".extend mastodonNekoverseOverlay; + pkgs-overlay = nixpkgs-mastodon-4-2-10.legacyPackages."x86_64-linux".extend mastodonNekoverseOverlay; vapidPublicKey = pkgs.writeText "vapid-public-key" "BDCbFEDCZ8eFuWr3uEq4Qc30UFZUQeNpF8OCw6OjPwAtaKS1yTM3Ue749Xjqy5WhBDjakzlixh4Gk7gluUhIdsU="; in { diff --git a/flake.nix b/flake.nix index 5cf2232..876a711 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-master.url = "github:NixOS/nixpkgs/master"; + nixpkgs-mastodon-4-2-10.url = "github:NixOS/nixpkgs/e8f680e000d5c5b4a0ff998e6423951bcf06ba35"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; @@ -10,7 +11,7 @@ simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixpkgs-mastodon-4-2-10, nixos-generators, simple-nixos-mailserver, ... }@inputs: let hosts = import ./hosts.nix inputs; helper = import ./helper.nix inputs; @@ -28,7 +29,7 @@ nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts; specialArgs = { - inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master nixpkgs-mastodon-4-2-10 hosts simple-nixos-mailserver; # Provide environment for secret key command keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ]; @@ -38,7 +39,7 @@ hydraJobs = { nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host { - inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master nixpkgs-mastodon-4-2-10 hosts simple-nixos-mailserver; }) hosts; }; From 99c8208acbb4137a40a1e47a9410302a82fbae5e Mon Sep 17 00:00:00 2001 From: yuri Date: Sat, 3 Aug 2024 23:12:05 +0200 Subject: [PATCH 28/30] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/168b220231a70e47cc1f0919048fa5914415fb18' (2024-07-04) → 'github:nix-community/nixos-generators/75cbb2a5e19c18840d105a72d036c6c92fc46c5d' (2024-07-29) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6' (2024-06-30) → 'github:nix-community/nixpkgs.lib/d15f6f6021693898fcd2c6a9bb13707383da9bbc' (2024-07-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/8668e0cd7cdcd7c048aa0aedb8051feb44e04130' (2024-07-04) → 'github:NixOS/nixpkgs/15ed5d4537fd46399513bb040bf98415c825281b' (2024-08-02) • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/0c811d5f56f318bdbc3241ead65ca3b88d6c4a70' (2024-07-04) → 'github:NixOS/nixpkgs/7f9ed2e65a92f1496daa9ab73539a9d02c2454b3' (2024-08-03) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/1af787b0e7fda63e5313fb1a6815019e0c4d6f9b' (2024-07-04) → 'github:NixOS/nixpkgs/6602aa2586f35fc8c6c46246a1dcac6940ca3f0f' (2024-08-03) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 773cd38..491040e 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ }, "nixlib": { "locked": { - "lastModified": 1719708727, - "narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=", + "lastModified": 1722128034, + "narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6", + "rev": "d15f6f6021693898fcd2c6a9bb13707383da9bbc", "type": "github" }, "original": { @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1720055043, - "narHash": "sha256-SKizewU4UeYrkZWPUjur8EoxscGoNb0pGcrNL4YzAIg=", + "lastModified": 1722214420, + "narHash": "sha256-qfHC1p5hcErGcE672/KhBkyWYloekQpqIxtcbcUVYkA=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "168b220231a70e47cc1f0919048fa5914415fb18", + "rev": "75cbb2a5e19c18840d105a72d036c6c92fc46c5d", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720054931, - "narHash": "sha256-scsZLzV/mGMbKdH1vrLmNuXtrQK8xo4vzAs05ZeGO40=", + "lastModified": 1722621932, + "narHash": "sha256-Uz5xeHsH7+qZVncZwfzGd+CTjxd0mwaP7Q/pbs7OB5c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8668e0cd7cdcd7c048aa0aedb8051feb44e04130", + "rev": "15ed5d4537fd46399513bb040bf98415c825281b", "type": "github" }, "original": { @@ -101,11 +101,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1720105773, - "narHash": "sha256-YO8hXGHrwKe8xV272ztIjpg/nu6tYtMHCjQtmROC9ew=", + "lastModified": 1722719323, + "narHash": "sha256-1O9VQB7WD1NKBz9maYGJAU0EqoajEYQSiSlrjdKWz8s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0c811d5f56f318bdbc3241ead65ca3b88d6c4a70", + "rev": "7f9ed2e65a92f1496daa9ab73539a9d02c2454b3", "type": "github" }, "original": { @@ -133,11 +133,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1720067112, - "narHash": "sha256-RqDbuJnwe29ffD8KE810dLxzCyaX5cvXks8TaJZK4H4=", + "lastModified": 1722685361, + "narHash": "sha256-6Zn2SVJYffCtenHEHsb2PmzQsX5+cRsforNJZmlK630=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1af787b0e7fda63e5313fb1a6815019e0c4d6f9b", + "rev": "6602aa2586f35fc8c6c46246a1dcac6940ca3f0f", "type": "github" }, "original": { From 850b7bdc02e815b3c0f4977f24e5d5aec1ca0829 Mon Sep 17 00:00:00 2001 From: yuri Date: Mon, 12 Aug 2024 20:14:13 +0200 Subject: [PATCH 29/30] Update valkyrie IP --- config/hosts/mastodon/mastodon.nix | 4 ++-- config/hosts/valkyrie/services.nix | 2 +- flake.lock | 17 ----------------- flake.nix | 7 +++---- 4 files changed, 6 insertions(+), 24 deletions(-) diff --git a/config/hosts/mastodon/mastodon.nix b/config/hosts/mastodon/mastodon.nix index a1d82d2..9abd69d 100644 --- a/config/hosts/mastodon/mastodon.nix +++ b/config/hosts/mastodon/mastodon.nix @@ -1,4 +1,4 @@ -{ pkgs, nixpkgs-mastodon-4-2-10, ... }: +{ pkgs, nixpkgs-unstable, ... }: let mastodonNekoversePatches = pkgs.fetchgit { url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git"; @@ -25,7 +25,7 @@ let yarnHash = "sha256-qoLesubmSvRsXhKwMEWHHXcpcqRszqcdZgHQqnTpNPE="; }); }; - pkgs-overlay = nixpkgs-mastodon-4-2-10.legacyPackages."x86_64-linux".extend mastodonNekoverseOverlay; + pkgs-overlay = nixpkgs-unstable.legacyPackages."x86_64-linux".extend mastodonNekoverseOverlay; vapidPublicKey = pkgs.writeText "vapid-public-key" "BDCbFEDCZ8eFuWr3uEq4Qc30UFZUQeNpF8OCw6OjPwAtaKS1yTM3Ue749Xjqy5WhBDjakzlixh4Gk7gluUhIdsU="; in { diff --git a/config/hosts/valkyrie/services.nix b/config/hosts/valkyrie/services.nix index 5af708c..dc0fa6d 100644 --- a/config/hosts/valkyrie/services.nix +++ b/config/hosts/valkyrie/services.nix @@ -3,7 +3,7 @@ let wireguard-nat-nftables = import ../../../pkgs/wireguard-nat-nftables pkgs; config = pkgs.writeText "wireguard-nat-nftables-config" (builtins.toJSON { interface = "ens3"; - interface_address = "172.16.4.180"; + interface_address = "172.16.4.239"; wg_interface = "wg0"; pubkey_port_mapping = { # okayu diff --git a/flake.lock b/flake.lock index 491040e..a6fd892 100644 --- a/flake.lock +++ b/flake.lock @@ -115,22 +115,6 @@ "type": "github" } }, - "nixpkgs-mastodon-4-2-10": { - "locked": { - "lastModified": 1720106533, - "narHash": "sha256-m1f/yXrCX3czYSVvBz5jdJ41dcCVsKlSIrnH0i83L6U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e8f680e000d5c5b4a0ff998e6423951bcf06ba35", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e8f680e000d5c5b4a0ff998e6423951bcf06ba35", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1722685361, @@ -167,7 +151,6 @@ "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs", "nixpkgs-master": "nixpkgs-master", - "nixpkgs-mastodon-4-2-10": "nixpkgs-mastodon-4-2-10", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver" } diff --git a/flake.nix b/flake.nix index 876a711..5cf2232 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,6 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-master.url = "github:NixOS/nixpkgs/master"; - nixpkgs-mastodon-4-2-10.url = "github:NixOS/nixpkgs/e8f680e000d5c5b4a0ff998e6423951bcf06ba35"; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; @@ -11,7 +10,7 @@ simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixpkgs-mastodon-4-2-10, nixos-generators, simple-nixos-mailserver, ... }@inputs: + outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, ... }@inputs: let hosts = import ./hosts.nix inputs; helper = import ./helper.nix inputs; @@ -29,7 +28,7 @@ nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts; specialArgs = { - inherit nixpkgs-unstable nixpkgs-master nixpkgs-mastodon-4-2-10 hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; # Provide environment for secret key command keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ]; @@ -39,7 +38,7 @@ hydraJobs = { nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host { - inherit nixpkgs-unstable nixpkgs-master nixpkgs-mastodon-4-2-10 hosts simple-nixos-mailserver; + inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; }) hosts; }; From b591ac70ae5fb80b2fb8edc65c19eec4a554bdf6 Mon Sep 17 00:00:00 2001 From: yuri Date: Mon, 12 Aug 2024 20:14:28 +0200 Subject: [PATCH 30/30] Bump element-web to 1.1.72 --- config/hosts/web-public-2/virtualHosts/element.nekover.se.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix index 3316006..8fe843c 100644 --- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix @@ -1,9 +1,9 @@ { pkgs, ... }: let - elementWebVersion = "1.11.67"; + elementWebVersion = "1.11.72"; element-web = pkgs.fetchzip { url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz"; - sha256 = "sha256-Mleha39aEwa+qbJCVW1RmGDHb/noX9+Zo2IvjaLxhtE="; + sha256 = "sha256-3pa4OVHBWZvHLsnE2JK5+sVpOXBKO5yJSQJNJokdF98="; }; elementWebSecurityHeaders = '' # Configuration best practices