Bump element-web to 1.1.72

Flake lock file updates:

• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/168b220231a70e47cc1f0919048fa5914415fb18' (2024-07-04)
  → 'github:nix-community/nixos-generators/75cbb2a5e19c18840d105a72d036c6c92fc46c5d' (2024-07-29)
• Updated input 'nixos-generators/nixlib':
    'github:nix-community/nixpkgs.lib/1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6' (2024-06-30)
  → 'github:nix-community/nixpkgs.lib/d15f6f6021693898fcd2c6a9bb13707383da9bbc' (2024-07-28)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/8668e0cd7cdcd7c048aa0aedb8051feb44e04130' (2024-07-04)
  → 'github:NixOS/nixpkgs/15ed5d4537fd46399513bb040bf98415c825281b' (2024-08-02)
• Updated input 'nixpkgs-master':
    'github:NixOS/nixpkgs/0c811d5f56f318bdbc3241ead65ca3b88d6c4a70' (2024-07-04)
  → 'github:NixOS/nixpkgs/7f9ed2e65a92f1496daa9ab73539a9d02c2454b3' (2024-08-03)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/1af787b0e7fda63e5313fb1a6815019e0c4d6f9b' (2024-07-04)
  → 'github:NixOS/nixpkgs/6602aa2586f35fc8c6c46246a1dcac6940ca3f0f' (2024-08-03)

config/hosts/forgejo/configuration.nix

@@ -0,0 +1,16 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {
+    hostName = "forgejo";
+    firewall = {
+      allowedTCPPorts = [ 80 8443 ];
+    };
+  };
+
+  system.stateVersion = "23.11";
+}

config/hosts/forgejo/default.nix

@@ -2,6 +2,8 @@
 {
   imports = [
     ./configuration.nix
-    ./unifi.nix
+    ./forgejo.nix
+    ./redis.nix
+    ./nginx.nix
   ];
 }

config/hosts/forgejo/forgejo.nix

@@ -0,0 +1,60 @@
+{ ... }:
+{
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    mailerPasswordFile = "/secrets/forgejo-mailer-password.secret";
+
+    settings = {
+      DEFAULT = {
+        APP_NAME = "Nekoverse Git";
+      };
+      server = {
+        DOMAIN = "git.nekover.se";
+        PROTOCOL = "http";
+        HTTP_ADDR = "127.0.0.1";
+        HTTP_PORT = 3000;
+        ROOT_URL = "https://git.nekover.se/";
+        # LOCAL_ROOT_URL is apparently what Forgejo uses to access itself.
+        # Doesn't need to be set.
+      };
+      admin = {
+        DISABLE_REGULAR_ORG_CREATION = false;
+      };
+      session = {
+        COOKIE_SECURE = true;
+      };
+      "ui.meta" = {
+        AUTHOR = "Nekoverse Git";
+        DESCRIPTION = "Git instance of the Nekoverse.";
+        KEYWORDS = "git,forge,forgejo,nekoverse";
+      };
+      service = {
+        ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+        DEFAULT_USER_VISIBILITY = "limited";
+        DEFAULT_KEEP_EMAIL_PRIVATE = true;
+        ENABLE_BASIC_AUTHENTICATION = false;
+      };
+      repo = {
+        DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
+      };
+      actions = {
+        ENABLED = true;
+        ARTIFACT_RETENTION_DAYS = 30;
+      };
+      mailer = {
+        ENABLED = true;
+        FROM = "nyareply@nekover.se";
+        PROTOCOL = "smtps";
+        SMTP_ADDR = "mail-1.grzb.de";
+        SMTP_PORT = 465;
+        USER = "forgejo@nekover.se";
+      };
+      cache = {
+        ENABLED = true;
+        ADAPTER = "redis";
+        HOST = "redis+socket:///run/redis-forgejo/redis.sock";
+      };
+    };
+  };
+}

config/hosts/forgejo/nginx.nix

@@ -0,0 +1,37 @@
+{ config, ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."git.nekover.se" = {
+      forceSSL = true;
+      enableACME = true;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 80;
+        }
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          extraParameters = [ "proxy_protocol" ];
+        }
+      ];
+
+      locations."/" = {
+        proxyPass = "${config.services.forgejo.settings.server.PROTOCOL}://${config.services.forgejo.settings.server.HTTP_ADDR}:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";
+      };
+
+      # Disallow crawling archives to save disk space.
+      # See: https://forgejo.org/docs/latest/admin/search-engines-indexation/
+      locations."/robots.txt" = {
+        return = "200 \"User-agent: *\\nDisallow: /*/*/archive/\\n\"";
+      };
+
+      extraConfig = ''
+        set_real_ip_from 10.202.41.100;
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+}

config/hosts/forgejo/redis.nix

@@ -0,0 +1,12 @@
+{ ... }:
+{
+  services.redis.servers.forgejo = {
+    enable = true;
+    user = "forgejo";
+  };
+
+  systemd.services.forgejo = {
+    after = [ "redis-forgejo.service" ];
+    requires = [ "redis-forgejo.service" ];
+  };
+}

config/hosts/forgejo/secrets.nix

@@ -0,0 +1,13 @@
+{ keyCommandEnv, ... }:
+{
+  deployment.keys = {
+    "forgejo-mailer-password.secret" = {
+      keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ];
+      destDir = "/secrets";
+      user = "forgejo";
+      group = "forgejo";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
+  };
+}

config/hosts/mail-1/secrets.nix

@@ -89,5 +89,13 @@
       permissions = "0640";
       uploadAt = "pre-activation";
     };
+    "mail-forgejo-nekover-se.secret" = {
+      keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ];
+      destDir = "/secrets";
+      user = "root";
+      group = "root";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
   };
 }

config/hosts/mail-1/simple-nixos-mailserver.nix

@@ -56,6 +56,11 @@
             sendOnly = true;
             aliases = [ "nyareply@nekover.se" ];
           };
+          "forgejo@nekover.se" = {
+            hashedPasswordFile = "/secrets/mail-forgejo-nekover-se.secret";
+            sendOnly = true;
+            aliases = [ "nyareply@nekover.se" ];
+          };
         };
         certificateScheme = "acme-nginx";
       };

config/hosts/mastodon/mastodon.nix

@@ -2,25 +2,24 @@
 let
   mastodonNekoversePatches = pkgs.fetchgit {
     url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";
-    hash = "sha256-2ZTwgcApKrXnO6isJFZk2oLaFB8hm1OAlPxftxXL25g=";
+    hash = "sha256-Fcbuj5BGkQd3X/gViqqB+NRIvjUlUED32tNEJrzYh5o=";
   };
   mastodonNekoverseOverlay = final: prev: {
     mastodon = (prev.mastodon.override rec {
-      version = "4.2.3";
+      version = "4.2.10";
       srcOverride = final.applyPatches {
         src = final.fetchgit {
           url = "https://github.com/mastodon/mastodon.git";
           rev = "v${version}";
-          sha256 = "sha256-e8O4kxsrHf+wEtl4S57xIL1VEvhUSjyCbmz4r9p8Zhw=";
+          sha256 = "sha256-z3veI0CpZk6mBgygqXk8SN/5WWjy5VkKLxC7nOLnyZE=";
         };
         patches = [
           "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch"
           "${mastodonNekoversePatches}/patches/002_disable_image_reprocessing.patch"
           "${mastodonNekoversePatches}/patches/003_make_toot_cute.patch"
           "${mastodonNekoversePatches}/patches/005_improve_custom_emoji_support.patch"
-          "${mastodonNekoversePatches}/patches/006_increase_display_name_character_limit.patch"
+          "${mastodonNekoversePatches}/patches/006_increase_profile_limits.patch"
           "${mastodonNekoversePatches}/patches/007_increase_toot_character_limit.patch"
-          "${mastodonNekoversePatches}/patches/008_increase_profile_metadata_limit.patch"
         ];
       };
       yarnHash = "sha256-qoLesubmSvRsXhKwMEWHHXcpcqRszqcdZgHQqnTpNPE=";

config/hosts/matrix/matrix-synapse.nix

@@ -47,13 +47,6 @@
       turn_user_lifetime = 86400000;
       turn_allow_guests = true;
     };
-    sliding-sync = {
-      enable = true;
-      settings = {
-        SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
-      };
-      environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
-    };
     extras = [ "oidc" ];
     extraConfigFiles = [
       "/secrets/matrix-registration-shared-secret.secret"
@@ -62,4 +55,12 @@
       "/secrets/matrix-keycloak-client-secret.secret"
     ];
   };
+
+  services.matrix-sliding-sync = {
+      enable = true;
+      settings = {
+        SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
+      };
+      environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
+  };
 }

config/hosts/nextcloud/nextcloud.nix

@@ -2,13 +2,12 @@
 {
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud28;
+    package = pkgs.nextcloud29;
     hostName = "cloud.nekover.se";
     https = true;
     config = {
       dbtype = "pgsql";
       adminpassFile = "/secrets/nextcloud-adminpass.secret";
-      defaultPhoneRegion = "DE";
     };
     database.createLocally = true;
     configureRedis = true;
@@ -17,7 +16,7 @@
       inherit bookmarks contacts calendar tasks twofactor_webauthn user_oidc;
     };
     maxUploadSize = "16G";
-    extraOptions = {
+    settings = {
       mail_smtpmode = "smtp";
       mail_sendmailmode = "smtp";
       mail_smtpsecure = "ssl";
@@ -28,6 +27,7 @@
       mail_smtphost = "mail-1.grzb.de";
       mail_smtpport = 465;
       mail_smtpname = "cloud@nekover.se";
+      default_phone_region = "DE";
     };
     # Only contains mail_smtppassword
     secretFile = "/secrets/nextcloud-secretfile.secret";

config/hosts/torrent/jackett.nix

@@ -1,6 +1,8 @@
-{ ... }:
+{ nixpkgs-unstable, ... }:
 {
   services.jackett = {
     enable = true;
+    # use package from unstable to work around faulty test in older jackett version
+    package = nixpkgs-unstable.legacyPackages."x86_64-linux".jackett;
   };
 }

config/hosts/unifi-controller/configuration.nix

@@ -1,23 +0,0 @@
-{ ... }:
-{
-  boot.loader.grub = {
-    enable = true;
-    device = "/dev/vda";
-  };
-
-  networking = {
-    hostName = "unifi-controller";
-    firewall = {
-      allowedTCPPorts = [ 53 8080 8443 8880 8843 6789 27117 ];
-      allowedUDPPorts = [ 53 3478 5514 10001 1900 123 ];
-      allowedUDPPortRanges = [
-        {
-          from = 5656;
-          to = 5699;
-        }
-      ];
-    };
-  };
-
-  system.stateVersion = "23.11";
-}

config/hosts/unifi-controller/unifi.nix

@@ -1,12 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  services.unifi = {
-    enable = true;
-    unifiPackage = pkgs.unifi;
-  };
-
-  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
-    "unifi-controller"
-    "mongodb"
-  ];
-}

config/hosts/valkyrie/services.nix

@@ -3,7 +3,7 @@ let
   wireguard-nat-nftables = import ../../../pkgs/wireguard-nat-nftables pkgs;
   config = pkgs.writeText "wireguard-nat-nftables-config" (builtins.toJSON {
     interface = "ens3";
-    interface_address = "172.16.4.180";
+    interface_address = "172.16.4.239";
     wg_interface = "wg0";
     pubkey_port_mapping = {
       # okayu

config/hosts/web-public-2/nginx.nix

@@ -22,6 +22,7 @@
           element.nekover.se 127.0.0.1:8443;
           gameserver.grzb.de 127.0.0.1:8443;
           git.grzb.de 127.0.0.1:8443;
+          git.nekover.se 10.202.41.106:8443;
           hydra.nekover.se 10.202.41.121:8443;
           id.nekover.se 10.202.41.124:8443;
           matrix.nekover.se 10.202.41.112:8443;

config/hosts/web-public-2/virtualHosts/acme-challenge.nix

@@ -5,6 +5,7 @@ let
     "mail-1.grzb.de" = "mail-1.vs.grzb.de";
     "matrix.nekover.se" = "matrix.vs.grzb.de";
     "netbox.grzb.de" = "netbox.vs.grzb.de";
+    "git.nekover.se" = "forgejo.vs.grzb.de";
     "grafana.grzb.de" = "metrics.vs.grzb.de";
     "jackett.grzb.de" = "torrent.vs.grzb.de";
     "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de";

config/hosts/web-public-2/virtualHosts/element-web-config/config.json

@@ -27,7 +27,10 @@
     "default_country_code": "DE",
     "show_labs_settings": true,
     "features": {
-        "feature_dehydration": true
+        "feature_dehydration": true,
+        "feature_video_rooms": true,
+        "feature_element_call_video_rooms": true,
+        "feature_group_calls": true
     },
     "default_federate": true,
     "default_theme": "dark",
@@ -47,4 +50,4 @@
     "jitsi": {
         "preferredDomain": "meet.element.io"
     }
-}
+}

config/hosts/web-public-2/virtualHosts/element.nekover.se.nix

@@ -1,9 +1,9 @@
 { pkgs, ... }:
 let
-  elementWebVersion = "1.11.53";
+  elementWebVersion = "1.11.72";
   element-web = pkgs.fetchzip {
     url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
-    sha256 = "sha256-asgx8g9xswBxdQCVnwaeQ2ycqNlfQzBiKc3Uk9GEWCM=";
+    sha256 = "sha256-3pa4OVHBWZvHLsnE2JK5+sVpOXBKO5yJSQJNJokdF98=";
   };
   elementWebSecurityHeaders = ''
   	# Configuration best practices

flake.lock

@@ -19,11 +19,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1668681692,
+        "lastModified": 1696426674,
-        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -34,11 +34,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1693701915,
+        "lastModified": 1722128034,
-        "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
+        "narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
+        "rev": "d15f6f6021693898fcd2c6a9bb13707383da9bbc",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1705400161,
+        "lastModified": 1722214420,
-        "narHash": "sha256-0MFaNIwwpVWB1N9m7cfHAM2pSVtYESQ7tlHxnDTOhM4=",
+        "narHash": "sha256-qfHC1p5hcErGcE672/KhBkyWYloekQpqIxtcbcUVYkA=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "521fb4cdd8a2e1a00d1adf0fea7135d1faf04234",
+        "rev": "75cbb2a5e19c18840d105a72d036c6c92fc46c5d",
         "type": "github"
       },
       "original": {
@@ -70,88 +70,58 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1705781397,
+        "lastModified": 1722621932,
-        "narHash": "sha256-pOlDs1paCIAhr84QjFG72iv4iBsr0pIQyItxRHJhevE=",
+        "narHash": "sha256-Uz5xeHsH7+qZVncZwfzGd+CTjxd0mwaP7Q/pbs7OB5c=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c5b6c179f7b7adce1ee234df23e5cb9f1a78f87b",
+        "rev": "15ed5d4537fd46399513bb040bf98415c825281b",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.11-small",
+        "ref": "nixos-24.05-small",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs-22_11": {
+    "nixpkgs-24_05": {
       "locked": {
-        "lastModified": 1669558522,
+        "lastModified": 1717144377,
-        "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
+        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
+        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-22.11",
+        "ref": "nixos-24.05",
         "type": "indirect"
       }
     },
-    "nixpkgs-23-05": {
+    "nixpkgs-master": {
       "locked": {
-        "lastModified": 1705033721,
+        "lastModified": 1722719323,
-        "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
+        "narHash": "sha256-1O9VQB7WD1NKBz9maYGJAU0EqoajEYQSiSlrjdKWz8s=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
+        "rev": "7f9ed2e65a92f1496daa9ab73539a9d02c2454b3",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.05-small",
+        "ref": "master",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs-23_05": {
-      "locked": {
-        "lastModified": 1684782344,
-        "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-23.05",
-        "type": "indirect"
-      }
-    },
-    "nixpkgs-23_11": {
-      "locked": {
-        "lastModified": 1705774713,
-        "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-23.11",
-        "type": "indirect"
-      }
-    },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1705847418,
+        "lastModified": 1722685361,
-        "narHash": "sha256-I0EzjhMl5D/PI54DYhL/9iXmFmNb75M7PJ8/yrU5Z1A=",
+        "narHash": "sha256-6Zn2SVJYffCtenHEHsb2PmzQsX5+cRsforNJZmlK630=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7da66b359bcffc532b67035b54b49c25b0c0480c",
+        "rev": "6602aa2586f35fc8c6c46246a1dcac6940ca3f0f",
         "type": "github"
       },
       "original": {
@@ -163,11 +133,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1670751203,
+        "lastModified": 1717602782,
-        "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
+        "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
+        "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
         "type": "github"
       },
       "original": {
@@ -180,7 +150,7 @@
       "inputs": {
         "nixos-generators": "nixos-generators",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-23-05": "nixpkgs-23-05",
+        "nixpkgs-master": "nixpkgs-master",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "simple-nixos-mailserver": "simple-nixos-mailserver"
       }
@@ -190,33 +160,49 @@
         "blobs": "blobs",
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs_2",
-        "nixpkgs-22_11": "nixpkgs-22_11",
+        "nixpkgs-24_05": "nixpkgs-24_05",
-        "nixpkgs-23_05": "nixpkgs-23_05",
-        "nixpkgs-23_11": "nixpkgs-23_11",
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1703023684,
+        "lastModified": 1718084203,
-        "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=",
+        "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "4bfb8eb058f098302c97b909df2d019926e11220",
+        "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
         "type": "gitlab"
       },
       "original": {
         "owner": "simple-nixos-mailserver",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
         "repo": "nixos-mailserver",
         "type": "gitlab"
       }
     },
-    "utils": {
+    "systems": {
       "locked": {
-        "lastModified": 1605370193,
+        "lastModified": 1681028828,
-        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1709126324,
+        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "5021eac20303a61fafe17224c087f5519baed54d",
+        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,16 +1,16 @@
 {
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11-small";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
-    nixpkgs-23-05.url = "github:NixOS/nixpkgs/nixos-23.05-small";
+    nixpkgs-master.url = "github:NixOS/nixpkgs/master";
     nixos-generators = {
       url = "github:nix-community/nixos-generators";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
+    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
   };
 
-  outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-23-05, nixos-generators, simple-nixos-mailserver, ... }@inputs:
+  outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, ... }@inputs:
   let
     hosts = import ./hosts.nix inputs;
     helper = import ./helper.nix inputs;
@@ -28,7 +28,7 @@
         nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts;
 
         specialArgs = {
-          inherit nixpkgs-unstable hosts simple-nixos-mailserver;
+          inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
 
           # Provide environment for secret key command
           keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ];
@@ -38,7 +38,7 @@
 
     hydraJobs = {
       nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host {
-        inherit nixpkgs-unstable hosts simple-nixos-mailserver;
+        inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
       }) hosts;
     };
 

hosts.nix

@@ -1,4 +1,4 @@
-{ nixpkgs, nixpkgs-unstable, nixpkgs-23-05, ... }:
+{ nixpkgs, nixpkgs-unstable, ... }:
 let
   # Set of environment specific modules
   environments = {
@@ -45,6 +45,10 @@ in
       site = "vs";
       environment = "proxmox";
     };
+    forgejo = {
+      site = "vs";
+      environment = "proxmox";
+    };
     keycloak = {
       site = "vs";
       environment = "proxmox";
@@ -110,12 +114,7 @@ in
       site = "vs";
       environment = "proxmox";
     };
-    unifi-controller = {
-      site = "wg";
-      environment = "proxmox";
-    };
     valkyrie = {
-      hostNixpkgs = nixpkgs-23-05;
       site = "af";
       environment = "openstack";
     };

pkgs/wireguard-nat-nftables/default.nix

@@ -1,17 +1,11 @@
 { pkgs, ... }:
-let
+pkgs.python3Packages.buildPythonApplication {
-  nftablesWithPythonOverlay = final: prev: {
-    nftables = (prev.nftables.override { withPython = true; });
-  };
-  pkgs-overlay = pkgs.extend nftablesWithPythonOverlay;
-in
-pkgs-overlay.python310Packages.buildPythonApplication {
   pname = "wireguard-nat-nftables";
   version = "0.0.1";
 
-  propagatedBuildInputs = with pkgs-overlay; [
+  propagatedBuildInputs = with pkgs; [
     wireguard-tools
-    python310Packages.nftables
+    python3Packages.nftables
   ];
 
   src = ./src;