config/hosts/forgejo/configuration.nix

@@ -1,16 +0,0 @@
-{ ... }:
-{
-  boot.loader.grub = {
-    enable = true;
-    device = "/dev/vda";
-  };
-
-  networking = {
-    hostName = "forgejo";
-    firewall = {
-      allowedTCPPorts = [ 80 8443 ];
-    };
-  };
-
-  system.stateVersion = "23.11";
-}

config/hosts/forgejo/forgejo.nix

@@ -1,60 +0,0 @@
-{ ... }:
-{
-  services.forgejo = {
-    enable = true;
-    database.type = "postgres";
-    mailerPasswordFile = "/secrets/forgejo-mailer-password.secret";
-
-    settings = {
-      DEFAULT = {
-        APP_NAME = "Nekoverse Git";
-      };
-      server = {
-        DOMAIN = "git.nekover.se";
-        PROTOCOL = "http";
-        HTTP_ADDR = "127.0.0.1";
-        HTTP_PORT = 3000;
-        ROOT_URL = "https://git.nekover.se/";
-        # LOCAL_ROOT_URL is apparently what Forgejo uses to access itself.
-        # Doesn't need to be set.
-      };
-      admin = {
-        DISABLE_REGULAR_ORG_CREATION = false;
-      };
-      session = {
-        COOKIE_SECURE = true;
-      };
-      "ui.meta" = {
-        AUTHOR = "Nekoverse Git";
-        DESCRIPTION = "Git instance of the Nekoverse.";
-        KEYWORDS = "git,forge,forgejo,nekoverse";
-      };
-      service = {
-        ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
-        DEFAULT_USER_VISIBILITY = "limited";
-        DEFAULT_KEEP_EMAIL_PRIVATE = true;
-        ENABLE_BASIC_AUTHENTICATION = false;
-      };
-      repo = {
-        DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
-      };
-      actions = {
-        ENABLED = true;
-        ARTIFACT_RETENTION_DAYS = 30;
-      };
-      mailer = {
-        ENABLED = true;
-        FROM = "nyareply@nekover.se";
-        PROTOCOL = "smtps";
-        SMTP_ADDR = "mail-1.grzb.de";
-        SMTP_PORT = 465;
-        USER = "forgejo@nekover.se";
-      };
-      cache = {
-        ENABLED = true;
-        ADAPTER = "redis";
-        HOST = "redis+socket:///run/redis-forgejo/redis.sock";
-      };
-    };
-  };
-}

config/hosts/forgejo/nginx.nix

@@ -1,37 +0,0 @@
-{ config, ... }:
-{
-  services.nginx = {
-    enable = true;
-    virtualHosts."git.nekover.se" = {
-      forceSSL = true;
-      enableACME = true;
-      listen = [
-        {
-          addr = "0.0.0.0";
-          port = 80;
-        }
-        {
-          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          extraParameters = [ "proxy_protocol" ];
-        }
-      ];
-
-      locations."/" = {
-        proxyPass = "${config.services.forgejo.settings.server.PROTOCOL}://${config.services.forgejo.settings.server.HTTP_ADDR}:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";
-      };
-
-      # Disallow crawling archives to save disk space.
-      # See: https://forgejo.org/docs/latest/admin/search-engines-indexation/
-      locations."/robots.txt" = {
-        return = "200 \"User-agent: *\\nDisallow: /*/*/archive/\\n\"";
-      };
-
-      extraConfig = ''
-        set_real_ip_from 10.202.41.100;
-        real_ip_header proxy_protocol;
-      '';
-    };
-  };
-}

config/hosts/forgejo/redis.nix

@@ -1,12 +0,0 @@
-{ ... }:
-{
-  services.redis.servers.forgejo = {
-    enable = true;
-    user = "forgejo";
-  };
-
-  systemd.services.forgejo = {
-    after = [ "redis-forgejo.service" ];
-    requires = [ "redis-forgejo.service" ];
-  };
-}

config/hosts/forgejo/secrets.nix

@@ -1,13 +0,0 @@
-{ keyCommandEnv, ... }:
-{
-  deployment.keys = {
-    "forgejo-mailer-password.secret" = {
-      keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ];
-      destDir = "/secrets";
-      user = "forgejo";
-      group = "forgejo";
-      permissions = "0640";
-      uploadAt = "pre-activation";
-    };
-  };
-}

config/hosts/mail-1/secrets.nix

@@ -89,13 +89,5 @@
       permissions = "0640";
       uploadAt = "pre-activation";
     };
-    "mail-forgejo-nekover-se.secret" = {
-      keyCommand = keyCommandEnv ++ [ "pass" "mail/forgejo-nekover-se" ];
-      destDir = "/secrets";
-      user = "root";
-      group = "root";
-      permissions = "0640";
-      uploadAt = "pre-activation";
-    };
   };
 }

config/hosts/mail-1/simple-nixos-mailserver.nix

@@ -56,11 +56,6 @@
             sendOnly = true;
             aliases = [ "nyareply@nekover.se" ];
           };
-          "forgejo@nekover.se" = {
-            hashedPasswordFile = "/secrets/mail-forgejo-nekover-se.secret";
-            sendOnly = true;
-            aliases = [ "nyareply@nekover.se" ];
-          };
         };
         certificateScheme = "acme-nginx";
       };

config/hosts/mastodon/mastodon.nix

@@ -2,24 +2,25 @@
 let
   mastodonNekoversePatches = pkgs.fetchgit {
     url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";
-    hash = "sha256-Fcbuj5BGkQd3X/gViqqB+NRIvjUlUED32tNEJrzYh5o=";
+    hash = "sha256-2ZTwgcApKrXnO6isJFZk2oLaFB8hm1OAlPxftxXL25g=";
   };
   mastodonNekoverseOverlay = final: prev: {
     mastodon = (prev.mastodon.override rec {
-      version = "4.2.10";
+      version = "4.2.3";
       srcOverride = final.applyPatches {
         src = final.fetchgit {
           url = "https://github.com/mastodon/mastodon.git";
           rev = "v${version}";
-          sha256 = "sha256-z3veI0CpZk6mBgygqXk8SN/5WWjy5VkKLxC7nOLnyZE=";
+          sha256 = "sha256-e8O4kxsrHf+wEtl4S57xIL1VEvhUSjyCbmz4r9p8Zhw=";
         };
         patches = [
           "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch"
           "${mastodonNekoversePatches}/patches/002_disable_image_reprocessing.patch"
           "${mastodonNekoversePatches}/patches/003_make_toot_cute.patch"
           "${mastodonNekoversePatches}/patches/005_improve_custom_emoji_support.patch"
-          "${mastodonNekoversePatches}/patches/006_increase_profile_limits.patch"
+          "${mastodonNekoversePatches}/patches/006_increase_display_name_character_limit.patch"
           "${mastodonNekoversePatches}/patches/007_increase_toot_character_limit.patch"
+          "${mastodonNekoversePatches}/patches/008_increase_profile_metadata_limit.patch"
         ];
       };
       yarnHash = "sha256-qoLesubmSvRsXhKwMEWHHXcpcqRszqcdZgHQqnTpNPE=";

config/hosts/matrix/matrix-synapse.nix

@@ -47,6 +47,13 @@
       turn_user_lifetime = 86400000;
       turn_allow_guests = true;
     };
+    sliding-sync = {
+      enable = true;
+      settings = {
+        SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
+      };
+      environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
+    };
     extras = [ "oidc" ];
     extraConfigFiles = [
       "/secrets/matrix-registration-shared-secret.secret"
@@ -55,12 +62,4 @@
       "/secrets/matrix-keycloak-client-secret.secret"
     ];
   };
-
-  services.matrix-sliding-sync = {
-      enable = true;
-      settings = {
-        SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
-      };
-      environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
-  };
 }

config/hosts/nextcloud/nextcloud.nix

@@ -2,12 +2,13 @@
 {
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud29;
+    package = pkgs.nextcloud28;
     hostName = "cloud.nekover.se";
     https = true;
     config = {
       dbtype = "pgsql";
       adminpassFile = "/secrets/nextcloud-adminpass.secret";
+      defaultPhoneRegion = "DE";
     };
     database.createLocally = true;
     configureRedis = true;
@@ -16,7 +17,7 @@
       inherit bookmarks contacts calendar tasks twofactor_webauthn user_oidc;
     };
     maxUploadSize = "16G";
-    settings = {
+    extraOptions = {
       mail_smtpmode = "smtp";
       mail_sendmailmode = "smtp";
       mail_smtpsecure = "ssl";
@@ -27,7 +28,6 @@
       mail_smtphost = "mail-1.grzb.de";
       mail_smtpport = 465;
       mail_smtpname = "cloud@nekover.se";
-      default_phone_region = "DE";
     };
     # Only contains mail_smtppassword
     secretFile = "/secrets/nextcloud-secretfile.secret";

config/hosts/torrent/jackett.nix

@@ -1,8 +1,6 @@
-{ nixpkgs-unstable, ... }:
+{ ... }:
 {
   services.jackett = {
     enable = true;
-    # use package from unstable to work around faulty test in older jackett version
-    package = nixpkgs-unstable.legacyPackages."x86_64-linux".jackett;
   };
 }

config/hosts/unifi-controller/configuration.nix

@@ -0,0 +1,23 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {
+    hostName = "unifi-controller";
+    firewall = {
+      allowedTCPPorts = [ 53 8080 8443 8880 8843 6789 27117 ];
+      allowedUDPPorts = [ 53 3478 5514 10001 1900 123 ];
+      allowedUDPPortRanges = [
+        {
+          from = 5656;
+          to = 5699;
+        }
+      ];
+    };
+  };
+
+  system.stateVersion = "23.11";
+}

config/hosts/unifi-controller/default.nix

@@ -2,8 +2,6 @@
 {
   imports = [
     ./configuration.nix
-    ./forgejo.nix
+    ./unifi.nix
-    ./redis.nix
-    ./nginx.nix
   ];
 }

config/hosts/unifi-controller/unifi.nix

@@ -0,0 +1,12 @@
+{ pkgs, lib, ... }:
+{
+  services.unifi = {
+    enable = true;
+    unifiPackage = pkgs.unifi;
+  };
+
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "unifi-controller"
+    "mongodb"
+  ];
+}

config/hosts/valkyrie/services.nix

@@ -3,7 +3,7 @@ let
   wireguard-nat-nftables = import ../../../pkgs/wireguard-nat-nftables pkgs;
   config = pkgs.writeText "wireguard-nat-nftables-config" (builtins.toJSON {
     interface = "ens3";
-    interface_address = "172.16.4.239";
+    interface_address = "172.16.4.180";
     wg_interface = "wg0";
     pubkey_port_mapping = {
       # okayu

config/hosts/web-public-2/nginx.nix

@@ -22,7 +22,6 @@
           element.nekover.se 127.0.0.1:8443;
           gameserver.grzb.de 127.0.0.1:8443;
           git.grzb.de 127.0.0.1:8443;
-          git.nekover.se 10.202.41.106:8443;
           hydra.nekover.se 10.202.41.121:8443;
           id.nekover.se 10.202.41.124:8443;
           matrix.nekover.se 10.202.41.112:8443;

config/hosts/web-public-2/virtualHosts/acme-challenge.nix

@@ -5,7 +5,6 @@ let
     "mail-1.grzb.de" = "mail-1.vs.grzb.de";
     "matrix.nekover.se" = "matrix.vs.grzb.de";
     "netbox.grzb.de" = "netbox.vs.grzb.de";
-    "git.nekover.se" = "forgejo.vs.grzb.de";
     "grafana.grzb.de" = "metrics.vs.grzb.de";
     "jackett.grzb.de" = "torrent.vs.grzb.de";
     "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de";

config/hosts/web-public-2/virtualHosts/element-web-config/config.json

@@ -27,10 +27,7 @@
     "default_country_code": "DE",
     "show_labs_settings": true,
     "features": {
-        "feature_dehydration": true,
+        "feature_dehydration": true
-        "feature_video_rooms": true,
-        "feature_element_call_video_rooms": true,
-        "feature_group_calls": true
     },
     "default_federate": true,
     "default_theme": "dark",

config/hosts/web-public-2/virtualHosts/element.nekover.se.nix

@@ -1,9 +1,9 @@
 { pkgs, ... }:
 let
-  elementWebVersion = "1.11.72";
+  elementWebVersion = "1.11.53";
   element-web = pkgs.fetchzip {
     url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
-    sha256 = "sha256-3pa4OVHBWZvHLsnE2JK5+sVpOXBKO5yJSQJNJokdF98=";
+    sha256 = "sha256-asgx8g9xswBxdQCVnwaeQ2ycqNlfQzBiKc3Uk9GEWCM=";
   };
   elementWebSecurityHeaders = ''
   	# Configuration best practices

flake.lock

@@ -19,11 +19,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1696426674,
+        "lastModified": 1668681692,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
         "type": "github"
       },
       "original": {
@@ -34,11 +34,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1722128034,
+        "lastModified": 1693701915,
-        "narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=",
+        "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "d15f6f6021693898fcd2c6a9bb13707383da9bbc",
+        "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722214420,
+        "lastModified": 1705400161,
-        "narHash": "sha256-qfHC1p5hcErGcE672/KhBkyWYloekQpqIxtcbcUVYkA=",
+        "narHash": "sha256-0MFaNIwwpVWB1N9m7cfHAM2pSVtYESQ7tlHxnDTOhM4=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "75cbb2a5e19c18840d105a72d036c6c92fc46c5d",
+        "rev": "521fb4cdd8a2e1a00d1adf0fea7135d1faf04234",
         "type": "github"
       },
       "original": {
@@ -70,58 +70,88 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1722621932,
+        "lastModified": 1705781397,
-        "narHash": "sha256-Uz5xeHsH7+qZVncZwfzGd+CTjxd0mwaP7Q/pbs7OB5c=",
+        "narHash": "sha256-pOlDs1paCIAhr84QjFG72iv4iBsr0pIQyItxRHJhevE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "15ed5d4537fd46399513bb040bf98415c825281b",
+        "rev": "c5b6c179f7b7adce1ee234df23e5cb9f1a78f87b",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-24.05-small",
+        "ref": "nixos-23.11-small",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs-24_05": {
+    "nixpkgs-22_11": {
       "locked": {
-        "lastModified": 1717144377,
+        "lastModified": 1669558522,
-        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
+        "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
+        "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-24.05",
+        "ref": "nixos-22.11",
         "type": "indirect"
       }
     },
-    "nixpkgs-master": {
+    "nixpkgs-23-05": {
       "locked": {
-        "lastModified": 1722719323,
+        "lastModified": 1705033721,
-        "narHash": "sha256-1O9VQB7WD1NKBz9maYGJAU0EqoajEYQSiSlrjdKWz8s=",
+        "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7f9ed2e65a92f1496daa9ab73539a9d02c2454b3",
+        "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "master",
+        "ref": "nixos-23.05-small",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
-    "nixpkgs-unstable": {
+    "nixpkgs-23_05": {
       "locked": {
-        "lastModified": 1722685361,
+        "lastModified": 1684782344,
-        "narHash": "sha256-6Zn2SVJYffCtenHEHsb2PmzQsX5+cRsforNJZmlK630=",
+        "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6602aa2586f35fc8c6c46246a1dcac6940ca3f0f",
+        "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-23.05",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs-23_11": {
+      "locked": {
+        "lastModified": 1705774713,
+        "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-23.11",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1705847418,
+        "narHash": "sha256-I0EzjhMl5D/PI54DYhL/9iXmFmNb75M7PJ8/yrU5Z1A=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7da66b359bcffc532b67035b54b49c25b0c0480c",
         "type": "github"
       },
       "original": {
@@ -133,11 +163,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1717602782,
+        "lastModified": 1670751203,
-        "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
+        "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
+        "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
         "type": "github"
       },
       "original": {
@@ -150,7 +180,7 @@
       "inputs": {
         "nixos-generators": "nixos-generators",
         "nixpkgs": "nixpkgs",
-        "nixpkgs-master": "nixpkgs-master",
+        "nixpkgs-23-05": "nixpkgs-23-05",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "simple-nixos-mailserver": "simple-nixos-mailserver"
       }
@@ -160,49 +190,33 @@
         "blobs": "blobs",
         "flake-compat": "flake-compat",
         "nixpkgs": "nixpkgs_2",
-        "nixpkgs-24_05": "nixpkgs-24_05",
+        "nixpkgs-22_11": "nixpkgs-22_11",
+        "nixpkgs-23_05": "nixpkgs-23_05",
+        "nixpkgs-23_11": "nixpkgs-23_11",
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1718084203,
+        "lastModified": 1703023684,
-        "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
+        "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
+        "rev": "4bfb8eb058f098302c97b909df2d019926e11220",
         "type": "gitlab"
       },
       "original": {
         "owner": "simple-nixos-mailserver",
-        "ref": "nixos-24.05",
+        "ref": "nixos-23.11",
         "repo": "nixos-mailserver",
         "type": "gitlab"
       }
     },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "utils": {
-      "inputs": {
-        "systems": "systems"
-      },
       "locked": {
-        "lastModified": 1709126324,
+        "lastModified": 1605370193,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "rev": "5021eac20303a61fafe17224c087f5519baed54d",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,16 +1,16 @@
 {
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11-small";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
-    nixpkgs-master.url = "github:NixOS/nixpkgs/master";
+    nixpkgs-23-05.url = "github:NixOS/nixpkgs/nixos-23.05-small";
     nixos-generators = {
       url = "github:nix-community/nixos-generators";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
+    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
   };
 
-  outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, ... }@inputs:
+  outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-23-05, nixos-generators, simple-nixos-mailserver, ... }@inputs:
   let
     hosts = import ./hosts.nix inputs;
     helper = import ./helper.nix inputs;
@@ -28,7 +28,7 @@
         nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts;
 
         specialArgs = {
-          inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
+          inherit nixpkgs-unstable hosts simple-nixos-mailserver;
 
           # Provide environment for secret key command
           keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ];
@@ -38,7 +38,7 @@
 
     hydraJobs = {
       nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host {
-        inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
+        inherit nixpkgs-unstable hosts simple-nixos-mailserver;
       }) hosts;
     };
 

hosts.nix

@@ -1,4 +1,4 @@
-{ nixpkgs, nixpkgs-unstable, ... }:
+{ nixpkgs, nixpkgs-unstable, nixpkgs-23-05, ... }:
 let
   # Set of environment specific modules
   environments = {
@@ -45,10 +45,6 @@ in
       site = "vs";
       environment = "proxmox";
     };
-    forgejo = {
-      site = "vs";
-      environment = "proxmox";
-    };
     keycloak = {
       site = "vs";
       environment = "proxmox";
@@ -114,7 +110,12 @@ in
       site = "vs";
       environment = "proxmox";
     };
+    unifi-controller = {
+      site = "wg";
+      environment = "proxmox";
+    };
     valkyrie = {
+      hostNixpkgs = nixpkgs-23-05;
       site = "af";
       environment = "openstack";
     };

pkgs/wireguard-nat-nftables/default.nix

@@ -1,11 +1,17 @@
 { pkgs, ... }:
-pkgs.python3Packages.buildPythonApplication {
+let
+  nftablesWithPythonOverlay = final: prev: {
+    nftables = (prev.nftables.override { withPython = true; });
+  };
+  pkgs-overlay = pkgs.extend nftablesWithPythonOverlay;
+in
+pkgs-overlay.python310Packages.buildPythonApplication {
   pname = "wireguard-nat-nftables";
   version = "0.0.1";
 
-  propagatedBuildInputs = with pkgs; [
+  propagatedBuildInputs = with pkgs-overlay; [
     wireguard-tools
-    python3Packages.nftables
+    python310Packages.nftables
   ];
 
   src = ./src;