Upgrade to 23.11
Flake lock file updates: • Updated input 'bang-evaluator': 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01' (2021-08-01) → 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9' (2023-12-02) • Updated input 'home-manager': 'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12) → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19) → 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01) • Updated input 'nix-pre-commit-hooks': 'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15) → 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18) → 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16) → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01) • Updated input 'nixpkgs-overlay': 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43' (2023-10-04) → 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71' (2023-12-02) • Updated input 'nixpkgs-overlay/poetry2nix': 'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22) → 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01) • Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions': 'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09) → 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03) • Added input 'nixpkgs-overlay/poetry2nix/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) • Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix': 'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12) • Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs': follows 'nixpkgs-overlay/poetry2nix/nixpkgs' • Updated input 'nixpkgs-unstable': 'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17) → 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29) • Updated input 'sops-nix': 'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19) → 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18) → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
This commit is contained in:
parent
e5d32e1607
commit
ba843ac8c0
120
flake.lock
120
flake.lock
|
@ -10,11 +10,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1627835028,
|
"lastModified": 1701527050,
|
||||||
"narHash": "sha256-LHTdNog+0EmRn+4DIz451vvQ2EeC8KwyV3/8JpX9yiw=",
|
"narHash": "sha256-EphJZX+rhnzUUladmeXvmYHILftHLV5i1sD18pGbxHY=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "7fc3d5019c907566abbad8f84ba9555a5786bd01",
|
"rev": "a06c68c44862f74757a203e2df41ea83c33722d9",
|
||||||
"revCount": 52,
|
"revCount": 54,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.sbruder.de/simon/bangs"
|
"url": "https://git.sbruder.de/simon/bangs"
|
||||||
},
|
},
|
||||||
|
@ -85,16 +85,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1699748081,
|
"lastModified": 1700814205,
|
||||||
"narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=",
|
"narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "04bac349d585c9df38d78e0285b780a140dc74a4",
|
"rev": "aeb2232d7a32530d3448318790534d196bf9427a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"ref": "release-23.05",
|
"ref": "release-23.11",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -106,11 +106,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700386809,
|
"lastModified": 1701433070,
|
||||||
"narHash": "sha256-2IPxWo0Yplv+70EueZVLTwRAijax0tirYp5Jh0QV1A4=",
|
"narHash": "sha256-Gf9JStfENaUQ7YWFz3V7x/srIwr4nlnVteqaAxtwpgM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "9a4725afa67db35cdf7be89f30527d745194cafa",
|
"rev": "4a8545f5e737a6338814a4676dc8e18c7f43fc57",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -189,11 +189,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688870561,
|
"lastModified": 1698974481,
|
||||||
"narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=",
|
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-github-actions",
|
"repo": "nix-github-actions",
|
||||||
"rev": "165b1650b753316aa7f1787f3005a8d2da0f5301",
|
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -215,11 +215,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700064067,
|
"lastModified": 1700922917,
|
||||||
"narHash": "sha256-1ZWNDzhu8UlVCK7+DUN9dVQfiHX1bv6OQP9VxstY/gs=",
|
"narHash": "sha256-ej2fch/T584b5K9sk1UhmZF7W6wEfDHuoUYpFN8dtvM=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "pre-commit-hooks.nix",
|
"repo": "pre-commit-hooks.nix",
|
||||||
"rev": "e558068cba67b23b4fbc5537173dbb43748a17e8",
|
"rev": "e5ee5c5f3844550c01d2131096c7271cec5e9b78",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -231,11 +231,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700315735,
|
"lastModified": 1701250978,
|
||||||
"narHash": "sha256-zlSLW6dX5XwBEwN87CIVtMr8zDSKvTRFmWmIQ9FfWgo=",
|
"narHash": "sha256-ohu3cz4edjpGxs2qUTgbs0WrnewOX4crnUJNEB6Jox4=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "1721da31f9b30cbf4460c4ec5068b3b6174a4694",
|
"rev": "8772491ed75f150f02552c60694e1beff9f46013",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -247,16 +247,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700097215,
|
"lastModified": 1701389149,
|
||||||
"narHash": "sha256-ODQ3gBTv1iHd7lG21H+ErVISB5wVeOhd/dEogOqHs/I=",
|
"narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "9fb122519e9cd465d532f736a98c1e1eb541ef6f",
|
"rev": "5de0b32be6e85dc1a9404c75131316e4ffbc634c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixos-23.05",
|
"ref": "nixos-23.11",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -275,11 +275,11 @@
|
||||||
"poetry2nix": "poetry2nix"
|
"poetry2nix": "poetry2nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696421393,
|
"lastModified": 1701527732,
|
||||||
"narHash": "sha256-GarjKZ00NVXDgQZocnWvyhTWRm1LYZuZuJ4gEva+GGs=",
|
"narHash": "sha256-pylAGzBf4a9ShBFR9fAs9KSD2cpPYUeINDCheSru9Yw=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "c8a17806a75733dec2ecdd8f0021c70d1f9dfc43",
|
"rev": "37f80d1593ab856372cc0da199f49565f3b05c71",
|
||||||
"revCount": 62,
|
"revCount": 64,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.sbruder.de/simon/nixpkgs-overlay"
|
"url": "https://git.sbruder.de/simon/nixpkgs-overlay"
|
||||||
},
|
},
|
||||||
|
@ -306,11 +306,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable_2": {
|
"nixpkgs-stable_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700342017,
|
"lastModified": 1700905716,
|
||||||
"narHash": "sha256-HaibwlWH5LuqsaibW3sIVjZQtEM/jWtOHX4Nk93abGE=",
|
"narHash": "sha256-w1vHn2MbGfdC+CrP3xLZ3scsI06N0iQLU7eTHIVEFGw=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "decdf666c833a325cb4417041a90681499e06a41",
|
"rev": "dfb95385d21475da10b63da74ae96d89ab352431",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -322,11 +322,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700204040,
|
"lastModified": 1701253981,
|
||||||
"narHash": "sha256-xSVcS5HBYnD3LTer7Y2K8ZQCDCXMa3QUD1MzRjHzuhI=",
|
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad",
|
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -385,14 +385,16 @@
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs-overlay",
|
"nixpkgs-overlay",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
],
|
||||||
|
"systems": "systems_2",
|
||||||
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695386222,
|
"lastModified": 1701399357,
|
||||||
"narHash": "sha256-5lgnhCCGW0NH5+m5iTED8u6NSSM/dbH9LBPvX0x0XXg=",
|
"narHash": "sha256-QSGP2J73HQ4gF5yh+MnClv2KUKzcpTmikdmV8ULfq2E=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "poetry2nix",
|
"repo": "poetry2nix",
|
||||||
"rev": "093383b3d7fdd36846a7d84e128ca11865800538",
|
"rev": "7acb78166a659d6afe9b043bb6fe5cb5e86bb75e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -451,11 +453,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700362823,
|
"lastModified": 1701518298,
|
||||||
"narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=",
|
"narHash": "sha256-5t8yqKe0oVusV4xgfA+wW58hQJXFMmq0mmaR1gKES+Y=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "49a87c6c827ccd21c225531e30745a9a6464775c",
|
"rev": "e19071f9958c8da4f4347d3d78790d97e98ba22f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -478,6 +480,42 @@
|
||||||
"repo": "default",
|
"repo": "default",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"systems_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "systems",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"treefmt-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs-overlay",
|
||||||
|
"poetry2nix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1699786194,
|
||||||
|
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "treefmt-nix",
|
||||||
|
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "treefmt-nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
|
|
@ -4,10 +4,10 @@
|
||||||
inputs = {
|
inputs = {
|
||||||
flake-utils.url = "github:numtide/flake-utils";
|
flake-utils.url = "github:numtide/flake-utils";
|
||||||
|
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
home-manager.url = "github:nix-community/home-manager/release-23.05";
|
home-manager.url = "github:nix-community/home-manager/release-23.11";
|
||||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
home-manager-unstable.url = "github:nix-community/home-manager";
|
home-manager-unstable.url = "github:nix-community/home-manager";
|
||||||
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
network.enable = true; # remote unlocking
|
network.enable = true; # remote unlocking
|
||||||
luks.devices."root".device = "/dev/disk/by-uuid/75f9aa9f-bb40-4d83-9f81-18e4f2ce8d57";
|
luks.devices."root".device = "/dev/disk/by-uuid/75f9aa9f-bb40-4d83-9f81-18e4f2ce8d57";
|
||||||
};
|
};
|
||||||
loader.grub.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
|
loader.grub.device = "/dev/sda";
|
||||||
kernel = {
|
kernel = {
|
||||||
sysctl = {
|
sysctl = {
|
||||||
# Swap should never be used unless the system runs ouf of memory.
|
# Swap should never be used unless the system runs ouf of memory.
|
||||||
|
|
|
@ -45,7 +45,7 @@ in
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = cfg.settings.database.user;
|
name = cfg.settings.database.user;
|
||||||
ensurePermissions = { "DATABASE ${cfg.settings.database.name}" = "ALL PRIVILEGES"; };
|
ensureDBOwnership = true;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -8,9 +8,7 @@ in
|
||||||
ensureDatabases = [ "hedgedoc" ];
|
ensureDatabases = [ "hedgedoc" ];
|
||||||
ensureUsers = lib.singleton {
|
ensureUsers = lib.singleton {
|
||||||
name = "hedgedoc";
|
name = "hedgedoc";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE hedgedoc" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -35,8 +33,8 @@ in
|
||||||
systemd.services.hedgedoc = {
|
systemd.services.hedgedoc = {
|
||||||
after = [ "postgresql.service" ];
|
after = [ "postgresql.service" ];
|
||||||
preStart = toString (pkgs.writeShellScript "hedgedoc-generate-session-secret" ''
|
preStart = toString (pkgs.writeShellScript "hedgedoc-generate-session-secret" ''
|
||||||
if [ ! -f ${cfg.workDir}/session_secret_env ]; then
|
if [ ! -f /var/lib/hedgedoc/session_secret_env ]; then
|
||||||
echo "CMD_SESSION_SECRET=$(${pkgs.pwgen}/bin/pwgen -s 32 1)" > ${cfg.workDir}/session_secret_env
|
echo "CMD_SESSION_SECRET=$(${pkgs.pwgen}/bin/pwgen -s 32 1)" > /var/lib/hedgedoc/session_secret_env
|
||||||
fi
|
fi
|
||||||
'');
|
'');
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -44,7 +42,7 @@ in
|
||||||
"CMD_LOGLEVEL=warn"
|
"CMD_LOGLEVEL=warn"
|
||||||
];
|
];
|
||||||
EnvironmentFile = [
|
EnvironmentFile = [
|
||||||
"-${cfg.workDir}/session_secret_env" # - ensures that it will not fail on first start
|
"-/var/lib/hedgedoc/session_secret_env" # - ensures that it will not fail on first start
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -93,12 +93,8 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
# synapse requires custom databse configuration:
|
# synapse requires custom databse configuration:
|
||||||
# CREATE DATABASE "matrix-synapse" TEMPLATE template0 LC_COLLATE "C" LC_CTYPE "C";
|
# CREATE DATABASE "matrix-synapse" TEMPLATE template0 LC_COLLATE "C" LC_CTYPE "C";
|
||||||
ensureUsers = lib.singleton {
|
# as the databse is not created with NixOS,
|
||||||
name = "matrix-synapse";
|
# the ownership can’t be ensured here.
|
||||||
ensurePermissions = {
|
|
||||||
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
|
|
|
@ -33,7 +33,10 @@ in
|
||||||
# so the module disables configuration checks.
|
# so the module disables configuration checks.
|
||||||
"/var/lib/knot/static.conf"
|
"/var/lib/knot/static.conf"
|
||||||
];
|
];
|
||||||
extraConfig = ''
|
# TODO migrate to settings
|
||||||
|
settingsFile = pkgs.writeText "knot.conf" (''
|
||||||
|
include: /var/lib/knot/static.conf
|
||||||
|
|
||||||
server:
|
server:
|
||||||
${lib.concatStringsSep "\n" (map (address: " listen: ${address}@53") addresses.${config.networking.hostName})}
|
${lib.concatStringsSep "\n" (map (address: " listen: ${address}@53") addresses.${config.networking.hostName})}
|
||||||
automatic-acl: on
|
automatic-acl: on
|
||||||
|
@ -110,7 +113,7 @@ in
|
||||||
acl: [primary_notify]
|
acl: [primary_notify]
|
||||||
# stats
|
# stats
|
||||||
module: mod-stats/custom
|
module: mod-stats/custom
|
||||||
'');
|
''));
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.knot = {
|
users.users.knot = {
|
||||||
|
@ -151,7 +154,6 @@ in
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
User = "knot";
|
User = "knot";
|
||||||
|
|
||||||
BindReadOnlyPaths = [ "/run/knot/knot.sock" ];
|
|
||||||
CapabilityBoundingSet = ""; # clear
|
CapabilityBoundingSet = ""; # clear
|
||||||
LockPersonality = true;
|
LockPersonality = true;
|
||||||
MemoryDenyWriteExecute = true;
|
MemoryDenyWriteExecute = true;
|
||||||
|
@ -171,7 +173,8 @@ in
|
||||||
ProtectSystem = true;
|
ProtectSystem = true;
|
||||||
RemoveIPC = true;
|
RemoveIPC = true;
|
||||||
RestrictAddressFamilies = [ "AF_UNIX" ]; # knot socket
|
RestrictAddressFamilies = [ "AF_UNIX" ]; # knot socket
|
||||||
RestrictNamespaces = true;
|
# this is not ideal, but I couldn’t find out how to get a bind mount of the knot socket to work otherwise
|
||||||
|
RestrictNamespaces = [ true "~mnt" ];
|
||||||
RestrictRealtime = true;
|
RestrictRealtime = true;
|
||||||
RestrictSUIDSGID = true;
|
RestrictSUIDSGID = true;
|
||||||
SystemCallArchitectures = "native";
|
SystemCallArchitectures = "native";
|
||||||
|
|
|
@ -17,7 +17,7 @@ let
|
||||||
six = "closed-contour";
|
six = "closed-contour";
|
||||||
nine = "closed-contour";
|
nine = "closed-contour";
|
||||||
number-sign = "upright-tall";
|
number-sign = "upright-tall";
|
||||||
at = "short";
|
at = "compact";
|
||||||
cent = "open";
|
cent = "open";
|
||||||
percent = "dots";
|
percent = "dots";
|
||||||
lig-ltgteq = "slanted";
|
lig-ltgteq = "slanted";
|
||||||
|
@ -77,7 +77,7 @@ let
|
||||||
in
|
in
|
||||||
lib.mkIf config.sbruder.gui.enable {
|
lib.mkIf config.sbruder.gui.enable {
|
||||||
fonts = {
|
fonts = {
|
||||||
fonts = with pkgs; [
|
packages = with pkgs; [
|
||||||
iosevka-sbruder-nerd-font
|
iosevka-sbruder-nerd-font
|
||||||
] ++ lib.optionals config.sbruder.full [
|
] ++ lib.optionals config.sbruder.full [
|
||||||
google-fonts # google font collection (free)
|
google-fonts # google font collection (free)
|
||||||
|
@ -92,7 +92,7 @@ lib.mkIf config.sbruder.gui.enable {
|
||||||
vistafonts # newer microsoft fonts
|
vistafonts # newer microsoft fonts
|
||||||
];
|
];
|
||||||
|
|
||||||
enableDefaultFonts = true;
|
enableDefaultPackages = true;
|
||||||
|
|
||||||
fontconfig = {
|
fontconfig = {
|
||||||
defaultFonts = {
|
defaultFonts = {
|
||||||
|
|
|
@ -52,7 +52,7 @@ in
|
||||||
|
|
||||||
nixpkgs.overlays = with inputs; [
|
nixpkgs.overlays = with inputs; [
|
||||||
self.overlays.default
|
self.overlays.default
|
||||||
nixpkgs-overlay.overlay
|
nixpkgs-overlay.overlays.default
|
||||||
(final: prev: {
|
(final: prev: {
|
||||||
unstable = import nixpkgs-unstable {
|
unstable = import nixpkgs-unstable {
|
||||||
inherit (config.nixpkgs)
|
inherit (config.nixpkgs)
|
||||||
|
|
|
@ -7,7 +7,7 @@ buildGoModule rec {
|
||||||
|
|
||||||
subPackages = [ "." ];
|
subPackages = [ "." ];
|
||||||
|
|
||||||
vendorSha256 = "sha256-rql1QlbRgLhUJBE2c9owraCUv4r7O2oaZCijY1vs/3I=";
|
vendorHash = "sha256-rql1QlbRgLhUJBE2c9owraCUv4r7O2oaZCijY1vs/3I=";
|
||||||
|
|
||||||
doCheck = false; # no tests
|
doCheck = false; # no tests
|
||||||
|
|
||||||
|
|
|
@ -113,18 +113,18 @@ in
|
||||||
"--tag system"
|
"--tag system"
|
||||||
"--verbose"
|
"--verbose"
|
||||||
] ++ lib.optional (cfg.uploadLimit != null) "--limit-upload=${toString cfg.uploadLimit}";
|
] ++ lib.optional (cfg.uploadLimit != null) "--limit-upload=${toString cfg.uploadLimit}";
|
||||||
|
backupPrepareCommand = ''
|
||||||
|
${pkgs.nftables}/bin/nft -f ${qosRules}
|
||||||
|
'';
|
||||||
|
backupCleanupCommand = ''
|
||||||
|
${pkgs.nftables}/bin/nft delete table inet restic
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services."restic-backups-system".serviceConfig = {
|
systemd.services."restic-backups-system".serviceConfig = {
|
||||||
"Nice" = 10;
|
"Nice" = 10;
|
||||||
"IOSchedulingClass" = "best-effort";
|
"IOSchedulingClass" = "best-effort";
|
||||||
"IOSchedulingPriority" = 7;
|
"IOSchedulingPriority" = 7;
|
||||||
ExecStartPre = [
|
|
||||||
"${pkgs.nftables}/bin/nft -f ${qosRules}"
|
|
||||||
];
|
|
||||||
ExecStopPost = [
|
|
||||||
"${pkgs.nftables}/bin/nft delete table inet restic"
|
|
||||||
];
|
|
||||||
Slice = "restic.slice";
|
Slice = "restic.slice";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -10,9 +10,11 @@
|
||||||
dataDir = "/home/simon";
|
dataDir = "/home/simon";
|
||||||
|
|
||||||
overrideDevices = false;
|
overrideDevices = false;
|
||||||
devices = {
|
settings = {
|
||||||
fuuko = {
|
devices = {
|
||||||
id = "Z2OO5LK-N3UVCRD-QKVKLZ3-3LRXUOH-JENBAKQ-M647E3L-7FL6LIE-74GGHQF";
|
fuuko = {
|
||||||
|
id = "Z2OO5LK-N3UVCRD-QKVKLZ3-3LRXUOH-JENBAKQ-M647E3L-7FL6LIE-74GGHQF";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,7 @@
|
||||||
{
|
{
|
||||||
programs = {
|
programs = {
|
||||||
adb.enable = pkgs.stdenv.isx86_64 && config.sbruder.full;
|
adb.enable = pkgs.stdenv.isx86_64 && config.sbruder.full;
|
||||||
# TODO 23.11: use option again
|
bandwhich.enable = true;
|
||||||
#bandwhich.enable = true;
|
|
||||||
iotop.enable = true;
|
iotop.enable = true;
|
||||||
wireshark = {
|
wireshark = {
|
||||||
enable = config.sbruder.gui.enable && config.sbruder.full;
|
enable = config.sbruder.gui.enable && config.sbruder.full;
|
||||||
|
@ -12,14 +11,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO 23.11: see above
|
|
||||||
security.wrappers.bandwhich = {
|
|
||||||
owner = "root";
|
|
||||||
group = "root";
|
|
||||||
capabilities = "cap_net_raw,cap_net_admin+ep";
|
|
||||||
source = "${pkgs.unstable.bandwhich}/bin/bandwhich";
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
# top like tools
|
# top like tools
|
||||||
bmon # network monitor
|
bmon # network monitor
|
||||||
|
|
|
@ -13,7 +13,7 @@ buildGoModule rec {
|
||||||
|
|
||||||
subPackages = [ "." ];
|
subPackages = [ "." ];
|
||||||
|
|
||||||
vendorSha256 = "sha256-CMo6FBzw0/OMKEX12oNqhbF/0dRRFR6W3VRp+EU6Q68=";
|
vendorHash = "sha256-CMo6FBzw0/OMKEX12oNqhbF/0dRRFR6W3VRp+EU6Q68=";
|
||||||
|
|
||||||
oCheck = false; # no tests
|
oCheck = false; # no tests
|
||||||
|
|
||||||
|
|
|
@ -46,15 +46,4 @@ in
|
||||||
|
|
||||||
patches = [ ];
|
patches = [ ];
|
||||||
});
|
});
|
||||||
|
|
||||||
# TODO 23.11: Remove
|
|
||||||
dnsmasq = prev.dnsmasq.overrideAttrs (o: rec {
|
|
||||||
preBuild = o.preBuild + ''
|
|
||||||
makeFlagsArray[0]="''${makeFlagsArray[0]} -DHAVE_NFTSET"
|
|
||||||
'';
|
|
||||||
|
|
||||||
buildInputs = o.buildInputs ++ (with prev; [
|
|
||||||
nftables
|
|
||||||
]);
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,7 +55,7 @@ in
|
||||||
vapoursynth = pkgs.vapoursynth.withPlugins (with pkgs; [
|
vapoursynth = pkgs.vapoursynth.withPlugins (with pkgs; [
|
||||||
vapoursynth-mvtools
|
vapoursynth-mvtools
|
||||||
]);
|
]);
|
||||||
ffmpeg_5 = pkgs.ffmpeg_5-full;
|
ffmpeg = pkgs.ffmpeg-full;
|
||||||
}))
|
}))
|
||||||
{
|
{
|
||||||
scripts = with pkgs.mpvScripts; [
|
scripts = with pkgs.mpvScripts; [
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ config, lib, nixosConfig, pkgs, ... }:
|
{ config, lib, nixosConfig, pkgs, ... }:
|
||||||
let
|
let
|
||||||
rainbow_csv = pkgs.vimUtils.buildVimPluginFrom2Nix rec {
|
rainbow_csv = pkgs.vimUtils.buildVimPlugin rec {
|
||||||
name = "rainbow_csv";
|
name = "rainbow_csv";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
owner = "mechatroner";
|
owner = "mechatroner";
|
||||||
|
@ -11,7 +11,7 @@ let
|
||||||
|
|
||||||
meta.license = lib.licenses.mit;
|
meta.license = lib.licenses.mit;
|
||||||
};
|
};
|
||||||
vim-openscad = pkgs.vimUtils.buildVimPluginFrom2Nix rec {
|
vim-openscad = pkgs.vimUtils.buildVimPlugin rec {
|
||||||
name = "vim-openscad";
|
name = "vim-openscad";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
owner = "sirtaj";
|
owner = "sirtaj";
|
||||||
|
@ -22,7 +22,7 @@ let
|
||||||
|
|
||||||
meta.license = lib.licenses.publicDomain;
|
meta.license = lib.licenses.publicDomain;
|
||||||
};
|
};
|
||||||
Vim-Jinja2-Syntax = pkgs.vimUtils.buildVimPluginFrom2Nix rec {
|
Vim-Jinja2-Syntax = pkgs.vimUtils.buildVimPlugin rec {
|
||||||
name = "Vim-Jinja2-Syntax";
|
name = "Vim-Jinja2-Syntax";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
owner = "Glench";
|
owner = "Glench";
|
||||||
|
|
|
@ -38,7 +38,6 @@ lib.mkIf nixosConfig.sbruder.gui.enable
|
||||||
{
|
{
|
||||||
programs.qutebrowser = {
|
programs.qutebrowser = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.qutebrowser-qt6;
|
|
||||||
aliases = {
|
aliases = {
|
||||||
q = "tab-close"; # one tab
|
q = "tab-close"; # one tab
|
||||||
qa = "close"; # one window
|
qa = "close"; # one window
|
||||||
|
|
|
@ -24,7 +24,7 @@ in
|
||||||
fzf = {
|
fzf = {
|
||||||
enable = true;
|
enable = true;
|
||||||
changeDirWidgetCommand = "fd --color always --type d";
|
changeDirWidgetCommand = "fd --color always --type d";
|
||||||
changeDirWidgetOptions = [ "--preview 'exa --tree --color=always -L 4 {}'" ];
|
changeDirWidgetOptions = [ "--preview 'eza --tree --color=always -L 4 {}'" ];
|
||||||
defaultCommand = "fd --color always";
|
defaultCommand = "fd --color always";
|
||||||
defaultOptions = [
|
defaultOptions = [
|
||||||
"--ansi"
|
"--ansi"
|
||||||
|
@ -56,7 +56,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
exa = {
|
eza = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableAliases = true;
|
enableAliases = true;
|
||||||
git = true;
|
git = true;
|
||||||
|
@ -94,7 +94,7 @@ in
|
||||||
userctl = "systemctl --user";
|
userctl = "systemctl --user";
|
||||||
vim = "nvim";
|
vim = "nvim";
|
||||||
vimdiff = "nvim -d";
|
vimdiff = "nvim -d";
|
||||||
l = "exa -l";
|
l = "eza -l";
|
||||||
};
|
};
|
||||||
initExtra = lib.mkMerge [
|
initExtra = lib.mkMerge [
|
||||||
(lib.mkBefore ''
|
(lib.mkBefore ''
|
||||||
|
@ -126,4 +126,8 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
home.sessionVariables = {
|
||||||
|
EZA_COLORS = "xx=15"; # otherwise punctuation is not readable
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue