Upgrade to 23.11

Flake lock file updates:

• Updated input 'bang-evaluator':
    'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=7fc3d5019c907566abbad8f84ba9555a5786bd01' (2021-08-01)
  → 'git+https://git.sbruder.de/simon/bangs?ref=refs/heads/master&rev=a06c68c44862f74757a203e2df41ea83c33722d9' (2023-12-02)
• Updated input 'home-manager':
    'github:nix-community/home-manager/04bac349d585c9df38d78e0285b780a140dc74a4' (2023-11-12)
  → 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/9a4725afa67db35cdf7be89f30527d745194cafa' (2023-11-19)
  → 'github:nix-community/home-manager/4a8545f5e737a6338814a4676dc8e18c7f43fc57' (2023-12-01)
• Updated input 'nix-pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/e558068cba67b23b4fbc5537173dbb43748a17e8' (2023-11-15)
  → 'github:cachix/pre-commit-hooks.nix/e5ee5c5f3844550c01d2131096c7271cec5e9b78' (2023-11-25)
• Updated input 'nixos-hardware':
    'github:nixos/nixos-hardware/1721da31f9b30cbf4460c4ec5068b3b6174a4694' (2023-11-18)
  → 'github:nixos/nixos-hardware/8772491ed75f150f02552c60694e1beff9f46013' (2023-11-29)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9fb122519e9cd465d532f736a98c1e1eb541ef6f' (2023-11-16)
  → 'github:nixos/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01)
• Updated input 'nixpkgs-overlay':
    'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=c8a17806a75733dec2ecdd8f0021c70d1f9dfc43' (2023-10-04)
  → 'git+https://git.sbruder.de/simon/nixpkgs-overlay?ref=refs/heads/master&rev=37f80d1593ab856372cc0da199f49565f3b05c71' (2023-12-02)
• Updated input 'nixpkgs-overlay/poetry2nix':
    'github:nix-community/poetry2nix/093383b3d7fdd36846a7d84e128ca11865800538' (2023-09-22)
  → 'github:nix-community/poetry2nix/7acb78166a659d6afe9b043bb6fe5cb5e86bb75e' (2023-12-01)
• Updated input 'nixpkgs-overlay/poetry2nix/nix-github-actions':
    'github:nix-community/nix-github-actions/165b1650b753316aa7f1787f3005a8d2da0f5301' (2023-07-09)
  → 'github:nix-community/nix-github-actions/4bb5e752616262457bc7ca5882192a564c0472d2' (2023-11-03)
• Added input 'nixpkgs-overlay/poetry2nix/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix':
    'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12)
• Added input 'nixpkgs-overlay/poetry2nix/treefmt-nix/nixpkgs':
    follows 'nixpkgs-overlay/poetry2nix/nixpkgs'
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad' (2023-11-17)
  → 'github:nixos/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58' (2023-11-29)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/49a87c6c827ccd21c225531e30745a9a6464775c' (2023-11-19)
  → 'github:Mic92/sops-nix/e19071f9958c8da4f4347d3d78790d97e98ba22f' (2023-12-02)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
  → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)

flake.lock

@@ -10,11 +10,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1627835028,
+        "lastModified": 1701527050,
-        "narHash": "sha256-LHTdNog+0EmRn+4DIz451vvQ2EeC8KwyV3/8JpX9yiw=",
+        "narHash": "sha256-EphJZX+rhnzUUladmeXvmYHILftHLV5i1sD18pGbxHY=",
         "ref": "refs/heads/master",
-        "rev": "7fc3d5019c907566abbad8f84ba9555a5786bd01",
+        "rev": "a06c68c44862f74757a203e2df41ea83c33722d9",
-        "revCount": 52,
+        "revCount": 54,
         "type": "git",
         "url": "https://git.sbruder.de/simon/bangs"
       },
@@ -85,16 +85,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1699748081,
+        "lastModified": 1700814205,
-        "narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=",
+        "narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "04bac349d585c9df38d78e0285b780a140dc74a4",
+        "rev": "aeb2232d7a32530d3448318790534d196bf9427a",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-23.05",
+        "ref": "release-23.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -106,11 +106,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1700386809,
+        "lastModified": 1701433070,
-        "narHash": "sha256-2IPxWo0Yplv+70EueZVLTwRAijax0tirYp5Jh0QV1A4=",
+        "narHash": "sha256-Gf9JStfENaUQ7YWFz3V7x/srIwr4nlnVteqaAxtwpgM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "9a4725afa67db35cdf7be89f30527d745194cafa",
+        "rev": "4a8545f5e737a6338814a4676dc8e18c7f43fc57",
         "type": "github"
       },
       "original": {
@@ -189,11 +189,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1688870561,
+        "lastModified": 1698974481,
-        "narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=",
+        "narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
         "owner": "nix-community",
         "repo": "nix-github-actions",
-        "rev": "165b1650b753316aa7f1787f3005a8d2da0f5301",
+        "rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
         "type": "github"
       },
       "original": {
@@ -215,11 +215,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1700064067,
+        "lastModified": 1700922917,
-        "narHash": "sha256-1ZWNDzhu8UlVCK7+DUN9dVQfiHX1bv6OQP9VxstY/gs=",
+        "narHash": "sha256-ej2fch/T584b5K9sk1UhmZF7W6wEfDHuoUYpFN8dtvM=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "e558068cba67b23b4fbc5537173dbb43748a17e8",
+        "rev": "e5ee5c5f3844550c01d2131096c7271cec5e9b78",
         "type": "github"
       },
       "original": {
@@ -231,11 +231,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1700315735,
+        "lastModified": 1701250978,
-        "narHash": "sha256-zlSLW6dX5XwBEwN87CIVtMr8zDSKvTRFmWmIQ9FfWgo=",
+        "narHash": "sha256-ohu3cz4edjpGxs2qUTgbs0WrnewOX4crnUJNEB6Jox4=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "1721da31f9b30cbf4460c4ec5068b3b6174a4694",
+        "rev": "8772491ed75f150f02552c60694e1beff9f46013",
         "type": "github"
       },
       "original": {
@@ -247,16 +247,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1700097215,
+        "lastModified": 1701389149,
-        "narHash": "sha256-ODQ3gBTv1iHd7lG21H+ErVISB5wVeOhd/dEogOqHs/I=",
+        "narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9fb122519e9cd465d532f736a98c1e1eb541ef6f",
+        "rev": "5de0b32be6e85dc1a9404c75131316e4ffbc634c",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-23.05",
+        "ref": "nixos-23.11",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -275,11 +275,11 @@
         "poetry2nix": "poetry2nix"
       },
       "locked": {
-        "lastModified": 1696421393,
+        "lastModified": 1701527732,
-        "narHash": "sha256-GarjKZ00NVXDgQZocnWvyhTWRm1LYZuZuJ4gEva+GGs=",
+        "narHash": "sha256-pylAGzBf4a9ShBFR9fAs9KSD2cpPYUeINDCheSru9Yw=",
         "ref": "refs/heads/master",
-        "rev": "c8a17806a75733dec2ecdd8f0021c70d1f9dfc43",
+        "rev": "37f80d1593ab856372cc0da199f49565f3b05c71",
-        "revCount": 62,
+        "revCount": 64,
         "type": "git",
         "url": "https://git.sbruder.de/simon/nixpkgs-overlay"
       },
@@ -306,11 +306,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1700342017,
+        "lastModified": 1700905716,
-        "narHash": "sha256-HaibwlWH5LuqsaibW3sIVjZQtEM/jWtOHX4Nk93abGE=",
+        "narHash": "sha256-w1vHn2MbGfdC+CrP3xLZ3scsI06N0iQLU7eTHIVEFGw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "decdf666c833a325cb4417041a90681499e06a41",
+        "rev": "dfb95385d21475da10b63da74ae96d89ab352431",
         "type": "github"
       },
       "original": {
@@ -322,11 +322,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1700204040,
+        "lastModified": 1701253981,
-        "narHash": "sha256-xSVcS5HBYnD3LTer7Y2K8ZQCDCXMa3QUD1MzRjHzuhI=",
+        "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad",
+        "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
         "type": "github"
       },
       "original": {
@@ -385,14 +385,16 @@
         "nixpkgs": [
           "nixpkgs-overlay",
           "nixpkgs"
-        ]
+        ],
+        "systems": "systems_2",
+        "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1695386222,
+        "lastModified": 1701399357,
-        "narHash": "sha256-5lgnhCCGW0NH5+m5iTED8u6NSSM/dbH9LBPvX0x0XXg=",
+        "narHash": "sha256-QSGP2J73HQ4gF5yh+MnClv2KUKzcpTmikdmV8ULfq2E=",
         "owner": "nix-community",
         "repo": "poetry2nix",
-        "rev": "093383b3d7fdd36846a7d84e128ca11865800538",
+        "rev": "7acb78166a659d6afe9b043bb6fe5cb5e86bb75e",
         "type": "github"
       },
       "original": {
@@ -451,11 +453,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1700362823,
+        "lastModified": 1701518298,
-        "narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=",
+        "narHash": "sha256-5t8yqKe0oVusV4xgfA+wW58hQJXFMmq0mmaR1gKES+Y=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "49a87c6c827ccd21c225531e30745a9a6464775c",
+        "rev": "e19071f9958c8da4f4347d3d78790d97e98ba22f",
         "type": "github"
       },
       "original": {
@@ -478,6 +480,42 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "id": "systems",
+        "type": "indirect"
+      }
+    },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-overlay",
+          "poetry2nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1699786194,
+        "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -4,10 +4,10 @@
   inputs = {
     flake-utils.url = "github:numtide/flake-utils";
 
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
 
-    home-manager.url = "github:nix-community/home-manager/release-23.05";
+    home-manager.url = "github:nix-community/home-manager/release-23.11";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
     home-manager-unstable.url = "github:nix-community/home-manager";
     home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";

machines/renge/hardware-configuration.nix

@@ -15,7 +15,7 @@
       network.enable = true; # remote unlocking
       luks.devices."root".device = "/dev/disk/by-uuid/75f9aa9f-bb40-4d83-9f81-18e4f2ce8d57";
     };
-    loader.grub.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0";
+    loader.grub.device = "/dev/sda";
     kernel = {
       sysctl = {
         # Swap should never be used unless the system runs ouf of memory.

machines/renge/services/grafana.nix

@@ -45,7 +45,7 @@ in
     ensureUsers = [
       {
         name = cfg.settings.database.user;
-        ensurePermissions = { "DATABASE ${cfg.settings.database.name}" = "ALL PRIVILEGES"; };
+        ensureDBOwnership = true;
       }
     ];
   };

machines/renge/services/hedgedoc.nix

@@ -8,9 +8,7 @@ in
     ensureDatabases = [ "hedgedoc" ];
     ensureUsers = lib.singleton {
       name = "hedgedoc";
-      ensurePermissions = {
+      ensureDBOwnership = true;
-        "DATABASE hedgedoc" = "ALL PRIVILEGES";
-      };
     };
   };
 
@@ -35,8 +33,8 @@ in
   systemd.services.hedgedoc = {
     after = [ "postgresql.service" ];
     preStart = toString (pkgs.writeShellScript "hedgedoc-generate-session-secret" ''
-      if [ ! -f ${cfg.workDir}/session_secret_env ]; then
+      if [ ! -f /var/lib/hedgedoc/session_secret_env ]; then
-          echo "CMD_SESSION_SECRET=$(${pkgs.pwgen}/bin/pwgen -s 32 1)" > ${cfg.workDir}/session_secret_env
+          echo "CMD_SESSION_SECRET=$(${pkgs.pwgen}/bin/pwgen -s 32 1)" > /var/lib/hedgedoc/session_secret_env
       fi
     '');
     serviceConfig = {
@@ -44,7 +42,7 @@ in
         "CMD_LOGLEVEL=warn"
       ];
       EnvironmentFile = [
-        "-${cfg.workDir}/session_secret_env" # - ensures that it will not fail on first start
+        "-/var/lib/hedgedoc/session_secret_env" # - ensures that it will not fail on first start
       ];
     };
   };

machines/renge/services/matrix/synapse.nix

@@ -93,12 +93,8 @@ in
     enable = true;
     # synapse requires custom databse configuration:
     # CREATE DATABASE "matrix-synapse" TEMPLATE template0 LC_COLLATE "C" LC_CTYPE "C";
-    ensureUsers = lib.singleton {
+    # as the databse is not created with NixOS,
-      name = "matrix-synapse";
+    # the ownership can’t be ensured here.
-      ensurePermissions = {
-        "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
-      };
-    };
   };
 
   services.nginx.virtualHosts = {

modules/authoritative-dns.nix

@@ -33,7 +33,10 @@ in
         # so the module disables configuration checks.
         "/var/lib/knot/static.conf"
       ];
-      extraConfig = ''
+      # TODO migrate to settings
+      settingsFile = pkgs.writeText "knot.conf" (''
+        include: /var/lib/knot/static.conf
+
         server:
         ${lib.concatStringsSep "\n" (map (address: "    listen: ${address}@53") addresses.${config.networking.hostName})}
             automatic-acl: on
@@ -110,7 +113,7 @@ in
             acl: [primary_notify]
             # stats
             module: mod-stats/custom
-      '');
+      ''));
     };
 
     users.users.knot = {
@@ -151,7 +154,6 @@ in
         RemainAfterExit = true;
         User = "knot";
 
-        BindReadOnlyPaths = [ "/run/knot/knot.sock" ];
         CapabilityBoundingSet = ""; # clear
         LockPersonality = true;
         MemoryDenyWriteExecute = true;
@@ -171,7 +173,8 @@ in
         ProtectSystem = true;
         RemoveIPC = true;
         RestrictAddressFamilies = [ "AF_UNIX" ]; # knot socket
-        RestrictNamespaces = true;
+        # this is not ideal, but I couldn’t find out how to get a bind mount of the knot socket to work otherwise
+        RestrictNamespaces = [ true "~mnt" ];
         RestrictRealtime = true;
         RestrictSUIDSGID = true;
         SystemCallArchitectures = "native";

modules/fonts.nix

@@ -17,7 +17,7 @@ let
           six = "closed-contour";
           nine = "closed-contour";
           number-sign = "upright-tall";
-          at = "short";
+          at = "compact";
           cent = "open";
           percent = "dots";
           lig-ltgteq = "slanted";
@@ -77,7 +77,7 @@ let
 in
 lib.mkIf config.sbruder.gui.enable {
   fonts = {
-    fonts = with pkgs; [
+    packages = with pkgs; [
       iosevka-sbruder-nerd-font
     ] ++ lib.optionals config.sbruder.full [
       google-fonts # google font collection (free)
@@ -92,7 +92,7 @@ lib.mkIf config.sbruder.gui.enable {
       vistafonts # newer microsoft fonts
     ];
 
-    enableDefaultFonts = true;
+    enableDefaultPackages = true;
 
     fontconfig = {
       defaultFonts = {

modules/nix.nix

@@ -52,7 +52,7 @@ in
 
   nixpkgs.overlays = with inputs; [
     self.overlays.default
-    nixpkgs-overlay.overlay
+    nixpkgs-overlay.overlays.default
     (final: prev: {
       unstable = import nixpkgs-unstable {
         inherit (config.nixpkgs)

modules/qbittorrent/exporter/default.nix

@@ -7,7 +7,7 @@ buildGoModule rec {
 
   subPackages = [ "." ];
 
-  vendorSha256 = "sha256-rql1QlbRgLhUJBE2c9owraCUv4r7O2oaZCijY1vs/3I=";
+  vendorHash = "sha256-rql1QlbRgLhUJBE2c9owraCUv4r7O2oaZCijY1vs/3I=";
 
   doCheck = false; # no tests
 

modules/restic/system.nix

@@ -113,18 +113,18 @@ in
         "--tag system"
         "--verbose"
       ] ++ lib.optional (cfg.uploadLimit != null) "--limit-upload=${toString cfg.uploadLimit}";
+      backupPrepareCommand = ''
+        ${pkgs.nftables}/bin/nft -f ${qosRules}
+      '';
+      backupCleanupCommand = ''
+        ${pkgs.nftables}/bin/nft delete table inet restic
+      '';
     };
 
     systemd.services."restic-backups-system".serviceConfig = {
       "Nice" = 10;
       "IOSchedulingClass" = "best-effort";
       "IOSchedulingPriority" = 7;
-      ExecStartPre = [
-        "${pkgs.nftables}/bin/nft -f ${qosRules}"
-      ];
-      ExecStopPost = [
-        "${pkgs.nftables}/bin/nft delete table inet restic"
-      ];
       Slice = "restic.slice";
     };
 

modules/syncthing.nix

@@ -10,9 +10,11 @@
     dataDir = "/home/simon";
 
     overrideDevices = false;
-    devices = {
+    settings = {
-      fuuko = {
+      devices = {
-        id = "Z2OO5LK-N3UVCRD-QKVKLZ3-3LRXUOH-JENBAKQ-M647E3L-7FL6LIE-74GGHQF";
+        fuuko = {
+          id = "Z2OO5LK-N3UVCRD-QKVKLZ3-3LRXUOH-JENBAKQ-M647E3L-7FL6LIE-74GGHQF";
+        };
       };
     };
 

modules/tools.nix

@@ -3,8 +3,7 @@
 {
   programs = {
     adb.enable = pkgs.stdenv.isx86_64 && config.sbruder.full;
-    # TODO 23.11: use option again
+    bandwhich.enable = true;
-    #bandwhich.enable = true;
     iotop.enable = true;
     wireshark = {
       enable = config.sbruder.gui.enable && config.sbruder.full;
@@ -12,14 +11,6 @@
     };
   };
 
-  # TODO 23.11: see above
-  security.wrappers.bandwhich = {
-    owner = "root";
-    group = "root";
-    capabilities = "cap_net_raw,cap_net_admin+ep";
-    source = "${pkgs.unstable.bandwhich}/bin/bandwhich";
-  };
-
   environment.systemPackages = with pkgs; [
     # top like tools
     bmon # network monitor

pkgs/co2_exporter/default.nix

@@ -13,7 +13,7 @@ buildGoModule rec {
 
   subPackages = [ "." ];
 
-  vendorSha256 = "sha256-CMo6FBzw0/OMKEX12oNqhbF/0dRRFR6W3VRp+EU6Q68=";
+  vendorHash = "sha256-CMo6FBzw0/OMKEX12oNqhbF/0dRRFR6W3VRp+EU6Q68=";
 
   oCheck = false; # no tests
 

pkgs/default.nix

@@ -46,15 +46,4 @@ in
 
     patches = [ ];
   });
-
-  # TODO 23.11: Remove
-  dnsmasq = prev.dnsmasq.overrideAttrs (o: rec {
-    preBuild = o.preBuild + ''
-      makeFlagsArray[0]="''${makeFlagsArray[0]} -DHAVE_NFTSET"
-    '';
-
-    buildInputs = o.buildInputs ++ (with prev; [
-      nftables
-    ]);
-  });
 }

users/simon/modules/mpv/default.nix

@@ -55,7 +55,7 @@ in
         vapoursynth = pkgs.vapoursynth.withPlugins (with pkgs; [
           vapoursynth-mvtools
         ]);
-        ffmpeg_5 = pkgs.ffmpeg_5-full;
+        ffmpeg = pkgs.ffmpeg-full;
       }))
       {
         scripts = with pkgs.mpvScripts; [

users/simon/modules/neovim/default.nix

@@ -1,6 +1,6 @@
 { config, lib, nixosConfig, pkgs, ... }:
 let
-  rainbow_csv = pkgs.vimUtils.buildVimPluginFrom2Nix rec {
+  rainbow_csv = pkgs.vimUtils.buildVimPlugin rec {
     name = "rainbow_csv";
     src = pkgs.fetchFromGitHub {
       owner = "mechatroner";
@@ -11,7 +11,7 @@ let
 
     meta.license = lib.licenses.mit;
   };
-  vim-openscad = pkgs.vimUtils.buildVimPluginFrom2Nix rec {
+  vim-openscad = pkgs.vimUtils.buildVimPlugin rec {
     name = "vim-openscad";
     src = pkgs.fetchFromGitHub {
       owner = "sirtaj";
@@ -22,7 +22,7 @@ let
 
     meta.license = lib.licenses.publicDomain;
   };
-  Vim-Jinja2-Syntax = pkgs.vimUtils.buildVimPluginFrom2Nix rec {
+  Vim-Jinja2-Syntax = pkgs.vimUtils.buildVimPlugin rec {
     name = "Vim-Jinja2-Syntax";
     src = pkgs.fetchFromGitHub {
       owner = "Glench";

users/simon/modules/qutebrowser/default.nix

@@ -38,7 +38,6 @@ lib.mkIf nixosConfig.sbruder.gui.enable
 {
   programs.qutebrowser = {
     enable = true;
-    package = pkgs.qutebrowser-qt6;
     aliases = {
       q = "tab-close"; # one tab
       qa = "close"; # one window

users/simon/modules/zsh/default.nix

@@ -24,7 +24,7 @@ in
     fzf = {
       enable = true;
       changeDirWidgetCommand = "fd --color always --type d";
-      changeDirWidgetOptions = [ "--preview 'exa --tree --color=always -L 4 {}'" ];
+      changeDirWidgetOptions = [ "--preview 'eza --tree --color=always -L 4 {}'" ];
       defaultCommand = "fd --color always";
       defaultOptions = [
         "--ansi"
@@ -56,7 +56,7 @@ in
         enable = true;
       };
     };
-    exa = {
+    eza = {
       enable = true;
       enableAliases = true;
       git = true;
@@ -94,7 +94,7 @@ in
         userctl = "systemctl --user";
         vim = "nvim";
         vimdiff = "nvim -d";
-        l = "exa -l";
+        l = "eza -l";
       };
       initExtra = lib.mkMerge [
         (lib.mkBefore ''
@@ -126,4 +126,8 @@ in
       ];
     };
   };
+
+  home.sessionVariables = {
+    EZA_COLORS = "xx=15"; # otherwise punctuation is not readable
+  };
 }