Upgrade to 23.05

2023-06-17 12:22:58 +02:00 · 2023-06-17 12:22:58 +02:00 · e21bba4363
parent c0e5c26ae9
commit e21bba4363
8 changed files with 89 additions and 85 deletions
--- a/config/common/services/ssh.nix
+++ b/config/common/services/ssh.nix
@ -2,14 +2,16 @@
 {
  services.openssh = {
    enable = true;
    permitRootLogin = "no";
    passwordAuthentication = false;
    kbdInteractiveAuthentication = false;
    hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ];
-    kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
+    settings = {
-    macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];
+      KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
      Macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];
      PermitRootLogin = "no";
      KbdInteractiveAuthentication = false;
      PasswordAuthentication = false;
    };
  };
  programs.ssh.knownHosts = {
    despondos = {
--- a/config/hosts/grondahl/configuration.nix
+++ b/config/hosts/grondahl/configuration.nix
@ -20,9 +20,8 @@
    ];
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/vda";
-  boot.kernelPackages = pkgs.linuxPackages_5_10;
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
  networking = {
    hostName = "grondahl";
    useDHCP = false;
--- a/config/hosts/rudiger/configuration.nix
+++ b/config/hosts/rudiger/configuration.nix
@ -17,8 +17,8 @@
    ];
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";
  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
  boot.supportedFilesystems = ["zfs"];
  services.zfs.autoSnapshot.enable = false;
--- a/config/hosts/rudiger/services/nextcloud.nix
+++ b/config/hosts/rudiger/services/nextcloud.nix
@ -6,7 +6,7 @@
 		enableBrokenCiphersForSSE = false;
 		hostName = "cloud.graven.dev";
 		https = true;
-		package = pkgs.nextcloud25;
+		package = pkgs.nextcloud26;
 		autoUpdateApps.enable = true;
 		maxUploadSize = "10G";
 		webfinger = true;
--- a/config/hosts/wind/configuration.nix
+++ b/config/hosts/wind/configuration.nix
@ -22,9 +22,8 @@
 		];
 	boot.loader.grub.enable = true;
 	boot.loader.grub.version = 2;
 	boot.loader.grub.device = "/dev/sda";
-	boot.kernelPackages = pkgs.linuxPackages_5_10;
+	boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
 	boot.supportedFilesystems = ["zfs"];
 	services.zfs.autoSnapshot.enable = false;
 	services.zfs.autoScrub.enable = true;
--- a/config/sources/nix/sources.json
+++ b/config/sources/nix/sources.json
@ -5,10 +5,10 @@
        "homepage": "https://github.com/nmattia/niv",
        "owner": "nmattia",
        "repo": "niv",
-        "rev": "689d0e5539eddd0b0f566aee7bb18629eee7df74",
+        "rev": "0ebb80e003c26d5388a9b74645fbdcfca3bdd0ef",
-        "sha256": "1rld3lk42l6b01f2gcrhq8qm9vry1awmfl29zmpiqda9dy89vbx0",
+        "sha256": "0wpnk1n4vjyqwjjrm6dvkyh7xr7983rszfhfcg31v106qhfnh41c",
        "type": "tarball",
-        "url": "https://github.com/nmattia/niv/archive/689d0e5539eddd0b0f566aee7bb18629eee7df74.tar.gz",
+        "url": "https://github.com/nmattia/niv/archive/0ebb80e003c26d5388a9b74645fbdcfca3bdd0ef.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixos-hardware": {
@ -17,22 +17,22 @@
        "homepage": "",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "d24ea777c57b69c6b143cf11d83184ef71b0dbbf",
+        "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
-        "sha256": "0hzjm3jvaplm9vrsmnc7ir6jpnf1hnchmm7f2m8r5rwgxkqvpkgg",
+        "sha256": "05a5cfxy9qzb6qq5jrkb65zasa0cmvsym592amjx9sbn7m8858ka",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixos-hardware/archive/d24ea777c57b69c6b143cf11d83184ef71b0dbbf.tar.gz",
+        "url": "https://github.com/NixOS/nixos-hardware/archive/429f232fe1dc398c5afea19a51aad6931ee0fb89.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixpkgs": {
-        "branch": "release-22.11",
+        "branch": "release-23.05",
        "description": "Nix Packages collection",
        "homepage": "",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a7af1abd95b89782e24fd7f7b0fb1f12972785cd",
+        "rev": "083cb1a04d196e35b9c8293a379266c854e284c1",
-        "sha256": "0g8vwn18n9vr14jpv1kd0a8qqdmhx47arjcf196x0ki5rqgvkpb5",
+        "sha256": "0fl9cq9h8i0dc50b1h0snmmcb3vsxz4d14jzsjw4ixfd2bm4dl0n",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/a7af1abd95b89782e24fd7f7b0fb1f12972785cd.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/083cb1a04d196e35b9c8293a379266c854e284c1.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixus": {
@ -41,10 +41,10 @@
        "homepage": "",
        "owner": "Infinisil",
        "repo": "nixus",
-        "rev": "9ff2a3923f733849100f99102b57a0d6c7240f2e",
+        "rev": "d8c3e403978da7b11a5dea1d9e8fd4f918668fdd",
-        "sha256": "1a2dhfrckhv94j4m3q42va1z5k21qk5s25s3m1qj3gkqyxvpilc5",
+        "sha256": "1k145w7yxiwg337hki4vwc398q94j7smhy7bs2j91jahcxy8fb2x",
        "type": "tarball",
-        "url": "https://github.com/Infinisil/nixus/archive/9ff2a3923f733849100f99102b57a0d6c7240f2e.tar.gz",
+        "url": "https://github.com/Infinisil/nixus/archive/d8c3e403978da7b11a5dea1d9e8fd4f918668fdd.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    }
 }
--- a/config/sources/nix/sources.nix
+++ b/config/sources/nix/sources.nix
@ -27,16 +27,17 @@ let
  fetch_git = name: spec:
    let
      ref =
-        if spec ? ref then spec.ref else
+        spec.ref or (
          if spec ? branch then "refs/heads/${spec.branch}" else
          if spec ? tag then "refs/tags/${spec.tag}" else
-              abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
+          abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"
-      submodules = if spec ? submodules then spec.submodules else false;
+        );
      submodules = spec.submodules or false;
      submoduleArg =
        let
          nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
          emptyArgWithWarning =
-            if submodules == true
+            if submodules
            then
              builtins.trace
                (
@ -115,7 +116,7 @@ let
  # the path directly as opposed to the fetched source.
  replace = name: drv:
    let
-      saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
+      saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
      ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
    in
    if ersatz == "" then drv else
@ -151,7 +152,7 @@ let
      inherit (builtins) lessThan nixVersion fetchTarball;
    in
    if lessThan nixVersion "1.12" then
-        fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
+      fetchTarball ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
    else
      fetchTarball attrs;
@ -161,25 +162,28 @@ let
      inherit (builtins) lessThan nixVersion fetchurl;
    in
    if lessThan nixVersion "1.12" then
-        fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
+      fetchurl ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
    else
      fetchurl attrs;
  # Create the final "sources" from the config
  mkSources = config:
-    mapAttrs (
+    mapAttrs
      (
        name: spec:
          if builtins.hasAttr "outPath" spec
-        then abort
+          then
            abort
              "The values in sources.json should not have an 'outPath' attribute"
          else
            spec // { outPath = replace name (fetch config.pkgs name spec); }
-    ) config.sources;
+      )
      config.sources;
  # The "config" used by the fetchers
  mkConfig =
    { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
-    , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
+    , sources ? if sourcesFile == null then { } else builtins.fromJSON (builtins.readFile sourcesFile)
    , system ? builtins.currentSystem
    , pkgs ? mkPkgs sources system
    }: rec {
--- a/deploy/default.nix
+++ b/deploy/default.nix
@ -13,21 +13,21 @@ in import "${sources.nixus}" {} ({ config, ... }: {
  nodes = {
    wind = { lib, config, ... }: {
-      host = "emelie@graven.dev";
+      host = "graven.dev";
      configuration = ../config/hosts/wind/configuration.nix;
      switchTimeout = 300;
      successTimeout = 300;
      ignoreFailingSystemdUnits = true;
    };
    grondahl = { lib, config, ... }: {
-      host = "emelie@anarkafem.dev";
+      host = "anarkafem.dev";
      configuration = ../config/hosts/grondahl/configuration.nix;
      successTimeout = 300;
      switchTimeout = 300;
      ignoreFailingSystemdUnits = true;
    };
    rudiger = { lib, config, ... }: {
-      host = "emelie@cloud.graven.dev";
+      host = "cloud.graven.dev";
      configuration = ../config/hosts/rudiger/configuration.nix;
      switchTimeout = 300;
      successTimeout = 300;