Upgrade to 23.05
This commit is contained in:
parent
c0e5c26ae9
commit
e21bba4363
|
@ -2,13 +2,15 @@
|
||||||
{
|
{
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
permitRootLogin = "no";
|
|
||||||
passwordAuthentication = false;
|
|
||||||
kbdInteractiveAuthentication = false;
|
|
||||||
hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ];
|
hostKeys = [ { path = config.secrets.files.ssh_host_ed25519_key.file; type = "ed25519"; } ];
|
||||||
kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
|
settings = {
|
||||||
macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];
|
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
|
||||||
|
Macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-512-etm@openssh.com" "umac-128-etm@openssh.com" ];
|
||||||
|
PermitRootLogin = "no";
|
||||||
|
KbdInteractiveAuthentication = false;
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.ssh.knownHosts = {
|
programs.ssh.knownHosts = {
|
||||||
|
|
|
@ -20,9 +20,8 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.device = "/dev/vda";
|
boot.loader.grub.device = "/dev/vda";
|
||||||
boot.kernelPackages = pkgs.linuxPackages_5_10;
|
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "grondahl";
|
hostName = "grondahl";
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
|
|
|
@ -17,8 +17,8 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.device = "/dev/sda";
|
boot.loader.grub.device = "/dev/sda";
|
||||||
|
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||||
|
|
||||||
boot.supportedFilesystems = ["zfs"];
|
boot.supportedFilesystems = ["zfs"];
|
||||||
services.zfs.autoSnapshot.enable = false;
|
services.zfs.autoSnapshot.enable = false;
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
enableBrokenCiphersForSSE = false;
|
enableBrokenCiphersForSSE = false;
|
||||||
hostName = "cloud.graven.dev";
|
hostName = "cloud.graven.dev";
|
||||||
https = true;
|
https = true;
|
||||||
package = pkgs.nextcloud25;
|
package = pkgs.nextcloud26;
|
||||||
autoUpdateApps.enable = true;
|
autoUpdateApps.enable = true;
|
||||||
maxUploadSize = "10G";
|
maxUploadSize = "10G";
|
||||||
webfinger = true;
|
webfinger = true;
|
||||||
|
|
|
@ -22,9 +22,8 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.device = "/dev/sda";
|
boot.loader.grub.device = "/dev/sda";
|
||||||
boot.kernelPackages = pkgs.linuxPackages_5_10;
|
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||||
boot.supportedFilesystems = ["zfs"];
|
boot.supportedFilesystems = ["zfs"];
|
||||||
services.zfs.autoSnapshot.enable = false;
|
services.zfs.autoSnapshot.enable = false;
|
||||||
services.zfs.autoScrub.enable = true;
|
services.zfs.autoScrub.enable = true;
|
||||||
|
|
|
@ -5,10 +5,10 @@
|
||||||
"homepage": "https://github.com/nmattia/niv",
|
"homepage": "https://github.com/nmattia/niv",
|
||||||
"owner": "nmattia",
|
"owner": "nmattia",
|
||||||
"repo": "niv",
|
"repo": "niv",
|
||||||
"rev": "689d0e5539eddd0b0f566aee7bb18629eee7df74",
|
"rev": "0ebb80e003c26d5388a9b74645fbdcfca3bdd0ef",
|
||||||
"sha256": "1rld3lk42l6b01f2gcrhq8qm9vry1awmfl29zmpiqda9dy89vbx0",
|
"sha256": "0wpnk1n4vjyqwjjrm6dvkyh7xr7983rszfhfcg31v106qhfnh41c",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/nmattia/niv/archive/689d0e5539eddd0b0f566aee7bb18629eee7df74.tar.gz",
|
"url": "https://github.com/nmattia/niv/archive/0ebb80e003c26d5388a9b74645fbdcfca3bdd0ef.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
|
@ -17,22 +17,22 @@
|
||||||
"homepage": "",
|
"homepage": "",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "d24ea777c57b69c6b143cf11d83184ef71b0dbbf",
|
"rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
|
||||||
"sha256": "0hzjm3jvaplm9vrsmnc7ir6jpnf1hnchmm7f2m8r5rwgxkqvpkgg",
|
"sha256": "05a5cfxy9qzb6qq5jrkb65zasa0cmvsym592amjx9sbn7m8858ka",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixos-hardware/archive/d24ea777c57b69c6b143cf11d83184ef71b0dbbf.tar.gz",
|
"url": "https://github.com/NixOS/nixos-hardware/archive/429f232fe1dc398c5afea19a51aad6931ee0fb89.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"branch": "release-22.11",
|
"branch": "release-23.05",
|
||||||
"description": "Nix Packages collection",
|
"description": "Nix Packages collection",
|
||||||
"homepage": "",
|
"homepage": "",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a7af1abd95b89782e24fd7f7b0fb1f12972785cd",
|
"rev": "083cb1a04d196e35b9c8293a379266c854e284c1",
|
||||||
"sha256": "0g8vwn18n9vr14jpv1kd0a8qqdmhx47arjcf196x0ki5rqgvkpb5",
|
"sha256": "0fl9cq9h8i0dc50b1h0snmmcb3vsxz4d14jzsjw4ixfd2bm4dl0n",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/a7af1abd95b89782e24fd7f7b0fb1f12972785cd.tar.gz",
|
"url": "https://github.com/NixOS/nixpkgs/archive/083cb1a04d196e35b9c8293a379266c854e284c1.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nixus": {
|
"nixus": {
|
||||||
|
@ -41,10 +41,10 @@
|
||||||
"homepage": "",
|
"homepage": "",
|
||||||
"owner": "Infinisil",
|
"owner": "Infinisil",
|
||||||
"repo": "nixus",
|
"repo": "nixus",
|
||||||
"rev": "9ff2a3923f733849100f99102b57a0d6c7240f2e",
|
"rev": "d8c3e403978da7b11a5dea1d9e8fd4f918668fdd",
|
||||||
"sha256": "1a2dhfrckhv94j4m3q42va1z5k21qk5s25s3m1qj3gkqyxvpilc5",
|
"sha256": "1k145w7yxiwg337hki4vwc398q94j7smhy7bs2j91jahcxy8fb2x",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/Infinisil/nixus/archive/9ff2a3923f733849100f99102b57a0d6c7240f2e.tar.gz",
|
"url": "https://github.com/Infinisil/nixus/archive/d8c3e403978da7b11a5dea1d9e8fd4f918668fdd.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,33 +10,34 @@ let
|
||||||
let
|
let
|
||||||
name' = sanitizeName name + "-src";
|
name' = sanitizeName name + "-src";
|
||||||
in
|
in
|
||||||
if spec.builtin or true then
|
if spec.builtin or true then
|
||||||
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
|
builtins_fetchurl { inherit (spec) url sha256; name = name'; }
|
||||||
else
|
else
|
||||||
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
|
pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
|
||||||
|
|
||||||
fetch_tarball = pkgs: name: spec:
|
fetch_tarball = pkgs: name: spec:
|
||||||
let
|
let
|
||||||
name' = sanitizeName name + "-src";
|
name' = sanitizeName name + "-src";
|
||||||
in
|
in
|
||||||
if spec.builtin or true then
|
if spec.builtin or true then
|
||||||
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
|
builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
|
||||||
else
|
else
|
||||||
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
|
pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
|
||||||
|
|
||||||
fetch_git = name: spec:
|
fetch_git = name: spec:
|
||||||
let
|
let
|
||||||
ref =
|
ref =
|
||||||
if spec ? ref then spec.ref else
|
spec.ref or (
|
||||||
if spec ? branch then "refs/heads/${spec.branch}" else
|
if spec ? branch then "refs/heads/${spec.branch}" else
|
||||||
if spec ? tag then "refs/tags/${spec.tag}" else
|
if spec ? tag then "refs/tags/${spec.tag}" else
|
||||||
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"
|
||||||
submodules = if spec ? submodules then spec.submodules else false;
|
);
|
||||||
|
submodules = spec.submodules or false;
|
||||||
submoduleArg =
|
submoduleArg =
|
||||||
let
|
let
|
||||||
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
|
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
|
||||||
emptyArgWithWarning =
|
emptyArgWithWarning =
|
||||||
if submodules == true
|
if submodules
|
||||||
then
|
then
|
||||||
builtins.trace
|
builtins.trace
|
||||||
(
|
(
|
||||||
|
@ -44,15 +45,15 @@ let
|
||||||
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
|
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
|
||||||
+ "does not support them"
|
+ "does not support them"
|
||||||
)
|
)
|
||||||
{}
|
{ }
|
||||||
else {};
|
else { };
|
||||||
in
|
in
|
||||||
if nixSupportsSubmodules
|
if nixSupportsSubmodules
|
||||||
then { inherit submodules; }
|
then { inherit submodules; }
|
||||||
else emptyArgWithWarning;
|
else emptyArgWithWarning;
|
||||||
in
|
in
|
||||||
builtins.fetchGit
|
builtins.fetchGit
|
||||||
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
|
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
|
||||||
|
|
||||||
fetch_local = spec: spec.path;
|
fetch_local = spec: spec.path;
|
||||||
|
|
||||||
|
@ -86,16 +87,16 @@ let
|
||||||
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
||||||
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
||||||
in
|
in
|
||||||
if builtins.hasAttr "nixpkgs" sources
|
if builtins.hasAttr "nixpkgs" sources
|
||||||
then sourcesNixpkgs
|
then sourcesNixpkgs
|
||||||
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
|
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
|
||||||
import <nixpkgs> {}
|
import <nixpkgs> { }
|
||||||
else
|
else
|
||||||
abort
|
abort
|
||||||
''
|
''
|
||||||
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
||||||
add a package called "nixpkgs" to your sources.json.
|
add a package called "nixpkgs" to your sources.json.
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# The actual fetching function.
|
# The actual fetching function.
|
||||||
fetch = pkgs: name: spec:
|
fetch = pkgs: name: spec:
|
||||||
|
@ -115,13 +116,13 @@ let
|
||||||
# the path directly as opposed to the fetched source.
|
# the path directly as opposed to the fetched source.
|
||||||
replace = name: drv:
|
replace = name: drv:
|
||||||
let
|
let
|
||||||
saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
|
saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
|
||||||
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
|
||||||
in
|
in
|
||||||
if ersatz == "" then drv else
|
if ersatz == "" then drv else
|
||||||
# this turns the string into an actual Nix path (for both absolute and
|
# this turns the string into an actual Nix path (for both absolute and
|
||||||
# relative paths)
|
# relative paths)
|
||||||
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
|
if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
|
||||||
|
|
||||||
# Ports of functions for older nix versions
|
# Ports of functions for older nix versions
|
||||||
|
|
||||||
|
@ -132,7 +133,7 @@ let
|
||||||
);
|
);
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
|
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
|
||||||
range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1);
|
range = first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
|
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
|
||||||
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
|
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
|
||||||
|
@ -143,43 +144,46 @@ let
|
||||||
concatStrings = builtins.concatStringsSep "";
|
concatStrings = builtins.concatStringsSep "";
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
|
# https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
|
||||||
optionalAttrs = cond: as: if cond then as else {};
|
optionalAttrs = cond: as: if cond then as else { };
|
||||||
|
|
||||||
# fetchTarball version that is compatible between all the versions of Nix
|
# fetchTarball version that is compatible between all the versions of Nix
|
||||||
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
|
builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
|
||||||
let
|
let
|
||||||
inherit (builtins) lessThan nixVersion fetchTarball;
|
inherit (builtins) lessThan nixVersion fetchTarball;
|
||||||
in
|
in
|
||||||
if lessThan nixVersion "1.12" then
|
if lessThan nixVersion "1.12" then
|
||||||
fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
fetchTarball ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
|
||||||
else
|
else
|
||||||
fetchTarball attrs;
|
fetchTarball attrs;
|
||||||
|
|
||||||
# fetchurl version that is compatible between all the versions of Nix
|
# fetchurl version that is compatible between all the versions of Nix
|
||||||
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
|
builtins_fetchurl = { url, name ? null, sha256 }@attrs:
|
||||||
let
|
let
|
||||||
inherit (builtins) lessThan nixVersion fetchurl;
|
inherit (builtins) lessThan nixVersion fetchurl;
|
||||||
in
|
in
|
||||||
if lessThan nixVersion "1.12" then
|
if lessThan nixVersion "1.12" then
|
||||||
fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
|
fetchurl ({ inherit url; } // (optionalAttrs (name != null) { inherit name; }))
|
||||||
else
|
else
|
||||||
fetchurl attrs;
|
fetchurl attrs;
|
||||||
|
|
||||||
# Create the final "sources" from the config
|
# Create the final "sources" from the config
|
||||||
mkSources = config:
|
mkSources = config:
|
||||||
mapAttrs (
|
mapAttrs
|
||||||
name: spec:
|
(
|
||||||
if builtins.hasAttr "outPath" spec
|
name: spec:
|
||||||
then abort
|
if builtins.hasAttr "outPath" spec
|
||||||
"The values in sources.json should not have an 'outPath' attribute"
|
then
|
||||||
else
|
abort
|
||||||
spec // { outPath = replace name (fetch config.pkgs name spec); }
|
"The values in sources.json should not have an 'outPath' attribute"
|
||||||
) config.sources;
|
else
|
||||||
|
spec // { outPath = replace name (fetch config.pkgs name spec); }
|
||||||
|
)
|
||||||
|
config.sources;
|
||||||
|
|
||||||
# The "config" used by the fetchers
|
# The "config" used by the fetchers
|
||||||
mkConfig =
|
mkConfig =
|
||||||
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
|
{ sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
|
||||||
, sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
|
, sources ? if sourcesFile == null then { } else builtins.fromJSON (builtins.readFile sourcesFile)
|
||||||
, system ? builtins.currentSystem
|
, system ? builtins.currentSystem
|
||||||
, pkgs ? mkPkgs sources system
|
, pkgs ? mkPkgs sources system
|
||||||
}: rec {
|
}: rec {
|
||||||
|
@ -191,4 +195,4 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
|
mkSources (mkConfig { }) // { __functor = _: settings: mkSources (mkConfig settings); }
|
||||||
|
|
|
@ -13,21 +13,21 @@ in import "${sources.nixus}" {} ({ config, ... }: {
|
||||||
|
|
||||||
nodes = {
|
nodes = {
|
||||||
wind = { lib, config, ... }: {
|
wind = { lib, config, ... }: {
|
||||||
host = "emelie@graven.dev";
|
host = "graven.dev";
|
||||||
configuration = ../config/hosts/wind/configuration.nix;
|
configuration = ../config/hosts/wind/configuration.nix;
|
||||||
switchTimeout = 300;
|
switchTimeout = 300;
|
||||||
successTimeout = 300;
|
successTimeout = 300;
|
||||||
ignoreFailingSystemdUnits = true;
|
ignoreFailingSystemdUnits = true;
|
||||||
};
|
};
|
||||||
grondahl = { lib, config, ... }: {
|
grondahl = { lib, config, ... }: {
|
||||||
host = "emelie@anarkafem.dev";
|
host = "anarkafem.dev";
|
||||||
configuration = ../config/hosts/grondahl/configuration.nix;
|
configuration = ../config/hosts/grondahl/configuration.nix;
|
||||||
successTimeout = 300;
|
successTimeout = 300;
|
||||||
switchTimeout = 300;
|
switchTimeout = 300;
|
||||||
ignoreFailingSystemdUnits = true;
|
ignoreFailingSystemdUnits = true;
|
||||||
};
|
};
|
||||||
rudiger = { lib, config, ... }: {
|
rudiger = { lib, config, ... }: {
|
||||||
host = "emelie@cloud.graven.dev";
|
host = "cloud.graven.dev";
|
||||||
configuration = ../config/hosts/rudiger/configuration.nix;
|
configuration = ../config/hosts/rudiger/configuration.nix;
|
||||||
switchTimeout = 300;
|
switchTimeout = 300;
|
||||||
successTimeout = 300;
|
successTimeout = 300;
|
||||||
|
|
Loading…
Reference in a new issue