felixalb/nixos-config
felixalb
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request 'Upgrade to nixos-23.11' (#1) from nixos-23.11 into main 

Reviewed-on: #1
This commit is contained in:
Felix Albrigtsen 2023-12-18 23:41:43 +01:00
parent f7c989abdb 738fd17800
commit c769eace8f
12 changed files with 56 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
base.nix
View File

@ -48,7 +48,7 @@
ripgrep ripgrep
rsync rsync
tree tree
unstable.eza eza
wget wget
]; ];

46
flake.lock
View File

@ -7,16 +7,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695108154, "lastModified": 1702676849,
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "narHash": "sha256-XqcREaTS38/QOsN8fk8PP325/UXHyF9enbP5ZPw5aiA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "07682fff75d41f18327a871088d20af2710d4744", "rev": "aa99c2f4e9847cbb7e46fac0844ea1eb164b3b3a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-23.05", "ref": "release-23.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -26,11 +26,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1697936579, "lastModified": 1701507532,
"narHash": "sha256-nMyepKnwoHMzu2OpXvG2ZhU081TV9ENmWCo0vWxs6AI=", "narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
"owner": "dali99", "owner": "dali99",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9", "rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -46,11 +46,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1698429334, "lastModified": 1700795494,
"narHash": "sha256-Gq3+QabboczSu7RMpcy79RSLMSqnySO3wsnHQk4DfbE=", "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "afe83cbc2e673b1f08d32dd0f70df599678ff1e7", "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -62,16 +62,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1698696950, "lastModified": 1702346276,
"narHash": "sha256-FHFL58t6lMumvWqwundC8fDDDLOIvc+JJBNIAlPjrDY=", "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "017ef2132a5bda50bd713aeabce8f918502d4ec1", "rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.05", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -93,11 +93,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1698544399, "lastModified": 1702148972,
"narHash": "sha256-vhRmPyEyoPkrXF2iykBsWHA05MIaOSmMRLMF7Hul6+s=", "narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d87c5d8c41c9b3b39592563242f3a448b5cc4bc9", "rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -125,11 +125,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1698548647, "lastModified": 1702177193,
"narHash": "sha256-7c03OjBGqnwDW0FBaBc+NjfEBxMkza+dxZGJPyIzfFE=", "narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "632c3161a6cc24142c8e3f5529f5d81042571165", "rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -140,11 +140,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1698611440, "lastModified": 1702312524,
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View File

@ -2,13 +2,13 @@
description = "Felixalb System flake"; description = "Felixalb System flake";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nix-darwin.url = "github:lnl7/nix-darwin/master"; nix-darwin.url = "github:lnl7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager/release-23.05"; home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
matrix-synapse-next.url = "github:dali99/nixos-matrix-modules"; matrix-synapse-next.url = "github:dali99/nixos-matrix-modules";

2
hosts/janeway/services/postgresql.nix
View File

@ -7,7 +7,7 @@
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; enable = true;
location = "/backup/postgresql/"; location = "/data/backup/postgresql/";
startAt = "*-*-* 03:15:00"; startAt = "*-*-* 03:15:00";
backupAll = true; backupAll = true;
}; };

28
hosts/sarek/configuration.nix
View File

@ -7,10 +7,10 @@
../../base.nix ../../base.nix
../../common/metrics-exporters.nix ../../common/metrics-exporters.nix
./services/flame.nix
./services/hedgedoc.nix
./services/nginx.nix ./services/nginx.nix
./services/postgresql.nix ./services/postgresql.nix
./services/hedgedoc.nix
./services/flame.nix
]; ];
# Boot and console is handled by proxmoxLXC. # Boot and console is handled by proxmoxLXC.
@ -30,14 +30,24 @@
}; };
sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml; sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;
virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker";
virtualisation.podman = { # Undo https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd to work on unprivileged LXC containers
enable = true; system.activationScripts.var = lib.mkForce ''
dockerCompat = true; # Make `docker` shell alias # Various log/runtime directories.
defaultNetwork.settings.dns_enabled = true; mkdir -p /var/tmp
}; chmod 1777 /var/tmp
# Empty, immutable home directory of many system accounts.
virtualisation.oci-containers.backend = "podman"; mkdir -p /var/empty
# Make sure it's really empty
${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
'';
systemd.tmpfiles.rules = lib.mkForce [];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

6
hosts/sarek/services/hedgedoc.nix
View File

@ -78,7 +78,7 @@ in {
UMask = "0007"; UMask = "0007";
RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; # SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
}; };
}; };
@ -88,9 +88,7 @@ in {
ensureDatabases = [ "hedgedoc" ]; ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{ ensureUsers = [{
name = "hedgedoc"; name = "hedgedoc";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
};
}]; }];
}; };
} }

2
hosts/voyager/configuration.nix
View File

@ -78,7 +78,7 @@
) )
zfs zfs
screen screen
exa eza
]; ];
services.snappymail = { services.snappymail = {

1
hosts/voyager/services/gitea.nix
View File

@ -7,7 +7,6 @@ let
in { in {
services.gitea = { services.gitea = {
enable = true; enable = true;
package = pkgs.unstable.gitea;
appName = "felixalbs Gitea"; appName = "felixalbs Gitea";
database = { database = {
type = "postgres"; type = "postgres";

4
hosts/voyager/services/vaultwarden.nix
View File

@ -61,9 +61,7 @@ in {
ensureDatabases = [ "vaultwarden" ]; ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{ ensureUsers = [{
name = "vaultwarden"; name = "vaultwarden";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE \"vaultwarden\"" = "ALL PRIVILEGES";
};
}]; }];
}; };
} }

4
hosts/worf/home.nix
View File

@ -14,7 +14,7 @@
emacs emacs
iterm2 iterm2
spotify spotify
unstable.ripes ripes
bat bat
bottom bottom
@ -25,7 +25,7 @@
nix-index nix-index
nodejs nodejs
tldr tldr
unstable.eza eza
zellij zellij
pandoc pandoc

4
hosts/worf/yabai.nix
View File

@ -5,7 +5,7 @@ let
in { in {
services.yabai = { services.yabai = {
enable = true; enable = true;
package = pkgs.unstable.yabai; package = pkgs.yabai;
enableScriptingAddition = true; enableScriptingAddition = true;
config = { config = {
layout = "bsp"; layout = "bsp";
@ -119,7 +119,7 @@ in {
services.sketchybar = { services.sketchybar = {
enable = true; enable = true;
package = pkgs.unstable.sketchybar; package = pkgs.sketchybar;
# The config is handled outside of nix, and is placed in ~/.config/sketchybar # The config is handled outside of nix, and is placed in ~/.config/sketchybar
}; };

4
shells/ctf.nix
View File

@ -39,14 +39,14 @@ in { pkgs ? import <nixpkgs> {} }:
dig dig
nmap nmap
rustscan rustscan
unstable.thc-hydra thc-hydra
# davtest # davtest
# cadaver # cadaver
httpie httpie
john john
unstable.hashcat hashcat
] ++ lib.optionals (pkgs.stdenv.isLinux) [ ] ++ lib.optionals (pkgs.stdenv.isLinux) [
sage sage