Upgrade to nixos-23.11 #1
46
flake.lock
46
flake.lock
|
@ -7,16 +7,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695108154,
|
"lastModified": 1702676849,
|
||||||
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
|
"narHash": "sha256-XqcREaTS38/QOsN8fk8PP325/UXHyF9enbP5ZPw5aiA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "07682fff75d41f18327a871088d20af2710d4744",
|
"rev": "aa99c2f4e9847cbb7e46fac0844ea1eb164b3b3a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"ref": "release-23.05",
|
"ref": "release-23.11",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -26,11 +26,11 @@
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697936579,
|
"lastModified": 1701507532,
|
||||||
"narHash": "sha256-nMyepKnwoHMzu2OpXvG2ZhU081TV9ENmWCo0vWxs6AI=",
|
"narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
|
||||||
"owner": "dali99",
|
"owner": "dali99",
|
||||||
"repo": "nixos-matrix-modules",
|
"repo": "nixos-matrix-modules",
|
||||||
"rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9",
|
"rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -46,11 +46,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1698429334,
|
"lastModified": 1700795494,
|
||||||
"narHash": "sha256-Gq3+QabboczSu7RMpcy79RSLMSqnySO3wsnHQk4DfbE=",
|
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "afe83cbc2e673b1f08d32dd0f70df599678ff1e7",
|
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -62,16 +62,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1698696950,
|
"lastModified": 1702346276,
|
||||||
"narHash": "sha256-FHFL58t6lMumvWqwundC8fDDDLOIvc+JJBNIAlPjrDY=",
|
"narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "017ef2132a5bda50bd713aeabce8f918502d4ec1",
|
"rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "nixos-23.05",
|
"ref": "nixos-23.11",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -93,11 +93,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1698544399,
|
"lastModified": 1702148972,
|
||||||
"narHash": "sha256-vhRmPyEyoPkrXF2iykBsWHA05MIaOSmMRLMF7Hul6+s=",
|
"narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "d87c5d8c41c9b3b39592563242f3a448b5cc4bc9",
|
"rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -125,11 +125,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1698548647,
|
"lastModified": 1702177193,
|
||||||
"narHash": "sha256-7c03OjBGqnwDW0FBaBc+NjfEBxMkza+dxZGJPyIzfFE=",
|
"narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "632c3161a6cc24142c8e3f5529f5d81042571165",
|
"rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -140,11 +140,11 @@
|
||||||
},
|
},
|
||||||
"unstable": {
|
"unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1698611440,
|
"lastModified": 1702312524,
|
||||||
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
|
"narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
|
"rev": "a9bf124c46ef298113270b1f84a164865987a91c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -2,13 +2,13 @@
|
||||||
description = "Felixalb System flake";
|
description = "Felixalb System flake";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||||
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
nix-darwin.url = "github:lnl7/nix-darwin/master";
|
nix-darwin.url = "github:lnl7/nix-darwin/master";
|
||||||
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
|
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
home-manager.url = "github:nix-community/home-manager/release-23.05";
|
home-manager.url = "github:nix-community/home-manager/release-23.11";
|
||||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
matrix-synapse-next.url = "github:dali99/nixos-matrix-modules";
|
matrix-synapse-next.url = "github:dali99/nixos-matrix-modules";
|
||||||
|
|
|
@ -30,14 +30,24 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;
|
sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
|
||||||
virtualisation.podman = {
|
# Undo https://github.com/NixOS/nixpkgs/commit/59e37267556eb917146ca3110ab7c96905b9ffbd to work on unprivileged LXC containers
|
||||||
enable = true;
|
system.activationScripts.var = lib.mkForce ''
|
||||||
dockerCompat = true; # Make `docker` shell alias
|
# Various log/runtime directories.
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
mkdir -p /var/tmp
|
||||||
};
|
chmod 1777 /var/tmp
|
||||||
|
# Empty, immutable home directory of many system accounts.
|
||||||
virtualisation.oci-containers.backend = "podman";
|
mkdir -p /var/empty
|
||||||
|
# Make sure it's really empty
|
||||||
|
${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
|
||||||
|
find /var/empty -mindepth 1 -delete
|
||||||
|
chmod 0555 /var/empty
|
||||||
|
chown root:root /var/empty
|
||||||
|
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
|
||||||
|
'';
|
||||||
|
systemd.tmpfiles.rules = lib.mkForce [];
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -78,7 +78,7 @@ in {
|
||||||
UMask = "0007";
|
UMask = "0007";
|
||||||
RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
|
RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
|
||||||
SystemCallArchitectures = "native";
|
SystemCallArchitectures = "native";
|
||||||
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
|
# SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -88,9 +88,7 @@ in {
|
||||||
ensureDatabases = [ "hedgedoc" ];
|
ensureDatabases = [ "hedgedoc" ];
|
||||||
ensureUsers = [{
|
ensureUsers = [{
|
||||||
name = "hedgedoc";
|
name = "hedgedoc";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue