fix(*): adapt to nixos-24.05 changes

2024-06-01 21:46:09 +02:00 · 2024-06-01 21:46:09 +02:00 · 4c18f0a7ab
commit 4c18f0a7ab
parent ae86a8b860
12 changed files with 56 additions and 27 deletions
--- a/flake.lock
+++ b/flake.lock
@ -619,6 +619,22 @@
        "type": "github"
      }
    },
    "nixpkgs-2405": {
      "locked": {
        "lastModified": 1717144377,
        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-lib": {
      "locked": {
        "dir": "lib",
@ -825,11 +841,12 @@
        "nix-vscode-extensions": "nix-vscode-extensions",
        "nixos-anywhere": "nixos-anywhere",
        "nixpkgs": [
-          "nixpkgs-2311"
+          "nixpkgs-2405"
        ],
        "nixpkgs-2211": "nixpkgs-2211",
        "nixpkgs-2305": "nixpkgs-2305",
        "nixpkgs-2311": "nixpkgs-2311",
        "nixpkgs-2405": "nixpkgs-2405",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nixpkgs-vscodium": "nixpkgs-vscodium",
        "nixpkgs-wayland": "nixpkgs-wayland",
--- a/flake.nix
+++ b/flake.nix
@ -11,8 +11,9 @@
    radicalePkgs.follows = "nixpkgs-2211";
    nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05";
    nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.11";
    nixpkgs-2405.url = "github:nixos/nixpkgs/nixos-24.05";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
-    nixpkgs.follows = "nixpkgs-2311";
+    nixpkgs.follows = "nixpkgs-2405";
    flake-parts.url = "github:hercules-ci/flake-parts";
    get-flake.url = "github:ursi/get-flake";
--- a/nix/home-manager/profiles/gnome-desktop.nix
+++ b/nix/home-manager/profiles/gnome-desktop.nix
@ -23,7 +23,7 @@ in {
  #   Hidden=true
  # '';
-  services.gpg-agent.pinentryFlavor = "gnome3";
+  services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
  dconf.settings = let
    manualKeybindings = [
--- a/nix/home-manager/profiles/sway-desktop.nix
+++ b/nix/home-manager/profiles/sway-desktop.nix
@ -36,7 +36,7 @@ in {
    enable = true;
  };
-  services.gpg-agent.pinentryFlavor = "gnome3";
+  services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
  home.packages = [
    pkgs.swayidle
--- a/nix/home-manager/programs/gpg-agent.nix
+++ b/nix/home-manager/programs/gpg-agent.nix
@ -4,17 +4,9 @@
  config,
  ...
 }: {
-  home.packages =
+  home.packages = [
    [
    pkgs.gcr
-    ]
+  ];
    ++ (
      if config.services.gpg-agent.pinentryFlavor == "gtk2"
      then [pkgs.pinentry-gtk2]
      else if config.services.gpg-agent.pinentryFlavor == "gnome3"
      then [pkgs.pinentry-gnome]
      else []
    );
  programs.gpg.enable = true;
  services.gpg-agent = {
@ -22,7 +14,7 @@
    enableScDaemon = true;
    enableSshSupport = true;
    grabKeyboardAndMouse = true;
-    pinentryFlavor = lib.mkDefault "gtk2";
+    pinentryPackage = lib.mkDefault pkgs.pinentry-gtk2;
    extraConfig = ''
      no-allow-external-cache
    '';
--- a/nix/os/containers/mailserver.nix
+++ b/nix/os/containers/mailserver.nix
@ -1,15 +1,17 @@
 {
-  repoFlake,
+  specialArgs,
  hostAddress,
  localAddress,
  imapsPort ? 993,
  sievePort ? 4190,
  autoStart ? false,
 }: {
  inherit specialArgs;
  config = {
    pkgs,
    config,
    lib,
    repoFlake,
    ...
  }: {
    system.stateVersion = "21.11"; # Did you read the comment?
@ -21,6 +23,12 @@
      ../profiles/common/user.nix
    ];
    networking.firewall.enable = true;
    networking.firewall.allowedTCPPorts = [
      imapsPort
      sievePort
    ];
    # FIXME: find out how to use the `defaultSopsFile` so i don't have to specify each secret separately
    # sops.defaultSopsFile = ./mailserver_secrets.yaml;
--- a/nix/os/containers/syncthing.nix
+++ b/nix/os/containers/syncthing.nix
@ -1,10 +1,12 @@
 {
  specialArgs,
  hostAddress,
  localAddress,
  syncthingPort ? 22000,
  syncthingLocalAnnouncePort ? 21027,
  autoStart ? false,
 }: {
  inherit specialArgs;
  config = {
    config,
    pkgs,
--- a/nix/os/containers/webserver.nix
+++ b/nix/os/containers/webserver.nix
@ -1,5 +1,5 @@
 {
-  repoFlake,
+  specialArgs,
  hostAddress,
  localAddress,
  httpPort ? 80,
@ -8,10 +8,12 @@
 }: let
  domain = "www.stefanjunker.de";
 in {
  inherit specialArgs;
  config = {
    config,
    pkgs,
    lib,
    repoFlake,
    ...
  }: {
    system.stateVersion = "22.05"; # Did you read the comment?
@ -22,7 +24,11 @@ in {
      repoFlake.inputs.sops-nix.nixosModules.sops
    ];
-    networking.firewall.enable = false;
+    networking.firewall.enable = true;
    networking.firewall.allowedTCPPorts = [
      httpPort
      httpsPort
    ];
    sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
    sops.secrets.hedgedoc_environment_file = {
--- a/nix/os/devices/sj-bm-hostkey0/configuration.nix
+++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix
@ -58,7 +58,6 @@ in {
        home.packages = [
          pkgs.nil
          pkgs.rnix-lsp
          pkgs.nixd
          pkgs.nixpkgs-fmt
          pkgs.alejandra
--- a/nix/os/devices/sj-srv1/system.nix
+++ b/nix/os/devices/sj-srv1/system.nix
@ -3,6 +3,7 @@
  lib,
  config,
  repoFlake,
  nodeFlake,
  nodeName,
  ...
 }: {
@ -73,7 +74,9 @@
  containers = {
    mailserver = import ../../containers/mailserver.nix {
-      inherit repoFlake;
+      specialArgs = {
        inherit repoFlake nodeFlake;
      };
      autoStart = true;
@ -87,7 +90,9 @@
    webserver =
      import ../../containers/webserver.nix
      {
-        inherit repoFlake;
+        specialArgs = {
          inherit repoFlake nodeFlake;
        };
        autoStart = true;
@ -99,6 +104,9 @@
      };
    syncthing = import ../../containers/syncthing.nix {
      specialArgs = {
        inherit repoFlake nodeFlake;
      };
      autoStart = true;
      hostAddress = "192.168.100.14";
@ -108,10 +116,6 @@
    };
  };
  home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
    inherit pkgs;
  };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nix/os/profiles/containers/configuration.nix
+++ b/nix/os/profiles/containers/configuration.nix
@ -3,6 +3,7 @@
  imports = [
    ../../snippets/systemd-resolved.nix
    ../../snippets/nix-settings.nix
    # ../../modules/ddclient-ovh.nix
    # ../../modules/ddclient-hetzner.nix
  ];
--- a/nix/os/snippets/mycelium.nix
+++ b/nix/os/snippets/mycelium.nix
@ -7,7 +7,6 @@
  ...
 }: {
  imports = [
    "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/networking/mycelium.nix"
  ];
  sops.secrets.mycelium-key = {