steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

fix(*): adapt to nixos-24.05 changes

Browse source
This commit is contained in:
steveej 2024-06-01 21:46:09 +02:00
parent ae86a8b860
commit 4c18f0a7ab
12 changed files with 56 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

19
flake.lock generated
View file

@ -619,6 +619,22 @@
"type": "github"
}
},
"nixpkgs-2405": {
"locked": {
"lastModified": 1717144377,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
@ -825,11 +841,12 @@
"nix-vscode-extensions": "nix-vscode-extensions",
"nixos-anywhere": "nixos-anywhere",
"nixpkgs": [
"nixpkgs-2311"
"nixpkgs-2405"
],
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-2305": "nixpkgs-2305",
"nixpkgs-2311": "nixpkgs-2311",
"nixpkgs-2405": "nixpkgs-2405",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixpkgs-vscodium": "nixpkgs-vscodium",
"nixpkgs-wayland": "nixpkgs-wayland",

3
flake.nix
View file

@ -11,8 +11,9 @@
radicalePkgs.follows = "nixpkgs-2211";
nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-2405.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.follows = "nixpkgs-2311";
nixpkgs.follows = "nixpkgs-2405";
flake-parts.url = "github:hercules-ci/flake-parts";
get-flake.url = "github:ursi/get-flake";

2
nix/home-manager/profiles/gnome-desktop.nix
View file

@ -23,7 +23,7 @@ in {
# Hidden=true
# '';
services.gpg-agent.pinentryFlavor = "gnome3";
services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
dconf.settings = let
manualKeybindings = [

2
nix/home-manager/profiles/sway-desktop.nix
View file

@ -36,7 +36,7 @@ in {
enable = true;
};
services.gpg-agent.pinentryFlavor = "gnome3";
services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
home.packages = [
pkgs.swayidle

14
nix/home-manager/programs/gpg-agent.nix
View file

@ -4,17 +4,9 @@
config,
...
}: {
home.packages =
[
home.packages = [
pkgs.gcr
]
++ (
if config.services.gpg-agent.pinentryFlavor == "gtk2"
then [pkgs.pinentry-gtk2]
else if config.services.gpg-agent.pinentryFlavor == "gnome3"
then [pkgs.pinentry-gnome]
else []
);
];
programs.gpg.enable = true;
services.gpg-agent = {
@ -22,7 +14,7 @@
enableScDaemon = true;
enableSshSupport = true;
grabKeyboardAndMouse = true;
pinentryFlavor = lib.mkDefault "gtk2";
pinentryPackage = lib.mkDefault pkgs.pinentry-gtk2;
extraConfig = ''
no-allow-external-cache
'';

10
nix/os/containers/mailserver.nix
View file

@ -1,15 +1,17 @@
{
repoFlake,
specialArgs,
hostAddress,
localAddress,
imapsPort ? 993,
sievePort ? 4190,
autoStart ? false,
}: {
inherit specialArgs;
config = {
pkgs,
config,
lib,
repoFlake,
...
}: {
system.stateVersion = "21.11"; # Did you read the comment?
@ -21,6 +23,12 @@
../profiles/common/user.nix
];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
imapsPort
sievePort
];
# FIXME: find out how to use the `defaultSopsFile` so i don't have to specify each secret separately
# sops.defaultSopsFile = ./mailserver_secrets.yaml;

2
nix/os/containers/syncthing.nix
View file

@ -1,10 +1,12 @@
{
specialArgs,
hostAddress,
localAddress,
syncthingPort ? 22000,
syncthingLocalAnnouncePort ? 21027,
autoStart ? false,
}: {
inherit specialArgs;
config = {
config,
pkgs,

10
nix/os/containers/webserver.nix
View file

@ -1,5 +1,5 @@
{
repoFlake,
specialArgs,
hostAddress,
localAddress,
httpPort ? 80,
@ -8,10 +8,12 @@
}: let
domain = "www.stefanjunker.de";
in {
inherit specialArgs;
config = {
config,
pkgs,
lib,
repoFlake,
...
}: {
system.stateVersion = "22.05"; # Did you read the comment?
@ -22,7 +24,11 @@ in {
repoFlake.inputs.sops-nix.nixosModules.sops
];
networking.firewall.enable = false;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
httpPort
httpsPort
];
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets.hedgedoc_environment_file = {

1
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -58,7 +58,6 @@ in {
home.packages = [
pkgs.nil
pkgs.rnix-lsp
pkgs.nixd
pkgs.nixpkgs-fmt
pkgs.alejandra

16
nix/os/devices/sj-srv1/system.nix
View file

@ -3,6 +3,7 @@
lib,
config,
repoFlake,
nodeFlake,
nodeName,
...
}: {
@ -73,7 +74,9 @@
containers = {
mailserver = import ../../containers/mailserver.nix {
inherit repoFlake;
specialArgs = {
inherit repoFlake nodeFlake;
};
autoStart = true;
@ -87,7 +90,9 @@
webserver =
import ../../containers/webserver.nix
{
inherit repoFlake;
specialArgs = {
inherit repoFlake nodeFlake;
};
autoStart = true;
@ -99,6 +104,9 @@
};
syncthing = import ../../containers/syncthing.nix {
specialArgs = {
inherit repoFlake nodeFlake;
};
autoStart = true;
hostAddress = "192.168.100.14";
@ -108,10 +116,6 @@
};
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

1
nix/os/profiles/containers/configuration.nix
View file

@ -3,6 +3,7 @@
imports = [
../../snippets/systemd-resolved.nix
../../snippets/nix-settings.nix
# ../../modules/ddclient-ovh.nix
# ../../modules/ddclient-hetzner.nix
];

1
nix/os/snippets/mycelium.nix
View file

@ -7,7 +7,6 @@
...
}: {
imports = [
"${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/networking/mycelium.nix"
];
sops.secrets.mycelium-key = {