Merge branch 'pr/bump-nixos-20.09' into 'master'

bump nixos 20.09

See merge request steveeJ/infra!58

Justfile

@@ -150,8 +150,8 @@ rebuild-disk device:
 	set -xe
 
 	just -v disk-mount {{device}}
+	trap "set +e; just -v disk-umount {{device}}" EXIT
 	just -v disk-install {{device}}
-	just -v disk-umount {{device}}
 
 # Re-render the versions of the given offline system and reinstall it in offline-mode
 update-disk dir:

nix/default.nix

@@ -2,28 +2,23 @@
 
 let
   channelVersions = (import versionsPath);
-  mkChannelSource = channel:
+  mkChannelSource = name:
     let
-      channelVersion = builtins.getAttr channel channelVersions;
+      channelVersion = builtins.getAttr name channelVersions;
     in builtins.fetchGit {
       # Descriptive name to make the store path easier to identify
-      name = "nixpkgs-channels-${channel}";
+      inherit name;
-      url = if builtins.hasAttr "url" channelVersion
+      inherit (channelVersion) url ref rev;
-        then channelVersion."url"
-        else "https://github.com/NixOS/nixpkgs-channels/"
-      ;
-      ref = (builtins.getAttr channel channelVersions)."ref";
-      rev = (builtins.getAttr channel channelVersions)."rev";
   };
-  nixPath = builtins.foldl' (sum: elem: sum +":" + builtins.concatStringsSep "=" elem) "" [
+  nixPath = builtins.foldl' (path: elemName:
-    [ "nixpkgs" (mkChannelSource "channelsNixosStable") ]
+    let
-    [ "nixos" (mkChannelSource "channelsNixosStable" + "/nixos") ]
+      elem = builtins.getAttr elemName channelVersions;
-    [ "channels-nixos-stable" (mkChannelSource "channelsNixosStable") ]
+      elemPath = (mkChannelSource elemName);
-    [ "channels-nixos-unstable" (mkChannelSource "channelsNixosUnstable") ]
+      suffix = if builtins.hasAttr "suffix" elem then elem.suffix else "";
-    [ "nixpkgs-master" (mkChannelSource "nixpkgsMaster") ]
+    in
-    [ "home-manager-module" (mkChannelSource "homeManagerModule") ]
+      path + ":" + builtins.concatStringsSep "=" [ elemName elemPath ] + suffix
-  ];
+  ) "" (builtins.attrNames channelVersions);
-  pkgs = import (mkChannelSource "channelsNixosStable") {};
+  pkgs = import (mkChannelSource "nixpkgs") {};
 in
 
 {

nix/home-manager/configuration/graphical-fullblown.nix

@@ -36,29 +36,6 @@ in {
     };
 
     packageOverrides = pkgs: with pkgs; {
-      myPython = python37Full.withPackages (ps: with ps; [
-        pep8 yapf flake8
-        # autopep8 (broken)
-        # pylint (broken)
-        ipython
-        llfuse
-        dugong
-        defusedxml
-        wheel
-        pip
-        virtualenv
-        pypi2nix
-        cffi
-        pyopenssl
-        urllib3
-        mistune
-
-        flask
-
-        pyaml
-      ] ++ [
-        pkgs.libffi
-      ]);
     };
   };
 
@@ -101,7 +78,6 @@ in {
       gnome3.gnome-tweak-tool
       xorg.xhost
       dmidecode
-      python36Packages.glances
       evtest
 
       # Archive Managers
@@ -138,18 +114,19 @@ in {
       bluejeans-gui
       thunderbird
       gnome3.evolution # gnome4.glib_networking
-      tdesktop
+      # telegram
+      unstablepkgs.tdesktop
       gnome3.cheese
 
       # Virtualization
       virtmanager
-      (pkgs.lib.hiPrio qemu)
+      # (pkgs.lib.hiPrio qemu)
       # virtualbox
-      vagrant
+      # vagrant
-      docker_compose
+      # docker_compose
       # unstablepkgs.kubernetes
-      unstablepkgs.minikube
+      # unstablepkgs.minikube
-      unstablepkgs.openshift
+      # unstablepkgs.openshift
       # (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
       #   patches = oldAttrs.patches ++ [
       #     (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
@@ -166,10 +143,7 @@ in {
       vlc
       audacity
       spotify
-      smtube
+      python38Packages.youtube-dl-light
-      python27Packages.youtube-dl-light
-      screenkey
-      quvi
       libwebcam
 
       # Network Tools
@@ -189,7 +163,7 @@ in {
       wireshark
 
       # Code Editors
-      unstablepkgs.atom
+      # unstablepkgs.atom
       xclip
       xsel
       unstablepkgs.vscode
@@ -232,17 +206,15 @@ in {
 
       # Misc Development Tools
       qrcode
-      travis
+      # travis
       jq
-      prometheus
+      # prometheus
       cdrtools
 
       # Document Processing and Management
-      zathura
+      # zathura
       mendeley
-      jabref
+      # zotero
-      zotero
-      hugo
       pandoc
 
       # LaTeX
@@ -291,7 +263,7 @@ in {
       pcmanfm
       hdparm
       testdisk
-      python27Packages.binwalk
+      python38Packages.binwalk
       gptfdisk
       gparted
 
@@ -303,7 +275,7 @@ in {
       myPython
 
       # Code generators
-      unstablepkgs.swagger-codegen
+      # unstablepkgs.swagger-codegen
 
       # Misc Desktop Tools
       # TODO: this may be required if brightness control isn't working
@@ -325,7 +297,7 @@ in {
       glib.dev # contains gdbus tool
       alacritty
       roxterm
-      masterpkgs.wally-cli
+      unstablepkgs.wally-cli
       man-pages
 
       # Screen recording
@@ -336,6 +308,7 @@ in {
       # kazam # doesn't start
       # xvidcap # doesn't keep the recording rectangle
       obs-studio
+      screenkey
       # shotcut
       # openshot-qt
   ]);

nix/home-manager/configuration/graphical-removable.nix

@@ -19,7 +19,8 @@ in {
     ../programs/emacs.nix
     ../programs/firefox.nix
     ../programs/chromium.nix
-    ../programs/homeshick.nix
+    # FIXME: fix homeshick when no WAN connection is available
+    # ../programs/homeshick.nix
     ../programs/libreoffice.nix
     ../programs/neovim.nix
     ../programs/pass.nix
@@ -33,29 +34,6 @@ in {
     };
 
     packageOverrides = pkgs: with pkgs; {
-      myPython36 = python36Full.withPackages (ps: with ps; [
-        pylint pep8 yapf flake8
-        # autopep8 (broken)
-        # pylint (broken)
-        ipython
-        llfuse
-        dugong
-        defusedxml
-        wheel
-        pip
-        virtualenv
-        pypi2nix
-        cffi
-        pyopenssl
-        urllib3
-        mistune
-
-        flask
-
-        pyaml
-      ] ++ [
-        pkgs.libffi
-      ]);
     };
   };
 
@@ -78,7 +56,6 @@ in {
       gnome3.gnome-tweak-tool
       xorg.xhost
       dmidecode
-      python36Packages.glances
       evtest
 
       # Archive Managers
@@ -145,7 +122,7 @@ in {
       gptfdisk
 
       ## Python
-      myPython36
+      myPython
 
       busyboxStatic
 

nix/home-manager/profiles/qtile-desktop.nix

@@ -302,8 +302,7 @@ in {
 
   services = {
     gnome-keyring.enable = true;
-    # TODO: this has been broken for a while, removing for now.
+    blueman-applet.enable = true;
-    # blueman-applet.enable = true;
     screen-locker = {
       enable = true;
       inactiveInterval = 7;

nix/os/containers/webserver.nix

@@ -2,7 +2,7 @@
 , localAddress
 , httpsPort ? 443
 }: {
-  config = { config, pkgs, ... }: {
+  config = { config, pkgs, lib, ... }: {
     imports = [
       ../profiles/containers/configuration.nix
     ];
@@ -30,23 +30,16 @@
       locations."~ ^(.+\.php)(.*)$".extraConfig = ''
         fastcgi_split_path_info  ^(.+\.php)(.*)$;
 
-        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
         fastcgi_index index.php;
       '';
     };
 
-    nixpkgs.config.php = {
-      imap = false;
-      openssl = false;
-      curl = false;
-      ldap = false;
-    };
-
     services.phpfpm.pools.mypool = {
-      phpPackage = pkgs.php56;
-      listen = "127.0.0.1:9000";
       user = "nobody";
+      phpPackage = pkgs.php5;
       settings = {
+        "listen.owner" = config.services.nginx.user;
         "pm" = "dynamic";
         "pm.max_children" = 5;
         "pm.start_servers" = 2;
@@ -58,6 +51,13 @@
       };
     };
 
+    # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
+    systemd.services."phpfpm-mypool" = {
+      serviceConfig = {
+        Type = lib.mkForce "simple";
+      };
+    };
+
     services.mysql = {
       enable = true;
       package = pkgs.mariadb;

nix/os/devices/steveej-rmvbl-sdep0/configuration.nix

@@ -1,6 +1,10 @@
 { ... }:
 
 {
+  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
+    nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
+  };
+
   imports = [
     ../../profiles/common/configuration.nix
     ../../profiles/graphical/configuration.nix

nix/os/devices/steveej-rmvbl-sdep0/versions.nix

@@ -1,20 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+  };
+in
+
 {
-  channelsNixosStable = {
+  inherit nixpkgs;
-    ref = "nixos-20.03";
+  nixos = nixpkgs // {
-    rev = "5659cb448e9b615d642c5fe52779c2223e72f7eb";
+    suffix = "/nixos";
   };
-  channelsNixosUnstable = {
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable";
-    rev = "daaa0e33505082716beb52efefe3064f0332b521";
+    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
   };
-  nixpkgsMaster = {
+  "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
-    rev = "55dc3b76f0ca1dd62d158b92a637fe484df5227d";
+    rev = "396f3407a28a0ce8ee537d6f4440d3e6cb359570";
   };
-  homeManagerModule = {
+  "home-manager-module" = {
-    url = "https://github.com/rycee/home-manager";
+    url = "https://github.com/nix-community/home-manager";
-    ref = "release-20.03";
+    ref = "release-20.09";
-    rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec";
+    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
   };
 }

nix/os/devices/steveej-t480s-work/system.nix

@@ -75,6 +75,10 @@ in {
     ssh = {
       enable = true;
       authorizedKeys = keys.users.steveej.openssh;
+      hostKeys = [
+        "/etc/secrets/initrd/ssh_host_rsa_key"
+        "/etc/secrets/initrd/ssh_host_ed25519_key"
+      ];
     };
   };
 
@@ -90,7 +94,9 @@ in {
     Option "SuspendTime" "0"
     Option "OffTime" "0"
   '';
-  boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
+
+  # the default profile uses linuxPackages_latest
+  # boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
 
   krb5 = {
     enable = true;

nix/os/devices/steveej-t480s-work/versions.nix

@@ -1,20 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+  };
+in
+
 {
-  channelsNixosStable = {
+  inherit nixpkgs;
-    ref = "nixos-20.03-small";
+  nixos = nixpkgs // {
-    rev = "eabc31612eabea2573a09ce5bcacdad3bfccd264";
+    suffix = "/nixos";
   };
-  channelsNixosUnstable = {
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable";
-    rev = "84d74ae9c9cbed73274b8e4e00be14688ffc93fe";
+    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
   };
-  nixpkgsMaster = {
+  "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
-    rev = "c0e65c63401c9c75c403df207e4bd6439b965cb4";
+    rev = "7c4305be84ae74499e1ddd9b8e97bcaaf6da0f7d";
   };
-  homeManagerModule = {
+  "home-manager-module" = {
-    url = "https://github.com/rycee/home-manager";
+    url = "https://github.com/nix-community/home-manager";
-    ref = "release-20.03";
+    ref = "release-20.09";
-    rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec";
+    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
   };
 }

nix/os/devices/steveej-t480s-work/versions.tmpl.nix

@@ -1,20 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
 {
-  channelsNixosStable = {
+  inherit nixpkgs;
-    ref = "nixos-20.03-small";
+  nixos = nixpkgs // {
-    rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-20.03-small | awk '{ print $1 }' | tr -d '\n' -%>";
+    suffix = "/nixos";
   };
-  channelsNixosUnstable = {
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable";
-    rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
   };
-  nixpkgsMaster = {
+  "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
     rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
   };
-  homeManagerModule = {
+  "home-manager-module" = {
-    url = "https://github.com/rycee/home-manager";
+    url = "https://github.com/nix-community/home-manager";
-    ref = "release-20.03";
+    ref = "release-20.09";
-    rev = "<% git ls-remote https://github.com/rycee/home-manager.git release-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
   };
 }

nix/os/devices/vmd32387.contaboserver.net/configuration.nix

@@ -2,12 +2,10 @@
 
 {
   disabledModules = [
-    "services/continuous-integration/gitlab-runner.nix"
   ];
   imports = [
     ../../profiles/common/configuration.nix
     ../../modules/encryptedDisk.nix
-    ../../modules/gitlab-runner.nix
 
     ./system.nix
     ./hw.nix

nix/os/devices/vmd32387.contaboserver.net/pkg.nix

@@ -10,7 +10,15 @@
   };
   home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
 
- services.hydra = {
+  nix.buildMachines = [
+    { hostName = "localhost";
+      system = "x86_64-linux";
+      supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
+      maxJobs = 4;
+    }
+  ];
+
+  services.hydra = {
     enable = false;
     hydraURL = "http://localhost:3000"; # externally visible URL
     notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
@@ -20,18 +28,10 @@
     useSubstitutes = true;
   };
 
-  nix.buildMachines = [
-    { hostName = "localhost";
-      system = "x86_64-linux";
-      supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
-      maxJobs = 4;
-    }
-  ];
-
   services.gitlab-runner = {
     enable = true;
 
-    packages = with pkgs; [
+    extraPackages = with pkgs; [
       bash
       gitlab-runner
       nix
@@ -39,18 +39,16 @@
       git-crypt
     ];
 
-    configFile = let
+    concurrent = 2;
-      nixRunnerToken = "/etc/secrets/gitlab-runner/nix-runner.token";
+    checkInterval = 0;
-    in pkgs.writeText "config.toml" ''
+    services = {
-        concurrent = 2
+      nixRunner = {
-        check_interval = 0
+        executor = "shell";
-        [[runners]]
+        runUntagged = true;
-          name = "nix-runner"
+        registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration";
-          url = "https://gitlab.com"
+        tagList = [ "nix" ];
-          token = "<% sed -z 's/[\n\s]//g' ${nixRunnerToken} %>"
+      };
-          executor = "shell"
+    };
-          shell = "bash"
+
-          [runners.cache]
-      '';
   };
 }

nix/os/devices/vmd32387.contaboserver.net/system.nix

@@ -88,6 +88,10 @@ in {
     ssh = {
       enable = true;
       authorizedKeys = keys.users.steveej.openssh;
+      hostKeys = [
+        "/etc/secrets/initrd/ssh_host_rsa_key"
+        "/etc/secrets/initrd/ssh_host_ed25519_key"
+      ];
     };
   };
 

nix/os/devices/vmd32387.contaboserver.net/versions.nix

@@ -1,20 +1,37 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+  };
+in
+
 {
-  channelsNixosStable = {
+  inherit nixpkgs;
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-20.03" = {
+    url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-20.03";
     rev = "ff6fda61600cc60404bab5cb6b18b8636785b7bc";
   };
-  channelsNixosUnstable = {
+  "channels-nixos-19.09" = {
-    ref = "nixos-unstable";
+    url = "https://github.com/NixOS/nixpkgs/";
-    rev = "84d74ae9c9cbed73274b8e4e00be14688ffc93fe";
+    ref = "nixos-19.09";
+    rev = "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1";
   };
-  nixpkgsMaster = {
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
+  };
+  "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
-    rev = "50e986ba967811afdb5edb3b6eda4369059e4238";
+    rev = "9b3e35d991ea6a43f256069dcb2e006006730d05";
   };
-  homeManagerModule = {
+  "home-manager-module" = {
-    url = "https://github.com/rycee/home-manager";
+    url = "https://github.com/nix-community/home-manager";
-    ref = "release-20.03";
+    ref = "release-20.09";
-    rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec";
+    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
   };
 }

nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix

@@ -0,0 +1,37 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
+{
+  inherit nixpkgs;
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-20.03" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.03";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "channels-nixos-19.09" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-19.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+}

nix/os/modules/ddclient-ovh.nix

@@ -12,7 +12,7 @@ in {
   options.services.ddclientovh = with lib; {
     enable = mkEnableOption "Enable ddclient-ovh";
     domain = mkOption {
-      type = types.string;
+      type = types.str;
     };
   };
 

nix/os/modules/encryptedDisk.nix

@@ -10,7 +10,7 @@ in {
   options.hardware.encryptedDisk = {
     enable = mkEnableOption "Enable encrypted filesystem layout";
     diskId = mkOption {
-      type = types.string;
+      type = types.str;
     };
   };
 

nix/os/modules/gitlab-runner.nix

@@ -1,149 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.gitlab-runner;
-  configFile =
-    if (cfg.configFile == null) then
-      (pkgs.runCommand "config.toml" {
-        buildInputs = [ pkgs.remarshal ];
-      } ''
-        remarshal -if json -of toml \
-          < ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \
-          > $out
-      '')
-    else
-      cfg.configFile;
-  hasDocker = config.virtualisation.docker.enable;
-in
-{
-  options.services.gitlab-runner = {
-    enable = mkEnableOption "Gitlab Runner";
-
-    configFile = mkOption {
-      default = null;
-      description = ''
-        Configuration file for gitlab-runner.
-        Use this option in favor of configOptions to avoid placing CI tokens in the nix store.
-
-        <option>configFile</option> takes precedence over <option>configOptions</option>.
-
-        Warning: Not using <option>configFile</option> will potentially result in secrets
-        leaking into the WORLD-READABLE nix store.
-      '';
-      type = types.nullOr types.path;
-    };
-
-    configOptions = mkOption {
-      description = ''
-        Configuration for gitlab-runner
-        <option>configFile</option> will take precedence over this option.
-
-        Warning: all Configuration, especially CI token, will be stored in a
-        WORLD-READABLE file in the Nix Store.
-
-        If you want to protect your CI token use <option>configFile</option> instead.
-      '';
-      type = types.attrs;
-      example = {
-        concurrent = 2;
-        runners = [{
-          name = "docker-nix-1.11";
-          url = "https://CI/";
-          token = "TOKEN";
-          executor = "docker";
-          builds_dir = "";
-          docker = {
-            host = "";
-            image = "nixos/nix:1.11";
-            privileged = true;
-            disable_cache = true;
-            cache_dir = "";
-          };
-        }];
-      };
-    };
-
-    gracefulTermination = mkOption {
-      default = false;
-      type = types.bool;
-      description = ''
-        Finish all remaining jobs before stopping, restarting or reconfiguring.
-        If not set gitlab-runner will stop immediatly without waiting for jobs to finish,
-        which will lead to failed builds.
-      '';
-    };
-
-    gracefulTimeout = mkOption {
-      default = "infinity";
-      type = types.str;
-      example = "5min 20s";
-      description = ''Time to wait until a graceful shutdown is turned into a forceful one.'';
-    };
-
-    workDir = mkOption {
-      default = "/var/lib/gitlab-runner";
-      type = types.path;
-      description = "The working directory used";
-    };
-
-    package = mkOption {
-      description = "Gitlab Runner package to use";
-      default = pkgs.gitlab-runner;
-      defaultText = "pkgs.gitlab-runner";
-      type = types.package;
-      example = literalExample "pkgs.gitlab-runner_1_11";
-    };
-
-    packages = mkOption {
-      default = [ pkgs.bash pkgs.docker-machine ];
-      defaultText = "[ pkgs.bash pkgs.docker-machine ]";
-      type = types.listOf types.package;
-      description = ''
-        Packages to add to PATH for the gitlab-runner process.
-      '';
-    };
-
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.gitlab-runner = {
-      path = cfg.packages;
-      environment = config.networking.proxy.envVars;
-      description = "Gitlab Runner";
-      after = [ "network.target" ]
-        ++ optional hasDocker "docker.service";
-      requires = optional hasDocker "docker.service";
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        User = "gitlab-runner";
-        Group = "gitlab-runner";
-        WorkingDirectory = cfg.workDir;
-        ExecStart = ''/usr/bin/env bash -c "exec ${cfg.package.bin}/bin/gitlab-runner run \
-          --working-directory ${cfg.workDir} \
-          --config <(${pkgs.esh}/bin/esh -o - -- ${configFile}) \
-          --service gitlab-runner \
-        "'';
-
-      } //  optionalAttrs (cfg.gracefulTermination) {
-        TimeoutStopSec = "${cfg.gracefulTimeout}";
-        KillSignal = "SIGQUIT";
-        KillMode = "process";
-      };
-    };
-
-    # Make the gitlab-runner command availabe so users can query the runner
-    environment.systemPackages = [ cfg.package ];
-
-    users.users.gitlab-runner = {
-      group = "gitlab-runner";
-      extraGroups = optional hasDocker "docker";
-      uid = config.ids.uids.gitlab-runner;
-      home = cfg.workDir;
-      createHome = true;
-    };
-
-    users.groups.gitlab-runner.gid = config.ids.gids.gitlab-runner;
-  };
-}

nix/os/profiles/graphical/system.nix

@@ -33,6 +33,7 @@
   services.dbus.packages = with pkgs; [
     blueman
   ];
+  services.blueman.enable = true;
 
   services.xserver = {
     enable = true;
@@ -54,12 +55,13 @@
     displayManager = {
       gdm.enable = false;
 
+      autoLogin = {
+        enable = true;
+        user = "steveej";
+      };
+
       lightdm = {
         enable = true;
-        autoLogin = {
-          enable = true;
-          user = "steveej";
-        };
         background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
       };
 

nix/os/profiles/removable-medium/pkg.nix

@@ -3,8 +3,5 @@
 }:
 
 {
-  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
-    nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
-  };
   home-manager.users.steveej = import ../../../home-manager/configuration/graphical-removable.nix { inherit pkgs; };
 }

nix/pkgs/default.nix

@@ -1,12 +1,5 @@
 { pkgs }:
 let
-  # one application requires php5
-  nixpkgsWithPhp5 = pkgs.fetchFromGitHub {
-    owner = "nixos";
-    repo = "nixpkgs-channels";
-    rev = "846d8f8305192dcc3a63139102698b4ac6b9ef9f";
-    sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb";
-  };
 
 in rec {
   nixpkgs-master = import <nixpkgs-master> {};
@@ -31,7 +24,7 @@ in rec {
           extraMeta.branch = "5.4";
         } // (args.argsOverride or {}));
       linux_sgx = pkgs.callPackage linux_sgx_pkg {};
-    in 
+    in
       pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_sgx);
   linuxPackages_sgx_latest = linuxPackages_sgx_540rc3;
 
@@ -47,11 +40,32 @@ in rec {
     enableStatic = true;
   };
 
-  php56 = (pkgs.callPackages
+  php5 = let
-    "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" {
+    nixpkgsWithPhp5 = pkgs.fetchFromGitHub {
+      owner = "nixos";
+      repo = "nixpkgs-channels";
+      rev = "pkgs";
+      sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb";
+    };
+    php5 = (pkgs.callPackage "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" {
+      config = (pkgs.lib.attrsets.recursiveUpdate
+        pkgs.config
+        {
+          php = {
+            imap = false;
+            openssl = false;
+            curl = false;
+            ldap = false;
+            mcrypt = false;
+          };
+        }
+      );
+      stdenv = pkgs.llvmPackages_6.stdenv; #broken
       icu = pkgs.icu60;
-    })
+    }).php56;
-    .php56.overrideAttrs(drv: rec {
+  in
+    php5
+    .overrideAttrs(attrs: rec {
       # See https://secure.php.net/ChangeLog-5.php
       version = "5.6.40";
       name = "php-${version}";
@@ -61,9 +75,38 @@ in rec {
         url = "http://www.php.net/distributions/php-${version}.tar.bz2";
         inherit sha256;
       };
+
+      configureFlags = attrs.configureFlags ++ [
+        "--without-fpm-systemd"
+      ];
+
     });
 
   duplicacy = pkgs.callPackage ../pkgs/duplicacy {};
   mfcl3770cdw = pkgs.callPackage ../pkgs/mfcl3770cdw.nix {};
   staruml = pkgs.callPackage ../pkgs/staruml.nix { inherit (pkgs.gnome2) GConf; libgcrypt = pkgs.libgcrypt_1_5; };
+
+  myPython = pkgs.python37Full.withPackages (ps: with ps; [
+    pep8 yapf flake8
+    # autopep8 (broken)
+    # pylint (broken)
+    ipython
+    llfuse
+    dugong
+    defusedxml
+    wheel
+    pip
+    virtualenv
+    cffi
+    pyopenssl
+    urllib3
+    mistune
+
+    flask
+
+    pyaml
+  ] ++ [
+    pkgs.pypi2nix
+    pkgs.libffi
+  ]);
 }

nix/variables/versions.nix

@@ -1,20 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+  };
+in
+
 {
-  channelsNixosStable = {
+  inherit nixpkgs;
-    ref = "nixos-20.03";
+  nixos = nixpkgs // {
-    rev = "70717a337f7ae4e486ba71a500367cad697e5f09";
+    suffix = "/nixos";
   };
-  channelsNixosUnstable = {
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable";
-    rev = "029a5de08390bb03c3f44230b064fd1850c6658a";
+    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
   };
-  nixpkgsMaster = {
+  "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
-    rev = "7a4ee350b007bcb4c689123ad21a8468f91a19b9";
+    rev = "3312e1c3ba80506c435876f016d7b3888f297c4e";
   };
-  homeManagerModule = {
+  "home-manager-module" = {
-    url = "https://github.com/rycee/home-manager";
+    url = "https://github.com/nix-community/home-manager";
-    ref = "release-20.03";
+    ref = "release-20.09";
-    rev = "96fcf3b017d813fac300ecb821b6db6b7b5d0c40";
+    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
   };
 }

nix/variables/versions.tmpl.nix

@@ -1,20 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
 {
-  channelsNixosStable = {
+  inherit nixpkgs;
-    ref = "nixos-20.03";
+  nixos = nixpkgs // {
-    rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+    suffix = "/nixos";
   };
-  channelsNixosUnstable = {
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
     ref = "nixos-unstable";
-    rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
   };
-  nixpkgsMaster = {
+  "nixpkgs-master" = {
     url = "https://github.com/NixOS/nixpkgs/";
     ref = "master";
     rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
   };
-  homeManagerModule = {
+  "home-manager-module" = {
-    url = "https://github.com/rycee/home-manager";
+    url = "https://github.com/nix-community/home-manager";
-    ref = "release-20.03";
+    ref = "release-20.09";
-    rev = "<% git ls-remote https://github.com/rycee/home-manager.git release-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
   };
 }