Merge branch 'pr/bump-nixos-20.09' into 'master'

bump nixos 20.09 See merge request steveeJ/infra!58
2020-10-18 20:12:27 +00:00 · 2020-10-18 20:12:27 +00:00 · 78a6dec6d8
commit 78a6dec6d8
parent 8afc9ca159 bf17d2f259
24 changed files with 312 additions and 361 deletions
--- a/2
+++ b/2
@ -150,8 +150,8 @@ rebuild-disk device:
 	set -xe

 	just -v disk-mount {{device}}
+	trap "set +e; just -v disk-umount {{device}}" EXIT
 	just -v disk-install {{device}}
-	just -v disk-umount {{device}}

 # Re-render the versions of the given offline system and reinstall it in offline-mode
 update-disk dir:
--- a/nix/default.nix
+++ b/nix/default.nix
@ -2,28 +2,23 @@

 let
  channelVersions = (import versionsPath);
-  mkChannelSource = channel:
+  mkChannelSource = name:
    let
-      channelVersion = builtins.getAttr channel channelVersions;
+      channelVersion = builtins.getAttr name channelVersions;
    in builtins.fetchGit {
      # Descriptive name to make the store path easier to identify
-      name = "nixpkgs-channels-${channel}";
-      url = if builtins.hasAttr "url" channelVersion
-        then channelVersion."url"
-        else "https://github.com/NixOS/nixpkgs-channels/"
-      ;
-      ref = (builtins.getAttr channel channelVersions)."ref";
-      rev = (builtins.getAttr channel channelVersions)."rev";
+      inherit name;
+      inherit (channelVersion) url ref rev;
  };
-  nixPath = builtins.foldl' (sum: elem: sum +":" + builtins.concatStringsSep "=" elem) "" [
-    [ "nixpkgs" (mkChannelSource "channelsNixosStable") ]
-    [ "nixos" (mkChannelSource "channelsNixosStable" + "/nixos") ]
-    [ "channels-nixos-stable" (mkChannelSource "channelsNixosStable") ]
-    [ "channels-nixos-unstable" (mkChannelSource "channelsNixosUnstable") ]
-    [ "nixpkgs-master" (mkChannelSource "nixpkgsMaster") ]
-    [ "home-manager-module" (mkChannelSource "homeManagerModule") ]
-  ];
-  pkgs = import (mkChannelSource "channelsNixosStable") {};
+  nixPath = builtins.foldl' (path: elemName:
+    let
+      elem = builtins.getAttr elemName channelVersions;
+      elemPath = (mkChannelSource elemName);
+      suffix = if builtins.hasAttr "suffix" elem then elem.suffix else "";
+    in
+      path + ":" + builtins.concatStringsSep "=" [ elemName elemPath ] + suffix
+  ) "" (builtins.attrNames channelVersions);
+  pkgs = import (mkChannelSource "nixpkgs") {};
 in

 {
--- a/nix/home-manager/configuration/graphical-fullblown.nix
+++ b/nix/home-manager/configuration/graphical-fullblown.nix
@ -36,29 +36,6 @@ in {
    };

    packageOverrides = pkgs: with pkgs; {
-      myPython = python37Full.withPackages (ps: with ps; [
-        pep8 yapf flake8
-        # autopep8 (broken)
-        # pylint (broken)
-        ipython
-        llfuse
-        dugong
-        defusedxml
-        wheel
-        pip
-        virtualenv
-        pypi2nix
-        cffi
-        pyopenssl
-        urllib3
-        mistune
-
-        flask
-
-        pyaml
-      ] ++ [
-        pkgs.libffi
-      ]);
    };
  };

@ -101,7 +78,6 @@ in {
      gnome3.gnome-tweak-tool
      xorg.xhost
      dmidecode
-      python36Packages.glances
      evtest

      # Archive Managers
@ -138,18 +114,19 @@ in {
      bluejeans-gui
      thunderbird
      gnome3.evolution # gnome4.glib_networking
-      tdesktop
+      # telegram
+      unstablepkgs.tdesktop
      gnome3.cheese

      # Virtualization
      virtmanager
-      (pkgs.lib.hiPrio qemu)
+      # (pkgs.lib.hiPrio qemu)
      # virtualbox
-      vagrant
-      docker_compose
+      # vagrant
+      # docker_compose
      # unstablepkgs.kubernetes
-      unstablepkgs.minikube
-      unstablepkgs.openshift
+      # unstablepkgs.minikube
+      # unstablepkgs.openshift
      # (unstablepkgs.minikube.overrideAttrs (oldAttrs: {
      #   patches = oldAttrs.patches ++ [
      #     (builtins.fetchurl { url ="https://patch-diff.githubusercontent.com/raw/kubernetes/minikube/pull/2517.diff"; })
@ -166,10 +143,7 @@ in {
      vlc
      audacity
      spotify
-      smtube
-      python27Packages.youtube-dl-light
-      screenkey
-      quvi
+      python38Packages.youtube-dl-light
      libwebcam

      # Network Tools
@ -189,7 +163,7 @@ in {
      wireshark

      # Code Editors
-      unstablepkgs.atom
+      # unstablepkgs.atom
      xclip
      xsel
      unstablepkgs.vscode
@ -232,17 +206,15 @@ in {

      # Misc Development Tools
      qrcode
-      travis
+      # travis
      jq
-      prometheus
+      # prometheus
      cdrtools

      # Document Processing and Management
-      zathura
+      # zathura
      mendeley
-      jabref
-      zotero
-      hugo
+      # zotero
      pandoc

      # LaTeX
@ -291,7 +263,7 @@ in {
      pcmanfm
      hdparm
      testdisk
-      python27Packages.binwalk
+      python38Packages.binwalk
      gptfdisk
      gparted

@ -303,7 +275,7 @@ in {
      myPython

      # Code generators
-      unstablepkgs.swagger-codegen
+      # unstablepkgs.swagger-codegen

      # Misc Desktop Tools
      # TODO: this may be required if brightness control isn't working
@ -325,7 +297,7 @@ in {
      glib.dev # contains gdbus tool
      alacritty
      roxterm
-      masterpkgs.wally-cli
+      unstablepkgs.wally-cli
      man-pages

      # Screen recording
@ -336,6 +308,7 @@ in {
      # kazam # doesn't start
      # xvidcap # doesn't keep the recording rectangle
      obs-studio
+      screenkey
      # shotcut
      # openshot-qt
  ]);
--- a/nix/home-manager/configuration/graphical-removable.nix
+++ b/nix/home-manager/configuration/graphical-removable.nix
@ -19,7 +19,8 @@ in {
    ../programs/emacs.nix
    ../programs/firefox.nix
    ../programs/chromium.nix
-    ../programs/homeshick.nix
+    # FIXME: fix homeshick when no WAN connection is available
+    # ../programs/homeshick.nix
    ../programs/libreoffice.nix
    ../programs/neovim.nix
    ../programs/pass.nix
@ -33,29 +34,6 @@ in {
    };

    packageOverrides = pkgs: with pkgs; {
-      myPython36 = python36Full.withPackages (ps: with ps; [
-        pylint pep8 yapf flake8
-        # autopep8 (broken)
-        # pylint (broken)
-        ipython
-        llfuse
-        dugong
-        defusedxml
-        wheel
-        pip
-        virtualenv
-        pypi2nix
-        cffi
-        pyopenssl
-        urllib3
-        mistune
-
-        flask
-
-        pyaml
-      ] ++ [
-        pkgs.libffi
-      ]);
    };
  };

@ -78,7 +56,6 @@ in {
      gnome3.gnome-tweak-tool
      xorg.xhost
      dmidecode
-      python36Packages.glances
      evtest

      # Archive Managers
@ -145,7 +122,7 @@ in {
      gptfdisk

      ## Python
-      myPython36
+      myPython

      busyboxStatic

--- a/nix/home-manager/profiles/qtile-desktop.nix
+++ b/nix/home-manager/profiles/qtile-desktop.nix
@ -302,8 +302,7 @@ in {

  services = {
    gnome-keyring.enable = true;
-    # TODO: this has been broken for a while, removing for now.
-    # blueman-applet.enable = true;
+    blueman-applet.enable = true;
    screen-locker = {
      enable = true;
      inactiveInterval = 7;
--- a/nix/os/containers/webserver.nix
+++ b/nix/os/containers/webserver.nix
@ -2,7 +2,7 @@
 , localAddress
 , httpsPort ? 443
 }: {
-  config = { config, pkgs, ... }: {
+  config = { config, pkgs, lib, ... }: {
    imports = [
      ../profiles/containers/configuration.nix
    ];
@ -30,23 +30,16 @@
      locations."~ ^(.+\.php)(.*)$".extraConfig = ''
        fastcgi_split_path_info  ^(.+\.php)(.*)$;

-        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
        fastcgi_index index.php;
      '';
    };

-    nixpkgs.config.php = {
-      imap = false;
-      openssl = false;
-      curl = false;
-      ldap = false;
-    };
-
    services.phpfpm.pools.mypool = {
-      phpPackage = pkgs.php56;
-      listen = "127.0.0.1:9000";
      user = "nobody";
+      phpPackage = pkgs.php5;
      settings = {
+        "listen.owner" = config.services.nginx.user;
        "pm" = "dynamic";
        "pm.max_children" = 5;
        "pm.start_servers" = 2;
@ -58,6 +51,13 @@
      };
    };

+    # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
+    systemd.services."phpfpm-mypool" = {
+      serviceConfig = {
+        Type = lib.mkForce "simple";
+      };
+    };
+
    services.mysql = {
      enable = true;
      package = pkgs.mariadb;
--- a/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix
+++ b/nix/os/devices/steveej-rmvbl-sdep0/configuration.nix
@ -1,6 +1,10 @@
 { ... }:

 {
+  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
+    nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
+  };
+
  imports = [
    ../../profiles/common/configuration.nix
    ../../profiles/graphical/configuration.nix
--- a/nix/os/devices/steveej-rmvbl-sdep0/versions.nix
+++ b/nix/os/devices/steveej-rmvbl-sdep0/versions.nix
@ -1,20 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+  };
+in
+
 {
-  channelsNixosStable = {
-    ref = "nixos-20.03";
-    rev = "5659cb448e9b615d642c5fe52779c2223e72f7eb";
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
  };
-  channelsNixosUnstable = {
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-unstable";
-    rev = "daaa0e33505082716beb52efefe3064f0332b521";
+    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
  };
-  nixpkgsMaster = {
+  "nixpkgs-master" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "master";
-    rev = "55dc3b76f0ca1dd62d158b92a637fe484df5227d";
+    rev = "396f3407a28a0ce8ee537d6f4440d3e6cb359570";
  };
-  homeManagerModule = {
-    url = "https://github.com/rycee/home-manager";
-    ref = "release-20.03";
-    rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec";
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
  };
 }
--- a/nix/os/devices/steveej-t480s-work/system.nix
+++ b/nix/os/devices/steveej-t480s-work/system.nix
@ -75,6 +75,10 @@ in {
    ssh = {
      enable = true;
      authorizedKeys = keys.users.steveej.openssh;
+      hostKeys = [
+        "/etc/secrets/initrd/ssh_host_rsa_key"
+        "/etc/secrets/initrd/ssh_host_ed25519_key"
+      ];
    };
  };

@ -90,7 +94,9 @@ in {
    Option "SuspendTime" "0"
    Option "OffTime" "0"
  '';
-  boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
+
+  # the default profile uses linuxPackages_latest
+  # boot.kernelPackages = lib.mkForce pkgs.linuxPackages;

  krb5 = {
    enable = true;
--- a/nix/os/devices/steveej-t480s-work/versions.nix
+++ b/nix/os/devices/steveej-t480s-work/versions.nix
@ -1,20 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+  };
+in
+
 {
-  channelsNixosStable = {
-    ref = "nixos-20.03-small";
-    rev = "eabc31612eabea2573a09ce5bcacdad3bfccd264";
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
  };
-  channelsNixosUnstable = {
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-unstable";
-    rev = "84d74ae9c9cbed73274b8e4e00be14688ffc93fe";
+    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
  };
-  nixpkgsMaster = {
+  "nixpkgs-master" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "master";
-    rev = "c0e65c63401c9c75c403df207e4bd6439b965cb4";
+    rev = "7c4305be84ae74499e1ddd9b8e97bcaaf6da0f7d";
  };
-  homeManagerModule = {
-    url = "https://github.com/rycee/home-manager";
-    ref = "release-20.03";
-    rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec";
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
  };
 }
--- a/nix/os/devices/steveej-t480s-work/versions.tmpl.nix
+++ b/nix/os/devices/steveej-t480s-work/versions.tmpl.nix
@ -1,20 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
 {
-  channelsNixosStable = {
-    ref = "nixos-20.03-small";
-    rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-20.03-small | awk '{ print $1 }' | tr -d '\n' -%>";
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
  };
-  channelsNixosUnstable = {
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-unstable";
-    rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
  };
-  nixpkgsMaster = {
+  "nixpkgs-master" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "master";
    rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
  };
-  homeManagerModule = {
-    url = "https://github.com/rycee/home-manager";
-    ref = "release-20.03";
-    rev = "<% git ls-remote https://github.com/rycee/home-manager.git release-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
  };
 }
--- a/nix/os/devices/vmd32387.contaboserver.net/configuration.nix
+++ b/nix/os/devices/vmd32387.contaboserver.net/configuration.nix
@ -2,12 +2,10 @@

 {
  disabledModules = [
-    "services/continuous-integration/gitlab-runner.nix"
  ];
  imports = [
    ../../profiles/common/configuration.nix
    ../../modules/encryptedDisk.nix
-    ../../modules/gitlab-runner.nix

    ./system.nix
    ./hw.nix
--- a/nix/os/devices/vmd32387.contaboserver.net/pkg.nix
+++ b/nix/os/devices/vmd32387.contaboserver.net/pkg.nix
@ -10,7 +10,15 @@
  };
  home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };

- services.hydra = {
+  nix.buildMachines = [
+    { hostName = "localhost";
+      system = "x86_64-linux";
+      supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
+      maxJobs = 4;
+    }
+  ];
+
+  services.hydra = {
    enable = false;
    hydraURL = "http://localhost:3000"; # externally visible URL
    notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
@ -20,18 +28,10 @@
    useSubstitutes = true;
  };

-  nix.buildMachines = [
-    { hostName = "localhost";
-      system = "x86_64-linux";
-      supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
-      maxJobs = 4;
-    }
-  ];
-
  services.gitlab-runner = {
    enable = true;

-    packages = with pkgs; [
+    extraPackages = with pkgs; [
      bash
      gitlab-runner
      nix
@ -39,18 +39,16 @@
      git-crypt
    ];

-    configFile = let
-      nixRunnerToken = "/etc/secrets/gitlab-runner/nix-runner.token";
-    in pkgs.writeText "config.toml" ''
-        concurrent = 2
-        check_interval = 0
-        [[runners]]
-          name = "nix-runner"
-          url = "https://gitlab.com"
-          token = "<% sed -z 's/[\n\s]//g' ${nixRunnerToken} %>"
-          executor = "shell"
-          shell = "bash"
-          [runners.cache]
-      '';
+    concurrent = 2;
+    checkInterval = 0;
+    services = {
+      nixRunner = {
+        executor = "shell";
+        runUntagged = true;
+        registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration";
+        tagList = [ "nix" ];
+      };
+    };
+
  };
 }
--- a/nix/os/devices/vmd32387.contaboserver.net/system.nix
+++ b/nix/os/devices/vmd32387.contaboserver.net/system.nix
@ -88,6 +88,10 @@ in {
    ssh = {
      enable = true;
      authorizedKeys = keys.users.steveej.openssh;
+      hostKeys = [
+        "/etc/secrets/initrd/ssh_host_rsa_key"
+        "/etc/secrets/initrd/ssh_host_ed25519_key"
+      ];
    };
  };

--- a/nix/os/devices/vmd32387.contaboserver.net/versions.nix
+++ b/nix/os/devices/vmd32387.contaboserver.net/versions.nix
@ -1,20 +1,37 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+  };
+in
+
 {
-  channelsNixosStable = {
+  inherit nixpkgs;
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-20.03" = {
+    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-20.03";
    rev = "ff6fda61600cc60404bab5cb6b18b8636785b7bc";
  };
-  channelsNixosUnstable = {
-    ref = "nixos-unstable";
-    rev = "84d74ae9c9cbed73274b8e4e00be14688ffc93fe";
+  "channels-nixos-19.09" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-19.09";
+    rev = "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1";
  };
-  nixpkgsMaster = {
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
+  };
+  "nixpkgs-master" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "master";
-    rev = "50e986ba967811afdb5edb3b6eda4369059e4238";
+    rev = "9b3e35d991ea6a43f256069dcb2e006006730d05";
  };
-  homeManagerModule = {
-    url = "https://github.com/rycee/home-manager";
-    ref = "release-20.03";
-    rev = "e6f96b6aa3e99495f9f6f3488ecf78dd316e5bec";
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
  };
 }
--- a/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix
+++ b/nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix
@ -0,0 +1,37 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
+{
+  inherit nixpkgs;
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-20.03" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.03";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "channels-nixos-19.09" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-19.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+}
--- a/nix/os/modules/ddclient-ovh.nix
+++ b/nix/os/modules/ddclient-ovh.nix
@ -12,7 +12,7 @@ in {
  options.services.ddclientovh = with lib; {
    enable = mkEnableOption "Enable ddclient-ovh";
    domain = mkOption {
-      type = types.string;
+      type = types.str;
    };
  };

--- a/nix/os/modules/encryptedDisk.nix
+++ b/nix/os/modules/encryptedDisk.nix
@ -10,7 +10,7 @@ in {
  options.hardware.encryptedDisk = {
    enable = mkEnableOption "Enable encrypted filesystem layout";
    diskId = mkOption {
-      type = types.string;
+      type = types.str;
    };
  };

--- a/nix/os/modules/gitlab-runner.nix
+++ b/nix/os/modules/gitlab-runner.nix
@ -1,149 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.gitlab-runner;
-  configFile =
-    if (cfg.configFile == null) then
-      (pkgs.runCommand "config.toml" {
-        buildInputs = [ pkgs.remarshal ];
-      } ''
-        remarshal -if json -of toml \
-          < ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \
-          > $out
-      '')
-    else
-      cfg.configFile;
-  hasDocker = config.virtualisation.docker.enable;
-in
-{
-  options.services.gitlab-runner = {
-    enable = mkEnableOption "Gitlab Runner";
-
-    configFile = mkOption {
-      default = null;
-      description = ''
-        Configuration file for gitlab-runner.
-        Use this option in favor of configOptions to avoid placing CI tokens in the nix store.
-
-        <option>configFile</option> takes precedence over <option>configOptions</option>.
-
-        Warning: Not using <option>configFile</option> will potentially result in secrets
-        leaking into the WORLD-READABLE nix store.
-      '';
-      type = types.nullOr types.path;
-    };
-
-    configOptions = mkOption {
-      description = ''
-        Configuration for gitlab-runner
-        <option>configFile</option> will take precedence over this option.
-
-        Warning: all Configuration, especially CI token, will be stored in a
-        WORLD-READABLE file in the Nix Store.
-
-        If you want to protect your CI token use <option>configFile</option> instead.
-      '';
-      type = types.attrs;
-      example = {
-        concurrent = 2;
-        runners = [{
-          name = "docker-nix-1.11";
-          url = "https://CI/";
-          token = "TOKEN";
-          executor = "docker";
-          builds_dir = "";
-          docker = {
-            host = "";
-            image = "nixos/nix:1.11";
-            privileged = true;
-            disable_cache = true;
-            cache_dir = "";
-          };
-        }];
-      };
-    };
-
-    gracefulTermination = mkOption {
-      default = false;
-      type = types.bool;
-      description = ''
-        Finish all remaining jobs before stopping, restarting or reconfiguring.
-        If not set gitlab-runner will stop immediatly without waiting for jobs to finish,
-        which will lead to failed builds.
-      '';
-    };
-
-    gracefulTimeout = mkOption {
-      default = "infinity";
-      type = types.str;
-      example = "5min 20s";
-      description = ''Time to wait until a graceful shutdown is turned into a forceful one.'';
-    };
-
-    workDir = mkOption {
-      default = "/var/lib/gitlab-runner";
-      type = types.path;
-      description = "The working directory used";
-    };
-
-    package = mkOption {
-      description = "Gitlab Runner package to use";
-      default = pkgs.gitlab-runner;
-      defaultText = "pkgs.gitlab-runner";
-      type = types.package;
-      example = literalExample "pkgs.gitlab-runner_1_11";
-    };
-
-    packages = mkOption {
-      default = [ pkgs.bash pkgs.docker-machine ];
-      defaultText = "[ pkgs.bash pkgs.docker-machine ]";
-      type = types.listOf types.package;
-      description = ''
-        Packages to add to PATH for the gitlab-runner process.
-      '';
-    };
-
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.gitlab-runner = {
-      path = cfg.packages;
-      environment = config.networking.proxy.envVars;
-      description = "Gitlab Runner";
-      after = [ "network.target" ]
-        ++ optional hasDocker "docker.service";
-      requires = optional hasDocker "docker.service";
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        User = "gitlab-runner";
-        Group = "gitlab-runner";
-        WorkingDirectory = cfg.workDir;
-        ExecStart = ''/usr/bin/env bash -c "exec ${cfg.package.bin}/bin/gitlab-runner run \
-          --working-directory ${cfg.workDir} \
-          --config <(${pkgs.esh}/bin/esh -o - -- ${configFile}) \
-          --service gitlab-runner \
-        "'';
-
-      } //  optionalAttrs (cfg.gracefulTermination) {
-        TimeoutStopSec = "${cfg.gracefulTimeout}";
-        KillSignal = "SIGQUIT";
-        KillMode = "process";
-      };
-    };
-
-    # Make the gitlab-runner command availabe so users can query the runner
-    environment.systemPackages = [ cfg.package ];
-
-    users.users.gitlab-runner = {
-      group = "gitlab-runner";
-      extraGroups = optional hasDocker "docker";
-      uid = config.ids.uids.gitlab-runner;
-      home = cfg.workDir;
-      createHome = true;
-    };
-
-    users.groups.gitlab-runner.gid = config.ids.gids.gitlab-runner;
-  };
-}
--- a/nix/os/profiles/graphical/system.nix
+++ b/nix/os/profiles/graphical/system.nix
@ -33,6 +33,7 @@
  services.dbus.packages = with pkgs; [
    blueman
  ];
+  services.blueman.enable = true;

  services.xserver = {
    enable = true;
@ -54,12 +55,13 @@
    displayManager = {
      gdm.enable = false;

+      autoLogin = {
+        enable = true;
+        user = "steveej";
+      };
+
      lightdm = {
        enable = true;
-        autoLogin = {
-          enable = true;
-          user = "steveej";
-        };
        background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
      };

--- a/nix/os/profiles/removable-medium/pkg.nix
+++ b/nix/os/profiles/removable-medium/pkg.nix
@ -3,8 +3,5 @@
 }:

 {
-  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
-    nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
-  };
  home-manager.users.steveej = import ../../../home-manager/configuration/graphical-removable.nix { inherit pkgs; };
 }
--- a/nix/pkgs/default.nix
+++ b/nix/pkgs/default.nix
@ -1,12 +1,5 @@
 { pkgs }:
 let
-  # one application requires php5
-  nixpkgsWithPhp5 = pkgs.fetchFromGitHub {
-    owner = "nixos";
-    repo = "nixpkgs-channels";
-    rev = "846d8f8305192dcc3a63139102698b4ac6b9ef9f";
-    sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb";
-  };

 in rec {
  nixpkgs-master = import <nixpkgs-master> {};
@ -31,7 +24,7 @@ in rec {
          extraMeta.branch = "5.4";
        } // (args.argsOverride or {}));
      linux_sgx = pkgs.callPackage linux_sgx_pkg {};
-    in 
+    in
      pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_sgx);
  linuxPackages_sgx_latest = linuxPackages_sgx_540rc3;

@ -47,11 +40,32 @@ in rec {
    enableStatic = true;
  };

-  php56 = (pkgs.callPackages
-    "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" {
+  php5 = let
+    nixpkgsWithPhp5 = pkgs.fetchFromGitHub {
+      owner = "nixos";
+      repo = "nixpkgs-channels";
+      rev = "pkgs";
+      sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb";
+    };
+    php5 = (pkgs.callPackage "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" {
+      config = (pkgs.lib.attrsets.recursiveUpdate
+        pkgs.config
+        {
+          php = {
+            imap = false;
+            openssl = false;
+            curl = false;
+            ldap = false;
+            mcrypt = false;
+          };
+        }
+      );
+      stdenv = pkgs.llvmPackages_6.stdenv; #broken
      icu = pkgs.icu60;
-    })
-    .php56.overrideAttrs(drv: rec {
+    }).php56;
+  in
+    php5
+    .overrideAttrs(attrs: rec {
      # See https://secure.php.net/ChangeLog-5.php
      version = "5.6.40";
      name = "php-${version}";
@ -61,9 +75,38 @@ in rec {
        url = "http://www.php.net/distributions/php-${version}.tar.bz2";
        inherit sha256;
      };
+
+      configureFlags = attrs.configureFlags ++ [
+        "--without-fpm-systemd"
+      ];
+
    });

  duplicacy = pkgs.callPackage ../pkgs/duplicacy {};
  mfcl3770cdw = pkgs.callPackage ../pkgs/mfcl3770cdw.nix {};
  staruml = pkgs.callPackage ../pkgs/staruml.nix { inherit (pkgs.gnome2) GConf; libgcrypt = pkgs.libgcrypt_1_5; };
+
+  myPython = pkgs.python37Full.withPackages (ps: with ps; [
+    pep8 yapf flake8
+    # autopep8 (broken)
+    # pylint (broken)
+    ipython
+    llfuse
+    dugong
+    defusedxml
+    wheel
+    pip
+    virtualenv
+    cffi
+    pyopenssl
+    urllib3
+    mistune
+
+    flask
+
+    pyaml
+  ] ++ [
+    pkgs.pypi2nix
+    pkgs.libffi
+  ]);
 }
--- a/nix/variables/versions.nix
+++ b/nix/variables/versions.nix
@ -1,20 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+  };
+in
+
 {
-  channelsNixosStable = {
-    ref = "nixos-20.03";
-    rev = "70717a337f7ae4e486ba71a500367cad697e5f09";
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
  };
-  channelsNixosUnstable = {
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-unstable";
-    rev = "029a5de08390bb03c3f44230b064fd1850c6658a";
+    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
  };
-  nixpkgsMaster = {
+  "nixpkgs-master" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "master";
-    rev = "7a4ee350b007bcb4c689123ad21a8468f91a19b9";
+    rev = "3312e1c3ba80506c435876f016d7b3888f297c4e";
  };
-  homeManagerModule = {
-    url = "https://github.com/rycee/home-manager";
-    ref = "release-20.03";
-    rev = "96fcf3b017d813fac300ecb821b6db6b7b5d0c40";
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
  };
 }
--- a/nix/variables/versions.tmpl.nix
+++ b/nix/variables/versions.tmpl.nix
@ -1,20 +1,30 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
 {
-  channelsNixosStable = {
-    ref = "nixos-20.03";
-    rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
  };
-  channelsNixosUnstable = {
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-unstable";
-    rev = "<% git ls-remote https://github.com/nixos/nixpkgs-channels nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
  };
-  nixpkgsMaster = {
+  "nixpkgs-master" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "master";
    rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
  };
-  homeManagerModule = {
-    url = "https://github.com/rycee/home-manager";
-    ref = "release-20.03";
-    rev = "<% git ls-remote https://github.com/rycee/home-manager.git release-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
  };
 }