From 304152dbb209ba965c17dd62f13b8ccdf7c0acbb Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Sun, 8 Jan 2023 17:32:10 +0000 Subject: [PATCH] Upgrade NixOS stable to 22.11 and upgrade packages --- flake.lock | 78 +++++++++++-------- flake.nix | 4 +- home-manager/default.nix | 22 ++---- lib/default.nix | 2 +- .../colony/vms/shill/containers/object.nix | 5 +- nixos/boxes/colony/vms/whale2/default.nix | 4 + nixos/modules/deploy-rs.nix | 8 +- nixos/modules/network.nix | 35 ++------- nixos/modules/vms.nix | 2 +- 9 files changed, 75 insertions(+), 85 deletions(-) diff --git a/flake.lock b/flake.lock index a61962e..45f2029 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1659725433, - "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=", + "lastModified": 1672327199, + "narHash": "sha256-pFlngSHXKBhAmbaKZ4FYtu57LLunG+vWdL7a5vw1RvQ=", "owner": "serokell", "repo": "deploy-rs", - "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb", + "rev": "a5619f5660a00f58c2b7c16d89058e92327ac9b8", "type": "github" }, "original": { @@ -66,11 +66,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1648199409, - "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -128,19 +128,20 @@ "inputs": { "nixpkgs": [ "nixpkgs-stable" - ] + ], + "utils": "utils_2" }, "locked": { - "lastModified": 1667907331, - "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=", + "lastModified": 1672244468, + "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=", "owner": "nix-community", "repo": "home-manager", - "rev": "6639e3a837fc5deb6f99554072789724997bc8e5", + "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706", "type": "github" }, "original": { "id": "home-manager", - "ref": "release-22.05", + "ref": "release-22.11", "type": "indirect" } }, @@ -149,14 +150,14 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "utils": "utils_2" + "utils": "utils_3" }, "locked": { - "lastModified": 1668900402, - "narHash": "sha256-IhVlueHoQNoN0SOHZIceKU3LyEL00g2ei0aUlaNypbQ=", + "lastModified": 1673089714, + "narHash": "sha256-D58SGNOVe+s7r2iewnCA8q68gyrfQcOnD1TdJo1wFLY=", "owner": "nix-community", "repo": "home-manager", - "rev": "c0f9cbcf93ca22e4f0ca66843be61a4bdf6f0a44", + "rev": "9e565f0d9d41c19a94f55af205c328ec5177fc0a", "type": "github" }, "original": { @@ -182,11 +183,11 @@ }, "nixpkgs-mine": { "locked": { - "lastModified": 1668912601, - "narHash": "sha256-3NYOKMIy+9yZ0i79n7/gDOG4larQDyP93yhLvocAhLI=", + "lastModified": 1673114714, + "narHash": "sha256-jK8mpQaWYJdaczvhzX787X98srlpItKXKUZfFI+VO38=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "b72bbaaf21d31f67df455e1584f2dff02d799896", + "rev": "aee4d3c036013c6f28054d6aed7dabfea699b7c6", "type": "github" }, "original": { @@ -198,11 +199,11 @@ }, "nixpkgs-mine-stable": { "locked": { - "lastModified": 1668912632, - "narHash": "sha256-Xv+VEgkAxDsj572ggD/KBDzkO6//ltLpH80fy0h2vNI=", + "lastModified": 1673115412, + "narHash": "sha256-eF2ItE6bmllqS5xIm3+b/TEJC/6Unro2dGBuTsV/MBQ=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "3419fa265d67829f922d0dcbe865bc915f93f885", + "rev": "bd88557becd7cdba328590a2dea96f7bc20710fd", "type": "github" }, "original": { @@ -214,26 +215,26 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1668766498, - "narHash": "sha256-UjZlIrbHGlL3H3HZNPTxPSwJfr49jIfbPWCYxk0EQm4=", + "lastModified": 1672968032, + "narHash": "sha256-26Jns3GmHem44a06UN5Rj/KOD9qNJThyQrom02Ijur8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f42a45c015f28ac3beeb0df360e50cdbf495d44b", + "rev": "2dea8991d89b9f1e78d874945f78ca15f6954289", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.05", + "ref": "nixos-22.11", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1668765800, - "narHash": "sha256-rC40+/W6Hio7b/RsY8SvQPKNx4WqNcTgfYv8cUMAvJk=", + "lastModified": 1672953546, + "narHash": "sha256-oz757DnJ1ITvwyTovuwG3l9cX6j9j6/DH9eH+cXFJmc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739", + "rev": "a518c77148585023ff56022f09c4b2c418a51ef5", "type": "github" }, "original": { @@ -282,11 +283,11 @@ }, "utils": { "locked": { - "lastModified": 1648297722, - "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -309,6 +310,21 @@ "repo": "flake-utils", "type": "github" } + }, + "utils_3": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 632fcfb..738407f 100644 --- a/flake.nix +++ b/flake.nix @@ -7,13 +7,13 @@ devshell.inputs.nixpkgs.follows = "nixpkgs-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "nixpkgs/nixos-22.05"; + nixpkgs-stable.url = "nixpkgs/nixos-22.11"; nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0"; nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable"; home-manager-unstable.url = "home-manager"; home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; - home-manager-stable.url = "home-manager/release-22.05"; + home-manager-stable.url = "home-manager/release-22.11"; home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; # Stuff used by the flake for build / deployment diff --git a/home-manager/default.nix b/home-manager/default.nix index d06bcc1..0441eea 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -10,14 +10,8 @@ let config', defs, }: - let - # TODO: Remove this backwards compatibility when 22.11 becomes stable - # https://github.com/nix-community/home-manager/blob/master/docs/release-notes/rl-2211.adoc - newCfgFn = (homeStateVersion' config'.home-manager) == "22.11"; - modArg = if newCfgFn then "modules" else "extraModules"; - in # homeManagerConfiguration doesn't allow us to set lib directly (inherits from passed pkgs) - hmFlakes.${config'.home-manager}.lib.homeManagerConfiguration ({ + hmFlakes.${config'.home-manager}.lib.homeManagerConfiguration { # Passing pkgs here doesn't set the global pkgs, just where it'll be imported from (and where the global lib is # derived from). We want home-manager to import pkgs itself so it'll apply config and overlays modularly. Any config # and overlays previously applied will be passed on by `homeManagerConfiguration` though. In fact, because of weird @@ -25,7 +19,7 @@ let # TODO: Check if this is fixed in future. pkgs = pkgs'.${config'.nixpkgs}.${config'.system} // { config = { }; }; extraSpecialArgs = { inherit inputs pkgsFlakes; pkgsFlake = pkgsFlakes.${config'.nixpkgs}; }; - "${modArg}" = (attrValues cfg.modules) ++ [ + modules = (attrValues cfg.modules) ++ [ { warnings = flatten [ (optional (config'.nixpkgs != config'.home-manager) @@ -38,19 +32,13 @@ let pkgs' = mapAttrs (_: p: p.${config'.system}) pkgs'; }; - home = mkIf newCfgFn { + home = { inherit (config') homeDirectory username; }; } (homeStateVersion config'.home-manager) - ] ++ (if newCfgFn then defs else tail defs); - } // (optionalAttrs (!newCfgFn) { - inherit (config') system homeDirectory username; - - # Pull the first def as `configuration` and add any others to `extraModules` for the old style config (they should - # end up in the same list of modules to evaluate anyway) - configuration = head defs; - })); + ] ++ defs; + }; homeOpts = with lib.types; { ... }@args: let diff --git a/lib/default.nix b/lib/default.nix index 37c59d9..fc93ccf 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -88,7 +88,7 @@ rec { then throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failedAssertions)}" else showWarnings config.warnings res; - homeStateVersion' = hmBranch: (if (hmBranch == "stable" || hmBranch == "mine-stable") then "22.05" else "22.11"); + homeStateVersion' = hmBranch: (if (hmBranch == "stable" || hmBranch == "mine-stable") then "22.11" else "23.05"); homeStateVersion = hmBranch: { # The flake passes a default setting, but we don't care about that home.stateVersion = mkForce (homeStateVersion' hmBranch); diff --git a/nixos/boxes/colony/vms/shill/containers/object.nix b/nixos/boxes/colony/vms/shill/containers/object.nix index 67f8efa..1e7dd59 100644 --- a/nixos/boxes/colony/vms/shill/containers/object.nix +++ b/nixos/boxes/colony/vms/shill/containers/object.nix @@ -15,7 +15,7 @@ }; }; - configuration = { lib, config, assignments, ... }: + configuration = { lib, pkgs, config, assignments, ... }: let inherit (lib) mkMerge mkIf; inherit (lib.my) networkdAssignment; @@ -64,6 +64,9 @@ browser = true; rootCredentialsFile = config.age.secrets."object/minio.env".path; dataDir = [ "/mnt/minio" ]; + + # TODO: Migrate from fs to snsd backend! + package = pkgs.minio_legacy_fs; }; sharry = { diff --git a/nixos/boxes/colony/vms/whale2/default.nix b/nixos/boxes/colony/vms/whale2/default.nix index a4379cb..827412f 100644 --- a/nixos/boxes/colony/vms/whale2/default.nix +++ b/nixos/boxes/colony/vms/whale2/default.nix @@ -1,6 +1,7 @@ { lib, ... }: let inherit (builtins) mapAttrs; + inherit (lib) mkForce; in { nixos.systems.whale2 = { @@ -103,6 +104,9 @@ in oci-containers = { backend = "podman"; }; + # NixOS has switched to using netavark, which is native to podman. It's currently missing an option to + # disable iptables rules generation, which is very annoying. + containers.containersConf.settings.network.network_backend = mkForce "cni"; }; environment = { diff --git a/nixos/modules/deploy-rs.nix b/nixos/modules/deploy-rs.nix index 679bead..b3c502b 100644 --- a/nixos/modules/deploy-rs.nix +++ b/nixos/modules/deploy-rs.nix @@ -13,7 +13,10 @@ let ''; # Based on https://github.com/serokell/deploy-rs/blob/master/flake.nix - nixosActivate = cfg': base: (pkgs.deploy-rs.lib.activate.custom // { dryActivate = "$PROFILE/bin/switch-to-configuration dry-activate"; }) base.config.system.build.toplevel '' + nixosActivate = cfg': base: (pkgs.deploy-rs.lib.activate.custom // { + dryActivate = "$PROFILE/bin/switch-to-configuration dry-activate"; + boot = "$PROFILE/bin/switch-to-configuration boot"; + }) base.config.system.build.toplevel '' # work around https://github.com/NixOS/nixpkgs/issues/73404 cd /tmp @@ -39,7 +42,8 @@ let journalctl -o cat --no-pager -n 0 -f -u "$unit" & jPid=$! cleanup() { - kill $jPid + # shellcheck disable=SC2317 + kill "$jPid" } trap cleanup EXIT diff --git a/nixos/modules/network.nix b/nixos/modules/network.nix index caf969f..f8519ba 100644 --- a/nixos/modules/network.nix +++ b/nixos/modules/network.nix @@ -1,35 +1,6 @@ { lib, pkgs, config, ... }: let inherit (lib) flatten optional mkIf mkDefault mkMerge; - - # TODO: Backported from systemd 251 - networkd-wait-online-at = pkgs.writeTextDir "lib/systemd/system/systemd-networkd-wait-online@.service" '' - # SPDX-License-Identifier: LGPL-2.1-or-later - # - # This file is part of systemd. - # - # systemd is free software; you can redistribute it and/or modify it - # under the terms of the GNU Lesser General Public License as published by - # the Free Software Foundation; either version 2.1 of the License, or - # (at your option) any later version. - - [Unit] - Description=Wait for Network Interface %i to be Configured - Documentation=man:systemd-networkd-wait-online.service(8) - DefaultDependencies=no - Conflicts=shutdown.target - Requires=systemd-networkd.service - After=systemd-networkd.service - Before=network-online.target shutdown.target - - [Service] - Type=oneshot - ExecStart=${pkgs.systemd}/lib/systemd/systemd-networkd-wait-online -i %i - RemainAfterExit=yes - - [Install] - WantedBy=network-online.target - ''; in { config = mkMerge [ @@ -42,7 +13,11 @@ in }; systemd = { - packages = [ networkd-wait-online-at ]; + additionalUpstreamSystemUnits = [ + # TODO: NixOS has its own version of this, but with `network` instead of `networkd`. Is this just a typo? It + # hasn't been updated in 2 years... + "systemd-networkd-wait-online@.service" + ]; }; services.resolved = { diff --git a/nixos/modules/vms.nix b/nixos/modules/vms.nix index 7588fd1..3b2f88a 100644 --- a/nixos/modules/vms.nix +++ b/nixos/modules/vms.nix @@ -242,7 +242,7 @@ in value = { matchConfig = { Name = net.ifname; - Kind = "tap"; + Kind = "tun"; }; networkConfig.Bridge = net.bridge; };