Upgrade NixOS stable to 22.11 and upgrade packages

nixos/boxes/colony/vms/shill/containers/object.nix

@@ -15,7 +15,7 @@
       };
     };
 
-    configuration = { lib, config, assignments, ... }:
+    configuration = { lib, pkgs, config, assignments, ... }:
     let
       inherit (lib) mkMerge mkIf;
       inherit (lib.my) networkdAssignment;
@@ -64,6 +64,9 @@
               browser = true;
               rootCredentialsFile = config.age.secrets."object/minio.env".path;
               dataDir = [ "/mnt/minio" ];
+
+              # TODO: Migrate from fs to snsd backend!
+              package = pkgs.minio_legacy_fs;
             };
 
             sharry = {

nixos/boxes/colony/vms/whale2/default.nix

@@ -1,6 +1,7 @@
 { lib, ... }:
 let
   inherit (builtins) mapAttrs;
+  inherit (lib) mkForce;
 in
 {
   nixos.systems.whale2 = {
@@ -103,6 +104,9 @@ in
               oci-containers = {
                 backend = "podman";
               };
+              # NixOS has switched to using netavark, which is native to podman. It's currently missing an option to
+              # disable iptables rules generation, which is very annoying.
+              containers.containersConf.settings.network.network_backend = mkForce "cni";
             };
 
             environment = {

nixos/modules/deploy-rs.nix

@@ -13,7 +13,10 @@ let
   '';
 
   # Based on https://github.com/serokell/deploy-rs/blob/master/flake.nix
-  nixosActivate = cfg': base: (pkgs.deploy-rs.lib.activate.custom // { dryActivate = "$PROFILE/bin/switch-to-configuration dry-activate"; }) base.config.system.build.toplevel ''
+  nixosActivate = cfg': base: (pkgs.deploy-rs.lib.activate.custom // {
+    dryActivate = "$PROFILE/bin/switch-to-configuration dry-activate";
+    boot = "$PROFILE/bin/switch-to-configuration boot";
+  }) base.config.system.build.toplevel ''
     # work around https://github.com/NixOS/nixpkgs/issues/73404
     cd /tmp
 
@@ -39,7 +42,8 @@ let
         journalctl -o cat --no-pager -n 0 -f -u "$unit" &
         jPid=$!
         cleanup() {
-          kill $jPid
+          # shellcheck disable=SC2317
+          kill "$jPid"
         }
         trap cleanup EXIT
 

nixos/modules/network.nix

@@ -1,35 +1,6 @@
 { lib, pkgs, config, ... }:
 let
   inherit (lib) flatten optional mkIf mkDefault mkMerge;
-
-  # TODO: Backported from systemd 251
-  networkd-wait-online-at = pkgs.writeTextDir "lib/systemd/system/systemd-networkd-wait-online@.service" ''
-    #  SPDX-License-Identifier: LGPL-2.1-or-later
-    #
-    #  This file is part of systemd.
-    #
-    #  systemd is free software; you can redistribute it and/or modify it
-    #  under the terms of the GNU Lesser General Public License as published by
-    #  the Free Software Foundation; either version 2.1 of the License, or
-    #  (at your option) any later version.
-
-    [Unit]
-    Description=Wait for Network Interface %i to be Configured
-    Documentation=man:systemd-networkd-wait-online.service(8)
-    DefaultDependencies=no
-    Conflicts=shutdown.target
-    Requires=systemd-networkd.service
-    After=systemd-networkd.service
-    Before=network-online.target shutdown.target
-
-    [Service]
-    Type=oneshot
-    ExecStart=${pkgs.systemd}/lib/systemd/systemd-networkd-wait-online -i %i
-    RemainAfterExit=yes
-
-    [Install]
-    WantedBy=network-online.target
-  '';
 in
 {
   config = mkMerge [
@@ -42,7 +13,11 @@ in
       };
 
       systemd = {
-        packages = [ networkd-wait-online-at ];
+        additionalUpstreamSystemUnits = [
+          # TODO: NixOS has its own version of this, but with `network` instead of `networkd`. Is this just a typo? It
+          # hasn't been updated in 2 years...
+          "systemd-networkd-wait-online@.service"
+        ];
       };
 
       services.resolved = {

nixos/modules/vms.nix

@@ -242,7 +242,7 @@ in
               value = {
                 matchConfig = {
                   Name = net.ifname;
-                  Kind = "tap";
+                  Kind = "tun";
                 };
                 networkConfig.Bridge = net.bridge;
               };