Upgrade NixOS stable to 22.11 and upgrade packages

flake.lock

@@ -29,11 +29,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1659725433,
-        "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=",
+        "lastModified": 1672327199,
+        "narHash": "sha256-pFlngSHXKBhAmbaKZ4FYtu57LLunG+vWdL7a5vw1RvQ=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb",
+        "rev": "a5619f5660a00f58c2b7c16d89058e92327ac9b8",
         "type": "github"
       },
       "original": {
@@ -66,11 +66,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1648199409,
-        "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
+        "lastModified": 1668681692,
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
         "type": "github"
       },
       "original": {
@@ -128,19 +128,20 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs-stable"
-        ]
+        ],
+        "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1667907331,
-        "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=",
+        "lastModified": 1672244468,
+        "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "6639e3a837fc5deb6f99554072789724997bc8e5",
+        "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706",
         "type": "github"
       },
       "original": {
         "id": "home-manager",
-        "ref": "release-22.05",
+        "ref": "release-22.11",
         "type": "indirect"
       }
     },
@@ -149,14 +150,14 @@
         "nixpkgs": [
           "nixpkgs-unstable"
         ],
-        "utils": "utils_2"
+        "utils": "utils_3"
       },
       "locked": {
-        "lastModified": 1668900402,
-        "narHash": "sha256-IhVlueHoQNoN0SOHZIceKU3LyEL00g2ei0aUlaNypbQ=",
+        "lastModified": 1673089714,
+        "narHash": "sha256-D58SGNOVe+s7r2iewnCA8q68gyrfQcOnD1TdJo1wFLY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c0f9cbcf93ca22e4f0ca66843be61a4bdf6f0a44",
+        "rev": "9e565f0d9d41c19a94f55af205c328ec5177fc0a",
         "type": "github"
       },
       "original": {
@@ -182,11 +183,11 @@
     },
     "nixpkgs-mine": {
       "locked": {
-        "lastModified": 1668912601,
-        "narHash": "sha256-3NYOKMIy+9yZ0i79n7/gDOG4larQDyP93yhLvocAhLI=",
+        "lastModified": 1673114714,
+        "narHash": "sha256-jK8mpQaWYJdaczvhzX787X98srlpItKXKUZfFI+VO38=",
         "owner": "devplayer0",
         "repo": "nixpkgs",
-        "rev": "b72bbaaf21d31f67df455e1584f2dff02d799896",
+        "rev": "aee4d3c036013c6f28054d6aed7dabfea699b7c6",
         "type": "github"
       },
       "original": {
@@ -198,11 +199,11 @@
     },
     "nixpkgs-mine-stable": {
       "locked": {
-        "lastModified": 1668912632,
-        "narHash": "sha256-Xv+VEgkAxDsj572ggD/KBDzkO6//ltLpH80fy0h2vNI=",
+        "lastModified": 1673115412,
+        "narHash": "sha256-eF2ItE6bmllqS5xIm3+b/TEJC/6Unro2dGBuTsV/MBQ=",
         "owner": "devplayer0",
         "repo": "nixpkgs",
-        "rev": "3419fa265d67829f922d0dcbe865bc915f93f885",
+        "rev": "bd88557becd7cdba328590a2dea96f7bc20710fd",
         "type": "github"
       },
       "original": {
@@ -214,26 +215,26 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1668766498,
-        "narHash": "sha256-UjZlIrbHGlL3H3HZNPTxPSwJfr49jIfbPWCYxk0EQm4=",
+        "lastModified": 1672968032,
+        "narHash": "sha256-26Jns3GmHem44a06UN5Rj/KOD9qNJThyQrom02Ijur8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f42a45c015f28ac3beeb0df360e50cdbf495d44b",
+        "rev": "2dea8991d89b9f1e78d874945f78ca15f6954289",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-22.05",
+        "ref": "nixos-22.11",
         "type": "indirect"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1668765800,
-        "narHash": "sha256-rC40+/W6Hio7b/RsY8SvQPKNx4WqNcTgfYv8cUMAvJk=",
+        "lastModified": 1672953546,
+        "narHash": "sha256-oz757DnJ1ITvwyTovuwG3l9cX6j9j6/DH9eH+cXFJmc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "52b2ac8ae18bbad4374ff0dd5aeee0fdf1aea739",
+        "rev": "a518c77148585023ff56022f09c4b2c418a51ef5",
         "type": "github"
       },
       "original": {
@@ -282,11 +283,11 @@
     },
     "utils": {
       "locked": {
-        "lastModified": 1648297722,
-        "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
         "type": "github"
       },
       "original": {
@@ -309,6 +310,21 @@
         "repo": "flake-utils",
         "type": "github"
       }
+    },
+    "utils_3": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -7,13 +7,13 @@
     devshell.inputs.nixpkgs.follows = "nixpkgs-unstable";
 
     nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
-    nixpkgs-stable.url = "nixpkgs/nixos-22.05";
+    nixpkgs-stable.url = "nixpkgs/nixos-22.11";
     nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0";
     nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable";
 
     home-manager-unstable.url = "home-manager";
     home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
-    home-manager-stable.url = "home-manager/release-22.05";
+    home-manager-stable.url = "home-manager/release-22.11";
     home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
 
     # Stuff used by the flake for build / deployment

home-manager/default.nix

@@ -10,14 +10,8 @@ let
     config',
     defs,
   }:
-  let
-    # TODO: Remove this backwards compatibility when 22.11 becomes stable
-    # https://github.com/nix-community/home-manager/blob/master/docs/release-notes/rl-2211.adoc
-    newCfgFn = (homeStateVersion' config'.home-manager) == "22.11";
-    modArg = if newCfgFn then "modules" else "extraModules";
-  in
   # homeManagerConfiguration doesn't allow us to set lib directly (inherits from passed pkgs)
-  hmFlakes.${config'.home-manager}.lib.homeManagerConfiguration ({
+  hmFlakes.${config'.home-manager}.lib.homeManagerConfiguration {
     # Passing pkgs here doesn't set the global pkgs, just where it'll be imported from (and where the global lib is
     # derived from). We want home-manager to import pkgs itself so it'll apply config and overlays modularly. Any config
     # and overlays previously applied will be passed on by `homeManagerConfiguration` though. In fact, because of weird
@@ -25,7 +19,7 @@ let
     # TODO: Check if this is fixed in future.
     pkgs = pkgs'.${config'.nixpkgs}.${config'.system} // { config = { }; };
     extraSpecialArgs = { inherit inputs pkgsFlakes; pkgsFlake = pkgsFlakes.${config'.nixpkgs}; };
-    "${modArg}" = (attrValues cfg.modules) ++ [
+    modules = (attrValues cfg.modules) ++ [
       {
         warnings = flatten [
           (optional (config'.nixpkgs != config'.home-manager)
@@ -38,19 +32,13 @@ let
           pkgs' = mapAttrs (_: p: p.${config'.system}) pkgs';
         };
 
-        home = mkIf newCfgFn {
+        home = {
           inherit (config') homeDirectory username;
         };
       }
       (homeStateVersion config'.home-manager)
-    ] ++ (if newCfgFn then defs else tail defs);
-  } // (optionalAttrs (!newCfgFn) {
-    inherit (config') system homeDirectory username;
-
-    # Pull the first def as `configuration` and add any others to `extraModules` for the old style config (they should
-    # end up in the same list of modules to evaluate anyway)
-    configuration = head defs;
-  }));
+    ] ++ defs;
+  };
 
   homeOpts = with lib.types; { ... }@args:
   let

lib/default.nix

@@ -88,7 +88,7 @@ rec {
     then throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failedAssertions)}"
     else showWarnings config.warnings res;
 
-  homeStateVersion' = hmBranch: (if (hmBranch == "stable" || hmBranch == "mine-stable") then "22.05" else "22.11");
+  homeStateVersion' = hmBranch: (if (hmBranch == "stable" || hmBranch == "mine-stable") then "22.11" else "23.05");
   homeStateVersion = hmBranch: {
     # The flake passes a default setting, but we don't care about that
     home.stateVersion = mkForce (homeStateVersion' hmBranch);

nixos/boxes/colony/vms/shill/containers/object.nix

@@ -15,7 +15,7 @@
       };
     };
 
-    configuration = { lib, config, assignments, ... }:
+    configuration = { lib, pkgs, config, assignments, ... }:
     let
       inherit (lib) mkMerge mkIf;
       inherit (lib.my) networkdAssignment;
@@ -64,6 +64,9 @@
               browser = true;
               rootCredentialsFile = config.age.secrets."object/minio.env".path;
               dataDir = [ "/mnt/minio" ];
+
+              # TODO: Migrate from fs to snsd backend!
+              package = pkgs.minio_legacy_fs;
             };
 
             sharry = {

nixos/boxes/colony/vms/whale2/default.nix

@@ -1,6 +1,7 @@
 { lib, ... }:
 let
   inherit (builtins) mapAttrs;
+  inherit (lib) mkForce;
 in
 {
   nixos.systems.whale2 = {
@@ -103,6 +104,9 @@ in
               oci-containers = {
                 backend = "podman";
               };
+              # NixOS has switched to using netavark, which is native to podman. It's currently missing an option to
+              # disable iptables rules generation, which is very annoying.
+              containers.containersConf.settings.network.network_backend = mkForce "cni";
             };
 
             environment = {

nixos/modules/deploy-rs.nix

@@ -13,7 +13,10 @@ let
   '';
 
   # Based on https://github.com/serokell/deploy-rs/blob/master/flake.nix
-  nixosActivate = cfg': base: (pkgs.deploy-rs.lib.activate.custom // { dryActivate = "$PROFILE/bin/switch-to-configuration dry-activate"; }) base.config.system.build.toplevel ''
+  nixosActivate = cfg': base: (pkgs.deploy-rs.lib.activate.custom // {
+    dryActivate = "$PROFILE/bin/switch-to-configuration dry-activate";
+    boot = "$PROFILE/bin/switch-to-configuration boot";
+  }) base.config.system.build.toplevel ''
     # work around https://github.com/NixOS/nixpkgs/issues/73404
     cd /tmp
 
@@ -39,7 +42,8 @@ let
         journalctl -o cat --no-pager -n 0 -f -u "$unit" &
         jPid=$!
         cleanup() {
-          kill $jPid
+          # shellcheck disable=SC2317
+          kill "$jPid"
         }
         trap cleanup EXIT
 

nixos/modules/network.nix

@@ -1,35 +1,6 @@
 { lib, pkgs, config, ... }:
 let
   inherit (lib) flatten optional mkIf mkDefault mkMerge;
-
-  # TODO: Backported from systemd 251
-  networkd-wait-online-at = pkgs.writeTextDir "lib/systemd/system/systemd-networkd-wait-online@.service" ''
-    #  SPDX-License-Identifier: LGPL-2.1-or-later
-    #
-    #  This file is part of systemd.
-    #
-    #  systemd is free software; you can redistribute it and/or modify it
-    #  under the terms of the GNU Lesser General Public License as published by
-    #  the Free Software Foundation; either version 2.1 of the License, or
-    #  (at your option) any later version.
-
-    [Unit]
-    Description=Wait for Network Interface %i to be Configured
-    Documentation=man:systemd-networkd-wait-online.service(8)
-    DefaultDependencies=no
-    Conflicts=shutdown.target
-    Requires=systemd-networkd.service
-    After=systemd-networkd.service
-    Before=network-online.target shutdown.target
-
-    [Service]
-    Type=oneshot
-    ExecStart=${pkgs.systemd}/lib/systemd/systemd-networkd-wait-online -i %i
-    RemainAfterExit=yes
-
-    [Install]
-    WantedBy=network-online.target
-  '';
 in
 {
   config = mkMerge [
@@ -42,7 +13,11 @@ in
       };
 
       systemd = {
-        packages = [ networkd-wait-online-at ];
+        additionalUpstreamSystemUnits = [
+          # TODO: NixOS has its own version of this, but with `network` instead of `networkd`. Is this just a typo? It
+          # hasn't been updated in 2 years...
+          "systemd-networkd-wait-online@.service"
+        ];
       };
 
       services.resolved = {

nixos/modules/vms.nix

@@ -242,7 +242,7 @@ in
               value = {
                 matchConfig = {
                   Name = net.ifname;
-                  Kind = "tap";
+                  Kind = "tun";
                 };
                 networkConfig.Bridge = net.bridge;
               };