Update nixpkgs-unstable (and other inputs)
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 30s
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 30s
This commit is contained in:
@@ -4,7 +4,7 @@ let
|
||||
inherit (lib.my.c.britway) prefixes domain;
|
||||
|
||||
# Can't use overrideAttrs because we need to override `vendorHash` within `buildGoModule`
|
||||
headscale = (pkgs.headscale.override {
|
||||
headscale' = (pkgs.headscale.override {
|
||||
buildGoModule = args: pkgs.buildGoModule (args // rec {
|
||||
version = "0.23.0-alpha12";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
@@ -36,21 +36,20 @@ in
|
||||
services = {
|
||||
headscale = {
|
||||
enable = true;
|
||||
package = headscale;
|
||||
settings = {
|
||||
disable_check_updates = true;
|
||||
unix_socket_permission = "0770";
|
||||
server_url = "https://ts.${pubDomain}";
|
||||
server_url = "https://hs.${pubDomain}";
|
||||
database = {
|
||||
type = "sqlite3";
|
||||
sqlite.path = "/var/lib/headscale/db.sqlite3";
|
||||
};
|
||||
noise.private_key_path = "/var/lib/headscale/noise_private.key";
|
||||
prefixes = with lib.my.c.tailscale.prefix; { inherit v4 v6; };
|
||||
dns_config = {
|
||||
dns = {
|
||||
# Use IPs that will route inside the VPN to prevent interception
|
||||
# (e.g. DNS rebinding filtering)
|
||||
restricted_nameservers = {
|
||||
nameservers.split = {
|
||||
"${domain}" = pubNameservers;
|
||||
"${lib.my.c.colony.domain}" = with allAssignments.estuary.base; [
|
||||
ipv4.address ipv6.address
|
||||
@@ -64,7 +63,6 @@ in
|
||||
};
|
||||
magic_dns = true;
|
||||
base_domain = "ts.${pubDomain}";
|
||||
override_local_dns = false;
|
||||
};
|
||||
oidc = {
|
||||
only_start_if_oidc_is_available = true;
|
||||
@@ -84,7 +82,7 @@ in
|
||||
interfaceName = "tailscale0";
|
||||
extraUpFlags = [
|
||||
"--operator=${config.my.user.config.name}"
|
||||
"--login-server=https://ts.nul.ie"
|
||||
"--login-server=https://hs.nul.ie"
|
||||
"--netfilter-mode=off"
|
||||
"--advertise-exit-node"
|
||||
"--accept-routes=false"
|
||||
|
||||
@@ -50,11 +50,6 @@ in
|
||||
group = "matrix-synapse";
|
||||
};
|
||||
|
||||
"chatterbox/syncv3.env" = {
|
||||
owner = "matrix-syncv3";
|
||||
group = "matrix-syncv3";
|
||||
};
|
||||
|
||||
"chatterbox/mautrix-whatsapp.env" = {
|
||||
owner = "mautrix-whatsapp";
|
||||
group = "mautrix-whatsapp";
|
||||
@@ -80,32 +75,21 @@ in
|
||||
matrix-synapse.extraGroups = [
|
||||
"mautrix-whatsapp"
|
||||
];
|
||||
matrix-syncv3 = {
|
||||
isSystemUser = true;
|
||||
uid = uids.matrix-syncv3;
|
||||
group = "matrix-syncv3";
|
||||
};
|
||||
};
|
||||
groups = {
|
||||
matrix-syncv3.gid = gids.matrix-syncv3;
|
||||
};
|
||||
groups = { };
|
||||
};
|
||||
|
||||
systemd = {
|
||||
network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
|
||||
services = {
|
||||
matrix-sliding-sync.serviceConfig = {
|
||||
# Needs to be able to read its secrets
|
||||
DynamicUser = mkForce false;
|
||||
User = "matrix-syncv3";
|
||||
Group = "matrix-syncv3";
|
||||
};
|
||||
} // (genAttrs [ "mautrix-whatsapp" "mautrix-meta-messenger" "mautrix-meta-instagram" ] (_: {
|
||||
services = { } // (genAttrs [ "mautrix-whatsapp" "mautrix-meta-messenger" "mautrix-meta-instagram" ] (_: {
|
||||
# ffmpeg needed to convert GIFs to video
|
||||
path = with pkgs; [ ffmpeg ];
|
||||
}));
|
||||
};
|
||||
|
||||
# TODO/FIXME: https://github.com/NixOS/nixpkgs/issues/336052
|
||||
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
|
||||
|
||||
services = {
|
||||
netdata.enable = true;
|
||||
matrix-synapse = {
|
||||
@@ -198,15 +182,6 @@ in
|
||||
};
|
||||
|
||||
};
|
||||
matrix-sliding-sync = {
|
||||
enable = true;
|
||||
createDatabase = false;
|
||||
environmentFile = config.age.secrets."chatterbox/syncv3.env".path;
|
||||
settings = {
|
||||
SYNCV3_BINDADDR = "[::]:8009";
|
||||
SYNCV3_SERVER = "http://localhost:8008";
|
||||
};
|
||||
};
|
||||
|
||||
heisenbridge = {
|
||||
enable = true;
|
||||
@@ -285,10 +260,12 @@ in
|
||||
avatar = "mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak";
|
||||
};
|
||||
};
|
||||
meta.mode = "messenger";
|
||||
network = {
|
||||
mode = "messenger";
|
||||
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FBM)'';
|
||||
};
|
||||
bridge = {
|
||||
username_template = "fbm2_{{.}}";
|
||||
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FBM)'';
|
||||
personal_filtering_spaces = true;
|
||||
delivery_receipts = true;
|
||||
management_room_text.welcome = "Hello, I'm a Messenger bridge bot.";
|
||||
@@ -331,10 +308,12 @@ in
|
||||
avatar = "mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv";
|
||||
};
|
||||
};
|
||||
meta.mode = "instagram";
|
||||
network = {
|
||||
mode = "instagram";
|
||||
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (IG)'';
|
||||
};
|
||||
bridge = {
|
||||
username_template = "ig_{{.}}";
|
||||
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (IG)'';
|
||||
personal_filtering_spaces = true;
|
||||
delivery_receipts = true;
|
||||
management_room_text.welcome = "Hello, I'm an Instagram bridge bot.";
|
||||
|
||||
@@ -216,7 +216,7 @@ in
|
||||
|
||||
atticd = {
|
||||
enable = false;
|
||||
credentialsFile = config.age.secrets."object/atticd.env".path;
|
||||
environmentFile = config.age.secrets."object/atticd.env".path;
|
||||
settings = {
|
||||
listen = "[::]:8069";
|
||||
allowed-hosts = [ "nix-cache.${pubDomain}" ];
|
||||
|
||||
@@ -86,7 +86,7 @@ in
|
||||
interfaceName = "tailscale0";
|
||||
extraUpFlags = [
|
||||
"--operator=${config.my.user.config.name}"
|
||||
"--login-server=https://ts.nul.ie"
|
||||
"--login-server=https://hs.nul.ie"
|
||||
"--netfilter-mode=off"
|
||||
"--advertise-exit-node"
|
||||
"--advertise-routes=${advRoutes}"
|
||||
|
||||
@@ -56,6 +56,7 @@ in
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
unifiPackage = pkgs.unifi8;
|
||||
mongodbPackage = pkgs.mongodb-6_0;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -166,7 +166,7 @@ in
|
||||
interfaceName = "tailscale0";
|
||||
extraUpFlags = [
|
||||
"--operator=${config.my.user.config.name}"
|
||||
"--login-server=https://ts.nul.ie"
|
||||
"--login-server=https://hs.nul.ie"
|
||||
"--netfilter-mode=off"
|
||||
"--advertise-exit-node"
|
||||
"--advertise-routes=${advRoutes}"
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
cpu = {
|
||||
intel.updateMicrocode = true;
|
||||
};
|
||||
opengl.extraPackages = with pkgs; [
|
||||
graphics.extraPackages = with pkgs; [
|
||||
intel-media-driver
|
||||
];
|
||||
bluetooth.enable = true;
|
||||
@@ -177,7 +177,7 @@
|
||||
programs = {
|
||||
fish = {
|
||||
shellAbbrs = {
|
||||
tsup = "doas tailscale up --login-server=https://ts.nul.ie --accept-routes";
|
||||
tsup = "doas tailscale up --login-server=https://hs.nul.ie --accept-routes";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -61,8 +61,8 @@
|
||||
};
|
||||
|
||||
networking = {
|
||||
# Will be set dynamically
|
||||
hostName = "";
|
||||
# Will be set dynamically, but need something to satisfy `/etc/os-release` stuff
|
||||
hostName = "installer";
|
||||
useNetworkd = false;
|
||||
};
|
||||
|
||||
|
||||
@@ -12,7 +12,6 @@ in
|
||||
inputs.impermanence.nixosModule
|
||||
inputs.ragenix.nixosModules.age
|
||||
inputs.sharry.nixosModules.default
|
||||
inputs.attic.nixosModules.atticd
|
||||
];
|
||||
|
||||
config = mkMerge [
|
||||
|
||||
Reference in New Issue
Block a user