diff --git a/flake.lock b/flake.lock index 8d56512..d0dec68 100644 --- a/flake.lock +++ b/flake.lock @@ -437,16 +437,16 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1732466619, + "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "f3111f62a23451114433888902a55cf0692b408d", "type": "github" }, "original": { "id": "home-manager", - "ref": "release-24.05", + "ref": "release-24.11", "type": "indirect" } }, @@ -457,11 +457,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1732884235, + "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "819f682269f4e002884702b87e445c82840c68f2", "type": "github" }, "original": { @@ -545,11 +545,11 @@ }, "nixpkgs-mine": { "locked": { - "lastModified": 1731774603, - "narHash": "sha256-d8Y7nqzdjKqG/sOkEm52J0C6jBX0cn1GHGuh0GUTqyI=", + "lastModified": 1732985787, + "narHash": "sha256-6rSJ9L4QywpHLi/xvpOHdTuPm6/eOJcXxnYzDbP3U1k=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "0712614f7c9f98eddf838c2a6ae1a2e315ca6b83", + "rev": "a28c46933ef5038fb7a2dd483b85152a539c7969", "type": "github" }, "original": { @@ -561,11 +561,11 @@ }, "nixpkgs-mine-stable": { "locked": { - "lastModified": 1731774637, - "narHash": "sha256-j2swiGIVhYDpbsf+uCfMmxZ69nzy5VvW6OKUSJFifds=", + "lastModified": 1732985894, + "narHash": "sha256-YYuQQCcSF6KjgtAenZJiBmqt5jqP3UvYgC424VQ+22s=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "682a245504aa86e26aab8d4a5273333946d19689", + "rev": "e0a3f4e2bbc5f7b681e344b389dcbab23f2e92a8", "type": "github" }, "original": { @@ -577,26 +577,26 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1731797254, - "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", + "lastModified": 1732824227, + "narHash": "sha256-fYNXgpu1AEeLyd3fQt4Ym0tcVP7cdJ8wRoqJ+CtTRyY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", + "rev": "c71ad5c34d51dcbda4c15f44ea4e4aa6bb6ac1e9", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1732758367, + "narHash": "sha256-RzaI1RO0UXqLjydtz3GAXSTzHkpb/lLD1JD8a0W4Wpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "fa42b5a5f401aab8a32bd33c9a4de0738180dc59", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 1504a8e..a593b7f 100644 --- a/flake.nix +++ b/flake.nix @@ -7,13 +7,13 @@ devshell.inputs.nixpkgs.follows = "nixpkgs-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "nixpkgs/nixos-24.05"; + nixpkgs-stable.url = "nixpkgs/nixos-24.11"; nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0"; nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable"; home-manager-unstable.url = "home-manager"; home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; - home-manager-stable.url = "home-manager/release-24.05"; + home-manager-stable.url = "home-manager/release-24.11"; home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; # Stuff used by the flake for build / deployment diff --git a/home-manager/modules/gui/default.nix b/home-manager/modules/gui/default.nix index 51981fb..cf50f56 100644 --- a/home-manager/modules/gui/default.nix +++ b/home-manager/modules/gui/default.nix @@ -42,9 +42,8 @@ in xdg-utils font.package - (nerdfonts.override { - fonts = [ "DroidSansMono" "SourceCodePro" ]; - }) + nerd-fonts.sauce-code-pro + nerd-fonts.droid-sans-mono noto-fonts-emoji grim diff --git a/nixos/boxes/britway/default.nix b/nixos/boxes/britway/default.nix index 4a6a105..b30c0dc 100644 --- a/nixos/boxes/britway/default.nix +++ b/nixos/boxes/britway/default.nix @@ -106,7 +106,7 @@ in { matchConfig.Name = "as211024"; networkConfig.IPv6AcceptRA = mkForce false; - routes = map (r: { routeConfig = r; }) [ + routes = [ { Destination = lib.my.c.colony.prefixes.all.v4; Gateway = allAssignments.estuary.as211024.ipv4.address; @@ -123,7 +123,7 @@ in Table = "ts-extra"; } ]; - routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [ + routingPolicyRules = [ { IncomingInterface = "tailscale0"; To = lib.my.c.colony.prefixes.all.v6; diff --git a/nixos/boxes/colony/default.nix b/nixos/boxes/colony/default.nix index 8e19c27..7d0bccc 100644 --- a/nixos/boxes/colony/default.nix +++ b/nixos/boxes/colony/default.nix @@ -252,10 +252,10 @@ in }; ipv6Prefixes = [ { - ipv6PrefixConfig.Prefix = prefixes.vms.v6; + Prefix = prefixes.vms.v6; } ]; - routes = map (r: { routeConfig = r; }) [ + routes = [ { Destination = prefixes.ctrs.v4; Gateway = allAssignments.shill.routing.ipv4.address; @@ -327,10 +327,10 @@ in }; ipv6Prefixes = [ { - ipv6PrefixConfig.Prefix = prefixes.mail.v6; + Prefix = prefixes.mail.v6; } ]; - routes = map (r: { routeConfig = r; }) [ + routes = [ { Destination = prefixes.mail.v4; Scope = "link"; @@ -350,10 +350,10 @@ in }; ipv6Prefixes = [ { - ipv6PrefixConfig.Prefix = prefixes.darts.v6; + Prefix = prefixes.darts.v6; } ]; - routes = map (r: { routeConfig = r; }) [ + routes = [ { Destination = prefixes.darts.v4; Scope = "link"; diff --git a/nixos/boxes/colony/vms/estuary/default.nix b/nixos/boxes/colony/vms/estuary/default.nix index 01f4c0e..76946d2 100644 --- a/nixos/boxes/colony/vms/estuary/default.nix +++ b/nixos/boxes/colony/vms/estuary/default.nix @@ -164,11 +164,9 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - PublicKey = "7N9YdQaCMWWIwAnW37vrthm9ZpbnG4Lx3gheHeRYz2E="; - AllowedIPs = [ allAssignments.kelder.estuary.ipv4.address ]; - PersistentKeepalive = 25; - }; + PublicKey = "7N9YdQaCMWWIwAnW37vrthm9ZpbnG4Lx3gheHeRYz2E="; + AllowedIPs = [ allAssignments.kelder.estuary.ipv4.address ]; + PersistentKeepalive = 25; } ]; }; @@ -278,52 +276,51 @@ in }; ipv6Prefixes = [ { - ipv6PrefixConfig.Prefix = prefixes.base.v6; + Prefix = prefixes.base.v6; } ]; - routes = map (r: { routeConfig = r; }) (flatten - ([ - { - Destination = prefixes.vip1; - Gateway = allAssignments.colony.routing.ipv4.address; - } - { - Destination = prefixes.vip3; - Gateway = allAssignments.colony.routing.ipv4.address; - } - { - Destination = prefixes.darts.v4; - Gateway = allAssignments.colony.routing.ipv4.address; - } - { - Destination = prefixes.cust.v6; - Gateway = allAssignments.colony.internal.ipv6.address; - } + routes = flatten ([ + { + Destination = prefixes.vip1; + Gateway = allAssignments.colony.routing.ipv4.address; + } + { + Destination = prefixes.vip3; + Gateway = allAssignments.colony.routing.ipv4.address; + } + { + Destination = prefixes.darts.v4; + Gateway = allAssignments.colony.routing.ipv4.address; + } + { + Destination = prefixes.cust.v6; + Gateway = allAssignments.colony.internal.ipv6.address; + } - { - Destination = lib.my.c.tailscale.prefix.v4; - Gateway = allAssignments.colony.routing.ipv4.address; - } - { - Destination = lib.my.c.tailscale.prefix.v6; - Gateway = allAssignments.colony.internal.ipv6.address; - } + { + Destination = lib.my.c.tailscale.prefix.v4; + Gateway = allAssignments.colony.routing.ipv4.address; + } + { + Destination = lib.my.c.tailscale.prefix.v6; + Gateway = allAssignments.colony.internal.ipv6.address; + } - { - Destination = prefixes.qclk.v4; - Gateway = allAssignments.colony.routing.ipv4.address; - } - ] ++ - (map (pName: [ - { - Gateway = allAssignments.colony.routing.ipv4.address; - Destination = prefixes."${pName}".v4; - } - { - Destination = prefixes."${pName}".v6; - Gateway = allAssignments.colony.internal.ipv6.address; - } - ]) [ "vms" "ctrs" "oci" ]))); + { + Destination = prefixes.qclk.v4; + Gateway = allAssignments.colony.routing.ipv4.address; + } + ] ++ + (map (pName: [ + { + Gateway = allAssignments.colony.routing.ipv4.address; + Destination = prefixes."${pName}".v4; + } + { + Destination = prefixes."${pName}".v6; + Gateway = allAssignments.colony.internal.ipv6.address; + } + ]) [ "vms" "ctrs" "oci" ])); } ]; @@ -332,7 +329,7 @@ in { matchConfig.Name = "as211024"; networkConfig.IPv6AcceptRA = mkForce false; - routes = map (r: { routeConfig = r; }) [ + routes = [ { Destination = lib.my.c.home.prefixes.all.v4; Gateway = lib.my.c.home.vips.as211024.v4; @@ -344,10 +341,8 @@ in matchConfig.Name = "kelder"; routes = [ { - routeConfig = { - Destination = allAssignments.kelder.estuary.ipv4.address; - Scope = "link"; - }; + Destination = allAssignments.kelder.estuary.ipv4.address; + Scope = "link"; } ]; }; diff --git a/nixos/boxes/colony/vms/shill/containers-ext.nix b/nixos/boxes/colony/vms/shill/containers-ext.nix index 18e2a5d..27e2428 100644 --- a/nixos/boxes/colony/vms/shill/containers-ext.nix +++ b/nixos/boxes/colony/vms/shill/containers-ext.nix @@ -47,10 +47,10 @@ in }; ipv6Prefixes = [ { - ipv6PrefixConfig.Prefix = prefixes.jam.v6; + Prefix = prefixes.jam.v6; } ]; - routes = map (r: { routeConfig = r; }) [ + routes = [ { Destination = prefixes.jam.v4; Scope = "link"; diff --git a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix index fa2385e..4b542a7 100644 --- a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix +++ b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix @@ -94,6 +94,14 @@ in }; }; + nixpkgs.config.permittedInsecurePackages = [ + # FIXME: This is needed for Sonarr + "aspnetcore-runtime-wrapped-6.0.36" + "aspnetcore-runtime-6.0.36" + "dotnet-sdk-wrapped-6.0.428" + "dotnet-sdk-6.0.428" + ]; + services = { netdata.enable = true; diff --git a/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix b/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix index dbd7029..06f5f5e 100644 --- a/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix +++ b/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix @@ -71,14 +71,12 @@ in RouteTable = routeTable; }; wireguardPeers = [ + # AirVPN NL { - # AirVPN NL - wireguardPeerConfig = { - Endpoint = "2a00:1678:1337:2329:e5f:35d4:4404:ef9f:1637"; - PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; - PresharedKeyFile = config.age.secrets."${pskFile}".path; - AllowedIPs = [ "0.0.0.0/0" "::/0" ]; - }; + Endpoint = "2a00:1678:1337:2329:e5f:35d4:4404:ef9f:1637"; + PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; + PresharedKeyFile = config.age.secrets."${pskFile}".path; + AllowedIPs = [ "0.0.0.0/0" "::/0" ]; } ]; }; @@ -94,7 +92,7 @@ in matchConfig.Name = "vpn"; address = [ "10.182.97.37/32" "fd7d:76ee:e68f:a993:735d:ef5e:6907:b122/128" ]; dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ]; - routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [ + routingPolicyRules = [ { Family = "both"; SuppressPrefixLength = 0; diff --git a/nixos/boxes/colony/vms/shill/containers/object.nix b/nixos/boxes/colony/vms/shill/containers/object.nix index 055cffc..7c5697f 100644 --- a/nixos/boxes/colony/vms/shill/containers/object.nix +++ b/nixos/boxes/colony/vms/shill/containers/object.nix @@ -237,7 +237,7 @@ in harmonia = { enable = true; - signKeyPath = config.age.secrets."nix-cache.key".path; + signKeyPaths = [ config.age.secrets."nix-cache.key".path ]; settings = { priority = 30; }; diff --git a/nixos/boxes/colony/vms/shill/default.nix b/nixos/boxes/colony/vms/shill/default.nix index e75d83a..333e25f 100644 --- a/nixos/boxes/colony/vms/shill/default.nix +++ b/nixos/boxes/colony/vms/shill/default.nix @@ -140,10 +140,10 @@ in }; ipv6Prefixes = [ { - ipv6PrefixConfig.Prefix = prefixes.ctrs.v6; + Prefix = prefixes.ctrs.v6; } ]; - routes = map (r: { routeConfig = r; }) [ + routes = [ { Destination = lib.my.c.tailscale.prefix.v4; Gateway = allAssignments.waffletail.internal.ipv4.address; diff --git a/nixos/boxes/home/castle/default.nix b/nixos/boxes/home/castle/default.nix index 6b70a0e..2493457 100644 --- a/nixos/boxes/home/castle/default.nix +++ b/nixos/boxes/home/castle/default.nix @@ -36,7 +36,7 @@ in cpu = { amd.updateMicrocode = true; }; - opengl.extraPackages = with pkgs; [ + graphics.extraPackages = with pkgs; [ intel-media-driver ]; bluetooth.enable = true; diff --git a/nixos/boxes/home/routing-common/default.nix b/nixos/boxes/home/routing-common/default.nix index 5bec941..620e4b3 100644 --- a/nixos/boxes/home/routing-common/default.nix +++ b/nixos/boxes/home/routing-common/default.nix @@ -276,7 +276,7 @@ in { matchConfig.Name = "as211024"; networkConfig.IPv6AcceptRA = mkForce false; - routes = map (r: { routeConfig = r; }) [ + routes = [ { Destination = lib.my.c.colony.prefixes.all.v4; Gateway = allAssignments.estuary.as211024.ipv4.address; @@ -301,7 +301,7 @@ in { "60-lan-hi" = { - routes = map (r: { routeConfig = r; }) [ + routes = [ { Destination = elemAt routersPubV4 otherIndex; Gateway = net.cidr.host (otherIndex + 1) prefixes.hi.v4; diff --git a/nixos/boxes/kelder/containers/acquisition/default.nix b/nixos/boxes/kelder/containers/acquisition/default.nix index 568ccea..fcc3570 100644 --- a/nixos/boxes/kelder/containers/acquisition/default.nix +++ b/nixos/boxes/kelder/containers/acquisition/default.nix @@ -26,7 +26,7 @@ in config = { # Hardware acceleration for Jellyfin - hardware.opengl = { + hardware.graphics = { enable = true; extraPackages = with pkgs; [ vaapiIntel @@ -78,6 +78,14 @@ in }; }; + nixpkgs.config.permittedInsecurePackages = [ + # FIXME: This is needed for Sonarr + "aspnetcore-runtime-wrapped-6.0.36" + "aspnetcore-runtime-6.0.36" + "dotnet-sdk-wrapped-6.0.428" + "dotnet-sdk-6.0.428" + ]; + services = { transmission = { enable = true; diff --git a/nixos/boxes/kelder/containers/acquisition/networking.nix b/nixos/boxes/kelder/containers/acquisition/networking.nix index ce62a50..3c8a723 100644 --- a/nixos/boxes/kelder/containers/acquisition/networking.nix +++ b/nixos/boxes/kelder/containers/acquisition/networking.nix @@ -73,14 +73,12 @@ in RouteTable = routeTable; }; wireguardPeers = [ + # AirVPN IE { - # AirVPN IE - wireguardPeerConfig = { - Endpoint = "146.70.94.2:1637"; - PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; - PresharedKeyFile = config.age.secrets."${pskFile}".path; - AllowedIPs = [ "0.0.0.0/0" "::/0" ]; - }; + Endpoint = "146.70.94.2:1637"; + PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; + PresharedKeyFile = config.age.secrets."${pskFile}".path; + AllowedIPs = [ "0.0.0.0/0" "::/0" ]; } ]; }; @@ -97,7 +95,7 @@ in matchConfig.Name = "vpn"; address = [ "10.161.170.28/32" "fd7d:76ee:e68f:a993:b12d:6d15:c80a:9516/128" ]; dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ]; - routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [ + routingPolicyRules = [ { Family = "both"; SuppressPrefixLength = 0; diff --git a/nixos/boxes/kelder/default.nix b/nixos/boxes/kelder/default.nix index 389e76f..2551997 100644 --- a/nixos/boxes/kelder/default.nix +++ b/nixos/boxes/kelder/default.nix @@ -121,8 +121,7 @@ in samba = { enable = true; - enableNmbd = true; - shares = { + settings = { storage = { path = "/mnt/storage"; browseable = "yes"; @@ -131,6 +130,8 @@ in "directory mask" = "0775"; }; }; + + nmbd.enable = true; }; samba-wsdd.enable = true; @@ -180,12 +181,10 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - PublicKey = "bP1XUNxp9i8NLOXhgPaIaRzRwi5APbam44/xjvYcyjU="; - Endpoint = "${allAssignments.estuary.internal.ipv4.address}:${toString lib.my.c.kelder.vpn.port}"; - AllowedIPs = [ "0.0.0.0/0" ]; - PersistentKeepalive = 25; - }; + PublicKey = "bP1XUNxp9i8NLOXhgPaIaRzRwi5APbam44/xjvYcyjU="; + Endpoint = "${allAssignments.estuary.internal.ipv4.address}:${toString lib.my.c.kelder.vpn.port}"; + AllowedIPs = [ "0.0.0.0/0" ]; + PersistentKeepalive = 25; } ]; }; @@ -213,7 +212,7 @@ in address = with assignments.estuary; [ (with ipv4; "${address}/${toString mask}") ]; - routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [ + routingPolicyRules = [ { Family = "both"; SuppressPrefixLength = 0; diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index c85d95d..c432fbf 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -144,7 +144,10 @@ in fish.enable = mkDefault true; # TODO: This is expecting to look up the channel for the database... command-not-found.enable = mkDefault false; - vim.defaultEditor = true; + vim = { + enable = true; + defaultEditor = true; + }; }; services = { @@ -239,9 +242,7 @@ in } (mkIf config.services.kmscon.enable { fonts.fonts = with pkgs; [ - (nerdfonts.override { - fonts = [ "SourceCodePro" ]; - }) + nerd-fonts.sauce-code-pro ]; }) ]; diff --git a/nixos/modules/gui.nix b/nixos/modules/gui.nix index 54aa559..ed50d03 100644 --- a/nixos/modules/gui.nix +++ b/nixos/modules/gui.nix @@ -12,7 +12,7 @@ in config = mkIf cfg.enable { hardware = { - opengl.enable = mkDefault true; + graphics.enable = mkDefault true; }; systemd = { diff --git a/nixos/modules/l2mesh.nix b/nixos/modules/l2mesh.nix index 94a294e..fc55fbd 100644 --- a/nixos/modules/l2mesh.nix +++ b/nixos/modules/l2mesh.nix @@ -44,10 +44,8 @@ let toString (mesh.baseMTU - overhead); bridgeFDBs = mapAttrsToList (n: peer: { - bridgeFDBConfig = { - MACAddress = "00:00:00:00:00:00"; - Destination = peer.addr; - }; + MACAddress = "00:00:00:00:00:00"; + Destination = peer.addr; }) otherPeers; }; }; diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index f6c6e36..d9a0e78 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -147,6 +147,15 @@ in "/var/lib/systemd" { directory = "/root/.cache/nix"; mode = "0700"; } + # Including these unconditionally due to infinite recursion problems... + { + directory = "/etc/lvm/archive"; + mode = "0700"; + } + { + directory = "/etc/lvm/backup"; + mode = "0700"; + } ]; files = [ "/etc/machine-id" @@ -260,18 +269,6 @@ in my.tmproot.persistence.config.files = concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys; }) - (mkIf config.services.lvm.enable { - my.tmproot.persistence.config.directories = [ - { - directory = "/etc/lvm/archive"; - mode = "0700"; - } - { - directory = "/etc/lvm/backup"; - mode = "0700"; - } - ]; - }) (mkIf (config.security.acme.certs != { }) { my.tmproot.persistence.config.directories = [ {