dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Update nixpkgs-stable to 24.11

Browse Source
This commit is contained in:
Jack O'Sullivan 2024-11-30 17:45:59 +00:00
parent 2fe94bba23
commit 5783d3a51e
20 changed files with 141 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
flake.lock generated
View File

@ -437,16 +437,16 @@
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"lastModified": 1732466619,
"narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"rev": "f3111f62a23451114433888902a55cf0692b408d",
"type": "github"
},
"original": {
"id": "home-manager",
"ref": "release-24.05",
"ref": "release-24.11",
"type": "indirect"
}
},
@ -457,11 +457,11 @@
]
},
"locked": {
"lastModified": 1732482255,
"narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
"lastModified": 1732884235,
"narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
"rev": "819f682269f4e002884702b87e445c82840c68f2",
"type": "github"
},
"original": {
@ -545,11 +545,11 @@
},
"nixpkgs-mine": {
"locked": {
"lastModified": 1731774603,
"narHash": "sha256-d8Y7nqzdjKqG/sOkEm52J0C6jBX0cn1GHGuh0GUTqyI=",
"lastModified": 1732985787,
"narHash": "sha256-6rSJ9L4QywpHLi/xvpOHdTuPm6/eOJcXxnYzDbP3U1k=",
"owner": "devplayer0",
"repo": "nixpkgs",
"rev": "0712614f7c9f98eddf838c2a6ae1a2e315ca6b83",
"rev": "a28c46933ef5038fb7a2dd483b85152a539c7969",
"type": "github"
},
"original": {
@ -561,11 +561,11 @@
},
"nixpkgs-mine-stable": {
"locked": {
"lastModified": 1731774637,
"narHash": "sha256-j2swiGIVhYDpbsf+uCfMmxZ69nzy5VvW6OKUSJFifds=",
"lastModified": 1732985894,
"narHash": "sha256-YYuQQCcSF6KjgtAenZJiBmqt5jqP3UvYgC424VQ+22s=",
"owner": "devplayer0",
"repo": "nixpkgs",
"rev": "682a245504aa86e26aab8d4a5273333946d19689",
"rev": "e0a3f4e2bbc5f7b681e344b389dcbab23f2e92a8",
"type": "github"
},
"original": {
@ -577,26 +577,26 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1731797254,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"lastModified": 1732824227,
"narHash": "sha256-fYNXgpu1AEeLyd3fQt4Ym0tcVP7cdJ8wRoqJ+CtTRyY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"rev": "c71ad5c34d51dcbda4c15f44ea4e4aa6bb6ac1e9",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.05",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1732014248,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
"lastModified": 1732758367,
"narHash": "sha256-RzaI1RO0UXqLjydtz3GAXSTzHkpb/lLD1JD8a0W4Wpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
"rev": "fa42b5a5f401aab8a32bd33c9a4de0738180dc59",
"type": "github"
},
"original": {

4
flake.nix
View File

@ -7,13 +7,13 @@
devshell.inputs.nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
nixpkgs-stable.url = "nixpkgs/nixos-24.05";
nixpkgs-stable.url = "nixpkgs/nixos-24.11";
nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0";
nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable";
home-manager-unstable.url = "home-manager";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
home-manager-stable.url = "home-manager/release-24.05";
home-manager-stable.url = "home-manager/release-24.11";
home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
# Stuff used by the flake for build / deployment

5
home-manager/modules/gui/default.nix
View File

@ -42,9 +42,8 @@ in
xdg-utils
font.package
(nerdfonts.override {
fonts = [ "DroidSansMono" "SourceCodePro" ];
})
nerd-fonts.sauce-code-pro
nerd-fonts.droid-sans-mono
noto-fonts-emoji
grim

4
nixos/boxes/britway/default.nix
View File

@ -106,7 +106,7 @@ in
{
matchConfig.Name = "as211024";
networkConfig.IPv6AcceptRA = mkForce false;
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = lib.my.c.colony.prefixes.all.v4;
Gateway = allAssignments.estuary.as211024.ipv4.address;
@ -123,7 +123,7 @@ in
Table = "ts-extra";
}
];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
routingPolicyRules = [
{
IncomingInterface = "tailscale0";
To = lib.my.c.colony.prefixes.all.v6;

12
nixos/boxes/colony/default.nix
View File

@ -252,10 +252,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.vms.v6;
Prefix = prefixes.vms.v6;
}
];
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = prefixes.ctrs.v4;
Gateway = allAssignments.shill.routing.ipv4.address;
@ -327,10 +327,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.mail.v6;
Prefix = prefixes.mail.v6;
}
];
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = prefixes.mail.v4;
Scope = "link";
@ -350,10 +350,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.darts.v6;
Prefix = prefixes.darts.v6;
}
];
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = prefixes.darts.v4;
Scope = "link";

13
nixos/boxes/colony/vms/estuary/default.nix
View File

@ -164,11 +164,9 @@ in
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "7N9YdQaCMWWIwAnW37vrthm9ZpbnG4Lx3gheHeRYz2E=";
AllowedIPs = [ allAssignments.kelder.estuary.ipv4.address ];
PersistentKeepalive = 25;
};
}
];
};
@ -278,11 +276,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.base.v6;
Prefix = prefixes.base.v6;
}
];
routes = map (r: { routeConfig = r; }) (flatten
([
routes = flatten ([
{
Destination = prefixes.vip1;
Gateway = allAssignments.colony.routing.ipv4.address;
@ -323,7 +320,7 @@ in
Destination = prefixes."${pName}".v6;
Gateway = allAssignments.colony.internal.ipv6.address;
}
]) [ "vms" "ctrs" "oci" ])));
]) [ "vms" "ctrs" "oci" ]));
}
];
@ -332,7 +329,7 @@ in
{
matchConfig.Name = "as211024";
networkConfig.IPv6AcceptRA = mkForce false;
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = lib.my.c.home.prefixes.all.v4;
Gateway = lib.my.c.home.vips.as211024.v4;
@ -344,10 +341,8 @@ in
matchConfig.Name = "kelder";
routes = [
{
routeConfig = {
Destination = allAssignments.kelder.estuary.ipv4.address;
Scope = "link";
};
}
];
};

4
nixos/boxes/colony/vms/shill/containers-ext.nix
View File

@ -47,10 +47,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.jam.v6;
Prefix = prefixes.jam.v6;
}
];
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = prefixes.jam.v4;
Scope = "link";

8
nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
View File

@ -94,6 +94,14 @@ in
};
};
nixpkgs.config.permittedInsecurePackages = [
# FIXME: This is needed for Sonarr
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
];
services = {
netdata.enable = true;

6
nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
View File

@ -71,14 +71,12 @@ in
RouteTable = routeTable;
};
wireguardPeers = [
{
# AirVPN NL
wireguardPeerConfig = {
{
Endpoint = "2a00:1678:1337:2329:e5f:35d4:4404:ef9f:1637";
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
PresharedKeyFile = config.age.secrets."${pskFile}".path;
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
};
}
];
};
@ -94,7 +92,7 @@ in
matchConfig.Name = "vpn";
address = [ "10.182.97.37/32" "fd7d:76ee:e68f:a993:735d:ef5e:6907:b122/128" ];
dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
routingPolicyRules = [
{
Family = "both";
SuppressPrefixLength = 0;

2
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@ -237,7 +237,7 @@ in
harmonia = {
enable = true;
signKeyPath = config.age.secrets."nix-cache.key".path;
signKeyPaths = [ config.age.secrets."nix-cache.key".path ];
settings = {
priority = 30;
};

4
nixos/boxes/colony/vms/shill/default.nix
View File

@ -140,10 +140,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.ctrs.v6;
Prefix = prefixes.ctrs.v6;
}
];
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = lib.my.c.tailscale.prefix.v4;
Gateway = allAssignments.waffletail.internal.ipv4.address;

2
nixos/boxes/home/castle/default.nix
View File

@ -36,7 +36,7 @@ in
cpu = {
amd.updateMicrocode = true;
};
opengl.extraPackages = with pkgs; [
graphics.extraPackages = with pkgs; [
intel-media-driver
];
bluetooth.enable = true;

4
nixos/boxes/home/routing-common/default.nix
View File

@ -276,7 +276,7 @@ in
{
matchConfig.Name = "as211024";
networkConfig.IPv6AcceptRA = mkForce false;
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = lib.my.c.colony.prefixes.all.v4;
Gateway = allAssignments.estuary.as211024.ipv4.address;
@ -301,7 +301,7 @@ in
{
"60-lan-hi" = {
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = elemAt routersPubV4 otherIndex;
Gateway = net.cidr.host (otherIndex + 1) prefixes.hi.v4;

10
nixos/boxes/kelder/containers/acquisition/default.nix
View File

@ -26,7 +26,7 @@ in
config = {
# Hardware acceleration for Jellyfin
hardware.opengl = {
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vaapiIntel
@ -78,6 +78,14 @@ in
};
};
nixpkgs.config.permittedInsecurePackages = [
# FIXME: This is needed for Sonarr
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
];
services = {
transmission = {
enable = true;

6
nixos/boxes/kelder/containers/acquisition/networking.nix
View File

@ -73,14 +73,12 @@ in
RouteTable = routeTable;
};
wireguardPeers = [
{
# AirVPN IE
wireguardPeerConfig = {
{
Endpoint = "146.70.94.2:1637";
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
PresharedKeyFile = config.age.secrets."${pskFile}".path;
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
};
}
];
};
@ -97,7 +95,7 @@ in
matchConfig.Name = "vpn";
address = [ "10.161.170.28/32" "fd7d:76ee:e68f:a993:b12d:6d15:c80a:9516/128" ];
dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
routingPolicyRules = [
{
Family = "both";
SuppressPrefixLength = 0;

9
nixos/boxes/kelder/default.nix
View File

@ -121,8 +121,7 @@ in
samba = {
enable = true;
enableNmbd = true;
shares = {
settings = {
storage = {
path = "/mnt/storage";
browseable = "yes";
@ -131,6 +130,8 @@ in
"directory mask" = "0775";
};
};
nmbd.enable = true;
};
samba-wsdd.enable = true;
@ -180,12 +181,10 @@ in
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "bP1XUNxp9i8NLOXhgPaIaRzRwi5APbam44/xjvYcyjU=";
Endpoint = "${allAssignments.estuary.internal.ipv4.address}:${toString lib.my.c.kelder.vpn.port}";
AllowedIPs = [ "0.0.0.0/0" ];
PersistentKeepalive = 25;
};
}
];
};
@ -213,7 +212,7 @@ in
address = with assignments.estuary; [
(with ipv4; "${address}/${toString mask}")
];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
routingPolicyRules = [
{
Family = "both";
SuppressPrefixLength = 0;

9
nixos/modules/common.nix
View File

@ -144,7 +144,10 @@ in
fish.enable = mkDefault true;
# TODO: This is expecting to look up the channel for the database...
command-not-found.enable = mkDefault false;
vim.defaultEditor = true;
vim = {
enable = true;
defaultEditor = true;
};
};
services = {
@ -239,9 +242,7 @@ in
}
(mkIf config.services.kmscon.enable {
fonts.fonts = with pkgs; [
(nerdfonts.override {
fonts = [ "SourceCodePro" ];
})
nerd-fonts.sauce-code-pro
];
})
];

2
nixos/modules/gui.nix
View File

@ -12,7 +12,7 @@ in
config = mkIf cfg.enable {
hardware = {
opengl.enable = mkDefault true;
graphics.enable = mkDefault true;
};
systemd = {

2
nixos/modules/l2mesh.nix
View File

@ -44,10 +44,8 @@ let
toString (mesh.baseMTU - overhead);
bridgeFDBs = mapAttrsToList (n: peer: {
bridgeFDBConfig = {
MACAddress = "00:00:00:00:00:00";
Destination = peer.addr;
};
}) otherPeers;
};
};

21
nixos/modules/tmproot.nix
View File

@ -147,6 +147,15 @@ in
"/var/lib/systemd"
{ directory = "/root/.cache/nix"; mode = "0700"; }
# Including these unconditionally due to infinite recursion problems...
{
directory = "/etc/lvm/archive";
mode = "0700";
}
{
directory = "/etc/lvm/backup";
mode = "0700";
}
];
files = [
"/etc/machine-id"
@ -260,18 +269,6 @@ in
my.tmproot.persistence.config.files =
concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys;
})
(mkIf config.services.lvm.enable {
my.tmproot.persistence.config.directories = [
{
directory = "/etc/lvm/archive";
mode = "0700";
}
{
directory = "/etc/lvm/backup";
mode = "0700";
}
];
})
(mkIf (config.security.acme.certs != { }) {
my.tmproot.persistence.config.directories = [
{