diff --git a/flake.lock b/flake.lock index 15af72f..224e1d5 100644 --- a/flake.lock +++ b/flake.lock @@ -129,11 +129,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1683779844, - "narHash": "sha256-sIeOU0GsCeQEn5TpqE/jFRN4EGsPsjqVRsPdrzIDABM=", + "lastModified": 1686747123, + "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=", "owner": "serokell", "repo": "deploy-rs", - "rev": "c80189917086e43d49eece2bd86f56813500a0eb", + "rev": "724463b5a94daa810abfc64a4f87faef4e00f984", "type": "github" }, "original": { @@ -188,11 +188,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1683635384, - "narHash": "sha256-9goJTd05yOyD/McaMqZ4BUB8JW+mZMnZQJZ7VQ6C/Lw=", + "lastModified": 1687173957, + "narHash": "sha256-GOds2bAQcZ94fb9/Nl/aM+r+0wGSi4EKYuZYR8Dw4R8=", "owner": "numtide", "repo": "devshell", - "rev": "5143ea68647c4cf5227e4ad2100db6671fc4c369", + "rev": "2cf83bb31720fcc29a999aee28d6da101173e66a", "type": "github" }, "original": { @@ -319,11 +319,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1687171271, + "narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c", "type": "github" }, "original": { @@ -369,20 +369,19 @@ "inputs": { "nixpkgs": [ "nixpkgs-stable" - ], - "utils": "utils_2" + ] }, "locked": { - "lastModified": 1681092193, - "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=", + "lastModified": 1687595284, + "narHash": "sha256-W4bGX7yCjWLeAugWpCMURlXxgPmXBJGTr/isGyd6Uew=", "owner": "nix-community", "repo": "home-manager", - "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af", + "rev": "05a584b4f63f5de442f59c8cec01dddc77312856", "type": "github" }, "original": { "id": "home-manager", - "ref": "release-22.11", + "ref": "release-23.05", "type": "indirect" } }, @@ -393,11 +392,11 @@ ] }, "locked": { - "lastModified": 1684061181, - "narHash": "sha256-EJpZ+Drpt3aHpowddpsQFBWsqLSJHyP6dnremTVMdWw=", + "lastModified": 1687606638, + "narHash": "sha256-kloVhlQlholYXI6nfXkEa/4B+LZ+22YayxPoKZNkqRU=", "owner": "nix-community", "repo": "home-manager", - "rev": "e4272987f785a8848205263abb4911b922c21e1b", + "rev": "68aebb45de644b81a71f0c7b8b22ad51c9a0df7a", "type": "github" }, "original": { @@ -407,11 +406,11 @@ }, "impermanence": { "locked": { - "lastModified": 1682268411, - "narHash": "sha256-ICDKQ7tournRVtfM8C2II0qHiOZOH1b3dXVOCsgr11o=", + "lastModified": 1684264534, + "narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=", "owner": "nix-community", "repo": "impermanence", - "rev": "df1692e2d9f1efc4300b1ea9201831730e0b817d", + "rev": "89253fb1518063556edd5e54509c30ac3089d5e6", "type": "github" }, "original": { @@ -438,11 +437,11 @@ }, "nixpkgs-mine": { "locked": { - "lastModified": 1684080076, - "narHash": "sha256-enkKv85FBPWpj4X22WAKzl2WQY8rSTLoFv5pIoIYXxM=", + "lastModified": 1687611476, + "narHash": "sha256-7LzqSblaNWMwT6KL4fC9+zsAS+YJYSTkLbVKoo+mNTk=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "7225c47dc6d3b7a043c9589141367eab8c703ed1", + "rev": "7ba13caee5ea68574ed8ef7ba05c03352a58928d", "type": "github" }, "original": { @@ -454,11 +453,11 @@ }, "nixpkgs-mine-stable": { "locked": { - "lastModified": 1684080105, - "narHash": "sha256-II3wzUAQ9vRJneIhXJDpbZV4istQdB8WdNJta5ayIvI=", + "lastModified": 1687611609, + "narHash": "sha256-RxFHlQIYykJO1MnByUBz8Yl+/FJRmL7wiZRC7EnjXKE=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "2af45041838409d143fa6a2cb9f8bc094790e1fe", + "rev": "d4f62cff19daf3e45aa9ca48aa601e0dd95d0ffa", "type": "github" }, "original": { @@ -470,26 +469,26 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1683928319, - "narHash": "sha256-maz0DRKixJVcNRMiAMWlJniiF8IuQ+WbfmlJJ8D+jfM=", + "lastModified": 1687466461, + "narHash": "sha256-oupXI7g7RPzlpGUfAu1xG4KBK53GrZH8/xeKgKDB4+Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9656e85a15a0fe67847ee8cdb99a20d8df499962", + "rev": "ecb441f22067ba1d6312f4932a7c64efa8d19a7b", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.11", + "ref": "nixos-23.05", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1683408522, - "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "lastModified": 1687502512, + "narHash": "sha256-dBL/01TayOSZYxtY4cMXuNCBk8UMLoqRZA+94xiFpJA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "rev": "3ae20aa58a6c0d1ca95c9b11f59a2d12eebc511f", "type": "github" }, "original": { @@ -623,11 +622,11 @@ ] }, "locked": { - "lastModified": 1683958759, - "narHash": "sha256-JC1853IwTUNrJ6zsZ1CeOy5nJnGSJjzofJAdUd3OvCA=", + "lastModified": 1687587666, + "narHash": "sha256-t1VNvdQdDUFTEKTFP2fc7Fb3buQBmP+h9WUeO8b2Bus=", "owner": "eikek", "repo": "sharry", - "rev": "73782a61d2a61b24fa107aed66926d56705005e9", + "rev": "a9b3371aa6c7b92088b20fd6e479c251a5556b86", "type": "github" }, "original": { @@ -725,21 +724,6 @@ "repo": "flake-utils", "type": "github" } - }, - "utils_2": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b9fc6a8..3720d98 100644 --- a/flake.nix +++ b/flake.nix @@ -7,13 +7,13 @@ devshell.inputs.nixpkgs.follows = "nixpkgs-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "nixpkgs/nixos-22.11"; + nixpkgs-stable.url = "nixpkgs/nixos-23.05"; nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0"; nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable"; home-manager-unstable.url = "home-manager"; home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; - home-manager-stable.url = "home-manager/release-22.11"; + home-manager-stable.url = "home-manager/release-23.05"; home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; # Stuff used by the flake for build / deployment diff --git a/nixos/boxes/colony/default.nix b/nixos/boxes/colony/default.nix index a1775b0..8998631 100644 --- a/nixos/boxes/colony/default.nix +++ b/nixos/boxes/colony/default.nix @@ -56,7 +56,7 @@ in }; boot = { - kernelPackages = pkgs.linuxKernel.packages.linux_5_15.extend (self: super: { + kernelPackages = pkgs.linuxKernel.packages.linux_6_1.extend (self: super: { kernel = super.kernel.override { structuredExtraConfig = with lib.kernel; { #SOME_OPT = yes; diff --git a/nixos/boxes/tower/default.nix b/nixos/boxes/tower/default.nix index 6da9e8c..5889aa2 100644 --- a/nixos/boxes/tower/default.nix +++ b/nixos/boxes/tower/default.nix @@ -25,7 +25,7 @@ efi.canTouchEfiVariables = true; timeout = 10; }; - kernelPackages = pkgs.linuxKernel.packages.linux_6_2; + kernelPackages = pkgs.linuxKernel.packages.linux_6_3; kernelModules = [ "kvm-intel" ]; kernelParams = [ "intel_iommu=on" ]; initrd = { diff --git a/nixos/installer.nix b/nixos/installer.nix index 488d6d0..bfb3444 100644 --- a/nixos/installer.nix +++ b/nixos/installer.nix @@ -53,9 +53,7 @@ }; services = { - openssh = { - permitRootLogin = mkImageMediaOverride "prohibit-password"; - }; + openssh.settings.PermitRootLogin = mkImageMediaOverride "prohibit-password"; }; networking = { diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index 3849797..8c36212 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -5,13 +5,7 @@ let in { options = with lib.types; { - my = { - ssh = { - strictModes = mkBoolOpt' true - ("Specifies whether sshd(8) should check file modes and ownership of the user's files and home directory "+ - "before accepting login."); - }; - }; + my = { }; }; imports = [ @@ -94,7 +88,7 @@ in boot = { # Use latest LTS release by default - kernelPackages = mkDefault pkgs.linuxKernel.packages.linux_5_15; + kernelPackages = mkDefault pkgs.linuxKernel.packages.linux_6_1; kernel = { sysctl = { "net.ipv6.route.max_size" = mkDefault 16384; @@ -151,9 +145,11 @@ in openssh = { enable = mkDefault true; - extraConfig = ''StrictModes ${if config.my.ssh.strictModes then "yes" else "no"}''; - permitRootLogin = mkDefault "no"; - passwordAuthentication = mkDefault false; + settings = { + PermitRootLogin = mkDefault "no"; + PasswordAuthentication = mkDefault false; + StrictModes = mkDefault true; + }; }; netdata = {