diff --git a/flake.lock b/flake.lock index f73cd39..627d879 100644 --- a/flake.lock +++ b/flake.lock @@ -75,11 +75,11 @@ ] }, "locked": { - "lastModified": 1768786317, - "narHash": "sha256-B+mFBhKQUEd543lxmBnJWiMvN/mbTzwIDmVbI1GlvKk=", + "lastModified": 1781351267, + "narHash": "sha256-86HFs1K+LRlx8t4AjaMdU5qlg4O7kLz1VlnNapKZIuY=", "owner": "9001", "repo": "copyparty", - "rev": "78f6855f08a210ded0eeb34da9eafb9cc2de024b", + "rev": "90639de9840d7dcc2d9000026fe547f666c1d550", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "crane": { "locked": { - "lastModified": 1772560058, - "narHash": "sha256-NuVKdMBJldwUXgghYpzIWJdfeB7ccsu1CC7B+NfSoZ8=", + "lastModified": 1780532242, + "narHash": "sha256-D+BsdpxmtUwtqGoY0IXPhHgTlmqgcZKCEo1oMyn7ep0=", "owner": "ipetkov", "repo": "crane", - "rev": "db590d9286ed5ce22017541e36132eab4e8b3045", + "rev": "59a82a1222dd3b2080b5cc52a1a2e8d5f1b77f37", "type": "github" }, "original": { @@ -150,11 +150,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1766051518, - "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", + "lastModified": 1781023725, + "narHash": "sha256-Gt+qFANcrDRjl3xzidLYrAUQCd3808iuAsLwZbYYAEU=", "owner": "serokell", "repo": "deploy-rs", - "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", + "rev": "2ce9051767ee4d1a3c43b52ba327431783bfd463", "type": "github" }, "original": { @@ -256,27 +256,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "harmonia", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -466,7 +445,6 @@ "harmonia": { "inputs": { "crane": "crane", - "flake-parts": "flake-parts", "nix": "nix", "nixpkgs": [ "nixpkgs-unstable" @@ -474,11 +452,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1772679279, - "narHash": "sha256-ockL9qWhamkGgBYnJHTvt1oHdRvGfbS36kW9WpOhzec=", + "lastModified": 1781128165, + "narHash": "sha256-97WpKZkaNAL5g7MtASLwqnrJrvrLpQRr6cXWiRNLiXQ=", "owner": "nix-community", "repo": "harmonia", - "rev": "4e9e03e04467b50575f6b05c8abee12407418106", + "rev": "f0dd1094cdc8d72e038cf9347cacfa9272a8f72d", "type": "github" }, "original": { @@ -516,16 +494,16 @@ ] }, "locked": { - "lastModified": 1768603898, - "narHash": "sha256-vRV1dWJOCpCal3PRr86wE2WTOMfAhTu6G7bSvOsryUo=", + "lastModified": 1781319724, + "narHash": "sha256-ZGuxexEMo4Xv28KJ0dX/m/PHN4oZIOnxHZpNTyrvx4M=", "owner": "nix-community", "repo": "home-manager", - "rev": "2a63d0e9d2c72ac4d4150ebb242cf8d86f488c8c", + "rev": "8355f0a16b2dbb06a97959a918af5b239bbe05ae", "type": "github" }, "original": { "id": "home-manager", - "ref": "release-25.11", + "ref": "release-26.05", "type": "indirect" } }, @@ -536,11 +514,11 @@ ] }, "locked": { - "lastModified": 1768912518, - "narHash": "sha256-FJlof1jnbLIT5RbKxef/NV6RzcOj1GoMzXE4FcBFg5Y=", + "lastModified": 1781305496, + "narHash": "sha256-g8Vv4Qfc7n+lgov97REu3X6BeJtvYY0hlSUZR1GrGQQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "9c5f8aceb6ef620e881f50fe65cb4a2c6b1e8527", + "rev": "c87a39aa979acc4848016d2220c6238390d84779", "type": "github" }, "original": { @@ -556,11 +534,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1768835187, - "narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=", + "lastModified": 1769548169, + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395", + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "type": "github" }, "original": { @@ -572,11 +550,11 @@ "libnetRepo": { "flake": false, "locked": { - "lastModified": 1745053097, - "narHash": "sha256-BEW57utyWCqP4U+MzCXFqbvEC8LE3iZv5dsPMrmTJ9Q=", + "lastModified": 1776595118, + "narHash": "sha256-6bIEi8q5hXCHU9nApTbQXvpljMWldg3QipCD+jkOGK8=", "owner": "oddlama", "repo": "nixos-extra-modules", - "rev": "7565d8554b0fc9d621851150e7939d34a3a8cd6c", + "rev": "84207afebb794be7b53cfc9768730f37c64f4a13", "type": "github" }, "original": { @@ -588,11 +566,11 @@ "nix": { "flake": false, "locked": { - "lastModified": 1772224943, - "narHash": "sha256-jJIlRLPPVYu860MVFx4gsRx3sskmLDSRWXXue5tYncw=", + "lastModified": 1780652321, + "narHash": "sha256-o/6YXRB6AbeL4SYtSHlJ9oEROl6Wmf7yheJNa3fAv2I=", "owner": "nixos", "repo": "nix", - "rev": "0acd0566e85e4597269482824711bcde7b518600", + "rev": "d1f04a798cf4276da59567c07a3bf4a628669288", "type": "github" }, "original": { @@ -640,11 +618,11 @@ }, "nixpkgs-mine": { "locked": { - "lastModified": 1773177937, - "narHash": "sha256-HY4jRsp70w4cCID7ScA79wB+y45n2scr3Qz/N+0352I=", + "lastModified": 1781356656, + "narHash": "sha256-Ygkl3ZBJ434/WhwdK1FyvPMeHvNPAopg3KE/1HtcJuk=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "7d4f41507e7519949f6847e050cc0df87ce776d3", + "rev": "a15e20705db295f621cb5bb63613f03a9373323f", "type": "github" }, "original": { @@ -656,11 +634,11 @@ }, "nixpkgs-mine-stable": { "locked": { - "lastModified": 1768913078, - "narHash": "sha256-kG1pekaHIz9lgzxBd29YXyMuauvPbeJkIJfI9rtYeAM=", + "lastModified": 1781356876, + "narHash": "sha256-s8ed+zuk5wrbyhtDQpkxycAcLmhQH9umGRuVRBNKUbU=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "2289d9c7d193d99262cdf7fdc7313a0b4eff8881", + "rev": "2eb8bacf9f641d4510fc43ba7fc0eea7dfdf5b24", "type": "github" }, "original": { @@ -672,26 +650,26 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1768773494, - "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", + "lastModified": 1780902259, + "narHash": "sha256-q8yYEC5f1mFlQO9RGna4LTc9QrcvWunX6FYp83munkQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", + "rev": "bd0ff2d3eac24699c3664d5966b9ef36f388e2ca", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-25.11", + "ref": "nixos-26.05", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "lastModified": 1781074563, + "narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca", "type": "github" }, "original": { @@ -1052,11 +1030,11 @@ ] }, "locked": { - "lastModified": 1772660329, - "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", + "lastModified": 1780220602, + "narHash": "sha256-eynAfOmbmxJnkp7YewvCEbShNnnYJ9gLLqkzsYtBPeM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3710e0e1218041bbad640352a0440114b1e10428", + "rev": "db947814a175b7ca6ded66e21383d938df01c227", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 12d4c3c..cc87d9b 100644 --- a/flake.nix +++ b/flake.nix @@ -12,13 +12,13 @@ devshell.inputs.nixpkgs.follows = "nixpkgs-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "nixpkgs/nixos-25.11"; + nixpkgs-stable.url = "nixpkgs/nixos-26.05"; nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0"; nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable"; home-manager-unstable.url = "home-manager"; home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; - home-manager-stable.url = "home-manager/release-25.11"; + home-manager-stable.url = "home-manager/release-26.05"; home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; # Stuff used by the flake for build / deployment diff --git a/home-manager/modules/common.nix b/home-manager/modules/common.nix index 24185f7..576a3eb 100644 --- a/home-manager/modules/common.nix +++ b/home-manager/modules/common.nix @@ -133,34 +133,32 @@ in ssh = { enable = mkDefault true; enableDefaultConfig = false; - matchBlocks = { + settings = { nix-dev-vm = { - user = "dev"; - hostname = "localhost"; - port = 2222; - extraOptions = { - StrictHostKeyChecking = "no"; - UserKnownHostsFile = "/dev/null"; - }; + User = "dev"; + HostName = "localhost"; + Port = 2222; + StrictHostKeyChecking = "no"; + UserKnownHostsFile = "/dev/null"; }; "rsync.net" = { - host = "rsyncnet"; - user = "16413"; - hostname = "ch-s010.rsync"; + Host = "rsyncnet"; + User = "16413"; + HostName = "ch-s010.rsync"; }; shoe = { - host = "shoe.netsoc.tcd.ie shoe"; - user = "netsoc"; + Host = "shoe.netsoc.tcd.ie shoe"; + User = "netsoc"; }; netsocBoxes = { - host = "cube spoon napalm gandalf saruman"; - user = "root"; + Host = "cube spoon napalm gandalf saruman"; + User = "root"; }; "*" = { - identityFile = [ + IdentityFile = [ "~/.ssh/id_rsa" "~/.ssh/borg" ]; diff --git a/home-manager/modules/gui/default.nix b/home-manager/modules/gui/default.nix index 242f4a7..5193792 100644 --- a/home-manager/modules/gui/default.nix +++ b/home-manager/modules/gui/default.nix @@ -79,7 +79,7 @@ in jp2a terminaltexteffects screenfetch - neofetch + fastfetch cmatrix doomsaver @@ -122,12 +122,6 @@ in }; }; - termite = { - enable = true; - font = "${font.name} ${toString font.size}"; - backgroundColor = "rgba(0, 0, 0, 0.8)"; - }; - foot = { enable = true; settings = { @@ -387,6 +381,10 @@ in name = "Numix"; package = pkgs.numix-gtk-theme; }; + gtk4.theme = { + name = "Numix"; + package = pkgs.numix-gtk-theme; + }; iconTheme = { name = "Numix"; package = pkgs.numix-icon-theme; @@ -494,6 +492,7 @@ in userDirs = { enable = true; createDirectories = true; + setSessionVariables = true; desktop = "$HOME/desktop"; documents = "$HOME/documents"; download = "$HOME/downloads"; diff --git a/lib/constants.nix b/lib/constants.nix index 7c2f425..21e6b04 100644 --- a/lib/constants.nix +++ b/lib/constants.nix @@ -29,8 +29,8 @@ rec { }; kernel = { - lts = pkgs: pkgs.linuxKernel.packages.linux_6_12; - latest = pkgs: pkgs.linuxKernel.packages.linux_6_18; + lts = pkgs: pkgs.linuxKernel.packages.linux_6_18; + latest = pkgs: pkgs.linuxKernel.packages.linux_7_0; }; nginx = rec { diff --git a/lib/default.nix b/lib/default.nix index 9e80c45..100d679 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -248,8 +248,8 @@ rec { in { trivial = prev.trivial // { - release = "25.11:u-${prev.trivial.release}"; - codeName = "Hooray"; + release = "26.06:u-${prev.trivial.release}"; + codeName = "Irritating"; revisionWithDefault = default: self.rev or default; versionSuffix = ".${date}.${revCode self}:u-${revCode pkgsFlake}"; }; diff --git a/nixos/boxes/britway/nginx.nix b/nixos/boxes/britway/nginx.nix index f010441..07b8150 100644 --- a/nixos/boxes/britway/nginx.nix +++ b/nixos/boxes/britway/nginx.nix @@ -9,11 +9,6 @@ in config = { my = { secrets.files = { - "dhparams.pem" = { - owner = "acme"; - group = "acme"; - mode = "440"; - }; "britway/cloudflare-credentials.conf" = { owner = "acme"; group = "acme"; @@ -45,7 +40,7 @@ in "*.${pubDomain}" ]; dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets."britway/cloudflare-credentials.conf".path; + environmentFile = config.age.secrets."britway/cloudflare-credentials.conf".path; }; }; }; @@ -58,7 +53,6 @@ in logError = "stderr info"; recommendedTlsSettings = true; serverTokens = true; - sslDhparam = config.age.secrets."dhparams.pem".path; # Based on recommended*Settings, but probably better to be explicit about these appendHttpConfig = '' diff --git a/nixos/boxes/colony/vms/estuary/dns.nix b/nixos/boxes/colony/vms/estuary/dns.nix index 1705979..3c9614d 100644 --- a/nixos/boxes/colony/vms/estuary/dns.nix +++ b/nixos/boxes/colony/vms/estuary/dns.nix @@ -44,7 +44,7 @@ in }; pdns-recursor = { - yaml-settings = { + settings = { incoming = { listen = [ "127.0.0.1" "::1" diff --git a/nixos/boxes/colony/vms/git/default.nix b/nixos/boxes/colony/vms/git/default.nix index b97eae4..4334cfe 100644 --- a/nixos/boxes/colony/vms/git/default.nix +++ b/nixos/boxes/colony/vms/git/default.nix @@ -95,7 +95,7 @@ in "*.${pubDomain}" ]; dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path; + environmentFile = config.age.secrets."middleman/cloudflare-credentials.conf".path; }; }; }; @@ -111,7 +111,6 @@ in recommendedTlsSettings = true; clientMaxBodySize = "0"; serverTokens = true; - sslDhparam = config.age.secrets."dhparams.pem".path; # Based on recommended*Settings, but probably better to be explicit about these appendHttpConfig = '' @@ -182,11 +181,6 @@ in secrets = { key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+KINpHLMduBuW96JzfSRDLUzkI+XaCBghu5/wHiW5R"; files = { - "dhparams.pem" = { - owner = "acme"; - group = "acme"; - mode = "440"; - }; "middleman/cloudflare-credentials.conf" = { owner = "acme"; group = "acme"; diff --git a/nixos/boxes/colony/vms/shill/containers-ext.nix b/nixos/boxes/colony/vms/shill/containers-ext.nix index 27e2428..99ec9e9 100644 --- a/nixos/boxes/colony/vms/shill/containers-ext.nix +++ b/nixos/boxes/colony/vms/shill/containers-ext.nix @@ -13,6 +13,7 @@ in "/var/lib/machines/jam" = { device = "/mnt/jam"; options = [ "bind" ]; + fsType = "none"; }; }; diff --git a/nixos/boxes/colony/vms/shill/containers/chatterbox.nix b/nixos/boxes/colony/vms/shill/containers/chatterbox.nix index a4fcdc5..f1bc313 100644 --- a/nixos/boxes/colony/vms/shill/containers/chatterbox.nix +++ b/nixos/boxes/colony/vms/shill/containers/chatterbox.nix @@ -198,18 +198,17 @@ in mautrix-whatsapp = { enable = true; - package = pkgs.mautrix-whatsapp.overrideAttrs (o: rec { - # TODO: Remove when upgrading nixpkgs - version = "26.05"; - tag = "v0.2605.0"; - src = pkgs.fetchFromGitHub { - owner = "mautrix"; - repo = "whatsapp"; - inherit tag; - hash = "sha256-WlVfGQoP9e/wl98hUJei8O2JMcOKijoEY8XuU/z69Qk="; - }; - vendorHash = "sha256-Hi/dZHJHoTTCnxLXgbkcYzuzis4fl5kxb5wMd9fKTY8="; - }); + # package = pkgs.mautrix-whatsapp.overrideAttrs (o: rec { + # version = "26.05"; + # tag = "v0.2605.0"; + # src = pkgs.fetchFromGitHub { + # owner = "mautrix"; + # repo = "whatsapp"; + # inherit tag; + # hash = "sha256-WlVfGQoP9e/wl98hUJei8O2JMcOKijoEY8XuU/z69Qk="; + # }; + # vendorHash = "sha256-Hi/dZHJHoTTCnxLXgbkcYzuzis4fl5kxb5wMd9fKTY8="; + # }); environmentFile = config.age.secrets."chatterbox/mautrix-whatsapp.env".path; settings = { database = { @@ -254,18 +253,17 @@ in }; }; - # TODO: Remove when upgrading nixpkgs - mautrix-meta.package = pkgs.mautrix-meta.overrideAttrs (o: rec { - version = "26.05.1"; - tag = "v0.2605.1"; - src = pkgs.fetchFromGitHub { - owner = "mautrix"; - repo = "meta"; - inherit tag; - hash = "sha256-zpolDtwGulDTiojJPnkj9O0D5b4rgPYQX6A28rvuvM0="; - }; - vendorHash = "sha256-+i45bXBhlXPXX24VMS9IJLLX+i4VPnqy5RAH4j88sTA="; - }); + # mautrix-meta.package = pkgs.mautrix-meta.overrideAttrs (o: rec { + # version = "26.05.1"; + # tag = "v0.2605.1"; + # src = pkgs.fetchFromGitHub { + # owner = "mautrix"; + # repo = "meta"; + # inherit tag; + # hash = "sha256-zpolDtwGulDTiojJPnkj9O0D5b4rgPYQX6A28rvuvM0="; + # }; + # vendorHash = "sha256-+i45bXBhlXPXX24VMS9IJLLX+i4VPnqy5RAH4j88sTA="; + # }); mautrix-meta.instances = { messenger = { enable = true; diff --git a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix index a341c56..1b442e5 100644 --- a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix +++ b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix @@ -60,10 +60,10 @@ in transmission.extraGroups = [ "media" ]; radarr.extraGroups = [ "media" ]; sonarr.extraGroups = [ "media" ]; - jellyseerr = { + seerr = { isSystemUser = true; uid = uids.jellyseerr; - group = "jellyseerr"; + group = "seerr"; }; photoprism = { isSystemUser = true; @@ -77,7 +77,7 @@ in }; groups = { media.gid = 2000; - jellyseerr.gid = gids.jellyseerr; + seerr.gid = gids.jellyseerr; photoprism.gid = gids.photoprism; copyparty.gid = gids.copyparty; }; @@ -88,15 +88,15 @@ in jackett.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ]; transmission.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ]; - radarr.serviceConfig.UMask = "0002"; + radarr.serviceConfig.UMask = mkForce "0002"; radarr.path = with pkgs; [ ffmpeg ]; - sonarr.serviceConfig.UMask = "0002"; + sonarr.serviceConfig.UMask = mkForce "0002"; sonarr.path = with pkgs; [ ffmpeg ]; - jellyseerr.serviceConfig = { + seerr.serviceConfig = { # Needs to be able to read its secrets DynamicUser = mkForce false; - User = "jellyseerr"; - Group = "jellyseerr"; + User = "seerr"; + Group = "seerr"; }; # https://github.com/NixOS/nixpkgs/issues/258793#issuecomment-1748168206 @@ -145,7 +145,7 @@ in jackett.enable = true; radarr.enable = true; sonarr.enable = true; - jellyseerr = { + seerr = { enable = true; openFirewall = true; }; diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/default.nix b/nixos/boxes/colony/vms/shill/containers/middleman/default.nix index db6b722..52b20e2 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/default.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/default.nix @@ -40,11 +40,6 @@ in secrets = { key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQM9U1e/XcUCyMJITrpAHjAGahpqkZCmtX6pJkYzuks"; files = { - "dhparams.pem" = { - owner = "acme"; - group = "acme"; - mode = "440"; - }; "pdns-file-records.key" = { owner = "acme"; group = "acme"; @@ -176,7 +171,7 @@ in "*.${config.networking.domain}" ]; dnsProvider = "exec"; - credentialsFile = + environmentFile = let script = pkgs.writeShellScript "lego-update-int.sh" '' case "$1" in @@ -207,7 +202,7 @@ in "*.s3.${pubDomain}" ]; dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path; + environmentFile = config.age.secrets."middleman/cloudflare-credentials.conf".path; postRun = let sshKey = config.age.secrets."middleman/mailcow-ssh.key".path; @@ -256,7 +251,6 @@ in valid = "5s"; }; proxyResolveWhileRunning = true; - sslDhparam = config.age.secrets."dhparams.pem".path; appendConfig = '' worker_processes auto; diff --git a/nixos/boxes/colony/vms/shill/containers/object.nix b/nixos/boxes/colony/vms/shill/containers/object.nix index 0e468fa..05d0f8c 100644 --- a/nixos/boxes/colony/vms/shill/containers/object.nix +++ b/nixos/boxes/colony/vms/shill/containers/object.nix @@ -35,6 +35,7 @@ in "/var/lib/harmonia" = { device = "/mnt/nix-cache"; options = [ "bind" ]; + fsType = "none"; }; }; @@ -161,6 +162,9 @@ in ]; }; + # TODO/FIXME: this is bad... + nixpkgs.config.permittedInsecurePackages = [ "minio-2025-10-15T17-29-55Z" ]; + services = { minio = { enable = true; diff --git a/nixos/boxes/colony/vms/shill/containers/toot.nix b/nixos/boxes/colony/vms/shill/containers/toot.nix index 3254a70..9951fa4 100644 --- a/nixos/boxes/colony/vms/shill/containers/toot.nix +++ b/nixos/boxes/colony/vms/shill/containers/toot.nix @@ -183,7 +183,7 @@ in PDS_EMAIL_FROM_ADDRESS = "pds@nul.ie"; PDS_DID_PLC_URL = "https://plc.directory"; - PDS_INVITE_REQUIRED = 1; + PDS_INVITE_REQUIRED = "true"; PDS_BSKY_APP_VIEW_URL = "https://api.bsky.app"; PDS_BSKY_APP_VIEW_DID = "did:web:api.bsky.app"; PDS_REPORT_SERVICE_URL = "https://mod.bsky.app"; diff --git a/nixos/boxes/home/castle/default.nix b/nixos/boxes/home/castle/default.nix index c6ca1f7..8ae1f93 100644 --- a/nixos/boxes/home/castle/default.nix +++ b/nixos/boxes/home/castle/default.nix @@ -125,7 +125,7 @@ in virt-manager.enable = true; wireshark = { enable = true; - package = pkgs.wireshark-qt; + package = pkgs.wireshark; }; }; virtualisation.libvirtd.enable = true; diff --git a/nixos/boxes/home/routing-common/dns.nix b/nixos/boxes/home/routing-common/dns.nix index 791bf3b..83d1537 100644 --- a/nixos/boxes/home/routing-common/dns.nix +++ b/nixos/boxes/home/routing-common/dns.nix @@ -34,7 +34,7 @@ in services = { pdns-recursor = { - yaml-settings = { + settings = { incoming = { listen = [ "127.0.0.1" "::1" diff --git a/nixos/boxes/kelder/containers/acquisition/default.nix b/nixos/boxes/kelder/containers/acquisition/default.nix index 7efe2ab..143450c 100644 --- a/nixos/boxes/kelder/containers/acquisition/default.nix +++ b/nixos/boxes/kelder/containers/acquisition/default.nix @@ -73,8 +73,8 @@ in RootDirectory = lib.mkForce ""; }; - radarr.serviceConfig.UMask = "0002"; - sonarr.serviceConfig.UMask = "0002"; + radarr.serviceConfig.UMask = lib.mkForce "0002"; + sonarr.serviceConfig.UMask = lib.mkForce "0002"; }; }; diff --git a/nixos/boxes/kelder/containers/spoder/default.nix b/nixos/boxes/kelder/containers/spoder/default.nix index a402ee8..f34316c 100644 --- a/nixos/boxes/kelder/containers/spoder/default.nix +++ b/nixos/boxes/kelder/containers/spoder/default.nix @@ -60,7 +60,7 @@ in "*.${domain}" ]; dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets."kelder/cloudflare-credentials.conf".path; + environmentFile = config.age.secrets."kelder/cloudflare-credentials.conf".path; }; }; }; diff --git a/nixos/boxes/kelder/containers/spoder/nginx.nix b/nixos/boxes/kelder/containers/spoder/nginx.nix index 22e17a4..faaf383 100644 --- a/nixos/boxes/kelder/containers/spoder/nginx.nix +++ b/nixos/boxes/kelder/containers/spoder/nginx.nix @@ -13,11 +13,6 @@ in owner = "nginx"; group = "nginx"; }; - "dhparams.pem" = { - owner = "acme"; - group = "acme"; - mode = "440"; - }; }; firewall = { @@ -35,7 +30,6 @@ in recommendedTlsSettings = true; clientMaxBodySize = "0"; serverTokens = true; - sslDhparam = config.age.secrets."dhparams.pem".path; # Based on recommended*Settings, but probably better to be explicit about these appendHttpConfig = '' diff --git a/nixos/boxes/tower/default.nix b/nixos/boxes/tower/default.nix index 1f924c2..cf8cf22 100644 --- a/nixos/boxes/tower/default.nix +++ b/nixos/boxes/tower/default.nix @@ -112,7 +112,7 @@ steam.enable = true; wireshark = { enable = true; - package = pkgs.wireshark-qt; + package = pkgs.wireshark; }; }; diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index c1be423..18e33de 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -38,6 +38,15 @@ in enable = mkDefault true; wheelNeedsPassword = mkDefault false; }; + + # TODO: Add this to fix login + # pam = { + # services = { + # kmscon.rules. = mkIf config.services.kmscon.config.libseat { + + # }; + # }; + # }; }; nix = { @@ -157,16 +166,14 @@ in }; services = { - kmscon = { - # As it turns out, kmscon hasn't been updated in years and has some bugs... + # TODO: Remove if-else when 26.11 releases + kmscon = if (config.system.nixos.release == "26.06:u-26.11") then { enable = mkDefault false; - hwRender = mkDefault true; - extraOptions = "--verbose"; - extraConfig = - '' - font-name=SauceCodePro Nerd Font Mono - ''; - }; + config = { + hwaccel = config.hardware.graphics.enable; + font-name = "SauceCodePro Nerd Font Mono"; + }; + } else { }; getty.greetingLine = mkDefault' ''<<< Welcome to ${config.system.nixos.distroName} ${config.system.nixos.label} (\m) - \l >>>''; openssh = { @@ -247,7 +254,7 @@ in }; } (mkIf config.services.kmscon.enable { - fonts.fonts = with pkgs; [ + fonts.packages = with pkgs; [ nerd-fonts.sauce-code-pro ]; }) diff --git a/nixos/modules/gui/default.nix b/nixos/modules/gui/default.nix index ee5178e..b22d02e 100644 --- a/nixos/modules/gui/default.nix +++ b/nixos/modules/gui/default.nix @@ -44,8 +44,7 @@ in swaylock-plugin ]; services = { - # TODO: Remove if-else when 26.05 releases - resolved = if (config.system.nixos.release == "25.11:u-26.05") then { + resolved = { settings.Resolve = { FallbackDNS = mkOverride 99 ( "1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google " + @@ -54,7 +53,7 @@ in "2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google" ); LLMNR = "resolve"; }; - } else { }; + }; pipewire = { enable = true; diff --git a/nixos/modules/network.nix b/nixos/modules/network.nix index 1bb3587..80fabb0 100644 --- a/nixos/modules/network.nix +++ b/nixos/modules/network.nix @@ -13,21 +13,13 @@ in }; services.resolved = { - # Explicitly unset fallback DNS (Nix module will not allow for a blank config) - # TODO: Remove if-else when 26.05 releases - } // (if config.system.nixos.release == "25.11:u-25.11" then { - domains = [ config.networking.domain ]; - extraConfig = '' - FallbackDNS= - Cache=no-negative - ''; - } else { settings.Resolve = { Domains = [ config.networking.domain ]; + # Explicitly unset fallback DNS (Nix module will not allow for a blank config) FallbackDNS = ""; Cache = "no-negative"; }; - }); + }; } (mkIf config.my.build.isDevVM { diff --git a/nixos/modules/pdns.nix b/nixos/modules/pdns.nix index 0984504..ef18859 100644 --- a/nixos/modules/pdns.nix +++ b/nixos/modules/pdns.nix @@ -165,7 +165,7 @@ let extraSettingsOpt = with lib.types; mkOpt' (nullOr str) null "Path to extra settings (e.g. for secrets)."; baseAuthSettings = pkgs.writeText "pdns.conf" (settingsToLines cfg.auth.settings); - baseRecursorSettings = (pkgs.formats.yaml { }).generate "pdns-recursor.yaml" config.services.pdns-recursor.yaml-settings; + baseRecursorSettings = (pkgs.formats.yaml { }).generate "pdns-recursor.yaml" config.services.pdns-recursor.settings; generateSettings = type: base: dst: if (cfg."${type}".extraSettingsFile != null) then '' oldUmask="$(umask)" umask 006 diff --git a/nixos/modules/server.nix b/nixos/modules/server.nix index 0dee932..f8a5d01 100644 --- a/nixos/modules/server.nix +++ b/nixos/modules/server.nix @@ -11,9 +11,7 @@ in config = mkIf cfg.enable { services = { getty.autologinUser = mkDefault uname; - kmscon.autologinUser = mkDefault uname; - # TODO: Update to Setings.Resolve.LLMNR when 26.05 releases - resolved.llmnr = mkDefault "false"; + resolved.settings.Resolve.LLMNR = mkDefault "false"; }; systemd = { timers = { diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index a160437..06d0c05 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -336,13 +336,13 @@ in (persistSimpleSvc "jackett") (persistSimpleSvc "radarr") (persistSimpleSvc "sonarr") - (mkIf config.services.jellyseerr.enable { + (mkIf config.services.seerr.enable { my.tmproot.persistence.config.directories = [ { - directory = "/var/lib/jellyseerr"; + directory = "/var/lib/seerr"; mode = "0750"; - user = "jellyseerr"; - group = "jellyseerr"; + user = "seerr"; + group = "seerr"; } ]; })