dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Upgrade nixpkgs and NixOS stable to 23.11
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 26m58s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-12-03 15:06:11 +00:00
parent 0cc35547f2
commit a1778e0f1e
14 changed files with 89 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
flake.lock generated
View File

@ -185,11 +185,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1695052866, "lastModified": 1698921442,
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", "narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", "rev": "660180bbbeae7d60dad5a92b30858306945fd427",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -474,16 +474,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695108154, "lastModified": 1700814205,
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "07682fff75d41f18327a871088d20af2710d4744", "rev": "aeb2232d7a32530d3448318790534d196bf9427a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "home-manager", "id": "home-manager",
"ref": "release-23.05", "ref": "release-23.11",
"type": "indirect" "type": "indirect"
} }
}, },
@ -494,11 +494,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1698670511, "lastModified": 1701433070,
"narHash": "sha256-jQIu3UhBMPHXzVkHQO1O2gg8SVo5lqAVoC6mOaLQcLQ=", "narHash": "sha256-Gf9JStfENaUQ7YWFz3V7x/srIwr4nlnVteqaAxtwpgM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8e5416b478e465985eec274bc3a018024435c106", "rev": "4a8545f5e737a6338814a4676dc8e18c7f43fc57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -560,11 +560,11 @@
}, },
"nixpkgs-mine": { "nixpkgs-mine": {
"locked": { "locked": {
"lastModified": 1700347575, "lastModified": 1701607327,
"narHash": "sha256-wHdY7YFRepLNtPRh7gBP8EDJRbqC/hwYWupxTof7PQ8=", "narHash": "sha256-pHX6S1mrUSFVq6v0HiZuShfXLL01wiWvgivCabX2x+M=",
"owner": "devplayer0", "owner": "devplayer0",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "72cc1ce8a7e476a724de861bbd066a1cb700e39b", "rev": "c8af66cb9046a65cbab33563f804b7bad46173af",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -576,11 +576,11 @@
}, },
"nixpkgs-mine-stable": { "nixpkgs-mine-stable": {
"locked": { "locked": {
"lastModified": 1700347610, "lastModified": 1701607437,
"narHash": "sha256-NLRu2yPRc6BRIIcI0KG9csLGiAhmZG2JXLrJI+gLJQk=", "narHash": "sha256-ozMDOyJtxr/CznI6lrwtt9JkU32Y2cLr2B4vlW85Tfw=",
"owner": "devplayer0", "owner": "devplayer0",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8b2769b59113858ecf4cf24ddae9ab1b8dd7920d", "rev": "67ef05e2dd98d1fd856028eba1bb4edb847f6c6e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -592,26 +592,26 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1698562188, "lastModified": 1701389149,
"narHash": "sha256-9nkxGnA/T+jLhHAMFRW157Qi/zfbf5dF1q7HfKROl3o=", "narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3e10c80821dedb93592682379f476745f370a58e", "rev": "5de0b32be6e85dc1a9404c75131316e4ffbc634c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-23.05", "ref": "nixos-23.11",
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1698611440, "lastModified": 1701253981,
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View File

@ -7,13 +7,13 @@
devshell.inputs.nixpkgs.follows = "nixpkgs-unstable"; devshell.inputs.nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
nixpkgs-stable.url = "nixpkgs/nixos-23.05"; nixpkgs-stable.url = "nixpkgs/nixos-23.11";
nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0"; nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0";
nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable"; nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable";
home-manager-unstable.url = "home-manager"; home-manager-unstable.url = "home-manager";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
home-manager-stable.url = "home-manager/release-23.05"; home-manager-stable.url = "home-manager/release-23.11";
home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
# Stuff used by the flake for build / deployment # Stuff used by the flake for build / deployment

1
home-manager/modules/gui/default.nix
View File

@ -61,6 +61,7 @@ in
settings = { settings = {
background_opacity = "0.8"; background_opacity = "0.8";
tab_bar_edge = "top"; tab_bar_edge = "top";
shell_integration = "no-sudo";
}; };
}; };

8
home-manager/modules/swaync.nix
View File

@ -70,13 +70,17 @@ in
"swaync/config.json" = mkIf (cfg.settings != { }) { "swaync/config.json" = mkIf (cfg.settings != { }) {
source = configSource; source = configSource;
onChange = '' onChange = ''
${cfg.package}/bin/swaync-client --reload-config if ${pkgs.systemd}/bin/systemctl --user is-active --quiet swaync; then
${cfg.package}/bin/swaync-client --reload-config
fi
''; '';
}; };
"swaync/style.css" = mkIf (cfg.style != null) { "swaync/style.css" = mkIf (cfg.style != null) {
source = styleSource; source = styleSource;
onChange = '' onChange = ''
${cfg.package}/bin/swaync-client --reload-css if ${pkgs.systemd}/bin/systemctl --user is-active --quiet swaync; then
${cfg.package}/bin/swaync-client --reload-css
fi
''; '';
}; };
}; };

5
lib/constants.nix
View File

@ -19,6 +19,11 @@ rec {
}; };
}; };
kernel = {
lts = pkgs: pkgs.linuxKernel.packages.linux_6_1;
latest = pkgs: pkgs.linuxKernel.packages.linux_6_6;
};
nginx = { nginx = {
proxyHeaders = '' proxyHeaders = ''
# Setting any proxy_header in a child (e.g. location) will nuke the parents... # Setting any proxy_header in a child (e.g. location) will nuke the parents...

2
nixos/boxes/castle/default.nix
View File

@ -25,7 +25,7 @@
efi.canTouchEfiVariables = false; efi.canTouchEfiVariables = false;
timeout = 10; timeout = 10;
}; };
kernelPackages = pkgs.linuxKernel.packages.linux_6_5; kernelPackages = lib.my.c.kernel.latest pkgs;
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
kernelParams = [ "amd_iommu=on" "amd_pstate=passive" ]; kernelParams = [ "amd_iommu=on" "amd_pstate=passive" ];
kernelPatches = [ kernelPatches = [

2
nixos/boxes/colony/default.nix
View File

@ -57,7 +57,7 @@ in
}; };
boot = { boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_1.extend (self: super: { kernelPackages = (lib.my.c.kernel.lts pkgs).extend (self: super: {
kernel = super.kernel.override { kernel = super.kernel.override {
structuredExtraConfig = with lib.kernel; { structuredExtraConfig = with lib.kernel; {
#SOME_OPT = yes; #SOME_OPT = yes;

57
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@ -318,59 +318,12 @@ in
useACMEHost = pubDomain; useACMEHost = pubDomain;
}; };
"toot.nul.ie" = "toot.nul.ie" = {
let locations."/" = {
mkAssetLoc = name: { proxyPass = "http://toot-ctr.${domain}:80";
tryFiles = "$uri =404"; proxyWebsockets = true;
extraConfig = '' extraConfig = proxyHeaders;
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubpubDomains";
'';
}; };
in
{
root = "${pkgs.mastodon}/public";
locations = mkMerge [
(genAttrs [
"= /sw.js"
"~ ^/assets/"
"~ ^/avatars/"
"~ ^/emoji/"
"~ ^/headers/"
"~ ^/packs/"
"~ ^/shortcuts/"
"~ ^/sounds/"
] mkAssetLoc)
{
"/".tryFiles = "$uri @proxy";
"^~ /api/v1/streaming" = {
proxyPass = "http://toot-ctr.${domain}:55000";
proxyWebsockets = true;
extraConfig = ''
${proxyHeaders}
proxy_set_header Proxy "";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
'';
};
"@proxy" = {
proxyPass = "http://toot-ctr.${domain}:55001";
proxyWebsockets = true;
extraConfig = ''
${proxyHeaders}
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_cache CACHE;
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
'';
};
}
];
useACMEHost = pubDomain; useACMEHost = pubDomain;
}; };

38
nixos/boxes/colony/vms/shill/containers/toot.nix
View File

@ -1,5 +1,6 @@
{ lib, ... }: { lib, ... }:
let let
inherit (lib) mkForce;
inherit (lib.my) net; inherit (lib.my) net;
inherit (lib.my.c.colony) domain prefixes; inherit (lib.my.c.colony) domain prefixes;
in in
@ -54,8 +55,7 @@ in
tcp.allowed = [ tcp.allowed = [
19999 19999
config.services.mastodon.webPort "http"
config.services.mastodon.streamingPort
]; ];
}; };
}; };
@ -78,10 +78,13 @@ in
services = { services = {
netdata.enable = true; netdata.enable = true;
mastodon = mkMerge [ mastodon = mkMerge [
{ rec {
enable = true; enable = true;
localDomain = "nul.ie"; localDomain = extraConfig.WEB_DOMAIN; # for nginx config
extraConfig.WEB_DOMAIN = "toot.nul.ie"; extraConfig = {
LOCAL_DOMAIN = "nul.ie";
WEB_DOMAIN = "toot.nul.ie";
};
secretKeyBaseFile = config.age.secrets."toot/secret-key.txt".path; secretKeyBaseFile = config.age.secrets."toot/secret-key.txt".path;
otpSecretFile = config.age.secrets."toot/otp-secret.txt".path; otpSecretFile = config.age.secrets."toot/otp-secret.txt".path;
@ -90,9 +93,8 @@ in
"vapid-pubkey.txt" "vapid-pubkey.txt"
"BAyRyD2pnLQtMHr3J5AzjNMll_HDC6ra1ilOLAUmKyhkEdbm7_OwKZUgw1UefY4CHEcv4OOX9TnnN2DOYYuPZu8="); "BAyRyD2pnLQtMHr3J5AzjNMll_HDC6ra1ilOLAUmKyhkEdbm7_OwKZUgw1UefY4CHEcv4OOX9TnnN2DOYYuPZu8=");
enableUnixSocket = false; streamingProcesses = 4;
configureNginx = false; configureNginx = true;
trustedProxy = allAssignments.middleman.internal.ipv6.address;
database = { database = {
createLocally = false; createLocally = false;
@ -134,13 +136,31 @@ in
}; };
} }
]; ];
# Override some stuff since we are proxying upstream
nginx = {
recommendedProxySettings = mkForce false;
virtualHosts."${config.services.mastodon.localDomain}" =
let
extraConfig = ''
proxy_set_header Host $host;
'';
in
{
forceSSL = false;
enableACME = false;
locations = {
"@proxy" = { inherit extraConfig; };
"/api/v1/streaming/" = { inherit extraConfig; };
};
};
};
}; };
} }
(mkIf config.my.build.isDevVM { (mkIf config.my.build.isDevVM {
virtualisation = { virtualisation = {
forwardPorts = with config.services.mastodon; [ forwardPorts = with config.services.mastodon; [
{ from = "host"; guest.port = webPort; } { from = "host"; guest.port = webPort; }
{ from = "host"; guest.port = streamingPort; }
]; ];
}; };
}) })

2
nixos/boxes/kelder/default.nix
View File

@ -54,7 +54,7 @@ in
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
timeout = 5; timeout = 5;
}; };
kernelPackages = pkgs.linuxKernel.packages.linux_6_1; kernelPackages = lib.my.c.kernel.lts pkgs;
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
kernelParams = [ "intel_iommu=on" ]; kernelParams = [ "intel_iommu=on" ];
initrd = { initrd = {

2
nixos/boxes/tower/default.nix
View File

@ -25,7 +25,7 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
timeout = 10; timeout = 10;
}; };
kernelPackages = pkgs.linuxKernel.packages.linux_6_5; kernelPackages = lib.my.c.kernel.latest pkgs;
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
kernelParams = [ "intel_iommu=on" ]; kernelParams = [ "intel_iommu=on" ];
initrd = { initrd = {

2
nixos/modules/common.nix
View File

@ -88,7 +88,7 @@ in
boot = { boot = {
# Use latest LTS release by default # Use latest LTS release by default
kernelPackages = mkDefault pkgs.linuxKernel.packages.linux_6_1; kernelPackages = mkDefault (lib.my.c.kernel.lts pkgs);
kernel = { kernel = {
sysctl = { sysctl = {
"net.ipv6.route.max_size" = mkDefault 16384; "net.ipv6.route.max_size" = mkDefault 16384;

13
nixos/modules/gui.nix
View File

@ -57,7 +57,7 @@ in
programs.dconf.enable = true; programs.dconf.enable = true;
fonts.fonts = with pkgs; [ fonts.packages = with pkgs; [
dejavu_fonts dejavu_fonts
freefont_ttf freefont_ttf
gyre-fonts # TrueType substitutes for standard PostScript fonts gyre-fonts # TrueType substitutes for standard PostScript fonts
@ -69,8 +69,19 @@ in
xdg = { xdg = {
portal = { portal = {
enable = true; enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
# For sway # For sway
wlr.enable = true; wlr.enable = true;
configPackages = [
(pkgs.writeTextDir "share/xdg-desktop-portal/sway-portals.conf" ''
[preferred]
default=gtk
org.freedesktop.impl.portal.Screenshot=wlr
org.freedesktop.impl.portal.ScreenCast=wlr
'')
];
}; };
}; };
}; };

2
nixos/modules/user.nix
View File

@ -99,7 +99,7 @@ in
(mkIf (cfg.passwordSecret != null) { (mkIf (cfg.passwordSecret != null) {
my = { my = {
secrets.files."${cfg.passwordSecret}" = {}; secrets.files."${cfg.passwordSecret}" = {};
user.config.passwordFile = config.age.secrets."${cfg.passwordSecret}".path; user.config.hashedPasswordFile = config.age.secrets."${cfg.passwordSecret}".path;
}; };
}) })
]); ]);