Upgrade nixpkgs and NixOS stable to 23.11

2023-12-03 15:06:11 +00:00 · 2023-12-03 15:06:11 +00:00 · a1778e0f1e
commit a1778e0f1e
parent 0cc35547f2
14 changed files with 89 additions and 95 deletions
--- a/flake.lock
+++ b/flake.lock
@ -185,11 +185,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1695052866,
-        "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
+        "lastModified": 1698921442,
+        "narHash": "sha256-7KmvhQ7FuXlT/wG4zjTssap6maVqeAMBdtel+VjClSM=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
+        "rev": "660180bbbeae7d60dad5a92b30858306945fd427",
        "type": "github"
      },
      "original": {
@ -474,16 +474,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1695108154,
-        "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
+        "lastModified": 1700814205,
+        "narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "07682fff75d41f18327a871088d20af2710d4744",
+        "rev": "aeb2232d7a32530d3448318790534d196bf9427a",
        "type": "github"
      },
      "original": {
        "id": "home-manager",
-        "ref": "release-23.05",
+        "ref": "release-23.11",
        "type": "indirect"
      }
    },
@ -494,11 +494,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1698670511,
-        "narHash": "sha256-jQIu3UhBMPHXzVkHQO1O2gg8SVo5lqAVoC6mOaLQcLQ=",
+        "lastModified": 1701433070,
+        "narHash": "sha256-Gf9JStfENaUQ7YWFz3V7x/srIwr4nlnVteqaAxtwpgM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "8e5416b478e465985eec274bc3a018024435c106",
+        "rev": "4a8545f5e737a6338814a4676dc8e18c7f43fc57",
        "type": "github"
      },
      "original": {
@ -560,11 +560,11 @@
    },
    "nixpkgs-mine": {
      "locked": {
-        "lastModified": 1700347575,
-        "narHash": "sha256-wHdY7YFRepLNtPRh7gBP8EDJRbqC/hwYWupxTof7PQ8=",
+        "lastModified": 1701607327,
+        "narHash": "sha256-pHX6S1mrUSFVq6v0HiZuShfXLL01wiWvgivCabX2x+M=",
        "owner": "devplayer0",
        "repo": "nixpkgs",
-        "rev": "72cc1ce8a7e476a724de861bbd066a1cb700e39b",
+        "rev": "c8af66cb9046a65cbab33563f804b7bad46173af",
        "type": "github"
      },
      "original": {
@ -576,11 +576,11 @@
    },
    "nixpkgs-mine-stable": {
      "locked": {
-        "lastModified": 1700347610,
-        "narHash": "sha256-NLRu2yPRc6BRIIcI0KG9csLGiAhmZG2JXLrJI+gLJQk=",
+        "lastModified": 1701607437,
+        "narHash": "sha256-ozMDOyJtxr/CznI6lrwtt9JkU32Y2cLr2B4vlW85Tfw=",
        "owner": "devplayer0",
        "repo": "nixpkgs",
-        "rev": "8b2769b59113858ecf4cf24ddae9ab1b8dd7920d",
+        "rev": "67ef05e2dd98d1fd856028eba1bb4edb847f6c6e",
        "type": "github"
      },
      "original": {
@ -592,26 +592,26 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1698562188,
-        "narHash": "sha256-9nkxGnA/T+jLhHAMFRW157Qi/zfbf5dF1q7HfKROl3o=",
+        "lastModified": 1701389149,
+        "narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3e10c80821dedb93592682379f476745f370a58e",
+        "rev": "5de0b32be6e85dc1a9404c75131316e4ffbc634c",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-23.05",
+        "ref": "nixos-23.11",
        "type": "indirect"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1698611440,
-        "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
+        "lastModified": 1701253981,
+        "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
+        "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -7,13 +7,13 @@
    devshell.inputs.nixpkgs.follows = "nixpkgs-unstable";

    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
-    nixpkgs-stable.url = "nixpkgs/nixos-23.05";
+    nixpkgs-stable.url = "nixpkgs/nixos-23.11";
    nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0";
    nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable";

    home-manager-unstable.url = "home-manager";
    home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
-    home-manager-stable.url = "home-manager/release-23.05";
+    home-manager-stable.url = "home-manager/release-23.11";
    home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";

    # Stuff used by the flake for build / deployment
--- a/home-manager/modules/gui/default.nix
+++ b/home-manager/modules/gui/default.nix
@ -61,6 +61,7 @@ in
            settings = {
              background_opacity = "0.8";
              tab_bar_edge = "top";
+              shell_integration = "no-sudo";
            };
          };

--- a/home-manager/modules/swaync.nix
+++ b/home-manager/modules/swaync.nix
@ -70,13 +70,17 @@ in
        "swaync/config.json" = mkIf (cfg.settings != { }) {
          source = configSource;
          onChange = ''
+            if ${pkgs.systemd}/bin/systemctl --user is-active --quiet swaync; then
              ${cfg.package}/bin/swaync-client --reload-config
+            fi
          '';
        };
        "swaync/style.css" = mkIf (cfg.style != null) {
          source = styleSource;
          onChange = ''
+            if ${pkgs.systemd}/bin/systemctl --user is-active --quiet swaync; then
              ${cfg.package}/bin/swaync-client --reload-css
+            fi
          '';
        };
      };
--- a/lib/constants.nix
+++ b/lib/constants.nix
@ -19,6 +19,11 @@ rec {
    };
  };

+  kernel = {
+    lts = pkgs: pkgs.linuxKernel.packages.linux_6_1;
+    latest = pkgs: pkgs.linuxKernel.packages.linux_6_6;
+  };
+
  nginx = {
    proxyHeaders = ''
      # Setting any proxy_header in a child (e.g. location) will nuke the parents...
--- a/nixos/boxes/castle/default.nix
+++ b/nixos/boxes/castle/default.nix
@ -25,7 +25,7 @@
            efi.canTouchEfiVariables = false;
            timeout = 10;
          };
-          kernelPackages = pkgs.linuxKernel.packages.linux_6_5;
+          kernelPackages = lib.my.c.kernel.latest pkgs;
          kernelModules = [ "kvm-amd" ];
          kernelParams = [ "amd_iommu=on" "amd_pstate=passive" ];
          kernelPatches = [
--- a/nixos/boxes/colony/default.nix
+++ b/nixos/boxes/colony/default.nix
@ -57,7 +57,7 @@ in
        };

        boot = {
-          kernelPackages = pkgs.linuxKernel.packages.linux_6_1.extend (self: super: {
+          kernelPackages = (lib.my.c.kernel.lts pkgs).extend (self: super: {
            kernel = super.kernel.override {
              structuredExtraConfig = with lib.kernel; {
                #SOME_OPT = yes;
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@ -318,59 +318,12 @@ in
        useACMEHost = pubDomain;
      };

-      "toot.nul.ie" =
-      let
-        mkAssetLoc = name: {
-          tryFiles = "$uri =404";
-          extraConfig = ''
-            add_header Cache-Control "public, max-age=2419200, must-revalidate";
-            add_header Strict-Transport-Security "max-age=63072000; includeSubpubDomains";
-          '';
-        };
-      in
-      {
-        root = "${pkgs.mastodon}/public";
-        locations = mkMerge [
-          (genAttrs [
-            "= /sw.js"
-            "~ ^/assets/"
-            "~ ^/avatars/"
-            "~ ^/emoji/"
-            "~ ^/headers/"
-            "~ ^/packs/"
-            "~ ^/shortcuts/"
-            "~ ^/sounds/"
-          ] mkAssetLoc)
-          {
-            "/".tryFiles = "$uri @proxy";
-
-            "^~ /api/v1/streaming" = {
-              proxyPass = "http://toot-ctr.${domain}:55000";
+      "toot.nul.ie" = {
+        locations."/" = {
+          proxyPass = "http://toot-ctr.${domain}:80";
          proxyWebsockets = true;
-              extraConfig = ''
-                ${proxyHeaders}
-                proxy_set_header Proxy "";
-
-                add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
-              '';
+          extraConfig = proxyHeaders;
        };
-            "@proxy" = {
-              proxyPass = "http://toot-ctr.${domain}:55001";
-              proxyWebsockets = true;
-              extraConfig = ''
-                ${proxyHeaders}
-                proxy_set_header Proxy "";
-                proxy_pass_header Server;
-
-                proxy_cache CACHE;
-                proxy_cache_valid 200 7d;
-                proxy_cache_valid 410 24h;
-                proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-                add_header X-Cached $upstream_cache_status;
-              '';
-            };
-          }
-        ];
        useACMEHost = pubDomain;
      };

--- a/nixos/boxes/colony/vms/shill/containers/toot.nix
+++ b/nixos/boxes/colony/vms/shill/containers/toot.nix
@ -1,5 +1,6 @@
 { lib, ... }:
 let
+  inherit (lib) mkForce;
  inherit (lib.my) net;
  inherit (lib.my.c.colony) domain prefixes;
 in
@ -54,8 +55,7 @@ in
              tcp.allowed = [
                19999

-                config.services.mastodon.webPort
-                config.services.mastodon.streamingPort
+                "http"
              ];
            };
          };
@ -78,10 +78,13 @@ in
          services = {
            netdata.enable = true;
            mastodon = mkMerge [
-              {
+              rec {
                enable = true;
-                localDomain = "nul.ie";
-                extraConfig.WEB_DOMAIN = "toot.nul.ie";
+                localDomain = extraConfig.WEB_DOMAIN; # for nginx config
+                extraConfig = {
+                  LOCAL_DOMAIN = "nul.ie";
+                  WEB_DOMAIN = "toot.nul.ie";
+                };

                secretKeyBaseFile = config.age.secrets."toot/secret-key.txt".path;
                otpSecretFile = config.age.secrets."toot/otp-secret.txt".path;
@ -90,9 +93,8 @@ in
                  "vapid-pubkey.txt"
                  "BAyRyD2pnLQtMHr3J5AzjNMll_HDC6ra1ilOLAUmKyhkEdbm7_OwKZUgw1UefY4CHEcv4OOX9TnnN2DOYYuPZu8=");

-                enableUnixSocket = false;
-                configureNginx = false;
-                trustedProxy = allAssignments.middleman.internal.ipv6.address;
+                streamingProcesses = 4;
+                configureNginx = true;

                database = {
                  createLocally = false;
@ -134,13 +136,31 @@ in
                };
              }
            ];
+
+            # Override some stuff since we are proxying upstream
+            nginx = {
+              recommendedProxySettings = mkForce false;
+              virtualHosts."${config.services.mastodon.localDomain}" =
+              let
+                extraConfig = ''
+                  proxy_set_header Host $host;
+                '';
+              in
+              {
+                forceSSL = false;
+                enableACME = false;
+                locations = {
+                  "@proxy" = { inherit extraConfig; };
+                  "/api/v1/streaming/" = { inherit extraConfig; };
+                };
+              };
+            };
          };
        }
        (mkIf config.my.build.isDevVM {
          virtualisation = {
            forwardPorts = with config.services.mastodon; [
              { from = "host"; guest.port = webPort; }
-              { from = "host"; guest.port = streamingPort; }
            ];
          };
        })
--- a/nixos/boxes/kelder/default.nix
+++ b/nixos/boxes/kelder/default.nix
@ -54,7 +54,7 @@ in
              efi.canTouchEfiVariables = true;
              timeout = 5;
            };
-            kernelPackages = pkgs.linuxKernel.packages.linux_6_1;
+            kernelPackages = lib.my.c.kernel.lts pkgs;
            kernelModules = [ "kvm-intel" ];
            kernelParams = [ "intel_iommu=on" ];
            initrd = {
--- a/nixos/boxes/tower/default.nix
+++ b/nixos/boxes/tower/default.nix
@ -25,7 +25,7 @@
            efi.canTouchEfiVariables = true;
            timeout = 10;
          };
-          kernelPackages = pkgs.linuxKernel.packages.linux_6_5;
+          kernelPackages = lib.my.c.kernel.latest pkgs;
          kernelModules = [ "kvm-intel" ];
          kernelParams = [ "intel_iommu=on" ];
          initrd = {
--- a/nixos/modules/common.nix
+++ b/nixos/modules/common.nix
@ -88,7 +88,7 @@ in

      boot = {
        # Use latest LTS release by default
-        kernelPackages = mkDefault pkgs.linuxKernel.packages.linux_6_1;
+        kernelPackages = mkDefault (lib.my.c.kernel.lts pkgs);
        kernel = {
          sysctl = {
            "net.ipv6.route.max_size" = mkDefault 16384;
--- a/nixos/modules/gui.nix
+++ b/nixos/modules/gui.nix
@ -57,7 +57,7 @@ in

    programs.dconf.enable = true;

-    fonts.fonts = with pkgs; [
+    fonts.packages = with pkgs; [
      dejavu_fonts
      freefont_ttf
      gyre-fonts # TrueType substitutes for standard PostScript fonts
@ -69,8 +69,19 @@ in
    xdg = {
      portal = {
        enable = true;
+        extraPortals = with pkgs; [
+          xdg-desktop-portal-gtk
+        ];
        # For sway
        wlr.enable = true;
+        configPackages = [
+          (pkgs.writeTextDir "share/xdg-desktop-portal/sway-portals.conf" ''
+            [preferred]
+            default=gtk
+            org.freedesktop.impl.portal.Screenshot=wlr
+            org.freedesktop.impl.portal.ScreenCast=wlr
+          '')
+        ];
      };
    };
  };
--- a/nixos/modules/user.nix
+++ b/nixos/modules/user.nix
@ -99,7 +99,7 @@ in
    (mkIf (cfg.passwordSecret != null) {
      my = {
        secrets.files."${cfg.passwordSecret}" = {};
-        user.config.passwordFile = config.age.secrets."${cfg.passwordSecret}".path;
+        user.config.hashedPasswordFile = config.age.secrets."${cfg.passwordSecret}".path;
      };
    })
  ]);