Merge branch '23.05' into consensus

resolves #20
2023-06-02 10:08:33 +10:00 · 2023-06-02 10:08:33 +10:00 · 16a2ea357a
parent 7a3c72e4bd 72ea288abb
commit 16a2ea357a
5 changed files with 125 additions and 58 deletions
--- a/flake.lock
+++ b/flake.lock
@ -9,11 +9,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1677126346,
-        "narHash": "sha256-4s+PPGC1M07QsPyeye5drc2JLa1lhDnCV3XAsG8+pH4=",
+        "lastModified": 1682101079,
+        "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "c2a71c83c70844c5e31db69347e86af080bcdad0",
+        "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
        "type": "github"
      },
      "original": {
@ -25,25 +25,55 @@
    "colmena": {
      "inputs": {
        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs",
-        "stable": "stable",
-        "utils": "utils"
+        "stable": "stable"
      },
      "locked": {
-        "lastModified": 1664434431,
-        "narHash": "sha256-F/Jl1GqSp08fw7PCHiv/ijn/pAP1YOStIhHws291s7A=",
+        "lastModified": 1684127108,
+        "narHash": "sha256-01bfuSY4gnshhtqA1EJCw2CMsKkAx+dHS+sEpQ2+EAQ=",
        "owner": "zhaofengli",
        "repo": "colmena",
-        "rev": "7253d9b4bb1f0f031d926092cb5dae3b03f1e812",
+        "rev": "5fdd743a11e7291bd8ac1e169d62ba6156c99be4",
        "type": "github"
      },
      "original": {
        "owner": "zhaofengli",
-        "ref": "v0.3.2",
+        "ref": "v0.4.0",
        "repo": "colmena",
        "type": "github"
      }
    },
+    "crane": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "flake-utils": [
+          "ragenix",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "ragenix",
+          "nixpkgs"
+        ],
+        "rust-overlay": [
+          "ragenix",
+          "rust-overlay"
+        ]
+      },
+      "locked": {
+        "lastModified": 1681680516,
+        "narHash": "sha256-EB8Adaeg4zgcYDJn9sR6UMjN/OHdIiMMK19+3LmmXQY=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "54b63c8eae4c50172cb50b612946ff1d2bc1c75c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
@ -83,13 +113,47 @@
        "type": "github"
      }
    },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
    "flake-utils": {
      "locked": {
-        "lastModified": 1676283394,
-        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
        "type": "github"
      },
      "original": {
@ -154,11 +218,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1653060744,
-        "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
+        "lastModified": 1683408522,
+        "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "dfd82985c273aac6eced03625f454b334daae2e8",
+        "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7",
        "type": "github"
      },
      "original": {
@ -218,16 +282,16 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1685314633,
-        "narHash": "sha256-8LXBPqTQXl5ofkjpJ18JcbmLJ/lWDoMxtUwiDYv0wro=",
+        "lastModified": 1685533922,
+        "narHash": "sha256-y4FCQpYafMQ42l1V+NUrMel9RtFtZo59PzdzflKR/lo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c8a17ce7abc03c50cd072e9e6c9b389c5f61836b",
+        "rev": "3a70dd92993182f8e514700ccf5b1ae9fc8a3b8d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-22.11",
+        "ref": "nixos-23.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -235,18 +299,19 @@
    "ragenix": {
      "inputs": {
        "agenix": "agenix",
-        "flake-utils": "flake-utils",
+        "crane": "crane",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixpkgs"
        ],
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1677625082,
-        "narHash": "sha256-62xmRPfjZgDn8AgEhb6eRoJrTxGeM8HfhfF+PkJokok=",
+        "lastModified": 1682237245,
+        "narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=",
        "owner": "yaxitech",
        "repo": "ragenix",
-        "rev": "6f2dacf3d6af36228a8fad3b136990a6b6dfe30b",
+        "rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50",
        "type": "github"
      },
      "original": {
@ -299,7 +364,7 @@
        "ragenix": "ragenix",
        "reciproka-web": "reciproka-web",
        "resrok-web": "resrok-web",
-        "utils": "utils_2",
+        "utils": "utils",
        "voc-web": "voc-web"
      }
    },
@ -315,11 +380,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1676687290,
-        "narHash": "sha256-DP0CJ7qtUXf+mmMglJL1yANizzV1O4UfQ9NrKgy7O04=",
+        "lastModified": 1682129965,
+        "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "bdccd5e973d45159f7d13f7c65a4271dc02cf6d4",
+        "rev": "2c417c0460b788328220120c698630947547ee83",
        "type": "github"
      },
      "original": {
@ -330,36 +395,36 @@
    },
    "stable": {
      "locked": {
-        "lastModified": 1653087707,
-        "narHash": "sha256-zfno3snrzZTWQ2B7K53QHrGZwrjnJLTRPalymrSsziU=",
+        "lastModified": 1669735802,
+        "narHash": "sha256-qtG/o/i5ZWZLmXw108N2aPiVsxOcidpHJYNkT45ry9Q=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "cbd40c72b2603ab54e7208f99f9b35fc158bc009",
+        "rev": "731cc710aeebecbf45a258e977e8b68350549522",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-21.11",
+        "ref": "nixos-22.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "utils": {
-      "locked": {
-        "lastModified": 1649676176,
-        "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "utils_2": {
      "locked": {
        "lastModified": 1656928814,
        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
--- a/flake.nix
+++ b/flake.nix
@ -2,6 +2,7 @@
  description = "reciproka-ops deployment";

  inputs = {
+    colmena.url = "github:zhaofengli/colmena/?ref=v0.4.0";
    ragenix = {
      url = "github:yaxitech/ragenix";
      inputs.nixpkgs.follows = "nixpkgs";
@ -19,14 +20,13 @@
      url = git+https://reciproka.dev/resrok/resrok-web/?ref=consensus;
    };
    nix.url = "github:NixOS/nix/?ref=2.10.3";
-    nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-22.11;
+    nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-23.05;
    nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable;
    utils.url = "github:numtide/flake-utils";
    voc-web = {
      flake = false;
      url = git+https://reciproka.dev/voc/voc-web/?ref=consensus;
    };
-    colmena.url = "github:zhaofengli/colmena/?ref=v0.3.2";
  };

  outputs = {...} @ args: import ./outputs.nix args;
--- a/profiles/host_common.nix
+++ b/profiles/host_common.nix
@ -17,9 +17,7 @@
  ];

  # Common boot settings
-  boot = {
-    cleanTmpDir = true; # Clean /tmp on reboot
-  };
+  boot.tmp.cleanOnBoot = true; # Clean /tmp on reboot ;

  # Select internationalisation properties.
  i18n = {
--- a/profiles/openssh.nix
+++ b/profiles/openssh.nix
@ -7,9 +7,6 @@
 }: {
  services.openssh = {
    enable = true; # Enable the OpenSSH daemon.
-    permitRootLogin = "prohibit-password";
-    kbdInteractiveAuthentication = false;
-    passwordAuthentication = false;
    openFirewall = true;
    hostKeys = [
      {
@ -17,5 +14,10 @@
        type = "ed25519";
      }
    ];
+    settings = {
+      KbdInteractiveAuthentication = false;
+      PasswordAuthentication = false;
+      PermitRootLogin = "prohibit-password";
+    };
  };
 }
--- a/profiles/reciproka-forgejo.nix
+++ b/profiles/reciproka-forgejo.nix
@ -16,16 +16,18 @@ in {
      type = "postgres"; # Database type
      passwordFile = config.age.secrets.forgejo.path;
    };
-    domain = "reciproka.dev"; # Domain name
-    rootUrl = "https://reciproka.dev/"; # Root web URL
-    httpPort = 3002; # Provided unique port
    package = forgejo; # a soft fork of gitea
    settings = let
-      docutils = pkgs.python37.withPackages (ps:
+      docutils = pkgs.python39.withPackages (ps:
        with ps; [
          docutils # Provides rendering of ReStructured Text files
          pygments # Provides syntax highlighting
        ]);
+      server = {
+        DOMAIN = "reciproka.dev"; # Domain name
+        HTTP_PORT = 3002; # Provided unique port
+        ROOT_URL = "https://reciproka.dev/"; # Root web URL
+      };
      service.DISABLE_REGISTRATION = true;
    in {
      mailer = {