From 62bf0c9262467bef59678ebbf2c8cbb9125c713e Mon Sep 17 00:00:00 2001 From: Fiscal Velvet Poet Date: Mon, 4 Dec 2023 11:07:21 +1000 Subject: [PATCH 1/6] nixos: upgraded to 23.11 --- flake.lock | 80 +++------------------------------------- flake.nix | 3 +- nixos/configurations.nix | 1 - outputs.nix | 2 - shell.nix | 3 +- 5 files changed, 7 insertions(+), 82 deletions(-) diff --git a/flake.lock b/flake.lock index 0db401e..4978d1b 100644 --- a/flake.lock +++ b/flake.lock @@ -179,43 +179,6 @@ "url": "https://reciproka.dev/reciproka/hakyll-skeleton/" } }, - "lowdown-src": { - "flake": false, - "locked": { - "lastModified": 1633514407, - "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "repo": "lowdown", - "type": "github" - } - }, - "nix": { - "inputs": { - "lowdown-src": "lowdown-src", - "nixpkgs": "nixpkgs_2", - "nixpkgs-regression": "nixpkgs-regression" - }, - "locked": { - "lastModified": 1657886512, - "narHash": "sha256-B9EyDUz/9tlcWwf24lwxCFmkxuPTVW7HFYvp0C4xGbc=", - "owner": "NixOS", - "repo": "nix", - "rev": "0b62dab6db3da5b20e62697b14aaaf80f1a2eea6", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "2.10.3", - "repo": "nix", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1683408522, @@ -232,22 +195,6 @@ "type": "github" } }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgsUnstable": { "locked": { "lastModified": 1696019113, @@ -266,32 +213,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1657693803, - "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=", + "lastModified": 1701539137, + "narHash": "sha256-nVO/5QYpf1GwjvtpXhyxx5M3U/WN0MwBro4Lsk+9mL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "365e1b3a859281cf11b94f87231adeabbdd878a2", + "rev": "933d7dc155096e7575d207be6fb7792bc9f34f6d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.05-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1700403855, - "narHash": "sha256-Q0Uzjik9kUTN9pd/kp52XJi5kletBhy29ctBlAG+III=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0c5678df521e1407884205fe3ce3cf1d7df297db", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -358,8 +289,7 @@ "inputs": { "colmena": "colmena", "hakyll-skeleton": "hakyll-skeleton", - "nix": "nix", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgsUnstable": "nixpkgsUnstable", "ragenix": "ragenix", "reciproka-web": "reciproka-web", diff --git a/flake.nix b/flake.nix index 3578cfb..c0014ea 100644 --- a/flake.nix +++ b/flake.nix @@ -19,8 +19,7 @@ flake = false; url = git+https://reciproka.dev/resrok/resrok-web/?ref=consensus; }; - nix.url = "github:NixOS/nix/?ref=2.10.3"; - nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-23.05; + nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-23.11; nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable; utils.url = "github:numtide/flake-utils"; voc-web = { diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 50b1ea5..c4168c3 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -2,7 +2,6 @@ self, nixpkgs, inputs, - nix, ... }: let nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem; diff --git a/outputs.nix b/outputs.nix index 05539e4..9418deb 100644 --- a/outputs.nix +++ b/outputs.nix @@ -4,7 +4,6 @@ reciproka-web, ragenix, colmena, - nix, nixpkgs, nixpkgsUnstable, resrok-web, @@ -20,7 +19,6 @@ in { ./shell.nix { inherit (ragenix.packages."${pkgs.system}") ragenix; inherit (colmena.packages."${pkgs.system}") colmena; - inherit (nix.packages."${pkgs.system}") nix; inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") alejandra; }; })) diff --git a/shell.nix b/shell.nix index 15644ed..82d21e2 100644 --- a/shell.nix +++ b/shell.nix @@ -4,7 +4,6 @@ alejandra, mkShell, colmena, - nix, }: with pkgs; mkShell { @@ -12,7 +11,7 @@ with pkgs; ragenix # CLI management of secrets encrypted via existing SSH keys alejandra # The Uncompromising Nix Code Formatter colmena # simple, stateless NixOS deployment tool - nix # Powerful package manager, makes packaging reliable & reproducible + nix # Powerful package manager that makes package management reliable and reproducible tea # Gitea official CLI client treefmt # one CLI to format the code tree ]; From ed41aa92c238ad4d510a8bc92d8c02c783d10ef0 Mon Sep 17 00:00:00 2001 From: Fiscal Velvet Poet Date: Mon, 4 Dec 2023 17:48:30 +1000 Subject: [PATCH 2/6] fonts: migrated to new option names --- profiles/host_common.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/profiles/host_common.nix b/profiles/host_common.nix index 6f6ffef..82237a8 100644 --- a/profiles/host_common.nix +++ b/profiles/host_common.nix @@ -38,12 +38,14 @@ security.sudo.wheelNeedsPassword = false; # Configure and install required fonts - fonts.enableDefaultFonts = true; - fonts.fontDir.enable = true; - fonts.fonts = with pkgs; [ - powerline-fonts # Required for Powerline prompts - ]; - fonts.fontconfig.includeUserConf = false; + fonts = { + enableDefaultPackages = true; + fontDir.enable = true; + packages = with pkgs; [ + powerline-fonts # Required for Powerline prompts + ]; + fontconfig.includeUserConf = false; + }; # Adapted from gchristensen and clever nix = { From 53f7767233c5bdbe496fa34b7539de83ff27ecdf Mon Sep 17 00:00:00 2001 From: Fiscal Velvet Poet Date: Mon, 4 Dec 2023 17:50:31 +1000 Subject: [PATCH 3/6] users: migrate to hashedPasswdFile --- profiles/users.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/profiles/users.nix b/profiles/users.nix index 76d00f8..1a0ee9d 100644 --- a/profiles/users.nix +++ b/profiles/users.nix @@ -19,7 +19,7 @@ group = "fiscalvelvetpoet"; extraGroups = ["wheel"]; # fix this - passwordFile = config.age.secrets.fiscalvelvetpoet.path; + hashedPasswordFile = config.age.secrets.fiscalvelvetpoet.path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so fiscalvelvetpoet@reciproka" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7qAXTCAnqq+3ks4L8/2f4J8RxmrFaMOCA7m9ImbW2m fiscalvelvetpoet@sealgair" @@ -28,7 +28,7 @@ users.users.root = { # fix this - passwordFile = config.age.secrets.root.path; + hashedPasswordFile = config.age.secrets.root.path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so fiscalvelvetpoet@reciproka" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7qAXTCAnqq+3ks4L8/2f4J8RxmrFaMOCA7m9ImbW2m fiscalvelvetpoet@sealgair" From 49906ecad7c5f32efd9dbe2a61b755a1a9d31615 Mon Sep 17 00:00:00 2001 From: Fiscal Velvet Poet Date: Mon, 4 Dec 2023 17:52:04 +1000 Subject: [PATCH 4/6] postgres: migrated to ensureDBOwnership --- profiles/reciproka-forgejo.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/profiles/reciproka-forgejo.nix b/profiles/reciproka-forgejo.nix index 39b52e2..7140f06 100644 --- a/profiles/reciproka-forgejo.nix +++ b/profiles/reciproka-forgejo.nix @@ -67,6 +67,7 @@ in { services.postgresql = { enable = true; # Ensure postgresql is enabled + package = pkgs.postgresql; authentication = '' local gitea all ident map=gitea-users ''; @@ -79,11 +80,7 @@ in { ensureUsers = [ { name = "gitea"; # Ensure the database user persists - ensurePermissions = { - # Ensure the database permissions persist - "DATABASE gitea" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; }; From beda9d416790eaaaef4a97aad57d9113715a4cd1 Mon Sep 17 00:00:00 2001 From: Fiscal Velvet Poet Date: Mon, 4 Dec 2023 18:50:48 +1000 Subject: [PATCH 5/6] forgejo: remove deprecated options --- profiles/reciproka-forgejo.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/profiles/reciproka-forgejo.nix b/profiles/reciproka-forgejo.nix index 7140f06..6be7aed 100644 --- a/profiles/reciproka-forgejo.nix +++ b/profiles/reciproka-forgejo.nix @@ -15,10 +15,7 @@ in { type = "postgres"; # Database type passwordFile = config.age.secrets.forgejo.path; }; - domain = "reciproka.dev"; # Domain name - httpPort = 3002; # Provided unique port package = pkgs.forgejo; # a soft fork of gitea - rootUrl = "https://reciproka.dev/"; # Root web URL settings = let docutils = pkgs.python39.withPackages (ps: with ps; [ From a8dadc39a1925d6e8e9f86f67d99d0c77c4f181d Mon Sep 17 00:00:00 2001 From: Fiscal Velvet Poet Date: Mon, 4 Dec 2023 18:52:15 +1000 Subject: [PATCH 6/6] nix-direnv: disable as something is broken upstream --- profiles/nix-direnv.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/profiles/nix-direnv.nix b/profiles/nix-direnv.nix index 97bb4b6..d924a59 100644 --- a/profiles/nix-direnv.nix +++ b/profiles/nix-direnv.nix @@ -16,11 +16,11 @@ environment = { systemPackages = with pkgs; [ direnv # A shell extension that manages your environment - nix-direnv # A fast, persistent use_nix implementation for direnv - ]; - pathsToLink = [ - "/share/nix-direnv" + #nix-direnv # A fast, persistent use_nix implementation for direnv ]; + # pathsToLink = [ + # "/share/nix-direnv" + # ]; }; nixpkgs.overlays = [