Merge branch '23.11' into consensus

flake.lock

@@ -179,43 +179,6 @@
         "url": "https://reciproka.dev/reciproka/hakyll-skeleton/"
       }
     },
-    "lowdown-src": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1633514407,
-        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
-        "owner": "kristapsdz",
-        "repo": "lowdown",
-        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "kristapsdz",
-        "repo": "lowdown",
-        "type": "github"
-      }
-    },
-    "nix": {
-      "inputs": {
-        "lowdown-src": "lowdown-src",
-        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-regression": "nixpkgs-regression"
-      },
-      "locked": {
-        "lastModified": 1657886512,
-        "narHash": "sha256-B9EyDUz/9tlcWwf24lwxCFmkxuPTVW7HFYvp0C4xGbc=",
-        "owner": "NixOS",
-        "repo": "nix",
-        "rev": "0b62dab6db3da5b20e62697b14aaaf80f1a2eea6",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "2.10.3",
-        "repo": "nix",
-        "type": "github"
-      }
-    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1683408522,
@@ -232,22 +195,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-regression": {
-      "locked": {
-        "lastModified": 1643052045,
-        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      }
-    },
     "nixpkgsUnstable": {
       "locked": {
         "lastModified": 1696019113,
@@ -266,32 +213,16 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1657693803,
+        "lastModified": 1701539137,
-        "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
+        "narHash": "sha256-nVO/5QYpf1GwjvtpXhyxx5M3U/WN0MwBro4Lsk+9mL0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "365e1b3a859281cf11b94f87231adeabbdd878a2",
+        "rev": "933d7dc155096e7575d207be6fb7792bc9f34f6d",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-22.05-small",
+        "ref": "nixos-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1700403855,
-        "narHash": "sha256-Q0Uzjik9kUTN9pd/kp52XJi5kletBhy29ctBlAG+III=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "0c5678df521e1407884205fe3ce3cf1d7df297db",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -358,8 +289,7 @@
       "inputs": {
         "colmena": "colmena",
         "hakyll-skeleton": "hakyll-skeleton",
-        "nix": "nix",
+        "nixpkgs": "nixpkgs_2",
-        "nixpkgs": "nixpkgs_3",
         "nixpkgsUnstable": "nixpkgsUnstable",
         "ragenix": "ragenix",
         "reciproka-web": "reciproka-web",

flake.nix

@@ -19,8 +19,7 @@
       flake = false;
       url = git+https://reciproka.dev/resrok/resrok-web/?ref=consensus;
     };
-    nix.url = "github:NixOS/nix/?ref=2.10.3";
+    nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-23.11;
-    nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-23.05;
     nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable;
     utils.url = "github:numtide/flake-utils";
     voc-web = {

nixos/configurations.nix

@@ -2,7 +2,6 @@
   self,
   nixpkgs,
   inputs,
-  nix,
   ...
 }: let
   nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;

outputs.nix

@@ -4,7 +4,6 @@
   reciproka-web,
   ragenix,
   colmena,
-  nix,
   nixpkgs,
   nixpkgsUnstable,
   resrok-web,
@@ -20,7 +19,6 @@ in {
     ./shell.nix {
       inherit (ragenix.packages."${pkgs.system}") ragenix;
       inherit (colmena.packages."${pkgs.system}") colmena;
-      inherit (nix.packages."${pkgs.system}") nix;
       inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") alejandra;
     };
 }))

profiles/host_common.nix

@@ -38,12 +38,14 @@
   security.sudo.wheelNeedsPassword = false;
 
   # Configure and install required fonts
-  fonts.enableDefaultFonts = true;
+  fonts = {
-  fonts.fontDir.enable = true;
+    enableDefaultPackages = true;
-  fonts.fonts = with pkgs; [
+    fontDir.enable = true;
-    powerline-fonts # Required for Powerline prompts
+    packages = with pkgs; [
-  ];
+      powerline-fonts # Required for Powerline prompts
-  fonts.fontconfig.includeUserConf = false;
+    ];
+    fontconfig.includeUserConf = false;
+  };
 
   # Adapted from gchristensen and clever
   nix = {

profiles/nix-direnv.nix

@@ -16,11 +16,11 @@
   environment = {
     systemPackages = with pkgs; [
       direnv # A shell extension that manages your environment
-      nix-direnv # A fast, persistent use_nix implementation for direnv
+      #nix-direnv # A fast, persistent use_nix implementation for direnv
-    ];
-    pathsToLink = [
-      "/share/nix-direnv"
     ];
+    #  pathsToLink = [
+    #    "/share/nix-direnv"
+    #  ];
   };
 
   nixpkgs.overlays = [

profiles/reciproka-forgejo.nix

@@ -15,10 +15,7 @@ in {
       type = "postgres"; # Database type
       passwordFile = config.age.secrets.forgejo.path;
     };
-    domain = "reciproka.dev"; # Domain name
-    httpPort = 3002; # Provided unique port
     package = pkgs.forgejo; # a soft fork of gitea
-    rootUrl = "https://reciproka.dev/"; # Root web URL
     settings = let
       docutils = pkgs.python39.withPackages (ps:
         with ps; [
@@ -67,6 +64,7 @@ in {
 
   services.postgresql = {
     enable = true; # Ensure postgresql is enabled
+    package = pkgs.postgresql;
     authentication = ''
       local gitea all ident map=gitea-users
     '';
@@ -79,11 +77,7 @@ in {
     ensureUsers = [
       {
         name = "gitea"; # Ensure the database user persists
-        ensurePermissions = {
+        ensureDBOwnership = true;
-          # Ensure the database permissions persist
-          "DATABASE gitea" = "ALL PRIVILEGES";
-          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
-        };
       }
     ];
   };

profiles/users.nix

@@ -19,7 +19,7 @@
     group = "fiscalvelvetpoet";
     extraGroups = ["wheel"];
     # fix this
-    passwordFile = config.age.secrets.fiscalvelvetpoet.path;
+    hashedPasswordFile = config.age.secrets.fiscalvelvetpoet.path;
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so fiscalvelvetpoet@reciproka"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7qAXTCAnqq+3ks4L8/2f4J8RxmrFaMOCA7m9ImbW2m fiscalvelvetpoet@sealgair"
@@ -28,7 +28,7 @@
 
   users.users.root = {
     # fix this
-    passwordFile = config.age.secrets.root.path;
+    hashedPasswordFile = config.age.secrets.root.path;
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDMAhG6+40YiYy9wqruHK9M2fLwYAqikJSJ/pRjR/so fiscalvelvetpoet@reciproka"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7qAXTCAnqq+3ks4L8/2f4J8RxmrFaMOCA7m9ImbW2m fiscalvelvetpoet@sealgair"

shell.nix

@@ -4,7 +4,6 @@
   alejandra,
   mkShell,
   colmena,
-  nix,
 }:
 with pkgs;
   mkShell {
@@ -12,7 +11,7 @@ with pkgs;
       ragenix # CLI management of secrets encrypted via existing SSH keys
       alejandra # The Uncompromising Nix Code Formatter
       colmena # simple, stateless NixOS deployment tool
-      nix # Powerful package manager, makes packaging reliable & reproducible
+      nix # Powerful package manager that makes package management reliable and reproducible
       tea # Gitea official CLI client
       treefmt # one CLI to format the code tree
     ];