From d7299837d1b42a9f9c6c07abfc223b82146d24f1 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Tue, 6 Feb 2024 11:45:53 +1000 Subject: [PATCH 01/22] nixos: bumped to HEAD of 23.11 --- nix/sources.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nix/sources.json b/nix/sources.json index 67ed4f8..0ade2d0 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -68,16 +68,16 @@ "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs": { - "branch": "nixos-23.05", + "branch": "nixos-23.11", "builtin": false, "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to", "homepage": "https://github.com/NixOS/nixpkgs", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", - "sha256": "05cbl1k193c9la9xhlz4y6y8ijpb2mkaqrab30zij6z4kqgclsrd", + "rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d", + "sha256": "1q0hsllnzm4i6liafx5hql3fahcwv33vzn5vjkgxsvlwpxllxbrp", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/70bdadeb94ffc8806c0570eb5c2695ad29f0e421.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/25e3d4c0d3591c99929b1ec07883177f6ea70c9d.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgsUnstable": { From 77a462c29476e9c7499654b6c842548ff2771cd1 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Tue, 6 Feb 2024 11:47:09 +1000 Subject: [PATCH 02/22] nixpkgsUnstable: bumped to HEAD of nixos-unstable --- nix/sources.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/sources.json b/nix/sources.json index 0ade2d0..6a9eb11 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -86,10 +86,10 @@ "homepage": "", "owner": "nixos", "repo": "nixpkgs", - "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370", - "sha256": "00vmgvwic5yip7r9knnv1w3rmwk6ad10p5xxghfwhky5cgk34q97", + "rev": "e92b6015881907e698782c77641aa49298330223", + "sha256": "0vq05559vmj5px94hr148wnq9qbn9whsfpwdbk8wn2myby4knwy7", "type": "tarball", - "url": "https://github.com/nixos/nixpkgs/archive/c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370.tar.gz", + "url": "https://github.com/nixos/nixpkgs/archive/e92b6015881907e698782c77641aa49298330223.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } } From 684310ad815aba02c18955103893146d790e948d Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Tue, 6 Feb 2024 11:55:33 +1000 Subject: [PATCH 03/22] fonts: updated config to use packages --- hosts/sercanto.nix | 5 ++--- profiles/host_common.nix | 17 ++++++++++------- profiles/xmonad.nix | 2 +- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/hosts/sercanto.nix b/hosts/sercanto.nix index e0bfdd3..c583106 100644 --- a/hosts/sercanto.nix +++ b/hosts/sercanto.nix @@ -27,8 +27,7 @@ #../secrets/wireless.nix # Hey look! A squirrel! ]; - #deployment.targetHost = "10.42.0.180"; - deployment.targetHost = "10.42.0.115"; + deployment.targetHost = "10.42.0.126"; nixpkgs = { config = { @@ -54,7 +53,7 @@ networkmanager.enable = true; # Enables network support via NetworkManager. }; - fonts.fonts = with pkgs; [ + fonts.packages = with pkgs; [ anonymousPro dejavu_fonts # A typeface family based on the Bitstream Vera fonts fira-code # Monospace font with programming ligaturess diff --git a/profiles/host_common.nix b/profiles/host_common.nix index ca99280..68c3acb 100644 --- a/profiles/host_common.nix +++ b/profiles/host_common.nix @@ -26,7 +26,7 @@ # Set the defaul console properties console = { keyMap = "us"; # Set the default console key map - font = "ter-powerline-v16Rv"; # Set the default console font + font = "ter-powerline-v32n"; # Set the default console font }; time.timeZone = "Australia/Brisbane"; # Set your preferred timezone: @@ -37,12 +37,15 @@ security.sudo.wheelNeedsPassword = false; # Configure and install required fonts - fonts.enableDefaultFonts = true; - fonts.fontDir.enable = true; - fonts.fonts = with pkgs; [ - powerline-fonts # Required for Powerline prompts - ]; - fonts.fontconfig.includeUserConf = false; + fonts = { + enableDefaultPackages = true; + fontDir.enable = true; + packages = with pkgs; [ + powerline-fonts # Required for Powerline prompts + powerline-symbols # Powerline symbols + ]; + fontconfig.includeUserConf = false; + }; # Adapted from gchristensen and clever nix = { diff --git a/profiles/xmonad.nix b/profiles/xmonad.nix index 32b9f6b..5737ae4 100644 --- a/profiles/xmonad.nix +++ b/profiles/xmonad.nix @@ -53,7 +53,7 @@ }; # Install any additional fonts that I require to be used with xmonad - fonts.fonts = with pkgs; [ + fonts.packages = with pkgs; [ open-sans # Used in in my polybar configuration ]; From e33913529f9ee644262ea572ff15143298343b68 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Tue, 6 Feb 2024 12:02:29 +1000 Subject: [PATCH 04/22] xmonad: update to use touchpad --- profiles/xmonad.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/profiles/xmonad.nix b/profiles/xmonad.nix index 5737ae4..c1a434a 100644 --- a/profiles/xmonad.nix +++ b/profiles/xmonad.nix @@ -26,8 +26,10 @@ layout = "us"; # Set your preferred keyboard layout. libinput = { enable = true; # Enable touchpad support. - tapping = true; - tappingButtonMap = "lrm"; # Set the touchpad button mappeing + touchpad = { + tapping = true; + tappingButtonMap = "lrm"; # Set the touchpad button mappeing + }; }; windowManager = { # Open configuration for the window manager. From f1941ab1016eb1d14dcf3e3a8b727ce2fa17608b Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Tue, 6 Feb 2024 14:01:50 +1000 Subject: [PATCH 05/22] nix-direnv: disabled flakes --- profiles/nix-direnv.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/nix-direnv.nix b/profiles/nix-direnv.nix index da33b1d..e5fd269 100644 --- a/profiles/nix-direnv.nix +++ b/profiles/nix-direnv.nix @@ -23,7 +23,7 @@ nixpkgs.overlays = [ (self: super: { - nix-direnv = super.nix-direnv.override {enableFlakes = true;}; + #nix-direnv = super.nix-direnv.override {enableFlakes = true;}; }) ]; } From fc2d111d07d5b61b005dd56183d72e196d08725b Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Tue, 6 Feb 2024 14:12:48 +1000 Subject: [PATCH 06/22] yubikey: updated pinentry package names --- profiles/yubikey.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/profiles/yubikey.nix b/profiles/yubikey.nix index 032ecf6..efa7629 100644 --- a/profiles/yubikey.nix +++ b/profiles/yubikey.nix @@ -40,8 +40,8 @@ environment = { systemPackages = with pkgs; [ paperkey # Store OpenPGP or GnuPG on paper - pinentry_curses # GnuPG’s interface to passphrase input - pinentry_qt # GnuPG’s interface to passphrase input + pinentry-curses # GnuPG’s interface to passphrase input + pinentry-qt # GnuPG’s interface to passphrase input yubikey-manager # CLI tool for configuring any YubiKey over USB yubikey-manager-qt # Configure any YubiKey over USB interfaces yubikey-personalization # Lib & CLI tool to personalize YubiKeys From d46c21f2e91327ff920ad905b84598f78e5d7028 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Tue, 6 Feb 2024 14:17:14 +1000 Subject: [PATCH 07/22] nixpkgs-dev: renamed nixpkgs-review package --- profiles/nixpkgs-dev.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/nixpkgs-dev.nix b/profiles/nixpkgs-dev.nix index ff5b1b4..b2b41d3 100644 --- a/profiles/nixpkgs-dev.nix +++ b/profiles/nixpkgs-dev.nix @@ -18,7 +18,7 @@ nixfmt # An opinionated formatter for Nix nix-prefetch-github # Prefetch sources from github nix-prefetch-git # Prefetch sources from git - nix-review # Review pull-requests on https://github.com/NixOS/nixpkgs + nixpkgs-review # Review pull-requests on https://github.com/NixOS/nixpkgs nix-top # Tracks what nix is building nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes nodePackages.node2nix # Generate Nix expressions to build NPM packages From bebf967280a00b393bd63af1b9ca3045b165a3d4 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Tue, 6 Feb 2024 23:31:23 +1000 Subject: [PATCH 08/22] iog: remove Python grip --- profiles/iog.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/profiles/iog.nix b/profiles/iog.nix index bbb8d8a..e2569a3 100644 --- a/profiles/iog.nix +++ b/profiles/iog.nix @@ -51,7 +51,6 @@ in { jq # A lightweight and flexible command-line JSON processor keybase-gui # The Keybase official client magic-wormhole # Securely transfer data between computers - python38Packages.grip # Preview GitHub Markdown files like locally s3fs # Mount an S3 bucket as filesystem through FUSE shellcheck # Shell script analysis tool slack-dark # Slack desktop client From e1db3dc03402ea63ee1cdb83544d3eea84853f53 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Wed, 7 Feb 2024 00:06:27 +1000 Subject: [PATCH 09/22] pi3: remove deprecated uboot setting --- hardware/raspberry_pi_3_model_B.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hardware/raspberry_pi_3_model_B.nix b/hardware/raspberry_pi_3_model_B.nix index 20d3130..938b1af 100644 --- a/hardware/raspberry_pi_3_model_B.nix +++ b/hardware/raspberry_pi_3_model_B.nix @@ -17,7 +17,7 @@ }; kernelPackages = pkgs.linuxPackages_5_15; # For a Raspberry Pi 2 or 3) kernelParams = [ - "cma=32M" # Needed for the virtual console to work on the RPi 3 + "cma=320M" # Needed for the virtual console to work on the RPi 3 "console=ttyS0,115200n8" # Enable the serial console "console=tty0" ]; @@ -31,9 +31,10 @@ raspberryPi = { enable = false; version = 3; - uboot.enable = true; firmwareConfig = '' arm_64bit=1 # Force kernel loading system to assume a 64-bit kernel + display_auto_detect=1 # Enable auto detection of screen resolution + gpu_mem=128 hdmi_force_hotplug=1 # Enable headless booting ''; }; From 768fbdbeecb7e4f174b8a910483c604261e6c1d9 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Wed, 7 Feb 2024 00:15:59 +1000 Subject: [PATCH 10/22] mastodon: added streamingProcesses --- profiles/mastodon.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/profiles/mastodon.nix b/profiles/mastodon.nix index ebe4196..24d8d66 100644 --- a/profiles/mastodon.nix +++ b/profiles/mastodon.nix @@ -17,6 +17,7 @@ extraConfig = { WEB_DOMAIN = "social.mcwhirter.io"; }; + streamingProcesses = 5; }; }; From 8ca64cf932befc2f12266a4b9f1091dc999101c8 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Wed, 7 Feb 2024 00:23:44 +1000 Subject: [PATCH 11/22] nextcloud: remove deprecated enableBrokenCiphersForSSE --- profiles/nextcloud.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/profiles/nextcloud.nix b/profiles/nextcloud.nix index f9e52ad..f4f23c7 100644 --- a/profiles/nextcloud.nix +++ b/profiles/nextcloud.nix @@ -27,8 +27,12 @@ enable = true; # Run regular auto update of all apps installed startAt = "01:00:00"; # When to run the update }; - enableBrokenCiphersForSSE = false; # force upgrade to SSL v3 package = pkgs.nextcloud27; + extraApps = with config.services.nextcloud.package.packages.apps; { + inherit calendar contacts deck news notes tasks twofactor_webauthn; + }; + extraAppsEnable = true; + appstoreEnable = true; }; systemd = { From 3333128b6882143ed4fd1d6828566326aef4b99a Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Wed, 7 Feb 2024 00:25:10 +1000 Subject: [PATCH 12/22] iog: remove commented postgres options --- profiles/iog.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/profiles/iog.nix b/profiles/iog.nix index e2569a3..8f2925f 100644 --- a/profiles/iog.nix +++ b/profiles/iog.nix @@ -65,9 +65,6 @@ in { services = { keybase.enable = true; - #postgresql = { - # enable = true; # Ensure postgresql is enabled - # package = pkgs.postgresql_10; # Set the required version, if needed }; users.groups.docker.members = ["craige"]; From 56965f56ce78c2c0f2e9f31b3cacfc96fce01b7f Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Wed, 7 Feb 2024 01:15:14 +1000 Subject: [PATCH 13/22] postgresql: upgrade to v16 --- profiles/server_common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/server_common.nix b/profiles/server_common.nix index 318877e..449debf 100644 --- a/profiles/server_common.nix +++ b/profiles/server_common.nix @@ -20,7 +20,7 @@ in { }; services.postgresql = { - package = pkgs.postgresql_11; + package = pkgs.postgresql_16; }; security.polkit.enable = false; # avoid CVE-2021-4034 (PwnKit) From 06917aab823699886f29bc7ee5fb8782af3b4c30 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Wed, 7 Feb 2024 02:08:09 +1000 Subject: [PATCH 14/22] forgejo: update configuration options --- profiles/forgejo.nix | 49 ++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/profiles/forgejo.nix b/profiles/forgejo.nix index 91a5c10..c641672 100644 --- a/profiles/forgejo.nix +++ b/profiles/forgejo.nix @@ -9,18 +9,12 @@ sources = import ../nix/sources.nix; unstable = import sources.nixpkgsUnstable {}; in { - services.gitea = { + services.forgejo = { enable = true; # Enable Forgejo - appName = "mcwhirter.io: Forgejo Service"; # Give the site a name database = { type = "postgres"; # Database type - passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password + passwordFile = "/run/keys/forgejo-dbpass"; # Where to find the password }; - disableRegistration = true; - domain = "source.mcwhirter.io"; # Domain name - rootUrl = "https://source.mcwhirter.io/"; # Root web URL - httpPort = 3002; # Provided unique port - package = pkgs.forgejo; # a soft fork of gitea settings = let docutils = pkgs.python39.withPackages (ps: with ps; [ @@ -28,12 +22,21 @@ in { pygments # Provides syntax highlighting ]); in { + DEFAULT.APP_NAME = "mcwhirter.io: Forgejo Service"; # Give the site a name mailer = { ENABLED = true; - FROM = "gitea@mcwhirter.io"; + FROM = "forgejo@mcwhirter.io"; }; repository = {DEFAULT_BRANCH = "consensus";}; service = {REGISTER_EMAIL_CONFIRM = true;}; + server = { + DOMAIN = "source.mcwhirter.io"; # Domain name + HTTP_PORT = 3002; # Provided unique port + ROOT_URL = "https://source.mcwhirter.io/"; # Root web URL + }; + service = { + DISABLE_REGISTRATION = true; + }; "markup.restructuredtext" = { ENABLED = true; FILE_EXTENSIONS = ".rst"; @@ -49,10 +52,10 @@ in { systemd = { services = { - gitea = { - # Ensure gitea starts after nixops keys are loaded - after = ["gitea-dbpass-key.service"]; - wants = ["gitea-dbpass-key.service"]; + forgejo = { + # Ensure forgejo starts after nixops keys are loaded + after = ["forgejo-dbpass-key.service"]; + wants = ["forgejo-dbpass-key.service"]; }; }; }; @@ -60,27 +63,23 @@ in { services.postgresql = { enable = true; # Ensure postgresql is enabled authentication = '' - local gitea all ident map=gitea-users + local forgejo all ident map=forgejo-users ''; identMap = - # Map the gitea user to postgresql + # Map the forgejo user to postgresql '' - gitea-users gitea gitea + forgejo-users forgejo forgejo ''; - ensureDatabases = ["gitea"]; # Ensure the database persists + ensureDatabases = ["forgejo"]; # Ensure the database persists ensureUsers = [ { - name = "gitea"; # Ensure the database user persists - ensurePermissions = { - # Ensure the database permissions persist - "DATABASE gitea" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; + name = "forgejo"; # Ensure the database user persists + ensureDBOwnership = true; } ]; }; - services.postgresqlBackup.databases = ["gitea"]; + services.postgresqlBackup.databases = ["forgejo"]; services.nginx = { enable = true; # Enable Nginx @@ -117,5 +116,5 @@ in { }; }; - users.groups.keys.members = ["gitea"]; # Required due to NixOps issue #1204 + users.groups.keys.members = ["forgejo"]; # Required due to NixOps issue #1204 } From 51ae6d2df5a451cb8772302dd82876ca612afdb2 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Wed, 7 Feb 2024 02:17:07 +1000 Subject: [PATCH 15/22] nextcloud: update configuration options --- profiles/nextcloud.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/profiles/nextcloud.nix b/profiles/nextcloud.nix index f4f23c7..d140b2d 100644 --- a/profiles/nextcloud.nix +++ b/profiles/nextcloud.nix @@ -51,11 +51,7 @@ ensureUsers = [ { name = "nextcloud"; # Ensure the database user persists - ensurePermissions = { - # Ensure the database permissions persist - "DATABASE nextcloud" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; }; From e6e9e943a2226e16f55f8283c315d53e94c045c9 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Wed, 7 Feb 2024 02:24:29 +1000 Subject: [PATCH 16/22] matrix: update configuration options --- profiles/matrix.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/profiles/matrix.nix b/profiles/matrix.nix index 16727af..4ddb145 100644 --- a/profiles/matrix.nix +++ b/profiles/matrix.nix @@ -129,11 +129,7 @@ ensureUsers = [ { name = "matrix-synapse"; # Ensure the database user persists - ensurePermissions = { - # Ensure the database permissions persist - "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; # Initial database creation From 23500953d707c33098e4af4575bf0ea778a9e45a Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Wed, 7 Feb 2024 02:24:53 +1000 Subject: [PATCH 17/22] tt-rss: update configuration options --- profiles/tt-rss.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/profiles/tt-rss.nix b/profiles/tt-rss.nix index 4c6668f..5d5b624 100644 --- a/profiles/tt-rss.nix +++ b/profiles/tt-rss.nix @@ -34,11 +34,7 @@ ensureUsers = [ { name = "tt_rss"; # Ensure the database user persists - ensurePermissions = { - # Ensure the database permissions persist - "DATABASE tt_rss" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; + ensureDBOwnership = true; } ]; }; From 45f68cc449955116409b30e1bdc371843f16e03c Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Thu, 8 Feb 2024 15:30:57 +1000 Subject: [PATCH 18/22] nextcloud: added postgresql auth * identMap --- profiles/nextcloud.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/profiles/nextcloud.nix b/profiles/nextcloud.nix index d140b2d..0e5ddca 100644 --- a/profiles/nextcloud.nix +++ b/profiles/nextcloud.nix @@ -47,6 +47,14 @@ services.postgresql = { enable = true; # Ensure postgresql is enabled + authentication = '' + local nextcloud all ident map=nextcloud-users + ''; + identMap = + # Map the forgejo user to postgresql + '' + nextcloud-users nextcloud nextcloud + ''; ensureDatabases = ["nextcloud"]; # Ensure the database persists ensureUsers = [ { From 91ab1b85d179f1e9f49b867a5de3687de8ed9d98 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Fri, 16 Feb 2024 13:26:46 +1000 Subject: [PATCH 19/22] dionach: rebuild and update to 23.11 --- hardware/purism_librem_15.nix | 29 ++++++++++++++++------------- hosts/dionach.nix | 14 +++++++------- profiles/desktop_common.nix | 15 ++++++++++++--- 3 files changed, 35 insertions(+), 23 deletions(-) diff --git a/hardware/purism_librem_15.nix b/hardware/purism_librem_15.nix index 2246766..bfa89a3 100644 --- a/hardware/purism_librem_15.nix +++ b/hardware/purism_librem_15.nix @@ -2,10 +2,11 @@ { config, lib, + modulesPath, pkgs, ... }: { - imports = []; + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; boot = { initrd = { @@ -16,26 +17,28 @@ "usbhid" # USB HID transport layer "usb_storage" # USB Mass Storage support "sd_mod" # SCSI disk support - "aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128 - "cryptd" # Software async crypto daemon ]; - kernelModules = ["dm-snapshot"]; - luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4"; }; kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c"; - fsType = "ext4"; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/0bdc11fc-c497-47ff-bcc2-3044f81f40be"; + fsType = "ext4"; + }; + "/home" = { + device = "/dev/disk/by-uuid/9c8a9dd1-b234-4a6d-ad62-3962e85d4063"; + fsType = "ext4"; + }; }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96"; - fsType = "ext4"; - }; + swapDevices = [{device = "/dev/disk/by-uuid/05aed0b0-3a79-44f2-aa4d-e5e5724643f2";}]; - swapDevices = [{device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e";}]; + networking.useDHCP = lib.mkDefault true; nix.settings.max-jobs = lib.mkDefault 4; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/dionach.nix b/hosts/dionach.nix index 416365f..1b1238d 100644 --- a/hosts/dionach.nix +++ b/hosts/dionach.nix @@ -16,6 +16,7 @@ loader.grub = { enable = true; device = "/dev/nvme0n1"; # or "nodev" for efi only + useOSProber = true; }; kernel.sysctl."net.ipv4.ip_forward" = "1"; extraModprobeConfig = "options kvm_intel nested=1"; @@ -23,6 +24,11 @@ networking = { hostName = "dionach"; # Define your hostname. + firewall = { + enable = true; + checkReversePath = false; # Needed for libvirtd + allowedTCPPorts = [15000]; + }; }; systemd.network.networks.enp0s20f0u4u4i5.ipv6SendRAConfig = { @@ -33,15 +39,9 @@ services.kbfs.enable = true; - networking.firewall = { - enable = true; - checkReversePath = false; # Needed for libvirtd - allowedTCPPorts = [15000]; - }; - # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. - system.stateVersion = "20.03"; # Did you read the comment? + system.stateVersion = "23.11"; # Did you read the comment? } diff --git a/profiles/desktop_common.nix b/profiles/desktop_common.nix index 0d8c8d3..ddcb68c 100644 --- a/profiles/desktop_common.nix +++ b/profiles/desktop_common.nix @@ -31,6 +31,7 @@ mplayer # A movie player that supports many video formats nextcloud-client # Nextcloud desktop client pwgen # Password generator + rsync shotwell # Photo organizer signal-desktop # Private, simple, and secure messenger usbutils # Tools for working with USB devices, such as lsusb @@ -69,19 +70,27 @@ }; libinput.enable = true; # Enable touchpad support. }; + + pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + }; }; sound.enable = true; # Enable sound. + security.rtkit.enable = true; # realtime scheduling for sound # Configure common hardware settings hardware = { pulseaudio = { - enable = true; - package = pkgs.pulseaudioFull; + enable = false; }; bluetooth = { enable = true; # Enable bluetooth - hsphfpd.enable = true; settings = { General = { Enable = "Source,Sink,Media,Socket"; From 741c36cf7804a9e03b250ba015d9c6ef4beaec9b Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Mon, 26 Feb 2024 22:34:02 +1000 Subject: [PATCH 20/22] forgejo: moved to reciproka.dev --- hosts/cuallaidh.nix | 2 - profiles/forgejo.nix | 120 ---------------------------------------- profiles/gitea_home.nix | 76 ------------------------- 3 files changed, 198 deletions(-) delete mode 100644 profiles/forgejo.nix delete mode 100644 profiles/gitea_home.nix diff --git a/hosts/cuallaidh.nix b/hosts/cuallaidh.nix index 8b51b36..71ce500 100644 --- a/hosts/cuallaidh.nix +++ b/hosts/cuallaidh.nix @@ -10,7 +10,6 @@ ../networks/linode.nix ../profiles/coturn.nix #../profiles/cryptpad.nix - ../profiles/forgejo.nix #../profiles/hydra.nix ../profiles/iog.nix ../profiles/ipv6.nix @@ -22,7 +21,6 @@ ../profiles/nixpkgs-dev.nix ../profiles/taskserver.nix ../profiles/tt-rss.nix - ../secrets/forgejo.nix ../secrets/tt-rss.nix ]; diff --git a/profiles/forgejo.nix b/profiles/forgejo.nix deleted file mode 100644 index c641672..0000000 --- a/profiles/forgejo.nix +++ /dev/null @@ -1,120 +0,0 @@ -# NixOps configuration for the hosts running Forgejo -{ - config, - pkgs, - lib, - sources, - ... -}: let - sources = import ../nix/sources.nix; - unstable = import sources.nixpkgsUnstable {}; -in { - services.forgejo = { - enable = true; # Enable Forgejo - database = { - type = "postgres"; # Database type - passwordFile = "/run/keys/forgejo-dbpass"; # Where to find the password - }; - settings = let - docutils = pkgs.python39.withPackages (ps: - with ps; [ - docutils # Provides rendering of ReStructured Text files - pygments # Provides syntax highlighting - ]); - in { - DEFAULT.APP_NAME = "mcwhirter.io: Forgejo Service"; # Give the site a name - mailer = { - ENABLED = true; - FROM = "forgejo@mcwhirter.io"; - }; - repository = {DEFAULT_BRANCH = "consensus";}; - service = {REGISTER_EMAIL_CONFIRM = true;}; - server = { - DOMAIN = "source.mcwhirter.io"; # Domain name - HTTP_PORT = 3002; # Provided unique port - ROOT_URL = "https://source.mcwhirter.io/"; # Root web URL - }; - service = { - DISABLE_REGISTRATION = true; - }; - "markup.restructuredtext" = { - ENABLED = true; - FILE_EXTENSIONS = ".rst"; - RENDER_COMMAND = "${docutils}/bin/rst2html.py"; - IS_INPUT_FILE = false; - }; - ui = { - DEFAULT_THEME = "forgejo-auto"; # Set the default theme - THEMES = "forgejo-auto,forgejo-light,forgejo-dark,auto,arc-green,gitea"; - }; - }; - }; - - systemd = { - services = { - forgejo = { - # Ensure forgejo starts after nixops keys are loaded - after = ["forgejo-dbpass-key.service"]; - wants = ["forgejo-dbpass-key.service"]; - }; - }; - }; - - services.postgresql = { - enable = true; # Ensure postgresql is enabled - authentication = '' - local forgejo all ident map=forgejo-users - ''; - identMap = - # Map the forgejo user to postgresql - '' - forgejo-users forgejo forgejo - ''; - ensureDatabases = ["forgejo"]; # Ensure the database persists - ensureUsers = [ - { - name = "forgejo"; # Ensure the database user persists - ensureDBOwnership = true; - } - ]; - }; - - services.postgresqlBackup.databases = ["forgejo"]; - - services.nginx = { - enable = true; # Enable Nginx - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts."source.mcwhirter.io" = { - # Forgejo hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo - }; - virtualHosts."git.mcwhirter.io" = { - # Hostname to be redirected - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host - }; - virtualHosts."code.mcwhirter.io" = { - # Hostname to be redirected - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host - }; - }; - - security.acme = { - acceptTerms = true; - certs = { - "code.mcwhirter.io".email = "craige@mcwhirter.io"; - "git.mcwhirter.io".email = "craige@mcwhirter.io"; - "source.mcwhirter.io".email = "craige@mcwhirter.io"; - }; - }; - - users.groups.keys.members = ["forgejo"]; # Required due to NixOps issue #1204 -} diff --git a/profiles/gitea_home.nix b/profiles/gitea_home.nix deleted file mode 100644 index 4e82b7f..0000000 --- a/profiles/gitea_home.nix +++ /dev/null @@ -1,76 +0,0 @@ -# NixOps configuration for the hosts running Gitea -{ - config, - pkgs, - lib, - ... -}: { - services.gitea = { - enable = true; # Enable Gitea - appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name - database = { - type = "postgres"; # Database type - passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password - }; - domain = "source.taigh.mcwhirter.io"; # Domain name - rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL - httpPort = 3001; # Provided unique port - extraConfig = let - docutils = pkgs.python37.withPackages (ps: - with ps; [ - docutils # Provides rendering of ReStructured Text files - pygments # Provides syntax highlighting - ]); - in '' - [mailer] - ENABLED = true - FROM = "gitea@mcwhirter.io" - [service] - REGISTER_EMAIL_CONFIRM = true - [markup.restructuredtext] - ENABLED = true - FILE_EXTENSIONS = .rst - RENDER_COMMAND = ${docutils}/bin/rst2html.py - IS_INPUT_FILE = false - ''; - }; - - services.postgresql = { - enable = true; # Ensure postgresql is enabled - authentication = '' - local gitea all ident map=gitea-users - ''; - identMap = - # Map the gitea user to postgresql - '' - gitea-users gitea gitea - ''; - }; - - services.nginx = { - enable = true; # Enable Nginx - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - #recommendedTlsSettings = true; - virtualHosts."source.taigh.mcwhirter.io" = { - # Gitea hostname - #enableACME = true; # Use ACME certs - #forceSSL = true; # Force SSL - locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea - }; - }; - - # Configure firewall defaults: - networking = { - firewall = { - enable = true; - allowedTCPPorts = [80]; - trustedInterfaces = ["lo"]; - }; - }; - - #security.acme.certs = { - # "source.mcwhirter.io".email = "craige@mcwhirter.io"; - #}; -} From 5a9ac9256a4e5e41f64c0585345a2571df6a8ffa Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Mon, 26 Feb 2024 22:35:14 +1000 Subject: [PATCH 21/22] nextcloud: correct comment --- profiles/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/nextcloud.nix b/profiles/nextcloud.nix index 0e5ddca..069eda2 100644 --- a/profiles/nextcloud.nix +++ b/profiles/nextcloud.nix @@ -51,7 +51,7 @@ local nextcloud all ident map=nextcloud-users ''; identMap = - # Map the forgejo user to postgresql + # Map the nextcloud user to postgresql '' nextcloud-users nextcloud nextcloud ''; From 5f986424bb38e9e8c60b8fa21c3975af74288ca1 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Mon, 26 Feb 2024 22:37:23 +1000 Subject: [PATCH 22/22] nixos: added packages from 23.05 --- nix/sources.json | 12 ++++++++++++ profiles/server_common.nix | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/nix/sources.json b/nix/sources.json index 6a9eb11..3b1592d 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -55,6 +55,18 @@ "url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, + "nixos-23.05": { + "branch": "nixos-23.05", + "description": "Nix Packages collection & NixOS", + "homepage": "", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "sha256": "05cbl1k193c9la9xhlz4y6y8ijpb2mkaqrab30zij6z4kqgclsrd", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/70bdadeb94ffc8806c0570eb5c2695ad29f0e421.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, "nixos2111": { "branch": "nixos-21.11", "description": "Nix Packages collection", diff --git a/profiles/server_common.nix b/profiles/server_common.nix index 449debf..98f59af 100644 --- a/profiles/server_common.nix +++ b/profiles/server_common.nix @@ -6,7 +6,7 @@ ... }: let sources = import ../nix/sources.nix; - nixpkgs2111 = (import sources.nixos2111 {}).pkgs; + nixpkgs2305 = (import sources."nixos-23.05" {}).pkgs; in { imports = [ ../profiles/openssh.nix