Merge branch 'nixos-23.05' into consensus

2023-07-20 10:13:45 +10:00 · 2023-07-20 10:13:45 +10:00 · fefbccccaa
parent 100376a3a4 4495e8b279
commit fefbccccaa
15 changed files with 55 additions and 48 deletions
--- a/hosts/brighde.nix
+++ b/hosts/brighde.nix
@ -16,7 +16,7 @@
    efi.canTouchEfiVariables = true;
  };
-  deployment.targetHost = "10.42.0.123";
+  deployment.targetHost = "10.42.0.124";
  networking.hostName = "brighde"; # A poetess, sage, woman of wisdom, healing
  system.stateVersion = "22.05"; # The version of NixOS originally installed
--- a/hosts/dionach.nix
+++ b/hosts/dionach.nix
@ -20,35 +20,40 @@
    ../profiles/nix-mio-ops.nix # mio-ops Nix tooling
    ../profiles/nixpkgs-dev.nix # Nix pkgs dev tools
    ../profiles/openssh.nix # Enable and configure openssh
    ../profiles/pantheon.nix # Enable and configure the pantheon desktop
    ../profiles/pipewire.nix # Enable and pipewire audio system
    ../profiles/powerManagement.nix # Power management for laptops
    ../profiles/qemu.nix # Qemu virtualisation
    ../profiles/typingTutor.nix # Typing tutorials
    ../profiles/weechat.nix # Weechat environment
-    ../profiles/xmonad.nix # Xmonad desktop environment
+    #../profiles/xmonad.nix # Xmonad desktop environment
    ../profiles/yubikey.nix # Yubikey tooling
    ../secrets/craige.nix # Ssshhhhh!
    ../secrets/root.nix # Ssshhhhh!
-    ../secrets/wireless.nix # Hey look! A squirrel!
+    #../secrets/wireless.nix # Hey look! A squirrel!
  ];
  deployment.targetHost = "localhost";
-  nixpkgs.config = {
+  nixpkgs = {
-    allowUnfree = true;
+    config = {
-    permittedInsecurePackages = [
+      allowUnfree = true;
-      "openssl-1.0.2u"
+      permittedInsecurePackages = [
-    ];
+        "openssl-1.0.2u"
      ];
    };
    overlays = [(import ../overlays/ncmpcpp.nix)];
  };
  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/nvme0n1"; # or "nodev" for efi only
  boot.kernel.sysctl."net.ipv4.ip_forward" = "1";
  boot.extraModprobeConfig = "options kvm_intel nested=1";
  networking = {
    hostName = "dionach"; # Define your hostname.
    networkmanager.enable = true; # Enables network support via NetworkManager.
  };
  systemd.network.networks.enp0s20f0u4u4i5.ipv6SendRAConfig = {
@ -58,10 +63,15 @@
  };
  fonts.fonts = with pkgs; [
    anonymousPro
    dejavu_fonts # A typeface family based on the Bitstream Vera fonts
-    fira-code # Monospace font with programming ligatures
+    fira-code # Monospace font with programming ligaturess
    font-awesome
    hack-font # A typeface designed for source code
    jetbrains-mono
    #monoid         # Customisable coding font with alternates, ligatures and contextual positioning
    nerdfonts # Iconic font aggregator, collection, & patcher
    open-sans # Used in in my polybar configuration
    xkcd-font # Font based handwriting in xkcd comics
  ];
@ -85,13 +95,11 @@
    librewolf # Firefox fork, focused on privacy, security and freedom
    gcc
    gimp
    gnome2.gvfs
    gnumake
    gnused
    google-authenticator # 2FA
    google-chrome # A freeware web browser developed by Google
    graphviz # Graph visualization tools
    gvfs
    imagemagick
    inetutils # Common network utilies
    inotify-tools
@ -99,7 +107,7 @@
    libmtp
    libgphoto2
    libreoffice-fresh # Libreoffice - fresh version
-    lxmenu-data
+    lxmenu-data # required by pcmanfm
    mkpasswd
    mp3info # MP3 tag editor / query tool
    mpd
@ -117,10 +125,11 @@
    pstree # Show the set of running processes as a tree
    pwgen
    python3Full
-    python39Packages.restview # ReStructuredText viewer
+    #python311Packages.restview # ReStructuredText viewer
-    python39Packages.sphinx # A tool that makes it easy to create intelligent and beautifulul documentation for Python projects
+    python311Packages.sphinx # A tool that makes it easy to create intelligent and beautifulul documentation for Python projects
    radiotray-ng # Internet radio player
    rdiff-backup # External backups
    shared-mime-info # required by pcmanfm
    shotwell
    signal-desktop
    smartmontools # Tools for monitoring the health of hard drives
@ -148,6 +157,7 @@
  services.acpid.enable = true;
  services.blueman.enable = true;
  services.gvfs.enable = true; # required by pcmanfm
  services.kbfs.enable = true;
  services.xserver.desktopManager.enlightenment.enable = true;
@ -180,14 +190,14 @@
  # Enable sound.
  sound.enable = true;
  hardware = {
-    pulseaudio = {
+    #pulseaudio = {
-      enable = true;
+    #  enable = true;
-      systemWide = false;
+    #  systemWide = false;
-      package = pkgs.pulseaudioFull;
+    #  package = pkgs.pulseaudioFull;
-    };
+    #};
    bluetooth = {
      enable = true;
-      hsphfpd.enable = true;
+      #hsphfpd.enable = true;
      settings = {Policy = {AutoEnable = "true";};};
    };
    opengl.enable = true;
--- a/hosts/iolear-beag.nix
+++ b/hosts/iolear-beag.nix
@ -12,10 +12,9 @@
  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";
-  deployment.targetHost = "10.42.0.124";
+  deployment.targetHost = "10.42.0.127";
  networking.hostName = "iolear-beag"; # Define your hostname.
  system.stateVersion = "18.09"; # The version of NixOS originally installed
--- a/hosts/sithlainnir.nix
+++ b/hosts/sithlainnir.nix
@ -12,7 +12,6 @@
  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";
  deployment.targetHost = "10.42.0.114";
--- a/hosts/teintidh.nix
+++ b/hosts/teintidh.nix
@ -13,7 +13,6 @@
  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";
  deployment.targetHost = "10.42.0.127";
--- a/nix/sources.json
+++ b/nix/sources.json
@ -68,16 +68,16 @@
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixpkgs": {
-        "branch": "nixos-22.11",
+        "branch": "nixos-23.05",
        "builtin": false,
        "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
        "homepage": "https://github.com/NixOS/nixpkgs",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c8a17ce7abc03c50cd072e9e6c9b389c5f61836b",
+        "rev": "af8279f65fe71ce5a448408034a8c06e2b4b2c66",
-        "sha256": "1fn2yj5hs8jcnlqq63jnz4kqpfbi15gjgsa8grl5wpnhlhzc3dgh",
+        "sha256": "0xz6nbkql0yinwzbysrffkvd2jnsvkyj13lafgbszrlg2l4i1y44",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/c8a17ce7abc03c50cd072e9e6c9b389c5f61836b.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/af8279f65fe71ce5a448408034a8c06e2b4b2c66.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixpkgsUnstable": {
--- a/profiles/desktopCraige.nix
+++ b/profiles/desktopCraige.nix
@ -18,7 +18,7 @@
    shared-mime-info # A database of common MIME types
    sweethome3d.application # design and visualise homes
    termonad # Terminal emulator configurable in Haskell
    whalebird # Mastodon client
    yt-dlp # Command-line tool to download videos
    whalebird # Mastodon, Pleroma and Misskey client
  ];
 }
--- a/profiles/ebooks.nix
+++ b/profiles/ebooks.nix
@ -7,7 +7,7 @@
  environment.variables = {FOLIATE_TTS_LANG = "en-gb";};
  environment.systemPackages = with pkgs; [
-    #python39Packages.gtts   # Speech synthesizer, required for text to speech.
+    #python311Packages.gtts   # Speech synthesizer, required for text to speech.
    foliate # A simple and modern GTK eBook reader
    vlc
  ];
--- a/profiles/forgejo.nix
+++ b/profiles/forgejo.nix
@ -9,7 +9,6 @@
  sources = import ../nix/sources.nix;
  unstable = import sources.nixpkgsUnstable {};
 in {
  services.gitea = {
    enable = true; # Enable Forgejo
    appName = "mcwhirter.io: Forgejo Service"; # Give the site a name
@ -23,7 +22,7 @@ in {
    httpPort = 3002; # Provided unique port
    package = unstable.forgejo; # a soft fork of gitea
    settings = let
-      docutils = pkgs.python37.withPackages (ps:
+      docutils = pkgs.python39.withPackages (ps:
        with ps; [
          docutils # Provides rendering of ReStructured Text files
          pygments # Provides syntax highlighting
@ -99,14 +98,12 @@ in {
      # Hostname to be redirected
      enableACME = true; # Use ACME certs
      forceSSL = true; # Force SSL
      locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo
      globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
    };
    virtualHosts."code.mcwhirter.io" = {
      # Hostname to be redirected
      enableACME = true; # Use ACME certs
      forceSSL = true; # Force SSL
      locations."/".proxyPass = "http://localhost:3002/"; # Proxy Forgejo
      globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
    };
  };
--- a/profiles/host_common.nix
+++ b/profiles/host_common.nix
@ -16,9 +16,7 @@
  ];
  # Common boot settings
-  boot = {
+  boot.tmp.cleanOnBoot = true; # Clean /tmp on reboot
    cleanTmpDir = true; # Clean /tmp on reboot
  };
  # Select internationalisation properties.
  i18n = {
--- a/profiles/iog.nix
+++ b/profiles/iog.nix
@ -6,7 +6,7 @@
  ...
 }: let
  sources = import ../nix/sources.nix;
-  nixVersion = (import sources.nixpkgs {}).nixVersions.nix_2_9;
+  nixVersion = (import sources.nixpkgs {}).nixVersions.nix_2_13;
 in {
  imports = [../profiles/terminal-recording.nix ../profiles/nix-direnv.nix];
--- a/profiles/neovim.nix
+++ b/profiles/neovim.nix
@ -39,6 +39,7 @@
        # Write a custom Neovim config for NixOS
        customRC = ''
          " Preferred global default settings:
          set mouse=                    " disable mouse input
          set nocompatible
          set backspace=indent,eol,start
          set number relativenumber     " Enable relative line numbers by default
@ -50,7 +51,7 @@
          syntax on                     " Enable syntax highlighting
          set t_Co=256                  " Use 265 colors in vim
          set background=dark           " Set the default background scheme
-          colorscheme onedarkpro        " Set the default colour scheme
+          colorscheme onedark           " Set the default colour scheme
          "let g:one_allow_italics = 1   " I love italic for comments
          set spell spelllang=en_au     " Defaul spell checking language
          set spellfile=~/.vim-spell.en.utf-8.add    " Add the spellfile
@ -99,10 +100,12 @@
          let hour = strftime("%H")
          if 7 <= hour && hour < 17
            "set background=dark
-            "hi Normal ctermbg=none              " Set a transparent background
+            hi Normal guibg=NONE ctermbg=NONE   " Set a transparent background
            hi NormalNC guibg=NONE ctermbg=NONE " Set a transparent background
          else
            "set background=dark
-            "hi Normal ctermbg=none              " Set a transparent background
+            hi Normal guibg=NONE ctermbg=NONE   " Set a transparent background
            hi NormalNC guibg=NONE ctermbg=NONE " Set a transparent background
          endif
          " Transparent editing of gpg encrypted files.
--- a/profiles/nextcloud.nix
+++ b/profiles/nextcloud.nix
@ -28,7 +28,7 @@
      startAt = "01:00:00"; # When to run the update
    };
    enableBrokenCiphersForSSE = false; # force upgrade to SSL v3
-    package = pkgs.nextcloud25;
+    package = pkgs.nextcloud26;
  };
  systemd = {
--- a/profiles/openssh.nix
+++ b/profiles/openssh.nix
@ -7,15 +7,17 @@
 }: {
  services.openssh = {
    enable = true; # Enable the OpenSSH daemon.
    permitRootLogin = "prohibit-password";
    kbdInteractiveAuthentication = false;
    passwordAuthentication = false;
    openFirewall = true;
    hostKeys = [
      {
        path = "/etc/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
    ];
    openFirewall = true;
    settings = {
      KbdInteractiveAuthentication = false;
      PasswordAuthentication = false;
      PermitRootLogin = "prohibit-password";
    };
  };
 }
--- a/profiles/yubikey.nix
+++ b/profiles/yubikey.nix
@ -46,7 +46,7 @@
      yubikey-manager-qt # Configure any YubiKey over USB interfaces
      yubikey-personalization # Lib & CLI tool to personalize YubiKeys
      yubikey-personalization-gui # QT based utility to facilitate Yubikey reconfiguration
-      yubioath-desktop # Yubikey Desktop Authenticator
+      yubioath-flutter # Yubikey Desktop Authenticator
    ];
    shellInit = ''
      export GPG_TTY="$(tty)"