From d1309a4e463d448cdfc07974d2aa96a39d4a366e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Wed, 11 Sep 2024 12:41:12 +0200 Subject: System update --- flake.lock | 200 +++++++--------------------------------- nixos/configurations/binky.nix | 8 +- nixos/configurations/lipwig.nix | 26 +++--- nixos/modules/desktop.nix | 6 +- nixos/modules/develop.nix | 1 + nixos/modules/router.nix | 8 +- nixos/modules/users.nix | 7 +- nixos/modules/wireguad.nix | 5 +- pkgs/default.nix | 26 +----- tools/install.sh | 1 + 10 files changed, 74 insertions(+), 214 deletions(-) diff --git a/flake.lock b/flake.lock index ca7671e..a090908 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1720546205, - "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { @@ -146,40 +146,6 @@ "inputs": { "systems": "systems_7" }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "flake-utils_8": { - "inputs": { - "systems": "systems_8" - }, - "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", - "type": "github" - }, - "original": { - "id": "flake-utils", - "type": "indirect" - } - }, - "flake-utils_9": { - "inputs": { - "systems": "systems_9" - }, "locked": { "lastModified": 1705309234, "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", @@ -214,45 +180,6 @@ "type": "github" } }, - "libshv": { - "inputs": { - "flake-utils": "flake-utils_7", - "necrolog": "necrolog", - "nixpkgs": "nixpkgs_8" - }, - "locked": { - "lastModified": 1712426213, - "narHash": "sha256-KDPqP9z5LT6Bau2uq7dgyNrx3fZpiXl/g+0//ICZ0a8=", - "owner": "silicon-heaven", - "repo": "libshv", - "rev": "0639a8d9139f69592baa9c8914d6f40e6aa2d3ac", - "type": "github" - }, - "original": { - "owner": "silicon-heaven", - "repo": "libshv", - "type": "github" - } - }, - "necrolog": { - "inputs": { - "flake-utils": "flake-utils_8", - "nixpkgs": "nixpkgs_7" - }, - "locked": { - "lastModified": 1710239929, - "narHash": "sha256-Sy7absZtICGCYJkBV1/4wpI72743WgDHaMLJk7BhmLQ=", - "owner": "fvacek", - "repo": "necrolog", - "rev": "87ed76143e10a5d07d881795eac11a1429a09012", - "type": "github" - }, - "original": { - "owner": "fvacek", - "repo": "necrolog", - "type": "github" - } - }, "nixdeploy": { "inputs": { "flake-utils": "flake-utils_2", @@ -274,11 +201,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1720737798, - "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", + "lastModified": 1725716377, + "narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", + "rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6", "type": "github" }, "original": { @@ -302,20 +229,6 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1707877513, - "narHash": "sha256-sp0w2apswd3wv0sAEF7StOGHkns3XUQaO5erhWFZWXk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "89653a03e0915e4a872788d10680e7eec92f8600", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1712883908, @@ -332,11 +245,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1721171313, - "narHash": "sha256-MtMXEzF7X57E71SIU2vqhOpzu58D4qypptXObVBd+Vs=", + "lastModified": 1725857262, + "narHash": "sha256-m9n0PncgZepVgmjOO1rfVXMgUACDOwZbhjSRjJ/NUpM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "034f3eec9b56e2fa22ee77f67403310c202ed398", + "rev": "5af6aefbcc55670e36663fd1f8a796e1e323001a", "type": "github" }, "original": { @@ -375,11 +288,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1712388808, - "narHash": "sha256-9ogU4c3vUmuMDoRlbQCeq3OKx0XJmgHcLZ4XywJNYWI=", + "lastModified": 1724300212, + "narHash": "sha256-x3jl6OWTs+L9C7EtscuWZmGZWI0iSBDafvg3X7JMa1A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe4295b9ecd88764c1abf6179e03b1a828ca0e9a", + "rev": "4de4818c1ffa76d57787af936e8a23648bda6be4", "type": "github" }, "original": { @@ -389,11 +302,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1709780214, - "narHash": "sha256-p4iDKdveHMhfGAlpxmkCtfQO3WRzmlD11aIcThwPqhk=", + "lastModified": 1722141560, + "narHash": "sha256-Ul3rIdesWaiW56PS/Ak3UlJdkwBrD4UcagCmXZR9Z7Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f945939fd679284d736112d3d5410eb867f3b31c", + "rev": "038fb464fcfa79b4f08131b07f2d8c9a6bcc4160", "type": "github" }, "original": { @@ -403,25 +316,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1710222005, - "narHash": "sha256-irXySffHz7b82dZIme6peyAu+8tTJr1zyxcfUPhqUrg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9a9a7552431c4f1a3b2eee9398641babf7c30d0e", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_9": { - "locked": { - "lastModified": 1712328247, - "narHash": "sha256-cswxdMQH0fATfonhXgVfxliuZMfkdrCQQud4cO76eDw=", + "lastModified": 1707877513, + "narHash": "sha256-sp0w2apswd3wv0sAEF7StOGHkns3XUQaO5erhWFZWXk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8311011fcea909e0cc9684ada784dae080fbfb60", + "rev": "89653a03e0915e4a872788d10680e7eec92f8600", "type": "github" }, "original": { @@ -466,15 +365,14 @@ "pyshv": { "inputs": { "flake-utils": "flake-utils_6", - "libshv": "libshv", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1712430672, - "narHash": "sha256-WKPEaBEu3GB3feu4/vubBKxvs7/tmfvalPCsANnnSW0=", + "lastModified": 1724333785, + "narHash": "sha256-17pWZPRa4UcVOEnaawyshGWnFzoRXBuZNM3t24SV15w=", "owner": "silicon-heaven", "repo": "pyshv", - "rev": "84bfbc700432dec5483e6af6777dd076aadef54f", + "rev": "afe9817a30656a9750e9868aa1eccbf8d3c77562", "type": "gitlab" }, "original": { @@ -504,11 +402,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1716543407, - "narHash": "sha256-/Ly4X3SYtSCb8utV+lzRO6Rc2oig7uN6dhFT70uKG6A=", + "lastModified": 1721899791, + "narHash": "sha256-dT+kwR2nuymeq3qqzc5//g4nQJRG1pVWUeZztCXgYCM=", "ref": "refs/heads/master", - "rev": "31f5accaa54f6110cfeefa19e3e4ed6d1a71190b", - "revCount": 111, + "rev": "0adc7c32594913d0f4ec774a85cb03554cd719d4", + "revCount": 112, "type": "git", "url": "https://git.cynerd.cz/shellrc" }, @@ -524,11 +422,11 @@ "pyshv": "pyshv" }, "locked": { - "lastModified": 1712433922, - "narHash": "sha256-pLgYcPnWADRFh9dAmaMkkekcKVJ2cc9E+EQFvqE3q9Y=", + "lastModified": 1724334728, + "narHash": "sha256-AXMBOOED8GTdJvpzwZtSkq1GBBzV3/pcWk3mpgQryzo=", "owner": "silicon-heaven", "repo": "shvcli", - "rev": "cd5eedb592a7bc6bade45fb7a28d73f04fd2d53b", + "rev": "77bec05261b5f077ad2790ba4d592acdad3815b1", "type": "github" }, "original": { @@ -642,40 +540,10 @@ "type": "github" } }, - "systems_8": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_9": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "usbkey": { "inputs": { - "flake-utils": "flake-utils_9", - "nixpkgs": "nixpkgs_10" + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1707940956, @@ -693,11 +561,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1721139097, - "narHash": "sha256-+Wz+FhEyJPq/log2NY1evzH0auDPjkgCo+4ZDbugGcs=", + "lastModified": 1725810385, + "narHash": "sha256-+6UULi05KMHmLfhlrNGhMdLZUoQeC5Dc1nLFdINyeyI=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "b4b62f26eb4703e9816ca273d0fd5f98893aeb90", + "rev": "37c5eb47ca3f11deac83e4ada20a6c21d5487f29", "type": "github" }, "original": { diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix index 4b552d5..7765d01 100644 --- a/nixos/configurations/binky.nix +++ b/nixos/configurations/binky.nix @@ -1,4 +1,8 @@ -{lib, ...}: let +{ + lib, + pkgs, + ... +}: let inherit (lib) mkDefault; in { nixpkgs.hostPlatform.system = "x86_64-linux"; @@ -94,4 +98,6 @@ in { dataDir = "/home/cynerd"; configDir = "/home/cynerd/.config/syncthing"; }; + + environment.systemPackages = [pkgs.heroic]; } diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 6368ebc..1a137db 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -107,7 +107,7 @@ root = "${pkgs.cgit}/cgit"; locations."/".tryFiles = "$uri @cgit"; locations."@cgit".extraConfig = '' - fastcgi_pass unix:${config.services.fcgiwrap.cgit.socket.address}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; @@ -137,9 +137,9 @@ }; }; }; - services.fcgiwrap.cgit = { + services.fcgiwrap.instances.cgit = { process.user = "git"; - socket.user = config.services.nginx.group; + socket = {inherit (config.services.nginx) user group;}; }; security.acme = { acceptTerms = true; @@ -250,19 +250,19 @@ # Additional modules can be fetched with: # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab" passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz"; - sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7"; - license = "gpl3"; + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.7.0/passwords.tar.gz"; + sha256 = "1RwLOE2aUwISMF/WcYmL8sKs+KXBlYv0OHw8PizrGCY="; + license = "agpl3Plus"; }; integration_github = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz"; - sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6"; - license = "gpl3"; + url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.7/integration_github-v2.0.7.tar.gz"; + sha256 = "x4BrBdrvmbdwZcZL6FLAY27B5OpkXIsw92XsD076Aqg="; + license = "agpl3Plus"; }; integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz"; - sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi"; - license = "gpl3"; + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.0.1/integration_gitlab-v3.0.1.tar.gz"; + sha256 = "FAF5CHwAVm55QS9NO8B5zsvJ0BWa7Mwfw6kYr2js0Es="; + license = "agpl3Plus"; }; }; }; @@ -271,12 +271,14 @@ services.postgresql = { enable = true; ensureUsers = [ + {name = "cynerd";} { name = "nextcloud"; ensureDBOwnership = true; } ]; ensureDatabases = ["nextcloud"]; + extraPlugins = ps: with ps; [timescaledb]; }; # SearX #################################################################### diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index 7b21c7d..4a8c7dd 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -70,7 +70,7 @@ in { msmtp notmuch astroid - taskwarrior + taskwarrior3 vdirsyncer khal khard @@ -79,7 +79,7 @@ in { pinentry-curses (pass.withExtensions (exts: [ exts.pass-otp - #exts.pass-audit + exts.pass-audit ])) chromium @@ -113,7 +113,7 @@ in { adwaita-icon-theme vanilla-dmz sound-theme-freedesktop - gnome.gnome-characters + gnome-characters gucharmap (sdcv.withDictionaries [stardict-en-cz stardict-de-cz stardict-cz]) diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index 971d219..446d205 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -21,6 +21,7 @@ in { # Tools gitlint tig + gitg gource glab github-cli diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index cd37d8b..224037b 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -56,6 +56,8 @@ in { }; config = mkIf cnf.enable { + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; + networking = { useNetworkd = true; firewall = { @@ -114,9 +116,10 @@ in { matchConfig.Name = "home"; networkConfig = { Address = "${cnf.lanIP}/${toString cnf.lanPrefix}"; - IPForward = "yes"; + IPv4Forwarding = "yes"; DHCPServer = "yes"; DHCPPrefixDelegation = "yes"; + IPv6Forwarding = "yes"; IPv6SendRA = "yes"; IPv6AcceptRA = "no"; }; @@ -143,9 +146,10 @@ in { matchConfig.Name = "guest"; networkConfig = { Address = "192.168.1.1/24"; - IPForward = "yes"; + IPv4Forwarding = "yes"; DHCPServer = "yes"; DHCPPrefixDelegation = "yes"; + IPv6Forwarding = "yes"; IPv6SendRA = "yes"; IPv6AcceptRA = "no"; }; diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix index d098ec7..1c143bb 100644 --- a/nixos/modules/users.nix +++ b/nixos/modules/users.nix @@ -64,10 +64,13 @@ in { syntaxHighlighting.enable = isNative; }; shellrc = true; - vim.defaultEditor = isArm; + vim = { + enable = isArm; + defaultEditor = isArm; + }; neovim = { enable = !isArm; - defaultEditor = true; + defaultEditor = !isArm; withNodeJs = true; }; diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix index 69e1ccd..1b1db90 100644 --- a/nixos/modules/wireguad.nix +++ b/nixos/modules/wireguad.nix @@ -66,10 +66,7 @@ in { matchConfig.Name = "wg"; networkConfig = { Address = "${config.cynerd.hosts.wg."${hostName}"}/24"; - IPForward = is_endpoint; - #DNS = mkIf (hostName != "dean") ["10.0.20.30" "10.0.20.31"]; - #DNSSEC = false; - #Domains = mkIf (hostName != "dean") "~elektroline.cz"; + IPv4Forwarding = "yes"; }; routes = (optional (hostName != "lipwig") { diff --git a/pkgs/default.nix b/pkgs/default.nix index ad2236d..eca6db6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -30,37 +30,15 @@ in { bigclown-leds = final.callPackage ./bigclown-leds {}; # nixpkgs patches - zigbee2mqtt = prev.zigbee2mqtt.overrideAttrs (oldAttrs: { + zigbee2mqtt = prev.zigbee2mqtt.overrideAttrs { npmInstallFlags = ["--no-optional"]; # Fix cross build - }); + }; nodejs_18 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v18.nix") {}; nodejs-slim_18 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v18.nix") {enableNpm = false;}; nodejs_20 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v20.nix") {}; nodejs-slim_20 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v20.nix") {enableNpm = false;}; nodejs_22 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v22.nix") {}; nodejs-slim_22 = callPackageNodejs (prev.path + "/pkgs/development/web/nodejs/v22.nix") {enableNpm = false;}; - pythonPackagesExtensions = - prev.pythonPackagesExtensions - ++ [ - ( - pyfinal: pyprev: { - bcg = pyprev.bcg.overrideAttrs { - patches = - pyprev.bcg.patches - ++ [ - (final.fetchpatch2 { - name = "bcg-fix-import-with-Python-3.12.patch"; - url = "https://github.com/cynerd/bch-gateway/commit/1314c892992d8914802b6c42602c39f6a1418fca.patch"; - hash = "sha256-+vmkqnnkf81umjesTIFgh0mMh2fCCn/yFyQl6ENP9Cc="; - }) - ]; - propagatedBuildInputs = - pyprev.bcg.propagatedBuildInputs - ++ [pyfinal.looseversion]; - }; - } - ) - ]; # Older version of packages flac1_3 = prev.flac.overrideAttrs { diff --git a/tools/install.sh b/tools/install.sh index 5a10830..2bb98ad 100755 --- a/tools/install.sh +++ b/tools/install.sh @@ -25,6 +25,7 @@ fi if [ ! -s "$root/.personal-secrets.key" ]; then echo "Please paste the personal secret key (terminate using ^D)" >&2 sudo tee "$root/.personal-secrets.key" >/dev/null + chown 600 "$root/.personal-secrets.key" fi if [ -f "$src/flake.nix" ]; then -- cgit v1.2.3