cloud: Update nixpkgs to 24.11

2024-12-03 00:00:00 +01:00 · 2024-12-03 00:00:00 +01:00 · e4aae3b8ae
commit e4aae3b8ae
parent 67f6aba9c5
4 changed files with 24 additions and 29 deletions
--- a/nki-personal-do/gitea.nix
+++ b/nki-personal-do/gitea.nix
@ -180,7 +180,6 @@ in
        MINIO_USE_SSL = "true";
        MINIO_ENDPOINT = "60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com";
        MINIO_ACCESS_KEY_ID = "704c29ade7a8b438b77ab520da2799ca";
-        MINIO_SECRET_ACCESS_KEY = "#miniosecretkey#";
        MINIO_BUCKET = "dtth-gitea";
        MINIO_LOCATION = "auto";
        MINIO_CHECKSUM_ALGORITHM = "md5"; # R2 moment
@ -192,7 +191,8 @@ in

    stateDir = "/mnt/data/gitea";

-    mailerPasswordFile = secrets."gitea/mailer-password".path;
+    secrets.mailer.PASSWD = secrets."gitea/mailer-password".path;
+    secrets.storage.MINIO_SECRET_ACCESS_KEY = config.sops.secrets."gitea/minio-secret-key".path;

    database = {
      inherit user;
@ -216,14 +216,7 @@ in
    # https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7
    serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
    preStart =
-      let
-        configFile = "${config.services.forgejo.customDir}/conf/app.ini";
-      in
      ''
-        # Update minio secret key
-        chmod u+w ${configFile} && \
-        ${lib.getExe pkgs.replace-secret} '#miniosecretkey#' '${config.sops.secrets."gitea/minio-secret-key".path}' '${configFile}' && \
-        chmod u-w ${configFile}
        # Import the signing subkey
        if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
          echo "Keys already imported"
--- a/nki-personal-do/headscale.nix
+++ b/nki-personal-do/headscale.nix
@ -35,23 +35,25 @@ rec {
    settings = {
      server_url = "https://hs.dtth.ch";

-      db_type = "postgres";
-      db_host = "/var/run/postgresql"; # find out yourself
-      db_user = "headscale";
-      db_name = "headscale";
+      database.type = "postgres";
+      database.postgres = {
+        host = "/var/run/postgresql"; # find out yourself
+        user = "headscale";
+        name = "headscale";
+      };

-      dns_config = {
-        base_domain = host;
+      dns = {
+        base_domain = "dtth.ts";
      };

      noise = {
        private_key_path = "/var/lib/headscale/noise_private.key";
      };

-      ip_prefixes = [
-        "fd7a:115c:a1e0::/48"
-        "100.64.0.0/10"
-      ];
+      prefixes = {
+        v6 = "fd7a:115c:a1e0::/48";
+        v4 = "100.64.0.0/10";
+      };

      derp.paths = [
        secrets."headscale/derp-servers/vnm".path