cloud: Update nixpkgs to 24.11

This commit is contained in:
Natsu Kagami 2024-12-03 00:00:00 +01:00
parent 67f6aba9c5
commit e4aae3b8ae
Signed by: nki
GPG key ID: 55A032EB38B49ADB
4 changed files with 24 additions and 29 deletions

View file

@ -721,16 +721,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1716736833, "lastModified": 1733050161,
"narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "rev": "62d536255879be574ebfe9b87c4ac194febf47c5",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.05", "ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -1166,16 +1166,16 @@
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1731239293, "lastModified": 1732981179,
"narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=", "narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9256f7c71a195ebe7a218043d9f93390d49e6884", "rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.05", "ref": "nixos-24.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

View file

@ -2,12 +2,12 @@
description = "nki's systems"; description = "nki's systems";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
darwin.url = "github:lnl7/nix-darwin/master"; darwin.url = "github:lnl7/nix-darwin/master";
darwin.inputs.nixpkgs.follows = "nixpkgs-unstable"; darwin.inputs.nixpkgs.follows = "nixpkgs-unstable";
home-manager.url = "github:nix-community/home-manager/release-24.05"; home-manager.url = "github:nix-community/home-manager/release-24.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager-unstable.url = "github:nix-community/home-manager"; home-manager-unstable.url = "github:nix-community/home-manager";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";

View file

@ -180,7 +180,6 @@ in
MINIO_USE_SSL = "true"; MINIO_USE_SSL = "true";
MINIO_ENDPOINT = "60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com"; MINIO_ENDPOINT = "60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com";
MINIO_ACCESS_KEY_ID = "704c29ade7a8b438b77ab520da2799ca"; MINIO_ACCESS_KEY_ID = "704c29ade7a8b438b77ab520da2799ca";
MINIO_SECRET_ACCESS_KEY = "#miniosecretkey#";
MINIO_BUCKET = "dtth-gitea"; MINIO_BUCKET = "dtth-gitea";
MINIO_LOCATION = "auto"; MINIO_LOCATION = "auto";
MINIO_CHECKSUM_ALGORITHM = "md5"; # R2 moment MINIO_CHECKSUM_ALGORITHM = "md5"; # R2 moment
@ -192,7 +191,8 @@ in
stateDir = "/mnt/data/gitea"; stateDir = "/mnt/data/gitea";
mailerPasswordFile = secrets."gitea/mailer-password".path; secrets.mailer.PASSWD = secrets."gitea/mailer-password".path;
secrets.storage.MINIO_SECRET_ACCESS_KEY = config.sops.secrets."gitea/minio-secret-key".path;
database = { database = {
inherit user; inherit user;
@ -216,14 +216,7 @@ in
# https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7 # https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7
serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
preStart = preStart =
let
configFile = "${config.services.forgejo.customDir}/conf/app.ini";
in
'' ''
# Update minio secret key
chmod u+w ${configFile} && \
${lib.getExe pkgs.replace-secret} '#miniosecretkey#' '${config.sops.secrets."gitea/minio-secret-key".path}' '${configFile}' && \
chmod u-w ${configFile}
# Import the signing subkey # Import the signing subkey
if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
echo "Keys already imported" echo "Keys already imported"

View file

@ -35,23 +35,25 @@ rec {
settings = { settings = {
server_url = "https://hs.dtth.ch"; server_url = "https://hs.dtth.ch";
db_type = "postgres"; database.type = "postgres";
db_host = "/var/run/postgresql"; # find out yourself database.postgres = {
db_user = "headscale"; host = "/var/run/postgresql"; # find out yourself
db_name = "headscale"; user = "headscale";
name = "headscale";
};
dns_config = { dns = {
base_domain = host; base_domain = "dtth.ts";
}; };
noise = { noise = {
private_key_path = "/var/lib/headscale/noise_private.key"; private_key_path = "/var/lib/headscale/noise_private.key";
}; };
ip_prefixes = [ prefixes = {
"fd7a:115c:a1e0::/48" v6 = "fd7a:115c:a1e0::/48";
"100.64.0.0/10" v4 = "100.64.0.0/10";
]; };
derp.paths = [ derp.paths = [
secrets."headscale/derp-servers/vnm".path secrets."headscale/derp-servers/vnm".path