summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKjetil Orbekk <kj@orbekk.com>2022-05-31 18:10:56 -0400
committerKjetil Orbekk <kj@orbekk.com>2022-05-31 18:35:33 -0400
commitee88a3fbd5479d71e2ea9edd7ee162f699e574e1 (patch)
treeb2c68de36114835f7fd5be298a866427c8b2ac3e
parentc2562003f5e47bafea8c3af1520fe75353cbde32 (diff)
Update to nixos-22.05
Diffstat
-rw-r--r--config/web-server.nix2
-rw-r--r--data/aliases.nix4
-rw-r--r--flake.lock40
-rw-r--r--flake.nix2
-rw-r--r--machines/x1-pincer.nix11
-rw-r--r--modules/common.nix10
-rw-r--r--modules/desktop.nix7
-rw-r--r--modules/login.nix46
-rw-r--r--modules/nextcloud.nix2
-rw-r--r--modules/vpn.nix6
-rw-r--r--modules/yubikey.nix2
-rw-r--r--pkgs/keycloak/default.nix24
-rw-r--r--pkgs/libsignal-c/default.nix26
13 files changed, 44 insertions, 138 deletions
diff --git a/config/web-server.nix b/config/web-server.nix
index b7ee6b7..7838076 100644
--- a/config/web-server.nix
+++ b/config/web-server.nix
@@ -7,7 +7,7 @@ in {
imports = [ ./orbekk-pkgs.nix ];
security.acme.acceptTerms = true;
- security.acme.email = "kj@orbekk.com";
+ security.acme.defaults.email = "kj@orbekk.com";
networking.firewall.allowedTCPPorts = [ 80 443 ];
diff --git a/data/aliases.nix b/data/aliases.nix
index a13fc42..67a363b 100644
--- a/data/aliases.nix
+++ b/data/aliases.nix
@@ -52,10 +52,6 @@ rec {
prometheus = { port = 11112; };
prometheus-exporter = { port = 11113; };
prometheus-snmp-exporter = { port = 11114; };
- login = {
- address = ip.dragon;
- port = 11115;
- };
hledger-web = { port = 11116; };
prometheus-pms7003-exporter = { host = "172.20.100.10"; port = 11117; };
};
diff --git a/flake.lock b/flake.lock
index dd1604e..ce2af8e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -24,11 +24,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
- "lastModified": 1653824468,
- "narHash": "sha256-LRa+HjnYGBLz2kTh4aMEImBuXv38s/FDDUq8ESd3lu0=",
+ "lastModified": 1654023504,
+ "narHash": "sha256-+6g62H5wsG5QCNoFcfQ+9+iJOgVWDS4A1YbjEJHhB5s=",
"owner": "nix-community",
"repo": "emacs-overlay",
- "rev": "8c19a841dbf438c1001fdd869612ea79e00404c0",
+ "rev": "fa3548ca8f9205cef2c41c9e8bc8cb4f1a879cbf",
"type": "github"
},
"original": {
@@ -39,11 +39,11 @@
},
"flake-utils": {
"locked": {
- "lastModified": 1652776076,
- "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
+ "lastModified": 1653893745,
+ "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
+ "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
"type": "github"
},
"original": {
@@ -75,11 +75,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1653463224,
- "narHash": "sha256-bUxKhqZhki2vPzFTl8HOo1m7pagF7WzY1MZiso8U5ws=",
+ "lastModified": 1654030195,
+ "narHash": "sha256-jTkn9mvvmLITy+TUIoxvPFxrafBKz3gjLyq3wkVNCso=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "39a7bfc496d2ddfce73fe9542af1f2029ba4fe39",
+ "rev": "8252035d61aabffe05f49f7e05a6381bd5e4b40f",
"type": "github"
},
"original": {
@@ -107,11 +107,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1653581809,
- "narHash": "sha256-Uvka0V5MTGbeOfWte25+tfRL3moECDh1VwokWSZUdoY=",
+ "lastModified": 1653931853,
+ "narHash": "sha256-O3wncIouj9x7gBPntzHeK/Hkmm9M1SGlYq7JI7saTAE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "83658b28fe638a170a19b8933aa008b30640fbd1",
+ "rev": "f1c167688a6f81f4a51ab542e5f476c8c595e457",
"type": "github"
},
"original": {
@@ -123,10 +123,10 @@
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1652182392,
- "narHash": "sha256-H9Bmor+kfogrE0X7Fi5sh0gCUWDG4pnmYxedJyIT41A=",
- "path": "/nix/store/w6v28zy60l6fhl8g0giqk1n4a9lshybr-source",
- "rev": "aa2f845096f72dde4ad0c168eeec387cbd2eae04",
+ "lastModified": 1653565689,
+ "narHash": "sha256-xdJ6bmPxDPIMItZJWsDxopPXUTAFPWMkNkyOOcptWSc=",
+ "path": "/nix/store/fclvrq1zkiysih0f6ipfp4fm1hh1dnq9-source",
+ "rev": "9bc0e974545d5bc4c24e1ed047be0dc4e30e494b",
"type": "path"
},
"original": {
@@ -136,16 +136,16 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1653565689,
- "narHash": "sha256-xdJ6bmPxDPIMItZJWsDxopPXUTAFPWMkNkyOOcptWSc=",
+ "lastModified": 1653920503,
+ "narHash": "sha256-BBeCZwZImtjP3oYy4WogkQYy5OxNyfNciVSc1AfZgLQ=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "9bc0e974545d5bc4c24e1ed047be0dc4e30e494b",
+ "rev": "a634c8f6c1fbf9b9730e01764999666f3436f10a",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-21.11",
+ "ref": "nixos-22.05",
"repo": "nixpkgs",
"type": "github"
}
diff --git a/flake.nix b/flake.nix
index d11304d..0d04166 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
{
- inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
+ inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
inputs.nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
inputs.nixos-hardware.url = "github:NixOS/nixos-hardware/master";
inputs.pms7003.url = "github:orbekk/pms7003/master";
diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix
index 47b0c16..a743004 100644
--- a/machines/x1-pincer.nix
+++ b/machines/x1-pincer.nix
@@ -12,7 +12,6 @@ let ports = {
orbekk.desktop.enable = true;
orbekk.thinkpad.enable = true;
orbekk.simple-firewall.allowedTCPPorts = [ ports.minecraft 631 5353 ]; # socks proxy
- orbekk.login.enable = true;
orbekk.vpn.enable = true;
@@ -69,6 +68,16 @@ let ports = {
version = 2;
device = "nodev";
efiSupport = true;
+ ipxe = {
+ test = ''
+ #!ipxe
+ '';
+ demo = ''
+ #!ipxe
+ dhcp
+ chain http://boot.ipxe.org/demo/boot.php
+ '';
+ };
};
loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxPackages_latest;
diff --git a/modules/common.nix b/modules/common.nix
index 72c146f..24eb8b8 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -5,11 +5,6 @@
orbekk.secrets.enable = true;
- nixpkgs.config.packageOverrides = pkgs: {
- libsignal-protocol-c = pkgs.callPackage ../pkgs/libsignal-c/default.nix { };
- keycloak = pkgs.callPackage ../pkgs/keycloak/default.nix { };
- };
-
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgvHMjYQ5Ty7Em2Seji6dvYhgQUIbyhiHdzRINYpiOUMuVA8wgJOV0ZggmFFTO5zfJ83m7E5nc/zMuBVHwkx1gJz5ic8YdO9eLIhymQn9R+9fyLA+g+h8uwTi7UlFmQp+My7MYYxdA2tet1wwgm39Yu49mxi8lARUgi4awXn5K/ZFy08GyjGia2E/YKx2gXPKhHsWFKWPO5u8ik0v8AFCliY2wXiG4jkZE2zI0gI5FUp66tpxkaOSZqreH+lVJw+S+GAJIqzGI99zqZsAdpr7m4WALZEYwj9D7/lattSG14CAjXxjqcMSsfi6fV0ZsF1O40eoZ9mNQpIvatXtL6HBSN3kuUfraQMeB8o5kbxwyXt2Fr5hMKtEGYlMv5uPqdn+yHcC51F3RkUxFJplOFwZ3Rh/AjLLMKo+vEtL9UjhTuYiSQ0ySunY5JbBVkJY4z3pLT9MOPnq+KIfBMFBI/eYE6yeMNTHxIFMDaNMFOxWc0SoBDhgZJX5eblYidt/YWMOEPbqJNCrWIzQwtDsiYsF9JS/3D5civwTP/oaASaiJWTAvluwbibMFAC1OSBFb20xM5gD0C1q05pxVMN3Ioy1P0CIvJMLWfQR1yrNbnmoGUGHeSA/gwaxqMg7G+P/SBIheDAYEu5fzXXgFgO3sI8JvIdc1NTJMmHktahb/ecG1MQ== cardno:000605483586"
];
@@ -37,7 +32,8 @@
dnsutils
binutils
#emacs
- emacsPgtkNativeComp
+ #emacsPgtkNativeComp
+ pkgs.unstable.emacsNativeComp
exa
fd
fzf
@@ -78,7 +74,7 @@
services = {
postgresql = { package = pkgs.postgresql_12; };
openssh.passwordAuthentication = false;
- openssh.challengeResponseAuthentication = false;
+ openssh.kbdInteractiveAuthentication = false;
};
systemd.services.nix-gc.serviceConfig = {
diff --git a/modules/desktop.nix b/modules/desktop.nix
index 59b26d2..d0d3314 100644
--- a/modules/desktop.nix
+++ b/modules/desktop.nix
@@ -58,7 +58,8 @@ in {
fonts = with pkgs; [
fira-code
dejavu_fonts
- steamPackages.steam-fonts
+ # Do these no longer exist?
+ # steamPackages.steam-fonts
wqy_microhei
];
fontconfig = {
@@ -96,7 +97,7 @@ in {
rofi
rxvt_unicode-with-plugins
unstable.signal-desktop
- sshfsFuse
+ sshfs-fuse
trayer
vlc
wirelesstools
@@ -107,7 +108,7 @@ in {
xorg.xbacklight
xorg.xev
xclip
- xlibs.libXft
+ xorg.libXft
xscreensaver
xsel # used by urxvt clipboard
xss-lock
diff --git a/modules/login.nix b/modules/login.nix
deleted file mode 100644
index d2a6de3..0000000
--- a/modules/login.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
- cfg = config.orbekk.login;
- aliases = import ../data/aliases.nix;
-in
-{
- options = {
- orbekk.login = {
- enable = lib.mkEnableOption "Enable login server";
- loginPort = lib.mkOption {
- type = lib.types.int;
- default = aliases.services.login.port;
- };
- loginDomain = lib.mkOption {
- type = lib.types.str;
- default = "login.orbekk.com";
- };
- };
- };
-
- config = lib.mkIf cfg.enable {
- services.keycloak = {
- enable = false;
- httpPort = "8080";
- bindAddress = "127.0.0.1";
- database.type = "postgresql";
- database.passwordFile = "/opt/secret/keycloak/db_password";
- frontendUrl = "http://localhost/auth";
- };
-
- environment.systemPackages = with pkgs; [
- xmlstarlet
- libtidy
- jq
- ];
-
- # services.nginx.virtualHosts.${cfg.loginDomain} = {
- # enableACME = true;
- # forceSSL = true;
- # locations."/" = {
- # proxyPass = "http://127.0.0.1:${toString cfg.loginPort}";
- # proxyWebsockets = true;
- # };
- # };
- };
-}
diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix
index 03051a9..e38401b 100644
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@@ -12,7 +12,7 @@ in
config = lib.mkIf cfg.enable {
services.nextcloud = {
enable = true;
- package = pkgs.nextcloud23;
+ package = pkgs.nextcloud24;
hostName = "nextcloud.orbekk.com";
config = {
dbtype = "pgsql";
diff --git a/modules/vpn.nix b/modules/vpn.nix
index a3df88a..47c269c 100644
--- a/modules/vpn.nix
+++ b/modules/vpn.nix
@@ -9,13 +9,13 @@ let
ips = [ "${vpn-prefix}::${ip}/128" ];
publicKey = (builtins.readFile ../secrets/${host}-wireguard-key.pub);
endpoint = null;
- relay = false;
+ router = false;
};
hosts = {
dragon = mkConfig "dragon" "d" // {
endpoint = "dragon.orbekk.com:${toString cfg.listenPort}";
- relay = true;
+ router = true;
};
tiny1 = mkConfig "tiny1" "1001" // {
endpoint = "tiny1.orbekk.com:${toString cfg.listenPort}";
@@ -26,7 +26,7 @@ let
mkPeer = hostConfig: {
inherit (hostConfig) publicKey endpoint;
- allowedIPs = hostConfig.ips ++ (lib.optionals (hostConfig.relay && !cfg.is_server) [ "::/0" ]);
+ allowedIPs = if hostConfig.router && !cfg.is_server then [ "::/0" ] else hostConfig.ips;
};
getPeers = host:
diff --git a/modules/yubikey.nix b/modules/yubikey.nix
index 971ac1f..1e6aa22 100644
--- a/modules/yubikey.nix
+++ b/modules/yubikey.nix
@@ -6,7 +6,7 @@ let
ccid
libu2f-host
libusb
- rng_tools
+ rng-tools
yubikey-manager
yubikey-personalization
gnupg
diff --git a/pkgs/keycloak/default.nix b/pkgs/keycloak/default.nix
deleted file mode 100644
index e90e0d2..0000000
--- a/pkgs/keycloak/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ stdenv, fetchurl, jdk, makeWrapper }:
-
-stdenv.mkDerivation rec {
- name = "keycloak-${version}";
- version = "4.0.0.Beta1";
- src = fetchurl {
- url = "https://downloads.jboss.org/keycloak/${version}/keycloak-${version}.tar.gz";
- sha512 = "2j6bqwmx7gqf989r56qm7fvrzqhcc5gbsmwj8mxid5kmd8mcl8bs12hj3ryiih56mh86jhz674ss677l59f5271p0yi5wzigcyamwj5";
- };
-
- buildInputs = [ makeWrapper ];
-
- installPhase = ''
- mkdir -p $out
- mv * $out/
- '';
-
- postFixup = ''
- for b in "$out"/bin/*.sh; do
- echo patching $b
- wrapProgram "$b" --prefix PATH : "${jdk}/bin"
- done
- '';
-}
diff --git a/pkgs/libsignal-c/default.nix b/pkgs/libsignal-c/default.nix
deleted file mode 100644
index a955a6f..0000000
--- a/pkgs/libsignal-c/default.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ stdenv, fetchFromGitHub, pkgconfig, cmake, openssl }:
-
-stdenv.mkDerivation rec {
- name = "libsignal-c-${version}";
- version = "master";
-
- src = fetchFromGitHub {
- owner = "signalapp";
- repo = "libsignal-protocol-c";
- rev = "9e10362fce9072b104e6d5a51d6f56d939d1f36e";
- sha256 = "0la13aqbd24lw7iv1dfpf4sqy6m0kmd2icyy5h4v4fn3qpcgi6ka";
- };
-
- nativeBuildInputs = [ pkgconfig ];
- buildInputs = [ cmake openssl ];
-
- meta = {
- description = "Signal Protocol C Library";
- longDescription = ''
- TODO
- '';
- homepage = https://www.whispersystems.org;
- maintainers = with stdenv.lib.maintainers; [ orbekk ];
- platforms = stdenv.lib.platforms.unix;
- };
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-16 01:35:30 +0000