oysteikt
/
nix-dotfiles
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

treewide: update to nixos 23.11

main
Oystein Kristoffer Tveit 2023-12-18 20:59:48 +01:00
parent fe30e15f5b
commit 3a52ba8901
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
9 changed files with 71 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
flake.lock
View File

@ -72,8 +72,8 @@
"fonts": { "fonts": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1668957008, "lastModified": 1696614701,
"narHash": "sha256-er2eUfNSG9qdBh0JvtxtftQjFfTFjRqqD8dnk5nZ1qw=", "narHash": "sha256-QtT+ansp3ombpdS2+jNWgZKSqpxhVq3cyrpAKkDzA9Y=",
"path": "/home/h7x4/git/fonts", "path": "/home/h7x4/git/fonts",
"type": "path" "type": "path"
}, },
@ -89,16 +89,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1687871164, "lastModified": 1702814678,
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", "narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", "rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-23.05", "ref": "release-23.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -107,15 +107,13 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
], ]
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1677801246, "dirtyRev": "9580f6c42af2535dc7890edb681ead090f5105f2-dirty",
"narHash": "sha256-/TeSHBkg4gGBsrOjnPxV0YnCIfpYeaMNPcfuj9HeR48=", "dirtyShortRev": "9580f6c4-dirty",
"ref": "refs/heads/zellij-kdl-configuration-generator", "lastModified": 1648677361,
"rev": "35ccc428a2b95182a3ca96824d838fd24a738641", "narHash": "sha256-hWI9yQHivS5xkkcQmkFk0DS3f/IrJAR/Oxow5N44GN0=",
"revCount": 2378,
"type": "git", "type": "git",
"url": "file:///home/h7x4/git/home-manager" "url": "file:///home/h7x4/git/home-manager"
}, },
@ -129,39 +127,41 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1689214560, "lastModified": 1701507532,
"narHash": "sha256-2vXE3S68YeWhxRm7SdUD9Ac0xwDl9MHEGaGP8MdZa9c=", "narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
"owner": "dali99", "owner": "dali99",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"rev": "c158a35ea298ce3ea7cd446e9992154ea4bc6381", "rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "dali99", "owner": "dali99",
"ref": "v0.5.0",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"type": "github" "type": "github"
} }
}, },
"maunium-stickerpicker": { "maunium-stickerpicker": {
"inputs": { "inputs": {
"maunium-stickerpicker": "maunium-stickerpicker_2", "mauniumStickerpicker": "mauniumStickerpicker",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1672622402, "lastModified": 1690902363,
"narHash": "sha256-eT0JSFIWbQhCOphDf3SMHlBHrT/gl5+7q1kusDcyBXg=", "narHash": "sha256-BTm2MZ4/RW/fHv1tk28verFZnZvXjDIaDcgEbo4UvuM=",
"ref": "refs/heads/main", "owner": "h7x4",
"rev": "f7218b50056a423b16416b52056008a546d8f201", "repo": "maunium-stickerpicker-nix",
"revCount": 1, "rev": "2364837888111b295c4b0e840f01f398566abd05",
"type": "git", "type": "github"
"url": "file:///home/h7x4/git/maunium-stickerpicker-nix"
}, },
"original": { "original": {
"type": "git", "owner": "h7x4",
"url": "file:///home/h7x4/git/maunium-stickerpicker-nix" "ref": "project-rewrite",
"repo": "maunium-stickerpicker-nix",
"type": "github"
} }
}, },
"maunium-stickerpicker_2": { "mauniumStickerpicker": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1668509918, "lastModified": 1668509918,
@ -186,11 +186,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1690076623, "lastModified": 1702862450,
"narHash": "sha256-k1AE76m7N9JVKCz0rjGPNez15rSVsDYS0l6XxfEAH88=", "narHash": "sha256-18/cpAXDSbBArFl+cysNo0optzaKn2XlW9IX4asH39c=",
"owner": "infinidoge", "owner": "infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "8706036acb4955f9d30f789dea1c42549944ce2e", "rev": "4440d803fc989d8b563bec164f6e2715060fc284",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -224,16 +224,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1672441588, "lastModified": 1690630041,
"narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=", "narHash": "sha256-gbnvqm5goS9DSKAqGFpq3398aOpwejmq4qWikqmQyRo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f", "rev": "d57e8c535d4cbb07f441c30988ce52eec69db7a8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-22.11", "ref": "nixos-23.05",
"type": "indirect" "type": "indirect"
} }
}, },
@ -254,11 +254,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1689473667, "lastModified": 1702777222,
"narHash": "sha256-41ePf1ylHMTogSPAiufqvBbBos+gtB6zjQlYFSEKFMM=", "narHash": "sha256-/SYmqgxTYzqZnQEfbOCHCN4GzqB9uAIsR9IWLzo0/8I=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "13231eccfa1da771afa5c0807fdd73e05a1ec4e6", "rev": "a19a71d1ee93226fd71984359552affbc1cd3dc3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -270,11 +270,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1690031011, "lastModified": 1702312524,
"narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=", "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "12303c652b881435065a98729eb7278313041e49", "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -285,26 +285,26 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1689956312, "lastModified": 1702780907,
"narHash": "sha256-NV9yamMhE5jgz+ZSM2IgXeYqOvmGIbIIJ+AFIhfD7Ek=", "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6da4bc6cb07cba1b8e53d139cbf1d2fb8061d967", "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-23.05", "ref": "nixos-23.11",
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1689413807, "lastModified": 1702539185,
"narHash": "sha256-exuzOvOhGAEKWQKwDuZAL4N8a1I837hH5eocaTcIbLc=", "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "46ed466081b9cad1125b11f11a2af5cc40b942c7", "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -350,11 +350,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1672838459, "lastModified": 1684092181,
"narHash": "sha256-SIXzj9fbSvr/jfhhil+0cS7I6KONijdH80PFGxJi+CA=", "narHash": "sha256-Oi6G8Jx2RkEMi3UndtAnZw61hfgKGEe7l/ILdB9ump4=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "392fb541ce39f1f52908eee336d5ed409cd798ed", "rev": "028ed8774d1cf4650fc15253146cf14451eb608c",
"revCount": 42, "revCount": 43,
"type": "git", "type": "git",
"url": "file:///home/h7x4/git/osuchan-line-bot" "url": "file:///home/h7x4/git/osuchan-line-bot"
}, },
@ -389,8 +389,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1683506783, "lastModified": 1677435432,
"narHash": "sha256-TEJGASqT3Ro1d3t+gKEc9NFOBqb0feVR2HqeZ8o3DGs=", "narHash": "sha256-oRxpSmfZQB/B5YQbSrL1K/T6xpHcPfN8buj7HM5Ecss=",
"ref": "refs/heads/main",
"rev": "6c7e4867ca307cf2163ece12f90f4ab57455e145",
"revCount": 59,
"type": "git", "type": "git",
"url": "file:///home/h7x4/git/nix-secrets" "url": "file:///home/h7x4/git/nix-secrets"
}, },
@ -405,11 +408,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1689534977, "lastModified": 1702812162,
"narHash": "sha256-EB4hasmjKgetTR0My2bS5AwELZFIQ4zANLqHKi7aVXg=", "narHash": "sha256-18cKptpAAfkatdQgjO5SZXZsbc1IVPRoYx2AxaiooL4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "bd695cc4d0a5e1bead703cc1bec5fa3094820a81", "rev": "21f2b8f123a1601fef3cf6bbbdf5171257290a77",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -448,21 +451,6 @@
"type": "github" "type": "github"
} }
}, },
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vscode-server": { "vscode-server": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",

10
flake.nix
View File

@ -1,10 +1,10 @@
{ {
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-23.05"; nixpkgs.url = "nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-23.05"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -53,7 +53,7 @@
}; };
matrix-synapse-next = { matrix-synapse-next = {
url = "github:dali99/nixos-matrix-modules"; url = "github:dali99/nixos-matrix-modules/v0.5.0";
}; };
vscode-server = { vscode-server = {
@ -109,7 +109,7 @@
osuchan.overlays.default osuchan.overlays.default
(self: super: { (self: super: {
mpv-unwrapped = super.mpv-unwrapped.override { mpv-unwrapped = super.mpv-unwrapped.override {
ffmpeg_5 = super.ffmpeg_5-full; ffmpeg = super.ffmpeg_6-full;
}; };
}) })
# (self: super: { # (self: super: {
@ -173,7 +173,7 @@
./hosts/common.nix ./hosts/common.nix
./hosts/${name}/configuration.nix ./hosts/${name}/configuration.nix
matrix-synapse-next.nixosModules.synapse matrix-synapse-next.nixosModules.default
osuchan.outputs.nixosModules.default osuchan.outputs.nixosModules.default
secrets.outputs.nixos-config secrets.outputs.nixos-config
sops-nix.nixosModules.sops sops-nix.nixosModules.sops

2
home/home.nix
View File

@ -90,7 +90,7 @@ in {
bat.enable = true; bat.enable = true;
bottom.enable = true; bottom.enable = true;
exa.enable = true; eza.enable = true;
feh.enable = mkIf graphics true; feh.enable = mkIf graphics true;
fzf = { fzf = {
enable = true; enable = true;

2
home/packages.nix
View File

@ -44,7 +44,7 @@ in {
rclone rclone
ripgrep ripgrep
rsync rsync
sc-im # sc-im
slack-term slack-term
taskwarrior taskwarrior
taskwarrior-tui taskwarrior-tui

2
home/programs/zsh/default.nix
View File

@ -63,7 +63,7 @@
enable-fzf-tab enable-fzf-tab
zstyle ':fzf-tab:complete:cd:*' fzf-preview '${pkgs.exa}/bin/exa -1 --color=always $realpath' zstyle ':fzf-tab:complete:cd:*' fzf-preview '${lib.getExe pkgs.eza} -1 --color=always $realpath'
# Use tmux buffer if we are inside tmux # Use tmux buffer if we are inside tmux
if ! { [ "$TERM" = "screen" ] && [ -n "$TMUX" ]; } then if ! { [ "$TERM" = "screen" ] && [ -n "$TMUX" ]; } then

4
home/shell.nix
View File

@ -50,8 +50,8 @@ in {
ag = "${pkgs.ripgrep}/bin/rg"; ag = "${pkgs.ripgrep}/bin/rg";
lls = "${pkgs.coreutils}/bin/ls --color=always"; lls = "${pkgs.coreutils}/bin/ls --color=always";
ls = p "exa"; ls = p "eza";
la = "${p "exa"} -lah --changed --time-style long-iso --git --group"; la = "${p "eza"} -lah --changed --time-style long-iso --git --group";
lsa = "la"; lsa = "la";
killall = { killall = {

4
hosts/common.nix
View File

@ -2,10 +2,6 @@
let let
inherit (config) machineVars; inherit (config) machineVars;
in { in {
nixpkgs.config = {
allowUnfree = true;
};
sops.defaultSopsFile = ../secrets/default.yaml; sops.defaultSopsFile = ../secrets/default.yaml;
nix = { nix = {

1
hosts/tsuki/configuration.nix
View File

@ -82,6 +82,7 @@
}; };
groups = { groups = {
media = {}; media = {};
nix-builder = {};
}; };
}; };

38
hosts/tsuki/services/atuin.nix
View File

@ -8,43 +8,7 @@ in
openRegistration = false; openRegistration = false;
}; };
systemd.services.atuin = { systemd.services.atuin.requires = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = {
# Hardening
CapabilityBoundingSet = "";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "full";
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
# Required for connecting to database sockets,
# and listening to unix socket at `cfg.settings.path`
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap @privileged";
UMask = "0007";
};
};
local.socketActivation.atuin = { local.socketActivation.atuin = {
enable = cfg.enable; enable = cfg.enable;