From 4b09375f34cbade0134fed56fb72964141765f3f Mon Sep 17 00:00:00 2001 From: Paul-Henri Froidmont Date: Fri, 2 Dec 2022 03:29:02 +0100 Subject: [PATCH] Update to NixOS 22.11 --- environment.nix | 2 + flake.lock | 67 ++++++++++++++++--------- flake.nix | 17 +++++-- hardware/hetzner-dedicated-storage1.nix | 2 +- modules/dokuwiki.nix | 2 - modules/grafana.nix | 44 +++++++++------- modules/nextcloud.nix | 1 + 7 files changed, 85 insertions(+), 50 deletions(-) diff --git a/environment.nix b/environment.nix index 051c255..265d599 100644 --- a/environment.nix +++ b/environment.nix @@ -12,4 +12,6 @@ "nixpkgs=${nixpkgs}" ]; }; + + services.nscd.enableNsncd = true; } diff --git a/flake.lock b/flake.lock index dd3468d..e3ff709 100644 --- a/flake.lock +++ b/flake.lock @@ -69,21 +69,6 @@ } }, "nixpkgs-22_05": { - "locked": { - "lastModified": 1654936503, - "narHash": "sha256-soKzdhI4jTHv/rSbh89RdlcJmrPgH8oMb/PLqiqIYVQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dab6df51387c3878cdea09f43589a15729cae9f4", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-22.05", - "type": "indirect" - } - }, - "nixpkgs-22_05_2": { "locked": { "lastModified": 1668908668, "narHash": "sha256-oimCE4rY7Btuo/VYmA8khIyTHSMV7qUWTpz9w8yc9LQ=", @@ -99,6 +84,37 @@ "type": "github" } }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669834992, + "narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs-old": { + "locked": { + "lastModified": 1669764884, + "narHash": "sha256-1qWR/5+WtqxSedrFbUbM3zPMO7Ec2CGWaxtK4z4DdvY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "0244e143dc943bcf661fdaf581f01eb0f5000fcf", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1669320964, @@ -117,16 +133,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1669378442, - "narHash": "sha256-nm+4PN0A4SnV0SzEchxrMyKPvI3Ld/aoom4PnHeHucs=", + "lastModified": 1669834992, + "narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0faaf0a9bb6dedb69bfd43ac06fb27fadc476c51", + "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-22.05", + "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } @@ -150,6 +166,7 @@ "inputs": { "deploy-rs": "deploy-rs", "nixpkgs": "nixpkgs_2", + "nixpkgs-old": "nixpkgs-old", "nixpkgs-unstable": "nixpkgs-unstable", "simple-nixos-mailserver": "simple-nixos-mailserver", "sops-nix": "sops-nix" @@ -159,20 +176,20 @@ "inputs": { "blobs": "blobs", "nixpkgs": "nixpkgs_3", - "nixpkgs-22_05": "nixpkgs-22_05", + "nixpkgs-22_11": "nixpkgs-22_11", "utils": "utils_2" }, "locked": { - "lastModified": 1655930346, - "narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=", + "lastModified": 1669838593, + "narHash": "sha256-wR4SVRtgRcgz1FR2i6hRl+m0RerlgkIlXyQ8/XtzVWk=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d", + "rev": "70a970f5a02b7febec1c3065e10c4155b99ecf86", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-22.05", + "ref": "nixos-22.11", "repo": "nixos-mailserver", "type": "gitlab" } @@ -182,7 +199,7 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-22_05": "nixpkgs-22_05_2" + "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { "lastModified": 1668915833, diff --git a/flake.nix b/flake.nix index ef28669..fbaea0b 100644 --- a/flake.nix +++ b/flake.nix @@ -1,16 +1,18 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11"; + nixpkgs-old.url = "github:nixos/nixpkgs/nixos-22.05"; # Keep it until php74 is no longer needed for elefan nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.url = "github:serokell/deploy-rs"; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05"; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, deploy-rs, sops-nix, simple-nixos-mailserver }: + outputs = { self, nixpkgs, nixpkgs-old, nixpkgs-unstable, deploy-rs, sops-nix, simple-nixos-mailserver }: let pkgs = nixpkgs.legacyPackages.x86_64-linux; + pkgs-old = nixpkgs-old.legacyPackages.x86_64-linux; pkgs-unstable = nixpkgs-unstable.legacyPackages.x86_64-linux; defaultModuleArgs = { pkgs, ... }: { _module.args.pkgs-unstable = import nixpkgs-unstable { @@ -93,6 +95,15 @@ networking.domain = "banditlair.com"; nix.registry.nixpkgs.flake = nixpkgs; + nixpkgs = + { + config = { + packageOverrides = pkgs: { + php74 = pkgs-old.php74; + }; + }; + }; + system.stateVersion = "21.05"; } ) diff --git a/hardware/hetzner-dedicated-storage1.nix b/hardware/hetzner-dedicated-storage1.nix index d7e2acc..ce83f93 100644 --- a/hardware/hetzner-dedicated-storage1.nix +++ b/hardware/hetzner-dedicated-storage1.nix @@ -32,7 +32,7 @@ HOMEHOST ''; - nix.maxJobs = lib.mkDefault 8; + nix.settings.max-jobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; networking = { diff --git a/modules/dokuwiki.nix b/modules/dokuwiki.nix index 25f1dd3..ccb86bb 100644 --- a/modules/dokuwiki.nix +++ b/modules/dokuwiki.nix @@ -35,8 +35,6 @@ let }; }; - services.phpfpm.pools."dokuwiki-${name}.${config.networking.domain}".phpPackage = lib.mkOverride 10 pkgs.php74; - services.nginx.virtualHosts."${name}.${config.networking.domain}" = { forceSSL = true; enableACME = true; diff --git a/modules/grafana.nix b/modules/grafana.nix index 717f45e..1b7c801 100644 --- a/modules/grafana.nix +++ b/modules/grafana.nix @@ -11,26 +11,32 @@ services.grafana = { enable = true; - domain = "grafana.${config.networking.domain}"; - security.adminPasswordFile = config.sops.secrets.grafanaAdminPassword.path; dataDir = "/nix/var/data/grafana"; + settings = { + server = { + domain = "grafana.${config.networking.domain}"; + }; + security.admin_password = "$__file{${config.sops.secrets.grafanaAdminPassword.path}}"; + }; provision = { enable = true; - datasources = [ - { - name = "Prometheus"; - type = "prometheus"; - url = "http://127.0.0.1:${toString config.services.prometheus.port}"; - isDefault = true; - } - { - name = "Loki"; - type = "loki"; - access = "proxy"; - url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}"; - } - ]; - dashboards = [ + datasources.settings = { + datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + url = "http://127.0.0.1:${toString config.services.prometheus.port}"; + isDefault = true; + } + { + name = "Loki"; + type = "loki"; + access = "proxy"; + url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}"; + } + ]; + }; + dashboards.settings.providers = [ { name = "Config"; options.path = ./dashboards; @@ -41,13 +47,13 @@ services.nginx = { virtualHosts = { - "${config.services.grafana.domain}" = { + "${config.services.grafana.settings.server.domain}" = { enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}"; + proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}"; proxyWebsockets = true; }; }; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 1787e02..33f5b0a 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -65,6 +65,7 @@ in package = pkgs.nextcloud25; hostName = "cloud.${config.networking.domain}"; https = true; + enableBrokenCiphersForSSE = false; config = { dbtype = "pgsql"; dbuser = "nextcloud";