diff --git a/flake.lock b/flake.lock index 3aaf8c0..f075d9a 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1732704340, - "narHash": "sha256-zcX8QIaaJJ5Us53vaWMPH2LNkZBCSwTH7pI+FgXCg+0=", + "lastModified": 1734208773, + "narHash": "sha256-K2ugS2XJSyF3lYCrT5SCJtSAqndn/c5OwPkC5Nl18BU=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "662522cf89fde332157e527b4322d614598631d9", + "rev": "1472730015a2b3da0de09d9f1538bab3a816f618", "type": "github" }, "original": { @@ -134,17 +134,29 @@ }, "crane_2": { "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], "nixpkgs": [ "lanzaboote", "nixpkgs" + ], + "rust-overlay": [ + "lanzaboote", + "rust-overlay" ] }, "locked": { - "lastModified": 1707363508, - "narHash": "sha256-Cu5Mwktod5hcxxSpHl0FCeZ9la7v4KO5Tfrrs59AAJg=", + "lastModified": 1681177078, + "narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=", "owner": "ipetkov", "repo": "crane", - "rev": "f2926e34a1599837f3256c701739529d772e36e7", + "rev": "0c9f468ff00576577d83f5019a66c557ede5acf6", "type": "github" }, "original": { @@ -367,11 +379,11 @@ ] }, "locked": { - "lastModified": 1733168902, - "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", + "lastModified": 1734343412, + "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=", "owner": "nix-community", "repo": "disko", - "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", + "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19", "type": "github" }, "original": { @@ -477,11 +489,11 @@ "flake-compat_12": { "flake": false, "locked": { - "lastModified": 1732722421, - "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -656,11 +668,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -756,11 +768,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -792,11 +804,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -931,11 +943,11 @@ ] }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", "type": "github" }, "original": { @@ -1143,11 +1155,11 @@ ] }, "locked": { - "lastModified": 1733175814, - "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", + "lastModified": 1734344598, + "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf23fe41082aa0289c209169302afd3397092f22", + "rev": "83ecd50915a09dca928971139d3a102377a8d242", "type": "github" }, "original": { @@ -1164,11 +1176,11 @@ ] }, "locked": { - "lastModified": 1733175814, - "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", + "lastModified": 1734093295, + "narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf23fe41082aa0289c209169302afd3397092f22", + "rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8", "type": "github" }, "original": { @@ -1225,11 +1237,11 @@ }, "impermanence": { "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "lastModified": 1734200366, + "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", "owner": "nix-community", "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", "type": "github" }, "original": { @@ -1299,11 +1311,11 @@ "nixpkgs-lib": "nixpkgs-lib_5" }, "locked": { - "lastModified": 1733055216, - "narHash": "sha256-yB2y7tGJxDI/SDQ0D7b6ocRtLTPm93u8ybdIKQGXRDE=", + "lastModified": 1734264809, + "narHash": "sha256-94fu5E0gM8aMY0bX/ix7BWGf/e/OfGjoCtNrJfwL0dM=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "f67bf0781c69a46bf3a1469f83c98518aa3054c3", + "rev": "46bedda9e45f2735f41ec3c01cba2b8ce7ba9808", "type": "github" }, "original": { @@ -1334,11 +1346,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1733265436, - "narHash": "sha256-zxBh56jKE6AXhiUoktY6cOHPUTyqXWbI/Pyh5sSC5B4=", - "owner": "patrickdag", + "lastModified": 1734041466, + "narHash": "sha256-51bhaMe8BZuNAStUHvo07nDO72wmw8PAqkSYH4U31Yo=", + "owner": "astro", "repo": "microvm.nix", - "rev": "799370e27eb8643e860a5df5cd168da72219a684", + "rev": "3910e65c3d92c82ea41ab295c66df4c0b4f9e7b3", "type": "github" }, "original": { @@ -1438,11 +1450,11 @@ ] }, "locked": { - "lastModified": 1733105089, - "narHash": "sha256-Qs3YmoLYUJ8g4RkFj2rMrzrP91e4ShAioC9s+vG6ENM=", + "lastModified": 1733570843, + "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "c6b65d946097baf3915dd51373251de98199280d", + "rev": "a35b08d09efda83625bef267eb24347b446c80b8", "type": "github" }, "original": { @@ -1459,11 +1471,11 @@ "treefmt-nix": "treefmt-nix_4" }, "locked": { - "lastModified": 1732631228, - "narHash": "sha256-/7Wyhp00yecUMPNz79gGZpjos8OLHqOfdiWWIQfZA1M=", + "lastModified": 1733909753, + "narHash": "sha256-5GChR6LKh6EwGXLfR3HLW2Z0AWoyce4Hyp3VB5C4FCk=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "8f56354b794624689851b2d86c2ce0209cc8f0cf", + "rev": "b1f94fed4af8e7f30665a3bf8b369dc3b8a95884", "type": "github" }, "original": { @@ -1501,11 +1513,11 @@ ] }, "locked": { - "lastModified": 1733024876, - "narHash": "sha256-vy9Q41hBE7Zg0yakF79neVgb3i3PQMSMR7uHPpPywFE=", + "lastModified": 1734234111, + "narHash": "sha256-icEMqBt4HtGH52PU5FHidgBrNJvOfXH6VQKNtnD1aw8=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "6e0b7f81367069589a480b91603a10bcf71f3103", + "rev": "311d6cf3ad3f56cb051ffab1f480b2909b3f754d", "type": "github" }, "original": { @@ -1522,13 +1534,12 @@ "pre-commit-hooks": "pre-commit-hooks_3" }, "locked": { - "lastModified": 1733919075, - "narHash": "sha256-qr0HiP+YEuMJWkEsM3KBQkIvfBjA4VFvV6gC43Ize2o=", - "ref": "refs/heads/fix-container-mvlan", - "rev": "f4f7786d315beb8d7c65665b7cfc7260a988d89f", - "revCount": 152, - "type": "git", - "url": "file:///home/patrick/repos/nix/nix-topology/fix-container-mvlan" + "lastModified": 1734266385, + "narHash": "sha256-k9P9Sa6jw/Xre8UDp7Ukk75h4Tcq8ZrK+nz6A2MC1IM=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "ba6f61e594a85eabebf1c8f373923b59b3b07448", + "type": "github" }, "original": { "owner": "oddlama", @@ -1538,11 +1549,11 @@ }, "nixlib": { "locked": { - "lastModified": 1733015484, - "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=", + "lastModified": 1734224914, + "narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e", + "rev": "538697b664a64fade8ce628d01f35d1f1fd82d77", "type": "github" }, "original": { @@ -1562,11 +1573,11 @@ "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { - "lastModified": 1732216602, - "narHash": "sha256-svG11P+vsHYKoDj1nWSGHoep4f+rzbRM/fdWPSVE/Uk=", + "lastModified": 1734380654, + "narHash": "sha256-YrJ4vz6fbz5Sz7H6mdFsqaqEkLVOJUnrUi6swiYbmc4=", "owner": "oddlama", "repo": "nixos-extra-modules", - "rev": "6841242d5f7c32fc8a214014f1c97ae935ef8b8e", + "rev": "da6945497bb3e6a2baf3d783c12d780ea8c4b5ea", "type": "github" }, "original": { @@ -1583,11 +1594,11 @@ ] }, "locked": { - "lastModified": 1733101779, - "narHash": "sha256-Qqnfnb/RFxBbD25UYJ/yibvl9kIZNK5WkyLsUcb2byk=", + "lastModified": 1734311693, + "narHash": "sha256-ODRrnbaUsOe3e4kp+uHl+iJxey5zE3kqiBqJWQxrlnY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "a471acc460d4c238936a5116c8cc48a3c431dd66", + "rev": "a5278f7c326205681f1f42a90fa46a75a13627eb", "type": "github" }, "original": { @@ -1598,11 +1609,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733217105, - "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", + "lastModified": 1734352517, + "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", + "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd", "type": "github" }, "original": { @@ -1685,14 +1696,14 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1730504152, - "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" } }, "nixpkgs-lib_3": { @@ -1721,11 +1732,11 @@ }, "nixpkgs-lib_5": { "locked": { - "lastModified": 1733015484, - "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=", + "lastModified": 1734224914, + "narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e", + "rev": "538697b664a64fade8ce628d01f35d1f1fd82d77", "type": "github" }, "original": { @@ -1840,11 +1851,11 @@ ] }, "locked": { - "lastModified": 1733251568, - "narHash": "sha256-o0CA0AeQWEKSJpaPst6aMJq4NU6+ccgNKBmo8GD3WJ8=", + "lastModified": 1734366874, + "narHash": "sha256-DBB1cTb+gmjUpcR3Ki+qQbdQsHwBjW7FB7iOp39WF0g=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "baa85eb4c456e649f340c7daef3bf9398dc2f2d7", + "rev": "7c76738f71e0d4a0365ad95ab3a09e236a655f30", "type": "github" }, "original": { @@ -1919,11 +1930,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { @@ -1980,11 +1991,11 @@ "treefmt-nix": "treefmt-nix_5" }, "locked": { - "lastModified": 1733220378, - "narHash": "sha256-tWCskBne7LigfeXRWnUFJKKTLOYmmdqiwdqom2Sml1s=", + "lastModified": 1734368549, + "narHash": "sha256-D8LYUU+IWbpmyjOAKEnKVOhd7Qfe7q+DvUNZTYoitKY=", "owner": "nix-community", "repo": "nixvim", - "rev": "78bfbf7b7eb7a1b6cf42e199547de55a55ba2cea", + "rev": "6c30476a4d5f761149945a65e74179f4492b1ea6", "type": "github" }, "original": { @@ -2003,11 +2014,11 @@ ] }, "locked": { - "lastModified": 1733006402, - "narHash": "sha256-BC1CecAQISV5Q4LZK72Gx0+faemOwaChiD9rMVfDPoA=", + "lastModified": 1733773348, + "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=", "owner": "NuschtOS", "repo": "search", - "rev": "16307548b7a1247291c84ae6a12c0aacb07dfba2", + "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9", "type": "github" }, "original": { @@ -2225,11 +2236,11 @@ "nixpkgs-stable": "nixpkgs-stable_6" }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1734379367, + "narHash": "sha256-Keu8z5VgT5gnCF4pmB+g7XZFftHpfl4qOn7nqBcywdE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "0bb4be58f21ff38fc3cdbd6c778eb67db97f0b99", "type": "github" }, "original": { @@ -2471,11 +2482,11 @@ "spectrum": { "flake": false, "locked": { - "lastModified": 1729945407, - "narHash": "sha256-iGNMamNOAnVTETnIVqDWd6fl74J8fLEi1ejdZiNjEtY=", + "lastModified": 1733308308, + "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=", "ref": "refs/heads/main", - "rev": "f1d94ee7029af18637dbd5fdf4749621533693fa", - "revCount": 764, + "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2", + "revCount": 792, "type": "git", "url": "https://spectrum-os.org/git/spectrum" }, @@ -2492,11 +2503,11 @@ ] }, "locked": { - "lastModified": 1733199390, - "narHash": "sha256-kPEbVBeCL1Y/Q46G/fbHFpTxS0IVUMj69Es5abaoXN8=", + "lastModified": 1734322624, + "narHash": "sha256-9G6h+hHM8RyUvan2qojZwHlRoJ3gkLwZQLsW7bXyNrE=", "owner": "Gerg-l", "repo": "spicetify-nix", - "rev": "7d1d92636fda6098600770ba559daba909312595", + "rev": "f8289a4668187d3866caa7940dfd8ff680e41d0d", "type": "github" }, "original": { @@ -2862,11 +2873,11 @@ ] }, "locked": { - "lastModified": 1732894027, - "narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=", + "lastModified": 1733761991, + "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "6209c381904cab55796c5d7350e89681d3b2a8ef", + "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "type": "github" }, "original": { diff --git a/hosts/nucnix/hostapd.nix b/hosts/nucnix/hostapd.nix new file mode 100644 index 0000000..ba6a575 --- /dev/null +++ b/hosts/nucnix/hostapd.nix @@ -0,0 +1,47 @@ +{ config, ... }: +let + cfg = name: { + countryCode = "DE"; + # wifi4.capabilities = [ + # "LDPC" + # "HT40+" + # "HT40-" + # "GF" + # "SHORT-GI-20" + # "SHORT-GI-40" + # "TX-STBC" + # "RX-STBC1" + # ]; + wifi6.enable = true; + wifi7.enable = true; + networks."${name}" = { + inherit (config.secrets.secrets.global.hostapd) ssid; + apIsolate = true; + authentication = { + saePasswords = [ + { + password = "lol"; + vlanid = 10; + } + ]; + enableRecommendedPairwiseCiphers = true; + }; + bssid = "02:c0:ca:b1:4f:9f"; + }; + }; +in + +{ + + hardware.wirelessRegulatoryDatabase = true; + + services.hostapd = { + enable = true; + radios.wlan1 = { + band = "2g"; + } // cfg "wlan1"; + radios.wlan2 = { + band = "5g"; + } // cfg "wlan2"; + }; +} diff --git a/hosts/nucnix/net.nix b/hosts/nucnix/net.nix index 909b4ca..aba7402 100644 --- a/hosts/nucnix/net.nix +++ b/hosts/nucnix/net.nix @@ -1,5 +1,6 @@ { config, lib, ... }: { + imports = [ ./hostapd.nix ]; networking = { inherit (config.secrets.secrets.local.networking) hostId; }; diff --git a/patches/287236.diff b/patches/PR/287236.diff similarity index 88% rename from patches/287236.diff rename to patches/PR/287236.diff index c6d4cbe..2e36b29 100644 --- a/patches/287236.diff +++ b/patches/PR/287236.diff @@ -1,3 +1,47 @@ +diff --git a/nixos/doc/manual/redirects.json b/nixos/doc/manual/redirects.json +index f792750a1ea4d..a4da736ad3191 100644 +--- a/nixos/doc/manual/redirects.json ++++ b/nixos/doc/manual/redirects.json +@@ -821,6 +821,12 @@ + "module-services-netbird-multiple-connections": [ + "index.html#module-services-netbird-multiple-connections" + ], ++ "module-services-netbird-firewall": [ ++ "index.html#module-services-netbird-firewall" ++ ], ++ "module-services-netbird-customization": [ ++ "index.html#module-services-netbird-customization" ++ ], + "module-services-mosquitto": [ + "index.html#module-services-mosquitto" + ], +diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md +index aee8b80727990..a4be58e5b2005 100644 +--- a/nixos/doc/manual/release-notes/rl-2405.section.md ++++ b/nixos/doc/manual/release-notes/rl-2405.section.md +@@ -711,7 +711,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi + and `services.kavita.settings.IpAddresses`. The file at `services.kavita.tokenKeyFile` now needs to contain a secret with + 512+ bits instead of 128+ bits. + +-- `services.netbird` now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels). ++- `services.netbird` now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.clients). + + - `services.nginx.virtualHosts` using `forceSSL` or + `globalRedirect` can now have redirect codes other than 301 through `redirectCode`. +diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md +index 10236562d78b1..10c1f4bd44f11 100644 +--- a/nixos/doc/manual/release-notes/rl-2505.section.md ++++ b/nixos/doc/manual/release-notes/rl-2505.section.md +@@ -135,6 +135,9 @@ + - `zf` was updated to 0.10.2, which includes breaking changes from the [0.10.0 release](https://github.com/natecraddock/zf/releases/tag/0.10.0). + `zf` no longer does Unicode normalization of the input and no longer supports terminal escape sequences in the `ZF_PROMPT` environment variable. + ++- `services.netbird.tunnels` was renamed to [`services.netbird.clients`](#opt-services.netbird.clients), ++ hardened (using dedicated less-privileged users) and significantly extended. ++ + + + ## Other Notable Changes {#sec-release-25.05-notable-changes} diff --git a/nixos/modules/services/networking/netbird.md b/nixos/modules/services/networking/netbird.md index e1f6753cbd30c..876c27cb0d22e 100644 --- a/nixos/modules/services/networking/netbird.md @@ -112,7 +156,7 @@ index e1f6753cbd30c..876c27cb0d22e 100644 +through environment variables, but special care needs to be taken for overriding config location and +daemon address due [hardened](#opt-services.netbird.clients._name_.hardened) option. diff --git a/nixos/modules/services/networking/netbird.nix b/nixos/modules/services/networking/netbird.nix -index d39c373dbc94c..c9a2251437c6a 100644 +index 9771503e14e28..c9a2251437c6a 100644 --- a/nixos/modules/services/networking/netbird.nix +++ b/nixos/modules/services/networking/netbird.nix @@ -7,64 +7,179 @@ @@ -245,27 +289,27 @@ index d39c373dbc94c..c9a2251437c6a 100644 + name = mkOption { + type = str; + default = name; -+ description = '' + description = '' +- Port for the ${name} netbird interface. + Primary name for use (as a suffix) in: + - systemd service name, + - hardened user name and group, + - [systemd `*Directory=`](https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#RuntimeDirectory=) names, + - desktop application identification, -+ ''; -+ }; -+ + ''; + }; + + dns-resolver.address = mkOption { + type = nullOr str; + default = null; + example = "127.0.0.123"; - description = '' -- Port for the ${name} netbird interface. ++ description = '' + An explicit address that Netbird will serve `*.netbird.cloud.` (usually) entries on. + + Netbird serves DNS on it's own (dynamic) client address by default. - ''; - }; - ++ ''; ++ }; ++ + dns-resolver.port = mkOption { + type = port; + default = 53; @@ -308,7 +352,7 @@ index d39c373dbc94c..c9a2251437c6a 100644 } ''; description = '' -@@ -72,97 +187,416 @@ in +@@ -72,64 +187,269 @@ in ''; }; @@ -324,16 +368,9 @@ index d39c373dbc94c..c9a2251437c6a 100644 + + As of 2024-02-13 it is not possible to start a Netbird client daemon without immediately + connecting to the network, but it is [planned for a near future](https://github.com/netbirdio/netbird/projects/2#card-91718018). - ''; - }; -- }; - -- config.environment = builtins.mapAttrs (_: mkDefault) { -- NB_CONFIG = "/var/lib/${config.stateDir}/config.json"; -- NB_LOG_FILE = "console"; -- NB_WIREGUARD_PORT = builtins.toString config.port; -- NB_INTERFACE_NAME = name; -- NB_DAEMON_ADDR = "unix:///var/run/${config.stateDir}/sock"; ++ ''; ++ }; ++ + openFirewall = mkOption { + type = bool; + default = true; @@ -385,9 +422,16 @@ index d39c373dbc94c..c9a2251437c6a 100644 + defaultText = literalExpression ''client.ui.enable''; + description = '' + Controls presence of `netbird-ui` wrapper for this Netbird client. -+ ''; -+ }; -+ + ''; + }; +- }; + +- config.environment = builtins.mapAttrs (_: mkDefault) { +- NB_CONFIG = "/var/lib/${config.stateDir}/config.json"; +- NB_LOG_FILE = "console"; +- NB_WIREGUARD_PORT = builtins.toString config.port; +- NB_INTERFACE_NAME = name; +- NB_DAEMON_ADDR = "unix:///var/run/${config.stateDir}/sock"; + wrapper = mkOption { + type = package; + internal = true; @@ -533,7 +577,9 @@ index d39c373dbc94c..c9a2251437c6a 100644 + interface = mkDefault "wt0"; + hardened = mkDefault false; + }; -+ + +- (mkIf (cfg.tunnels != { }) { +- boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard; + environment.systemPackages = [ + (lib.hiPrio ( + pkgs.runCommand "${client.name}-as-default" { } '' @@ -551,8 +597,7 @@ index d39c373dbc94c..c9a2251437c6a 100644 + cfg.clients != { } && (versionOlder kernel.version "5.6") + ) kernelPackages.wireguard; -- (mkIf (cfg.tunnels != { }) { -- boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard; +- environment.systemPackages = [ cfg.package ]; + environment.systemPackages = toClientList (client: client.wrapper) + # omitted due to https://github.com/netbirdio/netbird/issues/1562 + #++ optional (cfg.clients != { }) cfg.package @@ -560,51 +605,38 @@ index d39c373dbc94c..c9a2251437c6a 100644 + #++ optional (cfg.clients != { } && cfg.ui.enable) cfg.ui.package + ; -- environment.systemPackages = [ cfg.package ]; +- networking.dhcpcd.denyInterfaces = attrNames cfg.tunnels; + networking.dhcpcd.denyInterfaces = toClientList (client: client.interface); + networking.networkmanager.unmanaged = toClientList (client: "interface-name:${client.interface}"); - -- networking.dhcpcd.denyInterfaces = attrNames cfg.tunnels; ++ + networking.firewall.allowedUDPPorts = concatLists ( + toClientList (client: optional client.openFirewall client.port) + ); systemd.network.networks = mkIf config.networking.useNetworkd ( -- mapAttrs' -- ( -- name: _: -- nameValuePair "50-netbird-${name}" { -- matchConfig = { -- Name = name; -- }; -- linkConfig = { -- Unmanaged = true; -- ActivationPolicy = "manual"; -- }; -- } -- ) -- cfg.tunnels +- mapAttrs' ( +- name: _: +- nameValuePair "50-netbird-${name}" { + toClientAttrs ( + client: + nameValuePair "50-netbird-${client.interface}" { -+ matchConfig = { + matchConfig = { +- Name = name; + Name = client.interface; -+ }; -+ linkConfig = { -+ Unmanaged = true; -+ ActivationPolicy = "manual"; -+ }; -+ } + }; + linkConfig = { + Unmanaged = true; + ActivationPolicy = "manual"; + }; + } +- ) cfg.tunnels + ) ); -- systemd.services = -- mapAttrs' -- ( -- name: -- { environment, stateDir, ... }: -- nameValuePair "netbird-${name}" { -- description = "A WireGuard-based mesh network that connects your devices into a single private network"; +- systemd.services = mapAttrs' ( +- name: +- { environment, stateDir, ... }: +- nameValuePair "netbird-${name}" { + environment.etc = toClientAttrs ( + client: + nameValuePair "netbird-${client.name}/config.d/50-nixos.json" { @@ -612,60 +644,45 @@ index d39c373dbc94c..c9a2251437c6a 100644 + mode = "0444"; + } + ); - -- documentation = [ "https://netbird.io/docs/" ]; ++ + systemd.services = toClientAttrs ( + client: + nameValuePair "netbird-${client.name}" { -+ description = "A WireGuard-based mesh network that connects your devices into a single private network"; + description = "A WireGuard-based mesh network that connects your devices into a single private network"; -- after = [ "network.target" ]; -- wantedBy = [ "multi-user.target" ]; -+ documentation = [ "https://netbird.io/docs/" ]; + documentation = [ "https://netbird.io/docs/" ]; +@@ -137,17 +457,19 @@ in + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; -- path = with pkgs; [ openresolv ]; -+ after = [ "network.target" ]; -+ wantedBy = [ "multi-user.target" ]; - -- inherit environment; +- path = with pkgs; [ openresolv ]; +- +- inherit environment; + path = optional (!config.services.resolved.enable) pkgs.openresolv; -- serviceConfig = { -- ExecStart = "${getExe cfg.package} service run"; -- Restart = "always"; -- RuntimeDirectory = stateDir; -- StateDirectory = stateDir; -- StateDirectoryMode = "0700"; -- WorkingDirectory = "/var/lib/${stateDir}"; -- }; -+ serviceConfig = { + serviceConfig = { +- ExecStart = "${getExe cfg.package} service run"; + ExecStart = "${getExe client.wrapper} service run"; -+ Restart = "always"; - -- unitConfig = { -- StartLimitInterval = 5; -- StartLimitBurst = 10; -- }; + Restart = "always"; +- RuntimeDirectory = stateDir; +- StateDirectory = stateDir; ++ + RuntimeDirectory = "netbird-${client.name}"; + RuntimeDirectoryMode = mkDefault "0755"; + ConfigurationDirectory = "netbird-${client.name}"; + StateDirectory = "netbird-${client.name}"; -+ StateDirectoryMode = "0700"; - -- stopIfChanged = false; -- } -- ) -- cfg.tunnels; + StateDirectoryMode = "0700"; +- WorkingDirectory = "/var/lib/${stateDir}"; ++ + WorkingDirectory = "/var/lib/netbird-${client.name}"; -+ }; -+ -+ unitConfig = { -+ StartLimitInterval = 5; -+ StartLimitBurst = 10; -+ }; -+ -+ stopIfChanged = false; -+ } + }; + + unitConfig = { +@@ -157,7 +479,124 @@ in + + stopIfChanged = false; + } +- ) cfg.tunnels; + ); + } + # Hardening section diff --git a/patches/PR/335827.diff b/patches/PR/335827.diff index aa31109..06e1acf 100644 --- a/patches/PR/335827.diff +++ b/patches/PR/335827.diff @@ -1,10 +1,10 @@ diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md -index 10645d55e8389..e4ffb75742580 100644 +index 595b6af0e339d..72f5dbff1c2f4 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md -@@ -40,6 +40,10 @@ - add `vimPlugins.notmuch-vim` to your (Neo)vim configuration if you want the - vim plugin. +@@ -175,6 +175,10 @@ + - `zf` was updated to 0.10.2, which includes breaking changes from the [0.10.0 release](https://github.com/natecraddock/zf/releases/tag/0.10.0). + `zf` no longer does Unicode normalization of the input and no longer supports terminal escape sequences in the `ZF_PROMPT` environment variable. +- The `octoprint` service has gained an `enableRaspberryPi` option, which will + be disabled for state versions following 25.05. Users running on Raspberry Pi @@ -14,17 +14,11 @@ index 10645d55e8389..e4ffb75742580 100644 ## Other Notable Changes {#sec-release-25.05-notable-changes} diff --git a/nixos/modules/services/misc/octoprint.nix b/nixos/modules/services/misc/octoprint.nix -index d8e4c9c302b38..6ab48ee10e3c7 100644 +index 193e4222a37e7..6ab48ee10e3c7 100644 --- a/nixos/modules/services/misc/octoprint.nix +++ b/nixos/modules/services/misc/octoprint.nix -@@ -1,17 +1,27 @@ --{ config, lib, pkgs, ... }: -+{ -+ config, -+ lib, -+ pkgs, -+ ... -+}: +@@ -6,17 +6,22 @@ + }: let - cfg = config.services.octoprint; @@ -43,7 +37,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 - plugins.curalegacy.cura_engine = "${pkgs.curaengine_stable}/bin/CuraEngine"; - server.port = cfg.port; - webcam.ffmpeg = "${pkgs.ffmpeg.bin}/bin/ffmpeg"; -- } // lib.optionalAttrs (cfg.host != null) {server.host = cfg.host;}; +- } // lib.optionalAttrs (cfg.host != null) { server.host = cfg.host; }; + cfg = config.services.octoprint; - fullConfig = lib.recursiveUpdate cfg.extraConfig baseConfig; @@ -54,7 +48,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 pluginsEnv = package.python.withPackages (ps: [ ps.octoprint ] ++ (cfg.plugins ps)); -@@ -67,18 +77,32 @@ in +@@ -72,18 +77,32 @@ in description = "State directory of the daemon."; }; @@ -95,7 +89,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 }; }; -@@ -86,6 +110,20 @@ in +@@ -91,6 +110,20 @@ in }; ##### implementation @@ -116,7 +110,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 config = lib.mkIf cfg.enable { -@@ -100,12 +138,13 @@ in +@@ -105,12 +138,13 @@ in octoprint.gid = config.ids.gids.octoprint; }; @@ -136,7 +130,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 systemd.services.octoprint = { description = "OctoPrint, web interface for 3D printers"; -@@ -115,10 +154,10 @@ in +@@ -120,10 +154,10 @@ in preStart = '' if [ -e "${cfg.stateDir}/config.yaml" ]; then @@ -149,7 +143,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 chmod 600 "${cfg.stateDir}/config.yaml" fi ''; -@@ -127,12 +166,42 @@ in +@@ -132,12 +166,42 @@ in ExecStart = "${pluginsEnv}/bin/octoprint serve -b ${cfg.stateDir}"; User = cfg.user; Group = cfg.group; @@ -176,14 +170,14 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 + "AF_INET" + "AF_INET6" + "AF_NETLINK" - ]; ++ ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "@pkey" -+ ]; + ]; + ReadWritePaths = [ cfg.stateDir ]; + UMask = "0077"; + @@ -195,29 +189,31 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 + meta.maintainers = with lib.maintainers; [ patrickdag ]; } diff --git a/nixos/tests/octoprint.nix b/nixos/tests/octoprint.nix -index 15a2d677d4cf8..dc60b10813311 100644 +index 9473797d50475..12fb94e0eaf90 100644 --- a/nixos/tests/octoprint.nix +++ b/nixos/tests/octoprint.nix -@@ -11,7 +11,7 @@ in - environment.systemPackages = with pkgs; [ jq ]; - services.octoprint = { - enable = true; -- extraConfig = { -+ settings = { - server = { - firstRun = false; - }; -@@ -50,11 +50,18 @@ in - # used to fail early, in case octoprint first starts and then crashes - with octoprint_running: # type: ignore[union-attr] - with subtest("Check for web interface"): -- machine.wait_until_succeeds("curl -s localhost:5000") +@@ -54,16 +54,22 @@ import ./make-test-python.nix ( + curl_cmd = "curl --retry-all-errors --connect-timeout 5 --max-time 10 --retry 5 --retry-delay 0 \ + --retry-max-time 40 -X GET --header 'X-API-Key: ${apikey}' " + +- # used to fail early, in case octoprint first starts and then crashes +- with octoprint_running: # type: ignore[union-attr] +- with subtest("Check for web interface"): +- machine.wait_until_succeeds("curl -s localhost:5000") ++ # used to fail early, in case octoprint first starts and then crashes ++ with octoprint_running: # type: ignore[union-attr] ++ with subtest("Check for web interface"): + machine.wait_until_succeeds("curl -s -4 localhost:5000") + machine.wait_until_succeeds("curl -s -6 localhost:5000") -- with subtest("Check API"): -- version = json.loads(machine.succeed(curl_cmd + "localhost:5000/api/version")) -- server = json.loads(machine.succeed(curl_cmd + "localhost:5000/api/server")) +- with subtest("Check API"): +- version = json.loads(machine.succeed(curl_cmd + "localhost:5000/api/version")) +- server = json.loads(machine.succeed(curl_cmd + "localhost:5000/api/server")) +- assert version["server"] == str("${pkgs.octoprint.version}") +- assert server["safemode"] == None +- ''; +- } +-) + with subtest("Check API IPv4"): + version = json.loads(machine.succeed(curl_cmd + "-4 localhost:5000/api/version")) + server = json.loads(machine.succeed(curl_cmd + "-4 localhost:5000/api/server")) @@ -227,9 +223,10 @@ index 15a2d677d4cf8..dc60b10813311 100644 + with subtest("Check API IPv6"): + version = json.loads(machine.succeed(curl_cmd + "-6 localhost:5000/api/version")) + server = json.loads(machine.succeed(curl_cmd + "-6 localhost:5000/api/server")) - assert version["server"] == str("${pkgs.octoprint.version}") - assert server["safemode"] == None - ''; ++ assert version["server"] == str("${pkgs.octoprint.version}") ++ assert server["safemode"] == None ++ ''; ++}) diff --git a/pkgs/by-name/oc/octoprint/ffmpeg-path.patch b/pkgs/by-name/oc/octoprint/ffmpeg-path.patch deleted file mode 100644 index 2e7c7dbe06428..0000000000000 @@ -259,7 +256,7 @@ index 2e7c7dbe06428..0000000000000 - commandline = data["webcam"]["ffmpegCommandline"] - if not all( diff --git a/pkgs/by-name/oc/octoprint/package.nix b/pkgs/by-name/oc/octoprint/package.nix -index a4b437ac6d1c7..3042f7d6dd643 100644 +index 4d2ab61ecf855..66422e93d1b5c 100644 --- a/pkgs/by-name/oc/octoprint/package.nix +++ b/pkgs/by-name/oc/octoprint/package.nix @@ -1,5 +1,4 @@ diff --git a/patches/PR/339370.diff b/patches/PR/339370.diff index 17f8de6..0db5c40 100644 --- a/patches/PR/339370.diff +++ b/patches/PR/339370.diff @@ -1,5 +1,5 @@ diff --git a/pkgs/by-name/be/beatsabermodmanager/deps.nix b/pkgs/by-name/be/beatsabermodmanager/deps.nix -index 9fc703773a8e5..14f21eb5e6d5e 100644 +index 9fc703773a8e5..547872d25303a 100644 --- a/pkgs/by-name/be/beatsabermodmanager/deps.nix +++ b/pkgs/by-name/be/beatsabermodmanager/deps.nix @@ -2,110 +2,120 @@ @@ -136,20 +136,20 @@ index 9fc703773a8e5..14f21eb5e6d5e 100644 + (fetchNuGet { pname = "HarfBuzzSharp.NativeAssets.WebAssembly"; version = "2.8.2.3"; hash = "sha256-ZsiBGpXfODHUHPgU/50k9QR/j6Klo7rsB0SUt8zYcBA="; }) + (fetchNuGet { pname = "HarfBuzzSharp.NativeAssets.Win32"; version = "2.8.2.3"; hash = "sha256-5GSzM5IUoOwK+zJg0d74WlT3n1VZly8pKlyjiqVocCI="; }) + (fetchNuGet { pname = "MicroCom.Runtime"; version = "0.11.0"; hash = "sha256-VdwpP5fsclvNqJuppaOvwEwv2ofnAI5ZSz2V+UEdLF0="; }) -+ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Ref"; version = "6.0.35"; hash = "sha256-BxvIeZIaBdC0wyDQqKW0E5axSRSrtQk3oEPsT287014="; }) -+ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-arm64"; version = "6.0.35"; hash = "sha256-jM/HzLumZvI939DrNb8LHnEr/in1Lws0j/FAfdXSzbk="; }) -+ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-x64"; version = "6.0.35"; hash = "sha256-2eUqoTcqTU3ebv53IV6yvN9EhkOqnyBRd2tz74HuSsE="; }) ++ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Ref"; version = "6.0.36"; hash = "sha256-9jDkWbjw/nd8yqdzVTagCuqr6owJ/DUMi4BlUZT4hWU="; }) ++ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-arm64"; version = "6.0.36"; hash = "sha256-JQULJyF0ivLoUU1JaFfK/HHg+/qzpN7V2RR2Cc+WlQ4="; }) ++ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-x64"; version = "6.0.36"; hash = "sha256-zUsVIpV481vMLAXaLEEUpEMA9/f1HGOnvaQnaWdzlyY="; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.Analyzers"; version = "3.0.0"; hash = "sha256-KDbCfsBWSJ5ohEXUKp1s1LX9xA2NPvXE/xVzj68EdC0="; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.Common"; version = "3.8.0"; hash = "sha256-3G9vSc/gHH7FWgOySLTut1+eEaf3H66qcPOvNPLOx4o="; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.CSharp"; version = "3.8.0"; hash = "sha256-i/r3V/No/VzqmJlWxpGoirvlbJDbBPa/ONZtzYrxuc4="; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.CSharp.Scripting"; version = "3.8.0"; hash = "sha256-fA9Qu+vTyMZ9REzxJ4aMg/SHCDRk4q9k4ZGUdynoHnA="; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.Scripting.Common"; version = "3.8.0"; hash = "sha256-866jMHp8kbc1FYpKuUWnd7ViU6kGJTAxPcL/IjXrT0I="; }) + (fetchNuGet { pname = "Microsoft.CSharp"; version = "4.3.0"; hash = "sha256-a3dAiPaVuky0wpcHmpTVtAQJNGZ2v91/oArA+dpJgj8="; }) -+ (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-arm64"; version = "6.0.35"; hash = "sha256-yrtPCYD8skaWnfIoaUdQ1dns0YrypxDocskS2WGxF6g="; }) -+ (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-x64"; version = "6.0.35"; hash = "sha256-maNzxJQ5oCd86VI4ROzl4RqOV1RNXn3qWjrAfBjr2Y0="; }) -+ (fetchNuGet { pname = "Microsoft.NETCore.App.Ref"; version = "6.0.35"; hash = "sha256-IcpSbsSHgYBbNVvbcXfmRRM9bdx3pogLncO4RuXEab0="; }) -+ (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-arm64"; version = "6.0.35"; hash = "sha256-jPUhSrzqnH1GNi/c7dSnZSQhFNVGdmlAQkDLdXVWBBc="; }) -+ (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-x64"; version = "6.0.35"; hash = "sha256-Gf3e0EdBEgq8GcZttTHbKGupFlDyB80nhYpBN0X9Kro="; }) ++ (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-arm64"; version = "6.0.36"; hash = "sha256-9lC/LYnthYhjkWWz2kkFCvlA5LJOv11jdt59SDnpdy0="; }) ++ (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-x64"; version = "6.0.36"; hash = "sha256-VFRDzx7LJuvI5yzKdGmw/31NYVbwHWPKQvueQt5xc10="; }) ++ (fetchNuGet { pname = "Microsoft.NETCore.App.Ref"; version = "6.0.36"; hash = "sha256-9LZgVoIFF8qNyUu8kdJrYGLutMF/cL2K82HN2ywwlx8="; }) ++ (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-arm64"; version = "6.0.36"; hash = "sha256-k3rxvUhCEU0pVH8KgEMtkPiSOibn+nBh+0zT2xIfId8="; }) ++ (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-x64"; version = "6.0.36"; hash = "sha256-U8wJ2snSDFqeAgDVLXjnniidC7Cr5aJ1/h/BMSlyu0c="; }) + (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "1.1.0"; hash = "sha256-FeM40ktcObQJk4nMYShB61H/E8B7tIKfl9ObJ0IOcCM="; }) + (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "2.1.2"; hash = "sha256-gYQQO7zsqG+OtN4ywYQyfsiggS2zmxw4+cPXlK+FB5Q="; }) + (fetchNuGet { pname = "Microsoft.NETCore.Targets"; version = "1.1.0"; hash = "sha256-0AqQ2gMS8iNlYkrD+BxtIg7cXMnr9xZHtKAuN4bjfaQ="; }) @@ -238,7 +238,7 @@ index 42e1f738e470f..6ebea28bb187b 100644 }: -buildDotnetModule rec { -+buildDotnetModule rec { ++buildDotnetModule { pname = "beatsabermodmanager"; - version = "0.0.5"; + version = "0.0.7"; diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age index d7a3181..8790346 100644 Binary files a/secrets/secrets.nix.age and b/secrets/secrets.nix.age differ