From 7b756ebaac12e47c92bc80774c50d49e7d740244 Mon Sep 17 00:00:00 2001 From: Patrick Date: Mon, 16 Dec 2024 23:27:40 +0100 Subject: [PATCH] update and preliminary hostapd --- flake.lock | 211 ++++++++++++++++++---------------- hosts/nucnix/hostapd.nix | 47 ++++++++ hosts/nucnix/net.nix | 1 + patches/{ => PR}/287236.diff | 215 +++++++++++++++++++---------------- patches/PR/335827.diff | 83 +++++++------- patches/PR/339370.diff | 20 ++-- secrets/secrets.nix.age | Bin 5233 -> 5205 bytes 7 files changed, 325 insertions(+), 252 deletions(-) create mode 100644 hosts/nucnix/hostapd.nix rename patches/{ => PR}/287236.diff (88%) diff --git a/flake.lock b/flake.lock index 3aaf8c0..f075d9a 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1732704340, - "narHash": "sha256-zcX8QIaaJJ5Us53vaWMPH2LNkZBCSwTH7pI+FgXCg+0=", + "lastModified": 1734208773, + "narHash": "sha256-K2ugS2XJSyF3lYCrT5SCJtSAqndn/c5OwPkC5Nl18BU=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "662522cf89fde332157e527b4322d614598631d9", + "rev": "1472730015a2b3da0de09d9f1538bab3a816f618", "type": "github" }, "original": { @@ -134,17 +134,29 @@ }, "crane_2": { "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], "nixpkgs": [ "lanzaboote", "nixpkgs" + ], + "rust-overlay": [ + "lanzaboote", + "rust-overlay" ] }, "locked": { - "lastModified": 1707363508, - "narHash": "sha256-Cu5Mwktod5hcxxSpHl0FCeZ9la7v4KO5Tfrrs59AAJg=", + "lastModified": 1681177078, + "narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=", "owner": "ipetkov", "repo": "crane", - "rev": "f2926e34a1599837f3256c701739529d772e36e7", + "rev": "0c9f468ff00576577d83f5019a66c557ede5acf6", "type": "github" }, "original": { @@ -367,11 +379,11 @@ ] }, "locked": { - "lastModified": 1733168902, - "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", + "lastModified": 1734343412, + "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=", "owner": "nix-community", "repo": "disko", - "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", + "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19", "type": "github" }, "original": { @@ -477,11 +489,11 @@ "flake-compat_12": { "flake": false, "locked": { - "lastModified": 1732722421, - "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -656,11 +668,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -756,11 +768,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -792,11 +804,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -931,11 +943,11 @@ ] }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", "type": "github" }, "original": { @@ -1143,11 +1155,11 @@ ] }, "locked": { - "lastModified": 1733175814, - "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", + "lastModified": 1734344598, + "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf23fe41082aa0289c209169302afd3397092f22", + "rev": "83ecd50915a09dca928971139d3a102377a8d242", "type": "github" }, "original": { @@ -1164,11 +1176,11 @@ ] }, "locked": { - "lastModified": 1733175814, - "narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=", + "lastModified": 1734093295, + "narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf23fe41082aa0289c209169302afd3397092f22", + "rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8", "type": "github" }, "original": { @@ -1225,11 +1237,11 @@ }, "impermanence": { "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "lastModified": 1734200366, + "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", "owner": "nix-community", "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", "type": "github" }, "original": { @@ -1299,11 +1311,11 @@ "nixpkgs-lib": "nixpkgs-lib_5" }, "locked": { - "lastModified": 1733055216, - "narHash": "sha256-yB2y7tGJxDI/SDQ0D7b6ocRtLTPm93u8ybdIKQGXRDE=", + "lastModified": 1734264809, + "narHash": "sha256-94fu5E0gM8aMY0bX/ix7BWGf/e/OfGjoCtNrJfwL0dM=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "f67bf0781c69a46bf3a1469f83c98518aa3054c3", + "rev": "46bedda9e45f2735f41ec3c01cba2b8ce7ba9808", "type": "github" }, "original": { @@ -1334,11 +1346,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1733265436, - "narHash": "sha256-zxBh56jKE6AXhiUoktY6cOHPUTyqXWbI/Pyh5sSC5B4=", - "owner": "patrickdag", + "lastModified": 1734041466, + "narHash": "sha256-51bhaMe8BZuNAStUHvo07nDO72wmw8PAqkSYH4U31Yo=", + "owner": "astro", "repo": "microvm.nix", - "rev": "799370e27eb8643e860a5df5cd168da72219a684", + "rev": "3910e65c3d92c82ea41ab295c66df4c0b4f9e7b3", "type": "github" }, "original": { @@ -1438,11 +1450,11 @@ ] }, "locked": { - "lastModified": 1733105089, - "narHash": "sha256-Qs3YmoLYUJ8g4RkFj2rMrzrP91e4ShAioC9s+vG6ENM=", + "lastModified": 1733570843, + "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "c6b65d946097baf3915dd51373251de98199280d", + "rev": "a35b08d09efda83625bef267eb24347b446c80b8", "type": "github" }, "original": { @@ -1459,11 +1471,11 @@ "treefmt-nix": "treefmt-nix_4" }, "locked": { - "lastModified": 1732631228, - "narHash": "sha256-/7Wyhp00yecUMPNz79gGZpjos8OLHqOfdiWWIQfZA1M=", + "lastModified": 1733909753, + "narHash": "sha256-5GChR6LKh6EwGXLfR3HLW2Z0AWoyce4Hyp3VB5C4FCk=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "8f56354b794624689851b2d86c2ce0209cc8f0cf", + "rev": "b1f94fed4af8e7f30665a3bf8b369dc3b8a95884", "type": "github" }, "original": { @@ -1501,11 +1513,11 @@ ] }, "locked": { - "lastModified": 1733024876, - "narHash": "sha256-vy9Q41hBE7Zg0yakF79neVgb3i3PQMSMR7uHPpPywFE=", + "lastModified": 1734234111, + "narHash": "sha256-icEMqBt4HtGH52PU5FHidgBrNJvOfXH6VQKNtnD1aw8=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "6e0b7f81367069589a480b91603a10bcf71f3103", + "rev": "311d6cf3ad3f56cb051ffab1f480b2909b3f754d", "type": "github" }, "original": { @@ -1522,13 +1534,12 @@ "pre-commit-hooks": "pre-commit-hooks_3" }, "locked": { - "lastModified": 1733919075, - "narHash": "sha256-qr0HiP+YEuMJWkEsM3KBQkIvfBjA4VFvV6gC43Ize2o=", - "ref": "refs/heads/fix-container-mvlan", - "rev": "f4f7786d315beb8d7c65665b7cfc7260a988d89f", - "revCount": 152, - "type": "git", - "url": "file:///home/patrick/repos/nix/nix-topology/fix-container-mvlan" + "lastModified": 1734266385, + "narHash": "sha256-k9P9Sa6jw/Xre8UDp7Ukk75h4Tcq8ZrK+nz6A2MC1IM=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "ba6f61e594a85eabebf1c8f373923b59b3b07448", + "type": "github" }, "original": { "owner": "oddlama", @@ -1538,11 +1549,11 @@ }, "nixlib": { "locked": { - "lastModified": 1733015484, - "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=", + "lastModified": 1734224914, + "narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e", + "rev": "538697b664a64fade8ce628d01f35d1f1fd82d77", "type": "github" }, "original": { @@ -1562,11 +1573,11 @@ "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { - "lastModified": 1732216602, - "narHash": "sha256-svG11P+vsHYKoDj1nWSGHoep4f+rzbRM/fdWPSVE/Uk=", + "lastModified": 1734380654, + "narHash": "sha256-YrJ4vz6fbz5Sz7H6mdFsqaqEkLVOJUnrUi6swiYbmc4=", "owner": "oddlama", "repo": "nixos-extra-modules", - "rev": "6841242d5f7c32fc8a214014f1c97ae935ef8b8e", + "rev": "da6945497bb3e6a2baf3d783c12d780ea8c4b5ea", "type": "github" }, "original": { @@ -1583,11 +1594,11 @@ ] }, "locked": { - "lastModified": 1733101779, - "narHash": "sha256-Qqnfnb/RFxBbD25UYJ/yibvl9kIZNK5WkyLsUcb2byk=", + "lastModified": 1734311693, + "narHash": "sha256-ODRrnbaUsOe3e4kp+uHl+iJxey5zE3kqiBqJWQxrlnY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "a471acc460d4c238936a5116c8cc48a3c431dd66", + "rev": "a5278f7c326205681f1f42a90fa46a75a13627eb", "type": "github" }, "original": { @@ -1598,11 +1609,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733217105, - "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", + "lastModified": 1734352517, + "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", + "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd", "type": "github" }, "original": { @@ -1685,14 +1696,14 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1730504152, - "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" } }, "nixpkgs-lib_3": { @@ -1721,11 +1732,11 @@ }, "nixpkgs-lib_5": { "locked": { - "lastModified": 1733015484, - "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=", + "lastModified": 1734224914, + "narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e", + "rev": "538697b664a64fade8ce628d01f35d1f1fd82d77", "type": "github" }, "original": { @@ -1840,11 +1851,11 @@ ] }, "locked": { - "lastModified": 1733251568, - "narHash": "sha256-o0CA0AeQWEKSJpaPst6aMJq4NU6+ccgNKBmo8GD3WJ8=", + "lastModified": 1734366874, + "narHash": "sha256-DBB1cTb+gmjUpcR3Ki+qQbdQsHwBjW7FB7iOp39WF0g=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "baa85eb4c456e649f340c7daef3bf9398dc2f2d7", + "rev": "7c76738f71e0d4a0365ad95ab3a09e236a655f30", "type": "github" }, "original": { @@ -1919,11 +1930,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { @@ -1980,11 +1991,11 @@ "treefmt-nix": "treefmt-nix_5" }, "locked": { - "lastModified": 1733220378, - "narHash": "sha256-tWCskBne7LigfeXRWnUFJKKTLOYmmdqiwdqom2Sml1s=", + "lastModified": 1734368549, + "narHash": "sha256-D8LYUU+IWbpmyjOAKEnKVOhd7Qfe7q+DvUNZTYoitKY=", "owner": "nix-community", "repo": "nixvim", - "rev": "78bfbf7b7eb7a1b6cf42e199547de55a55ba2cea", + "rev": "6c30476a4d5f761149945a65e74179f4492b1ea6", "type": "github" }, "original": { @@ -2003,11 +2014,11 @@ ] }, "locked": { - "lastModified": 1733006402, - "narHash": "sha256-BC1CecAQISV5Q4LZK72Gx0+faemOwaChiD9rMVfDPoA=", + "lastModified": 1733773348, + "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=", "owner": "NuschtOS", "repo": "search", - "rev": "16307548b7a1247291c84ae6a12c0aacb07dfba2", + "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9", "type": "github" }, "original": { @@ -2225,11 +2236,11 @@ "nixpkgs-stable": "nixpkgs-stable_6" }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1734379367, + "narHash": "sha256-Keu8z5VgT5gnCF4pmB+g7XZFftHpfl4qOn7nqBcywdE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "0bb4be58f21ff38fc3cdbd6c778eb67db97f0b99", "type": "github" }, "original": { @@ -2471,11 +2482,11 @@ "spectrum": { "flake": false, "locked": { - "lastModified": 1729945407, - "narHash": "sha256-iGNMamNOAnVTETnIVqDWd6fl74J8fLEi1ejdZiNjEtY=", + "lastModified": 1733308308, + "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=", "ref": "refs/heads/main", - "rev": "f1d94ee7029af18637dbd5fdf4749621533693fa", - "revCount": 764, + "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2", + "revCount": 792, "type": "git", "url": "https://spectrum-os.org/git/spectrum" }, @@ -2492,11 +2503,11 @@ ] }, "locked": { - "lastModified": 1733199390, - "narHash": "sha256-kPEbVBeCL1Y/Q46G/fbHFpTxS0IVUMj69Es5abaoXN8=", + "lastModified": 1734322624, + "narHash": "sha256-9G6h+hHM8RyUvan2qojZwHlRoJ3gkLwZQLsW7bXyNrE=", "owner": "Gerg-l", "repo": "spicetify-nix", - "rev": "7d1d92636fda6098600770ba559daba909312595", + "rev": "f8289a4668187d3866caa7940dfd8ff680e41d0d", "type": "github" }, "original": { @@ -2862,11 +2873,11 @@ ] }, "locked": { - "lastModified": 1732894027, - "narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=", + "lastModified": 1733761991, + "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "6209c381904cab55796c5d7350e89681d3b2a8ef", + "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "type": "github" }, "original": { diff --git a/hosts/nucnix/hostapd.nix b/hosts/nucnix/hostapd.nix new file mode 100644 index 0000000..ba6a575 --- /dev/null +++ b/hosts/nucnix/hostapd.nix @@ -0,0 +1,47 @@ +{ config, ... }: +let + cfg = name: { + countryCode = "DE"; + # wifi4.capabilities = [ + # "LDPC" + # "HT40+" + # "HT40-" + # "GF" + # "SHORT-GI-20" + # "SHORT-GI-40" + # "TX-STBC" + # "RX-STBC1" + # ]; + wifi6.enable = true; + wifi7.enable = true; + networks."${name}" = { + inherit (config.secrets.secrets.global.hostapd) ssid; + apIsolate = true; + authentication = { + saePasswords = [ + { + password = "lol"; + vlanid = 10; + } + ]; + enableRecommendedPairwiseCiphers = true; + }; + bssid = "02:c0:ca:b1:4f:9f"; + }; + }; +in + +{ + + hardware.wirelessRegulatoryDatabase = true; + + services.hostapd = { + enable = true; + radios.wlan1 = { + band = "2g"; + } // cfg "wlan1"; + radios.wlan2 = { + band = "5g"; + } // cfg "wlan2"; + }; +} diff --git a/hosts/nucnix/net.nix b/hosts/nucnix/net.nix index 909b4ca..aba7402 100644 --- a/hosts/nucnix/net.nix +++ b/hosts/nucnix/net.nix @@ -1,5 +1,6 @@ { config, lib, ... }: { + imports = [ ./hostapd.nix ]; networking = { inherit (config.secrets.secrets.local.networking) hostId; }; diff --git a/patches/287236.diff b/patches/PR/287236.diff similarity index 88% rename from patches/287236.diff rename to patches/PR/287236.diff index c6d4cbe..2e36b29 100644 --- a/patches/287236.diff +++ b/patches/PR/287236.diff @@ -1,3 +1,47 @@ +diff --git a/nixos/doc/manual/redirects.json b/nixos/doc/manual/redirects.json +index f792750a1ea4d..a4da736ad3191 100644 +--- a/nixos/doc/manual/redirects.json ++++ b/nixos/doc/manual/redirects.json +@@ -821,6 +821,12 @@ + "module-services-netbird-multiple-connections": [ + "index.html#module-services-netbird-multiple-connections" + ], ++ "module-services-netbird-firewall": [ ++ "index.html#module-services-netbird-firewall" ++ ], ++ "module-services-netbird-customization": [ ++ "index.html#module-services-netbird-customization" ++ ], + "module-services-mosquitto": [ + "index.html#module-services-mosquitto" + ], +diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md +index aee8b80727990..a4be58e5b2005 100644 +--- a/nixos/doc/manual/release-notes/rl-2405.section.md ++++ b/nixos/doc/manual/release-notes/rl-2405.section.md +@@ -711,7 +711,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi + and `services.kavita.settings.IpAddresses`. The file at `services.kavita.tokenKeyFile` now needs to contain a secret with + 512+ bits instead of 128+ bits. + +-- `services.netbird` now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels). ++- `services.netbird` now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.clients). + + - `services.nginx.virtualHosts` using `forceSSL` or + `globalRedirect` can now have redirect codes other than 301 through `redirectCode`. +diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md +index 10236562d78b1..10c1f4bd44f11 100644 +--- a/nixos/doc/manual/release-notes/rl-2505.section.md ++++ b/nixos/doc/manual/release-notes/rl-2505.section.md +@@ -135,6 +135,9 @@ + - `zf` was updated to 0.10.2, which includes breaking changes from the [0.10.0 release](https://github.com/natecraddock/zf/releases/tag/0.10.0). + `zf` no longer does Unicode normalization of the input and no longer supports terminal escape sequences in the `ZF_PROMPT` environment variable. + ++- `services.netbird.tunnels` was renamed to [`services.netbird.clients`](#opt-services.netbird.clients), ++ hardened (using dedicated less-privileged users) and significantly extended. ++ + + + ## Other Notable Changes {#sec-release-25.05-notable-changes} diff --git a/nixos/modules/services/networking/netbird.md b/nixos/modules/services/networking/netbird.md index e1f6753cbd30c..876c27cb0d22e 100644 --- a/nixos/modules/services/networking/netbird.md @@ -112,7 +156,7 @@ index e1f6753cbd30c..876c27cb0d22e 100644 +through environment variables, but special care needs to be taken for overriding config location and +daemon address due [hardened](#opt-services.netbird.clients._name_.hardened) option. diff --git a/nixos/modules/services/networking/netbird.nix b/nixos/modules/services/networking/netbird.nix -index d39c373dbc94c..c9a2251437c6a 100644 +index 9771503e14e28..c9a2251437c6a 100644 --- a/nixos/modules/services/networking/netbird.nix +++ b/nixos/modules/services/networking/netbird.nix @@ -7,64 +7,179 @@ @@ -245,27 +289,27 @@ index d39c373dbc94c..c9a2251437c6a 100644 + name = mkOption { + type = str; + default = name; -+ description = '' + description = '' +- Port for the ${name} netbird interface. + Primary name for use (as a suffix) in: + - systemd service name, + - hardened user name and group, + - [systemd `*Directory=`](https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#RuntimeDirectory=) names, + - desktop application identification, -+ ''; -+ }; -+ + ''; + }; + + dns-resolver.address = mkOption { + type = nullOr str; + default = null; + example = "127.0.0.123"; - description = '' -- Port for the ${name} netbird interface. ++ description = '' + An explicit address that Netbird will serve `*.netbird.cloud.` (usually) entries on. + + Netbird serves DNS on it's own (dynamic) client address by default. - ''; - }; - ++ ''; ++ }; ++ + dns-resolver.port = mkOption { + type = port; + default = 53; @@ -308,7 +352,7 @@ index d39c373dbc94c..c9a2251437c6a 100644 } ''; description = '' -@@ -72,97 +187,416 @@ in +@@ -72,64 +187,269 @@ in ''; }; @@ -324,16 +368,9 @@ index d39c373dbc94c..c9a2251437c6a 100644 + + As of 2024-02-13 it is not possible to start a Netbird client daemon without immediately + connecting to the network, but it is [planned for a near future](https://github.com/netbirdio/netbird/projects/2#card-91718018). - ''; - }; -- }; - -- config.environment = builtins.mapAttrs (_: mkDefault) { -- NB_CONFIG = "/var/lib/${config.stateDir}/config.json"; -- NB_LOG_FILE = "console"; -- NB_WIREGUARD_PORT = builtins.toString config.port; -- NB_INTERFACE_NAME = name; -- NB_DAEMON_ADDR = "unix:///var/run/${config.stateDir}/sock"; ++ ''; ++ }; ++ + openFirewall = mkOption { + type = bool; + default = true; @@ -385,9 +422,16 @@ index d39c373dbc94c..c9a2251437c6a 100644 + defaultText = literalExpression ''client.ui.enable''; + description = '' + Controls presence of `netbird-ui` wrapper for this Netbird client. -+ ''; -+ }; -+ + ''; + }; +- }; + +- config.environment = builtins.mapAttrs (_: mkDefault) { +- NB_CONFIG = "/var/lib/${config.stateDir}/config.json"; +- NB_LOG_FILE = "console"; +- NB_WIREGUARD_PORT = builtins.toString config.port; +- NB_INTERFACE_NAME = name; +- NB_DAEMON_ADDR = "unix:///var/run/${config.stateDir}/sock"; + wrapper = mkOption { + type = package; + internal = true; @@ -533,7 +577,9 @@ index d39c373dbc94c..c9a2251437c6a 100644 + interface = mkDefault "wt0"; + hardened = mkDefault false; + }; -+ + +- (mkIf (cfg.tunnels != { }) { +- boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard; + environment.systemPackages = [ + (lib.hiPrio ( + pkgs.runCommand "${client.name}-as-default" { } '' @@ -551,8 +597,7 @@ index d39c373dbc94c..c9a2251437c6a 100644 + cfg.clients != { } && (versionOlder kernel.version "5.6") + ) kernelPackages.wireguard; -- (mkIf (cfg.tunnels != { }) { -- boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard; +- environment.systemPackages = [ cfg.package ]; + environment.systemPackages = toClientList (client: client.wrapper) + # omitted due to https://github.com/netbirdio/netbird/issues/1562 + #++ optional (cfg.clients != { }) cfg.package @@ -560,51 +605,38 @@ index d39c373dbc94c..c9a2251437c6a 100644 + #++ optional (cfg.clients != { } && cfg.ui.enable) cfg.ui.package + ; -- environment.systemPackages = [ cfg.package ]; +- networking.dhcpcd.denyInterfaces = attrNames cfg.tunnels; + networking.dhcpcd.denyInterfaces = toClientList (client: client.interface); + networking.networkmanager.unmanaged = toClientList (client: "interface-name:${client.interface}"); - -- networking.dhcpcd.denyInterfaces = attrNames cfg.tunnels; ++ + networking.firewall.allowedUDPPorts = concatLists ( + toClientList (client: optional client.openFirewall client.port) + ); systemd.network.networks = mkIf config.networking.useNetworkd ( -- mapAttrs' -- ( -- name: _: -- nameValuePair "50-netbird-${name}" { -- matchConfig = { -- Name = name; -- }; -- linkConfig = { -- Unmanaged = true; -- ActivationPolicy = "manual"; -- }; -- } -- ) -- cfg.tunnels +- mapAttrs' ( +- name: _: +- nameValuePair "50-netbird-${name}" { + toClientAttrs ( + client: + nameValuePair "50-netbird-${client.interface}" { -+ matchConfig = { + matchConfig = { +- Name = name; + Name = client.interface; -+ }; -+ linkConfig = { -+ Unmanaged = true; -+ ActivationPolicy = "manual"; -+ }; -+ } + }; + linkConfig = { + Unmanaged = true; + ActivationPolicy = "manual"; + }; + } +- ) cfg.tunnels + ) ); -- systemd.services = -- mapAttrs' -- ( -- name: -- { environment, stateDir, ... }: -- nameValuePair "netbird-${name}" { -- description = "A WireGuard-based mesh network that connects your devices into a single private network"; +- systemd.services = mapAttrs' ( +- name: +- { environment, stateDir, ... }: +- nameValuePair "netbird-${name}" { + environment.etc = toClientAttrs ( + client: + nameValuePair "netbird-${client.name}/config.d/50-nixos.json" { @@ -612,60 +644,45 @@ index d39c373dbc94c..c9a2251437c6a 100644 + mode = "0444"; + } + ); - -- documentation = [ "https://netbird.io/docs/" ]; ++ + systemd.services = toClientAttrs ( + client: + nameValuePair "netbird-${client.name}" { -+ description = "A WireGuard-based mesh network that connects your devices into a single private network"; + description = "A WireGuard-based mesh network that connects your devices into a single private network"; -- after = [ "network.target" ]; -- wantedBy = [ "multi-user.target" ]; -+ documentation = [ "https://netbird.io/docs/" ]; + documentation = [ "https://netbird.io/docs/" ]; +@@ -137,17 +457,19 @@ in + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; -- path = with pkgs; [ openresolv ]; -+ after = [ "network.target" ]; -+ wantedBy = [ "multi-user.target" ]; - -- inherit environment; +- path = with pkgs; [ openresolv ]; +- +- inherit environment; + path = optional (!config.services.resolved.enable) pkgs.openresolv; -- serviceConfig = { -- ExecStart = "${getExe cfg.package} service run"; -- Restart = "always"; -- RuntimeDirectory = stateDir; -- StateDirectory = stateDir; -- StateDirectoryMode = "0700"; -- WorkingDirectory = "/var/lib/${stateDir}"; -- }; -+ serviceConfig = { + serviceConfig = { +- ExecStart = "${getExe cfg.package} service run"; + ExecStart = "${getExe client.wrapper} service run"; -+ Restart = "always"; - -- unitConfig = { -- StartLimitInterval = 5; -- StartLimitBurst = 10; -- }; + Restart = "always"; +- RuntimeDirectory = stateDir; +- StateDirectory = stateDir; ++ + RuntimeDirectory = "netbird-${client.name}"; + RuntimeDirectoryMode = mkDefault "0755"; + ConfigurationDirectory = "netbird-${client.name}"; + StateDirectory = "netbird-${client.name}"; -+ StateDirectoryMode = "0700"; - -- stopIfChanged = false; -- } -- ) -- cfg.tunnels; + StateDirectoryMode = "0700"; +- WorkingDirectory = "/var/lib/${stateDir}"; ++ + WorkingDirectory = "/var/lib/netbird-${client.name}"; -+ }; -+ -+ unitConfig = { -+ StartLimitInterval = 5; -+ StartLimitBurst = 10; -+ }; -+ -+ stopIfChanged = false; -+ } + }; + + unitConfig = { +@@ -157,7 +479,124 @@ in + + stopIfChanged = false; + } +- ) cfg.tunnels; + ); + } + # Hardening section diff --git a/patches/PR/335827.diff b/patches/PR/335827.diff index aa31109..06e1acf 100644 --- a/patches/PR/335827.diff +++ b/patches/PR/335827.diff @@ -1,10 +1,10 @@ diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md -index 10645d55e8389..e4ffb75742580 100644 +index 595b6af0e339d..72f5dbff1c2f4 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md -@@ -40,6 +40,10 @@ - add `vimPlugins.notmuch-vim` to your (Neo)vim configuration if you want the - vim plugin. +@@ -175,6 +175,10 @@ + - `zf` was updated to 0.10.2, which includes breaking changes from the [0.10.0 release](https://github.com/natecraddock/zf/releases/tag/0.10.0). + `zf` no longer does Unicode normalization of the input and no longer supports terminal escape sequences in the `ZF_PROMPT` environment variable. +- The `octoprint` service has gained an `enableRaspberryPi` option, which will + be disabled for state versions following 25.05. Users running on Raspberry Pi @@ -14,17 +14,11 @@ index 10645d55e8389..e4ffb75742580 100644 ## Other Notable Changes {#sec-release-25.05-notable-changes} diff --git a/nixos/modules/services/misc/octoprint.nix b/nixos/modules/services/misc/octoprint.nix -index d8e4c9c302b38..6ab48ee10e3c7 100644 +index 193e4222a37e7..6ab48ee10e3c7 100644 --- a/nixos/modules/services/misc/octoprint.nix +++ b/nixos/modules/services/misc/octoprint.nix -@@ -1,17 +1,27 @@ --{ config, lib, pkgs, ... }: -+{ -+ config, -+ lib, -+ pkgs, -+ ... -+}: +@@ -6,17 +6,22 @@ + }: let - cfg = config.services.octoprint; @@ -43,7 +37,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 - plugins.curalegacy.cura_engine = "${pkgs.curaengine_stable}/bin/CuraEngine"; - server.port = cfg.port; - webcam.ffmpeg = "${pkgs.ffmpeg.bin}/bin/ffmpeg"; -- } // lib.optionalAttrs (cfg.host != null) {server.host = cfg.host;}; +- } // lib.optionalAttrs (cfg.host != null) { server.host = cfg.host; }; + cfg = config.services.octoprint; - fullConfig = lib.recursiveUpdate cfg.extraConfig baseConfig; @@ -54,7 +48,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 pluginsEnv = package.python.withPackages (ps: [ ps.octoprint ] ++ (cfg.plugins ps)); -@@ -67,18 +77,32 @@ in +@@ -72,18 +77,32 @@ in description = "State directory of the daemon."; }; @@ -95,7 +89,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 }; }; -@@ -86,6 +110,20 @@ in +@@ -91,6 +110,20 @@ in }; ##### implementation @@ -116,7 +110,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 config = lib.mkIf cfg.enable { -@@ -100,12 +138,13 @@ in +@@ -105,12 +138,13 @@ in octoprint.gid = config.ids.gids.octoprint; }; @@ -136,7 +130,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 systemd.services.octoprint = { description = "OctoPrint, web interface for 3D printers"; -@@ -115,10 +154,10 @@ in +@@ -120,10 +154,10 @@ in preStart = '' if [ -e "${cfg.stateDir}/config.yaml" ]; then @@ -149,7 +143,7 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 chmod 600 "${cfg.stateDir}/config.yaml" fi ''; -@@ -127,12 +166,42 @@ in +@@ -132,12 +166,42 @@ in ExecStart = "${pluginsEnv}/bin/octoprint serve -b ${cfg.stateDir}"; User = cfg.user; Group = cfg.group; @@ -176,14 +170,14 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 + "AF_INET" + "AF_INET6" + "AF_NETLINK" - ]; ++ ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "@pkey" -+ ]; + ]; + ReadWritePaths = [ cfg.stateDir ]; + UMask = "0077"; + @@ -195,29 +189,31 @@ index d8e4c9c302b38..6ab48ee10e3c7 100644 + meta.maintainers = with lib.maintainers; [ patrickdag ]; } diff --git a/nixos/tests/octoprint.nix b/nixos/tests/octoprint.nix -index 15a2d677d4cf8..dc60b10813311 100644 +index 9473797d50475..12fb94e0eaf90 100644 --- a/nixos/tests/octoprint.nix +++ b/nixos/tests/octoprint.nix -@@ -11,7 +11,7 @@ in - environment.systemPackages = with pkgs; [ jq ]; - services.octoprint = { - enable = true; -- extraConfig = { -+ settings = { - server = { - firstRun = false; - }; -@@ -50,11 +50,18 @@ in - # used to fail early, in case octoprint first starts and then crashes - with octoprint_running: # type: ignore[union-attr] - with subtest("Check for web interface"): -- machine.wait_until_succeeds("curl -s localhost:5000") +@@ -54,16 +54,22 @@ import ./make-test-python.nix ( + curl_cmd = "curl --retry-all-errors --connect-timeout 5 --max-time 10 --retry 5 --retry-delay 0 \ + --retry-max-time 40 -X GET --header 'X-API-Key: ${apikey}' " + +- # used to fail early, in case octoprint first starts and then crashes +- with octoprint_running: # type: ignore[union-attr] +- with subtest("Check for web interface"): +- machine.wait_until_succeeds("curl -s localhost:5000") ++ # used to fail early, in case octoprint first starts and then crashes ++ with octoprint_running: # type: ignore[union-attr] ++ with subtest("Check for web interface"): + machine.wait_until_succeeds("curl -s -4 localhost:5000") + machine.wait_until_succeeds("curl -s -6 localhost:5000") -- with subtest("Check API"): -- version = json.loads(machine.succeed(curl_cmd + "localhost:5000/api/version")) -- server = json.loads(machine.succeed(curl_cmd + "localhost:5000/api/server")) +- with subtest("Check API"): +- version = json.loads(machine.succeed(curl_cmd + "localhost:5000/api/version")) +- server = json.loads(machine.succeed(curl_cmd + "localhost:5000/api/server")) +- assert version["server"] == str("${pkgs.octoprint.version}") +- assert server["safemode"] == None +- ''; +- } +-) + with subtest("Check API IPv4"): + version = json.loads(machine.succeed(curl_cmd + "-4 localhost:5000/api/version")) + server = json.loads(machine.succeed(curl_cmd + "-4 localhost:5000/api/server")) @@ -227,9 +223,10 @@ index 15a2d677d4cf8..dc60b10813311 100644 + with subtest("Check API IPv6"): + version = json.loads(machine.succeed(curl_cmd + "-6 localhost:5000/api/version")) + server = json.loads(machine.succeed(curl_cmd + "-6 localhost:5000/api/server")) - assert version["server"] == str("${pkgs.octoprint.version}") - assert server["safemode"] == None - ''; ++ assert version["server"] == str("${pkgs.octoprint.version}") ++ assert server["safemode"] == None ++ ''; ++}) diff --git a/pkgs/by-name/oc/octoprint/ffmpeg-path.patch b/pkgs/by-name/oc/octoprint/ffmpeg-path.patch deleted file mode 100644 index 2e7c7dbe06428..0000000000000 @@ -259,7 +256,7 @@ index 2e7c7dbe06428..0000000000000 - commandline = data["webcam"]["ffmpegCommandline"] - if not all( diff --git a/pkgs/by-name/oc/octoprint/package.nix b/pkgs/by-name/oc/octoprint/package.nix -index a4b437ac6d1c7..3042f7d6dd643 100644 +index 4d2ab61ecf855..66422e93d1b5c 100644 --- a/pkgs/by-name/oc/octoprint/package.nix +++ b/pkgs/by-name/oc/octoprint/package.nix @@ -1,5 +1,4 @@ diff --git a/patches/PR/339370.diff b/patches/PR/339370.diff index 17f8de6..0db5c40 100644 --- a/patches/PR/339370.diff +++ b/patches/PR/339370.diff @@ -1,5 +1,5 @@ diff --git a/pkgs/by-name/be/beatsabermodmanager/deps.nix b/pkgs/by-name/be/beatsabermodmanager/deps.nix -index 9fc703773a8e5..14f21eb5e6d5e 100644 +index 9fc703773a8e5..547872d25303a 100644 --- a/pkgs/by-name/be/beatsabermodmanager/deps.nix +++ b/pkgs/by-name/be/beatsabermodmanager/deps.nix @@ -2,110 +2,120 @@ @@ -136,20 +136,20 @@ index 9fc703773a8e5..14f21eb5e6d5e 100644 + (fetchNuGet { pname = "HarfBuzzSharp.NativeAssets.WebAssembly"; version = "2.8.2.3"; hash = "sha256-ZsiBGpXfODHUHPgU/50k9QR/j6Klo7rsB0SUt8zYcBA="; }) + (fetchNuGet { pname = "HarfBuzzSharp.NativeAssets.Win32"; version = "2.8.2.3"; hash = "sha256-5GSzM5IUoOwK+zJg0d74WlT3n1VZly8pKlyjiqVocCI="; }) + (fetchNuGet { pname = "MicroCom.Runtime"; version = "0.11.0"; hash = "sha256-VdwpP5fsclvNqJuppaOvwEwv2ofnAI5ZSz2V+UEdLF0="; }) -+ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Ref"; version = "6.0.35"; hash = "sha256-BxvIeZIaBdC0wyDQqKW0E5axSRSrtQk3oEPsT287014="; }) -+ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-arm64"; version = "6.0.35"; hash = "sha256-jM/HzLumZvI939DrNb8LHnEr/in1Lws0j/FAfdXSzbk="; }) -+ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-x64"; version = "6.0.35"; hash = "sha256-2eUqoTcqTU3ebv53IV6yvN9EhkOqnyBRd2tz74HuSsE="; }) ++ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Ref"; version = "6.0.36"; hash = "sha256-9jDkWbjw/nd8yqdzVTagCuqr6owJ/DUMi4BlUZT4hWU="; }) ++ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-arm64"; version = "6.0.36"; hash = "sha256-JQULJyF0ivLoUU1JaFfK/HHg+/qzpN7V2RR2Cc+WlQ4="; }) ++ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-x64"; version = "6.0.36"; hash = "sha256-zUsVIpV481vMLAXaLEEUpEMA9/f1HGOnvaQnaWdzlyY="; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.Analyzers"; version = "3.0.0"; hash = "sha256-KDbCfsBWSJ5ohEXUKp1s1LX9xA2NPvXE/xVzj68EdC0="; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.Common"; version = "3.8.0"; hash = "sha256-3G9vSc/gHH7FWgOySLTut1+eEaf3H66qcPOvNPLOx4o="; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.CSharp"; version = "3.8.0"; hash = "sha256-i/r3V/No/VzqmJlWxpGoirvlbJDbBPa/ONZtzYrxuc4="; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.CSharp.Scripting"; version = "3.8.0"; hash = "sha256-fA9Qu+vTyMZ9REzxJ4aMg/SHCDRk4q9k4ZGUdynoHnA="; }) + (fetchNuGet { pname = "Microsoft.CodeAnalysis.Scripting.Common"; version = "3.8.0"; hash = "sha256-866jMHp8kbc1FYpKuUWnd7ViU6kGJTAxPcL/IjXrT0I="; }) + (fetchNuGet { pname = "Microsoft.CSharp"; version = "4.3.0"; hash = "sha256-a3dAiPaVuky0wpcHmpTVtAQJNGZ2v91/oArA+dpJgj8="; }) -+ (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-arm64"; version = "6.0.35"; hash = "sha256-yrtPCYD8skaWnfIoaUdQ1dns0YrypxDocskS2WGxF6g="; }) -+ (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-x64"; version = "6.0.35"; hash = "sha256-maNzxJQ5oCd86VI4ROzl4RqOV1RNXn3qWjrAfBjr2Y0="; }) -+ (fetchNuGet { pname = "Microsoft.NETCore.App.Ref"; version = "6.0.35"; hash = "sha256-IcpSbsSHgYBbNVvbcXfmRRM9bdx3pogLncO4RuXEab0="; }) -+ (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-arm64"; version = "6.0.35"; hash = "sha256-jPUhSrzqnH1GNi/c7dSnZSQhFNVGdmlAQkDLdXVWBBc="; }) -+ (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-x64"; version = "6.0.35"; hash = "sha256-Gf3e0EdBEgq8GcZttTHbKGupFlDyB80nhYpBN0X9Kro="; }) ++ (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-arm64"; version = "6.0.36"; hash = "sha256-9lC/LYnthYhjkWWz2kkFCvlA5LJOv11jdt59SDnpdy0="; }) ++ (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-x64"; version = "6.0.36"; hash = "sha256-VFRDzx7LJuvI5yzKdGmw/31NYVbwHWPKQvueQt5xc10="; }) ++ (fetchNuGet { pname = "Microsoft.NETCore.App.Ref"; version = "6.0.36"; hash = "sha256-9LZgVoIFF8qNyUu8kdJrYGLutMF/cL2K82HN2ywwlx8="; }) ++ (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-arm64"; version = "6.0.36"; hash = "sha256-k3rxvUhCEU0pVH8KgEMtkPiSOibn+nBh+0zT2xIfId8="; }) ++ (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-x64"; version = "6.0.36"; hash = "sha256-U8wJ2snSDFqeAgDVLXjnniidC7Cr5aJ1/h/BMSlyu0c="; }) + (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "1.1.0"; hash = "sha256-FeM40ktcObQJk4nMYShB61H/E8B7tIKfl9ObJ0IOcCM="; }) + (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "2.1.2"; hash = "sha256-gYQQO7zsqG+OtN4ywYQyfsiggS2zmxw4+cPXlK+FB5Q="; }) + (fetchNuGet { pname = "Microsoft.NETCore.Targets"; version = "1.1.0"; hash = "sha256-0AqQ2gMS8iNlYkrD+BxtIg7cXMnr9xZHtKAuN4bjfaQ="; }) @@ -238,7 +238,7 @@ index 42e1f738e470f..6ebea28bb187b 100644 }: -buildDotnetModule rec { -+buildDotnetModule rec { ++buildDotnetModule { pname = "beatsabermodmanager"; - version = "0.0.5"; + version = "0.0.7"; diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age index d7a318113931afed2d1c5277bb3890521cf354dc..87903464feaa197953dae453b8cc41e773e0ab9f 100644 GIT binary patch delta 5187 zcmV-J6uj&4DAg#CAXj2XYi~JddQDJNOnO=~H*8~ed0KL4dQN6%b}~sxH+Xt%IZjw? zWn*z_O$upcR54aacQbBxbT3CxYf)`XY-?y$Oip%0GBq@MV>NVnM07J(Q#4scG?PyO z6@PJdMMYL?L@P;TFGpl(T4qynGB9*XVMk0uIc8H=RB>cYR9a$TOiMvcM2^&AaH4REpRe5HXvA3 zQEOE}AVGRXZ%<=wZ$(%#GGkRuNp3ZIVni`YVpwl$GEiD%Rx>wYIc7~#FE&_oXjKYt zPIE|AbYXWgcVT)#aYsjOP(ylXb5KD-a9LJzSwl@#SZ;G=FLP{EY)O+(0Tq9AF*!I< za8E;QZ*EC3c~oI`N@QbdGDuoZc5_vFM`A%ncXD)UH+ndBRaOc`X;?BgOf)M+Fjq)n zMo4yfPGe9*WO;XQWoAQeLwR>_F-|yVGFD?pIAaPeJ|J*ub}eu+H8vnMc5P5}Q6NEe zNKR*XWob)eaWH3iQcOfSG;DuDLwQC;M^a-pS#WoCd1EU`MRGVeb~sK7R4Yj_Z)i_4 zVOd8tXG3B`b6G2TWI|FidTMHIc4Buia6~vUc~eqsS4~L@Ej}P@DPCAXEoX9NVRL05 zI(bPTS$Q>83S&=FaZNB|XEAkFYeH*RL18s;L|QR4G+9SFwE^z**JqEk9E z^R`XAg1PyhgmGgfrQe8lzpmf#oM4F542(;!MRm;5K1 zsH=8Yl|mKW%4W6!Qt5SvNJ&8zgMDon_ZHbsJ7~#$0?^WZT2Ox*rM-@`Ta}&qBECy0 zKD>pDP;-fN17Jxh4->W-_-RTl0ZfnqjMq7?rp^b4c5)05J_6{AL>bi`0h={38QzOT z%$@YdRB5FM8SgCv!Ls;!Ed^zUb{8J#IOn7Tf81fsx}$E=-LP;%r3Hd|1S-UbkW1Dz zu#xB|LdTstyWD@$%cV8#Ge`|NZQa183b@F@lYRO2AC%XPqKRK`wE?LYABnhMepqX4 zq&NxlZv@bFYWJT@T#9&XmYprO5}_ka?;J=o%1)S=X3E~q`#L+0wy}4AB(o_|ju_{R zzAfJnt))&>t7pl($K!#3Q&acH$-DqlHj)u5$lrLQG6{byslIUFO60F4^`q4fYrt`;+ zA6Sy=y8}UR1>20=wg0M z(7DDqB^JsUBj5rq9*k>QH*;D`JT$$jKu!$JnuC8cy{;n41e?01^cx8Rtc#{qn^Qs( z_}Ek+PKzacbBq}SeCCg%feK*xQ+wu|p3TrKeSc$@ri?`c^L}u1wiB?2*$6UtNG3S& zr2RrjAe3ZM<#9c015@hrS?$}yz6POkp@2|mA9JrMtf&KTFh{_(q&p3(BeSOk`niaa zQAtJ~&31PYo5{00&koou41mPNEQd{*#%NWBIx(@PDvAv3nGFk}*o*r=0 zSi!|Apr09@+w2~8+A@flugO+)ft~W;n$~~vE5Rh(-6Alb@XBp$t%0aqu`;GKEYAau zmR{}Mea8(d3>R8J_79QWaZl@1Yr_}iE$$~V$!<1lJr0$6kECiLv_tJi4cM+F`mD$G zE&Su-aN1K&ARr@8I;NJnzt+@-P-fQgGm*Yaya-9A>U7M;EYD*Xj=BCf$;>p(*wudy z_f1hMLgG@=cPVDmJi-3MpQ#ez3JiUtemOo$cIRJOpcub`VYPFuDEa)|)WP(<-F6+8 z>(qYuR>%%W`)u1MY4<&VU6HiPKr~@}K))Ka;y+{I)023>5jb)~YgT?z<*MXuiEVU2p%jU~&;@>M%6Q#3ReYPBzKgj^233A83+ z=WbMO=2;G*tiZ^4e63ZBasOcyo73|K@8S=dv2Ot-jsUtdFK*b=N-64Pf*VX6@!4IQ z%v>bjVd=>k#Y%RqR=`y!H!t`RWPqM3bR7C-jQ^7bg zv8h!ZdNq=4cHc4UiX(I2v7%*Ja#dhA`lE=kx-0tNG@FK@=|*2qEX*@b+e zcVk9$g_z&}6@h=bxdpmja6YB|RSQVl48e-L$ic$AK|#wv8z2MVf3 z88^&yWnUhhXn322(m+CgOSP0R4%H})v+YMi;xeQx@fuLudkTn^m|>nXQ=hsFM;<{! zcU$f;u3&f|Mnj`jE2LaIJ_}E9VrOrzSmG zFVvQP4Ec)3;;)&enF)m7^76>xZEj*++hE^4Yu_qRTxw8nYyTq?Qq=VmU`xmo{;9+! zM(~_@rdWSi$3e8mnYyliiM);mr<1s#8NXA>q7{IDfPN&XR+olm1xs!w>MqT;3SBI1epGM1pz3?+h}`3+ zrkvy_UoP0Ek+3)CKS3L|QxG5}ce^BVTmkwj<&pFZ7zlT~WBV2>0kJq{mi{=xw z>L(b(@-rOYZmEg2a)7xf_`e~U9nb<_TQDw}_QF~d$PqVQUnjy$24u`FXMCYU!kf57 zlcs;xiR00rK|fqV_6cwh^0yMtWOwzt@w0;T^`r~TPR5|`L3S5wIzjDaP0tD5_NH(e zM9-x){qB?WBn@6GG;r!>QVM+ASNj(2p))5L$V`|vYDV0UrGHQj`8uVI`fsF;nCKJ< zP4*QW+qyD!u77J)VQ*57AVy!)`yl`cha`XGpw4lbKD-Jh|0#k=9-g6QAHqe4m5`d? zjsu1$;rB72uEwpnSkd_o>OJ*Ow5#G6^%LZLD&eBh$}NO>5C7!7KP6?%oi~HCp%Cw8gq$zu)4zrc7PvQy%S%kCTiUm(Jy(CpsjexmtX1{+F z1))w-Dvm>#I!J&v-#ObB3G{UwX7#8K#f}on5P@ndM;KX=U$2zxZF5jq94#78$o&XA zo-ugDb+tZt<;ocING~YJGNjMZlin(C;1A%NqFgT3QEyeW9UMoLjj&|)m;Q{QgOP<0 zX#wkdu3&FIE6k}8F{IYlM3BLJ*6V-HR*XZ=S~#m0n`rFD#~g4ESE5Etwx^XLT*6O^ zpQjcQ|3JA=VY!wMLUkHqctSw8YJ{h0n38?&ikb6Q6`#wKH4EUHooV>gC3_+mtba3> z6EffJGEQ-_3eyx~`%seP+3F`IzoMcl=)Lmi;V-w>FSxvo*doSGe+yl_CSQLwh47FJ z>&Q`Cq2&x!n*E2DqJW*E7m;35aTiGD+O(CDsYamQIL|Ldlqa~~CVm}{BZTDTos1i( z@vr(16}>yobS10HhK+SaQNf04slw=5Ohb0gXpP$u%YmSBYFC%R8bg{~I4lB`ap(SS+{o zO8cXK&n!#Qn0zPQcYWA$XV{vV$L}|%t66lCnQL&=O$EYW9`7KYU1?9KC=30ek#U&tSC; zME0}}Yv8(9W@DAromg;TZS*R+qj%AzUJ_A_gI#NIXw%&nkJN;khLB~W2`3==AN!JZ zkZsgGU2Pwy&g#yhs+!2zOv5?+KS5y->m|#Z&5k%D)#{1*%eLvi`Oh0XNYMtPIw7;6 zAdGfBt2meP(j!pG1R{S6mOQ0@_0_C`8G=TQ&#Upj!&5&j|9!OEHdcmUL@zg^v0wqF z0tAyv2+-Isy;`iL_3>@qp8H9iUXhPOdC>h*iw9!EDLuBFW(ZFrTnnunU07mbLUtP0 z-r?$6Z&pi{s7IFR7Ui{ziC!yT>jP&g-5T_OdrKBF=L*0>+th#k0|`b}EfGh=j^v3$ z3cbv!WAR(D#fTT=WL&W?j-l!u>8TXAYR}T0IG+L|`hA{!3?|%58+02<|ArpSGbErD zzSYp26?II)fA8d8=|3ezDbAKA_?yiK|Bb3dW_wbJWMcL?zlD9r7@8}c?0!*!ISDKW zxTtyVc`@Md#5!9OSaXsjPY6two>iTvEoKKZQN6ZWx&P z9i;f6-K@vJ=?31XuY1t)j#iHe_BcjWb)pa%`AGO7`<0l-M5RGp^_d*yT}4;o`$Deb z_!E@s+PA{$;whcV0}5Q+xa?ZHssgz|!sv@lD1hM$&WV3!9~^og+Xec?v7%sf%9IWe zORgFRmwDmw`?twq$aFBNRzPOS#;I!VADk(-Az!Y7HWW+FP~kFGVEDBlNBFwS|0rEs zWneBAS{N529`mh^IH!kUNj6NHC=m@CJ56WQ>_rAQJ9%?X>SwXg82?RJY?F6v!+X!H zv@k~h&v1Y6*h+qF+o3pK`tF=!UrTId;SWML^P&)q)D*tN)YYgLkX zyo@`tl6LtHQ8ftPb>UX3D{A7d{<4WP-tbE-VZpD%^>V45?4}E;euJ(G9&dLy-^5Z- zM0L`k_8OTe%fvoN@oh^#lhDkEWxd1+vL?$pUEzQAK%%s4n(W^*L9a)ekSOnQhE2;( z_014ruutd=CAWI4?^?*u7Y)(-k<_hncuo~mC+f!tp|+~>-19eX3!3#`NWX)tREX?A z8)^D@##R+=o7-|CQLksSJO=-5OA0{RVj`vRvWYLb7YPXCtcnjsDovyti}aK>O(yD$W3N;@0i z`h#HwC{Ui&_?QXZ8=I>W=S(@L}6}CFl97sZZ$J9N>@`WPh?h2Lsu_ENeV4KAaH4REpRe5HXvA3 zQEOE}AVF<6VPtwuO>Qwyb!c@%Z);9aXGCa0WH@G3VQES)cXN1JHY;OCVN7jWQE>`t zH&{$@ICW=GSXXsM=(ZZQdv1`ZgOsKVn|9I}VyFuELzQQbY@rH&=2pYV}U_2#9VwRyR8+CNm+9s`?fwbUvsB6olfRD7GW1a`OEVavV)+ZPUK8_;ny&T-)r2{RB z`yUpt3&m4+tc1Lkxo=A@t(;~;Eh~-zMyJ?_%Wh6N79|>F@}`3;Z??W;9P^91Abgr4 zn+}$$ZRdFhTR?r_*K;%eoH?;$!ab+;$Nh@syO;qYh7x~MqTkDc?5GdB;xS>aDx8my zbV1?#8p2A+#=a*U1+va#vuf476bCv0m)5q;P;W%DvSC77!246Tj4lO`0^3Ioz!s%H z=eE-ejO&JRU}Q0ire{D{klYi$A)V9CQ~$#MFlY)A%fCYZb@s%r(K0?Wnw8c_)F!!W zIf~f|8}5HYrn)OB%&YSdFCRy$W_<6GZ3H;toR?C;C<(x4(_R{f=bkI#G@S2-yT|nx z2c|5?iI2;F+Nr?O_NoQ=m3_)V>|lqa1t)Gg-2kV$z!F=8dds3-J4Z1^7^vkN zbB0nbnkLu$-;z9q(FL>y7kxe)_Ch7Wt6F`Oi)V5L8iBzGzgN-ex7wRJ`<(AoYXj9O z|EPa^h4yAYGLGQtG(AK4$%JY~Ia;}x?pJ3Ou{=#4;a^tb9U-1^CUI(IGN8L@ux9Kn zsIMeSv;r`)mk*?Z!On}ZpvhNU$&p(Tyl+Nh#f0w3vOiAl!fsI zTI7@!Z=_%s+8$lS(^p7mh>bkq3?Qn@SNVTAmV7xmUj}^)bGsA9Akw)*KS8bAM6%dI z*t|jbTf`N2#Fg_jlbTqXYzazNCa{L=M%(K>q&q8 zt9tP7K9ZRje{QCC8%{Iw!Nf zf%kck3w3v(@nS6h|D#1*oJM-Po@U{(-o>_ZSS5PshRNm|`Gg?_rrgheH4tsd;I!#n zV}($u;GYGP6GK7do^&b(ce(?Ge};eb?PvNzvIYd%1`A#He9a#rCvDu3;O#NS6zZ;$ zD_e|FmuDV-^PcU3p8JbBZQ^&aJr%xAi8NO4v>U2@F!jV+#Efpiw~(hMgg zB_R4wZO>pzlsFPVsVViDo{QGWJ&tBs^O*$L*-*V;Sa8Uv;W^|(NM5xhZev`%%_8@f zLIF0D-o{A_8-RdARcPuuka2$>PRc^}wBiPu9AOsvE(f~wDlCyN;>_Kq*R?4~4ncQs ztqv7)!zo6defw61no>l@AL&S&F}T;_I;Dmh07Kg@>*BRUxAk&1fqoLgyLt>cyD)13C_8P+-r@?cI~ zHwb;R`2=nm3bpm%dG^}{@|w%EtGpP*8UZ8!jjkkY(E8!OokFW^I=uW7Y&VRV>Nu%C zuCnvx8L$WOS`BANr4WCjIDEj() zsthO`g_Ia{>FMp*PWD5|6`9w0Bm0_D2BZnEH8mJ^H)6W@*LGcZg%bGU?}Uc1qWV;g zqGuT~%Eh}B%y6-;>K>jOetW2a%9ms1E5ScGcGB;ZgQA}=M>eA5EZJqjvC=-G<}0Lq3t8=?Uu67fSgb}YnN*nQb|Ayq+Z<)9S`4X&2`o`---SyzZ1`@8O zUtdr1yoox@JuWq4F2?@K>VeLeR>Rk6QLE45SRY7vV-SBE0Oz{bLyy-~A=jlZP49pM zz?~#o{P0ujqAW_g-@|TL*$vLi4-RvsQ-);eRvUTEA!5Do8qqZV24M5iB|kCFZj?{2 zs9D1Gt`eNce;@zNfjm63Ad^q& zkN3dmY@Y~xHuYJwq27LZ!sTKE0;pWeiN~;;p1vEr7i3sUybVPOR6@8cQ)Q+kyN48D z_-ZSx>PNhT@8g^Po_5T^_Erg6iZ4%Y;U-NhHgSJ?eG?5SX$0 zFDg`@oko2WFpZXk`0lJJ#`Cuw3P~lj8tzm#H2G)@kluYcU7K=Y5{}6j&q~vezt6gJ z#FG4Y*|ow2pXt+9*3X>sF0;=wp&E~UV5Vw5Wl2C;6=4r!+!NwOmfhkT>NSAwmDid) ztq6abq~cK!yl;B$Z^VeQ@2luL8yCP( z)>^_x_oTR~E9=`*Z=5u(yh&BBQvWY9!xLesPVSS=MaCS#dGE#|9BhBBcI?++DE{tP zD1;xDmSCF9vUrg^&mjzfm;4-=Kbc=jLC(h^o6K5cy1hwgDSaR{gyAX2Ug+e1=&Z-Hklk5QN2hV?S z>aJIZ^u%h~Tu@la=@IB$5ghFn?~tkc!9Q}u1~Blg8`(L7sOfEE7KZ!Inux`Ag8^uy zmfX2@UnQNR|A-rVa+T{K6nUcc@k3Ugg?oWy2VPCceT#7M@VDF8pyeuzTUf2ddwOaq ziGORZdrsu!e@a?Zde){)p2K1YMNoe+FjP_(#YBuKthD*FnxPE<@hIIq#r#DRL=uc? zN>FL*IW?-qAhKy)@LN2HJ`H~H^eQ{if-5V68HbcD?&GOzMpnjs{92wqG_33CI5Pge3rV}eZQtAl&`bvo^@?7XoG7Vt za_(A~V+li&fUwQW7~OBawBUb+wed%$Hj`U0{YYm#SX$KfBXS2fHMk+D>5)|!OFTxZ zg?I&ZqQvIxt4=QG($Wi^L1!=HlvALJKXb^j)&D1K>bg6I1to&n_p(IDHNs`emr!tP zDt`u|-5K;!5;7)-<~#d_Ek_U+D223qE_`?w*CLs!2R00My>oIAykdXj=h;~lP7~FX zOuFOJDKBcJk+x*BZe@Z`vdVG*rH*E6L2!NR4{etHo9gdlTSw>tqyE{y=o)ivth~`N zIjWjQ?(hi~xg9%H-~-5|`1t@o=(}>E{fH}9@$J@)%W&EC?DIF}kMyU6v~ir&sq$05 z{o}3O?zMYS008~ZigSOf4xZy?{Z(^MH~m)|7r+-hWi+V!R#>m7m6=W%(_6FT?|w9s z?#PV#?18N84DsYM5Y|_28d%c`27eq#ghPvZjCTnd6>a+YJyUB0#JJ zJNY_VTELabbn8P4y1Kt+n4!qd|E7+qRib4ik<6ha@p?Kv4*xo^aUt*1%t105_cu<1 zFNyA;1Meq7xyvkxzcS5>Y=bw0+mh@QOW7$+mOdM)*sO%<+ykO&e4~MJLZTKt^T_XF z315>}JXLDmGc|wtV9G0))`~)j^w16Pvv%FxE^qN_7$|%=Fg|%PNVA}ax^-Z^u5KWS z?QVFEeY^tuc}z4Jv@|wXErBiUGCiikXUQm{*Jy}gqh)xpsO(IlfZ<>$f?ll3pFM}- zNlw{F6@J>)vG5KeEJ32)h=&(^eGt)E4p?uJqpbBGmm+_hpkmy7iq=tIj79NlhhEU& z%kdx_fpcdDDwmQz@_RS6#8P>Zu?I^;qMWk02cAW5{3!R-3|eN& z#Q`GJKt6SnW?OCIahUbNBWw_3)yv2IZ9U6q2+-5Ye*y@VHEO+fa0z^c znE4*8l&!2IqrCX9EG2Gr1%;1vd))@CMZ+&Q7fXLy$N8?Lse=)b*}QMzC%XGhems?| zkU{REL?Cl4fHiYyxxZX!DpA3tny2=N>$W7Ot6T=6JV+?{OHJ<`Hic2ONlHH(T*FgU zEC(!c!exbr+7aID;F8Njah?tYEzVK$65HN zw^Dz-iqA5zf%dTH0p&fNPVnD&0o?`5wIvS>R?J7qf9kV*ld}-N12z3h6-1Xo&+$f# z6)L_5Q!6lKvLlUe(Du@U#w~vgb38ABK}MvigkTyAX%2$MuEaV(O<@rd*3;~tO6I}e zkImsDnz~)i&TI>Je@`$E-OEeM#q@Nv@f?2}ie5WHwyi5S0SiA}1a>p2bRU?iIYV*( zyiBnGBWA)-M<)!VFhBxYqAO8YrG+URZ72wnON{j21e4Z3iqeRFnoNc6|0L;ev^N0G z!L`a42v-xmsO=I0dPGfM+$gu%oRFbTgsx6d590b(mSnSCXKFF69p0;N2kFyVw*-Hw zynBhNXY6dj>6XJVR#Fo`C4$l5OGj>yx^@|K%WNYL-)prAryM0%2!I9rH(jxb`G9qF z+a+D}&87RXJWMKszQY0al{wu>Rreouj zPZJu1kW_MiAWNFTXI3M5!TwSzEO|4iNrxZ;YvHxj;CO{ufZNDda1eY1uX~D=&NJvm ZLMX4eYYFn{T4Nk;>j!!=cdgp|od$