Compare commits

...

2 commits

Author SHA1 Message Date
Patrick 048aa1cfc4
feat: srvOS things 2024-12-04 22:47:40 +01:00
Patrick d3a3c21412
update 2024-12-03 23:21:06 +01:00
20 changed files with 661 additions and 592 deletions

View file

@ -16,8 +16,17 @@
};
systemd.network = {
enable = true;
wait-online.anyInterface = true;
wait-online.enable = false;
};
systemd.services.NetworkManager-wait-online.enable = false;
# Do not take down the network for too long when upgrading,
# This also prevents failures of services that are restarted instead of stopped.
# It will use `systemctl restart` rather than stopping it with `systemctl stop`
# followed by a delayed `systemctl start`.
systemd.services.systemd-networkd.stopIfChanged = false;
# Services that are only restarted might be not able to resolve when resolved is stopped before
systemd.services.systemd-resolved.stopIfChanged = false;
system.nssDatabases.hosts = lib.mkMerge [
(lib.mkBefore [ "mdns_minimal [NOTFOUND=return]" ])
(lib.mkAfter [ "mdns" ])

View file

@ -1,6 +1,7 @@
{ inputs, stateVersion, ... }:
{
nix = {
channel.enable = false;
settings = {
auto-optimise-store = true;
allowed-users = [ "@wheel" ];
@ -29,9 +30,12 @@
max-jobs = "auto";
# make agenix rekey find the secrets even without trusted user
extra-sandbox-paths = [ "/var/tmp/agenix-rekey?" ];
log-lines = 25;
};
daemonCPUSchedPolicy = "batch";
daemonIOSchedClass = "idle";
daemonIOSchedPriority = 5;
distributedBuilds = true;
extraOptions = ''
builders-use-substitutes = true
@ -60,4 +64,15 @@
};
programs.nix-ld.enable = true;
system.stateVersion = stateVersion;
systemd.services.nix-gc.serviceConfig = {
CPUSchedulingPolicy = "batch";
IOSchedulingClass = "idle";
IOSchedulingPriority = 7;
};
# Make builds to be more likely killed than important services.
# 100 is the default for user slices and 500 is systemd-coredumpd@
# We rather want a build to be killed than our precious user sessions as builds can be easily restarted.
systemd.services.nix-daemon.serviceConfig.OOMScoreAdjust = 250;
}

View file

@ -63,11 +63,14 @@
kitty.terminfo
nvd
unzip
bat
# fix pcscd
pcscliteWithPolkit.out
wireguard-tools
];
environment.ldso32 = null;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
secrets.secretFiles =

View file

@ -42,7 +42,6 @@
networking.firewall.allowedUDPPorts = [
3478
5349
]; # STUN/TURN server
services.netbird = {
clients.main = {

View file

@ -28,18 +28,19 @@
"agenix-rekey": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1729172588,
"narHash": "sha256-BLAyMpW3onKZ0tOfXRY26baJL9fZ/OogccFWO0uNyuw=",
"lastModified": 1732704340,
"narHash": "sha256-zcX8QIaaJJ5Us53vaWMPH2LNkZBCSwTH7pI+FgXCg+0=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "0488a23f882df0de8107e46da88177bd038ab4d2",
"rev": "662522cf89fde332157e527b4322d614598631d9",
"type": "github"
},
"original": {
@ -133,29 +134,17 @@
},
"crane_2": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"rust-overlay": [
"lanzaboote",
"rust-overlay"
]
},
"locked": {
"lastModified": 1681177078,
"narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=",
"lastModified": 1707363508,
"narHash": "sha256-Cu5Mwktod5hcxxSpHl0FCeZ9la7v4KO5Tfrrs59AAJg=",
"owner": "ipetkov",
"repo": "crane",
"rev": "0c9f468ff00576577d83f5019a66c557ede5acf6",
"rev": "f2926e34a1599837f3256c701739529d772e36e7",
"type": "github"
},
"original": {
@ -229,15 +218,14 @@
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
],
"systems": "systems_2"
]
},
"locked": {
"lastModified": 1695195896,
"narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
@ -314,7 +302,7 @@
"nixos-extra-modules",
"nixpkgs"
],
"systems": "systems_7"
"systems": "systems_5"
},
"locked": {
"lastModified": 1701787589,
@ -379,11 +367,11 @@
]
},
"locked": {
"lastModified": 1731746438,
"narHash": "sha256-f3SSp1axoOk0NAI7oFdRzbxG2XPBSIXC+/DaAXnvS1A=",
"lastModified": 1733168902,
"narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=",
"owner": "nix-community",
"repo": "disko",
"rev": "cb64993826fa7a477490be6ccb38ba1fa1e18fa8",
"rev": "785c1e02c7e465375df971949b8dcbde9ec362e5",
"type": "github"
},
"original": {
@ -443,11 +431,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -489,11 +477,11 @@
"flake-compat_12": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1732722421,
"narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac",
"type": "github"
},
"original": {
@ -682,6 +670,24 @@
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
@ -702,9 +708,9 @@
"type": "github"
}
},
"flake-parts_4": {
"flake-parts_5": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
"nixpkgs-lib": "nixpkgs-lib_4"
},
"locked": {
"lastModified": 1730504689,
@ -720,7 +726,7 @@
"type": "github"
}
},
"flake-parts_5": {
"flake-parts_6": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs-wayland",
@ -742,7 +748,7 @@
"type": "github"
}
},
"flake-parts_6": {
"flake-parts_7": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
@ -765,25 +771,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_4"
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
@ -799,9 +787,27 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_5"
"systems": "systems_4"
},
"locked": {
"lastModified": 1726560853,
@ -821,24 +827,6 @@
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
@ -853,9 +841,27 @@
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_9"
"systems": "systems_8"
},
"locked": {
"lastModified": 1731533236,
@ -872,24 +878,6 @@
}
},
"flake-utils_7": {
"inputs": {
"systems": "systems_10"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_8": {
"inputs": {
"systems": [
"stylix",
@ -943,11 +931,11 @@
]
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"lastModified": 1732021966,
"narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
"type": "github"
},
"original": {
@ -965,11 +953,11 @@
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
@ -1155,11 +1143,11 @@
]
},
"locked": {
"lastModified": 1731832479,
"narHash": "sha256-icDDuYwJ0avTMZTxe1qyU/Baht5JOqw4pb5mWpR+hT0=",
"lastModified": 1733175814,
"narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5056a1cf0ce7c2a08ab50713b6c4af77975f6111",
"rev": "bf23fe41082aa0289c209169302afd3397092f22",
"type": "github"
},
"original": {
@ -1176,11 +1164,11 @@
]
},
"locked": {
"lastModified": 1731604581,
"narHash": "sha256-Qq2YZZaDTB3FZLWU/Hgh1uuWlUBl3cMLGB99bm7rFUM=",
"lastModified": 1733175814,
"narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1d0862ee2d7c6f6cd720d6f32213fa425004be10",
"rev": "bf23fe41082aa0289c209169302afd3397092f22",
"type": "github"
},
"original": {
@ -1213,13 +1201,13 @@
"idmail": {
"inputs": {
"devshell": "devshell_3",
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts_3",
"nci": "nci",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks_2",
"treefmt-nix": "treefmt-nix"
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1732405639,
@ -1282,8 +1270,8 @@
"inputs": {
"crane": "crane_2",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_3",
"flake-utils": "flake-utils_2",
"flake-parts": "flake-parts_4",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
@ -1307,15 +1295,15 @@
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs-lib": "nixpkgs-lib_4"
"flake-utils": "flake-utils_5",
"nixpkgs-lib": "nixpkgs-lib_5"
},
"locked": {
"lastModified": 1731845570,
"narHash": "sha256-5reOtlm18XLnh3ezruPOg2wQO+MB7ztsFaIzSUAzeh8=",
"lastModified": 1733055216,
"narHash": "sha256-yB2y7tGJxDI/SDQ0D7b6ocRtLTPm93u8ybdIKQGXRDE=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "7a1d37b2b16f32536628df9cea6a2003d79a49f9",
"rev": "f67bf0781c69a46bf3a1469f83c98518aa3054c3",
"type": "github"
},
"original": {
@ -1339,18 +1327,18 @@
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1731240174,
"narHash": "sha256-HYu+bPoV3UILhwc4Ar5iQ7aF+DuQWHXl4mljN6Bwq6A=",
"owner": "astro",
"lastModified": 1733265436,
"narHash": "sha256-zxBh56jKE6AXhiUoktY6cOHPUTyqXWbI/Pyh5sSC5B4=",
"owner": "patrickdag",
"repo": "microvm.nix",
"rev": "dd89404e1885b8d7033106f3898eaef8db660cb2",
"rev": "799370e27eb8643e860a5df5cd168da72219a684",
"type": "github"
},
"original": {
@ -1450,11 +1438,11 @@
]
},
"locked": {
"lastModified": 1731642829,
"narHash": "sha256-vG+O2RZRzYZ8BUMNNJ+BLSj6PUoGW7taDQbp6QNJ3Xo=",
"lastModified": 1733105089,
"narHash": "sha256-Qs3YmoLYUJ8g4RkFj2rMrzrP91e4ShAioC9s+vG6ENM=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "f86f158efd4bab8dce3e207e4621f1df3a760b7a",
"rev": "c6b65d946097baf3915dd51373251de98199280d",
"type": "github"
},
"original": {
@ -1465,17 +1453,17 @@
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts_5",
"flake-parts": "flake-parts_6",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_7",
"treefmt-nix": "treefmt-nix_3"
"treefmt-nix": "treefmt-nix_4"
},
"locked": {
"lastModified": 1731682758,
"narHash": "sha256-o54e8oNPPNmU7zHm3uTvsbbQLi7EKX3S6EEndXFG594=",
"lastModified": 1732631228,
"narHash": "sha256-/7Wyhp00yecUMPNz79gGZpjos8OLHqOfdiWWIQfZA1M=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "d926bcd5206c0b7afe47bed92557c8cd5e882b36",
"rev": "8f56354b794624689851b2d86c2ce0209cc8f0cf",
"type": "github"
},
"original": {
@ -1493,11 +1481,11 @@
]
},
"locked": {
"lastModified": 1720066371,
"narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=",
"lastModified": 1731952509,
"narHash": "sha256-p4gB3Rhw8R6Ak4eMl8pqjCPOLCZRqaehZxdZ/mbFClM=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "622f829f5fe69310a866c8a6cd07e747c44ef820",
"rev": "7b5f051df789b6b20d259924d349a9ba3319b226",
"type": "github"
},
"original": {
@ -1513,11 +1501,11 @@
]
},
"locked": {
"lastModified": 1731814505,
"narHash": "sha256-l9ryrx1Twh08a+gxrMGM9O/aZKEimZfa6sZVyPCImgI=",
"lastModified": 1733024876,
"narHash": "sha256-vy9Q41hBE7Zg0yakF79neVgb3i3PQMSMR7uHPpPywFE=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "bdba246946fb079b87b4cada4df9b1cdf1c06132",
"rev": "6e0b7f81367069589a480b91603a10bcf71f3103",
"type": "github"
},
"original": {
@ -1529,16 +1517,16 @@
"nix-topology": {
"inputs": {
"devshell": "devshell_4",
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks_3"
},
"locked": {
"lastModified": 1730803396,
"narHash": "sha256-5ycWNOxmR/wPftlSWLQEZ3odOIE3rPvSd2qjd5+nLAE=",
"lastModified": 1732192922,
"narHash": "sha256-xQO/3I99TFdiXTN5VoS28NpbNlCQWQUvxmPQHlfkzmU=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "82dbbdc3c4f8f86fefdee8d8875fd4fd9276881a",
"rev": "2b107e98bbde932a363874e0ef5b1739a932bbc5",
"type": "github"
},
"original": {
@ -1549,11 +1537,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1731200463,
"narHash": "sha256-qDaAweJjdFbVExqs8aG27urUgcgKufkIngHW3Rzustg=",
"lastModified": 1733015484,
"narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e04234d263750db01c78a412690363dc2226e68a",
"rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e",
"type": "github"
},
"original": {
@ -1565,7 +1553,7 @@
"nixos-extra-modules": {
"inputs": {
"devshell": "devshell_5",
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_4",
"lib-net": "lib-net",
"nixpkgs": [
"nixpkgs"
@ -1594,11 +1582,11 @@
]
},
"locked": {
"lastModified": 1731546190,
"narHash": "sha256-kJix8nLyFIJ3EC7VtoXK/85C4ZN2dC5oWoS8+ErehqI=",
"lastModified": 1733101779,
"narHash": "sha256-Qqnfnb/RFxBbD25UYJ/yibvl9kIZNK5WkyLsUcb2byk=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "06ffce1a8d95e95c06a4bcfa117dd960b14a7101",
"rev": "a471acc460d4c238936a5116c8cc48a3c431dd66",
"type": "github"
},
"original": {
@ -1609,11 +1597,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1731797098,
"narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
"lastModified": 1733217105,
"narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
"rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9",
"type": "github"
},
"original": {
@ -1646,20 +1634,20 @@
"nixp-meta": {
"inputs": {
"devshell": "devshell_6",
"flake-parts": "flake-parts_4",
"flake-parts": "flake-parts_5",
"nci": "nci_2",
"nixpkgs": "nixpkgs_3",
"pre-commit-hooks": "pre-commit-hooks_5",
"treefmt-nix": "treefmt-nix_2"
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1733088671,
"narHash": "sha256-glAsc7l4pnnVPiC5UbxJ7SnuvFzwchg755Qe7hrM4GY=",
"lastModified": 1733348187,
"narHash": "sha256-B0PMTlkWm5o+Fi1Z4XO35zbU2k9NUMDq3g02EbPbXm4=",
"ref": "refs/heads/main",
"rev": "ac55ccd2f5c3715d04a3909e3b5650b23a562884",
"revCount": 18,
"rev": "803f8ba1f252220a4016b04a90862369d8e242f2",
"revCount": 21,
"type": "git",
"url": "https://forge.lel.lol/patrick/nixp-meta.git"
"url": "file:///home/patrick/repos/nixp-meta"
},
"original": {
"type": "git",
@ -1720,47 +1708,43 @@
},
"nixpkgs-lib_4": {
"locked": {
"lastModified": 1731805462,
"narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734",
"type": "github"
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
}
},
"nixpkgs-octoprint": {
"nixpkgs-lib_5": {
"locked": {
"lastModified": 1730668902,
"narHash": "sha256-GVOHeDUa05ivnlW11v/uRyKl5vpPmIA0ixSdyGENT7c=",
"owner": "patrickdag",
"repo": "nixpkgs",
"rev": "2599d2effdda740f40050d47fed0e3586397ef1e",
"lastModified": 1733015484,
"narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e",
"type": "github"
},
"original": {
"owner": "patrickdag",
"ref": "octoprint-update",
"repo": "nixpkgs",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
@ -1855,11 +1839,11 @@
]
},
"locked": {
"lastModified": 1731846914,
"narHash": "sha256-08jsTY5MC95CU/EftrT8SwGwEbkHQqksycCVEOLYTws=",
"lastModified": 1733251568,
"narHash": "sha256-o0CA0AeQWEKSJpaPst6aMJq4NU6+ccgNKBmo8GD3WJ8=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "12f62bef83b8c344a98f1f79a648f25970930b1f",
"rev": "baa85eb4c456e649f340c7daef3bf9398dc2f2d7",
"type": "github"
},
"original": {
@ -1934,11 +1918,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1731676054,
"narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
"type": "github"
},
"original": {
@ -1950,11 +1934,11 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1730958623,
"narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=",
"lastModified": 1732238832,
"narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f7e662eda4fa3a995556527c87b2524b691933",
"rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d",
"type": "github"
},
"original": {
@ -1984,7 +1968,7 @@
"inputs": {
"devshell": "devshell_7",
"flake-compat": "flake-compat_10",
"flake-parts": "flake-parts_6",
"flake-parts": "flake-parts_7",
"git-hooks": "git-hooks",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
@ -1992,14 +1976,14 @@
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix_4"
"treefmt-nix": "treefmt-nix_5"
},
"locked": {
"lastModified": 1731780782,
"narHash": "sha256-CG3rcxcZEViYEUTAXatqXrW0Gn9tQvydF+lLYH+0VPA=",
"lastModified": 1733220378,
"narHash": "sha256-tWCskBne7LigfeXRWnUFJKKTLOYmmdqiwdqom2Sml1s=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "9d99d7cfdbd7f94da9571a4d7bbb9de185241935",
"rev": "78bfbf7b7eb7a1b6cf42e199547de55a55ba2cea",
"type": "github"
},
"original": {
@ -2010,7 +1994,7 @@
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_7",
"flake-utils": "flake-utils_6",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
@ -2018,11 +2002,11 @@
]
},
"locked": {
"lastModified": 1731582522,
"narHash": "sha256-1w6aM4bG5cl2E4jHLPnMKkrUO4tY1jUX1NI6/RwJN7Y=",
"lastModified": 1733006402,
"narHash": "sha256-BC1CecAQISV5Q4LZK72Gx0+faemOwaChiD9rMVfDPoA=",
"owner": "NuschtOS",
"repo": "search",
"rev": "13300b2297c51368e0892c3ebe220f688014fe15",
"rev": "16307548b7a1247291c84ae6a12c0aacb07dfba2",
"type": "github"
},
"original": {
@ -2078,10 +2062,6 @@
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"agenix-rekey",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"agenix-rekey",
@ -2090,11 +2070,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1694364351,
"narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
"lastModified": 1732021966,
"narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
"rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
"type": "github"
},
"original": {
@ -2244,11 +2224,11 @@
"nixpkgs-stable": "nixpkgs-stable_6"
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"lastModified": 1732021966,
"narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
"type": "github"
},
"original": {
@ -2347,7 +2327,7 @@
"agenix-rekey": "agenix-rekey",
"devshell": "devshell_2",
"disko": "disko",
"flake-parts": "flake-parts",
"flake-parts": "flake-parts_2",
"home-manager": "home-manager",
"idmail": "idmail",
"impermanence": "impermanence",
@ -2361,13 +2341,12 @@
"nixos-nftables-firewall": "nixos-nftables-firewall",
"nixp-meta": "nixp-meta",
"nixpkgs": "nixpkgs_6",
"nixpkgs-octoprint": "nixpkgs-octoprint",
"nixpkgs-wayland": "nixpkgs-wayland",
"nixvim": "nixvim",
"pre-commit-hooks": "pre-commit-hooks_6",
"spicetify-nix": "spicetify-nix",
"stylix": "stylix",
"systems": "systems_12",
"systems": "systems_10",
"templates": "templates"
}
},
@ -2512,11 +2491,11 @@
]
},
"locked": {
"lastModified": 1731816930,
"narHash": "sha256-PitzPtc36GdVBdxpU2A61pbJcM/KJlsEkFRagzkW3Yc=",
"lastModified": 1733199390,
"narHash": "sha256-kPEbVBeCL1Y/Q46G/fbHFpTxS0IVUMj69Es5abaoXN8=",
"owner": "Gerg-l",
"repo": "spicetify-nix",
"rev": "f3d75d6a7ca1fdd7b3943a8b257c413c7e3b307a",
"rev": "7d1d92636fda6098600770ba559daba909312595",
"type": "github"
},
"original": {
@ -2532,11 +2511,11 @@
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_13",
"flake-utils": "flake-utils_8",
"flake-utils": "flake-utils_7",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_8",
"systems": "systems_11",
"systems": "systems_9",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-tmux": "tinted-tmux"
@ -2586,36 +2565,6 @@
"type": "github"
}
},
"systems_11": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_12": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
@ -2738,11 +2687,11 @@
},
"templates": {
"locked": {
"lastModified": 1731614509,
"narHash": "sha256-GtOogyHqiGJwpTfMzOVZjHmGgPJCdKZMjr6n54pvfsA=",
"lastModified": 1732281625,
"narHash": "sha256-oOa+43rO7rp5OiXcXebxMAxmY1RMOiw7dm/aZmDEmA4=",
"ref": "refs/heads/main",
"rev": "cd4ba26eed26a0c182c39cb02fddeec41ba28361",
"revCount": 18,
"rev": "4d1d10d9948a51b40b718f9c38815413d8938c06",
"revCount": 19,
"type": "git",
"url": "https://forge.lel.lol/patrick/nix-templates.git"
},
@ -2825,7 +2774,7 @@
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"idmail",
"agenix-rekey",
"nixpkgs"
]
},
@ -2844,6 +2793,27 @@
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"idmail",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732292307,
"narHash": "sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "705df92694af7093dfbb27109ce16d828a79155f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": "nixpkgs_5"
},
@ -2861,7 +2831,7 @@
"type": "github"
}
},
"treefmt-nix_3": {
"treefmt-nix_4": {
"inputs": {
"nixpkgs": [
"nixpkgs-wayland",
@ -2883,7 +2853,7 @@
"type": "github"
}
},
"treefmt-nix_4": {
"treefmt-nix_5": {
"inputs": {
"nixpkgs": [
"nixvim",
@ -2891,11 +2861,11 @@
]
},
"locked": {
"lastModified": 1730321837,
"narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
"lastModified": 1732894027,
"narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
"rev": "6209c381904cab55796c5d7350e89681d3b2a8ef",
"type": "github"
},
"original": {

View file

@ -9,7 +9,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-octoprint.url = "github:patrickdag/nixpkgs/octoprint-update";
nixpkgs-wayland = {
url = "github:nix-community/nixpkgs-wayland";
inputs.nixpkgs.follows = "nixpkgs";

View file

@ -27,4 +27,62 @@
};
};
nixpkgs.hostPlatform = "x86_64-linux";
# Given that our systems are headless, emergency mode is useless.
# We prefer the system to attempt to continue booting so
# that we can hopefully still access it remotely.
boot.initrd.systemd.suppressedUnits = [
"emergency.service"
"emergency.target"
];
environment = {
# Print the URL instead on servers
variables.BROWSER = "echo";
# Don't install the /lib/ld-linux.so.2 and /lib64/ld-linux-x86-64.so.2
# stubs. Server users should know what they are doing.
stub-ld.enable = false;
};
# Given that our systems are headless, emergency mode is useless.
# We prefer the system to attempt to continue booting so
# that we can hopefully still access it remotely.
systemd.enableEmergencyMode = false;
# Restrict the number of boot entries to prevent full /boot partition.
# Servers don't need too many generations.
boot.loader.systemd-boot.configurationLimit = 5;
documentation.nixos.enable = false;
# No need for fonts on a server
fonts.fontconfig.enable = false;
programs.command-not-found.enable = false;
# freedesktop xdg files
xdg.autostart.enable = false;
xdg.icons.enable = false;
xdg.menus.enable = false;
xdg.mime.enable = false;
xdg.sounds.enable = false;
systemd = {
# For more detail, see:
# https://0pointer.de/blog/projects/watchdog.html
watchdog = {
# systemd will send a signal to the hardware watchdog at half
# the interval defined here, so every 7.5s.
# If the hardware watchdog does not get a signal for 15s,
# it will forcefully reboot the system.
runtimeTime = "15s";
# Forcefully reboot if the final stage of the reboot
# hangs without progress for more than 30s.
# For more info, see:
# https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdShutdownWatchdog
rebootTime = "30s";
# Forcefully reboot when a host hangs after kexec.
# This may be the case when the firmware does not support kexec.
kexecTime = "1m";
};
};
}

View file

@ -28,7 +28,6 @@ let
firefly = "money";
homebox = "homebox";
octoprint = "print";
pr-tracker = "tracker";
invidious = "yt";
blog = "blog";
};
@ -161,14 +160,6 @@ in
(blockOf "yourspotify" { port = 80; })
(blockOf "blog" { port = 80; })
(blockOf "homebox" { })
(blockOf "pr-tracker" { })
{
virtualHosts.${domainOf "pr-tracker"} = {
locations."/update" = {
extraConfig = "deny all;";
};
};
}
(proxyProtect "ollama" { } true)
(proxyProtect "octoprint" { } true)
(proxyProtect "firefly" { port = 80; } true)
@ -237,10 +228,14 @@ in
systemd.network.networks."10-${config.guests.${guestName}.networking.mainLinkName}" = {
DHCP = lib.mkForce "no";
address = [
(lib.net.cidr.hostCidr config.secrets.secrets.global.net.ips."${config.guests.${guestName}.nodeName
}" config.secrets.secrets.global.net.privateSubnetv4)
(lib.net.cidr.hostCidr config.secrets.secrets.global.net.ips."${config.guests.${guestName}.nodeName
}" config.secrets.secrets.global.net.privateSubnetv6)
(lib.net.cidr.hostCidr
config.secrets.secrets.global.net.ips."${config.guests.${guestName}.nodeName}"
config.secrets.secrets.global.net.privateSubnetv4
)
(lib.net.cidr.hostCidr
config.secrets.secrets.global.net.ips."${config.guests.${guestName}.nodeName}"
config.secrets.secrets.global.net.privateSubnetv6
)
];
gateway = [ (lib.net.cidr.host 1 config.secrets.secrets.global.net.privateSubnetv4) ];
};
@ -288,7 +283,6 @@ in
// mkContainer "ollama" { }
// mkContainer "murmur" { }
// mkContainer "homebox" { }
// mkContainer "pr-tracker" { }
// mkContainer "invidious" { }
// mkContainer "ttrss" { }
// mkContainer "firefly" { }

View file

@ -31,10 +31,6 @@
nix-update
];
commands = [
{
package = pkgs.scripts.deploy;
help = "deploy nix configurations";
}
{
package = pkgs.symlinkJoin {
name = "locker";
@ -43,11 +39,6 @@
pkgs.scripts.lock
];
};
help = "build nix configurations";
}
{
package = pkgs.scripts.build;
help = "build nix configurations";
}
{
package = pkgs.scripts.update;

291
patches/PR/335827.diff Normal file
View file

@ -0,0 +1,291 @@
diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md
index 10645d55e8389..e4ffb75742580 100644
--- a/nixos/doc/manual/release-notes/rl-2505.section.md
+++ b/nixos/doc/manual/release-notes/rl-2505.section.md
@@ -40,6 +40,10 @@
add `vimPlugins.notmuch-vim` to your (Neo)vim configuration if you want the
vim plugin.
+- The `octoprint` service has gained an `enableRaspberryPi` option, which will
+ be disabled for state versions following 25.05. Users running on Raspberry Pi
+ should enable the option to restore full functionality.
+
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Other Notable Changes {#sec-release-25.05-notable-changes}
diff --git a/nixos/modules/services/misc/octoprint.nix b/nixos/modules/services/misc/octoprint.nix
index d8e4c9c302b38..6ab48ee10e3c7 100644
--- a/nixos/modules/services/misc/octoprint.nix
+++ b/nixos/modules/services/misc/octoprint.nix
@@ -1,17 +1,27 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
- cfg = config.services.octoprint;
+ inherit (lib)
+ literalExpression
+ mkDefault
+ mkEnableOption
+ mkOption
+ mkRenamedOptionModule
+ optional
+ types
+ versionOlder
+ ;
- baseConfig = {
- plugins.curalegacy.cura_engine = "${pkgs.curaengine_stable}/bin/CuraEngine";
- server.port = cfg.port;
- webcam.ffmpeg = "${pkgs.ffmpeg.bin}/bin/ffmpeg";
- } // lib.optionalAttrs (cfg.host != null) {server.host = cfg.host;};
+ cfg = config.services.octoprint;
- fullConfig = lib.recursiveUpdate cfg.extraConfig baseConfig;
+ formatType = pkgs.formats.json { };
- cfgUpdate = pkgs.writeText "octoprint-config.yaml" (builtins.toJSON fullConfig);
+ configFile = formatType.generate "octoprint-config.yaml" cfg.settings;
pluginsEnv = package.python.withPackages (ps: [ ps.octoprint ] ++ (cfg.plugins ps));
@@ -67,18 +77,32 @@ in
description = "State directory of the daemon.";
};
- plugins = lib.mkOption {
- type = lib.types.functionTo (lib.types.listOf lib.types.package);
- default = plugins: [ ];
- defaultText = lib.literalExpression "plugins: []";
- example = lib.literalExpression "plugins: with plugins; [ themeify stlviewer ]";
+ plugins = mkOption {
+ type = types.functionTo (types.listOf types.package);
+ default = _plugins: [ ];
+ defaultText = literalExpression "plugins: []";
+ example = literalExpression "plugins: with plugins; [ themeify stlviewer ]";
description = "Additional plugins to be used. Available plugins are passed through the plugins input.";
};
- extraConfig = lib.mkOption {
- type = lib.types.attrs;
+ settings = mkOption {
default = { };
- description = "Extra options which are added to OctoPrint's YAML configuration file.";
+ description = ''
+ The octoprint settings, for definitions see the upstream [documentation](https://docs.octoprint.org).
+ Will override any existing settings.
+ '';
+ type = types.submodule {
+ freeformType = formatType.type;
+ config = {
+ plugins.curalegacy.cura_engine = mkDefault "${pkgs.curaengine_stable}/bin/CuraEngine";
+ server.host = cfg.host;
+ server.port = cfg.port;
+ webcam.ffmpeg = mkDefault "${pkgs.ffmpeg.bin}/bin/ffmpeg";
+ };
+ };
+ };
+ enableRaspberryPi = mkEnableOption "RaspberryPi specific hardware access rules" // {
+ default = versionOlder config.system.stateVersion "25.05";
};
};
@@ -86,6 +110,20 @@ in
};
##### implementation
+ imports = [
+ (mkRenamedOptionModule
+ [
+ "services"
+ "octoprint"
+ "extraConfig"
+ ]
+ [
+ "services"
+ "octoprint"
+ "settings"
+ ]
+ )
+ ];
config = lib.mkIf cfg.enable {
@@ -100,12 +138,13 @@ in
octoprint.gid = config.ids.gids.octoprint;
};
- systemd.tmpfiles.rules = [
- "d '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"
- # this will allow octoprint access to raspberry specific hardware to check for throttling
- # read-only will not work: "VCHI initialization failed" error
- "a /dev/vchiq - - - - u:octoprint:rw"
- ];
+ systemd.tmpfiles.rules =
+ [ "d '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -" ]
+ ++ optional cfg.enableRaspberryPi
+ # this will allow octoprint access to raspberry specific hardware to check for throttling
+ # read-only will not work: "VCHI initialization failed" error
+ # FIXME: this should probably be a udev rule
+ "a /dev/vchiq - - - - u:octoprint:rw";
systemd.services.octoprint = {
description = "OctoPrint, web interface for 3D printers";
@@ -115,10 +154,10 @@ in
preStart = ''
if [ -e "${cfg.stateDir}/config.yaml" ]; then
- ${pkgs.yaml-merge}/bin/yaml-merge "${cfg.stateDir}/config.yaml" "${cfgUpdate}" > "${cfg.stateDir}/config.yaml.tmp"
+ ${pkgs.yaml-merge}/bin/yaml-merge "${cfg.stateDir}/config.yaml" "${configFile}" > "${cfg.stateDir}/config.yaml.tmp"
mv "${cfg.stateDir}/config.yaml.tmp" "${cfg.stateDir}/config.yaml"
else
- cp "${cfgUpdate}" "${cfg.stateDir}/config.yaml"
+ cp "${configFile}" "${cfg.stateDir}/config.yaml"
chmod 600 "${cfg.stateDir}/config.yaml"
fi
'';
@@ -127,12 +166,42 @@ in
ExecStart = "${pluginsEnv}/bin/octoprint serve -b ${cfg.stateDir}";
User = cfg.user;
Group = cfg.group;
- SupplementaryGroups = [
- "dialout"
+ SupplementaryGroups = [ "dialout" ];
+
+ # Hardening
+ CapabilityBoundingSet = "";
+ LockPersonality = true;
+ MemoryDenyWriteExecute = true;
+ PrivateUsers = true;
+ ProtectClock = true;
+ ProtectControlGroups = true;
+ ProtectHome = true;
+ ProtectHostname = true;
+ ProtectKernelLogs = true;
+ ProtectKernelModules = true;
+ ProtectKernelTunables = true;
+ ProtectProc = "invisible";
+ ProcSubset = "pid";
+ ProtectSystem = "strict";
+ RestrictAddressFamilies = [
+ "AF_INET"
+ "AF_INET6"
+ "AF_NETLINK"
];
+ RestrictNamespaces = true;
+ RestrictRealtime = true;
+ SystemCallArchitectures = "native";
+ SystemCallFilter = [
+ "@system-service"
+ "@pkey"
+ ];
+ ReadWritePaths = [ cfg.stateDir ];
+ UMask = "0077";
+
};
};
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.port ];
};
+ meta.maintainers = with lib.maintainers; [ patrickdag ];
}
diff --git a/nixos/tests/octoprint.nix b/nixos/tests/octoprint.nix
index 15a2d677d4cf8..dc60b10813311 100644
--- a/nixos/tests/octoprint.nix
+++ b/nixos/tests/octoprint.nix
@@ -11,7 +11,7 @@ in
environment.systemPackages = with pkgs; [ jq ];
services.octoprint = {
enable = true;
- extraConfig = {
+ settings = {
server = {
firstRun = false;
};
@@ -50,11 +50,18 @@ in
# used to fail early, in case octoprint first starts and then crashes
with octoprint_running: # type: ignore[union-attr]
with subtest("Check for web interface"):
- machine.wait_until_succeeds("curl -s localhost:5000")
+ machine.wait_until_succeeds("curl -s -4 localhost:5000")
+ machine.wait_until_succeeds("curl -s -6 localhost:5000")
- with subtest("Check API"):
- version = json.loads(machine.succeed(curl_cmd + "localhost:5000/api/version"))
- server = json.loads(machine.succeed(curl_cmd + "localhost:5000/api/server"))
+ with subtest("Check API IPv4"):
+ version = json.loads(machine.succeed(curl_cmd + "-4 localhost:5000/api/version"))
+ server = json.loads(machine.succeed(curl_cmd + "-4 localhost:5000/api/server"))
+ assert version["server"] == str("${pkgs.octoprint.version}")
+ assert server["safemode"] == None
+
+ with subtest("Check API IPv6"):
+ version = json.loads(machine.succeed(curl_cmd + "-6 localhost:5000/api/version"))
+ server = json.loads(machine.succeed(curl_cmd + "-6 localhost:5000/api/server"))
assert version["server"] == str("${pkgs.octoprint.version}")
assert server["safemode"] == None
'';
diff --git a/pkgs/by-name/oc/octoprint/ffmpeg-path.patch b/pkgs/by-name/oc/octoprint/ffmpeg-path.patch
deleted file mode 100644
index 2e7c7dbe06428..0000000000000
--- a/pkgs/by-name/oc/octoprint/ffmpeg-path.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff --git a/src/octoprint/server/api/settings.py b/src/octoprint/server/api/settings.py
-index c3e6cea10..ced2f8fa0 100644
---- a/src/octoprint/server/api/settings.py
-+++ b/src/octoprint/server/api/settings.py
-@@ -130,7 +130,7 @@ data["webcam"] = {
- "webcamEnabled": s.getBoolean(["webcam", "webcamEnabled"]),
- "snapshotTimeout": s.getInt(["webcam", "snapshotTimeout"]),
- "timelapseEnabled": s.getBoolean(["webcam", "timelapseEnabled"]),
-- "ffmpegPath": s.get(["webcam", "ffmpeg"]),
-+ "ffmpegPath": "@ffmpeg@",
- "ffmpegCommandline": s.get(["webcam", "ffmpegCommandline"]),
- "bitrate": s.get(["webcam", "bitrate"]),
- "ffmpegThreads": s.get(["webcam", "ffmpegThreads"]),
-@@ -548,8 +548,6 @@ def _saveSettings(data):
- ["webcam", "snapshotSslValidation"],
- data["webcam"]["snapshotSslValidation"],
- )
-- if "ffmpegPath" in data["webcam"]:
-- s.set(["webcam", "ffmpeg"], data["webcam"]["ffmpegPath"])
- if "ffmpegCommandline" in data["webcam"]:
- commandline = data["webcam"]["ffmpegCommandline"]
- if not all(
diff --git a/pkgs/by-name/oc/octoprint/package.nix b/pkgs/by-name/oc/octoprint/package.nix
index a4b437ac6d1c7..3042f7d6dd643 100644
--- a/pkgs/by-name/oc/octoprint/package.nix
+++ b/pkgs/by-name/oc/octoprint/package.nix
@@ -1,5 +1,4 @@
{
- pkgs,
stdenv,
callPackage,
lib,
@@ -197,12 +196,6 @@ let
src = ./pip-path.patch;
pip = "${self.pip}/bin/pip";
})
-
- # hardcore path to ffmpeg and hide related settings
- (substituteAll {
- src = ./ffmpeg-path.patch;
- ffmpeg = "${pkgs.ffmpeg}/bin/ffmpeg";
- })
];
postPatch =
@@ -266,6 +259,7 @@ let
gebner
WhittlesJr
gador
+ patrickdag
];
};
};

View file

@ -1,8 +1,8 @@
diff --git a/pkgs/by-name/be/beatsabermodmanager/deps.nix b/pkgs/by-name/be/beatsabermodmanager/deps.nix
index 9fc703773a8e5..bb10f4daaf0e7 100644
index 9fc703773a8e5..14f21eb5e6d5e 100644
--- a/pkgs/by-name/be/beatsabermodmanager/deps.nix
+++ b/pkgs/by-name/be/beatsabermodmanager/deps.nix
@@ -2,110 +2,112 @@
@@ -2,110 +2,120 @@
# Please dont edit it manually, your changes might get overwritten!
{ fetchNuGet }: [
@ -136,12 +136,20 @@ index 9fc703773a8e5..bb10f4daaf0e7 100644
+ (fetchNuGet { pname = "HarfBuzzSharp.NativeAssets.WebAssembly"; version = "2.8.2.3"; hash = "sha256-ZsiBGpXfODHUHPgU/50k9QR/j6Klo7rsB0SUt8zYcBA="; })
+ (fetchNuGet { pname = "HarfBuzzSharp.NativeAssets.Win32"; version = "2.8.2.3"; hash = "sha256-5GSzM5IUoOwK+zJg0d74WlT3n1VZly8pKlyjiqVocCI="; })
+ (fetchNuGet { pname = "MicroCom.Runtime"; version = "0.11.0"; hash = "sha256-VdwpP5fsclvNqJuppaOvwEwv2ofnAI5ZSz2V+UEdLF0="; })
+ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Ref"; version = "6.0.35"; hash = "sha256-BxvIeZIaBdC0wyDQqKW0E5axSRSrtQk3oEPsT287014="; })
+ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-arm64"; version = "6.0.35"; hash = "sha256-jM/HzLumZvI939DrNb8LHnEr/in1Lws0j/FAfdXSzbk="; })
+ (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-x64"; version = "6.0.35"; hash = "sha256-2eUqoTcqTU3ebv53IV6yvN9EhkOqnyBRd2tz74HuSsE="; })
+ (fetchNuGet { pname = "Microsoft.CodeAnalysis.Analyzers"; version = "3.0.0"; hash = "sha256-KDbCfsBWSJ5ohEXUKp1s1LX9xA2NPvXE/xVzj68EdC0="; })
+ (fetchNuGet { pname = "Microsoft.CodeAnalysis.Common"; version = "3.8.0"; hash = "sha256-3G9vSc/gHH7FWgOySLTut1+eEaf3H66qcPOvNPLOx4o="; })
+ (fetchNuGet { pname = "Microsoft.CodeAnalysis.CSharp"; version = "3.8.0"; hash = "sha256-i/r3V/No/VzqmJlWxpGoirvlbJDbBPa/ONZtzYrxuc4="; })
+ (fetchNuGet { pname = "Microsoft.CodeAnalysis.CSharp.Scripting"; version = "3.8.0"; hash = "sha256-fA9Qu+vTyMZ9REzxJ4aMg/SHCDRk4q9k4ZGUdynoHnA="; })
+ (fetchNuGet { pname = "Microsoft.CodeAnalysis.Scripting.Common"; version = "3.8.0"; hash = "sha256-866jMHp8kbc1FYpKuUWnd7ViU6kGJTAxPcL/IjXrT0I="; })
+ (fetchNuGet { pname = "Microsoft.CSharp"; version = "4.3.0"; hash = "sha256-a3dAiPaVuky0wpcHmpTVtAQJNGZ2v91/oArA+dpJgj8="; })
+ (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-arm64"; version = "6.0.35"; hash = "sha256-yrtPCYD8skaWnfIoaUdQ1dns0YrypxDocskS2WGxF6g="; })
+ (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-x64"; version = "6.0.35"; hash = "sha256-maNzxJQ5oCd86VI4ROzl4RqOV1RNXn3qWjrAfBjr2Y0="; })
+ (fetchNuGet { pname = "Microsoft.NETCore.App.Ref"; version = "6.0.35"; hash = "sha256-IcpSbsSHgYBbNVvbcXfmRRM9bdx3pogLncO4RuXEab0="; })
+ (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-arm64"; version = "6.0.35"; hash = "sha256-jPUhSrzqnH1GNi/c7dSnZSQhFNVGdmlAQkDLdXVWBBc="; })
+ (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-x64"; version = "6.0.35"; hash = "sha256-Gf3e0EdBEgq8GcZttTHbKGupFlDyB80nhYpBN0X9Kro="; })
+ (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "1.1.0"; hash = "sha256-FeM40ktcObQJk4nMYShB61H/E8B7tIKfl9ObJ0IOcCM="; })
+ (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "2.1.2"; hash = "sha256-gYQQO7zsqG+OtN4ywYQyfsiggS2zmxw4+cPXlK+FB5Q="; })
+ (fetchNuGet { pname = "Microsoft.NETCore.Targets"; version = "1.1.0"; hash = "sha256-0AqQ2gMS8iNlYkrD+BxtIg7cXMnr9xZHtKAuN4bjfaQ="; })
@ -222,10 +230,10 @@ index 9fc703773a8e5..bb10f4daaf0e7 100644
+ (fetchNuGet { pname = "Tmds.DBus.Protocol"; version = "0.15.0"; hash = "sha256-4gk2vXDjKFaBh82gTkwg3c/5GRjiH+bvM5elfDSbKTU="; })
]
diff --git a/pkgs/by-name/be/beatsabermodmanager/package.nix b/pkgs/by-name/be/beatsabermodmanager/package.nix
index 42e1f738e470f..8375080edf886 100644
index 42e1f738e470f..6ebea28bb187b 100644
--- a/pkgs/by-name/be/beatsabermodmanager/package.nix
+++ b/pkgs/by-name/be/beatsabermodmanager/package.nix
@@ -8,24 +8,27 @@
@@ -8,24 +8,22 @@
xdg-utils,
}:
@ -250,19 +258,14 @@ index 42e1f738e470f..8375080edf886 100644
- sdk_7_0
- sdk_6_0
- ];
+ dotnet-sdk =
+ with dotnetCorePackages;
+ combinePackages [
+ sdk_8_0
+ sdk_6_0
+ ];
+ dotnet-sdk = dotnetCorePackages.sdk_8_0;
- dotnet-runtime = dotnetCorePackages.runtime_7_0;
+ dotnet-runtime = dotnetCorePackages.runtime_8_0;
projectFile = [ "BeatSaberModManager/BeatSaberModManager.csproj" ];
@@ -33,12 +36,6 @@ buildDotnetModule rec {
@@ -33,12 +31,6 @@ buildDotnetModule rec {
nugetDeps = ./deps.nix;

View file

@ -12,7 +12,7 @@ index 788b724231be3..c8f6836f0af93 100644
domain = mkOption {
type = str;
diff --git a/nixos/modules/services/networking/netbird/management.nix b/nixos/modules/services/networking/netbird/management.nix
index f4b5bbf643239..bf95ea65e5fa3 100644
index 4ebaa60ecb052..a2af8fccbe932 100644
--- a/nixos/modules/services/networking/netbird/management.nix
+++ b/nixos/modules/services/networking/netbird/management.nix
@@ -38,7 +38,7 @@ let
@ -83,20 +83,7 @@ index f4b5bbf643239..bf95ea65e5fa3 100644
domain = mkOption {
type = str;
@@ -196,6 +200,12 @@ in
description = "Internal port of the management server.";
};
+ metricsPort = mkOption {
+ type = port;
+ default = 9090;
+ description = "Internal port of the metrics server.";
+ };
+
extraOptions = mkOption {
type = listOf str;
default = [ ];
@@ -218,7 +228,7 @@ in
@@ -224,7 +228,7 @@ in
Stuns = [
{
Proto = "udp";
@ -105,7 +92,7 @@ index f4b5bbf643239..bf95ea65e5fa3 100644
Username = "";
Password = null;
}
@@ -228,7 +238,7 @@ in
@@ -234,7 +238,7 @@ in
Turns = [
{
Proto = "udp";
@ -114,7 +101,7 @@ index f4b5bbf643239..bf95ea65e5fa3 100644
Username = "netbird";
Password = "netbird";
}
@@ -241,7 +251,7 @@ in
@@ -247,7 +251,7 @@ in
Signal = {
Proto = "https";
@ -123,7 +110,7 @@ index f4b5bbf643239..bf95ea65e5fa3 100644
Username = "";
Password = null;
};
@@ -257,9 +267,9 @@ in
@@ -263,9 +267,9 @@ in
StoreConfig = { Engine = "sqlite"; };
HttpConfig = {
@ -135,7 +122,7 @@ index f4b5bbf643239..bf95ea65e5fa3 100644
};
IdpManagerConfig = {
@@ -334,11 +344,9 @@ in
@@ -340,11 +344,9 @@ in
default = "INFO";
description = "Log level of the netbird services.";
};
@ -148,7 +135,16 @@ index f4b5bbf643239..bf95ea65e5fa3 100644
warnings =
concatMap
(
@@ -373,7 +381,7 @@ in
@@ -368,7 +370,7 @@ in
assertions = [
{
- assertion = cfg.port != cfg.metricsPort;
+ assertion = cfg.management.port != cfg.management.metricsPort;
message = "The primary listen port cannot be the same as the listen port for the metrics endpoint";
}
];
@@ -386,7 +388,7 @@ in
serviceConfig = {
ExecStart = escapeSystemdExecArgs (
[
@ -157,7 +153,7 @@ index f4b5bbf643239..bf95ea65e5fa3 100644
"management"
# Config file
"--config"
@@ -383,25 +391,28 @@ in
@@ -396,28 +398,28 @@ in
"${stateDir}/data"
# DNS domain
"--dns-domain"
@ -167,8 +163,9 @@ index f4b5bbf643239..bf95ea65e5fa3 100644
"--port"
- cfg.port
+ cfg.management.port
+ # Port the internal prometheus server listens on
+ "--metrics-port"
# Port the internal prometheus server listens on
"--metrics-port"
- cfg.metricsPort
+ cfg.management.metricsPort
# Log to stdout
"--log-file"
@ -193,7 +190,7 @@ index f4b5bbf643239..bf95ea65e5fa3 100644
);
Restart = "always";
RuntimeDirectory = "netbird-mgmt";
@@ -434,27 +445,5 @@ in
@@ -450,27 +452,5 @@ in
stopIfChanged = false;
};
@ -521,7 +518,7 @@ index 3649e97b379e5..ffda72c0626a4 100644
+
+```
diff --git a/nixos/modules/services/networking/netbird/server.nix b/nixos/modules/services/networking/netbird/server.nix
index 1725374d03c6b..b481770071b82 100644
index 1725374d03c6b..237f70ba3327f 100644
--- a/nixos/modules/services/networking/netbird/server.nix
+++ b/nixos/modules/services/networking/netbird/server.nix
@@ -16,7 +16,7 @@ in
@ -565,7 +562,8 @@ index 1725374d03c6b..b481770071b82 100644
}
// (optionalAttrs cfg.coturn.enable rec {
turnDomain = cfg.domain;
turnPort = config.services.coturn.tls-listening-port;
- turnPort = config.services.coturn.tls-listening-port;
+ turnPort = config.services.coturn.listening-port;
# We cannot merge a list of attrsets so we have to redefine the whole list
settings = {
+ Signal.URI = mkDefault "${cfg.domain}:${builtins.toString cfg.signal.port}";
@ -600,19 +598,10 @@ index 1725374d03c6b..b481770071b82 100644
coturn = {
diff --git a/nixos/modules/services/networking/netbird/signal.nix b/nixos/modules/services/networking/netbird/signal.nix
index b53e9d40c2eed..fea778531850e 100644
index 3122b6c9fe5ff..cf19439e89271 100644
--- a/nixos/modules/services/networking/netbird/signal.nix
+++ b/nixos/modules/services/networking/netbird/signal.nix
@@ -15,7 +15,7 @@ let
mkOption
;
- inherit (lib.types) enum port str;
+ inherit (lib.types) enum port;
inherit (utils) escapeSystemdExecArgs;
@@ -26,14 +26,7 @@ in
@@ -31,14 +31,7 @@ in
options.services.netbird.server.signal = {
enable = mkEnableOption "Netbird's Signal Service";
@ -628,30 +617,7 @@ index b53e9d40c2eed..fea778531850e 100644
port = mkOption {
type = port;
@@ -41,6 +34,12 @@ in
description = "Internal port of the signal server.";
};
+ metricsPort = mkOption {
+ type = port;
+ default = 9091; # Upstream default is 9090 but this would clash for nixos where all services run on the same host
+ description = "Internal port of the signal metrics server.";
+ };
+
logLevel = mkOption {
type = enum [
"ERROR"
@@ -65,6 +64,9 @@ in
# Port to listen on
"--port"
cfg.port
+ # Port the metrics server listens on
+ "--metrics-port"
+ cfg.metricsPort
# Log to stdout
"--log-file"
"console"
@@ -101,23 +103,5 @@ in
@@ -134,23 +127,5 @@ in
stopIfChanged = false;
};
@ -761,7 +727,7 @@ index 887747437c22c..5589200d99078 100644
+ }
+)
diff --git a/pkgs/tools/networking/netbird/default.nix b/pkgs/tools/networking/netbird/default.nix
index b1d49675dbd8b..549df99400c44 100644
index 8cdcd68b4f444..1da9614bdadf8 100644
--- a/pkgs/tools/networking/netbird/default.nix
+++ b/pkgs/tools/networking/netbird/default.nix
@@ -1,33 +1,56 @@
@ -947,10 +913,10 @@ index b1d49675dbd8b..549df99400c44 100644
};
}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index fdeeb4ed343c7..16e29ee0d406e 100644
index 02fe78d397cce..ffa5a7cb3d6d0 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3032,6 +3032,11 @@ with pkgs;
@@ -2941,6 +2941,11 @@ with pkgs;
ui = true;
};

View file

@ -1,21 +0,0 @@
diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix
index a368b6eee2a6e..3f90ad99b7700 100644
--- a/nixos/modules/services/security/kanidm.nix
+++ b/nixos/modules/services/security/kanidm.nix
@@ -502,13 +502,13 @@ in
};
originUrl = mkOption {
- description = "The origin URL of the service. OAuth2 redirects will only be allowed to sites under this origin. Must end with a slash.";
+ description = "The redirect URL of the service. These need to exactly match the OAuth2 redirect target";
type =
let
- originStrType = types.strMatching ".*://.*/$";
+ originStrType = types.strMatching ".*://.*$";
in
types.either originStrType (types.nonEmptyListOf originStrType);
- example = "https://someservice.example.com/";
+ example = "https://someservice.example.com/auth/login";
};
originLanding = mkOption {

View file

@ -1,38 +0,0 @@
{
rustPlatform,
lib,
openssl,
pkg-config,
systemd,
fetchFromGitHub,
}:
rustPlatform.buildRustPackage {
name = "pr-tracker";
src = fetchFromGitHub {
owner = "patrickdag";
repo = "pr-tracker";
rev = "1be91285705bfdb55656db0835820cb034fe5010";
hash = "sha256-lPhp3Jq6YM8fi0WS/fJrCHdfdQFs5vdErdE5X80WAHE=";
};
cargoHash = "sha256-9bhKtg2g5H4zGn7yVCjTazeXfeoKjtAKAlzkLkCraiw=";
nativeBuildInputs = [ pkg-config ];
buildInputs = [
openssl
systemd
];
meta = with lib; {
description = "Nixpkgs pull request channel tracker";
longDescription = ''
A web server that displays the path a Nixpkgs pull request will take
through the various release channels.
'';
platforms = platforms.linux;
license = licenses.agpl3Plus;
maintainers = with maintainers; [ patrickdag ];
mainProgram = "pr-tracker";
};
}

View file

@ -1,53 +0,0 @@
function die {
echo "error: $*" >&2
exit 1
}
function show_help() {
echo ' Usage: build [OPTIONS] <host,...>'
echo 'Build the toplevel nixos configuration for hosts'
}
USER_FLAKE_DIR=$(git rev-parse --show-toplevel 2>/dev/null || pwd) ||
die "Could not determine current directory"
cd "$USER_FLAKE_DIR"
[[ $# -gt 0 ]] || {
show_help
exit 1
}
OPTIONS=()
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
case "$1" in
"help" | "--help" | "-h")
show_help
exit 1
;;
-*)
OPTIONS+=("$1")
;;
*)
POSITIONAL_ARGS+=("$1")
;;
esac
shift
done
[[ ! ${#POSITIONAL_ARGS[@]} -lt 1 ]] ||
die "Missing argument: <hosts,...>"
[[ ! ${#POSITIONAL_ARGS[@]} -gt 1 ]] ||
die "Too many arguments"
shopt -s lastpipe
tr , '\n' <<<"${POSITIONAL_ARGS[0]}" | sort -u | readarray -t HOSTS
NIXOS_CONFIGS=()
for host in "${HOSTS[@]}"; do
NIXOS_CONFIGS+=(".#nixosConfigurations.$host.config.system.build.toplevel")
done
echo -e "Building toplevels for \033[0;32m${#HOSTS[*]} hosts\033[0m"
nom build --print-out-paths --no-link "${OPTIONS[@]}" "${NIXOS_CONFIGS[@]}" ||
die "Failed building derivations"

View file

@ -1,16 +1,6 @@
_final: prev: {
scripts = {
clone-term = prev.callPackage ./clone-term.nix { };
deploy = prev.writeShellApplication {
name = "deploy";
runtimeInputs = [ prev.nvd ];
text = builtins.readFile ./deploy.sh;
};
build = prev.writeShellApplication {
name = "build";
runtimeInputs = [ prev.nix-output-monitor ];
text = builtins.readFile ./build.sh;
};
unlock = prev.writeShellApplication {
name = "unlock-builders";
runtimeInputs = [ ];
@ -26,7 +16,7 @@ _final: prev: {
runtimeInputs = [ ];
text = ''
nix flake update
nixp-meta update-prs
nim update-prs
'';
};
};

View file

@ -1,105 +0,0 @@
function die {
echo "error: $*" >&2
exit 1
}
function show_help() {
echo ' Usage: deploy [OPTIONS] <system[@host],...> [ACTION]'
echo ' Deploy a system as defined in the current flakes nixosSystem'
echo ' If host is not given use the system name as host'
echo ""
echo 'ACTION:'
echo ' switch [default] build, push and switch to the new configuration'
echo ' boot switch on next boot'
echo ' test switch to config but do not make it the boot default'
echo ' dry-activate just show what an activation would do'
echo ""
echo 'OPTIONS:'
echo ' --help show this help menu'
}
USER_FLAKE_DIR=$(git rev-parse --show-toplevel 2>/dev/null || pwd) ||
die "Could not determine current directory"
cd "$USER_FLAKE_DIR"
[[ $# -gt 0 ]] || {
show_help
exit 1
}
OPTIONS=()
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
case "$1" in
"help" | "--help" | "-h")
show_help
exit 1
;;
-*)
OPTIONS+=("$1")
;;
*)
POSITIONAL_ARGS+=("$1")
;;
esac
shift
done
[[ ! ${#POSITIONAL_ARGS[@]} -lt 1 ]] ||
die "Missing argument: <hosts,...>"
[[ ! ${#POSITIONAL_ARGS[@]} -gt 2 ]] ||
die "Too many arguments"
shopt -s lastpipe
tr , '\n' <<<"${POSITIONAL_ARGS[0]}" | sort -u | readarray -t HOSTS
ACTION="${POSITIONAL_ARGS[1]-switch}"
function main() {
local system
local host
if [[ $1 == *"@"* ]]; then
arr=()
echo -n "$1" | readarray -d "@" -t arr
system="${arr[0]}"
host="root@${arr[1]}"
else
system=$1
host=$system
fi
local config
config=".#nixosConfigurations.$system.config.system.build.toplevel"
local top_level
exec > >(
trap "" INT TERM
sed "s/^/$system: /"
)
exec 2> >(
trap "" INT TERM
sed "s/^/$system: /" >&2
)
top_level=$(nix build --no-link --print-out-paths "${OPTIONS[@]}" "$config" || die "Failed building derivation for $system")
echo -e "Copying toplevel for \033[0;32m$system\033[0m"
nix copy --to "ssh://$host" "$top_level" ||
die "Failed copying closure to $system"
echo -e "Applying toplevel for \033[0;32m$system\033[0m"
(
prev_system=$(ssh "$host" -- readlink -e /nix/var/nix/profiles/system)
ssh "$host" -- /run/current-system/sw/bin/nix-env --profile /nix/var/nix/profiles/system --set "$top_level" ||
die "Error registering toplevel $system"
ssh "$host" -- "$top_level/bin/switch-to-configuration" "$ACTION" ||
die "Error activating toplevel for $system"
if [[ -n "$prev_system" ]]; then
ssh "$host" -- nvd --color always diff "$prev_system" "$top_level"
fi
)
}
echo -e "Building toplevels for \033[0;32m${#HOSTS[*]} hosts\033[0m"
for host in "${HOSTS[@]}"; do
main "$host" &
done
wait

4
pr.txt
View file

@ -1,4 +0,0 @@
355216 # nixos/kanidm: allow origin url ending without slash
354032 # netbird: rework server and include new component
339370 # beatsabermodmanager: 0.0.5 -> 0.0.7
345883 # beatsabermodmanager: add desktop files

View file

@ -6,7 +6,6 @@
hm.home = {
packages = with pkgs; [
bashInteractive
beatsabermodmanager
chatterino2
chromium
cmatrix
@ -54,7 +53,7 @@
xdg.configFile."mpv/mpv.conf".text = ''
vo=gpu-next
hwdec=auto-safe
volume=50
volume=80
'';
xdg.configFile."mpv/input.conf".text = ''
UP add volume 2

View file

@ -51,7 +51,7 @@
'';
};
packages = with pkgs; [
(nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
nerd-fonts.symbols-only
ibm-plex
dejavu_fonts
unifont
@ -93,7 +93,10 @@
autoEnable = false;
polarity = "dark";
image = config.lib.stylix.pixel "base00";
base16Scheme = "${pkgs.base16-schemes}/share/themes/vice.yaml";
base16Scheme = {
yaml = "${pkgs.base16-schemes}/share/themes/vice.yaml";
use-ifd = "auto";
};
# Has to be green
override.base0B = "#00CC99";
#base16Scheme = {