From 238f7d800ed605eb17e6c462f09e3cb836e9a6a2 Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Wed, 11 Sep 2024 18:01:30 +0300 Subject: [PATCH] upgrade system --- flake.lock | 419 +++++++++++++----------- flake.nix | 6 +- machines/AMD-Workstation/default.nix | 4 +- patches/fix-args-override.patch | 108 ------ patches/netbird-24.11.patch | 76 ++--- patches/pahole-fix.patch | 28 -- patches/vaultwarden-24.05.patch | 79 ----- patches/vaultwarden.patch | 39 --- patches/zfs-2.2.5.patch | 87 +---- profiles/applications/home-apps.nix | 7 +- profiles/servers/vaultwarden.nix | 8 +- profiles/workspace/hyprland/default.nix | 2 +- 12 files changed, 270 insertions(+), 593 deletions(-) delete mode 100644 patches/fix-args-override.patch delete mode 100644 patches/pahole-fix.patch delete mode 100644 patches/vaultwarden-24.05.patch delete mode 100644 patches/vaultwarden.patch diff --git a/flake.lock b/flake.lock index 770aa56..8be6e55 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1722680456, - "narHash": "sha256-q3ZxjLD/6WnAGwihLlRLoEzIEaVE1AqnH5h1TePYP/I=", + "lastModified": 1725712445, + "narHash": "sha256-m0sOGHvkKCzO+EzHOjpQ/Lvkp126Rt6vwioCTwV95Yg=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "54264a57d0c58afd12888eb1c576f96ca811530c", + "rev": "49e1dd54d3ac9b858d3be597a2fbc48ab67fa6e8", "type": "github" }, "original": { @@ -26,11 +26,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1723018841, - "narHash": "sha256-EFm+tOPiWfuwgn/4i7TQVm9NEokxnMyFrVPw9QDZT00=", + "lastModified": 1723710142, + "narHash": "sha256-2dIz02Upb7k6c6jx41JtLwvGoKFZanu7vS/ZwMW6m+I=", "owner": "AtaraxiaSjel", "repo": "nur", - "rev": "97044ef6eba22708d705383dc0c3c6760e266cde", + "rev": "433c9d20d40ee728f5a57bc18dd70b714a7d2ff3", "type": "github" }, "original": { @@ -43,16 +43,17 @@ "inputs": { "crane": "crane", "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", "flake-utils": "flake-utils", "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1722472866, - "narHash": "sha256-GJIz4M5HDB948Ex/8cPvbkrNzl/eKUE7/c21JBu4lb8=", + "lastModified": 1725300620, + "narHash": "sha256-IdM+pZ6BnmD3o1fTJZ2BD43k7dwi1BbVfLDLpM1nE5s=", "owner": "zhaofengli", "repo": "attic", - "rev": "e127acbf9a71ebc0c26bc8e28346822e0a6e16ba", + "rev": "bea72d75b6165dfb529ba0c39cc6c7e9c7f0d234", "type": "github" }, "original": { @@ -148,11 +149,11 @@ }, "catppuccin": { "locked": { - "lastModified": 1722997334, - "narHash": "sha256-vE5FcKVQ3E0txJKt5w3vOlfcN1XoTAlxK9PnQ/CJavA=", + "lastModified": 1725509983, + "narHash": "sha256-NHCgHVqumPraFJnLrkanoLDuhOoUHUvRhvp/RIHJR+A=", "owner": "catppuccin", "repo": "nix", - "rev": "66f4ea170093b62f319f41cebd2337a51b225c5a", + "rev": "45745fe5960acaefef2b60f3455bcac6a0ca6bc9", "type": "github" }, "original": { @@ -166,11 +167,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1722939363, - "narHash": "sha256-qNHJzxdVf8uoV686fmK7DaTztALCyTh7erP/lYb60hg=", + "lastModified": 1724583234, + "narHash": "sha256-bnCFpZVjSZLoPKodT4mUR1DGhdyerfugG+3YKqS74Qw=", "owner": "catppuccin", "repo": "vscode", - "rev": "2d7388ffe7321f588b2f54e2ffaab9fb7c9dde14", + "rev": "67ce281b989c57bc09c91b6c812e1a73a2a40e34", "type": "github" }, "original": { @@ -182,19 +183,20 @@ "chaotic": { "inputs": { "compare-to": "compare-to", + "fenix": "fenix", "flake-schemas": "flake-schemas", "home-manager": "home-manager", "jovian": "jovian", "nixpkgs": "nixpkgs_5", - "systems": "systems", + "systems": "systems_2", "yafas": "yafas" }, "locked": { - "lastModified": 1722963859, - "narHash": "sha256-TQ5sQ+PX0OeMZx+nYBA0CL3R9Yv6MupLzFU0iQrGGrc=", + "lastModified": 1725710428, + "narHash": "sha256-hs5ODrueWiOVodL1vPRThb923c7xrgp7AFNSzcF1ntw=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "f41d02a7ca6433c98fac378569617f2652628624", + "rev": "66319c46247edfa0e00d6804c3c3385c32c4cce1", "type": "github" }, "original": { @@ -226,11 +228,11 @@ ] }, "locked": { - "lastModified": 1717025063, - "narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=", + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", "owner": "ipetkov", "repo": "crane", - "rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", "type": "github" }, "original": { @@ -268,11 +270,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1722937792, - "narHash": "sha256-gyudaKQ8oBk13wIRGNWEkoiw6F+RMsZxHXxCsyHtIic=", + "lastModified": 1725637114, + "narHash": "sha256-+hsiHWbqkS098soB1o4URP3frnjhoRvyVfWs6byv4Zk=", "owner": "cachix", "repo": "devenv", - "rev": "bc9926e2cbef29c927b0a959bed5eeba2b55d648", + "rev": "c31e347a96dbb7718a0279afa993752a7dfc6a39", "type": "github" }, "original": { @@ -319,11 +321,11 @@ ] }, "locked": { - "lastModified": 1722821805, - "narHash": "sha256-FGrUPUD+LMDwJsYyNSxNIzFMldtCm8wXiQuyL2PHSrM=", + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", "owner": "nix-community", "repo": "disko", - "rev": "0257e44f4ad472b54f19a6dd1615aee7fa48ed49", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", "type": "github" }, "original": { @@ -332,6 +334,28 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": [ + "chaotic", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1725517947, + "narHash": "sha256-sB8B3M6CS0Y0rnncsCPz0htg6LoC1RbI2Mq9K88tSOk=", + "owner": "nix-community", + "repo": "fenix", + "rev": "96072c2af73da16c7db013dbb8c8869000157235", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -351,11 +375,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -477,7 +501,10 @@ }, "flake-parts": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "attic", + "nixpkgs" + ] }, "locked": { "lastModified": 1722555600, @@ -495,17 +522,14 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": [ - "nix-direnv", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1725234343, + "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", "type": "github" }, "original": { @@ -516,14 +540,17 @@ }, "flake-parts_3": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" + "nixpkgs-lib": [ + "nix-direnv", + "nixpkgs" + ] }, "locked": { - "lastModified": 1714641030, - "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", + "lastModified": 1725234343, + "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", + "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", "type": "github" }, "original": { @@ -534,17 +561,14 @@ }, "flake-parts_4": { "inputs": { - "nixpkgs-lib": [ - "prismlauncher", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -584,12 +608,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -633,7 +660,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1689068808, @@ -651,7 +678,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1710146030, @@ -684,7 +711,7 @@ }, "flake-utils_6": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1710146030, @@ -702,7 +729,7 @@ }, "flake-utils_7": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1710146030, @@ -740,28 +767,6 @@ "type": "github" } }, - "gitignore_2": { - "inputs": { - "nixpkgs": [ - "prismlauncher", - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -770,11 +775,11 @@ ] }, "locked": { - "lastModified": 1722630065, - "narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "afc892db74d65042031a093adb6010c4c3378422", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -790,11 +795,11 @@ ] }, "locked": { - "lastModified": 1723015306, - "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=", + "lastModified": 1725694918, + "narHash": "sha256-+HsjshXpqNiJHLaJaK0JnIicJ/a1NquKcfn4YZ3ILgg=", "owner": "nix-community", "repo": "home-manager", - "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e", + "rev": "aaebdea769a5c10f1c6e50ebdf5924c1a13f0cda", "type": "github" }, "original": { @@ -805,11 +810,11 @@ }, "impermanence": { "locked": { - "lastModified": 1719091691, - "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=", + "lastModified": 1725690722, + "narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=", "owner": "nix-community", "repo": "impermanence", - "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a", + "rev": "63f4d0443e32b0dd7189001ee1894066765d18a5", "type": "github" }, "original": { @@ -827,11 +832,11 @@ ] }, "locked": { - "lastModified": 1722666143, - "narHash": "sha256-uTr3LiytFHFUYmIrhs5NoGlm5DCJxQlfyaZEKCU/DS8=", + "lastModified": 1725153537, + "narHash": "sha256-8+BJdXM1WBAttY+C63pEMUmUtSEWXHEhXOkLK4k1s2E=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "bcfe9dc708c92590fec676692b3ed79443eda819", + "rev": "b13488a1f8ab01db6a3d18629f7b22a430f03984", "type": "github" }, "original": { @@ -930,11 +935,11 @@ ] }, "locked": { - "lastModified": 1722576181, - "narHash": "sha256-0YYH6dTJK+mzqH7KvXep5Zv/qjHCGv+hM1eLMd0aBM4=", + "lastModified": 1725216861, + "narHash": "sha256-GaCobLXfPYBuhxy2TdlEDAfS3PD4mrUj6NQIPOzQq48=", "owner": "thiagokokada", "repo": "nix-alien", - "rev": "5d41c9c1aac104c15d06808f0c35c23e26809875", + "rev": "f92c20327b240ce2098d227c3674d7c02beea51b", "type": "github" }, "original": { @@ -945,16 +950,16 @@ }, "nix-direnv": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "nixpkgs": "nixpkgs_11", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1720977067, - "narHash": "sha256-Sp3hvtEGFZvJvMEyBuj9x3dDi0L0jpCV1gGVck+CjOQ=", + "lastModified": 1725391975, + "narHash": "sha256-NNBXRLt+ihPOfx+HRAMt0T+0BGSt+zaw3IP1lFy+hLM=", "owner": "nix-community", "repo": "nix-direnv", - "rev": "104a5075a182b5fb15a4e33e21e6c5b869a5151f", + "rev": "9048810b54e67b13aa090d01984d0b3e45a19fce", "type": "github" }, "original": { @@ -965,7 +970,7 @@ }, "nix-fast-build": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], @@ -1000,6 +1005,21 @@ "type": "github" } }, + "nix-filter_2": { + "locked": { + "lastModified": 1710156097, + "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, "nix-github-actions": { "inputs": { "nixpkgs": [ @@ -1055,11 +1075,11 @@ ] }, "locked": { - "lastModified": 1720926593, - "narHash": "sha256-fW6e27L6qY6s+TxInwrS2EXZZfhMAlaNqT0sWS49qMA=", + "lastModified": 1723352546, + "narHash": "sha256-WTIrvp0yV8ODd6lxAq4F7EbrPQv0gscBnyfn559c3k8=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "5fe5b0cdf1268112dc96319388819b46dc051ef4", + "rev": "ec78079a904d7d55e81a0468d764d0fffb50ac06", "type": "github" }, "original": { @@ -1077,11 +1097,11 @@ ] }, "locked": { - "lastModified": 1722994187, - "narHash": "sha256-K5V2N5HkGaLpf5StNbtKBM6O9K+CYF/8F8hlGUVgiKk=", + "lastModified": 1725672853, + "narHash": "sha256-z1O6dzCJ27OZpF680tZL0mQphQETdg4DTryvhFOpZyA=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "6fc50b0716bc415cfd1bc81bb9e198d78cd03b3d", + "rev": "efd33fc8e5a149dd48d86ca6003b51ab3ce4ae21", "type": "github" }, "original": { @@ -1139,11 +1159,11 @@ }, "nixlib": { "locked": { - "lastModified": 1722732880, - "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=", + "lastModified": 1725152544, + "narHash": "sha256-Tm344cnFM9f2YZsgWtJduvhIrvLr3Bi8J4Xc+UZDKYE=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c", + "rev": "7f0b9e4fbd91826cb9ce6babbc11c87903191051", "type": "github" }, "original": { @@ -1160,11 +1180,11 @@ ] }, "locked": { - "lastModified": 1722819251, - "narHash": "sha256-f99it92NQSZsrZ8AYbiwAUfrtb/ZpZRqUsl4q6rMA5s=", + "lastModified": 1725497951, + "narHash": "sha256-fayKyVs/9FQdYH+3SCOkQM1GCsEPPVE+lSiVGlYQ7i0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "c8c3a20b8191819219dba1af79388aa6d555f634", + "rev": "15a07ebf4a041bf232026263f1f96f2af390f3bc", "type": "github" }, "original": { @@ -1191,14 +1211,14 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1722555339, - "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", + "lastModified": 1725233747, + "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" } }, "nixpkgs-lib_2": { @@ -1215,11 +1235,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1723031421, - "narHash": "sha256-Q4iMzihS+4mzCadp+ADr782Jrd1Mgvr7lLZbkWx33Hw=", + "lastModified": 1725720169, + "narHash": "sha256-EvXzs22ev6UxTnLIKbtZOEJhGkQQVHr6OcFlH96UDkA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1602c0d3c0247d23eb7ca501c3e592aa1762e37b", + "rev": "d1f2bc29317e05baea8db6379766a3b334f373ed", "type": "github" }, "original": { @@ -1279,16 +1299,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -1311,11 +1331,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1722869614, - "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", + "lastModified": 1725407940, + "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", + "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", "type": "github" }, "original": { @@ -1359,11 +1379,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1720368505, - "narHash": "sha256-5r0pInVo5d6Enti0YwUSQK4TebITypB42bWy5su3MrQ=", + "lastModified": 1725194671, + "narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab82a9612aa45284d4adf69ee81871a389669a9e", + "rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c", "type": "github" }, "original": { @@ -1375,11 +1395,11 @@ }, "nixpkgs_12": { "locked": { - "lastModified": 1722813957, - "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -1391,11 +1411,11 @@ }, "nixpkgs_13": { "locked": { - "lastModified": 1720768451, - "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", + "lastModified": 1724224976, + "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", + "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "type": "github" }, "original": { @@ -1407,11 +1427,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1711401922, - "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", + "lastModified": 1724999960, + "narHash": "sha256-LB3jqSGW5u1ZcUcX6vO/qBOq5oXHlmOCxsTXGMEitp4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", + "rev": "b96f849e725333eb2b1c7f1cb84ff102062468ba", "type": "github" }, "original": { @@ -1455,11 +1475,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1722813957, - "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", + "lastModified": 1725432240, + "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", + "rev": "ad416d066ca1222956472ab7d0555a6946746a80", "type": "github" }, "original": { @@ -1586,50 +1606,19 @@ "type": "github" } }, - "pre-commit-hooks_2": { - "inputs": { - "flake-compat": [ - "prismlauncher", - "flake-compat" - ], - "gitignore": "gitignore_2", - "nixpkgs": [ - "prismlauncher", - "nixpkgs" - ], - "nixpkgs-stable": [ - "prismlauncher", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1720524665, - "narHash": "sha256-ni/87oHPZm6Gv0ECYxr1f6uxB0UKBWJ6HvS7lwLU6oY=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "8d6a17d0cdf411c55f12602624df6368ad86fac1", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "prismlauncher": { "inputs": { "flake-compat": "flake-compat_9", - "flake-parts": "flake-parts_4", "libnbtplusplus": "libnbtplusplus", - "nixpkgs": "nixpkgs_13", - "pre-commit-hooks": "pre-commit-hooks_2" + "nix-filter": "nix-filter_2", + "nixpkgs": "nixpkgs_13" }, "locked": { - "lastModified": 1722050029, - "narHash": "sha256-FoFsw+BhdJAtiT+tVmyOT6GFw7pCFy2Ox1JXBt5ZwME=", + "lastModified": 1725073933, + "narHash": "sha256-Df1081xMlVpFDV5YOqjk/VX8ImXRGLZP8JLhEvemrb4=", "owner": "AtaraxiaSjel", "repo": "PrismLauncher", - "rev": "67aede29f4e4271e566189e7a85a943401aa543e", + "rev": "9be4b9a39df3ee40f761f10b9efb5c07b0e474bc", "type": "github" }, "original": { @@ -1653,7 +1642,7 @@ "deploy-rs": "deploy-rs", "devenv": "devenv", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "flake-registry": "flake-registry", "home-manager": "home-manager_2", "impermanence": "impermanence", @@ -1670,6 +1659,23 @@ "sops-nix": "sops-nix" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1725444219, + "narHash": "sha256-VjItfg2kZJ2to3bnNlkWAClKQLssIi86QcE1/vcRvv0=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "50882fbfa204027c84753e6d51a1a12884dc1b19", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -1678,11 +1684,11 @@ "nixpkgs-stable": "nixpkgs-stable_4" }, "locked": { - "lastModified": 1722897572, - "narHash": "sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb+N4Ap4=", + "lastModified": 1725540166, + "narHash": "sha256-htc9rsTMSAY5ek+DB3tpntdD/es0eam2hJgO92bWSys=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9", + "rev": "d9d781523a1463965cd1e1333a306e70d9feff07", "type": "github" }, "original": { @@ -1692,21 +1698,6 @@ } }, "systems": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_2": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1721,6 +1712,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, "systems_3": { "locked": { "lastModified": 1681028828, @@ -1781,6 +1787,21 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1789,11 +1810,11 @@ ] }, "locked": { - "lastModified": 1720374026, - "narHash": "sha256-ludjqxhR/5lXwJ1H6zHmZqp+4e8dFPHE9FIZ2eBh2G4=", + "lastModified": 1724833132, + "narHash": "sha256-F4djBvyNRAXGusJiNYInqR6zIMI3rvlp6WiKwsRISos=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e1d7bd5ec6fc389eb3a90e232c4150338bf6a508", + "rev": "3ffd842a5f50f435d3e603312eefa4790db46af5", "type": "github" }, "original": { @@ -1825,7 +1846,7 @@ }, "utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1701680307, diff --git a/flake.nix b/flake.nix index 86cecaf..6803228 100644 --- a/flake.nix +++ b/flake.nix @@ -161,14 +161,10 @@ unstable-patches = shared-patches ++ patchesPath [ "netbird-24.11.patch" "onlyoffice.patch" - "vaultwarden.patch" # "zen-kernels.patch" - "fix-args-override.patch" - "zfs-2.2.5.patch" - "pahole-fix.patch" ]; stable-patches = shared-patches ++ patchesPath [ - "netbird-24.05.patch" "vaultwarden-24.05.patch" + "netbird-24.05.patch" ]; in { customModules = builtins.listToAttrs (findModules ./modules); diff --git a/machines/AMD-Workstation/default.nix b/machines/AMD-Workstation/default.nix index a850f55..2bfa1b8 100644 --- a/machines/AMD-Workstation/default.nix +++ b/machines/AMD-Workstation/default.nix @@ -2,12 +2,12 @@ imports = with inputs.self; [ ./boot.nix ./hardware-configuration.nix - ./kernel + # ./kernel customRoles.workstation customProfiles.a2ln-server customProfiles.act - customProfiles.attic + # customProfiles.attic customProfiles.bluetooth customProfiles.cassowary customProfiles.emulators diff --git a/patches/fix-args-override.patch b/patches/fix-args-override.patch deleted file mode 100644 index 73ba300..0000000 --- a/patches/fix-args-override.patch +++ /dev/null @@ -1,108 +0,0 @@ -diff --git a/pkgs/os-specific/linux/kernel/update-zen.py b/pkgs/os-specific/linux/kernel/update-zen.py -index 3c51f806d..a8a363761 100755 ---- a/pkgs/os-specific/linux/kernel/update-zen.py -+++ b/pkgs/os-specific/linux/kernel/update-zen.py -@@ -64,16 +64,16 @@ def update_file(relpath, variant, version, suffix, sha256): - for line in f: - result = line - result = re.sub( -- fr'^ version = ".+"; #{variant}', -- f' version = "{version}"; #{variant}', -+ fr'^ version = ".+"; #{variant}', -+ f' version = "{version}"; #{variant}', - result) - result = re.sub( -- fr'^ suffix = ".+"; #{variant}', -- f' suffix = "{suffix}"; #{variant}', -+ fr'^ suffix = ".+"; #{variant}', -+ f' suffix = "{suffix}"; #{variant}', - result) - result = re.sub( -- fr'^ sha256 = ".+"; #{variant}', -- f' sha256 = "{sha256}"; #{variant}', -+ fr'^ sha256 = ".+"; #{variant}', -+ f' sha256 = "{sha256}"; #{variant}', - result) - print(result, end='') - -diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix -index 3acf40121..9e2c968ac 100644 ---- a/pkgs/os-specific/linux/kernel/zen-kernels.nix -+++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix -@@ -1,20 +1,22 @@ --{ lib, stdenv, fetchFromGitHub, buildLinux, ... } @ args: -+{ lib, stdenv, fetchFromGitHub, buildLinux, variant, ... } @ args: - - let - # comments with variant added for update script -- # ./update-zen.py zen -- zenVariant = { -- version = "6.10.1"; #zen -- suffix = "zen1"; #zen -- sha256 = "0lr9qjz4hlvx3yc0lj65fnmbciyh6symycbi9ass761l1niswbk5"; #zen -- isLqx = false; -- }; -- # ./update-zen.py lqx -- lqxVariant = { -- version = "6.9.11"; #lqx -- suffix = "lqx1"; #lqx -- sha256 = "0i6i0ak10gswlk60pnkn5dlz74g4nd7n1xbnvf24nnwwp69kkd44"; #lqx -- isLqx = true; -+ variants = { -+ # ./update-zen.py zen -+ zen = { -+ version = "6.10.1"; #zen -+ suffix = "zen1"; #zen -+ sha256 = "0lr9qjz4hlvx3yc0lj65fnmbciyh6symycbi9ass761l1niswbk5"; #zen -+ isLqx = false; -+ }; -+ # ./update-zen.py lqx -+ lqx = { -+ version = "6.9.11"; #lqx -+ suffix = "lqx1"; #lqx -+ sha256 = "0i6i0ak10gswlk60pnkn5dlz74g4nd7n1xbnvf24nnwwp69kkd44"; #lqx -+ isLqx = true; -+ }; - }; - zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // { - inherit version; -@@ -123,7 +125,4 @@ let - - } // (args.argsOverride or { })); - in --{ -- zen = zenKernelsFor zenVariant; -- lqx = zenKernelsFor lqxVariant; --} -+zenKernelsFor variants.${variant} -\ No newline at end of file -diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix -index bc80ec658..edc94fc34 100644 ---- a/pkgs/top-level/linux-kernels.nix -+++ b/pkgs/top-level/linux-kernels.nix -@@ -227,19 +227,21 @@ in { - # https://github.com/NixOS/nixpkgs/pull/161773#discussion_r820134708 - zenKernels = callPackage ../os-specific/linux/kernel/zen-kernels.nix; - -- linux_zen = (zenKernels { -+ linux_zen = zenKernels { -+ variant = "zen"; - kernelPatches = [ - kernelPatches.bridge_stp_helper - kernelPatches.request_key_helper - ]; -- }).zen; -+ }; - -- linux_lqx = (zenKernels { -+ linux_lqx = zenKernels { -+ variant = "lqx"; - kernelPatches = [ - kernelPatches.bridge_stp_helper - kernelPatches.request_key_helper - ]; -- }).lqx; -+ }; - - # This contains the variants of the XanMod kernel - xanmodKernels = callPackage ../os-specific/linux/kernel/xanmod-kernels.nix { diff --git a/patches/netbird-24.11.patch b/patches/netbird-24.11.patch index be06472..c43d196 100644 --- a/patches/netbird-24.11.patch +++ b/patches/netbird-24.11.patch @@ -1,43 +1,8 @@ -From dc09dca1f66c940060825868dbeeeaa865c79744 Mon Sep 17 00:00:00 2001 -From: Krzysztof Nazarewski -Date: Tue, 2 Apr 2024 12:04:11 +0200 -Subject: [PATCH 1/2] netbird-ui: fix incorrect meta.mainProgram - ---- - pkgs/tools/networking/netbird/default.nix | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/pkgs/tools/networking/netbird/default.nix b/pkgs/tools/networking/netbird/default.nix -index b10663216e035b..905247c2d4bdc1 100644 ---- a/pkgs/tools/networking/netbird/default.nix -+++ b/pkgs/tools/networking/netbird/default.nix -@@ -111,6 +111,6 @@ buildGoModule rec { - description = "Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls"; - license = licenses.bsd3; - maintainers = with maintainers; [ misuzu ]; -- mainProgram = "netbird"; -+ mainProgram = if ui then "netbird-ui" else "netbird"; - }; - } - -From 835617072b8bc1ffe1be551696d9e8d2ce193a60 Mon Sep 17 00:00:00 2001 -From: Krzysztof Nazarewski -Date: Tue, 2 Apr 2024 12:01:25 +0200 -Subject: [PATCH 2/2] nixos/netbird: harden and extend options - ---- - .../manual/release-notes/rl-2405.section.md | 2 +- - .../manual/release-notes/rl-2411.section.md | 3 + - nixos/modules/services/networking/netbird.md | 72 ++- - nixos/modules/services/networking/netbird.nix | 507 +++++++++++++++--- - nixos/tests/netbird.nix | 26 +- - 5 files changed, 503 insertions(+), 107 deletions(-) - diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md -index b1b18b35e9c281..096bd6a2f2cc15 100644 +index 3bb993ec33c6..91a91beb34d6 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md -@@ -698,7 +698,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi +@@ -709,7 +709,7 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi and `services.kavita.settings.IpAddresses`. The file at `services.kavita.tokenKeyFile` now needs to contain a secret with 512+ bits instead of 128+ bits. @@ -47,21 +12,21 @@ index b1b18b35e9c281..096bd6a2f2cc15 100644 - `services.nginx.virtualHosts` using `forceSSL` or `globalRedirect` can now have redirect codes other than 301 through `redirectCode`. diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md -index 2de4cf4d08af2d..a5d3566fe9bd87 100644 +index dd2db8de5a33..daef530c8993 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md -@@ -98,6 +98,9 @@ - support, which is the intended default behavior by Tracy maintainers. - X11 users have to switch to the new package `tracy-x11`. +@@ -248,6 +248,9 @@ + + - `tests.overriding` has its `passthru.tests` restructured as an attribute set instead of a list, making individual tests accessible by their names. +- `services.netbird.tunnels` was renamed to [`services.netbird.clients`](#opt-services.netbird.clients), + hardened (using dedicated less-privileged users) and significantly extended. + - ## Other Notable Changes {#sec-release-24.11-notable-changes} - - + - `vaultwarden` lost the capability to bind to privileged ports. If you rely on + this behavior, override the systemd unit to allow `CAP_NET_BIND_SERVICE` in + your local configuration. diff --git a/nixos/modules/services/networking/netbird.md b/nixos/modules/services/networking/netbird.md -index e1f6753cbd30cc..876c27cb0d22e7 100644 +index e1f6753cbd30..876c27cb0d22 100644 --- a/nixos/modules/services/networking/netbird.md +++ b/nixos/modules/services/networking/netbird.md @@ -2,7 +2,7 @@ @@ -174,7 +139,7 @@ index e1f6753cbd30cc..876c27cb0d22e7 100644 +through environment variables, but special care needs to be taken for overriding config location and +daemon address due [hardened](#opt-services.netbird.clients._name_.hardened) option. diff --git a/nixos/modules/services/networking/netbird.nix b/nixos/modules/services/networking/netbird.nix -index e68c39946fe3b5..0160a8964aecad 100644 +index e68c39946fe3..dae0936deb4f 100644 --- a/nixos/modules/services/networking/netbird.nix +++ b/nixos/modules/services/networking/netbird.nix @@ -1,72 +1,155 @@ @@ -350,7 +315,7 @@ index e68c39946fe3b5..0160a8964aecad 100644 } ''; description = '' -@@ -74,97 +157,361 @@ in +@@ -74,97 +157,364 @@ in ''; }; @@ -726,10 +691,13 @@ index e68c39946fe3b5..0160a8964aecad 100644 + })); + + # see https://github.com/systemd/systemd/blob/17f3e91e8107b2b29fe25755651b230bbc81a514/src/resolve/org.freedesktop.resolve1.policy#L43-L43 ++ # see all actions used at https://github.com/netbirdio/netbird/blob/13e7198046a0d73a9cd91bf8e063fafb3d41885c/client/internal/dns/systemd_linux.go#L29-L32 + security.polkit.extraConfig = mkIf config.services.resolved.enable '' + // systemd-resolved access for Netbird clients + polkit.addRule(function(action, subject) { + var actions = [ ++ "org.freedesktop.resolve1.revert", ++ "org.freedesktop.resolve1.set-default-route", + "org.freedesktop.resolve1.set-dns-servers", + "org.freedesktop.resolve1.set-domains", + ]; @@ -776,7 +744,7 @@ index e68c39946fe3b5..0160a8964aecad 100644 ]; } diff --git a/nixos/tests/netbird.nix b/nixos/tests/netbird.nix -index 7342e8d04a39c3..063fff6d42f031 100644 +index 7342e8d04a39..063fff6d42f0 100644 --- a/nixos/tests/netbird.nix +++ b/nixos/tests/netbird.nix @@ -12,10 +12,32 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: @@ -814,3 +782,15 @@ index 7342e8d04a39c3..063fff6d42f031 100644 + Peers count: 0/0 Connected + */ }) +diff --git a/pkgs/tools/networking/netbird/default.nix b/pkgs/tools/networking/netbird/default.nix +index c4bce67ff89d..7a27c2bbef10 100644 +--- a/pkgs/tools/networking/netbird/default.nix ++++ b/pkgs/tools/networking/netbird/default.nix +@@ -111,6 +111,6 @@ buildGoModule rec { + description = "Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls"; + license = licenses.bsd3; + maintainers = with maintainers; [ misuzu vrifox ]; +- mainProgram = "netbird"; ++ mainProgram = if ui then "netbird-ui" else "netbird"; + }; + } diff --git a/patches/pahole-fix.patch b/patches/pahole-fix.patch deleted file mode 100644 index 36bb0fc..0000000 --- a/patches/pahole-fix.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b0b178fc293ad71c35d3ac84e8ac856bd0d3492b Mon Sep 17 00:00:00 2001 -From: Dominique Martinet -Date: Fri, 2 Aug 2024 04:34:00 +0900 -Subject: [PATCH] pahole: fix clang kernel build - -This should fix clang builds for real this time - -Reported-by: PedroHLC ---- - pkgs/by-name/pa/pahole/package.nix | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/pkgs/by-name/pa/pahole/package.nix b/pkgs/by-name/pa/pahole/package.nix -index 14a31958c0e2c14..d82c76eb769c9ef 100644 ---- a/pkgs/by-name/pa/pahole/package.nix -+++ b/pkgs/by-name/pa/pahole/package.nix -@@ -36,6 +36,11 @@ stdenv.mkDerivation rec { - url = "https://github.com/acmel/dwarves/commit/6a2b27c0f512619b0e7a769a18a0fb05bb3789a5.patch"; - hash = "sha256-Le1BAew/a/QKkYNLgSQxEvZ9mEEglUw8URwz1kiheeE="; - }) -+ (fetchpatch { -+ name = "fix-clang-btf-generation-bug-2.patch"; -+ url = "https://github.com/acmel/dwarves/commit/94a01bde592c555b3eb526aeb4c2ad695c5660d8.patch"; -+ hash = "sha256-SMIxLEBjBkprAqVNX1h7nXxAsgbwvCD/Bz7c1ekwg5w="; -+ }) - ]; - - # Put libraries in "lib" subdirectory, not top level of $out diff --git a/patches/vaultwarden-24.05.patch b/patches/vaultwarden-24.05.patch deleted file mode 100644 index 457ba0b..0000000 --- a/patches/vaultwarden-24.05.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix -index b2920931f..443b8421b 100644 ---- a/nixos/modules/services/security/vaultwarden/default.nix -+++ b/nixos/modules/services/security/vaultwarden/default.nix -@@ -23,7 +23,7 @@ let - configEnv = lib.concatMapAttrs (name: value: lib.optionalAttrs (value != null) { - ${nameToEnvVar name} = if lib.isBool value then lib.boolToString value else toString value; - }) cfg.config; -- in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") { -+ in { DATA_FOLDER = cfg.dataDir; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") { - WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault"; - } // configEnv; - -@@ -163,6 +163,16 @@ in { - defaultText = lib.literalExpression "pkgs.vaultwarden.webvault"; - description = "Web vault package to use."; - }; -+ -+ dataDir = lib.mkOption { -+ type = lib.types.str; -+ default = "/var/lib/bitwarden_rs"; -+ description = '' -+ The directury in which vaultwarden will keep its state. If left as the default value -+ this directory will automatically be created before the vaultwarden server starts, otherwise -+ the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions. -+ ''; -+ }; - }; - - config = lib.mkIf cfg.enable { -@@ -180,28 +190,32 @@ in { - systemd.services.vaultwarden = { - after = [ "network.target" ]; - path = with pkgs; [ openssl ]; -- serviceConfig = { -- User = user; -- Group = group; -- EnvironmentFile = [ configFile ] ++ lib.optional (cfg.environmentFile != null) cfg.environmentFile; -- ExecStart = "${vaultwarden}/bin/vaultwarden"; -- LimitNOFILE = "1048576"; -- PrivateTmp = "true"; -- PrivateDevices = "true"; -- ProtectHome = "true"; -- ProtectSystem = "strict"; -- AmbientCapabilities = "CAP_NET_BIND_SERVICE"; -- StateDirectory = "bitwarden_rs"; -- StateDirectoryMode = "0700"; -- Restart = "always"; -- }; -+ serviceConfig = lib.mkMerge [ -+ (lib.mkIf (cfg.dataDir == "/var/lib/bitwarden_rs") { -+ StateDirectory = "bitwarden_rs"; -+ StateDirectoryMode = "0700"; -+ }) -+ { -+ User = user; -+ Group = group; -+ EnvironmentFile = [ configFile ] ++ lib.optional (cfg.environmentFile != null) cfg.environmentFile; -+ ExecStart = "${vaultwarden}/bin/vaultwarden"; -+ LimitNOFILE = "1048576"; -+ PrivateTmp = "true"; -+ PrivateDevices = "true"; -+ ProtectHome = "true"; -+ ProtectSystem = "strict"; -+ AmbientCapabilities = "CAP_NET_BIND_SERVICE"; -+ Restart = "always"; -+ } -+ ]; - wantedBy = [ "multi-user.target" ]; - }; - - systemd.services.backup-vaultwarden = lib.mkIf (cfg.backupDir != null) { - description = "Backup vaultwarden"; - environment = { -- DATA_FOLDER = "/var/lib/bitwarden_rs"; -+ DATA_FOLDER = cfg.dataDir; - BACKUP_FOLDER = cfg.backupDir; - }; - path = with pkgs; [ sqlite ]; diff --git a/patches/vaultwarden.patch b/patches/vaultwarden.patch deleted file mode 100644 index a948f54..0000000 --- a/patches/vaultwarden.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix -index 41f7de5d8..31c183ed5 100644 ---- a/nixos/modules/services/security/vaultwarden/default.nix -+++ b/nixos/modules/services/security/vaultwarden/default.nix -@@ -25,7 +25,7 @@ let - configEnv = lib.concatMapAttrs (name: value: lib.optionalAttrs (value != null) { - ${nameToEnvVar name} = if lib.isBool value then lib.boolToString value else toString value; - }) cfg.config; -- in { DATA_FOLDER = "/var/lib/${StateDirectory}"; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") { -+ in { DATA_FOLDER = cfg.dataDir; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") { - WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault"; - } // configEnv; - -@@ -157,6 +157,16 @@ in { - defaultText = lib.literalExpression "pkgs.vaultwarden.webvault"; - description = "Web vault package to use."; - }; -+ -+ dataDir = lib.mkOption { -+ type = lib.types.str; -+ default = "/var/lib/${StateDirectory}"; -+ description = '' -+ The directury in which vaultwarden will keep its state. If left as the default value -+ this directory will automatically be created before the vaultwarden server starts, otherwise -+ the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions. -+ ''; -+ }; - }; - - config = lib.mkIf cfg.enable { -@@ -224,7 +234,7 @@ in { - systemd.services.backup-vaultwarden = lib.mkIf (cfg.backupDir != null) { - description = "Backup vaultwarden"; - environment = { -- DATA_FOLDER = "/var/lib/${StateDirectory}"; -+ DATA_FOLDER = cfg.dataDir; - BACKUP_FOLDER = cfg.backupDir; - }; - path = with pkgs; [ sqlite ]; diff --git a/patches/zfs-2.2.5.patch b/patches/zfs-2.2.5.patch index b18ca2e..6033d6d 100644 --- a/patches/zfs-2.2.5.patch +++ b/patches/zfs-2.2.5.patch @@ -1,89 +1,16 @@ -From 8d0db928289e0d3fd8fbefad0a15b3e6c734fb2e Mon Sep 17 00:00:00 2001 -From: Andrew Marshall -Date: Tue, 6 Aug 2024 18:37:12 -0400 -Subject: [PATCH 1/2] zfs_2_2: 2.2.4 -> 2.2.5 - -Diff: https://github.com/openzfs/zfs/compare/zfs-2.2.4...zfs-2.2.5 - -Changelog: https://github.com/openzfs/zfs/releases/tag/zfs-2.2.5 ---- - pkgs/os-specific/linux/zfs/2_2.nix | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - diff --git a/pkgs/os-specific/linux/zfs/2_2.nix b/pkgs/os-specific/linux/zfs/2_2.nix -index cc4a3490a197f7..b6d99bbcc0065e 100644 +index 9e3fde0780f0..9165ab4d5d1b 100644 --- a/pkgs/os-specific/linux/zfs/2_2.nix +++ b/pkgs/os-specific/linux/zfs/2_2.nix -@@ -15,12 +15,12 @@ callPackage ./generic.nix args { +@@ -15,9 +15,9 @@ callPackage ./generic.nix args { # this attribute is the correct one for this package. kernelModuleAttribute = "zfs_2_2"; # check the release notes for compatible kernels -- kernelCompatible = kernel.kernelOlder "6.9"; +- kernelCompatible = kernel.kernelOlder "6.10"; + kernelCompatible = kernel.kernelOlder "6.11"; - -- latestCompatibleLinuxPackages = linuxKernel.packages.linux_6_8; + +- latestCompatibleLinuxPackages = linuxKernel.packages.linux_6_6; + latestCompatibleLinuxPackages = linuxKernel.packages.linux_6_10; - + # this package should point to the latest release. -- version = "2.2.4"; -+ version = "2.2.5"; - - tests = [ - nixosTests.zfs.installer -@@ -29,5 +29,5 @@ callPackage ./generic.nix args { - - maintainers = with lib.maintainers; [ adamcstephens amarshall ]; - -- hash = "sha256-SSp/1Tu1iGx5UDcG4j0k2fnYxK05cdE8gzfSn8DU5Z4="; -+ hash = "sha256-BkwcNPk+jX8CXp5xEVrg4THof7o/5j8RY2SY6+IPNTg="; - } - -From fde7c3afb37e7a9d4be39e112b4b8f0bd6f75352 Mon Sep 17 00:00:00 2001 -From: Andrew Marshall -Date: Tue, 6 Aug 2024 18:37:47 -0400 -Subject: [PATCH 2/2] zfs-unstable: 2.2.4-unstable-2024-07-15 -> 2.2.5 - -Patches all appear to be merged into this release. ---- - pkgs/os-specific/linux/zfs/unstable.nix | 24 +++--------------------- - 1 file changed, 3 insertions(+), 21 deletions(-) - -diff --git a/pkgs/os-specific/linux/zfs/unstable.nix b/pkgs/os-specific/linux/zfs/unstable.nix -index faf3514dba3e88..d989e2394ce4ed 100644 ---- a/pkgs/os-specific/linux/zfs/unstable.nix -+++ b/pkgs/os-specific/linux/zfs/unstable.nix -@@ -23,31 +23,13 @@ callPackage ./generic.nix args { - # IMPORTANT: Always use a tagged release candidate or commits from the - # zfs--staging branch, because this is tested by the OpenZFS - # maintainers. -- version = "2.2.4-unstable-2024-07-15"; -- rev = "/54ef0fdf60a8e7633c38cb46e1f5bcfcec792f4e"; -+ version = "2.2.5"; -+ # rev = ""; - - isUnstable = true; - tests = [ - nixosTests.zfs.unstable - ]; - -- # 6.10 patches approved+merged to the default branch, not in staging yet -- # https://github.com/openzfs/zfs/pull/16250 -- extraPatches = [ -- (fetchpatch { -- url = "https://github.com/openzfs/zfs/commit/7ca7bb7fd723a91366ce767aea53c4f5c2d65afb.patch"; -- hash = "sha256-vUX4lgywh5ox6DjtIfeC90KjbLoW3Ol0rK/L65jOENo="; -- }) -- (fetchpatch { -- url = "https://github.com/openzfs/zfs/commit/e951dba48a6330aca9c161c50189f6974e6877f0.patch"; -- hash = "sha256-A1h0ZLY+nlReBMTlEm3O9kwBqto1cgsZdnJsHpR6hw0="; -- }) -- (fetchpatch { -- url = "https://github.com/openzfs/zfs/commit/b409892ae5028965a6fe98dde1346594807e6e45.patch"; -- hash = "sha256-pW1b8ktglFhwVRapTB5th9UCyjyrPmCVPg53nMENax8="; -- }) -- -- ]; -- -- hash = "sha256-7vZeIzA2yDW/gSCcS2AM3+C9qbRIbA9XbCRUxikW2+M="; -+ hash = "sha256-BkwcNPk+jX8CXp5xEVrg4THof7o/5j8RY2SY6+IPNTg="; - } + version = "2.2.5"; diff --git a/profiles/applications/home-apps.nix b/profiles/applications/home-apps.nix index 4cdf5f4..3b3ea13 100644 --- a/profiles/applications/home-apps.nix +++ b/profiles/applications/home-apps.nix @@ -5,7 +5,12 @@ bat = { enable = true; # config = {}; - extraPackages = with pkgs.bat-extras; [ batdiff batgrep batman batwatch ]; + extraPackages = with pkgs.bat-extras; [ + # batdiff + batgrep + batman + batwatch + ]; # syntaxes = {}; # themes = {}; }; diff --git a/profiles/servers/vaultwarden.nix b/profiles/servers/vaultwarden.nix index 3b09e4e..43eef7c 100644 --- a/profiles/servers/vaultwarden.nix +++ b/profiles/servers/vaultwarden.nix @@ -28,7 +28,6 @@ websocketEnabled = true; websocketPort = 3012; webVaultEnabled = true; - dataDir = "/var/lib/bitwarden_rs"; }; environmentFile = config.sops.secrets.vaultwarden.path; }; @@ -39,8 +38,11 @@ Group = "root"; }; - persist.state.directories = [ - config.services.vaultwarden.dataDir + persist.state.directories = let + stateDirectory = if lib.versionOlder config.system.stateVersion "24.11" then "bitwarden_rs" else "vaultwarden"; + dataDir = "/var/lib/${stateDirectory}"; + in [ + dataDir ] ++ lib.optionals (config.deviceSpecific.devInfo.fileSystem != "zfs") [ config.services.vaultwarden.backupDir ]; diff --git a/profiles/workspace/hyprland/default.nix b/profiles/workspace/hyprland/default.nix index 65b626b..5a4fe9a 100644 --- a/profiles/workspace/hyprland/default.nix +++ b/profiles/workspace/hyprland/default.nix @@ -133,7 +133,7 @@ in with config.deviceSpecific; with lib; { bind=${modifier},q,killactive, bind=${modifier},f,fullscreen,0 bind=${modifier}SHIFT,F,togglefloating, - bind=${modifier}CTRL,F,toggleopaque, + bind=${modifier}CTRL,F,exec,hyprctl setprop active opaque toggle bind=${modifier},left,movefocus,l bind=${modifier},right,movefocus,r bind=${modifier},up,movefocus,u