upgrade

2024-10-24 01:39:51 +03:00 · 2024-10-24 01:39:51 +03:00 · 5014ecf02a
commit 5014ecf02a
parent 21f1a37b57
8 changed files with 1096 additions and 413 deletions
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -121,7 +121,7 @@
              inputs.sops-nix.nixosModules.sops
              inputs.lix-module.nixosModules.default
            ];
-            specialArgs = { inherit self inputs self-nixpkgs; secrets = ./secrets; };
+            specialArgs = { inherit self inputs self-nixpkgs; secretsDir = ./secrets; };
          };

        patchesPath = map (x: ./patches + "/${x}");
@ -172,7 +172,7 @@

          shared-patches = patchesPath [ ];
          unstable-patches = shared-patches ++ patchesPath [
-            "netbird-24.11.patch"
+            # "netbird-24.11.patch"
            "onlyoffice.patch"
            # "zen-kernels.patch"
          ];
--- a/machines/AMD-Workstation/default.nix
+++ b/machines/AMD-Workstation/default.nix
@ -171,21 +171,21 @@
    home.stateVersion = "24.05";
  };

-  services.netbird.clients.priv = {
-    interface = "wt0";
-    port = 58467;
-    hardened = false;
-    ui.enable = true;
-    autoStart = false;
-    config = {
-      AdminURL.Host = "net.ataraxiadev.com:443";
-      AdminURL.Scheme = "https";
-      ManagementURL.Host = "net.ataraxiadev.com:443";
-      ManagementURL.Scheme = "https";
-      RosenpassEnabled = true;
-      RosenpassPermissive = true;
-    };
-  };
+  # services.netbird.clients.priv = {
+  #   interface = "wt0";
+  #   port = 58467;
+  #   hardened = false;
+  #   ui.enable = true;
+  #   autoStart = false;
+  #   config = {
+  #     AdminURL.Host = "net.ataraxiadev.com:443";
+  #     AdminURL.Scheme = "https";
+  #     ManagementURL.Host = "net.ataraxiadev.com:443";
+  #     ManagementURL.Scheme = "https";
+  #     RosenpassEnabled = true;
+  #     RosenpassPermissive = true;
+  #   };
+  # };

  persist.state = {
    directories = [ "/var/lib/netbird-priv" ];
--- a/machines/Dell-Laptop/boot.nix
+++ b/machines/Dell-Laptop/boot.nix
@ -11,11 +11,9 @@ in {
      supportedFilesystems = [ "zfs" ];
      luks.devices = {
        "cryptroot" = {
-          preLVM = true;
          keyFile = "/keyfile0.bin";
          allowDiscards = true;
          bypassWorkqueues = true;
-          fallbackToPassword = true;
        };
      };
      secrets = {
@ -54,8 +52,19 @@ in {

  fileSystems."/home".neededForBoot = true;
  fileSystems."/persist".neededForBoot = true;
-  boot.initrd.postDeviceCommands = lib.mkAfter ''
-    zfs rollback -r rpool/nixos/root@empty
-    zfs rollback -r rpool/user/home@empty
-  '';
+
+  boot.initrd.systemd.enable = true;
+  boot.initrd.systemd.services.rollback = {
+    description = "Rollback zfs to a pristine state on boot";
+    wantedBy = [ "initrd.target" ];
+    after = [ "zfs-import-rpool.service" ];
+    before = [ "sysroot.mount" ];
+    path = [ config.boot.zfs.package ];
+    unitConfig.DefaultDependencies = "no";
+    serviceConfig.Type = "oneshot";
+    script = ''
+      zfs rollback -r rpool/nixos/root@empty && echo "  >>> rollback root <<<"
+      zfs rollback -r rpool/user/home@empty && echo "  >>> rollback home <<<"
+    '';
+  };
 }
--- a/machines/NixOS-VPS/services/tailscale.nix
+++ b/machines/NixOS-VPS/services/tailscale.nix
@ -3,16 +3,14 @@ let
  bridgeName = (import ../hardware/networks.nix).interfaces.main'.bridgeName;
  tailscalePort = config.services.tailscale.port;
  tailscaleIfname = config.services.tailscale.interfaceName;
-  netbirdPort = config.services.netbird.clients.priv.port;
-  netbirdIfname = config.services.netbird.clients.priv.interface;
  ssPort1 = 2234;
  ssPort2 = 2235;
 in {
  imports = [ inputs.ataraxiasjel-nur.nixosModules.rinetd ];

-  networking.firewall.trustedInterfaces = [ tailscaleIfname netbirdIfname ];
+  networking.firewall.trustedInterfaces = [ tailscaleIfname ];
  networking.firewall.interfaces.${bridgeName} = {
-    allowedUDPPorts = [ tailscalePort netbirdPort ];
+    allowedUDPPorts = [ tailscalePort ];
    allowedTCPPorts = [ ssPort1 ssPort2 ];
  };

@ -28,24 +26,7 @@ in {
    useRoutingFeatures = "both";
  };

-  services.netbird.clients.priv = {
-    interface = "wt0";
-    port = 52674;
-    hardened = false;
-    ui.enable = false;
-    config = {
-      AdminURL.Host = "net.ataraxiadev.com:443";
-      AdminURL.Scheme = "https";
-      ManagementURL.Host = "net.ataraxiadev.com:443";
-      ManagementURL.Scheme = "https";
-      DisableAutoConnect = false;
-      RosenpassEnabled = true;
-      RosenpassPermissive = true;
-    };
-  };
-  users.users.${config.mainuser}.extraGroups = [ "netbird-priv" ];
-
-  persist.state.directories = [ "/var/lib/tailscale" "/var/lib/netbird-priv" ];
+  persist.state.directories = [ "/var/lib/tailscale" ];

  services.rinetd = {
    enable = true;
--- a/profiles/nix/default.nix
+++ b/profiles/nix/default.nix
@ -19,7 +19,7 @@
      flake-registry = ${inputs.flake-registry}/flake-registry.json
    '';
    settings = {
-      auto-optimise-store = false;
+      auto-optimise-store = true;
      require-sigs = true;
      substituters = [
        "https://cache.nixos.org"
--- a/profiles/overlay.nix
+++ b/profiles/overlay.nix
@ -24,7 +24,6 @@ with lib; {
        nix-alien = inputs.nix-alien.packages.${system}.nix-alien;
        nix-fast-build = inputs.nix-fast-build.packages.${system}.default;
        nix-index-update = inputs.nix-alien.packages.${system}.nix-index-update;
-        open-webui = master.open-webui;
        prismlauncher = inputs.prismlauncher.packages.${system}.prismlauncher.override {
          jdks = [ pkgs.temurin-bin ];
        };
--- a/profiles/workspace/misc.nix
+++ b/profiles/workspace/misc.nix
@ -13,7 +13,7 @@ with config.deviceSpecific; {

  services.journald.extraConfig = "Compress=false";
  services.gvfs.enable = !isServer;
-  services.upower.enable = isLaptop;
+  services.upower.enable = lib.mkDefault isLaptop;
  xdg.portal.enable = true;
  xdg.portal.config.common.default = "*";
  # xdg.portal.xdgOpenUsePortal = true;