Upgrade to nixos 23.05

flake.nix

@@ -3,7 +3,7 @@
     "Flake to define configurations of 'elss' - ellmauthaler stefan's systems";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     #nix = {
@@ -15,7 +15,7 @@
     nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; };
 
     home-manager = {
-      url = "github:nix-community/home-manager/release-22.11";
+      url = "github:nix-community/home-manager/release-23.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -79,6 +79,8 @@
             "vscode-extension-ms-vscode-cpptools"
             "zoom"
           ];
+        # testing purposes till https://github.com/NixOS/nixpkgs/issues/224505 is resolved
+        permittedInsecurePackages = [ "openssl-1.1.1t" ];
       };
 
       channels.nixpkgs.overlaysBuilder = channels: [

machines/nucturne/hardware-configuration.nix

@@ -1,21 +1,14 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
+{ config, lib, pkgs, modulesPath, ... }: {
-  config,
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
+  boot.initrd.availableKernelModules =
-  boot.initrd.kernelModules = [];
+    [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
-  boot.kernelModules = ["kvm-intel"];
+  boot.initrd.kernelModules = [ ];
-  boot.extraModulePackages = [];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/da267a3c-34e3-4218-933f-10738ee61eb6";
@@ -32,11 +25,8 @@
     fsType = "vfat";
   };
 
-  swapDevices = [
+  swapDevices =
-    {device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e";}
+    [{ device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e"; }];
-  ];
 
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  # high-resolution display
-  hardware.video.hidpi.enable = lib.mkDefault true;
 }

machines/stel-xps/hardware-configuration.nix

@@ -1,39 +1,30 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
+{ config, lib, pkgs, modulesPath, ... }: {
-  config,
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
+  boot.initrd.availableKernelModules =
-  boot.initrd.kernelModules = [];
+    [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-  boot.kernelModules = ["kvm-intel"];
+  boot.initrd.kernelModules = [ ];
-  boot.extraModulePackages = [];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/6b7f9f80-af34-4317-b017-f883a2316674";
     fsType = "ext4";
   };
 
-  boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0";
+  boot.initrd.luks.devices."crypted".device =
+    "/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0";
 
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/39E0-047B";
     fsType = "vfat";
   };
 
-  swapDevices = [
+  swapDevices =
-    {device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0";}
+    [{ device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0"; }];
-  ];
 
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  # high-resolution display
-  hardware.video.hidpi.enable = lib.mkDefault true;
 }

modules/server/gitea.nix

@@ -1,38 +1,27 @@
-{
+{ config, pkgs, lib, ... }:
-  config,
-  pkgs,
-  lib,
-  ...
-}:
 with lib; {
-  config = let
+  config = let cfg = config.elss.server.gitea;
-    cfg = config.elss.server.gitea;
+  in mkIf cfg.enable {
-  in
-    mkIf cfg.enable {
     services.nginx.virtualHosts."git.ellmauthaler.net" = {
       enableACME = true;
       forceSSL = true;
-        locations."/" = {
+      locations."/" = { proxyPass = "http://localhost:3001"; };
-          proxyPass = "http://localhost:3001";
-        };
     };
 
     services.gitea = {
       enable = true;
-        settings.service = {
+      settings.service = { DISABLE_REGISTRATION = true; };
-          DISABLE_REGISTRATION = true;
-        };
       appName = "gitea: ellmauthaler.net gitea service";
       database = {
         type = "postgres";
         host = "/run/posgresql";
       };
-        domain = "git.ellmauthaler.net";
-        rootUrl = "https://git.ellmauthaler.net";
-        httpPort = 3001;
       settings = {
-          repository = {
+        repository = { DEFAULT_BRANCH = "main"; };
-            DEFAULT_BRANCH = "main";
+        server = {
+          ROOT_URL = "https://git.ellmauthaler.net";
+          HTTP_PORT = 3001;
+          DOMAIN = "git.ellmauthaler.net";
         };
       };
     };

modules/server/nextcloud.nix

@@ -1,18 +1,11 @@
-{
+{ config, pkgs, lib, ... }:
-  config,
-  pkgs,
-  lib,
-  ...
-}:
 with lib; {
-  config = let
+  config = let cfg = config.elss.server.nextcloud;
-    cfg = config.elss.server.nextcloud;
+  in mkIf cfg.enable {
-  in
-    mkIf cfg.enable {
     elss.server.sql.enable = mkDefault true;
     services.nextcloud = {
       enable = true;
-        package = pkgs.nextcloud25;
+      package = pkgs.nextcloud26;
       hostName = "cloudstore.ellmauthaler.net";
       https = true;
       enableBrokenCiphersForSSE = false;
@@ -33,8 +26,8 @@ with lib; {
     };
 
     systemd.services."nextcloud-setup" = {
-        requires = ["postgresql.service"];
+      requires = [ "postgresql.service" ];
-        after = ["postrgresql.service"];
+      after = [ "postrgresql.service" ];
     };
     sops.secrets = {
       storemin = {

modules/ssh.nix

@@ -1,20 +1,15 @@
-{
+{ config, lib, pkgs, ... }:
-  config,
-  lib,
-  pkgs,
-  ...
-}:
 with lib; {
   options.elss.sshd.enable = mkEnableOption "Set up sshd";
 
-  config = let
+  config = let cfg = config.elss.sshd;
-    cfg = config.elss.sshd;
+  in mkIf cfg.enable {
-  in
-    mkIf cfg.enable {
     services.openssh = {
       enable = true;
-        passwordAuthentication = false;
+      settings = {
-        permitRootLogin = "no";
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+      };
     };
   };
 }

templates/base/flake.nix

@@ -2,29 +2,18 @@
   description = "basic tool setup flake";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     flake-utils.url = "github:numtide/flake-utils";
     flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus";
   };
 
-  outputs = {
+  outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, flake-utils-plus
-    self,
+    , ... }@inputs:
-    nixpkgs,
+    { } // (flake-utils.lib.eachDefaultSystem (system:
-    nixpkgs-unstable,
+      let
-    flake-utils,
+        unstable = import nixpkgs-unstable { inherit system; };
-    flake-utils-plus,
+        pkgs = import nixpkgs { inherit system; };
-    ...
-  } @ inputs:
-    {}
-    // (flake-utils.lib.eachDefaultSystem (
-      system: let
-        unstable = import nixpkgs-unstable {
-          inherit system;
-        };
-        pkgs = import nixpkgs {
-          inherit system;
-        };
       in rec {
         devShell = pkgs.mkShell {
           buildInputs = [
@@ -32,6 +21,5 @@
             # pkgs.clingo
           ];
         };
-      }
+      }));
-    ));
 }

templates/rust/flake.nix

@@ -2,7 +2,7 @@
   description = "basic rust flake";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     rust-overlay = {
       url = "github:oxalica/rust-overlay";
@@ -18,24 +18,16 @@
     };
   };
 
-  outputs = {
+  outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, gitignoresrc
-    self,
+    , rust-overlay, ... }@inputs:
-    nixpkgs,
-    nixpkgs-unstable,
-    flake-utils,
-    gitignoresrc,
-    rust-overlay,
-    ...
-  } @ inputs:
     {
       #overlay = import ./nix { inherit gitignoresrc; };
-    }
+    } // (flake-utils.lib.eachDefaultSystem (system:
-    // (flake-utils.lib.eachDefaultSystem (
+      let
-      system: let
+        unstable = import nixpkgs-unstable { inherit system; };
-        unstable = import nixpkgs-unstable {inherit system;};
         pkgs = import nixpkgs {
           inherit system;
-          overlays = [(import rust-overlay)];
+          overlays = [ (import rust-overlay) ];
         };
       in rec {
         devShell = pkgs.mkShell {
@@ -54,6 +46,5 @@
             pkgs.kcov
           ];
         };
-      }
+      }));
-    ));
 }