Upgrade to nixos 23.05

flake.lock: Update
Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/04f25058fbe3ae1aadd435aba49b66493e939f83' (2023-05-30) → 'github:nix-community/emacs-overlay/d0fc4dae0e0248453324e8d05733163a6a2f102e' (2023-05-31) • Updated input 'emacs-overlay/flake-utils': 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02) → 'github:numtide/flake-utils/a1720a10a6cfe8234c0e93907ffe81be440f4cef' (2023-05-31) • Added input 'emacs-overlay/flake-utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) • Updated input 'sops-nix': 'github:Mic92/sops-nix/3e016341d4dca6ce7c62316f90e66341841a30f9' (2023-05-28) → 'github:Mic92/sops-nix/876846cde9762ae563f018c17993354875e2538e' (2023-05-30)
2025-12-20 09:39:39 +01:00 · 2023-05-31 17:02:01 +02:00 · 2023-05-31 16:44:02 +02:00
9 changed files with 139 additions and 198 deletions
--- a/flake.lock
+++ b/flake.lock
@ -71,11 +71,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1685412232,
-        "narHash": "sha256-Oifn6uAP+IS0jEGs50tlRBCIwtUVIN4f+8RdlxbvK88=",
+        "lastModified": 1685527918,
+        "narHash": "sha256-rlnBRZVOkytw02LflK+rAJ4XJ0TGuqGjrYGBMWgyaKA=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
-        "rev": "04f25058fbe3ae1aadd435aba49b66493e939f83",
+        "rev": "d0fc4dae0e0248453324e8d05733163a6a2f102e",
        "type": "github"
      },
      "original": {
@ -101,12 +101,15 @@
      }
    },
    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
      "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "lastModified": 1685518550,
+        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
        "type": "github"
      },
      "original": {
@ -152,20 +155,19 @@
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
-        ],
-        "utils": "utils"
+        ]
      },
      "locked": {
-        "lastModified": 1681092193,
-        "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
+        "lastModified": 1685480784,
+        "narHash": "sha256-pkk3J9gX745LEkkeTGhSRJqPJkmCPQzwI/q7a720XaY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
+        "rev": "54a9d6456eaa6195998a0f37bdbafee9953ca0fb",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-22.11",
+        "ref": "release-23.05",
        "repo": "home-manager",
        "type": "github"
      }
@ -324,16 +326,16 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1685314633,
-        "narHash": "sha256-8LXBPqTQXl5ofkjpJ18JcbmLJ/lWDoMxtUwiDYv0wro=",
+        "lastModified": 1685451684,
+        "narHash": "sha256-Y5iqtWkO82gHAnrBvNu/yLQsiVNJRCad4wWGz2a1urk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c8a17ce7abc03c50cd072e9e6c9b389c5f61836b",
+        "rev": "6b0edc9c690c1d8a729f055e0d73439045cfda55",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-22.11",
+        "ref": "nixos-23.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -359,7 +361,7 @@
          "nixpkgs"
        ],
        "nixpkgs-22_11": "nixpkgs-22_11",
-        "utils": "utils_2"
+        "utils": "utils"
      },
      "locked": {
        "lastModified": 1671659164,
@ -384,11 +386,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1685242617,
-        "narHash": "sha256-UBPXGfGwGMJm2Wj9kDj8+TMMK2PTouSM/TpiXYtaqtQ=",
+        "lastModified": 1685434555,
+        "narHash": "sha256-aZl0yeaYX3T2L3W3yXOd3S9OfpS+8YUOT2b1KwrSf6E=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "3e016341d4dca6ce7c62316f90e66341841a30f9",
+        "rev": "876846cde9762ae563f018c17993354875e2538e",
        "type": "github"
      },
      "original": {
@ -398,22 +400,22 @@
        "type": "github"
      }
    },
-    "utils": {
+    "systems": {
      "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
+        "owner": "nix-systems",
+        "repo": "default",
        "type": "github"
      }
    },
-    "utils_2": {
+    "utils": {
      "locked": {
        "lastModified": 1605370193,
        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
--- a/flake.nix
+++ b/flake.nix
@ -3,7 +3,7 @@
    "Flake to define configurations of 'elss' - ellmauthaler stefan's systems";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

    #nix = {
@ -15,7 +15,7 @@
    nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; };

    home-manager = {
-      url = "github:nix-community/home-manager/release-22.11";
+      url = "github:nix-community/home-manager/release-23.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };

@ -79,6 +79,8 @@
            "vscode-extension-ms-vscode-cpptools"
            "zoom"
          ];
+        # testing purposes till https://github.com/NixOS/nixpkgs/issues/224505 is resolved
+        permittedInsecurePackages = [ "openssl-1.1.1t" ];
      };

      channels.nixpkgs.overlaysBuilder = channels: [
--- a/machines/nucturne/hardware-configuration.nix
+++ b/machines/nucturne/hardware-configuration.nix
@ -1,21 +1,14 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
+{ config, lib, pkgs, modulesPath, ... }: {
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/da267a3c-34e3-4218-933f-10738ee61eb6";
@ -32,11 +25,8 @@
    fsType = "vfat";
  };

-  swapDevices = [
-    {device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e";}
-  ];
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e"; }];

  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  # high-resolution display
-  hardware.video.hidpi.enable = lib.mkDefault true;
 }
--- a/machines/stel-xps/hardware-configuration.nix
+++ b/machines/stel-xps/hardware-configuration.nix
@ -1,39 +1,30 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
+{ config, lib, pkgs, modulesPath, ... }: {
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-intel"];
-  boot.extraModulePackages = [];
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/6b7f9f80-af34-4317-b017-f883a2316674";
    fsType = "ext4";
  };

-  boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0";
+  boot.initrd.luks.devices."crypted".device =
+    "/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0";

  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/39E0-047B";
    fsType = "vfat";
  };

-  swapDevices = [
-    {device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0";}
-  ];
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0"; }];

  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-  # high-resolution display
-  hardware.video.hidpi.enable = lib.mkDefault true;
 }
--- a/modules/server/gitea.nix
+++ b/modules/server/gitea.nix
@ -1,40 +1,29 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, pkgs, lib, ... }:
 with lib; {
-  config = let
-    cfg = config.elss.server.gitea;
-  in
-    mkIf cfg.enable {
-      services.nginx.virtualHosts."git.ellmauthaler.net" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://localhost:3001";
-        };
-      };
+  config = let cfg = config.elss.server.gitea;
+  in mkIf cfg.enable {
+    services.nginx.virtualHosts."git.ellmauthaler.net" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = { proxyPass = "http://localhost:3001"; };
+    };

-      services.gitea = {
-        enable = true;
-        settings.service = {
-          DISABLE_REGISTRATION = true;
-        };
-        appName = "gitea: ellmauthaler.net gitea service";
-        database = {
-          type = "postgres";
-          host = "/run/posgresql";
-        };
-        domain = "git.ellmauthaler.net";
-        rootUrl = "https://git.ellmauthaler.net";
-        httpPort = 3001;
-        settings = {
-          repository = {
-            DEFAULT_BRANCH = "main";
-          };
+    services.gitea = {
+      enable = true;
+      settings.service = { DISABLE_REGISTRATION = true; };
+      appName = "gitea: ellmauthaler.net gitea service";
+      database = {
+        type = "postgres";
+        host = "/run/posgresql";
+      };
+      settings = {
+        repository = { DEFAULT_BRANCH = "main"; };
+        server = {
+          ROOT_URL = "https://git.ellmauthaler.net";
+          HTTP_PORT = 3001;
+          DOMAIN = "git.ellmauthaler.net";
        };
      };
    };
+  };
 }
--- a/modules/server/nextcloud.nix
+++ b/modules/server/nextcloud.nix
@ -1,47 +1,40 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, pkgs, lib, ... }:
 with lib; {
-  config = let
-    cfg = config.elss.server.nextcloud;
-  in
-    mkIf cfg.enable {
-      elss.server.sql.enable = mkDefault true;
-      services.nextcloud = {
-        enable = true;
-        package = pkgs.nextcloud25;
-        hostName = "cloudstore.ellmauthaler.net";
-        https = true;
-        enableBrokenCiphersForSSE = false;
-        config = {
-          dbtype = "pgsql";
-          dbuser = "nextcloud";
-          dbname = "nextcloud";
-          adminuser = "storemin";
-          adminpassFile = config.sops.secrets.storemin.path;
-          dbhost = "/run/postgresql";
-          defaultPhoneRegion = "DE";
-        };
-      };
-
-      services.nginx.virtualHosts."cloudstore.ellmauthaler.net" = {
-        enableACME = true;
-        forceSSL = true;
-      };
-
-      systemd.services."nextcloud-setup" = {
-        requires = ["postgresql.service"];
-        after = ["postrgresql.service"];
-      };
-      sops.secrets = {
-        storemin = {
-          owner = "nextcloud";
-          group = "nextcloud";
-          sopsFile = ../../secrets/server.yaml;
-        };
+  config = let cfg = config.elss.server.nextcloud;
+  in mkIf cfg.enable {
+    elss.server.sql.enable = mkDefault true;
+    services.nextcloud = {
+      enable = true;
+      package = pkgs.nextcloud26;
+      hostName = "cloudstore.ellmauthaler.net";
+      https = true;
+      enableBrokenCiphersForSSE = false;
+      config = {
+        dbtype = "pgsql";
+        dbuser = "nextcloud";
+        dbname = "nextcloud";
+        adminuser = "storemin";
+        adminpassFile = config.sops.secrets.storemin.path;
+        dbhost = "/run/postgresql";
+        defaultPhoneRegion = "DE";
      };
    };
+
+    services.nginx.virtualHosts."cloudstore.ellmauthaler.net" = {
+      enableACME = true;
+      forceSSL = true;
+    };
+
+    systemd.services."nextcloud-setup" = {
+      requires = [ "postgresql.service" ];
+      after = [ "postrgresql.service" ];
+    };
+    sops.secrets = {
+      storemin = {
+        owner = "nextcloud";
+        group = "nextcloud";
+        sopsFile = ../../secrets/server.yaml;
+      };
+    };
+  };
 }
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@ -1,20 +1,15 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
+{ config, lib, pkgs, ... }:
 with lib; {
  options.elss.sshd.enable = mkEnableOption "Set up sshd";

-  config = let
-    cfg = config.elss.sshd;
-  in
-    mkIf cfg.enable {
-      services.openssh = {
-        enable = true;
-        passwordAuthentication = false;
-        permitRootLogin = "no";
+  config = let cfg = config.elss.sshd;
+  in mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
      };
    };
+  };
 }
--- a/templates/base/flake.nix
+++ b/templates/base/flake.nix
@ -2,29 +2,18 @@
  description = "basic tool setup flake";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    flake-utils.url = "github:numtide/flake-utils";
    flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus";
  };

-  outputs = {
-    self,
-    nixpkgs,
-    nixpkgs-unstable,
-    flake-utils,
-    flake-utils-plus,
-    ...
-  } @ inputs:
-    {}
-    // (flake-utils.lib.eachDefaultSystem (
-      system: let
-        unstable = import nixpkgs-unstable {
-          inherit system;
-        };
-        pkgs = import nixpkgs {
-          inherit system;
-        };
+  outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, flake-utils-plus
+    , ... }@inputs:
+    { } // (flake-utils.lib.eachDefaultSystem (system:
+      let
+        unstable = import nixpkgs-unstable { inherit system; };
+        pkgs = import nixpkgs { inherit system; };
      in rec {
        devShell = pkgs.mkShell {
          buildInputs = [
@ -32,6 +21,5 @@
            # pkgs.clingo
          ];
        };
-      }
-    ));
+      }));
 }
--- a/templates/rust/flake.nix
+++ b/templates/rust/flake.nix
@ -2,7 +2,7 @@
  description = "basic rust flake";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    rust-overlay = {
      url = "github:oxalica/rust-overlay";
@ -18,24 +18,16 @@
    };
  };

-  outputs = {
-    self,
-    nixpkgs,
-    nixpkgs-unstable,
-    flake-utils,
-    gitignoresrc,
-    rust-overlay,
-    ...
-  } @ inputs:
+  outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, gitignoresrc
+    , rust-overlay, ... }@inputs:
    {
      #overlay = import ./nix { inherit gitignoresrc; };
-    }
-    // (flake-utils.lib.eachDefaultSystem (
-      system: let
-        unstable = import nixpkgs-unstable {inherit system;};
+    } // (flake-utils.lib.eachDefaultSystem (system:
+      let
+        unstable = import nixpkgs-unstable { inherit system; };
        pkgs = import nixpkgs {
          inherit system;
-          overlays = [(import rust-overlay)];
+          overlays = [ (import rust-overlay) ];
        };
      in rec {
        devShell = pkgs.mkShell {
@ -54,6 +46,5 @@
            pkgs.kcov
          ];
        };
-      }
-    ));
+      }));
 }