treewide: update to nixos 23.11

2023-12-18 20:59:48 +01:00 · 2023-12-18 20:59:48 +01:00 · 3a52ba8901
parent fe30e15f5b
commit 3a52ba8901
9 changed files with 71 additions and 122 deletions
--- a/flake.lock
+++ b/flake.lock
@ -72,8 +72,8 @@
    "fonts": {
      "flake": false,
      "locked": {
-        "lastModified": 1668957008,
-        "narHash": "sha256-er2eUfNSG9qdBh0JvtxtftQjFfTFjRqqD8dnk5nZ1qw=",
+        "lastModified": 1696614701,
+        "narHash": "sha256-QtT+ansp3ombpdS2+jNWgZKSqpxhVq3cyrpAKkDzA9Y=",
        "path": "/home/h7x4/git/fonts",
        "type": "path"
      },
@ -89,16 +89,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1687871164,
-        "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
+        "lastModified": 1702814678,
+        "narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
+        "rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-23.05",
+        "ref": "release-23.11",
        "repo": "home-manager",
        "type": "github"
      }
@ -107,15 +107,13 @@
      "inputs": {
        "nixpkgs": [
          "nixpkgs-unstable"
-        ],
-        "utils": "utils"
+        ]
      },
      "locked": {
-        "lastModified": 1677801246,
-        "narHash": "sha256-/TeSHBkg4gGBsrOjnPxV0YnCIfpYeaMNPcfuj9HeR48=",
-        "ref": "refs/heads/zellij-kdl-configuration-generator",
-        "rev": "35ccc428a2b95182a3ca96824d838fd24a738641",
-        "revCount": 2378,
+        "dirtyRev": "9580f6c42af2535dc7890edb681ead090f5105f2-dirty",
+        "dirtyShortRev": "9580f6c4-dirty",
+        "lastModified": 1648677361,
+        "narHash": "sha256-hWI9yQHivS5xkkcQmkFk0DS3f/IrJAR/Oxow5N44GN0=",
        "type": "git",
        "url": "file:///home/h7x4/git/home-manager"
      },
@ -129,39 +127,41 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1689214560,
-        "narHash": "sha256-2vXE3S68YeWhxRm7SdUD9Ac0xwDl9MHEGaGP8MdZa9c=",
+        "lastModified": 1701507532,
+        "narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
        "owner": "dali99",
        "repo": "nixos-matrix-modules",
-        "rev": "c158a35ea298ce3ea7cd446e9992154ea4bc6381",
+        "rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
        "type": "github"
      },
      "original": {
        "owner": "dali99",
+        "ref": "v0.5.0",
        "repo": "nixos-matrix-modules",
        "type": "github"
      }
    },
    "maunium-stickerpicker": {
      "inputs": {
-        "maunium-stickerpicker": "maunium-stickerpicker_2",
+        "mauniumStickerpicker": "mauniumStickerpicker",
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1672622402,
-        "narHash": "sha256-eT0JSFIWbQhCOphDf3SMHlBHrT/gl5+7q1kusDcyBXg=",
-        "ref": "refs/heads/main",
-        "rev": "f7218b50056a423b16416b52056008a546d8f201",
-        "revCount": 1,
-        "type": "git",
-        "url": "file:///home/h7x4/git/maunium-stickerpicker-nix"
+        "lastModified": 1690902363,
+        "narHash": "sha256-BTm2MZ4/RW/fHv1tk28verFZnZvXjDIaDcgEbo4UvuM=",
+        "owner": "h7x4",
+        "repo": "maunium-stickerpicker-nix",
+        "rev": "2364837888111b295c4b0e840f01f398566abd05",
+        "type": "github"
      },
      "original": {
-        "type": "git",
-        "url": "file:///home/h7x4/git/maunium-stickerpicker-nix"
+        "owner": "h7x4",
+        "ref": "project-rewrite",
+        "repo": "maunium-stickerpicker-nix",
+        "type": "github"
      }
    },
-    "maunium-stickerpicker_2": {
+    "mauniumStickerpicker": {
      "flake": false,
      "locked": {
        "lastModified": 1668509918,
@ -186,11 +186,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1690076623,
-        "narHash": "sha256-k1AE76m7N9JVKCz0rjGPNez15rSVsDYS0l6XxfEAH88=",
+        "lastModified": 1702862450,
+        "narHash": "sha256-18/cpAXDSbBArFl+cysNo0optzaKn2XlW9IX4asH39c=",
        "owner": "infinidoge",
        "repo": "nix-minecraft",
-        "rev": "8706036acb4955f9d30f789dea1c42549944ce2e",
+        "rev": "4440d803fc989d8b563bec164f6e2715060fc284",
        "type": "github"
      },
      "original": {
@ -224,16 +224,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1672441588,
-        "narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=",
+        "lastModified": 1690630041,
+        "narHash": "sha256-gbnvqm5goS9DSKAqGFpq3398aOpwejmq4qWikqmQyRo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f",
+        "rev": "d57e8c535d4cbb07f441c30988ce52eec69db7a8",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-22.11",
+        "ref": "nixos-23.05",
        "type": "indirect"
      }
    },
@ -254,11 +254,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1689473667,
-        "narHash": "sha256-41ePf1ylHMTogSPAiufqvBbBos+gtB6zjQlYFSEKFMM=",
+        "lastModified": 1702777222,
+        "narHash": "sha256-/SYmqgxTYzqZnQEfbOCHCN4GzqB9uAIsR9IWLzo0/8I=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "13231eccfa1da771afa5c0807fdd73e05a1ec4e6",
+        "rev": "a19a71d1ee93226fd71984359552affbc1cd3dc3",
        "type": "github"
      },
      "original": {
@ -270,11 +270,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1690031011,
-        "narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=",
+        "lastModified": 1702312524,
+        "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "12303c652b881435065a98729eb7278313041e49",
+        "rev": "a9bf124c46ef298113270b1f84a164865987a91c",
        "type": "github"
      },
      "original": {
@ -285,26 +285,26 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1689956312,
-        "narHash": "sha256-NV9yamMhE5jgz+ZSM2IgXeYqOvmGIbIIJ+AFIhfD7Ek=",
+        "lastModified": 1702780907,
+        "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "6da4bc6cb07cba1b8e53d139cbf1d2fb8061d967",
+        "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-23.05",
+        "ref": "nixos-23.11",
        "type": "indirect"
      }
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1689413807,
-        "narHash": "sha256-exuzOvOhGAEKWQKwDuZAL4N8a1I837hH5eocaTcIbLc=",
+        "lastModified": 1702539185,
+        "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "46ed466081b9cad1125b11f11a2af5cc40b942c7",
+        "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
        "type": "github"
      },
      "original": {
@ -350,11 +350,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1672838459,
-        "narHash": "sha256-SIXzj9fbSvr/jfhhil+0cS7I6KONijdH80PFGxJi+CA=",
+        "lastModified": 1684092181,
+        "narHash": "sha256-Oi6G8Jx2RkEMi3UndtAnZw61hfgKGEe7l/ILdB9ump4=",
        "ref": "refs/heads/master",
-        "rev": "392fb541ce39f1f52908eee336d5ed409cd798ed",
-        "revCount": 42,
+        "rev": "028ed8774d1cf4650fc15253146cf14451eb608c",
+        "revCount": 43,
        "type": "git",
        "url": "file:///home/h7x4/git/osuchan-line-bot"
      },
@ -389,8 +389,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1683506783,
-        "narHash": "sha256-TEJGASqT3Ro1d3t+gKEc9NFOBqb0feVR2HqeZ8o3DGs=",
+        "lastModified": 1677435432,
+        "narHash": "sha256-oRxpSmfZQB/B5YQbSrL1K/T6xpHcPfN8buj7HM5Ecss=",
+        "ref": "refs/heads/main",
+        "rev": "6c7e4867ca307cf2163ece12f90f4ab57455e145",
+        "revCount": 59,
        "type": "git",
        "url": "file:///home/h7x4/git/nix-secrets"
      },
@ -405,11 +408,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1689534977,
-        "narHash": "sha256-EB4hasmjKgetTR0My2bS5AwELZFIQ4zANLqHKi7aVXg=",
+        "lastModified": 1702812162,
+        "narHash": "sha256-18cKptpAAfkatdQgjO5SZXZsbc1IVPRoYx2AxaiooL4=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "bd695cc4d0a5e1bead703cc1bec5fa3094820a81",
+        "rev": "21f2b8f123a1601fef3cf6bbbdf5171257290a77",
        "type": "github"
      },
      "original": {
@ -448,21 +451,6 @@
        "type": "github"
      }
    },
-    "utils": {
-      "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
    "vscode-server": {
      "inputs": {
        "flake-utils": "flake-utils_2",
--- a/flake.nix
+++ b/flake.nix
@ -1,10 +1,10 @@
 {
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.05";
+    nixpkgs.url = "nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";

    home-manager = {
-      url = "github:nix-community/home-manager/release-23.05";
+      url = "github:nix-community/home-manager/release-23.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };

@ -53,7 +53,7 @@
    };

    matrix-synapse-next = {
-      url = "github:dali99/nixos-matrix-modules";
+      url = "github:dali99/nixos-matrix-modules/v0.5.0";
    };

    vscode-server = {
@ -109,7 +109,7 @@
        osuchan.overlays.default
        (self: super: {
          mpv-unwrapped = super.mpv-unwrapped.override {
-            ffmpeg_5 = super.ffmpeg_5-full;
+            ffmpeg = super.ffmpeg_6-full;
          };
        })
        # (self: super: {
@ -173,7 +173,7 @@
            ./hosts/common.nix
            ./hosts/${name}/configuration.nix

-            matrix-synapse-next.nixosModules.synapse
+            matrix-synapse-next.nixosModules.default
            osuchan.outputs.nixosModules.default
            secrets.outputs.nixos-config
            sops-nix.nixosModules.sops
--- a/home/home.nix
+++ b/home/home.nix
@ -90,7 +90,7 @@ in {

    bat.enable = true;
    bottom.enable = true;
-    exa.enable = true;
+    eza.enable = true;
    feh.enable = mkIf graphics true;
    fzf = {
      enable = true;
--- a/home/packages.nix
+++ b/home/packages.nix
@ -44,7 +44,7 @@ in {
    rclone
    ripgrep
    rsync
-    sc-im
+    # sc-im
    slack-term
    taskwarrior
    taskwarrior-tui
--- a/home/programs/zsh/default.nix
+++ b/home/programs/zsh/default.nix
@ -63,7 +63,7 @@

      enable-fzf-tab

-      zstyle ':fzf-tab:complete:cd:*' fzf-preview '${pkgs.exa}/bin/exa -1 --color=always $realpath'
+      zstyle ':fzf-tab:complete:cd:*' fzf-preview '${lib.getExe pkgs.eza} -1 --color=always $realpath'

      # Use tmux buffer if we are inside tmux
      if ! { [ "$TERM" = "screen" ] && [ -n "$TMUX" ]; } then
--- a/home/shell.nix
+++ b/home/shell.nix
@ -50,8 +50,8 @@ in {
      ag = "${pkgs.ripgrep}/bin/rg";

      lls = "${pkgs.coreutils}/bin/ls --color=always";
-      ls = p "exa";
-      la = "${p "exa"} -lah --changed --time-style long-iso --git --group";
+      ls = p "eza";
+      la = "${p "eza"} -lah --changed --time-style long-iso --git --group";
      lsa = "la";

      killall = {
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -2,10 +2,6 @@
 let
  inherit (config) machineVars;
 in {
-  nixpkgs.config = {
-    allowUnfree = true;
-  };
-
  sops.defaultSopsFile = ../secrets/default.yaml;

  nix = {
--- a/hosts/tsuki/configuration.nix
+++ b/hosts/tsuki/configuration.nix
@ -82,6 +82,7 @@
    };
    groups = {
      media = {};
+      nix-builder = {};
    };
  };

--- a/hosts/tsuki/services/atuin.nix
+++ b/hosts/tsuki/services/atuin.nix
@ -8,43 +8,7 @@ in
    openRegistration = false;
  };

-  systemd.services.atuin = {
-    requires = [ "postgresql.service" ];
-    serviceConfig = {
-      # Hardening
-      CapabilityBoundingSet = "";
-      LockPersonality = true;
-      NoNewPrivileges = true;
-      PrivateDevices = true;
-      PrivateMounts = true;
-      PrivateTmp = true;
-      PrivateUsers = true;
-      ProcSubset = "pid";
-      ProtectClock = true;
-      ProtectControlGroups = true;
-      ProtectHome = true;
-      ProtectHostname = true;
-      ProtectKernelLogs = true;
-      ProtectKernelModules = true;
-      ProtectKernelTunables = true;
-      ProtectProc = "invisible";
-      ProtectSystem = "full";
-      RemoveIPC = true;
-      RestrictAddressFamilies = [
-        "AF_INET"
-        "AF_INET6"
-        # Required for connecting to database sockets,
-        # and listening to unix socket at `cfg.settings.path`
-        "AF_UNIX"
-      ];
-      RestrictNamespaces = true;
-      RestrictRealtime = true;
-      RestrictSUIDSGID = true;
-      SystemCallArchitectures = "native";
-      SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap @privileged";
-      UMask = "0007";
-    };
-  };
+  systemd.services.atuin.requires = [ "postgresql.service" ];

  local.socketActivation.atuin = {
    enable = cfg.enable;