treewide: update to nixos 23.11

This commit is contained in:
Oystein Kristoffer Tveit 2023-12-18 20:59:48 +01:00
parent fe30e15f5b
commit 3a52ba8901
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
9 changed files with 71 additions and 122 deletions

130
flake.lock generated
View File

@ -72,8 +72,8 @@
"fonts": {
"flake": false,
"locked": {
"lastModified": 1668957008,
"narHash": "sha256-er2eUfNSG9qdBh0JvtxtftQjFfTFjRqqD8dnk5nZ1qw=",
"lastModified": 1696614701,
"narHash": "sha256-QtT+ansp3ombpdS2+jNWgZKSqpxhVq3cyrpAKkDzA9Y=",
"path": "/home/h7x4/git/fonts",
"type": "path"
},
@ -89,16 +89,16 @@
]
},
"locked": {
"lastModified": 1687871164,
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
"lastModified": 1702814678,
"narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
"rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
@ -107,15 +107,13 @@
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils"
]
},
"locked": {
"lastModified": 1677801246,
"narHash": "sha256-/TeSHBkg4gGBsrOjnPxV0YnCIfpYeaMNPcfuj9HeR48=",
"ref": "refs/heads/zellij-kdl-configuration-generator",
"rev": "35ccc428a2b95182a3ca96824d838fd24a738641",
"revCount": 2378,
"dirtyRev": "9580f6c42af2535dc7890edb681ead090f5105f2-dirty",
"dirtyShortRev": "9580f6c4-dirty",
"lastModified": 1648677361,
"narHash": "sha256-hWI9yQHivS5xkkcQmkFk0DS3f/IrJAR/Oxow5N44GN0=",
"type": "git",
"url": "file:///home/h7x4/git/home-manager"
},
@ -129,39 +127,41 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1689214560,
"narHash": "sha256-2vXE3S68YeWhxRm7SdUD9Ac0xwDl9MHEGaGP8MdZa9c=",
"lastModified": 1701507532,
"narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
"owner": "dali99",
"repo": "nixos-matrix-modules",
"rev": "c158a35ea298ce3ea7cd446e9992154ea4bc6381",
"rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
"type": "github"
},
"original": {
"owner": "dali99",
"ref": "v0.5.0",
"repo": "nixos-matrix-modules",
"type": "github"
}
},
"maunium-stickerpicker": {
"inputs": {
"maunium-stickerpicker": "maunium-stickerpicker_2",
"mauniumStickerpicker": "mauniumStickerpicker",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1672622402,
"narHash": "sha256-eT0JSFIWbQhCOphDf3SMHlBHrT/gl5+7q1kusDcyBXg=",
"ref": "refs/heads/main",
"rev": "f7218b50056a423b16416b52056008a546d8f201",
"revCount": 1,
"type": "git",
"url": "file:///home/h7x4/git/maunium-stickerpicker-nix"
"lastModified": 1690902363,
"narHash": "sha256-BTm2MZ4/RW/fHv1tk28verFZnZvXjDIaDcgEbo4UvuM=",
"owner": "h7x4",
"repo": "maunium-stickerpicker-nix",
"rev": "2364837888111b295c4b0e840f01f398566abd05",
"type": "github"
},
"original": {
"type": "git",
"url": "file:///home/h7x4/git/maunium-stickerpicker-nix"
"owner": "h7x4",
"ref": "project-rewrite",
"repo": "maunium-stickerpicker-nix",
"type": "github"
}
},
"maunium-stickerpicker_2": {
"mauniumStickerpicker": {
"flake": false,
"locked": {
"lastModified": 1668509918,
@ -186,11 +186,11 @@
]
},
"locked": {
"lastModified": 1690076623,
"narHash": "sha256-k1AE76m7N9JVKCz0rjGPNez15rSVsDYS0l6XxfEAH88=",
"lastModified": 1702862450,
"narHash": "sha256-18/cpAXDSbBArFl+cysNo0optzaKn2XlW9IX4asH39c=",
"owner": "infinidoge",
"repo": "nix-minecraft",
"rev": "8706036acb4955f9d30f789dea1c42549944ce2e",
"rev": "4440d803fc989d8b563bec164f6e2715060fc284",
"type": "github"
},
"original": {
@ -224,16 +224,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1672441588,
"narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=",
"lastModified": 1690630041,
"narHash": "sha256-gbnvqm5goS9DSKAqGFpq3398aOpwejmq4qWikqmQyRo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f",
"rev": "d57e8c535d4cbb07f441c30988ce52eec69db7a8",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"ref": "nixos-23.05",
"type": "indirect"
}
},
@ -254,11 +254,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1689473667,
"narHash": "sha256-41ePf1ylHMTogSPAiufqvBbBos+gtB6zjQlYFSEKFMM=",
"lastModified": 1702777222,
"narHash": "sha256-/SYmqgxTYzqZnQEfbOCHCN4GzqB9uAIsR9IWLzo0/8I=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13231eccfa1da771afa5c0807fdd73e05a1ec4e6",
"rev": "a19a71d1ee93226fd71984359552affbc1cd3dc3",
"type": "github"
},
"original": {
@ -270,11 +270,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1690031011,
"narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=",
"lastModified": 1702312524,
"narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "12303c652b881435065a98729eb7278313041e49",
"rev": "a9bf124c46ef298113270b1f84a164865987a91c",
"type": "github"
},
"original": {
@ -285,26 +285,26 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1689956312,
"narHash": "sha256-NV9yamMhE5jgz+ZSM2IgXeYqOvmGIbIIJ+AFIhfD7Ek=",
"lastModified": 1702780907,
"narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6da4bc6cb07cba1b8e53d139cbf1d2fb8061d967",
"rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"ref": "nixos-23.11",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1689413807,
"narHash": "sha256-exuzOvOhGAEKWQKwDuZAL4N8a1I837hH5eocaTcIbLc=",
"lastModified": 1702539185,
"narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "46ed466081b9cad1125b11f11a2af5cc40b942c7",
"rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
"type": "github"
},
"original": {
@ -350,11 +350,11 @@
]
},
"locked": {
"lastModified": 1672838459,
"narHash": "sha256-SIXzj9fbSvr/jfhhil+0cS7I6KONijdH80PFGxJi+CA=",
"lastModified": 1684092181,
"narHash": "sha256-Oi6G8Jx2RkEMi3UndtAnZw61hfgKGEe7l/ILdB9ump4=",
"ref": "refs/heads/master",
"rev": "392fb541ce39f1f52908eee336d5ed409cd798ed",
"revCount": 42,
"rev": "028ed8774d1cf4650fc15253146cf14451eb608c",
"revCount": 43,
"type": "git",
"url": "file:///home/h7x4/git/osuchan-line-bot"
},
@ -389,8 +389,11 @@
]
},
"locked": {
"lastModified": 1683506783,
"narHash": "sha256-TEJGASqT3Ro1d3t+gKEc9NFOBqb0feVR2HqeZ8o3DGs=",
"lastModified": 1677435432,
"narHash": "sha256-oRxpSmfZQB/B5YQbSrL1K/T6xpHcPfN8buj7HM5Ecss=",
"ref": "refs/heads/main",
"rev": "6c7e4867ca307cf2163ece12f90f4ab57455e145",
"revCount": 59,
"type": "git",
"url": "file:///home/h7x4/git/nix-secrets"
},
@ -405,11 +408,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1689534977,
"narHash": "sha256-EB4hasmjKgetTR0My2bS5AwELZFIQ4zANLqHKi7aVXg=",
"lastModified": 1702812162,
"narHash": "sha256-18cKptpAAfkatdQgjO5SZXZsbc1IVPRoYx2AxaiooL4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "bd695cc4d0a5e1bead703cc1bec5fa3094820a81",
"rev": "21f2b8f123a1601fef3cf6bbbdf5171257290a77",
"type": "github"
},
"original": {
@ -448,21 +451,6 @@
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils_2",

View File

@ -1,10 +1,10 @@
{
inputs = {
nixpkgs.url = "nixpkgs/nixos-23.05";
nixpkgs.url = "nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -53,7 +53,7 @@
};
matrix-synapse-next = {
url = "github:dali99/nixos-matrix-modules";
url = "github:dali99/nixos-matrix-modules/v0.5.0";
};
vscode-server = {
@ -109,7 +109,7 @@
osuchan.overlays.default
(self: super: {
mpv-unwrapped = super.mpv-unwrapped.override {
ffmpeg_5 = super.ffmpeg_5-full;
ffmpeg = super.ffmpeg_6-full;
};
})
# (self: super: {
@ -173,7 +173,7 @@
./hosts/common.nix
./hosts/${name}/configuration.nix
matrix-synapse-next.nixosModules.synapse
matrix-synapse-next.nixosModules.default
osuchan.outputs.nixosModules.default
secrets.outputs.nixos-config
sops-nix.nixosModules.sops

View File

@ -90,7 +90,7 @@ in {
bat.enable = true;
bottom.enable = true;
exa.enable = true;
eza.enable = true;
feh.enable = mkIf graphics true;
fzf = {
enable = true;

View File

@ -44,7 +44,7 @@ in {
rclone
ripgrep
rsync
sc-im
# sc-im
slack-term
taskwarrior
taskwarrior-tui

View File

@ -63,7 +63,7 @@
enable-fzf-tab
zstyle ':fzf-tab:complete:cd:*' fzf-preview '${pkgs.exa}/bin/exa -1 --color=always $realpath'
zstyle ':fzf-tab:complete:cd:*' fzf-preview '${lib.getExe pkgs.eza} -1 --color=always $realpath'
# Use tmux buffer if we are inside tmux
if ! { [ "$TERM" = "screen" ] && [ -n "$TMUX" ]; } then

View File

@ -50,8 +50,8 @@ in {
ag = "${pkgs.ripgrep}/bin/rg";
lls = "${pkgs.coreutils}/bin/ls --color=always";
ls = p "exa";
la = "${p "exa"} -lah --changed --time-style long-iso --git --group";
ls = p "eza";
la = "${p "eza"} -lah --changed --time-style long-iso --git --group";
lsa = "la";
killall = {

View File

@ -2,10 +2,6 @@
let
inherit (config) machineVars;
in {
nixpkgs.config = {
allowUnfree = true;
};
sops.defaultSopsFile = ../secrets/default.yaml;
nix = {

View File

@ -82,6 +82,7 @@
};
groups = {
media = {};
nix-builder = {};
};
};

View File

@ -8,43 +8,7 @@ in
openRegistration = false;
};
systemd.services.atuin = {
requires = [ "postgresql.service" ];
serviceConfig = {
# Hardening
CapabilityBoundingSet = "";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "full";
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
# Required for connecting to database sockets,
# and listening to unix socket at `cfg.settings.path`
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap @privileged";
UMask = "0007";
};
};
systemd.services.atuin.requires = [ "postgresql.service" ];
local.socketActivation.atuin = {
enable = cfg.enable;