cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

upgrade to 23.05

Browse source
This commit is contained in:
Cyryl Płotnicki 2023-06-01 19:03:20 +01:00
parent 5aba15c831
commit ee21c83e8d
6 changed files with 72 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

94
flake.lock
View file

@ -46,11 +46,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1684343812, "lastModified": 1685559570,
"narHash": "sha256-ZTEjiC8PDKeP8JRchuwcFXUNlMcyQ4U+DpyVZ3pB6Q4=", "narHash": "sha256-MNIQvLRoq92isMLR/ordKNCl+aXNiuwBM4QyqmS8d00=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "dfbdabbb3e797334172094d4f6c0ffca8c791281", "rev": "4338bc869e9874d54a4c89539af72f16666b2abe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -83,11 +83,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1684472660, "lastModified": 1685450011,
"narHash": "sha256-P4sR6f27FKoQuGnThELALUuJeu9mZ9Zh7/dYdaAd2ek=", "narHash": "sha256-/Az50GoWePZHL+Pkxy2ZuKW9zwIk+oVdzkR9xWomnpo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "efb2016c8e6a91ea64e0604d69e332d8aceabb95", "rev": "0d270372b21818eba342954220c1a30a7bdaba19",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -215,11 +215,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1685518550,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401", "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -287,20 +287,19 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs-stable" "nixpkgs-stable"
], ]
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1681092193, "lastModified": 1685599623,
"narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=", "narHash": "sha256-Tob4CMOVHue0D3RzguDBCtUmX5ji2PsdbQDbIOIKvsc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af", "rev": "93db05480c0c0f30382d3e80779e8386dcb4f9dd",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-22.11", "ref": "release-23.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -343,11 +342,11 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1683653883, "lastModified": 1685532165,
"narHash": "sha256-Xg3Cux5wQDatXRvQWsVD0YPfmxfijjG8+gxYqgoT6JE=", "narHash": "sha256-xHH9WbE9uya2B+j5w82HzpZVeErBt03/jtmWVRox0EU=",
"owner": "oxalica", "owner": "oxalica",
"repo": "nil", "repo": "nil",
"rev": "18de045d7788df2343aec58df7b85c10d1f5d5dd", "rev": "dcd38b96c91a2d07552f824a6480e00dc7b4948a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -359,11 +358,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1684169666, "lastModified": 1684899633,
"narHash": "sha256-N5jrykeSxLVgvm3Dd3hZ38/XwM/jU+dltqlXgrGlYxk=", "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "71ce85372a614d418d5e303dd5702a79d1545c04", "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -375,11 +374,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1684505307, "lastModified": 1685616147,
"narHash": "sha256-CpBdHt6/vwD9BqFv8lk9LY//6p3IJq4vvKPIcfQbDEg=", "narHash": "sha256-Y2BAkfSSCkH/SNIG2glh9vbdiQyWAFWr5Q4K0JgChlg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "91bfad070b89c95cda1c2a9131ace8481f742465", "rev": "4e80f80864db80ef05482325a379243c41f925fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -391,11 +390,11 @@
}, },
"nixpkgs-nixos-unstable": { "nixpkgs-nixos-unstable": {
"locked": { "locked": {
"lastModified": 1684385584, "lastModified": 1685383865,
"narHash": "sha256-O7y0gK8OLIDqz+LaHJJyeu09IGiXlZIS3+JgEzGmmJA=", "narHash": "sha256-3uQytfnotO6QJv3r04ajSXbEFMII0dUtw0uqYlZ4dbk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a", "rev": "5e871d8aa6f57cc8e0dc087d1c5013f6e212b4ce",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -423,27 +422,27 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1684398685, "lastModified": 1685533922,
"narHash": "sha256-TRE62m91iZ5ArVMgA+uj22Yda8JoQuuhc9uwZ+NoX+0=", "narHash": "sha256-y4FCQpYafMQ42l1V+NUrMel9RtFtZo59PzdzflKR/lo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c", "rev": "3a70dd92993182f8e514700ccf5b1ae9fc8a3b8d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-22.11", "ref": "nixos-23.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1684500955, "lastModified": 1685612768,
"narHash": "sha256-EJUdpm4lkMn+/HUl3NSHutK+jDLdOHvGBWgz8RlT6Ck=", "narHash": "sha256-XD1LKFG1N/VpcqQ63lQd6LdPHPAl/XbbLa00p5hfMW4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "98294130adb4c09ac5f66e83bf98d80b7853f1d3", "rev": "23621ea768b76cc7d98a1bd66f4bd90f049d9dda",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -524,11 +523,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1682907601, "lastModified": 1685413459,
"narHash": "sha256-FfUAYvRJ+6s9WWjXNPdRzuuvAeu2VHIXIbUkPJr4t14=", "narHash": "sha256-+ELexqS2yN0wj1WnmWdF24OfjRBIgTN6Ltcpjvp2dEo=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "5eaff055dd57128c53ae373dc96af944f5849daa", "rev": "9b3284e2412f76bd68ff46f8cf1c7af44d7ffac0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -547,11 +546,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1684032930, "lastModified": 1685434555,
"narHash": "sha256-ueeSYDii2e5bkKrsSdP12JhkW9sqgYrUghLC8aDfYGQ=", "narHash": "sha256-aZl0yeaYX3T2L3W3yXOd3S9OfpS+8YUOT2b1KwrSf6E=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "a376127bb5277cd2c337a9458744f370aaf2e08d", "rev": "876846cde9762ae563f018c17993354875e2538e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -575,21 +574,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

4
flake.nix
View file

@ -212,7 +212,7 @@
type = "github"; type = "github";
owner = "NixOS"; owner = "NixOS";
repo = "nixpkgs"; repo = "nixpkgs";
ref = "nixos-22.11"; ref = "nixos-23.05";
}; };
nixpkgs-rust-analyzer = { nixpkgs-rust-analyzer = {
@ -245,7 +245,7 @@
type = "github"; type = "github";
owner = "nix-community"; owner = "nix-community";
repo = "home-manager"; repo = "home-manager";
ref = "release-22.11"; ref = "release-23.05";
inputs.nixpkgs.follows = "nixpkgs-stable"; inputs.nixpkgs.follows = "nixpkgs-stable";
}; };

42
nixos/boxes/bolty/print-server.nix
View file

@ -1,45 +1,39 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}: {
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [631 6566]; networking.firewall.allowedTCPPorts = [ 631 6566 ];
networking.firewall.allowedUDPPorts = [631 6566]; networking.firewall.allowedUDPPorts = [ 631 6566 ];
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [epson-escpr]; drivers = with pkgs; [ epson-escpr ];
listenAddresses = ["*:631"]; listenAddresses = [ "*:631" ];
defaultShared = true; defaultShared = true;
browsing = true; browsing = true;
allowFrom = ["all"]; allowFrom = [ "all" ];
extraConf = '' extraConf = ''
ServerAlias * ServerAlias *
DefaultEncryption Never DefaultEncryption Never
''; '';
}; };
hardware.printers.ensurePrinters = [ hardware.printers.ensurePrinters = [{
{ description = "Epson XP-540";
description = "Epson XP-540"; location = "connected to bolty";
location = "connected to bolty"; name = "epson_xp540";
name = "epson_xp540"; deviceUri =
deviceUri = "usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1"; "usb://EPSON/XP-540%20Series?serial=583245393030303936&interface=1";
model = "raw"; model = "raw";
ppdOptions = {PageSize = "A4";}; ppdOptions = { PageSize = "A4"; };
} }];
];
hardware.sane = { hardware.sane = {
enable = true; enable = true;
extraBackends = with pkgs; [utsushi sane-airscan gawk]; extraBackends = with pkgs; [ sane-airscan gawk ];
snapshot = true; snapshot = true;
}; };
services.udev.packages = [pkgs.utsushi]; services.udev.packages = [ ];
environment.systemPackages = with pkgs; [gawk]; environment.systemPackages = with pkgs; [ gawk ];
services.saned = { services.saned = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''

3
nixos/common-hardware.nix
View file

@ -93,13 +93,12 @@
} }
]; ];
services.udev.packages = [ pkgs.utsushi ]; services.udev.packages = [ ];
hardware.sane = { hardware.sane = {
enable = true; enable = true;
snapshot = true; snapshot = true;
extraBackends = with pkgs; [ extraBackends = with pkgs; [
nixpkgs-nixos-unstable-and-unfree.samsung-unified-linux-driver nixpkgs-nixos-unstable-and-unfree.samsung-unified-linux-driver
utsushi
sane-airscan sane-airscan
gawk gawk
]; ];

5
nixos/gui/vscode.nix
View file

@ -8,6 +8,9 @@
inputs.nixpkgs-rust-analyzer.legacyPackages.x86_64-linux.vscode-extensions.rust-lang.rust-analyzer inputs.nixpkgs-rust-analyzer.legacyPackages.x86_64-linux.vscode-extensions.rust-lang.rust-analyzer
(vscode-utils.buildVscodeExtension { (vscode-utils.buildVscodeExtension {
vscodeExtUniqueId = "vadimcn.vscode-lldb"; vscodeExtUniqueId = "vadimcn.vscode-lldb";
vscodeExtPublisher = "vadimcn";
vscodeExtName = "vscode-lldb";
version = "1.6.10";
name = "vadimcn.vscode-lldb-1.6.10"; name = "vadimcn.vscode-lldb-1.6.10";
src = fetchurl { src = fetchurl {
name = "vadimcn.vscode-lldb.zip"; name = "vadimcn.vscode-lldb.zip";
@ -15,7 +18,7 @@
"https://github.com/vadimcn/vscode-lldb/releases/download/v1.6.10/codelldb-${pkgs.system}.vsix"; "https://github.com/vadimcn/vscode-lldb/releases/download/v1.6.10/codelldb-${pkgs.system}.vsix";
sha256 = "sha256-QWbpe6ofacjrTCyWSKljwHDWWeHGmKNqi7cpw8Qy5Tw="; sha256 = "sha256-QWbpe6ofacjrTCyWSKljwHDWWeHGmKNqi7cpw8Qy5Tw=";
}; };
buildInputs = with pkgs; [ llvm lldb python37 autoPatchelfHook ]; buildInputs = with pkgs; [ llvm lldb python38 autoPatchelfHook ];
}) })
] ++ vscode-utils.extensionsFromVscodeMarketplace [ ] ++ vscode-utils.extensionsFromVscodeMarketplace [
{ {

17
nixos/server-security.nix
View file

@ -1,8 +1,5 @@
{ { config, pkgs, ... }:
config, let
pkgs,
...
}: let
authorizedKeys = [ authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv"
@ -10,7 +7,7 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDa2qAxpUEFeBYl2wlzDa/x37TAAy5pOBHv50OXUrV5 cyryl@thinky" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDa2qAxpUEFeBYl2wlzDa/x37TAAy5pOBHv50OXUrV5 cyryl@thinky"
]; ];
in { in {
imports = [./security.nix]; imports = [ ./security.nix ];
security.acme.defaults.email = "admin@cyplo.dev"; security.acme.defaults.email = "admin@cyplo.dev";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
@ -18,8 +15,10 @@ in {
services.openssh = { services.openssh = {
enable = true; enable = true;
permitRootLogin = "prohibit-password"; settings = {
passwordAuthentication = false; PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
}; };
users.extraUsers.root.openssh.authorizedKeys.keys = authorizedKeys; users.extraUsers.root.openssh.authorizedKeys.keys = authorizedKeys;
@ -28,7 +27,7 @@ in {
openssh.authorizedKeys.keys = authorizedKeys; openssh.authorizedKeys.keys = authorizedKeys;
}; };
nix.settings.trusted-users = ["root" "nix-builder"]; nix.settings.trusted-users = [ "root" "nix-builder" ];
nix.sshServe.enable = true; nix.sshServe.enable = true;
nix.sshServe.keys = authorizedKeys; nix.sshServe.keys = authorizedKeys;
} }