flake: update to nixpkgs 2311
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
fc599096b4
commit
d7398e38df
28
flake.lock
28
flake.lock
@ -91,27 +91,27 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702195668,
|
"lastModified": 1706981411,
|
||||||
"narHash": "sha256-Lxmjez0nfNBptdqV5GsXKm7Bb7swjGsrxiLxWJu0tL8=",
|
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "33110fb3c7fe6a94b98b641866a5eddb64b7c23f",
|
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"ref": "release-23.05",
|
"ref": "release-23.11",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"impermanence": {
|
"impermanence": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703656108,
|
"lastModified": 1706639736,
|
||||||
"narHash": "sha256-hCSUqdFJKHHbER8Cenf5JRzjMlBjIdwdftGQsO0xoJs=",
|
"narHash": "sha256-CaG4j9+UwBDfinxxvJMo6yOonSmSo0ZgnbD7aj2Put0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "impermanence",
|
"repo": "impermanence",
|
||||||
"rev": "033643a45a4a920660ef91caa391fbffb14da466",
|
"rev": "cd13c2917eaa68e4c49fea0ff9cada45440d7045",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -123,27 +123,27 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1704290814,
|
"lastModified": 1707347730,
|
||||||
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
|
"narHash": "sha256-0etC/exQIaqC9vliKhc3eZE2Mm2wgLa0tj93ZF/egvM=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
|
"rev": "6832d0d99649db3d65a0e15fa51471537b2c56a6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixos-23.05",
|
"ref": "nixos-23.11",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1705316053,
|
"lastModified": 1707268954,
|
||||||
"narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
|
"narHash": "sha256-2en1kvde3cJVc3ZnTy8QeD2oKcseLFjYPLKhIGDanQ0=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
|
"rev": "f8e2ebd66d097614d51a56a755450d4ae1632df1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
flake-utils.url = "github:numtide/flake-utils";
|
flake-utils.url = "github:numtide/flake-utils";
|
||||||
@ -8,7 +8,7 @@
|
|||||||
agenix.url = "github:ryantm/agenix";
|
agenix.url = "github:ryantm/agenix";
|
||||||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
home-manager.url = "github:nix-community/home-manager/release-23.05";
|
home-manager.url = "github:nix-community/home-manager/release-23.11";
|
||||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
impermanence.url = "github:nix-community/impermanence/master";
|
impermanence.url = "github:nix-community/impermanence/master";
|
||||||
|
@ -254,7 +254,6 @@
|
|||||||
## Netdata
|
## Netdata
|
||||||
services.netdata = {
|
services.netdata = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = "caddy";
|
|
||||||
config = {
|
config = {
|
||||||
web = {
|
web = {
|
||||||
"bind to" = "unix:/run/netdata/netdata.sock";
|
"bind to" = "unix:/run/netdata/netdata.sock";
|
||||||
@ -268,11 +267,17 @@
|
|||||||
extraConfig = "reverse_proxy unix///run/netdata/netdata.sock";
|
extraConfig = "reverse_proxy unix///run/netdata/netdata.sock";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
users.users.caddy.extraGroups = [ "netdata" ];
|
||||||
### HACK: caddy needs tailscale to be up so allow it to restart on failure
|
### HACK: Allow Caddy to restart if it fails. This happens because Tailscale
|
||||||
systemd.services.caddy.serviceConfig = {
|
### is too late at starting. Upstream nixos caddy does restart on failure
|
||||||
Restart = lib.mkForce "on-failure";
|
### but it's prevented on exit code 1. Set the exit code to 0 (non-failure)
|
||||||
RestartSec = 15;
|
### to override this.
|
||||||
|
systemd.services.caddy = {
|
||||||
|
requires = [ "tailscaled.service" ];
|
||||||
|
after = [ "tailscaled.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
RestartPreventExitStatus = lib.mkForce 0;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -134,7 +134,17 @@
|
|||||||
reverse_proxy http://localhost:8000
|
reverse_proxy http://localhost:8000
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
systemd.services.caddy.requires = [ "tailscaled.service" ];
|
### HACK: Allow Caddy to restart if it fails. This happens because Tailscale
|
||||||
|
### is too late at starting. Upstream nixos caddy does restart on failure
|
||||||
|
### but it's prevented on exit code 1. Set the exit code to 0 (non-failure)
|
||||||
|
### to override this.
|
||||||
|
systemd.services.caddy = {
|
||||||
|
requires = [ "tailscaled.service" ];
|
||||||
|
after = [ "tailscaled.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
RestartPreventExitStatus = lib.mkForce 0;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.restic.backups."prune-128G" = {
|
services.restic.backups."prune-128G" = {
|
||||||
repository = "/data/backups/restic/128G";
|
repository = "/data/backups/restic/128G";
|
||||||
|
@ -17,7 +17,7 @@ in
|
|||||||
|
|
||||||
script = "${pkgs.writers.writePerl "hostinfo" {
|
script = "${pkgs.writers.writePerl "hostinfo" {
|
||||||
libraries = with pkgs; [
|
libraries = with pkgs; [
|
||||||
perl536Packages.HTTPDaemon
|
perlPackages.HTTPDaemon
|
||||||
];
|
];
|
||||||
} ''
|
} ''
|
||||||
use v5.10;
|
use v5.10;
|
||||||
|
@ -59,6 +59,8 @@ in
|
|||||||
name = x;
|
name = x;
|
||||||
value = {
|
value = {
|
||||||
home.persistence."/data/users/${x}" = {
|
home.persistence."/data/users/${x}" = {
|
||||||
|
allowOther = false;
|
||||||
|
|
||||||
files = [
|
files = [
|
||||||
".zsh_history"
|
".zsh_history"
|
||||||
] ++ cfg.userExtraFiles.${x} or [ ];
|
] ++ cfg.userExtraFiles.${x} or [ ];
|
||||||
|
@ -54,6 +54,8 @@ in
|
|||||||
extraConfig = {
|
extraConfig = {
|
||||||
EMAIL_DOMAIN_WHITELIST = "hillion.co.uk";
|
EMAIL_DOMAIN_WHITELIST = "hillion.co.uk";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
streamingProcesses = 9;
|
||||||
};
|
};
|
||||||
|
|
||||||
caddy = {
|
caddy = {
|
||||||
|
@ -16,6 +16,6 @@ in
|
|||||||
|
|
||||||
config = lib.mkIf cfg.jake.password {
|
config = lib.mkIf cfg.jake.password {
|
||||||
age.secrets."passwords/jake".file = ../secrets/passwords/jake.age;
|
age.secrets."passwords/jake".file = ../secrets/passwords/jake.age;
|
||||||
users.users.jake.passwordFile = config.age.secrets."passwords/jake".path;
|
users.users.jake.hashedPasswordFile = config.age.secrets."passwords/jake".path;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user