flake.lock

@@ -86,11 +86,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1653308769,
+        "lastModified": 1653917170,
-        "narHash": "sha256-9bylbRkrmaUiYYjcVLd0JyvqpKveOUw5q2mBf2+pR0c=",
+        "narHash": "sha256-FyxOnEE/V4PNEcMU62ikY4FfYPo349MOhMM97HS0XEo=",
         "owner": "numtide",
         "repo": "devshell",
-        "rev": "a00abaeb902ff568f9542d4b6f335e3a4db5c548",
+        "rev": "fc7a3e3adde9bbcab68af6d1e3c6eb738e296a92",
         "type": "github"
       },
       "original": {
@@ -114,11 +114,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1653135531,
+        "lastModified": 1653944295,
-        "narHash": "sha256-pYwJrEQrG8BgeVcI+lveK3KbOBDx9MT28HxV09v+jgI=",
+        "narHash": "sha256-xoFmfL71JS/wP5SvkupqDB7SNhDFmb77dyiyniNAwYs=",
         "owner": "nix-community",
         "repo": "dream2nix",
-        "rev": "4b3dfb101fd2fdbe25bd128072f138276aa4bc82",
+        "rev": "ca7f4d0a7fb79813b446ebce097c3db538b37b8c",
         "type": "github"
       },
       "original": {
@@ -313,11 +313,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1653740649,
+        "lastModified": 1653841712,
-        "narHash": "sha256-3kZc+D03J+Uleftpdv5BuBogwkc45zvhDte/AI0BvaI=",
+        "narHash": "sha256-XBF4i1MuIRAEbFpj3Z3fVaYxzNEsYapyENtw3vG+q1I=",
         "owner": "hercules-ci",
         "repo": "hercules-ci-effects",
-        "rev": "6d99ef9727b1327ec7eb6fa2055b74bd88ea4709",
+        "rev": "e14d2131b7c81acca3904b584ac45fb72da64dd2",
         "type": "github"
       },
       "original": {
@@ -333,11 +333,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1653518057,
+        "lastModified": 1653943687,
-        "narHash": "sha256-cam3Nfae5ADeEs6mRPzr0jXB7+DhyMIXz0/0Q13r/yk=",
+        "narHash": "sha256-xXW9t24HLf89+n/92kOqRRfOBE3KDna+9rAOefs5WSQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "64831f938bd413cefde0b0cf871febc494afaa4f",
+        "rev": "8f3e26705178cc8c1d982d37d881fc0d5b5b1837",
         "type": "github"
       },
       "original": {
@@ -482,17 +482,15 @@
     "nix-super": {
       "inputs": {
         "lowdown-src": "lowdown-src_2",
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs_5",
-          "nixpkgs"
-        ],
         "nixpkgs-regression": "nixpkgs-regression"
       },
       "locked": {
-        "lastModified": 1652724099,
+        "lastModified": 1653842047,
-        "narHash": "sha256-w9GhILEhu8EdIH1+PnDOT9qWESB8wgbaP2gdIqHPfjk=",
+        "narHash": "sha256-rm8OIwU0+V9KMooDvj4Hdwio5MWjAn6CvdM3MU2tGhk=",
         "ref": "refs/heads/master",
-        "rev": "2e3c7f0fed04ddcaec3116a82f226927b243b527",
+        "rev": "c6087c318fbc238269487ec3feee3d6ad762aee7",
-        "revCount": 12055,
+        "revCount": 12253,
         "type": "git",
         "url": "https://git.privatevoid.net/max/nix-super-fork"
       },
@@ -581,16 +579,31 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1653653155,
+        "lastModified": 1645296114,
-        "narHash": "sha256-zeKfULtxT5f7yDHhg7awVhVEsTsMNGNS2/7xlymUIFU=",
+        "narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "13c15a84ffa02c5dd288f2398cd6eaf107d16dc5",
+        "rev": "530a53dcbc9437363471167a5e4762c5fcfa34a1",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-21.05-small",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_6": {
+      "locked": {
+        "lastModified": 1653948565,
+        "narHash": "sha256-jYfs8TQw/xRKOGg7NV+hVEZfYAVnqk4yEKhw111N4h4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7c1e79e294fe1be3cacb6408e3983bf2836c818e",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-21.11-small",
+        "ref": "nixos-22.05-small",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -688,24 +701,7 @@
         "mms": "mms",
         "nar-serve": "nar-serve",
         "nix-super": "nix-super",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_6"
-        "unstable": "unstable"
-      }
-    },
-    "unstable": {
-      "locked": {
-        "lastModified": 1653750779,
-        "narHash": "sha256-yQ5bsgAnUMS/MB2uRi+RANcXtlNENYp5+CZNvDVGxFo=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "fa66e6d444f37c80d973d75fd3e0d28e286d8ea4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable-small",
-        "repo": "nixpkgs",
-        "type": "github"
       }
     },
     "utils": {

flake.nix

@@ -2,11 +2,9 @@
   description = "Private Void system configurations";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11-small";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05-small";
-    unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
 
     nix-super.url = "git+https://git.privatevoid.net/max/nix-super-fork";
-    nix-super.inputs.nixpkgs.follows = "nixpkgs";
 
     home-manager.url = "github:nix-community/home-manager/master";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";

hosts/VEGAS/modules/database/default.nix

@@ -10,7 +10,7 @@
 
   services.mysql = {
     enable = true;
-    bind = "127.0.0.1";
+    settings.mysqld.bind-address = "127.0.0.1";
     package = pkgs.mariadb;
     dataDir = "/srv/storage/database/mariadb/data";
   };

hosts/VEGAS/modules/nginx/default.nix

@@ -6,7 +6,7 @@ in
   with tools.nginx.vhosts;
   with tools.nginx.mappers;
 {
-  security.acme.email = adminEmail;
+  security.acme.defaults.email = adminEmail;
   security.acme.acceptTerms = true;
   services.nginx = {
     enable = true;

hosts/VEGAS/modules/redis/default.nix

@@ -1,5 +1,5 @@
 {
-  services.redis = {
+  services.redis.servers.default = {
     enable = true;
   };
 }

hosts/VEGAS/services/api/default.nix

@@ -6,6 +6,9 @@ let
   proxy = tools.nginx.vhosts.proxy proxyTarget;
 in
 {
+  # n8n uses "Sustainable Use License"
+  nixpkgs.config.allowUnfree = true;
+
   reservePortsFor = [ "api" ];
 
   services.n8n = {

hosts/VEGAS/services/matrix/default.nix

@@ -3,7 +3,7 @@ let
   inherit (tools.meta) domain;
   listener = {
     port = 8008;
-    bind_address = "127.0.0.1";
+    bind_addresses = lib.singleton "127.0.0.1";
     type = "http";
     tls = false;
     x_forwarded = true;
@@ -22,27 +22,6 @@ let
     "im.vector.riot.jitsi".preferredDomain = config.services.jitsi-meet.hostName;
   };
   clientConfigJSON = pkgs.writeText "matrix-client-config.json" (builtins.toJSON clientConfig);
-  extraConfig = {
-    experimental_features.spaces_enabled = true;
-    federation_ip_range_blacklist = cfg.url_preview_ip_range_blacklist;
-    admin_contact = "mailto:admins@${domain}";
-    max_upload_size = "32M";
-    max_spider_size = "10M";
-    emable_registration = true;
-    allow_guest_access = true;
-    push.include_content = true;
-    group_creation_prefix = "unofficial/";
-    app_service_config_files =  [
-      "/etc/synapse/discord-registration.yaml"
-    ];
-    turn_uris = let
-      combinations = lib.cartesianProductOfSets {
-        proto = [ "udp" "tcp" ];
-        scheme = [ "turns" "turn" ];
-      };
-      makeTurnServer = x: "${x.scheme}:turn.${domain}?transport=${x.proto}";
-    in map makeTurnServer combinations;
-  };
   cfg = config.services.matrix-synapse;
 in {
   imports = [
@@ -82,27 +61,44 @@ in {
     enable = true;
     plugins = [ pkgs.matrix-synapse-plugins.matrix-synapse-ldap3 ];
 
+    settings = {
       server_name = domain;
       listeners = lib.singleton listener;
-
       url_preview_enabled = true;
+      experimental_features.spaces_enabled = true;
+      admin_contact = "mailto:admins@${domain}";
+      max_upload_size = "32M";
+      max_spider_size = "10M";
+      emable_registration = true;
+      allow_guest_access = true;
+      push.include_content = true;
+      group_creation_prefix = "unofficial/";
+      app_service_config_files =  [
+        "/etc/synapse/discord-registration.yaml"
+      ];
+      turn_uris = let
+        combinations = lib.cartesianProductOfSets {
+          proto = [ "udp" "tcp" ];
+          scheme = [ "turns" "turn" ];
+        };
+        makeTurnServer = x: "${x.scheme}:turn.${domain}?transport=${x.proto}";
+      in map makeTurnServer combinations;
+    };
 
-    extraConfigFiles = [
+    extraConfigFiles = map (x: config.age.secrets.${x}.path) [
-      (pkgs.writeText "synapse-extra-config.yaml" (builtins.toJSON extraConfig))
-    ] ++ (map (x: config.age.secrets.${x}.path) [
       "synapse-ldap"
       "synapse-db"
       "synapse-turn"
       "synapse-keys"
-    ]); 
+    ]; 
   };
 
   services.nginx.virtualHosts = tools.nginx.mappers.mapSubdomains {
     matrix = tools.nginx.vhosts.basic // {
       locations."/".return = "204";
       locations."/_matrix" = {
-        proxyPass = with listener; "${type}://${bind_address}:${builtins.toString port}";
+        proxyPass = "http://127.0.0.1:8008";
-        extraConfig = "client_max_body_size ${extraConfig.max_upload_size};";
+        extraConfig = "client_max_body_size ${cfg.settings.max_upload_size};";
       };
       locations."= /.well-known/matrix/client".alias = clientConfigJSON;
     };

hosts/VEGAS/services/nextcloud/default.nix

@@ -18,7 +18,7 @@ in
     };
   };
   services.nextcloud = {
-    package = pkgs.nextcloud23;
+    package = pkgs.nextcloud24;
     enable = true;
     https = true;
     hostName = "storage.${tools.meta.domain}";

hosts/VEGAS/services/sso/default.nix

@@ -17,29 +17,25 @@ in
     mode = "0400";
   };
   services.nginx.virtualHosts = { 
-    "${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.bindAddress}:${config.portsStr.keycloak}") {
+    "${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.settings.http-host}:${config.portsStr.keycloak}") {
       locations."= /".return = "302 /auth/realms/master/account/";
     };
     "account.${domain}" = vhosts.redirect "https://${login}/auth/realms/master/account/";
   };
   services.keycloak = {
     enable = true;
-    frontendUrl = "https://${login}/auth";
-    bindAddress = "127.0.0.1";
-    httpPort = config.portsStr.keycloak;
     database = {
       createLocally = true;
       type = "postgresql";
       passwordFile = config.age.secrets.keycloak-dbpass.path;
     };
-    extraConfig = {
+    settings = {
-      "subsystem=undertow" = {
+      http-host = "127.0.0.1";
-        "server=default-server" = {
+      http-port = config.ports.keycloak;
-          "http-listener=default" = {
+      hostname = login;
-            proxy-address-forwarding = true;
+      proxy = "edge";
-          };
+      # for backcompat, TODO: remove
-        };
+      http-relative-path = "/auth";
-      };
     };
   };
 }

hosts/prophet/modules/nginx/default.nix

@@ -6,7 +6,7 @@ in
   with tools.nginx.vhosts;
   with tools.nginx.mappers;
 {
-  security.acme.email = adminEmail;
+  security.acme.defaults.email = adminEmail;
   security.acme.acceptTerms = true;
   services.nginx = {
     enable = true;

modules/autopatch/default.nix

@@ -17,10 +17,6 @@
 
         jre_headless = patched.jre17_standard;
 
-      } // lib.optionalAttrs config.krb5.enable {
-        bind = patched.kerberized-bind;
-        dnsutils = patched.kerberized-dnsutils;
-        dig = patched.kerberized-dig;
       })
     )
   ];

packages/dream2nix-overrides/nodejs/default.nix

@@ -21,7 +21,7 @@ let
       repo = "libvips";
       rev = "v8.12.2";
       sha256 = "sha256-ffDJJWe/SzG+lppXEiyfXXL5KLdZgnMjv1SYnuYnh4c=";
-      extraPostFetch = ''
+      postFetch = ''
         rm -r $out/test/test-suite/images/
       '';
     };

packages/patched-derivations.nix

@@ -1,14 +1,7 @@
 let tools = import ./lib/tools.nix;
 in with tools;
 super: rec {
-  kerberized-bind = super.bind.overrideAttrs (attrs: {
+  hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nixVersions.nix_2_8; };
-    configureFlags = attrs.configureFlags ++ [ "--with-gssapi=${super.krb5.dev}" ];
-    buildInputs = attrs.buildInputs ++ [ super.krb5 ];
-  });
-  kerberized-dnsutils = kerberized-bind.dnsutils;
-  kerberized-dig = kerberized-bind.dnsutils;
-
-  hydra = (patch super.hydra-unstable "patches/base/hydra").override { nix = super.nix_2_4; };
 
   lain-ipfs = patch-rename (super.ipfs_latest or super.ipfs) "lain-ipfs" "patches/base/ipfs";
 

packages/projects.nix

@@ -60,16 +60,7 @@ in
       meta.mainProgram = "reflex";
     };
 
-    searxng = let
+    searxng = pkgs.callPackage ./web-apps/searxng { inherit pins; };
-      scope = pkgs.python3Packages.overrideScope (final: prev: let
-        pullDownPackages = pypkgs: lib.genAttrs pypkgs (pkgName:
-          final.callPackage  "${unstable}/pkgs/development/python-modules/${pkgName}/default.nix" {}
-        );
-      in pullDownPackages [ "httpcore" "httpx" "httpx-socks" "h2" "python-socks" "socksio" ]);
-    in pkgs.callPackage ./web-apps/searxng rec {
-      python3Packages = scope;
-      inherit pins;
-    };
 
     sips = pkgs.callPackage ./servers/sips { };
 

patches/base/ipfs/ipfs-unsafe-allow-all-paths-for-filestore.patch

@@ -1,12 +1,12 @@
 diff --git a/vendor/github.com/ipfs/go-filestore/fsrefstore.go b/vendor/github.com/ipfs/go-filestore/fsrefstore.go
-index 19927e0..7ff13aa 100644
+index 9eb2b43..43e336c 100644
 --- a/vendor/github.com/ipfs/go-filestore/fsrefstore.go
 +++ b/vendor/github.com/ipfs/go-filestore/fsrefstore.go
-@@ -281,9 +281,6 @@ func (f *FileManager) putTo(b *posinfo.FilestoreNode, to putter) error {
+@@ -291,9 +291,6 @@ func (f *FileManager) putTo(ctx context.Context, b *posinfo.FilestoreNode, to pu
- 		if !f.AllowFiles {
  			return ErrFilestoreNotEnabled
  		}
--		if !filepath.HasPrefix(b.PosInfo.FullPath, f.root) { //nolint:staticcheck
+ 		//lint:ignore SA1019 // ignore staticcheck
+-		if !filepath.HasPrefix(b.PosInfo.FullPath, f.root) {
 -			return fmt.Errorf("cannot add filestore references outside ipfs root (%s)", f.root)
 -		}