cloud: Update nixpkgs to 24.11

natsukagami · Dec 2, 2024 · e4aae3b · e4aae3b
1 parent 67f6aba
commit e4aae3b
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 29 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -2,12 +2,12 @@
   description = "nki's systems";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
     nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
     nixos-hardware.url = "github:nixos/nixos-hardware";
     darwin.url = "github:lnl7/nix-darwin/master";
     darwin.inputs.nixpkgs.follows = "nixpkgs-unstable";
-    home-manager.url = "github:nix-community/home-manager/release-24.05";
+    home-manager.url = "github:nix-community/home-manager/release-24.11";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
     home-manager-unstable.url = "github:nix-community/home-manager";
     home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";

diff --git a/nki-personal-do/gitea.nix b/nki-personal-do/gitea.nix
@@ -180,7 +180,6 @@ in
         MINIO_USE_SSL = "true";
         MINIO_ENDPOINT = "60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com";
         MINIO_ACCESS_KEY_ID = "704c29ade7a8b438b77ab520da2799ca";
-        MINIO_SECRET_ACCESS_KEY = "#miniosecretkey#";
         MINIO_BUCKET = "dtth-gitea";
         MINIO_LOCATION = "auto";
         MINIO_CHECKSUM_ALGORITHM = "md5"; # R2 moment
@@ -192,7 +191,8 @@ in
 
     stateDir = "/mnt/data/gitea";
 
-    mailerPasswordFile = secrets."gitea/mailer-password".path;
+    secrets.mailer.PASSWD = secrets."gitea/mailer-password".path;
+    secrets.storage.MINIO_SECRET_ACCESS_KEY = config.sops.secrets."gitea/minio-secret-key".path;
 
     database = {
       inherit user;
@@ -216,14 +216,7 @@ in
     # https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7
     serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
     preStart =
-      let
-        configFile = "${config.services.forgejo.customDir}/conf/app.ini";
-      in
       ''
-        # Update minio secret key
-        chmod u+w ${configFile} && \
-        ${lib.getExe pkgs.replace-secret} '#miniosecretkey#' '${config.sops.secrets."gitea/minio-secret-key".path}' '${configFile}' && \
-        chmod u-w ${configFile}
         # Import the signing subkey
         if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
           echo "Keys already imported"

diff --git a/nki-personal-do/headscale.nix b/nki-personal-do/headscale.nix
@@ -35,23 +35,25 @@ rec {
     settings = {
       server_url = "https://hs.dtth.ch";
 
-      db_type = "postgres";
-      db_host = "/var/run/postgresql"; # find out yourself
-      db_user = "headscale";
-      db_name = "headscale";
+      database.type = "postgres";
+      database.postgres = {
+        host = "/var/run/postgresql"; # find out yourself
+        user = "headscale";
+        name = "headscale";
+      };
 
-      dns_config = {
-        base_domain = host;
+      dns = {
+        base_domain = "dtth.ts";
       };
 
       noise = {
         private_key_path = "/var/lib/headscale/noise_private.key";
       };
 
-      ip_prefixes = [
-        "fd7a:115c:a1e0::/48"
-        "100.64.0.0/10"
-      ];
+      prefixes = {
+        v6 = "fd7a:115c:a1e0::/48";
+        v4 = "100.64.0.0/10";
+      };
 
       derp.paths = [
         secrets."headscale/derp-servers/vnm".path