From 0c9de7710263f323d555e9f08a8a2820502cbc18 Mon Sep 17 00:00:00 2001 From: arcnmx Date: Fri, 29 Aug 2025 17:51:50 -0700 Subject: [PATCH] chore(ci): flake update --- flake.lock | 42 ++++++++++++++++---------------- nixos/base/system.nix | 4 --- nixos/cloudflared.nix | 7 ++++++ nixos/ollama/nextjs.nix | 1 - overlays/krb5.nix | 38 ++++++++++++----------------- overlays/llm.nix | 23 ----------------- systems/hakurei/nixos.nix | 2 +- systems/keycloak/nixos.nix | 2 +- systems/kuwubernetes/nixos.nix | 2 +- systems/logistics/nixos.nix | 2 +- systems/mediabox/cloudflared.nix | 4 +-- systems/utsuho/nixos.nix | 2 +- 12 files changed, 51 insertions(+), 78 deletions(-) diff --git a/flake.lock b/flake.lock index 8413a056..eba949b2 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1738017347, - "narHash": "sha256-qvpmVnA8wHlPrEdXIA1tyu6sJxgDMEOwPDG4IkX4sZ8=", + "lastModified": 1756437736, + "narHash": "sha256-ph2EiF6mVdl3LKqnMhGIEkbHzQQxMYfSHuIV0u6afYw=", "owner": "arcnmx", "repo": "nixexprs", - "rev": "b8dc621ea27c622703fbe96fb79eb092450f32b2", + "rev": "aae2391ff35114a820999e1718f86e2a39607eb4", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "ci": { "flake": false, "locked": { - "lastModified": 1738017179, - "narHash": "sha256-c+yh6vfsrSUHOWd0w596NHe0Kav4tG1ZUkPAbX4CEUo=", + "lastModified": 1752719221, + "narHash": "sha256-jUmXg9P/2dVGjrKxhVJ/3dzFJZ969QrfpHDPe+f6cLU=", "owner": "arcnmx", "repo": "ci", - "rev": "643c8b90bbe2b3a1e9900b6dd6f96ee8e73ff7f3", + "rev": "ada9995f7539a7d22d71b6f04227fd34a54d2ac0", "type": "github" }, "original": { @@ -68,11 +68,11 @@ ] }, "locked": { - "lastModified": 1727447169, - "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "lastModified": 1749105467, + "narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=", "owner": "serokell", "repo": "deploy-rs", - "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "rev": "6bc76b872374845ba9d645a2f012b764fecd765f", "type": "github" }, "original": { @@ -101,11 +101,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1738610386, - "narHash": "sha256-yb6a5efA1e8xze1vcdN2HBxqYr340EsxFMrDUHL3WZM=", + "lastModified": 1756496801, + "narHash": "sha256-IYIsnPy+cJxe8RbDHBrCtfJY0ry2bG2H7WvMcewiGS8=", "owner": "nix-community", "repo": "home-manager", - "rev": "066ba0c5cfddbc9e0dddaec73b1561ad38aa8abe", + "rev": "77a71380c38fb2a440b4b5881bbc839f6230e1cb", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738410390, - "narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", + "lastModified": 1756386758, + "narHash": "sha256-1wxxznpW2CKvI9VdniaUnTT2Os6rdRJcRUf65ZK9OtE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3a228057f5b619feb3186e986dbe76278d707b6e", + "rev": "dfb2f12e899db4876308eba6d93455ab7da304cd", "type": "github" }, "original": { @@ -267,11 +267,11 @@ ] }, "locked": { - "lastModified": 1738291974, - "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { diff --git a/nixos/base/system.nix b/nixos/base/system.nix index 0f9dd861..1aaa0972 100644 --- a/nixos/base/system.nix +++ b/nixos/base/system.nix @@ -29,8 +29,4 @@ in { useTmpfs = mkAlmostOptionDefault true; tmpfsSize = mkAlmostOptionDefault "80%"; }; - system.switch.enableNg = mkIf (config.boot.supportedFilesystems.nfs or false) ( - # XXX: workaround for nixos switch bug - mkAlmostOptionDefault false - ); } diff --git a/nixos/cloudflared.nix b/nixos/cloudflared.nix index 2ada8194..19c77824 100644 --- a/nixos/cloudflared.nix +++ b/nixos/cloudflared.nix @@ -12,6 +12,13 @@ in { metricsPort = mkDefault 3011; metricsBind = "[::]"; }; + users = mkIf cfg.enable { + users.cloudflared = { + group = mkDefault "cloudflared"; + isSystemUser = true; + }; + groups.cloudflared = {}; + }; networking.firewall = mkIf cfg.enable { interfaces.lan.allowedTCPPorts = mkIf (cfg.metricsPort != null) [ cfg.metricsPort diff --git a/nixos/ollama/nextjs.nix b/nixos/ollama/nextjs.nix index 1cef16d1..0e58030d 100644 --- a/nixos/ollama/nextjs.nix +++ b/nixos/ollama/nextjs.nix @@ -11,7 +11,6 @@ in { services.nextjs-ollama-llm-ui = { enable = mkDefault true; - package = mkAlmostOptionDefault pkgs.nextjs-ollama-llm-ui-develop; ollamaUrl = mkAlmostOptionDefault (access.proxyUrlFor {serviceName = "ollama";}); port = mkAlmostOptionDefault 3001; }; diff --git a/overlays/krb5.nix b/overlays/krb5.nix index 9fc2012e..5a47195e 100644 --- a/overlays/krb5.nix +++ b/overlays/krb5.nix @@ -5,26 +5,20 @@ in { withLdap = true; }; - freeipa = let - inherit (prev) freeipa; - python3 = final.python311; - freeipa'py311 = - (freeipa.override { - inherit python3; - }) - .overrideAttrs (old: { - nativeBuildInputs = - [ - python3 - ] - ++ old.nativeBuildInputs; - }); - isBroken = !(builtins.tryEval freeipa.outPath).success; - isUpdated = lib.versionAtLeast freeipa.version "4.12.2"; - isPythonUpdated = lib.versionAtLeast final.python3.version "3.12"; - warnFixed = lib.warnIf isUpdated "freeipa python overlay fix probably no longer needed"; - in - if isPythonUpdated && (isBroken || !isUpdated) - then freeipa'py311 - else warnFixed freeipa; + _389-ds-base = let + inherit (final) fetchpatch; + inherit (prev) _389-ds-base; + rust189warning = fetchpatch { + name = "389-ds-base-rust189.patch"; + url = "https://github.com/389ds/389-ds-base/commit/1701419551c246e9dc21778b118220eeb2258125.patch"; + hash = "sha256-trzY/fDH3rs66DWbWI+PY46tIC9ShuVqspMHqEEKZYA="; + }; + drv = _389-ds-base.overrideAttrs (old: { + patches = old.patches or [] ++ [ + rust189warning + ]; + }); + in if _389-ds-base.version == "3.1.3" + then drv + else lib.warn "389-ds-base patch probably no longer needed" _389-ds-base; } diff --git a/overlays/llm.nix b/overlays/llm.nix index 1797f637..a98747a7 100644 --- a/overlays/llm.nix +++ b/overlays/llm.nix @@ -17,29 +17,6 @@ in { acceleration = "rocm"; }; - nextjs-ollama-llm-ui-develop = prev.nextjs-ollama-llm-ui.overrideAttrs (old: rec { - version = "2024-08-27"; - name = "${old.pname}-${version}"; - - patches = let - packageRoot = final.path + "/pkgs/by-name/ne/nextjs-ollama-llm-ui"; - in [ - #(packageRoot + "/0001-update-nextjs.patch") - (packageRoot + "/0002-use-local-google-fonts.patch") - #(packageRoot + "/0003-add-standalone-output.patch") - ]; - - src = old.src.override { - rev = "7c8eb67c3eb4f18eaa9bde8007147520e3261867"; - hash = "sha256-Ym5RL+HbOmOM6CLYFf0JMsM+jMcFyCUAm1bD/CXeE+I="; - }; - npmDeps = final.fetchNpmDeps { - name = "${name}-npm-deps"; - hash = "sha256-8VRBUNUDwSQYhRJjqaKP/RwUgFKKoiQUPjGDFw37Wd4="; - inherit src patches; - }; - }); - wyoming-openwakeword = let inherit (prev) wyoming-openwakeword; drv = prev.wyoming-openwakeword.override { diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix index 4cc6bfe1..00e8a4eb 100644 --- a/systems/hakurei/nixos.nix +++ b/systems/hakurei/nixos.nix @@ -65,7 +65,7 @@ in { ]; sops.secrets.cloudflared-tunnel-hakurei = { - owner = config.services.cloudflared.user; + owner = "cloudflared"; }; services.cloudflared = let diff --git a/systems/keycloak/nixos.nix b/systems/keycloak/nixos.nix index cd2dc98d..9345b8a9 100644 --- a/systems/keycloak/nixos.nix +++ b/systems/keycloak/nixos.nix @@ -77,7 +77,7 @@ in { }; sops.secrets.cloudflared-tunnel-keycloak = { - owner = config.services.cloudflared.user; + owner = "cloudflared"; }; sops.defaultSopsFile = ./secrets.yaml; diff --git a/systems/kuwubernetes/nixos.nix b/systems/kuwubernetes/nixos.nix index 69cebc95..41c52e06 100644 --- a/systems/kuwubernetes/nixos.nix +++ b/systems/kuwubernetes/nixos.nix @@ -57,7 +57,7 @@ in { in { cloudflare_kubernetes_tunnel = { - owner = config.services.cloudflared.user; + owner = "cloudflared"; }; } // (genAttrs (map (name: "dex-${name}") dexFiles) (_: dexCommon)); diff --git a/systems/logistics/nixos.nix b/systems/logistics/nixos.nix index ae896cc3..7ce10bc5 100644 --- a/systems/logistics/nixos.nix +++ b/systems/logistics/nixos.nix @@ -37,7 +37,7 @@ in { services.printing.enable = true; - hardware.pulseaudio.enable = false; + services.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; diff --git a/systems/mediabox/cloudflared.nix b/systems/mediabox/cloudflared.nix index a774f543..5c6e5e05 100644 --- a/systems/mediabox/cloudflared.nix +++ b/systems/mediabox/cloudflared.nix @@ -3,12 +3,12 @@ lib, ... }: let - inherit (config.services) nginx tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared; + inherit (config.services) nginx tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr; inherit (lib.modules) mkMerge; inherit (lib.attrsets) mapAttrs' nameValuePair; in { sops.secrets.cloudflare_mediabox_tunnel = { - owner = cloudflared.user; + owner = "cloudflared"; }; services.cloudflared = let diff --git a/systems/utsuho/nixos.nix b/systems/utsuho/nixos.nix index 05210eda..a58a6f15 100644 --- a/systems/utsuho/nixos.nix +++ b/systems/utsuho/nixos.nix @@ -65,7 +65,7 @@ in { }; sops.secrets.cloudflared-tunnel-utsuho = { - owner = config.services.cloudflared.user; + owner = "cloudflared"; }; sops.defaultSopsFile = ./secrets.yaml;