Mixed updates, flake update

2026-02-09 04:19:19 -08:00 · 2022-02-08 16:56:34 +00:00 · 2022-02-08 16:56:34 +00:00 · ce7d43ec54
commit ce7d43ec54
parent 3965c6978a
17 changed files with 72 additions and 76 deletions
--- a/config/profiles/base/nix.nix
+++ b/config/profiles/base/nix.nix
@ -5,28 +5,30 @@
  boot.loader.systemd-boot.configurationLimit = 8;

  nix = {
-    extraOptions = lib.optionalString (lib.versionAtLeast config.nix.package.version "2.4") ''
-        experimental-features = nix-command flakes
-    '';
    nixPath = [
      "nixpkgs=${inputs.nixpkgs}"
      "nur=${inputs.nur}"
      "arc=${inputs.arcexprs}"
      "ci=${inputs.ci}"
    ];
-    sandboxPaths = [
-      "/var/run/nscd/socket"
-    ];
-
-    binaryCaches = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org" "https://nixcache.reflex-frp.org" ];
-    binaryCachePublicKeys =
+    registry = {
+      nixpkgs.flake = inputs.nixpkgs;
+      nur.flake = inputs.nur;
+      arc.flake = inputs.arcexprs;
+      ci.flake = inputs.ci;
+    };
+    settings = {
+      experimental-features = lib.optional (lib.versionAtLeast config.nix.package.version "2.4") "nix-command flakes";
+      substituters = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org" "https://nixcache.reflex-frp.org" ];
+      trusted-public-keys =
        [ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
-    autoOptimiseStore = true;
+      auto-optimise-store = true;
+      trusted-users = [ "root" "@wheel" ];
+    };
    gc = {
      automatic = lib.mkDefault false;
      dates = lib.mkDefault "weekly";
      options = lib.mkDefault "--delete-older-than 1w";
    };
-    trustedUsers = [ "root" "@wheel" ];
  };
 }
--- a/config/profiles/base/ssh.nix
+++ b/config/profiles/base/ssh.nix
@ -30,7 +30,7 @@ with lib;
    enable = true;
    ports = lib.mkDefault [ 62954 ];
    passwordAuthentication = false;
-    challengeResponseAuthentication = false;
+    kbdInteractiveAuthentication = false;
    permitRootLogin = lib.mkDefault "prohibit-password";
    kexAlgorithms = [ "curve25519-sha256@libssh.org" ];
    extraConfig = ''
--- a/config/profiles/cross/arm-common.nix
+++ b/config/profiles/cross/arm-common.nix
@ -1,6 +1,6 @@
 { config, ... }: {
-  nix = {
-    binaryCaches = [ "https://thefloweringash-armv7.cachix.org/" ];
-    binaryCachePublicKeys = [ "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" ];
+  nix.settings = {
+    substituters = [ "https://thefloweringash-armv7.cachix.org/" ];
+    trusted-public-keys = [ "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" ];
  };
 }
--- a/config/profiles/cross/armv6.nix
+++ b/config/profiles/cross/armv6.nix
@ -1,7 +1,7 @@
 { config, ... }: {
-  nix = {
-    binaryCaches = [ "https://arm.cachix.org/" ];
-    binaryCachePublicKeys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ];
+  nix.settings = {
+    substituters = [ "https://arm.cachix.org/" ];
+    trusted-public-keys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ];
  };
  boot.binfmt = {
    emulatedSystems = [ "armv6l-linux" ];
--- a/config/profiles/cross/armv7.nix
+++ b/config/profiles/cross/armv7.nix
@ -1,7 +1,7 @@
 { config, ... }: {
-  nix = {
-    binaryCaches = [ "https://arm.cachix.org/" ];
-    binaryCachePublicKeys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ];
+  nix.settings = {
+    substituters = [ "https://arm.cachix.org/" ];
+    trusted-public-keys = [ "arm.cachix.org-1:5BZ2kjoL1q6nWhlnrbAl+G7ThY7+HaBRD9PZzqZkbnM=" ];
  };
  boot.binfmt = {
    emulatedSystems = [ "armv7l-linux" ];
--- a/config/profiles/vfio/profile.nix
+++ b/config/profiles/vfio/profile.nix
@ -154,10 +154,6 @@ in {
      kernelModules = [ "i2c-dev" ]; # i2c-dev is required for DDC/CI for screenstub
      kernelPatches = with pkgs.kernelPatches; [
        (mkIf config.deploy.profile.hardware.acs-override acs-override)
-        {
-          name = "clocksource-reduce-tsc-tolerance";
-          patch = ./tsc-tolerance.patch;
-        }
      ];
    }
      (mkIf (config.deploy.profile.hardware.amdgpu) {
--- a/config/services/mail/rspamd.nix
+++ b/config/services/mail/rspamd.nix
@ -14,7 +14,7 @@ in
              extended_spam_headers = yes;
          ''; };
          "redis.conf" = { text = ''
-              servers = "127.0.0.1:${toString config.services.redis.port}";
+              servers = "127.0.0.1:${toString config.services.redis.servers.rspamd.port}";
          ''; };
          "classifier-bayes.conf" = { text = ''
              cache {
@ -67,7 +67,7 @@ in

    };

-    services.redis.enable = true;
+    services.redis.servers.rspamd.enable = true;

    systemd.services.rspamd = {
      requires = [ "redis.service" ];
--- a/config/services/mail/sogo.nix
+++ b/config/services/mail/sogo.nix
@ -54,6 +54,7 @@
          "postgresql://sogo@/sogo/sogo_sessions_folder";
      SOGoMailingMechanism = "smtp";
      SOGoForceExternalLoginWithEmail = YES;
+      SOGoSMTPAuthenticationType = PLAIN;
      SOGoSMTPServer = "smtps://${config.network.addresses.public.domain}:465";
      SOGoIMAPServer = "imaps://${config.network.addresses.public.domain}:993";
      SOGoUserSources = (
--- a/config/services/nginx.nix
+++ b/config/services/nginx.nix
@ -39,8 +39,8 @@ with lib;
  };

  security.acme = {
-    #defaults.email = config.network.dns.email;
-    email = config.network.dns.email;
+    defaults.email = config.network.dns.email;
+    #email = config.network.dns.email;
    acceptTerms = true;
  };
 }
--- a/config/tf
+++ b/config/tf
@ -1 +1 @@
-Subproject commit c37443d54bb36efa3ca23847b3c515c3ece0a943
+Subproject commit bf30d9da585eae6fa6140a482e0012d1e46127ba
--- a/config/users/kat/i3/polybar.nix
+++ b/config/users/kat/i3/polybar.nix
@ -259,7 +259,7 @@
              padding = 1;
              background = background_light;
            };
-            interval = 60;
+            interval = 1;
            date = "%a, %F";
            time = "%T";
          };
@ -288,7 +288,7 @@ set -eu
 set -o pipefail

 if gpg --card-status &> /dev/null; then
-	user="$(gpg --card-status | grep 'Login data' | awk '{print $NF}')";
+  #user="$(gpg --card-status | grep 'Login data' | awk '{print $NF}')";
 	status='%{B${string}}  %{B-}'
 else
 	status='%{B${variable}}  %{B-}'
--- a/config/users/kat/personal/packages.nix
+++ b/config/users/kat/personal/packages.nix
@ -3,7 +3,6 @@
 {
  home.packages = with pkgs; [
    pinentry.gtk2
-    niv
    borgbackup
  ];
 }
--- a/config/users/kat/personal/shell.nix
+++ b/config/users/kat/personal/shell.nix
@ -6,7 +6,5 @@
      ${pkgs.kitty}/bin/kitty +kitten icat ${./nano.png}
    '';
  };
-  programs.zsh = {
-    shellAliases = mapListToAttrs (attr: nameValuePair "abby${attr}" "mpv $(bitw get secrets/abby -f ${attr})") [ "radio" "tv" ];
-  };
+  home.packages = map (attr: pkgs.writeShellScriptBin "abby${attr}" "mpv $(bitw get secrets/abby -f ${attr})") [ "radio" "tv" ];
 }
--- a/flake.lock
+++ b/flake.lock
@ -20,11 +20,11 @@
    "arcexprs": {
      "flake": false,
      "locked": {
-        "lastModified": 1641269180,
-        "narHash": "sha256-yxKrSjZIsagr6DoiTSfHk9FTMNmMWd6/eCdIbANQUY8=",
+        "lastModified": 1644261878,
+        "narHash": "sha256-V0Dn63YTjvWdPvdmtMsYZWPkxmkRK8C1xGCQV4Sf3qw=",
        "owner": "arcnmx",
        "repo": "nixexprs",
-        "rev": "ae4a52292edbcc49e39e9d40f70f2b27948ef4a6",
+        "rev": "a8ad4007716a9b1bd796394c7f3e92faf6f4c75c",
        "type": "github"
      },
      "original": {
@ -37,11 +37,11 @@
    "ci": {
      "flake": false,
      "locked": {
-        "lastModified": 1638109861,
-        "narHash": "sha256-i87WzlLPk8bG5ampBaL9Qj5Fu6BN9QN/qkyF1FUtWG0=",
+        "lastModified": 1643398418,
+        "narHash": "sha256-j7Z+k1dUg65vvBhME+c3ve1Oxlu5GeI4oNwdo1NGL10=",
        "owner": "arcnmx",
        "repo": "ci",
-        "rev": "58ffa52cb91df95120734019cc1af800ee585b80",
+        "rev": "1d38e73657284793de5251738adbe2c04a151c08",
        "type": "github"
      },
      "original": {
@ -86,11 +86,11 @@
    },
    "emacs-overlay": {
      "locked": {
-        "lastModified": 1638984290,
-        "narHash": "sha256-T+LusWWmE7NrGtMsxORMJzgKrZYooQJZIJRppjuCnLI=",
+        "lastModified": 1644315846,
+        "narHash": "sha256-/DVsxnczKZdY6neJO5a0tjYR+rjmNHtTSb5NXqYHzzI=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
-        "rev": "4f68299096f42f9499f615f97ac295b218ecae21",
+        "rev": "b95461861c8b5b7432cfc13306477d17c684d80d",
        "type": "github"
      },
      "original": {
@ -199,11 +199,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1627913399,
-        "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
+        "lastModified": 1641205782,
+        "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
+        "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
        "type": "github"
      },
      "original": {
@ -214,11 +214,11 @@
    },
    "flake-utils": {
      "locked": {
-        "lastModified": 1638122382,
-        "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
+        "lastModified": 1644229661,
+        "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "74f7e4319258e287b0f9cb95426c9853b282730b",
+        "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
        "type": "github"
      },
      "original": {
@ -264,11 +264,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1638959036,
-        "narHash": "sha256-d75Ow/rV3nq4penfTJz9H3/OlIHttoKoJUDEfink/8k=",
+        "lastModified": 1644255659,
+        "narHash": "sha256-VuPFOttrBRTOJqPY5yboxVdk1xZjSSlOSDDbBCMKioo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "829e89a16f4f96428d1b94e68d4c06107b5491c0",
+        "rev": "1ca6293c8fb1dbe13c48fe518440c288256cd562",
        "type": "github"
      },
      "original": {
@ -280,11 +280,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1638981861,
-        "narHash": "sha256-rDEn/hU9ayDig2HMYKN71InhY1LV5slxp9Zy2iPBysQ=",
+        "lastModified": 1644014516,
+        "narHash": "sha256-PkD35S6lduaU6mLcraFY0vj608RPv1kQp5uaFd/s26o=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "df5038f20c9efd442944fe26b93f41c0dc5217da",
+        "rev": "ff540dbe20556f6119d80f5c79796a0698a4ee38",
        "type": "github"
      },
      "original": {
@ -391,11 +391,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1638806821,
-        "narHash": "sha256-v2qd2Bsmzft53s43eCbN+4ocrLksRdFLyF/MAGuWuDA=",
+        "lastModified": 1644278373,
+        "narHash": "sha256-9riYZyVing7OQUUWELSojlbt9u0xDh0Xm5Eg8FQn0fc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "bc5d68306b40b8522ffb69ba6cff91898c2fbbff",
+        "rev": "60c52a73f1d5858020ac4f161cd5bf1c9650f8b8",
        "type": "github"
      },
      "original": {
@ -423,11 +423,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1639003260,
-        "narHash": "sha256-orrydgXlevz6XdtcsMk1F3CjXFFQPrRInzDgTgXH9/A=",
+        "lastModified": 1644334785,
+        "narHash": "sha256-QxpTrls9SaQMKdIyV2c8WkkEkacqT3WLQXt/Fbo/T3g=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "c67a780f8b0ca614ec7e1800d8a597f26e595668",
+        "rev": "9855bc140c3a4b5abd9cd9698fb4ef0da912af19",
        "type": "github"
      },
      "original": {
@ -587,11 +587,11 @@
    "tf-nix": {
      "flake": false,
      "locked": {
-        "lastModified": 1639529339,
-        "narHash": "sha256-r+nIyHAKUZA3bWOlpNpu2ferhXYx4f3TbtMEJpVfbVg=",
+        "lastModified": 1644337454,
+        "narHash": "sha256-jghbOdIc8b49am3pP6zzDBh707HDzJHHIRHufXfhNPw=",
        "owner": "arcnmx",
        "repo": "tf-nix",
-        "rev": "932837bbc371389ff3597a2e5b4791b45b5e18bd",
+        "rev": "550c741369a13095208b04333866348b1cbaf1a6",
        "type": "github"
      },
      "original": {
--- a/overlays/local/vm.nix
+++ b/overlays/local/vm.nix
@ -9,7 +9,7 @@ writeShellScriptBin "win10-vm" ''
  -blockdev '{"node-name":"libvirt-pflash1-format","read-only":false,"driver":"raw","file":"libvirt-pflash1-storage"}' \
  -machine pc-q35-5.1,accel=kvm,usb=off,vmport=off,dump-guest-core=off,pflash0=libvirt-pflash0-format,pflash1=libvirt-pflash1-format \
   -monitor stdio \
-   -cpu host,migratable=no,topoext=on,host-cache-info=on,+invtsc,hv_time,hv_relaxed,hv_vpindex,hv_synic,hv_spinlocks=0x1fff,hv_vendor_id=ab12341234ab$,hv_vapic,-amd-stibp \
+   -cpu host,topoext=on,host-cache-info=on,+invtsc,smep=off,hv_time,hv_relaxed,hv_spinlocks=0x1fff,hv_vendor_id=ab12341234ab$,hv_vapic,-amd-stibp \
   -m 12288 \
   -mem-path /dev/hugepages1G/qemu-win10-vm -mem-prealloc \
   -smp 8,sockets=1,dies=1,cores=4,threads=2 \
--- a/trusted/flake.lock
+++ b/trusted/flake.lock
@ -413,12 +413,12 @@
        ]
      },
      "locked": {
-        "narHash": "sha256-Ivl7zeruE4IBziVoN45np+79Mqme7APYC+fVgHqjvyg=",
-        "path": "/nix/store/njggqc0knm08q2cmxxn2009ig1gnirgz-source",
+        "narHash": "sha256-2cZ6237JhyatPQObd0Q2FVqoXnXYDcKiCpzWxkF5eRk=",
+        "path": "/nix/store/zkwg2mlqw200n2v8170738q69lk45yj2-source",
        "type": "path"
      },
      "original": {
-        "path": "/nix/store/njggqc0knm08q2cmxxn2009ig1gnirgz-source",
+        "path": "/nix/store/zkwg2mlqw200n2v8170738q69lk45yj2-source",
        "type": "path"
      }
    },
@ -624,11 +624,11 @@
    "trusted": {
      "flake": false,
      "locked": {
-        "lastModified": 1637629540,
-        "narHash": "sha256-uWqbVzpZB9PJSyswP+k7cTSdGR5kz0rYBzGzWQxIhco=",
+        "lastModified": 1639598693,
+        "narHash": "sha256-stR1xQiJCt1PM0JocMpdSC14/2QcDFKjIX4wRJJzQRE=",
        "ref": "main",
-        "rev": "4a7020983e7c7d246971edde580b8d3914bd2563",
-        "revCount": 88,
+        "rev": "1b831ed778fad5919d09cb8b70fc3ede0851729d",
+        "revCount": 89,
        "type": "git",
        "url": "ssh://git@github.com/kittywitch/nixfiles-trusted"
      },