diff --git a/flake.lock b/flake.lock index 91e5a48..19eb6dd 100644 --- a/flake.lock +++ b/flake.lock @@ -107,11 +107,11 @@ ] }, "locked": { - "lastModified": 1688999869, - "narHash": "sha256-gLD2UI6+Nb9JV5Wh4FnLHAZwLMiY11RHYBKmBZCxLXc=", + "lastModified": 1689134369, + "narHash": "sha256-0G9dutIvhS/WUr3Awcnqw71g8EVVvvkOhVDnDDbY4Fw=", "owner": "nix-community", "repo": "home-manager", - "rev": "a6d1d954b81caf4c9291b8ac35452fef842f289b", + "rev": "e42fb59768f0305085abde0dd27ab5e0cc15420c", "type": "github" }, "original": { @@ -206,11 +206,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1688586836, - "narHash": "sha256-5uLYGa+8lysS1X5ehdU3ewmrMIG8p9+qS7yJ0LyhMHs=", + "lastModified": 1689103880, + "narHash": "sha256-vHRCkcpnBbFsPqUNXliUmdPU81jqyuL9ZPzj3vJx2RE=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "d460e9ff62ea1238fb3348a87326b743ae177902", + "rev": "69a4b7ad67d2732ba1f86666b3d4d2d83b15200e", "type": "gitlab" }, "original": { @@ -241,16 +241,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1689008574, - "narHash": "sha256-VFMgyHDiqsGDkRg73alv6OdHJAqhybryWHv77bSCGIw=", + "lastModified": 1689168768, + "narHash": "sha256-mCw3LPg2jJkapvJpkd1IZ8k0IJlSG2ECvz3vcOAu+Uo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4a729ce4b1fe5ec4fffc71c67c96aa5184ebb462", + "rev": "6fd9edc94426a3c050ad589c8f033b5ca55454c7", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "master", "repo": "nixpkgs", "type": "github" } @@ -288,6 +288,22 @@ "type": "github" } }, + "nixpkgs2": { + "locked": { + "lastModified": 1689008574, + "narHash": "sha256-VFMgyHDiqsGDkRg73alv6OdHJAqhybryWHv77bSCGIw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4a729ce4b1fe5ec4fffc71c67c96aa5184ebb462", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "notlua": { "inputs": { "nixpkgs": [ @@ -315,11 +331,11 @@ ] }, "locked": { - "lastModified": 1688609524, - "narHash": "sha256-Wqzk7qgiyGBZhy9PU0IIlaqnt3JCCOoxgS2/ZiGMtTc=", + "lastModified": 1689165382, + "narHash": "sha256-sBaEdI+lVJ6bcn287g3z8uc4wCRz9E+S5m67MWi/t6I=", "owner": "chayleaf", "repo": "notnft", - "rev": "442ec56617084bcc1b310cacb2e22e2c83bb6e3f", + "rev": "2ad8d7f831e05e0e646d345350f59b7030cb1cd6", "type": "github" }, "original": { @@ -330,11 +346,11 @@ }, "nur": { "locked": { - "lastModified": 1689062700, - "narHash": "sha256-uUD+KBJfX8kLALpB8cvIgSZ/xGWS34zBRbSlWsIyx80=", + "lastModified": 1689162346, + "narHash": "sha256-/Aaygnbta0Dd5cyKZVk3AVA/MEmcWjEasYzUQa/tkJc=", "owner": "nix-community", "repo": "NUR", - "rev": "7d0ac0daa6e05b6619f9172be4f05f785882dfaa", + "rev": "b1a645e8e9fee78ad8e1f32575a29d1af8de9cf8", "type": "github" }, "original": { @@ -354,6 +370,7 @@ "nixos-mailserver": "nixos-mailserver", "nixos-router": "nixos-router", "nixpkgs": "nixpkgs", + "nixpkgs2": "nixpkgs2", "notlua": "notlua", "notnft": "notnft", "nur": "nur", @@ -368,11 +385,11 @@ ] }, "locked": { - "lastModified": 1689042658, - "narHash": "sha256-p7cQAFNt5kX19sZvK74CmY0nTrtujpZg6sZUiV1ntAk=", + "lastModified": 1689129196, + "narHash": "sha256-/z/Al4sFcIh5oPQWA9MclQmJR9g3RO8UDiHGaj/T9R8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "d7181bb2237035df17cab9295c95f987f5c527e6", + "rev": "db8d909c9526d4406579ee7343bf2d7de3d15eac", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 891f19b..bc4d981 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,8 @@ description = "NixOS + Home Manager configuration of chayleaf"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/master"; + nixpkgs2.url = "github:nixos/nixpkgs/nixos-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware"; impermanence.url = "github:nix-community/impermanence"; nur.url = "github:nix-community/NUR"; @@ -45,7 +46,7 @@ }; }; - outputs = inputs@{ self, nixpkgs, nixos-hardware, impermanence, home-manager, nur, nix-gaming, notlua, notnft, nixos-mailserver, nixos-router, maubot, ... }: + outputs = inputs@{ self, nixpkgs, nixpkgs2, nixos-hardware, impermanence, home-manager, nur, nix-gaming, notlua, notnft, nixos-mailserver, nixos-router, maubot, ... }: let # --impure required for developing # it takes the paths for modules from filesystem as opposed to flake inputs @@ -103,6 +104,7 @@ specialArgs.server-config = nixosConfigurations.nixserver.config; modules = [ { + _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; _module.args.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system}; } (import ./system/devices/bpi-r3-router.nix "emmc") @@ -111,10 +113,13 @@ }; router-sd = rec { system = "aarch64-linux"; - specialArgs.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system}; specialArgs.router-lib = if devNixRt then import /${devPath}/nixos-router/lib.nix { inherit (nixpkgs) lib; } else nixos-router.lib.${system}; specialArgs.server-config = nixosConfigurations.nixserver.config; modules = [ + { + _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; + _module.args.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system}; + } (import ./system/devices/bpi-r3-router.nix "sd") (if devNixRt then (import /${devPath}/nixos-router) else nixos-router.nixosModules.default) ]; diff --git a/pkgs/default.nix b/pkgs/default.nix index b9ce40a..cdd4e45 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -16,14 +16,10 @@ in nixForNixPlugins = pkgs.nixVersions.nix_2_16; clang-tools_latest = pkgs.clang-tools_16; clang_latest = pkgs.clang_16; - steam-run = pkgs.steam-run.overrideAttrs (old: { - multiArch = true; - }); home-daemon = callPackage ./home-daemon { }; /*ghidra = pkgs.ghidra.overrideAttrs (old: { patches = old.patches ++ [ ./ghidra-stdcall.patch ]; });*/ - lalrpop = callPackage ./lalrpop { }; # pin version looking-glass-client = pkgs.looking-glass-client.overrideAttrs (old: { version = "B6"; @@ -37,7 +33,6 @@ in }); kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: { inherit (pkgs'.looking-glass-client) version src; - patches = [ ./kvmfr-linux6_4.patch ]; }); pineapplebot = callPackage ./pineapplebot.nix { }; proton-ge = pkgs.stdenvNoCC.mkDerivation { diff --git a/pkgs/lalrpop/default.nix b/pkgs/lalrpop/default.nix deleted file mode 100644 index d09146b..0000000 --- a/pkgs/lalrpop/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ lib -, rustPlatform -, rust -, fetchFromGitHub -, substituteAll -, stdenv -}: - -rustPlatform.buildRustPackage rec { - pname = "lalrpop"; - version = "0.19.9"; - - src = fetchFromGitHub { - owner = "lalrpop"; - repo = "lalrpop"; - rev = version; - hash = "sha256-1jXLcIlyObo9eIg0q6CyUTGhcAyZ8TDGmxxYhVxgcS8="; - }; - - cargoHash = "sha256-o1zpkwBmU1f/BZ4RrWuF5YvgjLhQOBOEdSbmouLPKAo="; - - patches = [ - (substituteAll { - src = ./use-correct-binary-path-in-tests.patch; - target_triple = rust.toRustTarget stdenv.hostPlatform; - }) - ]; - - buildAndTestSubdir = "lalrpop"; - - # there are some tests in lalrpop-test and some in lalrpop - checkPhase = '' - buildAndTestSubdir=lalrpop-test cargoCheckHook - cargoCheckHook - ''; - - meta = with lib; { - description = "LR(1) parser generator for Rust"; - homepage = "https://github.com/lalrpop/lalrpop"; - changelog = "https://github.com/lalrpop/lalrpop/blob/${src.rev}/RELEASES.md"; - license = with licenses; [ asl20 /* or */ mit ]; - maintainers = with maintainers; [ chayleaf ]; - }; -} diff --git a/pkgs/lalrpop/use-correct-binary-path-in-tests.patch b/pkgs/lalrpop/use-correct-binary-path-in-tests.patch deleted file mode 100644 index 0f46463..0000000 --- a/pkgs/lalrpop/use-correct-binary-path-in-tests.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/lalrpop-test/src/lib.rs b/lalrpop-test/src/lib.rs -index 087df01..9361a9e 100644 ---- a/lalrpop-test/src/lib.rs -+++ b/lalrpop-test/src/lib.rs -@@ -1031,7 +1031,7 @@ fn verify_lalrpop_generates_itself() { - // Don't remove the .rs file that already exist - fs::copy(&grammar_file, &copied_grammar_file).expect("no grammar file found"); - -- assert!(Command::new("../target/debug/lalrpop") -+ assert!(Command::new("../target/@target_triple@/release/lalrpop") - .args(&[ - "--force", - "--no-whitespace", diff --git a/system/hardware/bpi-r3/default.nix b/system/hardware/bpi-r3/default.nix index 5480892..287df7f 100644 --- a/system/hardware/bpi-r3/default.nix +++ b/system/hardware/bpi-r3/default.nix @@ -1,4 +1,5 @@ { pkgs +, pkgs2 , config , ... }: @@ -9,7 +10,7 @@ }; # boot.kernelPackages = pkgs.linuxPackages_testing; - boot.kernelPackages = pkgs.linuxPackages_bpiR3; + boot.kernelPackages = pkgs2.linuxPackages_bpiR3; hardware.deviceTree.enable = true; hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb"; diff --git a/system/hosts/nixmsi.nix b/system/hosts/nixmsi.nix index 9e4127d..e425cf8 100644 --- a/system/hosts/nixmsi.nix +++ b/system/hosts/nixmsi.nix @@ -159,4 +159,6 @@ man-pages man-pages-posix ]; documentation.dev.enable = true; + + impermanence.directories = [ /etc/nixos ]; } diff --git a/system/hosts/nixserver/matrix.nix b/system/hosts/nixserver/matrix.nix index e46809c..47f6acc 100644 --- a/system/hosts/nixserver/matrix.nix +++ b/system/hosts/nixserver/matrix.nix @@ -1,6 +1,5 @@ { config , lib -, pkgs , ... }: let @@ -50,37 +49,6 @@ in { enable = true; homeserver = "http://${lib.quoteListenAddr matrixAddr}:${toString matrixPort}/"; }; - # TODO: remove when https://github.com/NixOS/nixpkgs/pull/242912 is merged - systemd.services.heisenbridge.preStart = let - bridgeConfig = builtins.toFile "heisenbridge-registration.yml" (builtins.toJSON { - inherit (config.services.heisenbridge) namespaces; id = "heisenbridge"; - url = config.services.heisenbridge.registrationUrl; rate_limited = false; - sender_localpart = "heisenbridge"; - }); - in lib.mkForce '' - umask 077 - set -e -u -o pipefail - - if ! [ -f "/var/lib/heisenbridge/registration.yml" ]; then - # Generate registration file if not present (actually, we only care about the tokens in it) - ${config.services.heisenbridge.package}/bin/heisenbridge --generate --config /var/lib/heisenbridge/registration.yml - fi - - # Overwrite the registration file with our generated one (the config may have changed since then), - # but keep the tokens. Two step procedure to be failure safe - ${pkgs.yq}/bin/yq --slurp \ - '.[0] + (.[1] | {as_token, hs_token})' \ - ${bridgeConfig} \ - /var/lib/heisenbridge/registration.yml \ - > /var/lib/heisenbridge/registration.yml.new - mv -f /var/lib/heisenbridge/registration.yml.new /var/lib/heisenbridge/registration.yml - - # Grant Synapse access to the registration - if ${pkgs.getent}/bin/getent group matrix-synapse > /dev/null; then - chgrp -v matrix-synapse /var/lib/heisenbridge/registration.yml - chmod -v g+r /var/lib/heisenbridge/registration.yml - fi - ''; services.matrix-synapse = { enable = true; diff --git a/system/hosts/router/default.nix b/system/hosts/router/default.nix index 6da8ff7..42da2ba 100644 --- a/system/hosts/router/default.nix +++ b/system/hosts/router/default.nix @@ -465,6 +465,8 @@ in { allow_iot4 = add set { type = f: f.ipv4_addr; flags = f: with f; [ interval ]; }; allow_iot6 = add set { type = f: f.ipv6_addr; flags = f: with f; [ interval ]; }; + # TODO: is type=route hook=output better? it might help get rid of the routing inconsistency + # between router-originated and forwarded traffic prerouting = add chain { type = f: f.filter; hook = f: f.prerouting; prio = f: f.filter; policy = f: f.accept; } ([ [(mangle meta.mark ct.mark)] [(is.ne meta.mark 0) accept] diff --git a/system/modules/impermanence.nix b/system/modules/impermanence.nix index f1351e3..404a04f 100644 --- a/system/modules/impermanence.nix +++ b/system/modules/impermanence.nix @@ -15,7 +15,7 @@ in { }; path = mkOption { type = types.path; - default = if cfg.enable then throw "You must set path to persistent storage" else ""; + default = throw "You must set path to persistent storage"; description = "Default path for persistence"; }; directories = mkOption { @@ -48,15 +48,12 @@ in { hideMounts = true; directories = map (x: if builtins.isPath x then toString x - else if builtins.isAttrs x && x?directory && builtins.isPath x.directory then x // { directory = toString x.directory; } - else x) - ([ - # nixos files - { directory = /etc/nixos; user = "root"; group = "root"; mode = "0755"; } + else if builtins.isPath (x.directory or null) then x // { directory = toString x.directory; } + else x + ) ([ + # the following two can't be created by impermanence (i.e. they have to exist on disk in stage 1) { directory = /var/lib/nixos; user = "root"; group = "root"; mode = "0755"; } - { directory = /var/log; user = "root"; group = "root"; mode = "0755"; } - # persist this since everything here is cleaned up by systemd-tmpfiles over time anyway # ...or so I'd like to believe { directory = /var/lib/systemd; user = "root"; group = "root"; mode = "0755"; } @@ -74,7 +71,7 @@ in { { directory = /var/lib/swtpm-localca; user = "root"; group = "root"; mode = "0750"; } ]) ++ lib.optionals config.networking.wireless.iwd.enable [ { directory = /var/lib/iwd; user = "root"; group = "root"; mode = "0700"; } - ] ++ lib.optionals (builtins.any (x: x.useDHCP != false) (builtins.attrValues config.networking.interfaces) && config.networking.useDHCP) [ + ] ++ lib.optionals (builtins.any (x: x.useDHCP != false) (builtins.attrValues config.networking.interfaces) || config.networking.useDHCP) [ { directory = /var/db/dhcpcd; user = "root"; group = "root"; mode = "0755"; } ] ++ lib.optionals config.services.gitea.enable [ { directory = /var/lib/gitea; user = "gitea"; group = "gitea"; mode = "0755"; } @@ -121,8 +118,9 @@ in { ] ++ cfg.directories); files = map (x: if builtins.isPath x then toString x - else if builtins.isAttrs x && x?file && builtins.isPath x.file then x // { file = toString x.file; } - else x) ([ + else if builtins.isPath (x.file or null) then x // { file = toString x.file; } + else x + ) ([ # hardware-related /etc/adjtime # needed at least for /var/log diff --git a/system/modules/vfio.nix b/system/modules/vfio.nix index 7aa3b40..f95b011 100644 --- a/system/modules/vfio.nix +++ b/system/modules/vfio.nix @@ -132,7 +132,6 @@ in { ]; # kvmfrOverlay is defined in pkgs/default.nix # I use it to keep looking-glass and kvmfr's version pinned - # (and in this case also to keep linux 6.4 compatibility) extraModulePackages = lib.mkIf enableIvshmem [ ((pkgs.kvmfrOverlay or lib.id) config.boot.kernelPackages.kvmfr) ]; extraModprobeConfig = ''