From 59723f33102d8be604d19ef60b13678a102ab218 Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Thu, 1 Jun 2023 20:33:05 +0200 Subject: [PATCH] Update to 23.05 --- flake.lock | 75 ++++++++++++++++++------------ flake.nix | 7 ++- hosts/cirrus/configuration.nix | 14 ------ hosts/dishwasher/configuration.nix | 14 ------ microvms/music/default.nix | 10 ---- microvms/news/default.nix | 10 ---- microvms/nextcloud/default.nix | 10 ---- modules/emacs.nix | 4 +- modules/server/default.nix | 8 ++++ modules/server/ssh.nix | 13 ++++++ 10 files changed, 75 insertions(+), 90 deletions(-) create mode 100644 modules/server/default.nix create mode 100644 modules/server/ssh.nix diff --git a/flake.lock b/flake.lock index 58fffc5..024951d 100644 --- a/flake.lock +++ b/flake.lock @@ -40,14 +40,15 @@ ], "nixpkgs": [ "nixpkgs-unstable" - ] + ], + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1685384353, - "narHash": "sha256-AIJW/Mu0s2gf1M1Hn5U5tuFMnJRpZ4dVai42x6CpimU=", + "lastModified": 1685787331, + "narHash": "sha256-th38r/V0uUDeflZ8cfiXX5rv/ioZhicBW9M0y8r4KMU=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "3ed7dbbbfaf8014175bc25d3f88702e4e522d9d6", + "rev": "fbbf354bceb8d42d1e0eef8116b66e9947c84017", "type": "github" }, "original": { @@ -64,11 +65,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1685341338, - "narHash": "sha256-krAvPYZ8B1xF+90OaYcEyFw1W7L4bPskjcRFKA+NaQE=", + "lastModified": 1685773231, + "narHash": "sha256-UXX8dNzmZFqQhvHKPoarLxgTUll+knUHLW1W71gwnEQ=", "owner": "nix-community", "repo": "fenix", - "rev": "9a32630ddfa5bf4e31c94b360cb29cdcd15960e6", + "rev": "09380d8560af38fffc04d95951b981f5b754ff48", "type": "github" }, "original": { @@ -119,11 +120,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1685518550, + "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", "type": "github" }, "original": { @@ -169,11 +170,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1685349926, - "narHash": "sha256-c1rKI1glJWdJIPefp9aiyhAkEZ4Sc6Rh/J5VumEXu1M=", + "lastModified": 1685709197, + "narHash": "sha256-ASoXZVoXj6L9PzNDfuDrAxrqaDuH7e1qTzdzkOODu4M=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "2e62c11babeead4b26efbb7f2cd4488baaa2e897", + "rev": "e422970c1bc3351bb7a20cf6e30e78d975280ed3", "type": "github" }, "original": { @@ -207,11 +208,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1685314633, - "narHash": "sha256-8LXBPqTQXl5ofkjpJ18JcbmLJ/lWDoMxtUwiDYv0wro=", + "lastModified": 1685620773, + "narHash": "sha256-iQ+LmporQNdLz8uMJdP62TaAWeLUwl43/MYUBtWqulM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c8a17ce7abc03c50cd072e9e6c9b389c5f61836b", + "rev": "f0ba8235153dd2e25cf06cbf70d43efdd4443592", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1685650716, + "narHash": "sha256-sDd7QIcMbIb37nuqMrJElvuyE5eVgWuKGtIPP8IWwCc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f7c1500e2eefa58f3c80dd046cba256e10440201", "type": "github" }, "original": { @@ -221,7 +238,7 @@ "type": "github" } }, - "nixpkgs-stable": { + "nixpkgs-stable_2": { "locked": { "lastModified": 1678872516, "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", @@ -237,7 +254,7 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable_3": { "locked": { "lastModified": 1685215858, "narHash": "sha256-IRMFoDXA6cYx3ifVw3B2JcC4JrjT5v7tRAx2vro2Ffs=", @@ -255,11 +272,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1685290091, - "narHash": "sha256-GGQYNZ7POoqPTtXgPOLUuSiHkOKFRWYpCoWUOSeSRoU=", + "lastModified": 1685655444, + "narHash": "sha256-6EujQNAeaUkWvpEZZcVF8qSfQrNVWFNNGbUJxv/A5a8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4e37b4e55b60fb7d43d2b62deb51032a489bcbe8", + "rev": "e635192892f5abbc2289eaac3a73cdb249abaefd", "type": "github" }, "original": { @@ -284,7 +301,7 @@ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1682596858, @@ -316,11 +333,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1685280411, - "narHash": "sha256-8fOFw6B9lDUt4slKAGHj6Bipi5or7nNQvOB9vvN2R9U=", + "lastModified": 1685736988, + "narHash": "sha256-2Z9Auifh8bTp4gw+rySAUSVq0B0cEKJyoV3Znb8wfcQ=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "505fd09f9e020b096d014e68b667268e743c2dd6", + "rev": "7f3bfc6ae75a47e1fd8d79b4dde79956cdd98093", "type": "github" }, "original": { @@ -360,14 +377,14 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { - "lastModified": 1685242617, - "narHash": "sha256-UBPXGfGwGMJm2Wj9kDj8+TMMK2PTouSM/TpiXYtaqtQ=", + "lastModified": 1685434555, + "narHash": "sha256-aZl0yeaYX3T2L3W3yXOd3S9OfpS+8YUOT2b1KwrSf6E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3e016341d4dca6ce7c62316f90e66341841a30f9", + "rev": "876846cde9762ae563f018c17993354875e2538e", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 079c160..c1fe517 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ inputs = { nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; flake-utils.url = "github:numtide/flake-utils"; @@ -106,6 +106,7 @@ sops-nix.nixosModules.sops ./hosts/cirrus ./modules/basic-tools + ./modules/server ]; }; @@ -118,6 +119,7 @@ ./hosts/dishwasher ./modules/basic-tools ./modules/binary-caches.nix + ./modules/server ]; }; @@ -128,6 +130,7 @@ sops-nix.nixosModules.sops microvm.nixosModules.microvm ./microvms/nextcloud + ./modules/server ]; }; @@ -138,6 +141,7 @@ sops-nix.nixosModules.sops microvm.nixosModules.microvm ./microvms/music + ./modules/server ]; }; @@ -148,6 +152,7 @@ sops-nix.nixosModules.sops microvm.nixosModules.microvm ./microvms/news + ./modules/server ]; }; }; diff --git a/hosts/cirrus/configuration.nix b/hosts/cirrus/configuration.nix index 3c02b32..bfdf7f5 100644 --- a/hosts/cirrus/configuration.nix +++ b/hosts/cirrus/configuration.nix @@ -7,7 +7,6 @@ { # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; - boot.loader.grub.version = 2; boot.loader.grub.efiSupport = true; boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only @@ -43,21 +42,8 @@ # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - - # Enable the OpenSSH daemon. - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 348" - ]; - - # enable openssh - services.openssh = { - enable = true; - permitRootLogin = "prohibit-password"; - }; - # Open ports in the firewall. networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 22 ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. diff --git a/hosts/dishwasher/configuration.nix b/hosts/dishwasher/configuration.nix index 7d7009a..8236101 100644 --- a/hosts/dishwasher/configuration.nix +++ b/hosts/dishwasher/configuration.nix @@ -73,20 +73,6 @@ supportedLocales = [ "all" ]; }; - # List services that you want to enable: - - # Enable the OpenSSH daemon. - programs.mosh.enable = true; - services.openssh = { - enable = true; - permitRootLogin = "prohibit-password"; - }; - networking.firewall.allowedTCPPorts = [ 22 ]; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 348" - ]; - - # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. diff --git a/microvms/music/default.nix b/microvms/music/default.nix index 7ae2752..6c5d053 100644 --- a/microvms/music/default.nix +++ b/microvms/music/default.nix @@ -36,15 +36,5 @@ hostName = "music"; }; - services.openssh = { - enable = true; - permitRootLogin = "prohibit-password"; - }; - - networking.firewall.allowedTCPPorts = [ 22 ]; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 348" - ]; - system.stateVersion = "22.11"; } diff --git a/microvms/news/default.nix b/microvms/news/default.nix index de074ef..dfb196c 100644 --- a/microvms/news/default.nix +++ b/microvms/news/default.nix @@ -35,15 +35,5 @@ hostName = "news"; }; - services.openssh = { - enable = true; - permitRootLogin = "prohibit-password"; - }; - - networking.firewall.allowedTCPPorts = [ 22 ]; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 348" - ]; - system.stateVersion = "22.11"; } diff --git a/microvms/nextcloud/default.nix b/microvms/nextcloud/default.nix index a9bb456..c2c669c 100644 --- a/microvms/nextcloud/default.nix +++ b/microvms/nextcloud/default.nix @@ -112,15 +112,5 @@ hostName = "nextcloud"; }; - services.openssh = { - enable = true; - permitRootLogin = "prohibit-password"; - }; - - networking.firewall.allowedTCPPorts = [ 22 ]; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 348" - ]; - system.stateVersion = "22.05"; } diff --git a/modules/emacs.nix b/modules/emacs.nix index 67aa4b6..74113dd 100644 --- a/modules/emacs.nix +++ b/modules/emacs.nix @@ -12,7 +12,7 @@ services.emacs = { install = true; enable = false; - package = with pkgs; ((emacsPackagesFor (emacsPgtk.overrideAttrs (old: { + package = with pkgs; ((emacsPackagesFor (emacs-pgtk.overrideAttrs (old: { passthru = old.passthru // { treeSitter = true; }; @@ -23,7 +23,7 @@ vterm pdf-tools ])); - defaultEditor = lib.mkDefault false; + defaultEditor = lib.mkDefault true; }; } diff --git a/modules/server/default.nix b/modules/server/default.nix new file mode 100644 index 0000000..28292d8 --- /dev/null +++ b/modules/server/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./ssh.nix + ]; + + networking.firewall.enable = true; +} diff --git a/modules/server/ssh.nix b/modules/server/ssh.nix new file mode 100644 index 0000000..27c5420 --- /dev/null +++ b/modules/server/ssh.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + programs.mosh.enable = true; + services.openssh = { + enable = true; + settings.PermitRootLogin = "prohibit-password"; + }; + + networking.firewall.allowedTCPPorts = [ 22 ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 348" + ]; +}