all: clean up warnings about config changes.

2023-05-29 08:07:08 -06:00 · 2023-05-29 08:07:08 -06:00 · 320fb1e933
commit 320fb1e933
parent 4bb37b54bc
5 changed files with 42 additions and 11 deletions
--- a/hosts/box/default.nix
+++ b/hosts/box/default.nix
@ -101,7 +101,7 @@ in {
        "wg0" = {
          allowedTCPPorts = [
            config.services.gitea.settings.server.SSH_PORT
-            config.services.gitea.httpPort
+            config.services.gitea.settings.server.HTTP_PORT
            config.services.vaultwarden.config.rocketPort
          ];
        };
@ -229,7 +229,9 @@ in {
        '';
      in [ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ];
    };
-    openssh.forwardX11 = true;
+    openssh = {
+      settings.X11Forwarding = true;
+    };

    tor.enable = true;

@ -486,8 +488,6 @@ in {

    gitea = {
      enable = true;
-      domain = "git.tapenet.org";
-      rootUrl = "https://git.tapenet.org";
      stateDir = "/media/git";
      appName = "Tape:neT";

@ -497,6 +497,8 @@ in {

      settings = {
        server = {
+          DOMAIN = "git.tapenet.org";
+          ROOT_URL = "https://git.tapenet.org";
          START_SSH_SERVER = true;
          SSH_SERVER_HOST_KEYS = "ssh/gitea-ed25519";
          SSH_PORT = 2222;
--- a/hosts/faf/default.nix
+++ b/hosts/faf/default.nix
@ -48,9 +48,9 @@ in {
    };
    adguardhome = {
      enable = false;
-      port = 3000;
      openFirewall = true;
      settings = {
+        bind_port = 3000;
        user_rules = [
          "# Stuff from kyle"
          "# some google stuff that wasn't being blocked"
--- a/installer.nix
+++ b/installer.nix
@ -97,7 +97,7 @@ in {
               .::::      ::::      '::::.

    '';
-    boot.cleanTmpDir = true;
+    boot.tmp.cleanOnBoot = true;

    environment.systemPackages = with pkgs; [ apg inetutils nixfmt ];

@ -129,9 +129,17 @@ in {
      pcscd.enable = true;
      openssh = {
        enable = true;
-        # This is set in modules/profiles/installation-device.nix, but it is set to 'yes' :(
-        permitRootLogin = lib.mkForce "prohibit-password";
-        passwordAuthentication = false;
+        settings = {
+          PermitRootLogin = lib.mkForce "prohibit-password";
+          PasswordAuthentication = false;
+          KexAlgorithms =
+            [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
+          Macs = [
+            "hmac-sha2-512-etm@openssh.com"
+            "hmac-sha2-256-etm@openssh.com"
+            "umac-128-etm@openssh.com"
+          ];
+        };
      };
    };
    system.stateVersion = "21.11";
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -6,7 +6,7 @@ let
  #tailscale = import ./tailscale.nix;
  #jetbrains = prIsOpen 232308 (import ./jetbrains.nix);
  #tidal-hifi = prIsOpen 228552 (import ./tidal-hifi.nix { inherit lib; });
-  matrix-synapse = prIsOpen 233651 (import ./matrix-synapse.nix);
+  #matrix-synapse = prIsOpen 233652 (import ./matrix-synapse.nix);
 in {
  nixpkgs.overlays = if isUnstable then [
    (_: super: {
@ -19,7 +19,7 @@ in {
    obsidian
    #(prIsOpen 234161 tailscale)
  ] else [
-    matrix-synapse
+    #matrix-synapse
    #(prIsOpen 234229 tailscale)
  ];
 }
--- a/pull_requests/233652.json
+++ b/pull_requests/233652.json
@ -0,0 +1,21 @@
+{
+  "branches": [
+    "nixos-23.05",
+    "nixos-23.05-small",
+    "nixpkgs-23.05-darwin",
+    "release-23.05",
+    "staging-23.05",
+    "staging-next-23.05"
+  ],
+  "pull_request": 233652,
+  "release": "stable",
+  "status": "complete",
+  "status_info": {
+    "nixos-23.05": true,
+    "nixos-23.05-small": true,
+    "release-23.05": true,
+    "staging-23.05": true,
+    "staging-next-23.05": true
+  },
+  "title": "matrix-synapse: 1.83.0 -> 1.84.0"
+}