flake: switch "beta" input to "stable"

This commit is contained in:
Aaron Bieber 2023-05-26 08:06:02 -06:00
parent 944558ce91
commit a26ebc7d1b
No known key found for this signature in database
5 changed files with 36 additions and 65 deletions

View File

@ -14,32 +14,6 @@ let
command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status
'';
gosignify = pkgs.callPackage ./pkgs/gosignify.nix { inherit isUnstable; };
inFluxBootOptions = if isUnstable then {
tmp = { cleanOnBoot = true; };
} else {
cleanTmpDir = true;
};
inFluxSSHOptions = if isUnstable then {
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
};
} else {
permitRootLogin = "prohibit-password";
passwordAuthentication = false;
kexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
};
in {
imports = [
./configs
@ -153,7 +127,8 @@ in {
"net.ipv4.tcp_keepalive_time" = 60;
"net.ipv6.tcp_keepalive_time" = 60;
};
} // inFluxBootOptions;
tmp.cleanOnBoot = true;
};
nix = {
settings = if config.networking.hostName != "pwntie" then {
@ -240,7 +215,18 @@ in {
extraConfig = ''
#TrustedUserCAKeys = /etc/ssh/ca.pub
'';
} // inFluxSSHOptions;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
KexAlgorithms =
[ "curve25519-sha256" "curve25519-sha256@libssh.org" ];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
];
};
};
};
};
}

25
flake.lock generated
View File

@ -1,21 +1,5 @@
{
"nodes": {
"beta": {
"locked": {
"lastModified": 1685004253,
"narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3e01645c40b92d29f3ae76344a6d654986a91a91",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -313,7 +297,6 @@
},
"root": {
"inputs": {
"beta": "beta",
"darwin": "darwin",
"emacs-overlay": "emacs-overlay",
"gostart": "gostart",
@ -363,16 +346,16 @@
},
"stable": {
"locked": {
"lastModified": 1685000228,
"narHash": "sha256-mzOWvIPrz5aBJnMftB1F8Oh5+QuhM8KtNRuXKRib2Hc=",
"lastModified": 1685089234,
"narHash": "sha256-osxsp9HQLDFhpm6CSGWuq2n3P5LQr2lNH/Kb1Ifq8XQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "adaeddeae797a873b23c45d935750daaa8d6dbad",
"rev": "7f17766e1f0412f910b20fa45f57eebfbf7bd63e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11-small",
"ref": "nixos-23.05-small",
"repo": "nixpkgs",
"type": "github"
}

View File

@ -6,9 +6,9 @@
unstableSmall.url = "github:NixOS/nixpkgs/nixos-unstable-small";
oldStable.url = "github:NixOS/nixpkgs/nixos-22.05-small";
stable.url = "github:NixOS/nixpkgs/nixos-22.11-small";
#stable.url = "github:NixOS/nixpkgs/nixos-22.11-small";
beta.url = "github:NixOS/nixpkgs/nixos-23.05";
stable.url = "github:NixOS/nixpkgs/nixos-23.05-small";
sops-nix = {
url = "github:Mic92/sops-nix";
@ -88,9 +88,9 @@
};
};
outputs = { self, beta, unstable, unstableSmall, stable, oldStable, nixos-hardware
, reform, gostart, xintray, tsvnstat, pots, po, pr-status, tsRevProx, darwin
, xin-secrets, talon, peerix, ... }@inputs:
outputs = { self, unstable, unstableSmall, stable, oldStable
, nixos-hardware, reform, gostart, xintray, tsvnstat, pots, po, pr-status
, tsRevProx, darwin, xin-secrets, talon, peerix, ... }@inputs:
let
xinlib = import ./lib { inherit (unstable) lib; };
supportedSystems = [ "x86_64-linux" ];
@ -145,9 +145,7 @@
darwinConfigurations = {
plq = darwin.lib.darwinSystem {
system = "aarch64-darwin";
specialArgs = {
inherit xinlib;
};
specialArgs = { inherit xinlib; };
modules = [
xin-secrets.nixosModules.sops
./overlays
@ -170,14 +168,14 @@
] "europa";
pwntie = buildSys "x86_64-linux" unstable [ ] "pwntie";
stan = buildSys "x86_64-linux" unstable [ ] "stan";
#weather = buildSys "aarch64-linux" stable
# [ nixos-hardware.nixosModules.raspberry-pi-4 ] "weather";
weather = buildSys "aarch64-linux" stable
[ nixos-hardware.nixosModules.raspberry-pi-4 ] "weather";
faf = buildSys "x86_64-linux" beta [ ./configs/hardened.nix ] "faf";
box = buildSys "x86_64-linux" beta [ ./configs/hardened.nix ] "box";
faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf";
box = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "box";
#luna = buildSys "x86_64-linux" stable
# [ "${nixos-hardware}/common/cpu/intel" ] "luna";
h = buildSys "x86_64-linux" beta [
h = buildSys "x86_64-linux" stable [
./configs/hardened.nix
gostart.nixosModule
pots.nixosModule

View File

@ -8,8 +8,9 @@ let
in if prStatus.status == "open" then
overlay
else
lib.warn "PR: ${prstr} (${prStatus.title}) is complete, ignoring overlay..." (_: _: {});
lib.warn
"PR: ${prstr} (${prStatus.title}) is complete, ignoring overlay..."
(_: _: { });
mkCronScript = name: src: ''
. /etc/profile;

View File

@ -2,7 +2,10 @@ let
obsidian = _: super: {
obsidian = super.obsidian.overrideAttrs (_: rec {
version = "1.3.4";
filename = if super.stdenv.isDarwin then "Obsidian-${version}-universal.dmg" else "obsidian-${version}.tar.gz";
filename = if super.stdenv.isDarwin then
"Obsidian-${version}-universal.dmg"
else
"obsidian-${version}.tar.gz";
src = super.fetchurl {
url =
"https://github.com/obsidianmd/obsidian-releases/releases/download/v${version}/${filename}";