From 851df9429d043f0a4e69eac9478e262dbd549cc4 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Wed, 2 Apr 2025 11:12:04 +0200 Subject: [PATCH 1/9] feat: init git maintenance mode --- home-manager-modules/git/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/home-manager-modules/git/default.nix b/home-manager-modules/git/default.nix index ac93457..f9db92c 100644 --- a/home-manager-modules/git/default.nix +++ b/home-manager-modules/git/default.nix @@ -22,6 +22,12 @@ with lib; signByDefault = true; key = "6FC74C847011FD83"; }; + maintenance = { + enable = true; + repositories = [ + "/home/julien/dev/nixpkgs" + ]; + }; delta.enable = true; ignores = [ ".direnv" ]; extraConfig = { From a72af96b83161d33708b660f6eb43745e9ac833e Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Wed, 2 Apr 2025 11:12:16 +0200 Subject: [PATCH 2/9] chore: update unstable --- lon.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lon.lock b/lon.lock index f324783..3c90a0b 100644 --- a/lon.lock +++ b/lon.lock @@ -186,9 +186,9 @@ "owner": "nixos", "repo": "nixpkgs", "branch": "nixos-unstable", - "revision": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", - "url": "https://github.com/nixos/nixpkgs/archive/e3e32b642a31e6714ec1b712de8c91a3352ce7e1.tar.gz", - "hash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=" + "revision": "52faf482a3889b7619003c0daec593a1912fddc1", + "url": "https://github.com/nixos/nixpkgs/archive/52faf482a3889b7619003c0daec593a1912fddc1.tar.gz", + "hash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=" } } } From f8eed474fdcb50da236542dd1501f75a9c2683d5 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Wed, 2 Apr 2025 11:13:46 +0200 Subject: [PATCH 3/9] chore: upgrade gallifrey kernel --- machines/gallifrey/hardware.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/gallifrey/hardware.nix b/machines/gallifrey/hardware.nix index f7a11d7..5a253e5 100644 --- a/machines/gallifrey/hardware.nix +++ b/machines/gallifrey/hardware.nix @@ -22,7 +22,7 @@ boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - boot.kernelPackages = pkgs.linuxPackages_6_11; + boot.kernelPackages = pkgs.linuxPackages_6_13; fileSystems."/data" = { device = "/dev/disk/by-uuid/4680be45-8156-4bf0-8b0b-e7493aaf37c0"; From 248d6f9734e7e3e4fa833f1a9050683051b6ee96 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Wed, 2 Apr 2025 11:15:28 +0200 Subject: [PATCH 4/9] feat: add ltex-lsp to fischer --- machines/fischer/home-julien.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/fischer/home-julien.nix b/machines/fischer/home-julien.nix index f132c8b..f3af91a 100644 --- a/machines/fischer/home-julien.nix +++ b/machines/fischer/home-julien.nix @@ -78,6 +78,7 @@ unstable.nixfmt-rfc-style kanidm yubioath-flutter + ltex-ls ] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts); From c42963b3f88ea6cbc635ab44ae4ba95c51bfc168 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Tue, 15 Apr 2025 12:42:56 +0200 Subject: [PATCH 5/9] chore: update nixpkgs --- lon.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lon.lock b/lon.lock index 3c90a0b..72c8dfc 100644 --- a/lon.lock +++ b/lon.lock @@ -157,9 +157,9 @@ "owner": "nixos", "repo": "nixpkgs", "branch": "nixos-24.11", - "revision": "ebe2788eafd539477f83775ef93c3c7e244421d3", - "url": "https://github.com/nixos/nixpkgs/archive/ebe2788eafd539477f83775ef93c3c7e244421d3.tar.gz", - "hash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=" + "revision": "a880f49904d68b5e53338d1e8c7bf80f59903928", + "url": "https://github.com/nixos/nixpkgs/archive/a880f49904d68b5e53338d1e8c7bf80f59903928.tar.gz", + "hash": "sha256-o4FjFOUmjSRMK7dn0TFdAT0RRWUWD+WsspPHa+qEQT8=" }, "proxmox": { "type": "GitHub", @@ -186,9 +186,9 @@ "owner": "nixos", "repo": "nixpkgs", "branch": "nixos-unstable", - "revision": "52faf482a3889b7619003c0daec593a1912fddc1", - "url": "https://github.com/nixos/nixpkgs/archive/52faf482a3889b7619003c0daec593a1912fddc1.tar.gz", - "hash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=" + "revision": "063dece00c5a77e4a0ea24e5e5a5bd75232806f8", + "url": "https://github.com/nixos/nixpkgs/archive/063dece00c5a77e4a0ea24e5e5a5bd75232806f8.tar.gz", + "hash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=" } } } From 960484ebe5f6072da1c398019cd090711525a51b Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Tue, 15 Apr 2025 13:24:33 +0200 Subject: [PATCH 6/9] feat: migrate forgejo to postgres --- machines/gustave/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/machines/gustave/default.nix b/machines/gustave/default.nix index ab57b08..47715bd 100644 --- a/machines/gustave/default.nix +++ b/machines/gustave/default.nix @@ -23,6 +23,8 @@ users.users.julien.linger = true; + services.backup.includes = [ "/home/julien/Maildir" ]; + services.openssh.extraConfig = '' HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub HostKey /etc/ssh/ssh_host_ed25519_key @@ -113,11 +115,19 @@ services.forgejo = { enable = true; package = pkgs.unstable.forgejo; + database.type = "postgres"; settings = { server = { ROOT_URL = "https://git.luj.fr/"; LANDING_PAGE = "luj"; }; + #openid.ENABLE_OPENID_SIGNIN = true; + openid.ENABLE_OPENID_SIGNUP = true; + oauth2_client.REGISTER_EMAIL_CONFIRM = false; + oauth2_client.ENABLE_AUTO_REGISTRATION = true; + oauth2_client.UPDATE_AVATAR = true; + oauth2_client.ACCOUNT_LINKING = "auto"; + service.ALLOW_ONLY_EXTERNAL_REGISTRATION = true; }; }; From a4319b1bc8258efaece45fa28488e0d46ec37ce1 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Tue, 15 Apr 2025 13:26:14 +0200 Subject: [PATCH 7/9] feat: upgrade kanidm --- machines/core-security/kanidm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/core-security/kanidm.nix b/machines/core-security/kanidm.nix index 9b4521e..299457a 100644 --- a/machines/core-security/kanidm.nix +++ b/machines/core-security/kanidm.nix @@ -5,7 +5,7 @@ in { services.kanidm = { enableServer = true; - package = pkgs.kanidm_1_4; + package = pkgs.kanidm_1_5; serverSettings = rec { domain = "auth.luj.fr"; origin = "https://${domain}"; From 92d12fc31250508a2213ebcb9eb47181b4028fb6 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Tue, 15 Apr 2025 13:27:03 +0200 Subject: [PATCH 8/9] feat: upgrade garage --- machines/biblios/garage.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/biblios/garage.nix b/machines/biblios/garage.nix index 8c59865..8fffad5 100644 --- a/machines/biblios/garage.nix +++ b/machines/biblios/garage.nix @@ -10,7 +10,7 @@ in { services.garage = { enable = true; - package = pkgs.garage_1_0_1; + package = pkgs.garage_1_1_0; settings = { replication_factor = 1; From c138569331c9e96b84f97c7e2cd24e4c125af804 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Tue, 15 Apr 2025 13:31:17 +0200 Subject: [PATCH 9/9] fix: fix kanidm fr --- machines/core-security/kanidm.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/machines/core-security/kanidm.nix b/machines/core-security/kanidm.nix index 299457a..cd5ea57 100644 --- a/machines/core-security/kanidm.nix +++ b/machines/core-security/kanidm.nix @@ -1,11 +1,12 @@ { pkgs, config, ... }: let certificate = config.security.acme.certs."auth.luj.fr"; + kanidm = pkgs.kanidm_1_5; in { services.kanidm = { enableServer = true; - package = pkgs.kanidm_1_5; + package = kanidm; serverSettings = rec { domain = "auth.luj.fr"; origin = "https://${domain}"; @@ -16,7 +17,7 @@ in }; }; - environment.systemPackages = [ pkgs.kanidm_1_4 ]; + environment.systemPackages = [ kanidm ]; users.users.kanidm.extraGroups = [ certificate.group ];