Bump to 22.05

flake.lock

@@ -7,27 +7,27 @@
         ]
       },
       "locked": {
-        "lastModified": 1651519540,
+        "lastModified": 1656169755,
-        "narHash": "sha256-3k6p8VsTwwRPQjE8rrMh+o2AZACZn/eeYJ7ivdQ/Iro=",
+        "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
         "owner": "rycee",
         "repo": "home-manager",
-        "rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0",
+        "rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
         "type": "github"
       },
       "original": {
         "owner": "rycee",
-        "ref": "release-21.11",
+        "ref": "release-22.05",
         "repo": "home-manager",
         "type": "github"
       }
     },
     "nixos-unstable": {
       "locked": {
-        "lastModified": 1657132020,
+        "lastModified": 1658080881,
-        "narHash": "sha256-MkDlX9c9FxgHsCAbtJtk92BKk2GjosrNPEePmbh1A4I=",
+        "narHash": "sha256-/7XjFg4o/ftRrL8WyVR+s40WLvbreqTuf2TP0qGOkrk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2039758aae57dbd5f2f4a6e79daa85a69441b544",
+        "rev": "fdefff339156333838395975d55d5b55ae391b41",
         "type": "github"
       },
       "original": {
@@ -39,16 +39,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1656782578,
+        "lastModified": 1657815135,
-        "narHash": "sha256-1eMCBEqJplPotTo/SZ/t5HU6Sf2I8qKlZi9MX7jv9fw=",
+        "narHash": "sha256-+5Jby1ayRjtSgsM5IpRNeUgdcIutCKQWR6sypRtd1RE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "573603b7fdb9feb0eb8efc16ee18a015c667ab1b",
+        "rev": "c06d5fa9c605d143b15cafdbbb61c7c95388d76e",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-21.11",
+        "ref": "nixos-22.05",
         "repo": "nixpkgs",
         "type": "github"
       }

flake.nix

@@ -1,9 +1,9 @@
 {
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
     nixos-unstable.url = "github:NixOS/nixpkgs/master";
     home-manager = {
-      url = "github:rycee/home-manager/release-21.11";
+      url = "github:rycee/home-manager/release-22.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };

hosts/architect/default.nix

@@ -149,7 +149,7 @@ in {
     openssh = {
       enable = true;
       passwordAuthentication = false;
-      challengeResponseAuthentication = false;
+      kbdInteractiveAuthentication = false;
       extraConfig = ''
         MaxAuthTries 15
       '';

hosts/architect/hardware.nix.bk

@@ -0,0 +1,50 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "zpool/nixos/root";
+    fsType = "zfs";
+  };
+
+  fileSystems."/home" = {
+    device = "zpool/data/home";
+    fsType = "zfs";
+  };
+
+  fileSystems."/media" = {
+    device = "datapool/media";
+    fsType = "zfs";
+  };
+
+  fileSystems."/secrets" = {
+    device = "backedpool/secrets";
+    fsType = "zfs";
+  };
+
+  fileSystems."/var/lib" = {
+    device = "backedpool/services";
+    fsType = "zfs";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/AF19-5616";
+    fsType = "vfat";
+  };
+
+#  swapDevices = [{
+#    device = "/dev/sdc1";
+#    size = 10000;
+#  }];
+
+}

hosts/architect/matrix.nix

@@ -8,6 +8,7 @@ in {
   services = {
     matrix-synapse = {
       enable = true;
+      settings = {
         server_name = "${domain}";
         database_name = "synapse";
         public_baseurl = "https://${domain}";
@@ -21,14 +22,36 @@ in {
           #        "/var/lib/matrix-synapse/hookshot-registration.yml"
           #        "/var/lib/matrix-synapse/telegram-registration.yaml"
         ];
-      extraConfig = ''
+       # log_config = ''
-        auto_join_rooms:
+       #   version: 1
-          - "#general:matrix.giugl.io"
+
-        max_upload_size: "50M"
+       #   # In systemd's journal, loglevel is implicitly stored, so let's omit it
-      '';
+       #   # from the message text.
+       #   formatters:
+       #       journal_fmt:
+       #           format: '%(name)s: [%(request)s] %(message)s'
+
+       #   filters:
+       #       context:
+       #           (): synapse.util.logcontext.LoggingContextFilter
+       #           request: ""
+
+       #   handlers:
+       #       journal:
+       #           class: systemd.journal.JournalHandler
+       #           formatter: journal_fmt
+       #           filters: [context]
+       #           SYSLOG_IDENTIFIER: synapse
+
+       #   root:
+       #       level: WARN
+       #       handlers: [journal]
+
+       #   disable_existing_loggers: False
+       # '';
         listeners = [{
           port = 8008;
-        bind_address = "::1";
+          bind_addresses = ["127.0.0.1"];
           type = "http";
           tls = false;
           x_forwarded = true;
@@ -37,39 +60,19 @@ in {
             compress = false;
           }];
         }];
-      turn_uris = [
+      };
-        "turns:turn.giugl.io:5349?transport=udp"
-        "turns:turn.giugl.io:5349?transport=tcp"
-      ];
-      turn_shared_secret = "69duck duck fuck420";
-      turn_user_lifetime = "1h";
-      logConfig = ''
-        version: 1
       
-        # In systemd's journal, loglevel is implicitly stored, so let's omit it
+      #extraConfig = ''
-        # from the message text.
+      #  auto_join_rooms:
-        formatters:
+      #    - "#general:matrix.giugl.io"
-            journal_fmt:
+      #  max_upload_size: "50M"
-                format: '%(name)s: [%(request)s] %(message)s'
+      #'';
-
+      # turn_uris = [
-        filters:
+      #   "turns:turn.giugl.io:5349?transport=udp"
-            context:
+      #   "turns:turn.giugl.io:5349?transport=tcp"
-                (): synapse.util.logcontext.LoggingContextFilter
+      # ];
-                request: ""
+      # turn_shared_secret = "69duck duck fuck420";
-
+      # turn_user_lifetime = "1h";
-        handlers:
-            journal:
-                class: systemd.journal.JournalHandler
-                formatter: journal_fmt
-                filters: [context]
-                SYSLOG_IDENTIFIER: synapse
-
-        root:
-            level: WARN
-            handlers: [journal]
-
-        disable_existing_loggers: False
-      '';
     };
 
     postgresql = {

hosts/architect/nextcloud.nix

@@ -8,7 +8,7 @@ in {
     mysql.enable = true;
     mysql.package = pkgs.unstable.mysql80;
 
-    redis.enable = true;
+    redis.servers."default".enable = true;
 
     nextcloud = {
       enable = true;

roles/acme.nix

@@ -1,4 +1,8 @@
-{ ... }: {
+{ 
-  security.acme.acceptTerms = true;
+  security.acme = {
-  security.acme.email = "sysadmin@giugl.io";
+    acceptTerms = true;
+    defaults = {
+      email = "sysadmin@giugl.io";
+    };
+  };
 }