🚨 statix updates

flake.lock

@@ -216,11 +216,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1694134858,
+        "lastModified": 1694338541,
-        "narHash": "sha256-fG/ESauOGmiojKlpJG8gB62dJa5Wd+ZIuiDMKK/HD3g=",
+        "narHash": "sha256-+ZtaNbOwlO1QgYOEvWdhi5wkWjW5Csrboz4xy0WucDg=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "19c6a4081b14443420358262f8416149bd79561a",
+        "rev": "f9041d12a90e8bc0c90e03be2ebe26a6c6e6fd70",
         "type": "github"
       },
       "original": {
@@ -331,11 +331,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1694062546,
+        "lastModified": 1694343207,
-        "narHash": "sha256-PiGI4f2BGnZcedP6slLjCLGLRLXPa9+ogGGgVPfGxys=",
+        "narHash": "sha256-jWi7OwFxU5Owi4k2JmiL1sa/OuBCQtpaAesuj5LXC8w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b200e0df08f80c32974a6108ce431d8a8a5e6547",
+        "rev": "78058d810644f5ed276804ce7ea9e82d92bee293",
         "type": "github"
       },
       "original": {
@@ -356,11 +356,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1692274144,
+        "lastModified": 1694364351,
-        "narHash": "sha256-BxTQuRUANQ81u8DJznQyPmRsg63t4Yc+0kcyq6OLz8s=",
+        "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa",
+        "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
         "type": "github"
       },
       "original": {

flake.nix

@@ -40,10 +40,12 @@
     # My stuff
     dotfiles = {
       url = "github:walkah/dotfiles";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs = {
-      inputs.home-manager.follows = "home-manager";
+        nixpkgs.follows = "nixpkgs";
-      inputs.flake-utils.follows = "flake-utils";
+        home-manager.follows = "home-manager";
-      inputs.pre-commit-hooks.follows = "pre-commit-hooks";
+        flake-utils.follows = "flake-utils";
+        pre-commit-hooks.follows = "pre-commit-hooks";
+      };
     };
 
     workon = {

hosts/aristotle/configuration.nix

@@ -11,26 +11,31 @@
     ../../modules/sops
   ];
 
+  boot = {
     # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
-  boot.loader.grub.enable = false;
+    loader.grub.enable = false;
     # Enables the generation of /boot/extlinux/extlinux.conf
-  boot.loader.generic-extlinux-compatible.enable = true;
+    loader.generic-extlinux-compatible.enable = true;
-  boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
+    kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
-
+  };
-  hardware.enableRedistributableFirmware = true;
-  hardware.raspberry-pi."4".poe-hat.enable = true;
 
+  hardware = {
+    enableRedistributableFirmware = true;
+    raspberry-pi."4".poe-hat.enable = true;
+  };
 
+  networking = {
     # networking.hostName = "nixos"; # Define your hostname.
     # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
     # The global useDHCP flag is deprecated, therefore explicitly set to false here.
     # Per-interface useDHCP will be mandatory in the future, so this generated config
     # replicates the default behaviour.
-  networking.useDHCP = false;
+    useDHCP = false;
-  networking.interfaces.eth0.useDHCP = true;
+    interfaces.eth0.useDHCP = true;
-  networking.interfaces.wlan0.useDHCP = true;
+    interfaces.wlan0.useDHCP = true;
-  networking.firewall.enable = false;
+    firewall.enable = false;
+  };
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;

hosts/aristotle/hardware-configuration.nix

@@ -5,11 +5,14 @@
 
 {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
+  boot = {
-  boot.initrd.availableKernelModules = [ "usbhid" ];
+    initrd = {
-  boot.initrd.kernelModules = [ ];
+      availableKernelModules = [ "usbhid" ];
-  boot.kernelModules = [ ];
+      kernelModules = [ ];
-  boot.extraModulePackages = [ ];
+    };
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };
 
   fileSystems."/" = {
     device = "/dev/disk/by-label/NIXOS_SD";

hosts/heraclitus/darwin-configuration.nix

@@ -18,7 +18,6 @@
   services.nix-daemon.enable = true;
 
   services.lorri.enable = true;
-  services.ipfs.enable = true;
 
   system = {
     defaults = {

hosts/plato/configuration.nix

@@ -15,13 +15,18 @@
     ../../modules/sops
     ../../modules/traefik
   ];
-
+  boot = {
+    loader = {
+      binfmt.emulatedSystems = [ "aarch64-linux" ];
+      efi.canTouchEfiVariables = true;
+      systemd-boot = {
         # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
+        enable = true;
-  boot.loader.systemd-boot.configurationLimit = 3;
+        configurationLimit = 3;
-  boot.loader.efi.canTouchEfiVariables = true;
+      };
-  boot.tmp.cleanOnBoot = true;
+      tmp.cleanOnBoot = true;
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+    };
+  };
 
   nix.extraOptions = ''
     experimental-features = nix-command flakes
@@ -29,11 +34,21 @@
 
   # Set your time zone.
   time.timeZone = "America/Toronto";
+  networking = {
 
-  networking.hostName = "plato"; # Define your hostname.
+    hostName = "plato"; # Define your hostname.
-  networking.useDHCP = false;
+    useDHCP = false;
-  networking.interfaces.enp10s0.useDHCP = true;
+    interfaces = {
-  networking.interfaces.enp9s0.useDHCP = true;
+      enp10s0.useDHCP = true;
+      enp9s0.useDHCP = true;
+    };
+
+    # Open ports in the firewall.
+    # networking.firewall.allowedTCPPorts = [ ... ];
+    # networking.firewall.allowedUDPPorts = [ ... ];
+    # Or disable the firewall altogether.
+    firewall.enable = false;
+  };
 
   security.sudo.wheelNeedsPassword = false;
 
@@ -44,19 +59,20 @@
 
   system.autoUpgrade.enable = false;
   environment.systemPackages = with pkgs; [ pinentry weechat ];
-
+  fileSystems = {
-  fileSystems."/mnt/downloads" = {
+    "/mnt/downloads" = {
       device = "192.168.6.100:/volume1/Downloads";
       fsType = "nfs";
     };
-  fileSystems."/mnt/music" = {
+    "/mnt/music" = {
       device = "192.168.6.100:/volume1/Music";
       fsType = "nfs";
     };
-  fileSystems."/mnt/video" = {
+    "/mnt/video" = {
       device = "192.168.6.100:/volume1/Video";
       fsType = "nfs";
     };
+  };
 
   power.ups = {
     enable = true;
@@ -74,31 +90,8 @@
     pinentryFlavor = "curses";
   };
 
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  services.tailscale = {
-    enable = true;
-    useRoutingFeatures = "server";
-  };
-
-  virtualisation.docker = {
-    enable = true;
-    # Clean docker images periodically
-    autoPrune = {
-      enable = true;
-      flags = [ "--all" ];
-    };
-  };
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = false;
-
-  walkah.coredns = { enable = true; };
   services = {
+    openssh.enable = true;
     borgbackup.jobs."borgbase" = {
       paths = [
         "/var/lib"
@@ -167,5 +160,20 @@
         }
       ];
     };
+    tailscale = {
+      enable = true;
+      useRoutingFeatures = "server";
+    };
+  };
+
+  walkah.coredns = { enable = true; };
+
+  virtualisation.docker = {
+    enable = true;
+    # Clean docker images periodically
+    autoPrune = {
+      enable = true;
+      flags = [ "--all" ];
+    };
   };
 }

hosts/plato/hardware-configuration.nix

@@ -5,8 +5,8 @@
 
 {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
+  boot = {
-  boot.initrd.availableKernelModules = [
+    initrd.availableKernelModules = [
       "uhci_hcd"
       "ehci_pci"
       "ahci"
@@ -17,9 +17,10 @@
       "sd_mod"
       "sr_mod"
     ];
-  boot.initrd.kernelModules = [ ];
+    initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" "wl" ];
+    kernelModules = [ "kvm-intel" "wl" ];
-  boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+    extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
+  };
 
   fileSystems."/" = {
     device = "/dev/disk/by-uuid/ea3c68ac-e822-4b71-a8f5-65d9e452a3c2";

hosts/socrates/configuration.nix

@@ -23,17 +23,27 @@
   # Set your time zone.
   time.timeZone = "America/Toronto";
 
-  networking.hostName = "socrates";
+  networking = {
-  networking.firewall.allowPing = true;
+    hostName = "socrates";
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+    firewall = {
-  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+      allowPing = true;
-  networking.firewall.checkReversePath = "loose";
+      allowedTCPPorts = [ 80 443 ];
+      trustedInterfaces = [ "tailscale0" ];
+      checkReversePath = "loose";
+    };
+  };
 
   nix = {
     settings.trusted-users = [ "@wheel" "root" ];
   };
 
-  security.sudo.wheelNeedsPassword = false;
+  security = {
+    sudo.wheelNeedsPassword = false;
+    security = {
+      acme.acceptTerms = true;
+      acme.defaults.email = "walkah@walkah.net";
+    };
+  };
 
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
@@ -42,9 +52,6 @@
   system.autoUpgrade.enable = false;
   environment.systemPackages = with pkgs; [ ipfs-migrator ];
 
-  security.acme.acceptTerms = true;
-  security.acme.defaults.email = "walkah@walkah.net";
-
   walkah.coredns = {
     enable = true;
     addr = "100.103.57.96";

modules/akkoma/default.nix

@@ -77,24 +77,23 @@ in
       databases = [ "akkoma" ];
     };
   };
-
+  sops = {
-  sops.secrets.akkoma-secret-key-base = {
+    secrets = {
+      akkoma-secret-key-base = {
         owner = akkoma.user;
       };
-
+      akkoma-signing-salt = {
-  sops.secrets.akkoma-signing-salt = {
         owner = akkoma.user;
       };
-
+      akkoma-vapid-private-key = {
-  sops.secrets.akkoma-vapid-private-key = {
         owner = akkoma.user;
       };
-
+      akkoma-vapid-public-key = {
-  sops.secrets.akkoma-vapid-public-key = {
         owner = akkoma.user;
       };
-
+      akkoma-joken-signer = {
-  sops.secrets.akkoma-joken-signer = {
         owner = akkoma.user;
       };
+    };
+  };
 }

modules/base/darwin.nix

@@ -42,10 +42,11 @@
     };
   };
 
-  home-manager.useGlobalPkgs = true;
+  home-manager = {
-  home-manager.useUserPackages = true;
+    useGlobalPkgs = true;
-  home-manager.users.walkah = import "${dotfiles}/home.nix";
+    useUserPackages = true;
-
+    users.walkah = import "${dotfiles}/home.nix";
+  };
 
   nixpkgs.config.packageOverrides = pkgs: {
     haskellPackages = pkgs.haskellPackages.override {

modules/builder/default.nix

@@ -1,6 +1,7 @@
 _: {
-  nix.distributedBuilds = true;
+  nix = {
-  nix.buildMachines = [
+    distributedBuilds = true;
+    buildMachines = [
       {
         hostName = "plato";
         systems = [ "x86_64-linux" "aarch64-linux" ];
@@ -9,5 +10,6 @@ _: {
       }
     ];
 
-  nix.linux-builder.enable = true;
+    linux-builder.enable = true;
+  };
 }

modules/matrix/nginx.nix

@@ -19,7 +19,8 @@
       "walkah.chat" = {
         forceSSL = true;
         enableACME = true;
-        locations."= /.well-known/matrix/server".extraConfig =
+        locations = {
+          "= /.well-known/matrix/server".extraConfig =
             let server = { "m.server" = "matrix.walkah.chat:443"; };
             in
             ''
@@ -27,7 +28,7 @@
               add_header Access-Control-Allow-Origin *;
               return 200 '${builtins.toJSON server}';
             '';
-        locations."= /.well-known/matrix/client".extraConfig =
+          "= /.well-known/matrix/client".extraConfig =
             let
               client = {
                 "m.homeserver" = { "base_url" = "https://matrix.walkah.chat"; };
@@ -39,7 +40,8 @@
               add_header Access-Control-Allow-Origin *;
               return 200 '${builtins.toJSON client}';
             '';
-        locations."/" = { root = pkgs.element-web; };
+          "/" = { root = pkgs.element-web; };
+        };
       };
     };
   };

nix/deploy.nix

@@ -7,9 +7,11 @@ let
     in
     {
       hostname = address;
-      profiles.system.user = "root";
+      profiles.system = {
-      profiles.system.sshUser = sshUser;
+        user = "root";
-      profiles.system.path = activate.${type} self."${type}Configurations".${hostName};
+        inherit sshUser;
+        path = activate.${type} self."${type}Configurations".${hostName};
+      };
     };
 in
 {

services/ipfs-cluster.nix

@@ -1,5 +1,5 @@
 ## From https://github.com/NixOS/nixpkgs/pull/100871
-{ config, lib, pkgs, options, ... }:
+{ config, lib, pkgs, ... }:
 with lib;
 let
   cfg = config.services.ipfs-cluster;
@@ -11,13 +11,9 @@ let
   ];
 in
 {
-
   ###### interface
-
   options = {
-
     services.ipfs-cluster = {
-
       enable = mkEnableOption
         "Pinset orchestration for IPFS - requires ipfs daemon to be useful";
 
@@ -77,12 +73,11 @@ in
 
   config = mkIf cfg.enable {
     environment.systemPackages = [ pkgs.ipfs-cluster ];
-
+    systemd = {
-
+      tmpfiles.rules =
-    systemd.tmpfiles.rules =
         [ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ];
 
-    systemd.services.ipfs-cluster-init = {
+      services.ipfs-cluster-init = {
         path = [ "/run/wrappers" pkgs.ipfs-cluster ];
         environment.IPFS_CLUSTER_PATH = cfg.dataDir;
         wantedBy = [ "default.target" ];
@@ -103,7 +98,7 @@ in
         unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}";
       };
 
-    systemd.services.ipfs-cluster = {
+      services.ipfs-cluster = {
         environment.IPFS_CLUSTER_PATH = cfg.dataDir;
         wantedBy = [ "multi-user.target" ];
 
@@ -119,6 +114,7 @@ in
           EnvironmentFile = cfg.secretFile;
         };
       };
+    };
     networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [ 9094 9096 ];
   };
 }

users/walkah.nix

@@ -10,8 +10,9 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
     ];
   };
-
+  home-manager = {
-  home-manager.useGlobalPkgs = true;
+    useGlobalPkgs = true;
-  home-manager.useUserPackages = true;
+    useUserPackages = true;
-  home-manager.users.walkah = import "${dotfiles}/home.nix";
+    users.walkah = import "${dotfiles}/home.nix";
+  };
 }