From b62e7be5219d53359f4c7b5ca4dd651ebd8fdc1f Mon Sep 17 00:00:00 2001 From: Valentin Date: Sun, 7 Jun 2026 01:04:16 +0200 Subject: Nixpkgs update --- flake.lock | 20 ++++++++++---------- flake.nix | 2 +- tharos/cgit.nix | 1 + tharos/grafana.nix | 5 +++++ tharos/nextcloud.nix | 8 +++++++- 5 files changed, 24 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 3ee4e26..6e47eb8 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1758287904, - "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "lastModified": 1780290312, + "narHash": "sha256-eTAlX0CwgB84Ts3GaBd944A3DRXVMzgA0EqroZBISUo=", "owner": "nix-community", "repo": "disko", - "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "rev": "115e5211780054d8a890b41f0b7734cafad54dfe", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "type": "github" }, "original": { @@ -42,16 +42,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759580034, - "narHash": "sha256-YWo57PL7mGZU7D4WeKFMiW4ex/O6ZolUS6UNBHTZfkI=", + "lastModified": 1780751787, + "narHash": "sha256-nWR7F46SyrLvN8Ot39XJDpVCswekGakXlOD4KsTYKW0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3bcc93c5f7a4b30335d31f21e2f1281cba68c318", + "rev": "00fa9a692bafc08a86061886f888b843bf7fbdb0", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index e4512a1..e82b96e 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; flake-parts = { url = "github:hercules-ci/flake-parts"; diff --git a/tharos/cgit.nix b/tharos/cgit.nix index e23c10c..241bb63 100644 --- a/tharos/cgit.nix +++ b/tharos/cgit.nix @@ -45,6 +45,7 @@ services.cgit.infra = rec { enable = true; nginx.virtualHost = "git.${self.domain}"; + gitHttpBackend.checkExportOkFiles = false; repos.infra = { desc = "Quellcode für die technische Infrastruktur des Stadtteilbeirats Heimfeld"; inherit path; diff --git a/tharos/grafana.nix b/tharos/grafana.nix index be723c6..0c6fd4f 100644 --- a/tharos/grafana.nix +++ b/tharos/grafana.nix @@ -30,6 +30,11 @@ }; security = { disable_initial_admin_creation = true; + # Bisheriger Upstream-Default aus Nixpkgs < 26.05. + # Wird von Grafana zur Verschlüsselung sensibler DB-Spalten (Datenquellen-Credentials, Alert-Channel-Secrets, OAuth-Tokens) genutzt. + # Aktuell enthält unsere Grafana-DB nichts dergleichen: einzige Datenquelle ist Prometheus auf localhost ohne Auth, kein Admin-Login, keine Notification-Channels. + # Sobald sich das ändert, durch einen eigenen Schlüssel via `secret_key_file` ersetzen. + secret_key = "SW2YcwTIb9zpOOhoPsMm"; }; "auth.anonymous" = { enabled = true; diff --git a/tharos/nextcloud.nix b/tharos/nextcloud.nix index eedb507..303688d 100644 --- a/tharos/nextcloud.nix +++ b/tharos/nextcloud.nix @@ -2,7 +2,12 @@ { flake.machines.tharos = { nixos = - { config, lib, ... }: + { + config, + pkgs, + lib, + ... + }: let apps = config.services.nextcloud.package.packages.apps; nextcloud = config.services.nextcloud.hostName; @@ -11,6 +16,7 @@ { services.nextcloud = { enable = true; + package = pkgs.nextcloud32; hostName = "nextcloud.${self.domain}"; database.createLocally = true; config.dbtype = "pgsql"; -- cgit v1.3.1