From 17ff809406d148e6efb3234968c7cb9844030114 Mon Sep 17 00:00:00 2001 From: nyanloutre Date: Fri, 20 Dec 2024 16:54:36 +0100 Subject: [PATCH] LoutreOS: update to 24.11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d' (2024-12-14) → 'github:NixOS/nixpkgs/b47fd6fa00c6afca88b8ee46cfdb00e104f50bca' (2024-12-19) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/3566ab7246670a43abd2ffa913cc62dad9cdf7d5' (2024-12-13) → 'github:NixOS/nixpkgs/d3c42f187194c26d9f0309a8ecc469d6c878ce33' (2024-12-17) • Updated input 'simple-nixos-mailserver': 'gitlab:simple-nixos-mailserver/nixos-mailserver/29916981e7b3b5782dc5085ad18490113f8ff63b' (2024-06-11) → 'gitlab:simple-nixos-mailserver/nixos-mailserver/35fa7dc495aa89bd224f08c43dfd9119b81f0fa7' (2024-12-16) • Removed input 'simple-nixos-mailserver/nixpkgs-24_05' • Added input 'simple-nixos-mailserver/nixpkgs-24_11': follows 'nixpkgs' • Removed input 'simple-nixos-mailserver/utils' • Removed input 'simple-nixos-mailserver/utils/systems' --- flake.lock | 60 ++++------------ flake.nix | 6 +- systems/LoutreOS/configuration.nix | 1 - systems/LoutreOS/network.nix | 108 +++++++++++------------------ systems/LoutreOS/web.nix | 2 +- 5 files changed, 57 insertions(+), 120 deletions(-) diff --git a/flake.lock b/flake.lock index 6c5c24d..13bf6d5 100644 --- a/flake.lock +++ b/flake.lock @@ -76,16 +76,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734202038, - "narHash": "sha256-LwcGIkORU8zfQ/8jAgptgPY8Zf9lGKB0vtNdQyEkaN8=", + "lastModified": 1734600368, + "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d", + "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "type": "indirect" } }, @@ -107,11 +107,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1734119587, - "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "type": "github" }, "original": { @@ -137,58 +137,24 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "nixpkgs-24_05": [ + "nixpkgs-24_11": [ "nixpkgs" - ], - "utils": "utils" + ] }, "locked": { - "lastModified": 1718084203, - "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", + "lastModified": 1734371264, + "narHash": "sha256-YzE0lCGNKDXeinkZ6knSM8jo1VS9CeNwBJvYMEYQaQM=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", + "rev": "35fa7dc495aa89bd224f08c43dfd9119b81f0fa7", "type": "gitlab" }, "original": { "owner": "simple-nixos-mailserver", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixos-mailserver", "type": "gitlab" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index bbed851..bb5415c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,14 +1,14 @@ { inputs = { - nixpkgs.url = "flake:nixpkgs/nixos-24.05"; + nixpkgs.url = "flake:nixpkgs/nixos-24.11"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; # transmission 4.0.5 downgrade to fix tracker bug nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4"; simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11"; inputs = { nixpkgs.follows = "nixpkgs-unstable"; - nixpkgs-24_05.follows = "nixpkgs"; + nixpkgs-24_11.follows = "nixpkgs"; }; }; dogetipbot-telegram = { diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 7d4501e..001dfb7 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -2,7 +2,6 @@ { imports = [ - "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix" ../common-cli.nix ./hardware-configuration.nix ./network.nix diff --git a/systems/LoutreOS/network.nix b/systems/LoutreOS/network.nix index 7c8b54b..1e48cc2 100644 --- a/systems/LoutreOS/network.nix +++ b/systems/LoutreOS/network.nix @@ -134,7 +134,7 @@ ############################################# # Redirect local network request from server external IP to internal IP - iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true + iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 2>/dev/null || true iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 ''; @@ -190,22 +190,16 @@ MTUBytes = "1450"; }; wireguardConfig = { - PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0"; - # Wait for 24.11 - # PrivateKey = "@network.wireguard.private.wg0"; + PrivateKey = "@network.wireguard.private.wg0"; RouteTable = routeTables.vpn; }; wireguardPeers = [ { - wireguardPeerConfig = { - Endpoint = "89.234.141.83:8095"; - PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; - PresharedKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.preshared.wg0"; - # Wait for 24.11 - # PresharedKey = "@network.wireguard.preshared.wg0"; - AllowedIPs = ["0.0.0.0/0" "::/0"]; - PersistentKeepalive = 15; - }; + Endpoint = "89.234.141.83:8095"; + PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + PresharedKey = "@network.wireguard.preshared.wg0"; + AllowedIPs = ["0.0.0.0/0" "::/0"]; + PersistentKeepalive = 15; } ]; }; @@ -243,19 +237,15 @@ # Route everything to fiber link with a priority of 40000 routingPolicyRules = [ { - routingPolicyRuleConfig = { - FirewallMark = 1; - Table = routeTables.fiber; - Priority = 41000; - Family = "both"; - }; + FirewallMark = 1; + Table = routeTables.fiber; + Priority = 41000; + Family = "both"; } { - routingPolicyRuleConfig = { - Table = routeTables.fiber; - Priority = 51000; - Family = "both"; - }; + Table = routeTables.fiber; + Priority = 51000; + Family = "both"; } ]; }; @@ -274,19 +264,15 @@ # Route all to lte link with a priority of 50000 routingPolicyRules = [ { - routingPolicyRuleConfig = { - FirewallMark = 2; - Table = routeTables.lte; - Priority = 42000; - Family = "both"; - }; + FirewallMark = 2; + Table = routeTables.lte; + Priority = 42000; + Family = "both"; } { - routingPolicyRuleConfig = { - Table = routeTables.lte; - Priority = 52000; - Family = "both"; - }; + Table = routeTables.lte; + Priority = 52000; + Family = "both"; } ]; }; @@ -305,23 +291,19 @@ routingPolicyRules = [ # Route outgoing emails to VPN table { - routingPolicyRuleConfig = { - IncomingInterface = "lo"; - DestinationPort = "25"; - Table = routeTables.vpn; - Priority = 60; - Family = "both"; - }; + IncomingInterface = "lo"; + DestinationPort = "25"; + Table = routeTables.vpn; + Priority = 60; + Family = "both"; } # Route packets originating from wg0 device to VPN table # Allow server to respond on the wg0 interface requests { - routingPolicyRuleConfig = { - FirewallMark = 3; - Table = routeTables.vpn; - Priority = 43000; - Family = "both"; - }; + FirewallMark = 3; + Table = routeTables.vpn; + Priority = 43000; + Family = "both"; } ]; }; @@ -349,38 +331,28 @@ dhcpServerStaticLeases = [ # IPMI { - dhcpServerStaticLeaseConfig = { - Address = "10.30.1.1"; - MACAddress = "ac:1f:6b:4b:01:15"; - }; + Address = "10.30.1.1"; + MACAddress = "ac:1f:6b:4b:01:15"; } # paul-fixe { - dhcpServerStaticLeaseConfig = { - Address = "10.30.50.1"; - MACAddress = "b4:2e:99:ed:24:26"; - }; + Address = "10.30.50.1"; + MACAddress = "b4:2e:99:ed:24:26"; } # salonled { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.1"; - MACAddress = "e0:98:06:85:e9:ce"; - }; + Address = "10.30.40.1"; + MACAddress = "e0:98:06:85:e9:ce"; } # miroir-bleu { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.2"; - MACAddress = "e0:98:06:86:38:fc"; - }; + Address = "10.30.40.2"; + MACAddress = "e0:98:06:86:38:fc"; } # miroir-orange { - dhcpServerStaticLeaseConfig = { - Address = "10.30.40.3"; - MACAddress = "50:02:91:78:be:be"; - }; + Address = "10.30.40.3"; + MACAddress = "50:02:91:78:be:be"; } ]; ipv6SendRAConfig = { diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix index a373e0a..87a5803 100644 --- a/systems/LoutreOS/web.nix +++ b/systems/LoutreOS/web.nix @@ -392,7 +392,7 @@ in nextcloud = { enable = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; hostName = "cloud.nyanlout.re"; database.createLocally = true; https = true;