commit 5c69eb3ac9ef476c3ce3ffcd7fbf66ff036821d2
parent bba2f99438539bbdf909c8c6130bc341a07b7804
Author: Leah (ctucx) <git@ctu.cx>
Date: Tue, 30 May 2023 12:03:18 +0200
parent bba2f99438539bbdf909c8c6130bc341a07b7804
Author: Leah (ctucx) <git@ctu.cx>
Date: Tue, 30 May 2023 12:03:18 +0200
required fixes for 23.05
9 files changed, 31 insertions(+), 31 deletions(-)
diff --git a/configurations/common/programs/gpg.nix b/configurations/common/programs/gpg.nix @@ -12,7 +12,7 @@ packages = lib.mkIf pkgs.stdenv.isLinux [ pkgs.pcsctools ]; sessionVariables = { - GNUPGHOME = "$HOME/.gnupg"; + GNUPGHOME = lib.mkForce "$HOME/.gnupg"; }; shellAliases = {
diff --git a/configurations/common/programs/password-store.nix b/configurations/common/programs/password-store.nix @@ -1,11 +1,11 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { home-manager.users.leah = { home = { packages = [ pkgs.pwgen ]; sessionVariables = { - PASSWORD_STORE_DIR = "\$HOME/.local/share/password-store"; + PASSWORD_STORE_DIR = lib.mkForce "\$HOME/.local/share/password-store"; }; };
diff --git a/configurations/linux/default.nix b/configurations/linux/default.nix @@ -60,9 +60,11 @@ enable = true; startWhenNeeded = true; ports = [ 22 ]; - passwordAuthentication = false; - permitRootLogin = "without-password"; extraConfig = "StreamLocalBindUnlink yes"; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "without-password"; + }; }; };
diff --git a/machines/briefkasten/scanner-sftp.nix b/machines/briefkasten/scanner-sftp.nix @@ -17,13 +17,13 @@ }; services.openssh = { - macs = [ + settings.Macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" "umac-128-etm@openssh.com" "hmac-sha2-512" "hmac-sha2-256" "umac-128@openssh.com" # needed by scanner "hmac-sha1" ]; - kexAlgorithms = [ + settings.KexAlgorithms = [ "sntrup761x25519-sha512@openssh.com" "curve25519-sha256" "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" # needed by scanner "diffie-hellman-group-exchange-sha1"
diff --git a/machines/trabbi/mail.nix b/machines/trabbi/mail.nix @@ -122,7 +122,7 @@ in { redis.address = "[::1]"; - certificateScheme = 1; + certificateScheme = "manual"; certificateFile = "${config.security.acme.certs.${config.networking.fqdn}.directory}/fullchain.pem"; keyFile = "${config.security.acme.certs.${config.networking.fqdn}.directory}/key.pem";
diff --git a/machines/wanderduene/configuration.nix b/machines/wanderduene/configuration.nix @@ -30,7 +30,6 @@ boot = { loader.grub = { enable = true; - version = 2; device = "/dev/vda"; };
diff --git a/pkgs/darwin/default.nix b/pkgs/darwin/default.nix @@ -8,10 +8,6 @@ final: prev: uhubDaemon = final.callPackage ./uhubDaemon.nix {}; XPCEventStreamHandler = final.callPackage ./XPCEventStreamHandler {}; - # jemalloc depends on llvm10 which is doesn't supports darwin-aarch64 - # however bind seems to build fine w/o jemalloc - bind = prev.bind.override { jemalloc = null; }; - # disable pyopenssl-dependency on cloudscraper since it is broken on aarch64 python3 = prev.python3.override { packageOverrides = python3-final: python3-prev: {
diff --git a/secrets/briefkasten/restic-server-htpasswd.age b/secrets/briefkasten/restic-server-htpasswd.age @@ -1,11 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBja1ZsTWVOS1JabExRMDBn -MWVBM1V3RlJJdzRrR3NUQ1JzUGF1VGlPQVZJCituOXgrMU03djQxM2wvWklxVVg0 -ZzhCOS9CYzlldXpROXFQKzNBdXpqSlUKLT4gc3NoLWVkMjU1MTkgNGhLQ013IFBo -SHJzUy9SNFplaFYyU29jR2RXelpRWHgrZTFxMUY4WUNzUXB6VTE1MzAKdUZkSUZr -YjN5UW50RG5oOE4wblh4Z2kxdm9UL0VBUEIyVVdQclpqdTRBNAotPiB2Kl82Oi1n -cmVhc2UgY2k5YkFKXyBBVmBPSSB7YGsKSE1JYUEvQXhUaWtSbzJ0dVVxM3RkQQot -LS0gTUU2OG93R2U3aCtPVUpQbXBBalBtYURxQWhpM0FFVy9ZdVJBazZrY2huZwqn -bP7yOAnY0m66FOtNEcGgu1ctvbdL8H7CUr2menDObUxUHB5R7+IN4xShFUg6ZwEd -t201uSZc6C1dZ/VESagLyWpsohdbgI1Iiw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdlNJRE1FUzU3dDZzdy9X +S2tYVXcvRGo1RGtST2JyNUxtMHUyaVc4ZERRCjZoMlU2b0Q1djY5SjRDSUdsd3BW +VzlvQUJoT2pkR0ZJMVpQVmlMRDBtWnMKLT4gc3NoLWVkMjU1MTkgNGhLQ013IHRZ +am9MZDU2QmpncTZXRlpNVy9KSTFFa04xVjh1Y3dwYWo2eHpKeUgxVTQKYW9hVDFy +b0NCZXZXL1JWSlFrQVRPY1pTR0pCS0RjUHIrb1FEeDliNXVCVQotPiAhLWdyZWFz +ZSBTWiIgdGcKRXcwSDRTVHh3ZEJBZHhXTWJtcng5QkxjRkNRTEVQRU1IZlJZcFFv +NjFWRm15aWpWbkxRUjlxd2ZML0J6Z2lnVQp6aUlMK29QaVJtdi9yK2MvT2Q4Vzl0 +NAotLS0gaGtqMDIrOEtyU3ZhQmQ5eXU5aXJ3dVRBd0hJK1grMXBwL0xpcnhTL1lO +NAo2RMww6mxhBRi5356hizwsl6/CobOvR0avq41LeXgrD+AKtWfDVMtNpr6aPX7h +RezR2ntD3+TOT0lWC9amC3Kz+WTyrqzt -----END AGE ENCRYPTED FILE-----
diff --git a/secrets/wanderduene/restic-server-htpasswd.age b/secrets/wanderduene/restic-server-htpasswd.age @@ -1,11 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0eUtLTHo0U3YwU0J1Q09D -ZkZieXEzSmVEc1lldDVlNWRmNFl5UVNhK2xRCm5ka1FzSDhmejYyZWtJUXdtUENP -UTR4ZW9VdDFrdGlIS1FUdEJJM3UwOFEKLT4gc3NoLWVkMjU1MTkgc2g4UE9RIEd4 -OXY5Y0xTbDlaMFJYaStERWtnb1BRVGU1RGlUR1Z1UndlUHhGd1E2SG8KWVl4MVJj -czZ5ZDM0d0JYVm9zcEdGci9NVDJ0OVEzUHhYQ2hSTHBkamJySQotPiB8S0RLLWdy -ZWFzZQpnSXArZ3lZaXdER2RSSkgwVkJ1M1JYN1RMVG9Vc3Y3WVBqWDdLckQxWWEz -eXZERk42TTY4M05BdHBhVHdMZwotLS0gb0hZOUxGbjc1KzRJZ3p4aStkNFAxVDFG -NHhjbGtKb0ZZS3JjL3lpVFJNVQrue5SiP6MFsTBf0kDHUZkrftHVcJblPAGirCGv -kXWJ9fED3A2oHKwLQ76u1uM31nVnyR1s4qxHpXtRxl8hrYyfiHlTKhN/ImFXr6vl +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmMVdvQ1FnTlUrc0hJa1JQ +dk1TUjJNRHFsNmVEQms2SlBiQXN4NC94L3pBClkwclQ0cDBKSms1em9wT0pkZDZU +czJGNXdDL1kyT1hvNmg2R21lcFNZcjAKLT4gc3NoLWVkMjU1MTkgc2g4UE9RIGEz +MXF0L1ArdWJCaGZ2Q0FaeXhQWGk3OUNOU3prY3MyVEpjbEovaTlKelEKWHIwWk1v +NWoyZGhuQnNDdHpFY01DS3E2cmExc3Axc3lVZWltRHZXdW1aTQotPiAkLWdyZWFz +ZQpBTjI5YTBKSjU5cHNiTGFvV1JKb3JxNkVtdTVQN2tCckhQMUpCaXNnMUQ4Qk0z +T1VYMFpmWDg1QjBuVDRBVFNjCmdNalc1dTFJVjZkZnRJSTEyZ2M0eVdFCi0tLSAw +SVNyQ3FoZkhUWW9mV0pmMVNDSVBEai9sa3pVbmJvYm83ME1xa1lnY3MwCqmlSlA9 +znkgED5fSvxfZPZ5Ui1/yRSlD45fmHUnzcyaeLUCXawozay9FyQfWQOSHXYMbb/g +HZ5VTNxgPj/7tvW1AjDJJVUEHS0qivCgaZajS00fIxBFLjf3QamIA0NW9/oR02yH +mLx4qLzvmfE9 -----END AGE ENCRYPTED FILE-----