too many things at once please help

flake.nix

@@ -1,12 +1,12 @@
 {
   inputs = {
     nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-23.11";
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
     nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     #nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     arion.url = "github:hercules-ci/arion";
     mms.url = "github:mkaito/nixos-modded-minecraft-servers";
-    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
+    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
     conduit = {
       url = "gitlab:famedly/conduit";
     };

justfile

@@ -1,9 +1,6 @@
 deploy:
 	colmena apply
 
-build:
-	colmena build
-
 update: 
 	nix flake update --commit-lock-file
 	just deploy

modules/base-stuff.nix

@@ -65,6 +65,7 @@
   };
 
   programs.mosh.enable = true;
+  users.defaultUserShell = pkgs.nushell;
 
   services.openssh = {
     enable = true;
@@ -72,7 +73,7 @@
   };
 
   environment.systemPackages = with pkgs; [
-    vim
+    helix
     wget
     neofetch
     btop
@@ -93,4 +94,11 @@
       device = "/dev/sda2";
     }
   ];
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 14d";
+  };
+  virtualisation.docker.autoPrune.enable = true;
 }

modules/containers/default.nix

@@ -2,7 +2,7 @@
   imports = [
     ./katzencafe-wiki.nix
     ./phtanumb-wiki.nix
-    ./calckey.nix
+    # ./calckey.nix
     ./penpot.nix
     ./nextcloud.nix
   ];

modules/containers/katzencafe-wiki.nix

@@ -1,5 +1,4 @@
-{ pkgsOld, ... }:
-{
+{pkgsOld, ...}: {
   containers."katzenwiki" = {
     autoStart = true;
     privateNetwork = true;
@@ -17,8 +16,12 @@
     #     localAddress = "10.0.2.2";
     #   };
     # };
-    config = { config, pkgs, ... }: {
-      environment.systemPackages = with pkgs; [btop ];
+    config = {
+      config,
+      pkgs,
+      ...
+    }: {
+      environment.systemPackages = with pkgs; [btop];
       networking.firewall.enable = false;
       # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
       environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
@@ -48,7 +51,7 @@
 
           # Disable anonymous editing
           $wgGroupPermissions['*']['edit'] = false;
-          $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
+          $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin'];
           $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
           $wgGroupPermissions['oidc_admin']['userrights'] = true;
 
@@ -86,12 +89,12 @@
     # NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
     # i should figure out why to make this work when setting up new instances...
     "katzenwikiPwFile" = {
-      keyCommand = [ "pass" "wikis/katzenwiki/password" ];
+      keyCommand = ["pass" "wikis/katzenwiki/password"];
       destDir = "/katzenwiki";
       name = "passwordFile";
     };
     "katzenwikiKeycloakClientSecret" = {
-      keyCommand = [ "pass" "wikis/katzenwiki/keycloak-secret" ];
+      keyCommand = ["pass" "wikis/katzenwiki/keycloak-secret"];
       destDir = "/katzenwiki";
       name = "keycloakClientSecret";
       permissions = "0604";

modules/containers/nextcloud.nix

@@ -35,13 +35,13 @@
           trustedProxies = ["10.0.3.1"];
         };
         hostName = "wolke.katzen.cafe";
-        package = pkgs.nextcloud27;
+        package = pkgs.nextcloud29;
         extraApps = with config.services.nextcloud.package.packages.apps; {
           inherit bookmarks calendar contacts;
           user_oidc = pkgs.fetchNextcloudApp rec {
-            url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz";
-            sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w";
-            license = "agpl3";
+            url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v5.0.3/user_oidc-v5.0.3.tar.gz";
+            sha256 = "sha256-oaN4nYIKzP7r9pB/6szZnkR+liSMARd3Nb8aM3m9WeE=";
+            license = "gpl3";
           };
         };
       };
@@ -51,7 +51,8 @@
         ensureUsers = [
           {
             name = "nextcloud";
-            ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+            # ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+            ensureDBOwnership = true;
           }
         ];
       };

modules/containers/phtanumb-wiki.nix

@@ -1,11 +1,14 @@
-{ pkgsOld, ... }:
 {
+  pkgs,
+  pkgsOld,
+  ...
+}: {
   containers."phtanumb-wiki" = {
     autoStart = true;
     privateNetwork = true;
     hostAddress = "10.0.1.1";
     localAddress = "10.0.1.2";
-    nixpkgs = pkgsOld.path; 
+    nixpkgs = pkgs.path;
     bindMounts = {
       "/var/mediawiki" = {
         hostPath = "/phtanum-b/wiki";
@@ -18,8 +21,12 @@
     #     localAddress = "10.0.1.2";
     #   };
     # };
-    config = { config, pkgs, ... }: {
-      environment.systemPackages = with pkgs; [ luajit ];
+    config = {
+      config,
+      pkgs,
+      ...
+    }: {
+      environment.systemPackages = with pkgs; [luajit];
       networking.firewall.enable = false;
       # networking.nameservers =  [ "9.9.9.9" "149.112.112.112" ];
       environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
@@ -58,7 +65,7 @@
           $wgScribuntoUseGeSHi = true;
           $wgScribuntoUseCodeEditor = true;
 
-          $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
+          $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin'];
           $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
           $wgGroupPermissions['oidc_admin']['userrights'] = true;
 
@@ -110,11 +117,11 @@
   };
   deployment.keys = {
     "passwordFile" = {
-      keyCommand = [ "pass" "wikis/phtanumb/password" ];
+      keyCommand = ["pass" "wikis/phtanumb/password"];
       destDir = "/phtanum-b/wiki";
     };
     "keycloakClientSecret" = {
-      keyCommand = [ "pass" "wikis/phtanumb/keycloak-secret" ];
+      keyCommand = ["pass" "wikis/phtanumb/keycloak-secret"];
       destDir = "/phtanum-b/wiki";
       permissions = "0604";
     };

modules/mailserver.nix

@@ -1,15 +1,16 @@
-{ inputs, ... }: 
-{
-  imports = [ inputs.simple-nixos-mailserver.nixosModule ];
+{inputs, ...}: {
+  imports = [inputs.simple-nixos-mailserver.nixosModule];
+  # hack to fix https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275
+  services.dovecot2.sieve.extensions = ["fileinto"];
   mailserver = {
     enable = true;
     fqdn = "mail.katzen.cafe";
     sendingFqdn = "katzen.cafe";
-    domains = [ "katzen.cafe" ];
+    domains = ["katzen.cafe"];
     loginAccounts = {
       "admin@katzen.cafe" = {
         hashedPasswordFile = "/var/lib/secrets/admin-mail-pw";
-        aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ];
+        aliases = ["postmaster@katzen.cafe" "abuse@katzen.cafe"];
       };
       "noreply@katzen.cafe" = {
         hashedPasswordFile = "/var/lib/secrets/noreply-mail-pw";
@@ -19,11 +20,11 @@
   };
   deployment.keys = {
     "admin-mail-pw" = {
-      keyCommand = [ "pass" "mailpws/hashes/admin" ];
+      keyCommand = ["pass" "mailpws/hashes/admin"];
       destDir = "/var/lib/secrets";
     };
     "noreply-mail-pw" = {
-      keyCommand = [ "pass" "mailpws/hashes/noreply" ];
+      keyCommand = ["pass" "mailpws/hashes/noreply"];
       destDir = "/var/lib/secrets";
     };
   };

modules/postgres.nix

@@ -1,13 +1,13 @@
-{ pkgs, ... }: 
-{
+{pkgs, ...}: {
   services.postgresql = {
     enable = true;
     ensureUsers = [
       {
         name = "forgejo";
-        ensurePermissions = {
-          "DATABASE \"forgejo\"" = "ALL PRIVILEGES";
-        };
+        # ensurePermissions = {
+        #   "DATABASE \"forgejo\"" = "ALL PRIVILEGES";
+        # };
+        ensureDBOwnership = true;
       }
     ];
     ensureDatabases = [