too many things at once please help

Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a1cc729dcbc31d9b0d11d86dc7436163548a9665' (2024-07-25)
  → 'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27)
• Updated input 'nixpkgsUnstable':
    'github:NixOS/nixpkgs/5ad6a14c6bf098e98800b091668718c336effc95' (2024-07-25)
  → 'github:NixOS/nixpkgs/b73c2221a46c13557b1b3be9c2070cc42cf01eb3' (2024-07-27)

flake.lock

@@ -8,11 +8,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1713728172,
+        "lastModified": 1720147808,
-        "narHash": "sha256-rac5WwUyZGxVqcNh2PIOxXJFGPXBSFPfkox1AdqwVgk=",
+        "narHash": "sha256-hlWEQGUbIwYb+vnd8egzlW/P++yKu3HjV/rOdOPVank=",
         "owner": "hercules-ci",
         "repo": "arion",
-        "rev": "add0e67d2b83814667490985ea4ef1226d3b4511",
+        "rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
         "type": "github"
       },
       "original": {
@@ -71,11 +71,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1713731448,
+        "lastModified": 1721379485,
-        "narHash": "sha256-IDZfplo83qIi66Vpq1bqwwhm9FNs+6xW3d6EhMBGNCk=",
+        "narHash": "sha256-Pcfv3IB4yGiSC4N5BqD6T9u+YYBiwjJ+VGzg0WGCjK8=",
         "owner": "famedly",
         "repo": "conduit",
-        "rev": "27753b1d9624fc7a295eaf6009b71ede5804de62",
+        "rev": "44dd21f432a22c82adab77c25469c336976f4081",
         "type": "gitlab"
       },
       "original": {
@@ -201,11 +201,11 @@
     "flake-compat_4": {
       "flake": false,
       "locked": {
-        "lastModified": 1668681692,
+        "lastModified": 1696426674,
-        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -222,11 +222,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1712014858,
+        "lastModified": 1719994518,
-        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
+        "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
+        "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
         "type": "github"
       },
       "original": {
@@ -244,11 +244,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709336216,
+        "lastModified": 1712014858,
-        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
+        "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
+        "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
         "type": "github"
       },
       "original": {
@@ -329,11 +329,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710478346,
+        "lastModified": 1719226092,
-        "narHash": "sha256-Xjf8BdnQG0tLhPMlqQdwCIjOp7Teox0DP3N/jjyiGM4=",
+        "narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
         "owner": "hercules-ci",
         "repo": "hercules-ci-effects",
-        "rev": "64e7763d72c1e4c1e5e6472640615b6ae2d40fbf",
+        "rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
         "type": "github"
       },
       "original": {
@@ -416,11 +416,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1713537308,
+        "lastModified": 1720031269,
-        "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
+        "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f",
+        "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
         "type": "github"
       },
       "original": {
@@ -430,33 +430,18 @@
         "type": "github"
       }
     },
-    "nixpkgs-22_11": {
+    "nixpkgs-24_05": {
       "locked": {
-        "lastModified": 1669558522,
+        "lastModified": 1717144377,
-        "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
+        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
+        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-22.11",
+        "ref": "nixos-24.05",
-        "type": "indirect"
-      }
-    },
-    "nixpkgs-23_05": {
-      "locked": {
-        "lastModified": 1684782344,
-        "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
-        "type": "github"
-      },
-      "original": {
-        "id": "nixpkgs",
-        "ref": "nixos-23.05",
         "type": "indirect"
       }
     },
@@ -494,11 +479,11 @@
     },
     "nixpkgsOld": {
       "locked": {
-        "lastModified": 1713725259,
+        "lastModified": 1720535198,
-        "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=",
+        "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7",
+        "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5",
         "type": "github"
       },
       "original": {
@@ -510,11 +495,11 @@
     },
     "nixpkgsUnstable": {
       "locked": {
-        "lastModified": 1713714899,
+        "lastModified": 1722062969,
-        "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
+        "narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
+        "rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3",
         "type": "github"
       },
       "original": {
@@ -590,27 +575,27 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1713725259,
+        "lastModified": 1722087241,
-        "narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=",
+        "narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7",
+        "rev": "8c50662509100d53229d4be607f1a3a31157fa12",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs_7": {
       "locked": {
-        "lastModified": 1670751203,
+        "lastModified": 1717602782,
-        "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
+        "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
+        "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
         "type": "github"
       },
       "original": {
@@ -652,21 +637,20 @@
         "blobs": "blobs",
         "flake-compat": "flake-compat_4",
         "nixpkgs": "nixpkgs_7",
-        "nixpkgs-22_11": "nixpkgs-22_11",
+        "nixpkgs-24_05": "nixpkgs-24_05",
-        "nixpkgs-23_05": "nixpkgs-23_05",
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1687462267,
+        "lastModified": 1718084203,
-        "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=",
+        "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "24128c3052090311688b09a400aa408ba61c6ee5",
+        "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
         "type": "gitlab"
       },
       "original": {
         "owner": "simple-nixos-mailserver",
-        "ref": "nixos-23.05",
+        "ref": "nixos-24.05",
         "repo": "nixos-mailserver",
         "type": "gitlab"
       }
@@ -686,13 +670,31 @@
         "type": "github"
       }
     },
-    "utils": {
+    "systems_2": {
       "locked": {
-        "lastModified": 1605370193,
+        "lastModified": 1681028828,
-        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1709126324,
+        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "5021eac20303a61fafe17224c087f5519baed54d",
+        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,12 +1,12 @@
 {
   inputs = {
     nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-23.11";
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
     nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     #nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     arion.url = "github:hercules-ci/arion";
     mms.url = "github:mkaito/nixos-modded-minecraft-servers";
-    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
+    simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
     conduit = {
       url = "gitlab:famedly/conduit";
     };

justfile

@@ -1,9 +1,6 @@
 deploy:
 	colmena apply
 
-build:
-	colmena build
-
 update: 
 	nix flake update --commit-lock-file
 	just deploy

modules/base-stuff.nix

@@ -65,6 +65,7 @@
   };
 
   programs.mosh.enable = true;
+  users.defaultUserShell = pkgs.nushell;
 
   services.openssh = {
     enable = true;
@@ -72,7 +73,7 @@
   };
 
   environment.systemPackages = with pkgs; [
-    vim
+    helix
     wget
     neofetch
     btop
@@ -93,4 +94,11 @@
       device = "/dev/sda2";
     }
   ];
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 14d";
+  };
+  virtualisation.docker.autoPrune.enable = true;
 }

modules/containers/default.nix

@@ -2,7 +2,7 @@
   imports = [
     ./katzencafe-wiki.nix
     ./phtanumb-wiki.nix
-    ./calckey.nix
+    # ./calckey.nix
     ./penpot.nix
     ./nextcloud.nix
   ];

modules/containers/katzencafe-wiki.nix

@@ -1,5 +1,4 @@
-{ pkgsOld, ... }:
+{pkgsOld, ...}: {
-{
   containers."katzenwiki" = {
     autoStart = true;
     privateNetwork = true;
@@ -17,8 +16,12 @@
     #     localAddress = "10.0.2.2";
     #   };
     # };
-    config = { config, pkgs, ... }: {
+    config = {
-      environment.systemPackages = with pkgs; [btop ];
+      config,
+      pkgs,
+      ...
+    }: {
+      environment.systemPackages = with pkgs; [btop];
       networking.firewall.enable = false;
       # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
       environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
@@ -48,7 +51,7 @@
 
           # Disable anonymous editing
           $wgGroupPermissions['*']['edit'] = false;
-          $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
+          $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin'];
           $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
           $wgGroupPermissions['oidc_admin']['userrights'] = true;
 
@@ -86,12 +89,12 @@
     # NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
     # i should figure out why to make this work when setting up new instances...
     "katzenwikiPwFile" = {
-      keyCommand = [ "pass" "wikis/katzenwiki/password" ];
+      keyCommand = ["pass" "wikis/katzenwiki/password"];
       destDir = "/katzenwiki";
       name = "passwordFile";
     };
     "katzenwikiKeycloakClientSecret" = {
-      keyCommand = [ "pass" "wikis/katzenwiki/keycloak-secret" ];
+      keyCommand = ["pass" "wikis/katzenwiki/keycloak-secret"];
       destDir = "/katzenwiki";
       name = "keycloakClientSecret";
       permissions = "0604";

modules/containers/nextcloud.nix

@@ -35,13 +35,13 @@
           trustedProxies = ["10.0.3.1"];
         };
         hostName = "wolke.katzen.cafe";
-        package = pkgs.nextcloud27;
+        package = pkgs.nextcloud29;
         extraApps = with config.services.nextcloud.package.packages.apps; {
           inherit bookmarks calendar contacts;
           user_oidc = pkgs.fetchNextcloudApp rec {
-            url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz";
+            url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v5.0.3/user_oidc-v5.0.3.tar.gz";
-            sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w";
+            sha256 = "sha256-oaN4nYIKzP7r9pB/6szZnkR+liSMARd3Nb8aM3m9WeE=";
-            license = "agpl3";
+            license = "gpl3";
           };
         };
       };
@@ -51,7 +51,8 @@
         ensureUsers = [
           {
             name = "nextcloud";
-            ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+            # ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+            ensureDBOwnership = true;
           }
         ];
       };

modules/containers/phtanumb-wiki.nix

@@ -1,11 +1,14 @@
-{ pkgsOld, ... }:
 {
+  pkgs,
+  pkgsOld,
+  ...
+}: {
   containers."phtanumb-wiki" = {
     autoStart = true;
     privateNetwork = true;
     hostAddress = "10.0.1.1";
     localAddress = "10.0.1.2";
-    nixpkgs = pkgsOld.path; 
+    nixpkgs = pkgs.path;
     bindMounts = {
       "/var/mediawiki" = {
         hostPath = "/phtanum-b/wiki";
@@ -18,8 +21,12 @@
     #     localAddress = "10.0.1.2";
     #   };
     # };
-    config = { config, pkgs, ... }: {
+    config = {
-      environment.systemPackages = with pkgs; [ luajit ];
+      config,
+      pkgs,
+      ...
+    }: {
+      environment.systemPackages = with pkgs; [luajit];
       networking.firewall.enable = false;
       # networking.nameservers =  [ "9.9.9.9" "149.112.112.112" ];
       environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
@@ -58,7 +65,7 @@
           $wgScribuntoUseGeSHi = true;
           $wgScribuntoUseCodeEditor = true;
 
-          $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
+          $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin'];
           $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
           $wgGroupPermissions['oidc_admin']['userrights'] = true;
 
@@ -110,11 +117,11 @@
   };
   deployment.keys = {
     "passwordFile" = {
-      keyCommand = [ "pass" "wikis/phtanumb/password" ];
+      keyCommand = ["pass" "wikis/phtanumb/password"];
       destDir = "/phtanum-b/wiki";
     };
     "keycloakClientSecret" = {
-      keyCommand = [ "pass" "wikis/phtanumb/keycloak-secret" ];
+      keyCommand = ["pass" "wikis/phtanumb/keycloak-secret"];
       destDir = "/phtanum-b/wiki";
       permissions = "0604";
     };

modules/mailserver.nix

@@ -1,15 +1,16 @@
-{ inputs, ... }: 
+{inputs, ...}: {
-{
+  imports = [inputs.simple-nixos-mailserver.nixosModule];
-  imports = [ inputs.simple-nixos-mailserver.nixosModule ];
+  # hack to fix https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275
+  services.dovecot2.sieve.extensions = ["fileinto"];
   mailserver = {
     enable = true;
     fqdn = "mail.katzen.cafe";
     sendingFqdn = "katzen.cafe";
-    domains = [ "katzen.cafe" ];
+    domains = ["katzen.cafe"];
     loginAccounts = {
       "admin@katzen.cafe" = {
         hashedPasswordFile = "/var/lib/secrets/admin-mail-pw";
-        aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ];
+        aliases = ["postmaster@katzen.cafe" "abuse@katzen.cafe"];
       };
       "noreply@katzen.cafe" = {
         hashedPasswordFile = "/var/lib/secrets/noreply-mail-pw";
@@ -19,11 +20,11 @@
   };
   deployment.keys = {
     "admin-mail-pw" = {
-      keyCommand = [ "pass" "mailpws/hashes/admin" ];
+      keyCommand = ["pass" "mailpws/hashes/admin"];
       destDir = "/var/lib/secrets";
     };
     "noreply-mail-pw" = {
-      keyCommand = [ "pass" "mailpws/hashes/noreply" ];
+      keyCommand = ["pass" "mailpws/hashes/noreply"];
       destDir = "/var/lib/secrets";
     };
   };

modules/postgres.nix

@@ -1,13 +1,13 @@
-{ pkgs, ... }: 
+{pkgs, ...}: {
-{
   services.postgresql = {
     enable = true;
     ensureUsers = [
       {
         name = "forgejo";
-        ensurePermissions = {
+        # ensurePermissions = {
-          "DATABASE \"forgejo\"" = "ALL PRIVILEGES";
+        #   "DATABASE \"forgejo\"" = "ALL PRIVILEGES";
-        };
+        # };
+        ensureDBOwnership = true;
       }
     ];
     ensureDatabases = [