Update from updated-inputs-2025-06-29-01-03

configuration/desktop/xserver.nix

@@ -2,8 +2,8 @@
 
 {
   services.xserver.enable = true;
-  services.xserver.displayManager.gdm.enable = true;
+  services.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
+  services.desktopManager.gnome.enable = true;
 
   services.xserver.excludePackages = with pkgs; [
     xterm

flake.lock

@@ -269,11 +269,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1748520450,
+        "lastModified": 1750779764,
-        "narHash": "sha256-thTwt6c/qdLg65urUWSENbmwf/ofvujpFNNTcF+iZvI=",
+        "narHash": "sha256-JTvJf12NfmiJg+k8zPAvvJIHWA8lzL5SBssQxkwZTwE=",
         "ref": "lix-2.93",
-        "rev": "509c94cdb7e11d48e67a5a68c0d5fadfcda7bad5",
+        "rev": "175d4c80943403f352ad3ce9ee9a93475a154b91",
-        "revCount": 4257,
+        "revCount": 4259,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/hydra.git"
       },
@@ -290,6 +290,9 @@
           "flake-compat"
         ],
         "nix2container": "nix2container",
+        "nix_2_18": [
+          "hydra"
+        ],
         "nixpkgs": [
           "hydra",
           "nixpkgs"
@@ -298,11 +301,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1747597901,
+        "lastModified": 1750762203,
-        "narHash": "sha256-jS+P57tXZEl+zvPfEIHFbd1j3xfuWcrcMrcnbm9wWbE=",
+        "narHash": "sha256-LmQhjQ7c+AOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw=",
         "ref": "release-2.93",
-        "rev": "33eaaf02fd3f380e99032b25e741eeeb10573cad",
+        "rev": "38b358ce27203f972faa2973cf44ba80c758f46e",
-        "revCount": 17846,
+        "revCount": 17866,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/lix"
       },
@@ -324,11 +327,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1748254718,
+        "lastModified": 1750776670,
-        "narHash": "sha256-Uf6HNA0JctJH4ZdrZ/xb185mT0/XusLxnric9Xhg7Es=",
+        "narHash": "sha256-EfA5K5EZAnspmraJrXQlziffVpaT+QDBiE6yKmuaNNQ=",
         "ref": "release-2.93",
-        "rev": "3855614ceafe562393472cca5fb2005297889a75",
+        "rev": "c3c78a32273e89d28367d8605a4c880f0b6607e3",
-        "revCount": 143,
+        "revCount": 146,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/nixos-module.git"
       },
@@ -342,6 +345,7 @@
       "inputs": {
         "flake-compat": "flake-compat_2",
         "nix2container": "nix2container_2",
+        "nix_2_18": "nix_2_18",
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -349,11 +353,11 @@
         "pre-commit-hooks": "pre-commit-hooks_2"
       },
       "locked": {
-        "lastModified": 1747597901,
+        "lastModified": 1750762203,
-        "narHash": "sha256-jS+P57tXZEl+zvPfEIHFbd1j3xfuWcrcMrcnbm9wWbE=",
+        "narHash": "sha256-LmQhjQ7c+AOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw=",
         "ref": "release-2.93",
-        "rev": "33eaaf02fd3f380e99032b25e741eeeb10573cad",
+        "rev": "38b358ce27203f972faa2973cf44ba80c758f46e",
-        "revCount": 17846,
+        "revCount": 17866,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/lix.git"
       },
@@ -363,6 +367,22 @@
         "url": "https://git.lix.systems/lix-project/lix.git"
       }
     },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
     "mitel-ommclient2": {
       "inputs": {
         "nixpkgs": [
@@ -416,6 +436,34 @@
         "type": "github"
       }
     },
+    "nix_2_18": {
+      "inputs": {
+        "flake-compat": [
+          "lix",
+          "flake-compat"
+        ],
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": "nixpkgs_4",
+        "nixpkgs-regression": [
+          "lix",
+          "nixpkgs-regression"
+        ]
+      },
+      "locked": {
+        "lastModified": 1730375271,
+        "narHash": "sha256-RrOFlDGmRXcVRV2p2HqHGqvzGNyWoD0Dado/BNlJ1SI=",
+        "owner": "NixOS",
+        "repo": "nix",
+        "rev": "0f665ff6779454f2117dcc32e44380cda7f45523",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "2.18.9",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
     "nixos-exporter": {
       "inputs": {
         "nixpkgs": [
@@ -550,11 +598,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1748437600,
+        "lastModified": 1750622754,
-        "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",
+        "narHash": "sha256-kMhs+YzV4vPGfuTpD3mwzibWUE6jotw5Al2wczI0Pv8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7282cb574e0607e65224d33be8241eae7cfe0979",
+        "rev": "c7ab75210cb8cb16ddd8f290755d9558edde7ee1",
         "type": "github"
       },
       "original": {
@@ -566,11 +614,27 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1750776420,
+        "lastModified": 1705033721,
-        "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",
+        "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",
+        "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1751011381,
+        "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7",
         "type": "github"
       },
       "original": {
@@ -665,7 +729,7 @@
         "lix-module": "lix-module",
         "nixos-exporter": "nixos-exporter",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_5",
         "nixpkgs-0dc1c7": "nixpkgs-0dc1c7",
         "nurausstieg": "nurausstieg",
         "rainbowrss": "rainbowrss",

flake.nix

@@ -70,7 +70,6 @@
   };
   outputs = { self, nixpkgs, nixos-hardware, chaosevents, fernglas, nixos-exporter, solid-xmpp-alarm, ssh-to-age, ... }@inputs: let
     lib = import ./lib inputs;
-    helper = lib.flake-helper;
     localNixpkgs = import ./flake/nixpkgs.nix inputs;
   in {
     clerie.hosts = {
@@ -135,14 +134,21 @@
     };
 
     overlays = {
-      nixfilesInputs = import ./flake/overlay.nix inputs;
+      clerie-inputs = import ./flake/inputs-overlay.nix inputs;
-      clerie = import ./pkgs/overlay.nix;
+      clerie-pkgs = import ./pkgs/overlay.nix;
-      default = self.overlays.clerie;
+      clerie-build-support = import ./pkgs/build-support/overlay.nix;
+      clerie-overrides = import ./pkgs/overrides/overlay.nix;
     };
 
-    packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
+    packages = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system:
+      let
        pkgs = localNixpkgs.${system};
-    in builtins.mapAttrs (name: value: pkgs."${name}") (import ./pkgs/pkgs.nix));
+      in
+      nixpkgs.lib.genAttrs (
+        (builtins.attrNames (self.overlays.clerie-pkgs null null))
+        ++ (builtins.attrNames (self.overlays.clerie-overrides null null))
+      ) (name: pkgs."${name}")
+    );
 
     inherit lib self;
 

flake/nixosConfigurations.nix

@@ -10,34 +10,13 @@ let
     group ? null,
     modules ? [],
   }: let
-    localNixpkgs = nixpkgs.lib.attrByPath [ "nixpkgs-${name}" ] nixpkgs inputs;
+  in self.lib.nixosSystem {
-  in localNixpkgs.lib.nixosSystem {
     system = system;
     modules = modules ++ [
-      self.nixosModules.nixfilesInputs
-      self.nixosModules.clerie
-      self.nixosModules.profiles
-
       ({ config, lib, ... }: {
         # Set hostname
         networking.hostName = lib.mkDefault name;
 
-        # Apply overlays
-        nixpkgs.overlays = [
-          self.overlays.nixfilesInputs
-          self.overlays.clerie
-        ];
-
-        /*
-          Make the contents of the flake availiable to modules.
-          Useful for having the monitoring server scraping the
-          target config from all other servers automatically.
-        */
-        _module.args = {
-          inputs = inputs;
-          _nixfiles = self;
-        };
-
         # Expose host group to monitoring
         clerie.monitoring = nixpkgs.lib.attrsets.optionalAttrs (group != null) { serviceLevel = group; };
 

flake/nixpkgs.nix

@@ -8,8 +8,10 @@ let
     import nixpkgs {
       inherit system;
       overlays = [
-        self.overlays.nixfilesInputs
+        self.overlays.clerie-inputs
-        self.overlays.clerie
+        self.overlays.clerie-pkgs
+        self.overlays.clerie-build-support
+        self.overlays.clerie-overrides
       ];
     };
 

hosts/web-2/clerie.nix

@@ -27,7 +27,7 @@
         root = pkgs.clerie-keys;
       };
       locations."= /ssh/known_hosts" = {
-        alias = pkgs.writeText "known_hosts" (import ../../lib/ssh-known-hosts.nix);
+        alias = pkgs.clerie-ssh-known-hosts + "/known_hosts";
         extraConfig = ''
           types { }
           default_type "text/plain; charset=utf-8";

lib/default.nix

@@ -8,6 +8,7 @@ let
 
   lib = {
     clerie-monitoring-ids = callLibs ./clerie-monitoring-ids.nix;
+    nixosSystem = callLibs ./nixosSystem.nix;
   };
 
 in

lib/link-local-wireguard.nix

@@ -1,22 +0,0 @@
-{ ... }:
-
-rec {
-  llIPv6 = localIP: peerIP: interface: {
-    ips = [
-      "${localIP}/128"
-    ];
-    postSetup = ''
-    ip -6 route flush dev ${interface}
-    ip addr del dev ${interface} ${localIP}/128 && ip addr add dev ${interface} ${localIP}/128 peer ${peerIP}/128
-    '';
-  };
-  llIPv4 = localIP: peerIP: interface: {
-    ips = [
-      "${localIP}/32"
-    ];
-    postSetup = ''
-    ip -4 route flush dev ${interface}
-    ip addr del dev ${interface} ${localIP}/32 && ip addr add dev ${interface} ${localIP}/32 peer ${peerIP}/32
-    '';
-  };
-}

lib/nixosSystem.nix

@@ -0,0 +1,41 @@
+{
+  inputs,
+  self,
+  ...
+}:
+
+/*
+
+  nixfiles.lib.nixosSystem, like nixpkgs.lib.nixosSystem but
+  with nixfiles overlays and modules already populated
+
+*/
+{
+  system ? null,
+  pkgs ? null,
+  modules ? [],
+  ...
+}@args:
+
+let
+  localNixpkgs = import ../flake/nixpkgs.nix inputs;
+in inputs.nixpkgs.lib.nixosSystem ({
+  system = system;
+  pkgs = if pkgs != null then pkgs else localNixpkgs.${system};
+  modules = [
+    self.nixosModules.nixfilesInputs
+    self.nixosModules.clerie
+    self.nixosModules.profiles
+    ({ config, lib, ... }: {
+      /*
+        Make the contents of the flake availiable to modules.
+        Useful for having the monitoring server scraping the
+        target config from all other servers automatically.
+      */
+      _module.args = {
+        inputs = inputs;
+        _nixfiles = self;
+      };
+    })
+  ] ++ modules;
+} // builtins.removeAttrs args [ "system" "pkgs" "modules" ] )

pkgs/build-support/overlay.nix

@@ -0,0 +1,7 @@
+final: prev:
+
+{
+  clerie-build-support = {
+    writePythonScript = final.callPackage ./writePythonScript.nix {};
+  };
+}

pkgs/build-support/writePythonScript.nix

@@ -0,0 +1,37 @@
+{
+  python3,
+  writeTextFile,
+  lib,
+}:
+
+{
+  name,
+  text,
+  runtimePackages ? ps: [],
+  pythonPackage ? python3,
+  meta ? {},
+  passthru ? {},
+  derivationArgs ? {},
+}:
+
+let
+
+  pythonWithPackages = pythonPackage.withPackages runtimePackages;
+
+in writeTextFile {
+  inherit
+    name
+    meta
+    passthru
+    derivationArgs
+    ;
+  executable = true;
+  destination = "/bin/${name}";
+  allowSubstitutes = true;
+  preferLocalBuild = false;
+  text = ''
+    #!${lib.getExe pythonWithPackages}
+
+    ${text}
+  '';
+}

pkgs/clerie-ssh-known-hosts/default.nix

@@ -1,13 +1,22 @@
+{
+  writeTextFile,
+}:
+
 let
   stripR = str: if (builtins.substring ((builtins.stringLength str) - 1) (builtins.stringLength str) str) == "\n" then stripR (builtins.substring 0 ((builtins.stringLength str) - 1) str) else str;
-  hostsWithSshPubkey = builtins.filter (hostname: (builtins.substring 0 1 hostname) != "_" && builtins.pathExists (../hosts + "/${hostname}/ssh.pub")) (builtins.attrNames (builtins.readDir ../hosts));
+  hostsWithSshPubkey = builtins.filter (hostname: (builtins.substring 0 1 hostname) != "_" && builtins.pathExists (../../hosts + "/${hostname}/ssh.pub")) (builtins.attrNames (builtins.readDir ../../hosts));
   sshkeyList = map (hostname: {
     name = hostname;
-    sshPubkey = stripR (builtins.readFile (../hosts + "/${hostname}/ssh.pub"));
+    sshPubkey = stripR (builtins.readFile (../../hosts + "/${hostname}/ssh.pub"));
   }) hostsWithSshPubkey;
   knownHosts = builtins.concatStringsSep "" (builtins.map ({name, sshPubkey}: ''
     ${name} ${sshPubkey}
     ${name}.net.clerie.de ${sshPubkey}
   '') sshkeyList);
-in
+in writeTextFile {
-  knownHosts
+  name = "clerie-ssh-known-hosts";
+  destination = "/known_hosts";
+  allowSubstitutes = true;
+  preferLocalBuild = false;
+  text = knownHosts;
+}

pkgs/git-show-link/default.nix

@@ -1,13 +1,6 @@
 { pkgs, ... }:
 
-pkgs.writeTextFile {
+pkgs.clerie-build-support.writePythonScript {
   name = "git-show-link";
-  executable = true;
+  text = builtins.readFile ./git-show-link.py;
-  destination = "/bin/git-show-link";
-  allowSubstitutes = true;
-  preferLocalBuild = false;
-  text = ''
-    #!${pkgs.python3.withPackages (ps: with ps; [])}/bin/python3
-    ${builtins.readFile ./git-show-link.py}
-  '';
 }

pkgs/overlay.nix

@@ -1 +1,30 @@
-final: prev: builtins.mapAttrs (name: value: value final prev) (import ./pkgs.nix)
+final: prev: {
+  clerie-backup = final.callPackage ./clerie-backup {};
+  clerie-cleanup-branches = final.callPackage ./clerie-update-nixfiles/clerie-cleanup-branches.nix {};
+  clerie-keys = final.callPackage ./clerie-keys {};
+  clerie-ssh-known-hosts = final.callPackage ./clerie-ssh-known-hosts {};
+  clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
+  clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
+  clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
+  clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {};
+  clerie-sops-config = final.callPackage ./clerie-sops/clerie-sops-config.nix {};
+  clerie-sops-edit = final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
+  clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
+  chromium-incognito = final.callPackage ./chromium-incognito {};
+  factorio-launcher = final.callPackage ./factorio-launcher {};
+  feeds-dir = final.callPackage ./feeds-dir {};
+  git-checkout-github-pr = final.callPackage ./git-checkout-github-pr {};
+  git-diff-word = final.callPackage ./git-diff-word {};
+  git-pp = final.callPackage ./git-pp {};
+  git-show-link = final.callPackage ./git-show-link {};
+  nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
+  nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
+  nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
+  nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
+  nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
+  print-afra = final.callPackage ./print-afra {};
+  run-with-docker-group = final.callPackage ./run-with-docker-group {};
+  ssh-gpg = final.callPackage ./ssh-gpg {};
+  update-from-hydra = final.callPackage ./update-from-hydra {};
+  uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {};
+}

pkgs/overrides/overlay.nix

@@ -0,0 +1,4 @@
+final: prev: {
+  dino = import ./dino.nix final prev;
+  xmppc = import ./xmppc.nix final prev;
+}

pkgs/pkgs.nix

@@ -1,32 +0,0 @@
-{
-  clerie-backup = final: prev: final.callPackage ./clerie-backup {};
-  clerie-cleanup-branches = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-cleanup-branches.nix {};
-  clerie-keys = final: prev: final.callPackage ./clerie-keys {};
-  clerie-system-remote-install = final: prev: final.callPackage ./clerie-system-remote-install {};
-  clerie-system-upgrade = final: prev: final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
-  clerie-merge-nixfiles-update = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
-  clerie-sops = final: prev: final.callPackage ./clerie-sops/clerie-sops.nix {};
-  clerie-sops-config = final: prev: final.callPackage ./clerie-sops/clerie-sops-config.nix {};
-  clerie-sops-edit = final: prev: final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
-  clerie-update-nixfiles = final: prev: final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
-  chromium-incognito = final: prev: final.callPackage ./chromium-incognito {};
-  factorio-launcher = final: prev: final.callPackage ./factorio-launcher {};
-  feeds-dir = final: prev: final.callPackage ./feeds-dir {};
-  git-checkout-github-pr = final: prev: final.callPackage ./git-checkout-github-pr {};
-  git-diff-word = final: prev: final.callPackage ./git-diff-word {};
-  git-pp = final: prev: final.callPackage ./git-pp {};
-  git-show-link = final: prev: final.callPackage ./git-show-link {};
-  nix-remove-result-links = final: prev: final.callPackage ./nix-remove-result-links {};
-  nixfiles-auto-install = final: prev: final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
-  nixfiles-generate-config = final: prev: final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
-  nixfiles-generate-backup-secrets = final: prev: final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {};
-  nixfiles-update-ssh-host-keys = final: prev: final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {};
-  print-afra = final: prev: final.callPackage ./print-afra {};
-  run-with-docker-group = final: prev: final.callPackage ./run-with-docker-group {};
-  ssh-gpg = final: prev: final.callPackage ./ssh-gpg {};
-  update-from-hydra = final: prev: final.callPackage ./update-from-hydra {};
-  uptimestatus = final: prev: final.python3.pkgs.callPackage ./uptimestatus {};
-
-  dino = final: prev: import ./overrides/dino.nix final prev;
-  xmppc = final: prev: import ./overrides/xmppc.nix final prev;
-}