Update nixpkgs 2025-08-30-01-03

2025-08-30 03:04:04 +02:00
15 changed files with 11 additions and 235 deletions
--- a/configuration/common/programs.nix
+++ b/configuration/common/programs.nix
@@ -6,7 +6,6 @@
    # My system is fucked
    gptfdisk
    parted
    grow-last-partition-and-filesystem
    # Normal usage
    htop
--- a/flake.lock
+++ b/flake.lock
@@ -404,26 +404,6 @@
        "url": "https://git.clerie.de/clerie/mitel_ommclient2.git"
      }
    },
    "mu5001tool": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1757364612,
        "narHash": "sha256-6MSqlWHH15qbWbvS9b6OTGdtIkW6GVb9SSLkEYAMdDw=",
        "ref": "refs/heads/main",
        "rev": "cb758d9bc97baa11e80a048e666c99986cabed43",
        "revCount": 6,
        "type": "git",
        "url": "https://git.clerie.de/clerie/mu5001tool.git"
      },
      "original": {
        "type": "git",
        "url": "https://git.clerie.de/clerie/mu5001tool.git"
      }
    },
    "nix2container": {
      "flake": false,
      "locked": {
@@ -666,11 +646,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1757068644,
+        "lastModified": 1756386758,
-        "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=",
+        "narHash": "sha256-1wxxznpW2CKvI9VdniaUnTT2Os6rdRJcRUf65ZK9OtE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9",
+        "rev": "dfb2f12e899db4876308eba6d93455ab7da304cd",
        "type": "github"
      },
      "original": {
@@ -763,7 +743,6 @@
        "hydra": "hydra",
        "lix": "lix_2",
        "lix-module": "lix-module",
        "mu5001tool": "mu5001tool",
        "nixos-exporter": "nixos-exporter",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs_5",
--- a/flake.nix
+++ b/flake.nix
@@ -40,10 +40,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    fieldpoc.url = "git+https://git.clerie.de/clerie/fieldpoc.git";
    mu5001tool = {
      url = "git+https://git.clerie.de/clerie/mu5001tool.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixos-exporter = {
      url = "git+https://git.clerie.de/clerie/nixos-exporter.git";
      inputs.nixpkgs.follows = "nixpkgs";
--- a/flake/inputs-overlay.nix
+++ b/flake/inputs-overlay.nix
@@ -5,7 +5,6 @@
 , chaosevents
 , harmonia
 , hydra
 , mu5001tool
 , nurausstieg
 , rainbowrss
 , scan-to-gpg
@@ -26,8 +25,6 @@ final: prev: {
    harmonia;
  inherit (hydra.packages.${final.system})
    hydra;
  inherit (mu5001tool.packages.${final.system})
    mu5001tool;
  inherit (nurausstieg.packages.${final.system})
    nurausstieg;
  inherit (rainbowrss.packages.${final.system})
--- a/hosts/astatine/configuration.nix
+++ b/hosts/astatine/configuration.nix
@@ -4,10 +4,6 @@
  imports =
    [
      ./hardware-configuration.nix
      ./grafana.nix
      ./mu5001tool.nix
      ./prometheus.nix
    ];
  profiles.clerie.network-fallback-dhcp.enable = true;
@@ -22,16 +18,6 @@
    terminal_output serial
  ";
  sops.secrets.monitoring-htpasswd = {
    owner = "nginx";
    group = "nginx";
  };
  services.nginx = {
    enable = true;
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  profiles.clerie.wg-clerie = {
    enable = true;
    ipv6s = [ "2a01:4f8:c0c:15f1::8108/128" ];
--- a/hosts/astatine/grafana.nix
+++ b/hosts/astatine/grafana.nix
@@ -1,45 +0,0 @@
 { config, ... }:
 {
  services.grafana = {
    enable  = true;
    settings = {
      server = {
        domain = "grafana.astatine.net.clerie.de";
        root_url = "https://grafana.astatine.net.clerie.de";
        http_port = 3001;
        http_addr = "::1";
      };
      "auth.anonymous" = {
        enabled = true;
      };
    };
    provision = {
      enable = true;
      datasources.settings.datasources = [
        {
          type = "prometheus";
          name = "Prometheus";
          url = "http://[::1]:9090";
          isDefault = true;
        }
      ];
    };
  };
  services.nginx = {
    virtualHosts = {
      "grafana.astatine.net.clerie.de" = {
        enableACME = true;
        forceSSL   = true;
        basicAuthFile = config.sops.secrets.monitoring-htpasswd.path;
        locations."/".proxyPass = "http://[::1]:3001/";
        locations."= /api/live/ws" = {
          proxyPass = "http://[::1]:3001";
          proxyWebsockets = true;
        };
      };
    };
  };
 }
--- a/hosts/astatine/mu5001tool.nix
+++ b/hosts/astatine/mu5001tool.nix
@@ -1,16 +0,0 @@
 { config, pkgs, lib, ... }:
 {
  systemd.services."mu5001tool" = {
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      DynamicUser = true;
      LoadCredential = "zte-hypermobile-5g-password:${config.sops.secrets."zte-hypermobile-5g-password".path}";
    };
    script = ''
      ${lib.getExe pkgs.mu5001tool} --password-file ''${CREDENTIALS_DIRECTORY}/zte-hypermobile-5g-password prometheus-exporter --listen-port 9242
    '';
  };
 }
--- a/hosts/astatine/prometheus.nix
+++ b/hosts/astatine/prometheus.nix
@@ -1,46 +0,0 @@
 { config, ... }:
 {
  services.prometheus = {
    enable = true;
    enableReload = true;
    listenAddress = "[::1]";
    scrapeConfigs = [
      {
        job_name = "prometheus";
        scrape_interval = "20s";
        scheme = "http";
        static_configs = [
          {
            targets = [
              "[::1]:9090"
            ];
          }
        ];
      }
      {
        job_name = "mu5001tool";
        scrape_interval = "20s";
        static_configs = [
          {
            targets = [
              "[::1]:9242"
            ];
          }
        ];
      }
    ];
  };
  services.nginx = {
    virtualHosts = {
      "prometheus.astatine.net.clerie.de" = {
        enableACME = true;
        forceSSL   = true;
        basicAuthFile = config.sops.secrets.monitoring-htpasswd.path;
        locations."/".proxyPass = "http://[::1]:9090/";
      };
    };
  };
 }
--- a/hosts/astatine/secrets.json
+++ b/hosts/astatine/secrets.json
@@ -1,17 +1,19 @@
 {
 	"wg-clerie": "ENC[AES256_GCM,data:DbchcO6GTmSFyoHrRAkfu2flaKYrQHPk+rIerekYO4Cto9sqaWLgaSigpS8=,iv:no1xNRVqsKzAN6ssYA0Ir+utOM9tg8OBUT9PY2v0HPA=,tag:lZj1wEPFWHaf52N7YHEQKQ==,type:str]",
 	"wg-monitoring": "ENC[AES256_GCM,data:dTKKeieaGvECkHUpATLorhOgr9Re5CAH25y1WTcSqJZDsvnwD4CBbqMv2QQ=,iv:u1n1wyAW5aNcVYfGN8BmrEhIhtA3EfRDBNu65IdBZMI=,tag:RJYgOpel9uy6dC72MmqS5A==,type:str]",
 	"monitoring-htpasswd": "ENC[AES256_GCM,data:0uQ+Gwedi9kTaOzrwVzkNkS9qL0Dwmph1leK2sj/TndfSn3yaq7ur7ZHoPjWUl5Oy1poxU2rIUxWHajYC0n3yHv2AuGT,iv:FyH4MHcgW5iHkAsahNFtshnqqPOMlukg8aYfhcN9onw=,tag:q3BsnyKLrKYi/xDP6GmSkA==,type:str]",
 	"zte-hypermobile-5g-password": "ENC[AES256_GCM,data:lqxQICmWYwMejn8=,iv:TPYOs/cL/ETw7Ee0+YG/+Fhd7ASi0kr4rDLEiste+2Y=,tag:6O6AXIHkIjPm7hJVC4Y/1g==,type:str]",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": [
 			{
 				"recipient": "age1fffvnazdv3ys9ww8v4g832hv5nkvnk6d728syerzvpgskfmfkq8q00whpv",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUF5dkRwdXRmUkJ1SXN5\nLzdOVkhWYUJGdFd4Qklsa1BXeVZlTGx0eDE0ClZmYWNLMEVzaVVXWGkwQUt5ZHF5\nS1c5OU9PWjBTelM5R2phNFdVNncxUUkKLS0tIDlwSXFyZWNVT1dtdGU5dVFSRHNE\nUUpJZHJZRTd6TnBUU2dCWW90UTRVb0UKCWrHWmQTNhez16wgEKj4EQA4+UBRmGQn\n+NHSjBCMBmmTdHb05nENYVK515Z0T/60+9N3VlNyHWS9IgC3mZRUBg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-09-08T21:03:41Z",
+		"lastmodified": "2024-04-21T16:03:13Z",
-		"mac": "ENC[AES256_GCM,data:ztS/Z6mn8hFAPsks2evJRJFocw/3oz22O2HeSEkY7Mu+bfNvClsJuvuTbnDadB0IwKiLDFWRMGs/UPFmNP6J/euro4cFHDWXopdXg7eDFGDoJDKIg4fBUtofdXIqWvDoQ9LeZNvc5Z4EEQYhs3LwFnAU0x15acwIIxr5TB9l8g8=,iv:WVjavmcrEs2CyYTfoTTP44c9TqFubUdE+PBN2jRPR+s=,tag:fBXzU69Q9MwD3o/Nyu5OZA==,type:str]",
+		"mac": "ENC[AES256_GCM,data:fA8fhOZbX30TYgwZXB7sQDNmck0JRDyAnEXf5nCYtli/Qvs78fTs4DdC08VOpOni8uAVARkFsGSo6Fjo/MpTSDVA8VNYZig/we/bWF+LQlEMCmiqwOI1R6eQ3GPxcRXltlO2aPPlT9BpLwIVZjGGjIsmjpVE8xjkCbLUUqj+UxY=,iv:fHLyw96QLVRrAQky2kR7TDDxf8CNXDV9lVQ5RETzJEI=,tag:y+cG9u3d6vCUmPyNMDRWpA==,type:str]",
 		"pgp": [
 			{
 				"created_at": "2024-04-21T16:02:41Z",
@@ -22,4 +24,4 @@
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.8.1"
 	}
-}
+}
--- a/pkgs/bijwerken-system-upgrade/bijwerken-system-upgrade.sh
+++ b/pkgs/bijwerken-system-upgrade/bijwerken-system-upgrade.sh
@@ -40,7 +40,7 @@ if [[ -z $NO_CONFIRM ]]; then
 fi
 echo "Download ${STORE_PATH}"
-nix copy --to daemon "${STORE_PATH}"
+nix copy --from "https://nix-cache.clerie.de" "${STORE_PATH}"
 echo "Add to system profile"
 nix-env -p "/nix/var/nix/profiles/system" --set "${STORE_PATH}"
--- a/pkgs/curl-timings/curl-timings.sh
+++ b/pkgs/curl-timings/curl-timings.sh
@@ -1,16 +0,0 @@
 #!/usr/bin/env bash
 curl -w "Request to %{url}
 time_namelookup: %{time_namelookup}s
 time_connect: %{time_connect}s
 time_appconnect: %{time_appconnect}s
 time_pretransfer: %{time_pretransfer}s
 time_starttransfer: %{time_starttransfer}s
 time_posttransfer: %{time_posttransfer}s
 time_queue: %{time_queue}s
 time_redirect: %{time_redirect}s
 time_starttransfer: %{time_starttransfer}s
 time_total: %{time_total}s
 " -o /dev/null -s "$@"
--- a/pkgs/curl-timings/default.nix
+++ b/pkgs/curl-timings/default.nix
@@ -1,12 +0,0 @@
 {
  curl,
  writeShellApplication,
 }:
 writeShellApplication {
  name = "curl-timings";
  text = builtins.readFile ./curl-timings.sh;
  runtimeInputs = [
    curl
  ];
 }
--- a/pkgs/grow-last-partition-and-filesystem/default.nix
+++ b/pkgs/grow-last-partition-and-filesystem/default.nix
@@ -1,17 +0,0 @@
 {
  e2fsprogs,
  jq,
  parted,
  writeShellApplication,
 }:
 writeShellApplication {
  name = "grow-last-partition-and-filesystem";
  text = builtins.readFile ./grow-last-partition-and-filesystem.sh;
  runtimeInputs = [
    e2fsprogs
    jq
    parted
  ];
 }
--- a/pkgs/grow-last-partition-and-filesystem/grow-last-partition-and-filesystem.sh
+++ b/pkgs/grow-last-partition-and-filesystem/grow-last-partition-and-filesystem.sh
@@ -1,29 +0,0 @@
 #!/usr/bin/env bash
 set -euo pipefail
 if [[ $# -ne 1 ]]; then
 	echo "Pass device to grow as first argument:"
 	echo "grow-last-partition-and-filesystem DEVICE"
 	exit 1
 fi
 DEVICE="$1"
 PARTITIONDATA="$(parted --script --json --fix "${DEVICE}" print)"
 PARTNUMBER="$(echo "${PARTITIONDATA}" | jq -r '.disk.partitions | last | .number')"
 PARTNAME="$(echo "${PARTITIONDATA}" | jq -r '.disk.partitions | last | .name')"
 echo "Growing partition ${DEVICE}${PARTNUMBER} (${PARTNAME})"
 echo
 parted "${DEVICE}" resizepart "${PARTNUMBER}" 100%
 echo
 echo "Resizing filesystem"
 echo
 resize2fs "${DEVICE}${PARTNUMBER}"
 echo "Done."
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -12,7 +12,6 @@ final: prev: {
  clerie-sops-edit = final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
  clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
  chromium-incognito = final.callPackage ./chromium-incognito {};
  curl-timings = final.callPackage ./curl-timings {};
  factorio-launcher = final.callPackage ./factorio-launcher {};
  feeds-dir = final.callPackage ./feeds-dir {};
  generate-blocked-prefixes = final.callPackage ./generate-blocked-prefixes {};
@@ -20,7 +19,6 @@ final: prev: {
  git-diff-word = final.callPackage ./git-diff-word {};
  git-pp = final.callPackage ./git-pp {};
  git-show-link = final.callPackage ./git-show-link {};
  grow-last-partition-and-filesystem = final.callPackage ./grow-last-partition-and-filesystem {};
  nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
  nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
  nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};