mynix/system
1
1
Fork 0
Code Issues Pull requests Activity

update deps

Browse source
This commit is contained in:
Dmitriy Pleshevskiy 2025-02-19 00:30:50 +03:00
parent e36b892ecb
commit dede695e65
Signed by: pleshevskiy
GPG key ID: 17041163DA10A9A2
3 changed files with 21 additions and 32 deletions
flake.lock
hosts/istal/services
renovate.nix
modules/nixos/configs
system.nix

24
flake.lock generated
View file

@ -118,11 +118,11 @@
},
"hardware": {
"locked": {
"lastModified": 1737751639,
"narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=",
"lastModified": 1739798439,
"narHash": "sha256-GyipmjbbQEaosel/+wq1xihCKbv0/e1LU00x/8b/fP4=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4",
"rev": "3e2ea8a49d4d76276b0f4e2041df8ca5c0771371",
"type": "github"
},
"original": {
@ -181,11 +181,11 @@
]
},
"locked": {
"lastModified": 1736373539,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"lastModified": 1739757849,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
"type": "github"
},
"original": {
@ -324,11 +324,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1738009863,
"narHash": "sha256-KxmFlQ2j9PpDhKRXWu85bv3R2wmfkUqdpJhEwz9JN/E=",
"lastModified": 1739863612,
"narHash": "sha256-UbtgxplOhFcyjBcNbTVO8+HUHAl/WXFDOb6LvqShiZo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f898cbfddfab52593da301a397a17d0af801bbc3",
"rev": "632f04521e847173c54fa72973ec6c39a371211c",
"type": "github"
},
"original": {
@ -340,11 +340,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1738023785,
"narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=",
"lastModified": 1739758141,
"narHash": "sha256-uq6A2L7o1/tR6VfmYhZWoVAwb3gTy7j4Jx30MIrH0rE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2b4230bf03deb33103947e2528cac2ed516c5c89",
"rev": "c618e28f70257593de75a7044438efc1c1fc0791",
"type": "github"
},
"original": {

18
hosts/istal/services/renovate.nix
View file

@ -1,21 +1,5 @@
{ config, pkgs, ... }:
let
latestRenovate = pkgs.unstable.renovate.overrideAttrs (finalAttrs: prevAttrs: {
version = "39.138.0";
src = pkgs.fetchFromGitHub {
owner = "renovatebot";
repo = "renovate";
tag = finalAttrs.version;
hash = "sha256-kSN5rrVWBhko0MNLbaD/hHl7nJsLErfKsgxNT1/X79A=";
};
pnpmDeps = pkgs.pnpm_9.fetchDeps {
inherit (finalAttrs) pname version src;
hash = "sha256-yOKQjbU7PMUaBFBNsYQMSj1kT/f4FezdcNvjgeeXNNg=";
};
});
in
{
age.secrets.renovate-gitea-token.file = ./renovate-gitea-token.age;
age.secrets.renovate-github-token.file = ./renovate-github-token.age;
@ -34,7 +18,7 @@ in
services.renovate = {
enable = true;
package = latestRenovate;
package = pkgs.unstable.renovate;
schedule = "0..2,10..23:00";
credentials = {
RENOVATE_TOKEN = config.age.secrets.renovate-gitea-token.path;

11
modules/nixos/configs/system.nix
View file

@ -2,11 +2,14 @@
let
headlessProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/headless.nix" args;
hardenedProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/hardened.nix" args;
cfg = config.local.system;
in
{
imports = [
"${inputs.nixpkgs-unstable}/nixos/modules/profiles/hardened.nix"
];
options.local.system = with lib; {
kernel = mkOption {
type = types.enum [ "hardened" "stable" "latest" ];
@ -17,6 +20,7 @@ in
config = lib.mkMerge [
{
profiles.hardened = lib.mkDefault false;
boot.tmp.cleanOnBoot = true;
}
@ -27,7 +31,8 @@ in
))
(lib.mkIf (cfg.kernel == "hardened") (
hardenedProfile // {
{
profiles.hardened = true;
boot.kernelPackages = pkgs.unstable.linuxPackages_6_6_hardened;
# Fix for GLIBC errors due to 'scudo' from hardened profile.
# https://github.com/NixOS/nix/issues/6563
@ -40,7 +45,7 @@ in
})
(lib.mkIf (cfg.kernel == "stable") {
boot.kernelPackages = pkgs.unstable.linuxPackages_6_12;
boot.kernelPackages = pkgs.unstable.linuxPackages_6_13;
})
(lib.mkIf (cfg.kernel == "latest") {