update to 24.05

hosts/box/configuration.nix

@@ -91,7 +91,7 @@
   sound.enable = false;
 
   programs.gnupg.agent.enable = true;
-  programs.gnupg.agent.pinentryFlavor = "curses";
+  programs.gnupg.agent.pinentryPackage = pkgs.pinentry-curses;
   programs.gnupg.agent.enableSSHSupport = true;
 
   # This value determines the NixOS release with which your system is to be

hosts/box/default.nix

@@ -24,7 +24,8 @@
     # ../profiles/woodpecker-agent
     # ../profiles/jellyfin
     ../profiles/ulogger-server
-    ../profiles/photoprism
+    ../profiles/photoprism # Replace with immich
+    ../profiles/gpodder
     #../profiles/postgres_upgrade_script
   ];
 

hosts/curve/configuration.nix

@@ -36,5 +36,5 @@
 
   sound.enable = true;
 
-  services.xserver.libinput.enable = true;
+  services.libinput.enable = true;
 }

hosts/curve/default.nix

@@ -33,7 +33,7 @@
   };
 
   programs.gnupg.agent.enable = true;
-  programs.gnupg.agent.pinentryFlavor = "gnome3";
+  programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gnome3;
 
   fileSystems."/mnt/ftp" = {
     device = "192.168.1.240:/home/ftp";

hosts/profiles/core/default.nix

@@ -32,7 +32,7 @@ in
   };
 
   environment.systemPackages = with pkgs; [
-    pinentry-gnome
+    pinentry-gnome3
     cached-nix-shell
   ];
 

hosts/profiles/desktop/default.nix

@@ -77,7 +77,6 @@ in
     feh
     sxiv
     xkblayout-state
-    vcv-rack
     zathura
     calibre
     mpv
@@ -87,7 +86,6 @@ in
     rofi
     rofimoji
     rofi-calc
-    # eww
     obs-studio
     lightdm
     dunst
@@ -121,15 +119,15 @@ in
         night = 3700;
       };
     };
+    displayManager.defaultSession = "none+bspwm";
     xserver = {
       enable = true;
       # TODO should be xkb.layout
-      layout = "us";
+      xkb.layout = "us";
       # xkb.variant = "dvorak";
       desktopManager.wallpaper.mode = "fill";
       displayManager = {
         # startx.enable = true;
-        defaultSession = "none+bspwm";
         sessionCommands = ''
           ${pkgs.xorg.xrdb}/bin/xrdb -merge <<EOF
           #define blk  #1F2430

hosts/profiles/finance/default.nix

@@ -4,7 +4,7 @@
   services.paperless = {
     enable = false;
     consumptionDirIsPublic = true;
-    extraConfig.PAPERLESS_AUTO_LOGIN_USERNAME = "admin";
+    settings.PAPERLESS_AUTO_LOGIN_USERNAME = "admin";
   };
 
   environment.systemPackages = [

hosts/profiles/gitea/default.nix

@@ -4,15 +4,14 @@
   age.secrets.gitea-dbpass.file = "${self}/secrets/gitea-dbpass.age";
   age.secrets.gitea-dbpass.owner = "gitea";
 
-  services.gitea = {
+  services.forgejo = {
     enable = true;
-    package = pkgs.forgejo;
-    appName = "Sealight Git Forge";
     database = {
       type = "postgres";
       passwordFile = "/run/agenix/gitea-dbpass";
     };
     settings = {
+      DEFAULT.APP_NAME = "Sealight Git Forge";
       server = {
         DOMAIN = "git.sealight.xyz";
         ROOT_URL = "https://git.sealight.xyz";
@@ -24,6 +23,7 @@
       repository = {
         DEFAULT_BRANCH = "main";
       };
+      service.DISABLE_REGISTRATION = true;
       "markup.restructuredtext" = {
         ENABLED = true;
         FILE_EXTENSIONS = ".rst";

hosts/profiles/gonic/default.nix

@@ -5,16 +5,17 @@
     music-path /mnt/two/music/
     podcast-path /data/podcasts
     cache-path /data/cache
+    playlists-path /data/playlists
   '';
-  mossnet.gonic.user = "headphones";
+  mossnet.gonic.user = "gonic";
   mossnet.gonic.group = "audio";
   networking.firewall.allowedTCPPorts = [ 4747 ];
 
   users.users.gonic = {
-    uid = config.ids.uids.headphones;
+    # uid = config.ids.uids.headphones;
     # isSystemUser = true;
     group = "audio";
-    home = "/var/lib/headphones";
+    # home = "/var/lib/headphones";
     createHome = true;
   };
 }

hosts/profiles/gonic/module-gonic.nix

@@ -68,14 +68,10 @@ in
         Group = cfg.group;
         DevicePolicy = "closed";
         NoNewPrivileges = " yes";
-        PrivateTmp = "yes";
-        PrivateUsers = "yes";
         ProtectControlGroups = "yes";
         ProtectKernelModules = "yes";
         ProtectKernelTunables = "yes";
         RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
-        RestrictNamespaces = "yes";
-        RestrictRealtime = "yes";
         SystemCallFilter = "~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap";
         ReadWritePaths = dataFolder;
         StateDirectory = baseNameOf dataFolder;

hosts/profiles/rss-bridge/default.nix

@@ -3,7 +3,7 @@
   services.rss-bridge = {
     enable = true;
     virtualHost = "bridge.sealight.xyz";
-    whitelist = [ "Facebook" "Bandcamp" "Twitter" "Telegram" "Instagram" "Reddit" ];
+    config.system.enabled_bridges = [ "Facebook" "Bandcamp" "Twitter" "Telegram" "Instagram" "Reddit" ];
   };
 
   services.nginx.virtualHosts."bridge.sealight.xyz".forceSSL = true;

hosts/profiles/sync/website/default.nix

@@ -6,7 +6,7 @@
     path = [
       pkgs.git
       pkgs.coreutils
-      pkgs.nixUnstable
+      pkgs.nixVersions.latest
       pkgs.openssh
       pkgs.deploy
     ];