diff --git a/.github/workflows/update.yaml b/.github/workflows/update.yaml index 05e742ef..b9869d7f 100644 --- a/.github/workflows/update.yaml +++ b/.github/workflows/update.yaml @@ -10,7 +10,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix - uses: cachix/install-nix-action@v26 + uses: cachix/install-nix-action@v25 with: nix_path: nixpkgs=channel:nixos-unstable extra_nix_config: | diff --git a/config/desktop.nix b/config/desktop.nix index d1008d37..be5cee44 100644 --- a/config/desktop.nix +++ b/config/desktop.nix @@ -139,7 +139,6 @@ in { wl-clipboard #plasma5Packages.thirdParty.lightly ]; - programs.gnupg.agent.pinentryFlavor = "qt"; xdg.portal = { enable = true; diff --git a/config/home-manager/base.nix b/config/home-manager/base.nix index cb0e3473..1637ba8a 100644 --- a/config/home-manager/base.nix +++ b/config/home-manager/base.nix @@ -91,7 +91,7 @@ desktop: {pkgs, ...}: { programs.eza = { enable = true; - enableAliases = true; + enableZshIntegration = true; }; programs.bat = { diff --git a/config/programs/gpg.nix b/config/programs/gpg.nix index dfbdd11c..fca0a57a 100644 --- a/config/programs/gpg.nix +++ b/config/programs/gpg.nix @@ -49,6 +49,5 @@ }; services.gpg-agent = { enable = true; - pinentryFlavor = "qt"; }; } diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix index fa44a444..4d2dc3b7 100644 --- a/config/services/akkoma/default.nix +++ b/config/services/akkoma/default.nix @@ -279,12 +279,6 @@ in { }; systemd.services.pleroma.path = with pkgs; [exiftool imagemagick ffmpeg]; services.postgresql.ensureDatabases = ["akkoma"]; - services.postgresql.ensureUsers = [ - { - name = "akkoma"; - ensurePermissions = {"DATABASE akkoma" = "ALL PRIVILEGES";}; - } - ]; sops.secrets."services/akkoma.exs" = {owner = "akkoma";}; sops.secrets."services/bunny-key".owner = "akkoma"; services.caddy.virtualHosts."akko.chir.rs" = { diff --git a/config/services/atticd.nix b/config/services/atticd.nix index 7c327d08..5ab089bd 100644 --- a/config/services/atticd.nix +++ b/config/services/atticd.nix @@ -40,14 +40,6 @@ services.postgresql.ensureDatabases = [ "attic" ]; - services.postgresql.ensureUsers = [ - { - name = "atticd"; - ensurePermissions = { - "DATABASE attic" = "ALL PRIVILEGES"; - }; - } - ]; services.caddy.virtualHosts."attic.chir.rs" = { useACMEHost = "chir.rs"; logFormat = lib.mkForce ""; diff --git a/config/services/dovecot.nix b/config/services/dovecot.nix index d6cc8f9e..54ca43f4 100644 --- a/config/services/dovecot.nix +++ b/config/services/dovecot.nix @@ -143,14 +143,6 @@ in { }; sops.secrets."services/dovecot/rspamd_password" = {owner = "dovecot";}; sops.secrets."services/dovecot/dovecot-sql.conf.ext" = {owner = "dovecot";}; - services.postgresql.ensureUsers = [ - { - name = "dovecot"; - ensurePermissions = { - "DATABASE \"postfix\"" = "CONNECT"; - }; - } - ]; networking.firewall.allowedTCPPorts = [ 110 # POP3 143 # IMAP diff --git a/config/services/gitea.nix b/config/services/gitea.nix index 00a9cc71..69f61c73 100644 --- a/config/services/gitea.nix +++ b/config/services/gitea.nix @@ -81,12 +81,6 @@ }; services.postgresql.ensureDatabases = ["gitea"]; - services.postgresql.ensureUsers = [ - { - name = "gitea"; - ensurePermissions = {"DATABASE gitea" = "ALL PRIVILEGES";}; - } - ]; services.redis.servers.gitea = { enable = true; diff --git a/config/services/matrix-media-repo.nix b/config/services/matrix-media-repo.nix index 9c319e8e..a95455ea 100644 --- a/config/services/matrix-media-repo.nix +++ b/config/services/matrix-media-repo.nix @@ -165,14 +165,6 @@ in { services.postgresql.ensureDatabases = [ "matrix_media_repo" ]; - services.postgresql.ensureUsers = [ - { - name = "matrix-media-repo"; - ensurePermissions = { - "DATABASE matrix_media_repo" = "ALL PRIVILEGES"; - }; - } - ]; services.caddy.virtualHosts."matrix.chir.rs" = { useACMEHost = "chir.rs"; logFormat = pkgs.lib.mkForce ""; diff --git a/config/services/matrix-sliding-sync.nix b/config/services/matrix-sliding-sync.nix index 2e6f0ef6..58309612 100644 --- a/config/services/matrix-sliding-sync.nix +++ b/config/services/matrix-sliding-sync.nix @@ -32,14 +32,6 @@ }; users.groups.sliding-sync = {}; services.postgresql.ensureDatabases = ["sliding_sync"]; - services.postgresql.ensureUsers = [ - { - name = "sliding-sync"; - ensurePermissions = { - "DATABASE sliding_sync" = "ALL PRIVILEGES"; - }; - } - ]; services.caddy.virtualHosts."sliding-sync.chir.rs" = { useACMEHost = "chir.rs"; diff --git a/config/services/mautrix-discord.nix b/config/services/mautrix-discord.nix index d3ecfba7..0f3db814 100644 --- a/config/services/mautrix-discord.nix +++ b/config/services/mautrix-discord.nix @@ -63,12 +63,4 @@ services.postgresql.ensureDatabases = [ "mautrix_discord" ]; - services.postgresql.ensureUsers = [ - { - name = "mautrix-discord"; - ensurePermissions = { - "DATABASE mautrix_discord" = "ALL PRIVILEGES"; - }; - } - ]; } diff --git a/config/services/mautrix-signal.nix b/config/services/mautrix-signal.nix index 4e7aa373..e0eaa19f 100644 --- a/config/services/mautrix-signal.nix +++ b/config/services/mautrix-signal.nix @@ -57,12 +57,4 @@ services.postgresql.ensureDatabases = [ "mautrix_signal" ]; - services.postgresql.ensureUsers = [ - { - name = "mautrix-signal"; - ensurePermissions = { - "DATABASE mautrix_signal" = "ALL PRIVILEGES"; - }; - } - ]; } diff --git a/config/services/mautrix-telegram.nix b/config/services/mautrix-telegram.nix index f62422ae..c2c348c0 100644 --- a/config/services/mautrix-telegram.nix +++ b/config/services/mautrix-telegram.nix @@ -67,12 +67,4 @@ services.postgresql.ensureDatabases = [ "mautrix_telegram" ]; - services.postgresql.ensureUsers = [ - { - name = "mautrix-telegram"; - ensurePermissions = { - "DATABASE mautrix_telegram" = "ALL PRIVILEGES"; - }; - } - ]; } diff --git a/config/services/mautrix-whatsapp.nix b/config/services/mautrix-whatsapp.nix index b40b29fa..caca981a 100644 --- a/config/services/mautrix-whatsapp.nix +++ b/config/services/mautrix-whatsapp.nix @@ -63,12 +63,4 @@ services.postgresql.ensureDatabases = [ "mautrix_whatsapp" ]; - services.postgresql.ensureUsers = [ - { - name = "mautrix-whatsapp"; - ensurePermissions = { - "DATABASE mautrix_whatsapp" = "ALL PRIVILEGES"; - }; - } - ]; } diff --git a/config/services/postfix.nix b/config/services/postfix.nix index aa749624..0c0141e6 100644 --- a/config/services/postfix.nix +++ b/config/services/postfix.nix @@ -54,14 +54,6 @@ smtputf8_enable = "yes"; }; }; - services.postgresql.ensureUsers = [ - { - name = "postfix"; - ensurePermissions = { - "DATABASE \"postfix\"" = "CONNECT"; - }; - } - ]; sops.secrets."services/postfix/virtual_alias_domains.cf" = {owner = "postfix";}; sops.secrets."services/postfix/virtual_alias_maps.cf" = {owner = "postfix";}; sops.secrets."services/postfix/virtual_mailbox_domains.cf" = {owner = "postfix";}; diff --git a/config/services/postfixadmin.nix b/config/services/postfixadmin.nix index cf457a07..bd022c74 100644 --- a/config/services/postfixadmin.nix +++ b/config/services/postfixadmin.nix @@ -27,14 +27,6 @@ owner = "postfixadmin"; }; services.postgresql.ensureDatabases = ["postfix"]; - services.postgresql.ensureUsers = [ - { - name = "postfixadmin"; - ensurePermissions = { - "DATABASE \"postfix\"" = "ALL PRIVILEGES"; - }; - } - ]; services.caddy.virtualHosts."mail.chir.rs" = { useACMEHost = "chir.rs"; logFormat = pkgs.lib.mkForce ""; diff --git a/config/services/synapse.nix b/config/services/synapse.nix index 43cd4154..6f226f8d 100644 --- a/config/services/synapse.nix +++ b/config/services/synapse.nix @@ -124,14 +124,6 @@ services.postgresql.ensureDatabases = [ "synapse" ]; - services.postgresql.ensureUsers = [ - { - name = "matrix-synapse"; - ensurePermissions = { - "DATABASE synapse" = "ALL PRIVILEGES"; - }; - } - ]; systemd.services.matrix-synapse.serviceConfig.ExecStartPre = lib.mkForce (pkgs.writeShellScript "dummy" "true"); services.caddy.virtualHosts."matrix.int.chir.rs" = { diff --git a/config/users/darkkirb.nix b/config/users/darkkirb.nix index 4c62e7c1..d213e99e 100644 --- a/config/users/darkkirb.nix +++ b/config/users/darkkirb.nix @@ -22,10 +22,4 @@ neededForUsers = true; }; services.postgresql.ensureDatabases = ["darkkirb"]; - services.postgresql.ensureUsers = [ - { - name = "darkkirb"; - ensurePermissions = {"DATABASE darkkirb" = "ALL PRIVILEGES";}; - } - ]; } diff --git a/config/users/miifox.nix b/config/users/miifox.nix index 740d7e37..d4c0f185 100644 --- a/config/users/miifox.nix +++ b/config/users/miifox.nix @@ -22,12 +22,6 @@ MemoryMax = "1.1G"; }; services.postgresql.ensureDatabases = ["miifox"]; - services.postgresql.ensureUsers = [ - { - name = "miifox"; - ensurePermissions = {"DATABASE miifox" = "ALL PRIVILEGES";}; - } - ]; services.caddy.virtualHosts."miifox.net" = { useACMEHost = "miifox.net"; logFormat = pkgs.lib.mkForce ""; diff --git a/flake.lock b/flake.lock index 41e68a04..38d40979 100644 --- a/flake.lock +++ b/flake.lock @@ -182,11 +182,11 @@ ] }, "locked": { - "lastModified": 1708939976, - "narHash": "sha256-O5+nFozxz2Vubpdl1YZtPrilcIXPcRAjqNdNE8oCRoA=", + "lastModified": 1710156081, + "narHash": "sha256-4PMY6aumJi5dLFjBzF5O4flKXmadMNq3AGUHKYfchh0=", "owner": "numtide", "repo": "devshell", - "rev": "5ddecd67edbd568ebe0a55905273e56cc82aabe3", + "rev": "bc68b058dc7e6d4d6befc4ec6c60082b6e844b7d", "type": "github" }, "original": { @@ -266,11 +266,11 @@ ] }, "locked": { - "lastModified": 1709817367, - "narHash": "sha256-p6MRUN5PYW+t3OfVzjAQKurgCQ/51CJklQSTBTN+iBs=", + "lastModified": 1710332687, + "narHash": "sha256-mlYRkSBboiojBO0Uyqv7faOmoAlJKHXF4VBznm01nbI=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "cc7d712c3fea410b1f6620071ade30f80fd0c133", + "rev": "9636cc748b18a93719dd4aae1b3c0b95a8ad47be", "type": "github" }, "original": { @@ -431,11 +431,11 @@ ] }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -476,11 +476,11 @@ ] }, "locked": { - "lastModified": 1709764752, - "narHash": "sha256-+lM4J4JoJeiN8V+3WSWndPHj1pJ9Jc1UMikGbXLqCTk=", + "lastModified": 1710349883, + "narHash": "sha256-bjbdS2mC76xNJwt1d/uZa+JdHR8CCyYbF4Ey/NgOJus=", "owner": "nix-community", "repo": "home-manager", - "rev": "cf111d1a849ddfc38e9155be029519b0e2329615", + "rev": "2f0db7d418e781354d8a3c50e611e3b1cd413087", "type": "github" }, "original": { @@ -518,11 +518,11 @@ ] }, "locked": { - "lastModified": 1709467759, - "narHash": "sha256-ojIpNROGKk56wyvpMAlBVor3CvPez3pFMORrocxW4io=", + "lastModified": 1710184940, + "narHash": "sha256-FzYm4td3FJfzOAuEkCXt3KdUgZuA072OAQXqIq+IAMo=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "206e40afdc468d0658e30e1644e2473dc6285cf2", + "rev": "45b75bf534592c0c1c881a1c447f7fdb37a87eaf", "type": "github" }, "original": { @@ -684,11 +684,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1709428394, - "narHash": "sha256-WIDKofwDWFLHtk14MdBiRiM8Lxn+OByHYtybjSU/18Q=", + "lastModified": 1710310905, + "narHash": "sha256-D7f1CTKO8AZupjvymvrgCm3PY1x79IMrTqvppNyVjnY=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "1f3fa3b398051c815e8500d4c4fe794ecfdee328", + "rev": "dcae53055d404ee74a8273276d4b8731718574a9", "type": "github" }, "original": { @@ -748,11 +748,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1709410583, - "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", + "lastModified": 1710123225, + "narHash": "sha256-j3oWlxRZxB7cFsgEntpH3rosjFHRkAo/dhX9H3OfxtY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", + "rev": "ad2fd7b978d5e462048729a6c635c45d3d33c9ba", "type": "github" }, "original": { @@ -818,11 +818,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709356872, - "narHash": "sha256-mvxCirJbtkP0cZ6ABdwcgTk0u3bgLoIoEFIoYBvD6+4=", + "lastModified": 1710252211, + "narHash": "sha256-hQChQpB4LDBaSrNlD6DPLhU9T+R6oyxMCg2V+S7Y1jg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "458b097d81f90275b3fdf03796f0563844926708", + "rev": "7eeacecff44e05a9fd61b9e03836b66ecde8a525", "type": "github" }, "original": { @@ -834,11 +834,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1709834699, - "narHash": "sha256-E11e17fBcVJTZFA908qDWHJFbAAXAdx7/Hl+YUIJv5E=", + "lastModified": 1710352901, + "narHash": "sha256-2W2XVH7LwPHexpSBbd/zhL1PjsjtyAp2t25PjaD6lIw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eeeb7cb7500e00eb2ca19eb2f72a360deecac6dd", + "rev": "b85d17fbc21d207dbd9a432c7b6b814eb597ef02", "type": "github" }, "original": { @@ -887,11 +887,11 @@ ] }, "locked": { - "lastModified": 1709777204, - "narHash": "sha256-ORUtu+GmrQwNc51mCIjxa/8DdOS901npphBL7k5aXX0=", + "lastModified": 1710295923, + "narHash": "sha256-B7wIarZOh5nNnj4GTOOYcxAwVGTO8y0dRSOzd6PtYE8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "7fdb7a7a846dc1f407cd6b24af04a0b8d018c3de", + "rev": "a30facbf72f29e5c930f394f637559f46a855e8b", "type": "github" }, "original": { @@ -910,11 +910,11 @@ ] }, "locked": { - "lastModified": 1709711091, - "narHash": "sha256-L0rSIU9IguTG4YqSj4B/02SyTEz55ACq5t8gXpzteYc=", + "lastModified": 1710195194, + "narHash": "sha256-KFxCJp0T6TJOz1IOKlpRdpsCr9xsvlVuWY/VCiAFnTE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "25dd60fdd08fcacee2567a26ba6b91fe098941dc", + "rev": "e52d8117b330f690382f1d16d81ae43daeb4b880", "type": "github" }, "original": {