nixpkgs/nix update

Author: disassembler

flake.lock

@@ -2,14 +2,14 @@
   description = "Disassembler Network";
   inputs = {
     flake-utils.url = "github:numtide/flake-utils";
-    nix.url = "github:NixOS/nix/2.8.0";
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
-    nixpkgs-2111.follows = "cardano-node/haskellNix/nixpkgs-2111";
-    nixpkgs-2105.follows = "cardano-node/haskellNix/nixpkgs-2105";
-    cardano-node.url = "github:input-output-hk/cardano-node/1.35.0-rc4";
+    nix.url = "github:NixOS/nix/2.12.0";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
+    #nixpkgs-2111.follows = "cardano-node/haskellNix/nixpkgs-2111";
+    #nixpkgs-2105.follows = "cardano-node/haskellNix/nixpkgs-2105";
+    cardano-node.url = "github:input-output-hk/cardano-node/1.35.4";
     #cardano-node.inputs.nixpkgs.follows = "haskellNix/nixpkgs-2105";
     #cardano-addresses.url = "github:input-output-hk/cardano-addresses";
-    haskellNix.url = "github:input-output-hk/haskell.nix/14f740c7c8f535581c30b1697018e389680e24cb";
+    #haskellNix.url = "github:input-output-hk/haskell.nix/14f740c7c8f535581c30b1697018e389680e24cb";
     #cardano-db-sync.url = "github:input-output-hk/cardano-db-sync";
     adawallet.url = "github:input-output-hk/adawallet";
     #adawallet.inputs.cardano-addresses.follows = "cardano-addresses";

flake.nix

@@ -17,7 +17,7 @@ in
   nodes = {
     optina = mkNode "optina" "10.40.33.20" true;
     portal = mkNode "portal" "10.40.33.1" true;
-    sarov  = mkNode "sarov" "10.40.33.197" true;
+    sarov  = mkNode "sarov" "10.40.33.183" true;
     valaam = mkNode "valaam" "10.40.33.21" true;
     prod01 = mkNode "prod01" "45.76.4.212" false;
     prod03 = mkNode "prod03" "45.63.23.13" false;

nixos/deploy.nix

@@ -260,7 +260,7 @@ in
       };
     };
     matterbridge = {
-      enable = true;
+      enable = false;
       configPath = "/etc/nixos/matterbridge.toml";
     };
     minecraft-bedrock-server.enable = true;

nixos/optina/configuration.nix

@@ -1,9 +1,9 @@
-{ stdenv, fetchurl, patchelf, openssl, unzip, lib, zlib }:
+{ stdenv, fetchurl, patchelf, openssl, unzip, lib, zlib, curl }:
 
 let
-  version = "1.18.32.02";
-  sha256 = "sha256-rp7lEqloNcYl6YnXKK06+UDU9xgWtEcZDeCNzsoxPe8=";
-  rpath = lib.makeLibraryPath [ zlib openssl stdenv.cc.cc ];
+  version = "1.19.51.01";
+  sha256 = "sha256-DffMcl579TXwdkmYw8emBmvhI+G5wdBVNDdXQ13DJ+Y=";
+  rpath = lib.makeLibraryPath [ zlib openssl stdenv.cc.cc curl ];
 in
 stdenv.mkDerivation rec {
   name = "${pname}-${version}";

nixos/optina/minecraft-bedrock.nix

@@ -350,6 +350,9 @@ in
     };
     dnsmasq = {
       enable = true;
+      extraConfig = ''
+        address=/hivebedrock.network/10.40.33.20
+      '';
     };
     tftpd = {
       enable = true;
@@ -524,63 +527,63 @@ in
         ];
       };
     };
-    openvpn = {
-      servers = {
-        wedlake = {
-          config = ''
-            dev tun
-            proto udp
-            port 1194
-            tun-ipv6
-            ca /var/lib/openvpn/ca.crt
-            cert /var/lib/openvpn/crate.wedlake.lan.crt
-            key /var/lib/openvpn/crate.wedlake.lan.key
-            dh /var/lib/openvpn/dh2048.pem
-            server 10.40.12.0 255.255.255.0
-            server-ipv6 2601:98a:4101:bff3::/64
-            push "route 10.40.33.0 255.255.255.0"
-            push "route-ipv6 2000::/3"
-            push "dhcp-option DNS 10.40.12.1"
-            duplicate-cn
-            keepalive 10 120
-            tls-auth /var/lib/openvpn/ta.key 0
-            comp-lzo
-            user openvpn
-            group root
-            persist-key
-            persist-tun
-            status openvpn-status.log
-            verb 3
-          '';
-        };
-        guest = {
-          config = ''
-            dev ovpn-guest
-            dev-type tun
-            proto udp
-            port 1195
-            tun-ipv6
-            ca /var/lib/openvpn/ca.crt
-            cert /var/lib/openvpn/crate.wedlake.lan.crt
-            key /var/lib/openvpn/crate.wedlake.lan.key
-            dh /var/lib/openvpn/dh2048.pem
-            server 10.40.13.0 255.255.255.0
-            push "redirect-gateway def1"
-            push "dhcp-option DNS 8.8.8.8"
-            duplicate-cn
-            keepalive 10 120
-            tls-auth /var/lib/openvpn/ta-guest.key 0
-            comp-lzo
-            user openvpn
-            group root
-            persist-key
-            persist-tun
-            status openvpn-status.log
-            verb 3
-          '';
-        };
-      };
-    };
+    #openvpn = {
+    #  servers = {
+    #    wedlake = {
+    #      config = ''
+    #        dev tun
+    #        proto udp
+    #        port 1194
+    #        tun-ipv6
+    #        ca /var/lib/openvpn/ca.crt
+    #        cert /var/lib/openvpn/crate.wedlake.lan.crt
+    #        key /var/lib/openvpn/crate.wedlake.lan.key
+    #        dh /var/lib/openvpn/dh2048.pem
+    #        server 10.40.12.0 255.255.255.0
+    #        server-ipv6 2601:98a:4101:bff3::/64
+    #        push "route 10.40.33.0 255.255.255.0"
+    #        push "route-ipv6 2000::/3"
+    #        push "dhcp-option DNS 10.40.12.1"
+    #        duplicate-cn
+    #        keepalive 10 120
+    #        tls-auth /var/lib/openvpn/ta.key 0
+    #        comp-lzo
+    #        user openvpn
+    #        group root
+    #        persist-key
+    #        persist-tun
+    #        status openvpn-status.log
+    #        verb 3
+    #      '';
+    #    };
+    #    guest = {
+    #      config = ''
+    #        dev ovpn-guest
+    #        dev-type tun
+    #        proto udp
+    #        port 1195
+    #        tun-ipv6
+    #        ca /var/lib/openvpn/ca.crt
+    #        cert /var/lib/openvpn/crate.wedlake.lan.crt
+    #        key /var/lib/openvpn/crate.wedlake.lan.key
+    #        dh /var/lib/openvpn/dh2048.pem
+    #        server 10.40.13.0 255.255.255.0
+    #        push "redirect-gateway def1"
+    #        push "dhcp-option DNS 8.8.8.8"
+    #        duplicate-cn
+    #        keepalive 10 120
+    #        tls-auth /var/lib/openvpn/ta-guest.key 0
+    #        comp-lzo
+    #        user openvpn
+    #        group root
+    #        persist-key
+    #        persist-tun
+    #        status openvpn-status.log
+    #        verb 3
+    #      '';
+    #    };
+    #  };
+    #};
   };
   users.extraUsers.sam = {
     isNormalUser = true;

nixos/portal/configuration.nix

@@ -50,7 +50,6 @@ in
       nameservers = [ "127.0.0.1" "8.8.8.8" ];
       useDHCP = false;
       interfaces.ens3.useDHCP = true;
-      interfaces.ens7.useDHCP = true;
 
       #wireguard.interfaces = {
       #  wg0 = {

nixos/prod03/modules/network.nix

@@ -45,6 +45,11 @@ in
   boot.cleanTmpDir = true;
   boot.zfs.devNodes = "/dev";
 
+  boot.extraModprobeConfig = ''
+    options kvm_intel nested=1
+    options kvm_intel emulate_invalid_guest_state=0
+    options kvm ignore_msrs=1
+  '';
 
   # Splash screen to make boot look nice
   boot.plymouth.enable = false;
@@ -268,6 +273,7 @@ in
     keybase
     keybase-gui
     slack
+    signal-desktop
     neomutt
     notmuch
     taskwarrior
@@ -598,7 +604,7 @@ in
     ""
     "${config.virtualisation.podman.package}/bin/podman --storage-driver zfs $LOGGING system service"
   ];
-  virtualisation.libvirtd.enable = false;
+  virtualisation.libvirtd.enable = true;
   security.sudo.wheelNeedsPassword = true;
 
   # Custom dotfiles for sam user

nixos/pskov/configuration.nix

@@ -10,6 +10,7 @@
     pkgs = nixpkgs.legacyPackages."${system}";
   in
   {
+    minecraft = pkgs.callPackage ./nixos/optina/minecraft-bedrock.nix {};
     devShell = pkgs.callPackage ./shell.nix {
       inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key;
       inherit (deploy.packages."${pkgs.system}") deploy-rs;

outputs.nix

@@ -7,11 +7,22 @@
 , nixpkgs-fmt
 , knot-dns
 , lefthook
+, qemu
+, iproute2
 , python3
+, libguestfs-with-appliance
 }:
 
 mkShell {
   sopsPGPKeyDirs = [ "./nixos/secrets/keys" ];
+  # for OSX-KVM
+  buildInputs = [
+    qemu
+    python3
+    iproute2
+    # If you want to regenerate the OpenCore image you'll need the below:
+    #libguestfs-with-appliance
+  ];
   nativeBuildInputs = [
     python3.pkgs.invoke
     ssh-to-pgp