Update

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/configs/system/nix-install/install.sh

@@ -111,7 +111,7 @@ copy_secure_boot_keys() {
   mount --bind -o X-fstrim.notrim,x-gvfs-hide "$root/persist/state/var/lib/sbctl" "$root/var/lib/sbctl"
 }
 
-install() {
+install_nixos() {
   nixos-install --root "$root" --flake "$flake#$host" --no-root-passwd
 }
 
@@ -180,7 +180,7 @@ main() {
   copy_sops_keys
   copy_secure_boot_keys
 
-  install
+  install_nixos
 
   [[ "$enroll_secure_boot_flag" == "true" ]] && enroll_secure_boot
   [[ "$copy_config_flag" == "true" ]] && copy_config

hosts/common/configs/system/nix-update/default.nix

@@ -1,12 +1,4 @@
 { pkgs, ... }:
 {
-  nixpkgs.overlays = [
-    (final: prev: {
-      nix-update = prev.nix-update.overrideAttrs (oldAttrs: {
-        patches = oldAttrs.patches or [ ] ++ [ ./source-attribute.patch ];
-      });
-    })
-  ];
-
   environment.systemPackages = with pkgs; [ nix-update ];
 }

hosts/common/configs/system/nix-update/source-attribute.patch

@@ -1,127 +0,0 @@
-diff --git a/nix_update/__init__.py b/nix_update/__init__.py
-index 89bbe45..93f9322 100644
---- a/nix_update/__init__.py
-+++ b/nix_update/__init__.py
-@@ -124,6 +124,12 @@ def parse_args(args: list[str]) -> Options:
-         default=[],
-     )
- 
-+    parser.add_argument(
-+        "--src-attr",
-+        help="Src attribute",
-+        default="src",
-+    )
-+
-     a = parser.parse_args(args)
-     extra_flags = ["--extra-experimental-features", "flakes nix-command"]
-     if a.system:
-@@ -146,6 +152,7 @@ def parse_args(args: list[str]) -> Options:
-         version=a.version,
-         version_preference=VersionPreference.from_str(a.version),
-         attribute=a.attribute,
-+        source_attribute=a.src_attr,
-         test=a.test,
-         version_regex=a.version_regex,
-         review=a.review,
-diff --git a/nix_update/eval.py b/nix_update/eval.py
-index 1767056..f85ea69 100644
---- a/nix_update/eval.py
-+++ b/nix_update/eval.py
-@@ -105,12 +105,19 @@ class Package:
- def eval_expression(
-     escaped_import_path: str,
-     attr: str,
-+    source_attr: str,
-     flake: bool,
-     system: str | None,
-     override_filename: str | None,
- ) -> str:
-     system = f'"{system}"' if system else "builtins.currentSystem"
- 
-+    source_attrs = source_attr.rpartition(".")
-+    source_attr_last = source_attrs[-1] or source_attr
-+    source_attr_all_but_last = (
-+        f".{source_attrs[0]}" if source_attr_last != source_attr else ""
-+    )
-+
-     if flake:
-         sanitize_position = (
-             f"""
-@@ -164,8 +171,8 @@ let
-     raw_version_position
-   else if pkg ? isPhpExtension then
-     raw_version_position
--  else if (builtins.unsafeGetAttrPos "src" pkg) != null then
--    sanitizePosition (builtins.unsafeGetAttrPos "src" pkg)
-+  else if (builtins.unsafeGetAttrPos "{source_attr_last}" pkg) != null then
-+    sanitizePosition (builtins.unsafeGetAttrPos "{source_attr_last}" pkg{source_attr_all_but_last})
-   else
-     sanitizePosition (positionFromMeta pkg);
- in {{
-@@ -174,11 +181,11 @@ in {{
-   inherit raw_version_position;
-   filename = position.file;
-   line = position.line;
--  urls = pkg.src.urls or null;
--  url = pkg.src.url or null;
--  rev = pkg.src.rev or null;
--  tag = pkg.src.tag or null;
--  hash = pkg.src.outputHash or null;
-+  urls = pkg.{source_attr}.urls or null;
-+  url = pkg.{source_attr}.url or null;
-+  rev = pkg.{source_attr}.rev or null;
-+  tag = pkg.{source_attr}.tag or null;
-+  hash = pkg.{source_attr}.outputHash or null;
-   go_modules = pkg.goModules.outputHash or null;
-   go_modules_old = pkg.go-modules.outputHash or null;
-   cargo_deps = pkg.cargoDeps.outputHash or null;
-@@ -205,7 +212,7 @@ in {{
-   mix_deps = pkg.mixFodDeps.outputHash or null;
-   tests = builtins.attrNames (pkg.passthru.tests or {{}});
-   has_update_script = {has_update_script};
--  src_homepage = pkg.src.meta.homepage or null;
-+  src_homepage = pkg.{source_attr}.meta.homepage or null;
-   changelog = pkg.meta.changelog or null;
-   maintainers = pkg.meta.maintainers or null;
- }}"""
-@@ -215,6 +222,7 @@ def eval_attr(opts: Options) -> Package:
-     expr = eval_expression(
-         opts.escaped_import_path,
-         opts.escaped_attribute,
-+        opts.source_attribute,
-         opts.flake,
-         opts.system,
-         opts.override_filename,
-diff --git a/nix_update/options.py b/nix_update/options.py
-index 2d07b77..ab5c305 100644
---- a/nix_update/options.py
-+++ b/nix_update/options.py
-@@ -8,6 +8,7 @@ from .version.version import VersionPreference
- @dataclass
- class Options:
-     attribute: str
-+    source_attribute: str = "src"
-     flake: bool = False
-     version: str = "stable"
-     version_preference: VersionPreference = VersionPreference.STABLE
-@@ -33,4 +34,7 @@ class Options:
- 
-     def __post_init__(self) -> None:
-         self.escaped_attribute = ".".join(map(json.dumps, self.attribute.split(".")))
-+        self.escaped_source_attribute = ".".join(
-+            map(json.dumps, self.source_attribute.split("."))
-+        )
-         self.escaped_import_path = json.dumps(self.import_path)
-diff --git a/nix_update/update.py b/nix_update/update.py
-index 82b7bc5..464bf3d 100644
---- a/nix_update/update.py
-+++ b/nix_update/update.py
-@@ -155,7 +155,7 @@ def git_prefetch(x: tuple[str, tuple[str, str]]) -> tuple[str, str]:
- 
- 
- def update_src_hash(opts: Options, filename: str, current_hash: str) -> None:
--    target_hash = nix_prefetch(opts, "src")
-+    target_hash = nix_prefetch(opts, opts.source_attribute)
-     replace_hash(filename, current_hash, target_hash)
- 
- 

hosts/common/configs/system/podman/default.nix

@@ -2,20 +2,6 @@
 {
   imports = [ inputs.quadlet-nix.nixosModules.quadlet ];
 
-  # FIXME: https://github.com/containers/crun/pull/1807
-  nixpkgs.overlays = [
-    (final: prev: {
-      crun = prev.crun.overrideAttrs (oldAttrs: {
-        patches = oldAttrs.patches or [ ] ++ [
-          (builtins.fetchurl {
-            url = "https://patch-diff.githubusercontent.com/raw/containers/crun/pull/1807.patch";
-            sha256 = "sha256:13ax2scvd27s341wy0b9gpfyn47gjvg9fvbl8al3905dblqhdlr0";
-          })
-        ];
-      });
-    })
-  ];
-
   virtualisation = {
     podman.enable = true;
 

hosts/common/configs/user/console/ncspot/default.nix

@@ -6,6 +6,11 @@
     "/persist/cache"."${home}/.cache/ncspot" = { };
   };
 
+  # FIXME: https://github.com/hrkfdn/ncspot/issues/1676
+  networking.extraHosts = ''
+    0.0.0.0 apresolve.spotify.com
+  '';
+
   home-manager.users.${user} = {
     programs.ncspot.enable = true;
 

hosts/jupiter/users/storm/configs/console/podman/ntfy/default.nix

@@ -45,6 +45,8 @@ in
               auth-default-access = "deny-all";
               auth-startup-queries = dbStartupQueries;
 
+              auth-users = [ "karaolidis:${hmConfig.sops.placeholder."ntfy/users/karaolidis"}:admin" ];
+
               behind-proxy = true;
 
               attachment-cache-dir = "/var/lib/ntfy/attachments";
@@ -72,11 +74,6 @@ in
               metrics-listen-http = ":9090";
             }
           );
-
-        # FIXME: https://github.com/binwiederhier/ntfy/issues/464
-        ntfy-env.content = ''
-          NTFY_ADMIN_PASSWORD=${hmConfig.sops.placeholder."ntfy/users/karaolidis"}
-        '';
       };
     };
 
@@ -87,34 +84,22 @@ in
 
       containers = {
         ntfy = {
-          containerConfig =
-            let
-              entrypoint = pkgs.writeTextFile {
-                name = "entrypoint.sh";
-                executable = true;
-                text = builtins.readFile ./entrypoint.sh;
-              };
-            in
-            {
-              image = "docker-archive:${selfPkgs.docker-ntfy}";
-              networks = [
-                networks.ntfy.ref
-                networks.traefik.ref
-                networks.prometheus.ref
-              ];
-              volumes = [
-                "${volumes.ntfy.ref}:/var/lib/ntfy"
-                "${hmConfig.sops.templates.ntfy.path}:/etc/ntfy/server.yml:ro"
-                "${entrypoint}:/entrypoint.sh:ro"
-              ];
-              environments.NTFY_ADMIN_USER = "karaolidis";
-              environmentFiles = [ hmConfig.sops.templates.ntfy-env.path ];
-              entrypoint = "/entrypoint.sh";
-              labels = [
-                "traefik.enable=true"
-                "traefik.http.routers.ntfy.rule=Host(`ntfy.karaolidis.com`)"
-              ];
-            };
+          containerConfig = {
+            image = "docker-archive:${selfPkgs.docker-ntfy}";
+            networks = [
+              networks.ntfy.ref
+              networks.traefik.ref
+              networks.prometheus.ref
+            ];
+            volumes = [
+              "${volumes.ntfy.ref}:/var/lib/ntfy"
+              "${hmConfig.sops.templates.ntfy.path}:/etc/ntfy/server.yml:ro"
+            ];
+            labels = [
+              "traefik.enable=true"
+              "traefik.http.routers.ntfy.rule=Host(`ntfy.karaolidis.com`)"
+            ];
+          };
 
           unitConfig.After = [ "sops-nix.service" ];
         };

hosts/jupiter/users/storm/configs/console/podman/ntfy/entrypoint.sh

@@ -1,19 +0,0 @@
-#!/bin/sh
-
-PIPE=$(mktemp -u)
-mkfifo "$PIPE"
-
-ntfy serve > "$PIPE" 2>&1 &
-
-PID=$!
-grep -q -m 1 "INFO Listening on :80\[http\]" < "$PIPE"
-kill "$PID"
-wait "$PID" || true
-rm -f "$PIPE"
-
-export NTFY_PASSWORD="$NTFY_ADMIN_PASSWORD"
-ntfy user add "$NTFY_ADMIN_USER" || true
-ntfy user change-pass "$NTFY_ADMIN_USER"
-ntfy user change-role "$NTFY_ADMIN_USER" admin
-
-exec ntfy serve