From 1b3a091faed092b4fd99b1fe7969405d04f8ec47 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sun, 8 Dec 2024 17:16:55 +0200 Subject: [PATCH 1/4] Remove self-hosted subsitution services from lindberg-build --- .../lindberg-build/applications/default.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/nixos-configurations/lindberg-build/applications/default.nix b/nixos-configurations/lindberg-build/applications/default.nix index d38f4f0..84978fb 100644 --- a/nixos-configurations/lindberg-build/applications/default.nix +++ b/nixos-configurations/lindberg-build/applications/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + lib, + ... +}: { imports = [ @@ -8,4 +13,11 @@ qois.git-ci-runner.enable = true; qois.postgresql.package = pkgs.postgresql_15; + + # Remove substituters that are hosted on this node, to prevent lockups. + # The qois-infrastructure cache is not needed, + # since the builds are done (and cached) on this host anyway. + nix.settings.substituters = lib.mkForce [ + "https://cache.nixos.org?priority=40" + ]; } From df410080264def5bf0cc3722202cbe6eaead4a85 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sun, 8 Dec 2024 17:45:54 +0200 Subject: [PATCH 2/4] Refactor attic configuration as module --- .../lindberg-build/applications/attic.nix | 79 --------------- .../lindberg-build/applications/default.nix | 5 +- .../lindberg-build/secrets.nix | 3 - .../lindberg-nextcloud/default.nix | 1 - nixos-modules/qois/attic/default.nix | 98 +++++++++++++++++++ .../qois/nginx}/default.nix | 5 +- 6 files changed, 102 insertions(+), 89 deletions(-) delete mode 100644 nixos-configurations/lindberg-build/applications/attic.nix create mode 100644 nixos-modules/qois/attic/default.nix rename {defaults/webserver => nixos-modules/qois/nginx}/default.nix (85%) diff --git a/nixos-configurations/lindberg-build/applications/attic.nix b/nixos-configurations/lindberg-build/applications/attic.nix deleted file mode 100644 index 05f65a4..0000000 --- a/nixos-configurations/lindberg-build/applications/attic.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, pkgs, ... }: - -let - atticPort = 8080; - atticHostname = "attic.qo.is"; -in - -{ - - services.atticd = { - enable = true; - - # Replace with absolute path to your credentials file - # generate secret with - # nix run system#openssl rand 64 | base64 -w0 - # ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64="output from openssl" - environmentFile = config.sops.secrets."attic/server_token".path; - - settings = { - listen = "127.0.0.1:${builtins.toString atticPort}"; - allowed-hosts = [ "attic.qo.is" ]; - api-endpoint = "https://attic.qo.is/"; - - # Data chunking - # - # Warning: If you change any of the values here, it will be - # difficult to reuse existing chunks for newly-uploaded NARs - # since the cutpoints will be different. As a result, the - # deduplication ratio will suffer for a while after the change. - chunking = { - # The minimum NAR size to trigger chunking - # - # If 0, chunking is disabled entirely for newly-uploaded NARs. - # If 1, all NARs are chunked. - nar-size-threshold = 64 * 1024; # 64 KiB - - # The preferred minimum size of a chunk, in bytes - min-size = 16 * 1024; # 16 KiB - - # The preferred average size of a chunk, in bytes - avg-size = 64 * 1024; # 64 KiB - - # The preferred maximum size of a chunk, in bytes - max-size = 256 * 1024; # 256 KiB - }; - - garbage-collection.default-retention-period = "6 months"; - - database.url = "postgresql:///atticd?host=/run/postgresql"; - }; - }; - - imports = [ ../../../defaults/webserver ]; - - # Note: Attic cache availability is "best effort", so no artifacts are backed up. - - services.postgresql = { - enable = true; - ensureDatabases = [ "atticd" ]; - ensureUsers = [ - { - name = "atticd"; - ensureDBOwnership = true; - } - ]; - }; - - services.nginx = { - enable = true; - clientMaxBodySize = "1g"; - virtualHosts.${atticHostname} = { - kTLS = true; - forceSSL = true; - enableACME = true; - - locations."/".proxyPass = "http://127.0.0.1:${builtins.toString atticPort}"; - }; - }; -} diff --git a/nixos-configurations/lindberg-build/applications/default.nix b/nixos-configurations/lindberg-build/applications/default.nix index 84978fb..d9360ee 100644 --- a/nixos-configurations/lindberg-build/applications/default.nix +++ b/nixos-configurations/lindberg-build/applications/default.nix @@ -7,14 +7,15 @@ { imports = [ - ./attic.nix ./nixpkgs-cache.nix ]; qois.git-ci-runner.enable = true; + qois.attic.enable = true; qois.postgresql.package = pkgs.postgresql_15; - # Remove substituters that are hosted on this node, to prevent lockups. + # Remove substituters that are hosted on this node, to prevent lockups + # since the current nix implementation is not forgiving with unavailable subsituters. # The qois-infrastructure cache is not needed, # since the builds are done (and cached) on this host anyway. nix.settings.substituters = lib.mkForce [ diff --git a/nixos-configurations/lindberg-build/secrets.nix b/nixos-configurations/lindberg-build/secrets.nix index 988fc1f..8d66d7e 100644 --- a/nixos-configurations/lindberg-build/secrets.nix +++ b/nixos-configurations/lindberg-build/secrets.nix @@ -1,9 +1,6 @@ { ... }: { sops.secrets = { - "attic/server_token" = { - restartUnits = [ "atticd.service" ]; - }; "gitlab-runner/default-registration" = { restartUnits = [ "gitlab-runner.service" ]; }; diff --git a/nixos-configurations/lindberg-nextcloud/default.nix b/nixos-configurations/lindberg-nextcloud/default.nix index 0f1c769..08034a8 100644 --- a/nixos-configurations/lindberg-nextcloud/default.nix +++ b/nixos-configurations/lindberg-nextcloud/default.nix @@ -5,7 +5,6 @@ ../../defaults/backplane-net ../../defaults/base-vm ../../defaults/meta - ../../defaults/webserver ./applications ./backup.nix ./secrets.nix diff --git a/nixos-modules/qois/attic/default.nix b/nixos-modules/qois/attic/default.nix new file mode 100644 index 0000000..adb9e4b --- /dev/null +++ b/nixos-modules/qois/attic/default.nix @@ -0,0 +1,98 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.qois.attic; +in +{ + + options.qois.attic = { + enable = mkEnableOption "Enable attic service"; + domain = mkOption { + description = "Domain for attic server"; + type = types.str; + default = "attic.qo.is"; + }; + port = mkOption { + description = "Server Port"; + type = types.numbers.between 1 65536; + default = 8080; + }; + }; + + config = mkIf cfg.enable { + sops.secrets."attic/server_token".restartUnits = [ "atticd.service" ]; + + services.atticd = { + enable = true; + + # Replace with absolute path to your credentials file + # generate secret with + # nix run system#openssl rand 64 | base64 -w0 + # ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64="output from openssl" + environmentFile = config.sops.secrets."attic/server_token".path; + + settings = { + listen = "127.0.0.1:${toString cfg.port}"; + allowed-hosts = [ cfg.domain ]; + api-endpoint = "https://${cfg.domain}/"; + + # Data chunking + # + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + + garbage-collection.default-retention-period = "6 months"; + + database.url = "postgresql:///atticd?host=/run/postgresql"; + }; + }; + + # Note: Attic cache availability is "best effort", so no artifacts are backed up. + + services.postgresql = { + enable = true; + ensureDatabases = [ "atticd" ]; + ensureUsers = [ + { + name = "atticd"; + ensureDBOwnership = true; + } + ]; + }; + + services.nginx = { + enable = true; + clientMaxBodySize = "1g"; + virtualHosts.${cfg.domain} = { + kTLS = true; + forceSSL = true; + enableACME = true; + + locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + }; + }; +} diff --git a/defaults/webserver/default.nix b/nixos-modules/qois/nginx/default.nix similarity index 85% rename from defaults/webserver/default.nix rename to nixos-modules/qois/nginx/default.nix index 2aa4aaf..3fd799d 100644 --- a/defaults/webserver/default.nix +++ b/nixos-modules/qois/nginx/default.nix @@ -1,12 +1,9 @@ { - config, - lib, - pkgs, ... }: { - services.nginx = { + config.services.nginx = { recommendedTlsSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; From 9b83ccf8c555783d70dd30ed872083c487528389 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 9 Dec 2024 16:20:35 +0200 Subject: [PATCH 3/4] Refactore backplane-net to module with hosts --- defaults/backplane-net/default.nix | 65 --------------- nixos-configurations/calanda/networking.nix | 4 +- .../cyprianspitz/networking.nix | 4 +- .../lindberg-build/default.nix | 1 - .../lindberg-build/networking.nix | 2 + .../lindberg-nextcloud/default.nix | 3 +- .../lindberg-webapps/default.nix | 1 - .../lindberg-webapps/networking.nix | 2 + nixos-configurations/lindberg/networking.nix | 4 +- nixos-configurations/stompert/default.nix | 3 +- nixos-configurations/tierberg/networking.nix | 4 +- .../qois/backplane-net.hosts/default.nix | 42 ++++++++++ .../qois}/backplane-net/README.md | 0 nixos-modules/qois/backplane-net/default.nix | 83 +++++++++++++++++++ nixos-modules/qois/vpn-server/default.nix | 2 +- 15 files changed, 142 insertions(+), 78 deletions(-) delete mode 100644 defaults/backplane-net/default.nix create mode 100644 nixos-modules/qois/backplane-net.hosts/default.nix rename {defaults => nixos-modules/qois}/backplane-net/README.md (100%) create mode 100644 nixos-modules/qois/backplane-net/default.nix diff --git a/defaults/backplane-net/default.nix b/defaults/backplane-net/default.nix deleted file mode 100644 index 62e4a82..0000000 --- a/defaults/backplane-net/default.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -let - hostName = config.networking.hostName; - netName = "backplane"; - netConfig = config.qois.meta.network.virtual.${netName}; - hostNetConfig = netConfig.hosts.${hostName}; - wgDefaultPort = 51825; -in -{ - sops.secrets."wgautomesh/gossip-secret".restartUnits = [ "wgautomesh.service" ]; - - networking.wireguard.enable = true; - networking.wireguard.interfaces."wg-${netName}" = { - ips = [ "${hostNetConfig.v4.ip}/${builtins.toString netConfig.v4.prefixLength}" ]; - listenPort = if hostNetConfig.endpoint != null then hostNetConfig.endpoint.port else wgDefaultPort; - privateKeyFile = "/secrets/wireguard/private/${netName}"; - generatePrivateKeyFile = true; - }; - - systemd.network.wait-online.ignoredInterfaces = [ "wg-${netName}" ]; - - networking.firewall.allowedUDPPorts = - if hostNetConfig.endpoint != null then [ hostNetConfig.endpoint.port ] else [ wgDefaultPort ]; - - # Configure wgautomesh to setup peers. Make sure that the name is not used in the VPN module - services.wgautomesh = { - enable = true; - gossipSecretFile = builtins.toString config.sops.secrets."wgautomesh/gossip-secret".path; - openFirewall = true; - logLevel = "info"; - settings = { - interface = "wg-${netName}"; - - # Map meta network configuration to the format of wgautomesh and filter out peers with endpoints - peers = - let - reachableHosts = lib.filterAttrs ( - peerHostName: peerConfig: peerHostName != hostName # Not this host - ) netConfig.hosts; - in - lib.mapAttrsToList (_: peerConfig: { - address = peerConfig.v4.ip; - endpoint = - if peerConfig.endpoint != null then - with peerConfig.endpoint; "${fqdn}:${builtins.toString port}" - else - null; - pubkey = peerConfig.publicKey; - }) reachableHosts; - }; - }; - systemd.services.wgautomesh = - let - wgInterface = [ "wireguard-wg-backplane.service" ]; - in - { - requires = wgInterface; - after = wgInterface; - }; -} diff --git a/nixos-configurations/calanda/networking.nix b/nixos-configurations/calanda/networking.nix index 5aa0760..0f713b9 100644 --- a/nixos-configurations/calanda/networking.nix +++ b/nixos-configurations/calanda/networking.nix @@ -7,8 +7,6 @@ let getCalandaIp4 = net: net.hosts.calanda.v4.ip; in { - imports = [ ../../defaults/backplane-net ]; - networking.hostName = meta.hosts.calanda.hostName; networking.domain = "ilanz.fh2.ch"; networking.enableIPv6 = false; # TODO @@ -30,6 +28,8 @@ in ]; }; + qois.backplane-net.enable = true; + # TODO: Metaize ips services.qois.router = { enable = true; diff --git a/nixos-configurations/cyprianspitz/networking.nix b/nixos-configurations/cyprianspitz/networking.nix index 8147a3f..9f224b8 100644 --- a/nixos-configurations/cyprianspitz/networking.nix +++ b/nixos-configurations/cyprianspitz/networking.nix @@ -6,8 +6,6 @@ in { networking.hostName = meta.hosts.cyprianspitz.hostName; - imports = [ ../../defaults/backplane-net ]; - networking.useDHCP = false; networking.interfaces.enp0s31f6.useDHCP = true; networking.interfaces.enp2s0.useDHCP = true; @@ -77,6 +75,8 @@ in # TODO Solve sops dependency porblem: config.sops.secrets."system/initrd-ssh-key".path; }; + qois.backplane-net.enable = true; + # Configure this node to be used as an vpn exit node qois.backup-client.includePaths = [ "/var/lib/tailscale" ]; services.tailscale = { diff --git a/nixos-configurations/lindberg-build/default.nix b/nixos-configurations/lindberg-build/default.nix index f8cc617..f5b4bfd 100644 --- a/nixos-configurations/lindberg-build/default.nix +++ b/nixos-configurations/lindberg-build/default.nix @@ -4,7 +4,6 @@ imports = [ ../../defaults/base-vm ../../defaults/meta - ../../defaults/backplane-net ./applications ./backup.nix diff --git a/nixos-configurations/lindberg-build/networking.nix b/nixos-configurations/lindberg-build/networking.nix index 3cbe068..0e8f881 100644 --- a/nixos-configurations/lindberg-build/networking.nix +++ b/nixos-configurations/lindberg-build/networking.nix @@ -6,6 +6,8 @@ networking.useDHCP = false; networking.interfaces.enp11s0.useDHCP = true; + qois.backplane-net.enable = true; + networking.firewall.allowedTCPPorts = [ 80 443 diff --git a/nixos-configurations/lindberg-nextcloud/default.nix b/nixos-configurations/lindberg-nextcloud/default.nix index 08034a8..78fc78d 100644 --- a/nixos-configurations/lindberg-nextcloud/default.nix +++ b/nixos-configurations/lindberg-nextcloud/default.nix @@ -2,7 +2,6 @@ { imports = [ - ../../defaults/backplane-net ../../defaults/base-vm ../../defaults/meta ./applications @@ -31,6 +30,8 @@ networking.useDHCP = false; networking.interfaces.enp2s0.useDHCP = true; + qois.backplane-net.enable = true; + networking.firewall.allowedTCPPorts = [ 80 443 diff --git a/nixos-configurations/lindberg-webapps/default.nix b/nixos-configurations/lindberg-webapps/default.nix index 1daa20d..1cbfd2f 100644 --- a/nixos-configurations/lindberg-webapps/default.nix +++ b/nixos-configurations/lindberg-webapps/default.nix @@ -4,7 +4,6 @@ imports = [ ../../defaults/base-vm ../../defaults/meta - ../../defaults/backplane-net ./applications ./disko-config.nix diff --git a/nixos-configurations/lindberg-webapps/networking.nix b/nixos-configurations/lindberg-webapps/networking.nix index fd4b437..07f42ff 100644 --- a/nixos-configurations/lindberg-webapps/networking.nix +++ b/nixos-configurations/lindberg-webapps/networking.nix @@ -6,6 +6,8 @@ networking.useDHCP = false; networking.interfaces.enp1s0.useDHCP = true; + qois.backplane-net.enable = true; + networking.firewall.allowedTCPPorts = [ 80 443 diff --git a/nixos-configurations/lindberg/networking.nix b/nixos-configurations/lindberg/networking.nix index e46c3b5..50c631c 100644 --- a/nixos-configurations/lindberg/networking.nix +++ b/nixos-configurations/lindberg/networking.nix @@ -6,8 +6,6 @@ in { networking.hostName = meta.hosts.lindberg.hostName; - imports = [ ../../defaults/backplane-net ]; - networking.useDHCP = false; networking.interfaces.enp5s0.useDHCP = true; @@ -74,6 +72,8 @@ in sshPort = 2222; }; + qois.backplane-net.enable = true; + # Use this node as vpn exit node qois.backup-client.includePaths = [ "/var/lib/tailscale" ]; services.tailscale = { diff --git a/nixos-configurations/stompert/default.nix b/nixos-configurations/stompert/default.nix index d1855d2..17a9aae 100644 --- a/nixos-configurations/stompert/default.nix +++ b/nixos-configurations/stompert/default.nix @@ -6,7 +6,6 @@ { imports = [ - ../../defaults/backplane-net ../../defaults/hardware/apu.nix ../../defaults/base ../../defaults/meta @@ -52,6 +51,8 @@ networking.interfaces.enp3s0.useDHCP = true; networking.tempAddresses = "disabled"; + qois.backplane-net.enable = true; + # Set your time zone. # time.timeZone = "Europe/Amsterdam"; diff --git a/nixos-configurations/tierberg/networking.nix b/nixos-configurations/tierberg/networking.nix index 2d57100..e80eb9d 100644 --- a/nixos-configurations/tierberg/networking.nix +++ b/nixos-configurations/tierberg/networking.nix @@ -7,8 +7,6 @@ in { networking.hostName = meta.hosts.tierberg.hostName; - imports = [ ../../defaults/backplane-net ]; - networking.enableIPv6 = false; # TODO networking.useDHCP = false; @@ -21,6 +19,8 @@ in ]; networking.interfaces.enp3s0.useDHCP = true; + qois.backplane-net.enable = true; + services.qois.luks-ssh = { enable = true; interface = "eth0"; diff --git a/nixos-modules/qois/backplane-net.hosts/default.nix b/nixos-modules/qois/backplane-net.hosts/default.nix new file mode 100644 index 0000000..b249dac --- /dev/null +++ b/nixos-modules/qois/backplane-net.hosts/default.nix @@ -0,0 +1,42 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.qois.backplane-net.hosts; + defaultDomains = attrNames config.qois.loadbalancer.domains; + defaultLoadbalancers = [ "lindberg" ]; +in +{ + + options.qois.backplane-net.hosts = { + enable = mkOption { + default = true; + description = "Whether to enable hosts aliases for loadbalanced services. This prevents turnarounds over external networks for these services."; + type = types.bool; + }; + + domains = mkOption { + description = "Domains that are hosted by the backplane loadbalancer"; + type = with types; listOf str; + default = defaultDomains; + }; + loadbalancers = mkOption { + description = "List of Loadbalancer hostnames as listed in the backplane network"; + type = with types; listOf str; + default = defaultLoadbalancers; + }; + }; + + config = mkIf cfg.enable { + + networking.hosts = pipe cfg.loadbalancers [ + (map (hostname: config.qois.meta.network.virtual.backplane.hosts.${hostname}.v4.ip)) + (flip genAttrs (lb: cfg.domains)) + ]; + + }; +} diff --git a/defaults/backplane-net/README.md b/nixos-modules/qois/backplane-net/README.md similarity index 100% rename from defaults/backplane-net/README.md rename to nixos-modules/qois/backplane-net/README.md diff --git a/nixos-modules/qois/backplane-net/default.nix b/nixos-modules/qois/backplane-net/default.nix new file mode 100644 index 0000000..08fb31e --- /dev/null +++ b/nixos-modules/qois/backplane-net/default.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.qois.backplane-net; + hostName = config.networking.hostName; + netConfig = config.qois.meta.network.virtual.${cfg.netName}; + hostNetConfig = netConfig.hosts.${hostName}; + interface = "wg-${cfg.netName}"; + wgService = [ "wireguard-${interface}.service" ]; +in + +{ + options.qois.backplane-net = { + enable = mkEnableOption "Enable backplane server services"; + netName = mkOption { + description = "Network Name"; + type = types.str; + default = "backplane"; + }; + domain = mkOption { + description = "Domain"; + type = types.str; + default = hostNetConfig; + }; + port = mkOption { + description = "Wireguard Default Port"; + type = types.number; + default = 51825; + }; + }; + + config = { + sops.secrets."wgautomesh/gossip-secret".restartUnits = [ "wgautomesh.service" ]; + + networking.wireguard.enable = true; + networking.wireguard.interfaces."wg-${cfg.netName}" = { + ips = [ "${hostNetConfig.v4.ip}/${toString netConfig.v4.prefixLength}" ]; + listenPort = if hostNetConfig.endpoint != null then hostNetConfig.endpoint.port else cfg.port; + privateKeyFile = "/secrets/wireguard/private/${cfg.netName}"; + generatePrivateKeyFile = true; + }; + + systemd.network.wait-online.ignoredInterfaces = [ interface ]; + + networking.firewall.allowedUDPPorts = + if hostNetConfig.endpoint != null then [ hostNetConfig.endpoint.port ] else [ cfg.port ]; + + # Configure wgautomesh to setup peers. Make sure that the name is not used in the VPN module + services.wgautomesh = { + enable = true; + gossipSecretFile = config.sops.secrets."wgautomesh/gossip-secret".path; + openFirewall = true; + settings = { + inherit interface; + + # Map meta network configuration to the format of wgautomesh and filter out peers with endpoints + peers = pipe netConfig.hosts [ + (filterAttrs (peerHostName: _: peerHostName != hostName)) # Not this host + (mapAttrsToList ( + _: peerConfig: { + address = peerConfig.v4.ip; + endpoint = + if (peerConfig.endpoint != null) then + with peerConfig.endpoint; "${fqdn}:${toString port}" + else + null; + pubkey = peerConfig.publicKey; + } + )) + ]; + }; + }; + systemd.services.wgautomesh = { + requires = wgService; + after = wgService; + }; + }; +} diff --git a/nixos-modules/qois/vpn-server/default.nix b/nixos-modules/qois/vpn-server/default.nix index 427f35c..e57060e 100644 --- a/nixos-modules/qois/vpn-server/default.nix +++ b/nixos-modules/qois/vpn-server/default.nix @@ -58,7 +58,7 @@ in let vnet = config.qois.meta.network.virtual; vpnNet = vnet.vpn; - vpnNetPrefix = "${vpnNet.v4.id}/${builtins.toString vpnNet.v4.prefixLength}"; + vpnNetPrefix = "${vpnNet.v4.id}/${toString vpnNet.v4.prefixLength}"; backplaneNetPrefix = "${vnet.backplane.v4.id}/${builtins.toString vnet.backplane.v4.prefixLength}"; in { From 6661ab441db4bb41f473a00ff9cf28625ab1e886 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 9 Dec 2024 16:44:27 +0200 Subject: [PATCH 4/4] Update inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c15a68f..c8a279f 100644 --- a/flake.lock +++ b/flake.lock @@ -74,11 +74,11 @@ }, "nixpkgs-nixos-stable": { "locked": { - "lastModified": 1733261153, - "narHash": "sha256-eq51hyiaIwtWo19fPEeE0Zr2s83DYMKJoukNLgGGpek=", + "lastModified": 1733550349, + "narHash": "sha256-NcGumB4Lr6KSDq+nIqXtNA8QwAQKDSZT7N9OTGWbTrs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b681065d0919f7eb5309a93cea2cfa84dec9aa88", + "rev": "e2605d0744c2417b09f8bf850dfca42fcf537d34", "type": "github" }, "original": { @@ -90,11 +90,11 @@ }, "nixpkgs-nixos-unstable": { "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "lastModified": 1733581040, + "narHash": "sha256-Qn3nPMSopRQJgmvHzVqPcE3I03zJyl8cSbgnnltfFDY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "rev": "22c3f2cf41a0e70184334a958e6b124fb0ce3e01", "type": "github" }, "original": {