[nextcloud] update

[nextcloud] undo the packaging change...
[docs] update nextcloud instructions
2026-06-18 20:10:33 +02:00 · 2026-06-18 19:54:44 +02:00 · 2026-06-17 11:52:48 +02:00 · 2026-06-17 11:45:07 +02:00 · 2026-06-17 11:43:37 +02:00 · 2026-06-17 10:47:15 +02:00
15 changed files with 154 additions and 53 deletions
--- a/.gitea/workflows/autoupdate.yml
+++ b/.gitea/workflows/autoupdate.yml
@@ -2,7 +2,7 @@ name: Weekly Flake Update
 on:
    schedule:
-        - cron: "0 0 * * 4"
+        - cron: "0 4 1/14 * *"
    workflow_dispatch:
 permissions:
@@ -89,6 +89,18 @@ jobs:
                grep -q ${{ github.ref_name }} &&
                exit 1 ||
                exit 0
            - name: close other bump requests
              run: |
                for i in $(tea pr -o simple | grep "Automatic Nixpkgs update" | awk '{print $1}')
                do
                  if [ "$i" = "" ]
                  then
                    echo "No bumps to close"
                    exit 0
                  else
                    tea pr close $i
                  fi
                done
            - name: Force push branch
              run: git push --force -u origin nixpkgs_bump_$(date +%Y%m%d)
            - name: Create pull request
--- a/.gitea/workflows/hydra-callback.yml
+++ b/.gitea/workflows/hydra-callback.yml
@@ -0,0 +1,63 @@
 name: Hydra callback
 on:
    pull_request:
        types: 
            - opened
            - synchronize
        paths:
          - '**.nix'
          - flake.lock
    push:
        branches:
          - master
        paths:
          - '**.nix'
          - flake.lock
 permissions:
    contents: write
 jobs:
    on_pr:
        if: github.event.pull_request
        runs-on: ubuntu-latest
        env:
            NIXPKGS_ALLOW_UNFREE: 1
        steps:
            - name: Install sudo
              run: |
                  apt-get update
                  apt-get install -y sudo
            - name: Set up Nix
              uses: https://github.com/cachix/install-nix-action@v31
              with: 
                github_access_token: ${{ secrets.AHTLONS_GITHUB_TOKEN }}
            - name: Find pr number
              run: |
                echo PR=$(echo "${{ github.ref }}" | cut -d / -f 3) >> "$GITHUB_ENV"
            - name: run hydra wait
              timeout-minutes: 200
              run: |
                echo "Running now @ pr no $PR"
                nix run nixpkgs#hydra-cli -- -H https://hydra.dynamicdiscord.de jobset-wait malobeo2 "$PR"
    on_push:
        if: github.event.push
        runs-on: ubuntu-latest
        env:
            NIXPKGS_ALLOW_UNFREE: 1
        steps:
            - name: Install sudo
              run: |
                  apt-get update
                  apt-get install -y sudo
            - name: Set up Nix
              uses: https://github.com/cachix/install-nix-action@v31
              with: 
                github_access_token: ${{ secrets.AHTLONS_GITHUB_TOKEN }}
            - name: run hydra wait
              timeout-minutes: 200
              run: |
                echo "Running now @ master"
                nix run nixpkgs#hydra-cli -- -H https://hydra.dynamicdiscord.de jobset-wait malobeo2 master
--- a/.hydra/spec.json
+++ b/.hydra/spec.json
@@ -12,7 +12,7 @@
  "type": 0,
  "inputs": {
    "nixexpr": {
-      "value": "https://git.dynamicdiscord.de/ahtlon/infrastructure master",
+      "value": "https://git.dynamicdiscord.de/malobeo/infrastructure master",
      "type": "git",
      "emailresponsible": false
    },
--- a/doc/book.toml
+++ b/doc/book.toml
@@ -1,6 +1,5 @@
 [book]
 authors = ["ahtlon"]
 language = "de"
 multilingual = false
 src = "src"
 title = "Malobeo Infrastruktur Dokumentation"
--- a/flake.lock
+++ b/flake.lock
@@ -85,16 +85,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1763992789,
+        "lastModified": 1781319724,
-        "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
+        "narHash": "sha256-ZGuxexEMo4Xv28KJ0dX/m/PHN4oZIOnxHZpNTyrvx4M=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
+        "rev": "8355f0a16b2dbb06a97959a918af5b239bbe05ae",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-26.05",
        "repo": "home-manager",
        "type": "github"
      }
@@ -126,11 +126,11 @@
        "spectrum": "spectrum"
      },
      "locked": {
-        "lastModified": 1772055583,
+        "lastModified": 1781389237,
-        "narHash": "sha256-iPIm1orqkhsxqju6EVODOrV1BmyA5HNTZ8a1o812bFM=",
+        "narHash": "sha256-Ne1/E5XNUq0gleaQz0vW5R4xf/0h/uEZ+bOW1aNjeQk=",
        "owner": "astro",
        "repo": "microvm.nix",
-        "rev": "f6dcfb7c16cc3775536c825dc0698d4ede13d063",
+        "rev": "6ad601df0a07d9855c5e8f9b81135ecaf7c287eb",
        "type": "github"
      },
      "original": {
@@ -176,12 +176,15 @@
      }
    },
    "nixos-hardware": {
      "inputs": {
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1771969195,
+        "lastModified": 1781622756,
-        "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
+        "narHash": "sha256-JrPh4M6S7aPsEE9tOENuZrxC6o2szSLlK+t4+nLke9s=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
+        "rev": "08018c72174a4df5657f8d94178ac69fb9c243e5",
        "type": "github"
      },
      "original": {
@@ -209,11 +212,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1771848320,
+        "lastModified": 1781577229,
-        "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
+        "narHash": "sha256-lrp67w8AulE9Ks53n27I45ADSzbOCn4H+CNW1Ck8B+8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2fc6539b481e1d2569f25f8799236694180c0993",
+        "rev": "567a49d1913ce81ac6e9582e3553dd90a955875f",
        "type": "github"
      },
      "original": {
@@ -225,16 +228,29 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1771903837,
+        "lastModified": 1767892417,
-        "narHash": "sha256-sdaqdnsQCv3iifzxwB22tUwN/fSHoN7j2myFW5EIkGk=",
+        "narHash": "sha256-8bW3q88CEg2u4hSP66Vf4lpbLonHz7hqDNBMcCY7E9U=",
        "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba",
        "type": "tarball",
        "url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre924538.3497aa5c9457/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
        "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1781216227,
        "narHash": "sha256-9mUW6gNwoN2SWc/l0fW4svPNOulXLl8ijqKyeSOGgJE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e764fc9a405871f1f6ca3d1394fb422e0a0c3951",
+        "rev": "a0374025a863d007d98e3297f6aa46cc3141c2f0",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.11",
+        "ref": "nixos-26.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -249,7 +265,7 @@
        "microvm": "microvm",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "sops-nix": "sops-nix",
        "tasklist": "tasklist",
@@ -264,11 +280,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772048434,
+        "lastModified": 1780547341,
-        "narHash": "sha256-/wA0OaH6kZ/pFA+nXR/tvg5oupOmEDmMS5us79JT60o=",
+        "narHash": "sha256-Gq8KNx5A7hBB3uGJaj6eQfLDIz5YdLu92gqBcvHvoUo=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "334daa7c273dd8bf7a0cd370e4e16022b64e55e9",
+        "rev": "9ed65852b6257fbeae4355bc24ecfea307ca759a",
        "type": "github"
      },
      "original": {
@@ -280,11 +296,11 @@
    "spectrum": {
      "flake": false,
      "locked": {
-        "lastModified": 1759482047,
+        "lastModified": 1778940603,
-        "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
+        "narHash": "sha256-voSM8dZNlaOWN3kbYFky+FNY6fFQOEw0xF+ZMpZKkCQ=",
        "ref": "refs/heads/main",
-        "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
+        "rev": "367dd227f539267eae2b62770b4c17b88ac8c1f1",
-        "revCount": 996,
+        "revCount": 1265,
        "type": "git",
        "url": "https://spectrum-os.org/git/spectrum"
      },
--- a/flake.nix
+++ b/flake.nix
@@ -3,7 +3,7 @@
  inputs = {
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-26.05";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    sops-nix.url = "github:Mic92/sops-nix";
    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
@@ -43,7 +43,7 @@
    };
    home-manager=  {
-      url = "github:nix-community/home-manager/release-25.05";
+      url = "github:nix-community/home-manager/release-26.05";
      inputs = {
        nixpkgs.follows = "nixpkgs";
      };
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -165,7 +165,7 @@ in
    defaults.email = "malobeo@systemli.org";
    defaults = {
      dnsProvider = "njalla";
-      credentialsFile = config.sops.secrets.njala_api_key.path;
+      environmentFile = config.sops.secrets.njala_api_key.path;
      dnsPropagationCheck = false;
    };
  };
--- a/machines/louise/configuration.nix
+++ b/machines/louise/configuration.nix
@@ -46,6 +46,8 @@
    ];
  };
  nixpkgs.config.permittedInsecurePackages = [ "electron-39.8.10" ];
  services.tor = {
    enable = true;
    client.enable = true;
--- a/machines/lucia/configuration.nix
+++ b/machines/lucia/configuration.nix
@@ -67,17 +67,17 @@ in
  mpd = {
    enable = true;
    musicDirectory = "/var/lib/mpd/music";
-    extraConfig = ''
+    settings = {
-      audio_output {
+      audio_output = [{
-        type "alsa"
+        type = "alsa";
-        name "My ALSA"
+        name = "My ALSA";
-        device			"hw:0,0"	# optional 
+        device = "hw:0,0";	# optional 
-        format			"44100:16:2"	# optional
+        format = "44100:16:2";	# optional
-        mixer_type		"hardware"
+        mixer_type = "hardware";
-        mixer_device	"default"
+        mixer_device = "default";
-        mixer_control	"PCM"
+        mixer_control = "PCM";
-      }
+      }];
-    '';
+    };
    # Optional:
    network.listenAddress = "any"; # if you want to allow non-localhost connections
@@ -199,7 +199,7 @@ in
    defaults.email = "malobeo@systemli.org";
    defaults = {
      dnsProvider = "njalla";
-      credentialsFile = config.sops.secrets.njala_api_key.path;
+      environmentFile = config.sops.secrets.njala_api_key.path;
      dnsPropagationCheck = false;
    };
  };
--- a/machines/modules/malobeo/gitea_translator.nix
+++ b/machines/modules/malobeo/gitea_translator.nix
@@ -55,7 +55,7 @@ in
      serviceConfig = {
        ExecStart = ''
-          ${pkgs.python3}/bin/python3 ${inputs.self + /scripts/gitea_hydra_server.py} \
+          ${pkgs.python3}/bin/python3 ${../../../scripts/gitea_hydra_server.py} \
            --baseurl ${cfg.baseurl} \
            --owner ${cfg.owner} \
            --repo ${cfg.repo} \
@@ -75,4 +75,4 @@ in
      };
    };
  };
-}
+}
--- a/machines/modules/malobeo/metrics.nix
+++ b/machines/modules/malobeo/metrics.nix
@@ -41,17 +41,22 @@ in
      };
    };
-    services.promtail = {
+    services.alloy = {
      enable = cfg.enablePromtail;
-      configFile = import ./promtail_config.nix { 
+      extraFlags = ["--config.format=promtail"]; #TODO please change this to native alloy config later
      configPath = import ./promtail_config.nix { 
        lokiAddress = cfg.lokiHost;
        logNginx = cfg.logNginx;
        config = config;
        pkgs = pkgs;
      };
    };
-
+    users.groups.promtail = {};
-    users.users.promtail.extraGroups = [ "systemd-journal" ] ++ (lib.optionals cfg.logNginx [ "nginx" ]) ;
+    users.users.promtail = {
      isNormalUser = true;
      group = "promtail";
      extraGroups = [ "systemd-journal" ] ++ (lib.optionals cfg.logNginx [ "nginx" ]) ;
    };
  };
 }
--- a/machines/nextcloud/configuration.nix
+++ b/machines/nextcloud/configuration.nix
@@ -39,7 +39,7 @@ in
  services.nextcloud = {
    enable = true;
-    package = pkgs.nextcloud32;
+    package = pkgs.nextcloud33;
    hostName = "cloud.malobeo.org";
    config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
    maxUploadSize = "10G";
@@ -55,14 +55,15 @@ in
    extraApps = {
      inherit (config.services.nextcloud.package.packages.apps) contacts calendar polls registration collectives forms;
      deck = pkgs.fetchNextcloudApp {
-        sha256 = "sha256-epjwIANb6vTNx9KqaG6jZc14YPoFMBTCj+/c9JHcWkA=";
+        sha256 = "sha256-Oc/J0Ey7f9aHhLBWoAXaDMe2t0eeEQKvpwY510qNpiI=";
-        url = "https://link.storjshare.io/raw/jvrl62dakd6htpyxohjkiiqiw5ma/mal/deck32.tar.gz";
+        url = "https://s3.g.megas4.com/ya5mczgkbk6bw7tcy2yr4bl2vdryfe76ok2dj/malo/deck33.tar.gz";
        license = "agpl3Plus";
      };
    };
    settings = {
      trusted_domains = [ "cloud.malobeo.org" "cloud.hq.malobeo.org" ];
      trusted_proxies = [ hosts.malobeo.hosts.fanny.network.address ];
      overwriteprotocol = "https";
      "maintenance_window_start" = "1";
      "default_phone_region" = "DE";
    };
--- a/machines/overwatch/configuration.nix
+++ b/machines/overwatch/configuration.nix
@@ -37,6 +37,7 @@ in
  services.grafana = {
    enable = true;
    settings = {
      security.secret_key = "SW2YcwTIb9zpOOhoPsMm";
      server = {
        domain = "grafana.malobeo.org";
        http_port = 2342;
--- a/machines/pretalx/configuration.nix
+++ b/machines/pretalx/configuration.nix
@@ -1,4 +1,4 @@
-{ config, self, lib, pkgs,  ... }:
+{ config, self, lib, pkgs, inputs,  ... }:
 with lib;
@@ -58,6 +58,7 @@ in
  services.pretalx = {
    enable = true;
    package = inputs.nixpkgs-unstable.legacyPackages."x86_64-linux".pretalx;
    celery.extraArgs = [
      "--concurrency=${toString config.microvm.vcpu}"
    ];
--- a/outputs.nix
+++ b/outputs.nix
@@ -118,6 +118,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
      users.imports = [ ./machines/modules/malobeo/users.nix ];
      backup.imports = [ ./machines/modules/malobeo/backup.nix ];
      printing.imports = [ ./machines/modules/malobeo/printing.nix ];
      gitea-translator.imports = [ ./machines/modules/malobeo/gitea_translator.nix ];
    };
    hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) (
Author	SHA1	Message	Date
ahtlon	d7547be088	[nextcloud] update	2026-06-18 20:10:33 +02:00
ahtlon	8de6687f1f	[nextcloud] undo the packaging change...	2026-06-18 19:54:44 +02:00
ahtlon	529848d89e	[docs] update nextcloud instructions	2026-06-17 11:52:48 +02:00
ahtlon	cf89ece4d6	Multilingual keyword not supported	2026-06-17 11:45:07 +02:00
ahtlon	0b77bbd8a6	[Nextcloud] build deck in flake Changes from a cloud filehost to a local build, should also be more maintainable	2026-06-17 11:43:37 +02:00
ahtlon	b5b84e2ec8	change mpd config to declarative	2026-06-17 10:47:15 +02:00
ahtlon	90d631f73c	Change credentialsFile to environmentFile	2026-06-17 10:38:47 +02:00
ahtlon	8c9b49f5c3	Hardcode grafana security key Grafana's secret key (services.grafana.settings.security.secret_key) doesn't have a default value anymore. Please generate your own and use a file-provider on this option! See also https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#secret_key for more information. See https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-database-encryption/#re-encrypt-secrets on how to re-encrypt. As stated in the NixOS changelog for 26.05, there's no official way to rotate. Either hard-code the old key ("SW2YcwTIb9zpOOhoPsMm") if your setup doesn't have any secrets in the DB that need special protection or perform a rotation with a 3rd-party tool (`d9dc788902`).	2026-06-17 10:34:11 +02:00
ahtlon	a575d16ec0	Promtail is EOL Recomended migtration to grafana-alloy (https://grafana.com/docs/alloy/latest/set-up/migrate/from-promtail/) or fluent-bit (https://docs.fluentbit.io/manual/data-pipeline/outputs/loki) I chose alloy because of the compatability. This needs to be reworked to a native implementation later	2026-06-17 10:29:03 +02:00
ahtlon	1cc93d5dc2	Update to 26.05	2026-06-17 09:56:13 +02:00
ahtlon	017e2ca556	[Update] update and allow EOL electron	2026-06-10 17:35:47 +02:00
ahtlon	c31a576fbd	I might be stupid...	2026-06-06 00:15:42 +02:00
ahtlon	34db721709	[workflow] fix autoupdate not running -.-	2026-06-04 15:24:52 +02:00
ahtlon	9c55854987	Update every 14 days; close previous prs	2026-05-05 11:38:48 +02:00
ahtlon	8e7c9141c2	Automatic Nixpkgs update (#156 ) Date: Thu Apr 30 00:03:28 UTC 2026 Evaluation warnings: evaluation warning: cloud-hypervisor supports systemd-notify via vsock, but `microvm.vsock.cid` must be set to enable this. evaluation warning: 'system' has been renamed to/replaced by 'stdenv.hostPlatform.system' Co-authored-by: malobot <malobot@systemli.org> Reviewed-on: malobeo/infrastructure#156 Co-authored-by: ahtlon <git@ahtlon.de> Co-committed-by: ahtlon <git@ahtlon.de>	2026-05-05 11:11:20 +02:00
ahtlon	ea2ba8637b	[pretalx] pin package to unstable to fix security problem	2026-04-29 20:53:30 +02:00
kalipso	c40d84ba4d	[nextcloud] overwriteprotocol https	2026-04-14 13:14:34 +02:00
malobot	bd859dd40d	Update flake.lock	2026-03-26 10:59:37 +01:00
ahtlon	3ccd73788c	[gitea] add timeout and run on master	2026-03-26 10:31:09 +01:00
ahtlon	b2fc2d126f	Add hydra callback	2026-03-25 10:41:53 +01:00
ahtlon	bf3f4db1b2	[hydra] forgot to change repo	2026-03-16 20:58:45 +01:00
kalipso	f4614f2887	[modules] do not reference self within modules if it gets included in other flakes 'self' references to that flake, instead of malobeo	2026-03-16 20:52:14 +01:00
kalipso	07d7f3b882	[modules] add gitea translator	2026-03-16 20:42:26 +01:00