Update flake.lock

.gitea/workflows/autoupdate.yml

@@ -2,7 +2,7 @@ name: Weekly Flake Update
 
 on:
     schedule:
-        - cron: "0 4 1/14 * *"
+        - cron: "0 0 * * 4"
     workflow_dispatch:
 
 permissions:
@@ -89,18 +89,6 @@ jobs:
                 grep -q ${{ github.ref_name }} &&
                 exit 1 ||
                 exit 0
-            - name: close other bump requests
-              run: |
-                for i in $(tea pr -o simple | grep "Automatic Nixpkgs update" | awk '{print $1}')
-                do
-                  if [ "$i" = "" ]
-                  then
-                    echo "No bumps to close"
-                    exit 0
-                  else
-                    tea pr close $i
-                  fi
-                done
             - name: Force push branch
               run: git push --force -u origin nixpkgs_bump_$(date +%Y%m%d)
             - name: Create pull request

.gitea/workflows/hydra-callback.yml

@@ -1,26 +1,15 @@
-name: Hydra callback
+name: Weekly Flake Update
 
 on:
     pull_request:
-        types: 
-            - opened
-            - synchronize
-        paths:
-          - '**.nix'
-          - flake.lock
-    push:
-        branches:
-          - master
-        paths:
-          - '**.nix'
-          - flake.lock
+      types: 
+        - opened
 
 permissions:
     contents: write
 
 jobs:
-    on_pr:
-        if: github.event.pull_request
+    hydra_callback:
         runs-on: ubuntu-latest
         env:
             NIXPKGS_ALLOW_UNFREE: 1
@@ -35,29 +24,8 @@ jobs:
                 github_access_token: ${{ secrets.AHTLONS_GITHUB_TOKEN }}
             - name: Find pr number
               run: |
-                echo PR=$(echo "${{ github.ref }}" | cut -d / -f 3) >> "$GITHUB_ENV"
+                echo 'PR=$(echo "${{ github.ref }}" | cut -d / -f 3)' >> "$GITHUB_ENV"
             - name: run hydra wait
-              timeout-minutes: 200
               run: |
                 echo "Running now @ pr no $PR"
-                nix run nixpkgs#hydra-cli -- -H https://hydra.dynamicdiscord.de jobset-wait malobeo2 "$PR"
-
-    on_push:
-        if: github.event.push
-        runs-on: ubuntu-latest
-        env:
-            NIXPKGS_ALLOW_UNFREE: 1
-        steps:
-            - name: Install sudo
-              run: |
-                  apt-get update
-                  apt-get install -y sudo
-            - name: Set up Nix
-              uses: https://github.com/cachix/install-nix-action@v31
-              with: 
-                github_access_token: ${{ secrets.AHTLONS_GITHUB_TOKEN }}
-            - name: run hydra wait
-              timeout-minutes: 200
-              run: |
-                echo "Running now @ master"
-                nix run nixpkgs#hydra-cli -- -H https://hydra.dynamicdiscord.de jobset-wait malobeo2 master
+                nix run nixpkgs#hydra-cli -- -H https://hydra.dynamicdiscord.de jobset-wait malobeo2 "$PR"

.hydra/spec.json

@@ -12,7 +12,7 @@
   "type": 0,
   "inputs": {
     "nixexpr": {
-      "value": "https://git.dynamicdiscord.de/malobeo/infrastructure master",
+      "value": "https://git.dynamicdiscord.de/ahtlon/infrastructure master",
       "type": "git",
       "emailresponsible": false
     },

doc/book.toml

@@ -1,5 +1,6 @@
 [book]
 authors = ["ahtlon"]
 language = "de"
+multilingual = false
 src = "src"
 title = "Malobeo Infrastruktur Dokumentation"

flake.lock

@@ -85,16 +85,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1781319724,
-        "narHash": "sha256-ZGuxexEMo4Xv28KJ0dX/m/PHN4oZIOnxHZpNTyrvx4M=",
+        "lastModified": 1763992789,
+        "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "8355f0a16b2dbb06a97959a918af5b239bbe05ae",
+        "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-26.05",
+        "ref": "release-25.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -126,11 +126,11 @@
         "spectrum": "spectrum"
       },
       "locked": {
-        "lastModified": 1781389237,
-        "narHash": "sha256-Ne1/E5XNUq0gleaQz0vW5R4xf/0h/uEZ+bOW1aNjeQk=",
+        "lastModified": 1780522662,
+        "narHash": "sha256-fsiLQSfMmWSUB5KQeKIvaXJv4Dzf24MSl1uB3t4O7eA=",
         "owner": "astro",
         "repo": "microvm.nix",
-        "rev": "6ad601df0a07d9855c5e8f9b81135ecaf7c287eb",
+        "rev": "84b2dedfd03da111a001182ac8c962f1a79007fb",
         "type": "github"
       },
       "original": {
@@ -180,11 +180,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1781622756,
-        "narHash": "sha256-JrPh4M6S7aPsEE9tOENuZrxC6o2szSLlK+t4+nLke9s=",
+        "lastModified": 1780310866,
+        "narHash": "sha256-fPBRVf6A5xlACYcOI59shGrjURuvwu0lRsDoSCEXt/I=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "08018c72174a4df5657f8d94178ac69fb9c243e5",
+        "rev": "4ed851c979641e28597a05086332d75cdc9e395f",
         "type": "github"
       },
       "original": {
@@ -212,11 +212,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1781577229,
-        "narHash": "sha256-lrp67w8AulE9Ks53n27I45ADSzbOCn4H+CNW1Ck8B+8=",
+        "lastModified": 1780243769,
+        "narHash": "sha256-x5UQuRsH3MqI0U9afaXSNqzTPSeZlRLvFAav2Ux1pNw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "567a49d1913ce81ac6e9582e3553dd90a955875f",
+        "rev": "331800de5053fcebacf6813adb5db9c9dca22a0c",
         "type": "github"
       },
       "original": {
@@ -241,16 +241,16 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1781216227,
-        "narHash": "sha256-9mUW6gNwoN2SWc/l0fW4svPNOulXLl8ijqKyeSOGgJE=",
+        "lastModified": 1779796641,
+        "narHash": "sha256-ZsIrKmhp4vbBXoXXmR/tBXA/UCsAQiJL9vsgZEduhVY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a0374025a863d007d98e3297f6aa46cc3141c2f0",
+        "rev": "25f538306313eae3927264466c70d7001dcea1df",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-26.05",
+        "ref": "nixos-25.11",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -280,11 +280,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1780547341,
-        "narHash": "sha256-Gq8KNx5A7hBB3uGJaj6eQfLDIz5YdLu92gqBcvHvoUo=",
+        "lastModified": 1777944972,
+        "narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "9ed65852b6257fbeae4355bc24ecfea307ca759a",
+        "rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
         "type": "github"
       },
       "original": {

flake.nix

@@ -3,7 +3,7 @@
 
   inputs = {
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-26.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     sops-nix.url = "github:Mic92/sops-nix";
     sops-nix.inputs.nixpkgs.follows = "nixpkgs";
@@ -43,7 +43,7 @@
     };
 
     home-manager=  {
-      url = "github:nix-community/home-manager/release-26.05";
+      url = "github:nix-community/home-manager/release-25.05";
       inputs = {
         nixpkgs.follows = "nixpkgs";
       };

machines/fanny/configuration.nix

@@ -165,7 +165,7 @@ in
     defaults.email = "malobeo@systemli.org";
     defaults = {
       dnsProvider = "njalla";
-      environmentFile = config.sops.secrets.njala_api_key.path;
+      credentialsFile = config.sops.secrets.njala_api_key.path;
       dnsPropagationCheck = false;
     };
   };

machines/louise/configuration.nix

@@ -46,8 +46,6 @@
     ];
   };
 
-  nixpkgs.config.permittedInsecurePackages = [ "electron-39.8.10" ];
-
   services.tor = {
     enable = true;
     client.enable = true;

machines/lucia/configuration.nix

@@ -67,17 +67,17 @@ in
   mpd = {
     enable = true;
     musicDirectory = "/var/lib/mpd/music";
-    settings = {
-      audio_output = [{
-        type = "alsa";
-        name = "My ALSA";
-        device = "hw:0,0";	# optional 
-        format = "44100:16:2";	# optional
-        mixer_type = "hardware";
-        mixer_device = "default";
-        mixer_control = "PCM";
-      }];
-    };
+    extraConfig = ''
+      audio_output {
+        type "alsa"
+        name "My ALSA"
+        device			"hw:0,0"	# optional 
+        format			"44100:16:2"	# optional
+        mixer_type		"hardware"
+        mixer_device	"default"
+        mixer_control	"PCM"
+      }
+    '';
   
     # Optional:
     network.listenAddress = "any"; # if you want to allow non-localhost connections
@@ -199,7 +199,7 @@ in
     defaults.email = "malobeo@systemli.org";
     defaults = {
       dnsProvider = "njalla";
-      environmentFile = config.sops.secrets.njala_api_key.path;
+      credentialsFile = config.sops.secrets.njala_api_key.path;
       dnsPropagationCheck = false;
     };
   };

machines/modules/malobeo/gitea_translator.nix

@@ -55,7 +55,7 @@ in
 
       serviceConfig = {
         ExecStart = ''
-          ${pkgs.python3}/bin/python3 ${../../../scripts/gitea_hydra_server.py} \
+          ${pkgs.python3}/bin/python3 ${inputs.self + /scripts/gitea_hydra_server.py} \
             --baseurl ${cfg.baseurl} \
             --owner ${cfg.owner} \
             --repo ${cfg.repo} \
@@ -75,4 +75,4 @@ in
       };
     };
   };
-}
+}

machines/modules/malobeo/metrics.nix

@@ -41,22 +41,17 @@ in
       };
     };
 
-    services.alloy = {
+    services.promtail = {
       enable = cfg.enablePromtail;
-      extraFlags = ["--config.format=promtail"]; #TODO please change this to native alloy config later
-      configPath = import ./promtail_config.nix { 
+      configFile = import ./promtail_config.nix { 
         lokiAddress = cfg.lokiHost;
         logNginx = cfg.logNginx;
         config = config;
         pkgs = pkgs;
       };
     };
-    users.groups.promtail = {};
-    users.users.promtail = {
-      isNormalUser = true;
-      group = "promtail";
-      extraGroups = [ "systemd-journal" ] ++ (lib.optionals cfg.logNginx [ "nginx" ]) ;
-    };
+
+    users.users.promtail.extraGroups = [ "systemd-journal" ] ++ (lib.optionals cfg.logNginx [ "nginx" ]) ;
 
   };
 }

machines/nextcloud/configuration.nix

@@ -39,7 +39,7 @@ in
 
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud33;
+    package = pkgs.nextcloud32;
     hostName = "cloud.malobeo.org";
     config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
     maxUploadSize = "10G";
@@ -55,15 +55,14 @@ in
     extraApps = {
       inherit (config.services.nextcloud.package.packages.apps) contacts calendar polls registration collectives forms;
       deck = pkgs.fetchNextcloudApp {
-        sha256 = "sha256-Oc/J0Ey7f9aHhLBWoAXaDMe2t0eeEQKvpwY510qNpiI=";
-        url = "https://s3.g.megas4.com/ya5mczgkbk6bw7tcy2yr4bl2vdryfe76ok2dj/malo/deck33.tar.gz";
+        sha256 = "sha256-epjwIANb6vTNx9KqaG6jZc14YPoFMBTCj+/c9JHcWkA=";
+        url = "https://link.storjshare.io/raw/jvrl62dakd6htpyxohjkiiqiw5ma/mal/deck32.tar.gz";
         license = "agpl3Plus";
       };
     };
     settings = {
       trusted_domains = [ "cloud.malobeo.org" "cloud.hq.malobeo.org" ];
       trusted_proxies = [ hosts.malobeo.hosts.fanny.network.address ];
-      overwriteprotocol = "https";
       "maintenance_window_start" = "1";
       "default_phone_region" = "DE";
     };

machines/overwatch/configuration.nix

@@ -37,7 +37,6 @@ in
   services.grafana = {
     enable = true;
     settings = {
-      security.secret_key = "SW2YcwTIb9zpOOhoPsMm";
       server = {
         domain = "grafana.malobeo.org";
         http_port = 2342;

machines/pretalx/configuration.nix

@@ -1,4 +1,4 @@
-{ config, self, lib, pkgs, inputs,  ... }:
+{ config, self, lib, pkgs,  ... }:
 
 with lib;
 
@@ -58,7 +58,6 @@ in
 
   services.pretalx = {
     enable = true;
-    package = inputs.nixpkgs-unstable.legacyPackages."x86_64-linux".pretalx;
     celery.extraArgs = [
       "--concurrency=${toString config.microvm.vcpu}"
     ];

outputs.nix

@@ -118,7 +118,6 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
       users.imports = [ ./machines/modules/malobeo/users.nix ];
       backup.imports = [ ./machines/modules/malobeo/backup.nix ];
       printing.imports = [ ./machines/modules/malobeo/printing.nix ];
-      gitea-translator.imports = [ ./machines/modules/malobeo/gitea_translator.nix ];
     };
 
     hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) (