From 1cc93d5dc25744a736eb68926a1f035d7839144b Mon Sep 17 00:00:00 2001 From: ahtlon Date: Wed, 17 Jun 2026 09:56:13 +0200 Subject: [PATCH 01/11] Update to 26.05 --- flake.lock | 34 +++++++++++++++++----------------- flake.nix | 4 ++-- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 3914a22..c08ed02 100644 --- a/flake.lock +++ b/flake.lock @@ -85,16 +85,16 @@ ] }, "locked": { - "lastModified": 1763992789, - "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", + "lastModified": 1781319724, + "narHash": "sha256-ZGuxexEMo4Xv28KJ0dX/m/PHN4oZIOnxHZpNTyrvx4M=", "owner": "nix-community", "repo": "home-manager", - "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", + "rev": "8355f0a16b2dbb06a97959a918af5b239bbe05ae", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", + "ref": "release-26.05", "repo": "home-manager", "type": "github" } @@ -126,11 +126,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1780588968, - "narHash": "sha256-zQk+GqLO+T9taIl1UUt3swvaOksWJxL7PL8K0+Fc/Hs=", + "lastModified": 1781389237, + "narHash": "sha256-Ne1/E5XNUq0gleaQz0vW5R4xf/0h/uEZ+bOW1aNjeQk=", "owner": "astro", "repo": "microvm.nix", - "rev": "4d3fb17437944ea57eef2b9e6108ca777b1209ca", + "rev": "6ad601df0a07d9855c5e8f9b81135ecaf7c287eb", "type": "github" }, "original": { @@ -180,11 +180,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1781020964, - "narHash": "sha256-fS7xTi2j2iso5Hj7RNZLv/acDlCT+fgMVkVk40A7Uco=", + "lastModified": 1781622756, + "narHash": "sha256-JrPh4M6S7aPsEE9tOENuZrxC6o2szSLlK+t4+nLke9s=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "32c2cd9e46286c4eced3dc6b613c659126bf3cca", + "rev": "08018c72174a4df5657f8d94178ac69fb9c243e5", "type": "github" }, "original": { @@ -212,11 +212,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1780749050, - "narHash": "sha256-3av0pIjlOWQ6rDbNOmpUSvbNnJkGORQKKjb4LtCZsIY=", + "lastModified": 1781577229, + "narHash": "sha256-lrp67w8AulE9Ks53n27I45ADSzbOCn4H+CNW1Ck8B+8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a799d3e3886da994fa307f817a6bc705ae538eeb", + "rev": "567a49d1913ce81ac6e9582e3553dd90a955875f", "type": "github" }, "original": { @@ -241,16 +241,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1780952837, - "narHash": "sha256-Fwd1+spDtQ0hDyBwme6ufG3n4mY0UrjjFdYHv+G/Hds=", + "lastModified": 1781216227, + "narHash": "sha256-9mUW6gNwoN2SWc/l0fW4svPNOulXLl8ijqKyeSOGgJE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e820eb4a444b46a19b2e03e8dfd2359439ff30fe", + "rev": "a0374025a863d007d98e3297f6aa46cc3141c2f0", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.11", + "ref": "nixos-26.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index decbc2c..84216fd 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ inputs = { nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-26.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; @@ -43,7 +43,7 @@ }; home-manager= { - url = "github:nix-community/home-manager/release-25.05"; + url = "github:nix-community/home-manager/release-26.05"; inputs = { nixpkgs.follows = "nixpkgs"; }; -- 2.51.2 From a575d16ec07ff405f207e87a817b2c0dc7d55cee Mon Sep 17 00:00:00 2001 From: ahtlon Date: Wed, 17 Jun 2026 10:29:03 +0200 Subject: [PATCH 02/11] Promtail is EOL Recomended migtration to grafana-alloy (https://grafana.com/docs/alloy/latest/set-up/migrate/from-promtail/) or fluent-bit (https://docs.fluentbit.io/manual/data-pipeline/outputs/loki) I chose alloy because of the compatability. This needs to be reworked to a native implementation later --- machines/modules/malobeo/metrics.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/machines/modules/malobeo/metrics.nix b/machines/modules/malobeo/metrics.nix index 9c74b10..4bed4a5 100644 --- a/machines/modules/malobeo/metrics.nix +++ b/machines/modules/malobeo/metrics.nix @@ -41,17 +41,22 @@ in }; }; - services.promtail = { + services.alloy = { enable = cfg.enablePromtail; - configFile = import ./promtail_config.nix { + extraFlags = ["--config.format=promtail"]; #TODO please change this to native alloy config later + configPath = import ./promtail_config.nix { lokiAddress = cfg.lokiHost; logNginx = cfg.logNginx; config = config; pkgs = pkgs; }; }; - - users.users.promtail.extraGroups = [ "systemd-journal" ] ++ (lib.optionals cfg.logNginx [ "nginx" ]) ; + users.groups.promtail = {}; + users.users.promtail = { + isNormalUser = true; + group = "promtail"; + extraGroups = [ "systemd-journal" ] ++ (lib.optionals cfg.logNginx [ "nginx" ]) ; + }; }; } -- 2.51.2 From 8c9b49f5c3454ea8a2a150dd2914f983a96b864d Mon Sep 17 00:00:00 2001 From: ahtlon Date: Wed, 17 Jun 2026 10:34:11 +0200 Subject: [PATCH 03/11] Hardcode grafana security key Grafana's secret key (services.grafana.settings.security.secret_key) doesn't have a default value anymore. Please generate your own and use a file-provider on this option! See also https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#secret_key for more information. See https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-database-encryption/#re-encrypt-secrets on how to re-encrypt. As stated in the NixOS changelog for 26.05, there's no official way to rotate. Either hard-code the old key ("SW2YcwTIb9zpOOhoPsMm") if your setup doesn't have any secrets in the DB that need special protection or perform a rotation with a 3rd-party tool (https://github.com/erooke/grafana-secretkey-rotation-tool/tree/d9dc788902fa5185e15cb15ce6129f7237ab6138). --- machines/overwatch/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/overwatch/configuration.nix b/machines/overwatch/configuration.nix index 06cac14..0454632 100644 --- a/machines/overwatch/configuration.nix +++ b/machines/overwatch/configuration.nix @@ -37,6 +37,7 @@ in services.grafana = { enable = true; settings = { + security.secret_key = "SW2YcwTIb9zpOOhoPsMm"; server = { domain = "grafana.malobeo.org"; http_port = 2342; -- 2.51.2 From 90d631f73c73febe081d49ab3b6d7914157b4f24 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Wed, 17 Jun 2026 10:38:47 +0200 Subject: [PATCH 04/11] Change credentialsFile to environmentFile --- machines/fanny/configuration.nix | 2 +- machines/lucia/configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index f2cc70d..c398678 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -165,7 +165,7 @@ in defaults.email = "malobeo@systemli.org"; defaults = { dnsProvider = "njalla"; - credentialsFile = config.sops.secrets.njala_api_key.path; + environmentFile = config.sops.secrets.njala_api_key.path; dnsPropagationCheck = false; }; }; diff --git a/machines/lucia/configuration.nix b/machines/lucia/configuration.nix index 778f186..6bc3524 100644 --- a/machines/lucia/configuration.nix +++ b/machines/lucia/configuration.nix @@ -199,7 +199,7 @@ in defaults.email = "malobeo@systemli.org"; defaults = { dnsProvider = "njalla"; - credentialsFile = config.sops.secrets.njala_api_key.path; + environmentFile = config.sops.secrets.njala_api_key.path; dnsPropagationCheck = false; }; }; -- 2.51.2 From b5b84e2ec868e9f003b63c6648d2f23e151a395e Mon Sep 17 00:00:00 2001 From: ahtlon Date: Wed, 17 Jun 2026 10:47:15 +0200 Subject: [PATCH 05/11] change mpd config to declarative --- machines/lucia/configuration.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/machines/lucia/configuration.nix b/machines/lucia/configuration.nix index 6bc3524..2c02a7a 100644 --- a/machines/lucia/configuration.nix +++ b/machines/lucia/configuration.nix @@ -67,17 +67,17 @@ in mpd = { enable = true; musicDirectory = "/var/lib/mpd/music"; - extraConfig = '' - audio_output { - type "alsa" - name "My ALSA" - device "hw:0,0" # optional - format "44100:16:2" # optional - mixer_type "hardware" - mixer_device "default" - mixer_control "PCM" - } - ''; + settings = { + audio_output = [{ + type = "alsa"; + name = "My ALSA"; + device = "hw:0,0"; # optional + format = "44100:16:2"; # optional + mixer_type = "hardware"; + mixer_device = "default"; + mixer_control = "PCM"; + }]; + }; # Optional: network.listenAddress = "any"; # if you want to allow non-localhost connections -- 2.51.2 From 0b77bbd8a6fd46ea1f012e15a2f061ba946d60b6 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Wed, 17 Jun 2026 11:23:12 +0200 Subject: [PATCH 06/11] [Nextcloud] build deck in flake Changes from a cloud filehost to a local build, should also be more maintainable --- .../0001-Patch-cards-to-be-draggable.patch | 25 +++++++++++++++++++ machines/nextcloud/configuration.nix | 25 ++++++++++++++----- 2 files changed, 44 insertions(+), 6 deletions(-) create mode 100644 machines/nextcloud/0001-Patch-cards-to-be-draggable.patch diff --git a/machines/nextcloud/0001-Patch-cards-to-be-draggable.patch b/machines/nextcloud/0001-Patch-cards-to-be-draggable.patch new file mode 100644 index 0000000..d8059a6 --- /dev/null +++ b/machines/nextcloud/0001-Patch-cards-to-be-draggable.patch @@ -0,0 +1,25 @@ +From 0d4b14e8eb62b0f0ed01f45bbaa7c2721245f7d6 Mon Sep 17 00:00:00 2001 +From: ahtlon +Date: Thu, 9 Oct 2025 12:22:08 +0200 +Subject: [PATCH] Patch cards to be draggable + +--- + src/components/cards/CardItem.vue | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/components/cards/CardItem.vue b/src/components/cards/CardItem.vue +index 7539ac53e..aaf9f2fe0 100644 +--- a/src/components/cards/CardItem.vue ++++ b/src/components/cards/CardItem.vue +@@ -20,7 +20,7 @@ + +
+

+- {{ displayTitle }} ++ {{ displayTitle }} +

+

Date: Wed, 17 Jun 2026 11:44:56 +0200 Subject: [PATCH 07/11] Multilingual keyword not supported --- doc/book.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/book.toml b/doc/book.toml index 5799732..9b9738c 100644 --- a/doc/book.toml +++ b/doc/book.toml @@ -1,6 +1,5 @@ [book] authors = ["ahtlon"] language = "de" -multilingual = false src = "src" title = "Malobeo Infrastruktur Dokumentation" -- 2.51.2 From 529848d89e34af5db59b4ae6c9d0b76c8f27ffa8 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Wed, 17 Jun 2026 11:52:48 +0200 Subject: [PATCH 08/11] [docs] update nextcloud instructions --- doc/src/anleitung/update_nextcloud.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/src/anleitung/update_nextcloud.md b/doc/src/anleitung/update_nextcloud.md index 3a3f5e4..c9d948c 100644 --- a/doc/src/anleitung/update_nextcloud.md +++ b/doc/src/anleitung/update_nextcloud.md @@ -1,7 +1,14 @@ ### Updating nextcloud ## Updating the draggable patch +As of 17.06.26 the patch now gets applied automaticly while building the package. +On a nextcloud update: +- Change the `services.nextcloud.package` to the next version (ex.: `pkgs.nextcloud33`) +- Change `services.nextcloud.extraApps.deck.src.rev` to the next version (ex.: `stable33`) +- update hashes + +### Building the package manually The draggable patch is a one line patch found in the deck repo under `src/components/cards/CardItem.vue` Direct link: https://git.dynamicdiscord.de/ahtlon/deck/commit/77cbcf42ca80dd32e450839f02faca2e5fed3761 -- 2.51.2 From 8de6687f1f046038fdf64ce2d555e6093e15793f Mon Sep 17 00:00:00 2001 From: ahtlon Date: Thu, 18 Jun 2026 19:54:44 +0200 Subject: [PATCH 09/11] [nextcloud] undo the packaging change... --- doc/src/anleitung/update_nextcloud.md | 7 ------ .../0001-Patch-cards-to-be-draggable.patch | 25 ------------------- machines/nextcloud/configuration.nix | 25 +++++-------------- 3 files changed, 6 insertions(+), 51 deletions(-) delete mode 100644 machines/nextcloud/0001-Patch-cards-to-be-draggable.patch diff --git a/doc/src/anleitung/update_nextcloud.md b/doc/src/anleitung/update_nextcloud.md index c9d948c..3a3f5e4 100644 --- a/doc/src/anleitung/update_nextcloud.md +++ b/doc/src/anleitung/update_nextcloud.md @@ -1,14 +1,7 @@ ### Updating nextcloud ## Updating the draggable patch -As of 17.06.26 the patch now gets applied automaticly while building the package. -On a nextcloud update: -- Change the `services.nextcloud.package` to the next version (ex.: `pkgs.nextcloud33`) -- Change `services.nextcloud.extraApps.deck.src.rev` to the next version (ex.: `stable33`) -- update hashes - -### Building the package manually The draggable patch is a one line patch found in the deck repo under `src/components/cards/CardItem.vue` Direct link: https://git.dynamicdiscord.de/ahtlon/deck/commit/77cbcf42ca80dd32e450839f02faca2e5fed3761 diff --git a/machines/nextcloud/0001-Patch-cards-to-be-draggable.patch b/machines/nextcloud/0001-Patch-cards-to-be-draggable.patch deleted file mode 100644 index d8059a6..0000000 --- a/machines/nextcloud/0001-Patch-cards-to-be-draggable.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 0d4b14e8eb62b0f0ed01f45bbaa7c2721245f7d6 Mon Sep 17 00:00:00 2001 -From: ahtlon -Date: Thu, 9 Oct 2025 12:22:08 +0200 -Subject: [PATCH] Patch cards to be draggable - ---- - src/components/cards/CardItem.vue | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/components/cards/CardItem.vue b/src/components/cards/CardItem.vue -index 7539ac53e..aaf9f2fe0 100644 ---- a/src/components/cards/CardItem.vue -+++ b/src/components/cards/CardItem.vue -@@ -20,7 +20,7 @@ - -
-

-- {{ displayTitle }} -+ {{ displayTitle }} -

-

Date: Thu, 18 Jun 2026 20:10:33 +0200 Subject: [PATCH 10/11] [nextcloud] update --- machines/nextcloud/configuration.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix index e2fcac8..cd0439f 100644 --- a/machines/nextcloud/configuration.nix +++ b/machines/nextcloud/configuration.nix @@ -39,7 +39,7 @@ in services.nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud33; hostName = "cloud.malobeo.org"; config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path; maxUploadSize = "10G"; @@ -55,8 +55,8 @@ in extraApps = { inherit (config.services.nextcloud.package.packages.apps) contacts calendar polls registration collectives forms; deck = pkgs.fetchNextcloudApp { - sha256 = "sha256-epjwIANb6vTNx9KqaG6jZc14YPoFMBTCj+/c9JHcWkA="; - url = "https://link.storjshare.io/raw/jvrl62dakd6htpyxohjkiiqiw5ma/mal/deck32.tar.gz"; + sha256 = "sha256-Oc/J0Ey7f9aHhLBWoAXaDMe2t0eeEQKvpwY510qNpiI="; + url = "https://s3.g.megas4.com/ya5mczgkbk6bw7tcy2yr4bl2vdryfe76ok2dj/malo/deck33.tar.gz"; license = "agpl3Plus"; }; }; -- 2.51.2 From 379c6c83d2b3971268edcfedec7c3eb55f6ce414 Mon Sep 17 00:00:00 2001 From: Ahtlon Date: Tue, 23 Jun 2026 18:54:16 +0200 Subject: [PATCH 11/11] [lucia] remove mpd --- machines/lucia/configuration.nix | 42 ++++++++++++++++---------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/machines/lucia/configuration.nix b/machines/lucia/configuration.nix index 2c02a7a..06e5aae 100644 --- a/machines/lucia/configuration.nix +++ b/machines/lucia/configuration.nix @@ -64,29 +64,29 @@ in }; - mpd = { - enable = true; - musicDirectory = "/var/lib/mpd/music"; - settings = { - audio_output = [{ - type = "alsa"; - name = "My ALSA"; - device = "hw:0,0"; # optional - format = "44100:16:2"; # optional - mixer_type = "hardware"; - mixer_device = "default"; - mixer_control = "PCM"; - }]; - }; + # mpd = { + # enable = true; + # musicDirectory = "/var/lib/mpd/music"; + # settings = { + # audio_output = [{ + # type = "alsa"; + # name = "My ALSA"; + # device = "hw:0,0"; # optional + # format = "44100:16:2"; # optional + # mixer_type = "hardware"; + # mixer_device = "default"; + # mixer_control = "PCM"; + # }]; + # }; - # Optional: - network.listenAddress = "any"; # if you want to allow non-localhost connections - startWhenNeeded = true; # systemd feature: only start MPD service upon connection to its socket - }; + # # Optional: + # network.listenAddress = "any"; # if you want to allow non-localhost connections + # startWhenNeeded = true; # systemd feature: only start MPD service upon connection to its socket + # }; - ympd = { - enable = true; - }; + # ympd = { + # enable = true; + # }; #samba = { # enable = true; -- 2.51.2