From 7c5dce9fbdd726976221a9a338ca3fdae5543670 Mon Sep 17 00:00:00 2001
From: Malte Brandy <malte.brandy@maralorn.de>
Date: Wed, 16 Sep 2020 19:32:23 +0200
Subject: [PATCH] Migrate to 20.09

---
 nixos/machines/apollo/configuration.nix     |  23 ++++++++---------
 nixos/machines/hera/boot.nix                |   2 +-
 nixos/machines/hera/cloud.nix               |   1 -
 nixos/machines/hera/secret/ssh_boot_rsa     | Bin 0 -> 1697 bytes
 nixos/roles/boot-key.nix                    |  26 +++++++++-----------
 nixos/roles/server/init_ssh.nix             |   6 +----
 overlays/email2matrix/package.nix           |   2 +-
 overlays/neuron-language-server/package.nix |   6 +++--
 8 files changed, 30 insertions(+), 36 deletions(-)
 create mode 100644 nixos/machines/hera/secret/ssh_boot_rsa

diff --git a/nixos/machines/apollo/configuration.nix b/nixos/machines/apollo/configuration.nix
index 84092569..6eb42cb1 100644
--- a/nixos/machines/apollo/configuration.nix
+++ b/nixos/machines/apollo/configuration.nix
@@ -28,7 +28,8 @@ in {
       m0wire = {
         allowedIPsAsRoutes = false;
         ips = [ "${hosts.apollo-wg}/112" ];
-        privateKeyFile = "/etc/nixos/nixos/machines/apollo/secret/wireguard-private";
+        privateKeyFile =
+          "/etc/nixos/nixos/machines/apollo/secret/wireguard-private";
         peers = [{
           publicKey = wireguard.pub.hera;
           allowedIPs = [ "::/0" ];
@@ -90,15 +91,15 @@ in {
   };
   boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
 
-  cdark_net = {
-    enable = true;
-    hostName = "${me.user}_${config.networking.hostName}";
-    ed25519PrivateKeyFile = /etc/nixos/nixos/machines + "/${config.networking.hostName}"
-      + /secret/tinc/ed25519_key.priv;
-    hostsDirectory =
-      (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
-    ip6address = "fd23:42:cda:4342::2";
-    ip4address = "172.20.71.2";
-  };
+  #cdark_net = {
+    #enable = true;
+    #hostName = "${me.user}_${config.networking.hostName}";
+    #ed25519PrivateKeyFile = /etc/nixos/nixos/machines
+      #+ "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv;
+    #hostsDirectory =
+      #pkgs.fetchgit { url = "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts"; };
+    #ip6address = "fd23:42:cda:4342::2";
+    #ip4address = "172.20.71.2";
+  #};
   system.stateVersion = "19.09";
 }
diff --git a/nixos/machines/hera/boot.nix b/nixos/machines/hera/boot.nix
index e9c4d3ef..1d7013fa 100644
--- a/nixos/machines/hera/boot.nix
+++ b/nixos/machines/hera/boot.nix
@@ -1,6 +1,6 @@
 { ... }: {
 
-  m-0.server.initSSHKey = ./secret/boot_rsa;
+  m-0.server.initSSHKey = ./secret/ssh_boot_rsa;
 
   boot = {
     loader.grub = {
diff --git a/nixos/machines/hera/cloud.nix b/nixos/machines/hera/cloud.nix
index f970d5ca..e5803fef 100644
--- a/nixos/machines/hera/cloud.nix
+++ b/nixos/machines/hera/cloud.nix
@@ -54,7 +54,6 @@ let
         nextcloud = {
           enable = true;
           hostName = hostname;
-          nginx.enable = true;
           package = pkgs.nextcloud18;
           maxUploadSize = "10g";
           caching = {
diff --git a/nixos/machines/hera/secret/ssh_boot_rsa b/nixos/machines/hera/secret/ssh_boot_rsa
new file mode 100644
index 0000000000000000000000000000000000000000..39f2582ba8f5f48f3c9590f48ee9def5c8aa07a4
GIT binary patch
literal 1697
zcmV;S24499M@dveQdv+`0LVug8a`Q$Wge2uk1Ek>6|WV<RGSOq+o5DdSSxHNj&m4-
z1S<ZU6&y1b`kAsOj}mheo?G*dz}5KpPy7qYc$4my>akDh;}yalkw_?>x{>H<eVl)F
zJ!Dfa9rTfHHpYhy8oZJjKOG{H3w-;xR7)W@!!-cmWBaB&yUuVdH@!LGp0u&H&q=FE
z4Qb;ig*FvqJUjOrNsug`CbN&D8S&7$Y|t7*wp3*Q?X#Al+`$gon>Ta{+~q;<5Dsti
z^8imCl&uGJp*6$SLqc*M@ax6^YkJFFW~*d{gowDkkm<~reBn(A{W=^horB;<2qtiz
zWW^kbV9`sguFn;}h-KD$oJ2sL8tr+ExE1@(r1YKI*{Y0?XyuqO4?HX#!(KYibzI!p
zXo1CQw8?-Hf0v7%-86aRbO&lk0kB!BX1}J*GHsOoi?A&r!IpIV(2`C6`FC5&TI`E<
zV{?pree8va63<<*q^LNsqQ>PsRWk?9K~QV3LQX%e=|biE>2_vyfnQxh)TMn=60ut`
zmTczCNnp+k2Gsxhc&mOqL^G_tZE0<4@Lcie%7q^k$g^ODNxf$jy{#J3Ko*t7+!A0v
zrro1JWC6rBzi4OD&2#QwpGob#P)VcBl?rtSh^3;KG2#yK<$~~Q_XRr0YtE(Gu+!^4
zNUuZ^S1BvPnE`J!salyDeCE!@e~pT_MA75J08gm>TD6vxc*<x`Y+z33i|2pRsWHy)
z)Y!W_Z&X33mi0K<10go$jL&ErrLO)Y(*sKc5*chrD81b&_3Nh?o`js`BVU6`I=~^O
zgNJ+nIOWkrt3PSRsSjde{4>b6me)<K!u5St^x!KnUW=e#{7#GZLJ@yXd~;5El^BXi
zy%rs`&54GTZn$i>P-5s|#Ibw=_#5(anoov~opDvTT0Y;1fOQ#T3uEr%#Id3p<J%)2
zK_P#MM2s!Fqf%opnpOV&zo{VvA;ArWH8p%!U31V?Xf|Y<=-y26%P`hg%ff)YJc7Fc
zq;GFd2TPLDsxk370C{1b%<2%U;+#32Ti`IPVSyH`mRY*F&J6a`7vM*XH4ARp)k8$=
zm_v@vAQ^=xHOE=J;Pto0pnVPstJULc8xsycA(z2SBZ1aT*m6o@gX@Q;=MUV<(WF0>
z64_DKWBclH*rHA<POEH6D*OS=DH7sfBC-}JdrwkYLswf%f1pvxt8K%u`7tf)AJFEh
zzYs=8U}@7t)DW%0A7PJbyuErLjzPeWN0dYA%Vv4n#nZL%nJR`zID+<jRZ4$*iuHV&
zyFbVrgt?lDv?ET#fbcq3lal+XlnR@@F_@TZ`$6wk*mT>pddzD=huSyVWG)B4Q|gAq
z2#Z~zxl1J~n}|wae30za(YiyJ!f5=pwuE4M)5V@EO#vk)7nAHJ0(jeQtQ7fX0HdAz
zoH(Z;gK!%&Aj(c~nH1y$24@pH$bJ~IdO@XfVs>z}bx{`kudtR=e9R-ojI+P*5C**T
z@wn5C7MpRL{t9Xwq)H%<IS9JX8swI-BUPe0xR~v@V7uXwj+J(x4kN*VH8r#QTwC_t
zbF4b6RJ(ky#_nZNc~0x>Nhs_$%CA%l`<E{N4j83}^JVE61_X#q6ha(v?5R%e88I&q
zP9j{!U;qPzfz>tFO-9}eVYhWKy}l=S!2Eb=3LwKgRBArk<m1iyNeeTd-J{;ll$f)1
z@aM#78d{!Th&<LNs!$5?WPXlB*zcDfhz2HQ-=fHSu`GDJ`B8<Lp6;_wJ!gHs6^)q~
ziFwqQlt;-yq`>rOV#LX(yX~oE*8fM2N#D-qL2L5GCD7tOXC4_pm3pw?IJTjok%F}2
z01iIh(|a3$ne<<oqm|ENYd5tpb|;9JKvydhD`pE|wB~OmU-l9gX;twgQ>iAI3nj(K
zsF)2KxOK>y%+r>cD$QtB%iM=EHvI<<%wK}hf6lpx5f*k3c@6cfU;Pz2{$NyD4O6Vj
zJZV-oreyj<)~QP-bRMpo;_4}`)U@7br?vnMa3pICCy{1tI;Z$_GwEB(QI5ua<~rK+
z;7kk<lfY(}dh-F6@~#j61w{<EAp>Q?lz~k~GUCTB)kj_q@xLu*RkNlFQNPx_Pv-)p
zanV66R3^4pwkG)n%^$1f+`pQ#Qp6`+u)cz<W(f7_0p0gkVrQ`-D1fol#vvkZwUM`a
rN-UTw{08;qONs4RtpSlLCO(njt|7nXvUqs@cDxy9;q}mEpZ72KZSYd`

literal 0
HcmV?d00001

diff --git a/nixos/roles/boot-key.nix b/nixos/roles/boot-key.nix
index 62159563..f9f1974a 100644
--- a/nixos/roles/boot-key.nix
+++ b/nixos/roles/boot-key.nix
@@ -1,19 +1,15 @@
 { lib, config, ... }:
-let
-  secretsFile = "/var/lib/luks-secret/key";
-  secretsInitrd = "/boot/grub/secrets-initrd.gz";
+let secretsFile = "/var/lib/luks-secret/key";
 in {
-  boot.initrd.luks.devices."nixos" = {
-    fallbackToPassword = true;
-    keyFile = secretsFile;
-  };
-  # copy the secret into the additional initramfs. `null` means same path
-  boot.initrd.secrets."${secretsFile}" = null;
-  boot.loader = {
-    supportsInitrdSecrets = lib.mkForce true;
-    grub.extraInitrd = secretsInitrd;
-    grub.extraPrepareConfig = ''
-      ${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd}
-    '';
+  boot = {
+    initrd = {
+      luks.devices."nixos" = {
+        fallbackToPassword = true;
+        keyFile = secretsFile;
+      };
+      # copy the secret into the additional initramfs. `null` means same path
+      secrets."${secretsFile}" = null;
+    };
+    loader.supportsInitrdSecrets = lib.mkForce true;
   };
 }
diff --git a/nixos/roles/server/init_ssh.nix b/nixos/roles/server/init_ssh.nix
index 7f96d575..f476b560 100644
--- a/nixos/roles/server/init_ssh.nix
+++ b/nixos/roles/server/init_ssh.nix
@@ -9,11 +9,7 @@ with lib; {
         ssh = {
           enable = true;
           authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
-
-          # generate file with
-          # nix-shell -p dropbear
-          # dropbearkey -t rsa -f boot_rsa
-          hostRSAKey = config.m-0.server.initSSHKey;
+          hostKeys = [ config.m-0.server.initSSHKey ];
         };
       };
       postMountCommands = "ip link set eth0 down";
diff --git a/overlays/email2matrix/package.nix b/overlays/email2matrix/package.nix
index 38615274..0bbba963 100644
--- a/overlays/email2matrix/package.nix
+++ b/overlays/email2matrix/package.nix
@@ -8,5 +8,5 @@ buildGoModule rec {
     rev = version;
     sha256 = "0nx99iab2y10m4jh4jl9c4y7j4iy8zlyfcn42v4y4mlk1507czlj";
   };
-  modSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
+  vendorSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
 }
diff --git a/overlays/neuron-language-server/package.nix b/overlays/neuron-language-server/package.nix
index 0b938c51..58df3925 100644
--- a/overlays/neuron-language-server/package.nix
+++ b/overlays/neuron-language-server/package.nix
@@ -1,7 +1,7 @@
 { buildGoModule, fetchFromGitHub }:
 buildGoModule {
   pname = "neuron-language-server";
-  version = "0.1";
+  version = "0.1.1";
 
   src = fetchFromGitHub {
     owner = "aca";
@@ -10,5 +10,7 @@ buildGoModule {
     sha256 = "1kbh0bzzfmk7aj3c6k3ifwx4p42lw2pnr68srk3qpy6hjna8nczb";
   };
 
-  vendorSha256 = "02dajl4l3c8522ik2hmiq8cx4kj4h2ykx8l7qsal5xznx9pqbs7i";
+  doCheck = false;
+
+  vendorSha256 = "0pjjkw0633l8qbvwzy57rx76zjn3w3kf5f7plxnpxih9zj0q258l";
 }