From 00000040af7743df52584b32226200ef3d6465ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 16 Jun 2023 20:08:33 +0200 Subject: [PATCH] Migrate deprecated settings --- config/default.nix | 8 +++++--- hosts/dacbert/default.nix | 6 ++++-- hosts/freifunk/default.nix | 16 +++++++++------- hosts/hydra/default.nix | 6 ++++-- hosts/pulsebert/default.nix | 2 +- hosts/riscbert/default.nix | 2 +- hosts/schalter/default.nix | 2 +- hosts/server10/default.nix | 6 ++++-- hosts/server6/default.nix | 6 ++++-- hosts/server7/default.nix | 6 ++++-- hosts/server8/default.nix | 6 ++++-- hosts/server9/default.nix | 6 ++++-- modules/rpi-netboot.nix | 2 +- 13 files changed, 46 insertions(+), 28 deletions(-) diff --git a/config/default.nix b/config/default.nix index a97ab685..203ae83d 100644 --- a/config/default.nix +++ b/config/default.nix @@ -21,7 +21,7 @@ ]; boot = { - cleanTmpDir = true; + tmp.cleanOnBoot = true; kernel.sysctl = { "net.ipv4.tcp_congestion_control" = "bbr"; }; @@ -188,8 +188,10 @@ openssh = { # Required for deployment and sops enable = true; - passwordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false; - permitRootLogin = lib.mkOverride 900 "prohibit-password"; + settings = { + PasswordAuthentication = lib.mkIf (!config.c3d2.k-ot.enable) false; + PermitRootLogin = lib.mkOverride 900 "prohibit-password"; + }; }; portunus = with zentralwerk.lib.config.site.net.serv; { diff --git a/hosts/dacbert/default.nix b/hosts/dacbert/default.nix index d2070b48..d894861b 100644 --- a/hosts/dacbert/default.nix +++ b/hosts/dacbert/default.nix @@ -90,8 +90,10 @@ in "compat_uts_machine=armv6l" ]; - tmpOnTmpfs = true; - tmpOnTmpfsSize = "80%"; + tmp = { + useTmpfs = true; + tmpfsSize = "80%"; + }; }; # hardware.raspberry-pi."4" = { # fkms-3d.enable = true; diff --git a/hosts/freifunk/default.nix b/hosts/freifunk/default.nix index 7eafc79f..11b44f8c 100644 --- a/hosts/freifunk/default.nix +++ b/hosts/freifunk/default.nix @@ -55,13 +55,15 @@ in { "${modulesPath}/profiles/minimal.nix" ]; - boot.tmpOnTmpfs = true; - boot.postBootCommands = '' - if [ ! -c /dev/net/tun ]; then - mkdir -p /dev/net - mknod -m 666 /dev/net/tun c 10 200 - fi - ''; + boot = { + postBootCommands = '' + if [ ! -c /dev/net/tun ]; then + mkdir -p /dev/net + mknod -m 666 /dev/net/tun c 10 200 + fi + ''; + tmp.useTmpfs = true; + }; c3d2 = { hq.statistics.enable = true; deployment = { diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix index c6ac6cc4..c0d8cb9e 100644 --- a/hosts/hydra/default.nix +++ b/hosts/hydra/default.nix @@ -16,8 +16,10 @@ in }; boot = { - tmpOnTmpfs = true; - tmpOnTmpfsSize = "80%"; + tmp = { + useTmpfs = true; + tmpfsSize = "80%"; + }; kernelModules = [ "kvm-intel" ]; kernelParams = [ "mitigations=off" "preempt=none" ]; loader = { diff --git a/hosts/pulsebert/default.nix b/hosts/pulsebert/default.nix index ad19b07a..0ecdc2eb 100644 --- a/hosts/pulsebert/default.nix +++ b/hosts/pulsebert/default.nix @@ -17,7 +17,7 @@ loader.grub.enable = false; loader.efi.canTouchEfiVariables = true; supportedFilesystems = lib.mkForce [ "vfat" "ext4" ]; - tmpOnTmpfs = true; + tmp.useTmpfs = true; }; hardware = { diff --git a/hosts/riscbert/default.nix b/hosts/riscbert/default.nix index 3ef11e80..d9f86b18 100644 --- a/hosts/riscbert/default.nix +++ b/hosts/riscbert/default.nix @@ -26,7 +26,7 @@ ]; }; - tmpOnTmpfs = true; + tmp.useTmpfs = true; }; fileSystems."/mnt/sd" = { diff --git a/hosts/schalter/default.nix b/hosts/schalter/default.nix index 2196de1b..b3be4cdd 100644 --- a/hosts/schalter/default.nix +++ b/hosts/schalter/default.nix @@ -18,7 +18,7 @@ # no zfs required supportedFilesystems = lib.mkForce [ "vfat" "ext4" ]; - tmpOnTmpfs = true; + tmp.useTmpfs = true; }; nixpkgs.config.packageOverrides = pkgs: { diff --git a/hosts/server10/default.nix b/hosts/server10/default.nix index afa02fe4..c05f013d 100644 --- a/hosts/server10/default.nix +++ b/hosts/server10/default.nix @@ -23,8 +23,10 @@ # No server/router runs any untrusted user code "mitigations=off" ]; - tmpOnTmpfs = true; - tmpOnTmpfsSize = "80%"; + tmp = { + useTmpfs = true; + tmpfsSize = "80%"; + }; }; networking = { diff --git a/hosts/server6/default.nix b/hosts/server6/default.nix index dac6c335..49cb637c 100644 --- a/hosts/server6/default.nix +++ b/hosts/server6/default.nix @@ -21,8 +21,10 @@ _: # No server/router runs any untrusted user code "mitigations=off" ]; - tmpOnTmpfs = true; - tmpOnTmpfsSize = "80%"; + tmp = { + useTmpfs = true; + tmpfsSize = "80%"; + }; }; disko.disks = [ { diff --git a/hosts/server7/default.nix b/hosts/server7/default.nix index 9b8c0149..f65f9f8b 100644 --- a/hosts/server7/default.nix +++ b/hosts/server7/default.nix @@ -22,8 +22,10 @@ # No server/router runs any untrusted user code "mitigations=off" ]; - tmpOnTmpfs = true; - tmpOnTmpfsSize = "80%"; + tmp = { + useTmpfs = true; + tmpfsSize = "80%"; + }; }; networking = { diff --git a/hosts/server8/default.nix b/hosts/server8/default.nix index adb89b9a..365c0ea7 100644 --- a/hosts/server8/default.nix +++ b/hosts/server8/default.nix @@ -22,8 +22,10 @@ # No server/router runs any untrusted user code "mitigations=off" ]; - tmpOnTmpfs = true; - tmpOnTmpfsSize = "80%"; + tmp = { + useTmpfs = true; + tmpfsSize = "80%"; + }; }; networking = { diff --git a/hosts/server9/default.nix b/hosts/server9/default.nix index 946f7978..028c109e 100644 --- a/hosts/server9/default.nix +++ b/hosts/server9/default.nix @@ -21,8 +21,10 @@ # No server/router runs any untrusted user code "mitigations=off" ]; - tmpOnTmpfs = true; - tmpOnTmpfsSize = "80%"; + tmp = { + useTmpfs = true; + tmpfsSize = "80%"; + }; }; networking = { diff --git a/modules/rpi-netboot.nix b/modules/rpi-netboot.nix index d1cf93f7..1c6a4b15 100644 --- a/modules/rpi-netboot.nix +++ b/modules/rpi-netboot.nix @@ -36,7 +36,7 @@ ]; }; - tmpOnTmpfs = true; + tmp.useTmpfs = true; }; hardware.deviceTree.enable = true;