flake.lock: Update

Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/4ecab3273592f27479a583fb6d975d4aba3486fe' (2023-05-31)
  → 'github:NixOS/nixpkgs/18388d019974e90a035bdb938a8a3ca3c0408db9' (2023-06-04)
• Updated input 'openwrt':
    'git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-22.03&rev=ce32068bf2d85e03d3dd034ab345d55247e5626c' (2023-05-28)
  → 'git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-22.03&rev=171b51519206b5e66ebd01d322f41d790976ce87' (2023-06-03)
• Updated input 'openwrt-imagebuilder':
    'github:astro/nix-openwrt-imagebuilder/c600f6dbe0516b34a307d9ec69015e123ec859a4' (2023-05-31)
  → 'github:astro/nix-openwrt-imagebuilder/b5901ec9361152f1f588445d1b3f06239ea4b86c' (2023-06-04)

config/secrets.nix

@@ -280,7 +280,7 @@
     ap9.wifi."platform/qca953x_wmac".ssids."Herzzbuehne".psk = "encrypted";
   };
 
-  site.dyndnsKey = "SECRET";
+  site.dyndnsKey = "oYmxXCIa0nArp0679L6v+y/UfnhripOudLv+R5Cop8I=";
 
   site.vpn.wireguard = {
     privateKey = "wPNXY4ED3Jz3Kz0KOmvfQOou6/wHrgqSsykaMYrtb28=";

flake.lock

@@ -2,16 +2,16 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1681490924,
-        "narHash": "sha256-6WrkhmG0pI09VqeYWRLxEgNlVeWdnM5at6vm0w4prBk=",
+        "lastModified": 1685912674,
+        "narHash": "sha256-9iRV7ZxZO13MXEBZvWTak9OTddkit66qbbDtroqV4X4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "781df3d2de37ace250ba3c2731606c0b6bee465b",
+        "rev": "18388d019974e90a035bdb938a8a3ca3c0408db9",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "release-22.11",
+        "ref": "release-23.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -19,11 +19,11 @@
     "openwrt": {
       "flake": false,
       "locked": {
-        "lastModified": 1681412046,
-        "narHash": "sha256-mW4B/9GVminuxC0EM6WeQ9soqBy2k8INjhpT+mrnIow=",
+        "lastModified": 1685795498,
+        "narHash": "sha256-DZS2L/646UDQjXKVYL5wuqoYXQ1cc/9M7fy5lXQ5/Gw=",
         "ref": "openwrt-22.03",
-        "rev": "9af29da281213108cd861ed77b0416bf6eda0aaf",
-        "revCount": 54587,
+        "rev": "171b51519206b5e66ebd01d322f41d790976ce87",
+        "revCount": 54629,
         "type": "git",
         "url": "https://git.openwrt.org/openwrt/openwrt.git"
       },
@@ -40,11 +40,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1681468707,
-        "narHash": "sha256-aD+74KowPjyxWP+bIqmZZaIHe5WxEhoXOSF+qOOCwPg=",
+        "lastModified": 1685874260,
+        "narHash": "sha256-rem5LdqVtunLJZ+lXvwAJCMFucJmT+kaXoTOIbGelXg=",
         "owner": "astro",
         "repo": "nix-openwrt-imagebuilder",
-        "rev": "b3d1f398472452ea288ce2d8dbf20d6115bf1c64",
+        "rev": "b5901ec9361152f1f588445d1b3f06239ea4b86c",
         "type": "github"
       },
       "original": {

flake.nix

@@ -2,7 +2,7 @@
   description = "Zentralwerk network";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/release-22.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/release-23.05";
     openwrt = {
       url = "git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-22.03";
       flake = false;

nix/nixos-module/container/defaults.nix

@@ -6,18 +6,11 @@
     (modulesPath + "/virtualisation/lxc-container.nix")
   ];
 
-  boot = {
-    isContainer = true;
-    loader = {
-      initScript.enable = true;
-    };
-  };
-
   environment.etc."machine-id".text =
     builtins.substring 0 8 (
       builtins.hashString "sha256" config.networking.hostName
     );
-  
+
   nix = {
     settings = {
       sandbox = false;

nix/nixos-module/container/upstream/pppoe.nix

@@ -26,7 +26,7 @@ in lib.mkIf (pppoeInterfaces != {}) {
       enable = true;
       autostart = true;
       config = ''
-        plugin rp-pppoe.so
+        plugin pppoe.so
         nic-${upstream.link}
         ifname ${ifName}
         # Login settings. (PAP)
@@ -39,11 +39,11 @@ in lib.mkIf (pppoeInterfaces != {}) {
         maxfail 0
         # Seconds between reconnection attempts
         holdoff 1
- 
+
         # LCP settings.
         lcp-echo-interval 5
         lcp-echo-failure 6
-        
+
         # PPPoE compliant settings.
         noaccomp
         default-asyncmap

nix/nixos-module/defaults.nix

@@ -7,9 +7,9 @@
     # Prevents automatic creation of interface bond0 by the kernel
     "bonding.max_bonds=0"
   ];
-  boot.tmpOnTmpfs = true;
+  boot.tmp.useTmpfs = true;
   # Includes wireguard
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelPackages = pkgs.zfsUnstable.latestCompatibleLinuxPackages;
   # Keep building
   boot.zfs.enableUnstable = true;
 
@@ -35,8 +35,8 @@
   };
 
   documentation = {
-    enable = false;
-    nixos.enable = false;
+    enable = lib.mkForce false;
+    nixos.enable = lib.mkForce false;
   };
 
   environment.systemPackages = with pkgs; [

nix/nixos-module/server/defaults.nix

@@ -12,7 +12,7 @@
     ipmitool
   ];
   services.openssh.enable = true;
-  services.openssh.permitRootLogin = "prohibit-password";
+  services.openssh.settings.PermitRootLogin = "prohibit-password";
 
   # additional config for bare metal
   services.collectd = {

nix/nixos-module/server/lxc-containers.nix

@@ -14,6 +14,10 @@ let
   shortenNetName = name:
     if builtins.match "priv(.*)" name != null
     then "p" + builtins.substring 4 9 name
+    else if name == "coloradio"
+    then "cr"
+    else if name == "coloradio-gw"
+    then "cr-gw"
     else name;
 
   checkIfname = ifname: let
@@ -248,6 +252,8 @@ in
       Restart = "always";
       RestartSec = "1s";
     };
+    # Prevent restart on host nixos-rebuild switch
+    restartIfChanged = false;
   };
 
   # Starts all the containers after boot