diff --git a/morph/grid/local/Vagrantfile b/morph/grid/local/Vagrantfile index 64d4aec5aadc67e48c91cb0b8154b1107c23f1bb..96946e530b313004357f02c3c0737d33f689a33c 100644 --- a/morph/grid/local/Vagrantfile +++ b/morph/grid/local/Vagrantfile @@ -60,7 +60,7 @@ Vagrant.configure("2") do |config| end # To make the VMs assign the static IPs to the network interfaces we need a rebuild: - config.vm.provision "shell", inline: "echo '{nix.trustedUsers = [ \"@wheel\" \"root\" \"vagrant\" ];}' > /etc/nixos/custom-configuration.nix" + config.vm.provision "shell", inline: "echo '{nix.settings.trusted-users = [ \"@wheel\" \"root\" \"vagrant\" ];}' > /etc/nixos/custom-configuration.nix" config.vm.provision "shell", inline: "nixos-rebuild switch" config.trigger.after :up do |trigger| diff --git a/morph/lib/hardware-vagrant.nix b/morph/lib/hardware-vagrant.nix index 6c41af4923861e89d144303d129d7babde494363..fba9353105463deed962c44b7cae1bcf936d68f0 100644 --- a/morph/lib/hardware-vagrant.nix +++ b/morph/lib/hardware-vagrant.nix @@ -52,6 +52,6 @@ }; # We want to push packages with morph without having to sign them - nix.trustedUsers = [ "@wheel" "root" "vagrant" ]; + nix.settings.trusted-users = [ "@wheel" "root" "vagrant" ]; }; } diff --git a/nixos/modules/deployment.nix b/nixos/modules/deployment.nix index 41381ce5d33e62f4e569b87709d591f3586804df..cbc8766e884be491e0425bce0f1fc3765fb15295 100755 --- a/nixos/modules/deployment.nix +++ b/nixos/modules/deployment.nix @@ -36,10 +36,10 @@ in { # Configure the system to use our binary cache so that deployment updates # only require downloading pre-built software, not building it ourselves. nix = { - binaryCachePublicKeys = [ + settings.trusted-public-keys = [ "saxtons.private.storage:MplOcEH8G/6mRlhlKkbA8GdeFR3dhCFsSszrspE/ZwY=" ]; - binaryCaches = [ + settings.substituters = [ "http://saxtons.private.storage" ]; }; diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix index 375f064c63c65b1b0b0c5fa94a121a4d68bba781..5537850b4dfc72038d8ba75f92881dd4762b222c 100644 --- a/nixos/modules/issuer.nix +++ b/nixos/modules/issuer.nix @@ -254,7 +254,7 @@ in { ]; # NGINX reverse proxy - security.acme.email = cfg.letsEncryptAdminEmail; + security.acme.defaults.email = cfg.letsEncryptAdminEmail; security.acme.acceptTerms = true; services.nginx = { enable = true; diff --git a/nixos/modules/ssh.nix b/nixos/modules/ssh.nix index 8d5d5766ae3b30c4801b6ce200fa58c1460f6ca7..d872d1118b7d12c05344cbeadc3d11a5096c6bd0 100644 --- a/nixos/modules/ssh.nix +++ b/nixos/modules/ssh.nix @@ -29,7 +29,7 @@ allowSFTP = false; # We only allow key-based authentication. - challengeResponseAuthentication = false; + kbdInteractiveAuthentication = false; passwordAuthentication = false; extraConfig = ''