diff --git a/flake.lock b/flake.lock index e91b1a1..f6434fa 100644 --- a/flake.lock +++ b/flake.lock @@ -58,11 +58,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1733851514, - "narHash": "sha256-fQt/HzF+OBC8xLRYeHiYLSEzjrgOLNWhyd102aY2oLU=", + "lastModified": 1736005916, + "narHash": "sha256-a/sqKV5GvqEcQEGfUGQkhWaUnqIRi8oiDAHbBG1oFZg=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "b059e1d6e7a94bbeabb4e87d47b5f5097fd61823", + "rev": "5db6f7711a28abd4b6bbe152c8a7de9d00b1e30d", "type": "github" }, "original": { @@ -74,16 +74,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1733849292, - "narHash": "sha256-gJYgrRxytoGHkjeEsiKY/tl06D8XOnZZ9SDpK1WSyUw=", + "lastModified": 1734959339, + "narHash": "sha256-CkUmsVKzAQ/VWIhtxWxlcGtrWVa8hxqsMqvfcsG5ktA=", "owner": "goauthentik", "repo": "authentik", - "rev": "0edd7531a152910e6bdd4f7d3d0cde3ed5fdd956", + "rev": "e87a17fd8169d3fa92bcc47eb2743928df83bc95", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2024.10.5", + "ref": "version/2024.12.1", "repo": "authentik", "type": "github" } @@ -246,16 +246,16 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1735344290, + "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "613691f285dad87694c2ba1c9e6298d04736292d", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -269,11 +269,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1733868086, + "lastModified": 1735074045, "narHash": "sha256-CeYsC8J2dNiV2FCQOxK1oZ/jNpOF2io7aCEFHmfi95U=", "owner": "astro", "repo": "microvm.nix", - "rev": "870cb181719aa12baf478d7cde6068ec7ed144ae", + "rev": "2ae08de8e8068b00193b9cfbc0acc9dfdda03181", "type": "github" }, "original": { @@ -360,11 +360,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1735834308, + "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "6df24922a1400241dae323af55f30e4318a6ca65", "type": "github" }, "original": { @@ -376,16 +376,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1733730953, - "narHash": "sha256-dlK7n82FEyZlHH7BFHQAM5tua+lQO1Iv7aAtglc1O5s=", + "lastModified": 1736200483, + "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7109b680d161993918b0a126f38bc39763e5a709", + "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } @@ -408,11 +408,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1730284601, - "narHash": "sha256-eHYcKVLIRRv3J1vjmxurS6HVdGphB53qxUeAkylYrZY=", + "lastModified": 1735164664, + "narHash": "sha256-DaWy+vo3c4TQ93tfLjUgcpPaSoDw4qV4t76Y3Mhu84I=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "43a898b4d76f7f3f70df77a2cc2d40096bc9d75e", + "rev": "1fb01e90771f762655be7e0e805516cd7fa4d58e", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f636dcf..089d94b 100644 --- a/flake.nix +++ b/flake.nix @@ -2,9 +2,9 @@ description = "A simple system flake using some Aux defaults"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; home-manager = { - url = "github:nix-community/home-manager/release-24.05"; + url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; microvm.url = "github:astro/microvm.nix"; diff --git a/hosts/nixmox-curiosity/configuration.nix b/hosts/nixmox-curiosity/configuration.nix index 8527e2b..b3d58ff 100644 --- a/hosts/nixmox-curiosity/configuration.nix +++ b/hosts/nixmox-curiosity/configuration.nix @@ -103,6 +103,6 @@ qemuGuest.enable = true; }; - system.stateVersion = "24.05"; # Did you read the comment? + system.stateVersion = "24.11"; # Did you read the comment? } diff --git a/hosts/nixmox-curiosity/home.nix b/hosts/nixmox-curiosity/home.nix index e88fe0b..5173e23 100644 --- a/hosts/nixmox-curiosity/home.nix +++ b/hosts/nixmox-curiosity/home.nix @@ -2,7 +2,7 @@ { home = { username = "tbarnouin"; - stateVersion = "24.05"; + stateVersion = "24.11"; sessionPath = [ "$HOME/.local/bin" ]; diff --git a/hosts/nixmox-perseverance/configuration.nix b/hosts/nixmox-perseverance/configuration.nix index 778d107..ed6c2c2 100644 --- a/hosts/nixmox-perseverance/configuration.nix +++ b/hosts/nixmox-perseverance/configuration.nix @@ -103,6 +103,6 @@ qemuGuest.enable = true; }; - system.stateVersion = "24.05"; # Did you read the comment? + system.stateVersion = "24.11"; # Did you read the comment? } diff --git a/hosts/nixmox-perseverance/home.nix b/hosts/nixmox-perseverance/home.nix index e88fe0b..5173e23 100644 --- a/hosts/nixmox-perseverance/home.nix +++ b/hosts/nixmox-perseverance/home.nix @@ -2,7 +2,7 @@ { home = { username = "tbarnouin"; - stateVersion = "24.05"; + stateVersion = "24.11"; sessionPath = [ "$HOME/.local/bin" ]; diff --git a/services/minimalConfig/default.nix b/services/minimalConfig/default.nix index fd83cb6..2d15b80 100644 --- a/services/minimalConfig/default.nix +++ b/services/minimalConfig/default.nix @@ -118,7 +118,7 @@ }; system = { - stateVersion = "24.05"; + stateVersion = "24.11"; activationScripts.ensure-ssh-key-dir.text = "mkdir -p /etc/ssh"; }; } diff --git a/services/nginx/default.nix b/services/nginx/default.nix index 626dfe7..5caf47d 100644 --- a/services/nginx/default.nix +++ b/services/nginx/default.nix @@ -61,12 +61,14 @@ in # Enable CSP for your services. #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + add_header Content-Security-Policy "frame-ancestors self cloud.le43.eu office.le43.eu; upgrade-insecure-requests; frame-src 'self' http://office.le43.eu;"; + # Minimize information leaked to other domains add_header 'Referrer-Policy' 'origin-when-cross-origin'; # Disable embedding as a frame - add_header X-Frame-Options SAMEORIGIN; + #add_header X-Frame-Options SAMEORIGIN; # Prevent injection of code in other mime types (XSS Attacks) add_header X-Content-Type-Options nosniff; diff --git a/systems/minimalLXCConfig.nix b/systems/minimalLXCConfig.nix index cc45864..32cbcb3 100644 --- a/systems/minimalLXCConfig.nix +++ b/systems/minimalLXCConfig.nix @@ -126,7 +126,7 @@ }; system = { - stateVersion = "24.05"; + stateVersion = "24.11"; activationScripts.ensure-ssh-key-dir.text = "mkdir -p /etc/ssh"; }; } diff --git a/systems/minimalMicrovmConfig.nix b/systems/minimalMicrovmConfig.nix index ce0ab8a..cd46ddc 100644 --- a/systems/minimalMicrovmConfig.nix +++ b/systems/minimalMicrovmConfig.nix @@ -187,7 +187,7 @@ in }; system = { - stateVersion = "24.05"; + stateVersion = "24.11"; activationScripts.ensure-ssh-key-dir.text = "mkdir -p /etc/ssh"; }; }; diff --git a/systems/minimalVMConfig.nix b/systems/minimalVMConfig.nix index bb06f68..1431860 100644 --- a/systems/minimalVMConfig.nix +++ b/systems/minimalVMConfig.nix @@ -114,7 +114,7 @@ }; system = { - stateVersion = "24.05"; + stateVersion = "24.11"; activationScripts.ensure-ssh-key-dir.text = "mkdir -p /etc/ssh"; }; }