fixes for oracle when updating to latest

hosts/oracle/default.nix

@@ -1,4 +1,4 @@
-{ inputs, globals, ... }:
+{ inputs, globals, overlays, ... }:
 
 with inputs;
 
@@ -15,7 +15,8 @@ nixpkgs.lib.nixosSystem {
     home-manager.nixosModules.home-manager
     {
       gui.enable = false;
-      colorscheme = (import ../../modules/colorscheme/gruvbox);
+      theme = { colors = (import ../../modules/colorscheme/gruvbox).dark; };
+      nixpkgs.overlays = overlays;
 
       # FQDNs for various services
       networking.hostName = "oracle";

modules/nixos/user.nix

@@ -5,6 +5,7 @@
     passwordHash = lib.mkOption {
       type = lib.types.nullOr lib.types.str;
       description = "Password created with mkpasswd -m sha-512";
+      default = null;
       # Test it by running: mkpasswd -m sha-512 --salt "PZYiMGmJIIHAepTM"
     };
 

modules/services/nextcloud.nix

@@ -15,7 +15,7 @@
 
     services.nextcloud = {
       enable = true;
-      package = pkgs.nextcloud24; # Required to specify
+      package = pkgs.nextcloud25; # Required to specify
       https = true;
       hostName = "localhost";
       maxUploadSize = "50G";

modules/services/prometheus.nix

@@ -8,6 +8,10 @@
   config = {
 
     services.grafana.enable = true;
+
+    # Required to fix error in latest nixpkgs
+    services.grafana.settings = { };
+
     services.prometheus = {
       enable = true;
       exporters.node.enable = true;

modules/services/transmission.nix

@@ -50,6 +50,10 @@
       }];
     }];
 
+    # Caddy and Transmission both try to set rmem_max for larger UDP packets.
+    # We will choose Transmission's recommendation (4 MB).
+    boot.kernel.sysctl."net.core.rmem_max" = 4194304;
+
     # Allow inbound connections to reach namespace
     systemd.services.transmission-web-netns = {
       description = "Forward to transmission in wireguard namespace";

modules/services/vaultwarden.nix

@@ -52,6 +52,7 @@ in {
       handle = [{
         handler = "reverse_proxy";
         upstreams = [{ dial = "localhost:8222"; }];
+        headers.request.add."X-Real-IP" = [ "{http.request.remote.host}" ];
       }];
     }];
 

patches/calibre-web-cloudflare.patch

@@ -1,20 +1,20 @@
 diff --git a/cps/__init__.py b/cps/__init__.py
-index 0b912d23..ad5d1fa9 100644
+index 1ba1f778..da0bc718 100644
 --- a/cps/__init__.py
 +++ b/cps/__init__.py
-@@ -83,7 +83,6 @@ app.config.update(
+@@ -100,7 +100,6 @@ updater_thread = Updater()
- lm = MyLoginManager()
+ def create_app():
- lm.login_view = 'web.login'
+     lm.login_view = 'web.login'
- lm.anonymous_user = ub.Anonymous
+     lm.anonymous_user = ub.Anonymous
--lm.session_protection = 'strong'
+-    lm.session_protection = 'strong'
  
- if wtf_present:
+     if csrf:
-     csrf = CSRFProtect()
+         csrf.init_app(app)
 diff --git a/cps/admin.py b/cps/admin.py
-index 1004ee78..e295066e 100644
+index 09a553b4..5c646e46 100644
 --- a/cps/admin.py
 +++ b/cps/admin.py
-@@ -98,8 +98,6 @@ def before_request():
+@@ -104,8 +104,6 @@ def before_request():
      # make remember me function work
      if current_user.is_authenticated:
          confirm_login()