From 2d7287fade355729afc5e7c2bdeea6c4327661f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sat, 22 Mar 2025 08:48:45 +0100
Subject: [PATCH 1/6] also update flake in update-extensions action

---
 .../workflows/{update-extensions.yml => update-wiki.yml}    | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
 rename .github/workflows/{update-extensions.yml => update-wiki.yml} (87%)

diff --git a/.github/workflows/update-extensions.yml b/.github/workflows/update-wiki.yml
similarity index 87%
rename from .github/workflows/update-extensions.yml
rename to .github/workflows/update-wiki.yml
index 90341ac..e7a80c9 100644
--- a/.github/workflows/update-extensions.yml
+++ b/.github/workflows/update-wiki.yml
@@ -1,4 +1,4 @@
-name: "Update mediawiki extensions"
+name: "Update wiki"
 on:
   repository_dispatch:
   workflow_dispatch:
@@ -20,8 +20,10 @@ jobs:
       - run: ./modules/nixos-wiki/update-extensions.py ./modules/nixos-wiki/extensions.json
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run:
+          nix flake update
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v7
         with:
-          title: Update mediawiki extensions
+          title: Update wiki extensions
           labels: merge-queue

From 36192b2a1ac8070d10feba8e23d5dc18d2f1c544 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sat, 22 Mar 2025 08:48:56 +0100
Subject: [PATCH 2/6] switch to nixos-rebuild-ng for updating

---
 formatter.nix                          | 1 +
 targets/nixos-wiki.nixos.org/deploy.sh | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/formatter.nix b/formatter.nix
index f4ec9d2..245ef16 100644
--- a/formatter.nix
+++ b/formatter.nix
@@ -46,6 +46,7 @@
             [
               pkgs.bashInteractive
               pkgs.sops
+              pkgs.nixos-rebuild-ng
               (pkgs.opentofu.withPlugins (
                 p:
                 builtins.map convert2Tofu [
diff --git a/targets/nixos-wiki.nixos.org/deploy.sh b/targets/nixos-wiki.nixos.org/deploy.sh
index 347b795..19f606f 100755
--- a/targets/nixos-wiki.nixos.org/deploy.sh
+++ b/targets/nixos-wiki.nixos.org/deploy.sh
@@ -10,6 +10,6 @@ nixBuild() {
   fi
 }
 nixBuild .#checks.x86_64-linux.test .#nixosConfigurations.nixos-wiki-nixos-org.config.system.build.toplevel -L
-if ! nixos-rebuild switch --flake .#nixos-wiki-nixos-org --target-host root@wiki.nixos.org; then
-  nixos-rebuild switch --flake .#nixos-wiki-nixos-org --target-host root@wiki.nixos.org
+if ! nixos-rebuild-ng switch --flake .#nixos-wiki-nixos-org --target-host root@wiki.nixos.org; then
+  nixos-rebuild-ng switch --flake .#nixos-wiki-nixos-org --target-host root@wiki.nixos.org
 fi

From 830d4856813c9e18907f8c7460dd1a95ce513377 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sat, 22 Mar 2025 08:49:33 +0100
Subject: [PATCH 3/6] update flakes

---
 flake.lock | 39 +++++++++++++++++++--------------------
 flake.nix  |  1 -
 2 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/flake.lock b/flake.lock
index 71f7ded..17a9696 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715526530,
-        "narHash": "sha256-1ot3VxxbRexDAbk70n0yLt7EEEzypAGK3ut+YV7m/Mg=",
+        "lastModified": 1741786315,
+        "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "94a818d8b914e06c04c21b5f0bafbb4b96ee8b47",
+        "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
         "type": "github"
       },
       "original": {
@@ -27,11 +27,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714641030,
-        "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=",
+        "lastModified": 1741352980,
+        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e",
+        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
         "type": "github"
       },
       "original": {
@@ -42,10 +42,10 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1727506465,
-        "narHash": "sha256-3kTzEJ3X+RmNB9hamk+HnRj4MVLuZ2nzGaT1IeKuHZg=",
+        "lastModified": 1742584082,
+        "narHash": "sha256-0xccOonj868cv6EjerMZ7hZMOfCpaTb3I82ZZhZQB8w=",
         "ref": "nixos-unstable-small",
-        "rev": "0c839cfcda894af2030d5731414542a92a7af207",
+        "rev": "fbcdd2bccd1b6960b48578a608b581bff18e7646",
         "shallow": true,
         "type": "git",
         "url": "https://github.com/NixOS/nixpkgs"
@@ -71,15 +71,14 @@
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
-        ],
-        "nixpkgs-stable": []
+        ]
       },
       "locked": {
-        "lastModified": 1715482972,
-        "narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=",
+        "lastModified": 1742595978,
+        "narHash": "sha256-05onsoMrLyXE4XleDCeLC3bXnC4nyUbKWInGwM7v6hU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e",
+        "rev": "b7756921b002de60fb66782effad3ce8bdb5b25d",
         "type": "github"
       },
       "original": {
@@ -95,11 +94,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1727491384,
-        "narHash": "sha256-km86bDL46XmO4gkfvCfhCXfZDZPg/O72A65fF+hUPJM=",
+        "lastModified": 1742432134,
+        "narHash": "sha256-J9BMk5uEXGZqe3ksA+TNjpuWx67r6qwa6MCS+ayDTqw=",
         "owner": "numtide",
         "repo": "srvos",
-        "rev": "e1f0d6e42d9ea0cf031fd3469f35d78c3af21b85",
+        "rev": "60a187c45762fcc5ed0f3c97e1da890d0ed3f695",
         "type": "github"
       },
       "original": {
@@ -115,11 +114,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1714058656,
-        "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
+        "lastModified": 1742370146,
+        "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
+        "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index cef10a3..179135a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -16,7 +16,6 @@
 
     sops-nix.url = "github:Mic92/sops-nix";
     sops-nix.inputs.nixpkgs.follows = "nixpkgs";
-    sops-nix.inputs.nixpkgs-stable.follows = "";
   };
 
   outputs =

From e0847712647f0227212c808c4da75a0ff954d223 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sat, 22 Mar 2025 08:49:57 +0100
Subject: [PATCH 4/6] update formatter

---
 .github/workflows/update-wiki.yml |  3 +--
 formatter.nix                     | 10 +++++++---
 modules/nixos-wiki/backup.nix     |  3 ++-
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/update-wiki.yml b/.github/workflows/update-wiki.yml
index e7a80c9..97ef55b 100644
--- a/.github/workflows/update-wiki.yml
+++ b/.github/workflows/update-wiki.yml
@@ -20,8 +20,7 @@ jobs:
       - run: ./modules/nixos-wiki/update-extensions.py ./modules/nixos-wiki/extensions.json
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - run:
-          nix flake update
+      - run: nix flake update
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v7
         with:
diff --git a/formatter.nix b/formatter.nix
index 245ef16..421734e 100644
--- a/formatter.nix
+++ b/formatter.nix
@@ -38,9 +38,13 @@
               convert2Tofu =
                 provider:
                 provider.override (prev: {
-                  homepage = builtins.replaceStrings [ "registry.terraform.io/providers" ] [
-                    "registry.opentofu.org"
-                  ] prev.homepage;
+                  homepage =
+                    builtins.replaceStrings
+                      [ "registry.terraform.io/providers" ]
+                      [
+                        "registry.opentofu.org"
+                      ]
+                      prev.homepage;
                 });
             in
             [
diff --git a/modules/nixos-wiki/backup.nix b/modules/nixos-wiki/backup.nix
index 0f1d30c..27fd66b 100644
--- a/modules/nixos-wiki/backup.nix
+++ b/modules/nixos-wiki/backup.nix
@@ -98,7 +98,8 @@ in
     group = "root";
   };
 
-  programs.ssh.knownHosts."[u391032.your-storagebox.de]:23".publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
+  programs.ssh.knownHosts."[u391032.your-storagebox.de]:23".publicKey =
+    "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
 
   systemd.services.borgbackup-job-state = {
     wants = [ "wiki-backup.service" ];

From 9f4d084e364a98f6e238a0b9a341843df94cc3c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sat, 22 Mar 2025 08:53:21 +0100
Subject: [PATCH 5/6] remove out-of-place gitignore

---
 checks/linkcheck/.gitignore | 5 -----
 1 file changed, 5 deletions(-)
 delete mode 100644 checks/linkcheck/.gitignore

diff --git a/checks/linkcheck/.gitignore b/checks/linkcheck/.gitignore
deleted file mode 100644
index 6f6c2b4..0000000
--- a/checks/linkcheck/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-temp
-.direnv
-*-report
-result*
-workdir

From f7527996883534bdd5ebad8eddf34391ecbda0f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sat, 22 Mar 2025 08:53:29 +0100
Subject: [PATCH 6/6] update treefmt settings

---
 .envrc                  | 2 ++
 .envrc.private-template | 1 +
 checks/linkcheck/.envrc | 1 +
 formatter.nix           | 5 ++++-
 4 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/.envrc b/.envrc
index 41160ef..3662296 100644
--- a/.envrc
+++ b/.envrc
@@ -1,3 +1,5 @@
+# shellcheck shell=bash
+
 use flake
 
 watch_file .envrc.private
diff --git a/.envrc.private-template b/.envrc.private-template
index b33647d..36b045e 100644
--- a/.envrc.private-template
+++ b/.envrc.private-template
@@ -1,2 +1,3 @@
+# shellcheck shell=bash
 # https://console.hetzner.cloud/projects/2643361/security/tokens
 export HCLOUD_TOKEN='<your-hetzner-token>'
diff --git a/checks/linkcheck/.envrc b/checks/linkcheck/.envrc
index 48cb98d..083c955 100644
--- a/checks/linkcheck/.envrc
+++ b/checks/linkcheck/.envrc
@@ -1 +1,2 @@
+# shellcheck shell=bash
 use flake .#linkcheck
diff --git a/formatter.nix b/formatter.nix
index 421734e..c4e0f57 100644
--- a/formatter.nix
+++ b/formatter.nix
@@ -9,14 +9,17 @@
           "*/nixos-vars.json"
           "*/secrets.yaml"
           "*.lock"
+          "*.tfstate"
           ".gitignore"
           "modules/nixos-wiki/favicon.ico"
           "modules/nixos-wiki/nixos.png"
           "modules/nixos-wiki/robots.txt"
           "oauth-permissions.png"
           "targets/nixos-wiki.nixos.org/secrets/*"
+          "targets/admins/secrets/*"
+          "checks/linkcheck/allowed.links"
         ];
-        programs.hclfmt.enable = true;
+        programs.terraform.enable = true;
         programs.nixfmt.enable = true;
         programs.nixfmt.package = pkgs.nixfmt-rfc-style;
         programs.deadnix.enable = true;