Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion common.nix
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,6 @@ in
ln -sfn /run/current-system/sw/bin/bash /bin/bash
'';

system.stateVersion = "25.11";
system.stateVersion = "26.05";
};
}
8 changes: 4 additions & 4 deletions flake.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
nixpkgs.url = "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1";

home-manager = {
url = "github:nix-community/home-manager/release-25.11";
url = "github:nix-community/home-manager/release-26.05";
inputs.nixpkgs.follows = "nixpkgs";
};

Expand Down
19 changes: 9 additions & 10 deletions home.nix
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ in

home.username = username;
home.homeDirectory = "/home/${username}";
home.stateVersion = "25.11";
home.stateVersion = "26.05";

home.packages = with pkgs; [
# The reason this VM exists.
Expand Down Expand Up @@ -130,22 +130,21 @@ in
programs.ssh = {
enable = true;
# Don't pull in home-manager's default ProxyCommand/ServerAlive/etc;
# we only want our own matchBlocks. Silences the deprecation warning
# we only want our own settings. Silences the deprecation warning
# asking us to opt into the new explicit-defaults behavior.
enableDefaultConfig = false;

matchBlocks."*" = {
proxyCommand = "${pkgs.netcat-openbsd}/bin/nc -X connect -x ${net.firewallIp}:8080 %h %p";
};
settings = {
"*" = {
ProxyCommand = "${pkgs.netcat-openbsd}/bin/nc -X connect -x ${net.firewallIp}:8080 %h %p";
};

matchBlocks."ssh.dev.azure.com" = {
extraOptions = {
"ssh.dev.azure.com" = {
# Disable weak crypto warnings - Azure Devops does not support post-quantum yet
WarnWeakCrypto = "no-pq-kex";
};
};
matchBlocks."bitbucket.org" = {
extraOptions = {

"bitbucket.org" = {
WarnWeakCrypto = "no-pq-kex";
};
};
Expand Down
2 changes: 1 addition & 1 deletion src/rootcell/providers/aws-ec2-config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ export function parseAwsEc2Config(env: NodeJS.ProcessEnv): AwsEc2Config {
agentRootVolumeGiB: positiveIntegerEnv(env, "ROOTCELL_AWS_AGENT_ROOT_VOLUME_GIB", 60),
firewallRootVolumeGiB: positiveIntegerEnv(env, "ROOTCELL_AWS_FIREWALL_ROOT_VOLUME_GIB", 64),
nixosAmiOwnerId: env.ROOTCELL_AWS_NIXOS_AMI_OWNER_ID ?? NIXOS_AMI_OWNER_ID,
nixosAmiNamePattern: env.ROOTCELL_AWS_NIXOS_AMI_NAME_PATTERN ?? "nixos/25.11*",
nixosAmiNamePattern: env.ROOTCELL_AWS_NIXOS_AMI_NAME_PATTERN ?? "nixos/26.05*",
}, "invalid AWS EC2 provider config");
}

Expand Down
4 changes: 2 additions & 2 deletions src/rootcell/providers/aws-ec2/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,12 +97,12 @@ data "aws_ami" "nixos_arm64" {
```

The default owner is the official NixOS AMI publisher account
`427812963091`, and the default name pattern is `nixos/25.11*`. Override them
`427812963091`, and the default name pattern is `nixos/26.05*`. Override them
only when intentionally testing a different upstream image stream:

```sh
ROOTCELL_AWS_NIXOS_AMI_OWNER_ID=427812963091
ROOTCELL_AWS_NIXOS_AMI_NAME_PATTERN='nixos/25.11*'
ROOTCELL_AWS_NIXOS_AMI_NAME_PATTERN='nixos/26.05*'
```

Official NixOS AMIs initially accept SSH as `root`. Rootcell supplies a
Expand Down
4 changes: 2 additions & 2 deletions src/rootcell/rootcell.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -544,7 +544,7 @@ describe("environment parsing", () => {
agentRootVolumeGiB: 60,
firewallRootVolumeGiB: 64,
nixosAmiOwnerId: "427812963091",
nixosAmiNamePattern: "nixos/25.11*",
nixosAmiNamePattern: "nixos/26.05*",
});
});

Expand Down Expand Up @@ -3025,7 +3025,7 @@ function fakeAwsOutputs(controlCidr: string): Record<string, string> {
agent_private_ip: "192.168.109.11",
firewall_private_ip: "192.168.109.10",
nixos_ami_id: "ami-nixos",
nixos_ami_name: "nixos/25.11-aarch64-linux",
nixos_ami_name: "nixos/26.05-aarch64-linux",
applied_control_cidr: controlCidr,
};
}
Expand Down