depotwide: fix stuff

nix/pkgs/authentik/goserver/default.nix

@@ -4,6 +4,6 @@ pkgs.buildGoModule {
   pname = "authentik-server";
   inherit src version;
 
-  vendorSha256 = "072vjqcv3ihjwj45aaf94a2wiy5vg1kxncyzhwixpfiyn617wac8";
+  vendorSha256 = "0djv6xmh3719dpzl21jhz3jraq9wl2adv6bs22hgs31jzkinx2g3";
   subPackages = "cmd/server";
 }

nix/pkgs/authentik/pythonapp/default.nix

@@ -1,8 +1,22 @@
 { pkgs, src, ... }:
 
 let
-  app = pkgs.poetry2nix.mkPoetryApplication {
-    projectDir = src;
+  pyproject = pkgs.runCommand "authentik-pyproject" { src = "${src}/pyproject.toml"; } ''
+    sed 's/extras = \["standard"\],//' $src > $out
+  '';
+  poetrylock = pkgs.runCommand "authentik-poetrylock" { src = "${src}/poetry.lock"; } ''
+    sed -e 's/, markers = "extra == \\\"standard\\\""//' \
+      -e 's/and extra == \\\"standard\\\"//' \
+      $src > $out
+  '';
+  fixedSrc = pkgs.runCommand "authentik-src" { inherit src; } ''
+    cp -R $src $out
+    chmod -R u+w $out
+    cp ${pyproject} $out/pyproject.toml
+    cp ${poetrylock} $out/poetry.lock
+  '';
+  app = pkgs.poetry2nix.mkPoetryApplication rec {
+    projectDir = fixedSrc;
     python = pkgs.python310;
     overrides = pkgs.poetry2nix.overrides.withDefaults (self: super: {
       click-didyoumean = super.click-didyoumean.overridePythonAttrs (old: {
@@ -27,6 +41,11 @@ let
           sha256 = "1zxb12lrrl1n7ijcxl8mvv94lnhn6b52c1jx6jq9pv2fncrxf4wr";
         };
       }));
+      watchfiles = self.callPackage "${pkgs.path}/pkgs/development/python-modules/watchfiles/default.nix" {};
+      uvicorn = (self.callPackage "${pkgs.path}/pkgs/development/python-modules/uvicorn/default.nix" {}).overridePythonAttrs (old: {
+        propagatedBuildInputs = old.propagatedBuildInputs ++ old.passthru.optional-dependencies.standard;
+      });
+      inherit (pkgs.python310.pkgs) ua-parser;
     });
 
     buildInputs = [ pkgs.bash ];

ops/nixos/bvm-heptapod/default.nix

@@ -147,7 +147,7 @@ in {
       systemd.services.nix-daemon.serviceConfig.EnvironmentFile = "/var/lib/secrets/nix-daemon/secret";
       services.gitlab-runner = {
         enable = true;
-        concurrent = 16;
+        settings.concurrent = 16;
         services = {
           deployer = {
             registrationConfigFile = "/var/lib/secrets/gitlab-runner-environment/secret";

ops/nixos/clouvider-lon01/default.nix

@@ -246,7 +246,7 @@
   };
   services.gitlab-runner = {
     enable = true;
-    concurrent = 1;
+    settings.concurrent = 1;
     services = {
       deployer = {
         registrationConfigFile = config.my.vault.secrets.gitlab-runner-environment.path;

ops/nixos/howl/default.nix

@@ -67,9 +67,8 @@ in {
   services.zfs.rollbackOnBoot.enable = true;
 
   # Enable libvirtd.
-  virtualisation.libvirtd = {
-    enable = true;
-  };
+  virtualisation.libvirtd.enable = true;
+  security.polkit.enable = true;
 
   networking.hostName = "howl";
   networking.hostId = "cdd51451";

ops/nixos/lib/graphical-client-wayland.nix

@@ -16,7 +16,6 @@ in
 
     xdg.portal = {
       enable = true;
-      gtkUsePortal = true;
       extraPortals = with depot.pkgs; [ xdg-desktop-portal-wlr ];
     };
   };

ops/nixos/porcorosso/default.nix

@@ -114,6 +114,7 @@ in {
   virtualisation.libvirtd = {
     enable = true;
   };
+  security.polkit.enable = true;
 
   networking.hostName = "porcorosso";
   networking.hostId = "1ee729a4";

ops/nixos/totoro/default.nix

@@ -151,6 +151,7 @@ in {
     enable = true;
     allowedBridges = [ "virbr0" "br-ext" ];
   };
+  security.polkit.enable = true;
   users.users.lukegb = {
     packages = with depot.pkgs; [ irssi ];
     extraGroups = lib.mkAfter [ "libvirtd" "acme" "podman" ];

third_party/default.nix

@@ -7,6 +7,7 @@ let
   nixpkgsConfig = {
     allowUnfree = true;
     permittedInsecurePackages = [
+      "python3.10-mistune-0.8.4"
       "p7zip-16.02"
     ];
     packageOverrides = pkgs: {