From 01a89049c7ac9d555e5a1e33ef4e721400328154 Mon Sep 17 00:00:00 2001
From: "dbcdk-platform-renovate[bot]"
 <197240915+dbcdk-platform-renovate[bot]@users.noreply.github.com>
Date: Sat, 17 May 2025 14:01:31 +0000
Subject: [PATCH 1/6] chore(deps): update nixpkgs to nixos-25.05

---
 flake.lock | 8 ++++----
 flake.nix  | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/flake.lock b/flake.lock
index 01840db..ded39fa 100644
--- a/flake.lock
+++ b/flake.lock
@@ -17,16 +17,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1737569578,
-        "narHash": "sha256-6qY0pk2QmUtBT9Mywdvif0i/CLVgpCjMUn6g9vB+f3M=",
+        "lastModified": 1747428706,
+        "narHash": "sha256-XVds9FkRrY59xRNNq14FNsFGqDiexXX/mlHcX4hPyyk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "47addd76727f42d351590c905d9d1905ca895b82",
+        "rev": "2e1496bf8652ff4af4e4d4737277f71e4a4f5cb2",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index c1c9112..fd179da 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
   description = "faythe";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
     crane.url = "github:ipetkov/crane";
     crane.inputs.nixpkgs.follows = "nixpkgs";
   };

From 69026fa93b4e849a2e3a5e1a2f3dcc38b282f1df Mon Sep 17 00:00:00 2001
From: Johan Thomsen <write@ownrisk.dk>
Date: Sat, 7 Jun 2025 17:42:48 +0200
Subject: [PATCH 2/6] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Flake lock file updates:

• Updated input 'crane':
    'github:ipetkov/crane/5b03654ce046b5167e7b0bccbd8244cb56c16f0e?narHash=sha256-/mumx8AQ5xFuCJqxCIOFCHTVlxHkMT21idpbgbm/TIE%3D' (2024-09-26)
  → 'github:ipetkov/crane/323b5746d89e04b22554b061522dfce9e4c49b18?narHash=sha256-UDyigbDGv8fvs9aS95yzFfOKkEjx1LO3PL3DsKopohA%3D' (2025-06-03)
---
 flake.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index ded39fa..6238943 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "crane": {
       "locked": {
-        "lastModified": 1727316705,
-        "narHash": "sha256-/mumx8AQ5xFuCJqxCIOFCHTVlxHkMT21idpbgbm/TIE=",
+        "lastModified": 1748970125,
+        "narHash": "sha256-UDyigbDGv8fvs9aS95yzFfOKkEjx1LO3PL3DsKopohA=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "5b03654ce046b5167e7b0bccbd8244cb56c16f0e",
+        "rev": "323b5746d89e04b22554b061522dfce9e4c49b18",
         "type": "github"
       },
       "original": {

From 8fb86c5a82073f71a5bb9192d25ef26d7b0f464e Mon Sep 17 00:00:00 2001
From: Johan Thomsen <write@ownrisk.dk>
Date: Thu, 12 Jun 2025 17:59:23 +0200
Subject: [PATCH 3/6] flake: fix warnings - note that the defaultPackage ->
 package.default might break something in some setups

---
 flake.nix | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/flake.nix b/flake.nix
index fd179da..af735bc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,7 +4,6 @@
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
     crane.url = "github:ipetkov/crane";
-    crane.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs = { self, crane, nixpkgs }:
@@ -29,8 +28,10 @@
       craneLib = crane.mkLib final;
     };
   in {
-    packages.${system}.${pname} = pkgs.${pname};
-    defaultPackage.${system} = pkgs.${pname};
+    packages.${system} = {
+	${pname} = pkgs.${pname};
+	default = pkgs.${pname};
+    };
 
     overlays.default = final: prev:
       let
@@ -77,7 +78,7 @@
       clippy = pkgs."${pname}-clippy";
     };
 
-    devShell.${system} = with pkgs; mkShell {
+    devShells.${system}.default = with pkgs; mkShell {
       buildInputs = [
         rust-analyzer
         cargo

From ffc50db8c1af09329fb714e55a9b1ae17449594a Mon Sep 17 00:00:00 2001
From: Johan Thomsen <write@ownrisk.dk>
Date: Thu, 12 Jun 2025 18:02:51 +0200
Subject: [PATCH 4/6] issuer/init_resolvers: remove unused explicit lifetime

---
 src/issuer.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/issuer.rs b/src/issuer.rs
index 0c4d8ae..bd2f68c 100644
--- a/src/issuer.rs
+++ b/src/issuer.rs
@@ -271,7 +271,7 @@ impl Resolvers {
     }
 }
 
-async fn init_resolvers<'l>(config: &FaytheConfig) -> Result<HashMap<String, TokioAsyncResolver>, ResolverError> {
+async fn init_resolvers(config: &FaytheConfig) -> Result<HashMap<String, TokioAsyncResolver>, ResolverError> {
     let mut resolvers = HashMap::new();
 
     for z in &config.zones {

From df0ef6d1aa6e91a552d7c82c02c373e620e73d6f Mon Sep 17 00:00:00 2001
From: Johan Thomsen <write@ownrisk.dk>
Date: Thu, 12 Jun 2025 19:07:53 +0200
Subject: [PATCH 5/6] tests/lib: permissions clash on /etc/bind (the bind
 upstream module uses this path at runtime), so move zone files to /etc/zones

---
 nixos/lib.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nixos/lib.nix b/nixos/lib.nix
index a11f936..652c026 100644
--- a/nixos/lib.nix
+++ b/nixos/lib.nix
@@ -61,7 +61,7 @@ in
                 dnsutils
               ];
 
-              environment.etc."bind/zones/${domain}.zone" = {
+              environment.etc."zones/${domain}.zone" = {
                 mode = "0644";
                 user = "named";
                 group = "named";
@@ -82,7 +82,7 @@ in
 
               services.bind.zones."${domain}" = {
                 master = true;
-                file = "/etc/bind/zones/${domain}.zone";
+                file = "/etc/zones/${domain}.zone";
                 # the bind zone module is very opinionated and this sets allow-transfer.
                 slaves = [ nodes.client.networking.primaryIPAddress ];
                 extraConfig = ''
@@ -91,7 +91,7 @@ in
               };
 
               # Hack to allow access to the directory copied from environment.etc
-              systemd.services.bind.serviceConfig.ExecStartPre = "+${pkgs.coreutils}/bin/chown named /etc/bind/zones";
+              systemd.services.bind.serviceConfig.ExecStartPre = "+${pkgs.coreutils}/bin/chown named /etc/zones";
             };
 
           client =

From b12b237a4143690b4f6640a57cf4db94caf02816 Mon Sep 17 00:00:00 2001
From: Johan Thomsen <write@ownrisk.dk>
Date: Thu, 12 Jun 2025 19:30:52 +0200
Subject: [PATCH 6/6] tests/lib: nothing wants network-online.target, so its
 inactive. Instead, just wait for main services on each vm

---
 nixos/lib.nix | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/nixos/lib.nix b/nixos/lib.nix
index 652c026..d3c0ebd 100644
--- a/nixos/lib.nix
+++ b/nixos/lib.nix
@@ -154,10 +154,8 @@ in
         testScript = ''
           start_all()
 
-          ns.wait_for_unit("network-online.target")
-          acme.wait_for_unit("network-online.target")
-          client.wait_for_unit("network-online.target")
-
+          acme.wait_for_unit("pebble.service")
+          client.wait_for_unit("faythe.service")
           ns.wait_for_unit("bind.service")
 
           client.wait_until_succeeds("ping -c1 ${nodes.ns.networking.primaryIPAddress}")