upgrade nixpkgs to NixOS 23.11

configuration.nix

@@ -35,7 +35,7 @@
 
   services.do-agent.enable = if config.selfprivacy.server.provider == "digitalocean" then true else false;
 
-  boot.cleanTmpDir = true;
+  boot.tmp.cleanOnBoot = true;
   networking = {
     hostName = config.selfprivacy.hostname;
     domain = config.selfprivacy.domain;
@@ -55,8 +55,10 @@
   users.users.root.openssh.authorizedKeys.keys = config.selfprivacy.ssh.rootKeys;
   services.openssh = {
     enable = config.selfprivacy.ssh.enable;
-    passwordAuthentication = config.selfprivacy.ssh.passwordAuthentication;
-    permitRootLogin = "yes";
+    settings = {
+      PasswordAuthentication = config.selfprivacy.ssh.passwordAuthentication;
+      PermitRootLogin = "yes";
+    };
     openFirewall = false;
   };
   programs.ssh = {

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1702759837,
-        "narHash": "sha256-u3XeJVRe/Q975nwFE+6ALEwypMKJEELMJKDAhSKyq3M=",
+        "lastModified": 1702780907,
+        "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b2566f4f897ac6224e094b167d9488d03e157f28",
+        "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
         "type": "github"
       },
       "original": {

letsencrypt/resolve.nix

@@ -10,10 +10,6 @@ in
           StartLimitBurst = 5;
           StartLimitIntervalSec = 5;
           Restart = "on-failure";
-          RestartSec =
-            if lib.versionOlder config.system.nixos.release "23.11"
-            then 15 * 60
-            else abort "since NixOS 23.11 (#266155) ACME systemd service restart intervals should have been fixed, thus no workarounds are needed";
         };
       };
     };

sp-modules/gitea/module.nix

@@ -46,12 +46,14 @@ in
         };
         appName = "SelfPrivacy git Service";
         repositoryRoot = "${stateDir}/repositories";
-        domain = "git.${sp.domain}";
-        rootUrl = "https://git.${sp.domain}/";
-        httpAddress = "0.0.0.0";
-        httpPort = 3000;
         #      cookieSecure = true;
         settings = {
+          server = {
+            DOMAIN = "git.${sp.domain}";
+            ROOT_URL = "https://git.${sp.domain}/";
+            HTTP_ADDR = "0.0.0.0";
+            HTTP_PORT = 3000;
+          };
           mailer = {
             ENABLED = false;
           };

sp-modules/nextcloud/module.nix

@@ -44,7 +44,7 @@
       };
       services.nextcloud = {
         enable = true;
-        package = pkgs.nextcloud25;
+        package = pkgs.nextcloud26;
         inherit hostName;
 
         # Use HTTPS for links

sp-modules/simple-nixos-mailserver/config.nix

@@ -1,4 +1,4 @@
-mailserverDate: { config, lib, ... }:
+{ config, lib, ... }:
 let
   sp = config.selfprivacy;
 in
@@ -66,11 +66,7 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable
       "admin@${sp.domain}" = "${sp.username}@${sp.domain}";
     };
 
-    certificateScheme =
-      if builtins.compareVersions mailserverDate "20230525011002"
-        >= 0
-      then "manual"
-      else 1;
+    certificateScheme = "manual";
     certificateFile = "/var/lib/acme/${sp.domain}/fullchain.pem";
     keyFile = "/var/lib/acme/${sp.domain}/key.pem";
 

sp-modules/simple-nixos-mailserver/flake.lock

@@ -42,11 +42,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1687462267,
-        "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=",
+        "lastModified": 1700085753,
+        "narHash": "sha256-qtib7f3eRwfaUF+VziJXiBcZFqpHCAXS4HlrFsnzzl4=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "24128c3052090311688b09a400aa408ba61c6ee5",
+        "rev": "008d78cc21959e33d0d31f375b88353a7d7121ae",
         "type": "gitlab"
       },
       "original": {

sp-modules/simple-nixos-mailserver/flake.nix

@@ -9,7 +9,7 @@
       imports = [
         mailserver.nixosModules.default
         ./options.nix
-        (import ./config.nix mailserver.lastModifiedDate)
+        ./config.nix
       ];
     };
     configPathsNeeded =