run gradient server and worker all in one

flake.lock

@@ -258,11 +258,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1777458607,
-        "narHash": "sha256-KcPvJ3+MFyDBf8GyE4zThu3u/LnXYXTB8X3V9s6R9/0=",
+        "lastModified": 1777807825,
+        "narHash": "sha256-LIHC5ayGLbEXY7wBrd71EE12xZDBltYqeE4qdEvWbC0=",
         "owner": "wavelens",
         "repo": "gradient",
-        "rev": "62f3132a90d9bd4fadb4688d20a684a464d6e8dc",
+        "rev": "0f5779845044d2a39e5f599f781d6cfb9248a219",
         "type": "github"
       },
       "original": {
@@ -323,11 +323,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1775423009,
-        "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
+        "lastModified": 1777268161,
+        "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
+        "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
         "type": "github"
       },
       "original": {
@@ -352,6 +352,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1777268161,
+        "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs_2": {
       "locked": {
         "lastModified": 1777077449,
@@ -425,6 +441,7 @@
         "gradient": "gradient",
         "mailserver": "mailserver",
         "nixpkgs": "nixpkgs_2",
+        "nixpkgs-unstable": "nixpkgs-unstable",
         "sops": "sops"
       }
     },

flake.nix

@@ -4,6 +4,7 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
     authentik = {
       url = "github:nix-community/authentik-nix";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -29,12 +30,13 @@
     {
       self,
       nixpkgs,
+      nixpkgs-unstable,
       authentik,
       mailserver,
       disko,
       sops,
       gradient
-    }:
+    }@inputs:
     let
       sshkeys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
@@ -181,7 +183,7 @@
         result: input:
         result
         // {
-          "${input}" = nixpkgs.lib.nixosSystem {
+          "${input}" = nixpkgs-unstable.lib.nixosSystem {
             system = "x86_64-linux";
             modules =
               let
@@ -197,7 +199,7 @@
                 gradient.nixosModules.default
                 sops.nixosModules.sops
                 {
-                  _module.args = { inherit self modulesPath; };
+                  _module.args = { inherit self inputs modulesPath; };
                 }
               ];
           };

hosts/gradient/default.nix

@@ -1,5 +1,6 @@
 {
   config,
+  inputs,
   lib,
   pkgs,
   modulesPath,
@@ -51,7 +52,7 @@
       configurePostgres = true;
       configureNginx    = true;
       # serveCache        = true;
-      reportErrors      = true; # optional: will send crash reports to us
+      reportErrors      = true;
 
       worker = {
         enable    = true;
@@ -63,12 +64,19 @@
           eval  = true;
           build = true;
         };
+        packages.nix = inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.nix;
         settings = {
-          logLevel.default = "debug";
+          logLevel = {
+            default = "debug";
+          };
         };
       };
     };
 
+    nginx.commonHttpConfig = ''
+      real_ip_header proxy_protocol;
+      set_real_ip_from 141.56.51.1/32;
+    '';
     nginx.virtualHosts."${config.networking.fqdn}".listen = [
       {
         port = 80;