diff --git a/flake.lock b/flake.lock index b3a803e..d261e83 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -23,20 +23,14 @@ }, "catppuccin": { "inputs": { - "catppuccin-v1_1": "catppuccin-v1_1", - "catppuccin-v1_2": "catppuccin-v1_2", - "home-manager": "home-manager_2", - "home-manager-stable": "home-manager-stable", - "nixpkgs": "nixpkgs_2", - "nixpkgs-stable": "nixpkgs-stable", - "nuscht-search": "nuscht-search" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1736069220, - "narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=", + "lastModified": 1741914590, + "narHash": "sha256-R8Bxh/AMD6nvmQrC43DkUkuwDmTWlyvNAzJ0Riq5w5U=", "owner": "catppuccin", "repo": "nix", - "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e", + "rev": "1e3fe44bc13809f62c2ef0aa864a304a6c8ebea4", "type": "github" }, "original": { @@ -45,41 +39,13 @@ "type": "github" } }, - "catppuccin-v1_1": { - "locked": { - "lastModified": 1734055249, - "narHash": "sha256-pCWJgwo77KD7EJpwynwKrWPZ//dwypHq2TfdzZWqK68=", - "rev": "7221d6ca17ac36ed20588e1c3a80177ac5843fa7", - "revCount": 326, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.1.1/0193bdc0-b045-7eed-bbec-95611a8ecdf5/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/catppuccin/nix/1.1.%2A.tar.gz" - } - }, - "catppuccin-v1_2": { - "locked": { - "lastModified": 1734728407, - "narHash": "sha256-Let3uJo4YDyfqbqaw66dpZxhJB2TrDyZWSFd5rpPLJA=", - "rev": "23ee86dbf4ed347878115a78971d43025362fab1", - "revCount": 341, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.2.0/0193e5e0-33b7-7149-a362-bfe56b20f64e/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz" - } - }, "crane": { "locked": { - "lastModified": 1731098351, - "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "lastModified": 1741148495, + "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", "owner": "ipetkov", "repo": "crane", - "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", "type": "github" }, "original": { @@ -117,11 +83,11 @@ ] }, "locked": { - "lastModified": 1736711425, - "narHash": "sha256-8hKhPQuMtXfJi+4lPvw3FBk/zSJVHeb726Zo0uF1PP8=", + "lastModified": 1741786315, + "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", "owner": "nix-community", "repo": "disko", - "rev": "f720e64ec37fa16ebba6354eadf310f81555cc07", + "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", "type": "github" }, "original": { @@ -153,14 +119,14 @@ "emacs-overlay": { "inputs": { "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1736759802, - "narHash": "sha256-XCaIRTC+YlL5nRi9WJHeftyfw2Z0YXwwzEmHThGuR3Q=", + "lastModified": 1741945480, + "narHash": "sha256-D80QGijmeVxm/4fJVd53dP8MHCLcn+JjtgniaGKIXvg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "244a2ab1459c72bac32a2db088549f8bc6d7a836", + "rev": "5d6c484290f0754ce745ea6f7e2b7d037bdc7b76", "type": "github" }, "original": { @@ -204,11 +170,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -225,11 +191,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1740872218, + "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "3876f6b87db82f33775b1ef5ea343986105db764", "type": "github" }, "original": { @@ -260,24 +226,6 @@ "inputs": { "systems": "systems_3" }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_4" - }, "locked": { "lastModified": 1681202837, "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", @@ -297,11 +245,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -334,11 +282,11 @@ ] }, "locked": { - "lastModified": 1735882644, - "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "lastModified": 1741379162, + "narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", "type": "github" }, "original": { @@ -411,50 +359,7 @@ "type": "github" } }, - "home-manager-stable": { - "inputs": { - "nixpkgs": [ - "catppuccin", - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1734366194, - "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-24.11", - "repo": "home-manager", - "type": "github" - } - }, "home-manager_2": { - "inputs": { - "nixpkgs": [ - "catppuccin", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1734622215, - "narHash": "sha256-OOfI0XhSJGHblfdNDhfnn8QnZxng63rWk9eeJ2tCbiI=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "1395379a7a36e40f2a76e7b9936cc52950baa1be", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_3": { "inputs": { "nixpkgs": [ "nix-on-droid", @@ -482,11 +387,11 @@ ] }, "locked": { - "lastModified": 1736781604, - "narHash": "sha256-nIjcN89nxaI5ZnwU/1gzc3rBVQ/te5sHraYeG4cyJX4=", + "lastModified": 1741955947, + "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "owner": "nix-community", "repo": "home-manager", - "rev": "9616d81f98032d1ee9bec68ab4b6a8c833add88c", + "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "type": "github" }, "original": { @@ -518,11 +423,11 @@ }, "impermanence": { "locked": { - "lastModified": 1736688610, - "narHash": "sha256-1Zl9xahw399UiZSJ9Vxs1W4WRFjO1SsNdVZQD4nghz0=", + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "owner": "nix-community", "repo": "impermanence", - "rev": "c64bed13b562fc3bb454b48773d4155023ac31b7", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "type": "github" }, "original": { @@ -531,34 +436,6 @@ "type": "github" } }, - "ixx": { - "inputs": { - "flake-utils": [ - "catppuccin", - "nuscht-search", - "flake-utils" - ], - "nixpkgs": [ - "catppuccin", - "nuscht-search", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729958008, - "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", - "owner": "NuschtOS", - "repo": "ixx", - "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "ref": "v0.0.6", - "repo": "ixx", - "type": "github" - } - }, "lanzaboote": { "inputs": { "crane": "crane", @@ -571,11 +448,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1734994463, - "narHash": "sha256-S9MgfQjNt4J3I7obdLOVY23h+Yl/hnyibwGfOl+1uOE=", + "lastModified": 1741442524, + "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "93e6f0d77548be8757c11ebda5c4235ef4f3bc67", + "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", "type": "github" }, "original": { @@ -587,11 +464,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1736680332, - "narHash": "sha256-gwidOezQ6FT5q4GHcpD6y2EwKcrtzjAoxaN/9bTGqQw=", + "lastModified": 1741957871, + "narHash": "sha256-BSim3favVai9y7eMaFWNNDbIJ0mdRp5TMcJvHWdjC1s=", "ref": "refs/heads/main", - "rev": "38dd196b03f4163ae3bbb2a1910b8f0f141ca0e2", - "revCount": 16610, + "rev": "af15a446ea88a2244e3c5a50eab776c33ab3bd80", + "revCount": 17649, "type": "git", "url": "https://git@git.lix.systems/lix-project/lix" }, @@ -602,7 +479,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "flakey-profile": "flakey-profile", "lix": [ "lix" @@ -612,11 +489,11 @@ ] }, "locked": { - "lastModified": 1733522213, - "narHash": "sha256-H+Pk19MzvI/TAbXWimUPZAoKkD56OSyxJBm8lVIA5n0=", + "lastModified": 1741894565, + "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", "ref": "refs/heads/main", - "rev": "c374ebf5548c7b6d4bf884369a5b6879cfc916ea", - "revCount": 124, + "rev": "a6da43f8193d9e329bba1795c42590c27966082e", + "revCount": 136, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -628,11 +505,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1736638789, - "narHash": "sha256-pkpOkSUNrSf5DePUtYYFt4wGODhY28RlQ4SIJ1e+15M=", + "lastModified": 1741101701, + "narHash": "sha256-Kup8HWWC2AR1j2c9pAjXQXLYmuhyv8sRRfX0o03sNQg=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "72a0601f36a1b424e8b72f17ff53509b990ee060", + "rev": "8956d72cf8fa9110dcc5fcbc537adee45a8014f5", "type": "github" }, "original": { @@ -669,7 +546,7 @@ }, "nix-on-droid": { "inputs": { - "home-manager": "home-manager_3", + "home-manager": "home-manager_2", "nix-formatter-pack": "nix-formatter-pack", "nixpkgs": "nixpkgs_5", "nixpkgs-docs": "nixpkgs-docs", @@ -692,11 +569,11 @@ }, "nixosHardware": { "locked": { - "lastModified": 1736441705, - "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", + "lastModified": 1741792691, + "narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", + "rev": "e1f12151258b12c567f456d8248e4694e9390613", "type": "github" }, "original": { @@ -755,23 +632,26 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1735774519, - "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "lastModified": 1740877520, + "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1734600368, - "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=", + "lastModified": 1741862977, + "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca", + "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", "type": "github" }, "original": { @@ -781,45 +661,13 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1736549401, - "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_3": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1734424634, - "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", + "lastModified": 1741246872, + "narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", + "rev": "10069ef4cf863633f57238f179a0297de84bd8d3", "type": "github" }, "original": { @@ -847,11 +695,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1736523798, - "narHash": "sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s=", + "lastModified": 1741851582, + "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "130595eba61081acde9001f43de3248d8888ac4a", + "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32", "type": "github" }, "original": { @@ -944,29 +792,6 @@ "type": "gitlab" } }, - "nuscht-search": { - "inputs": { - "flake-utils": "flake-utils", - "ixx": "ixx", - "nixpkgs": [ - "catppuccin", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733773348, - "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=", - "owner": "NuschtOS", - "repo": "search", - "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "repo": "search", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -977,15 +802,14 @@ "nixpkgs": [ "lanzaboote", "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_3" + ] }, "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "lastModified": 1740915799, + "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", "type": "github" }, "original": { @@ -1065,11 +889,11 @@ ] }, "locked": { - "lastModified": 1731897198, - "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", + "lastModified": 1741228283, + "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", + "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", "type": "github" }, "original": { @@ -1161,21 +985,6 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1183,11 +992,11 @@ ] }, "locked": { - "lastModified": 1736154270, - "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", + "lastModified": 1739829690, + "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", + "rev": "3d0579f5cc93436052d94b73925b48973a104204", "type": "github" }, "original": { @@ -1198,7 +1007,7 @@ }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": "nixpkgs_7" }, "locked": { diff --git a/hosts/default.nix b/hosts/default.nix index c17d45f..2ba0e8c 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -116,7 +116,6 @@ owner = "grafana"; group = "forgejo"; }; - "firefly-app-key".owner = "firefly-iii"; "matrix-registration-shared-secret".owner = "matrix-synapse"; }; }; diff --git a/hosts/kirk/default.nix b/hosts/kirk/default.nix index 0835424..ec5d0df 100644 --- a/hosts/kirk/default.nix +++ b/hosts/kirk/default.nix @@ -35,6 +35,7 @@ "prometheus-exporters" "promtail" "syncthing" + "zerotier" ] ++ [ ./disko.nix ]; diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index be6c8b7..a63fd60 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -41,6 +41,7 @@ "adb" "prometheus-exporters" "promtail" + "zerotier" ] ++ [ ./disko.nix ]; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index d15f43a..3d5293b 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -11,13 +11,10 @@ "wireguard-server" "mediatomb" "transmission" - # "hercules-ci" "home-assistant" "adguard-home" "cloudflare-dyndns" "sisko-proxy" - "invidious" - "searx" "sisko-share" "forgejo" "prometheus" @@ -32,8 +29,9 @@ "syncthing" "atticd" "jellyfin" - "firefly" "matrix" + "radarr" + "zerotier" ] ++ [ ./disko.nix diff --git a/modules/adguard-home/default.nix b/modules/adguard-home/default.nix index a1ec2aa..4020c07 100644 --- a/modules/adguard-home/default.nix +++ b/modules/adguard-home/default.nix @@ -1,3 +1,4 @@ +{ config, ... }: { services.adguardhome = { enable = true; @@ -15,4 +16,13 @@ environment.persistence."/persist".directories = [ "/var/lib/AdGuardHome" ]; + + services.nginx.virtualHosts."adguard.sisko.wg.aciceri.dev" = { + forceSSL = true; + useACMEHost = "aciceri.dev"; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString config.services.adguardhome.port}"; + }; + serverAliases = [ "adguard.sisko.zt.aciceri.dev" ]; + }; } diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix index 071a22b..5538150 100644 --- a/modules/cloudflare-dyndns/default.nix +++ b/modules/cloudflare-dyndns/default.nix @@ -8,15 +8,8 @@ "aciceri.dev" "git.aciceri.dev" "home.aciceri.dev" - "torrent.aciceri.dev" - "search.aciceri.dev" - "invidious.aciceri.dev" - "vpn.aciceri.dev" "photos.aciceri.dev" - "status.aciceri.dev" "jelly.aciceri.dev" - "firefly.aciceri.dev" - "import.firefly.aciceri.dev" "matrix.aciceri.dev" ]; apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path; diff --git a/modules/grafana/default.nix b/modules/grafana/default.nix index a95e543..5466fd2 100644 --- a/modules/grafana/default.nix +++ b/modules/grafana/default.nix @@ -7,7 +7,7 @@ in enable = true; settings = { server = { - domain = "status.aciceri.dev"; + domain = "status.sisko.aciceri.dev"; http_addr = "127.0.0.1"; http_port = 2342; root_url = "https://${config.services.grafana.settings.server.domain}:443/"; @@ -30,10 +30,11 @@ in ]; services.nginx.virtualHosts = { - "status.aciceri.dev" = { - enableACME = true; + "status.sisko.wg.aciceri.dev" = { + useACMEHost = "aciceri.dev"; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:${builtins.toString cfg.settings.server.http_port}"; + serverAliases = [ "status.sisko.zt.aciceri.dev" ]; }; }; } diff --git a/modules/jellyfin/default.nix b/modules/jellyfin/default.nix index 51e066a..c9cdeaa 100644 --- a/modules/jellyfin/default.nix +++ b/modules/jellyfin/default.nix @@ -15,7 +15,7 @@ "jelly.aciceri.dev" = { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://127.0.0.1:8096"; + locations."/".proxyPass = "http://127.0.0.1:8096"; # FIXME hardcoded port }; }; } diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index c7d115b..c7c5917 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -7,7 +7,6 @@ let clientConfig = { "m.homeserver".base_url = "https://matrix.aciceri.dev"; - # "org.matrix.msc3575.proxy".url = "https://syncv3.matrix.aciceri.dev"; }; serverConfig."m.server" = "matrix.aciceri.dev:443"; mkWellKnown = data: '' @@ -21,7 +20,7 @@ in services.nginx.virtualHosts = { "aciceri.dev" = { - enableACME = true; + useACMEHost = "aciceri.dev"; forceSSL = true; locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; @@ -36,17 +35,6 @@ in }; }; - services.postgresql = { - enable = true; - # initialScript = pkgs.writeText "synapse-init.sql" '' - # CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - # CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - # TEMPLATE template0 - # LC_COLLATE = "C" - # LC_CTYPE = "C"; - # ''; - }; - systemd.tmpfiles.rules = [ "d ${config.services.matrix-synapse.dataDir} 770 matrix-synapse matrix-synapse" ]; @@ -79,28 +67,4 @@ in }; extraConfigFiles = [ config.age.secrets.matrix-registration-shared-secret.path ]; }; - - # backup.paths = [ - # config.services.matrix-synapse.dataDir - # "/var/backup/postgresql/matrix-synapse.sql.gz" - # ]; - - # services.postgresqlBackup = { - # enable = true; - # databases = [ "matrix-synapse" ]; - # }; - - # services.matrix-sliding-sync = { - # enable = true; - # environmentFile = config.age.secrets.matrix-sliding-sync-secret.path; - # settings = { - # SYNCV3_SERVER = "http://localhost:8008"; - # }; - # }; - - # services.nginx.virtualHosts."syncv3.matrix.aciceri.dev" = { - # enableACME = true; - # forceSSL = true; - # locations."/".proxyPass = config.services.matrix-sliding-sync.settings.SYNCV3_SERVER; - # }; } diff --git a/modules/nginx-base/default.nix b/modules/nginx-base/default.nix index fa8dd61..f201630 100644 --- a/modules/nginx-base/default.nix +++ b/modules/nginx-base/default.nix @@ -1,7 +1,23 @@ +{ config, ... }: { security.acme = { acceptTerms = true; defaults.email = "andrea.ciceri@autistici.org"; + certs = { + "aciceri.dev" = { + reloadServices = [ "nginx.service" ]; + domain = "aciceri.dev"; + extraDomainNames = [ + "*.sisko.zt.aciceri.dev" + "*.sisko.wg.aciceri.dev" + ]; + dnsProvider = "cloudflare"; + # dnsResolver = "1.1.1.1:53"; + dnsPropagationCheck = true; + group = config.services.nginx.group; + environmentFile = config.age.secrets.cloudflare-dyndns-api-token.path; + }; + }; }; networking.firewall.allowedTCPPorts = [ @@ -11,6 +27,7 @@ services.nginx = { enable = true; + statusPage = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix index e1e01fb..eea062d 100644 --- a/modules/paperless/default.nix +++ b/modules/paperless/default.nix @@ -25,14 +25,15 @@ imports = [ ../nginx-base ]; - services.nginx.virtualHosts."paper.aciceri.dev" = { + services.nginx.virtualHosts."paper.sisko.wg.aciceri.dev" = { forceSSL = true; - enableACME = true; + useACMEHost = "aciceri.dev"; locations."/" = { proxyPass = "http://localhost:${builtins.toString config.services.paperless.port}"; }; extraConfig = '' client_max_body_size 50000M; ''; + serverAliases = [ "paper.sisko.zt.aciceri.dev" ]; }; } diff --git a/modules/radarr/default.nix b/modules/radarr/default.nix new file mode 100644 index 0000000..77ee804 --- /dev/null +++ b/modules/radarr/default.nix @@ -0,0 +1,14 @@ +{ + services.radarr = { + enable = true; + }; + + services.nginx.virtualHosts."radarr.sisko.wg.aciceri.dev" = { + forceSSL = true; + useACMEHost = "aciceri.dev"; + locations."/" = { + proxyPass = "http://localhost:7878"; # FIXME hardcoded port + }; + serverAliases = [ "radarr.sisko.zt.aciceri.dev" ]; + }; +} diff --git a/modules/sisko-proxy/default.nix b/modules/sisko-proxy/default.nix index 353af1b..f35fcd1 100644 --- a/modules/sisko-proxy/default.nix +++ b/modules/sisko-proxy/default.nix @@ -15,26 +15,17 @@ proxy_set_header Connection $connection_upgrade; ''; }; - "torrent.aciceri.dev" = { + "home.sisko.aciceri.dev" = { forceSSL = true; - enableACME = true; + useACMEHost = "aciceri.dev"; locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.transmission.settings.rpc-port}"; - }; - }; - "search.aciceri.dev" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:8888"; - }; - }; - "invidious.aciceri.dev" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${builtins.toString config.services.invidious.port}"; + proxyPass = "http://localhost:${builtins.toString config.services.home-assistant.config.http.server_port}"; + proxyWebsockets = true; }; + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + ''; }; "photos.aciceri.dev" = { extraConfig = '' diff --git a/modules/transmission/default.nix b/modules/transmission/default.nix index b049158..eda7055 100644 --- a/modules/transmission/default.nix +++ b/modules/transmission/default.nix @@ -8,6 +8,8 @@ download-dir = "/mnt/hd/torrent"; incomplete-dir = "/mnt/hd/torrent/.incomplete"; + download-queue-enabled = false; + rpc-bind-address = "0.0.0.0"; peer-port = 51413; # Forward both TCP and UDP on router traffic from router rpc-whitelist-enabled = false; @@ -46,4 +48,13 @@ environment.persistence."/persist".directories = [ config.services.transmission.home ]; + + services.nginx.virtualHosts."torrent.sisko.wg.aciceri.dev" = { + forceSSL = true; + useACMEHost = "aciceri.dev"; + locations."/" = { + proxyPass = "http://localhost:${builtins.toString config.services.transmission.settings.rpc-port}"; + }; + serverAliases = [ "torrent.sisko.zt.aciceri.dev" ]; + }; } diff --git a/modules/zerotier/default.nix b/modules/zerotier/default.nix new file mode 100644 index 0000000..febcee3 --- /dev/null +++ b/modules/zerotier/default.nix @@ -0,0 +1,6 @@ +{ + services.zerotierone = { + enable = true; + joinNetworks = [ "632ea29085af0cb4" ]; + }; +} diff --git a/secrets/cloudflare-dyndns-api-token.age b/secrets/cloudflare-dyndns-api-token.age index e0ec94d..eb27ad9 100644 --- a/secrets/cloudflare-dyndns-api-token.age +++ b/secrets/cloudflare-dyndns-api-token.age @@ -1,30 +1,17 @@ age-encryption.org/v1 -> ssh-rsa /AagBw -K5GB/dRGaRFYq0dxuUFPubpdceMq6jOGSWuFuKgtRbtvC+P7qd8g56AZYTyo97jZ -oAsl8bF3wifrPN73SzCoGba1lCmpDZLCPllNd5RZL1bcAGBj9eDAA1zihYnnO7s+ -r8L8JSJ/P76AZ3JRhylU0KjgkX1TnVSIsJ/wCQGbdw+KrTuam/3zjzLXEptn2U26 -oQ4AuzWVGWtyrAKyJfRDWQQUGDwgXMB1h+7XZMm3G1eu6Wm7vuFEQLjaocFE9tO0 -8lnU3IEzXtn1NrutmiIJSoDyGk/PeRdvu2fZWY9oKRxkCA2q0fOca9ArcAP7Wr8a -+/2usaZ/wsc2fzqDQU2XoFutIU0qwvX6DtDmfb8RhMNrkj2HiR2MluYo+NqQqMOJ -7kMS22yE1Z6akvpeHo1GZ15HczQatIXXSr4DFGlF7CG0ASNbjR+2Qzws+EmZ2WGX -Ad8D9aq5DYOr9xvUdZn66NwyFyyo7FRMoXRFNL01sxJUBpu1wVkKECa8DK0GTIzz -u+qRWtD9WxJkAodW1NmE2F08HIy//exP0L/L6laAjIrDZTle12Nrk6n9ke1UUBIo -zU0RdY9HT+DAqScViGdbitv4Z+GYNWWkZfpW8O56S+B/0rmZZ6UQ8VB8GopUecBt -E14rynpvnd2A6+WlUWcft2Uwl1i7jL3IARO1F3LTsS4 --> ssh-rsa QHr3/A -Kh/yF7CW7lKTsn6JK4vX2SNyiH66JdB+oVYTFdc2efJYTXVLuj7ITK8EMP3dV267 -+D4UM3jcn8wOTeTjXIo8P01IOspGxslfC4J+Yol8K+1JA2BjB0diwzhQbkOEyxJ6 -R0uymJYXjtl8Cjx2mlyNMybG8QZYypPhdKosBRn/KELxInGsWHm4MV3XQ+w2fr9Q -xHIKvz/8QabgzodHwFbMjp29B4MJUSIkl+uxyTULQMcoOCJ5Ip5BqA+VZsFRD8zV -4dePanMQHPXIMnm3POZy3hq/M4FcwWkdJLvz3zyVDuW6mWdiOgA0k1AGpGIFTXeM -bKclRUlgL9n7C/dEh5pcKLbEeh5HSf+2izn7PAA90zAQl8++2+iYMHEIQL/Ft6LH -XnAsNR4rwnVdWu8BlyEhIPev1GgSp3wOc9eQ6TA16RO4ND1ItnLVauAmvDN4rUWI -0wc9Utgwxy4MNhypRLnRXKc555pNpsL1aoA+vcbHfxW1MiW7zviIz2z/RXBR77ut -x9kekkP+LEgMHWD4XCGidM2sMrKfKDDblb+YGKxRcdFlELQa0jHH1mcvU5YC4oY2 -IhYhWeEvyQOr21cP885Psu8IvSpaZVA0tOEdrEXNTa5+S495IGplp8YuxdjW6dz1 -trDcKVSXNsjqLtpl0CrPY8pSPRIEvUJgBcHUxB3+E/U --> ssh-ed25519 +vdRnA lCY+mIpl7nNGi4wD5Z2CJPlIpqTECUyOncW+FuKzqxs -3g0+X5fVGjo+EnETlDlO1VQl83Loi4bEBHshRz1/q0A ---- iUTAy7LeDZTABLGEMw/Bkc/qbujLcdpHdQ/TuodhmaM -Ӥ;{?`t8+t0m 0ܼAӣmx}Z2N2 -x<IV#WLڿ \ No newline at end of file +qbtCO62bJ2e8tUAZHoGTjyrbvp/nkh4XUeLJDeuZNVsUWuvmAyrdb43V4x8cZprl +90ac8YG6xCZ8Jjq8KYV/CtS08HSDLR09om673lrQ5huUYu1kWVUatmH2102mQYyi +tlRNx8MtYWlrEgh2cw1E24DJhzUILvW13yHfLyYH052Xaj+uXFRj/c7AyYSoOgzQ +IrfFU5yncmC6IMiO5/S9TGFLpq8zL983JzeZuYKdYXW+MiWaD15nxzsQQIgXI6YH +K8GYXcugB8O1FisjKw8edYr3bRbHYNNSK1U+v7Wu0ge9f/FXLv2eDKQszcKPxUCJ +XLHi1A6PyHmGlAvYfbj7Dns7KW4DoMmg+Low6VQ6yORbPlN1bbEcjq0qE6f+e6TJ +QQT7617PkmL1KVw2EryIql5Cq7ConTNQaaj1118mjBpW91b64vOXOmWZfOzNo+M1 +Cbsb98Q0VyK2dXDMwPNXW1dKxDb1TGOrPCg9jIwGASco98MTeHFV3/G2F8n7aKYZ +8erixoeKQjyZtNxW2Phq5Wmhjif22qmfJ/+wWvB43CSzLf/79Zcf6Y/qrdqwjzED +fI3NhbAlZVsywBXQnTpuZlN1CE+lR5h0QtJVDy4CWhj/SbucCWL7hmtG3CW8Covq +sa0CJMCtfX71m+h8F3v9oXxlg7Mh8j9c9dHGIbzAYFQ +-> ssh-ed25519 +vdRnA 0FOXCOJg0HIZ2yeW3PKHHOQxtJN6d2L1z6qtW74vxXw +6xthzPbBs09E4iTgki8bxSvp/WhnO6AqrfL8ZEfYrBI +--- eH5jp9jn2nUTrUHVdGK6WF+cyms4icim/UjLByNsUOw +2 >eo\jrY3e@q.s%>yz[9/ !B.lK4\* N=OtW]龽Չ6cR^|H+~ԝ<ӸO*T=uM~_JP[ \ No newline at end of file