diff --git a/flake.lock b/flake.lock index 617a8b4..b229be9 100644 --- a/flake.lock +++ b/flake.lock @@ -137,11 +137,11 @@ ] }, "locked": { - "lastModified": 1727359191, - "narHash": "sha256-5PltTychnExFwzpEnY3WhOywaMV/M6NxYI/y3oXuUtw=", + "lastModified": 1729281548, + "narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=", "owner": "nix-community", "repo": "disko", - "rev": "67dc29be3036cc888f0b9d4f0a788ee0f6768700", + "rev": "a6a3179ddf396dfc28a078e2f169354d0c137125", "type": "github" }, "original": { @@ -159,11 +159,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1727409802, - "narHash": "sha256-bTdztNxJL+dAcQ1yCtXy2upnvPt1FWerbRvzg3quhbU=", + "lastModified": 1729321532, + "narHash": "sha256-3/d/mbLQhrkE1qK2Ut/mrMElE6fP9t6ITJoRQ6F+D7o=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7964499d31675bc17b042f5ba46abe6bc2ea79af", + "rev": "70087c8c6e491dcc0bbff459073b480b1a72ac1c", "type": "gitlab" }, "original": { @@ -340,11 +340,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1725688145, - "narHash": "sha256-WCdR85Psl7yfl1/gDruytzZcDUtj+V3GBxwb0kMWbts=", + "lastModified": 1728804768, + "narHash": "sha256-WG8KWmT72SA1XrmixxJwI1RRWrT9D97kkYSE5OfOJdg=", "owner": "GermanBread", "repo": "declarative-flatpak", - "rev": "1cd36d4068cdeb3fa3fb815f8c9bfbc1217f445d", + "rev": "42cc2c4d97a03889d551cc82c43a0b124fd403f6", "type": "github" }, "original": { @@ -378,11 +378,11 @@ }, "hardware": { "locked": { - "lastModified": 1727040444, - "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", + "lastModified": 1728729581, + "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", + "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806", "type": "github" }, "original": { @@ -778,11 +778,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1725762081, - "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", + "lastModified": 1728156290, + "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "rev": "17ae88b569bb15590549ff478bab6494dde4a907", "type": "github" }, "original": { @@ -794,11 +794,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1727122398, - "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=", + "lastModified": 1729070438, + "narHash": "sha256-KOTTUfPkugH52avUvXGxvWy8ibKKj4genodIYUED+Kc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093", + "rev": "5785b6bb5eaae44e627d541023034e1601455827", "type": "github" }, "original": { @@ -906,11 +906,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "lastModified": 1727907660, + "narHash": "sha256-QftbyPoieM5M50WKUMzQmWtBWib/ZJbHo7mhj5riQec=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "rev": "5966581aa04be7eff830b9e1457d56dc70a0b798", "type": "github" }, "original": { @@ -954,11 +954,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1727264057, - "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", + "lastModified": 1729181673, + "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", + "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3", "type": "github" }, "original": { @@ -1002,11 +1002,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1725534445, - "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", + "lastModified": 1728093190, + "narHash": "sha256-CAZF2NRuHmqTtRTNAruWpHA43Gg2UvuCNEIzabP0l6M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", + "rev": "e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1727423009, - "narHash": "sha256-+4B/dQm2EnORIk0k2wV3aHGaE0WXTBjColXjj7qWh10=", + "lastModified": 1728345710, + "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "127a96f49ddc377be6ba76964411bab11ae27803", + "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", "type": "github" }, "original": { @@ -1229,11 +1229,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { diff --git a/hosts/adalbert/default.nix b/hosts/adalbert/default.nix index 448df1a..1689ab9 100644 --- a/hosts/adalbert/default.nix +++ b/hosts/adalbert/default.nix @@ -67,6 +67,10 @@ services.udev.packages = [inputs.heliox-cli.packages.x86_64-linux.default]; environment.systemPackages = [inputs.heliox-cli.packages.x86_64-linux.default]; + # Personalausweis reader + programs.ausweisapp.enable = true; + programs.ausweisapp.openFirewall = true; # also sets firewall entry + programs.nix-ld.enable = true; # services.xserver.displayManager.sddm.enable = true; diff --git a/hosts/franz/arion/git/arion-compose.nix b/hosts/franz/arion/git/arion-compose.nix index 5e421e3..b5c8dbd 100644 --- a/hosts/franz/arion/git/arion-compose.nix +++ b/hosts/franz/arion/git/arion-compose.nix @@ -15,6 +15,7 @@ useHostStore = true; labels = { "traefik.enable" = "true"; + "diun.enable" = "true"; "traefik.docker.network" = "dmz"; "traefik.http.services.forgejo.loadbalancer.server.port" = "3000"; @@ -30,12 +31,6 @@ "traefik.http.routers.forgejo-external.entrypoints" = "websecure-external"; "traefik.http.routers.forgejo-external.tls" = "true"; "traefik.http.routers.forgejo-external.tls.certresolver" = "letsencrypt"; - - "diun.enable" = "true"; - "diun.watch_repo" = "true"; - "diun.sort_tags" = "semver"; - "diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$"; - "diun.exclude_tags" = "\\b\\d{4,}\\b"; }; volumes = [ "/storage/dataset/docker/git/forgejo_data:/data" diff --git a/hosts/franz/arion/infrastructure/arion-compose.nix b/hosts/franz/arion/infrastructure/arion-compose.nix index f695508..7d008bf 100644 --- a/hosts/franz/arion/infrastructure/arion-compose.nix +++ b/hosts/franz/arion/infrastructure/arion-compose.nix @@ -12,7 +12,7 @@ services = { traefik.service = { - image = "traefik:v3.1.4"; + image = "traefik:3.1.4"; container_name = "traefik"; useHostStore = true; ports = [ @@ -24,6 +24,8 @@ ]; labels = { "traefik.enable" = "true"; + "diun.enable" = "true"; + "traefik.http.routers.dashboard.rule" = "Host(`traefik.ghoscht.com`)"; "traefik.http.routers.dashboard.entrypoints" = "websecure"; "traefik.http.services.dashboard.loadbalancer.server.port" = "8080"; @@ -35,11 +37,6 @@ "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme" = "https"; "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto" = "https"; - - "diun.enable" = "true"; - "diun.watch_repo" = "true"; - "diun.sort_tags" = "semver"; - "diun.include_tags" = "^v\\d+\\.\\d+\\.\\d+$$"; }; volumes = [ "/home/ghoscht/.docker/infrastructure/traefik_config/traefik.yml:/traefik.yml:ro" @@ -74,8 +71,6 @@ ]; labels = { "diun.enable" = "true"; - "diun.watch_repo" = "true"; - "diun.sort_tags" = "semver"; "diun.include_tags" = "^v\\d+\\.\\d+\\.\\d+$$"; }; depends_on = [ @@ -140,7 +135,6 @@ image = "crazymax/diun:4.28"; container_name = "diun"; restart = "always"; - command = "serve"; volumes = [ "/storage/dataset/docker/infrastructure/diun_data:/data" "/var/run/docker.sock:/var/run/docker.sock" @@ -155,6 +149,9 @@ DIUN_WATCH_RUNONSTARTUP = "true"; DIUN_PROVIDERS_DOCKER = "true"; + DIUN_DEFAULTS_SORTTAGS = "semver"; + DIUN_DEFAULTS_INCLUDETAGS = "^\\d+\\.\\d+\\.\\d+$$"; + DIUN_DEFAULTS_WATCHREPO = "true"; DIUN_DEFAULTS_MAXTAGS = 1; DIUN_DEFAULTS_NOTIFYON = "new"; diff --git a/hosts/franz/arion/media/arion-compose.nix b/hosts/franz/arion/media/arion-compose.nix index 68b160f..89ef1d8 100644 --- a/hosts/franz/arion/media/arion-compose.nix +++ b/hosts/franz/arion/media/arion-compose.nix @@ -16,6 +16,8 @@ ]; labels = { "traefik.enable" = "true"; + "diun.enable" = "true"; + "traefik.http.routers.jellyfin.entrypoints" = "websecure"; "traefik.http.routers.jellyfin.rule" = "Host(`jellyfin.ghoscht.com`)"; "traefik.http.services.jellyfin.loadbalancer.server.port" = "8096"; @@ -23,11 +25,7 @@ "traefik.http.routers.jellyfin.tls" = "true"; "traefik.http.routers.jellyfin.tls.certresolver" = "letsencrypt"; - "diun.enable" = "true"; - "diun.watch_repo" = "true"; - "diun.sort_tags" = "semver"; - "diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$"; - "diun.exclude_tags" = "\\b\\d{4,}\\b"; + "diun.exclude_tags" = "\\d{4,}"; }; volumes = [ "/storage/dataset/docker/media/jellyfin_data:/config" @@ -50,6 +48,7 @@ container_name = "navidrome"; labels = { "traefik.enable" = "true"; + "diun.enable" = "true"; "traefik.docker.network" = "dmz"; "traefik.http.services.navidrome.loadbalancer.server.port" = "4533"; @@ -65,12 +64,6 @@ "traefik.http.routers.navidrome-external.entrypoints" = "websecure-external"; "traefik.http.routers.navidrome-external.tls" = "true"; "traefik.http.routers.navidrome-external.tls.certresolver" = "letsencrypt"; - - "diun.enable" = "true"; - "diun.watch_repo" = "true"; - "diun.sort_tags" = "semver"; - "diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$"; - "diun.exclude_tags" = "\\b\\d{4,}\\b"; }; volumes = [ "/storage/dataset/docker/media/navidrome_data:/data" @@ -157,6 +150,8 @@ container_name = "prowlarr"; labels = { "traefik.enable" = "true"; + "diun.enable" = "true"; + "traefik.http.routers.prowlarr.entrypoints" = "websecure"; "traefik.http.routers.prowlarr.rule" = "Host(`prowlarr.ghoscht.com`)"; "traefik.http.services.prowlarr.loadbalancer.server.port" = "9696"; @@ -164,11 +159,6 @@ "traefik.http.routers.prowlarr.tls" = "true"; "traefik.http.routers.prowlarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.prowlarr.middlewares" = "authentik@file"; - - "diun.enable" = "true"; - "diun.watch_repo" = "true"; - "diun.sort_tags" = "semver"; - "diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$"; }; volumes = [ "/storage/dataset/docker/media/prowlarr_data:/config" @@ -189,6 +179,8 @@ container_name = "sonarr"; labels = { "traefik.enable" = "true"; + "diun.enable" = "true"; + "traefik.http.routers.sonarr.entrypoints" = "websecure"; "traefik.http.routers.sonarr.rule" = "Host(`sonarr.ghoscht.com`)"; "traefik.http.services.sonarr.loadbalancer.server.port" = "8989"; @@ -196,10 +188,6 @@ "traefik.http.routers.sonarr.tls" = "true"; "traefik.http.routers.sonarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.sonarr.middlewares" = "authentik@file"; - - "diun.enable" = "true"; - "diun.watch_repo" = "true"; - "diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$"; }; volumes = [ "/storage/dataset/docker/media/sonarr_data:/config" @@ -222,6 +210,8 @@ container_name = "radarr"; labels = { "traefik.enable" = "true"; + "diun.enable" = "true"; + "traefik.http.routers.radarr.entrypoints" = "websecure"; "traefik.http.routers.radarr.rule" = "Host(`radarr.ghoscht.com`)"; "traefik.http.services.radarr.loadbalancer.server.port" = "7878"; @@ -229,10 +219,6 @@ "traefik.http.routers.radarr.tls" = "true"; "traefik.http.routers.radarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.radarr.middlewares" = "authentik@file"; - - "diun.enable" = "true"; - "diun.watch_repo" = "true"; - "diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$"; }; volumes = [ "/storage/dataset/docker/media/radarr_data:/config" @@ -251,10 +237,12 @@ restart = "always"; }; lidarr.service = { - image = "linuxserver/lidarr:2.4.3"; + image = "linuxserver/lidarr:2.5.3"; container_name = "lidarr"; labels = { "traefik.enable" = "true"; + "diun.enable" = "true"; + "traefik.http.routers.lidarr.entrypoints" = "websecure"; "traefik.http.routers.lidarr.rule" = "Host(`lidarr.ghoscht.com`)"; "traefik.http.services.lidarr.loadbalancer.server.port" = "8686"; @@ -263,6 +251,8 @@ "traefik.http.routers.lidarr.tls" = "true"; "traefik.http.routers.lidarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.lidarr.middlewares" = "authentik@file"; + + "diun.exclude_tags" = "\\d{4,}"; }; volumes = [ "/storage/dataset/docker/media/lidarr_data:/config" @@ -335,6 +325,8 @@ container_name = "autobrr"; labels = { "traefik.enable" = "true"; + "diun.enable" = "true"; + "traefik.http.routers.autobrr.entrypoints" = "websecure"; "traefik.http.routers.autobrr.rule" = "Host(`autobrr.ghoscht.com`)"; "traefik.http.services.autobrr.loadbalancer.server.port" = "7474"; @@ -342,8 +334,6 @@ "traefik.http.routers.autobrr.tls" = "true"; "traefik.http.routers.autobrr.tls.certresolver" = "letsencrypt"; - "diun.enable" = "true"; - "diun.watch_repo" = "true"; "diun.include_tags" = "^v\\d+\\.\\d+\\.\\d+$$"; }; volumes = [ diff --git a/hosts/franz/arion/passwords/arion-compose.nix b/hosts/franz/arion/passwords/arion-compose.nix index 9654a0e..91fd592 100644 --- a/hosts/franz/arion/passwords/arion-compose.nix +++ b/hosts/franz/arion/passwords/arion-compose.nix @@ -12,6 +12,7 @@ container_name = "vaultwarden"; labels = { "traefik.enable" = "true"; + "diun.enable" = "true"; "traefik.docker.network" = "dmz"; "traefik.http.services.vaultwarden.loadbalancer.server.port" = "80"; @@ -27,12 +28,6 @@ "traefik.http.routers.vaultwarden-external.entrypoints" = "websecure-external"; "traefik.http.routers.vaultwarden-external.tls" = "true"; "traefik.http.routers.vaultwarden-external.tls.certresolver" = "letsencrypt"; - - "diun.enable" = "true"; - "diun.watch_repo" = "true"; - "diun.sort_tags" = "semver"; - "diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$"; - "diun.exclude_tags" = "\\b\\d{4,}\\b"; }; volumes = [ "/storage/dataset/docker/passwords/vaultwarden_data/:/data" diff --git a/hosts/franz/restic.nix b/hosts/franz/restic.nix index 730de4a..d18797f 100644 --- a/hosts/franz/restic.nix +++ b/hosts/franz/restic.nix @@ -64,8 +64,11 @@ in { version: 2 global: forget: - keep-weekly: 7 + keep-last: 5 + keep-weekly: 1 keep-monthly: 12 + keep-yearly: 7 + keep-within: '14d' extras: default_hooks: &default_hooks @@ -81,6 +84,7 @@ in { to: - zfs - eustachius + forget: prune cron: '0 4 * * 0' # Every Sunday at 4:00 hooks: <<: *default_hooks @@ -94,6 +98,7 @@ in { - zfs - ssd - eustachius + forget: prune cron: '0 4 * * 0' # Every Sunday at 4:00 hooks: <<: *default_hooks @@ -106,6 +111,7 @@ in { to: - zfs - eustachius + forget: prune cron: '0 4 * * 0' # Every Sunday at 4:00 hooks: <<: *default_hooks @@ -157,6 +163,7 @@ in { to: - zfs - eustachius + forget: prune cron: '0 4 * * 0' # Every Sunday at 4:00 hooks: <<: *default_hooks @@ -182,6 +189,7 @@ in { to: - zfs - eustachius + forget: prune cron: '0 4 * * 0' # Every Sunday at 4:00 hooks: <<: *default_hooks @@ -204,6 +212,7 @@ in { from: /storage/dataset/docker/headscale to: - zfs + forget: prune cron: '55 3 * * *' # Every Day at 3:55 hooks: <<: *default_hooks @@ -217,6 +226,7 @@ in { - zfs - ssd - eustachius + forget: prune cron: '55 3 * * *' # Every Day at 3:55 hooks: <<: *default_hooks @@ -230,6 +240,7 @@ in { - zfs - ssd - eustachius + forget: prune cron: '55 3 * * *' # Every Day at 3:55 hooks: <<: *default_hooks @@ -243,6 +254,7 @@ in { - zfs - ssd - eustachius + forget: prune cron: '55 3 * * *' # Every Day at 3:55 hooks: <<: *default_hooks @@ -256,6 +268,7 @@ in { - zfs - ssd - eustachius + forget: prune cron: '55 3 * * *' # Every Day at 3:55 hooks: <<: *default_hooks