Compare commits

..

12 commits

Author SHA1 Message Date
b54924fec6
Port Samba to NixOS 24.11 2024-12-21 16:31:57 +01:00
6ed0c4561c
flake.lock: Update
Flake lock file updates:

• Updated input 'firefox-addons':
    'gitlab:rycee/nur-expressions/2b5a7eb2719b146f6308dfa51c9a1c4b03d965a3?dir=pkgs/firefox-addons' (2024-12-19)
  → 'gitlab:rycee/nur-expressions/c2d31edc915e357be279717b1c7c8554f751546d?dir=pkgs/firefox-addons' (2024-12-21)
• Updated input 'nixvim':
    'github:nix-community/nixvim/4f0d5e0d2947dbf111f2ce00c99ca4c6c659dc79' (2024-12-17)
  → 'github:nix-community/nixvim/334947672f1eb05488e69657b9c412230bd658b4' (2024-12-21)
• Updated input 'nixvim/git-hooks':
    'github:cachix/git-hooks.nix/d8c02f0ffef0ef39f6063731fc539d8c71eb463a' (2024-12-08)
  → 'github:cachix/git-hooks.nix/0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d' (2024-12-17)
• Updated input 'nixvim/home-manager':
    'github:nix-community/home-manager/1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f' (2024-12-11)
  → 'github:nix-community/home-manager/80b0fdf483c5d1cb75aaad909bd390d48673857f' (2024-12-16)
• Updated input 'nixvim/treefmt-nix':
    'github:numtide/treefmt-nix/0ce9d149d99bc383d1f2d85f31f6ebd146e46085' (2024-12-09)
  → 'github:numtide/treefmt-nix/65712f5af67234dad91a5a4baee986a8b62dbf8f' (2024-12-20)
• Updated input 'picokontroller':
    'git+https://git.ghoscht.com/ghoscht/picoKontroller?ref=refs/heads/master&rev=d2a7e36f5e58300af341a728b9c4e1bfe2776d4d' (2024-12-20)
  → 'git+https://git.ghoscht.com/ghoscht/picoKontroller?ref=refs/heads/master&rev=6d210f6fbd1256e9430da4247e45c925a2f7c587' (2024-12-21)
2024-12-21 16:24:21 +01:00
fa6763821c
Merge branch 'main' of ssh://git.ghoscht.com:2222/ghoscht/nix-config 2024-12-21 16:14:46 +01:00
857a925476
Add custom video backup & bump arion
videos which are so precious they are hard to get in case of a system
failure

Arion: Bump auth

Arion: Bump dashboard

Arion: Bump DNS

Arion: Bump git

Arion: Bump infrastructure

Arion: Bump media

Arion: Bump minio

Arion: Bump nextcloud

Arion: Bump

bump
2024-12-21 16:11:30 +01:00
d8df732fdd
Add forgejo runner 2024-12-18 22:47:19 +01:00
14cbb1507e
Nix: Fix warning 2024-12-09 13:39:28 +01:00
69e86ebfd3
Arion: Add ffmppeg to nextcloud
used by memories to e.g. generate thumbnails of videos
2024-12-09 13:26:19 +01:00
e2b65ceead
Arion: Bump media 2024-12-09 13:25:38 +01:00
7e46da362b
Arion: Bump auth 2024-12-09 12:58:50 +01:00
047fa9425c
Arion: Bump infrastructure 2024-12-09 12:57:43 +01:00
c8d290c36f
Change eustachius ip address
eustachius hung up and needed to be freshly set-up requiring a new
tailscale connection
2024-12-09 12:57:31 +01:00
3d887fc5c5
Arion: Bump signal 2024-12-09 12:56:37 +01:00
22 changed files with 134 additions and 263 deletions

View file

@ -231,11 +231,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1734648163, "lastModified": 1734785267,
"narHash": "sha256-AK7nqONfzyxUzqVVeRoniO6NRv4SaxPrXwuyY8jtCXs=", "narHash": "sha256-YYegplAxphR6h/RC51QuR/h+8blQfwA7PizOJnn1tKY=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "2b5a7eb2719b146f6308dfa51c9a1c4b03d965a3", "rev": "c2d31edc915e357be279717b1c7c8554f751546d",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -547,11 +547,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1733665616, "lastModified": 1734425854,
"narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=", "narHash": "sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a", "rev": "0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -747,11 +747,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1733951536, "lastModified": 1734366194,
"narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1277,11 +1277,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1734447589, "lastModified": 1734784342,
"narHash": "sha256-APyzO3pn6iiGJxkWczifnxm3pKZrNYgpJUPpnVfUwsk=", "narHash": "sha256-uap4LcvjpTz5WTgDfQYtL3QCpGmtee7DuD5mB8AIiLw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "4f0d5e0d2947dbf111f2ce00c99ca4c6c659dc79", "rev": "334947672f1eb05488e69657b9c412230bd658b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1324,11 +1324,11 @@
"treefmt-nix": "treefmt-nix_3" "treefmt-nix": "treefmt-nix_3"
}, },
"locked": { "locked": {
"lastModified": 1734729657, "lastModified": 1734788715,
"narHash": "sha256-6X+/mqwW1X++QMAUX/p5N0VbAfvqKuQSqZNbEoHfFVo=", "narHash": "sha256-T8FY85Y5wMcK6KP09DFhY8k7czMp3JPDyDRmrdz1yzc=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "d2a7e36f5e58300af341a728b9c4e1bfe2776d4d", "rev": "6d210f6fbd1256e9430da4247e45c925a2f7c587",
"revCount": 30, "revCount": 38,
"type": "git", "type": "git",
"url": "https://git.ghoscht.com/ghoscht/picoKontroller" "url": "https://git.ghoscht.com/ghoscht/picoKontroller"
}, },
@ -1636,11 +1636,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1733761991, "lastModified": 1734704479,
"narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -1,5 +1,5 @@
let let
authentikImage = "ghcr.io/goauthentik/server:2024.10.2"; authentikImage = "ghcr.io/goauthentik/server:2024.12.0";
in { in {
project.name = "auth"; project.name = "auth";

View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "dashboard"; project.name = "dashboard";
networks.dmz = { networks.dmz = {
@ -8,7 +8,7 @@
services = { services = {
homarr.service = { homarr.service = {
image = "ghcr.io/ajnart/homarr:0.15.3"; image = "ghcr.io/ajnart/homarr:0.15.10";
container_name = "homarr"; container_name = "homarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";

View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "dns"; project.name = "dns";
networks.dmz = { networks.dmz = {
@ -20,7 +20,7 @@
services = { services = {
pihole.service = { pihole.service = {
image = "pihole/pihole:2024.03.1"; image = "pihole/pihole:2024.07.0";
container_name = "pihole"; container_name = "pihole";
hostname = "pihole"; hostname = "pihole";
environment = { environment = {
@ -59,7 +59,7 @@
]; ];
}; };
unbound.service = { unbound.service = {
image = "mvance/unbound:1.19.3"; image = "mvance/unbound:1.21.1";
container_name = "unbound"; container_name = "unbound";
volumes = [ volumes = [
"/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound" "/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound"

View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "git"; project.name = "git";
networks.dmz = { networks.dmz = {
@ -10,7 +10,7 @@
services = { services = {
forgejo.service = { forgejo.service = {
image = "codeberg.org/forgejo/forgejo:9.0.2"; image = "codeberg.org/forgejo/forgejo:9.0.3";
container_name = "forgejo"; container_name = "forgejo";
useHostStore = true; useHostStore = true;
labels = { labels = {

View file

@ -1,4 +1,8 @@
{config, ...}: let {
config,
pkgs,
...
}: let
vars = import ../../../../vars.nix; vars = import ../../../../vars.nix;
in { in {
virtualisation.arion = { virtualisation.arion = {
@ -16,6 +20,9 @@ in {
sops.secrets."forgejo/db_database" = { sops.secrets."forgejo/db_database" = {
owner = vars.user; owner = vars.user;
}; };
sops.secrets."forgejo/runner_token" = {
owner = vars.user;
};
sops.templates."forgejo.env" = { sops.templates."forgejo.env" = {
path = "/home/${vars.user}/.docker/git/forgejo.env"; path = "/home/${vars.user}/.docker/git/forgejo.env";
@ -38,4 +45,21 @@ in {
POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}" POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}"
''; '';
}; };
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.default = {
enable = true;
name = config.networking.hostName;
url = "https://git.ghoscht.com";
# tokenFile = "/home/${vars.user}/.docker/git/forgejo-runner.env";
tokenFile = config.sops.secrets."forgejo/runner_token".path;
labels = [
"ubuntu-latest:docker://node:22-bookworm"
];
};
};
# enable cache actions https://forgejo.org/docs/latest/admin/runner-installation/
networking.firewall.trustedInterfaces = ["br-+"];
} }

View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "infrastructure"; project.name = "infrastructure";
networks.dmz = { networks.dmz = {
@ -12,7 +12,7 @@
services = { services = {
traefik.service = { traefik.service = {
image = "traefik:3.1.4"; image = "traefik:3.2.3";
container_name = "traefik"; container_name = "traefik";
useHostStore = true; useHostStore = true;
ports = [ ports = [
@ -54,7 +54,7 @@
]; ];
}; };
crowdsec.service = { crowdsec.service = {
image = "crowdsecurity/crowdsec:v1.6.3"; image = "crowdsecurity/crowdsec:v1.6.4";
container_name = "crowdsec"; container_name = "crowdsec";
environment = { environment = {
GID = "1000"; GID = "1000";

View file

@ -1,113 +0,0 @@
{pkgs, ...}: {
project.name = "matrix";
networks.dmz = {
name = "dmz";
external = true;
};
networks.transport = {};
services = {
synapse.service = {
image = "matrixdotorg/synapse:v1.118.0";
container_name = "synapse";
labels = {
"traefik.enable" = "true";
"traefik.http.services.synapse.loadbalancer.server.port" = "8008";
"traefik.http.routers.synapse.service" = "synapse";
"traefik.http.routers.synapse.entrypoints" = "websecure";
"traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.synapse.tls" = "true";
"traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
"traefik.http.services.synapse-external.loadbalancer.server.port" = "8008";
"traefik.http.routers.synapse-external.service" = "synapse-external";
"traefik.http.routers.synapse-external.rule" = "Host(`synapse.ghoscht.com`)";
"traefik.http.routers.synapse-external.entrypoints" = "websecure-external";
"traefik.http.routers.synapse-external.tls" = "true";
"traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
};
volumes = [
"/storage/dataset/docker/matrix/synapse_data:/data"
];
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
];
environment = {
UID = "1000";
GID = "1000";
TZ = "Europe/Berlin";
};
restart = "unless-stopped";
networks = [
"dmz"
"transport"
];
};
postgres.service = {
image = "postgres:14";
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
];
volumes = [
"/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
];
restart = "unless-stopped";
networks = [
"transport"
];
};
matrix-nginx.service = {
container_name = "matrix-nginx";
image = "nginx:1.25.4";
volumes = [
"/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
"/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
];
labels = {
"traefik.enable" = "true";
"traefik.http.services.matrix.loadbalancer.server.port" = "80";
"traefik.http.routers.matrix.service" = "matrix";
"traefik.http.routers.matrix.entrypoints" = "websecure";
"traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.matrix.tls" = "true";
"traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
"traefik.http.services.matrix-external.loadbalancer.server.port" = "80";
"traefik.http.routers.matrix-external.service" = "matrix-external";
"traefik.http.routers.matrix-external.rule" = "Host(`matrix.ghoscht.com`)";
"traefik.http.routers.matrix-external.entrypoints" = "websecure-external";
"traefik.http.routers.matrix-external.tls" = "true";
"traefik.http.routers.matrix-external.tls.certresolver" = "letsencrypt";
};
restart = "unless-stopped";
networks = [
"transport"
"dmz"
];
};
element.service = {
image = "vectorim/element-web:v1.11.64";
volumes = [
"/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.element.entrypoints" = "websecure";
"traefik.http.routers.element.rule" = "Host(`chat.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.element.tls" = "true";
"traefik.http.routers.element.tls.certresolver" = "letsencrypt";
};
restart = "unless-stopped";
networks = [
"dmz"
];
};
};
}

View file

@ -1,6 +0,0 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

View file

@ -1,30 +0,0 @@
{config, ...}: let
vars = import ../../../../vars.nix;
in {
# virtualisation.arion = {
# projects.matrix.settings = {
# imports = [./arion-compose.nix];
# };
# };
sops.secrets."matrix/postgres_password" = {
owner = vars.user;
};
sops.secrets."matrix/postgres_database" = {
owner = vars.user;
};
sops.secrets."matrix/postgres_user" = {
owner = vars.user;
};
sops.templates."synapse.env" = {
path = "/home/${vars.user}/.docker/matrix/synapse.env";
owner = vars.user;
mode = "0775";
content = ''
POSTGRES_DB="${config.sops.placeholder."matrix/postgres_database"}"
POSTGRES_USER="${config.sops.placeholder."matrix/postgres_user"}"
POSTGRES_PASSWORD="${config.sops.placeholder."matrix/postgres_password"}"
'';
};
}

View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "media"; project.name = "media";
networks.dmz = { networks.dmz = {
@ -9,7 +9,7 @@
services = { services = {
jellyfin.service = { jellyfin.service = {
image = "linuxserver/jellyfin:10.9.10"; image = "linuxserver/jellyfin:10.10.3";
container_name = "jellyfin"; container_name = "jellyfin";
ports = [ ports = [
"8096:8096" "8096:8096"
@ -44,7 +44,7 @@
]; ];
}; };
navidrome.service = { navidrome.service = {
image = "deluan/navidrome:0.53.1"; image = "deluan/navidrome:0.54.1";
container_name = "navidrome"; container_name = "navidrome";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -146,7 +146,7 @@
]; ];
}; };
prowlarr.service = { prowlarr.service = {
image = "linuxserver/prowlarr:1.23.1"; image = "linuxserver/prowlarr:1.28.2";
container_name = "prowlarr"; container_name = "prowlarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -175,7 +175,7 @@
restart = "always"; restart = "always";
}; };
sonarr.service = { sonarr.service = {
image = "linuxserver/sonarr:4.0.9"; image = "linuxserver/sonarr:4.0.11";
container_name = "sonarr"; container_name = "sonarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -206,7 +206,7 @@
restart = "always"; restart = "always";
}; };
radarr.service = { radarr.service = {
image = "linuxserver/radarr:5.9.1"; image = "linuxserver/radarr:5.16.3";
container_name = "radarr"; container_name = "radarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -237,7 +237,7 @@
restart = "always"; restart = "always";
}; };
lidarr.service = { lidarr.service = {
image = "linuxserver/lidarr:2.5.3"; image = "linuxserver/lidarr:2.8.2";
container_name = "lidarr"; container_name = "lidarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -273,7 +273,7 @@
restart = "always"; restart = "always";
}; };
bazarr.service = { bazarr.service = {
image = "hotio/bazarr:release-1.4.3"; image = "hotio/bazarr:release-1.4.5";
container_name = "bazarr"; container_name = "bazarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -298,7 +298,7 @@
restart = "always"; restart = "always";
}; };
jellyseerr.service = { jellyseerr.service = {
image = "fallenbagel/jellyseerr:1.7.0"; image = "fallenbagel/jellyseerr:2.1.0";
container_name = "jellyseerr"; container_name = "jellyseerr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -321,7 +321,7 @@
restart = "always"; restart = "always";
}; };
autobrr.service = { autobrr.service = {
image = "ghcr.io/autobrr/autobrr:v1.46.0"; image = "ghcr.io/autobrr/autobrr:v1.53.0";
container_name = "autobrr"; container_name = "autobrr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -353,35 +353,8 @@
}; };
restart = "always"; restart = "always";
}; };
# deemix.service = {
# image = "finniedj/deemix:latest";
# container_name = "deemix";
# labels = {
# "traefik.enable" = "true";
# "traefik.http.routers.deemix.entrypoints" = "websecure";
# "traefik.http.routers.deemix.rule" = "Host(`deemix.ghoscht.com`)";
# "traefik.http.services.deemix.loadbalancer.server.port" = "6595";
# "traefik.docker.network" = "dmz";
# "traefik.http.routers.deemix.tls" = "true";
# "traefik.http.routers.deemix.tls.certresolver" = "letsencrypt";
# };
# volumes = [
# "/home/ghoscht/.data/deemix:/downloads"
# ];
# environment = {
# PUID = 1000;
# PGID = 1000;
# UMASK_SET = 022;
# TZ = "Europe/Berlin";
# };
# network_mode = "service:vpn";
# depends_on = {
# vpn = {condition = "service_healthy";};
# };
# restart = "always";
# };
unpackerr.service = { unpackerr.service = {
image = "golift/unpackerr:0.13"; image = "golift/unpackerr:0.14.5";
container_name = "unpackerr"; container_name = "unpackerr";
volumes = [ volumes = [
"/storage/dataset/data/:/data" "/storage/dataset/data/:/data"

View file

@ -8,7 +8,7 @@
services = { services = {
minio.service = { minio.service = {
image = "bitnami/minio:2024.5.10"; image = "bitnami/minio:2024.12.18";
container_name = "minio"; container_name = "minio";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";

View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "nextcloud"; project.name = "nextcloud";
networks.dmz = { networks.dmz = {
@ -10,7 +10,7 @@
services = { services = {
nextcloud.service = { nextcloud.service = {
image = "nextcloud:28.0.4"; image = "nextcloud:30.0.4";
container_name = "nextcloud"; container_name = "nextcloud";
useHostStore = true; useHostStore = true;
labels = { labels = {
@ -25,10 +25,12 @@
"/storage/dataset/docker/nextcloud/nextcloud_data/data:/var/www/html/data" "/storage/dataset/docker/nextcloud/nextcloud_data/data:/var/www/html/data"
"/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html" "/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html"
]; ];
entrypoint = "/bin/bash -c 'apt update && apt install ffmpeg -y && /entrypoint.sh apache2-foreground'";
hostname = "nextcloud.ghoscht.com"; hostname = "nextcloud.ghoscht.com";
environment = { environment = {
REDIS_HOST = "nextcloud-redis"; REDIS_HOST = "nextcloud-redis";
REDIS_PORT = 6379; REDIS_PORT = 6379;
TRUSTED_PROXIES = "172.27.0.9/24";
}; };
restart = "unless-stopped"; restart = "unless-stopped";
networks = [ networks = [

View file

@ -8,7 +8,7 @@
services = { services = {
vaultwarden.service = { vaultwarden.service = {
image = "vaultwarden/server:1.32.5"; image = "vaultwarden/server:1.32.7";
container_name = "vaultwarden"; container_name = "vaultwarden";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";

View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "push"; project.name = "push";
networks.dmz = { networks.dmz = {
@ -8,7 +8,7 @@
services = { services = {
ntfy.service = { ntfy.service = {
image = "binwiederhier/ntfy:v2.10.0"; image = "binwiederhier/ntfy:v2.11.0";
container_name = "ntfy"; container_name = "ntfy";
user = "1000:1000"; user = "1000:1000";
command = "serve"; command = "serve";

View file

@ -8,7 +8,7 @@
services = { services = {
mollysocket.service = { mollysocket.service = {
image = "ghcr.io/mollyim/mollysocket:1.3.0"; image = "ghcr.io/mollyim/mollysocket:1.5.4";
container_name = "mollysocket"; container_name = "mollysocket";
useHostStore = true; useHostStore = true;
ports = [ ports = [
@ -41,6 +41,9 @@
MOLLY_PORT = 8020; MOLLY_PORT = 8020;
RUST_LOG = "info"; RUST_LOG = "info";
}; };
env_file = [
"/home/ghoscht/.docker/signal/mollysocket.env"
];
restart = "always"; restart = "always";
networks = [ networks = [
"dmz" "dmz"

View file

@ -1,7 +1,22 @@
{config, ...}: { {config, ...}: let
vars = import ../../../../vars.nix;
in {
virtualisation.arion = { virtualisation.arion = {
projects.signal.settings = { projects.signal.settings = {
imports = [./arion-compose.nix]; imports = [./arion-compose.nix];
}; };
}; };
sops.secrets."signal/vapid_privkey" = {
owner = vars.user;
};
sops.templates."mollysocket.env" = {
path = "/home/${vars.user}/.docker/signal/mollysocket.env";
owner = vars.user;
mode = "0775";
content = ''
MOLLY_VAPID_PRIVKEY="${config.sops.placeholder."signal/vapid_privkey"}"
'';
};
} }

View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {
project.name = "smarthome"; project.name = "smarthome";
networks.dmz = { networks.dmz = {
@ -8,7 +8,7 @@
services = { services = {
homeassistant.service = { homeassistant.service = {
image = "ghcr.io/home-assistant/home-assistant:2024.4.1"; image = "ghcr.io/home-assistant/home-assistant:2024.12.5";
container_name = "homeassistant"; container_name = "homeassistant";
privileged = true; privileged = true;
labels = { labels = {

View file

@ -59,7 +59,8 @@ in {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"
]; ];
}; };
security.pam.enableSSHAgentAuth = true;
security.pam.sshAgentAuth.enable = true;
nixpkgs = { nixpkgs = {
overlays = [ overlays = [

View file

@ -302,6 +302,14 @@ in {
cron: '55 3 * * *' # Every Day at 3:55 cron: '55 3 * * *' # Every Day at 3:55
hooks: hooks:
<<: *default_hooks <<: *default_hooks
videos:
from: /home/ghoscht/Videos
to:
- zfs
- eustachius
cron: '55 3 * * *' # Every Day at 3:55
hooks:
<<: *default_hooks
backends: backends:
zfs: zfs:
type: local type: local
@ -309,7 +317,7 @@ in {
key: '${config.sops.placeholder."autorestic/zfs_key"}' key: '${config.sops.placeholder."autorestic/zfs_key"}'
eustachius: eustachius:
type: rest type: rest
path: http://100.64.0.3:8000/franz path: http://fd7a:115c:a1e0::8:8000/franz
key: '${config.sops.placeholder."autorestic/eustachius_key"}' key: '${config.sops.placeholder."autorestic/eustachius_key"}'
''; '';
}; };

View file

@ -1,29 +1,31 @@
{ {
services.samba = { services.samba = {
enable = true; enable = true;
securityType = "user";
openFirewall = true; openFirewall = true;
extraConfig = '' settings = {
workgroup = WORKGROUP global = {
server string = franz "invalid users" = [
netbios name = franz "root"
security = user ];
#use sendfile = yes "passwd program" = "/run/wrappers/bin/passwd %u";
#max protocol = smb2 "security" = "user";
"workgroup" = "WORKGROUP";
"server string" = "franz";
"netbios name" = "franz";
# note: localhost is the ipv6 localhost ::1 # note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.178. 127.0.0.1 localhost "hosts allow" = "192.168.178. 127.0.0.1 localhost";
hosts deny = 0.0.0.0/0 "hosts deny" = "0.0.0.0/0";
guest account = nobody "guest account" = "nobody";
map to guest = bad user "map to guest" = "bad user";
# debugging # debugging
# log file = /var/log/samba/log.%m # log file = /var/log/samba/log.%m
# max log size = 1000 # max log size = 1000
# logging = file # logging = file
''; };
# Run sudo smbpasswd -a <username> to set the smb password for an EXISTING linux user # Run sudo smbpasswd -a <username> to set the smb password for an EXISTING linux user
shares = {
software = { software = {
path = "/storage/dataset/data/torrents/misc"; path = "/storage/dataset/data/torrents/misc";
browseable = "yes"; browseable = "yes";
@ -34,17 +36,6 @@
"force user" = "ghoscht"; "force user" = "ghoscht";
"force group" = "users"; "force group" = "users";
}; };
max = {
path = "/storage/dataset/nas/max";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"valid users" = "max";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "ghoscht";
"force group" = "users";
};
}; };
}; };

View file

@ -13,6 +13,7 @@ forgejo:
db_password: ENC[AES256_GCM,data:1lpmX58=,iv:9TehYmpS3RQc0WsKVR4Tx36utL2e6avbc7BlK0+B178=,tag:xHRv+WJUch3jmRIWghjnPg==,type:str] db_password: ENC[AES256_GCM,data:1lpmX58=,iv:9TehYmpS3RQc0WsKVR4Tx36utL2e6avbc7BlK0+B178=,tag:xHRv+WJUch3jmRIWghjnPg==,type:str]
db_user: ENC[AES256_GCM,data:rYxa8nU=,iv:Lijug8gqMTnMG9WQsivyrO/IbgrAyWfG7IQ99x1Q5gA=,tag:OipZUyZiMh4PLbo7KJAksQ==,type:str] db_user: ENC[AES256_GCM,data:rYxa8nU=,iv:Lijug8gqMTnMG9WQsivyrO/IbgrAyWfG7IQ99x1Q5gA=,tag:OipZUyZiMh4PLbo7KJAksQ==,type:str]
db_database: ENC[AES256_GCM,data:br/OvQA=,iv:g2krpkX1XXXhT4FgzbeXp/MgcpHayndtBv+8dpmp03M=,tag:z5h/TSBXViFr3lNN15XFAA==,type:str] db_database: ENC[AES256_GCM,data:br/OvQA=,iv:g2krpkX1XXXhT4FgzbeXp/MgcpHayndtBv+8dpmp03M=,tag:z5h/TSBXViFr3lNN15XFAA==,type:str]
runner_token: ENC[AES256_GCM,data:rjgbrqLAA16dlNDn/Mh3TQ8+2mYD3Sn2502aY0PuNmINIfu9lnUCtw==,iv:FAzNa0fxlN61xrrWrbfRl6F4GHkR3bhmZEPrejTpKyU=,tag:yoOAiVCBQFuFpT+cgXPuWA==,type:str]
navidrome: navidrome:
spotify_id: ENC[AES256_GCM,data:yTNp25CHtnFkvXhbvduVzkmenT3TjkpWR0ZhSTKOiAs=,iv:cuewBT/XfneiHUjlFCV0O/nzXHoEVO/JyfgqRACreEc=,tag:TOZ+GDqZ2SkibKhEhIcX7w==,type:str] spotify_id: ENC[AES256_GCM,data:yTNp25CHtnFkvXhbvduVzkmenT3TjkpWR0ZhSTKOiAs=,iv:cuewBT/XfneiHUjlFCV0O/nzXHoEVO/JyfgqRACreEc=,tag:TOZ+GDqZ2SkibKhEhIcX7w==,type:str]
spotify_secret: ENC[AES256_GCM,data:sHYYHDgW0nNP7vCk0qOZdLOyetG4XbK7NaxYSt4kr68=,iv:p0+wW287UteJfJaiajX9/XOEkkm957Rs46hYaml6Of4=,tag:SsEyVYdPpO/yv9vF7Dj+HA==,type:str] spotify_secret: ENC[AES256_GCM,data:sHYYHDgW0nNP7vCk0qOZdLOyetG4XbK7NaxYSt4kr68=,iv:p0+wW287UteJfJaiajX9/XOEkkm957Rs46hYaml6Of4=,tag:SsEyVYdPpO/yv9vF7Dj+HA==,type:str]
@ -66,6 +67,8 @@ wiki:
db_user: ENC[AES256_GCM,data:g2+KPA==,iv:0I7EoGNlnnKf5H0UnmJ++9XDHEqZpXgZkyaW9flxN8c=,tag:b3WrfHGkxIJ1nNFp3FHAjA==,type:str] db_user: ENC[AES256_GCM,data:g2+KPA==,iv:0I7EoGNlnnKf5H0UnmJ++9XDHEqZpXgZkyaW9flxN8c=,tag:b3WrfHGkxIJ1nNFp3FHAjA==,type:str]
db_pass: ENC[AES256_GCM,data:rYmNXQ==,iv:ZnImkMdIkp92jkojLVBSGSN06my3xFwr3AFfENNXgfQ=,tag:AZHqXRLfJ0lFrGyut+Sdug==,type:str] db_pass: ENC[AES256_GCM,data:rYmNXQ==,iv:ZnImkMdIkp92jkojLVBSGSN06my3xFwr3AFfENNXgfQ=,tag:AZHqXRLfJ0lFrGyut+Sdug==,type:str]
db_name: ENC[AES256_GCM,data:Ns7vKJxeTw==,iv:GREMMRicS+1n/uk+KOeplqHn/ZdjjOjQ4d0qV5FICy8=,tag:CSeDTNjBiJ4G2VnytpNXiw==,type:str] db_name: ENC[AES256_GCM,data:Ns7vKJxeTw==,iv:GREMMRicS+1n/uk+KOeplqHn/ZdjjOjQ4d0qV5FICy8=,tag:CSeDTNjBiJ4G2VnytpNXiw==,type:str]
signal:
vapid_privkey: ENC[AES256_GCM,data:OaB+1baDLCXd7kqfQWwX8yBoqARuHFYWmtsiQ/ku8Om6ZKZkuoGVJP1FuQ==,iv:iQkYrRl3+pVzN6bjz1MPo+7prFJRHGkxHr5BjjDlFuM=,tag:vCMo14LZvVjCtJ4vGH0DOA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -81,8 +84,8 @@ sops:
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig== EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-09T13:53:16Z" lastmodified: "2024-12-18T20:43:51Z"
mac: ENC[AES256_GCM,data:5pANdrfnPuDf2mai0UgcFbwr4OzjLzLWraKOt38fX2MySYH2EryMzsk4prhehXPTkD3soMFwaVbuuqZUbkWCWM3CtjuyCisQH4uiZZw+slw6g8atr4h3tpHtD2SwgGVESMJouVQyfb9ko4O1ArBvml/0a6DAGmwoxlQwGboZR5M=,iv:oiZx4BsRBNAn+hjhzhV6oVZrYQJ32DAQlyNNsevaLpc=,tag:A0EsGeaP5vy9vA8WZjbxIQ==,type:str] mac: ENC[AES256_GCM,data:RSaqAh5OpOK6WjJSLzi4uUSGdGphTuz8skfqY3YEb9woVNFUKgYMurISuvCTBz99qcXSZGBmbL7Ppu+cEJQGCRz6Vmtu+mql5FbP/iyEOJALMN6VuK6l84WFzzEnWnNrN49B/+aTwtwJ01DDwy6Ze9RqekEAyLjYoyc/C94TwN4=,iv:kGtHqjZNal2t6GxYAvIRVnjI2VFrMAC3K5W62Slqmnw=,tag:paPQz3LRVfizIX3YXH9uCQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1