Compare commits

...

6 commits

Author SHA1 Message Date
9360c07a60
Add ausweisapp 2024-11-02 11:26:12 +01:00
ca5af092fe
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/b709e1cc33fcde71c7db43850a55ebe6449d0959' (2024-09-28)
  → 'github:nix-community/disko/a6a3179ddf396dfc28a078e2f169354d0c137125' (2024-10-18)
• Updated input 'firefox-addons':
    'gitlab:rycee/nur-expressions/589f99a0ce89acdf11c9f30a5175e065ae4340db?dir=pkgs/firefox-addons' (2024-09-29)
  → 'gitlab:rycee/nur-expressions/70087c8c6e491dcc0bbff459073b480b1a72ac1c?dir=pkgs/firefox-addons' (2024-10-19)
• Updated input 'flatpaks':
    'github:GermanBread/declarative-flatpak/1cd36d4068cdeb3fa3fb815f8c9bfbc1217f445d' (2024-09-07)
  → 'github:GermanBread/declarative-flatpak/42cc2c4d97a03889d551cc82c43a0b124fd403f6' (2024-10-13)
• Updated input 'flatpaks/nixpkgs':
    'github:NixOS/nixpkgs/797f7dc49e0bc7fab4b57c021cdf68f595e47841' (2024-08-22)
  → 'github:NixOS/nixpkgs/5966581aa04be7eff830b9e1457d56dc70a0b798' (2024-10-02)
• Updated input 'flatpaks/utils':
    'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11)
  → 'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17)
• Updated input 'hardware':
    'github:nixos/nixos-hardware/11c43c830e533dad1be527ecce379fcf994fbbb5' (2024-09-30)
  → 'github:nixos/nixos-hardware/a8dd1b21995964b115b1e3ec639dd6ce24ab9806' (2024-10-12)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/1719f27dd95fd4206afb9cec9f415b539978827e' (2024-09-30)
  → 'github:nixos/nixpkgs/4eb33fe664af7b41a4c446f87d20c9a0a6321fa3' (2024-10-17)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/06cf0e1da4208d3766d898b7fdab6513366d45b9' (2024-09-29)
  → 'github:nixos/nixpkgs/5785b6bb5eaae44e627d541023034e1601455827' (2024-10-16)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/3198a242e547939c5e659353551b0668ec150268' (2024-09-30)
  → 'github:Mic92/sops-nix/06535d0e3d0201e6a8080dd32dbfde339b94f01b' (2024-10-08)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/9bb1e7571aadf31ddb4af77fc64b2d59580f9a39' (2024-09-05)
  → 'github:NixOS/nixpkgs/e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da' (2024-10-05)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/dc454045f5b5d814e5862a6d057e7bb5c29edc05' (2024-09-08)
  → 'github:NixOS/nixpkgs/17ae88b569bb15590549ff478bab6494dde4a907' (2024-10-05)
2024-10-19 11:10:54 +02:00
0305b1ce40
Centralize diun settings 2024-10-02 20:52:43 +02:00
fea9eb7c94
Bump Arion
lidarr: 2.4.3->2.5.3
2024-10-02 12:08:16 +02:00
a92d376132
Autorestic: Add scheduled autoprune 2024-10-02 11:12:04 +02:00
91a7f8b164
flake.lock: Update 2024-10-02 11:11:15 +02:00
7 changed files with 76 additions and 82 deletions

View file

@ -137,11 +137,11 @@
]
},
"locked": {
"lastModified": 1727359191,
"narHash": "sha256-5PltTychnExFwzpEnY3WhOywaMV/M6NxYI/y3oXuUtw=",
"lastModified": 1729281548,
"narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=",
"owner": "nix-community",
"repo": "disko",
"rev": "67dc29be3036cc888f0b9d4f0a788ee0f6768700",
"rev": "a6a3179ddf396dfc28a078e2f169354d0c137125",
"type": "github"
},
"original": {
@ -159,11 +159,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1727409802,
"narHash": "sha256-bTdztNxJL+dAcQ1yCtXy2upnvPt1FWerbRvzg3quhbU=",
"lastModified": 1729321532,
"narHash": "sha256-3/d/mbLQhrkE1qK2Ut/mrMElE6fP9t6ITJoRQ6F+D7o=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "7964499d31675bc17b042f5ba46abe6bc2ea79af",
"rev": "70087c8c6e491dcc0bbff459073b480b1a72ac1c",
"type": "gitlab"
},
"original": {
@ -340,11 +340,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1725688145,
"narHash": "sha256-WCdR85Psl7yfl1/gDruytzZcDUtj+V3GBxwb0kMWbts=",
"lastModified": 1728804768,
"narHash": "sha256-WG8KWmT72SA1XrmixxJwI1RRWrT9D97kkYSE5OfOJdg=",
"owner": "GermanBread",
"repo": "declarative-flatpak",
"rev": "1cd36d4068cdeb3fa3fb815f8c9bfbc1217f445d",
"rev": "42cc2c4d97a03889d551cc82c43a0b124fd403f6",
"type": "github"
},
"original": {
@ -378,11 +378,11 @@
},
"hardware": {
"locked": {
"lastModified": 1727040444,
"narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=",
"lastModified": 1728729581,
"narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac",
"rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
"type": "github"
},
"original": {
@ -778,11 +778,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"lastModified": 1728156290,
"narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"rev": "17ae88b569bb15590549ff478bab6494dde4a907",
"type": "github"
},
"original": {
@ -794,11 +794,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1727122398,
"narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
"lastModified": 1729070438,
"narHash": "sha256-KOTTUfPkugH52avUvXGxvWy8ibKKj4genodIYUED+Kc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
"rev": "5785b6bb5eaae44e627d541023034e1601455827",
"type": "github"
},
"original": {
@ -906,11 +906,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"lastModified": 1727907660,
"narHash": "sha256-QftbyPoieM5M50WKUMzQmWtBWib/ZJbHo7mhj5riQec=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"rev": "5966581aa04be7eff830b9e1457d56dc70a0b798",
"type": "github"
},
"original": {
@ -954,11 +954,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1727264057,
"narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=",
"lastModified": 1729181673,
"narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "759537f06e6999e141588ff1c9be7f3a5c060106",
"rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
"type": "github"
},
"original": {
@ -1002,11 +1002,11 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1725534445,
"narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=",
"lastModified": 1728093190,
"narHash": "sha256-CAZF2NRuHmqTtRTNAruWpHA43Gg2UvuCNEIzabP0l6M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39",
"rev": "e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da",
"type": "github"
},
"original": {
@ -1082,11 +1082,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1727423009,
"narHash": "sha256-+4B/dQm2EnORIk0k2wV3aHGaE0WXTBjColXjj7qWh10=",
"lastModified": 1728345710,
"narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "127a96f49ddc377be6ba76964411bab11ae27803",
"rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
"type": "github"
},
"original": {
@ -1229,11 +1229,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {

View file

@ -67,6 +67,10 @@
services.udev.packages = [inputs.heliox-cli.packages.x86_64-linux.default];
environment.systemPackages = [inputs.heliox-cli.packages.x86_64-linux.default];
# Personalausweis reader
programs.ausweisapp.enable = true;
programs.ausweisapp.openFirewall = true; # also sets firewall entry
programs.nix-ld.enable = true;
# services.xserver.displayManager.sddm.enable = true;

View file

@ -15,6 +15,7 @@
useHostStore = true;
labels = {
"traefik.enable" = "true";
"diun.enable" = "true";
"traefik.docker.network" = "dmz";
"traefik.http.services.forgejo.loadbalancer.server.port" = "3000";
@ -30,12 +31,6 @@
"traefik.http.routers.forgejo-external.entrypoints" = "websecure-external";
"traefik.http.routers.forgejo-external.tls" = "true";
"traefik.http.routers.forgejo-external.tls.certresolver" = "letsencrypt";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.sort_tags" = "semver";
"diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$";
"diun.exclude_tags" = "\\b\\d{4,}\\b";
};
volumes = [
"/storage/dataset/docker/git/forgejo_data:/data"

View file

@ -12,7 +12,7 @@
services = {
traefik.service = {
image = "traefik:v3.1.4";
image = "traefik:3.1.4";
container_name = "traefik";
useHostStore = true;
ports = [
@ -24,6 +24,8 @@
];
labels = {
"traefik.enable" = "true";
"diun.enable" = "true";
"traefik.http.routers.dashboard.rule" = "Host(`traefik.ghoscht.com`)";
"traefik.http.routers.dashboard.entrypoints" = "websecure";
"traefik.http.services.dashboard.loadbalancer.server.port" = "8080";
@ -35,11 +37,6 @@
"traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme" = "https";
"traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto" = "https";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.sort_tags" = "semver";
"diun.include_tags" = "^v\\d+\\.\\d+\\.\\d+$$";
};
volumes = [
"/home/ghoscht/.docker/infrastructure/traefik_config/traefik.yml:/traefik.yml:ro"
@ -74,8 +71,6 @@
];
labels = {
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.sort_tags" = "semver";
"diun.include_tags" = "^v\\d+\\.\\d+\\.\\d+$$";
};
depends_on = [
@ -140,7 +135,6 @@
image = "crazymax/diun:4.28";
container_name = "diun";
restart = "always";
command = "serve";
volumes = [
"/storage/dataset/docker/infrastructure/diun_data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
@ -155,6 +149,9 @@
DIUN_WATCH_RUNONSTARTUP = "true";
DIUN_PROVIDERS_DOCKER = "true";
DIUN_DEFAULTS_SORTTAGS = "semver";
DIUN_DEFAULTS_INCLUDETAGS = "^\\d+\\.\\d+\\.\\d+$$";
DIUN_DEFAULTS_WATCHREPO = "true";
DIUN_DEFAULTS_MAXTAGS = 1;
DIUN_DEFAULTS_NOTIFYON = "new";

View file

@ -16,6 +16,8 @@
];
labels = {
"traefik.enable" = "true";
"diun.enable" = "true";
"traefik.http.routers.jellyfin.entrypoints" = "websecure";
"traefik.http.routers.jellyfin.rule" = "Host(`jellyfin.ghoscht.com`)";
"traefik.http.services.jellyfin.loadbalancer.server.port" = "8096";
@ -23,11 +25,7 @@
"traefik.http.routers.jellyfin.tls" = "true";
"traefik.http.routers.jellyfin.tls.certresolver" = "letsencrypt";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.sort_tags" = "semver";
"diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$";
"diun.exclude_tags" = "\\b\\d{4,}\\b";
"diun.exclude_tags" = "\\d{4,}";
};
volumes = [
"/storage/dataset/docker/media/jellyfin_data:/config"
@ -50,6 +48,7 @@
container_name = "navidrome";
labels = {
"traefik.enable" = "true";
"diun.enable" = "true";
"traefik.docker.network" = "dmz";
"traefik.http.services.navidrome.loadbalancer.server.port" = "4533";
@ -65,12 +64,6 @@
"traefik.http.routers.navidrome-external.entrypoints" = "websecure-external";
"traefik.http.routers.navidrome-external.tls" = "true";
"traefik.http.routers.navidrome-external.tls.certresolver" = "letsencrypt";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.sort_tags" = "semver";
"diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$";
"diun.exclude_tags" = "\\b\\d{4,}\\b";
};
volumes = [
"/storage/dataset/docker/media/navidrome_data:/data"
@ -157,6 +150,8 @@
container_name = "prowlarr";
labels = {
"traefik.enable" = "true";
"diun.enable" = "true";
"traefik.http.routers.prowlarr.entrypoints" = "websecure";
"traefik.http.routers.prowlarr.rule" = "Host(`prowlarr.ghoscht.com`)";
"traefik.http.services.prowlarr.loadbalancer.server.port" = "9696";
@ -164,11 +159,6 @@
"traefik.http.routers.prowlarr.tls" = "true";
"traefik.http.routers.prowlarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.prowlarr.middlewares" = "authentik@file";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.sort_tags" = "semver";
"diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$";
};
volumes = [
"/storage/dataset/docker/media/prowlarr_data:/config"
@ -189,6 +179,8 @@
container_name = "sonarr";
labels = {
"traefik.enable" = "true";
"diun.enable" = "true";
"traefik.http.routers.sonarr.entrypoints" = "websecure";
"traefik.http.routers.sonarr.rule" = "Host(`sonarr.ghoscht.com`)";
"traefik.http.services.sonarr.loadbalancer.server.port" = "8989";
@ -196,10 +188,6 @@
"traefik.http.routers.sonarr.tls" = "true";
"traefik.http.routers.sonarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.sonarr.middlewares" = "authentik@file";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$";
};
volumes = [
"/storage/dataset/docker/media/sonarr_data:/config"
@ -222,6 +210,8 @@
container_name = "radarr";
labels = {
"traefik.enable" = "true";
"diun.enable" = "true";
"traefik.http.routers.radarr.entrypoints" = "websecure";
"traefik.http.routers.radarr.rule" = "Host(`radarr.ghoscht.com`)";
"traefik.http.services.radarr.loadbalancer.server.port" = "7878";
@ -229,10 +219,6 @@
"traefik.http.routers.radarr.tls" = "true";
"traefik.http.routers.radarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.radarr.middlewares" = "authentik@file";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$";
};
volumes = [
"/storage/dataset/docker/media/radarr_data:/config"
@ -251,10 +237,12 @@
restart = "always";
};
lidarr.service = {
image = "linuxserver/lidarr:2.4.3";
image = "linuxserver/lidarr:2.5.3";
container_name = "lidarr";
labels = {
"traefik.enable" = "true";
"diun.enable" = "true";
"traefik.http.routers.lidarr.entrypoints" = "websecure";
"traefik.http.routers.lidarr.rule" = "Host(`lidarr.ghoscht.com`)";
"traefik.http.services.lidarr.loadbalancer.server.port" = "8686";
@ -263,6 +251,8 @@
"traefik.http.routers.lidarr.tls" = "true";
"traefik.http.routers.lidarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.lidarr.middlewares" = "authentik@file";
"diun.exclude_tags" = "\\d{4,}";
};
volumes = [
"/storage/dataset/docker/media/lidarr_data:/config"
@ -335,6 +325,8 @@
container_name = "autobrr";
labels = {
"traefik.enable" = "true";
"diun.enable" = "true";
"traefik.http.routers.autobrr.entrypoints" = "websecure";
"traefik.http.routers.autobrr.rule" = "Host(`autobrr.ghoscht.com`)";
"traefik.http.services.autobrr.loadbalancer.server.port" = "7474";
@ -342,8 +334,6 @@
"traefik.http.routers.autobrr.tls" = "true";
"traefik.http.routers.autobrr.tls.certresolver" = "letsencrypt";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.include_tags" = "^v\\d+\\.\\d+\\.\\d+$$";
};
volumes = [

View file

@ -12,6 +12,7 @@
container_name = "vaultwarden";
labels = {
"traefik.enable" = "true";
"diun.enable" = "true";
"traefik.docker.network" = "dmz";
"traefik.http.services.vaultwarden.loadbalancer.server.port" = "80";
@ -27,12 +28,6 @@
"traefik.http.routers.vaultwarden-external.entrypoints" = "websecure-external";
"traefik.http.routers.vaultwarden-external.tls" = "true";
"traefik.http.routers.vaultwarden-external.tls.certresolver" = "letsencrypt";
"diun.enable" = "true";
"diun.watch_repo" = "true";
"diun.sort_tags" = "semver";
"diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$";
"diun.exclude_tags" = "\\b\\d{4,}\\b";
};
volumes = [
"/storage/dataset/docker/passwords/vaultwarden_data/:/data"

View file

@ -64,8 +64,11 @@ in {
version: 2
global:
forget:
keep-weekly: 7
keep-last: 5
keep-weekly: 1
keep-monthly: 12
keep-yearly: 7
keep-within: '14d'
extras:
default_hooks: &default_hooks
@ -81,6 +84,7 @@ in {
to:
- zfs
- eustachius
forget: prune
cron: '0 4 * * 0' # Every Sunday at 4:00
hooks:
<<: *default_hooks
@ -94,6 +98,7 @@ in {
- zfs
- ssd
- eustachius
forget: prune
cron: '0 4 * * 0' # Every Sunday at 4:00
hooks:
<<: *default_hooks
@ -106,6 +111,7 @@ in {
to:
- zfs
- eustachius
forget: prune
cron: '0 4 * * 0' # Every Sunday at 4:00
hooks:
<<: *default_hooks
@ -157,6 +163,7 @@ in {
to:
- zfs
- eustachius
forget: prune
cron: '0 4 * * 0' # Every Sunday at 4:00
hooks:
<<: *default_hooks
@ -182,6 +189,7 @@ in {
to:
- zfs
- eustachius
forget: prune
cron: '0 4 * * 0' # Every Sunday at 4:00
hooks:
<<: *default_hooks
@ -204,6 +212,7 @@ in {
from: /storage/dataset/docker/headscale
to:
- zfs
forget: prune
cron: '55 3 * * *' # Every Day at 3:55
hooks:
<<: *default_hooks
@ -217,6 +226,7 @@ in {
- zfs
- ssd
- eustachius
forget: prune
cron: '55 3 * * *' # Every Day at 3:55
hooks:
<<: *default_hooks
@ -230,6 +240,7 @@ in {
- zfs
- ssd
- eustachius
forget: prune
cron: '55 3 * * *' # Every Day at 3:55
hooks:
<<: *default_hooks
@ -243,6 +254,7 @@ in {
- zfs
- ssd
- eustachius
forget: prune
cron: '55 3 * * *' # Every Day at 3:55
hooks:
<<: *default_hooks
@ -256,6 +268,7 @@ in {
- zfs
- ssd
- eustachius
forget: prune
cron: '55 3 * * *' # Every Day at 3:55
hooks:
<<: *default_hooks