Compare commits

..

No commits in common. "b54924fec635ef0ca5fac04437bd9dd5290f7888" and "0c7e2bd30415efc26f93b4c6dcb4bf3a6ee440de" have entirely different histories.

22 changed files with 263 additions and 134 deletions

View file

@ -231,11 +231,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1734785267, "lastModified": 1734648163,
"narHash": "sha256-YYegplAxphR6h/RC51QuR/h+8blQfwA7PizOJnn1tKY=", "narHash": "sha256-AK7nqONfzyxUzqVVeRoniO6NRv4SaxPrXwuyY8jtCXs=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "c2d31edc915e357be279717b1c7c8554f751546d", "rev": "2b5a7eb2719b146f6308dfa51c9a1c4b03d965a3",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -547,11 +547,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734425854, "lastModified": 1733665616,
"narHash": "sha256-nzE5UbJ41aPEKf8R2ZFYtLkqPmF7EIUbNEdHMBLg0Ig=", "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "0ddd26d0925f618c3a5d85a4fa5eb1e23a09491d", "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -747,11 +747,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734366194, "lastModified": 1733951536,
"narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1277,11 +1277,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1734784342, "lastModified": 1734447589,
"narHash": "sha256-uap4LcvjpTz5WTgDfQYtL3QCpGmtee7DuD5mB8AIiLw=", "narHash": "sha256-APyzO3pn6iiGJxkWczifnxm3pKZrNYgpJUPpnVfUwsk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "334947672f1eb05488e69657b9c412230bd658b4", "rev": "4f0d5e0d2947dbf111f2ce00c99ca4c6c659dc79",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1324,11 +1324,11 @@
"treefmt-nix": "treefmt-nix_3" "treefmt-nix": "treefmt-nix_3"
}, },
"locked": { "locked": {
"lastModified": 1734788715, "lastModified": 1734729657,
"narHash": "sha256-T8FY85Y5wMcK6KP09DFhY8k7czMp3JPDyDRmrdz1yzc=", "narHash": "sha256-6X+/mqwW1X++QMAUX/p5N0VbAfvqKuQSqZNbEoHfFVo=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "6d210f6fbd1256e9430da4247e45c925a2f7c587", "rev": "d2a7e36f5e58300af341a728b9c4e1bfe2776d4d",
"revCount": 38, "revCount": 30,
"type": "git", "type": "git",
"url": "https://git.ghoscht.com/ghoscht/picoKontroller" "url": "https://git.ghoscht.com/ghoscht/picoKontroller"
}, },
@ -1636,11 +1636,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734704479, "lastModified": 1733761991,
"narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=", "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f", "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -1,5 +1,5 @@
let let
authentikImage = "ghcr.io/goauthentik/server:2024.12.0"; authentikImage = "ghcr.io/goauthentik/server:2024.10.2";
in { in {
project.name = "auth"; project.name = "auth";

View file

@ -1,4 +1,4 @@
{ {pkgs, ...}: {
project.name = "dashboard"; project.name = "dashboard";
networks.dmz = { networks.dmz = {
@ -8,7 +8,7 @@
services = { services = {
homarr.service = { homarr.service = {
image = "ghcr.io/ajnart/homarr:0.15.10"; image = "ghcr.io/ajnart/homarr:0.15.3";
container_name = "homarr"; container_name = "homarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";

View file

@ -1,4 +1,4 @@
{ {pkgs, ...}: {
project.name = "dns"; project.name = "dns";
networks.dmz = { networks.dmz = {
@ -20,7 +20,7 @@
services = { services = {
pihole.service = { pihole.service = {
image = "pihole/pihole:2024.07.0"; image = "pihole/pihole:2024.03.1";
container_name = "pihole"; container_name = "pihole";
hostname = "pihole"; hostname = "pihole";
environment = { environment = {
@ -59,7 +59,7 @@
]; ];
}; };
unbound.service = { unbound.service = {
image = "mvance/unbound:1.21.1"; image = "mvance/unbound:1.19.3";
container_name = "unbound"; container_name = "unbound";
volumes = [ volumes = [
"/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound" "/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound"

View file

@ -1,4 +1,4 @@
{ {pkgs, ...}: {
project.name = "git"; project.name = "git";
networks.dmz = { networks.dmz = {
@ -10,7 +10,7 @@
services = { services = {
forgejo.service = { forgejo.service = {
image = "codeberg.org/forgejo/forgejo:9.0.3"; image = "codeberg.org/forgejo/forgejo:9.0.2";
container_name = "forgejo"; container_name = "forgejo";
useHostStore = true; useHostStore = true;
labels = { labels = {

View file

@ -1,8 +1,4 @@
{ {config, ...}: let
config,
pkgs,
...
}: let
vars = import ../../../../vars.nix; vars = import ../../../../vars.nix;
in { in {
virtualisation.arion = { virtualisation.arion = {
@ -20,9 +16,6 @@ in {
sops.secrets."forgejo/db_database" = { sops.secrets."forgejo/db_database" = {
owner = vars.user; owner = vars.user;
}; };
sops.secrets."forgejo/runner_token" = {
owner = vars.user;
};
sops.templates."forgejo.env" = { sops.templates."forgejo.env" = {
path = "/home/${vars.user}/.docker/git/forgejo.env"; path = "/home/${vars.user}/.docker/git/forgejo.env";
@ -45,21 +38,4 @@ in {
POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}" POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}"
''; '';
}; };
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.default = {
enable = true;
name = config.networking.hostName;
url = "https://git.ghoscht.com";
# tokenFile = "/home/${vars.user}/.docker/git/forgejo-runner.env";
tokenFile = config.sops.secrets."forgejo/runner_token".path;
labels = [
"ubuntu-latest:docker://node:22-bookworm"
];
};
};
# enable cache actions https://forgejo.org/docs/latest/admin/runner-installation/
networking.firewall.trustedInterfaces = ["br-+"];
} }

View file

@ -1,4 +1,4 @@
{ {pkgs, ...}: {
project.name = "infrastructure"; project.name = "infrastructure";
networks.dmz = { networks.dmz = {
@ -12,7 +12,7 @@
services = { services = {
traefik.service = { traefik.service = {
image = "traefik:3.2.3"; image = "traefik:3.1.4";
container_name = "traefik"; container_name = "traefik";
useHostStore = true; useHostStore = true;
ports = [ ports = [
@ -54,7 +54,7 @@
]; ];
}; };
crowdsec.service = { crowdsec.service = {
image = "crowdsecurity/crowdsec:v1.6.4"; image = "crowdsecurity/crowdsec:v1.6.3";
container_name = "crowdsec"; container_name = "crowdsec";
environment = { environment = {
GID = "1000"; GID = "1000";

View file

@ -0,0 +1,113 @@
{pkgs, ...}: {
project.name = "matrix";
networks.dmz = {
name = "dmz";
external = true;
};
networks.transport = {};
services = {
synapse.service = {
image = "matrixdotorg/synapse:v1.118.0";
container_name = "synapse";
labels = {
"traefik.enable" = "true";
"traefik.http.services.synapse.loadbalancer.server.port" = "8008";
"traefik.http.routers.synapse.service" = "synapse";
"traefik.http.routers.synapse.entrypoints" = "websecure";
"traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.synapse.tls" = "true";
"traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
"traefik.http.services.synapse-external.loadbalancer.server.port" = "8008";
"traefik.http.routers.synapse-external.service" = "synapse-external";
"traefik.http.routers.synapse-external.rule" = "Host(`synapse.ghoscht.com`)";
"traefik.http.routers.synapse-external.entrypoints" = "websecure-external";
"traefik.http.routers.synapse-external.tls" = "true";
"traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
};
volumes = [
"/storage/dataset/docker/matrix/synapse_data:/data"
];
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
];
environment = {
UID = "1000";
GID = "1000";
TZ = "Europe/Berlin";
};
restart = "unless-stopped";
networks = [
"dmz"
"transport"
];
};
postgres.service = {
image = "postgres:14";
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
];
volumes = [
"/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
];
restart = "unless-stopped";
networks = [
"transport"
];
};
matrix-nginx.service = {
container_name = "matrix-nginx";
image = "nginx:1.25.4";
volumes = [
"/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
"/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
];
labels = {
"traefik.enable" = "true";
"traefik.http.services.matrix.loadbalancer.server.port" = "80";
"traefik.http.routers.matrix.service" = "matrix";
"traefik.http.routers.matrix.entrypoints" = "websecure";
"traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.matrix.tls" = "true";
"traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
"traefik.http.services.matrix-external.loadbalancer.server.port" = "80";
"traefik.http.routers.matrix-external.service" = "matrix-external";
"traefik.http.routers.matrix-external.rule" = "Host(`matrix.ghoscht.com`)";
"traefik.http.routers.matrix-external.entrypoints" = "websecure-external";
"traefik.http.routers.matrix-external.tls" = "true";
"traefik.http.routers.matrix-external.tls.certresolver" = "letsencrypt";
};
restart = "unless-stopped";
networks = [
"transport"
"dmz"
];
};
element.service = {
image = "vectorim/element-web:v1.11.64";
volumes = [
"/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.element.entrypoints" = "websecure";
"traefik.http.routers.element.rule" = "Host(`chat.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.element.tls" = "true";
"traefik.http.routers.element.tls.certresolver" = "letsencrypt";
};
restart = "unless-stopped";
networks = [
"dmz"
];
};
};
}

View file

@ -0,0 +1,6 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

View file

@ -0,0 +1,30 @@
{config, ...}: let
vars = import ../../../../vars.nix;
in {
# virtualisation.arion = {
# projects.matrix.settings = {
# imports = [./arion-compose.nix];
# };
# };
sops.secrets."matrix/postgres_password" = {
owner = vars.user;
};
sops.secrets."matrix/postgres_database" = {
owner = vars.user;
};
sops.secrets."matrix/postgres_user" = {
owner = vars.user;
};
sops.templates."synapse.env" = {
path = "/home/${vars.user}/.docker/matrix/synapse.env";
owner = vars.user;
mode = "0775";
content = ''
POSTGRES_DB="${config.sops.placeholder."matrix/postgres_database"}"
POSTGRES_USER="${config.sops.placeholder."matrix/postgres_user"}"
POSTGRES_PASSWORD="${config.sops.placeholder."matrix/postgres_password"}"
'';
};
}

View file

@ -1,4 +1,4 @@
{ {pkgs, ...}: {
project.name = "media"; project.name = "media";
networks.dmz = { networks.dmz = {
@ -9,7 +9,7 @@
services = { services = {
jellyfin.service = { jellyfin.service = {
image = "linuxserver/jellyfin:10.10.3"; image = "linuxserver/jellyfin:10.9.10";
container_name = "jellyfin"; container_name = "jellyfin";
ports = [ ports = [
"8096:8096" "8096:8096"
@ -44,7 +44,7 @@
]; ];
}; };
navidrome.service = { navidrome.service = {
image = "deluan/navidrome:0.54.1"; image = "deluan/navidrome:0.53.1";
container_name = "navidrome"; container_name = "navidrome";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -146,7 +146,7 @@
]; ];
}; };
prowlarr.service = { prowlarr.service = {
image = "linuxserver/prowlarr:1.28.2"; image = "linuxserver/prowlarr:1.23.1";
container_name = "prowlarr"; container_name = "prowlarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -175,7 +175,7 @@
restart = "always"; restart = "always";
}; };
sonarr.service = { sonarr.service = {
image = "linuxserver/sonarr:4.0.11"; image = "linuxserver/sonarr:4.0.9";
container_name = "sonarr"; container_name = "sonarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -206,7 +206,7 @@
restart = "always"; restart = "always";
}; };
radarr.service = { radarr.service = {
image = "linuxserver/radarr:5.16.3"; image = "linuxserver/radarr:5.9.1";
container_name = "radarr"; container_name = "radarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -237,7 +237,7 @@
restart = "always"; restart = "always";
}; };
lidarr.service = { lidarr.service = {
image = "linuxserver/lidarr:2.8.2"; image = "linuxserver/lidarr:2.5.3";
container_name = "lidarr"; container_name = "lidarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -273,7 +273,7 @@
restart = "always"; restart = "always";
}; };
bazarr.service = { bazarr.service = {
image = "hotio/bazarr:release-1.4.5"; image = "hotio/bazarr:release-1.4.3";
container_name = "bazarr"; container_name = "bazarr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -298,7 +298,7 @@
restart = "always"; restart = "always";
}; };
jellyseerr.service = { jellyseerr.service = {
image = "fallenbagel/jellyseerr:2.1.0"; image = "fallenbagel/jellyseerr:1.7.0";
container_name = "jellyseerr"; container_name = "jellyseerr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -321,7 +321,7 @@
restart = "always"; restart = "always";
}; };
autobrr.service = { autobrr.service = {
image = "ghcr.io/autobrr/autobrr:v1.53.0"; image = "ghcr.io/autobrr/autobrr:v1.46.0";
container_name = "autobrr"; container_name = "autobrr";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -353,8 +353,35 @@
}; };
restart = "always"; restart = "always";
}; };
# deemix.service = {
# image = "finniedj/deemix:latest";
# container_name = "deemix";
# labels = {
# "traefik.enable" = "true";
# "traefik.http.routers.deemix.entrypoints" = "websecure";
# "traefik.http.routers.deemix.rule" = "Host(`deemix.ghoscht.com`)";
# "traefik.http.services.deemix.loadbalancer.server.port" = "6595";
# "traefik.docker.network" = "dmz";
# "traefik.http.routers.deemix.tls" = "true";
# "traefik.http.routers.deemix.tls.certresolver" = "letsencrypt";
# };
# volumes = [
# "/home/ghoscht/.data/deemix:/downloads"
# ];
# environment = {
# PUID = 1000;
# PGID = 1000;
# UMASK_SET = 022;
# TZ = "Europe/Berlin";
# };
# network_mode = "service:vpn";
# depends_on = {
# vpn = {condition = "service_healthy";};
# };
# restart = "always";
# };
unpackerr.service = { unpackerr.service = {
image = "golift/unpackerr:0.14.5"; image = "golift/unpackerr:0.13";
container_name = "unpackerr"; container_name = "unpackerr";
volumes = [ volumes = [
"/storage/dataset/data/:/data" "/storage/dataset/data/:/data"

View file

@ -8,7 +8,7 @@
services = { services = {
minio.service = { minio.service = {
image = "bitnami/minio:2024.12.18"; image = "bitnami/minio:2024.5.10";
container_name = "minio"; container_name = "minio";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";

View file

@ -1,4 +1,4 @@
{ {pkgs, ...}: {
project.name = "nextcloud"; project.name = "nextcloud";
networks.dmz = { networks.dmz = {
@ -10,7 +10,7 @@
services = { services = {
nextcloud.service = { nextcloud.service = {
image = "nextcloud:30.0.4"; image = "nextcloud:28.0.4";
container_name = "nextcloud"; container_name = "nextcloud";
useHostStore = true; useHostStore = true;
labels = { labels = {
@ -25,12 +25,10 @@
"/storage/dataset/docker/nextcloud/nextcloud_data/data:/var/www/html/data" "/storage/dataset/docker/nextcloud/nextcloud_data/data:/var/www/html/data"
"/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html" "/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html"
]; ];
entrypoint = "/bin/bash -c 'apt update && apt install ffmpeg -y && /entrypoint.sh apache2-foreground'";
hostname = "nextcloud.ghoscht.com"; hostname = "nextcloud.ghoscht.com";
environment = { environment = {
REDIS_HOST = "nextcloud-redis"; REDIS_HOST = "nextcloud-redis";
REDIS_PORT = 6379; REDIS_PORT = 6379;
TRUSTED_PROXIES = "172.27.0.9/24";
}; };
restart = "unless-stopped"; restart = "unless-stopped";
networks = [ networks = [

View file

@ -8,7 +8,7 @@
services = { services = {
vaultwarden.service = { vaultwarden.service = {
image = "vaultwarden/server:1.32.7"; image = "vaultwarden/server:1.32.5";
container_name = "vaultwarden"; container_name = "vaultwarden";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";

View file

@ -1,4 +1,4 @@
{ {pkgs, ...}: {
project.name = "push"; project.name = "push";
networks.dmz = { networks.dmz = {
@ -8,7 +8,7 @@
services = { services = {
ntfy.service = { ntfy.service = {
image = "binwiederhier/ntfy:v2.11.0"; image = "binwiederhier/ntfy:v2.10.0";
container_name = "ntfy"; container_name = "ntfy";
user = "1000:1000"; user = "1000:1000";
command = "serve"; command = "serve";

View file

@ -8,7 +8,7 @@
services = { services = {
mollysocket.service = { mollysocket.service = {
image = "ghcr.io/mollyim/mollysocket:1.5.4"; image = "ghcr.io/mollyim/mollysocket:1.3.0";
container_name = "mollysocket"; container_name = "mollysocket";
useHostStore = true; useHostStore = true;
ports = [ ports = [
@ -41,9 +41,6 @@
MOLLY_PORT = 8020; MOLLY_PORT = 8020;
RUST_LOG = "info"; RUST_LOG = "info";
}; };
env_file = [
"/home/ghoscht/.docker/signal/mollysocket.env"
];
restart = "always"; restart = "always";
networks = [ networks = [
"dmz" "dmz"

View file

@ -1,22 +1,7 @@
{config, ...}: let {config, ...}: {
vars = import ../../../../vars.nix;
in {
virtualisation.arion = { virtualisation.arion = {
projects.signal.settings = { projects.signal.settings = {
imports = [./arion-compose.nix]; imports = [./arion-compose.nix];
}; };
}; };
sops.secrets."signal/vapid_privkey" = {
owner = vars.user;
};
sops.templates."mollysocket.env" = {
path = "/home/${vars.user}/.docker/signal/mollysocket.env";
owner = vars.user;
mode = "0775";
content = ''
MOLLY_VAPID_PRIVKEY="${config.sops.placeholder."signal/vapid_privkey"}"
'';
};
} }

View file

@ -1,4 +1,4 @@
{ {pkgs, ...}: {
project.name = "smarthome"; project.name = "smarthome";
networks.dmz = { networks.dmz = {
@ -8,7 +8,7 @@
services = { services = {
homeassistant.service = { homeassistant.service = {
image = "ghcr.io/home-assistant/home-assistant:2024.12.5"; image = "ghcr.io/home-assistant/home-assistant:2024.4.1";
container_name = "homeassistant"; container_name = "homeassistant";
privileged = true; privileged = true;
labels = { labels = {

View file

@ -59,8 +59,7 @@ in {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"
]; ];
}; };
security.pam.enableSSHAgentAuth = true;
security.pam.sshAgentAuth.enable = true;
nixpkgs = { nixpkgs = {
overlays = [ overlays = [

View file

@ -302,14 +302,6 @@ in {
cron: '55 3 * * *' # Every Day at 3:55 cron: '55 3 * * *' # Every Day at 3:55
hooks: hooks:
<<: *default_hooks <<: *default_hooks
videos:
from: /home/ghoscht/Videos
to:
- zfs
- eustachius
cron: '55 3 * * *' # Every Day at 3:55
hooks:
<<: *default_hooks
backends: backends:
zfs: zfs:
type: local type: local
@ -317,7 +309,7 @@ in {
key: '${config.sops.placeholder."autorestic/zfs_key"}' key: '${config.sops.placeholder."autorestic/zfs_key"}'
eustachius: eustachius:
type: rest type: rest
path: http://fd7a:115c:a1e0::8:8000/franz path: http://100.64.0.3:8000/franz
key: '${config.sops.placeholder."autorestic/eustachius_key"}' key: '${config.sops.placeholder."autorestic/eustachius_key"}'
''; '';
}; };

View file

@ -1,31 +1,29 @@
{ {
services.samba = { services.samba = {
enable = true; enable = true;
securityType = "user";
openFirewall = true; openFirewall = true;
settings = { extraConfig = ''
global = { workgroup = WORKGROUP
"invalid users" = [ server string = franz
"root" netbios name = franz
]; security = user
"passwd program" = "/run/wrappers/bin/passwd %u"; #use sendfile = yes
"security" = "user"; #max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.178. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
"workgroup" = "WORKGROUP"; # debugging
"server string" = "franz"; # log file = /var/log/samba/log.%m
"netbios name" = "franz"; # max log size = 1000
# note: localhost is the ipv6 localhost ::1 # logging = file
"hosts allow" = "192.168.178. 127.0.0.1 localhost"; '';
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
# debugging # Run sudo smbpasswd -a <username> to set the smb password for an EXISTING linux user
# log file = /var/log/samba/log.%m shares = {
# max log size = 1000
# logging = file
};
# Run sudo smbpasswd -a <username> to set the smb password for an EXISTING linux user
software = { software = {
path = "/storage/dataset/data/torrents/misc"; path = "/storage/dataset/data/torrents/misc";
browseable = "yes"; browseable = "yes";
@ -36,6 +34,17 @@
"force user" = "ghoscht"; "force user" = "ghoscht";
"force group" = "users"; "force group" = "users";
}; };
max = {
path = "/storage/dataset/nas/max";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"valid users" = "max";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "ghoscht";
"force group" = "users";
};
}; };
}; };

View file

@ -13,7 +13,6 @@ forgejo:
db_password: ENC[AES256_GCM,data:1lpmX58=,iv:9TehYmpS3RQc0WsKVR4Tx36utL2e6avbc7BlK0+B178=,tag:xHRv+WJUch3jmRIWghjnPg==,type:str] db_password: ENC[AES256_GCM,data:1lpmX58=,iv:9TehYmpS3RQc0WsKVR4Tx36utL2e6avbc7BlK0+B178=,tag:xHRv+WJUch3jmRIWghjnPg==,type:str]
db_user: ENC[AES256_GCM,data:rYxa8nU=,iv:Lijug8gqMTnMG9WQsivyrO/IbgrAyWfG7IQ99x1Q5gA=,tag:OipZUyZiMh4PLbo7KJAksQ==,type:str] db_user: ENC[AES256_GCM,data:rYxa8nU=,iv:Lijug8gqMTnMG9WQsivyrO/IbgrAyWfG7IQ99x1Q5gA=,tag:OipZUyZiMh4PLbo7KJAksQ==,type:str]
db_database: ENC[AES256_GCM,data:br/OvQA=,iv:g2krpkX1XXXhT4FgzbeXp/MgcpHayndtBv+8dpmp03M=,tag:z5h/TSBXViFr3lNN15XFAA==,type:str] db_database: ENC[AES256_GCM,data:br/OvQA=,iv:g2krpkX1XXXhT4FgzbeXp/MgcpHayndtBv+8dpmp03M=,tag:z5h/TSBXViFr3lNN15XFAA==,type:str]
runner_token: ENC[AES256_GCM,data:rjgbrqLAA16dlNDn/Mh3TQ8+2mYD3Sn2502aY0PuNmINIfu9lnUCtw==,iv:FAzNa0fxlN61xrrWrbfRl6F4GHkR3bhmZEPrejTpKyU=,tag:yoOAiVCBQFuFpT+cgXPuWA==,type:str]
navidrome: navidrome:
spotify_id: ENC[AES256_GCM,data:yTNp25CHtnFkvXhbvduVzkmenT3TjkpWR0ZhSTKOiAs=,iv:cuewBT/XfneiHUjlFCV0O/nzXHoEVO/JyfgqRACreEc=,tag:TOZ+GDqZ2SkibKhEhIcX7w==,type:str] spotify_id: ENC[AES256_GCM,data:yTNp25CHtnFkvXhbvduVzkmenT3TjkpWR0ZhSTKOiAs=,iv:cuewBT/XfneiHUjlFCV0O/nzXHoEVO/JyfgqRACreEc=,tag:TOZ+GDqZ2SkibKhEhIcX7w==,type:str]
spotify_secret: ENC[AES256_GCM,data:sHYYHDgW0nNP7vCk0qOZdLOyetG4XbK7NaxYSt4kr68=,iv:p0+wW287UteJfJaiajX9/XOEkkm957Rs46hYaml6Of4=,tag:SsEyVYdPpO/yv9vF7Dj+HA==,type:str] spotify_secret: ENC[AES256_GCM,data:sHYYHDgW0nNP7vCk0qOZdLOyetG4XbK7NaxYSt4kr68=,iv:p0+wW287UteJfJaiajX9/XOEkkm957Rs46hYaml6Of4=,tag:SsEyVYdPpO/yv9vF7Dj+HA==,type:str]
@ -67,8 +66,6 @@ wiki:
db_user: ENC[AES256_GCM,data:g2+KPA==,iv:0I7EoGNlnnKf5H0UnmJ++9XDHEqZpXgZkyaW9flxN8c=,tag:b3WrfHGkxIJ1nNFp3FHAjA==,type:str] db_user: ENC[AES256_GCM,data:g2+KPA==,iv:0I7EoGNlnnKf5H0UnmJ++9XDHEqZpXgZkyaW9flxN8c=,tag:b3WrfHGkxIJ1nNFp3FHAjA==,type:str]
db_pass: ENC[AES256_GCM,data:rYmNXQ==,iv:ZnImkMdIkp92jkojLVBSGSN06my3xFwr3AFfENNXgfQ=,tag:AZHqXRLfJ0lFrGyut+Sdug==,type:str] db_pass: ENC[AES256_GCM,data:rYmNXQ==,iv:ZnImkMdIkp92jkojLVBSGSN06my3xFwr3AFfENNXgfQ=,tag:AZHqXRLfJ0lFrGyut+Sdug==,type:str]
db_name: ENC[AES256_GCM,data:Ns7vKJxeTw==,iv:GREMMRicS+1n/uk+KOeplqHn/ZdjjOjQ4d0qV5FICy8=,tag:CSeDTNjBiJ4G2VnytpNXiw==,type:str] db_name: ENC[AES256_GCM,data:Ns7vKJxeTw==,iv:GREMMRicS+1n/uk+KOeplqHn/ZdjjOjQ4d0qV5FICy8=,tag:CSeDTNjBiJ4G2VnytpNXiw==,type:str]
signal:
vapid_privkey: ENC[AES256_GCM,data:OaB+1baDLCXd7kqfQWwX8yBoqARuHFYWmtsiQ/ku8Om6ZKZkuoGVJP1FuQ==,iv:iQkYrRl3+pVzN6bjz1MPo+7prFJRHGkxHr5BjjDlFuM=,tag:vCMo14LZvVjCtJ4vGH0DOA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -84,8 +81,8 @@ sops:
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig== EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-18T20:43:51Z" lastmodified: "2024-08-09T13:53:16Z"
mac: ENC[AES256_GCM,data:RSaqAh5OpOK6WjJSLzi4uUSGdGphTuz8skfqY3YEb9woVNFUKgYMurISuvCTBz99qcXSZGBmbL7Ppu+cEJQGCRz6Vmtu+mql5FbP/iyEOJALMN6VuK6l84WFzzEnWnNrN49B/+aTwtwJ01DDwy6Ze9RqekEAyLjYoyc/C94TwN4=,iv:kGtHqjZNal2t6GxYAvIRVnjI2VFrMAC3K5W62Slqmnw=,tag:paPQz3LRVfizIX3YXH9uCQ==,type:str] mac: ENC[AES256_GCM,data:5pANdrfnPuDf2mai0UgcFbwr4OzjLzLWraKOt38fX2MySYH2EryMzsk4prhehXPTkD3soMFwaVbuuqZUbkWCWM3CtjuyCisQH4uiZZw+slw6g8atr4h3tpHtD2SwgGVESMJouVQyfb9ko4O1ArBvml/0a6DAGmwoxlQwGboZR5M=,iv:oiZx4BsRBNAn+hjhzhV6oVZrYQJ32DAQlyNNsevaLpc=,tag:A0EsGeaP5vy9vA8WZjbxIQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1