dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

"Release" 26.06 Irritating
CI / Check, build and cache nixfiles (push) Successful in 2h20m51s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan
2026-06-13 16:00:18 +01:00
parent bb32784962
commit 93529c578b
27 changed files with 145 additions and 195 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixos/boxes/britway/nginx.nix
+1 -7
View File
@@ -9,11 +9,6 @@ in
config = {
my = {
secrets.files = {
"dhparams.pem" = {
owner = "acme";
group = "acme";
mode = "440";
};
"britway/cloudflare-credentials.conf" = {
owner = "acme";
group = "acme";
@@ -45,7 +40,7 @@ in
"*.${pubDomain}"
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."britway/cloudflare-credentials.conf".path;
environmentFile = config.age.secrets."britway/cloudflare-credentials.conf".path;
};
};
};
@@ -58,7 +53,6 @@ in
logError = "stderr info";
recommendedTlsSettings = true;
serverTokens = true;
sslDhparam = config.age.secrets."dhparams.pem".path;
# Based on recommended*Settings, but probably better to be explicit about these
appendHttpConfig = ''
nixos/boxes/colony/vms/estuary/dns.nix
+1 -1
View File
@@ -44,7 +44,7 @@ in
};
pdns-recursor = {
yaml-settings = {
settings = {
incoming = {
listen = [
"127.0.0.1" "::1"
nixos/boxes/colony/vms/git/default.nix
+1 -7
View File
@@ -95,7 +95,7 @@ in
"*.${pubDomain}"
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
environmentFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
};
};
};
@@ -111,7 +111,6 @@ in
recommendedTlsSettings = true;
clientMaxBodySize = "0";
serverTokens = true;
sslDhparam = config.age.secrets."dhparams.pem".path;
# Based on recommended*Settings, but probably better to be explicit about these
appendHttpConfig = ''
@@ -182,11 +181,6 @@ in
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+KINpHLMduBuW96JzfSRDLUzkI+XaCBghu5/wHiW5R";
files = {
"dhparams.pem" = {
owner = "acme";
group = "acme";
mode = "440";
};
"middleman/cloudflare-credentials.conf" = {
owner = "acme";
group = "acme";
nixos/boxes/colony/vms/shill/containers-ext.nix
+1
View File
@@ -13,6 +13,7 @@ in
"/var/lib/machines/jam" = {
device = "/mnt/jam";
options = [ "bind" ];
fsType = "none";
};
};
nixos/boxes/colony/vms/shill/containers/chatterbox.nix
+22 -24
View File
@@ -198,18 +198,17 @@ in
mautrix-whatsapp = {
enable = true;
package = pkgs.mautrix-whatsapp.overrideAttrs (o: rec {
# TODO: Remove when upgrading nixpkgs
version = "26.05";
tag = "v0.2605.0";
src = pkgs.fetchFromGitHub {
owner = "mautrix";
repo = "whatsapp";
inherit tag;
hash = "sha256-WlVfGQoP9e/wl98hUJei8O2JMcOKijoEY8XuU/z69Qk=";
};
vendorHash = "sha256-Hi/dZHJHoTTCnxLXgbkcYzuzis4fl5kxb5wMd9fKTY8=";
});
# package = pkgs.mautrix-whatsapp.overrideAttrs (o: rec {
# version = "26.05";
# tag = "v0.2605.0";
# src = pkgs.fetchFromGitHub {
# owner = "mautrix";
# repo = "whatsapp";
# inherit tag;
# hash = "sha256-WlVfGQoP9e/wl98hUJei8O2JMcOKijoEY8XuU/z69Qk=";
# };
# vendorHash = "sha256-Hi/dZHJHoTTCnxLXgbkcYzuzis4fl5kxb5wMd9fKTY8=";
# });
environmentFile = config.age.secrets."chatterbox/mautrix-whatsapp.env".path;
settings = {
database = {
@@ -254,18 +253,17 @@ in
};
};
# TODO: Remove when upgrading nixpkgs
mautrix-meta.package = pkgs.mautrix-meta.overrideAttrs (o: rec {
version = "26.05.1";
tag = "v0.2605.1";
src = pkgs.fetchFromGitHub {
owner = "mautrix";
repo = "meta";
inherit tag;
hash = "sha256-zpolDtwGulDTiojJPnkj9O0D5b4rgPYQX6A28rvuvM0=";
};
vendorHash = "sha256-+i45bXBhlXPXX24VMS9IJLLX+i4VPnqy5RAH4j88sTA=";
});
# mautrix-meta.package = pkgs.mautrix-meta.overrideAttrs (o: rec {
# version = "26.05.1";
# tag = "v0.2605.1";
# src = pkgs.fetchFromGitHub {
# owner = "mautrix";
# repo = "meta";
# inherit tag;
# hash = "sha256-zpolDtwGulDTiojJPnkj9O0D5b4rgPYQX6A28rvuvM0=";
# };
# vendorHash = "sha256-+i45bXBhlXPXX24VMS9IJLLX+i4VPnqy5RAH4j88sTA=";
# });
mautrix-meta.instances = {
messenger = {
enable = true;
nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
+9 -9
View File
@@ -60,10 +60,10 @@ in
transmission.extraGroups = [ "media" ];
radarr.extraGroups = [ "media" ];
sonarr.extraGroups = [ "media" ];
jellyseerr = {
seerr = {
isSystemUser = true;
uid = uids.jellyseerr;
group = "jellyseerr";
group = "seerr";
};
photoprism = {
isSystemUser = true;
@@ -77,7 +77,7 @@ in
};
groups = {
media.gid = 2000;
jellyseerr.gid = gids.jellyseerr;
seerr.gid = gids.jellyseerr;
photoprism.gid = gids.photoprism;
copyparty.gid = gids.copyparty;
};
@@ -88,15 +88,15 @@ in
jackett.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ];
transmission.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ];
radarr.serviceConfig.UMask = "0002";
radarr.serviceConfig.UMask = mkForce "0002";
radarr.path = with pkgs; [ ffmpeg ];
sonarr.serviceConfig.UMask = "0002";
sonarr.serviceConfig.UMask = mkForce "0002";
sonarr.path = with pkgs; [ ffmpeg ];
jellyseerr.serviceConfig = {
seerr.serviceConfig = {
# Needs to be able to read its secrets
DynamicUser = mkForce false;
User = "jellyseerr";
Group = "jellyseerr";
User = "seerr";
Group = "seerr";
};
# https://github.com/NixOS/nixpkgs/issues/258793#issuecomment-1748168206
@@ -145,7 +145,7 @@ in
jackett.enable = true;
radarr.enable = true;
sonarr.enable = true;
jellyseerr = {
seerr = {
enable = true;
openFirewall = true;
};
nixos/boxes/colony/vms/shill/containers/middleman/default.nix
+2 -8
View File
@@ -40,11 +40,6 @@ in
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQM9U1e/XcUCyMJITrpAHjAGahpqkZCmtX6pJkYzuks";
files = {
"dhparams.pem" = {
owner = "acme";
group = "acme";
mode = "440";
};
"pdns-file-records.key" = {
owner = "acme";
group = "acme";
@@ -176,7 +171,7 @@ in
"*.${config.networking.domain}"
];
dnsProvider = "exec";
credentialsFile =
environmentFile =
let
script = pkgs.writeShellScript "lego-update-int.sh" ''
case "$1" in
@@ -207,7 +202,7 @@ in
"*.s3.${pubDomain}"
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
environmentFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
postRun =
let
sshKey = config.age.secrets."middleman/mailcow-ssh.key".path;
@@ -256,7 +251,6 @@ in
valid = "5s";
};
proxyResolveWhileRunning = true;
sslDhparam = config.age.secrets."dhparams.pem".path;
appendConfig = ''
worker_processes auto;
nixos/boxes/colony/vms/shill/containers/object.nix
+4
View File
@@ -35,6 +35,7 @@ in
"/var/lib/harmonia" = {
device = "/mnt/nix-cache";
options = [ "bind" ];
fsType = "none";
};
};
@@ -161,6 +162,9 @@ in
];
};
# TODO/FIXME: this is bad...
nixpkgs.config.permittedInsecurePackages = [ "minio-2025-10-15T17-29-55Z" ];
services = {
minio = {
enable = true;
nixos/boxes/colony/vms/shill/containers/toot.nix
+1 -1
View File
@@ -183,7 +183,7 @@ in
PDS_EMAIL_FROM_ADDRESS = "pds@nul.ie";
PDS_DID_PLC_URL = "https://plc.directory";
PDS_INVITE_REQUIRED = 1;
PDS_INVITE_REQUIRED = "true";
PDS_BSKY_APP_VIEW_URL = "https://api.bsky.app";
PDS_BSKY_APP_VIEW_DID = "did:web:api.bsky.app";
PDS_REPORT_SERVICE_URL = "https://mod.bsky.app";
nixos/boxes/home/castle/default.nix
+1 -1
View File
@@ -125,7 +125,7 @@ in
virt-manager.enable = true;
wireshark = {
enable = true;
package = pkgs.wireshark-qt;
package = pkgs.wireshark;
};
};
virtualisation.libvirtd.enable = true;
nixos/boxes/home/routing-common/dns.nix
+1 -1
View File
@@ -34,7 +34,7 @@ in
services = {
pdns-recursor = {
yaml-settings = {
settings = {
incoming = {
listen = [
"127.0.0.1" "::1"
nixos/boxes/kelder/containers/acquisition/default.nix
+2 -2
View File
@@ -73,8 +73,8 @@ in
RootDirectory = lib.mkForce "";
};
radarr.serviceConfig.UMask = "0002";
sonarr.serviceConfig.UMask = "0002";
radarr.serviceConfig.UMask = lib.mkForce "0002";
sonarr.serviceConfig.UMask = lib.mkForce "0002";
};
};
nixos/boxes/kelder/containers/spoder/default.nix
+1 -1
View File
@@ -60,7 +60,7 @@ in
"*.${domain}"
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."kelder/cloudflare-credentials.conf".path;
environmentFile = config.age.secrets."kelder/cloudflare-credentials.conf".path;
};
};
};
nixos/boxes/kelder/containers/spoder/nginx.nix
-6
View File
@@ -13,11 +13,6 @@ in
owner = "nginx";
group = "nginx";
};
"dhparams.pem" = {
owner = "acme";
group = "acme";
mode = "440";
};
};
firewall = {
@@ -35,7 +30,6 @@ in
recommendedTlsSettings = true;
clientMaxBodySize = "0";
serverTokens = true;
sslDhparam = config.age.secrets."dhparams.pem".path;
# Based on recommended*Settings, but probably better to be explicit about these
appendHttpConfig = ''
nixos/boxes/tower/default.nix
+1 -1
View File
@@ -112,7 +112,7 @@
steam.enable = true;
wireshark = {
enable = true;
package = pkgs.wireshark-qt;
package = pkgs.wireshark;
};
};