This commit is contained in:
@@ -44,7 +44,7 @@ in
|
||||
};
|
||||
|
||||
pdns-recursor = {
|
||||
yaml-settings = {
|
||||
settings = {
|
||||
incoming = {
|
||||
listen = [
|
||||
"127.0.0.1" "::1"
|
||||
|
||||
@@ -95,7 +95,7 @@ in
|
||||
"*.${pubDomain}"
|
||||
];
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
|
||||
environmentFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -111,7 +111,6 @@ in
|
||||
recommendedTlsSettings = true;
|
||||
clientMaxBodySize = "0";
|
||||
serverTokens = true;
|
||||
sslDhparam = config.age.secrets."dhparams.pem".path;
|
||||
|
||||
# Based on recommended*Settings, but probably better to be explicit about these
|
||||
appendHttpConfig = ''
|
||||
@@ -182,11 +181,6 @@ in
|
||||
secrets = {
|
||||
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+KINpHLMduBuW96JzfSRDLUzkI+XaCBghu5/wHiW5R";
|
||||
files = {
|
||||
"dhparams.pem" = {
|
||||
owner = "acme";
|
||||
group = "acme";
|
||||
mode = "440";
|
||||
};
|
||||
"middleman/cloudflare-credentials.conf" = {
|
||||
owner = "acme";
|
||||
group = "acme";
|
||||
|
||||
@@ -13,6 +13,7 @@ in
|
||||
"/var/lib/machines/jam" = {
|
||||
device = "/mnt/jam";
|
||||
options = [ "bind" ];
|
||||
fsType = "none";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -198,18 +198,17 @@ in
|
||||
|
||||
mautrix-whatsapp = {
|
||||
enable = true;
|
||||
package = pkgs.mautrix-whatsapp.overrideAttrs (o: rec {
|
||||
# TODO: Remove when upgrading nixpkgs
|
||||
version = "26.05";
|
||||
tag = "v0.2605.0";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "mautrix";
|
||||
repo = "whatsapp";
|
||||
inherit tag;
|
||||
hash = "sha256-WlVfGQoP9e/wl98hUJei8O2JMcOKijoEY8XuU/z69Qk=";
|
||||
};
|
||||
vendorHash = "sha256-Hi/dZHJHoTTCnxLXgbkcYzuzis4fl5kxb5wMd9fKTY8=";
|
||||
});
|
||||
# package = pkgs.mautrix-whatsapp.overrideAttrs (o: rec {
|
||||
# version = "26.05";
|
||||
# tag = "v0.2605.0";
|
||||
# src = pkgs.fetchFromGitHub {
|
||||
# owner = "mautrix";
|
||||
# repo = "whatsapp";
|
||||
# inherit tag;
|
||||
# hash = "sha256-WlVfGQoP9e/wl98hUJei8O2JMcOKijoEY8XuU/z69Qk=";
|
||||
# };
|
||||
# vendorHash = "sha256-Hi/dZHJHoTTCnxLXgbkcYzuzis4fl5kxb5wMd9fKTY8=";
|
||||
# });
|
||||
environmentFile = config.age.secrets."chatterbox/mautrix-whatsapp.env".path;
|
||||
settings = {
|
||||
database = {
|
||||
@@ -254,18 +253,17 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
# TODO: Remove when upgrading nixpkgs
|
||||
mautrix-meta.package = pkgs.mautrix-meta.overrideAttrs (o: rec {
|
||||
version = "26.05.1";
|
||||
tag = "v0.2605.1";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "mautrix";
|
||||
repo = "meta";
|
||||
inherit tag;
|
||||
hash = "sha256-zpolDtwGulDTiojJPnkj9O0D5b4rgPYQX6A28rvuvM0=";
|
||||
};
|
||||
vendorHash = "sha256-+i45bXBhlXPXX24VMS9IJLLX+i4VPnqy5RAH4j88sTA=";
|
||||
});
|
||||
# mautrix-meta.package = pkgs.mautrix-meta.overrideAttrs (o: rec {
|
||||
# version = "26.05.1";
|
||||
# tag = "v0.2605.1";
|
||||
# src = pkgs.fetchFromGitHub {
|
||||
# owner = "mautrix";
|
||||
# repo = "meta";
|
||||
# inherit tag;
|
||||
# hash = "sha256-zpolDtwGulDTiojJPnkj9O0D5b4rgPYQX6A28rvuvM0=";
|
||||
# };
|
||||
# vendorHash = "sha256-+i45bXBhlXPXX24VMS9IJLLX+i4VPnqy5RAH4j88sTA=";
|
||||
# });
|
||||
mautrix-meta.instances = {
|
||||
messenger = {
|
||||
enable = true;
|
||||
|
||||
@@ -60,10 +60,10 @@ in
|
||||
transmission.extraGroups = [ "media" ];
|
||||
radarr.extraGroups = [ "media" ];
|
||||
sonarr.extraGroups = [ "media" ];
|
||||
jellyseerr = {
|
||||
seerr = {
|
||||
isSystemUser = true;
|
||||
uid = uids.jellyseerr;
|
||||
group = "jellyseerr";
|
||||
group = "seerr";
|
||||
};
|
||||
photoprism = {
|
||||
isSystemUser = true;
|
||||
@@ -77,7 +77,7 @@ in
|
||||
};
|
||||
groups = {
|
||||
media.gid = 2000;
|
||||
jellyseerr.gid = gids.jellyseerr;
|
||||
seerr.gid = gids.jellyseerr;
|
||||
photoprism.gid = gids.photoprism;
|
||||
copyparty.gid = gids.copyparty;
|
||||
};
|
||||
@@ -88,15 +88,15 @@ in
|
||||
jackett.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ];
|
||||
transmission.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ];
|
||||
|
||||
radarr.serviceConfig.UMask = "0002";
|
||||
radarr.serviceConfig.UMask = mkForce "0002";
|
||||
radarr.path = with pkgs; [ ffmpeg ];
|
||||
sonarr.serviceConfig.UMask = "0002";
|
||||
sonarr.serviceConfig.UMask = mkForce "0002";
|
||||
sonarr.path = with pkgs; [ ffmpeg ];
|
||||
jellyseerr.serviceConfig = {
|
||||
seerr.serviceConfig = {
|
||||
# Needs to be able to read its secrets
|
||||
DynamicUser = mkForce false;
|
||||
User = "jellyseerr";
|
||||
Group = "jellyseerr";
|
||||
User = "seerr";
|
||||
Group = "seerr";
|
||||
};
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/issues/258793#issuecomment-1748168206
|
||||
@@ -145,7 +145,7 @@ in
|
||||
jackett.enable = true;
|
||||
radarr.enable = true;
|
||||
sonarr.enable = true;
|
||||
jellyseerr = {
|
||||
seerr = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
@@ -40,11 +40,6 @@ in
|
||||
secrets = {
|
||||
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQM9U1e/XcUCyMJITrpAHjAGahpqkZCmtX6pJkYzuks";
|
||||
files = {
|
||||
"dhparams.pem" = {
|
||||
owner = "acme";
|
||||
group = "acme";
|
||||
mode = "440";
|
||||
};
|
||||
"pdns-file-records.key" = {
|
||||
owner = "acme";
|
||||
group = "acme";
|
||||
@@ -176,7 +171,7 @@ in
|
||||
"*.${config.networking.domain}"
|
||||
];
|
||||
dnsProvider = "exec";
|
||||
credentialsFile =
|
||||
environmentFile =
|
||||
let
|
||||
script = pkgs.writeShellScript "lego-update-int.sh" ''
|
||||
case "$1" in
|
||||
@@ -207,7 +202,7 @@ in
|
||||
"*.s3.${pubDomain}"
|
||||
];
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
|
||||
environmentFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
|
||||
postRun =
|
||||
let
|
||||
sshKey = config.age.secrets."middleman/mailcow-ssh.key".path;
|
||||
@@ -256,7 +251,6 @@ in
|
||||
valid = "5s";
|
||||
};
|
||||
proxyResolveWhileRunning = true;
|
||||
sslDhparam = config.age.secrets."dhparams.pem".path;
|
||||
|
||||
appendConfig = ''
|
||||
worker_processes auto;
|
||||
|
||||
@@ -35,6 +35,7 @@ in
|
||||
"/var/lib/harmonia" = {
|
||||
device = "/mnt/nix-cache";
|
||||
options = [ "bind" ];
|
||||
fsType = "none";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -161,6 +162,9 @@ in
|
||||
];
|
||||
};
|
||||
|
||||
# TODO/FIXME: this is bad...
|
||||
nixpkgs.config.permittedInsecurePackages = [ "minio-2025-10-15T17-29-55Z" ];
|
||||
|
||||
services = {
|
||||
minio = {
|
||||
enable = true;
|
||||
|
||||
@@ -183,7 +183,7 @@ in
|
||||
PDS_EMAIL_FROM_ADDRESS = "pds@nul.ie";
|
||||
|
||||
PDS_DID_PLC_URL = "https://plc.directory";
|
||||
PDS_INVITE_REQUIRED = 1;
|
||||
PDS_INVITE_REQUIRED = "true";
|
||||
PDS_BSKY_APP_VIEW_URL = "https://api.bsky.app";
|
||||
PDS_BSKY_APP_VIEW_DID = "did:web:api.bsky.app";
|
||||
PDS_REPORT_SERVICE_URL = "https://mod.bsky.app";
|
||||
|
||||
Reference in New Issue
Block a user