dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

"Release" 26.06 Irritating
CI / Check, build and cache nixfiles (push) Successful in 2h20m51s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan
2026-06-13 16:00:18 +01:00
parent bb32784962
commit 93529c578b
27 changed files with 145 additions and 195 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.lock
Generated
+44 -66
View File
@@ -75,11 +75,11 @@
]
},
"locked": {
"lastModified": 1768786317,
"narHash": "sha256-B+mFBhKQUEd543lxmBnJWiMvN/mbTzwIDmVbI1GlvKk=",
"lastModified": 1781351267,
"narHash": "sha256-86HFs1K+LRlx8t4AjaMdU5qlg4O7kLz1VlnNapKZIuY=",
"owner": "9001",
"repo": "copyparty",
"rev": "78f6855f08a210ded0eeb34da9eafb9cc2de024b",
"rev": "90639de9840d7dcc2d9000026fe547f666c1d550",
"type": "github"
},
"original": {
@@ -90,11 +90,11 @@
},
"crane": {
"locked": {
"lastModified": 1772560058,
"narHash": "sha256-NuVKdMBJldwUXgghYpzIWJdfeB7ccsu1CC7B+NfSoZ8=",
"lastModified": 1780532242,
"narHash": "sha256-D+BsdpxmtUwtqGoY0IXPhHgTlmqgcZKCEo1oMyn7ep0=",
"owner": "ipetkov",
"repo": "crane",
"rev": "db590d9286ed5ce22017541e36132eab4e8b3045",
"rev": "59a82a1222dd3b2080b5cc52a1a2e8d5f1b77f37",
"type": "github"
},
"original": {
@@ -150,11 +150,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1766051518,
"narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=",
"lastModified": 1781023725,
"narHash": "sha256-Gt+qFANcrDRjl3xzidLYrAUQCd3808iuAsLwZbYYAEU=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa",
"rev": "2ce9051767ee4d1a3c43b52ba327431783bfd463",
"type": "github"
},
"original": {
@@ -256,27 +256,6 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"harmonia",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@@ -466,7 +445,6 @@
"harmonia": {
"inputs": {
"crane": "crane",
"flake-parts": "flake-parts",
"nix": "nix",
"nixpkgs": [
"nixpkgs-unstable"
@@ -474,11 +452,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1772679279,
"narHash": "sha256-ockL9qWhamkGgBYnJHTvt1oHdRvGfbS36kW9WpOhzec=",
"lastModified": 1781128165,
"narHash": "sha256-97WpKZkaNAL5g7MtASLwqnrJrvrLpQRr6cXWiRNLiXQ=",
"owner": "nix-community",
"repo": "harmonia",
"rev": "4e9e03e04467b50575f6b05c8abee12407418106",
"rev": "f0dd1094cdc8d72e038cf9347cacfa9272a8f72d",
"type": "github"
},
"original": {
@@ -516,16 +494,16 @@
]
},
"locked": {
"lastModified": 1768603898,
"narHash": "sha256-vRV1dWJOCpCal3PRr86wE2WTOMfAhTu6G7bSvOsryUo=",
"lastModified": 1781319724,
"narHash": "sha256-ZGuxexEMo4Xv28KJ0dX/m/PHN4oZIOnxHZpNTyrvx4M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2a63d0e9d2c72ac4d4150ebb242cf8d86f488c8c",
"rev": "8355f0a16b2dbb06a97959a918af5b239bbe05ae",
"type": "github"
},
"original": {
"id": "home-manager",
"ref": "release-25.11",
"ref": "release-26.05",
"type": "indirect"
}
},
@@ -536,11 +514,11 @@
]
},
"locked": {
"lastModified": 1768912518,
"narHash": "sha256-FJlof1jnbLIT5RbKxef/NV6RzcOj1GoMzXE4FcBFg5Y=",
"lastModified": 1781305496,
"narHash": "sha256-g8Vv4Qfc7n+lgov97REu3X6BeJtvYY0hlSUZR1GrGQQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9c5f8aceb6ef620e881f50fe65cb4a2c6b1e8527",
"rev": "c87a39aa979acc4848016d2220c6238390d84779",
"type": "github"
},
"original": {
@@ -556,11 +534,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1768835187,
"narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=",
"lastModified": 1769548169,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github"
},
"original": {
@@ -572,11 +550,11 @@
"libnetRepo": {
"flake": false,
"locked": {
"lastModified": 1745053097,
"narHash": "sha256-BEW57utyWCqP4U+MzCXFqbvEC8LE3iZv5dsPMrmTJ9Q=",
"lastModified": 1776595118,
"narHash": "sha256-6bIEi8q5hXCHU9nApTbQXvpljMWldg3QipCD+jkOGK8=",
"owner": "oddlama",
"repo": "nixos-extra-modules",
"rev": "7565d8554b0fc9d621851150e7939d34a3a8cd6c",
"rev": "84207afebb794be7b53cfc9768730f37c64f4a13",
"type": "github"
},
"original": {
@@ -588,11 +566,11 @@
"nix": {
"flake": false,
"locked": {
"lastModified": 1772224943,
"narHash": "sha256-jJIlRLPPVYu860MVFx4gsRx3sskmLDSRWXXue5tYncw=",
"lastModified": 1780652321,
"narHash": "sha256-o/6YXRB6AbeL4SYtSHlJ9oEROl6Wmf7yheJNa3fAv2I=",
"owner": "nixos",
"repo": "nix",
"rev": "0acd0566e85e4597269482824711bcde7b518600",
"rev": "d1f04a798cf4276da59567c07a3bf4a628669288",
"type": "github"
},
"original": {
@@ -640,11 +618,11 @@
},
"nixpkgs-mine": {
"locked": {
"lastModified": 1773177937,
"narHash": "sha256-HY4jRsp70w4cCID7ScA79wB+y45n2scr3Qz/N+0352I=",
"lastModified": 1781356656,
"narHash": "sha256-Ygkl3ZBJ434/WhwdK1FyvPMeHvNPAopg3KE/1HtcJuk=",
"owner": "devplayer0",
"repo": "nixpkgs",
"rev": "7d4f41507e7519949f6847e050cc0df87ce776d3",
"rev": "a15e20705db295f621cb5bb63613f03a9373323f",
"type": "github"
},
"original": {
@@ -656,11 +634,11 @@
},
"nixpkgs-mine-stable": {
"locked": {
"lastModified": 1768913078,
"narHash": "sha256-kG1pekaHIz9lgzxBd29YXyMuauvPbeJkIJfI9rtYeAM=",
"lastModified": 1781356876,
"narHash": "sha256-s8ed+zuk5wrbyhtDQpkxycAcLmhQH9umGRuVRBNKUbU=",
"owner": "devplayer0",
"repo": "nixpkgs",
"rev": "2289d9c7d193d99262cdf7fdc7313a0b4eff8881",
"rev": "2eb8bacf9f641d4510fc43ba7fc0eea7dfdf5b24",
"type": "github"
},
"original": {
@@ -672,26 +650,26 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1768773494,
"narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=",
"lastModified": 1780902259,
"narHash": "sha256-q8yYEC5f1mFlQO9RGna4LTc9QrcvWunX6FYp83munkQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2",
"rev": "bd0ff2d3eac24699c3664d5966b9ef36f388e2ca",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-25.11",
"ref": "nixos-26.05",
"type": "indirect"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"lastModified": 1781074563,
"narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca",
"type": "github"
},
"original": {
@@ -1052,11 +1030,11 @@
]
},
"locked": {
"lastModified": 1772660329,
"narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
"lastModified": 1780220602,
"narHash": "sha256-eynAfOmbmxJnkp7YewvCEbShNnnYJ9gLLqkzsYtBPeM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3710e0e1218041bbad640352a0440114b1e10428",
"rev": "db947814a175b7ca6ded66e21383d938df01c227",
"type": "github"
},
"original": {
flake.nix
+2 -2
View File
@@ -12,13 +12,13 @@
devshell.inputs.nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
nixpkgs-stable.url = "nixpkgs/nixos-25.11";
nixpkgs-stable.url = "nixpkgs/nixos-26.05";
nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0";
nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable";
home-manager-unstable.url = "home-manager";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
home-manager-stable.url = "home-manager/release-25.11";
home-manager-stable.url = "home-manager/release-26.05";
home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
# Stuff used by the flake for build / deployment
home-manager/modules/common.nix
+14 -16
View File
@@ -133,34 +133,32 @@ in
ssh = {
enable = mkDefault true;
enableDefaultConfig = false;
matchBlocks = {
settings = {
nix-dev-vm = {
user = "dev";
hostname = "localhost";
port = 2222;
extraOptions = {
StrictHostKeyChecking = "no";
UserKnownHostsFile = "/dev/null";
};
User = "dev";
HostName = "localhost";
Port = 2222;
StrictHostKeyChecking = "no";
UserKnownHostsFile = "/dev/null";
};
"rsync.net" = {
host = "rsyncnet";
user = "16413";
hostname = "ch-s010.rsync";
Host = "rsyncnet";
User = "16413";
HostName = "ch-s010.rsync";
};
shoe = {
host = "shoe.netsoc.tcd.ie shoe";
user = "netsoc";
Host = "shoe.netsoc.tcd.ie shoe";
User = "netsoc";
};
netsocBoxes = {
host = "cube spoon napalm gandalf saruman";
user = "root";
Host = "cube spoon napalm gandalf saruman";
User = "root";
};
"*" = {
identityFile = [
IdentityFile = [
"~/.ssh/id_rsa"
"~/.ssh/borg"
];
home-manager/modules/gui/default.nix
+6 -7
View File
@@ -79,7 +79,7 @@ in
jp2a
terminaltexteffects
screenfetch
neofetch
fastfetch
cmatrix
doomsaver
@@ -122,12 +122,6 @@ in
};
};
termite = {
enable = true;
font = "${font.name} ${toString font.size}";
backgroundColor = "rgba(0, 0, 0, 0.8)";
};
foot = {
enable = true;
settings = {
@@ -387,6 +381,10 @@ in
name = "Numix";
package = pkgs.numix-gtk-theme;
};
gtk4.theme = {
name = "Numix";
package = pkgs.numix-gtk-theme;
};
iconTheme = {
name = "Numix";
package = pkgs.numix-icon-theme;
@@ -494,6 +492,7 @@ in
userDirs = {
enable = true;
createDirectories = true;
setSessionVariables = true;
desktop = "$HOME/desktop";
documents = "$HOME/documents";
download = "$HOME/downloads";
lib/constants.nix
+2 -2
View File
@@ -29,8 +29,8 @@ rec {
};
kernel = {
lts = pkgs: pkgs.linuxKernel.packages.linux_6_12;
latest = pkgs: pkgs.linuxKernel.packages.linux_6_18;
lts = pkgs: pkgs.linuxKernel.packages.linux_6_18;
latest = pkgs: pkgs.linuxKernel.packages.linux_7_0;
};
nginx = rec {
lib/default.nix
+2 -2
View File
@@ -248,8 +248,8 @@ rec {
in
{
trivial = prev.trivial // {
release = "25.11:u-${prev.trivial.release}";
codeName = "Hooray";
release = "26.06:u-${prev.trivial.release}";
codeName = "Irritating";
revisionWithDefault = default: self.rev or default;
versionSuffix = ".${date}.${revCode self}:u-${revCode pkgsFlake}";
};
nixos/boxes/britway/nginx.nix
+1 -7
View File
@@ -9,11 +9,6 @@ in
config = {
my = {
secrets.files = {
"dhparams.pem" = {
owner = "acme";
group = "acme";
mode = "440";
};
"britway/cloudflare-credentials.conf" = {
owner = "acme";
group = "acme";
@@ -45,7 +40,7 @@ in
"*.${pubDomain}"
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."britway/cloudflare-credentials.conf".path;
environmentFile = config.age.secrets."britway/cloudflare-credentials.conf".path;
};
};
};
@@ -58,7 +53,6 @@ in
logError = "stderr info";
recommendedTlsSettings = true;
serverTokens = true;
sslDhparam = config.age.secrets."dhparams.pem".path;
# Based on recommended*Settings, but probably better to be explicit about these
appendHttpConfig = ''
nixos/boxes/colony/vms/estuary/dns.nix
+1 -1
View File
@@ -44,7 +44,7 @@ in
};
pdns-recursor = {
yaml-settings = {
settings = {
incoming = {
listen = [
"127.0.0.1" "::1"
nixos/boxes/colony/vms/git/default.nix
+1 -7
View File
@@ -95,7 +95,7 @@ in
"*.${pubDomain}"
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
environmentFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
};
};
};
@@ -111,7 +111,6 @@ in
recommendedTlsSettings = true;
clientMaxBodySize = "0";
serverTokens = true;
sslDhparam = config.age.secrets."dhparams.pem".path;
# Based on recommended*Settings, but probably better to be explicit about these
appendHttpConfig = ''
@@ -182,11 +181,6 @@ in
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+KINpHLMduBuW96JzfSRDLUzkI+XaCBghu5/wHiW5R";
files = {
"dhparams.pem" = {
owner = "acme";
group = "acme";
mode = "440";
};
"middleman/cloudflare-credentials.conf" = {
owner = "acme";
group = "acme";
nixos/boxes/colony/vms/shill/containers-ext.nix
+1
View File
@@ -13,6 +13,7 @@ in
"/var/lib/machines/jam" = {
device = "/mnt/jam";
options = [ "bind" ];
fsType = "none";
};
};
nixos/boxes/colony/vms/shill/containers/chatterbox.nix
+22 -24
View File
@@ -198,18 +198,17 @@ in
mautrix-whatsapp = {
enable = true;
package = pkgs.mautrix-whatsapp.overrideAttrs (o: rec {
# TODO: Remove when upgrading nixpkgs
version = "26.05";
tag = "v0.2605.0";
src = pkgs.fetchFromGitHub {
owner = "mautrix";
repo = "whatsapp";
inherit tag;
hash = "sha256-WlVfGQoP9e/wl98hUJei8O2JMcOKijoEY8XuU/z69Qk=";
};
vendorHash = "sha256-Hi/dZHJHoTTCnxLXgbkcYzuzis4fl5kxb5wMd9fKTY8=";
});
# package = pkgs.mautrix-whatsapp.overrideAttrs (o: rec {
# version = "26.05";
# tag = "v0.2605.0";
# src = pkgs.fetchFromGitHub {
# owner = "mautrix";
# repo = "whatsapp";
# inherit tag;
# hash = "sha256-WlVfGQoP9e/wl98hUJei8O2JMcOKijoEY8XuU/z69Qk=";
# };
# vendorHash = "sha256-Hi/dZHJHoTTCnxLXgbkcYzuzis4fl5kxb5wMd9fKTY8=";
# });
environmentFile = config.age.secrets."chatterbox/mautrix-whatsapp.env".path;
settings = {
database = {
@@ -254,18 +253,17 @@ in
};
};
# TODO: Remove when upgrading nixpkgs
mautrix-meta.package = pkgs.mautrix-meta.overrideAttrs (o: rec {
version = "26.05.1";
tag = "v0.2605.1";
src = pkgs.fetchFromGitHub {
owner = "mautrix";
repo = "meta";
inherit tag;
hash = "sha256-zpolDtwGulDTiojJPnkj9O0D5b4rgPYQX6A28rvuvM0=";
};
vendorHash = "sha256-+i45bXBhlXPXX24VMS9IJLLX+i4VPnqy5RAH4j88sTA=";
});
# mautrix-meta.package = pkgs.mautrix-meta.overrideAttrs (o: rec {
# version = "26.05.1";
# tag = "v0.2605.1";
# src = pkgs.fetchFromGitHub {
# owner = "mautrix";
# repo = "meta";
# inherit tag;
# hash = "sha256-zpolDtwGulDTiojJPnkj9O0D5b4rgPYQX6A28rvuvM0=";
# };
# vendorHash = "sha256-+i45bXBhlXPXX24VMS9IJLLX+i4VPnqy5RAH4j88sTA=";
# });
mautrix-meta.instances = {
messenger = {
enable = true;
nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
+9 -9
View File
@@ -60,10 +60,10 @@ in
transmission.extraGroups = [ "media" ];
radarr.extraGroups = [ "media" ];
sonarr.extraGroups = [ "media" ];
jellyseerr = {
seerr = {
isSystemUser = true;
uid = uids.jellyseerr;
group = "jellyseerr";
group = "seerr";
};
photoprism = {
isSystemUser = true;
@@ -77,7 +77,7 @@ in
};
groups = {
media.gid = 2000;
jellyseerr.gid = gids.jellyseerr;
seerr.gid = gids.jellyseerr;
photoprism.gid = gids.photoprism;
copyparty.gid = gids.copyparty;
};
@@ -88,15 +88,15 @@ in
jackett.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ];
transmission.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ];
radarr.serviceConfig.UMask = "0002";
radarr.serviceConfig.UMask = mkForce "0002";
radarr.path = with pkgs; [ ffmpeg ];
sonarr.serviceConfig.UMask = "0002";
sonarr.serviceConfig.UMask = mkForce "0002";
sonarr.path = with pkgs; [ ffmpeg ];
jellyseerr.serviceConfig = {
seerr.serviceConfig = {
# Needs to be able to read its secrets
DynamicUser = mkForce false;
User = "jellyseerr";
Group = "jellyseerr";
User = "seerr";
Group = "seerr";
};
# https://github.com/NixOS/nixpkgs/issues/258793#issuecomment-1748168206
@@ -145,7 +145,7 @@ in
jackett.enable = true;
radarr.enable = true;
sonarr.enable = true;
jellyseerr = {
seerr = {
enable = true;
openFirewall = true;
};
nixos/boxes/colony/vms/shill/containers/middleman/default.nix
+2 -8
View File
@@ -40,11 +40,6 @@ in
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQM9U1e/XcUCyMJITrpAHjAGahpqkZCmtX6pJkYzuks";
files = {
"dhparams.pem" = {
owner = "acme";
group = "acme";
mode = "440";
};
"pdns-file-records.key" = {
owner = "acme";
group = "acme";
@@ -176,7 +171,7 @@ in
"*.${config.networking.domain}"
];
dnsProvider = "exec";
credentialsFile =
environmentFile =
let
script = pkgs.writeShellScript "lego-update-int.sh" ''
case "$1" in
@@ -207,7 +202,7 @@ in
"*.s3.${pubDomain}"
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
environmentFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
postRun =
let
sshKey = config.age.secrets."middleman/mailcow-ssh.key".path;
@@ -256,7 +251,6 @@ in
valid = "5s";
};
proxyResolveWhileRunning = true;
sslDhparam = config.age.secrets."dhparams.pem".path;
appendConfig = ''
worker_processes auto;
nixos/boxes/colony/vms/shill/containers/object.nix
+4
View File
@@ -35,6 +35,7 @@ in
"/var/lib/harmonia" = {
device = "/mnt/nix-cache";
options = [ "bind" ];
fsType = "none";
};
};
@@ -161,6 +162,9 @@ in
];
};
# TODO/FIXME: this is bad...
nixpkgs.config.permittedInsecurePackages = [ "minio-2025-10-15T17-29-55Z" ];
services = {
minio = {
enable = true;
nixos/boxes/colony/vms/shill/containers/toot.nix
+1 -1
View File
@@ -183,7 +183,7 @@ in
PDS_EMAIL_FROM_ADDRESS = "pds@nul.ie";
PDS_DID_PLC_URL = "https://plc.directory";
PDS_INVITE_REQUIRED = 1;
PDS_INVITE_REQUIRED = "true";
PDS_BSKY_APP_VIEW_URL = "https://api.bsky.app";
PDS_BSKY_APP_VIEW_DID = "did:web:api.bsky.app";
PDS_REPORT_SERVICE_URL = "https://mod.bsky.app";
nixos/boxes/home/castle/default.nix
+1 -1
View File
@@ -125,7 +125,7 @@ in
virt-manager.enable = true;
wireshark = {
enable = true;
package = pkgs.wireshark-qt;
package = pkgs.wireshark;
};
};
virtualisation.libvirtd.enable = true;
nixos/boxes/home/routing-common/dns.nix
+1 -1
View File
@@ -34,7 +34,7 @@ in
services = {
pdns-recursor = {
yaml-settings = {
settings = {
incoming = {
listen = [
"127.0.0.1" "::1"
nixos/boxes/kelder/containers/acquisition/default.nix
+2 -2
View File
@@ -73,8 +73,8 @@ in
RootDirectory = lib.mkForce "";
};
radarr.serviceConfig.UMask = "0002";
sonarr.serviceConfig.UMask = "0002";
radarr.serviceConfig.UMask = lib.mkForce "0002";
sonarr.serviceConfig.UMask = lib.mkForce "0002";
};
};
nixos/boxes/kelder/containers/spoder/default.nix
+1 -1
View File
@@ -60,7 +60,7 @@ in
"*.${domain}"
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."kelder/cloudflare-credentials.conf".path;
environmentFile = config.age.secrets."kelder/cloudflare-credentials.conf".path;
};
};
};
nixos/boxes/kelder/containers/spoder/nginx.nix
-6
View File
@@ -13,11 +13,6 @@ in
owner = "nginx";
group = "nginx";
};
"dhparams.pem" = {
owner = "acme";
group = "acme";
mode = "440";
};
};
firewall = {
@@ -35,7 +30,6 @@ in
recommendedTlsSettings = true;
clientMaxBodySize = "0";
serverTokens = true;
sslDhparam = config.age.secrets."dhparams.pem".path;
# Based on recommended*Settings, but probably better to be explicit about these
appendHttpConfig = ''
nixos/boxes/tower/default.nix
+1 -1
View File
@@ -112,7 +112,7 @@
steam.enable = true;
wireshark = {
enable = true;
package = pkgs.wireshark-qt;
package = pkgs.wireshark;
};
};
nixos/modules/common.nix
+17 -10
View File
@@ -38,6 +38,15 @@ in
enable = mkDefault true;
wheelNeedsPassword = mkDefault false;
};
# TODO: Add this to fix login
# pam = {
# services = {
# kmscon.rules. = mkIf config.services.kmscon.config.libseat {
# };
# };
# };
};
nix = {
@@ -157,16 +166,14 @@ in
};
services = {
kmscon = {
# As it turns out, kmscon hasn't been updated in years and has some bugs...
# TODO: Remove if-else when 26.11 releases
kmscon = if (config.system.nixos.release == "26.06:u-26.11") then {
enable = mkDefault false;
hwRender = mkDefault true;
extraOptions = "--verbose";
extraConfig =
''
font-name=SauceCodePro Nerd Font Mono
'';
};
config = {
hwaccel = config.hardware.graphics.enable;
font-name = "SauceCodePro Nerd Font Mono";
};
} else { };
getty.greetingLine = mkDefault' ''<<< Welcome to ${config.system.nixos.distroName} ${config.system.nixos.label} (\m) - \l >>>'';
openssh = {
@@ -247,7 +254,7 @@ in
};
}
(mkIf config.services.kmscon.enable {
fonts.fonts = with pkgs; [
fonts.packages = with pkgs; [
nerd-fonts.sauce-code-pro
];
})
nixos/modules/gui/default.nix
+2 -3
View File
@@ -44,8 +44,7 @@ in
swaylock-plugin
];
services = {
# TODO: Remove if-else when 26.05 releases
resolved = if (config.system.nixos.release == "25.11:u-26.05") then {
resolved = {
settings.Resolve = {
FallbackDNS = mkOverride 99 (
"1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google " +
@@ -54,7 +53,7 @@ in
"2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google" );
LLMNR = "resolve";
};
} else { };
};
pipewire = {
enable = true;
nixos/modules/network.nix
+2 -10
View File
@@ -13,21 +13,13 @@ in
};
services.resolved = {
# Explicitly unset fallback DNS (Nix module will not allow for a blank config)
# TODO: Remove if-else when 26.05 releases
} // (if config.system.nixos.release == "25.11:u-25.11" then {
domains = [ config.networking.domain ];
extraConfig = ''
FallbackDNS=
Cache=no-negative
'';
} else {
settings.Resolve = {
Domains = [ config.networking.domain ];
# Explicitly unset fallback DNS (Nix module will not allow for a blank config)
FallbackDNS = "";
Cache = "no-negative";
};
});
};
}
(mkIf config.my.build.isDevVM {
nixos/modules/pdns.nix
+1 -1
View File
@@ -165,7 +165,7 @@ let
extraSettingsOpt = with lib.types; mkOpt' (nullOr str) null "Path to extra settings (e.g. for secrets).";
baseAuthSettings = pkgs.writeText "pdns.conf" (settingsToLines cfg.auth.settings);
baseRecursorSettings = (pkgs.formats.yaml { }).generate "pdns-recursor.yaml" config.services.pdns-recursor.yaml-settings;
baseRecursorSettings = (pkgs.formats.yaml { }).generate "pdns-recursor.yaml" config.services.pdns-recursor.settings;
generateSettings = type: base: dst: if (cfg."${type}".extraSettingsFile != null) then ''
oldUmask="$(umask)"
umask 006
nixos/modules/server.nix
+1 -3
View File
@@ -11,9 +11,7 @@ in
config = mkIf cfg.enable {
services = {
getty.autologinUser = mkDefault uname;
kmscon.autologinUser = mkDefault uname;
# TODO: Update to Setings.Resolve.LLMNR when 26.05 releases
resolved.llmnr = mkDefault "false";
resolved.settings.Resolve.LLMNR = mkDefault "false";
};
systemd = {
timers = {
nixos/modules/tmproot.nix
+4 -4
View File
@@ -336,13 +336,13 @@ in
(persistSimpleSvc "jackett")
(persistSimpleSvc "radarr")
(persistSimpleSvc "sonarr")
(mkIf config.services.jellyseerr.enable {
(mkIf config.services.seerr.enable {
my.tmproot.persistence.config.directories = [
{
directory = "/var/lib/jellyseerr";
directory = "/var/lib/seerr";
mode = "0750";
user = "jellyseerr";
group = "jellyseerr";
user = "seerr";
group = "seerr";
}
];
})