mirror of
https://github.com/Swarsel/.dotfiles.git
synced 2026-04-14 21:29:12 +02:00
chore: update flake
This commit is contained in:
Leon Schwarzäugl
parent
9b7f98df7d
commit
70e908fcb0
GPG key ID:
26A54C31F2A4FD84
11 changed files with 541 additions and 643 deletions
|
|
@ -1736,8 +1736,8 @@ A short overview over each input and what it does:
|
||||||
nixpkgs-stable25_11.url = "github:NixOS/nixpkgs/nixos-25.11";
|
nixpkgs-stable25_11.url = "github:NixOS/nixpkgs/nixos-25.11";
|
||||||
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
# url = "github:nix-community/home-manager";
|
url = "github:nix-community/home-manager";
|
||||||
url = "github:Swarsel/home-manager/main";
|
# url = "github:Swarsel/home-manager/main";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
nix-index-database = {
|
nix-index-database = {
|
||||||
|
|
@ -11348,22 +11348,7 @@ This is a collection of packages that are useful for server-type hosts that do n
|
||||||
services = {
|
services = {
|
||||||
# add a user with sudo smbpasswd -a <user>
|
# add a user with sudo smbpasswd -a <user>
|
||||||
samba = {
|
samba = {
|
||||||
# package = pkgs.samba4Full;
|
|
||||||
package = pkgs.samba4;
|
package = pkgs.samba4;
|
||||||
# extraConfig = ''
|
|
||||||
# workgroup = WORKGROUP
|
|
||||||
# server role = standalone server
|
|
||||||
# dns proxy = no
|
|
||||||
|
|
||||||
# pam password change = yes
|
|
||||||
# map to guest = bad user
|
|
||||||
# create mask = 0664
|
|
||||||
# force create mode = 0664
|
|
||||||
# directory mask = 0775
|
|
||||||
# force directory mode = 0775
|
|
||||||
# follow symlinks = yes
|
|
||||||
# '';
|
|
||||||
|
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
settings.Eternor = {
|
settings.Eternor = {
|
||||||
|
|
@ -13153,13 +13138,14 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
|
||||||
|
|
||||||
services.${serviceName} = {
|
services.${serviceName} = {
|
||||||
enable = true;
|
enable = true;
|
||||||
musicDirectory = "/storage/Music";
|
openFirewall = true;
|
||||||
|
settings = {
|
||||||
|
music_directory = "/storage/Music";
|
||||||
|
bind_to_address = "any";
|
||||||
|
port = servicePort;
|
||||||
|
};
|
||||||
user = serviceUser;
|
user = serviceUser;
|
||||||
group = serviceGroup;
|
group = serviceGroup;
|
||||||
network = {
|
|
||||||
port = servicePort;
|
|
||||||
listenAddress = "any";
|
|
||||||
};
|
|
||||||
credentials = [
|
credentials = [
|
||||||
{
|
{
|
||||||
passwordFile = config.sops.secrets.mpd-pw.path;
|
passwordFile = config.sops.secrets.mpd-pw.path;
|
||||||
|
|
@ -14443,8 +14429,7 @@ Note: you still need to run =restic-<name> init= once on the host to get the buc
|
||||||
{ lib, pkgs, config, ... }:
|
{ lib, pkgs, config, ... }:
|
||||||
let
|
let
|
||||||
inherit (config.swarselsystems) sopsFile;
|
inherit (config.swarselsystems) sopsFile;
|
||||||
|
inherit (config.swarselsystems.server.restic) targets;
|
||||||
targets = config.swarselsystems.server.restic.targets;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";
|
options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";
|
||||||
|
|
@ -15276,7 +15261,7 @@ FreshRSS claims to support HTTP header auth, but at least it does not work with
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
|
environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
|
||||||
directories = [{ directory = "/var/lib/private/${serviceName}"; }];
|
directories = [{ directory = "/var/lib/private/anki-sync-server"; }];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.anki-sync-server = {
|
services.anki-sync-server = {
|
||||||
|
|
@ -16144,7 +16129,7 @@ kanidm person credential create-reset-token <user>
|
||||||
|
|
||||||
postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
|
postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
|
||||||
postgresPort = config.services.postgresql.settings.port; # 5432
|
postgresPort = config.services.postgresql.settings.port; # 5432
|
||||||
containerRev = "sha256:96693e41a6eb2aae44f96033a090378270f024ddf4e6095edf8d57674f21095d";
|
containerRev = "sha256:bb8ad2b6891441d8ec5c3169b684b71574f3bb3e9afb345bad2f91d833d60340";
|
||||||
|
|
||||||
inherit (config.swarselsystems) sopsFile;
|
inherit (config.swarselsystems) sopsFile;
|
||||||
in
|
in
|
||||||
|
|
@ -17061,13 +17046,6 @@ in
|
||||||
directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }];
|
directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.homebox = {
|
|
||||||
environment = {
|
|
||||||
TMPDIR = "/var/lib/homebox/.tmp";
|
|
||||||
HOME = "/var/lib/homebox";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.${serviceName} = {
|
services.${serviceName} = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.bisect.homebox;
|
package = pkgs.bisect.homebox;
|
||||||
|
|
@ -19065,7 +19043,7 @@ This has some state:
|
||||||
];
|
];
|
||||||
dhcp.enabled = false;
|
dhcp.enabled = false;
|
||||||
};
|
};
|
||||||
filtering.rewrites = map
|
filtering.rewrites = (map
|
||||||
(domain: {
|
(domain: {
|
||||||
inherit domain;
|
inherit domain;
|
||||||
# FIXME: change to homeWebProxy once that is setup
|
# FIXME: change to homeWebProxy once that is setup
|
||||||
|
|
@ -19073,7 +19051,13 @@ This has some state:
|
||||||
# answer = globals.hosts.${webProxy}.wanAddress4;
|
# answer = globals.hosts.${webProxy}.wanAddress4;
|
||||||
enabled = true;
|
enabled = true;
|
||||||
})
|
})
|
||||||
homeDomains;
|
homeDomains) ++ [
|
||||||
|
{
|
||||||
|
domain = "smb.${globals.domains.main}";
|
||||||
|
answer = globals.networks.home-lan.vlans.services.hosts.storage.ipv4;
|
||||||
|
enabled = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
filters = [
|
filters = [
|
||||||
{
|
{
|
||||||
name = "AdGuard DNS filter";
|
name = "AdGuard DNS filter";
|
||||||
|
|
@ -25136,16 +25120,20 @@ When setting up a new machine:
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.user.tmpfiles.rules = [
|
||||||
|
"d ${homeDir}/.gnupg 0700 ${mainUser} users - -"
|
||||||
|
];
|
||||||
|
|
||||||
# assure correct permissions
|
# assure correct permissions
|
||||||
systemd.user.tmpfiles.settings."30-gpgagent".rules = {
|
# systemd.user.tmpfiles.settings."30-gpgagent".rules = {
|
||||||
"${homeDir}/.gnupg" = {
|
# "${homeDir}/.gnupg" = {
|
||||||
d = {
|
# d = {
|
||||||
group = "users";
|
# group = "users";
|
||||||
user = mainUser;
|
# user = mainUser;
|
||||||
mode = "0700";
|
# mode = "0700";
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
952
flake.lock
generated
952
flake.lock
generated
File diff suppressed because it is too large
Load diff
|
|
@ -36,8 +36,8 @@
|
||||||
nixpkgs-stable25_11.url = "github:NixOS/nixpkgs/nixos-25.11";
|
nixpkgs-stable25_11.url = "github:NixOS/nixpkgs/nixos-25.11";
|
||||||
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
# url = "github:nix-community/home-manager";
|
url = "github:nix-community/home-manager";
|
||||||
url = "github:Swarsel/home-manager/main";
|
# url = "github:Swarsel/home-manager/main";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
nix-index-database = {
|
nix-index-database = {
|
||||||
|
|
|
||||||
|
|
@ -36,16 +36,20 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.user.tmpfiles.rules = [
|
||||||
|
"d ${homeDir}/.gnupg 0700 ${mainUser} users - -"
|
||||||
|
];
|
||||||
|
|
||||||
# assure correct permissions
|
# assure correct permissions
|
||||||
systemd.user.tmpfiles.settings."30-gpgagent".rules = {
|
# systemd.user.tmpfiles.settings."30-gpgagent".rules = {
|
||||||
"${homeDir}/.gnupg" = {
|
# "${homeDir}/.gnupg" = {
|
||||||
d = {
|
# d = {
|
||||||
group = "users";
|
# group = "users";
|
||||||
user = mainUser;
|
# user = mainUser;
|
||||||
mode = "0700";
|
# mode = "0700";
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -59,7 +59,7 @@ in
|
||||||
];
|
];
|
||||||
dhcp.enabled = false;
|
dhcp.enabled = false;
|
||||||
};
|
};
|
||||||
filtering.rewrites = map
|
filtering.rewrites = (map
|
||||||
(domain: {
|
(domain: {
|
||||||
inherit domain;
|
inherit domain;
|
||||||
# FIXME: change to homeWebProxy once that is setup
|
# FIXME: change to homeWebProxy once that is setup
|
||||||
|
|
@ -67,7 +67,13 @@ in
|
||||||
# answer = globals.hosts.${webProxy}.wanAddress4;
|
# answer = globals.hosts.${webProxy}.wanAddress4;
|
||||||
enabled = true;
|
enabled = true;
|
||||||
})
|
})
|
||||||
homeDomains;
|
homeDomains) ++ [
|
||||||
|
{
|
||||||
|
domain = "smb.${globals.domains.main}";
|
||||||
|
answer = globals.networks.home-lan.vlans.services.hosts.storage.ipv4;
|
||||||
|
enabled = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
filters = [
|
filters = [
|
||||||
{
|
{
|
||||||
name = "AdGuard DNS filter";
|
name = "AdGuard DNS filter";
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
|
environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
|
||||||
directories = [{ directory = "/var/lib/private/${serviceName}"; }];
|
directories = [{ directory = "/var/lib/private/anki-sync-server"; }];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.anki-sync-server = {
|
services.anki-sync-server = {
|
||||||
|
|
|
||||||
|
|
@ -41,13 +41,6 @@ in
|
||||||
directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }];
|
directories = [{ directory = "/var/lib/${serviceName}"; user = serviceUser; group = serviceGroup; }];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.homebox = {
|
|
||||||
environment = {
|
|
||||||
TMPDIR = "/var/lib/homebox/.tmp";
|
|
||||||
HOME = "/var/lib/homebox";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.${serviceName} = {
|
services.${serviceName} = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.bisect.homebox;
|
package = pkgs.bisect.homebox;
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ let
|
||||||
|
|
||||||
postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
|
postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
|
||||||
postgresPort = config.services.postgresql.settings.port; # 5432
|
postgresPort = config.services.postgresql.settings.port; # 5432
|
||||||
containerRev = "sha256:96693e41a6eb2aae44f96033a090378270f024ddf4e6095edf8d57674f21095d";
|
containerRev = "sha256:bb8ad2b6891441d8ec5c3169b684b71574f3bb3e9afb345bad2f91d833d60340";
|
||||||
|
|
||||||
inherit (config.swarselsystems) sopsFile;
|
inherit (config.swarselsystems) sopsFile;
|
||||||
in
|
in
|
||||||
|
|
|
||||||
|
|
@ -38,13 +38,14 @@ in
|
||||||
|
|
||||||
services.${serviceName} = {
|
services.${serviceName} = {
|
||||||
enable = true;
|
enable = true;
|
||||||
musicDirectory = "/storage/Music";
|
openFirewall = true;
|
||||||
|
settings = {
|
||||||
|
music_directory = "/storage/Music";
|
||||||
|
bind_to_address = "any";
|
||||||
|
port = servicePort;
|
||||||
|
};
|
||||||
user = serviceUser;
|
user = serviceUser;
|
||||||
group = serviceGroup;
|
group = serviceGroup;
|
||||||
network = {
|
|
||||||
port = servicePort;
|
|
||||||
listenAddress = "any";
|
|
||||||
};
|
|
||||||
credentials = [
|
credentials = [
|
||||||
{
|
{
|
||||||
passwordFile = config.sops.secrets.mpd-pw.path;
|
passwordFile = config.sops.secrets.mpd-pw.path;
|
||||||
|
|
|
||||||
|
|
@ -19,22 +19,7 @@ in
|
||||||
services = {
|
services = {
|
||||||
# add a user with sudo smbpasswd -a <user>
|
# add a user with sudo smbpasswd -a <user>
|
||||||
samba = {
|
samba = {
|
||||||
# package = pkgs.samba4Full;
|
|
||||||
package = pkgs.samba4;
|
package = pkgs.samba4;
|
||||||
# extraConfig = ''
|
|
||||||
# workgroup = WORKGROUP
|
|
||||||
# server role = standalone server
|
|
||||||
# dns proxy = no
|
|
||||||
|
|
||||||
# pam password change = yes
|
|
||||||
# map to guest = bad user
|
|
||||||
# create mask = 0664
|
|
||||||
# force create mode = 0664
|
|
||||||
# directory mask = 0775
|
|
||||||
# force directory mode = 0775
|
|
||||||
# follow symlinks = yes
|
|
||||||
# '';
|
|
||||||
|
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
settings.Eternor = {
|
settings.Eternor = {
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,7 @@
|
||||||
{ lib, pkgs, config, ... }:
|
{ lib, pkgs, config, ... }:
|
||||||
let
|
let
|
||||||
inherit (config.swarselsystems) sopsFile;
|
inherit (config.swarselsystems) sopsFile;
|
||||||
|
inherit (config.swarselsystems.server.restic) targets;
|
||||||
targets = config.swarselsystems.server.restic.targets;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";
|
options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue