sorceress
/
nix-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sorceress:efa853293599b15ef9e92e84d537140be631f170
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes
...
compare: sorceress:14ab1b18ee97263858ad94f68672ec2fee1dc8df
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes

4 Commits
efa8532935 ... 14ab1b18ee

Author SHA1 Message Date
Agatha Lovelace 14ab1b18ee
Cleanup / updates 2025-05-21 00:42:56 +02:00
Agatha Lovelace 376144b298
mastodont 2025-05-21 00:42:38 +02:00
Agatha Lovelace 7034c44fdb
Clean up torrent config 2025-05-21 00:41:37 +02:00
Agatha Lovelace 5245af2bbe
last 24.05 2024-12-22 15:40:39 +01:00
17 changed files with 273 additions and 362 deletions
Show Stats Expand all files Collapse all files

98
common/fragments/bittorrent.nix Normal file
View File

@ -0,0 +1,98 @@
{ pkgs, ... }:
{
system.fsPackages = with pkgs; [
gocryptfs
cifs-utils
];
systemd.mounts = [
{
after = [ "network.target" ];
what = "//library.technogothic.net/backup";
where = "/mnt/library-raw";
type = "cifs";
options = "gid=users,file_mode=0664,dir_mode=0775";
mountConfig.EnvironmentFile = "/var/lib/secrets/hetzner-env";
}
{
what = "/mnt/library-raw";
where = "/mnt/library";
type = "fuse.gocryptfs";
options = "allow_other,passfile=/var/lib/secrets/gocryptfs-pass";
wantedBy = [ "multi-user.target" ];
}
];
virtualisation.oci-containers.containers = {
"qbittorrent" = {
image = "dyonr/qbittorrentvpn";
autoStart = true;
volumes = [
"/var/lib/qbittorrent:/config"
"/mnt/library:/downloads"
];
environment = {
VPN_TYPE = "wireguard";
LAN_NETWORK = "10.21.0.0/16,10.42.0.0/24,100.64.0.0/24";
};
ports = [ "8080:8080" ];
extraOptions = [
"--cap-add=NET_ADMIN"
"--device=/dev/net/tun"
"--privileged"
];
};
};
services.flood = {
enable = true;
extraArgs = [ "--baseuri=/flood" ];
};
# Jellyfin
services.jellyfin = {
enable = true;
openFirewall = true;
};
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
# SMB Share
services.samba = {
enable = true;
openFirewall = true;
extraConfig = ''
server string = Watchtower
guest account = nobody
map to guest = bad user
'';
shares.Library = {
path = "/mnt/library";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
};
};
services.nginx.enable = true;
services.nginx.virtualHosts."watchtower.thorns.home.arpa" = {
locations."/flood/api" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
proxy_cache off;
'';
};
locations."/flood/" = {
alias = "${pkgs.flood}/lib/node_modules/flood/dist/assets/";
tryFiles = "$uri /flood/index.html";
};
extraConfig = ''
rewrite ^/(flood)$ $1/ permanent;
'';
};
}

118
common/fragments/bittorrent/default.nix
View File

@ -1,118 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
imports = [ ./netns.nix ];
system.fsPackages = with pkgs; [
gocryptfs
cifs-utils
];
systemd.mounts = [
{
after = [ "network.target" ];
what = "//library.technogothic.net/backup";
where = "/mnt/library-raw";
type = "cifs";
options = "gid=users,file_mode=0664,dir_mode=0775";
mountConfig.EnvironmentFile = "/var/lib/secrets/hetzner-env";
}
{
what = "/mnt/library-raw";
where = "/mnt/library";
type = "fuse.gocryptfs";
options = "allow_other,passfile=/var/lib/secrets/gocryptfs-pass";
wantedBy = [ "multi-user.target" ];
}
];
systemd.services."container@transmission" = {
bindsTo = [ "ve-transmission.service" ];
after = [
"ve-transmission.service"
"mnt-library.mount"
];
};
containers.transmission = {
autoStart = true;
extraFlags = [ "--network-namespace-path=/run/netns/transmission" ];
bindMounts = {
"/var/lib/transmission" = {
hostPath = "/var/lib/transmission";
isReadOnly = false;
};
"/mnt/library" = {
hostPath = "/mnt/library";
isReadOnly = false;
};
"/etc/resolv.conf" = {
hostPath = toString (pkgs.writeText "resolv.conf" "nameserver 74.82.42.42");
};
};
config = {
services.transmission = {
enable = true;
package = pkgs.transmission_4;
webHome = pkgs.flood-for-transmission;
settings = {
rpc-bind-address = "::";
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
download-dir = "/mnt/library/Downloads";
incomplete-dir = "/mnt/library/.incomplete";
watch-dir = "/mnt/library/watchdir";
};
openRPCPort = true;
openPeerPorts = true;
};
users.users.transmission.extraGroups = [ "users" ];
# https://github.com/NixOS/nixpkgs/issues/258793
systemd.services.transmission.serviceConfig = {
RootDirectoryStartOnly = lib.mkForce (lib.mkForce false);
RootDirectory = lib.mkForce (lib.mkForce "");
};
system.stateVersion = config.system.stateVersion;
};
};
# Jellyfin
services.jellyfin = {
enable = true;
openFirewall = true;
};
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
# SMB Share
services.samba = {
enable = true;
openFirewall = true;
extraConfig = ''
server string = Watchtower
guest account = nobody
map to guest = bad user
'';
shares.Library = {
path = "/mnt/library";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
};
};
}

96
common/fragments/bittorrent/netns.nix
View File

@ -1,96 +0,0 @@
{
config,
pkgs,
lib,
...
}:
# Collectivized from https://gist.github.com/c0deaddict/53aedbb69c8cbfebfec8f4428dc03102 ☭
let
veth = "ve-transmission";
hostIp = "10.0.0.1/24";
guestIp = "10.0.0.2/24";
in
{
# https://mth.st/blog/nixos-wireguard-netns/
systemd.services."netns@" = {
description = "%I network namespace";
before = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
PrivateNetwork = true;
ExecStart = "${pkgs.writers.writeDash "netns-up" ''
${pkgs.iproute}/bin/ip netns add $1
${pkgs.utillinux}/bin/umount /var/run/netns/$1
${pkgs.utillinux}/bin/mount --bind /proc/self/ns/net /var/run/netns/$1
''} %I";
ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
};
};
systemd.services."wireguard-ccvpn-fr" = {
bindsTo = [ "netns@transmission.service" ];
after = [ "netns@transmission.service" ];
};
networking.wireguard.interfaces.ccvpn-fr = {
ips = [
"10.128.4.199/32"
"fd64:e20:68a3::4c7/128"
];
privateKeyFile = "/var/lib/secrets/ccvpn-fr-key";
socketNamespace = "init";
interfaceNamespace = "transmission";
peers = [
{
publicKey = "QFbr19X11tqUZRerZgItb25FnBsNsd7NyJvAkWTRU1U=";
# Forward all traffic via VPN.
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "fr.204vpn.net:51820";
persistentKeepalive = 15;
}
];
};
# https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking#veth
systemd.services.${veth} =
let
ns = "transmission";
ipHost = "${pkgs.iproute}/bin/ip";
ipGuest = "${ipHost} netns exec ${ns} ${pkgs.iproute}/bin/ip";
in
{
description = "Veth interface for download";
bindsTo = [ "netns@${ns}.service" ];
after = [ "netns@${ns}.service" ];
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writers.writeDash "veth-up" ''
${ipHost} link add ${veth} type veth peer name veth1 netns ${ns}
${ipHost} addr add ${hostIp} dev ${veth}
${ipHost} link set dev ${veth} up
${ipGuest} addr add ${guestIp} dev veth1
${ipGuest} link set dev veth1 up
'';
ExecStop = pkgs.writers.writeDash "veth-down" ''
${ipHost} link del ${veth}
'';
};
};
networking.firewall.allowedTCPPorts = [ 9091 ];
services.nginx.enable = true;
# TODO: change when headscale updates
services.nginx.virtualHosts."watchtower.agatha.thorns.home.arpa" = {
locations."/transmission" = {
proxyPass = "http://10.0.0.2:9091/transmission";
proxyWebsockets = true;
};
};
}

46
common/fragments/grafana.nix
View File

@ -1,10 +1,11 @@
{ config, pkgs, ... }: {
{ config, ... }:
{
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.technogothic.net";
http_port = 2342;
http_addr = "localhost";
http_addr = "127.0.0.1";
};
settings."auth.anonymous" = {
enabled = true;
@ -13,8 +14,7 @@
};
};
networking.firewall.allowedTCPPorts =
[ config.services.grafana.settings.server.http_port ];
networking.firewall.allowedTCPPorts = [ config.services.grafana.settings.server.http_port ];
services.prometheus = {
enable = true;
@ -23,41 +23,27 @@
scrapeConfigs = [
{
job_name = "bloodletting";
static_configs = [{
targets = [
"localhost:${
toString config.services.prometheus.exporters.node.port
}"
];
}];
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
];
}
{
job_name = "nginx";
static_configs = [{
targets = [
"localhost:${
toString config.services.prometheus.exporters.nginx.port
}"
];
}];
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ]; }
];
}
{
job_name = "telegraf";
static_configs = [{
targets = [
config.services.telegraf.extraConfig.outputs.prometheus_client.listen
];
}];
static_configs = [
{ targets = [ config.services.telegraf.extraConfig.outputs.prometheus_client.listen ]; }
];
}
{
job_name = "process";
static_configs = [{
targets = [
"localhost:${
toString config.services.prometheus.exporters.process.port
}"
];
}];
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.exporters.process.port}" ]; }
];
}
];
};

1
common/fragments/graphical/default.nix
View File

@ -19,7 +19,6 @@
pridefetch
rink
sshfs
unstable.rustmission
whois
wireguard-tools
yt-dlp

17
common/fragments/headscale.nix
View File

@ -1,15 +1,16 @@
{ pkgs, ... }:
{
services.headscale = {
enable = true;
port = 52812;
settings.server_url = "https://hs.technogothic.net";
settings.dns_config = {
nameservers = [
"94.140.14.14"
"94.140.15.15"
]; # AdGuard Public DNS
base_domain = "thorns.home.arpa";
settings = {
server_url = "https://hs.technogothic.net";
dns = {
nameservers.global = [
"94.140.14.14"
"94.140.15.15"
]; # AdGuard Public DNS
base_domain = "thorns.home.arpa";
};
};
};
}

5
common/fragments/mastodon.nix
View File

@ -1,4 +1,5 @@
{ config, pkgs, ... }: {
{ config, pkgs, ... }:
{
services.mastodon = {
enable = true;
@ -26,6 +27,8 @@
};
};
systemd.services.mastodon-web.path = [ pkgs.imagemagick ];
users.groups.mastodon.members = [ config.services.nginx.user ];
services.elasticsearch = {

2
common/home_manager/common.nix
View File

@ -133,7 +133,7 @@
cat = "bat";
ip = "ip -color=always";
youtube-dl-audio = ''yt-dlp --ignore-errors --output "%(title)s.%(ext)s" --extract-audio --audio-format best'';
rsync = "rsync -az --partial --info=progress2";
# rsync = "rsync -az --partial --info=progress2";
};
shellAliases.tailscale = lib.mkIf (
!pkgs.stdenv.isLinux

4
common/linux-specific.nix
View File

@ -38,9 +38,9 @@
};
# Configure keymap in X11
services.xserver = {
services.xserver.xkb = {
layout = "us";
xkbVariant = "";
variant = "";
};
# Enable the OpenSSH daemon.

34
common/pkgs/mastodon/gemset.nix
View File

@ -484,20 +484,20 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0511idr8xps9625nh3kxr68sdy6l3xy2kcz7r57g47fxb1v18jj3";
sha256 = "1dsf9gjc2cj79vrnz2vgq573biqjw7ad4b0idm05xg6rb3y9gq4y";
type = "gem";
};
version = "0.5.9.6";
version = "0.5.9.8";
};
charlock_holmes = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0hybw8jw9ryvz5zrki3gc9r88jqy373m6v46ynxsdzv1ysiyr40p";
sha256 = "0cym7a0mrgf8wr27x07ka7fsjz3l7l9qiiyqra34f5k5ghira0c0";
type = "gem";
};
version = "0.7.7";
version = "0.7.8";
};
chewy = {
dependencies = ["activesupport" "elasticsearch" "elasticsearch-dsl"];
@ -505,10 +505,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0ip56hy2k1g908cm1ccyrbv16n31jg2qkc5s021bqxajsscjiy75";
sha256 = "0kgqj7hcs09ln7i1rds1xify08rzjk02ryzvjdvnllg1fkh3vm2b";
type = "gem";
};
version = "7.4.0";
version = "7.6.0";
};
chunky_png = {
groups = ["default"];
@ -1843,15 +1843,25 @@
};
version = "0.4.0";
};
net-ssh = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0yx0pb5fmziz92bw8qzbh8vf20lr56nd3s6q8h0gsgr307lki687";
type = "gem";
};
version = "7.1.0";
};
nio4r = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0w9978zwjf1qhy3amkivab0f9syz6a7k0xgydjidaf7xc831d78f";
sha256 = "017nbw87dpr4wyk81cgj8kxkxqgsgblrkxnmmadc77cg9gflrfal";
type = "gem";
};
version = "2.5.9";
version = "2.7.3";
};
nokogiri = {
dependencies = ["mini_portile2" "racc"];
@ -1859,10 +1869,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "173zavvxlwyi48lfskk48wcrdbkvjlhjhvy4jpcrfx72rpjjx4k8";
sha256 = "1vz1ychq2fhfqjgqdrx8bqkaxg5dzcgwnah00m57ydylczfy8pwk";
type = "gem";
};
version = "1.16.2";
version = "1.16.6";
};
nsa = {
dependencies = ["activesupport" "concurrent-ruby" "sidekiq" "statsd-ruby"];
@ -3374,10 +3384,10 @@
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1gir0if4nryl1jhwi28669gjwhxb7gzrm1fcc8xzsch3bnbi47jn";
sha256 = "08cfb35232p9s1r4jqv8wacv38vxh699mgbr9y03ga89gx9lipqp";
type = "gem";
};
version = "2.6.12";
version = "2.6.16";
};
}

31
common/pkgs/mastodon/source.nix
View File

@ -1,27 +1,22 @@
# This file was generated by pkgs.mastodon.updateScript.
{ lib, fetchFromGitHub, applyPatches, postPatch ? "", patches ? [ ], gawk
, gnused, yarn-berry }:
let version = "f571dbe35dbc4876f9ca76b3f6d459839c67a2ef";
in (applyPatches {
{
fetchFromGitHub,
applyPatches,
patches ? [ ],
}:
let
version = "0529f742ecbcf902ffa4ab9283579f72eae78361";
in
(applyPatches {
src = fetchFromGitHub {
owner = "AgathaSorceress";
repo = "mastodon";
rev = "${version}";
sha256 = "3ZJMiciV0muv5j468hEKJUZGDhKcNCJnDFn6ZqKM1F4=";
hash = "sha256-rAHCQHVv4tZqbRhx43T3YEnsR/THR6gzzjv5yUO4GIU=";
};
inherit patches;
nativeBuildInputs = [ gawk gnused ];
postPatch = postPatch
+ lib.optionalString (lib.versionAtLeast yarn-berry.version "4.1.0") ''
# this is for yarn starting with 4.1.0 because fuck everything amirite
# see also https://github.com/yarnpkg/berry/pull/6083
echo "patching cachekey in yarn.lock"
cacheKey="$(awk -e '/cacheKey:/ {print $2}' yarn.lock)"
sed -i -Ee 's|^ checksum: ([^/]*)$| checksum: '$cacheKey'/\1|g;' yarn.lock
'';
}) // {
patches = patches ++ [ ];
})
// {
inherit version;
yarnHash = "sha256-wdEunwUsV/IaJvNq+YIqRXNKLBrqPeeL5Ig+33dT/AY=";
}

4
common/pkgs/mastodon/update.sh
View File

@ -66,7 +66,7 @@ trap cleanup EXIT
echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
HASH=$(echo "$JSON" | jq -r .sha256)
HASH=$(echo "$JSON" | jq -r .hash)
cat > source.nix << EOF
# This file was generated by pkgs.mastodon.updateScript.
@ -80,7 +80,7 @@ in
owner = "$OWNER";
repo = "$REPO";
rev = "\${version}";
sha256 = "$HASH";
hash = "$HASH";
};
patches = patches ++ [$PATCHES];
}) // {

120
flake.lock
View File

@ -129,11 +129,11 @@
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
@ -175,9 +175,7 @@
"frq-friend": {
"inputs": {
"naersk": "naersk",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs": "nixpkgs_2",
"utils": "utils_2"
},
"locked": {
@ -204,11 +202,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1732579614,
"narHash": "sha256-LREXerN4a4DHG38a2KZPum7E/OKNhYgrBtU6AsD5SnQ=",
"lastModified": 1734878912,
"narHash": "sha256-M1uvMQUY9yuzlLlDYbP2LjBrolkGiYVKIRRwlxWYyTg=",
"owner": "helix-editor",
"repo": "helix",
"rev": "80709cee610f1758af1e62d53bde2eb8aa706a0c",
"rev": "ea17b9edb708bc5ea26fec95dda66a6f45753545",
"type": "github"
},
"original": {
@ -224,16 +222,16 @@
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"lastModified": 1734366194,
"narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
@ -241,15 +239,15 @@
"lix": {
"flake": false,
"locked": {
"lastModified": 1723503926,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"lastModified": 1729298361,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
}
},
"lix-module": {
@ -262,15 +260,15 @@
]
},
"locked": {
"lastModified": 1723510904,
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
"lastModified": 1732605668,
"narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=",
"rev": "f19bd752910bbe3a861c9cad269bd078689d50fe",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"
}
},
"lowdown-src": {
@ -355,7 +353,7 @@
},
"naersk_2": {
"inputs": {
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1687852486,
@ -380,11 +378,11 @@
]
},
"locked": {
"lastModified": 1698420672,
"narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=",
"lastModified": 1721727458,
"narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=",
"owner": "nix-community",
"repo": "naersk",
"rev": "aeb58d5e8faead8980a807c840232697982d47b9",
"rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11",
"type": "github"
},
"original": {
@ -397,7 +395,7 @@
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
@ -421,11 +419,11 @@
]
},
"locked": {
"lastModified": 1732420287,
"narHash": "sha256-CzvYF4x6jUh/+NEEIFrIY5t1W/N3IA2bNZJiMXu9GTo=",
"lastModified": 1733570843,
"narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "3c52583b99666a349a6219dc1f0dd07d75c82d6a",
"rev": "a35b08d09efda83625bef267eb24347b446c80b8",
"type": "github"
},
"original": {
@ -450,16 +448,16 @@
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1730891215,
"narHash": "sha256-i85DPrhDuvzgvIWCpJlbfM2UFtNYbapo20MtQXsvay4=",
"lastModified": 1734761983,
"narHash": "sha256-U1kYa/N53vruy1E/E/n7NxsJDbTkVQmC7TCdTeNieSE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c128e44a249d6180740d0a979b6480d5b795c013",
"rev": "d38b1bc9ef4bf6ca6726e0681895e1c3e8215a49",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-24.05-darwin",
"ref": "nixpkgs-24.11-darwin",
"repo": "nixpkgs",
"type": "github"
}
@ -482,11 +480,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1732238832,
"narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=",
"lastModified": 1734435836,
"narHash": "sha256-kMBQ5PRiFLagltK0sH+08aiNt3zGERC2297iB6vrvlU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d",
"rev": "4989a246d7a390a859852baddb1013f825435cee",
"type": "github"
},
"original": {
@ -497,6 +495,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1681272286,
"narHash": "sha256-9X5p+gwYrowgbsRgkf14HFI0fkr6UikuwRIQAMlF1yI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6b70761ea8c896aff8994eb367d9526686501860",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1687946342,
"narHash": "sha256-vRxti8pOuXS0rJmqjbD8ueEEFXWSK22ISHoCWkhgzzg=",
@ -510,7 +524,7 @@
"type": "indirect"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1657693803,
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
@ -526,23 +540,23 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1731797254,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"lastModified": 1734737257,
"narHash": "sha256-GIMyMt1pkkoXdCq9un859bX6YQZ/iYtukb9R5luazLM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"rev": "1c6e20d41d6a9c1d737945962160e8571df55daa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1682092588,
"narHash": "sha256-NjKBPnScpbGiH/YOx74DIFOVkr5AKJOVZoy0l7J58gk=",
@ -569,7 +583,7 @@
"matrix-ril100": "matrix-ril100",
"mms": "mms",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-unstable": "nixpkgs-unstable",
"url-eater": "url-eater",
@ -727,11 +741,11 @@
"utils": "utils_4"
},
"locked": {
"lastModified": 1710529176,
"narHash": "sha256-TuDrnw1USxWsGQMQuX50D69A3Z555vC0Q0knYcd/qGE=",
"lastModified": 1734618283,
"narHash": "sha256-QFYFxw58d3WOU6SYDiazyaSz+mSJwgABsMEf1joM2FE=",
"owner": "AgathaSorceress",
"repo": "url-eater",
"rev": "21be820dcd6fa5c91e9a46fb8c72f13db631ed54",
"rev": "96af6b75a3605043141db6bf80ad60866c10c827",
"type": "github"
},
"original": {
@ -799,11 +813,11 @@
"systems": "systems_6"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@ -832,7 +846,7 @@
},
"vampysite": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"utils": "utils_5"
},
"locked": {

14
flake.nix
View File

@ -1,18 +1,18 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-24.05-darwin";
nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-24.11-darwin";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
vampysite.url = "git+https://git.lain.faith/sorceress/vampysite";
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -42,10 +42,7 @@
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
frq-friend = {
url = "git+https://git.xenua.me/xenua/fedi-frq-friend";
inputs.nixpkgs.follows = "nixpkgs";
};
frq-friend.url = "git+https://git.xenua.me/xenua/fedi-frq-friend";
helix = {
url = "github:helix-editor/helix";
@ -209,7 +206,6 @@
./common
./common/linux-specific.nix
./hosts/tears/configuration.nix
./common/options.nix
(import "${home-manager}/nixos")
url-eater.nixosModules.default
];

10
hosts/bloodletting/configuration.nix
View File

@ -269,6 +269,16 @@
};
};
virtualHosts."jellyfin.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://watchtower.thorns.home.arpa:8096";
proxyWebsockets = true;
};
};
virtualHosts."carvideo.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;

2
hosts/watchtower/configuration.nix
View File

@ -2,7 +2,7 @@
imports = [
./hardware-configuration.nix
../../common/home_manager/common.nix
../../common/fragments/bittorrent
../../common/fragments/bittorrent.nix
../../common/fragments/home-assistant.nix
../../common/fragments/sponsorblock.nix
];

33
hosts/watchtower/hardware-configuration.nix
View File

@ -1,31 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "amd_pstate=guided" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eba0bc60-b96f-4b28-9447-f36209410ba3";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d".device =
"/dev/disk/by-uuid/9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d";
boot.initrd.luks.devices."luks-9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d".device = "/dev/disk/by-uuid/9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D95C-66EE";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/8a64d656-8ba2-4c11-87bf-858e1ca3ec7e"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/8a64d656-8ba2-4c11-87bf-858e1ca3ec7e"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -35,6 +49,5 @@
# networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}