Compare commits

...

3 commits

Author SHA1 Message Date
Update Bot
c6ebf0e256
Update from update-inputs-2024-11-14-04-20 2024-11-14 04:20:20 +01:00
Update Bot
19d07a5e45
flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc' (2024-11-10)
  → 'github:nix-community/disko/5fd852c4155a689098095406500d0ae3d04654a8' (2024-11-14)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17)
  → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b' (2024-11-13)
• Updated input 'home-manager':
    'github:nix-community/home-manager/60bb110917844d354f3c18e05450606a435d2d10' (2024-11-10)
  → 'github:nix-community/home-manager/35b055009afd0107b69c286fca34d2ad98940d57' (2024-11-13)
• Updated input 'nixvim':
    'github:nix-community/nixvim/7dc65b2d9873b6bbb6ef90234b3db6546e4ed9af' (2024-11-12)
  → 'github:nix-community/nixvim/f11a877bcc1d66cc8bd7990c704f91c1e99c7d08' (2024-11-13)
• Updated input 'stylix':
    'github:danth/stylix/6863412636c8f2cb3b7360f747fbd020fbfddf68' (2024-11-08)
  → 'github:danth/stylix/be94701ce7b746cb020e667f71492e398ed470f4' (2024-11-13)
2024-11-14 04:20:18 +01:00
8c02b4a16d
crime: add backup 2024-11-13 17:07:46 +01:00
8 changed files with 83 additions and 42 deletions

View file

@ -4,6 +4,7 @@ keys:
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn - &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf - &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
- &florp age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t - &florp age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
- &crime age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
creation_rules: creation_rules:
- path_regex: secrets/services/dns-knot.yaml - path_regex: secrets/services/dns-knot.yaml
key_groups: key_groups:
@ -65,3 +66,9 @@ creation_rules:
- *emily - *emily
age: age:
- *florp - *florp
- path_regex: secrets/restic/zh3485s2.yaml
key_groups:
- pgp:
- *emily
age:
- *crime

View file

@ -14,8 +14,15 @@
"2a0f:be01:0:100::b00b:a/128" "2a0f:be01:0:100::b00b:a/128"
]; ];
}; };
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
kyouma.nginx.defaultForbidden = "fentanyl.trade"; kyouma.nginx.defaultForbidden = "fentanyl.trade";
kyouma.restic = {
enable = true;
remoteUser = "zh3485s2";
paths = [
"/var/lib/jellyfin"
"/var/lib/radarr"
"/var/lib/sonarr"
"/var/lib/private/prowlarr"
];
};
} }

View file

@ -11,8 +11,13 @@
hostName = "florp"; hostName = "florp";
domain = lib.mkForce "social"; domain = lib.mkForce "social";
}; };
kyouma.nginx.defaultForbidden = "florp.social"; systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::171/128"
];
};
kyouma.nginx.defaultForbidden = "florp.social";
kyouma.restic = let kyouma.restic = let
pgBackup = "/var/cache/postgresql.sql"; pgBackup = "/var/cache/postgresql.sql";
in { in {
@ -39,11 +44,6 @@
rm -f -- ${pgBackup} rm -f -- ${pgBackup}
''; '';
}; };
systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::171/128"
];
};
services.postgresql.settings = { services.postgresql.settings = {
max_connections = 128; max_connections = 128;

View file

@ -1,16 +1,12 @@
{ lib, pkgs, ... }: { { lib, pkgs, ... }: {
users.groups.crime = {};
services = { services = {
prowlarr.enable = true; prowlarr.enable = true;
} // lib.genAttrs [ "sonarr" "radarr" ] (_: { } // lib.genAttrs [ "sonarr" "radarr" ] (_: {
enable = true; enable = true;
group = "crime";
}); });
systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: { systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: {
wants = [ "rclone-mezzomix.service" ]; wants = [ "mnt-mezzomix.mount" ];
serviceConfig.UMask = "0002";
}); });
systemd.mounts = lib.singleton { systemd.mounts = lib.singleton {
@ -37,9 +33,10 @@
kyouma.nginx.virtualHosts = { kyouma.nginx.virtualHosts = {
"crime.kyouma.net" = { "crime.kyouma.net" = {
verifyClientCert = true; verifyClientCert = true;
disableHttp3 = true;
locations = { locations = {
"/".root = ./landingPage.html; # "/".root = pkgs.writeTextDir "index.html" (builtins.readFile ./landingPage.html);
"/sonarr/" = { "/" = {
proxyPass = "http://127.0.0.1:8989"; proxyPass = "http://127.0.0.1:8989";
recommendedProxySettings = true; recommendedProxySettings = true;
}; };

View file

@ -1,13 +1,6 @@
{ lib, ... }: { { lib, ... }: {
users.groups.crime = {}; services.jellyfin.enable = true;
services.jellyfin = {
enable = true;
group = "crime";
};
systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0002";
kyouma.nginx.virtualHosts = { kyouma.nginx.virtualHosts = {
"watch.kyouma.net".redirectTo = "fentanyl.trade"; "watch.kyouma.net".redirectTo = "fentanyl.trade";

View file

@ -156,11 +156,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731274291, "lastModified": 1731549112,
"narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", "narHash": "sha256-c9I3i1CwZ10SoM5npQQVnfwgvB86jAS3lT4ZqkRoSOI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", "rev": "5fd852c4155a689098095406500d0ae3d04654a8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -345,11 +345,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1726560853, "lastModified": 1731533236,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -562,11 +562,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731235328, "lastModified": 1731535640,
"narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", "narHash": "sha256-2EckCJn4wxran/TsRiCOFcmVpep2m9EBKl99NBh2GnM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "60bb110917844d354f3c18e05450606a435d2d10", "rev": "35b055009afd0107b69c286fca34d2ad98940d57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -977,11 +977,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1731452383, "lastModified": 1731527733,
"narHash": "sha256-Qht3yghgs5rVaYwGtv3i77b8ILlZPPQEZoi6pU8T1TE=", "narHash": "sha256-12OpSgbLDiKmxvBXwVracIfGI9FpjFyHpa1r0Ho+NFA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "7dc65b2d9873b6bbb6ef90234b3db6546e4ed9af", "rev": "f11a877bcc1d66cc8bd7990c704f91c1e99c7d08",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1093,11 +1093,11 @@
"tinted-tmux": "tinted-tmux" "tinted-tmux": "tinted-tmux"
}, },
"locked": { "locked": {
"lastModified": 1731090365, "lastModified": 1731537763,
"narHash": "sha256-ti3gXhgVpIUL/7w6zDJuH+hOnyTZqxrIX/yYqALmiEI=", "narHash": "sha256-dOjxeHAXbQ4KRe5j9uClFp8SyYY2r62bbsdraETtO84=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "6863412636c8f2cb3b7360f747fbd020fbfddf68", "rev": "be94701ce7b746cb020e667f71492e398ed470f4",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -22,8 +22,6 @@
ssl_verify_depth 1; ssl_verify_depth 1;
''; '';
forceSSL = true; forceSSL = true;
http3 = true;
quic = true;
} // } //
lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) { lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) {
enableACME = true; enableACME = true;
@ -33,7 +31,11 @@
useACMEHost = vhostCfg.redirectTo; useACMEHost = vhostCfg.redirectTo;
globalRedirect = vhostCfg.redirectTo; globalRedirect = vhostCfg.redirectTo;
} // } //
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" "verifyClientCert" ]); lib.optionalAttrs (!vhostCfg ? "disableHttp3") {
http3 = true;
quic = true;
} //
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" "verifyClientCert" "disableHttp3" ]);
in { in {
options = { options = {

View file

@ -0,0 +1,35 @@
restic:
zh3485s2:
password: ENC[AES256_GCM,data:GAesjt8CMFKuZk30vJTS7kH0cSg/p6NQCOU9udcVbVCurnUdqjKqZp97KnCcmA/A,iv:bf7trphHgzFzI3Pza8dDOgmKcHsBURsXEHtw0KpGQ7s=,tag:zE1WXaptcqBQMqgk+6SRqQ==,type:str]
id_ed25519: ENC[AES256_GCM,data:hRViIdnq9VNjjqD/X6tERHsCAuxF723bh+oES/Va5KVBJdsEK2LYXWxRQV6/dpYGnmSBNJ2q4eJS0iz2kjfNUTXg1DQZ0uuxSDbhOcKQ+ksE99VrU3Go7196gXQ+rsCuRht6vzgGzIoTcMVDlA+lvJ2EAB0o7EhK4qcKI0pRHziy4/i0JgLJKc2Xw7WwAZajyUToRrroi+oh3LRJiN0+L3B13RWNBDMxfVgSH5KERhPjU40VteKNyXg9YnZxiqRMTmDmpAu/fogXwIDgnfRuWBoDgPsHeSWVN/0IpfEegoXnmdYUGk9vKQmXNJ5z7vj6oIaz8Zuk9PfPaKZHrsUGkPZqBJydvfcUpH74+sn3idDJdQ92mYIn6rorabt6QtN9bbtULmtOU/R7wvZkRSn3SmvR6uo/xShs1pkwGa1oidn8atfoMMYnR973wvuGlDZwFGy0ZJD+Mc108U7o0U153/MervsxxZ3eIpzgmRol+TjoSJINQoPNPHsj6nx65MNfJd+AFw35h5jKUag4xKaPXS5ew/wDCqZ1PFYG,iv:P8VtAFoL0CcO7m7S60JardB95MUWYiABDOUZhLhXEzo=,tag:fLniekA0lMx6wW3u4NZPKQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUnFUQlhzYTdyblNOWUt3
V0daclVOZ0hlSmlJTHlKRDd5eThVSzVOVWh3CkpiaGNJd0hCMlk3MVdsdnY0TVJM
MEtKUXFnSlAwQ0kzd1M0eVA1WG1Bb2sKLS0tIFAvVklzZldkOFpCNHV4YnQ2SDA3
OW5TcVlqV0p4RThBRGlyaHkreEFMY28KPdgR9WCByJaLZcNophcfW7+7NU9MuI3E
bfWEFgqZLTdAg8y7s/M6ZAyjciflclxVnY8mTIhnERD+ZHHi++z1XA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-13T12:51:05Z"
mac: ENC[AES256_GCM,data:t/gg9SqDfrU+eKU9yw2R7ahLQY6pTgsRVFNk7K+zxTBiqUG2Rx0wm0bclkrkSKeHAVSJkc8OOWJvvRCMxaE980mknPM6721xNDV90Pt0ZsJvFXdOYKIaPQHC29klJKO60lsMsuup3BiF94O8+wIavLvYuc3jKFcaA4b9xAPRveM=,iv:TJhR1NzPVYIysghFAbjWB5lBpMhhkvwJdszkWGSLDPI=,tag:TCnewzN2qwFyG4Xio2JatQ==,type:str]
pgp:
- created_at: "2024-11-13T12:49:09Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdArN4L/MZSZoKwk/RKgA56OQMyt7IhW15qa7+Utie4/TQw
0xKauGLJEMp7cnpmEvpBW8sy3hZRj1K4vLv2NKHzoXBuWGBer1Hf+CDZJ71ta6J9
0l4B9f4L9AIRHO3ncb4IPyVprr+sFyhVJJAI7bo9mbFUqH0yfM5EmFiXWg5d9zO6
NfXbbfpW4ISEXFa//SuVl3h/HHxwDd83qA13OnhrlCjjwPfdA32kKM3CS/81JHNd
=4L7O
-----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted
version: 3.9.1