genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #463 from genebean/nix-24.11

Browse source 
nix 24.11
This commit is contained in:
Gene Liverman 2024-12-02 21:48:14 -05:00 committed by GitHub
commit 5d5985bb27
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 89 additions and 134 deletions
Download patch file Download diff file Expand all files Collapse all files

93
flake.lock generated
View file

@ -19,16 +19,16 @@
"brew-src": { "brew-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1727016223, "lastModified": 1731323744,
"narHash": "sha256-iZqd91Cp4O02BU6/eBZ0UZgJN8AlwH+0geQUpqF176E=", "narHash": "sha256-SxUQm4cTHcaoPQHoXe26ZV8cZiMWBGow8MjE4L+MckM=",
"owner": "Homebrew", "owner": "Homebrew",
"repo": "brew", "repo": "brew",
"rev": "916044581862c32fc2365e8e9ff0b1507a98925e", "rev": "254bf3fe9d8fa2e1b2fb55dbcf535b2d870180c4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Homebrew", "owner": "Homebrew",
"ref": "4.3.24", "ref": "4.4.5",
"repo": "brew", "repo": "brew",
"type": "github" "type": "github"
} }
@ -41,11 +41,11 @@
"onchg": "onchg" "onchg": "onchg"
}, },
"locked": { "locked": {
"lastModified": 1728874779, "lastModified": 1732416782,
"narHash": "sha256-498cQTDaU7bU3CbWPCQgSGkV25T8sZQmMwhU58WkIXE=", "narHash": "sha256-evu/J6D79rlQ6oYtKgZxpWvT6ORt0SH573R6IOIS6R0=",
"owner": "aksiksi", "owner": "aksiksi",
"repo": "compose2nix", "repo": "compose2nix",
"rev": "07cad037b8887ba94cd7236ffd1a8ee47002a9fe", "rev": "a81c2e5e485c722e74dce7c8e308c7b0a1381854",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -99,11 +99,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731274291, "lastModified": 1732988076,
"narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", "narHash": "sha256-2uMaVAZn7fiyTUGhKgleuLYe5+EAAYB/diKxrM7g3as=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", "rev": "2814a5224a47ca19e858e027f7e8bff74a8ea9f1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -321,16 +321,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1733050161,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-lYnT+EYE47f5yY3KS/Kd4pJ6CO9fhCqumkYYkQ3TK20=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "62d536255879be574ebfe9b87c4ac194febf47c5",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.05", "ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -342,11 +342,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731454423, "lastModified": 1733105089,
"narHash": "sha256-TtwvgFxUa0wyptLhQbKaixgNW1UXf3+TDqfX3Kp63oM=", "narHash": "sha256-Qs3YmoLYUJ8g4RkFj2rMrzrP91e4ShAioC9s+vG6ENM=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "6c71c49e2448e51ad830ed211024e6d0edc50116", "rev": "c6b65d946097baf3915dd51373251de98199280d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -375,11 +375,11 @@
}, },
"nix-flatpak": { "nix-flatpak": {
"locked": { "locked": {
"lastModified": 1730108712, "lastModified": 1732867134,
"narHash": "sha256-vIvmXmjAQIY39hACGFe/cdBK2r3ZprpHLwX2HIy7Mj8=", "narHash": "sha256-YGtFJ/4SE37evvHX+OkS2klRdHlO7HvovaaxR/yWuWg=",
"owner": "gmodena", "owner": "gmodena",
"repo": "nix-flatpak", "repo": "nix-flatpak",
"rev": "1cba177bb0a948c919af7596e40bef307543d40a", "rev": "01ca2cbd9fb5c29d73fac327f5a9a2a1a222e218",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -396,11 +396,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1731434956, "lastModified": 1732145543,
"narHash": "sha256-WmEUrnmLxqUg1ltf1x0LKb9RZr4mrqu9OtHKlVC1m7s=", "narHash": "sha256-VRQh/lvCSko9YV7haXyPt7DSp+EkgjjBv/9U4cY9c50=",
"owner": "zhaofengli-wip", "owner": "zhaofengli-wip",
"repo": "nix-homebrew", "repo": "nix-homebrew",
"rev": "2ed1e70db2448bd997b7b0c52f7bef42ac7a51a7", "rev": "ac3945ee614f69ab89c6935b3f0567028de5f012",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -444,11 +444,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1731381599, "lastModified": 1733095793,
"narHash": "sha256-W+FuVxCdCiw7IaAWPajq9iOuM57zITFnbkw2ZQXfW9I=", "narHash": "sha256-woqkmcGxOleK1RyoZpXU3NaC4+epr2qYau2mVhVQFjY=",
"owner": "lilyinstarlight", "owner": "lilyinstarlight",
"repo": "nixos-cosmic", "repo": "nixos-cosmic",
"rev": "23976d5dac8b0f07187bc3c95e3812304519e5e3", "rev": "e468c8b79dd55f1ce8803887d3593fb0016f1f81",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -459,11 +459,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1731403644, "lastModified": 1733139194,
"narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=", "narHash": "sha256-PVQW9ovo0CJbhuhCsrhFJGGdD1euwUornspKpBIgdok=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "f6581f1c3b137086e42a08a906bdada63045f991", "rev": "c6c90887f84c02ce9ebf33b95ca79ef45007bf88",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -579,11 +579,11 @@
"systems": "systems_3" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1729156928, "lastModified": 1732844581,
"narHash": "sha256-+D0R2rH2pEhzJ3zZGc5Oj5KGtnkO43sCWYNbq0ptuao=", "narHash": "sha256-BwHD1d6Bl5LL/HciTf+mQmBN3I3S6nYqcB+5BXVozNk=",
"owner": "stackbuilders", "owner": "stackbuilders",
"repo": "nixpkgs-terraform", "repo": "nixpkgs-terraform",
"rev": "db8dc49e397acf87d5b542755717bae368d32f3c", "rev": "b4db1b59d8f62cd37b6f9540e368d0e2627c4a2d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -594,11 +594,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1731245184, "lastModified": 1733064805,
"narHash": "sha256-vmLS8+x+gHRv1yzj3n+GTAEObwmhxmkkukB2DwtJRdU=", "narHash": "sha256-7NbtSLfZO0q7MXPl5hzA0sbVJt6pWxxtGWbaVUDDmjs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "aebe249544837ce42588aa4b2e7972222ba12e8f", "rev": "31d66ae40417bb13765b0ad75dd200400e98de84",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -639,16 +639,16 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1731239293, "lastModified": 1732981179,
"narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=", "narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9256f7c71a195ebe7a218043d9f93390d49e6884", "rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.05", "ref": "nixos-24.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -744,11 +744,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731292155, "lastModified": 1732933841,
"narHash": "sha256-fYVoUUtSadbOrH0z0epVQDsStBDS/S/fAK//0ECQAAI=", "narHash": "sha256-dge02pUSe2QeC/B3PriA0R8eAX+EU3aDoXj9FcS3XDw=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "7c4cd99ed7604b79e8cb721099ac99c66f656b3a", "rev": "c65e91d4a33abc3bc4a892d3c5b5b378bad64ea1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -788,17 +788,14 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1731364708, "lastModified": 1733128155,
"narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=", "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=",
"owner": "mic92", "owner": "mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "4c91d52db103e757fc25b58998b0576ae702d659", "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856",
"type": "github" "type": "github"
}, },
"original": { "original": {

5
flake.nix
View file

@ -3,7 +3,7 @@
inputs = { inputs = {
# Where we get most of our software. Giant mono repo with recipes # Where we get most of our software. Giant mono repo with recipes
# called derivations that say how to build software. # called derivations that say how to build software.
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
compose2nix = { compose2nix = {
@ -30,7 +30,7 @@
# Manages things in home directory # Manages things in home directory
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-24.05"; url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -71,7 +71,6 @@
sops-nix = { sops-nix = {
url = "github:mic92/sops-nix"; url = "github:mic92/sops-nix";
inputs.nixpkgs.follows ="nixpkgs"; inputs.nixpkgs.follows ="nixpkgs";
inputs.nixpkgs-stable.follows = "nixpkgs";
}; };
}; # end inputs }; # end inputs

8
modules/home-manager/common/hm-sops.nix
View file

@ -1,14 +1,14 @@
{ pkgs, hostname, username, ... }: { { config, pkgs, hostname, username, ... }: {
home.packages = with pkgs; [ home.packages = with pkgs; [
home-manager home-manager
]; ];
sops = { sops = {
age.keyFile = /home/${username}/.config/sops/age/keys.txt; age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ../hosts/${hostname}/secrets.yaml; defaultSopsFile = ../hosts/${hostname}/secrets.yaml;
secrets = { secrets = {
local_git_config.path = "/home/${username}/.gitconfig-local"; local_git_config.path = "${config.users.users.${username}.home}/.gitconfig-local";
local_private_env.path = "/home/${username}/.private-env"; local_private_env.path = "${config.users.users.${username}.home}/.private-env";
}; };
}; };
} }

6
modules/hosts/nixos/bigboy/default.nix
View file

@ -151,16 +151,16 @@
}; };
sops = { sops = {
age.keyFile = /home/${username}/.config/sops/age/keys.txt; age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
local_git_config = { local_git_config = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.gitconfig-local"; path = "${config.users.users.${username}.home}/.gitconfig-local";
}; };
local_private_env = { local_private_env = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.private-env"; path = "${config.users.users.${username}.home}/.private-env";
}; };
}; };
}; };

6
modules/hosts/nixos/hetznix01/default.nix
View file

@ -78,9 +78,9 @@
"2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:2"
]; ];
routes = [ routes = [
{ routeConfig = { Destination = "172.31.1.1"; }; } { Destination = "172.31.1.1"; }
{ routeConfig = { Gateway = "172.31.1.1"; GatewayOnLink = true; }; } { Gateway = "172.31.1.1"; GatewayOnLink = true; }
{ routeConfig.Gateway = "fe80::1"; } { Gateway = "fe80::1"; }
]; ];
# make the routes on this interface a dependency for network-online.target # make the routes on this interface a dependency for network-online.target
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";

6
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -76,16 +76,16 @@ in {
}; };
sops = { sops = {
age.keyFile = /home/${username}/.config/sops/age/keys.txt; age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ../secrets.yaml; defaultSopsFile = ../secrets.yaml;
secrets = { secrets = {
local_git_config = { local_git_config = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.gitconfig-local"; path = "${config.users.users.${username}.home}/.gitconfig-local";
}; };
local_private_env = { local_private_env = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.private-env"; path = "${config.users.users.${username}.home}/.private-env";
}; };
matrix_secrets_yaml = { matrix_secrets_yaml = {
owner = config.users.users.matrix-synapse.name; owner = config.users.users.matrix-synapse.name;

6
modules/hosts/nixos/hetznix02/default.nix
View file

@ -65,9 +65,9 @@
"2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:2"
]; ];
routes = [ routes = [
{ routeConfig = { Destination = "172.31.1.1"; }; } { Destination = "172.31.1.1"; }
{ routeConfig = { Gateway = "172.31.1.1"; GatewayOnLink = true; }; } { Gateway = "172.31.1.1"; GatewayOnLink = true; }
{ routeConfig.Gateway = "fe80::1"; } { Gateway = "fe80::1"; }
]; ];
# make the routes on this interface a dependency for network-online.target # make the routes on this interface a dependency for network-online.target
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";

8
modules/hosts/nixos/hetznix02/post-install/default.nix
View file

@ -1,15 +1,15 @@
{ username, ... }: { { config, username, ... }: {
sops = { sops = {
age.keyFile = /home/${username}/.config/sops/age/keys.txt; age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ../secrets.yaml; defaultSopsFile = ../secrets.yaml;
secrets = { secrets = {
local_git_config = { local_git_config = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.gitconfig-local"; path = "${config.users.users.${username}.home}/.gitconfig-local";
}; };
local_private_env = { local_private_env = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.private-env"; path = "${config.users.users.${username}.home}/.private-env";
}; };
tailscale_key = { tailscale_key = {
restartUnits = [ "tailscaled-autoconnect.service" ]; restartUnits = [ "tailscaled-autoconnect.service" ];

10
modules/hosts/nixos/nixnas1/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, username, ... }: { { config, pkgs, username, ... }: {
imports = [ imports = [
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
@ -62,22 +62,20 @@
}; };
sops = { sops = {
age.keyFile = /home/${username}/.config/sops/age/keys.txt; age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
local_git_config = { local_git_config = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.gitconfig-local"; path = "${config.users.users.${username}.home}/.gitconfig-local";
}; };
local_private_env = { local_private_env = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.private-env"; path = "${config.users.users.${username}.home}/.private-env";
}; };
}; };
}; };
sound.enable = false;
systemd.network = { systemd.network = {
enable = true; enable = true;
netdevs = { netdevs = {

9
modules/hosts/nixos/nixnuc/containers/audiobookshelf.nix
View file

@ -1,19 +1,18 @@
{ ... }: let { ... }: let
volume_base = "/orico/audiobookshelf"; volume_base = "/var/lib/audiobookshelf";
http_port = "13378"; http_port = "13378";
in { in {
# Audiobookshelf # Audiobookshelf
############################################################################# #############################################################################
# I am using v2.8.1 because that is both the current Docker image and # # I am using v2.17.2 because that is the current one in nix 24.11. #
# the current version in nixpkgs unstable. My plan is to switch from Podman # # My plan is to switch from Podman to the native NixOS service #
# to a systemd-nspawn container. #
############################################################################# #############################################################################
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
"audiobookshelf" = { "audiobookshelf" = {
autoStart = true; autoStart = true;
image = "ghcr.io/advplyr/audiobookshelf:2.8.1"; image = "ghcr.io/advplyr/audiobookshelf:2.17.2";
environment = { environment = {
AUDIOBOOKSHELF_UID = "99"; AUDIOBOOKSHELF_UID = "99";
AUDIOBOOKSHELF_GID = "100"; AUDIOBOOKSHELF_GID = "100";

51
modules/hosts/nixos/nixnuc/default.nix
View file

@ -42,7 +42,7 @@ in {
yt-dlp yt-dlp
]; ];
hardware.opengl = { hardware.graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver intel-media-driver
@ -81,7 +81,6 @@ in {
3000 # PsiTransfer in oci-container 3000 # PsiTransfer in oci-container
3030 # Forgejo 3030 # Forgejo
8001 # Tube Archivist 8001 # Tube Archivist
8080 # Tandoor in docker compose
8384 # Syncthing gui 8384 # Syncthing gui
8888 # Atuin 8888 # Atuin
8090 # Wallabag in docker compose 8090 # Wallabag in docker compose
@ -122,7 +121,6 @@ in {
]; ];
# Enable sound with pipewire. # Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
@ -222,7 +220,7 @@ in {
nextcloud = { nextcloud = {
enable = true; enable = true;
hostName = "nextcloud.home.technicalissues.us"; hostName = "nextcloud.home.technicalissues.us";
package = pkgs.nextcloud29; # Need to manually increment with every major upgrade. package = pkgs.nextcloud30; # Need to manually increment with every major upgrade.
appstoreEnable = true; appstoreEnable = true;
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
config = { config = {
@ -420,14 +418,6 @@ in {
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://${backend_ip}:8090"; locations."/".proxyPass = "http://${backend_ip}:8090";
}; };
"tandoor.${home_domain}" = {
listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
enableACME = true;
acmeRoot = null;
forceSSL = true;
locations."/".proxyPass = "http://${backend_ip}:8080";
locations."/media/".alias = "/orico/tandoor-recipes/";
};
}; };
}; };
postgresql = { postgresql = {
@ -444,7 +434,6 @@ in {
config.services.forgejo.stateDir config.services.forgejo.stateDir
config.services.mealie.settings.DATA_DIR config.services.mealie.settings.DATA_DIR
config.services.nextcloud.home config.services.nextcloud.home
"${config.users.users.${username}.home}/compose-files/tandoor"
"${config.users.users.${username}.home}/compose-files/wallabag" "${config.users.users.${username}.home}/compose-files/wallabag"
"/orico/immich/library" "/orico/immich/library"
"/orico/jellyfin/data" "/orico/jellyfin/data"
@ -457,53 +446,23 @@ in {
openDefaultPorts = true; openDefaultPorts = true;
guiAddress = "0.0.0.0:8384"; guiAddress = "0.0.0.0:8384";
}; };
tandoor-recipes = {
enable = true;
address = "0.0.0.0";
extraConfig = {
#ALLOWED_HOSTS=*
#COMMENT_PREF_DEFAULT=1
DB_ENGINE = "django.db.backends.postgresql";
#DEBUG=0
#DEBUG_TOOLBAR=0
#FRACTION_PREF_DEFAULT=0
#GUNICORN_MEDIA=0
POSTGRES_DB = "tandoor";
POSTGRES_HOST = "127.0.0.1";
# This sucks, but this module doesn't support pulling the password from a file
POSTGRES_PASSWORD = "yummy-flat-bread-with-garlic";
POSTGRES_PORT = 5432;
POSTGRES_USER = "tandoor";
#REMOTE_USER_AUTH=0
SECRET_KEY_FILE = config.sops.secrets.tandoor_secret_key.path;
#SHOPPING_MIN_AUTOSYNC_INTERVAL=5
#SQL_DEBUG=0
MEDIA_ROOT = "/orico/tandoor-recipes/mediafiles";
};
port = 8080;
};
zfs.autoScrub.enable = true; zfs.autoScrub.enable = true;
}; };
sops = { sops = {
age.keyFile = /home/${username}/.config/sops/age/keys.txt; age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
local_git_config = { local_git_config = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.gitconfig-local"; path = "${config.users.users.${username}.home}/.gitconfig-local";
}; };
local_private_env = { local_private_env = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.private-env"; path = "${config.users.users.${username}.home}/.private-env";
}; };
mealie.mode = "0444"; mealie.mode = "0444";
nextcloud_admin_pass.owner = config.users.users.nextcloud.name; nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
tandoor_db_pass.mode = "0444";
tandoor_db_pass.path = "/orico/tandoor-recipes/.dbpass";
tandoor_secret_key.mode = "0444";
tandoor_secret_key.path = "/orico/tandoor-recipes/.skey";
}; };
}; };

5
modules/hosts/nixos/nixnuc/hardware-configuration.nix
View file

@ -23,6 +23,11 @@
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/var/lib/audiobookshelf" =
{ device = "orico/audiobookshelf";
fsType = "zfs";
};
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

7
modules/hosts/nixos/rainbow-planet/default.nix
View file

@ -114,7 +114,6 @@
}; };
# Enable sound with pipewire. # Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
@ -126,16 +125,16 @@
}; };
sops = { sops = {
age.keyFile = /home/${username}/.config/sops/age/keys.txt; age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
local_git_config = { local_git_config = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.gitconfig-local"; path = "${config.users.users.${username}.home}/.gitconfig-local";
}; };
local_private_env = { local_private_env = {
owner = "${username}"; owner = "${username}";
path = "/home/${username}/.private-env"; path = "${config.users.users.${username}.home}/.private-env";
}; };
tailscale_key = { tailscale_key = {
restartUnits = [ "tailscaled-autoconnect.service" ]; restartUnits = [ "tailscaled-autoconnect.service" ];

1
modules/system/common/all-darwin.nix
View file

@ -93,7 +93,6 @@
"auto-allocate-uids" "auto-allocate-uids"
"flakes" "flakes"
"nix-command" "nix-command"
"repl-flake"
]; ];
# extra-substituters = [ # extra-substituters = [
# ]; # ];

2
modules/system/common/linux/lets-encrypt.nix
View file

@ -20,7 +20,7 @@
}; };
sops = { sops = {
age.keyFile = /home/${username}/.config/sops/age/keys.txt; age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
secrets.gandi_api.sopsFile = ../secrets.yaml; secrets.gandi_api.sopsFile = ../secrets.yaml;
}; };
} }