diff --git a/flake.lock b/flake.lock index 524bf92..ba7d2a1 100644 --- a/flake.lock +++ b/flake.lock @@ -30,11 +30,11 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1757062396, - "narHash": "sha256-403iuoMVVjk64sF1GgZfrRwOnVU1H14sflE+LNp927c=", + "lastModified": 1758177015, + "narHash": "sha256-PCUWdbaxayY3YfSjVlyddBMYoGvSaRysd5AmZ8gqSFs=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "22827e9a0cc002a076ee8bd14c3433ebc6c87f95", + "rev": "4c626ed84cc0f1278bfba0f534efd6cba2788d75", "type": "github" }, "original": { @@ -46,16 +46,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1755873658, - "narHash": "sha256-5l1g55b0xozGg0NaZFimiO5JbHGcudaNSEn1/XsweaU=", + "lastModified": 1758035356, + "narHash": "sha256-DkvxDwHCfSqEpZ9rRXNR8MP0Mz/y1kHAr38exrHQ39c=", "owner": "goauthentik", "repo": "authentik", - "rev": "dd7c6b29d950664deadbcf5390272619a8bf9a5e", + "rev": "680feaefa17934471a6b33ebc35caf5b64120404", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.8.1", + "ref": "version/2025.8.3", "repo": "authentik", "type": "github" } @@ -86,11 +86,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1757332942, - "narHash": "sha256-tew9nur/P2qC08OgvaMMLdIq+rD539C+GloCQYwi26o=", + "lastModified": 1758033778, + "narHash": "sha256-oQH2wLOWLFHXT3NE+gcsFOX+Pq40bKjlOH1xw0wcmT8=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "dc4ba8b14671326b3cad2652d8028d3379b675bb", + "rev": "b3efa297b9c6a9e55a44f3b6905d55f80738704f", "type": "github" }, "original": { @@ -136,35 +136,16 @@ "type": "github" } }, - "crowdsec": { + "darwin": { "inputs": { - "flake-utils": "flake-utils_2", "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1752497357, - "narHash": "sha256-9epXn1+T6U4Kfyw8B9zMzbERxDB3VfaPXhVebtai6CE=", - "ref": "refs/heads/main", - "rev": "84db7dcea77f7f477d79e69e35fb0bb560232667", - "revCount": 42, - "type": "git", - "url": "https://codeberg.org/kampka/nix-flake-crowdsec.git" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/kampka/nix-flake-crowdsec.git" - } - }, - "darwin": { - "inputs": { - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1757130842, - "narHash": "sha256-4i7KKuXesSZGUv0cLPLfxbmF1S72Gf/3aSypgvVkwuA=", + "lastModified": 1758447883, + "narHash": "sha256-yGA6MV0E4JSEXqLTb4ZZkmdJZcoQ8HUzihRRX12Bvpg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "15f067638e2887c58c4b6ba1bdb65a0b61dc58c5", + "rev": "25381509d5c91bbf3c30e23abc6d8476d2143cd1", "type": "github" }, "original": { @@ -180,11 +161,11 @@ ] }, "locked": { - "lastModified": 1757255839, - "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "owner": "nix-community", "repo": "disko", - "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "type": "github" }, "original": { @@ -293,11 +274,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -364,7 +345,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_6" + "flake-utils": "flake-utils_5" }, "locked": { "lastModified": 1715533576, @@ -394,8 +375,9 @@ "type": "github" }, "original": { - "id": "flake-utils", - "type": "indirect" + "owner": "numtide", + "repo": "flake-utils", + "type": "github" } }, "flake-utils_3": { @@ -438,24 +420,6 @@ "inputs": { "systems": "systems_5" }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_6": { - "inputs": { - "systems": "systems_6" - }, "locked": { "lastModified": 1694529238, "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", @@ -521,11 +485,11 @@ ] }, "locked": { - "lastModified": 1757075491, - "narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=", + "lastModified": 1757920978, + "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", "owner": "nix-community", "repo": "home-manager", - "rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf", + "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", "type": "github" }, "original": { @@ -541,11 +505,11 @@ ] }, "locked": { - "lastModified": 1757256385, - "narHash": "sha256-WK7tOhWwr15mipcckhDg2no/eSpM1nIh4C9le8HgHhk=", + "lastModified": 1758464306, + "narHash": "sha256-i56XRXqjwJRdVYmpzVUQ0ktqBBHqNzQHQMQvFRF/acQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "f35703b412c67b48e97beb6e27a6ab96a084cd37", + "rev": "939e91e1cff1f99736c5b02529658218ed819a2a", "type": "github" }, "original": { @@ -557,11 +521,11 @@ "homebrew-cask": { "flake": false, "locked": { - "lastModified": 1757358304, - "narHash": "sha256-EDDXyPt98zfJ+25B0u9oXDb+9A/HEQlfrK9UZKxzFBE=", + "lastModified": 1758498617, + "narHash": "sha256-z54nOZTorZH0K1rHgfDXB2c9/H5hFqh0TYm5pgW924k=", "owner": "homebrew", "repo": "homebrew-cask", - "rev": "e4035e701fe0c0296bce7279b3f28f8c8d9942fb", + "rev": "e5dd26082702b3d467a84c50766fdcdfd32006de", "type": "github" }, "original": { @@ -573,11 +537,11 @@ "homebrew-core": { "flake": false, "locked": { - "lastModified": 1757356252, - "narHash": "sha256-G/L8+hHInVX3OgTb+Gg0w9hPpTo3hKzuHPM5iKnOu+E=", + "lastModified": 1758500263, + "narHash": "sha256-zz8DFHZGJbhgwZbLkLOlj3AzI00wvS51SX8otGPyGxw=", "owner": "homebrew", "repo": "homebrew-core", - "rev": "304e193a9a3989af5388c8ad964a2a872c3372c7", + "rev": "e885969cd983ef8e9fd780a31f6e396b6b15beb4", "type": "github" }, "original": { @@ -610,11 +574,11 @@ ] }, "locked": { - "lastModified": 1757052778, - "narHash": "sha256-rYszJwY0EArAqK6q0i5bB1zxNCNRk6gVmD9SIvnoXW8=", + "lastModified": 1757230583, + "narHash": "sha256-4uqu7sFPOaVTCogsxaGMgbzZ2vK40GVGMfUmrvK3/LY=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "ceaa413a68f28bbf6731464594fdb2c3513e9110", + "rev": "fc3960e6c32c9d4f95fff2ef84444284d24d3bea", "type": "github" }, "original": { @@ -626,7 +590,7 @@ "jovian_2": { "inputs": { "nix-github-actions": "nix-github-actions_2", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1757230583, @@ -647,7 +611,7 @@ "crane": "crane", "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay_3" }, @@ -782,11 +746,11 @@ ] }, "locked": { - "lastModified": 1757218147, - "narHash": "sha256-IwOwN70HvoBNB2ckaROxcaCvj5NudNc52taPsv5wtLk=", + "lastModified": 1758427679, + "narHash": "sha256-xwjWRJTKDCjQ0iwfh7WhDhgcS0Wt3d1Yscg83mKBCn4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "9b144dc3ef6e42b888c4190e02746aab13b0e97f", + "rev": "fd2569ca2ef7d69f244cd9ffcb66a0540772ff85", "type": "github" }, "original": { @@ -797,8 +761,8 @@ }, "nix-plist-manager": { "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_8" + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1756757912, @@ -816,15 +780,15 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_9" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1757296711, - "narHash": "sha256-7u9/tXUdmTj8x7ofet8aELLBlCHSoA+QOhYKheRdacM=", + "lastModified": 1758420016, + "narHash": "sha256-xnS4Xp2nvtT+fwIfxz16ikSMs03pV9SpQW80btttVe4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ab9374ac8c162dacffcd4400e668fd7f9b6f173a", + "rev": "c55175e19f142be0330b2579d7da043d2f22e324", "type": "github" }, "original": { @@ -835,8 +799,8 @@ }, "nixai": { "inputs": { - "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_10" + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1755942173, @@ -855,7 +819,7 @@ "nixos-apple-silicon": { "inputs": { "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_10", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -874,11 +838,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757103352, - "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", + "lastModified": 1757943327, + "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", + "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", "type": "github" }, "original": { @@ -918,7 +882,7 @@ "inputs": { "argononed": "argononed", "nixos-images": "nixos-images", - "nixpkgs": "nixpkgs_12" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1756774688, @@ -936,11 +900,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756386758, - "narHash": "sha256-1wxxznpW2CKvI9VdniaUnTT2Os6rdRJcRUf65ZK9OtE=", + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dfb2f12e899db4876308eba6d93455ab7da304cd", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "type": "github" }, "original": { @@ -952,11 +916,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -999,11 +963,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1757244434, - "narHash": "sha256-AeqTqY0Y95K1Fgs6wuT1LafBNcmKxcOkWnm4alD9pqM=", + "lastModified": 1758346548, + "narHash": "sha256-afXE7AJ7MY6wY1pg/Y6UPHNYPy5GtUKeBkrZZ/gC71E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "092c565d333be1e17b4779ac22104338941d913f", + "rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20", "type": "github" }, "original": { @@ -1014,22 +978,6 @@ } }, "nixpkgs_10": { - "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -1045,7 +993,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1756515621, "narHash": "sha256-cYPwtXNlQ18FBuMVJ4RltuCym2Acy/6O+i/fJ4UnEn8=", @@ -1061,13 +1009,13 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_12": { "locked": { - "lastModified": 1757068644, - "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", + "lastModified": 1758277210, + "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", + "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", "type": "github" }, "original": { @@ -1077,13 +1025,13 @@ "type": "github" } }, - "nixpkgs_14": { + "nixpkgs_13": { "locked": { - "lastModified": 1754340878, - "narHash": "sha256-lgmUyVQL9tSnvvIvBp7x1euhkkCho7n3TMzgjdvgPoU=", + "lastModified": 1758029226, + "narHash": "sha256-TjqVmbpoCqWywY9xIZLTf6ANFvDCXdctCjoYuYPYdMI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cab778239e705082fe97bb4990e0d24c50924c04", + "rev": "08b8f92ac6354983f5382124fef6006cade4a1c1", "type": "github" }, "original": { @@ -1093,13 +1041,13 @@ "type": "github" } }, - "nixpkgs_15": { + "nixpkgs_14": { "locked": { - "lastModified": 1744868846, - "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "lastModified": 1758262103, + "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", + "rev": "12bd230118a1901a4a5d393f9f56b6ad7e571d01", "type": "github" }, "original": { @@ -1111,11 +1059,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757238739, - "narHash": "sha256-ovEq9v+Xc+oQH1zvQo28rT/YVqMQK2TRgUcNanvo2Zk=", + "lastModified": 1758029758, + "narHash": "sha256-fKqsvznISxVSBo6aaiGGXMRiBG4IIuV3sSySxx80pcQ=", "owner": "PedroHLC", "repo": "nixpkgs", - "rev": "6d8fca2c92488ff860524dd3400aa90a3310123e", + "rev": "4eb5897225c3d7e78a0b9d1542197ee7c8d270a5", "type": "github" }, "original": { @@ -1142,21 +1090,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 1752494135, - "narHash": "sha256-c3FvvJVKCcQhSDYaPS3fDO4zcCnvOnfKOZsLqoAa2k4=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e1735873e41eb0e1f5272c61c0246269d8f5439b", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1747728033, "narHash": "sha256-NnXFQu7g4LnvPIPfJmBuZF7LFy/fey2g2+LCzjQhTUk=", @@ -1172,7 +1105,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1756125398, "narHash": "sha256-XexyKZpf46cMiO5Vbj+dWSAXOnr285GHsMch8FBoHbc=", @@ -1188,7 +1121,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1731919951, "narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=", @@ -1204,13 +1137,13 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { - "lastModified": 1757068644, - "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", + "lastModified": 1758277210, + "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", + "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", "type": "github" }, "original": { @@ -1220,7 +1153,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1744868846, "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", @@ -1236,6 +1169,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -1267,14 +1216,14 @@ "inputs": { "flake-compat": "flake-compat_5", "gitignore": "gitignore_2", - "nixpkgs": "nixpkgs_14" + "nixpkgs": "nixpkgs_13" }, "locked": { - "lastModified": 1757239681, - "narHash": "sha256-E9spYi9lxm2f1zWQLQ7xQt8Xs2nWgr1T4QM7ZjLFphM=", + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ab82ab08d6bf74085bd328de2a8722c12d97bd9d", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -1299,11 +1248,11 @@ ] }, "locked": { - "lastModified": 1756087852, - "narHash": "sha256-4jc3JDQt75fYXFrglgqyzF6C6zLU0QGLymzian4aP+U=", + "lastModified": 1757296493, + "narHash": "sha256-6nzSZl28IwH2Vx8YSmd3t6TREHpDbKlDPK+dq1LKIZQ=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "6edb3ae27395cd88be3d64b732d1539957dad59c", + "rev": "5b8e37fe0077db5c1df3a5ee90a651345f085d38", "type": "github" }, "original": { @@ -1320,11 +1269,11 @@ ] }, "locked": { - "lastModified": 1756395552, - "narHash": "sha256-5aJM14MpoLk2cdZAetu60OkLQrtFLWTICAyn1EP7ZpM=", + "lastModified": 1757246327, + "narHash": "sha256-6pNlGhwOIMfhe/RLjHdpXveKS4FyLHvlGe+KtjDild4=", "owner": "pyproject-nix", "repo": "pyproject.nix", - "rev": "030dffc235dcf240d918c651c78dc5f158067b51", + "rev": "8d77f342d66ad1601cdb9d97e9388b69f64d4c8e", "type": "github" }, "original": { @@ -1338,7 +1287,6 @@ "authentik-nix": "authentik-nix", "chaotic": "chaotic", "cosmic": "cosmic", - "crowdsec": "crowdsec", "darwin": "darwin", "disko": "disko", "home-manager": "home-manager_2", @@ -1356,7 +1304,7 @@ "nixos-apple-silicon": "nixos-apple-silicon", "nixos-hardware": "nixos-hardware", "nixos-raspberrypi": "nixos-raspberrypi", - "nixpkgs": "nixpkgs_13", + "nixpkgs": "nixpkgs_12", "nixpkgs-stable": "nixpkgs-stable_3", "pre-commit-hooks-nix": "pre-commit-hooks-nix_2", "snowfall-lib": "snowfall-lib", @@ -1373,11 +1321,11 @@ ] }, "locked": { - "lastModified": 1757125853, - "narHash": "sha256-noKkYHKpT5lpvNSYrlH56d8cedthZfs010Uv6vTqLT4=", + "lastModified": 1757930296, + "narHash": "sha256-Z9u5VszKs8rfEvg2AsFucWEjl7wMtAln9l1b78cfBh4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "8b70793a6be183536a5d562056dac10b7b36820d", + "rev": "09442765a05c2ca617c20ed68d9613da92a2d96b", "type": "github" }, "original": { @@ -1452,14 +1400,14 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_15" + "nixpkgs": "nixpkgs_14" }, "locked": { - "lastModified": 1754988908, - "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "lastModified": 1758425756, + "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", "type": "github" }, "original": { @@ -1566,21 +1514,6 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1609,11 +1542,11 @@ ] }, "locked": { - "lastModified": 1756662192, - "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", + "lastModified": 1758206697, + "narHash": "sha256-/DbPkh6PZOgfueCbs3uzlk4ASU2nPPsiVWhpMCNkAd0=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", + "rev": "128222dc911b8e2e18939537bed1762b7f3a04aa", "type": "github" }, "original": { @@ -1634,11 +1567,11 @@ ] }, "locked": { - "lastModified": 1756466761, - "narHash": "sha256-ALXRHIMXQ4qVNfCbcWykC23MjMwUoHn9BreoBfqmq0Y=", + "lastModified": 1757925761, + "narHash": "sha256-7Hwz0vfHuFqCo5v7Q07GQgLBWuPvZCuf/5/pk4NoADg=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "0529e6d8227517205afcd1b37eee3088db745730", + "rev": "780494c40895bb7419a73d942bee326291e80b3b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8be422c..c557c61 100644 --- a/flake.nix +++ b/flake.nix @@ -37,8 +37,6 @@ authentik-nix.url = "github:nix-community/authentik-nix"; - crowdsec.url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git"; - nixai.url = "github:olafkfreund/nix-ai-help"; disko = { @@ -108,8 +106,6 @@ modules.nixos = with inputs; [ authentik-nix.nixosModules.default chaotic.nixosModules.default - crowdsec.nixosModules.crowdsec - crowdsec.nixosModules.crowdsec-firewall-bouncer disko.nixosModules.disko impermanence.nixosModules.impermanence lanzaboote.nixosModules.lanzaboote @@ -153,7 +149,6 @@ nixos-hardware.nixosModules.common-hidpi home-manager.nixosModules.home-manager ]; - # overlays = with inputs; [ crowdsec.overlays.default ]; }; # ###################################################### diff --git a/homes/x86_64-linux/admin@jallen-nas/default.nix b/homes/x86_64-linux/admin@jallen-nas/default.nix index ac213bb..e5a1e69 100755 --- a/homes/x86_64-linux/admin@jallen-nas/default.nix +++ b/homes/x86_64-linux/admin@jallen-nas/default.nix @@ -10,7 +10,6 @@ "nas-nixpkgs" "nas-authentik-nix" "nas-cosmic" - "nas-crowdsec" "nas-home-manager" "nas-impermanence" "nas-lanzaboote" diff --git a/modules/nixos/services/crowdsec/default.nix b/modules/nixos/services/crowdsec/default.nix index 2d73bc5..03105eb 100755 --- a/modules/nixos/services/crowdsec/default.nix +++ b/modules/nixos/services/crowdsec/default.nix @@ -12,55 +12,68 @@ in { imports = [ ./options.nix ]; config = lib.mkIf cfg.enable { - services = { - crowdsec = - let - yaml = (pkgs.formats.yaml { }).generate; - acquisitions_file = yaml "acquisitions.yaml" { - source = "journalctl"; - journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ]; - labels.type = "syslog"; - }; - in - { - enable = true; - enrollKeyFile = "${cfg.dataDir}/enroll.key"; - settings = { - crowdsec_service.acquisition_path = acquisitions_file; - api.server = { - listen_uri = "0.0.0.0:${toString cfg.port}"; - }; - }; - }; - crowdsec-firewall-bouncer = { + services = { + crowdsec = { enable = true; + openFirewall = true; + hub = { + appSecConfigs = [ + "crowdsecurity/appsec-default" + ]; + appSecRules = [ + "crowdsecurity/base-config" + ]; + collections = [ + "crowdsecurity/linux" + "crowdsecurity/traefik" + "firix/authentik" + ]; + parsers = [ + "crowdsecurity/sshd-logs" + ]; + postOverflows = [ + "crowdsecurity/auditd-nix-wrappers-whitelist-process" + ]; + scenarios = [ + "crowdsecurity/ssh-bf" + ]; + }; + localConfig = { + acquisitions = [ + { + journalctl_filter = [ + "_SYSTEMD_UNIT=sshd.service" + ]; + labels = { + type = "syslog"; + }; + source = "journalctl"; + } + { + journalctl_filter = [ + "_SYSTEMD_UNIT=traefik.service" + ]; + labels = { + type = "syslog"; + }; + source = "journalctl"; + } + { + journalctl_filter = [ + "_SYSTEMD_UNIT=authentik.service" + ]; + labels = { + type = "syslog"; + }; + source = "journalctl"; + } + ]; + }; settings = { - api_key = cfg.apiKey; - api_url = "http://${cfg.apiAddress}:${toString cfg.port}"; + capi.credentialsFile = cfg.apiKey; }; }; }; - - systemd.services.crowdsec.serviceConfig = { - ExecStartPre = - let - script = pkgs.writeScriptBin "register-bouncer" '' - #!${pkgs.runtimeShell} - set -eu - set -o pipefail - - if ! cscli bouncers list | grep -q "nas-bouncer"; then - cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}" - fi - ''; - in - [ "${script}/bin/register-bouncer" ]; - }; - - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.port ]; - allowedUDPPorts = [ cfg.port ]; - }; }; } diff --git a/modules/nixos/services/glance/default.nix b/modules/nixos/services/glance/default.nix new file mode 100644 index 0000000..71325ce --- /dev/null +++ b/modules/nixos/services/glance/default.nix @@ -0,0 +1,226 @@ +{ config, lib, namespace, ... }: +let + inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; + cfg = config.${namespace}.services.glance; +in +with lib; +{ + options.${namespace}.services.glance = { + enable = mkEnableOption "glance service"; + + port = mkOpt types.int 80 "Port for glance to be hosted on"; + + localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; + + dataDir = mkOpt types.str "" "Path to the data dir"; + + reverseProxy = mkReverseProxyOpt; + }; + + config = lib.mkIf cfg.enable { + services.glance = { + enable = true; + openFirewall = true; + settings = { + server = { + host = "0.0.0.0"; + port = cfg.port; + }; + pages = [ + { + name = "Startpage"; + width = "default"; + hide-desktop-navigation = true; + center-vertically = true; + columns = [ + { + size = "small"; + widgets = [ + { + type = "calendar"; + first-day-of-week = "sunday"; + } + { + type = "weather"; + units = "metric"; + hour-format = "12h"; + location = "Saint Paul, Minnesota, United States"; + } + { + type = "server-stats"; + servers = [ + { + type = "local"; + name = "Jallen-NAS"; + cpu-temp-sensor = "/sys/class/hwmon/hwmon2/temp2_input"; + mountpoints = { + "/home" = { + name = "Home"; + }; + "/media/nas/main" = { + name = "nas_pool"; + }; + }; + } + ]; + } + ]; + } + { + size = "full"; + widgets = [ + { + type = "search"; + autofocus = true; + search-engine = "duckduckgo"; + bangs = [ + { + title = "YouTube"; + shortcut = "!yt"; + url = "https://www.youtube.com/results?search_query={QUERY}"; + } + ]; + } + { + type = "monitor"; + cache = "1m"; + title = "Services"; + sites = [ + { + title = "Actual"; + url = "https://actual.mjallen.dev/"; + icon = "si:actualbudget"; + } + { + title = "Jellyfin"; + url = "https://jellyfin.mjallen.dev/"; + icon = "si:jellyfin"; + } + { + title = "Gitea"; + url = "https://gitea.mjallen.dev/"; + icon = "si:gitea"; + } + { + title = "Nextcloud"; + url = "https://cloud.mjallen.dev/"; + icon = "si:nextcloud"; + } + { + title = "Immich"; + url = "https://immich.mjallen.dev/"; + icon = "si:immich"; + } + { + title = "AdGuard Home"; + url = "http://10.0.1.2:3000/"; + icon = "si:adguard"; + allow-insecure = true; + } + { + title = "Home Assistant"; + url = "https://hass.mjallen.dev/"; + icon = "si:homeassistant"; + } + { + title = "Manyfold"; + url = "http://10.0.1.3:3214/collections"; + icon = "sh:Manyfold"; + allow-insecure = true; + } + { + title = "Sonarr"; + url = "http://10.0.1.3:8989/"; + icon = "si:sonarr"; + allow-insecure = true; + basic-auth = { + username = "mjallen"; + password = "BogieDudie1"; + }; + } + { + title = "Radarr"; + url = "http://10.0.1.3:7878/"; + icon = "si:radarr"; + allow-insecure = true; + basic-auth = { + username = "mjallen"; + password = "BogieDudie1"; + }; + } + # { + # title = ""; + # url = ""; + # icon = "si:"; + # } + ]; + } + { + type = "bookmarks"; + groups = [ + { + title = "General"; + links = [ + { + title = "Gmail"; + url = "https://mail.google.com/mail/u/0/"; + } + { + title = "Proton Mail"; + url = "https://mail.proton.me/u/0/inbox"; + } + { + title = "MyNixOS"; + url = "https://www.mynixos.com/"; + } + { + title = "Github"; + url = "https://github.com/"; + } + ]; + } + { + title = "Entertainment"; + links = [ + { + title = "YouTube"; + url = "https://www.youtube.com/"; + } + { + title = "Prime Video"; + url = "https://www.primevideo.com/"; + } + { + title = "Disney+"; + url = "https://www.disneyplus.com/"; + } + ]; + } + { + title = "Social"; + links = [ + { + title = "Reddit"; + url = "https://www.reddit.com/"; + } + { + title = "Twitter"; + url = "https://twitter.com/"; + } + { + title = "Instagram"; + url = "https://www.instagram.com/"; + } + ]; + } + ]; + } + ]; + } + ]; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index b6bc34f..82f688d 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -129,7 +129,7 @@ let # Create reverse proxy configuration using mkReverseProxy reverseProxyConfig = lib.${namespace}.mkReverseProxy { - name = "actual"; + name = "matrix"; subdomain = cfg.reverseProxy.subdomain; url = "http://${cfg.localAddress}:${toString cfg.port}"; middlewares = cfg.reverseProxy.middlewares; @@ -154,7 +154,7 @@ with lib; options.${namespace}.services.matrix = { enable = mkEnableOption "matrix service"; - port = mkOpt types.int 8008 "Port for Actual to be hosted on"; + port = mkOpt types.int 8008 "Port for matrix to be hosted on"; localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; diff --git a/modules/nixos/services/matrix/default.nix.conduit b/modules/nixos/services/matrix/default.nix.conduit index d1707a2..7d37f11 100644 --- a/modules/nixos/services/matrix/default.nix.conduit +++ b/modules/nixos/services/matrix/default.nix.conduit @@ -69,7 +69,7 @@ with lib; options.${namespace}.services.matrix = { enable = mkEnableOption "matrix service"; - port = mkOpt types.int 8008 "Port for Actual to be hosted on"; + port = mkOpt types.int 8008 "Port for matrix to be hosted on"; localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; diff --git a/systems/aarch64-linux/pi5/default.nix b/systems/aarch64-linux/pi5/default.nix index 1e73394..9b0651c 100644 --- a/systems/aarch64-linux/pi5/default.nix +++ b/systems/aarch64-linux/pi5/default.nix @@ -10,12 +10,20 @@ imports = [ ./adguard.nix ./boot.nix - ./services.nix ./sops.nix ]; ${namespace} = { + + # ################################################### + # # Impermanence # # + # ################################################### impermanence.enable = true; + + # ################################################### + # # Hardware # # + # ################################################### + hardware = { disko.enable = true; raspberry-pi = { @@ -23,12 +31,33 @@ variant = "5"; }; }; + + # ################################################### + # # Desktop # # + # ################################################### + desktop.hyprland.enable = false; + + # ################################################### + # # User # # + # ################################################### + user = { name = "matt"; mutableUsers = false; extraGroups = [ "docker" ]; }; + + # ################################################### + # # Services # # + # ################################################### + + services.home-assistant.enable = true; + + # ################################################### + # # Network # # + # ################################################### + network = { hostName = "pi5"; ipv4 = { @@ -53,7 +82,11 @@ }; }; }; - + + # ################################################### + # # FileSystems # # + # ################################################### + fileSystems."/data" = { device = "/dev/disk/bu-uuid/a85420cc-a026-4100-80d2-a999081d792a"; fsType = "bcachefs"; diff --git a/systems/aarch64-linux/pi5/services.nix b/systems/aarch64-linux/pi5/services.nix deleted file mode 100644 index 0f4473f..0000000 --- a/systems/aarch64-linux/pi5/services.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: -{ - services = { - shairport-sync = { - enable = false; - openFirewall = true; - settings = { - general = { - name = "Living Room Speakers"; - }; - }; - }; - }; -} diff --git a/systems/x86_64-linux/jallen-nas/apps.nix b/systems/x86_64-linux/jallen-nas/apps.nix index 03c9709..52304f8 100755 --- a/systems/x86_64-linux/jallen-nas/apps.nix +++ b/systems/x86_64-linux/jallen-nas/apps.nix @@ -87,6 +87,11 @@ }; }; + glance = { + enable = true; + port = 5555; + }; + free-games-claimer.enable = true; manyfold.enable = true; @@ -181,12 +186,6 @@ htpasswdFile = "/media/nas/main/backup/restic/.htpasswd"; extraFlags = [ "--no-auth" ]; }; - - tabby-web = { - enable = false; - port = 8050; - openFirewall = true; - }; }; }; } diff --git a/systems/x86_64-linux/jallen-nas/default.nix b/systems/x86_64-linux/jallen-nas/default.nix index 029d599..fb6df51 100755 --- a/systems/x86_64-linux/jallen-nas/default.nix +++ b/systems/x86_64-linux/jallen-nas/default.nix @@ -4,10 +4,14 @@ { config, + lib, pkgs, namespace, ... }: +let + inherit (lib.${namespace}) enabled disabled; +in { imports = [ ./boot.nix @@ -26,13 +30,13 @@ # # Boot # # # ################################################### - bootloader.lanzaboote.enable = true; + bootloader.lanzaboote = enabled; # ################################################### # # Desktop # # # ################################################### - desktop.cosmic.enable = false; + desktop.cosmic = disabled; # ################################################### # # Development # # @@ -92,12 +96,6 @@ group = "traefik"; mode = "u=rwx,g=rwx,o=rx"; } - { - directory = "/media"; - user = "nas-apps"; - group = "jallen-nas"; - mode = "u=rwx,g=rx,o=rx"; - } ]; }; @@ -105,7 +103,7 @@ # # Monitoring # # # ################################################### - monitoring.enable = true; + monitoring = enabled; # ################################################### # # Network # # @@ -162,7 +160,7 @@ # # Power # # # ################################################### - power.ups.enable = true; + power.ups = enabled; # ################################################### # # Samba # # @@ -212,14 +210,14 @@ # # Security # # # ################################################### - security.tpm.enable = true; + security.tpm = enabled; # ################################################### # # Services # # # ################################################### services = { - grafana.enable = true; + grafana = enabled; }; # ################################################### @@ -250,10 +248,10 @@ fsType = "bcachefs"; mountPoint = "/media/nas/main"; options = [ - "noauto" + "noauto" "nofail" - "x-systemd.mount-timeout=0" - "x-systemd.device-timeout=0" + # "x-systemd.mount-timeout=0" + # "x-systemd.device-timeout=0" ]; }; diff --git a/systems/x86_64-linux/nuc-nixos/hardware-configuration.nix b/systems/x86_64-linux/nuc-nixos/hardware-configuration.nix deleted file mode 100644 index 4c51566..0000000 --- a/systems/x86_64-linux/nuc-nixos/hardware-configuration.nix +++ /dev/null @@ -1,79 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "nvme" - "ahci" - "usbhid" - "uas" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = lib.mkForce { - device = "none"; - fsType = "tmpfs"; - options = [ "mode=755" ]; - }; - - fileSystems."/boot" = lib.mkForce { - device = "UUID=0FCB-EC63"; # "/dev/disk/by-partlabel/disk-main-ESP"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; - }; - - fileSystems."/var/log" = lib.mkForce { - device = "UUID=88d9c058-757d-c06e-0fb7-a612f2db8a7a"; # "/dev/disk/by-partlabel/disk-main-root"; - fsType = "bcachefs"; - options = [ "X-mount.subdir=log" ]; - }; - - fileSystems."/root" = lib.mkForce { - device = lib.mkDefault "UUID=88d9c058-757d-c06e-0fb7-a612f2db8a7a"; # "/dev/disk/by-partlabel/disk-main-root"; - fsType = "bcachefs"; - options = [ "X-mount.subdir=root" ]; - }; - - fileSystems."/etc" = lib.mkForce { - device = lib.mkDefault "UUID=88d9c058-757d-c06e-0fb7-a612f2db8a7a"; # "/dev/disk/by-partlabel/disk-main-root"; - fsType = "bcachefs"; - options = [ "X-mount.subdir=etc" ]; - }; - - fileSystems."/nix" = lib.mkForce { - device = lib.mkDefault "UUID=88d9c058-757d-c06e-0fb7-a612f2db8a7a"; # "/dev/disk/by-partlabel/disk-main-root"; - fsType = "bcachefs"; - options = [ - "X-mount.subdir=nix" - "verbose" - ]; - }; - - fileSystems."/home" = lib.mkForce { - device = lib.mkDefault "UUID=88d9c058-757d-c06e-0fb7-a612f2db8a7a"; # "/dev/disk/by-partlabel/disk-main-root"; - fsType = "bcachefs"; - options = [ "X-mount.subdir=home" ]; - }; - - swapDevices = [ ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -}