mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upd

Browse Source
This commit is contained in:
mjallen18
2026-03-03 09:49:00 -06:00
parent ff9aea7a58
commit ddd99ef396
5 changed files with 362 additions and 363 deletions
Download Patch File Download Diff File Expand all files Collapse all files

170
flake.lock generated
View File

@@ -3,11 +3,11 @@
"authentik-go": {
"flake": false,
"locked": {
"lastModified": 1770333754,
"narHash": "sha256-Yyna75Nd6485tZP9IpdEa5QNomswe9hRfM+w3MuET9E=",
"lastModified": 1771856219,
"narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=",
"owner": "goauthentik",
"repo": "client-go",
"rev": "280022b0a8de5c8f4b2965d1147a1c4fa846ba64",
"rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d",
"type": "github"
},
"original": {
@@ -31,11 +31,11 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1770535094,
"narHash": "sha256-MLjqqCQsJFZJKqSMfarSVsFLNRiDK/pvOnoRwZ+esmk=",
"lastModified": 1772308481,
"narHash": "sha256-HnLfFmyMJpyhnvwfFViPgBkYuvZbWIf8TMyMDf5j/3I=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "b09825ea48b0802b4806ed9f0f4721a49e36eb98",
"rev": "5818986331de1a562c2505006b39a30aa1b081e6",
"type": "github"
},
"original": {
@@ -47,16 +47,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1770055313,
"narHash": "sha256-t9DOFNSQJZdUnZSEr3z8EBRsltS4DKu9xad9gS5/Ikc=",
"lastModified": 1771963976,
"narHash": "sha256-pVQ34cZYX3hlk6hF1aZ/n32xMqTF4Jmp0G0VGDU7iXc=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "6760f4c5d38e245edb72e12e4f45bda8dd859ccd",
"rev": "8af491630b70ff6bd089753e21bef511bfb3f557",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.12.3",
"ref": "version/2026.2.0",
"repo": "authentik",
"type": "github"
}
@@ -187,11 +187,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1770736414,
"narHash": "sha256-x5xdJgUxNflO9j2sJHIHnPujDy6eAWJPCMQml5y9XB4=",
"lastModified": 1772379624,
"narHash": "sha256-NG9LLTWlz4YiaTAiRGChbrzbVxBfX+Auq4Ab/SWmk4A=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "7c952d9a524ffbbd5b5edca38fe6d943499585cc",
"rev": "52d061516108769656a8bd9c6e811c677ec5b462",
"type": "github"
},
"original": {
@@ -208,11 +208,11 @@
]
},
"locked": {
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"lastModified": 1772420042,
"narHash": "sha256-naZz40TUFMa0E0CutvwWsSPhgD5JldyTUDEgP9ADpfU=",
"owner": "nix-community",
"repo": "disko",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"rev": "5af7af10f14706e4095bd6bc0d9373eb097283c6",
"type": "github"
},
"original": {
@@ -240,11 +240,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1765121682,
"narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=",
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
@@ -321,11 +321,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
@@ -516,11 +516,11 @@
]
},
"locked": {
"lastModified": 1770654520,
"narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=",
"lastModified": 1772516620,
"narHash": "sha256-2r4cKdqCVlQkvcTcLUMxmsmAYZZxCMd//w/PnDnukTE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e",
"rev": "2b9504d5a0169d4940a312abe2df2c5658db8de9",
"type": "github"
},
"original": {
@@ -536,11 +536,11 @@
]
},
"locked": {
"lastModified": 1770260404,
"narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
"lastModified": 1772380125,
"narHash": "sha256-8C+y46xA9bxcchj9GeDPJaRUDApaA3sy2fhJr1bTbUw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
"rev": "a07a44a839eb036e950bf397d9b782916f8dcab3",
"type": "github"
},
"original": {
@@ -557,11 +557,11 @@
]
},
"locked": {
"lastModified": 1770654520,
"narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=",
"lastModified": 1772516620,
"narHash": "sha256-2r4cKdqCVlQkvcTcLUMxmsmAYZZxCMd//w/PnDnukTE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e",
"rev": "2b9504d5a0169d4940a312abe2df2c5658db8de9",
"type": "github"
},
"original": {
@@ -611,11 +611,11 @@
"homebrew-cask": {
"flake": false,
"locked": {
"lastModified": 1770768367,
"narHash": "sha256-7pAX0i46XHzpqYu1HItBr0QO2ay5wQGRaiHWuVDe1yo=",
"lastModified": 1772516445,
"narHash": "sha256-MVerItEbtXcRWlg64/V4czYn75NFMp8bJF3fjBMn+2A=",
"owner": "homebrew",
"repo": "homebrew-cask",
"rev": "a283d32dde9aabcfe41043fb2bfa4b1e73d747ea",
"rev": "4b53553e463dcdee20d0fc1429e6828acebc5846",
"type": "github"
},
"original": {
@@ -627,11 +627,11 @@
"homebrew-core": {
"flake": false,
"locked": {
"lastModified": 1770775175,
"narHash": "sha256-KkI+PwKlFn+tntpoSj187wEbO7tVtGyQRrdsgvHBv1U=",
"lastModified": 1772517113,
"narHash": "sha256-fBS2VdySWOlt1yZSLFqkGwVHRhZc49NdE/bHjMEr/ug=",
"owner": "homebrew",
"repo": "homebrew-core",
"rev": "1adc6a56bc0d3bb873b415668e53e2f81a27803d",
"rev": "d67067daa2a50f72481c4adbed1d5b6a289efba1",
"type": "github"
},
"original": {
@@ -752,11 +752,11 @@
]
},
"locked": {
"lastModified": 1770315571,
"narHash": "sha256-hy0gcAgAcxrnSWKGuNO+Ob0x6jQ2xkR6hoaR0qJBHYs=",
"lastModified": 1772341813,
"narHash": "sha256-/PQ0ubBCMj/MVCWEI/XMStn55a8dIKsvztj4ZVLvUrQ=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb",
"rev": "a2051ff239ce2e8a0148fa7a152903d9a78e854f",
"type": "github"
},
"original": {
@@ -809,11 +809,11 @@
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1770692379,
"narHash": "sha256-05tn6+BH/B4Js+ele6uq2Xno0xpB0wv8fA6TNXMoXX8=",
"lastModified": 1772506041,
"narHash": "sha256-1tlskcMHk4x4AbxdoP1ikcTLv9vREbLOSPH0sZzVZvU=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "07f2af64427334c4098770884746ecf2471a574f",
"rev": "1ce151af917551265e61bc7fc5eb343ce091f285",
"type": "github"
},
"original": {
@@ -847,11 +847,11 @@
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1771054135,
"narHash": "sha256-0RYmnOk40U4ZGbW/+3rHlNndrsuHCz9h+xequKWgwHQ=",
"lastModified": 1771511514,
"narHash": "sha256-qhtonMK07BCVC/wZ+pZ9/MKhcTric7YUaCpW6pOg8IM=",
"owner": "nix-community",
"repo": "nixos-apple-silicon",
"rev": "357186cca0f4c7801ff16970e4b6a05e74fd88e0",
"rev": "2b92d495204be0b10845c66361444dbc8441c68d",
"type": "github"
},
"original": {
@@ -862,11 +862,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1770631810,
"narHash": "sha256-b7iK/x+zOXbjhRqa+XBlYla4zFvPZyU5Ln2HJkiSnzc=",
"lastModified": 1771969195,
"narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2889685785848de940375bf7fea5e7c5a3c8d502",
"rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
"type": "github"
},
"original": {
@@ -878,11 +878,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1768305791,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"lastModified": 1771848320,
"narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"rev": "2fc6539b481e1d2569f25f8799236694180c0993",
"type": "github"
},
"original": {
@@ -894,11 +894,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github"
},
"original": {
@@ -941,11 +941,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1770617025,
"narHash": "sha256-1jZvgZoAagZZB6NwGRv2T2ezPy+X6EFDsJm+YSlsvEs=",
"lastModified": 1772465433,
"narHash": "sha256-ywy9troNEfpgh0Ee+zaV1UTgU8kYBVKtvPSxh6clYGU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2db38e08fdadcc0ce3232f7279bab59a15b94482",
"rev": "c581273b8d5bdf1c6ce7e0a54da9841e6a763913",
"type": "github"
},
"original": {
@@ -957,11 +957,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1770720068,
"narHash": "sha256-S8s8l0CfMYsFMNS0hXZaQV9sOTkUB6qdXdTSEs2aTT8=",
"lastModified": 1772489420,
"narHash": "sha256-5S6dLX9aLYhoGJYriyeQzNAfW40atqWCWfDBdMCJxmQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8ee95bcb238069810a968efbf2bba8e4d6ff11a6",
"rev": "a655125ecdf797c9c3783c48b235b88ff160344f",
"type": "github"
},
"original": {
@@ -989,11 +989,11 @@
},
"nixpkgs_11": {
"locked": {
"lastModified": 1770720068,
"narHash": "sha256-S8s8l0CfMYsFMNS0hXZaQV9sOTkUB6qdXdTSEs2aTT8=",
"lastModified": 1772489420,
"narHash": "sha256-5S6dLX9aLYhoGJYriyeQzNAfW40atqWCWfDBdMCJxmQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8ee95bcb238069810a968efbf2bba8e4d6ff11a6",
"rev": "a655125ecdf797c9c3783c48b235b88ff160344f",
"type": "github"
},
"original": {
@@ -1005,11 +1005,11 @@
},
"nixpkgs_12": {
"locked": {
"lastModified": 1770380644,
"narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=",
"lastModified": 1772173633,
"narHash": "sha256-MOH58F4AIbCkh6qlQcwMycyk5SWvsqnS/TCfnqDlpj4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe",
"rev": "c0f3d81a7ddbc2b1332be0d8481a672b4f6004d6",
"type": "github"
},
"original": {
@@ -1204,11 +1204,11 @@
]
},
"locked": {
"lastModified": 1770726378,
"narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
"lastModified": 1772024342,
"narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
"rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476",
"type": "github"
},
"original": {
@@ -1233,11 +1233,11 @@
]
},
"locked": {
"lastModified": 1763662255,
"narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=",
"lastModified": 1771423342,
"narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "042904167604c681a090c07eb6967b4dd4dae88c",
"rev": "04e9c186e01f0830dad3739088070e4c551191a4",
"type": "github"
},
"original": {
@@ -1254,11 +1254,11 @@
]
},
"locked": {
"lastModified": 1764134915,
"narHash": "sha256-xaKvtPx6YAnA3HQVp5LwyYG1MaN4LLehpQI8xEdBvBY=",
"lastModified": 1771518446,
"narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "2c8df1383b32e5443c921f61224b198a2282a657",
"rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937",
"type": "github"
},
"original": {
@@ -1369,11 +1369,11 @@
"nixpkgs": "nixpkgs_12"
},
"locked": {
"lastModified": 1770683991,
"narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
"lastModified": 1772495394,
"narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
"rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff",
"type": "github"
},
"original": {
@@ -1426,11 +1426,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1770587906,
"narHash": "sha256-N9ZTG3ia7l4iQO+9JlOj+sX4yu6gl7a3aozrlhSIJwQ=",
"lastModified": 1772296853,
"narHash": "sha256-pAtzPsgHRKw/2Kv8HgAjSJg450FDldHPWsP3AKG/Xj0=",
"owner": "nix-community",
"repo": "stylix",
"rev": "72e6483a88d51471a6c55e1d43e7ed2bc47a76a4",
"rev": "c4b8e80a1020e09a1f081ad0f98ce804a6e85acf",
"type": "github"
},
"original": {
@@ -1612,11 +1612,11 @@
]
},
"locked": {
"lastModified": 1765631794,
"narHash": "sha256-90d//IZ4GXipNsngO4sb2SAPbIC/a2P+IAdAWOwpcOM=",
"lastModified": 1772187362,
"narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "4cca323a547a1aaa9b94929c4901bed5343eafe8",
"rev": "abe65de114300de41614002fe9dce2152ac2ac23",
"type": "github"
},
"original": {

2
modules/nixos/services/nextcloud/default.nix
View File

@@ -20,7 +20,7 @@ let
# Setup the native NixOS Nextcloud service
services.nextcloud = {
enable = true;
package = pkgs.nextcloud32;
package = pkgs.nextcloud33;
hostName = "cloud.mjallen.dev";
home = "${cfg.configDir}/nextcloud";
datadir = "${cfg.dataDir}/nextcloud";

546
modules/nixos/services/traefik/default.nix
View File

@@ -70,300 +70,300 @@ in
allowedUDPPorts = forwardPorts;
};
services.traefik = {
enable = true;
dataDir = "${configDir}/traefik";
group = "jallen-nas"; # group;
environmentFiles = [ config.sops.templates."traefik.env".path ];
# services.traefik = {
# enable = true;
# dataDir = "${configDir}/traefik";
# group = "jallen-nas"; # group;
# environmentFiles = [ config.sops.templates."traefik.env".path ];
static = {
# dir = "${configDir}/traefik";
settings = {
entryPoints = {
web = {
address = ":${toString httpPort}";
asDefault = true;
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
};
# static = {
# # dir = "${configDir}/traefik";
# settings = {
# entryPoints = {
# web = {
# address = ":${toString httpPort}";
# asDefault = true;
# http.redirections.entrypoint = {
# to = "websecure";
# scheme = "https";
# };
# };
websecure = {
address = ":${toString httpsPort}";
asDefault = true;
http.tls.certResolver = "letsencrypt";
};
# websecure = {
# address = ":${toString httpsPort}";
# asDefault = true;
# http.tls.certResolver = "letsencrypt";
# };
metrics = {
address = ":${toString metricsPort}"; # Port for metrics
};
};
# metrics = {
# address = ":${toString metricsPort}"; # Port for metrics
# };
# };
log = {
level = "INFO";
};
# log = {
# level = "INFO";
# };
metrics = {
prometheus = {
entryPoint = "metrics";
addEntryPointsLabels = true;
addServicesLabels = true;
buckets = [
0.1
0.3
1.2
5.0
]; # Response time buckets
};
};
# metrics = {
# prometheus = {
# entryPoint = "metrics";
# addEntryPointsLabels = true;
# addServicesLabels = true;
# buckets = [
# 0.1
# 0.3
# 1.2
# 5.0
# ]; # Response time buckets
# };
# };
certificatesResolvers.letsencrypt.acme = {
email = letsEncryptEmail;
storage = "${config.services.traefik.dataDir}/acme.json";
dnsChallenge = {
provider = "cloudflare";
resolvers = [
"1.1.1.1:53"
"8.8.8.8:53"
];
};
};
# certificatesResolvers.letsencrypt.acme = {
# email = letsEncryptEmail;
# storage = "${config.services.traefik.dataDir}/acme.json";
# dnsChallenge = {
# provider = "cloudflare";
# resolvers = [
# "1.1.1.1:53"
# "8.8.8.8:53"
# ];
# };
# };
# Access the Traefik dashboard on <Traefik IP>:8080
api = {
dashboard = true;
insecure = true;
};
# # Access the Traefik dashboard on <Traefik IP>:8080
# api = {
# dashboard = true;
# insecure = true;
# };
experimental = {
plugins = traefikPlugins;
};
};
};
# experimental = {
# plugins = traefikPlugins;
# };
# };
# };
dynamic = {
dir = "/run/traefik";
files = {
"serversTransports".settings.http = {
serversTransports = {
internal-https = {
insecureSkipVerify = true;
};
http1 = {
serverName = "localhost";
disableHTTP2 = true;
};
};
};
# dynamic = {
# dir = "/run/traefik";
# files = {
# "serversTransports".settings.http = {
# serversTransports = {
# internal-https = {
# insecureSkipVerify = true;
# };
# http1 = {
# serverName = "localhost";
# disableHTTP2 = true;
# };
# };
# };
"middlewares-authentik".settings.http = {
middlewares = {
authentik = {
forwardAuth = {
tls.insecureSkipVerify = true;
address = "${authUrl}/auth/traefik";
trustForwardHeader = true;
authResponseHeaders = [
"X-authentik-username"
"X-authentik-groups"
"X-authentik-email"
"X-authentik-name"
"X-authentik-uid"
"X-authentik-jwt"
"X-authentik-meta-jwks"
"X-authentik-meta-outpost"
"X-authentik-meta-provider"
"X-authentik-meta-app"
"X-authentik-meta-version"
];
};
};
};
};
# "middlewares-authentik".settings.http = {
# middlewares = {
# authentik = {
# forwardAuth = {
# tls.insecureSkipVerify = true;
# address = "${authUrl}/auth/traefik";
# trustForwardHeader = true;
# authResponseHeaders = [
# "X-authentik-username"
# "X-authentik-groups"
# "X-authentik-email"
# "X-authentik-name"
# "X-authentik-uid"
# "X-authentik-jwt"
# "X-authentik-meta-jwks"
# "X-authentik-meta-outpost"
# "X-authentik-meta-provider"
# "X-authentik-meta-app"
# "X-authentik-meta-version"
# ];
# };
# };
# };
# };
"middlewares-crowdsec".settings.http = {
middlewares = {
crowdsec = {
plugin = {
bouncer = {
enabled = true;
crowdsecLapiKeyFile = config.sops.secrets."jallen-nas/traefik/crowdsec/lapi-key".path;
crowdsecLapiScheme = "http";
crowdsecLapiHost = "localhost:8181";
crowdsecLapiPath = "/";
crowdsecLapiTLSInsecureVerify = false;
crowdsecCapiMachineIdFile = config.sops.secrets."jallen-nas/traefik/crowdsec/capi-machine-id".path;
crowdsecCapiPasswordFile = config.sops.secrets."jallen-nas/traefik/crowdsec/capi-password".path;
crowdsecCapiScenarios = [ ];
};
};
};
};
};
# "middlewares-crowdsec".settings.http = {
# middlewares = {
# crowdsec = {
# plugin = {
# bouncer = {
# enabled = true;
# crowdsecLapiKeyFile = config.sops.secrets."jallen-nas/traefik/crowdsec/lapi-key".path;
# crowdsecLapiScheme = "http";
# crowdsecLapiHost = "localhost:8181";
# crowdsecLapiPath = "/";
# crowdsecLapiTLSInsecureVerify = false;
# crowdsecCapiMachineIdFile = config.sops.secrets."jallen-nas/traefik/crowdsec/capi-machine-id".path;
# crowdsecCapiPasswordFile = config.sops.secrets."jallen-nas/traefik/crowdsec/capi-password".path;
# crowdsecCapiScenarios = [ ];
# };
# };
# };
# };
# };
"middlewares-geoblock".settings.http = {
middlewares = {
whitelist-geoblock = {
plugin = {
geoblock = {
silentStartUp = false;
allowLocalRequests = true;
logLocalRequests = false;
logAllowedRequests = false;
logApiRequests = false;
api = "https://get.geojs.io/v1/ip/country/{ip}";
apiTimeoutMs = 500;
cacheSize = 25;
forceMonthlyUpdate = true;
allowUnknownCountries = false;
unknownCountryApiResponse = "nil";
blackListMode = false;
countries = [
"CA"
"US"
];
};
};
};
};
};
# "middlewares-geoblock".settings.http = {
# middlewares = {
# whitelist-geoblock = {
# plugin = {
# geoblock = {
# silentStartUp = false;
# allowLocalRequests = true;
# logLocalRequests = false;
# logAllowedRequests = false;
# logApiRequests = false;
# api = "https://get.geojs.io/v1/ip/country/{ip}";
# apiTimeoutMs = 500;
# cacheSize = 25;
# forceMonthlyUpdate = true;
# allowUnknownCountries = false;
# unknownCountryApiResponse = "nil";
# blackListMode = false;
# countries = [
# "CA"
# "US"
# ];
# };
# };
# };
# };
# };
"middlewares-ipallowlist".settings.http = {
middlewares = {
internal-ipallowlist = {
ipAllowList = {
sourceRange = [
"127.0.0.1/32"
"10.0.1.0/24"
];
};
};
};
};
# "middlewares-ipallowlist".settings.http = {
# middlewares = {
# internal-ipallowlist = {
# ipAllowList = {
# sourceRange = [
# "127.0.0.1/32"
# "10.0.1.0/24"
# ];
# };
# };
# };
# };
"services-auth".settings.http = {
services = {
auth.loadBalancer.servers = [
{
url = authUrl;
}
];
};
};
# "services-auth".settings.http = {
# services = {
# auth.loadBalancer.servers = [
# {
# url = authUrl;
# }
# ];
# };
# };
"services-cache".settings.http = {
services = {
cache.loadBalancer = {
servers = [
{
url = cacheUrl;
}
];
serversTransport = "http1";
};
};
};
# "services-cache".settings.http = {
# services = {
# cache.loadBalancer = {
# servers = [
# {
# url = cacheUrl;
# }
# ];
# serversTransport = "http1";
# };
# };
# };
"services-nginx".settings.http = {
services = {
nginx.loadBalancer.servers = [
{
url = "http://localhost:8188";
}
];
};
};
# "services-nginx".settings.http = {
# services = {
# nginx.loadBalancer.servers = [
# {
# url = "http://localhost:8188";
# }
# ];
# };
# };
"services-generated".settings.http = reverseProxyServiceConfigs;
# "services-generated".settings.http = reverseProxyServiceConfigs;
"routers-auth".settings.http = {
routers = {
auth = {
entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 15;
tls.certResolver = "letsencrypt";
};
};
};
# "routers-auth".settings.http = {
# routers = {
# auth = {
# entryPoints = [ "websecure" ];
# rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
# service = "auth";
# middlewares = [
# "crowdsec"
# "whitelist-geoblock"
# ];
# priority = 15;
# tls.certResolver = "letsencrypt";
# };
# };
# };
"routers-matrix2".settings.http = {
routers = {
matrix2 = {
entryPoints = [ "websecure" ];
rule = "Host(`matrix.mjallen.dev`) && PathPrefix(`/.well-known/matrix/`)";
service = "nginx";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 1;
tls.certResolver = "letsencrypt";
};
};
};
# "routers-matrix2".settings.http = {
# routers = {
# matrix2 = {
# entryPoints = [ "websecure" ];
# rule = "Host(`matrix.mjallen.dev`) && PathPrefix(`/.well-known/matrix/`)";
# service = "nginx";
# middlewares = [
# "crowdsec"
# "whitelist-geoblock"
# ];
# priority = 1;
# tls.certResolver = "letsencrypt";
# };
# };
# };
"routers-matrix3".settings.http = {
routers = {
matrix3 = {
entryPoints = [ "websecure" ];
rule = "Host(`mjallen.dev`) && PathPrefix(`/.well-known/matrix/`)";
service = "nginx";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 1;
tls.certResolver = "letsencrypt";
};
};
};
# "routers-matrix3".settings.http = {
# routers = {
# matrix3 = {
# entryPoints = [ "websecure" ];
# rule = "Host(`mjallen.dev`) && PathPrefix(`/.well-known/matrix/`)";
# service = "nginx";
# middlewares = [
# "crowdsec"
# "whitelist-geoblock"
# ];
# priority = 1;
# tls.certResolver = "letsencrypt";
# };
# };
# };
"routers-cache".settings.http = {
routers = {
cache = {
entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)";
service = "cache";
middlewares = [ ];
priority = 10;
tls.certResolver = "letsencrypt";
};
};
};
# "routers-cache".settings.http = {
# routers = {
# cache = {
# entryPoints = [ "websecure" ];
# rule = "Host(`cache.${domain}`)";
# service = "cache";
# middlewares = [ ];
# priority = 10;
# tls.certResolver = "letsencrypt";
# };
# };
# };
"home-assistant".settings.http = {
services = {
hass.loadBalancer.servers = [
{
url = hassUrl;
}
];
};
routers = {
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
service = "hass";
middlewares = [
"crowdsec"
"whitelist-geoblock"
# "authentik"
];
priority = 10;
tls.certResolver = "letsencrypt";
};
};
};
"routers-generated".settings.http = reverseProxyRouterConfigs;
};
};
};
# "home-assistant".settings.http = {
# services = {
# hass.loadBalancer.servers = [
# {
# url = hassUrl;
# }
# ];
# };
# routers = {
# hass = {
# entryPoints = [ "websecure" ];
# rule = "Host(`hass.${domain}`)";
# service = "hass";
# middlewares = [
# "crowdsec"
# "whitelist-geoblock"
# # "authentik"
# ];
# priority = 10;
# tls.certResolver = "letsencrypt";
# };
# };
# };
# "routers-generated".settings.http = reverseProxyRouterConfigs;
# };
# };
# };
};
}

1
modules/nixos/services/wyoming/default.nix
View File

@@ -29,7 +29,6 @@ let
services.wyoming = {
faster-whisper.servers.hass-whisper = {
enable = true;
useTransformers = false;
device = lib.mkForce "auto";
language = "en";
model = "distil-large-v3";

6
packages/bcachefs/default.nix
View File

@@ -28,18 +28,18 @@
stdenv.mkDerivation (finalAttrs: {
pname = "bcachefs-tools";
version = "1.35.1";
version = "1.36.1";
src = fetchFromGitHub {
owner = "koverstreet";
repo = "bcachefs-tools";
tag = "v${finalAttrs.version}";
hash = "sha256-1p2zbzQLza8w+hu+5OjPr+Lh6q6Kh9HdVxFkuCl2x8o=";
hash = lib.fakeHash;
};
cargoDeps = rustPlatform.fetchCargoVendor {
inherit (finalAttrs) src;
hash = "sha256-OlXkshfEXtY6fDBqhEJQhWhPjwQ5ofDIZ9IuchchKxk=";
hash = lib.fakeHash;
};
postPatch = ''