diff --git a/flake.lock b/flake.lock index d65676d..3ba4179 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1695738267, - "narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=", + "lastModified": 1697410455, + "narHash": "sha256-jCs/ffIP3tUPN7HWWuae4BB8+haAw2NI02z5BQvWMGM=", "owner": "nix-community", "repo": "home-manager", - "rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486", + "rev": "78125bc681d12364cb65524eaa887354134053d0", "type": "github" }, "original": { @@ -119,11 +119,11 @@ ] }, "locked": { - "lastModified": 1696883888, - "narHash": "sha256-EdQMeJxDoi26YDtkNf20mNBeCj7Y5eKg+rrxkiB86z0=", + "lastModified": 1697459493, + "narHash": "sha256-HH8ePJIVAsiDHIdS4qnKQ9o4X0KTVGA9cfHBplKqpfs=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "5da7c4fd0ab9693d83cae50de7d9430696f92568", + "rev": "b63b328577f1cb5839f8ecc4fd05040335d4a55a", "type": "github" }, "original": { @@ -134,11 +134,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1695644571, - "narHash": "sha256-asS9dCCdlt1lPq0DLwkVBbVoEKuEuz+Zi3DG7pR/RxA=", + "lastModified": 1697059129, + "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6500b4580c2a1f3d0f980d32d285739d8e156d92", + "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593", "type": "github" }, "original": { @@ -150,11 +150,11 @@ }, "nur": { "locked": { - "lastModified": 1695844033, - "narHash": "sha256-UX5sbK9dc/bOupgDGWer75zBjoh7eWIheyGGCjD7FIg=", + "lastModified": 1697470606, + "narHash": "sha256-TP3UN5RktQpqDVj5mA6rb1Nu4vGTnctWkbe5sef4LEw=", "owner": "nix-community", "repo": "NUR", - "rev": "f08568d903901b7ac1017572b9af9855e935155a", + "rev": "cc83a858d3dbf50a934a4f74fe5508ac2fa72bc5", "type": "github" }, "original": { @@ -176,11 +176,11 @@ ] }, "locked": { - "lastModified": 1696098855, - "narHash": "sha256-bRksfF76An44TGS703+6My+i2o4hooVPdX5qWn9aMfo=", + "lastModified": 1697479170, + "narHash": "sha256-TF5LZDLY/WMDcQ/kexL3+fZ9lw9p9h16htloC1CcQLA=", "ref": "refs/heads/main", - "rev": "17ca4470eef819d56f2c7fdd13c3952797fb4512", - "revCount": 21, + "rev": "d2344c2b4ae8216c286d762f367a49fe3fc8b306", + "revCount": 23, "type": "git", "url": "https://forgejo.owo.monster/chaos/piped-flake" }, diff --git a/hosts/hetzner-arm/containers/music/default.nix b/hosts/hetzner-arm/containers/music/default.nix index 6b7bb32..842da5a 100644 --- a/hosts/hetzner-arm/containers/music/default.nix +++ b/hosts/hetzner-arm/containers/music/default.nix @@ -87,21 +87,20 @@ in { in { forceSSL = true; enableACME = true; - locations = - mkMerge [ - { - "/mpd/flac" = { - proxyPass = "http://${containerIP}:${toString ports.mpd-flac}"; - inherit extraConfig; - }; - } - ] - ++ (mkMerge (forEach ["low" "medium" "high"] (quality: { + locations = mkMerge [ + { + "/mpd/flac" = { + proxyPass = "http://${containerIP}:${toString ports.mpd-flac}"; + inherit extraConfig; + }; + } + (mkMerge (forEach ["low" "medium" "high"] (quality: { "/mpd/opus-${quality}" = { proxyPass = "http://${containerIP}:${toString ports."mpd-opus-${quality}"}"; inherit extraConfig; }; - }))); + }))) + ]; }; networking = { diff --git a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix index d5e7abd..0bb5d32 100644 --- a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix @@ -7,9 +7,9 @@ backupPrepareCommand = "${ (pkgs.writeShellScriptBin "backupPrepareCommand" '' - systemctl start postgresqlBackup-piped --wait - systemctl start postgresqlBackup-gotosocial --wait - systemctl start postgresqlBackup-quassel --wait + systemctl start remotePostgreSQLBackup-piped --wait + systemctl start remotePostgreSQLBackup-gotosocial --wait + systemctl start remotePostgreSQLBackup-quassel --wait '') }/bin/backupPrepareCommand"; in { diff --git a/hosts/hetzner-arm/containers/storage/data/ports.nix b/hosts/hetzner-arm/containers/storage/data/ports.nix index 73138d9..6559005 100644 --- a/hosts/hetzner-arm/containers/storage/data/ports.nix +++ b/hosts/hetzner-arm/containers/storage/data/ports.nix @@ -1,20 +1,24 @@ -{ - rclone_serve_webdav_main = 4200; - rclone_serve_webdav_media = 4201; - rclone_serve_webdav_music_ro = 4202; - rclone_serve_webdav_public = 4202; - rclone_serve_webdav_uploads = 4202; +let + webdav = 4200; + restic = 4300; + http = 4400; +in { + webdav_main = webdav + 0; + webdav_media = webdav + 1; + webdav_music_ro = webdav + 2; + webdav_public = webdav + 3; + webdav_uploads = webdav + 4; - rclone_serve_restic_music = 4210; - rclone_serve_restic_vault = 4211; - rclone_serve_restic_social = 4212; - rclone_serve_restic_quassel = 4213; - rclone_serve_restic_postgresql = 4214; - rclone_serve_restic_mail = 4215; - rclone_serve_restic_forgejo = 4216; - rclone_serve_restic_caldav = 4217; + restic_music = restic + 0; + restic_vault = restic + 1; + restic_social = restic + 2; + restic_quassel = restic + 3; + restic_postgresql = restic + 4; + restic_mail = restic + 5; + restic_forgejo = restic + 6; + restic_caldav = restic + 7; - rclone_serve_http_music = 4220; - rclone_serve_http_public = 4221; - rclone_serve_http_uploads_public = 4221; + http_music = http + 0; + http_public = http + 1; + http_uploads_public = http + 2; } diff --git a/hosts/hetzner-arm/containers/storage/default.nix b/hosts/hetzner-arm/containers/storage/default.nix index cb41dc8..8bfcd42 100644 --- a/hosts/hetzner-arm/containers/storage/default.nix +++ b/hosts/hetzner-arm/containers/storage/default.nix @@ -62,11 +62,11 @@ in { forceSSL = true; enableACME = true; locations = { - "/Main/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_main}"; - "/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}"; - "/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}"; - "/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_public}"; - "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_uploads}"; + "/Main/".proxyPass = "http://${containerIP}:${toString ports.webdav_main}"; + "/Media/".proxyPass = "http://${containerIP}:${toString ports.webdav_media}"; + "/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.webdav_music_ro}"; + "/Public/".proxyPass = "http://${containerIP}:${toString ports.webdav_public}"; + "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.webdav_uploads}"; }; extraConfig = '' client_max_body_size ${clientMaxBodySize}; @@ -77,9 +77,9 @@ in { forceSSL = true; enableACME = true; locations = { - "/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_music}"; - "/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_public}"; - "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_uploads_public}"; + "/Music/".proxyPass = "http://${containerIP}:${toString ports.http_music}"; + "/Public/".proxyPass = "http://${containerIP}:${toString ports.http_public}"; + "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.http_uploads_public}"; }; extraConfig = '' client_max_body_size ${clientMaxBodySize}; @@ -90,14 +90,14 @@ in { forceSSL = true; enableACME = true; locations = { - "/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_music}"; - "/Vault/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_vault}"; - "/Social/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_social}"; - "/Quassel/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_quassel}"; - "/PostgreSQL/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_postgresql}"; - "/Mail/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_mail}"; - "/Forgejo/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_forgejo}"; - "/CalDAV/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_caldav}"; + "/Music/".proxyPass = "http://${containerIP}:${toString ports.restic_music}"; + "/Vault/".proxyPass = "http://${containerIP}:${toString ports.restic_vault}"; + "/Social/".proxyPass = "http://${containerIP}:${toString ports.restic_social}"; + "/Quassel/".proxyPass = "http://${containerIP}:${toString ports.restic_quassel}"; + "/PostgreSQL/".proxyPass = "http://${containerIP}:${toString ports.restic_postgresql}"; + "/Mail/".proxyPass = "http://${containerIP}:${toString ports.restic_mail}"; + "/Forgejo/".proxyPass = "http://${containerIP}:${toString ports.restic_forgejo}"; + "/CalDAV/".proxyPass = "http://${containerIP}:${toString ports.restic_caldav}"; }; extraConfig = '' client_max_body_size ${clientMaxBodySize}; diff --git a/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix b/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix index 130912d..d78d1a5 100644 --- a/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix +++ b/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix @@ -25,7 +25,7 @@ in { remote = "StorageBox:"; type = "webdav"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_main}" + "--addr=0.0.0.0:${toString ports.webdav_main}" "--htpasswd=${secrets.webdav_main_htpasswd.path}" "--baseurl=/Main/" "--cache-dir=/caches/main_webdav_serve" @@ -37,7 +37,7 @@ in { remote = "Media-Combine-Serve:"; type = "webdav"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_media}" + "--addr=0.0.0.0:${toString ports.webdav_media}" "--htpasswd=${secrets.webdav_media_htpasswd.path}" "--baseurl=/Media/" "--cache-dir=/caches/media_webdav_serve" @@ -51,7 +51,7 @@ in { remote = "StorageBox:Music"; type = "webdav"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_music_ro}" + "--addr=0.0.0.0:${toString ports.webdav_music_ro}" "--read-only" "--baseurl=/MusicRO/" ]; @@ -61,7 +61,7 @@ in { remote = "StorageBox:Public"; type = "webdav"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_public}" + "--addr=0.0.0.0:${toString ports.webdav_public}" "--htpasswd=${secrets.webdav_media_htpasswd.path}" "--baseurl=/Public/" ]; @@ -71,7 +71,7 @@ in { remote = "StorageBox:Uploads"; type = "webdav"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_uploads}" + "--addr=0.0.0.0:${toString ports.webdav_uploads}" "--htpasswd=${secrets.webdav_uploads_htpasswd.path}" "--baseurl=/Uploads/" ]; @@ -82,7 +82,7 @@ in { remote = "StorageBox:Music"; type = "http"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_http_music}" + "--addr=0.0.0.0:${toString ports.http_music}" "--baseurl=/Music/" "--read-only" ]; @@ -92,7 +92,7 @@ in { remote = "StorageBox:Public"; type = "http"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_http_public}" + "--addr=0.0.0.0:${toString ports.http_public}" "--baseurl=/Public/" "--read-only" ]; @@ -102,7 +102,7 @@ in { remote = "StorageBox:Uploads/Public"; type = "http"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_http_uploads_public}" + "--addr=0.0.0.0:${toString ports.http_uploads_public}" "--baseurl=/Uploads/" "--read-only" ]; @@ -112,7 +112,7 @@ in { remote = "StorageBox:Backups/Restic/Music"; type = "restic"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_restic_music}" + "--addr=0.0.0.0:${toString ports.restic_music}" "--htpasswd=${secrets.restic_music_htpasswd.path}" "--baseurl=/Music/" ]; @@ -122,7 +122,7 @@ in { remote = "StorageBox:Backups/Restic/Vault"; type = "restic"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_restic_vault}" + "--addr=0.0.0.0:${toString ports.restic_vault}" "--htpasswd=${secrets.restic_vault_htpasswd.path}" "--baseurl=/Vault/" ]; @@ -132,7 +132,7 @@ in { remote = "StorageBox:Backups/Restic/Social"; type = "restic"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_restic_social}" + "--addr=0.0.0.0:${toString ports.restic_social}" "--htpasswd=${secrets.restic_social_htpasswd.path}" "--baseurl=/Social/" ]; @@ -142,7 +142,7 @@ in { remote = "StorageBox:Backups/Restic/Quassel"; type = "restic"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_restic_quassel}" + "--addr=0.0.0.0:${toString ports.restic_quassel}" "--htpasswd=${secrets.restic_quassel_htpasswd.path}" "--baseurl=/Quassel/" ]; @@ -152,7 +152,7 @@ in { remote = "StorageBox:Backups/Restic/PostgreSQL"; type = "restic"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_restic_postgresql}" + "--addr=0.0.0.0:${toString ports.restic_postgresql}" "--htpasswd=${secrets.restic_postgresql_htpasswd.path}" "--baseurl=/PostgreSQL/" ]; @@ -162,7 +162,7 @@ in { remote = "StorageBox:Backups/Restic/CalDAV"; type = "restic"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_restic_caldav}" + "--addr=0.0.0.0:${toString ports.restic_caldav}" "--htpasswd=${secrets.restic_caldav_htpasswd.path}" "--baseurl=/CalDAV/" ]; @@ -172,7 +172,7 @@ in { remote = "StorageBox:Backups/Restic/Mail"; type = "restic"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_restic_mail}" + "--addr=0.0.0.0:${toString ports.restic_mail}" "--htpasswd=${secrets.restic_mail_htpasswd.path}" "--baseurl=/Mail/" ]; @@ -182,7 +182,7 @@ in { remote = "StorageBox:Backups/Restic/Forgejo"; type = "restic"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_restic_forgejo}" + "--addr=0.0.0.0:${toString ports.restic_forgejo}" "--htpasswd=${secrets.restic_forgejo_htpasswd.path}" "--baseurl=/Forgejo/" ]; diff --git a/hosts/lappy-t495/lappy-t495.nix b/hosts/lappy-t495/lappy-t495.nix index 4f79d4f..97166e3 100644 --- a/hosts/lappy-t495/lappy-t495.nix +++ b/hosts/lappy-t495/lappy-t495.nix @@ -11,7 +11,6 @@ profiles.cross.arm64 profiles.remoteBuilders profiles.chaosInternalWireGuard - profiles.fingerprint ./profiles/raspberryExtDrive.nix diff --git a/profiles/base/nix.nix b/profiles/base/nix.nix index 9dbfac0..f5c32eb 100644 --- a/profiles/base/nix.nix +++ b/profiles/base/nix.nix @@ -6,7 +6,8 @@ ... }: let inherit (lib.strings) optionalString versionAtLeast; - inherit (lib.optional); + inherit (lib.lists) optional; + inherit (lib.modules) mkIf; in { nix = { nixPath = ["nixpkgs=${inputs.nixpkgs}"]; @@ -18,7 +19,7 @@ in { settings.system-features = lib.optional (pkgs.system == "aarch64-linux") "native-arm64"; settings.trusted-users = ["root" "@wheel"]; }; - nixpkgs = { + nixpkgs = mkIf (!config.boot.isContainer) { config = { allowUnfree = true;