nixos/hosts/faunus-ater.nix

{
  pkgs,
  lib,
  config,
  inputs,
  ...
}: let
  sopsPath = key: config.sops.secrets.${key}.path;

  scrapedExporters = lib.attrsets.mapAttrsToList (expName: conf: {
    job_name = expName;
    static_configs = lib.singleton {
      targets = lib.singleton "localhost:${builtins.toString conf.port}";
    };
  });

  mkVirtHost = lib.attrsets.recursiveUpdate {
    addSSL = true;
    listenAddresses = [vpnIPv4 "[${vpnIPv6}]"];
    sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../secrets/ca.crt);
    sslCertificateKey = sopsPath "nginx-cert-key";
    sslCertificate = sopsPath "nginx-cert-crt";
  };

  vpnInterface = config.services.tailscale.interfaceName;
  vpnIPv4 = "100.108.135.4";
  vpnIPv6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
in {
  imports = [
    inputs.nixos-hardware.nixosModules.common-cpu-intel #-cpu-only
    ../modules/nginx-reverse-proxy.nix
    ../hardware/asrock-z370-i3-black-box.nix
  ];
  config = {
    networking.hostName = "faunus-ater";
    networking.hostId = "a4d7bec4";
    networking.interfaces.eno1.useDHCP = true;

    # === Make sure ZFS works ===
    # TODO: Update and think of some automatic way of keeping this up to date.
    boot.kernelPackages = pkgs.linuxPackages_5_15;

    # === Can't handle this ===
    systemd.enableEmergencyMode = false;

    # === Settings ===
    settings.ssh.openOutsideVPN = true;
    settings.printing.enable = true;

    # === ZFS services ===
    services.zfs.trim.enable = true;
    services.zfs.autoScrub.enable = true;
    services.zfs.autoScrub.pools = ["rpool"];

    # === Additional services ===
    services.fwupd.enable = true;
    powerManagement = {
      enable = true;
      powertop.enable = true;
      cpuFreqGovernor = "powersave";
    };

    # === Git.home, because everything else sucks ===
    services.gogsHome = {
      enable = true;
      passwordFile = sopsPath "gogs-database-password";
      addr = {
        v4 = vpnIPv4;
        v6 = vpnIPv6;
      };
      stateDir = "/data/dirty/gogs";
    };
    sops.secrets.gogs-database-password = {
      owner = config.users.users.gogs.name;
      mode = "0400";
    };

    # === Extend printing settings because sharing is caring ===
    services.printing = {
      listenAddresses = ["*:631"];
      allowFrom = ["all" "@IF(${vpnInterface})"];
      defaultShared = true;
      browsing = true;
      logLevel = "debug";
    };
    networking.firewall.interfaces.${vpnInterface} = {
      allowedUDPPorts = [631];
      allowedTCPPorts = [631 config.services.hydra.port];
    };
    hardware.printers = {
      ensureDefaultPrinter = "Local";
      ensurePrinters = lib.singleton {
        description = "The fastest Boi in town!";
        deviceUri = "usb://Samsung/ML-1640%20Series?serial=144QBAHS600499T.";
        location = "@Home";
        model = "samsung/ML-1640.ppd";
        name = "Local";
        ppdOptions = {
          PageSize = "A4";
          Resolution = "600dpi";
        };
      };
    };

    virtualisation.oci-containers.backend = "podman";
    virtualisation.podman = {
      enable = true;
      dockerCompat = true;
      extraPackages = with pkgs; [zfs];
    };
    # Override storage driver
    virtualisation.containers.storage.settings = {
      storage = {
        driver = "zfs";
        graphroot = "/var/lib/containers/storage";
        runroot = "/run/containers/storage";
      };
    };

    virtualisation.oci-containers.containers."timetagger" = {
      image = "ghcr.io/almarklein/timetagger:v23.2.1";
      ports = ["5873:5873"];
      environment = {
        TIMETAGGER_BIND = "0.0.0.0:5873";
        TIMETAGGER_DATADIR = "/root/_timetagger";
        TIMETAGGER_LOG_LEVEL = "info";
        TIMETAGGER_CREDENTIALS = "malte:$2a$08$P.e3SD0cnPK0P4mFYShELuoa37.1e1dEqE8MWa6LJ/kSJfje1BdBi,marie:$2a$08$ubOZWO510y5bgwIl0O4Ne.dKZdWoHqEMzvs56L6esqvLfBJ/6OgYm";
      };
      volumes = [
        "/data/dirty/timetagger:/root/_timetagger"
      ];
    };
    services.nginx.virtualHosts."time.home" = mkVirtHost {
      locations."/" = {
        proxyPass = "http://127.0.0.1:5873";
        proxyWebsockets = true;
      };
    };

    services.nginx.virtualHosts."todo.home" = mkVirtHost {
      locations."/" = {
        proxyPass = "http://127.0.0.1:7372";
        proxyWebsockets = true;
      };
    };

    services.nginx.virtualHosts."support.home" = mkVirtHost {
      locations."/" = {
        proxyPass = "http://127.0.0.1:9999";
        proxyWebsockets = true;
      };
    };

    services.nginx.virtualHosts."config.home" = mkVirtHost {
      locations."/" = {
        proxyPass = "http://127.0.0.1:8123";
        proxyWebsockets = true;
      };
    };
    virtualisation.oci-containers.containers.home-assistant = {
      volumes = ["/data/dirty/home-assistant:/config"];
      environment.TZ = "Europe/Berlin";
      image = "ghcr.io/home-assistant/home-assistant:2023.9";
      ports = [
        "8123:8123"
        "1400:1400/tcp"
      ];
      extraOptions = [
        # TODO: Fix the path of the zigbee controller using udev
        "--device=/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0"
        "--device=/dev/ttyUSB0"
        "--cap-add=CAP_NET_RAW,CAP_NET_BIND_SERVICE"
      ];
    };
    # For SONOS
    networking.firewall.allowedTCPPorts = [1400];

    # === Dim ===
    # virtualisation.oci-containers.containers."dim" = {
    #   environment = {};
    #   image = "ghcr.io/dusk-labs/dim:dev";
    #   ports = lib.singleton "7999:8000";
    #   volumes = [
    #     # TODO: https://github.com/Dusk-Labs/dim/blob/master/docker-compose-template.yml
    #     "/srv/media.deletemesoon:/media:ro"
    #   ];
    #   #user = "${config.users.users.dim.name}:${config.users.groups.dim.name}";
    # };

    # === SheetAble ===
    # virtualisation.oci-containers.containers."sheetable" = {
    #   environment = {
    #     CONFIG_PATH = "/app/config/";
    #   };
    #   image = "vallezw/sheetable";
    #   ports = lib.singleton "7998:8080";
    #   volumes = [
    #     # TODO: https://sheetable.net/docs/Installation/installation-docker
    #   ];
    # };

    # === Seafile ===
    # services.seafile = {
    #   enable = true;
    #   adminEmail = "malte.tammena@pm.me";
    #   initialAdminPassword = "test";
    #   seafileSettings = {
    #     fileserver.host = "::1";
    #   };
    #   ccnetSettings.General.SERVICE_URL = "http://file.home";
    # };

    # === HYDRA & Friends. ===
    services.hydra = {
      enable = true;
      package = pkgs.hydra;
      notificationSender = "hydra@home";
      hydraURL = "http://faunus-ater:${builtins.toString config.services.hydra.port}";
      minimumDiskFree = 10;
      useSubstitutes = true;
    };
    services.nix-serve = {
      enable = true;
      secretKeyFile = sopsPath "nix-store-signing-key";
      # FIXME: Remove once fixed upstream
      package = pkgs.nix-serve.override {
        nix = pkgs.nixVersions.nix_2_12;
      };
    };
    # Build on other machines aswell if possible
    nix.buildMachines = [
      {
        hostName = "localhost";
        maxJobs = 4;
        speedFactor = 1;
        sshKey = sopsPath "hydra-overseer-key";
        sshUser = "hydra-minion";
        systems = ["x86_64-linux" "i686-linux"];
      }
      {
        hostName = "helix-texta";
        maxJobs = 4;
        speedFactor = 2;
        sshKey = sopsPath "hydra-overseer-key";
        sshUser = "hydra-minion";
        supportedFeatures = ["kvm" "big-parallel"];
        systems = ["x86_64-linux" "i686-linux"];
      }
      {
        hostName = "murex-pecten";
        maxJobs = 4;
        speedFactor = 4;
        sshKey = sopsPath "hydra-overseer-key";
        sshUser = "hydra-minion";
        supportedFeatures = ["kvm" "big-parallel"];
        systems = ["x86_64-linux" "i686-linux"];
      }
    ];
    # TODO: This doesn't seem to work
    programs.ssh.extraConfig = ''
      Host *
        StrictHostKeyChecking accept-new
    '';
    nix.extraOptions = ''
      allowed-uris = http:// https://
    '';
    systemd.services."hydra-initial-setup" = {
      description = "Setup hydra admin password once";
      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = true;
        LoadCredential = "USER_PW:${sopsPath "hydra-admin-password"}";
      };
      wantedBy = lib.singleton "multi-user.target";
      requires = lib.singleton "hydra-init.service";
      after = lib.singleton "hydra-init.service";
      environment = {
        inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI;
      };
      script = let
        hydra-create-user = "${pkgs.hydra}/bin/hydra-create-user";
      in ''
        if [ ! -e ~hydra/.setup-is-complete ]; then
          # create admin user
          ${hydra-create-user} admin --full-name 'Admin Mc. Admining' --email-address 'admin@faunus-ater' --password "$USER_PW" --role admin || exit 1
          # done
          touch ~hydra/.setup-is-complete
        fi
      '';
    };
    services.nginx.virtualHosts = {
      "hydra.home" = mkVirtHost {
        locations."/" = {
          proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}";
        };
      };
      "cache.home" = mkVirtHost {
        locations."/" = {
          proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}";
        };
      };
    };

    # === PAPERLESS service, save me! ===
    services.paperless = {
      enable = true;
      address = "[::1]";
      passwordFile = sopsPath "paperless-admin-password";
      dataDir = "/data/dirty/paperless";
      extraConfig = {
        PAPERLESS_OCR_LANGUAGE = "deu";
        PAPERLESS_CONSUMER_RECURSIVE = true;
        PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
        PAPERLESS_URL = "https://doc.home";
      };
    };
    services.nginx.virtualHosts."doc.home" = mkVirtHost {
      locations."/" = {
        proxyPass = "http://[::1]:${builtins.toString config.services.paperless.port}";
        proxyWebsockets = true;
      };
    };

    # === Komga, for my reading needs ===
    services.komga = {
      enable = true;
      stateDir = "/data/dirty/komga";
    };
    services.nginx.virtualHosts."read.home" = mkVirtHost {
      locations."/" = {
        proxyPass = "http://[::1]:${builtins.toString config.services.komga.port}";
        proxyWebsockets = true;
      };
    };

    # === Trilium ===
    services.trilium-server = {
      enable = true;
      port = 10302;
      dataDir = "/data/dirty/trilium";
    };
    services.nginx.virtualHosts."note.home" = mkVirtHost {
      locations."/" = {
        proxyPass = "http://${config.services.trilium-server.host}:${builtins.toString config.services.trilium-server.port}";
        proxyWebsockets = true;
      };
    };

    # === Photoprism ===
    services.photoprism = {
      enable = true;
      port = 2342;
      storagePath = "/data/dirty/photoprism/storage";
      originalsPath = "/data/dirty/photoprism/originals";
      importPath = "/data/dirty/photoprism/import";
      passwordFile = sopsPath "photoprism-admin-password";
      settings = {
        PHOTOPRISM_SESSION_MAXAGE = "31536000";
        PHOTOPRISM_SESSION_TIMEOUT = "31536000";
        PHOTOPRISM_UPLOAD_NSFW = "true";
        PHOTOPRISM_DETECT_NSFW = "true";
        PHOTOPRISM_SITE_URL = "https://foto.home";
        PHOTOPRISM_SITE_TITLE = "PhotoPrism";
        PHOTOPRISM_SITE_CAPTION = "All the pictures!";
        PHOTOPRISM_SITE_DESCRIPTION = "";
        PHOTOPRISM_SITE_AUTHOR = "";
      };
    };
    # TODO: Why does it not work without these? :/
    systemd.services.photoprism.serviceConfig.User = lib.mkForce null;
    systemd.services.photoprism.serviceConfig.Group = lib.mkForce null;
    systemd.services.photoprism.serviceConfig.DynamicUser = lib.mkForce false;
    systemd.services.photoprism.serviceConfig.SystemCallFilter = lib.mkForce [];
    services.nginx.virtualHosts."foto.home" = mkVirtHost {
      locations."/" = {
        proxyPass = "http://localhost:${builtins.toString config.services.photoprism.port}";
        proxyWebsockets = true;
      };
      extraConfig = ''
        client_max_body_size 500M;
      '';
    };

    # === Restic User Backup ===
    services.resticConfigured = {
      enable = true;
      rootDir = "/data/dirty/restic";
      openFirewall = true;
    };

    # === Grafana ===
    services.grafanaHome = {
      enable = true;
      nginx.listenAddresses = [vpnIPv4 "[${vpnIPv6}]"];
      nginx.sslCertificate = sopsPath "nginx-cert-crt";
      nginx.sslCertificateKey = sopsPath "nginx-cert-key";
      grafana.adminPasswordFile = sopsPath "grafana-admin-password";
    };

    # === Prometheus ===
    services.prometheus = {
      enable = true;
      enableReload = true;
      exporters = {
        fritzbox = {
          enable = true;
          gatewayAddress = "spof";
        };
        node = {
          enable = true;
          enabledCollectors = ["systemd"];
          disabledCollectors = ["diskstats"];
        };
      };
      scrapeConfigs = scrapedExporters {inherit (config.services.prometheus.exporters) fritzbox node;};
    };
    systemd.services."prometheus-fritzbox-exporter".serviceConfig.EnvironmentFile = sopsPath "fritzbox-exporter-env";
    # TODO: Yikes
    systemd.services."prometheus-fritzbox-exporter".serviceConfig.ExecStart = let
      cfg = config.services.prometheus.exporters.fritzbox;
    in
      lib.mkForce ''
        ${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \
          -listen-address ${cfg.listenAddress}:${toString cfg.port} \
          -gateway-url http://${cfg.gatewayAddress}:${toString cfg.gatewayPort} \
          -gateway-luaurl http://${cfg.gatewayAddress} \
          -metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics.json \
          -lua-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics-lua_cable.json
      '';

    # services.nginx.virtualHosts."media.home" = {
    #   locations."/" = {
    #     proxyPass = "http://127.0.0.1:7999";
    #     proxyWebsockets = true;
    #   };
    # };

    # services.nginx.virtualHosts."file.home" = {
    #   locations."/" = {
    #     proxyPass = "http://[::1]:${builtins.toString config.services.seafile.seafileSettings.fileserver.port}";
    #     proxyWebsockets = true;
    #   };
    # };
    # networking.firewall.allowedTCPPorts = [config.services.seafile.seafileSettings.fileserver.port];

    # === Print Service ===
    systemd.paths."print-all-files" = {
      requires = ["printer.target"];
      after = ["printer.target"];
      wantedBy = ["default.target"];
      pathConfig = {
        DirectoryNotEmpty = "/srv/to-be-printed";
        MakeDirectory = true;
        DirectoryMode = "777";
        Unit = "print-all-files.service";
      };
    };
    systemd.services."print-all-files" = let
      printAndDeleteFile = pkgs.writeShellApplication {
        name = "print-and-delete-file";
        runtimeInputs = [
          pkgs.coreutils
          pkgs.cups
        ];
        text = ''
          echo Printing "$1"
          lp -- "$1"
          rm "$1"
        '';
      };
      script = pkgs.writeShellApplication {
        name = "print-all-files-script";
        runtimeInputs = [
          pkgs.coreutils
          printAndDeleteFile
        ];
        text = ''
          find . -type f -exec print-and-delete-file "{}" \;
        '';
      };
    in {
      requires = ["printer.target"];
      after = ["printer.target"];
      serviceConfig = {
        WorkingDirectory = "/srv/to-be-printed";
        ExecStart = "${script}/bin/print-all-files-script";
        # Wait 15 seconds before restart to let the file load, if not present yet
        RestartSec = "15";
      };
    };
    users.users.sftp = {
      description = "User used for all sftp stuff";
      isNormalUser = true;
      group = "sftp";
      openssh.authorizedKeys.keyFiles = [
        ../secrets/users/malte/sftp-key.pub
        ../secrets/users/marie/sftp-key.pub
      ];
    };
    users.groups.sftp = {};

    hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

    # === BACKUPS ===
    services.restic.backups = {
      # Make sure my 'active IO' disk get's saved once a day
      zdirty = {
        initialize = true;
        repository = "/data/archive/dirty.bak";
        timerConfig.OnCalendar = "daily";
        paths = lib.singleton "/data/dirty";
        pruneOpts = [
          "--keep-daily 1"
          "--keep-weekly 1"
          "--keep-monthly 1"
          "--keep-yearly 5"
        ];
        passwordFile = sopsPath "internal-restic-password";
      };
    };

    # === RUNTIME SECRETS ===
    sops.defaultSopsFile = ../secrets/hosts/faunus-ater/secrets.yaml;
    sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
    sops.secrets = {
      "paperless-admin-password" = {};
      "photoprism-admin-password" = {};
      "grafana-admin-password" = {
        owner = config.users.users.grafana.name;
        mode = "0400";
      };
      "nginx-cert-key" = {
        owner = config.users.users.nginx.name;
        mode = "0400";
      };
      "nginx-cert-crt" = {
        owner = config.users.users.nginx.name;
        mode = "0400";
      };
      "fritzbox-exporter-env" = {};
      "internal-restic-password" = {};
      "nix-store-signing-key" = {};
      "hydra-admin-password" = {
        owner = config.users.users.hydra.name;
        mode = "0400";
      };
      "hydra-overseer-key" = {
        owner = config.users.users.hydra.name;
        mode = "0440";
      };
    };

    # This value determines the NixOS release from which the default
    # settings for stateful data, like file locations and database versions
    # on your system were taken. It‘s perfectly fine and recommended to leave
    # this value at the release version of the first install of this system.
    # Before changing this value read the documentation for this option
    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
    system.stateVersion = "22.05"; # Did you read the comment?
  };
}
-												[host/faunus-ater] Envision & Create

											
										
										
											2022-05-27 18:11:47 +02:00
+								{
 								  pkgs,
 								  lib,
 								  config,
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								  inputs,
-												[host/faunus-ater] Envision & Create

											
										
										
											2022-05-27 18:11:47 +02:00
+								  ...
-												[host/faunus-ater] Disable testing services, setup paperless

											
										
										
											2022-06-05 11:50:44 +02:00
+								}: let
 								  sopsPath = key: config.sops.secrets.${key}.path;
-												[host/faunus-ater] Setup prometheus/grafana

											
										
										
											2022-06-06 17:28:41 +02:00
-												Update lockfile

• Updated input 'cataclysm-dda':
    'github:CleverRaven/Cataclysm-DDA/5a82316ecf75eacac29dd6580ef152aee5e7d159' (2022-09-23)
  → 'github:CleverRaven/Cataclysm-DDA/8e428ca5f21fb868b7eb6aa8380d1fcdbb960bd8' (2022-12-08)
• Updated input 'colmena':
    'github:zhaofengli/colmena/a8e6b999cfec9fadc2ca81994da44182e73be7eb' (2022-09-21)
  → 'github:zhaofengli/colmena/64c46fa0169233d4faed70c52583cd3183c7f5aa' (2022-12-01)
• Added input 'colmena/flake-utils':
    'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07)
• Updated input 'colmena/nix-eval-jobs/flake-utils':
    'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07)
  → follows 'colmena/flake-utils'
• Updated input 'colmena/stable':
    'github:NixOS/nixpkgs/879121648fe522b38cc1cf75aef160a14a1f2e7b' (2022-08-14)
  → 'github:NixOS/nixpkgs/731cc710aeebecbf45a258e977e8b68350549522' (2022-11-29)
• Removed input 'colmena/utils'
• Updated input 'fenix':
    'github:nix-community/fenix/3c8bbc1d99e241efa29df54658615d7f8344c01f' (2022-09-23)
  → 'github:nix-community/fenix/e7941faba7f6cd0a6058330ad8c40d8dc52d741c' (2022-12-08)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/5b49745d009634170493a214364261e36228274b' (2022-09-20)
  → 'github:rust-lang/rust-analyzer/6e8a54d0f68702cf7981c8299357838eb0f4d5b2' (2022-12-07)
• Updated input 'home-manager':
    'github:nix-community/home-manager/bd83eab6220226085c82e637931a7ae3863d9893' (2022-09-22)
  → 'github:nix-community/home-manager/2af0d07678fc15612345e0dd55337550dcf6465f' (2022-12-05)
• Updated input 'home-manager/utils':
    'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07)
  → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
• Updated input 'hydra':
    'github:NixOS/hydra/53335323ae79ca1a42643f58e520b376898ce641' (2022-09-22)
  → 'github:NixOS/hydra/d1fac69c213002721971cd983e2576b784677d40' (2022-12-05)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/cc896be6a3ebbccf04e7e07e89b666fa091a846a' (2022-11-14)
  → 'github:Jovian-Experiments/Jovian-NixOS/6d70c2fda85377e1fd7f2ede9ac82ff02dfeb0d5' (2022-12-04)
• Updated input 'nickel':
    'github:tweag/nickel/12298a821c46459aa3651b5645a4c69340a25cd4' (2022-09-21)
  → 'github:tweag/nickel/6110c7f61e46f39e57503889b8f699de8ef3d41e' (2022-12-07)
• Added input 'nickel/crane':
    'github:ipetkov/crane/24591d5f8cc979f7b243b88a2d39da09976970ad' (2022-11-28)
• Added input 'nickel/crane/flake-compat':
    'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19)
• Added input 'nickel/crane/flake-utils':
    'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
• Added input 'nickel/crane/nixpkgs':
    follows 'nickel/nixpkgs'
• Added input 'nickel/crane/rust-overlay':
    'github:oxalica/rust-overlay/cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b' (2022-11-03)
• Added input 'nickel/crane/rust-overlay/flake-utils':
    follows 'nickel/crane/flake-utils'
• Added input 'nickel/crane/rust-overlay/nixpkgs':
    follows 'nickel/crane/nixpkgs'
• Updated input 'nickel/flake-utils':
    'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07)
  → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
• Updated input 'nickel/pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/8cb8ea5f1c7bc2984f460587fddd5f2e558f6eb8' (2022-08-18)
  → 'github:cachix/pre-commit-hooks.nix/2597510df32efafda4d05f5122efe612a7a5da66' (2022-12-03)
• Added input 'nickel/pre-commit-hooks/flake-compat':
    'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
• Added input 'nickel/pre-commit-hooks/gitignore':
    'github:hercules-ci/gitignore.nix/a20de23b925fd8264fd7fad6454652e142fd7f73' (2022-08-14)
• Added input 'nickel/pre-commit-hooks/gitignore/nixpkgs':
    follows 'nickel/pre-commit-hooks/nixpkgs'
• Added input 'nickel/pre-commit-hooks/nixpkgs-stable':
    'github:NixOS/nixpkgs/cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a' (2022-11-20)
• Updated input 'nickel/rust-overlay':
    'github:oxalica/rust-overlay/8ac6d40380dc4ec86f1ff591d5c14c8ae1d77a18' (2022-09-03)
  → 'github:oxalica/rust-overlay/a0d5773275ecd4f141d792d3a0376277c0fc0b65' (2022-12-03)
• Updated input 'nix-colors':
    'github:Misterio77/nix-colors/787b9599227dbf09847e3b3d23187b88ba14e14a' (2022-09-21)
  → 'github:Misterio77/nix-colors/fcd345bd1c9e7c203c3320ee6ca39814c97ac1fe' (2022-12-05)
• Updated input 'nix-colors/base16-schemes':
    'github:base16-project/base16-schemes/7c247f734eac7f04518c6e28d098635ee8dcabf5' (2022-06-10)
  → 'github:tinted-theming/base16-schemes/a3dc916cf90471a422c0bfe1bb4b1bdd12185ced' (2022-10-13)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/a0df6cd6e199df4a78c833c273781ea92fa62cfb' (2022-09-15)
  → 'github:NixOS/nixos-hardware/9d87bc030a0bf3f00e953dbf095a7d8e852dab6b' (2022-12-04)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/d6490a0bd9dfb298fcd8382d3363b86870dc7340' (2022-09-21)
  → 'github:NixOS/nixpkgs/6e51c97f1c849efdfd4f3b78a4870e6aa2da4198' (2022-12-05)
• Updated input 'nixpkgs-wayland':
    'github:nix-community/nixpkgs-wayland/f6259c8daf197480297c33a442d78175b8b417b2' (2022-09-22)
  → 'github:nix-community/nixpkgs-wayland/5097457af8e9dcf45a68fa892716919ad28e545a' (2022-12-08)
• Removed input 'nixpkgs-wayland/cachix'
• Updated input 'nixpkgs-wayland/flake-compat':
    'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19)
  → 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
• Updated input 'nixpkgs-wayland/lib-aggregate':
    'github:nix-community/lib-aggregate/05a081a254f4bc7ca026a6ebdcf9864170208bc3' (2022-09-18)
  → 'github:nix-community/lib-aggregate/c0f784c05c85422cd7d532fd1a630ba5e8f2348f' (2022-12-04)
• Updated input 'nixpkgs-wayland/lib-aggregate/flake-utils':
    'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07)
  → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
• Updated input 'nixpkgs-wayland/lib-aggregate/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/30286fa7fb374fa3ffc80ac35eb7fadf572ae357' (2022-09-18)
  → 'github:nix-community/nixpkgs.lib/77e67cb65014fb75c1c8ccfec60e9bd8b7d02c94' (2022-12-04)
• Added input 'nixpkgs-wayland/nix-eval-jobs':
    'github:nix-community/nix-eval-jobs/6117ef2024f679d5c52876031880b752f2be4517' (2022-12-08)
• Added input 'nixpkgs-wayland/nix-eval-jobs/flake-utils':
    'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
• Added input 'nixpkgs-wayland/nix-eval-jobs/nixpkgs':
    follows 'nixpkgs-wayland/nixpkgs'
• Updated input 'qmk-udev-rules':
    'github:qmk/qmk_firmware/3b7aeddc4dea42f9c7850b2a39661349d0b1352e' (2022-09-22)
  → 'github:qmk/qmk_firmware/bb3d694875e4b02d0befee60853d3f5997acabb8' (2022-12-07)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/bae718a9d1e31ec478ddfcb75149f66e9625a825' (2022-09-18)
  → 'github:Mic92/sops-nix/da98a111623101c64474a14983d83dad8f09f93d' (2022-12-04)
• Removed input 'sops-nix/nixpkgs-22_05'
• Added input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/86370507cb20c905800527539fc049a2bf09c667' (2022-12-04)

											
										
										
											2022-12-08 12:07:35 +01:00
+								  scrapedExporters = lib.attrsets.mapAttrsToList (expName: conf: {
 								    job_name = expName;
 								    static_configs = lib.singleton {
 								      targets = lib.singleton "localhost:${builtins.toString conf.port}";
 								    };
 								  });
-												Format

											
										
										
											2022-06-12 08:32:56 +02:00
-												[host/faunus-ater,host/elysia-clarki] Move hydra to faunus-ater

											
										
										
											2022-06-13 22:35:28 +02:00
+								  mkVirtHost = lib.attrsets.recursiveUpdate {
 								    addSSL = true;
-												[hosts,flake] Fix DNS/Nginx, remove old services

											
										
										
											2022-06-18 11:14:13 +02:00
+								    listenAddresses = [vpnIPv4 "[${vpnIPv6}]"];
-												[host/faunus-ater,host/elysia-clarki] Move hydra to faunus-ater

											
										
										
											2022-06-13 22:35:28 +02:00
+								    sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../secrets/ca.crt);
 								    sslCertificateKey = sopsPath "nginx-cert-key";
 								    sslCertificate = sopsPath "nginx-cert-crt";
 								  };
-												Format

											
										
										
											2022-06-12 08:32:56 +02:00
+								  vpnInterface = config.services.tailscale.interfaceName;
-												[host/faunus-ater] Provision grafana dashboards

											
										
										
											2022-06-14 15:09:33 +02:00
+								  vpnIPv4 = "100.108.135.4";
 								  vpnIPv6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
-												[host/faunus-ater] Disable testing services, setup paperless

											
										
										
											2022-06-05 11:50:44 +02:00
+								in {
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								  imports = [
 								    inputs.nixos-hardware.nixosModules.common-cpu-intel #-cpu-only
 								    ../modules/nginx-reverse-proxy.nix
 								    ../hardware/asrock-z370-i3-black-box.nix
 								  ];
 								  config = {
 								    networking.hostName = "faunus-ater";
 								    networking.hostId = "a4d7bec4";
 								    networking.interfaces.eno1.useDHCP = true;
-												[host/faunus-ater] Envision & Create

											
										
										
											2022-05-27 18:11:47 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Make sure ZFS works ===
 								    # TODO: Update and think of some automatic way of keeping this up to date.
 								    boot.kernelPackages = pkgs.linuxPackages_5_15;
-												Update lockfile

Fix flake nixConfig, do not override cache.nixos.
Fix Kernel version for hosts using zfs.
Fix path change in nix-colors library.

• Updated input '2i-emulator':
    'github:klemens/2i-emulator/3bd74bdeffbc6340ef4455269090cf50d07e2e5f' (2020-06-07)
  → 'github:klemens/2i-emulator/dbd022bce6ef22a798c36c2b22915ab72b64822d' (2022-06-05)
• Updated input 'cataclysm-dda':
    'github:CleverRaven/Cataclysm-DDA/5f60b52c16d71e42824cdc6244dba937a954f383' (2022-05-14)
  → 'github:CleverRaven/Cataclysm-DDA/f6be61e24299d493f714b4b1fe5189deeb5a4c06' (2022-06-16)
• Updated input 'colmena':
    'github:zhaofengli/colmena/11289dd7ff71f75bd252525167c5a9f685c06bcf' (2022-04-04)
  → 'github:zhaofengli/colmena/1b3c272b5873f809c18434924d99967c73d4e2cf' (2022-06-10)
• Updated input 'colmena/flake-compat':
    'github:edolstra/flake-compat/64a525ee38886ab9028e6f61790de0832aa3ef03' (2022-03-25)
  → 'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19)
• Updated input 'colmena/stable':
    'github:NixOS/nixpkgs/0aac710801aec4ba545527cf41a5706028fe6271' (2022-04-03)
  → 'github:NixOS/nixpkgs/ec6eaba9dfcfdd11547d75a193e91e26701bf7e3' (2022-05-31)
• Updated input 'colmena/utils':
    'github:numtide/flake-utils/0f8662f1319ad6abf89b3380dd2722369fc51ade' (2022-03-26)
  → 'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30)
• Updated input 'fenix':
    'github:nix-community/fenix/1d50f0152aabfb527e90488ed18d9e22190f14cf' (2022-04-15)
  → 'github:nix-community/fenix/720b54260dee864d2a21745bd2bb55223f58e297' (2022-06-16)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-analyzer/rust-analyzer/7ce3ca5aabb906ac06c5132ef5b333a7c3af1b98' (2022-04-14)
  → 'github:rust-lang/rust-analyzer/519d7484f3b1beb25dec9f2249adeaaa21033433' (2022-06-15)
• Updated input 'home-manager':
    'github:nix-community/home-manager/d49d68f4196d32c5039cb9e91d730cee894f6f14' (2022-04-15)
  → 'github:nix-community/home-manager/504d6de6a061993c3f585f9a86c6a9f68927b1c0' (2022-06-15)
• Added input 'home-manager/flake-compat':
    'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19)
• Added input 'home-manager/nmd':
    'gitlab:rycee/nmd/9e7a20e6ee3f6751f699f79c0b299390f81f7bcd' (2022-05-23)
• Added input 'home-manager/nmt':
    'gitlab:rycee/nmt/d83601002c99b78c89ea80e5e6ba21addcfe12ae' (2022-03-23)
• Added input 'home-manager/utils':
    'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30)
• Updated input 'hydra':
    'github:NixOS/hydra/c44d9d9e917f8f02ddb5c01a8620c439993540b6' (2022-04-08)
  → 'github:NixOS/hydra/cf9f38e43fd81f9298e3f2ff50c8a6ee0acc3af0' (2022-05-31)
• Updated input 'nickel':
    'github:tweag/nickel/91d9b3e214646387338081fb0278fe75cb3444e9' (2022-04-14)
  → 'github:tweag/nickel/24bdbde6bc34d99c046a01744413f1152d3a9b4c' (2022-06-14)
• Updated input 'nickel/flake-utils':
    'github:numtide/flake-utils/0f8662f1319ad6abf89b3380dd2722369fc51ade' (2022-03-26)
  → 'github:numtide/flake-utils/04c1b180862888302ddfb2e3ad9eaa63afc60cf8' (2022-05-17)
• Updated input 'nickel/pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/b6bc0b21e1617e2b07d8205e7fae7224036dfa4b' (2022-03-01)
  → 'github:cachix/pre-commit-hooks.nix/521a524771a8e93caddaa0ac1d67d03766a8b0b3' (2022-05-16)
• Updated input 'nickel/rust-overlay':
    'github:oxalica/rust-overlay/7c90e17cd7c0b9e81d5b23f78b482088ac9961d1' (2022-04-02)
  → 'github:oxalica/rust-overlay/3bc2619665745f5e6f2efc3d0664edad4f62201b' (2022-05-21)
• Updated input 'nix-colors':
    'github:Misterio77/nix-colors/fe9fd38b9ddc81afe5d45be6d286472de3f89f03' (2022-05-12)
  → 'github:Misterio77/nix-colors/2c2e107765b7b2e54b10d3fc2ffe5ed2ca2c7731' (2022-06-12)
• Added input 'nix-colors/base16-schemes':
    'github:base16-project/base16-schemes/7c247f734eac7f04518c6e28d098635ee8dcabf5' (2022-06-10)
• Updated input 'nixForHydra/nixpkgs':
    'github:NixOS/nixpkgs/82891b5e2c2359d7e58d08849e4c89511ab94234' (2021-09-28)
  → 'github:NixOS/nixpkgs/530a53dcbc9437363471167a5e4762c5fcfa34a1' (2022-02-19)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/1a0ccdbf4583ed0fce37eea7955e8ef90f840a9f' (2022-04-13)
  → 'github:NixOS/nixos-hardware/0cab18a48de7914ef8cad35dca0bb36868f3e1af' (2022-06-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ff9efb0724de5ae0f9db9df2debefced7eb1571d' (2022-04-13)
  → 'github:NixOS/nixpkgs/6616de389ed55fba6eeba60377fc04732d5a207c' (2022-06-14)
• Updated input 'nixpkgs-wayland':
    'github:nix-community/nixpkgs-wayland/7edb849271e82862e343c9e86cf38cdc825ba5b0' (2022-04-10)
  → 'github:nix-community/nixpkgs-wayland/7846b63c3524cabd82778c308d6b3d3fa79211b8' (2022-06-16)
• Updated input 'nixpkgs-wayland/cachix':
    'github:nixos/nixpkgs/530a53dcbc9437363471167a5e4762c5fcfa34a1' (2022-02-19)
  → 'github:nixos/nixpkgs/9227bbe43157225414e990b87587ccb1665225d9' (2022-06-14)
• Updated input 'nixpkgs-wayland/flake-compat':
    'github:edolstra/flake-compat/64a525ee38886ab9028e6f61790de0832aa3ef03' (2022-03-25)
  → 'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19)
• Added input 'nixpkgs-wayland/lib-aggregate':
    'github:nix-community/lib-aggregate/e0059f35f3727b94ea833489fd40d9e666f8da79' (2022-06-12)
• Added input 'nixpkgs-wayland/lib-aggregate/flake-utils':
    'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30)
• Added input 'nixpkgs-wayland/lib-aggregate/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/8f09bff20b363b80213186156168126674990368' (2022-06-12)
• Updated input 'qmk-udev-rules':
    'github:qmk/qmk_firmware/8de4065b099a99bcffe436a038616b0c31ade7c3' (2022-04-14)
  → 'github:qmk/qmk_firmware/8e128452db4a5c93f0214a1f6ea38e213445235c' (2022-06-16)
• Updated input 'radicale_infcloud':
    'github:Unrud/RadicaleInfCloud/3e8e476fc2ff1467ea05aa0944058288ccdadf92' (2022-01-19)
  → 'github:Unrud/RadicaleInfCloud/53d3a95af5b58cfa3242cef645f8d40c731a7d95' (2022-04-18)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/c2614c4fe61943b3d280ac1892fcebe6e8eaf8c8' (2022-04-12)
  → 'github:Mic92/sops-nix/f075361ecbde21535b38e41dfaa28a28f160855c' (2022-06-05)
• Added input 'sops-nix/nixpkgs-21_11':
    'github:NixOS/nixpkgs/2de556c4cd46a59e8ce2f85ee4dd400983213d45' (2022-06-04)
• Added input 'sops-nix/nixpkgs-22_05':
    'github:NixOS/nixpkgs/d6cb04299ce8964290ae7fdcb87aa50da0500b5c' (2022-06-04)
• Updated input 'utils':
    'github:gytis-ivaskevicius/flake-utils-plus/06dba5f3b4fa2cc0bfc98ce9cd6f9a4d8db11d46' (2022-03-14)
  → 'github:gytis-ivaskevicius/flake-utils-plus/f8d6d1f87b6177e3bc674c29f247bdbf897ba274' (2022-05-16)

											
										
										
											2022-06-16 11:14:07 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Can't handle this ===
 								    systemd.enableEmergencyMode = false;
-												[host/faunus-ater] No drive, no die

											
										
										
											2022-06-08 23:31:35 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Settings ===
 								    settings.ssh.openOutsideVPN = true;
 								    settings.printing.enable = true;
-												[host/faunus-ater] Envision & Create

											
										
										
											2022-05-27 18:11:47 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === ZFS services ===
 								    services.zfs.trim.enable = true;
 								    services.zfs.autoScrub.enable = true;
 								    services.zfs.autoScrub.pools = ["rpool"];
-												[host/faunus-ater] Envision & Create

											
										
										
											2022-05-27 18:11:47 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Additional services ===
 								    services.fwupd.enable = true;
 								    powerManagement = {
 								      enable = true;
 								      powertop.enable = true;
 								      cpuFreqGovernor = "powersave";
 								    };
-												[host/faunus-ater] Enable fwupd service

											
										
										
											2022-05-27 22:33:35 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Git.home, because everything else sucks ===
 								    services.gogsHome = {
 								      enable = true;
 								      passwordFile = sopsPath "gogs-database-password";
 								      addr = {
 								        v4 = vpnIPv4;
 								        v6 = vpnIPv6;
 								      };
 								      stateDir = "/data/dirty/gogs";
 								    };
 								    sops.secrets.gogs-database-password = {
 								      owner = config.users.users.gogs.name;
 								      mode = "0400";
-												[module/gogs] Host everything and fix DNS 🚀

											
										
										
											2023-01-22 14:02:32 +01:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Extend printing settings because sharing is caring ===
 								    services.printing = {
 								      listenAddresses = ["*:631"];
 								      allowFrom = ["all" "@IF(${vpnInterface})"];
 								      defaultShared = true;
 								      browsing = true;
 								      logLevel = "debug";
 								    };
 								    networking.firewall.interfaces.${vpnInterface} = {
 								      allowedUDPPorts = [631];
 								      allowedTCPPorts = [631 config.services.hydra.port];
 								    };
 								    hardware.printers = {
 								      ensureDefaultPrinter = "Local";
 								      ensurePrinters = lib.singleton {
 								        description = "The fastest Boi in town!";
 								        deviceUri = "usb://Samsung/ML-1640%20Series?serial=144QBAHS600499T.";
 								        location = "@Home";
 								        model = "samsung/ML-1640.ppd";
 								        name = "Local";
 								        ppdOptions = {
 								          PageSize = "A4";
 								          Resolution = "600dpi";
 								        };
-												[faunus-ater] Prepare printing server setup

											
										
										
											2022-06-13 10:25:36 +02:00
+								      };
 								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    virtualisation.oci-containers.backend = "podman";
 								    virtualisation.podman = {
 								      enable = true;
 								      dockerCompat = true;
 								      extraPackages = with pkgs; [zfs];
 								    };
 								    # Override storage driver
 								    virtualisation.containers.storage.settings = {
 								      storage = {
 								        driver = "zfs";
 								        graphroot = "/var/lib/containers/storage";
 								        runroot = "/run/containers/storage";
 								      };
-												[host/faunus-ater] Add some services

											
										
										
											2022-06-01 19:18:08 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    virtualisation.oci-containers.containers."timetagger" = {
 								      image = "ghcr.io/almarklein/timetagger:v23.2.1";
 								      ports = ["5873:5873"];
 								      environment = {
 								        TIMETAGGER_BIND = "0.0.0.0:5873";
 								        TIMETAGGER_DATADIR = "/root/_timetagger";
 								        TIMETAGGER_LOG_LEVEL = "info";
 								        TIMETAGGER_CREDENTIALS = "malte:$2a$08$P.e3SD0cnPK0P4mFYShELuoa37.1e1dEqE8MWa6LJ/kSJfje1BdBi,marie:$2a$08$ubOZWO510y5bgwIl0O4Ne.dKZdWoHqEMzvs56L6esqvLfBJ/6OgYm";
 								      };
 								      volumes = [
 								        "/data/dirty/timetagger:/root/_timetagger"
 								      ];
-												[host/faunus-ater]: Run timetagger

											
										
										
											2023-04-01 09:20:09 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    services.nginx.virtualHosts."time.home" = mkVirtHost {
 								      locations."/" = {
 								        proxyPass = "http://127.0.0.1:5873";
 								        proxyWebsockets = true;
 								      };
-												[host/faunus-ater]: Run timetagger

											
										
										
											2023-04-01 09:20:09 +02:00
+								    };
-												feat(service): add temporary brain-dump hosting config

											
										
										
											2023-07-02 10:04:47 +02:00
+								    services.nginx.virtualHosts."todo.home" = mkVirtHost {
 								      locations."/" = {
 								        proxyPass = "http://127.0.0.1:7372";
 								        proxyWebsockets = true;
 								      };
 								    };
-												feat(faunus-ater): add support.home service

											
										
										
											2023-07-05 15:35:46 +02:00
+								    services.nginx.virtualHosts."support.home" = mkVirtHost {
 								      locations."/" = {
 								        proxyPass = "http://127.0.0.1:9999";
 								        proxyWebsockets = true;
 								      };
 								    };
-												feat(home-assistant): setup on faunus-ater

											
										
										
											2023-09-10 21:35:28 +02:00
+								    services.nginx.virtualHosts."config.home" = mkVirtHost {
 								      locations."/" = {
 								        proxyPass = "http://127.0.0.1:8123";
 								        proxyWebsockets = true;
 								      };
 								    };
 								    virtualisation.oci-containers.containers.home-assistant = {
 								      volumes = ["/data/dirty/home-assistant:/config"];
 								      environment.TZ = "Europe/Berlin";
 								      image = "ghcr.io/home-assistant/home-assistant:2023.9";
 								      ports = [
 								        "8123:8123"
 								        "1400:1400/tcp"
 								      ];
 								      extraOptions = [
 								        # TODO: Fix the path of the zigbee controller using udev
 								        "--device=/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0"
 								        "--device=/dev/ttyUSB0"
 								        "--cap-add=CAP_NET_RAW,CAP_NET_BIND_SERVICE"
 								      ];
 								    };
 								    # For SONOS
 								    networking.firewall.allowedTCPPorts = [1400];
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Dim ===
 								    # virtualisation.oci-containers.containers."dim" = {
 								    #   environment = {};
 								    #   image = "ghcr.io/dusk-labs/dim:dev";
 								    #   ports = lib.singleton "7999:8000";
 								    #   volumes = [
 								    #     # TODO: https://github.com/Dusk-Labs/dim/blob/master/docker-compose-template.yml
 								    #     "/srv/media.deletemesoon:/media:ro"
 								    #   ];
 								    #   #user = "${config.users.users.dim.name}:${config.users.groups.dim.name}";
 								    # };
-												[host/faunus-ater] Add some services

											
										
										
											2022-06-01 19:18:08 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === SheetAble ===
 								    # virtualisation.oci-containers.containers."sheetable" = {
 								    #   environment = {
 								    #     CONFIG_PATH = "/app/config/";
 								    #   };
 								    #   image = "vallezw/sheetable";
 								    #   ports = lib.singleton "7998:8080";
 								    #   volumes = [
 								    #     # TODO: https://sheetable.net/docs/Installation/installation-docker
 								    #   ];
 								    # };
-												[host/faunus-ater] Add some services

											
										
										
											2022-06-01 19:18:08 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Seafile ===
 								    # services.seafile = {
 								    #   enable = true;
 								    #   adminEmail = "malte.tammena@pm.me";
 								    #   initialAdminPassword = "test";
 								    #   seafileSettings = {
 								    #     fileserver.host = "::1";
 								    #   };
 								    #   ccnetSettings.General.SERVICE_URL = "http://file.home";
 								    # };
-												[host/faunus-ater] Add some services

											
										
										
											2022-06-01 19:18:08 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === HYDRA & Friends. ===
 								    services.hydra = {
 								      enable = true;
 								      package = pkgs.hydra;
 								      notificationSender = "hydra@home";
 								      hydraURL = "http://faunus-ater:${builtins.toString config.services.hydra.port}";
 								      minimumDiskFree = 10;
 								      useSubstitutes = true;
-												fix(nix-serve): Override nix version for nix-serve until bug is fixed

											
										
										
											2023-03-02 18:54:21 +01:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    services.nix-serve = {
 								      enable = true;
 								      secretKeyFile = sopsPath "nix-store-signing-key";
 								      # FIXME: Remove once fixed upstream
 								      package = pkgs.nix-serve.override {
 								        nix = pkgs.nixVersions.nix_2_12;
 								      };
-												[host/faunus-ater,host/elysia-clarki] Move hydra to faunus-ater

											
										
										
											2022-06-13 22:35:28 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # Build on other machines aswell if possible
 								    nix.buildMachines = [
 								      {
 								        hostName = "localhost";
 								        maxJobs = 4;
 								        speedFactor = 1;
 								        sshKey = sopsPath "hydra-overseer-key";
 								        sshUser = "hydra-minion";
 								        systems = ["x86_64-linux" "i686-linux"];
 								      }
 								      {
 								        hostName = "helix-texta";
 								        maxJobs = 4;
 								        speedFactor = 2;
 								        sshKey = sopsPath "hydra-overseer-key";
 								        sshUser = "hydra-minion";
 								        supportedFeatures = ["kvm" "big-parallel"];
 								        systems = ["x86_64-linux" "i686-linux"];
 								      }
 								      {
 								        hostName = "murex-pecten";
 								        maxJobs = 4;
 								        speedFactor = 4;
 								        sshKey = sopsPath "hydra-overseer-key";
 								        sshUser = "hydra-minion";
 								        supportedFeatures = ["kvm" "big-parallel"];
 								        systems = ["x86_64-linux" "i686-linux"];
 								      }
 								    ];
 								    # TODO: This doesn't seem to work
 								    programs.ssh.extraConfig = ''
 								      Host *
 								        StrictHostKeyChecking accept-new
-												[host/faunus-ater,host/elysia-clarki] Move hydra to faunus-ater

											
										
										
											2022-06-13 22:35:28 +02:00
+								    '';
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    nix.extraOptions = ''
 								      allowed-uris = http:// https://
 								    '';
 								    systemd.services."hydra-initial-setup" = {
 								      description = "Setup hydra admin password once";
 								      serviceConfig = {
 								        Type = "oneshot";
 								        RemainAfterExit = true;
 								        LoadCredential = "USER_PW:${sopsPath "hydra-admin-password"}";
 								      };
 								      wantedBy = lib.singleton "multi-user.target";
 								      requires = lib.singleton "hydra-init.service";
 								      after = lib.singleton "hydra-init.service";
 								      environment = {
 								        inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI;
-												[host/faunus-ater,host/elysia-clarki] Move hydra to faunus-ater

											
										
										
											2022-06-13 22:35:28 +02:00
+								      };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								      script = let
 								        hydra-create-user = "${pkgs.hydra}/bin/hydra-create-user";
 								      in ''
 								        if [ ! -e ~hydra/.setup-is-complete ]; then
 								          # create admin user
 								          ${hydra-create-user} admin --full-name 'Admin Mc. Admining' --email-address 'admin@faunus-ater' --password "$USER_PW" --role admin || exit 1
 								          # done
 								          touch ~hydra/.setup-is-complete
 								        fi
 								      '';
-												[host/faunus-ater,host/elysia-clarki] Move hydra to faunus-ater

											
										
										
											2022-06-13 22:35:28 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    services.nginx.virtualHosts = {
 								      "hydra.home" = mkVirtHost {
 								        locations."/" = {
 								          proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}";
 								        };
 								      };
 								      "cache.home" = mkVirtHost {
 								        locations."/" = {
 								          proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}";
 								        };
-												[host/faunus-ater,host/elysia-clarki] Move hydra to faunus-ater

											
										
										
											2022-06-13 22:35:28 +02:00
+								      };
 								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === PAPERLESS service, save me! ===
 								    services.paperless = {
 								      enable = true;
 								      address = "[::1]";
 								      passwordFile = sopsPath "paperless-admin-password";
 								      dataDir = "/data/dirty/paperless";
 								      extraConfig = {
 								        PAPERLESS_OCR_LANGUAGE = "deu";
 								        PAPERLESS_CONSUMER_RECURSIVE = true;
 								        PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
 								        PAPERLESS_URL = "https://doc.home";
 								      };
-												[host/faunus-ater] Disable testing services, setup paperless

											
										
										
											2022-06-05 11:50:44 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    services.nginx.virtualHosts."doc.home" = mkVirtHost {
 								      locations."/" = {
 								        proxyPass = "http://[::1]:${builtins.toString config.services.paperless.port}";
 								        proxyWebsockets = true;
 								      };
-												[host/faunus-ater] Add some services

											
										
										
											2022-06-01 19:18:08 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Komga, for my reading needs ===
 								    services.komga = {
 								      enable = true;
 								      stateDir = "/data/dirty/komga";
 								    };
 								    services.nginx.virtualHosts."read.home" = mkVirtHost {
 								      locations."/" = {
 								        proxyPass = "http://[::1]:${builtins.toString config.services.komga.port}";
 								        proxyWebsockets = true;
 								      };
-												feat(faunus-ater): Setup komga, for reading books and manga

											
										
										
											2023-02-13 21:34:30 +01:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Trilium ===
 								    services.trilium-server = {
 								      enable = true;
 								      port = 10302;
 								      dataDir = "/data/dirty/trilium";
 								    };
 								    services.nginx.virtualHosts."note.home" = mkVirtHost {
 								      locations."/" = {
 								        proxyPass = "http://${config.services.trilium-server.host}:${builtins.toString config.services.trilium-server.port}";
 								        proxyWebsockets = true;
 								      };
-												feat(trilium): Setup service on faunus-ater and adjust DNS

											
										
										
											2023-03-02 18:27:50 +01:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Photoprism ===
 								    services.photoprism = {
 								      enable = true;
 								      port = 2342;
 								      storagePath = "/data/dirty/photoprism/storage";
 								      originalsPath = "/data/dirty/photoprism/originals";
 								      importPath = "/data/dirty/photoprism/import";
 								      passwordFile = sopsPath "photoprism-admin-password";
 								      settings = {
 								        PHOTOPRISM_SESSION_MAXAGE = "31536000";
 								        PHOTOPRISM_SESSION_TIMEOUT = "31536000";
 								        PHOTOPRISM_UPLOAD_NSFW = "true";
 								        PHOTOPRISM_DETECT_NSFW = "true";
 								        PHOTOPRISM_SITE_URL = "https://foto.home";
 								        PHOTOPRISM_SITE_TITLE = "PhotoPrism";
 								        PHOTOPRISM_SITE_CAPTION = "All the pictures!";
 								        PHOTOPRISM_SITE_DESCRIPTION = "";
 								        PHOTOPRISM_SITE_AUTHOR = "";
 								      };
-												Update flake.lock

• Updated input 'cataclysm-dda':
    'github:CleverRaven/Cataclysm-DDA/8e428ca5f21fb868b7eb6aa8380d1fcdbb960bd8' (2022-12-08)
  → 'github:CleverRaven/Cataclysm-DDA/03f25dcc19e8e27f765f768ef56cbd55dc6bbd29' (2023-01-31)
• Updated input 'colmena':
    'github:zhaofengli/colmena/64c46fa0169233d4faed70c52583cd3183c7f5aa' (2022-12-01)
  → 'github:zhaofengli/colmena/7602e548a78932bd28a7e2f621b3d62b4124e993' (2023-01-29)
• Removed input 'colmena/nix-eval-jobs'
• Removed input 'colmena/nix-eval-jobs/flake-utils'
• Removed input 'colmena/nix-eval-jobs/nixpkgs'
• Updated input 'fenix':
    'github:nix-community/fenix/e7941faba7f6cd0a6058330ad8c40d8dc52d741c' (2022-12-08)
  → 'github:nix-community/fenix/97deb5c86b238c2a000ef4eb92fb40465f086706' (2023-01-31)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/6e8a54d0f68702cf7981c8299357838eb0f4d5b2' (2022-12-07)
  → 'github:rust-lang/rust-analyzer/b75803ad31772d105d86f8ebee0cbc8844a4fa29' (2023-01-30)
• Updated input 'glados':
    'git+https://git.sr.ht/~megamanmalte/GLaDOS?ref=main&rev=c92d51bcfa27ea9e0cbabbfba6069c0e4e1243dc' (2022-03-30)
  → 'git+http://git.home/megamanmalte/GLaDOS?ref=main&rev=2954e07ad5f94cf4812891c0fc0fbd9c159c1540' (2021-12-10)
• Updated input 'glados/nixCargoIntegration':
    'github:yusdacra/nix-cargo-integration/15c34bac7a54d4519ba821a844f4a0867ffd0504' (2022-03-30)
  → 'github:yusdacra/nix-cargo-integration/a25206065a3a19d3dbcb2192d9bd273eea5cd919' (2021-11-19)
• Updated input 'glados/nixCargoIntegration/devshell':
    'github:numtide/devshell/4b5ac7cf7d9a1cc60b965bb51b59922f2210cbc7' (2021-06-30)
  → 'github:numtide/devshell/e8c2d4967b5c498b12551d1bb49352dcf9efa3e4' (2021-11-16)
• Updated input 'glados/nixCargoIntegration/nixpkgs':
    'github:NixOS/nixpkgs/6fc5211eddddc02c50ca7f98d6cc377726417fa9' (2021-08-13)
  → 'github:NixOS/nixpkgs/931ab058daa7e4cd539533963f95e2bb0dbd41e6' (2021-11-15)
• Updated input 'glados/nixCargoIntegration/rustOverlay':
    'github:oxalica/rust-overlay/ad311f5bb5c5ef475985f1e0f264e831470a8510' (2021-08-15)
  → 'github:oxalica/rust-overlay/ccc467eff80b2fbb8000cf425e999ef14fbe200c' (2021-11-19)
• Updated input 'home-manager':
    'github:nix-community/home-manager/2af0d07678fc15612345e0dd55337550dcf6465f' (2022-12-05)
  → 'github:nix-community/home-manager/08a778d80308353f4f65c9dcd3790b5da02d6306' (2023-01-28)
• Updated input 'hydra':
    'github:NixOS/hydra/d1fac69c213002721971cd983e2576b784677d40' (2022-12-05)
  → 'github:NixOS/hydra/f48f00ee6d5727ae3e488cbf9ce157460853fea8' (2022-12-23)
• Updated input 'hyprland':
    'github:hyprwm/Hyprland/668cc93962c738d791993e581443273eaca05086' (2022-12-19)
  → 'github:hyprwm/Hyprland/85c07c2fe0427ab5603addcef0e6b7cc211e1af7' (2023-01-31)
• Updated input 'hyprland/hyprland-protocols':
    'github:hyprwm/hyprland-protocols/d0d6db8cb5bef6d93ca3ad8fb2124964173396da' (2022-12-10)
  → 'github:hyprwm/hyprland-protocols/b8f55e02a328c47ed373133c52483bbfa20a1b75' (2022-12-23)
• Added input 'hyprland/hyprland-protocols/nixpkgs':
    follows 'hyprland/nixpkgs'
• Updated input 'hyprland/nixpkgs':
    'github:NixOS/nixpkgs/04f574a1c0fde90b51bf68198e2297ca4e7cccf4' (2022-12-18)
  → 'github:NixOS/nixpkgs/0f213d0fee84280d8c3a97f7469b988d6fe5fcdf' (2023-01-12)
• Updated input 'hyprland/wlroots':
    'gitlab:wlroots/wlroots/c8eb24d30e18c165728b8788a10716611c3b633d' (2022-12-01)
  → 'gitlab:wlroots/wlroots/5f264a7d6c8af27d41ff440c05262b022c055593' (2023-01-04)
• Updated input 'hyprland/xdph':
    'github:hyprwm/xdg-desktop-portal-hyprland/9fb4fae94b9bd80395c193dcaf6fdf740550cff1' (2022-12-13)
  → 'github:hyprwm/xdg-desktop-portal-hyprland/d479c846531fd0e1d2357c9588b8310a2b859ef2' (2023-01-07)
• Updated input 'hyprland/xdph/hyprland-protocols':
    'github:hyprwm/hyprland-protocols/d0d6db8cb5bef6d93ca3ad8fb2124964173396da' (2022-12-10)
  → follows 'hyprland/hyprland-protocols'
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/6d70c2fda85377e1fd7f2ede9ac82ff02dfeb0d5' (2022-12-04)
  → 'github:Jovian-Experiments/Jovian-NixOS/212c8e630b7267a5a712b3b20e4403cf232fd9e0' (2023-01-17)
• Updated input 'nickel':
    'github:tweag/nickel/6110c7f61e46f39e57503889b8f699de8ef3d41e' (2022-12-07)
  → 'github:tweag/nickel/b930544978e657dc2f214a9357bcbb06979095d7' (2023-01-31)
• Updated input 'nickel/crane':
    'github:ipetkov/crane/24591d5f8cc979f7b243b88a2d39da09976970ad' (2022-11-28)
  → 'github:ipetkov/crane/b13963c8c18026aa694acd98d14f66d24666f70b' (2023-01-11)
• Updated input 'nickel/crane/flake-compat':
    'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19)
  → 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
• Updated input 'nickel/crane/rust-overlay':
    'github:oxalica/rust-overlay/cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b' (2022-11-03)
  → 'github:oxalica/rust-overlay/69fb7bf0a8c40e6c4c197fa1816773774c8ac59f' (2023-01-03)
• Removed input 'nickel/import-cargo'
• Updated input 'nickel/pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/2597510df32efafda4d05f5122efe612a7a5da66' (2022-12-03)
  → 'github:cachix/pre-commit-hooks.nix/53e766957b73298fa68b47478c48cbcc005cc18a' (2023-01-19)
• Updated input 'nickel/pre-commit-hooks/flake-compat':
    'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
  → 'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17)
• Updated input 'nickel/pre-commit-hooks/nixpkgs-stable':
    'github:NixOS/nixpkgs/cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a' (2022-11-20)
  → 'github:NixOS/nixpkgs/2f9fd351ec37f5d479556cd48be4ca340da59b8f' (2023-01-15)
• Updated input 'nickel/rust-overlay':
    'github:oxalica/rust-overlay/a0d5773275ecd4f141d792d3a0376277c0fc0b65' (2022-12-03)
  → 'github:oxalica/rust-overlay/1fd6d280c132f4facad8cd023543fb10121e6487' (2023-01-21)
• Updated input 'nix-colors':
    'github:Misterio77/nix-colors/fcd345bd1c9e7c203c3320ee6ca39814c97ac1fe' (2022-12-05)
  → 'github:Misterio77/nix-colors/7e459f1d88ac54fc2f4b308adb5064863006e4b1' (2022-12-28)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/9d87bc030a0bf3f00e953dbf095a7d8e852dab6b' (2022-12-04)
  → 'github:NixOS/nixos-hardware/b7ac0a56029e4f9e6743b9993037a5aaafd57103' (2023-01-24)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/6e51c97f1c849efdfd4f3b78a4870e6aa2da4198' (2022-12-05)
  → 'github:NixOS/nixpkgs/2caf4ef5005ecc68141ecb4aac271079f7371c44' (2023-01-30)
• Updated input 'nixpkgs-wayland':
    'github:nix-community/nixpkgs-wayland/5097457af8e9dcf45a68fa892716919ad28e545a' (2022-12-08)
  → 'github:nix-community/nixpkgs-wayland/95408e974fd4a118ecff9820694d0c35750a18eb' (2023-01-31)
• Updated input 'nixpkgs-wayland/flake-compat':
    'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
  → 'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17)
• Updated input 'nixpkgs-wayland/lib-aggregate':
    'github:nix-community/lib-aggregate/c0f784c05c85422cd7d532fd1a630ba5e8f2348f' (2022-12-04)
  → 'github:nix-community/lib-aggregate/c15111d65432ee32ce64d31b268219e2d4d1bae6' (2023-01-29)
• Updated input 'nixpkgs-wayland/lib-aggregate/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/77e67cb65014fb75c1c8ccfec60e9bd8b7d02c94' (2022-12-04)
  → 'github:nix-community/nixpkgs.lib/a6486be6c11c609cd60c01a427279e8a80a025fa' (2023-01-29)
• Updated input 'nixpkgs-wayland/nix-eval-jobs':
    'github:nix-community/nix-eval-jobs/6117ef2024f679d5c52876031880b752f2be4517' (2022-12-08)
  → 'github:nix-community/nix-eval-jobs/dd47d16dc2d88a210197079b362ffefed09a4265' (2023-01-30)
• Added input 'nixpkgs-wayland/nix-eval-jobs/flake-parts':
    'github:hercules-ci/flake-parts/7c7a8bce3dffe71203dcd4276504d1cb49dfe05f' (2023-01-26)
• Added input 'nixpkgs-wayland/nix-eval-jobs/flake-parts/nixpkgs-lib':
    follows 'nixpkgs-wayland/nix-eval-jobs/nixpkgs'
• Removed input 'nixpkgs-wayland/nix-eval-jobs/flake-utils'
• Updated input 'nixpkgs-wayland/nix-eval-jobs/nixpkgs':
    follows 'nixpkgs-wayland/nixpkgs'
  → 'github:NixOS/nixpkgs/99f5676ba0a0c2d7605b63b2dd1b146c384f42dd' (2023-01-30)
• Updated input 'nixpkgs-wayland/nixpkgs':
    'github:nixos/nixpkgs/a518c77148585023ff56022f09c4b2c418a51ef5' (2023-01-05)
  → 'github:nixos/nixpkgs/2caf4ef5005ecc68141ecb4aac271079f7371c44' (2023-01-30)
• Updated input 'qmk-udev-rules':
    'github:qmk/qmk_firmware/bb3d694875e4b02d0befee60853d3f5997acabb8' (2022-12-07)
  → 'github:qmk/qmk_firmware/e296d671463f38a78c75ee0727016939634ef985' (2023-01-30)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/da98a111623101c64474a14983d83dad8f09f93d' (2022-12-04)
  → 'github:Mic92/sops-nix/b6ab3c61e2ca5e07d1f4eb1b67304e2670ea230c' (2023-01-24)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/86370507cb20c905800527539fc049a2bf09c667' (2022-12-04)
  → 'github:NixOS/nixpkgs/918b760070bb8f48cb511300fcd7e02e13058a2e' (2023-01-22)

											
										
										
											2023-01-31 16:02:20 +01:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # TODO: Why does it not work without these? :/
 								    systemd.services.photoprism.serviceConfig.User = lib.mkForce null;
 								    systemd.services.photoprism.serviceConfig.Group = lib.mkForce null;
 								    systemd.services.photoprism.serviceConfig.DynamicUser = lib.mkForce false;
 								    systemd.services.photoprism.serviceConfig.SystemCallFilter = lib.mkForce [];
 								    services.nginx.virtualHosts."foto.home" = mkVirtHost {
 								      locations."/" = {
 								        proxyPass = "http://localhost:${builtins.toString config.services.photoprism.port}";
 								        proxyWebsockets = true;
 								      };
 								      extraConfig = ''
 								        client_max_body_size 500M;
 								      '';
-												[host/elysia-clarki] Decommision

											
										
										
											2022-09-26 17:11:16 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Restic User Backup ===
 								    services.resticConfigured = {
 								      enable = true;
 								      rootDir = "/data/dirty/restic";
 								      openFirewall = true;
 								    };
-												[host/elysia-clarki] Decommision

											
										
										
											2022-09-26 17:11:16 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Grafana ===
 								    services.grafanaHome = {
 								      enable = true;
 								      nginx.listenAddresses = [vpnIPv4 "[${vpnIPv6}]"];
 								      nginx.sslCertificate = sopsPath "nginx-cert-crt";
 								      nginx.sslCertificateKey = sopsPath "nginx-cert-key";
 								      grafana.adminPasswordFile = sopsPath "grafana-admin-password";
 								    };
-												[faunus-ater] Start grafana

											
										
										
											2022-06-05 13:14:20 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Prometheus ===
 								    services.prometheus = {
 								      enable = true;
 								      enableReload = true;
 								      exporters = {
 								        fritzbox = {
 								          enable = true;
 								          gatewayAddress = "spof";
 								        };
 								        node = {
 								          enable = true;
 								          enabledCollectors = ["systemd"];
 								          disabledCollectors = ["diskstats"];
 								        };
-												[host/faunus-ater] Setup prometheus/grafana

											
										
										
											2022-06-06 17:28:41 +02:00
+								      };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								      scrapeConfigs = scrapedExporters {inherit (config.services.prometheus.exporters) fritzbox node;};
-												[host/faunus-ater] Setup prometheus/grafana

											
										
										
											2022-06-06 17:28:41 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    systemd.services."prometheus-fritzbox-exporter".serviceConfig.EnvironmentFile = sopsPath "fritzbox-exporter-env";
 								    # TODO: Yikes
 								    systemd.services."prometheus-fritzbox-exporter".serviceConfig.ExecStart = let
 								      cfg = config.services.prometheus.exporters.fritzbox;
 								    in
 								      lib.mkForce ''
 								        ${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \
 								          -listen-address ${cfg.listenAddress}:${toString cfg.port} \
 								          -gateway-url http://${cfg.gatewayAddress}:${toString cfg.gatewayPort} \
 								          -gateway-luaurl http://${cfg.gatewayAddress} \
 								          -metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics.json \
 								          -lua-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics-lua_cable.json
 								      '';
-												[host/faunus-ater] Setup prometheus/grafana

											
										
										
											2022-06-06 17:28:41 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # services.nginx.virtualHosts."media.home" = {
 								    #   locations."/" = {
 								    #     proxyPass = "http://127.0.0.1:7999";
 								    #     proxyWebsockets = true;
 								    #   };
 								    # };
-												[host/faunus-ater] Add some services

											
										
										
											2022-06-01 19:18:08 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # services.nginx.virtualHosts."file.home" = {
 								    #   locations."/" = {
 								    #     proxyPass = "http://[::1]:${builtins.toString config.services.seafile.seafileSettings.fileserver.port}";
 								    #     proxyWebsockets = true;
 								    #   };
 								    # };
 								    # networking.firewall.allowedTCPPorts = [config.services.seafile.seafileSettings.fileserver.port];
-												[host/faunus-ater] Add some services

											
										
										
											2022-06-01 19:18:08 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === Print Service ===
 								    systemd.paths."print-all-files" = {
 								      requires = ["printer.target"];
 								      after = ["printer.target"];
 								      wantedBy = ["default.target"];
 								      pathConfig = {
 								        DirectoryNotEmpty = "/srv/to-be-printed";
 								        MakeDirectory = true;
 								        DirectoryMode = "777";
 								        Unit = "print-all-files.service";
 								      };
-												[user/malte, user/marie, host/faunus-ater] Add printing service

											
										
										
											2022-10-15 12:50:04 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    systemd.services."print-all-files" = let
 								      printAndDeleteFile = pkgs.writeShellApplication {
 								        name = "print-and-delete-file";
 								        runtimeInputs = [
 								          pkgs.coreutils
 								          pkgs.cups
 								        ];
 								        text = ''
 								          echo Printing "$1"
 								          lp -- "$1"
 								          rm "$1"
 								        '';
 								      };
 								      script = pkgs.writeShellApplication {
 								        name = "print-all-files-script";
 								        runtimeInputs = [
 								          pkgs.coreutils
 								          printAndDeleteFile
 								        ];
 								        text = ''
 								          find . -type f -exec print-and-delete-file "{}" \;
 								        '';
 								      };
 								    in {
 								      requires = ["printer.target"];
 								      after = ["printer.target"];
 								      serviceConfig = {
 								        WorkingDirectory = "/srv/to-be-printed";
 								        ExecStart = "${script}/bin/print-all-files-script";
 								        # Wait 15 seconds before restart to let the file load, if not present yet
 								        RestartSec = "15";
 								      };
-												[user/malte, user/marie, host/faunus-ater] Add printing service

											
										
										
											2022-10-15 12:50:04 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    users.users.sftp = {
 								      description = "User used for all sftp stuff";
 								      isNormalUser = true;
 								      group = "sftp";
 								      openssh.authorizedKeys.keyFiles = [
 								        ../secrets/users/malte/sftp-key.pub
 								        ../secrets/users/marie/sftp-key.pub
-												[user/malte, user/marie, host/faunus-ater] Add printing service

											
										
										
											2022-10-15 12:50:04 +02:00
+								      ];
 								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    users.groups.sftp = {};
-												[user/malte, user/marie, host/faunus-ater] Add printing service

											
										
										
											2022-10-15 12:50:04 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-												[host/faunus-ater] Disable testing services, setup paperless

											
										
										
											2022-06-05 11:50:44 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === BACKUPS ===
 								    services.restic.backups = {
 								      # Make sure my 'active IO' disk get's saved once a day
 								      zdirty = {
 								        initialize = true;
 								        repository = "/data/archive/dirty.bak";
 								        timerConfig.OnCalendar = "daily";
 								        paths = lib.singleton "/data/dirty";
 								        pruneOpts = [
 								          "--keep-daily 1"
 								          "--keep-weekly 1"
 								          "--keep-monthly 1"
 								          "--keep-yearly 5"
 								        ];
 								        passwordFile = sopsPath "internal-restic-password";
 								      };
-												[host/faunus-ater] Setup zdirty daily backup

											
										
										
											2022-06-13 14:48:38 +02:00
+								    };
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # === RUNTIME SECRETS ===
 								    sops.defaultSopsFile = ../secrets/hosts/faunus-ater/secrets.yaml;
 								    sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
 								    sops.secrets = {
 								      "paperless-admin-password" = {};
 								      "photoprism-admin-password" = {};
 								      "grafana-admin-password" = {
 								        owner = config.users.users.grafana.name;
 								        mode = "0400";
 								      };
 								      "nginx-cert-key" = {
 								        owner = config.users.users.nginx.name;
 								        mode = "0400";
 								      };
 								      "nginx-cert-crt" = {
 								        owner = config.users.users.nginx.name;
 								        mode = "0400";
 								      };
 								      "fritzbox-exporter-env" = {};
 								      "internal-restic-password" = {};
 								      "nix-store-signing-key" = {};
 								      "hydra-admin-password" = {
 								        owner = config.users.users.hydra.name;
 								        mode = "0400";
 								      };
 								      "hydra-overseer-key" = {
 								        owner = config.users.users.hydra.name;
 								        mode = "0440";
 								      };
-												[host/faunus-ater,host/elysia-clarki] Move hydra to faunus-ater

											
										
										
											2022-06-13 22:35:28 +02:00
+								    };
-												[hosts/faunus-ater] Fix missing stateVersion

											
										
										
											2022-06-18 15:02:13 +02:00
-												feat(flake): Recreate using flake-parts

											
										
										
											2023-04-19 01:01:07 +02:00
+								    # This value determines the NixOS release from which the default
 								    # settings for stateful data, like file locations and database versions
 								    # on your system were taken. It‘s perfectly fine and recommended to leave
 								    # this value at the release version of the first install of this system.
 								    # Before changing this value read the documentation for this option
 								    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
 								    system.stateVersion = "22.05"; # Did you read the comment?
 								  };
-												[host/faunus-ater] Envision & Create

											
										
										
											2022-05-27 18:11:47 +02:00
+								}