Merge branch 'master' into auto-update/2026-02-13
Some checks failed
Auto Update Build / build (pull_request) Has been cancelled
Some checks failed
Auto Update Build / build (pull_request) Has been cancelled
This commit is contained in:
commit
6ac38299e0
17 changed files with 82 additions and 48 deletions
|
|
@ -67,7 +67,7 @@
|
|||
{
|
||||
|
||||
# used with: `nix fmt`
|
||||
formatter.${system} = pkgs.nixfmt-rfc-style;
|
||||
formatter.${system} = pkgs.nixfmt-tree;
|
||||
|
||||
nixosConfigurations = (import ./hosts inputs);
|
||||
|
||||
|
|
|
|||
|
|
@ -27,4 +27,3 @@ in
|
|||
|
||||
system.stateVersion = "25.11";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -32,13 +32,20 @@ in
|
|||
lxc-standard.enable = true;
|
||||
};
|
||||
|
||||
virtualisation.proxmox.enable = true;
|
||||
virtualisation = {
|
||||
proxmox.enable = true;
|
||||
podman.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
nix-ld.enable = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
just-lsp
|
||||
];
|
||||
|
||||
home-manager = {
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
|
|
|
|||
|
|
@ -74,7 +74,10 @@ let
|
|||
hostModule = cfg.module;
|
||||
unstable = cfg.unstable or false;
|
||||
extraModules = cfg.extraModules or [ ];
|
||||
specialArgs = { inherit authentik-nix; } // (cfg.specialArgs or { });
|
||||
specialArgs = {
|
||||
inherit authentik-nix;
|
||||
}
|
||||
// (cfg.specialArgs or { });
|
||||
}
|
||||
) hostDefs;
|
||||
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@
|
|||
|
||||
virtualisation = {
|
||||
proxmox.enable = true;
|
||||
docker.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -61,4 +61,3 @@ in
|
|||
|
||||
system.stateVersion = "25.11";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,10 @@ in
|
|||
enable = true;
|
||||
hostname = p.hosts.librenms;
|
||||
settings = {
|
||||
"snmp.community" = [ "public" "homelab" ];
|
||||
"snmp.community" = [
|
||||
"public"
|
||||
"homelab"
|
||||
];
|
||||
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -74,7 +74,8 @@ in
|
|||
}
|
||||
];
|
||||
}
|
||||
] ++ cfg.extraScrapeConfigs;
|
||||
]
|
||||
++ cfg.extraScrapeConfigs;
|
||||
};
|
||||
|
||||
services.grafana = {
|
||||
|
|
|
|||
|
|
@ -55,24 +55,21 @@ in
|
|||
|
||||
services.collabora-online = {
|
||||
enable = true;
|
||||
settings =
|
||||
{
|
||||
net.listen = "0.0.0.0";
|
||||
settings = {
|
||||
net.listen = "0.0.0.0";
|
||||
|
||||
# terminate TLS at Caddy, NOT in coolwsd
|
||||
ssl.enable = false;
|
||||
ssl.termination = true;
|
||||
# terminate TLS at Caddy, NOT in coolwsd
|
||||
ssl.enable = false;
|
||||
ssl.termination = true;
|
||||
|
||||
# allow WOPI (Nextcloud etc.)
|
||||
storage.wopi."@allow" = true;
|
||||
}
|
||||
// lib.optionalAttrs (cfg.trustedDomains != [ ]) {
|
||||
# Restrict which hosts may use WOPI (e.g. only your Nextcloud).
|
||||
# Collabora expects regexes here, so escape dots.
|
||||
storage.wopi.host = map
|
||||
(d: builtins.replaceStrings [ "." ] [ "\\." ] d)
|
||||
cfg.trustedDomains;
|
||||
};
|
||||
# allow WOPI (Nextcloud etc.)
|
||||
storage.wopi."@allow" = true;
|
||||
}
|
||||
// lib.optionalAttrs (cfg.trustedDomains != [ ]) {
|
||||
# Restrict which hosts may use WOPI (e.g. only your Nextcloud).
|
||||
# Collabora expects regexes here, so escape dots.
|
||||
storage.wopi.host = map (d: builtins.replaceStrings [ "." ] [ "\\." ] d) cfg.trustedDomains;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
|
|
|
|||
|
|
@ -97,4 +97,3 @@ in
|
|||
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,10 +16,14 @@ let
|
|||
sha256 = "sha256-kL7tVHXZunqGFztbVx850QQ1U5h5wY1ltIONWXwe7QQ=";
|
||||
};
|
||||
|
||||
phpPackage = pkgs.php.withExtensions ({ enabled, all }: enabled ++ [
|
||||
all.curl
|
||||
all.dom
|
||||
]);
|
||||
phpPackage = pkgs.php.withExtensions (
|
||||
{ enabled, all }:
|
||||
enabled
|
||||
++ [
|
||||
all.curl
|
||||
all.dom
|
||||
]
|
||||
);
|
||||
|
||||
in
|
||||
{
|
||||
|
|
@ -51,7 +55,13 @@ in
|
|||
};
|
||||
|
||||
poolSettings = lib.mkOption {
|
||||
type = with lib.types; attrsOf (oneOf [ str int bool ]);
|
||||
type =
|
||||
with lib.types;
|
||||
attrsOf (oneOf [
|
||||
str
|
||||
int
|
||||
bool
|
||||
]);
|
||||
default = {
|
||||
"pm" = "dynamic";
|
||||
"pm.max_children" = 8;
|
||||
|
|
@ -133,11 +143,13 @@ in
|
|||
user = cfg.user;
|
||||
group = cfg.group;
|
||||
phpPackage = phpPackage;
|
||||
settings = lib.mapAttrs (name: lib.mkDefault) {
|
||||
"listen.owner" = config.services.caddy.user;
|
||||
"listen.group" = config.services.caddy.group;
|
||||
"chdir" = cfg.dataDir;
|
||||
} // cfg.poolSettings;
|
||||
settings =
|
||||
lib.mapAttrs (name: lib.mkDefault) {
|
||||
"listen.owner" = config.services.caddy.user;
|
||||
"listen.group" = config.services.caddy.group;
|
||||
"chdir" = cfg.dataDir;
|
||||
}
|
||||
// cfg.poolSettings;
|
||||
};
|
||||
|
||||
# Caddy configuration for serving PHP
|
||||
|
|
@ -169,4 +181,3 @@ in
|
|||
})
|
||||
];
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -67,7 +67,11 @@ in
|
|||
};
|
||||
|
||||
# Add npm/nodejs to n8n's PATH
|
||||
systemd.services.n8n.path = [ pkgs.nodejs pkgs.gnutar pkgs.gzip ];
|
||||
systemd.services.n8n.path = [
|
||||
pkgs.nodejs
|
||||
pkgs.gnutar
|
||||
pkgs.gzip
|
||||
];
|
||||
|
||||
})
|
||||
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ in
|
|||
package = pkgs.nextcloud32;
|
||||
hostName = "cloud.${cfg.proxy.domain}";
|
||||
https = true;
|
||||
|
||||
|
||||
secretFile = cfg.secretFile;
|
||||
|
||||
settings = {
|
||||
|
|
|
|||
|
|
@ -263,9 +263,9 @@ in
|
|||
cp -r ${rutorrentPkgs}/php ${cfg.dataDir}/
|
||||
|
||||
${optionalString (cfg.plugins != [ ])
|
||||
''cp -r ${
|
||||
"cp -r ${
|
||||
concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins
|
||||
} ${cfg.dataDir}/plugins/''
|
||||
} ${cfg.dataDir}/plugins/"
|
||||
}
|
||||
|
||||
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}/{conf,share,logs,plugins}
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ in
|
|||
isNormalUser = true;
|
||||
hashedPassword = "$y$j9T$oWLCV1hnGPyOGabMfAS3p1$/iwouRZGwQXcv6IHnLuT3I9.pmeXNpcHxq.b8xfitr1";
|
||||
shell = pkgs.bash;
|
||||
extraGroups = [ "wheel" ];
|
||||
extraGroups = [ "wheel" ] ++ lib.optionals config.virtualisation.docker.enable [ "docker" ];
|
||||
openssh.authorizedKeys.keys = sshKeys.infra-core;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -14,13 +14,10 @@ in
|
|||
|
||||
config = lib.mkIf cfg.enable {
|
||||
virtualisation = {
|
||||
docker = {
|
||||
storageDriver = "overlay2";
|
||||
};
|
||||
|
||||
docker.enable = true;
|
||||
oci-containers.backend = "docker";
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,15 +13,28 @@ in
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# Enable common container config files in /etc/containers
|
||||
virtualisation.containers.enable = true;
|
||||
virtualisation = {
|
||||
|
||||
podman = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
oci-containers.backend = "podman";
|
||||
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
||||
dockerCompat = true;
|
||||
|
||||
# Required for containers under podman-compose to be able to talk to each other.
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Useful other development tools
|
||||
environment.systemPackages = with pkgs; [
|
||||
dive # look into docker image layers
|
||||
podman-tui # status of containers in the terminal
|
||||
docker-compose # start group of containers for dev
|
||||
podman-compose # start group of containers for dev
|
||||
];
|
||||
|
||||
# Depending on the host filesystem
|
||||
# virtualisation.containers.storage.settings = {
|
||||
# storage = {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue