Merge pull request 'chore: weekly flake update' (#16) from auto-update/2026-01-30 into master

Reviewed-on: #16

containers/README.md

@@ -1,3 +1,3 @@
 # Containers
 
-Easy to deploy in portainer that nix
+For deployments via Dockhand (WIP)

flake.lock

@@ -39,11 +39,11 @@
         "uv2nix": "uv2nix"
       },
       "locked": {
-        "lastModified": 1768220016,
-        "narHash": "sha256-jIYGoq90mDkeVEM9r9CHa/3H1ByYp7ZkE0IRf+haysE=",
+        "lastModified": 1769348998,
+        "narHash": "sha256-nP4gw7bdwYGa+TQEvpMrYrp6/wsGklrC2cmIUjP4HNI=",
         "owner": "nix-community",
         "repo": "authentik-nix",
-        "rev": "94c544f6cd51735728391c8e9463efc893ddf26b",
+        "rev": "eee255ff2ffd90477889740a56ee75cf7020886e",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
     "authentik-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1769201216,
-        "narHash": "sha256-IGtjOOtjJb8qoVC5HAq2Sb8VgdW3PjNFamNtwHqKpEY=",
+        "lastModified": 1769532389,
+        "narHash": "sha256-DO7wfgQBZ2uecbr+nptSHbz06ErT415SDucg7JFg7Y0=",
         "owner": "goauthentik",
         "repo": "authentik",
-        "rev": "b72e3b55a0d7b9873231b2f0a845331f1f8d4db7",
+        "rev": "aafb7cb7dc709eead634b5570b01d9e04f272d7a",
         "type": "github"
       },
       "original": {
@@ -262,11 +262,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1768949235,
-        "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=",
+        "lastModified": 1769580047,
+        "narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5",
+        "rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826",
         "type": "github"
       },
       "original": {
@@ -360,11 +360,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1769086393,
-        "narHash": "sha256-3ymIZ8s3+hu7sDl/Y48o6bwMxorfKrmn97KuWiw1vjY=",
+        "lastModified": 1769302137,
+        "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "9f7ba891ea5fc3ededd7804f1a23fafadbcb26ca",
+        "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
         "type": "github"
       },
       "original": {
@@ -376,11 +376,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1769089682,
-        "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=",
+        "lastModified": 1769598131,
+        "narHash": "sha256-e7VO/kGLgRMbWtpBqdWl0uFg8Y2XWFMdz0uUJvlML8o=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "078d69f03934859a181e81ba987c2bb033eebfc5",
+        "rev": "fa83fd837f3098e3e678e6cf017b2b36102c7211",
         "type": "github"
       },
       "original": {
@@ -407,11 +407,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1769018530,
-        "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
+        "lastModified": 1769461804,
+        "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
+        "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
         "type": "github"
       },
       "original": {

hosts/caddy/dashy-settings.nix

@@ -12,7 +12,11 @@ in
       oidc = {
         clientId = "FiIJTqBIlMKmeSBjznUFgXIJadt71av8dfICvZvf";
         endpoint = "https://auth.pasetto.me/application/o/dashy/";
-        scope = ["openid" "profile" "email"];
+        scope = [
+          "openid"
+          "profile"
+          "email"
+        ];
       };
     };
     webSearch = {
@@ -325,10 +329,10 @@ in
       };
       items = [
         {
-          title = "Portainer";
+          title = "Docker";
           description = "Container Management";
-          url = "https://portainer.${p.domains.public}";
-          icon = "hl-portainer";
+          url = "https://${p.hosts.docker}.${p.domains.public}";
+          icon = "hl-docker";
         }
         {
           title = "Primary DNS";

hosts/caddy/default.nix

@@ -125,7 +125,7 @@ in
       uptime-kuma.proxy = {
         enable = true;
         domain = p.domains.public;
-        host = p.hosts.portainer;
+        host = p.hosts.docker;
       };
 
       librenms.proxy = {
@@ -172,17 +172,22 @@ in
           }
           {
             subdomain = "ai";
-            host = "http://${p.hosts.portainer}:4080";
+            host = "http://${p.hosts.docker}:4080";
             domain = p.domains.public;
           }
           {
             subdomain = "keep";
-            host = "http://${p.hosts.portainer}:3000";
+            host = "http://${p.hosts.docker}:3000";
             domain = p.domains.public;
           }
           {
             subdomain = "maps";
-            host = "http://${p.hosts.portainer}:48080";
+            host = "http://${p.hosts.docker}:5000";
+            domain = p.domains.public;
+          }
+          {
+            subdomain = "dock";
+            host = "http://${p.hosts.docker}:3333";
             domain = p.domains.public;
           }
         ];
@@ -193,11 +198,6 @@ in
 
     virtualisation = {
       proxmox.enable = true;
-      portainer.proxy = {
-        enable = true;
-        domain = p.domains.public;
-        host = p.hosts.portainer;
-      };
     };
   };
 

hosts/docker/default.nix

@@ -0,0 +1,21 @@
+{
+  pkgs,
+  lib,
+  ...
+}:
+{
+  my = {
+    utils = {
+      commons.enable = true;
+      lxc-standard.enable = true;
+    };
+
+    monitoring.uptime-kuma.enable = true;
+
+    virtualisation = {
+      proxmox.enable = true;
+    };
+  };
+
+  system.stateVersion = "24.11";
+}

hosts/hosts.nix

@@ -29,7 +29,7 @@
       "auth"
       "metrics"
       "nextcloud"
-      "portainer"
+      "docker"
       "vaultwarden"
       "immich"
       "firefly-iii"
@@ -155,12 +155,12 @@
     ];
   };
 
-  portainer = {
-    module = ./portainer;
+  docker = {
+    module = ./docker;
     tags = [
       "lxc"
       "bacco"
-      "portainer"
+      "docker"
       "secondary"
     ];
   };

hosts/metrics/default.nix

@@ -104,7 +104,7 @@ in
               "${p.hosts.nextcloud}:${defaultNodePort}"
               "${p.hosts.vaultwarden}:${defaultNodePort}"
               "${p.hosts.plex}:${defaultNodePort}"
-              "${p.hosts.portainer}:${defaultNodePort}"
+              "${p.hosts.docker}:${defaultNodePort}"
             ];
           }
         ];

hosts/parameters.nix

@@ -17,7 +17,7 @@ in
     nextcloud = "nextcloud.${private-domain}";
     vaultwarden = "vaultwarden.${private-domain}";
     plex = "plex.${private-domain}";
-    portainer = "portainer.${private-domain}";
+    docker = "docker.${private-domain}";
     colmena = "colmena.${private-domain}";
     pve01 = "bacco${private-domain}";
     pve02 = "node.${private-domain}";

hosts/portainer/default.nix

@@ -1,38 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-let
-  portainerDataDir = "/var/lib/portainer"; # Define the directory for persistent data
-in
-{
-
-  age.secrets.watchtowerSecrets.file = ../../secrets/watchtower-secrets.age;
-
-  my = {
-    utils = {
-      commons.enable = true;
-      lxc-standard.enable = true;
-    };
-
-    monitoring.uptime-kuma.enable = true;
-
-    virtualisation = {
-      proxmox.enable = true;
-      portainer = {
-        enable = true;
-        enableWatchtower = true;
-        environmentSecrets = config.age.secrets.watchtowerSecrets.path;
-      };
-    };
-  };
-
-  # Extra packages
-  environment.shellAliases = {
-      docker = "sudo docker";
-  };
-
-  system.stateVersion = "24.11";
-}

modules/services/authentik.nix

@@ -103,7 +103,7 @@ in
             final: prev: {
               authentikComponents = prev.authentikComponents // {
                 gopkgs = prev.authentikComponents.gopkgs.override {
-                  buildGo124Module = pkgs.buildGo125Module;
+                  buildGo125Module = pkgs.buildGo125Module;
                 };
               };
             }

secrets.nix

@@ -16,7 +16,7 @@ let
       machines.caddy
       machines.metrics
     ];
-    watchtower-secrets = [ machines.portainer ];
+    watchtower-secrets = [ machines.docker ];
     authentik-env = [ machines.auth ];
     dns01-admin-password = [ machines.dns01 ];
     dns02-admin-password = [ machines.dns02 ];

secrets/dns01-admin-password.age

@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 qaHa5g JDYajBrgbhmlxlp6BOYmayavSBD0kkJpCHvckczl2Hc
-Vea1sj6nmQ2VU+5Kf2M02BcDLS+vWDqjsvLzruSHKkE
--> ssh-ed25519 uqg2jw uXzaoV/Sq3Y2DQmAxMyOtP69WUEWQj2RcCS0VHnrbU0
-QYJD7NY/hdIzfyovYIHz1b2JSTzov+8MCoNAYkeOCK0
--> ssh-ed25519 a0HhMw hm8GkkuScZiCM+jY6HEZpPlzQpAJ5NxMMMoGl/oCwQ4
-/sGmc7XTdXyxgScF2huBnoho38Ie3maw4KHHHDWkiRw
---- U5Hy5/jK+Yej2y1hwbM+mIpxmxraYdwx/ka2EduPCek
-,÷¡ÿ`›ùˆÚàŸ~Q³	…£§v¢ßHÒ<48>2è
|5¼ï¡ùO€a¿n_±àSêg
+-> ssh-ed25519 qaHa5g r1s6gQZZ6spXDa3YksYXbcYtwQxjYCnYqRlL2b3shzc
+gFyNsuyXpcrhKKuXUQnKVvC7rAZaoJAALxV9St51F7s
+-> ssh-ed25519 uqg2jw mAExf33ZWQC/otjOlponu8aJlVlqpZH5w7R1C+xBUy8
+G0wDMc1j8xEUWlA+Om7rCJwN3uuPLr9mgM/ZjqXSBL4
+-> ssh-ed25519 a0HhMw trAZZw0oVhlecjdN13R2aGXKSxE4c/LXELT6i+sKnQc
+++dsWaAUTPZqZb3TqggDeLjErh/8Wv9PnLp7/j/13Qc
+--- NLfCOJgGIqI3vCrRs+4pQ2gqKkTkVh/VK4O3PxnNiXA
+ˆTûš?#0Q[@±_)ñK„f<E2809E>KÈÚ}›9¸Q›Ý«±úhÓ
+œ7³ì)Žn¬É

secrets/grafana-secret-auth.age

@@ -1,9 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 xSWWeQ 1ELSHFW5xDmS3R5XpEBecA3+vMJzYskLaDgWIYZAMRU
-4nTfGewJ4pm1xTBo9CDO9hdNYnCSrJ2FfSe1qeGt5Bs
--> ssh-ed25519 uqg2jw DCqusDELTWtg6X+xl6S97LS3f0BfsoKnSa68aLQbtxM
-8qxUZpiRDe6yzqy0KhS19JerfBA57etTzz7+UjhujlU
--> ssh-ed25519 a0HhMw JNKlu6vvAbLuc0xGFad/3HihP9uUuRbhBkZOPgubcgg
-jrW5wU1vnbk1ltDFtQJSbLGWveT98BexkOajoYc/HxA
---- atlqyy47gXhvPf+gWm7DmhwJ0N7lDOwoEiIp3P4dAHQ
-w‚7Wá
Ó9ä;Ëe³è¸Ì³Ƶ–²­J	^à<úÆS?²4(‘°emƸ!ÐXtˆ"6i{y.Þ}ìÛ‹^%ú+:ÔŠ¹
YÝ!C6i)ͦãòV07Í”¤–Tô¡‰VêÈ®B²=ô«ò9žV4ÍzÃ(ˆ,^—–èðR‘q£éc–mnl^<k‹yÎVcŠ,qL¹-
+-> ssh-ed25519 xSWWeQ a1i+WDaOrAuTQJYpCV7/zZ25mgDLUtFf1isc8uTvUCc
+n5ge1cJ1bp3LzhleDUEZbmYYK17HKurwhfded0YJjQo
+-> ssh-ed25519 uqg2jw VS1osLeEyC11hg4/jdVrFcF20Y1243zJPWjiF6ongkw
+XGoL5+8/ccfndcM+lUzs7yShS1WgSLT7AHeJSEHSOFA
+-> ssh-ed25519 a0HhMw xxzIyXafnVGv70rb5G7JNL2gYXELNAjw0tieWUPZjU4
+01ag9xGVFI76aBaUpuXdxg3VmEB3FpoRhYNwsRlz8b4
+--- QfrxirayYUNwCnoSR5T7aP+j2DUPyKdZYEaFmd2vRnc
+·æà
+.ÄÙm3Ù•m[ât[ƒ2áÝC$ÕJiv¹î|cÅhVÓbÇ9Päe"Í”¦I~Á@èæÿ°ìŽÞþÇw“c
+§`ñé'‘Ž_×OJžXª:âWN˜ §¦|´%H?ÒbûOe_0#¯´ü.ÏðBiΫµf<C2B5>â“ÂNIÕy}<05>ÑQmF‘sÍ²ù›¯YÔ<59>âÛsRSl­ª<C2AD>l

secrets/mqtt-password.age

@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 VfYKTQ xMoobFdxUR6z+ZpRQbu69K6DfjFouS2/VeY14z6aBlI
-Yana0VF9enzOkV/BzZ7z7tmhWDEiCSJzzaiJpjOC+IU
--> ssh-ed25519 uqg2jw zCL88Iu2tKMpHjcZwe/0CV04acj0vzJok3T7enf/zUQ
-fnrg9+13tzjL0sIiLP2WWKeYufL3ksm8HHljEnIAZJs
--> ssh-ed25519 a0HhMw AMKdtR6XaroB3cGuXCYc2Fw3HHwNcBXvRC1lWH1CLgk
-HFwgqLhfuHy4+XMafonoqDjgaaQ+L5s71cP+/3kVt+o
---- qqPpy+/ZW87v13ptI33zO1yxIVkoU0D/dKh6dmcogRw
-©)ĐäKÝľ_¬ÁDâ_
-77Ác%{UsĘiçićČŇ
˝^ŚQ;‚<šô»îf
+-> ssh-ed25519 VfYKTQ AbM14mSwas9zGjq+LusHB35CP2vj1B7VcZbYHbkqzho
+ImZfK7ICMHhhMJGWHDlm/2PpUSPVCohiQXJeADH6m5k
+-> ssh-ed25519 uqg2jw BciWCj0ArQ0j3zXH0FJGvqWcME3UMWOo4Q5c4R015RA
+djrxeoG6DRXKqjnJTrFjY8iZB6mlpmF8s9c5VkS1l/E
+-> ssh-ed25519 a0HhMw RiZ6SKx1Bww4/TARRDS0ZSaU9pweqbrE+TbtPLNOuQY
+OxNw2jmEQ7y/Pd34yMYIP0/wVVEFvMg16tQF6FzVr6Q
+--- 1dC9eVZB5S8zx18K1XyJOQUKOsAv4WlXhHXuij3XNMM
+Nþ
»më`"3iNnx¼3f°êY6ǬÀÙ¾û©¬è„¿;¿Ÿ0JÅ™DP

secrets/nextcloud-admin-pwd.age

@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 S1eK8A F5K7JIXTSg+5AfFuRsFtbxhbX/3a/x7SNZ9eiiG2FXo
-umaFiXV9ypTxdXzRl/X37fyQlWwFsug7TD+prQ4w97I
--> ssh-ed25519 uqg2jw JaT2wgqEQpnfbzspUpEBpa8M5OCYs53RnRwWpaWpzSA
-OHp83Xf5WdHNxG3Wsm4zsy9wOLZDcoaFpRxQGtoNdi8
--> ssh-ed25519 a0HhMw yZEM714bWIN657VGrGDBmSZZljOURIZwYZmKV+Zyi1Q
-nL1koyimO4OGaE2c1Mbm+9u6GR7Axi3t3Ay842ck9kQ
---- ycl+WPu2ZtL+Av2/hTn8tJOkVrQPjNwdp1R4fwI4ObI
-ü.Cø­è/
-4©2¢Gq%zÓ)ý<>&îbLr“jäóyÒ!Ñ*IúçE>Œð
+-> ssh-ed25519 S1eK8A nuwCf9oMLnaY4No1xiDJlHiCctR5brAyjAi7y/8sUlQ
+r4TBp9fLxthd0tyZOvO8HLbxWF31xepvHn+TKUDTbT8
+-> ssh-ed25519 uqg2jw JFJoBxg5FXacTlg1RdP7nMXOlI49/ztVOLAfhjDHuVE
+J0FM0sVFcT75b4FJtmLya4GTm8ytvW+G2/PsSyzwguQ
+-> ssh-ed25519 a0HhMw ZyQIQhEXiA4ZKB/T3KrNVbkHPUY0DyFxEmWgGrvY31Y
+Pc0G82/RgETkawX346yFRMjh3GiVrs9g9i28Zh/1pZg
+--- yIhMYtPBSmLN2w2012b2jgcJsDzH27/I9Fi/ChZX7MM
+ｩ_<EFBFBD>B9p]勳､fXR#aｩ4ﾆpｽIu.6ΠPｿqw|躁[w=p播

secrets/shadowsocks-password.age

@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 HvFEmA Q+XkhVoaICO0J/pa2m+oxiScwCOhoH/Erbzxb4QwuDQ
-wexloSa07qcMCp6nZDz+fE3eAQJJ6VKcF8zNoAm3GhE
--> ssh-ed25519 uqg2jw Q+MFZ9kpICAk65WAx1l0JyPwUFdBEQQDvwUdOkOghwQ
-3i5249ur+HAuDIflPEgHG9/i+ZMlMU/IY95mbuAiYaM
--> ssh-ed25519 a0HhMw IuLcBhMtGOW8HXIxSGZuIVX15lfsPpgx2sBPwSQ4dVM
-F+jlFf4Mdyt7bcUimFWQajlIvFhGnckxdxrxQdJ87NY
---- YMyXtuT9aN/Le5+XZuHojFrfCjILigxdP9VWsBxi7VY
-(Ž²{b{ЮR±3–YcÎ¥5T{CâÄ»òMŠfƒ©}ÆÁé šcÓg—Ó<1E>ïgbØjú´Oõ‹³‰U.û°îVUŠCx»c«£ÅÁhçu9R-::í`OºŒ’
+-> ssh-ed25519 HvFEmA UWbeWTSBZ78hSnN4jozMvMUUsNnG8CfcoDbJ7KXt9yk
+5H0/lJ2fy/4nGqTzOGX8apfNqOEhDKy/vMy4gbx+bPM
+-> ssh-ed25519 uqg2jw tCXS8mQPkIvlosi3Y7Auy9CQ39ikfDYB6lJ5tmmbCzU
+iLeWcqkgqgUxKexVUast1Sp4TbLXSMU+NNyJyT1PU4A
+-> ssh-ed25519 a0HhMw uaYgjglhXYZPYi4QqH6xitkkduJTE/Af7x2zsRCUc10
+bZRzpwR6vCCx1Dnu6u2fZ3Ud+qciXQFq640kkzSKtm8
+--- a5/HmRVLLvwE1ViHhUi8UcwN5iaumYXP1Weqx1MM7yU
+Ù< á¬|ø°”g‚z·†ßNýj¨þ©rRæ}BtÞXh‚õ·‘ð¹$G)LÏ £¤¦º=W¸^h
Qwið¡üøxŒ^ ~®=…[°ý@k
±¨/+¢êÉ‚A÷”7

ssh-keys.nix

@@ -13,7 +13,7 @@ rec {
     nextcloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYobAlQ9tPKjyh7eE2Ku81ZiMY6OWd3ELDqo+xBmjbC";
     vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOW9uYQpPMiKvI/KFRvd/5f9J8a0zLaQxstWRI8VNObV";
     plex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINp9itRJGSSVWLxwrcudyGUNOOKl+qqtf+IzLHrhffyt";
-    portainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgg4SKMCw2/21l1crY7trFnrCmNSrkYPl3vEDnJ8aQn";
+    docker = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgg4SKMCw2/21l1crY7trFnrCmNSrkYPl3vEDnJ8aQn";
     auth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsSQbXHRt+MpUh+YQxd5p6YPnbbWR/4ylz/pXjdZ9Bs";
     dns01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7BdiP/dCE6FHoJylcBKQ5AXz06UpLHNyeuvfLVccSi";
     dns02 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+HIq6/ebjiv71xDozdOTn5AdnXgr1fGqIzXnH7Not+";
@@ -26,6 +26,7 @@ rec {
     n8n = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP18IdsIxK7EdIOLSONJ4NA6AfLnM/3NkR3+OCDvJWXJ";
     librenms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/dmfOVzj37ZYwLTs+jjQUQYRIgvW3NrtBDsr8rllss";
     immich = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF8H49AYwKmHLV5QwgqNjlFRhLVg/k3/kKR53/ihz/cu";
+    ilpost-podcast = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHo3tGrspZlSVbC1X/MHFFwDGj8G8+ZrZihU28DkbJEh";
   };
 
   # Machines able to provisioning other machines