chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor var generation and update service configs

Browse source 
- Refactor var generation scripts to use _rotate helper
- Update Glance service URLs to use configured ports
- Set static password hash for qBittorrent in Servarr config
- Update Caddy plugin hash
- Remove oauth_auto_login from Grafana config
- Add shared pwgen script for password generation
This commit is contained in:
Chris Kruining 2026-03-09 11:34:06 +01:00
parent df41d59ae1
commit 793866e621
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
6 changed files with 25 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

19
.just/vars.just
View file

@ -36,20 +36,25 @@ remove machine key:
echo "Done" echo "Done"
[doc('Remove var by {key} for {machine}')] [doc('Generate var values for {machine}')]
[script] [script]
generate machine: generate machine:
for key in $(nix eval --apply 'builtins.attrNames' --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets | jq -r '.[]'); do for key in $(nix eval --apply 'builtins.attrNames' --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets | jq -r '.[]'); do
# Skip if there's no script
[ -f "{{ justfile_directory() }}/script/$key" ] || continue
# Skip if we already have a value # Skip if we already have a value
[ $(just vars get {{ machine }} "$key" | jq -r) ] && continue [ $(just vars get "{{ machine }}" "$key" | jq -r) ] && continue
echo "Executing script for $key" just _rotate "{{ machine }}" "$key"
just vars set {{ machine }} "$key" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/$key")" && source "./$(basename $key)")"
done done
[doc('Regenerate var values for {machine}')]
[script]
_rotate machine key:
# Exit if there's no script
[ -f "{{ justfile_directory() }}/script/{{ key }}" ] || exit
echo "Executing script for {{ key }}"
just vars set "{{ machine }}" "{{ key }}" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/{{ key }}")" && source "./$(basename "{{ key }}")")"
[script] [script]
check: check:
cd .. cd ..

10
modules/nixos/services/media/glance/default.nix
View file

@ -100,22 +100,22 @@ in {
} }
{ {
title = "Radarr"; title = "Radarr";
url = "http://${config.networking.hostName}:2001"; url = "http://${config.networking.hostName}:${builtins.toString config.services.radarr.settings.server.port}";
icon = "sh:radarr"; icon = "sh:radarr";
} }
{ {
title = "Sonarr"; title = "Sonarr";
url = "http://${config.networking.hostName}:2002"; url = "http://${config.networking.hostName}:${builtins.toString config.services.sonarr.settings.server.port}";
icon = "sh:sonarr"; icon = "sh:sonarr";
} }
{ {
title = "Lidarr"; title = "Lidarr";
url = "http://${config.networking.hostName}:2003"; url = "http://${config.networking.hostName}:${builtins.toString config.services.lidarr.settings.server.port}";
icon = "sh:lidarr"; icon = "sh:lidarr";
} }
{ {
title = "Prowlarr"; title = "Prowlarr";
url = "http://${config.networking.hostName}:2004"; url = "http://${config.networking.hostName}:${builtins.toString config.services.prowlarr.settings.server.port}";
icon = "sh:prowlarr"; icon = "sh:prowlarr";
} }
{ {
@ -125,7 +125,7 @@ in {
} }
{ {
title = "SABnzbd"; title = "SABnzbd";
url = "http://${config.networking.hostName}:8080"; url = "http://${config.networking.hostName}:${builtins.toString config.services.sabnzbd.settings.misc.port}";
icon = "sh:sabnzbd"; icon = "sh:sabnzbd";
} }
]; ];

5
modules/nixos/services/media/servarr/default.nix
View file

@ -85,8 +85,11 @@ in {
LegalNotice.Accepted = true; LegalNotice.Accepted = true;
Prefecences.WebUI = { Prefecences.WebUI = {
AlternativeUIEnabled = true;
RootFolder = "''${pkgs.vuetorrent}/share/vuetorrent";
Username = "admin"; Username = "admin";
Password_PBKDF2 = config.sops.secrets."qbittorrent/password_hash".path; Password_PBKDF2 = "@ByteArray(Yhyk8fzgSHuKcgcmIxhYzg==:9njltqI5znb98+n+eOqUvpe4xYj6Dcub994o2fe9kpTa1fczMdHf/fNoifLaGmEf69xkTNSztEuh6BqcR4/CbQ==)"; #config.sops.secrets."qbittorrent/password_hash".path;
}; };
}; };

2
modules/nixos/services/networking/caddy/default.nix
View file

@ -29,7 +29,7 @@ in {
package = pkgs.caddy.withPlugins { package = pkgs.caddy.withPlugins {
plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
hash = "sha256-AdL/LFKXbWmCsJ/xZWZmYBnw57c7sS6s1miR3sSx1Ow="; hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
}; };
virtualHosts = virtualHosts =

1
modules/nixos/services/observability/grafana/default.nix
View file

@ -36,7 +36,6 @@ in {
auth = { auth = {
disable_login_form = false; disable_login_form = false;
oauth_auto_login = true;
}; };
"auth.basic".enable = false; "auth.basic".enable = false;

3
script/.shared/pwgen Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
pwgen -s 128 1