- Refactor var generation scripts to use _rotate helper
- Update Glance service URLs to use configured ports
- Set static password hash for qBittorrent in Servarr config
- Update Caddy plugin hash
- Remove oauth_auto_login from Grafana config
- Add shared pwgen script for password generation
- Add restartUnits and ownership to Matrix and Servarr secrets
- Use sops secret for qbittorrent password hash
- Refactor Cardigann indexer config in Servarr
- Update Caddy plugin version and hash
- Add debug output to machine update justfile
Switch sabnzbd configuration to use the settings and secretFiles options
instead of a static config file. Add support for nzbkey secret. Update
sops template to include nzb_key and remove duplicated server and misc
settings.
Move Caddy configuration from individual services to a shared
networking.caddy module. Update service modules and system config to use
the new interface. Remove redundant user definitions and old Caddy
config blocks.
- Integrate LiveKit SFU, coturn TURN server, and lk-jwt-service for
Element Call support in the Matrix Synapse module
- Add firewall rules for new services and ports
- Add key generation systemd service for LiveKit JWT
- Extend Synapse config with TURN URIs and experimental features
- Update Caddy config for new endpoints and well-known support
- Improve OIDC config with additional scopes and user mapping
- Add Grafana secret_key to SOPS secrets and config
- Refactor and modularize secret checking in justfile scripts
WOOP WOOP, it all works!
now the next, big, huge, giant, hurdle to overcome is the chicken and egg problem of needing zitadel to generate values that I need inside the nix config of synapse, forgejo, and jellyfin
