diff --git a/.just/vars.just b/.just/vars.just index 62a8bd9..7f464fb 100644 --- a/.just/vars.just +++ b/.just/vars.just @@ -36,25 +36,20 @@ remove machine key: echo "Done" -[doc('Generate var values for {machine}')] +[doc('Remove var by {key} for {machine}')] [script] generate machine: for key in $(nix eval --apply 'builtins.attrNames' --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets | jq -r '.[]'); do + # Skip if there's no script + [ -f "{{ justfile_directory() }}/script/$key" ] || continue + # Skip if we already have a value - [ $(just vars get "{{ machine }}" "$key" | jq -r) ] && continue + [ $(just vars get {{ machine }} "$key" | jq -r) ] && continue - just _rotate "{{ machine }}" "$key" + echo "Executing script for $key" + just vars set {{ machine }} "$key" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/$key")" && source "./$(basename $key)")" done -[doc('Regenerate var values for {machine}')] -[script] -_rotate machine key: - # Exit if there's no script - [ -f "{{ justfile_directory() }}/script/{{ key }}" ] || exit - - echo "Executing script for {{ key }}" - just vars set "{{ machine }}" "{{ key }}" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/{{ key }}")" && source "./$(basename "{{ key }}")")" - [script] check: cd .. diff --git a/flake.lock b/flake.lock index e2ef3a5..4cc9f95 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1774210137, - "narHash": "sha256-QaPn/8NlrXd6jd8S9+KV2pYsGNZ8KWU5+jv2/QtRlUw=", - "rev": "1862f2641e54a51755b0b9acb907d01f6b324b2a", + "lastModified": 1774174479, + "narHash": "sha256-6stwl7hiMK6Jvn11cBnw3TutkVSdPp1ILh+93aWVImA=", + "rev": "a50863e540a43fc0617ecbf8adada90af3899f57", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/1862f2641e54a51755b0b9acb907d01f6b324b2a.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/a50863e540a43fc0617ecbf8adada90af3899f57.tar.gz" }, "original": { "type": "tarball", @@ -184,11 +184,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1774250935, - "narHash": "sha256-mWID0WFgTnd9hbEeaPNX+YYWF70JN3r7zBouEqERJOE=", + "lastModified": 1774163246, + "narHash": "sha256-gzlqyLjP44LWraUd3Zn4xrQKOtK+zcBJ77pnsSUsxcM=", "owner": "nix-community", "repo": "fenix", - "rev": "64d7705e8c37d650cfb1aa99c24a8ce46597f29e", + "rev": "4cd28929c68cae521589bc21958d3793904ed1e2", "type": "github" }, "original": { @@ -571,11 +571,11 @@ ] }, "locked": { - "lastModified": 1774210133, - "narHash": "sha256-yeiWCY9aAUUJ3ebMVjs0UZXRnT5x90MCtpbpOWiXrvM=", + "lastModified": 1774135471, + "narHash": "sha256-TVeIGOxnfSPM6JvkRkXHpJECnj1OG2dXkWMSA4elzzQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "c6fe2944ad9f2444b2d767c4a5edee7c166e8a95", + "rev": "856b01ebd1de3f53c3929ce8082d9d67d799d816", "type": "github" }, "original": { @@ -980,11 +980,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1774253681, - "narHash": "sha256-U3LMRHov4wQ4olZq/zvf94Qf7oL6W11fjvZGvWg3gZc=", + "lastModified": 1774192834, + "narHash": "sha256-Ro1L12XoZiA63+JOskKf/w49v8K8hQDkEvNqem7nnik=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16b430b0e3a5233df0444f14928af915555308ac", + "rev": "116515096225d29ffa1b6d576dd04b93941fe591", "type": "github" }, "original": { @@ -1028,11 +1028,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1774106199, - "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "lastModified": 1773821835, + "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", "type": "github" }, "original": { @@ -1093,11 +1093,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1774224548, - "narHash": "sha256-g45WZAZHNc7wJBkK4IdB5dq0Bh0JE7G0gcY2H5DFi44=", + "lastModified": 1774134539, + "narHash": "sha256-VTbmIpAP4OlM76uwUUezfewBUsrfWk2l3H2QaTY6QLc=", "owner": "notashelf", "repo": "nvf", - "rev": "edfb73fa4ced576f587d259a70a513b4152f8cea", + "rev": "85ca579065a079ee9ee603339668c7c16b61c4f7", "type": "github" }, "original": { @@ -1158,11 +1158,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1774221325, - "narHash": "sha256-aEIdkqB8gtQZtEbogdUb5iyfcZpKIlD3FkG8ANu73/I=", + "lastModified": 1774097238, + "narHash": "sha256-hcujm/qEX4RUybdBCrQKdQNqTRYDItmnbjJRP5ky5vc=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "b42b63f390a4dab14e6efa34a70e67f5b087cc62", + "rev": "76de1de27c0ca1329bc41324edab22c82d69e779", "type": "github" }, "original": { @@ -1502,11 +1502,11 @@ ] }, "locked": { - "lastModified": 1774242250, - "narHash": "sha256-pchbnY7KVnH26g4O3LZO8vpshInqNj937gAqlPob1Mk=", + "lastModified": 1774155194, + "narHash": "sha256-0+8XV5WPO5Ie8hBcEEpPoR7mCqUmMnVZFiu6DQIxIE0=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "f19c3e6683c2d2f3fcfcb88fb691931a104bc47c", + "rev": "56e6e71b465967758ff4db948ff943cb8ea31ca4", "type": "github" }, "original": { diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix index ec6e851..6af52ef 100644 --- a/modules/nixos/services/media/glance/default.nix +++ b/modules/nixos/services/media/glance/default.nix @@ -13,12 +13,6 @@ in { }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy.hosts = { - "https://${config.networking.hostName}:443" = '' - reverse_proxy http://[::]:2000 - ''; - }; - services.glance = { enable = true; openFirewall = true; @@ -106,22 +100,22 @@ in { } { title = "Radarr"; - url = "http://${config.networking.hostName}:${builtins.toString config.services.radarr.settings.server.port}"; + url = "http://${config.networking.hostName}:2001"; icon = "sh:radarr"; } { title = "Sonarr"; - url = "http://${config.networking.hostName}:${builtins.toString config.services.sonarr.settings.server.port}"; + url = "http://${config.networking.hostName}:2002"; icon = "sh:sonarr"; } { title = "Lidarr"; - url = "http://${config.networking.hostName}:${builtins.toString config.services.lidarr.settings.server.port}"; + url = "http://${config.networking.hostName}:2003"; icon = "sh:lidarr"; } { title = "Prowlarr"; - url = "http://${config.networking.hostName}:${builtins.toString config.services.prowlarr.settings.server.port}"; + url = "http://${config.networking.hostName}:2004"; icon = "sh:prowlarr"; } { @@ -131,7 +125,7 @@ in { } { title = "SABnzbd"; - url = "http://${config.networking.hostName}:${builtins.toString config.services.sabnzbd.settings.misc.port}"; + url = "http://${config.networking.hostName}:8080"; icon = "sh:sabnzbd"; } ]; diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 6953421..f868313 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -85,11 +85,8 @@ in { LegalNotice.Accepted = true; Prefecences.WebUI = { - AlternativeUIEnabled = true; - RootFolder = "''${pkgs.vuetorrent}/share/vuetorrent"; - Username = "admin"; - Password_PBKDF2 = "@ByteArray(Yhyk8fzgSHuKcgcmIxhYzg==:9njltqI5znb98+n+eOqUvpe4xYj6Dcub994o2fe9kpTa1fczMdHf/fNoifLaGmEf69xkTNSztEuh6BqcR4/CbQ==)"; #config.sops.secrets."qbittorrent/password_hash".path; + Password_PBKDF2 = config.sops.secrets."qbittorrent/password_hash".path; }; }; diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix index 4cab016..f17c737 100644 --- a/modules/nixos/services/networking/caddy/default.nix +++ b/modules/nixos/services/networking/caddy/default.nix @@ -29,7 +29,7 @@ in { package = pkgs.caddy.withPlugins { plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; - hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs="; + hash = "sha256-AdL/LFKXbWmCsJ/xZWZmYBnw57c7sS6s1miR3sSx1Ow="; }; virtualHosts = diff --git a/modules/nixos/services/networking/wireguard/default.nix b/modules/nixos/services/networking/wireguard/default.nix deleted file mode 100644 index 92bd803..0000000 --- a/modules/nixos/services/networking/wireguard/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - lib, - namespace, - ... -}: let - inherit (builtins) length; - inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs; - - cfg = config.${namespace}.services.networking.wireguard; - hasPeers = (cfg.peer |> attrNames |> length) > 0; -in { - options.${namespace}.services.networking.wireguard = { - # enable = mkEnableOption "enable wireguard" // {default = true;}; - - peer = mkOption { - type = types.attrsOf (types.submodule { - options = { - port = mkOption { - type = types.port; - description = ''''; - }; - - address = mkOption { - type = types.listOf types.str; - default = []; - description = ''''; - }; - }; - }); - }; - }; - - config = mkIf hasPeers { - networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port); - networking.wq-quick = { - # enable = cfg.enable; - - interfaces = - cfg.peer - |> attrsToList - |> imap0 (i: { name, value }: (namevaluepair "wg${i}" (value // { })); - |> listToAttrs - }; - }; -} diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index a867351..e2040d4 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -36,6 +36,7 @@ in { auth = { disable_login_form = false; + oauth_auto_login = true; }; "auth.basic".enable = false; diff --git a/script/.shared/pwgen b/script/.shared/pwgen deleted file mode 100644 index 85fc69f..0000000 --- a/script/.shared/pwgen +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -pwgen -s 128 1