chore: update dependencies

.
Refactor var generation and update service configs
2026-03-23 08:46:20 +00:00 · 2026-03-23 09:38:23 +01:00 · 2026-03-23 09:38:23 +01:00
8 changed files with 103 additions and 40 deletions
--- a/.just/vars.just
+++ b/.just/vars.just
@ -36,20 +36,25 @@ remove machine key:
    echo "Done"
-[doc('Remove var by {key} for {machine}')]
+[doc('Generate var values for {machine}')]
 [script]
 generate machine:
    for key in $(nix eval --apply 'builtins.attrNames' --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets | jq -r '.[]'); do
        # Skip if there's no script
        [ -f "{{ justfile_directory() }}/script/$key" ] || continue
        # Skip if we already have a value
-        [ $(just vars get {{ machine }} "$key" | jq -r) ] && continue
+        [ $(just vars get "{{ machine }}" "$key" | jq -r) ] && continue
-        echo "Executing script for $key"
+        just _rotate "{{ machine }}" "$key"
        just vars set {{ machine }} "$key" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/$key")" && source "./$(basename $key)")"
    done
 [doc('Regenerate var values for {machine}')]
 [script]
 _rotate machine key:
    # Exit if there's no script
    [ -f "{{ justfile_directory() }}/script/{{ key }}" ] || exit
    echo "Executing script for {{ key }}"
    just vars set "{{ machine }}" "{{ key }}" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/{{ key }}")" && source "./$(basename "{{ key }}")")"
 [script]
 check:
    cd ..
--- a/flake.lock
+++ b/flake.lock
@ -83,11 +83,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1774174479,
+        "lastModified": 1774210137,
-        "narHash": "sha256-6stwl7hiMK6Jvn11cBnw3TutkVSdPp1ILh+93aWVImA=",
+        "narHash": "sha256-QaPn/8NlrXd6jd8S9+KV2pYsGNZ8KWU5+jv2/QtRlUw=",
-        "rev": "a50863e540a43fc0617ecbf8adada90af3899f57",
+        "rev": "1862f2641e54a51755b0b9acb907d01f6b324b2a",
        "type": "tarball",
-        "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/a50863e540a43fc0617ecbf8adada90af3899f57.tar.gz"
+        "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/1862f2641e54a51755b0b9acb907d01f6b324b2a.tar.gz"
      },
      "original": {
        "type": "tarball",
@ -184,11 +184,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1774163246,
+        "lastModified": 1774250935,
-        "narHash": "sha256-gzlqyLjP44LWraUd3Zn4xrQKOtK+zcBJ77pnsSUsxcM=",
+        "narHash": "sha256-mWID0WFgTnd9hbEeaPNX+YYWF70JN3r7zBouEqERJOE=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "4cd28929c68cae521589bc21958d3793904ed1e2",
+        "rev": "64d7705e8c37d650cfb1aa99c24a8ce46597f29e",
        "type": "github"
      },
      "original": {
@ -571,11 +571,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1774135471,
+        "lastModified": 1774210133,
-        "narHash": "sha256-TVeIGOxnfSPM6JvkRkXHpJECnj1OG2dXkWMSA4elzzQ=",
+        "narHash": "sha256-yeiWCY9aAUUJ3ebMVjs0UZXRnT5x90MCtpbpOWiXrvM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "856b01ebd1de3f53c3929ce8082d9d67d799d816",
+        "rev": "c6fe2944ad9f2444b2d767c4a5edee7c166e8a95",
        "type": "github"
      },
      "original": {
@ -980,11 +980,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1774192834,
+        "lastModified": 1774253681,
-        "narHash": "sha256-Ro1L12XoZiA63+JOskKf/w49v8K8hQDkEvNqem7nnik=",
+        "narHash": "sha256-U3LMRHov4wQ4olZq/zvf94Qf7oL6W11fjvZGvWg3gZc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "116515096225d29ffa1b6d576dd04b93941fe591",
+        "rev": "16b430b0e3a5233df0444f14928af915555308ac",
        "type": "github"
      },
      "original": {
@ -1028,11 +1028,11 @@
    },
    "nixpkgs_8": {
      "locked": {
-        "lastModified": 1773821835,
+        "lastModified": 1774106199,
-        "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
+        "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
+        "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655",
        "type": "github"
      },
      "original": {
@ -1093,11 +1093,11 @@
        "systems": "systems_4"
      },
      "locked": {
-        "lastModified": 1774134539,
+        "lastModified": 1774224548,
-        "narHash": "sha256-VTbmIpAP4OlM76uwUUezfewBUsrfWk2l3H2QaTY6QLc=",
+        "narHash": "sha256-g45WZAZHNc7wJBkK4IdB5dq0Bh0JE7G0gcY2H5DFi44=",
        "owner": "notashelf",
        "repo": "nvf",
-        "rev": "85ca579065a079ee9ee603339668c7c16b61c4f7",
+        "rev": "edfb73fa4ced576f587d259a70a513b4152f8cea",
        "type": "github"
      },
      "original": {
@ -1158,11 +1158,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1774097238,
+        "lastModified": 1774221325,
-        "narHash": "sha256-hcujm/qEX4RUybdBCrQKdQNqTRYDItmnbjJRP5ky5vc=",
+        "narHash": "sha256-aEIdkqB8gtQZtEbogdUb5iyfcZpKIlD3FkG8ANu73/I=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "76de1de27c0ca1329bc41324edab22c82d69e779",
+        "rev": "b42b63f390a4dab14e6efa34a70e67f5b087cc62",
        "type": "github"
      },
      "original": {
@ -1502,11 +1502,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1774155194,
+        "lastModified": 1774242250,
-        "narHash": "sha256-0+8XV5WPO5Ie8hBcEEpPoR7mCqUmMnVZFiu6DQIxIE0=",
+        "narHash": "sha256-pchbnY7KVnH26g4O3LZO8vpshInqNj937gAqlPob1Mk=",
        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
-        "rev": "56e6e71b465967758ff4db948ff943cb8ea31ca4",
+        "rev": "f19c3e6683c2d2f3fcfcb88fb691931a104bc47c",
        "type": "github"
      },
      "original": {
--- a/modules/nixos/services/media/glance/default.nix
+++ b/modules/nixos/services/media/glance/default.nix
@ -13,6 +13,12 @@ in {
  };
  config = mkIf cfg.enable {
    ${namespace}.services.networking.caddy.hosts = {
      "https://${config.networking.hostName}:443" = ''
        reverse_proxy http://[::]:2000
      '';
    };
    services.glance = {
      enable = true;
      openFirewall = true;
@ -100,22 +106,22 @@ in {
                      }
                      {
                        title = "Radarr";
-                        url = "http://${config.networking.hostName}:2001";
+                        url = "http://${config.networking.hostName}:${builtins.toString config.services.radarr.settings.server.port}";
                        icon = "sh:radarr";
                      }
                      {
                        title = "Sonarr";
-                        url = "http://${config.networking.hostName}:2002";
+                        url = "http://${config.networking.hostName}:${builtins.toString config.services.sonarr.settings.server.port}";
                        icon = "sh:sonarr";
                      }
                      {
                        title = "Lidarr";
-                        url = "http://${config.networking.hostName}:2003";
+                        url = "http://${config.networking.hostName}:${builtins.toString config.services.lidarr.settings.server.port}";
                        icon = "sh:lidarr";
                      }
                      {
                        title = "Prowlarr";
-                        url = "http://${config.networking.hostName}:2004";
+                        url = "http://${config.networking.hostName}:${builtins.toString config.services.prowlarr.settings.server.port}";
                        icon = "sh:prowlarr";
                      }
                      {
@ -125,7 +131,7 @@ in {
                      }
                      {
                        title = "SABnzbd";
-                        url = "http://${config.networking.hostName}:8080";
+                        url = "http://${config.networking.hostName}:${builtins.toString config.services.sabnzbd.settings.misc.port}";
                        icon = "sh:sabnzbd";
                      }
                    ];
--- a/modules/nixos/services/media/servarr/default.nix
+++ b/modules/nixos/services/media/servarr/default.nix
@ -85,8 +85,11 @@ in {
              LegalNotice.Accepted = true;
              Prefecences.WebUI = {
                AlternativeUIEnabled = true;
                RootFolder = "''${pkgs.vuetorrent}/share/vuetorrent";
                Username = "admin";
-                Password_PBKDF2 = config.sops.secrets."qbittorrent/password_hash".path;
+                Password_PBKDF2 = "@ByteArray(Yhyk8fzgSHuKcgcmIxhYzg==:9njltqI5znb98+n+eOqUvpe4xYj6Dcub994o2fe9kpTa1fczMdHf/fNoifLaGmEf69xkTNSztEuh6BqcR4/CbQ==)"; #config.sops.secrets."qbittorrent/password_hash".path;
              };
            };
--- a/modules/nixos/services/networking/caddy/default.nix
+++ b/modules/nixos/services/networking/caddy/default.nix
@ -29,7 +29,7 @@ in {
      package = pkgs.caddy.withPlugins {
        plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
-        hash = "sha256-AdL/LFKXbWmCsJ/xZWZmYBnw57c7sS6s1miR3sSx1Ow=";
+        hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
      };
      virtualHosts =
--- a/modules/nixos/services/networking/wireguard/default.nix
+++ b/modules/nixos/services/networking/wireguard/default.nix
@ -0,0 +1,47 @@
 {
  config,
  pkgs,
  lib,
  namespace,
  ...
 }: let
  inherit (builtins) length;
  inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs;
  cfg = config.${namespace}.services.networking.wireguard;
  hasPeers = (cfg.peer |> attrNames |> length) > 0;
 in {
  options.${namespace}.services.networking.wireguard = {
    # enable = mkEnableOption "enable wireguard" // {default = true;};
    peer = mkOption {
      type = types.attrsOf (types.submodule {
        options = {
          port = mkOption {
            type = types.port;
            description = '''';
          };
          address = mkOption {
            type = types.listOf types.str;
            default = [];
            description = '''';
          };
        };
      });
    };
  };
  config = mkIf hasPeers {
    networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port);
    networking.wq-quick = {
      # enable = cfg.enable;
      interfaces =
        cfg.peer
        |> attrsToList
        |> imap0 (i: { name, value }: (namevaluepair "wg${i}" (value // {  }));
        |> listToAttrs
    };
  };
 }
--- a/modules/nixos/services/observability/grafana/default.nix
+++ b/modules/nixos/services/observability/grafana/default.nix
@ -36,7 +36,6 @@ in {
          auth = {
            disable_login_form = false;
            oauth_auto_login = true;
          };
          "auth.basic".enable = false;
--- a/script/.shared/pwgen
+++ b/script/.shared/pwgen
@ -0,0 +1,3 @@
 #!/bin/bash
 pwgen -s 128 1
Author	SHA1	Message	Date
chris	4fd0b16db0	chore: update dependencies Some checks failed Test action / kaas (push) Failing after 1s Details	2026-03-23 08:46:20 +00:00
Chris Kruining	5b844aab8d	.	2026-03-23 09:38:23 +01:00
Chris Kruining	793866e621	Refactor var generation and update service configs - Refactor var generation scripts to use _rotate helper - Update Glance service URLs to use configured ports - Set static password hash for qBittorrent in Servarr config - Update Caddy plugin hash - Remove oauth_auto_login from Grafana config - Add shared pwgen script for password generation	2026-03-23 09:38:23 +01:00