diff --git a/flake.lock b/flake.lock index 467a6b2..949ef74 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { @@ -45,7 +45,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-SIKBfviJFGqzP5JJVCW7JRhSqxYKYChMFefASSt9YNU=", + "narHash": "sha256-Q1NbA/o8Q+JSR6wfK7cd9ylc3QWuURATo7c2Q1JCbX4=", "path": "pkgs/caddy", "type": "path" }, @@ -56,11 +56,11 @@ }, "caddy_2": { "locked": { - "lastModified": 1735284852, - "narHash": "sha256-mQu3IwEO294DuB7XAXOvOLriElDgRTf6rTLoDh3tMFQ=", + "lastModified": 1732948222, + "narHash": "sha256-kUWyjeqkU+RHTHVXT61QF19eW2vnWgah5OcPrUlU8oU=", "owner": "vincentbernat", "repo": "caddy-nix", - "rev": "b421380ded7c000f432092df0f1a7afd9e187173", + "rev": "9d13eb684b4ba1b2eb92e76f7ea1f517eccc4fe1", "type": "github" }, "original": { @@ -153,11 +153,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1734366194, + "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "type": "github" }, "original": { @@ -169,11 +169,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1737751639, - "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", + "lastModified": 1734954597, + "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", + "rev": "def1d472c832d77885f174089b0d34854b007198", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1737885589, - "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", + "lastModified": 1734649271, + "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", + "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "type": "github" }, "original": { @@ -233,8 +233,8 @@ "nixpkgs_2": { "locked": { "lastModified": 0, - "narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=", - "path": "/nix/store/50yickar04m51aqnc43gxf45g2i0n3k9-source", + "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", + "path": "/nix/store/4hpdrd3qvj7nks3rrimqm2jdmcga8isc-source", "type": "path" }, "original": { @@ -244,11 +244,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1738023785, - "narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=", + "lastModified": 1734875076, + "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2b4230bf03deb33103947e2528cac2ed516c5c89", + "rev": "1807c2b91223227ad5599d7067a61665c52d1295", "type": "github" }, "original": { diff --git a/hosts/garden/default.nix b/hosts/garden/default.nix index f22a9fb..144a69c 100644 --- a/hosts/garden/default.nix +++ b/hosts/garden/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: { imports = [ @@ -48,10 +48,5 @@ group = config.services.lidarr.group; }; - environment.systemPackages = with pkgs; [ - flac - shntool - ]; - system.stateVersion = "23.11"; } diff --git a/hosts/hub/apps/actual.nix b/hosts/hub/apps/actual.nix deleted file mode 100644 index 115d411..0000000 --- a/hosts/hub/apps/actual.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, ... }: - -{ - systemd.tmpfiles.rules = [ - "d /var/lib/actual 0755 root root" - ]; - - virtualisation.oci-containers.containers.actual = { - image = "actualbudget/actual-server:latest"; - ports = [ - "5006:5006" - ]; - volumes = [ "/var/lib/actual:/data" ]; - }; - - services.caddy.virtualHosts."https://budget.tailc50184.ts.net".extraConfig = '' - bind tailscale/budget - reverse_proxy http://localhost:5006 - ''; -} diff --git a/hosts/hub/apps/adguard.nix b/hosts/hub/apps/adguard.nix deleted file mode 100644 index fa0d758..0000000 --- a/hosts/hub/apps/adguard.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - containers.adguardhome = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.0.1"; - localAddress = "192.168.0.4"; - config = - { lib, ... }: - { - services = { - adguardhome = { - enable = true; - port = 80; - settings = { - filtering = { - protection_enabled = true; - filtering_enabled = true; - }; - }; - }; - tailscale = { - enable = true; - interfaceName = "userspace-networking"; - }; - }; - }; - }; -} diff --git a/hosts/hub/apps/audiobookshelf.nix b/hosts/hub/apps/audiobookshelf.nix deleted file mode 100644 index 8ed3581..0000000 --- a/hosts/hub/apps/audiobookshelf.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - audiobookshelf.enable = true; - caddy.virtualHosts."https://audiobookshelf.tailc50184.ts.net".extraConfig = '' - bind tailscale/audiobookshelf - reverse_proxy localhost:8000 - ''; - }; - environment.systemPackages = with pkgs; [ audible-cli ]; -} diff --git a/hosts/hub/apps/ollama.nix b/hosts/hub/apps/ollama.nix deleted file mode 100644 index e4fc202..0000000 --- a/hosts/hub/apps/ollama.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - services.ollama.enable = true; - services.caddy.virtualHosts."https://ollama.tailc50184.ts.net".extraConfig = '' - bind tailscale/ollama - reverse_proxy http://localhost:11434 - ''; -} \ No newline at end of file diff --git a/hosts/hub/apps/searxng.nix b/hosts/hub/apps/searxng.nix deleted file mode 100644 index df20ddb..0000000 --- a/hosts/hub/apps/searxng.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - services.searx = { - enable = true; - settings.server = { - port = 8080; - secret_key = "secret_key"; - }; - }; - - services.caddy.virtualHosts."https://searxng.tailc50184.ts.net".extraConfig = '' - bind tailscale/searxng - reverse_proxy http://localhost:8080 - ''; -} diff --git a/hosts/hub/default.nix b/hosts/hub/default.nix index e7855eb..59f0a96 100644 --- a/hosts/hub/default.nix +++ b/hosts/hub/default.nix @@ -22,10 +22,6 @@ ../../roles/syncthing.nix ./apps/dev.nix ./apps/nextcloud.nix - ./apps/searxng.nix - ./apps/actual.nix - ./apps/adguard.nix - ./apps/audiobookshelf.nix ]; boot.loader.grub = { @@ -94,11 +90,13 @@ }; certificateScheme = "acme"; enableManageSieve = true; - indexDir = "/var/lib/dovecot/indices"; fullTextSearch = { enable = true; + # index new email as they arrive + autoIndex = true; # this only applies to plain text attachments, binary attachments are never indexed indexAttachments = true; + enforced = "body"; }; }; diff --git a/pkgs/caddy/flake.lock b/pkgs/caddy/flake.lock deleted file mode 100644 index c377a1e..0000000 --- a/pkgs/caddy/flake.lock +++ /dev/null @@ -1,73 +0,0 @@ -{ - "nodes": { - "caddy": { - "locked": { - "lastModified": 1735284852, - "narHash": "sha256-mQu3IwEO294DuB7XAXOvOLriElDgRTf6rTLoDh3tMFQ=", - "owner": "vincentbernat", - "repo": "caddy-nix", - "rev": "b421380ded7c000f432092df0f1a7afd9e187173", - "type": "github" - }, - "original": { - "owner": "vincentbernat", - "repo": "caddy-nix", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 0, - "narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=", - "path": "/nix/store/50yickar04m51aqnc43gxf45g2i0n3k9-source", - "type": "path" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "root": { - "inputs": { - "caddy": "caddy", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/secrets/authelia_session.age b/secrets/authelia_session.age index a3525c4..a7f7db0 100644 --- a/secrets/authelia_session.age +++ b/secrets/authelia_session.age @@ -1,6 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 5X7MKw xrpuavAym+fGSiRin+j/3L0nkx1HbQ8KlXeDIeVgJV4 -Kp/4ez62E9tXEwKWywTFpAB5sIyWj8d46g/2P26nMoo ---- Jnp4aP2bYua2WgPK5yXjdmIVsTBtV0SsgijC6OeVB94 -#wŧ*MCݿl -8Wd΄٬k)MM^_%0K |w \ No newline at end of file +-> ssh-ed25519 5X7MKw YuRoNT0MBRWhTnjsFZUaft45PhSRkghxREoLSLnH3Ac +iFZLc/n7K4ZLs5O6m13H64On27735eJBV1UYtVjiq0c +--- alcDYeP+DzOX1IkyZ18cjsfIKirUPmHsqKXyL5LGHiQ +1Ye\-/&p:5tWG嶈C;hĿKJrf-]|?P|: \ No newline at end of file diff --git a/secrets/authelia_storage.age b/secrets/authelia_storage.age index c1c3846..4782c97 100644 Binary files a/secrets/authelia_storage.age and b/secrets/authelia_storage.age differ diff --git a/secrets/cloudflare_api.age b/secrets/cloudflare_api.age index 6c467ed..dfdff5d 100644 --- a/secrets/cloudflare_api.age +++ b/secrets/cloudflare_api.age @@ -1,5 +1,6 @@ age-encryption.org/v1 --> ssh-ed25519 5X7MKw OkAHr+YJ9t0JBsWcw0EYVGye17zGJoYzAMSiqyggwyU -U9tiuehf/rG9yQjZsBqXkY42CHE98mTBOw/7SkQhOwk ---- +focODoDCNdQbm8SS0q0USCQ5LUZx+NnKvc0tK5GR5g -w~\O^l/Eplζb 3x:)(VDAV0l3īRM߄BH҉ ʒ!Yâ&wJ|˔5vr:\ \ No newline at end of file +-> ssh-ed25519 5X7MKw ym72T52g1+mR47oSMb2e0wnBz6L15p+AFcn91r1Ge1w +f13gDhaIrpUS/HYpRFZkIq5YLf4IDckXHkcNg3FOfIM +--- GKtoiEoq2vhv/dh6/zRXSsbETxloRfcC9PLFn0Y+B7o +1v%[KV5fIS邍DpԸ>/+nRcKټVQ2w ݵ&v3ʃ{.74 +HS\k-RFvHjih  \ No newline at end of file diff --git a/secrets/jwt.age b/secrets/jwt.age index 2e3622f..17fe60b 100644 --- a/secrets/jwt.age +++ b/secrets/jwt.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 5X7MKw q8mFirtavSJK5ovKFl3l0/Hs/ooHwVy2UmuMwVENrDc -PwdMCbPZkr5jF0No+D2p51Y41Df5THYD3u2+lD5lLYE ---- 11Ll3UGRQQmtLz82aU1WegRlfSowlxakbzcTq/lL4/w -4jċ9UH? |dO(թUPq/]R_Z];H؂[441Z \ No newline at end of file +-> ssh-ed25519 5X7MKw LxFmTWxgYrEE1RsQsdygOOKz9BQLAJevlowuf4+mFXc +1ZeeOA3Ihyeg4huXqzNf6WaOpA/EbU1G36Rwo6ANMvo +--- hUkp8RDLowKXNhY3WJe2O4SjrXyt6fGHs1gk95T3RNs +<uHsN5c㿳 ssh-ed25519 5X7MKw YFex6K7JkRIA0nRPYtd9kySRTulpG/ks6abtaBZJICk -sZ/EMZTWNvj6Q1Fx9XoBy/whnAB4syYXXTW8iMGXbok ---- 49i8zwxAXuJQ4aca4VsLpxij7yjttJoTYZd0po3pDvo -%ǹ3} -KL83ݚon,d!1|f -K>;=`e> $zc \ No newline at end of file +-> ssh-ed25519 5X7MKw wZTFdwnfdu6FNEtTN9k4pNvMxWjANQOeGMcfhEFVuEQ +J3ACr5ChFqZAmnoTvfgkN+/3lxLzcU0i08CRWtpQqqc +--- 8Iex/gX3YgiuC4hQDfaf2C8EyQawOn7ccghWg9wr/OY +˥JH 6HwKiVeOt']iK/YCIyٮ}vtSʆsŰJ \ No newline at end of file diff --git a/secrets/nolan.age b/secrets/nolan.age index 0416bc9..3c9d623 100644 --- a/secrets/nolan.age +++ b/secrets/nolan.age @@ -1,12 +1,5 @@ age-encryption.org/v1 --> ssh-rsa exbmLg -owZ2BSARW2S2gsT4JCuCYPqPy0rHTU5WlKbGdiFF1HzYHFmzjYlpvdVXNnoIbAz3 -mg7y2HaOpa/DaVHkoj6yYL0AOEXka4SdYAIBqnXIAZefGTbGHuzUl518zlgq41tx -ODwgChYaSR6EOFO7zCjyfdeYMfjU65zKNttgDngS8BfeiMKAc2ok6H/4/w/gIs57 -FYDk1kXigJg+55omrTpex2aDg/D9kc6njbHcHijB7gFYtnN5Yc73JfY6QeoAf9Re -U8/gnA4CTRDMkuYjXPKZKEvU6VDoiKsdQuuHAwlXHjO9JE2JHz3IXd4ODwP/A47f -yDusR5yWk1ZvYjPZNjS8pQ --> ssh-ed25519 revz+g zQStUkTc1AhVSg+u87WdvWaG5YcZUop7q6Ld6rCXKhM -WokTf8Ap9QZqJv1Qf8ich+9OjCRzFwdXjkW0owdMISk ---- 8NYNJtWhxmiFoR0GAafRsoGQKfPXM+3sP6zZSbCzpGo -@i?3rQSAlئRi+W*C̦ \ No newline at end of file +-> ssh-ed25519 WXu6hQ xPIs0RMmg8qzbe5u0fkmd52vwUWtPFbp8OT+PWKfBmk +AlgW3FNZMZZKQP2WBxBtkz/fkn7D36jH6RQqQqPTFLQ +--- Fbjl6JMOoyxErJQ2vxx/JiZyjMK7aoWFqIH3WMZxbrk +>2[\R!VlC/v5iFbNɇo}t\|0F;2{qp2Ћ*B.JAC7? [ y%xڠ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e873b7f..282f810 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,11 +1,13 @@ let - nolan = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPk6C4eOYzTZ8XOuUA2tErGnSTLS/l9kRDl9+5Ql+m7VtaH/KRFbu6x+C0QAIKOrRcQOjpGYUjL1aIn0HCcoEW2PSihDmOHC+W8cy8ucScy4fPI5KpFFqTZU336Fje+NS4n587gcoaa5LjKcr2KZy/ljgzl4eNSRIqy85khfH4puxsj7LwTIqsZoqDhtD/jSqaKP1C2wuYSsijLF85UnRcT9jErnL757yUv/4xb4Is+gB0zan9GiBXRca4lzb0mY8rmMXmKhc2lm/mu8ogZRdYX5R2JP1AukzYGSdOFs4iUauihgvakuou9AugD2CC+ygYIEbWkUjwKfT9nRN93Qi9 id_rsa"; + nolan = "ssh-rsa + AAAAB3NzaC1yc2EAAAADAQABAAABAQDPk6C4eOYzTZ8XOuUA2tErGnSTLS/l9kRDl9+5Ql+m7VtaH/KRFbu6x+C0QAIKOrRcQOjpGYUjL1aIn0HCcoEW2PSihDmOHC+W8cy8ucScy4fPI5KpFFqTZU336Fje+NS4n587gcoaa5LjKcr2KZy/ljgzl4eNSRIqy85khfH4puxsj7LwTIqsZoqDhtD/jSqaKP1C2wuYSsijLF85UnRcT9jErnL757yUv/4xb4Is+gB0zan9GiBXRca4lzb0mY8rmMXmKhc2lm/mu8ogZRdYX5R2JP1AukzYGSdOFs4iUauihgvakuou9AugD2CC+ygYIEbWkUjwKfT9nRN93Qi9 + id_rsa"; + nixbox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPChjQ4PCvOkknZitrMS89GVjyxIbb/TPfczOWZ+rY6C"; hub = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHygBPmz5T8IH/D60CiA5mOlKFTtYnk8JaK6cB+RJ4rk"; garden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3GEJ8fp2P10tKXGz7Oh4wg/CN1IvfS7s06hWLuA573"; - flynode = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhYhgpzyqIbSX779o6TI9yZA1qvha+SUfrdHwndj69I"; in { - "nolan.age".publicKeys = [ nolan flynode ]; + "nolan.age".publicKeys = [ nixbox ]; "ldap.age".publicKeys = [ hub ]; "jwt.age".publicKeys = [ hub ]; "authelia_session.age".publicKeys = [ hub ];