From 59d2205e7ac35efa7f79c1cf0fab9bb96b327b00 Mon Sep 17 00:00:00 2001 From: matt1432 Date: Wed, 24 Jul 2024 20:52:32 -0400 Subject: [PATCH] fix(docker): add required changes to make every container work --- devices/nos/modules/docker/default.nix | 2 +- .../nos/modules/docker/forgejo/compose.nix | 107 +++++----- .../nos/modules/docker/freshrss/compose.nix | 125 ++++++----- .../nos/modules/docker/gameyfin/compose.nix | 27 ++- devices/nos/modules/docker/hauk/compose.nix | 15 +- .../nos/modules/docker/homepage/compose.nix | 104 ++++----- devices/nos/modules/docker/immich/compose.nix | 110 +++++----- .../modules/docker/media/bazarr/compose.nix | 43 ++-- .../modules/docker/media/calibre/compose.nix | 78 +++---- .../nos/modules/docker/media/joal/compose.nix | 31 +-- .../modules/docker/media/prowlarr/compose.nix | 56 ++--- .../modules/docker/media/radarr/compose.nix | 37 ++-- .../modules/docker/media/sabnzbd/compose.nix | 37 ++-- .../modules/docker/media/seerr/compose.nix | 31 +-- .../modules/docker/media/sonarr/compose.nix | 37 ++-- .../modules/docker/music/jbots/compose.nix | 42 ++-- .../nos/modules/docker/nextcloud/compose.nix | 198 ++++++++++-------- devices/nos/modules/docker/resume/compose.nix | 71 ++++--- .../modules/docker/vaultwarden/compose.nix | 34 +-- .../nos/modules/docker/wg-easy/compose.nix | 62 +++--- flake.lock | 68 ++---- 21 files changed, 709 insertions(+), 606 deletions(-) diff --git a/devices/nos/modules/docker/default.nix b/devices/nos/modules/docker/default.nix index f250898e..4713f7dd 100644 --- a/devices/nos/modules/docker/default.nix +++ b/devices/nos/modules/docker/default.nix @@ -1,5 +1,5 @@ {...}: let - configPath = "/var/lib/docker"; + configPath = "/var/lib/docker-data"; in { imports = [ ./forgejo/compose.nix diff --git a/devices/nos/modules/docker/forgejo/compose.nix b/devices/nos/modules/docker/forgejo/compose.nix index 7fa62155..0051674c 100644 --- a/devices/nos/modules/docker/forgejo/compose.nix +++ b/devices/nos/modules/docker/forgejo/compose.nix @@ -8,68 +8,75 @@ rwPath = rwDataDir + "/forgejo"; in { - khepri.compositions."forgejo".services = { - "forgejo" = { - image = import ./images/forgejo.nix pkgs; + khepri.compositions."forgejo" = { + networks.proxy_net = {external = true;}; - ports = [ - # Redirect WAN port 22 to this port - "2222:22" - "3000:3000" - ]; + services = { + "forgejo" = { + image = import ./images/forgejo.nix pkgs; - restart = "always"; - dependsOn = ["forgejo-db"]; + ports = [ + # Redirect WAN port 22 to this port + "2222:22" + "3000:3000" + ]; - environmentFiles = [secrets.forgejo.path]; - environment = { - APP_NAME = "Gitea"; + networks = ["proxy_net"]; - # TODO: change ids - USER_UID = "1000"; - USER_GID = "1000"; + restart = "always"; + dependsOn = ["forgejo-db"]; - ROOT_URL = "https://git.nelim.org"; - SSH_DOMAIN = "git.nelim.org"; - SSH_PORT = "22"; - HTTP_PORT = "3000"; + environmentFiles = [secrets.forgejo.path]; + environment = { + APP_NAME = "Gitea"; + + # TODO: change ids + USER_UID = "1000"; + USER_GID = "1000"; + + ROOT_URL = "https://git.nelim.org"; + SSH_DOMAIN = "git.nelim.org"; + SSH_PORT = "22"; + HTTP_PORT = "3000"; + }; + + volumes = [ + "${rwPath}/data:/data" + "/etc/timezone:/etc/timezone:ro" + "/etc/localtime:/etc/localtime:ro" + ]; }; - volumes = [ - "${rwPath}/data:/data" - "/etc/timezone:/etc/timezone:ro" - "/etc/localtime:/etc/localtime:ro" - ]; - }; + "forgejo-db" = { + image = import ./images/postgres.nix pkgs; - "forgejo-db" = { - image = import ./images/postgres.nix pkgs; + restart = "always"; - restart = "always"; + environmentFiles = [secrets.forgejo-db.path]; + networks = ["proxy_net"]; - environmentFiles = [secrets.forgejo-db.path]; - - volumes = ["${rwPath}/db:/var/lib/postgresql/data"]; - }; - - "act_runner" = { - image = import ./images/act_runner.nix pkgs; - - privileged = true; - - restart = "always"; - dependsOn = ["forgejo"]; - - environmentFiles = [secrets.forgejo-runner.path]; - environment = { - GITEA_INSTANCE_URL = "https://git.nelim.org"; - GITEA_RUNNER_NAME = "DinD"; + volumes = ["${rwPath}/db:/var/lib/postgresql/data"]; }; - volumes = ["${rwPath}/act:/data"]; - extraHosts = [ - "git.nelim.org=10.0.0.130" - ]; + "act_runner" = { + image = import ./images/act_runner.nix pkgs; + + privileged = true; + user = "root:root"; + networks = ["proxy_net"]; + + restart = "always"; + dependsOn = ["forgejo"]; + + environmentFiles = [secrets.forgejo-runner.path]; + environment = { + GITEA_INSTANCE_URL = "https://git.nelim.org"; + GITEA_RUNNER_NAME = "DinD"; + }; + + volumes = ["${rwPath}/act:/data"]; + extraHosts = ["git.nelim.org:10.0.0.130"]; + }; }; }; } diff --git a/devices/nos/modules/docker/freshrss/compose.nix b/devices/nos/modules/docker/freshrss/compose.nix index 8e63b8eb..27c7bd77 100644 --- a/devices/nos/modules/docker/freshrss/compose.nix +++ b/devices/nos/modules/docker/freshrss/compose.nix @@ -8,76 +8,87 @@ rwPath = rwDataDir + "/freshrss"; in { - khepri.compositions."freshrss".services = { - "freshrss" = { - image = import ./images/freshrss.nix pkgs; - restart = "always"; + khepri.compositions."freshrss" = { + networks.proxy_net = {external = true;}; - ports = ["2800:80"]; - extraHosts = [ - "drss.nelim.org=10.0.0.130" - "bridge.nelim.org=10.0.0.130" - ]; + services = { + "freshrss" = { + image = import ./images/freshrss.nix pkgs; + restart = "always"; - volumes = let - rss-bridge = pkgs.stdenv.mkDerivation { - name = "rss-bridge-ext"; - version = "unstable"; - src = pkgs.fetchFromGitHub { - owner = "DevonHess"; - repo = "FreshRSS-Extensions"; - rev = "299c1febc279be77fa217ff5c2965a620903b974"; - hash = "sha256-++kgbrGJohKeOeLjcy7YV3QdCf9GyZDtbntlFmmIC5k="; + ports = ["2800:80"]; + extraHosts = [ + "drss.nelim.org:10.0.0.130" + "bridge.nelim.org:10.0.0.130" + ]; + networks = ["proxy_net"]; + + volumes = let + rss-bridge = pkgs.stdenv.mkDerivation { + name = "rss-bridge-ext"; + version = "unstable"; + src = pkgs.fetchFromGitHub { + owner = "DevonHess"; + repo = "FreshRSS-Extensions"; + rev = "299c1febc279be77fa217ff5c2965a620903b974"; + hash = "sha256-++kgbrGJohKeOeLjcy7YV3QdCf9GyZDtbntlFmmIC5k="; + }; + installPhase = '' + mkdir $out + cp -ar ./xExtension-RssBridge $out/ + ''; }; - installPhase = '' - mkdir $out - cp -ar ./xExtension-RssBridge $out/ - ''; + in [ + "${rwPath}/data:/var/www/FreshRSS/data" + "${rss-bridge}/xExtension-RssBridge:/var/www/FreshRSS/extensions/xExtension-RssBridge:ro" + ]; + + environmentFiles = [secrets.freshrss.path]; + + environment = { + TZ = "America/New_York"; + CRON_MIN = "3,33"; }; - in [ - "${rwPath}/data:/var/www/FreshRSS/data" - "${rss-bridge}/xExtension-RssBridge:/var/www/FreshRSS/extensions/xExtension-RssBridge:ro" - ]; - - environmentFiles = [secrets.freshrss.path]; - - environment = { - TZ = "America/New_York"; - CRON_MIN = "3,33"; }; - }; - "freshrss-db" = { - image = import ./images/postgres.nix pkgs; - restart = "always"; + "freshrss-db" = { + image = import ./images/postgres.nix pkgs; + restart = "always"; - volumes = [ - "${rwPath}/db:/var/lib/postgresql/data" - ]; + volumes = [ + "${rwPath}/db:/var/lib/postgresql/data" + ]; - environmentFiles = [secrets.freshrss.path]; + networks = ["proxy_net"]; - environment = { - POSTGRES_DB = "\${DB_BASE:-freshrss}"; - POSTGRES_USER = "\${DB_USER:-freshrss}"; - POSTGRES_PASSWORD = "\${DB_PASSWORD:-freshrss}"; + environmentFiles = [secrets.freshrss.path]; + + environment = { + POSTGRES_DB = "\${DB_BASE:-freshrss}"; + POSTGRES_USER = "\${DB_USER:-freshrss}"; + POSTGRES_PASSWORD = "\${DB_PASSWORD:-freshrss}"; + }; }; - }; - "docker-hub-rss" = { - image = import ./images/docker-hub-rss.nix pkgs; - restart = "always"; - ports = ["3007:3000"]; - }; + "docker-hub-rss" = { + image = import ./images/docker-hub-rss.nix pkgs; + restart = "always"; + ports = ["3007:3000"]; - "rss-bridge" = { - image = import ./images/rss-bridge.nix pkgs; - restart = "always"; + networks = ["proxy_net"]; + }; - volumes = [ - "${rwPath}/bridge:/config" - ]; - ports = ["3006:80"]; + "rss-bridge" = { + image = import ./images/rss-bridge.nix pkgs; + restart = "always"; + + volumes = [ + "${rwPath}/bridge:/config" + ]; + ports = ["3006:80"]; + + networks = ["proxy_net"]; + }; }; }; } diff --git a/devices/nos/modules/docker/gameyfin/compose.nix b/devices/nos/modules/docker/gameyfin/compose.nix index cd4c27c3..95a61351 100644 --- a/devices/nos/modules/docker/gameyfin/compose.nix +++ b/devices/nos/modules/docker/gameyfin/compose.nix @@ -5,19 +5,24 @@ }: let inherit (config.sops) secrets; in { - khepri.compositions."gameyfin".services."gameyfin" = { - image = import ./images/gameyfin.nix pkgs; - restart = "always"; - user = "1000:1000"; + khepri.compositions."gameyfin" = { + networks.proxy_net = {external = true;}; - environmentFiles = [secrets.gameyfin.path]; - environment.GAMEYFIN_USER = "mathis"; + services."gameyfin" = { + image = import ./images/gameyfin.nix pkgs; + restart = "always"; + user = "1000:1000"; - volumes = [ - "/data/games:/opt/gameyfin-library" - ]; + environmentFiles = [secrets.gameyfin.path]; + environment.GAMEYFIN_USER = "mathis"; - expose = ["8080"]; - ports = ["8074:8080"]; + volumes = [ + "/data/games:/opt/gameyfin-library" + ]; + + expose = ["8080"]; + ports = ["8074:8080"]; + networks = ["proxy_net"]; + }; }; } diff --git a/devices/nos/modules/docker/hauk/compose.nix b/devices/nos/modules/docker/hauk/compose.nix index 2fd9ff62..1be5fc07 100644 --- a/devices/nos/modules/docker/hauk/compose.nix +++ b/devices/nos/modules/docker/hauk/compose.nix @@ -1,9 +1,14 @@ {pkgs, ...}: { - khepri.compositions."hauk".services."hauk" = { - image = import ./images/hauk.nix pkgs; - restart = "always"; - ports = ["3003:80"]; + khepri.compositions."hauk" = { + networks.proxy_net = {external = true;}; - volumes = ["${./config.php}:/etc/hauk/config.php:ro"]; + services."hauk" = { + image = import ./images/hauk.nix pkgs; + restart = "always"; + ports = ["3003:80"]; + networks = ["proxy_net"]; + + volumes = ["${./config.php}:/etc/hauk/config.php:ro"]; + }; }; } diff --git a/devices/nos/modules/docker/homepage/compose.nix b/devices/nos/modules/docker/homepage/compose.nix index bfbd40ac..d383e4dc 100644 --- a/devices/nos/modules/docker/homepage/compose.nix +++ b/devices/nos/modules/docker/homepage/compose.nix @@ -6,57 +6,63 @@ inherit (config.sops) secrets; inherit (pkgs.writers) writeYAML; in { - khepri.compositions."homepage".services."homepage" = { - image = import ./images/homepage.nix pkgs; - restart = "always"; + khepri.compositions."homepage" = { + networks.proxy_net = {external = true;}; - ports = [ - "3020:3000" - ]; + services."homepage" = { + image = import ./images/homepage.nix pkgs; + restart = "always"; - extraHosts = ["lan.nelim.org=10.0.0.130"]; - - environmentFiles = [secrets.homepage.path]; - - volumes = let - services = writeYAML "services.yaml" (import ./services.nix); - - bookmarks = writeYAML "bookmarks.yaml" {}; - - settings = writeYAML "settings.yaml" { - # FIXME: title not working - title = "bruh"; - theme = "dark"; - color = "gray"; - target = "_self"; - - layout.video = { - style = "columns"; - row = 4; - # columns = 2; - }; - }; - - widgets = writeYAML "widgets.yaml" [ - { - resources = { - cpu = true; - memory = true; - disk = "/"; - }; - } - { - search = { - provider = "duckduckgo"; - target = "_blank"; - }; - } + ports = [ + "3020:3000" ]; - in [ - "${bookmarks}:/app/config/bookmarks.yaml:ro" - "${services}:/app/config/services.yaml:ro" - "${settings}:/app/config/settings.yaml:ro" - "${widgets}:/app/config/widgets.yaml:ro" - ]; + + networks = ["proxy_net"]; + + extraHosts = ["lan.nelim.org:10.0.0.130"]; + + environmentFiles = [secrets.homepage.path]; + + volumes = let + services = writeYAML "services.yaml" (import ./services.nix); + + bookmarks = writeYAML "bookmarks.yaml" {}; + + settings = writeYAML "settings.yaml" { + # FIXME: title not working + title = "bruh"; + theme = "dark"; + color = "gray"; + target = "_self"; + + layout.video = { + style = "columns"; + row = 4; + # columns = 2; + }; + }; + + widgets = writeYAML "widgets.yaml" [ + { + resources = { + cpu = true; + memory = true; + disk = "/"; + }; + } + { + search = { + provider = "duckduckgo"; + target = "_blank"; + }; + } + ]; + in [ + "${bookmarks}:/app/config/bookmarks.yaml:ro" + "${services}:/app/config/services.yaml:ro" + "${settings}:/app/config/settings.yaml:ro" + "${widgets}:/app/config/widgets.yaml:ro" + ]; + }; }; } diff --git a/devices/nos/modules/docker/immich/compose.nix b/devices/nos/modules/docker/immich/compose.nix index d1e93e1c..86092e5a 100644 --- a/devices/nos/modules/docker/immich/compose.nix +++ b/devices/nos/modules/docker/immich/compose.nix @@ -10,66 +10,74 @@ UPLOAD_LOCATION = "${rwPath}/data"; in { - khepri.compositions."immich".services = { - "immich_server" = { - image = import ./images/server.nix pkgs; - environmentFiles = [ - "${./env}" - secrets.immich.path - ]; + khepri.compositions."immich" = { + networks.proxy_net = {external = true;}; - volumes = [ - "${UPLOAD_LOCATION}:/usr/src/app/upload:rw" - ]; - ports = [ - "2283:3001" - ]; + services = { + "immich_server" = { + image = import ./images/server.nix pkgs; + environmentFiles = [ + "${./env}" + secrets.immich.path + ]; - dependsOn = ["immich_redis" "immich_postgres"]; - restart = "always"; + volumes = [ + "${UPLOAD_LOCATION}:/usr/src/app/upload:rw" + ]; + ports = [ + "2283:3001" + ]; + networks = ["proxy_net"]; - environment.NODE_ENV = "production"; - }; + dependsOn = ["immich_redis" "immich_postgres"]; + restart = "always"; - "immich_machine_learning" = { - image = import ./images/machine-learning.nix pkgs; - restart = "always"; - environmentFiles = [ - "${./env}" - secrets.immich.path - ]; + environment.NODE_ENV = "production"; + }; - volumes = [ - "${rwPath}/cache:/cache" - ]; - }; + "immich_machine_learning" = { + image = import ./images/machine-learning.nix pkgs; + restart = "always"; + environmentFiles = [ + "${./env}" + secrets.immich.path + ]; + networks = ["proxy_net"]; - "immich_redis" = { - image = import ./images/redis.nix pkgs; - restart = "always"; - tmpfs = ["/data"]; - environmentFiles = [ - "${./env}" - secrets.immich.path - ]; - }; + volumes = [ + "${rwPath}/cache:/cache" + ]; + }; - "immich_postgres" = { - image = import ./images/postgres.nix pkgs; - restart = "always"; - environmentFiles = [ - "${./env}" - secrets.immich.path - ]; + "immich_redis" = { + image = import ./images/redis.nix pkgs; + restart = "always"; + tmpfs = ["/data"]; + environmentFiles = [ + "${./env}" + secrets.immich.path + ]; + networks = ["proxy_net"]; + }; - volumes = [ - "${rwPath}/db:/var/lib/postgresql/data" - ]; + "immich_postgres" = { + image = import ./images/postgres.nix pkgs; + restart = "always"; + environmentFiles = [ + "${./env}" + secrets.immich.path + ]; + networks = ["proxy_net"]; - environment = { - POSTGRES_PASSWORD = "\${DB_PASSWORD}"; - POSTGRES_USER = "\${DB_USERNAME}"; - POSTGRES_DB = "\${DB_DATABASE_NAME}"; + volumes = [ + "${rwPath}/db:/var/lib/postgresql/data" + ]; + + environment = { + POSTGRES_PASSWORD = "\${DB_PASSWORD}"; + POSTGRES_USER = "\${DB_USERNAME}"; + POSTGRES_DB = "\${DB_DATABASE_NAME}"; + }; }; }; }; diff --git a/devices/nos/modules/docker/media/bazarr/compose.nix b/devices/nos/modules/docker/media/bazarr/compose.nix index b7d9a3fc..34e51a32 100644 --- a/devices/nos/modules/docker/media/bazarr/compose.nix +++ b/devices/nos/modules/docker/media/bazarr/compose.nix @@ -7,26 +7,31 @@ rwPath = rwDataDir + "/media/bazarr"; in { - khepri.compositions."bazarr".services."bazarr" = { - image = import ./images/bazarr.nix pkgs; - restart = "always"; + khepri.compositions."bazarr" = { + networks.proxy_net = {external = true;}; - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "America/New_York"; + services."bazarr" = { + image = import ./images/bazarr.nix pkgs; + restart = "always"; + + environment = { + PUID = "1000"; + PGID = "1000"; + TZ = "America/New_York"; + }; + + extraHosts = ["lan.nelim.org:10.0.0.130"]; + ports = [ + "6767:6767" + ]; + + volumes = [ + "${rwPath}/data:/config" + "/data:/data" + ]; + + cpus = 2; + networks = ["proxy_net"]; }; - - extraHosts = ["lan.nelim.org=10.0.0.130"]; - ports = [ - "6767:6767" - ]; - - volumes = [ - "${rwPath}/data:/config" - "/data:/data" - ]; - - cpus = 2; }; } diff --git a/devices/nos/modules/docker/media/calibre/compose.nix b/devices/nos/modules/docker/media/calibre/compose.nix index f00a881f..90ea376f 100644 --- a/devices/nos/modules/docker/media/calibre/compose.nix +++ b/devices/nos/modules/docker/media/calibre/compose.nix @@ -7,50 +7,56 @@ rwPath = rwDataDir + "/media/calibre"; in { - khepri.compositions."calibre".services = { - "calibre" = { - image = import ./images/calibre.nix pkgs; - restart = "always"; + khepri.compositions."calibre" = { + networks.proxy_net = {external = true;}; - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "America/New_York"; + services = { + "calibre" = { + image = import ./images/calibre.nix pkgs; + restart = "always"; - # WebUI vars - SUBFOLDER = "/calibre/"; - TITLE = "CalibreDB"; - NO_DECOR = "true"; + environment = { + PUID = "1000"; + PGID = "1000"; + TZ = "America/New_York"; + + # WebUI vars + SUBFOLDER = "/calibre/"; + TITLE = "CalibreDB"; + NO_DECOR = "true"; + }; + + volumes = ["${rwPath}/data-db:/config"]; + + extraHosts = ["lan.nelim.org:10.0.0.130"]; + ports = [ + "8580:8080" + #"8081:8081" + ]; + networks = ["proxy_net"]; + #network_mode = "host"; }; - volumes = ["${rwPath}/data-db:/config"]; + "calibre-web" = { + image = import ./images/calibre-web.nix pkgs; + restart = "always"; - extraHosts = ["lan.nelim.org=10.0.0.130"]; - ports = [ - "8580:8080" - #"8081:8081" - ]; - #network_mode = "host"; - }; + environment = { + PUID = "1000"; + PGID = "1000"; + TZ = "America/New_York"; + DOCKER_MODS = "linuxserver/mods:universal-calibre"; + }; - "calibre-web" = { - image = import ./images/calibre-web.nix pkgs; - restart = "always"; + volumes = [ + "${rwPath}/data-web:/config" + "${rwPath}/data-db/Calibre Library:/books" + ]; - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "America/New_York"; - DOCKER_MODS = "linuxserver/mods:universal-calibre"; + extraHosts = ["lan.nelim.org:10.0.0.130"]; + ports = ["8083:8083"]; + networks = ["proxy_net"]; }; - - volumes = [ - "${rwPath}/data-web:/config" - "${rwPath}/data-db/Calibre Library:/books" - ]; - - extraHosts = ["lan.nelim.org=10.0.0.130"]; - ports = ["8083:8083"]; }; }; } diff --git a/devices/nos/modules/docker/media/joal/compose.nix b/devices/nos/modules/docker/media/joal/compose.nix index 9ae01b70..9f492417 100644 --- a/devices/nos/modules/docker/media/joal/compose.nix +++ b/devices/nos/modules/docker/media/joal/compose.nix @@ -7,20 +7,25 @@ rwPath = rwDataDir + "/media/joal"; in { - khepri.compositions."joal".services."joal" = { - image = import ./images/joal.nix pkgs; - restart = "always"; + khepri.compositions."joal" = { + networks.proxy_net = {external = true;}; - volumes = ["${rwPath}/data:/data"]; - extraHosts = ["lan.nelim.org=10.0.0.130"]; - ports = ["5656:5656"]; + services."joal" = { + image = import ./images/joal.nix pkgs; + restart = "always"; - cmd = [ - "--joal-conf=/data" - "--spring.main.web-environment=true" - "--server.port=5656" - "--joal.ui.path.prefix=joal" - "--joal.ui.secret-token=12345" - ]; + volumes = ["${rwPath}/data:/data"]; + extraHosts = ["lan.nelim.org:10.0.0.130"]; + ports = ["5656:5656"]; + + cmd = [ + "--joal-conf=/data" + "--spring.main.web-environment=true" + "--server.port=5656" + "--joal.ui.path.prefix=joal" + "--joal.ui.secret-token=12345" + ]; + networks = ["proxy_net"]; + }; }; } diff --git a/devices/nos/modules/docker/media/prowlarr/compose.nix b/devices/nos/modules/docker/media/prowlarr/compose.nix index 9577ad5b..3dc3bb91 100644 --- a/devices/nos/modules/docker/media/prowlarr/compose.nix +++ b/devices/nos/modules/docker/media/prowlarr/compose.nix @@ -7,37 +7,43 @@ rwPath = rwDataDir + "/media/prowlarr"; in { - khepri.compositions."prowlarr".services = { - "prowlarr" = { - image = import ./images/prowlarr.nix pkgs; - restart = "always"; + khepri.compositions."prowlarr" = { + networks.proxy_net = {external = true;}; - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "America/New_York"; + services = { + "prowlarr" = { + image = import ./images/prowlarr.nix pkgs; + restart = "always"; + + environment = { + PUID = "1000"; + PGID = "1000"; + TZ = "America/New_York"; + }; + + volumes = ["${rwPath}/data:/config"]; + extraHosts = ["lan.nelim.org:10.0.0.130"]; + ports = ["9696:9696"]; + networks = ["proxy_net"]; }; - volumes = ["${rwPath}/data:/config"]; - extraHosts = ["lan.nelim.org=10.0.0.130"]; - ports = ["9696:9696"]; - }; + "flaresolverr" = { + image = import ./images/flaresolverr.nix pkgs; + restart = "always"; - "flaresolverr" = { - image = import ./images/flaresolverr.nix pkgs; - restart = "always"; + environment = { + LOG_LEVEL = "info"; + LOG_HTML = "false"; + CAPTCHA_SOLVER = "none"; + TZ = "America/New_York"; + }; - environment = { - LOG_LEVEL = "info"; - LOG_HTML = "false"; - CAPTCHA_SOLVER = "none"; - TZ = "America/New_York"; + extraHosts = ["lan.nelim.org:10.0.0.130"]; + ports = ["8191:8191"]; + + dependsOn = ["prowlarr"]; + networks = ["proxy_net"]; }; - - extraHosts = ["lan.nelim.org=10.0.0.130"]; - ports = ["8191:8191"]; - - dependsOn = ["prowlarr"]; }; }; } diff --git a/devices/nos/modules/docker/media/radarr/compose.nix b/devices/nos/modules/docker/media/radarr/compose.nix index 2f545235..fad1630a 100644 --- a/devices/nos/modules/docker/media/radarr/compose.nix +++ b/devices/nos/modules/docker/media/radarr/compose.nix @@ -7,24 +7,29 @@ rwPath = rwDataDir + "/media/radarr"; in { - khepri.compositions."radarr".services."radarr" = { - image = import ./images/radarr.nix pkgs; - restart = "always"; + khepri.compositions."radarr" = { + networks.proxy_net = {external = true;}; - extraHosts = ["lan.nelim.org=10.0.0.130"]; - ports = ["7878:7878"]; + services."radarr" = { + image = import ./images/radarr.nix pkgs; + restart = "always"; - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "America/New_York"; + extraHosts = ["lan.nelim.org:10.0.0.130"]; + ports = ["7878:7878"]; + + environment = { + PUID = "1000"; + PGID = "1000"; + TZ = "America/New_York"; + }; + + volumes = [ + "${rwPath}/data:/config" + "/data:/data" + ]; + + cpus = 0.5; + networks = ["proxy_net"]; }; - - volumes = [ - "${rwPath}/data:/config" - "/data:/data" - ]; - - cpus = 0.5; }; } diff --git a/devices/nos/modules/docker/media/sabnzbd/compose.nix b/devices/nos/modules/docker/media/sabnzbd/compose.nix index a92d8253..428b7527 100644 --- a/devices/nos/modules/docker/media/sabnzbd/compose.nix +++ b/devices/nos/modules/docker/media/sabnzbd/compose.nix @@ -7,24 +7,29 @@ rwPath = rwDataDir + "/media/sabnzbd"; in { - khepri.compositions."sabnzbd".services."sabnzbd" = { - image = import ./images/sabnzbd.nix pkgs; - restart = "always"; + khepri.compositions."sabnzbd" = { + networks.proxy_net = {external = true;}; - extraHosts = ["lan.nelim.org=10.0.0.130"]; - ports = ["8382:8082"]; + services."sabnzbd" = { + image = import ./images/sabnzbd.nix pkgs; + restart = "always"; - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "America/New_York"; + extraHosts = ["lan.nelim.org:10.0.0.130"]; + ports = ["8382:8082"]; + + environment = { + PUID = "1000"; + PGID = "1000"; + TZ = "America/New_York"; + }; + + volumes = [ + "${rwPath}/data:/config" + "/data:/data" + ]; + + cpus = 2; + networks = ["proxy_net"]; }; - - volumes = [ - "${rwPath}/data:/config" - "/data:/data" - ]; - - cpus = 2; }; } diff --git a/devices/nos/modules/docker/media/seerr/compose.nix b/devices/nos/modules/docker/media/seerr/compose.nix index fc0b3564..572a2847 100644 --- a/devices/nos/modules/docker/media/seerr/compose.nix +++ b/devices/nos/modules/docker/media/seerr/compose.nix @@ -7,20 +7,25 @@ rwPath = rwDataDir + "/media/seerr"; in { - khepri.compositions."seerr".services."seerr" = { - image = import ./images/jellyseerr.nix pkgs; - restart = "always"; + khepri.compositions."seerr" = { + networks.proxy_net = {external = true;}; - environment = { - LOG_LEVEL = "debug"; - TZ = "America/New_York"; + services."seerr" = { + image = import ./images/jellyseerr.nix pkgs; + restart = "always"; + + environment = { + LOG_LEVEL = "debug"; + TZ = "America/New_York"; + }; + + volumes = [ + "${rwPath}/data:/app/config" + ]; + + extraHosts = ["lan.nelim.org:10.0.0.130"]; + networks = ["proxy_net"]; + ports = ["5055:5055"]; }; - - volumes = [ - "${rwPath}/data:/app/config" - ]; - - extraHosts = ["lan.nelim.org=10.0.0.130"]; - ports = ["5055:5055"]; }; } diff --git a/devices/nos/modules/docker/media/sonarr/compose.nix b/devices/nos/modules/docker/media/sonarr/compose.nix index 61b96505..95f8fbd9 100644 --- a/devices/nos/modules/docker/media/sonarr/compose.nix +++ b/devices/nos/modules/docker/media/sonarr/compose.nix @@ -7,24 +7,29 @@ rwPath = rwDataDir + "/media/sonarr"; in { - khepri.compositions."sonarr".services."sonarr" = { - image = import ./images/sonarr.nix pkgs; - restart = "always"; + khepri.compositions."sonarr" = { + networks.proxy_net = {external = true;}; - extraHosts = ["lan.nelim.org=10.0.0.130"]; - ports = ["8989:8989"]; + services."sonarr" = { + image = import ./images/sonarr.nix pkgs; + restart = "always"; - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "America/New_York"; + extraHosts = ["lan.nelim.org:10.0.0.130"]; + ports = ["8989:8989"]; + + environment = { + PUID = "1000"; + PGID = "1000"; + TZ = "America/New_York"; + }; + + volumes = [ + "${rwPath}/data:/config" + "/data:/data" + ]; + + cpus = 0.5; + networks = ["proxy_net"]; }; - - volumes = [ - "${rwPath}/data:/config" - "/data:/data" - ]; - - cpus = 0.5; }; } diff --git a/devices/nos/modules/docker/music/jbots/compose.nix b/devices/nos/modules/docker/music/jbots/compose.nix index 5debd68d..49144cfa 100644 --- a/devices/nos/modules/docker/music/jbots/compose.nix +++ b/devices/nos/modules/docker/music/jbots/compose.nix @@ -7,27 +7,33 @@ rwPath = rwDataDir + "/music/jbots"; in { - khepri.compositions."jbots".services = { - "musicbot_be" = { - containerName = "be"; - image = import ./images/jmusicbot.nix pkgs; - restart = "always"; + khepri.compositions."jbots" = { + networks.proxy_net = {external = true;}; - volumes = [ - "${rwPath}/be/config.txt:/jmb/config/config.txt:ro" - "${rwPath}/be/playlists:/jmb/config/playlists:rw" - ]; - }; + services = { + "musicbot_be" = { + containerName = "be"; + image = import ./images/jmusicbot.nix pkgs; + restart = "always"; - "musicbot_br" = { - containerName = "br"; - image = import ./images/jmusicbot.nix pkgs; - restart = "always"; + volumes = [ + "${rwPath}/be/config.txt:/jmb/config/config.txt:ro" + "${rwPath}/be/playlists:/jmb/config/playlists:rw" + ]; + networks = ["proxy_net"]; + }; - volumes = [ - "${rwPath}/br/config.txt:/jmb/config/config.txt:ro" - "${rwPath}/br/playlists:/jmb/config/playlists:rw" - ]; + "musicbot_br" = { + containerName = "br"; + image = import ./images/jmusicbot.nix pkgs; + restart = "always"; + + volumes = [ + "${rwPath}/br/config.txt:/jmb/config/config.txt:ro" + "${rwPath}/br/playlists:/jmb/config/playlists:rw" + ]; + networks = ["proxy_net"]; + }; }; }; } diff --git a/devices/nos/modules/docker/nextcloud/compose.nix b/devices/nos/modules/docker/nextcloud/compose.nix index 4eeec572..967cadef 100644 --- a/devices/nos/modules/docker/nextcloud/compose.nix +++ b/devices/nos/modules/docker/nextcloud/compose.nix @@ -1,112 +1,140 @@ { config, - lib, pkgs, ... }: let - inherit (lib) concatStrings; - inherit (config.sops) secrets; inherit (config.khepri) rwDataDir; mainContainerName = "app-server"; rwPath = rwDataDir + "/nextcloud"; in { - khepri.compositions."nextcloud".services = { - "${mainContainerName}" = { - image = import ./images/nextcloud.nix pkgs; - restart = "always"; + khepri.compositions."nextcloud" = { + networks.proxy_net = {external = true;}; - expose = [ - "80" - "9000" - ]; + services = { + "${mainContainerName}" = { + image = import ./images/nextcloud.nix pkgs; + restart = "always"; - volumes = [ - "${rwPath}/data:/var/www/html" - "/data/docs:/var/www/drive" - ]; + expose = [ + "80" + "9000" + ]; - environmentFiles = [secrets.nextcloud.path]; + networks = ["proxy_net"]; - environment = { - POSTGRES_DB = "nextcloud"; - POSTGRES_HOST = "nextcloud-db"; - REDIS_HOST = "nextcloud-cache"; - REDIS_HOST_PASSWORD = "password"; - NEXTCLOUD_INIT_HTACCESS = "true"; + volumes = [ + "${rwPath}/data:/var/www/html" + "/data/docs:/var/www/drive" + ]; + + environmentFiles = [secrets.nextcloud.path]; + + environment = { + POSTGRES_DB = "nextcloud"; + POSTGRES_HOST = "nextcloud-db"; + REDIS_HOST = "nextcloud-cache"; + NEXTCLOUD_INIT_HTACCESS = "true"; + }; }; - }; - "onlyoffice-document-server" = { - image = import ./images/onlyoffice.nix pkgs; - restart = "always"; + "onlyoffice-document-server" = let + filePath = "/var/www/onlyoffice/documentserver/web-apps/apps/*/mobile/dist/js/app.js"; + func = "isSupportEditFeature=function()"; - environment.JWT_ENABLED = "false"; - - ports = ["8055:80"]; - expose = [ - "80" - "443" - ]; - - volumes = ["${rwPath}/data-onlyoffice:/var/log/onlyoffice"]; - tmpfs = [ - "/var/www/onlyoffice/Data" - "/var/lib/postgresql" - "/usr/share/fonts/truetype/custom" - "/var/lib/rabbitmq" - "/var/lib/redis" - "/var/lib/onlyoffice" - ]; - - entrypoint = ''bash -c "${let - filePath = "/var/www/onlyoffice/documentserver/web-apps/apps/*/mobile/dist/js/app.js"; - func = "isSupportEditFeature=function()"; - in - concatStrings [ + entrypoint = + pkgs.writeScript "entrypoint" + # bash + '' + #!/bin/sh # Fix proxies - ''sed -i 's/"allowPrivateIPAddress": false,/"allowPrivateIPAddress": true,/' /etc/onlyoffice/documentserver/default.json'' - ''sed -i 's/"allowMetaIPAddress": false/"allowMetaIPAddress": true/' /etc/onlyoffice/documentserver/default.json'' + sed -i 's/"allowPrivateIPAddress": false,/"allowPrivateIPAddress": true,/' /etc/onlyoffice/documentserver/default.json + sed -i 's/"allowMetaIPAddress": false/"allowMetaIPAddress": true/' /etc/onlyoffice/documentserver/default.json # Fix mobile editing - "sed -i 's/${func}{return!1}/${func}{return 1}/g' ${filePath};" - "/app/ds/run-document-server.sh;" - "apt update;" - "apt install imagemagick -y;" - ]}"''; - }; + sed -i 's/${func}{return!1}/${func}{return 1}/g' ${filePath} + apt update + apt install imagemagick -y - "nginx-server" = { - image = import ./images/nginx.nix pkgs; - restart = "always"; - ports = ["8042:80"]; - volumes = [ - "${./nginx.conf}:/etc/nginx/nginx.conf" - "${rwPath}/data:/var/www/html" - ]; - }; + exec /app/ds/run-document-server.sh + ''; + in { + image = import ./images/onlyoffice.nix pkgs; + restart = "always"; - "nextcloud-db" = { - image = import ./images/postgres.nix pkgs; - restart = "always"; - environmentFiles = [secrets.nextcloud.path]; - volumes = [ - "${rwPath}/database:/var/lib/postgresql/data" - "/etc/localtime:/etc/localtime:ro" - ]; - }; + environment.JWT_ENABLED = "false"; - "nextcloud-cache" = { - image = import ./images/redis.nix pkgs; - restart = "always"; - #mem_limit = "2048m"; - #mem_reservation = "512m"; - environmentFiles = [secrets.nextcloud.path]; - cmd = [''/bin/sh -c "redis-server --requirepass $$REDIS_HOST_PASSWORD"'']; - tmpfs = [ - "/data" - ]; + ports = ["8055:80"]; + expose = [ + "80" + "443" + ]; + + networks = ["proxy_net"]; + + entrypoint = "/entrypoint.sh"; + + volumes = [ + "${entrypoint}:/entrypoint.sh" + "${rwPath}/data-onlyoffice:/var/log/onlyoffice" + ]; + tmpfs = [ + "/var/www/onlyoffice/Data" + "/var/lib/postgresql" + "/usr/share/fonts/truetype/custom" + "/var/lib/rabbitmq" + "/var/lib/redis" + "/var/lib/onlyoffice" + ]; + }; + + "nginx-server" = { + image = import ./images/nginx.nix pkgs; + restart = "always"; + ports = ["8042:80"]; + + networks = ["proxy_net"]; + volumes = [ + "${./nginx.conf}:/etc/nginx/nginx.conf" + "${rwPath}/data:/var/www/html" + ]; + }; + + "nextcloud-db" = { + image = import ./images/postgres.nix pkgs; + restart = "always"; + environmentFiles = [secrets.nextcloud.path]; + volumes = [ + "${rwPath}/database:/var/lib/postgresql/data" + "/etc/localtime:/etc/localtime:ro" + ]; + + networks = ["proxy_net"]; + }; + + "nextcloud-cache" = let + entrypoint = + pkgs.writeScript "entrypoint" + # bash + '' + #!/bin/sh + exec redis-server --requirepass "$REDIS_HOST_PASSWORD" + ''; + in { + image = import ./images/redis.nix pkgs; + restart = "always"; + #mem_limit = "2048m"; + #mem_reservation = "512m"; + environmentFiles = [secrets.nextcloud.path]; + + entrypoint = "/entrypoint.sh"; + + volumes = ["${entrypoint}:/entrypoint.sh"]; + tmpfs = ["/data"]; + + networks = ["proxy_net"]; + }; }; }; diff --git a/devices/nos/modules/docker/resume/compose.nix b/devices/nos/modules/docker/resume/compose.nix index 2483fd64..854ad9f0 100644 --- a/devices/nos/modules/docker/resume/compose.nix +++ b/devices/nos/modules/docker/resume/compose.nix @@ -8,47 +8,54 @@ rwPath = rwDataDir + "/resume"; in { - khepri.compositions."resume".services = { - "postgres" = { - image = import ./images/postgres.nix pkgs; - restart = "always"; + khepri.compositions."resume" = { + networks.proxy_net = {external = true;}; - ports = ["5432:5432"]; + services = { + "postgres" = { + image = import ./images/postgres.nix pkgs; + restart = "always"; - volumes = [ - "${rwPath}/db:/var/lib/postgresql/data" - ]; + ports = ["5432:5432"]; - environmentFiles = [secrets.resume.path]; - }; + volumes = [ + "${rwPath}/db:/var/lib/postgresql/data" + ]; - "server" = { - image = import ./images/resume-server.nix pkgs; - restart = "always"; - - ports = ["3100:3100"]; - - dependsOn = ["postgres"]; - - environmentFiles = [secrets.resume.path]; - - environment = { - PUBLIC_URL = "https://resume.nelim.org"; - PUBLIC_SERVER_URL = "https://resauth.nelim.org"; + environmentFiles = [secrets.resume.path]; + networks = ["proxy_net"]; }; - }; - "client" = { - image = import ./images/resume-client.nix pkgs; - restart = "always"; + "server" = { + image = import ./images/resume-server.nix pkgs; + restart = "always"; - ports = ["3060:3000"]; + ports = ["3100:3100"]; - dependsOn = ["server"]; + dependsOn = ["postgres"]; - environment = { - PUBLIC_URL = "https://resume.nelim.org"; - PUBLIC_SERVER_URL = "https://resauth.nelim.org"; + environmentFiles = [secrets.resume.path]; + + environment = { + PUBLIC_URL = "https://resume.nelim.org"; + PUBLIC_SERVER_URL = "https://resauth.nelim.org"; + }; + networks = ["proxy_net"]; + }; + + "client" = { + image = import ./images/resume-client.nix pkgs; + restart = "always"; + + ports = ["3060:3000"]; + + dependsOn = ["server"]; + + environment = { + PUBLIC_URL = "https://resume.nelim.org"; + PUBLIC_SERVER_URL = "https://resauth.nelim.org"; + }; + networks = ["proxy_net"]; }; }; }; diff --git a/devices/nos/modules/docker/vaultwarden/compose.nix b/devices/nos/modules/docker/vaultwarden/compose.nix index dbb8893f..d07d5c52 100644 --- a/devices/nos/modules/docker/vaultwarden/compose.nix +++ b/devices/nos/modules/docker/vaultwarden/compose.nix @@ -7,23 +7,29 @@ rwPath = rwDataDir + "/vaultwarden"; in { - khepri.compositions."vaultwarden".services = { - "public-vault" = { - image = import ./images/vaultwarden.nix pkgs; - restart = "always"; + khepri.compositions."vaultwarden" = { + networks.proxy_net = {external = true;}; - ports = ["8781:80"]; - volumes = ["${rwPath}/public-data:/data"]; - environment.WEBSOCKET_ENABLED = "true"; - }; + services = { + "public-vault" = { + image = import ./images/vaultwarden.nix pkgs; + restart = "always"; - "private-vault" = { - image = import ./images/vaultwarden.nix pkgs; - restart = "always"; + ports = ["8781:80"]; + volumes = ["${rwPath}/public-data:/data"]; + environment.WEBSOCKET_ENABLED = "true"; + networks = ["proxy_net"]; + }; - ports = ["8780:80"]; - volumes = ["${rwPath}/private-data:/data"]; - environment.WEBSOCKET_ENABLED = "true"; + "private-vault" = { + image = import ./images/vaultwarden.nix pkgs; + restart = "always"; + + ports = ["8780:80"]; + volumes = ["${rwPath}/private-data:/data"]; + environment.WEBSOCKET_ENABLED = "true"; + networks = ["proxy_net"]; + }; }; }; } diff --git a/devices/nos/modules/docker/wg-easy/compose.nix b/devices/nos/modules/docker/wg-easy/compose.nix index 418b747b..8a59e3bd 100644 --- a/devices/nos/modules/docker/wg-easy/compose.nix +++ b/devices/nos/modules/docker/wg-easy/compose.nix @@ -7,38 +7,44 @@ rwPath = rwDataDir + "/wg-easy"; in { - khepri.compositions."wg-easy".services."wg-easy" = { - image = import ./images/wg-easy.nix pkgs; - restart = "always"; - privileged = true; + khepri.compositions."wg-easy" = { + networks.proxy_net = {external = true;}; - capAdd = [ - "NET_ADMIN" - "SYS_MODULE" - ]; + services."wg-easy" = { + image = import ./images/wg-easy.nix pkgs; + restart = "always"; + privileged = true; - sysctls = [ - "net.ipv4.ip_forward=1" - "net.ipv4.conf.all.src_valid_mark=1" - ]; + capAdd = [ + "NET_ADMIN" + "SYS_MODULE" + ]; - dns = ["1.0.0.1"]; + sysctls = [ + "net.ipv4.ip_forward=1" + "net.ipv4.conf.all.src_valid_mark=1" + ]; - environment = { - WG_HOST = "166.62.179.208"; - WG_PORT = "51820"; - WG_DEFAULT_ADDRESS = "10.6.0.x"; - WG_DEFAULT_DNS = "1.0.0.1"; + dns = ["1.0.0.1"]; + + environment = { + WG_HOST = "166.62.179.208"; + WG_PORT = "51820"; + WG_DEFAULT_ADDRESS = "10.6.0.x"; + WG_DEFAULT_DNS = "1.0.0.1"; + }; + + volumes = [ + "${rwPath}/data:/etc/wireguard" + ]; + + ports = [ + "53:51820/udp" + "51822:51820/udp" + "51821:51821/tcp" + ]; + + networks = ["proxy_net"]; }; - - volumes = [ - "${rwPath}/data:/etc/wireguard" - ]; - - ports = [ - "53:51820/udp" - "51822:51820/udp" - "51821:51821/tcp" - ]; }; } diff --git a/flake.lock b/flake.lock index 28e49d15..a556c3ac 100644 --- a/flake.lock +++ b/flake.lock @@ -466,24 +466,6 @@ "type": "github" } }, - "flake-utils_5": { - "inputs": { - "systems": "systems_9" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakegen": { "inputs": { "systems": "systems_2" @@ -947,17 +929,16 @@ }, "khepri": { "inputs": { - "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1721850043, - "narHash": "sha256-k81yKgWcQL5DCEGaDdqEhOF6guRRC/0pO+Ct5DvNmw0=", + "lastModified": 1721857031, + "narHash": "sha256-TNKuxqleANTVhpUECw/305y0MYO+9KZAx/8fyhNl4fU=", "owner": "matt1432", "repo": "khepri", - "rev": "94c47e89d4acb52d75cf57a2e4bf75ebecc2c3d4", + "rev": "52d9b7ed7dc5df538cdbdc8d69b98f234757b898", "type": "github" }, "original": { @@ -968,7 +949,7 @@ }, "lib-aggregate": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { @@ -1017,7 +998,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -1077,7 +1058,7 @@ }, "mozilla-addons-to-nix": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ], @@ -1510,16 +1491,16 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1715458492, - "narHash": "sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE=", + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8e47858badee5594292921c2668c11004c3b0142", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } @@ -1850,11 +1831,11 @@ "sops-nix": "sops-nix" }, "locked": { - "lastModified": 1716069733, - "narHash": "sha256-80esrChLmwUiWa/j7oJ8JwSW+6k2IMTjiRLTA0cNfJg=", + "lastModified": 1721855861, + "narHash": "sha256-rVCnb7CGsiifat9s1xc6MkYu/ossB8pT7f0hHszCxyg=", "ref": "refs/heads/main", - "rev": "1750659f6783859f22ee02b0fa1987fe4809229c", - "revCount": 66, + "rev": "7ef3e9364c7b1a3fef1e98bf9dcb3847e44bac9e", + "revCount": 67, "type": "git", "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets" }, @@ -1888,11 +1869,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1715482972, - "narHash": "sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM=", + "lastModified": 1721688883, + "narHash": "sha256-9jsjsRKtJRqNSTXKj9zuDFRf2PGix30nMx9VKyPgD2U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e", + "rev": "aff2f88277dabe695de4773682842c34a0b7fd54", "type": "github" }, "original": { @@ -2082,21 +2063,6 @@ "type": "github" } }, - "systems_9": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "trash-d-src": { "flake": false, "locked": {