ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
1615 commits 9 branches 0 tags 4.5 MiB
Commit graph

64 commits

Author SHA1 Message Date
Bruno BELANYI 932717b754 nixos: services: jellyfin: loosen umask
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
I just noticed that all the metadata files Jellyfin stores have very
restrictive ACLs.

The whole point of the `media` group is to make my HTPC eco-system work
together. In particular this should allow Sonarr and friends to delete
folders without manual intervention.
 2023-12-26 15:17:05 +01:00
Bruno BELANYI 71ee178510 nixos: services: nginx: fix SSO subdomain
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2023-12-25 20:23:55 +01:00
Bruno BELANYI 6948424b81 nixos: services: remove redundant subdomains 
See previous commit for the defaults.
 2023-12-25 20:23:55 +01:00
Bruno BELANYI b7a4bc063f nixos: services: nginx: add default subdomain 
In almost all cases, the subdomain should be the same as the attribute
name...
 2023-12-25 20:23:55 +01:00
Bruno BELANYI faa87743e5 nixos: services: nginx: use attrset for vhosts 
Attribute sets compose better than lists, it was a mistake to use a list
in the first place...
 2023-12-25 20:23:55 +01:00
Bruno BELANYI 373545ee38 nixos: system: printing: migrate deprecated option 
It's recommended to only enable the IPv4 option, as most mDNS responders
only register IPv4 addresses (therefore enabling IPv6 would lead to long
timeouts when checking for those addresses first).
 2023-12-14 14:26:18 +00:00
Bruno BELANYI 1faa8d9acf nixos: services: wireguard: add 'simpleManagement'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
This makes it easier to manage the VPN services, as they don't require a
password prompt to be brought up/down.
 2023-12-14 11:23:28 +00:00
Bruno BELANYI 9ddd59eac8 nixos: system: add polkit 
One nice thing is that it enables the prompts when using `systemctl`,
instead of requiring `sudo`.
 2023-12-14 11:23:28 +00:00
Bruno BELANYI f23e6251ce nixos: services: wireguard: add VPN conflicts 
It's now easier to do the right thing when starting a VPN service,
whether the other one is running or not.
 2023-12-14 11:23:28 +00:00
Bruno BELANYI b48d81451d nixos: services: migrate to 'ensureDBOwnership'
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
`ensurePermissions` is deprecated, and doesn't work on PostgreSQL 15.
 2023-11-21 00:22:44 +01:00
Bruno BELANYI 60d941b40b flake: bump inputs 
My tandoor-recipes fix was merged upstream, so remove the overlay.

And because of the recent postgres bump for 23.11, `ensureDBOwnership`
is the new way of dealing with DB permissions [1]. This means I had to
fix manually migrate my `gitea` DB and make it match the DB user.

[1]: https://github.com/NixOS/nixpkgs/pull/266270
 2023-11-21 00:20:28 +01:00
Bruno BELANYI 570349e80f nixos: profiles: move from top-level
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
My profiles are actually just "special" NixOS modules in that they
orchestrate settings that usually span the NixOS/home-manager boundary,
or otherwise set up configurations from multiple modules at once.
 2023-11-11 18:12:05 +00:00
Bruno BELANYI 65a8f7c481 home: create 'modules/home' folder 
Consolidating all modules under the same path, to clear out the
top-level directory.
 2023-11-11 18:12:05 +00:00
Bruno BELANYI c856933803 nixos: create 'modules/nixos' folder 
Let's consolidate all modules under one path, so that NixOS,
home-manager, and nix-darwin (if I ever end up using it down the line)
would go under the same folder.
 2023-11-11 18:11:52 +00:00