From 3020c6433b0056aa805cdabd8d4c30f82cfb47e4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 30 Nov 2025 00:20:07 +0100 Subject: [PATCH 1/3] flake: bump inputs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index b041409..b84e16d 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1763319842, - "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=", + "lastModified": 1763988335, + "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761", + "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1763313531, - "narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=", + "lastModified": 1764361670, + "narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=", "owner": "nix-community", "repo": "home-manager", - "rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391", + "rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763283776, - "narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1763378400, - "narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=", + "lastModified": 1764449851, + "narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=", "owner": "nix-community", "repo": "NUR", - "rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc", + "rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363", "type": "github" }, "original": { From f546f85037bf23f105a721132f06ab3a562d38f7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 22 Nov 2025 23:34:06 +0100 Subject: [PATCH 2/3] hosts: nixos: porthos: secrets: sso: remove owner Now that the service uses `LoadCredential` [1], I can make the files root-owned. [1]: https://github.com/NixOS/nixpkgs/pull/460305 --- hosts/nixos/porthos/secrets/secrets.nix | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/secrets/secrets.nix b/hosts/nixos/porthos/secrets/secrets.nix index b3812b4..f1842b4 100644 --- a/hosts/nixos/porthos/secrets/secrets.nix +++ b/hosts/nixos/porthos/secrets/secrets.nix @@ -83,18 +83,9 @@ in "servarr/autobrr/session-secret.age".publicKeys = all; "servarr/cross-seed/configuration.json.age".publicKeys = all; - "sso/auth-key.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/password-hash.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; - "sso/ambroisie/totp-secret.age" = { - owner = "nginx-sso"; - publicKeys = all; - }; + "sso/auth-key.age".publicKeys = all; + "sso/ambroisie/password-hash.age".publicKeys = all; + "sso/ambroisie/totp-secret.age".publicKeys = all; "tandoor-recipes/secret-key.age".publicKeys = all; From 5cd9155a5838d54c3606f6b0851e54252ea0774c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 23 Nov 2025 17:08:35 +0100 Subject: [PATCH 3/3] nixos: services: mealie: backup state directory Somehow forgot to do this when first writing the module. --- modules/nixos/services/mealie/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 837bff2..f3774e1 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -54,6 +54,12 @@ in }; }; + my.services.backup = { + paths = [ + "/var/lib/mealie" + ]; + }; + services.fail2ban.jails = { mealie = '' enabled = true