ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:29fb7c5066132e12b98a6cb7a7f9ba3c5460d8c1
Branches Tags
ambroisie:main
ambroisie:add-jj
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
...
compare: ambroisie:5cd9155a5838d54c3606f6b0851e54252ea0774c
Branches Tags
ambroisie:add-jj
ambroisie:main
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:add-nixgl
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix

3 commits
29fb7c5066 ... 5cd9155a58

Author SHA1 Message Date
Bruno BELANYI
5cd9155a58 nixos: services: mealie: backup state directory
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details 
Somehow forgot to do this when first writing the module.
 2025-11-30 00:21:21 +01:00
Bruno BELANYI
f546f85037 hosts: nixos: porthos: secrets: sso: remove owner 
Now that the service uses `LoadCredential` [1], I can make the files
root-owned.

[1]: https://github.com/NixOS/nixpkgs/pull/460305
 2025-11-30 00:21:21 +01:00
Bruno BELANYI
3020c6433b flake: bump inputs 2025-11-30 00:21:21 +01:00
3 changed files with 27 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

36
flake.lock generated
View file

@ -53,11 +53,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
@ -73,11 +73,11 @@
]
},
"locked": {
"lastModified": 1762980239,
"narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=",
"lastModified": 1763759067,
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "52a2caecc898d0b46b2b905f058ccc5081f842da",
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
"type": "github"
},
"original": {
@ -117,11 +117,11 @@
]
},
"locked": {
"lastModified": 1763319842,
"narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=",
"lastModified": 1763988335,
"narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761",
"rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce",
"type": "github"
},
"original": {
@ -159,11 +159,11 @@
]
},
"locked": {
"lastModified": 1763313531,
"narHash": "sha256-yvdCYUL85zEDp2NzPUBmaNBXP6KnWEOhAk3j7PTfsKw=",
"lastModified": 1764361670,
"narHash": "sha256-jgWzgpIaHbL3USIq0gihZeuy1lLf2YSfwvWEwnfAJUw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3670a78eee49deebe4825fc8ecc46b172d1a8391",
"rev": "780be8ef503a28939cf9dc7996b48ffb1a3e04c6",
"type": "github"
},
"original": {
@ -175,11 +175,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1763283776,
"narHash": "sha256-Y7TDFPK4GlqrKrivOcsHG8xSGqQx3A6c+i7novT85Uk=",
"lastModified": 1764242076,
"narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "50a96edd8d0db6cc8db57dab6bb6d6ee1f3dc49a",
"rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
"type": "github"
},
"original": {
@ -199,11 +199,11 @@
]
},
"locked": {
"lastModified": 1763378400,
"narHash": "sha256-9eZj8GNTBYnI8PQf9n8m9XbFCA/ugQ5r7sylY9DEx9M=",
"lastModified": 1764449851,
"narHash": "sha256-VnodC1+3KML8MYLLnK84E6U2Fz4ioNacOeQd1pMCSTw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "6bd477535ba71aa22d2712c8735c92812a1c74dc",
"rev": "b1781c0aa8935d8d1f35d228bcc7127fcebcd363",
"type": "github"
},
"original": {

15
hosts/nixos/porthos/secrets/secrets.nix
View file

@ -83,18 +83,9 @@ in
"servarr/autobrr/session-secret.age".publicKeys = all;
"servarr/cross-seed/configuration.json.age".publicKeys = all;
"sso/auth-key.age" = {
owner = "nginx-sso";
publicKeys = all;
};
"sso/ambroisie/password-hash.age" = {
owner = "nginx-sso";
publicKeys = all;
};
"sso/ambroisie/totp-secret.age" = {
owner = "nginx-sso";
publicKeys = all;
};
"sso/auth-key.age".publicKeys = all;
"sso/ambroisie/password-hash.age".publicKeys = all;
"sso/ambroisie/totp-secret.age".publicKeys = all;
"tandoor-recipes/secret-key.age".publicKeys = all;

6
modules/nixos/services/mealie/default.nix
View file

@ -54,6 +54,12 @@ in
};
};
my.services.backup = {
paths = [
"/var/lib/mealie"
];
};
services.fail2ban.jails = {
mealie = ''
enabled = true