Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure

nixos/hosts/hades/_template/configuration.nix

@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 
 {
   imports = [ ];

nixos/hosts/hades/bastion/configuration.nix

@@ -1,5 +1,4 @@
-{ config, pkgs, lib, ... }:
-{
+{ pkgs, lib, ... }: {
   networking.interfaces.eth0.useDHCP = true;
 
   # mosh ssh

nixos/hosts/hades/bazarr/configuration.nix

@@ -1,5 +1,4 @@
-{ config, pkgs, ... }:
-{
+_: {
   system.stateVersion = "22.11";
   networking.interfaces.eth0.useDHCP = true;
 

nixos/hosts/hades/dns/configuration.nix

@@ -1,5 +1,4 @@
-{ pkgs, ... }:
-{
+{ pkgs, ... }: {
   imports = [ ];
 
   # This value determines the NixOS release from which the default

nixos/hosts/hades/docker-registry-proxy/configuration.nix

@@ -1,17 +1,19 @@
-{ config, pkgs, lib, ... }:
-let vs = config.vault-secrets.secrets; in
-{
+{ config, ... }:
+let vs = config.vault-secrets.secrets;
+in {
   system.stateVersion = "22.05";
 
   networking.interfaces.eth0.useDHCP = true;
 
   # the registry port and metrics port
-  networking.firewall.allowedTCPPorts = [ config.services.dockerRegistry.port 5001 ];
+  networking.firewall.allowedTCPPorts =
+    [ config.services.dockerRegistry.port 5001 ];
 
   vault-secrets.secrets.docker-registry = { };
 
   # Sets the minio user and password
-  systemd.services.docker-registry.serviceConfig.EnvironmentFile = "${vs.docker-registry}/environment";
+  systemd.services.docker-registry.serviceConfig.EnvironmentFile =
+    "${vs.docker-registry}/environment";
 
   services.dockerRegistry = {
     enable = true;

nixos/hosts/hades/docker-registry/configuration.nix

@@ -1,17 +1,19 @@
-{ config, pkgs, lib, ... }:
-let vs = config.vault-secrets.secrets; in
-{
+{ config, ... }:
+let vs = config.vault-secrets.secrets;
+in {
   system.stateVersion = "22.05";
 
   networking.interfaces.eth0.useDHCP = true;
 
   # the registry port and metrics port
-  networking.firewall.allowedTCPPorts = [ config.services.dockerRegistry.port 5001 ];
+  networking.firewall.allowedTCPPorts =
+    [ config.services.dockerRegistry.port 5001 ];
 
   vault-secrets.secrets.docker-registry = { };
 
   # Sets the minio user and password
-  systemd.services.docker-registry.serviceConfig.EnvironmentFile = "${vs.docker-registry}/environment";
+  systemd.services.docker-registry.serviceConfig.EnvironmentFile =
+    "${vs.docker-registry}/environment";
 
   services.dockerRegistry = {
     enable = true;
@@ -34,15 +36,13 @@ let vs = config.vault-secrets.secrets; in
       http.debug.prometheus.enabled = true;
 
       # Webhooks
-      notifications.endpoints = [
-        {
-          name = "keel";
-          url = "http://10.10.10.17:9300/v1/webhooks/registry";
-          timeout = "500ms";
-          treshold = 5;
-          backoff = "1s";
-        }
-      ];
+      notifications.endpoints = [{
+        name = "keel";
+        url = "http://10.10.10.17:9300/v1/webhooks/registry";
+        timeout = "500ms";
+        treshold = 5;
+        backoff = "1s";
+      }];
     };
   };
 }

nixos/hosts/hades/jackett/configuration.nix

@@ -1,5 +1,4 @@
-{ config, pkgs, ... }:
-{
+_: {
   system.stateVersion = "21.05";
   networking.interfaces.eth0.useDHCP = true;
 

nixos/hosts/hades/lucy/configuration.nix

@@ -3,8 +3,28 @@
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
 { pkgs, ... }:
+let
+  # Redefining the package instead of overriding as overriding GoModules seems broken
+  # see: https://github.com/NixOS/nixpkgs/issues/86349
+  nuclei-latest = pkgs.buildGoModule rec {
+    pname = "nuclei";
+    version = "2.9.2";
 
-{
+    src = pkgs.fetchFromGitHub {
+      owner = "projectdiscovery";
+      repo = pname;
+      rev = "1f9a065713924b28b203e2108fc76d7a1ec49068";
+      hash = "sha256-QiegMoBy0gZMyQl2MRAwR14zXeh8wvVonyETdAzHbj0=";
+    };
+
+    vendorHash = "sha256-0JNwoBqLKH1F/0Tr8o35gCSNT/2plIjIQvZRuzAZ5P8=";
+
+    modRoot = "./v2";
+    subPackages = [ "cmd/nuclei/" ];
+
+    doCheck = false;
+  };
+in {
   imports = [ ./hardware-configuration.nix ];
 
   # This value determines the NixOS release from which the default
@@ -16,12 +36,7 @@
   system.stateVersion = "23.05"; # Did you read the comment?
 
   # Additional packages
-  environment.systemPackages = with pkgs; [
-    gcc
-    jq
-    nuclei
-    rustup
-  ];
+  environment.systemPackages = with pkgs; [ gcc go jq rustup nuclei-latest ];
 
   networking.firewall.allowedTCPPorts = [ ];
 

nixos/hosts/hades/lucy/hardware-configuration.nix

@@ -1,27 +1,33 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{ lib, modulesPath, ... }:
 
 {
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
-  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [
+    "uhci_hcd"
+    "ehci_pci"
+    "ahci"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/749c02fd-209d-4974-917e-38b749d10ec2";
-      fsType = "ext4";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/749c02fd-209d-4974-917e-38b749d10ec2";
+    fsType = "ext4";
+  };
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/D021-72EB";
-      fsType = "vfat";
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/D021-72EB";
+    fsType = "vfat";
+  };
 
   swapDevices = [ ];
 

nixos/hosts/hades/minio/configuration.nix

@@ -1,6 +1,5 @@
-{ config, pkgs, lib, ... }:
-let
-  vs = config.vault-secrets.secrets;
+{ config, pkgs, ... }:
+let vs = config.vault-secrets.secrets;
 in {
   system.stateVersion = "22.11";
 

nixos/hosts/hades/nginx/configuration.nix

@@ -28,7 +28,6 @@ in {
   security.acme.acceptTerms = true;
   security.acme.preliminarySelfsigned = true;
 
-
   services.nginx = {
     enable = true;
     recommendedProxySettings = true;

nixos/hosts/hades/overseerr/configuration.nix

@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, ... }:
+{ ... }:
 
 {
   imports = [ ];
@@ -31,9 +31,7 @@
           # LOG_LEVEL = "debug";
           TZ = "Europe/Amsterdam";
         };
-        ports = [
-          "5055:5055"
-        ];
+        ports = [ "5055:5055" ];
         volumes = [ "/var/lib/overseerr/config:/app/config" ];
       };
     };

nixos/hosts/hades/pmm/configuration.nix

@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 let
   datadir = "/var/lib/pmm/config";
   container = "meisnate12/plex-meta-manager:latest";

nixos/hosts/hades/prowlarr/configuration.nix

@@ -1,5 +1,4 @@
-{ config, pkgs, ... }:
-{
+_: {
   networking.interfaces.eth0.useDHCP = true;
   system.stateVersion = "22.11";
 
@@ -7,7 +6,7 @@
     enable = true;
     openFirewall = true;
   };
-  
+
   virtualisation.podman.enable = true;
 
   virtualisation.oci-containers = {
@@ -15,9 +14,7 @@
     containers = {
       flaresolverr = {
         image = "flaresolverr/flaresolverr:v3.1.2";
-        ports = [
-          "8191:8191"
-        ];
+        ports = [ "8191:8191" ];
       };
     };
   };

nixos/hosts/hades/radarr/configuration.nix

@@ -1,5 +1,4 @@
-{ config, pkgs, ... }:
-{
+_: {
   system.stateVersion = "21.05";
   networking.interfaces.eth0.useDHCP = true;
 

nixos/hosts/hades/rtorrent/rtorrent.nix

@@ -1,116 +1,115 @@
-{ config, lib, pkgs, ... }:
-{
+{ config, lib, pkgs, ... }: {
   services.rtorrent = {
     enable = true;
     port = 54945; # Port Forwarded in mullvad
     downloadDir = "/mnt/storage/torrents/r";
     package = pkgs.jesec-rtorrent;
-    configText = let cfg = config.services.rtorrent; in
-      pkgs.lib.mkForce ''
-        # rTorrent runtime directory (cfg.basedir) [default: "$HOME/.local/share/rtorrent"]
-        method.insert = cfg.basedir, private|const|string, (cat,"${cfg.dataDir}/")
+    configText = let cfg = config.services.rtorrent;
+    in pkgs.lib.mkForce ''
+      # rTorrent runtime directory (cfg.basedir) [default: "$HOME/.local/share/rtorrent"]
+      method.insert = cfg.basedir, private|const|string, (cat,"${cfg.dataDir}/")
 
-        # Default download directory (cfg.download) [default: "$(cfg.basedir)/download"]
-        method.insert = cfg.download, private|const|string, (cat,"${cfg.downloadDir}")
+      # Default download directory (cfg.download) [default: "$(cfg.basedir)/download"]
+      method.insert = cfg.download, private|const|string, (cat,"${cfg.downloadDir}")
 
-        # RPC Socket
-        method.insert = cfg.rpcsock, private|const|string, (cat,"${cfg.rpcSocket}")
+      # RPC Socket
+      method.insert = cfg.rpcsock, private|const|string, (cat,"${cfg.rpcSocket}")
 
-        # Log directory (cfg.logs) [default: "$(cfg.basedir)/log"]
-        method.insert = cfg.logs,     private|const|string, (cat,(cfg.basedir),"log/")
-        method.insert = cfg.logfile,  private|const|string, (cat,(cfg.logs),"rtorrent-",(system.time),".log")
+      # Log directory (cfg.logs) [default: "$(cfg.basedir)/log"]
+      method.insert = cfg.logs,     private|const|string, (cat,(cfg.basedir),"log/")
+      method.insert = cfg.logfile,  private|const|string, (cat,(cfg.logs),"rtorrent-",(system.time),".log")
 
-        # Torrent session directory (cfg.session) [default: "$(cfg.basedir)/.session"]
-        method.insert = cfg.session,  private|const|string, (cat,(cfg.basedir),".session/")
+      # Torrent session directory (cfg.session) [default: "$(cfg.basedir)/.session"]
+      method.insert = cfg.session,  private|const|string, (cat,(cfg.basedir),".session/")
 
-        # Watch (drop to add) directories (cfg.watch) [default: "$(cfg.basedir)/watch"]
-        method.insert = cfg.watch,    private|const|string, (cat,(cfg.basedir),"watch/")
+      # Watch (drop to add) directories (cfg.watch) [default: "$(cfg.basedir)/watch"]
+      method.insert = cfg.watch,    private|const|string, (cat,(cfg.basedir),"watch/")
 
-        # Create directories
-        fs.mkdir.recursive = (cat,(cfg.basedir))
+      # Create directories
+      fs.mkdir.recursive = (cat,(cfg.basedir))
 
-        fs.mkdir = (cat,(cfg.download))
-        fs.mkdir = (cat,(cfg.logs))
-        fs.mkdir = (cat,(cfg.session))
+      fs.mkdir = (cat,(cfg.download))
+      fs.mkdir = (cat,(cfg.logs))
+      fs.mkdir = (cat,(cfg.session))
 
-        fs.mkdir = (cat,(cfg.watch))
-        fs.mkdir = (cat,(cfg.watch),"/load")
-        fs.mkdir = (cat,(cfg.watch),"/start")
+      fs.mkdir = (cat,(cfg.watch))
+      fs.mkdir = (cat,(cfg.watch),"/load")
+      fs.mkdir = (cat,(cfg.watch),"/start")
 
-        # Drop to "$(cfg.watch)/load" to add torrent
-        schedule2 = watch_load, 11, 10, ((load.verbose, (cat, (cfg.watch), "load/*.torrent")))
+      # Drop to "$(cfg.watch)/load" to add torrent
+      schedule2 = watch_load, 11, 10, ((load.verbose, (cat, (cfg.watch), "load/*.torrent")))
 
-        # Drop to "$(cfg.watch)/start" to add torrent and start downloading
-        schedule2 = watch_start, 10, 10, ((load.start_verbose, (cat, (cfg.watch), "start/*.torrent")))
+      # Drop to "$(cfg.watch)/start" to add torrent and start downloading
+      schedule2 = watch_start, 10, 10, ((load.start_verbose, (cat, (cfg.watch), "start/*.torrent")))
 
-        # Listening port for incoming peer traffic
-        network.port_range.set = ${toString cfg.port}-${toString cfg.port}
-        network.port_random.set = no
+      # Listening port for incoming peer traffic
+      network.port_range.set = ${toString cfg.port}-${toString cfg.port}
+      network.port_random.set = no
 
-        # Distributed Hash Table and Peer EXchange
-        dht.mode.set = disable
-        dht.port.set = 6881
-        protocol.pex.set = yes
+      # Distributed Hash Table and Peer EXchange
+      dht.mode.set = disable
+      dht.port.set = 6881
+      protocol.pex.set = yes
 
-        # UDP tracker support
-        trackers.use_udp.set = yes
+      # UDP tracker support
+      trackers.use_udp.set = yes
 
-        # Peer settings
-        throttle.max_uploads.set = 100
-        throttle.max_uploads.global.set = 250
-        throttle.min_peers.normal.set = 20
-        throttle.max_peers.normal.set = 60
-        throttle.min_peers.seed.set = 30
-        throttle.max_peers.seed.set = 80
-        trackers.numwant.set = 80
+      # Peer settings
+      throttle.max_uploads.set = 100
+      throttle.max_uploads.global.set = 250
+      throttle.min_peers.normal.set = 20
+      throttle.max_peers.normal.set = 60
+      throttle.min_peers.seed.set = 30
+      throttle.max_peers.seed.set = 80
+      trackers.numwant.set = 80
 
-        protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
+      protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
 
-        # Limits for file handle resources, this is optimized for
-        # an `ulimit` of 1024 (a common default). You MUST leave
-        # a ceiling of handles reserved for rTorrent's internal needs!
-        network.max_open_files.set = 600
-        network.max_open_sockets.set = 300
+      # Limits for file handle resources, this is optimized for
+      # an `ulimit` of 1024 (a common default). You MUST leave
+      # a ceiling of handles reserved for rTorrent's internal needs!
+      network.max_open_files.set = 600
+      network.max_open_sockets.set = 300
 
-        # Memory resource usage (increase if you have a large number of items loaded,
-        # and/or the available resources to spend)
-        pieces.memory.max.set = 1800M
-        network.xmlrpc.size_limit.set = 32M
+      # Memory resource usage (increase if you have a large number of items loaded,
+      # and/or the available resources to spend)
+      pieces.memory.max.set = 1800M
+      network.xmlrpc.size_limit.set = 32M
 
-        # Basic operational settings
-        session.path.set = (cat, (cfg.session))
-        directory.default.set = (cat, (cfg.download))
-        log.execute = (cat, (cfg.logs), "execute.log")
+      # Basic operational settings
+      session.path.set = (cat, (cfg.session))
+      directory.default.set = (cat, (cfg.download))
+      log.execute = (cat, (cfg.logs), "execute.log")
 
-        # Other operational settings
-        encoding.add = utf8
-        system.umask.set = 0027
-        system.cwd.set = (directory.default)
-        #schedule2 = low_diskspace, 5, 60, ((close_low_diskspace, 500M))
-        #pieces.hash.on_completion.set = no
+      # Other operational settings
+      encoding.add = utf8
+      system.umask.set = 0027
+      system.cwd.set = (directory.default)
+      #schedule2 = low_diskspace, 5, 60, ((close_low_diskspace, 500M))
+      #pieces.hash.on_completion.set = no
 
-        # HTTP and SSL
-        network.http.max_open.set = 50
-        network.http.dns_cache_timeout.set = 25
+      # HTTP and SSL
+      network.http.max_open.set = 50
+      network.http.dns_cache_timeout.set = 25
 
-        #network.http.ssl_verify_peer.set = 1
-        #network.http.ssl_verify_host.set = 1
+      #network.http.ssl_verify_peer.set = 1
+      #network.http.ssl_verify_host.set = 1
 
-        # Run the rTorrent process as a daemon in the background
-        system.daemon.set = true
+      # Run the rTorrent process as a daemon in the background
+      system.daemon.set = true
 
-        # XML-RPC interface
-        network.scgi.open_local = (cat,(cfg.rpcsock))
-        schedule = scgi_group,0,0,"execute.nothrow=chown,\":rtorrent\",(cfg.rpcsock)"
-        schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"g+w,o=\",(cfg.rpcsock)"
+      # XML-RPC interface
+      network.scgi.open_local = (cat,(cfg.rpcsock))
+      schedule = scgi_group,0,0,"execute.nothrow=chown,\":rtorrent\",(cfg.rpcsock)"
+      schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"g+w,o=\",(cfg.rpcsock)"
 
-        # Logging:
-        #   Levels = critical error warn notice info debug
-        #   Groups = connection_* dht_* peer_* rpc_* storage_* thread_* tracker_* torrent_*
-        print = (cat, "Logging to ", (cfg.logfile))
-        log.open_file = "log", (cfg.logfile)
-        log.add_output = "debug", "log"
-      '';
+      # Logging:
+      #   Levels = critical error warn notice info debug
+      #   Groups = connection_* dht_* peer_* rpc_* storage_* thread_* tracker_* torrent_*
+      print = (cat, "Logging to ", (cfg.logfile))
+      log.open_file = "log", (cfg.logfile)
+      log.add_output = "debug", "log"
+    '';
   };
 }
 

nixos/hosts/hades/sonarr/configuration.nix

@@ -1,5 +1,4 @@
-{ config, pkgs, ... }:
-{
+_: {
   system.stateVersion = "21.05";
   networking.interfaces.eth0.useDHCP = true;
 

nixos/hosts/hades/tautulli/configuration.nix

@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ config, pkgs, ... }:
+{ ... }:
 
 {
   imports = [ ];

nixos/hosts/hades/unifi/configuration.nix

@@ -1,5 +1,4 @@
-{ pkgs, lib, ... }:
-{
+{ pkgs, lib, ... }: {
   system.stateVersion = "21.05";
   networking.interfaces.eth0.useDHCP = true;
 

nixos/hosts/hades/unpackerr/configuration.nix

@@ -1,7 +1,6 @@
 { config, ... }:
 let vs = config.vault-secrets.secrets;
-in
-{
+in {
   networking.interfaces.eth0.useDHCP = true;
 
   fileSystems."/mnt/storage" = {