Merge

nixos/common/default.nix

@@ -77,7 +77,7 @@
   nixpkgs.config.allowUnfree = true;
 
   nixpkgs.config.permittedInsecurePackages =
-    [ "nodejs-14.21.3" "openssl-1.1.1t" "nodejs-16.20.0" ];
+    [ "nodejs-14.21.3" "openssl-1.1.1t" "nodejs-16.20.0" "openssl-1.1.1u" ];
 
   # Limit the systemd journal to 100 MB of disk or the
   # last 7 days of logs, whichever happens first.

nixos/common/desktop/home.nix

@@ -15,6 +15,7 @@ in {
     fusee-launcher
     gcc
     gimp
+    inputs.attic.packages.${pkgs.system}.attic
     inputs.comma.packages.${pkgs.system}.default
     inputs.webcord.packages.${pkgs.system}.default
     kdenlive

nixos/common/hm-modules/nvim.nix

@@ -70,6 +70,7 @@ in {
           servers.pyright.enable = true;
           servers.elixirls.enable = true;
           servers.clangd.enable = true;
+          servers.yamlls.enable = true;
         };
         trouble.enable = true;
         lspkind.enable = true;

nixos/hosts/hades/attic/configuration.nix

@@ -18,10 +18,21 @@ in {
   # Additional packages
   environment.systemPackages = with pkgs; [ ];
 
-  vault-secrets.secrets.attic = {
-    services = [ "atticd" ];
-   };
+  vault-secrets.secrets.attic = { services = [ "atticd" ]; };
 
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_15;
+    ensureDatabases = [ "atticd" ];
+    ensureUsers = [{
+      name = "atticd";
+      ensurePermissions = {
+        "DATABASE atticd" = "ALL PRIVILEGES";
+        "schema public" = "ALL";
+      };
+    }];
+
+  };
 
   services.atticd = {
     enable = true;
@@ -44,6 +55,8 @@ in {
         level = 8;
       };
 
+      database.url = "postgresql://atticd?host=/run/postgresql";
+
       storage = {
         type = "s3";
         region = "hades";

nixos/hosts/hades/dns/configuration.nix

@@ -21,7 +21,10 @@
   services.unbound.settings.server = {
     local-zone = [
       "xirion.net typetransparent"
+      "attic.xirion.net typetransparent"
       "o.xirion.net typetransparent"
+      "attic.xirion.net typetransparent"
+      "g.xirion.net typetransparent"
       "fedi-media.xirion.net typetransparent"
       "hades.xirion.net typetransparent"
       "requests.xirion.net typetransparent"
@@ -31,8 +34,11 @@
 
     local-data = [
       ''"xirion.net A 192.168.0.122"''
+      ''"attic.xirion.net A 192.168.0.122"''
       ''"hades.xirion.net A 192.168.0.122"''
       ''"o.xirion.net A 192.168.0.122"''
+      ''"attic.xirion.net A 192.168.0.122"''
+      ''"g.xirion.net A 192.168.0.122"''
       ''"fedi-media.xirion.net A 192.168.0.122"''
       ''"requests.xirion.net A 192.168.0.122"''
       ''"ha.xirion.net A 192.168.0.122"''

nixos/hosts/hades/nginx/configuration.nix

@@ -36,7 +36,7 @@ in {
     recommendedTlsSettings = true;
     recommendedOptimisation = true;
     recommendedBrotliSettings = true;
-    clientMaxBodySize = "500m";
+    clientMaxBodySize = "1024m";
 
     package = pkgs.nginxMainline;
 
@@ -59,6 +59,7 @@ in {
     virtualHosts."git.xirion.net" = proxy "http://10.10.10.12";
     virtualHosts."mail.xirion.net" = proxy "http://192.168.0.118";
     virtualHosts."o.xirion.net" = proxy "http://192.168.0.112:9000";
+    virtualHosts."g.xirion.net" = proxy "http://garage.hades:3900";
     virtualHosts."requests.xirion.net" = proxy "http://overseerr.hades:5055";
     virtualHosts."pass.xirion.net" = proxy "http://bitwarden_rs";
     virtualHosts."repo.xirion.net" = proxy "http://archlinux";

nixos/hosts/hades/rtorrent/configuration.nix

@@ -34,12 +34,20 @@ in {
       privateKeyFile = "${vs.rtorrent}/wireguardKey";
       postUp = "${postUpScript}/bin/post_up || true";
 
-      peers = [{
-        publicKey = "DVui+5aifNFRIVDjH3v2y+dQ+uwI+HFZOd21ajbEpBo=";
-        allowedIPs = [ "0.0.0.0/0" "::/0" ];
-        endpoint = "185.65.134.82:51820";
-        persistentKeepalive = 25;
-      }];
+      peers = [
+        {
+          publicKey = "33BoONMGCm2vknq2eq72eozRsHmHQY6ZHEEZ4851TkY=";
+          allowedIPs = [ "0.0.0.0/0" "::/0"];
+          endpoint = "193.32.249.70:51820";
+          persistentKeepalive = 25;
+        }
+        # {
+        # publicKey = "DVui+5aifNFRIVDjH3v2y+dQ+uwI+HFZOd21ajbEpBo=";
+        # allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        # endpoint = "185.65.134.82:51820";
+        # persistentKeepalive = 25;
+        # }
+      ];
     };
   };
 }

nixos/hosts/olympus/ci/configuration.nix

@@ -40,6 +40,15 @@ in {
   };
 
   services.gitea-actions-runner.instances = {
+    runner_1 = {
+      name = "runner_1";
+      enable = true;
+      labels = [
+        "docker:docker://node:16-bullseye"
+      ];
+      url = "https://git.0x76.dev";
+      tokenFile = "${vs.gitea_runner}/token_runner_1";
+    };
     nix-native = {
       enable = true;
       name = "nix-native";

nixos/hosts/olympus/mailserver/configuration.nix

@@ -27,20 +27,37 @@ in {
   mailserver = {
     enable = true;
     fqdn = "mail.0x76.dev";
-    domains = [ "0x76.dev" "meowy.tech" ];
+    domains = [ "0x76.dev" "meowy.tech" "xirion.net" ];
     certificateScheme = "acme-nginx";
+    enableManageSieve = true;
+
+    monitoring = {
+      alertAddress = "v@0x76.dev";
+      enable = true;
+    };
 
     loginAccounts = {
       # People
       "v@0x76.dev" = {
         hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
-        aliases =
-          [ "v@meowy.tech" "postmaster@0x76.dev" "postmaster@meowy.tech" ];
+        catchAll = [ "xirion.net" "0x76.dev" ];
+        aliases = [
+          "postmaster@0x76.dev"
+          "abuse@0x76.dev"
+
+          "v@meowy.tech"
+          "abuse@meowy.tech"
+          "postmaster@meowy.tech"
+
+          "@xirion.net"
+          "@0x76.dev"
+        ];
       };
       "laura@meowy.tech" = {
         hashedPasswordFile = "${vs.mailserver}/laura@meowy.tech";
         aliases = [ "lau@meowy.tech" ];
       };
+
       # Services
       "gitea@0x76.dev" = {
         hashedPasswordFile = "${vs.mailserver}/gitea@0x76.dev";
@@ -82,6 +99,7 @@ in {
       pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
     plugins = [
       "archive"
+      "managesieve"
       # "enigma"
       # "markasjunk"
       "persistent_login"

nixos/pkgs/plex-pass/sources.json

@@ -1,14 +1,14 @@
 [
   {
-    "version": "1.32.3.7089",
+    "version": "1.32.4.7164",
     "platform": "aarch64-linux",
-    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.3.7089-b0a36929b/debian/plexmediaserver_1.32.3.7089-b0a36929b_arm64.deb",
-    "hash": "1sc6h04l0lxw3jzz01gn7i6wikqqds7nqh35rqvwhffjgdvmcjhq"
+    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.4.7164-1dc22f47b/debian/plexmediaserver_1.32.4.7164-1dc22f47b_arm64.deb",
+    "hash": "1k61rrdjlwhf14q8qdj976a53wf9f9ask0fwynldyqbvjfjgy0ws"
   },
   {
-    "version": "1.32.3.7089",
+    "version": "1.32.4.7164",
     "platform": "x86_64-linux",
-    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.3.7089-b0a36929b/debian/plexmediaserver_1.32.3.7089-b0a36929b_amd64.deb",
-    "hash": "074qvjl49rfn6s3naa5s71i5kd0an64laijz13cpsh55yy6zwgb3"
+    "url": "https://downloads.plex.tv/plex-media-server-new/1.32.4.7164-1dc22f47b/debian/plexmediaserver_1.32.4.7164-1dc22f47b_amd64.deb",
+    "hash": "0sa537yx7gjbabmisb26yrrlg7ql124qhwlc20r5m1hbq8i1i23w"
   }
 ]

nixos/pkgs/vscode-extensions/platformio.nix

@@ -5,7 +5,7 @@ in buildVscodeMarketplaceExtension {
     name = "platformio-ide";
     publisher = "platformio";
     version = "3.1.1";
-    sha256 = "sha256-fwEct7Tj8bfTOLRozSZJGWoLzWRSvYz/KxcnfpO8Usg=";
+    sha256 = "sha256-g9yTG3DjVUS2w9eHGAai5LoIfEGus+FPhqDnCi4e90Q=";
     # sha256 = lib.fakeSha256;
   };
 }