diff --git a/flake.lock b/flake.lock index ddb9686..54708c3 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -39,20 +39,59 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "lix": { + "inputs": { + "flake-compat": "flake-compat_2", + "nix2container": "nix2container", + "nixpkgs": "nixpkgs", + "nixpkgs-regression": "nixpkgs-regression", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1737234286, + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "revCount": 16631, + "type": "git", + "url": "https://git.lix.systems/lix-project/lix" + }, + "original": { + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "type": "git", + "url": "https://git.lix.systems/lix-project/lix" + } + }, "nix-serve-ng": { "inputs": { "flake-compat": "flake-compat", + "lix": "lix", "nixpkgs": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1733148767, - "narHash": "sha256-Ht5wD/n2I/tQWNgYIdmi3UQbm1FNwp9m9JmDjZEd6ng=", + "lastModified": 1748458972, + "narHash": "sha256-N6c3NozYqAGwmjf+k5GHOZzlcquDntrJwsZQ7O2sqtQ=", "owner": "aristanetworks", "repo": "nix-serve-ng", - "rev": "6e8d82a451fccbaa4714da8f7a3db5907bdfa96d", + "rev": "1d21f73a2d563ffbb924a4244c29b35e898caefe", "type": "github" }, "original": { @@ -61,28 +100,45 @@ "type": "github" } }, + "nix2container": { + "flake": false, + "locked": { + "lastModified": 1724996935, + "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1741332913, - "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", + "lastModified": 1733348545, + "narHash": "sha256-b4JrUmqT0vFNx42aEN9LTWOHomkTKL/ayLopflVf81U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "20755fa05115c84be00b04690630cb38f0a203ad", + "rev": "9ecb50d2fae8680be74c08bb0a995c5383747f89", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-24.11", - "type": "indirect" + "owner": "NixOS", + "ref": "nixos-24.11-small", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-lib": { "locked": { - "lastModified": 1740877520, - "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", "type": "github" }, "original": { @@ -91,16 +147,47 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1753115646, + "narHash": "sha256-yLuz5cz5Z+sn8DRAfNkrd2Z1cV6DaYO9JMrEz4KZo/c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "92c2e04a475523e723c67ef872d8037379073681", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-25.05", + "type": "indirect" + } + }, "parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1753121425, + "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "type": "github" }, "original": { @@ -109,11 +196,27 @@ "type": "github" } }, + "pre-commit-hooks": { + "flake": false, + "locked": { + "lastModified": 1733318908, + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", "nix-serve-ng": "nix-serve-ng", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "parts": "parts" } }, diff --git a/flake.nix b/flake.nix index 125f36f..c99992a 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "eve-psr-nix0 - Home Server"; inputs = { - nixpkgs.url = "nixpkgs/nixos-24.11"; + nixpkgs.url = "nixpkgs/nixos-25.05"; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nix/application/containers.nix b/nix/application/containers.nix index ece6113..d1d8be6 100644 --- a/nix/application/containers.nix +++ b/nix/application/containers.nix @@ -28,7 +28,7 @@ "/home/sezycei/srv/containerdata/gitea/config:/etc/gitea" ]; ports = [ "8027:3000" "23231:2222"]; - environment = + environment = { GITEA_APP_INI = "/etc/gitea/app.ini"; GITEA_CUSTOM = "/var/lib/gitea/custom"; @@ -48,13 +48,13 @@ "/home/sezycei/srv/containerdata/gitea/runner/data:/data" "/run/podman/podman.sock:/var/run/docker.sock" ]; - environment = + environment = { CONFIG_FILE = "/config.yaml"; GITEA_INSTANCE_URL = "https://git.eversole.co"; GITEA_RUNNER_REGISTRATION_TOKEN = "Rxl7OYPb4ysOmDZB3jnmzm7hJtQQYeaKHdn4jrbR"; GITEA_RUNNER_NAME = "nix0-primary"; - + }; }; @@ -96,7 +96,7 @@ volumes = [ "/home/sezycei/srv/containerdata/purr/data:/app/data" ]; - environment = { + environment = { ENVIRONMENT = "production"; APPLICATIONHOST = "localhost"; APPLICATIONPORT = "3000"; diff --git a/nix/application/nginx.nix b/nix/application/nginx.nix index 98fabfc..aabe8da 100644 --- a/nix/application/nginx.nix +++ b/nix/application/nginx.nix @@ -88,6 +88,15 @@ ''; }; "jame.su" = static { dir = "/var/www/jame.su"; }; + "llm.matri.cx" = proxiedLAN { + target = "http://192.168.0.94:11434"; + extra = '' + proxy_connect_timeout 1800s; + proxy_send_timeout 1800s; + proxy_read_timeout 1800s; + send_timeout 1800s; + ''; + }; "matri.cx" = static { dir = "/var/www/matri.cx"; }; "media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; }; "purr.eversole.co" = proxied { target = "http://127.0.0.1:5195"; }; diff --git a/nix/system/backups.nix b/nix/system/backups.nix index 38b7314..204237c 100644 --- a/nix/system/backups.nix +++ b/nix/system/backups.nix @@ -13,7 +13,7 @@ "${config.users.users.sezycei.home}/keys" "${config.users.users.sezycei.home}/dev" ]; - + exclude = [ "*minecraft/OLD*" ]; diff --git a/nix/system/dns.nix b/nix/system/dns.nix index fddbcd9..7937957 100644 --- a/nix/system/dns.nix +++ b/nix/system/dns.nix @@ -12,7 +12,7 @@ mail.matri.cx { template IN A { - answer "{{ .Name }} 0 IN A 149.28.112.101" + answer "{{ .Name }} 0 IN A 216.128.148.134" } } @@ -37,7 +37,7 @@ box.eversole.co { template IN A { - answer "{{ .Name }} 0 IN A 149.28.112.101" + answer "{{ .Name }} 0 IN A 216.128.148.134" } } diff --git a/nix/system/network.nix b/nix/system/network.nix index dac3abb..5b37a77 100644 --- a/nix/system/network.nix +++ b/nix/system/network.nix @@ -2,8 +2,8 @@ networking = { hostName = "eve-psr-nix0"; firewall = { - allowedTCPPorts = [ 22 80 443 5000 23231 23232 23233 ]; - allowedUDPPorts = [ 53 51820 config.services.tailscale.port ]; + allowedTCPPorts = [ 22 80 443 5000 23231 23232 23233 20443 ]; + allowedUDPPorts = [ 53 51820 config.services.tailscale.port 20443 ]; extraCommands = '' iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o enp1s0 -j MASQUERADE ''; diff --git a/nix/system/nix-conf.nix b/nix/system/nix-conf.nix index 9801523..fe27428 100644 --- a/nix/system/nix-conf.nix +++ b/nix/system/nix-conf.nix @@ -1,7 +1,7 @@ { config, ... }: { services = { nix-serve = { - enable = true; + enable = false; secretKeyFile = config.age.secrets.cache-key.path; }; };