Nix flake update; container version updates

NixOS 24.11 upgrade; drop OpenVPN for WireGuard; clean up open ports
Update soft-serve; nix flake update; disable password auth explicitly
2024-12-25 18:59:40 -06:00 · 2024-12-05 09:19:27 -06:00 · 2024-10-12 15:28:33 -05:00 · 2024-08-29 13:17:19 -05:00 · 2024-08-14 22:19:20 -05:00 · 2024-08-07 10:02:50 -05:00
23 changed files with 153 additions and 231 deletions
--- a/flake.lock
+++ b/flake.lock
@ -10,11 +10,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1703433843,
-        "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
+        "lastModified": 1723293904,
+        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
+        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
        "type": "github"
      },
      "original": {
@ -48,11 +48,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1702912615,
-        "narHash": "sha256-qseX+/8drgwxOb1I3LKqBYMkmyeI5d5gmHqbZccR660=",
+        "lastModified": 1733148767,
+        "narHash": "sha256-Ht5wD/n2I/tQWNgYIdmi3UQbm1FNwp9m9JmDjZEd6ng=",
        "owner": "aristanetworks",
        "repo": "nix-serve-ng",
-        "rev": "21e65cb4c62b5c9e3acc11c3c5e8197248fa46a4",
+        "rev": "6e8d82a451fccbaa4714da8f7a3db5907bdfa96d",
        "type": "github"
      },
      "original": {
@ -63,35 +63,29 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1705916986,
-        "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=",
+        "lastModified": 1734991663,
+        "narHash": "sha256-8T660guvdaOD+2/Cj970bWlQwAyZLKrrbkhYOFcY1YE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8",
+        "rev": "6c90912761c43e22b6fb000025ab96dd31c971ff",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.11",
        "type": "indirect"
      }
    },
    "nixpkgs-lib": {
      "locked": {
-        "dir": "lib",
-        "lastModified": 1703961334,
-        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
-        "type": "github"
+        "lastModified": 1733096140,
+        "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
      },
      "original": {
-        "dir": "lib",
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
      }
    },
    "parts": {
@ -99,11 +93,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1704982712,
-        "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "07f6395285469419cf9d078f59b5b49993198c00",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -2,7 +2,7 @@
  description = "eve-psr-nix0 - Home Server";

  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.11";
+    nixpkgs.url = "nixpkgs/nixos-24.11";
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
@ -52,23 +52,23 @@
                    ./nix/application/containers.nix
                    ./nix/application/miniflux.nix
                    ./nix/application/nginx.nix
+                    ./nix/application/postgresql.nix

                    ./nix/monitoring/nginx.nix
                    ./nix/monitoring/grafana.nix
                    ./nix/monitoring/prometheus.nix
-                    ./nix/monitoring/loki.nix
-                    ./nix/monitoring/promtail.nix

                    ./nix/system/age.nix
+                    ./nix/system/backups.nix
                    ./nix/system/dns.nix
                    ./nix/system/hardware.nix
                    ./nix/system/nix-conf.nix
                    ./nix/system/network.nix
-                    ./nix/system/openvpn.nix
                    ./nix/system/overlays.nix
                    ./nix/system/security.nix
                    ./nix/system/system.nix
                    ./nix/system/virtualisation.nix
+                    ./nix/system/wireguard.nix

                    ./nix/user/users.nix
                  ];
--- a/nix/application/containers.nix
+++ b/nix/application/containers.nix
@ -23,7 +23,7 @@
      };

      jellyfin = {
-        image = "linuxserver/jellyfin:10.8.13";
+        image = "linuxserver/jellyfin:latest";
        ports = [ "8096:8096" "8920:8920" ];
        volumes = [
          "/home/sezycei/srv/containerdata/jellyfin/config:/config"
@ -94,7 +94,7 @@
      };

      softserve = {
-        image = "charmcli/soft-serve:v0.7.3";
+        image = "charmcli/soft-serve:v0.8.1";
        ports = [
          "23231:23231"
          "23232:23232"
@ -105,24 +105,34 @@
        environment = {
          SOFT_SERVE_NAME = "git.eversole.co";
          SOFT_SERVE_HTTP_PUBLIC_URL = "git.eversole.co";
-          SOFT_SERVE_GIT_MAX_CONNECTIONS = "5";
+          SOFT_SERVE_GIT_MAX_CONNECTIONS = "10";
          SOFT_SERVE_INITIAL_ADMIN_KEYS = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzsewMuoEbC0DwwNK23ZJb/ncpNtUuEgZNI2EdAsc7RnhIOhQBxj237qNMhh2mF/8hkASJZ2e4wrmNkjBM7aaz8mrcDY9rG23JMfnGiP4cU6dBC/NqHOuJypt6X28FI5I+dgw2T40sdIbkWAXOr5u5EAJcO6ROdas4zYSPHwl95s3txoGtQrQtgLHgddWMCr53n5KMwFUmqwM1ovVPZplZGaGG5m6VwBkjA0GZQPVFC+RIg6kIp9vUlsAlzPrlDqhTR32jazvaONNBsyUTuE+CJjitU4xoBs67jIFTcesMiFdThKt2HTq1AhXqiUgIfKaDvHfjzWLT8GihxDLpTBxS8G1qWlvkSja09nB/Pn1Y6XqgczM/y51OloowbvuskDZleFoapSYmJdq+rqSCoJ3JCykNGOcpdSBCucnDgR6CHEUPkJJoR0iCrK0ACEIxWhFuSterh/P8gxcH3e2PdcgxO8SfSBagdizOnDsWOw1SR8w6wVOLRrczMyx3hDXoabs= james@eversole.co";
        };
      };

      transmission = {
-        image = "haugene/transmission-openvpn:5";
+        image = "haugene/transmission-openvpn:5.3.1";
        ports = [ "9091:9091" ];
        volumes = [
          "/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json"
          "/etc/localtime:/etc/localtime:ro"
          "/home/torrent/data:/data"
+          "/home/sezycei/srv/scripts/transmission/custom-data:/etc/openvpn/custom"
        ];
        environmentFiles =
          [ config.age.secrets.transmission-env.path ];
        extraOptions = [ "--cap-add=NET_ADMIN" "--privileged" ];
      };

+      vaultwarden = {
+        image = "vaultwarden/server:1.32.7";
+        ports = [ "40080:80" ];
+        volumes = [
+          "/home/sezycei/srv/containerdata/bitwarden/data:/data"
+        ];
+        environmentFiles = [ config.age.secrets.bitwarden-env.path ];
+      };
+
    };
  };
 }
--- a/nix/application/nginx.nix
+++ b/nix/application/nginx.nix
@ -45,6 +45,7 @@
      in
      {
        "atuin.matri.cx" = proxied { target = "http://127.0.0.1:8888"; };
+        "brohan.lol" = static { dir = "/var/www/brohan.lol"; };
        "cache.matri.cx" = proxiedLAN {
          target = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
        };
@ -75,6 +76,7 @@
        "jame.su" = static { dir = "/var/www/jame.su"; };
        "matri.cx" = static { dir = "/var/www/matri.cx"; };
        "media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; };
+        "pw.eversole.co" = proxied { target = "http://127.0.0.1:40080"; };
        "sezycei.com" = static { dir = "/var/www/sezycei.com"; };
        "snakebelmont.com" = static { dir = "/var/www/snakebelmont.com"; };
        "transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9091"; };
--- a/nix/application/postgresql.nix
+++ b/nix/application/postgresql.nix
@ -0,0 +1,6 @@
+{ pkgs, config, ...}: {
+  services.postgresql = {
+    enable = true;
+    settings.port = 5432;
+  };
+}
--- a/nix/monitoring/grafana.nix
+++ b/nix/monitoring/grafana.nix
@ -10,12 +10,6 @@
          access = "proxy";
          url = "http://127.0.0.1:${toString config.services.prometheus.port}";
        }
-        {
-          name = "Loki";
-          type = "loki";
-          access = "proxy";
-          url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
-        }
      ];
    };
    settings = {
--- a/nix/monitoring/loki.nix
+++ b/nix/monitoring/loki.nix
@ -1,76 +0,0 @@
-{ config, pkgs, ... }: {
-  services.loki = {
-    enable = true;
-    configuration = {
-      server.http_listen_port = 6999;
-      auth_enabled = false;
-
-      ingester = {
-        lifecycler = {
-          address = "127.0.0.1";
-          ring = {
-            kvstore = {
-              store = "inmemory";
-            };
-            replication_factor = 1;
-          };
-        };
-        chunk_idle_period = "1h";
-        max_chunk_age = "1h";
-        chunk_target_size = 999999;
-        chunk_retain_period = "30s";
-        max_transfer_retries = 0;
-      };
-
-      schema_config = {
-        configs = [{
-          from = "2022-06-06";
-          store = "boltdb-shipper";
-          object_store = "filesystem";
-          schema = "v11";
-          index = {
-            prefix = "index_";
-            period = "24h";
-          };
-        }];
-      };
-
-      storage_config = {
-        boltdb_shipper = {
-          active_index_directory = "/var/lib/loki/boltdb-shipper-active";
-          cache_location = "/var/lib/loki/boltdb-shipper-cache";
-          cache_ttl = "24h";
-          shared_store = "filesystem";
-        };
-
-        filesystem = {
-          directory = "/var/lib/loki/chunks";
-        };
-      };
-      limits_config = {
-        reject_old_samples = true;
-        reject_old_samples_max_age = "168h";
-      };
-
-      chunk_store_config = {
-        max_look_back_period = "0s";
-      };
-
-      table_manager = {
-        retention_deletes_enabled = false;
-        retention_period = "0s";
-      };
-
-      compactor = {
-        working_directory = "/var/lib/loki";
-        shared_store = "filesystem";
-        compactor_ring = {
-          kvstore = {
-            store = "inmemory";
-          };
-        };
-      };
-    };
-  };
-
-}
--- a/nix/monitoring/nginx.nix
+++ b/nix/monitoring/nginx.nix
@ -16,16 +16,6 @@ in
          "127.0.0.1:${toString config.services.prometheus.port}" = { };
        };
      };
-      "loki" = {
-        servers = {
-          "127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}" = { };
-        };
-      };
-      "promtail" = {
-        servers = {
-          "127.0.0.1:${toString config.services.promtail.configuration.server.http_listen_port}" = { };
-        };
-      };
    };

    virtualHosts."graf.matri.cx" = {
@ -56,21 +46,5 @@ in
        port = 8020;
      }];
    };
-
-    virtualHosts.loki = {
-      locations."/".proxyPass = "http://loki";
-      listen = [{
-        addr = hostIP;
-        port = 8030;
-      }];
-    };
-
-    virtualHosts.promtail = {
-      locations."/".proxyPass = "http://promtail";
-      listen = [{
-        addr = hostIP;
-        port = 8031;
-      }];
-    };
  };
 }
--- a/nix/monitoring/promtail.nix
+++ b/nix/monitoring/promtail.nix
@ -1,31 +0,0 @@
-{ config, pkgs, ... }: {
-  services.promtail = {
-    enable = true;
-    configuration = {
-      server = {
-        http_listen_port = 6998;
-        grpc_listen_port = 0;
-      };
-      positions = {
-        filename = "/tmp/positions.yaml";
-      };
-      clients = [{
-        url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
-      }];
-      scrape_configs = [{
-        job_name = "journal";
-        journal = {
-          max_age = "12h";
-          labels = {
-            job = "systemd-journal";
-            host = "pihole";
-          };
-        };
-        relabel_configs = [{
-          source_labels = [ "__journal__systemd_unit" ];
-          target_label = "unit";
-        }];
-      }];
-    };
-  };
-}
--- a/nix/system/age.nix
+++ b/nix/system/age.nix
@ -18,7 +18,12 @@
      };
      keys.file = ../../secrets/keys.age;
      miniflux.file = ../../secrets/miniflux.age;
+      bitwarden-env.file = ../../secrets/bitwarden-env.age;
      transmission-env.file = ../../secrets/transmission-env.age;
+      "restic/env".file = ../../secrets/restic/env.age;
+      "restic/password".file = ../../secrets/restic/env.age;
+      "restic/repo".file = ../../secrets/restic/env.age;
+      "wireguard/server-private".file = ../../secrets/wireguard/server-private.age;
    };
    identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  };
--- a/nix/system/backups.nix
+++ b/nix/system/backups.nix
@ -0,0 +1,28 @@
+{ pkgs, config, ...}: {
+  services.restic.backups = {
+    daily = {
+      initialize = true;
+
+      environmentFile = config.age.secrets."restic/env".path;
+      passwordFile = config.age.secrets."restic/password".path;
+      repository = "s3:https://s3.amazonaws.com/matricxbackups";
+
+      paths = [
+        "${config.users.users.sezycei.home}/srv"
+        "${config.users.users.sezycei.home}/nix"
+        "${config.users.users.sezycei.home}/keys"
+        "${config.users.users.sezycei.home}/dev"
+      ];
+      
+      exclude = [
+        "*minecraft/OLD*"
+      ];
+
+      pruneOpts = [
+        "--keep-daily 7"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+      ];
+    };
+  };
+}
--- a/nix/system/dns.nix
+++ b/nix/system/dns.nix
@ -59,6 +59,12 @@
        }
      }

+      *.ycombinator.com {
+        template IN A  {
+            answer "{{ .Name }} 0 IN A 127.0.0.1"
+        }
+      }
+
      wired.com {
        template IN A  {
            answer "{{ .Name }} 0 IN A 127.0.0.1"
--- a/nix/system/network.nix
+++ b/nix/system/network.nix
@ -2,14 +2,14 @@
  networking = {
    hostName = "eve-psr-nix0";
    firewall = {
-      allowedTCPPorts = [ 22 80 443 7860 23231 23232 23233 9418 3000 ];
-      allowedUDPPorts = [ 53 1194 ];
+      allowedTCPPorts = [ 22 80 443 23231 23232 23233 ];
+      allowedUDPPorts = [ 53 51820 ];
      trustedInterfaces = [ "tun0" ];
    };
    nat = {
      enable = true;
      externalInterface = "enp1s0";
-      internalInterfaces = [ "tun0" ];
+      internalInterfaces = [ "tun0" "wg0" ];
    };
  };
 }
--- a/nix/system/openvpn.nix
+++ b/nix/system/openvpn.nix
@ -1,56 +0,0 @@
-{ config, pkgs, ... }:
-let
-  client-key = "/home/sezycei/srv/sec/openvpn/James/laptop.key";
-  domain = "matri.cx";
-  port = 1194;
-in
-{
-  services.openvpn.servers.laptop.config = ''
-    dev tun0
-    proto udp
-    ifconfig 10.8.0.1 10.8.0.2
-    secret ${client-key}
-    port ${toString port}
-
-    cipher AES-256-CBC
-    auth-nocache
-
-    comp-lzo
-    keepalive 10 60
-    ping-timer-rem
-    persist-tun
-    persist-key
-  '';
-
-  environment.etc."openvpn/laptop-client.ovpn" = {
-    text = ''
-      dev tun
-      remote "${domain}"
-      ifconfig 10.8.0.2 10.8.0.1
-      port ${toString port}
-      redirect-gateway def1
-
-      cipher AES-256-CBC
-      auth-nocache
-
-      comp-lzo
-      keepalive 10 60
-      resolv-retry infinite
-      nobind
-      persist-key
-      persist-tun
-      secret [inline]
-
-    '';
-    mode = "600";
-  };
-  system.activationScripts.openvpn-addkey = ''
-    f="/etc/openvpn/laptop-client.ovpn"
-    if ! grep -q '<secret>' $f; then
-      echo "appending secret key"
-      echo "<secret>" >> $f
-      cat ${client-key} >> $f
-      echo "</secret>" >> $f
-    fi
-  '';
-}
--- a/nix/system/security.nix
+++ b/nix/system/security.nix
@ -1,6 +1,9 @@
 { ... }: {
  services.openssh = {
    enable = true;
+    settings = {
+      PasswordAuthentication = true;
+    };
  };

  security = {
--- a/nix/system/wireguard.nix
+++ b/nix/system/wireguard.nix
@ -0,0 +1,33 @@
+{ pkgs, config, lib, ...}: {
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "192.168.3.1/24" ];
+      listenPort = 51820;
+      privateKeyFile = "/run/agenix/wireguard/server-private";
+
+      peers = [
+          #
+          # James
+          #
+        { # Primary Cell
+          publicKey = "jko+bd/y1+3X40/AGX9OpV2H/Wlb9C2Jwkfs4Knjljg=";
+          allowedIPs = [ "192.168.3.2/32" ];
+        }
+          #
+          # Caitlynn
+          #
+        { # Primary Cell
+          publicKey = "Xbp3+huOWE0sTcWtk5BA2Qc4gk5vjFVgE6+qYJBpgkY=";
+          allowedIPs = [ "192.168.3.3/32" ];
+        }
+      ];
+
+      postSetup = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE
+      '';
+      postShutdown = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 192.168.3.0/24 -o eth0 -j MASQUERADE
+      '';
+    };
+	};
+}
--- a/secrets.nix
+++ b/secrets.nix
@ -13,5 +13,10 @@ in
  "secrets/htpasswd-dock.age" = { publicKeys = all; };
  "secrets/keys.age" = { publicKeys = all; };
  "secrets/miniflux.age" = { publicKeys = all; };
+  "secrets/bitwarden-env.age" = { publicKeys = all; };
  "secrets/transmission-env.age" = { publicKeys = all; };
+  "secrets/restic/env.age" = { publicKeys = all; };
+  "secrets/restic/repo.age" = { publicKeys = all; };
+  "secrets/restic/password.age" = { publicKeys = all; };
+  "secrets/wireguard/server-private.age" = { publicKeys = all; };
 }
--- a/secrets/bitwarden-env.age
+++ b/secrets/bitwarden-env.age
--- a/secrets/restic/env.age
+++ b/secrets/restic/env.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 dQ70Fw hMZ1BRCxnZFhadsHa+UwDcB+kkVWbTh82EuqNJPZ5zs
+ESCOn4IDH8L69yNmE3vl9ORK0vKkIqG6dFTnawc9irg
+-> ssh-ed25519 ZIoeGg yluZnRqV6HL0TNvFqZCEIYW4W8f6f9EJ3K7nAz/dazE
+XpYM/h/jvO1MrS6v1PicZ4sTqCld84vhvXTI6AimnMU
+--- nLun26t45i7mAuT4w6JH3jbdPU8hjzINsHriqRA/T0o
+S‡ß9›µnĚŤzšëźu83Š¸6#Lď[25Ď
)áí{z(hťĹŻ˛ę°'.$ę‰Ţ‹PÓOgĆ]¬ç=€Ľő<C4BD>ňűâŇŐ>ŕµy)ÁĐ]ů04×Ä“/Ă™·ŚÁIW4Úő`RÔŢ›6aĆ	BŰç—8[~Ę‚oÓíů·<0B>m×Í«€}¬ ~ŁaĐ«@<40>SĘ¸ůúĘ<C3BA>ń<><11>iŹčsc,ú
+Š´ü^ĹG]|‹áN4<4E>ç-ŃŞŐĹ)GbĹçŐĂµ:ÁăÍ0IŤ™g˙Gü\"ň
+Čf
+Ć{°˛{Z÷'V>s4A
--- a/secrets/restic/password.age
+++ b/secrets/restic/password.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 dQ70Fw SztmSLi86IFvNJY13Pu7qJC8LDXeoEZsbCLl78su6wg
+f/uDl6KymRxVngdnhEYOxiL9I0JUZCYI3XThrn57+YQ
+-> ssh-ed25519 ZIoeGg wzOmbThAqyO47PQ2wQY0MoNsXcyMkoi4/+wGY15Xfns
+UvMwHPWytwvf0hNMiDKdONo1u09pICQ6/7EtECYDWbw
+--- IS6+hxeJQ3yIphn7Q0XxZvO2Zn+F1bX7oIgkZSkCQHU
+ÿÕ•Þô\\w"¤úìêTp;ÇÈGŽešÖñ²±=D‹fßYØn€±x¹<K`÷îÔ
--- a/secrets/restic/repo.age
+++ b/secrets/restic/repo.age
--- a/secrets/transmission-env.age
+++ b/secrets/transmission-env.age
--- a/secrets/wireguard/server-private.age
+++ b/secrets/wireguard/server-private.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 dQ70Fw ZqaqvUw6odr77kBeC+N9p8bFMYzD7MLCSAVi302J2VQ
+BUJX5uq5cd3jOFNOUnDHdcxV8OPkcY+W/aJnY3XaLCI
+-> ssh-ed25519 ZIoeGg y4LMGxFwIpd96YK7HjOQoHumpYqTklh1i3utAUTrMgg
+37dz1lwZoHwCwrTsaCnX9mrQzGrEoP5RHjNV0Kasid4
+--- 4tniCsqDuqZYGNn98GmgV8BS18E+0ANnjKWQU4wWHOs
+¹Â?;HŠª	˜&{Ã» Åƒt•c«y8<#Éà¼„ªmÂ¾±äk8
+šPèKH¬ÆÁ±Ow˜Ôéf¶}¿Pº`¯¾+…ßÝ5wÉot
Author	SHA1	Message	Date
James Eversole	60ca81f113	Nix flake update; container version updates	2024-12-25 18:59:40 -06:00
James Eversole	029653476f	NixOS 24.11 upgrade; drop OpenVPN for WireGuard; clean up open ports	2024-12-05 09:19:27 -06:00
James Eversole	ecfc60b2bb	Update soft-serve; nix flake update; disable password auth explicitly	2024-10-12 15:28:33 -05:00
James Eversole	83e4dd2ea7	Nix flake update; disable password auth in SSH	2024-08-29 13:17:19 -05:00
James Eversole	06c4c7bc13	Setup restic backup service; enable postgresql for general use	2024-08-14 22:19:20 -05:00
James Eversole	aa40c0c5e3	Add VaultWarden; update Transmission; reorder allowedTCPPorts	2024-08-07 10:02:50 -05:00
James Eversole	afbbe88620	nix flake update	2024-07-12 12:07:51 -05:00
James Eversole	baf6494a9c	Upgrade to 24.05; drop Loki/Promtail	2024-06-02 20:37:17 -05:00
James Eversole	a5dbee8755	Nix flake update; Add brohan.lol meme domain; update Jellyfin container	2024-05-31 14:13:13 -05:00
James Eversole	d317917453	Flake update; block Hacker News DNS; update Transmision VPN configuration	2024-04-12 10:21:46 -05:00