diff --git a/config/hosts/forgejo/forgejo.nix b/config/hosts/forgejo/forgejo.nix index 45961cf..0f07af2 100644 --- a/config/hosts/forgejo/forgejo.nix +++ b/config/hosts/forgejo/forgejo.nix @@ -3,7 +3,6 @@ services.forgejo = { enable = true; database.type = "postgres"; - mailerPasswordFile = "/secrets/forgejo-mailer-password.secret"; settings = { DEFAULT = { @@ -60,5 +59,6 @@ HOST = "redis+socket:///run/redis-forgejo/redis.sock"; }; }; + secrets.mailer.PASSWD = "/secrets/forgejo-mailer-password.secret"; }; } diff --git a/config/hosts/keycloak/keycloak.nix b/config/hosts/keycloak/keycloak.nix index 79e9a96..e8e38c3 100644 --- a/config/hosts/keycloak/keycloak.nix +++ b/config/hosts/keycloak/keycloak.nix @@ -3,10 +3,10 @@ services.keycloak = { enable = true; settings = { - hostname = "id.nekover.se"; - hostname-admin = "keycloak-admin.nekover.se"; - hostname-strict-backchannel = true; - proxy = "edge"; + hostname = "https://id.nekover.se"; + hostname-admin = "https://keycloak-admin.nekover.se"; + proxy-headers = "forwarded"; + http-enabled = true; http-host = "127.0.0.1"; http-port = 8080; }; diff --git a/config/hosts/mail-1/configuration.nix b/config/hosts/mail-1/configuration.nix index 2418afc..c94de3b 100644 --- a/config/hosts/mail-1/configuration.nix +++ b/config/hosts/mail-1/configuration.nix @@ -15,28 +15,20 @@ ]; routes = [ { - routeConfig = { - Gateway = "10.202.41.1"; - Destination = "10.201.0.0/16"; - }; + Gateway = "10.202.41.1"; + Destination = "10.201.0.0/16"; } { - routeConfig = { - Gateway = "10.202.41.1"; - Destination = "10.202.0.0/16"; - }; + Gateway = "10.202.41.1"; + Destination = "10.202.0.0/16"; } { - routeConfig = { - Gateway = "10.202.41.1"; - Destination = "172.21.87.0/24"; - }; + Gateway = "10.202.41.1"; + Destination = "172.21.87.0/24"; } { - routeConfig = { - Gateway = "10.202.41.1"; - Destination = "212.53.203.19/32"; - }; + Gateway = "10.202.41.1"; + Destination = "212.53.203.19/32"; } ]; linkConfig.RequiredForOnline = "routable"; @@ -62,13 +54,11 @@ PrivateKeyFile = "/secrets/wireguard-mail-1-wg0-privatekey.secret"; }; wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ="; - PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret"; - Endpoint = "212.53.203.19:51822"; - AllowedIPs = [ "0.0.0.0/0" ]; - PersistentKeepalive = 25; - }; + PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ="; + PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret"; + Endpoint = "212.53.203.19:51822"; + AllowedIPs = [ "0.0.0.0/0" ]; + PersistentKeepalive = 25; }]; }; }; diff --git a/config/hosts/mail-2/configuration.nix b/config/hosts/mail-2/configuration.nix index b4a7192..f1fa002 100644 --- a/config/hosts/mail-2/configuration.nix +++ b/config/hosts/mail-2/configuration.nix @@ -15,28 +15,20 @@ ]; routes = [ { - routeConfig = { - Gateway = "10.201.41.1"; - Destination = "10.201.0.0/16"; - }; + Gateway = "10.201.41.1"; + Destination = "10.201.0.0/16"; } { - routeConfig = { - Gateway = "10.201.41.1"; - Destination = "10.202.0.0/16"; - }; + Gateway = "10.201.41.1"; + Destination = "10.202.0.0/16"; } { - routeConfig = { - Gateway = "10.201.41.1"; - Destination = "172.21.87.0/24"; - }; + Gateway = "10.201.41.1"; + Destination = "172.21.87.0/24"; } { - routeConfig = { - Gateway = "10.201.41.1"; - Destination = "217.160.117.160/32"; - }; + Gateway = "10.201.41.1"; + Destination = "217.160.117.160/32"; } ]; linkConfig.RequiredForOnline = "routable"; @@ -62,13 +54,11 @@ PrivateKeyFile = "/secrets/wireguard-mail-2-wg0-privatekey.secret"; }; wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4="; - PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret"; - Endpoint = "217.160.117.160:51820"; - AllowedIPs = [ "0.0.0.0/0" ]; - PersistentKeepalive = 25; - }; + PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4="; + PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret"; + Endpoint = "217.160.117.160:51820"; + AllowedIPs = [ "0.0.0.0/0" ]; + PersistentKeepalive = 25; }]; }; }; diff --git a/config/hosts/nextcloud/nextcloud.nix b/config/hosts/nextcloud/nextcloud.nix index 0b1f3a2..6adfeae 100644 --- a/config/hosts/nextcloud/nextcloud.nix +++ b/config/hosts/nextcloud/nextcloud.nix @@ -2,7 +2,7 @@ { services.nextcloud = { enable = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; hostName = "cloud.nekover.se"; https = true; config = { diff --git a/config/hosts/torrent/configuration.nix b/config/hosts/torrent/configuration.nix index 610fde4..83dbdab 100644 --- a/config/hosts/torrent/configuration.nix +++ b/config/hosts/torrent/configuration.nix @@ -25,5 +25,5 @@ }; }; - system.stateVersion = "23.11"; + system.stateVersion = "24.11"; } diff --git a/config/hosts/torrent/sonarr.nix b/config/hosts/torrent/sonarr.nix index 83318db..19c66ca 100644 --- a/config/hosts/torrent/sonarr.nix +++ b/config/hosts/torrent/sonarr.nix @@ -1,8 +1,19 @@ -{ nixpkgs-unstable, ... }: +{ ... }: { + # The sonarr package is dependend on .NET 6 which is marked as insecure. + # It doesn't seem to build with the later .NET versions. + # In the meantime allow the installation of these insecure packages since sonarr is only reachable locally. + nixpkgs.config = { + permittedInsecurePackages = [ + "aspnetcore-runtime-wrapped-6.0.36" + "aspnetcore-runtime-6.0.36" + "dotnet-sdk-wrapped-6.0.428" + "dotnet-sdk-6.0.428" + ]; + }; + services.sonarr = { enable = true; - package = nixpkgs-unstable.legacyPackages."x86_64-linux".sonarr; user = "torrent"; group = "torrent"; }; diff --git a/hosts.nix b/hosts.nix index 5111f63..fc029b7 100644 --- a/hosts.nix +++ b/hosts.nix @@ -92,6 +92,7 @@ in environment = "proxmox"; }; torrent = { + hostNixpkgs = nixpkgs-unstable; site = "vs"; environment = "proxmox"; };