Compare commits
6 Commits
9404b4e71d
...
8e6c452854
Author | SHA1 | Date | |
---|---|---|---|
8e6c452854 | |||
164acc1042 | |||
a9d7582fcf | |||
16683be33e | |||
6887ce0427 | |||
a6805a4ddc |
@ -38,12 +38,12 @@
|
|||||||
hardware.graphics = {
|
hardware.graphics = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraPackages = with pkgs; [
|
extraPackages = with pkgs; [
|
||||||
intel-media-driver
|
|
||||||
intel-compute-runtime
|
intel-compute-runtime
|
||||||
vpl-gpu-rt
|
intel-media-driver
|
||||||
vaapiIntel
|
intel-vaapi-driver
|
||||||
vaapiVdpau
|
|
||||||
libvdpau-va-gl
|
libvdpau-va-gl
|
||||||
|
vaapiVdpau
|
||||||
|
vpl-gpu-rt
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
factor = "4";
|
factor = "4";
|
||||||
};
|
};
|
||||||
|
|
||||||
ignoreIPs =
|
ignoreIP =
|
||||||
[
|
[
|
||||||
"192.168.69.0/16"
|
"192.168.69.0/16"
|
||||||
"172.16.0.0/12"
|
"172.16.0.0/12"
|
||||||
@ -38,9 +38,11 @@
|
|||||||
|
|
||||||
jails = {
|
jails = {
|
||||||
DEFAULT = {
|
DEFAULT = {
|
||||||
blocktype = "DROP";
|
settings = {
|
||||||
bantime = "6h";
|
blocktype = "DROP";
|
||||||
findtime = "6h";
|
bantime = lib.mkDefault "6h";
|
||||||
|
findtime = "6h";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sshd = {
|
sshd = {
|
||||||
@ -56,10 +58,12 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
port-scan = {
|
port-scan = {
|
||||||
filter = "port-scan";
|
settings = {
|
||||||
action = "iptables-allports[name=port-scan]";
|
filter = "port-scan";
|
||||||
bantime = 86400;
|
action = "iptables-allports[name=port-scan]";
|
||||||
maxretry = 2;
|
bantime = 86400;
|
||||||
|
maxretry = 2;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -55,12 +55,18 @@
|
|||||||
return 444;
|
return 444;
|
||||||
}
|
}
|
||||||
''
|
''
|
||||||
++ lib.optionalString cfg.enableCloudflareRealIP ''
|
+ lib.optionalString cfg.enableCloudflareRealIP ''
|
||||||
${lib.concatMapStrings (ip: "set_real_ip_from ${ip};\n")
|
${lib.concatMapStrings (ip: "set_real_ip_from ${ip};\n")
|
||||||
(lib.filter (line: line != "")
|
(lib.filter (line: line != "")
|
||||||
(lib.splitString "\n" ''
|
(lib.splitString "\n" ''
|
||||||
${lib.readFile (lib.fetchurl "https://www.cloudflare.com/ips-v4/")}
|
${lib.readFile (builtins.fetchurl {
|
||||||
${lib.readFile (lib.fetchurl "https://www.cloudflare.com/ips-v6/")}
|
url = "https://www.cloudflare.com/ips-v4/";
|
||||||
|
sha256 = "sha256-8Cxtg7wBqwroV3Fg4DbXAMdFU1m84FTfiE5dfZ5Onns=";
|
||||||
|
})}
|
||||||
|
${lib.readFile (builtins.fetchurl {
|
||||||
|
url = "https://www.cloudflare.com/ips-v6/";
|
||||||
|
sha256 = "sha256-np054+g7rQDE3sr9U8Y/piAp89ldto3pN9K+KCNMoKk=";
|
||||||
|
})}
|
||||||
''))}
|
''))}
|
||||||
real_ip_header CF-Connecting-IP;
|
real_ip_header CF-Connecting-IP;
|
||||||
'';
|
'';
|
||||||
|
@ -9,12 +9,11 @@
|
|||||||
|
|
||||||
package = lib.mkOption {
|
package = lib.mkOption {
|
||||||
type = lib.types.package;
|
type = lib.types.package;
|
||||||
default = pkgs.postgresql_14;
|
default = pkgs.postgresql_16;
|
||||||
description = "Package to use as a root directory for the static site";
|
description = "Package to use for the PostgreSQL service";
|
||||||
};
|
};
|
||||||
|
|
||||||
backup.enable = lib.mkEnableOption "Enable backup service for postgresql databases";
|
backup.enable = lib.mkEnableOption "Enable backup service for postgresql databases";
|
||||||
upgrade.enable = lib.mkEnableOption "Enable upgrade-pg-cluster script for postgresql";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = let
|
config = let
|
||||||
@ -60,38 +59,5 @@
|
|||||||
echo ${curFile}
|
echo ${curFile}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# NOTE: login with `sudo su -` and run `upgrade-pg-cluster` to perform
|
|
||||||
# the upgrade. Ensure that you run `VACUUMDB` commands after the upgrade,
|
|
||||||
# and then update the postgres package version in the service config.
|
|
||||||
environment.systemPackages = lib.mkIf cfg.upgrade.enable [
|
|
||||||
(let
|
|
||||||
newPostgres = pkgs.postgresql_16.withPackages (ps: [
|
|
||||||
# Immich requires pgvecto-rs
|
|
||||||
ps.pgvecto-rs
|
|
||||||
]);
|
|
||||||
in
|
|
||||||
pkgs.writeScriptBin "upgrade-pg-cluster" ''
|
|
||||||
set -eux
|
|
||||||
# It's perhaps advisable to stop all services that depend on postgresql
|
|
||||||
systemctl stop postgresql
|
|
||||||
|
|
||||||
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
|
|
||||||
|
|
||||||
export NEWBIN="${newPostgres}/bin"
|
|
||||||
|
|
||||||
export OLDDATA="${config.services.postgresql.dataDir}"
|
|
||||||
export OLDBIN="${config.services.postgresql.package}/bin"
|
|
||||||
|
|
||||||
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
|
|
||||||
cd "$NEWDATA"
|
|
||||||
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
|
|
||||||
|
|
||||||
sudo -u postgres $NEWBIN/pg_upgrade \
|
|
||||||
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
|
|
||||||
--old-bindir $OLDBIN --new-bindir $NEWBIN \
|
|
||||||
"$@"
|
|
||||||
'')
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -6,11 +6,11 @@
|
|||||||
}:
|
}:
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "vuetorrent";
|
pname = "vuetorrent";
|
||||||
version = "2.10.2";
|
version = "2.13.3";
|
||||||
|
|
||||||
src = pkgs.fetchurl {
|
src = pkgs.fetchurl {
|
||||||
url = "https://github.com/WDaan/VueTorrent/releases/download/v${version}/vuetorrent.zip";
|
url = "https://github.com/WDaan/VueTorrent/releases/download/v${version}/vuetorrent.zip";
|
||||||
sha256 = "sha256-pJzj3jHXmpKca1zyOTlzUQvp7/LtjjMGNt9SMDo89yo=";
|
sha256 = "sha256-MmzJhzRqlYhcHbvz4ycCobclZ9Idpranyh+doDEdoh8=";
|
||||||
};
|
};
|
||||||
|
|
||||||
buildInputs = with pkgs; [unzip];
|
buildInputs = with pkgs; [unzip];
|
||||||
|
@ -143,7 +143,6 @@
|
|||||||
postgresql = {
|
postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
backup.enable = true;
|
backup.enable = true;
|
||||||
upgrade.enable = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
vaultwarden = {
|
vaultwarden = {
|
||||||
|
@ -96,7 +96,7 @@ _: {
|
|||||||
};
|
};
|
||||||
|
|
||||||
"/storage/media" = {
|
"/storage/media" = {
|
||||||
device = "/dev/disk/by-uuid/f8aadf58-d561-476b-a2c5-64b266dc5755";
|
device = "/dev/disk/by-uuid/8cf1e73e-39fe-4e5d-a2ec-652e51931f27";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [
|
options = [
|
||||||
"defaults"
|
"defaults"
|
||||||
|
Loading…
Reference in New Issue
Block a user