thunderbottom/flakes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: thunderbottom:9404b4e71da933e51ec9d3517a71cf8fb5ff7ae7
Branches Tags
thunderbottom:main
thunderbottom:master
..
compare: thunderbottom:8e6c4528543403dc254ad85d5f55275d6e90b59a
Branches Tags
thunderbottom:main
thunderbottom:master

6 Commits
9404b4e71d ... 8e6c452854

Author SHA1 Message Date
Chinmay D. Pai
8e6c452854
fix: use builtin.readFile for cloudflare IPs and add sha256 
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
 2024-10-06 00:03:58 +05:30
Chinmay D. Pai
164acc1042
fix: use correct module options for fail2ban 
* ignoreIPs -> ignoreIP
* Add settings block to each jail

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
 2024-10-06 00:03:01 +05:30
Chinmay D. Pai
a9d7582fcf
chore: upgrade vuetorrent to 2.13.3 
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
 2024-10-06 00:02:33 +05:30
Chinmay D. Pai
16683be33e
fix: change disk blkid for bicboye 
Caused a mishap at the storage level. Reformatted the disk and restored
the data.

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
 2024-10-06 00:01:43 +05:30
Chinmay D. Pai
6887ce0427
chore: replace vaapiIntel with intel-vaapi-driver 
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
 2024-10-06 00:01:20 +05:30
Chinmay D. Pai
a6805a4ddc
chore: upgrade default postgres to 16 and remove upgrade script 
Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
 2024-10-06 00:00:36 +05:30
7 changed files with 30 additions and 55 deletions
Show Stats Expand all files Collapse all files

8
modules/nixos/services/arr/jellyfin/default.nix
View File

@ -38,12 +38,12 @@
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-compute-runtime
vpl-gpu-rt
vaapiIntel
vaapiVdpau
intel-media-driver
intel-vaapi-driver
libvdpau-va-gl
vaapiVdpau
vpl-gpu-rt
];
};

20
modules/nixos/services/fail2ban/default.nix
View File

@ -28,7 +28,7 @@
factor = "4";
};
ignoreIPs =
ignoreIP =
[
"192.168.69.0/16"
"172.16.0.0/12"
@ -38,9 +38,11 @@
jails = {
DEFAULT = {
blocktype = "DROP";
bantime = "6h";
findtime = "6h";
settings = {
blocktype = "DROP";
bantime = lib.mkDefault "6h";
findtime = "6h";
};
};
sshd = {
@ -56,10 +58,12 @@
};
port-scan = {
filter = "port-scan";
action = "iptables-allports[name=port-scan]";
bantime = 86400;
maxretry = 2;
settings = {
filter = "port-scan";
action = "iptables-allports[name=port-scan]";
bantime = 86400;
maxretry = 2;
};
};
};
};

12
modules/nixos/services/nginx/default.nix
View File

@ -55,12 +55,18 @@
return 444;
}
''
++ lib.optionalString cfg.enableCloudflareRealIP ''
+ lib.optionalString cfg.enableCloudflareRealIP ''
${lib.concatMapStrings (ip: "set_real_ip_from ${ip};\n")
(lib.filter (line: line != "")
(lib.splitString "\n" ''
${lib.readFile (lib.fetchurl "https://www.cloudflare.com/ips-v4/")}
${lib.readFile (lib.fetchurl "https://www.cloudflare.com/ips-v6/")}
${lib.readFile (builtins.fetchurl {
url = "https://www.cloudflare.com/ips-v4/";
sha256 = "sha256-8Cxtg7wBqwroV3Fg4DbXAMdFU1m84FTfiE5dfZ5Onns=";
})}
${lib.readFile (builtins.fetchurl {
url = "https://www.cloudflare.com/ips-v6/";
sha256 = "sha256-np054+g7rQDE3sr9U8Y/piAp89ldto3pN9K+KCNMoKk=";
})}
''))}
real_ip_header CF-Connecting-IP;
'';

38
modules/nixos/services/postgresql/default.nix
View File

@ -9,12 +9,11 @@
package = lib.mkOption {
type = lib.types.package;
default = pkgs.postgresql_14;
description = "Package to use as a root directory for the static site";
default = pkgs.postgresql_16;
description = "Package to use for the PostgreSQL service";
};
backup.enable = lib.mkEnableOption "Enable backup service for postgresql databases";
upgrade.enable = lib.mkEnableOption "Enable upgrade-pg-cluster script for postgresql";
};
config = let
@ -60,38 +59,5 @@
echo ${curFile}
'';
};
# NOTE: login with `sudo su -` and run `upgrade-pg-cluster` to perform
# the upgrade. Ensure that you run `VACUUMDB` commands after the upgrade,
# and then update the postgres package version in the service config.
environment.systemPackages = lib.mkIf cfg.upgrade.enable [
(let
newPostgres = pkgs.postgresql_16.withPackages (ps: [
# Immich requires pgvecto-rs
ps.pgvecto-rs
]);
in
pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# It's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${config.services.postgresql.dataDir}"
export OLDBIN="${config.services.postgresql.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
};
}

4
packages/vuetorrent/default.nix
View File

@ -6,11 +6,11 @@
}:
stdenv.mkDerivation rec {
pname = "vuetorrent";
version = "2.10.2";
version = "2.13.3";
src = pkgs.fetchurl {
url = "https://github.com/WDaan/VueTorrent/releases/download/v${version}/vuetorrent.zip";
sha256 = "sha256-pJzj3jHXmpKca1zyOTlzUQvp7/LtjjMGNt9SMDo89yo=";
sha256 = "sha256-MmzJhzRqlYhcHbvz4ycCobclZ9Idpranyh+doDEdoh8=";
};
buildInputs = with pkgs; [unzip];

1
systems/x86_64-linux/bicboye/default.nix
View File

@ -143,7 +143,6 @@
postgresql = {
enable = true;
backup.enable = true;
upgrade.enable = true;
};
vaultwarden = {

2
systems/x86_64-linux/bicboye/hardware.nix
View File

@ -96,7 +96,7 @@ _: {
};
"/storage/media" = {
device = "/dev/disk/by-uuid/f8aadf58-d561-476b-a2c5-64b266dc5755";
device = "/dev/disk/by-uuid/8cf1e73e-39fe-4e5d-a2ec-652e51931f27";
fsType = "btrfs";
options = [
"defaults"