(bug): canihazcat :(

features/server/backups-repos.nix

@@ -1,5 +1,5 @@
-U2FsdGVkX1+pKUtcxhT27nl6afKy5paC7y9iBtZgbq2rnuJebgGFCD0AxE1TOWMV
+U2FsdGVkX1+alugeaL42d1DXdx+FlLJ9RQErEECKiXmHETExGwdgvNOSSjSXfWc0
-RaWwqeK7YaU7MnImh+b7JfR3C7b6OgQz3+V+gGhC8f10e23maH/me3m3SNsxLp4w
+Mo22lNDdaoVtCK2gcsBqdxxI8Y6RlxuJvznyk7MO3dqT+CYSxbOS8NMfCu7q+NDg
-BS4SQZzrWc5WHS+QHTCH7tfUyFPYBs8xnfMAN+TGqB/ud0l7ZZ7MRvpU2IHpzoi1
+zelWePoV+99RmeI7dbkgFrwzw1F3YEXlrTnfmsr72Qb9kje1j9GRaN73Tvc3+PMN
-8ek6OT+w/oyXU3o5eVklEuXpTEB2dcGJ41hbXCEDn7ELyfpaF/+Tx5yGGIJ73FvS
+Rq0QmIXluZLSt0z1dfn/lOSY9Q4kB2t/60ErNAC4tL58sK7Dry6G2mjT8pHwOzF8
-+P2s1wpjWnrHPj78aphmdm8Q/PZ81vDU4/e2nyg4OcHyOPXVVnwhRUWl1Y9/a/sK
+yXP1iuae6jhNDmlgoXuH76ktVYdS+nbURWjvt0uFQENyU29+r9pCpJDhExNdvPKX

features/server/backups.nix

@@ -1,11 +1,24 @@
-{ config, ... }:
+{
+  config,
+  secrets,
+  pkgs,
+  ...
+}:
 {
   imports = [
     ./backups-repos.nix
   ];
   sops.secrets.borgRepoPassword = { };
   sops.secrets.borgRemoteServerPassword = {
-    sopsFile = "/home/homelab/secrets/backup.yaml";
+    sopsFile = "${secrets}/secrets/backup.yaml";
+  };
+
+  sops.secrets.sshBorgOffsiteBackup = {
+    sopsFile = "${secrets}/secrets/backup.yaml";
+  };
+
+  sops.secrets.borgOffsiteBackupHostKeys = {
+    sopsFile = "${secrets}/secrets/backup.yaml";
   };
 
   services.borgbackup.jobs = {
@@ -64,25 +77,26 @@
           "/srv/freshrss"
           "/srv/Minecraft"
         ];
-        postgres_databases = [
+        postgresql_databases = [
-          "forgejo"
+          { name = "forgejo"; }
-          "nextcloud"
+          { name = "nextcloud"; }
-          "matrix-synapse"
+          { name = "matrix-synapse"; }
         ];
         exclude_patterns = [ "/home/*/.cache" ];
-        encryption_passcommand = "cat /run/secrets/borgRemoteServerPassword";
+        encryption_passcommand = "${pkgs.coreutils}/bin/cat /run/secrets/borgRemoteServerPassword";
+        ssh_command = "ssh -o GlobalKnownHostsFile=${config.sops.secrets.borgOffsiteBackupHostKeys.path} -i ${config.sops.secrets.sshBorgOffsiteBackup.path}";
       };
     };
   };
 
-  systemd.timers.borgmatic = {
+  systemd.timers."borgmatic" = {
     enable = true;
-    unit = "borgmatic.service";
     wantedBy = [ "timers.target" ];
     timerConfig = {
       OnCalendar = "*-*-* 03:00:00";
       Persistent = true;
       WakeSystem = true;
+      Unit = "borgmatic.service";
     };
   };
 }

features/server/caddy.nix

@@ -24,6 +24,10 @@
         reverse_proxy :8096
       '';
 
+      "http://media.hypervirtual.world".extraConfig = ''
+        reverse_proxy :8096
+      '';
+
       "http://slskd.sisyphe.normandy.hypervirtual.world".extraConfig = ''
         reverse_proxy :5030
       '';
@@ -48,7 +52,7 @@
         reverse_proxy :3000
       '';
 
-      "http://status.normandy.hypervirtual.world".extraConfig = ''
+      "http://status.hypervirtual.world".extraConfig = ''
         reverse_proxy :4000
       '';
 

features/server/default.nix

@@ -28,6 +28,6 @@
     ethtool
     networkd-dispatcher
     transcrypt
-    libressl_3_8
+    libressl_3_9
   ];
 }

features/server/multimedia/arr-suite.nix

@@ -1,10 +1,7 @@
 {
   config,
-  pkgs,
-  lib,
   ...
 }:
-with lib;
 
 let
   cfg = config.arrSuite;
@@ -35,27 +32,27 @@ in
     enable = true;
     openFirewall = true;
   };
-/*
+  /*
-    #TODO: create duplicated instances of Sonarr.
+      #TODO: create duplicated instances of Sonarr.
-    systemd.services."sonarrAnime" = {
+      systemd.services."sonarrAnime" = {
-      enable = true;
+        enable = true;
-      description = "Duplicated Sonarr instance, for animes";
+        description = "Duplicated Sonarr instance, for animes";
-      after = [
+        after = [
-        "syslog.target"
+          "syslog.target"
-        "network.target"
+          "network.target"
-      ];
+        ];
 
-      path = [ pkgs.sonarr ];
+        path = [ pkgs.sonarr ];
-      serviceConfig = {
+        serviceConfig = {
-        Type = "simple";
+          Type = "simple";
-        User = "sonarr";
+          User = "sonarr";
-        ExecStart = "${pkgs.sonarr}/bin/Sonarr -nobrowser -data=/var/lib/sonarrAnime";
+          ExecStart = "${pkgs.sonarr}/bin/Sonarr -nobrowser -data=/var/lib/sonarrAnime";
-        TimeoutStopSec = "20";
+          TimeoutStopSec = "20";
-        KillMode = "process";
+          KillMode = "process";
-        Restart = "on-failure";
+          Restart = "on-failure";
+        };
+        wantedBy = [ "multi-user.target" ];
       };
-      wantedBy = [ "multi-user.target" ];
+  */
-    };
-*/
 
 }

features/server/multimedia/jellyfin.nix

@@ -16,6 +16,7 @@
       intel-media-sdk # QSV up to 11th gen
     ];
   };
+
   services.jellyfin = {
     enable = true;
     openFirewall = true;

features/server/multimedia/slskd.nix

@@ -1,12 +1,17 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  secrets,
+  ...
+}:
 with lib;
 
 let
-  cfg = config.slskd;
+  cfg = config.downloads.music;
 in
 {
   options = {
-    slskd.directory = mkOption {
+    downloads.music.directory = mkOption {
       type = types.str;
       default = "/srv/media/Music";
     };
@@ -14,7 +19,7 @@ in
   config = {
 
     sops.secrets.slskd = {
-      sopsFile = ../../../secrets/slskd.env;
+      sopsFile = "${secrets}/secrets/slskd.env";
       format = "dotenv";
     };
 

features/server/multimedia/transmission.nix

@@ -1,12 +1,17 @@
-{ config, lib, ... }:
+{
+  config,
+  secrets,
+  lib,
+  ...
+}:
 with lib;
 
 let
-  cfg = config.transmission;
+  cfg = config.downloads.transmission;
 in
 {
   options = {
-    transmission = {
+    downloads.transmission = {
       directory = mkOption {
         type = lib.types.str;
         default = "/srv/Multimedia";
@@ -16,7 +21,7 @@ in
 
   config = {
     sops.secrets.transmission = {
-      sopsFile = ../../../secrets/transmission.json;
+      sopsFile = "${secrets}/secrets/transmission.json";
       path = "/var/lib/secrets/transmission/settings.json";
     };
 

features/server/services/freshrss.nix

@@ -14,18 +14,14 @@ in
 
   config = {
     sops.secrets = {
-      freshrss_username = {
+      freshrss_username = { };
-        sopsFile = ../../secrets/freshrss.yaml;
+      freshrss_password = { };
-      };
-      freshrss_password = {
-        sopsFile = ../../secrets/freshrss.yaml;
-      };
     };
 
     services.freshrss = {
       enable = true;
       language = "fr";
-      defaultUser = config.sops.secrets.freshrss_username;
+      defaultUser = "";
       baseUrl = cfg.url;
       passwordFile = config.sops.secrets.freshrss_password.path;
       database = {

features/server/services/grafana.nix

@@ -4,7 +4,6 @@
     enable = true;
     settings = {
       server = {
-        http_addr = "0.0.0.0";
         http_port = 3000;
       };
     };

features/server/services/homelab-dashboard.nix

@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  secrets,
   pkgs,
   ...
 }:
@@ -33,7 +34,7 @@ in
   #TODO: add Radarr/Sonarr/... api key support
   config = {
     sops.secrets."homepage" = {
-      sopsFile = ../../../secrets/homepage.env;
+      sopsFile = "${secrets}/secrets/homepage.env";
       format = "dotenv";
     };
 
@@ -220,12 +221,11 @@ in
         {
           "Utilitaires" = [
             {
-              "Photoprism" = {
+              "Nextcloud" = {
-                icon = "photoprism";
+                icon = "nextcloud";
-                description = "Sauvegarde de photos";
+                description = "Sauvegarde de données";
-                href = "http://${ip}:2342";
+                href = "https://cloud.hypervirtual.world";
               };
-
             }
             {
               "4get" = {

features/server/services/i2p.nix

@@ -1,7 +0,0 @@
-{ config, pkgs, ... }:
-{
-  services.i2pd = {
-    enable = true;
-    upnp.enable = true;
-  };
-}

features/server/services/uptime-kuma.nix

@@ -4,7 +4,6 @@
   services.uptime-kuma = {
     enable = true;
     settings = {
-      HOST = "0.0.0.0";
       PORT = "4000";
     };
   };

flake.nix

@@ -8,8 +8,10 @@
     alejandra.url = "github:kamadorueda/alejandra/3.0.0";
     alejandra.inputs.nixpkgs.follows = "nixpkgs";
 
-    nix-secrets.url = "git.hypervirtual.world:harry123/nix-secrets.git";
+    nix-secrets = {
-    nix-secrets.inputs.nixpkgs.follows = "nixpkgs";
+      url = "git+https://git.hypervirtual.world/harry123/nix-secrets.git";
+      flake = false;
+    };
   };
 
   outputs =
@@ -21,15 +23,18 @@
     }@inputs:
     let
       username = "harry123";
+      secrets = builtins.toString inputs.nix-secrets;
 
       specialArgs = {
         inherit username;
+        inherit secrets;
       };
     in
     {
       nixosConfigurations = {
         sisyphe = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
+          specialArgs = specialArgs;
           modules = [
             ./hosts/sisyphe/configuration.nix
             sops-nix.nixosModules.sops

hosts/sisyphe/server-configuration.nix

@@ -3,6 +3,7 @@
   config,
   lib,
   pkgs,
+  secrets,
   ...
 }:
 let
@@ -36,6 +37,7 @@ in
       enable = true;
       allowedTCPPorts = [
         22 # ssh
+        80 # http
         8008 # matrix-synapse
         8448 # matrix-synapse
       ];
@@ -60,5 +62,5 @@ in
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
   sops.age.keyFile = "/var/lib/sops-nix/key.txt";
   sops.age.generateKey = true;
-  sops.defaultSopsFile = ../../secrets/secrets.yaml;
+  sops.defaultSopsFile = "${secrets}/secrets/secrets.yaml";
 }