From 6b7ca2b194c0955281f5829243ef59292950ce58 Mon Sep 17 00:00:00 2001 From: cnst Date: Sat, 11 Oct 2025 11:04:15 +0200 Subject: [PATCH] feat(update): new kernel, new container versions and temporarily moving to zfs_unstable in waiting for stable to catch up with new kernel --- hosts/sobotka/default.nix | 5 +- modules/nixos/programs/pkgs/default.nix | 14 +-- modules/server/authentik/default.nix | 3 - modules/server/homepage-dashboard/default.nix | 2 +- modules/server/nextcloud/default.nix | 2 +- modules/server/podman/default.nix | 92 ++++++++++--------- 6 files changed, 58 insertions(+), 60 deletions(-) diff --git a/hosts/sobotka/default.nix b/hosts/sobotka/default.nix index df18e7d4..2fb5d327 100644 --- a/hosts/sobotka/default.nix +++ b/hosts/sobotka/default.nix @@ -68,7 +68,10 @@ in { boot = { supportedFilesystems = ["zfs"]; - zfs.extraPools = ["data"]; + zfs = { + package = pkgs.zfs_unstable; + extraPools = ["data"]; + }; }; services.zfs = { diff --git a/modules/nixos/programs/pkgs/default.nix b/modules/nixos/programs/pkgs/default.nix index 020e0472..b6058d68 100644 --- a/modules/nixos/programs/pkgs/default.nix +++ b/modules/nixos/programs/pkgs/default.nix @@ -3,17 +3,16 @@ config, lib, ... -}: -let - inherit (lib) +}: let + inherit + (lib) mkIf mkOption mkMerge types ; cfg = config.nixos.programs.pkgs; -in -{ +in { options = { nixos.programs.pkgs = { enable = mkOption { @@ -51,8 +50,7 @@ in }; config = mkIf cfg.enable { - environment.systemPackages = - with pkgs; + environment.systemPackages = with pkgs; mkMerge [ [ pciutils @@ -110,9 +108,7 @@ in (mkIf cfg.server.enable [ nvtopPackages.intel - nvtopPackages.amd helix - zfs zfstools ]) diff --git a/modules/server/authentik/default.nix b/modules/server/authentik/default.nix index db4f8039..133e12af 100644 --- a/modules/server/authentik/default.nix +++ b/modules/server/authentik/default.nix @@ -53,11 +53,9 @@ in { age.secrets = { authentikEnv = { file = "${self}/secrets/authentikEnv.age"; - owner = "authentik"; }; authentikCloudflared = { file = "${self}/secrets/authentikCloudflared.age"; - owner = "authentik"; }; }; @@ -99,7 +97,6 @@ in { middlewares = { authentik = { forwardAuth = { - # tls.insecureSkipVerify = true; address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik"; trustForwardHeader = true; authResponseHeaders = [ diff --git a/modules/server/homepage-dashboard/default.nix b/modules/server/homepage-dashboard/default.nix index 7ca11976..ea6cbf10 100644 --- a/modules/server/homepage-dashboard/default.nix +++ b/modules/server/homepage-dashboard/default.nix @@ -101,7 +101,7 @@ in { label = "SYSTEM"; memory = true; cpu = true; - uptime = true; + uptime = false; }; } ]; diff --git a/modules/server/nextcloud/default.nix b/modules/server/nextcloud/default.nix index bc6c9421..45f0b76a 100644 --- a/modules/server/nextcloud/default.nix +++ b/modules/server/nextcloud/default.nix @@ -69,7 +69,7 @@ in { services = { ${unit} = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; hostName = "nextcloud"; configureRedis = true; caching = { diff --git a/modules/server/podman/default.nix b/modules/server/podman/default.nix index 9f523d96..395f3aab 100644 --- a/modules/server/podman/default.nix +++ b/modules/server/podman/default.nix @@ -143,61 +143,63 @@ in { ]; }; - services.traefik = lib.mkMerge [ - (lib.mkIf cfg.pihole.enable { - dynamicConfigOptions = { - http = { - services = { - pihole.loadBalancer.servers = [{url = "http://localhost:${toString cfg.pihole.port}";}]; - }; - routers = { - pihole = { - entryPoints = ["websecure"]; - rule = "Host(`${cfg.pihole.url}`)"; - service = "pihole"; - tls.certResolver = "letsencrypt"; + services = { + traefik = lib.mkMerge [ + (lib.mkIf cfg.pihole.enable { + dynamicConfigOptions = { + http = { + services = { + pihole.loadBalancer.servers = [{url = "http://localhost:${toString cfg.pihole.port}";}]; + }; + routers = { + pihole = { + entryPoints = ["websecure"]; + rule = "Host(`${cfg.pihole.url}`)"; + service = "pihole"; + tls.certResolver = "letsencrypt"; + }; }; }; }; - }; - }) + }) - (lib.mkIf cfg.qbittorrent.enable { - dynamicConfigOptions = { - http = { - services = { - qbittorrent.loadBalancer.servers = [{url = "http://localhost:${toString cfg.qbittorrent.port}";}]; - }; - routers = { - qbittorrent = { - entryPoints = ["websecure"]; - rule = "Host(`${cfg.qbittorrent.url}`)"; - service = "qbittorrent"; - tls.certResolver = "letsencrypt"; + (lib.mkIf cfg.qbittorrent.enable { + dynamicConfigOptions = { + http = { + services = { + qbittorrent.loadBalancer.servers = [{url = "http://localhost:${toString cfg.qbittorrent.port}";}]; + }; + routers = { + qbittorrent = { + entryPoints = ["websecure"]; + rule = "Host(`${cfg.qbittorrent.url}`)"; + service = "qbittorrent"; + tls.certResolver = "letsencrypt"; + }; }; }; }; - }; - }) + }) - (lib.mkIf cfg.slskd.enable { - dynamicConfigOptions = { - http = { - services = { - slskd.loadBalancer.servers = [{url = "http://localhost:${toString cfg.slskd.port}";}]; - }; - routers = { - slskd = { - entryPoints = ["websecure"]; - rule = "Host(`${cfg.slskd.url}`)"; - service = "slskd"; - tls.certResolver = "letsencrypt"; + (lib.mkIf cfg.slskd.enable { + dynamicConfigOptions = { + http = { + services = { + slskd.loadBalancer.servers = [{url = "http://localhost:${toString cfg.slskd.port}";}]; + }; + routers = { + slskd = { + entryPoints = ["websecure"]; + rule = "Host(`${cfg.slskd.url}`)"; + service = "slskd"; + tls.certResolver = "letsencrypt"; + }; }; }; }; - }; - }) - ]; + }) + ]; + }; virtualisation.oci-containers.containers = lib.mkMerge [ (lib.mkIf cfg.gluetun.enable { @@ -293,7 +295,7 @@ in { (lib.mkIf cfg.pihole.enable { pihole = { autoStart = true; - image = "pihole/pihole:latest"; + image = "pihole/pihole:2025.08.0"; volumes = [ "/var/lib/pihole:/etc/pihole/" "/var/lib/dnsmasq.d:/etc/dnsmasq.d/"