cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

feat(update): new kernel, new container versions and temporarily moving to zfs_unstable in waiting for stable to catch up with new kernel

Browse Source
This commit is contained in:
cnst
2025-10-11 11:04:15 +02:00
parent e578a280db
commit 6b7ca2b194
6 changed files with 58 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/sobotka/default.nix
View File

@@ -68,7 +68,10 @@ in {
boot = { boot = {
supportedFilesystems = ["zfs"]; supportedFilesystems = ["zfs"];
zfs.extraPools = ["data"]; zfs = {
package = pkgs.zfs_unstable;
extraPools = ["data"];
};
}; };
services.zfs = { services.zfs = {

14
modules/nixos/programs/pkgs/default.nix
View File

@@ -3,17 +3,16 @@
config, config,
lib, lib,
... ...
}: }: let
let inherit
inherit (lib) (lib)
mkIf mkIf
mkOption mkOption
mkMerge mkMerge
types types
; ;
cfg = config.nixos.programs.pkgs; cfg = config.nixos.programs.pkgs;
in in {
{
options = { options = {
nixos.programs.pkgs = { nixos.programs.pkgs = {
enable = mkOption { enable = mkOption {
@@ -51,8 +50,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = environment.systemPackages = with pkgs;
with pkgs;
mkMerge [ mkMerge [
[ [
pciutils pciutils
@@ -110,9 +108,7 @@ in
(mkIf cfg.server.enable [ (mkIf cfg.server.enable [
nvtopPackages.intel nvtopPackages.intel
nvtopPackages.amd
helix helix
zfs
zfstools zfstools
]) ])

3
modules/server/authentik/default.nix
View File

@@ -53,11 +53,9 @@ in {
age.secrets = { age.secrets = {
authentikEnv = { authentikEnv = {
file = "${self}/secrets/authentikEnv.age"; file = "${self}/secrets/authentikEnv.age";
owner = "authentik";
}; };
authentikCloudflared = { authentikCloudflared = {
file = "${self}/secrets/authentikCloudflared.age"; file = "${self}/secrets/authentikCloudflared.age";
owner = "authentik";
}; };
}; };
@@ -99,7 +97,6 @@ in {
middlewares = { middlewares = {
authentik = { authentik = {
forwardAuth = { forwardAuth = {
# tls.insecureSkipVerify = true;
address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik"; address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true; trustForwardHeader = true;
authResponseHeaders = [ authResponseHeaders = [

2
modules/server/homepage-dashboard/default.nix
View File

@@ -101,7 +101,7 @@ in {
label = "SYSTEM"; label = "SYSTEM";
memory = true; memory = true;
cpu = true; cpu = true;
uptime = true; uptime = false;
}; };
} }
]; ];

2
modules/server/nextcloud/default.nix
View File

@@ -69,7 +69,7 @@ in {
services = { services = {
${unit} = { ${unit} = {
enable = true; enable = true;
package = pkgs.nextcloud31; package = pkgs.nextcloud32;
hostName = "nextcloud"; hostName = "nextcloud";
configureRedis = true; configureRedis = true;
caching = { caching = {

92
modules/server/podman/default.nix
View File

@@ -143,61 +143,63 @@ in {
]; ];
}; };
services.traefik = lib.mkMerge [ services = {
(lib.mkIf cfg.pihole.enable { traefik = lib.mkMerge [
dynamicConfigOptions = { (lib.mkIf cfg.pihole.enable {
http = { dynamicConfigOptions = {
services = { http = {
pihole.loadBalancer.servers = [{url = "http://localhost:${toString cfg.pihole.port}";}]; services = {
}; pihole.loadBalancer.servers = [{url = "http://localhost:${toString cfg.pihole.port}";}];
routers = { };
pihole = { routers = {
entryPoints = ["websecure"]; pihole = {
rule = "Host(`${cfg.pihole.url}`)"; entryPoints = ["websecure"];
service = "pihole"; rule = "Host(`${cfg.pihole.url}`)";
tls.certResolver = "letsencrypt"; service = "pihole";
tls.certResolver = "letsencrypt";
};
}; };
}; };
}; };
}; })
})
(lib.mkIf cfg.qbittorrent.enable { (lib.mkIf cfg.qbittorrent.enable {
dynamicConfigOptions = { dynamicConfigOptions = {
http = { http = {
services = { services = {
qbittorrent.loadBalancer.servers = [{url = "http://localhost:${toString cfg.qbittorrent.port}";}]; qbittorrent.loadBalancer.servers = [{url = "http://localhost:${toString cfg.qbittorrent.port}";}];
}; };
routers = { routers = {
qbittorrent = { qbittorrent = {
entryPoints = ["websecure"]; entryPoints = ["websecure"];
rule = "Host(`${cfg.qbittorrent.url}`)"; rule = "Host(`${cfg.qbittorrent.url}`)";
service = "qbittorrent"; service = "qbittorrent";
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
};
}; };
}; };
}; };
}; })
})
(lib.mkIf cfg.slskd.enable { (lib.mkIf cfg.slskd.enable {
dynamicConfigOptions = { dynamicConfigOptions = {
http = { http = {
services = { services = {
slskd.loadBalancer.servers = [{url = "http://localhost:${toString cfg.slskd.port}";}]; slskd.loadBalancer.servers = [{url = "http://localhost:${toString cfg.slskd.port}";}];
}; };
routers = { routers = {
slskd = { slskd = {
entryPoints = ["websecure"]; entryPoints = ["websecure"];
rule = "Host(`${cfg.slskd.url}`)"; rule = "Host(`${cfg.slskd.url}`)";
service = "slskd"; service = "slskd";
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
};
}; };
}; };
}; };
}; })
}) ];
]; };
virtualisation.oci-containers.containers = lib.mkMerge [ virtualisation.oci-containers.containers = lib.mkMerge [
(lib.mkIf cfg.gluetun.enable { (lib.mkIf cfg.gluetun.enable {
@@ -293,7 +295,7 @@ in {
(lib.mkIf cfg.pihole.enable { (lib.mkIf cfg.pihole.enable {
pihole = { pihole = {
autoStart = true; autoStart = true;
image = "pihole/pihole:latest"; image = "pihole/pihole:2025.08.0";
volumes = [ volumes = [
"/var/lib/pihole:/etc/pihole/" "/var/lib/pihole:/etc/pihole/"
"/var/lib/dnsmasq.d:/etc/dnsmasq.d/" "/var/lib/dnsmasq.d:/etc/dnsmasq.d/"