diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 282c015..87253da 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -55,18 +55,26 @@ in imports = builtins.attrValues { inherit (modules) acme + # audiobookshelf caddy - ceresOpenCloud comfyui + # filesorter firefly-iii forgejo + # glance jellyfin + # logrotate mastodon microvm + # midnight minecraft + # ollamaCeres + ceresOpenCloud + # postgresCeres projectSite - restic + # prompter sambaCeres + # searx vaultwarden website zookeeper diff --git a/modules/nixos/guests/mastodon/default.nix b/modules/nixos/guests/mastodon/default.nix index 24334f9..f0a3f76 100755 --- a/modules/nixos/guests/mastodon/default.nix +++ b/modules/nixos/guests/mastodon/default.nix @@ -322,33 +322,9 @@ in }; mastodon-init-db.serviceConfig.EnvironmentFile = "/var/lib/mastodon/.secrets_env"; - systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ]; - - opensearch-install-plugins = { - description = "Install OpenSearch plugins"; - before = [ "opensearch.service" ]; - requiredBy = [ "opensearch.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - PLUGIN_DIR="/var/lib/opensearch/plugins/analysis-icu" - if [ ! -d "$PLUGIN_DIR" ]; then - # Create the plugins directory if it doesn't exist - mkdir -p /var/lib/opensearch/plugins - - # Install using the proper OpenSearch plugin command - export OPENSEARCH_JAVA_HOME="${pkgs.jdk17}/lib/openjdk" - ${pkgs.opensearch}/bin/opensearch-plugin install --batch analysis-icu || { - echo "Plugin installation failed, but continuing anyway" - exit 0 - } - fi - ''; - }; }; + timers.fedifetcher = { description = "Timer for FediFetcher"; wantedBy = [ "timers.target" ]; diff --git a/modules/nixos/services/restic/default.nix b/modules/nixos/services/restic/default.nix deleted file mode 100644 index 11c51f1..0000000 --- a/modules/nixos/services/restic/default.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ - config, - flake, - pkgs, - ... -}: -let - inherit (flake.config.services) instances; - inherit (flake.config.people) user0; - envFile = "backblaze/env"; - repoFile = "backblaze/repo"; - passFile = "restic-pass"; -in -{ - services.restic = { - backups = { - remote = { - environmentFile = config.sops.secrets.${envFile}.path; - initialize = true; - passwordFile = config.sops.secrets.${passFile}.path; - repositoryFile = config.sops.secrets.${repoFile}.path; - timerConfig = { - OnCalendar = "0/4:00"; - Persistent = true; - }; - paths = [ - "/home/${user0}/.ssh" - instances.firefly-iii.mntPaths.path0 - instances.forgejo.mntPaths.path0 - instances.mastodon.mntPaths.path0 - instances.minecraft.mntPaths.path0 - instances.opencloud.mntPaths.path0 - instances.vaultwarden.mntPaths.path0 - "${instances.jellyfin.mntPaths.path0}/cache" - "${instances.jellyfin.mntPaths.path0}/data" - "${instances.jellyfin.mntPaths.path0}/media/Music" - ]; - }; - }; - }; - - sops = { - secrets = builtins.listToAttrs ( - map - (secret: { - name = secret; - value = { - path = "/run/secrets/${secret}"; - owner = "root"; - group = "root"; - mode = "0600"; - }; - }) - [ - envFile - repoFile - passFile - ] - ); - }; - - environment = { - variables = { - # AWS_ACCESS_KEY_ID = ""; - # AWS_SECRET_ACCESS_KEY = ""; - # RESTIC_PASSWORD_FILE = "pass.txt"; - # RESTIC_REPOSITORY = ""; - }; - systemPackages = builtins.attrValues { - inherit (pkgs) - restic - ; - }; - }; -} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 4f0df35..a28c440 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -54,10 +54,6 @@ firefly-iii: pass: ENC[AES256_GCM,data:WjHcoTuEzEq9pfw4QoqRjI4jhu5VPEMOXlHL0olg9dqUj4EGa1Shv5T/kIxdRFuao0y3zQ==,iv:4/fmFOxxDLzplsNGpSJMQOeoNviZw2c2pFlB1ZkRu+o=,tag:7TQ2q/kEFDU4tZxPx53ebw==,type:str] data: ENC[AES256_GCM,data:921LhcRTWVk24eEAQoDMV+RllSP3PbSXCCIDXlQA80Mq,iv:YXEgas77DgdyPTnBZa/ySjcERBIwmdDZJbijeNKNF24=,tag:Wj25wA7tLJ2bZ/faG9DUhg==,type:str] smtp: ENC[AES256_GCM,data:+e4MiRZ2WOZyWYpMf+By1Eb45ih4TA+svLI2+00yQk82,iv:+52+kJouMwkOSDEaOCA8V80+wT/VzNxgtCkOO68SCdk=,tag:YrtrJAXIhQpsUTEeYvrVwQ==,type:str] -backblaze: - env: ENC[AES256_GCM,data:cdOYt77KocuGB3aqYz13oBokoLkEIgI1AW+cYC5uutgZYujG3PqoLEh6Gvbpzn3O+0OWg1/4UAYr4f2v7oCsgwFzPWS3HrhqC5+kIBjrPCyAnxDxlu2xaQ9hR+ogFh5UTDo=,iv:6+jx4Dj5CNV72DAss6NNYm44f9gSHco/EUBvL2o2CNI=,tag:6/cx84MgTDqQJxu/zINEeA==,type:str] - repo: ENC[AES256_GCM,data:sRae9XELIfkWPaXelCdgEXIDbLTHVqGcRO0o+WA9aBfB8MUw92JjRCYgMgGXT0Apy38eszyuEHFB3XPpRmtQ7g==,iv:EilVA9zdHm6B9pTIhNxyj6Th1248nXvh0kpnEqZJ5HI=,tag:q9ASAgx5vgY0IePws4rT5Q==,type:str] -restic-pass: ENC[AES256_GCM,data:WtVFKDBKIdSAgPCsgpSGIMxIjFD2itFUVxzr9T5zWyk=,iv:KEgauoBqD9Htemfznm7n2ImH3HyB3ivYL/etGZHIcC0=,tag:mzJsu5QzqDMTuvulKAxtOA==,type:str] password-user0: ENC[AES256_GCM,data:VKrySmPAKh3UwCQXJS0EnOPPLDrigWtw5g4WMbSGz/VRtbzlQxMIgs42c/8NnHiqr98ifWy7u9c280oo7SrHhQmEOOvxfITQ9A==,iv:toGkVKCjsmtPP5Ukk/q8kPSmJo3FcTAyj2vcIEkHmU0=,tag:Nhucsk1kgx7zDZZQKycKZQ==,type:str] sops: age: @@ -70,7 +66,7 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-22T08:22:22Z" - mac: ENC[AES256_GCM,data:aGtZuHEsxcUZCfMdiYoX0oHd71XNIEG5UgxtoSqIr1ICqnjGV1hrNeLu+coSslkvYjAteYkgDBk8lHiO1kBY7G3d9fn0cRnR7wpgcaiFDCPaKdjXlrZmDdbsN+4NF62Y1LkclvGOWGEvM4pR+HxnNxK3nVEU0e10TaZ0r9/b0+o=,iv:MCid50yHr9Sk8hzsbu8wBQwW4vnERxaCEuivq1TUvhA=,tag:T7F2lS5lWY7zncWOY4VSbA==,type:str] + lastmodified: "2025-11-21T10:16:47Z" + mac: ENC[AES256_GCM,data:cgsHkgbaVkMYIaWPugPjX9yRbV6eBPcMmQnD1qRJbp647c/FF+KA4qJhB8eQD5/yA+u76in1LSEopRuKaXEGX9LRNzpUKknih/QN8bjHbbwpC2zKm/cxgkkING9Or5Fk821+RPhAb4ezZoUOl+lSG3LUl66GoDcbNAW3qxZhwO8=,iv:3rKoaAKKTskY47IqxZuKUDXeNFC58Av45nk/P/xYIzg=,tag:vfWE0td8UHxCquWW6WlqBg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0