Gleipnir/nixos-systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Push latest build to prod

Browse source
This commit is contained in:
Eli Ribble 2026-04-28 08:22:31 +00:00
parent e97843b7f9
commit 133cc115ef
No known key found for this signature in database
6 changed files with 143 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

133
flake.lock generated
View file

@ -1,7 +1,24 @@
{
"nodes": {
"authentik-go": {
"flake": false,
"locked": {
"lastModified": 1771856219,
"narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=",
"owner": "goauthentik",
"repo": "client-go",
"rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d",
"type": "github"
},
"original": {
"owner": "goauthentik",
"repo": "client-go",
"type": "github"
}
},
"authentik-nix": {
"inputs": {
"authentik-go": "authentik-go",
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
@ -16,15 +33,15 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1768160794,
"narHash": "sha256-J7kRUDkNPtmL2Se4voIMXbCkCVPZAnLTgtCaHs2E2Zc=",
"owner": "Pentusha",
"lastModified": 1776085803,
"narHash": "sha256-JvvWVbXJYSY8qOReMbAOD4lxcN2cjKV6lg/jLz8CEuY=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "1981227096e155ce36897c920641dd4ae8aaf683",
"rev": "4370b561c8bafb59773ce3a518506bcf1161dbdb",
"type": "github"
},
"original": {
"owner": "Pentusha",
"owner": "nix-community",
"repo": "authentik-nix",
"type": "github"
}
@ -32,16 +49,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1768172416,
"narHash": "sha256-qVlhrxHqcVFKrOwEl/DxdgSltMLiWp+ztBrjCW+Uu6k=",
"lastModified": 1775573258,
"narHash": "sha256-Xq7JGI/8ppIydIuWd9KRJKUrh7UpeniwvZ4NAtXbYJ4=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "e44cf378d7e17d517cb07a69fb725b8d926795b9",
"rev": "5249546862986202b901c2afd860992ec48c6ef6",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version-2025.10",
"ref": "version/2026.2.2",
"repo": "authentik",
"type": "github"
}
@ -53,11 +70,11 @@
]
},
"locked": {
"lastModified": 1766150702,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
"lastModified": 1776613567,
"narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=",
"owner": "nix-community",
"repo": "disko",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
"rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d",
"type": "github"
},
"original": {
@ -89,11 +106,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1765121682,
"narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=",
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
@ -107,11 +124,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
@ -128,11 +145,11 @@
]
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
@ -241,11 +258,11 @@
]
},
"locked": {
"lastModified": 1767910483,
"narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=",
"lastModified": 1775425411,
"narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c",
"rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
"type": "github"
},
"original": {
@ -316,27 +333,27 @@
"proj": "proj"
},
"locked": {
"lastModified": 1776872762,
"narHash": "sha256-pMtrQaFPVQlbi1meZ7VBNdGRVbREvv59+9Ug9McWs1s=",
"lastModified": 1777361694,
"narHash": "sha256-ZoQ3xicLf//v1H3sQmkdjQ7wDYSfLwN0uaOumPZaEAY=",
"owner": "Gleipnir-Technology",
"repo": "nidus-sync",
"rev": "78458760ec5524d5ad9696b7ba923fc75264dfe1",
"rev": "175fd8d0fbbde0f556fa38e5eb93c056d4595ed2",
"type": "github"
},
"original": {
"owner": "Gleipnir-Technology",
"repo": "nidus-sync",
"rev": "78458760ec5524d5ad9696b7ba923fc75264dfe1",
"rev": "175fd8d0fbbde0f556fa38e5eb93c056d4595ed2",
"type": "github"
}
},
"nixos-facter-modules": {
"locked": {
"lastModified": 1766558141,
"narHash": "sha256-Ud9v49ZPsoDBFuyJSQ2Mpw1ZgAH/aMwUwwzrVoetNus=",
"lastModified": 1773858690,
"narHash": "sha256-oW0/lC0oRG5H5LaK6Rmh9L1wmkn9TbenM4bXwnIEDKA=",
"owner": "numtide",
"repo": "nixos-facter-modules",
"rev": "e796d536e3d83de74267069e179dc620a608ed7d",
"rev": "139dcef4dfc97009629c445806f197883351ab4a",
"type": "github"
},
"original": {
@ -363,11 +380,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github"
},
"original": {
@ -410,11 +427,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1768028080,
"narHash": "sha256-50aDK+8eLvsLK39TzQhKNq50/HcXyP4hyxOYoPoVxjo=",
"lastModified": 1776734388,
"narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d03088749a110d52a4739348f39a63f84bb0be14",
"rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac",
"type": "github"
},
"original": {
@ -426,11 +443,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1768032153,
"narHash": "sha256-6kD1MdY9fsE6FgSwdnx29hdH2UcBKs3/+JJleMShuJg=",
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3146c6aa9995e7351a398e17470e15305e6e18ff",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"type": "github"
},
"original": {
@ -464,11 +481,11 @@
"systems": "systems_6"
},
"locked": {
"lastModified": 1767448089,
"narHash": "sha256-U1fHsZBnFrUil731NHD9Sg5HoiG+eSHau8OFuClhwW0=",
"lastModified": 1769049374,
"narHash": "sha256-h0Os2qqNyycDY1FyZgtbn28VF1ySP74/n0f+LDd8j+w=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "983751b66f255bbea1adc185364e9e7b73f82358",
"rev": "b8f76bf5751835647538ef8784e4e6ee8deb8f95",
"type": "github"
},
"original": {
@ -488,11 +505,11 @@
]
},
"locked": {
"lastModified": 1761730856,
"narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=",
"lastModified": 1768249818,
"narHash": "sha256-ANfn5OqIxq3HONPIXZ6zuI5sLzX1sS+2qcf/Pa0kQEc=",
"owner": "NuschtOS",
"repo": "search",
"rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b",
"rev": "b6f77b88e9009bfde28e2130e218e5123dc66796",
"type": "github"
},
"original": {
@ -536,11 +553,11 @@
]
},
"locked": {
"lastModified": 1763662255,
"narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=",
"lastModified": 1771423342,
"narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "042904167604c681a090c07eb6967b4dd4dae88c",
"rev": "04e9c186e01f0830dad3739088070e4c551191a4",
"type": "github"
},
"original": {
@ -557,11 +574,11 @@
]
},
"locked": {
"lastModified": 1764134915,
"narHash": "sha256-xaKvtPx6YAnA3HQVp5LwyYG1MaN4LLehpQI8xEdBvBY=",
"lastModified": 1771518446,
"narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "2c8df1383b32e5443c921f61224b198a2282a657",
"rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937",
"type": "github"
},
"original": {
@ -610,11 +627,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1768104471,
"narHash": "sha256-HdnXWQsA1EI27IJlaENUEEug58trUrh6+MT0cFiDHmY=",
"lastModified": 1776771786,
"narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "94f9cbd20f680ebb2ad6cdf39da97cbcfaedf004",
"rev": "bef289e2248991f7afeb95965c82fbcd8ff72598",
"type": "github"
},
"original": {
@ -745,11 +762,11 @@
]
},
"locked": {
"lastModified": 1765631794,
"narHash": "sha256-90d//IZ4GXipNsngO4sb2SAPbIC/a2P+IAdAWOwpcOM=",
"lastModified": 1772187362,
"narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "4cca323a547a1aaa9b94929c4901bed5343eafe8",
"rev": "abe65de114300de41614002fe9dce2152ac2ac23",
"type": "github"
},
"original": {

7
flake.nix
View file

@ -4,10 +4,7 @@
inputs = {
authentik-nix = {
inputs.nixpkgs.follows = "nixpkgs";
#url = "github:nix-community/authentik-nix";
# Temporary workaround for build failure
# See https://github.com/nix-community/authentik-nix/issues/83
url = "github:Pentusha/authentik-nix";
url = "github:nix-community/authentik-nix";
};
disko = {
inputs.nixpkgs.follows = "nixpkgs";
@ -27,7 +24,7 @@
type = "github";
owner = "Gleipnir-Technology";
repo = "nidus-sync";
rev = "78458760ec5524d5ad9696b7ba923fc75264dfe1";
rev = "175fd8d0fbbde0f556fa38e5eb93c056d4595ed2";
};
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";

2
modules/system/cloudreve.nix
View file

@ -88,7 +88,7 @@ with lib;
"/var/run/secrets/cloudreve-env"
];
#extraOptions = ["--network=pasta:--map-gw"];
image = "cloudreve.azurecr.io/cloudreve/pro:4.10.1";
image = "cloudreve.azurecr.io/cloudreve/pro:4.15.0";
# I'd much rather be doing this, but it fails in inscrutible ways
#podman.user = "cloudreve";
ports = [ "127.0.0.1:10040:5212" ];

1
modules/system/default.nix
View file

@ -27,6 +27,7 @@
./sudo.nix
./switch-fix.nix
./synapse.nix
./taiga.nix
./tegola.nix
./timecardbot.nix
./tmux.nix

60
modules/system/taiga.nix Normal file
View file

@ -0,0 +1,60 @@
{ config, configPath, lib, pkgs, ... }:
{
options.myModules.taiga.enable = mkEnableOption "custom taiga configuration";
config = mkIf config.myModules.taiga.enable {
services.postgresql = {
ensureDatabases = [ "taiga" ];
ensureUsers = [{
ensureClauses.login = true;
ensureDBOwnership = true;
name = "taiga";
}];
};
# Define the container as a systemd service
virtualisation.oci-containers = {
backend = "docker"; # or "podman"
containers = {
taiga-back = {
image = "taigaio/taiga-back:6.9.0";
# Environment variables
environment = {
POSTGRES_HOST = "postgres";
POSTGRES_DB = "taiga";
TAIGA_SECRET_KEY = "your-secret-key-here";
TAIGA_SITES_DOMAIN = "taiga.example.com";
};
# Port mappings
ports = [
"8000:8000"
];
# Volumes
volumes = [
"/var/lib/taiga/media:/taiga-back/media"
"/var/lib/taiga/static:/taiga-back/static"
];
# Auto-start on boot
autoStart = true;
# Extra options
#extraOptions = [
#"--network=taiga-net"
#];
};
};
};
# Ensure the data directories exist
systemd.tmpfiles.rules = [
"d /var/lib/taiga 0755 root root -"
"d /var/lib/taiga/media 0755 root root -"
"d /var/lib/taiga/static 0755 root root -"
];
};
}

8
secrets/vikunja.yaml
View file

@ -29,8 +29,8 @@ mailer:
username: ENC[AES256_GCM,data:ztArgBSBI4o9HOPIVc9n+k8az4Xm2Cwz57EN8TI=,iv:nOr2oZIW5nOMMg0FtgP+YEXISUfNqI93L/me20Euvn4=,tag:FNfoMYuIRj5y5b6FUJWmWA==,type:str]
service:
enableopenidteamusersearch: ENC[AES256_GCM,data:RiSp/A==,iv:AdSnQXhu/TBWl/p8tqsNjNCe95khihwzjGF5j9j4UKw=,tag:/9InRg0weDo+zK7agkfMCA==,type:bool]
frontendurl: ENC[AES256_GCM,data:kIyk5SRoJpGhQhu+97QpC4DwkwjT3B4rhu0y8ayVbjct,iv:x8N43NrKuIVA9IrOW3buu6c4jlSIXR4FwMeeM9/e3TA=,tag:KKBrKxK9uIWuO33DkxeJHA==,type:str]
interface: ENC[AES256_GCM,data:Cpbtlf/c,iv:B6/3k8sGfIv8D/Yf0Ak92D4Xvou5orbvPcd1f3ZR7uo=,tag:7lHdcWMI/sNqOmuuhmTbYw==,type:str]
publicurl: ENC[AES256_GCM,data:So4F8h2jfWaENbaxhCN4TaTZnQpCiRh7tU8hhMBfJJsf,iv:J9dX9gNy4AZYLoI0tbNDugdyF/HyHZ3YT1qXJJMcJnU=,tag:i1JGgCu4eFA6+5QtlHinkw==,type:str]
sops:
age:
- recipient: age1wxlwx75hfxer4trvfzad7cwdn2hhu4we50p32vpy3qvdct7t656q3pp04x
@ -114,7 +114,7 @@ sops:
TXFSMDF2cWMzeEhCd055cnQrQVppdlkKkgfFOfEhLzuZDKu7byQnrFjUlBH58t2a
WXv2JeG9ymBYP69n6apQsSOv32O6c9bgl8xbMwTKDBIG8CN1QBmuCA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-21T21:49:00Z"
mac: ENC[AES256_GCM,data:+mUMtg2rlCz5R+xkEPhtpe0vrMiYJV1/YI1HuIwhli/4ZWUuG184ND/S2LU89tvcTsxFhfToThBIy/J68XHKor0hlU61u3LhgiIcgOa1QONZz2ulIgP9SfWjXLD2f4TYg1QHWXheaYc1Lx9Y7OJ6gLKlxzoMt30coeFa7z5/Bzk=,iv:f0iKViDgccs/Kv8P3IrfS+QSB4mKFuLz0aWGdM/xPOU=,tag:GyWD52tVbCVJxNBG2UfNAA==,type:str]
lastmodified: "2026-04-23T21:45:32Z"
mac: ENC[AES256_GCM,data:Pm0VSC2A2m0xHG2GP6gwmW81vss1gUnqr9p8gOIbtTe8FoXrxU8ibUpx/ryqs7BM/IgnH5378SI4tk7yfjMG9wYS7sY851JxR9x0MyuZMU9kWZuV3Yfd/RTfGpeE8JE4nt07lqYDBt1dDXvwVoMjHuFlvB44+XC6uGcgPUZCH0I=,iv:nyaGhyX4MNoS8whY4Dz7D2yUmomdK/4wvi2u1g6GWos=,tag:fQGWn67gZbNAokfncALQog==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.12.1