From 1ce4328309733f5f230bfe74d5dda68f4be4f4ea Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Thu, 12 Feb 2026 23:22:06 -0500 Subject: [PATCH 1/3] [build] Update inputs --- flake.lock | 97 +++++++++++++++++++++++++++--------------------------- 1 file changed, 49 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 9a8411b..d233d1a 100644 --- a/flake.lock +++ b/flake.lock @@ -139,11 +139,11 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "type": "github" }, "original": { @@ -392,11 +392,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -413,11 +413,11 @@ ] }, "locked": { - "lastModified": 1748821116, - "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -797,15 +797,16 @@ ] }, "locked": { - "lastModified": 1748765518, - "narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=", - "owner": "Mic92", + "lastModified": 1769079217, + "narHash": "sha256-R6qzhu+YJolxE2vUsPQWWwUKMbAG5nXX3pBtg8BNX38=", + "owner": "Enzime", "repo": "nix-vm-test", - "rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c", + "rev": "58c15f78947b431d6c206e0966500c7e9139bd2f", "type": "github" }, "original": { - "owner": "Mic92", + "owner": "Enzime", + "ref": "pr-105-latest", "repo": "nix-vm-test", "type": "github" } @@ -1137,11 +1138,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1766503044, - "narHash": "sha256-DdJ0OIngRjekqXJauSQ8y9vyDO24dX8v7DiaWmxk7PU=", + "lastModified": 1769956140, + "narHash": "sha256-D+RQ+DaIC/GVwv5lUs7e8jSmh8aPc77Kg/gRjaS25Zk=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "e86fad431cf9161ca39747972bd255897572dc3b", + "rev": "92f82c5196a5f8588be4967e535c4cfd35e85902", "type": "github" }, "original": { @@ -1181,11 +1182,11 @@ ] }, "locked": { - "lastModified": 1764234087, - "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", + "lastModified": 1769813415, + "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", + "rev": "8946737ff703382fda7623b9fab071d037e897d5", "type": "github" }, "original": { @@ -1211,11 +1212,11 @@ }, "nixos-hardware_2": { "locked": { - "lastModified": 1766568855, - "narHash": "sha256-UXVtN77D7pzKmzOotFTStgZBqpOcf8cO95FcupWp4Zo=", + "lastModified": 1770882871, + "narHash": "sha256-nw5g+xl3veea+maxJ2/81tMEA/rPq9aF1H5XF35X+OE=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "c5db9569ac9cc70929c268ac461f4003e3e5ca80", + "rev": "af04cb78aa85b2a4d1c15fc7270347e0d0eda97b", "type": "github" }, "original": { @@ -1265,11 +1266,11 @@ ] }, "locked": { - "lastModified": 1749086071, - "narHash": "sha256-4+fY7i+q78F3t6APz0cMC4kRxsyCb+UTyfhbckkCd7Q=", + "lastModified": 1766770015, + "narHash": "sha256-kUmVBU+uBUPl/v3biPiWrk680b8N9rRMhtY97wsxiJc=", "owner": "nix-community", "repo": "nixos-images", - "rev": "aa38dbbdf0e955baef7e03dfc4265ae3fdac4808", + "rev": "e4dba54ddb6b2ad9c6550e5baaed2fa27938a5d2", "type": "github" }, "original": { @@ -1296,16 +1297,16 @@ }, "nixos-stable_2": { "locked": { - "lastModified": 1749086602, - "narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=", + "lastModified": 1769598131, + "narHash": "sha256-e7VO/kGLgRMbWtpBqdWl0uFg8Y2XWFMdz0uUJvlML8o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4792576cb003c994bd7cc1edada3129def20b27d", + "rev": "fa83fd837f3098e3e678e6cf017b2b36102c7211", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -1343,11 +1344,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -1373,11 +1374,11 @@ }, "nixpkgs-master_2": { "locked": { - "lastModified": 1766591670, - "narHash": "sha256-rJi/drKMi8qyVNuPaaMGIY9BlA/UgMBpN1UjJ69dMKA=", + "lastModified": 1770955476, + "narHash": "sha256-aowMHyX07COZhj0bVPQpt8C0+oWLBzFJZpDF6SUlCu8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d6278c3a80d5703b628c14dc9ecb1c8780c1a77f", + "rev": "bc5df9ba9037060e0e2707dfe381eaf09d1f17ea", "type": "github" }, "original": { @@ -1420,11 +1421,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1766309749, - "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=", + "lastModified": 1770841267, + "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816", + "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", "type": "github" }, "original": { @@ -1482,11 +1483,11 @@ ] }, "locked": { - "lastModified": 1766289575, - "narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=", + "lastModified": 1770683991, + "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "9836912e37aef546029e48c8749834735a6b9dad", + "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033", "type": "github" }, "original": { @@ -1580,11 +1581,11 @@ ] }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1769691507, + "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", "type": "github" }, "original": { @@ -1600,11 +1601,11 @@ ] }, "locked": { - "lastModified": 1766000401, - "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { From b5a294988ed0fe22421178eb4146309d16c55764 Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Fri, 13 Feb 2026 13:58:37 -0500 Subject: [PATCH 2/3] [build] Fix `resolved` options --- hosts/controller/configuration.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hosts/controller/configuration.nix b/hosts/controller/configuration.nix index 50b999a..9b56cc8 100644 --- a/hosts/controller/configuration.nix +++ b/hosts/controller/configuration.nix @@ -20,9 +20,7 @@ tags = [ "@vm" "@build-on-target" ]; }; - services.resolved.extraConfig = '' - DNSStubListener=no - ''; + services.resolved.settings.Resolve = { DNSStubListener = "no"; }; networking = { defaultGateway = { From 7b34132ab6fbefbae2835885cc0651f90117fc6b Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Sat, 14 Feb 2026 11:49:44 -0500 Subject: [PATCH 3/3] Fix SABnzbd, resolved options --- hosts/bastion/profiles/caddy/default.nix | 2 +- modules/nixos/services/sabnzbd/default.nix | 21 - modules/profiles/core/nix-config.nix | 5 +- .../media-management/sabnzbd/default.nix | 706 +++++------------- .../media-management/tracearr/default.nix | 5 + modules/profiles/networking/resolved.nix | 8 +- modules/profiles/virtualisation/aws.nix | 5 + 7 files changed, 198 insertions(+), 554 deletions(-) delete mode 100644 modules/nixos/services/sabnzbd/default.nix diff --git a/hosts/bastion/profiles/caddy/default.nix b/hosts/bastion/profiles/caddy/default.nix index 46d8eea..ae0dd3c 100644 --- a/hosts/bastion/profiles/caddy/default.nix +++ b/hosts/bastion/profiles/caddy/default.nix @@ -110,7 +110,7 @@ "sabnzbd.e10.camp" = { host = hosts.htpc; - inherit (hosts.htpc.config.services.sabnzbd) port; + inherit (hosts.htpc.config.services.sabnzbd.settings.misc) port; extraConfig = '' request_body { max_size 256MiB diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix deleted file mode 100644 index ddfbf99..0000000 --- a/modules/nixos/services/sabnzbd/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, ... }: - -with lib; - -let cfg = config.services.sabnzbd; -in { - options.services.sabnzbd = { - port = mkOption { - type = types.port; - description = "Port that sabnzbd is running on"; - default = 8080; - }; - }; - - config = mkIf cfg.enable { - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.port ]; - allowedUDPPorts = [ cfg.port ]; - }; - }; -} diff --git a/modules/profiles/core/nix-config.nix b/modules/profiles/core/nix-config.nix index 7afd0cc..d862c0a 100644 --- a/modules/profiles/core/nix-config.nix +++ b/modules/profiles/core/nix-config.nix @@ -10,7 +10,10 @@ nix = { optimise.automatic = true; - gc.automatic = lib.mkDefault true; + gc = { + automatic = lib.mkDefault true; + options = "--delete-older-than 14d"; + }; extraOptions = '' min-free = 536870912 diff --git a/modules/profiles/media-management/sabnzbd/default.nix b/modules/profiles/media-management/sabnzbd/default.nix index 1eabdcf..9d2aaff 100644 --- a/modules/profiles/media-management/sabnzbd/default.nix +++ b/modules/profiles/media-management/sabnzbd/default.nix @@ -1,4 +1,4 @@ -{ flake, config, lib, ... }: { +{ flake, config, ... }: { sops = { secrets = { sabnzbd_admin_password = { @@ -77,580 +77,232 @@ }; }; - templates."sabnzbd/config.ini" = { + templates."sabnzbd/secrets.ini" = { content = flake.lib.generators.toINI { - globalSection = { - __version__ = 19; - __encoding__ = "utf-8"; - }; + globalSection = { }; sections = { misc = { - inherit (config.services.sabnzbd) port; - - pre_script = "None"; - queue_complete = ""; - queue_complete_pers = 0; - bandwidth_perc = 100; - refresh_rate = 1; - interface_settings = '' - '{"dateFormat":"fromNow","extraQueueColumns":[],"extraHistoryColumns":[],"displayCompact":false,"displayFullWidth":false,"confirmDeleteQueue":true,"confirmDeleteHistory":true,"keyboardShortcuts":true}' - ''; - queue_limit = 20; - config_lock = 0; - fixed_ports = 1; - sched_converted = 0; - notified_new_skin = 2; - direct_unpack_tested = 1; - check_new_rel = 1; - auto_browser = 0; - language = "en"; - enable_https_verification = 1; - host = "0.0.0.0"; - https_port = ""; - username = "admin"; password = config.sops.placeholder.sabnzbd_admin_password; - bandwidth_max = ""; - cache_limit = "4G"; - web_dir = "Glitter"; - web_color = "Auto"; - https_cert = "server.cert"; - https_key = "server.key"; - https_chain = ""; - enable_https = 0; - inet_exposure = 4; api_key = config.sops.placeholder.sabnzbd_api_key; nzb_key = config.sops.placeholder.sabnzbd_nzb_key; - socks5_proxy_url = ""; - permissions = 777; - download_dir = "/data/local/tmp/sabnzbd/inter"; - download_free = "8G"; - complete_dir = "/data/local/tmp/sabnzbd/dst"; - complete_free = "8G"; - fulldisk_autoresume = 1; - script_dir = ""; - nzb_backup_dir = ""; - admin_dir = "/var/lib/sabnzbd/admin/"; - backup_dir = ""; - dirscan_dir = ""; - dirscan_speed = 5; - password_file = ""; - log_dir = "/var/lib/sabnzbd/logs/"; - max_art_tries = 3; - load_balancing = 2; - top_only = 0; - sfv_check = 1; - script_can_fail = 0; - enable_recursive = 1; - flat_unpack = 1; - par_option = ""; - pre_check = 0; - nice = ""; - win_process_prio = 3; - ionice = ""; - fail_hopeless_jobs = 1; - fast_fail = 1; - auto_disconnect = 1; - no_dupes = 0; - no_series_dupes = 0; - series_propercheck = 1; - pause_on_pwrar = 1; - ignore_samples = 0; - deobfuscate_final_filenames = 1; - auto_sort = ""; - direct_unpack = 1; - propagation_delay = 0; - folder_rename = 1; - replace_spaces = 0; - replace_underscores = 0; - replace_dots = 0; - safe_postproc = 1; - pause_on_post_processing = 0; - enable_all_par = 0; - sanitize_safe = 0; - cleanup_list = ","; - unwanted_extensions = ","; - action_on_unwanted_extensions = 0; - unwanted_extensions_mode = 0; - new_nzb_on_failure = 0; - history_retention = ""; - quota_size = ""; - quota_day = ""; - quota_resume = 0; - quota_period = "m"; - enable_tv_sorting = 0; - tv_sort_string = ""; - tv_categories = "tv,"; - enable_movie_sorting = 0; - movie_sort_string = ""; - movie_sort_extra = "-cd%1"; - movie_categories = "movies,"; - enable_date_sorting = 0; - date_sort_string = ""; - date_categories = "tv,"; - schedlines = ","; - rss_rate = 60; - ampm = 0; - start_paused = 0; - preserve_paused_state = 0; - enable_par_cleanup = 1; - process_unpacked_par2 = 1; - enable_unrar = 1; - enable_unzip = 1; - enable_7zip = 1; - enable_filejoin = 1; - enable_tsjoin = 1; - overwrite_files = 0; - ignore_unrar_dates = 0; - backup_for_duplicates = 1; - empty_postproc = 0; - wait_for_dfolder = 0; - rss_filenames = 0; - api_logging = 1; - html_login = 1; - warn_dupl_jobs = 1; - helpful_warnings = 1; - keep_awake = 1; - tray_icon = 1; - allow_incomplete_nzb = 0; - enable_broadcast = 1; - ipv6_hosting = 0; - api_warnings = 1; - no_penalties = 0; - x_frame_options = 1; - outgoing_nntp_ip = ""; - allow_old_ssl_tls = 0; - rss_odd_titles = "nzbindex.nl/, nzbindex.com/, nzbclub.com/"; - quick_check_ext_ignore = "nfo, sfv, srr"; - req_completion_rate = "100.2"; - selftest_host = "self-test.sabnzbd.org"; - movie_rename_limit = "100M"; - episode_rename_limit = "20M"; - size_limit = 0; - direct_unpack_threads = 3; - history_limit = 10; - wait_ext_drive = 5; - max_foldername_length = 246; - nomedia_marker = ""; - ipv6_servers = 1; - url_base = "/sabnzbd"; - host_whitelist = "htpc,"; - local_ranges = ","; - max_url_retries = 10; - downloader_sleep_time = 10; - num_simd_decoders = 2; - ssdp_broadcast_interval = 15; - ext_rename_ignore = ","; - email_server = ""; - email_to = ","; - email_from = ""; - email_account = ""; - email_pwd = ""; - email_endjob = 0; - email_full = 0; - email_dir = ""; - email_rss = 0; - email_cats = "*,"; - sorters_converted = 1; - enable_season_sorting = 1; - receive_threads = 2; - switchinterval = 5.0e-3; - end_queue_script = "None"; - no_smart_dupes = 0; - dupes_propercheck = 1; - enable_multipar = 1; - verify_xff_header = 0; - history_retention_option = "all"; - history_retention_number = 1; - disable_archive = 0; - ipv6_staging = 0; - config_conversion_version = 4; - disable_par2cmdline = 0; - unrar_parameters = ""; - }; - logging = { - log_level = 2; - max_log_size = 5242880; - log_backups = 1; - }; - ncenter = { - ncenter_enable = 0; - ncenter_cats = "*,"; - ncenter_prio_startup = 0; - ncenter_prio_download = 0; - ncenter_prio_pause_resume = 0; - ncenter_prio_pp = 0; - ncenter_prio_complete = 0; - ncenter_prio_failed = 0; - ncenter_prio_disk_full = 0; - ncenter_prio_new_login = 0; - ncenter_prio_warning = 0; - ncenter_prio_error = 0; - ncenter_prio_queue_done = 0; - ncenter_prio_other = 0; - ncenter_prio_quota = 1; - }; - acenter = { - acenter_enable = 0; - acenter_cats = "*,"; - acenter_prio_startup = 0; - acenter_prio_download = 0; - acenter_prio_pause_resume = 0; - acenter_prio_pp = 0; - acenter_prio_complete = 0; - acenter_prio_failed = 0; - acenter_prio_disk_full = 0; - acenter_prio_new_login = 0; - acenter_prio_warning = 0; - acenter_prio_error = 0; - acenter_prio_queue_done = 0; - acenter_prio_other = 0; - acenter_prio_quota = 1; - }; - ntfosd = { - ntfosd_enable = 0; - ntfosd_cats = "*,"; - ntfosd_prio_startup = 0; - ntfosd_prio_download = 0; - ntfosd_prio_pause_resume = 0; - ntfosd_prio_pp = 0; - ntfosd_prio_complete = 0; - ntfosd_prio_failed = 0; - ntfosd_prio_disk_full = 0; - ntfosd_prio_new_login = 0; - ntfosd_prio_warning = 0; - ntfosd_prio_error = 0; - ntfosd_prio_queue_done = 0; - ntfosd_prio_other = 0; - ntfosd_prio_quota = 1; - }; - prowl = { - prowl_enable = 0; - prowl_cats = "*,"; - prowl_apikey = ""; - prowl_prio_startup = -3; - prowl_prio_download = -3; - prowl_prio_pause_resume = -3; - prowl_prio_pp = -3; - prowl_prio_complete = 0; - prowl_prio_failed = 1; - prowl_prio_disk_full = 1; - prowl_prio_new_login = -3; - prowl_prio_warning = -3; - prowl_prio_error = -3; - prowl_prio_queue_done = 0; - prowl_prio_other = 0; - prowl_prio_quota = 0; - }; - pushover = { - pushover_token = ""; - pushover_userkey = ""; - pushover_device = ""; - pushover_emergency_expire = 3600; - pushover_emergency_retry = 60; - pushover_enable = 0; - pushover_cats = "*,"; - pushover_prio_startup = -3; - pushover_prio_download = -2; - pushover_prio_pause_resume = -2; - pushover_prio_pp = -3; - pushover_prio_complete = -1; - pushover_prio_failed = -1; - pushover_prio_disk_full = 1; - pushover_prio_new_login = -3; - pushover_prio_warning = 1; - pushover_prio_error = 1; - pushover_prio_queue_done = -1; - pushover_prio_other = -1; - pushover_prio_quota = -1; - }; - pushbullet = { - pushbullet_enable = 0; - pushbullet_cats = "*,"; - pushbullet_apikey = ""; - pushbullet_device = ""; - pushbullet_prio_startup = 0; - pushbullet_prio_download = 0; - pushbullet_prio_pause_resume = 0; - pushbullet_prio_pp = 0; - pushbullet_prio_complete = 1; - pushbullet_prio_failed = 1; - pushbullet_prio_disk_full = 1; - pushbullet_prio_new_login = 0; - pushbullet_prio_warning = 0; - pushbullet_prio_error = 0; - pushbullet_prio_queue_done = 0; - pushbullet_prio_other = 1; - pushbullet_prio_quota = 1; - }; - nscript = { - nscript_enable = 0; - nscript_cats = "*,"; - nscript_script = "None"; - nscript_parameters = ""; - nscript_prio_startup = 1; - nscript_prio_download = 0; - nscript_prio_pause_resume = 0; - nscript_prio_pp = 0; - nscript_prio_complete = 1; - nscript_prio_failed = 1; - nscript_prio_disk_full = 1; - nscript_prio_new_login = 0; - nscript_prio_warning = 0; - nscript_prio_error = 0; - nscript_prio_queue_done = 1; - nscript_prio_other = 1; - nscript_prio_quota = 1; - }; - apprise = { - apprise_enable = 0; - apprise_cats = "*,"; - apprise_urls = ""; - apprise_target_startup = ""; - apprise_target_startup_enable = 0; - apprise_target_download = ""; - apprise_target_download_enable = 0; - apprise_target_pause_resume = ""; - apprise_target_pause_resume_enable = 0; - apprise_target_pp = ""; - apprise_target_pp_enable = 0; - apprise_target_complete = ""; - apprise_target_complete_enable = 1; - apprise_target_failed = ""; - apprise_target_failed_enable = 1; - apprise_target_disk_full = ""; - apprise_target_disk_full_enable = 0; - apprise_target_new_login = ""; - apprise_target_new_login_enable = 1; - apprise_target_warning = ""; - apprise_target_warning_enable = 0; - apprise_target_error = ""; - apprise_target_error_enable = 0; - apprise_target_queue_done = ""; - apprise_target_queue_done_enable = 0; - apprise_target_other = ""; - apprise_target_other_enable = 1; - apprise_target_quota = ""; - apprise_target_quota_enable = 1; }; servers = { "news-us.newsgroup.ninja" = { - displayname = "news-us.newsgroup.ninja"; - host = "news-us.newsgroup.ninja"; - port = 563; - timeout = 60; username = config.sops.placeholder.sabnzbd_newsgroup_ninja_username; password = config.sops.placeholder.sabnzbd_newsgroup_ninja_password; - connections = 40; - ssl = 1; - ssl_verify = 3; - ssl_ciphers = ""; - enable = 1; - required = 0; - optional = 0; - retention = 0; - expire_date = "2026-10-29"; - quota = ""; - usage_at_start = 0; - priority = 0; - notes = ""; }; "news.supernews.com" = { - name = "news.supernews.com"; - displayname = "news.supernews.com"; - host = "news.supernews.com"; - port = 119; - timeout = 60; username = config.sops.placeholder.sabnzbd_supernews_username; password = config.sops.placeholder.sabnzbd_supernews_password; - connections = 15; - ssl = 0; - ssl_verify = 3; - ssl_ciphers = ""; - enable = 0; - required = 0; - optional = 0; - retention = 0; - expire_date = ""; - quota = ""; - usage_at_start = 0; - priority = 0; - notes = ""; }; "reader.xsnews.nl" = { - name = "reader.xsnews.nl"; - displayname = "reader.xsnews.nl"; - host = "reader.xsnews.nl"; - port = 563; - timeout = 60; username = config.sops.placeholder.sabnzbd_xsnews_username; password = config.sops.placeholder.sabnzbd_xsnews_password; - connections = 15; - ssl = 1; - ssl_verify = 3; - ssl_ciphers = ""; - enable = 0; - required = 0; - optional = 0; - retention = 0; - expire_date = ""; - quota = ""; - usage_at_start = 0; - priority = 0; - notes = ""; }; "news.newshosting.com" = { - name = "news.newshosting.com"; - displayname = "news.newshosting.com"; - host = "news.newshosting.com"; - port = 563; - timeout = 60; username = config.sops.placeholder.sabnzbd_newshosting_username; password = config.sops.placeholder.sabnzbd_newshosting_password; - connections = 100; - ssl = 1; - ssl_verify = 3; - ssl_ciphers = ""; - enable = 1; - required = 0; - optional = 0; - retention = 0; - expire_date = "2026-08-29"; - quota = ""; - usage_at_start = 0; - priority = 0; - notes = ""; }; "news.newsgroupdirect.com" = { - name = "news.newsgroupdirect.com"; - displayname = "NewsgroupDirect"; - host = "news.newsgroupdirect.com"; - port = 563; - timeout = 60; username = config.sops.placeholder.sabnzbd_newsgroup_direct_username; password = config.sops.placeholder.sabnzbd_newsgroup_direct_password; - connections = 8; - ssl = 1; - ssl_verify = 3; - ssl_ciphers = ""; - enable = 1; - required = 0; - optional = 0; - retention = 0; - expire_date = ""; - quota = "4000G"; - usage_at_start = 0; - priority = 1; - notes = ""; }; "news.eweka.nl" = { - name = "news.eweka.nl"; - displayname = "news.eweka.nl"; - host = "news.eweka.nl"; - port = 563; - timeout = 60; username = config.sops.placeholder.sabnzbd_eweka_username; password = config.sops.placeholder.sabnzbd_eweka_password; - connections = 50; - ssl = 1; - ssl_verify = 3; - ssl_ciphers = ""; - enable = 1; - required = 0; - optional = 0; - retention = 0; - expire_date = "2027-05-13"; - quota = ""; - usage_at_start = 0; - priority = 0; - notes = ""; - }; - }; - categories = { - "*" = { - name = "*"; - order = 0; - pp = 3; - script = "None"; - dir = ""; - newzbin = ""; - priority = 0; - }; - movies = { - name = "movies"; - order = 0; - pp = ""; - script = "Default"; - dir = ""; - newzbin = ""; - priority = -100; - }; - tv = { - name = "tv"; - order = 0; - pp = ""; - script = "Default"; - dir = ""; - newzbin = ""; - priority = -100; - }; - audio = { - name = "audio"; - order = 0; - pp = ""; - script = "Default"; - dir = ""; - newzbin = ""; - priority = -100; - }; - software = { - name = "software"; - order = 0; - pp = ""; - script = "Default"; - dir = ""; - newzbin = ""; - priority = -100; - }; - prowlarr = { - name = "prowlarr"; - order = 1; - pp = ""; - script = "Default"; - dir = ""; - newzbin = ""; - priority = -100; - }; - books = { - name = "books"; - order = 2; - pp = ""; - script = "Default"; - dir = ""; - newzbin = ""; - priority = -100; }; }; }; }; owner = config.services.sabnzbd.user; - restartUnits = [ "sabnzbd.service" ]; }; }; services.sabnzbd = { enable = true; openFirewall = true; - configFile = config.sops.templates."sabnzbd/config.ini".path; + configFile = null; + secretFiles = [ config.sops.templates."sabnzbd/secrets.ini".path ]; + settings = { + misc = { + port = 8080; + host = "0.0.0.0"; + username = "admin"; + permissions = 777; + download_dir = "/data/local/tmp/sabnzbd/inter"; + complete_dir = "/data/local/tmp/sabnzbd/dst"; + admin_dir = "/var/lib/sabnzbd/admin/"; + log_dir = "/var/lib/sabnzbd/logs/"; + host_whitelist = "htpc,"; + inet_exposure = "api+web (auth needed)"; + }; + servers = { + "news-us.newsgroup.ninja" = { + name = "news-us.newsgroup.ninja"; + displayname = "news-us.newsgroup.ninja"; + host = "news-us.newsgroup.ninja"; + port = 563; + timeout = 60; + connections = 40; + ssl = true; + ssl_verify = "strict"; + ssl_ciphers = ""; + enable = true; + required = false; + optional = false; + retention = 0; + expire_date = "2026-10-29"; + quota = ""; + usage_at_start = 0; + priority = 0; + notes = ""; + }; + "news.supernews.com" = { + name = "news.supernews.com"; + displayname = "news.supernews.com"; + host = "news.supernews.com"; + port = 119; + timeout = 60; + connections = 15; + ssl = false; + ssl_verify = "strict"; + ssl_ciphers = ""; + enable = false; + required = false; + optional = false; + retention = 0; + expire_date = ""; + quota = ""; + usage_at_start = 0; + priority = 0; + notes = ""; + }; + "reader.xsnews.nl" = { + name = "reader.xsnews.nl"; + displayname = "reader.xsnews.nl"; + host = "reader.xsnews.nl"; + port = 563; + timeout = 60; + connections = 15; + ssl = true; + ssl_verify = "strict"; + ssl_ciphers = ""; + enable = false; + required = false; + optional = false; + retention = 0; + expire_date = ""; + quota = ""; + usage_at_start = 0; + priority = 0; + notes = ""; + }; + "news.newshosting.com" = { + name = "news.newshosting.com"; + displayname = "news.newshosting.com"; + host = "news.newshosting.com"; + port = 563; + timeout = 60; + connections = 100; + ssl = true; + ssl_verify = "strict"; + ssl_ciphers = ""; + enable = true; + required = false; + optional = false; + retention = 0; + expire_date = "2026-08-29"; + quota = ""; + usage_at_start = 0; + priority = 0; + notes = ""; + }; + "news.newsgroupdirect.com" = { + name = "news.newsgroupdirect.com"; + displayname = "NewsgroupDirect"; + host = "news.newsgroupdirect.com"; + port = 563; + timeout = 60; + connections = 8; + ssl = true; + ssl_verify = "strict"; + ssl_ciphers = ""; + enable = true; + required = false; + optional = false; + retention = 0; + expire_date = ""; + quota = "4000G"; + usage_at_start = 0; + priority = 1; + notes = ""; + }; + "news.eweka.nl" = { + name = "news.eweka.nl"; + displayname = "news.eweka.nl"; + host = "news.eweka.nl"; + port = 563; + timeout = 60; + connections = 50; + ssl = true; + ssl_verify = "strict"; + ssl_ciphers = ""; + enable = true; + required = false; + optional = false; + retention = 0; + expire_date = "2027-05-13"; + quota = ""; + usage_at_start = 0; + priority = 0; + notes = ""; + }; + }; + categories = { + "*" = { + name = "*"; + order = 0; + pp = 3; + priority = 0; + }; + movies = { + name = "movies"; + order = 0; + priority = -100; + }; + tv = { + name = "tv"; + order = 0; + priority = -100; + }; + audio = { + name = "audio"; + order = 0; + priority = -100; + }; + software = { + name = "software"; + order = 0; + priority = -100; + }; + prowlarr = { + name = "prowlarr"; + order = 1; + priority = -100; + }; + books = { + name = "books"; + order = 2; + priority = -100; + }; + }; + }; }; - systemd.services.sabnzbd.serviceConfig.ExecStart = lib.mkOverride 10 "${ - lib.getExe' config.services.sabnzbd.package "sabnzbd" - } -d -f ${config.services.sabnzbd.configFile} --disable-file-log"; - systemd.tmpfiles.rules = [ "d '/data/local/tmp/sabnzbd/inter' 0777 ${config.services.sabnzbd.user} ${config.services.sabnzbd.group} - -" "d '/data/local/tmp/sabnzbd/dst' 0777 ${config.services.sabnzbd.user} ${config.services.sabnzbd.group} - -" diff --git a/modules/profiles/media-management/tracearr/default.nix b/modules/profiles/media-management/tracearr/default.nix index 70bcfde..f4f109e 100644 --- a/modules/profiles/media-management/tracearr/default.nix +++ b/modules/profiles/media-management/tracearr/default.nix @@ -1,3 +1,8 @@ +# NOTE: If Tracearr fails to start because of error similar to `error: could +# not access file "$libdir/timescaledb-2.24.0"`, this can be fixed by running +# `ALTER EXTENSION timescaledb UPDATE;` in the `tracearr` database +# +# See: https://github.com/NixOS/nixpkgs/issues/214367 { config, ... }: { sops = { secrets = { diff --git a/modules/profiles/networking/resolved.nix b/modules/profiles/networking/resolved.nix index 0427c5f..0dfed58 100644 --- a/modules/profiles/networking/resolved.nix +++ b/modules/profiles/networking/resolved.nix @@ -1,9 +1,9 @@ { services.resolved = { enable = true; - # dnssec = "true"; - domains = [ "~." ]; - fallbackDns = [ "1.1.1.1" ]; - # dnsovertls = "true"; + settings.Resolve = { + Domains = [ "~." ]; + FallbackDNS = [ "1.1.1.1" ]; + }; }; } diff --git a/modules/profiles/virtualisation/aws.nix b/modules/profiles/virtualisation/aws.nix index e69873d..c9eb84d 100644 --- a/modules/profiles/virtualisation/aws.nix +++ b/modules/profiles/virtualisation/aws.nix @@ -2,4 +2,9 @@ imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ]; ec2.hvm = true; + + # Limit number of configurations on AWS specifically. The `/boot` partition + # is fairly small, so to prevent it getting full, limit the number of + # configurations/kernels + boot.loader.grub.configurationLimit = 10; }