service.freshrss: migrate to new caddy config

profile/usb-iso: allow insecure ventoy
profile/media: rename projectm
2025-09-14 06:22:02 +02:00 · 2025-05-23 23:30:21 +02:00 · 2025-05-23 23:05:45 +02:00 · 2025-05-23 23:05:24 +02:00 · 2025-05-23 23:05:05 +02:00 · 2025-05-23 23:04:50 +02:00
10 changed files with 32 additions and 47 deletions
--- a/.envrc
+++ b/.envrc
@ -1,3 +1,4 @@
 #!/usr/bin/env bash
 export DIRENV_WARN_TIMEOUT=5m
 use flake
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1747274630,
+        "lastModified": 1747742835,
-        "narHash": "sha256-87RJwXbfOHyzTB9LYagAQ6vOZhszCvd8Gvudu+gf3qo=",
+        "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "ec7c109a4f794fce09aad87239eab7f66540b888",
+        "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62",
        "type": "github"
      },
      "original": {
@ -212,11 +212,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742568034,
+        "lastModified": 1747663185,
-        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
+        "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
+        "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
        "type": "github"
      },
      "original": {
@ -227,11 +227,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1747129300,
+        "lastModified": 1747900541,
-        "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
+        "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "e81fd167b33121269149c57806599045fd33eeed",
+        "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06",
        "type": "github"
      },
      "original": {
@ -242,16 +242,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1747485343,
+        "lastModified": 1747953325,
-        "narHash": "sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38=",
+        "narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9b5ac7ad45298d58640540d0323ca217f32a6762",
+        "rev": "55d1f923c480dadce40f5231feb472e81b0bab48",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
        "type": "indirect"
      }
    },
@ -296,11 +296,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1747542820,
+        "lastModified": 1747744144,
-        "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
+        "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
+        "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
        "type": "github"
      },
      "original": {
@ -353,11 +353,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1746485181,
+        "lastModified": 1747603214,
-        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
+        "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
+        "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -2,7 +2,7 @@
  description = "NixOS configuration";
  inputs = {
    # nix.url = "github:NixOS/nix";
-    nixpkgs.url = "nixpkgs/nixos-24.11";
+    nixpkgs.url = "nixpkgs/nixos-25.05";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
    flake-parts.url = "github:hercules-ci/flake-parts";
--- a/images/base-config.nix
+++ b/images/base-config.nix
@ -6,8 +6,6 @@
  ...
 }:
 {
  system.stateVersion = config.system.nixos.version;
  networking = {
    firewall.enable = false;
--- a/modules/services/freshrss/default.nix
+++ b/modules/services/freshrss/default.nix
@ -45,29 +45,10 @@ in
      enable = true;
      baseUrl = "https://news.${domain}";
      inherit (cfg) language passwordFile defaultUser;
-      virtualHost = null;
+      virtualHost = "news.${domain}";
-      # TODO 25.05: Add support for custom virtualHost
+      webserver = "caddy";
      # webserver = "caddy";
    };
    services.phpfpm.pools.freshrss.settings = {
      "listen.owner" = lib.mkForce config.services.caddy.user;
      "listen.group" = lib.mkForce config.services.caddy.group;
    };
    my.services.webserver.virtualHosts = [
      {
        subdomain = "news";
        extraConfig = ''
          root * ${config.services.freshrss.package}/p
          php_fastcgi unix/${config.services.phpfpm.pools.freshrss.socket} {
              env FRESHRSS_DATA_PATH ${config.services.freshrss.dataDir}
          }
          file_server
        '';
      }
    ];
    webapps.apps.freshrss = {
      dashboard = {
        name = "News";
--- a/modules/services/nextcloud/default.nix
+++ b/modules/services/nextcloud/default.nix
@ -53,7 +53,7 @@ in
    services = {
      nextcloud = {
        enable = true;
-        package = pkgs.nextcloud30;
+        package = pkgs.nextcloud31;
        hostName = "cloud.${domain}";
        maxUploadSize = cfg.maxSize;
        autoUpdateApps.enable = true;
@ -65,6 +65,7 @@ in
          adminuser = cfg.admin;
          adminpassFile = cfg.passwordFile;
          dbtype = "sqlite";
          #dbtype = "pgsql";
          #dbhost = "/run/postgresql";
        };
--- a/modules/services/prometheus/default.nix
+++ b/modules/services/prometheus/default.nix
@ -27,7 +27,7 @@ in
      description = "retention time";
    };
-    # a good collections for allerts can be found here: https://samber.github.io/awesome-prometheus-alerts/rules#blackbox
+    # a good collections for alerts can be found here: https://samber.github.io/awesome-prometheus-alerts/rules#blackbox
    rules = mkOption {
      type = types.attrsOf (
        types.submodule {
--- a/profiles/gaming/default.nix
+++ b/profiles/gaming/default.nix
@ -33,7 +33,7 @@ in
    hardware = {
      graphics.enable32Bit = true;
      graphics.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
      pulseaudio.support32Bit = true;
    };
    services.pulseaudio.support32Bit = true;
  };
 }
--- a/profiles/media/default.nix
+++ b/profiles/media/default.nix
@ -31,7 +31,7 @@ in
      pdfgrep # grep in pdfs
      pdfsam-basic # pdf editing
      picard # music tagging
-      projectm # visualization of music
+      projectm-sdl-cpp # visualization of music
      puddletag # audio tagging
      shotwell # photo management
      sonixd # cloud-music-player
--- a/profiles/usb-iso/default.nix
+++ b/profiles/usb-iso/default.nix
@ -13,6 +13,10 @@ in
  };
  config = lib.mkIf cfg.enable {
    # binary blobs are needed for ventoy
    nixpkgs.config.permittedInsecurePackages = [
      "ventoy-1.1.05"
    ];
    environment.systemPackages = with pkgs; [
      ventoy-bin-full # general
      woeusb-ng # windows
Author	SHA1	Message	Date
Felix Buehler	a57752f9dd	service.freshrss: migrate to new caddy config Some checks failed / Build Nix targets (push) Has been cancelled Details	2025-05-23 23:30:21 +02:00
Felix Buehler	04875a3bd4	profile/usb-iso: allow insecure ventoy	2025-05-23 23:05:45 +02:00
Felix Buehler	4b41bd73aa	profile/media: rename projectm	2025-05-23 23:05:24 +02:00
Felix Buehler	7926dd09de	treewide: fix typos	2025-05-23 23:05:05 +02:00
Felix Buehler	40793e02a3	images: remove dynamic stateVersion	2025-05-23 23:04:50 +02:00
Felix Buehler	cd52b362b7	direnv: fix lint	2025-05-23 23:04:31 +02:00
Felix Buehler	6fdcd50b1f	profile/gaming: migrate pulseaudio	2025-05-23 23:00:53 +02:00
Felix Buehler	9c64b82610	service/nextcloud: 30 -> 31	2025-05-23 22:59:11 +02:00
Felix Buehler	80824e33ed	flake: nixos 24.11 -> 25.05	2025-05-23 22:57:34 +02:00