secureboot and stuff

2025-01-26 01:12:11 -05:00 · 2025-01-26 01:12:11 -05:00 · 268910b783
commit 268910b783
parent cb42a4b357
6 changed files with 17 additions and 15 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -5,3 +5,4 @@ secrets/wg0.conf filter=git-crypt diff=git-crypt
 secrets/caddy_auth.nix filter=git-crypt diff=git-crypt
 secrets/matrix_reg_token.nix filter=git-crypt diff=git-crypt
 secrets/owntracks_caddy_auth.nix filter=git-crypt diff=git-crypt
+secrets/secureboot.tar filter=git-crypt diff=git-crypt
--- a/flake.lock
+++ b/flake.lock
@ -64,11 +64,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737510347,
-        "narHash": "sha256-wEEkmpmd5FF0HEBeA3upQg2W1yI7jGJ7xg2dmKuZE7o=",
+        "lastModified": 1737683037,
+        "narHash": "sha256-1J2Pf6ub2DkkoqRq2xEFrusJKR4XHnnFk0wyOPrV2PM=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "ed6d2231a22a507f9a32d5661ef17c76eab8404d",
+        "rev": "f80c70946d3e27a466b8b9e65b24e36d571eac8b",
        "type": "github"
      },
      "original": {
@ -79,11 +79,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1737359802,
-        "narHash": "sha256-utplyRM6pqnN940gfaLFBb9oUCSzkan86IvmkhsVlN8=",
+        "lastModified": 1737751639,
+        "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "61c79181e77ef774ab0468b28a24bc2647d498d6",
+        "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4",
        "type": "github"
      },
      "original": {
@ -95,11 +95,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1737299813,
-        "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=",
+        "lastModified": 1737672001,
+        "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "107d5ef05c0b1119749e381451389eded30fb0d5",
+        "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8",
        "type": "github"
      },
      "original": {
--- a/secrets/secureboot.tar
+++ b/secrets/secureboot.tar
--- a/services/caddy.nix
+++ b/services/caddy.nix
@ -39,7 +39,7 @@ in
        }
      '';

-      ${service_configs.gitea.domain}.extraConfig = ''
+      "${service_configs.gitea.domain}".extraConfig = ''
        reverse_proxy :${builtins.toString config.services.gitea.settings.server.HTTP_PORT}
      '';

@ -78,7 +78,7 @@ in
  };

  systemd.tmpfiles.rules = [
-    "d ${service_configs.https.data_dir} 0750 ${config.services.caddy.user} ${config.services.caddy.group}"
+    "d ${service_configs.https.data_dir} g+rwx ${config.services.caddy.user} ${config.services.caddy.group}"
  ];

  systemd.packages = with pkgs; [ nssTools ];
--- a/services/matrix.nix
+++ b/services/matrix.nix
@ -12,9 +12,6 @@
  services.matrix-conduit = {
    enable = true;
    package = pkgs.conduwuit;
-    # package = pkgs.conduwuit.overrideAttrs (old: {
-    #   cargoBuildFeatures = pkgs.lib.remove "release_max_log_level" old.cargoBuildFeatures;
-    # });

    settings.global = {
      port = 6167;
--- a/services/qbittorrent.nix
+++ b/services/qbittorrent.nix
@ -59,7 +59,11 @@
        IncludeOverheadInLimits = false;

        GlobalMaxRatio = 2;
-        QueueingSystemEnabled = false; # seed all torrents all the time
+        QueueingSystemEnabled = false; # seed all torrents all the timei
+
+        # add a few trackers TODO! add a script so I can just do a list
+        AddTrackersEnabled = true;
+        AdditionalTrackers = "udp://tracker.opentrackr.org:1337/announce\\nudp://open.stealth.si:80/announce\\nudp://open.demonii.com:1337\\nudp://exodus.desync.com:6969/announce";
      };
    };
  };