fixes

nixos/celestia/configuration.nix

@@ -33,6 +33,8 @@ in {
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets."acme.env" = {};
   sops.secrets."tailscale-auth-key" = {};
+  sops.secrets."act-runner-token" = {};
+  sops.secrets."photoprism-password-file" = {};
 
   imports = [
     ./hardware-configuration.nix
@@ -167,8 +169,8 @@ in {
           public = "yes";
           "guest only" = "yes";
           writable = "yes";
-          "force create mode" = "0666";
+          # "force create mode" = "0666";
-          "force directory mode" = "0777";
+          # "force directory mode" = "0777";
         };
         video = {
           path = "/tank/video";
@@ -176,8 +178,9 @@ in {
           public = "yes";
           "guest only" = "yes";
           writable = "yes";
-          "force create mode" = "0666";
+          "force group" = "nas";
-          "force directory mode" = "0777";
+          # "force create mode" = "0666";
+          # "force directory mode" = "0777";
         };
       };
     };
@@ -186,8 +189,29 @@ in {
       autoScrub.enable = true;
     };
 
+    gitea-actions-runner.instances = {
+      runner1 = {
+        enable = true;
+        name = "celestia";
+        url = "https://git.fuckwit.dev";
+        tokenFile = config.sops.secrets."act-runner-token".path;
+        labels = [
+          "native:host"
+        ];
+        hostPackages = with pkgs; [
+          bash
+          coreutils
+          curl
+          wget
+          gnused
+          gitMinimal
+        ];
+      };
+    };
+
     nginx = {
       enable = true;
+      clientMaxBodySize = "500m";
       virtualHosts = makeVirtualHosts [
         {
           subdomain = "jdownloader";
@@ -217,6 +241,10 @@ in {
           subdomain = "homepage";
           port = 8082;
         }
+        {
+          subdomain = "photoprism";
+          port = 2342;
+        }
       ];
     };
 
@@ -257,17 +285,21 @@ in {
       enable = true;
       group = "nas";
       dataDir = "/var/lib/sonarr";
-      # package = pkgs.sonarr.override {
-      #   version = "4.0.0.748";
-      #   src = lib.fetchurl {
-      #     url = "https://download.sonarr.tv/v4/main/${version}/Sonarr.main.${version}.linux-x64.tar.gz";
-      #     hash = "";
-      #   };
-      # };
     };
 
     jellyfin.enable = true;
 
+    photoprism = {
+      enable = true;
+      originalsPath = "/tank/images/pictures";
+      importPath = "/tank/images/import";
+      passwordFile = config.sops.secrets."photoprism-password-file".path;
+      settings = {
+        PHOTOPRISM_ADMIN_USER = "root";
+        PHOTOPRISM_DEFAULT_LOCALE = "de";
+      };
+    };
+
     homepage-dashboard = {
       enable = true;
 
@@ -419,7 +451,7 @@ in {
       script = ''
         while read -r evt file; do
           ${pkgs.coreutils}/bin/chown ${user}:${group} "$file"
-          ${pkgs.coreutils}/bin/chmod 755 "$file"
+          ${pkgs.coreutils}/bin/chmod 775 "$file"
         done < <(${pkgs.inotify-tools}/bin/inotifywait -e create,move -m -r --format '%e %w%f' ${path})
       '';
     };

nixos/celestia/secrets.yaml

@@ -1,5 +1,7 @@
 acme.env: ENC[AES256_GCM,data:VgSJO2Q32csfN0DEH6kTsaN0z/hRa0fRHLUleju+gqBPjoQmZGIQjlLKHzj1Ys3zS591iVRkeYExBGyCPakPIJo=,iv:sOIPofteCvO4Na+z8qw7EjfJ6CEr83kYaonhUCgFwA4=,tag:RhHGyTrmdY4f8QkQ0DhhJw==,type:str]
 tailscale-auth-key: ENC[AES256_GCM,data:Rvq2wL9civCoH6acKk3lYIXbVAME+kUmeuQYOTl+rvdb5bFoI5i688qI58ceF47PGKi1jeXe46SkJGJe0iY=,iv:b0kavSFEG40Jxa3yAjttarN5N3nOLEbZYqP3LOXvBrU=,tag:cpgYzoX9L6+1IHnmjfZfQg==,type:str]
+act-runner-token: ENC[AES256_GCM,data:vNYCpt96yFeEUERCXYlk5p1NbVrQOBps7jEUI+4aXonxTDTDfyPZF8tjCjERfg==,iv:hMUz99UdHlXwhTGKr4QlrvkDTfy+jVCSOQlQEENTDI8=,tag:buvPFy10R0BKu4tQBMJhEg==,type:str]
+photoprism-password-file: ENC[AES256_GCM,data:a0fqrjRDc2M=,iv:H/kLPIJsti8QsOJjwPGFSELD4LHb8u8dIkq8pd7W61E=,tag:xp/vpqE/n+alm17d9eIRcA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +17,8 @@ sops:
             K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM
             wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-21T19:42:27Z"
+    lastmodified: "2024-08-26T08:34:59Z"
-    mac: ENC[AES256_GCM,data:1LZ/jcx2yOW5OgWYmGlu8ySpOLrvLTmyAc8CrK6gKDeoc/VN5RuRapwkGD6XfgDaUvMCccgcRpyL5QDPPdRw6zzwpW4Ce1hreOoC1zV23TNDuAbn1G+gFjlJ2l5IEY6EZeNoWsOC2ID16HRwls1Bau1+hcWKefFYNVjE3+3l16U=,iv:9FFP84Be7UzfuLz/FnFtvOXmudccMq1jFDGXJUN0t48=,tag:U9SOsMUbHm8hzZnS3yK1Lg==,type:str]
+    mac: ENC[AES256_GCM,data:bqt8+j+t4p2T6+y3+GkeZB2DsHpf9ugBNBnnR1+m9nyKRsS1bR7divl0GZyndlmPMEzOxGJSeHjDhTwrQ/w6szmmHFuUEpogkiJUxzZM9UUa/k4zBQlgVliQM/uuAvYEQJgWVwBJgkIEHsn/F3QGFPCOY/9N9epkhqr1BgfkMQo=,iv:3DhlnJQ70blHqK+n1DrV8FdjUj6qDQ7L8t/r7tOkEQY=,tag:exY8TN8XIuLvoRDhEHDWTQ==,type:str]
     pgp:
         - created_at: "2024-01-25T08:00:56Z"
           enc: |-
@@ -31,4 +33,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 5FA64909521A5C85992F26E0F819AEFF941BB849
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.0

nixos/framework/configuration.nix

@@ -128,5 +128,6 @@
   programs = {
     hyprland.enable = true;
     gnupg.agent.enable = true;
+    ssh.enableAskPassword = false; # disable setting of $SSH_ASKPASS
   };
 }

nixos/primordial/configuration.nix

@@ -236,6 +236,7 @@ in {
         domain = "grafana.fuckwit.dev";
         http_addr = "127.0.0.1";
         http_port = 8002;
+        root_url = "https://grafana.fuckwit.dev";
       };
     };