- Add option to add extra args to hledger command.
- Add
shb.forgejo.usersoption to create users declaratively.
- Make Nextcloud create the external storage if it's a local storage and the directory does not exist yet.
- Disable flow to change password on first login for admin Forgejo user. This is not necessary since the password comes from some secret store.
- Fix internal link for Home Assistant which now points to the fqdn. This fixes Voice Assistant onboarding. This is a breaking change if one relies on reaching Home Assistant through the IP address but I don't recommend that. It's much better to have a DNS server running locally which redirects the fqdn to the server running Home Assistant.
- Refactor tests and add playwright tests for services.
- Add Memories Nextcloud app declaratively configured.
- Add Recognize Nextcloud app declaratively configured.
- Add dashboard for SSL certificates validity and alert they did not renew on time.
- Only enable php-fpm exporter when php-fpm is enabled.
- Remove upgrade script from postgres 13 to 14 and 14 to 15.
- Add dashboard for Nextcloud with PHP-FPM exporter.
- Add voice option to Home-Assistant.
- Add hostname and domain labels for scraped Prometheus metrics and Loki logs.
- Add dashboard for deluge.
- Fix more modules using backup contract.
- Fix modules using backup contract.
- Options
before_backupandafter_backupfor backup contract have been renamed tobeforeBackupandafterBackup. - All options using the backup and databasebackup contracts now use the new style.
- Show how to pin Self Host Blocks flake input to a tag.
- Fix: add implementation for
sops.nixmodule.
- Use VERSION when rendering manual too.
- Add
sops.nixmodule tonixosModules.default.
- Auto-tagging of git repo when VERSION file gets updated.
- Add VERSION file to track version.
- Backup:
- Add feature to backup databases with the database backup contract, implemented with
shb.restic.databases.
- Add feature to backup databases with the database backup contract, implemented with
- Remove dependency on
sops-nix. - Rename
shb.nginx.autheliaProtecttoshb.nginx.vhosts. Indeed, the option allows to define a vhost with optional Authelia protection but the former name made it look like Authelia protection was enforced. - Rename all
shb.arr.*.APIKeytoshb.arr.*.ApiKey. - Remove
shb.vaultwarden.ldapEndpointoption because it was not used in the implementation anyway. - Bump Nextcloud default version from 27 to 28. Add support for version 29.
- Deluge config breaks the authFile into an attrset of user to password file. Also deluge has tests now.
- Nextcloud now configures the LDAP app to use the
user_idfrom LLDAP as the user ID used in Nextcloud. This makes all source of user - internal, LDAP and SSO - agree on the user ID. - Authelia options changed:
shb.authelia.oidcClients.id->shb.authelia.oidcClients.client_idshb.authelia.oidcClients.description->shb.authelia.oidcClients.client_nameshb.authelia.oidcClients.secret->shb.authelia.oidcClients.client_secretshb.authelia.ldapEndpoint->shb.authelia.ldapHostnameandshb.authelia.ldapPortshb.authelia.jwtSecretFile->shb.authelia.jwtSecret.result.pathshb.authelia.ldapAdminPasswordFile->shb.authelia.ldapAdminPassword.result.pathshb.authelia.sessionSecretFile->shb.authelia.sessionSecret.result.pathshb.authelia.storageEncryptionKeyFile->shb.authelia.storageEncryptionKey.result.pathshb.authelia.identityProvidersOIDCIssuerPrivateKeyFile->shb.authelia.identityProvidersOIDCIssuerPrivateKey.result.pathshb.authelia.smtp.passwordFile->shb.authelia.smtp.password.result.path
- Make Nextcloud automatically disable maintenance mode upon service restart.
shb.ldap.ldapUserPasswordFile->shb.ldap.ldapUserPassword.result.pathshb.ldap.jwtSecretFile->shb.ldap.jwtSecret.result.path- Jellyfin changes:
shb.jellyfin.ldap.passwordFile->shb.jellyfin.ldap.adminPassword.result.path.shb.jellyfin.sso.secretFile->shb.jellyfin.ldap.sharedSecret.result.path.-
shb.jellyfin.ldap.sharedSecretForAuthelia.
- Forgejo changes:
shb.forgejo.ldap.adminPasswordFile->shb.forgejo.ldap.adminPassword.result.path.shb.forgejo.sso.secretFile->shb.forgejo.ldap.sharedSecret.result.path.shb.forgejo.sso.secretFileForAuthelia->shb.forgejo.ldap.sharedSecretForAuthelia.result.path.shb.forgejo.adminPasswordFile->shb.forgejo.adminPassword.result.path.shb.forgejo.databasePasswordFile->shb.forgejo.databasePassword.result.path.
- Backup:
shb.restic.instancesoptions has been split betweenshb.restic.instances.requestandshb.restic.instances.settings, matching better with contracts.
- Use of secret contract everywhere.
- Add mount contract.
- Export torrent metrics.
- Bump chunkSize in Nextcloud to boost performance.
- Fix home-assistant onboarding file generation. Added new VM test.
- OIDC and SMTP config are now optional in Vaultwarden. Added new VM test.
- Add default OIDC config for Authelia. This way, Authelia can start even with no config or only forward auth configs.
- Fix replaceSecrets function. It wasn't working correctly with functions from
lib.generatorsandpkgs.pkgs-lib.formats. Also more test coverage. - Add udev extra rules to allow smartctl Prometheus exporter to find NVMe drives.
- Revert Loki to major version 2 because upgrading to version 3 required manual intervention as Loki refuses to start. So until this issue is tackled, reverting is the best immediate fix. See https://github.com/NixOS/nixpkgs/commit/8f95320f39d7e4e4a29ee70b8718974295a619f4
- Add prometheus deluge exporter support. It just needs the
shb.deluge.prometheusScraperPasswordFileoption to be set.
- Add pretty printing of test errors. Instead of:
You now see:
error: testRadarr failed: expected {"services":{"bazarr":{},"jackett":{},"lidarr":{},"nginx":{"enable":true},"radarr":{"dataDir":"/var/lib/radarr","enable":true,"group":"radarr","user":"radarr"},"readarr":{},"sonarr":{}},"shb":{"backup":{"instances":{"radarr":{"excludePatterns":[".db-shm",".db-wal",".mono"],"sourceDirectories":["/var/lib/radarr"]}}},"nginx":{"autheliaProtect":[{"authEndpoint":"https://oidc.example.com","autheliaRules":[{"domain":"radarr.example.com","policy":"bypass","resources":["^/api.*"]},{"domain":"radarr.example.com","policy":"two_factor","subject":["group:arr_user"]}],"domain":"example.com","ssl":null,"subdomain":"radarr","upstream":"http://127.0.0.1:7878"}]}},"systemd":{"services":{"radarr":{"serviceConfig":{"StateDirectoryMode":"0750","UMask":"0027"}}},"tmpfiles":{"rules":["d '/var/lib/radarr' 0750 radarr radarr - -"]}},"users":{"groups":{"radarr":{"members":["backup"]}}}}, but got {"services":{"bazarr":{},"jackett":{},"lidarr":{},"nginx":{"enable":true},"radarr":{"dataDir":"/var/lib/radarr","enable":true,"group":"radarr","user":"radarr"},"readarr":{},"sonarr":{}},"shb":{"backup":{"instances":{"radarr":{"excludePatterns":[".db-shm",".db-wal",".mono"],"sourceDirectories":["/var/lib/radarr"]}}},"nginx":{"vhosts":[{"authEndpoint":"https://oidc.example.com","autheliaRules":[{"domain":"radarr.example.com","policy":"bypass","resources":["^/api.*"]},{"domain":"radarr.example.com","policy":"two_factor","subject":["group:arr_user"]}],"domain":"example.com","ssl":null,"subdomain":"radarr","upstream":"http://127.0.0.1:7878"}]}},"systemd":{"services":{"radarr":{"serviceConfig":{"StateDirectoryMode":"0750","UMask":"0027"}}},"tmpfiles":{"rules":["d '/var/lib/radarr' 0750 radarr radarr - -"]}},"users":{"groups":{"radarr":{"members":["backup"]}}}}error: testRadarr failed (- expected, + result) { "dictionary_item_added": [ "root['shb']['nginx']['vhosts']" ], "dictionary_item_removed": [ "root['shb']['nginx']['authEndpoint']" ] } - Made Nextcloud LDAP setup use a hardcoded configID. This makes the detection of an existing config much more robust.
Creation of CHANGELOG.md