Lock down access to mqtt

Add nextcloud apps
Update Actual Budget
2024-10-27 16:15:23 -07:00 · 2024-10-11 21:58:54 -07:00 · 2024-10-11 21:20:46 -07:00 · 2024-10-11 21:20:18 -07:00
8 changed files with 937 additions and 763 deletions
--- a/common/server/nextcloud.nix
+++ b/common/server/nextcloud.nix
@ -8,12 +8,23 @@ in
  config = lib.mkIf cfg.enable {
    services.nextcloud = {
      https = true;
-      package = pkgs.nextcloud29;
+      package = pkgs.nextcloud30;
      hostName = "neet.cloud";
      config.dbtype = "sqlite";
      config.adminuser = "jeremy";
      config.adminpassFile = "/run/agenix/nextcloud-pw";
      autoUpdateApps.enable = true;
      extraApps = with config.services.nextcloud.package.packages.apps; {
        # Want
        inherit end_to_end_encryption mail spreed;
        # Might use
        inherit bookmarks calendar cookbook deck memories onlyoffice qownnotesapi;
        # Try out
        # inherit maps music news notes phonetrack polls forms;
      };
      extraAppsEnable = true;
    };
    age.secrets.nextcloud-pw = {
      file = ../../secrets/nextcloud-pw.age;
--- a/machines/storage/s0/home-automation.nix
+++ b/machines/storage/s0/home-automation.nix
@ -8,9 +8,10 @@
    enable = true;
    listeners = [
      {
-        acl = [ "pattern readwrite #" ];
+        users.root = {
-        omitPasswordAuth = true;
+          acl = [ "readwrite #" ];
-        settings.allow_anonymous = true;
+          hashedPassword = "$7$101$8+QnkTzCdGizaKqq$lpU4o84n6D/1uwfA9pZDVExr1NDm1D/8tNla2tE9J9HdUqkvu192yYfiySY1MFqVNgUKgWEFu5P1bUKqRnzbUw==";
        };
      }
    ];
  };
@ -28,7 +29,8 @@
      };
      mqtt = {
        server = "mqtt://localhost:1883";
-        # base_topic = "zigbee2mqtt";
+        user = "root";
        password = "'!/run/agenix/zigbee2mqtt.yaml mqtt_password'";
      };
      frontend = {
        host = "localhost";
@ -36,6 +38,7 @@
      };
    };
  };
  age.secrets."zigbee2mqtt.yaml".file = ../../../secrets/zigbee2mqtt.yaml.age;
  services.home-assistant = {
    enable = true;
--- a/machines/storage/s0/properties.nix
+++ b/machines/storage/s0/properties.nix
@ -12,6 +12,7 @@
    "binary-cache"
    "gitea-actions-runner"
    "frigate"
    "zigbee"
  ];
  hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";
--- a/overlays/actualbudget/default.nix
+++ b/overlays/actualbudget/default.nix
@ -7,16 +7,16 @@
 }:
 buildNpmPackage rec {
  pname = "actual-server";
-  version = "24.3.0";
+  version = "24.10.1";
  src = fetchFromGitHub {
    owner = "actualbudget";
    repo = pname;
    rev = "refs/tags/v${version}";
-    hash = "sha256-y51Dhdn84AWR/gM4LnAzvBIBpvKwUiclnPnwzkRoJ0I=";
+    hash = "sha256-VJAD+lNamwuYmiPJLXkum6piGi5zLOHBp8cUeZagb4s=";
  };
-  npmDepsHash = "sha256-/UM2Tz8t4hi621HtXSu0LTDIzZ9SWMqKXqKfPwkdpE8=";
+  npmDepsHash = "sha256-Z2e4+JMhI/keLerT0F4WYdLnXHRQCqL7NjNyA9SFEF8=";
  patches = [
    ./migrations-should-use-pkg-path.patch
--- a/overlays/actualbudget/migrations-should-use-pkg-path.patch
+++ b/overlays/actualbudget/migrations-should-use-pkg-path.patch
@ -1,5 +1,5 @@
 diff --git a/src/load-config.js b/src/load-config.js
-index d3cc5dd..cfcad8a 100644
+index d99ce42..42d1351 100644
 --- a/src/load-config.js
 +++ b/src/load-config.js
@@ -3,7 +3,8 @@ import path from 'node:path';
@ -12,7 +12,7 @@ index d3cc5dd..cfcad8a 100644
 const debugSensitive = createDebug('actual-sensitive:config');
 const projectRoot = path.dirname(path.dirname(fileURLToPath(import.meta.url)));
-@@ -90,6 +91,7 @@ const finalConfig = {
+@@ -108,6 +109,7 @@ const finalConfig = {
   serverFiles: process.env.ACTUAL_SERVER_FILES || config.serverFiles,
   userFiles: process.env.ACTUAL_USER_FILES || config.userFiles,
   webRoot: process.env.ACTUAL_WEB_ROOT || config.webRoot,
@ -21,7 +21,7 @@ index d3cc5dd..cfcad8a 100644
     process.env.ACTUAL_HTTPS_KEY && process.env.ACTUAL_HTTPS_CERT
       ? {
 diff --git a/src/migrations.js b/src/migrations.js
-index 964e1f2..3a341d7 100644
+index cba7db0..9983471 100644
 --- a/src/migrations.js
 +++ b/src/migrations.js
@@ -1,6 +1,12 @@
@ -37,11 +37,12 @@ index 964e1f2..3a341d7 100644
 export default function run(direction = 'up') {
   console.log(
-@@ -13,6 +19,7 @@ export default function run(direction = 'up') {
+@@ -13,7 +19,7 @@ export default function run(direction = 'up') {
         stateStore: `${path.join(config.dataDir, '.migrate')}${
           config.mode === 'test' ? '-test' : ''
         }`,
-+        migrationsDirectory,
+-        migrationsDirectory: `${path.join(config.projectRoot, 'migrations')}`,
 +        migrationsDirectory
       },
       (err, set) => {
-         if (err) {
+         if (err) {
--- a/overlays/actualbudget/package-lock.json
+++ b/overlays/actualbudget/package-lock.json
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -57,4 +57,7 @@ with roles;
  # Frigate (DVR)
  "frigate-credentials.age".publicKeys = frigate;
  # zigbee2mqtt secrets
  "zigbee2mqtt.yaml.age".publicKeys = zigbee;
 }
--- a/secrets/zigbee2mqtt.yaml.age
+++ b/secrets/zigbee2mqtt.yaml.age
@ -0,0 +1,8 @@
 age-encryption.org/v1
 -> ssh-ed25519 hPp1nw TSDuPaFp/Qcz4r819X4QmU/4J2TGpoX7jCCJCdFDog0
 SwQUqEp45xMOeTkvBG6uX28kB8YWG66laYqakSgl9w4
 -> ssh-ed25519 w3nu8g tLZDNE0iBgOpUB3djpNu3CgimsRc0zcds+AgctzxyQ4
 Oyz6XORsApM4vFxWyaD3bR/ApIUFPY3q4yGvtbosUIY
 --- vuXlQmuOFbJhBTACN5ciH2GlOCbRCMPZdlogG2O+KOk
 Áëÿ!}UIì	p0@Xž|°þ#æ™†0HÙõò#BÇRR<52>Ù
 òùø5¾Iÿ?vX?pÝ<70>—<>fqÍ[lž¸˜xÏG7ü;UäÀOUä¶
Author	SHA1	Message	Date
Zuckerberg	c7d9e84f73	Lock down access to mqtt All checks were successful Check Flake / check-flake (push) Successful in 1m6s Details	2024-10-27 16:15:23 -07:00
Zuckerberg	5b666a0565	Add nextcloud apps Some checks failed Check Flake / check-flake (push) Has been cancelled Details	2024-10-11 21:58:54 -07:00
Zuckerberg	6bc11767ca	Update Actual Budget All checks were successful Check Flake / check-flake (push) Successful in 2m46s Details	2024-10-11 21:20:46 -07:00
Zuckerberg	bdd2d9bef9	Update nextcloud	2024-10-11 21:20:18 -07:00