josephembrey/nix-homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages Wiki Activity Actions
6 releases 9 tags
  • v0.1.0 019f6414cb

    v0.1.0
    All checks were successful
    Release / release (push) Successful in 9s
    Details
    Stable

    josephembrey released this 2026-03-21 19:31:27 -04:00 | 47 commits to main since this release

    First versioned release. Major restructuring of the module tree, consumer ergonomics improvements, and comprehensive documentation.

    Added

    • meta.type option on all service modules — classifies each as nixos (wraps a NixOS service module), container (OCI/podman), or custom (original logic). Available at config.josephembrey.<service>.meta.type.
    • port options on container modules with web UIs: calibre (8081), factorio (34197), gokapi (53842), linkding (9090), sabnzbd (8080), seerr (5055), silverbullet (3000), syncthing (8384). Defaults match previously hardcoded values — no action needed on upgrade.
    • tag option on scrutiny (default "latest-omnibus") for pinning container image versions.
    • uid/gid options on factorio (default 845/845) for stable container user IDs.
    • Stable media group GID: all media modules now set users.groups.${cfg.group}.gid = lib.mkDefault 2000, ensuring consistent file ownership across audiobookshelf, bazarr, calibre, jellyfin, radarr, sabnzbd, and sonarr.
    • Sops ordering guards (after/wants on sops-install-secrets.service) added to linkding, copyparty, openclaw, cloudflare/fail2ban, cloudflare/tunnel. These ensure secrets are available before the service starts.
    • Documentation directory docs/:
      • ORGANIZATION.md — directory layout, category rules, flat vs directory criteria
      • MODULE-STYLE.md — code structure, section ordering, module type patterns
      • OPTIONS.md — option conventions, standard options by module type, UID/GID table
      • GUARDS.mdmkIf vs optionalAttrs, sops and impermanence guard patterns
      • FLAKE.md — flake outputs/inputs, lib.discover, consumer integration, dev shell
    • CHANGELOG.md following Keep a Changelog format.
    • Tag-triggered release workflow (.forgejo/workflows/release.yml) — extracts version notes from this file and creates a Forgejo release on v* tag push.

    Changed

    • BREAKING: Module file paths reorganized. All modules flattened from multi-file directories (e.g., services/bazarr/{options,module,caddy,impermanence}.nix) into single files (e.g., services/media/bazarr.nix). Complex modules (cloudflare, wireguard, recyclarr) retain a directory but with self-contained sub-files instead of split options/module pairs. Transparent to consumers using nixosModules.default — only affects direct file imports.
    • BREAKING: Services organized into categories. Media services moved to modules/services/media/, networking services to modules/services/networking/. Uncategorized services remain flat under modules/services/. Again, transparent to nixosModules.default consumers.
    • BREAKING: josephembrey.searxng default port changed from 8888 to 8890. The old default collided with gluetun's HTTP proxy port. Set josephembrey.searxng.port = 8888 to restore old behavior (not recommended if gluetun is also enabled).
    • BREAKING: services.caddy.logFormat now defaults to JSON with file output at /var/log/caddy/access.log. Previously defaulted to plain text level-only format. This enables fail2ban log parsing. Consumers can override via services.caddy.logFormat (now mkDefault).
    • All NixOS wrapper module values on services.* options now use lib.mkDefault. Consumers can override any preset value at normal priority without needing mkForce. This applies to 22 wrapper modules.
    • Module discovery (modules/services/default.nix) updated from single-level directory scan to hybrid flat-file + category + directory scanning. modules/system/default.nix updated for flat-file scanning.
    • home-assistant uid/gid now use lib.mkForce — required because the upstream NixOS module sets these at normal priority, and our stable IDs must take precedence.
    • CLAUDE.md trimmed to a concise overview with references to docs/.

    Fixed

    • Port collision between searxng (8888) and gluetun HTTP proxy (8888). Searxng moved to 8890; gluetun retains 8888 as the port owner.
    • crosswatch meta.type corrected from custom to container (it runs as an OCI container).
    • webhook meta.type corrected from custom to nixos (it wraps the NixOS webhook service module).
    • discord meta.type corrected from container to custom (it implements a script-based webhook, not an OCI container).
    • backups.nix replaced with pkgs; with explicit pkgs.restic, pkgs.rclone references per Nix style guidelines.
    • glance environment file now uses the upstream services.glance.environmentFile option instead of mkForce on systemd.services.glance.serviceConfig.EnvironmentFile.
    • pihole virtualisation.podman.defaultNetwork.settings.dns_enabled changed from lib.mkForce false to plain false — sufficient to override podman module's mkDefault true without force.
    • bazarr removed redundant systemd.services.bazarr.serviceConfig overrides for DynamicUser, User, and Group that duplicated upstream behavior.
    • Hardcoded sops-install-secrets.service dependencies in backups and cloudflare/dns replaced with conditional (lib.mkIf (config ? sops) ...) guards, so modules work correctly without sops-nix loaded.
    Downloads