updated flake

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1638267006,
-        "narHash": "sha256-heZdDlD09rnoeEiZ4wKfbXNDkO5I9qVFvX9d790h/XE=",
+        "lastModified": 1638553958,
+        "narHash": "sha256-leETjYMtD9y37CvfRSQhIGibcIl4dNVlFkY/8QgqmAM=",
         "owner": "rycee",
         "repo": "home-manager",
-        "rev": "3e93c4e8b2b479c712b7c20a428993b459118842",
+        "rev": "6ce1d64073f48b9bc9425218803b1b607454c1e7",
         "type": "github"
       },
       "original": {
@@ -23,11 +23,11 @@
     },
     "nixos-unstable": {
       "locked": {
-        "lastModified": 1638286143,
-        "narHash": "sha256-A+rgjbIpz3uPRKHPXwdmouVcVn5pZqLnaZHymjkraG4=",
+        "lastModified": 1638806821,
+        "narHash": "sha256-v2qd2Bsmzft53s43eCbN+4ocrLksRdFLyF/MAGuWuDA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "29d1f6e1f625d246dcf84a78ef97b4da3cafc6ea",
+        "rev": "bc5d68306b40b8522ffb69ba6cff91898c2fbbff",
         "type": "github"
       },
       "original": {
@@ -39,11 +39,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1638279546,
-        "narHash": "sha256-1KCwN7twjp1dBdp0jPgVdYFztDkCR8+roo0B34J9oBY=",
+        "lastModified": 1638887115,
+        "narHash": "sha256-emjtIeqyJ84Eb3X7APJruTrwcfnHQKs55XGljj62prs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "96b4157790fc96e70d6e6c115e3f34bba7be490f",
+        "rev": "1bd4bbd49bef217a3d1adea43498270d6e779d65",
         "type": "github"
       },
       "original": {

hosts/architect/default.nix

@@ -39,8 +39,10 @@ in {
 
   services.fwupd.enable = true;
   boot = {
-    kernelParams =
-      [ "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off" "nvme_core.default_ps_max_latency_us=5500" ];
+    kernelParams = [
+      "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off"
+      "nvme_core.default_ps_max_latency_us=5500"
+    ];
     kernel.sysctl."net.ipv4.ip_forward" = 1;
     initrd = {
       availableKernelModules = [ "igc" "r8169" ];
@@ -70,6 +72,7 @@ in {
 
     supportedFilesystems = [ "zfs" ];
     zfs.requestEncryptionCredentials = true;
+    tmpOnTmpfsSize = "75%";
   };
 
   networking = {

hosts/architect/gitea.nix

@@ -5,9 +5,8 @@ with import ./network.nix; {
     domain = "git.giugl.io";
     appName = "Gitea";
     rootUrl = "https://git.giugl.io";
-    ssh.clonePort = 10022;
-    log.level = "Info";
-    settings.server.START_SSH_SERVER = true;
+    ssh.clonePort = 22;
+    settings.server.LFS_START_SERVER = true;
   };
 
   services.nginx.virtualHosts.${gitdomain} = {
@@ -29,4 +28,5 @@ with import ./network.nix; {
     ${architect-lan} ${gitdomain}
     ${architect-wg} ${gitdomain}
   '';
+
 }

hosts/architect/hardware.nix

@@ -42,12 +42,6 @@
     fsType = "vfat";
   };
 
-  fileSystems."/tmp" = {
-    fsType = "tmpfs";
-    device = "tmpfs";
-    options = [ "mode=1777" "strictatime" "rw" "nosuid" "nodev" "size=29G" ];
-  };
-
   swapDevices = [{
     device = "/dev/sdc1";
     size = 100000;

hosts/architect/matrix.nix

@@ -18,8 +18,8 @@ with import ./network.nix; {
         auto_join_rooms:
           - "#infra:matrix.giugl.io"
           - "#general:matrix.giugl.io"
-          - "#gaming:matrix.giugl.io"
           - "#movies:matrix.giugl.io"
+        max_upload_size: "30M"
       '';
       listeners = [{
         port = 8008;
@@ -42,6 +42,7 @@ with import ./network.nix; {
 
     postgresql = {
       enable = true;
+      package = pkgs.postgresql_11;
       ensureDatabases = [ "synapse" ];
       ensureUsers = [{
         name = "matrix-synapse";
@@ -54,6 +55,9 @@ with import ./network.nix; {
       ${matrixdomain} = {
         enableACME = true;
         forceSSL = true;
+        extraConfig = ''
+          client_max_body_size  30m;
+        '';
         locations."= /.well-known/matrix/server".extraConfig =
           let server = { "m.server" = "${matrixdomain}:443"; };
           in ''