about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-04-14 02:51:09 +0300
committerAzat Bahawi <azat@bahawi.net>2023-04-14 02:51:09 +0300
commit39ed30937ec29217820583e07ff1f447d08b9898 (patch)
tree96dc9d1a62e320c89510cd910add2ce8fb819850
parent2023-04-12 (diff)
2023-04-14
Diffstat (limited to '')
-rw-r--r--flake.lock78
-rw-r--r--lib/my.nix6
-rw-r--r--modules/common/common/nix/default.nix2
-rw-r--r--modules/nixos/git/default.nix6
-rw-r--r--modules/nixos/ipfs.nix21
-rw-r--r--modules/nixos/lidarr.nix13
-rw-r--r--modules/nixos/monitoring/rules/node.yaml19
-rw-r--r--modules/nixos/monitoring/rules/redis.yaml89
-rw-r--r--modules/nixos/mpd.nix2
-rw-r--r--modules/nixos/nsd.nix2
-rw-r--r--modules/nixos/radarr.nix13
-rw-r--r--modules/nixos/shadowsocks.nix2
-rw-r--r--modules/nixos/sonarr.nix13
-rw-r--r--modules/nixos/unbound.nix11
-rw-r--r--nixosConfigurations/manwe/default.nix1
-rw-r--r--nixosConfigurations/yavanna/default.nix15
16 files changed, 108 insertions, 185 deletions
diff --git a/flake.lock b/flake.lock
index 31fe897..0d30364 100644
--- a/flake.lock
+++ b/flake.lock
@@ -121,11 +121,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1680266963,
-        "narHash": "sha256-IW/lzbUCOcldLHWHjNSg1YoViDnZOmz0ZJL7EH9OkV8=",
+        "lastModified": 1681154394,
+        "narHash": "sha256-avnu1K9AuouygBiwVKuDp6emiTET43az3rcpv0ctLjc=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "99d4187d11be86b49baa3a1aec0530004072374f",
+        "rev": "025912529dd0b31dead95519e944ea05f1ad56f2",
         "type": "github"
       },
       "original": {
@@ -179,11 +179,11 @@
     "flake-registry": {
       "flake": false,
       "locked": {
-        "lastModified": 1674218164,
-        "narHash": "sha256-oLNWhwrV252kiy2tGQwwJNKFR+iG0fjsw0GSE/XVTR8=",
+        "lastModified": 1681032461,
+        "narHash": "sha256-3xrrC7YpoajVynlvj0+iQev6PWJRjS213ulTi3HNLeo=",
         "owner": "NixOS",
         "repo": "flake-registry",
-        "rev": "507c028d8d189b6647592dfd10ee677578de45a1",
+        "rev": "4ea5076e347dda44283714b8f4d580f6922064e9",
         "type": "github"
       },
       "original": {
@@ -194,12 +194,15 @@
       }
     },
     "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
       "locked": {
-        "lastModified": 1680776469,
-        "narHash": "sha256-3CXUDK/3q/kieWtdsYpDOBJw3Gw4Af6x+2EiSnIkNQw=",
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "411e8764155aa9354dbcd6d5faaeb97e9e3dce24",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
         "type": "github"
       },
       "original": {
@@ -240,11 +243,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1680667162,
-        "narHash": "sha256-2vgxK4j42y73S3XB2cThz1dSEyK9J9tfu4mhuEfAw68=",
+        "lastModified": 1681250798,
+        "narHash": "sha256-fQMROyKzPFBPqJy9J4ffywm02ZuqAI0GW1O1QibVpdQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "440faf5ae472657ef2d8cc7756d77b6ab0ace68d",
+        "rev": "28698126bd825aff21cae9ffd15cf83e169051b0",
         "type": "github"
       },
       "original": {
@@ -296,11 +299,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1680830495,
-        "narHash": "sha256-w7JCznnip3HcuviaSHRsSuMBTTSNBkEoS8NaYP0EE/E=",
+        "lastModified": 1681262808,
+        "narHash": "sha256-A4CCPgNUDTLnu7WNdcE0GD/IhcIdV9fmNvWl6bC5f8Q=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "7407f3287a8e1f51b03d7a4de327c9ff318de0b9",
+        "rev": "2d5c4d090c759b7cf9ef6292f33d0702dab21d09",
         "type": "github"
       },
       "original": {
@@ -328,11 +331,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1680819799,
-        "narHash": "sha256-zuHl2LNr1Bll64zfr7805Yvvu23S1e//5Up0oqvjknY=",
+        "lastModified": 1681358109,
+        "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "144133c526040a5140e89366ff72ac2d387e9bbb",
+        "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9",
         "type": "github"
       },
       "original": {
@@ -344,11 +347,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1680882415,
-        "narHash": "sha256-trt2pwLDu1+kEtp3bx2DiYgg8CFWNbes+ujdAtSBO/U=",
+        "lastModified": 1681414187,
+        "narHash": "sha256-Vwl5bTDAZA28/M0/31tBgKw9g+vnHtDm6m5EkG9rmHU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "cd07e0258cf73e1bcbd0c9abc5513baa091ee801",
+        "rev": "f53d20ef81e9d98033ccf34509aace3e99dcfbb7",
         "type": "github"
       },
       "original": {
@@ -360,11 +363,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1680879128,
-        "narHash": "sha256-ISFCCZ3/Dw5WK/6kFKwqA6gIEaOjqU/5NoB6Vge87sE=",
+        "lastModified": 1681411673,
+        "narHash": "sha256-23S0skJVstbQtrhy+65Bi4Jrdw74hY1OYbBnuuQausc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fa98075869eb8264052548dde5c2ce9e68cf4cf1",
+        "rev": "80d54821fffaffbc90409a1262ea91071e0dff8f",
         "type": "github"
       },
       "original": {
@@ -410,11 +413,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1680878697,
-        "narHash": "sha256-CKdUnm3Nuh0rWLXq9p/FHTop7SkYOO+4XRgRGumxc0M=",
+        "lastModified": 1681413105,
+        "narHash": "sha256-RVurZLx/l83DOSB2Uy92kGyuhMOc+jEieHvjtJy4t90=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "e3157bf0c8429092a4b84e45504ed8e3efb3a8d3",
+        "rev": "81da935a918fa216295272c576705f816f0fc36a",
         "type": "github"
       },
       "original": {
@@ -466,11 +469,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1680865110,
-        "narHash": "sha256-SOBuUZe+icM5zqeEBGRY/fM6BDanEySw4Ph9TQgC3MY=",
+        "lastModified": 1681413034,
+        "narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "a6a5e1fa5327a8809c51bc6c69407b8a76f1a4ec",
+        "rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5",
         "type": "github"
       },
       "original": {
@@ -538,6 +541,21 @@
         "type": "gitlab"
       }
     },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "xmonad-ng": {
       "inputs": {
         "flake-utils": [
diff --git a/lib/my.nix b/lib/my.nix
index 96f26f3..77d3ea1 100644
--- a/lib/my.nix
+++ b/lib/my.nix
@@ -165,7 +165,6 @@ with lib;
                 "bitwarden.${shire}"
                 "git.${azahi}"
                 "git.${shire}"
-                "gotify.${shire}"
                 "grafana.${shire}"
                 "loki.${shire}"
                 "ntfy.${shire}"
@@ -218,7 +217,10 @@ with lib;
                 ipv6.address = "fd69::1:2";
                 publicKey = "@PUBLIC_KEY@";
               };
-              domains = with my.domain; ["flood.${shire}"];
+              domains = with my.domain; [
+                "flood.${shire}"
+                "lidarr.${shire}"
+              ];
               syncthing.id = "@SYNCTHING_ID@";
             };
 
diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix
index dc73d68..dea9358 100644
--- a/modules/common/common/nix/default.nix
+++ b/modules/common/common/nix/default.nix
@@ -99,7 +99,7 @@ with lib; {
           patches = [./patches/alejandra-no-ads.patch];
         });
 
-        inherit (pkgsPR "225109" "sha256-aLQcBwo2y92bn/nugidJtFCCEdkNOkSsTeoZ5B2Qt1c=") libvlc;
+        inherit (pkgsPR "225985" "sha256-wS8vyIEH2gFt3cLvSrROTULu8N8FCUle6cy2zqHN+VI=") mangohud;
       }
       // (with super; let
         np = nodePackages;
diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix
index fd25eec..62a200c 100644
--- a/modules/nixos/git/default.nix
+++ b/modules/nixos/git/default.nix
@@ -30,9 +30,9 @@ in {
         locations = {
           "/".extraConfig = let
             cgitrc = pkgs.writeText "cgitrc" ''
-              root-title=github sux >:^(
-              root-desc=Homo sum, humani a me nihil alienum puto.
-              footer=
+              root-title=github sux (⩺_⩹)
+              root-desc=https://github.com/azahi
+              footer=https://GiveUpGitHub.com
 
               clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL
 
diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix
index 68075ff..6d32ec6 100644
--- a/modules/nixos/ipfs.nix
+++ b/modules/nixos/ipfs.nix
@@ -60,6 +60,7 @@ in {
         emptyRepo = true;
         enableGC = true;
 
+        # https://github.com/ipfs/kubo/blob/master/docs/config.md
         settings = mkMerge [
           (
             let
@@ -94,30 +95,18 @@ in {
                   "/ip4/0.0.0.0/tcp/${port}"
                   "/ip6/::/tcp/${port}"
                   "/ip4/0.0.0.0/udp/${port}/quic"
+                  "/ip4/0.0.0.0/udp/${port}/quic-v1"
+                  "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport"
                   "/ip6/::/udp/${port}/quic"
+                  "/ip6/::/udp/${port}/quic-v1"
+                  "/ip6/::/udp/${port}/quic-v1/webtransport"
                 ];
 
                 NoAnnounce = filterAddresses;
               };
               Swarm.AddrFilters = filterAddresses;
-              API.HTTPHeaders.Access-Control-Allow-Methods = [
-                "GET"
-                "POST"
-                "PUT"
-              ];
             }
           )
-          (mkIf this.isHeadful {
-            API.HTTPHeaders.Access-Control-Allow-Origin = ["*"];
-          })
-          (mkIf this.isHeadless {
-            API.HTTPHeaders.Access-Control-Allow-Origin = map (v: "http${
-              optionalString config.nixfiles.modules.acme.enable "s"
-            }://${v}") (with cfg; [
-              domain
-              "api.${domain}"
-            ]);
-          })
         ];
       };
 
diff --git a/modules/nixos/lidarr.nix b/modules/nixos/lidarr.nix
index f73f917..8439ec0 100644
--- a/modules/nixos/lidarr.nix
+++ b/modules/nixos/lidarr.nix
@@ -12,7 +12,7 @@ in {
     domain = mkOption {
       description = "Domain name sans protocol scheme.";
       type = with types; str;
-      default = "lidarr.${config.networking.fqdn}";
+      default = "lidarr.${config.networking.domain}";
     };
   };
 
@@ -20,9 +20,16 @@ in {
     nixfiles.modules.nginx = {
       enable = true;
       upstreams.lidarr.servers."127.0.0.1:8686" = {};
-      virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://lidarr";
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://lidarr";
+        extraConfig = nginxInternalOnly;
+      };
     };
 
-    services.lidarr.enable = true;
+    services.lidarr = {
+      enable = true;
+      user = "rtorrent";
+      group = "rtorrent";
+    };
   };
 }
diff --git a/modules/nixos/monitoring/rules/node.yaml b/modules/nixos/monitoring/rules/node.yaml
index 98217b3..eee5939 100644
--- a/modules/nixos/monitoring/rules/node.yaml
+++ b/modules/nixos/monitoring/rules/node.yaml
@@ -238,28 +238,11 @@ groups:
             VALUE = {{ $value }}
             LABELS = {{ $labels }}
 
-      - alert: HostCpuStealNoisyNeighbor
-        expr: >-
-          avg by(instance) (rate(node_cpu_seconds_total{mode="steal"}[5m]))
-          * 100
-          > 15
-        for: 0m
-        labels:
-          severity: warning
-        annotations:
-          summary: Host CPU steal noisy neighbor at {{ $labels.instance }}.
-          description: |-
-            CPU steal is > 10%. A noisy neighbor is killing VM performances or a
-            spot instance may be out of credit.
-
-              VALUE = {{ $value }}
-              LABELS = {{ $labels }}
-
       - alert: HostCpuHighIowait
         expr: |-
           avg by (instance) (rate(node_cpu_seconds_total{mode="iowait"}[5m]))
           * 100
-          > 15
+          > 50
         for: 0m
         labels:
           severity: warning
diff --git a/modules/nixos/monitoring/rules/redis.yaml b/modules/nixos/monitoring/rules/redis.yaml
index c07c819..b47c313 100644
--- a/modules/nixos/monitoring/rules/redis.yaml
+++ b/modules/nixos/monitoring/rules/redis.yaml
@@ -17,95 +17,6 @@ groups:
             VALUE = {{ $value }}
             LABELS = {{ $labels }}
 
-      - alert: RedisMissingMaster
-        expr: >-
-          (count(redis_instance_info{role="master"}) or vector(0))
-          < 1
-        for: 0m
-        labels:
-          severity: critical
-        annotations:
-          summary: Redis missing master at {{ $labels.instance }}).
-          description: |-
-            Redis cluster has no node marked as a master.
-
-            VALUE = {{ $value }}
-            LABELS = {{ $labels }}
-
-      - alert: RedisTooManyMasters
-        expr: >-
-          count(redis_instance_info{role="master"}) > 1
-        for: 0m
-        labels:
-          severity: critical
-        annotations:
-          summary: Redis too many masters at {{ $labels.instance }}.
-          description: |-
-            Redis cluster has too many nodes marked as a master.
-
-            VALUE = {{ $value }}
-            LABELS = {{ $labels }}
-
-      - alert: RedisDisconnectedSlaves
-        expr: >-
-          count without (instance, job) (redis_connected_slaves)
-          - sum without (instance, job) (redis_connected_slaves)
-          - 1
-          > 1
-        for: 0m
-        labels:
-          severity: critical
-        annotations:
-          summary: Redis disconnected slaves at {{ $labels.instance }}.
-          description: |-
-            Redis is not replicating for all slaves.
-
-            VALUE = {{ $value }}
-            LABELS = {{ $labels }}
-
-      - alert: RedisReplicationBroken
-        expr: >-
-          delta(redis_connected_slaves[1m]) < 0
-        for: 0m
-        labels:
-          severity: critical
-        annotations:
-          summary: Redis replication broken at {{ $labels.instance }}.
-          description: |-
-            Redis instance lost a slave.
-
-            VALUE = {{ $value }}
-            LABELS = {{ $labels }}
-
-      - alert: RedisClusterFlapping
-        expr: >-
-          changes(redis_connected_slaves[1m]) > 1
-        for: 2m
-        labels:
-          severity: critical
-        annotations:
-          summary: Redis cluster flapping at {{ $labels.instance }}.
-          description: |-
-            Changes have been detected in the Redis replica connection. This can occur when replica nodes lose connection to the master and reconnect (a.k.a flapping).
-
-            VALUE = {{ $value }}
-            LABELS = {{ $labels }}
-
-      - alert: RedisMissingBackup
-        expr: >-
-          time() - redis_rdb_last_save_timestamp_seconds
-          > 60 * 60 * 24
-        for: 0m
-        labels:
-          severity: critical
-        annotations:
-          summary: Redis missing backup at {{ $labels.instance }}.
-          description: |-
-            Redis has not been backed up for 24 hours.
-
-            VALUE = {{ $value }}
-            LABELS = {{ $labels }}
-
       - alert: RedisOutOfSystemMemory
         expr: >-
           redis_memory_used_bytes
diff --git a/modules/nixos/mpd.nix b/modules/nixos/mpd.nix
index b38ab9f..6db83f8 100644
--- a/modules/nixos/mpd.nix
+++ b/modules/nixos/mpd.nix
@@ -10,6 +10,8 @@ in {
   options.nixfiles.modules.mpd.enable = mkEnableOption "MPD and its clients.";
 
   config = mkIf cfg.enable {
+    nixfiles.modules.sound.enable = true;
+
     hm = {
       home.packages = with pkgs; [mpc_cli];
 
diff --git a/modules/nixos/nsd.nix b/modules/nixos/nsd.nix
index d2ab117..3659a7a 100644
--- a/modules/nixos/nsd.nix
+++ b/modules/nixos/nsd.nix
@@ -109,7 +109,6 @@ in {
                       alertmanager = manwe;
                       bitwarden = manwe;
                       git = manwe;
-                      gotify = manwe;
                       grafana = manwe;
                       loki = manwe;
                       ntfy = manwe;
@@ -119,6 +118,7 @@ in {
                       vaultwarden = manwe;
 
                       flood = yavanna;
+                      lidarr = yavanna;
                     };
                   }
                 ];
diff --git a/modules/nixos/radarr.nix b/modules/nixos/radarr.nix
index 0abfdf2..c706eae 100644
--- a/modules/nixos/radarr.nix
+++ b/modules/nixos/radarr.nix
@@ -12,7 +12,7 @@ in {
     domain = mkOption {
       description = "Domain name sans protocol scheme.";
       type = with types; str;
-      default = "radarr.${config.networking.fqdn}";
+      default = "radarr.${config.networking.domain}";
     };
   };
 
@@ -20,9 +20,16 @@ in {
     nixfiles.modules.nginx = {
       enable = true;
       upstreams.radarr.servers."127.0.0.1:7878" = {};
-      virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://radarr";
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://radarr";
+        extraConfig = nginxInternalOnly;
+      };
     };
 
-    services.radarr.enable = true;
+    services.radarr = {
+      enable = true;
+      user = "rtorrent";
+      group = "rtorrent";
+    };
   };
 }
diff --git a/modules/nixos/shadowsocks.nix b/modules/nixos/shadowsocks.nix
index b59359c..f9997ba 100644
--- a/modules/nixos/shadowsocks.nix
+++ b/modules/nixos/shadowsocks.nix
@@ -105,7 +105,7 @@ in {
       "net.ipv4.ip_local_port_range" = "10000 65000";
       "net.ipv4.tcp_max_syn_backlog" = pow 2 13;
       "net.ipv4.tcp_max_tw_buckets" = pow 2 12;
-      "net.ipv4.tcp_fastopen" = 3;
+      "net.ipv4.tcp_fastopen" = mkOverride 100 3;
       "net.ipv4.tcp_mem" = mkOverride 100 (mkTcpMem 15 16 17);
       "net.ipv4.tcp_rmem" = mkOverride 100 (mkTcpMem 12 16 26);
       "net.ipv4.tcp_wmem" = mkOverride 100 (mkTcpMem 12 16 26);
diff --git a/modules/nixos/sonarr.nix b/modules/nixos/sonarr.nix
index 8c79175..5990ff1 100644
--- a/modules/nixos/sonarr.nix
+++ b/modules/nixos/sonarr.nix
@@ -12,7 +12,7 @@ in {
     domain = mkOption {
       description = "Domain name sans protocol scheme.";
       type = with types; str;
-      default = "sonarr.${config.networking.fqdn}";
+      default = "sonarr.${config.networking.domain}";
     };
   };
 
@@ -20,9 +20,16 @@ in {
     nixfiles.modules.nginx = {
       enable = true;
       upstreams.sonarr.servers."127.0.0.1:8989" = {};
-      virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://sonarr";
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://sonarr";
+        extraConfig = nginxInternalOnly;
+      };
     };
 
-    services.sonarr.enable = true;
+    services.sonarr = {
+      enable = true;
+      user = "rtorrent";
+      group = "rtorrent";
+    };
   };
 }
diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix
index 2291cc7..79d52eb 100644
--- a/modules/nixos/unbound.nix
+++ b/modules/nixos/unbound.nix
@@ -86,13 +86,16 @@ in {
                 "${ipv6.subnet} allow"
               ];
 
-              private-domain = cfg.domain;
+              private-domain = "${cfg.domain}.";
               private-address = with config.nixfiles.modules.wireguard; [
                 ipv4.subnet
                 ipv6.subnet
               ];
 
-              domain-insecure = cfg.domain;
+              cache-min-ttl = 0;
+
+              serve-expired = true;
+              serve-expired-reply-ttl = 0;
 
               prefetch = true;
               prefetch-key = true;
@@ -123,6 +126,8 @@ in {
             };
           };
 
+          enableRootTrustAnchor = true;
+
           localControlSocketPath = "/run/unbound/unbound.socket";
         };
 
@@ -174,5 +179,7 @@ in {
           wantedBy = ["timers.target"];
         };
       };
+
+      boot.kernel.sysctl."net.ipv4.tcp_fastopen" = mkOverride 200 3;
     };
 }
diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix
index a3c16b0..267654d 100644
--- a/nixosConfigurations/manwe/default.nix
+++ b/nixosConfigurations/manwe/default.nix
@@ -29,7 +29,6 @@ with lib; {
       domain = "git.${my.domain.azahi}";
     };
 
-    gotify.enable = true;
     matrix.dendrite = {
       enable = true;
       domain = my.domain.azahi;
diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix
index 145a872..908b6d3 100644
--- a/nixosConfigurations/yavanna/default.nix
+++ b/nixosConfigurations/yavanna/default.nix
@@ -8,19 +8,10 @@ with lib; {
     acme.enable = true;
 
     rtorrent.enable = true;
+    lidarr.enable = true;
 
-    ipfs.enable = true;
-  };
-
-  # The /nix/var/nix/db/db.sqlite file is currently corrupt. This is technically
-  # fixable with a reinstall, but this system doesn't have a recovery mode
-  # access and I'm too lazy to redo everything with nixos-infect at this point.
-  #
-  # These services fail because of that. Although, updating configuration works
-  # just fine.
-  nix = {
-    gc.automatic = mkForce false;
-    optimise.automatic = mkForce false;
+    # Eats too much CPU to run unattended :(
+    # ipfs.enable = true;
   };
 
   boot = {

Consider giving Nix/NixOS a try! <3