From a8a639db6eb6a093a01fd4d113f8c644019789c1 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 2 Apr 2026 11:37:34 +0200 Subject: [PATCH] check in time --- clan.nix | 91 ++--- clanServices/peristence/default.nix | 153 ++++++- clanServices/servarr/default.nix | 31 +- clanServices/servarr/lib.nix | 28 +- interfaces/persistence.nix | 20 + interfaces/servarr.nix | 16 + machines/ulmo/configuration.nix | 372 +++++++++--------- .../ulmo/lidarr/api_key/machines/ulmo | 1 - .../ulmo/lidarr/api_key/users/chris | 1 - .../ulmo/lidarr/config.env/machines/ulmo | 1 - .../ulmo/lidarr/config.env/users/chris | 1 - .../ulmo/postgresql/.pgpass/machines/ulmo | 1 - .../ulmo/postgresql/.pgpass/users/chris | 1 - .../ulmo/postgresql/lidarr_hash/users/chris | 1 - .../postgresql/lidarr_password/users/chris | 1 - .../ulmo/postgresql/prowlarr_hash/users/chris | 1 - .../postgresql/prowlarr_password/users/chris | 1 - .../ulmo/postgresql/radarr_hash/users/chris | 1 - .../postgresql/radarr_password/users/chris | 1 - .../ulmo/postgresql/server.crt/machines/ulmo | 1 - .../ulmo/postgresql/server.crt/users/chris | 1 - .../ulmo/postgresql/server.key/machines/ulmo | 1 - .../ulmo/postgresql/server.key/users/chris | 1 - .../ulmo/postgresql/sonarr_hash/users/chris | 1 - .../postgresql/sonarr_password/users/chris | 1 - .../ulmo/prowlarr/api_key/machines/ulmo | 1 - .../ulmo/prowlarr/api_key/users/chris | 1 - .../ulmo/prowlarr/config.env/machines/ulmo | 1 - .../ulmo/prowlarr/config.env/users/chris | 1 - .../ulmo/radarr/api_key/machines/ulmo | 1 - .../ulmo/radarr/api_key/users/chris | 1 - .../ulmo/radarr/config.env/machines/ulmo | 1 - .../ulmo/radarr/config.env/users/chris | 1 - .../ulmo/servarr/config.tfvars/machines/ulmo | 1 - .../ulmo/servarr/config.tfvars/users/chris | 1 - .../ulmo/sonarr/api_key/machines/ulmo | 1 - .../ulmo/sonarr/api_key/users/chris | 1 - .../ulmo/sonarr/config.env/machines/ulmo | 1 - .../ulmo/sonarr/config.env/users/chris | 1 - 39 files changed, 436 insertions(+), 307 deletions(-) create mode 100644 interfaces/persistence.nix create mode 100644 interfaces/servarr.nix delete mode 120000 vars/per-machine/ulmo/lidarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/lidarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/lidarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/lidarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo delete mode 120000 vars/per-machine/ulmo/postgresql/.pgpass/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/lidarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/radarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/radarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo delete mode 120000 vars/per-machine/ulmo/postgresql/server.crt/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/server.key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/postgresql/server.key/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/sonarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/prowlarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/prowlarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/radarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/radarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/radarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/radarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo delete mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/users/chris delete mode 120000 vars/per-machine/ulmo/sonarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sonarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/sonarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sonarr/config.env/users/chris diff --git a/clan.nix b/clan.nix index ae3cb5e..88ad92a 100644 --- a/clan.nix +++ b/clan.nix @@ -8,36 +8,8 @@ directory = ./.; exportInterfaces = { - persistence = {lib, ...}: let - inherit (lib) mkOption types; - in { - options = { - main = mkOption { - type = types.str; - }; - - database = mkOption { - type = types.attrsOf types.anything; - }; - }; - }; - - servarr = {lib, ...}: let - inherit (lib) mkOption types; - in { - options = { - services = mkOption { - type = types.attrsOf (types.submodule { - options = { - port = mkOption { - type = types.port; - }; - }; - }); - default = "awesome!"; - }; - }; - }; + persistence = import ./interfaces/persistence.nix; + servarr = import ./interfaces/servarr.nix; }; inventory.machines = { @@ -99,8 +71,10 @@ inventory.instances = { users-chris = { - module.name = "users"; - module.input = "clan-core"; + module = { + name = "users"; + input = "clan-core"; + }; roles.default.machines.mandos.settings = {}; roles.default.machines.manwe.settings = {}; @@ -116,38 +90,45 @@ }; persistence = { - module.name = "persistence"; - module.input = "self"; + module = { + name = "persistence"; + input = "self"; + }; # TODO :: Convert to use tags instead roles.default.machines.ulmo.settings = {}; }; servarr = { - module.name = "servarr"; - module.input = "self"; + module = { + name = "servarr"; + input = "self"; + }; # TODO :: Convert to use tags instead - roles.default.machines.ulmo.settings = {}; - roles.default.settings = { - enable = true; - services = { - sonarr = { - rootFolders = [ - "/var/media/series" - ]; + roles.default = { + machines.ulmo.settings = {}; + + settings = { + enable = true; + services = { + sonarr = { + rootFolders = [ + "/var/media/series" + ]; + }; + radarr = { + rootFolders = [ + "/var/media/movies" + ]; + }; + lidarr = { + rootFolders = [ + "/var/media/music" + ]; + }; + prowlarr = {}; }; - radarr = { - rootFolders = [ - "/var/media/movies" - ]; - }; - lidarr = { - rootFolders = [ - "/var/media/music" - ]; - }; - prowlarr = {}; }; }; }; diff --git a/clanServices/peristence/default.nix b/clanServices/peristence/default.nix index d0cbc19..c3b5d9e 100644 --- a/clanServices/peristence/default.nix +++ b/clanServices/peristence/default.nix @@ -1,4 +1,11 @@ -{...}: { +{ + lib, + clanLib, + exports, + ... +}: let + inherit (builtins) toString; +in { _class = "clan.service"; manifest = { name = "arda/persistence"; @@ -7,28 +14,156 @@ (for now this means a database. and specifically it means postgres) ''; readme = builtins.readFile ./README.md; - exports.out = ["persistence"]; + exports = { + inputs = ["persistence"]; + out = ["persistence"]; + }; }; roles.default = { description = ''''; - interface = {...}: { - options = {}; + interface = {lib, ...}: let + inherit (lib) mkOption types; + in { + options = { + port = mkOption { + type = types.port; + default = 5432; + }; + }; }; - perInstance = {mkExports, ...}: { + perInstance = { + mkExports, + machine, + settings, + ... + }: let + requested_databases = + exports + |> clanLib.selectExports (_scope: true) + |> lib.mapAttrsToList (_: value: value.persistence.databases or []) + |> lib.concatLists; + in { exports = mkExports { persistence = { main = "postgresql"; - database.postgresql = { - host = ""; - port = 5432; + driver.postgresql = { + host = "localhost"; + port = settings.port; + databases = requested_databases; }; }; }; - nixosModule = {...}: { + nixosModule = { + lib, + pkgs, + config, + ... + }: { + clan.core.vars.generators.postgresql = let + password_files = + requested_databases + |> lib.map (db: [ + { + name = "${db}_password"; + value = { + secret = true; + deploy = false; + }; + } + ]) + |> lib.concatLists + |> lib.listToAttrs; + in { + files = + { + "server.crt" = { + secret = true; + deploy = true; + }; + "server.key" = { + secret = true; + deploy = true; + }; + ".pgpass" = { + secret = true; + deploy = true; + + owner = "postgres"; + group = "postgres"; + mode = "0600"; + restartUnits = ["service.postgresql"]; + }; + } + // password_files; + + runtimeInputs = with pkgs; [openssl_3_5 pwgen]; + script = '' + openssl req \ + -new -x509 -days 365 -nodes -text \ + -out $out/server.crt \ + -keyout $out/server.key \ + -subj "/CN=db.${config.networking.fqdn}" + + ${requested_databases + |> lib.map (db: "pwgen -s 128 1 > $out/${db}_password") + |> lib.join "\n"} + + cat << EOL > $out/.pgpass + #host:port:database:user:password + ${requested_databases + |> lib.map (db: "*:${toString settings.port}:${db}:${db}:$(cat $out/${db}_password)") + |> lib.join "\n"} + EOL + ''; + }; + + systemd.services.postgresql.environment.PGPASSFILE = config.clan.core.vars.generators.postgresql.files.".pgpass".path; + + services = { + postgresql = { + enable = true; + # enableTCPIP = true; + + settings = { + port = settings.port; + ssl = true; + }; + + ensureDatabases = requested_databases; + ensureUsers = + requested_databases + |> lib.map (db: { + name = db; + ensureDBOwnership = true; + ensureClauses = { + login = true; + connection_limit = 5; + }; + }); + + identMap = '' + #map sys user db user + superuser_map root postgres + superuser_map postgres postgres + superuser_map /^(.+)$ \1 + ''; + + authentication = '' + # Generated file, do not edit! + # type database user auth-method optional_ident_map + local sameuser all peer map=superuser_map + + # TYPE DATABASE USER ADDRESS METHOD + # local all all trust + host all all 127.0.0.1/32 scram-sha-256 + host all all ::1/128 scram-sha-256 + ''; + }; + }; }; }; }; diff --git a/clanServices/servarr/default.nix b/clanServices/servarr/default.nix index 1b36eeb..ccdbb66 100644 --- a/clanServices/servarr/default.nix +++ b/clanServices/servarr/default.nix @@ -1,6 +1,5 @@ { exports, - clanLib, lib, ... }: { @@ -11,8 +10,8 @@ categories = ["Service" "Media"]; readme = builtins.readFile ./README.md; exports = { - inputs = ["persistence"]; - out = ["servarr"]; + inputs = []; + out = ["servarr" "persistence"]; }; }; @@ -24,6 +23,16 @@ in { options = { enable = mkEnableOption "Enable configured *arr services"; + + database = { + host = mkOption { + type = types.str; + }; + port = mkOption { + type = types.port; + }; + }; + services = mkOption { type = types.attrsOf (types.submodule ({name, ...}: { options = { @@ -53,6 +62,10 @@ ... }: { exports = mkExports { + persistence.databases = + settings.services + |> lib.attrNames; + servarr.services = settings.services |> lib.attrNames @@ -73,8 +86,6 @@ servarr = import ./lib.nix (args // {inherit settings;}); services = settings.services |> lib.attrNames; service_count = services |> lib.length; - - db = exports |> clanLib.getExport {serviceName = "persistence";}; in { imports = [ (import ./sabnzbd.nix (args @@ -121,16 +132,6 @@ openFirewall = true; port = 2000 + service_count + 3; }; - - postgresql = { - ensureDatabases = services; - ensureUsers = - services - |> lib.map (service: { - name = service; - ensureDBOwnership = true; - }); - }; }; }; }; diff --git a/clanServices/servarr/lib.nix b/clanServices/servarr/lib.nix index 43fde4d..0abda3c 100644 --- a/clanServices/servarr/lib.nix +++ b/clanServices/servarr/lib.nix @@ -13,6 +13,8 @@ options, ... }: { + dependencies = ["postgresql"]; + files = { api_key = { secret = true; @@ -33,7 +35,10 @@ runtimeInputs = with pkgs; [pwgen]; script = '' pwgen -s 128 1 > $out/api_key - echo ${lib.toUpper service}__AUTH__APIKEY="$(cat $out/api_key)" > $out/config.env + cat << EOL > $out/config.env + ${lib.toUpper service}__AUTH__APIKEY="$(cat $out/api_key)" + ${lib.toUpper service}__POSTGRES_PASSWORD="$(cat $in/postgresql/${service}_password)" + EOL ''; }; @@ -41,7 +46,9 @@ service, options, ... - }: + }: let + inherit (builtins) toString; + in { enable = true; openFirewall = true; @@ -58,9 +65,10 @@ port = options.port; }; + # Password provided via environment file postgres = { - host = "localhost"; - port = "5432"; + host = settings.database.host; + port = toString settings.database.port; user = service; maindb = service; logdb = service; @@ -72,7 +80,7 @@ group = "media"; }); - createSystemdService = { + createSystemdService = args @ { service, options, ... @@ -81,7 +89,7 @@ terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { system = pkgs.stdenv.hostPlatform.system; modules = [ - (createInfra {inherit service options;}) + (createInfra args) ]; }; in { @@ -300,7 +308,7 @@ )); }; in { - createModule = services: {...}: { + createModule = services: args: { config = services |> lib.attrsToList @@ -311,10 +319,10 @@ in { service = name; options = value // {port = 2000 + i;}; in { - clan.core.vars.generators.${service} = createGenerator {inherit service options;}; - services.${service} = createService {inherit service options;}; + clan.core.vars.generators.${service} = createGenerator (args // {inherit service options;}); + services.${service} = createService (args // {inherit service options;}); - systemd.services."${service}-apply-infra" = lib.mkIf settings.enable (createSystemdService {inherit service options;}); + systemd.services."${service}-apply-infra" = lib.mkIf settings.enable (createSystemdService (args // {inherit service options;})); }) |> lib.mkMerge; }; diff --git a/interfaces/persistence.nix b/interfaces/persistence.nix new file mode 100644 index 0000000..0d0841d --- /dev/null +++ b/interfaces/persistence.nix @@ -0,0 +1,20 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options = { + main = mkOption { + type = types.nullOr types.str; + default = null; + }; + + driver = mkOption { + type = types.attrsOf types.anything; + default = {}; + }; + + databases = mkOption { + type = types.listOf types.str; + default = []; + }; + }; +} diff --git a/interfaces/servarr.nix b/interfaces/servarr.nix new file mode 100644 index 0000000..3cd824a --- /dev/null +++ b/interfaces/servarr.nix @@ -0,0 +1,16 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options = { + services = mkOption { + type = types.attrsOf (types.submodule { + options = { + port = mkOption { + type = types.port; + }; + }; + }); + default = {}; + }; + }; +} diff --git a/machines/ulmo/configuration.nix b/machines/ulmo/configuration.nix index 0fa4431..ad2ab71 100644 --- a/machines/ulmo/configuration.nix +++ b/machines/ulmo/configuration.nix @@ -66,221 +66,221 @@ }; }; - sneeuwvlok = { - services = { - backup.borg.enable = true; + # sneeuwvlok = { + # services = { + # backup.borg.enable = true; - authentication.zitadel = { - enable = true; + # authentication.zitadel = { + # enable = true; - organization = { - nix = { - user = { - chris = { - email = "chris@kruining.eu"; - firstName = "Chris"; - lastName = "Kruining"; + # organization = { + # nix = { + # user = { + # chris = { + # email = "chris@kruining.eu"; + # firstName = "Chris"; + # lastName = "Kruining"; - roles = ["ORG_OWNER"]; - instanceRoles = ["IAM_OWNER"]; - }; + # roles = ["ORG_OWNER"]; + # instanceRoles = ["IAM_OWNER"]; + # }; - kaas = { - email = "chris+kaas@kruining.eu"; - firstName = "Kaas"; - lastName = "Kruining"; - }; - }; + # kaas = { + # email = "chris+kaas@kruining.eu"; + # firstName = "Kaas"; + # lastName = "Kruining"; + # }; + # }; - project = { - ulmo = { - projectRoleCheck = true; - projectRoleAssertion = true; - hasProjectCheck = true; + # project = { + # ulmo = { + # projectRoleCheck = true; + # projectRoleAssertion = true; + # hasProjectCheck = true; - role = { - jellyfin = { - group = "jellyfin"; - }; - jellyfin_admin = { - group = "jellyfin"; - }; - }; + # role = { + # jellyfin = { + # group = "jellyfin"; + # }; + # jellyfin_admin = { + # group = "jellyfin"; + # }; + # }; - assign = { - chris = ["jellyfin" "jellyfin_admin"]; - kaas = ["jellyfin"]; - }; + # assign = { + # chris = ["jellyfin" "jellyfin_admin"]; + # kaas = ["jellyfin"]; + # }; - application = { - jellyfin = { - redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # application = { + # jellyfin = { + # redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; - forgejo = { - redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # forgejo = { + # redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; - vaultwarden = { - redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - exportMap = { - client_id = "SSO_CLIENT_ID"; - client_secret = "SSO_CLIENT_SECRET"; - }; - }; + # vaultwarden = { + # redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # exportMap = { + # client_id = "SSO_CLIENT_ID"; + # client_secret = "SSO_CLIENT_SECRET"; + # }; + # }; - matrix = { - redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # matrix = { + # redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; - mydia = { - redirectUris = ["http://localhost:2010/auth/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # mydia = { + # redirectUris = ["http://localhost:2010/auth/oidc/callback"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; - grafana = { - redirectUris = ["http://localhost:9001/login/generic_oauth"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - }; - }; + # grafana = { + # redirectUris = ["http://localhost:9001/login/generic_oauth"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; + # }; + # }; - convex = { - projectRoleCheck = true; - projectRoleAssertion = true; - hasProjectCheck = true; + # convex = { + # projectRoleCheck = true; + # projectRoleAssertion = true; + # hasProjectCheck = true; - application = { - scry = { - redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - }; - }; - }; + # application = { + # scry = { + # redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; + # }; + # }; + # }; - action = { - flattenRoles = { - script = '' - (ctx, api) => { - if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { - return; - } + # action = { + # flattenRoles = { + # script = '' + # (ctx, api) => { + # if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { + # return; + # } - const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); + # const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); - api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); - }; - ''; - }; - }; + # api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); + # }; + # ''; + # }; + # }; - triggers = [ - { - flowType = "customiseToken"; - triggerType = "preUserinfoCreation"; - actions = ["flattenRoles"]; - } - { - flowType = "customiseToken"; - triggerType = "preAccessTokenCreation"; - actions = ["flattenRoles"]; - } - ]; - }; - }; - }; + # triggers = [ + # { + # flowType = "customiseToken"; + # triggerType = "preUserinfoCreation"; + # actions = ["flattenRoles"]; + # } + # { + # flowType = "customiseToken"; + # triggerType = "preAccessTokenCreation"; + # actions = ["flattenRoles"]; + # } + # ]; + # }; + # }; + # }; - communication.matrix.enable = true; + # communication.matrix.enable = true; - development.forgejo.enable = true; + # development.forgejo.enable = true; - networking.ssh.enable = true; - networking.caddy.hosts = { - # Expose amarht cloud stuff like this until I have a proper solution - "auth.amarth.cloud" = '' - reverse_proxy http://192.168.1.223:9092 - ''; + # networking.ssh.enable = true; + # networking.caddy.hosts = { + # # Expose amarht cloud stuff like this until I have a proper solution + # "auth.amarth.cloud" = '' + # reverse_proxy http://192.168.1.223:9092 + # ''; - "amarth.cloud" = '' - reverse_proxy http://192.168.1.223:8080 - ''; - }; + # "amarth.cloud" = '' + # reverse_proxy http://192.168.1.223:8080 + # ''; + # }; - media.enable = true; - media.glance.enable = true; - media.mydia.enable = true; - media.nfs.enable = true; - media.jellyfin.enable = true; - # media.servarr = { - # radarr = { - # enable = true; - # port = 2001; - # rootFolders = [ - # "/var/media/movies" - # ]; - # }; + # media.enable = true; + # media.glance.enable = true; + # media.mydia.enable = true; + # media.nfs.enable = true; + # media.jellyfin.enable = true; + # # media.servarr = { + # # radarr = { + # # enable = true; + # # port = 2001; + # # rootFolders = [ + # # "/var/media/movies" + # # ]; + # # }; - # sonarr = { - # enable = true; - # # debug = true; - # port = 2002; - # rootFolders = [ - # "/var/media/series" - # ]; - # }; + # # sonarr = { + # # enable = true; + # # # debug = true; + # # port = 2002; + # # rootFolders = [ + # # "/var/media/series" + # # ]; + # # }; - # lidarr = { - # enable = true; - # debug = true; - # port = 2003; - # rootFolders = [ - # "/var/media/music" - # ]; - # }; + # # lidarr = { + # # enable = true; + # # debug = true; + # # port = 2003; + # # rootFolders = [ + # # "/var/media/music" + # # ]; + # # }; - # prowlarr = { - # enable = true; - # # debug = true; - # port = 2004; - # }; - # }; + # # prowlarr = { + # # enable = true; + # # # debug = true; + # # port = 2004; + # # }; + # # }; - observability = { - grafana.enable = true; - prometheus.enable = true; - loki.enable = true; - promtail.enable = true; - # uptime-kuma.enable = true; - }; + # observability = { + # grafana.enable = true; + # prometheus.enable = true; + # loki.enable = true; + # promtail.enable = true; + # # uptime-kuma.enable = true; + # }; - security.vaultwarden = { - enable = true; - database = { - # type = "sqlite"; - # file = "/var/lib/vaultwarden/state.db"; + # security.vaultwarden = { + # enable = true; + # database = { + # # type = "sqlite"; + # # file = "/var/lib/vaultwarden/state.db"; - type = "postgresql"; - host = "localhost"; - port = 5432; - sslMode = "disabled"; - }; - }; - }; + # type = "postgresql"; + # host = "localhost"; + # port = 5432; + # sslMode = "disabled"; + # }; + # }; + # }; - editor = { - nano.enable = true; - }; - }; + # editor = { + # nano.enable = true; + # }; + # }; } diff --git a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo b/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/api_key/users/chris b/vars/per-machine/ulmo/lidarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/lidarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo b/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/users/chris b/vars/per-machine/ulmo/lidarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/lidarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo b/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/users/chris b/vars/per-machine/ulmo/postgresql/.pgpass/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/.pgpass/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris b/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris b/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/radarr_password/users/chris b/vars/per-machine/ulmo/postgresql/radarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/radarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo b/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.crt/users/chris b/vars/per-machine/ulmo/postgresql/server.crt/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/server.crt/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo b/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.key/users/chris b/vars/per-machine/ulmo/postgresql/server.key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/server.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris b/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo b/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/users/chris b/vars/per-machine/ulmo/prowlarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/prowlarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo b/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/users/chris b/vars/per-machine/ulmo/prowlarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/prowlarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo b/vars/per-machine/ulmo/radarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/users/chris b/vars/per-machine/ulmo/radarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/radarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo b/vars/per-machine/ulmo/radarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/users/chris b/vars/per-machine/ulmo/radarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/radarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo b/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris b/vars/per-machine/ulmo/servarr/config.tfvars/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo b/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/users/chris b/vars/per-machine/ulmo/sonarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sonarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo b/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/users/chris b/vars/per-machine/ulmo/sonarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sonarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file