From 59a1fbaf0f4b7db1c7c683f59489f08253939d79 Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 24 Mar 2026 14:09:46 +0000 Subject: [PATCH 01/58] initial migration --- .just/machine.just | 20 - .just/users.just | 101 ----- .just/vars.just | 27 +- .justfile | 31 -- clan.nix | 101 +++++ flake.lock | 351 ++--------------- flake.nix | 365 +++++++++++++++--- .../x86_64-linux => machines}/aule/README.md | 0 machines/aule/configuration.nix | 2 + .../mandos/README.md | 0 .../mandos/configuration.nix | 2 +- machines/mandos/default.nix | 3 + .../mandos/disks.nix | 0 .../mandos/hardware.nix | 0 .../x86_64-linux => machines}/manwe/README.md | 0 .../manwe/configuration.nix | 2 +- machines/manwe/default.nix | 3 + .../x86_64-linux => machines}/manwe/disks.nix | 0 .../manwe/hardware.nix | 0 .../melkor/README.md | 0 machines/melkor/configuration.nix | 2 + .../x86_64-linux => machines}/orome/README.md | 0 .../orome/configuration.nix | 2 +- machines/orome/default.nix | 3 + .../x86_64-linux => machines}/orome/disks.nix | 0 .../orome/hardware.nix | 0 .../tulkas/README.md | 0 .../tulkas/configuration.nix | 2 +- machines/tulkas/default.nix | 3 + .../tulkas/disks.nix | 0 .../tulkas/hardware.nix | 0 .../ulmo/configuration.nix | 2 +- machines/ulmo/default.nix | 3 + .../x86_64-linux => machines}/ulmo/disks.nix | 0 .../ulmo/hardware.nix | 0 .../x86_64-linux => machines}/varda/README.md | 0 machines/varda/configuration.nix | 2 + .../yavanna/README.md | 0 machines/yavanna/configuration.nix | 2 + modules/home/application/studio/default.nix | 7 +- .../home/application/thunderbird/default.nix | 4 +- modules/home/application/zen/default.nix | 6 +- modules/nixos/desktop/default.nix | 5 - modules/nixos/desktop/gamescope/default.nix | 4 +- modules/nixos/editor/nvim/default.nix | 6 +- .../authentication/himmelblau/default.nix | 3 - .../authentication/zitadel/default.nix | 8 +- .../services/games/minecraft/default.nix | 5 - .../nixos/services/media/mydia/default.nix | 5 - .../nixos/services/media/servarr/default.nix | 8 +- .../services/networking/caddy/default.nix | 13 +- .../services/security/vaultwarden/default.nix | 8 +- .../nixos/system/security/sops/default.nix | 10 +- packages/studio/default.nix | 14 +- 54 files changed, 522 insertions(+), 613 deletions(-) delete mode 100644 .just/machine.just delete mode 100644 .just/users.just create mode 100644 clan.nix rename {systems/x86_64-linux => machines}/aule/README.md (100%) create mode 100644 machines/aule/configuration.nix rename {systems/x86_64-linux => machines}/mandos/README.md (100%) rename systems/x86_64-linux/mandos/default.nix => machines/mandos/configuration.nix (99%) create mode 100644 machines/mandos/default.nix rename {systems/x86_64-linux => machines}/mandos/disks.nix (100%) rename {systems/x86_64-linux => machines}/mandos/hardware.nix (100%) rename {systems/x86_64-linux => machines}/manwe/README.md (100%) rename systems/x86_64-linux/manwe/default.nix => machines/manwe/configuration.nix (99%) create mode 100644 machines/manwe/default.nix rename {systems/x86_64-linux => machines}/manwe/disks.nix (100%) rename {systems/x86_64-linux => machines}/manwe/hardware.nix (100%) rename {systems/x86_64-linux => machines}/melkor/README.md (100%) create mode 100644 machines/melkor/configuration.nix rename {systems/x86_64-linux => machines}/orome/README.md (100%) rename systems/x86_64-linux/orome/default.nix => machines/orome/configuration.nix (87%) create mode 100644 machines/orome/default.nix rename {systems/x86_64-linux => machines}/orome/disks.nix (100%) rename {systems/x86_64-linux => machines}/orome/hardware.nix (100%) rename {systems/x86_64-linux => machines}/tulkas/README.md (100%) rename systems/x86_64-linux/tulkas/default.nix => machines/tulkas/configuration.nix (99%) create mode 100644 machines/tulkas/default.nix rename {systems/x86_64-linux => machines}/tulkas/disks.nix (100%) rename {systems/x86_64-linux => machines}/tulkas/hardware.nix (100%) rename systems/x86_64-linux/ulmo/default.nix => machines/ulmo/configuration.nix (99%) create mode 100644 machines/ulmo/default.nix rename {systems/x86_64-linux => machines}/ulmo/disks.nix (100%) rename {systems/x86_64-linux => machines}/ulmo/hardware.nix (100%) rename {systems/x86_64-linux => machines}/varda/README.md (100%) create mode 100644 machines/varda/configuration.nix rename {systems/x86_64-linux => machines}/yavanna/README.md (100%) create mode 100644 machines/yavanna/configuration.nix diff --git a/.just/machine.just b/.just/machine.just deleted file mode 100644 index 3cb4587..0000000 --- a/.just/machine.just +++ /dev/null @@ -1,20 +0,0 @@ -@_default: list - -[doc('List machines')] -@list: - ls -1 ../systems/x86_64-linux/ - -[doc('Update target machine')] -[no-exit-message] -@update machine: - echo "Checking vars" - cd .. && just vars _check {{ machine }} - echo "" - just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json - -[doc('Check if target machine builds')] -[no-exit-message] -@check machine: - just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nix build ..#nixosConfigurations.{{ machine }}.config.system.build.toplevel diff --git a/.just/users.just b/.just/users.just deleted file mode 100644 index e798cc3..0000000 --- a/.just/users.just +++ /dev/null @@ -1,101 +0,0 @@ -set unstable := true -set quiet := true - -_default: - just --list users - -[doc('List available users')] -[script] -list: - cd .. && just vars get ulmo zitadel/users | jq -r -C ' - import ".jq/table" as table; - import ".jq/format" as f; - - fromjson - | to_entries - | sort_by(.key) - | map( - (.key|f::to_title) + ":\n" - + table::create( - .value - | to_entries - | sort_by(.key) - | map({username:.key} + .value) - ) - ) - | join("\n\n┄┄┄\n\n") - '; - -[doc('Add a new user')] -[script] -add: - exec 5>&1 - - pad () { [ "$#" -gt 1 ] && [ -n "$2" ] && printf "%$2.${2#-}s" "$1"; } - - input() { - local label=$1 - local value=$2 - - local res=$(gum input --header "$label" --value "$value") - echo -e "\e[2m$(pad "$label" -11)\e[0m$res" >&5 - echo $res - } - - data=`cd .. && just vars get ulmo zitadel/users | jq 'fromjson'` - - # Gather inputs - org=` - jq -r 'to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which organisation to save to?' --select-if-one - ` - username=`input 'user name' ''` - email=`input 'email' ''` - first_name=`input 'first name' ''` - last_name=`input 'last name' ''` - - user_exists=`jq --arg 'org' "$org" --arg 'username' "$username" '.[$org][$username]? | . != null' <<< "$data"` - - if [ "$user_exists" == "true" ]; then - gum confirm 'User already exists, overwrite it?' --padding="1 1" || exit 0 - fi - - next=` - jq \ - --arg 'org' "$org" \ - --arg 'username' "$username" \ - --arg 'email' "$email" \ - --arg 'first_name' "$first_name" \ - --arg 'last_name' "$last_name" \ - --compact-output \ - '.[$org] += { $username: { email: $email, firstName: $first_name, lastName: $last_name } }' \ - <<< $data - ` - - gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" - -[doc('Remove a new user')] -[script] -remove: - data=`cd .. && just vars get ulmo zitadel/users | jq fromjson` - - # Gather inputs - org=` - jq -r 'to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which organisation?' --select-if-one - ` - user=` - jq -r --arg org "$org" '.[$org] | to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which user?' --select-if-one - ` - - next=` - jq \ - --arg 'org' "$org" \ - --arg 'user' "$user" \ - --compact-output \ - 'del(.[$org][$user])' \ - <<< $data - ` - - gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" diff --git a/.just/vars.just b/.just/vars.just index 62a8bd9..9c63565 100644 --- a/.just/vars.just +++ b/.just/vars.just @@ -1,38 +1,39 @@ set unstable := true set quiet := true -base_path := justfile_directory() + "/systems/x86_64-linux" +machine_base_path := justfile_directory() + "/../machines" +secret_base_path := justfile_directory() + "/../systems/x86_64-linux" _default: just --list vars [doc('List all vars of {machine}')] list machine: - sops decrypt {{ base_path }}/{{ machine }}/secrets.yml + sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml [doc('Edit all vars of {machine} in your editor')] edit machine: - sops edit {{ base_path }}/{{ machine }}/secrets.yml + sops edit {{ secret_base_path }}/{{ machine }}/secrets.yml [doc('Set var {value} by {key} for {machine}')] @set machine key value: - sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\"" + sops set {{ secret_base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\"" - git add {{ base_path }}/{{ machine }}/secrets.yml - git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null + git add {{ secret_base_path }}/{{ machine }}/secrets.yml + git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine }}"' -- {{ secret_base_path }}/{{ machine }}/secrets.yml > /dev/null echo "Done" [doc('Get var by {key} from {machine}')] get machine key: - sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\"" + sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\"" [doc('Remove var by {key} for {machine}')] remove machine key: - sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" + sops unset {{ secret_base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" - git add {{ base_path }}/{{ machine }}/secrets.yml - git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null + git add {{ secret_base_path }}/{{ machine }}/secrets.yml + git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ secret_base_path }}/{{ machine }}/secrets.yml > /dev/null echo "Done" @@ -59,7 +60,7 @@ _rotate machine key: check: cd .. - for machine in $(ls {{ base_path }}); do + for machine in $(ls {{ machine_base_path }}); do just vars _check "$machine" done @@ -70,14 +71,14 @@ _check machine: # we can skip this folder as we are # missing the files used to compare # the defined vs the configured secrets - if [ ! -f "{{ base_path }}/{{ machine }}/default.nix" ]; then + if [ ! -f "{{ machine_base_path }}/{{ machine }}/default.nix" ]; then printf "\r• %-8sskipped\n" "{{ machine }}" exit 0 fi exec 3< <(jq -nr \ --rawfile defined <(nix eval --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets 2>/dev/null) \ - --rawfile configured <([ -f "{{ base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \ + --rawfile configured <([ -f "{{ secret_base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \ ' [ $configured | fromjson | paths(scalars) | join("/") ] as $conf | $defined diff --git a/.justfile b/.justfile index cee0db9..7f91bca 100644 --- a/.justfile +++ b/.justfile @@ -3,34 +3,3 @@ [doc('Manage vars')] mod vars '.just/vars.just' - -[doc('Manage users')] -mod users '.just/users.just' - -[doc('Manage machines')] -mod machine '.just/machine.just' - -[doc('Show information about project')] -@show: - echo "show" - -[doc('update the flake dependencies')] -@update: - nix flake update - git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null - echo "Done" - -[doc('Introspection on flake output')] -@select key: - nix eval --show-trace --json .#{{ key }} | jq . - - - -#=============================================================================================== -# Utils -#=============================================================================================== -[no-exit-message] -[no-cd] -[private] -@assert condition message: - [ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; } diff --git a/clan.nix b/clan.nix new file mode 100644 index 0000000..18af8a9 --- /dev/null +++ b/clan.nix @@ -0,0 +1,101 @@ +{ + sharedSpecialArgs, + mkMachineModuleList, +}: { + meta = { + name = "arda"; + domain = "arda"; + description = "My personal machines at home"; + }; + + directory = ./.; + + inventory.machines = { + aule = { + name = "aule"; + description = "Planned build server."; + machineClass = "nixos"; + tags = ["planned" "build"]; + }; + mandos = { + name = "mandos"; + description = "Living room Steam box."; + machineClass = "nixos"; + tags = ["gaming" "living-room"]; + }; + manwe = { + name = "manwe"; + description = "Main desktop."; + machineClass = "nixos"; + tags = ["desktop"]; + }; + melkor = { + name = "melkor"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + orome = { + name = "orome"; + description = "Work laptop."; + machineClass = "nixos"; + tags = ["laptop" "work"]; + }; + tulkas = { + name = "tulkas"; + description = "Steam Deck."; + machineClass = "nixos"; + tags = ["gaming" "handheld"]; + }; + ulmo = { + name = "ulmo"; + description = "Primary self-hosted services machine."; + machineClass = "nixos"; + tags = ["server" "services"]; + }; + varda = { + name = "varda"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + yavanna = { + name = "yavanna"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + }; + + machines = { + mandos = { + _module.args = sharedSpecialArgs; + imports = mkMachineModuleList "mandos"; + nixpkgs.hostPlatform = "x86_64-linux"; + }; + + manwe = { + _module.args = sharedSpecialArgs; + imports = mkMachineModuleList "manwe"; + nixpkgs.hostPlatform = "x86_64-linux"; + }; + + orome = { + _module.args = sharedSpecialArgs; + imports = mkMachineModuleList "orome"; + nixpkgs.hostPlatform = "x86_64-linux"; + }; + + tulkas = { + _module.args = sharedSpecialArgs; + imports = mkMachineModuleList "tulkas"; + nixpkgs.hostPlatform = "x86_64-linux"; + }; + + ulmo = { + _module.args = sharedSpecialArgs; + imports = mkMachineModuleList "ulmo"; + nixpkgs.hostPlatform = "x86_64-linux"; + }; + }; +} diff --git a/flake.lock b/flake.lock index c9df8ee..24acfef 100644 --- a/flake.lock +++ b/flake.lock @@ -72,12 +72,12 @@ "inputs": { "data-mesher": "data-mesher", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": [ + "flake-parts" + ], "nix-darwin": "nix-darwin", "nix-select": "nix-select", - "nixpkgs": [ - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "sops-nix": "sops-nix", "systems": "systems", "treefmt-nix": "treefmt-nix" @@ -160,7 +160,7 @@ "erosanix": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1773767380, @@ -197,26 +197,6 @@ "type": "github" } }, - "firefox": { - "inputs": { - "flake-compat": "flake-compat_2", - "lib-aggregate": "lib-aggregate", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1774141843, - "narHash": "sha256-gpjHyyfLvBLZQiWumOxsfsOxt6KTjNhUOXk+m9ISBHc=", - "owner": "nix-community", - "repo": "flake-firefox-nightly", - "rev": "3a1fcd6a4dbd617ad2014dd03aa68cdd885d5322", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-firefox-nightly", - "type": "github" - } - }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -250,21 +230,6 @@ } }, "flake-compat_2": { - "locked": { - "lastModified": 1761640442, - "narHash": "sha256-AtrEP6Jmdvrqiv4x2xa5mrtaIp3OEe8uBYCDZDS+hu8=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "4a56054d8ffc173222d09dad23adf4ba946c8884", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { "flake": false, "locked": { "lastModified": 1747046372, @@ -280,7 +245,7 @@ "type": "github" } }, - "flake-compat_4": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1751685974, @@ -296,22 +261,6 @@ "url": "https://git.lix.systems/lix-project/flake-compat.git" } }, - "flake-compat_5": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -417,61 +366,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils-plus": { - "inputs": { - "flake-utils": "flake-utils_2" - }, - "locked": { - "lastModified": 1715533576, - "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", - "type": "github" - }, - "original": { - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flux": { "inputs": { "mcman": "mcman", @@ -626,25 +520,6 @@ "type": "github" } }, - "lib-aggregate": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1773579712, - "narHash": "sha256-cvxFTYuOvvmpLJz5nB8iREmMGsDksY6gmZFf74UKD1Q=", - "owner": "nix-community", - "repo": "lib-aggregate", - "rev": "c23c52797845b8e4f273ddb5ccdf8622b5d98284", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "lib-aggregate", - "type": "github" - } - }, "mcman": { "inputs": { "crane": "crane", @@ -765,9 +640,9 @@ }, "nix-minecraft": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "nixpkgs": "nixpkgs_7", - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1774060651, @@ -796,78 +671,6 @@ "url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz" } }, - "nixlib": { - "locked": { - "lastModified": 1736643958, - "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-boot": { - "locked": { - "lastModified": 1722927293, - "narHash": "sha256-8oCsiFyAuidAdhSz60Lu8+TwCPHxaeWixyv0xT0mLt4=", - "owner": "Melkor333", - "repo": "nixos-boot", - "rev": "afaed735149d0a06f234e54dd2d9db2e18dc64ae", - "type": "github" - }, - "original": { - "owner": "Melkor333", - "repo": "nixos-boot", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1769813415, - "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "8946737ff703382fda7623b9fab071d037e897d5", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, - "nixos-wsl": { - "inputs": { - "flake-compat": [], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1773882647, - "narHash": "sha256-VzcOcE0LLpEnyoxLuMuptZ9ZWCkSBn99bTgEQoz5Viw=", - "owner": "nix-community", - "repo": "nixos-wsl", - "rev": "fd0eae98d1ecee31024271f8d64676250a386ee7", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-wsl", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1772380631, @@ -884,38 +687,7 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1773538553, - "narHash": "sha256-hohiyWALn8cXqk3FPnE3UADy03lRMaTV5iRzKCU86zM=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "a5ed666a3c206de0019b4c9dafc3a51f352bc7e3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs_10": { - "locked": { - "lastModified": 1773840656, - "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -933,16 +705,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1774106199, - "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", - "owner": "nixos", + "lastModified": 1772380631, + "narHash": "sha256-FhW0uxeXjefINP0vUD4yRBB52Us7fXZPk9RiPAopfiY=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "rev": "6d3b61b190a899042ce82a5355111976ba76d698", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", + "owner": "NixOS", + "ref": "master", "repo": "nixpkgs", "type": "github" } @@ -1028,11 +800,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1774106199, - "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "lastModified": 1771008912, + "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "rev": "a82ccc39b39b621151d6732718e3e250109076fa", "type": "github" }, "original": { @@ -1044,16 +816,16 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1771008912, - "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", - "owner": "nixos", + "lastModified": 1774273680, + "narHash": "sha256-a++tZ1RQsDb1I0NHrFwdGuRlR5TORvCEUksM459wKUA=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "a82ccc39b39b621151d6732718e3e250109076fa", + "rev": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -1085,12 +857,12 @@ }, "nvf": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", "mnw": "mnw", "ndg": "ndg", - "nixpkgs": "nixpkgs_9", - "systems": "systems_4" + "nixpkgs": "nixpkgs_8", + "systems": "systems_3" }, "locked": { "lastModified": 1774224548, @@ -1134,7 +906,7 @@ "clan-core": "clan-core", "erosanix": "erosanix", "fenix": "fenix", - "firefox": "firefox", + "flake-parts": "flake-parts", "flux": "flux", "grub2-themes": "grub2-themes", "himmelblau": "himmelblau", @@ -1142,13 +914,12 @@ "jovian": "jovian", "mydia": "mydia", "nix-minecraft": "nix-minecraft", - "nixos-boot": "nixos-boot", - "nixos-generators": "nixos-generators", - "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_8", + "nixpkgs": [ + "clan-core", + "nixpkgs" + ], "nvf": "nvf", "plasma-manager": "plasma-manager", - "snowfall-lib": "snowfall-lib", "sops-nix": "sops-nix_2", "stylix": "stylix", "terranix": "terranix", @@ -1172,28 +943,6 @@ "type": "github" } }, - "snowfall-lib": { - "inputs": { - "flake-compat": "flake-compat_5", - "flake-utils-plus": "flake-utils-plus", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1765361626, - "narHash": "sha256-kX0Dp/kYSRbQ+yd9e3lmmUWdNbipufvKfL2IzbrSpnY=", - "owner": "snowfallorg", - "repo": "lib", - "rev": "c566ad8b7352c30ec3763435de7c8f1c46ebb357", - "type": "github" - }, - "original": { - "owner": "snowfallorg", - "repo": "lib", - "type": "github" - } - }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -1217,7 +966,7 @@ }, "sops-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1774154798, @@ -1242,9 +991,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_4", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_10", "nur": "nur", - "systems": "systems_6", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1340,43 +1089,13 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_7": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_7" + "systems": "systems_5" }, "locked": { "lastModified": 1773700838, diff --git a/flake.nix b/flake.nix index 7ccab59..f53e964 100644 --- a/flake.nix +++ b/flake.nix @@ -2,13 +2,18 @@ description = "Nixos config flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - - snowfall-lib = { - url = "github:snowfallorg/lib"; - inputs.nixpkgs.follows = "nixpkgs"; + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "clan-core/nixpkgs"; }; + clan-core = { + url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; + inputs.flake-parts.follows = "flake-parts"; + }; + + nixpkgs.follows = "clan-core/nixpkgs"; + home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -20,18 +25,20 @@ inputs.home-manager.follows = "home-manager"; }; - nixos-generators = { - url = "github:nix-community/nixos-generators"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # Legacy ISO flow removed in favor of Clan install workflows. + # nixos-generators = { + # url = "github:nix-community/nixos-generators"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # neovim nvf.url = "github:notashelf/nvf"; - # plymouth theme - nixos-boot.url = "github:Melkor333/nixos-boot"; + # Unused input retained as a comment for easy recovery. + # nixos-boot.url = "github:Melkor333/nixos-boot"; - firefox.url = "github:nix-community/flake-firefox-nightly"; + # Unused input retained as a comment for easy recovery. + # firefox.url = "github:nix-community/flake-firefox-nightly"; stylix.url = "github:nix-community/stylix"; @@ -71,72 +78,312 @@ url = "github:vinceliuice/grub2-themes"; }; - nixos-wsl = { - url = "github:nix-community/nixos-wsl"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-compat.follows = ""; - }; - }; + # Unused input retained as a comment for easy recovery. + # nixos-wsl = { + # url = "github:nix-community/nixos-wsl"; + # inputs = { + # nixpkgs.follows = "nixpkgs"; + # flake-compat.follows = ""; + # }; + # }; terranix = { url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; - clan-core = { - url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - mydia = { url = "github:chris-kruining/mydia"; # url = "github:getmydia/mydia"; }; }; - outputs = inputs: - inputs.snowfall-lib.mkFlake { - inherit inputs; - src = ./.; + outputs = inputs @ { + flake-parts, + home-manager, + nixpkgs, + ... + }: let + inherit (nixpkgs) lib; - snowfall = { - namespace = "sneeuwvlok"; + namespace = "sneeuwvlok"; - meta = { - name = "sneeuwvlok"; - title = "Sneeuwvlok"; + supportedSystems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" + ]; + + channelConfig = { + allowUnfree = true; + permittedInsecurePackages = [ + # Due to *arr stack + "dotnet-sdk-6.0.428" + "aspnetcore-runtime-6.0.36" + + # I think this is because of zen + "qtwebengine-5.15.19" + + # For Nheko, the matrix client + "olm-3.2.16" + ]; + }; + + packageDefs = { + studio = { + path = ./packages/studio/default.nix; + extra = { + erosanixLib = inputs.erosanix.lib; + }; + systems = ["x86_64-linux"]; + }; + vaultwarden = { + path = ./packages/vaultwarden/default.nix; + extra = {}; + systems = supportedSystems; + }; + }; + + mkPackageOverlay = name: def: final: prev: + lib.optionalAttrs (lib.elem final.stdenv.hostPlatform.system def.systems) { + ${name} = final.callPackage def.path def.extra; + }; + + packageOverlays = { + "package/studio" = mkPackageOverlay "studio" packageDefs.studio; + "package/vaultwarden" = mkPackageOverlay "vaultwarden" packageDefs.vaultwarden; + }; + + systemOverlays = with inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + mkPkgs = system: + import nixpkgs { + inherit system; + overlays = systemOverlays; + config = channelConfig; + }; + + collectModules = root: let + recurse = prefix: dir: let + entries = builtins.readDir dir; + selfModule = + if builtins.pathExists (dir + "/default.nix") + then { + "${if prefix == "" then "__root" else prefix}" = dir; + } + else {}; + in + lib.foldl' (acc: name: let + kind = entries.${name}; + path = dir + "/${name}"; + rel = if prefix == "" then name else "${prefix}/${name}"; + children = + if kind == "directory" + then recurse rel path + else {}; + current = + if kind == "directory" && builtins.pathExists (path + "/default.nix") + then {"${rel}" = path;} + else {}; + in + acc // children // current) selfModule (builtins.attrNames entries); + in + recurse "" root; + + nixosModules = collectModules ./modules/nixos; + homeModules = collectModules ./modules/home; + + homeEntries = { + "chris@mandos" = { + machine = "mandos"; + user = "chris"; + path = ./homes/x86_64-linux + "/chris@mandos"; + }; + "chris@manwe" = { + machine = "manwe"; + user = "chris"; + path = ./homes/x86_64-linux + "/chris@manwe"; + }; + "chris@orome" = { + machine = "orome"; + user = "chris"; + path = ./homes/x86_64-linux + "/chris@orome"; + }; + "chris@tulkas" = { + machine = "tulkas"; + user = "chris"; + path = ./homes/x86_64-linux + "/chris@tulkas"; + }; + }; + + sneeuwvlokLib = + (import ./lib/options {inherit lib;}) + // (import ./lib/strings {inherit lib;}); + + machineConfigPaths = builtins.listToAttrs (map (name: lib.nameValuePair name (./machines + "/${name}/configuration.nix")) [ + "aule" + "mandos" + "manwe" + "melkor" + "orome" + "tulkas" + "ulmo" + "varda" + "yavanna" + ]); + + machineHomeModules = lib.mapAttrs' (_: spec: lib.nameValuePair spec.machine [{ + users.users.${spec.user} = { + isNormalUser = lib.mkDefault true; + }; + home-manager.users.${spec.user} = import spec.path; + }]) homeEntries; + + sharedSpecialArgs = { + inherit namespace; + erosanixLib = inputs.erosanix.lib; + repoRoot = ./.; + inherit sneeuwvlokLib; + terranixLib = inputs.terranix.lib; + system = "x86_64-linux"; + }; + + homeSharedModules = + [ + inputs.stylix.homeModules.stylix + inputs.plasma-manager.homeModules.plasma-manager + inputs.zen-browser.homeModules.default + ] + ++ builtins.attrValues homeModules; + + baseNixosModules = + [ + { _module.args = sharedSpecialArgs; } + inputs.grub2-themes.nixosModules.default + inputs.home-manager.nixosModules.home-manager + inputs.himmelblau.nixosModules.himmelblau + inputs.jovian.nixosModules.default + inputs.mydia.nixosModules.default + inputs.nix-minecraft.nixosModules.minecraft-servers + inputs.nvf.nixosModules.default + inputs.sops-nix.nixosModules.sops + { + nixpkgs = { + config = channelConfig; + overlays = systemOverlays; + }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = sharedSpecialArgs; + sharedModules = homeSharedModules; + }; + } + ] + ++ builtins.attrValues nixosModules; + + mkClanMachineModuleList = name: + baseNixosModules + ++ (machineHomeModules.${name} or []) + ++ [ + { + networking.hostName = lib.mkDefault name; + } + ]; + + mkMachineModuleList = name: + mkClanMachineModuleList name + ++ [ + machineConfigPaths.${name} + ]; + + clanConfig = import ./clan.nix { + inherit sharedSpecialArgs; + mkMachineModuleList = mkClanMachineModuleList; + }; + + activeMachineNames = builtins.attrNames clanConfig.machines; + + nixosConfigurations = + lib.genAttrs activeMachineNames (name: + lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = sharedSpecialArgs; + modules = mkMachineModuleList name; + }); + + homeConfigurations = + lib.mapAttrs (_: spec: + home-manager.lib.homeManagerConfiguration { + pkgs = mkPkgs "x86_64-linux"; + extraSpecialArgs = + sharedSpecialArgs + // { + osConfig = nixosConfigurations.${spec.machine}.config; + }; + modules = + homeSharedModules + ++ [ + { + home.username = spec.user; + home.homeDirectory = "/home/${spec.user}"; + } + spec.path + ]; + }) + homeEntries; + in + flake-parts.lib.mkFlake {inherit inputs;} { + systems = supportedSystems; + + imports = [ + inputs.clan-core.flakeModules.default + ]; + + clan = clanConfig; + + perSystem = { + system, + ... + }: let + pkgs = mkPkgs system; + in { + _module.args.pkgs = pkgs; + + packages = lib.filterAttrs (_: value: value != null) { + studio = + if lib.elem system packageDefs.studio.systems + then pkgs.callPackage packageDefs.studio.path packageDefs.studio.extra + else null; + vaultwarden = + if lib.elem system packageDefs.vaultwarden.systems + then pkgs.callPackage packageDefs.vaultwarden.path packageDefs.vaultwarden.extra + else null; + }; + + devShells.default = import ./shells/default/default.nix { + inherit inputs pkgs; + inherit (pkgs) mkShell stdenv; }; }; - channels-config = { - allowUnfree = true; - permittedInsecurePackages = [ - # Due to *arr stack - "dotnet-sdk-6.0.428" - "aspnetcore-runtime-6.0.36" + flake = { + inherit homeConfigurations; + nixosConfigurations = lib.mkForce nixosConfigurations; - # I think this is because of zen - "qtwebengine-5.15.19" + lib = sneeuwvlokLib; - # For Nheko, the matrix client - "olm-3.2.16" - ]; + overlays = + packageOverlays + // { + default = lib.composeManyExtensions (builtins.attrValues packageOverlays); + }; }; - - overlays = with inputs; [ - fenix.overlays.default - nix-minecraft.overlay - flux.overlays.default - ]; - - systems.modules = with inputs; [ - clan-core.nixosModules.default - ]; - - homes.modules = with inputs; [ - stylix.homeModules.stylix - plasma-manager.homeModules.plasma-manager - ]; }; } diff --git a/systems/x86_64-linux/aule/README.md b/machines/aule/README.md similarity index 100% rename from systems/x86_64-linux/aule/README.md rename to machines/aule/README.md diff --git a/machines/aule/configuration.nix b/machines/aule/configuration.nix new file mode 100644 index 0000000..4b2c5c4 --- /dev/null +++ b/machines/aule/configuration.nix @@ -0,0 +1,2 @@ +{ ... }: { +} diff --git a/systems/x86_64-linux/mandos/README.md b/machines/mandos/README.md similarity index 100% rename from systems/x86_64-linux/mandos/README.md rename to machines/mandos/README.md diff --git a/systems/x86_64-linux/mandos/default.nix b/machines/mandos/configuration.nix similarity index 99% rename from systems/x86_64-linux/mandos/default.nix rename to machines/mandos/configuration.nix index b1605f8..e7dda36 100644 --- a/systems/x86_64-linux/mandos/default.nix +++ b/machines/mandos/configuration.nix @@ -28,4 +28,4 @@ }; system.stateVersion = "23.11"; -} +} \ No newline at end of file diff --git a/machines/mandos/default.nix b/machines/mandos/default.nix new file mode 100644 index 0000000..9e99ca6 --- /dev/null +++ b/machines/mandos/default.nix @@ -0,0 +1,3 @@ +{ ... }: { + imports = [ ./configuration.nix ]; +} diff --git a/systems/x86_64-linux/mandos/disks.nix b/machines/mandos/disks.nix similarity index 100% rename from systems/x86_64-linux/mandos/disks.nix rename to machines/mandos/disks.nix diff --git a/systems/x86_64-linux/mandos/hardware.nix b/machines/mandos/hardware.nix similarity index 100% rename from systems/x86_64-linux/mandos/hardware.nix rename to machines/mandos/hardware.nix diff --git a/systems/x86_64-linux/manwe/README.md b/machines/manwe/README.md similarity index 100% rename from systems/x86_64-linux/manwe/README.md rename to machines/manwe/README.md diff --git a/systems/x86_64-linux/manwe/default.nix b/machines/manwe/configuration.nix similarity index 99% rename from systems/x86_64-linux/manwe/default.nix rename to machines/manwe/configuration.nix index a1b421b..1ba0566 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/machines/manwe/configuration.nix @@ -39,4 +39,4 @@ }; system.stateVersion = "23.11"; -} +} \ No newline at end of file diff --git a/machines/manwe/default.nix b/machines/manwe/default.nix new file mode 100644 index 0000000..9e99ca6 --- /dev/null +++ b/machines/manwe/default.nix @@ -0,0 +1,3 @@ +{ ... }: { + imports = [ ./configuration.nix ]; +} diff --git a/systems/x86_64-linux/manwe/disks.nix b/machines/manwe/disks.nix similarity index 100% rename from systems/x86_64-linux/manwe/disks.nix rename to machines/manwe/disks.nix diff --git a/systems/x86_64-linux/manwe/hardware.nix b/machines/manwe/hardware.nix similarity index 100% rename from systems/x86_64-linux/manwe/hardware.nix rename to machines/manwe/hardware.nix diff --git a/systems/x86_64-linux/melkor/README.md b/machines/melkor/README.md similarity index 100% rename from systems/x86_64-linux/melkor/README.md rename to machines/melkor/README.md diff --git a/machines/melkor/configuration.nix b/machines/melkor/configuration.nix new file mode 100644 index 0000000..4b2c5c4 --- /dev/null +++ b/machines/melkor/configuration.nix @@ -0,0 +1,2 @@ +{ ... }: { +} diff --git a/systems/x86_64-linux/orome/README.md b/machines/orome/README.md similarity index 100% rename from systems/x86_64-linux/orome/README.md rename to machines/orome/README.md diff --git a/systems/x86_64-linux/orome/default.nix b/machines/orome/configuration.nix similarity index 87% rename from systems/x86_64-linux/orome/default.nix rename to machines/orome/configuration.nix index e155461..95c8fd4 100644 --- a/systems/x86_64-linux/orome/default.nix +++ b/machines/orome/configuration.nix @@ -15,7 +15,7 @@ audio = true; }; - authentication.himmelblau.enable = true; + services.authentication.himmelblau.enable = true; application = { steam.enable = true; diff --git a/machines/orome/default.nix b/machines/orome/default.nix new file mode 100644 index 0000000..9e99ca6 --- /dev/null +++ b/machines/orome/default.nix @@ -0,0 +1,3 @@ +{ ... }: { + imports = [ ./configuration.nix ]; +} diff --git a/systems/x86_64-linux/orome/disks.nix b/machines/orome/disks.nix similarity index 100% rename from systems/x86_64-linux/orome/disks.nix rename to machines/orome/disks.nix diff --git a/systems/x86_64-linux/orome/hardware.nix b/machines/orome/hardware.nix similarity index 100% rename from systems/x86_64-linux/orome/hardware.nix rename to machines/orome/hardware.nix diff --git a/systems/x86_64-linux/tulkas/README.md b/machines/tulkas/README.md similarity index 100% rename from systems/x86_64-linux/tulkas/README.md rename to machines/tulkas/README.md diff --git a/systems/x86_64-linux/tulkas/default.nix b/machines/tulkas/configuration.nix similarity index 99% rename from systems/x86_64-linux/tulkas/default.nix rename to machines/tulkas/configuration.nix index 40d1673..afba730 100644 --- a/systems/x86_64-linux/tulkas/default.nix +++ b/machines/tulkas/configuration.nix @@ -29,4 +29,4 @@ }; system.stateVersion = "23.11"; -} +} \ No newline at end of file diff --git a/machines/tulkas/default.nix b/machines/tulkas/default.nix new file mode 100644 index 0000000..9e99ca6 --- /dev/null +++ b/machines/tulkas/default.nix @@ -0,0 +1,3 @@ +{ ... }: { + imports = [ ./configuration.nix ]; +} diff --git a/systems/x86_64-linux/tulkas/disks.nix b/machines/tulkas/disks.nix similarity index 100% rename from systems/x86_64-linux/tulkas/disks.nix rename to machines/tulkas/disks.nix diff --git a/systems/x86_64-linux/tulkas/hardware.nix b/machines/tulkas/hardware.nix similarity index 100% rename from systems/x86_64-linux/tulkas/hardware.nix rename to machines/tulkas/hardware.nix diff --git a/systems/x86_64-linux/ulmo/default.nix b/machines/ulmo/configuration.nix similarity index 99% rename from systems/x86_64-linux/ulmo/default.nix rename to machines/ulmo/configuration.nix index 43a5760..cacc4ba 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/machines/ulmo/configuration.nix @@ -271,4 +271,4 @@ }; system.stateVersion = "23.11"; -} +} \ No newline at end of file diff --git a/machines/ulmo/default.nix b/machines/ulmo/default.nix new file mode 100644 index 0000000..9e99ca6 --- /dev/null +++ b/machines/ulmo/default.nix @@ -0,0 +1,3 @@ +{ ... }: { + imports = [ ./configuration.nix ]; +} diff --git a/systems/x86_64-linux/ulmo/disks.nix b/machines/ulmo/disks.nix similarity index 100% rename from systems/x86_64-linux/ulmo/disks.nix rename to machines/ulmo/disks.nix diff --git a/systems/x86_64-linux/ulmo/hardware.nix b/machines/ulmo/hardware.nix similarity index 100% rename from systems/x86_64-linux/ulmo/hardware.nix rename to machines/ulmo/hardware.nix diff --git a/systems/x86_64-linux/varda/README.md b/machines/varda/README.md similarity index 100% rename from systems/x86_64-linux/varda/README.md rename to machines/varda/README.md diff --git a/machines/varda/configuration.nix b/machines/varda/configuration.nix new file mode 100644 index 0000000..4b2c5c4 --- /dev/null +++ b/machines/varda/configuration.nix @@ -0,0 +1,2 @@ +{ ... }: { +} diff --git a/systems/x86_64-linux/yavanna/README.md b/machines/yavanna/README.md similarity index 100% rename from systems/x86_64-linux/yavanna/README.md rename to machines/yavanna/README.md diff --git a/machines/yavanna/configuration.nix b/machines/yavanna/configuration.nix new file mode 100644 index 0000000..4b2c5c4 --- /dev/null +++ b/machines/yavanna/configuration.nix @@ -0,0 +1,2 @@ +{ ... }: { +} diff --git a/modules/home/application/studio/default.nix b/modules/home/application/studio/default.nix index 7f8173a..f235031 100644 --- a/modules/home/application/studio/default.nix +++ b/modules/home/application/studio/default.nix @@ -1,8 +1,11 @@ -{ config, lib, pkgs, namespace, ... }: +{ config, lib, pkgs, namespace, repoRoot, erosanixLib, ... }: let inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.application.studio; + studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/default.nix") { + inherit erosanixLib; + }; in { options.${namespace}.application.studio = { @@ -10,6 +13,6 @@ in }; config = mkIf cfg.enable { - home.packages = with pkgs.${namespace}; [ studio ]; + home.packages = [ studioPackage ]; }; } diff --git a/modules/home/application/thunderbird/default.nix b/modules/home/application/thunderbird/default.nix index c05f57b..92c8e37 100644 --- a/modules/home/application/thunderbird/default.nix +++ b/modules/home/application/thunderbird/default.nix @@ -14,7 +14,7 @@ in enable = true; package = pkgs.thunderbird-latest; - profiles.${config.snowfallorg.user.name} = { + profiles.chris = { isDefault = true; }; }; @@ -30,7 +30,7 @@ in }; thunderbird = { enable = true; - profiles = [ config.snowfallorg.user.name ]; + profiles = [ "chris" ]; }; }; diff --git a/modules/home/application/zen/default.nix b/modules/home/application/zen/default.nix index b7cec03..1d18a92 100644 --- a/modules/home/application/zen/default.nix +++ b/modules/home/application/zen/default.nix @@ -1,14 +1,10 @@ -{ inputs, config, lib, pkgs, namespace, ... }: +{ config, lib, pkgs, namespace, ... }: let inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.application.zen; in { - imports = [ - inputs.zen-browser.homeModules.default - ]; - options.${namespace}.application.zen = { enable = mkEnableOption "enable zen"; }; diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 13ef881..89dfb85 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -2,7 +2,6 @@ lib, config, namespace, - inputs, ... }: let inherit (lib) mkIf mkOption mkEnableOption mkMerge; @@ -10,10 +9,6 @@ cfg = config.${namespace}.desktop; in { - imports = [ - inputs.grub2-themes.nixosModules.default - ]; - options.${namespace}.desktop = { use = mkOption { type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); diff --git a/modules/nixos/desktop/gamescope/default.nix b/modules/nixos/desktop/gamescope/default.nix index 80e6099..9e499be 100644 --- a/modules/nixos/desktop/gamescope/default.nix +++ b/modules/nixos/desktop/gamescope/default.nix @@ -1,12 +1,10 @@ -{ lib, config, namespace, inputs, ... }: +{ lib, config, namespace, ... }: let inherit (lib) mkIf mkEnableOption mkForce; cfg = config.${namespace}.desktop.gamescope; in { - imports = [ inputs.jovian.nixosModules.default ]; - options.${namespace}.desktop.gamescope = { enable = mkEnableOption "Enable Steamdeck ui" // { default = (config.${namespace}.desktop.use == "gamescope"); diff --git a/modules/nixos/editor/nvim/default.nix b/modules/nixos/editor/nvim/default.nix index c29de0f..fb3bc56 100644 --- a/modules/nixos/editor/nvim/default.nix +++ b/modules/nixos/editor/nvim/default.nix @@ -1,14 +1,10 @@ -{ inputs, config, lib, pkgs, namespace, ... }: +{ config, lib, pkgs, namespace, ... }: let inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.editor.nvim; in { - imports = [ - inputs.nvf.nixosModules.default - ]; - options.${namespace}.editor.nvim = { enable = mkEnableOption "enable nvim via nvf on system level"; }; diff --git a/modules/nixos/services/authentication/himmelblau/default.nix b/modules/nixos/services/authentication/himmelblau/default.nix index d39d4cf..228fea0 100644 --- a/modules/nixos/services/authentication/himmelblau/default.nix +++ b/modules/nixos/services/authentication/himmelblau/default.nix @@ -1,5 +1,4 @@ { - inputs, lib, config, namespace, @@ -9,8 +8,6 @@ cfg = config.${namespace}.services.authentication.himmelblau; in { - imports = [inputs.himmelblau.nixosModules.himmelblau]; - options.${namespace}.services.authentication.himmelblau = { enable = mkEnableOption "enable azure entra ID authentication"; }; diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index 7674835..24250cb 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -1,7 +1,7 @@ -{ config, lib, pkgs, namespace, system, inputs, ... }: +{ config, lib, pkgs, namespace, system, terranixLib, sneeuwvlokLib, ... }: let inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; - inherit (lib.${namespace}.strings) toSnakeCase; + inherit (sneeuwvlokLib.strings) toSnakeCase; cfg = config.${namespace}.services.authentication.zitadel; @@ -339,7 +339,7 @@ in config' = config; # this is a nix package, the generated json file to be exact - terraformConfiguration = inputs.terranix.lib.terranixConfiguration { + terraformConfiguration = terranixLib.terranixConfiguration { inherit system; modules = [ @@ -576,7 +576,7 @@ in let tofu = lib.getExe pkgs.opentofu; in - '' + lib.replaceStrings ["\r"] [""] '' if [ "$(systemctl is-active zitadel)" != "active" ]; then echo "Zitadel is not running" exit 1 diff --git a/modules/nixos/services/games/minecraft/default.nix b/modules/nixos/services/games/minecraft/default.nix index 84567b3..851d1da 100644 --- a/modules/nixos/services/games/minecraft/default.nix +++ b/modules/nixos/services/games/minecraft/default.nix @@ -1,5 +1,4 @@ { - inputs, config, lib, pkgs, @@ -11,10 +10,6 @@ cfg = config.${namespace}.services.games.minecraft; in { - imports = [ - inputs.nix-minecraft.nixosModules.minecraft-servers - ]; - options.${namespace}.services.games.minecraft = { enable = mkEnableOption "Minecraft"; diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix index 7e082a3..e850fe4 100644 --- a/modules/nixos/services/media/mydia/default.nix +++ b/modules/nixos/services/media/mydia/default.nix @@ -2,7 +2,6 @@ config, lib, namespace, - inputs, system, ... }: let @@ -10,10 +9,6 @@ cfg = config.${namespace}.services.media.mydia; in { - imports = [ - inputs.mydia.nixosModules.default - ]; - options.${namespace}.services.media.mydia = { enable = mkEnableOption "Enable Mydia"; }; diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index c7a066c..152742e 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -3,8 +3,8 @@ config, lib, namespace, - inputs, system, + terranixLib, ... }: let inherit (builtins) toString; @@ -155,7 +155,7 @@ in { config' = config; lib' = lib; - terraformConfiguration = inputs.terranix.lib.terranixConfiguration { + terraformConfiguration = terranixLib.terranixConfiguration { inherit system; modules = [ @@ -341,11 +341,11 @@ in { } ''; - script = '' + script = lib.replaceStrings ["\r"] [""] '' # Sleep for a bit to give the service a chance to start up sleep 5s - if [ "$(systemctl is-active "${service}")" != "active" ]; then + if [ "$(systemctl is-active ${lib.escapeShellArg service})" != "active" ]; then echo "${service} is not running" exit 1 fi diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix index ec9df3a..2d28435 100644 --- a/modules/nixos/services/networking/caddy/default.nix +++ b/modules/nixos/services/networking/caddy/default.nix @@ -10,25 +10,22 @@ cfg = config.${namespace}.services.networking.caddy; hasHosts = (cfg.hosts |> attrNames |> length) > 0; - caddyBase = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/package.nix" { - buildGo125Module = pkgs.buildGo126Module; - caddy = caddyBase; + caddyPackage = pkgs.caddy.withPlugins { + plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; + hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs="; }; - caddyPackage = - caddyBase.withPlugins { - plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; - hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; - }; in { options.${namespace}.services.networking.caddy = { enable = mkEnableOption "enable caddy" // {default = true;}; hosts = mkOption { type = types.attrsOf types.str; + default = {}; }; extraConfig = mkOption { type = types.str; + default = ""; }; }; diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden/default.nix index 7dce380..d398df9 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden/default.nix @@ -3,6 +3,8 @@ config, lib, namespace, + repoRoot, + sneeuwvlokLib, ... }: let inherit (builtins) toString; @@ -26,7 +28,7 @@ }); databaseProviderPostgresql = types.submodule ({...}: let - urlOptions = lib.${namespace}.options.mkUrlOptions { + urlOptions = sneeuwvlokLib.options.mkUrlOptions { host = { description = '' Hostname of the postgresql server @@ -118,7 +120,7 @@ in { enable = true; dbBackend = "postgresql"; - package = pkgs.${namespace}.vaultwarden; + package = pkgs.callPackage (repoRoot + "/packages/vaultwarden/default.nix") {}; config = { SIGNUPS_ALLOWED = false; @@ -196,7 +198,7 @@ in { else if type == "postgresql" then { inherit (db) type; - url = lib.${namespace}.strings.toUrl { + url = sneeuwvlokLib.strings.toUrl { inherit (db) protocol host port; path = "vaultwarden"; query = { diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix index bee7b3c..8438454 100644 --- a/modules/nixos/system/security/sops/default.nix +++ b/modules/nixos/system/security/sops/default.nix @@ -1,12 +1,8 @@ -{ pkgs, config, namespace, inputs, system, ... }: +{ pkgs, config, namespace, repoRoot, system, ... }: let cfg = config.${namespace}.system.security.sops; in { - imports = [ - inputs.sops-nix.nixosModules.sops - ]; - options.${namespace}.system.security.sops = {}; config = { @@ -14,7 +10,7 @@ in sops = { defaultSopsFormat = "yaml"; - defaultSopsFile = inputs.self + "/systems/${system}/${config.networking.hostName}/secrets.yml"; + defaultSopsFile = repoRoot + "/systems/${system}/${config.networking.hostName}/secrets.yml"; age = { # keyFile = "~/.config/sops/age/keys.txt"; @@ -23,4 +19,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/packages/studio/default.nix b/packages/studio/default.nix index cb628c9..7c9ce0c 100644 --- a/packages/studio/default.nix +++ b/packages/studio/default.nix @@ -1,10 +1,10 @@ { pkgs, - inputs, + erosanixLib, }: let - inherit (builtins) fetchurl; + inherit (builtins) fetchurl replaceStrings; inherit (pkgs) makeDesktopItem copyDesktopItems wineWow64Packages; - inherit (inputs.erosanix.lib.x86_64-linux) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons; + inherit (erosanixLib.x86_64-linux) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons; wine = wineWow64Packages.base; in @@ -56,24 +56,24 @@ in nativeBuildInputs = [copyDesktopIcons copyDesktopItems]; - winAppInstall = '' + winAppInstall = replaceStrings ["\r"] [""] '' wine64 ${src} wineserver -W wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f ''; - winAppPreRun = '' + winAppPreRun = replaceStrings ["\r"] [""] '' wineserver -W wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f ''; - winAppRun = '' + winAppRun = replaceStrings ["\r"] [""] '' wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS" ''; winAppPostRun = ""; - installPhase = '' + installPhase = replaceStrings ["\r"] [""] '' runHook preInstall ln -s $out/bin/.launcher $out/bin/${pname} From ac3dac322d5f05bd6d358d06afc6aee57f93db63 Mon Sep 17 00:00:00 2001 From: chris Date: Wed, 25 Mar 2026 06:45:43 +0000 Subject: [PATCH 02/58] . --- clan.nix | 72 ++++- flake.nix | 295 +----------------- homes/x86_64-linux/chris@mandos/default.nix | 36 --- homes/x86_64-linux/chris@manwe/default.nix | 59 ---- homes/x86_64-linux/chris@orome/default.nix | 49 --- homes/x86_64-linux/chris@tulkas/default.nix | 36 --- lib/default.nix | 96 ++++++ lib/options/default.nix | 15 +- lib/strings/default.nix | 10 +- machines/aule/configuration.nix | 1 + machines/default.nix | 9 + machines/mandos/configuration.nix | 4 +- machines/mandos/default.nix | 3 - machines/mandos/hardware.nix | 4 +- machines/manwe/configuration.nix | 2 + machines/manwe/default.nix | 3 - machines/manwe/hardware.nix | 4 +- machines/melkor/configuration.nix | 1 + machines/orome/configuration.nix | 2 + machines/orome/default.nix | 3 - machines/orome/hardware.nix | 4 +- machines/tulkas/configuration.nix | 2 + machines/tulkas/default.nix | 3 - machines/tulkas/hardware.nix | 4 +- machines/ulmo/configuration.nix | 2 + machines/ulmo/default.nix | 3 - machines/ulmo/hardware.nix | 4 +- machines/varda/configuration.nix | 1 + machines/yavanna/configuration.nix | 1 + modules/home/application/default.nix | 17 + modules/home/application/studio/default.nix | 2 +- modules/home/default.nix | 12 + modules/home/desktop/default.nix | 5 + modules/home/development/default.nix | 7 + modules/home/editor/default.nix | 7 + modules/home/game/default.nix | 5 + modules/home/shell/default.nix | 5 + modules/home/shell/toolset/default.nix | 16 + modules/home/terminal/default.nix | 6 + modules/nixos/application/default.nix | 5 + modules/nixos/default.nix | 14 + modules/nixos/desktop/default.nix | 7 + modules/nixos/editor/default.nix | 6 + modules/nixos/hardware/default.nix | 7 + modules/nixos/hardware/gpu/default.nix | 6 + .../nixos/services/authentication/default.nix | 7 + .../authentication/zitadel/default.nix | 4 +- modules/nixos/services/backup/default.nix | 5 + .../nixos/services/communication/default.nix | 5 + modules/nixos/services/default.nix | 15 + .../nixos/services/development/default.nix | 5 + modules/nixos/services/games/default.nix | 7 + modules/nixos/services/media/default.nix | 9 + .../nixos/services/media/jellyfin/default.nix | 1 - .../nixos/services/media/mydia/default.nix | 1 - .../nixos/services/media/servarr/default.nix | 3 +- modules/nixos/services/networking/default.nix | 7 + .../nixos/services/observability/default.nix | 9 + .../nixos/services/persistance/default.nix | 5 + modules/nixos/services/security/default.nix | 5 + .../services/security/vaultwarden/default.nix | 2 +- .../nixos/services/virtualisation/default.nix | 5 + modules/nixos/system/default.nix | 6 + modules/nixos/system/security/default.nix | 8 +- .../nixos/system/security/sops/default.nix | 4 +- packages/default.nix | 24 ++ packages/studio/default.nix | 119 +------ packages/studio/package.nix | 100 ++++++ packages/vaultwarden/default.nix | 32 +- packages/vaultwarden/package.nix | 28 ++ scratchpad | 1 + shells/default/default.nix | 36 +-- .../x86_64-install-iso/minimal/default.nix | 121 ------- users/chris/mandos.nix | 38 +++ users/chris/manwe.nix | 61 ++++ users/chris/orome.nix | 51 +++ users/chris/tulkas.nix | 38 +++ users/default.nix | 78 +++++ 78 files changed, 893 insertions(+), 802 deletions(-) delete mode 100644 homes/x86_64-linux/chris@mandos/default.nix delete mode 100644 homes/x86_64-linux/chris@manwe/default.nix delete mode 100644 homes/x86_64-linux/chris@orome/default.nix delete mode 100644 homes/x86_64-linux/chris@tulkas/default.nix create mode 100644 lib/default.nix create mode 100644 machines/default.nix delete mode 100644 machines/mandos/default.nix delete mode 100644 machines/manwe/default.nix delete mode 100644 machines/orome/default.nix delete mode 100644 machines/tulkas/default.nix delete mode 100644 machines/ulmo/default.nix create mode 100644 modules/home/application/default.nix create mode 100644 modules/home/desktop/default.nix create mode 100644 modules/home/development/default.nix create mode 100644 modules/home/editor/default.nix create mode 100644 modules/home/game/default.nix create mode 100644 modules/home/shell/toolset/default.nix create mode 100644 modules/home/terminal/default.nix create mode 100644 modules/nixos/application/default.nix create mode 100644 modules/nixos/default.nix create mode 100644 modules/nixos/editor/default.nix create mode 100644 modules/nixos/hardware/default.nix create mode 100644 modules/nixos/hardware/gpu/default.nix create mode 100644 modules/nixos/services/authentication/default.nix create mode 100644 modules/nixos/services/backup/default.nix create mode 100644 modules/nixos/services/communication/default.nix create mode 100644 modules/nixos/services/default.nix create mode 100644 modules/nixos/services/development/default.nix create mode 100644 modules/nixos/services/games/default.nix create mode 100644 modules/nixos/services/networking/default.nix create mode 100644 modules/nixos/services/observability/default.nix create mode 100644 modules/nixos/services/persistance/default.nix create mode 100644 modules/nixos/services/security/default.nix create mode 100644 modules/nixos/services/virtualisation/default.nix create mode 100644 modules/nixos/system/default.nix create mode 100644 packages/default.nix create mode 100644 packages/studio/package.nix create mode 100644 packages/vaultwarden/package.nix create mode 100644 scratchpad delete mode 100644 systems/x86_64-install-iso/minimal/default.nix create mode 100644 users/chris/mandos.nix create mode 100644 users/chris/manwe.nix create mode 100644 users/chris/orome.nix create mode 100644 users/chris/tulkas.nix create mode 100644 users/default.nix diff --git a/clan.nix b/clan.nix index 18af8a9..2524ad2 100644 --- a/clan.nix +++ b/clan.nix @@ -1,6 +1,6 @@ { - sharedSpecialArgs, - mkMachineModuleList, + baseNixosModules, + lib, }: { meta = { name = "arda"; @@ -67,35 +67,73 @@ }; }; + inventory.instances = { + user-chris = { + module.name = "users"; + module.input = "clan-core"; + + roles.default.machines.mandos.settings = {}; + roles.default.machines.manwe.settings = {}; + roles.default.machines.orome.settings = {}; + roles.default.machines.tulkas.settings = {}; + + roles.default.settings = { + user = "chris"; + groups = [ "wheel" ]; + prompt = true; + share = true; + }; + }; + }; + machines = { mandos = { - _module.args = sharedSpecialArgs; - imports = mkMachineModuleList "mandos"; - nixpkgs.hostPlatform = "x86_64-linux"; + imports = baseNixosModules ++ [ + { + networking.hostName = lib.mkDefault "mandos"; + } + ./machines/mandos/configuration.nix + ./users/chris/mandos.nix + ]; }; manwe = { - _module.args = sharedSpecialArgs; - imports = mkMachineModuleList "manwe"; - nixpkgs.hostPlatform = "x86_64-linux"; + imports = baseNixosModules ++ [ + { + networking.hostName = lib.mkDefault "manwe"; + } + ./machines/manwe/configuration.nix + ./users/chris/manwe.nix + ]; }; orome = { - _module.args = sharedSpecialArgs; - imports = mkMachineModuleList "orome"; - nixpkgs.hostPlatform = "x86_64-linux"; + imports = baseNixosModules ++ [ + { + networking.hostName = lib.mkDefault "orome"; + } + ./machines/orome/configuration.nix + ./users/chris/orome.nix + ]; }; tulkas = { - _module.args = sharedSpecialArgs; - imports = mkMachineModuleList "tulkas"; - nixpkgs.hostPlatform = "x86_64-linux"; + imports = baseNixosModules ++ [ + { + networking.hostName = lib.mkDefault "tulkas"; + } + ./machines/tulkas/configuration.nix + ./users/chris/tulkas.nix + ]; }; ulmo = { - _module.args = sharedSpecialArgs; - imports = mkMachineModuleList "ulmo"; - nixpkgs.hostPlatform = "x86_64-linux"; + imports = baseNixosModules ++ [ + { + networking.hostName = lib.mkDefault "ulmo"; + } + ./machines/ulmo/configuration.nix + ]; }; }; } diff --git a/flake.nix b/flake.nix index f53e964..1225179 100644 --- a/flake.nix +++ b/flake.nix @@ -98,292 +98,23 @@ }; }; - outputs = inputs @ { - flake-parts, - home-manager, - nixpkgs, - ... - }: let - inherit (nixpkgs) lib; - - namespace = "sneeuwvlok"; - - supportedSystems = [ - "x86_64-linux" - "aarch64-linux" - "x86_64-darwin" - "aarch64-darwin" - ]; - - channelConfig = { - allowUnfree = true; - permittedInsecurePackages = [ - # Due to *arr stack - "dotnet-sdk-6.0.428" - "aspnetcore-runtime-6.0.36" - - # I think this is because of zen - "qtwebengine-5.15.19" - - # For Nheko, the matrix client - "olm-3.2.16" - ]; - }; - - packageDefs = { - studio = { - path = ./packages/studio/default.nix; - extra = { - erosanixLib = inputs.erosanix.lib; - }; - systems = ["x86_64-linux"]; - }; - vaultwarden = { - path = ./packages/vaultwarden/default.nix; - extra = {}; - systems = supportedSystems; - }; - }; - - mkPackageOverlay = name: def: final: prev: - lib.optionalAttrs (lib.elem final.stdenv.hostPlatform.system def.systems) { - ${name} = final.callPackage def.path def.extra; - }; - - packageOverlays = { - "package/studio" = mkPackageOverlay "studio" packageDefs.studio; - "package/vaultwarden" = mkPackageOverlay "vaultwarden" packageDefs.vaultwarden; - }; - - systemOverlays = with inputs; [ - fenix.overlays.default - nix-minecraft.overlay - flux.overlays.default - ]; - - mkPkgs = system: - import nixpkgs { - inherit system; - overlays = systemOverlays; - config = channelConfig; - }; - - collectModules = root: let - recurse = prefix: dir: let - entries = builtins.readDir dir; - selfModule = - if builtins.pathExists (dir + "/default.nix") - then { - "${if prefix == "" then "__root" else prefix}" = dir; - } - else {}; - in - lib.foldl' (acc: name: let - kind = entries.${name}; - path = dir + "/${name}"; - rel = if prefix == "" then name else "${prefix}/${name}"; - children = - if kind == "directory" - then recurse rel path - else {}; - current = - if kind == "directory" && builtins.pathExists (path + "/default.nix") - then {"${rel}" = path;} - else {}; - in - acc // children // current) selfModule (builtins.attrNames entries); - in - recurse "" root; - - nixosModules = collectModules ./modules/nixos; - homeModules = collectModules ./modules/home; - - homeEntries = { - "chris@mandos" = { - machine = "mandos"; - user = "chris"; - path = ./homes/x86_64-linux + "/chris@mandos"; - }; - "chris@manwe" = { - machine = "manwe"; - user = "chris"; - path = ./homes/x86_64-linux + "/chris@manwe"; - }; - "chris@orome" = { - machine = "orome"; - user = "chris"; - path = ./homes/x86_64-linux + "/chris@orome"; - }; - "chris@tulkas" = { - machine = "tulkas"; - user = "chris"; - path = ./homes/x86_64-linux + "/chris@tulkas"; - }; - }; - - sneeuwvlokLib = - (import ./lib/options {inherit lib;}) - // (import ./lib/strings {inherit lib;}); - - machineConfigPaths = builtins.listToAttrs (map (name: lib.nameValuePair name (./machines + "/${name}/configuration.nix")) [ - "aule" - "mandos" - "manwe" - "melkor" - "orome" - "tulkas" - "ulmo" - "varda" - "yavanna" - ]); - - machineHomeModules = lib.mapAttrs' (_: spec: lib.nameValuePair spec.machine [{ - users.users.${spec.user} = { - isNormalUser = lib.mkDefault true; - }; - home-manager.users.${spec.user} = import spec.path; - }]) homeEntries; - - sharedSpecialArgs = { - inherit namespace; - erosanixLib = inputs.erosanix.lib; - repoRoot = ./.; - inherit sneeuwvlokLib; - terranixLib = inputs.terranix.lib; - system = "x86_64-linux"; - }; - - homeSharedModules = - [ - inputs.stylix.homeModules.stylix - inputs.plasma-manager.homeModules.plasma-manager - inputs.zen-browser.homeModules.default - ] - ++ builtins.attrValues homeModules; - - baseNixosModules = - [ - { _module.args = sharedSpecialArgs; } - inputs.grub2-themes.nixosModules.default - inputs.home-manager.nixosModules.home-manager - inputs.himmelblau.nixosModules.himmelblau - inputs.jovian.nixosModules.default - inputs.mydia.nixosModules.default - inputs.nix-minecraft.nixosModules.minecraft-servers - inputs.nvf.nixosModules.default - inputs.sops-nix.nixosModules.sops - { - nixpkgs = { - config = channelConfig; - overlays = systemOverlays; - }; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = sharedSpecialArgs; - sharedModules = homeSharedModules; - }; - } - ] - ++ builtins.attrValues nixosModules; - - mkClanMachineModuleList = name: - baseNixosModules - ++ (machineHomeModules.${name} or []) - ++ [ - { - networking.hostName = lib.mkDefault name; - } - ]; - - mkMachineModuleList = name: - mkClanMachineModuleList name - ++ [ - machineConfigPaths.${name} - ]; - - clanConfig = import ./clan.nix { - inherit sharedSpecialArgs; - mkMachineModuleList = mkClanMachineModuleList; - }; - - activeMachineNames = builtins.attrNames clanConfig.machines; - - nixosConfigurations = - lib.genAttrs activeMachineNames (name: - lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = sharedSpecialArgs; - modules = mkMachineModuleList name; - }); - - homeConfigurations = - lib.mapAttrs (_: spec: - home-manager.lib.homeManagerConfiguration { - pkgs = mkPkgs "x86_64-linux"; - extraSpecialArgs = - sharedSpecialArgs - // { - osConfig = nixosConfigurations.${spec.machine}.config; - }; - modules = - homeSharedModules - ++ [ - { - home.username = spec.user; - home.homeDirectory = "/home/${spec.user}"; - } - spec.path - ]; - }) - homeEntries; - in + outputs = inputs@{flake-parts, ...}: flake-parts.lib.mkFlake {inherit inputs;} { - systems = supportedSystems; + systems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" + ]; imports = [ inputs.clan-core.flakeModules.default + inputs.home-manager.flakeModules.home-manager + ./lib/default.nix + ./machines/default.nix + ./packages/default.nix + ./shells/default/default.nix + ./users/default.nix ]; - - clan = clanConfig; - - perSystem = { - system, - ... - }: let - pkgs = mkPkgs system; - in { - _module.args.pkgs = pkgs; - - packages = lib.filterAttrs (_: value: value != null) { - studio = - if lib.elem system packageDefs.studio.systems - then pkgs.callPackage packageDefs.studio.path packageDefs.studio.extra - else null; - vaultwarden = - if lib.elem system packageDefs.vaultwarden.systems - then pkgs.callPackage packageDefs.vaultwarden.path packageDefs.vaultwarden.extra - else null; - }; - - devShells.default = import ./shells/default/default.nix { - inherit inputs pkgs; - inherit (pkgs) mkShell stdenv; - }; - }; - - flake = { - inherit homeConfigurations; - nixosConfigurations = lib.mkForce nixosConfigurations; - - lib = sneeuwvlokLib; - - overlays = - packageOverlays - // { - default = lib.composeManyExtensions (builtins.attrValues packageOverlays); - }; - }; }; } diff --git a/homes/x86_64-linux/chris@mandos/default.nix b/homes/x86_64-linux/chris@mandos/default.nix deleted file mode 100644 index ba87e73..0000000 --- a/homes/x86_64-linux/chris@mandos/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{osConfig, ...}: { - home.stateVersion = osConfig.system.stateVersion; - - programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; - }; - - sneeuwvlok = { - defaults = { - shell = "zsh"; - terminal = "ghostty"; - browser = "zen"; - editor = "zed"; - }; - - shell = { - corePkgs.enable = true; - }; - - themes = { - enable = true; - theme = "everforest"; - polarity = "dark"; - }; - - application = { - bitwarden.enable = true; - teamspeak.enable = true; - steam.enable = true; - zen.enable = true; - }; - }; -} diff --git a/homes/x86_64-linux/chris@manwe/default.nix b/homes/x86_64-linux/chris@manwe/default.nix deleted file mode 100644 index 0aced9b..0000000 --- a/homes/x86_64-linux/chris@manwe/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -{osConfig, ...}: { - home.stateVersion = osConfig.system.stateVersion; - - programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; - }; - - sneeuwvlok = { - defaults = { - shell = "zsh"; - terminal = "ghostty"; - browser = "zen"; - editor = "zed"; - }; - - shell = { - corePkgs.enable = true; - }; - - themes = { - enable = true; - theme = "everforest"; - polarity = "dark"; - }; - - development = { - rust.enable = true; - javascript.enable = true; - dotnet.enable = true; - }; - - application = { - bitwarden.enable = true; - discord.enable = true; - ladybird.enable = true; - matrix.enable = true; - obs.enable = true; - onlyoffice.enable = true; - signal.enable = true; - steam.enable = true; - studio.enable = true; - teamspeak.enable = true; - thunderbird.enable = true; - zen.enable = true; - }; - - shell.zsh.enable = true; - terminal.ghostty.enable = true; - - editor = { - zed.enable = true; - nvim.enable = true; - nano.enable = true; - }; - }; -} diff --git a/homes/x86_64-linux/chris@orome/default.nix b/homes/x86_64-linux/chris@orome/default.nix deleted file mode 100644 index 7a1dc43..0000000 --- a/homes/x86_64-linux/chris@orome/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{osConfig, ...}: { - home.stateVersion = osConfig.system.stateVersion; - - programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; - }; - - sneeuwvlok = { - defaults = { - shell = "zsh"; - terminal = "ghostty"; - browser = "zen"; - editor = "zed"; - }; - - shell = { - corePkgs.enable = true; - }; - - themes = { - enable = true; - theme = "everforest"; - polarity = "dark"; - }; - - development = { - javascript.enable = true; - dotnet.enable = true; - }; - - application = { - bitwarden.enable = true; - onlyoffice.enable = true; - signal.enable = true; - zen.enable = true; - }; - - shell.zsh.enable = true; - terminal.ghostty.enable = true; - - editor = { - zed.enable = true; - nano.enable = true; - }; - }; -} diff --git a/homes/x86_64-linux/chris@tulkas/default.nix b/homes/x86_64-linux/chris@tulkas/default.nix deleted file mode 100644 index ba87e73..0000000 --- a/homes/x86_64-linux/chris@tulkas/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{osConfig, ...}: { - home.stateVersion = osConfig.system.stateVersion; - - programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; - }; - - sneeuwvlok = { - defaults = { - shell = "zsh"; - terminal = "ghostty"; - browser = "zen"; - editor = "zed"; - }; - - shell = { - corePkgs.enable = true; - }; - - themes = { - enable = true; - theme = "everforest"; - polarity = "dark"; - }; - - application = { - bitwarden.enable = true; - teamspeak.enable = true; - steam.enable = true; - zen.enable = true; - }; - }; -} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..c89e6cf --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,96 @@ +{ + config, + inputs, + lib, + ... +}: let + inherit (lib) mkOption types; + namespace = "sneeuwvlok"; + + channelConfig = { + allowUnfree = true; + permittedInsecurePackages = [ + # Due to *arr stack + "dotnet-sdk-6.0.428" + "aspnetcore-runtime-6.0.36" + + # I think this is because of zen + "qtwebengine-5.15.19" + + # For Nheko, the matrix client + "olm-3.2.16" + ]; + }; + + systemOverlays = with inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + mkPkgs = system: + import inputs.nixpkgs { + inherit system; + overlays = systemOverlays; + config = channelConfig; + }; + + sharedContext = { + inherit inputs namespace; + erosanixLib = inputs.erosanix.lib; + repoRoot = ../.; + sneeuwvlokLib = config.localLib; + terranixLib = inputs.terranix.lib; + }; + + baseNixosModules = + [ + inputs.grub2-themes.nixosModules.default + inputs.home-manager.nixosModules.home-manager + inputs.himmelblau.nixosModules.himmelblau + inputs.jovian.nixosModules.default + inputs.mydia.nixosModules.default + inputs.nix-minecraft.nixosModules.minecraft-servers + inputs.nvf.nixosModules.default + inputs.sops-nix.nixosModules.sops + { + nixpkgs = { + config = channelConfig; + overlays = systemOverlays; + }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = sharedContext; + sharedModules = config.localUsers.homeSharedModules; + }; + } + ] + ++ [ ../modules/nixos ]; +in { + imports = [ + ./options + ./strings + ]; + + options.localLib = mkOption { + type = types.lazyAttrsOf types.raw; + default = {}; + }; + + config = { + _module.args = { + inherit + baseNixosModules + channelConfig + mkPkgs + sharedContext + systemOverlays + ; + sneeuwvlokLib = config.localLib; + }; + + flake.lib = config.localLib; + }; +} diff --git a/lib/options/default.nix b/lib/options/default.nix index 72e8621..579b3de 100644 --- a/lib/options/default.nix +++ b/lib/options/default.nix @@ -1,11 +1,8 @@ -{ lib, ...}: -let - inherit (builtins) isString typeOf; - inherit (lib) mkOption types throwIfNot concatStringsSep splitStringBy toLower map; -in -{ - options = { - mkUrlOptions = +{lib, ...}: let + inherit (lib) mkOption types; +in { + localLib.options = { + mkUrlOptions = defaults: { host = mkOption { @@ -35,4 +32,4 @@ in } // (defaults.protocol or {}); }; }; -} \ No newline at end of file +} diff --git a/lib/strings/default.nix b/lib/strings/default.nix index 0c15699..b9c7361 100644 --- a/lib/strings/default.nix +++ b/lib/strings/default.nix @@ -1,10 +1,8 @@ -{ lib, ...}: -let +{lib, ...}: let inherit (builtins) isString typeOf match toString head; inherit (lib) throwIfNot concatStringsSep splitStringBy toLower map concatMapAttrsStringSep; -in -{ - strings = { +in { + localLib.strings = { #======================================================================================== # Converts a string to snake case # @@ -36,4 +34,4 @@ in in "${_protocol}${host}${_port}${_path}${_query}${_hash}"; }; -} \ No newline at end of file +} diff --git a/machines/aule/configuration.nix b/machines/aule/configuration.nix index 4b2c5c4..e75bc1c 100644 --- a/machines/aule/configuration.nix +++ b/machines/aule/configuration.nix @@ -1,2 +1,3 @@ { ... }: { + nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/machines/default.nix b/machines/default.nix new file mode 100644 index 0000000..37086fa --- /dev/null +++ b/machines/default.nix @@ -0,0 +1,9 @@ +{baseNixosModules, lib, sharedContext, ...}: { + clan = + (import ../clan.nix { + inherit baseNixosModules lib; + }) + // { + specialArgs = sharedContext; + }; +} diff --git a/machines/mandos/configuration.nix b/machines/mandos/configuration.nix index e7dda36..cbeefc6 100644 --- a/machines/mandos/configuration.nix +++ b/machines/mandos/configuration.nix @@ -5,6 +5,8 @@ ./hardware.nix ]; + nixpkgs.hostPlatform = "x86_64-linux"; + sneeuwvlok = { hardware.has = { gpu.nvidia = true; @@ -28,4 +30,4 @@ }; system.stateVersion = "23.11"; -} \ No newline at end of file +} diff --git a/machines/mandos/default.nix b/machines/mandos/default.nix deleted file mode 100644 index 9e99ca6..0000000 --- a/machines/mandos/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ ... }: { - imports = [ ./configuration.nix ]; -} diff --git a/machines/mandos/hardware.nix b/machines/mandos/hardware.nix index 60759bd..ebed139 100644 --- a/machines/mandos/hardware.nix +++ b/machines/mandos/hardware.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, system, ... }: +{ config, lib, pkgs, modulesPath, ... }: let inherit (lib.modules) mkDefault; in @@ -13,6 +13,6 @@ in extraModulePackages = [ ]; }; - nixpkgs.hostPlatform = mkDefault system; + nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/machines/manwe/configuration.nix b/machines/manwe/configuration.nix index 1ba0566..ec052be 100644 --- a/machines/manwe/configuration.nix +++ b/machines/manwe/configuration.nix @@ -4,6 +4,8 @@ ./hardware.nix ]; + nixpkgs.hostPlatform = "x86_64-linux"; + system.activationScripts.remove-gtkrc.text = "rm -f /home/chris/.gtkrc-2.0"; services.logrotate.checkConfig = false; diff --git a/machines/manwe/default.nix b/machines/manwe/default.nix deleted file mode 100644 index 9e99ca6..0000000 --- a/machines/manwe/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ ... }: { - imports = [ ./configuration.nix ]; -} diff --git a/machines/manwe/hardware.nix b/machines/manwe/hardware.nix index 33ae3b5..3686637 100644 --- a/machines/manwe/hardware.nix +++ b/machines/manwe/hardware.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, system, ... }: +{ config, lib, pkgs, modulesPath, ... }: let inherit (lib.modules) mkDefault; in @@ -13,6 +13,6 @@ in extraModulePackages = [ ]; }; - nixpkgs.hostPlatform = mkDefault system; + nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; hardware.cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/machines/melkor/configuration.nix b/machines/melkor/configuration.nix index 4b2c5c4..e75bc1c 100644 --- a/machines/melkor/configuration.nix +++ b/machines/melkor/configuration.nix @@ -1,2 +1,3 @@ { ... }: { + nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/machines/orome/configuration.nix b/machines/orome/configuration.nix index 95c8fd4..1762545 100644 --- a/machines/orome/configuration.nix +++ b/machines/orome/configuration.nix @@ -4,6 +4,8 @@ ./hardware.nix ]; + nixpkgs.hostPlatform = "x86_64-linux"; + environment.systemPackages = with pkgs; [ azure-cli github-copilot-cli diff --git a/machines/orome/default.nix b/machines/orome/default.nix deleted file mode 100644 index 9e99ca6..0000000 --- a/machines/orome/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ ... }: { - imports = [ ./configuration.nix ]; -} diff --git a/machines/orome/hardware.nix b/machines/orome/hardware.nix index ee52810..2390ffd 100644 --- a/machines/orome/hardware.nix +++ b/machines/orome/hardware.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, system, ... }: +{ config, lib, pkgs, modulesPath, ... }: let inherit (lib.modules) mkDefault; in @@ -13,6 +13,6 @@ in extraModulePackages = [ ]; }; - nixpkgs.hostPlatform = mkDefault system; + nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/machines/tulkas/configuration.nix b/machines/tulkas/configuration.nix index afba730..ff3750b 100644 --- a/machines/tulkas/configuration.nix +++ b/machines/tulkas/configuration.nix @@ -5,6 +5,8 @@ ./hardware.nix ]; + nixpkgs.hostPlatform = "x86_64-linux"; + sneeuwvlok = { hardware.has = { gpu.amd = true; diff --git a/machines/tulkas/default.nix b/machines/tulkas/default.nix deleted file mode 100644 index 9e99ca6..0000000 --- a/machines/tulkas/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ ... }: { - imports = [ ./configuration.nix ]; -} diff --git a/machines/tulkas/hardware.nix b/machines/tulkas/hardware.nix index 950d7cc..cf287de 100644 --- a/machines/tulkas/hardware.nix +++ b/machines/tulkas/hardware.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, system, ... }: +{ config, lib, pkgs, modulesPath, ... }: let inherit (lib.modules) mkDefault; in @@ -13,6 +13,6 @@ in extraModulePackages = [ ]; }; - nixpkgs.hostPlatform = mkDefault system; + nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/machines/ulmo/configuration.nix b/machines/ulmo/configuration.nix index cacc4ba..b79d25e 100644 --- a/machines/ulmo/configuration.nix +++ b/machines/ulmo/configuration.nix @@ -4,6 +4,8 @@ ./hardware.nix ]; + nixpkgs.hostPlatform = "x86_64-linux"; + networking = { interfaces.enp2s0 = { ipv6.addresses = [ diff --git a/machines/ulmo/default.nix b/machines/ulmo/default.nix deleted file mode 100644 index 9e99ca6..0000000 --- a/machines/ulmo/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ ... }: { - imports = [ ./configuration.nix ]; -} diff --git a/machines/ulmo/hardware.nix b/machines/ulmo/hardware.nix index 4479a12..1c05d11 100644 --- a/machines/ulmo/hardware.nix +++ b/machines/ulmo/hardware.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, system, ... }: +{ config, lib, pkgs, modulesPath, ... }: let inherit (lib.modules) mkDefault; in @@ -13,6 +13,6 @@ in extraModulePackages = [ ]; }; - nixpkgs.hostPlatform = mkDefault system; + nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/machines/varda/configuration.nix b/machines/varda/configuration.nix index 4b2c5c4..e75bc1c 100644 --- a/machines/varda/configuration.nix +++ b/machines/varda/configuration.nix @@ -1,2 +1,3 @@ { ... }: { + nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/machines/yavanna/configuration.nix b/machines/yavanna/configuration.nix index 4b2c5c4..e75bc1c 100644 --- a/machines/yavanna/configuration.nix +++ b/machines/yavanna/configuration.nix @@ -1,2 +1,3 @@ { ... }: { + nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/modules/home/application/default.nix b/modules/home/application/default.nix new file mode 100644 index 0000000..a8eb524 --- /dev/null +++ b/modules/home/application/default.nix @@ -0,0 +1,17 @@ +{ + imports = [ + ./bitwarden + ./chrome + ./discord + ./ladybird + ./matrix + ./obs + ./onlyoffice + ./signal + ./steam + ./studio + ./teamspeak + ./thunderbird + ./zen + ]; +} diff --git a/modules/home/application/studio/default.nix b/modules/home/application/studio/default.nix index f235031..bd4e64e 100644 --- a/modules/home/application/studio/default.nix +++ b/modules/home/application/studio/default.nix @@ -3,7 +3,7 @@ let inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.application.studio; - studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/default.nix") { + studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/package.nix") { inherit erosanixLib; }; in diff --git a/modules/home/default.nix b/modules/home/default.nix index 6dc81b5..1c9623e 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -5,6 +5,18 @@ let cfg = config.${namespace}.defaults; in { + imports = [ + ./application + ./desktop + ./development + ./editor + ./game + ./home-manager + ./shell + ./terminal + ./themes + ]; + options.${namespace}.defaults = { editor = mkOption { type = enum [ "nano" "nvim" "zed" ]; diff --git a/modules/home/desktop/default.nix b/modules/home/desktop/default.nix new file mode 100644 index 0000000..3498999 --- /dev/null +++ b/modules/home/desktop/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./plasma + ]; +} diff --git a/modules/home/development/default.nix b/modules/home/development/default.nix new file mode 100644 index 0000000..d3e528a --- /dev/null +++ b/modules/home/development/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./dotnet + ./javascript + ./rust + ]; +} diff --git a/modules/home/editor/default.nix b/modules/home/editor/default.nix new file mode 100644 index 0000000..b0cd9f4 --- /dev/null +++ b/modules/home/editor/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./nano + ./nvim + ./zed + ]; +} diff --git a/modules/home/game/default.nix b/modules/home/game/default.nix new file mode 100644 index 0000000..639ea68 --- /dev/null +++ b/modules/home/game/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./minecraft + ]; +} diff --git a/modules/home/shell/default.nix b/modules/home/shell/default.nix index 9968e54..636156a 100644 --- a/modules/home/shell/default.nix +++ b/modules/home/shell/default.nix @@ -5,6 +5,11 @@ let cfg = config.${namespace}.shell; in { + imports = [ + ./toolset + ./zsh + ]; + options.${namespace}.shell = { corePkgs.enable = mkEnableOption "core shell packages"; }; diff --git a/modules/home/shell/toolset/default.nix b/modules/home/shell/toolset/default.nix new file mode 100644 index 0000000..edc8c03 --- /dev/null +++ b/modules/home/shell/toolset/default.nix @@ -0,0 +1,16 @@ +{ + imports = [ + ./bat + ./btop + ./eza + ./fzf + ./git + ./gnugpg + ./just + ./starship + ./tmux + ./yazi + ./zellij + ./zoxide + ]; +} diff --git a/modules/home/terminal/default.nix b/modules/home/terminal/default.nix new file mode 100644 index 0000000..97d44fa --- /dev/null +++ b/modules/home/terminal/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./alacritty + ./ghostty + ]; +} diff --git a/modules/nixos/application/default.nix b/modules/nixos/application/default.nix new file mode 100644 index 0000000..cd39af6 --- /dev/null +++ b/modules/nixos/application/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./steam + ]; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..1a2c686 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,14 @@ +{ + imports = [ + ./application + ./boot + ./desktop + ./editor + ./hardware + ./home-manager + ./nix + ./services + ./shells + ./system + ]; +} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 89dfb85..03d36e6 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -9,6 +9,13 @@ cfg = config.${namespace}.desktop; in { + imports = [ + ./cosmic + ./gamescope + ./gnome + ./plasma + ]; + options.${namespace}.desktop = { use = mkOption { type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); diff --git a/modules/nixos/editor/default.nix b/modules/nixos/editor/default.nix new file mode 100644 index 0000000..1bfac7a --- /dev/null +++ b/modules/nixos/editor/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./nano + ./nvim + ]; +} diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix new file mode 100644 index 0000000..48dac93 --- /dev/null +++ b/modules/nixos/hardware/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./audio + ./bluetooth + ./gpu + ]; +} diff --git a/modules/nixos/hardware/gpu/default.nix b/modules/nixos/hardware/gpu/default.nix new file mode 100644 index 0000000..7274f8a --- /dev/null +++ b/modules/nixos/hardware/gpu/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./amd + ./nvidia + ]; +} diff --git a/modules/nixos/services/authentication/default.nix b/modules/nixos/services/authentication/default.nix new file mode 100644 index 0000000..b3af1d2 --- /dev/null +++ b/modules/nixos/services/authentication/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./authelia + ./himmelblau + ./zitadel + ]; +} diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index 24250cb..ff95e79 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, namespace, system, terranixLib, sneeuwvlokLib, ... }: +{ config, lib, pkgs, namespace, terranixLib, sneeuwvlokLib, ... }: let inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; inherit (sneeuwvlokLib.strings) toSnakeCase; @@ -340,7 +340,7 @@ in # this is a nix package, the generated json file to be exact terraformConfiguration = terranixLib.terranixConfiguration { - inherit system; + system = pkgs.stdenv.hostPlatform.system; modules = [ ({ config, lib, ... }: { diff --git a/modules/nixos/services/backup/default.nix b/modules/nixos/services/backup/default.nix new file mode 100644 index 0000000..be807e9 --- /dev/null +++ b/modules/nixos/services/backup/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./borg + ]; +} diff --git a/modules/nixos/services/communication/default.nix b/modules/nixos/services/communication/default.nix new file mode 100644 index 0000000..351ce1c --- /dev/null +++ b/modules/nixos/services/communication/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./matrix + ]; +} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix new file mode 100644 index 0000000..50a6e7b --- /dev/null +++ b/modules/nixos/services/default.nix @@ -0,0 +1,15 @@ +{ + imports = [ + ./authentication + ./backup + ./communication + ./development + ./games + ./media + ./networking + ./observability + ./persistance + ./security + ./virtualisation + ]; +} diff --git a/modules/nixos/services/development/default.nix b/modules/nixos/services/development/default.nix new file mode 100644 index 0000000..c7f3bff --- /dev/null +++ b/modules/nixos/services/development/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./forgejo + ]; +} diff --git a/modules/nixos/services/games/default.nix b/modules/nixos/services/games/default.nix new file mode 100644 index 0000000..32191bd --- /dev/null +++ b/modules/nixos/services/games/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./minecraft + ./palworld + ./openrct.nix + ]; +} diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index c10a08e..7a0d102 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -10,6 +10,15 @@ cfg = config.${namespace}.services.media; in { + imports = [ + ./glance + ./jellyfin + ./mydia + ./nextcloud + ./nfs + ./servarr + ]; + options.${namespace}.services.media = { enable = mkEnableOption "Enable media services"; diff --git a/modules/nixos/services/media/jellyfin/default.nix b/modules/nixos/services/media/jellyfin/default.nix index de19896..e129cc4 100644 --- a/modules/nixos/services/media/jellyfin/default.nix +++ b/modules/nixos/services/media/jellyfin/default.nix @@ -4,7 +4,6 @@ lib, namespace, inputs, - system, ... }: let inherit (builtins) toString; diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix index e850fe4..3f2008a 100644 --- a/modules/nixos/services/media/mydia/default.nix +++ b/modules/nixos/services/media/mydia/default.nix @@ -2,7 +2,6 @@ config, lib, namespace, - system, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 152742e..0b75d22 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -3,7 +3,6 @@ config, lib, namespace, - system, terranixLib, ... }: let @@ -156,7 +155,7 @@ in { lib' = lib; terraformConfiguration = terranixLib.terranixConfiguration { - inherit system; + system = pkgs.stdenv.hostPlatform.system; modules = [ ({ diff --git a/modules/nixos/services/networking/default.nix b/modules/nixos/services/networking/default.nix new file mode 100644 index 0000000..8f4b393 --- /dev/null +++ b/modules/nixos/services/networking/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./caddy + ./ssh + ./wireguard + ]; +} diff --git a/modules/nixos/services/observability/default.nix b/modules/nixos/services/observability/default.nix new file mode 100644 index 0000000..1cf015c --- /dev/null +++ b/modules/nixos/services/observability/default.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./grafana + ./loki + ./prometheus + ./promtail + ./uptime-kuma + ]; +} diff --git a/modules/nixos/services/persistance/default.nix b/modules/nixos/services/persistance/default.nix new file mode 100644 index 0000000..31f6413 --- /dev/null +++ b/modules/nixos/services/persistance/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./postgesql + ]; +} diff --git a/modules/nixos/services/security/default.nix b/modules/nixos/services/security/default.nix new file mode 100644 index 0000000..751ae0c --- /dev/null +++ b/modules/nixos/services/security/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./vaultwarden + ]; +} diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden/default.nix index d398df9..c3b75b2 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden/default.nix @@ -120,7 +120,7 @@ in { enable = true; dbBackend = "postgresql"; - package = pkgs.callPackage (repoRoot + "/packages/vaultwarden/default.nix") {}; + package = pkgs.callPackage (repoRoot + "/packages/vaultwarden/package.nix") {}; config = { SIGNUPS_ALLOWED = false; diff --git a/modules/nixos/services/virtualisation/default.nix b/modules/nixos/services/virtualisation/default.nix new file mode 100644 index 0000000..253a507 --- /dev/null +++ b/modules/nixos/services/virtualisation/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./podman + ]; +} diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix new file mode 100644 index 0000000..4abcf82 --- /dev/null +++ b/modules/nixos/system/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./networking + ./security + ]; +} diff --git a/modules/nixos/system/security/default.nix b/modules/nixos/system/security/default.nix index e168543..17d34f9 100644 --- a/modules/nixos/system/security/default.nix +++ b/modules/nixos/system/security/default.nix @@ -3,6 +3,12 @@ let cfg = config.${namespace}.system.security; in { + imports = [ + ./boot + ./sops + ./sudo + ]; + options.${namespace}.system.security = {}; config = { @@ -20,4 +26,4 @@ in programs.gnupg.agent.enable = true; }; -} \ No newline at end of file +} diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix index 8438454..1583104 100644 --- a/modules/nixos/system/security/sops/default.nix +++ b/modules/nixos/system/security/sops/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, namespace, repoRoot, system, ... }: +{ pkgs, config, namespace, repoRoot, ... }: let cfg = config.${namespace}.system.security.sops; in @@ -10,7 +10,7 @@ in sops = { defaultSopsFormat = "yaml"; - defaultSopsFile = repoRoot + "/systems/${system}/${config.networking.hostName}/secrets.yml"; + defaultSopsFile = repoRoot + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml"; age = { # keyFile = "~/.config/sops/age/keys.txt"; diff --git a/packages/default.nix b/packages/default.nix new file mode 100644 index 0000000..11752d1 --- /dev/null +++ b/packages/default.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + mkPkgs, + ... +}: { + imports = [ + ./studio + ./vaultwarden + ]; + + perSystem = {system, ...}: let + pkgs = mkPkgs system; + in { + _module.args.pkgs = pkgs; + + clan.pkgs = pkgs; + }; + + flake.overlays.default = lib.composeManyExtensions [ + config.flake.overlays."package/studio" + config.flake.overlays."package/vaultwarden" + ]; +} diff --git a/packages/studio/default.nix b/packages/studio/default.nix index 7c9ce0c..cfd99fe 100644 --- a/packages/studio/default.nix +++ b/packages/studio/default.nix @@ -1,109 +1,16 @@ -{ - pkgs, - erosanixLib, -}: let - inherit (builtins) fetchurl replaceStrings; - inherit (pkgs) makeDesktopItem copyDesktopItems wineWow64Packages; - inherit (erosanixLib.x86_64-linux) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons; - - wine = wineWow64Packages.base; -in - mkWindowsAppNoCC rec { - inherit wine; - - pname = "studio"; - version = "2.25.12"; - - src = fetchurl { - url = "https://studio.download.bricklink.info/Studio2.0+EarlyAccess/Archive/2.25.12_1/Studio+2.0+EarlyAccess.exe"; - sha256 = "sha256:1xl3zvzkzr64zphk7rnpfx3whhbaykzw06m3nd5dc12r2p4sdh3v"; +{inputs, lib, ...}: { + perSystem = {pkgs, system, ...}: { + packages = lib.optionalAttrs (system == "x86_64-linux") { + studio = pkgs.callPackage ./package.nix { + erosanixLib = inputs.erosanix.lib; + }; }; + }; - enableMonoBootPrompt = false; - dontUnpack = true; - - wineArch = "win64"; - enableInstallNotification = true; - - fileMap = { - "$HOME/.config/${pname}/Stud.io" = "drive_c/users/$USER/AppData/Local/Stud.io"; - "$HOME/.config/${pname}/Bricklink" = "drive_c/users/$USER/AppData/LocalLow/Bricklink"; + flake.overlays."package/studio" = final: _prev: + lib.optionalAttrs (final.stdenv.hostPlatform.system == "x86_64-linux") { + studio = final.callPackage ./package.nix { + erosanixLib = inputs.erosanix.lib; + }; }; - - fileMapDuringAppInstall = false; - - persistRegistry = false; - persistRuntimeLayer = true; - inputHashMethod = "version"; - - # Can be used to precisely select the Direct3D implementation. - # - # | enableVulkan | rendererOverride | Direct3D implementation | - # |--------------|------------------|-------------------------| - # | false | null | OpenGL | - # | true | null | Vulkan (DXVK) | - # | * | dxvk-vulkan | Vulkan (DXVK) | - # | * | wine-opengl | OpenGL | - # | * | wine-vulkan | Vulkan (VKD3D) | - enableVulkan = false; - rendererOverride = null; - - enableHUD = false; - - enabledWineSymlinks = {}; - graphicsDriver = "auto"; - inhibitIdle = false; - - nativeBuildInputs = [copyDesktopIcons copyDesktopItems]; - - winAppInstall = replaceStrings ["\r"] [""] '' - wine64 ${src} - - wineserver -W - wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f - ''; - - winAppPreRun = replaceStrings ["\r"] [""] '' - wineserver -W - wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f - ''; - - winAppRun = replaceStrings ["\r"] [""] '' - wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS" - ''; - - winAppPostRun = ""; - installPhase = replaceStrings ["\r"] [""] '' - runHook preInstall - - ln -s $out/bin/.launcher $out/bin/${pname} - - runHook postInstall - ''; - - desktopItems = [ - (makeDesktopItem { - mimeTypes = []; - - name = pname; - exec = pname; - icon = pname; - desktopName = "Bricklink studio"; - genericName = "Lego creation app"; - categories = []; - }) - ]; - - desktopIcon = makeDesktopIcon { - name = pname; - src = ./studio.png; - }; - - meta = { - description = "App for creating lego builds"; - homepage = "https://www.bricklink.com/v3/studio/main.page"; - license = ""; - maintainers = []; - platforms = ["x86_64-linux"]; - }; - } +} diff --git a/packages/studio/package.nix b/packages/studio/package.nix new file mode 100644 index 0000000..7b40c68 --- /dev/null +++ b/packages/studio/package.nix @@ -0,0 +1,100 @@ +{ + pkgs, + erosanixLib, +}: let + inherit (builtins) fetchurl replaceStrings; + inherit (pkgs) makeDesktopItem copyDesktopItems wineWow64Packages; + inherit (erosanixLib.x86_64-linux) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons; + + wine = wineWow64Packages.base; +in + mkWindowsAppNoCC rec { + inherit wine; + + pname = "studio"; + version = "2.25.12"; + + src = fetchurl { + url = "https://studio.download.bricklink.info/Studio2.0+EarlyAccess/Archive/2.25.12_1/Studio+2.0+EarlyAccess.exe"; + sha256 = "sha256:1xl3zvzkzr64zphk7rnpfx3whhbaykzw06m3nd5dc12r2p4sdh3v"; + }; + + enableMonoBootPrompt = false; + dontUnpack = true; + + wineArch = "win64"; + enableInstallNotification = true; + + fileMap = { + "$HOME/.config/${pname}/Stud.io" = "drive_c/users/$USER/AppData/Local/Stud.io"; + "$HOME/.config/${pname}/Bricklink" = "drive_c/users/$USER/AppData/LocalLow/Bricklink"; + }; + + fileMapDuringAppInstall = false; + + persistRegistry = false; + persistRuntimeLayer = true; + inputHashMethod = "version"; + + enableVulkan = false; + rendererOverride = null; + + enableHUD = false; + + enabledWineSymlinks = {}; + graphicsDriver = "auto"; + inhibitIdle = false; + + nativeBuildInputs = [copyDesktopIcons copyDesktopItems]; + + winAppInstall = replaceStrings ["\r"] [""] '' + wine64 ${src} + + wineserver -W + wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f + ''; + + winAppPreRun = replaceStrings ["\r"] [""] '' + wineserver -W + wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f + ''; + + winAppRun = replaceStrings ["\r"] [""] '' + wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS" + ''; + + winAppPostRun = ""; + installPhase = replaceStrings ["\r"] [""] '' + runHook preInstall + + ln -s $out/bin/.launcher $out/bin/${pname} + + runHook postInstall + ''; + + desktopItems = [ + (makeDesktopItem { + mimeTypes = []; + + name = pname; + exec = pname; + icon = pname; + desktopName = "Bricklink studio"; + genericName = "Lego creation app"; + categories = []; + }) + ]; + + desktopIcon = makeDesktopIcon { + name = pname; + src = ./studio.png; + }; + + meta = { + description = "App for creating lego builds"; + homepage = "https://www.bricklink.com/v3/studio/main.page"; + license = ""; + maintainers = []; + platforms = ["x86_64-linux"]; + }; + } diff --git a/packages/vaultwarden/default.nix b/packages/vaultwarden/default.nix index 243288b..035b6da 100644 --- a/packages/vaultwarden/default.nix +++ b/packages/vaultwarden/default.nix @@ -1,29 +1,9 @@ -{ lib, stdenv, rustPlatform, fetchFromGitHub, openssl, pkg-config, postgresql, dbBackend ? "postgresql", ... }: -rustPlatform.buildRustPackage rec { - pname = "vaultwarden"; - version = "1.34.3"; - - src = fetchFromGitHub { - owner = "Timshel"; - repo = "vaultwarden"; - rev = "1.34.3"; - hash = "sha256-Dj0ySVRvBZ/57+UHas3VI8bi/0JBRqn0IW1Dq+405J0="; +{lib, ...}: { + perSystem = {pkgs, ...}: { + packages.vaultwarden = pkgs.callPackage ./package.nix {}; }; - cargoHash = "sha256-4sDagd2XGamBz1XvDj4ycRVJ0F+4iwHOPlj/RglNDqE="; - - # used for "Server Installed" version in admin panel - env.VW_VERSION = version; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = - [ openssl ] - ++ lib.optional (dbBackend == "postgresql") postgresql; - - buildFeatures = dbBackend; - - meta = with lib; { - license = licenses.agpl3Only; - mainProgram = "vaultwarden"; + flake.overlays."package/vaultwarden" = final: _prev: { + vaultwarden = final.callPackage ./package.nix {}; }; -} \ No newline at end of file +} diff --git a/packages/vaultwarden/package.nix b/packages/vaultwarden/package.nix new file mode 100644 index 0000000..c4642fd --- /dev/null +++ b/packages/vaultwarden/package.nix @@ -0,0 +1,28 @@ +{lib, stdenv, rustPlatform, fetchFromGitHub, openssl, pkg-config, postgresql, dbBackend ? "postgresql", ...}: +rustPlatform.buildRustPackage rec { + pname = "vaultwarden"; + version = "1.34.3"; + + src = fetchFromGitHub { + owner = "Timshel"; + repo = "vaultwarden"; + rev = "1.34.3"; + hash = "sha256-Dj0ySVRvBZ/57+UHas3VI8bi/0JBRqn0IW1Dq+405J0="; + }; + + cargoHash = "sha256-4sDagd2XGamBz1XvDj4ycRVJ0F+4iwHOPlj/RglNDqE="; + + env.VW_VERSION = version; + + nativeBuildInputs = [pkg-config]; + buildInputs = + [openssl] + ++ lib.optional (dbBackend == "postgresql") postgresql; + + buildFeatures = dbBackend; + + meta = with lib; { + license = licenses.agpl3Only; + mainProgram = "vaultwarden"; + }; +} diff --git a/scratchpad b/scratchpad new file mode 100644 index 0000000..afff9b8 --- /dev/null +++ b/scratchpad @@ -0,0 +1 @@ +--resume=18a19308-41c9-4898-ab01-594195fd75a1 diff --git a/shells/default/default.nix b/shells/default/default.nix index ed12b5c..8be0232 100644 --- a/shells/default/default.nix +++ b/shells/default/default.nix @@ -1,22 +1,22 @@ { - mkShell, inputs, - pkgs, - stdenv, ... -}: -mkShell { - packages = with pkgs; [ - bash - sops - just - yq - pwgen - alejandra - nil - nixd - openssl - inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli - nix-output-monitor - ]; +}: { + perSystem = {pkgs, system, ...}: { + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + bash + sops + just + yq + pwgen + alejandra + nil + nixd + openssl + inputs.clan-core.packages.${system}.clan-cli + nix-output-monitor + ]; + }; + }; } diff --git a/systems/x86_64-install-iso/minimal/default.nix b/systems/x86_64-install-iso/minimal/default.nix deleted file mode 100644 index 7d80104..0000000 --- a/systems/x86_64-install-iso/minimal/default.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ pkgs, lib, ... }: -let - inherit (lib) mkForce; -in -{ - boot = { - supportedFilesystems = mkForce ["btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs"]; - - loader.efi.canTouchEfiVariables = true; - }; - - networking = { - wireless.enable = mkForce false; - networkmanager.enable = true; - }; - - nix = { - enable = true; - extraOptions = "experimental-features = nix-command flakes"; - channel.enable = false; - - settings = { - experimental-features = [ "nix-command" "flakes" ]; - allowed-users = [ "@wheel" ]; - trusted-users = [ "@wheel" ]; - - auto-optimise-store = true; - connect-timeout = 5; - http-connections = 50; - log-lines = 50; # more log lines in case of error - min-free = 1 * (1024 * 1024 * 1024); # GiB # start garbage collector - max-free = 50 * (1024 * 1024 * 1024); # GiB # until - warn-dirty = false; - }; - }; - - services = { - qemuGuest.enable = true; - openssh = { - enable = true; - settings.PermitRootLogin = mkForce "yes"; - }; - }; - - users.users.nixos = { - initialPassword = "kaas"; - initialHashedPassword = mkForce null; - extraGroups = [ "networkmanager" ]; - }; - - environment.systemPackages = with pkgs; [ - # sbctl - git - # gum - # ( - # writeShellScriptBin "rescue" '' - # #!/usr/bin/env bash - # set -euo pipefail - - # gum "device name" - - # sudo mkdir -p /mnt/{dev,proc,sys,boot} - # sudo mount -o bind /dev /mnt/dev - # sudo mount -o bind /proc /mnt/proc - # sudo mount -o bind /sys /mnt/sys - # sudo chroot /mnt /nix/var/nix/profiles/system/activate - # sudo chroot /mnt /run/current-system/sw/bin/bash - - # sudo mount /dev/vda1 /mnt/boot - # sudo cryptsetup open /dev/vda3 cryptroot - # sudo mount /dev/mapper/cryptroot /mnt/ - - # sudo nixos-enter - # '' - # ) - # ( - # writeShellScriptBin "nix_installer" - # '' - # #!/usr/bin/env bash - # set -euo pipefail - - # if [ "$(id -u)" -eq 0 ]; then - # echo "ERROR! $(basename "$0") should be run as a regular user" - # exit 1 - # fi - - # if [ ! -d "$HOME/github/sneeuwvlok/.git" ]; then - # git clone https://github.com/chris-kruining/sneeuwvlok.git "$HOME/github/sneeuwvlok" - # fi - - # TARGET_HOST=$(ls -1 ~/github/sneeuwvlok/systems/*/default.nix | cut -d'/' -f6 | grep -v iso | gum choose) - - # if [ ! -e "$HOME/github/sneeuwvlok/hosts/$TARGET_HOST/disks.nix" ]; then - # echo "ERROR! $(basename "$0") could not find the required $HOME/github/sneeuwvlok/hosts/$TARGET_HOST/disks.nix" - # exit 1 - # fi - - # gum confirm --default=false \ - # "🔥 🔥 🔥 WARNING!!!! This will ERASE ALL DATA on the disk $TARGET_HOST. Are you sure you want to continue?" - - # echo "Partitioning Disks" - # sudo nix run github:nix-community/disko \ - # --extra-experimental-features "nix-command flakes" \ - # --no-write-lock-file \ - # -- \ - # --mode zap_create_mount \ - # "$HOME/dotfiles/hosts/$TARGET_HOST/disks.nix" - - # #echo "Creating blank volume" - # #sudo btrfs subvolume snapshot -r /mnt/ /mnt/root-blank - - # #echo "Set up attic binary cache" - # #attic use prod || true - - # sudo nixos-install --flake "$HOME/dotfiles#$TARGET_HOST" - # '' - # ) - ]; - - system.stateVersion = "23.11"; -} diff --git a/users/chris/mandos.nix b/users/chris/mandos.nix new file mode 100644 index 0000000..a883431 --- /dev/null +++ b/users/chris/mandos.nix @@ -0,0 +1,38 @@ +{...}: { + home-manager.users.chris = {osConfig, ...}: { + home.stateVersion = osConfig.system.stateVersion; + + programs.git = { + settings.user = { + name = "Chris Kruining"; + email = "chris@kruining.eu"; + }; + }; + + sneeuwvlok = { + defaults = { + shell = "zsh"; + terminal = "ghostty"; + browser = "zen"; + editor = "zed"; + }; + + shell = { + corePkgs.enable = true; + }; + + themes = { + enable = true; + theme = "everforest"; + polarity = "dark"; + }; + + application = { + bitwarden.enable = true; + teamspeak.enable = true; + steam.enable = true; + zen.enable = true; + }; + }; + }; +} diff --git a/users/chris/manwe.nix b/users/chris/manwe.nix new file mode 100644 index 0000000..a4f077b --- /dev/null +++ b/users/chris/manwe.nix @@ -0,0 +1,61 @@ +{...}: { + home-manager.users.chris = {osConfig, ...}: { + home.stateVersion = osConfig.system.stateVersion; + + programs.git = { + settings.user = { + name = "Chris Kruining"; + email = "chris@kruining.eu"; + }; + }; + + sneeuwvlok = { + defaults = { + shell = "zsh"; + terminal = "ghostty"; + browser = "zen"; + editor = "zed"; + }; + + shell = { + corePkgs.enable = true; + }; + + themes = { + enable = true; + theme = "everforest"; + polarity = "dark"; + }; + + development = { + rust.enable = true; + javascript.enable = true; + dotnet.enable = true; + }; + + application = { + bitwarden.enable = true; + discord.enable = true; + ladybird.enable = true; + matrix.enable = true; + obs.enable = true; + onlyoffice.enable = true; + signal.enable = true; + steam.enable = true; + studio.enable = true; + teamspeak.enable = true; + thunderbird.enable = true; + zen.enable = true; + }; + + shell.zsh.enable = true; + terminal.ghostty.enable = true; + + editor = { + zed.enable = true; + nvim.enable = true; + nano.enable = true; + }; + }; + }; +} diff --git a/users/chris/orome.nix b/users/chris/orome.nix new file mode 100644 index 0000000..ad588d0 --- /dev/null +++ b/users/chris/orome.nix @@ -0,0 +1,51 @@ +{...}: { + home-manager.users.chris = {osConfig, ...}: { + home.stateVersion = osConfig.system.stateVersion; + + programs.git = { + settings.user = { + name = "Chris Kruining"; + email = "chris@kruining.eu"; + }; + }; + + sneeuwvlok = { + defaults = { + shell = "zsh"; + terminal = "ghostty"; + browser = "zen"; + editor = "zed"; + }; + + shell = { + corePkgs.enable = true; + }; + + themes = { + enable = true; + theme = "everforest"; + polarity = "dark"; + }; + + development = { + javascript.enable = true; + dotnet.enable = true; + }; + + application = { + bitwarden.enable = true; + onlyoffice.enable = true; + signal.enable = true; + zen.enable = true; + }; + + shell.zsh.enable = true; + terminal.ghostty.enable = true; + + editor = { + zed.enable = true; + nano.enable = true; + }; + }; + }; +} diff --git a/users/chris/tulkas.nix b/users/chris/tulkas.nix new file mode 100644 index 0000000..a883431 --- /dev/null +++ b/users/chris/tulkas.nix @@ -0,0 +1,38 @@ +{...}: { + home-manager.users.chris = {osConfig, ...}: { + home.stateVersion = osConfig.system.stateVersion; + + programs.git = { + settings.user = { + name = "Chris Kruining"; + email = "chris@kruining.eu"; + }; + }; + + sneeuwvlok = { + defaults = { + shell = "zsh"; + terminal = "ghostty"; + browser = "zen"; + editor = "zed"; + }; + + shell = { + corePkgs.enable = true; + }; + + themes = { + enable = true; + theme = "everforest"; + polarity = "dark"; + }; + + application = { + bitwarden.enable = true; + teamspeak.enable = true; + steam.enable = true; + zen.enable = true; + }; + }; + }; +} diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..c6867e1 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,78 @@ +{ + config, + inputs, + lib, + mkPkgs, + sharedContext, + ... +}: let + inherit (lib) mkOption types; + + mkHomeUserModule = spec: + (import spec.path {}).home-manager.users.${spec.user}; +in { + options.localUsers = { + homeEntries = mkOption { + type = types.attrsOf types.raw; + default = {}; + }; + + homeSharedModules = mkOption { + type = types.listOf types.raw; + default = []; + }; + }; + + config = { + localUsers.homeEntries = { + "chris@mandos" = { + machine = "mandos"; + user = "chris"; + path = ../users/chris/mandos.nix; + }; + "chris@manwe" = { + machine = "manwe"; + user = "chris"; + path = ../users/chris/manwe.nix; + }; + "chris@orome" = { + machine = "orome"; + user = "chris"; + path = ../users/chris/orome.nix; + }; + "chris@tulkas" = { + machine = "tulkas"; + user = "chris"; + path = ../users/chris/tulkas.nix; + }; + }; + + localUsers.homeSharedModules = + [ + inputs.stylix.homeModules.stylix + inputs.plasma-manager.homeModules.plasma-manager + inputs.zen-browser.homeModules.default + ] + ++ [ ../modules/home ]; + + flake.homeConfigurations = lib.mapAttrs (_: spec: + inputs.home-manager.lib.homeManagerConfiguration { + pkgs = mkPkgs "x86_64-linux"; + extraSpecialArgs = + sharedContext + // { + osConfig = config.flake.nixosConfigurations.${spec.machine}.config; + }; + modules = + config.localUsers.homeSharedModules + ++ [ + { + home.username = spec.user; + home.homeDirectory = "/home/${spec.user}"; + } + (mkHomeUserModule spec) + ]; + }) + config.localUsers.homeEntries; + }; +} From a7a1763fe00c7eadc6a18d6b01d00fd497ffb429 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 25 Mar 2026 16:26:04 +0100 Subject: [PATCH 03/58] wiiiiips --- clan.nix | 154 ++---- shells/default/default.nix => devShell.nix | 0 flake.lock | 100 ++-- flake.nix | 76 +-- lib/default.nix | 35 +- machines/ulmo/configuration.nix | 479 +++++++++--------- .../home/application/bitwarden/default.nix | 4 +- modules/home/application/chrome/default.nix | 17 +- modules/home/application/discord/default.nix | 19 +- modules/home/application/ladybird/default.nix | 4 +- modules/home/application/matrix/default.nix | 4 +- modules/home/application/obs/default.nix | 17 +- .../home/application/onlyoffice/default.nix | 4 +- modules/home/application/signal/default.nix | 4 +- modules/home/application/steam/default.nix | 19 +- modules/home/application/studio/default.nix | 4 +- .../home/application/teamspeak/default.nix | 4 +- .../home/application/thunderbird/default.nix | 4 +- modules/home/application/zen/default.nix | 19 +- modules/home/default.nix | 21 +- modules/home/desktop/plasma/default.nix | 6 +- modules/home/development/dotnet/default.nix | 4 +- .../home/development/javascript/default.nix | 4 +- modules/home/development/rust/default.nix | 22 +- modules/home/editor/nano/default.nix | 19 +- modules/home/editor/nvim/default.nix | 17 +- modules/home/editor/zed/default.nix | 4 +- modules/home/game/minecraft/default.nix | 19 +- modules/home/shell/default.nix | 6 +- modules/home/shell/toolset/bat/default.nix | 18 +- modules/home/shell/toolset/btop/default.nix | 18 +- modules/home/shell/toolset/eza/default.nix | 18 +- modules/home/shell/toolset/fzf/default.nix | 18 +- modules/home/shell/toolset/git/default.nix | 4 +- modules/home/shell/toolset/gnugpg/default.nix | 16 +- modules/home/shell/toolset/just/default.nix | 18 +- .../home/shell/toolset/starship/default.nix | 4 +- modules/home/shell/toolset/tmux/default.nix | 4 +- modules/home/shell/toolset/yazi/default.nix | 18 +- modules/home/shell/toolset/zellij/default.nix | 4 +- modules/home/shell/toolset/zoxide/default.nix | 18 +- modules/home/shell/zsh/default.nix | 6 +- modules/home/terminal/alacritty/default.nix | 15 +- modules/home/terminal/ghostty/default.nix | 19 +- modules/home/themes/default.nix | 22 +- modules/nixos/application/default.nix | 5 - modules/nixos/application/steam.nix | 29 ++ modules/nixos/application/steam/default.nix | 64 --- modules/nixos/boot/default.nix | 26 +- modules/nixos/default.nix | 19 +- modules/nixos/desktop/cosmic/default.nix | 6 +- modules/nixos/desktop/default.nix | 6 +- modules/nixos/desktop/gamescope/default.nix | 25 +- modules/nixos/desktop/gnome/default.nix | 28 +- modules/nixos/desktop/plasma/default.nix | 24 +- modules/nixos/editor/nano/default.nix | 4 +- modules/nixos/editor/nvim/default.nix | 4 +- modules/nixos/hardware/audio/default.nix | 4 +- modules/nixos/hardware/bluetooth/default.nix | 4 +- modules/nixos/hardware/gpu/amd/default.nix | 18 +- modules/nixos/hardware/gpu/nvidia.nix | 4 +- modules/nixos/hardware/gpu/nvidia/default.nix | 18 +- modules/nixos/hardware/keyboard/voyager.nix | 16 +- modules/nixos/nix/default.nix | 20 +- .../authentication/authelia/default.nix | 6 +- .../authentication/himmelblau/default.nix | 4 +- .../authentication/zitadel/default.nix | 6 +- .../nixos/services/backup/borg/default.nix | 4 +- .../services/communication/matrix/default.nix | 6 +- .../services/development/forgejo/default.nix | 6 +- .../services/games/minecraft/default.nix | 4 +- modules/nixos/services/games/openrct.nix | 18 +- .../nixos/services/games/palworld/default.nix | 4 +- modules/nixos/services/media/default.nix | 4 +- .../nixos/services/media/glance/default.nix | 6 +- .../nixos/services/media/jellyfin/default.nix | 6 +- .../nixos/services/media/mydia/default.nix | 4 +- .../services/media/nextcloud/default.nix | 6 +- modules/nixos/services/media/nfs/default.nix | 4 +- .../nixos/services/media/servarr/default.nix | 4 +- .../services/networking/caddy/default.nix | 4 +- .../nixos/services/networking/ssh/default.nix | 19 +- .../services/networking/wireguard/default.nix | 4 +- .../observability/grafana/default.nix | 4 +- .../services/observability/loki/default.nix | 18 +- .../observability/prometheus/default.nix | 4 +- .../observability/promtail/default.nix | 4 +- .../observability/uptime-kuma/default.nix | 20 +- .../persistance/postgesql/default.nix | 4 +- .../services/security/vaultwarden/default.nix | 6 +- .../virtualisation/podman/default.nix | 17 +- modules/nixos/shells/default.nix | 2 - modules/nixos/shells/zsh/default.nix | 17 +- modules/nixos/system/default.nix | 6 - modules/nixos/system/networking/default.nix | 4 +- .../nixos/system/security/boot/default.nix | 17 +- modules/nixos/system/security/default.nix | 43 +- .../nixos/system/security/sops/default.nix | 16 +- .../nixos/system/security/sudo/default.nix | 4 +- packages/default.nix | 24 - packages/flake-module.nix | 14 + packages/studio/default.nix | 112 +++- packages/studio/package.nix | 100 ---- packages/vaultwarden/default.nix | 29 +- packages/vaultwarden/package.nix | 28 - 105 files changed, 1152 insertions(+), 1093 deletions(-) rename shells/default/default.nix => devShell.nix (100%) delete mode 100644 modules/nixos/application/default.nix create mode 100644 modules/nixos/application/steam.nix delete mode 100644 modules/nixos/application/steam/default.nix delete mode 100644 modules/nixos/shells/default.nix delete mode 100644 modules/nixos/system/default.nix delete mode 100644 packages/default.nix create mode 100644 packages/flake-module.nix delete mode 100644 packages/studio/package.nix delete mode 100644 packages/vaultwarden/package.nix diff --git a/clan.nix b/clan.nix index 2524ad2..1140fa9 100644 --- a/clan.nix +++ b/clan.nix @@ -1,7 +1,4 @@ { - baseNixosModules, - lib, -}: { meta = { name = "arda"; domain = "arda"; @@ -11,60 +8,60 @@ directory = ./.; inventory.machines = { - aule = { - name = "aule"; - description = "Planned build server."; - machineClass = "nixos"; - tags = ["planned" "build"]; - }; - mandos = { - name = "mandos"; - description = "Living room Steam box."; - machineClass = "nixos"; - tags = ["gaming" "living-room"]; - }; - manwe = { - name = "manwe"; - description = "Main desktop."; - machineClass = "nixos"; - tags = ["desktop"]; - }; - melkor = { - name = "melkor"; - description = "Planned machine with no defined role yet."; - machineClass = "nixos"; - tags = []; - }; - orome = { - name = "orome"; - description = "Work laptop."; - machineClass = "nixos"; - tags = ["laptop" "work"]; - }; - tulkas = { - name = "tulkas"; - description = "Steam Deck."; - machineClass = "nixos"; - tags = ["gaming" "handheld"]; - }; + # aule = { + # name = "aule"; + # description = "Planned build server."; + # machineClass = "nixos"; + # tags = ["planned" "build"]; + # }; + # mandos = { + # name = "mandos"; + # description = "Living room Steam box."; + # machineClass = "nixos"; + # tags = ["gaming" "living-room"]; + # }; + # manwe = { + # name = "manwe"; + # description = "Main desktop."; + # machineClass = "nixos"; + # tags = ["desktop"]; + # }; + # melkor = { + # name = "melkor"; + # description = "Planned machine with no defined role yet."; + # machineClass = "nixos"; + # tags = []; + # }; + # orome = { + # name = "orome"; + # description = "Work laptop."; + # machineClass = "nixos"; + # tags = ["laptop" "work"]; + # }; + # tulkas = { + # name = "tulkas"; + # description = "Steam Deck."; + # machineClass = "nixos"; + # tags = ["gaming" "handheld"]; + # }; ulmo = { name = "ulmo"; description = "Primary self-hosted services machine."; machineClass = "nixos"; tags = ["server" "services"]; }; - varda = { - name = "varda"; - description = "Planned machine with no defined role yet."; - machineClass = "nixos"; - tags = []; - }; - yavanna = { - name = "yavanna"; - description = "Planned machine with no defined role yet."; - machineClass = "nixos"; - tags = []; - }; + # varda = { + # name = "varda"; + # description = "Planned machine with no defined role yet."; + # machineClass = "nixos"; + # tags = []; + # }; + # yavanna = { + # name = "yavanna"; + # description = "Planned machine with no defined role yet."; + # machineClass = "nixos"; + # tags = []; + # }; }; inventory.instances = { @@ -79,7 +76,7 @@ roles.default.settings = { user = "chris"; - groups = [ "wheel" ]; + groups = ["wheel"]; prompt = true; share = true; }; @@ -87,53 +84,10 @@ }; machines = { - mandos = { - imports = baseNixosModules ++ [ - { - networking.hostName = lib.mkDefault "mandos"; - } - ./machines/mandos/configuration.nix - ./users/chris/mandos.nix - ]; - }; - - manwe = { - imports = baseNixosModules ++ [ - { - networking.hostName = lib.mkDefault "manwe"; - } - ./machines/manwe/configuration.nix - ./users/chris/manwe.nix - ]; - }; - - orome = { - imports = baseNixosModules ++ [ - { - networking.hostName = lib.mkDefault "orome"; - } - ./machines/orome/configuration.nix - ./users/chris/orome.nix - ]; - }; - - tulkas = { - imports = baseNixosModules ++ [ - { - networking.hostName = lib.mkDefault "tulkas"; - } - ./machines/tulkas/configuration.nix - ./users/chris/tulkas.nix - ]; - }; - - ulmo = { - imports = baseNixosModules ++ [ - { - networking.hostName = lib.mkDefault "ulmo"; - } - ./machines/ulmo/configuration.nix - ]; - }; + # mandos = {}; + # manwe = {}; + # orome = {}; + # tulkas = {}; + ulmo = {}; }; } diff --git a/shells/default/default.nix b/devShell.nix similarity index 100% rename from shells/default/default.nix rename to devShell.nix diff --git a/flake.lock b/flake.lock index 24acfef..95c27cc 100644 --- a/flake.lock +++ b/flake.lock @@ -184,11 +184,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1774250935, - "narHash": "sha256-mWID0WFgTnd9hbEeaPNX+YYWF70JN3r7zBouEqERJOE=", + "lastModified": 1774423251, + "narHash": "sha256-g/PP8G9WcP4vtZVOBNYwfGxLnwLQoTERHnef8irAMeQ=", "owner": "nix-community", "repo": "fenix", - "rev": "64d7705e8c37d650cfb1aa99c24a8ce46597f29e", + "rev": "b70d7535088cd8a9e4322c372a475f66ffa18adf", "type": "github" }, "original": { @@ -445,11 +445,11 @@ ] }, "locked": { - "lastModified": 1773992301, - "narHash": "sha256-lm1qy9P463cblBAFC2g8VaALR1Gje1oyYXCPtiEumus=", + "lastModified": 1774387289, + "narHash": "sha256-Z/0IfVHrb0lEdv1WcHEe/ni4utBMR2GXZIktzYcTDSU=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "fcb8966990c24f97fe224fa0c8977fe730d4cf50", + "rev": "b2eccc7cb188253e49bffdddd743d01f52ab9625", "type": "github" }, "original": { @@ -465,11 +465,11 @@ ] }, "locked": { - "lastModified": 1774210133, - "narHash": "sha256-yeiWCY9aAUUJ3ebMVjs0UZXRnT5x90MCtpbpOWiXrvM=", + "lastModified": 1774379316, + "narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=", "owner": "nix-community", "repo": "home-manager", - "rev": "c6fe2944ad9f2444b2d767c4a5edee7c166e8a95", + "rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7", "type": "github" }, "original": { @@ -499,6 +499,21 @@ "type": "github" } }, + "import-tree": { + "locked": { + "lastModified": 1773693634, + "narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=", + "owner": "vic", + "repo": "import-tree", + "rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "import-tree", + "type": "github" + } + }, "jovian": { "inputs": { "nix-github-actions": "nix-github-actions", @@ -507,11 +522,11 @@ ] }, "locked": { - "lastModified": 1774168156, - "narHash": "sha256-+pwZSARdlM2RQQ6V0q76+WMKW9aNIcxkSOIThcz/f0A=", + "lastModified": 1774333446, + "narHash": "sha256-jeAUd4mfLle7Zw8F3lDdXvw2cmeP3FgVphHq2XuEKbs=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "939caad56508542d0f19cab963e2bc693f5f2831", + "rev": "79b45622eff2ae0437d7a712610044bbc7b87fa2", "type": "github" }, "original": { @@ -645,11 +660,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1774060651, - "narHash": "sha256-sZiam+rmNcOZGnlbnqDD9oTwfMdQUM+uQmFqqSoe194=", + "lastModified": 1774407052, + "narHash": "sha256-rUkn7Bo3PAlpcZl8+0FDsTwFyDwvS4xwMT9+RJ+XJoE=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "46727bd27d32d63069ed26a690554373ae2b4702", + "rev": "70daf1f48885f0b4a70797076cd2ff5d9139b46e", "type": "github" }, "original": { @@ -752,11 +767,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1774259547, - "narHash": "sha256-5EQ1TL+R/tcsoGas1oALp5Tj2ACfSul+pfrrxP72xC0=", + "lastModified": 1774449288, + "narHash": "sha256-ukB6NS45Oi62fQM4RpZfx3dpqxIu66ADCCFl6h72Fjo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3f8d82c4c685fb6f3080745dab8f07606ae50d3", + "rev": "cd0256cd8c537170cf24827fa821efb57aed9f40", "type": "github" }, "original": { @@ -816,11 +831,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1774273680, - "narHash": "sha256-a++tZ1RQsDb1I0NHrFwdGuRlR5TORvCEUksM459wKUA=", + "lastModified": 1773840656, + "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed", + "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512", "type": "github" }, "original": { @@ -865,11 +880,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1774224548, - "narHash": "sha256-g45WZAZHNc7wJBkK4IdB5dq0Bh0JE7G0gcY2H5DFi44=", + "lastModified": 1774375131, + "narHash": "sha256-d22VIgsDXagQQWnAnebYeQWGHlmF81YRwuGCzAgNZAQ=", "owner": "notashelf", "repo": "nvf", - "rev": "edfb73fa4ced576f587d259a70a513b4152f8cea", + "rev": "d847d401bea4dcb1478d02a61a3209fa8512f71d", "type": "github" }, "original": { @@ -911,6 +926,7 @@ "grub2-themes": "grub2-themes", "himmelblau": "himmelblau", "home-manager": "home-manager", + "import-tree": "import-tree", "jovian": "jovian", "mydia": "mydia", "nix-minecraft": "nix-minecraft", @@ -922,6 +938,7 @@ "plasma-manager": "plasma-manager", "sops-nix": "sops-nix_2", "stylix": "stylix", + "systems": "systems_5", "terranix": "terranix", "zen-browser": "zen-browser" } @@ -929,11 +946,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1774221325, - "narHash": "sha256-aEIdkqB8gtQZtEbogdUb5iyfcZpKIlD3FkG8ANu73/I=", + "lastModified": 1774376228, + "narHash": "sha256-7oA0u4aghFjjIcIDKZ26NUpXH7hVXGPC0sI1OfK7NUk=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "b42b63f390a4dab14e6efa34a70e67f5b087cc62", + "rev": "eabb84b771420b8396ab4bb4747694302d9be277", "type": "github" }, "original": { @@ -969,11 +986,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1774154798, - "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=", + "lastModified": 1774303811, + "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170", + "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042", "type": "github" }, "original": { @@ -1089,13 +1106,28 @@ "type": "github" } }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1773700838, @@ -1221,11 +1253,11 @@ ] }, "locked": { - "lastModified": 1774242250, - "narHash": "sha256-pchbnY7KVnH26g4O3LZO8vpshInqNj937gAqlPob1Mk=", + "lastModified": 1774352774, + "narHash": "sha256-gibUM0pSnLxEeuFrYA8T1oEaixk+fjQpqXbYaxcEX/4=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "f19c3e6683c2d2f3fcfcb88fb691931a104bc47c", + "rev": "a0f3d47dbd8f8618a1920d5a5ca09b7993415895", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 1225179..f068733 100644 --- a/flake.nix +++ b/flake.nix @@ -1,11 +1,17 @@ { description = "Nixos config flake"; + nixConfig = { + warn-dirty = false; + extra-experimental-features = ["nix-command" "flakes" "pipe-operators"]; + }; + inputs = { flake-parts = { url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "clan-core/nixpkgs"; }; + import-tree.url = "github:vic/import-tree"; clan-core = { url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; @@ -13,6 +19,7 @@ }; nixpkgs.follows = "clan-core/nixpkgs"; + systems.url = "github:nix-systems/default"; home-manager = { url = "github:nix-community/home-manager"; @@ -25,21 +32,9 @@ inputs.home-manager.follows = "home-manager"; }; - # Legacy ISO flow removed in favor of Clan install workflows. - # nixos-generators = { - # url = "github:nix-community/nixos-generators"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; - # neovim nvf.url = "github:notashelf/nvf"; - # Unused input retained as a comment for easy recovery. - # nixos-boot.url = "github:Melkor333/nixos-boot"; - - # Unused input retained as a comment for easy recovery. - # firefox.url = "github:nix-community/flake-firefox-nightly"; - stylix.url = "github:nix-community/stylix"; # Rust toolchain @@ -78,15 +73,6 @@ url = "github:vinceliuice/grub2-themes"; }; - # Unused input retained as a comment for easy recovery. - # nixos-wsl = { - # url = "github:nix-community/nixos-wsl"; - # inputs = { - # nixpkgs.follows = "nixpkgs"; - # flake-compat.follows = ""; - # }; - # }; - terranix = { url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -98,23 +84,41 @@ }; }; - outputs = inputs@{flake-parts, ...}: + outputs = inputs @ { + flake-parts, + nixpkgs, + systems, + ... + }: flake-parts.lib.mkFlake {inherit inputs;} { - systems = [ - "x86_64-linux" - "aarch64-linux" - "x86_64-darwin" - "aarch64-darwin" + systems = import systems; + clan = import ./clan.nix; + + imports = with inputs; [ + flake-parts.flakeModules.modules + clan-core.flakeModules.default ]; - imports = [ - inputs.clan-core.flakeModules.default - inputs.home-manager.flakeModules.home-manager - ./lib/default.nix - ./machines/default.nix - ./packages/default.nix - ./shells/default/default.nix - ./users/default.nix - ]; + perSystem = {system, ...}: { + _module.args = { + pkgs = import nixpkgs { + inherit system; + + overlays = with inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + config = { + allowUnfree = true; + permittedInsecurePackages = [ + # I think this is because of zen + "qtwebengine-5.15.19" + ]; + }; + }; + }; + }; }; } diff --git a/lib/default.nix b/lib/default.nix index c89e6cf..c59ca61 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -7,34 +7,6 @@ inherit (lib) mkOption types; namespace = "sneeuwvlok"; - channelConfig = { - allowUnfree = true; - permittedInsecurePackages = [ - # Due to *arr stack - "dotnet-sdk-6.0.428" - "aspnetcore-runtime-6.0.36" - - # I think this is because of zen - "qtwebengine-5.15.19" - - # For Nheko, the matrix client - "olm-3.2.16" - ]; - }; - - systemOverlays = with inputs; [ - fenix.overlays.default - nix-minecraft.overlay - flux.overlays.default - ]; - - mkPkgs = system: - import inputs.nixpkgs { - inherit system; - overlays = systemOverlays; - config = channelConfig; - }; - sharedContext = { inherit inputs namespace; erosanixLib = inputs.erosanix.lib; @@ -54,11 +26,6 @@ inputs.nvf.nixosModules.default inputs.sops-nix.nixosModules.sops { - nixpkgs = { - config = channelConfig; - overlays = systemOverlays; - }; - home-manager = { useGlobalPkgs = true; useUserPackages = true; @@ -67,7 +34,7 @@ }; } ] - ++ [ ../modules/nixos ]; + ++ [../modules/nixos]; in { imports = [ ./options diff --git a/machines/ulmo/configuration.nix b/machines/ulmo/configuration.nix index b79d25e..4c9ebbb 100644 --- a/machines/ulmo/configuration.nix +++ b/machines/ulmo/configuration.nix @@ -1,276 +1,301 @@ -{...}: { +{ + pkgs, + inputs, + ... +}: { imports = [ ./disks.nix ./hardware.nix + ../../modules/nixos ]; + sneeuwvlok.application.steam.enable = true; + nixpkgs.hostPlatform = "x86_64-linux"; + system.stateVersion = "23.11"; - networking = { - interfaces.enp2s0 = { - ipv6.addresses = [ - { - address = "2a0d:6e00:1dc9:0::dead:beef"; - prefixLength = 64; - } - ]; + boot = { + kernelPackages = pkgs.linuxPackages_latest; - useDHCP = true; + loader = { + systemd-boot.enable = false; + efi.canTouchEfiVariables = true; + grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = false; + device = "nodev"; # INFO: https://discourse.nixos.org/t/question-about-grub-and-nodev + }; }; - defaultGateway = { - address = "192.168.1.1"; - interface = "enp2s0"; - }; - - defaultGateway6 = { - address = "fe80::1"; - interface = "enp2s0"; - }; + supportedFilesystems = ["nfs"]; }; - # virtualisation = { - # containers.enable = true; - # podman = { - # enable = true; - # dockerCompat = true; + # sneeuwvlok.application.steam.enable = true; + + # networking = { + # interfaces.enp2s0 = { + # ipv6.addresses = [ + # { + # address = "2a0d:6e00:1dc9:0::dead:beef"; + # prefixLength = 64; + # } + # ]; + + # useDHCP = true; # }; - # oci-containers = { - # backend = "podman"; - # containers = { - # homey = { - # image = "ghcr.io/athombv/homey-shs:latest"; - # autoStart = true; - # privileged = true; - # volumes = [ - # "/home/chris/.homey-shs:/homey/user" - # ]; - # ports = [ - # "4859:4859" - # ]; - # }; - # }; + # defaultGateway = { + # address = "192.168.1.1"; + # interface = "enp2s0"; + # }; + + # defaultGateway6 = { + # address = "fe80::1"; + # interface = "enp2s0"; # }; # }; - sneeuwvlok = { - services = { - backup.borg.enable = true; + # # virtualisation = { + # # containers.enable = true; + # # podman = { + # # enable = true; + # # dockerCompat = true; + # # }; - authentication.zitadel = { - enable = true; + # # oci-containers = { + # # backend = "podman"; + # # containers = { + # # homey = { + # # image = "ghcr.io/athombv/homey-shs:latest"; + # # autoStart = true; + # # privileged = true; + # # volumes = [ + # # "/home/chris/.homey-shs:/homey/user" + # # ]; + # # ports = [ + # # "4859:4859" + # # ]; + # # }; + # # }; + # # }; + # # }; - organization = { - nix = { - user = { - chris = { - email = "chris@kruining.eu"; - firstName = "Chris"; - lastName = "Kruining"; + # # sneeuwvlok = { + # # services = { + # # backup.borg.enable = true; - roles = ["ORG_OWNER"]; - instanceRoles = ["IAM_OWNER"]; - }; + # # authentication.zitadel = { + # # enable = true; - kaas = { - email = "chris+kaas@kruining.eu"; - firstName = "Kaas"; - lastName = "Kruining"; - }; - }; + # # organization = { + # # nix = { + # # user = { + # # chris = { + # # email = "chris@kruining.eu"; + # # firstName = "Chris"; + # # lastName = "Kruining"; - project = { - ulmo = { - projectRoleCheck = true; - projectRoleAssertion = true; - hasProjectCheck = true; + # # roles = ["ORG_OWNER"]; + # # instanceRoles = ["IAM_OWNER"]; + # # }; - role = { - jellyfin = { - group = "jellyfin"; - }; - jellyfin_admin = { - group = "jellyfin"; - }; - }; + # # kaas = { + # # email = "chris+kaas@kruining.eu"; + # # firstName = "Kaas"; + # # lastName = "Kruining"; + # # }; + # # }; - assign = { - chris = ["jellyfin" "jellyfin_admin"]; - kaas = ["jellyfin"]; - }; + # # project = { + # # ulmo = { + # # projectRoleCheck = true; + # # projectRoleAssertion = true; + # # hasProjectCheck = true; - application = { - jellyfin = { - redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # # role = { + # # jellyfin = { + # # group = "jellyfin"; + # # }; + # # jellyfin_admin = { + # # group = "jellyfin"; + # # }; + # # }; - forgejo = { - redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # # assign = { + # # chris = ["jellyfin" "jellyfin_admin"]; + # # kaas = ["jellyfin"]; + # # }; - vaultwarden = { - redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - exportMap = { - client_id = "SSO_CLIENT_ID"; - client_secret = "SSO_CLIENT_SECRET"; - }; - }; + # # application = { + # # jellyfin = { + # # redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; + # # grantTypes = ["authorizationCode"]; + # # responseTypes = ["code"]; + # # }; - matrix = { - redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # # forgejo = { + # # redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; + # # grantTypes = ["authorizationCode"]; + # # responseTypes = ["code"]; + # # }; - mydia = { - redirectUris = ["http://localhost:2010/auth/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # # vaultwarden = { + # # redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; + # # grantTypes = ["authorizationCode"]; + # # responseTypes = ["code"]; + # # exportMap = { + # # client_id = "SSO_CLIENT_ID"; + # # client_secret = "SSO_CLIENT_SECRET"; + # # }; + # # }; - grafana = { - redirectUris = ["http://localhost:9001/login/generic_oauth"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - }; - }; + # # matrix = { + # # redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; + # # grantTypes = ["authorizationCode"]; + # # responseTypes = ["code"]; + # # }; - convex = { - projectRoleCheck = true; - projectRoleAssertion = true; - hasProjectCheck = true; + # # mydia = { + # # redirectUris = ["http://localhost:2010/auth/oidc/callback"]; + # # grantTypes = ["authorizationCode"]; + # # responseTypes = ["code"]; + # # }; - application = { - scry = { - redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - }; - }; - }; + # # grafana = { + # # redirectUris = ["http://localhost:9001/login/generic_oauth"]; + # # grantTypes = ["authorizationCode"]; + # # responseTypes = ["code"]; + # # }; + # # }; + # # }; - action = { - flattenRoles = { - script = '' - (ctx, api) => { - if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { - return; - } + # # convex = { + # # projectRoleCheck = true; + # # projectRoleAssertion = true; + # # hasProjectCheck = true; - const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); + # # application = { + # # scry = { + # # redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; + # # grantTypes = ["authorizationCode"]; + # # responseTypes = ["code"]; + # # }; + # # }; + # # }; + # # }; - api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); - }; - ''; - }; - }; + # # action = { + # # flattenRoles = { + # # script = '' + # # (ctx, api) => { + # # if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { + # # return; + # # } - triggers = [ - { - flowType = "customiseToken"; - triggerType = "preUserinfoCreation"; - actions = ["flattenRoles"]; - } - { - flowType = "customiseToken"; - triggerType = "preAccessTokenCreation"; - actions = ["flattenRoles"]; - } - ]; - }; - }; - }; + # # const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); - communication.matrix.enable = true; + # # api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); + # # }; + # # ''; + # # }; + # # }; - development.forgejo.enable = true; + # # triggers = [ + # # { + # # flowType = "customiseToken"; + # # triggerType = "preUserinfoCreation"; + # # actions = ["flattenRoles"]; + # # } + # # { + # # flowType = "customiseToken"; + # # triggerType = "preAccessTokenCreation"; + # # actions = ["flattenRoles"]; + # # } + # # ]; + # # }; + # # }; + # # }; - networking.ssh.enable = true; - networking.caddy.hosts = { - # Expose amarht cloud stuff like this until I have a proper solution - "auth.amarth.cloud" = '' - reverse_proxy http://192.168.1.223:9092 - ''; + # # communication.matrix.enable = true; - "amarth.cloud" = '' - reverse_proxy http://192.168.1.223:8080 - ''; - }; + # # development.forgejo.enable = true; - media.enable = true; - media.glance.enable = true; - media.mydia.enable = true; - media.nfs.enable = true; - media.jellyfin.enable = true; - media.servarr = { - radarr = { - enable = true; - port = 2001; - rootFolders = [ - "/var/media/movies" - ]; - }; + # # networking.ssh.enable = true; + # # networking.caddy.hosts = { + # # # Expose amarht cloud stuff like this until I have a proper solution + # # "auth.amarth.cloud" = '' + # # reverse_proxy http://192.168.1.223:9092 + # # ''; - sonarr = { - enable = true; - # debug = true; - port = 2002; - rootFolders = [ - "/var/media/series" - ]; - }; + # # "amarth.cloud" = '' + # # reverse_proxy http://192.168.1.223:8080 + # # ''; + # # }; - lidarr = { - enable = true; - debug = true; - port = 2003; - rootFolders = [ - "/var/media/music" - ]; - }; + # # media.enable = true; + # # media.glance.enable = true; + # # media.mydia.enable = true; + # # media.nfs.enable = true; + # # media.jellyfin.enable = true; + # # media.servarr = { + # # radarr = { + # # enable = true; + # # port = 2001; + # # rootFolders = [ + # # "/var/media/movies" + # # ]; + # # }; - prowlarr = { - enable = true; - # debug = true; - port = 2004; - }; - }; + # # sonarr = { + # # enable = true; + # # # debug = true; + # # port = 2002; + # # rootFolders = [ + # # "/var/media/series" + # # ]; + # # }; - observability = { - grafana.enable = true; - prometheus.enable = true; - loki.enable = true; - promtail.enable = true; - # uptime-kuma.enable = true; - }; + # # lidarr = { + # # enable = true; + # # debug = true; + # # port = 2003; + # # rootFolders = [ + # # "/var/media/music" + # # ]; + # # }; - security.vaultwarden = { - enable = true; - database = { - # type = "sqlite"; - # file = "/var/lib/vaultwarden/state.db"; + # # prowlarr = { + # # enable = true; + # # # debug = true; + # # port = 2004; + # # }; + # # }; - type = "postgresql"; - host = "localhost"; - port = 5432; - sslMode = "disabled"; - }; - }; - }; + # # observability = { + # # grafana.enable = true; + # # prometheus.enable = true; + # # loki.enable = true; + # # promtail.enable = true; + # # # uptime-kuma.enable = true; + # # }; - editor = { - nano.enable = true; - }; - }; + # # security.vaultwarden = { + # # enable = true; + # # database = { + # # # type = "sqlite"; + # # # file = "/var/lib/vaultwarden/state.db"; - system.stateVersion = "23.11"; -} \ No newline at end of file + # # type = "postgresql"; + # # host = "localhost"; + # # port = 5432; + # # sslMode = "disabled"; + # # }; + # # }; + # # }; + + # # editor = { + # # nano.enable = true; + # # }; + # # }; +} diff --git a/modules/home/application/bitwarden/default.nix b/modules/home/application/bitwarden/default.nix index f2cd869..5d62919 100644 --- a/modules/home/application/bitwarden/default.nix +++ b/modules/home/application/bitwarden/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.bitwarden; + cfg = config.sneeuwvlok.application.bitwarden; in { - options.${namespace}.application.bitwarden = { + options.sneeuwvlok.application.bitwarden = { enable = mkEnableOption "enable bitwarden"; }; diff --git a/modules/home/application/chrome/default.nix b/modules/home/application/chrome/default.nix index ac9f5ef..1848836 100644 --- a/modules/home/application/chrome/default.nix +++ b/modules/home/application/chrome/default.nix @@ -1,11 +1,16 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.chrome; -in -{ - options.${namespace}.application.chrome = { + cfg = config.sneeuwvlok.application.chrome; +in { + options.sneeuwvlok.application.chrome = { enable = mkEnableOption "enable chrome"; }; diff --git a/modules/home/application/discord/default.nix b/modules/home/application/discord/default.nix index a736b37..edb640a 100644 --- a/modules/home/application/discord/default.nix +++ b/modules/home/application/discord/default.nix @@ -1,15 +1,20 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.discord; -in -{ - options.${namespace}.application.discord = { + cfg = config.sneeuwvlok.application.discord; +in { + options.sneeuwvlok.application.discord = { enable = mkEnableOption "enable discord (vesktop)"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ vesktop ]; + home.packages = with pkgs; [vesktop]; }; } diff --git a/modules/home/application/ladybird/default.nix b/modules/home/application/ladybird/default.nix index 31d7c17..f1ad1ea 100644 --- a/modules/home/application/ladybird/default.nix +++ b/modules/home/application/ladybird/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.ladybird; + cfg = config.sneeuwvlok.application.ladybird; in { - options.${namespace}.application.ladybird = { + options.sneeuwvlok.application.ladybird = { enable = mkEnableOption "enable ladybird"; }; diff --git a/modules/home/application/matrix/default.nix b/modules/home/application/matrix/default.nix index 867a94f..d09ea11 100644 --- a/modules/home/application/matrix/default.nix +++ b/modules/home/application/matrix/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.matrix; + cfg = config.sneeuwvlok.application.matrix; in { - options.${namespace}.application.matrix = { + options.sneeuwvlok.application.matrix = { enable = mkEnableOption "enable Matrix client (Fractal)"; }; diff --git a/modules/home/application/obs/default.nix b/modules/home/application/obs/default.nix index a2be203..e6ee4e3 100644 --- a/modules/home/application/obs/default.nix +++ b/modules/home/application/obs/default.nix @@ -1,11 +1,16 @@ -{ config, lib, pkgs, namespace, osConfig ? {}, ... }: -let +{ + config, + lib, + pkgs, + namespace, + osConfig ? {}, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.obs; -in -{ - options.${namespace}.application.obs = { + cfg = config.sneeuwvlok.application.obs; +in { + options.sneeuwvlok.application.obs = { enable = mkEnableOption "enable obs"; }; diff --git a/modules/home/application/onlyoffice/default.nix b/modules/home/application/onlyoffice/default.nix index 0479539..02484ca 100644 --- a/modules/home/application/onlyoffice/default.nix +++ b/modules/home/application/onlyoffice/default.nix @@ -8,9 +8,9 @@ }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.onlyoffice; + cfg = config.sneeuwvlok.application.onlyoffice; in { - options.${namespace}.application.onlyoffice = { + options.sneeuwvlok.application.onlyoffice = { enable = mkEnableOption "enable onlyoffice"; }; diff --git a/modules/home/application/signal/default.nix b/modules/home/application/signal/default.nix index f4eb1d0..1c591bf 100644 --- a/modules/home/application/signal/default.nix +++ b/modules/home/application/signal/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.signal; + cfg = config.sneeuwvlok.application.signal; in { - options.${namespace}.application.signal = { + options.sneeuwvlok.application.signal = { enable = mkEnableOption "enable signal"; }; diff --git a/modules/home/application/steam/default.nix b/modules/home/application/steam/default.nix index 8c87b40..28a8e93 100644 --- a/modules/home/application/steam/default.nix +++ b/modules/home/application/steam/default.nix @@ -1,16 +1,21 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.steam; -in -{ - options.${namespace}.application.steam = { + cfg = config.sneeuwvlok.application.steam; +in { + options.sneeuwvlok.application.steam = { enable = mkEnableOption "enable steam"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ protonup-ng ]; + home.packages = with pkgs; [protonup-ng]; home.sessionVariables = { STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; diff --git a/modules/home/application/studio/default.nix b/modules/home/application/studio/default.nix index bd4e64e..c883eac 100644 --- a/modules/home/application/studio/default.nix +++ b/modules/home/application/studio/default.nix @@ -2,13 +2,13 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.studio; + cfg = config.sneeuwvlok.application.studio; studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/package.nix") { inherit erosanixLib; }; in { - options.${namespace}.application.studio = { + options.sneeuwvlok.application.studio = { enable = mkEnableOption "enable Bricklink Studio"; }; diff --git a/modules/home/application/teamspeak/default.nix b/modules/home/application/teamspeak/default.nix index 3e5e530..031de79 100644 --- a/modules/home/application/teamspeak/default.nix +++ b/modules/home/application/teamspeak/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.teamspeak; + cfg = config.sneeuwvlok.application.teamspeak; in { - options.${namespace}.application.teamspeak = { + options.sneeuwvlok.application.teamspeak = { enable = mkEnableOption "enable teamspeak"; }; diff --git a/modules/home/application/thunderbird/default.nix b/modules/home/application/thunderbird/default.nix index 92c8e37..3392358 100644 --- a/modules/home/application/thunderbird/default.nix +++ b/modules/home/application/thunderbird/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.thunderbird; + cfg = config.sneeuwvlok.application.thunderbird; in { - options.${namespace}.application.thunderbird = { + options.sneeuwvlok.application.thunderbird = { enable = mkEnableOption "enable thunderbird"; }; diff --git a/modules/home/application/zen/default.nix b/modules/home/application/zen/default.nix index 1d18a92..b8a2505 100644 --- a/modules/home/application/zen/default.nix +++ b/modules/home/application/zen/default.nix @@ -1,11 +1,15 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.zen; -in -{ - options.${namespace}.application.zen = { + cfg = config.sneeuwvlok.application.zen; +in { + options.sneeuwvlok.application.zen = { enable = mkEnableOption "enable zen"; }; @@ -50,8 +54,7 @@ in install_url = "https://addons.mozilla.org/firefox/downloads/latest/${builtins.toString id}/latest.xpi"; installation_mode = "force_installed"; }; - in - { + in { ublock_origin = 4531307; ghostry = 4562168; bitwarden = 4562769; diff --git a/modules/home/default.nix b/modules/home/default.nix index 1c9623e..92a65e5 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,9 +1,14 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + namespace, + ... +}: let inherit (lib) mkOption; inherit (lib.types) enum; - cfg = config.${namespace}.defaults; + cfg = config.sneeuwvlok.defaults; in { imports = [ ./application @@ -17,30 +22,30 @@ in { ./themes ]; - options.${namespace}.defaults = { + options.sneeuwvlok.defaults = { editor = mkOption { - type = enum [ "nano" "nvim" "zed" ]; + type = enum ["nano" "nvim" "zed"]; default = "nano"; description = "Default editor for text manipulation"; example = "nvim"; }; shell = mkOption { - type = enum [ "fish" "zsh" "bash" ]; + type = enum ["fish" "zsh" "bash"]; default = "zsh"; description = "Default shell"; example = "zsh"; }; terminal = mkOption { - type = enum [ "ghostty" "alacritty" ]; + type = enum ["ghostty" "alacritty"]; default = "ghostty"; description = "Default terminal"; example = "ghostty"; }; browser = mkOption { - type = enum [ "chrome" "ladybird" "zen" ]; + type = enum ["chrome" "ladybird" "zen"]; default = "zen"; description = "Default terminal"; example = "zen"; diff --git a/modules/home/desktop/plasma/default.nix b/modules/home/desktop/plasma/default.nix index 0b679a0..f6e629e 100644 --- a/modules/home/desktop/plasma/default.nix +++ b/modules/home/desktop/plasma/default.nix @@ -2,11 +2,11 @@ let inherit (lib) mkIf; - cfg = config.${namespace}.desktop.plasma; - osCfg = osConfig.${namespace}.desktop.plasma or { enable = false; }; + cfg = config.sneeuwvlok.desktop.plasma; + osCfg = osConfig.sneeuwvlok.desktop.plasma or { enable = false; }; in { - options.${namespace}.desktop.plasma = { + options.sneeuwvlok.desktop.plasma = { }; diff --git a/modules/home/development/dotnet/default.nix b/modules/home/development/dotnet/default.nix index 7ed848e..e1d0f7c 100644 --- a/modules/home/development/dotnet/default.nix +++ b/modules/home/development/dotnet/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.development.dotnet; + cfg = config.sneeuwvlok.development.dotnet; in { - options.${namespace}.development.dotnet = { + options.sneeuwvlok.development.dotnet = { enable = mkEnableOption "Enable dotnet development tools"; }; diff --git a/modules/home/development/javascript/default.nix b/modules/home/development/javascript/default.nix index e649c86..40c94b4 100644 --- a/modules/home/development/javascript/default.nix +++ b/modules/home/development/javascript/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.development.javascript; + cfg = config.sneeuwvlok.development.javascript; in { - options.${namespace}.development.javascript = { + options.sneeuwvlok.development.javascript = { enable = mkEnableOption "Enable javascript development tools"; }; diff --git a/modules/home/development/rust/default.nix b/modules/home/development/rust/default.nix index 4208c68..f545e7e 100644 --- a/modules/home/development/rust/default.nix +++ b/modules/home/development/rust/default.nix @@ -1,15 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.development.rust; -in -{ - options.${namespace}.development.rust = { + cfg = config.sneeuwvlok.development.rust; +in { + options.sneeuwvlok.development.rust = { enable = mkEnableOption "Enable rust development tools"; }; - config = mkIf cfg.enable { - - }; + config = + mkIf cfg.enable { + }; } diff --git a/modules/home/editor/nano/default.nix b/modules/home/editor/nano/default.nix index 870db8e..f436775 100644 --- a/modules/home/editor/nano/default.nix +++ b/modules/home/editor/nano/default.nix @@ -1,16 +1,21 @@ -{ config, options, lib, pkgs, namespace, ... }: -let +{ + config, + options, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.editor.nano; -in -{ - options.${namespace}.editor.nano = { + cfg = config.sneeuwvlok.editor.nano; +in { + options.sneeuwvlok.editor.nano = { enable = mkEnableOption "nano"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ nano ]; + home.packages = with pkgs; [nano]; # programs.nano = { # enable = true; diff --git a/modules/home/editor/nvim/default.nix b/modules/home/editor/nvim/default.nix index 162772f..fcb0b25 100644 --- a/modules/home/editor/nvim/default.nix +++ b/modules/home/editor/nvim/default.nix @@ -1,15 +1,20 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.editor.nvim; -in -{ + cfg = config.sneeuwvlok.editor.nvim; +in { # imports = [ # inputs.nvf.nixosModules.default # ]; - options.${namespace}.editor.nvim = { + options.sneeuwvlok.editor.nvim = { enable = mkEnableOption "enable nvim via nvf on user level"; }; diff --git a/modules/home/editor/zed/default.nix b/modules/home/editor/zed/default.nix index f0fe7fa..2da026c 100644 --- a/modules/home/editor/zed/default.nix +++ b/modules/home/editor/zed/default.nix @@ -1,9 +1,9 @@ { config, lib, pkgs, namespace, ... }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.editor.zed; + cfg = config.sneeuwvlok.editor.zed; in { - options.${namespace}.editor.zed = { + options.sneeuwvlok.editor.zed = { enable = mkEnableOption "zed"; }; diff --git a/modules/home/game/minecraft/default.nix b/modules/home/game/minecraft/default.nix index e5dedc6..fbdcc9d 100644 --- a/modules/home/game/minecraft/default.nix +++ b/modules/home/game/minecraft/default.nix @@ -1,15 +1,20 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.game.minecraft; -in -{ - options.${namespace}.game.minecraft = { + cfg = config.sneeuwvlok.game.minecraft; +in { + options.sneeuwvlok.game.minecraft = { enable = mkEnableOption "enable minecraft"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ prismlauncher ]; + home.packages = with pkgs; [prismlauncher]; }; } diff --git a/modules/home/shell/default.nix b/modules/home/shell/default.nix index 636156a..2081c59 100644 --- a/modules/home/shell/default.nix +++ b/modules/home/shell/default.nix @@ -2,7 +2,7 @@ let inherit (lib) mkIf mkMerge mkEnableOption mkDefault; - cfg = config.${namespace}.shell; + cfg = config.sneeuwvlok.shell; in { imports = [ @@ -10,13 +10,13 @@ in ./zsh ]; - options.${namespace}.shell = { + options.sneeuwvlok.shell = { corePkgs.enable = mkEnableOption "core shell packages"; }; config = mkMerge [ (mkIf (cfg.corePkgs.enable) { - ${namespace}.shell.toolset = mkDefault { + sneeuwvlok.shell.toolset = mkDefault { bat.enable = true; btop.enable = true; eza.enable = true; diff --git a/modules/home/shell/toolset/bat/default.nix b/modules/home/shell/toolset/bat/default.nix index 78899df..0c403ee 100644 --- a/modules/home/shell/toolset/bat/default.nix +++ b/modules/home/shell/toolset/bat/default.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.bat; -in -{ - options.${namespace}.shell.toolset.bat = { + cfg = config.sneeuwvlok.shell.toolset.bat; +in { + options.sneeuwvlok.shell.toolset.bat = { enable = mkEnableOption "cat replacement"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ bat ]; + home.packages = with pkgs; [bat]; programs.bat = { enable = true; diff --git a/modules/home/shell/toolset/btop/default.nix b/modules/home/shell/toolset/btop/default.nix index b490acc..4368367 100644 --- a/modules/home/shell/toolset/btop/default.nix +++ b/modules/home/shell/toolset/btop/default.nix @@ -1,17 +1,21 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; inherit (lib.strings) concatStringsSep; - cfg = config.${namespace}.shell.toolset.btop; -in -{ - options.${namespace}.shell.toolset.btop = { + cfg = config.sneeuwvlok.shell.toolset.btop; +in { + options.sneeuwvlok.shell.toolset.btop = { enable = mkEnableOption "system-monitor"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ btop ]; + home.packages = with pkgs; [btop]; programs.btop = { enable = true; diff --git a/modules/home/shell/toolset/eza/default.nix b/modules/home/shell/toolset/eza/default.nix index 00026cf..463e9ae 100644 --- a/modules/home/shell/toolset/eza/default.nix +++ b/modules/home/shell/toolset/eza/default.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.eza; -in -{ - options.${namespace}.shell.toolset.eza = { + cfg = config.sneeuwvlok.shell.toolset.eza; +in { + options.sneeuwvlok.shell.toolset.eza = { enable = mkEnableOption "system-monitor"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ eza ]; + home.packages = with pkgs; [eza]; programs.eza = { enable = true; diff --git a/modules/home/shell/toolset/fzf/default.nix b/modules/home/shell/toolset/fzf/default.nix index e2f0313..7e0706b 100644 --- a/modules/home/shell/toolset/fzf/default.nix +++ b/modules/home/shell/toolset/fzf/default.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.fzf; -in -{ - options.${namespace}.shell.toolset.fzf = { + cfg = config.sneeuwvlok.shell.toolset.fzf; +in { + options.sneeuwvlok.shell.toolset.fzf = { enable = mkEnableOption "TUI Fuzzy Finder."; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ fzf ]; + home.packages = with pkgs; [fzf]; programs.fzf = { enable = true; diff --git a/modules/home/shell/toolset/git/default.nix b/modules/home/shell/toolset/git/default.nix index dd138c8..9f42376 100644 --- a/modules/home/shell/toolset/git/default.nix +++ b/modules/home/shell/toolset/git/default.nix @@ -7,9 +7,9 @@ }: let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.shell.toolset.git; + cfg = config.sneeuwvlok.shell.toolset.git; in { - options.${namespace}.shell.toolset.git = { + options.sneeuwvlok.shell.toolset.git = { enable = mkEnableOption "version-control system"; }; diff --git a/modules/home/shell/toolset/gnugpg/default.nix b/modules/home/shell/toolset/gnugpg/default.nix index 8b6ae38..8340ba4 100644 --- a/modules/home/shell/toolset/gnugpg/default.nix +++ b/modules/home/shell/toolset/gnugpg/default.nix @@ -1,11 +1,15 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.gnupg; -in -{ - options.${namespace}.shell.toolset.gnupg = { + cfg = config.sneeuwvlok.shell.toolset.gnupg; +in { + options.sneeuwvlok.shell.toolset.gnupg = { enable = mkEnableOption "cryptographic suite"; }; diff --git a/modules/home/shell/toolset/just/default.nix b/modules/home/shell/toolset/just/default.nix index e956b2a..983b5d6 100644 --- a/modules/home/shell/toolset/just/default.nix +++ b/modules/home/shell/toolset/just/default.nix @@ -1,15 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.shell.toolset.just; -in -{ - options.${namespace}.shell.toolset.just = { + cfg = config.sneeuwvlok.shell.toolset.just; +in { + options.sneeuwvlok.shell.toolset.just = { enable = mkEnableOption "version-control system"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ just gum ]; + home.packages = with pkgs; [just gum]; }; } diff --git a/modules/home/shell/toolset/starship/default.nix b/modules/home/shell/toolset/starship/default.nix index 28d57f7..9c52947 100644 --- a/modules/home/shell/toolset/starship/default.nix +++ b/modules/home/shell/toolset/starship/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.starship; + cfg = config.sneeuwvlok.shell.toolset.starship; in { - options.${namespace}.shell.toolset.starship = { + options.sneeuwvlok.shell.toolset.starship = { enable = mkEnableOption "fancy pansy shell prompt"; }; diff --git a/modules/home/shell/toolset/tmux/default.nix b/modules/home/shell/toolset/tmux/default.nix index ed14ba6..95c54d4 100644 --- a/modules/home/shell/toolset/tmux/default.nix +++ b/modules/home/shell/toolset/tmux/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.tmux; + cfg = config.sneeuwvlok.shell.toolset.tmux; in { - options.${namespace}.shell.toolset.tmux = { + options.sneeuwvlok.shell.toolset.tmux = { enable = mkEnableOption "terminal multiplexer"; }; diff --git a/modules/home/shell/toolset/yazi/default.nix b/modules/home/shell/toolset/yazi/default.nix index 37138a0..4c5f2f5 100644 --- a/modules/home/shell/toolset/yazi/default.nix +++ b/modules/home/shell/toolset/yazi/default.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.yazi; -in -{ - options.${namespace}.shell.toolset.yazi = { + cfg = config.sneeuwvlok.shell.toolset.yazi; +in { + options.sneeuwvlok.shell.toolset.yazi = { enable = mkEnableOption "cli file browser"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ yazi ]; + home.packages = with pkgs; [yazi]; programs.yazi = { enable = true; diff --git a/modules/home/shell/toolset/zellij/default.nix b/modules/home/shell/toolset/zellij/default.nix index db5b7bd..fb366e1 100644 --- a/modules/home/shell/toolset/zellij/default.nix +++ b/modules/home/shell/toolset/zellij/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.zellij; + cfg = config.sneeuwvlok.shell.toolset.zellij; in { - options.${namespace}.shell.toolset.zellij = { + options.sneeuwvlok.shell.toolset.zellij = { enable = mkEnableOption "terminal multiplexer"; }; diff --git a/modules/home/shell/toolset/zoxide/default.nix b/modules/home/shell/toolset/zoxide/default.nix index 5b8acb6..53a1f35 100644 --- a/modules/home/shell/toolset/zoxide/default.nix +++ b/modules/home/shell/toolset/zoxide/default.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.zoxide; -in -{ - options.${namespace}.shell.toolset.zoxide = { + cfg = config.sneeuwvlok.shell.toolset.zoxide; +in { + options.sneeuwvlok.shell.toolset.zoxide = { enable = mkEnableOption "cd replacement"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ zoxide ]; + home.packages = with pkgs; [zoxide]; programs.zoxide = { enable = true; diff --git a/modules/home/shell/zsh/default.nix b/modules/home/shell/zsh/default.nix index b37cc4c..02dc043 100644 --- a/modules/home/shell/zsh/default.nix +++ b/modules/home/shell/zsh/default.nix @@ -2,15 +2,15 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.zsh; + cfg = config.sneeuwvlok.shell.zsh; in { - options.${namespace}.shell.zsh = { + options.sneeuwvlok.shell.zsh = { enable = mkEnableOption "enable ZSH"; }; config = mkIf cfg.enable { - # ${namespace}.shell = { + # sneeuwvlok.shell = { # zsh.enable = true; # }; diff --git a/modules/home/terminal/alacritty/default.nix b/modules/home/terminal/alacritty/default.nix index b6e5822..73468f6 100644 --- a/modules/home/terminal/alacritty/default.nix +++ b/modules/home/terminal/alacritty/default.nix @@ -1,11 +1,14 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.terminal.alacritty; -in -{ - options.${namespace}.terminal.alacritty = { + cfg = config.sneeuwvlok.terminal.alacritty; +in { + options.sneeuwvlok.terminal.alacritty = { enable = mkEnableOption "enable alacritty"; }; diff --git a/modules/home/terminal/ghostty/default.nix b/modules/home/terminal/ghostty/default.nix index 4681b53..6949df1 100644 --- a/modules/home/terminal/ghostty/default.nix +++ b/modules/home/terminal/ghostty/default.nix @@ -1,11 +1,14 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.terminal.ghostty; -in -{ - options.${namespace}.terminal.ghostty = { + cfg = config.sneeuwvlok.terminal.ghostty; +in { + options.sneeuwvlok.terminal.ghostty = { enable = mkEnableOption "enable ghostty"; }; @@ -13,10 +16,10 @@ in programs.ghostty = { enable = true; settings = { - command = config.${namespace}.defaults.shell; + command = config.sneeuwvlok.defaults.shell; background-blur-radius = 20; theme = "dark:stylix,light:stylix"; - window-theme = (config.${namespace}.themes.polarity or "dark"); + window-theme = config.sneeuwvlok.themes.polarity or "dark"; background-opacity = 0.8; minimum-contrast = 1.1; }; diff --git a/modules/home/themes/default.nix b/modules/home/themes/default.nix index d338b88..d6f8b6a 100644 --- a/modules/home/themes/default.nix +++ b/modules/home/themes/default.nix @@ -1,24 +1,30 @@ -{ config, lib, pkgs, namespace, osConfig ? {}, ... }: -let +{ + config, + lib, + pkgs, + namespace, + osConfig ? {}, + ... +}: let inherit (lib) mkIf mkDefault; inherit (lib.options) mkOption mkEnableOption; inherit (lib.types) nullOr enum; - cfg = config.${namespace}.themes; - osCfg = osConfig.${namespace}.theming; + cfg = config.sneeuwvlok.themes; + osCfg = osConfig.sneeuwvlok.theming; in { - options.${namespace}.themes = { + options.sneeuwvlok.themes = { enable = mkEnableOption "Theming (Stylix)"; theme = mkOption { - type = nullOr (enum [ "everforest" "catppuccin-latte" "chalk" ]); + type = nullOr (enum ["everforest" "catppuccin-latte" "chalk"]); default = "everforest"; description = "The theme to set the system to"; example = "everforest"; }; polarity = mkOption { - type = nullOr (enum [ "dark" "light" ]); + type = nullOr (enum ["dark" "light"]); default = "dark"; description = "determine if system is in dark or light mode"; }; @@ -33,7 +39,7 @@ in { polarity = cfg.polarity; targets.qt.platform = mkDefault "kde"; - targets.zen-browser.profileNames = [ "Chris" ]; + targets.zen-browser.profileNames = ["Chris"]; fonts = { serif = { diff --git a/modules/nixos/application/default.nix b/modules/nixos/application/default.nix deleted file mode 100644 index cd39af6..0000000 --- a/modules/nixos/application/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./steam - ]; -} diff --git a/modules/nixos/application/steam.nix b/modules/nixos/application/steam.nix new file mode 100644 index 0000000..de83987 --- /dev/null +++ b/modules/nixos/application/steam.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.application.steam; +in { + options.sneeuwvlok.application.steam = { + enable = mkEnableOption "enable steam"; + }; + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [steam]; + + programs = { + steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + extraCompatPackages = with pkgs; [ + proton-ge-bin + ]; + }; + }; + }; +} diff --git a/modules/nixos/application/steam/default.nix b/modules/nixos/application/steam/default.nix deleted file mode 100644 index 061765e..0000000 --- a/modules/nixos/application/steam/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - namespace, - ... -}: let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.application.steam; -in { - options.${namespace}.application.steam = { - enable = mkEnableOption "enable steam"; - }; - - config = mkIf cfg.enable { - # environment.systemPackages = with pkgs; [ steam ]; - - programs = { - steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - - extraCompatPackages = with pkgs; [ - proton-ge-bin - ]; - - # package = pkgs.steam.override { - # extraEnv = { - # DXVK_HUD = "compiler"; - # MANGOHUD = true; - # }; - # }; - - # gamescopeSession = { - # enable = true; - # args = ["--immediate-flips"]; - # }; - }; - - # https://github.com/FeralInteractive/gamemode - # gamemode = { - # enable = true; - # enableRenice = true; - # settings = {}; - # }; - - # gamescope = { - # enable = true; - # capSysNice = true; - # env = { - # DXVK_HDR = "1"; - # ENABLE_GAMESCOPE_WSI = "1"; - # WINE_FULLSCREEN_FSR = "1"; - # WLR_RENDERER = "vulkan"; - # }; - # args = ["--hdr-enabled"]; - # }; - }; - }; -} diff --git a/modules/nixos/boot/default.nix b/modules/nixos/boot/default.nix index 1f844d1..87df4d9 100644 --- a/modules/nixos/boot/default.nix +++ b/modules/nixos/boot/default.nix @@ -1,14 +1,18 @@ -{ lib, namespace, config, pkgs, ... }: -let +{ + lib, + namespace, + config, + pkgs, + ... +}: let inherit (lib) mkIf mkMerge mkDefault mkOption; inherit (lib.types) enum bool; - cfg = config.${namespace}.boot; -in -{ - options.${namespace}.boot = { + cfg = config.sneeuwvlok.boot; +in { + options.sneeuwvlok.boot = { type = mkOption { - type = enum [ "bios" "uefi" ]; + type = enum ["bios" "uefi"]; default = "uefi"; }; @@ -24,7 +28,7 @@ in }; config = mkMerge [ - ({ + { boot = { kernelPackages = pkgs.linuxPackages_latest; @@ -39,9 +43,9 @@ in }; }; - supportedFilesystems = [ "nfs" ]; + supportedFilesystems = ["nfs"]; }; - }) + } (mkIf (cfg.type == "bios") { boot.loader.grub.efiSupport = false; @@ -87,7 +91,7 @@ in theme = mkDefault "pixels"; themePackages = with pkgs; [ (adi1090x-plymouth-themes.override { - selected_themes = [ "pixels" ]; + selected_themes = ["pixels"]; }) ]; }; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 1a2c686..9ebbe7b 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,14 +1,15 @@ { imports = [ - ./application - ./boot - ./desktop - ./editor - ./hardware - ./home-manager - ./nix + ./application/steam.nix + ./boot/default.nix + ./editor/nano/default.nix + ./editor/nvim/default.nix + ./hardware/audio/default.nix + ./home-manager/default.nix ./services - ./shells - ./system + ./system/networking + ./system/security/boot + ./system/security/sops + ./system/security/sudo ]; } diff --git a/modules/nixos/desktop/cosmic/default.nix b/modules/nixos/desktop/cosmic/default.nix index cba6955..c4531ba 100644 --- a/modules/nixos/desktop/cosmic/default.nix +++ b/modules/nixos/desktop/cosmic/default.nix @@ -7,13 +7,13 @@ }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.desktop.cosmic; + cfg = config.sneeuwvlok.desktop.cosmic; in { - options.${namespace}.desktop.cosmic = { + options.sneeuwvlok.desktop.cosmic = { enable = mkEnableOption "Enable Cosmic desktop" // { - default = config.${namespace}.desktop.use == "cosmic"; + default = config.sneeuwvlok.desktop.use == "cosmic"; }; }; diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 03d36e6..d231d9a 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -7,7 +7,7 @@ inherit (lib) mkIf mkOption mkEnableOption mkMerge; inherit (lib.types) nullOr enum; - cfg = config.${namespace}.desktop; + cfg = config.sneeuwvlok.desktop; in { imports = [ ./cosmic @@ -16,7 +16,7 @@ in { ./plasma ]; - options.${namespace}.desktop = { + options.sneeuwvlok.desktop = { use = mkOption { type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); default = null; @@ -33,7 +33,7 @@ in { } # (mkIf (cfg.use != null) { - # ${namespace}.desktop.${cfg.use}.enable = true; + # sneeuwvlok.desktop.${cfg.use}.enable = true; # }) ]; } diff --git a/modules/nixos/desktop/gamescope/default.nix b/modules/nixos/desktop/gamescope/default.nix index 9e499be..500a3fa 100644 --- a/modules/nixos/desktop/gamescope/default.nix +++ b/modules/nixos/desktop/gamescope/default.nix @@ -1,18 +1,23 @@ -{ lib, config, namespace, ... }: -let +{ + lib, + config, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption mkForce; - cfg = config.${namespace}.desktop.gamescope; -in -{ - options.${namespace}.desktop.gamescope = { - enable = mkEnableOption "Enable Steamdeck ui" // { - default = (config.${namespace}.desktop.use == "gamescope"); - }; + cfg = config.sneeuwvlok.desktop.gamescope; +in { + options.sneeuwvlok.desktop.gamescope = { + enable = + mkEnableOption "Enable Steamdeck ui" + // { + default = config.sneeuwvlok.desktop.use == "gamescope"; + }; }; config = mkIf cfg.enable { - ${namespace}.desktop.plasma.enable = true; + sneeuwvlok.desktop.plasma.enable = true; services.displayManager.sddm.enable = mkForce false; services.displayManager.gdm.enable = mkForce false; diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix index 979587f..ad1eac4 100644 --- a/modules/nixos/desktop/gnome/default.nix +++ b/modules/nixos/desktop/gnome/default.nix @@ -1,16 +1,22 @@ -{ lib, config, namespace, ... }: -let +{ + lib, + config, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.desktop.gnome; -in -{ - options.${namespace}.desktop.gnome = { - enable = mkEnableOption "Enable Gnome" // { - default = (config.${namespace}.desktop.use == "gnome"); - }; + cfg = config.sneeuwvlok.desktop.gnome; +in { + options.sneeuwvlok.desktop.gnome = { + enable = + mkEnableOption "Enable Gnome" + // { + default = config.sneeuwvlok.desktop.use == "gnome"; + }; }; - config = mkIf cfg.enable { - }; + config = + mkIf cfg.enable { + }; } diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma/default.nix index aa1e497..0c0ea58 100644 --- a/modules/nixos/desktop/plasma/default.nix +++ b/modules/nixos/desktop/plasma/default.nix @@ -1,14 +1,20 @@ -{ pkgs, lib, config, namespace, ... }: -let +{ + pkgs, + lib, + config, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.desktop.plasma; -in -{ - options.${namespace}.desktop.plasma = { - enable = mkEnableOption "Enable KDE Plasma" // { - default = (config.${namespace}.desktop.use == "plasma"); - }; + cfg = config.sneeuwvlok.desktop.plasma; +in { + options.sneeuwvlok.desktop.plasma = { + enable = + mkEnableOption "Enable KDE Plasma" + // { + default = config.sneeuwvlok.desktop.use == "plasma"; + }; }; config = mkIf cfg.enable { diff --git a/modules/nixos/editor/nano/default.nix b/modules/nixos/editor/nano/default.nix index 1cb7ff1..6d89c72 100644 --- a/modules/nixos/editor/nano/default.nix +++ b/modules/nixos/editor/nano/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.editor.nano; + cfg = config.sneeuwvlok.editor.nano; in { - options.${namespace}.editor.nano = { + options.sneeuwvlok.editor.nano = { enable = mkEnableOption "nano"; }; diff --git a/modules/nixos/editor/nvim/default.nix b/modules/nixos/editor/nvim/default.nix index fb3bc56..624c7c1 100644 --- a/modules/nixos/editor/nvim/default.nix +++ b/modules/nixos/editor/nvim/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.editor.nvim; + cfg = config.sneeuwvlok.editor.nvim; in { - options.${namespace}.editor.nvim = { + options.sneeuwvlok.editor.nvim = { enable = mkEnableOption "enable nvim via nvf on system level"; }; diff --git a/modules/nixos/hardware/audio/default.nix b/modules/nixos/hardware/audio/default.nix index d3f340f..ca01562 100644 --- a/modules/nixos/hardware/audio/default.nix +++ b/modules/nixos/hardware/audio/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.has.audio; + cfg = config.sneeuwvlok.hardware.has.audio; in { - options.${namespace}.hardware.has.audio = mkEnableOption "Enable bluetooth"; + options.sneeuwvlok.hardware.has.audio = mkEnableOption "Enable bluetooth"; config = mkIf cfg { environment.systemPackages = with pkgs; [ diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index 98fc678..8fbf999 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.has.bluetooth; + cfg = config.sneeuwvlok.hardware.has.bluetooth; in { - options.${namespace}.hardware.has.bluetooth = mkEnableOption "Enable bluetooth"; + options.sneeuwvlok.hardware.has.bluetooth = mkEnableOption "Enable bluetooth"; config = mkIf cfg { hardware.bluetooth = { diff --git a/modules/nixos/hardware/gpu/amd/default.nix b/modules/nixos/hardware/gpu/amd/default.nix index cdc9d1e..e1da9e8 100644 --- a/modules/nixos/hardware/gpu/amd/default.nix +++ b/modules/nixos/hardware/gpu/amd/default.nix @@ -1,14 +1,18 @@ -{ pkgs, lib, namespace, config, ... }: -let +{ + pkgs, + lib, + namespace, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.has.gpu; -in -{ - options.${namespace}.hardware.has.gpu.amd = mkEnableOption "Enable AMD gpu configuration"; + cfg = config.sneeuwvlok.hardware.has.gpu; +in { + options.sneeuwvlok.hardware.has.gpu.amd = mkEnableOption "Enable AMD gpu configuration"; config = mkIf cfg.amd { - services.xserver.videoDrivers = [ "amd" ]; + services.xserver.videoDrivers = ["amd"]; hardware = { graphics = { diff --git a/modules/nixos/hardware/gpu/nvidia.nix b/modules/nixos/hardware/gpu/nvidia.nix index e8ac542..b0296ca 100644 --- a/modules/nixos/hardware/gpu/nvidia.nix +++ b/modules/nixos/hardware/gpu/nvidia.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.has.gpu.nvidia; + cfg = config.sneeuwvlok.hardware.has.gpu.nvidia; in { - options.${namespace}.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; + options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; config = mkIf cfg { services.xserver.videoDrivers = [ "nvidia" ]; diff --git a/modules/nixos/hardware/gpu/nvidia/default.nix b/modules/nixos/hardware/gpu/nvidia/default.nix index ab7c087..48c5a54 100644 --- a/modules/nixos/hardware/gpu/nvidia/default.nix +++ b/modules/nixos/hardware/gpu/nvidia/default.nix @@ -1,14 +1,18 @@ -{ pkgs, lib, namespace, config, ... }: -let +{ + pkgs, + lib, + namespace, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.has.gpu; -in -{ - options.${namespace}.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; + cfg = config.sneeuwvlok.hardware.has.gpu; +in { + options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; config = mkIf cfg.nvidia { - services.xserver.videoDrivers = [ "nvidia" ]; + services.xserver.videoDrivers = ["nvidia"]; hardware = { graphics = { diff --git a/modules/nixos/hardware/keyboard/voyager.nix b/modules/nixos/hardware/keyboard/voyager.nix index fd470f8..e97b7da 100644 --- a/modules/nixos/hardware/keyboard/voyager.nix +++ b/modules/nixos/hardware/keyboard/voyager.nix @@ -1,11 +1,15 @@ -{ lib, config, pkgs, namespace, ... }: -let +{ + lib, + config, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.keyboard.voyager; -in -{ - options.${namespace}.hardware.keyboard.voyager = { + cfg = config.sneeuwvlok.hardware.keyboard.voyager; +in { + options.sneeuwvlok.hardware.keyboard.voyager = { enble = mkEnableOption "Enable tools for ZSA Voyager"; }; diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index bf96f59..24db3dc 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -1,9 +1,13 @@ -{ pkgs, lib, namespace, config, ... }: -let - cfg = config.${namespace}.nix; -in { - options.${namespace}.nix = {}; + pkgs, + lib, + namespace, + config, + ... +}: let + cfg = config.sneeuwvlok.nix; +in { + options.sneeuwvlok.nix = {}; config = { programs.git.enable = true; @@ -14,9 +18,9 @@ in extraOptions = "experimental-features = nix-command flakes pipe-operators"; settings = { - experimental-features = [ "nix-command" "flakes" "pipe-operators" ]; - allowed-users = [ "@wheel" ]; - trusted-users = [ "@wheel" ]; + experimental-features = ["nix-command" "flakes" "pipe-operators"]; + allowed-users = ["@wheel"]; + trusted-users = ["@wheel"]; auto-optimise-store = true; connect-timeout = 5; diff --git a/modules/nixos/services/authentication/authelia/default.nix b/modules/nixos/services/authentication/authelia/default.nix index 7aea103..8121ad8 100644 --- a/modules/nixos/services/authentication/authelia/default.nix +++ b/modules/nixos/services/authentication/authelia/default.nix @@ -8,14 +8,14 @@ inherit (lib) mkIf mkEnableOption; user = "authelia-testing"; - cfg = config.${namespace}.services.authentication.authelia; + cfg = config.sneeuwvlok.services.authentication.authelia; in { - options.${namespace}.services.authentication.authelia = { + options.sneeuwvlok.services.authentication.authelia = { enable = mkEnableOption "Authelia"; }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy = { + sneeuwvlok.services.networking.caddy = { hosts = { "auth.kruining.eu".extraConfig = '' reverse_proxy http://127.0.0.1:9091 diff --git a/modules/nixos/services/authentication/himmelblau/default.nix b/modules/nixos/services/authentication/himmelblau/default.nix index 228fea0..f30a079 100644 --- a/modules/nixos/services/authentication/himmelblau/default.nix +++ b/modules/nixos/services/authentication/himmelblau/default.nix @@ -6,9 +6,9 @@ }: let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.services.authentication.himmelblau; + cfg = config.sneeuwvlok.services.authentication.himmelblau; in { - options.${namespace}.services.authentication.himmelblau = { + options.sneeuwvlok.services.authentication.himmelblau = { enable = mkEnableOption "enable azure entra ID authentication"; }; diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index ff95e79..8168a5a 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -3,12 +3,12 @@ let inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; inherit (sneeuwvlokLib.strings) toSnakeCase; - cfg = config.${namespace}.services.authentication.zitadel; + cfg = config.sneeuwvlok.services.authentication.zitadel; database = "zitadel"; in { - options.${namespace}.services.authentication.zitadel = { + options.sneeuwvlok.services.authentication.zitadel = { enable = mkEnableOption "Zitadel"; organization = mkOption { @@ -537,7 +537,7 @@ in }; in mkIf cfg.enable { - ${namespace}.services = { + sneeuwvlok.services = { persistance.postgresql.enable = true; networking.caddy = { diff --git a/modules/nixos/services/backup/borg/default.nix b/modules/nixos/services/backup/borg/default.nix index 9cbbea0..f892bca 100644 --- a/modules/nixos/services/backup/borg/default.nix +++ b/modules/nixos/services/backup/borg/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.backup.borg; + cfg = config.sneeuwvlok.services.backup.borg; in { - options.${namespace}.services.backup.borg = { + options.sneeuwvlok.services.backup.borg = { enable = mkEnableOption "Borg Backup"; }; diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index d2e47b0..210835f 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -8,7 +8,7 @@ inherit (builtins) toString toJSON; inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.communication.matrix; + cfg = config.sneeuwvlok.services.communication.matrix; domain = "kruining.eu"; fqn = "matrix.${domain}"; @@ -17,12 +17,12 @@ database = "synapse"; keyFile = "/var/lib/element-call/key"; in { - options.${namespace}.services.communication.matrix = { + options.sneeuwvlok.services.communication.matrix = { enable = mkEnableOption "Matrix server (Synapse)"; }; config = mkIf cfg.enable { - ${namespace}.services = { + sneeuwvlok.services = { persistance.postgresql.enable = true; # virtualisation.podman.enable = true; diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo/default.nix index f190b0c..ae5379b 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo/default.nix @@ -8,10 +8,10 @@ inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption; - cfg = config.${namespace}.services.development.forgejo; + cfg = config.sneeuwvlok.services.development.forgejo; domain = "git.amarth.cloud"; in { - options.${namespace}.services.development.forgejo = { + options.sneeuwvlok.services.development.forgejo = { enable = mkEnableOption "Forgejo"; port = mkOption { @@ -25,7 +25,7 @@ in { }; config = mkIf cfg.enable { - ${namespace}.services = { + sneeuwvlok.services = { persistance.postgresql.enable = true; virtualisation.podman.enable = true; diff --git a/modules/nixos/services/games/minecraft/default.nix b/modules/nixos/services/games/minecraft/default.nix index 851d1da..4488833 100644 --- a/modules/nixos/services/games/minecraft/default.nix +++ b/modules/nixos/services/games/minecraft/default.nix @@ -8,9 +8,9 @@ inherit (lib) mkIf mkEnableOption mkOption; inherit (lib.types) str; - cfg = config.${namespace}.services.games.minecraft; + cfg = config.sneeuwvlok.services.games.minecraft; in { - options.${namespace}.services.games.minecraft = { + options.sneeuwvlok.services.games.minecraft = { enable = mkEnableOption "Minecraft"; user = mkOption { diff --git a/modules/nixos/services/games/openrct.nix b/modules/nixos/services/games/openrct.nix index a36f0fb..0090ffa 100644 --- a/modules/nixos/services/games/openrct.nix +++ b/modules/nixos/services/games/openrct.nix @@ -1,11 +1,15 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.games.openrct; -in -{ - options.${namespace}.services.games.openrct = { + cfg = config.sneeuwvlok.services.games.openrct; +in { + options.sneeuwvlok.services.games.openrct = { enable = mkEnableOption "OpenRCT2"; }; @@ -16,7 +20,7 @@ in systemd.services.openrct = { enable = true; - after = [ "network.target"]; + after = ["network.target"]; description = "OpenRCT2 Server"; serviceConfig = { Type = ""; diff --git a/modules/nixos/services/games/palworld/default.nix b/modules/nixos/services/games/palworld/default.nix index 152891d..e1414a4 100644 --- a/modules/nixos/services/games/palworld/default.nix +++ b/modules/nixos/services/games/palworld/default.nix @@ -6,9 +6,9 @@ }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.games.palworld; + cfg = config.sneeuwvlok.services.games.palworld; in { - options.${namespace}.services.games.palworld = { + options.sneeuwvlok.services.games.palworld = { enable = mkEnableOption "Palworld"; }; diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index 7a0d102..d2395ef 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -8,7 +8,7 @@ inherit (lib) mkIf mkEnableOption mkOption; inherit (lib.types) str; - cfg = config.${namespace}.services.media; + cfg = config.sneeuwvlok.services.media; in { imports = [ ./glance @@ -19,7 +19,7 @@ in { ./servarr ]; - options.${namespace}.services.media = { + options.sneeuwvlok.services.media = { enable = mkEnableOption "Enable media services"; user = mkOption { diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix index b042297..0e94a21 100644 --- a/modules/nixos/services/media/glance/default.nix +++ b/modules/nixos/services/media/glance/default.nix @@ -6,14 +6,14 @@ }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.media.glance; + cfg = config.sneeuwvlok.services.media.glance; in { - options.${namespace}.services.media.glance = { + options.sneeuwvlok.services.media.glance = { enable = mkEnableOption "Enable Glance"; }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy.hosts = { + sneeuwvlok.services.networking.caddy.hosts = { "https://${config.networking.hostName}:443" = '' reverse_proxy http://[::1]:2000 ''; diff --git a/modules/nixos/services/media/jellyfin/default.nix b/modules/nixos/services/media/jellyfin/default.nix index e129cc4..2f8d43f 100644 --- a/modules/nixos/services/media/jellyfin/default.nix +++ b/modules/nixos/services/media/jellyfin/default.nix @@ -9,14 +9,14 @@ inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types; - cfg = config.${namespace}.services.media.jellyfin; + cfg = config.sneeuwvlok.services.media.jellyfin; in { - options.${namespace}.services.media.jellyfin = { + options.sneeuwvlok.services.media.jellyfin = { enable = mkEnableOption "Enable jellyfin server"; }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy = { + sneeuwvlok.services.networking.caddy = { hosts = { "jellyfin.kruining.eu" = '' reverse_proxy http://[::1]:8096 diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix index 3f2008a..9bfa87d 100644 --- a/modules/nixos/services/media/mydia/default.nix +++ b/modules/nixos/services/media/mydia/default.nix @@ -6,9 +6,9 @@ }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.media.mydia; + cfg = config.sneeuwvlok.services.media.mydia; in { - options.${namespace}.services.media.mydia = { + options.sneeuwvlok.services.media.mydia = { enable = mkEnableOption "Enable Mydia"; }; diff --git a/modules/nixos/services/media/nextcloud/default.nix b/modules/nixos/services/media/nextcloud/default.nix index 06904c6..9a66fe1 100644 --- a/modules/nixos/services/media/nextcloud/default.nix +++ b/modules/nixos/services/media/nextcloud/default.nix @@ -8,9 +8,9 @@ inherit (lib) mkIf mkEnableOption mkOption; inherit (lib.types) str; - cfg = config.${namespace}.services.media.nextcloud; + cfg = config.sneeuwvlok.services.media.nextcloud; in { - options.${namespace}.services.media.nextcloud = { + options.sneeuwvlok.services.media.nextcloud = { enable = mkEnableOption "Nextcloud"; user = mkOption { @@ -25,7 +25,7 @@ in { }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy = { + sneeuwvlok.services.networking.caddy = { hosts."cloud.kruining.eu" = '' php_fastcgi unix//run/phpfpm/nextcloud.sock { env front_controller_active true diff --git a/modules/nixos/services/media/nfs/default.nix b/modules/nixos/services/media/nfs/default.nix index 54b58e7..efea82c 100644 --- a/modules/nixos/services/media/nfs/default.nix +++ b/modules/nixos/services/media/nfs/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.media.nfs; + cfg = config.sneeuwvlok.services.media.nfs; in { - options.${namespace}.services.media.nfs = { + options.sneeuwvlok.services.media.nfs = { enable = mkEnableOption "Enable NFS"; }; diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 0b75d22..8f3e5db 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -9,11 +9,11 @@ inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types; - cfg = config.${namespace}.services.media.servarr; + cfg = config.sneeuwvlok.services.media.servarr; servarr = import ./lib.nix {inherit lib;}; anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0); in { - options.${namespace}.services.media = { + options.sneeuwvlok.services.media = { servarr = mkOption { type = types.attrsOf (types.submodule ({name, ...}: { options = { diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix index 2d28435..f2ee8fd 100644 --- a/modules/nixos/services/networking/caddy/default.nix +++ b/modules/nixos/services/networking/caddy/default.nix @@ -8,14 +8,14 @@ inherit (builtins) length; inherit (lib) mkIf mkEnableOption mkOption types attrNames mapAttrs; - cfg = config.${namespace}.services.networking.caddy; + cfg = config.sneeuwvlok.services.networking.caddy; hasHosts = (cfg.hosts |> attrNames |> length) > 0; caddyPackage = pkgs.caddy.withPlugins { plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs="; }; in { - options.${namespace}.services.networking.caddy = { + options.sneeuwvlok.services.networking.caddy = { enable = mkEnableOption "enable caddy" // {default = true;}; hosts = mkOption { diff --git a/modules/nixos/services/networking/ssh/default.nix b/modules/nixos/services/networking/ssh/default.nix index 5ebdfd2..e0442d7 100644 --- a/modules/nixos/services/networking/ssh/default.nix +++ b/modules/nixos/services/networking/ssh/default.nix @@ -1,12 +1,15 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + namespace, + ... +}: let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; - cfg = config.${namespace}.services.networking.ssh; -in -{ - options.${namespace}.services.networking.ssh = { + cfg = config.sneeuwvlok.services.networking.ssh; +in { + options.sneeuwvlok.services.networking.ssh = { enable = mkEnableOption "enable ssh"; }; @@ -14,10 +17,10 @@ in services.openssh = { enable = true; openFirewall = true; - ports = [ 22 ]; + ports = [22]; settings = { PasswordAuthentication = true; - AllowUsers = [ "chris" "root" ]; + AllowUsers = ["chris" "root"]; UseDns = true; UsePAM = true; PermitRootLogin = "prohibit-password"; diff --git a/modules/nixos/services/networking/wireguard/default.nix b/modules/nixos/services/networking/wireguard/default.nix index 0cf5320..bf22a53 100644 --- a/modules/nixos/services/networking/wireguard/default.nix +++ b/modules/nixos/services/networking/wireguard/default.nix @@ -8,10 +8,10 @@ inherit (builtins) length; inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs; - cfg = config.${namespace}.services.networking.wireguard; + cfg = config.sneeuwvlok.services.networking.wireguard; hasPeers = (cfg.peer |> attrNames |> length) > 0; in { - options.${namespace}.services.networking.wireguard = { + options.sneeuwvlok.services.networking.wireguard = { # enable = mkEnableOption "enable wireguard" // {default = true;}; peer = mkOption { diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index a867351..40fdc38 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -8,12 +8,12 @@ inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; - cfg = config.${namespace}.services.observability.grafana; + cfg = config.sneeuwvlok.services.observability.grafana; db_user = "grafana"; db_name = "grafana"; in { - options.${namespace}.services.observability.grafana = { + options.sneeuwvlok.services.observability.grafana = { enable = mkEnableOption "enable Grafana"; }; diff --git a/modules/nixos/services/observability/loki/default.nix b/modules/nixos/services/observability/loki/default.nix index d4774ac..abe42ca 100644 --- a/modules/nixos/services/observability/loki/default.nix +++ b/modules/nixos/services/observability/loki/default.nix @@ -1,12 +1,16 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + namespace, + ... +}: let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; - cfg = config.${namespace}.services.observability.loki; -in -{ - options.${namespace}.services.observability.loki = { + cfg = config.sneeuwvlok.services.observability.loki; +in { + options.sneeuwvlok.services.observability.loki = { enable = mkEnableOption "enable Grafana Loki"; }; @@ -44,6 +48,6 @@ in }; }; - networking.firewall.allowedTCPPorts = [ 9003 ]; + networking.firewall.allowedTCPPorts = [9003]; }; } diff --git a/modules/nixos/services/observability/prometheus/default.nix b/modules/nixos/services/observability/prometheus/default.nix index af5ee9d..191d7c1 100644 --- a/modules/nixos/services/observability/prometheus/default.nix +++ b/modules/nixos/services/observability/prometheus/default.nix @@ -3,10 +3,10 @@ let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.observability.prometheus; + cfg = config.sneeuwvlok.services.observability.prometheus; in { - options.${namespace}.services.observability.prometheus = { + options.sneeuwvlok.services.observability.prometheus = { enable = mkEnableOption "enable Prometheus"; }; diff --git a/modules/nixos/services/observability/promtail/default.nix b/modules/nixos/services/observability/promtail/default.nix index 38dbbab..80bac51 100644 --- a/modules/nixos/services/observability/promtail/default.nix +++ b/modules/nixos/services/observability/promtail/default.nix @@ -8,9 +8,9 @@ inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; - cfg = config.${namespace}.services.observability.promtail; + cfg = config.sneeuwvlok.services.observability.promtail; in { - options.${namespace}.services.observability.promtail = { + options.sneeuwvlok.services.observability.promtail = { enable = mkEnableOption "enable Grafana Promtail"; }; diff --git a/modules/nixos/services/observability/uptime-kuma/default.nix b/modules/nixos/services/observability/uptime-kuma/default.nix index c23977b..619da55 100644 --- a/modules/nixos/services/observability/uptime-kuma/default.nix +++ b/modules/nixos/services/observability/uptime-kuma/default.nix @@ -1,12 +1,16 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + namespace, + ... +}: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.observability.uptime-kuma; -in -{ - options.${namespace}.services.observability.uptime-kuma = { + cfg = config.sneeuwvlok.services.observability.uptime-kuma; +in { + options.sneeuwvlok.services.observability.uptime-kuma = { enable = mkEnableOption "enable uptime kuma"; }; @@ -19,7 +23,7 @@ in HOST = "0.0.0.0"; }; }; - - networking.firewall.allowedTCPPorts = [ 9006 ]; + + networking.firewall.allowedTCPPorts = [9006]; }; } diff --git a/modules/nixos/services/persistance/postgesql/default.nix b/modules/nixos/services/persistance/postgesql/default.nix index 403c07c..7d06daa 100644 --- a/modules/nixos/services/persistance/postgesql/default.nix +++ b/modules/nixos/services/persistance/postgesql/default.nix @@ -7,9 +7,9 @@ }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.persistance.postgresql; + cfg = config.sneeuwvlok.services.persistance.postgresql; in { - options.${namespace}.services.persistance.postgresql = { + options.sneeuwvlok.services.persistance.postgresql = { enable = mkEnableOption "Postgresql"; }; diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden/default.nix index c3b75b2..9fa4687 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden/default.nix @@ -10,7 +10,7 @@ inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep; - cfg = config.${namespace}.services.security.vaultwarden; + cfg = config.sneeuwvlok.services.security.vaultwarden; databaseProviderSqlite = types.submodule ({...}: { options = { @@ -78,7 +78,7 @@ // (urlOptions |> getAttrs ["protocol" "host" "port"]); }); in { - options.${namespace}.services.security.vaultwarden = { + options.sneeuwvlok.services.security.vaultwarden = { enable = mkEnableOption "enable vaultwarden"; database = mkOption { @@ -93,7 +93,7 @@ in { }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy.hosts = { + sneeuwvlok.services.networking.caddy.hosts = { "vault.kruining.eu" = '' encode zstd gzip diff --git a/modules/nixos/services/virtualisation/podman/default.nix b/modules/nixos/services/virtualisation/podman/default.nix index 0faf8ce..c827677 100644 --- a/modules/nixos/services/virtualisation/podman/default.nix +++ b/modules/nixos/services/virtualisation/podman/default.nix @@ -1,11 +1,16 @@ -{ config, options, lib, pkgs, namespace, ... }: -let +{ + config, + options, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.virtualisation.podman; -in -{ - options.${namespace}.services.virtualisation.podman = { + cfg = config.sneeuwvlok.services.virtualisation.podman; +in { + options.sneeuwvlok.services.virtualisation.podman = { enable = mkEnableOption "enable podman"; }; diff --git a/modules/nixos/shells/default.nix b/modules/nixos/shells/default.nix deleted file mode 100644 index ea8f50d..0000000 --- a/modules/nixos/shells/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -{...}: { -} diff --git a/modules/nixos/shells/zsh/default.nix b/modules/nixos/shells/zsh/default.nix index 399e7dd..1d9adb7 100644 --- a/modules/nixos/shells/zsh/default.nix +++ b/modules/nixos/shells/zsh/default.nix @@ -1,11 +1,16 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + namespace, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.zsh; -in -{ - options.${namespace}.shell.zsh = { + cfg = config.sneeuwvlok.shell.zsh; +in { + options.sneeuwvlok.shell.zsh = { enable = mkEnableOption "enable zsh shell"; }; diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix deleted file mode 100644 index 4abcf82..0000000 --- a/modules/nixos/system/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./networking - ./security - ]; -} diff --git a/modules/nixos/system/networking/default.nix b/modules/nixos/system/networking/default.nix index c61a81b..ab8842c 100644 --- a/modules/nixos/system/networking/default.nix +++ b/modules/nixos/system/networking/default.nix @@ -2,10 +2,10 @@ let inherit (lib) mkDefault; - cfg = config.${namespace}.system.networking; + cfg = config.sneeuwvlok.system.networking; in { - options.${namespace}.system.networking = {}; + options.sneeuwvlok.system.networking = {}; config = { systemd.services.NetworkManager-wait-online.enable = false; diff --git a/modules/nixos/system/security/boot/default.nix b/modules/nixos/system/security/boot/default.nix index ccf1f83..f911a7a 100644 --- a/modules/nixos/system/security/boot/default.nix +++ b/modules/nixos/system/security/boot/default.nix @@ -1,13 +1,16 @@ -{ config, namespace, inputs, ... }: -let - cfg = config.${namespace}.system.security.boot; -in { - options.${namespace}.system.security.boot = {}; + config, + namespace, + inputs, + ... +}: let + cfg = config.sneeuwvlok.system.security.boot; +in { + options.sneeuwvlok.system.security.boot = {}; config = { boot = { - kernelModules = [ "tcp_bbr" ]; + kernelModules = ["tcp_bbr"]; kernel.sysctl = { ## TCP hardening # Prevent bogus ICMP errors from filling up logs. @@ -43,4 +46,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/nixos/system/security/default.nix b/modules/nixos/system/security/default.nix index 17d34f9..0b440b0 100644 --- a/modules/nixos/system/security/default.nix +++ b/modules/nixos/system/security/default.nix @@ -1,29 +1,28 @@ -{ config, namespace, inputs, ... }: -let - cfg = config.${namespace}.system.security; -in -{ - imports = [ - ./boot - ./sops - ./sudo - ]; +{...}: { + flake.modules.nixos.sneeuwvlok.system.security = { + config, + namespace, + inputs, + ... + }: let + cfg = config.sneeuwvlok.system.security; + in { + options.sneeuwvlok.system.security = {}; - options.${namespace}.system.security = {}; + config = { + security = { + acme.acceptTerms = true; + polkit.enable = true; - config = { - security = { - acme.acceptTerms = true; - polkit.enable = true; - - pam = { - u2f = { - enable = true; - settings.cue = true; + pam = { + u2f = { + enable = true; + settings.cue = true; + }; }; }; - }; - programs.gnupg.agent.enable = true; + programs.gnupg.agent.enable = true; + }; }; } diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix index 1583104..caef7be 100644 --- a/modules/nixos/system/security/sops/default.nix +++ b/modules/nixos/system/security/sops/default.nix @@ -1,12 +1,16 @@ -{ pkgs, config, namespace, repoRoot, ... }: -let - cfg = config.${namespace}.system.security.sops; -in { - options.${namespace}.system.security.sops = {}; + pkgs, + config, + namespace, + repoRoot, + ... +}: let + cfg = config.sneeuwvlok.system.security.sops; +in { + options.sneeuwvlok.system.security.sops = {}; config = { - environment.systemPackages = with pkgs; [ sops ]; + environment.systemPackages = with pkgs; [sops]; sops = { defaultSopsFormat = "yaml"; diff --git a/modules/nixos/system/security/sudo/default.nix b/modules/nixos/system/security/sudo/default.nix index b79efbc..11f99d2 100644 --- a/modules/nixos/system/security/sudo/default.nix +++ b/modules/nixos/system/security/sudo/default.nix @@ -1,9 +1,9 @@ { config, namespace, ... }: let - cfg = config.${namespace}.system.security.sudo; + cfg = config.sneeuwvlok.system.security.sudo; in { - options.${namespace}.system.security.sudo = {}; + options.sneeuwvlok.system.security.sudo = {}; config = { security = { diff --git a/packages/default.nix b/packages/default.nix deleted file mode 100644 index 11752d1..0000000 --- a/packages/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - mkPkgs, - ... -}: { - imports = [ - ./studio - ./vaultwarden - ]; - - perSystem = {system, ...}: let - pkgs = mkPkgs system; - in { - _module.args.pkgs = pkgs; - - clan.pkgs = pkgs; - }; - - flake.overlays.default = lib.composeManyExtensions [ - config.flake.overlays."package/studio" - config.flake.overlays."package/vaultwarden" - ]; -} diff --git a/packages/flake-module.nix b/packages/flake-module.nix new file mode 100644 index 0000000..c6a1225 --- /dev/null +++ b/packages/flake-module.nix @@ -0,0 +1,14 @@ +{inputs, ...}: { + imports = []; + + perSystem = { + system, + pkgs, + ... + }: { + packages = { + studio = pkgs.callPackage ./studio {erosanix = inputs.erosanix.lib.${system};}; + vaultwarden = pkgs.callPackage ./vaultwarden {}; + }; + }; +} diff --git a/packages/studio/default.nix b/packages/studio/default.nix index cfd99fe..10ae62c 100644 --- a/packages/studio/default.nix +++ b/packages/studio/default.nix @@ -1,16 +1,100 @@ -{inputs, lib, ...}: { - perSystem = {pkgs, system, ...}: { - packages = lib.optionalAttrs (system == "x86_64-linux") { - studio = pkgs.callPackage ./package.nix { - erosanixLib = inputs.erosanix.lib; - }; - }; - }; +{ + pkgs, + erosanix, +}: let + inherit (builtins) fetchurl replaceStrings; + inherit (pkgs) makeDesktopItem copyDesktopItems wineWow64Packages; + inherit (erosanix) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons; - flake.overlays."package/studio" = final: _prev: - lib.optionalAttrs (final.stdenv.hostPlatform.system == "x86_64-linux") { - studio = final.callPackage ./package.nix { - erosanixLib = inputs.erosanix.lib; - }; + wine = wineWow64Packages.base; +in + mkWindowsAppNoCC rec { + inherit wine; + + pname = "studio"; + version = "2.25.12"; + + src = fetchurl { + url = "https://studio.download.bricklink.info/Studio2.0+EarlyAccess/Archive/2.25.12_1/Studio+2.0+EarlyAccess.exe"; + sha256 = "sha256:1xl3zvzkzr64zphk7rnpfx3whhbaykzw06m3nd5dc12r2p4sdh3v"; }; -} + + enableMonoBootPrompt = false; + dontUnpack = true; + + wineArch = "win64"; + enableInstallNotification = true; + + fileMap = { + "$HOME/.config/${pname}/Stud.io" = "drive_c/users/$USER/AppData/Local/Stud.io"; + "$HOME/.config/${pname}/Bricklink" = "drive_c/users/$USER/AppData/LocalLow/Bricklink"; + }; + + fileMapDuringAppInstall = false; + + persistRegistry = false; + persistRuntimeLayer = true; + inputHashMethod = "version"; + + enableVulkan = false; + rendererOverride = null; + + enableHUD = false; + + enabledWineSymlinks = {}; + graphicsDriver = "auto"; + inhibitIdle = false; + + nativeBuildInputs = [copyDesktopIcons copyDesktopItems]; + + winAppInstall = replaceStrings ["\r"] [""] '' + wine64 ${src} + + wineserver -W + wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f + ''; + + winAppPreRun = replaceStrings ["\r"] [""] '' + wineserver -W + wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f + ''; + + winAppRun = replaceStrings ["\r"] [""] '' + wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS" + ''; + + winAppPostRun = ""; + installPhase = replaceStrings ["\r"] [""] '' + runHook preInstall + + ln -s $out/bin/.launcher $out/bin/${pname} + + runHook postInstall + ''; + + desktopItems = [ + (makeDesktopItem { + mimeTypes = []; + + name = pname; + exec = pname; + icon = pname; + desktopName = "Bricklink studio"; + genericName = "Lego creation app"; + categories = []; + }) + ]; + + desktopIcon = makeDesktopIcon { + name = pname; + src = ./studio.png; + }; + + meta = { + description = "App for creating lego builds"; + homepage = "https://www.bricklink.com/v3/studio/main.page"; + license = ""; + maintainers = []; + platforms = ["x86_64-linux"]; + }; + } diff --git a/packages/studio/package.nix b/packages/studio/package.nix deleted file mode 100644 index 7b40c68..0000000 --- a/packages/studio/package.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ - pkgs, - erosanixLib, -}: let - inherit (builtins) fetchurl replaceStrings; - inherit (pkgs) makeDesktopItem copyDesktopItems wineWow64Packages; - inherit (erosanixLib.x86_64-linux) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons; - - wine = wineWow64Packages.base; -in - mkWindowsAppNoCC rec { - inherit wine; - - pname = "studio"; - version = "2.25.12"; - - src = fetchurl { - url = "https://studio.download.bricklink.info/Studio2.0+EarlyAccess/Archive/2.25.12_1/Studio+2.0+EarlyAccess.exe"; - sha256 = "sha256:1xl3zvzkzr64zphk7rnpfx3whhbaykzw06m3nd5dc12r2p4sdh3v"; - }; - - enableMonoBootPrompt = false; - dontUnpack = true; - - wineArch = "win64"; - enableInstallNotification = true; - - fileMap = { - "$HOME/.config/${pname}/Stud.io" = "drive_c/users/$USER/AppData/Local/Stud.io"; - "$HOME/.config/${pname}/Bricklink" = "drive_c/users/$USER/AppData/LocalLow/Bricklink"; - }; - - fileMapDuringAppInstall = false; - - persistRegistry = false; - persistRuntimeLayer = true; - inputHashMethod = "version"; - - enableVulkan = false; - rendererOverride = null; - - enableHUD = false; - - enabledWineSymlinks = {}; - graphicsDriver = "auto"; - inhibitIdle = false; - - nativeBuildInputs = [copyDesktopIcons copyDesktopItems]; - - winAppInstall = replaceStrings ["\r"] [""] '' - wine64 ${src} - - wineserver -W - wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f - ''; - - winAppPreRun = replaceStrings ["\r"] [""] '' - wineserver -W - wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f - ''; - - winAppRun = replaceStrings ["\r"] [""] '' - wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS" - ''; - - winAppPostRun = ""; - installPhase = replaceStrings ["\r"] [""] '' - runHook preInstall - - ln -s $out/bin/.launcher $out/bin/${pname} - - runHook postInstall - ''; - - desktopItems = [ - (makeDesktopItem { - mimeTypes = []; - - name = pname; - exec = pname; - icon = pname; - desktopName = "Bricklink studio"; - genericName = "Lego creation app"; - categories = []; - }) - ]; - - desktopIcon = makeDesktopIcon { - name = pname; - src = ./studio.png; - }; - - meta = { - description = "App for creating lego builds"; - homepage = "https://www.bricklink.com/v3/studio/main.page"; - license = ""; - maintainers = []; - platforms = ["x86_64-linux"]; - }; - } diff --git a/packages/vaultwarden/default.nix b/packages/vaultwarden/default.nix index 035b6da..c4642fd 100644 --- a/packages/vaultwarden/default.nix +++ b/packages/vaultwarden/default.nix @@ -1,9 +1,28 @@ -{lib, ...}: { - perSystem = {pkgs, ...}: { - packages.vaultwarden = pkgs.callPackage ./package.nix {}; +{lib, stdenv, rustPlatform, fetchFromGitHub, openssl, pkg-config, postgresql, dbBackend ? "postgresql", ...}: +rustPlatform.buildRustPackage rec { + pname = "vaultwarden"; + version = "1.34.3"; + + src = fetchFromGitHub { + owner = "Timshel"; + repo = "vaultwarden"; + rev = "1.34.3"; + hash = "sha256-Dj0ySVRvBZ/57+UHas3VI8bi/0JBRqn0IW1Dq+405J0="; }; - flake.overlays."package/vaultwarden" = final: _prev: { - vaultwarden = final.callPackage ./package.nix {}; + cargoHash = "sha256-4sDagd2XGamBz1XvDj4ycRVJ0F+4iwHOPlj/RglNDqE="; + + env.VW_VERSION = version; + + nativeBuildInputs = [pkg-config]; + buildInputs = + [openssl] + ++ lib.optional (dbBackend == "postgresql") postgresql; + + buildFeatures = dbBackend; + + meta = with lib; { + license = licenses.agpl3Only; + mainProgram = "vaultwarden"; }; } diff --git a/packages/vaultwarden/package.nix b/packages/vaultwarden/package.nix deleted file mode 100644 index c4642fd..0000000 --- a/packages/vaultwarden/package.nix +++ /dev/null @@ -1,28 +0,0 @@ -{lib, stdenv, rustPlatform, fetchFromGitHub, openssl, pkg-config, postgresql, dbBackend ? "postgresql", ...}: -rustPlatform.buildRustPackage rec { - pname = "vaultwarden"; - version = "1.34.3"; - - src = fetchFromGitHub { - owner = "Timshel"; - repo = "vaultwarden"; - rev = "1.34.3"; - hash = "sha256-Dj0ySVRvBZ/57+UHas3VI8bi/0JBRqn0IW1Dq+405J0="; - }; - - cargoHash = "sha256-4sDagd2XGamBz1XvDj4ycRVJ0F+4iwHOPlj/RglNDqE="; - - env.VW_VERSION = version; - - nativeBuildInputs = [pkg-config]; - buildInputs = - [openssl] - ++ lib.optional (dbBackend == "postgresql") postgresql; - - buildFeatures = dbBackend; - - meta = with lib; { - license = licenses.agpl3Only; - mainProgram = "vaultwarden"; - }; -} From 97b63074f0916fa76069193a7563affa8e8c21c3 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 25 Mar 2026 16:35:07 +0100 Subject: [PATCH 04/58] Add home-manager flake module and update imports Comment out grub2-theme and nextcloud home-manager config --- flake.nix | 1 + modules/nixos/boot/default.nix | 11 ++++++----- modules/nixos/default.nix | 2 +- modules/nixos/services/media/nextcloud/default.nix | 14 +++++++------- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/flake.nix b/flake.nix index f068733..0dd4189 100644 --- a/flake.nix +++ b/flake.nix @@ -97,6 +97,7 @@ imports = with inputs; [ flake-parts.flakeModules.modules clan-core.flakeModules.default + home-manager.flakeModules.default ]; perSystem = {system, ...}: { diff --git a/modules/nixos/boot/default.nix b/modules/nixos/boot/default.nix index 87df4d9..de3303a 100644 --- a/modules/nixos/boot/default.nix +++ b/modules/nixos/boot/default.nix @@ -1,4 +1,5 @@ { + inputs, lib, namespace, config, @@ -36,11 +37,11 @@ in { systemd-boot.enable = false; grub.enable = mkDefault true; - grub2-theme = { - enable = true; - theme = "vimix"; - footer = true; - }; + # grub2-theme = { + # enable = true; + # theme = "vimix"; + # footer = true; + # }; }; supportedFilesystems = ["nfs"]; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 9ebbe7b..d5f4e41 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -5,7 +5,7 @@ ./editor/nano/default.nix ./editor/nvim/default.nix ./hardware/audio/default.nix - ./home-manager/default.nix + ./home-manager ./services ./system/networking ./system/security/boot diff --git a/modules/nixos/services/media/nextcloud/default.nix b/modules/nixos/services/media/nextcloud/default.nix index 9a66fe1..2b42509 100644 --- a/modules/nixos/services/media/nextcloud/default.nix +++ b/modules/nixos/services/media/nextcloud/default.nix @@ -41,14 +41,14 @@ in { groups.${cfg.group} = {}; }; - home-manager.users.${cfg.user}.home = { - stateVersion = config.system.stateVersion; + # home-manager.users.${cfg.user}.home = { + # stateVersion = config.system.stateVersion; - file.".netrc".text = '' - login root - password KaasIsAwesome! - ''; - }; + # file.".netrc".text = '' + # login root + # password KaasIsAwesome! + # ''; + # }; services.nextcloud = { enable = true; From ba7c3392b97518bdba608d913f01c1e36839233e Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 26 Mar 2026 14:00:25 +0100 Subject: [PATCH 05/58] wooooooot, we're compiling again --- flake.lock | 124 ++-- flake.nix | 36 +- lib/default.nix | 36 -- lib/strings/default.nix | 56 +- machines/ulmo/configuration.nix | 549 +++++++++--------- machines/ulmo/hardware.nix | 24 +- .../home/application/bitwarden/default.nix | 14 +- modules/home/application/chrome/default.nix | 1 - modules/home/application/discord/default.nix | 1 - modules/home/application/ladybird/default.nix | 14 +- modules/home/application/matrix/default.nix | 14 +- modules/home/application/obs/default.nix | 1 - .../home/application/onlyoffice/default.nix | 1 - modules/home/application/signal/default.nix | 14 +- modules/home/application/steam/default.nix | 1 - modules/home/application/studio/default.nix | 16 +- .../home/application/teamspeak/default.nix | 12 +- .../home/application/thunderbird/default.nix | 16 +- modules/home/application/zen/default.nix | 1 - modules/home/default.nix | 1 - modules/home/desktop/plasma/default.nix | 14 +- modules/home/development/dotnet/default.nix | 13 +- .../home/development/javascript/default.nix | 13 +- modules/home/development/rust/default.nix | 1 - modules/home/editor/nano/default.nix | 1 - modules/home/editor/nvim/default.nix | 1 - modules/home/editor/zed/default.nix | 14 +- modules/home/game/minecraft/default.nix | 1 - modules/home/shell/default.nix | 17 +- modules/home/shell/toolset/bat/default.nix | 1 - modules/home/shell/toolset/btop/default.nix | 1 - modules/home/shell/toolset/eza/default.nix | 1 - modules/home/shell/toolset/fzf/default.nix | 1 - modules/home/shell/toolset/git/default.nix | 1 - modules/home/shell/toolset/gnugpg/default.nix | 1 - modules/home/shell/toolset/just/default.nix | 1 - .../home/shell/toolset/starship/default.nix | 13 +- modules/home/shell/toolset/tmux/default.nix | 17 +- modules/home/shell/toolset/yazi/default.nix | 1 - modules/home/shell/toolset/zellij/default.nix | 13 +- modules/home/shell/toolset/zoxide/default.nix | 1 - modules/home/shell/zsh/default.nix | 11 +- modules/home/terminal/alacritty/default.nix | 1 - modules/home/terminal/ghostty/default.nix | 1 - modules/home/themes/default.nix | 1 - modules/nixos/application/steam.nix | 2 +- modules/nixos/boot/default.nix | 1 - modules/nixos/desktop/cosmic/default.nix | 1 - modules/nixos/desktop/default.nix | 1 - modules/nixos/desktop/gamescope/default.nix | 1 - modules/nixos/desktop/gnome/default.nix | 1 - modules/nixos/desktop/plasma/default.nix | 1 - modules/nixos/editor/nano/default.nix | 12 +- modules/nixos/editor/nvim/default.nix | 16 +- modules/nixos/hardware/audio/default.nix | 11 +- modules/nixos/hardware/bluetooth/default.nix | 12 +- modules/nixos/hardware/gpu/amd/default.nix | 1 - modules/nixos/hardware/gpu/nvidia.nix | 13 +- modules/nixos/hardware/gpu/nvidia/default.nix | 1 - modules/nixos/hardware/keyboard/voyager.nix | 1 - modules/nixos/nix/default.nix | 1 - .../authentication/authelia/default.nix | 1 - .../authentication/himmelblau/default.nix | 1 - .../authentication/zitadel/default.nix | 6 +- .../nixos/services/backup/borg/default.nix | 11 +- .../services/communication/matrix/default.nix | 1 - .../services/development/forgejo/default.nix | 1 - .../services/games/minecraft/default.nix | 1 - modules/nixos/services/games/openrct.nix | 1 - .../nixos/services/games/palworld/default.nix | 1 - modules/nixos/services/media/default.nix | 1 - .../nixos/services/media/glance/default.nix | 1 - .../nixos/services/media/jellyfin/default.nix | 1 - .../nixos/services/media/mydia/default.nix | 1 - .../services/media/nextcloud/default.nix | 1 - modules/nixos/services/media/nfs/default.nix | 12 +- .../nixos/services/media/servarr/default.nix | 5 +- .../services/networking/caddy/default.nix | 3 +- .../nixos/services/networking/ssh/default.nix | 1 - .../services/networking/wireguard/default.nix | 2 +- .../observability/grafana/default.nix | 1 - .../services/observability/loki/default.nix | 1 - .../observability/prometheus/default.nix | 19 +- .../observability/promtail/default.nix | 1 - .../observability/uptime-kuma/default.nix | 1 - .../persistance/postgesql/default.nix | 1 - .../services/security/vaultwarden/default.nix | 76 +-- .../virtualisation/podman/default.nix | 1 - modules/nixos/shells/zsh/default.nix | 1 - modules/nixos/system/networking/default.nix | 11 +- .../nixos/system/security/boot/default.nix | 1 - modules/nixos/system/security/default.nix | 1 - .../nixos/system/security/sops/default.nix | 5 +- .../nixos/system/security/sudo/default.nix | 10 +- 94 files changed, 654 insertions(+), 677 deletions(-) diff --git a/flake.lock b/flake.lock index 95c27cc..ec40c5c 100644 --- a/flake.lock +++ b/flake.lock @@ -71,15 +71,23 @@ "clan-core": { "inputs": { "data-mesher": "data-mesher", - "disko": "disko", + "disko": [ + "disko" + ], "flake-parts": [ "flake-parts" ], "nix-darwin": "nix-darwin", "nix-select": "nix-select", - "nixpkgs": "nixpkgs", - "sops-nix": "sops-nix", - "systems": "systems", + "nixpkgs": [ + "nixpkgs" + ], + "sops-nix": [ + "sops-nix" + ], + "systems": [ + "systems" + ], "treefmt-nix": "treefmt-nix" }, "locked": { @@ -139,7 +147,6 @@ "disko": { "inputs": { "nixpkgs": [ - "clan-core", "nixpkgs" ] }, @@ -160,7 +167,7 @@ "erosanix": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1773767380, @@ -264,7 +271,6 @@ "flake-parts": { "inputs": { "nixpkgs-lib": [ - "clan-core", "nixpkgs" ] }, @@ -369,7 +375,7 @@ "flux": { "inputs": { "mcman": "mcman", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1767316901, @@ -422,7 +428,7 @@ }, "grub2-themes": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1757136219, @@ -538,7 +544,7 @@ "mcman": { "inputs": { "crane": "crane", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1766962671, @@ -572,7 +578,7 @@ "mydia": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1764866402, @@ -656,8 +662,8 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_7", - "systems": "systems_2" + "nixpkgs": "nixpkgs_6", + "systems": "systems" }, "locked": { "lastModified": 1774407052, @@ -719,22 +725,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1772380631, - "narHash": "sha256-FhW0uxeXjefINP0vUD4yRBB52Us7fXZPk9RiPAopfiY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6d3b61b190a899042ce82a5355111976ba76d698", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "master", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1757347588, "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", @@ -749,7 +739,7 @@ "type": "indirect" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1766902085, "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", @@ -765,7 +755,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1774449288, "narHash": "sha256-ukB6NS45Oi62fQM4RpZfx3dpqxIu66ADCCFl6h72Fjo=", @@ -781,7 +771,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1764242076, "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", @@ -797,7 +787,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1769461804, "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", @@ -813,6 +803,22 @@ "type": "github" } }, + "nixpkgs_7": { + "locked": { + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_8": { "locked": { "lastModified": 1771008912, @@ -877,7 +883,7 @@ "mnw": "mnw", "ndg": "ndg", "nixpkgs": "nixpkgs_8", - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1774375131, @@ -919,6 +925,7 @@ "root": { "inputs": { "clan-core": "clan-core", + "disko": "disko", "erosanix": "erosanix", "fenix": "fenix", "flake-parts": "flake-parts", @@ -930,15 +937,12 @@ "jovian": "jovian", "mydia": "mydia", "nix-minecraft": "nix-minecraft", - "nixpkgs": [ - "clan-core", - "nixpkgs" - ], + "nixpkgs": "nixpkgs_7", "nvf": "nvf", "plasma-manager": "plasma-manager", - "sops-nix": "sops-nix_2", + "sops-nix": "sops-nix", "stylix": "stylix", - "systems": "systems_5", + "systems": "systems_4", "terranix": "terranix", "zen-browser": "zen-browser" } @@ -961,27 +965,6 @@ } }, "sops-nix": { - "inputs": { - "nixpkgs": [ - "clan-core", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1774154798, - "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "sops-nix_2": { "inputs": { "nixpkgs": "nixpkgs_9" }, @@ -1010,7 +993,7 @@ "gnome-shell": "gnome-shell", "nixpkgs": "nixpkgs_10", "nur": "nur", - "systems": "systems_4", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1106,28 +1089,13 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1773700838, diff --git a/flake.nix b/flake.nix index 0dd4189..9694a61 100644 --- a/flake.nix +++ b/flake.nix @@ -7,25 +7,37 @@ }; inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + flake-parts = { url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "clan-core/nixpkgs"; + inputs.nixpkgs-lib.follows = "nixpkgs"; }; import-tree.url = "github:vic/import-tree"; - - clan-core = { - url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; - inputs.flake-parts.follows = "flake-parts"; - }; - - nixpkgs.follows = "clan-core/nixpkgs"; systems.url = "github:nix-systems/default"; + sops-nix.url = "github:Mic92/sops-nix"; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + clan-core = { + url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; + inputs = { + flake-parts.follows = "flake-parts"; + nixpkgs.follows = "nixpkgs"; + sops-nix.follows = "sops-nix"; + disko.follows = "disko"; + systems.follows = "systems"; + }; + }; + plasma-manager = { url = "github:nix-community/plasma-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -52,8 +64,6 @@ flux.url = "github:IogaMaster/flux"; - sops-nix.url = "github:Mic92/sops-nix"; - # Azure AD for linux himmelblau = { url = "github:himmelblau-idm/himmelblau"; @@ -98,6 +108,8 @@ flake-parts.flakeModules.modules clan-core.flakeModules.default home-manager.flakeModules.default + terranix.flakeModule + ./packages/flake-module.nix ]; perSystem = {system, ...}: { @@ -113,9 +125,13 @@ config = { allowUnfree = true; + permittedInsecurePackages = [ # I think this is because of zen "qtwebengine-5.15.19" + + # For mautrix-signal, the matrix to signal bridge + "olm-3.2.16" ]; }; }; diff --git a/lib/default.nix b/lib/default.nix index c59ca61..e8edaf1 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -5,47 +5,12 @@ ... }: let inherit (lib) mkOption types; - namespace = "sneeuwvlok"; - - sharedContext = { - inherit inputs namespace; - erosanixLib = inputs.erosanix.lib; - repoRoot = ../.; - sneeuwvlokLib = config.localLib; - terranixLib = inputs.terranix.lib; - }; - - baseNixosModules = - [ - inputs.grub2-themes.nixosModules.default - inputs.home-manager.nixosModules.home-manager - inputs.himmelblau.nixosModules.himmelblau - inputs.jovian.nixosModules.default - inputs.mydia.nixosModules.default - inputs.nix-minecraft.nixosModules.minecraft-servers - inputs.nvf.nixosModules.default - inputs.sops-nix.nixosModules.sops - { - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = sharedContext; - sharedModules = config.localUsers.homeSharedModules; - }; - } - ] - ++ [../modules/nixos]; in { imports = [ ./options ./strings ]; - options.localLib = mkOption { - type = types.lazyAttrsOf types.raw; - default = {}; - }; - config = { _module.args = { inherit @@ -55,7 +20,6 @@ in { sharedContext systemOverlays ; - sneeuwvlokLib = config.localLib; }; flake.lib = config.localLib; diff --git a/lib/strings/default.nix b/lib/strings/default.nix index b9c7361..7ae1d78 100644 --- a/lib/strings/default.nix +++ b/lib/strings/default.nix @@ -2,36 +2,54 @@ inherit (builtins) isString typeOf match toString head; inherit (lib) throwIfNot concatStringsSep splitStringBy toLower map concatMapAttrsStringSep; in { - localLib.strings = { + strings = { #======================================================================================== # Converts a string to snake case # # simply replaces any uppercase letter to its lowercase variant preceeded by an underscore #======================================================================================== - toSnakeCase = - str: + toSnakeCase = str: throwIfNot (isString str) "toSnakeCase only accepts string values, but got ${typeOf str}" ( str - |> splitStringBy (prev: curr: builtins.match "[a-z]" prev != null && builtins.match "[A-Z]" curr != null) true - |> map (p: toLower p) - |> concatStringsSep "_" + |> splitStringBy (prev: curr: builtins.match "[a-z]" prev != null && builtins.match "[A-Z]" curr != null) true + |> map (p: toLower p) + |> concatStringsSep "_" ); #======================================================================================== # Converts a set of url parts to a string #======================================================================================== - toUrl = - { protocol ? null, host, port ? null, path ? null, query ? null, hash ? null }: - let - trim_slashes = str: str |> match "^\/*(.+?)\/*$" |> head; - encode_to_str = set: concatMapAttrsStringSep "&" (n: v: "${n}=${v}") set; - - _protocol = if protocol != null then "${protocol}://" else ""; - _port = if port != null then ":${toString port}" else ""; - _path = if path != null then "/${path |> trim_slashes}" else ""; - _query = if query != null then "?${query |> encode_to_str}" else ""; - _hash = if hash != null then "#${hash |> encode_to_str}" else ""; - in - "${_protocol}${host}${_port}${_path}${_query}${_hash}"; + toUrl = { + protocol ? null, + host, + port ? null, + path ? null, + query ? null, + hash ? null, + }: let + trim_slashes = str: str |> match "^\/*(.+?)\/*$" |> head; + encode_to_str = set: concatMapAttrsStringSep "&" (n: v: "${n}=${v}") set; + + _protocol = + if protocol != null + then "${protocol}://" + else ""; + _port = + if port != null + then ":${toString port}" + else ""; + _path = + if path != null + then "/${path |> trim_slashes}" + else ""; + _query = + if query != null + then "?${query |> encode_to_str}" + else ""; + _hash = + if hash != null + then "#${hash |> encode_to_str}" + else ""; + in "${_protocol}${host}${_port}${_path}${_query}${_hash}"; }; } diff --git a/machines/ulmo/configuration.nix b/machines/ulmo/configuration.nix index 4c9ebbb..41ab38c 100644 --- a/machines/ulmo/configuration.nix +++ b/machines/ulmo/configuration.nix @@ -1,301 +1,286 @@ { pkgs, - inputs, + lib, + self, ... }: { + _module.args = { + pkgs = lib.mkForce (import self.inputs.nixpkgs { + system = "x86_64-linux"; + + overlays = with self.inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + config = { + allowUnfree = true; + + permittedInsecurePackages = [ + # I think this is because of zen + "qtwebengine-5.15.19" + + # For mautrix-signal, the matrix to signal bridge + "olm-3.2.16" + ]; + }; + }); + }; + imports = [ ./disks.nix ./hardware.nix ../../modules/nixos + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops ]; - sneeuwvlok.application.steam.enable = true; - - nixpkgs.hostPlatform = "x86_64-linux"; system.stateVersion = "23.11"; - boot = { - kernelPackages = pkgs.linuxPackages_latest; + networking = { + interfaces.enp2s0 = { + ipv6.addresses = [ + { + address = "2a0d:6e00:1dc9:0::dead:beef"; + prefixLength = 64; + } + ]; - loader = { - systemd-boot.enable = false; - efi.canTouchEfiVariables = true; - grub = { + useDHCP = true; + }; + + defaultGateway = { + address = "192.168.1.1"; + interface = "enp2s0"; + }; + + defaultGateway6 = { + address = "fe80::1"; + interface = "enp2s0"; + }; + }; + + sneeuwvlok = { + services = { + backup.borg.enable = true; + + authentication.zitadel = { enable = true; - efiSupport = true; - efiInstallAsRemovable = false; - device = "nodev"; # INFO: https://discourse.nixos.org/t/question-about-grub-and-nodev + + organization = { + nix = { + user = { + chris = { + email = "chris@kruining.eu"; + firstName = "Chris"; + lastName = "Kruining"; + + roles = ["ORG_OWNER"]; + instanceRoles = ["IAM_OWNER"]; + }; + + kaas = { + email = "chris+kaas@kruining.eu"; + firstName = "Kaas"; + lastName = "Kruining"; + }; + }; + + project = { + ulmo = { + projectRoleCheck = true; + projectRoleAssertion = true; + hasProjectCheck = true; + + role = { + jellyfin = { + group = "jellyfin"; + }; + jellyfin_admin = { + group = "jellyfin"; + }; + }; + + assign = { + chris = ["jellyfin" "jellyfin_admin"]; + kaas = ["jellyfin"]; + }; + + application = { + jellyfin = { + redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + forgejo = { + redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + vaultwarden = { + redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + exportMap = { + client_id = "SSO_CLIENT_ID"; + client_secret = "SSO_CLIENT_SECRET"; + }; + }; + + matrix = { + redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + mydia = { + redirectUris = ["http://localhost:2010/auth/oidc/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + grafana = { + redirectUris = ["http://localhost:9001/login/generic_oauth"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + }; + }; + + convex = { + projectRoleCheck = true; + projectRoleAssertion = true; + hasProjectCheck = true; + + application = { + scry = { + redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + }; + }; + }; + + action = { + flattenRoles = { + script = '' + (ctx, api) => { + if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { + return; + } + + const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); + + api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); + }; + ''; + }; + }; + + triggers = [ + { + flowType = "customiseToken"; + triggerType = "preUserinfoCreation"; + actions = ["flattenRoles"]; + } + { + flowType = "customiseToken"; + triggerType = "preAccessTokenCreation"; + actions = ["flattenRoles"]; + } + ]; + }; + }; + }; + + communication.matrix.enable = true; + + development.forgejo.enable = true; + + networking.ssh.enable = true; + networking.caddy.hosts = { + # Expose amarht cloud stuff like this until I have a proper solution + "auth.amarth.cloud" = '' + reverse_proxy http://192.168.1.223:9092 + ''; + + "amarth.cloud" = '' + reverse_proxy http://192.168.1.223:8080 + ''; + }; + + media.enable = true; + media.glance.enable = true; + media.mydia.enable = true; + media.nfs.enable = true; + media.jellyfin.enable = true; + media.servarr = { + radarr = { + enable = true; + port = 2001; + rootFolders = [ + "/var/media/movies" + ]; + }; + + sonarr = { + enable = true; + # debug = true; + port = 2002; + rootFolders = [ + "/var/media/series" + ]; + }; + + lidarr = { + enable = true; + debug = true; + port = 2003; + rootFolders = [ + "/var/media/music" + ]; + }; + + prowlarr = { + enable = true; + # debug = true; + port = 2004; + }; + }; + + observability = { + grafana.enable = true; + prometheus.enable = true; + loki.enable = true; + promtail.enable = true; + # uptime-kuma.enable = true; + }; + + security.vaultwarden = { + enable = true; + database = { + # type = "sqlite"; + # file = "/var/lib/vaultwarden/state.db"; + + type = "postgresql"; + host = "localhost"; + port = 5432; + sslMode = "disabled"; + }; }; }; - supportedFilesystems = ["nfs"]; + editor = { + nano.enable = true; + }; }; - - # sneeuwvlok.application.steam.enable = true; - - # networking = { - # interfaces.enp2s0 = { - # ipv6.addresses = [ - # { - # address = "2a0d:6e00:1dc9:0::dead:beef"; - # prefixLength = 64; - # } - # ]; - - # useDHCP = true; - # }; - - # defaultGateway = { - # address = "192.168.1.1"; - # interface = "enp2s0"; - # }; - - # defaultGateway6 = { - # address = "fe80::1"; - # interface = "enp2s0"; - # }; - # }; - - # # virtualisation = { - # # containers.enable = true; - # # podman = { - # # enable = true; - # # dockerCompat = true; - # # }; - - # # oci-containers = { - # # backend = "podman"; - # # containers = { - # # homey = { - # # image = "ghcr.io/athombv/homey-shs:latest"; - # # autoStart = true; - # # privileged = true; - # # volumes = [ - # # "/home/chris/.homey-shs:/homey/user" - # # ]; - # # ports = [ - # # "4859:4859" - # # ]; - # # }; - # # }; - # # }; - # # }; - - # # sneeuwvlok = { - # # services = { - # # backup.borg.enable = true; - - # # authentication.zitadel = { - # # enable = true; - - # # organization = { - # # nix = { - # # user = { - # # chris = { - # # email = "chris@kruining.eu"; - # # firstName = "Chris"; - # # lastName = "Kruining"; - - # # roles = ["ORG_OWNER"]; - # # instanceRoles = ["IAM_OWNER"]; - # # }; - - # # kaas = { - # # email = "chris+kaas@kruining.eu"; - # # firstName = "Kaas"; - # # lastName = "Kruining"; - # # }; - # # }; - - # # project = { - # # ulmo = { - # # projectRoleCheck = true; - # # projectRoleAssertion = true; - # # hasProjectCheck = true; - - # # role = { - # # jellyfin = { - # # group = "jellyfin"; - # # }; - # # jellyfin_admin = { - # # group = "jellyfin"; - # # }; - # # }; - - # # assign = { - # # chris = ["jellyfin" "jellyfin_admin"]; - # # kaas = ["jellyfin"]; - # # }; - - # # application = { - # # jellyfin = { - # # redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - - # # forgejo = { - # # redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - - # # vaultwarden = { - # # redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # exportMap = { - # # client_id = "SSO_CLIENT_ID"; - # # client_secret = "SSO_CLIENT_SECRET"; - # # }; - # # }; - - # # matrix = { - # # redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - - # # mydia = { - # # redirectUris = ["http://localhost:2010/auth/oidc/callback"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - - # # grafana = { - # # redirectUris = ["http://localhost:9001/login/generic_oauth"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - # # }; - # # }; - - # # convex = { - # # projectRoleCheck = true; - # # projectRoleAssertion = true; - # # hasProjectCheck = true; - - # # application = { - # # scry = { - # # redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; - # # grantTypes = ["authorizationCode"]; - # # responseTypes = ["code"]; - # # }; - # # }; - # # }; - # # }; - - # # action = { - # # flattenRoles = { - # # script = '' - # # (ctx, api) => { - # # if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { - # # return; - # # } - - # # const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); - - # # api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); - # # }; - # # ''; - # # }; - # # }; - - # # triggers = [ - # # { - # # flowType = "customiseToken"; - # # triggerType = "preUserinfoCreation"; - # # actions = ["flattenRoles"]; - # # } - # # { - # # flowType = "customiseToken"; - # # triggerType = "preAccessTokenCreation"; - # # actions = ["flattenRoles"]; - # # } - # # ]; - # # }; - # # }; - # # }; - - # # communication.matrix.enable = true; - - # # development.forgejo.enable = true; - - # # networking.ssh.enable = true; - # # networking.caddy.hosts = { - # # # Expose amarht cloud stuff like this until I have a proper solution - # # "auth.amarth.cloud" = '' - # # reverse_proxy http://192.168.1.223:9092 - # # ''; - - # # "amarth.cloud" = '' - # # reverse_proxy http://192.168.1.223:8080 - # # ''; - # # }; - - # # media.enable = true; - # # media.glance.enable = true; - # # media.mydia.enable = true; - # # media.nfs.enable = true; - # # media.jellyfin.enable = true; - # # media.servarr = { - # # radarr = { - # # enable = true; - # # port = 2001; - # # rootFolders = [ - # # "/var/media/movies" - # # ]; - # # }; - - # # sonarr = { - # # enable = true; - # # # debug = true; - # # port = 2002; - # # rootFolders = [ - # # "/var/media/series" - # # ]; - # # }; - - # # lidarr = { - # # enable = true; - # # debug = true; - # # port = 2003; - # # rootFolders = [ - # # "/var/media/music" - # # ]; - # # }; - - # # prowlarr = { - # # enable = true; - # # # debug = true; - # # port = 2004; - # # }; - # # }; - - # # observability = { - # # grafana.enable = true; - # # prometheus.enable = true; - # # loki.enable = true; - # # promtail.enable = true; - # # # uptime-kuma.enable = true; - # # }; - - # # security.vaultwarden = { - # # enable = true; - # # database = { - # # # type = "sqlite"; - # # # file = "/var/lib/vaultwarden/state.db"; - - # # type = "postgresql"; - # # host = "localhost"; - # # port = 5432; - # # sslMode = "disabled"; - # # }; - # # }; - # # }; - - # # editor = { - # # nano.enable = true; - # # }; - # # }; } diff --git a/machines/ulmo/hardware.nix b/machines/ulmo/hardware.nix index 1c05d11..77439d0 100644 --- a/machines/ulmo/hardware.nix +++ b/machines/ulmo/hardware.nix @@ -1,18 +1,20 @@ -{ config, lib, pkgs, modulesPath, ... }: -let - inherit (lib.modules) mkDefault; -in { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - + config, + pkgs, + lib, + modulesPath, + ... +}: let + inherit (lib.modules) mkDefault; +in { boot = { - initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-intel" ]; + initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + initrd.kernelModules = []; + kernelModules = ["kvm-intel"]; kernelParams = []; - extraModulePackages = [ ]; + extraModulePackages = []; }; - nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; + nixpkgs.hostPlatform = "x86_64-linux"; hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/modules/home/application/bitwarden/default.nix b/modules/home/application/bitwarden/default.nix index 5d62919..bd9c02d 100644 --- a/modules/home/application/bitwarden/default.nix +++ b/modules/home/application/bitwarden/default.nix @@ -1,15 +1,19 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.bitwarden; -in -{ +in { options.sneeuwvlok.application.bitwarden = { enable = mkEnableOption "enable bitwarden"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ bitwarden-desktop ]; + home.packages = with pkgs; [bitwarden-desktop]; }; } diff --git a/modules/home/application/chrome/default.nix b/modules/home/application/chrome/default.nix index 1848836..142abaa 100644 --- a/modules/home/application/chrome/default.nix +++ b/modules/home/application/chrome/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/application/discord/default.nix b/modules/home/application/discord/default.nix index edb640a..f459cae 100644 --- a/modules/home/application/discord/default.nix +++ b/modules/home/application/discord/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/application/ladybird/default.nix b/modules/home/application/ladybird/default.nix index f1ad1ea..9d4d3d3 100644 --- a/modules/home/application/ladybird/default.nix +++ b/modules/home/application/ladybird/default.nix @@ -1,15 +1,19 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.ladybird; -in -{ +in { options.sneeuwvlok.application.ladybird = { enable = mkEnableOption "enable ladybird"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ ladybird ]; + home.packages = with pkgs; [ladybird]; }; } diff --git a/modules/home/application/matrix/default.nix b/modules/home/application/matrix/default.nix index d09ea11..1164ad6 100644 --- a/modules/home/application/matrix/default.nix +++ b/modules/home/application/matrix/default.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, namespace, osConfig ? {}, ... }: -let +{ + config, + lib, + pkgs, + osConfig ? {}, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.matrix; -in -{ +in { options.sneeuwvlok.application.matrix = { enable = mkEnableOption "enable Matrix client (Fractal)"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ fractal element-desktop ]; + home.packages = with pkgs; [fractal element-desktop]; programs.element-desktop = { enable = true; diff --git a/modules/home/application/obs/default.nix b/modules/home/application/obs/default.nix index e6ee4e3..40a3c54 100644 --- a/modules/home/application/obs/default.nix +++ b/modules/home/application/obs/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, osConfig ? {}, ... }: let diff --git a/modules/home/application/onlyoffice/default.nix b/modules/home/application/onlyoffice/default.nix index 02484ca..33706ee 100644 --- a/modules/home/application/onlyoffice/default.nix +++ b/modules/home/application/onlyoffice/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/application/signal/default.nix b/modules/home/application/signal/default.nix index 1c591bf..5377795 100644 --- a/modules/home/application/signal/default.nix +++ b/modules/home/application/signal/default.nix @@ -1,15 +1,19 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.signal; -in -{ +in { options.sneeuwvlok.application.signal = { enable = mkEnableOption "enable signal"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ signal-desktop ]; + home.packages = with pkgs; [signal-desktop]; }; } diff --git a/modules/home/application/steam/default.nix b/modules/home/application/steam/default.nix index 28a8e93..80b6321 100644 --- a/modules/home/application/steam/default.nix +++ b/modules/home/application/steam/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/application/studio/default.nix b/modules/home/application/studio/default.nix index c883eac..1b4dc27 100644 --- a/modules/home/application/studio/default.nix +++ b/modules/home/application/studio/default.nix @@ -1,18 +1,18 @@ -{ config, lib, pkgs, namespace, repoRoot, erosanixLib, ... }: -let +{ + config, + lib, + self, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.studio; - studioPackage = pkgs.callPackage (repoRoot + "/packages/studio/package.nix") { - inherit erosanixLib; - }; -in -{ +in { options.sneeuwvlok.application.studio = { enable = mkEnableOption "enable Bricklink Studio"; }; config = mkIf cfg.enable { - home.packages = [ studioPackage ]; + home.packages = [self.packages.studio]; }; } diff --git a/modules/home/application/teamspeak/default.nix b/modules/home/application/teamspeak/default.nix index 031de79..7ff7bf2 100644 --- a/modules/home/application/teamspeak/default.nix +++ b/modules/home/application/teamspeak/default.nix @@ -1,10 +1,14 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.teamspeak; -in -{ +in { options.sneeuwvlok.application.teamspeak = { enable = mkEnableOption "enable teamspeak"; }; diff --git a/modules/home/application/thunderbird/default.nix b/modules/home/application/thunderbird/default.nix index 3392358..f21cb4a 100644 --- a/modules/home/application/thunderbird/default.nix +++ b/modules/home/application/thunderbird/default.nix @@ -1,10 +1,14 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.application.thunderbird; -in -{ +in { options.sneeuwvlok.application.thunderbird = { enable = mkEnableOption "enable thunderbird"; }; @@ -14,7 +18,7 @@ in enable = true; package = pkgs.thunderbird-latest; - profiles.chris = { + profiles.chris = { isDefault = true; }; }; @@ -30,7 +34,7 @@ in }; thunderbird = { enable = true; - profiles = [ "chris" ]; + profiles = ["chris"]; }; }; diff --git a/modules/home/application/zen/default.nix b/modules/home/application/zen/default.nix index b8a2505..e018ea6 100644 --- a/modules/home/application/zen/default.nix +++ b/modules/home/application/zen/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/default.nix b/modules/home/default.nix index 92a65e5..1adaef0 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, ... }: let inherit (lib) mkOption; diff --git a/modules/home/desktop/plasma/default.nix b/modules/home/desktop/plasma/default.nix index f6e629e..368dc41 100644 --- a/modules/home/desktop/plasma/default.nix +++ b/modules/home/desktop/plasma/default.nix @@ -1,13 +1,15 @@ -{ config, lib, namespace, osConfig ? {}, ... }: -let +{ + config, + lib, + osConfig ? {}, + ... +}: let inherit (lib) mkIf; cfg = config.sneeuwvlok.desktop.plasma; - osCfg = osConfig.sneeuwvlok.desktop.plasma or { enable = false; }; -in -{ + osCfg = osConfig.sneeuwvlok.desktop.plasma or {enable = false;}; +in { options.sneeuwvlok.desktop.plasma = { - }; config = mkIf osCfg.enable { diff --git a/modules/home/development/dotnet/default.nix b/modules/home/development/dotnet/default.nix index e1d0f7c..0f2d0b9 100644 --- a/modules/home/development/dotnet/default.nix +++ b/modules/home/development/dotnet/default.nix @@ -1,15 +1,18 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; cfg = config.sneeuwvlok.development.dotnet; -in -{ +in { options.sneeuwvlok.development.dotnet = { enable = mkEnableOption "Enable dotnet development tools"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ dotnet-sdk_8 ]; + home.packages = with pkgs; [dotnet-sdk_8]; }; } diff --git a/modules/home/development/javascript/default.nix b/modules/home/development/javascript/default.nix index 40c94b4..9dfc3be 100644 --- a/modules/home/development/javascript/default.nix +++ b/modules/home/development/javascript/default.nix @@ -1,15 +1,18 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; cfg = config.sneeuwvlok.development.javascript; -in -{ +in { options.sneeuwvlok.development.javascript = { enable = mkEnableOption "Enable javascript development tools"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ bun nodejs nodePackages_latest.typescript-language-server ]; + home.packages = with pkgs; [bun nodejs nodePackages_latest.typescript-language-server]; }; } diff --git a/modules/home/development/rust/default.nix b/modules/home/development/rust/default.nix index f545e7e..3a56f2a 100644 --- a/modules/home/development/rust/default.nix +++ b/modules/home/development/rust/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; diff --git a/modules/home/editor/nano/default.nix b/modules/home/editor/nano/default.nix index f436775..270549b 100644 --- a/modules/home/editor/nano/default.nix +++ b/modules/home/editor/nano/default.nix @@ -3,7 +3,6 @@ options, lib, pkgs, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; diff --git a/modules/home/editor/nvim/default.nix b/modules/home/editor/nvim/default.nix index fcb0b25..9b3e523 100644 --- a/modules/home/editor/nvim/default.nix +++ b/modules/home/editor/nvim/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/editor/zed/default.nix b/modules/home/editor/zed/default.nix index 2da026c..7bc2ad7 100644 --- a/modules/home/editor/zed/default.nix +++ b/modules/home/editor/zed/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, namespace, ... }: let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.editor.zed; @@ -9,13 +14,16 @@ in { config = mkIf cfg.enable { home.packages = with pkgs; [ - zed-editor nixd nil alejandra + zed-editor + nixd + nil + alejandra ]; programs.zed-editor = { enable = true; - extensions = [ "nix" "toml" "html" "just-ls" ]; + extensions = ["nix" "toml" "html" "just-ls"]; userSettings = { assistant.enabled = false; diff --git a/modules/home/game/minecraft/default.nix b/modules/home/game/minecraft/default.nix index fbdcc9d..384142e 100644 --- a/modules/home/game/minecraft/default.nix +++ b/modules/home/game/minecraft/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/default.nix b/modules/home/shell/default.nix index 2081c59..5639286 100644 --- a/modules/home/shell/default.nix +++ b/modules/home/shell/default.nix @@ -1,10 +1,13 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkMerge mkEnableOption mkDefault; cfg = config.sneeuwvlok.shell; -in -{ +in { imports = [ ./toolset ./zsh @@ -30,8 +33,8 @@ in }; }) - ({ - home.packages = with pkgs; [ any-nix-shell pwgen yt-dlp ripdrag fd (ripgrep.override {withPCRE2 = true;}) ]; + { + home.packages = with pkgs; [any-nix-shell pwgen yt-dlp ripdrag fd (ripgrep.override {withPCRE2 = true;})]; programs = { direnv = { @@ -45,6 +48,6 @@ in config.whitelist.prefix = ["/home"]; }; }; - }) + } ]; } diff --git a/modules/home/shell/toolset/bat/default.nix b/modules/home/shell/toolset/bat/default.nix index 0c403ee..101e3d8 100644 --- a/modules/home/shell/toolset/bat/default.nix +++ b/modules/home/shell/toolset/bat/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/btop/default.nix b/modules/home/shell/toolset/btop/default.nix index 4368367..cbcddde 100644 --- a/modules/home/shell/toolset/btop/default.nix +++ b/modules/home/shell/toolset/btop/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/eza/default.nix b/modules/home/shell/toolset/eza/default.nix index 463e9ae..f0d7b94 100644 --- a/modules/home/shell/toolset/eza/default.nix +++ b/modules/home/shell/toolset/eza/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/fzf/default.nix b/modules/home/shell/toolset/fzf/default.nix index 7e0706b..7054e4a 100644 --- a/modules/home/shell/toolset/fzf/default.nix +++ b/modules/home/shell/toolset/fzf/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/git/default.nix b/modules/home/shell/toolset/git/default.nix index 9f42376..7412ce1 100644 --- a/modules/home/shell/toolset/git/default.nix +++ b/modules/home/shell/toolset/git/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; diff --git a/modules/home/shell/toolset/gnugpg/default.nix b/modules/home/shell/toolset/gnugpg/default.nix index 8340ba4..1f4dc1e 100644 --- a/modules/home/shell/toolset/gnugpg/default.nix +++ b/modules/home/shell/toolset/gnugpg/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/just/default.nix b/modules/home/shell/toolset/just/default.nix index 983b5d6..6f7e67e 100644 --- a/modules/home/shell/toolset/just/default.nix +++ b/modules/home/shell/toolset/just/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; diff --git a/modules/home/shell/toolset/starship/default.nix b/modules/home/shell/toolset/starship/default.nix index 9c52947..3a99fdd 100644 --- a/modules/home/shell/toolset/starship/default.nix +++ b/modules/home/shell/toolset/starship/default.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.shell.toolset.starship; -in -{ +in { options.sneeuwvlok.shell.toolset.starship = { enable = mkEnableOption "fancy pansy shell prompt"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ starship ]; + home.packages = with pkgs; [starship]; programs.starship = { enable = true; diff --git a/modules/home/shell/toolset/tmux/default.nix b/modules/home/shell/toolset/tmux/default.nix index 95c54d4..34e20dd 100644 --- a/modules/home/shell/toolset/tmux/default.nix +++ b/modules/home/shell/toolset/tmux/default.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.shell.toolset.tmux; -in -{ - options.sneeuwvlok.shell.toolset.tmux = { - enable = mkEnableOption "terminal multiplexer"; +in { + options.sneeuwvlok.shell.toolset.tmux = { + enable = mkEnableOption "terminal multiplexer"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ tmux ]; + home.packages = with pkgs; [tmux]; programs.tmux = { enable = true; diff --git a/modules/home/shell/toolset/yazi/default.nix b/modules/home/shell/toolset/yazi/default.nix index 4c5f2f5..6ad6519 100644 --- a/modules/home/shell/toolset/yazi/default.nix +++ b/modules/home/shell/toolset/yazi/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/toolset/zellij/default.nix b/modules/home/shell/toolset/zellij/default.nix index fb366e1..52e69f4 100644 --- a/modules/home/shell/toolset/zellij/default.nix +++ b/modules/home/shell/toolset/zellij/default.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.shell.toolset.zellij; -in -{ +in { options.sneeuwvlok.shell.toolset.zellij = { enable = mkEnableOption "terminal multiplexer"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ zellij ]; + home.packages = with pkgs; [zellij]; programs.zellij = { enable = true; diff --git a/modules/home/shell/toolset/zoxide/default.nix b/modules/home/shell/toolset/zoxide/default.nix index 53a1f35..25f4508 100644 --- a/modules/home/shell/toolset/zoxide/default.nix +++ b/modules/home/shell/toolset/zoxide/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/shell/zsh/default.nix b/modules/home/shell/zsh/default.nix index 02dc043..a202fa3 100644 --- a/modules/home/shell/zsh/default.nix +++ b/modules/home/shell/zsh/default.nix @@ -1,10 +1,13 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.shell.zsh; -in -{ +in { options.sneeuwvlok.shell.zsh = { enable = mkEnableOption "enable ZSH"; }; diff --git a/modules/home/terminal/alacritty/default.nix b/modules/home/terminal/alacritty/default.nix index 73468f6..6b46514 100644 --- a/modules/home/terminal/alacritty/default.nix +++ b/modules/home/terminal/alacritty/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/terminal/ghostty/default.nix b/modules/home/terminal/ghostty/default.nix index 6949df1..65487a9 100644 --- a/modules/home/terminal/ghostty/default.nix +++ b/modules/home/terminal/ghostty/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/home/themes/default.nix b/modules/home/themes/default.nix index d6f8b6a..37dcb39 100644 --- a/modules/home/themes/default.nix +++ b/modules/home/themes/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, osConfig ? {}, ... }: let diff --git a/modules/nixos/application/steam.nix b/modules/nixos/application/steam.nix index de83987..6b6319b 100644 --- a/modules/nixos/application/steam.nix +++ b/modules/nixos/application/steam.nix @@ -12,7 +12,7 @@ in { enable = mkEnableOption "enable steam"; }; config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [steam]; + # environment.systemPackages = with pkgs; [steam]; programs = { steam = { diff --git a/modules/nixos/boot/default.nix b/modules/nixos/boot/default.nix index de3303a..8a8a204 100644 --- a/modules/nixos/boot/default.nix +++ b/modules/nixos/boot/default.nix @@ -1,7 +1,6 @@ { inputs, lib, - namespace, config, pkgs, ... diff --git a/modules/nixos/desktop/cosmic/default.nix b/modules/nixos/desktop/cosmic/default.nix index c4531ba..78e0bc4 100644 --- a/modules/nixos/desktop/cosmic/default.nix +++ b/modules/nixos/desktop/cosmic/default.nix @@ -1,7 +1,6 @@ { lib, config, - namespace, inputs, ... }: let diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index d231d9a..4ab3530 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -1,7 +1,6 @@ { lib, config, - namespace, ... }: let inherit (lib) mkIf mkOption mkEnableOption mkMerge; diff --git a/modules/nixos/desktop/gamescope/default.nix b/modules/nixos/desktop/gamescope/default.nix index 500a3fa..2ccd631 100644 --- a/modules/nixos/desktop/gamescope/default.nix +++ b/modules/nixos/desktop/gamescope/default.nix @@ -1,7 +1,6 @@ { lib, config, - namespace, ... }: let inherit (lib) mkIf mkEnableOption mkForce; diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix index ad1eac4..3deb9be 100644 --- a/modules/nixos/desktop/gnome/default.nix +++ b/modules/nixos/desktop/gnome/default.nix @@ -1,7 +1,6 @@ { lib, config, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma/default.nix index 0c0ea58..06bc31d 100644 --- a/modules/nixos/desktop/plasma/default.nix +++ b/modules/nixos/desktop/plasma/default.nix @@ -2,7 +2,6 @@ pkgs, lib, config, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/editor/nano/default.nix b/modules/nixos/editor/nano/default.nix index 6d89c72..26ec1db 100644 --- a/modules/nixos/editor/nano/default.nix +++ b/modules/nixos/editor/nano/default.nix @@ -1,10 +1,14 @@ -{ config, options, lib, pkgs, namespace, ... }: -let +{ + config, + options, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; cfg = config.sneeuwvlok.editor.nano; -in -{ +in { options.sneeuwvlok.editor.nano = { enable = mkEnableOption "nano"; }; diff --git a/modules/nixos/editor/nvim/default.nix b/modules/nixos/editor/nvim/default.nix index 624c7c1..1179957 100644 --- a/modules/nixos/editor/nvim/default.nix +++ b/modules/nixos/editor/nvim/default.nix @@ -1,14 +1,18 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.editor.nvim; -in -{ +in { options.sneeuwvlok.editor.nvim = { enable = mkEnableOption "enable nvim via nvf on system level"; }; - config = mkIf cfg.enable { - }; + config = + mkIf cfg.enable { + }; } diff --git a/modules/nixos/hardware/audio/default.nix b/modules/nixos/hardware/audio/default.nix index ca01562..e507417 100644 --- a/modules/nixos/hardware/audio/default.nix +++ b/modules/nixos/hardware/audio/default.nix @@ -1,10 +1,13 @@ -{ pkgs, lib, namespace, config, ... }: -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.hardware.has.audio; -in -{ +in { options.sneeuwvlok.hardware.has.audio = mkEnableOption "Enable bluetooth"; config = mkIf cfg { diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index 8fbf999..720d121 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -1,10 +1,12 @@ -{ lib, namespace, config, ... }: -let +{ + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.hardware.has.bluetooth; -in -{ +in { options.sneeuwvlok.hardware.has.bluetooth = mkEnableOption "Enable bluetooth"; config = mkIf cfg { @@ -21,7 +23,7 @@ in "bluez5.enable-sbc-xq" = true; "bluez5.enable-msbc" = true; "bluez5.enable-hw-volume" = true; - "bluez5.roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ]; + "bluez5.roles" = ["hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag"]; }; }; }; diff --git a/modules/nixos/hardware/gpu/amd/default.nix b/modules/nixos/hardware/gpu/amd/default.nix index e1da9e8..58ddd6a 100644 --- a/modules/nixos/hardware/gpu/amd/default.nix +++ b/modules/nixos/hardware/gpu/amd/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - namespace, config, ... }: let diff --git a/modules/nixos/hardware/gpu/nvidia.nix b/modules/nixos/hardware/gpu/nvidia.nix index b0296ca..2d04757 100644 --- a/modules/nixos/hardware/gpu/nvidia.nix +++ b/modules/nixos/hardware/gpu/nvidia.nix @@ -1,14 +1,17 @@ -{ pkgs, lib, namespace, config, ... }: -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.hardware.has.gpu.nvidia; -in -{ +in { options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; config = mkIf cfg { - services.xserver.videoDrivers = [ "nvidia" ]; + services.xserver.videoDrivers = ["nvidia"]; hardware = { graphics = { diff --git a/modules/nixos/hardware/gpu/nvidia/default.nix b/modules/nixos/hardware/gpu/nvidia/default.nix index 48c5a54..c12a650 100644 --- a/modules/nixos/hardware/gpu/nvidia/default.nix +++ b/modules/nixos/hardware/gpu/nvidia/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - namespace, config, ... }: let diff --git a/modules/nixos/hardware/keyboard/voyager.nix b/modules/nixos/hardware/keyboard/voyager.nix index e97b7da..63ddac9 100644 --- a/modules/nixos/hardware/keyboard/voyager.nix +++ b/modules/nixos/hardware/keyboard/voyager.nix @@ -2,7 +2,6 @@ lib, config, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 24db3dc..870dd24 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - namespace, config, ... }: let diff --git a/modules/nixos/services/authentication/authelia/default.nix b/modules/nixos/services/authentication/authelia/default.nix index 8121ad8..1a1b8ff 100644 --- a/modules/nixos/services/authentication/authelia/default.nix +++ b/modules/nixos/services/authentication/authelia/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/authentication/himmelblau/default.nix b/modules/nixos/services/authentication/himmelblau/default.nix index f30a079..4a52840 100644 --- a/modules/nixos/services/authentication/himmelblau/default.nix +++ b/modules/nixos/services/authentication/himmelblau/default.nix @@ -1,7 +1,6 @@ { lib, config, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index 8168a5a..6921302 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -1,7 +1,7 @@ -{ config, lib, pkgs, namespace, terranixLib, sneeuwvlokLib, ... }: +{ config, lib, pkgs, self, ... }: let inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; - inherit (sneeuwvlokLib.strings) toSnakeCase; + inherit ((import ../../../../../lib/strings { inherit lib;}).strings) toSnakeCase; cfg = config.sneeuwvlok.services.authentication.zitadel; @@ -339,7 +339,7 @@ in config' = config; # this is a nix package, the generated json file to be exact - terraformConfiguration = terranixLib.terranixConfiguration { + terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { system = pkgs.stdenv.hostPlatform.system; modules = [ diff --git a/modules/nixos/services/backup/borg/default.nix b/modules/nixos/services/backup/borg/default.nix index f892bca..417c911 100644 --- a/modules/nixos/services/backup/borg/default.nix +++ b/modules/nixos/services/backup/borg/default.nix @@ -1,10 +1,13 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.services.backup.borg; -in -{ +in { options.sneeuwvlok.services.backup.borg = { enable = mkEnableOption "Borg Backup"; }; diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 210835f..9cd78a5 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (builtins) toString toJSON; diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo/default.nix index ae5379b..8e99c20 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (builtins) toString; diff --git a/modules/nixos/services/games/minecraft/default.nix b/modules/nixos/services/games/minecraft/default.nix index 4488833..4d9b8b9 100644 --- a/modules/nixos/services/games/minecraft/default.nix +++ b/modules/nixos/services/games/minecraft/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption mkOption; diff --git a/modules/nixos/services/games/openrct.nix b/modules/nixos/services/games/openrct.nix index 0090ffa..196ae12 100644 --- a/modules/nixos/services/games/openrct.nix +++ b/modules/nixos/services/games/openrct.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/games/palworld/default.nix b/modules/nixos/services/games/palworld/default.nix index e1414a4..d6de43b 100644 --- a/modules/nixos/services/games/palworld/default.nix +++ b/modules/nixos/services/games/palworld/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index d2395ef..6916474 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - namespace, config, ... }: let diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix index 0e94a21..29e4cc6 100644 --- a/modules/nixos/services/media/glance/default.nix +++ b/modules/nixos/services/media/glance/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/media/jellyfin/default.nix b/modules/nixos/services/media/jellyfin/default.nix index 2f8d43f..315838c 100644 --- a/modules/nixos/services/media/jellyfin/default.nix +++ b/modules/nixos/services/media/jellyfin/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, inputs, ... }: let diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix index 9bfa87d..9c305c9 100644 --- a/modules/nixos/services/media/mydia/default.nix +++ b/modules/nixos/services/media/mydia/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/media/nextcloud/default.nix b/modules/nixos/services/media/nextcloud/default.nix index 2b42509..eb8c9da 100644 --- a/modules/nixos/services/media/nextcloud/default.nix +++ b/modules/nixos/services/media/nextcloud/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption mkOption; diff --git a/modules/nixos/services/media/nfs/default.nix b/modules/nixos/services/media/nfs/default.nix index efea82c..1028c73 100644 --- a/modules/nixos/services/media/nfs/default.nix +++ b/modules/nixos/services/media/nfs/default.nix @@ -1,16 +1,18 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.services.media.nfs; -in -{ +in { options.sneeuwvlok.services.media.nfs = { enable = mkEnableOption "Enable NFS"; }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 2049 ]; + networking.firewall.allowedTCPPorts = [2049]; services.nfs.server = { enable = true; diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 8f3e5db..2c6125d 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -2,8 +2,7 @@ pkgs, config, lib, - namespace, - terranixLib, + self, ... }: let inherit (builtins) toString; @@ -154,7 +153,7 @@ in { config' = config; lib' = lib; - terraformConfiguration = terranixLib.terranixConfiguration { + terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { system = pkgs.stdenv.hostPlatform.system; modules = [ diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix index f2ee8fd..6194808 100644 --- a/modules/nixos/services/networking/caddy/default.nix +++ b/modules/nixos/services/networking/caddy/default.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - namespace, ... }: let inherit (builtins) length; @@ -12,7 +11,7 @@ hasHosts = (cfg.hosts |> attrNames |> length) > 0; caddyPackage = pkgs.caddy.withPlugins { plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; - hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs="; + hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; }; in { options.sneeuwvlok.services.networking.caddy = { diff --git a/modules/nixos/services/networking/ssh/default.nix b/modules/nixos/services/networking/ssh/default.nix index e0442d7..60ca00a 100644 --- a/modules/nixos/services/networking/ssh/default.nix +++ b/modules/nixos/services/networking/ssh/default.nix @@ -1,7 +1,6 @@ { config, lib, - namespace, ... }: let inherit (lib.modules) mkIf; diff --git a/modules/nixos/services/networking/wireguard/default.nix b/modules/nixos/services/networking/wireguard/default.nix index bf22a53..01534c0 100644 --- a/modules/nixos/services/networking/wireguard/default.nix +++ b/modules/nixos/services/networking/wireguard/default.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - namespace, ... }: let inherit (builtins) length; @@ -29,6 +28,7 @@ in { }; }; }); + default = {}; }; }; diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index 40fdc38..c3a5f9a 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, ... }: let inherit (lib.modules) mkIf; diff --git a/modules/nixos/services/observability/loki/default.nix b/modules/nixos/services/observability/loki/default.nix index abe42ca..e45d680 100644 --- a/modules/nixos/services/observability/loki/default.nix +++ b/modules/nixos/services/observability/loki/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, ... }: let inherit (lib.modules) mkIf; diff --git a/modules/nixos/services/observability/prometheus/default.nix b/modules/nixos/services/observability/prometheus/default.nix index 191d7c1..06c496c 100644 --- a/modules/nixos/services/observability/prometheus/default.nix +++ b/modules/nixos/services/observability/prometheus/default.nix @@ -1,11 +1,14 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + ... +}: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption; cfg = config.sneeuwvlok.services.observability.prometheus; -in -{ +in { options.sneeuwvlok.services.observability.prometheus = { enable = mkEnableOption "enable Prometheus"; }; @@ -21,14 +24,14 @@ in { job_name = "prometheus"; static_configs = [ - { targets = [ "localhost:9002" ]; } + {targets = ["localhost:9002"];} ]; } { job_name = "node"; static_configs = [ - { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; } + {targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];} ]; } ]; @@ -37,12 +40,12 @@ in node = { enable = true; port = 9005; - enabledCollectors = [ "systemd" ]; + enabledCollectors = ["systemd"]; openFirewall = true; }; }; }; - networking.firewall.allowedTCPPorts = [ 9002 ]; + networking.firewall.allowedTCPPorts = [9002]; }; } diff --git a/modules/nixos/services/observability/promtail/default.nix b/modules/nixos/services/observability/promtail/default.nix index 80bac51..cf5e6c1 100644 --- a/modules/nixos/services/observability/promtail/default.nix +++ b/modules/nixos/services/observability/promtail/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, ... }: let inherit (lib.modules) mkIf; diff --git a/modules/nixos/services/observability/uptime-kuma/default.nix b/modules/nixos/services/observability/uptime-kuma/default.nix index 619da55..fc089fd 100644 --- a/modules/nixos/services/observability/uptime-kuma/default.nix +++ b/modules/nixos/services/observability/uptime-kuma/default.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - namespace, ... }: let inherit (builtins) toString; diff --git a/modules/nixos/services/persistance/postgesql/default.nix b/modules/nixos/services/persistance/postgesql/default.nix index 7d06daa..86f63ec 100644 --- a/modules/nixos/services/persistance/postgesql/default.nix +++ b/modules/nixos/services/persistance/postgesql/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden/default.nix index 9fa4687..47fe178 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden/default.nix @@ -2,13 +2,12 @@ pkgs, config, lib, - namespace, - repoRoot, - sneeuwvlokLib, + self, ... }: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep; + inherit (import ../../../../../lib/strings {inherit lib;}) strings; cfg = config.sneeuwvlok.services.security.vaultwarden; @@ -27,15 +26,22 @@ }; }); - databaseProviderPostgresql = types.submodule ({...}: let - urlOptions = sneeuwvlokLib.options.mkUrlOptions { - host = { + databaseProviderPostgresql = types.submodule ({...}: { + options = { + type = mkOption { + type = types.enum ["postgresql"]; + }; + + host = mkOption { + type = types.str; + example = "host.tld"; description = '' Hostname of the postgresql server ''; }; - port = { + port = mkOption { + type = types.port; default = 5432; example = "5432"; description = '' @@ -44,38 +50,34 @@ }; protocol = mkOption { + type = types.str; default = "postgres"; example = "postgres"; + description = '' + Which protocol to use when creating a url string + ''; + }; + + sslMode = mkOption { + type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"]; + default = "verify-full"; + example = "verify-ca"; + description = '' + How to verify the server's ssl + + | mode | eavesdropping protection | MITM protection | Statement | + |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------| + | disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. | + | allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. | + | prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. | + | require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. | + | verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. | + | verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. | + + [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) + ''; }; }; - in { - options = - { - type = mkOption { - type = types.enum ["postgresql"]; - }; - - sslMode = mkOption { - type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"]; - default = "verify-full"; - example = "verify-ca"; - description = '' - How to verify the server's ssl - - | mode | eavesdropping protection | MITM protection | Statement | - |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------| - | disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. | - | allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. | - | prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. | - | require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. | - | verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. | - | verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. | - - [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) - ''; - }; - } - // (urlOptions |> getAttrs ["protocol" "host" "port"]); }); in { options.sneeuwvlok.services.security.vaultwarden = { @@ -120,7 +122,7 @@ in { enable = true; dbBackend = "postgresql"; - package = pkgs.callPackage (repoRoot + "/packages/vaultwarden/package.nix") {}; + package = pkgs.vaultwarden-postgresql; config = { SIGNUPS_ALLOWED = false; @@ -198,7 +200,7 @@ in { else if type == "postgresql" then { inherit (db) type; - url = sneeuwvlokLib.strings.toUrl { + url = strings.toUrl { inherit (db) protocol host port; path = "vaultwarden"; query = { diff --git a/modules/nixos/services/virtualisation/podman/default.nix b/modules/nixos/services/virtualisation/podman/default.nix index c827677..0d32495 100644 --- a/modules/nixos/services/virtualisation/podman/default.nix +++ b/modules/nixos/services/virtualisation/podman/default.nix @@ -3,7 +3,6 @@ options, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/shells/zsh/default.nix b/modules/nixos/shells/zsh/default.nix index 1d9adb7..bb70922 100644 --- a/modules/nixos/shells/zsh/default.nix +++ b/modules/nixos/shells/zsh/default.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; diff --git a/modules/nixos/system/networking/default.nix b/modules/nixos/system/networking/default.nix index ab8842c..4bb580f 100644 --- a/modules/nixos/system/networking/default.nix +++ b/modules/nixos/system/networking/default.nix @@ -1,10 +1,13 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkDefault; cfg = config.sneeuwvlok.system.networking; -in -{ +in { options.sneeuwvlok.system.networking = {}; config = { diff --git a/modules/nixos/system/security/boot/default.nix b/modules/nixos/system/security/boot/default.nix index f911a7a..920ef16 100644 --- a/modules/nixos/system/security/boot/default.nix +++ b/modules/nixos/system/security/boot/default.nix @@ -1,6 +1,5 @@ { config, - namespace, inputs, ... }: let diff --git a/modules/nixos/system/security/default.nix b/modules/nixos/system/security/default.nix index 0b440b0..e6314d1 100644 --- a/modules/nixos/system/security/default.nix +++ b/modules/nixos/system/security/default.nix @@ -1,7 +1,6 @@ {...}: { flake.modules.nixos.sneeuwvlok.system.security = { config, - namespace, inputs, ... }: let diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix index caef7be..e682f2c 100644 --- a/modules/nixos/system/security/sops/default.nix +++ b/modules/nixos/system/security/sops/default.nix @@ -1,8 +1,7 @@ { pkgs, config, - namespace, - repoRoot, + self, ... }: let cfg = config.sneeuwvlok.system.security.sops; @@ -14,7 +13,7 @@ in { sops = { defaultSopsFormat = "yaml"; - defaultSopsFile = repoRoot + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml"; + defaultSopsFile = self + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml"; age = { # keyFile = "~/.config/sops/age/keys.txt"; diff --git a/modules/nixos/system/security/sudo/default.nix b/modules/nixos/system/security/sudo/default.nix index 11f99d2..ef41f6e 100644 --- a/modules/nixos/system/security/sudo/default.nix +++ b/modules/nixos/system/security/sudo/default.nix @@ -1,8 +1,6 @@ -{ config, namespace, ... }: -let +{config, ...}: let cfg = config.sneeuwvlok.system.security.sudo; -in -{ +in { options.sneeuwvlok.system.security.sudo = {}; config = { @@ -11,7 +9,7 @@ in enable = false; execWheelOnly = true; }; - + sudo-rs = { enable = true; execWheelOnly = true; @@ -19,4 +17,4 @@ in }; }; }; -} \ No newline at end of file +} From 20de142350f76f1bcfdcdca831b3ac7a38292686 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 26 Mar 2026 15:05:37 +0100 Subject: [PATCH 06/58] add import tree --- clan.nix | 110 +++++++++--------- machines/ulmo/configuration.nix | 2 +- modules/nixos/default.nix | 15 --- modules/nixos/desktop/default.nix | 7 -- modules/nixos/editor/default.nix | 6 - modules/nixos/hardware/default.nix | 7 -- .../hardware/gpu/{amd/default.nix => amd.nix} | 0 modules/nixos/hardware/gpu/default.nix | 6 - modules/nixos/hardware/gpu/nvidia.nix | 4 +- modules/nixos/hardware/gpu/nvidia/default.nix | 52 --------- modules/nixos/hardware/keyboard/voyager.nix | 2 +- .../nixos/services/authentication/default.nix | 7 -- modules/nixos/services/backup/default.nix | 5 - .../nixos/services/communication/default.nix | 5 - modules/nixos/services/default.nix | 15 --- .../nixos/services/development/default.nix | 5 - modules/nixos/services/games/default.nix | 7 -- modules/nixos/services/media/default.nix | 9 -- modules/nixos/services/networking/default.nix | 7 -- .../nixos/services/observability/default.nix | 9 -- .../nixos/services/persistance/default.nix | 5 - modules/nixos/services/security/default.nix | 5 - .../nixos/services/virtualisation/default.nix | 5 - modules/nixos/system/security/default.nix | 38 +++--- 24 files changed, 77 insertions(+), 256 deletions(-) delete mode 100644 modules/nixos/default.nix delete mode 100644 modules/nixos/editor/default.nix delete mode 100644 modules/nixos/hardware/default.nix rename modules/nixos/hardware/gpu/{amd/default.nix => amd.nix} (100%) delete mode 100644 modules/nixos/hardware/gpu/default.nix delete mode 100644 modules/nixos/hardware/gpu/nvidia/default.nix delete mode 100644 modules/nixos/services/authentication/default.nix delete mode 100644 modules/nixos/services/backup/default.nix delete mode 100644 modules/nixos/services/communication/default.nix delete mode 100644 modules/nixos/services/default.nix delete mode 100644 modules/nixos/services/development/default.nix delete mode 100644 modules/nixos/services/games/default.nix delete mode 100644 modules/nixos/services/networking/default.nix delete mode 100644 modules/nixos/services/observability/default.nix delete mode 100644 modules/nixos/services/persistance/default.nix delete mode 100644 modules/nixos/services/security/default.nix delete mode 100644 modules/nixos/services/virtualisation/default.nix diff --git a/clan.nix b/clan.nix index 1140fa9..b4429a9 100644 --- a/clan.nix +++ b/clan.nix @@ -8,60 +8,60 @@ directory = ./.; inventory.machines = { - # aule = { - # name = "aule"; - # description = "Planned build server."; - # machineClass = "nixos"; - # tags = ["planned" "build"]; - # }; - # mandos = { - # name = "mandos"; - # description = "Living room Steam box."; - # machineClass = "nixos"; - # tags = ["gaming" "living-room"]; - # }; - # manwe = { - # name = "manwe"; - # description = "Main desktop."; - # machineClass = "nixos"; - # tags = ["desktop"]; - # }; - # melkor = { - # name = "melkor"; - # description = "Planned machine with no defined role yet."; - # machineClass = "nixos"; - # tags = []; - # }; - # orome = { - # name = "orome"; - # description = "Work laptop."; - # machineClass = "nixos"; - # tags = ["laptop" "work"]; - # }; - # tulkas = { - # name = "tulkas"; - # description = "Steam Deck."; - # machineClass = "nixos"; - # tags = ["gaming" "handheld"]; - # }; + aule = { + name = "aule"; + description = "Planned build server."; + machineClass = "nixos"; + tags = ["planned" "build"]; + }; + mandos = { + name = "mandos"; + description = "Living room Steam box."; + machineClass = "nixos"; + tags = ["gaming" "living-room"]; + }; + manwe = { + name = "manwe"; + description = "Main desktop."; + machineClass = "nixos"; + tags = ["desktop"]; + }; + melkor = { + name = "melkor"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + orome = { + name = "orome"; + description = "Work laptop."; + machineClass = "nixos"; + tags = ["laptop" "work"]; + }; + tulkas = { + name = "tulkas"; + description = "Steam Deck."; + machineClass = "nixos"; + tags = ["gaming" "handheld"]; + }; ulmo = { name = "ulmo"; description = "Primary self-hosted services machine."; machineClass = "nixos"; tags = ["server" "services"]; }; - # varda = { - # name = "varda"; - # description = "Planned machine with no defined role yet."; - # machineClass = "nixos"; - # tags = []; - # }; - # yavanna = { - # name = "yavanna"; - # description = "Planned machine with no defined role yet."; - # machineClass = "nixos"; - # tags = []; - # }; + varda = { + name = "varda"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + yavanna = { + name = "yavanna"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; }; inventory.instances = { @@ -83,11 +83,11 @@ }; }; - machines = { - # mandos = {}; - # manwe = {}; - # orome = {}; - # tulkas = {}; - ulmo = {}; - }; + # machines = { + # mandos = {}; + # manwe = {}; + # orome = {}; + # tulkas = {}; + # ulmo = {}; + # }; } diff --git a/machines/ulmo/configuration.nix b/machines/ulmo/configuration.nix index 41ab38c..49c2896 100644 --- a/machines/ulmo/configuration.nix +++ b/machines/ulmo/configuration.nix @@ -31,7 +31,6 @@ imports = [ ./disks.nix ./hardware.nix - ../../modules/nixos self.inputs.home-manager.nixosModules.home-manager self.inputs.himmelblau.nixosModules.himmelblau self.inputs.jovian.nixosModules.default @@ -39,6 +38,7 @@ self.inputs.nix-minecraft.nixosModules.minecraft-servers self.inputs.nvf.nixosModules.default self.inputs.sops-nix.nixosModules.sops + (self.inputs.import-tree ../../modules/nixos) ]; system.stateVersion = "23.11"; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix deleted file mode 100644 index d5f4e41..0000000 --- a/modules/nixos/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - imports = [ - ./application/steam.nix - ./boot/default.nix - ./editor/nano/default.nix - ./editor/nvim/default.nix - ./hardware/audio/default.nix - ./home-manager - ./services - ./system/networking - ./system/security/boot - ./system/security/sops - ./system/security/sudo - ]; -} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 4ab3530..7aa6b57 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -8,13 +8,6 @@ cfg = config.sneeuwvlok.desktop; in { - imports = [ - ./cosmic - ./gamescope - ./gnome - ./plasma - ]; - options.sneeuwvlok.desktop = { use = mkOption { type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); diff --git a/modules/nixos/editor/default.nix b/modules/nixos/editor/default.nix deleted file mode 100644 index 1bfac7a..0000000 --- a/modules/nixos/editor/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./nano - ./nvim - ]; -} diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix deleted file mode 100644 index 48dac93..0000000 --- a/modules/nixos/hardware/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./audio - ./bluetooth - ./gpu - ]; -} diff --git a/modules/nixos/hardware/gpu/amd/default.nix b/modules/nixos/hardware/gpu/amd.nix similarity index 100% rename from modules/nixos/hardware/gpu/amd/default.nix rename to modules/nixos/hardware/gpu/amd.nix diff --git a/modules/nixos/hardware/gpu/default.nix b/modules/nixos/hardware/gpu/default.nix deleted file mode 100644 index 7274f8a..0000000 --- a/modules/nixos/hardware/gpu/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./amd - ./nvidia - ]; -} diff --git a/modules/nixos/hardware/gpu/nvidia.nix b/modules/nixos/hardware/gpu/nvidia.nix index 2d04757..ec875be 100644 --- a/modules/nixos/hardware/gpu/nvidia.nix +++ b/modules/nixos/hardware/gpu/nvidia.nix @@ -6,11 +6,11 @@ }: let inherit (lib) mkIf mkEnableOption; - cfg = config.sneeuwvlok.hardware.has.gpu.nvidia; + cfg = config.sneeuwvlok.hardware.has.gpu; in { options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; - config = mkIf cfg { + config = mkIf cfg.nvidia { services.xserver.videoDrivers = ["nvidia"]; hardware = { diff --git a/modules/nixos/hardware/gpu/nvidia/default.nix b/modules/nixos/hardware/gpu/nvidia/default.nix deleted file mode 100644 index c12a650..0000000 --- a/modules/nixos/hardware/gpu/nvidia/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: let - inherit (lib) mkIf mkEnableOption; - - cfg = config.sneeuwvlok.hardware.has.gpu; -in { - options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; - - config = mkIf cfg.nvidia { - services.xserver.videoDrivers = ["nvidia"]; - - hardware = { - graphics = { - enable = true; - enable32Bit = true; - }; - - nvidia = { - modesetting.enable = true; - open = false; - nvidiaSettings = true; - - powerManagement = { - enable = true; - finegrained = false; - }; - - # package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta; - - # package = let - # rcu_patch = pkgs.fetchpatch { - # url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch"; - # hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg="; - # }; - # in config.boot.kernelPackages.nvidiaPackages.mkDriver { - # version = "550.40.07"; - # sha256_64bit = "sha256-KYk2xye37v7ZW7h+uNJM/u8fNf7KyGTZjiaU03dJpK0="; - # sha256_aarch64 = "sha256-AV7KgRXYaQGBFl7zuRcfnTGr8rS5n13nGUIe3mJTXb4="; - # openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I="; - # settingsSha256 = "sha256-c30AQa4g4a1EHmaEu1yc05oqY01y+IusbBuq+P6rMCs="; - # persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870="; - - # patches = [ rcu_patch ]; - # }; - }; - }; - }; -} diff --git a/modules/nixos/hardware/keyboard/voyager.nix b/modules/nixos/hardware/keyboard/voyager.nix index 63ddac9..a7823f9 100644 --- a/modules/nixos/hardware/keyboard/voyager.nix +++ b/modules/nixos/hardware/keyboard/voyager.nix @@ -9,7 +9,7 @@ cfg = config.sneeuwvlok.hardware.keyboard.voyager; in { options.sneeuwvlok.hardware.keyboard.voyager = { - enble = mkEnableOption "Enable tools for ZSA Voyager"; + enable = mkEnableOption "Enable tools for ZSA Voyager"; }; config = mkIf cfg.enable { diff --git a/modules/nixos/services/authentication/default.nix b/modules/nixos/services/authentication/default.nix deleted file mode 100644 index b3af1d2..0000000 --- a/modules/nixos/services/authentication/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./authelia - ./himmelblau - ./zitadel - ]; -} diff --git a/modules/nixos/services/backup/default.nix b/modules/nixos/services/backup/default.nix deleted file mode 100644 index be807e9..0000000 --- a/modules/nixos/services/backup/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./borg - ]; -} diff --git a/modules/nixos/services/communication/default.nix b/modules/nixos/services/communication/default.nix deleted file mode 100644 index 351ce1c..0000000 --- a/modules/nixos/services/communication/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./matrix - ]; -} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix deleted file mode 100644 index 50a6e7b..0000000 --- a/modules/nixos/services/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - imports = [ - ./authentication - ./backup - ./communication - ./development - ./games - ./media - ./networking - ./observability - ./persistance - ./security - ./virtualisation - ]; -} diff --git a/modules/nixos/services/development/default.nix b/modules/nixos/services/development/default.nix deleted file mode 100644 index c7f3bff..0000000 --- a/modules/nixos/services/development/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./forgejo - ]; -} diff --git a/modules/nixos/services/games/default.nix b/modules/nixos/services/games/default.nix deleted file mode 100644 index 32191bd..0000000 --- a/modules/nixos/services/games/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./minecraft - ./palworld - ./openrct.nix - ]; -} diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index 6916474..0db854f 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -9,15 +9,6 @@ cfg = config.sneeuwvlok.services.media; in { - imports = [ - ./glance - ./jellyfin - ./mydia - ./nextcloud - ./nfs - ./servarr - ]; - options.sneeuwvlok.services.media = { enable = mkEnableOption "Enable media services"; diff --git a/modules/nixos/services/networking/default.nix b/modules/nixos/services/networking/default.nix deleted file mode 100644 index 8f4b393..0000000 --- a/modules/nixos/services/networking/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./caddy - ./ssh - ./wireguard - ]; -} diff --git a/modules/nixos/services/observability/default.nix b/modules/nixos/services/observability/default.nix deleted file mode 100644 index 1cf015c..0000000 --- a/modules/nixos/services/observability/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - imports = [ - ./grafana - ./loki - ./prometheus - ./promtail - ./uptime-kuma - ]; -} diff --git a/modules/nixos/services/persistance/default.nix b/modules/nixos/services/persistance/default.nix deleted file mode 100644 index 31f6413..0000000 --- a/modules/nixos/services/persistance/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./postgesql - ]; -} diff --git a/modules/nixos/services/security/default.nix b/modules/nixos/services/security/default.nix deleted file mode 100644 index 751ae0c..0000000 --- a/modules/nixos/services/security/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./vaultwarden - ]; -} diff --git a/modules/nixos/services/virtualisation/default.nix b/modules/nixos/services/virtualisation/default.nix deleted file mode 100644 index 253a507..0000000 --- a/modules/nixos/services/virtualisation/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./podman - ]; -} diff --git a/modules/nixos/system/security/default.nix b/modules/nixos/system/security/default.nix index e6314d1..fdd3416 100644 --- a/modules/nixos/system/security/default.nix +++ b/modules/nixos/system/security/default.nix @@ -1,27 +1,25 @@ -{...}: { - flake.modules.nixos.sneeuwvlok.system.security = { - config, - inputs, - ... - }: let - cfg = config.sneeuwvlok.system.security; - in { - options.sneeuwvlok.system.security = {}; +{ + config, + inputs, + ... +}: let + cfg = config.sneeuwvlok.system.security; +in { + options.sneeuwvlok.system.security = {}; - config = { - security = { - acme.acceptTerms = true; - polkit.enable = true; + config = { + security = { + acme.acceptTerms = true; + polkit.enable = true; - pam = { - u2f = { - enable = true; - settings.cue = true; - }; + pam = { + u2f = { + enable = true; + settings.cue = true; }; }; - - programs.gnupg.agent.enable = true; }; + + programs.gnupg.agent.enable = true; }; } From f59d282c1234db834076985223eccaad446972eb Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 30 Mar 2026 09:09:01 +0200 Subject: [PATCH 07/58] refactoring home manager modules --- .../{bitwarden/default.nix => bitwarden.nix} | 0 .../{chrome/default.nix => chrome.nix} | 0 modules/home/application/default.nix | 17 ----------------- .../{discord/default.nix => discord.nix} | 0 .../{ladybird/default.nix => ladybird.nix} | 0 .../{matrix/default.nix => matix.nix} | 0 .../application/{obs/default.nix => obs.nix} | 0 .../{onlyoffice/default.nix => onlyoffice.nix} | 0 .../{signal/default.nix => signal.nix} | 0 .../{steam/default.nix => steam.nix} | 0 .../{studio/default.nix => studio.nix} | 0 .../{teamspeak/default.nix => teamspeak.nix} | 0 .../default.nix => thunderbird.nix} | 0 .../application/{zen/default.nix => zen.nix} | 0 modules/home/default.nix | 12 ------------ modules/home/desktop/default.nix | 5 ----- modules/home/development/default.nix | 7 ------- .../{dotnet/default.nix => dotnet.nix} | 0 .../{javascript/default.nix => javascript.nix} | 0 .../development/{rust/default.nix => rust.nix} | 0 modules/home/editor/default.nix | 7 ------- .../home/editor/{nano/default.nix => nano.nix} | 0 .../home/editor/{nvim/default.nix => nvim.nix} | 0 .../home/editor/{zed/default.nix => zed.nix} | 0 modules/home/game/default.nix | 5 ----- .../{minecraft/default.nix => minescraft.nix} | 0 modules/home/shell/default.nix | 5 ----- .../shell/toolset/{bat/default.nix => bat.nix} | 0 .../toolset/{btop/default.nix => btop.nix} | 0 modules/home/shell/toolset/default.nix | 16 ---------------- .../shell/toolset/{eza/default.nix => eza.nix} | 0 .../shell/toolset/{fzf/default.nix => fzf.nix} | 0 .../shell/toolset/{git/default.nix => git.nix} | 0 .../toolset/{gnugpg/default.nix => gnupgp.nix} | 0 .../toolset/{just/default.nix => just.nix} | 0 .../{starship/default.nix => starship.nix} | 0 .../toolset/{tmux/default.nix => tmux.nix} | 0 .../toolset/{yazi/default.nix => yazi.nix} | 0 .../toolset/{zellij/default.nix => zellij.nix} | 0 .../toolset/{zoxide/default.nix => zoxide.nix} | 0 modules/home/shell/{zsh/default.nix => zsh.nix} | 0 .../{alacritty/default.nix => alacritty.nix} | 0 modules/home/terminal/default.nix | 6 ------ .../{ghostty/default.nix => ghostty.nix} | 0 44 files changed, 80 deletions(-) rename modules/home/application/{bitwarden/default.nix => bitwarden.nix} (100%) rename modules/home/application/{chrome/default.nix => chrome.nix} (100%) delete mode 100644 modules/home/application/default.nix rename modules/home/application/{discord/default.nix => discord.nix} (100%) rename modules/home/application/{ladybird/default.nix => ladybird.nix} (100%) rename modules/home/application/{matrix/default.nix => matix.nix} (100%) rename modules/home/application/{obs/default.nix => obs.nix} (100%) rename modules/home/application/{onlyoffice/default.nix => onlyoffice.nix} (100%) rename modules/home/application/{signal/default.nix => signal.nix} (100%) rename modules/home/application/{steam/default.nix => steam.nix} (100%) rename modules/home/application/{studio/default.nix => studio.nix} (100%) rename modules/home/application/{teamspeak/default.nix => teamspeak.nix} (100%) rename modules/home/application/{thunderbird/default.nix => thunderbird.nix} (100%) rename modules/home/application/{zen/default.nix => zen.nix} (100%) delete mode 100644 modules/home/desktop/default.nix delete mode 100644 modules/home/development/default.nix rename modules/home/development/{dotnet/default.nix => dotnet.nix} (100%) rename modules/home/development/{javascript/default.nix => javascript.nix} (100%) rename modules/home/development/{rust/default.nix => rust.nix} (100%) delete mode 100644 modules/home/editor/default.nix rename modules/home/editor/{nano/default.nix => nano.nix} (100%) rename modules/home/editor/{nvim/default.nix => nvim.nix} (100%) rename modules/home/editor/{zed/default.nix => zed.nix} (100%) delete mode 100644 modules/home/game/default.nix rename modules/home/game/{minecraft/default.nix => minescraft.nix} (100%) rename modules/home/shell/toolset/{bat/default.nix => bat.nix} (100%) rename modules/home/shell/toolset/{btop/default.nix => btop.nix} (100%) delete mode 100644 modules/home/shell/toolset/default.nix rename modules/home/shell/toolset/{eza/default.nix => eza.nix} (100%) rename modules/home/shell/toolset/{fzf/default.nix => fzf.nix} (100%) rename modules/home/shell/toolset/{git/default.nix => git.nix} (100%) rename modules/home/shell/toolset/{gnugpg/default.nix => gnupgp.nix} (100%) rename modules/home/shell/toolset/{just/default.nix => just.nix} (100%) rename modules/home/shell/toolset/{starship/default.nix => starship.nix} (100%) rename modules/home/shell/toolset/{tmux/default.nix => tmux.nix} (100%) rename modules/home/shell/toolset/{yazi/default.nix => yazi.nix} (100%) rename modules/home/shell/toolset/{zellij/default.nix => zellij.nix} (100%) rename modules/home/shell/toolset/{zoxide/default.nix => zoxide.nix} (100%) rename modules/home/shell/{zsh/default.nix => zsh.nix} (100%) rename modules/home/terminal/{alacritty/default.nix => alacritty.nix} (100%) delete mode 100644 modules/home/terminal/default.nix rename modules/home/terminal/{ghostty/default.nix => ghostty.nix} (100%) diff --git a/modules/home/application/bitwarden/default.nix b/modules/home/application/bitwarden.nix similarity index 100% rename from modules/home/application/bitwarden/default.nix rename to modules/home/application/bitwarden.nix diff --git a/modules/home/application/chrome/default.nix b/modules/home/application/chrome.nix similarity index 100% rename from modules/home/application/chrome/default.nix rename to modules/home/application/chrome.nix diff --git a/modules/home/application/default.nix b/modules/home/application/default.nix deleted file mode 100644 index a8eb524..0000000 --- a/modules/home/application/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - imports = [ - ./bitwarden - ./chrome - ./discord - ./ladybird - ./matrix - ./obs - ./onlyoffice - ./signal - ./steam - ./studio - ./teamspeak - ./thunderbird - ./zen - ]; -} diff --git a/modules/home/application/discord/default.nix b/modules/home/application/discord.nix similarity index 100% rename from modules/home/application/discord/default.nix rename to modules/home/application/discord.nix diff --git a/modules/home/application/ladybird/default.nix b/modules/home/application/ladybird.nix similarity index 100% rename from modules/home/application/ladybird/default.nix rename to modules/home/application/ladybird.nix diff --git a/modules/home/application/matrix/default.nix b/modules/home/application/matix.nix similarity index 100% rename from modules/home/application/matrix/default.nix rename to modules/home/application/matix.nix diff --git a/modules/home/application/obs/default.nix b/modules/home/application/obs.nix similarity index 100% rename from modules/home/application/obs/default.nix rename to modules/home/application/obs.nix diff --git a/modules/home/application/onlyoffice/default.nix b/modules/home/application/onlyoffice.nix similarity index 100% rename from modules/home/application/onlyoffice/default.nix rename to modules/home/application/onlyoffice.nix diff --git a/modules/home/application/signal/default.nix b/modules/home/application/signal.nix similarity index 100% rename from modules/home/application/signal/default.nix rename to modules/home/application/signal.nix diff --git a/modules/home/application/steam/default.nix b/modules/home/application/steam.nix similarity index 100% rename from modules/home/application/steam/default.nix rename to modules/home/application/steam.nix diff --git a/modules/home/application/studio/default.nix b/modules/home/application/studio.nix similarity index 100% rename from modules/home/application/studio/default.nix rename to modules/home/application/studio.nix diff --git a/modules/home/application/teamspeak/default.nix b/modules/home/application/teamspeak.nix similarity index 100% rename from modules/home/application/teamspeak/default.nix rename to modules/home/application/teamspeak.nix diff --git a/modules/home/application/thunderbird/default.nix b/modules/home/application/thunderbird.nix similarity index 100% rename from modules/home/application/thunderbird/default.nix rename to modules/home/application/thunderbird.nix diff --git a/modules/home/application/zen/default.nix b/modules/home/application/zen.nix similarity index 100% rename from modules/home/application/zen/default.nix rename to modules/home/application/zen.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index 1adaef0..8140c1b 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -9,18 +9,6 @@ cfg = config.sneeuwvlok.defaults; in { - imports = [ - ./application - ./desktop - ./development - ./editor - ./game - ./home-manager - ./shell - ./terminal - ./themes - ]; - options.sneeuwvlok.defaults = { editor = mkOption { type = enum ["nano" "nvim" "zed"]; diff --git a/modules/home/desktop/default.nix b/modules/home/desktop/default.nix deleted file mode 100644 index 3498999..0000000 --- a/modules/home/desktop/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./plasma - ]; -} diff --git a/modules/home/development/default.nix b/modules/home/development/default.nix deleted file mode 100644 index d3e528a..0000000 --- a/modules/home/development/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./dotnet - ./javascript - ./rust - ]; -} diff --git a/modules/home/development/dotnet/default.nix b/modules/home/development/dotnet.nix similarity index 100% rename from modules/home/development/dotnet/default.nix rename to modules/home/development/dotnet.nix diff --git a/modules/home/development/javascript/default.nix b/modules/home/development/javascript.nix similarity index 100% rename from modules/home/development/javascript/default.nix rename to modules/home/development/javascript.nix diff --git a/modules/home/development/rust/default.nix b/modules/home/development/rust.nix similarity index 100% rename from modules/home/development/rust/default.nix rename to modules/home/development/rust.nix diff --git a/modules/home/editor/default.nix b/modules/home/editor/default.nix deleted file mode 100644 index b0cd9f4..0000000 --- a/modules/home/editor/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./nano - ./nvim - ./zed - ]; -} diff --git a/modules/home/editor/nano/default.nix b/modules/home/editor/nano.nix similarity index 100% rename from modules/home/editor/nano/default.nix rename to modules/home/editor/nano.nix diff --git a/modules/home/editor/nvim/default.nix b/modules/home/editor/nvim.nix similarity index 100% rename from modules/home/editor/nvim/default.nix rename to modules/home/editor/nvim.nix diff --git a/modules/home/editor/zed/default.nix b/modules/home/editor/zed.nix similarity index 100% rename from modules/home/editor/zed/default.nix rename to modules/home/editor/zed.nix diff --git a/modules/home/game/default.nix b/modules/home/game/default.nix deleted file mode 100644 index 639ea68..0000000 --- a/modules/home/game/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./minecraft - ]; -} diff --git a/modules/home/game/minecraft/default.nix b/modules/home/game/minescraft.nix similarity index 100% rename from modules/home/game/minecraft/default.nix rename to modules/home/game/minescraft.nix diff --git a/modules/home/shell/default.nix b/modules/home/shell/default.nix index 5639286..98a2054 100644 --- a/modules/home/shell/default.nix +++ b/modules/home/shell/default.nix @@ -8,11 +8,6 @@ cfg = config.sneeuwvlok.shell; in { - imports = [ - ./toolset - ./zsh - ]; - options.sneeuwvlok.shell = { corePkgs.enable = mkEnableOption "core shell packages"; }; diff --git a/modules/home/shell/toolset/bat/default.nix b/modules/home/shell/toolset/bat.nix similarity index 100% rename from modules/home/shell/toolset/bat/default.nix rename to modules/home/shell/toolset/bat.nix diff --git a/modules/home/shell/toolset/btop/default.nix b/modules/home/shell/toolset/btop.nix similarity index 100% rename from modules/home/shell/toolset/btop/default.nix rename to modules/home/shell/toolset/btop.nix diff --git a/modules/home/shell/toolset/default.nix b/modules/home/shell/toolset/default.nix deleted file mode 100644 index edc8c03..0000000 --- a/modules/home/shell/toolset/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - imports = [ - ./bat - ./btop - ./eza - ./fzf - ./git - ./gnugpg - ./just - ./starship - ./tmux - ./yazi - ./zellij - ./zoxide - ]; -} diff --git a/modules/home/shell/toolset/eza/default.nix b/modules/home/shell/toolset/eza.nix similarity index 100% rename from modules/home/shell/toolset/eza/default.nix rename to modules/home/shell/toolset/eza.nix diff --git a/modules/home/shell/toolset/fzf/default.nix b/modules/home/shell/toolset/fzf.nix similarity index 100% rename from modules/home/shell/toolset/fzf/default.nix rename to modules/home/shell/toolset/fzf.nix diff --git a/modules/home/shell/toolset/git/default.nix b/modules/home/shell/toolset/git.nix similarity index 100% rename from modules/home/shell/toolset/git/default.nix rename to modules/home/shell/toolset/git.nix diff --git a/modules/home/shell/toolset/gnugpg/default.nix b/modules/home/shell/toolset/gnupgp.nix similarity index 100% rename from modules/home/shell/toolset/gnugpg/default.nix rename to modules/home/shell/toolset/gnupgp.nix diff --git a/modules/home/shell/toolset/just/default.nix b/modules/home/shell/toolset/just.nix similarity index 100% rename from modules/home/shell/toolset/just/default.nix rename to modules/home/shell/toolset/just.nix diff --git a/modules/home/shell/toolset/starship/default.nix b/modules/home/shell/toolset/starship.nix similarity index 100% rename from modules/home/shell/toolset/starship/default.nix rename to modules/home/shell/toolset/starship.nix diff --git a/modules/home/shell/toolset/tmux/default.nix b/modules/home/shell/toolset/tmux.nix similarity index 100% rename from modules/home/shell/toolset/tmux/default.nix rename to modules/home/shell/toolset/tmux.nix diff --git a/modules/home/shell/toolset/yazi/default.nix b/modules/home/shell/toolset/yazi.nix similarity index 100% rename from modules/home/shell/toolset/yazi/default.nix rename to modules/home/shell/toolset/yazi.nix diff --git a/modules/home/shell/toolset/zellij/default.nix b/modules/home/shell/toolset/zellij.nix similarity index 100% rename from modules/home/shell/toolset/zellij/default.nix rename to modules/home/shell/toolset/zellij.nix diff --git a/modules/home/shell/toolset/zoxide/default.nix b/modules/home/shell/toolset/zoxide.nix similarity index 100% rename from modules/home/shell/toolset/zoxide/default.nix rename to modules/home/shell/toolset/zoxide.nix diff --git a/modules/home/shell/zsh/default.nix b/modules/home/shell/zsh.nix similarity index 100% rename from modules/home/shell/zsh/default.nix rename to modules/home/shell/zsh.nix diff --git a/modules/home/terminal/alacritty/default.nix b/modules/home/terminal/alacritty.nix similarity index 100% rename from modules/home/terminal/alacritty/default.nix rename to modules/home/terminal/alacritty.nix diff --git a/modules/home/terminal/default.nix b/modules/home/terminal/default.nix deleted file mode 100644 index 97d44fa..0000000 --- a/modules/home/terminal/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./alacritty - ./ghostty - ]; -} diff --git a/modules/home/terminal/ghostty/default.nix b/modules/home/terminal/ghostty.nix similarity index 100% rename from modules/home/terminal/ghostty/default.nix rename to modules/home/terminal/ghostty.nix From 24715625835d73686144aa5bf92b7546cc4db3e2 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 30 Mar 2026 09:22:42 +0200 Subject: [PATCH 08/58] . --- clan.nix | 10 +---- machines/manwe/configuration.nix | 45 ++++++++++++++++--- machines/manwe/hardware.nix | 22 ++++----- .../services/networking/wireguard/default.nix | 4 +- 4 files changed, 54 insertions(+), 27 deletions(-) diff --git a/clan.nix b/clan.nix index b4429a9..26f7e97 100644 --- a/clan.nix +++ b/clan.nix @@ -65,7 +65,7 @@ }; inventory.instances = { - user-chris = { + users-chris = { module.name = "users"; module.input = "clan-core"; @@ -82,12 +82,4 @@ }; }; }; - - # machines = { - # mandos = {}; - # manwe = {}; - # orome = {}; - # tulkas = {}; - # ulmo = {}; - # }; } diff --git a/machines/manwe/configuration.nix b/machines/manwe/configuration.nix index ec052be..98bc5ed 100644 --- a/machines/manwe/configuration.nix +++ b/machines/manwe/configuration.nix @@ -1,16 +1,51 @@ -{ pkgs, ...}: { +{ + self, + lib, + pkgs, + ... +}: { + _module.args = { + pkgs = lib.mkForce (import self.inputs.nixpkgs { + system = "x86_64-linux"; + + overlays = with self.inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + config = { + allowUnfree = true; + + permittedInsecurePackages = [ + # I think this is because of zen + "qtwebengine-5.15.19" + + # For mautrix-signal, the matrix to signal bridge + "olm-3.2.16" + ]; + }; + }); + }; + imports = [ ./disks.nix ./hardware.nix + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops + (self.inputs.import-tree ../../modules/nixos) ]; - nixpkgs.hostPlatform = "x86_64-linux"; - system.activationScripts.remove-gtkrc.text = "rm -f /home/chris/.gtkrc-2.0"; services.logrotate.checkConfig = false; - environment.systemPackages = with pkgs; [ beyond-all-reason openrct2 ]; + environment.systemPackages = with pkgs; [beyond-all-reason openrct2]; sneeuwvlok = { hardware.has = { @@ -41,4 +76,4 @@ }; system.stateVersion = "23.11"; -} \ No newline at end of file +} diff --git a/machines/manwe/hardware.nix b/machines/manwe/hardware.nix index 3686637..8c48c1c 100644 --- a/machines/manwe/hardware.nix +++ b/machines/manwe/hardware.nix @@ -1,18 +1,18 @@ -{ config, lib, pkgs, modulesPath, ... }: -let - inherit (lib.modules) mkDefault; -in { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - + config, + lib, + ... +}: let + inherit (lib.modules) mkDefault; +in { boot = { - initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-amd" ]; + initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + initrd.kernelModules = []; + kernelModules = ["kvm-amd"]; kernelParams = []; - extraModulePackages = [ ]; + extraModulePackages = []; }; - nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; + nixpkgs.hostPlatform = "x86_64-linux"; hardware.cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/modules/nixos/services/networking/wireguard/default.nix b/modules/nixos/services/networking/wireguard/default.nix index 01534c0..364395b 100644 --- a/modules/nixos/services/networking/wireguard/default.nix +++ b/modules/nixos/services/networking/wireguard/default.nix @@ -11,7 +11,7 @@ hasPeers = (cfg.peer |> attrNames |> length) > 0; in { options.sneeuwvlok.services.networking.wireguard = { - # enable = mkEnableOption "enable wireguard" // {default = true;}; + enable = mkEnableOption "enable wireguard" // {default = true;}; peer = mkOption { type = types.attrsOf (types.submodule { @@ -32,7 +32,7 @@ in { }; }; - config = mkIf hasPeers { + config = mkIf (cfg.enable && hasPeers) { # networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port); # networking.wq-quick = { # # enable = cfg.enable; From b37c5c0cbda36c292b003ffbf27e5a6d23db74fe Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 30 Mar 2026 09:32:15 +0200 Subject: [PATCH 09/58] also refactor nixos modules --- clanServices/flake-module.nix | 8 ++++++++ clanServices/servarr/flake-module.nix | 1 + flake.nix | 1 + modules/nixos/{boot/default.nix => boot.nix} | 0 modules/nixos/desktop/{cosmic/default.nix => cosmic.nix} | 0 .../desktop/{gamescope/default.nix => gamescope.nix} | 0 modules/nixos/desktop/{gnome/default.nix => gnome.nix} | 0 modules/nixos/desktop/{plasma/default.nix => plasma.nix} | 0 modules/nixos/editor/{nano/default.nix => nano.nix} | 0 modules/nixos/editor/{nvim/default.nix => nvim.nix} | 0 modules/nixos/hardware/{audio/default.nix => audio.nix} | 0 .../hardware/{bluetooth/default.nix => bluetooth.nix} | 0 .../nixos/{home-manager/default.nix => home-manager.nix} | 0 modules/nixos/{nix/default.nix => nix.nix} | 0 .../authentication/{authelia/default.nix => authelia.nix} | 0 .../{himmelblau/default.nix => himmelblau.nix} | 0 .../authentication/{zitadel/default.nix => zitadel.nix} | 0 .../nixos/services/backup/{borg/default.nix => borg.nix} | 0 .../communication/{matrix/default.nix => matrix.nix} | 0 .../development/{forgejo/default.nix => forgejo.nix} | 0 .../games/{minecraft/default.nix => minecraft.nix} | 0 .../services/games/{palworld/default.nix => palworld.nix} | 0 .../services/media/{glance/default.nix => glance.nix} | 0 .../services/media/{jellyfin/default.nix => jellyfin.nix} | 0 .../nixos/services/media/{mydia/default.nix => mydia.nix} | 0 .../media/{nextcloud/default.nix => nextcloud.nix} | 0 modules/nixos/services/media/{nfs/default.nix => nfs.nix} | 0 .../services/media/{servarr/default.nix => servarr.nix} | 0 modules/nixos/services/media/servarr/lib.nix | 2 -- .../services/networking/{caddy/default.nix => caddy.nix} | 0 .../services/networking/{ssh/default.nix => ssh.nix} | 0 .../networking/{wireguard/default.nix => wireguard.nix} | 0 .../services/observability/{loki/default.nix => loki.nix} | 0 .../{prometheus/default.nix => prometheus.nix} | 0 .../observability/{promtail/default.nix => promtail.nix} | 0 .../{uptime-kuma/default.nix => uptime-kuma.nix} | 0 .../persistance/{postgesql/default.nix => postgresql.nix} | 0 .../security/{vaultwarden/default.nix => vaultwarden.nix} | 0 .../virtualisation/{podman/default.nix => podman.nix} | 0 modules/nixos/shells/{zsh/default.nix => zsh.nix} | 0 .../system/{networking/default.nix => networking.nix} | 0 .../nixos/system/security/{boot/default.nix => boot.nix} | 0 .../nixos/system/security/{sops/default.nix => sops.nix} | 0 .../nixos/system/security/{sudo/default.nix => sudo.nix} | 0 44 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 clanServices/flake-module.nix create mode 100644 clanServices/servarr/flake-module.nix rename modules/nixos/{boot/default.nix => boot.nix} (100%) rename modules/nixos/desktop/{cosmic/default.nix => cosmic.nix} (100%) rename modules/nixos/desktop/{gamescope/default.nix => gamescope.nix} (100%) rename modules/nixos/desktop/{gnome/default.nix => gnome.nix} (100%) rename modules/nixos/desktop/{plasma/default.nix => plasma.nix} (100%) rename modules/nixos/editor/{nano/default.nix => nano.nix} (100%) rename modules/nixos/editor/{nvim/default.nix => nvim.nix} (100%) rename modules/nixos/hardware/{audio/default.nix => audio.nix} (100%) rename modules/nixos/hardware/{bluetooth/default.nix => bluetooth.nix} (100%) rename modules/nixos/{home-manager/default.nix => home-manager.nix} (100%) rename modules/nixos/{nix/default.nix => nix.nix} (100%) rename modules/nixos/services/authentication/{authelia/default.nix => authelia.nix} (100%) rename modules/nixos/services/authentication/{himmelblau/default.nix => himmelblau.nix} (100%) rename modules/nixos/services/authentication/{zitadel/default.nix => zitadel.nix} (100%) rename modules/nixos/services/backup/{borg/default.nix => borg.nix} (100%) rename modules/nixos/services/communication/{matrix/default.nix => matrix.nix} (100%) rename modules/nixos/services/development/{forgejo/default.nix => forgejo.nix} (100%) rename modules/nixos/services/games/{minecraft/default.nix => minecraft.nix} (100%) rename modules/nixos/services/games/{palworld/default.nix => palworld.nix} (100%) rename modules/nixos/services/media/{glance/default.nix => glance.nix} (100%) rename modules/nixos/services/media/{jellyfin/default.nix => jellyfin.nix} (100%) rename modules/nixos/services/media/{mydia/default.nix => mydia.nix} (100%) rename modules/nixos/services/media/{nextcloud/default.nix => nextcloud.nix} (100%) rename modules/nixos/services/media/{nfs/default.nix => nfs.nix} (100%) rename modules/nixos/services/media/{servarr/default.nix => servarr.nix} (100%) delete mode 100644 modules/nixos/services/media/servarr/lib.nix rename modules/nixos/services/networking/{caddy/default.nix => caddy.nix} (100%) rename modules/nixos/services/networking/{ssh/default.nix => ssh.nix} (100%) rename modules/nixos/services/networking/{wireguard/default.nix => wireguard.nix} (100%) rename modules/nixos/services/observability/{loki/default.nix => loki.nix} (100%) rename modules/nixos/services/observability/{prometheus/default.nix => prometheus.nix} (100%) rename modules/nixos/services/observability/{promtail/default.nix => promtail.nix} (100%) rename modules/nixos/services/observability/{uptime-kuma/default.nix => uptime-kuma.nix} (100%) rename modules/nixos/services/persistance/{postgesql/default.nix => postgresql.nix} (100%) rename modules/nixos/services/security/{vaultwarden/default.nix => vaultwarden.nix} (100%) rename modules/nixos/services/virtualisation/{podman/default.nix => podman.nix} (100%) rename modules/nixos/shells/{zsh/default.nix => zsh.nix} (100%) rename modules/nixos/system/{networking/default.nix => networking.nix} (100%) rename modules/nixos/system/security/{boot/default.nix => boot.nix} (100%) rename modules/nixos/system/security/{sops/default.nix => sops.nix} (100%) rename modules/nixos/system/security/{sudo/default.nix => sudo.nix} (100%) diff --git a/clanServices/flake-module.nix b/clanServices/flake-module.nix new file mode 100644 index 0000000..46cf514 --- /dev/null +++ b/clanServices/flake-module.nix @@ -0,0 +1,8 @@ +{...}: { + imports = ./. + |> builtins.readDir + |> builtins.attrsToList + |> builtins.map ({ name, value }: { type = value; path = ./. "/${name}/flake-module.nix" }) + |> builtins.filter ({ type, path }: type == "directory" && (builtins.pathExists path)) + |> builtins.map ({ name }: name); +} diff --git a/clanServices/servarr/flake-module.nix b/clanServices/servarr/flake-module.nix new file mode 100644 index 0000000..6462967 --- /dev/null +++ b/clanServices/servarr/flake-module.nix @@ -0,0 +1 @@ +{...}: {} diff --git a/flake.nix b/flake.nix index 9694a61..7e4bf77 100644 --- a/flake.nix +++ b/flake.nix @@ -110,6 +110,7 @@ home-manager.flakeModules.default terranix.flakeModule ./packages/flake-module.nix + ./clanServices/flake-module.nix ]; perSystem = {system, ...}: { diff --git a/modules/nixos/boot/default.nix b/modules/nixos/boot.nix similarity index 100% rename from modules/nixos/boot/default.nix rename to modules/nixos/boot.nix diff --git a/modules/nixos/desktop/cosmic/default.nix b/modules/nixos/desktop/cosmic.nix similarity index 100% rename from modules/nixos/desktop/cosmic/default.nix rename to modules/nixos/desktop/cosmic.nix diff --git a/modules/nixos/desktop/gamescope/default.nix b/modules/nixos/desktop/gamescope.nix similarity index 100% rename from modules/nixos/desktop/gamescope/default.nix rename to modules/nixos/desktop/gamescope.nix diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome.nix similarity index 100% rename from modules/nixos/desktop/gnome/default.nix rename to modules/nixos/desktop/gnome.nix diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma.nix similarity index 100% rename from modules/nixos/desktop/plasma/default.nix rename to modules/nixos/desktop/plasma.nix diff --git a/modules/nixos/editor/nano/default.nix b/modules/nixos/editor/nano.nix similarity index 100% rename from modules/nixos/editor/nano/default.nix rename to modules/nixos/editor/nano.nix diff --git a/modules/nixos/editor/nvim/default.nix b/modules/nixos/editor/nvim.nix similarity index 100% rename from modules/nixos/editor/nvim/default.nix rename to modules/nixos/editor/nvim.nix diff --git a/modules/nixos/hardware/audio/default.nix b/modules/nixos/hardware/audio.nix similarity index 100% rename from modules/nixos/hardware/audio/default.nix rename to modules/nixos/hardware/audio.nix diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth.nix similarity index 100% rename from modules/nixos/hardware/bluetooth/default.nix rename to modules/nixos/hardware/bluetooth.nix diff --git a/modules/nixos/home-manager/default.nix b/modules/nixos/home-manager.nix similarity index 100% rename from modules/nixos/home-manager/default.nix rename to modules/nixos/home-manager.nix diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix.nix similarity index 100% rename from modules/nixos/nix/default.nix rename to modules/nixos/nix.nix diff --git a/modules/nixos/services/authentication/authelia/default.nix b/modules/nixos/services/authentication/authelia.nix similarity index 100% rename from modules/nixos/services/authentication/authelia/default.nix rename to modules/nixos/services/authentication/authelia.nix diff --git a/modules/nixos/services/authentication/himmelblau/default.nix b/modules/nixos/services/authentication/himmelblau.nix similarity index 100% rename from modules/nixos/services/authentication/himmelblau/default.nix rename to modules/nixos/services/authentication/himmelblau.nix diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel.nix similarity index 100% rename from modules/nixos/services/authentication/zitadel/default.nix rename to modules/nixos/services/authentication/zitadel.nix diff --git a/modules/nixos/services/backup/borg/default.nix b/modules/nixos/services/backup/borg.nix similarity index 100% rename from modules/nixos/services/backup/borg/default.nix rename to modules/nixos/services/backup/borg.nix diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix.nix similarity index 100% rename from modules/nixos/services/communication/matrix/default.nix rename to modules/nixos/services/communication/matrix.nix diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo.nix similarity index 100% rename from modules/nixos/services/development/forgejo/default.nix rename to modules/nixos/services/development/forgejo.nix diff --git a/modules/nixos/services/games/minecraft/default.nix b/modules/nixos/services/games/minecraft.nix similarity index 100% rename from modules/nixos/services/games/minecraft/default.nix rename to modules/nixos/services/games/minecraft.nix diff --git a/modules/nixos/services/games/palworld/default.nix b/modules/nixos/services/games/palworld.nix similarity index 100% rename from modules/nixos/services/games/palworld/default.nix rename to modules/nixos/services/games/palworld.nix diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance.nix similarity index 100% rename from modules/nixos/services/media/glance/default.nix rename to modules/nixos/services/media/glance.nix diff --git a/modules/nixos/services/media/jellyfin/default.nix b/modules/nixos/services/media/jellyfin.nix similarity index 100% rename from modules/nixos/services/media/jellyfin/default.nix rename to modules/nixos/services/media/jellyfin.nix diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia.nix similarity index 100% rename from modules/nixos/services/media/mydia/default.nix rename to modules/nixos/services/media/mydia.nix diff --git a/modules/nixos/services/media/nextcloud/default.nix b/modules/nixos/services/media/nextcloud.nix similarity index 100% rename from modules/nixos/services/media/nextcloud/default.nix rename to modules/nixos/services/media/nextcloud.nix diff --git a/modules/nixos/services/media/nfs/default.nix b/modules/nixos/services/media/nfs.nix similarity index 100% rename from modules/nixos/services/media/nfs/default.nix rename to modules/nixos/services/media/nfs.nix diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr.nix similarity index 100% rename from modules/nixos/services/media/servarr/default.nix rename to modules/nixos/services/media/servarr.nix diff --git a/modules/nixos/services/media/servarr/lib.nix b/modules/nixos/services/media/servarr/lib.nix deleted file mode 100644 index 8ee412b..0000000 --- a/modules/nixos/services/media/servarr/lib.nix +++ /dev/null @@ -1,2 +0,0 @@ -{lib, ...}: { -} diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy.nix similarity index 100% rename from modules/nixos/services/networking/caddy/default.nix rename to modules/nixos/services/networking/caddy.nix diff --git a/modules/nixos/services/networking/ssh/default.nix b/modules/nixos/services/networking/ssh.nix similarity index 100% rename from modules/nixos/services/networking/ssh/default.nix rename to modules/nixos/services/networking/ssh.nix diff --git a/modules/nixos/services/networking/wireguard/default.nix b/modules/nixos/services/networking/wireguard.nix similarity index 100% rename from modules/nixos/services/networking/wireguard/default.nix rename to modules/nixos/services/networking/wireguard.nix diff --git a/modules/nixos/services/observability/loki/default.nix b/modules/nixos/services/observability/loki.nix similarity index 100% rename from modules/nixos/services/observability/loki/default.nix rename to modules/nixos/services/observability/loki.nix diff --git a/modules/nixos/services/observability/prometheus/default.nix b/modules/nixos/services/observability/prometheus.nix similarity index 100% rename from modules/nixos/services/observability/prometheus/default.nix rename to modules/nixos/services/observability/prometheus.nix diff --git a/modules/nixos/services/observability/promtail/default.nix b/modules/nixos/services/observability/promtail.nix similarity index 100% rename from modules/nixos/services/observability/promtail/default.nix rename to modules/nixos/services/observability/promtail.nix diff --git a/modules/nixos/services/observability/uptime-kuma/default.nix b/modules/nixos/services/observability/uptime-kuma.nix similarity index 100% rename from modules/nixos/services/observability/uptime-kuma/default.nix rename to modules/nixos/services/observability/uptime-kuma.nix diff --git a/modules/nixos/services/persistance/postgesql/default.nix b/modules/nixos/services/persistance/postgresql.nix similarity index 100% rename from modules/nixos/services/persistance/postgesql/default.nix rename to modules/nixos/services/persistance/postgresql.nix diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden.nix similarity index 100% rename from modules/nixos/services/security/vaultwarden/default.nix rename to modules/nixos/services/security/vaultwarden.nix diff --git a/modules/nixos/services/virtualisation/podman/default.nix b/modules/nixos/services/virtualisation/podman.nix similarity index 100% rename from modules/nixos/services/virtualisation/podman/default.nix rename to modules/nixos/services/virtualisation/podman.nix diff --git a/modules/nixos/shells/zsh/default.nix b/modules/nixos/shells/zsh.nix similarity index 100% rename from modules/nixos/shells/zsh/default.nix rename to modules/nixos/shells/zsh.nix diff --git a/modules/nixos/system/networking/default.nix b/modules/nixos/system/networking.nix similarity index 100% rename from modules/nixos/system/networking/default.nix rename to modules/nixos/system/networking.nix diff --git a/modules/nixos/system/security/boot/default.nix b/modules/nixos/system/security/boot.nix similarity index 100% rename from modules/nixos/system/security/boot/default.nix rename to modules/nixos/system/security/boot.nix diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops.nix similarity index 100% rename from modules/nixos/system/security/sops/default.nix rename to modules/nixos/system/security/sops.nix diff --git a/modules/nixos/system/security/sudo/default.nix b/modules/nixos/system/security/sudo.nix similarity index 100% rename from modules/nixos/system/security/sudo/default.nix rename to modules/nixos/system/security/sudo.nix From 10bbf99210178eea5e11f8cd6d1783625aee30ab Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 30 Mar 2026 12:22:11 +0000 Subject: [PATCH 10/58] secrets: add user chris --- sops/users/chris/key.json | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 sops/users/chris/key.json diff --git a/sops/users/chris/key.json b/sops/users/chris/key.json new file mode 100644 index 0000000..90b904f --- /dev/null +++ b/sops/users/chris/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "type": "age" + } +] \ No newline at end of file From 611f47496148db5557559923ec1ea6c5c9e98ab4 Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 30 Mar 2026 12:23:02 +0000 Subject: [PATCH 11/58] secrets: add machine ulmo --- sops/machines/ulmo/key.json | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 sops/machines/ulmo/key.json diff --git a/sops/machines/ulmo/key.json b/sops/machines/ulmo/key.json new file mode 100644 index 0000000..90b904f --- /dev/null +++ b/sops/machines/ulmo/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "type": "age" + } +] \ No newline at end of file From a4500a2eb67ff3339fc75b7c3d1c072470af9ac2 Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 30 Mar 2026 12:24:27 +0000 Subject: [PATCH 12/58] vars: update via generator sabnzbd (machine: ulmo) --- .../per-machine/ulmo/sabnzbd/api_key/machines/ulmo | 1 + vars/per-machine/ulmo/sabnzbd/api_key/secret | 14 ++++++++++++++ vars/per-machine/ulmo/sabnzbd/api_key/users/chris | 1 + .../per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo | 1 + vars/per-machine/ulmo/sabnzbd/nzb_key/secret | 14 ++++++++++++++ vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris | 1 + .../ulmo/sabnzbd/sabnzbd.ini/machines/ulmo | 1 + vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/secret | 14 ++++++++++++++ .../ulmo/sabnzbd/sabnzbd.ini/users/chris | 1 + 9 files changed, 48 insertions(+) create mode 120000 vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo create mode 100644 vars/per-machine/ulmo/sabnzbd/api_key/secret create mode 120000 vars/per-machine/ulmo/sabnzbd/api_key/users/chris create mode 120000 vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo create mode 100644 vars/per-machine/ulmo/sabnzbd/nzb_key/secret create mode 120000 vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris create mode 120000 vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/machines/ulmo create mode 100644 vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/secret create mode 120000 vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/users/chris diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/secret b/vars/per-machine/ulmo/sabnzbd/api_key/secret new file mode 100644 index 0000000..a6516ed --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/api_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:LgA16Y5BZRCcZ1UaHW27s9mHRD504oLhIu/RxY5If4VUBFd5OuOjZlfVqznNZnpphD6zO/GO9dIBDzOquRHtuWQdUTUWv7KjcOQJ2dybAFh1+hCkjAVb/IYfKObTpA4D0xEZF9CUouMdZJX4Zc055ZRZK6GJCq+dsyJsxS12GWbB,iv:dARj4UMkJ3off+MI3qhrj2aB+ebxn1iSyAuBHN1uUbE=,tag:MpTKMzLD5lw2QvzBkKAbTQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OENIR0xPNU5HcUd2STRs\nOEtvUjZkMGo0MHBlTEM4d1pFcy8zQjdmN2pZCmF6b2NtbzRMaWNhNTZHRWlja1Nu\nOUswRnVjeWlDTEdqSkhkOFRnVTU1WVUKLS0tIDNlN3FQVURyL2lDZ0VWb0VyRHlv\ndVhtcG9RNE5TcGRYaTdzT2ZrbGc5OFEKm9DMJOA0x+KNUDw7nJUIERiQjQzCOkoG\nsCRJkJb/9DHiwHhF/5lBJK81biIpLJUrwlTkiRiWUaB/nGAXw1kjnw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T12:24:24Z", + "mac": "ENC[AES256_GCM,data:t3HHtfiR808KqGF1f1uzuOQZ+wDOZaZc1tlJS1vzqDtWtl7OGnigpS0iQgCMweQs/xT4cGZhwACWu2SpZ1xc33AHUEl5jTQkYCbO2lTnXlwKlvCmR7mVygE/4SIzyAYf9rErH3VmNrHTdaX1WjVD1WkeLS75euhVB4FHYd29ofE=,iv:S5hd1uen0LrPxRGOconpCGj2YsrUG2iYAqv3tiZ1fyA=,tag:pkR4D9a52J2c1qcKTzGMMg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/users/chris b/vars/per-machine/ulmo/sabnzbd/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/secret b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret new file mode 100644 index 0000000..e640fe2 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:YwQUEL8KlMaEN968yut7vaEfkjB1m8rp7y6A1iJL1kfJvOkijYy9A+RuzItM2Z9w8FrEh9T5WfpSn6UfnEEI4BObPbd383d3fW8FVH9zxhcbfEPzCf2Rp14BCYdbCRDYLGKDhVhxABWqWPjfG6ZaZtBj+ed9mnu3CPxRsN0hcLNh,iv:aLK7/FEZ2malYt8ncg/pFc94mbqYe18biIyI4XvxXaE=,tag:uEIC6GVVFLEQgdBkNO7CAA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRTg2Y2tTN1VVN05CaGty\nS1VlUlhQdzg1NC9YOHF4L0Y2bWZGYXVPNVd3CmZMZDRSSm1DbHZhT0lmTkQ2UkJ5\nSmJEZUgyZjJ3UkJaZFZOMHhoVGFPOGsKLS0tIEtrdld2V1grNVpqS2t6MDFTNG56\nV01hVkxGeFc3OTlFR0lEVXNnNEcvRGsKZ/NhIBiokqEHgztLMSlgfDtOEocUcCWf\nO81GUemWQaciCk3PL9m+hxcmKvhYTmEHocRxOnff9i4zJT3Cz4/BLQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T12:24:24Z", + "mac": "ENC[AES256_GCM,data:sQDoCCmPzIv35o3p8tkm6P/Hjs0m2PvSEWjdrLxsObiCSCGzIZKmaRqbwc1gw8YH5M6ObYNGmPAGHasNz5jBqST9Ie0ykxa3jDbKeRI3RREs1qdr0VP2h3E8iaPwFDnbY1LmlMbdE6gpBJ6nmMmubs8Ddjgerynt5z7/u647tO8=,iv:sNnhcANBG+iwuJQFznAQw2PHAMxmolpMv8bxwjy8UQM=,tag:56dKY1pajWH9iNQec1sZBQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris b/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/secret b/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/secret new file mode 100644 index 0000000..096adbc --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:SQ==,iv:TA3yzuzlV904alF4FJYea1hDfCUhTorWde9i2+Wjni8=,tag:llIJD9Y4R+7eLKzICX+2eQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcEJUS3M4SWdZUVloNVNQ\nS042WFRFQ3JPK1AvRTA3U3NXeENuRVpYRFNFCmFUdGFocGI3T1hzdm5SdGhvVkg2\nMEczL1E5dW1RU2xKZnpBSXBTNGExL1UKLS0tIGhMT1h1THNIOVljQnd2emJzcEJV\nQkZkVXVNZjdsRDU4cHU5a25rVndHTEkKQSkpEgtAxwO1kCYU+G+3YwrT57Z5I25v\ndLN9BD2kQMb7wyK7tyzGi34p/gQRAd27YS5eohz4NA1DCtrG+AHkAw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T12:24:25Z", + "mac": "ENC[AES256_GCM,data:bcdmlYkslq2A9fVsKI0tZ/kQZqfona6caLUCHmWV3BzxjwsUE4pYe/1hOWn+C7Gw59YhccscvTMQM9VVYYmpr8aubO8VNsnix6PkyYLlof94aTFm0QZOGTdgIe9JCiAfYCvEBiS3VowhyLKj2zdxKJhCqfsFccpmC3XAV6zJS7s=,iv:97dmBjBcBwvnWDLE1rXeZLCqEuDuGLxiPoaQz/O3Dgg=,tag:1F0bhzmPqNV9q98ceSGlkg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/users/chris b/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From 955b1c6ba45c34c6072a598e14ab83cb06916909 Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 30 Mar 2026 12:31:51 +0000 Subject: [PATCH 13/58] vars: update via generator sabnzbd (machine: ulmo) --- vars/per-machine/ulmo/sabnzbd/api_key/secret | 8 ++++---- .../ulmo/sabnzbd/config.ini/machines/ulmo | 1 + vars/per-machine/ulmo/sabnzbd/config.ini/secret | 14 ++++++++++++++ .../ulmo/sabnzbd/config.ini/users/chris | 1 + vars/per-machine/ulmo/sabnzbd/nzb_key/secret | 8 ++++---- 5 files changed, 24 insertions(+), 8 deletions(-) create mode 120000 vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo create mode 100644 vars/per-machine/ulmo/sabnzbd/config.ini/secret create mode 120000 vars/per-machine/ulmo/sabnzbd/config.ini/users/chris diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/secret b/vars/per-machine/ulmo/sabnzbd/api_key/secret index a6516ed..0d70b0f 100644 --- a/vars/per-machine/ulmo/sabnzbd/api_key/secret +++ b/vars/per-machine/ulmo/sabnzbd/api_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:LgA16Y5BZRCcZ1UaHW27s9mHRD504oLhIu/RxY5If4VUBFd5OuOjZlfVqznNZnpphD6zO/GO9dIBDzOquRHtuWQdUTUWv7KjcOQJ2dybAFh1+hCkjAVb/IYfKObTpA4D0xEZF9CUouMdZJX4Zc055ZRZK6GJCq+dsyJsxS12GWbB,iv:dARj4UMkJ3off+MI3qhrj2aB+ebxn1iSyAuBHN1uUbE=,tag:MpTKMzLD5lw2QvzBkKAbTQ==,type:str]", + "data": "ENC[AES256_GCM,data:798g97ntJ5tgHuQKp0aKk4XQvRut28HmbeNy51qFeGmqbrNyDI6S0v7V/Z/ibIOwNdhRu0u4ml+h02hUH74w6K80enOZXd/fwuO/WZME+WPy6JJbWF2wcmejwml0IGD2LOpWGHrsavBybbnTXnFbuKidy0js783L+leZrDY0j7ae,iv:HUzrJ5PYEpWXYfSLNGs2Hn1yIsaQzja1HR24M4XzGN8=,tag:qFAjDxMY7xa21JH3S+gULA==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OENIR0xPNU5HcUd2STRs\nOEtvUjZkMGo0MHBlTEM4d1pFcy8zQjdmN2pZCmF6b2NtbzRMaWNhNTZHRWlja1Nu\nOUswRnVjeWlDTEdqSkhkOFRnVTU1WVUKLS0tIDNlN3FQVURyL2lDZ0VWb0VyRHlv\ndVhtcG9RNE5TcGRYaTdzT2ZrbGc5OFEKm9DMJOA0x+KNUDw7nJUIERiQjQzCOkoG\nsCRJkJb/9DHiwHhF/5lBJK81biIpLJUrwlTkiRiWUaB/nGAXw1kjnw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQ2tmakJkdnBsazVtR1RM\nVGNFa0FDYUd1M1VVM09taytSdVBlZUw5MVRzCk5veVNLUm9KMmVTYjN2UEcwQmI0\nT0tUQUZsYkE3MDJ1eWJrQm5WYVJEOXMKLS0tIHdKaUFuSm1qcDZ4VWdHbEozalNu\nL3ExMGdKYzRQWStId0lUYWQzbDVvMWMK5jEuKGgXL7h33VSNns0vucUBZgbMrNod\n5dIg577kSlikgnKUzlcNMqPrFXofDkAO/mV3i6vxNWm12sQ+/E1k2A==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:24:24Z", - "mac": "ENC[AES256_GCM,data:t3HHtfiR808KqGF1f1uzuOQZ+wDOZaZc1tlJS1vzqDtWtl7OGnigpS0iQgCMweQs/xT4cGZhwACWu2SpZ1xc33AHUEl5jTQkYCbO2lTnXlwKlvCmR7mVygE/4SIzyAYf9rErH3VmNrHTdaX1WjVD1WkeLS75euhVB4FHYd29ofE=,iv:S5hd1uen0LrPxRGOconpCGj2YsrUG2iYAqv3tiZ1fyA=,tag:pkR4D9a52J2c1qcKTzGMMg==,type:str]", + "lastmodified": "2026-03-30T12:31:48Z", + "mac": "ENC[AES256_GCM,data:8EXoDEI7fF+7uZkutJoMamirYYdkqBC8VqK+hElOzkJpDLbPAopVAxH3G4XVKLHKlhtbmpamyMbIDSEfGG8Me6Ijj7QQIaCGSpeYNCky8W2pBWqGR9meps68kjZMucvadEHY3kRWDor8QFCy3vMs6cC5WLq732XXqHHJjNsMjNQ=,iv:cFDQ+AnJtJFtZvgEtSm8l4XVOqBt13e3Bh+r0+KME2w=,tag:eZ/Q0xEYP0dHkR+UL+5isQ==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/secret b/vars/per-machine/ulmo/sabnzbd/config.ini/secret new file mode 100644 index 0000000..b5ca433 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/config.ini/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:2A==,iv:cC6qE6v0iipZD5UmluNXp+oSLNmDeJs02qOIg2kDgJY=,tag:3nRyUwNsluEd+XgSAGt5Pg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBacllzbERMWXA0RU5lajlU\nM1NCS3QzWHpZZHRLWWRNTmlEZWM5R005T0h3CktQTGdmSzJRVFUrY1Q0MGtMNmhi\nRllQeFQ3UUl3M0laMWlSci8zaEtnNWcKLS0tIFFlVzNlTzBDYXhjZjlBYWxHTVVm\nRC9qcHkvdnRzWm0yd0p5OGttd2pPMUEKKueLt+R6XshhPERJnZ2Tecbk0BTFR/kY\n8gJG2twKXOeNlvrVlqpG7m+CIuDi0pu1GmSw2FT21whkGDIRiOdrTw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T12:31:48Z", + "mac": "ENC[AES256_GCM,data:y1M+Z9S3MHdEVU2BLij9vglbSxe/7kqg9meVY8P5yCEPMkhWip7vNUe3U0tL9qA4Cn3lZiqdNbE2Ea+R2BDIvzhyyEVArvB9FV7ckjmMOqCaOZjJWNgeP6EyIoshroyQAWzmkJ4vAE9bvDfvwKdSdKL4nPaUU0maJWWFb0SqB0k=,iv:sz2+8j7392sIbrx0/eEprziWsabXCNcgo7HeCvZXut4=,tag:+4PH3Fz/SyWaQxjkL02sgg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris b/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/secret b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret index e640fe2..fc682cf 100644 --- a/vars/per-machine/ulmo/sabnzbd/nzb_key/secret +++ b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:YwQUEL8KlMaEN968yut7vaEfkjB1m8rp7y6A1iJL1kfJvOkijYy9A+RuzItM2Z9w8FrEh9T5WfpSn6UfnEEI4BObPbd383d3fW8FVH9zxhcbfEPzCf2Rp14BCYdbCRDYLGKDhVhxABWqWPjfG6ZaZtBj+ed9mnu3CPxRsN0hcLNh,iv:aLK7/FEZ2malYt8ncg/pFc94mbqYe18biIyI4XvxXaE=,tag:uEIC6GVVFLEQgdBkNO7CAA==,type:str]", + "data": "ENC[AES256_GCM,data:4+AKwMg++1mn5WQmvjcX7fBzZxl5+jCMm4Q8/PfPRoBJ7DvpMZ1Ek0reoDM1GkM3xuZTmAa/DLvivSoc5ChXJNKvoOgB5R492cUM71U87+ndwSFbzxjE2dO2EANA3XHzvfJEykQhl5qbgWZdgbpS8JQ/o+FjRojE3PpEbCk3TJoh,iv:MEWdEC+B8yL/BnVbUBwDAzWcnpKhym3GNzvk9y6M5Gs=,tag:/fbDPVS1WsYXQu3JvtjJaQ==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRTg2Y2tTN1VVN05CaGty\nS1VlUlhQdzg1NC9YOHF4L0Y2bWZGYXVPNVd3CmZMZDRSSm1DbHZhT0lmTkQ2UkJ5\nSmJEZUgyZjJ3UkJaZFZOMHhoVGFPOGsKLS0tIEtrdld2V1grNVpqS2t6MDFTNG56\nV01hVkxGeFc3OTlFR0lEVXNnNEcvRGsKZ/NhIBiokqEHgztLMSlgfDtOEocUcCWf\nO81GUemWQaciCk3PL9m+hxcmKvhYTmEHocRxOnff9i4zJT3Cz4/BLQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTVlpWEZrOTJkVVNaNGdp\nUEFHaU1nMWJreFZyMUpPZFp2cVJpRjd0U0JzCkcwd1pJMGc4VUJDOUtKTHpMb0s0\nZmJaQ1NQdG13alhsaVQ3VzBMRk8rTkkKLS0tIGtKY01wWk9kM0l3T3YrS2FHSlpl\nTmp2L1FkN0tXYlpGMmZHZEVNeks3U1kKkrFISE4Ghvv1v5cf8PJ6WCAsglaqChzQ\nB94Z79XnSmDb75byP2bR0xNO5NiUyjObebZKNOz61yQHxn3i5hBkQg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:24:24Z", - "mac": "ENC[AES256_GCM,data:sQDoCCmPzIv35o3p8tkm6P/Hjs0m2PvSEWjdrLxsObiCSCGzIZKmaRqbwc1gw8YH5M6ObYNGmPAGHasNz5jBqST9Ie0ykxa3jDbKeRI3RREs1qdr0VP2h3E8iaPwFDnbY1LmlMbdE6gpBJ6nmMmubs8Ddjgerynt5z7/u647tO8=,iv:sNnhcANBG+iwuJQFznAQw2PHAMxmolpMv8bxwjy8UQM=,tag:56dKY1pajWH9iNQec1sZBQ==,type:str]", + "lastmodified": "2026-03-30T12:31:49Z", + "mac": "ENC[AES256_GCM,data:OlCVVtxddol2WNFNM/PbrPdzAIvNCp2VUWuq3yxhKbk9/mPGiZ008GBMlOKkcvkFOedv2yummEeGSN00a9K4Dh781Uy0slHYpKjcz9wrc0q1eO1dIUxlTmgVgCaASKnHKi/j42Yx0YtK0eHQz/JdOYx9/fueyKOySiol+3W0bdQ=,iv:kzq/LAZ6AoIIjIADB+0e5oa/yeyuv29GEgcWOsVC6uY=,tag:1DqPyH7vaMMrgrbWhA95Fw==,type:str]", "version": "3.12.1" } } From bd540029a763c18e1d44c1634a4afb68e6a7714a Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 30 Mar 2026 12:57:36 +0000 Subject: [PATCH 14/58] vars: update via generator sabnzbd (machine: ulmo) --- vars/per-machine/ulmo/sabnzbd/api_key/secret | 8 ++++---- vars/per-machine/ulmo/sabnzbd/config.ini/secret | 8 ++++---- vars/per-machine/ulmo/sabnzbd/nzb_key/secret | 8 ++++---- .../ulmo/sabnzbd/password/machines/ulmo | 1 + vars/per-machine/ulmo/sabnzbd/password/secret | 14 ++++++++++++++ vars/per-machine/ulmo/sabnzbd/password/users/chris | 1 + .../ulmo/sabnzbd/username/machines/ulmo | 1 + vars/per-machine/ulmo/sabnzbd/username/users/chris | 1 + 8 files changed, 30 insertions(+), 12 deletions(-) create mode 120000 vars/per-machine/ulmo/sabnzbd/password/machines/ulmo create mode 100644 vars/per-machine/ulmo/sabnzbd/password/secret create mode 120000 vars/per-machine/ulmo/sabnzbd/password/users/chris create mode 120000 vars/per-machine/ulmo/sabnzbd/username/machines/ulmo create mode 120000 vars/per-machine/ulmo/sabnzbd/username/users/chris diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/secret b/vars/per-machine/ulmo/sabnzbd/api_key/secret index 0d70b0f..9607f2f 100644 --- a/vars/per-machine/ulmo/sabnzbd/api_key/secret +++ b/vars/per-machine/ulmo/sabnzbd/api_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:798g97ntJ5tgHuQKp0aKk4XQvRut28HmbeNy51qFeGmqbrNyDI6S0v7V/Z/ibIOwNdhRu0u4ml+h02hUH74w6K80enOZXd/fwuO/WZME+WPy6JJbWF2wcmejwml0IGD2LOpWGHrsavBybbnTXnFbuKidy0js783L+leZrDY0j7ae,iv:HUzrJ5PYEpWXYfSLNGs2Hn1yIsaQzja1HR24M4XzGN8=,tag:qFAjDxMY7xa21JH3S+gULA==,type:str]", + "data": "ENC[AES256_GCM,data:rXR4yONXExf5jvAW3o0Q7+ivNcGv8VlS+MdW9TdieOAvAlBPxwP9fGvdsMsTgv9wgJuLtWfbgf9xpCYwhDJSivsMwuYO0oOJpbREoY2Gws8xrY4y6mtkah5yYBwH/ey5p2vWZhP98EMLdthVMdMtEqSAF2/Gs0pjv0EJeWJltKjv,iv:14S6RBI/d7JoFPQO652l8lM2ZyQFX6O1chTCDQWZuFQ=,tag:s+zy4KE3wyUjXSgqn0UK+g==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQ2tmakJkdnBsazVtR1RM\nVGNFa0FDYUd1M1VVM09taytSdVBlZUw5MVRzCk5veVNLUm9KMmVTYjN2UEcwQmI0\nT0tUQUZsYkE3MDJ1eWJrQm5WYVJEOXMKLS0tIHdKaUFuSm1qcDZ4VWdHbEozalNu\nL3ExMGdKYzRQWStId0lUYWQzbDVvMWMK5jEuKGgXL7h33VSNns0vucUBZgbMrNod\n5dIg577kSlikgnKUzlcNMqPrFXofDkAO/mV3i6vxNWm12sQ+/E1k2A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVTdCV1F5NjBZKy9ta1Jo\nZjdsU2VKM09zSTFyaWNrbzMrRy9HWGlzdHc0CkM4VDQ0M1VoSTNzV01yK2FZamZa\nMWlZQzRWSXJnZzY2REdHc0R6SGp5dkEKLS0tIE1GbERwYmcxVDFvejFaNEdTZnVQ\nMnE3TnFtczNxem9neFlvSk9aZTN2WjQK8Q/gRcG7hLxOaMCfIH67I99Mvolq8fUf\nCdkIjYR+Cw1dA1Gznt5jMT1D9AEGuhGu+SLZCMC6+Te6fEV5PMRDJg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:31:48Z", - "mac": "ENC[AES256_GCM,data:8EXoDEI7fF+7uZkutJoMamirYYdkqBC8VqK+hElOzkJpDLbPAopVAxH3G4XVKLHKlhtbmpamyMbIDSEfGG8Me6Ijj7QQIaCGSpeYNCky8W2pBWqGR9meps68kjZMucvadEHY3kRWDor8QFCy3vMs6cC5WLq732XXqHHJjNsMjNQ=,iv:cFDQ+AnJtJFtZvgEtSm8l4XVOqBt13e3Bh+r0+KME2w=,tag:eZ/Q0xEYP0dHkR+UL+5isQ==,type:str]", + "lastmodified": "2026-03-30T12:57:28Z", + "mac": "ENC[AES256_GCM,data:V7VEAOEjZI3i0oqbh79SSW6o1N7pKHcwB2G35O3aaWsJzAq+AB3ap/H8USdpXqum/UqJ1tTG8Hh89rx3bvrVRHgcEc9EY1WmloEZ5tg+mnD14Qn3nNFa+zSt+AbzB/SD24rwB1WKeiTx3nfYw3lBxo6fn7kWMYSL8xAKkx4RAPo=,iv:WRSLrfjVRHV3S+hCq42LscdExB+zXkiIQJkSJCnazNM=,tag:gLF/a/pYKlpKbdJHPVJUfw==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/secret b/vars/per-machine/ulmo/sabnzbd/config.ini/secret index b5ca433..f7f874a 100644 --- a/vars/per-machine/ulmo/sabnzbd/config.ini/secret +++ b/vars/per-machine/ulmo/sabnzbd/config.ini/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:2A==,iv:cC6qE6v0iipZD5UmluNXp+oSLNmDeJs02qOIg2kDgJY=,tag:3nRyUwNsluEd+XgSAGt5Pg==,type:str]", + "data": "ENC[AES256_GCM,data:Ow==,iv:emftXtjyH4PrDBqlejljM9RdQ8ML9coNr5F5/L4ZQNw=,tag:w+fzQqJhLhYc8aiN2NSECg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBacllzbERMWXA0RU5lajlU\nM1NCS3QzWHpZZHRLWWRNTmlEZWM5R005T0h3CktQTGdmSzJRVFUrY1Q0MGtMNmhi\nRllQeFQ3UUl3M0laMWlSci8zaEtnNWcKLS0tIFFlVzNlTzBDYXhjZjlBYWxHTVVm\nRC9qcHkvdnRzWm0yd0p5OGttd2pPMUEKKueLt+R6XshhPERJnZ2Tecbk0BTFR/kY\n8gJG2twKXOeNlvrVlqpG7m+CIuDi0pu1GmSw2FT21whkGDIRiOdrTw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bEhIM2VHOE9KV1I2S0Yw\nYnBVeDZsdUM3TVVraEpyZG83cytyKzJ4dVUwCkNHbGptRnFHKzJwSmtHa1BaTzNp\nMlBFVWZSaGtnUy8yUVJhSVlybzBVZ00KLS0tIE5mckI0cmtvUFY0VXJRS0owdmhu\nQnUxWm1NYlA1Q2U5RVBzcWdUNm1pMlUKnQ+47mQZGJA9MjZlxAMG0Hr1KsMY5RO7\njv+P+33UKAxLCwK7CJj754p4nk+S0fDLbU1vWojvM29lV0YAHQKE5Q==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:31:48Z", - "mac": "ENC[AES256_GCM,data:y1M+Z9S3MHdEVU2BLij9vglbSxe/7kqg9meVY8P5yCEPMkhWip7vNUe3U0tL9qA4Cn3lZiqdNbE2Ea+R2BDIvzhyyEVArvB9FV7ckjmMOqCaOZjJWNgeP6EyIoshroyQAWzmkJ4vAE9bvDfvwKdSdKL4nPaUU0maJWWFb0SqB0k=,iv:sz2+8j7392sIbrx0/eEprziWsabXCNcgo7HeCvZXut4=,tag:+4PH3Fz/SyWaQxjkL02sgg==,type:str]", + "lastmodified": "2026-03-30T12:57:28Z", + "mac": "ENC[AES256_GCM,data:tDPMfjtC+R9BwRdvPIJRQXIdsHeqec/V4ofG6I4riBPvhytksYnF25uu9IQ/sKGZSrPjsEmIPZXeWMgnMI2PG509Znx93azdPV4x8FuGpem45gu6u6NPDjZIpwUdyBKg7i5JUT3K6D5Bsmvi3XyhNGNCrmnrv0Dg3dz5bDA6mZw=,iv:3HdTA/qMjiF4L9t7yCdNeU7Ozvqz3/I3t7+8U+4IicQ=,tag:CMthdZhXdTGsBBXPK2Cmwg==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/secret b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret index fc682cf..38b673f 100644 --- a/vars/per-machine/ulmo/sabnzbd/nzb_key/secret +++ b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:4+AKwMg++1mn5WQmvjcX7fBzZxl5+jCMm4Q8/PfPRoBJ7DvpMZ1Ek0reoDM1GkM3xuZTmAa/DLvivSoc5ChXJNKvoOgB5R492cUM71U87+ndwSFbzxjE2dO2EANA3XHzvfJEykQhl5qbgWZdgbpS8JQ/o+FjRojE3PpEbCk3TJoh,iv:MEWdEC+B8yL/BnVbUBwDAzWcnpKhym3GNzvk9y6M5Gs=,tag:/fbDPVS1WsYXQu3JvtjJaQ==,type:str]", + "data": "ENC[AES256_GCM,data:mmS+E7FL08PeytamIZQHgCmzTVlYG3KvlWeADAWyQjUeKLiUtnGFWVLzvJSsq9QjqZSqXB4aKFMa8KfbfXLT8bywxgufkohk8FjgafOGHkBpIkZLOkeQCBw6SmS1m8sZnLNK0ye3ggMxSZqJvEbmYxoZ6e/q/0mwfMO3dIxew2I+,iv:XyVAet2oafynIWzDsx7P8s4IzdHH5+LiyjIZ0gZWf4w=,tag:D9/dOirOO2qSHiEH+egktw==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTVlpWEZrOTJkVVNaNGdp\nUEFHaU1nMWJreFZyMUpPZFp2cVJpRjd0U0JzCkcwd1pJMGc4VUJDOUtKTHpMb0s0\nZmJaQ1NQdG13alhsaVQ3VzBMRk8rTkkKLS0tIGtKY01wWk9kM0l3T3YrS2FHSlpl\nTmp2L1FkN0tXYlpGMmZHZEVNeks3U1kKkrFISE4Ghvv1v5cf8PJ6WCAsglaqChzQ\nB94Z79XnSmDb75byP2bR0xNO5NiUyjObebZKNOz61yQHxn3i5hBkQg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsTGcxd240cnpmUXNna003\ndTN3NE9FTXhwMjg3TG5ybGEvOFpmNkF4N0hzCmt2L1ZEWk44azl4QmxHcXdnc1dM\ndnh5c3VOa2dYUmxKVld4NjdPdU41S0kKLS0tIG0ySHBsUFdQaEZRYnlOajZOUUtt\naldPOHBGVmdBa3RvK2doV1NYdVkrUEUKpdlI/fFurvqxg7CbW5Hea+2IFfRaU9TO\n0Jzs+zYC3J1gdPigscTKUP8nv3Cl4x6AwirkD9EfvijP3k1ptYEP+A==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:31:49Z", - "mac": "ENC[AES256_GCM,data:OlCVVtxddol2WNFNM/PbrPdzAIvNCp2VUWuq3yxhKbk9/mPGiZ008GBMlOKkcvkFOedv2yummEeGSN00a9K4Dh781Uy0slHYpKjcz9wrc0q1eO1dIUxlTmgVgCaASKnHKi/j42Yx0YtK0eHQz/JdOYx9/fueyKOySiol+3W0bdQ=,iv:kzq/LAZ6AoIIjIADB+0e5oa/yeyuv29GEgcWOsVC6uY=,tag:1DqPyH7vaMMrgrbWhA95Fw==,type:str]", + "lastmodified": "2026-03-30T12:57:28Z", + "mac": "ENC[AES256_GCM,data:EPVbY8Nr1Lu9iSKBoE+oByXdivIMfywp1EMxOY9kMVbJgMUUj4sJYo3KGVibZ1KinLLpt8q+KS0PePsuO93JsHWBuFus08jUBoM17WS7NSZPMV4CuCWJ3ojuGBMMl5LO3pg5Kt1h7YEej6vo2p3soQWJyQVh++M4tLZKnJIukyA=,iv:QvfpmvLqoVIouLMusSQCKQ1pSEH1Inm1oDwyi6YKsR8=,tag:NAaWDXe3pBDMj/jH5IAEuA==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/password/secret b/vars/per-machine/ulmo/sabnzbd/password/secret new file mode 100644 index 0000000..0775b96 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:d6K/Y62XJo9z,iv:iMjJqWh1ZLuHUno92WL8NzfbwmRYX6JZsKi+Z1T3EhI=,tag:F+4lNkcylrR0eZkfwkgHgA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcmxqOEFpcnZNVkFYWXFD\nQWQxd2M0Rkc4eDd5VUxpa3Z2SG1yV0tLaFRNCndmb09FZElIRllORW1JYnFDWmQx\nUnZOWVQ1aEhnM0k1eTV1U1VJTjRqZ3cKLS0tIFpwdEhiS0lnMGFjRzZBb1EyMGlT\nS1NRK005ZHRDcThzZFVldlQ3amVkRkEK9K6YC2YFxcsOjEqwnGN6b9Ab8XG4n2WL\nlOABOanuctckPn04PSOrj43OyrY1TNyKPHjxqG9fa4iOlK2MO9zUHQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T12:57:28Z", + "mac": "ENC[AES256_GCM,data:O3R3OCpT2UCPfmeo4WpIGt+WGwgKb48L2CqFsxiY5gUL/vxgtFeW8km4pGh2sFGOvx9EIKzipE/P+TygQOR/wMTKTtK42Ya5+3eXNX+D1/11J3crtEQeyYSySaXO7CabRJVZEd5yuuEd5vUNmdNDss23f/gEb5KZ5j7lbtlnDNI=,iv:6iSmHVidfjdLKHtseHLZsmHwqrvFjaBOWoKmuDrodKc=,tag:/99VDiGzzXGpLIjtDM3m6w==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sabnzbd/password/users/chris b/vars/per-machine/ulmo/sabnzbd/password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/username/users/chris b/vars/per-machine/ulmo/sabnzbd/username/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/username/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From b3490252326a3c10e0a590e8db8a1ec7977182e0 Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 30 Mar 2026 12:58:15 +0000 Subject: [PATCH 15/58] vars: update via generator sabnzbd (machine: ulmo) --- vars/per-machine/ulmo/sabnzbd/api_key/secret | 8 ++++---- vars/per-machine/ulmo/sabnzbd/config.ini/secret | 8 ++++---- vars/per-machine/ulmo/sabnzbd/nzb_key/secret | 8 ++++---- vars/per-machine/ulmo/sabnzbd/password/secret | 8 ++++---- vars/per-machine/ulmo/sabnzbd/username/secret | 14 ++++++++++++++ 5 files changed, 30 insertions(+), 16 deletions(-) create mode 100644 vars/per-machine/ulmo/sabnzbd/username/secret diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/secret b/vars/per-machine/ulmo/sabnzbd/api_key/secret index 9607f2f..e08f0f8 100644 --- a/vars/per-machine/ulmo/sabnzbd/api_key/secret +++ b/vars/per-machine/ulmo/sabnzbd/api_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:rXR4yONXExf5jvAW3o0Q7+ivNcGv8VlS+MdW9TdieOAvAlBPxwP9fGvdsMsTgv9wgJuLtWfbgf9xpCYwhDJSivsMwuYO0oOJpbREoY2Gws8xrY4y6mtkah5yYBwH/ey5p2vWZhP98EMLdthVMdMtEqSAF2/Gs0pjv0EJeWJltKjv,iv:14S6RBI/d7JoFPQO652l8lM2ZyQFX6O1chTCDQWZuFQ=,tag:s+zy4KE3wyUjXSgqn0UK+g==,type:str]", + "data": "ENC[AES256_GCM,data:7m/W7+5ER7nycW6j61twOVCevGPdXatreeNEyKiI1NbIy3yypfyWa47/XNegWfNk6FeR6X68dhtlXef+tTfl5VWdUDcV5R1LE+NhVGTnYaBKfInBhccWZ6ZZrnW+4SsVvMKzYIcC0Omw5oSnJyWVA/yZN9Gzf9IOsTkV5ZaMhyNB,iv:vZ7tunJU6f8sIhzELyUCRraP9B+RX1980uAWHjUfTgM=,tag:2NDO5cj8QIdKYrvBEr7G3w==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVTdCV1F5NjBZKy9ta1Jo\nZjdsU2VKM09zSTFyaWNrbzMrRy9HWGlzdHc0CkM4VDQ0M1VoSTNzV01yK2FZamZa\nMWlZQzRWSXJnZzY2REdHc0R6SGp5dkEKLS0tIE1GbERwYmcxVDFvejFaNEdTZnVQ\nMnE3TnFtczNxem9neFlvSk9aZTN2WjQK8Q/gRcG7hLxOaMCfIH67I99Mvolq8fUf\nCdkIjYR+Cw1dA1Gznt5jMT1D9AEGuhGu+SLZCMC6+Te6fEV5PMRDJg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVFlTY0lpR3creUpXQlpX\nSEVReUxrR3dDSTJqaGQySlZzRlgwWHljNmswCnJEbG96ZjFENzdtVUlTMHRsRFV0\nMXN3N0RMa0x1empFNFJZMWVkdGNqa1UKLS0tIFpFOE1UbkNHM0pSOVFDZE5iVzgr\ncjcvM3krb05FK1diUnRPOGpIZFdjbG8Ky+Q/bx5HhS6oro4Bsed8zIIJG1vitEVC\nyOP8vVaR5EIybwxSMoJIQwZ0AFLzcGhhhj09xSUyra4GEMHnQvU4EA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:57:28Z", - "mac": "ENC[AES256_GCM,data:V7VEAOEjZI3i0oqbh79SSW6o1N7pKHcwB2G35O3aaWsJzAq+AB3ap/H8USdpXqum/UqJ1tTG8Hh89rx3bvrVRHgcEc9EY1WmloEZ5tg+mnD14Qn3nNFa+zSt+AbzB/SD24rwB1WKeiTx3nfYw3lBxo6fn7kWMYSL8xAKkx4RAPo=,iv:WRSLrfjVRHV3S+hCq42LscdExB+zXkiIQJkSJCnazNM=,tag:gLF/a/pYKlpKbdJHPVJUfw==,type:str]", + "lastmodified": "2026-03-30T12:58:12Z", + "mac": "ENC[AES256_GCM,data:Ij923UJcuHTyP8a8A0Z2WNXAkBCcE9EoWZcuZlgtgK9lvi0IcwyOcA6hA70lzLqOjZOHaT1FjrBHOrxlkMbUSrHqP6EOe10+PiLaZeTM6VH/9zcQYFccuyMuK2kI0zsqw6bJAhaGmJH1HaB4xXTwao0ByBeWPQeZqbdN4Sa52wM=,iv:iPiWOPSPzBXNfuL9QrIsUCybK5ske7qxOfmT8haunfk=,tag:TslS0mNa2xTmBWGDvfIiWw==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/secret b/vars/per-machine/ulmo/sabnzbd/config.ini/secret index f7f874a..8af744a 100644 --- a/vars/per-machine/ulmo/sabnzbd/config.ini/secret +++ b/vars/per-machine/ulmo/sabnzbd/config.ini/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:Ow==,iv:emftXtjyH4PrDBqlejljM9RdQ8ML9coNr5F5/L4ZQNw=,tag:w+fzQqJhLhYc8aiN2NSECg==,type:str]", + "data": "ENC[AES256_GCM,data:5A==,iv:Rx/pnEISOlVM2Vi1sbHUMoYTXXWoO8sTuTScagL8DFA=,tag:1e46t+KWrtAkwQFebRml0Q==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bEhIM2VHOE9KV1I2S0Yw\nYnBVeDZsdUM3TVVraEpyZG83cytyKzJ4dVUwCkNHbGptRnFHKzJwSmtHa1BaTzNp\nMlBFVWZSaGtnUy8yUVJhSVlybzBVZ00KLS0tIE5mckI0cmtvUFY0VXJRS0owdmhu\nQnUxWm1NYlA1Q2U5RVBzcWdUNm1pMlUKnQ+47mQZGJA9MjZlxAMG0Hr1KsMY5RO7\njv+P+33UKAxLCwK7CJj754p4nk+S0fDLbU1vWojvM29lV0YAHQKE5Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMVRtd1gybmt1Vnp3Z1hD\nU09qbWFGTnp3dnd3SzlBNjJHRksxazFVa0h3CnVraGg4Nkw1V0ZmQXJaYXdCRFRP\nM2FWOGlyWUpvNTFQc09OWXA3M2FxS0UKLS0tIEhvODYyV1kwS3lJUDRqNXgzdTBw\nR01MV1AyRlJDTGp5SzhaMW1iUE5LNWcKrVPkq6cwUE9KnhzVVrIQF80LWdg4knQd\nzJeDW7RDb2nly1QeR0xG9kZt4gFb4Xvb3tfvLIDiE9MlIsscvpw9Kg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:57:28Z", - "mac": "ENC[AES256_GCM,data:tDPMfjtC+R9BwRdvPIJRQXIdsHeqec/V4ofG6I4riBPvhytksYnF25uu9IQ/sKGZSrPjsEmIPZXeWMgnMI2PG509Znx93azdPV4x8FuGpem45gu6u6NPDjZIpwUdyBKg7i5JUT3K6D5Bsmvi3XyhNGNCrmnrv0Dg3dz5bDA6mZw=,iv:3HdTA/qMjiF4L9t7yCdNeU7Ozvqz3/I3t7+8U+4IicQ=,tag:CMthdZhXdTGsBBXPK2Cmwg==,type:str]", + "lastmodified": "2026-03-30T12:58:12Z", + "mac": "ENC[AES256_GCM,data:9lkCSH1bJFg08ZfEXwcA6PUphpcevyBEO49FknYSXGRKwB0jAHBew8XPuhgkMfAMIs5QwOqzTtBRYoIGY+M7Xi87bnOsQXBtcKoC/XrdjCvaWkD+N+kMfzPKcuyv89TedQam+trL1Jl0v2h4MQMs68fwB3y0fAnzzaUtXfHi3lU=,iv:GGuEEisqDfQJsq8cB7405PoeYq+5yCW1z9oHHcsHtM8=,tag:fyLBmJa1a33I1Wrs/ch+zw==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/secret b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret index 38b673f..0daad9c 100644 --- a/vars/per-machine/ulmo/sabnzbd/nzb_key/secret +++ b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:mmS+E7FL08PeytamIZQHgCmzTVlYG3KvlWeADAWyQjUeKLiUtnGFWVLzvJSsq9QjqZSqXB4aKFMa8KfbfXLT8bywxgufkohk8FjgafOGHkBpIkZLOkeQCBw6SmS1m8sZnLNK0ye3ggMxSZqJvEbmYxoZ6e/q/0mwfMO3dIxew2I+,iv:XyVAet2oafynIWzDsx7P8s4IzdHH5+LiyjIZ0gZWf4w=,tag:D9/dOirOO2qSHiEH+egktw==,type:str]", + "data": "ENC[AES256_GCM,data:/lfe6BsZqvQsXQnAEAlC0ch8BvrGnVN/0DL5NeUfAILCQnhqdZa19OHaikCI/ZCAaSs1YPPhhp9Q2pRWoYGXl1XCkX7cCrkrY80XJUQGJ+trUwQY0aOCTeMIIlr3cHektc7CD79S8aPlq9E3PZ5c/OmnY30zrGrH0pRCYUE3TeiJ,iv:UkaI5AflvTjuqY0pDA4i0gvJEV/6TYQPFHVW5xRqTWM=,tag:JwZFD+2GSB3sUkFFEIDsUg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsTGcxd240cnpmUXNna003\ndTN3NE9FTXhwMjg3TG5ybGEvOFpmNkF4N0hzCmt2L1ZEWk44azl4QmxHcXdnc1dM\ndnh5c3VOa2dYUmxKVld4NjdPdU41S0kKLS0tIG0ySHBsUFdQaEZRYnlOajZOUUtt\naldPOHBGVmdBa3RvK2doV1NYdVkrUEUKpdlI/fFurvqxg7CbW5Hea+2IFfRaU9TO\n0Jzs+zYC3J1gdPigscTKUP8nv3Cl4x6AwirkD9EfvijP3k1ptYEP+A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTllZWml1ZERodzNYSlAw\nWktrS08zZTd2bDR3ck5LOXpUQ25WV2NocUNzCmhkdEFjUU5MMUVrTStHRDVRYnpB\naEpXK1JhOU1pMXFyM0RUM280TjErR1EKLS0tIE9OQ0czNEVGK2U5K0paUTZtMCtM\ndkdlMitxUW1LUG5SdERPUklyRE1GNTQKwKX0RjM7z2YDZc7mNA2yj7x3oo+IbbAW\nfpCN6DrPKdnOeDEo5ARe9kFUv9HrxWDwl4jd1CIMAP+gkNVl06/PIw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:57:28Z", - "mac": "ENC[AES256_GCM,data:EPVbY8Nr1Lu9iSKBoE+oByXdivIMfywp1EMxOY9kMVbJgMUUj4sJYo3KGVibZ1KinLLpt8q+KS0PePsuO93JsHWBuFus08jUBoM17WS7NSZPMV4CuCWJ3ojuGBMMl5LO3pg5Kt1h7YEej6vo2p3soQWJyQVh++M4tLZKnJIukyA=,iv:QvfpmvLqoVIouLMusSQCKQ1pSEH1Inm1oDwyi6YKsR8=,tag:NAaWDXe3pBDMj/jH5IAEuA==,type:str]", + "lastmodified": "2026-03-30T12:58:12Z", + "mac": "ENC[AES256_GCM,data:hKCIl7KbrEgRliipSFkW6cWNHETQC33Smgo0FM8f+VUXlZ+CXRsmnujuqTSz7IktYhhbAhIq+OgnoWfKhvuAilbECyUgIOAFMLH7uhUftTN4uCa1kuIF9/bPR30RzWwiqvJ/F1ZE2YEMNzq6m8Yp0JtSdsz5ImG5ddQl8IcO/NI=,iv:wOXlDtvw+kkbbcBZXJ/97tCDvjBM0pNYmGfdYQMDJb4=,tag:+LXQu9Hi3C5dHsI+VTlCxw==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/password/secret b/vars/per-machine/ulmo/sabnzbd/password/secret index 0775b96..5d74c6e 100644 --- a/vars/per-machine/ulmo/sabnzbd/password/secret +++ b/vars/per-machine/ulmo/sabnzbd/password/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:d6K/Y62XJo9z,iv:iMjJqWh1ZLuHUno92WL8NzfbwmRYX6JZsKi+Z1T3EhI=,tag:F+4lNkcylrR0eZkfwkgHgA==,type:str]", + "data": "ENC[AES256_GCM,data:RybSPpG/YFvx,iv:pNOnW6OPPK2aSVQeZuCoRL1jBNGB/R/iFP0uB8+/s0g=,tag:KJ873kfdaKdytVRLY6f9hg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcmxqOEFpcnZNVkFYWXFD\nQWQxd2M0Rkc4eDd5VUxpa3Z2SG1yV0tLaFRNCndmb09FZElIRllORW1JYnFDWmQx\nUnZOWVQ1aEhnM0k1eTV1U1VJTjRqZ3cKLS0tIFpwdEhiS0lnMGFjRzZBb1EyMGlT\nS1NRK005ZHRDcThzZFVldlQ3amVkRkEK9K6YC2YFxcsOjEqwnGN6b9Ab8XG4n2WL\nlOABOanuctckPn04PSOrj43OyrY1TNyKPHjxqG9fa4iOlK2MO9zUHQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmd3QyYnZhZXhsTTBiWWdJ\nZktraHN1Q1h6WjRoMWNOQ2dkekZUZWNmRkJBCkYydmE0V0ttemo1T1Y2UmxtVEVr\nTlVrNEoyVTg2OEIwejZmN0hVWlFGSHcKLS0tIEg2U0xuZ0RUbG43TUZEMUt3bkFm\nWDdoVXN6bktiK1hadGlhZEtCL1FPRVEKMhC9F4Qb8fEYrk+zDMAe0pQbR5+crCTm\nJ5PBYsewceoqEdppbRbc7884A5fk9pB7r3pujFqeIsmiMcbYee7C6g==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:57:28Z", - "mac": "ENC[AES256_GCM,data:O3R3OCpT2UCPfmeo4WpIGt+WGwgKb48L2CqFsxiY5gUL/vxgtFeW8km4pGh2sFGOvx9EIKzipE/P+TygQOR/wMTKTtK42Ya5+3eXNX+D1/11J3crtEQeyYSySaXO7CabRJVZEd5yuuEd5vUNmdNDss23f/gEb5KZ5j7lbtlnDNI=,iv:6iSmHVidfjdLKHtseHLZsmHwqrvFjaBOWoKmuDrodKc=,tag:/99VDiGzzXGpLIjtDM3m6w==,type:str]", + "lastmodified": "2026-03-30T12:58:12Z", + "mac": "ENC[AES256_GCM,data:zMiM3U622eDDnM0DiVvdsWgNlpNoIfr2lzMhP6xXCHWTb0+OPhau/pglb4BuydHYll1IrxN7smQiR9C3xNCDDXE+ZVZ3VkzokqpHTH5rCMvsWLcxtmw1GL39E9hXUj448dUicyjRDx7f9ckgsmNkGBzP38V20Oh6ZN2eN9T0y9Q=,iv:dK5ozZeeetIRrlygdeROW+ybyMdaNujssU79uZSexTg=,tag:tG1lBddt5qm+himKxQk4Jg==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/username/secret b/vars/per-machine/ulmo/sabnzbd/username/secret new file mode 100644 index 0000000..8277d00 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/username/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:AmvP6J9wL+uLVwtrSYxw0tOgtA==,iv:Htpf6CK8doiKzhRQ9hwVk2NbyPUcEWjBEOZBZbbyzpk=,tag:HnJ9qrm5Qv1dz8iYJTHJtA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRSGNvMWNWeUNwbytpUCtZ\ncFRnV0hudHUwdm5acFRvV093MUgvUWZoZVRNCmdmNVFEQUs1QVZhQk5mc0hEUzNL\ndGIrZ3lxaDcvUnhwWXNhM09LMDB1U1kKLS0tIENTRHg0QVNEVnhodjVVQWNjaFI3\nMEVsU280TXQrbEpIUm5hU2hsYU10c0EKfw0HIrCY2m2M/+TsR0ekjzm+2iMuJ1rM\ncE9R3dYKyKqJx7iBrcnFENsMlX+TMkm3u7YZXWphmZ96TRBocClc5Q==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T12:58:13Z", + "mac": "ENC[AES256_GCM,data:9doUDSKUpYMTq9w8zeImhx9SzS9WZzueM5vYjFmXan13/vQlzkzpgLrSl12N1WJ3tJ+bTYP3I2GSQngZ7eRzLehfrUTX1EIcYiBUPj+IuNL9e7gbNSvZmHYnQYlL4XufNyprumsJaU+zhMvVawJrn5gw8goYoMsL3kqYQjAoeek=,iv:/65y9S1Xwml/HNIZ/fVFaSMIBiWOGInLHw4QH/etCOc=,tag:tIGaBrV4Rr25GQSPIUjqMA==,type:str]", + "version": "3.12.1" + } +} From db5e5974abaad0b3c47018916ecb269982e61f1b Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 30 Mar 2026 13:05:11 +0000 Subject: [PATCH 16/58] vars: update via generator sabnzbd (machine: ulmo) --- vars/per-machine/ulmo/sabnzbd/api_key/secret | 8 ++++---- vars/per-machine/ulmo/sabnzbd/config.ini/secret | 8 ++++---- vars/per-machine/ulmo/sabnzbd/nzb_key/secret | 8 ++++---- vars/per-machine/ulmo/sabnzbd/password/secret | 8 ++++---- vars/per-machine/ulmo/sabnzbd/username/secret | 8 ++++---- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/secret b/vars/per-machine/ulmo/sabnzbd/api_key/secret index e08f0f8..74393fe 100644 --- a/vars/per-machine/ulmo/sabnzbd/api_key/secret +++ b/vars/per-machine/ulmo/sabnzbd/api_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:7m/W7+5ER7nycW6j61twOVCevGPdXatreeNEyKiI1NbIy3yypfyWa47/XNegWfNk6FeR6X68dhtlXef+tTfl5VWdUDcV5R1LE+NhVGTnYaBKfInBhccWZ6ZZrnW+4SsVvMKzYIcC0Omw5oSnJyWVA/yZN9Gzf9IOsTkV5ZaMhyNB,iv:vZ7tunJU6f8sIhzELyUCRraP9B+RX1980uAWHjUfTgM=,tag:2NDO5cj8QIdKYrvBEr7G3w==,type:str]", + "data": "ENC[AES256_GCM,data:Hjg1GjSENrhiqIa3E0bMsmVwKFBI5PtRu+FeCdhICpKUY5UIgdnf5DiM+hv2ZYIP6iP/t4KN2aOQsYBD7UgJeS1fNuDn9UD7ZhipJVqG0vR0CwnVl5/ynJaYAWpVQyA5v+jWpSXp5kNa+sSYfwPKJgoWwWnsji157iQ1CVQkQ43f,iv:y/loJ87JCFQv4hAfRmhFOG//qkYCB0iE6WLH+MOoeM8=,tag:X+N7M1sAv0fRKXE9pOyQkg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVFlTY0lpR3creUpXQlpX\nSEVReUxrR3dDSTJqaGQySlZzRlgwWHljNmswCnJEbG96ZjFENzdtVUlTMHRsRFV0\nMXN3N0RMa0x1empFNFJZMWVkdGNqa1UKLS0tIFpFOE1UbkNHM0pSOVFDZE5iVzgr\ncjcvM3krb05FK1diUnRPOGpIZFdjbG8Ky+Q/bx5HhS6oro4Bsed8zIIJG1vitEVC\nyOP8vVaR5EIybwxSMoJIQwZ0AFLzcGhhhj09xSUyra4GEMHnQvU4EA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsYjhvWTI1Y2FkOFQwMjUr\ncmd3eXN3SSt2NGN1eWp2RTZYd3AyaTQwSUQ4CnR2VURjLzcvdFRKbWlwc1dJYytZ\ndjUyT0o0eC8yQmpCU0orU3UwbS9BNmcKLS0tIHpaTDcrckJyZlF5cW5NeW1wOTdx\nMXQrZ3FzeDZFaUg5MmxoMGQzRTVpT2sKXUKhnjPqpIVDcJzV9BlCrc5hJhx6bsTs\nOpak6eXFkery72dZdOXvijQ8DGUl5tfLXmlHd77kszuSOOTHutqnmA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:58:12Z", - "mac": "ENC[AES256_GCM,data:Ij923UJcuHTyP8a8A0Z2WNXAkBCcE9EoWZcuZlgtgK9lvi0IcwyOcA6hA70lzLqOjZOHaT1FjrBHOrxlkMbUSrHqP6EOe10+PiLaZeTM6VH/9zcQYFccuyMuK2kI0zsqw6bJAhaGmJH1HaB4xXTwao0ByBeWPQeZqbdN4Sa52wM=,iv:iPiWOPSPzBXNfuL9QrIsUCybK5ske7qxOfmT8haunfk=,tag:TslS0mNa2xTmBWGDvfIiWw==,type:str]", + "lastmodified": "2026-03-30T13:05:06Z", + "mac": "ENC[AES256_GCM,data:9ERg0A43TKDudtI5Vq4sNmBV1z/6WG8VcTHykVoRsSvEIESPxKveSFOvoa/2pifM7xsGqHabPcLBzJU+/sOKTLVK6IdL80EbCilZFCQsUYxc0zu41+NdTzLBmD50fW8G9H93B5osOcmcTtKPWgwvyEoJ+O/aVzQWlukEwDo+vcI=,iv:kJmOlShNhtF03CxjoQfUv65ricphC3KrbTfMvlUBa/s=,tag:huaI5sxj9JIKYEqrstw7KQ==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/secret b/vars/per-machine/ulmo/sabnzbd/config.ini/secret index 8af744a..ddeebc8 100644 --- a/vars/per-machine/ulmo/sabnzbd/config.ini/secret +++ b/vars/per-machine/ulmo/sabnzbd/config.ini/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:5A==,iv:Rx/pnEISOlVM2Vi1sbHUMoYTXXWoO8sTuTScagL8DFA=,tag:1e46t+KWrtAkwQFebRml0Q==,type:str]", + "data": "ENC[AES256_GCM,data:WVP52sevgJzYb4oB9N24uhKqo+YV/WFjHmmFDO80SNyARTueG0s2eXQ+UeXbodo0nGk/f7tTxYJRcmZyBLMGuks9YKKvn6zOZ7LZY72csO14XAI19P7sTupGOs43PpvQE8212/M18RMPNRIoj0od0HeDxhhFa61yhtZdclppJw3YIxyAfLGaCqV3LUrFIv3+hlM2zymJTi3QDucxL9h63tlv8ijwFg1ZOV/80tSQ4aEeMmic8LCbAbETtdYViQXHJLTNEEDFK/vL8eMHEwULPmw5yOjbWEyqVGO8FHDVbo6Aaj5EZGkiiEQccbJUbuM46J1LzLEjvobg8LKFcA/sVoiiqGp8b47qHbb+dswM5e5vQx11vqDI0UyQcxHuSxtSXJWqi9xKRf32sNhs2P/u1VDLBNCZDtc6z4cTzDHWKn5Dpm+G3oe9OtcA4Nzk/T49pGsb0AZ9WKSo2aAXlyoHfA3bfm+pWyAhEn5wvlhWojhJX/wRTg==,iv:Jdx8BJPx/Emszd/Y3y8y+j3Ogfp0I9fXdhAU5SToTj4=,tag:npMFKmFv+4dcp5Gi5Vyvkg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrMVRtd1gybmt1Vnp3Z1hD\nU09qbWFGTnp3dnd3SzlBNjJHRksxazFVa0h3CnVraGg4Nkw1V0ZmQXJaYXdCRFRP\nM2FWOGlyWUpvNTFQc09OWXA3M2FxS0UKLS0tIEhvODYyV1kwS3lJUDRqNXgzdTBw\nR01MV1AyRlJDTGp5SzhaMW1iUE5LNWcKrVPkq6cwUE9KnhzVVrIQF80LWdg4knQd\nzJeDW7RDb2nly1QeR0xG9kZt4gFb4Xvb3tfvLIDiE9MlIsscvpw9Kg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMmM0UmtEZ2JDMnFKaitk\nZjh4NXU5Sk15aGNBbVdJa2xSRTVmbUxFc2pBCkhPSjN1b2Z1Y01XYTlNaXpObFp4\ndSs3QlFXbTB5YnRNZzZaejFjVms4dncKLS0tIGwrckxId1F6OGVlZGg4UWI2cWdI\nKzBZU1gxNlpNN2FaTVRHd3FiV3ZzMkkKsi+bSSHNZ5UR//r7Md5Cds7ZjaAgHLqn\nh9gsf9q8Q1dM8LXyu7s0UEApcW9PVWoFAJKttn5mK0VMl0CkUlhTYw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:58:12Z", - "mac": "ENC[AES256_GCM,data:9lkCSH1bJFg08ZfEXwcA6PUphpcevyBEO49FknYSXGRKwB0jAHBew8XPuhgkMfAMIs5QwOqzTtBRYoIGY+M7Xi87bnOsQXBtcKoC/XrdjCvaWkD+N+kMfzPKcuyv89TedQam+trL1Jl0v2h4MQMs68fwB3y0fAnzzaUtXfHi3lU=,iv:GGuEEisqDfQJsq8cB7405PoeYq+5yCW1z9oHHcsHtM8=,tag:fyLBmJa1a33I1Wrs/ch+zw==,type:str]", + "lastmodified": "2026-03-30T13:05:07Z", + "mac": "ENC[AES256_GCM,data:U1oKfi5RKpLIJOS3mM5y/pQ+8cxGk3dmza2YXk9kfBuzV1LfjCpSoFFGkuLWESA2rbZZEjjqRYfcgi0n8bTzWN8JZFZ9ZTI1ffSjKhVWdC5vqW2XmBlUC3GvAg/huGLd4FGO02qJMcqmnH94pzAglH1uhB7sP6K54w6GEUNEBnQ=,iv:mt+DmM/V1u5mCXjRx7y5RDW0gkmKHC8jYFCrqmbeiWk=,tag:+0f7k/bLwHznNtDt7boRmQ==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/secret b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret index 0daad9c..9ef806a 100644 --- a/vars/per-machine/ulmo/sabnzbd/nzb_key/secret +++ b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:/lfe6BsZqvQsXQnAEAlC0ch8BvrGnVN/0DL5NeUfAILCQnhqdZa19OHaikCI/ZCAaSs1YPPhhp9Q2pRWoYGXl1XCkX7cCrkrY80XJUQGJ+trUwQY0aOCTeMIIlr3cHektc7CD79S8aPlq9E3PZ5c/OmnY30zrGrH0pRCYUE3TeiJ,iv:UkaI5AflvTjuqY0pDA4i0gvJEV/6TYQPFHVW5xRqTWM=,tag:JwZFD+2GSB3sUkFFEIDsUg==,type:str]", + "data": "ENC[AES256_GCM,data:PconALoYtJ9/rw1rlo1jPAZTbcEYbBCHOC2Yt4V/gunFGOGoRZqENAJgOA8DICNvbv/04Mv2R9kJtHIwNXOfij0J0ySo20Tj6hTgTFIPOmNts/7lA3GFtCzsDWPokGmLwYzq/cowNTs2Vh2tZBJvL8qZtBBY607fmxlL9b44wjKm,iv:6BdN5nXBYtKHPdYn74AxetgllLFXIza/jktIGt6uMU0=,tag:riFepVvAaFcDSZHz48q5KA==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTllZWml1ZERodzNYSlAw\nWktrS08zZTd2bDR3ck5LOXpUQ25WV2NocUNzCmhkdEFjUU5MMUVrTStHRDVRYnpB\naEpXK1JhOU1pMXFyM0RUM280TjErR1EKLS0tIE9OQ0czNEVGK2U5K0paUTZtMCtM\ndkdlMitxUW1LUG5SdERPUklyRE1GNTQKwKX0RjM7z2YDZc7mNA2yj7x3oo+IbbAW\nfpCN6DrPKdnOeDEo5ARe9kFUv9HrxWDwl4jd1CIMAP+gkNVl06/PIw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqd1B1eVBVUkVYZDV0NVlB\nUWNDYkZrbndOZkI3THJWa3YvV0dqc055c2tnClV6MGdsKzFRaTEwRlU4dHVXdGJR\nUzc1M3dKWkFPZ243UzA5ZnYvVzVjYjQKLS0tIHhhMnJ6MmcrTFZvc0ZQUDNLb1Bp\nbWdsOGhSYjJkZTRNTXpsV0hxV0I3cTQKjKfRJ7B4wDi0Z7ELkyosdxWPT4qdHtNu\njHDRfgmhD0EGgntwDohSCuxTyp04jQX0gO2/wF0oIFddP5cJQBZm+w==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:58:12Z", - "mac": "ENC[AES256_GCM,data:hKCIl7KbrEgRliipSFkW6cWNHETQC33Smgo0FM8f+VUXlZ+CXRsmnujuqTSz7IktYhhbAhIq+OgnoWfKhvuAilbECyUgIOAFMLH7uhUftTN4uCa1kuIF9/bPR30RzWwiqvJ/F1ZE2YEMNzq6m8Yp0JtSdsz5ImG5ddQl8IcO/NI=,iv:wOXlDtvw+kkbbcBZXJ/97tCDvjBM0pNYmGfdYQMDJb4=,tag:+LXQu9Hi3C5dHsI+VTlCxw==,type:str]", + "lastmodified": "2026-03-30T13:05:07Z", + "mac": "ENC[AES256_GCM,data:p6VDaZr2vq1As/qe8n+fjV31+IurhYcgctUTJ1Zh7QkQRKBRXqfHQAZIjJttKUbhEp7hJBVGT316lDNJ9uKLm2vkO3CKrb15Jd0nKBWIsAknOF+ldhADQ9+Vt2W+tW+RMvVjq09fyKihU+j/5NtoaFFnZoK6gPjCWOcKuDVYor4=,iv:3Mn5MDdZmYhS9d0C6IcV6OWxrIej+N9RmVwHRa3N5Ys=,tag:pWa4Cj/X2wZiuGsFrVbwYg==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/password/secret b/vars/per-machine/ulmo/sabnzbd/password/secret index 5d74c6e..757c532 100644 --- a/vars/per-machine/ulmo/sabnzbd/password/secret +++ b/vars/per-machine/ulmo/sabnzbd/password/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:RybSPpG/YFvx,iv:pNOnW6OPPK2aSVQeZuCoRL1jBNGB/R/iFP0uB8+/s0g=,tag:KJ873kfdaKdytVRLY6f9hg==,type:str]", + "data": "ENC[AES256_GCM,data:SkOlXNgGnZ1w,iv:SL+wXz7Ifpinqbrlv6Z6Lw2OYugZviGK1yLyHkwY1xM=,tag:iebP8vOoFCTWesHbq/QKvw==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmd3QyYnZhZXhsTTBiWWdJ\nZktraHN1Q1h6WjRoMWNOQ2dkekZUZWNmRkJBCkYydmE0V0ttemo1T1Y2UmxtVEVr\nTlVrNEoyVTg2OEIwejZmN0hVWlFGSHcKLS0tIEg2U0xuZ0RUbG43TUZEMUt3bkFm\nWDdoVXN6bktiK1hadGlhZEtCL1FPRVEKMhC9F4Qb8fEYrk+zDMAe0pQbR5+crCTm\nJ5PBYsewceoqEdppbRbc7884A5fk9pB7r3pujFqeIsmiMcbYee7C6g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzV0VuUDh0K2l5bXYwMWJu\nVnJ0dnhncEtpU1JQTXNwSXZXczBvb25qRnk4CmZYUjJDYXAvTHZPSmtjQkdHYjlh\nbWxmaXFFZGY3b0ZDR3NQOTlBYnBVZmMKLS0tIExFTXVBUU5GOEJWdEZ3VnpWTU9Q\nWEg3TjBxM21EbWszSkh3c25oeEVNTEkK3FemB2jA6fVil0z2FA6u/4nH0CScrE2B\nKS37nP35ufv+m/5x00+WNOgppfj3X61mKLmeJZ+Vj01hr4tTPegddg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:58:12Z", - "mac": "ENC[AES256_GCM,data:zMiM3U622eDDnM0DiVvdsWgNlpNoIfr2lzMhP6xXCHWTb0+OPhau/pglb4BuydHYll1IrxN7smQiR9C3xNCDDXE+ZVZ3VkzokqpHTH5rCMvsWLcxtmw1GL39E9hXUj448dUicyjRDx7f9ckgsmNkGBzP38V20Oh6ZN2eN9T0y9Q=,iv:dK5ozZeeetIRrlygdeROW+ybyMdaNujssU79uZSexTg=,tag:tG1lBddt5qm+himKxQk4Jg==,type:str]", + "lastmodified": "2026-03-30T13:05:07Z", + "mac": "ENC[AES256_GCM,data:YVBRGtUoLSLl/B6JOwckAh2olXCrbbu7S/jE4DyHqO41KdSufQ1EUm+gzaXYnW64oiyKtMAHZPYJS8z9i91zGDs6oUOtW/2vr0LWyIkhEfXAB5Lbm4Im9SqJ8uOthjVQNVErMJOu87P16Ud37v71wkIXa6UImwPLtn5nf2lD5ho=,iv:L8BpU1VEWCtwTeXDwAMqWzKdvzxZbkYPC854g5Lfrs4=,tag:ILEjAo1f8i791ORUQgzGoA==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sabnzbd/username/secret b/vars/per-machine/ulmo/sabnzbd/username/secret index 8277d00..317403a 100644 --- a/vars/per-machine/ulmo/sabnzbd/username/secret +++ b/vars/per-machine/ulmo/sabnzbd/username/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:AmvP6J9wL+uLVwtrSYxw0tOgtA==,iv:Htpf6CK8doiKzhRQ9hwVk2NbyPUcEWjBEOZBZbbyzpk=,tag:HnJ9qrm5Qv1dz8iYJTHJtA==,type:str]", + "data": "ENC[AES256_GCM,data:GOtu+wDVCaCaOIcAjMZFpQOvwg==,iv:05f4WFx/u/zkBOfD3woUnlgoab8qqgCxc7tJvLd4FBI=,tag:0GcqnjlKC34dWWQdNDaVwA==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRSGNvMWNWeUNwbytpUCtZ\ncFRnV0hudHUwdm5acFRvV093MUgvUWZoZVRNCmdmNVFEQUs1QVZhQk5mc0hEUzNL\ndGIrZ3lxaDcvUnhwWXNhM09LMDB1U1kKLS0tIENTRHg0QVNEVnhodjVVQWNjaFI3\nMEVsU280TXQrbEpIUm5hU2hsYU10c0EKfw0HIrCY2m2M/+TsR0ekjzm+2iMuJ1rM\ncE9R3dYKyKqJx7iBrcnFENsMlX+TMkm3u7YZXWphmZ96TRBocClc5Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVGJWMzVvdjZhM1Biam1P\nN2ZNY2dBSTBLejh0TTBkV2pVcVEyUEhxQ3dzCjRtTzY4NmI0UERTeThGMmZ4aUdI\nbVZ6eFNQZHNzNy9pTS9DYjROZGt6Y28KLS0tIExuVnp2V05iMHlBR1BqWE1scDFk\ndS96eWFSeEozTXJ2VWtJNUxFVXA5K2cKo/7Xybb8tzJQa2zUHmZMJir27ytBoCx2\nI2XBaM8L4eT+OJzO6PodSaQCfQlfEEVlqZupRA2YzeYXUGZqzPBgpg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T12:58:13Z", - "mac": "ENC[AES256_GCM,data:9doUDSKUpYMTq9w8zeImhx9SzS9WZzueM5vYjFmXan13/vQlzkzpgLrSl12N1WJ3tJ+bTYP3I2GSQngZ7eRzLehfrUTX1EIcYiBUPj+IuNL9e7gbNSvZmHYnQYlL4XufNyprumsJaU+zhMvVawJrn5gw8goYoMsL3kqYQjAoeek=,iv:/65y9S1Xwml/HNIZ/fVFaSMIBiWOGInLHw4QH/etCOc=,tag:tIGaBrV4Rr25GQSPIUjqMA==,type:str]", + "lastmodified": "2026-03-30T13:05:08Z", + "mac": "ENC[AES256_GCM,data:X5V3TeZbT8YkYwL7blD8p70A8cER28DBNJT2EC3EdXfd3ATcGrwfpQYt6v18p0msSMRWHP0BIxKutDHUzWjERk7U2Lj221zm5GwjMevZDAXFNKKk4GXmCdpSeVpX43+37UzSKA78cEWca77Yor3fEBfusGux8fMG6XD1wFoRXqI=,iv:36IjknMbyu372BegqV1OBPS+8e3J5WaQ2WYAHQ93Jps=,tag:FWN4tkv4LXvelotNjD2ieA==,type:str]", "version": "3.12.1" } } From 781d1f3c8a084dea7ab1704dd35f35e2509c80b6 Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 30 Mar 2026 13:38:16 +0000 Subject: [PATCH 17/58] vars: update via generator qbittorrent (machine: ulmo) --- .../ulmo/qbittorrent/password/machines/ulmo | 1 + vars/per-machine/ulmo/qbittorrent/password/secret | 14 ++++++++++++++ .../ulmo/qbittorrent/password/users/chris | 1 + .../ulmo/qbittorrent/password_hash/machines/ulmo | 1 + .../ulmo/qbittorrent/password_hash/secret | 14 ++++++++++++++ .../ulmo/qbittorrent/password_hash/users/chris | 1 + .../qbittorrent/qBittorrent.conf/machines/ulmo | 1 + .../ulmo/qbittorrent/qBittorrent.conf/secret | 14 ++++++++++++++ .../ulmo/qbittorrent/qBittorrent.conf/users/chris | 1 + 9 files changed, 48 insertions(+) create mode 120000 vars/per-machine/ulmo/qbittorrent/password/machines/ulmo create mode 100644 vars/per-machine/ulmo/qbittorrent/password/secret create mode 120000 vars/per-machine/ulmo/qbittorrent/password/users/chris create mode 120000 vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo create mode 100644 vars/per-machine/ulmo/qbittorrent/password_hash/secret create mode 120000 vars/per-machine/ulmo/qbittorrent/password_hash/users/chris create mode 120000 vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo create mode 100644 vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret create mode 120000 vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris diff --git a/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password/secret b/vars/per-machine/ulmo/qbittorrent/password/secret new file mode 100644 index 0000000..0613fe9 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:Zil+Z4/i+x4R7CE5VdVtgNrCP1XC4R9Z+xIE9j/2+/MRlzXkIgiESbL8MJ4cf4o/l++qmTsAf9/OrZKOAz28z0zqV5k6+rFeKLbL4W/68t6CVxaCoyR9iHMKQ+ekRasYTw2dkoO+Cz4mEpx7Eu4AwVXrmZqqFlZbzJcndmnb0/TS,iv:8dHrt2oCqOJ4Tk6QAKkdKFwFcnmbaFbJTG9zqPpJOjk=,tag:1F9jQgVn0ub3xedcB553eg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyalRpZjZvYllNc0c5U21L\neE0wL0VIam0wMzZya29lSGlvMDZJZnZRVWpBCmE5R292K3B0NytxMUJ3VDJHM2Jm\nS0RMdU56UCtJNFhzNjljekx5UDk0ODAKLS0tIFBuT3FreStXVjBVTVg1ZHA2NUk2\nUExmQkhqMUh1cTQzcGovZ1EvT0I1STgKdLgTr9CzY4nNgTHG1I06BjIhpdm69KnX\nstKiQGU4fErCImczD9y/lOjxk9quzeDkIzeQXQQrFlOMajUp+71kHw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T13:38:13Z", + "mac": "ENC[AES256_GCM,data:EfDX0WLrlioxo30Q+EO9cr+TU61uoXqsJKAU+vw3061zLyTcBaGdRsVvdLoc+QJmPhkkexckdQ7Opx3RbmB1ZnapUIro5p29E2LfI9F8EwaBDgjXwuLZCT4cZhDSK82N08EjheZVBt4Qh01SUCDmHid7GfsUg+NFy5yEDLPD49w=,iv:MasFIYyFn1X/hKLB6jlYb/8sEtMWGK+OsShDQcmvHyw=,tag:0JOItoVaiR15bAuXq8Salg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/qbittorrent/password/users/chris b/vars/per-machine/ulmo/qbittorrent/password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/secret b/vars/per-machine/ulmo/qbittorrent/password_hash/secret new file mode 100644 index 0000000..1e4c040 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password_hash/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:0g6GmQVdK/GlJImAyl962oa0yhl0/Wd1uXWur1rZY3vgW3czUX+Q4IF6JjcQx7+FlpcitXzrPrU+mZBZcl4Ze341V2b0/MoLPIrbzFIUITA5k5XsXeedgpmcumwOOCtdqjS5j2/a6n6t1oca+6bdD+RDivZBNnDwFCWAIP2m,iv:60l1yeiAA1OhdWiVtWE3EExsVjgCIl8rDIfDAmc4VwM=,tag:pflXtNXYsfosCpZsIgeclQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFL1JTMm5zN0NhbHViZXJa\neC9jZGxMZjk5anU3ZWtzNzVvYVJRS3RIVDNFCjVlTFRrSW5kMVFlditGallvMFB3\ndTBpdnVGOG03UVMyUzMyUUY5em5FSTAKLS0tIC94SHdkdnFUcVBHYTc1Vm9GZGVp\ncitJYXNWbVpvL2JKdFliUG91MTk1djgKlTRNLFSsHMOT2AmgQgygIdbjR44C0AgI\nzSagPBddT24sVhwISfv3UexfGaczsRgzLzOE1fnbtNQqTLpfp95DiQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T13:38:13Z", + "mac": "ENC[AES256_GCM,data:96S2IMu/ghgNdEkQrchaFhUZcvjwpRefrEcQkAqu+J4XFHH7x1I6P/ZmLkqcbHToi2U4/OKivy0cWMeMfDLNgYNbvE4VzBoAjRo9Icp2Txqg35WylzzciXZlQAQa2J1gA4Xt2CVM5mDm5eCA5qU9h1LEErm/vQqtb+YFmieazDQ=,iv:bI1FPNJHWKHj4zT68yN74FiF1gQvZGI7MIFbi4jyNb0=,tag:hqlWh5M7D4ThvYbTvcptWw==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris b/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret new file mode 100644 index 0000000..6450975 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:WTrXpggDwhPR3A6cLcR29CP0mGbmopLjjcwVS6aBAC+w7TM7rAk76isDxMXWRObXo/yypsjyxvhV02oNlTM5jRxlHCOXjA4blObQAJLCGNwCifHYEt+jH5tmQQqW/VlCbBSqHKr1kR3nO+kTSRIpG8ovNUAd4p6ET1mHNf8m83tHpqFtHx57x5BPgiPTN5MsPDuf3T5g4mI1++QALM7ApQwM3/jSQpHdsUdWQvUEp7cDbY4cw6eCRlBxJVRLtApsfFVKqb0YTp1xc2nA//QtLgUGcoK/OOkxM/H64A4BQTnRyvHsvv4h8VJb2vuuk/Fgjwq9JJB/RIcfPrtCRJ2TBXdQHQbflCXF/yAhiBW9cjiHic7mi6V/ujdw5x04vFkxS4PZjhVvCx5t56nD/JfB+L6xUnSLTvZlS8eF3ALY2lRXQfgAQ1AWyAJPuFksCL5qUsrsXQ==,iv:BPdU3VzHho9LJzydouolO/hR4tK2R2KbSL2NTfcAqVg=,tag:sxemTZ12AVoR4ClorLnCOw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTUR2bjQzREJ6RTJEYzFr\ncHEzRGk0Y1NFMW5zSlp2UmRhM1l0TGVJVmc4CnlNSmJEQTFuZU1iTW9USklBcm5u\ncjFrL1RCQzV0bGs3bmt2NlFQU1dpWUEKLS0tIFMyRHk4SzRaOGZxUlUvUm1iVllq\nakI1L1ZVaENZdTNWTkx4ZGJsNUZJYmMKdcPQbwHlTmEy//yL2OwDuzWeEmBHfjge\ndx88+g7PS/fnEHaRsq1YGMZlB2vJ6WbL9qEv4wfrNMOkACsDCYoKlA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T13:38:14Z", + "mac": "ENC[AES256_GCM,data:Mkq9fbDtql7DGrssvd5Cg3IzVSTnoM0DRJ6CXEAQdEJYDe/Gw7dDDTSC5aNjt8cK2XIYKrKyqzbRkNjjyNgHtSu1xyUGS8KiZDaPIjFkIDRdI8iwEQFjQXRPLeBw5ORQRideqrLAeGtjoR4Jf+BdOqfcVSi03Qps63sE7dNzxPc=,iv:rNDtvdddZy4MdMUSkE1zeS6qEUe7cBy7A5cYel/Vd24=,tag:Bnf/wG1OHtehSe8okR7OtA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From 0229b4f81661106cab29e42aa7027e06d083da2f Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 31 Mar 2026 06:02:36 +0000 Subject: [PATCH 18/58] vars: update via generator qbittorrent (machine: ulmo) --- vars/per-machine/ulmo/qbittorrent/password/secret | 8 ++++---- vars/per-machine/ulmo/qbittorrent/password_hash/secret | 8 ++++---- vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/vars/per-machine/ulmo/qbittorrent/password/secret b/vars/per-machine/ulmo/qbittorrent/password/secret index 0613fe9..f609b86 100644 --- a/vars/per-machine/ulmo/qbittorrent/password/secret +++ b/vars/per-machine/ulmo/qbittorrent/password/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:Zil+Z4/i+x4R7CE5VdVtgNrCP1XC4R9Z+xIE9j/2+/MRlzXkIgiESbL8MJ4cf4o/l++qmTsAf9/OrZKOAz28z0zqV5k6+rFeKLbL4W/68t6CVxaCoyR9iHMKQ+ekRasYTw2dkoO+Cz4mEpx7Eu4AwVXrmZqqFlZbzJcndmnb0/TS,iv:8dHrt2oCqOJ4Tk6QAKkdKFwFcnmbaFbJTG9zqPpJOjk=,tag:1F9jQgVn0ub3xedcB553eg==,type:str]", + "data": "ENC[AES256_GCM,data:mM/ifrTA1aSOtCtVJvjF55WOu9SEgN96QqKK7N8Z+qWHHFpoEc1J9KpjKLH6X3pOQawxpSXHcfOr5iEE0tyeXK0+/G0o1w23YlARroqKIqjUK5NkVHH6BlOQEjuqlBX9D37O5N9rbs5BQ0urXUJ4TP1dmWUOABeEVFkWLeSBv1wa,iv:JUfoo7wmBA82SjpRBVGGR4N6SbURmA/raDFMcR+vyzE=,tag:cOu0oz3i1A33/Cc0BlSBMQ==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyalRpZjZvYllNc0c5U21L\neE0wL0VIam0wMzZya29lSGlvMDZJZnZRVWpBCmE5R292K3B0NytxMUJ3VDJHM2Jm\nS0RMdU56UCtJNFhzNjljekx5UDk0ODAKLS0tIFBuT3FreStXVjBVTVg1ZHA2NUk2\nUExmQkhqMUh1cTQzcGovZ1EvT0I1STgKdLgTr9CzY4nNgTHG1I06BjIhpdm69KnX\nstKiQGU4fErCImczD9y/lOjxk9quzeDkIzeQXQQrFlOMajUp+71kHw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSFUvRjNZOWJ1N250ODNH\nbXk5ZklvSFhGR3JFc2tKenZZYm5YRlVJSEVNCjdxK0R3dzFHcUdrb25MajRMVHpP\ncjZtT2FzZG5WS3l1TTRvczR3cHpIdmsKLS0tIHVKK1Nhb3kzRW4vNVV3MVVyNVIw\neVJsU2pRZTM0N0xPUTlKQWxQZ3Jab00K+07ETKcNVJ67in/yTRPadLOBMOt/assB\nRdiraOoaw1W7nKMZ81pw2teV8BUWrl2ZvWHGAk9B5M+LNm2U/nZ/zA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T13:38:13Z", - "mac": "ENC[AES256_GCM,data:EfDX0WLrlioxo30Q+EO9cr+TU61uoXqsJKAU+vw3061zLyTcBaGdRsVvdLoc+QJmPhkkexckdQ7Opx3RbmB1ZnapUIro5p29E2LfI9F8EwaBDgjXwuLZCT4cZhDSK82N08EjheZVBt4Qh01SUCDmHid7GfsUg+NFy5yEDLPD49w=,iv:MasFIYyFn1X/hKLB6jlYb/8sEtMWGK+OsShDQcmvHyw=,tag:0JOItoVaiR15bAuXq8Salg==,type:str]", + "lastmodified": "2026-03-31T06:02:33Z", + "mac": "ENC[AES256_GCM,data:DSIFCYcpJFrIgLUmQ8M0gTFL3aKkwUJ5S46RYUgwn6Lu5BKJMVdpOGpYloinvRYlMHyK+Diva/tL/xnBtjG7Ug5gKqY4NAf/2yZLjO+y8+FMApn4KiTp7Nqe8Q93psJlIoe5ZUGxl2wERuXnmSnmFmfOjAYb6c/XtR+4oTVqvcg=,iv:wRrA2+eHduRpArHQ8ZghXf1LlezWZKuZkH4KGxJ/KcQ=,tag:RrVAzeL6aZEURY9DDLQu/Q==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/secret b/vars/per-machine/ulmo/qbittorrent/password_hash/secret index 1e4c040..d6ae7d3 100644 --- a/vars/per-machine/ulmo/qbittorrent/password_hash/secret +++ b/vars/per-machine/ulmo/qbittorrent/password_hash/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:0g6GmQVdK/GlJImAyl962oa0yhl0/Wd1uXWur1rZY3vgW3czUX+Q4IF6JjcQx7+FlpcitXzrPrU+mZBZcl4Ze341V2b0/MoLPIrbzFIUITA5k5XsXeedgpmcumwOOCtdqjS5j2/a6n6t1oca+6bdD+RDivZBNnDwFCWAIP2m,iv:60l1yeiAA1OhdWiVtWE3EExsVjgCIl8rDIfDAmc4VwM=,tag:pflXtNXYsfosCpZsIgeclQ==,type:str]", + "data": "ENC[AES256_GCM,data:JBLJryQ1s+yY7ukjCdToghQrTEcE3DgEhMSl9eyKQPMARm7EX8/82H07CPHCjYGOb+NtZle3a+AAwv39XKUM6OybOiN484rDa2zV6lvFA5dcd/sbuJH6S6Y43iUbUHnScV7iYX2OGW85dSo3Wwcb5SKbXSb3+nhcXouRi0gn,iv:UQjJhIT4AbYACcmjkmeTnpXgXLAbhtDZoF8JUSfOdH8=,tag:928Qkgls5vGx5pBk0BJ1wQ==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFL1JTMm5zN0NhbHViZXJa\neC9jZGxMZjk5anU3ZWtzNzVvYVJRS3RIVDNFCjVlTFRrSW5kMVFlditGallvMFB3\ndTBpdnVGOG03UVMyUzMyUUY5em5FSTAKLS0tIC94SHdkdnFUcVBHYTc1Vm9GZGVp\ncitJYXNWbVpvL2JKdFliUG91MTk1djgKlTRNLFSsHMOT2AmgQgygIdbjR44C0AgI\nzSagPBddT24sVhwISfv3UexfGaczsRgzLzOE1fnbtNQqTLpfp95DiQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnREhIZmJVTnUvd0hPbm5R\ndlp5aWE4V0doWDVzQzl6aW5rWU96QjZnNXkwCmV0SlM5NXFFeisyVTB3NDAvMXNz\nZzRMcmdyM0tyNkttVU1xN3E2cEtMYmMKLS0tIHJXWW9BRjIydlVmYStnZXIyZnBh\naCtYMWpwVWlJK0IxUWRPdEhVMnVYencKom7jxQwua8Poe4d9wR8sMXZCQQYM12YW\nR8hxaVFwXMIrg6qMRwTK2O1m/fkcVCV6qidjsLERb+laH+W8Nn/urQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T13:38:13Z", - "mac": "ENC[AES256_GCM,data:96S2IMu/ghgNdEkQrchaFhUZcvjwpRefrEcQkAqu+J4XFHH7x1I6P/ZmLkqcbHToi2U4/OKivy0cWMeMfDLNgYNbvE4VzBoAjRo9Icp2Txqg35WylzzciXZlQAQa2J1gA4Xt2CVM5mDm5eCA5qU9h1LEErm/vQqtb+YFmieazDQ=,iv:bI1FPNJHWKHj4zT68yN74FiF1gQvZGI7MIFbi4jyNb0=,tag:hqlWh5M7D4ThvYbTvcptWw==,type:str]", + "lastmodified": "2026-03-31T06:02:33Z", + "mac": "ENC[AES256_GCM,data:ikSkLjZtN+P5mOtljcOVo9oEIGlVi+mNO2nURtAgosN27TmQUA5lysUNAZLROD0UsnJAsghXCK4tt9vF68jAOPkBtAnWgL59hgoZcBSiOBr7oRxd4WIGXLhyqPlcDJV7VevNJWl0JLk1NA3+3HQZho4YUzQUNs0GtiBoJj67Uqc=,iv:nPLGU4UHCmY4MUP0j6ZXWyMmyAvs3xNMzKDcgoWo5qw=,tag:JMqKvVHVVfNOVt/TQu9kYQ==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret index 6450975..054243b 100644 --- a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret +++ b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:WTrXpggDwhPR3A6cLcR29CP0mGbmopLjjcwVS6aBAC+w7TM7rAk76isDxMXWRObXo/yypsjyxvhV02oNlTM5jRxlHCOXjA4blObQAJLCGNwCifHYEt+jH5tmQQqW/VlCbBSqHKr1kR3nO+kTSRIpG8ovNUAd4p6ET1mHNf8m83tHpqFtHx57x5BPgiPTN5MsPDuf3T5g4mI1++QALM7ApQwM3/jSQpHdsUdWQvUEp7cDbY4cw6eCRlBxJVRLtApsfFVKqb0YTp1xc2nA//QtLgUGcoK/OOkxM/H64A4BQTnRyvHsvv4h8VJb2vuuk/Fgjwq9JJB/RIcfPrtCRJ2TBXdQHQbflCXF/yAhiBW9cjiHic7mi6V/ujdw5x04vFkxS4PZjhVvCx5t56nD/JfB+L6xUnSLTvZlS8eF3ALY2lRXQfgAQ1AWyAJPuFksCL5qUsrsXQ==,iv:BPdU3VzHho9LJzydouolO/hR4tK2R2KbSL2NTfcAqVg=,tag:sxemTZ12AVoR4ClorLnCOw==,type:str]", + "data": "ENC[AES256_GCM,data:QmSqL0OQvu2l4NsJHfI/SaEk2Sdx1jMf0AKbbxmPaGnSnN3O3c2ATrIwgTHTumLankI/uXxbrV5vIXTpJU5oSXjbv+Rx0hU+c2Tic/E8ORX1/1SW50Y0ax4IxFat6mwhndte+4dX00KyCCnaRDvnFlR9Eag1C9wQY/GwAeMJY6Dqv9oWSBVRsIONatSogYZ9mTk5ueDrPbfBbVzLKs/5ZbA3RScxKOe5fiCiZ3RQCdPbrd356rGwCzD/k008zGxJkW7aeFxBhpTy7XRKhUUjw4gH7FOwZ71qFlYxvNkOu6QnpFXez3ks9fAIBL2uMHlQfARZGwm84MdEOHCPKq1TI6NmKsqEfXS91hW5iKvH9KUa0FOEhFHY5W6tR1gx0zfGvjv1ofqSMdUSBhHPOuc3HouBK96MzStfyNzePGuAMbsAC+ogn2Dsy55KQiHKvnAW4G1gvQ==,iv:4QN2aeK0jbbzR+qIHHSCLV7/OnZ3vQAHpUovlmnftno=,tag:vFMX8Ep5xJz8eBlQmKXCxw==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTUR2bjQzREJ6RTJEYzFr\ncHEzRGk0Y1NFMW5zSlp2UmRhM1l0TGVJVmc4CnlNSmJEQTFuZU1iTW9USklBcm5u\ncjFrL1RCQzV0bGs3bmt2NlFQU1dpWUEKLS0tIFMyRHk4SzRaOGZxUlUvUm1iVllq\nakI1L1ZVaENZdTNWTkx4ZGJsNUZJYmMKdcPQbwHlTmEy//yL2OwDuzWeEmBHfjge\ndx88+g7PS/fnEHaRsq1YGMZlB2vJ6WbL9qEv4wfrNMOkACsDCYoKlA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRjlwVmpOU3l3aXIybU5N\nckJrb29rZE9OS1dQTzRSVitCZ3pIOExUM1JnCk1vMWZ3THFXR253L3Nmc1g5NnMz\nV2Jwc0VqYWx4eFJLcTRNMDh0V2M1bkUKLS0tIFFLdFJIclVZMmsvWTFKSm9BMDVj\nb3hrd1ZNL00rNHFTc1d6azYxT016NnMK06sT9B1bV3Cst+SQsZWhFAxxN9wEzQ62\nEMfKu8flDkpXOfYhT7O5gjMMYmC0m6UIt8Gth0E2PQsqx0WfcoshIw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-30T13:38:14Z", - "mac": "ENC[AES256_GCM,data:Mkq9fbDtql7DGrssvd5Cg3IzVSTnoM0DRJ6CXEAQdEJYDe/Gw7dDDTSC5aNjt8cK2XIYKrKyqzbRkNjjyNgHtSu1xyUGS8KiZDaPIjFkIDRdI8iwEQFjQXRPLeBw5ORQRideqrLAeGtjoR4Jf+BdOqfcVSi03Qps63sE7dNzxPc=,iv:rNDtvdddZy4MdMUSkE1zeS6qEUe7cBy7A5cYel/Vd24=,tag:Bnf/wG1OHtehSe8okR7OtA==,type:str]", + "lastmodified": "2026-03-31T06:02:33Z", + "mac": "ENC[AES256_GCM,data:JYeelZkxYyfciMcksE3b8YKfefzlTJc4Piua8A1Lg4O2Xqz5TpZ7sLyAiqdkKAQsorFYnIjGwhIHx9PrDme1+oioCHJqCsO9Kqs9RLcwVZbBIw+UKlFdc5wNLc55qvP3GSVMLO0/IuXETaOd6IVzFxX76EJT4LTOF4Vv1pz/ymU=,iv:Sll8IvjiGO5kPbdEDXry8j+0pSMIioeIx4LrcfpyUxo=,tag:tGnRLCXcCKlifLp8JNcE8g==,type:str]", "version": "3.12.1" } } From e21de6d1dad58d19250812d7aa86b66d2da3486c Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 31 Mar 2026 09:08:21 +0000 Subject: [PATCH 19/58] vars: update via generator lidarr (machine: ulmo) --- vars/per-machine/ulmo/lidarr/api_key/machines/ulmo | 1 + vars/per-machine/ulmo/lidarr/api_key/secret | 14 ++++++++++++++ vars/per-machine/ulmo/lidarr/api_key/users/chris | 1 + .../ulmo/lidarr/config.env/machines/ulmo | 1 + vars/per-machine/ulmo/lidarr/config.env/secret | 14 ++++++++++++++ .../per-machine/ulmo/lidarr/config.env/users/chris | 1 + 6 files changed, 32 insertions(+) create mode 120000 vars/per-machine/ulmo/lidarr/api_key/machines/ulmo create mode 100644 vars/per-machine/ulmo/lidarr/api_key/secret create mode 120000 vars/per-machine/ulmo/lidarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/lidarr/config.env/machines/ulmo create mode 100644 vars/per-machine/ulmo/lidarr/config.env/secret create mode 120000 vars/per-machine/ulmo/lidarr/config.env/users/chris diff --git a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo b/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/api_key/secret b/vars/per-machine/ulmo/lidarr/api_key/secret new file mode 100644 index 0000000..9842058 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/api_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:HbbfyZGhb72fFGcw0Wni2X4vWZqR2acEOBh9C10YNolsBwmbGKniHVOQf5eq6H0HUZozvfFbI+jS92HfYPxLEOtzWdD/hyULPwYR8Q4SxWs3KfY/XeMAHupY1Qfmr4HmwgPDpH2wpFIlDACIQG0FhWpI4nplONI0krVdTRWrFvPN,iv:xqDL82zsYPTTl8yOOzgdkATqZO7Y/JNsFyk12cC4We8=,tag:GS/mTcPvJa1NV/PEWdAK2Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUERwbTh6NnI3b3NvaTU2\nZmdPRmpYTk5aaDNJZ0dqYzBXcnVyYlFlNm5NCkoyZm1wS2FGb2Fza0FaMFVBR1N5\nTFNETHRGTWlSYlZaWVJsNEZ2eWR2bGsKLS0tIE1PcktjRjVKai8vU2EyUGtuMUNl\ndFlDV0VpcitwaXJSempZNmNnMi9JK2cKnCCyh5c0OZLkmJMse1g3OCzPQ+XTdkyy\nqfmAhP6O6amjpfvCcD9s0dOrK/hq/FK4l9Po+qnLkGej4pOIT50WsQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T09:08:19Z", + "mac": "ENC[AES256_GCM,data:EvrqaArhAzzQe/pYslQmstl6TedPiV4a1L6IOD84cJHt9s7qCYFbweRsea398T53dcCtdhIPlU3QyjVJpGhdyD+ekjc77oqXgqwG5hQhMvUJuTvwQXLA+v6acWsfdTu8bLjjCIfMc4+fcqKjcLGGHpPaz3RxL8Su/uifrV82u4M=,iv:Vc6zqz+s+wY1e46ogsqaiilzRfUJYbMDANNrifleBFE=,tag:pTaFWDj6baVHtTBHkledHQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/lidarr/api_key/users/chris b/vars/per-machine/ulmo/lidarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo b/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/secret b/vars/per-machine/ulmo/lidarr/config.env/secret new file mode 100644 index 0000000..f382ec6 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/config.env/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:O4+z76Ie5c501CYdmj17N38yEH8bIXQB/kh3u5zTpmChcUEE1M0PIy3VqXuE2YMxscs9bRlph0qBELBADb+HP5BHTtQ3wBZGNGU/qxnyMzZPy64rhXamBLRlC6lgoKfzLt+tQXprWscwJtbfHrHjNQRMAKLNFMIkpwRb2jlmp84fKFuScFSmQ5UoOrvaTzlsoEYajtBd,iv:9eoLX60eEA8DdRWiPPTWRee6blqTilD2Q0UlM2PNT24=,tag:yhfQW3mb0K9phGl8WMN37A==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dU1la3lNSjkvQjFrQW9S\nYkowRGhyYlA1ZnBGMzBUOS9LRGtXcmhLeDNRCkdUVDFvNUVSeFFzK0NDS0lzaTUx\nT0l1b2tPelIvaHJOSmRVM2U5Z2lTcG8KLS0tIFVjVUtNNC9oYUYwbTRDV2tPQXVy\nY0cyTklIV3llb0l2TSszSjJ6R3hWc1kKIKJYEg/xHztKo4mmXXym/yTu57MKdk/k\nPfyVXClBxAGjsLzNHbEcc9RNbaIhTXiQlL/bkuH6JvLpeFlKLuLDGw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T09:08:19Z", + "mac": "ENC[AES256_GCM,data:ZVcelcvx10+4B1voC2GeBz9FPTypbCp+Zp0QaI5G0UgtD9vLm1W6fT/KysreEqLknlqTN6oqadWS0xCpV2purLu7VLnnfjsjfObod0TxwKf90bi/sG6U0t4kIB/F437WRHai5aV7MWtsXFdh7GuYnpoueqXW5C/qUlKYNJ5eOFk=,iv:N9vbG5HGOS52Z/tvwwr+j2bty0Hqx/Kdd6Q9YI+Xujg=,tag:UL9RzZjl2Vapma/Tel3XpA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/lidarr/config.env/users/chris b/vars/per-machine/ulmo/lidarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From 163f4a022e0655a6061eb920688e22cabb6c1242 Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 31 Mar 2026 09:08:24 +0000 Subject: [PATCH 20/58] vars: update via generator prowlarr (machine: ulmo) --- .../ulmo/prowlarr/api_key/machines/ulmo | 1 + vars/per-machine/ulmo/prowlarr/api_key/secret | 14 ++++++++++++++ vars/per-machine/ulmo/prowlarr/api_key/users/chris | 1 + .../ulmo/prowlarr/config.env/machines/ulmo | 1 + vars/per-machine/ulmo/prowlarr/config.env/secret | 14 ++++++++++++++ .../ulmo/prowlarr/config.env/users/chris | 1 + 6 files changed, 32 insertions(+) create mode 120000 vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo create mode 100644 vars/per-machine/ulmo/prowlarr/api_key/secret create mode 120000 vars/per-machine/ulmo/prowlarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo create mode 100644 vars/per-machine/ulmo/prowlarr/config.env/secret create mode 120000 vars/per-machine/ulmo/prowlarr/config.env/users/chris diff --git a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo b/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/secret b/vars/per-machine/ulmo/prowlarr/api_key/secret new file mode 100644 index 0000000..6470c17 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/api_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:kRQf0fU7aayEFxh57PqwT11aI+GytZFkpIS1Fl4lCbf786K9uBNkNjrKn9FGJjf/bWl+28a30SiI+x1SJIDmB0Gx+twaoH0uTx7xzniMQ6A+mqUihe7qTsuqJZ+B/z4kCQn/4+ig8f3XcgHjx4gp9Ig8d4YlnBHBONCM9d1Mnrd+,iv:g9jb9soLfS71wB5u8+I7ozGNvmCx9rTa09uEZT0pIyI=,tag:MJrJSogPgfF2V98BY2n7Dw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTjZEUm5oaUZVcmsvU1ds\nTGNueUxyelNPdm1OMTJMOXZPSzNrR0lTQXk0CmtvT2ZxamlrNUdKcmRnWCt3RjZo\nUUtYS0NTYkNXVXpvSWwxVi90Zzh1UnMKLS0tIG5xQU5pOGZ4QzlTdWNjK3Zacmpn\nV05vUjNYT2ZNdmZKemt1bWlhYVhsL3cKFsAZB2rTA84FLcSIMIVdUIWIg3RNFtmW\nj/CUcHwqIlNa0syu3DUIgKCCWLGqeFFyIhah0XgrJPJl74NG8aU+OQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T09:08:22Z", + "mac": "ENC[AES256_GCM,data:6PFwnAOBZVLuhw9DV7sNTxEi80C7nXYvRVjxK9sIbq5N10J6LoGW79VgXOfUOWaVzfjkfPV5QKgKiNNJpUr1rbxNms9oBX/nF7HqB+oPCNfhe8EKBYBiOJw0ijYbLKgHO1N1KrSbhIAlRwpOqYGHxTOEidBhKkSbr+fUHqRUf84=,iv:V4N2NWjT7KMMjL50fOlJ+I75X9+isf75+vx1L17HJyc=,tag:cabQTDqazYLC2zrRrmYNjw==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/prowlarr/api_key/users/chris b/vars/per-machine/ulmo/prowlarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo b/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/secret b/vars/per-machine/ulmo/prowlarr/config.env/secret new file mode 100644 index 0000000..784f19b --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/config.env/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:wK2BUSJ8t7xruSMgMpLr6QnX5cUFdwdxYd5Bv3yozFVkjWi7uooc8kHfIRVEjjNsi9TDmlBXg3watv1pMd/XisfKYw/syFzVf+R84Uc0eLpdXZtqdmoii2rQ0X0oBo+9jnVtYCtq/CPaE5QsDh62xzTHCjgk+esQLBqpMbGyCM1gJehU0UT4/I4aRotEANN+FDIMCMEWQu8=,iv:97NU3qoVFX7pt6Oel8MYzaVpxJnXAGg9anMH7A3I0r4=,tag:Wjqp8dt6kbC+n2saCAUMdw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZlNUVm94WUx0b0cwREhl\nVk8vZmR1YmIwZnZPZnJ1cHlMQ2FPaHFiOFFZCnQwSDZyRHhRQ3JXTWhvZ29UTUkv\nTHRvejFjTUVkdWZBaUVsQmNiYUJlakkKLS0tIEVqWmlZSllmUXJ4SkhnY09kV00r\nQ3lhbllsclltMEZ2eFFLQUZKYUdwWG8Kr4iQGYLocVJX48XoVP0ZC3oFYkMueFHG\npRbHTWd+epglbWB1kkjdL89CpLyueJKX/MfNR4oW6RUvs9m73oQIvw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T09:08:22Z", + "mac": "ENC[AES256_GCM,data:VwG47hA8cFNni6L+3eSkg8EUIybu5cSRgen3x23Eumehib1ojdyOhER/VO20VouhXdpszZxV/8j7ddLpebgBWgxQNzj4BAdPf1PwuYZMJ8jpHIcu47qgMpixjj8kedn9hyniUOAycB2bODfkXBKjTvfNxw5pLVUlLL1EOnNvQH0=,iv:1nV7aN+KCJ5TAjy26eBr+lPAjnVYH+jSOTgcQq5d9XY=,tag:NRqMVUdDlkNqd6Nc/Fqj+A==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/prowlarr/config.env/users/chris b/vars/per-machine/ulmo/prowlarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From 6b2ec0565a14f9aedbaaf83f2cf609ccb1a4883a Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 31 Mar 2026 09:08:27 +0000 Subject: [PATCH 21/58] vars: update via generator radarr (machine: ulmo) --- vars/per-machine/ulmo/radarr/api_key/machines/ulmo | 1 + vars/per-machine/ulmo/radarr/api_key/secret | 14 ++++++++++++++ vars/per-machine/ulmo/radarr/api_key/users/chris | 1 + .../ulmo/radarr/config.env/machines/ulmo | 1 + vars/per-machine/ulmo/radarr/config.env/secret | 14 ++++++++++++++ .../per-machine/ulmo/radarr/config.env/users/chris | 1 + 6 files changed, 32 insertions(+) create mode 120000 vars/per-machine/ulmo/radarr/api_key/machines/ulmo create mode 100644 vars/per-machine/ulmo/radarr/api_key/secret create mode 120000 vars/per-machine/ulmo/radarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/radarr/config.env/machines/ulmo create mode 100644 vars/per-machine/ulmo/radarr/config.env/secret create mode 120000 vars/per-machine/ulmo/radarr/config.env/users/chris diff --git a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo b/vars/per-machine/ulmo/radarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/secret b/vars/per-machine/ulmo/radarr/api_key/secret new file mode 100644 index 0000000..962bf05 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/api_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:cNdXQigG3pBPGgiWNLkGx/VNE1M2U6YgJ1Stt8NUhRqNCNPdywKOFCA5tKRtjkb6QIH+ICMX1Ct8W13xN2BuQYsv71ighywH81VmYHCxoMApgFK/Jc2Kb9y3kdLY5CvHXf87UJlUo8SVtJ5EpL3iMLNWQJUD5r2/bYINlFwXkeqy,iv:xHyO07zaBu4nHHw5dGj7ZYdSNrkOPt11XMPQu86QGyw=,tag:cXcIni2K7c7ImEbVi6ABkg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRGpwaEpFV29FM3R5VXN3\nUHNsSVQzS0tWTWhKVWQ3dVkrZENONXlIR3hjCjk4bHhjZmRyZmV2RmhFUVNUMGcr\nRm9mR2FjOU1pTFU5TldsdHJuVWh6WWcKLS0tICtZMTh2T3NCYXNNRzhnZ1pwM0dp\nWC9jZnE1L2tMWjlwRFdhemUzNzVIMU0KS0A5bF0mbXOMliCipJhF98ooIZPtQ2SH\n3utUInxWocWXxtUpUTt5T4HWeacNYQ2XY7OTn/G2xz/wqgtnJg0eeg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T09:08:25Z", + "mac": "ENC[AES256_GCM,data:zy4toD5Mi5GFldrZpj9LaYnFZ6AhpKE+gMGmlnlfuxshpJniyu+8LiBEhx2P1RBAfw1d1Sl4ZYyj1cKGuru2ByMD21W3RzXmsiDrJTaAsA3HDFh0WLHnapBuhvEMVK0bn4TAeAn45+Gx5fiiQBX+UaNjA+zhzCm6KWixd50p6OQ=,iv:TI01AQeTXJR9+5kowddyxyGneK80z6zVhwjMSjD0S3w=,tag:QfokXV71TayFuZP9x+SE3g==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/radarr/api_key/users/chris b/vars/per-machine/ulmo/radarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo b/vars/per-machine/ulmo/radarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/secret b/vars/per-machine/ulmo/radarr/config.env/secret new file mode 100644 index 0000000..e781a27 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/config.env/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:9x6/mvl0KqctP0NYLOiF1tz3wohlbqrJn9qrW1YnwEhXvM6idlUhqcD13FVVsaCwQofCAgVhPq+wjcqsFqsTbLlQlgD+BIz8nqvmq+IUnfAxqSgVLzwjegPIAVbb1vTCaneUFm50CtC8QGpfE4A9DQOvyER9G0TpJ5n3zeFBWFXlMMHu4rxoolIjL1AfrcXY45rlnIko,iv:HxGdEqaAWm7IY67FkSU1vwXeOQ3Ntfk28uHRhjTOzSU=,tag:3kVkX2ZDT351hR/nF6ZP+g==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcU5DMFNjNGl1SWV6VnNo\nQWU4dDJrbkJWaTVvTDY3YUxaQ2JXRjlsa0E4CnJoaWFJOGlyM0dBeHRQQ2Q2QXV4\nYVhUWGxueVI0WjY0WC91czVQcjMrcncKLS0tIFRPaUpyblZGZVRsVUhaZmpUWSsr\naEU1OEZMZnRBTWJVaENnQTQ5S2pOSzgK9mhU+zWYnmtHll+oQg04ieplFgW4z2j0\n6RT95UWy0ThPuPe0vEEjbzAeXDQ6qmtvE+IgWs0NILRY7TL801B9oA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T09:08:25Z", + "mac": "ENC[AES256_GCM,data:P7Zsb4y8KMCepviLcIfiZD+UyNHR6Sxby+D4IkSLpT8cq86zVdBARbuR+jTgvAsH8JNfKMsYd+UQD8saowuZTPLDzphfkNpzHc3VBkBhIFraNHK874tCyRa+a4SElqdpAF/aPeCpixJsE6uX4us7YnCuBTZjIgZjygqOkioLV3k=,iv:hqEYp7zlTt+3cf3vpAYOhXfy6BY+oe91sA6Wp3LJAbI=,tag:SJwwTDAdETyTErvvgtqvTw==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/radarr/config.env/users/chris b/vars/per-machine/ulmo/radarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From ad257222493fa20e9384ee6b6ed1740cc08993a5 Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 31 Mar 2026 09:08:29 +0000 Subject: [PATCH 22/58] vars: update via generator sonarr (machine: ulmo) --- vars/per-machine/ulmo/sonarr/api_key/machines/ulmo | 1 + vars/per-machine/ulmo/sonarr/api_key/secret | 14 ++++++++++++++ vars/per-machine/ulmo/sonarr/api_key/users/chris | 1 + .../ulmo/sonarr/config.env/machines/ulmo | 1 + vars/per-machine/ulmo/sonarr/config.env/secret | 14 ++++++++++++++ .../per-machine/ulmo/sonarr/config.env/users/chris | 1 + 6 files changed, 32 insertions(+) create mode 120000 vars/per-machine/ulmo/sonarr/api_key/machines/ulmo create mode 100644 vars/per-machine/ulmo/sonarr/api_key/secret create mode 120000 vars/per-machine/ulmo/sonarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/sonarr/config.env/machines/ulmo create mode 100644 vars/per-machine/ulmo/sonarr/config.env/secret create mode 120000 vars/per-machine/ulmo/sonarr/config.env/users/chris diff --git a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo b/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/secret b/vars/per-machine/ulmo/sonarr/api_key/secret new file mode 100644 index 0000000..d9eb063 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/api_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:idOrTA5FVhBKOOMva6rIl+kqYYN0EzSY3qczSqmgghjuGLVnzxZ2FdLRY9GwH1Xih8NYu/GFbeyL1XTt/Dt1fcB95dX7qw+xUHXVy78FYPy33L0zWXAYhLkzWZa2ijJfNgTxd/W8M9giYA0XDntKfQuGZve2UJAsu9+SjeZAmwD4,iv:81Q4jVnlqqQEyMkswBAxm7vrHYyw+afdxmP8BDdDihU=,tag:Z0zP9XsXfUE4O6DS0+DhGg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEN25BeHdpYlErYnM2ZmhR\nQnlqYnJvUHNpSGlBZGxxczVrSWwybG0xVjBVCmt4aFdJRjliMGV5U0gwSHRoU2RP\nZ3lVejlYR3lxSzhxeG1HUGFxT0EwSjgKLS0tIENSc0tSbHZCOVREalhKYUZyMmtP\nZHZPUXdFNC9QbXdtL3Z1MkJieUlPSUkKXANMJ1efR1D8bCG9I5Q8vmSowQ0p4j7D\npdBxoJxuo4yB6J7gpUuS1aQmGGw0+7OVSg5cQmQoeVMYimXGtHNb4Q==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T09:08:27Z", + "mac": "ENC[AES256_GCM,data:onx5LMoonmZSDTorBl8iZkCi0oszYf/RqqJhEUE3Vi+5mjlAmfXwKUTnFg0EIZ3Rb83bxJ+WR60GDbyVFbBMhaBxs2zkc53JieiuzH1Pdz+79EvAcG2hAdO4koPvWQYxrdw4nTi4m4V324jAHPsCgEvSaRH9RIuigYuJ429wOZ8=,iv:o0LLukrDgr0IN3MXlevVGzznRldaCeL9lAZTEN/GZ9c=,tag:8gMZYf4q+9EGHLxSox+2Eg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sonarr/api_key/users/chris b/vars/per-machine/ulmo/sonarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo b/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/secret b/vars/per-machine/ulmo/sonarr/config.env/secret new file mode 100644 index 0000000..0960548 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/config.env/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:Ys1NFOkYt3IMlzvTdHZqloVMh0TfB3C2LFJpOjDHQoL4hSa6PcsNguFQW0wdegxyKjo60vloeYKo0LRAzq/iBcUBQGJaXTnQTDQOtGAJpmB541BPRwgKxiwXry98GL+E8uuCYR1uidHlNOytDEAUOAUBAS5bX8FKOLlD/qZLu3UD75uP7IriMnCfhMibbMNUU7M7AaFI,iv:shfnbi0jTQYi6NcUvN/MQlDktfdZ6CB9uoUXE/r20IE=,tag:pP/Jc3n+n6ZulRbLg6UPsg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVWMrNzdnNkxqM2VYU3NI\neTQybDRoeStodUZvS0dGejNsODFqUXBuYVJRCnR0dWxzL05GeUcxK040ZXZEa0RV\na2MxMjhsZk44ZGVwakRuMHZWWFQrcXMKLS0tIC9hMkE5YUlYMFVoSjlNVUc1bXlt\nY2hhYnRFL1N4QTh3NmJ0Q0x0Y3BRTlEKosiaPw0LRpy5tcw0I/7w0T/+VR4ULi3F\nXStF3s+lzZFtjtvJXlAquAscSS92AydOwKgK9R26Zl9/7vAWehce3w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T09:08:27Z", + "mac": "ENC[AES256_GCM,data:5ioLLvUqSaMHEfwQR6LgE8sGhzklUmX6BAlJVh/m1GOPkt1CjZ4IT76Or2Q7zY66jBUyIIVoTsSnMo7kGNQTLwHYj3T+meYgbZmD9dTUE/zHj5t8t6H4VgfNuyT6Mxl8SKWMb0fJP2cgDt1Asz4O4g2mDchMP/9BMDGbPOM6AuU=,iv:at0VHtc5pdbnGvbxcrrVS83svlJjI+LoaoKRwZW4uM0=,tag:dXf/zL3huq21Wxm39BEiuw==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sonarr/config.env/users/chris b/vars/per-machine/ulmo/sonarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From cb30a0ba8b9b29d78bbb5cb8d6cac9d2ee3289b6 Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 31 Mar 2026 09:09:56 +0000 Subject: [PATCH 23/58] vars: update via generator servarr (machine: ulmo) --- .../ulmo/servarr/config.tfvars/machines/ulmo | 1 + vars/per-machine/ulmo/servarr/config.tfvars/secret | 14 ++++++++++++++ .../ulmo/servarr/config.tfvars/users/chris | 1 + 3 files changed, 16 insertions(+) create mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo create mode 100644 vars/per-machine/ulmo/servarr/config.tfvars/secret create mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/users/chris diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo b/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/secret b/vars/per-machine/ulmo/servarr/config.tfvars/secret new file mode 100644 index 0000000..e598362 --- /dev/null +++ b/vars/per-machine/ulmo/servarr/config.tfvars/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:R1/Mc5QxFI/hW/moWKy0l7ITvv8MAzXvr6Xx8PCReL9XxwXtaz+oam8LnSPnQo4Utl6LiMoSpz4oKKze+w4bgXpKPMXyMTZKS2rFyTINstegVhaULZz/5jCr/DOEquqgSQZKz/0QJnI4owoWy89MDkixJl+JxcVOMhlz7ICP4cxuqhEqNoRLqOppWLDhhXGowHWPqnEs4XVHSoEIYtJaWl6G2InEAL7PfHh6lHI4lYYliVVINp9UWG0yV0jb/GulsI492wcZKG2G5SkNMM4jyA3sK/2UpKOyuHsRJ5TGkjF5OgSu4kyIMhDtfZyoLVPdGAgZlNJ44L17xqQhlbTkO4iJ70lgddjCf5w7f2iWw1kTJqC9bZjreS77OkSb3FLOUZjbEkGPQiAcuYiB+eV8DwzuLCv4kws0vG4O19+u1myoPx1dVAVhcpJwdFVH09U9z86+ea2sWIQjst73LXt2zL6t185U4nzqbRDSwZ0DIwxi3ledPC7Xj8HDwdeHnGTdfRQeN4wLrul7jM7ZgODykcAQM6VbRF6HzQW8h8jifYOFgElSAbEkWCNj30vJo+bu5FLpbkxRizgZxiDr94K7vFXVSH1sV57lKlpaq5UpcmcTAgxcUl8+O3KRP/3/MLR8X0dp+l3xvwCJed1Icp1ihWf+9vHDzt1eo4pi5MXNtDt18mRiNh2hAYlf6klvV7rbWy4ScZzxHH2RnA/HXlE28JoAiW4MlWmjqVuZ/IzelZuUVrwNEolHkqUfZADnGTUsUXg+yhpJWtPdW9sYr30PlKeadapYdivh1fyKPU/9QE6KlQLL5uWjaHROe15QoPr5HrY9krfEzte+5DidxYa6vX5JEPxGSbVze+EpTGH8zDWJFrbXtkf//UEO5YGzctmUHi1NZ5f1yWQplpLZDDHc24svhVd4czfg7BoaqKiFRHkXjTTN4nuZVe3AIzBoNBbqDZnHmWASdqXRfyyvEHWeLDcJi8P5ZD37LVJVbZqzn76AztED2bUgSOqmzyrf8ZtlQ+Z+Gso6i8gxzeJbLrVVVDZ4mUS1xJWFRQS1C4yA/onT6hpkrTz3iVcbgsGlbbKkEZeNywrMbAev1cGfD5aqko1zgibPmP/Bl973koc6bxwLtz7XLDGAs4hf/x/KY7Notdh2KBDCPYsYpXF5xcaI4W6GE5gU3pJTn/xkvmRaznM=,iv:Cxa6M3Rp3B0b60h9R5iK1yvREtjZPbw3cw8G9qUIgvM=,tag:VQtwzjSTaOgxqlDXC7xttQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3djJ0MFlIbkdIUXZJMlFs\nNDhDK0lvUjJ0WHdxZm1WTGJKVjZ2NjVjVngwCnZ6VFdzVEVjOXk5aGttVXh3WVhz\nK05oZStwN0tqNnBJMDBzRDNyaERzcm8KLS0tIGdDZjl5ekoxRzBZWlJ5TWdzeTVQ\nK3ZBSVR2WFpRelhWa3kwcUhIVnpTM2MKaUqoL2Gn5ZTSeg1VdcTbJv6DksBbH/2P\nYlO6g6WGQymklHfOcHweXsfK9SQKIw/QMzjSAFSnyEdHvj4b4zp4wg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T09:09:54Z", + "mac": "ENC[AES256_GCM,data:R9R25jOI2o2YhbiPvpHNngzagv3d1vb5AeCix8Heaqa4OPv4hdvCeTTGSq26dyOU+CXN1TTRoIjl3gj/F3qqsfwaUiIlV/A5K2jQPVcnf9v7GC6htftiwsOYnsVuHPcL71ttaGlsR7VNfuT3r7ICZzQhLo4PR8q5Tp3z0RE4VzA=,iv:RE8X1BBW/SDGLdwUlNUSGPKN+N3huJKSft6dt3Eeg5k=,tag:Bci00Z/ThB7EX1m4sLKwhw==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris b/vars/per-machine/ulmo/servarr/config.tfvars/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/servarr/config.tfvars/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From cc86b0a815525c669e105b75385b70b915cadf55 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Tue, 31 Mar 2026 15:43:34 +0200 Subject: [PATCH 24/58] checkpoint --- .just/vars.just | 4 +- clan.nix | 28 ++ clanServices/caddy/README.md | 0 clanServices/caddy/default.nix | 23 ++ clanServices/caddy/flake-module.nix | 13 + clanServices/flake-module.nix | 23 +- clanServices/peristance/README.md | 0 clanServices/peristance/default.nix | 24 ++ clanServices/peristance/flake-module.nix | 13 + clanServices/servarr/README.md | 0 clanServices/servarr/default.nix | 121 +++++++ clanServices/servarr/flake-module.nix | 14 +- clanServices/servarr/lib.nix | 317 ++++++++++++++++++ clanServices/servarr/qbittorrent.nix | 96 ++++++ clanServices/servarr/sabnzbd.nix | 95 ++++++ flake.lock | 25 +- flake.nix | 12 +- machines/mandos/configuration.nix | 11 +- machines/orome/configuration.nix | 14 +- machines/tulkas/configuration.nix | 13 +- machines/ulmo/configuration.nix | 60 ++-- .../ulmo/lidarr/api_key/machines/ulmo | 1 - .../ulmo/lidarr/api_key/users/chris | 1 - .../ulmo/lidarr/config.env/machines/ulmo | 1 - .../ulmo/lidarr/config.env/users/chris | 1 - .../ulmo/prowlarr/api_key/machines/ulmo | 1 - .../ulmo/prowlarr/api_key/users/chris | 1 - .../ulmo/prowlarr/config.env/machines/ulmo | 1 - .../ulmo/prowlarr/config.env/users/chris | 1 - .../ulmo/qbittorrent/password/machines/ulmo | 1 - .../ulmo/qbittorrent/password/users/chris | 1 - .../qbittorrent/password_hash/machines/ulmo | 1 - .../qbittorrent/password_hash/users/chris | 1 - .../qBittorrent.conf/machines/ulmo | 1 - .../qbittorrent/qBittorrent.conf/users/chris | 1 - .../ulmo/radarr/api_key/machines/ulmo | 1 - .../ulmo/radarr/api_key/users/chris | 1 - .../ulmo/radarr/config.env/machines/ulmo | 1 - .../ulmo/radarr/config.env/users/chris | 1 - .../ulmo/sabnzbd/api_key/machines/ulmo | 1 - .../ulmo/sabnzbd/api_key/users/chris | 1 - .../ulmo/sabnzbd/config.ini/machines/ulmo | 1 - .../ulmo/sabnzbd/config.ini/users/chris | 1 - .../ulmo/sabnzbd/nzb_key/machines/ulmo | 1 - .../ulmo/sabnzbd/nzb_key/users/chris | 1 - .../ulmo/sabnzbd/password/machines/ulmo | 1 - .../ulmo/sabnzbd/password/users/chris | 1 - .../ulmo/sabnzbd/sabnzbd.ini/machines/ulmo | 1 - .../ulmo/sabnzbd/sabnzbd.ini/secret | 14 - .../ulmo/sabnzbd/sabnzbd.ini/users/chris | 1 - .../ulmo/sabnzbd/username/machines/ulmo | 1 - .../ulmo/sabnzbd/username/users/chris | 1 - .../ulmo/servarr/config.tfvars/machines/ulmo | 1 - .../ulmo/servarr/config.tfvars/users/chris | 1 - .../ulmo/sonarr/api_key/machines/ulmo | 1 - .../ulmo/sonarr/api_key/users/chris | 1 - .../ulmo/sonarr/config.env/machines/ulmo | 1 - .../ulmo/sonarr/config.env/users/chris | 1 - .../ulmo/state-version/version/value | 1 + 59 files changed, 834 insertions(+), 123 deletions(-) create mode 100644 clanServices/caddy/README.md create mode 100644 clanServices/caddy/default.nix create mode 100644 clanServices/caddy/flake-module.nix create mode 100644 clanServices/peristance/README.md create mode 100644 clanServices/peristance/default.nix create mode 100644 clanServices/peristance/flake-module.nix create mode 100644 clanServices/servarr/README.md create mode 100644 clanServices/servarr/default.nix create mode 100644 clanServices/servarr/lib.nix create mode 100644 clanServices/servarr/qbittorrent.nix create mode 100644 clanServices/servarr/sabnzbd.nix delete mode 120000 vars/per-machine/ulmo/lidarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/lidarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/lidarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/lidarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/prowlarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/prowlarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/qbittorrent/password/machines/ulmo delete mode 120000 vars/per-machine/ulmo/qbittorrent/password/users/chris delete mode 120000 vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo delete mode 120000 vars/per-machine/ulmo/qbittorrent/password_hash/users/chris delete mode 120000 vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo delete mode 120000 vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris delete mode 120000 vars/per-machine/ulmo/radarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/radarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/radarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/radarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sabnzbd/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sabnzbd/config.ini/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/password/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sabnzbd/password/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/machines/ulmo delete mode 100644 vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/secret delete mode 120000 vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/username/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sabnzbd/username/users/chris delete mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo delete mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/users/chris delete mode 120000 vars/per-machine/ulmo/sonarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sonarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/sonarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sonarr/config.env/users/chris create mode 100644 vars/per-machine/ulmo/state-version/version/value diff --git a/.just/vars.just b/.just/vars.just index 9c63565..79c1bda 100644 --- a/.just/vars.just +++ b/.just/vars.just @@ -1,8 +1,8 @@ set unstable := true set quiet := true -machine_base_path := justfile_directory() + "/../machines" -secret_base_path := justfile_directory() + "/../systems/x86_64-linux" +machine_base_path := justfile_directory() + "/machines" +secret_base_path := justfile_directory() + "/systems/x86_64-linux" _default: just --list vars diff --git a/clan.nix b/clan.nix index 26f7e97..83a59e7 100644 --- a/clan.nix +++ b/clan.nix @@ -81,5 +81,33 @@ share = true; }; }; + + servarr = { + module.name = "servarr"; + module.input = "self"; + + roles.default.machines.ulmo.settings = {}; + roles.default.settings = { + enable = true; + services = { + sonarr = { + rootFolders = [ + "/var/media/series" + ]; + }; + radarr = { + rootFolders = [ + "/var/media/movies" + ]; + }; + lidarr = { + rootFolders = [ + "/var/media/music" + ]; + }; + prowlarr = {}; + }; + }; + }; }; } diff --git a/clanServices/caddy/README.md b/clanServices/caddy/README.md new file mode 100644 index 0000000..e69de29 diff --git a/clanServices/caddy/default.nix b/clanServices/caddy/default.nix new file mode 100644 index 0000000..4350c62 --- /dev/null +++ b/clanServices/caddy/default.nix @@ -0,0 +1,23 @@ +{...}: { + _class = "clan.service"; + manifest = { + name = "arda/caddy"; + description = '' + Configuration of reverse proxy. + ''; + categories = [ "Service", "Media" ]; + readme = builtins.readFile ./README.md + }; + + roles.default = { + description = ''''; + + interface = {...}: { + options = {}; + }; + + perInstance = {...}: { + nixosModule = {...}: {}; + }; + }; +} diff --git a/clanServices/caddy/flake-module.nix b/clanServices/caddy/flake-module.nix new file mode 100644 index 0000000..10a5a52 --- /dev/null +++ b/clanServices/caddy/flake-module.nix @@ -0,0 +1,13 @@ +{...}: let + module = ./default.nix; +in { + clan.modules.caddy = module; + + # perSystem = {...}: { + # clan.nixosTests.caddy = { + # imports = []; + + # clan.modules."@arda/caddy" = module; + # }; + # }; +} diff --git a/clanServices/flake-module.nix b/clanServices/flake-module.nix index 46cf514..141d07b 100644 --- a/clanServices/flake-module.nix +++ b/clanServices/flake-module.nix @@ -1,8 +1,19 @@ -{...}: { - imports = ./. +{lib, ...}: { + imports = + ./. |> builtins.readDir - |> builtins.attrsToList - |> builtins.map ({ name, value }: { type = value; path = ./. "/${name}/flake-module.nix" }) - |> builtins.filter ({ type, path }: type == "directory" && (builtins.pathExists path)) - |> builtins.map ({ name }: name); + |> lib.attrsToList + |> builtins.map ({ + name, + value, + }: { + type = value; + path = ./. + "/${name}/flake-module.nix"; + }) + |> builtins.filter ({ + type, + path, + }: + type == "directory" && (builtins.pathExists path)) + |> builtins.map ({path, ...}: path); } diff --git a/clanServices/peristance/README.md b/clanServices/peristance/README.md new file mode 100644 index 0000000..e69de29 diff --git a/clanServices/peristance/default.nix b/clanServices/peristance/default.nix new file mode 100644 index 0000000..25503ff --- /dev/null +++ b/clanServices/peristance/default.nix @@ -0,0 +1,24 @@ +{...}: { + _class = "clan.service"; + manifest = { + name = "arda/persistance"; + description = '' + Configuration of persistance resrouce(s) + (for now this means a database. and specifically it means postgres) + ''; + categories = [ "Service", "Peristance" ]; + readme = builtins.readFile ./README.md + }; + + roles.default = { + description = ''''; + + interface = {...}: { + options = {}; + }; + + perInstance = {...}: { + nixosModule = {...}: {}; + }; + }; +} diff --git a/clanServices/peristance/flake-module.nix b/clanServices/peristance/flake-module.nix new file mode 100644 index 0000000..4fc4110 --- /dev/null +++ b/clanServices/peristance/flake-module.nix @@ -0,0 +1,13 @@ +{...}: let + module = ./default.nix; +in { + clan.modules.peristance = module; + + # perSystem = {...}: { + # clan.nixosTests.peristance = { + # imports = []; + + # clan.modules."@arda/peristance" = module; + # }; + # }; +} diff --git a/clanServices/servarr/README.md b/clanServices/servarr/README.md new file mode 100644 index 0000000..e69de29 diff --git a/clanServices/servarr/default.nix b/clanServices/servarr/default.nix new file mode 100644 index 0000000..2394460 --- /dev/null +++ b/clanServices/servarr/default.nix @@ -0,0 +1,121 @@ +{lib, ...}: { + _class = "clan.service"; + manifest = { + name = "arda/servarr"; + description = ''''; + categories = ["Service" "Media"]; + readme = builtins.readFile ./README.md; + # exports.out = []; + }; + + # exports = {}; + + roles.default = { + description = ''''; + + interface = {lib, ...}: let + inherit (lib) mkOption mkEnableOption types; + in { + options = { + enable = mkEnableOption "Enable configured *arr services"; + services = mkOption { + type = types.attrsOf (types.submodule ({name, ...}: { + options = { + enable = mkEnableOption "Enable ${name}"; + debug = mkEnableOption "Use tofu plan instead of tofu apply for ${name} "; + + rootFolders = mkOption { + type = types.listOf types.str; + default = []; + }; + }; + })); + default = {}; + description = '' + Settings foreach *arr service + ''; + }; + }; + }; + + perInstance = { + instanceName, + settings, + machine, + roles, + ... + }: { + nixosModule = args @ { + config, + lib, + pkgs, + ... + }: let + servarr = import ./lib.nix (args // {inherit settings;}); + services = settings.services |> lib.attrNames; + service_count = services |> lib.length; + in { + imports = [ + (import ./sabnzbd.nix (args + // { + inherit settings; + port = 2000 + service_count + 1; + })) + (import ./qbittorrent.nix (args + // { + inherit settings; + port = 2000 + service_count + 2; + })) + (servarr.createModule settings.services) + ]; + + config = { + clan.core.vars.generators.servarr = rec { + dependencies = + services ++ ["sabnzbd" "qbittorrent"]; + + files."config.tfvars" = { + owner = "media"; + group = "media"; + mode = "0440"; + restartUnits = services |> lib.map (s: "${s}.service"); + }; + + script = '' + cat << EOL > $out/config.tfvars + ${ + services + |> lib.map (s: "${s}_api_key = \"$(cat $in/${s}/api_key)\"") + |> lib.join "\n" + } + qbittorrent_api_key = "$(cat $in/qbittorrent/password)" + sabnzbd_api_key = "$(cat $in/sabnzbd/api_key)" + EOL + ''; + }; + + services = { + flaresolverr = { + enable = true; + openFirewall = true; + port = 2000 + service_count + 3; + }; + + postgresql = { + ensureDatabases = services; + ensureUsers = + services + |> lib.map (service: { + name = service; + ensureDBOwnership = true; + }); + }; + }; + }; + }; + }; + }; + + perMachine = {...}: { + }; +} diff --git a/clanServices/servarr/flake-module.nix b/clanServices/servarr/flake-module.nix index 6462967..4a63342 100644 --- a/clanServices/servarr/flake-module.nix +++ b/clanServices/servarr/flake-module.nix @@ -1 +1,13 @@ -{...}: {} +{...}: let + module = ./default.nix; +in { + clan.modules.servarr = module; + + # perSystem = {...}: { + # clan.nixosTests.servarr = { + # imports = []; + + # clan.modules."@arda/servarr" = module; + # }; + # }; +} diff --git a/clanServices/servarr/lib.nix b/clanServices/servarr/lib.nix new file mode 100644 index 0000000..45b2831 --- /dev/null +++ b/clanServices/servarr/lib.nix @@ -0,0 +1,317 @@ +{ + self, + config, + lib, + pkgs, + settings, + ... +}: let + inherit (lib) mkIf; + + createGenerator = { + service, + service_options, + ... + }: { + files = { + api_key = { + secret = true; + deploy = true; + owner = service; + group = "media"; + restartUnits = ["${service}.service"]; + }; + "config.env" = { + secret = true; + deploy = true; + owner = service; + group = "media"; + restartUnits = ["${service}.service"]; + }; + }; + + runtimeInputs = with pkgs; [pwgen]; + script = '' + pwgen -s 128 1 > $out/api_key + echo ${lib.toUpper service}__AUTH__APIKEY="$(cat $out/api_key)" > $out/config.env + ''; + }; + + createService = { + service, + service_options, + ... + }: + { + enable = true; + openFirewall = true; + + environmentFiles = [ + config.clan.core.vars.generators.${service}.files."config.env".path + ]; + + settings = { + auth.authenticationMethod = "External"; + + server = { + bindaddress = "0.0.0.0"; + port = service_options.port; + }; + + postgres = { + host = "localhost"; + port = "5432"; + user = service; + maindb = service; + logdb = service; + }; + }; + } + // (lib.optionalAttrs (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + user = service; + group = "media"; + }); + + createSystemdService = { + service, + service_options, + ... + }: let + tofu = lib.getExe pkgs.opentofu; + terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { + system = pkgs.stdenv.hostPlatform.system; + modules = [ + (createInfra {inherit service service_options;}) + ]; + }; + in { + description = "${service} apply infra"; + + wantedBy = ["multi-user.target"]; + wants = ["${service}.service"]; + + preStart = '' + install -d -m 0770 -o ${service} -g media /var/lib/${service}-apply-infra + ${ + service_options.rootFolders + |> lib.map (folder: "install -d -m 0770 -o media -g media ${folder}") + |> lib.join "\n" + } + ''; + + script = '' + # Sleep for a bit to give the service a chance to start up + sleep 5s + + if [ "$(systemctl is-active ${lib.escapeShellArg service})" != "active" ]; then + echo "${service} is not running" + exit 1 + fi + + # Print the path to the source for easier debugging + echo "config location: ${terraformConfiguration}" + + # Copy infra code into workspace + cp -f ${terraformConfiguration} config.tf.json + + # Initialize OpenTofu + ${tofu} init + + # Run the infrastructure code + ${tofu} \ + ${ + if service_options.debug + then "plan" + else "apply -auto-approve" + } \ + -var-file='${config.clan.core.vars.generators.servarr.files."config.tfvars".path}' + ''; + + serviceConfig = { + Type = "oneshot"; + User = service; + Group = "media"; + + WorkingDirectory = "/var/lib/${service}-apply-infra"; + + EnvironmentFile = [ + config.clan.core.vars.generators.${service}.files."config.env".path + ]; + }; + }; + + # Returns a module to be used in a modules list of terranix + createInfra = { + service, + service_options, + ... + }: terra: let + inherit (terra.lib) tfRef; + in { + variable = { + "${service}_api_key" = { + type = "string"; + description = "${service} API key"; + }; + + qbittorrent_api_key = { + type = "string"; + description = "qbittorrent api key"; + }; + + sabnzbd_api_key = { + type = "string"; + description = "sabnzbd api key"; + }; + }; + + terraform.required_providers.${service} = { + source = "devopsarr/${service}"; + version = + { + radarr = "2.3.5"; + sonarr = "3.4.2"; + prowlarr = "3.2.1"; + lidarr = "1.13.0"; + readarr = "2.1.0"; + whisparr = "1.2.0"; + }.${ + service + }; + }; + + provider.${service} = { + url = "http://[::1]:${toString service_options.port}"; + api_key = tfRef "var.${service}_api_key"; + }; + + resource = + { + "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr" "readarr"]) ( + service_options.rootFolders + |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) + |> lib.listToAttrs + ); + + "${service}_download_client_qbittorrent" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + "main" = { + name = "qBittorrent"; + enable = true; + priority = 1; + host = "localhost"; + username = "admin"; + password = tfRef "var.qbittorrent_api_key"; + url_base = "/"; + port = config.services.qbittorrent.webuiPort; + }; + }; + + "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + "main" = { + name = "SABnzbd"; + enable = true; + priority = 1; + host = "localhost"; + api_key = tfRef "var.sabnzbd_api_key"; + url_base = "/"; + port = config.services.sabnzbd.settings.misc.port; + }; + }; + } + // (lib.optionalAttrs (service == "prowlarr") ( + settings.services + |> lib.filterAttrs (s: _: lib.elem s ["radarr" "sonarr" "lidarr" "whisparr"]) + |> lib.mapAttrsToList (s: {port, ...}: { + "prowlarr_application_${s}"."main" = let + p = config.services.prowlarr.settings.server.port or 9696; + in { + name = s; + sync_level = "addOnly"; + base_url = "http://localhost:${toString port}"; + prowlarr_url = "http://localhost:${toString p}"; + api_key = tfRef "var.${s}_api_key"; + }; + }) + |> lib.concat [ + { + "prowlarr_indexer" = { + "nyaa" = { + enable = true; + + app_profile_id = 1; + priority = 1; + + name = "Nyaa"; + implementation = "Cardigann"; + config_contract = "CardigannSettings"; + protocol = "torrent"; + + fields = [ + { + name = "definitionFile"; + text_value = "nyaasi"; + } + { + name = "baseSettings.limitsUnit"; + number_value = 0; + } + { + name = "torrentBaseSettings.preferMagnetUrl"; + bool_value = false; + } + { + name = "prefer_magnet_links"; + bool_value = true; + } + { + name = "sonarr_compatibility"; + bool_value = false; + } + { + name = "strip_s01"; + bool_value = false; + } + { + name = "radarr_compatibility"; + bool_value = false; + } + { + name = "filter-id"; + number_value = 0; + } + { + name = "cat-id"; + number_value = 0; + } + { + name = "sort"; + number_value = 0; + } + { + name = "type"; + number_value = 1; + } + ]; + }; + }; + } + ] + |> lib.mkMerge + )); + }; +in { + createModule = services: {...}: { + config = + services + |> lib.attrsToList + |> lib.imap1 (i: service: o: let + service_options = o // {port = 2000 + i;}; + in { + clan.core.vars.generators.${service} = createGenerator {inherit service service_options;}; + services.${service} = createService {inherit service service_options;}; + + systemd.services."${service}-apply-infra" = lib.mkIf settings.enable (createSystemdService {inherit service service_options;}); + }) + |> lib.mkMerge; + }; +} diff --git a/clanServices/servarr/qbittorrent.nix b/clanServices/servarr/qbittorrent.nix new file mode 100644 index 0000000..dee52fd --- /dev/null +++ b/clanServices/servarr/qbittorrent.nix @@ -0,0 +1,96 @@ +{ + config, + pkgs, + lib, + settings, + port, + ... +}: { + clan.core.vars.generators.qbittorrent = let + hash_password = pkgs.writers.writePython3 "hashPassword" {} '' + import base64 + import hashlib + import sys + import uuid + + password = sys.argv[1] + salt = uuid.uuid4() + salt_bytes = salt.bytes + + password = str.encode(password) + hashed_password = hashlib.pbkdf2_hmac( + "sha512", + password, + salt_bytes, + 100000, + dklen=64 + ) + b64_salt = base64.b64encode(salt_bytes).decode("utf-8") + b64_password = base64.b64encode(hashed_password).decode("utf-8") + password_string = "@ByteArray({salt}:{password})".format( + salt=b64_salt, password=b64_password + ) + print(password_string) + ''; + in { + files = { + "password" = { + secret = true; + deploy = true; + }; + "password_hash" = { + secret = true; + deploy = true; + }; + "qBittorrent.conf" = { + secret = true; + deploy = true; + owner = "qbittorrent"; + group = "media"; + mode = "0660"; + restartUnits = ["qbittorrent.service"]; + }; + }; + + runtimeInputs = with pkgs; [pwgen hash_password]; + + script = '' + pwgen -s 128 1 > $out/password + + ${hash_password} $(cat $out/password) > $out/password_hash + + cat << EOF > $out/qBittorrent.conf + [LegalNotice] + Accepted=true + + [Preferences] + WebUI\AlternativeUIEnabled=true + WebUI\RootFolder=${pkgs.vuetorrent}/share/vuetorrent + WebUI\Username=admin + WebUI\Password_PBKDF2=$(cat $out/password_hash) + EOF + ''; + }; + + system.activationScripts.qbittorrent-config = { + deps = lib.optional (!config.sops.useSystemdActivation) "setupSecrets"; + # TODO: If sops-nix is switched to systemd activation, add a systemd unit + # for this install step that runs after sops-install-secrets.service, + # because this activation-script dependency only orders against setupSecrets. + text = '' + install -Dm0600 -o ${config.services.qbittorrent.user} -g ${config.services.qbittorrent.group} \ + ${config.clan.core.vars.generators.qbittorrent.files."qBittorrent.conf".path} \ + ${config.services.qbittorrent.profileDir}/qBittorrent/config/qBittorrent.conf + ''; + }; + + services.qbittorrent = { + enable = true; + openFirewall = true; + webuiPort = port; + serverConfig = lib.mkForce {}; + + user = "qbittorrent"; + group = "media"; + }; +} diff --git a/clanServices/servarr/sabnzbd.nix b/clanServices/servarr/sabnzbd.nix new file mode 100644 index 0000000..49ae9a2 --- /dev/null +++ b/clanServices/servarr/sabnzbd.nix @@ -0,0 +1,95 @@ +{ + config, + lib, + pkgs, + settings, + port, + ... +}: { + clan.core.vars.generators.sabnzbd = { + files = { + "api_key" = { + secret = true; + deploy = true; + }; + "nzb_key" = { + secret = true; + deploy = true; + }; + "config.ini" = { + secret = true; + deploy = true; + owner = "sabnzbd"; + group = "media"; + mode = "0660"; + }; + }; + + prompts = { + username = { + description = "usenet username"; + type = "hidden"; + persist = true; + }; + password = { + description = "usenet password"; + type = "hidden"; + persist = true; + }; + }; + + runtimeInputs = with pkgs; [pwgen]; + + script = '' + pwgen -s 128 1 > $out/api_key + pwgen -s 128 1 > $out/nzb_key + + cat << EOF > $out/config.ini + [misc] + api_key = $(cat $out/api_key) + nzb_key = $(cat $out/nzb_key) + + [servers] + [[news.sunnyusenet.com]] + username = $(cat $prompts/username) + password = $(cat $prompts/password) + EOF + ''; + }; + + services.sabnzbd = { + enable = true; + openFirewall = true; + + allowConfigWrite = false; + configFile = lib.mkForce null; + + secretFiles = [ + config.clan.core.vars.generators.sabnzbd.files."config.ini".path + ]; + + settings = { + misc = { + host = "0.0.0.0"; + port = port; + host_whitelist = "${config.networking.hostName}"; + + download_dir = "/var/media/downloads/incomplete"; + complete_dir = "/var/media/downloads/done"; + }; + + servers = { + "news.sunnyusenet.com" = { + name = "news.sunnyusenet.com"; + displayname = "news.sunnyusenet.com"; + host = "news.sunnyusenet.com"; + port = 563; + timeout = 60; + }; + }; + }; + + user = "sabnzbd"; + group = "media"; + }; +} diff --git a/flake.lock b/flake.lock index ec40c5c..a888110 100644 --- a/flake.lock +++ b/flake.lock @@ -351,27 +351,6 @@ "type": "github" } }, - "flake-parts_5": { - "inputs": { - "nixpkgs-lib": [ - "terranix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flux": { "inputs": { "mcman": "mcman", @@ -1091,7 +1070,9 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_5", + "flake-parts": [ + "flake-parts" + ], "nixpkgs": [ "nixpkgs" ], diff --git a/flake.nix b/flake.nix index 7e4bf77..7f59c27 100644 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,12 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + terranix = { + url = "github:terranix/terranix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; + clan-core = { url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; inputs = { @@ -83,11 +89,6 @@ url = "github:vinceliuice/grub2-themes"; }; - terranix = { - url = "github:terranix/terranix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - mydia = { url = "github:chris-kruining/mydia"; # url = "github:getmydia/mydia"; @@ -108,7 +109,6 @@ flake-parts.flakeModules.modules clan-core.flakeModules.default home-manager.flakeModules.default - terranix.flakeModule ./packages/flake-module.nix ./clanServices/flake-module.nix ]; diff --git a/machines/mandos/configuration.nix b/machines/mandos/configuration.nix index cbeefc6..131b987 100644 --- a/machines/mandos/configuration.nix +++ b/machines/mandos/configuration.nix @@ -1,8 +1,15 @@ -{ ... }: -{ +{self, ...}: { imports = [ ./disks.nix ./hardware.nix + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops + (self.inputs.import-tree ../../modules/nixos) ]; nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/machines/orome/configuration.nix b/machines/orome/configuration.nix index 1762545..2c94238 100644 --- a/machines/orome/configuration.nix +++ b/machines/orome/configuration.nix @@ -1,7 +1,19 @@ -{pkgs, ...}: { +{ + self, + pkgs, + ... +}: { imports = [ ./disks.nix ./hardware.nix + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops + (self.inputs.import-tree ../../modules/nixos) ]; nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/machines/tulkas/configuration.nix b/machines/tulkas/configuration.nix index ff3750b..bbfe3d8 100644 --- a/machines/tulkas/configuration.nix +++ b/machines/tulkas/configuration.nix @@ -1,8 +1,15 @@ -{ ... }: -{ +{self, ...}: { imports = [ ./disks.nix ./hardware.nix + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops + (self.inputs.import-tree ../../modules/nixos) ]; nixpkgs.hostPlatform = "x86_64-linux"; @@ -31,4 +38,4 @@ }; system.stateVersion = "23.11"; -} \ No newline at end of file +} diff --git a/machines/ulmo/configuration.nix b/machines/ulmo/configuration.nix index 49c2896..0fa4431 100644 --- a/machines/ulmo/configuration.nix +++ b/machines/ulmo/configuration.nix @@ -223,39 +223,39 @@ media.mydia.enable = true; media.nfs.enable = true; media.jellyfin.enable = true; - media.servarr = { - radarr = { - enable = true; - port = 2001; - rootFolders = [ - "/var/media/movies" - ]; - }; + # media.servarr = { + # radarr = { + # enable = true; + # port = 2001; + # rootFolders = [ + # "/var/media/movies" + # ]; + # }; - sonarr = { - enable = true; - # debug = true; - port = 2002; - rootFolders = [ - "/var/media/series" - ]; - }; + # sonarr = { + # enable = true; + # # debug = true; + # port = 2002; + # rootFolders = [ + # "/var/media/series" + # ]; + # }; - lidarr = { - enable = true; - debug = true; - port = 2003; - rootFolders = [ - "/var/media/music" - ]; - }; + # lidarr = { + # enable = true; + # debug = true; + # port = 2003; + # rootFolders = [ + # "/var/media/music" + # ]; + # }; - prowlarr = { - enable = true; - # debug = true; - port = 2004; - }; - }; + # prowlarr = { + # enable = true; + # # debug = true; + # port = 2004; + # }; + # }; observability = { grafana.enable = true; diff --git a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo b/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/api_key/users/chris b/vars/per-machine/ulmo/lidarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/lidarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo b/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/users/chris b/vars/per-machine/ulmo/lidarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/lidarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo b/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/users/chris b/vars/per-machine/ulmo/prowlarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/prowlarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo b/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/users/chris b/vars/per-machine/ulmo/prowlarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/prowlarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password/users/chris b/vars/per-machine/ulmo/qbittorrent/password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/qbittorrent/password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris b/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo b/vars/per-machine/ulmo/radarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/users/chris b/vars/per-machine/ulmo/radarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/radarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo b/vars/per-machine/ulmo/radarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/users/chris b/vars/per-machine/ulmo/radarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/radarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/users/chris b/vars/per-machine/ulmo/sabnzbd/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris b/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris b/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/password/users/chris b/vars/per-machine/ulmo/sabnzbd/password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/secret b/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/secret deleted file mode 100644 index 096adbc..0000000 --- a/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/secret +++ /dev/null @@ -1,14 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:SQ==,iv:TA3yzuzlV904alF4FJYea1hDfCUhTorWde9i2+Wjni8=,tag:llIJD9Y4R+7eLKzICX+2eQ==,type:str]", - "sops": { - "age": [ - { - "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcEJUS3M4SWdZUVloNVNQ\nS042WFRFQ3JPK1AvRTA3U3NXeENuRVpYRFNFCmFUdGFocGI3T1hzdm5SdGhvVkg2\nMEczL1E5dW1RU2xKZnpBSXBTNGExL1UKLS0tIGhMT1h1THNIOVljQnd2emJzcEJV\nQkZkVXVNZjdsRDU4cHU5a25rVndHTEkKQSkpEgtAxwO1kCYU+G+3YwrT57Z5I25v\ndLN9BD2kQMb7wyK7tyzGi34p/gQRAd27YS5eohz4NA1DCtrG+AHkAw==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2026-03-30T12:24:25Z", - "mac": "ENC[AES256_GCM,data:bcdmlYkslq2A9fVsKI0tZ/kQZqfona6caLUCHmWV3BzxjwsUE4pYe/1hOWn+C7Gw59YhccscvTMQM9VVYYmpr8aubO8VNsnix6PkyYLlof94aTFm0QZOGTdgIe9JCiAfYCvEBiS3VowhyLKj2zdxKJhCqfsFccpmC3XAV6zJS7s=,iv:97dmBjBcBwvnWDLE1rXeZLCqEuDuGLxiPoaQz/O3Dgg=,tag:1F0bhzmPqNV9q98ceSGlkg==,type:str]", - "version": "3.12.1" - } -} diff --git a/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/users/chris b/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/sabnzbd.ini/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/username/users/chris b/vars/per-machine/ulmo/sabnzbd/username/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/username/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo b/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris b/vars/per-machine/ulmo/servarr/config.tfvars/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo b/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/users/chris b/vars/per-machine/ulmo/sonarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sonarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo b/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/users/chris b/vars/per-machine/ulmo/sonarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sonarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/state-version/version/value b/vars/per-machine/ulmo/state-version/version/value new file mode 100644 index 0000000..abbaa1c --- /dev/null +++ b/vars/per-machine/ulmo/state-version/version/value @@ -0,0 +1 @@ +23.11 \ No newline at end of file From 2ffece26f2b3f0cd8cc9e4fa8c98f48650a68f94 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 1 Apr 2026 16:09:51 +0200 Subject: [PATCH 25/58] daily checkpoint --- clan.nix | 42 ++++ clanServices/caddy/default.nix | 2 +- clanServices/peristance/default.nix | 24 --- clanServices/peristance/flake-module.nix | 13 -- .../{peristance => peristence}/README.md | 0 clanServices/peristence/default.nix | 35 ++++ clanServices/peristence/flake-module.nix | 13 ++ clanServices/servarr/default.nix | 31 ++- clanServices/servarr/lib.nix | 34 ++-- .../plans/mandos-wake-on-demand-build-host.md | 125 ++++++++++++ docs/plans/tagging-strategy.md | 185 ++++++++++++++++++ .../nixos/services/authentication/zitadel.nix | 2 +- .../nixos/services/communication/matrix.nix | 2 +- .../nixos/services/development/forgejo.nix | 2 +- .../nixos/services/persistance/postgresql.nix | 4 +- 15 files changed, 451 insertions(+), 63 deletions(-) delete mode 100644 clanServices/peristance/default.nix delete mode 100644 clanServices/peristance/flake-module.nix rename clanServices/{peristance => peristence}/README.md (100%) create mode 100644 clanServices/peristence/default.nix create mode 100644 clanServices/peristence/flake-module.nix create mode 100644 docs/plans/mandos-wake-on-demand-build-host.md create mode 100644 docs/plans/tagging-strategy.md diff --git a/clan.nix b/clan.nix index 83a59e7..ae3cb5e 100644 --- a/clan.nix +++ b/clan.nix @@ -7,6 +7,39 @@ directory = ./.; + exportInterfaces = { + persistence = {lib, ...}: let + inherit (lib) mkOption types; + in { + options = { + main = mkOption { + type = types.str; + }; + + database = mkOption { + type = types.attrsOf types.anything; + }; + }; + }; + + servarr = {lib, ...}: let + inherit (lib) mkOption types; + in { + options = { + services = mkOption { + type = types.attrsOf (types.submodule { + options = { + port = mkOption { + type = types.port; + }; + }; + }); + default = "awesome!"; + }; + }; + }; + }; + inventory.machines = { aule = { name = "aule"; @@ -82,10 +115,19 @@ }; }; + persistence = { + module.name = "persistence"; + module.input = "self"; + + # TODO :: Convert to use tags instead + roles.default.machines.ulmo.settings = {}; + }; + servarr = { module.name = "servarr"; module.input = "self"; + # TODO :: Convert to use tags instead roles.default.machines.ulmo.settings = {}; roles.default.settings = { enable = true; diff --git a/clanServices/caddy/default.nix b/clanServices/caddy/default.nix index 4350c62..fc3ae7a 100644 --- a/clanServices/caddy/default.nix +++ b/clanServices/caddy/default.nix @@ -6,7 +6,7 @@ Configuration of reverse proxy. ''; categories = [ "Service", "Media" ]; - readme = builtins.readFile ./README.md + readme = builtins.readFile ./README.md; }; roles.default = { diff --git a/clanServices/peristance/default.nix b/clanServices/peristance/default.nix deleted file mode 100644 index 25503ff..0000000 --- a/clanServices/peristance/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{...}: { - _class = "clan.service"; - manifest = { - name = "arda/persistance"; - description = '' - Configuration of persistance resrouce(s) - (for now this means a database. and specifically it means postgres) - ''; - categories = [ "Service", "Peristance" ]; - readme = builtins.readFile ./README.md - }; - - roles.default = { - description = ''''; - - interface = {...}: { - options = {}; - }; - - perInstance = {...}: { - nixosModule = {...}: {}; - }; - }; -} diff --git a/clanServices/peristance/flake-module.nix b/clanServices/peristance/flake-module.nix deleted file mode 100644 index 4fc4110..0000000 --- a/clanServices/peristance/flake-module.nix +++ /dev/null @@ -1,13 +0,0 @@ -{...}: let - module = ./default.nix; -in { - clan.modules.peristance = module; - - # perSystem = {...}: { - # clan.nixosTests.peristance = { - # imports = []; - - # clan.modules."@arda/peristance" = module; - # }; - # }; -} diff --git a/clanServices/peristance/README.md b/clanServices/peristence/README.md similarity index 100% rename from clanServices/peristance/README.md rename to clanServices/peristence/README.md diff --git a/clanServices/peristence/default.nix b/clanServices/peristence/default.nix new file mode 100644 index 0000000..d0cbc19 --- /dev/null +++ b/clanServices/peristence/default.nix @@ -0,0 +1,35 @@ +{...}: { + _class = "clan.service"; + manifest = { + name = "arda/persistence"; + description = '' + Configuration of persistence resrouce(s) + (for now this means a database. and specifically it means postgres) + ''; + readme = builtins.readFile ./README.md; + exports.out = ["persistence"]; + }; + + roles.default = { + description = ''''; + + interface = {...}: { + options = {}; + }; + + perInstance = {mkExports, ...}: { + exports = mkExports { + persistence = { + main = "postgresql"; + database.postgresql = { + host = ""; + port = 5432; + }; + }; + }; + + nixosModule = {...}: { + }; + }; + }; +} diff --git a/clanServices/peristence/flake-module.nix b/clanServices/peristence/flake-module.nix new file mode 100644 index 0000000..56801d9 --- /dev/null +++ b/clanServices/peristence/flake-module.nix @@ -0,0 +1,13 @@ +{...}: let + module = ./default.nix; +in { + clan.modules.persistence = module; + + # perSystem = {...}: { + # clan.nixosTests.persistence = { + # imports = []; + + # clan.modules."@arda/persistence" = module; + # }; + # }; +} diff --git a/clanServices/servarr/default.nix b/clanServices/servarr/default.nix index 2394460..1b36eeb 100644 --- a/clanServices/servarr/default.nix +++ b/clanServices/servarr/default.nix @@ -1,15 +1,21 @@ -{lib, ...}: { +{ + exports, + clanLib, + lib, + ... +}: { _class = "clan.service"; manifest = { name = "arda/servarr"; description = ''''; categories = ["Service" "Media"]; readme = builtins.readFile ./README.md; - # exports.out = []; + exports = { + inputs = ["persistence"]; + out = ["servarr"]; + }; }; - # exports = {}; - roles.default = { description = ''''; @@ -21,7 +27,7 @@ services = mkOption { type = types.attrsOf (types.submodule ({name, ...}: { options = { - enable = mkEnableOption "Enable ${name}"; + enable = mkEnableOption "Enable ${name}" // {default = true;}; debug = mkEnableOption "Use tofu plan instead of tofu apply for ${name} "; rootFolders = mkOption { @@ -43,8 +49,21 @@ settings, machine, roles, + mkExports, ... }: { + exports = mkExports { + servarr.services = + settings.services + |> lib.attrNames + |> lib.concat ["sabnzbd" "qbittorrent" "flaresolverr"] + |> lib.imap1 (i: name: { + inherit name; + value = {port = 2000 + i;}; + }) + |> lib.listToAttrs; + }; + nixosModule = args @ { config, lib, @@ -54,6 +73,8 @@ servarr = import ./lib.nix (args // {inherit settings;}); services = settings.services |> lib.attrNames; service_count = services |> lib.length; + + db = exports |> clanLib.getExport {serviceName = "persistence";}; in { imports = [ (import ./sabnzbd.nix (args diff --git a/clanServices/servarr/lib.nix b/clanServices/servarr/lib.nix index 45b2831..43fde4d 100644 --- a/clanServices/servarr/lib.nix +++ b/clanServices/servarr/lib.nix @@ -10,7 +10,7 @@ createGenerator = { service, - service_options, + options, ... }: { files = { @@ -39,7 +39,7 @@ createService = { service, - service_options, + options, ... }: { @@ -55,7 +55,7 @@ server = { bindaddress = "0.0.0.0"; - port = service_options.port; + port = options.port; }; postgres = { @@ -74,14 +74,14 @@ createSystemdService = { service, - service_options, + options, ... }: let tofu = lib.getExe pkgs.opentofu; terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { system = pkgs.stdenv.hostPlatform.system; modules = [ - (createInfra {inherit service service_options;}) + (createInfra {inherit service options;}) ]; }; in { @@ -93,7 +93,7 @@ preStart = '' install -d -m 0770 -o ${service} -g media /var/lib/${service}-apply-infra ${ - service_options.rootFolders + options.rootFolders |> lib.map (folder: "install -d -m 0770 -o media -g media ${folder}") |> lib.join "\n" } @@ -120,7 +120,7 @@ # Run the infrastructure code ${tofu} \ ${ - if service_options.debug + if options.debug then "plan" else "apply -auto-approve" } \ @@ -143,7 +143,7 @@ # Returns a module to be used in a modules list of terranix createInfra = { service, - service_options, + options, ... }: terra: let inherit (terra.lib) tfRef; @@ -181,14 +181,14 @@ }; provider.${service} = { - url = "http://[::1]:${toString service_options.port}"; + url = "http://[::1]:${toString options.port}"; api_key = tfRef "var.${service}_api_key"; }; resource = { "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr" "readarr"]) ( - service_options.rootFolders + options.rootFolders |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) |> lib.listToAttrs ); @@ -304,13 +304,17 @@ in { config = services |> lib.attrsToList - |> lib.imap1 (i: service: o: let - service_options = o // {port = 2000 + i;}; + |> lib.imap1 (i: { + name, + value, + }: let + service = name; + options = value // {port = 2000 + i;}; in { - clan.core.vars.generators.${service} = createGenerator {inherit service service_options;}; - services.${service} = createService {inherit service service_options;}; + clan.core.vars.generators.${service} = createGenerator {inherit service options;}; + services.${service} = createService {inherit service options;}; - systemd.services."${service}-apply-infra" = lib.mkIf settings.enable (createSystemdService {inherit service service_options;}); + systemd.services."${service}-apply-infra" = lib.mkIf settings.enable (createSystemdService {inherit service options;}); }) |> lib.mkMerge; }; diff --git a/docs/plans/mandos-wake-on-demand-build-host.md b/docs/plans/mandos-wake-on-demand-build-host.md new file mode 100644 index 0000000..0775828 --- /dev/null +++ b/docs/plans/mandos-wake-on-demand-build-host.md @@ -0,0 +1,125 @@ +# Mandos as a wake-on-demand build host + +## Goal + +Mandos is primarily an interactive living-room machine, but it is also a strong candidate for handling remote Nix builds when it is idle. The goal is to make that dual use practical without keeping the machine powered all the time. + +## Current context + +On `main`, Mandos is configured as an interactive gaming machine: + +- `systems/x86_64-linux/mandos/default.nix` + - `sneeuwvlok.hardware.has.gpu.nvidia = true` + - `sneeuwvlok.hardware.has.audio = true` + - `sneeuwvlok.desktop.use = "gamescope"` + - `sneeuwvlok.application.steam.enable = true` +- `homes/x86_64-linux/chris@mandos/default.nix` + - user-facing application set for an interactive machine + +This makes Mandos a poor fit for "always running random infrastructure", but a reasonable fit for "available for work when needed". + +## Desired behavior + +- Mandos remains an interactive machine first. +- Mandos can be used as a remote build worker when no one is actively using it. +- Mandos should not need to stay fully on all day just to be eligible for builds. +- Waking and idling down should be automatic enough that the machine can participate in builds without turning into a maintenance burden. + +## Recommended model + +### 1. Use wake-on-LAN as the activation mechanism + +Mandos should support being awakened by another machine on the same LAN. + +Requirements: + +- BIOS or UEFI wake-on-LAN support enabled +- NixOS interface configuration enabling wake-on-LAN +- one low-power machine that is effectively always available to send wake requests + +In this repo, `ulmo` is the obvious candidate to act as the coordinator, but the pattern should stay generic: one machine is always reachable, and one or more stronger machines can be woken on demand. + +### 2. Prefer suspend-first over shutdown-first + +There are two main power states worth considering: + +- **Suspend on idle** + - faster resume + - generally better user experience + - often easier to make reliable for wake-on-LAN +- **Shutdown on idle** + - lowest power draw + - more fragile in practice because firmware support for wake from soft-off varies + - longer time to become available again + +Recommended rollout order: + +1. Prove the concept with suspend on idle. +2. Only consider full power-off later if the hardware and firmware behave reliably. + +## 3. Add an explicit availability policy + +The interesting lesson for tagging is not "Mandos should have a build tag". The interesting lesson is that some machines have a deliberate availability policy that affects how safely they can participate in automation. + +A future host-level setting could encode this policy directly, for example: + +- `always-on` +- `wake-on-demand` +- `manual` + +That setting would be a better source for any computed operational tag than current workload or ad hoc tags. + +## 4. Idle detection should be policy-driven + +If Mandos becomes a build worker, idle shutdown or suspend should depend on signals such as: + +- no local interactive session activity +- no active build job +- no long-running system task that should keep the machine awake + +This should not be a blind timer that powers the machine down every X minutes regardless of context. + +## 5. Build orchestration needs a coordinator + +Wake-on-demand only works well if something else can wake the machine and wait for it to become reachable. In practice, this means: + +- a coordinator sends the wake signal +- the build client retries until the machine is reachable +- the remote builder participates only after it is actually ready + +The exact implementation can vary, but the architectural point is the same: a wakeable build worker is not self-sufficient. + +## Risks and caveats + +- Firmware wake support may be unreliable, especially from full shutdown. +- Build latency increases because wake and readiness checks take time. +- A machine that users expect to be immediately available should not surprise them with power-state transitions at awkward moments. +- Interactive workload detection matters; otherwise the machine will feel hostile as a living-room device. + +## Recommendation + +Treat the Mandos idea as a good pattern, but generalize it: + +- some machines are **interactive** +- some machines are **wakeable on demand** +- some machines are suitable for **interruptible background work** + +Those are more reusable concepts than "Mandos is the build server". + +## Implications for the tag strategy + +This investigation strengthens a small part of the `operational:*` space: + +- `operational:availability:always-on` +- `operational:availability:wake-on-demand` +- `operational:workload:interruptible` + +These should not be assigned by hand if they can instead be computed from explicit machine settings that describe availability policy. + +## References + +- Clan inventory tags and dynamic tags docs: `https://clan.lol/docs/25.11/reference/options/clan_inventory` +- NixOS Wake-on-LAN wiki: `https://wiki.nixos.org/wiki/Wake_on_LAN` +- Home-lab wake-on-demand discussion and patterns: + - `https://dgross.ca/blog/linux-home-server-auto-sleep` + - `https://danielpgross.github.io/friendly_neighbor/howto-sleep-wake-on-demand.html` diff --git a/docs/plans/tagging-strategy.md b/docs/plans/tagging-strategy.md new file mode 100644 index 0000000..eb77376 --- /dev/null +++ b/docs/plans/tagging-strategy.md @@ -0,0 +1,185 @@ +# Clan machine tagging strategy + +## Goal + +Replace machine-name targeting with stable tags that survive machine renames, hardware reshuffles, and service moves. + +The strategy should fit how this repo is evolving: + +- machine tags should describe the machine +- service roles should describe service topology +- computed tags should be derived from machine settings or other explicit metadata, not from other tags + +## Source material + +This plan is based on: + +- current Clan inventory in `clan.nix` +- current machine configs under `machines/*/configuration.nix` +- workload and module usage on `main` under: + - `systems/x86_64-linux/*/default.nix` + - `homes/x86_64-linux/chris@*/default.nix` +- Clan inventory tag and dynamic-tag documentation + +## Guiding principles + +### 1. Prefer capabilities over roles + +A machine rarely has one permanent role. In this repo especially, a machine may be interactive, portable, build-capable, and temporarily host some service at the same time. + +Because of that, tags should describe durable traits and capabilities rather than trying to answer "what is this machine?" + +### 2. Do not encode current workload as a machine tag + +A machine currently running Grafana, Jellyfin, or PostgreSQL does not mean that those should become machine tags. Those are current placements, not stable identity. + +If a service can move, its current presence is weak evidence for tagging. + +### 3. Use service roles for topology + +Some relationships belong in service definitions rather than host tags. + +Examples: + +- NFS producer and consumer +- persistence provider and client +- reverse proxy frontend and backend + +These are not machine identity tags; they are service-topology relationships. + +### 4. Derive tags from settings when possible + +If a machine setting already captures a fact, derive the tag from that setting instead of duplicating it by hand. + +Good examples in this repo: + +- `desktop.use` can imply whether a machine is interactive +- `hardware.has.gpu.*` can imply GPU availability +- `hardware.has.audio` can imply audio capability +- `hardware.has.bluetooth` can imply Bluetooth capability + +### 5. Avoid deriving tags from other tags + +Clan supports dynamic tags, but tag-from-tag derivation can become fragile and can even recurse. If tags need computation, compute them from machine settings or an explicit metadata source instead. + +## Proposed namespaces + +Use full words: + +- `capability:*` +- `operational:*` + +The intention is: + +- `capability:*` describes stable machine traits +- `operational:*` describes automation-relevant policy or availability behavior + +## Capability tags + +These are the strongest candidates for machine tags. + +### Runtime + +- `capability:runtime:interactive` +- `capability:runtime:headless` + +These are directly useful for deciding where a service with a user-facing local experience does or does not belong. + +### Hardware + +- `capability:hardware:gpu` +- `capability:hardware:audio` +- `capability:hardware:bluetooth` + +At the moment, the repo provides enough configuration structure to derive these from machine settings. + +GPU vendor-specific tags are intentionally excluded for now. The current conclusion is that the presence of GPU hardware may matter, but the vendor usually does not unless there is a specific workload that depends on CUDA, ROCm, or a similar stack. + +### Mobility + +- `capability:mobility:portable` +- `capability:mobility:stationary` + +These are useful concepts, but they are not currently obvious from one uniform machine setting in the repo. If they become desirable, they likely need either: + +- an explicit machine setting, or +- a stronger convention around machine form factor + +For now they are candidates, not automatic defaults. + +## Operational tags + +Operational tags are weaker than capability tags and should stay small in number. + +They should only exist when they capture real automation constraints that are not already represented elsewhere. + +### Availability + +- `operational:availability:always-on` +- `operational:availability:wake-on-demand` +- `operational:availability:manual` + +This dimension became clearer while thinking through the Mandos build-host idea. A machine may be technically capable of a workload, while its availability policy determines whether it is a sensible target. + +These tags should not be guessed from existing workloads. They should come from an explicit machine setting that states the intended availability policy. + +### Interruptibility + +- `operational:workload:interruptible` + +This is not about the machine by itself. It is a useful policy boundary for selecting machines that may host work that can be delayed, retried, paused, or moved. + +If introduced, it should again come from explicit machine policy rather than being inferred from current services. + +## What should not become machine tags + +- current service assignments, such as Jellyfin, Grafana, Forgejo, or PostgreSQL +- service topology, such as NFS producer or consumer +- user application presence, such as Discord or TeamSpeak +- detailed desktop-environment choice, such as Plasma or Gamescope +- one-off descriptions like "living room" unless location becomes a deliberate scheduling dimension + +## What is derivable today + +The repo already contains enough structure to derive several useful capability tags. + +Examples from the current configuration style: + +- if a machine enables a desktop session, derive `capability:runtime:interactive` +- if a machine does not, derive `capability:runtime:headless` +- if a machine enables `hardware.has.audio`, derive `capability:hardware:audio` +- if a machine enables `hardware.has.bluetooth`, derive `capability:hardware:bluetooth` +- if a machine enables any `hardware.has.gpu.*`, derive `capability:hardware:gpu` + +## What probably needs explicit policy + +These should not be inferred from current services or tag combinations: + +- `operational:availability:*` +- `operational:workload:interruptible` +- mobility-related tags if there is no explicit machine setting to derive them from + +The clean way to support these is to introduce one or more explicit machine settings whose purpose is to describe machine policy rather than workload. + +## Mandos update + +The Mandos wake-on-demand build-host idea adds an important refinement: + +- some machines should be eligible for background work only when they are available through a specific policy, such as wake-on-demand + +This does **not** mean Mandos should get a hand-maintained "build server" tag. + +It instead suggests a more generic pattern: + +- a machine may be interactive +- a machine may be available on demand rather than always on +- that availability policy may influence whether certain classes of automation should target it + +That strengthens the case for a very small `operational:*` namespace derived from explicit machine policy. + +## Recommended next steps + +1. Start with `capability:*` tags that are clearly derivable from machine settings. +2. Keep service topology in service roles instead of machine tags. +3. If availability policy becomes important, add an explicit machine setting for it and derive `operational:*` tags from that setting. +4. Avoid expanding the tag vocabulary until there is a clear service-selection use case for each added tag. diff --git a/modules/nixos/services/authentication/zitadel.nix b/modules/nixos/services/authentication/zitadel.nix index 6921302..bc83385 100644 --- a/modules/nixos/services/authentication/zitadel.nix +++ b/modules/nixos/services/authentication/zitadel.nix @@ -538,7 +538,7 @@ in in mkIf cfg.enable { sneeuwvlok.services = { - persistance.postgresql.enable = true; + persistence.postgresql.enable = true; networking.caddy = { hosts = { diff --git a/modules/nixos/services/communication/matrix.nix b/modules/nixos/services/communication/matrix.nix index 9cd78a5..1d1df2a 100644 --- a/modules/nixos/services/communication/matrix.nix +++ b/modules/nixos/services/communication/matrix.nix @@ -22,7 +22,7 @@ in { config = mkIf cfg.enable { sneeuwvlok.services = { - persistance.postgresql.enable = true; + persistence.postgresql.enable = true; # virtualisation.podman.enable = true; networking.caddy = { diff --git a/modules/nixos/services/development/forgejo.nix b/modules/nixos/services/development/forgejo.nix index 8e99c20..c468137 100644 --- a/modules/nixos/services/development/forgejo.nix +++ b/modules/nixos/services/development/forgejo.nix @@ -25,7 +25,7 @@ in { config = mkIf cfg.enable { sneeuwvlok.services = { - persistance.postgresql.enable = true; + persistence.postgresql.enable = true; virtualisation.podman.enable = true; networking.caddy = { diff --git a/modules/nixos/services/persistance/postgresql.nix b/modules/nixos/services/persistance/postgresql.nix index 86f63ec..f217dd5 100644 --- a/modules/nixos/services/persistance/postgresql.nix +++ b/modules/nixos/services/persistance/postgresql.nix @@ -6,9 +6,9 @@ }: let inherit (lib) mkIf mkEnableOption; - cfg = config.sneeuwvlok.services.persistance.postgresql; + cfg = config.sneeuwvlok.services.persistence.postgresql; in { - options.sneeuwvlok.services.persistance.postgresql = { + options.sneeuwvlok.services.persistence.postgresql = { enable = mkEnableOption "Postgresql"; }; From 11e74b4f2985b80f96d6f9fbcfccc39cbf890d67 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 2 Apr 2026 08:04:45 +0000 Subject: [PATCH 26/58] vars: update via generator postgresql (machine: ulmo) --- .../per-machine/ulmo/postgresql/lidarr_hash/secret | 14 ++++++++++++++ .../ulmo/postgresql/lidarr_hash/users/chris | 1 + .../ulmo/postgresql/lidarr_password/secret | 14 ++++++++++++++ .../ulmo/postgresql/lidarr_password/users/chris | 1 + .../ulmo/postgresql/prowlarr_hash/secret | 14 ++++++++++++++ .../ulmo/postgresql/prowlarr_hash/users/chris | 1 + .../ulmo/postgresql/prowlarr_password/secret | 14 ++++++++++++++ .../ulmo/postgresql/prowlarr_password/users/chris | 1 + .../per-machine/ulmo/postgresql/radarr_hash/secret | 14 ++++++++++++++ .../ulmo/postgresql/radarr_hash/users/chris | 1 + .../ulmo/postgresql/radarr_password/secret | 14 ++++++++++++++ .../ulmo/postgresql/radarr_password/users/chris | 1 + .../ulmo/postgresql/server.crt/machines/ulmo | 1 + vars/per-machine/ulmo/postgresql/server.crt/secret | 14 ++++++++++++++ .../ulmo/postgresql/server.crt/users/chris | 1 + .../ulmo/postgresql/server.key/machines/ulmo | 1 + vars/per-machine/ulmo/postgresql/server.key/secret | 14 ++++++++++++++ .../ulmo/postgresql/server.key/users/chris | 1 + .../per-machine/ulmo/postgresql/sonarr_hash/secret | 14 ++++++++++++++ .../ulmo/postgresql/sonarr_hash/users/chris | 1 + .../ulmo/postgresql/sonarr_password/secret | 14 ++++++++++++++ .../ulmo/postgresql/sonarr_password/users/chris | 1 + 22 files changed, 152 insertions(+) create mode 100644 vars/per-machine/ulmo/postgresql/lidarr_hash/secret create mode 120000 vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris create mode 100644 vars/per-machine/ulmo/postgresql/lidarr_password/secret create mode 120000 vars/per-machine/ulmo/postgresql/lidarr_password/users/chris create mode 100644 vars/per-machine/ulmo/postgresql/prowlarr_hash/secret create mode 120000 vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris create mode 100644 vars/per-machine/ulmo/postgresql/prowlarr_password/secret create mode 120000 vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris create mode 100644 vars/per-machine/ulmo/postgresql/radarr_hash/secret create mode 120000 vars/per-machine/ulmo/postgresql/radarr_hash/users/chris create mode 100644 vars/per-machine/ulmo/postgresql/radarr_password/secret create mode 120000 vars/per-machine/ulmo/postgresql/radarr_password/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo create mode 100644 vars/per-machine/ulmo/postgresql/server.crt/secret create mode 120000 vars/per-machine/ulmo/postgresql/server.crt/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/server.key/machines/ulmo create mode 100644 vars/per-machine/ulmo/postgresql/server.key/secret create mode 120000 vars/per-machine/ulmo/postgresql/server.key/users/chris create mode 100644 vars/per-machine/ulmo/postgresql/sonarr_hash/secret create mode 120000 vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris create mode 100644 vars/per-machine/ulmo/postgresql/sonarr_password/secret create mode 120000 vars/per-machine/ulmo/postgresql/sonarr_password/users/chris diff --git a/vars/per-machine/ulmo/postgresql/lidarr_hash/secret b/vars/per-machine/ulmo/postgresql/lidarr_hash/secret new file mode 100644 index 0000000..e18d52c --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/lidarr_hash/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:Xeu4y5K4WbCig3U0e9wGZ8izK4nz6Su406XDU54RqcTg5pMvIZYUwBnubzwcezO2tQlRNkD6fUrF19Lg8C7VKKZcspLBZFgT+v9Q0wlLMFxcPSaccL/x2jEPS8aCRYIq0IxJ6YEM/52DXYq8lh94WwImXz4IyHny4cIBHsROnqnISeSGeGM=,iv:jdWF0xOnTXh31qOq6FqYsWt5RthCu8wQj10ByyqNTdc=,tag:l936Z/8YFGyHO6e2QqKbfw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLNk1sN2tya05USHo0bko2\nUVZ5elJaeVVDeWk1WWo5MHIrbkJBeHcvb0dzCnJxUE9jaGlJdVFqTlBoUjRZVUxZ\nT1R5Ym44bC9CY3FaV0UvV1ZieXRPRm8KLS0tIGFabzFKQXYxOVJTSW1rNWlLZTUv\ncWpLaUN5RUJnc2pTem9pb0FqS29SU1EKUNIoNqv7djVOIahGFpTPx2r723cr2Nam\nfkSw75HkZQfap8Y2J+VMEVKSeBHFGudweZ3ifnl9p5W+WN12xb0btQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:41Z", + "mac": "ENC[AES256_GCM,data:cLBNG0UUn1D9CdPlhQrkDxety8/cKyuxZctPqzKiHUqOLb9Wm1RwlwfKz9zCQ+nl++jUp5ZSszbcBkwXl7zA9x0K28GVJiKOTL6od5+HkiaEAL/b+qKviYLrLgGbD3mUOyuG0V6gKua/22yvnowtJ02TSK+kxR/xzaL2whIJdAc=,iv:/rE7yeXQA30K/NwPoFlEQTi7THv7din0nzTM4rSfS00=,tag:1lZrzkXpcvNmmxkqbxl3fg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/lidarr_password/secret b/vars/per-machine/ulmo/postgresql/lidarr_password/secret new file mode 100644 index 0000000..c109179 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/lidarr_password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:OqN/Nd+l5GkrSnGysLwv3iOhQPgsae58Km1Wepr8E9Ok8aM6CYAcFRbymKYv2Zvjs3PtL4+oyOjpexxZIe/HN7aGnkadGE5br9RfVSKJNpzwhsyUqmmTl19oO4HdAMIwmTsdEIlllYZusI9VnRvI3CcV/pLMTGQgqex/3xA5/jNJ,iv:i9e8ei76SkfiMlJpIENWoB8NKQu8+agCaxIEN2l+qXM=,tag:aulWo3Q0XorOp4QMim9+Hw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiK3o3K0JOY01ITXZRWXgx\nNFUxZEdHSk81dW10T1kzb29wTVhSZ3JvMGtBCkxQYlA2eThxc2MvcTdSc3JYWXpD\nU2ZhVUJ3bzE1Tk1ERHFzaERBYUhjSnMKLS0tIDN6REFKMDBMbWhWQlQraXZtSWpH\nSXlSeGozU2NtYUJTZzFaWUxtUjFqaTQKDKsTy3msX5i6xd+IgGX6A+UnFveQowxH\niqbQ62lJPPU2gkuiwqbvY+93sKhujayUA1Tu/z4/5fzWPd6hMMucXg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:41Z", + "mac": "ENC[AES256_GCM,data:KdtjxIcS2q1zAoPpGCkhUABkP7JCp2ngSkXyUD2lwOeqD51Y2NdzIzsl1HZ2kpCo83K+Y/EkT6gZ07nzA4Ti9ABOTDlyin408IT7enx4i+0vmgYe8BYCAq9tGmK4fHryl2wyrXpcS4mmyaPdgFr19QMwhCVzZ++1LLExU6i0PQg=,iv:Luq+VPIBHA4iOEC4mNfWJ3fuTNvG2ilEMnGajcqCros=,tag:zwnh9m8dKUGSaEPE48MUmQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris b/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_hash/secret b/vars/per-machine/ulmo/postgresql/prowlarr_hash/secret new file mode 100644 index 0000000..796bbee --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/prowlarr_hash/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:/J87IC/tXapUNAkQAc4h4efJtWd0CX0jQyqA0XeudiPiOACLs4DYxVMC87j9mkKk0ezPmaE0JENESs20XIzE8AoWjORslvoBKUCEyA0yd9Uzh52nEINZXtU3x6ABAlCgSa3TzCFU4VkuLj9AEJ2p7Y809nIFerz+QtVL+MqKxBP9q5nHiYc=,iv:ba1vRxlNJQ6KxGP6nHG6tkpNOAKkFN8bfzoeLcJqxnY=,tag:YrmOAl5HIs2glM2cQTgUOQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYjN0REV3VzJBdlpGa2d2\nK3V2akpsUVlIbnNMVmt1STJLTHVoNXQrb3hNCjRMWE4wdjcwS0orYXhaeEx5QlhJ\nT3FBZStLVWtwcG5IRlpqbmQ3UWxka3MKLS0tIFNJeG0zZlkvOHlrSFgrQnBWV3hT\nQTBoZWU5U2pnZk5WM0owSEY5Z0dqZnMKbd38p09lTl+ZW+RFTTt+le/wU+KCq6Jy\n9q8KmRzWtpoQCrecqFAgNazFxpp236jo8Q8JeSqSiPn/zOuNXg5gog==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:41Z", + "mac": "ENC[AES256_GCM,data:AufJSGx+8KvZ/I8IgQgch8XvKchYOwrSCb+DMJNiGmx7H20DoZlvWW/dVafSFtSgHNyWek8le4wqB4yoTNs9UXLoGoShVGCTQOq+ZOTJkx3DTk76OOyLjcb2mnNo8TUYz1HjYZ0ox1//povwhO40c0i7DAT22XnTUONBQ2gko1s=,iv:cW19v2fR56IQbauUCf1tjOdI5tL/XfiGEqIumISbA8Q=,tag:690f4UNtT9lxGq0dWku7fQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_password/secret b/vars/per-machine/ulmo/postgresql/prowlarr_password/secret new file mode 100644 index 0000000..c4daabb --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/prowlarr_password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:UOdmMlFeEFuJrmWkoZYRDvwZtTrsBlr3EvUmYJKjMJ+3q/BbyUjCHLuZBtYxKpr/7zbK6VwhDFkaCWdVYoMwF6byIg9FTCx5oFn2CYaIyFgzpwZngShAzESmdaCqTtsrJlogEc/IYtsd4w7ouWQb0PFy673RTJjDyYiZk/nmwnwW,iv:LcItmiuvY8TqC9EwaXwyOtcuWsN8qjex8Iw1U7yc6xc=,tag:6ujbLZdksOBPUF666I8bTA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2aHNJSW9ndW9FWEgzTXdE\naW5mZzdwQU5sRzlmWUxBTnpUQWlnbjVuSG04Cm91UkdITHVncGU3dVJnN0pnRFda\ndjROejVuVURTRUxoaVNndmUzUktlaG8KLS0tIDV2eU1PQ1g1NEcwbkhWQWJYNis0\ncTlISHl6aHJvMTM0aWhSd0o4U3FGeGMKGcJEVswB+dS3S11HnhAPsk93c/uhRrRI\nb63lHzv0u+MgWenIGkSSk9ovHcEmt7wfinfiooiDdw1wJjvlQaO1LQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:41Z", + "mac": "ENC[AES256_GCM,data:pz2vaMvVPzy1qD6V72twoDyA4jQ3lk57zjVtNbyWgec+VOiknkMJ5W4NTCDCJpD6vylcpRrTb/ZrM6CPS5BU4eZSctJovIkC6cwOeyliEt3cDtnKPQkUc3CsFAtyq1n8wDXqVRzpklYmtvHA7ie0v82wiF/2FB4f8TpGJcBQ1TQ=,iv:MWz7tc95NgoMKiKYqoeTWr8ERTVTJAdK1QqJRegNDEA=,tag:IA1oWTYeosJwCo8Zr9BFAw==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris b/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/radarr_hash/secret b/vars/per-machine/ulmo/postgresql/radarr_hash/secret new file mode 100644 index 0000000..66926e3 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/radarr_hash/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:yUkkTf7xUyLoQd+aAykxhQwYnP/1Un9wFGss1MunpUQFjTQwYY8DIb27rknc/2V5haSDTZOqq2o7r/CzyTJ4gXROIu2zI2Nh7i8v3HP16nAoBUxcweTDMdGoLeBMtYSpbbA056eOsq4P1qj6UHl//x43gKIjDdl/nc78VQbEw157/7ln2AA=,iv:UxE+6/uUdGAr3AlH1TSvImi7JwpufNQ0sbVRsjVzXvA=,tag:snEnHNYafi3xi/qczfbl8g==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5MWdHUWxwem5UdHFKa2xK\nS3ZnQjNOc2RFQmtBY0FUVG9xYTVxMWg4R3hJCkxiS1dEZEVIV05vUXVTQWVaN3FV\nSDJkTlFJU1B4OVYzTWM0czA5YzBNQXcKLS0tIHlmQUIyemxVYVI2TmxkU1FuYml6\nNXY5d0JMQTJlWDJjTGgvSVpCUjkyNnMK3HhQo5yJOs/uA2Qbd2pazvQZzSiM/TVE\nAfwlO+h+co9snnlcwO1Uy9NxPGpv+6KqlEgtCnYdXR/V+NlbtPbzBg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:41Z", + "mac": "ENC[AES256_GCM,data:D9s6HC1/5J/uHf4mI4b1wJySXGbQIrUazc3BmIVLdLfRAau+RiBRQ45BkNMIyNIVHk3QCFbKNN3SpL3VIgkJB+RsuIc1B3em62PV7GcpI07tT8rapCeKv6PFZTapBllltbFtVq0H3PGiAeymwB4C17YN4e7LcaqSfdSdDAKgZTU=,iv:s0AjDgdkR8ebA0mn694CzUywIv2mzgiHehJfs2Xbhpo=,tag:W5xvv/Pdv9oTtKseFzNzbA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/radarr_password/secret b/vars/per-machine/ulmo/postgresql/radarr_password/secret new file mode 100644 index 0000000..7a993b1 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/radarr_password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:7V3icDUPA7DwM+phBqtK0YYhopi+jvRLRqZ5OkzLgvLxRlkqyZbo1DrMKa0QXo/r2blQjVPwzE5dJdsVnmZwENJj/LDXlwtsK769c/CU8U0v9i7wE8nE4pRfjex7Bpx5a2zd8uD/itNuAOG7bZNr9NbGfE9CYYyf9NR6ISqKVtyo,iv:JypYbHvlbv7sT2YTji4RMBixqVZ8YLhbpIkD9PlW1Gk=,tag:I4wP7Ifz+G4YK3p48epYHA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUV3hXbDVxcU1IVHo3YnNw\nUUpaK1FDNUxNdlZWNDJSckE2bzlnTUZMa1g4CnltMDU0OGJkakJjdmo5ZlR5SEUw\nMjlvZEREcGpzRlFGUHlOc28wSk9aSFEKLS0tIGQ0eDI1SXI0NW5yeWttQUo2YnZh\nRkFxU2huRi8xYUdYOG5iUk9paEUzdTQKhgLhOub3Wne7LfXNNMHN1fm77Y4I/giY\nDGdALSGTzy02xI3lwmFWUbawcFpeCHmCYXECwANqAhkGXxevmhNcrw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:41Z", + "mac": "ENC[AES256_GCM,data:Rht8StG/qlBGivf04zRawLHIZWttoaKCTUPBq86o+HJmG6nznSOQJ86op+FnhVcnKXdU6UJIjGUA5fFIeq/EercdC5DvBmW6EFe3fJ7VMljrqwGb9NhBPpaeNrxxPJSomXfM2C5UuECjf9mBoBy/G3/y+Wn5/CD+LIb+SpgfYr8=,iv:cKtzZm14pK/F4khbOtdEw6G1sovtRoSj1DgXHrDsyhU=,tag:t1ugSzTtetHFNuQN5N/P7Q==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/radarr_password/users/chris b/vars/per-machine/ulmo/postgresql/radarr_password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/radarr_password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo b/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.crt/secret b/vars/per-machine/ulmo/postgresql/server.crt/secret new file mode 100644 index 0000000..e091f13 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.crt/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:K0AmALheUEBDzDFYC6fmntZl8WJC0ROSTohxzcR1K+f5AEQSXd0K/K5wWSFSHqn/7HfiHRrhLyF1x2C1uatvP4Ns9yxbj+iLRJFcE1r3WFQ2JTOH9O4T+eAOIlxU/AdCfvcxtCjkYt1xBpbu6JIahRbMTJkdzJkRHVqKrFbYC71SYBTVk603Kzn0+cfkOvUaqsmyrW2VpyPKPhutf7A1wz1yOobZhnXa0qazSy05qHant6XzzIM0p7JN6Nbl08Hk8DnQuwLh3rSlnE935MtY6yBgB04zqe1sATaxgTCIpHGxVtwmWGUz5sVO+D8QhWSNu22ocgmRD2yzO3mmOkzGIpTicruAD+L3QXv7HHQ3Wh5sNgZ8wxDtLTsRXy9We/mAe34DC0sEI6KB85oQDQ1Oj7alRyTxE9b6ZLwkneG4ugAOEN8NoadiuEwY2VeKnHsy56uPcoYT9OnobHzj0rGGCTAAT0yu176VfWAsMkGXUKbKDc42GB/e3t82UlIFLZLI4VQTIj7GD2MQE1DfEyV8HZq5vLrza9L9lIFpvlwOD6xsMq4t7m9Mc29fy9jydUqgDWag0/rkeVtTYXQ4AIK8aI2z9tb3nWzd0QJTNomnE/3ttUSuqJmQPpnxlyMiiwBxobBnpIo8jsunlz6S8C4/PB8lFmFLSbSLShvCsu0jnuIv72uuRr88zBWhU2Y1jkA9crxs2NBLcUIccJyeCaozENnJFvV1auuodS5UnoZbq2uCFcp8UnD6RYbUOEqALnZ6J3F0Phl3Xl3M3tKKyhTZ6SpsIXcLZ73exZASg8qXqShJmOUQkuYqE5zbdPDGm/+IgR48NJMgw/DpjKUSzq634K9jE33hPOLPCfklVWx/+nRzJwBQJYAdYlooD6H7sj50167GwfHefoFPMQ58JMOGsfdjgjmm0TJjabCoRjH8+ik+S8wLsfYDgYm+v/G4s39IYtN745P+u2xd9wwXbQnGSGwRx+BYqUNYhbqy8NWp709j7+poApLG4gxvd9QkqLANQ2VnDS6PrLludbAWRvgcPTq9k9s+lw+brSOlGItBhzuvw8uqv+2qZHMCS+nfZtulWynD+mD+OcS31Qrggi8GjjGRZQhEk2SMQCduubjONlZ2dU5BLkGsponWWNM6omJaucBf5BtlhsVJ+050FupT444eVQjBQN+IFQQkorbehxGziGSQU0l5PpaJV8N1joqiJNql/TvWQDa+h1/Ky3jNBGGx7EftIt3cxXjrMpuhGlkqjZ5ZBbnB9zsYG74yfAHbnLeuhftaWYioHe22aEj8cThGf67/IZFLFJ/u6r5kKBlzSpmLM5hcUZmRuY0KuPetFqx79Zj3GUBRRm+wIXTKzYBDIaXmsH/mQk25Jh0qb+ghWff9rmFDrkDFIwyV6mXrhrTAIt7u3H3o8/BpyvmXD2XxnWs/GfZaANer5ySowPBE5kAAIQEBQuUYgBETaiDSx5zDhdl1lml51Qx357XlEcmE7pFsTKvtDfkkRKiqdvpdz7eROLX64XIRyF78L0GUEOqNJz4fW+ZVlSdLHi0HT7d0aXnM43ksQ70nZEU4QJsu1xfEKVHjFnsaIPpMl/WN/YiQUtpYry9jZOWGIaauV4yYQsNHj2BnadaYNoAJHfBtcixBppWzAHoNQvFTKS+fZGY5uOYKcPt6ZTGyn15EucpkJXFhILHEUssoDTeM1kxoUWQUYFRuQmA35wzXbYUBid6iUzw5S1KyXxfE3aVqjrALJr45Ft5ftIyGBikZRBN75uBnJDgIhG1I7O22VyVx/p2pii+lGUAQGk+ER3FU07yaLs58BvpzQ0luNQxqieex0AxeB9GE1XSp6qgr/+6c14TChu6RzOm2pBkaWFFgpsW9MdSO8w80fK9PeUuumOOUG1sFCKBT+BGwOnLGoFqohtjfw0U9zzf4TNZM6LH/+tHekoMlYpm6ogJdcHs2stbCQEHAAsmvHmckY0je8xgm78qjo4JEEA5hdnPNHbBKVnll3XdsnA2szZmPxCg81uVblXwTHDEL5eJc/0ukYZZohpgN4RJF/mOcksC5FbBaEwrQFfgx5DXP6/WVf9/eua1GQ4TqYb+3IWWDUHmhBvnF2ej9rfiOT2QmaLGbLLtm+oAduyGwtFyWrP5nXAm6EyEy+2zch0VYkORY5hPJv0hToMkCLbixbB1Cb1o7kKH4wE0Kg/oSDmeaMfjmmWn2aBIqiI2ssYJquodpB1OeCKQS9cA1qk0X5nEomZ3+4jBUN6ZfRgLt9B9CNgbk20O0HCSVRjblRRLWSEKKldM7G8CG/kk4SuThvYwWRkqEFcZS6agHFTBikWLli6kcExy4oVJH2L6Heeu2hC/NS7jGM+oc/2feVQul1b53TM6Wfhper1EZeJRoKLpS6CP9dNwflS/z8ZW6eR7xkB2avR9mNG3WwSNBn54uRyiJvJHYvtz284O2mU50R4c22Q4SBpPrugrKjpoiZ2bwEinWqC6hQEZHt4bAell+MlwMuxUA3qyU1f3jg5mPcUU5OrxFDz0gE4ppgOuB8zyWWfLzk4wAYx1xK8VpaoE7I5XQMRkvqPW8g7Vz1p4Pxog6W4sHpBe0XYygg9CONk5qDdl9Owb2AeGfcJLdT9I9xAMh3slne1YNqYAYHkNICY5LKmBfGhh8JV8WwQBl2xG+0/U8iDHEDjj9z8DkRtE/9e8lIT98QRpraE09ckNpHIIO6nbRpjBNYrvKHhGZE/pY4VtFWzYPhfe4ZszX7nrDc+1J3EppY9PawrPn13P2rDqzcp7s2BNOcs5Qc9A8TbNNAuL3KzvaDz9CaNbifyc1lrYzxtb9m9Bs9ooQCcM7gTleppa4re7DgsBB1S+rCVIjQGLXJhVUlsCcjaWPnZa6UYkF6QeRamoY9mJ5YurzPhrUlZAOG5cgz7s88Ec00ToVvhss3elhfbdMYrsFNxIVvXO0TPLi3+oXNsrdEH9ddr2AxRGI1whOhQGmhvlbVRj+LBwag7W6bXUNiBbNXkV+U6nfr0QtNXftP4uHdf5E+DqDvOKeq4cdV1pBJScpfWuQtHZGNFvVJBZ+huRx5ndfn8eP8nEUSEtEUMcVQObU87BYJqTFKoDN2nghpnQBDMgQzuiXJFv0IDroNZbiNFmhLsJ32B86dEp9pj3dWL3qsz/WHhno3ZW64WHd7+NlJpsG0xNYaS+9WDrgPn+hpHpoFl3FGX626sfGdkMB0TslLFdRWh5tvg/ph+t3NHztQtoCzalkFMpXDVEMYMQnj1+wajiy5ubP7e3H1d06btxL2oaXc7/HdckNff8p9R7Y8U7y9X43gZdLJfdIlVtq75jDawCrp1s9OR0IqpHeCie7U5mWv1feiUuO79NkgdVEj82GVqpdDQHB0jYeiqzm8xswSnFYgJzFrDb5I5+TAicVac8Kp7+S1WEMqE5kEu1pFkp2Tpx/+ckxqydIpu3xaZDfmHZJGQDBPUqFozVz/Q9Pc94K9N/z7Z+Q8c1HLP7GQ689I5Ex7maHAwCXYaP98H03v8DX6YEGnmYXk03F9+DwlDnizYJcSPEXZiqRwwaOj2EbCV9GFkiZO33IH1qONK8t9NXoLRdyAF+nR1EvaSslMPcgQffkpokuEVHheRlfeYauztJgmbEwUjGnI9vRl75srRXAMtqCGZyM4rt/mr0z38rPRQrrS8nw60PmNk6KxTb9CtQxrHy5mxdJDlyq20gY/C1SWCekE6+Qeqp/07Y0btKiCWsS9D+Xb84kcgOMdEFiivGftSePEB9scXjXCJr3DGJOWP8kHON9exeMHiZ3qSvvpoIigluVkZjs7Ulvz/mNIY3OjJF6yu/eIzm+sNelwZWTdw0gkdQALZjf171u3jqkIuMOrg+jSAltPyb57ER6FQYHLJGI10yf7StkrnhlY27xdlH9Ox1CfmpToMXkhsnz91VA7in9AxMYfacBP++S01gjT/Rjz9nNHrsG+5wou95reshkR0mQm+QEcaLmle7yIEZzc69KOfu5xKbqjT7GvlRqGlptxXDP2R/GfV8qCZQS8+wGw7ulwZU5XBAuC7XJihPRdYmDA/F72iEEfrwNYpEWAzzxKosSuAJbK2owFB7Dp547k7/28q/AIDpSpDHaud68jKAfWDHTwQHS46a8rLOYUbiZz3GWCvnTVUKQ445Dp6BAizp6s5Jit2gSc3u3XmZvCIzO6YwA1QrQgJTS/zq5+6c4nm3/FzfhIaCACZ67iP9g+IPYMTxEIsOILE8zVRuMxyLSGh7hz/E9lJreZnvqnp+KwX9VypK2PzbJgjp1blyzmsIQNro4Gah3Vb0OxPGcQ14kVM+aoDt76CmIbUYwLHgUfwcFjL2G3jN9zBC6EDGuq12sSqD3ukF2BdeqrH4RV71p7UsyMngVL1e0ul3vECT+p5Z5a/KTUn2sP6ym9V9KJNaU+D83XFW9VUU7zWt+3zPgj5nCthKaFJps4wTvuLTo99IT1LKFgmbiJbPuRniyKeaAFfgfM8ppLkAHLzJLPqnjyzLunkQm0hWwiwbUs/tS7Z4x4lSq6MUJqc3LcmB4P2suxLcC1z4zxgzCKfDn+t0dKTDHHEjzPyfvbx7A6VRuGLQfw0eXhfBrah0HpF6MISrW2KTrid1IiJDPDC7OycFkFM0iPFYn6BHd2WQL5v6G5ohcKEiTVzdujGKJFlQ0MIvniA39faPLyhiddSjyqsm71lEOstom/dsnfJd+pwRqYo0TFaLDBZllL675Msl4SXClIvkVpFLiDD/OS/iz3xcDy5/+GL+QA7tWaSlgwIQBABh4IvFuEjVWp7oyWndSU6il05gsoLsdHZeiX3hGaWqHgs84TsoGM5xr3Pz95+IDAzTgkc75ble0zGGx+HU2ChuGgP8K5fKaBZkVBi9/ctbiIawZe2cZ8AKThnkz0O4y/lgpX7cCGx1eO1RpW1Y78ww+QlGcsiSH44gQ8/JhY5CES+KGXvA4+CWDcLrpfrxePmIbJOmuciqivUU4ttnjVKmnHLNz4IXVcZKrKk6XefG0XaJcNZgiOmo7xmXOJ1L3GPv9D8ZHz4GTiis5Ijkdpnt56mR7JKFn8Wom241MYwcTRuFmqC/jriwQaOoVavlYX5B5M9JZHmmtoKckCTitiY/gmGrqpmwd0ImmMfYKFObdadCi45HNzdCaFbXIpdjBAsqdjA/YGwEwL0iQcWK2vt9chWDU984CMaNOpXRWwkQbk8XxEFiFuDLEBHH7lg4UNscnVuN8g5pMH6feFNzJ51jlYg04IHRAJf80vtZVbBaE6N2RNrgaQtqlCXIUTe8JimdVNYj1w5svZ9BlF5m1HTjfQBscbvgZTYMTMTD6WwxtdHpZOlM5OkIFOyvGqIkFFyQ7x5jG9mGtXkchr1xfqgCryaSsqk82bgRoJR4PXVaNqtFTQACQU4Qiy48GLWQQJ5LChkQsN9Uv8z2kocLqvHwnHJT1nKz9eRcVKpps6J2m6T0jk+zqZ59OPA83YMMK1erj7u99KgLvhZDTx4wU++ZdI1Rf,iv:Q/T6gncoIE+fwR8uaA9avbjwJr2/HCf1B9VeJBTbVz4=,tag:pAm2+br8QSNE3rU29++Now==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0OFE5TUpOWTJWc3FzeUxG\nb3JwaXdLc2hJeis5SzFkZForKzN2dUxWNTJBCnloNUVGa0lLSmg4T25FanhNTGJr\nZFlvRXRrbGJ2ZDBodmpPd01zWFBPU2cKLS0tIGNJdzZwRzVmSEJCaXBqRVEycHgv\nWmFaQ1NPSG5JcmswVzBZbll1aU1TZTAKtYWn6z50g+cWi+MWB9jgA8PKun21iENp\nYQQDL/MSCVxh4oShSaxliK7e3zDwXZTq+P4yiOiiCQELfHs/VxjkTQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:42Z", + "mac": "ENC[AES256_GCM,data:a/W+HBFVXtRutt5ijlVZivbGhYWlwSzoL24Vwwug4wC7YEJ70g/kUwwHjljZqSgMBchA11wwG2abhuF2v0Vgo51/US7OKDl2b/3XzSGSifq2W3IzimpLDF667GNc9lfp26eCLNvwto2+lmgYg08Nvw6Noxmu6iiW/3fIt82B+Hw=,iv:C4kw4ypHOfDymCqOF7f+2M/yD4dOT3OIJ0zwodzvdzM=,tag:JLNcYU3KTTNXnkZJ/rBkAw==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/server.crt/users/chris b/vars/per-machine/ulmo/postgresql/server.crt/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.crt/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo b/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.key/secret b/vars/per-machine/ulmo/postgresql/server.key/secret new file mode 100644 index 0000000..2776973 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:OBvwReHy9NFRblJgteTxXtyzk+zOt0VvMx9dkSLCgdPRvc/dOLdePM0ff2woTiMhQAjWv5gFX36wJCnVlAMDtcAuLpgVwYwOK/smrpXG5iR959eya2Fedvja3JtbWgbjfMoodP4pzNyOJZDtm9Bc2LiuSrAGjaesQNtzqltI3G1xJQ86xpN6hUMiwRUSCkjdaZrhrk6sLO/6+T1AzvjjuS8sNh4TnD0moggtMklVC1zokwSSy1dCt/9Yhhvm7jjnbayT5zEGBEEXwjLzO5AAYDdNbbk6761xZPZ4mG1rN/YHVykpJc3yo9H3MFiVqpHzkFvU5eXe72We0HuqV46epPRhTcw5E4P0sIJYpdm/RVWzuHjy3PqfhJOmQcmnC/m0hiIH5+OwkEFfHTkm8KrgQQ5+SRoBZa+7ZXdRqothxwDmAwRVosiMZxTitmzNWU4D9J78tVYTigoraBazsBGgoFPHG/o42RBMzUHlzEcFhPit9tBar7wfhlaCNER+P9MY9QJRW1yVzNvcBGoBUPQjKkoju2ikfkTDLMCbQSdIJFPEUtzA/iqwhk6kZnvQKsAMHpiH0bYJAmouKX00GhsZN9TdlkRmgxGF2S0NtEsx8RHck1TBgGUsJRqi5TJ9dK+b/9jA7RPSXHntF1jR3rZNNNYaElD+PrZGYGU1J0iob2u0h6oPzfCWIWgdJ4un+WzNkjCx5O6UUGMIdtsFiqA7VfDS0Zcx9bmqp3Y8JGs46Vo6XFFJA6GoSYAmVNSr0ktLHWc/vS28xwp+60+KpJ2PZS+yZfOFmHntldDHP+OrWX2MVn+5Rzk1mHCdmkJfLob/Jh7pLwq+4cPdiLFuxLWS0v1GRS02T2uNrJ30h5+8BdZuqupESnbLDsVm/OUhqi9w1sR2bfkRbjlCak3lU7teIf2Ycd8D2S19AdRaELVRcVNFrCcr68zqu1RpTjCX31C5EwhfYSmzRNnpI9vRcNNbPNX8ayXaYuRnJGvFD+arKEERRwvdplPxIa349tvzmW9PT3ahxXC8pfbEmXxK62THHB6ERXe6/WLu6vVxG10+75dblzR7r66g7FV0xAoX5xNlP+NK5cvC9GkjESxRApEvQYUQr2QBcBkw3jwK7nTILD1vqpWCKheb/1HX0EqDzm0F8bJsA6V/Au8FcQoBSp3XU5/nANRw0B+zUNfe33mWQZJUYQ3JohDXctv6yULYYefGZ9IeMTsolt7iR+mZh8v4vzdpwKWRyShFNopUQi4aAymKPDta7B7Wfaexz1UVmCBiNOVOMXdgBfvqLEou3YfJzQn/8w84Y/NxXeNyF9qiiapen1Z8860De1aVEPT4jVt1NLcYy64jwuoj1DU448uolIOATNA/ZmO7KHlaxsUbjOfhGPWJxsHWdA7fsRMvGezzYIFcZKDAYEaIpKQCXNOd2GnkdonGUEgPSDFT29p/AA7bJipL1aaLGDaAR2K51cAV4i/e8ZLssH2CaKJ+FLiyuZSnD8EEwYkiLMlZm58El1YTmP8bS8/8sQW6QlnYOywVfC/LFHlScCSXf+O7bHVzk/RtHPKEcXChujUV8KgnzBc20XN+kaXA8oc49EWcBy15FT8CN4fdlQMsm/WyRHRgqnMj/uwnL5wzPO1si+MJp/0stoXpSAYRcqQAA+iYcmgUPi6xO8QOCbYgwGULLEde6vKZuWEBfDVzshhYAyZSx7AvmnwWH03rFzQw7tqw4SB/5pMmIYrBmRTDmFNzmi5h5KYOlDdCGTslr/4H9oENpKytL0X2JaHo0pkuzMvezfDONUBXdCERktS+OViZ/wookJHHKjE55KNSgiru9XEAaaG0jZJpizWAXuwGaeMUD/ry4z0dCWZhTS+nlOQtaZGUOucbiUlfDYrWmMcvBU2iJbN71yzbe7O7xXiqzIIyq1s3gITEz+eiKcEAHf5TJ6E4qvgV+yiezAnFNfl+rPuTSa7cZFrlZWH+2Ml1TauFDCQQOaiaAybveuSMFbrQorO9YX+kYXuVC03fGk6WsQTz8V5ls3G+DylgqwyOn5l8y7KU+AugCgcrQf7f6j7+T7qloi4n25FND8Zzrib9XFqkqEYVxFuxfSk3QPDHoWHKWK/4svwVhqVTH3KhSlUEaAm4VXYoAKQS/miQe4+InxqDYlrueS67eePTV1WlhkrW0rU88comTkWs8VxNdvpTvX4mDLLC1zfaVLD8JhOUBcrIZLgTiEin5UamUxWTZbZMLrfoOgvQ0d9dWIReZj2R3bxfshTbeiw7ccdZ,iv:mIc17mnuhi0NXN5/eBNUhafdj7Mp6xYuwYP8MnVMDm4=,tag:ti4JA+LH9CLqG0r2E5lb/A==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNW1SUzczUGJDcUs1bi9a\nRE1IbzRZZnBqclVqUHB1MkJzNTlaVmhDNFZzCnNEZmszSm1XbWE3ZWFpREJ5SEtH\nVjE1NHQ2aldCYmJmQjZzWnp1MzhuM28KLS0tIHVyV2puUnlKcU9peUwyZ3Rxd0lY\nbGhjMzhWcmlpeXF3SHlISGdpWE1HSWsKjgz0fjbbJ1JXriGx5GaVT4eNAYKOQYem\nF+QUGih4fT+SjV6I6TzxcFGIMn6lP7qlvRieKP6v/21o2E37tIR+1Q==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:42Z", + "mac": "ENC[AES256_GCM,data:aK0bJLLnliQlEW33up2TpqiHjUR8nlu+cZKLMoT7CnM+squwPExYrajIcWhIwxS/Gxn/Ed7uAMGJN1SC4qdT6Osdkfz+dY/CqgebZ8eMgGox/CWpvVWSg3v9GPRODa46zBsFMpxvN2UZLrgjCH0fOvOJuj+UzISgArcOz9qrSgw=,iv:PtIm7K6b9+RqtGD/NOVFSaIWTa41UjtBy+aMG4tTop4=,tag:w0auKh5yaY+mPFSEA/Dt4Q==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/server.key/users/chris b/vars/per-machine/ulmo/postgresql/server.key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/sonarr_hash/secret b/vars/per-machine/ulmo/postgresql/sonarr_hash/secret new file mode 100644 index 0000000..b8e12b6 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/sonarr_hash/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:vzXckwwFhF4wB84YLxDcK1XjyVt6tUgRFfBq8IyXBzTLsDmRlHT6SZwwdcCTQvOSwcHLaz9rEL5on410haOEGjrw5lbW830XUi0wKZs/We6av7JLNtye1amU4htCEb1mDDoyLzJi0z2nRC2vAGpwGwMjNykFZ11oRmxjALlivtWJtNvR78M=,iv:monIY0F7qlntov0L78G3pS2WWLRzKm2VAGC+QXJmVOI=,tag:L7KmaLETovL5eULz91s20Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOMk1JYkxTdzZyN3g0Y0lx\nTlhLUk5zd0JiM0Jtc2dGMndiMnpBaVZ0cGxnCm1INk1RL2ZsUSswVFRRdmtqNFN2\nT01tRVp4UThLeVlveXVGaVlnVnJWSDgKLS0tIEJhRnc3RFlES21SWkloTG84eWRt\nakpWckJzU1BPUTJMK1JBemUyb01tZmcK9L8xAgwfEla1sUpOIm4wY3dyyEjDf5wZ\n5dinJUepK1rj5M/O8J9EpxCG4hNcmwNNaH7jGLMRdpT0fQmLLBGH3w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:42Z", + "mac": "ENC[AES256_GCM,data:mzPlHpBE6NE0LXPEvlz3MSH0AzjNUQOpGMawWdvtm9BiJ/SGpdn7B1gpCcCnBfOUPnYvTrYZHCiOQ0XAv8WLOj6EXGtqQMwvGKQzLc9ShSIfD0zqf4kNPQQP4c2uSkZpFIf4poLhWM6/k7oLeDFP77lzQNuKW1IugigK9xU153A=,iv:8jN/g8O9UIZF4EuOuEW4XOsnro31SHR0XgNm5IPhXbI=,tag:kY194TSK5OVVf7a3yt5+GA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/sonarr_password/secret b/vars/per-machine/ulmo/postgresql/sonarr_password/secret new file mode 100644 index 0000000..1086480 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/sonarr_password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:48ktISIY/ZnEwkegyu4RLOXAqtUAXlgKuWn0wH6loo6FyDGbTSdizdGJ4sh+EmGQbKx3s0YlxnfLJMnjKdfkKaBE65Duc48ZNQXfQ5BYnm/ZyvYMQAS/7tOUd1pC1fQSOeKk+/U36v4U3XHsq+x9lMVx5FvgN+E3t69tMRL10ja6,iv:ZN8eouhO676eS26mX97apA/QzFhxiotOKYGkLG+JosM=,tag:zr5TLUXKpR7ma+pO+onckw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVU8vVWIvMWFoQzY4c0Vv\nSlBBQ2NyK1UyeWhyWXl2d09LTWdER2JwMWlrCnpXWThERjZwMFVUSTFRbE5OM0t4\nUUFRRkorcERRU21hVVFObmJ0cGFwdE0KLS0tIDdVYUFTRm8xTGcrMVNvdHBsTVAy\ndmx5eTRtQzZyUUcvSDVsemZuQU91bVEK9QgqVcVVtHogGsnWqxaatYx0E8EpLvai\n3q2kpV9mlxAgGOLFlOUqSbRvHEEleBIzukgHO3uF9R62q00HsZAd/A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:42Z", + "mac": "ENC[AES256_GCM,data:e1a9V/G6iMhs+YbN5H+4CdLU0DU5CpoGm3eImJPzpv2Hn7qrYMrym+5pmCzwM5DnqQfRRsZ6G0wEI4hatW5ua5i32oqlts64i0ijGTKhN4HymMcQtA8hrW2t9wCaies8DY0vdE2Yf2JaJ9xf2kgLBsb71FvqsItW4qVFZEyLOUM=,iv:yHLt122NXi1so0eg5ix8LLPEKnsMOs/BRenB6vmmZos=,tag:+hecyo0g7TpUapbg0G7QlA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris b/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From e941c305b800006987be8e8d271a8c613dc6e6a9 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 2 Apr 2026 09:25:47 +0000 Subject: [PATCH 27/58] vars: update via generator postgresql (machine: ulmo) --- .../ulmo/postgresql/.pgpass/machines/ulmo | 1 + vars/per-machine/ulmo/postgresql/.pgpass/secret | 14 ++++++++++++++ .../ulmo/postgresql/.pgpass/users/chris | 1 + .../ulmo/postgresql/lidarr_password/secret | 8 ++++---- .../ulmo/postgresql/prowlarr_password/secret | 8 ++++---- .../ulmo/postgresql/radarr_password/secret | 8 ++++---- vars/per-machine/ulmo/postgresql/server.crt/secret | 8 ++++---- vars/per-machine/ulmo/postgresql/server.key/secret | 8 ++++---- .../ulmo/postgresql/sonarr_password/secret | 8 ++++---- 9 files changed, 40 insertions(+), 24 deletions(-) create mode 120000 vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo create mode 100644 vars/per-machine/ulmo/postgresql/.pgpass/secret create mode 120000 vars/per-machine/ulmo/postgresql/.pgpass/users/chris diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo b/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/secret b/vars/per-machine/ulmo/postgresql/.pgpass/secret new file mode 100644 index 0000000..160c934 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/.pgpass/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:2U554h8cF6ua7k9ZSKBdUfv4RHy9B+qtwNoymyKcBPx5l+cjO+7V1d3fvT3zmflGhmCvhBUdu38QwnaOkL3+4cNpZjFlaqSeuiddXe6DGNMwFB+MKIIFfdNSb5hSi00vQS9Aucl+x8sPZ1K8bKETQSKnTJXw0cW/O8z0MPT+ixpw3PWZd/vGHyqOA31obokhfa8BloQ/NJcDm7X0/LM97vf0BqsdMSQE3jUMZ/MNZZ3SAgNj5jKuRJipWrDeOgVexie0CySWkmFZDFGK7j3jglfY9WQGJa1t8mDrkABTvEm3imXwxS4ahq6SgRf3UvW+6rqERb/u0h0/2WbjTGRbBEBtuh9rKRIHHVE7XIiiUsrGHiDI0yAjlggXDM45tKfYp5emPutjK/XOYJ1XF12J+q2dnbOz1hxFZV5o2W+b6mKSMWBqE6jttRTPPZrb54QyC63n+w0n7kf+uVvJHh56XqhHSvrXBU2l5TTTz+uGTGHsRiohTE1oMbTyUDr5U66Tc5LHRDdGgabLDbpjXvQTm7unhNM5uUI8fprzo0SYepmwq6fVEpRidoJ69qqH+tT0vDI/+58LuTQupBXqPQCon2B8qXLR6IFX/17imxv9F419CRqq0TOgeRu/mVLFz9cYn2N1sC+qWvOlM6nd6H0Xgb8lGzVFgt+ufy7SxGl784/TTZdxlAkSCn22f5yaejRGjkU11kzeUEo2UedTeNZc5PzoJc7wtp9tEkf/KsVIU68TKjGVEomfPGTBMBvMfKZj72GyXJ+daDTVwPvcKD47VI+CJpHIDznHHlzOqKqK2TJZ6htvtUxhUfO8KreSDZqQ1npwidrZ6W/4JmoV0JU=,iv:i5BmzaIRsxZDL+1s2Wv4BYYJdXCnShwPgq4aSzSaf+g=,tag:lvkS1GksA6RArl60Hsplsg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTXJLOXpaVDF4YzRUNmhB\nMHk3U0hxdkpBK3h3Rjdxd1U5ZUoySldnQWprCjYrTzdZQ3RzT0NtVituSnV2SWZ3\nc0xrTFdRVWlLdVpVNlQ4WllTclo3ejAKLS0tIGx5dnFHOUlwOFRKUS9vRDY0TS95\na3g3MEsxY0psd3dPaklRamNTUzcvNDAK+6Q/FZsRy6jKs4THvoctrF48hnK97TR6\neC6qSL2ix4pPt0BhPb+Ixcf7KMDR99wwved78qJioe7bt8859RXltg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:42Z", + "mac": "ENC[AES256_GCM,data:8363f6CzLK1ZipGSVxaQcMMy+mTh1AL0U4W8FiqXuLZt6tzcLbVUqfSVzuzAmjFaiOldfriPiTghnQGqEZhe2wdbeOiSAv0AIw19GXTYsslbdeNSDXbxUZ+p6mMESkn2xi365mfF7UgNZulJLa+SvSHiuPkxb/ESauVrXw11ixk=,iv:8j2U9pgjsURZ4bAvBKzIJdix/FLml4METeoikTl7jE0=,tag:K1ycWq23HYT1PIbZM93zkg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/users/chris b/vars/per-machine/ulmo/postgresql/.pgpass/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/.pgpass/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/lidarr_password/secret b/vars/per-machine/ulmo/postgresql/lidarr_password/secret index c109179..35fb209 100644 --- a/vars/per-machine/ulmo/postgresql/lidarr_password/secret +++ b/vars/per-machine/ulmo/postgresql/lidarr_password/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:OqN/Nd+l5GkrSnGysLwv3iOhQPgsae58Km1Wepr8E9Ok8aM6CYAcFRbymKYv2Zvjs3PtL4+oyOjpexxZIe/HN7aGnkadGE5br9RfVSKJNpzwhsyUqmmTl19oO4HdAMIwmTsdEIlllYZusI9VnRvI3CcV/pLMTGQgqex/3xA5/jNJ,iv:i9e8ei76SkfiMlJpIENWoB8NKQu8+agCaxIEN2l+qXM=,tag:aulWo3Q0XorOp4QMim9+Hw==,type:str]", + "data": "ENC[AES256_GCM,data:gg2RWY7LWZatJHN5mWf0YQUIMHnM1NR9qao4WjNGZV3K1spzamyf8kZNyFC6vKxsIa73Ticf8WVHCheEPlAVWojcHqBiABIvxtD7tMdJO2w3T10RslKMW+NXGNh27mcSBBGepCb7a9/O5D0M+3/m0Pa8BX9gbvidRlJ82rW9baJf,iv:tx3HXIYzNOB7zeNs+tVt6Ti5Aa7/vvuhEAblv6E/Roo=,tag:ic/74zvvT3OJyC/sRbdKQg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiK3o3K0JOY01ITXZRWXgx\nNFUxZEdHSk81dW10T1kzb29wTVhSZ3JvMGtBCkxQYlA2eThxc2MvcTdSc3JYWXpD\nU2ZhVUJ3bzE1Tk1ERHFzaERBYUhjSnMKLS0tIDN6REFKMDBMbWhWQlQraXZtSWpH\nSXlSeGozU2NtYUJTZzFaWUxtUjFqaTQKDKsTy3msX5i6xd+IgGX6A+UnFveQowxH\niqbQ62lJPPU2gkuiwqbvY+93sKhujayUA1Tu/z4/5fzWPd6hMMucXg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6S0dRVWpsM0ljbzFvNHk0\neE1DTWVWSk83YmFhZ3BOc0tjTWtJOUZVNzFBClM2eENWTlVEcVhNbThyZ3JwMnFK\ndjFLT2dKZXN1eGJvcFllVzVsNVNTTVkKLS0tIHkzZThXUGN2MWRmVE9rNTZEQnlj\nWERqd093dmFCeTBneTFZcm5oZU1HU0UKRs9RoYMB0FpqWIQwve4WYuKcH4KVkf+2\nl3npJK0gX0N6EUGUFtcOuXy+A5WSx31/SnwdaNo5wnH/9MCJT1wisg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-04-02T08:04:41Z", - "mac": "ENC[AES256_GCM,data:KdtjxIcS2q1zAoPpGCkhUABkP7JCp2ngSkXyUD2lwOeqD51Y2NdzIzsl1HZ2kpCo83K+Y/EkT6gZ07nzA4Ti9ABOTDlyin408IT7enx4i+0vmgYe8BYCAq9tGmK4fHryl2wyrXpcS4mmyaPdgFr19QMwhCVzZ++1LLExU6i0PQg=,iv:Luq+VPIBHA4iOEC4mNfWJ3fuTNvG2ilEMnGajcqCros=,tag:zwnh9m8dKUGSaEPE48MUmQ==,type:str]", + "lastmodified": "2026-04-02T09:25:42Z", + "mac": "ENC[AES256_GCM,data:IyQs9bLqyo+L7A0/9EU3LxBj8XplTbQn3Fo+/goZzpLW7ec3LQ0BpVo2I4OmXGBNg7FZxPWSRZGFBYY8wGIsnR/ds08klRiZAubeO2gG0mZGCf4HAywEJ+CL8aTv/fxm3tRAEidMd4eIXyul6AoYIwY54pOf0DBepgwieJQyBmM=,iv:7QNLVgVWlLmsa7Ol0sK7ugy2yLy9TNZapLpi1wMKTtM=,tag:VY9x0qKXyWp9JnSQu+k78Q==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_password/secret b/vars/per-machine/ulmo/postgresql/prowlarr_password/secret index c4daabb..6e5726a 100644 --- a/vars/per-machine/ulmo/postgresql/prowlarr_password/secret +++ b/vars/per-machine/ulmo/postgresql/prowlarr_password/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:UOdmMlFeEFuJrmWkoZYRDvwZtTrsBlr3EvUmYJKjMJ+3q/BbyUjCHLuZBtYxKpr/7zbK6VwhDFkaCWdVYoMwF6byIg9FTCx5oFn2CYaIyFgzpwZngShAzESmdaCqTtsrJlogEc/IYtsd4w7ouWQb0PFy673RTJjDyYiZk/nmwnwW,iv:LcItmiuvY8TqC9EwaXwyOtcuWsN8qjex8Iw1U7yc6xc=,tag:6ujbLZdksOBPUF666I8bTA==,type:str]", + "data": "ENC[AES256_GCM,data:oKz9oMJcfmZ+3UdbzlErTRQ5Tfxcc1jO4XXZrPI14l+DZl9TuzgQ+bTpKu5pQ3eD6TDPb928pHvxhWunuX4/1mp8cZAQqQ4JsCbqIbqeqRnXFkLAodIBiLHrHYv6QWMHPadLt4zlxgy1Mxxhi5lUchBkWyPcMFddHnWWnw2wQyq7,iv:Sw97Mn3CDnyBs8z3zVKR4Hlc50KRz4Mx1KZt13JnhpM=,tag:HAwyjFkG1Rbk8lVs6QU/mg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2aHNJSW9ndW9FWEgzTXdE\naW5mZzdwQU5sRzlmWUxBTnpUQWlnbjVuSG04Cm91UkdITHVncGU3dVJnN0pnRFda\ndjROejVuVURTRUxoaVNndmUzUktlaG8KLS0tIDV2eU1PQ1g1NEcwbkhWQWJYNis0\ncTlISHl6aHJvMTM0aWhSd0o4U3FGeGMKGcJEVswB+dS3S11HnhAPsk93c/uhRrRI\nb63lHzv0u+MgWenIGkSSk9ovHcEmt7wfinfiooiDdw1wJjvlQaO1LQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWDlpa3NWcFNpMU9Rc3Yv\nbFZLUVIzRWJtZTl6VGtPZ3h3ZGQ4ME9Sc3hVCitjNXh2MEYxTGUycUpxRjFNUFgx\nZ2tHUFJybW1iK0xPcXdvcGgvd1lVdGMKLS0tIGtpVWwxdmpMR1ArcENpZnZSRm1S\nTndHM0RzeWpheStqSlZzaVp1RXVLNFEKPpp7JRibn9gc1QafRXqLEAxX73kx9Aki\nwnNXbN1fE+sAanBFKRATMDEZAYNHuAoCEQCJ85DtW3tCNrDyjZ0UhQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-04-02T08:04:41Z", - "mac": "ENC[AES256_GCM,data:pz2vaMvVPzy1qD6V72twoDyA4jQ3lk57zjVtNbyWgec+VOiknkMJ5W4NTCDCJpD6vylcpRrTb/ZrM6CPS5BU4eZSctJovIkC6cwOeyliEt3cDtnKPQkUc3CsFAtyq1n8wDXqVRzpklYmtvHA7ie0v82wiF/2FB4f8TpGJcBQ1TQ=,iv:MWz7tc95NgoMKiKYqoeTWr8ERTVTJAdK1QqJRegNDEA=,tag:IA1oWTYeosJwCo8Zr9BFAw==,type:str]", + "lastmodified": "2026-04-02T09:25:43Z", + "mac": "ENC[AES256_GCM,data:TdbZGcbTkHwOmzu+y0MbERHp70FsHambcJU2lrGMZix+weC13c/zKbs91DbUlNSW1+ah6iSqJwubmSx5JAP8N3B6cKZRybF9XdOKaTycYgBJVdjHJOKyzlF7Puzxl17SEDWeT4kMlSXuARsJA8OPXHOPbE0PNowzhA8dCRpQeKU=,iv:TfL+8cnBXnscoYe+5B3+JBfjNC6J5QX2yXRh1tSo3D8=,tag:hRfs6efTh09N97P2Dmk0xA==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/postgresql/radarr_password/secret b/vars/per-machine/ulmo/postgresql/radarr_password/secret index 7a993b1..d9148b5 100644 --- a/vars/per-machine/ulmo/postgresql/radarr_password/secret +++ b/vars/per-machine/ulmo/postgresql/radarr_password/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:7V3icDUPA7DwM+phBqtK0YYhopi+jvRLRqZ5OkzLgvLxRlkqyZbo1DrMKa0QXo/r2blQjVPwzE5dJdsVnmZwENJj/LDXlwtsK769c/CU8U0v9i7wE8nE4pRfjex7Bpx5a2zd8uD/itNuAOG7bZNr9NbGfE9CYYyf9NR6ISqKVtyo,iv:JypYbHvlbv7sT2YTji4RMBixqVZ8YLhbpIkD9PlW1Gk=,tag:I4wP7Ifz+G4YK3p48epYHA==,type:str]", + "data": "ENC[AES256_GCM,data:qWVsbRFZ5Tn8/6kOF/ejIvVTlmFjn7Ow83n141Ev8uR7KjyHtdrfliAm13RS/Sy6NvroADt48bYlzgchLMq3r5vKLwfmKqeoE7u3MSMO8OPdu8AGOaP/swYulrMgqPDFi6PeOUHZXTJuPL7+jf/zEF5DqVC6QV/EJoXMyZiUPAYs,iv:77opMiQpFJ3McSG2CQTU3ShIZvgm2NqNWjdqarwvM8E=,tag:dx6x90jNc5+eoLUDqtKZgA==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUV3hXbDVxcU1IVHo3YnNw\nUUpaK1FDNUxNdlZWNDJSckE2bzlnTUZMa1g4CnltMDU0OGJkakJjdmo5ZlR5SEUw\nMjlvZEREcGpzRlFGUHlOc28wSk9aSFEKLS0tIGQ0eDI1SXI0NW5yeWttQUo2YnZh\nRkFxU2huRi8xYUdYOG5iUk9paEUzdTQKhgLhOub3Wne7LfXNNMHN1fm77Y4I/giY\nDGdALSGTzy02xI3lwmFWUbawcFpeCHmCYXECwANqAhkGXxevmhNcrw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbmlRSkVxSXBxNmI0WWxh\nS09sbE9DODJmYmJmMHJuV2pFQjU2TGZJQW04Cm1SN0hvSjExMjhSWURSRGdjZVFv\nUWZuVitaZlZUZER5ekJobUs5L2tBaVUKLS0tIDl0a0FLTm1RSlJLT0w1V1VHWHdn\nMmlpSWtubkNXckZCZjJ1cTJvL1hBRG8KDwZyVu4S8oIBzikYfpLI4vgngSAmHvjx\nuJvy2sHoGqcnczi530XHsmviBSMZNSqFhvbtcHzmxdVRbc2cxgewxA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-04-02T08:04:41Z", - "mac": "ENC[AES256_GCM,data:Rht8StG/qlBGivf04zRawLHIZWttoaKCTUPBq86o+HJmG6nznSOQJ86op+FnhVcnKXdU6UJIjGUA5fFIeq/EercdC5DvBmW6EFe3fJ7VMljrqwGb9NhBPpaeNrxxPJSomXfM2C5UuECjf9mBoBy/G3/y+Wn5/CD+LIb+SpgfYr8=,iv:cKtzZm14pK/F4khbOtdEw6G1sovtRoSj1DgXHrDsyhU=,tag:t1ugSzTtetHFNuQN5N/P7Q==,type:str]", + "lastmodified": "2026-04-02T09:25:43Z", + "mac": "ENC[AES256_GCM,data:OOFL6q5kMKMQV5NCvN2TFiDdumjgSGeyLmqDmdC2Q5/Q9tsM5PsCifySxZTZ1krhxzV6ZHpXNg+Po38MXc2VyIniDX7MMEIB+d3J0I5KWgHwsWIOaqkntyyy4dEXlbqwSeLP0bOKWBY2h3dtve4LY0lGB79V1iuOXxV2w7JPG5Y=,iv:Q2vFr1ETtrUoZ+hc6rAczBFoT2sbydPJ9y2uqgoqtfk=,tag:9O2gfeFs3/KjMMGPW1mHEA==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/postgresql/server.crt/secret b/vars/per-machine/ulmo/postgresql/server.crt/secret index e091f13..bac7194 100644 --- a/vars/per-machine/ulmo/postgresql/server.crt/secret +++ b/vars/per-machine/ulmo/postgresql/server.crt/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:K0AmALheUEBDzDFYC6fmntZl8WJC0ROSTohxzcR1K+f5AEQSXd0K/K5wWSFSHqn/7HfiHRrhLyF1x2C1uatvP4Ns9yxbj+iLRJFcE1r3WFQ2JTOH9O4T+eAOIlxU/AdCfvcxtCjkYt1xBpbu6JIahRbMTJkdzJkRHVqKrFbYC71SYBTVk603Kzn0+cfkOvUaqsmyrW2VpyPKPhutf7A1wz1yOobZhnXa0qazSy05qHant6XzzIM0p7JN6Nbl08Hk8DnQuwLh3rSlnE935MtY6yBgB04zqe1sATaxgTCIpHGxVtwmWGUz5sVO+D8QhWSNu22ocgmRD2yzO3mmOkzGIpTicruAD+L3QXv7HHQ3Wh5sNgZ8wxDtLTsRXy9We/mAe34DC0sEI6KB85oQDQ1Oj7alRyTxE9b6ZLwkneG4ugAOEN8NoadiuEwY2VeKnHsy56uPcoYT9OnobHzj0rGGCTAAT0yu176VfWAsMkGXUKbKDc42GB/e3t82UlIFLZLI4VQTIj7GD2MQE1DfEyV8HZq5vLrza9L9lIFpvlwOD6xsMq4t7m9Mc29fy9jydUqgDWag0/rkeVtTYXQ4AIK8aI2z9tb3nWzd0QJTNomnE/3ttUSuqJmQPpnxlyMiiwBxobBnpIo8jsunlz6S8C4/PB8lFmFLSbSLShvCsu0jnuIv72uuRr88zBWhU2Y1jkA9crxs2NBLcUIccJyeCaozENnJFvV1auuodS5UnoZbq2uCFcp8UnD6RYbUOEqALnZ6J3F0Phl3Xl3M3tKKyhTZ6SpsIXcLZ73exZASg8qXqShJmOUQkuYqE5zbdPDGm/+IgR48NJMgw/DpjKUSzq634K9jE33hPOLPCfklVWx/+nRzJwBQJYAdYlooD6H7sj50167GwfHefoFPMQ58JMOGsfdjgjmm0TJjabCoRjH8+ik+S8wLsfYDgYm+v/G4s39IYtN745P+u2xd9wwXbQnGSGwRx+BYqUNYhbqy8NWp709j7+poApLG4gxvd9QkqLANQ2VnDS6PrLludbAWRvgcPTq9k9s+lw+brSOlGItBhzuvw8uqv+2qZHMCS+nfZtulWynD+mD+OcS31Qrggi8GjjGRZQhEk2SMQCduubjONlZ2dU5BLkGsponWWNM6omJaucBf5BtlhsVJ+050FupT444eVQjBQN+IFQQkorbehxGziGSQU0l5PpaJV8N1joqiJNql/TvWQDa+h1/Ky3jNBGGx7EftIt3cxXjrMpuhGlkqjZ5ZBbnB9zsYG74yfAHbnLeuhftaWYioHe22aEj8cThGf67/IZFLFJ/u6r5kKBlzSpmLM5hcUZmRuY0KuPetFqx79Zj3GUBRRm+wIXTKzYBDIaXmsH/mQk25Jh0qb+ghWff9rmFDrkDFIwyV6mXrhrTAIt7u3H3o8/BpyvmXD2XxnWs/GfZaANer5ySowPBE5kAAIQEBQuUYgBETaiDSx5zDhdl1lml51Qx357XlEcmE7pFsTKvtDfkkRKiqdvpdz7eROLX64XIRyF78L0GUEOqNJz4fW+ZVlSdLHi0HT7d0aXnM43ksQ70nZEU4QJsu1xfEKVHjFnsaIPpMl/WN/YiQUtpYry9jZOWGIaauV4yYQsNHj2BnadaYNoAJHfBtcixBppWzAHoNQvFTKS+fZGY5uOYKcPt6ZTGyn15EucpkJXFhILHEUssoDTeM1kxoUWQUYFRuQmA35wzXbYUBid6iUzw5S1KyXxfE3aVqjrALJr45Ft5ftIyGBikZRBN75uBnJDgIhG1I7O22VyVx/p2pii+lGUAQGk+ER3FU07yaLs58BvpzQ0luNQxqieex0AxeB9GE1XSp6qgr/+6c14TChu6RzOm2pBkaWFFgpsW9MdSO8w80fK9PeUuumOOUG1sFCKBT+BGwOnLGoFqohtjfw0U9zzf4TNZM6LH/+tHekoMlYpm6ogJdcHs2stbCQEHAAsmvHmckY0je8xgm78qjo4JEEA5hdnPNHbBKVnll3XdsnA2szZmPxCg81uVblXwTHDEL5eJc/0ukYZZohpgN4RJF/mOcksC5FbBaEwrQFfgx5DXP6/WVf9/eua1GQ4TqYb+3IWWDUHmhBvnF2ej9rfiOT2QmaLGbLLtm+oAduyGwtFyWrP5nXAm6EyEy+2zch0VYkORY5hPJv0hToMkCLbixbB1Cb1o7kKH4wE0Kg/oSDmeaMfjmmWn2aBIqiI2ssYJquodpB1OeCKQS9cA1qk0X5nEomZ3+4jBUN6ZfRgLt9B9CNgbk20O0HCSVRjblRRLWSEKKldM7G8CG/kk4SuThvYwWRkqEFcZS6agHFTBikWLli6kcExy4oVJH2L6Heeu2hC/NS7jGM+oc/2feVQul1b53TM6Wfhper1EZeJRoKLpS6CP9dNwflS/z8ZW6eR7xkB2avR9mNG3WwSNBn54uRyiJvJHYvtz284O2mU50R4c22Q4SBpPrugrKjpoiZ2bwEinWqC6hQEZHt4bAell+MlwMuxUA3qyU1f3jg5mPcUU5OrxFDz0gE4ppgOuB8zyWWfLzk4wAYx1xK8VpaoE7I5XQMRkvqPW8g7Vz1p4Pxog6W4sHpBe0XYygg9CONk5qDdl9Owb2AeGfcJLdT9I9xAMh3slne1YNqYAYHkNICY5LKmBfGhh8JV8WwQBl2xG+0/U8iDHEDjj9z8DkRtE/9e8lIT98QRpraE09ckNpHIIO6nbRpjBNYrvKHhGZE/pY4VtFWzYPhfe4ZszX7nrDc+1J3EppY9PawrPn13P2rDqzcp7s2BNOcs5Qc9A8TbNNAuL3KzvaDz9CaNbifyc1lrYzxtb9m9Bs9ooQCcM7gTleppa4re7DgsBB1S+rCVIjQGLXJhVUlsCcjaWPnZa6UYkF6QeRamoY9mJ5YurzPhrUlZAOG5cgz7s88Ec00ToVvhss3elhfbdMYrsFNxIVvXO0TPLi3+oXNsrdEH9ddr2AxRGI1whOhQGmhvlbVRj+LBwag7W6bXUNiBbNXkV+U6nfr0QtNXftP4uHdf5E+DqDvOKeq4cdV1pBJScpfWuQtHZGNFvVJBZ+huRx5ndfn8eP8nEUSEtEUMcVQObU87BYJqTFKoDN2nghpnQBDMgQzuiXJFv0IDroNZbiNFmhLsJ32B86dEp9pj3dWL3qsz/WHhno3ZW64WHd7+NlJpsG0xNYaS+9WDrgPn+hpHpoFl3FGX626sfGdkMB0TslLFdRWh5tvg/ph+t3NHztQtoCzalkFMpXDVEMYMQnj1+wajiy5ubP7e3H1d06btxL2oaXc7/HdckNff8p9R7Y8U7y9X43gZdLJfdIlVtq75jDawCrp1s9OR0IqpHeCie7U5mWv1feiUuO79NkgdVEj82GVqpdDQHB0jYeiqzm8xswSnFYgJzFrDb5I5+TAicVac8Kp7+S1WEMqE5kEu1pFkp2Tpx/+ckxqydIpu3xaZDfmHZJGQDBPUqFozVz/Q9Pc94K9N/z7Z+Q8c1HLP7GQ689I5Ex7maHAwCXYaP98H03v8DX6YEGnmYXk03F9+DwlDnizYJcSPEXZiqRwwaOj2EbCV9GFkiZO33IH1qONK8t9NXoLRdyAF+nR1EvaSslMPcgQffkpokuEVHheRlfeYauztJgmbEwUjGnI9vRl75srRXAMtqCGZyM4rt/mr0z38rPRQrrS8nw60PmNk6KxTb9CtQxrHy5mxdJDlyq20gY/C1SWCekE6+Qeqp/07Y0btKiCWsS9D+Xb84kcgOMdEFiivGftSePEB9scXjXCJr3DGJOWP8kHON9exeMHiZ3qSvvpoIigluVkZjs7Ulvz/mNIY3OjJF6yu/eIzm+sNelwZWTdw0gkdQALZjf171u3jqkIuMOrg+jSAltPyb57ER6FQYHLJGI10yf7StkrnhlY27xdlH9Ox1CfmpToMXkhsnz91VA7in9AxMYfacBP++S01gjT/Rjz9nNHrsG+5wou95reshkR0mQm+QEcaLmle7yIEZzc69KOfu5xKbqjT7GvlRqGlptxXDP2R/GfV8qCZQS8+wGw7ulwZU5XBAuC7XJihPRdYmDA/F72iEEfrwNYpEWAzzxKosSuAJbK2owFB7Dp547k7/28q/AIDpSpDHaud68jKAfWDHTwQHS46a8rLOYUbiZz3GWCvnTVUKQ445Dp6BAizp6s5Jit2gSc3u3XmZvCIzO6YwA1QrQgJTS/zq5+6c4nm3/FzfhIaCACZ67iP9g+IPYMTxEIsOILE8zVRuMxyLSGh7hz/E9lJreZnvqnp+KwX9VypK2PzbJgjp1blyzmsIQNro4Gah3Vb0OxPGcQ14kVM+aoDt76CmIbUYwLHgUfwcFjL2G3jN9zBC6EDGuq12sSqD3ukF2BdeqrH4RV71p7UsyMngVL1e0ul3vECT+p5Z5a/KTUn2sP6ym9V9KJNaU+D83XFW9VUU7zWt+3zPgj5nCthKaFJps4wTvuLTo99IT1LKFgmbiJbPuRniyKeaAFfgfM8ppLkAHLzJLPqnjyzLunkQm0hWwiwbUs/tS7Z4x4lSq6MUJqc3LcmB4P2suxLcC1z4zxgzCKfDn+t0dKTDHHEjzPyfvbx7A6VRuGLQfw0eXhfBrah0HpF6MISrW2KTrid1IiJDPDC7OycFkFM0iPFYn6BHd2WQL5v6G5ohcKEiTVzdujGKJFlQ0MIvniA39faPLyhiddSjyqsm71lEOstom/dsnfJd+pwRqYo0TFaLDBZllL675Msl4SXClIvkVpFLiDD/OS/iz3xcDy5/+GL+QA7tWaSlgwIQBABh4IvFuEjVWp7oyWndSU6il05gsoLsdHZeiX3hGaWqHgs84TsoGM5xr3Pz95+IDAzTgkc75ble0zGGx+HU2ChuGgP8K5fKaBZkVBi9/ctbiIawZe2cZ8AKThnkz0O4y/lgpX7cCGx1eO1RpW1Y78ww+QlGcsiSH44gQ8/JhY5CES+KGXvA4+CWDcLrpfrxePmIbJOmuciqivUU4ttnjVKmnHLNz4IXVcZKrKk6XefG0XaJcNZgiOmo7xmXOJ1L3GPv9D8ZHz4GTiis5Ijkdpnt56mR7JKFn8Wom241MYwcTRuFmqC/jriwQaOoVavlYX5B5M9JZHmmtoKckCTitiY/gmGrqpmwd0ImmMfYKFObdadCi45HNzdCaFbXIpdjBAsqdjA/YGwEwL0iQcWK2vt9chWDU984CMaNOpXRWwkQbk8XxEFiFuDLEBHH7lg4UNscnVuN8g5pMH6feFNzJ51jlYg04IHRAJf80vtZVbBaE6N2RNrgaQtqlCXIUTe8JimdVNYj1w5svZ9BlF5m1HTjfQBscbvgZTYMTMTD6WwxtdHpZOlM5OkIFOyvGqIkFFyQ7x5jG9mGtXkchr1xfqgCryaSsqk82bgRoJR4PXVaNqtFTQACQU4Qiy48GLWQQJ5LChkQsN9Uv8z2kocLqvHwnHJT1nKz9eRcVKpps6J2m6T0jk+zqZ59OPA83YMMK1erj7u99KgLvhZDTx4wU++ZdI1Rf,iv:Q/T6gncoIE+fwR8uaA9avbjwJr2/HCf1B9VeJBTbVz4=,tag:pAm2+br8QSNE3rU29++Now==,type:str]", + "data": "ENC[AES256_GCM,data:llIuY73eyaF3kPOR8gegnn3J9xyiqwjsrc+zqyYx07mTpVxMRGT+KKF3iqsP8NLAxMOa3afulk7qzdBlzkKhlJGpdy2lR1tPCOD2eCj35NlF7jtAqGrdb3jPe10FkSEuz4YBI8atmRZviAMyFV1h080P8kQ64p9lANijw/5sd/uU/sKFzlZPtpb5MgqliBPdQ140AZ0w/EJrI2vuyBMloFfm11MSMqt0Zrg9dTLWTrnKYbjVNSap8xys/gTkAkeuYsnUCTm4VSfD43obrn624jox4lpNLk+kTOgQfLO+JNfA5jeGXTbMF1Q0pahY0n1/LwENwGX712v32flpgJdEZii+Lb44AeYA+xMREQ9JWSbGfwigvznZDbTT/8NelZPJv7Os/M3O8PC1z9ImRA0q0hSWj2skDRqB+KbZ/+w9VPHll+D0VzoiprXRdhMX958P6Kfgr16lE0xA+f0dOmfVbzuWd4mOJKBI7EvfbeWjF3JRBJj0eVxDc8UQJ2V3FQJay62AeCIVsrix5jm6vz0omHsVIyBGzTLTxeLPs9tGe77AfIfg7Am6MJ77TS8LTHFmT5tFsllxXvGjolsJxynsGc7xGMEUdGq11vumq411ffLt5C9sYykoSyRnXJah2vIFkTtRO88VCvcEuFWB2GWcDQhAxuqnAK4EDbc7cuErCTJf4cgBIv7ODkUYrQBid6R/8l8es2RMnh2nybclqfn94uW4wQSKH3d3DVAMW15Es+H2cpYgKbdcFf0BTEhEvWP9ovpo5V+9utgz1vFnUrvsYQmGQeWmU1TwANcnZeiZO/2IJJCrXkiwUNkaSeWs2V9T5d6bEJFyMxFbXGfrO3uymO0nJzrv7Lq3sNy8hXcs6lxOO8g36jKuQ41kl9N1ZyhMo2lhWE6RdjW4/zbCsXxwEhMSnf86o2jB01y2/zpjCUfXBZVLb+7SbAtYYNCYx0IdL+KqcRi+kyNpsmjV156JEEFgxFkyTqGl0Vj1Y2BnVCDBfgBrovlq35xUIDmLDDBKI4zSe7mw0Va7jBiqP6W/ckCuK5BBVBI8WOc+qHvnh+EE8dCFGPeMlFktjxzJJPkp7vR2ZaPhyozl6uF5ZityZzF4aT61SiKcQxiS1k6Pd2rEih5Bp7E36PFn0EqBGAxtCNVWEcRG5QXFOCRUqOvj5r5/F+fYSvqftbqnPmRdi3VdeCAlVdeJ9LiaR2P8HHfYOLjbbbYFSybsu41oeSE0P0lfeiKbwLz8/wtReFNyPda+qDZr/ce6YbwrlqxieepTKOqLBlzGsOximsl10HuS1+3rf5HWgLBPQBmIKvYyAdg0msyQKFhY28XJksHfgtEIMoCz5sFVUX8m/CO0l4BGQ0pI8EUzGEonuviLlPkBL0VQzqiKI0iZ3LGH9PGIQ96+HpNGnPhiEnoqM3IH2gB3vWqcprgCjUKzzSIJl09DPtY4Ue+Ik3hJSPEa3853Xjh3FyBw52I2Fv2qR7wbv7//u48dObIvelyLxKrpt9Brsh6Z7a+KWK8xuWgqJXAMGk6zpJak/DpBqpPn1Rsclk4yWm5+w4pT7iORSyRIwt936mQESCRKq66aXOb3j/BE+2i2n2ZokA+DmzXHD6QDeJLWad3iw5/3GS81t6PR1tSGqRJ/6sEP3Gb9Fgxew/KoH+MCDKqwSA29Mk3rHfPddTp62+OSBFnIcyG5aAVCbJlzPDLl1SSaJLLibSpvr/z1i071gCPdjdpCatorIN/oNkBH4IWnaK/6s9eM/LE7vjUQJSz/E4WSFFKK1yCOEIBnG1LrP0xyDcTgkp1dM7GEx127gzY00KtUJyHhQsgnf/zO0DTH3T7RaDYIBMPChU5VvB9t3+NMThpZ59O4JXbVKDd1KtDgp0c/9GLyMTLUUxRKBzvZNpNK6ySFllNyZ0/JTADJ9tvmPA8inKJplOV+EbU4Eo7VH8B/VEBzO/Tj/uC3JqQLyVG+ZewFY2fnYp3JgEp300b9NZBcx+1Tq4DjMiEgYTiOFEsl2N+4m5VO5r0rsXELfVSgPlbLg1BIWL3JPKY5R/k1ql4GaNGSXoJ2DwfdvvVR5xHgGYZEbyBiXOmIS6yOS4UK6RVXmb47oFUWdqZKAOSioIHnAxc0/KQoqmBAihcL2sgUWnj725i0lH/ky5wLVFTNpldF0lohK8hw+5zZlO6qplr1nFPvO8N69KXdhWCjykOO4f+aLHyU3LqHpnBmozVfFR4/CisdehsXEaa4nh+6Yr2HxJkd7ar3V2n/L9dCvnMpovvau+gVvqUC/5yOVfF9ZFLz1M4Sp0zAikW9bfWNLM6MNZv20J/JHQseZRZY5ONRj109DItlgzS2axP8Le/2M06BNePa0MDSr/ogQv33eQ+urnY1ES9aYlqDzoJNQ5FHkFcnAfGBd4woWS5ocNrlDFBEjaZ5+6dWp/T54O//coHZE5JdnHO8oe+pwKboUFuyuAbbrVHXL/pe91cUpwHEJmRrfiDcOQgribRkO5a4wzvv8Vz8esUYpsUiO+0nkzXccJhzkICFDu+se8EioUjno0cfqAFvKIBP3diE43lshAAOE9mRxanvKzOz7fwe2hvKT9LZCcf8W81fw3+c7qnoTyNiEjm3Ift0xM+nE60UbtlyqY66P1eSK1dwcORfwrHo1rUwT97pN/FvSqdKPipVjEXz19DtIymfQghZU8pFwMdhRhVocDjXgz6ha+Uo+7zFTL7w4TC5B1MqfRuk9B+CbQ2dgqC1A/OBga+B2dYMb0J2etyOpUyg9rc53P12VIDQy4JI5KIE4I+bB9kxiLJrd+FQ4P5tWZbAnTWF4WPjrWdTLEn9Y/Au8tDqaTYMa42T0e4Yj21DCNU3KElm1Jv/xo7N1XAKYnCAcdQnhhVc67Xr1foKlsBMAClTk4FMKS5Cz3NLjT7nf96o2qvFbfADI1k8koJ2J599MdudxTqTfG27r1hWiuwSC8nGRlwNgt0wd+qDRj6A7OeJJyorZxwWlMo5P3jlUuiNvxWoCmGJ0XZlmhIjJqRqv6dh+hkGXfVrJ8F1nIad3MAs6rObXxr73+RzOufUdbXPj6wd9dbVsaIaoLPz4E25i2n3p0zFtfTyOHzb87Qu0tzzW6Ca9S3TqDoJq0Z+5/bJmz1GqwU7mXEYzmkTu0rF80GRH34plf8H0pd9aDV1E+4jgsS+AUpKP9WuiMmI73TML9Vbu1XCIne1nlfLLwAFxPn3oXnOjTnnxp4bZxvM0BYh0pXBevuAIYwTbiX7S5j7FTaK/0J15lqyHbFbfEL9MV8KYlV+yndu0EIYZlYM3qNqvIplXgdHh5XF2mxiSlkEz02bjyKakoK3oRwwXwK3bIsHD8DL58eSq9aaqYfXwFTiv8hqMHroDA24lt4FQ3EFXIy8NN6NKvtbUaNwJfmaP8pXuPugPTAhSR+kb6sEVXWQsaBcVZKp8ss+6Uy0BY5SLggu55zuJKvyS4KRyv2bAnvuebEyJIaer78nb6PArF2AQoJi+tNlcMfbW33z+RWmh5pr990xcRswtx+FMK6ze5UBwEiepAEOqJXiMnSsvo7Ary/JT1JcFz51zQpUlyuvqeVJ4m+PfcatAVp4z3BgF/NQGMMEvxpAWrbVYJ5EqxPQ5EZyBTzyO1vWZt622A1btEYNWvZFxupKPK9MvoV7SeYhf+0l22zXo62ZMKcG8vTPthoVsndeqEBa5HlwGxBXbltKyHEUm/zI+3J1pI9uL+HGH1UVQ+HYytDucWl45y/tq/AXBq6azMS43huv1+UwBS14vYYkRsGR4tmi3vHqKxyZnOugfRtn4YgtCe4TNjSaQ4E57D+wN0S0QCv0LH0Ny97CM+wp5TskJRvLwPOuxt5QRwms773uOF7JCDRyFaZskHVbcL3/P73mfVvO/eCQbgAGowNdNRO8dkveZldmHki8Aa8TBy4d2dtxfzLbol881LXjUNo87fABnB4UxuzSlyKOwnxcAYI3SA/Qe9WI7xe9Hj2HMtUhW/R7LZT1V5gLWKE6jrx+OigfB+FoxaUcya/hvtcACXSBusacE/SDQogrM35Wa1ZoiixyAR1iB3f+w9TDi1XKkHVE5ihwLQl+f3BcOYWgEji92xJmlEqQ7Pq5XvzetUsp1IWW1zsKME/rmkCnIVVqPjU/eBoDjWaS93qTFEnajwNVtFBQjo8paZgWPQRLKLASwBl4FCPNtZTUKO965oMekZIybB93ZwzP96qZR+sV5o5upljN+3FfDQYZa11z4jttmGm9/BKni26tQRfaMxqNhMkmiDUZjI8HU4L/DUP+abNfzARig7QW6gOSrXRKm2qlaPbrfuPapXT/yBLpzXxwVQj/oza8X0I39YF1QVbPG9MGz4RV7eGeblyPGQAyco4UYPUO2VSrvtj41x/PtFkOS0Uo3udymXHKSkl55+Pj3OkDnWpNOZaHkCiBPfO3cTTXVObzr77bm0aoeM/dkY9nhur8mbilZOGqyrVvqvo5k7Tz8zT7g6REmoQJmay6ouZeEwsYSpAcJchNYuXnVMu5ZAttg/fkO/pBub+XvGDNHkEcZvq2UtajGfIyQWJ782eoE136UpwJvbFPzR3LhVb2wagTui0sUmEuvYM5E8WhP/jXfcWpqSvR+Bn53fy317dKqOksrha7ceDma4tVQcYPSDbiWRh2gLpw+qoOxBYWkq/k8uvXfmNgoUohH3qUuFY74p8k/Tx/uRFGaAUXhhPk4vHIey6Jkd/5B5Fc96L5HWQsqOn6OU6qcw5rRcZQgIp/qvYiD9vlEQkzlUWGmLPsWgAKwcgIIUHmZ/b1pfEmWThJ4mSIQo+DZnfGCZpSXmKyxLyc9vWQqX17xY6aA3MYMNlqbu+UH+zw2+GCNfj2YhEkbZAZA49c5r3PYfnmxs5yyJorRjQbw8e1+h/8pEw/4pTmyanmy3tAFheJQPtwNkS8UMM8YREx1GsIWpZSzh+K4pouOcJ6acn5ZbBmFicw7Ru9W9Xhp2WKyNK2R5C4vzsihFXn7HwXOI458/11pfxliigSV/IYgScKY/hlnFGpjm32ytz1/vvciJgzoyO+ONW63TgGu/H/E2fjOsEQoxClQiwglmH40PMmoTjwROh+7pTKPhNL5ANZa53Um5DuJoKxhrnD9fkP6Ta0Uozuogg+/IXzuf3TGIIMRLnh797L6f2kn0L+hW/CakJKkKU2qi6qCU9/EkYvgUAVNMH/2Ob63uKG4KbMNyqjdCfKLao02uArMBtoaEvN+bHGETMm/jKZXqYlwI4NdIZqFXNcuIxEKnmMo5eR0g5IqJCmMw6bTJtakwygQW7ehDCBalxjIyuhbqDu3si1iMvLzh/I+JcpVfeBP+THRE/ns/28DwUveEwIQFXsHb2SdCyLv97gZc6R1wEeULai3RSGkcjZ9GzOfZtq1uiMURdgsbmNDgukhzLU49uDwOtT8IiD8hlMeCzrWmoffN6J5GVNFckpnhHthoJRHnkX5O7JDv/q6fNVP8i/H6QsGJ0V310VjbwnXAdawi01wgtkC4dJpai7,iv:bDfn9fe9reKcaDG0GkLAlmGHA8USqOTcGgAmUH1oz34=,tag:dNiFZkU5PyS//1ATdKK7Aw==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0OFE5TUpOWTJWc3FzeUxG\nb3JwaXdLc2hJeis5SzFkZForKzN2dUxWNTJBCnloNUVGa0lLSmg4T25FanhNTGJr\nZFlvRXRrbGJ2ZDBodmpPd01zWFBPU2cKLS0tIGNJdzZwRzVmSEJCaXBqRVEycHgv\nWmFaQ1NPSG5JcmswVzBZbll1aU1TZTAKtYWn6z50g+cWi+MWB9jgA8PKun21iENp\nYQQDL/MSCVxh4oShSaxliK7e3zDwXZTq+P4yiOiiCQELfHs/VxjkTQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4czF3VjB1MWs3bjloRXI0\nWVdUYnR4dHdsczZxdXNaRFhVVTE3OW9KekhZCnJRQy9hbTc5U1hwNElqMFlNSmFj\nTXVjWlowQUZGaG5ZelN2cW54Q1NVeE0KLS0tIGUyOHFadUszWDhFQi9xczFMWG40\nWXhJRzZCbkhlQzZ3NDUxOXE1aURCVGcKA05+YfD2QCCeI/oKDvhU8hHC4ljgUJoZ\nEWS1F5D95GHEYeusViqQsQHFTuO8xtEkjBHKLt+TEJcsHGeTlTqTyA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-04-02T08:04:42Z", - "mac": "ENC[AES256_GCM,data:a/W+HBFVXtRutt5ijlVZivbGhYWlwSzoL24Vwwug4wC7YEJ70g/kUwwHjljZqSgMBchA11wwG2abhuF2v0Vgo51/US7OKDl2b/3XzSGSifq2W3IzimpLDF667GNc9lfp26eCLNvwto2+lmgYg08Nvw6Noxmu6iiW/3fIt82B+Hw=,iv:C4kw4ypHOfDymCqOF7f+2M/yD4dOT3OIJ0zwodzvdzM=,tag:JLNcYU3KTTNXnkZJ/rBkAw==,type:str]", + "lastmodified": "2026-04-02T09:25:43Z", + "mac": "ENC[AES256_GCM,data:CywKU/pXCcEwOKshnWl9/4C+lIvhLUJLPu4ly2bTUq1zpY5309c9+FdimXKHQwnTlmhGM2TqP4Kb544wpAmv+7+uH9cR4BuK3oGFUSuIQFpQ/xabMFSom1+eMpf1r5cdtUD6mvOvFSD/V3WX7H/asgRgJfnjppz25zDw3+/SLus=,iv:gPLGZUSLWSI+mUAzLnabHlejGmdb+Utt1y0J2wXqQvk=,tag:2Kcihhy4Tz7oPfSiAS+ONQ==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/postgresql/server.key/secret b/vars/per-machine/ulmo/postgresql/server.key/secret index 2776973..5d8f4fb 100644 --- a/vars/per-machine/ulmo/postgresql/server.key/secret +++ b/vars/per-machine/ulmo/postgresql/server.key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:OBvwReHy9NFRblJgteTxXtyzk+zOt0VvMx9dkSLCgdPRvc/dOLdePM0ff2woTiMhQAjWv5gFX36wJCnVlAMDtcAuLpgVwYwOK/smrpXG5iR959eya2Fedvja3JtbWgbjfMoodP4pzNyOJZDtm9Bc2LiuSrAGjaesQNtzqltI3G1xJQ86xpN6hUMiwRUSCkjdaZrhrk6sLO/6+T1AzvjjuS8sNh4TnD0moggtMklVC1zokwSSy1dCt/9Yhhvm7jjnbayT5zEGBEEXwjLzO5AAYDdNbbk6761xZPZ4mG1rN/YHVykpJc3yo9H3MFiVqpHzkFvU5eXe72We0HuqV46epPRhTcw5E4P0sIJYpdm/RVWzuHjy3PqfhJOmQcmnC/m0hiIH5+OwkEFfHTkm8KrgQQ5+SRoBZa+7ZXdRqothxwDmAwRVosiMZxTitmzNWU4D9J78tVYTigoraBazsBGgoFPHG/o42RBMzUHlzEcFhPit9tBar7wfhlaCNER+P9MY9QJRW1yVzNvcBGoBUPQjKkoju2ikfkTDLMCbQSdIJFPEUtzA/iqwhk6kZnvQKsAMHpiH0bYJAmouKX00GhsZN9TdlkRmgxGF2S0NtEsx8RHck1TBgGUsJRqi5TJ9dK+b/9jA7RPSXHntF1jR3rZNNNYaElD+PrZGYGU1J0iob2u0h6oPzfCWIWgdJ4un+WzNkjCx5O6UUGMIdtsFiqA7VfDS0Zcx9bmqp3Y8JGs46Vo6XFFJA6GoSYAmVNSr0ktLHWc/vS28xwp+60+KpJ2PZS+yZfOFmHntldDHP+OrWX2MVn+5Rzk1mHCdmkJfLob/Jh7pLwq+4cPdiLFuxLWS0v1GRS02T2uNrJ30h5+8BdZuqupESnbLDsVm/OUhqi9w1sR2bfkRbjlCak3lU7teIf2Ycd8D2S19AdRaELVRcVNFrCcr68zqu1RpTjCX31C5EwhfYSmzRNnpI9vRcNNbPNX8ayXaYuRnJGvFD+arKEERRwvdplPxIa349tvzmW9PT3ahxXC8pfbEmXxK62THHB6ERXe6/WLu6vVxG10+75dblzR7r66g7FV0xAoX5xNlP+NK5cvC9GkjESxRApEvQYUQr2QBcBkw3jwK7nTILD1vqpWCKheb/1HX0EqDzm0F8bJsA6V/Au8FcQoBSp3XU5/nANRw0B+zUNfe33mWQZJUYQ3JohDXctv6yULYYefGZ9IeMTsolt7iR+mZh8v4vzdpwKWRyShFNopUQi4aAymKPDta7B7Wfaexz1UVmCBiNOVOMXdgBfvqLEou3YfJzQn/8w84Y/NxXeNyF9qiiapen1Z8860De1aVEPT4jVt1NLcYy64jwuoj1DU448uolIOATNA/ZmO7KHlaxsUbjOfhGPWJxsHWdA7fsRMvGezzYIFcZKDAYEaIpKQCXNOd2GnkdonGUEgPSDFT29p/AA7bJipL1aaLGDaAR2K51cAV4i/e8ZLssH2CaKJ+FLiyuZSnD8EEwYkiLMlZm58El1YTmP8bS8/8sQW6QlnYOywVfC/LFHlScCSXf+O7bHVzk/RtHPKEcXChujUV8KgnzBc20XN+kaXA8oc49EWcBy15FT8CN4fdlQMsm/WyRHRgqnMj/uwnL5wzPO1si+MJp/0stoXpSAYRcqQAA+iYcmgUPi6xO8QOCbYgwGULLEde6vKZuWEBfDVzshhYAyZSx7AvmnwWH03rFzQw7tqw4SB/5pMmIYrBmRTDmFNzmi5h5KYOlDdCGTslr/4H9oENpKytL0X2JaHo0pkuzMvezfDONUBXdCERktS+OViZ/wookJHHKjE55KNSgiru9XEAaaG0jZJpizWAXuwGaeMUD/ry4z0dCWZhTS+nlOQtaZGUOucbiUlfDYrWmMcvBU2iJbN71yzbe7O7xXiqzIIyq1s3gITEz+eiKcEAHf5TJ6E4qvgV+yiezAnFNfl+rPuTSa7cZFrlZWH+2Ml1TauFDCQQOaiaAybveuSMFbrQorO9YX+kYXuVC03fGk6WsQTz8V5ls3G+DylgqwyOn5l8y7KU+AugCgcrQf7f6j7+T7qloi4n25FND8Zzrib9XFqkqEYVxFuxfSk3QPDHoWHKWK/4svwVhqVTH3KhSlUEaAm4VXYoAKQS/miQe4+InxqDYlrueS67eePTV1WlhkrW0rU88comTkWs8VxNdvpTvX4mDLLC1zfaVLD8JhOUBcrIZLgTiEin5UamUxWTZbZMLrfoOgvQ0d9dWIReZj2R3bxfshTbeiw7ccdZ,iv:mIc17mnuhi0NXN5/eBNUhafdj7Mp6xYuwYP8MnVMDm4=,tag:ti4JA+LH9CLqG0r2E5lb/A==,type:str]", + "data": "ENC[AES256_GCM,data:i3O9P8heWlhBqlA+Xq8xxESlph80TdLmbX9pIKIQ86ugS2KRNXv+BMeP1nKamm1H/pUtjHCidMvALB2+PjlQBwm3gqeD+3UEJ2Wx4r0kvERsV2AGC9+esIIPOInJmhZDeeY8bGtsoUtRL+tprWJiBA0m4x4lINlpz8z+JO0lsYaw37wnhQLlnUA1rAW+E1CU4WHcVzl1PBtv2uvtQvQYaDF8ijWOP1SPCGWvFBMXqaERfBafTwlwvaUIm2A0kweot89fENooC+XAVmuVZkgW1D3lI7PpYIMg6dOtInXd/APgPYLRpeC3I7CqHJYw5v7lRdJRVkb6jJ9dTLQKodEW9SJsCdpNISqb7B7X/n3woBA2A1W5vScNUpUaFbGD5jXgALQfrJg92GzN28e/g4zI+EgmtB1wVxpD5RctBUWxnQUlYPNxFkZMDAiI4/jCC44xFijmePiTfFqzCTdIHCk0d3PCej3N6MLWviQ9uQsxVW6ePoQVsDV3vy+wrKJYzyy7subwxquO6EI5S0/tQTn++3HzArTvSjsPlROj4Yc/xaE0hPCnBYGcTnPel9hikkcWfZvis4HBepM4EWyivrgibH2OEtGNmEnLoypAxkmnhydelfiI0VYI1pyK2LyryLTj8agHEgCasnqLwYA5OPDRGOTrkuyFnGOi2Jtt1Rft3+4A45PH6KfRM5webdDsVcsKNVQpxJYU6Xbx2KHY5zmaWK/zl7eN6ELvSr6POUcMJLtcR0XqOogu2629A0VF7g1S5YXfHztrR9kq1gBMJyIlaHIpBnBG35UX49wFFDdZqkgncOsJ61UVwAQ4iS2QRhrGJmiKLITAX2ScYmVK09bOBbW8iNNvLlHbKnANwmA2H3wAw9PklUnjcNWsCLRr1Xf+5o2iD8J3Gm76tGhcy7zskleBP26o1pDDXVp6aSzlEnentKdJ/16nYf1CogHBcxC33U5p28KT8sn/7CtvoHbJ6mPf/pdPbBZ0eUrkg26SGax2FnFWUeyVnLeytOs7mtJKQDNV9OatjpLCO3g4IezGPc44AODSFlEll6nxC92zEotEucCMCtymgGFGXamzsTF2esoVDxqpcFKgffJhf3JURzZlGBt3IW7fEb/bcDEyzgbjgBpR4i+sTREIxrRcdgGsm7omizW+BAg/wr/TiyBYfdwiTtjI4yS3jj5kl/drqsqurjAxZUD9qqTtrJpB+nieHyPGfv2KZOGozMynq7XlpO1yHEwqebCB4o/GatuZiMUbiZpntt+SfwTA3XRxNKK9hzPxIGgcBxc41OdfwvLTJx3cAyefYxXOlboGEbRaZ7Yqo5QSy6BWV3DkcogqEksSriz9Fa1hP8LU8VBimniYgPY+ErPmLtbcp5n6hPWyCN2xiGvKb/EpyOpJNo7Kai2re/bKGJzCV/3BiDOiGdnnyPYhEjR77hR5C5ZIaF/UqMaX6tJQPSYm4xtQ8LH/byBhkKVOOzx8qJyioi8R+L7qyUbF8ySDMv5buKA1cWuDAtiY3awFe7MNsebiAXbNuE8KEUVnNF2sbiqQbxlot802TPBqRLbR/vyWiMcwsZtF1OUsIWSlS0vI5Ngvz0s4ruBimqZ65INf8LZYb/X6MpieVY6bj0G8MeK1/uY0ODo2WX3hUOq8SFFHLFd5bKiFs7dvuUs1XavTWoMub7HJkwimRkWGf3z3rsu6/O/vocfUyFg637TFOg+pTa015JId7LDBhKe0c0+Py6pmHc2ilwO3A9DO6EbqY+WQhJNz/sRut2cI/vR03+Eh4UdYjBYHEpKo7rPvAqyfmSwj6wuWmW1RmysgQL0uPwc/oyB7HOPDybMr02HT5QhOeVCI9lWOuHSE6dxYmpQhnurKZou1hsrI9JtKVFAFvs7KVGJeGbxoc9U50SVkpUXyWWiw/RTKff6nnlBSkt7RX0w/1Lz31AhK1WVrS+cjLK+MTywxjOUE3CIZFDYB0lYIT/Ogacz3e21+zk8mr634JKQ79rsSf5oSaqh1MBWvGhgP9j2KixbwavmlEteIEJlNJAqor9jzYkrugVBeCij3dnzfDEXPid6CiYptVk75XhIim8EmoDshIZdb1YablKQfYB2Ot3JgVA/Wicyl0RyaPTEnsNHCINnHQpM+oceBRGz/LD0W+hy7j0VGNfS5aKstCXsDNvTmwaREz72m0chduyz+GBq4sWiKMX7colf9P8wYoi2VCGa+2xt2rA5boEnxb3SwyWKyHYWrOVbR0JQHomuZJPHRfNvq1et22EPToFT8,iv:T197Ofh7nK/vjXVz35FLj5/NaLIaTVTsKVNDBtD/XwU=,tag:jscU6JYKIWH+dVIUrHGWTQ==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNW1SUzczUGJDcUs1bi9a\nRE1IbzRZZnBqclVqUHB1MkJzNTlaVmhDNFZzCnNEZmszSm1XbWE3ZWFpREJ5SEtH\nVjE1NHQ2aldCYmJmQjZzWnp1MzhuM28KLS0tIHVyV2puUnlKcU9peUwyZ3Rxd0lY\nbGhjMzhWcmlpeXF3SHlISGdpWE1HSWsKjgz0fjbbJ1JXriGx5GaVT4eNAYKOQYem\nF+QUGih4fT+SjV6I6TzxcFGIMn6lP7qlvRieKP6v/21o2E37tIR+1Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByS3EybHUzN3V3VnZGWmVN\nS002RG1yUktBa0NJVm01YkJNeWd2eXd0WFRBCjQrbDhOMFVuKzRYdGZwZTFqN1NP\nSmZpVWVzbkpRTnplNXZHWlBPUVVIa28KLS0tIDhYTy9zTjR6U3FyTEluS1RtKzd3\nY2pOWmtQWUJJWDVjOXRwQndWN2UzMjQKA6rqtGDHB9PpCTqva4h98MDibWdjqIxU\nqQVNisc0Hv4LhQMShR8//VRmupaIuDgI/6rcLi4L2xjIJPKtsXOlzg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-04-02T08:04:42Z", - "mac": "ENC[AES256_GCM,data:aK0bJLLnliQlEW33up2TpqiHjUR8nlu+cZKLMoT7CnM+squwPExYrajIcWhIwxS/Gxn/Ed7uAMGJN1SC4qdT6Osdkfz+dY/CqgebZ8eMgGox/CWpvVWSg3v9GPRODa46zBsFMpxvN2UZLrgjCH0fOvOJuj+UzISgArcOz9qrSgw=,iv:PtIm7K6b9+RqtGD/NOVFSaIWTa41UjtBy+aMG4tTop4=,tag:w0auKh5yaY+mPFSEA/Dt4Q==,type:str]", + "lastmodified": "2026-04-02T09:25:43Z", + "mac": "ENC[AES256_GCM,data:Ur0QS5NfS9ffUfFCf5DOnkgrAedMX/15mm6CguMyJcnJpZ1vDGJ3Wzh+z0gsA3KwNPuQzujEuiiWxYVC/Oeikvj9m7loRz7udHDHKRJ50C/4lnLdVPYuUIf9tU7U1vyhfEO7qsKmDhlymds71OABZte2slKFS1Y3yHChEZozDSE=,iv:2swsqpEYFq8MSbKZlK/Y3zF872S60qck5IRmfX6JkDM=,tag:hSoRWI6PHlYO5ap6CSsm3g==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/postgresql/sonarr_password/secret b/vars/per-machine/ulmo/postgresql/sonarr_password/secret index 1086480..59e2cf8 100644 --- a/vars/per-machine/ulmo/postgresql/sonarr_password/secret +++ b/vars/per-machine/ulmo/postgresql/sonarr_password/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:48ktISIY/ZnEwkegyu4RLOXAqtUAXlgKuWn0wH6loo6FyDGbTSdizdGJ4sh+EmGQbKx3s0YlxnfLJMnjKdfkKaBE65Duc48ZNQXfQ5BYnm/ZyvYMQAS/7tOUd1pC1fQSOeKk+/U36v4U3XHsq+x9lMVx5FvgN+E3t69tMRL10ja6,iv:ZN8eouhO676eS26mX97apA/QzFhxiotOKYGkLG+JosM=,tag:zr5TLUXKpR7ma+pO+onckw==,type:str]", + "data": "ENC[AES256_GCM,data:uGqwITMDYsOFdkGNqcmuS7cDxOyfsFd6FAThy1FrcCrei9G++XaRAQymaektzUebvOn/r1Je5hGSnCAwiLPgcL+3k253tOrLZbwqDFx7Hfns/ceKnD5CWs9Vp6JAO+6Md7VBRkcqBaZLBJ2oqdrGxpTqgkB3AyxWhNc8y+6L7m7X,iv:YFoLawKVZ90ZTvloCjQZfds7Z2pk1QkET3bBs/vWwo4=,tag:mU8rGiNASRBVAxcQj4ADvw==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVU8vVWIvMWFoQzY4c0Vv\nSlBBQ2NyK1UyeWhyWXl2d09LTWdER2JwMWlrCnpXWThERjZwMFVUSTFRbE5OM0t4\nUUFRRkorcERRU21hVVFObmJ0cGFwdE0KLS0tIDdVYUFTRm8xTGcrMVNvdHBsTVAy\ndmx5eTRtQzZyUUcvSDVsemZuQU91bVEK9QgqVcVVtHogGsnWqxaatYx0E8EpLvai\n3q2kpV9mlxAgGOLFlOUqSbRvHEEleBIzukgHO3uF9R62q00HsZAd/A==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2OHZiVEQrTFhUVVFNSmFR\naEdQMmxEaG0wMklURTZ4VWQwU3dOT0NHSWdnCi9LQWJoZkNMTzNWSTc1UTVpVTFU\nWUYxcUxSbGc5MkdYblVqZHYzTGhMK3MKLS0tIGhsMmZqeCtRSUZnTGxiNmttK2VV\nY3ljMnZXQTFBSldFQjhQYkxhbW1qV1EKm/XLLAu1QBxELCg56iSToLa2qTDSan91\ndvrlHkGiplG3w2lnufi/s6PvmmjHHvEbHuqiISavt9qUylsqAtfQrw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-04-02T08:04:42Z", - "mac": "ENC[AES256_GCM,data:e1a9V/G6iMhs+YbN5H+4CdLU0DU5CpoGm3eImJPzpv2Hn7qrYMrym+5pmCzwM5DnqQfRRsZ6G0wEI4hatW5ua5i32oqlts64i0ijGTKhN4HymMcQtA8hrW2t9wCaies8DY0vdE2Yf2JaJ9xf2kgLBsb71FvqsItW4qVFZEyLOUM=,iv:yHLt122NXi1so0eg5ix8LLPEKnsMOs/BRenB6vmmZos=,tag:+hecyo0g7TpUapbg0G7QlA==,type:str]", + "lastmodified": "2026-04-02T09:25:43Z", + "mac": "ENC[AES256_GCM,data:Nom2uZ0g5tORzhjApl5VlKEgIhjd5ehGTygBG0ycA29D2OtkRKxjcjbim8fiCn1Mo9O/lXwhXbcM9H5UpChMf8bIWHnVI8Z74/BTsCwfFuwNVF/hH75CKI0GR6XxRyCshhUDefHrHy1xZObJSHoAV1LJlenk59D+2zaExE6ATOM=,iv:TpqdOO+z4WPzyRW/Ze+39HNjlhDYCFltkycN0ly/Qqk=,tag:8PgBTtvb5NiffKXdQkDhkQ==,type:str]", "version": "3.12.1" } } From 772db61b9ee3a74647737e962b55f7654b05165d Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 2 Apr 2026 09:25:51 +0000 Subject: [PATCH 28/58] vars: update via generator lidarr (machine: ulmo) --- vars/per-machine/ulmo/lidarr/api_key/machines/ulmo | 1 + vars/per-machine/ulmo/lidarr/api_key/secret | 8 ++++---- vars/per-machine/ulmo/lidarr/api_key/users/chris | 1 + vars/per-machine/ulmo/lidarr/config.env/machines/ulmo | 1 + vars/per-machine/ulmo/lidarr/config.env/secret | 8 ++++---- vars/per-machine/ulmo/lidarr/config.env/users/chris | 1 + 6 files changed, 12 insertions(+), 8 deletions(-) create mode 120000 vars/per-machine/ulmo/lidarr/api_key/machines/ulmo create mode 120000 vars/per-machine/ulmo/lidarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/lidarr/config.env/machines/ulmo create mode 120000 vars/per-machine/ulmo/lidarr/config.env/users/chris diff --git a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo b/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/api_key/secret b/vars/per-machine/ulmo/lidarr/api_key/secret index 9842058..a1bfef9 100644 --- a/vars/per-machine/ulmo/lidarr/api_key/secret +++ b/vars/per-machine/ulmo/lidarr/api_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:HbbfyZGhb72fFGcw0Wni2X4vWZqR2acEOBh9C10YNolsBwmbGKniHVOQf5eq6H0HUZozvfFbI+jS92HfYPxLEOtzWdD/hyULPwYR8Q4SxWs3KfY/XeMAHupY1Qfmr4HmwgPDpH2wpFIlDACIQG0FhWpI4nplONI0krVdTRWrFvPN,iv:xqDL82zsYPTTl8yOOzgdkATqZO7Y/JNsFyk12cC4We8=,tag:GS/mTcPvJa1NV/PEWdAK2Q==,type:str]", + "data": "ENC[AES256_GCM,data:o7q3dG3EYv6Cet3YSRUBtWD++epjsDvKDxlnvlDTV2BNNDmWEmWCmxIwpw37idRCSHSowuIdG9npYMu2cXXNAcDkRbRA5MveQZOLu8qODiSvJJstOrAGUh6oYMvogAEkoaeogRhPx4SgX0j4KPmxdCsgWIrCWEkaWF1OmhFY9ZUv,iv:rv4Q2OShrAmEcgUq9ch3KpQMQpqx7BoNj0zEqDkyaaY=,tag:EkuoxsqdbNSzhu8fwTaKJQ==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUERwbTh6NnI3b3NvaTU2\nZmdPRmpYTk5aaDNJZ0dqYzBXcnVyYlFlNm5NCkoyZm1wS2FGb2Fza0FaMFVBR1N5\nTFNETHRGTWlSYlZaWVJsNEZ2eWR2bGsKLS0tIE1PcktjRjVKai8vU2EyUGtuMUNl\ndFlDV0VpcitwaXJSempZNmNnMi9JK2cKnCCyh5c0OZLkmJMse1g3OCzPQ+XTdkyy\nqfmAhP6O6amjpfvCcD9s0dOrK/hq/FK4l9Po+qnLkGej4pOIT50WsQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Uzg0OVlTZjBGamwrcmNC\nODBhUVM1dFFhNWY3Y3VYRDRoMEZvOHFEQ1dzCjh1bm9MdG45LzEvcnZvb0FzRCtL\nWGhvampIQ3JYYUdKckhncGFVakk3aTAKLS0tIDRxZ2ZQNkhnZy90SUhhVDkwb0hD\neWhKQkF6ankrQ25uSW9QeEhiN1czTlEKnDr97KT9ULu+IJ93I+4noedX+O0MWsa/\nmTGLZA/F3k3OinMmKeFcYdv/grKda8L4QmbwQzUs8s2MjYDDtLNiBQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-31T09:08:19Z", - "mac": "ENC[AES256_GCM,data:EvrqaArhAzzQe/pYslQmstl6TedPiV4a1L6IOD84cJHt9s7qCYFbweRsea398T53dcCtdhIPlU3QyjVJpGhdyD+ekjc77oqXgqwG5hQhMvUJuTvwQXLA+v6acWsfdTu8bLjjCIfMc4+fcqKjcLGGHpPaz3RxL8Su/uifrV82u4M=,iv:Vc6zqz+s+wY1e46ogsqaiilzRfUJYbMDANNrifleBFE=,tag:pTaFWDj6baVHtTBHkledHQ==,type:str]", + "lastmodified": "2026-04-02T09:25:49Z", + "mac": "ENC[AES256_GCM,data:nqC6JEmJavjeyz3OWSgsEdlT5oxzn5/N283VPwUaGz4ugUgTmKBn9eVEGKjeMPfmdd+wnExUzokT19z9vmVo/tWAopnTs9t0krGPjWHbSTLGXANNiR2DXGCHMLT0ebPiTcZNpIl3OUTQAF2bs4kBK/ImmD8Pbz228PmbLOE6H+A=,iv:2XT+wRTqw4VNJfJkWt7n0sNQINrt2AGMHIWN3nj3Kxc=,tag:ds/UsEG7fUnGIHxslotbOQ==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/lidarr/api_key/users/chris b/vars/per-machine/ulmo/lidarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo b/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/secret b/vars/per-machine/ulmo/lidarr/config.env/secret index f382ec6..2b4b8b4 100644 --- a/vars/per-machine/ulmo/lidarr/config.env/secret +++ b/vars/per-machine/ulmo/lidarr/config.env/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:O4+z76Ie5c501CYdmj17N38yEH8bIXQB/kh3u5zTpmChcUEE1M0PIy3VqXuE2YMxscs9bRlph0qBELBADb+HP5BHTtQ3wBZGNGU/qxnyMzZPy64rhXamBLRlC6lgoKfzLt+tQXprWscwJtbfHrHjNQRMAKLNFMIkpwRb2jlmp84fKFuScFSmQ5UoOrvaTzlsoEYajtBd,iv:9eoLX60eEA8DdRWiPPTWRee6blqTilD2Q0UlM2PNT24=,tag:yhfQW3mb0K9phGl8WMN37A==,type:str]", + "data": "ENC[AES256_GCM,data:CGCmRQVpfm0GZVKXxABAAH5kgXuvKwG2ei2eIYm2zLqyzP5Vt0Z815uH5qdqwfhxb7/LaXd2i24yD9AgeX6kLjsg9VfLmoAvpeywrU1wFKdgosri5PES+0MEk7lsgXz8uI5JRvRohuFUXLB5cMkvAaj+zy9Rwc9B2nJdgz2tFimceP1ALsxu+pHGnG/CIiXjo0GVwX+2505OaRiGywB6LIDNxXYUzJ+6nZpqARI9Xy3eoQTAj+SJ4yVBFGclL1JJWddROqdLuEORXzcIeQc1aa0CkPI7Q6sH2xv3XJ33JxsT6CNCBQL/p6ngR855OY+Hpx1bvISsWV3SzyyW0IdI6hbPBEc6s0opM/w9llf1pvCfK13AWWf3F9A5gEnI4c4VZM61AzRg4OaHVId1GawzLhvwWq7E,iv:hfAMtVVY/Bnw79mFnU9d+fLEJqwuWHcb8dL5PLDp6oE=,tag:XuHrYsZjomVP9tRmP41Iqg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dU1la3lNSjkvQjFrQW9S\nYkowRGhyYlA1ZnBGMzBUOS9LRGtXcmhLeDNRCkdUVDFvNUVSeFFzK0NDS0lzaTUx\nT0l1b2tPelIvaHJOSmRVM2U5Z2lTcG8KLS0tIFVjVUtNNC9oYUYwbTRDV2tPQXVy\nY0cyTklIV3llb0l2TSszSjJ6R3hWc1kKIKJYEg/xHztKo4mmXXym/yTu57MKdk/k\nPfyVXClBxAGjsLzNHbEcc9RNbaIhTXiQlL/bkuH6JvLpeFlKLuLDGw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWnhkckxYaWpvakxJNHZB\ndVNGRHN4UHgwTkowTEEwMFI2OEhwajNBMGt3CitLWEd6UHl2b2kxMEgvRHRKaGxr\nWGluV29TTkNveXUyTEIvb05BSlE5QUUKLS0tIE1mTEZTYlBPLytEYXJWM2dwV2xz\nZFU0eWZxSlZFejlIMnBGNkFGdXBkNHMKvimcV4BI36cFwHvU+235npFgqzHrC+FI\nxy+oohK3XOaM3iZhpo4T1s++mCQx9hvsyHKG4z5Lt09BvkXw795tIw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-31T09:08:19Z", - "mac": "ENC[AES256_GCM,data:ZVcelcvx10+4B1voC2GeBz9FPTypbCp+Zp0QaI5G0UgtD9vLm1W6fT/KysreEqLknlqTN6oqadWS0xCpV2purLu7VLnnfjsjfObod0TxwKf90bi/sG6U0t4kIB/F437WRHai5aV7MWtsXFdh7GuYnpoueqXW5C/qUlKYNJ5eOFk=,iv:N9vbG5HGOS52Z/tvwwr+j2bty0Hqx/Kdd6Q9YI+Xujg=,tag:UL9RzZjl2Vapma/Tel3XpA==,type:str]", + "lastmodified": "2026-04-02T09:25:49Z", + "mac": "ENC[AES256_GCM,data:wPehGqpajsKHixAH2HS2oYwc4oW+8vOI7OURyFJItBP3IhOz+HZzBC7I4XD0IvH3Nk7K1dFQuzCgqo/X3sFqWY6Qd6xzAf45ZBQyj+JeGQgbvPcrOzrGjEsnAsRv9EBrNtIWNFV+mt8G+thmmSvE23EqMWwQVBGzd5brq1ZXBoc=,iv:023iBpil4E1XA03HBM4DCaVCr8DFk+zRxf8+2UOGXzE=,tag:BfBDsHCfRTfDJX/3TGNGPA==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/lidarr/config.env/users/chris b/vars/per-machine/ulmo/lidarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From 8c6e72786c29e830471f10292c20a9907d81e620 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 2 Apr 2026 09:25:54 +0000 Subject: [PATCH 29/58] vars: update via generator prowlarr (machine: ulmo) --- vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo | 1 + vars/per-machine/ulmo/prowlarr/api_key/secret | 8 ++++---- vars/per-machine/ulmo/prowlarr/api_key/users/chris | 1 + vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo | 1 + vars/per-machine/ulmo/prowlarr/config.env/secret | 8 ++++---- vars/per-machine/ulmo/prowlarr/config.env/users/chris | 1 + 6 files changed, 12 insertions(+), 8 deletions(-) create mode 120000 vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo create mode 120000 vars/per-machine/ulmo/prowlarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo create mode 120000 vars/per-machine/ulmo/prowlarr/config.env/users/chris diff --git a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo b/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/secret b/vars/per-machine/ulmo/prowlarr/api_key/secret index 6470c17..20fd3fa 100644 --- a/vars/per-machine/ulmo/prowlarr/api_key/secret +++ b/vars/per-machine/ulmo/prowlarr/api_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:kRQf0fU7aayEFxh57PqwT11aI+GytZFkpIS1Fl4lCbf786K9uBNkNjrKn9FGJjf/bWl+28a30SiI+x1SJIDmB0Gx+twaoH0uTx7xzniMQ6A+mqUihe7qTsuqJZ+B/z4kCQn/4+ig8f3XcgHjx4gp9Ig8d4YlnBHBONCM9d1Mnrd+,iv:g9jb9soLfS71wB5u8+I7ozGNvmCx9rTa09uEZT0pIyI=,tag:MJrJSogPgfF2V98BY2n7Dw==,type:str]", + "data": "ENC[AES256_GCM,data:DO1QVBMqPr4/CFEHpE7sWgGopxqJO3voovhKFr+NR1W0KHMDmaNH5hBwMWmUj9ocOEn3elvUC68LGibIGkqYGQORSnjZ4Z4ETViissg75V1CvTdNqIZ6wgSSoaZ7GV2RWPR7hKZ7Hji5KwLj8WYVOH/OfivVcFAFtLGSm/BtPDTf,iv:kiKwYLz9OeLrl62+V/Ur443etsJVlv8OuVMj+tClHSI=,tag:LZZvcxhoDKn9oJcFAV1iOg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTjZEUm5oaUZVcmsvU1ds\nTGNueUxyelNPdm1OMTJMOXZPSzNrR0lTQXk0CmtvT2ZxamlrNUdKcmRnWCt3RjZo\nUUtYS0NTYkNXVXpvSWwxVi90Zzh1UnMKLS0tIG5xQU5pOGZ4QzlTdWNjK3Zacmpn\nV05vUjNYT2ZNdmZKemt1bWlhYVhsL3cKFsAZB2rTA84FLcSIMIVdUIWIg3RNFtmW\nj/CUcHwqIlNa0syu3DUIgKCCWLGqeFFyIhah0XgrJPJl74NG8aU+OQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQ2tNRDVaY25SbUxJOGda\nallxSklnYTFVazBkbFZ1ZEpQZDA0Rzl6aG1zCkI1cDhrNEpEU3AxSnB3QlZ3STVN\nWUMrMEdJbk9Lcm5WUG9kSjRLS0NjWTgKLS0tIFg2eUViUi9KU0FFcnRQTGNsaHRW\nRlp1a24yRWZMSVJvbVFYMjVFdi9Qa2cK+Ll5fdIbJeh/8IlMJIMnqKU6t3AnL5Uq\nBS+72/nSdGk7XVhZJSSa6L7ra4iejNJev+X+zkFXVhPeHiEO6sWQOA==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-31T09:08:22Z", - "mac": "ENC[AES256_GCM,data:6PFwnAOBZVLuhw9DV7sNTxEi80C7nXYvRVjxK9sIbq5N10J6LoGW79VgXOfUOWaVzfjkfPV5QKgKiNNJpUr1rbxNms9oBX/nF7HqB+oPCNfhe8EKBYBiOJw0ijYbLKgHO1N1KrSbhIAlRwpOqYGHxTOEidBhKkSbr+fUHqRUf84=,iv:V4N2NWjT7KMMjL50fOlJ+I75X9+isf75+vx1L17HJyc=,tag:cabQTDqazYLC2zrRrmYNjw==,type:str]", + "lastmodified": "2026-04-02T09:25:52Z", + "mac": "ENC[AES256_GCM,data:2rPNs+BHnqXZNy82RBU74p3tA5tVpNLKxuU0r0xXmUEin5sIEXslVY9M5c7SHNNG2HKWtvH9dzB5tUXLM5PAf39gEjITUN1n6MQIrvirXVxNKfM2d6oSXX+v53tTBIC7zjVkr/DLJR0kk850oxElg/RjXzPaczisIEv622VXRbQ=,iv:fkJ/sv+ljdmHCxX+wiF/S38MIj6neC11q2mMFhyyPok=,tag:lIeelWnmYcyK44L+VcHIQg==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/prowlarr/api_key/users/chris b/vars/per-machine/ulmo/prowlarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo b/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/secret b/vars/per-machine/ulmo/prowlarr/config.env/secret index 784f19b..b5f8486 100644 --- a/vars/per-machine/ulmo/prowlarr/config.env/secret +++ b/vars/per-machine/ulmo/prowlarr/config.env/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:wK2BUSJ8t7xruSMgMpLr6QnX5cUFdwdxYd5Bv3yozFVkjWi7uooc8kHfIRVEjjNsi9TDmlBXg3watv1pMd/XisfKYw/syFzVf+R84Uc0eLpdXZtqdmoii2rQ0X0oBo+9jnVtYCtq/CPaE5QsDh62xzTHCjgk+esQLBqpMbGyCM1gJehU0UT4/I4aRotEANN+FDIMCMEWQu8=,iv:97NU3qoVFX7pt6Oel8MYzaVpxJnXAGg9anMH7A3I0r4=,tag:Wjqp8dt6kbC+n2saCAUMdw==,type:str]", + "data": "ENC[AES256_GCM,data:pfVu0v6C7fq25CiToA+FI/JqC3sHjuG8jj9ZaBqwFS9mfsLnqL9cS+fk+UfMVvQpqrK/86pzvzdabIVhQBB5kHXuo613jXm/0DXSbKAOV84zxr8j6jEYtUseItcuuoKk4vJper5HFhtfb2umjieSWNUw7RTn30H3ifxbTN8n0+Ut8zV33ipeFLVdJzd4bBzU98axrYmy2lYR/p8EuEt0MohPkLIX/izjczApX7M3kIWn5u4ggYlnSvwaif2f63UGKxzk31aigB5uwHfhs0FjfA5kdIIdIm44SVidfp5rXTTJrrHMfukfHo+UgEgTl4qMpt80M3STXPNQmeK6GYwRJ0aTNT9uU9Lq+JlibWWof6IR8TEyUec/UAGoMfi6EwEFFOJgs7WhFsPGisvLg9YNYSTD4JRE8+EAQg==,iv:yeISxnSx9BsQCPlni6L0Cp9Ect0Lha7aKt1Nes12Vew=,tag:kela+RtMHvVqd/HEEb6NIg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZlNUVm94WUx0b0cwREhl\nVk8vZmR1YmIwZnZPZnJ1cHlMQ2FPaHFiOFFZCnQwSDZyRHhRQ3JXTWhvZ29UTUkv\nTHRvejFjTUVkdWZBaUVsQmNiYUJlakkKLS0tIEVqWmlZSllmUXJ4SkhnY09kV00r\nQ3lhbllsclltMEZ2eFFLQUZKYUdwWG8Kr4iQGYLocVJX48XoVP0ZC3oFYkMueFHG\npRbHTWd+epglbWB1kkjdL89CpLyueJKX/MfNR4oW6RUvs9m73oQIvw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwd3FicHRoZ0poQ0pOVGRE\nK3B3VCt1VkJsNUFvVzdlR2kzQ2VObmc5QzJRClovN2ZNR2NLcGpDNmRWNjRFZDNz\nZW1YVC9JSFFCaGUyc3BYYTNMaitITWMKLS0tIGF1c3kvcE9ZSlVhTTRjZ1g4QXFD\ndXozRTBBcFc2VE5GTVN5U3JEcTZWY28KmQNuVk1bWKC6ZRDy1Eu6MXy8ENpaVvRv\nkIEl4iQfB7wt2eTF+/e/oHw/SzSJZ/mwBaxTDAWyBs0qPNelKxgC6w==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-31T09:08:22Z", - "mac": "ENC[AES256_GCM,data:VwG47hA8cFNni6L+3eSkg8EUIybu5cSRgen3x23Eumehib1ojdyOhER/VO20VouhXdpszZxV/8j7ddLpebgBWgxQNzj4BAdPf1PwuYZMJ8jpHIcu47qgMpixjj8kedn9hyniUOAycB2bODfkXBKjTvfNxw5pLVUlLL1EOnNvQH0=,iv:1nV7aN+KCJ5TAjy26eBr+lPAjnVYH+jSOTgcQq5d9XY=,tag:NRqMVUdDlkNqd6Nc/Fqj+A==,type:str]", + "lastmodified": "2026-04-02T09:25:52Z", + "mac": "ENC[AES256_GCM,data:5UHxsMrqyjqicGg3gajGj6qQEh3WSRCLOSLrbdGuFbWg0qS75QxyM8rz1/Z8JirMNRp+ACYHWXeP6RIt1ifZgmcEmZTv2xYFnuhelFkT5EOFmdBBETPB3EKbTP9DxKXhUPBQ0ObIyfJW3SAhPorBCRpW7+E9bxyaD3+sg4qElaE=,iv:SUNrGE6iEwV99jxBhViFvqoZx6XAdXdsCmMNSRNER4k=,tag:s4ebVBrkLXIddJG0DNSCdg==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/prowlarr/config.env/users/chris b/vars/per-machine/ulmo/prowlarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From 4f2ecc60b422c0ea83a480e25d3ad70083ca6ccc Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 2 Apr 2026 09:25:57 +0000 Subject: [PATCH 30/58] vars: update via generator radarr (machine: ulmo) --- vars/per-machine/ulmo/radarr/api_key/machines/ulmo | 1 + vars/per-machine/ulmo/radarr/api_key/secret | 8 ++++---- vars/per-machine/ulmo/radarr/api_key/users/chris | 1 + vars/per-machine/ulmo/radarr/config.env/machines/ulmo | 1 + vars/per-machine/ulmo/radarr/config.env/secret | 8 ++++---- vars/per-machine/ulmo/radarr/config.env/users/chris | 1 + 6 files changed, 12 insertions(+), 8 deletions(-) create mode 120000 vars/per-machine/ulmo/radarr/api_key/machines/ulmo create mode 120000 vars/per-machine/ulmo/radarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/radarr/config.env/machines/ulmo create mode 120000 vars/per-machine/ulmo/radarr/config.env/users/chris diff --git a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo b/vars/per-machine/ulmo/radarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/secret b/vars/per-machine/ulmo/radarr/api_key/secret index 962bf05..33bcc77 100644 --- a/vars/per-machine/ulmo/radarr/api_key/secret +++ b/vars/per-machine/ulmo/radarr/api_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:cNdXQigG3pBPGgiWNLkGx/VNE1M2U6YgJ1Stt8NUhRqNCNPdywKOFCA5tKRtjkb6QIH+ICMX1Ct8W13xN2BuQYsv71ighywH81VmYHCxoMApgFK/Jc2Kb9y3kdLY5CvHXf87UJlUo8SVtJ5EpL3iMLNWQJUD5r2/bYINlFwXkeqy,iv:xHyO07zaBu4nHHw5dGj7ZYdSNrkOPt11XMPQu86QGyw=,tag:cXcIni2K7c7ImEbVi6ABkg==,type:str]", + "data": "ENC[AES256_GCM,data:aXUOYSlckxmajWwXgypF/ZR2zWIuenIdTLbntSuitbMj3JqiXa5+vb152w8cSz/7u4PCbri5sdoenGOV6LZar8ZpI937py7e93F0QIvuk629MTJMqFAkOtWxo/iW0u6SEH5TZXb+BaULJ42el/uQRKooumvC+R8oF6SAhG4Iw/xf,iv:wfSWMQcEjur4WgMyooAa2Mz30EW43/oCJKg7jVOUU/M=,tag:1wFqb/rkJpa2+QJuJcMerg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRGpwaEpFV29FM3R5VXN3\nUHNsSVQzS0tWTWhKVWQ3dVkrZENONXlIR3hjCjk4bHhjZmRyZmV2RmhFUVNUMGcr\nRm9mR2FjOU1pTFU5TldsdHJuVWh6WWcKLS0tICtZMTh2T3NCYXNNRzhnZ1pwM0dp\nWC9jZnE1L2tMWjlwRFdhemUzNzVIMU0KS0A5bF0mbXOMliCipJhF98ooIZPtQ2SH\n3utUInxWocWXxtUpUTt5T4HWeacNYQ2XY7OTn/G2xz/wqgtnJg0eeg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWm4rOC9KdHN6UkRBTkt2\nY1VTRkFORnUwVDk1Rll4SklmOWJnVXZpdGhFCkxZRzlZK2dVZGRSZHBqd0hoekdK\nUTNnNjFkNWdLR1dyc204dU9hZk43ZUUKLS0tIEpDYWFpeUUrV0Z0a0t3K2VyRUh6\ncG9YOVlqZ3hMVXhTUnM4L2xZcndnR2sKA8Yb2lU7MgrrtYqTbxLFFo8F+OX9Gz8P\nBm23AO8MrM13NDP+TydE+1cgg2DtFDxJVE9dVNCrZyVDOFvz0ymT9g==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-31T09:08:25Z", - "mac": "ENC[AES256_GCM,data:zy4toD5Mi5GFldrZpj9LaYnFZ6AhpKE+gMGmlnlfuxshpJniyu+8LiBEhx2P1RBAfw1d1Sl4ZYyj1cKGuru2ByMD21W3RzXmsiDrJTaAsA3HDFh0WLHnapBuhvEMVK0bn4TAeAn45+Gx5fiiQBX+UaNjA+zhzCm6KWixd50p6OQ=,iv:TI01AQeTXJR9+5kowddyxyGneK80z6zVhwjMSjD0S3w=,tag:QfokXV71TayFuZP9x+SE3g==,type:str]", + "lastmodified": "2026-04-02T09:25:54Z", + "mac": "ENC[AES256_GCM,data:zg6RfqrPbVV61NkY+2diHRb4nY/Z4lmrIhdtc4l/Tp9im6tqDy3/mkybElX6qzEeT27x/kukqBL8IGDFKBcilfgXKzyV0uACvMRO4vntIpHr4sFjdsieECcLFEI4bGD0hSPEu9Pvq7QAKRYL+F8/C4MX8zopEA+fnXQ4HfWkBEQ=,iv:LIasq3mOq3ELb2xrWAMQ+V7TgD8XhZl3XTWZRDAIW+Y=,tag:YspXHQWp4g6ToALONfY/cw==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/radarr/api_key/users/chris b/vars/per-machine/ulmo/radarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo b/vars/per-machine/ulmo/radarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/secret b/vars/per-machine/ulmo/radarr/config.env/secret index e781a27..48d16b7 100644 --- a/vars/per-machine/ulmo/radarr/config.env/secret +++ b/vars/per-machine/ulmo/radarr/config.env/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:9x6/mvl0KqctP0NYLOiF1tz3wohlbqrJn9qrW1YnwEhXvM6idlUhqcD13FVVsaCwQofCAgVhPq+wjcqsFqsTbLlQlgD+BIz8nqvmq+IUnfAxqSgVLzwjegPIAVbb1vTCaneUFm50CtC8QGpfE4A9DQOvyER9G0TpJ5n3zeFBWFXlMMHu4rxoolIjL1AfrcXY45rlnIko,iv:HxGdEqaAWm7IY67FkSU1vwXeOQ3Ntfk28uHRhjTOzSU=,tag:3kVkX2ZDT351hR/nF6ZP+g==,type:str]", + "data": "ENC[AES256_GCM,data:f6GLpyp4xAFuocaf6tPbysWIbPQfzn9SCXZ1AyPOJ9T8B1+6ssM5zFGKGfcWvzm7A0S6fthV+uQrFvlJkpcx+/W9p8yt2ii1YpcmPGzL/2kOW5Ye3Vuo46kHfOzs2UqXoW/u/L1ymBnLaD8R0crdrLYrbKzDbSycGzuLS1Prn6XiSoGFRUp0WGhhqJL3fVuSSF6bXuJgt0cmwVcO7BvigCcKWuKYt1DfJevHbae666k5MNxWKphPNTeBkQM/eXSZtRrT3pBEt+RGssAqfU+vvxafdxGtzGEYINQZSRcPHGC4cBLWKBuJ67+T9tTNRE40bPu3RVF6luBjMiJETqPwQPnJU8PXcvy1k+vxo4/Mx4gExX8fB39yxL2cxYSDB3ttiS3+HbLr6i9MPIpJ2TPsMdY+eOhZ,iv:CGOI7PlHRQ/z+ocR4EL1iJ93BcQJxHNu0FF6VMx/bvM=,tag:8RwjHKLOZRgevWpAlbvkug==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcU5DMFNjNGl1SWV6VnNo\nQWU4dDJrbkJWaTVvTDY3YUxaQ2JXRjlsa0E4CnJoaWFJOGlyM0dBeHRQQ2Q2QXV4\nYVhUWGxueVI0WjY0WC91czVQcjMrcncKLS0tIFRPaUpyblZGZVRsVUhaZmpUWSsr\naEU1OEZMZnRBTWJVaENnQTQ5S2pOSzgK9mhU+zWYnmtHll+oQg04ieplFgW4z2j0\n6RT95UWy0ThPuPe0vEEjbzAeXDQ6qmtvE+IgWs0NILRY7TL801B9oA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWTFPaGdaU1c1Q0RucjVZ\naU9GdlAvUHpIOXFtZ2czdWh0WUJzbVJTOHhrCnl1ZHpXR1hxWFljUW9JRTlicWZK\nLzdVckcwUzIzSzRZZy94ckNtaWxCbTgKLS0tIDZaQzdzZEFTUzN5cE9vVUphWnVL\nZEN2N0p4RTZwM0lRL093OTZlcUllOU0K6nrSoA89k+y7XZ1/Y4QWAoDt6hUfAC+c\n33IIKdjGd8hEHj7ThvqQQfOmfWDpPCzA0prHLzSW6FDTeUm5CQGxFQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-31T09:08:25Z", - "mac": "ENC[AES256_GCM,data:P7Zsb4y8KMCepviLcIfiZD+UyNHR6Sxby+D4IkSLpT8cq86zVdBARbuR+jTgvAsH8JNfKMsYd+UQD8saowuZTPLDzphfkNpzHc3VBkBhIFraNHK874tCyRa+a4SElqdpAF/aPeCpixJsE6uX4us7YnCuBTZjIgZjygqOkioLV3k=,iv:hqEYp7zlTt+3cf3vpAYOhXfy6BY+oe91sA6Wp3LJAbI=,tag:SJwwTDAdETyTErvvgtqvTw==,type:str]", + "lastmodified": "2026-04-02T09:25:55Z", + "mac": "ENC[AES256_GCM,data:pLIVtYn6GOb0cWJRdQRo2YDnO8MteNeNx/hAzfxHgOAmBbz6NlMRAiGrqGro4H8KI+osaZ8NHcyCh4mnj9i/i4dV+pa3X8PSSxAnahK6vjA+B8sf85WPhsFcoBFCtjT6CR1CkR8ktTE+s3SbjdRVk0Hh25T7UzhmFZIgKFvexZ8=,iv:UKXwBVX0R3zmvz6QJuUPtX+WRuE/0L+JlItc7vqpY60=,tag:6SwncaLMWt70WcpDp5u7Qw==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/radarr/config.env/users/chris b/vars/per-machine/ulmo/radarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From 545b2ad871b9aabb2abdc691c075d6aecc576a2f Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 2 Apr 2026 09:26:00 +0000 Subject: [PATCH 31/58] vars: update via generator sonarr (machine: ulmo) --- vars/per-machine/ulmo/sonarr/api_key/machines/ulmo | 1 + vars/per-machine/ulmo/sonarr/api_key/secret | 8 ++++---- vars/per-machine/ulmo/sonarr/api_key/users/chris | 1 + vars/per-machine/ulmo/sonarr/config.env/machines/ulmo | 1 + vars/per-machine/ulmo/sonarr/config.env/secret | 8 ++++---- vars/per-machine/ulmo/sonarr/config.env/users/chris | 1 + 6 files changed, 12 insertions(+), 8 deletions(-) create mode 120000 vars/per-machine/ulmo/sonarr/api_key/machines/ulmo create mode 120000 vars/per-machine/ulmo/sonarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/sonarr/config.env/machines/ulmo create mode 120000 vars/per-machine/ulmo/sonarr/config.env/users/chris diff --git a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo b/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/secret b/vars/per-machine/ulmo/sonarr/api_key/secret index d9eb063..b8328cc 100644 --- a/vars/per-machine/ulmo/sonarr/api_key/secret +++ b/vars/per-machine/ulmo/sonarr/api_key/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:idOrTA5FVhBKOOMva6rIl+kqYYN0EzSY3qczSqmgghjuGLVnzxZ2FdLRY9GwH1Xih8NYu/GFbeyL1XTt/Dt1fcB95dX7qw+xUHXVy78FYPy33L0zWXAYhLkzWZa2ijJfNgTxd/W8M9giYA0XDntKfQuGZve2UJAsu9+SjeZAmwD4,iv:81Q4jVnlqqQEyMkswBAxm7vrHYyw+afdxmP8BDdDihU=,tag:Z0zP9XsXfUE4O6DS0+DhGg==,type:str]", + "data": "ENC[AES256_GCM,data:C1ajlE0mhyVKJ4uKYLuwJyZCUUiox6gLoVz+4n2y44HE1pFMMgjhNa/i/Z95mjS5otAW5IbruDavhxpepzpKgddec1rmf5og2E8FQauZpED2PiyX6+/sbRa9rzoKP73aYwtlkL8i0KbyeSshKqXIVlJwv4RYqdrusVOnEWS4RgdM,iv:z5p8Bepg+wg0vgllQmqLa29Q3YJqg/V2FlIV04nc8Rc=,tag:PcHKoSHzI0AYsyKj9Mw4pg==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEN25BeHdpYlErYnM2ZmhR\nQnlqYnJvUHNpSGlBZGxxczVrSWwybG0xVjBVCmt4aFdJRjliMGV5U0gwSHRoU2RP\nZ3lVejlYR3lxSzhxeG1HUGFxT0EwSjgKLS0tIENSc0tSbHZCOVREalhKYUZyMmtP\nZHZPUXdFNC9QbXdtL3Z1MkJieUlPSUkKXANMJ1efR1D8bCG9I5Q8vmSowQ0p4j7D\npdBxoJxuo4yB6J7gpUuS1aQmGGw0+7OVSg5cQmQoeVMYimXGtHNb4Q==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZHljenNaRXZXd3ptWTdB\nYVlNeTV0RXU2RmM0T3ZlamsyR2d5WVlQZ0R3CnMvekMyb3pScUI0OVpqaDFGRmdY\nK3NBOE5XQTM1b3gzclFoYjNKNjVWZWMKLS0tIHZjaHVwOEwrTktPSllvb1o2VlBH\nT1BldzBDY2orenJKUnRZdk5MNWVqNWMKnw9mXQhaIiNC60YdDC6U6Vkn41fIlX0o\nGXKPpUwwkDrHD5ZmDrYm23C0Id5dlAAD8Typt6vowTqVR9E6plTDEg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-31T09:08:27Z", - "mac": "ENC[AES256_GCM,data:onx5LMoonmZSDTorBl8iZkCi0oszYf/RqqJhEUE3Vi+5mjlAmfXwKUTnFg0EIZ3Rb83bxJ+WR60GDbyVFbBMhaBxs2zkc53JieiuzH1Pdz+79EvAcG2hAdO4koPvWQYxrdw4nTi4m4V324jAHPsCgEvSaRH9RIuigYuJ429wOZ8=,iv:o0LLukrDgr0IN3MXlevVGzznRldaCeL9lAZTEN/GZ9c=,tag:8gMZYf4q+9EGHLxSox+2Eg==,type:str]", + "lastmodified": "2026-04-02T09:25:58Z", + "mac": "ENC[AES256_GCM,data:/ebZBVAEEc5WkNbEoDwkak+MMALV0RpGb/gpOrp75QGliZvtaADgEhD0GekBv4c4v7f4jE06Ed/waYozF96lqRVmzUZVt9pBT5ugsF8UC9WaJAOCZyIgfgWiAGo2k/MdAhjw6efWWqpCb+TwyziqLHQfGUkqsn1LjYcTqO3iDUM=,iv:4K8rgHnrE6E5fQk8VqHT2bu6wD2NOrKtIFCIp7oLyxw=,tag:MhB4gbjdVPa8JEFHuIQmNQ==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sonarr/api_key/users/chris b/vars/per-machine/ulmo/sonarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo b/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/secret b/vars/per-machine/ulmo/sonarr/config.env/secret index 0960548..9e5ffaa 100644 --- a/vars/per-machine/ulmo/sonarr/config.env/secret +++ b/vars/per-machine/ulmo/sonarr/config.env/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:Ys1NFOkYt3IMlzvTdHZqloVMh0TfB3C2LFJpOjDHQoL4hSa6PcsNguFQW0wdegxyKjo60vloeYKo0LRAzq/iBcUBQGJaXTnQTDQOtGAJpmB541BPRwgKxiwXry98GL+E8uuCYR1uidHlNOytDEAUOAUBAS5bX8FKOLlD/qZLu3UD75uP7IriMnCfhMibbMNUU7M7AaFI,iv:shfnbi0jTQYi6NcUvN/MQlDktfdZ6CB9uoUXE/r20IE=,tag:pP/Jc3n+n6ZulRbLg6UPsg==,type:str]", + "data": "ENC[AES256_GCM,data:wHSARDRyTbBqReZ6xmcw0Mb6NfgP5dVztrYnRbQTjV/hpn+i5f/7MaM83MrkNAyrt0bd2p5sSWHhUqWczhv7EFVeioccIWHD7SSVHzw/2y4q2ptq5IZJ1KTsXQvTITdfwsGacN4K0OdG5BbMJhbE5QItI6OoV3B2qOP2llw0bVHivlwFsqx/AtIDSbAFGb+j2eMV8bIXpx3fcKeo2S+8V0931rD7kftreKEhtS5DRk+OUrT/YbJ1M+6kp4eGYUl0c4cC2BhIjnJcEufnxrqiCH+Q/1L3k0HgSZuaAMM15yVo+xv/wQZSpHBexHhIojdIKLdHsexsMf2alEi0JyAEMaMRJBriErRIlq1fj85MXNjI/dYUCdeBPk5CN/Kqw7UQIOOPxbjiepga5J+UYNa4y9myvHOT,iv:LpmsdRVgQNeligzICGdxliFr1ukqOHTaY1rcJJ11nvs=,tag:ZuRd3P3KeDBOoc1VKR4xPQ==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmVWMrNzdnNkxqM2VYU3NI\neTQybDRoeStodUZvS0dGejNsODFqUXBuYVJRCnR0dWxzL05GeUcxK040ZXZEa0RV\na2MxMjhsZk44ZGVwakRuMHZWWFQrcXMKLS0tIC9hMkE5YUlYMFVoSjlNVUc1bXlt\nY2hhYnRFL1N4QTh3NmJ0Q0x0Y3BRTlEKosiaPw0LRpy5tcw0I/7w0T/+VR4ULi3F\nXStF3s+lzZFtjtvJXlAquAscSS92AydOwKgK9R26Zl9/7vAWehce3w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeTdCZEg2cUxtNXFoTndJ\nQnZFWEYzbHp2WU9mT1BWUG5rMUVQU3F3TzNVClpTOTFCOWMrK0ovQjhybjI4TlEv\ndGZkekxZc1ZvbURrU3NTZFhwMkZCSkkKLS0tIHZYOU5DbHhiQ3lhOHZBaHgrTGdi\naW5ZTUFtZlkxQmVsZFBRd0pBcUpZc0kKB+dJmF88tlmFDOdG9BJCSwGFBG69Ja4b\nGV0bqJpiojcxYiscuvY1o98YlbhXqdIC5mDzLJqWARhsRORFCc17mg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-31T09:08:27Z", - "mac": "ENC[AES256_GCM,data:5ioLLvUqSaMHEfwQR6LgE8sGhzklUmX6BAlJVh/m1GOPkt1CjZ4IT76Or2Q7zY66jBUyIIVoTsSnMo7kGNQTLwHYj3T+meYgbZmD9dTUE/zHj5t8t6H4VgfNuyT6Mxl8SKWMb0fJP2cgDt1Asz4O4g2mDchMP/9BMDGbPOM6AuU=,iv:at0VHtc5pdbnGvbxcrrVS83svlJjI+LoaoKRwZW4uM0=,tag:dXf/zL3huq21Wxm39BEiuw==,type:str]", + "lastmodified": "2026-04-02T09:25:58Z", + "mac": "ENC[AES256_GCM,data:zgmV6N1vUf0P6nRB3sGobaM6u81yg5HrQHLsIYZj/+4gTZWznuodX34r4uZ4csdOpmJ1MvvUie399CJrnESw5b2eaNvXBeSinBRlgKxamvPkj881VeW+vuFXb8w5E5gmaOs/Vi81BhaWC7Ifw+YbpfzvZIMGrs2UqtQGhRckZPE=,iv:y1JlvYj+eZo5vhgpADJk48aUAik5CRKlfmZKaDZts8w=,tag:8C29f8g5n4xUNKM6MpcUsw==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/sonarr/config.env/users/chris b/vars/per-machine/ulmo/sonarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From 4dfcd5cca86391fad3fbc0aa3384e792ac26dc1d Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 2 Apr 2026 09:26:04 +0000 Subject: [PATCH 32/58] vars: update via generator servarr (machine: ulmo) --- vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo | 1 + vars/per-machine/ulmo/servarr/config.tfvars/secret | 8 ++++---- vars/per-machine/ulmo/servarr/config.tfvars/users/chris | 1 + 3 files changed, 6 insertions(+), 4 deletions(-) create mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo create mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/users/chris diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo b/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/secret b/vars/per-machine/ulmo/servarr/config.tfvars/secret index e598362..da73b4f 100644 --- a/vars/per-machine/ulmo/servarr/config.tfvars/secret +++ b/vars/per-machine/ulmo/servarr/config.tfvars/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:R1/Mc5QxFI/hW/moWKy0l7ITvv8MAzXvr6Xx8PCReL9XxwXtaz+oam8LnSPnQo4Utl6LiMoSpz4oKKze+w4bgXpKPMXyMTZKS2rFyTINstegVhaULZz/5jCr/DOEquqgSQZKz/0QJnI4owoWy89MDkixJl+JxcVOMhlz7ICP4cxuqhEqNoRLqOppWLDhhXGowHWPqnEs4XVHSoEIYtJaWl6G2InEAL7PfHh6lHI4lYYliVVINp9UWG0yV0jb/GulsI492wcZKG2G5SkNMM4jyA3sK/2UpKOyuHsRJ5TGkjF5OgSu4kyIMhDtfZyoLVPdGAgZlNJ44L17xqQhlbTkO4iJ70lgddjCf5w7f2iWw1kTJqC9bZjreS77OkSb3FLOUZjbEkGPQiAcuYiB+eV8DwzuLCv4kws0vG4O19+u1myoPx1dVAVhcpJwdFVH09U9z86+ea2sWIQjst73LXt2zL6t185U4nzqbRDSwZ0DIwxi3ledPC7Xj8HDwdeHnGTdfRQeN4wLrul7jM7ZgODykcAQM6VbRF6HzQW8h8jifYOFgElSAbEkWCNj30vJo+bu5FLpbkxRizgZxiDr94K7vFXVSH1sV57lKlpaq5UpcmcTAgxcUl8+O3KRP/3/MLR8X0dp+l3xvwCJed1Icp1ihWf+9vHDzt1eo4pi5MXNtDt18mRiNh2hAYlf6klvV7rbWy4ScZzxHH2RnA/HXlE28JoAiW4MlWmjqVuZ/IzelZuUVrwNEolHkqUfZADnGTUsUXg+yhpJWtPdW9sYr30PlKeadapYdivh1fyKPU/9QE6KlQLL5uWjaHROe15QoPr5HrY9krfEzte+5DidxYa6vX5JEPxGSbVze+EpTGH8zDWJFrbXtkf//UEO5YGzctmUHi1NZ5f1yWQplpLZDDHc24svhVd4czfg7BoaqKiFRHkXjTTN4nuZVe3AIzBoNBbqDZnHmWASdqXRfyyvEHWeLDcJi8P5ZD37LVJVbZqzn76AztED2bUgSOqmzyrf8ZtlQ+Z+Gso6i8gxzeJbLrVVVDZ4mUS1xJWFRQS1C4yA/onT6hpkrTz3iVcbgsGlbbKkEZeNywrMbAev1cGfD5aqko1zgibPmP/Bl973koc6bxwLtz7XLDGAs4hf/x/KY7Notdh2KBDCPYsYpXF5xcaI4W6GE5gU3pJTn/xkvmRaznM=,iv:Cxa6M3Rp3B0b60h9R5iK1yvREtjZPbw3cw8G9qUIgvM=,tag:VQtwzjSTaOgxqlDXC7xttQ==,type:str]", + "data": "ENC[AES256_GCM,data:51cLOUJ3H/3423I/GbU6hpcCTABxz73xLX6eJgf93+se/COTByNELcej9AI0pcVpBlkhe4Cun8rf8BRSMunZbt4RQl5LdXZdD+6MNAP/aAZUVv4I3ZcdEE0vS7IPcYx5IB6E1EdvQ4QjuCsit65wt9OeP0NqPULoNbvjitMaDrr1tWcJyLougLkKeTi525LbxFx+gNRaqCUdZT5yKlql+Xc+wUbiTCRKUOUFxOGh1uwx1/T24vnQWpqMFzEVe1NT6yKBIe4Vj4fAe+D5Xeg6YO5Adspq72jhMjMV0WJTAXoTPqmjnpRDqzk/HJglGWmZXgsMrsptn6SA20sn7Fersp0wi0n+1iINalQaS2okzGQItX+ouBj0VEBsauYhrrh/DLuEiWDH/EfMgkxCEBKmUrRPKm2sa5e4A2Hz86PFW1nzQJI9eIi6ibmMYwWILbqQgHwQeDw3sYFgtwIHpM9fei51KAdNT+fA6cLZPQKCzUxU8OIV0w5ZiNRu5FMmKXFoYIbOqUolGH9U5CqvD5Ep80d9140SkxPdX5gTdpYAhkIZvhGkIADIimk3YMuUSP5+IgATw1rX1bbwgEsCjdPZFzzS/i5jshxw3WcGNKFvmxeoeZbCu5jt2tISR1XXNa301r1lofGLKu2PneXotnuzjYZc4W/g6gDzrzh+kFV3X66p/4705m7td0KVw5ESgbCal1SZv5DQmvNaDXJutDGPz/zsfC98qSyWBK3ObRgO29TkcDzrrnkh8KyiUtbKelE1I/dRzoe2SGFKZNYJporomE949xsKsS6IcXjxCWTHw66AW5ETVqy2vGoW4zoWQimQj9FNYBMAGGXEHJUyORqHqqGAY80qxkC0r4DGfMI0P0F5IoFvELnuMKkSFJyzucJTxjv+I7Se4XdmGBzy3z7fASiFpiWxwOQi2CShRUypTHE+Lpa8hLRqnvEq5U7NvXSwNZEs9E0HLjoJrsQL8wfOq7eCtJtKVSCpTuz3HKldt7lMzF1Bt0J9qCNdvTgjm50UIDQeAAw0E54PdKDLBoaNV6G1brpYmlW0NY/0hloWmGlfTArhdh0REH0Pzb8P0b5F66yQsVNyMStGPMkRo5btgHMHaQPoL7cSXZxWPgvBXbw5nzusi2xy64mjrz7YRY/jRgNsxrjWICOYIFnAyX/3eqlSzga2H3MAeMGw6SCu5Zc=,iv:u/2+hqF3Z1rkfTtziaCYYphBNnQjRpm2/pOtatq2ku4=,tag:8Z2Ahw1rKfgElGKBfjZL8A==,type:str]", "sops": { "age": [ { "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3djJ0MFlIbkdIUXZJMlFs\nNDhDK0lvUjJ0WHdxZm1WTGJKVjZ2NjVjVngwCnZ6VFdzVEVjOXk5aGttVXh3WVhz\nK05oZStwN0tqNnBJMDBzRDNyaERzcm8KLS0tIGdDZjl5ekoxRzBZWlJ5TWdzeTVQ\nK3ZBSVR2WFpRelhWa3kwcUhIVnpTM2MKaUqoL2Gn5ZTSeg1VdcTbJv6DksBbH/2P\nYlO6g6WGQymklHfOcHweXsfK9SQKIw/QMzjSAFSnyEdHvj4b4zp4wg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWTUwNzVwd0ZQZXJ1SjRq\nYUg1MHNBc3RiQm1iclg2cGhJd1YxNHE2bFRZCmlxTjRPeUI5ZkwyTTlLWitNM1Nh\nYS9CMVEvTWdqU2hQa1MvbUVrM0xqREUKLS0tIDVrcmloaFJaOWNHSFUyUFZ5eGtl\nNUFaRTBZbUZYU2d4bmh0R0E1eUxFeGsKh2kSO3CRjcHcP4QzaJOY01mHx+M5TGZJ\n58Fd4lAk9CAjdoXBvlNsn5WshYpPpCq6jX9gLffn2rDUMKMDl7wXNQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-03-31T09:09:54Z", - "mac": "ENC[AES256_GCM,data:R9R25jOI2o2YhbiPvpHNngzagv3d1vb5AeCix8Heaqa4OPv4hdvCeTTGSq26dyOU+CXN1TTRoIjl3gj/F3qqsfwaUiIlV/A5K2jQPVcnf9v7GC6htftiwsOYnsVuHPcL71ttaGlsR7VNfuT3r7ICZzQhLo4PR8q5Tp3z0RE4VzA=,iv:RE8X1BBW/SDGLdwUlNUSGPKN+N3huJKSft6dt3Eeg5k=,tag:Bci00Z/ThB7EX1m4sLKwhw==,type:str]", + "lastmodified": "2026-04-02T09:26:02Z", + "mac": "ENC[AES256_GCM,data:O4HiHY1pm5Re/kIcI2vTPL8vFjTFcr1rFBW8ddBu4BGoFTaJLqFsaeTV2NzxWMr3Pag0JfSK4D9SsWn/n4bEO2R37aXTox2fH8UPJ90jqAkevAb85eJlC3Jk45W+fzQ2exCFBjqD7xIRtJ+r1Jyu4gGUZMHuRgAlR2rZllVHAbI=,iv:ePxwH2SfFe9U8zJqQE8P7lsBreSBcQc9qhPjFJw3e7I=,tag:Mcelz9XNBokPftpMqrsySA==,type:str]", "version": "3.12.1" } } diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris b/vars/per-machine/ulmo/servarr/config.tfvars/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/servarr/config.tfvars/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From a8a639db6eb6a093a01fd4d113f8c644019789c1 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 2 Apr 2026 11:37:34 +0200 Subject: [PATCH 33/58] check in time --- clan.nix | 91 ++--- clanServices/peristence/default.nix | 153 ++++++- clanServices/servarr/default.nix | 31 +- clanServices/servarr/lib.nix | 28 +- interfaces/persistence.nix | 20 + interfaces/servarr.nix | 16 + machines/ulmo/configuration.nix | 372 +++++++++--------- .../ulmo/lidarr/api_key/machines/ulmo | 1 - .../ulmo/lidarr/api_key/users/chris | 1 - .../ulmo/lidarr/config.env/machines/ulmo | 1 - .../ulmo/lidarr/config.env/users/chris | 1 - .../ulmo/postgresql/.pgpass/machines/ulmo | 1 - .../ulmo/postgresql/.pgpass/users/chris | 1 - .../ulmo/postgresql/lidarr_hash/users/chris | 1 - .../postgresql/lidarr_password/users/chris | 1 - .../ulmo/postgresql/prowlarr_hash/users/chris | 1 - .../postgresql/prowlarr_password/users/chris | 1 - .../ulmo/postgresql/radarr_hash/users/chris | 1 - .../postgresql/radarr_password/users/chris | 1 - .../ulmo/postgresql/server.crt/machines/ulmo | 1 - .../ulmo/postgresql/server.crt/users/chris | 1 - .../ulmo/postgresql/server.key/machines/ulmo | 1 - .../ulmo/postgresql/server.key/users/chris | 1 - .../ulmo/postgresql/sonarr_hash/users/chris | 1 - .../postgresql/sonarr_password/users/chris | 1 - .../ulmo/prowlarr/api_key/machines/ulmo | 1 - .../ulmo/prowlarr/api_key/users/chris | 1 - .../ulmo/prowlarr/config.env/machines/ulmo | 1 - .../ulmo/prowlarr/config.env/users/chris | 1 - .../ulmo/radarr/api_key/machines/ulmo | 1 - .../ulmo/radarr/api_key/users/chris | 1 - .../ulmo/radarr/config.env/machines/ulmo | 1 - .../ulmo/radarr/config.env/users/chris | 1 - .../ulmo/servarr/config.tfvars/machines/ulmo | 1 - .../ulmo/servarr/config.tfvars/users/chris | 1 - .../ulmo/sonarr/api_key/machines/ulmo | 1 - .../ulmo/sonarr/api_key/users/chris | 1 - .../ulmo/sonarr/config.env/machines/ulmo | 1 - .../ulmo/sonarr/config.env/users/chris | 1 - 39 files changed, 436 insertions(+), 307 deletions(-) create mode 100644 interfaces/persistence.nix create mode 100644 interfaces/servarr.nix delete mode 120000 vars/per-machine/ulmo/lidarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/lidarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/lidarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/lidarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo delete mode 120000 vars/per-machine/ulmo/postgresql/.pgpass/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/lidarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/radarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/radarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo delete mode 120000 vars/per-machine/ulmo/postgresql/server.crt/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/server.key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/postgresql/server.key/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/sonarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/prowlarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/prowlarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/radarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/radarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/radarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/radarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo delete mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/users/chris delete mode 120000 vars/per-machine/ulmo/sonarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sonarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/sonarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sonarr/config.env/users/chris diff --git a/clan.nix b/clan.nix index ae3cb5e..88ad92a 100644 --- a/clan.nix +++ b/clan.nix @@ -8,36 +8,8 @@ directory = ./.; exportInterfaces = { - persistence = {lib, ...}: let - inherit (lib) mkOption types; - in { - options = { - main = mkOption { - type = types.str; - }; - - database = mkOption { - type = types.attrsOf types.anything; - }; - }; - }; - - servarr = {lib, ...}: let - inherit (lib) mkOption types; - in { - options = { - services = mkOption { - type = types.attrsOf (types.submodule { - options = { - port = mkOption { - type = types.port; - }; - }; - }); - default = "awesome!"; - }; - }; - }; + persistence = import ./interfaces/persistence.nix; + servarr = import ./interfaces/servarr.nix; }; inventory.machines = { @@ -99,8 +71,10 @@ inventory.instances = { users-chris = { - module.name = "users"; - module.input = "clan-core"; + module = { + name = "users"; + input = "clan-core"; + }; roles.default.machines.mandos.settings = {}; roles.default.machines.manwe.settings = {}; @@ -116,38 +90,45 @@ }; persistence = { - module.name = "persistence"; - module.input = "self"; + module = { + name = "persistence"; + input = "self"; + }; # TODO :: Convert to use tags instead roles.default.machines.ulmo.settings = {}; }; servarr = { - module.name = "servarr"; - module.input = "self"; + module = { + name = "servarr"; + input = "self"; + }; # TODO :: Convert to use tags instead - roles.default.machines.ulmo.settings = {}; - roles.default.settings = { - enable = true; - services = { - sonarr = { - rootFolders = [ - "/var/media/series" - ]; + roles.default = { + machines.ulmo.settings = {}; + + settings = { + enable = true; + services = { + sonarr = { + rootFolders = [ + "/var/media/series" + ]; + }; + radarr = { + rootFolders = [ + "/var/media/movies" + ]; + }; + lidarr = { + rootFolders = [ + "/var/media/music" + ]; + }; + prowlarr = {}; }; - radarr = { - rootFolders = [ - "/var/media/movies" - ]; - }; - lidarr = { - rootFolders = [ - "/var/media/music" - ]; - }; - prowlarr = {}; }; }; }; diff --git a/clanServices/peristence/default.nix b/clanServices/peristence/default.nix index d0cbc19..c3b5d9e 100644 --- a/clanServices/peristence/default.nix +++ b/clanServices/peristence/default.nix @@ -1,4 +1,11 @@ -{...}: { +{ + lib, + clanLib, + exports, + ... +}: let + inherit (builtins) toString; +in { _class = "clan.service"; manifest = { name = "arda/persistence"; @@ -7,28 +14,156 @@ (for now this means a database. and specifically it means postgres) ''; readme = builtins.readFile ./README.md; - exports.out = ["persistence"]; + exports = { + inputs = ["persistence"]; + out = ["persistence"]; + }; }; roles.default = { description = ''''; - interface = {...}: { - options = {}; + interface = {lib, ...}: let + inherit (lib) mkOption types; + in { + options = { + port = mkOption { + type = types.port; + default = 5432; + }; + }; }; - perInstance = {mkExports, ...}: { + perInstance = { + mkExports, + machine, + settings, + ... + }: let + requested_databases = + exports + |> clanLib.selectExports (_scope: true) + |> lib.mapAttrsToList (_: value: value.persistence.databases or []) + |> lib.concatLists; + in { exports = mkExports { persistence = { main = "postgresql"; - database.postgresql = { - host = ""; - port = 5432; + driver.postgresql = { + host = "localhost"; + port = settings.port; + databases = requested_databases; }; }; }; - nixosModule = {...}: { + nixosModule = { + lib, + pkgs, + config, + ... + }: { + clan.core.vars.generators.postgresql = let + password_files = + requested_databases + |> lib.map (db: [ + { + name = "${db}_password"; + value = { + secret = true; + deploy = false; + }; + } + ]) + |> lib.concatLists + |> lib.listToAttrs; + in { + files = + { + "server.crt" = { + secret = true; + deploy = true; + }; + "server.key" = { + secret = true; + deploy = true; + }; + ".pgpass" = { + secret = true; + deploy = true; + + owner = "postgres"; + group = "postgres"; + mode = "0600"; + restartUnits = ["service.postgresql"]; + }; + } + // password_files; + + runtimeInputs = with pkgs; [openssl_3_5 pwgen]; + script = '' + openssl req \ + -new -x509 -days 365 -nodes -text \ + -out $out/server.crt \ + -keyout $out/server.key \ + -subj "/CN=db.${config.networking.fqdn}" + + ${requested_databases + |> lib.map (db: "pwgen -s 128 1 > $out/${db}_password") + |> lib.join "\n"} + + cat << EOL > $out/.pgpass + #host:port:database:user:password + ${requested_databases + |> lib.map (db: "*:${toString settings.port}:${db}:${db}:$(cat $out/${db}_password)") + |> lib.join "\n"} + EOL + ''; + }; + + systemd.services.postgresql.environment.PGPASSFILE = config.clan.core.vars.generators.postgresql.files.".pgpass".path; + + services = { + postgresql = { + enable = true; + # enableTCPIP = true; + + settings = { + port = settings.port; + ssl = true; + }; + + ensureDatabases = requested_databases; + ensureUsers = + requested_databases + |> lib.map (db: { + name = db; + ensureDBOwnership = true; + ensureClauses = { + login = true; + connection_limit = 5; + }; + }); + + identMap = '' + #map sys user db user + superuser_map root postgres + superuser_map postgres postgres + superuser_map /^(.+)$ \1 + ''; + + authentication = '' + # Generated file, do not edit! + # type database user auth-method optional_ident_map + local sameuser all peer map=superuser_map + + # TYPE DATABASE USER ADDRESS METHOD + # local all all trust + host all all 127.0.0.1/32 scram-sha-256 + host all all ::1/128 scram-sha-256 + ''; + }; + }; }; }; }; diff --git a/clanServices/servarr/default.nix b/clanServices/servarr/default.nix index 1b36eeb..ccdbb66 100644 --- a/clanServices/servarr/default.nix +++ b/clanServices/servarr/default.nix @@ -1,6 +1,5 @@ { exports, - clanLib, lib, ... }: { @@ -11,8 +10,8 @@ categories = ["Service" "Media"]; readme = builtins.readFile ./README.md; exports = { - inputs = ["persistence"]; - out = ["servarr"]; + inputs = []; + out = ["servarr" "persistence"]; }; }; @@ -24,6 +23,16 @@ in { options = { enable = mkEnableOption "Enable configured *arr services"; + + database = { + host = mkOption { + type = types.str; + }; + port = mkOption { + type = types.port; + }; + }; + services = mkOption { type = types.attrsOf (types.submodule ({name, ...}: { options = { @@ -53,6 +62,10 @@ ... }: { exports = mkExports { + persistence.databases = + settings.services + |> lib.attrNames; + servarr.services = settings.services |> lib.attrNames @@ -73,8 +86,6 @@ servarr = import ./lib.nix (args // {inherit settings;}); services = settings.services |> lib.attrNames; service_count = services |> lib.length; - - db = exports |> clanLib.getExport {serviceName = "persistence";}; in { imports = [ (import ./sabnzbd.nix (args @@ -121,16 +132,6 @@ openFirewall = true; port = 2000 + service_count + 3; }; - - postgresql = { - ensureDatabases = services; - ensureUsers = - services - |> lib.map (service: { - name = service; - ensureDBOwnership = true; - }); - }; }; }; }; diff --git a/clanServices/servarr/lib.nix b/clanServices/servarr/lib.nix index 43fde4d..0abda3c 100644 --- a/clanServices/servarr/lib.nix +++ b/clanServices/servarr/lib.nix @@ -13,6 +13,8 @@ options, ... }: { + dependencies = ["postgresql"]; + files = { api_key = { secret = true; @@ -33,7 +35,10 @@ runtimeInputs = with pkgs; [pwgen]; script = '' pwgen -s 128 1 > $out/api_key - echo ${lib.toUpper service}__AUTH__APIKEY="$(cat $out/api_key)" > $out/config.env + cat << EOL > $out/config.env + ${lib.toUpper service}__AUTH__APIKEY="$(cat $out/api_key)" + ${lib.toUpper service}__POSTGRES_PASSWORD="$(cat $in/postgresql/${service}_password)" + EOL ''; }; @@ -41,7 +46,9 @@ service, options, ... - }: + }: let + inherit (builtins) toString; + in { enable = true; openFirewall = true; @@ -58,9 +65,10 @@ port = options.port; }; + # Password provided via environment file postgres = { - host = "localhost"; - port = "5432"; + host = settings.database.host; + port = toString settings.database.port; user = service; maindb = service; logdb = service; @@ -72,7 +80,7 @@ group = "media"; }); - createSystemdService = { + createSystemdService = args @ { service, options, ... @@ -81,7 +89,7 @@ terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { system = pkgs.stdenv.hostPlatform.system; modules = [ - (createInfra {inherit service options;}) + (createInfra args) ]; }; in { @@ -300,7 +308,7 @@ )); }; in { - createModule = services: {...}: { + createModule = services: args: { config = services |> lib.attrsToList @@ -311,10 +319,10 @@ in { service = name; options = value // {port = 2000 + i;}; in { - clan.core.vars.generators.${service} = createGenerator {inherit service options;}; - services.${service} = createService {inherit service options;}; + clan.core.vars.generators.${service} = createGenerator (args // {inherit service options;}); + services.${service} = createService (args // {inherit service options;}); - systemd.services."${service}-apply-infra" = lib.mkIf settings.enable (createSystemdService {inherit service options;}); + systemd.services."${service}-apply-infra" = lib.mkIf settings.enable (createSystemdService (args // {inherit service options;})); }) |> lib.mkMerge; }; diff --git a/interfaces/persistence.nix b/interfaces/persistence.nix new file mode 100644 index 0000000..0d0841d --- /dev/null +++ b/interfaces/persistence.nix @@ -0,0 +1,20 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options = { + main = mkOption { + type = types.nullOr types.str; + default = null; + }; + + driver = mkOption { + type = types.attrsOf types.anything; + default = {}; + }; + + databases = mkOption { + type = types.listOf types.str; + default = []; + }; + }; +} diff --git a/interfaces/servarr.nix b/interfaces/servarr.nix new file mode 100644 index 0000000..3cd824a --- /dev/null +++ b/interfaces/servarr.nix @@ -0,0 +1,16 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options = { + services = mkOption { + type = types.attrsOf (types.submodule { + options = { + port = mkOption { + type = types.port; + }; + }; + }); + default = {}; + }; + }; +} diff --git a/machines/ulmo/configuration.nix b/machines/ulmo/configuration.nix index 0fa4431..ad2ab71 100644 --- a/machines/ulmo/configuration.nix +++ b/machines/ulmo/configuration.nix @@ -66,221 +66,221 @@ }; }; - sneeuwvlok = { - services = { - backup.borg.enable = true; + # sneeuwvlok = { + # services = { + # backup.borg.enable = true; - authentication.zitadel = { - enable = true; + # authentication.zitadel = { + # enable = true; - organization = { - nix = { - user = { - chris = { - email = "chris@kruining.eu"; - firstName = "Chris"; - lastName = "Kruining"; + # organization = { + # nix = { + # user = { + # chris = { + # email = "chris@kruining.eu"; + # firstName = "Chris"; + # lastName = "Kruining"; - roles = ["ORG_OWNER"]; - instanceRoles = ["IAM_OWNER"]; - }; + # roles = ["ORG_OWNER"]; + # instanceRoles = ["IAM_OWNER"]; + # }; - kaas = { - email = "chris+kaas@kruining.eu"; - firstName = "Kaas"; - lastName = "Kruining"; - }; - }; + # kaas = { + # email = "chris+kaas@kruining.eu"; + # firstName = "Kaas"; + # lastName = "Kruining"; + # }; + # }; - project = { - ulmo = { - projectRoleCheck = true; - projectRoleAssertion = true; - hasProjectCheck = true; + # project = { + # ulmo = { + # projectRoleCheck = true; + # projectRoleAssertion = true; + # hasProjectCheck = true; - role = { - jellyfin = { - group = "jellyfin"; - }; - jellyfin_admin = { - group = "jellyfin"; - }; - }; + # role = { + # jellyfin = { + # group = "jellyfin"; + # }; + # jellyfin_admin = { + # group = "jellyfin"; + # }; + # }; - assign = { - chris = ["jellyfin" "jellyfin_admin"]; - kaas = ["jellyfin"]; - }; + # assign = { + # chris = ["jellyfin" "jellyfin_admin"]; + # kaas = ["jellyfin"]; + # }; - application = { - jellyfin = { - redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # application = { + # jellyfin = { + # redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; - forgejo = { - redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # forgejo = { + # redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; - vaultwarden = { - redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - exportMap = { - client_id = "SSO_CLIENT_ID"; - client_secret = "SSO_CLIENT_SECRET"; - }; - }; + # vaultwarden = { + # redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # exportMap = { + # client_id = "SSO_CLIENT_ID"; + # client_secret = "SSO_CLIENT_SECRET"; + # }; + # }; - matrix = { - redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # matrix = { + # redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; - mydia = { - redirectUris = ["http://localhost:2010/auth/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; + # mydia = { + # redirectUris = ["http://localhost:2010/auth/oidc/callback"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; - grafana = { - redirectUris = ["http://localhost:9001/login/generic_oauth"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - }; - }; + # grafana = { + # redirectUris = ["http://localhost:9001/login/generic_oauth"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; + # }; + # }; - convex = { - projectRoleCheck = true; - projectRoleAssertion = true; - hasProjectCheck = true; + # convex = { + # projectRoleCheck = true; + # projectRoleAssertion = true; + # hasProjectCheck = true; - application = { - scry = { - redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - }; - }; - }; + # application = { + # scry = { + # redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; + # }; + # }; + # }; - action = { - flattenRoles = { - script = '' - (ctx, api) => { - if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { - return; - } + # action = { + # flattenRoles = { + # script = '' + # (ctx, api) => { + # if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { + # return; + # } - const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); + # const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); - api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); - }; - ''; - }; - }; + # api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); + # }; + # ''; + # }; + # }; - triggers = [ - { - flowType = "customiseToken"; - triggerType = "preUserinfoCreation"; - actions = ["flattenRoles"]; - } - { - flowType = "customiseToken"; - triggerType = "preAccessTokenCreation"; - actions = ["flattenRoles"]; - } - ]; - }; - }; - }; + # triggers = [ + # { + # flowType = "customiseToken"; + # triggerType = "preUserinfoCreation"; + # actions = ["flattenRoles"]; + # } + # { + # flowType = "customiseToken"; + # triggerType = "preAccessTokenCreation"; + # actions = ["flattenRoles"]; + # } + # ]; + # }; + # }; + # }; - communication.matrix.enable = true; + # communication.matrix.enable = true; - development.forgejo.enable = true; + # development.forgejo.enable = true; - networking.ssh.enable = true; - networking.caddy.hosts = { - # Expose amarht cloud stuff like this until I have a proper solution - "auth.amarth.cloud" = '' - reverse_proxy http://192.168.1.223:9092 - ''; + # networking.ssh.enable = true; + # networking.caddy.hosts = { + # # Expose amarht cloud stuff like this until I have a proper solution + # "auth.amarth.cloud" = '' + # reverse_proxy http://192.168.1.223:9092 + # ''; - "amarth.cloud" = '' - reverse_proxy http://192.168.1.223:8080 - ''; - }; + # "amarth.cloud" = '' + # reverse_proxy http://192.168.1.223:8080 + # ''; + # }; - media.enable = true; - media.glance.enable = true; - media.mydia.enable = true; - media.nfs.enable = true; - media.jellyfin.enable = true; - # media.servarr = { - # radarr = { - # enable = true; - # port = 2001; - # rootFolders = [ - # "/var/media/movies" - # ]; - # }; + # media.enable = true; + # media.glance.enable = true; + # media.mydia.enable = true; + # media.nfs.enable = true; + # media.jellyfin.enable = true; + # # media.servarr = { + # # radarr = { + # # enable = true; + # # port = 2001; + # # rootFolders = [ + # # "/var/media/movies" + # # ]; + # # }; - # sonarr = { - # enable = true; - # # debug = true; - # port = 2002; - # rootFolders = [ - # "/var/media/series" - # ]; - # }; + # # sonarr = { + # # enable = true; + # # # debug = true; + # # port = 2002; + # # rootFolders = [ + # # "/var/media/series" + # # ]; + # # }; - # lidarr = { - # enable = true; - # debug = true; - # port = 2003; - # rootFolders = [ - # "/var/media/music" - # ]; - # }; + # # lidarr = { + # # enable = true; + # # debug = true; + # # port = 2003; + # # rootFolders = [ + # # "/var/media/music" + # # ]; + # # }; - # prowlarr = { - # enable = true; - # # debug = true; - # port = 2004; - # }; - # }; + # # prowlarr = { + # # enable = true; + # # # debug = true; + # # port = 2004; + # # }; + # # }; - observability = { - grafana.enable = true; - prometheus.enable = true; - loki.enable = true; - promtail.enable = true; - # uptime-kuma.enable = true; - }; + # observability = { + # grafana.enable = true; + # prometheus.enable = true; + # loki.enable = true; + # promtail.enable = true; + # # uptime-kuma.enable = true; + # }; - security.vaultwarden = { - enable = true; - database = { - # type = "sqlite"; - # file = "/var/lib/vaultwarden/state.db"; + # security.vaultwarden = { + # enable = true; + # database = { + # # type = "sqlite"; + # # file = "/var/lib/vaultwarden/state.db"; - type = "postgresql"; - host = "localhost"; - port = 5432; - sslMode = "disabled"; - }; - }; - }; + # type = "postgresql"; + # host = "localhost"; + # port = 5432; + # sslMode = "disabled"; + # }; + # }; + # }; - editor = { - nano.enable = true; - }; - }; + # editor = { + # nano.enable = true; + # }; + # }; } diff --git a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo b/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/api_key/users/chris b/vars/per-machine/ulmo/lidarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/lidarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo b/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/users/chris b/vars/per-machine/ulmo/lidarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/lidarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo b/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/users/chris b/vars/per-machine/ulmo/postgresql/.pgpass/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/.pgpass/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris b/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris b/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/radarr_password/users/chris b/vars/per-machine/ulmo/postgresql/radarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/radarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo b/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.crt/users/chris b/vars/per-machine/ulmo/postgresql/server.crt/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/server.crt/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo b/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.key/users/chris b/vars/per-machine/ulmo/postgresql/server.key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/server.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris b/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo b/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/users/chris b/vars/per-machine/ulmo/prowlarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/prowlarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo b/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/users/chris b/vars/per-machine/ulmo/prowlarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/prowlarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo b/vars/per-machine/ulmo/radarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/users/chris b/vars/per-machine/ulmo/radarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/radarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo b/vars/per-machine/ulmo/radarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/users/chris b/vars/per-machine/ulmo/radarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/radarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo b/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris b/vars/per-machine/ulmo/servarr/config.tfvars/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo b/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/users/chris b/vars/per-machine/ulmo/sonarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sonarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo b/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/users/chris b/vars/per-machine/ulmo/sonarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sonarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file From d60d4badf33cb96acbeee838ef25dfc8b4924522 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 2 Apr 2026 17:24:18 +0200 Subject: [PATCH 34/58] really loving clan! --- clan.nix | 88 ++++++++++++-- clanServices/caddy/default.nix | 23 ---- clanServices/caddy/flake-module.nix | 13 -- clanServices/{caddy => gateway}/README.md | 0 clanServices/gateway/default.nix | 94 +++++++++++++++ clanServices/gateway/flake-module.nix | 13 ++ clanServices/identity/README.md | 0 clanServices/identity/default.nix | 138 ++++++++++++++++++++++ clanServices/identity/flake-module.nix | 13 ++ clanServices/peristence/default.nix | 2 +- clanServices/servarr/default.nix | 45 ++++--- clanServices/servarr/lib.nix | 13 +- docs/plans/tagging-strategy.md | 50 ++++++++ interfaces/gateway.nix | 47 ++++++++ interfaces/servarr.nix | 16 --- 15 files changed, 474 insertions(+), 81 deletions(-) delete mode 100644 clanServices/caddy/default.nix delete mode 100644 clanServices/caddy/flake-module.nix rename clanServices/{caddy => gateway}/README.md (100%) create mode 100644 clanServices/gateway/default.nix create mode 100644 clanServices/gateway/flake-module.nix create mode 100644 clanServices/identity/README.md create mode 100644 clanServices/identity/default.nix create mode 100644 clanServices/identity/flake-module.nix create mode 100644 interfaces/gateway.nix delete mode 100644 interfaces/servarr.nix diff --git a/clan.nix b/clan.nix index 88ad92a..f0ec880 100644 --- a/clan.nix +++ b/clan.nix @@ -9,7 +9,7 @@ exportInterfaces = { persistence = import ./interfaces/persistence.nix; - servarr = import ./interfaces/servarr.nix; + gateway = import ./interfaces/gateway.nix; }; inventory.machines = { @@ -17,19 +17,25 @@ name = "aule"; description = "Planned build server."; machineClass = "nixos"; - tags = ["planned" "build"]; + tags = []; }; mandos = { name = "mandos"; description = "Living room Steam box."; machineClass = "nixos"; - tags = ["gaming" "living-room"]; + tags = [ + "capability:mobility:stationary" + "operational:availability:wake-on-demand" + ]; }; manwe = { name = "manwe"; description = "Main desktop."; machineClass = "nixos"; - tags = ["desktop"]; + tags = [ + "capability:mobility:stationary" + "operational:availability:manual" + ]; }; melkor = { name = "melkor"; @@ -41,19 +47,30 @@ name = "orome"; description = "Work laptop."; machineClass = "nixos"; - tags = ["laptop" "work"]; + tags = [ + "capability:mobility:portable" + "operational:availability:manual" + ]; }; tulkas = { name = "tulkas"; description = "Steam Deck."; machineClass = "nixos"; - tags = ["gaming" "handheld"]; + tags = [ + "capability:mobility:portable" + "operational:availability:manual" + ]; }; ulmo = { name = "ulmo"; description = "Primary self-hosted services machine."; machineClass = "nixos"; - tags = ["server" "services"]; + tags = [ + "capability:mobility:stationary" + "operational:availability:always-on" + "operational:storage:large" + "operational:role:gateway" + ]; }; varda = { name = "varda"; @@ -69,6 +86,17 @@ }; }; + inventory.tags = { + config, + machines, + ... + }: { + # tag_name = [ "list" "of" "machines" ] + "capability:hardware:gpu" = [""]; + "capability:hardware:audio" = [""]; + "capability:hardware:bluetooth" = [""]; + }; + inventory.instances = { users-chris = { module = { @@ -89,6 +117,44 @@ }; }; + clanDns = { + module = { + name = "dm-dns"; + input = "clan-core"; + }; + + roles.default.tags = ["all"]; + }; + + gateway = { + module = { + name = "gateway"; + input = "self"; + }; + + roles.default = { + tags = ["operational:role:gateway"]; + + settings = { + driver = "caddy"; + }; + }; + }; + + identity = { + module = { + name = "identity"; + input = "self"; + }; + + roles.default = { + tags = ["operational:availability:always-on"]; + + settings = { + }; + }; + }; + persistence = { module = { name = "persistence"; @@ -96,7 +162,7 @@ }; # TODO :: Convert to use tags instead - roles.default.machines.ulmo.settings = {}; + roles.default.tags = ["operational:availability:always-on" "operational:storage:large"]; }; servarr = { @@ -105,12 +171,14 @@ input = "self"; }; - # TODO :: Convert to use tags instead roles.default = { - machines.ulmo.settings = {}; + tags = ["operational:availability:always-on"]; settings = { enable = true; + + persistence_instance = "persistence"; + services = { sonarr = { rootFolders = [ diff --git a/clanServices/caddy/default.nix b/clanServices/caddy/default.nix deleted file mode 100644 index fc3ae7a..0000000 --- a/clanServices/caddy/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{...}: { - _class = "clan.service"; - manifest = { - name = "arda/caddy"; - description = '' - Configuration of reverse proxy. - ''; - categories = [ "Service", "Media" ]; - readme = builtins.readFile ./README.md; - }; - - roles.default = { - description = ''''; - - interface = {...}: { - options = {}; - }; - - perInstance = {...}: { - nixosModule = {...}: {}; - }; - }; -} diff --git a/clanServices/caddy/flake-module.nix b/clanServices/caddy/flake-module.nix deleted file mode 100644 index 10a5a52..0000000 --- a/clanServices/caddy/flake-module.nix +++ /dev/null @@ -1,13 +0,0 @@ -{...}: let - module = ./default.nix; -in { - clan.modules.caddy = module; - - # perSystem = {...}: { - # clan.nixosTests.caddy = { - # imports = []; - - # clan.modules."@arda/caddy" = module; - # }; - # }; -} diff --git a/clanServices/caddy/README.md b/clanServices/gateway/README.md similarity index 100% rename from clanServices/caddy/README.md rename to clanServices/gateway/README.md diff --git a/clanServices/gateway/default.nix b/clanServices/gateway/default.nix new file mode 100644 index 0000000..ce837fd --- /dev/null +++ b/clanServices/gateway/default.nix @@ -0,0 +1,94 @@ +{ + lib, + clanLib, + exports, + ... +}: let + inherit (builtins) toString; +in { + _class = "clan.service"; + manifest = { + name = "arda/gateway"; + description = '' + ''; + readme = builtins.readFile ./README.md; + exports = { + inputs = []; + out = []; + }; + }; + + roles.default = { + description = ''''; + + interface = {lib, ...}: let + inherit (lib) mkOption types; + in { + options = { + driver = mkOption { + type = types.enum ["caddy" "nginx"]; + }; + + hosts = mkOption { + type = types.attrsOf types.str; + default = {}; + }; + }; + }; + + perInstance = { + mkExports, + machine, + settings, + ... + }: let + reverse_proxies = + exports + |> clanLib.selectExports (_scope: true) + |> lib.mapAttrsToList (_: value: (value.gateway.services or {}) |> lib.attrValues) + |> lib.concatLists + |> lib.map ({ + name, + protocol, + host, + port, + }: { + name = "${name}.${machine.name}.arda"; + value = { + extraConfig = '' + reverse_proxy ${protocol}://${host}:${toString port} + ''; + }; + }) + |> lib.listToAttrs; + in { + # exports = + # mkExports { + # }; + + nixosModule = { + lib, + pkgs, + ... + }: let + inherit (lib) mkMerge mkIf; + + caddyPackage = pkgs.caddy.withPlugins { + plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; + hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; + }; + in { + config = mkMerge [ + (lib.mkIf (settings.driver == "caddy") { + services.caddy = { + enable = true; + package = caddyPackage; + + virtualHosts = reverse_proxies // {}; + }; + }) + ]; + }; + }; + }; +} diff --git a/clanServices/gateway/flake-module.nix b/clanServices/gateway/flake-module.nix new file mode 100644 index 0000000..a53d5d7 --- /dev/null +++ b/clanServices/gateway/flake-module.nix @@ -0,0 +1,13 @@ +{...}: let + module = ./default.nix; +in { + clan.modules.gateway = module; + + # perSystem = {...}: { + # clan.nixosTests.gateway = { + # imports = []; + + # clan.modules."@arda/gateway" = module; + # }; + # }; +} diff --git a/clanServices/identity/README.md b/clanServices/identity/README.md new file mode 100644 index 0000000..e69de29 diff --git a/clanServices/identity/default.nix b/clanServices/identity/default.nix new file mode 100644 index 0000000..1c07781 --- /dev/null +++ b/clanServices/identity/default.nix @@ -0,0 +1,138 @@ +{ + lib, + clanLib, + exports, + ... +}: let + inherit (builtins) toString; +in { + _class = "clan.service"; + manifest = { + name = "arda/identity"; + description = '' + ''; + readme = builtins.readFile ./README.md; + exports = { + inputs = ["persistence"]; + out = ["gateway"]; + }; + }; + + roles.default = { + description = ''''; + + interface = {lib, ...}: let + inherit (lib) mkOption types; + in { + options = { + driver = mkOption { + type = types.enum ["zitadel"]; + default = "zitadel"; + }; + + port = mkOption { + type = types.port; + default = 9092; + }; + }; + }; + + perInstance = { + mkExports, + settings, + ... + }: let + database = + exports + |> clanLib.getExport { + serviceName = "arda/persistence"; + roleName = "default"; + machineName = machine.name; + instanceName = settings.persistence_instance; + } + |> (v: v.persistence.driver.postgresql); + in { + exports = mkExports { + gateway.services.identity = {port = settings.port;}; + }; + + nixosModule = { + lib, + pkgs, + config, + ... + }: let + inherit (lib) mkMerge mkIf; + in { + config = mkMerge [ + (lib.mkIf (settings.driver == "zitadel") { + clan.core.vars.generators.zitadel = { + dependencies = ["persistence"]; + + files = { + masterKey = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["zitadel.service"]; + }; + + settings = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["zitadel.service"]; + }; + }; + + runtimeInputs = with pkgs; [pwgen]; + script = '' + pwgen -s 32 1 > $out/masterKey + + cat << EOL > $out/settings + Database: + postgres: + User: + Password: $(cat $in/persistence/zitadel_password) + Admin: + Password: $(cat $in/persistence/zitadel_password) + EOL + ''; + }; + + environment.systemPackages = with pkgs; [ + zitadel + ]; + + services.zitadel = { + enable = true; + masterKeyFile = config.clan.core.vars.generators.zitadel.files.masterKey.path; + + tlsMode = "external"; + + extraSettingsPaths = [ + config.clan.core.vars.generators.zitadel.files.settings.path + ]; + + settings = { + Port = settings.port; + + Database.postgres = { + Host = database.host; + Port = database.port; + Databae = "zitadel"; + User = { + Username = "zitadel"; + }; + Admin = { + Username = "zitadel"; + }; + }; + }; + }; + }) + ]; + }; + }; + }; +} diff --git a/clanServices/identity/flake-module.nix b/clanServices/identity/flake-module.nix new file mode 100644 index 0000000..1dd8972 --- /dev/null +++ b/clanServices/identity/flake-module.nix @@ -0,0 +1,13 @@ +{...}: let + module = ./default.nix; +in { + clan.modules.identity = module; + + # perSystem = {...}: { + # clan.nixosTests.identity = { + # imports = []; + + # clan.modules."@arda/identity" = module; + # }; + # }; +} diff --git a/clanServices/peristence/default.nix b/clanServices/peristence/default.nix index c3b5d9e..9150e75 100644 --- a/clanServices/peristence/default.nix +++ b/clanServices/peristence/default.nix @@ -95,7 +95,7 @@ in { owner = "postgres"; group = "postgres"; mode = "0600"; - restartUnits = ["service.postgresql"]; + restartUnits = ["postgresql.service"]; }; } // password_files; diff --git a/clanServices/servarr/default.nix b/clanServices/servarr/default.nix index ccdbb66..634d4f6 100644 --- a/clanServices/servarr/default.nix +++ b/clanServices/servarr/default.nix @@ -1,8 +1,11 @@ { exports, + clanLib, lib, ... -}: { +}: let + inherit (lib) toString; +in { _class = "clan.service"; manifest = { name = "arda/servarr"; @@ -10,8 +13,8 @@ categories = ["Service" "Media"]; readme = builtins.readFile ./README.md; exports = { - inputs = []; - out = ["servarr" "persistence"]; + inputs = ["persistence"]; + out = ["gateway" "persistence"]; }; }; @@ -24,13 +27,8 @@ options = { enable = mkEnableOption "Enable configured *arr services"; - database = { - host = mkOption { - type = types.str; - }; - port = mkOption { - type = types.port; - }; + persistence_instance = mkOption { + type = types.str; }; services = mkOption { @@ -62,17 +60,25 @@ ... }: { exports = mkExports { + # endpoints.hosts = + # settings.services + # |> lib.attrNames + # |> (s: lib.concat s ["sabnzbd" "qbittorrent" "flaresolverr"]) + # |> lib.map (service: "${service}.${machine.name}.arda"); + persistence.databases = settings.services |> lib.attrNames; - servarr.services = + gateway.services = settings.services |> lib.attrNames - |> lib.concat ["sabnzbd" "qbittorrent" "flaresolverr"] + # |> (s: lib.concat s ["sabnzbd" "qbittorrent" "flaresolverr"]) |> lib.imap1 (i: name: { inherit name; - value = {port = 2000 + i;}; + value = { + port = 2000 + i; + }; }) |> lib.listToAttrs; }; @@ -83,9 +89,20 @@ pkgs, ... }: let - servarr = import ./lib.nix (args // {inherit settings;}); services = settings.services |> lib.attrNames; service_count = services |> lib.length; + + database = + exports + |> clanLib.getExport { + serviceName = "arda/persistence"; + roleName = "default"; + machineName = machine.name; + instanceName = settings.persistence_instance; + } + |> (v: v.persistence.driver.postgresql); + + servarr = import ./lib.nix (args // {inherit settings database;}); in { imports = [ (import ./sabnzbd.nix (args diff --git a/clanServices/servarr/lib.nix b/clanServices/servarr/lib.nix index 0abda3c..5bcd6a5 100644 --- a/clanServices/servarr/lib.nix +++ b/clanServices/servarr/lib.nix @@ -4,6 +4,7 @@ lib, pkgs, settings, + database, ... }: let inherit (lib) mkIf; @@ -51,7 +52,7 @@ in { enable = true; - openFirewall = true; + # openFirewall = true; environmentFiles = [ config.clan.core.vars.generators.${service}.files."config.env".path @@ -61,14 +62,14 @@ auth.authenticationMethod = "External"; server = { - bindaddress = "0.0.0.0"; + bindaddress = "[::1]"; port = options.port; }; # Password provided via environment file postgres = { - host = settings.database.host; - port = toString settings.database.port; + host = database.host; + port = toString database.port; user = service; maindb = service; logdb = service; @@ -322,6 +323,10 @@ in { clan.core.vars.generators.${service} = createGenerator (args // {inherit service options;}); services.${service} = createService (args // {inherit service options;}); + # services.caddy.virtualHosts."${service}.ulmo.arda".extraConfig = '' + # reverse_proxy http://[::1]:${toString options.port} + # ''; + systemd.services."${service}-apply-infra" = lib.mkIf settings.enable (createSystemdService (args // {inherit service options;})); }) |> lib.mkMerge; diff --git a/docs/plans/tagging-strategy.md b/docs/plans/tagging-strategy.md index eb77376..cb217f9 100644 --- a/docs/plans/tagging-strategy.md +++ b/docs/plans/tagging-strategy.md @@ -74,6 +74,56 @@ The intention is: - `capability:*` describes stable machine traits - `operational:*` describes automation-relevant policy or availability behavior +## Tag catalog + +This is the current list of tags discussed so far, grouped by status. + +### Agreed capability tags + +- `capability:runtime:interactive` +- `capability:runtime:headless` +- `capability:hardware:gpu` +- `capability:hardware:audio` +- `capability:hardware:bluetooth` +- `capability:mobility:portable` +- `capability:mobility:stationary` + +### Agreed operational tags + +- `operational:availability:always-on` +- `operational:availability:wake-on-demand` +- `operational:availability:manual` +- `operational:workload:interruptible` + +### Explicitly rejected or deferred + +- GPU vendor-specific tags such as AMD- or NVIDIA-specific variants +- service-presence tags such as Jellyfin, Grafana, Forgejo, or PostgreSQL +- service-topology tags such as NFS producer or consumer +- application-presence tags such as Discord or TeamSpeak +- desktop-environment tags such as Plasma or Gamescope +- location tags such as "living room" unless location later becomes a deliberate scheduling dimension + +## Current static tags in `clan.nix` + +These are the manually assigned tags currently present in the inventory. Settings-derived tags are intentionally not listed here because they are meant to be computed rather than maintained by hand. + +- `mandos` + - `capability:mobility:stationary` + - `operational:availability:wake-on-demand` +- `manwe` + - `capability:mobility:stationary` + - `operational:availability:manual` +- `orome` + - `capability:mobility:portable` + - `operational:availability:manual` +- `tulkas` + - `capability:mobility:portable` + - `operational:availability:manual` +- `ulmo` + - `capability:mobility:stationary` + - `operational:availability:always-on` + ## Capability tags These are the strongest candidates for machine tags. diff --git a/interfaces/gateway.nix b/interfaces/gateway.nix new file mode 100644 index 0000000..5dcdce9 --- /dev/null +++ b/interfaces/gateway.nix @@ -0,0 +1,47 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options = { + services = mkOption { + type = types.attrsOf (types.submodule ({name, ...}: { + options = { + name = mkOption { + type = types.str; + default = name; + }; + + protocol = mkOption { + type = types.str; + default = "http"; + }; + + host = mkOption { + type = types.str; + default = "[::1]"; + }; + + port = mkOption { + type = types.port; + }; + }; + })); + default = {}; + }; + + functions = mkOption { + type = types.attrsOf (types.submodule ({name, ...}: { + options = { + name = mkOption { + type = types.str; + default = name; + }; + + body = mkOption { + type = types.str; + }; + }; + })); + default = {}; + }; + }; +} diff --git a/interfaces/servarr.nix b/interfaces/servarr.nix deleted file mode 100644 index 3cd824a..0000000 --- a/interfaces/servarr.nix +++ /dev/null @@ -1,16 +0,0 @@ -{lib, ...}: let - inherit (lib) mkOption types; -in { - options = { - services = mkOption { - type = types.attrsOf (types.submodule { - options = { - port = mkOption { - type = types.port; - }; - }; - }); - default = {}; - }; - }; -} From a10e74a5964cefcf5e4a7b50d6f504678a88f4c5 Mon Sep 17 00:00:00 2001 From: chris Date: Sun, 5 Apr 2026 12:36:49 +0000 Subject: [PATCH 35/58] chore: update dependencies --- flake.lock | 246 ++++++++++++++++++++++++----------------------------- 1 file changed, 113 insertions(+), 133 deletions(-) diff --git a/flake.lock b/flake.lock index c9df8ee..757ab1e 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1774258552, - "narHash": "sha256-wTJJxhLPr3OHXQ23H9+Ch1YjdlaoMf3605ezfRYLaC4=", - "rev": "28bb98f5aec0ea70b623ab4953eb8186acdb7bba", + "lastModified": 1775389026, + "narHash": "sha256-cHYF7eGiVqgEnIQKs105eV0P5/zOvxl443qO1f5/Bps=", + "rev": "d53f3c0b42400ff608dd468ac33359881baf969e", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/28bb98f5aec0ea70b623ab4953eb8186acdb7bba.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/d53f3c0b42400ff608dd468ac33359881baf969e.tar.gz" }, "original": { "type": "tarball", @@ -125,11 +125,11 @@ ] }, "locked": { - "lastModified": 1774087718, - "narHash": "sha256-UU4KzRMTFJttIoSnRm1SWheFcfAVAsNqG+4JauKib3g=", - "rev": "734047b2dd1e67c3a803999777cdf749f3199342", + "lastModified": 1774796937, + "narHash": "sha256-uDcgnNHK1D2oTHOQKsqQUPdDGMuG94dp3Nv8LsnqkEM=", + "rev": "04e10e10c7b4bbf2930f24d139326707a43cbb54", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/734047b2dd1e67c3a803999777cdf749f3199342.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/04e10e10c7b4bbf2930f24d139326707a43cbb54.tar.gz" }, "original": { "type": "tarball", @@ -163,11 +163,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1773767380, - "narHash": "sha256-fHrKh0/EQlEJe6czXPo9/bw1lki7w0RAGKRqYv/445s=", + "lastModified": 1775241072, + "narHash": "sha256-YpXDFEkd+JjxZOgTnvt5GHvEhORxkAda9Lc1e8e8Ox8=", "owner": "emmanuelrosa", "repo": "erosanix", - "rev": "ada69cf31f7649f8e59fe5376c94f3b0ea38bf37", + "rev": "14ac50e5ddefdb1c5ed66c11d2c6fa68959d690a", "type": "github" }, "original": { @@ -184,11 +184,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1774250935, - "narHash": "sha256-mWID0WFgTnd9hbEeaPNX+YYWF70JN3r7zBouEqERJOE=", + "lastModified": 1775373929, + "narHash": "sha256-Elx3es3UvLova3YBdJTc9rju9ULl9+5XF4K5t5Ejsa8=", "owner": "nix-community", "repo": "fenix", - "rev": "64d7705e8c37d650cfb1aa99c24a8ce46597f29e", + "rev": "221468471f762f355db24ce728012544561650f5", "type": "github" }, "original": { @@ -204,11 +204,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1774141843, - "narHash": "sha256-gpjHyyfLvBLZQiWumOxsfsOxt6KTjNhUOXk+m9ISBHc=", + "lastModified": 1775388520, + "narHash": "sha256-WUnKn7L/yBo7a5xH2UmPvBfYUr3d4Q8EPCz5r09C8Eo=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "3a1fcd6a4dbd617ad2014dd03aa68cdd885d5322", + "rev": "00070174d7a635f5238aee06e4feb481ccc7d9f9", "type": "github" }, "original": { @@ -220,11 +220,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1764873433, - "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", + "lastModified": 1775176642, + "narHash": "sha256-2veEED0Fg7Fsh81tvVDNYR6SzjqQxa7hbi18Jv4LWpM=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", + "rev": "179704030c5286c729b5b0522037d1d51341022c", "type": "github" }, "original": { @@ -320,11 +320,11 @@ ] }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1775087534, + "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", "type": "github" }, "original": { @@ -383,11 +383,11 @@ ] }, "locked": { - "lastModified": 1767609335, - "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "lastModified": 1775087534, + "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", "type": "github" }, "original": { @@ -510,20 +510,18 @@ "gnome-shell": { "flake": false, "locked": { - "host": "gitlab.gnome.org", "lastModified": 1767737596, "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", "owner": "GNOME", "repo": "gnome-shell", "rev": "ef02db02bf0ff342734d525b5767814770d85b49", - "type": "gitlab" + "type": "github" }, "original": { - "host": "gitlab.gnome.org", "owner": "GNOME", - "ref": "gnome-49", "repo": "gnome-shell", - "type": "gitlab" + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", + "type": "github" } }, "grub2-themes": { @@ -551,11 +549,11 @@ ] }, "locked": { - "lastModified": 1773992301, - "narHash": "sha256-lm1qy9P463cblBAFC2g8VaALR1Gje1oyYXCPtiEumus=", + "lastModified": 1775230022, + "narHash": "sha256-FBhkbsqDTULYB1nS92y1CT7qSAM9rUMZR9hS8AvIw24=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "fcb8966990c24f97fe224fa0c8977fe730d4cf50", + "rev": "d700f39281354c0b08cfb9640011a381bed29136", "type": "github" }, "original": { @@ -571,11 +569,11 @@ ] }, "locked": { - "lastModified": 1774210133, - "narHash": "sha256-yeiWCY9aAUUJ3ebMVjs0UZXRnT5x90MCtpbpOWiXrvM=", + "lastModified": 1775360939, + "narHash": "sha256-XUBlSgUFdvTh6+K5LcI5mJu5F5L8scmJDMRiZM484TM=", "owner": "nix-community", "repo": "home-manager", - "rev": "c6fe2944ad9f2444b2d767c4a5edee7c166e8a95", + "rev": "2097a5c82bdc099c6135eae4b111b78124604554", "type": "github" }, "original": { @@ -592,11 +590,11 @@ ] }, "locked": { - "lastModified": 1773422513, - "narHash": "sha256-MPjR48roW7CUMU6lu0+qQGqj92Kuh3paIulMWFZy+NQ=", + "lastModified": 1774991950, + "narHash": "sha256-kScKj3qJDIWuN9/6PMmgy5esrTUkYinrO5VvILik/zw=", "owner": "nix-community", "repo": "home-manager", - "rev": "ef12a9a2b0f77c8fa3dda1e7e494fca668909056", + "rev": "f2d3e04e278422c7379e067e323734f3e8c585a7", "type": "github" }, "original": { @@ -613,11 +611,11 @@ ] }, "locked": { - "lastModified": 1774168156, - "narHash": "sha256-+pwZSARdlM2RQQ6V0q76+WMKW9aNIcxkSOIThcz/f0A=", + "lastModified": 1775287496, + "narHash": "sha256-tCBlt+RP85MLrMYntro/YvG7NWktbmFiyItGBo85Tf8=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "939caad56508542d0f19cab963e2bc693f5f2831", + "rev": "0a7a3feb77606db451aa10287ad4c4c8f85922f8", "type": "github" }, "original": { @@ -632,11 +630,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1773579712, - "narHash": "sha256-cvxFTYuOvvmpLJz5nB8iREmMGsDksY6gmZFf74UKD1Q=", + "lastModified": 1774789463, + "narHash": "sha256-MFraiT8o6manIcEloazGYafji1ua3HJ7Re/A/uauqYA=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "c23c52797845b8e4f273ddb5ccdf8622b5d98284", + "rev": "dc3bd444a2ea0834374b7d759c532f232e144128", "type": "github" }, "original": { @@ -728,11 +726,11 @@ ] }, "locked": { - "lastModified": 1773000227, - "narHash": "sha256-zm3ftUQw0MPumYi91HovoGhgyZBlM4o3Zy0LhPNwzXE=", + "lastModified": 1775037210, + "narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "da529ac9e46f25ed5616fd634079a5f3c579135f", + "rev": "06648f4902343228ce2de79f291dd5a58ee12146", "type": "github" }, "original": { @@ -770,11 +768,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1774060651, - "narHash": "sha256-sZiam+rmNcOZGnlbnqDD9oTwfMdQUM+uQmFqqSoe194=", + "lastModified": 1775359538, + "narHash": "sha256-PbX+bT49p9c7cmT03ufao8tDDEn0Qi7R82R1yXDyk5k=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "46727bd27d32d63069ed26a690554373ae2b4702", + "rev": "bdf703935b0aa47d9de1c6a7536fc76756b044ef", "type": "github" }, "original": { @@ -855,11 +853,11 @@ ] }, "locked": { - "lastModified": 1773882647, - "narHash": "sha256-VzcOcE0LLpEnyoxLuMuptZ9ZWCkSBn99bTgEQoz5Viw=", + "lastModified": 1774972752, + "narHash": "sha256-DnLIpFxznohpLkIFs390uZ0gxwkVyhtknhKNu+lQJK8=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "fd0eae98d1ecee31024271f8d64676250a386ee7", + "rev": "d97e078f4788cddb8d11c3c99f72a4bb9ddec221", "type": "github" }, "original": { @@ -870,11 +868,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1772380631, - "narHash": "sha256-FhW0uxeXjefINP0vUD4yRBB52Us7fXZPk9RiPAopfiY=", + "lastModified": 1775054576, + "narHash": "sha256-iiIr1hlTMu2LLARsUYtiqlE90tqocqIMVLK2fIzB/UY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6d3b61b190a899042ce82a5355111976ba76d698", + "rev": "fc4b9b74d4b0bdbf3c97fef4bd34c05225172912", "type": "github" }, "original": { @@ -886,11 +884,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1773538553, - "narHash": "sha256-hohiyWALn8cXqk3FPnE3UADy03lRMaTV5iRzKCU86zM=", + "lastModified": 1774748309, + "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a5ed666a3c206de0019b4c9dafc3a51f352bc7e3", + "rev": "333c4e0545a6da976206c74db8773a1645b5870a", "type": "github" }, "original": { @@ -901,11 +899,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1773840656, - "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=", + "lastModified": 1775126147, + "narHash": "sha256-J0dZU4atgcfo4QvM9D92uQ0Oe1eLTxBVXjJzdEMQpD0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512", + "rev": "8d8c1fa5b412c223ffa47410867813290cdedfef", "type": "github" }, "original": { @@ -917,11 +915,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "lastModified": 1775036866, + "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", "type": "github" }, "original": { @@ -933,11 +931,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1774106199, - "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "lastModified": 1775371993, + "narHash": "sha256-shlcgEOzW6rl7zmZeYBMP9EpF3O/cTL7/HpWlyqearw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "rev": "ff2af6f7ebc6c123603d5689aeea6461290f46b5", "type": "github" }, "original": { @@ -980,11 +978,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1774259547, - "narHash": "sha256-5EQ1TL+R/tcsoGas1oALp5Tj2ACfSul+pfrrxP72xC0=", + "lastModified": 1775391773, + "narHash": "sha256-8h0YBzKR6kf+68qnZtZnC6GhTf2XAilTQ9F/tm5JDWs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3f8d82c4c685fb6f3080745dab8f07606ae50d3", + "rev": "728629d3d4797ab52406df91b319c07a7d2ce479", "type": "github" }, "original": { @@ -1028,11 +1026,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1774106199, - "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "lastModified": 1775036866, + "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", "type": "github" }, "original": { @@ -1044,11 +1042,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1771008912, - "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a82ccc39b39b621151d6732718e3e250109076fa", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", "type": "github" }, "original": { @@ -1070,11 +1068,11 @@ ] }, "locked": { - "lastModified": 1767810917, - "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", + "lastModified": 1775228139, + "narHash": "sha256-ebbeHmg+V7w8050bwQOuhmQHoLOEOfqKzM1KgCTexK4=", "owner": "nix-community", "repo": "NUR", - "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", + "rev": "601971b9c89e0304561977f2c28fa25e73aa7132", "type": "github" }, "original": { @@ -1093,11 +1091,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1774224548, - "narHash": "sha256-g45WZAZHNc7wJBkK4IdB5dq0Bh0JE7G0gcY2H5DFi44=", + "lastModified": 1775122065, + "narHash": "sha256-ZlowJNkQOhpsXDuWbHgB1xY6W8kyzYn9coK9nJsqqNg=", "owner": "notashelf", "repo": "nvf", - "rev": "edfb73fa4ced576f587d259a70a513b4152f8cea", + "rev": "d3304af3d5771e8d5bac6ee9bbdbce56086d54f7", "type": "github" }, "original": { @@ -1116,11 +1114,11 @@ ] }, "locked": { - "lastModified": 1772361940, - "narHash": "sha256-B1Cz+ydL1iaOnGlwOFld/C8lBECPtzhiy/pP93/CuyY=", + "lastModified": 1774915545, + "narHash": "sha256-COT4l/+ZddGBvrDVfPf7MEOJxV8EDKame6/aRnNIKcY=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "a4b33606111c9c5dcd10009042bb710307174f51", + "rev": "f3177b3c69fb3f03201098d7fe8ab6422cce7fc1", "type": "github" }, "original": { @@ -1158,11 +1156,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1774221325, - "narHash": "sha256-aEIdkqB8gtQZtEbogdUb5iyfcZpKIlD3FkG8ANu73/I=", + "lastModified": 1775228522, + "narHash": "sha256-+6eTD6EAabjow5gdjWRP6aI2UUwOZJEjzzsvvbVu8f8=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "b42b63f390a4dab14e6efa34a70e67f5b087cc62", + "rev": "f4b77dc99d9925667246e2887783b79bdc46a50d", "type": "github" }, "original": { @@ -1202,11 +1200,11 @@ ] }, "locked": { - "lastModified": 1774154798, - "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=", + "lastModified": 1775365543, + "narHash": "sha256-f50qrK0WwZ9z5EdaMGWOTtALgSF7yb7XwuE7LjCuDmw=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170", + "rev": "a4ee2de76efb759fe8d4868c33dec9937897916f", "type": "github" }, "original": { @@ -1220,11 +1218,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1774154798, - "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=", + "lastModified": 1775365543, + "narHash": "sha256-f50qrK0WwZ9z5EdaMGWOTtALgSF7yb7XwuE7LjCuDmw=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170", + "rev": "a4ee2de76efb759fe8d4868c33dec9937897916f", "type": "github" }, "original": { @@ -1245,18 +1243,17 @@ "nixpkgs": "nixpkgs_11", "nur": "nur", "systems": "systems_6", - "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", "tinted-tmux": "tinted-tmux", "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1774124764, - "narHash": "sha256-Poz9WTjiRlqZIf197CrMMJfTifZhrZpbHFv0eU1Nhtg=", + "lastModified": 1775247334, + "narHash": "sha256-eVKt8wpQqg6Hq/UdHQkV1izXGloGQxdlE4SSk9/X27s=", "owner": "nix-community", "repo": "stylix", - "rev": "e31c79f571c5595a155f84b9d77ce53a84745494", + "rev": "6d0502ef7447090abf8b00362b5cda8ac64595b4", "type": "github" }, "original": { @@ -1392,23 +1389,6 @@ "type": "github" } }, - "tinted-foot": { - "flake": false, - "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - } - }, "tinted-kitty": { "flake": false, "locked": { @@ -1428,11 +1408,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1767710407, - "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", + "lastModified": 1772661346, + "narHash": "sha256-4eu3LqB9tPqe0Vaqxd4wkZiBbthLbpb7llcoE/p5HT0=", "owner": "tinted-theming", "repo": "schemes", - "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", + "rev": "13b5b0c299982bb361039601e2d72587d6846294", "type": "github" }, "original": { @@ -1444,11 +1424,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1767489635, - "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", + "lastModified": 1772934010, + "narHash": "sha256-x+6+4UvaG+RBRQ6UaX+o6DjEg28u4eqhVRM9kpgJGjQ=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", + "rev": "c3529673a5ab6e1b6830f618c45d9ce1bcdd829d", "type": "github" }, "original": { @@ -1460,11 +1440,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1767488740, - "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", + "lastModified": 1772909925, + "narHash": "sha256-jx/5+pgYR0noHa3hk2esin18VMbnPSvWPL5bBjfTIAU=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", + "rev": "b4d3a1b3bcbd090937ef609a0a3b37237af974df", "type": "github" }, "original": { @@ -1481,11 +1461,11 @@ ] }, "locked": { - "lastModified": 1773297127, - "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", + "lastModified": 1775125835, + "narHash": "sha256-2qYcPgzFhnQWchHo0SlqLHrXpux5i6ay6UHA+v2iH4U=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", + "rev": "75925962939880974e3ab417879daffcba36c4a3", "type": "github" }, "original": { @@ -1502,11 +1482,11 @@ ] }, "locked": { - "lastModified": 1774242250, - "narHash": "sha256-pchbnY7KVnH26g4O3LZO8vpshInqNj937gAqlPob1Mk=", + "lastModified": 1775367672, + "narHash": "sha256-nGC6qrRsWysfR7/8wsSooq0X71rfJjhq1b+dFI6oQtY=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "f19c3e6683c2d2f3fcfcb88fb691931a104bc47c", + "rev": "33cd729244914f1e121477c5de148639c5e73c4a", "type": "github" }, "original": { From 7b37c0e9c3f0851322189763be6f47a4655d3075 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Sun, 5 Apr 2026 16:05:01 +0200 Subject: [PATCH 36/58] various fixes --- modules/nixos/services/media/servarr/default.nix | 1 + .../nixos/services/networking/caddy/default.nix | 14 ++++---------- .../services/security/vaultwarden/default.nix | 2 +- 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index c7a066c..a98399d 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -103,6 +103,7 @@ in { port = 2009; host_whitelist = "${config.networking.hostName}"; + permissions = "770"; download_dir = "/var/media/downloads/incomplete"; complete_dir = "/var/media/downloads/done"; }; diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix index ec9df3a..e18a707 100644 --- a/modules/nixos/services/networking/caddy/default.nix +++ b/modules/nixos/services/networking/caddy/default.nix @@ -10,15 +10,6 @@ cfg = config.${namespace}.services.networking.caddy; hasHosts = (cfg.hosts |> attrNames |> length) > 0; - caddyBase = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/package.nix" { - buildGo125Module = pkgs.buildGo126Module; - caddy = caddyBase; - }; - caddyPackage = - caddyBase.withPlugins { - plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; - hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; - }; in { options.${namespace}.services.networking.caddy = { enable = mkEnableOption "enable caddy" // {default = true;}; @@ -36,7 +27,10 @@ in { services.caddy = { enable = cfg.enable; - package = caddyPackage; + package = pkgs.caddy.withPlugins { + plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; + hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; + }; virtualHosts = cfg.hosts diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden/default.nix index 7dce380..089c945 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden/default.nix @@ -118,7 +118,7 @@ in { enable = true; dbBackend = "postgresql"; - package = pkgs.${namespace}.vaultwarden; + package = pkgs.vaultwarden-postgresql; config = { SIGNUPS_ALLOWED = false; From 5c1e6807b669d6c49aaac8b4583e61e0860653c9 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Sun, 5 Apr 2026 20:18:07 +0200 Subject: [PATCH 37/58] checkpoint --- clan.nix | 149 +++++++++++++- clanServices/identity/default.nix | 313 +++++++++++++++++++++++++++++- 2 files changed, 451 insertions(+), 11 deletions(-) diff --git a/clan.nix b/clan.nix index f0ec880..1b02304 100644 --- a/clan.nix +++ b/clan.nix @@ -141,6 +141,16 @@ }; }; + persistence = { + module = { + name = "persistence"; + input = "self"; + }; + + # TODO :: Convert to use tags instead + roles.default.tags = ["operational:availability:always-on" "operational:storage:large"]; + }; + identity = { module = { name = "identity"; @@ -151,20 +161,139 @@ tags = ["operational:availability:always-on"]; settings = { + persistence_instance = "persistence"; + + organization = { + nix = { + user = { + chris = { + email = "chris@kruining.eu"; + firstName = "Chris"; + lastName = "Kruining"; + + roles = ["ORG_OWNER"]; + instanceRoles = ["IAM_OWNER"]; + }; + + kaas = { + email = "chris+kaas@kruining.eu"; + firstName = "Kaas"; + lastName = "Kruining"; + }; + }; + + project = { + ulmo = { + projectRoleCheck = true; + projectRoleAssertion = true; + hasProjectCheck = true; + + role = { + jellyfin = { + group = "jellyfin"; + }; + jellyfin_admin = { + group = "jellyfin"; + }; + }; + + assign = { + chris = ["jellyfin" "jellyfin_admin"]; + kaas = ["jellyfin"]; + }; + + application = { + jellyfin = { + redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + forgejo = { + redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + vaultwarden = { + redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + exportMap = { + client_id = "SSO_CLIENT_ID"; + client_secret = "SSO_CLIENT_SECRET"; + }; + }; + + matrix = { + redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + mydia = { + redirectUris = ["http://localhost:2010/auth/oidc/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + grafana = { + redirectUris = ["http://localhost:9001/login/generic_oauth"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + }; + }; + + convex = { + projectRoleCheck = true; + projectRoleAssertion = true; + hasProjectCheck = true; + + application = { + scry = { + redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + }; + }; + }; + + action = { + flattenRoles = { + script = '' + (ctx, api) => { + if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { + return; + } + + const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); + + api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); + }; + ''; + }; + }; + + triggers = [ + { + flowType = "customiseToken"; + triggerType = "preUserinfoCreation"; + actions = ["flattenRoles"]; + } + { + flowType = "customiseToken"; + triggerType = "preAccessTokenCreation"; + actions = ["flattenRoles"]; + } + ]; + }; + }; }; }; }; - persistence = { - module = { - name = "persistence"; - input = "self"; - }; - - # TODO :: Convert to use tags instead - roles.default.tags = ["operational:availability:always-on" "operational:storage:large"]; - }; - servarr = { module = { name = "servarr"; diff --git a/clanServices/identity/default.nix b/clanServices/identity/default.nix index 1c07781..7def487 100644 --- a/clanServices/identity/default.nix +++ b/clanServices/identity/default.nix @@ -22,7 +22,7 @@ in { description = ''''; interface = {lib, ...}: let - inherit (lib) mkOption types; + inherit (lib) mkOption types toSentenceCase literalExpression; in { options = { driver = mkOption { @@ -30,16 +30,308 @@ in { default = "zitadel"; }; + persistence_instance = mkOption { + type = types.str; + }; + port = mkOption { type = types.port; default = 9092; }; + + organization = mkOption { + type = types.attrsOf (types.submodule ({ name, ... }: { + options = + let + org = name; + in + { + isDefault = mkOption { + type = types.bool; + default = false; + example = "true"; + description = '' + True sets the '${org}' org as default org for the instance. Only one org can be default org. + Nothing happens if you set it to false until you set another org as default org. + ''; + }; + + project = mkOption { + default = {}; + type = types.attrsOf (types.submodule { + options = { + hasProjectCheck = mkOption { + type = types.bool; + default = false; + example = "true"; + description = '' + ZITADEL checks if the org of the user has permission to this project. + ''; + }; + + privateLabelingSetting = mkOption { + type = types.nullOr (types.enum [ "unspecified" "enforceProjectResourceOwnerPolicy" "allowLoginUserResourceOwnerPolicy" ]); + default = null; + example = "enforceProjectResourceOwnerPolicy"; + description = '' + Defines from where the private labeling should be triggered, + + supported values: + - unspecified + - enforceProjectResourceOwnerPolicy + - allowLoginUserResourceOwnerPolicy + ''; + }; + + projectRoleAssertion = mkOption { + type = types.bool; + default = false; + example = "true"; + description = '' + Describes if roles of user should be added in token. + ''; + }; + + projectRoleCheck = mkOption { + type = types.bool; + default = false; + example = "true"; + description = '' + ZITADEL checks if the user has at least one on this project. + ''; + }; + + role = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ name, ... }: { + options = + let + roleName = name; + in + { + displayName = mkOption { + type = types.str; + default = toSentenceCase name; + example = "RoleName"; + description = '' + Name used for project role. + ''; + }; + + group = mkOption { + type = types.nullOr types.str; + default = null; + example = "some_group"; + description = '' + Group used for project role. + ''; + }; + }; + })); + }; + + assign = mkOption { + default = {}; + type = types.attrsOf (types.listOf types.str); + }; + + application = mkOption { + default = {}; + type = types.attrsOf (types.submodule { + options = { + redirectUris = mkOption { + type = types.nonEmptyListOf types.str; + example = '' + [ "https://example.com/redirect/url" ] + ''; + description = '' + . + ''; + }; + + grantTypes = mkOption { + type = types.nonEmptyListOf (types.enum [ "authorizationCode" "implicit" "refreshToken" "deviceCode" "tokenExchange" ]); + example = '' + [ "authorizationCode" ] + ''; + description = '' + . + ''; + }; + + responseTypes = mkOption { + type = types.nonEmptyListOf (types.enum [ "code" "idToken" "idTokenToken" ]); + example = '' + [ "code" ] + ''; + description = '' + . + ''; + }; + + exportMap = + let + strOpt = mkOption { type = types.nullOr types.str; default = null; }; + in + mkOption { + type = types.submodule { options = { client_id = strOpt; client_secret = strOpt; }; }; + default = {}; + example = literalExpression '' + { + client_id = "SSO_CLIENT_ID"; + client_secret = "SSO_CLIENT_SECRET"; + } + ''; + description = '' + Remap the outputted variables to another key. + ''; + }; + }; + }); + }; + }; + }); + }; + + user = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ name, ... }: { + options = + let + username = name; + in + { + email = mkOption { + type = types.str; + example = "someone@some.domain"; + description = '' + Username. + ''; + }; + + userName = mkOption { + type = types.nullOr types.str; + default = username; + example = "some_user_name"; + description = '' + Username. Default value is the key of the config object you created, you can overwrite that by setting this option + ''; + }; + + firstName = mkOption { + type = types.str; + example = "John"; + description = '' + First name of the user. + ''; + }; + + lastName = mkOption { + type = types.str; + example = "Doe"; + description = '' + Last name of the user. + ''; + }; + + roles = mkOption { + type = types.listOf types.str; + default = []; + example = "[ \"ORG_OWNER\" ]"; + description = '' + List of roles granted to organisation. + ''; + }; + + instanceRoles = mkOption { + type = types.listOf types.str; + default = []; + example = "[ \"IAM_OWNER\" ]"; + description = '' + List of roles granted to instance. + ''; + }; + }; + })); + }; + + action = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ name, ... }: { + options = { + script = mkOption { + type = types.str; + example = '' + (ctx, api) => { + api.v1.claims.setClaim('some_claim', 'some_value'); + }; + ''; + description = '' + The script to run. This must be a function that receives 2 parameters, and returns void. During the creation of the action's script this module simly does `const {{name}} = {{script}}`. + ''; + }; + + timeout = mkOption { + type = (types.ints.between 0 20); + default = 10; + example = "10"; + description = '' + After which time the action will be terminated if not finished. + ''; + }; + + allowedToFail = mkOption { + type = types.bool; + default = true; + example = "true"; + description = '' + Allowed to fail. + ''; + }; + }; + })); + }; + + triggers = mkOption { + default = []; + type = types.listOf (types.submodule { + options = { + flowType = mkOption { + type = types.enum [ "authentication" "customiseToken" "internalAuthentication" "samlResponse" ]; + example = "customiseToken"; + description = '' + Type of the flow to which the action triggers belong. + ''; + }; + + triggerType = mkOption { + type = types.enum [ "postAuthentication" "preCreation" "postCreation" "preUserinfoCreation" "preAccessTokenCreation" "preSamlResponse" ]; + example = "postAuthentication"; + description = '' + Trigger type on when the actions get triggered. + ''; + }; + + actions = mkOption { + type = types.nonEmptyListOf types.str; + example = ''[ "action_name" ]''; + description = '' + Names of actions to trigger + ''; + }; + }; + }); + }; + }; + })); + }; }; }; perInstance = { mkExports, settings, + machine, ... }: let database = @@ -117,6 +409,19 @@ in { settings = { Port = settings.port; + ExternalDomain = "auth.kruining.eu"; + ExternalPort = 443; + ExternalSecure = true; + + Metrics.Type = "otel"; + Tracing.Type = "otel"; + Telemetry.Enabled = true; + + SystemDefaults = { + PasswordHasher.Hasher.Algorithm = "argon2id"; + SecretHasher.Hasher.Algorithm = "argon2id"; + }; + Database.postgres = { Host = database.host; Port = database.port; @@ -129,6 +434,12 @@ in { }; }; }; + + steps = { + InstanceName = "eu"; + + MachineKeyPath = "/var/lib/zitadel/machine-key.json"; + } }; }) ]; From cf9dcf256847a642f10ea4a22948926824e77178 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Tue, 7 Apr 2026 15:23:11 +0200 Subject: [PATCH 38/58] kaas --- clan/flake-module.nix | 43 ++++++ clan.nix => clan/instances.nix | 126 ++++-------------- {interfaces => clan/interfaces}/gateway.nix | 27 ++-- .../interfaces}/persistence.nix | 6 +- clan/machines.nix | 75 +++++++++++ clan/tags.nix | 12 ++ clan/types/endpoint.nix | 44 ++++++ clanServices/identity/default.nix | 30 +++-- clanServices/peristence/default.nix | 1 - clanServices/servarr/default.nix | 6 +- flake.nix | 2 +- machines/default.nix | 9 -- 12 files changed, 244 insertions(+), 137 deletions(-) create mode 100644 clan/flake-module.nix rename clan.nix => clan/instances.nix (72%) rename {interfaces => clan/interfaces}/gateway.nix (58%) rename {interfaces => clan/interfaces}/persistence.nix (71%) create mode 100644 clan/machines.nix create mode 100644 clan/tags.nix create mode 100644 clan/types/endpoint.nix delete mode 100644 machines/default.nix diff --git a/clan/flake-module.nix b/clan/flake-module.nix new file mode 100644 index 0000000..16a10f4 --- /dev/null +++ b/clan/flake-module.nix @@ -0,0 +1,43 @@ +{ + lib, + inputs, + ... +}: { + imports = [ + ./machines.nix + ./tags.nix + ./instances.nix + ]; + + clan = { + meta = { + name = "arda"; + domain = "arda"; + description = "My personal machines at home"; + }; + + directory = ../.; + + specialArgs = { + ardaLib = { + types = + ./types + |> (inputs.import-tree.withLib lib).leafs + |> lib.map (mod: { + name = mod |> lib.baseNameOf |> lib.splitString "." |> lib.head; + value = lib.types.submoduleWith {modules = [mod];}; + }) + |> lib.listToAttrs; + }; + }; + + exportInterfaces = + ./interfaces + |> (inputs.import-tree.withLib lib).leafs + |> lib.map (mod: { + name = mod |> lib.baseNameOf |> lib.splitString "." |> lib.head; + value = import mod; + }) + |> lib.listToAttrs; + }; +} diff --git a/clan.nix b/clan/instances.nix similarity index 72% rename from clan.nix rename to clan/instances.nix index 1b02304..57d06f6 100644 --- a/clan.nix +++ b/clan/instances.nix @@ -1,103 +1,19 @@ { - meta = { - name = "arda"; - domain = "arda"; - description = "My personal machines at home"; - }; - - directory = ./.; - - exportInterfaces = { - persistence = import ./interfaces/persistence.nix; - gateway = import ./interfaces/gateway.nix; - }; - - inventory.machines = { - aule = { - name = "aule"; - description = "Planned build server."; - machineClass = "nixos"; - tags = []; - }; - mandos = { - name = "mandos"; - description = "Living room Steam box."; - machineClass = "nixos"; - tags = [ - "capability:mobility:stationary" - "operational:availability:wake-on-demand" - ]; - }; - manwe = { - name = "manwe"; - description = "Main desktop."; - machineClass = "nixos"; - tags = [ - "capability:mobility:stationary" - "operational:availability:manual" - ]; - }; - melkor = { - name = "melkor"; - description = "Planned machine with no defined role yet."; - machineClass = "nixos"; - tags = []; - }; - orome = { - name = "orome"; - description = "Work laptop."; - machineClass = "nixos"; - tags = [ - "capability:mobility:portable" - "operational:availability:manual" - ]; - }; - tulkas = { - name = "tulkas"; - description = "Steam Deck."; - machineClass = "nixos"; - tags = [ - "capability:mobility:portable" - "operational:availability:manual" - ]; - }; - ulmo = { - name = "ulmo"; - description = "Primary self-hosted services machine."; - machineClass = "nixos"; - tags = [ - "capability:mobility:stationary" - "operational:availability:always-on" - "operational:storage:large" - "operational:role:gateway" - ]; - }; - varda = { - name = "varda"; - description = "Planned machine with no defined role yet."; - machineClass = "nixos"; - tags = []; - }; - yavanna = { - name = "yavanna"; - description = "Planned machine with no defined role yet."; - machineClass = "nixos"; - tags = []; - }; - }; - - inventory.tags = { - config, - machines, - ... - }: { - # tag_name = [ "list" "of" "machines" ] - "capability:hardware:gpu" = [""]; - "capability:hardware:audio" = [""]; - "capability:hardware:bluetooth" = [""]; - }; - - inventory.instances = { + self, + inputs, + ... +}: let + db = + self.clan.exports + |> inputs.clan-core.lib.getExport { + serviceName = "arda/persistence"; + roleName = "default"; + machineName = "ulmo"; + instanceName = "persistence"; + } + |> (v: v.persistence.driver.${v.persistence.main}); +in { + clan.inventory.instances = { users-chris = { module = { name = "users"; @@ -137,6 +53,12 @@ settings = { driver = "caddy"; + + hosts = { + "auth.kruining.eu" = '' + reverse_proxy h2c://[::1]:9092 + ''; + }; }; }; }; @@ -147,7 +69,6 @@ input = "self"; }; - # TODO :: Convert to use tags instead roles.default.tags = ["operational:availability:always-on" "operational:storage:large"]; }; @@ -161,7 +82,7 @@ tags = ["operational:availability:always-on"]; settings = { - persistence_instance = "persistence"; + database = db; organization = { nix = { @@ -305,8 +226,7 @@ settings = { enable = true; - - persistence_instance = "persistence"; + database = db; services = { sonarr = { diff --git a/interfaces/gateway.nix b/clan/interfaces/gateway.nix similarity index 58% rename from interfaces/gateway.nix rename to clan/interfaces/gateway.nix index 5dcdce9..8353ae6 100644 --- a/interfaces/gateway.nix +++ b/clan/interfaces/gateway.nix @@ -10,19 +10,26 @@ in { default = name; }; - protocol = mkOption { - type = types.str; - default = "http"; + endpoint = mkOption { + type = types.submoduleWith { + modules = [../types/endpoint.nix]; + }; + default = name; }; - host = mkOption { - type = types.str; - default = "[::1]"; - }; + # protocol = mkOption { + # type = types.str; + # default = "http"; + # }; - port = mkOption { - type = types.port; - }; + # host = mkOption { + # type = types.str; + # default = "[::1]"; + # }; + + # port = mkOption { + # type = types.port; + # }; }; })); default = {}; diff --git a/interfaces/persistence.nix b/clan/interfaces/persistence.nix similarity index 71% rename from interfaces/persistence.nix rename to clan/interfaces/persistence.nix index 0d0841d..878d4c5 100644 --- a/interfaces/persistence.nix +++ b/clan/interfaces/persistence.nix @@ -8,7 +8,11 @@ in { }; driver = mkOption { - type = types.attrsOf types.anything; + type = types.attrsOf (types.submoduleWith { + modules = [ + ../types/endpoint.nix + ]; + }); default = {}; }; diff --git a/clan/machines.nix b/clan/machines.nix new file mode 100644 index 0000000..f838aeb --- /dev/null +++ b/clan/machines.nix @@ -0,0 +1,75 @@ +{...}: { + clan.inventory.machines = { + aule = { + name = "aule"; + description = "Planned build server."; + machineClass = "nixos"; + tags = []; + }; + mandos = { + name = "mandos"; + description = "Living room Steam box."; + machineClass = "nixos"; + tags = [ + "capability:mobility:stationary" + "operational:availability:wake-on-demand" + ]; + }; + manwe = { + name = "manwe"; + description = "Main desktop."; + machineClass = "nixos"; + tags = [ + "capability:mobility:stationary" + "operational:availability:manual" + ]; + }; + melkor = { + name = "melkor"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + orome = { + name = "orome"; + description = "Work laptop."; + machineClass = "nixos"; + tags = [ + "capability:mobility:portable" + "operational:availability:manual" + ]; + }; + tulkas = { + name = "tulkas"; + description = "Steam Deck."; + machineClass = "nixos"; + tags = [ + "capability:mobility:portable" + "operational:availability:manual" + ]; + }; + ulmo = { + name = "ulmo"; + description = "Primary self-hosted services machine."; + machineClass = "nixos"; + tags = [ + "capability:mobility:stationary" + "operational:availability:always-on" + "operational:storage:large" + "operational:role:gateway" + ]; + }; + varda = { + name = "varda"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + yavanna = { + name = "yavanna"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + }; +} diff --git a/clan/tags.nix b/clan/tags.nix new file mode 100644 index 0000000..1c5256c --- /dev/null +++ b/clan/tags.nix @@ -0,0 +1,12 @@ +{...}: { + clan.inventory.tags = { + config, + machines, + ... + }: { + # tag_name = [ "list" "of" "machines" ] + "capability:hardware:gpu" = [""]; + "capability:hardware:audio" = [""]; + "capability:hardware:bluetooth" = [""]; + }; +} diff --git a/clan/types/endpoint.nix b/clan/types/endpoint.nix new file mode 100644 index 0000000..a3f82ae --- /dev/null +++ b/clan/types/endpoint.nix @@ -0,0 +1,44 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options = { + host = mkOption { + type = types.str; + default = "localhost"; + }; + + port = mkOption { + type = types.port; + }; + + protocol = mkOption { + type = types.nullOr types.str; + default = null; + }; + + user = mkOption { + type = types.nullOr types.str; + default = null; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + }; + + path = mkOption { + type = types.nullOr types.str; + default = null; + }; + + query = mkOption { + type = types.nullOr (types.attrsOf types.str); + default = null; + }; + + hash = mkOption { + type = types.nullOr (types.attrsOf types.str); + default = null; + }; + }; +} diff --git a/clanServices/identity/default.nix b/clanServices/identity/default.nix index 7def487..caaf194 100644 --- a/clanServices/identity/default.nix +++ b/clanServices/identity/default.nix @@ -14,7 +14,7 @@ in { readme = builtins.readFile ./README.md; exports = { inputs = ["persistence"]; - out = ["gateway"]; + out = ["gateway" "persistence"]; }; }; @@ -30,8 +30,8 @@ in { default = "zitadel"; }; - persistence_instance = mkOption { - type = types.str; + database = mkOption { + type = types.anything; #ardaLib.types.endpoint; }; port = mkOption { @@ -345,7 +345,19 @@ in { |> (v: v.persistence.driver.postgresql); in { exports = mkExports { - gateway.services.identity = {port = settings.port;}; + gateway = { + services.identity = {endpoint.port = settings.port;}; + functions.auth = { + body = '' + forward_auth h2c://[::1]:${toString settings.port} { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } + ''; + }; + }; + + persistence.databases = ["zitadel"]; }; nixosModule = { @@ -423,8 +435,8 @@ in { }; Database.postgres = { - Host = database.host; - Port = database.port; + Host = settings.database.host; + Port = settings.database.port; Databae = "zitadel"; User = { Username = "zitadel"; @@ -434,12 +446,12 @@ in { }; }; }; - + steps = { InstanceName = "eu"; - + MachineKeyPath = "/var/lib/zitadel/machine-key.json"; - } + }; }; }) ]; diff --git a/clanServices/peristence/default.nix b/clanServices/peristence/default.nix index 9150e75..a06e73a 100644 --- a/clanServices/peristence/default.nix +++ b/clanServices/peristence/default.nix @@ -52,7 +52,6 @@ in { driver.postgresql = { host = "localhost"; port = settings.port; - databases = requested_databases; }; }; }; diff --git a/clanServices/servarr/default.nix b/clanServices/servarr/default.nix index 634d4f6..e86bf2e 100644 --- a/clanServices/servarr/default.nix +++ b/clanServices/servarr/default.nix @@ -27,8 +27,8 @@ in { options = { enable = mkEnableOption "Enable configured *arr services"; - persistence_instance = mkOption { - type = types.str; + database = mkOption { + type = types.anything; #ardaLib.types.endpoint; }; services = mkOption { @@ -77,7 +77,7 @@ in { |> lib.imap1 (i: name: { inherit name; value = { - port = 2000 + i; + endpoint.port = 2000 + i; }; }) |> lib.listToAttrs; diff --git a/flake.nix b/flake.nix index 7f59c27..272314a 100644 --- a/flake.nix +++ b/flake.nix @@ -103,12 +103,12 @@ }: flake-parts.lib.mkFlake {inherit inputs;} { systems = import systems; - clan = import ./clan.nix; imports = with inputs; [ flake-parts.flakeModules.modules clan-core.flakeModules.default home-manager.flakeModules.default + ./clan/flake-module.nix ./packages/flake-module.nix ./clanServices/flake-module.nix ]; diff --git a/machines/default.nix b/machines/default.nix deleted file mode 100644 index 37086fa..0000000 --- a/machines/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{baseNixosModules, lib, sharedContext, ...}: { - clan = - (import ../clan.nix { - inherit baseNixosModules lib; - }) - // { - specialArgs = sharedContext; - }; -} From 59e8ca812c06bb0dae11636bb12602e69660b46e Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Sun, 12 Apr 2026 13:02:57 +0200 Subject: [PATCH 39/58] . --- packages/flake-module.nix | 1 - packages/vaultwarden/default.nix | 28 ---------------------------- script/.shared/pwgen | 3 --- script/qbittorrent/hash.py | 19 ------------------- script/qbittorrent/password | 3 --- script/qbittorrent/password_hash | 3 --- 6 files changed, 57 deletions(-) delete mode 100644 packages/vaultwarden/default.nix delete mode 100644 script/.shared/pwgen delete mode 100644 script/qbittorrent/hash.py delete mode 100644 script/qbittorrent/password delete mode 100644 script/qbittorrent/password_hash diff --git a/packages/flake-module.nix b/packages/flake-module.nix index c6a1225..dfe7214 100644 --- a/packages/flake-module.nix +++ b/packages/flake-module.nix @@ -8,7 +8,6 @@ }: { packages = { studio = pkgs.callPackage ./studio {erosanix = inputs.erosanix.lib.${system};}; - vaultwarden = pkgs.callPackage ./vaultwarden {}; }; }; } diff --git a/packages/vaultwarden/default.nix b/packages/vaultwarden/default.nix deleted file mode 100644 index c4642fd..0000000 --- a/packages/vaultwarden/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{lib, stdenv, rustPlatform, fetchFromGitHub, openssl, pkg-config, postgresql, dbBackend ? "postgresql", ...}: -rustPlatform.buildRustPackage rec { - pname = "vaultwarden"; - version = "1.34.3"; - - src = fetchFromGitHub { - owner = "Timshel"; - repo = "vaultwarden"; - rev = "1.34.3"; - hash = "sha256-Dj0ySVRvBZ/57+UHas3VI8bi/0JBRqn0IW1Dq+405J0="; - }; - - cargoHash = "sha256-4sDagd2XGamBz1XvDj4ycRVJ0F+4iwHOPlj/RglNDqE="; - - env.VW_VERSION = version; - - nativeBuildInputs = [pkg-config]; - buildInputs = - [openssl] - ++ lib.optional (dbBackend == "postgresql") postgresql; - - buildFeatures = dbBackend; - - meta = with lib; { - license = licenses.agpl3Only; - mainProgram = "vaultwarden"; - }; -} diff --git a/script/.shared/pwgen b/script/.shared/pwgen deleted file mode 100644 index 85fc69f..0000000 --- a/script/.shared/pwgen +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -pwgen -s 128 1 diff --git a/script/qbittorrent/hash.py b/script/qbittorrent/hash.py deleted file mode 100644 index a92343f..0000000 --- a/script/qbittorrent/hash.py +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/bash - -import base64 -import hashlib -import sys -import uuid - -password = sys.argv[1] -salt = uuid.uuid4() -salt_bytes = salt.bytes - -password = str.encode(password) -hashed_password = hashlib.pbkdf2_hmac("sha512", password, salt_bytes, 100000, dklen=64) -b64_salt = base64.b64encode(salt_bytes).decode("utf-8") -b64_password = base64.b64encode(hashed_password).decode("utf-8") -password_string = "@ByteArray({salt}:{password})".format( - salt=b64_salt, password=b64_password -) -print(password_string) diff --git a/script/qbittorrent/password b/script/qbittorrent/password deleted file mode 100644 index 85fc69f..0000000 --- a/script/qbittorrent/password +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -pwgen -s 128 1 diff --git a/script/qbittorrent/password_hash b/script/qbittorrent/password_hash deleted file mode 100644 index 86ba315..0000000 --- a/script/qbittorrent/password_hash +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -python ./hash.py "$(just vars get ulmo qbittorrent/password | jq -r)" From 352569fd8bd25a29b008972d7d30b05e898010c5 Mon Sep 17 00:00:00 2001 From: chris Date: Sun, 12 Apr 2026 12:03:43 +0000 Subject: [PATCH 40/58] chore(secrets): set secret "backup/ssh-key" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 005042c..7d44c82 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -40,6 +40,8 @@ coturn: qbittorrent: password: ENC[AES256_GCM,data:LIDxh0Ni0JgQGWFix/Ihw7IlUPgzMhrMlWNP5LKkAnEM6EoqA9kFwiPeizB0CZ20+vSqRiL9fikBf8qGLA17L7AKh8I4OTFDlpKpMRtRlMq9S5UBEyOqtOMcvkCSf6/qGoORd1KJSlaitZk47SYRuccOpy/2vAvbMRdLm0SYEqc=,iv:tQdN1N9kXoq7OZbR2eYyy50FltsMAAUI4Lr7U4/SpJE=,tag:3ZOLvjHXD7i7WFy1/Ggqtg==,type:str] password_hash: ENC[AES256_GCM,data:urufJbSErLqPdU6jLLZk+27fe4k+cKLXcGRGSqroUDdGMzDnhSF+ZWuPxwDlJQR3ws2GnuiEASncwNO/SALKXFDk2V2gsKJ4hsjyiIbsqCwSEFB/XMY0nY/x0xrcIfMVE0HdrNYeQ3zT01Z5jQpSd7wo2M63LaULL/Av498=,iv:tnUVhOgrImKa6iii2hJZn5LKrySM5v47B2zDZMgmUow=,tag:g3xa/4Z+t1Q9Wnd4XzefLg==,type:str] +backup: + ssh-key: ENC[AES256_GCM,data:aRY+9mYssEXPmfJQ2KOYU4wxkgzgYbv3GJ4KUkECSZ6IdQVv4CpKMg75dEhO5/t7MYjiNXze5WibZ0UHSTnUv4OB6NP6Mp1HZjIZb6paCJxjkoul0BVwtF5AKViJe0LIKoh+,iv:kZgZTqgYdqJSD6rO3lj/IFqhO9mYgZ7YYOCS2b+xpXQ=,tag:xPh0yL2uMyqgrioC36PPpA==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -60,7 +62,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-05T10:38:19Z" - mac: ENC[AES256_GCM,data:gS6YTRTl6UdOC7Afrj1LrkgA7MWRLF0HNWytfzhkvThLW+JJrHPEhvWiYrsPW1Bm6o2JkKqVP5HfzcuGNIHJySkEQ4HV02BbibtMNiUKqk+voATsWOpo6957bwRJaTbvDvxmzIQ38TSUoj/pt8Z8WTl0hSPAlqNlWYffXX0y8K4=,iv:53R2bKYKiHJi9DTecg7hiuGNb3Kj9rA2U/oPJ+AFO5I=,tag:5uqvmEJCaCS/yNqyt/FPZg==,type:str] + lastmodified: "2026-04-12T12:03:36Z" + mac: ENC[AES256_GCM,data:pt6G4PVEygk7LV2qwQY1s9CSDUJ4CM3/Jo6Y16jdYb2LDf7YR4INHBk9+p4rK9kMKda6jRlFXtqcE7exIJLzzLCZD22EUZE7P/GKjYhHKu+ros9NaDBLHcdzxMhDazu+CUUITS0yp1lzCEihC4PxY2Z+uv5N0m42VS2bsem7GKg=,iv:6VD8o/t/XQ6yI0DI6KwdR42q0hGOvPVQ6uADNy5lakk=,tag:3bsnxSNU1mLU0UcyZzKhVw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From a1d4c244cf9e9ab0304c28657430b5926e7b757c Mon Sep 17 00:00:00 2001 From: chris Date: Sun, 12 Apr 2026 15:00:09 +0000 Subject: [PATCH 41/58] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 7d44c82..43c2b4c 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -4,7 +4,7 @@ email: zitadel: masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str] nix: {} - users: ENC[AES256_GCM,data:w/2Vdq0EHXaJ5u/aA/reSCtwRHreWm1U1WoJT927xV81zoN0ytoYOwush610caZu8vVXkL4b0hysK77dyWJkdkYpwLY8xG9pLkYlU3lN5E/2tgEjB7Dd7oY7TFTCNuypmIzYh6V74KiHMeA0vlyWUp9lLNt40Ro3MZLT42DyTYjF6YBoUHUp0fS0rKypILJGobJBrwz2YWagXj80IqaaUmmsIcYAaM2u3dQviLlRkIyUxPd1wjFoMc/OMp5Y8A4ZHroCN0wJitGeEEP33GD+MUy58u05pA430AD5Mo4H2V7b3t0qIkOQ8a0BgSVA8UqmrcY/TfikuIZ1kTyCxvD7kmjPq5tG+bhtHt85wgk1XffVO3NDTK7UrltO8R6KolQ5bBgcKgl7YnFTN5qSAT+xrYg8oZaPrGQBTx6eEVETKHKe4oSDkGlAle86lenhF+jm3k2ALmH9X3P/TpAtfRhuU+sUKqhrqQ2Nf4M7LfBtd7lyt2ESqilKokcl51gWCY+1B75dCEIdb/BPmpwzJBGFOI2nZqhxFnVa8TyMpT7C2TxK7rCBPDt5NnNvWYc4+8sRXHBz7s2R5NTk4gaJODlo3HvyL0MV,iv:XlO48HKJWRgwsozmgXstfirwb5CUY+ywelbgLlcx/n4=,tag:GuQMkL2mpNkTJIep79x0zw==,type:str] + users: ENC[AES256_GCM,data:ikpAuiQT32i4+aaVPz/nRqlf5ESID3khat2MrOySOfF9duJaQLWBonaKau6JVRljnGb+RGTiEH/EpxzXHnNydfHrir/jS4cDFMUMNV9aee0CyEbfqHAFqbC3B4ReZZE+XCkiq1j5jLnRg7EiGRK5+g+ul2iGIAwJ5SoHiOSSBcJ2E4B+AdkhGVO6Qsf+DW3hUZ/MsoaDsOB3IX15iC6/9z+NT+/Jefz5In6jn/vdYpD2i/zWvNHHPVXIkK1Co8FUidRdOjyWiiCb4+A0DI5v9E69xKe4zl26GHv3+1aK7cTxq2meDI4AXKhaTpak0A/neO/E6Xrc78752rTNRUDre9jJNrip/UPu8KvaCzpUi8Y4aN2Qg6ICF6JudzgouFyOGJ/JyxjVcJhUBOof/vCOcihdmHlo8sgyAi5mn/70VqnEF6Ei4KkRMAMlz9mfEVHDmjWMP1wHLw8eJD+Vhn/AJ76VecSCr51OHYtwgEcQXC6ikyPwBn8XQ5CNae/XGhcs0c8UbAcUXCH40zxvn4DFYHzJCkwurqv2iiV5zRN+rre6SoEWIToByq5KAwzkgLrLIVIbYWcLXlBYLvuMjnHbRknqWndQS72fRds0EWg+/OfjO+0SrPkJIoHkMNiUUmoq17ouwz0mcKVEh3o1Wptrp54ArDLkUjdtbOhaGTEzpGH+y0b+LITiN0erGPFITjf8sgGtvg+fRnoqCxPpex99,iv:+MjTW26sd8csWm4RXscFMgUm3wNY5Yj+qP8Xfg/WvsQ=,tag:mXjrEJqpbuqaVLa8EJpjoQ==,type:str] forgejo: action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str] synapse: @@ -62,7 +62,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-12T12:03:36Z" - mac: ENC[AES256_GCM,data:pt6G4PVEygk7LV2qwQY1s9CSDUJ4CM3/Jo6Y16jdYb2LDf7YR4INHBk9+p4rK9kMKda6jRlFXtqcE7exIJLzzLCZD22EUZE7P/GKjYhHKu+ros9NaDBLHcdzxMhDazu+CUUITS0yp1lzCEihC4PxY2Z+uv5N0m42VS2bsem7GKg=,iv:6VD8o/t/XQ6yI0DI6KwdR42q0hGOvPVQ6uADNy5lakk=,tag:3bsnxSNU1mLU0UcyZzKhVw==,type:str] + lastmodified: "2026-04-12T15:00:06Z" + mac: ENC[AES256_GCM,data:oklhIZY2AHJh/RaY58R4JZzd8l+aSqxco0qNEhHKskuxB6TPHsybJy93J0oFP/VkuOheuMG4Z32WBAL9dSntjKoWCFdlUf9IMXPUYXy+yD2J0/Lf6w7hXNPQFlDrPfZ+2klamJDZDpkY5SAcgLFHG8oZVLsJtCj6uH+dQKG9QXI=,iv:ZKnwGjqy/to0auzUZnU7bCARZg54hqskr+FOXwxS/dY=,tag:NVkqznP3Qcsyui/EAD9QJA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 03bd906aef981b0590d27389638e8125d30626c1 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Sun, 12 Apr 2026 17:53:06 +0200 Subject: [PATCH 42/58] fix vaultwarden oidc --- modules/nixos/services/security/vaultwarden/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden/default.nix index 089c945..1660736 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden/default.nix @@ -135,7 +135,7 @@ in { SSO_ROLES_ENABLED = true; SSO_ORGANIZATIONS_ENABLED = true; SSO_ORGANIZATIONS_REVOCATION = true; - SSO_AUTHORITY = "https://auth.kruining.eu/"; + SSO_AUTHORITY = "https://auth.kruining.eu"; SSO_SCOPES = "email profile offline_access"; ROCKET_ADDRESS = "::1"; From 66fc9e532a5d68d0c4f7cde8ebea1fac45dddfa1 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Sun, 12 Apr 2026 17:53:37 +0200 Subject: [PATCH 43/58] add backup stuff --- systems/x86_64-linux/ulmo/default.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 43a5760..7c20a11 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -1,9 +1,21 @@ -{...}: { +{ + pkgs, + config, + ... +}: { imports = [ ./disks.nix ./hardware.nix ]; + environment.systemPackages = with pkgs; [bup]; + services.postgresqlBackup = { + enable = true; + backupAll = true; + startAt = "*-*-* 01:00:00"; + location = "/var/backup/postgresql"; + }; + networking = { interfaces.enp2s0 = { ipv6.addresses = [ From 6b3389c4b1c72e9bd8df3d20b5f35f28314a5745 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 13 Apr 2026 15:58:41 +0200 Subject: [PATCH 44/58] checkpoint --- clan/interfaces/gateway.nix | 42 +- clan/types/endpoint.nix | 11 +- clanServices/gateway/default.nix | 6 +- clanServices/identity/default.nix | 123 ++++-- clanServices/identity/lib.nix | 368 ++++++++++++++++++ clanServices/servarr/default.nix | 12 +- clanServices/servarr/lib.nix | 13 +- lib/default.nix | 27 -- lib/options.nix | 37 ++ lib/options/default.nix | 35 -- lib/strings.nix | 53 +++ lib/strings/default.nix | 55 --- .../nixos/services/authentication/zitadel.nix | 14 +- 13 files changed, 608 insertions(+), 188 deletions(-) create mode 100644 clanServices/identity/lib.nix delete mode 100644 lib/default.nix create mode 100644 lib/options.nix delete mode 100644 lib/options/default.nix create mode 100644 lib/strings.nix delete mode 100644 lib/strings/default.nix diff --git a/clan/interfaces/gateway.nix b/clan/interfaces/gateway.nix index 8353ae6..c8faf04 100644 --- a/clan/interfaces/gateway.nix +++ b/clan/interfaces/gateway.nix @@ -14,7 +14,47 @@ in { type = types.submoduleWith { modules = [../types/endpoint.nix]; }; - default = name; + default = {}; + apply = attrs: + attrs + // { + __toString = self: let + protocol = + if self.protocol != null + then "${self.protocol}://" + else ""; + + port = + if self.port != null + then ":${toString self.port}" + else ""; + + path = + if self.path != null + then "/${self.path}" + else ""; + + query = + if self.query != null + then "?${toString self.query + |> lib.attrsToList + |> lib.map ({ + name, + value, + }: "${name}=${value}")}" + else ""; + + hash = + if self.hash != null + then "#${toString self.hash + |> lib.attrsToList + |> lib.map ({ + name, + value, + }: "${name}=${value}")}" + else ""; + in "${protocol}${self.host}${port}${path}${query}${hash}"; + }; }; # protocol = mkOption { diff --git a/clan/types/endpoint.nix b/clan/types/endpoint.nix index a3f82ae..fab5a86 100644 --- a/clan/types/endpoint.nix +++ b/clan/types/endpoint.nix @@ -2,17 +2,18 @@ inherit (lib) mkOption types; in { options = { + protocol = mkOption { + type = types.str; + default = "http"; + }; + host = mkOption { type = types.str; default = "localhost"; }; port = mkOption { - type = types.port; - }; - - protocol = mkOption { - type = types.nullOr types.str; + type = types.nullOr types.port; default = null; }; diff --git a/clanServices/gateway/default.nix b/clanServices/gateway/default.nix index ce837fd..2c6a311 100644 --- a/clanServices/gateway/default.nix +++ b/clanServices/gateway/default.nix @@ -49,14 +49,12 @@ in { |> lib.concatLists |> lib.map ({ name, - protocol, - host, - port, + endpoint, }: { name = "${name}.${machine.name}.arda"; value = { extraConfig = '' - reverse_proxy ${protocol}://${host}:${toString port} + reverse_proxy ${toString endpoint} ''; }; }) diff --git a/clanServices/identity/default.nix b/clanServices/identity/default.nix index caaf194..1030ebb 100644 --- a/clanServices/identity/default.nix +++ b/clanServices/identity/default.nix @@ -4,14 +4,15 @@ exports, ... }: let - inherit (builtins) toString; + inherit (builtins) toString readFile; + inherit (lib) mkMerge mkIf; in { _class = "clan.service"; manifest = { name = "arda/identity"; description = '' ''; - readme = builtins.readFile ./README.md; + readme = readFile ./README.md; exports = { inputs = ["persistence"]; out = ["gateway" "persistence"]; @@ -31,7 +32,7 @@ in { }; database = mkOption { - type = types.anything; #ardaLib.types.endpoint; + type = types.anything; }; port = mkOption { @@ -332,22 +333,15 @@ in { mkExports, settings, machine, + instanceName, ... - }: let - database = - exports - |> clanLib.getExport { - serviceName = "arda/persistence"; - roleName = "default"; - machineName = machine.name; - instanceName = settings.persistence_instance; + }: { + exports = mkExports (mkMerge [ + { + gateway.services.identity = {endpoint.port = settings.port;}; } - |> (v: v.persistence.driver.postgresql); - in { - exports = mkExports { - gateway = { - services.identity = {endpoint.port = settings.port;}; - functions.auth = { + (mkIf (settings.driver == "zitadel") { + gateway.functions.auth = { body = '' forward_auth h2c://[::1]:${toString settings.port} { uri /api/authz/forward-auth @@ -355,21 +349,26 @@ in { } ''; }; - }; - persistence.databases = ["zitadel"]; - }; + persistence.databases = ["zitadel"]; + }) + ]); - nixosModule = { + nixosModule = args@{ lib, pkgs, config, ... }: let - inherit (lib) mkMerge mkIf; + vars = config.clan.core.vars.generators.zitadel.files; + users = config.clan.core.vars.generators.zitadel_users.files.users.path; + email_password = config.clan.core.vars.generators.zitadel_email_password.files.password.path; + + ardaLib = import ../../lib/strings.nix args; + zLib = import ./lib.nix (args // {inherit settings ardaLib;}); in { config = mkMerge [ - (lib.mkIf (settings.driver == "zitadel") { + (mkIf (settings.driver == "zitadel") ({ clan.core.vars.generators.zitadel = { dependencies = ["persistence"]; @@ -387,12 +386,29 @@ in { group = "zitadel"; restartUnits = ["zitadel.service"]; }; + + infraPrivateKey = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["zitadel.service"]; + }; + + infraPublicKey = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["zitadel.service"]; + }; }; - runtimeInputs = with pkgs; [pwgen]; + runtimeInputs = with pkgs; [pwgen openssl_3_5]; script = '' pwgen -s 32 1 > $out/masterKey + openssl genrsa -traditional -out $out/infraPrivateKey 2048 + openssl rsa -pubout -in $out/infraPrivateKey -out $out/infraPublicKey + cat << EOL > $out/settings Database: postgres: @@ -404,18 +420,56 @@ in { ''; }; + clan.core.vars.generators.zitadel_users = { + files = { + users = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["infra-zitadel.service"]; + }; + }; + + script = '' + echo "{}" > $out/users + ''; + }; + + clan.core.vars.generators.zitadel_email_password = { + prompts = { + password = { + description = "password to email for zitadel's smpt connection"; + type = "hidden"; + persist = true; + }; + }; + + files = { + password = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["infra-zitadel.service"]; + }; + }; + + script = '' + cat $prompts/password > $out/password + ''; + }; + environment.systemPackages = with pkgs; [ zitadel ]; services.zitadel = { enable = true; - masterKeyFile = config.clan.core.vars.generators.zitadel.files.masterKey.path; + masterKeyFile = vars.masterKey.path; tlsMode = "external"; extraSettingsPaths = [ - config.clan.core.vars.generators.zitadel.files.settings.path + vars.settings.path ]; settings = { @@ -437,7 +491,7 @@ in { Database.postgres = { Host = settings.database.host; Port = settings.database.port; - Databae = "zitadel"; + Database = "zitadel"; User = { Username = "zitadel"; }; @@ -445,15 +499,18 @@ in { Username = "zitadel"; }; }; - }; - steps = { - InstanceName = "eu"; - - MachineKeyPath = "/var/lib/zitadel/machine-key.json"; + SystemAPIUsers = { + infra = { + Path = vars.infraPublicKey.path; + Memberships = [ + { MemberType = "System"; Roles = [ "SYSTEM_OWNER" "IAM_OWNER" "ORG_OWNER" ]; } + ]; + }; + }; }; }; - }) + } // (zLib.createInfra { inherit users email_password; key_file = vars.infraPrivateKey.path; }))) ]; }; }; diff --git a/clanServices/identity/lib.nix b/clanServices/identity/lib.nix new file mode 100644 index 0000000..08268fd --- /dev/null +++ b/clanServices/identity/lib.nix @@ -0,0 +1,368 @@ +{ + lib, + ardaLib, + self, + pkgs, + settings, + ... +}: let + createTerranixModule = { + users, + email_password, + key_file, + ... + }: terra: let + inherit (lib) toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; + inherit (ardaLib) toSnakeCase; + inherit (terra.lib) tfRef; + + _refTypeMap = { + org = {type = "org";}; + project = {type = "project";}; + user = { + type = "user"; + tfType = "human_user"; + }; + }; + + mapRef' = { + type, + tfType ? type, + }: name: {"${type}Id" = "\${ resource.zitadel_${tfType}.${toSnakeCase name}.id }";}; + mapRef = type: name: mapRef' (_refTypeMap.${type}) name; + mapEnum = prefix: value: "${prefix}_${value |> toSnakeCase |> toUpper}"; + + mapValue = type: value: ({ + appType = mapEnum "OIDC_APP_TYPE" value; + grantTypes = map (t: mapEnum "OIDC_GRANT_TYPE" t) value; + responseTypes = map (t: mapEnum "OIDC_RESPONSE_TYPE" t) value; + authMethodType = mapEnum "OIDC_AUTH_METHOD_TYPE" value; + + flowType = mapEnum "FLOW_TYPE" value; + triggerType = mapEnum "TRIGGER_TYPE" value; + accessTokenType = mapEnum "OIDC_TOKEN_TYPE" value; + }."${type}" or value); + + toResource = name: value: + nameValuePair + (toSnakeCase name) + (lib.mapAttrs' (k: v: nameValuePair (toSnakeCase k) (mapValue k v)) value); + + withRef = type: name: attrs: attrs // (mapRef type name); + + select = keys: callback: set: + if (length keys) == 0 + then mapAttrs' callback set + else let + key = head keys; + in + concatMapAttrs (k: v: select (drop 1 keys) (callback k) (v.${key} or {})) set; + + append = attrList: set: set // (listToAttrs attrList); + + forEach = src: key: set: let + _key = concatMapStringsSep "_" (k: "\${item.${k}}") key; + in + { + forEach = tfRef '' { + for item in ${src} : + "''${item.org}_''${item.name}" => item + }''; + } + // set; + in { + terraform.required_providers.zitadel = { + source = "zitadel/zitadel"; + version = "2.2.0"; + }; + + provider.zitadel = { + domain = "auth.kruining.eu"; + insecure = false; + + system_api = { + user = "infra"; + inherit key_file; + }; + }; + + locals = { + extra_users = tfRef " + flatten([ for org, users in jsondecode(file(\"${users}\")): [ + for name, details in users: { + org = org + name = name + email = details.email + firstName = details.firstName + lastName = details.lastName + } + ] ]) + "; + orgs = settings.organization |> mapAttrs (org: _: tfRef "resource.zitadel_org.${org}.id"); + }; + + resource = { + # Organizations + zitadel_org = + settings.organization + |> select [] ( + name: {isDefault, ...}: + {inherit name isDefault;} + |> toResource name + ); + + # Projects per organization + zitadel_project = + settings.organization + |> select ["project"] ( + org: name: { + hasProjectCheck, + privateLabelingSetting, + projectRoleAssertion, + projectRoleCheck, + ... + }: + { + inherit name hasProjectCheck privateLabelingSetting projectRoleAssertion projectRoleCheck; + } + |> withRef "org" org + |> toResource "${org}_${name}" + ); + + # Each OIDC app per project + zitadel_application_oidc = + settings.organization + |> select ["project" "application"] ( + org: project: name: { + redirectUris, + grantTypes, + responseTypes, + ... + }: + { + inherit name redirectUris grantTypes responseTypes; + + accessTokenRoleAssertion = true; + idTokenRoleAssertion = true; + accessTokenType = "JWT"; + } + |> withRef "org" org + |> withRef "project" "${org}_${project}" + |> toResource "${org}_${project}_${name}" + ); + + # Each project role + zitadel_project_role = + settings.organization + |> select ["project" "role"] ( + org: project: name: value: + { + inherit (value) displayName group; + roleKey = name; + } + |> withRef "org" org + |> withRef "project" "${org}_${project}" + |> toResource "${org}_${project}_${name}" + ); + + # Each project role assignment + zitadel_user_grant = + settings.organization + |> select ["project" "assign"] ( + org: project: user: roles: + {roleKeys = roles;} + |> withRef "org" org + |> withRef "project" "${org}_${project}" + |> withRef "user" "${org}_${user}" + |> toResource "${org}_${project}_${user}" + ); + + # Users + zitadel_human_user = + settings.organization + |> select ["user"] ( + org: name: { + email, + userName, + firstName, + lastName, + ... + }: + { + inherit email userName firstName lastName; + + isEmailVerified = true; + } + |> withRef "org" org + |> toResource "${org}_${name}" + ) + |> append [ + (forEach "local.extra_users" ["org" "name"] { + orgId = tfRef "local.orgs[each.value.org]"; + userName = tfRef "each.value.name"; + email = tfRef "each.value.email"; + firstName = tfRef "each.value.firstName"; + lastName = tfRef "each.value.lastName"; + + isEmailVerified = true; + } + |> toResource "extraUsers") + ]; + + # Global user roles + zitadel_instance_member = + settings.organization + |> filterAttrsRecursive (n: v: !(v ? "instanceRoles" && (length v.instanceRoles) == 0)) + |> select ["user"] ( + org: name: {instanceRoles, ...}: + {roles = instanceRoles;} + |> withRef "user" "${org}_${name}" + |> toResource "${org}_${name}" + ); + + # Organazation specific roles + zitadel_org_member = + settings.organization + |> filterAttrsRecursive (n: v: !(v ? "roles" && (length v.roles) == 0)) + |> select ["user"] ( + org: name: {roles, ...}: + {inherit roles;} + |> withRef "org" org + |> withRef "user" "${org}_${name}" + |> toResource "${org}_${name}" + ); + + # Organazation's actions + zitadel_action = + settings.organization + |> select ["action"] ( + org: name: { + timeout, + allowedToFail, + script, + ... + }: + { + inherit allowedToFail name; + timeout = "${toString timeout}s"; + script = "const ${name} = ${script}"; + } + |> withRef "org" org + |> toResource "${org}_${name}" + ); + + # Organazation's action assignments + zitadel_trigger_actions = + settings.organization + |> concatMapAttrs ( + org: {triggers, ...}: + triggers + |> imap0 (i: { + flowType, + triggerType, + actions, + ... + }: ( + let + name = "trigger_${toString i}"; + in + { + inherit flowType triggerType; + + actionIds = + actions + |> map (action: (tfRef "zitadel_action.${org}_${toSnakeCase action}.id")); + } + |> withRef "org" org + |> toResource "${org}_${name}" + )) + |> listToAttrs + ); + + # SMTP config + zitadel_smtp_config.default = { + sender_address = "chris@kruining.eu"; + sender_name = "no-reply (Zitadel)"; + tls = true; + host = "black-mail.nl:587"; + user = "chris@kruining.eu"; + password = tfRef "file(\"${email_password}\")"; + set_active = true; + }; + + # Client credentials per app + local_sensitive_file = + settings.organization + |> select ["project" "application"] ( + org: project: name: {exportMap, ...}: + nameValuePair "${org}_${project}_${name}" { + content = '' + ${ + if exportMap.client_id != null + then exportMap.client_id + else "CLIENT_ID" + }=${tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_id"} + ${ + if exportMap.client_secret != null + then exportMap.client_secret + else "CLIENT_SECRET" + }=${tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_secret"} + ''; + filename = "/var/lib/zitadel/clients/${org}_${project}_${name}"; + } + ); + }; + }; +in { + createInfra = args @ {...}: let + tofu = "${lib.getExe pkgs.opentofu} -input=false"; + terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { + system = pkgs.stdenv.hostPlatform.system; + modules = [ + (createTerranixModule args) + ]; + }; + in { + systemd.services."infra-zitadel" = { + description = "Infra for Zitadel"; + + wantedBy = ["multi-user.target"]; + wants = ["zitadel.service"]; + + preStart = '' + install -d -m 0770 -o zitadel -g media /var/lib/infra-zitadel + ''; + + script = '' + # Sleep for a bit to give the service a chance to start up + sleep 5s + + if [ "$(systemctl is-active zitadel)" != "active" ]; then + echo "zitadel is not running" + exit 1 + fi + + # Print the path to the source for easier debugging + echo "config location: ${terraformConfiguration}" + + # Copy infra code into workspace + cp -f ${terraformConfiguration} config.tf.json + + # Initialize OpenTofu + ${tofu} init + + # Run the infrastructure code + ${tofu} plan -refresh=false -detailed-exitcode -out=tfplan + ${tofu} apply -json -auto-approve tfplan + ''; + + serviceConfig = { + Type = "oneshot"; + User = "zitadel"; + Group = "zitadel"; + + WorkingDirectory = "/var/lib/infra-zitadel"; + }; + }; + }; +} diff --git a/clanServices/servarr/default.nix b/clanServices/servarr/default.nix index e86bf2e..c06a89b 100644 --- a/clanServices/servarr/default.nix +++ b/clanServices/servarr/default.nix @@ -92,17 +92,7 @@ in { services = settings.services |> lib.attrNames; service_count = services |> lib.length; - database = - exports - |> clanLib.getExport { - serviceName = "arda/persistence"; - roleName = "default"; - machineName = machine.name; - instanceName = settings.persistence_instance; - } - |> (v: v.persistence.driver.postgresql); - - servarr = import ./lib.nix (args // {inherit settings database;}); + servarr = import ./lib.nix (args // {inherit settings;}); in { imports = [ (import ./sabnzbd.nix (args diff --git a/clanServices/servarr/lib.nix b/clanServices/servarr/lib.nix index 5bcd6a5..4a15ca7 100644 --- a/clanServices/servarr/lib.nix +++ b/clanServices/servarr/lib.nix @@ -4,7 +4,6 @@ lib, pkgs, settings, - database, ... }: let inherit (lib) mkIf; @@ -68,8 +67,8 @@ # Password provided via environment file postgres = { - host = database.host; - port = toString database.port; + host = settings.database.host; + port = toString settings.database.port; user = service; maindb = service; logdb = service; @@ -100,7 +99,7 @@ wants = ["${service}.service"]; preStart = '' - install -d -m 0770 -o ${service} -g media /var/lib/${service}-apply-infra + install -d -m 0770 -o ${service} -g media /var/lib/infra-${service} ${ options.rootFolders |> lib.map (folder: "install -d -m 0770 -o media -g media ${folder}") @@ -323,11 +322,7 @@ in { clan.core.vars.generators.${service} = createGenerator (args // {inherit service options;}); services.${service} = createService (args // {inherit service options;}); - # services.caddy.virtualHosts."${service}.ulmo.arda".extraConfig = '' - # reverse_proxy http://[::1]:${toString options.port} - # ''; - - systemd.services."${service}-apply-infra" = lib.mkIf settings.enable (createSystemdService (args // {inherit service options;})); + systemd.services."infra-${service}" = lib.mkIf settings.enable (createSystemdService (args // {inherit service options;})); }) |> lib.mkMerge; }; diff --git a/lib/default.nix b/lib/default.nix deleted file mode 100644 index e8edaf1..0000000 --- a/lib/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: let - inherit (lib) mkOption types; -in { - imports = [ - ./options - ./strings - ]; - - config = { - _module.args = { - inherit - baseNixosModules - channelConfig - mkPkgs - sharedContext - systemOverlays - ; - }; - - flake.lib = config.localLib; - }; -} diff --git a/lib/options.nix b/lib/options.nix new file mode 100644 index 0000000..683b812 --- /dev/null +++ b/lib/options.nix @@ -0,0 +1,37 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + mkUrlOptions = defaults: { + host = + mkOption { + type = types.str; + example = "host.tld"; + description = '' + Hostname + ''; + } + // (defaults.host or {}); + + port = + mkOption { + type = types.port; + default = 1234; + example = "1234"; + description = '' + Port + ''; + } + // (defaults.port or {}); + + protocol = + mkOption { + type = types.str; + default = "https"; + example = "https"; + description = '' + Which protocol to use when creating a url string + ''; + } + // (defaults.protocol or {}); + }; +} diff --git a/lib/options/default.nix b/lib/options/default.nix deleted file mode 100644 index 579b3de..0000000 --- a/lib/options/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{lib, ...}: let - inherit (lib) mkOption types; -in { - localLib.options = { - mkUrlOptions = - defaults: - { - host = mkOption { - type = types.str; - example = "host.tld"; - description = '' - Hostname - ''; - } // (defaults.host or {}); - - port = mkOption { - type = types.port; - default = 1234; - example = "1234"; - description = '' - Port - ''; - } // (defaults.port or {}); - - protocol = mkOption { - type = types.str; - default = "https"; - example = "https"; - description = '' - Which protocol to use when creating a url string - ''; - } // (defaults.protocol or {}); - }; - }; -} diff --git a/lib/strings.nix b/lib/strings.nix new file mode 100644 index 0000000..5a163c2 --- /dev/null +++ b/lib/strings.nix @@ -0,0 +1,53 @@ +{lib, ...}: let + inherit (builtins) isString typeOf match toString head; + inherit (lib) throwIfNot concatStringsSep splitStringBy toLower map concatMapAttrsStringSep; +in { + #======================================================================================== + # Converts a string to snake case + # + # simply replaces any uppercase letter to its lowercase variant preceeded by an underscore + #======================================================================================== + toSnakeCase = str: + throwIfNot (isString str) "toSnakeCase only accepts string values, but got ${typeOf str}" ( + str + |> splitStringBy (prev: curr: builtins.match "[a-z]" prev != null && builtins.match "[A-Z]" curr != null) true + |> map (p: toLower p) + |> concatStringsSep "_" + ); + + #======================================================================================== + # Converts a set of url parts to a string + #======================================================================================== + toUrl = { + protocol ? null, + host, + port ? null, + path ? null, + query ? null, + hash ? null, + }: let + trim_slashes = str: str |> match "^\/*(.+?)\/*$" |> head; + encode_to_str = set: concatMapAttrsStringSep "&" (n: v: "${n}=${v}") set; + + _protocol = + if protocol != null + then "${protocol}://" + else ""; + _port = + if port != null + then ":${toString port}" + else ""; + _path = + if path != null + then "/${path |> trim_slashes}" + else ""; + _query = + if query != null + then "?${query |> encode_to_str}" + else ""; + _hash = + if hash != null + then "#${hash |> encode_to_str}" + else ""; + in "${_protocol}${host}${_port}${_path}${_query}${_hash}"; +} diff --git a/lib/strings/default.nix b/lib/strings/default.nix deleted file mode 100644 index 7ae1d78..0000000 --- a/lib/strings/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{lib, ...}: let - inherit (builtins) isString typeOf match toString head; - inherit (lib) throwIfNot concatStringsSep splitStringBy toLower map concatMapAttrsStringSep; -in { - strings = { - #======================================================================================== - # Converts a string to snake case - # - # simply replaces any uppercase letter to its lowercase variant preceeded by an underscore - #======================================================================================== - toSnakeCase = str: - throwIfNot (isString str) "toSnakeCase only accepts string values, but got ${typeOf str}" ( - str - |> splitStringBy (prev: curr: builtins.match "[a-z]" prev != null && builtins.match "[A-Z]" curr != null) true - |> map (p: toLower p) - |> concatStringsSep "_" - ); - - #======================================================================================== - # Converts a set of url parts to a string - #======================================================================================== - toUrl = { - protocol ? null, - host, - port ? null, - path ? null, - query ? null, - hash ? null, - }: let - trim_slashes = str: str |> match "^\/*(.+?)\/*$" |> head; - encode_to_str = set: concatMapAttrsStringSep "&" (n: v: "${n}=${v}") set; - - _protocol = - if protocol != null - then "${protocol}://" - else ""; - _port = - if port != null - then ":${toString port}" - else ""; - _path = - if path != null - then "/${path |> trim_slashes}" - else ""; - _query = - if query != null - then "?${query |> encode_to_str}" - else ""; - _hash = - if hash != null - then "#${hash |> encode_to_str}" - else ""; - in "${_protocol}${host}${_port}${_path}${_query}${_hash}"; - }; -} diff --git a/modules/nixos/services/authentication/zitadel.nix b/modules/nixos/services/authentication/zitadel.nix index bc83385..e120d32 100644 --- a/modules/nixos/services/authentication/zitadel.nix +++ b/modules/nixos/services/authentication/zitadel.nix @@ -355,8 +355,7 @@ in for item in ${src} : "''${item.org}_''${item.name}" => item }''; - } - // set; + } // set; in { terraform.required_providers.zitadel = { @@ -566,17 +565,16 @@ in "d /var/lib/zitadel/clients 0755 zitadel zitadel -" ]; - systemd.services.zitadelApplyTerraform = { + systemd.services.zitadelApplyTerraform = + let + tofu = lib.getExe pkgs.opentofu; + in { description = "Zitadel terraform apply"; wantedBy = [ "multi-user.target" ]; wants = [ "zitadel.service" ]; - script = - let - tofu = lib.getExe pkgs.opentofu; - in - lib.replaceStrings ["\r"] [""] '' + script = '' if [ "$(systemctl is-active zitadel)" != "active" ]; then echo "Zitadel is not running" exit 1 From 64bc77a73e95b74e5915021e3c2ee581652be3b8 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 13 Apr 2026 16:31:43 +0200 Subject: [PATCH 45/58] apply review comments --- clanServices/identity/lib.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/clanServices/identity/lib.nix b/clanServices/identity/lib.nix index 08268fd..1783529 100644 --- a/clanServices/identity/lib.nix +++ b/clanServices/identity/lib.nix @@ -192,6 +192,9 @@ inherit email userName firstName lastName; isEmailVerified = true; + lifecycle = { + ignore_changes = ["first_name" "last_name" "user_name"]; + }; } |> withRef "org" org |> toResource "${org}_${name}" @@ -328,6 +331,7 @@ in { wantedBy = ["multi-user.target"]; wants = ["zitadel.service"]; + after = ["zitadel.service"]; preStart = '' install -d -m 0770 -o zitadel -g media /var/lib/infra-zitadel @@ -352,7 +356,7 @@ in { ${tofu} init # Run the infrastructure code - ${tofu} plan -refresh=false -detailed-exitcode -out=tfplan + ${tofu} plan -out=tfplan ${tofu} apply -json -auto-approve tfplan ''; @@ -361,7 +365,7 @@ in { User = "zitadel"; Group = "zitadel"; - WorkingDirectory = "/var/lib/infra-zitadel"; + StateDirectory = "/var/lib/infra-zitadel"; }; }; }; From d5b5166b95d0e00f693c8189948c0b63e039fc09 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Tue, 14 Apr 2026 15:27:49 +0200 Subject: [PATCH 46/58] checkpoint --- .../services/communication/matrix/default.nix | 28 +++++++++++++++++-- .../nixos/services/media/servarr/default.nix | 9 +++--- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index d2e47b0..903de32 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -17,6 +17,10 @@ database = "synapse"; keyFile = "/var/lib/element-call/key"; in { + imports = [ + ./mautrix-starr.nix + ]; + options.${namespace}.services.communication.matrix = { enable = mkEnableOption "Matrix server (Synapse)"; }; @@ -24,7 +28,6 @@ in { config = mkIf cfg.enable { ${namespace}.services = { persistance.postgresql.enable = true; - # virtualisation.podman.enable = true; networking.caddy = { # globalConfig = '' @@ -255,8 +258,29 @@ in { }; }; + # mautrix-starr = { + # enable = true; + # registerToSynapse = true; + + # settings = { + # appservice = { + # provisioning.enabled = false; + # }; + + # homeserver = { + # address = "http://[::1]:${toString port}"; + # domain = domain; + # }; + + # bridge = { + # permissions = { + # "@chris:${domain}" = "admin"; + # }; + # }; + # }; + # }; + postgresql = { - enable = true; ensureDatabases = [database]; ensureUsers = [ { diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index a98399d..ae0e3b0 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -129,11 +129,12 @@ in { port = 2007; }; - postgresql = { - ensureDatabases = cfg |> lib.attrNames; + postgresql = let + databases = [] ++ (cfg |> lib.attrNames); + in { + ensureDatabases = databases; ensureUsers = - cfg - |> lib.attrNames + databases |> lib.map (service: { name = service; ensureDBOwnership = true; From 6fe9387626dd4acee177d415623a31721583fdda Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 16 Apr 2026 05:19:04 +0000 Subject: [PATCH 47/58] chore(secrets): set secret "synapse/shared_secret" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 43c2b4c..8e000ba 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -10,6 +10,7 @@ forgejo: synapse: oidc_id: ENC[AES256_GCM,data:XbCpyGq0LeRJWq8dv/5Dipvp,iv:YDhgl26z1NBbIQLoLdGVz0+ze6o1ZcmgVHPfwoRj57I=,tag:y2vUuqnDmtTvVQmZCAlnLg==,type:str] oidc_secret: ENC[AES256_GCM,data:nVFi5EFbNMZ0mvrDHVYC0NiwJlo2eEw44D+Fcv9SKSb2oO00lGEDkP/oXDj5YgDq6RLQSe3f/SUOn77ntwnZYg==,iv:awe7VNUYOn9ofl1QlQTrEN5d0i5WkVM35qndruL4VXo=,tag:8Yoc9lFF9aWbtAa5fzQGEA==,type:str] + shared_secret: "" radarr: apikey: ENC[AES256_GCM,data:G141GW4PyS5pbAV39HcVscMw3s30txOgTZzWaL7o+ccZfnfDLv796O6xKXdqGZ8saLsveghLw9Z6a5luusHyQ3Q5ESL6W7SVeZVTuSqSC3i/4jl75FJxhnsgVsfrnYxzLGpKiw==,iv:sZl/XLh6y3WgSAn6nH3sFB6atBifZdghm+QsCNDbcjY=,tag:Tw+R80nrF0T0yDti0Uf+ig==,type:str] sonarr: @@ -62,7 +63,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-12T15:00:06Z" - mac: ENC[AES256_GCM,data:oklhIZY2AHJh/RaY58R4JZzd8l+aSqxco0qNEhHKskuxB6TPHsybJy93J0oFP/VkuOheuMG4Z32WBAL9dSntjKoWCFdlUf9IMXPUYXy+yD2J0/Lf6w7hXNPQFlDrPfZ+2klamJDZDpkY5SAcgLFHG8oZVLsJtCj6uH+dQKG9QXI=,iv:ZKnwGjqy/to0auzUZnU7bCARZg54hqskr+FOXwxS/dY=,tag:NVkqznP3Qcsyui/EAD9QJA==,type:str] + lastmodified: "2026-04-16T05:19:02Z" + mac: ENC[AES256_GCM,data:UqsihBm/UQu0GcikdvhsMJqt3x3AIoRAA1td5Gi243IPoVvXTdngDlJ4/zXQ1VvJ8JAOcD/i5aE/POi3Ig/oHrzq4MO501JMbRBWShsyQI0YeFAFHCE63S81B7lcQhusq1LEjEODNq0H7c6X1w7LsMJap9gPtS75CaEI4hHN1NY=,iv:IWIx9Fq/KQk/OOTBfEIWRRd4nV9pQJ47ldq+wIwPxtA=,tag:OHlyO31xcqL/bpDMsRMiIA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From c4e9485ccbec99dad6b140e8f390843cccf4ee34 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 16 Apr 2026 05:20:19 +0000 Subject: [PATCH 48/58] chore(secrets): set secret "synapse/shared_secret" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 8e000ba..869e63e 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -10,7 +10,7 @@ forgejo: synapse: oidc_id: ENC[AES256_GCM,data:XbCpyGq0LeRJWq8dv/5Dipvp,iv:YDhgl26z1NBbIQLoLdGVz0+ze6o1ZcmgVHPfwoRj57I=,tag:y2vUuqnDmtTvVQmZCAlnLg==,type:str] oidc_secret: ENC[AES256_GCM,data:nVFi5EFbNMZ0mvrDHVYC0NiwJlo2eEw44D+Fcv9SKSb2oO00lGEDkP/oXDj5YgDq6RLQSe3f/SUOn77ntwnZYg==,iv:awe7VNUYOn9ofl1QlQTrEN5d0i5WkVM35qndruL4VXo=,tag:8Yoc9lFF9aWbtAa5fzQGEA==,type:str] - shared_secret: "" + shared_secret: ENC[AES256_GCM,data:IkzZ6QV1gLzChAFSsYsK3HM5dKFD4AoDJ53xgoxNpgt5tb45mMw/LRxu4NArGVLUtVGBy6jk6arU+Nxvi8bxPOC8c2UFCRUF+FM1phICEbb4Chgy5g803VKNFOu6BLaEmwDmuZSQP7CwX1hy8TX8yChboHGp7hH+n5SAZpejrLg=,iv:d+Ab91yCltYwudDWhrWPw0Xod/TKriCsoGD8i6PD4H4=,tag:xOXnzNuajcOz+imjMJr3Dg==,type:str] radarr: apikey: ENC[AES256_GCM,data:G141GW4PyS5pbAV39HcVscMw3s30txOgTZzWaL7o+ccZfnfDLv796O6xKXdqGZ8saLsveghLw9Z6a5luusHyQ3Q5ESL6W7SVeZVTuSqSC3i/4jl75FJxhnsgVsfrnYxzLGpKiw==,iv:sZl/XLh6y3WgSAn6nH3sFB6atBifZdghm+QsCNDbcjY=,tag:Tw+R80nrF0T0yDti0Uf+ig==,type:str] sonarr: @@ -63,7 +63,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-16T05:19:02Z" - mac: ENC[AES256_GCM,data:UqsihBm/UQu0GcikdvhsMJqt3x3AIoRAA1td5Gi243IPoVvXTdngDlJ4/zXQ1VvJ8JAOcD/i5aE/POi3Ig/oHrzq4MO501JMbRBWShsyQI0YeFAFHCE63S81B7lcQhusq1LEjEODNq0H7c6X1w7LsMJap9gPtS75CaEI4hHN1NY=,iv:IWIx9Fq/KQk/OOTBfEIWRRd4nV9pQJ47ldq+wIwPxtA=,tag:OHlyO31xcqL/bpDMsRMiIA==,type:str] + lastmodified: "2026-04-16T05:20:18Z" + mac: ENC[AES256_GCM,data:YqkxwV30uqSHhsn4niFEODxxl9R2ZuiyyX4g8zONVjMvdA52C08zPpxdxjtXnUT9m3sT7iSmWcJJZwhMhRIb8LJ2sdIJ4v+wpG9I4pPokhEXI2ozqbzw3k68GnZOzYu3kePQBJjQx1fmlM63dgILIwx7ytPnpm9arQ1rszZynNs=,iv:hxdhU5oH9h9mRH3m76oFkYVNA68PnivVJpJRjxSRtTw=,tag:Fyyg6cWPb96c/Vap+PifUQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From ce44496a48452cf69557509b47db445224591fb9 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 16 Apr 2026 07:46:45 +0200 Subject: [PATCH 49/58] Add arrtrix Matrix bridge service and package scaffolding --- .just/vars.just | 4 +- logs/bridge-2026-04-15T09-11-43.612.log | 2 + logs/bridge.log | 2 + .../services/communication/matrix/default.nix | 432 ++++++++---------- .../nixos/temp/services/arrtrix/default.nix | 200 ++++++++ packages/arrtrix/cmd/arrtrix/main.go | 26 ++ packages/arrtrix/default.nix | 33 ++ packages/arrtrix/go.mod | 43 ++ packages/arrtrix/go.sum | 91 ++++ packages/arrtrix/pkg/connector/config.go | 18 + packages/arrtrix/pkg/connector/connector.go | 107 +++++ .../arrtrix/pkg/connector/example-config.yaml | 7 + script/synapse/shared_secret | 3 + 13 files changed, 712 insertions(+), 256 deletions(-) create mode 100644 logs/bridge-2026-04-15T09-11-43.612.log create mode 100644 logs/bridge.log create mode 100644 modules/nixos/temp/services/arrtrix/default.nix create mode 100644 packages/arrtrix/cmd/arrtrix/main.go create mode 100644 packages/arrtrix/default.nix create mode 100644 packages/arrtrix/go.mod create mode 100644 packages/arrtrix/go.sum create mode 100644 packages/arrtrix/pkg/connector/config.go create mode 100644 packages/arrtrix/pkg/connector/connector.go create mode 100644 packages/arrtrix/pkg/connector/example-config.yaml create mode 100644 script/synapse/shared_secret diff --git a/.just/vars.just b/.just/vars.just index 62a8bd9..2ae9a44 100644 --- a/.just/vars.just +++ b/.just/vars.just @@ -43,14 +43,14 @@ generate machine: # Skip if we already have a value [ $(just vars get "{{ machine }}" "$key" | jq -r) ] && continue - just _rotate "{{ machine }}" "$key" + just vars _rotate "{{ machine }}" "$key" done [doc('Regenerate var values for {machine}')] [script] _rotate machine key: # Exit if there's no script - [ -f "{{ justfile_directory() }}/script/{{ key }}" ] || exit + [ -f "{{ justfile_directory() }}/script/{{ key }}" ] || exit 0 echo "Executing script for {{ key }}" just vars set "{{ machine }}" "{{ key }}" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/{{ key }}")" && source "./$(basename "{{ key }}")")" diff --git a/logs/bridge-2026-04-15T09-11-43.612.log b/logs/bridge-2026-04-15T09-11-43.612.log new file mode 100644 index 0000000..df81d78 --- /dev/null +++ b/logs/bridge-2026-04-15T09-11-43.612.log @@ -0,0 +1,2 @@ +{"level":"fatal","error":"homeserver.address not configured","time":"2026-04-15T09:10:06.949460064Z","message":"Configuration error"} +{"level":"info","time":"2026-04-15T09:10:06.949840013Z","message":"See https://docs.mau.fi/faq/field-unconfigured for more info"} diff --git a/logs/bridge.log b/logs/bridge.log new file mode 100644 index 0000000..63567e0 --- /dev/null +++ b/logs/bridge.log @@ -0,0 +1,2 @@ +{"level":"fatal","error":"appservice.as_token not configured. Did you forget to generate the registration? ","time":"2026-04-15T09:11:43.617908298Z","message":"Configuration error"} +{"level":"info","time":"2026-04-15T09:11:43.618232253Z","message":"See https://docs.mau.fi/faq/field-unconfigured for more info"} diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 903de32..c9c11f1 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -6,7 +6,7 @@ ... }: let inherit (builtins) toString toJSON; - inherit (lib) mkIf mkEnableOption; + inherit (lib) mkIf mkEnableOption mkMerge; cfg = config.${namespace}.services.communication.matrix; @@ -16,11 +16,36 @@ database = "synapse"; keyFile = "/var/lib/element-call/key"; -in { - imports = [ - ./mautrix-starr.nix - ]; + mkMautrix = bridge: i: conf: { + ${bridge} = + { + enable = true; + registerToSynapse = true; + + settings = { + appservice = { + # hostname = "[::]"; + # port = 40010 + i; + # address = "http://${config.services.${bridge}.settings.appservice.hostname}:${toString config.services.${bridge}.settings.appservice.port}"; + provisioning.enabled = false; + }; + + homeserver = { + inherit domain; + address = "http://[::1]:${toString port}"; + }; + + bridge = { + permissions = { + "@chris:${domain}" = "admin"; + }; + }; + }; + } + // conf; + }; +in { options.${namespace}.services.communication.matrix = { enable = mkEnableOption "Matrix server (Synapse)"; }; @@ -30,24 +55,6 @@ in { persistance.postgresql.enable = true; networking.caddy = { - # globalConfig = '' - # layer4 { - # 127.0.0.1:4004 - # route { - # proxy { - # upstream synapse:4004 - # } - # } - # } - # 127.0.0.1:4005 - # route { - # proxy { - # upstream synapse:4005 - # } - # } - # } - # } - # ''; hosts = let server = { "m.server" = "${fqn}:443"; @@ -99,259 +106,166 @@ in { }; }; - services = { - matrix-synapse = { - enable = true; + services = mkMerge [ + (mkMautrix "mautrix-signal" 1 {}) + (mkMautrix "mautrix-telegram" 2 {}) + (mkMautrix "mautrix-whatsapp" 3 {}) + (mkMautrix "arrtrix" 4 {}) + { + matrix-synapse = { + enable = true; - extras = ["oidc"]; + extras = ["oidc"]; - extraConfigFiles = [ - config.sops.templates."synapse-oidc.yaml".path - ]; + extraConfigFiles = [ + config.sops.templates."synapse.yaml".path + config.sops.templates."synapse-oidc.yaml".path + ]; - settings = { - server_name = domain; - public_baseurl = "https://${fqn}"; + settings = { + server_name = domain; + public_baseurl = "https://${fqn}"; - enable_metrics = true; + enable_metrics = true; - registration_shared_secret = "tZtBnlhEmLbMwF0lQ112VH1Rl5MkZzYH9suI4pEoPXzk6nWUB8FJF4eEnwLkbstz"; + url_preview_enabled = true; + precence.enabled = true; - url_preview_enabled = true; - precence.enabled = true; + # Since we'll be using OIDC for auth disable all local options + enable_registration = false; + enable_registration_without_verification = false; + password_config.enabled = true; + backchannel_logout_enabled = true; - # Since we'll be using OIDC for auth disable all local options - enable_registration = false; - enable_registration_without_verification = false; - password_config.enabled = true; - backchannel_logout_enabled = true; - - # Element Call options - max_event_delay_duration = "24h"; - rc_message = { - per_second = 0.5; - burst_count = 30; - }; - rc_delayed_event_mgmt = { - per_second = 1; - burst_count = 20; - }; - turn_uris = ["turn:turn.${domain}:4004?transport=udp" "turn:turn.${domain}:4004?transport=tcp"]; - - experimental_features = { - # MSC2965: OAuth 2.0 Authorization Server Metadata discovery - msc2965_enabled = true; - - # MSC3266: Room summary API. Used for knocking over federation - msc3266_enabled = true; - # MSC4222 needed for syncv2 state_after. This allow clients to - # correctly track the state of the room. - msc4222_enabled = true; - }; - - sso = { - client_whitelist = ["http://[::1]:9092/" "https://auth.kruining.eu/"]; - update_profile_information = true; - }; - - database = { - # this is postgresql (also the default, but I prefer to be explicit) - name = "psycopg2"; - args = { - database = database; - user = database; + # Element Call options + max_event_delay_duration = "24h"; + rc_message = { + per_second = 0.5; + burst_count = 30; }; + rc_delayed_event_mgmt = { + per_second = 1; + burst_count = 20; + }; + turn_uris = ["turn:turn.${domain}:4004?transport=udp" "turn:turn.${domain}:4004?transport=tcp"]; + + experimental_features = { + # MSC2965: OAuth 2.0 Authorization Server Metadata discovery + msc2965_enabled = true; + + # MSC3266: Room summary API. Used for knocking over federation + msc3266_enabled = true; + # MSC4222 needed for syncv2 state_after. This allow clients to + # correctly track the state of the room. + msc4222_enabled = true; + }; + + sso = { + client_whitelist = ["http://[::1]:9092/" "https://auth.kruining.eu/"]; + update_profile_information = true; + }; + + database = { + # this is postgresql (also the default, but I prefer to be explicit) + name = "psycopg2"; + args = { + database = database; + user = database; + }; + }; + + listeners = [ + { + bind_addresses = ["::"]; + port = port; + type = "http"; + tls = false; + x_forwarded = true; + + resources = [ + { + names = ["client" "federation" "openid" "metrics" "media" "health"]; + compress = true; + } + ]; + } + ]; }; + }; - listeners = [ + postgresql = { + ensureDatabases = [database]; + ensureUsers = [ { - bind_addresses = ["::"]; - port = port; - type = "http"; - tls = false; - x_forwarded = true; - - resources = [ - { - names = ["client" "federation" "openid" "metrics" "media" "health"]; - compress = true; - } - ]; + name = database; + ensureDBOwnership = true; } ]; }; - }; - mautrix-signal = { - enable = true; - registerToSynapse = true; + livekit = { + enable = true; + openFirewall = true; + inherit keyFile; - settings = { - appservice = { - provisioning.enabled = false; - }; - - homeserver = { - address = "http://[::1]:${toString port}"; - domain = domain; - }; - - bridge = { - permissions = { - "@chris:${domain}" = "admin"; - }; + settings = { + port = 4002; + room.auto_create = false; }; }; - }; - mautrix-telegram = { - enable = true; - registerToSynapse = true; - - settings = { - telegram = { - api_id = 32770816; - api_hash = "7b63778a976619c9d4ab62adc51cde79"; - bot_token = "disabled"; - - catch_up = true; - sequential_updates = true; - }; - - appservice = { - port = 40011; - provisioning.enabled = false; - }; - - homeserver = { - address = "http://[::1]:${toString port}"; - domain = domain; - }; - - bridge = { - permissions = { - "@chris:${domain}" = "admin"; - }; - }; + lk-jwt-service = { + enable = true; + port = 4003; + # can be on the same virtualHost as synapse + livekitUrl = "wss://${domain}/livekit/sfu"; + inherit keyFile; }; - }; - mautrix-whatsapp = { - enable = true; - registerToSynapse = true; - - settings = { - appservice = { - provisioning.enabled = false; - }; - - homeserver = { - address = "http://[::1]:${toString port}"; - domain = domain; - }; - - bridge = { - permissions = { - "@chris:${domain}" = "admin"; - }; - }; + coturn = rec { + enable = true; + listening-port = 4004; + tls-listening-port = 40004; + no-cli = true; + no-tcp-relay = true; + min-port = 50000; + max-port = 50100; + use-auth-secret = true; + static-auth-secret-file = config.sops.secrets."coturn/secret".path; + realm = "turn.${domain}"; + # cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; + # pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; + extraConfig = '' + # for debugging + verbose + # ban private IP ranges + no-multicast-peers + denied-peer-ip=0.0.0.0-0.255.255.255 + denied-peer-ip=10.0.0.0-10.255.255.255 + denied-peer-ip=100.64.0.0-100.127.255.255 + denied-peer-ip=127.0.0.0-127.255.255.255 + denied-peer-ip=169.254.0.0-169.254.255.255 + denied-peer-ip=172.16.0.0-172.31.255.255 + denied-peer-ip=192.0.0.0-192.0.0.255 + denied-peer-ip=192.0.2.0-192.0.2.255 + denied-peer-ip=192.88.99.0-192.88.99.255 + denied-peer-ip=192.168.0.0-192.168.255.255 + denied-peer-ip=198.18.0.0-198.19.255.255 + denied-peer-ip=198.51.100.0-198.51.100.255 + denied-peer-ip=203.0.113.0-203.0.113.255 + denied-peer-ip=240.0.0.0-255.255.255.255 + denied-peer-ip=::1 + denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff + denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255 + denied-peer-ip=100::-100::ffff:ffff:ffff:ffff + denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff + denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff + denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff + ''; }; - }; - - # mautrix-starr = { - # enable = true; - # registerToSynapse = true; - - # settings = { - # appservice = { - # provisioning.enabled = false; - # }; - - # homeserver = { - # address = "http://[::1]:${toString port}"; - # domain = domain; - # }; - - # bridge = { - # permissions = { - # "@chris:${domain}" = "admin"; - # }; - # }; - # }; - # }; - - postgresql = { - ensureDatabases = [database]; - ensureUsers = [ - { - name = database; - ensureDBOwnership = true; - } - ]; - }; - - livekit = { - enable = true; - openFirewall = true; - inherit keyFile; - - settings = { - port = 4002; - room.auto_create = false; - }; - }; - - lk-jwt-service = { - enable = true; - port = 4003; - # can be on the same virtualHost as synapse - livekitUrl = "wss://${domain}/livekit/sfu"; - inherit keyFile; - }; - - coturn = rec { - enable = true; - listening-port = 4004; - tls-listening-port = 40004; - no-cli = true; - no-tcp-relay = true; - min-port = 50000; - max-port = 50100; - use-auth-secret = true; - static-auth-secret-file = config.sops.secrets."coturn/secret".path; - realm = "turn.${domain}"; - # cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; - # pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; - extraConfig = '' - # for debugging - verbose - # ban private IP ranges - no-multicast-peers - denied-peer-ip=0.0.0.0-0.255.255.255 - denied-peer-ip=10.0.0.0-10.255.255.255 - denied-peer-ip=100.64.0.0-100.127.255.255 - denied-peer-ip=127.0.0.0-127.255.255.255 - denied-peer-ip=169.254.0.0-169.254.255.255 - denied-peer-ip=172.16.0.0-172.31.255.255 - denied-peer-ip=192.0.0.0-192.0.0.255 - denied-peer-ip=192.0.2.0-192.0.2.255 - denied-peer-ip=192.88.99.0-192.88.99.255 - denied-peer-ip=192.168.0.0-192.168.255.255 - denied-peer-ip=198.18.0.0-198.19.255.255 - denied-peer-ip=198.51.100.0-198.51.100.255 - denied-peer-ip=203.0.113.0-203.0.113.255 - denied-peer-ip=240.0.0.0-255.255.255.255 - denied-peer-ip=::1 - denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff - denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255 - denied-peer-ip=100::-100::ffff:ffff:ffff:ffff - denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff - ''; - }; - }; + } + ]; networking.firewall = { allowedTCPPortRanges = []; @@ -400,6 +314,9 @@ in { "synapse/oidc_secret" = { restartUnits = ["synapse-matrix.service"]; }; + "synapse/shared_secret" = { + restartUnits = ["synapse-matrix.service"]; + }; "coturn/secret" = { owner = config.systemd.services.coturn.serviceConfig.User; group = config.systemd.services.coturn.serviceConfig.Group; @@ -408,6 +325,13 @@ in { }; templates = { + "synapse.yaml" = { + owner = "matrix-synapse"; + content = '' + registration_shared_secret: ${config.sops.placeholder."synapse/shared_secret"} + ''; + restartUnits = ["matrix-synapse.service"]; + }; "synapse-oidc.yaml" = { owner = "matrix-synapse"; content = '' diff --git a/modules/nixos/temp/services/arrtrix/default.nix b/modules/nixos/temp/services/arrtrix/default.nix new file mode 100644 index 0000000..dfd7b32 --- /dev/null +++ b/modules/nixos/temp/services/arrtrix/default.nix @@ -0,0 +1,200 @@ +{ + config, + lib, + pkgs, + namespace, + ... +}: let + inherit (lib) mkEnableOption mkPackageOption mkIf mkOption optionalAttrs recursiveUpdate types baseNameOf; + + cfg = config.services.arrtrix; + dataDir = "/var/lib/arrtrix"; + registrationFile = "${dataDir}/arrtrix-registration.yaml"; + settingsFile = "${dataDir}/config.yaml"; + settingsFileUnsubstituted = settingsFormat.generate "arrtrix-config-unsubstituted.json" cfg.settings; + settingsFormat = pkgs.formats.json {}; + + defaultConfig = { + bridge = { + command_prefix = "!arr"; + relay.enabled = true; + permissions."*" = "relay"; + }; + database = { + type = "sqlite3"; + uri = "file:${dataDir}/arrtrix.db?_txlock=immediate"; + }; + homeserver = { + address = "http://localhost:8448"; + domain = config.services.matrix-synapse.settings.server_name or "example.com"; + }; + appservice = { + hostname = "[::]"; + port = 29329; + id = "arrtrix"; + bot = { + username = "arrtrixbot"; + displayname = "arrtrix Bot"; + }; + as_token = ""; + hs_token = ""; + username_template = "arrtrix_{{.}}"; + }; + double_puppet = { + servers = {}; + secrets = {}; + }; + # By default, the following keys/secrets are set to `generate`. This would break when the service + # is restarted, since the previously generated configuration will be overwritten everytime. + # If encryption is enabled, it's recommended to set those keys via `environmentFile`. + encryption.pickle_key = ""; + provisioning.shared_secret = ""; + public_media.signing_key = ""; + direct_media.server_key = ""; + logging = { + min_level = "info"; + writers = lib.singleton { + type = "stdout"; + format = "pretty-colored"; + time_format = " "; + }; + }; + }; +in { + options.services.arrtrix = { + enable = mkEnableOption "Arr-focused Matrix appservice foundation"; + + package = mkPackageOption pkgs.${namespace} "arrtrix" {}; + + registerToSynapse = mkOption { + type = types.bool; + default = config.services.matrix-synapse.enable; + defaultText = lib.literalExpression '' + config.services.matrix-synapse.enable + ''; + description = '' + Whether to add the bridge's app service registration file to + `services.matrix-synapse.settings.app_service_config_files`. + ''; + }; + + settings = mkOption { + apply = lib.recursiveUpdate defaultConfig; + type = settingsFormat.type; + default = defaultConfig; + description = '' + {file}`config.yaml` configuration as a Nix attribute set. + Configuration options should match those described in the example configuration. + Get an example configuration by executing `arrtrix -c example.yaml --generate-example-config` + Secret tokens should be specified using {option}`environmentFile` + instead of this world-readable attribute set. + ''; + example = {}; + }; + + serviceDependencies = lib.mkOption { + type = with lib.types; listOf str; + default = + (lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) + ++ (lib.optional config.services.matrix-conduit.enable "conduit.service"); + defaultText = lib.literalExpression '' + (optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit) + ++ (optional config.services.matrix-conduit.enable "conduit.service") + ''; + description = '' + List of systemd units to require and wait for when starting the application service. + ''; + }; + }; + + config = mkIf cfg.enable { + users = { + users."arrtrix" = { + isSystemUser = true; + group = "arrtrix"; + }; + groups."arrtrix" = {}; + }; + + services.matrix-synapse = lib.mkIf cfg.registerToSynapse { + settings.app_service_config_files = [registrationFile]; + }; + systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse { + serviceConfig.SupplementaryGroups = ["arrtrix"]; + }; + + systemd.services.arrtrix = { + description = "arrtrix, A *arr stack to matrix bridge for *arr-notifications"; + + wantedBy = ["multi-user.target"]; + after = ["network-online.target"]; + wants = ["network-online.target"]; + restartTriggers = [settingsFileUnsubstituted]; + + preStart = '' + # substitute the settings file by environment variables + # in this case read from EnvironmentFile + test -f '${settingsFile}' && rm -f '${settingsFile}' + + old_umask=$(umask) + umask 0177 + ${lib.getExe pkgs.envsubst} -o '${settingsFile}' -i '${settingsFileUnsubstituted}' + umask $old_umask + + if [ ! -f '${registrationFile}' ]; then + ${lib.getExe cfg.package} --generate-registration --config='${settingsFile}' --registration='${registrationFile}' + fi + chmod 640 ${registrationFile} + + # 1. Overwrite registration tokens in config + # 2. If environment variable MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET + # is set, set it as the login shared secret value for the configured + # homeserver domain. + umask 0177 + ${lib.getExe pkgs.yq} -s '.[0].appservice.as_token = .[1].as_token + | .[0].appservice.hs_token = .[1].hs_token + | .[0] + | if env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET then .double_puppet.secrets.[.homeserver.domain] = env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET else . end' \ + '${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp' + mv '${settingsFile}.tmp' '${settingsFile}' + umask $old_umask + ''; + + serviceConfig = { + Type = "simple"; + User = "arrtrix"; + Group = "arrtrix"; + + StateDirectory = baseNameOf dataDir; + WorkingDirectory = dataDir; + + ExecStart = '' + ${lib.getExe cfg.package} --config='${settingsFile}' --registration='${registrationFile}' + ''; + + Restart = "on-failure"; + RestartSec = "30s"; + + NoNewPrivileges = true; + PrivateTmp = true; + ProtectHome = true; + ProtectSystem = "strict"; + ProtectClock = true; + ProtectControlGroups = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = ["@system-service"]; + UMask = "0027"; + }; + }; + }; +} diff --git a/packages/arrtrix/cmd/arrtrix/main.go b/packages/arrtrix/cmd/arrtrix/main.go new file mode 100644 index 0000000..7958a39 --- /dev/null +++ b/packages/arrtrix/cmd/arrtrix/main.go @@ -0,0 +1,26 @@ +package main + +import ( + "maunium.net/go/mautrix/bridgev2/matrix/mxmain" + + "sneeuwvlok/packages/arrtrix/pkg/connector" +) + +var ( + Tag = "unknown" + Commit = "unknown" + BuildTime = "unknown" +) + +var m = mxmain.BridgeMain{ + Name: "arrtrix", + URL: "https://github.com/chris-kruining/sneeuwvlok", + Description: "An Arr-focused Matrix appservice bridge.", + Version: "0.1.0", + Connector: &connector.ArrtrixConnector{}, +} + +func main() { + m.InitVersion(Tag, Commit, BuildTime) + m.Run() +} diff --git a/packages/arrtrix/default.nix b/packages/arrtrix/default.nix new file mode 100644 index 0000000..81950f9 --- /dev/null +++ b/packages/arrtrix/default.nix @@ -0,0 +1,33 @@ +{ + buildGoModule, + lib, + olm, + versionCheckHook, +}: +buildGoModule rec { + pname = "arrtrix"; + version = "0.1.0"; + tag = "v0.1.0"; + + src = lib.cleanSource ./.; + + vendorHash = "sha256-FbatoXcxZcnqVUmoj/jeSMFO/iTmD8uga47MoTdGcRw="; + subPackages = ["cmd/arrtrix"]; + + buildInputs = [olm]; + + ldflags = [ + "-X main.Tag=${tag}" + ]; + + doInstallCheck = true; + nativeInstallCheckInputs = [versionCheckHook]; + + meta = { + description = "*arr-stack Matrix bridge"; + homepage = "https://github.com/chris-kruining/sneeuwvlok"; + license = lib.licenses.mit; + maintainers = []; + mainProgram = "arrtrix"; + }; +} diff --git a/packages/arrtrix/go.mod b/packages/arrtrix/go.mod new file mode 100644 index 0000000..eed27b5 --- /dev/null +++ b/packages/arrtrix/go.mod @@ -0,0 +1,43 @@ +module sneeuwvlok/packages/arrtrix + +go 1.25.0 + +require ( + go.mau.fi/util v0.9.7 + maunium.net/go/mautrix v0.26.4 +) + +require ( + github.com/kr/pretty v0.3.1 // indirect + github.com/rogpeppe/go-internal v1.10.0 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect +) + +require ( + filippo.io/edwards25519 v1.2.0 // indirect + github.com/coder/websocket v1.8.14 // indirect + github.com/coreos/go-systemd/v22 v22.6.0 // indirect + github.com/lib/pq v1.11.2 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-sqlite3 v1.14.34 // indirect + github.com/petermattis/goid v0.0.0-20260226131333-17d1149c6ac6 // indirect + github.com/rs/xid v1.6.0 // indirect + github.com/rs/zerolog v1.34.0 // indirect + github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect + github.com/tidwall/gjson v1.18.0 // indirect + github.com/tidwall/match v1.2.0 // indirect + github.com/tidwall/pretty v1.2.1 // indirect + github.com/tidwall/sjson v1.2.5 // indirect + github.com/yuin/goldmark v1.7.16 // indirect + go.mau.fi/zeroconfig v0.2.0 // indirect + golang.org/x/crypto v0.49.0 // indirect + golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 // indirect + golang.org/x/net v0.52.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/sys v0.42.0 // indirect + golang.org/x/text v0.35.0 // indirect + gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + maunium.net/go/mauflag v1.0.0 // indirect +) diff --git a/packages/arrtrix/go.sum b/packages/arrtrix/go.sum new file mode 100644 index 0000000..d8e9404 --- /dev/null +++ b/packages/arrtrix/go.sum @@ -0,0 +1,91 @@ +filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo= +filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc= +github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= +github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= +github.com/coder/websocket v1.8.14 h1:9L0p0iKiNOibykf283eHkKUHHrpG7f65OE3BhhO7v9g= +github.com/coder/websocket v1.8.14/go.mod h1:NX3SzP+inril6yawo5CQXx8+fk145lPDC6pumgx0mVg= +github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5zn0bCJWo= +github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lib/pq v1.11.2 h1:x6gxUeu39V0BHZiugWe8LXZYZ+Utk7hSJGThs8sdzfs= +github.com/lib/pq v1.11.2/go.mod h1:/p+8NSbOcwzAEI7wiMXFlgydTwcgTr3OSKMsD2BitpA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-sqlite3 v1.14.34 h1:3NtcvcUnFBPsuRcno8pUtupspG/GM+9nZ88zgJcp6Zk= +github.com/mattn/go-sqlite3 v1.14.34/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/petermattis/goid v0.0.0-20260226131333-17d1149c6ac6 h1:rh2lKw/P/EqHa724vYH2+VVQ1YnW4u6EOXl0PMAovZE= +github.com/petermattis/goid v0.0.0-20260226131333-17d1149c6ac6/go.mod h1:pxMtw7cyUw6B2bRH0ZBANSPg+AoSud1I1iyJHI69jH4= +github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU= +github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= +github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY= +github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ= +github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0= +github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= +github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/match v1.2.0 h1:0pt8FlkOwjN2fPt4bIl4BoNxb98gGHN2ObFEDkrfZnM= +github.com/tidwall/match v1.2.0/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= +github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= +github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= +github.com/yuin/goldmark v1.7.16 h1:n+CJdUxaFMiDUNnWC3dMWCIQJSkxH4uz3ZwQBkAlVNE= +github.com/yuin/goldmark v1.7.16/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg= +go.mau.fi/util v0.9.7 h1:AWGNbJfz1zRcQOKeOEYhKUG2fT+/26Gy6kyqcH8tnBg= +go.mau.fi/util v0.9.7/go.mod h1:5T2f3ZWZFAGgmFwg3dGw7YK6kIsb9lryDzvynoR98pE= +go.mau.fi/zeroconfig v0.2.0 h1:e/OGEERqVRRKlgaro7E6bh8xXiKFSXB3eNNIud7FUjU= +go.mau.fi/zeroconfig v0.2.0/go.mod h1:J0Vn0prHNOm493oZoQ84kq83ZaNCYZnq+noI1b1eN8w= +golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= +golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= +golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 h1:jiDhWWeC7jfWqR9c/uplMOqJ0sbNlNWv0UkzE0vX1MA= +golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90/go.mod h1:xE1HEv6b+1SCZ5/uscMRjUBKtIxworgEcEi+/n9NQDQ= +golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= +golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= +golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= +golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= +gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +maunium.net/go/mauflag v1.0.0 h1:YiaRc0tEI3toYtJMRIfjP+jklH45uDHtT80nUamyD4M= +maunium.net/go/mauflag v1.0.0/go.mod h1:nLivPOpTpHnpzEh8jEdSL9UqO9+/KBJFmNRlwKfkPeA= +maunium.net/go/mautrix v0.26.4 h1:enHSnkf0L2V9+VnfJfNhKSReSW6pBKS/x3Su+v+Vovs= +maunium.net/go/mautrix v0.26.4/go.mod h1:YWw8NWTszsbyFAznboicBObwHPgTSLcuTbVX2kY7U2M= diff --git a/packages/arrtrix/pkg/connector/config.go b/packages/arrtrix/pkg/connector/config.go new file mode 100644 index 0000000..98a0916 --- /dev/null +++ b/packages/arrtrix/pkg/connector/config.go @@ -0,0 +1,18 @@ +package connector + +import ( + _ "embed" + + up "go.mau.fi/util/configupgrade" +) + +//go:embed example-config.yaml +var ExampleConfig string + +type Config struct{} + +func upgradeConfig(helper up.Helper) {} + +func (s *ArrtrixConnector) GetConfig() (string, any, up.Upgrader) { + return ExampleConfig, &s.Config, up.SimpleUpgrader(upgradeConfig) +} diff --git a/packages/arrtrix/pkg/connector/connector.go b/packages/arrtrix/pkg/connector/connector.go new file mode 100644 index 0000000..e90ed46 --- /dev/null +++ b/packages/arrtrix/pkg/connector/connector.go @@ -0,0 +1,107 @@ +package connector + +import ( + "context" + "fmt" + + "maunium.net/go/mautrix/bridgev2" + "maunium.net/go/mautrix/bridgev2/database" + "maunium.net/go/mautrix/bridgev2/networkid" + "maunium.net/go/mautrix/event" + "maunium.net/go/mautrix/id" +) + +type ArrtrixConnector struct { + Bridge *bridgev2.Bridge + Config Config +} + +var _ bridgev2.NetworkConnector = (*ArrtrixConnector)(nil) + +func (s *ArrtrixConnector) GetName() bridgev2.BridgeName { + return bridgev2.BridgeName{ + DisplayName: "Arrtrix", + NetworkURL: "https://wiki.servarr.com/", + NetworkID: "arrtrix", + BeeperBridgeType: "arrtrix", + DefaultPort: 29329, + DefaultCommandPrefix: "!arr", + } +} + +func (s *ArrtrixConnector) Init(bridge *bridgev2.Bridge) { + s.Bridge = bridge +} + +func (s *ArrtrixConnector) Start(context.Context) error { + return nil +} + +func (s *ArrtrixConnector) GetDBMetaTypes() database.MetaTypes { + return database.MetaTypes{} +} + +func (s *ArrtrixConnector) GetCapabilities() *bridgev2.NetworkGeneralCapabilities { + return &bridgev2.NetworkGeneralCapabilities{} +} + +func (s *ArrtrixConnector) LoadUserLogin(_ context.Context, login *bridgev2.UserLogin) error { + login.Client = &ArrtrixClient{ + Main: s, + UserLogin: login, + } + return nil +} + +func (s *ArrtrixConnector) GetLoginFlows() []bridgev2.LoginFlow { + return nil +} + +func (s *ArrtrixConnector) CreateLogin(_ context.Context, _ *bridgev2.User, flowID string) (bridgev2.LoginProcess, error) { + return nil, fmt.Errorf("login flow %q is not implemented", flowID) +} + +func (s *ArrtrixConnector) GetBridgeInfoVersion() (info, capabilities int) { + return 1, 1 +} + +type ArrtrixClient struct { + Main *ArrtrixConnector + UserLogin *bridgev2.UserLogin +} + +var _ bridgev2.NetworkAPI = (*ArrtrixClient)(nil) + +func (c *ArrtrixClient) Connect(context.Context) {} + +func (c *ArrtrixClient) Disconnect() {} + +func (c *ArrtrixClient) IsLoggedIn() bool { + return false +} + +func (c *ArrtrixClient) LogoutRemote(context.Context) {} + +func (c *ArrtrixClient) IsThisUser(context.Context, networkid.UserID) bool { + return false +} + +func (c *ArrtrixClient) GetChatInfo(context.Context, *bridgev2.Portal) (*bridgev2.ChatInfo, error) { + return &bridgev2.ChatInfo{}, nil +} + +func (c *ArrtrixClient) GetUserInfo(context.Context, *bridgev2.Ghost) (*bridgev2.UserInfo, error) { + return &bridgev2.UserInfo{}, nil +} + +func (c *ArrtrixClient) GetCapabilities(context.Context, *bridgev2.Portal) *event.RoomFeatures { + return &event.RoomFeatures{} +} + +func (c *ArrtrixClient) HandleMatrixMessage(context.Context, *bridgev2.MatrixMessage) (*bridgev2.MatrixMessageResponse, error) { + return nil, fmt.Errorf("bridging Matrix messages is not implemented") +} + +func (c *ArrtrixClient) GenerateTransactionID(userID id.UserID, roomID id.RoomID, eventType event.Type) networkid.RawTransactionID { + return networkid.RawTransactionID("") +} diff --git a/packages/arrtrix/pkg/connector/example-config.yaml b/packages/arrtrix/pkg/connector/example-config.yaml new file mode 100644 index 0000000..63a205e --- /dev/null +++ b/packages/arrtrix/pkg/connector/example-config.yaml @@ -0,0 +1,7 @@ +# No network-specific config is required yet. +# +# Future Arr-specific runtime options, such as webhook handling, can be added +# here without changing the shared mautrix bridge CLI/runtime shape. +# +# The CLI-provided config file is still fully used by the bridge runtime for +# all shared sections like bridge, database, homeserver, and appservice. diff --git a/script/synapse/shared_secret b/script/synapse/shared_secret new file mode 100644 index 0000000..85fc69f --- /dev/null +++ b/script/synapse/shared_secret @@ -0,0 +1,3 @@ +#!/bin/bash + +pwgen -s 128 1 From eeedb5268a0122d3f1ad26d57f9518e99446a5f9 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 16 Apr 2026 08:08:55 +0200 Subject: [PATCH 50/58] Remove Vaultwarden package definition --- packages/vaultwarden/default.nix | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 packages/vaultwarden/default.nix diff --git a/packages/vaultwarden/default.nix b/packages/vaultwarden/default.nix deleted file mode 100644 index 243288b..0000000 --- a/packages/vaultwarden/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ lib, stdenv, rustPlatform, fetchFromGitHub, openssl, pkg-config, postgresql, dbBackend ? "postgresql", ... }: -rustPlatform.buildRustPackage rec { - pname = "vaultwarden"; - version = "1.34.3"; - - src = fetchFromGitHub { - owner = "Timshel"; - repo = "vaultwarden"; - rev = "1.34.3"; - hash = "sha256-Dj0ySVRvBZ/57+UHas3VI8bi/0JBRqn0IW1Dq+405J0="; - }; - - cargoHash = "sha256-4sDagd2XGamBz1XvDj4ycRVJ0F+4iwHOPlj/RglNDqE="; - - # used for "Server Installed" version in admin panel - env.VW_VERSION = version; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = - [ openssl ] - ++ lib.optional (dbBackend == "postgresql") postgresql; - - buildFeatures = dbBackend; - - meta = with lib; { - license = licenses.agpl3Only; - mainProgram = "vaultwarden"; - }; -} \ No newline at end of file From fe627f3aab7143dd36e2e39caf68f2e917e875c4 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 16 Apr 2026 09:06:57 +0200 Subject: [PATCH 51/58] Add Arrtrix runtime, config, onboarding, and webhook support - Implement runtime package for bridge startup, config loading, and env overrides - Add onboarding package for management room welcome messages - Add matrixcmd package for command processing and help - Add webhook package with Radarr webhook support and validation - Extend connector config for webhooks and validation - Update default config and example config for new options - Add tests for new packages and config validation - Change database type default to sqlite3-fk-wal --- .../nixos/temp/services/arrtrix/default.nix | 31 +- packages/arrtrix/cmd/arrtrix/main.go | 5 +- packages/arrtrix/pkg/config/config.go | 61 +++ packages/arrtrix/pkg/config/config_test.go | 122 +++++ packages/arrtrix/pkg/connector/config.go | 37 +- packages/arrtrix/pkg/connector/config_test.go | 23 + packages/arrtrix/pkg/connector/connector.go | 2 + .../arrtrix/pkg/connector/example-config.yaml | 15 +- packages/arrtrix/pkg/matrixcmd/help.go | 60 +++ packages/arrtrix/pkg/matrixcmd/help_test.go | 42 ++ packages/arrtrix/pkg/matrixcmd/processor.go | 204 +++++++++ packages/arrtrix/pkg/onboarding/welcome.go | 137 ++++++ .../arrtrix/pkg/onboarding/welcome_test.go | 56 +++ packages/arrtrix/pkg/runtime/envconfig.go | 206 +++++++++ packages/arrtrix/pkg/runtime/example.go | 69 +++ packages/arrtrix/pkg/runtime/main.go | 418 ++++++++++++++++++ packages/arrtrix/pkg/runtime/main_test.go | 30 ++ packages/arrtrix/pkg/webhook/radarr.go | 241 ++++++++++ packages/arrtrix/pkg/webhook/radarr_test.go | 131 ++++++ 19 files changed, 1855 insertions(+), 35 deletions(-) create mode 100644 packages/arrtrix/pkg/config/config.go create mode 100644 packages/arrtrix/pkg/config/config_test.go create mode 100644 packages/arrtrix/pkg/connector/config_test.go create mode 100644 packages/arrtrix/pkg/matrixcmd/help.go create mode 100644 packages/arrtrix/pkg/matrixcmd/help_test.go create mode 100644 packages/arrtrix/pkg/matrixcmd/processor.go create mode 100644 packages/arrtrix/pkg/onboarding/welcome.go create mode 100644 packages/arrtrix/pkg/onboarding/welcome_test.go create mode 100644 packages/arrtrix/pkg/runtime/envconfig.go create mode 100644 packages/arrtrix/pkg/runtime/example.go create mode 100644 packages/arrtrix/pkg/runtime/main.go create mode 100644 packages/arrtrix/pkg/runtime/main_test.go create mode 100644 packages/arrtrix/pkg/webhook/radarr.go create mode 100644 packages/arrtrix/pkg/webhook/radarr_test.go diff --git a/modules/nixos/temp/services/arrtrix/default.nix b/modules/nixos/temp/services/arrtrix/default.nix index dfd7b32..67ff0b9 100644 --- a/modules/nixos/temp/services/arrtrix/default.nix +++ b/modules/nixos/temp/services/arrtrix/default.nix @@ -15,13 +15,18 @@ settingsFormat = pkgs.formats.json {}; defaultConfig = { + network.webhooks.radarr = { + enabled = false; + path = "/_arrtrix/webhooks/radarr"; + secret = ""; + }; bridge = { command_prefix = "!arr"; relay.enabled = true; permissions."*" = "relay"; }; database = { - type = "sqlite3"; + type = "sqlite3-fk-wal"; uri = "file:${dataDir}/arrtrix.db?_txlock=immediate"; }; homeserver = { @@ -40,17 +45,6 @@ hs_token = ""; username_template = "arrtrix_{{.}}"; }; - double_puppet = { - servers = {}; - secrets = {}; - }; - # By default, the following keys/secrets are set to `generate`. This would break when the service - # is restarted, since the previously generated configuration will be overwritten everytime. - # If encryption is enabled, it's recommended to set those keys via `environmentFile`. - encryption.pickle_key = ""; - provisioning.shared_secret = ""; - public_media.signing_key = ""; - direct_media.server_key = ""; logging = { min_level = "info"; writers = lib.singleton { @@ -145,19 +139,6 @@ in { ${lib.getExe cfg.package} --generate-registration --config='${settingsFile}' --registration='${registrationFile}' fi chmod 640 ${registrationFile} - - # 1. Overwrite registration tokens in config - # 2. If environment variable MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET - # is set, set it as the login shared secret value for the configured - # homeserver domain. - umask 0177 - ${lib.getExe pkgs.yq} -s '.[0].appservice.as_token = .[1].as_token - | .[0].appservice.hs_token = .[1].hs_token - | .[0] - | if env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET then .double_puppet.secrets.[.homeserver.domain] = env.MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET else . end' \ - '${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp' - mv '${settingsFile}.tmp' '${settingsFile}' - umask $old_umask ''; serviceConfig = { diff --git a/packages/arrtrix/cmd/arrtrix/main.go b/packages/arrtrix/cmd/arrtrix/main.go index 7958a39..3fa476f 100644 --- a/packages/arrtrix/cmd/arrtrix/main.go +++ b/packages/arrtrix/cmd/arrtrix/main.go @@ -1,9 +1,8 @@ package main import ( - "maunium.net/go/mautrix/bridgev2/matrix/mxmain" - "sneeuwvlok/packages/arrtrix/pkg/connector" + "sneeuwvlok/packages/arrtrix/pkg/runtime" ) var ( @@ -12,7 +11,7 @@ var ( BuildTime = "unknown" ) -var m = mxmain.BridgeMain{ +var m = runtime.Main{ Name: "arrtrix", URL: "https://github.com/chris-kruining/sneeuwvlok", Description: "An Arr-focused Matrix appservice bridge.", diff --git a/packages/arrtrix/pkg/config/config.go b/packages/arrtrix/pkg/config/config.go new file mode 100644 index 0000000..c3b11b8 --- /dev/null +++ b/packages/arrtrix/pkg/config/config.go @@ -0,0 +1,61 @@ +package config + +import ( + "go.mau.fi/util/dbutil" + "go.mau.fi/zeroconfig" + "gopkg.in/yaml.v3" + + "maunium.net/go/mautrix/bridgev2/bridgeconfig" +) + +type Config struct { + Network yaml.Node `yaml:"network"` + + Bridge bridgeconfig.BridgeConfig `yaml:"bridge"` + Database dbutil.Config `yaml:"database"` + Homeserver bridgeconfig.HomeserverConfig `yaml:"homeserver"` + AppService bridgeconfig.AppserviceConfig `yaml:"appservice"` + Logging zeroconfig.Config `yaml:"logging"` + + EnvConfigPrefix string `yaml:"env_config_prefix"` + ManagementTexts bridgeconfig.ManagementRoomTexts `yaml:"management_room_texts"` +} + +func Load(data []byte) (*Config, error) { + var cfg Config + if err := yaml.Unmarshal(data, &cfg); err != nil { + return nil, err + } + cfg.applyDefaults() + return &cfg, nil +} + +func (c *Config) applyDefaults() { + if c.Homeserver.Software == "" { + c.Homeserver.Software = bridgeconfig.SoftwareStandard + } +} + +func (c *Config) Compile() bridgeconfig.Config { + return bridgeconfig.Config{ + Network: c.Network, + Bridge: c.Bridge, + Database: c.Database, + Homeserver: c.Homeserver, + AppService: c.AppService, + Logging: c.Logging, + EnvConfigPrefix: c.EnvConfigPrefix, + ManagementRoomTexts: c.ManagementTexts, + Matrix: bridgeconfig.MatrixConfig{ + MessageStatusEvents: false, + DeliveryReceipts: false, + MessageErrorNotices: true, + SyncDirectChatList: false, + FederateRooms: true, + }, + DoublePuppet: bridgeconfig.DoublePuppetConfig{ + Servers: map[string]string{}, + Secrets: map[string]string{}, + }, + } +} diff --git a/packages/arrtrix/pkg/config/config_test.go b/packages/arrtrix/pkg/config/config_test.go new file mode 100644 index 0000000..dc08292 --- /dev/null +++ b/packages/arrtrix/pkg/config/config_test.go @@ -0,0 +1,122 @@ +package config + +import ( + "testing" + + "maunium.net/go/mautrix/bridgev2/bridgeconfig" +) + +func TestLoadDefaultsHomeserverSoftware(t *testing.T) { + cfg, err := Load([]byte(` +bridge: + command_prefix: "!arr" +homeserver: + address: http://127.0.0.1:8008 + domain: test.local +appservice: + id: arrtrix + bot: + username: arrtrixbot + displayname: Arrtrix Bot + username_template: arrtrix_{{.}} +database: + type: sqlite3-fk-wal + uri: file:arrtrix.db?_txlock=immediate +logging: + min_level: info + writers: + - type: stdout + format: pretty-colored +`)) + if err != nil { + t.Fatalf("Load returned error: %v", err) + } + + if cfg.Homeserver.Software != bridgeconfig.SoftwareStandard { + t.Fatalf("expected homeserver software default %q, got %q", bridgeconfig.SoftwareStandard, cfg.Homeserver.Software) + } +} + +func TestCompileSetsInternalDefaultsForHiddenSections(t *testing.T) { + cfg, err := Load([]byte(` +bridge: + command_prefix: "!arr" + permissions: + "*": relay +homeserver: + address: http://127.0.0.1:8008 + domain: test.local +appservice: + id: arrtrix + bot: + username: arrtrixbot + displayname: Arrtrix Bot + username_template: arrtrix_{{.}} +database: + type: sqlite3-fk-wal + uri: file:arrtrix.db?_txlock=immediate +logging: + min_level: info + writers: + - type: stdout + format: pretty-colored +`)) + if err != nil { + t.Fatalf("Load returned error: %v", err) + } + + runtimeCfg := cfg.Compile() + if !runtimeCfg.Matrix.MessageErrorNotices { + t.Fatalf("expected message error notices to stay enabled") + } + if !runtimeCfg.Matrix.FederateRooms { + t.Fatalf("expected federated rooms to stay enabled") + } + if runtimeCfg.DoublePuppet.Servers == nil || runtimeCfg.DoublePuppet.Secrets == nil { + t.Fatalf("expected hidden double puppet maps to be initialized") + } +} + +func TestLoadIgnoresLegacyHiddenSections(t *testing.T) { + cfg, err := Load([]byte(` +bridge: + command_prefix: "!arr" +homeserver: + address: http://127.0.0.1:8008 + domain: test.local +appservice: + id: arrtrix + bot: + username: arrtrixbot + displayname: Arrtrix Bot + username_template: arrtrix_{{.}} +database: + type: sqlite3-fk-wal + uri: file:arrtrix.db?_txlock=immediate +logging: + min_level: info + writers: + - type: stdout + format: pretty-colored +matrix: + federate_rooms: false +provisioning: + shared_secret: ignored +double_puppet: + secrets: + test.local: secret +encryption: + allow: true +`)) + if err != nil { + t.Fatalf("Load returned error: %v", err) + } + + runtimeCfg := cfg.Compile() + if !runtimeCfg.Matrix.FederateRooms { + t.Fatalf("expected runtime defaults to win for hidden legacy sections") + } + if len(runtimeCfg.DoublePuppet.Secrets) != 0 { + t.Fatalf("expected hidden double puppet secrets to stay internal-only") + } +} diff --git a/packages/arrtrix/pkg/connector/config.go b/packages/arrtrix/pkg/connector/config.go index 98a0916..3702cee 100644 --- a/packages/arrtrix/pkg/connector/config.go +++ b/packages/arrtrix/pkg/connector/config.go @@ -2,17 +2,52 @@ package connector import ( _ "embed" + "fmt" + "net/http" up "go.mau.fi/util/configupgrade" + "maunium.net/go/mautrix/bridgev2" + + "sneeuwvlok/packages/arrtrix/pkg/webhook" ) //go:embed example-config.yaml var ExampleConfig string -type Config struct{} +type Config struct { + Webhooks WebhooksConfig `yaml:"webhooks"` +} + +type WebhooksConfig struct { + Radarr webhook.RadarrConfig `yaml:"radarr"` +} + +func (c *Config) applyDefaults() { + c.Webhooks.Radarr.ApplyDefaults() +} + +func (c *Config) Validate() error { + return c.Webhooks.Radarr.Validate() +} func upgradeConfig(helper up.Helper) {} func (s *ArrtrixConnector) GetConfig() (string, any, up.Upgrader) { + s.Config.applyDefaults() return ExampleConfig, &s.Config, up.SimpleUpgrader(upgradeConfig) } + +func (s *ArrtrixConnector) ValidateConfig() error { + s.Config.applyDefaults() + return s.Config.Validate() +} + +func (s *ArrtrixConnector) MountRoutes(router *http.ServeMux) error { + s.Config.applyDefaults() + if s.Bridge == nil { + return fmt.Errorf("bridge is not initialized") + } + return webhook.MountRadarr(router, s.Bridge, s.Config.Webhooks.Radarr) +} + +var _ bridgev2.ConfigValidatingNetwork = (*ArrtrixConnector)(nil) diff --git a/packages/arrtrix/pkg/connector/config_test.go b/packages/arrtrix/pkg/connector/config_test.go new file mode 100644 index 0000000..5199308 --- /dev/null +++ b/packages/arrtrix/pkg/connector/config_test.go @@ -0,0 +1,23 @@ +package connector + +import "testing" + +func TestConfigDefaultsApplyRadarrWebhookPath(t *testing.T) { + var cfg Config + + cfg.applyDefaults() + + if cfg.Webhooks.Radarr.Path == "" { + t.Fatal("expected radarr webhook path default to be set") + } +} + +func TestConfigValidateRejectsEnabledWebhookWithoutSecret(t *testing.T) { + cfg := Config{} + cfg.Webhooks.Radarr.Enabled = true + cfg.applyDefaults() + + if err := cfg.Validate(); err == nil { + t.Fatal("expected missing secret to fail validation") + } +} diff --git a/packages/arrtrix/pkg/connector/connector.go b/packages/arrtrix/pkg/connector/connector.go index e90ed46..121e94c 100644 --- a/packages/arrtrix/pkg/connector/connector.go +++ b/packages/arrtrix/pkg/connector/connector.go @@ -3,6 +3,7 @@ package connector import ( "context" "fmt" + "net/http" "maunium.net/go/mautrix/bridgev2" "maunium.net/go/mautrix/bridgev2/database" @@ -17,6 +18,7 @@ type ArrtrixConnector struct { } var _ bridgev2.NetworkConnector = (*ArrtrixConnector)(nil) +var _ interface{ MountRoutes(*http.ServeMux) error } = (*ArrtrixConnector)(nil) func (s *ArrtrixConnector) GetName() bridgev2.BridgeName { return bridgev2.BridgeName{ diff --git a/packages/arrtrix/pkg/connector/example-config.yaml b/packages/arrtrix/pkg/connector/example-config.yaml index 63a205e..5fa52c6 100644 --- a/packages/arrtrix/pkg/connector/example-config.yaml +++ b/packages/arrtrix/pkg/connector/example-config.yaml @@ -1,7 +1,10 @@ -# No network-specific config is required yet. +# Arrtrix-specific runtime options. # -# Future Arr-specific runtime options, such as webhook handling, can be added -# here without changing the shared mautrix bridge CLI/runtime shape. -# -# The CLI-provided config file is still fully used by the bridge runtime for -# all shared sections like bridge, database, homeserver, and appservice. +webhooks: + radarr: + enabled: false + path: /_arrtrix/webhooks/radarr + secret: "" + # The first implementation delivers notifications to the only configured + # management room. If more than one management room exists, the webhook is + # rejected until routing is configured more explicitly. diff --git a/packages/arrtrix/pkg/matrixcmd/help.go b/packages/arrtrix/pkg/matrixcmd/help.go new file mode 100644 index 0000000..7da0d84 --- /dev/null +++ b/packages/arrtrix/pkg/matrixcmd/help.go @@ -0,0 +1,60 @@ +package matrixcmd + +import ( + "fmt" + "sort" + "strings" +) + +func NewHelpHandler(proc *Processor) Handler { + return NewHandler(Meta{ + Name: "help", + Description: "Show this help message.", + }, func(ctx *Context) { + ctx.Reply(formatHelp(proc, ctx)) + }) +} + +func formatHelp(proc *Processor, ctx *Context) string { + var builder strings.Builder + + switch { + case ctx.RoomID == ctx.User.ManagementRoom: + builder.WriteString(fmt.Sprintf("This is your management room: prefixing commands with `%s` is not required.\n", ctx.Bridge.Config.CommandPrefix)) + case ctx.Portal != nil: + builder.WriteString(fmt.Sprintf("**This is a portal room**: you must always prefix commands with `%s`. Management commands will not be bridged.\n", ctx.Bridge.Config.CommandPrefix)) + default: + builder.WriteString(fmt.Sprintf("This is not your management room: prefixing commands with `%s` is required.\n", ctx.Bridge.Config.CommandPrefix)) + } + + builder.WriteString("Parameters in [square brackets] are optional, while parameters in are required.\n\n") + builder.WriteString("#### General\n") + + handlers := proc.Handlers() + sort.SliceStable(handlers, func(i, j int) bool { + return handlers[i].Meta().Name < handlers[j].Meta().Name + }) + for _, handler := range handlers { + meta := handler.Meta() + builder.WriteString("**") + builder.WriteString(meta.Name) + builder.WriteString("**") + if meta.Usage != "" { + builder.WriteByte(' ') + builder.WriteString(meta.Usage) + } + if meta.Description != "" { + builder.WriteString(" - ") + builder.WriteString(meta.Description) + } + builder.WriteByte('\n') + } + + if extra := strings.TrimSpace(ctx.Processor.texts.AdditionalHelp); extra != "" { + builder.WriteByte('\n') + builder.WriteString(extra) + builder.WriteByte('\n') + } + + return builder.String() +} diff --git a/packages/arrtrix/pkg/matrixcmd/help_test.go b/packages/arrtrix/pkg/matrixcmd/help_test.go new file mode 100644 index 0000000..b5b325b --- /dev/null +++ b/packages/arrtrix/pkg/matrixcmd/help_test.go @@ -0,0 +1,42 @@ +package matrixcmd + +import ( + "strings" + "testing" + + "maunium.net/go/mautrix/bridgev2" + "maunium.net/go/mautrix/bridgev2/bridgeconfig" + "maunium.net/go/mautrix/bridgev2/database" + "maunium.net/go/mautrix/id" +) + +func TestFormatHelpManagementRoom(t *testing.T) { + roomID := id.RoomID("!arrtrix:test") + proc := &Processor{ + texts: bridgeconfig.ManagementRoomTexts{AdditionalHelp: "Extra help text."}, + command: make(map[string]Handler), + alias: make(map[string]string), + } + proc.Add(NewHelpHandler(proc)) + + out := formatHelp(proc, &Context{ + Bridge: &bridgev2.Bridge{ + Config: &bridgeconfig.BridgeConfig{ + CommandPrefix: "!arr", + }, + }, + RoomID: roomID, + User: &bridgev2.User{User: &database.User{ManagementRoom: roomID}}, + Processor: proc, + }) + + for _, fragment := range []string{ + "prefixing commands with `!arr` is not required", + "**help** - Show this help message.", + "Extra help text.", + } { + if !strings.Contains(out, fragment) { + t.Fatalf("expected help output to contain %q, got:\n%s", fragment, out) + } + } +} diff --git a/packages/arrtrix/pkg/matrixcmd/processor.go b/packages/arrtrix/pkg/matrixcmd/processor.go new file mode 100644 index 0000000..1dabfd6 --- /dev/null +++ b/packages/arrtrix/pkg/matrixcmd/processor.go @@ -0,0 +1,204 @@ +package matrixcmd + +import ( + "context" + "fmt" + "runtime/debug" + "sort" + "strings" + + "github.com/rs/zerolog" + + "maunium.net/go/mautrix/bridgev2" + "maunium.net/go/mautrix/bridgev2/bridgeconfig" + "maunium.net/go/mautrix/bridgev2/status" + "maunium.net/go/mautrix/event" + "maunium.net/go/mautrix/format" + "maunium.net/go/mautrix/id" +) + +type Handler interface { + Meta() Meta + Run(*Context) +} + +type Meta struct { + Name string + Description string + Usage string + Aliases []string +} + +type HandlerFunc struct { + meta Meta + run func(*Context) +} + +func NewHandler(meta Meta, run func(*Context)) Handler { + return HandlerFunc{meta: meta, run: run} +} + +func (h HandlerFunc) Meta() Meta { + return h.meta +} + +func (h HandlerFunc) Run(ctx *Context) { + h.run(ctx) +} + +type Processor struct { + bridge *bridgev2.Bridge + bot bridgev2.MatrixAPI + texts bridgeconfig.ManagementRoomTexts + command map[string]Handler + alias map[string]string + order []string +} + +type Context struct { + Bridge *bridgev2.Bridge + Bot bridgev2.MatrixAPI + RoomID id.RoomID + OrigRoomID id.RoomID + EventID id.EventID + ReplyTo id.EventID + User *bridgev2.User + Portal *bridgev2.Portal + Command string + Args []string + RawArgs string + Ctx context.Context + Log *zerolog.Logger + Processor *Processor +} + +var _ bridgev2.CommandProcessor = (*Processor)(nil) + +func NewProcessor(bridge *bridgev2.Bridge, texts bridgeconfig.ManagementRoomTexts) *Processor { + proc := &Processor{ + bridge: bridge, + bot: bridge.Bot, + texts: texts, + command: make(map[string]Handler), + alias: make(map[string]string), + } + proc.Add(NewHelpHandler(proc)) + return proc +} + +func (p *Processor) Add(handler Handler) { + meta := handler.Meta() + p.command[meta.Name] = handler + p.order = append(p.order, meta.Name) + for _, alias := range meta.Aliases { + p.alias[alias] = meta.Name + } +} + +func (p *Processor) Handlers() []Handler { + names := append([]string(nil), p.order...) + sort.Strings(names) + + handlers := make([]Handler, 0, len(names)) + for _, name := range names { + handler, ok := p.command[name] + if ok { + handlers = append(handlers, handler) + } + } + return handlers +} + +func (p *Processor) Handle(ctx context.Context, roomID id.RoomID, eventID id.EventID, user *bridgev2.User, message string, replyTo id.EventID) { + ms := &bridgev2.MessageStatus{ + Step: status.MsgStepCommand, + Status: event.MessageStatusSuccess, + } + + logCopy := zerolog.Ctx(ctx).With().Logger() + log := &logCopy + + defer func() { + statusInfo := &bridgev2.MessageStatusEventInfo{ + RoomID: roomID, + SourceEventID: eventID, + EventType: event.EventMessage, + Sender: user.MXID, + } + + if recovered := recover(); recovered != nil { + logEvt := log.Error().Bytes(zerolog.ErrorStackFieldName, debug.Stack()) + if err, ok := recovered.(error); ok { + logEvt = logEvt.Err(err) + ms.InternalError = err + } else { + logEvt = logEvt.Any(zerolog.ErrorFieldName, recovered) + ms.InternalError = fmt.Errorf("%v", recovered) + } + logEvt.Msg("Panic in arrtrix Matrix command handler") + ms.Status = event.MessageStatusFail + ms.IsCertain = true + ms.ErrorAsMessage = true + } + + p.bridge.Matrix.SendMessageStatus(ctx, ms, statusInfo) + }() + + args := strings.Fields(message) + if len(args) == 0 { + args = []string{"unknown-command"} + } + + commandName := strings.ToLower(args[0]) + if actual, ok := p.alias[commandName]; ok { + commandName = actual + } + + portal, err := p.bridge.GetPortalByMXID(ctx, roomID) + if err != nil { + log.Err(err).Msg("Failed to get portal") + } + + commandCtx := &Context{ + Bridge: p.bridge, + Bot: p.bot, + RoomID: roomID, + OrigRoomID: roomID, + EventID: eventID, + ReplyTo: replyTo, + User: user, + Portal: portal, + Command: commandName, + Args: args[1:], + RawArgs: strings.TrimSpace(strings.TrimPrefix(message, args[0])), + Ctx: ctx, + Log: log, + Processor: p, + } + + handler, ok := p.command[commandName] + if !ok { + log.Debug().Str("mx_command", commandName).Msg("Received unknown Matrix room command") + commandCtx.Reply("Unknown command, use the `help` command for help.") + return + } + + log.UpdateContext(func(c zerolog.Context) zerolog.Context { + return c.Str("mx_command", commandName) + }) + log.Debug().Msg("Received Matrix room command") + handler.Run(commandCtx) +} + +func (c *Context) Reply(message string, args ...any) { + message = strings.ReplaceAll(message, "$cmdprefix ", c.Bridge.Config.CommandPrefix+" ") + if len(args) > 0 { + message = fmt.Sprintf(message, args...) + } + + content := format.RenderMarkdown(message, true, false) + content.MsgType = event.MsgNotice + if _, err := c.Bot.SendMessage(c.Ctx, c.OrigRoomID, event.EventMessage, &event.Content{Parsed: &content}, nil); err != nil { + c.Log.Err(err).Msg("Failed to reply to Matrix room command") + } +} diff --git a/packages/arrtrix/pkg/onboarding/welcome.go b/packages/arrtrix/pkg/onboarding/welcome.go new file mode 100644 index 0000000..14860c1 --- /dev/null +++ b/packages/arrtrix/pkg/onboarding/welcome.go @@ -0,0 +1,137 @@ +package onboarding + +import ( + "context" + "fmt" + "strings" + + "github.com/rs/zerolog" + + "maunium.net/go/mautrix/bridgev2" + "maunium.net/go/mautrix/bridgev2/bridgeconfig" + "maunium.net/go/mautrix/event" + "maunium.net/go/mautrix/format" + "maunium.net/go/mautrix/id" +) + +const handledInviteEventType = "com.arrtrix.handled_invite" + +func HandleBotInvite(ctx context.Context, bridge *bridgev2.Bridge, texts bridgeconfig.ManagementRoomTexts, evt *event.Event) { + if evt.Type != event.StateMember || + evt.GetStateKey() != bridge.Bot.GetMXID().String() || + evt.Content.AsMember().Membership != event.MembershipInvite { + return + } + + log := zerolog.Ctx(ctx) + sender, err := bridge.GetUserByMXID(ctx, evt.Sender) + if err != nil { + log.Err(err).Msg("Failed to load sender for bot invite") + return + } + if !sender.Permissions.Commands { + return + } + + if err = bridge.Bot.EnsureJoined(ctx, evt.RoomID); err != nil { + log.Err(err).Msg("Failed to accept invite to room") + return + } + + members, err := bridge.Matrix.GetMembers(ctx, evt.RoomID) + if err != nil { + log.Err(err).Msg("Failed to get members of room after accepting invite") + return + } + if len(members) != 2 { + return + } + + assignedManagementRoom := sender.ManagementRoom == "" + if assignedManagementRoom { + sender.ManagementRoom = evt.RoomID + if err = sender.Save(ctx); err != nil { + log.Err(err).Msg("Failed to update user's management room in database") + return + } + } + + message := buildWelcomeMessage(bridge, texts, sender, assignedManagementRoom) + content := format.RenderMarkdown(message, true, false) + if _, err = bridge.Bot.SendMessage(ctx, evt.RoomID, event.EventMessage, &event.Content{Parsed: &content}, nil); err != nil { + log.Err(err).Msg("Failed to send welcome message to room") + return + } + + evt.Type = event.Type{Type: handledInviteEventType} +} + +func buildWelcomeMessage(bridge *bridgev2.Bridge, texts bridgeconfig.ManagementRoomTexts, sender *bridgev2.User, assignedManagementRoom bool) string { + return composeWelcomeMessage( + bridge.Network.GetName().DisplayName, + bridge.Config.CommandPrefix, + bridge.Bot.GetMXID(), + texts, + sender.GetDefaultLogin() != nil, + assignedManagementRoom, + ) +} + +func composeWelcomeMessage( + bridgeName string, + commandPrefix string, + botMXID id.UserID, + texts bridgeconfig.ManagementRoomTexts, + connected bool, + assignedManagementRoom bool, +) string { + replacer := strings.NewReplacer( + "$cmdprefix", commandPrefix, + "$bridge", bridgeName, + "$bot", string(botMXID), + ) + + var parts []string + + base := strings.TrimSpace(texts.Welcome) + if base == "" { + base = fmt.Sprintf("Hello, I'm the %s bot.", bridgeName) + } + parts = append(parts, replacer.Replace(base)) + + if assignedManagementRoom { + parts = append(parts, "This room has been marked as your management room.") + } else { + parts = append(parts, fmt.Sprintf("Use `%s help` to see available commands in this room.", commandPrefix)) + } + + if connected { + connected := strings.TrimSpace(texts.WelcomeConnected) + if connected == "" { + connected = "You're connected. Use `help` to see the commands available right now." + } + parts = append(parts, replacer.Replace(connected)) + } else { + unconnected := strings.TrimSpace(texts.WelcomeUnconnected) + if unconnected == "" { + unconnected = "Use `help` to see the commands available right now." + } + parts = append(parts, replacer.Replace(unconnected)) + } + + if extra := strings.TrimSpace(texts.AdditionalHelp); extra != "" { + parts = append(parts, replacer.Replace(extra)) + } + + return strings.Join(parts, "\n\n") +} + +func IsHandledInviteEvent(evt *event.Event) bool { + return evt.Type.Type == handledInviteEventType +} + +func IsBotInviteFor(roomBot id.UserID, evt *event.Event) bool { + return evt.Type == event.StateMember && + evt.GetStateKey() == roomBot.String() && + evt.Content.AsMember().Membership == event.MembershipInvite +} diff --git a/packages/arrtrix/pkg/onboarding/welcome_test.go b/packages/arrtrix/pkg/onboarding/welcome_test.go new file mode 100644 index 0000000..de6f42a --- /dev/null +++ b/packages/arrtrix/pkg/onboarding/welcome_test.go @@ -0,0 +1,56 @@ +package onboarding + +import ( + "strings" + "testing" + + "maunium.net/go/mautrix/bridgev2/bridgeconfig" + "maunium.net/go/mautrix/id" +) + +func TestComposeWelcomeMessageDefaults(t *testing.T) { + out := composeWelcomeMessage( + "Arrtrix", + "!arr", + id.UserID("@arrtrixbot:test"), + bridgeconfig.ManagementRoomTexts{}, + false, + true, + ) + + for _, fragment := range []string{ + "Hello, I'm the Arrtrix bot.", + "This room has been marked as your management room.", + "Use `help` to see the commands available right now.", + } { + if !strings.Contains(out, fragment) { + t.Fatalf("expected welcome output to contain %q, got:\n%s", fragment, out) + } + } +} + +func TestComposeWelcomeMessageTemplateValues(t *testing.T) { + out := composeWelcomeMessage( + "Arrtrix", + "!arr", + id.UserID("@arrtrixbot:test"), + bridgeconfig.ManagementRoomTexts{ + Welcome: "Welcome to $bridge.", + WelcomeConnected: "Talk to $bot with $cmdprefix help.", + AdditionalHelp: "Custom footer for $bridge.", + }, + true, + false, + ) + + for _, fragment := range []string{ + "Welcome to Arrtrix.", + "Use `!arr help` to see available commands in this room.", + "Talk to @arrtrixbot:test with !arr help.", + "Custom footer for Arrtrix.", + } { + if !strings.Contains(out, fragment) { + t.Fatalf("expected templated welcome output to contain %q, got:\n%s", fragment, out) + } + } +} diff --git a/packages/arrtrix/pkg/runtime/envconfig.go b/packages/arrtrix/pkg/runtime/envconfig.go new file mode 100644 index 0000000..f8ffd13 --- /dev/null +++ b/packages/arrtrix/pkg/runtime/envconfig.go @@ -0,0 +1,206 @@ +package runtime + +import ( + "fmt" + "os" + "reflect" + "strconv" + "strings" +) + +const fileEnvPrefix = "READFILE:" + +func updateConfigFromEnv(cfg, networkData any, prefix string) error { + if prefix == "" { + return nil + } + + cfgVal := reflect.ValueOf(cfg) + networkVal := reflect.ValueOf(networkData) + + for _, env := range os.Environ() { + if !strings.HasPrefix(env, prefix) { + continue + } + + keyValue := strings.SplitN(env, "=", 2) + if len(keyValue) != 2 { + continue + } + + key := strings.TrimPrefix(keyValue[0], prefix) + value := keyValue[1] + if strings.HasSuffix(key, "_FILE") { + key = strings.TrimSuffix(key, "_FILE") + value = fileEnvPrefix + value + } + + key = strings.ToLower(key) + if !strings.ContainsRune(key, '.') { + key = strings.ReplaceAll(key, "__", ".") + } + + path := strings.Split(key, ".") + field, ok := reflectGetFromMainOrNetwork(cfgVal, networkVal, path) + if !ok { + return fmt.Errorf("%s not found", formatKey(path)) + } + + if strings.HasPrefix(value, fileEnvPrefix) { + filePath := strings.TrimPrefix(value, fileEnvPrefix) + fileData, err := os.ReadFile(filePath) + if err != nil { + return fmt.Errorf("failed to read file %s for %s: %w", filePath, formatKey(path), err) + } + value = strings.TrimSpace(string(fileData)) + } + + if err := setReflectedValue(field, path, value); err != nil { + return err + } + } + + return nil +} + +type reflectedField struct { + value reflect.Value + valueKind reflect.Kind + remainingPath []string +} + +func formatKey(path []string) string { + return strings.Join(path, "->") +} + +func reflectGetFromMainOrNetwork(main, network reflect.Value, path []string) (*reflectedField, bool) { + if len(path) > 0 && path[0] == "network" { + return reflectGetYAML(network, path[1:]) + } + return reflectGetYAML(main, path) +} + +func reflectGetYAML(value reflect.Value, path []string) (*reflectedField, bool) { + if len(path) == 0 { + return &reflectedField{value: value, valueKind: value.Kind()}, true + } + if value.Kind() == reflect.Ptr { + value = value.Elem() + } + + switch value.Kind() { + case reflect.Map: + return &reflectedField{ + value: value, + valueKind: value.Type().Elem().Kind(), + remainingPath: path, + }, true + case reflect.Struct: + fields := reflect.VisibleFields(value.Type()) + for _, field := range fields { + if yamlFieldName(field) != path[0] { + continue + } + return reflectGetYAML(value.FieldByIndex(field.Index), path[1:]) + } + } + + return nil, false +} + +func yamlFieldName(field reflect.StructField) string { + parts := strings.SplitN(field.Tag.Get("yaml"), ",", 2) + switch name := parts[0]; { + case name == "-" && len(parts) == 1: + return "" + case name == "": + return strings.ToLower(field.Name) + default: + return name + } +} + +func setReflectedValue(field *reflectedField, path []string, raw string) error { + parsed, err := parseValue(field.valueKind, raw, path) + if err != nil { + return err + } + + value := field.value + if value.Kind() == reflect.Ptr { + if value.IsNil() { + value.Set(reflect.New(value.Type().Elem())) + } + value = value.Elem() + } + + if value.Kind() == reflect.Map { + if value.Type().Key().Kind() != reflect.String { + return fmt.Errorf("unsupported map key type %s in %s", value.Type().Key().Kind(), formatKey(path)) + } + key := strings.Join(field.remainingPath, ".") + value.SetMapIndex(reflect.ValueOf(key), reflect.ValueOf(parsed)) + return nil + } + + value.Set(reflect.ValueOf(parsed)) + return nil +} + +func parseValue(kind reflect.Kind, raw string, path []string) (any, error) { + switch kind { + case reflect.String: + return raw, nil + case reflect.Bool: + parsed, err := strconv.ParseBool(raw) + if err != nil { + return nil, fmt.Errorf("invalid value for %s: %w", formatKey(path), err) + } + return parsed, nil + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + parsed, err := strconv.ParseInt(raw, 10, 64) + if err != nil { + return nil, fmt.Errorf("invalid value for %s: %w", formatKey(path), err) + } + switch kind { + case reflect.Int8: + return int8(parsed), nil + case reflect.Int16: + return int16(parsed), nil + case reflect.Int32: + return int32(parsed), nil + case reflect.Int64: + return parsed, nil + default: + return int(parsed), nil + } + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + parsed, err := strconv.ParseUint(raw, 10, 64) + if err != nil { + return nil, fmt.Errorf("invalid value for %s: %w", formatKey(path), err) + } + switch kind { + case reflect.Uint8: + return uint8(parsed), nil + case reflect.Uint16: + return uint16(parsed), nil + case reflect.Uint32: + return uint32(parsed), nil + case reflect.Uint64: + return parsed, nil + default: + return uint(parsed), nil + } + case reflect.Float32, reflect.Float64: + parsed, err := strconv.ParseFloat(raw, 64) + if err != nil { + return nil, fmt.Errorf("invalid value for %s: %w", formatKey(path), err) + } + if kind == reflect.Float32 { + return float32(parsed), nil + } + return parsed, nil + default: + return nil, fmt.Errorf("unsupported type %s in %s", kind, formatKey(path)) + } +} diff --git a/packages/arrtrix/pkg/runtime/example.go b/packages/arrtrix/pkg/runtime/example.go new file mode 100644 index 0000000..1cba7b6 --- /dev/null +++ b/packages/arrtrix/pkg/runtime/example.go @@ -0,0 +1,69 @@ +package runtime + +import ( + "fmt" + "strings" + + "maunium.net/go/mautrix/bridgev2" +) + +func makeExampleConfig(networkName bridgev2.BridgeName, networkExample string) string { + var builder strings.Builder + + builder.WriteString("# Network-specific config options\n") + builder.WriteString("network:\n") + for _, line := range strings.Split(strings.TrimRight(networkExample, "\n"), "\n") { + if line == "" { + builder.WriteString(" \n") + continue + } + builder.WriteString(" ") + builder.WriteString(line) + builder.WriteByte('\n') + } + builder.WriteByte('\n') + + builder.WriteString(fmt.Sprintf(`bridge: + command_prefix: "%s" + permissions: + "*": relay + "@admin:example.com": admin + +database: + type: sqlite3-fk-wal + uri: file:arrtrix.db?_txlock=immediate + +homeserver: + address: http://example.localhost:8008 + domain: example.com + software: standard + +appservice: + address: http://localhost:%d + hostname: 127.0.0.1 + port: %d + id: %s + bot: + username: %s + displayname: %s + as_token: This value is generated when generating the registration + hs_token: This value is generated when generating the registration + username_template: %s_{{.}} + +logging: + min_level: info + writers: + - type: stdout + format: pretty-colored + +management_room_texts: + welcome: "" + welcome_connected: "" + welcome_unconnected: "" + additional_help: "" + +env_config_prefix: "" +`, networkName.DefaultCommandPrefix, networkName.DefaultPort, networkName.DefaultPort, networkName.NetworkID, "arrtrixbot", "Arrtrix Bot", networkName.NetworkID)) + + return builder.String() +} diff --git a/packages/arrtrix/pkg/runtime/main.go b/packages/arrtrix/pkg/runtime/main.go new file mode 100644 index 0000000..42e1495 --- /dev/null +++ b/packages/arrtrix/pkg/runtime/main.go @@ -0,0 +1,418 @@ +package runtime + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "net/http" + "os" + "os/signal" + "runtime" + "strings" + "syscall" + "time" + + "github.com/rs/zerolog" + "go.mau.fi/util/dbutil" + "go.mau.fi/util/exerrors" + "go.mau.fi/util/exzerolog" + "go.mau.fi/util/progver" + "gopkg.in/yaml.v3" + flag "maunium.net/go/mauflag" + "maunium.net/go/mautrix/appservice" + + "maunium.net/go/mautrix" + "maunium.net/go/mautrix/bridgev2" + "maunium.net/go/mautrix/bridgev2/bridgeconfig" + "maunium.net/go/mautrix/bridgev2/commands" + "maunium.net/go/mautrix/bridgev2/matrix" + "maunium.net/go/mautrix/event" + + arrconfig "sneeuwvlok/packages/arrtrix/pkg/config" + "sneeuwvlok/packages/arrtrix/pkg/matrixcmd" + "sneeuwvlok/packages/arrtrix/pkg/onboarding" +) + +var configPath = flag.MakeFull("c", "config", "The path to your config file.", "config.yaml").String() +var writeExampleConfig = flag.MakeFull("e", "generate-example-config", "Save the example config to the config path and quit.", "false").Bool() +var dontSaveConfig = flag.MakeFull("n", "no-update", "Don't save updated config to disk.", "false").Bool() +var registrationPath = flag.MakeFull("r", "registration", "The path where to save the appservice registration.", "registration.yaml").String() +var generateRegistration = flag.MakeFull("g", "generate-registration", "Generate registration and quit.", "false").Bool() +var version = flag.MakeFull("v", "version", "View bridge version and quit.", "false").Bool() +var versionJSON = flag.Make().LongKey("version-json").Usage("Print a JSON object representing the bridge version and quit.").Default("false").Bool() +var ignoreUnsupportedDatabase = flag.Make().LongKey("ignore-unsupported-database").Usage("Run even if the database schema is too new").Default("false").Bool() +var ignoreForeignTables = flag.Make().LongKey("ignore-foreign-tables").Usage("Run even if the database contains tables from other programs (like Synapse)").Default("false").Bool() +var ignoreUnsupportedServer = flag.Make().LongKey("ignore-unsupported-server").Usage("Run even if the Matrix homeserver is outdated").Default("false").Bool() +var wantHelp, _ = flag.MakeHelpFlag() + +type Main struct { + Name string + Description string + URL string + Version string + + Connector bridgev2.NetworkConnector + PostInit func() + PostStart func() + + Log *zerolog.Logger + DB *dbutil.Database + PublicConfig *arrconfig.Config + Config *bridgeconfig.Config + Matrix *matrix.Connector + Bridge *bridgev2.Bridge + + ConfigPath string + RegistrationPath string + SaveConfig bool + + ver progver.ProgramVersion + manualStop chan int +} + +type versionJSONOutput struct { + progver.ProgramVersion + + OS string + Arch string + + Mautrix struct { + Version string + Commit string + } +} + +type routeMounter interface { + MountRoutes(*http.ServeMux) error +} + +func (m *Main) Run() { + m.PreInit() + m.Init() + m.Start() + exitCode := m.WaitForInterrupt() + m.Stop() + os.Exit(exitCode) +} + +func (m *Main) PreInit() { + m.manualStop = make(chan int, 1) + flag.SetHelpTitles( + fmt.Sprintf("%s - %s", m.Name, m.Description), + fmt.Sprintf("%s [-hgvn] [-c ] [-r ]", m.Name), + ) + + err := flag.Parse() + m.ConfigPath = *configPath + m.RegistrationPath = *registrationPath + m.SaveConfig = !*dontSaveConfig + if err != nil { + _, _ = fmt.Fprintln(os.Stderr, err) + flag.PrintHelp() + os.Exit(1) + } + + switch { + case *wantHelp: + flag.PrintHelp() + os.Exit(0) + case *version: + fmt.Println(m.ver.VersionDescription) + os.Exit(0) + case *versionJSON: + output := versionJSONOutput{ + ProgramVersion: m.ver, + OS: runtime.GOOS, + Arch: runtime.GOARCH, + } + output.Mautrix.Version = mautrix.Version + output.Mautrix.Commit = mautrix.Commit + _ = json.NewEncoder(os.Stdout).Encode(output) + os.Exit(0) + case *writeExampleConfig: + m.writeExampleConfig() + os.Exit(0) + } + + m.LoadConfig() + if *generateRegistration { + m.GenerateRegistration() + os.Exit(0) + } +} + +func (m *Main) writeExampleConfig() { + if *configPath != "-" { + if _, err := os.Stat(*configPath); !errors.Is(err, os.ErrNotExist) { + _, _ = fmt.Fprintln(os.Stderr, *configPath, "already exists, please remove it if you want to generate a new example") + os.Exit(1) + } + } + + networkExample, _, _ := m.Connector.GetConfig() + example := makeExampleConfig(m.Connector.GetName(), networkExample) + if *configPath == "-" { + fmt.Print(example) + return + } + + exerrors.PanicIfNotNil(os.WriteFile(*configPath, []byte(example), 0o600)) + fmt.Println("Wrote example config to", *configPath) +} + +func (m *Main) GenerateRegistration() { + if !m.SaveConfig { + _, _ = fmt.Fprintln(os.Stderr, "--no-update is not compatible with --generate-registration") + os.Exit(5) + } + if m.Config.Homeserver.Domain == "example.com" { + _, _ = fmt.Fprintln(os.Stderr, "Homeserver domain is not set") + os.Exit(20) + } + + registration := m.Config.GenerateRegistration() + if err := registration.Save(m.RegistrationPath); err != nil { + _, _ = fmt.Fprintln(os.Stderr, "Failed to save registration:", err) + os.Exit(21) + } + + if err := m.saveConfig(); err != nil { + _, _ = fmt.Fprintln(os.Stderr, "Failed to save config:", err) + os.Exit(22) + } + + fmt.Println("Registration generated. See https://docs.mau.fi/bridges/general/registering-appservices.html for instructions on installing the registration.") +} + +func (m *Main) LoadConfig() { + configData, err := os.ReadFile(m.ConfigPath) + if err != nil { + _, _ = fmt.Fprintln(os.Stderr, "Failed to read config:", err) + os.Exit(10) + } + + publicConfig, err := arrconfig.Load(configData) + if err != nil { + _, _ = fmt.Fprintln(os.Stderr, "Failed to parse config:", err) + os.Exit(10) + } + cfg := publicConfig.Compile() + if err = m.loadRegistrationTokens(&cfg); err != nil { + _, _ = fmt.Fprintln(os.Stderr, "Failed to parse registration:", err) + os.Exit(10) + } + + _, networkData, _ := m.Connector.GetConfig() + if networkData != nil { + if err = cfg.Network.Decode(networkData); err != nil { + _, _ = fmt.Fprintln(os.Stderr, "Failed to parse network config:", err) + os.Exit(10) + } + } + + cfg.Bridge.Backfill = cfg.Backfill + if err = updateConfigFromEnv(&cfg, networkData, cfg.EnvConfigPrefix); err != nil { + _, _ = fmt.Fprintln(os.Stderr, "Failed to parse environment variables:", err) + os.Exit(10) + } + + m.PublicConfig = publicConfig + m.Config = &cfg +} + +func (m *Main) loadRegistrationTokens(cfg *bridgeconfig.Config) error { + if m.RegistrationPath == "" { + return nil + } + + data, err := os.ReadFile(m.RegistrationPath) + if errors.Is(err, os.ErrNotExist) { + return nil + } else if err != nil { + return err + } + + var tokens struct { + AppToken string `yaml:"as_token"` + ServerToken string `yaml:"hs_token"` + } + if err = yaml.Unmarshal(data, &tokens); err != nil { + return err + } + + if tokens.AppToken != "" { + cfg.AppService.ASToken = tokens.AppToken + } + if tokens.ServerToken != "" { + cfg.AppService.HSToken = tokens.ServerToken + } + return nil +} + +func (m *Main) Init() { + var err error + m.Log, err = m.Config.Logging.Compile() + if err != nil { + _, _ = fmt.Fprintln(os.Stderr, "Failed to initialize logger:", err) + os.Exit(12) + } + exzerolog.SetupDefaults(m.Log) + + if err = m.validateConfig(); err != nil { + m.Log.WithLevel(zerolog.FatalLevel).Err(err).Msg("Configuration error") + m.Log.Info().Msg("See https://docs.mau.fi/faq/field-unconfigured for more info") + os.Exit(11) + } + + m.Log.Info(). + Str("name", m.Name). + Str("version", m.ver.FormattedVersion). + Time("built_at", m.ver.BuildTime). + Str("go_version", runtime.Version()). + Msg("Initializing bridge") + + m.initDB() + m.Matrix = matrix.NewConnector(m.Config) + m.Matrix.OnWebsocketReplaced = func() { + m.TriggerStop(0) + } + m.Matrix.IgnoreUnsupportedServer = *ignoreUnsupportedServer + m.Bridge = bridgev2.NewBridge("", m.DB, *m.Log, &m.Config.Bridge, m.Matrix, m.Connector, commands.NewProcessor) + m.Bridge.Commands = matrixcmd.NewProcessor(m.Bridge, m.Config.ManagementRoomTexts) + + if m.Matrix.EventProcessor != nil { + if m.Config.AppService.AsyncTransactions { + m.Matrix.EventProcessor.ExecMode = appservice.AsyncLoop + } else { + m.Matrix.EventProcessor.ExecMode = appservice.Sync + } + m.Matrix.EventProcessor.PrependHandler(event.StateMember, func(ctx context.Context, evt *event.Event) { + onboarding.HandleBotInvite(ctx, m.Bridge, m.Config.ManagementRoomTexts, evt) + }) + } + + m.Matrix.AS.DoublePuppetValue = m.Name + if mounter, ok := m.Connector.(routeMounter); ok { + if err = mounter.MountRoutes(m.Matrix.AS.Router); err != nil { + _, _ = fmt.Fprintln(os.Stderr, "Failed to mount HTTP routes:", err) + os.Exit(13) + } + } + + if m.PostInit != nil { + m.PostInit() + } +} + +func (m *Main) Start() { + ctx := m.Log.WithContext(context.Background()) + if err := m.Bridge.Start(ctx); err != nil { + m.Log.Fatal().Err(err).Msg("Failed to start bridge") + } + if m.PostStart != nil { + m.PostStart() + } +} + +func (m *Main) Stop() { + m.Bridge.StopWithTimeout(5 * time.Second) +} + +func (m *Main) WaitForInterrupt() int { + interrupts := make(chan os.Signal, 1) + signal.Notify(interrupts, os.Interrupt, syscall.SIGTERM) + select { + case <-interrupts: + m.Log.Info().Msg("Interrupt signal received from OS") + return 0 + case exitCode := <-m.manualStop: + m.Log.Info().Msg("Internal stop signal received") + return exitCode + } +} + +func (m *Main) TriggerStop(exitCode int) { + select { + case m.manualStop <- exitCode: + default: + } +} + +func (m *Main) InitVersion(tag, commit, rawBuildTime string) { + m.ver = progver.ProgramVersion{ + Name: m.Name, + URL: m.URL, + BaseVersion: m.Version, + }.Init(tag, commit, rawBuildTime) + mautrix.DefaultUserAgent = fmt.Sprintf("%s/%s %s", m.Name, m.ver.FormattedVersion, mautrix.DefaultUserAgent) + m.Version = m.ver.FormattedVersion +} + +func (m *Main) validateConfig() error { + switch { + case m.Config.Homeserver.Address == "http://example.localhost:8008": + return errors.New("homeserver.address not configured") + case m.Config.Homeserver.Domain == "example.com": + return errors.New("homeserver.domain not configured") + case !bridgeconfig.AllowedHomeserverSoftware[m.Config.Homeserver.Software]: + return errors.New("invalid value for homeserver.software (use `standard` if you don't know what the field is for)") + case m.Config.AppService.ASToken == "This value is generated when generating the registration": + return errors.New("appservice.as_token not configured. Did you forget to generate the registration?") + case m.Config.AppService.HSToken == "This value is generated when generating the registration": + return errors.New("appservice.hs_token not configured. Did you forget to generate the registration?") + case m.Config.Database.URI == "postgres://user:password@host/database?sslmode=disable": + return errors.New("database.uri not configured") + case !m.Config.Bridge.Permissions.IsConfigured(): + return errors.New("bridge.permissions not configured") + case !strings.Contains(m.Config.AppService.FormatUsername("1234567890"), "1234567890"): + return errors.New("username template is missing user ID placeholder") + default: + if validator, ok := m.Connector.(bridgev2.ConfigValidatingNetwork); ok { + return validator.ValidateConfig() + } + return nil + } +} + +func (m *Main) initDB() { + if m.Config.Database.Type == "sqlite3" { + m.Log.WithLevel(zerolog.FatalLevel).Msg("Invalid database type sqlite3. Use sqlite3-fk-wal instead.") + os.Exit(14) + } + if (m.Config.Database.Type == "sqlite3-fk-wal" || m.Config.Database.Type == "litestream") && + m.Config.Database.MaxOpenConns != 1 && + !strings.Contains(m.Config.Database.URI, "_txlock=immediate") { + var fixedURI string + switch { + case !strings.HasPrefix(m.Config.Database.URI, "file:"): + fixedURI = fmt.Sprintf("file:%s?_txlock=immediate", m.Config.Database.URI) + case !strings.ContainsRune(m.Config.Database.URI, '?'): + fixedURI = fmt.Sprintf("%s?_txlock=immediate", m.Config.Database.URI) + default: + fixedURI = fmt.Sprintf("%s&_txlock=immediate", m.Config.Database.URI) + } + m.Log.Warn().Str("fixed_uri_example", fixedURI).Msg("Using SQLite without _txlock=immediate is not recommended") + } + + var err error + m.DB, err = dbutil.NewFromConfig("megabridge/"+m.Name, m.Config.Database, dbutil.ZeroLogger(m.Log.With().Str("db_section", "main").Logger())) + if err != nil { + m.Log.WithLevel(zerolog.FatalLevel).Err(err).Msg("Failed to initialize database connection") + os.Exit(14) + } + m.DB.IgnoreUnsupportedDatabase = *ignoreUnsupportedDatabase + m.DB.IgnoreForeignTables = *ignoreForeignTables +} + +func (m *Main) saveConfig() error { + publicConfig := *m.PublicConfig + publicConfig.AppService.ASToken = m.Config.AppService.ASToken + publicConfig.AppService.HSToken = m.Config.AppService.HSToken + + configData, err := yaml.Marshal(&publicConfig) + if err != nil { + return err + } + return os.WriteFile(m.ConfigPath, configData, 0o600) +} diff --git a/packages/arrtrix/pkg/runtime/main_test.go b/packages/arrtrix/pkg/runtime/main_test.go new file mode 100644 index 0000000..f54201b --- /dev/null +++ b/packages/arrtrix/pkg/runtime/main_test.go @@ -0,0 +1,30 @@ +package runtime + +import ( + "os" + "path/filepath" + "testing" + + "maunium.net/go/mautrix/bridgev2/bridgeconfig" +) + +func TestLoadRegistrationTokens(t *testing.T) { + tempDir := t.TempDir() + registrationPath := filepath.Join(tempDir, "registration.yaml") + if err := os.WriteFile(registrationPath, []byte("as_token: app-token\nhs_token: hs-token\n"), 0o600); err != nil { + t.Fatalf("failed to write registration file: %v", err) + } + + cfg := &bridgeconfig.Config{} + main := &Main{RegistrationPath: registrationPath} + if err := main.loadRegistrationTokens(cfg); err != nil { + t.Fatalf("loadRegistrationTokens returned error: %v", err) + } + + if cfg.AppService.ASToken != "app-token" { + t.Fatalf("expected as token to be loaded, got %q", cfg.AppService.ASToken) + } + if cfg.AppService.HSToken != "hs-token" { + t.Fatalf("expected hs token to be loaded, got %q", cfg.AppService.HSToken) + } +} diff --git a/packages/arrtrix/pkg/webhook/radarr.go b/packages/arrtrix/pkg/webhook/radarr.go new file mode 100644 index 0000000..6f74342 --- /dev/null +++ b/packages/arrtrix/pkg/webhook/radarr.go @@ -0,0 +1,241 @@ +package webhook + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "net/http" + "strings" + + "maunium.net/go/mautrix/bridgev2" + "maunium.net/go/mautrix/event" + "maunium.net/go/mautrix/format" + "maunium.net/go/mautrix/id" +) + +const ( + defaultRadarrWebhookPath = "/_arrtrix/webhooks/radarr" + radarrSecretHeader = "X-Arrtrix-Webhook-Secret" +) + +var ( + ErrNoManagementRoom = errors.New("no management room configured") + ErrAmbiguousManagementRoom = errors.New("multiple management rooms configured") +) + +type RadarrConfig struct { + Enabled bool `yaml:"enabled"` + Path string `yaml:"path"` + Secret string `yaml:"secret"` +} + +type radarrPayload struct { + EventType string `json:"eventType"` + Movie *radarrMovie `json:"movie"` + MovieFile *radarrMovieFile `json:"movieFile"` + IsUpgrade bool `json:"isUpgrade"` +} + +type radarrMovie struct { + Title string `json:"title"` + Year int `json:"year"` + ImdbID string `json:"imdbId"` + TmdbID int `json:"tmdbId"` + Path string `json:"path"` +} + +type radarrMovieFile struct { + Quality string `json:"quality"` + RelativePath string `json:"relativePath"` + SceneName string `json:"sceneName"` + ReleaseGroup string `json:"releaseGroup"` +} + +type roomResolver interface { + ResolveManagementRoom(context.Context) (id.RoomID, error) +} + +type noticeSender interface { + SendNotice(context.Context, id.RoomID, string) error +} + +type RadarrHandler struct { + config RadarrConfig + resolver roomResolver + sender noticeSender +} + +func (c *RadarrConfig) ApplyDefaults() { + if c.Path == "" { + c.Path = defaultRadarrWebhookPath + } +} + +func (c *RadarrConfig) Validate() error { + c.ApplyDefaults() + if !c.Enabled { + return nil + } + if !strings.HasPrefix(c.Path, "/") { + return fmt.Errorf("network.webhooks.radarr.path must start with /") + } + if strings.TrimSpace(c.Secret) == "" { + return fmt.Errorf("network.webhooks.radarr.secret must be set when the webhook is enabled") + } + return nil +} + +func MountRadarr(router *http.ServeMux, bridge *bridgev2.Bridge, cfg RadarrConfig) error { + cfg.ApplyDefaults() + if !cfg.Enabled { + return nil + } + if err := cfg.Validate(); err != nil { + return err + } + + handler := &RadarrHandler{ + config: cfg, + resolver: bridgeRoomResolver{bridge: bridge}, + sender: bridgeNoticeSender{bridge: bridge}, + } + router.Handle(fmt.Sprintf("POST %s", cfg.Path), handler) + return nil +} + +func (h *RadarrHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { + if !authorized(r, h.config.Secret) { + http.Error(w, "invalid webhook secret", http.StatusUnauthorized) + return + } + + var payload radarrPayload + if err := json.NewDecoder(r.Body).Decode(&payload); err != nil { + http.Error(w, "invalid webhook payload", http.StatusBadRequest) + return + } + if strings.TrimSpace(payload.EventType) == "" { + http.Error(w, "missing eventType", http.StatusBadRequest) + return + } + + roomID, err := h.resolver.ResolveManagementRoom(r.Context()) + if err != nil { + status := http.StatusInternalServerError + if errors.Is(err, ErrNoManagementRoom) || errors.Is(err, ErrAmbiguousManagementRoom) { + status = http.StatusConflict + } + http.Error(w, err.Error(), status) + return + } + + if err = h.sender.SendNotice(r.Context(), roomID, renderRadarrNotice(payload)); err != nil { + http.Error(w, "failed to deliver webhook", http.StatusBadGateway) + return + } + + w.WriteHeader(http.StatusAccepted) +} + +type bridgeRoomResolver struct { + bridge *bridgev2.Bridge +} + +func (r bridgeRoomResolver) ResolveManagementRoom(ctx context.Context) (id.RoomID, error) { + rows, err := r.bridge.DB.Query(ctx, `SELECT mxid, management_room FROM "user" WHERE bridge_id=$1 AND management_room IS NOT NULL AND management_room <> ''`, r.bridge.ID) + if err != nil { + return "", fmt.Errorf("failed to query management rooms: %w", err) + } + defer rows.Close() + + var roomID id.RoomID + var owners []id.UserID + for rows.Next() { + var mxid, managementRoom string + if err = rows.Scan(&mxid, &managementRoom); err != nil { + return "", fmt.Errorf("failed to scan management room: %w", err) + } + owners = append(owners, id.UserID(mxid)) + if roomID == "" { + roomID = id.RoomID(managementRoom) + } + } + if err = rows.Err(); err != nil { + return "", fmt.Errorf("failed to iterate management rooms: %w", err) + } + switch len(owners) { + case 0: + return "", ErrNoManagementRoom + case 1: + return roomID, nil + default: + return "", fmt.Errorf("%w: %s", ErrAmbiguousManagementRoom, strings.Join(convertUserIDs(owners), ", ")) + } +} + +type bridgeNoticeSender struct { + bridge *bridgev2.Bridge +} + +func (s bridgeNoticeSender) SendNotice(ctx context.Context, roomID id.RoomID, markdown string) error { + if err := s.bridge.Bot.EnsureJoined(ctx, roomID); err != nil { + return err + } + content := format.RenderMarkdown(markdown, true, false) + _, err := s.bridge.Bot.SendMessage(ctx, roomID, event.EventMessage, &event.Content{Parsed: &content}, nil) + return err +} + +func authorized(r *http.Request, secret string) bool { + if secret == "" { + return true + } + if r.Header.Get(radarrSecretHeader) == secret { + return true + } + if bearer := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer "); bearer == secret && bearer != r.Header.Get("Authorization") { + return true + } + return r.URL.Query().Get("secret") == secret +} + +func renderRadarrNotice(payload radarrPayload) string { + title := "Radarr" + if payload.Movie != nil { + title = payload.Movie.Title + if payload.Movie.Year != 0 { + title = fmt.Sprintf("%s (%d)", title, payload.Movie.Year) + } + } + + lines := []string{fmt.Sprintf("**Radarr %s**", payload.EventType)} + if title != "Radarr" { + lines = append(lines, fmt.Sprintf("Movie: %s", title)) + } + if payload.MovieFile != nil && payload.MovieFile.Quality != "" { + lines = append(lines, fmt.Sprintf("Quality: %s", payload.MovieFile.Quality)) + } + if payload.MovieFile != nil && payload.MovieFile.RelativePath != "" { + lines = append(lines, fmt.Sprintf("File: `%s`", payload.MovieFile.RelativePath)) + } + if payload.EventType == "Download" { + lines = append(lines, fmt.Sprintf("Upgrade: %t", payload.IsUpgrade)) + } + if payload.Movie != nil && payload.Movie.ImdbID != "" { + lines = append(lines, fmt.Sprintf("IMDb: `%s`", payload.Movie.ImdbID)) + } + return strings.Join(lines, "\n") +} + +func convertUserIDs(users []id.UserID) []string { + out := make([]string, len(users)) + for i, user := range users { + out[i] = string(user) + } + return out +} + +var _ roomResolver = bridgeRoomResolver{} +var _ noticeSender = bridgeNoticeSender{} +var _ http.Handler = (*RadarrHandler)(nil) diff --git a/packages/arrtrix/pkg/webhook/radarr_test.go b/packages/arrtrix/pkg/webhook/radarr_test.go new file mode 100644 index 0000000..d4fc962 --- /dev/null +++ b/packages/arrtrix/pkg/webhook/radarr_test.go @@ -0,0 +1,131 @@ +package webhook + +import ( + "context" + "errors" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "maunium.net/go/mautrix/id" +) + +type stubRoomResolver struct { + roomID id.RoomID + err error +} + +func (s stubRoomResolver) ResolveManagementRoom(context.Context) (id.RoomID, error) { + return s.roomID, s.err +} + +type stubNoticeSender struct { + roomID id.RoomID + message string + err error +} + +func (s *stubNoticeSender) SendNotice(_ context.Context, roomID id.RoomID, message string) error { + s.roomID = roomID + s.message = message + return s.err +} + +func TestRadarrConfigDefaultsAndValidation(t *testing.T) { + cfg := RadarrConfig{Enabled: true, Secret: "secret"} + cfg.ApplyDefaults() + if cfg.Path != defaultRadarrWebhookPath { + t.Fatalf("expected default path %q, got %q", defaultRadarrWebhookPath, cfg.Path) + } + if err := cfg.Validate(); err != nil { + t.Fatalf("expected config to validate, got %v", err) + } +} + +func TestRadarrConfigRequiresSecretWhenEnabled(t *testing.T) { + cfg := RadarrConfig{Enabled: true} + if err := cfg.Validate(); err == nil { + t.Fatal("expected missing secret to fail validation") + } +} + +func TestRadarrHandlerRejectsUnauthorizedRequests(t *testing.T) { + handler := &RadarrHandler{ + config: RadarrConfig{Enabled: true, Secret: "secret"}, + resolver: stubRoomResolver{roomID: "!room:test"}, + sender: &stubNoticeSender{}, + } + + req := httptest.NewRequest(http.MethodPost, defaultRadarrWebhookPath, strings.NewReader(`{"eventType":"Test"}`)) + rec := httptest.NewRecorder() + handler.ServeHTTP(rec, req) + + if rec.Code != http.StatusUnauthorized { + t.Fatalf("expected unauthorized status, got %d", rec.Code) + } +} + +func TestRadarrHandlerDeliversNotice(t *testing.T) { + sender := &stubNoticeSender{} + handler := &RadarrHandler{ + config: RadarrConfig{Enabled: true, Secret: "secret"}, + resolver: stubRoomResolver{roomID: "!room:test"}, + sender: sender, + } + + req := httptest.NewRequest(http.MethodPost, defaultRadarrWebhookPath+"?secret=secret", strings.NewReader(`{"eventType":"Download","movie":{"title":"Dune","year":2021,"imdbId":"tt1160419"},"movieFile":{"quality":"1080p","relativePath":"Dune (2021)/Dune.mkv"},"isUpgrade":false}`)) + rec := httptest.NewRecorder() + handler.ServeHTTP(rec, req) + + if rec.Code != http.StatusAccepted { + t.Fatalf("expected accepted status, got %d", rec.Code) + } + if sender.roomID != "!room:test" { + t.Fatalf("expected notice sent to management room, got %q", sender.roomID) + } + if !strings.Contains(sender.message, "**Radarr Download**") || !strings.Contains(sender.message, "Dune (2021)") { + t.Fatalf("unexpected message: %s", sender.message) + } +} + +func TestRadarrHandlerReportsAmbiguousManagementRoom(t *testing.T) { + handler := &RadarrHandler{ + config: RadarrConfig{Enabled: true, Secret: "secret"}, + resolver: stubRoomResolver{err: ErrAmbiguousManagementRoom}, + sender: &stubNoticeSender{}, + } + + req := httptest.NewRequest(http.MethodPost, defaultRadarrWebhookPath, strings.NewReader(`{"eventType":"Test"}`)) + req.Header.Set(radarrSecretHeader, "secret") + rec := httptest.NewRecorder() + handler.ServeHTTP(rec, req) + + if rec.Code != http.StatusConflict { + t.Fatalf("expected conflict status, got %d", rec.Code) + } +} + +func TestRenderRadarrNoticeForTestEvent(t *testing.T) { + msg := renderRadarrNotice(radarrPayload{EventType: "Test"}) + if strings.TrimSpace(msg) != "**Radarr Test**" { + t.Fatalf("unexpected test-event message: %q", msg) + } +} + +func TestRadarrHandlerReturnsBadGatewayOnSendFailure(t *testing.T) { + handler := &RadarrHandler{ + config: RadarrConfig{Enabled: true, Secret: "secret"}, + resolver: stubRoomResolver{roomID: "!room:test"}, + sender: &stubNoticeSender{err: errors.New("send failed")}, + } + + req := httptest.NewRequest(http.MethodPost, defaultRadarrWebhookPath, strings.NewReader(`{"eventType":"Test"}`)) + req.Header.Set(radarrSecretHeader, "secret") + rec := httptest.NewRecorder() + handler.ServeHTTP(rec, req) + + if rec.Code != http.StatusBadGateway { + t.Fatalf("expected bad gateway status, got %d", rec.Code) + } +} From bbfe6867c8bf9a2452f611e1992d918b705bd2e3 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 16 Apr 2026 09:47:00 +0200 Subject: [PATCH 52/58] Refactor arrtrix webhook to use fixed path and remove legacy config - Switch arrtrix webhook to a fixed path: /_arrtrix/webhook - Remove Radarr-specific and secret-based config from arrtrix - Simplify connector and webhook handler logic - Update NixOS module to drop legacy webhook config - Add new tests for generic arrtrix webhook handler --- .editorconfig | 6 + .gitattributes | 5 +- .../services/communication/matrix/default.nix | 13 +- .../nixos/temp/services/arrtrix/default.nix | 5 - packages/arrtrix/pkg/config/config_test.go | 37 +++++ packages/arrtrix/pkg/connector/config.go | 23 +-- packages/arrtrix/pkg/connector/config_test.go | 23 --- .../arrtrix/pkg/connector/example-config.yaml | 12 +- .../arrtrix/pkg/webhook/{radarr.go => arr.go} | 127 +++++------------ packages/arrtrix/pkg/webhook/arr_test.go | 114 +++++++++++++++ packages/arrtrix/pkg/webhook/radarr_test.go | 131 ------------------ 11 files changed, 211 insertions(+), 285 deletions(-) create mode 100644 .editorconfig delete mode 100644 packages/arrtrix/pkg/connector/config_test.go rename packages/arrtrix/pkg/webhook/{radarr.go => arr.go} (53%) create mode 100644 packages/arrtrix/pkg/webhook/arr_test.go delete mode 100644 packages/arrtrix/pkg/webhook/radarr_test.go diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..e62b828 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,6 @@ +root = true + +[*] +end_of_line = lf +insert_final_newline = true +charset = utf-8 diff --git a/.gitattributes b/.gitattributes index 780e15a..6313b56 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,4 +1 @@ -* text=auto -core.autocrlf=false -core.eol=lf -core.filemode=false +* text=auto eol=lf diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index c9c11f1..607fa72 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -18,7 +18,7 @@ keyFile = "/var/lib/element-call/key"; mkMautrix = bridge: i: conf: { - ${bridge} = + ${bridge} = mkMerge [ { enable = true; registerToSynapse = true; @@ -43,7 +43,8 @@ }; }; } - // conf; + conf + ]; }; in { options.${namespace}.services.communication.matrix = { @@ -110,7 +111,13 @@ in { (mkMautrix "mautrix-signal" 1 {}) (mkMautrix "mautrix-telegram" 2 {}) (mkMautrix "mautrix-whatsapp" 3 {}) - (mkMautrix "arrtrix" 4 {}) + (mkMautrix "arrtrix" 4 { + settings.network.webhooks.radarr = { + enabled = true; + path = "/_arrtrix/webhooks/radarr"; + secret = ""; + }; + }) { matrix-synapse = { enable = true; diff --git a/modules/nixos/temp/services/arrtrix/default.nix b/modules/nixos/temp/services/arrtrix/default.nix index 67ff0b9..618de39 100644 --- a/modules/nixos/temp/services/arrtrix/default.nix +++ b/modules/nixos/temp/services/arrtrix/default.nix @@ -15,11 +15,6 @@ settingsFormat = pkgs.formats.json {}; defaultConfig = { - network.webhooks.radarr = { - enabled = false; - path = "/_arrtrix/webhooks/radarr"; - secret = ""; - }; bridge = { command_prefix = "!arr"; relay.enabled = true; diff --git a/packages/arrtrix/pkg/config/config_test.go b/packages/arrtrix/pkg/config/config_test.go index dc08292..84b09df 100644 --- a/packages/arrtrix/pkg/config/config_test.go +++ b/packages/arrtrix/pkg/config/config_test.go @@ -120,3 +120,40 @@ encryption: t.Fatalf("expected hidden double puppet secrets to stay internal-only") } } + +func TestLoadIgnoresLegacyWebhookSettings(t *testing.T) { + cfg, err := Load([]byte(` +network: + webhooks: + radarr: + enabled: true + path: /_arrtrix/webhooks/radarr + secret: legacy-secret +bridge: + command_prefix: "!arr" +homeserver: + address: http://127.0.0.1:8008 + domain: test.local +appservice: + id: arrtrix + bot: + username: arrtrixbot + displayname: Arrtrix Bot + username_template: arrtrix_{{.}} +database: + type: sqlite3-fk-wal + uri: file:arrtrix.db?_txlock=immediate +logging: + min_level: info + writers: + - type: stdout + format: pretty-colored +`)) + if err != nil { + t.Fatalf("Load returned error: %v", err) + } + + if cfg == nil { + t.Fatal("expected config to load") + } +} diff --git a/packages/arrtrix/pkg/connector/config.go b/packages/arrtrix/pkg/connector/config.go index 3702cee..2cdec34 100644 --- a/packages/arrtrix/pkg/connector/config.go +++ b/packages/arrtrix/pkg/connector/config.go @@ -14,40 +14,23 @@ import ( //go:embed example-config.yaml var ExampleConfig string -type Config struct { - Webhooks WebhooksConfig `yaml:"webhooks"` -} - -type WebhooksConfig struct { - Radarr webhook.RadarrConfig `yaml:"radarr"` -} - -func (c *Config) applyDefaults() { - c.Webhooks.Radarr.ApplyDefaults() -} - -func (c *Config) Validate() error { - return c.Webhooks.Radarr.Validate() -} +type Config struct{} func upgradeConfig(helper up.Helper) {} func (s *ArrtrixConnector) GetConfig() (string, any, up.Upgrader) { - s.Config.applyDefaults() return ExampleConfig, &s.Config, up.SimpleUpgrader(upgradeConfig) } func (s *ArrtrixConnector) ValidateConfig() error { - s.Config.applyDefaults() - return s.Config.Validate() + return nil } func (s *ArrtrixConnector) MountRoutes(router *http.ServeMux) error { - s.Config.applyDefaults() if s.Bridge == nil { return fmt.Errorf("bridge is not initialized") } - return webhook.MountRadarr(router, s.Bridge, s.Config.Webhooks.Radarr) + return webhook.MountArr(router, s.Bridge) } var _ bridgev2.ConfigValidatingNetwork = (*ArrtrixConnector)(nil) diff --git a/packages/arrtrix/pkg/connector/config_test.go b/packages/arrtrix/pkg/connector/config_test.go deleted file mode 100644 index 5199308..0000000 --- a/packages/arrtrix/pkg/connector/config_test.go +++ /dev/null @@ -1,23 +0,0 @@ -package connector - -import "testing" - -func TestConfigDefaultsApplyRadarrWebhookPath(t *testing.T) { - var cfg Config - - cfg.applyDefaults() - - if cfg.Webhooks.Radarr.Path == "" { - t.Fatal("expected radarr webhook path default to be set") - } -} - -func TestConfigValidateRejectsEnabledWebhookWithoutSecret(t *testing.T) { - cfg := Config{} - cfg.Webhooks.Radarr.Enabled = true - cfg.applyDefaults() - - if err := cfg.Validate(); err == nil { - t.Fatal("expected missing secret to fail validation") - } -} diff --git a/packages/arrtrix/pkg/connector/example-config.yaml b/packages/arrtrix/pkg/connector/example-config.yaml index 5fa52c6..9c11ddf 100644 --- a/packages/arrtrix/pkg/connector/example-config.yaml +++ b/packages/arrtrix/pkg/connector/example-config.yaml @@ -1,10 +1,4 @@ -# Arrtrix-specific runtime options. +# No network-specific config is required yet. # -webhooks: - radarr: - enabled: false - path: /_arrtrix/webhooks/radarr - secret: "" - # The first implementation delivers notifications to the only configured - # management room. If more than one management room exists, the webhook is - # rejected until routing is configured more explicitly. +# Arr-stack webhooks are exposed automatically on the fixed built-in path: +# POST /_arrtrix/webhook diff --git a/packages/arrtrix/pkg/webhook/radarr.go b/packages/arrtrix/pkg/webhook/arr.go similarity index 53% rename from packages/arrtrix/pkg/webhook/radarr.go rename to packages/arrtrix/pkg/webhook/arr.go index 6f74342..42e350c 100644 --- a/packages/arrtrix/pkg/webhook/radarr.go +++ b/packages/arrtrix/pkg/webhook/arr.go @@ -14,30 +14,21 @@ import ( "maunium.net/go/mautrix/id" ) -const ( - defaultRadarrWebhookPath = "/_arrtrix/webhooks/radarr" - radarrSecretHeader = "X-Arrtrix-Webhook-Secret" -) +const ArrWebhookPath = "/_arrtrix/webhook" var ( ErrNoManagementRoom = errors.New("no management room configured") ErrAmbiguousManagementRoom = errors.New("multiple management rooms configured") ) -type RadarrConfig struct { - Enabled bool `yaml:"enabled"` - Path string `yaml:"path"` - Secret string `yaml:"secret"` +type payload struct { + EventType string `json:"eventType"` + Movie *movie `json:"movie"` + MovieFile *movieFile `json:"movieFile"` + IsUpgrade bool `json:"isUpgrade"` } -type radarrPayload struct { - EventType string `json:"eventType"` - Movie *radarrMovie `json:"movie"` - MovieFile *radarrMovieFile `json:"movieFile"` - IsUpgrade bool `json:"isUpgrade"` -} - -type radarrMovie struct { +type movie struct { Title string `json:"title"` Year int `json:"year"` ImdbID string `json:"imdbId"` @@ -45,7 +36,7 @@ type radarrMovie struct { Path string `json:"path"` } -type radarrMovieFile struct { +type movieFile struct { Quality string `json:"quality"` RelativePath string `json:"relativePath"` SceneName string `json:"sceneName"` @@ -60,62 +51,30 @@ type noticeSender interface { SendNotice(context.Context, id.RoomID, string) error } -type RadarrHandler struct { - config RadarrConfig +type ArrHandler struct { resolver roomResolver sender noticeSender } -func (c *RadarrConfig) ApplyDefaults() { - if c.Path == "" { - c.Path = defaultRadarrWebhookPath +func MountArr(router *http.ServeMux, bridge *bridgev2.Bridge) error { + if bridge == nil { + return fmt.Errorf("bridge is not initialized") } -} - -func (c *RadarrConfig) Validate() error { - c.ApplyDefaults() - if !c.Enabled { - return nil - } - if !strings.HasPrefix(c.Path, "/") { - return fmt.Errorf("network.webhooks.radarr.path must start with /") - } - if strings.TrimSpace(c.Secret) == "" { - return fmt.Errorf("network.webhooks.radarr.secret must be set when the webhook is enabled") - } - return nil -} - -func MountRadarr(router *http.ServeMux, bridge *bridgev2.Bridge, cfg RadarrConfig) error { - cfg.ApplyDefaults() - if !cfg.Enabled { - return nil - } - if err := cfg.Validate(); err != nil { - return err - } - - handler := &RadarrHandler{ - config: cfg, + handler := &ArrHandler{ resolver: bridgeRoomResolver{bridge: bridge}, sender: bridgeNoticeSender{bridge: bridge}, } - router.Handle(fmt.Sprintf("POST %s", cfg.Path), handler) + router.Handle(fmt.Sprintf("POST %s", ArrWebhookPath), handler) return nil } -func (h *RadarrHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { - if !authorized(r, h.config.Secret) { - http.Error(w, "invalid webhook secret", http.StatusUnauthorized) - return - } - - var payload radarrPayload - if err := json.NewDecoder(r.Body).Decode(&payload); err != nil { +func (h *ArrHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { + var body payload + if err := json.NewDecoder(r.Body).Decode(&body); err != nil { http.Error(w, "invalid webhook payload", http.StatusBadRequest) return } - if strings.TrimSpace(payload.EventType) == "" { + if strings.TrimSpace(body.EventType) == "" { http.Error(w, "missing eventType", http.StatusBadRequest) return } @@ -130,7 +89,7 @@ func (h *RadarrHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } - if err = h.sender.SendNotice(r.Context(), roomID, renderRadarrNotice(payload)); err != nil { + if err = h.sender.SendNotice(r.Context(), roomID, renderNotice(body)); err != nil { http.Error(w, "failed to deliver webhook", http.StatusBadGateway) return } @@ -164,6 +123,7 @@ func (r bridgeRoomResolver) ResolveManagementRoom(ctx context.Context) (id.RoomI if err = rows.Err(); err != nil { return "", fmt.Errorf("failed to iterate management rooms: %w", err) } + switch len(owners) { case 0: return "", ErrNoManagementRoom @@ -187,43 +147,30 @@ func (s bridgeNoticeSender) SendNotice(ctx context.Context, roomID id.RoomID, ma return err } -func authorized(r *http.Request, secret string) bool { - if secret == "" { - return true - } - if r.Header.Get(radarrSecretHeader) == secret { - return true - } - if bearer := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer "); bearer == secret && bearer != r.Header.Get("Authorization") { - return true - } - return r.URL.Query().Get("secret") == secret -} - -func renderRadarrNotice(payload radarrPayload) string { - title := "Radarr" - if payload.Movie != nil { - title = payload.Movie.Title - if payload.Movie.Year != 0 { - title = fmt.Sprintf("%s (%d)", title, payload.Movie.Year) +func renderNotice(body payload) string { + title := "Arr" + if body.Movie != nil { + title = body.Movie.Title + if body.Movie.Year != 0 { + title = fmt.Sprintf("%s (%d)", title, body.Movie.Year) } } - lines := []string{fmt.Sprintf("**Radarr %s**", payload.EventType)} - if title != "Radarr" { + lines := []string{fmt.Sprintf("**Arr %s**", body.EventType)} + if title != "Arr" { lines = append(lines, fmt.Sprintf("Movie: %s", title)) } - if payload.MovieFile != nil && payload.MovieFile.Quality != "" { - lines = append(lines, fmt.Sprintf("Quality: %s", payload.MovieFile.Quality)) + if body.MovieFile != nil && body.MovieFile.Quality != "" { + lines = append(lines, fmt.Sprintf("Quality: %s", body.MovieFile.Quality)) } - if payload.MovieFile != nil && payload.MovieFile.RelativePath != "" { - lines = append(lines, fmt.Sprintf("File: `%s`", payload.MovieFile.RelativePath)) + if body.MovieFile != nil && body.MovieFile.RelativePath != "" { + lines = append(lines, fmt.Sprintf("File: `%s`", body.MovieFile.RelativePath)) } - if payload.EventType == "Download" { - lines = append(lines, fmt.Sprintf("Upgrade: %t", payload.IsUpgrade)) + if body.EventType == "Download" { + lines = append(lines, fmt.Sprintf("Upgrade: %t", body.IsUpgrade)) } - if payload.Movie != nil && payload.Movie.ImdbID != "" { - lines = append(lines, fmt.Sprintf("IMDb: `%s`", payload.Movie.ImdbID)) + if body.Movie != nil && body.Movie.ImdbID != "" { + lines = append(lines, fmt.Sprintf("IMDb: `%s`", body.Movie.ImdbID)) } return strings.Join(lines, "\n") } @@ -238,4 +185,4 @@ func convertUserIDs(users []id.UserID) []string { var _ roomResolver = bridgeRoomResolver{} var _ noticeSender = bridgeNoticeSender{} -var _ http.Handler = (*RadarrHandler)(nil) +var _ http.Handler = (*ArrHandler)(nil) diff --git a/packages/arrtrix/pkg/webhook/arr_test.go b/packages/arrtrix/pkg/webhook/arr_test.go new file mode 100644 index 0000000..b7ac511 --- /dev/null +++ b/packages/arrtrix/pkg/webhook/arr_test.go @@ -0,0 +1,114 @@ +package webhook + +import ( + "context" + "errors" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "maunium.net/go/mautrix/id" +) + +type stubRoomResolver struct { + roomID id.RoomID + err error +} + +func (s stubRoomResolver) ResolveManagementRoom(context.Context) (id.RoomID, error) { + return s.roomID, s.err +} + +type stubNoticeSender struct { + roomID id.RoomID + message string + err error +} + +func (s *stubNoticeSender) SendNotice(_ context.Context, roomID id.RoomID, message string) error { + s.roomID = roomID + s.message = message + return s.err +} + +func TestMountArrRequiresBridge(t *testing.T) { + router := http.NewServeMux() + if err := MountArr(router, nil); err == nil { + t.Fatal("expected nil bridge to fail") + } +} + +func TestArrHandlerDeliversNotice(t *testing.T) { + sender := &stubNoticeSender{} + handler := &ArrHandler{ + resolver: stubRoomResolver{roomID: "!room:test"}, + sender: sender, + } + + req := httptest.NewRequest(http.MethodPost, ArrWebhookPath, strings.NewReader(`{"eventType":"Download","movie":{"title":"Dune","year":2021,"imdbId":"tt1160419"},"movieFile":{"quality":"1080p","relativePath":"Dune (2021)/Dune.mkv"},"isUpgrade":false}`)) + rec := httptest.NewRecorder() + handler.ServeHTTP(rec, req) + + if rec.Code != http.StatusAccepted { + t.Fatalf("expected accepted status, got %d", rec.Code) + } + if sender.roomID != "!room:test" { + t.Fatalf("expected notice sent to management room, got %q", sender.roomID) + } + if !strings.Contains(sender.message, "**Arr Download**") || !strings.Contains(sender.message, "Dune (2021)") { + t.Fatalf("unexpected message: %s", sender.message) + } +} + +func TestArrHandlerReportsAmbiguousManagementRoom(t *testing.T) { + handler := &ArrHandler{ + resolver: stubRoomResolver{err: ErrAmbiguousManagementRoom}, + sender: &stubNoticeSender{}, + } + + req := httptest.NewRequest(http.MethodPost, ArrWebhookPath, strings.NewReader(`{"eventType":"Test"}`)) + rec := httptest.NewRecorder() + handler.ServeHTTP(rec, req) + + if rec.Code != http.StatusConflict { + t.Fatalf("expected conflict status, got %d", rec.Code) + } +} + +func TestRenderNoticeForTestEvent(t *testing.T) { + msg := renderNotice(payload{EventType: "Test"}) + if strings.TrimSpace(msg) != "**Arr Test**" { + t.Fatalf("unexpected test-event message: %q", msg) + } +} + +func TestArrHandlerReturnsBadGatewayOnSendFailure(t *testing.T) { + handler := &ArrHandler{ + resolver: stubRoomResolver{roomID: "!room:test"}, + sender: &stubNoticeSender{err: errors.New("send failed")}, + } + + req := httptest.NewRequest(http.MethodPost, ArrWebhookPath, strings.NewReader(`{"eventType":"Test"}`)) + rec := httptest.NewRecorder() + handler.ServeHTTP(rec, req) + + if rec.Code != http.StatusBadGateway { + t.Fatalf("expected bad gateway status, got %d", rec.Code) + } +} + +func TestArrHandlerRejectsMissingEventType(t *testing.T) { + handler := &ArrHandler{ + resolver: stubRoomResolver{roomID: "!room:test"}, + sender: &stubNoticeSender{}, + } + + req := httptest.NewRequest(http.MethodPost, ArrWebhookPath, strings.NewReader(`{"movie":{"title":"Dune"}}`)) + rec := httptest.NewRecorder() + handler.ServeHTTP(rec, req) + + if rec.Code != http.StatusBadRequest { + t.Fatalf("expected bad request status, got %d", rec.Code) + } +} diff --git a/packages/arrtrix/pkg/webhook/radarr_test.go b/packages/arrtrix/pkg/webhook/radarr_test.go deleted file mode 100644 index d4fc962..0000000 --- a/packages/arrtrix/pkg/webhook/radarr_test.go +++ /dev/null @@ -1,131 +0,0 @@ -package webhook - -import ( - "context" - "errors" - "net/http" - "net/http/httptest" - "strings" - "testing" - - "maunium.net/go/mautrix/id" -) - -type stubRoomResolver struct { - roomID id.RoomID - err error -} - -func (s stubRoomResolver) ResolveManagementRoom(context.Context) (id.RoomID, error) { - return s.roomID, s.err -} - -type stubNoticeSender struct { - roomID id.RoomID - message string - err error -} - -func (s *stubNoticeSender) SendNotice(_ context.Context, roomID id.RoomID, message string) error { - s.roomID = roomID - s.message = message - return s.err -} - -func TestRadarrConfigDefaultsAndValidation(t *testing.T) { - cfg := RadarrConfig{Enabled: true, Secret: "secret"} - cfg.ApplyDefaults() - if cfg.Path != defaultRadarrWebhookPath { - t.Fatalf("expected default path %q, got %q", defaultRadarrWebhookPath, cfg.Path) - } - if err := cfg.Validate(); err != nil { - t.Fatalf("expected config to validate, got %v", err) - } -} - -func TestRadarrConfigRequiresSecretWhenEnabled(t *testing.T) { - cfg := RadarrConfig{Enabled: true} - if err := cfg.Validate(); err == nil { - t.Fatal("expected missing secret to fail validation") - } -} - -func TestRadarrHandlerRejectsUnauthorizedRequests(t *testing.T) { - handler := &RadarrHandler{ - config: RadarrConfig{Enabled: true, Secret: "secret"}, - resolver: stubRoomResolver{roomID: "!room:test"}, - sender: &stubNoticeSender{}, - } - - req := httptest.NewRequest(http.MethodPost, defaultRadarrWebhookPath, strings.NewReader(`{"eventType":"Test"}`)) - rec := httptest.NewRecorder() - handler.ServeHTTP(rec, req) - - if rec.Code != http.StatusUnauthorized { - t.Fatalf("expected unauthorized status, got %d", rec.Code) - } -} - -func TestRadarrHandlerDeliversNotice(t *testing.T) { - sender := &stubNoticeSender{} - handler := &RadarrHandler{ - config: RadarrConfig{Enabled: true, Secret: "secret"}, - resolver: stubRoomResolver{roomID: "!room:test"}, - sender: sender, - } - - req := httptest.NewRequest(http.MethodPost, defaultRadarrWebhookPath+"?secret=secret", strings.NewReader(`{"eventType":"Download","movie":{"title":"Dune","year":2021,"imdbId":"tt1160419"},"movieFile":{"quality":"1080p","relativePath":"Dune (2021)/Dune.mkv"},"isUpgrade":false}`)) - rec := httptest.NewRecorder() - handler.ServeHTTP(rec, req) - - if rec.Code != http.StatusAccepted { - t.Fatalf("expected accepted status, got %d", rec.Code) - } - if sender.roomID != "!room:test" { - t.Fatalf("expected notice sent to management room, got %q", sender.roomID) - } - if !strings.Contains(sender.message, "**Radarr Download**") || !strings.Contains(sender.message, "Dune (2021)") { - t.Fatalf("unexpected message: %s", sender.message) - } -} - -func TestRadarrHandlerReportsAmbiguousManagementRoom(t *testing.T) { - handler := &RadarrHandler{ - config: RadarrConfig{Enabled: true, Secret: "secret"}, - resolver: stubRoomResolver{err: ErrAmbiguousManagementRoom}, - sender: &stubNoticeSender{}, - } - - req := httptest.NewRequest(http.MethodPost, defaultRadarrWebhookPath, strings.NewReader(`{"eventType":"Test"}`)) - req.Header.Set(radarrSecretHeader, "secret") - rec := httptest.NewRecorder() - handler.ServeHTTP(rec, req) - - if rec.Code != http.StatusConflict { - t.Fatalf("expected conflict status, got %d", rec.Code) - } -} - -func TestRenderRadarrNoticeForTestEvent(t *testing.T) { - msg := renderRadarrNotice(radarrPayload{EventType: "Test"}) - if strings.TrimSpace(msg) != "**Radarr Test**" { - t.Fatalf("unexpected test-event message: %q", msg) - } -} - -func TestRadarrHandlerReturnsBadGatewayOnSendFailure(t *testing.T) { - handler := &RadarrHandler{ - config: RadarrConfig{Enabled: true, Secret: "secret"}, - resolver: stubRoomResolver{roomID: "!room:test"}, - sender: &stubNoticeSender{err: errors.New("send failed")}, - } - - req := httptest.NewRequest(http.MethodPost, defaultRadarrWebhookPath, strings.NewReader(`{"eventType":"Test"}`)) - req.Header.Set(radarrSecretHeader, "secret") - rec := httptest.NewRecorder() - handler.ServeHTTP(rec, req) - - if rec.Code != http.StatusBadGateway { - t.Fatalf("expected bad gateway status, got %d", rec.Code) - } -} From 81f34676c42df578de285b7a2fddf5d7a2904751 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 16 Apr 2026 10:13:51 +0200 Subject: [PATCH 53/58] Add OpenTelemetry observability to Arrtrix - Add OTLP/gRPC observability config and resource attributes - Instrument webhook and onboarding handlers with tracing and metrics - Add OpenTelemetry dependencies to go.mod/go.sum - Update NixOS modules to configure observability settings --- .../services/communication/matrix/default.nix | 7 +- .../nixos/services/media/servarr/default.nix | 12 +++ .../nixos/temp/services/arrtrix/default.nix | 5 ++ packages/arrtrix/go.mod | 37 ++++++--- packages/arrtrix/go.sum | 67 ++++++++++++++-- packages/arrtrix/pkg/config/config.go | 4 + packages/arrtrix/pkg/matrixcmd/processor.go | 23 +++++- packages/arrtrix/pkg/onboarding/welcome.go | 34 ++++++++ packages/arrtrix/pkg/runtime/example.go | 7 ++ packages/arrtrix/pkg/runtime/main.go | 63 +++++++++++++++ packages/arrtrix/pkg/webhook/arr.go | 77 +++++++++++++++++-- 11 files changed, 307 insertions(+), 29 deletions(-) diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 607fa72..cd5aff2 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -112,10 +112,9 @@ in { (mkMautrix "mautrix-telegram" 2 {}) (mkMautrix "mautrix-whatsapp" 3 {}) (mkMautrix "arrtrix" 4 { - settings.network.webhooks.radarr = { - enabled = true; - path = "/_arrtrix/webhooks/radarr"; - secret = ""; + settings.observability = { + otlp_grpc_endpoint = "http://[::1]:1000"; + service_name = "arrtrix"; }; }) { diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index ae0e3b0..23255c0 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -212,6 +212,18 @@ in { resource = { + "${service}_notification_webhook" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr" "lidarr" "readarr"]) { + "arrtrix" = + { + method = 1; # HTTP METHOD 1=POST, 2=PUT + name = "Arrtrix"; + url = "http://[::1]${config'.services.arrtrix.settings.appservice.port}"; + } + // (lib.optionalAttrs (lib.elem service ["radarr" "whisparr"]) { + onMovieDelete = true; + }); + }; + "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( rootFolders |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) diff --git a/modules/nixos/temp/services/arrtrix/default.nix b/modules/nixos/temp/services/arrtrix/default.nix index 618de39..b8c7457 100644 --- a/modules/nixos/temp/services/arrtrix/default.nix +++ b/modules/nixos/temp/services/arrtrix/default.nix @@ -48,6 +48,11 @@ time_format = " "; }; }; + observability = { + otlp_grpc_endpoint = ""; + service_name = "arrtrix"; + resource_attributes = {}; + }; }; in { options.services.arrtrix = { diff --git a/packages/arrtrix/go.mod b/packages/arrtrix/go.mod index eed27b5..81a6c93 100644 --- a/packages/arrtrix/go.mod +++ b/packages/arrtrix/go.mod @@ -3,41 +3,58 @@ module sneeuwvlok/packages/arrtrix go 1.25.0 require ( + github.com/rs/zerolog v1.34.0 go.mau.fi/util v0.9.7 + go.mau.fi/zeroconfig v0.2.0 + go.opentelemetry.io/otel v1.43.0 + go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.19.0 + go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 + go.opentelemetry.io/otel/log v0.19.0 + go.opentelemetry.io/otel/metric v1.43.0 + go.opentelemetry.io/otel/sdk v1.43.0 + go.opentelemetry.io/otel/sdk/log v0.19.0 + go.opentelemetry.io/otel/sdk/metric v1.43.0 + go.opentelemetry.io/otel/trace v1.43.0 + gopkg.in/yaml.v3 v3.0.1 + maunium.net/go/mauflag v1.0.0 maunium.net/go/mautrix v0.26.4 ) -require ( - github.com/kr/pretty v0.3.1 // indirect - github.com/rogpeppe/go-internal v1.10.0 // indirect - gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect -) - require ( filippo.io/edwards25519 v1.2.0 // indirect + github.com/cenkalti/backoff/v5 v5.0.3 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/coder/websocket v1.8.14 // indirect github.com/coreos/go-systemd/v22 v22.6.0 // indirect + github.com/go-logr/logr v1.4.3 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect github.com/lib/pq v1.11.2 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-sqlite3 v1.14.34 // indirect github.com/petermattis/goid v0.0.0-20260226131333-17d1149c6ac6 // indirect github.com/rs/xid v1.6.0 // indirect - github.com/rs/zerolog v1.34.0 // indirect github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect github.com/tidwall/gjson v1.18.0 // indirect github.com/tidwall/match v1.2.0 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect github.com/yuin/goldmark v1.7.16 // indirect - go.mau.fi/zeroconfig v0.2.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 // indirect + go.opentelemetry.io/proto/otlp v1.10.0 // indirect golang.org/x/crypto v0.49.0 // indirect golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 // indirect golang.org/x/net v0.52.0 // indirect golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.42.0 // indirect golang.org/x/text v0.35.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect + google.golang.org/grpc v1.80.0 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect - maunium.net/go/mauflag v1.0.0 // indirect ) diff --git a/packages/arrtrix/go.sum b/packages/arrtrix/go.sum index d8e9404..8d8f5ab 100644 --- a/packages/arrtrix/go.sum +++ b/packages/arrtrix/go.sum @@ -2,20 +2,33 @@ filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo= filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= +github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= +github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/coder/websocket v1.8.14 h1:9L0p0iKiNOibykf283eHkKUHHrpG7f65OE3BhhO7v9g= github.com/coder/websocket v1.8.14/go.mod h1:NX3SzP+inril6yawo5CQXx8+fk145lPDC6pumgx0mVg= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5zn0bCJWo= github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lib/pq v1.11.2 h1:x6gxUeu39V0BHZiugWe8LXZYZ+Utk7hSJGThs8sdzfs= @@ -31,13 +44,11 @@ github.com/mattn/go-sqlite3 v1.14.34 h1:3NtcvcUnFBPsuRcno8pUtupspG/GM+9nZ88zgJcp github.com/mattn/go-sqlite3 v1.14.34/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/petermattis/goid v0.0.0-20260226131333-17d1149c6ac6 h1:rh2lKw/P/EqHa724vYH2+VVQ1YnW4u6EOXl0PMAovZE= github.com/petermattis/goid v0.0.0-20260226131333-17d1149c6ac6/go.mod h1:pxMtw7cyUw6B2bRH0ZBANSPg+AoSud1I1iyJHI69jH4= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU= github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY= @@ -63,6 +74,36 @@ go.mau.fi/util v0.9.7 h1:AWGNbJfz1zRcQOKeOEYhKUG2fT+/26Gy6kyqcH8tnBg= go.mau.fi/util v0.9.7/go.mod h1:5T2f3ZWZFAGgmFwg3dGw7YK6kIsb9lryDzvynoR98pE= go.mau.fi/zeroconfig v0.2.0 h1:e/OGEERqVRRKlgaro7E6bh8xXiKFSXB3eNNIud7FUjU= go.mau.fi/zeroconfig v0.2.0/go.mod h1:J0Vn0prHNOm493oZoQ84kq83ZaNCYZnq+noI1b1eN8w= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= +go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.19.0 h1:Dn8rkudDzY6KV9dr/D/bTUuWgqDf9xe0rr4G2elrn0Y= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.19.0/go.mod h1:gMk9F0xDgyN9M/3Ed5Y1wKcx/9mlU91NXY2SNq7RQuU= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 h1:8UQVDcZxOJLtX6gxtDt3vY2WTgvZqMQRzjsqiIHQdkc= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0/go.mod h1:2lmweYCiHYpEjQ/lSJBYhj9jP1zvCvQW4BqL9dnT7FQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 h1:88Y4s2C8oTui1LGM6bTWkw0ICGcOLCAI5l6zsD1j20k= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0/go.mod h1:Vl1/iaggsuRlrHf/hfPJPvVag77kKyvrLeD10kpMl+A= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 h1:RAE+JPfvEmvy+0LzyUA25/SGawPwIUbZ6u0Wug54sLc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0/go.mod h1:AGmbycVGEsRx9mXMZ75CsOyhSP6MFIcj/6dnG+vhVjk= +go.opentelemetry.io/otel/log v0.19.0 h1:KUZs/GOsw79TBBMfDWsXS+KZ4g2Ckzksd1ymzsIEbo4= +go.opentelemetry.io/otel/log v0.19.0/go.mod h1:5DQYeGmxVIr4n0/BcJvF4upsraHjg6vudJJpnkL6Ipk= +go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= +go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= +go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= +go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= +go.opentelemetry.io/otel/sdk/log v0.19.0 h1:scYVLqT22D2gqXItnWiocLUKGH9yvkkeql5dBDiXyko= +go.opentelemetry.io/otel/sdk/log v0.19.0/go.mod h1:vFBowwXGLlW9AvpuF7bMgnNI95LiW10szrOdvzBHlAg= +go.opentelemetry.io/otel/sdk/log/logtest v0.19.0 h1:BEbF7ZBB6qQloV/Ub1+3NQoOUnVtcGkU3XX4Ws3GQfk= +go.opentelemetry.io/otel/sdk/log/logtest v0.19.0/go.mod h1:Lua81/3yM0wOmoHTokLj9y9ADeA02v1naRrVrkAZuKk= +go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= +go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= +go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= +go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= +go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= +go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 h1:jiDhWWeC7jfWqR9c/uplMOqJ0sbNlNWv0UkzE0vX1MA= @@ -78,6 +119,16 @@ golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= +gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= +google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:VPWxll4HlMw1Vs/qXtN7BvhZqsS9cdAittCNvVENElA= +google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 h1:m8qni9SQFH0tJc1X0vmnpw/0t+AImlSvp30sEupozUg= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= +google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= +google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/packages/arrtrix/pkg/config/config.go b/packages/arrtrix/pkg/config/config.go index c3b11b8..ff97e98 100644 --- a/packages/arrtrix/pkg/config/config.go +++ b/packages/arrtrix/pkg/config/config.go @@ -6,6 +6,8 @@ import ( "gopkg.in/yaml.v3" "maunium.net/go/mautrix/bridgev2/bridgeconfig" + + "sneeuwvlok/packages/arrtrix/pkg/observability" ) type Config struct { @@ -17,6 +19,7 @@ type Config struct { AppService bridgeconfig.AppserviceConfig `yaml:"appservice"` Logging zeroconfig.Config `yaml:"logging"` + Observability observability.Config `yaml:"observability"` EnvConfigPrefix string `yaml:"env_config_prefix"` ManagementTexts bridgeconfig.ManagementRoomTexts `yaml:"management_room_texts"` } @@ -34,6 +37,7 @@ func (c *Config) applyDefaults() { if c.Homeserver.Software == "" { c.Homeserver.Software = bridgeconfig.SoftwareStandard } + c.Observability.ApplyDefaults() } func (c *Config) Compile() bridgeconfig.Config { diff --git a/packages/arrtrix/pkg/matrixcmd/processor.go b/packages/arrtrix/pkg/matrixcmd/processor.go index 1dabfd6..a4f15df 100644 --- a/packages/arrtrix/pkg/matrixcmd/processor.go +++ b/packages/arrtrix/pkg/matrixcmd/processor.go @@ -8,6 +8,8 @@ import ( "strings" "github.com/rs/zerolog" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/codes" "maunium.net/go/mautrix/bridgev2" "maunium.net/go/mautrix/bridgev2/bridgeconfig" @@ -15,6 +17,8 @@ import ( "maunium.net/go/mautrix/event" "maunium.net/go/mautrix/format" "maunium.net/go/mautrix/id" + + "sneeuwvlok/packages/arrtrix/pkg/observability" ) type Handler interface { @@ -110,6 +114,9 @@ func (p *Processor) Handlers() []Handler { } func (p *Processor) Handle(ctx context.Context, roomID id.RoomID, eventID id.EventID, user *bridgev2.User, message string, replyTo id.EventID) { + ctx, span := observability.StartSpan(ctx, "arrtrix.matrix.command") + defer span.End() + ms := &bridgev2.MessageStatus{ Step: status.MsgStepCommand, Status: event.MessageStatusSuccess, @@ -117,6 +124,8 @@ func (p *Processor) Handle(ctx context.Context, roomID id.RoomID, eventID id.Eve logCopy := zerolog.Ctx(ctx).With().Logger() log := &logCopy + outcome := "success" + commandName := "unknown-command" defer func() { statusInfo := &bridgev2.MessageStatusEventInfo{ @@ -131,16 +140,21 @@ func (p *Processor) Handle(ctx context.Context, roomID id.RoomID, eventID id.Eve if err, ok := recovered.(error); ok { logEvt = logEvt.Err(err) ms.InternalError = err + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) } else { logEvt = logEvt.Any(zerolog.ErrorFieldName, recovered) ms.InternalError = fmt.Errorf("%v", recovered) + span.SetStatus(codes.Error, "panic") } logEvt.Msg("Panic in arrtrix Matrix command handler") ms.Status = event.MessageStatusFail ms.IsCertain = true ms.ErrorAsMessage = true + outcome = "panic" } + observability.RecordCommand(ctx, commandName, outcome) p.bridge.Matrix.SendMessageStatus(ctx, ms, statusInfo) }() @@ -149,10 +163,14 @@ func (p *Processor) Handle(ctx context.Context, roomID id.RoomID, eventID id.Eve args = []string{"unknown-command"} } - commandName := strings.ToLower(args[0]) + commandName = strings.ToLower(args[0]) if actual, ok := p.alias[commandName]; ok { commandName = actual } + span.SetAttributes( + attribute.String("arrtrix.matrix.command.name", commandName), + attribute.String("matrix.room_id", roomID.String()), + ) portal, err := p.bridge.GetPortalByMXID(ctx, roomID) if err != nil { @@ -179,6 +197,8 @@ func (p *Processor) Handle(ctx context.Context, roomID id.RoomID, eventID id.Eve handler, ok := p.command[commandName] if !ok { log.Debug().Str("mx_command", commandName).Msg("Received unknown Matrix room command") + span.SetStatus(codes.Error, "unknown command") + outcome = "unknown" commandCtx.Reply("Unknown command, use the `help` command for help.") return } @@ -188,6 +208,7 @@ func (p *Processor) Handle(ctx context.Context, roomID id.RoomID, eventID id.Eve }) log.Debug().Msg("Received Matrix room command") handler.Run(commandCtx) + span.SetStatus(codes.Ok, "") } func (c *Context) Reply(message string, args ...any) { diff --git a/packages/arrtrix/pkg/onboarding/welcome.go b/packages/arrtrix/pkg/onboarding/welcome.go index 14860c1..e96ea7a 100644 --- a/packages/arrtrix/pkg/onboarding/welcome.go +++ b/packages/arrtrix/pkg/onboarding/welcome.go @@ -6,12 +6,16 @@ import ( "strings" "github.com/rs/zerolog" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/codes" "maunium.net/go/mautrix/bridgev2" "maunium.net/go/mautrix/bridgev2/bridgeconfig" "maunium.net/go/mautrix/event" "maunium.net/go/mautrix/format" "maunium.net/go/mautrix/id" + + "sneeuwvlok/packages/arrtrix/pkg/observability" ) const handledInviteEventType = "com.arrtrix.handled_invite" @@ -23,27 +27,49 @@ func HandleBotInvite(ctx context.Context, bridge *bridgev2.Bridge, texts bridgec return } + ctx, span := observability.StartSpan(ctx, "arrtrix.matrix.invite") + defer span.End() + span.SetAttributes( + attribute.String("matrix.room_id", evt.RoomID.String()), + attribute.String("matrix.sender", evt.Sender.String()), + ) + outcome := "ignored" + defer observability.RecordInvite(ctx, outcome) + log := zerolog.Ctx(ctx) sender, err := bridge.GetUserByMXID(ctx, evt.Sender) if err != nil { + outcome = "user_lookup_failed" + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) log.Err(err).Msg("Failed to load sender for bot invite") return } if !sender.Permissions.Commands { + outcome = "permission_denied" + span.SetStatus(codes.Error, "sender lacks command permission") return } if err = bridge.Bot.EnsureJoined(ctx, evt.RoomID); err != nil { + outcome = "join_failed" + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) log.Err(err).Msg("Failed to accept invite to room") return } members, err := bridge.Matrix.GetMembers(ctx, evt.RoomID) if err != nil { + outcome = "member_lookup_failed" + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) log.Err(err).Msg("Failed to get members of room after accepting invite") return } if len(members) != 2 { + outcome = "non_management_room" + span.SetStatus(codes.Error, "invite room is not a direct management room") return } @@ -51,6 +77,9 @@ func HandleBotInvite(ctx context.Context, bridge *bridgev2.Bridge, texts bridgec if assignedManagementRoom { sender.ManagementRoom = evt.RoomID if err = sender.Save(ctx); err != nil { + outcome = "management_room_save_failed" + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) log.Err(err).Msg("Failed to update user's management room in database") return } @@ -59,10 +88,15 @@ func HandleBotInvite(ctx context.Context, bridge *bridgev2.Bridge, texts bridgec message := buildWelcomeMessage(bridge, texts, sender, assignedManagementRoom) content := format.RenderMarkdown(message, true, false) if _, err = bridge.Bot.SendMessage(ctx, evt.RoomID, event.EventMessage, &event.Content{Parsed: &content}, nil); err != nil { + outcome = "welcome_send_failed" + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) log.Err(err).Msg("Failed to send welcome message to room") return } + outcome = "welcomed" + span.SetStatus(codes.Ok, "") evt.Type = event.Type{Type: handledInviteEventType} } diff --git a/packages/arrtrix/pkg/runtime/example.go b/packages/arrtrix/pkg/runtime/example.go index 1cba7b6..c8d7ca4 100644 --- a/packages/arrtrix/pkg/runtime/example.go +++ b/packages/arrtrix/pkg/runtime/example.go @@ -56,6 +56,13 @@ logging: - type: stdout format: pretty-colored +observability: + # OTLP/gRPC endpoint for logs, traces, and metrics. + # Set to e.g. http://127.0.0.1:4317 to enable export. + otlp_grpc_endpoint: "" + service_name: arrtrix + resource_attributes: {} + management_room_texts: welcome: "" welcome_connected: "" diff --git a/packages/arrtrix/pkg/runtime/main.go b/packages/arrtrix/pkg/runtime/main.go index 42e1495..5352c54 100644 --- a/packages/arrtrix/pkg/runtime/main.go +++ b/packages/arrtrix/pkg/runtime/main.go @@ -18,6 +18,7 @@ import ( "go.mau.fi/util/exerrors" "go.mau.fi/util/exzerolog" "go.mau.fi/util/progver" + "go.opentelemetry.io/otel/codes" "gopkg.in/yaml.v3" flag "maunium.net/go/mauflag" "maunium.net/go/mautrix/appservice" @@ -31,6 +32,7 @@ import ( arrconfig "sneeuwvlok/packages/arrtrix/pkg/config" "sneeuwvlok/packages/arrtrix/pkg/matrixcmd" + "sneeuwvlok/packages/arrtrix/pkg/observability" "sneeuwvlok/packages/arrtrix/pkg/onboarding" ) @@ -62,6 +64,7 @@ type Main struct { Config *bridgeconfig.Config Matrix *matrix.Connector Bridge *bridgev2.Bridge + OTEL *observability.Runtime ConfigPath string RegistrationPath string @@ -251,6 +254,8 @@ func (m *Main) loadRegistrationTokens(cfg *bridgeconfig.Config) error { } func (m *Main) Init() { + start := time.Now() + ctx := context.Background() var err error m.Log, err = m.Config.Logging.Compile() if err != nil { @@ -265,6 +270,33 @@ func (m *Main) Init() { os.Exit(11) } + otelCtx, cancel := context.WithTimeout(ctx, 10*time.Second) + m.OTEL, err = observability.Setup(otelCtx, m.PublicConfig.Observability, m.Version) + cancel() + if err != nil { + m.Log.WithLevel(zerolog.FatalLevel).Err(err).Msg("Failed to initialize observability") + os.Exit(15) + } + if hook := m.OTEL.LoggerHook(); hook != nil { + logger := m.Log.Hook(hook) + m.Log = &logger + exzerolog.SetupDefaults(m.Log) + } + + ctx = m.Log.WithContext(context.Background()) + ctx, span := observability.StartSpan(ctx, "arrtrix.runtime.init") + defer func() { + if err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) + observability.RecordStartupPhase(ctx, "init", "error", time.Since(start)) + return + } + span.SetStatus(codes.Ok, "") + observability.RecordStartupPhase(ctx, "init", "ok", time.Since(start)) + }() + defer span.End() + m.Log.Info(). Str("name", m.Name). Str("version", m.ver.FormattedVersion). @@ -306,17 +338,48 @@ func (m *Main) Init() { } func (m *Main) Start() { + start := time.Now() ctx := m.Log.WithContext(context.Background()) + ctx, span := observability.StartSpan(ctx, "arrtrix.runtime.start") + defer func() { + if r := recover(); r != nil { + span.SetStatus(codes.Error, "panic") + observability.RecordStartupPhase(ctx, "start", "panic", time.Since(start)) + span.End() + panic(r) + } + span.End() + }() if err := m.Bridge.Start(ctx); err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) + observability.RecordStartupPhase(ctx, "start", "error", time.Since(start)) m.Log.Fatal().Err(err).Msg("Failed to start bridge") } + span.SetStatus(codes.Ok, "") + observability.RecordStartupPhase(ctx, "start", "ok", time.Since(start)) if m.PostStart != nil { m.PostStart() } } func (m *Main) Stop() { + start := time.Now() + ctx := m.Log.WithContext(context.Background()) + ctx, span := observability.StartSpan(ctx, "arrtrix.runtime.stop") + defer span.End() + m.Bridge.StopWithTimeout(5 * time.Second) + span.SetStatus(codes.Ok, "") + observability.RecordStartupPhase(ctx, "stop", "ok", time.Since(start)) + + if m.OTEL != nil { + shutdownCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + if err := m.OTEL.Shutdown(shutdownCtx); err != nil && m.Log != nil { + m.Log.Error().Err(err).Msg("Failed to shut down observability") + } + } } func (m *Main) WaitForInterrupt() int { diff --git a/packages/arrtrix/pkg/webhook/arr.go b/packages/arrtrix/pkg/webhook/arr.go index 42e350c..eb7540c 100644 --- a/packages/arrtrix/pkg/webhook/arr.go +++ b/packages/arrtrix/pkg/webhook/arr.go @@ -7,11 +7,17 @@ import ( "fmt" "net/http" "strings" + "time" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/codes" + "go.opentelemetry.io/otel/trace" "maunium.net/go/mautrix/bridgev2" "maunium.net/go/mautrix/event" "maunium.net/go/mautrix/format" "maunium.net/go/mautrix/id" + + "sneeuwvlok/packages/arrtrix/pkg/observability" ) const ArrWebhookPath = "/_arrtrix/webhook" @@ -69,32 +75,65 @@ func MountArr(router *http.ServeMux, bridge *bridgev2.Bridge) error { } func (h *ArrHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { + start := time.Now() + ctx, span := observability.StartSpan(r.Context(), "arrtrix.webhook.handle", trace.WithSpanKind(trace.SpanKindServer)) + defer span.End() + + statusCode := http.StatusAccepted + outcome := "ok" + eventType := "" + defer func() { + observability.RecordWebhook(ctx, eventType, outcome, statusCode, time.Since(start)) + }() + var body payload if err := json.NewDecoder(r.Body).Decode(&body); err != nil { + statusCode = http.StatusBadRequest + outcome = "invalid_payload" + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) http.Error(w, "invalid webhook payload", http.StatusBadRequest) return } if strings.TrimSpace(body.EventType) == "" { + statusCode = http.StatusBadRequest + outcome = "missing_event_type" + span.SetStatus(codes.Error, "missing eventType") http.Error(w, "missing eventType", http.StatusBadRequest) return } + eventType = body.EventType + span.SetAttributes( + attribute.String("arrtrix.webhook.event_type", body.EventType), + attribute.String("http.method", r.Method), + attribute.String("http.route", ArrWebhookPath), + ) - roomID, err := h.resolver.ResolveManagementRoom(r.Context()) + roomID, err := h.resolver.ResolveManagementRoom(ctx) if err != nil { - status := http.StatusInternalServerError + statusCode = http.StatusInternalServerError + outcome = "resolve_failed" if errors.Is(err, ErrNoManagementRoom) || errors.Is(err, ErrAmbiguousManagementRoom) { - status = http.StatusConflict + statusCode = http.StatusConflict + outcome = "routing_conflict" } - http.Error(w, err.Error(), status) + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) + http.Error(w, err.Error(), statusCode) return } - if err = h.sender.SendNotice(r.Context(), roomID, renderNotice(body)); err != nil { + if err = h.sender.SendNotice(ctx, roomID, renderNotice(body)); err != nil { + statusCode = http.StatusBadGateway + outcome = "delivery_failed" + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) http.Error(w, "failed to deliver webhook", http.StatusBadGateway) return } - w.WriteHeader(http.StatusAccepted) + span.SetStatus(codes.Ok, "") + w.WriteHeader(statusCode) } type bridgeRoomResolver struct { @@ -102,8 +141,13 @@ type bridgeRoomResolver struct { } func (r bridgeRoomResolver) ResolveManagementRoom(ctx context.Context) (id.RoomID, error) { + ctx, span := observability.StartSpan(ctx, "arrtrix.webhook.resolve_management_room") + defer span.End() + rows, err := r.bridge.DB.Query(ctx, `SELECT mxid, management_room FROM "user" WHERE bridge_id=$1 AND management_room IS NOT NULL AND management_room <> ''`, r.bridge.ID) if err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) return "", fmt.Errorf("failed to query management rooms: %w", err) } defer rows.Close() @@ -113,6 +157,8 @@ func (r bridgeRoomResolver) ResolveManagementRoom(ctx context.Context) (id.RoomI for rows.Next() { var mxid, managementRoom string if err = rows.Scan(&mxid, &managementRoom); err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) return "", fmt.Errorf("failed to scan management room: %w", err) } owners = append(owners, id.UserID(mxid)) @@ -121,15 +167,22 @@ func (r bridgeRoomResolver) ResolveManagementRoom(ctx context.Context) (id.RoomI } } if err = rows.Err(); err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) return "", fmt.Errorf("failed to iterate management rooms: %w", err) } switch len(owners) { case 0: + span.SetStatus(codes.Error, ErrNoManagementRoom.Error()) return "", ErrNoManagementRoom case 1: + span.SetAttributes(attribute.Int("arrtrix.management_room.count", 1)) + span.SetStatus(codes.Ok, "") return roomID, nil default: + span.SetAttributes(attribute.Int("arrtrix.management_room.count", len(owners))) + span.SetStatus(codes.Error, ErrAmbiguousManagementRoom.Error()) return "", fmt.Errorf("%w: %s", ErrAmbiguousManagementRoom, strings.Join(convertUserIDs(owners), ", ")) } } @@ -139,11 +192,23 @@ type bridgeNoticeSender struct { } func (s bridgeNoticeSender) SendNotice(ctx context.Context, roomID id.RoomID, markdown string) error { + ctx, span := observability.StartSpan(ctx, "arrtrix.webhook.send_notice") + defer span.End() + span.SetAttributes(attribute.String("matrix.room_id", roomID.String())) + if err := s.bridge.Bot.EnsureJoined(ctx, roomID); err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) return err } content := format.RenderMarkdown(markdown, true, false) _, err := s.bridge.Bot.SendMessage(ctx, roomID, event.EventMessage, &event.Content{Parsed: &content}, nil) + if err != nil { + span.RecordError(err) + span.SetStatus(codes.Error, err.Error()) + return err + } + span.SetStatus(codes.Ok, "") return err } From 9b93f017b626ab750c40dc196fdba5bb5329f08c Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 16 Apr 2026 10:29:04 +0200 Subject: [PATCH 54/58] Add observability stack: Alloy, Tempo, and OTEL support - Add NixOS modules for Alloy and Tempo with default configs - Update Grafana datasource config for Prometheus, Loki, Tempo - Add Prometheus remote_write for Alloy - Implement OTEL metrics/tracing/logging in arrtrix (Go) - Enable Alloy and Tempo in ulmo system config --- .../nixos/services/media/servarr/default.nix | 2 +- .../services/observability/alloy/default.nix | 80 ++++ .../observability/grafana/default.nix | 52 ++- .../observability/prometheus/default.nix | 21 +- .../services/observability/tempo/default.nix | 48 +++ packages/arrtrix/pkg/observability/config.go | 22 + packages/arrtrix/pkg/observability/otel.go | 397 ++++++++++++++++++ .../arrtrix/pkg/observability/otel_test.go | 54 +++ systems/x86_64-linux/ulmo/default.nix | 4 +- 9 files changed, 661 insertions(+), 19 deletions(-) create mode 100644 modules/nixos/services/observability/alloy/default.nix create mode 100644 modules/nixos/services/observability/tempo/default.nix create mode 100644 packages/arrtrix/pkg/observability/config.go create mode 100644 packages/arrtrix/pkg/observability/otel.go create mode 100644 packages/arrtrix/pkg/observability/otel_test.go diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 23255c0..47461ef 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -217,7 +217,7 @@ in { { method = 1; # HTTP METHOD 1=POST, 2=PUT name = "Arrtrix"; - url = "http://[::1]${config'.services.arrtrix.settings.appservice.port}"; + url = "http://[::1]${toString config'.services.arrtrix.settings.appservice.port}"; } // (lib.optionalAttrs (lib.elem service ["radarr" "whisparr"]) { onMovieDelete = true; diff --git a/modules/nixos/services/observability/alloy/default.nix b/modules/nixos/services/observability/alloy/default.nix new file mode 100644 index 0000000..8385f8f --- /dev/null +++ b/modules/nixos/services/observability/alloy/default.nix @@ -0,0 +1,80 @@ +{ config, lib, namespace, ... }: +let + inherit (builtins) toString; + inherit (lib) mkEnableOption mkIf; + + cfg = config.${namespace}.services.observability.alloy; + + httpPort = 9007; + otlpGrpcPort = 9010; + otlpHttpPort = 9011; + tempoOtlpGrpcPort = 9009; +in +{ + options.${namespace}.services.observability.alloy = { + enable = mkEnableOption "enable Grafana Alloy"; + }; + + config = mkIf cfg.enable { + services.alloy = { + enable = true; + configPath = "/etc/alloy"; + extraFlags = [ + "--disable-reporting" + "--server.http.listen-addr=0.0.0.0:${toString httpPort}" + "--storage.path=/var/lib/alloy" + ]; + }; + + environment.etc."alloy/config.alloy".text = '' + otelcol.receiver.otlp "default" { + grpc { + endpoint = "127.0.0.1:${toString otlpGrpcPort}" + } + + http { + endpoint = "127.0.0.1:${toString otlpHttpPort}" + } + + output { + metrics = [otelcol.processor.batch.metrics.input] + traces = [otelcol.processor.batch.traces.input] + } + } + + otelcol.processor.batch "metrics" { + output { + metrics = [otelcol.exporter.prometheus.default.input] + } + } + + otelcol.processor.batch "traces" { + output { + traces = [otelcol.exporter.otlp.tempo.input] + } + } + + otelcol.exporter.prometheus "default" { + forward_to = [prometheus.remote_write.local.receiver] + } + + prometheus.remote_write "local" { + endpoint { + url = "http://127.0.0.1:${toString config.services.prometheus.port}/api/v1/write" + } + } + + otelcol.exporter.otlp "tempo" { + client { + endpoint = "127.0.0.1:${toString tempoOtlpGrpcPort}" + + tls { + insecure = true + } + } + } + ''; + + networking.firewall.allowedTCPPorts = [ httpPort ]; + }; +} diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index a867351..d2ed0e7 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -102,23 +102,43 @@ in { }; datasources.settings.datasources = [ - { - name = "Prometheus"; - type = "prometheus"; - url = "http://localhost:9005"; - isDefault = true; - editable = false; - } + { + name = "Prometheus"; + uid = "prometheus"; + type = "prometheus"; + url = "http://localhost:9002"; + isDefault = true; + editable = false; + } - { - name = "Loki"; - type = "loki"; - url = "http://localhost:9003"; - editable = false; - } - ]; - }; - }; + { + name = "Loki"; + uid = "loki"; + type = "loki"; + url = "http://localhost:9003"; + editable = false; + } + + { + name = "Tempo"; + uid = "tempo"; + type = "tempo"; + url = "http://localhost:9006"; + editable = false; + jsonData = { + nodeGraph.enabled = true; + serviceMap.datasourceUid = "prometheus"; + tracesToLogsV2 = { + datasourceUid = "loki"; + filterByTraceID = true; + spanStartTimeShift = "-1h"; + spanEndTimeShift = "1h"; + }; + }; + } + ]; + }; + }; postgresql = { enable = true; diff --git a/modules/nixos/services/observability/prometheus/default.nix b/modules/nixos/services/observability/prometheus/default.nix index af5ee9d..3faa278 100644 --- a/modules/nixos/services/observability/prometheus/default.nix +++ b/modules/nixos/services/observability/prometheus/default.nix @@ -1,7 +1,7 @@ { pkgs, config, lib, namespace, ... }: let inherit (builtins) toString; - inherit (lib) mkIf mkEnableOption; + inherit (lib) mkEnableOption mkIf optionals; cfg = config.${namespace}.services.observability.prometheus; in @@ -14,6 +14,9 @@ in services.prometheus = { enable = true; port = 9002; + extraFlags = optionals config.${namespace}.services.observability.alloy.enable [ + "--web.enable-remote-write-receiver" + ]; globalConfig.scrape_interval = "15s"; @@ -31,6 +34,22 @@ in { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; } ]; } + ] + ++ optionals config.${namespace}.services.observability.alloy.enable [ + { + job_name = "alloy"; + static_configs = [ + { targets = [ "localhost:9007" ]; } + ]; + } + ] + ++ optionals config.${namespace}.services.observability.tempo.enable [ + { + job_name = "tempo"; + static_configs = [ + { targets = [ "localhost:9006" ]; } + ]; + } ]; exporters = { diff --git a/modules/nixos/services/observability/tempo/default.nix b/modules/nixos/services/observability/tempo/default.nix new file mode 100644 index 0000000..10b07d7 --- /dev/null +++ b/modules/nixos/services/observability/tempo/default.nix @@ -0,0 +1,48 @@ +{ config, lib, namespace, ... }: +let + inherit (lib) mkEnableOption mkIf; + + cfg = config.${namespace}.services.observability.tempo; + + httpPort = 9006; + grpcPort = 9008; + otlpGrpcPort = 9009; + otlpHttpPort = 9012; +in +{ + options.${namespace}.services.observability.tempo = { + enable = mkEnableOption "enable Grafana Tempo"; + }; + + config = mkIf cfg.enable { + services.tempo = { + enable = true; + settings = { + auth_enabled = false; + search_enabled = true; + + server = { + http_listen_address = "0.0.0.0"; + http_listen_port = httpPort; + grpc_listen_address = "127.0.0.1"; + grpc_listen_port = grpcPort; + }; + + distributor.receivers.otlp.protocols = { + grpc.endpoint = "127.0.0.1:${builtins.toString otlpGrpcPort}"; + http.endpoint = "127.0.0.1:${builtins.toString otlpHttpPort}"; + }; + + storage.trace = { + backend = "local"; + wal.path = "/var/lib/tempo/wal"; + local.path = "/var/lib/tempo/traces"; + }; + + compactor.compaction.block_retention = "168h"; + }; + }; + + networking.firewall.allowedTCPPorts = [ httpPort ]; + }; +} diff --git a/packages/arrtrix/pkg/observability/config.go b/packages/arrtrix/pkg/observability/config.go new file mode 100644 index 0000000..187c5b5 --- /dev/null +++ b/packages/arrtrix/pkg/observability/config.go @@ -0,0 +1,22 @@ +package observability + +import "strings" + +type Config struct { + OTLPGRPCEndpoint string `yaml:"otlp_grpc_endpoint"` + ServiceName string `yaml:"service_name"` + ResourceAttributes map[string]string `yaml:"resource_attributes"` +} + +func (c *Config) ApplyDefaults() { + if c.ServiceName == "" { + c.ServiceName = "arrtrix" + } + if c.ResourceAttributes == nil { + c.ResourceAttributes = map[string]string{} + } +} + +func (c Config) Enabled() bool { + return strings.TrimSpace(c.OTLPGRPCEndpoint) != "" +} diff --git a/packages/arrtrix/pkg/observability/otel.go b/packages/arrtrix/pkg/observability/otel.go new file mode 100644 index 0000000..2fe46ef --- /dev/null +++ b/packages/arrtrix/pkg/observability/otel.go @@ -0,0 +1,397 @@ +package observability + +import ( + "context" + "errors" + "fmt" + "net/url" + "strings" + "sync" + "time" + + "github.com/rs/zerolog" + "go.opentelemetry.io/otel" + "go.opentelemetry.io/otel/attribute" + "go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc" + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc" + "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc" + otellog "go.opentelemetry.io/otel/log" + logglobal "go.opentelemetry.io/otel/log/global" + otelmetric "go.opentelemetry.io/otel/metric" + sdklog "go.opentelemetry.io/otel/sdk/log" + sdkmetric "go.opentelemetry.io/otel/sdk/metric" + "go.opentelemetry.io/otel/sdk/resource" + sdktrace "go.opentelemetry.io/otel/sdk/trace" + "go.opentelemetry.io/otel/trace" +) + +const ( + instrumentationScope = "sneeuwvlok/packages/arrtrix" + logScope = instrumentationScope + "/logs" +) + +type Runtime struct { + traceProvider *sdktrace.TracerProvider + meterProvider *sdkmetric.MeterProvider + logProvider *sdklog.LoggerProvider + logHook zerolog.Hook +} + +type exporterEndpoint struct { + raw string + insecure bool +} + +type instruments struct { + webhookRequests otelCounter + webhookLatency otelHistogram + commandInvocations otelCounter + inviteEvents otelCounter + startupDuration otelHistogram +} + +type otelCounter interface { + Add(context.Context, int64, ...otelmetric.AddOption) +} + +type otelHistogram interface { + Record(context.Context, float64, ...otelmetric.RecordOption) +} + +var ( + mu sync.RWMutex + current instruments + tracer = otel.Tracer(instrumentationScope) + currentReady bool +) + +func Setup(ctx context.Context, cfg Config, version string) (*Runtime, error) { + cfg.ApplyDefaults() + if !cfg.Enabled() { + resetInstruments() + return &Runtime{}, nil + } + + res, err := buildResource(cfg, version) + if err != nil { + return nil, err + } + endpoint, err := parseEndpoint(cfg.OTLPGRPCEndpoint) + if err != nil { + return nil, err + } + + traceExporter, err := otlptracegrpc.New(ctx, traceOptions(endpoint)...) + if err != nil { + return nil, fmt.Errorf("create trace exporter: %w", err) + } + metricExporter, err := otlpmetricgrpc.New(ctx, metricOptions(endpoint)...) + if err != nil { + return nil, fmt.Errorf("create metric exporter: %w", err) + } + logExporter, err := otlploggrpc.New(ctx, logOptions(endpoint)...) + if err != nil { + return nil, fmt.Errorf("create log exporter: %w", err) + } + + traceProvider := sdktrace.NewTracerProvider( + sdktrace.WithResource(res), + sdktrace.WithBatcher(traceExporter), + ) + meterProvider := sdkmetric.NewMeterProvider( + sdkmetric.WithResource(res), + sdkmetric.WithReader(sdkmetric.NewPeriodicReader(metricExporter, sdkmetric.WithInterval(30*time.Second))), + ) + logProvider := sdklog.NewLoggerProvider( + sdklog.WithResource(res), + sdklog.WithProcessor(sdklog.NewBatchProcessor(logExporter)), + ) + + otel.SetTracerProvider(traceProvider) + otel.SetMeterProvider(meterProvider) + logglobal.SetLoggerProvider(logProvider) + + if err = setInstruments(meterProvider); err != nil { + _ = traceProvider.Shutdown(ctx) + _ = meterProvider.Shutdown(ctx) + _ = logProvider.Shutdown(ctx) + return nil, err + } + + tracer = otel.Tracer(instrumentationScope) + return &Runtime{ + traceProvider: traceProvider, + meterProvider: meterProvider, + logProvider: logProvider, + logHook: newLogHook(logglobal.Logger(logScope)), + }, nil +} + +func (r *Runtime) Enabled() bool { + return r != nil && r.traceProvider != nil +} + +func (r *Runtime) LoggerHook() zerolog.Hook { + if r == nil { + return nil + } + return r.logHook +} + +func (r *Runtime) Shutdown(ctx context.Context) error { + if r == nil || !r.Enabled() { + resetInstruments() + return nil + } + + var errs []error + if err := r.logProvider.Shutdown(ctx); err != nil { + errs = append(errs, fmt.Errorf("shutdown log provider: %w", err)) + } + if err := r.meterProvider.Shutdown(ctx); err != nil { + errs = append(errs, fmt.Errorf("shutdown meter provider: %w", err)) + } + if err := r.traceProvider.Shutdown(ctx); err != nil { + errs = append(errs, fmt.Errorf("shutdown trace provider: %w", err)) + } + resetInstruments() + return errors.Join(errs...) +} + +func StartSpan(ctx context.Context, name string, opts ...trace.SpanStartOption) (context.Context, trace.Span) { + return tracer.Start(ctx, name, opts...) +} + +func RecordWebhook(ctx context.Context, eventType, outcome string, statusCode int, duration time.Duration) { + mu.RLock() + inst := current + ready := currentReady + mu.RUnlock() + if !ready { + return + } + attrs := otelmetric.WithAttributes( + attribute.String("event_type", eventType), + attribute.String("outcome", outcome), + attribute.Int("http.status_code", statusCode), + ) + inst.webhookRequests.Add(ctx, 1, attrs) + inst.webhookLatency.Record(ctx, duration.Seconds(), attrs) +} + +func RecordCommand(ctx context.Context, name, outcome string) { + mu.RLock() + inst := current + ready := currentReady + mu.RUnlock() + if !ready { + return + } + inst.commandInvocations.Add(ctx, 1, otelmetric.WithAttributes( + attribute.String("command", name), + attribute.String("outcome", outcome), + )) +} + +func RecordInvite(ctx context.Context, outcome string) { + mu.RLock() + inst := current + ready := currentReady + mu.RUnlock() + if !ready { + return + } + inst.inviteEvents.Add(ctx, 1, otelmetric.WithAttributes(attribute.String("outcome", outcome))) +} + +func RecordStartupPhase(ctx context.Context, phase, outcome string, duration time.Duration) { + mu.RLock() + inst := current + ready := currentReady + mu.RUnlock() + if !ready { + return + } + inst.startupDuration.Record(ctx, duration.Seconds(), otelmetric.WithAttributes( + attribute.String("phase", phase), + attribute.String("outcome", outcome), + )) +} + +func parseEndpoint(raw string) (exporterEndpoint, error) { + raw = strings.TrimSpace(raw) + if raw == "" { + return exporterEndpoint{}, errors.New("observability.otlp_grpc_endpoint must not be empty when observability is enabled") + } + if strings.Contains(raw, "://") { + u, err := url.Parse(raw) + if err != nil { + return exporterEndpoint{}, fmt.Errorf("parse observability.otlp_grpc_endpoint: %w", err) + } + if u.Scheme == "" || u.Host == "" { + return exporterEndpoint{}, fmt.Errorf("invalid observability.otlp_grpc_endpoint %q", raw) + } + return exporterEndpoint{raw: raw, insecure: u.Scheme == "http"}, nil + } + return exporterEndpoint{raw: "http://" + raw, insecure: true}, nil +} + +func buildResource(cfg Config, version string) (*resource.Resource, error) { + attrs := []attribute.KeyValue{ + attribute.String("service.name", cfg.ServiceName), + } + if version != "" { + attrs = append(attrs, attribute.String("service.version", version)) + } + for key, value := range cfg.ResourceAttributes { + attrs = append(attrs, attribute.String(key, value)) + } + return resource.Merge(resource.Default(), resource.NewWithAttributes("", attrs...)) +} + +func setInstruments(provider *sdkmetric.MeterProvider) error { + meter := provider.Meter(instrumentationScope) + + webhookRequests, err := meter.Int64Counter( + "arrtrix.webhook.requests", + otelmetric.WithDescription("Number of Arr webhook requests handled by arrtrix."), + ) + if err != nil { + return fmt.Errorf("create webhook request counter: %w", err) + } + webhookLatency, err := meter.Float64Histogram( + "arrtrix.webhook.duration.seconds", + otelmetric.WithDescription("Duration of Arr webhook request handling."), + otelmetric.WithUnit("s"), + ) + if err != nil { + return fmt.Errorf("create webhook duration histogram: %w", err) + } + commandInvocations, err := meter.Int64Counter( + "arrtrix.matrix.commands", + otelmetric.WithDescription("Number of Matrix management-room commands handled by arrtrix."), + ) + if err != nil { + return fmt.Errorf("create command counter: %w", err) + } + inviteEvents, err := meter.Int64Counter( + "arrtrix.matrix.invites", + otelmetric.WithDescription("Number of management-room invite flows observed by arrtrix."), + ) + if err != nil { + return fmt.Errorf("create invite counter: %w", err) + } + startupDuration, err := meter.Float64Histogram( + "arrtrix.runtime.phase.duration.seconds", + otelmetric.WithDescription("Duration of arrtrix runtime startup and shutdown phases."), + otelmetric.WithUnit("s"), + ) + if err != nil { + return fmt.Errorf("create runtime duration histogram: %w", err) + } + + mu.Lock() + current = instruments{ + webhookRequests: webhookRequests, + webhookLatency: webhookLatency, + commandInvocations: commandInvocations, + inviteEvents: inviteEvents, + startupDuration: startupDuration, + } + currentReady = true + mu.Unlock() + return nil +} + +func resetInstruments() { + mu.Lock() + current = instruments{} + currentReady = false + mu.Unlock() +} + +func traceOptions(endpoint exporterEndpoint) []otlptracegrpc.Option { + opts := []otlptracegrpc.Option{otlptracegrpc.WithEndpointURL(endpoint.raw)} + if endpoint.insecure { + opts = append(opts, otlptracegrpc.WithInsecure()) + } + return opts +} + +func metricOptions(endpoint exporterEndpoint) []otlpmetricgrpc.Option { + opts := []otlpmetricgrpc.Option{otlpmetricgrpc.WithEndpointURL(endpoint.raw)} + if endpoint.insecure { + opts = append(opts, otlpmetricgrpc.WithInsecure()) + } + return opts +} + +func logOptions(endpoint exporterEndpoint) []otlploggrpc.Option { + opts := []otlploggrpc.Option{otlploggrpc.WithEndpointURL(endpoint.raw)} + if endpoint.insecure { + opts = append(opts, otlploggrpc.WithInsecure()) + } + return opts +} + +type otelLogHook struct { + logger otellog.Logger +} + +func newLogHook(logger otellog.Logger) zerolog.Hook { + return otelLogHook{logger: logger} +} + +func (h otelLogHook) Run(e *zerolog.Event, level zerolog.Level, message string) { + if h.logger == nil { + return + } + ctx := e.GetCtx() + if ctx == nil { + ctx = context.Background() + } + + severity := mapSeverity(level) + if !h.logger.Enabled(ctx, otellog.EnabledParameters{Severity: severity}) { + return + } + + now := time.Now() + record := otellog.Record{} + record.SetTimestamp(now) + record.SetObservedTimestamp(now) + record.SetSeverity(severity) + record.SetSeverityText(strings.ToUpper(level.String())) + record.SetBody(otellog.StringValue(message)) + record.AddAttributes(otellog.String("log.scope", logScope)) + + if spanCtx := trace.SpanContextFromContext(ctx); spanCtx.IsValid() { + record.AddAttributes( + otellog.String("trace_id", spanCtx.TraceID().String()), + otellog.String("span_id", spanCtx.SpanID().String()), + ) + } + + h.logger.Emit(ctx, record) +} + +func mapSeverity(level zerolog.Level) otellog.Severity { + switch level { + case zerolog.TraceLevel: + return otellog.SeverityTrace + case zerolog.DebugLevel: + return otellog.SeverityDebug + case zerolog.InfoLevel: + return otellog.SeverityInfo + case zerolog.WarnLevel: + return otellog.SeverityWarn + case zerolog.ErrorLevel: + return otellog.SeverityError + case zerolog.FatalLevel: + return otellog.SeverityFatal + case zerolog.PanicLevel: + return otellog.SeverityFatal4 + default: + return otellog.SeverityUndefined + } +} diff --git a/packages/arrtrix/pkg/observability/otel_test.go b/packages/arrtrix/pkg/observability/otel_test.go new file mode 100644 index 0000000..4dd8e3e --- /dev/null +++ b/packages/arrtrix/pkg/observability/otel_test.go @@ -0,0 +1,54 @@ +package observability + +import "testing" + +func TestConfigDefaults(t *testing.T) { + var cfg Config + cfg.ApplyDefaults() + + if cfg.ServiceName != "arrtrix" { + t.Fatalf("expected default service name arrtrix, got %q", cfg.ServiceName) + } + if cfg.ResourceAttributes == nil { + t.Fatal("expected resource attributes map to be initialized") + } + if cfg.Enabled() { + t.Fatal("expected observability to be disabled by default") + } +} + +func TestParseEndpointSupportsURLAndBareHost(t *testing.T) { + tests := []struct { + name string + input string + wantRaw string + insecure bool + wantError bool + }{ + {name: "https url", input: "https://otel.example:4317", wantRaw: "https://otel.example:4317"}, + {name: "http url", input: "http://127.0.0.1:4317", wantRaw: "http://127.0.0.1:4317", insecure: true}, + {name: "bare host", input: "collector:4317", wantRaw: "http://collector:4317", insecure: true}, + {name: "invalid", input: "://bad", wantError: true}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := parseEndpoint(tt.input) + if tt.wantError { + if err == nil { + t.Fatal("expected error") + } + return + } + if err != nil { + t.Fatalf("parseEndpoint returned error: %v", err) + } + if got.raw != tt.wantRaw { + t.Fatalf("expected raw endpoint %q, got %q", tt.wantRaw, got.raw) + } + if got.insecure != tt.insecure { + t.Fatalf("expected insecure=%t, got %t", tt.insecure, got.insecure) + } + }) + } +} diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 7c20a11..57f57d3 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -256,10 +256,12 @@ }; observability = { + alloy.enable = true; grafana.enable = true; - prometheus.enable = true; loki.enable = true; + prometheus.enable = true; promtail.enable = true; + tempo.enable = true; # uptime-kuma.enable = true; }; From e26e25b566a5d48865d413f7f87302054affcdfa Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 16 Apr 2026 10:41:16 +0200 Subject: [PATCH 55/58] Change observability service ports and add Arrtrix content management - Update ports for Alloy, Grafana, Loki, Prometheus, Promtail, Tempo, and Uptime Kuma to new ranges - Add Arrtrix content management commands and subscriptions - Implement Radarr and Sonarr client logic for movie and series management - Add matrix commands for download and subscription management - Add subscription repository with database schema and logic - Update Arrtrix config and example config for content section - Update help text and command processor to include new commands - Update vendor hash for Arrtrix package --- .../services/observability/alloy/default.nix | 8 +- .../observability/grafana/default.nix | 8 +- .../services/observability/loki/default.nix | 4 +- .../observability/prometheus/default.nix | 12 +- .../observability/promtail/default.nix | 6 +- .../services/observability/tempo/default.nix | 8 +- .../observability/uptime-kuma/default.nix | 4 +- packages/arrtrix/default.nix | 2 +- packages/arrtrix/pkg/arr/catalog.go | 76 ++++++ packages/arrtrix/pkg/arrclient/client.go | 211 +++++++++++++++++ packages/arrtrix/pkg/arrclient/radarr.go | 164 +++++++++++++ packages/arrtrix/pkg/arrclient/sonarr.go | 149 ++++++++++++ packages/arrtrix/pkg/connector/config.go | 42 +++- packages/arrtrix/pkg/connector/connector.go | 30 ++- .../arrtrix/pkg/connector/example-config.yaml | 23 +- packages/arrtrix/pkg/matrixcmd/download.go | 222 ++++++++++++++++++ packages/arrtrix/pkg/matrixcmd/help_test.go | 2 + packages/arrtrix/pkg/matrixcmd/processor.go | 2 + .../arrtrix/pkg/matrixcmd/subscriptions.go | 107 +++++++++ packages/arrtrix/pkg/runtime/main.go | 5 + packages/arrtrix/pkg/subscriptions/repo.go | 141 +++++++++++ packages/arrtrix/pkg/webhook/arr.go | 180 ++++++++++---- packages/arrtrix/pkg/webhook/arr_test.go | 14 +- systems/x86_64-linux/ulmo/default.nix | 2 +- 24 files changed, 1340 insertions(+), 82 deletions(-) create mode 100644 packages/arrtrix/pkg/arr/catalog.go create mode 100644 packages/arrtrix/pkg/arrclient/client.go create mode 100644 packages/arrtrix/pkg/arrclient/radarr.go create mode 100644 packages/arrtrix/pkg/arrclient/sonarr.go create mode 100644 packages/arrtrix/pkg/matrixcmd/download.go create mode 100644 packages/arrtrix/pkg/matrixcmd/subscriptions.go create mode 100644 packages/arrtrix/pkg/subscriptions/repo.go diff --git a/modules/nixos/services/observability/alloy/default.nix b/modules/nixos/services/observability/alloy/default.nix index 8385f8f..4b6d787 100644 --- a/modules/nixos/services/observability/alloy/default.nix +++ b/modules/nixos/services/observability/alloy/default.nix @@ -5,10 +5,10 @@ let cfg = config.${namespace}.services.observability.alloy; - httpPort = 9007; - otlpGrpcPort = 9010; - otlpHttpPort = 9011; - tempoOtlpGrpcPort = 9009; + httpPort = 9700; + otlpGrpcPort = 9701; + otlpHttpPort = 9702; + tempoOtlpGrpcPort = 9602; in { options.${namespace}.services.observability.alloy = { diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index d2ed0e7..05fb1da 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -25,7 +25,7 @@ in { settings = { server = { - http_port = 9001; + http_port = 9100; http_addr = "0.0.0.0"; domain = "ulmo"; }; @@ -106,7 +106,7 @@ in { name = "Prometheus"; uid = "prometheus"; type = "prometheus"; - url = "http://localhost:9002"; + url = "http://localhost:9200"; isDefault = true; editable = false; } @@ -115,7 +115,7 @@ in { name = "Loki"; uid = "loki"; type = "loki"; - url = "http://localhost:9003"; + url = "http://localhost:9300"; editable = false; } @@ -123,7 +123,7 @@ in { name = "Tempo"; uid = "tempo"; type = "tempo"; - url = "http://localhost:9006"; + url = "http://localhost:9600"; editable = false; jsonData = { nodeGraph.enabled = true; diff --git a/modules/nixos/services/observability/loki/default.nix b/modules/nixos/services/observability/loki/default.nix index d4774ac..e99448e 100644 --- a/modules/nixos/services/observability/loki/default.nix +++ b/modules/nixos/services/observability/loki/default.nix @@ -17,7 +17,7 @@ in auth_enabled = false; server = { - http_listen_port = 9003; + http_listen_port = 9300; }; common = { @@ -44,6 +44,6 @@ in }; }; - networking.firewall.allowedTCPPorts = [ 9003 ]; + networking.firewall.allowedTCPPorts = [ 9300 ]; }; } diff --git a/modules/nixos/services/observability/prometheus/default.nix b/modules/nixos/services/observability/prometheus/default.nix index 3faa278..fc09e01 100644 --- a/modules/nixos/services/observability/prometheus/default.nix +++ b/modules/nixos/services/observability/prometheus/default.nix @@ -13,7 +13,7 @@ in config = mkIf cfg.enable { services.prometheus = { enable = true; - port = 9002; + port = 9200; extraFlags = optionals config.${namespace}.services.observability.alloy.enable [ "--web.enable-remote-write-receiver" ]; @@ -24,7 +24,7 @@ in { job_name = "prometheus"; static_configs = [ - { targets = [ "localhost:9002" ]; } + { targets = [ "localhost:9200" ]; } ]; } @@ -39,7 +39,7 @@ in { job_name = "alloy"; static_configs = [ - { targets = [ "localhost:9007" ]; } + { targets = [ "localhost:9700" ]; } ]; } ] @@ -47,7 +47,7 @@ in { job_name = "tempo"; static_configs = [ - { targets = [ "localhost:9006" ]; } + { targets = [ "localhost:9600" ]; } ]; } ]; @@ -55,13 +55,13 @@ in exporters = { node = { enable = true; - port = 9005; + port = 9201; enabledCollectors = [ "systemd" ]; openFirewall = true; }; }; }; - networking.firewall.allowedTCPPorts = [ 9002 ]; + networking.firewall.allowedTCPPorts = [ 9200 ]; }; } diff --git a/modules/nixos/services/observability/promtail/default.nix b/modules/nixos/services/observability/promtail/default.nix index 38dbbab..40a1b87 100644 --- a/modules/nixos/services/observability/promtail/default.nix +++ b/modules/nixos/services/observability/promtail/default.nix @@ -25,7 +25,7 @@ in { configuration = { server = { - http_listen_port = 9004; + http_listen_port = 9400; grpc_listen_port = 0; }; @@ -35,7 +35,7 @@ in { clients = [ { - url = "http://[::1]:9003/loki/api/v1/push"; + url = "http://[::1]:9300/loki/api/v1/push"; } ]; @@ -60,6 +60,6 @@ in { }; }; - networking.firewall.allowedTCPPorts = [9004]; + networking.firewall.allowedTCPPorts = [9400]; }; } diff --git a/modules/nixos/services/observability/tempo/default.nix b/modules/nixos/services/observability/tempo/default.nix index 10b07d7..9a6bd89 100644 --- a/modules/nixos/services/observability/tempo/default.nix +++ b/modules/nixos/services/observability/tempo/default.nix @@ -4,10 +4,10 @@ let cfg = config.${namespace}.services.observability.tempo; - httpPort = 9006; - grpcPort = 9008; - otlpGrpcPort = 9009; - otlpHttpPort = 9012; + httpPort = 9600; + grpcPort = 9601; + otlpGrpcPort = 9602; + otlpHttpPort = 9603; in { options.${namespace}.services.observability.tempo = { diff --git a/modules/nixos/services/observability/uptime-kuma/default.nix b/modules/nixos/services/observability/uptime-kuma/default.nix index c23977b..f4dcde4 100644 --- a/modules/nixos/services/observability/uptime-kuma/default.nix +++ b/modules/nixos/services/observability/uptime-kuma/default.nix @@ -15,11 +15,11 @@ in enable = true; settings = { - PORT = toString 9006; + PORT = toString 9500; HOST = "0.0.0.0"; }; }; - networking.firewall.allowedTCPPorts = [ 9006 ]; + networking.firewall.allowedTCPPorts = [ 9500 ]; }; } diff --git a/packages/arrtrix/default.nix b/packages/arrtrix/default.nix index 81950f9..0113edb 100644 --- a/packages/arrtrix/default.nix +++ b/packages/arrtrix/default.nix @@ -11,7 +11,7 @@ buildGoModule rec { src = lib.cleanSource ./.; - vendorHash = "sha256-FbatoXcxZcnqVUmoj/jeSMFO/iTmD8uga47MoTdGcRw="; + vendorHash = "sha256-UYRit+v41djnCx+GFdEl/8WQsp2DzF4ywT9iv3m1pSc="; subPackages = ["cmd/arrtrix"]; buildInputs = [olm]; diff --git a/packages/arrtrix/pkg/arr/catalog.go b/packages/arrtrix/pkg/arr/catalog.go new file mode 100644 index 0000000..eb2f833 --- /dev/null +++ b/packages/arrtrix/pkg/arr/catalog.go @@ -0,0 +1,76 @@ +package arr + +import ( + "fmt" + "slices" + "strings" +) + +type ContentType string + +const ( + ContentTypeMovies ContentType = "movies" + ContentTypeSeries ContentType = "series" +) + +var supportedContentTypes = []ContentType{ + ContentTypeMovies, + ContentTypeSeries, +} + +var supportedEvents = map[ContentType][]string{ + ContentTypeMovies: {"Test", "Grab", "Download", "Rename", "MovieFileDelete", "MovieDelete"}, + ContentTypeSeries: {"Test", "Grab", "Download", "Rename", "EpisodeFileDelete", "SeriesDelete"}, +} + +func SupportedContentTypes() []ContentType { + return append([]ContentType(nil), supportedContentTypes...) +} + +func SupportedEventTypes(contentType ContentType) []string { + return append([]string(nil), supportedEvents[contentType]...) +} + +func ParseContentType(value string) (ContentType, error) { + contentType := ContentType(strings.ToLower(strings.TrimSpace(value))) + if slices.Contains(supportedContentTypes, contentType) { + return contentType, nil + } + return "", fmt.Errorf("unsupported content type %q (expected one of: %s)", value, Strings()) +} + +func ParseEventType(contentType ContentType, value string) (string, error) { + value = strings.TrimSpace(value) + if strings.EqualFold(value, "all") { + return "all", nil + } + for _, eventType := range supportedEvents[contentType] { + if strings.EqualFold(eventType, value) { + return eventType, nil + } + } + return "", fmt.Errorf("unsupported event type %q for %s", value, contentType) +} + +func SupportsEventType(contentType ContentType, eventType string) bool { + return slices.Contains(supportedEvents[contentType], strings.TrimSpace(eventType)) +} + +func (c ContentType) Label() string { + switch c { + case ContentTypeMovies: + return "movies" + case ContentTypeSeries: + return "series" + default: + return string(c) + } +} + +func Strings() string { + values := make([]string, 0, len(supportedContentTypes)) + for _, contentType := range supportedContentTypes { + values = append(values, string(contentType)) + } + return strings.Join(values, ", ") +} diff --git a/packages/arrtrix/pkg/arrclient/client.go b/packages/arrtrix/pkg/arrclient/client.go new file mode 100644 index 0000000..558dc52 --- /dev/null +++ b/packages/arrtrix/pkg/arrclient/client.go @@ -0,0 +1,211 @@ +package arrclient + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "net/url" + "path" + "strings" + + "sneeuwvlok/packages/arrtrix/pkg/arr" +) + +type Client interface { + ContentType() arr.ContentType + Search(context.Context, string) ([]SearchResult, error) + List(context.Context, string) ([]ManagedItem, error) + Add(context.Context, SearchResult) (*ManagedItem, error) + SetMonitored(context.Context, int64, bool) (*ManagedItem, error) + Delete(context.Context, int64) error +} + +type SearchResult struct { + LookupID int64 + Title string + Year int + Overview string +} + +type ManagedItem struct { + ID int64 + LookupID int64 + Title string + Year int + Monitored bool + Path string +} + +type RadarrConfig struct { + URL string `yaml:"url"` + APIKey string `yaml:"api_key"` + RootFolderPath string `yaml:"root_folder_path"` + QualityProfileID int64 `yaml:"quality_profile_id"` + MinimumAvailability string `yaml:"minimum_availability"` + SearchOnAdd *bool `yaml:"search_on_add"` +} + +type SonarrConfig struct { + URL string `yaml:"url"` + APIKey string `yaml:"api_key"` + RootFolderPath string `yaml:"root_folder_path"` + QualityProfileID int64 `yaml:"quality_profile_id"` + LanguageProfileID int64 `yaml:"language_profile_id"` + SeasonFolder *bool `yaml:"season_folder"` + SeriesType string `yaml:"series_type"` + SearchOnAdd *bool `yaml:"search_on_add"` +} + +type httpClient struct { + baseURL *url.URL + apiKey string + httpClient *http.Client +} + +func (c *RadarrConfig) ApplyDefaults() { + if c.MinimumAvailability == "" { + c.MinimumAvailability = "released" + } +} + +func (c RadarrConfig) Enabled() bool { + return strings.TrimSpace(c.URL) != "" || strings.TrimSpace(c.APIKey) != "" +} + +func (c RadarrConfig) Validate() error { + if !c.Enabled() { + return nil + } + switch { + case strings.TrimSpace(c.URL) == "": + return fmt.Errorf("network.content.movies.url must be set when movies content is configured") + case strings.TrimSpace(c.APIKey) == "": + return fmt.Errorf("network.content.movies.api_key must be set when movies content is configured") + case strings.TrimSpace(c.RootFolderPath) == "": + return fmt.Errorf("network.content.movies.root_folder_path must be set when movies content is configured") + case c.QualityProfileID <= 0: + return fmt.Errorf("network.content.movies.quality_profile_id must be set when movies content is configured") + case strings.TrimSpace(c.MinimumAvailability) == "": + return fmt.Errorf("network.content.movies.minimum_availability must not be empty") + default: + return nil + } +} + +func (c RadarrConfig) SearchOnAddValue() bool { + return boolValue(c.SearchOnAdd, true) +} + +func (c *SonarrConfig) ApplyDefaults() { + if c.SeriesType == "" { + c.SeriesType = "standard" + } +} + +func (c SonarrConfig) Enabled() bool { + return strings.TrimSpace(c.URL) != "" || strings.TrimSpace(c.APIKey) != "" +} + +func (c SonarrConfig) Validate() error { + if !c.Enabled() { + return nil + } + switch { + case strings.TrimSpace(c.URL) == "": + return fmt.Errorf("network.content.series.url must be set when series content is configured") + case strings.TrimSpace(c.APIKey) == "": + return fmt.Errorf("network.content.series.api_key must be set when series content is configured") + case strings.TrimSpace(c.RootFolderPath) == "": + return fmt.Errorf("network.content.series.root_folder_path must be set when series content is configured") + case c.QualityProfileID <= 0: + return fmt.Errorf("network.content.series.quality_profile_id must be set when series content is configured") + case c.LanguageProfileID <= 0: + return fmt.Errorf("network.content.series.language_profile_id must be set when series content is configured") + case strings.TrimSpace(c.SeriesType) == "": + return fmt.Errorf("network.content.series.series_type must not be empty") + default: + return nil + } +} + +func (c SonarrConfig) SeasonFolderValue() bool { + return boolValue(c.SeasonFolder, true) +} + +func (c SonarrConfig) SearchOnAddValue() bool { + return boolValue(c.SearchOnAdd, true) +} + +func newHTTPClient(rawURL, apiKey string) (*httpClient, error) { + parsedURL, err := url.Parse(strings.TrimRight(strings.TrimSpace(rawURL), "/")) + if err != nil { + return nil, err + } + return &httpClient{ + baseURL: parsedURL, + apiKey: apiKey, + httpClient: http.DefaultClient, + }, nil +} + +func (c *httpClient) do(ctx context.Context, method, requestPath string, query url.Values, body any, dest any) error { + endpoint := *c.baseURL + endpoint.Path = path.Join(endpoint.Path, requestPath) + if len(query) > 0 { + endpoint.RawQuery = query.Encode() + } + + var payload io.Reader + if body != nil { + data, err := json.Marshal(body) + if err != nil { + return err + } + payload = bytes.NewReader(data) + } + + req, err := http.NewRequestWithContext(ctx, method, endpoint.String(), payload) + if err != nil { + return err + } + req.Header.Set("X-Api-Key", c.apiKey) + if body != nil { + req.Header.Set("Content-Type", "application/json") + } + + resp, err := c.httpClient.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + + if resp.StatusCode < 200 || resp.StatusCode >= 300 { + data, _ := io.ReadAll(io.LimitReader(resp.Body, 4096)) + return fmt.Errorf("%s %s returned %d: %s", method, endpoint.String(), resp.StatusCode, strings.TrimSpace(string(data))) + } + if dest == nil { + return nil + } + return json.NewDecoder(resp.Body).Decode(dest) +} + +func boolValue(value *bool, fallback bool) bool { + if value == nil { + return fallback + } + return *value +} + +func containsFold(haystack, needle string) bool { + return strings.Contains(strings.ToLower(haystack), strings.ToLower(strings.TrimSpace(needle))) +} + +func FormatSearchResult(result SearchResult) string { + if result.Year != 0 { + return fmt.Sprintf("%s (%d)", result.Title, result.Year) + } + return result.Title +} diff --git a/packages/arrtrix/pkg/arrclient/radarr.go b/packages/arrtrix/pkg/arrclient/radarr.go new file mode 100644 index 0000000..21ac1fd --- /dev/null +++ b/packages/arrtrix/pkg/arrclient/radarr.go @@ -0,0 +1,164 @@ +package arrclient + +import ( + "context" + "fmt" + "net/http" + "net/url" + "strconv" + "strings" + + "sneeuwvlok/packages/arrtrix/pkg/arr" +) + +type RadarrClient struct { + http *httpClient + config RadarrConfig +} + +type radarrMovie struct { + ID int64 `json:"id"` + Title string `json:"title"` + Year int `json:"year"` + TMDBID int64 `json:"tmdbId"` + Overview string `json:"overview"` + Monitored bool `json:"monitored"` + Path string `json:"path"` +} + +func NewRadarrClient(config RadarrConfig) (*RadarrClient, error) { + config.ApplyDefaults() + if err := config.Validate(); err != nil { + return nil, err + } + httpClient, err := newHTTPClient(config.URL, config.APIKey) + if err != nil { + return nil, err + } + return &RadarrClient{http: httpClient, config: config}, nil +} + +func (c *RadarrClient) ContentType() arr.ContentType { + return arr.ContentTypeMovies +} + +func (c *RadarrClient) Search(ctx context.Context, query string) ([]SearchResult, error) { + var response []radarrMovie + if err := c.http.do(ctx, http.MethodGet, "/api/v3/movie/lookup", url.Values{"term": {strings.TrimSpace(query)}}, nil, &response); err != nil { + return nil, err + } + + results := make([]SearchResult, 0, len(response)) + for _, movie := range response { + if movie.TMDBID == 0 { + continue + } + results = append(results, SearchResult{ + LookupID: movie.TMDBID, + Title: movie.Title, + Year: movie.Year, + Overview: movie.Overview, + }) + } + return results, nil +} + +func (c *RadarrClient) List(ctx context.Context, query string) ([]ManagedItem, error) { + var response []radarrMovie + if err := c.http.do(ctx, http.MethodGet, "/api/v3/movie", nil, nil, &response); err != nil { + return nil, err + } + + items := make([]ManagedItem, 0, len(response)) + for _, movie := range response { + if query != "" && !containsFold(movie.Title, query) && !containsFold(strconv.Itoa(movie.Year), query) { + continue + } + items = append(items, ManagedItem{ + ID: movie.ID, + LookupID: movie.TMDBID, + Title: movie.Title, + Year: movie.Year, + Monitored: movie.Monitored, + Path: movie.Path, + }) + } + return items, nil +} + +func (c *RadarrClient) Add(ctx context.Context, result SearchResult) (*ManagedItem, error) { + payload := map[string]any{ + "title": result.Title, + "tmdbId": result.LookupID, + "year": result.Year, + "qualityProfileId": c.config.QualityProfileID, + "rootFolderPath": c.config.RootFolderPath, + "minimumAvailability": c.config.MinimumAvailability, + "monitored": true, + "addOptions": map[string]any{ + "searchForMovie": c.config.SearchOnAddValue(), + }, + } + + var response radarrMovie + if err := c.http.do(ctx, http.MethodPost, "/api/v3/movie", nil, payload, &response); err != nil { + return nil, err + } + item := ManagedItem{ + ID: response.ID, + LookupID: response.TMDBID, + Title: response.Title, + Year: response.Year, + Monitored: response.Monitored, + Path: response.Path, + } + return &item, nil +} + +func (c *RadarrClient) SetMonitored(ctx context.Context, id int64, monitored bool) (*ManagedItem, error) { + var movie map[string]any + endpoint := "/api/v3/movie/" + strconv.FormatInt(id, 10) + if err := c.http.do(ctx, http.MethodGet, endpoint, nil, nil, &movie); err != nil { + return nil, err + } + movie["monitored"] = monitored + + var response radarrMovie + if err := c.http.do(ctx, http.MethodPut, endpoint, nil, movie, &response); err != nil { + return nil, err + } + item := ManagedItem{ + ID: response.ID, + LookupID: response.TMDBID, + Title: response.Title, + Year: response.Year, + Monitored: response.Monitored, + Path: response.Path, + } + return &item, nil +} + +func (c *RadarrClient) Delete(ctx context.Context, id int64) error { + return c.http.do(ctx, http.MethodDelete, "/api/v3/movie/"+strconv.FormatInt(id, 10), url.Values{ + "deleteFiles": {"false"}, + "addImportExclusion": {"false"}, + }, nil, nil) +} + +func PickSingleResult(results []SearchResult, query string) (SearchResult, error) { + switch len(results) { + case 0: + return SearchResult{}, fmt.Errorf("no matching result found for %q", query) + case 1: + return results[0], nil + default: + normalized := strings.TrimSpace(strings.ToLower(query)) + for _, result := range results { + title := strings.ToLower(FormatSearchResult(result)) + if title == normalized { + return result, nil + } + } + return SearchResult{}, fmt.Errorf("multiple results matched %q", query) + } +} diff --git a/packages/arrtrix/pkg/arrclient/sonarr.go b/packages/arrtrix/pkg/arrclient/sonarr.go new file mode 100644 index 0000000..9b0691b --- /dev/null +++ b/packages/arrtrix/pkg/arrclient/sonarr.go @@ -0,0 +1,149 @@ +package arrclient + +import ( + "context" + "net/http" + "net/url" + "strconv" + "strings" + + "sneeuwvlok/packages/arrtrix/pkg/arr" +) + +type SonarrClient struct { + http *httpClient + config SonarrConfig +} + +type sonarrSeries struct { + ID int64 `json:"id"` + Title string `json:"title"` + Year int `json:"year"` + TVDBID int64 `json:"tvdbId"` + Overview string `json:"overview"` + Monitored bool `json:"monitored"` + Path string `json:"path"` +} + +func NewSonarrClient(config SonarrConfig) (*SonarrClient, error) { + config.ApplyDefaults() + if err := config.Validate(); err != nil { + return nil, err + } + httpClient, err := newHTTPClient(config.URL, config.APIKey) + if err != nil { + return nil, err + } + return &SonarrClient{http: httpClient, config: config}, nil +} + +func (c *SonarrClient) ContentType() arr.ContentType { + return arr.ContentTypeSeries +} + +func (c *SonarrClient) Search(ctx context.Context, query string) ([]SearchResult, error) { + var response []sonarrSeries + if err := c.http.do(ctx, http.MethodGet, "/api/v3/series/lookup", url.Values{"term": {strings.TrimSpace(query)}}, nil, &response); err != nil { + return nil, err + } + + results := make([]SearchResult, 0, len(response)) + for _, series := range response { + if series.TVDBID == 0 { + continue + } + results = append(results, SearchResult{ + LookupID: series.TVDBID, + Title: series.Title, + Year: series.Year, + Overview: series.Overview, + }) + } + return results, nil +} + +func (c *SonarrClient) List(ctx context.Context, query string) ([]ManagedItem, error) { + var response []sonarrSeries + if err := c.http.do(ctx, http.MethodGet, "/api/v3/series", nil, nil, &response); err != nil { + return nil, err + } + + items := make([]ManagedItem, 0, len(response)) + for _, series := range response { + if query != "" && !containsFold(series.Title, query) && !containsFold(strconv.Itoa(series.Year), query) { + continue + } + items = append(items, ManagedItem{ + ID: series.ID, + LookupID: series.TVDBID, + Title: series.Title, + Year: series.Year, + Monitored: series.Monitored, + Path: series.Path, + }) + } + return items, nil +} + +func (c *SonarrClient) Add(ctx context.Context, result SearchResult) (*ManagedItem, error) { + payload := map[string]any{ + "title": result.Title, + "tvdbId": result.LookupID, + "qualityProfileId": c.config.QualityProfileID, + "languageProfileId": c.config.LanguageProfileID, + "rootFolderPath": c.config.RootFolderPath, + "seasonFolder": c.config.SeasonFolderValue(), + "monitored": true, + "seriesType": c.config.SeriesType, + "addOptions": map[string]any{ + "searchForMissingEpisodes": c.config.SearchOnAddValue(), + }, + } + if result.Year != 0 { + payload["year"] = result.Year + } + + var response sonarrSeries + if err := c.http.do(ctx, http.MethodPost, "/api/v3/series", nil, payload, &response); err != nil { + return nil, err + } + item := ManagedItem{ + ID: response.ID, + LookupID: response.TVDBID, + Title: response.Title, + Year: response.Year, + Monitored: response.Monitored, + Path: response.Path, + } + return &item, nil +} + +func (c *SonarrClient) SetMonitored(ctx context.Context, id int64, monitored bool) (*ManagedItem, error) { + var series map[string]any + endpoint := "/api/v3/series/" + strconv.FormatInt(id, 10) + if err := c.http.do(ctx, http.MethodGet, endpoint, nil, nil, &series); err != nil { + return nil, err + } + series["monitored"] = monitored + + var response sonarrSeries + if err := c.http.do(ctx, http.MethodPut, endpoint, nil, series, &response); err != nil { + return nil, err + } + item := ManagedItem{ + ID: response.ID, + LookupID: response.TVDBID, + Title: response.Title, + Year: response.Year, + Monitored: response.Monitored, + Path: response.Path, + } + return &item, nil +} + +func (c *SonarrClient) Delete(ctx context.Context, id int64) error { + return c.http.do(ctx, http.MethodDelete, "/api/v3/series/"+strconv.FormatInt(id, 10), url.Values{ + "deleteFiles": {"false"}, + "addImportListExclusion": {"false"}, + }, nil, nil) +} diff --git a/packages/arrtrix/pkg/connector/config.go b/packages/arrtrix/pkg/connector/config.go index 2cdec34..149fd32 100644 --- a/packages/arrtrix/pkg/connector/config.go +++ b/packages/arrtrix/pkg/connector/config.go @@ -8,13 +8,23 @@ import ( up "go.mau.fi/util/configupgrade" "maunium.net/go/mautrix/bridgev2" + "sneeuwvlok/packages/arrtrix/pkg/arr" + "sneeuwvlok/packages/arrtrix/pkg/arrclient" + "sneeuwvlok/packages/arrtrix/pkg/subscriptions" "sneeuwvlok/packages/arrtrix/pkg/webhook" ) //go:embed example-config.yaml var ExampleConfig string -type Config struct{} +type Config struct { + Content ContentConfig `yaml:"content"` +} + +type ContentConfig struct { + Movies arrclient.RadarrConfig `yaml:"movies"` + Series arrclient.SonarrConfig `yaml:"series"` +} func upgradeConfig(helper up.Helper) {} @@ -23,6 +33,14 @@ func (s *ArrtrixConnector) GetConfig() (string, any, up.Upgrader) { } func (s *ArrtrixConnector) ValidateConfig() error { + s.Config.Content.Movies.ApplyDefaults() + s.Config.Content.Series.ApplyDefaults() + if err := s.Config.Content.Movies.Validate(); err != nil { + return err + } + if err := s.Config.Content.Series.Validate(); err != nil { + return err + } return nil } @@ -30,7 +48,27 @@ func (s *ArrtrixConnector) MountRoutes(router *http.ServeMux) error { if s.Bridge == nil { return fmt.Errorf("bridge is not initialized") } - return webhook.MountArr(router, s.Bridge) + return webhook.MountArr(router, s.Bridge, s.Subscriptions()) } var _ bridgev2.ConfigValidatingNetwork = (*ArrtrixConnector)(nil) +var _ webhook.SubscriptionFilter = (*subscriptions.Repository)(nil) + +func (c ContentConfig) Client(contentType arr.ContentType) (arrclient.Client, bool, error) { + switch contentType { + case arr.ContentTypeMovies: + if !c.Movies.Enabled() { + return nil, false, nil + } + client, err := arrclient.NewRadarrClient(c.Movies) + return client, true, err + case arr.ContentTypeSeries: + if !c.Series.Enabled() { + return nil, false, nil + } + client, err := arrclient.NewSonarrClient(c.Series) + return client, true, err + default: + return nil, false, fmt.Errorf("unsupported content type %q", contentType) + } +} diff --git a/packages/arrtrix/pkg/connector/connector.go b/packages/arrtrix/pkg/connector/connector.go index 121e94c..4be007a 100644 --- a/packages/arrtrix/pkg/connector/connector.go +++ b/packages/arrtrix/pkg/connector/connector.go @@ -10,11 +10,17 @@ import ( "maunium.net/go/mautrix/bridgev2/networkid" "maunium.net/go/mautrix/event" "maunium.net/go/mautrix/id" + + "sneeuwvlok/packages/arrtrix/pkg/arr" + "sneeuwvlok/packages/arrtrix/pkg/arrclient" + "sneeuwvlok/packages/arrtrix/pkg/subscriptions" ) type ArrtrixConnector struct { - Bridge *bridgev2.Bridge - Config Config + Bridge *bridgev2.Bridge + Config Config + clients map[arr.ContentType]arrclient.Client + subscriptions *subscriptions.Repository } var _ bridgev2.NetworkConnector = (*ArrtrixConnector)(nil) @@ -33,6 +39,17 @@ func (s *ArrtrixConnector) GetName() bridgev2.BridgeName { func (s *ArrtrixConnector) Init(bridge *bridgev2.Bridge) { s.Bridge = bridge + s.subscriptions = subscriptions.NewRepository(bridge.DB.Database, string(bridge.ID)) + s.clients = make(map[arr.ContentType]arrclient.Client) + for _, contentType := range arr.SupportedContentTypes() { + client, ok, err := s.Config.Content.Client(contentType) + if err != nil { + panic(err) + } + if ok { + s.clients[contentType] = client + } + } } func (s *ArrtrixConnector) Start(context.Context) error { @@ -107,3 +124,12 @@ func (c *ArrtrixClient) HandleMatrixMessage(context.Context, *bridgev2.MatrixMes func (c *ArrtrixClient) GenerateTransactionID(userID id.UserID, roomID id.RoomID, eventType event.Type) networkid.RawTransactionID { return networkid.RawTransactionID("") } + +func (s *ArrtrixConnector) ContentClient(contentType arr.ContentType) (arrclient.Client, bool) { + client, ok := s.clients[contentType] + return client, ok +} + +func (s *ArrtrixConnector) Subscriptions() *subscriptions.Repository { + return s.subscriptions +} diff --git a/packages/arrtrix/pkg/connector/example-config.yaml b/packages/arrtrix/pkg/connector/example-config.yaml index 9c11ddf..a917e23 100644 --- a/packages/arrtrix/pkg/connector/example-config.yaml +++ b/packages/arrtrix/pkg/connector/example-config.yaml @@ -1,4 +1,23 @@ -# No network-specific config is required yet. -# +content: + movies: + # Radarr connection for movie management commands. + url: "" + api_key: "" + root_folder_path: "" + quality_profile_id: 0 + minimum_availability: released + search_on_add: true + + series: + # Sonarr connection for series management commands. + url: "" + api_key: "" + root_folder_path: "" + quality_profile_id: 0 + language_profile_id: 0 + season_folder: true + series_type: standard + search_on_add: true + # Arr-stack webhooks are exposed automatically on the fixed built-in path: # POST /_arrtrix/webhook diff --git a/packages/arrtrix/pkg/matrixcmd/download.go b/packages/arrtrix/pkg/matrixcmd/download.go new file mode 100644 index 0000000..6d27a1a --- /dev/null +++ b/packages/arrtrix/pkg/matrixcmd/download.go @@ -0,0 +1,222 @@ +package matrixcmd + +import ( + "fmt" + "strconv" + "strings" + + "maunium.net/go/mautrix/id" + + "sneeuwvlok/packages/arrtrix/pkg/arr" + "sneeuwvlok/packages/arrtrix/pkg/arrclient" + "sneeuwvlok/packages/arrtrix/pkg/subscriptions" +) + +type commandServiceProvider interface { + ContentClient(arr.ContentType) (arrclient.Client, bool) + Subscriptions() *subscriptions.Repository +} + +func NewDownloadHandler() Handler { + return NewHandler(Meta{ + Name: "download", + Description: "Manage monitored movies and series in Arr.", + Usage: " [...]", + }, func(ctx *Context) { + if len(ctx.Args) < 2 { + ctx.Reply("Usage: `download [...]`") + return + } + + contentType, err := arr.ParseContentType(ctx.Args[1]) + if err != nil { + ctx.Reply(err.Error()) + return + } + + client, ok := contentClient(ctx, contentType) + if !ok { + ctx.Reply("No %s client is configured yet.", contentType.Label()) + return + } + + switch strings.ToLower(ctx.Args[0]) { + case "list": + handleDownloadList(ctx, client, contentType) + case "search": + handleDownloadSearch(ctx, client, contentType) + case "add": + handleDownloadAdd(ctx, client, contentType) + case "monitor": + handleDownloadMonitor(ctx, client, contentType) + case "remove": + handleDownloadRemove(ctx, client, contentType) + default: + ctx.Reply("Unknown download subcommand `%s`.", ctx.Args[0]) + } + }) +} + +func handleDownloadList(ctx *Context, client arrclient.Client, contentType arr.ContentType) { + query := strings.TrimSpace(strings.Join(ctx.Args[2:], " ")) + items, err := client.List(ctx.Ctx, query) + if err != nil { + ctx.Reply("Failed to list %s: %v", contentType.Label(), err) + return + } + if len(items) == 0 { + if query == "" { + ctx.Reply("No monitored %s are currently tracked.", contentType.Label()) + } else { + ctx.Reply("No %s matched `%s`.", contentType.Label(), query) + } + return + } + + var builder strings.Builder + builder.WriteString(fmt.Sprintf("Tracked %s:\n", contentType.Label())) + for i, item := range items { + if i == 10 { + builder.WriteString("…\n") + break + } + builder.WriteString(fmt.Sprintf("- `%d` %s — monitored=%t\n", item.ID, formatManagedItem(item), item.Monitored)) + } + ctx.Reply(builder.String()) +} + +func handleDownloadSearch(ctx *Context, client arrclient.Client, contentType arr.ContentType) { + query := strings.TrimSpace(strings.Join(ctx.Args[2:], " ")) + if query == "" { + ctx.Reply("Usage: `download search %s `", contentType.Label()) + return + } + results, err := client.Search(ctx.Ctx, query) + if err != nil { + ctx.Reply("Failed to search %s: %v", contentType.Label(), err) + return + } + replyWithSearchResults(ctx, contentType, query, results) +} + +func handleDownloadAdd(ctx *Context, client arrclient.Client, contentType arr.ContentType) { + query := strings.TrimSpace(strings.Join(ctx.Args[2:], " ")) + if query == "" { + ctx.Reply("Usage: `download add %s `", contentType.Label()) + return + } + results, err := client.Search(ctx.Ctx, query) + if err != nil { + ctx.Reply("Failed to search %s: %v", contentType.Label(), err) + return + } + result, err := arrclient.PickSingleResult(results, query) + if err != nil { + replyWithSearchResults(ctx, contentType, query, results) + return + } + item, err := client.Add(ctx.Ctx, result) + if err != nil { + ctx.Reply("Failed to add %s: %v", contentType.Label(), err) + return + } + ctx.Reply("Added %s to %s with id `%d`.", formatManagedItem(*item), contentType.Label(), item.ID) +} + +func handleDownloadMonitor(ctx *Context, client arrclient.Client, contentType arr.ContentType) { + if len(ctx.Args) < 4 { + ctx.Reply("Usage: `download monitor %s `", contentType.Label()) + return + } + itemID, err := strconv.ParseInt(ctx.Args[2], 10, 64) + if err != nil { + ctx.Reply("Invalid %s id `%s`.", contentType.Label(), ctx.Args[2]) + return + } + + state, err := parseEnabled(ctx.Args[3]) + if err != nil { + ctx.Reply(err.Error()) + return + } + item, err := client.SetMonitored(ctx.Ctx, itemID, state) + if err != nil { + ctx.Reply("Failed to update %s monitoring: %v", contentType.Label(), err) + return + } + ctx.Reply("%s is now monitored=%t.", formatManagedItem(*item), item.Monitored) +} + +func handleDownloadRemove(ctx *Context, client arrclient.Client, contentType arr.ContentType) { + if len(ctx.Args) < 3 { + ctx.Reply("Usage: `download remove %s `", contentType.Label()) + return + } + itemID, err := strconv.ParseInt(ctx.Args[2], 10, 64) + if err != nil { + ctx.Reply("Invalid %s id `%s`.", contentType.Label(), ctx.Args[2]) + return + } + if err = client.Delete(ctx.Ctx, itemID); err != nil { + ctx.Reply("Failed to remove %s: %v", contentType.Label(), err) + return + } + ctx.Reply("Removed `%d` from %s.", itemID, contentType.Label()) +} + +func contentClient(ctx *Context, contentType arr.ContentType) (arrclient.Client, bool) { + provider, ok := ctx.Bridge.Network.(commandServiceProvider) + if !ok { + return nil, false + } + return provider.ContentClient(contentType) +} + +func contentSubscriptions(ctx *Context) *subscriptions.Repository { + provider, ok := ctx.Bridge.Network.(commandServiceProvider) + if !ok { + return nil + } + return provider.Subscriptions() +} + +func replyWithSearchResults(ctx *Context, contentType arr.ContentType, query string, results []arrclient.SearchResult) { + if len(results) == 0 { + ctx.Reply("No %s matched `%s`.", contentType.Label(), query) + return + } + + var builder strings.Builder + builder.WriteString(fmt.Sprintf("Search results for `%s` in %s:\n", query, contentType.Label())) + for i, result := range results { + if i == 8 { + builder.WriteString("…\n") + break + } + builder.WriteString(fmt.Sprintf("- `%d` %s\n", result.LookupID, arrclient.FormatSearchResult(result))) + } + builder.WriteString(fmt.Sprintf("\nRefine the query and rerun `download add %s ` until only one match remains.", contentType.Label())) + ctx.Reply(builder.String()) +} + +func formatManagedItem(item arrclient.ManagedItem) string { + if item.Year != 0 { + return fmt.Sprintf("%s (%d)", item.Title, item.Year) + } + return item.Title +} + +func parseEnabled(value string) (bool, error) { + switch strings.ToLower(strings.TrimSpace(value)) { + case "on", "true", "yes", "enabled": + return true, nil + case "off", "false", "no", "disabled": + return false, nil + default: + return false, fmt.Errorf("expected `on` or `off`, got `%s`", value) + } +} + +func userIDString(userID id.UserID) string { + return userID.String() +} diff --git a/packages/arrtrix/pkg/matrixcmd/help_test.go b/packages/arrtrix/pkg/matrixcmd/help_test.go index b5b325b..73fed6d 100644 --- a/packages/arrtrix/pkg/matrixcmd/help_test.go +++ b/packages/arrtrix/pkg/matrixcmd/help_test.go @@ -32,7 +32,9 @@ func TestFormatHelpManagementRoom(t *testing.T) { for _, fragment := range []string{ "prefixing commands with `!arr` is not required", + "**download** [...] - Manage monitored movies and series in Arr.", "**help** - Show this help message.", + "**subscriptions** [movies|series] [event-type|all] - Manage notification subscriptions by content type and event type.", "Extra help text.", } { if !strings.Contains(out, fragment) { diff --git a/packages/arrtrix/pkg/matrixcmd/processor.go b/packages/arrtrix/pkg/matrixcmd/processor.go index a4f15df..78915ea 100644 --- a/packages/arrtrix/pkg/matrixcmd/processor.go +++ b/packages/arrtrix/pkg/matrixcmd/processor.go @@ -87,6 +87,8 @@ func NewProcessor(bridge *bridgev2.Bridge, texts bridgeconfig.ManagementRoomText alias: make(map[string]string), } proc.Add(NewHelpHandler(proc)) + proc.Add(NewDownloadHandler()) + proc.Add(NewSubscriptionsHandler()) return proc } diff --git a/packages/arrtrix/pkg/matrixcmd/subscriptions.go b/packages/arrtrix/pkg/matrixcmd/subscriptions.go new file mode 100644 index 0000000..ed1a11f --- /dev/null +++ b/packages/arrtrix/pkg/matrixcmd/subscriptions.go @@ -0,0 +1,107 @@ +package matrixcmd + +import ( + "context" + "fmt" + "strings" + + "maunium.net/go/mautrix/id" + + "sneeuwvlok/packages/arrtrix/pkg/arr" + "sneeuwvlok/packages/arrtrix/pkg/subscriptions" +) + +func NewSubscriptionsHandler() Handler { + return NewHandler(Meta{ + Name: "subscriptions", + Aliases: []string{"subscription", "notify"}, + Description: "Manage notification subscriptions by content type and event type.", + Usage: " [movies|series] [event-type|all]", + }, func(ctx *Context) { + repo := contentSubscriptions(ctx) + if repo == nil { + ctx.Reply("Subscription storage is not available.") + return + } + if len(ctx.Args) == 0 || strings.EqualFold(ctx.Args[0], "list") { + handleSubscriptionList(ctx, repo) + return + } + if len(ctx.Args) < 3 { + ctx.Reply("Usage: `subscriptions `") + return + } + + contentType, err := arr.ParseContentType(ctx.Args[1]) + if err != nil { + ctx.Reply(err.Error()) + return + } + eventType, err := arr.ParseEventType(contentType, ctx.Args[2]) + if err != nil { + ctx.Reply(err.Error()) + return + } + + switch strings.ToLower(ctx.Args[0]) { + case "enable": + handleSubscriptionSet(ctx, repo, contentType, eventType, true) + case "disable": + handleSubscriptionSet(ctx, repo, contentType, eventType, false) + default: + ctx.Reply("Unknown subscriptions subcommand `%s`.", ctx.Args[0]) + } + }) +} + +func handleSubscriptionList(ctx *Context, repo subscriptionRepo) { + preferences, err := repo.List(ctx.Ctx, ctx.User.MXID) + if err != nil { + ctx.Reply("Failed to load subscriptions: %v", err) + return + } + + var builder strings.Builder + builder.WriteString("Current notification subscriptions:\n") + for _, contentType := range arr.SupportedContentTypes() { + builder.WriteString(fmt.Sprintf("\n**%s**\n", strings.Title(contentType.Label()))) + for _, eventType := range arr.SupportedEventTypes(contentType) { + enabled := findPreference(preferences, contentType, eventType) + builder.WriteString(fmt.Sprintf("- `%s`: %t\n", eventType, enabled)) + } + } + ctx.Reply(builder.String()) +} + +func handleSubscriptionSet(ctx *Context, repo subscriptionRepo, contentType arr.ContentType, eventType string, enabled bool) { + var err error + if eventType == "all" { + err = repo.SetAll(ctx.Ctx, ctx.User.MXID, contentType, enabled) + } else { + err = repo.Set(ctx.Ctx, ctx.User.MXID, contentType, eventType, enabled) + } + if err != nil { + ctx.Reply("Failed to update subscriptions: %v", err) + return + } + if eventType == "all" { + ctx.Reply("Set all `%s` notifications for %s to %t.", contentType.Label(), userIDString(ctx.User.MXID), enabled) + return + } + ctx.Reply("Set `%s/%s` notifications to %t.", contentType.Label(), eventType, enabled) +} + +type subscriptionRepo interface { + List(ctx context.Context, userID id.UserID) ([]subscriptions.Preference, error) + Set(ctx context.Context, userID id.UserID, contentType arr.ContentType, eventType string, enabled bool) error + SetAll(ctx context.Context, userID id.UserID, contentType arr.ContentType, enabled bool) error +} + +func findPreference(preferences []subscriptions.Preference, contentType arr.ContentType, eventType string) bool { + for _, preference := range preferences { + if preference.ContentType == contentType && preference.EventType == eventType { + return preference.Enabled + } + } + return true +} diff --git a/packages/arrtrix/pkg/runtime/main.go b/packages/arrtrix/pkg/runtime/main.go index 5352c54..c685706 100644 --- a/packages/arrtrix/pkg/runtime/main.go +++ b/packages/arrtrix/pkg/runtime/main.go @@ -34,6 +34,7 @@ import ( "sneeuwvlok/packages/arrtrix/pkg/matrixcmd" "sneeuwvlok/packages/arrtrix/pkg/observability" "sneeuwvlok/packages/arrtrix/pkg/onboarding" + "sneeuwvlok/packages/arrtrix/pkg/subscriptions" ) var configPath = flag.MakeFull("c", "config", "The path to your config file.", "config.yaml").String() @@ -305,6 +306,10 @@ func (m *Main) Init() { Msg("Initializing bridge") m.initDB() + if err = subscriptions.EnsureSchema(ctx, m.DB); err != nil { + m.Log.WithLevel(zerolog.FatalLevel).Err(err).Msg("Failed to initialize subscription schema") + os.Exit(14) + } m.Matrix = matrix.NewConnector(m.Config) m.Matrix.OnWebsocketReplaced = func() { m.TriggerStop(0) diff --git a/packages/arrtrix/pkg/subscriptions/repo.go b/packages/arrtrix/pkg/subscriptions/repo.go new file mode 100644 index 0000000..85c6b57 --- /dev/null +++ b/packages/arrtrix/pkg/subscriptions/repo.go @@ -0,0 +1,141 @@ +package subscriptions + +import ( + "context" + "fmt" + + "go.mau.fi/util/dbutil" + "maunium.net/go/mautrix/id" + + "sneeuwvlok/packages/arrtrix/pkg/arr" +) + +type Preference struct { + ContentType arr.ContentType + EventType string + Enabled bool +} + +type Repository struct { + db *dbutil.Database + bridgeID string +} + +func EnsureSchema(ctx context.Context, db *dbutil.Database) error { + _, err := db.Exec(ctx, ` + CREATE TABLE IF NOT EXISTS arrtrix_subscription ( + bridge_id TEXT NOT NULL, + user_mxid TEXT NOT NULL, + content_type TEXT NOT NULL, + event_type TEXT NOT NULL, + enabled BOOLEAN NOT NULL, + PRIMARY KEY (bridge_id, user_mxid, content_type, event_type) + ) + `) + return err +} + +func NewRepository(db *dbutil.Database, bridgeID string) *Repository { + return &Repository{db: db, bridgeID: bridgeID} +} + +func (r *Repository) EnsureDefaults(ctx context.Context, userID id.UserID) error { + var existing int + if err := r.db.QueryRow(ctx, `SELECT COUNT(*) FROM arrtrix_subscription WHERE bridge_id=$1 AND user_mxid=$2`, r.bridgeID, userID.String()).Scan(&existing); err != nil { + return err + } + if existing > 0 { + return nil + } + + for _, contentType := range arr.SupportedContentTypes() { + for _, eventType := range arr.SupportedEventTypes(contentType) { + if _, err := r.db.Exec(ctx, ` + INSERT INTO arrtrix_subscription (bridge_id, user_mxid, content_type, event_type, enabled) + VALUES ($1, $2, $3, $4, TRUE) + `, r.bridgeID, userID.String(), string(contentType), eventType); err != nil { + return err + } + } + } + return nil +} + +func (r *Repository) List(ctx context.Context, userID id.UserID) ([]Preference, error) { + if err := r.EnsureDefaults(ctx, userID); err != nil { + return nil, err + } + + rows, err := r.db.Query(ctx, ` + SELECT content_type, event_type, enabled + FROM arrtrix_subscription + WHERE bridge_id=$1 AND user_mxid=$2 + ORDER BY content_type, event_type + `, r.bridgeID, userID.String()) + if err != nil { + return nil, err + } + defer rows.Close() + + var preferences []Preference + for rows.Next() { + var contentType string + var preference Preference + if err = rows.Scan(&contentType, &preference.EventType, &preference.Enabled); err != nil { + return nil, err + } + preference.ContentType = arr.ContentType(contentType) + preferences = append(preferences, preference) + } + if err = rows.Err(); err != nil { + return nil, err + } + return preferences, nil +} + +func (r *Repository) Set(ctx context.Context, userID id.UserID, contentType arr.ContentType, eventType string, enabled bool) error { + if err := r.EnsureDefaults(ctx, userID); err != nil { + return err + } + if _, err := r.db.Exec(ctx, ` + INSERT INTO arrtrix_subscription (bridge_id, user_mxid, content_type, event_type, enabled) + VALUES ($1, $2, $3, $4, $5) + ON CONFLICT (bridge_id, user_mxid, content_type, event_type) + DO UPDATE SET enabled=excluded.enabled + `, r.bridgeID, userID.String(), string(contentType), eventType, enabled); err != nil { + return err + } + return nil +} + +func (r *Repository) SetAll(ctx context.Context, userID id.UserID, contentType arr.ContentType, enabled bool) error { + if err := r.EnsureDefaults(ctx, userID); err != nil { + return err + } + for _, eventType := range arr.SupportedEventTypes(contentType) { + if err := r.Set(ctx, userID, contentType, eventType, enabled); err != nil { + return err + } + } + return nil +} + +func (r *Repository) Allows(ctx context.Context, userID id.UserID, contentType arr.ContentType, eventType string) (bool, error) { + if !arr.SupportsEventType(contentType, eventType) { + return true, nil + } + if err := r.EnsureDefaults(ctx, userID); err != nil { + return false, err + } + + var enabled bool + err := r.db.QueryRow(ctx, ` + SELECT enabled + FROM arrtrix_subscription + WHERE bridge_id=$1 AND user_mxid=$2 AND content_type=$3 AND event_type=$4 + `, r.bridgeID, userID.String(), string(contentType), eventType).Scan(&enabled) + if err != nil { + return false, fmt.Errorf("query subscription: %w", err) + } + return enabled, nil +} diff --git a/packages/arrtrix/pkg/webhook/arr.go b/packages/arrtrix/pkg/webhook/arr.go index eb7540c..5446825 100644 --- a/packages/arrtrix/pkg/webhook/arr.go +++ b/packages/arrtrix/pkg/webhook/arr.go @@ -17,6 +17,7 @@ import ( "maunium.net/go/mautrix/format" "maunium.net/go/mautrix/id" + "sneeuwvlok/packages/arrtrix/pkg/arr" "sneeuwvlok/packages/arrtrix/pkg/observability" ) @@ -28,10 +29,13 @@ var ( ) type payload struct { - EventType string `json:"eventType"` - Movie *movie `json:"movie"` - MovieFile *movieFile `json:"movieFile"` - IsUpgrade bool `json:"isUpgrade"` + EventType string `json:"eventType"` + Movie *movie `json:"movie"` + MovieFile *movieFile `json:"movieFile"` + Series *series `json:"series"` + Episodes []episode `json:"episodes"` + EpisodeFile *episodeFile `json:"episodeFile"` + IsUpgrade bool `json:"isUpgrade"` } type movie struct { @@ -49,26 +53,55 @@ type movieFile struct { ReleaseGroup string `json:"releaseGroup"` } +type series struct { + Title string `json:"title"` + Year int `json:"year"` + Path string `json:"path"` +} + +type episode struct { + SeasonNumber int `json:"seasonNumber"` + EpisodeNumber int `json:"episodeNumber"` + Title string `json:"title"` +} + +type episodeFile struct { + Quality string `json:"quality"` + RelativePath string `json:"relativePath"` + SceneName string `json:"sceneName"` +} + +type managementTarget struct { + UserID id.UserID + RoomID id.RoomID +} + type roomResolver interface { - ResolveManagementRoom(context.Context) (id.RoomID, error) + ResolveManagementRoom(context.Context) (managementTarget, error) } type noticeSender interface { SendNotice(context.Context, id.RoomID, string) error } -type ArrHandler struct { - resolver roomResolver - sender noticeSender +type SubscriptionFilter interface { + Allows(context.Context, id.UserID, arr.ContentType, string) (bool, error) } -func MountArr(router *http.ServeMux, bridge *bridgev2.Bridge) error { +type ArrHandler struct { + resolver roomResolver + sender noticeSender + subscriptions SubscriptionFilter +} + +func MountArr(router *http.ServeMux, bridge *bridgev2.Bridge, subscriptions SubscriptionFilter) error { if bridge == nil { return fmt.Errorf("bridge is not initialized") } handler := &ArrHandler{ - resolver: bridgeRoomResolver{bridge: bridge}, - sender: bridgeNoticeSender{bridge: bridge}, + resolver: bridgeRoomResolver{bridge: bridge}, + sender: bridgeNoticeSender{bridge: bridge}, + subscriptions: subscriptions, } router.Handle(fmt.Sprintf("POST %s", ArrWebhookPath), handler) return nil @@ -109,7 +142,7 @@ func (h *ArrHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { attribute.String("http.route", ArrWebhookPath), ) - roomID, err := h.resolver.ResolveManagementRoom(ctx) + target, err := h.resolver.ResolveManagementRoom(ctx) if err != nil { statusCode = http.StatusInternalServerError outcome = "resolve_failed" @@ -123,7 +156,26 @@ func (h *ArrHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } - if err = h.sender.SendNotice(ctx, roomID, renderNotice(body)); err != nil { + contentType, ok := body.ContentType() + if ok && h.subscriptions != nil { + allowed, filterErr := h.subscriptions.Allows(ctx, target.UserID, contentType, body.EventType) + if filterErr != nil { + statusCode = http.StatusInternalServerError + outcome = "subscription_check_failed" + span.RecordError(filterErr) + span.SetStatus(codes.Error, filterErr.Error()) + http.Error(w, "failed to evaluate subscriptions", statusCode) + return + } + if !allowed { + outcome = "filtered" + span.SetStatus(codes.Ok, "filtered") + w.WriteHeader(statusCode) + return + } + } + + if err = h.sender.SendNotice(ctx, target.RoomID, renderNotice(body)); err != nil { statusCode = http.StatusBadGateway outcome = "delivery_failed" span.RecordError(err) @@ -140,7 +192,7 @@ type bridgeRoomResolver struct { bridge *bridgev2.Bridge } -func (r bridgeRoomResolver) ResolveManagementRoom(ctx context.Context) (id.RoomID, error) { +func (r bridgeRoomResolver) ResolveManagementRoom(ctx context.Context) (managementTarget, error) { ctx, span := observability.StartSpan(ctx, "arrtrix.webhook.resolve_management_room") defer span.End() @@ -148,42 +200,45 @@ func (r bridgeRoomResolver) ResolveManagementRoom(ctx context.Context) (id.RoomI if err != nil { span.RecordError(err) span.SetStatus(codes.Error, err.Error()) - return "", fmt.Errorf("failed to query management rooms: %w", err) + return managementTarget{}, fmt.Errorf("failed to query management rooms: %w", err) } defer rows.Close() - var roomID id.RoomID + var target managementTarget var owners []id.UserID for rows.Next() { var mxid, managementRoom string if err = rows.Scan(&mxid, &managementRoom); err != nil { span.RecordError(err) span.SetStatus(codes.Error, err.Error()) - return "", fmt.Errorf("failed to scan management room: %w", err) + return managementTarget{}, fmt.Errorf("failed to scan management room: %w", err) } owners = append(owners, id.UserID(mxid)) - if roomID == "" { - roomID = id.RoomID(managementRoom) + if target.RoomID == "" { + target = managementTarget{ + UserID: id.UserID(mxid), + RoomID: id.RoomID(managementRoom), + } } } if err = rows.Err(); err != nil { span.RecordError(err) span.SetStatus(codes.Error, err.Error()) - return "", fmt.Errorf("failed to iterate management rooms: %w", err) + return managementTarget{}, fmt.Errorf("failed to iterate management rooms: %w", err) } switch len(owners) { case 0: span.SetStatus(codes.Error, ErrNoManagementRoom.Error()) - return "", ErrNoManagementRoom + return managementTarget{}, ErrNoManagementRoom case 1: span.SetAttributes(attribute.Int("arrtrix.management_room.count", 1)) span.SetStatus(codes.Ok, "") - return roomID, nil + return target, nil default: span.SetAttributes(attribute.Int("arrtrix.management_room.count", len(owners))) span.SetStatus(codes.Error, ErrAmbiguousManagementRoom.Error()) - return "", fmt.Errorf("%w: %s", ErrAmbiguousManagementRoom, strings.Join(convertUserIDs(owners), ", ")) + return managementTarget{}, fmt.Errorf("%w: %s", ErrAmbiguousManagementRoom, strings.Join(convertUserIDs(owners), ", ")) } } @@ -213,30 +268,48 @@ func (s bridgeNoticeSender) SendNotice(ctx context.Context, roomID id.RoomID, ma } func renderNotice(body payload) string { - title := "Arr" - if body.Movie != nil { - title = body.Movie.Title + lines := []string{fmt.Sprintf("**Arr %s**", body.EventType)} + + switch contentType, ok := body.ContentType(); { + case ok && contentType == arr.ContentTypeMovies: + title := body.Movie.Title if body.Movie.Year != 0 { title = fmt.Sprintf("%s (%d)", title, body.Movie.Year) } + lines = append(lines, fmt.Sprintf("Movie: %s", title)) + if body.MovieFile != nil && body.MovieFile.Quality != "" { + lines = append(lines, fmt.Sprintf("Quality: %s", body.MovieFile.Quality)) + } + if body.MovieFile != nil && body.MovieFile.RelativePath != "" { + lines = append(lines, fmt.Sprintf("File: `%s`", body.MovieFile.RelativePath)) + } + if body.EventType == "Download" { + lines = append(lines, fmt.Sprintf("Upgrade: %t", body.IsUpgrade)) + } + if body.Movie.ImdbID != "" { + lines = append(lines, fmt.Sprintf("IMDb: `%s`", body.Movie.ImdbID)) + } + case ok && contentType == arr.ContentTypeSeries: + title := body.Series.Title + if body.Series.Year != 0 { + title = fmt.Sprintf("%s (%d)", title, body.Series.Year) + } + lines = append(lines, fmt.Sprintf("Series: %s", title)) + if len(body.Episodes) > 0 { + lines = append(lines, fmt.Sprintf("Episodes: %s", renderEpisodes(body.Episodes))) + } + if body.EpisodeFile != nil && body.EpisodeFile.Quality != "" { + lines = append(lines, fmt.Sprintf("Quality: %s", body.EpisodeFile.Quality)) + } + if body.EpisodeFile != nil && body.EpisodeFile.RelativePath != "" { + lines = append(lines, fmt.Sprintf("File: `%s`", body.EpisodeFile.RelativePath)) + } + default: + if body.EventType != "Test" { + lines = append(lines, "Payload received.") + } } - lines := []string{fmt.Sprintf("**Arr %s**", body.EventType)} - if title != "Arr" { - lines = append(lines, fmt.Sprintf("Movie: %s", title)) - } - if body.MovieFile != nil && body.MovieFile.Quality != "" { - lines = append(lines, fmt.Sprintf("Quality: %s", body.MovieFile.Quality)) - } - if body.MovieFile != nil && body.MovieFile.RelativePath != "" { - lines = append(lines, fmt.Sprintf("File: `%s`", body.MovieFile.RelativePath)) - } - if body.EventType == "Download" { - lines = append(lines, fmt.Sprintf("Upgrade: %t", body.IsUpgrade)) - } - if body.Movie != nil && body.Movie.ImdbID != "" { - lines = append(lines, fmt.Sprintf("IMDb: `%s`", body.Movie.ImdbID)) - } return strings.Join(lines, "\n") } @@ -251,3 +324,26 @@ func convertUserIDs(users []id.UserID) []string { var _ roomResolver = bridgeRoomResolver{} var _ noticeSender = bridgeNoticeSender{} var _ http.Handler = (*ArrHandler)(nil) + +func (p payload) ContentType() (arr.ContentType, bool) { + switch { + case p.Movie != nil: + return arr.ContentTypeMovies, true + case p.Series != nil: + return arr.ContentTypeSeries, true + default: + return "", false + } +} + +func renderEpisodes(episodes []episode) string { + parts := make([]string, 0, len(episodes)) + for _, item := range episodes { + if item.Title != "" { + parts = append(parts, fmt.Sprintf("S%02dE%02d %s", item.SeasonNumber, item.EpisodeNumber, item.Title)) + continue + } + parts = append(parts, fmt.Sprintf("S%02dE%02d", item.SeasonNumber, item.EpisodeNumber)) + } + return strings.Join(parts, ", ") +} diff --git a/packages/arrtrix/pkg/webhook/arr_test.go b/packages/arrtrix/pkg/webhook/arr_test.go index b7ac511..246df72 100644 --- a/packages/arrtrix/pkg/webhook/arr_test.go +++ b/packages/arrtrix/pkg/webhook/arr_test.go @@ -12,12 +12,12 @@ import ( ) type stubRoomResolver struct { - roomID id.RoomID + target managementTarget err error } -func (s stubRoomResolver) ResolveManagementRoom(context.Context) (id.RoomID, error) { - return s.roomID, s.err +func (s stubRoomResolver) ResolveManagementRoom(context.Context) (managementTarget, error) { + return s.target, s.err } type stubNoticeSender struct { @@ -34,7 +34,7 @@ func (s *stubNoticeSender) SendNotice(_ context.Context, roomID id.RoomID, messa func TestMountArrRequiresBridge(t *testing.T) { router := http.NewServeMux() - if err := MountArr(router, nil); err == nil { + if err := MountArr(router, nil, nil); err == nil { t.Fatal("expected nil bridge to fail") } } @@ -42,7 +42,7 @@ func TestMountArrRequiresBridge(t *testing.T) { func TestArrHandlerDeliversNotice(t *testing.T) { sender := &stubNoticeSender{} handler := &ArrHandler{ - resolver: stubRoomResolver{roomID: "!room:test"}, + resolver: stubRoomResolver{target: managementTarget{UserID: "@user:test", RoomID: "!room:test"}}, sender: sender, } @@ -85,7 +85,7 @@ func TestRenderNoticeForTestEvent(t *testing.T) { func TestArrHandlerReturnsBadGatewayOnSendFailure(t *testing.T) { handler := &ArrHandler{ - resolver: stubRoomResolver{roomID: "!room:test"}, + resolver: stubRoomResolver{target: managementTarget{UserID: "@user:test", RoomID: "!room:test"}}, sender: &stubNoticeSender{err: errors.New("send failed")}, } @@ -100,7 +100,7 @@ func TestArrHandlerReturnsBadGatewayOnSendFailure(t *testing.T) { func TestArrHandlerRejectsMissingEventType(t *testing.T) { handler := &ArrHandler{ - resolver: stubRoomResolver{roomID: "!room:test"}, + resolver: stubRoomResolver{target: managementTarget{UserID: "@user:test", RoomID: "!room:test"}}, sender: &stubNoticeSender{}, } diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 57f57d3..18c5751 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -146,7 +146,7 @@ }; grafana = { - redirectUris = ["http://localhost:9001/login/generic_oauth"]; + redirectUris = ["http://localhost:9100/login/generic_oauth"]; grantTypes = ["authorizationCode"]; responseTypes = ["code"]; }; From be2843ca8026046671318f9e9f7134365cd70e79 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 16 Apr 2026 11:00:38 +0200 Subject: [PATCH 56/58] . --- modules/nixos/services/media/default.nix | 2 +- .../nixos/services/media/mydia/default.nix | 4 +-- .../nixos/services/media/servarr/default.nix | 10 +++--- .../services/observability/alloy/default.nix | 8 ++--- .../observability/grafana/default.nix | 8 ++--- .../services/observability/loki/default.nix | 4 +-- .../observability/prometheus/default.nix | 12 +++---- .../observability/promtail/default.nix | 6 ++-- .../services/observability/tempo/default.nix | 8 ++--- .../observability/uptime-kuma/default.nix | 4 +-- .../nixos/temp/services/arrtrix/default.nix | 20 ++++++++++++ packages/arrtrix/pkg/arr/catalog_test.go | 23 ++++++++++++++ packages/arrtrix/pkg/connector/config_test.go | 23 ++++++++++++++ packages/arrtrix/pkg/matrixcmd/help_test.go | 2 ++ packages/arrtrix/pkg/webhook/arr_test.go | 31 +++++++++++++++++++ shells/default/default.nix | 1 + systems/x86_64-linux/ulmo/default.nix | 12 +++---- .../ulmo/lidarr/api_key/machines/ulmo | 1 + .../ulmo/lidarr/api_key/users/chris | 1 + .../ulmo/lidarr/config.env/machines/ulmo | 1 + .../ulmo/lidarr/config.env/users/chris | 1 + .../ulmo/postgresql/.pgpass/machines/ulmo | 1 + .../ulmo/postgresql/.pgpass/users/chris | 1 + .../ulmo/postgresql/lidarr_hash/users/chris | 1 + .../postgresql/lidarr_password/users/chris | 1 + .../ulmo/postgresql/prowlarr_hash/users/chris | 1 + .../postgresql/prowlarr_password/users/chris | 1 + .../ulmo/postgresql/radarr_hash/users/chris | 1 + .../postgresql/radarr_password/users/chris | 1 + .../ulmo/postgresql/server.crt/machines/ulmo | 1 + .../ulmo/postgresql/server.crt/users/chris | 1 + .../ulmo/postgresql/server.key/machines/ulmo | 1 + .../ulmo/postgresql/server.key/users/chris | 1 + .../ulmo/postgresql/sonarr_hash/users/chris | 1 + .../postgresql/sonarr_password/users/chris | 1 + .../ulmo/prowlarr/api_key/machines/ulmo | 1 + .../ulmo/prowlarr/api_key/users/chris | 1 + .../ulmo/prowlarr/config.env/machines/ulmo | 1 + .../ulmo/prowlarr/config.env/users/chris | 1 + .../ulmo/qbittorrent/password/machines/ulmo | 1 + .../ulmo/qbittorrent/password/users/chris | 1 + .../qbittorrent/password_hash/machines/ulmo | 1 + .../qbittorrent/password_hash/users/chris | 1 + .../qBittorrent.conf/machines/ulmo | 1 + .../qbittorrent/qBittorrent.conf/users/chris | 1 + .../ulmo/radarr/api_key/machines/ulmo | 1 + .../ulmo/radarr/api_key/users/chris | 1 + .../ulmo/radarr/config.env/machines/ulmo | 1 + .../ulmo/radarr/config.env/users/chris | 1 + .../ulmo/sabnzbd/api_key/machines/ulmo | 1 + .../ulmo/sabnzbd/api_key/users/chris | 1 + .../ulmo/sabnzbd/config.ini/machines/ulmo | 1 + .../ulmo/sabnzbd/config.ini/users/chris | 1 + .../ulmo/sabnzbd/nzb_key/machines/ulmo | 1 + .../ulmo/sabnzbd/nzb_key/users/chris | 1 + .../ulmo/sabnzbd/password/machines/ulmo | 1 + .../ulmo/sabnzbd/password/users/chris | 1 + .../ulmo/sabnzbd/username/machines/ulmo | 1 + .../ulmo/sabnzbd/username/users/chris | 1 + .../ulmo/servarr/config.tfvars/machines/ulmo | 1 + .../ulmo/servarr/config.tfvars/users/chris | 1 + .../ulmo/sonarr/api_key/machines/ulmo | 1 + .../ulmo/sonarr/api_key/users/chris | 1 + .../ulmo/sonarr/config.env/machines/ulmo | 1 + .../ulmo/sonarr/config.env/users/chris | 1 + 65 files changed, 187 insertions(+), 39 deletions(-) create mode 100644 packages/arrtrix/pkg/arr/catalog_test.go create mode 100644 packages/arrtrix/pkg/connector/config_test.go create mode 120000 vars/per-machine/ulmo/lidarr/api_key/machines/ulmo create mode 120000 vars/per-machine/ulmo/lidarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/lidarr/config.env/machines/ulmo create mode 120000 vars/per-machine/ulmo/lidarr/config.env/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo create mode 120000 vars/per-machine/ulmo/postgresql/.pgpass/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/lidarr_password/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/radarr_hash/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/radarr_password/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo create mode 120000 vars/per-machine/ulmo/postgresql/server.crt/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/server.key/machines/ulmo create mode 120000 vars/per-machine/ulmo/postgresql/server.key/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris create mode 120000 vars/per-machine/ulmo/postgresql/sonarr_password/users/chris create mode 120000 vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo create mode 120000 vars/per-machine/ulmo/prowlarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo create mode 120000 vars/per-machine/ulmo/prowlarr/config.env/users/chris create mode 120000 vars/per-machine/ulmo/qbittorrent/password/machines/ulmo create mode 120000 vars/per-machine/ulmo/qbittorrent/password/users/chris create mode 120000 vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo create mode 120000 vars/per-machine/ulmo/qbittorrent/password_hash/users/chris create mode 120000 vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo create mode 120000 vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris create mode 120000 vars/per-machine/ulmo/radarr/api_key/machines/ulmo create mode 120000 vars/per-machine/ulmo/radarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/radarr/config.env/machines/ulmo create mode 120000 vars/per-machine/ulmo/radarr/config.env/users/chris create mode 120000 vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo create mode 120000 vars/per-machine/ulmo/sabnzbd/api_key/users/chris create mode 120000 vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo create mode 120000 vars/per-machine/ulmo/sabnzbd/config.ini/users/chris create mode 120000 vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo create mode 120000 vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris create mode 120000 vars/per-machine/ulmo/sabnzbd/password/machines/ulmo create mode 120000 vars/per-machine/ulmo/sabnzbd/password/users/chris create mode 120000 vars/per-machine/ulmo/sabnzbd/username/machines/ulmo create mode 120000 vars/per-machine/ulmo/sabnzbd/username/users/chris create mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo create mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/users/chris create mode 120000 vars/per-machine/ulmo/sonarr/api_key/machines/ulmo create mode 120000 vars/per-machine/ulmo/sonarr/api_key/users/chris create mode 120000 vars/per-machine/ulmo/sonarr/config.env/machines/ulmo create mode 120000 vars/per-machine/ulmo/sonarr/config.env/users/chris diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index c10a08e..900eee4 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -64,7 +64,7 @@ in { openFirewall = true; user = cfg.user; group = cfg.group; - listenPort = 2005; + listenPort = 2050; }; postgresql = { diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix index 7e082a3..9044c2e 100644 --- a/modules/nixos/services/media/mydia/default.nix +++ b/modules/nixos/services/media/mydia/default.nix @@ -22,7 +22,7 @@ in { services.mydia = { enable = true; - port = 2010; + port = 2100; listenAddress = "0.0.0.0"; openFirewall = true; @@ -54,7 +54,7 @@ in { qbittorrent = { type = "qbittorrent"; host = "localhost"; - port = 2008; + port = 2080; username = "admin"; passwordFile = config.sops.secrets."mydia/qbittorrent_password".path; useSsl = false; diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 47461ef..18932b1 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -79,7 +79,7 @@ in { qbittorrent = { enable = true; openFirewall = true; - webuiPort = 2008; + webuiPort = 2080; serverConfig = lib.mkForce {}; user = "qbittorrent"; @@ -100,7 +100,7 @@ in { settings = { misc = { host = "0.0.0.0"; - port = 2009; + port = 2090; host_whitelist = "${config.networking.hostName}"; permissions = "770"; @@ -126,7 +126,7 @@ in { flaresolverr = { enable = true; openFirewall = true; - port = 2007; + port = 2070; }; postgresql = let @@ -239,7 +239,7 @@ in { username = "admin"; password = lib.tfRef "var.qbittorrent_api_key"; url_base = "/"; - port = 2008; + port = 2080; }; }; @@ -251,7 +251,7 @@ in { host = "localhost"; api_key = lib.tfRef "var.sabnzbd_api_key"; url_base = "/"; - port = 2009; + port = 2090; }; }; } diff --git a/modules/nixos/services/observability/alloy/default.nix b/modules/nixos/services/observability/alloy/default.nix index 4b6d787..c6f5cac 100644 --- a/modules/nixos/services/observability/alloy/default.nix +++ b/modules/nixos/services/observability/alloy/default.nix @@ -5,10 +5,10 @@ let cfg = config.${namespace}.services.observability.alloy; - httpPort = 9700; - otlpGrpcPort = 9701; - otlpHttpPort = 9702; - tempoOtlpGrpcPort = 9602; + httpPort = 9070; + otlpGrpcPort = 9071; + otlpHttpPort = 9072; + tempoOtlpGrpcPort = 9062; in { options.${namespace}.services.observability.alloy = { diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index 05fb1da..d9308c0 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -25,7 +25,7 @@ in { settings = { server = { - http_port = 9100; + http_port = 9010; http_addr = "0.0.0.0"; domain = "ulmo"; }; @@ -106,7 +106,7 @@ in { name = "Prometheus"; uid = "prometheus"; type = "prometheus"; - url = "http://localhost:9200"; + url = "http://localhost:9020"; isDefault = true; editable = false; } @@ -115,7 +115,7 @@ in { name = "Loki"; uid = "loki"; type = "loki"; - url = "http://localhost:9300"; + url = "http://localhost:9030"; editable = false; } @@ -123,7 +123,7 @@ in { name = "Tempo"; uid = "tempo"; type = "tempo"; - url = "http://localhost:9600"; + url = "http://localhost:9060"; editable = false; jsonData = { nodeGraph.enabled = true; diff --git a/modules/nixos/services/observability/loki/default.nix b/modules/nixos/services/observability/loki/default.nix index e99448e..bab5b3f 100644 --- a/modules/nixos/services/observability/loki/default.nix +++ b/modules/nixos/services/observability/loki/default.nix @@ -17,7 +17,7 @@ in auth_enabled = false; server = { - http_listen_port = 9300; + http_listen_port = 9030; }; common = { @@ -44,6 +44,6 @@ in }; }; - networking.firewall.allowedTCPPorts = [ 9300 ]; + networking.firewall.allowedTCPPorts = [ 9030 ]; }; } diff --git a/modules/nixos/services/observability/prometheus/default.nix b/modules/nixos/services/observability/prometheus/default.nix index fc09e01..c092286 100644 --- a/modules/nixos/services/observability/prometheus/default.nix +++ b/modules/nixos/services/observability/prometheus/default.nix @@ -13,7 +13,7 @@ in config = mkIf cfg.enable { services.prometheus = { enable = true; - port = 9200; + port = 9020; extraFlags = optionals config.${namespace}.services.observability.alloy.enable [ "--web.enable-remote-write-receiver" ]; @@ -24,7 +24,7 @@ in { job_name = "prometheus"; static_configs = [ - { targets = [ "localhost:9200" ]; } + { targets = [ "localhost:9020" ]; } ]; } @@ -39,7 +39,7 @@ in { job_name = "alloy"; static_configs = [ - { targets = [ "localhost:9700" ]; } + { targets = [ "localhost:9070" ]; } ]; } ] @@ -47,7 +47,7 @@ in { job_name = "tempo"; static_configs = [ - { targets = [ "localhost:9600" ]; } + { targets = [ "localhost:9060" ]; } ]; } ]; @@ -55,13 +55,13 @@ in exporters = { node = { enable = true; - port = 9201; + port = 9021; enabledCollectors = [ "systemd" ]; openFirewall = true; }; }; }; - networking.firewall.allowedTCPPorts = [ 9200 ]; + networking.firewall.allowedTCPPorts = [ 9020 ]; }; } diff --git a/modules/nixos/services/observability/promtail/default.nix b/modules/nixos/services/observability/promtail/default.nix index 40a1b87..b852f1f 100644 --- a/modules/nixos/services/observability/promtail/default.nix +++ b/modules/nixos/services/observability/promtail/default.nix @@ -25,7 +25,7 @@ in { configuration = { server = { - http_listen_port = 9400; + http_listen_port = 9040; grpc_listen_port = 0; }; @@ -35,7 +35,7 @@ in { clients = [ { - url = "http://[::1]:9300/loki/api/v1/push"; + url = "http://[::1]:9030/loki/api/v1/push"; } ]; @@ -60,6 +60,6 @@ in { }; }; - networking.firewall.allowedTCPPorts = [9400]; + networking.firewall.allowedTCPPorts = [9040]; }; } diff --git a/modules/nixos/services/observability/tempo/default.nix b/modules/nixos/services/observability/tempo/default.nix index 9a6bd89..dd0602c 100644 --- a/modules/nixos/services/observability/tempo/default.nix +++ b/modules/nixos/services/observability/tempo/default.nix @@ -4,10 +4,10 @@ let cfg = config.${namespace}.services.observability.tempo; - httpPort = 9600; - grpcPort = 9601; - otlpGrpcPort = 9602; - otlpHttpPort = 9603; + httpPort = 9060; + grpcPort = 9061; + otlpGrpcPort = 9062; + otlpHttpPort = 9063; in { options.${namespace}.services.observability.tempo = { diff --git a/modules/nixos/services/observability/uptime-kuma/default.nix b/modules/nixos/services/observability/uptime-kuma/default.nix index f4dcde4..af0cfa8 100644 --- a/modules/nixos/services/observability/uptime-kuma/default.nix +++ b/modules/nixos/services/observability/uptime-kuma/default.nix @@ -15,11 +15,11 @@ in enable = true; settings = { - PORT = toString 9500; + PORT = toString 9050; HOST = "0.0.0.0"; }; }; - networking.firewall.allowedTCPPorts = [ 9500 ]; + networking.firewall.allowedTCPPorts = [ 9050 ]; }; } diff --git a/modules/nixos/temp/services/arrtrix/default.nix b/modules/nixos/temp/services/arrtrix/default.nix index b8c7457..0e0d5c8 100644 --- a/modules/nixos/temp/services/arrtrix/default.nix +++ b/modules/nixos/temp/services/arrtrix/default.nix @@ -53,6 +53,26 @@ service_name = "arrtrix"; resource_attributes = {}; }; + network.content = { + movies = { + url = ""; + api_key = ""; + root_folder_path = ""; + quality_profile_id = 0; + minimum_availability = "released"; + search_on_add = true; + }; + series = { + url = ""; + api_key = ""; + root_folder_path = ""; + quality_profile_id = 0; + language_profile_id = 0; + season_folder = true; + series_type = "standard"; + search_on_add = true; + }; + }; }; in { options.services.arrtrix = { diff --git a/packages/arrtrix/pkg/arr/catalog_test.go b/packages/arrtrix/pkg/arr/catalog_test.go new file mode 100644 index 0000000..e3c2784 --- /dev/null +++ b/packages/arrtrix/pkg/arr/catalog_test.go @@ -0,0 +1,23 @@ +package arr + +import "testing" + +func TestParseContentType(t *testing.T) { + contentType, err := ParseContentType("Movies") + if err != nil { + t.Fatalf("ParseContentType returned error: %v", err) + } + if contentType != ContentTypeMovies { + t.Fatalf("expected movies content type, got %q", contentType) + } +} + +func TestParseEventType(t *testing.T) { + eventType, err := ParseEventType(ContentTypeSeries, "download") + if err != nil { + t.Fatalf("ParseEventType returned error: %v", err) + } + if eventType != "Download" { + t.Fatalf("expected Download event type, got %q", eventType) + } +} diff --git a/packages/arrtrix/pkg/connector/config_test.go b/packages/arrtrix/pkg/connector/config_test.go new file mode 100644 index 0000000..9516e37 --- /dev/null +++ b/packages/arrtrix/pkg/connector/config_test.go @@ -0,0 +1,23 @@ +package connector + +import "testing" + +func TestValidateConfigRejectsPartialMoviesConfig(t *testing.T) { + conn := &ArrtrixConnector{ + Config: Config{ + Content: ContentConfig{}, + }, + } + conn.Config.Content.Movies.URL = "http://radarr.test" + + if err := conn.ValidateConfig(); err == nil { + t.Fatal("expected partial movies config to fail validation") + } +} + +func TestValidateConfigAllowsEmptyContentConfig(t *testing.T) { + conn := &ArrtrixConnector{} + if err := conn.ValidateConfig(); err != nil { + t.Fatalf("ValidateConfig returned error: %v", err) + } +} diff --git a/packages/arrtrix/pkg/matrixcmd/help_test.go b/packages/arrtrix/pkg/matrixcmd/help_test.go index 73fed6d..817f7ed 100644 --- a/packages/arrtrix/pkg/matrixcmd/help_test.go +++ b/packages/arrtrix/pkg/matrixcmd/help_test.go @@ -18,6 +18,8 @@ func TestFormatHelpManagementRoom(t *testing.T) { alias: make(map[string]string), } proc.Add(NewHelpHandler(proc)) + proc.Add(NewDownloadHandler()) + proc.Add(NewSubscriptionsHandler()) out := formatHelp(proc, &Context{ Bridge: &bridgev2.Bridge{ diff --git a/packages/arrtrix/pkg/webhook/arr_test.go b/packages/arrtrix/pkg/webhook/arr_test.go index 246df72..e7e89f6 100644 --- a/packages/arrtrix/pkg/webhook/arr_test.go +++ b/packages/arrtrix/pkg/webhook/arr_test.go @@ -9,6 +9,8 @@ import ( "testing" "maunium.net/go/mautrix/id" + + "sneeuwvlok/packages/arrtrix/pkg/arr" ) type stubRoomResolver struct { @@ -26,12 +28,21 @@ type stubNoticeSender struct { err error } +type stubSubscriptionFilter struct { + allowed bool + err error +} + func (s *stubNoticeSender) SendNotice(_ context.Context, roomID id.RoomID, message string) error { s.roomID = roomID s.message = message return s.err } +func (s stubSubscriptionFilter) Allows(context.Context, id.UserID, arr.ContentType, string) (bool, error) { + return s.allowed, s.err +} + func TestMountArrRequiresBridge(t *testing.T) { router := http.NewServeMux() if err := MountArr(router, nil, nil); err == nil { @@ -112,3 +123,23 @@ func TestArrHandlerRejectsMissingEventType(t *testing.T) { t.Fatalf("expected bad request status, got %d", rec.Code) } } + +func TestArrHandlerFiltersDisabledSubscriptions(t *testing.T) { + sender := &stubNoticeSender{} + handler := &ArrHandler{ + resolver: stubRoomResolver{target: managementTarget{UserID: "@user:test", RoomID: "!room:test"}}, + sender: sender, + subscriptions: stubSubscriptionFilter{allowed: false}, + } + + req := httptest.NewRequest(http.MethodPost, ArrWebhookPath, strings.NewReader(`{"eventType":"Download","movie":{"title":"Dune","year":2021}}`)) + rec := httptest.NewRecorder() + handler.ServeHTTP(rec, req) + + if rec.Code != http.StatusAccepted { + t.Fatalf("expected accepted status, got %d", rec.Code) + } + if sender.roomID != "" { + t.Fatalf("expected no notice to be sent, got room %q", sender.roomID) + } +} diff --git a/shells/default/default.nix b/shells/default/default.nix index ed12b5c..76d15b7 100644 --- a/shells/default/default.nix +++ b/shells/default/default.nix @@ -18,5 +18,6 @@ mkShell { openssl inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli nix-output-monitor + dos2unix ]; } diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 18c5751..59077d8 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -140,13 +140,13 @@ }; mydia = { - redirectUris = ["http://localhost:2010/auth/oidc/callback"]; + redirectUris = ["http://localhost:2100/auth/oidc/callback"]; grantTypes = ["authorizationCode"]; responseTypes = ["code"]; }; grafana = { - redirectUris = ["http://localhost:9100/login/generic_oauth"]; + redirectUris = ["http://localhost:9010/login/generic_oauth"]; grantTypes = ["authorizationCode"]; responseTypes = ["code"]; }; @@ -224,7 +224,7 @@ media.servarr = { radarr = { enable = true; - port = 2001; + port = 2010; rootFolders = [ "/var/media/movies" ]; @@ -233,7 +233,7 @@ sonarr = { enable = true; # debug = true; - port = 2002; + port = 2020; rootFolders = [ "/var/media/series" ]; @@ -242,7 +242,7 @@ lidarr = { enable = true; debug = true; - port = 2003; + port = 2030; rootFolders = [ "/var/media/music" ]; @@ -251,7 +251,7 @@ prowlarr = { enable = true; # debug = true; - port = 2004; + port = 2040; }; }; diff --git a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo b/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/api_key/users/chris b/vars/per-machine/ulmo/lidarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo b/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/users/chris b/vars/per-machine/ulmo/lidarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo b/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/users/chris b/vars/per-machine/ulmo/postgresql/.pgpass/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/.pgpass/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris b/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris b/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/radarr_password/users/chris b/vars/per-machine/ulmo/postgresql/radarr_password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/radarr_password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo b/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.crt/users/chris b/vars/per-machine/ulmo/postgresql/server.crt/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.crt/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo b/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.key/users/chris b/vars/per-machine/ulmo/postgresql/server.key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris b/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo b/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/users/chris b/vars/per-machine/ulmo/prowlarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo b/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/users/chris b/vars/per-machine/ulmo/prowlarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password/users/chris b/vars/per-machine/ulmo/qbittorrent/password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris b/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo b/vars/per-machine/ulmo/radarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/users/chris b/vars/per-machine/ulmo/radarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo b/vars/per-machine/ulmo/radarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/users/chris b/vars/per-machine/ulmo/radarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/users/chris b/vars/per-machine/ulmo/sabnzbd/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris b/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris b/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/password/users/chris b/vars/per-machine/ulmo/sabnzbd/password/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/password/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/username/users/chris b/vars/per-machine/ulmo/sabnzbd/username/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/username/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo b/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris b/vars/per-machine/ulmo/servarr/config.tfvars/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/servarr/config.tfvars/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo b/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/users/chris b/vars/per-machine/ulmo/sonarr/api_key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/api_key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo b/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo new file mode 120000 index 0000000..e5129f9 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo @@ -0,0 +1 @@ +../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/users/chris b/vars/per-machine/ulmo/sonarr/config.env/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/config.env/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From e07257e13723ec55035fc9f41f9b3f3f16feb986 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 16 Apr 2026 15:36:33 +0200 Subject: [PATCH 57/58] checkpoint --- flake.nix | 4 ++ .../authentication/zitadel/default.nix | 11 ++- .../services/communication/matrix/default.nix | 36 ++++++++-- .../nixos/services/media/glance/default.nix | 10 +-- .../nixos/services/media/servarr/default.nix | 42 +++++++---- .../services/networking/caddy/default.nix | 2 + .../services/observability/alloy/default.nix | 23 +++--- .../observability/grafana/default.nix | 72 +++++++++---------- .../services/observability/tempo/default.nix | 21 +++--- .../nixos/temp/services/arrtrix/default.nix | 13 ++++ packages/arrtrix/pkg/runtime/envconfig.go | 50 +++++++++++++ .../arrtrix/pkg/runtime/envconfig_test.go | 57 +++++++++++++++ systems/x86_64-linux/ulmo/default.nix | 25 ------- .../ulmo/lidarr/api_key/machines/ulmo | 1 - .../ulmo/lidarr/api_key/users/chris | 1 - .../ulmo/lidarr/config.env/machines/ulmo | 1 - .../ulmo/lidarr/config.env/users/chris | 1 - .../ulmo/postgresql/.pgpass/machines/ulmo | 1 - .../ulmo/postgresql/.pgpass/users/chris | 1 - .../ulmo/postgresql/lidarr_hash/users/chris | 1 - .../postgresql/lidarr_password/users/chris | 1 - .../ulmo/postgresql/prowlarr_hash/users/chris | 1 - .../postgresql/prowlarr_password/users/chris | 1 - .../ulmo/postgresql/radarr_hash/users/chris | 1 - .../postgresql/radarr_password/users/chris | 1 - .../ulmo/postgresql/server.crt/machines/ulmo | 1 - .../ulmo/postgresql/server.crt/users/chris | 1 - .../ulmo/postgresql/server.key/machines/ulmo | 1 - .../ulmo/postgresql/server.key/users/chris | 1 - .../ulmo/postgresql/sonarr_hash/users/chris | 1 - .../postgresql/sonarr_password/users/chris | 1 - .../ulmo/prowlarr/api_key/machines/ulmo | 1 - .../ulmo/prowlarr/api_key/users/chris | 1 - .../ulmo/prowlarr/config.env/machines/ulmo | 1 - .../ulmo/prowlarr/config.env/users/chris | 1 - .../ulmo/qbittorrent/password/machines/ulmo | 1 - .../ulmo/qbittorrent/password/users/chris | 1 - .../qbittorrent/password_hash/machines/ulmo | 1 - .../qbittorrent/password_hash/users/chris | 1 - .../qBittorrent.conf/machines/ulmo | 1 - .../qbittorrent/qBittorrent.conf/users/chris | 1 - .../ulmo/radarr/api_key/machines/ulmo | 1 - .../ulmo/radarr/api_key/users/chris | 1 - .../ulmo/radarr/config.env/machines/ulmo | 1 - .../ulmo/radarr/config.env/users/chris | 1 - .../ulmo/sabnzbd/api_key/machines/ulmo | 1 - .../ulmo/sabnzbd/api_key/users/chris | 1 - .../ulmo/sabnzbd/config.ini/machines/ulmo | 1 - .../ulmo/sabnzbd/config.ini/users/chris | 1 - .../ulmo/sabnzbd/nzb_key/machines/ulmo | 1 - .../ulmo/sabnzbd/nzb_key/users/chris | 1 - .../ulmo/sabnzbd/password/machines/ulmo | 1 - .../ulmo/sabnzbd/password/users/chris | 1 - .../ulmo/sabnzbd/username/machines/ulmo | 1 - .../ulmo/sabnzbd/username/users/chris | 1 - .../ulmo/servarr/config.tfvars/machines/ulmo | 1 - .../ulmo/servarr/config.tfvars/users/chris | 1 - .../ulmo/sonarr/api_key/machines/ulmo | 1 - .../ulmo/sonarr/api_key/users/chris | 1 - .../ulmo/sonarr/config.env/machines/ulmo | 1 - .../ulmo/sonarr/config.env/users/chris | 1 - 61 files changed, 258 insertions(+), 156 deletions(-) create mode 100644 packages/arrtrix/pkg/runtime/envconfig_test.go delete mode 120000 vars/per-machine/ulmo/lidarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/lidarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/lidarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/lidarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo delete mode 120000 vars/per-machine/ulmo/postgresql/.pgpass/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/lidarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/radarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/radarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo delete mode 120000 vars/per-machine/ulmo/postgresql/server.crt/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/server.key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/postgresql/server.key/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris delete mode 120000 vars/per-machine/ulmo/postgresql/sonarr_password/users/chris delete mode 120000 vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/prowlarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/prowlarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/qbittorrent/password/machines/ulmo delete mode 120000 vars/per-machine/ulmo/qbittorrent/password/users/chris delete mode 120000 vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo delete mode 120000 vars/per-machine/ulmo/qbittorrent/password_hash/users/chris delete mode 120000 vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo delete mode 120000 vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris delete mode 120000 vars/per-machine/ulmo/radarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/radarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/radarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/radarr/config.env/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sabnzbd/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sabnzbd/config.ini/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/password/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sabnzbd/password/users/chris delete mode 120000 vars/per-machine/ulmo/sabnzbd/username/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sabnzbd/username/users/chris delete mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo delete mode 120000 vars/per-machine/ulmo/servarr/config.tfvars/users/chris delete mode 120000 vars/per-machine/ulmo/sonarr/api_key/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sonarr/api_key/users/chris delete mode 120000 vars/per-machine/ulmo/sonarr/config.env/machines/ulmo delete mode 120000 vars/per-machine/ulmo/sonarr/config.env/users/chris diff --git a/flake.nix b/flake.nix index 7ccab59..692afe1 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,10 @@ { description = "Nixos config flake"; + nixConfig = { + warn-dirty = false; + }; + inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index 7674835..6e42eeb 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -1,9 +1,10 @@ { config, lib, pkgs, namespace, system, inputs, ... }: let - inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; + inherit (lib) mkIf mkEnableOption mkOption toString types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; inherit (lib.${namespace}.strings) toSnakeCase; cfg = config.${namespace}.services.authentication.zitadel; + port = 3010; database = "zitadel"; in @@ -543,12 +544,12 @@ in networking.caddy = { hosts = { "auth.kruining.eu" = '' - reverse_proxy h2c://[::1]:9092 + reverse_proxy h2c://[::1]:${toString port} ''; }; extraConfig = '' (auth) { - forward_auth h2c://[::1]:9092 { + forward_auth h2c://[::1]:${toString port} { uri /api/authz/forward-auth copy_headers Remote-User Remote-Groups Remote-Email Remote-Name } @@ -612,7 +613,7 @@ in masterKeyFile = config.sops.secrets."zitadel/masterKey".path; tlsMode = "external"; settings = { - Port = 9092; + Port = port; ExternalDomain = "auth.kruining.eu"; ExternalPort = 443; @@ -698,8 +699,6 @@ in }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - # Secrets sops = { secrets = { diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index cd5aff2..4661f2a 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -112,9 +112,29 @@ in { (mkMautrix "mautrix-telegram" 2 {}) (mkMautrix "mautrix-whatsapp" 3 {}) (mkMautrix "arrtrix" 4 { - settings.observability = { - otlp_grpc_endpoint = "http://[::1]:1000"; - service_name = "arrtrix"; + environmentFile = config.sops.templates."arrtrix/secrets".path; + + settings = { + observability = { + otlp_grpc_endpoint = "http://[::1]:9062"; + service_name = "arrtrix"; + }; + + network.content = { + movies = { + url = "http://[::1]:${toString config.services.radarr.settings.server.port}"; + api_key = "$RADARR_APIKEY"; + root_folder_path = "/var/media/movies"; + quality_profile_id = 5; + }; + series = { + url = "http://[::1]:${toString config.services.radarr.settings.server.port}"; + api_key = "$SONARR_APIKEY"; + root_folder_path = "/var/media/series"; + quality_profile_id = 5; + language_profile_id = 1; + }; + }; }; }) { @@ -167,7 +187,7 @@ in { }; sso = { - client_whitelist = ["http://[::1]:9092/" "https://auth.kruining.eu/"]; + client_whitelist = ["http://[::1]:${toString config.services.zitadel.settings.Port}/" "https://auth.kruining.eu/"]; update_profile_information = true; }; @@ -365,6 +385,14 @@ in { ''; restartUnits = ["matrix-synapse.service"]; }; + "arrtrix/secrets" = { + owner = "arrtrix"; + content = '' + RADARR_APIKEY=${config.sops.placeholder."radarr/apikey"} + SONARR_APIKEY=${config.sops.placeholder."sonarr/apikey"} + ''; + restartUnits = ["arrtrix.service"]; + }; }; }; }; diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix index b042297..bdd4c87 100644 --- a/modules/nixos/services/media/glance/default.nix +++ b/modules/nixos/services/media/glance/default.nix @@ -13,11 +13,11 @@ in { }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy.hosts = { - "https://${config.networking.hostName}:443" = '' - reverse_proxy http://[::1]:2000 - ''; - }; + # ${namespace}.services.networking.caddy.hosts = { + # "https://${config.networking.hostName}.arda:443" = '' + # reverse_proxy http://[::1]:2000 + # ''; + # }; services.glance = { enable = true; diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 18932b1..ed9b94a 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -56,7 +56,8 @@ in { auth.authenticationMethod = "External"; server = { - bindaddress = "0.0.0.0"; + # bindaddress = "0.0.0.0"; + bindaddress = "[::]"; port = port; }; @@ -194,7 +195,7 @@ in { source = "devopsarr/${service}"; version = { - radarr = "2.3.3"; + radarr = "2.3.5"; sonarr = "3.4.0"; prowlarr = "3.1.0"; lidarr = "1.13.0"; @@ -217,10 +218,15 @@ in { { method = 1; # HTTP METHOD 1=POST, 2=PUT name = "Arrtrix"; - url = "http://[::1]${toString config'.services.arrtrix.settings.appservice.port}"; + url = "http://localhost:${toString config'.services.arrtrix.settings.appservice.port}/_arrtrix/webhook"; + + on_grab = true; + on_download = true; + on_rename = true; + on_upgrade = true; } // (lib.optionalAttrs (lib.elem service ["radarr" "whisparr"]) { - onMovieDelete = true; + on_movie_delete = true; }); }; @@ -244,15 +250,25 @@ in { }; "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { - "main" = { - name = "SABnzbd"; - enable = true; - priority = 1; - host = "localhost"; - api_key = lib.tfRef "var.sabnzbd_api_key"; - url_base = "/"; - port = 2090; - }; + "main" = + { + name = "SABnzbd"; + enable = true; + priority = 1; + host = "localhost"; + api_key = lib.tfRef "var.sabnzbd_api_key"; + url_base = "/"; + port = 2090; + } + // ({ + radarr = {movie_category = "movies";}; + sonarr = {tv_category = "tv";}; + lidarr = {music_category = "audio";}; + whisparr = {movie_category = "movies";}; + readarr = {book_category = "Default";}; + }.${ + service + }); }; } // (lib.optionalAttrs (service == "prowlarr") ( diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix index e18a707..21ab908 100644 --- a/modules/nixos/services/networking/caddy/default.nix +++ b/modules/nixos/services/networking/caddy/default.nix @@ -24,6 +24,8 @@ in { }; config = mkIf hasHosts { + networking.firewall.allowedTCPPorts = [80 443]; + services.caddy = { enable = cfg.enable; diff --git a/modules/nixos/services/observability/alloy/default.nix b/modules/nixos/services/observability/alloy/default.nix index c6f5cac..3b64f2e 100644 --- a/modules/nixos/services/observability/alloy/default.nix +++ b/modules/nixos/services/observability/alloy/default.nix @@ -1,5 +1,9 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + namespace, + ... +}: let inherit (builtins) toString; inherit (lib) mkEnableOption mkIf; @@ -9,8 +13,7 @@ let otlpGrpcPort = 9071; otlpHttpPort = 9072; tempoOtlpGrpcPort = 9062; -in -{ +in { options.${namespace}.services.observability.alloy = { enable = mkEnableOption "enable Grafana Alloy"; }; @@ -21,7 +24,7 @@ in configPath = "/etc/alloy"; extraFlags = [ "--disable-reporting" - "--server.http.listen-addr=0.0.0.0:${toString httpPort}" + "--server.http.listen-addr=[::]:${toString httpPort}" "--storage.path=/var/lib/alloy" ]; }; @@ -29,11 +32,11 @@ in environment.etc."alloy/config.alloy".text = '' otelcol.receiver.otlp "default" { grpc { - endpoint = "127.0.0.1:${toString otlpGrpcPort}" + endpoint = "[::1]:${toString otlpGrpcPort}" } http { - endpoint = "127.0.0.1:${toString otlpHttpPort}" + endpoint = "[::1]:${toString otlpHttpPort}" } output { @@ -60,13 +63,13 @@ in prometheus.remote_write "local" { endpoint { - url = "http://127.0.0.1:${toString config.services.prometheus.port}/api/v1/write" + url = "http://[::1]:${toString config.services.prometheus.port}/api/v1/write" } } otelcol.exporter.otlp "tempo" { client { - endpoint = "127.0.0.1:${toString tempoOtlpGrpcPort}" + endpoint = "[::1]:${toString tempoOtlpGrpcPort}" tls { insecure = true @@ -75,6 +78,6 @@ in } ''; - networking.firewall.allowedTCPPorts = [ httpPort ]; + networking.firewall.allowedTCPPorts = [httpPort]; }; } diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index d9308c0..363033c 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -26,7 +26,7 @@ in { settings = { server = { http_port = 9010; - http_addr = "0.0.0.0"; + http_addr = "::"; domain = "ulmo"; }; @@ -102,43 +102,43 @@ in { }; datasources.settings.datasources = [ - { - name = "Prometheus"; - uid = "prometheus"; - type = "prometheus"; - url = "http://localhost:9020"; - isDefault = true; - editable = false; - } + # { + # name = "Prometheus"; + # uid = "prometheus"; + # type = "prometheus"; + # url = "http://[::1]:9020"; + # isDefault = true; + # editable = false; + # } - { - name = "Loki"; - uid = "loki"; - type = "loki"; - url = "http://localhost:9030"; - editable = false; - } + # { + # name = "Loki"; + # uid = "loki"; + # type = "loki"; + # url = "http://[::1]:9030"; + # editable = false; + # } - { - name = "Tempo"; - uid = "tempo"; - type = "tempo"; - url = "http://localhost:9060"; - editable = false; - jsonData = { - nodeGraph.enabled = true; - serviceMap.datasourceUid = "prometheus"; - tracesToLogsV2 = { - datasourceUid = "loki"; - filterByTraceID = true; - spanStartTimeShift = "-1h"; - spanEndTimeShift = "1h"; - }; - }; - } - ]; - }; - }; + # { + # name = "Tempo"; + # uid = "tempo"; + # type = "tempo"; + # url = "http://localhost:9060"; + # editable = false; + # jsonData = { + # nodeGraph.enabled = true; + # serviceMap.datasourceUid = "prometheus"; + # tracesToLogsV2 = { + # datasourceUid = "loki"; + # filterByTraceID = true; + # spanStartTimeShift = "-1h"; + # spanEndTimeShift = "1h"; + # }; + # }; + # } + ]; + }; + }; postgresql = { enable = true; diff --git a/modules/nixos/services/observability/tempo/default.nix b/modules/nixos/services/observability/tempo/default.nix index dd0602c..46339bc 100644 --- a/modules/nixos/services/observability/tempo/default.nix +++ b/modules/nixos/services/observability/tempo/default.nix @@ -1,5 +1,9 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + namespace, + ... +}: let inherit (lib) mkEnableOption mkIf; cfg = config.${namespace}.services.observability.tempo; @@ -8,8 +12,7 @@ let grpcPort = 9061; otlpGrpcPort = 9062; otlpHttpPort = 9063; -in -{ +in { options.${namespace}.services.observability.tempo = { enable = mkEnableOption "enable Grafana Tempo"; }; @@ -22,15 +25,15 @@ in search_enabled = true; server = { - http_listen_address = "0.0.0.0"; + http_listen_address = "[::]"; http_listen_port = httpPort; - grpc_listen_address = "127.0.0.1"; + grpc_listen_address = "[::1]"; grpc_listen_port = grpcPort; }; distributor.receivers.otlp.protocols = { - grpc.endpoint = "127.0.0.1:${builtins.toString otlpGrpcPort}"; - http.endpoint = "127.0.0.1:${builtins.toString otlpHttpPort}"; + grpc.endpoint = "[::1]:${builtins.toString otlpGrpcPort}"; + http.endpoint = "[::1]:${builtins.toString otlpHttpPort}"; }; storage.trace = { @@ -43,6 +46,6 @@ in }; }; - networking.firewall.allowedTCPPorts = [ httpPort ]; + networking.firewall.allowedTCPPorts = [httpPort]; }; } diff --git a/modules/nixos/temp/services/arrtrix/default.nix b/modules/nixos/temp/services/arrtrix/default.nix index 0e0d5c8..6bb1d9f 100644 --- a/modules/nixos/temp/services/arrtrix/default.nix +++ b/modules/nixos/temp/services/arrtrix/default.nix @@ -106,6 +106,18 @@ in { example = {}; }; + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + File containing environment variables to be passed to the arrtrix service. + If an environment variable `ARRTRIX_BRIDGE_LOGIN_SHARED_SECRET` is set, + then its value will be used in the configuration file for the option + `double_puppet.secrets` without leaking it to the store, using the configured + `homeserver.domain` as key. + ''; + }; + serviceDependencies = lib.mkOption { type = with lib.types; listOf str; default = @@ -168,6 +180,7 @@ in { StateDirectory = baseNameOf dataDir; WorkingDirectory = dataDir; + EnvironmentFile = cfg.environmentFile; ExecStart = '' ${lib.getExe cfg.package} --config='${settingsFile}' --registration='${registrationFile}' diff --git a/packages/arrtrix/pkg/runtime/envconfig.go b/packages/arrtrix/pkg/runtime/envconfig.go index f8ffd13..173de78 100644 --- a/packages/arrtrix/pkg/runtime/envconfig.go +++ b/packages/arrtrix/pkg/runtime/envconfig.go @@ -36,12 +36,16 @@ func updateConfigFromEnv(cfg, networkData any, prefix string) error { } key = strings.ToLower(key) + lookupKey := key if !strings.ContainsRune(key, '.') { key = strings.ReplaceAll(key, "__", ".") } path := strings.Split(key, ".") field, ok := reflectGetFromMainOrNetwork(cfgVal, networkVal, path) + if !ok && !strings.ContainsRune(lookupKey, '.') { + field, ok = reflectGetFromMainOrNetworkTokens(cfgVal, networkVal, strings.Split(lookupKey, "_")) + } if !ok { return fmt.Errorf("%s not found", formatKey(path)) } @@ -80,6 +84,13 @@ func reflectGetFromMainOrNetwork(main, network reflect.Value, path []string) (*r return reflectGetYAML(main, path) } +func reflectGetFromMainOrNetworkTokens(main, network reflect.Value, tokens []string) (*reflectedField, bool) { + if len(tokens) > 0 && normalizeKey(tokens[0]) == "network" { + return reflectGetYAMLTokens(network, tokens[1:]) + } + return reflectGetYAMLTokens(main, tokens) +} + func reflectGetYAML(value reflect.Value, path []string) (*reflectedField, bool) { if len(path) == 0 { return &reflectedField{value: value, valueKind: value.Kind()}, true @@ -108,6 +119,41 @@ func reflectGetYAML(value reflect.Value, path []string) (*reflectedField, bool) return nil, false } +func reflectGetYAMLTokens(value reflect.Value, tokens []string) (*reflectedField, bool) { + if len(tokens) == 0 { + return &reflectedField{value: value, valueKind: value.Kind()}, true + } + if value.Kind() == reflect.Ptr { + value = value.Elem() + } + + switch value.Kind() { + case reflect.Map: + return &reflectedField{ + value: value, + valueKind: value.Type().Elem().Kind(), + remainingPath: []string{strings.Join(tokens, "_")}, + }, true + case reflect.Struct: + fields := reflect.VisibleFields(value.Type()) + for _, field := range fields { + name := yamlFieldName(field) + if name == "" { + continue + } + normalizedFieldName := normalizeKey(name) + for i := len(tokens); i >= 1; i-- { + if normalizeKey(strings.Join(tokens[:i], "_")) != normalizedFieldName { + continue + } + return reflectGetYAMLTokens(value.FieldByIndex(field.Index), tokens[i:]) + } + } + } + + return nil, false +} + func yamlFieldName(field reflect.StructField) string { parts := strings.SplitN(field.Tag.Get("yaml"), ",", 2) switch name := parts[0]; { @@ -120,6 +166,10 @@ func yamlFieldName(field reflect.StructField) string { } } +func normalizeKey(value string) string { + return strings.ReplaceAll(strings.ToLower(value), "_", "") +} + func setReflectedValue(field *reflectedField, path []string, raw string) error { parsed, err := parseValue(field.valueKind, raw, path) if err != nil { diff --git a/packages/arrtrix/pkg/runtime/envconfig_test.go b/packages/arrtrix/pkg/runtime/envconfig_test.go new file mode 100644 index 0000000..6381a47 --- /dev/null +++ b/packages/arrtrix/pkg/runtime/envconfig_test.go @@ -0,0 +1,57 @@ +package runtime + +import ( + "os" + "testing" + + "maunium.net/go/mautrix/bridgev2/bridgeconfig" + + "sneeuwvlok/packages/arrtrix/pkg/connector" +) + +func TestUpdateConfigFromEnvSupportsFlatUnderscorePaths(t *testing.T) { + t.Setenv("ARRTRIX_NETWORK_CONTENT_MOVIES_APIKEY", "radarr-secret") + + cfg := &bridgeconfig.Config{} + network := &connector.Config{} + if err := updateConfigFromEnv(cfg, network, "ARRTRIX_"); err != nil { + t.Fatalf("updateConfigFromEnv returned error: %v", err) + } + + if network.Content.Movies.APIKey != "radarr-secret" { + t.Fatalf("expected movies api key to be overridden, got %q", network.Content.Movies.APIKey) + } +} + +func TestUpdateConfigFromEnvSupportsExplicitUnderscoredFieldNames(t *testing.T) { + t.Setenv("ARRTRIX_NETWORK_CONTENT_MOVIES_ROOT_FOLDER_PATH", "/data/movies") + + cfg := &bridgeconfig.Config{} + network := &connector.Config{} + if err := updateConfigFromEnv(cfg, network, "ARRTRIX_"); err != nil { + t.Fatalf("updateConfigFromEnv returned error: %v", err) + } + + if network.Content.Movies.RootFolderPath != "/data/movies" { + t.Fatalf("expected root folder path to be overridden, got %q", network.Content.Movies.RootFolderPath) + } +} + +func TestUpdateConfigFromEnvSupportsDoubleUnderscorePaths(t *testing.T) { + t.Setenv("ARRTRIX_NETWORK__CONTENT__SERIES__API_KEY", "sonarr-secret") + + cfg := &bridgeconfig.Config{} + network := &connector.Config{} + if err := updateConfigFromEnv(cfg, network, "ARRTRIX_"); err != nil { + t.Fatalf("updateConfigFromEnv returned error: %v", err) + } + + if network.Content.Series.APIKey != "sonarr-secret" { + t.Fatalf("expected series api key to be overridden, got %q", network.Content.Series.APIKey) + } +} + +func TestMain(m *testing.M) { + code := m.Run() + os.Exit(code) +} diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 59077d8..fd25824 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -39,31 +39,6 @@ }; }; - # virtualisation = { - # containers.enable = true; - # podman = { - # enable = true; - # dockerCompat = true; - # }; - - # oci-containers = { - # backend = "podman"; - # containers = { - # homey = { - # image = "ghcr.io/athombv/homey-shs:latest"; - # autoStart = true; - # privileged = true; - # volumes = [ - # "/home/chris/.homey-shs:/homey/user" - # ]; - # ports = [ - # "4859:4859" - # ]; - # }; - # }; - # }; - # }; - sneeuwvlok = { services = { backup.borg.enable = true; diff --git a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo b/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/lidarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/api_key/users/chris b/vars/per-machine/ulmo/lidarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/lidarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo b/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/lidarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/lidarr/config.env/users/chris b/vars/per-machine/ulmo/lidarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/lidarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo b/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/postgresql/.pgpass/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/users/chris b/vars/per-machine/ulmo/postgresql/.pgpass/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/.pgpass/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/lidarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris b/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/lidarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/prowlarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris b/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/prowlarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/radarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/radarr_password/users/chris b/vars/per-machine/ulmo/postgresql/radarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/radarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo b/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/postgresql/server.crt/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.crt/users/chris b/vars/per-machine/ulmo/postgresql/server.crt/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/server.crt/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo b/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/postgresql/server.key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/server.key/users/chris b/vars/per-machine/ulmo/postgresql/server.key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/server.key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris b/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/sonarr_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris b/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/postgresql/sonarr_password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo b/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/prowlarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/api_key/users/chris b/vars/per-machine/ulmo/prowlarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/prowlarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo b/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/prowlarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/prowlarr/config.env/users/chris b/vars/per-machine/ulmo/prowlarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/prowlarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/qbittorrent/password/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password/users/chris b/vars/per-machine/ulmo/qbittorrent/password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/qbittorrent/password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/qbittorrent/password_hash/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris b/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/qbittorrent/password_hash/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo b/vars/per-machine/ulmo/radarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/radarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/api_key/users/chris b/vars/per-machine/ulmo/radarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/radarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo b/vars/per-machine/ulmo/radarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/radarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/radarr/config.env/users/chris b/vars/per-machine/ulmo/radarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/radarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/users/chris b/vars/per-machine/ulmo/sabnzbd/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/config.ini/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris b/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/config.ini/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/nzb_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris b/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/nzb_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/password/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/password/users/chris b/vars/per-machine/ulmo/sabnzbd/password/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/password/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo b/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sabnzbd/username/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sabnzbd/username/users/chris b/vars/per-machine/ulmo/sabnzbd/username/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sabnzbd/username/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo b/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/servarr/config.tfvars/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris b/vars/per-machine/ulmo/servarr/config.tfvars/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/servarr/config.tfvars/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo b/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sonarr/api_key/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/api_key/users/chris b/vars/per-machine/ulmo/sonarr/api_key/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sonarr/api_key/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo b/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo deleted file mode 120000 index e5129f9..0000000 --- a/vars/per-machine/ulmo/sonarr/config.env/machines/ulmo +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/machines/ulmo \ No newline at end of file diff --git a/vars/per-machine/ulmo/sonarr/config.env/users/chris b/vars/per-machine/ulmo/sonarr/config.env/users/chris deleted file mode 120000 index 91b7741..0000000 --- a/vars/per-machine/ulmo/sonarr/config.env/users/chris +++ /dev/null @@ -1 +0,0 @@ -../../../../../../sops/users/chris \ No newline at end of file From 100a218aed5ba11ce4ff77b5c6d162bfe221955c Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 16 Apr 2026 16:55:52 +0200 Subject: [PATCH 58/58] Add poster image support to Matrix download listings - Fetch and display poster images for tracked items in Matrix - Show monitored/unmonitored icons in listings - Limit displayed items to 12, with count and overflow message - Add tests for image fetching and formatting - Enable Grafana datasources - Fix Sonarr/Radarr URL config bug --- .../services/communication/matrix/default.nix | 4 +- .../observability/grafana/default.nix | 64 ++++---- packages/arrtrix/pkg/arrclient/client.go | 152 ++++++++++++++++++ packages/arrtrix/pkg/arrclient/client_test.go | 80 +++++++++ packages/arrtrix/pkg/arrclient/radarr.go | 22 ++- packages/arrtrix/pkg/arrclient/sonarr.go | 22 ++- packages/arrtrix/pkg/matrixcmd/download.go | 58 +++++-- .../arrtrix/pkg/matrixcmd/download_test.go | 44 +++++ packages/arrtrix/pkg/matrixcmd/processor.go | 45 +++++- 9 files changed, 432 insertions(+), 59 deletions(-) create mode 100644 packages/arrtrix/pkg/arrclient/client_test.go create mode 100644 packages/arrtrix/pkg/matrixcmd/download_test.go diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 4661f2a..9a7d53c 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -116,7 +116,7 @@ in { settings = { observability = { - otlp_grpc_endpoint = "http://[::1]:9062"; + otlp_grpc_endpoint = "http://[::1]:9071"; service_name = "arrtrix"; }; @@ -128,7 +128,7 @@ in { quality_profile_id = 5; }; series = { - url = "http://[::1]:${toString config.services.radarr.settings.server.port}"; + url = "http://[::1]:${toString config.services.sonarr.settings.server.port}"; api_key = "$SONARR_APIKEY"; root_folder_path = "/var/media/series"; quality_profile_id = 5; diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index 363033c..879ecdc 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -102,40 +102,40 @@ in { }; datasources.settings.datasources = [ - # { - # name = "Prometheus"; - # uid = "prometheus"; - # type = "prometheus"; - # url = "http://[::1]:9020"; - # isDefault = true; - # editable = false; - # } + { + name = "Prometheus"; + uid = "prometheus"; + type = "prometheus"; + url = "http://[::1]:9020"; + isDefault = true; + editable = false; + } - # { - # name = "Loki"; - # uid = "loki"; - # type = "loki"; - # url = "http://[::1]:9030"; - # editable = false; - # } + { + name = "Loki"; + uid = "loki"; + type = "loki"; + url = "http://[::1]:9030"; + editable = false; + } - # { - # name = "Tempo"; - # uid = "tempo"; - # type = "tempo"; - # url = "http://localhost:9060"; - # editable = false; - # jsonData = { - # nodeGraph.enabled = true; - # serviceMap.datasourceUid = "prometheus"; - # tracesToLogsV2 = { - # datasourceUid = "loki"; - # filterByTraceID = true; - # spanStartTimeShift = "-1h"; - # spanEndTimeShift = "1h"; - # }; - # }; - # } + { + name = "Tempo"; + uid = "tempo"; + type = "tempo"; + url = "http://localhost:9060"; + editable = false; + jsonData = { + nodeGraph.enabled = true; + serviceMap.datasourceUid = "prometheus"; + tracesToLogsV2 = { + datasourceUid = "loki"; + filterByTraceID = true; + spanStartTimeShift = "-1h"; + spanEndTimeShift = "1h"; + }; + }; + } ]; }; }; diff --git a/packages/arrtrix/pkg/arrclient/client.go b/packages/arrtrix/pkg/arrclient/client.go index 558dc52..fc7fb53 100644 --- a/packages/arrtrix/pkg/arrclient/client.go +++ b/packages/arrtrix/pkg/arrclient/client.go @@ -5,10 +5,13 @@ import ( "context" "encoding/json" "fmt" + "html" "io" + "mime" "net/http" "net/url" "path" + "path/filepath" "strings" "sneeuwvlok/packages/arrtrix/pkg/arr" @@ -21,6 +24,7 @@ type Client interface { Add(context.Context, SearchResult) (*ManagedItem, error) SetMonitored(context.Context, int64, bool) (*ManagedItem, error) Delete(context.Context, int64) error + FetchImage(context.Context, ManagedItem) (*MediaAsset, error) } type SearchResult struct { @@ -37,6 +41,13 @@ type ManagedItem struct { Year int Monitored bool Path string + ImageURL string +} + +type MediaAsset struct { + Data []byte + FileName string + MimeType string } type RadarrConfig struct { @@ -65,6 +76,12 @@ type httpClient struct { httpClient *http.Client } +type mediaImage struct { + CoverType string `json:"coverType"` + URL string `json:"url"` + RemoteURL string `json:"remoteUrl"` +} + func (c *RadarrConfig) ApplyDefaults() { if c.MinimumAvailability == "" { c.MinimumAvailability = "released" @@ -209,3 +226,138 @@ func FormatSearchResult(result SearchResult) string { } return result.Title } + +func FormatManagedItem(item ManagedItem) string { + if item.Year != 0 { + return fmt.Sprintf("%s (%d)", item.Title, item.Year) + } + return item.Title +} + +func EscapeText(text string) string { + return html.EscapeString(text) +} + +func (c *httpClient) FetchImage(ctx context.Context, item ManagedItem) (*MediaAsset, error) { + imageURL := strings.TrimSpace(item.ImageURL) + if imageURL == "" { + return nil, nil + } + + endpoint, err := url.Parse(imageURL) + if err != nil { + return nil, fmt.Errorf("parse image URL: %w", err) + } + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, c.baseURL.ResolveReference(endpoint).String(), nil) + if err != nil { + return nil, err + } + if sameHost(req.URL, c.baseURL) { + req.Header.Set("X-Api-Key", c.apiKey) + } + + resp, err := c.httpClient.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + if resp.StatusCode < 200 || resp.StatusCode >= 300 { + data, _ := io.ReadAll(io.LimitReader(resp.Body, 4096)) + return nil, fmt.Errorf("GET %s returned %d: %s", req.URL.String(), resp.StatusCode, strings.TrimSpace(string(data))) + } + + data, err := io.ReadAll(io.LimitReader(resp.Body, 10<<20)) + if err != nil { + return nil, err + } + + mimeType := strings.TrimSpace(resp.Header.Get("Content-Type")) + if idx := strings.Index(mimeType, ";"); idx >= 0 { + mimeType = strings.TrimSpace(mimeType[:idx]) + } + if mimeType == "" { + mimeType = http.DetectContentType(data) + } + + return &MediaAsset{ + Data: data, + FileName: imageFileName(item, endpoint, mimeType), + MimeType: mimeType, + }, nil +} + +func (c *httpClient) imageURL(images []mediaImage) string { + for _, coverType := range []string{"poster", "cover", "fanart"} { + for _, image := range images { + if !strings.EqualFold(image.CoverType, coverType) { + continue + } + if resolved := c.resolveMediaURL(image); resolved != "" { + return resolved + } + } + } + return "" +} + +func (c *httpClient) resolveMediaURL(image mediaImage) string { + switch { + case strings.TrimSpace(image.URL) != "": + ref, err := url.Parse(strings.TrimSpace(image.URL)) + if err != nil { + return "" + } + return c.baseURL.ResolveReference(ref).String() + case strings.TrimSpace(image.RemoteURL) != "": + return strings.TrimSpace(image.RemoteURL) + default: + return "" + } +} + +func imageFileName(item ManagedItem, endpoint *url.URL, mimeType string) string { + baseName := sanitizeFileName(strings.TrimSpace(item.Title)) + if baseName == "" { + baseName = fmt.Sprintf("arrtrix-%d", item.ID) + } + + ext := strings.TrimSpace(filepath.Ext(endpoint.Path)) + if ext == "" && mimeType != "" { + if extensions, err := mime.ExtensionsByType(mimeType); err == nil && len(extensions) > 0 { + ext = extensions[0] + } + } + if ext == "" { + ext = ".jpg" + } + if item.ID != 0 { + return fmt.Sprintf("%s-%d%s", baseName, item.ID, ext) + } + return baseName + ext +} + +func sanitizeFileName(value string) string { + replacer := strings.NewReplacer( + "<", "", + ">", "", + ":", "", + "\"", "", + "/", "-", + "\\", "-", + "|", "-", + "?", "", + "*", "", + ) + value = replacer.Replace(value) + value = strings.Join(strings.Fields(value), "-") + return strings.Trim(value, ".- ") +} + +func sameHost(left, right *url.URL) bool { + if left == nil || right == nil { + return false + } + return strings.EqualFold(left.Scheme, right.Scheme) && strings.EqualFold(left.Host, right.Host) +} diff --git a/packages/arrtrix/pkg/arrclient/client_test.go b/packages/arrtrix/pkg/arrclient/client_test.go new file mode 100644 index 0000000..ecce6c3 --- /dev/null +++ b/packages/arrtrix/pkg/arrclient/client_test.go @@ -0,0 +1,80 @@ +package arrclient + +import ( + "context" + "net/http" + "net/http/httptest" + "net/url" + "strings" + "testing" +) + +func TestImageURLPrefersPosterAndResolvesRelativePath(t *testing.T) { + baseURL, err := url.Parse("https://radarr.example") + if err != nil { + t.Fatalf("failed to parse base URL: %v", err) + } + + client := &httpClient{baseURL: baseURL} + imageURL := client.imageURL([]mediaImage{ + {CoverType: "fanart", URL: "/MediaCover/1/fanart.jpg"}, + {CoverType: "poster", URL: "/MediaCover/1/poster.jpg"}, + }) + if imageURL != "https://radarr.example/MediaCover/1/poster.jpg" { + t.Fatalf("unexpected image URL %q", imageURL) + } +} + +func TestImageURLFallsBackToRemoteURL(t *testing.T) { + baseURL, err := url.Parse("https://sonarr.example") + if err != nil { + t.Fatalf("failed to parse base URL: %v", err) + } + + client := &httpClient{baseURL: baseURL} + imageURL := client.imageURL([]mediaImage{ + {CoverType: "poster", RemoteURL: "https://images.example/poster.jpg"}, + }) + if imageURL != "https://images.example/poster.jpg" { + t.Fatalf("unexpected remote image URL %q", imageURL) + } +} + +func TestFetchImageUsesAPIKeyForSameHost(t *testing.T) { + headers := make(chan string, 1) + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + headers <- r.Header.Get("X-Api-Key") + w.Header().Set("Content-Type", "image/jpeg") + _, _ = w.Write([]byte("jpeg-bytes")) + })) + defer server.Close() + + client, err := newHTTPClient(server.URL, "secret") + if err != nil { + t.Fatalf("failed to create client: %v", err) + } + + asset, err := client.FetchImage(context.Background(), ManagedItem{ + ID: 42, + Title: "Dune Part Two", + ImageURL: server.URL + "/MediaCover/42/poster.jpg", + }) + if err != nil { + t.Fatalf("failed to fetch image: %v", err) + } + if asset == nil { + t.Fatal("expected media asset") + } + if got := <-headers; got != "secret" { + t.Fatalf("expected API key header, got %q", got) + } + if got := string(asset.Data); got != "jpeg-bytes" { + t.Fatalf("unexpected media bytes %q", got) + } + if asset.MimeType != "image/jpeg" { + t.Fatalf("unexpected mime type %q", asset.MimeType) + } + if !strings.HasPrefix(asset.FileName, "Dune-Part-Two-42") || !strings.HasSuffix(asset.FileName, ".jpg") { + t.Fatalf("unexpected filename %q", asset.FileName) + } +} diff --git a/packages/arrtrix/pkg/arrclient/radarr.go b/packages/arrtrix/pkg/arrclient/radarr.go index 21ac1fd..e214ce3 100644 --- a/packages/arrtrix/pkg/arrclient/radarr.go +++ b/packages/arrtrix/pkg/arrclient/radarr.go @@ -17,13 +17,14 @@ type RadarrClient struct { } type radarrMovie struct { - ID int64 `json:"id"` - Title string `json:"title"` - Year int `json:"year"` - TMDBID int64 `json:"tmdbId"` - Overview string `json:"overview"` - Monitored bool `json:"monitored"` - Path string `json:"path"` + ID int64 `json:"id"` + Title string `json:"title"` + Year int `json:"year"` + TMDBID int64 `json:"tmdbId"` + Overview string `json:"overview"` + Monitored bool `json:"monitored"` + Path string `json:"path"` + Images []mediaImage `json:"images"` } func NewRadarrClient(config RadarrConfig) (*RadarrClient, error) { @@ -81,6 +82,7 @@ func (c *RadarrClient) List(ctx context.Context, query string) ([]ManagedItem, e Year: movie.Year, Monitored: movie.Monitored, Path: movie.Path, + ImageURL: c.http.imageURL(movie.Images), }) } return items, nil @@ -111,6 +113,7 @@ func (c *RadarrClient) Add(ctx context.Context, result SearchResult) (*ManagedIt Year: response.Year, Monitored: response.Monitored, Path: response.Path, + ImageURL: c.http.imageURL(response.Images), } return &item, nil } @@ -134,6 +137,7 @@ func (c *RadarrClient) SetMonitored(ctx context.Context, id int64, monitored boo Year: response.Year, Monitored: response.Monitored, Path: response.Path, + ImageURL: c.http.imageURL(response.Images), } return &item, nil } @@ -145,6 +149,10 @@ func (c *RadarrClient) Delete(ctx context.Context, id int64) error { }, nil, nil) } +func (c *RadarrClient) FetchImage(ctx context.Context, item ManagedItem) (*MediaAsset, error) { + return c.http.FetchImage(ctx, item) +} + func PickSingleResult(results []SearchResult, query string) (SearchResult, error) { switch len(results) { case 0: diff --git a/packages/arrtrix/pkg/arrclient/sonarr.go b/packages/arrtrix/pkg/arrclient/sonarr.go index 9b0691b..caa6cec 100644 --- a/packages/arrtrix/pkg/arrclient/sonarr.go +++ b/packages/arrtrix/pkg/arrclient/sonarr.go @@ -16,13 +16,14 @@ type SonarrClient struct { } type sonarrSeries struct { - ID int64 `json:"id"` - Title string `json:"title"` - Year int `json:"year"` - TVDBID int64 `json:"tvdbId"` - Overview string `json:"overview"` - Monitored bool `json:"monitored"` - Path string `json:"path"` + ID int64 `json:"id"` + Title string `json:"title"` + Year int `json:"year"` + TVDBID int64 `json:"tvdbId"` + Overview string `json:"overview"` + Monitored bool `json:"monitored"` + Path string `json:"path"` + Images []mediaImage `json:"images"` } func NewSonarrClient(config SonarrConfig) (*SonarrClient, error) { @@ -80,6 +81,7 @@ func (c *SonarrClient) List(ctx context.Context, query string) ([]ManagedItem, e Year: series.Year, Monitored: series.Monitored, Path: series.Path, + ImageURL: c.http.imageURL(series.Images), }) } return items, nil @@ -114,6 +116,7 @@ func (c *SonarrClient) Add(ctx context.Context, result SearchResult) (*ManagedIt Year: response.Year, Monitored: response.Monitored, Path: response.Path, + ImageURL: c.http.imageURL(response.Images), } return &item, nil } @@ -137,6 +140,7 @@ func (c *SonarrClient) SetMonitored(ctx context.Context, id int64, monitored boo Year: response.Year, Monitored: response.Monitored, Path: response.Path, + ImageURL: c.http.imageURL(response.Images), } return &item, nil } @@ -147,3 +151,7 @@ func (c *SonarrClient) Delete(ctx context.Context, id int64) error { "addImportListExclusion": {"false"}, }, nil, nil) } + +func (c *SonarrClient) FetchImage(ctx context.Context, item ManagedItem) (*MediaAsset, error) { + return c.http.FetchImage(ctx, item) +} diff --git a/packages/arrtrix/pkg/matrixcmd/download.go b/packages/arrtrix/pkg/matrixcmd/download.go index 6d27a1a..23414b1 100644 --- a/packages/arrtrix/pkg/matrixcmd/download.go +++ b/packages/arrtrix/pkg/matrixcmd/download.go @@ -73,16 +73,22 @@ func handleDownloadList(ctx *Context, client arrclient.Client, contentType arr.C return } - var builder strings.Builder - builder.WriteString(fmt.Sprintf("Tracked %s:\n", contentType.Label())) + count := len(items) + if count > 12 { + count = 12 + } + ctx.Reply("Tracked %s (showing %d of %d):", contentType.Label(), count, len(items)) for i, item := range items { - if i == 10 { - builder.WriteString("…\n") + if i == 12 { break } - builder.WriteString(fmt.Sprintf("- `%d` %s — monitored=%t\n", item.ID, formatManagedItem(item), item.Monitored)) + if err := replyWithManagedItem(ctx, client, item); err != nil { + ctx.Log.Err(err).Int64("item_id", item.ID).Str("content_type", contentType.Label()).Msg("Failed to send Matrix-native image for download listing") + } + } + if len(items) > 12 { + ctx.Reply("…and %d more.", len(items)-12) } - ctx.Reply(builder.String()) } func handleDownloadSearch(ctx *Context, client arrclient.Client, contentType arr.ContentType) { @@ -200,10 +206,7 @@ func replyWithSearchResults(ctx *Context, contentType arr.ContentType, query str } func formatManagedItem(item arrclient.ManagedItem) string { - if item.Year != 0 { - return fmt.Sprintf("%s (%d)", item.Title, item.Year) - } - return item.Title + return arrclient.FormatManagedItem(item) } func parseEnabled(value string) (bool, error) { @@ -220,3 +223,38 @@ func parseEnabled(value string) (bool, error) { func userIDString(userID id.UserID) string { return userID.String() } + +func replyWithManagedItem(ctx *Context, client arrclient.Client, item arrclient.ManagedItem) error { + details := formatDownloadListCaption(item) + if item.ImageURL != "" { + asset, err := client.FetchImage(ctx.Ctx, item) + if err != nil { + ctx.Log.Err(err).Int64("item_id", item.ID).Msg("Failed to fetch poster for Matrix listing") + } else if asset != nil { + if err := ctx.SendImage(asset, details); err != nil { + ctx.Log.Err(err).Int64("item_id", item.ID).Msg("Failed to upload poster for Matrix listing") + } else { + return nil + } + } else { + ctx.Log.Debug().Int64("item_id", item.ID).Msg("Poster was empty for Matrix listing") + } + } + ctx.Reply(details) + return nil +} + +func formatDownloadListCaption(item arrclient.ManagedItem) string { + return fmt.Sprintf("%s %s", monitoredIcon(item.Monitored), arrclient.FormatManagedItem(item)) +} + +func formatDownloadListFallbackCard(item arrclient.ManagedItem) string { + return formatDownloadListCaption(item) +} + +func monitoredIcon(monitored bool) string { + if monitored { + return "👁" + } + return "🚫" +} diff --git a/packages/arrtrix/pkg/matrixcmd/download_test.go b/packages/arrtrix/pkg/matrixcmd/download_test.go new file mode 100644 index 0000000..19b93b9 --- /dev/null +++ b/packages/arrtrix/pkg/matrixcmd/download_test.go @@ -0,0 +1,44 @@ +package matrixcmd + +import ( + "testing" + + "sneeuwvlok/packages/arrtrix/pkg/arrclient" +) + +func TestFormatDownloadListFallbackCardUsesMonitoredIcon(t *testing.T) { + item := arrclient.ManagedItem{ + ID: 1, + Title: "Severance", + Year: 2022, + Monitored: true, + } + + fallback := formatDownloadListFallbackCard(item) + if fallback != "👁 Severance (2022)" { + t.Fatalf("unexpected monitored fallback %q", fallback) + } +} + +func TestFormatDownloadListFallbackCardUsesUnmonitoredIcon(t *testing.T) { + item := arrclient.ManagedItem{ + ID: 7, + Title: "Andor", + Year: 2022, + Monitored: false, + } + + fallback := formatDownloadListFallbackCard(item) + if fallback != "🚫 Andor (2022)" { + t.Fatalf("unexpected unmonitored fallback %q", fallback) + } +} + +func TestMonitoredIcon(t *testing.T) { + if monitoredIcon(true) != "👁" { + t.Fatalf("expected monitored icon, got %q", monitoredIcon(true)) + } + if monitoredIcon(false) != "🚫" { + t.Fatalf("expected unmonitored icon, got %q", monitoredIcon(false)) + } +} diff --git a/packages/arrtrix/pkg/matrixcmd/processor.go b/packages/arrtrix/pkg/matrixcmd/processor.go index 78915ea..e9d3980 100644 --- a/packages/arrtrix/pkg/matrixcmd/processor.go +++ b/packages/arrtrix/pkg/matrixcmd/processor.go @@ -18,6 +18,7 @@ import ( "maunium.net/go/mautrix/format" "maunium.net/go/mautrix/id" + "sneeuwvlok/packages/arrtrix/pkg/arrclient" "sneeuwvlok/packages/arrtrix/pkg/observability" ) @@ -221,7 +222,49 @@ func (c *Context) Reply(message string, args ...any) { content := format.RenderMarkdown(message, true, false) content.MsgType = event.MsgNotice - if _, err := c.Bot.SendMessage(c.Ctx, c.OrigRoomID, event.EventMessage, &event.Content{Parsed: &content}, nil); err != nil { + if err := c.sendNotice(&content); err != nil { c.Log.Err(err).Msg("Failed to reply to Matrix room command") } } + +func (c *Context) ReplyFormatted(body, formattedBody string) { + content := &event.MessageEventContent{ + MsgType: event.MsgNotice, + Body: body, + Format: event.FormatHTML, + FormattedBody: formattedBody, + } + if err := c.sendNotice(content); err != nil { + c.Log.Err(err).Msg("Failed to reply to Matrix room command") + } +} + +func (c *Context) SendImage(asset *arrclient.MediaAsset, body string) error { + if asset == nil || len(asset.Data) == 0 { + return nil + } + + mxcURL, file, err := c.Bot.UploadMedia(c.Ctx, c.OrigRoomID, asset.Data, asset.FileName, asset.MimeType) + if err != nil { + return err + } + + content := &event.MessageEventContent{ + MsgType: event.MsgImage, + Body: body, + FileName: asset.FileName, + URL: mxcURL, + File: file, + Info: &event.FileInfo{ + MimeType: asset.MimeType, + Size: len(asset.Data), + }, + } + _, err = c.Bot.SendMessage(c.Ctx, c.OrigRoomID, event.EventMessage, &event.Content{Parsed: content}, nil) + return err +} + +func (c *Context) sendNotice(content *event.MessageEventContent) error { + _, err := c.Bot.SendMessage(c.Ctx, c.OrigRoomID, event.EventMessage, &event.Content{Parsed: content}, nil) + return err +}