checkpoint

.just/vars.just

@@ -1,8 +1,8 @@
 set unstable := true
 set quiet := true
 
-machine_base_path := justfile_directory() + "/../machines"
+machine_base_path := justfile_directory() + "/machines"
-secret_base_path := justfile_directory() + "/../systems/x86_64-linux"
+secret_base_path := justfile_directory() + "/systems/x86_64-linux"
 
 _default:
     just --list vars

clan.nix

@@ -65,7 +65,7 @@
   };
 
   inventory.instances = {
-    user-chris = {
+    users-chris = {
       module.name = "users";
       module.input = "clan-core";
 
@@ -81,13 +81,33 @@
         share = true;
       };
     };
-  };
 
-  # machines = {
+    servarr = {
-  #   mandos = {};
+      module.name = "servarr";
-  #   manwe = {};
+      module.input = "self";
-  #   orome = {};
+
-  #   tulkas = {};
+      roles.default.machines.ulmo.settings = {};
-  #   ulmo = {};
+      roles.default.settings = {
-  # };
+        enable = true;
+        services = {
+          sonarr = {
+            rootFolders = [
+              "/var/media/series"
+            ];
+          };
+          radarr = {
+            rootFolders = [
+              "/var/media/movies"
+            ];
+          };
+          lidarr = {
+            rootFolders = [
+              "/var/media/music"
+            ];
+          };
+          prowlarr = {};
+        };
+      };
+    };
+  };
 }

clanServices/caddy/default.nix

@@ -0,0 +1,23 @@
+{...}: {
+  _class = "clan.service";
+  manifest = {
+    name = "arda/caddy";
+    description = ''
+      Configuration of reverse proxy.
+    '';
+    categories = [ "Service", "Media" ];
+    readme = builtins.readFile ./README.md
+  };
+
+  roles.default = {
+    description = '''';
+
+    interface = {...}: {
+      options = {};
+    };
+
+    perInstance = {...}: {
+      nixosModule = {...}: {};
+    };
+  };
+}

clanServices/caddy/flake-module.nix

@@ -0,0 +1,13 @@
+{...}: let
+  module = ./default.nix;
+in {
+  clan.modules.caddy = module;
+
+  # perSystem = {...}: {
+  #   clan.nixosTests.caddy = {
+  #     imports = [];
+
+  #     clan.modules."@arda/caddy" = module;
+  #   };
+  # };
+}

clanServices/flake-module.nix

@@ -0,0 +1,19 @@
+{lib, ...}: {
+  imports =
+    ./.
+    |> builtins.readDir
+    |> lib.attrsToList
+    |> builtins.map ({
+      name,
+      value,
+    }: {
+      type = value;
+      path = ./. + "/${name}/flake-module.nix";
+    })
+    |> builtins.filter ({
+      type,
+      path,
+    }:
+      type == "directory" && (builtins.pathExists path))
+    |> builtins.map ({path, ...}: path);
+}

clanServices/peristance/default.nix

@@ -0,0 +1,24 @@
+{...}: {
+  _class = "clan.service";
+  manifest = {
+    name = "arda/persistance";
+    description = ''
+      Configuration of persistance resrouce(s)
+      (for now this means a database. and specifically it means postgres)
+    '';
+    categories = [ "Service", "Peristance" ];
+    readme = builtins.readFile ./README.md
+  };
+
+  roles.default = {
+    description = '''';
+
+    interface = {...}: {
+      options = {};
+    };
+
+    perInstance = {...}: {
+      nixosModule = {...}: {};
+    };
+  };
+}

clanServices/peristance/flake-module.nix

@@ -0,0 +1,13 @@
+{...}: let
+  module = ./default.nix;
+in {
+  clan.modules.peristance = module;
+
+  # perSystem = {...}: {
+  #   clan.nixosTests.peristance = {
+  #     imports = [];
+
+  #     clan.modules."@arda/peristance" = module;
+  #   };
+  # };
+}

clanServices/servarr/default.nix

@@ -0,0 +1,121 @@
+{lib, ...}: {
+  _class = "clan.service";
+  manifest = {
+    name = "arda/servarr";
+    description = '''';
+    categories = ["Service" "Media"];
+    readme = builtins.readFile ./README.md;
+    # exports.out = [];
+  };
+
+  # exports = {};
+
+  roles.default = {
+    description = '''';
+
+    interface = {lib, ...}: let
+      inherit (lib) mkOption mkEnableOption types;
+    in {
+      options = {
+        enable = mkEnableOption "Enable configured *arr services";
+        services = mkOption {
+          type = types.attrsOf (types.submodule ({name, ...}: {
+            options = {
+              enable = mkEnableOption "Enable ${name}";
+              debug = mkEnableOption "Use tofu plan instead of tofu apply for ${name} ";
+
+              rootFolders = mkOption {
+                type = types.listOf types.str;
+                default = [];
+              };
+            };
+          }));
+          default = {};
+          description = ''
+            Settings foreach *arr service
+          '';
+        };
+      };
+    };
+
+    perInstance = {
+      instanceName,
+      settings,
+      machine,
+      roles,
+      ...
+    }: {
+      nixosModule = args @ {
+        config,
+        lib,
+        pkgs,
+        ...
+      }: let
+        servarr = import ./lib.nix (args // {inherit settings;});
+        services = settings.services |> lib.attrNames;
+        service_count = services |> lib.length;
+      in {
+        imports = [
+          (import ./sabnzbd.nix (args
+            // {
+              inherit settings;
+              port = 2000 + service_count + 1;
+            }))
+          (import ./qbittorrent.nix (args
+            // {
+              inherit settings;
+              port = 2000 + service_count + 2;
+            }))
+          (servarr.createModule settings.services)
+        ];
+
+        config = {
+          clan.core.vars.generators.servarr = rec {
+            dependencies =
+              services ++ ["sabnzbd" "qbittorrent"];
+
+            files."config.tfvars" = {
+              owner = "media";
+              group = "media";
+              mode = "0440";
+              restartUnits = services |> lib.map (s: "${s}.service");
+            };
+
+            script = ''
+              cat << EOL > $out/config.tfvars
+              ${
+                services
+                |> lib.map (s: "${s}_api_key = \"$(cat $in/${s}/api_key)\"")
+                |> lib.join "\n"
+              }
+              qbittorrent_api_key = "$(cat $in/qbittorrent/password)"
+              sabnzbd_api_key = "$(cat $in/sabnzbd/api_key)"
+              EOL
+            '';
+          };
+
+          services = {
+            flaresolverr = {
+              enable = true;
+              openFirewall = true;
+              port = 2000 + service_count + 3;
+            };
+
+            postgresql = {
+              ensureDatabases = services;
+              ensureUsers =
+                services
+                |> lib.map (service: {
+                  name = service;
+                  ensureDBOwnership = true;
+                });
+            };
+          };
+        };
+      };
+    };
+  };
+
+  perMachine = {...}: {
+  };
+}

clanServices/servarr/flake-module.nix

@@ -0,0 +1,13 @@
+{...}: let
+  module = ./default.nix;
+in {
+  clan.modules.servarr = module;
+
+  # perSystem = {...}: {
+  #   clan.nixosTests.servarr = {
+  #     imports = [];
+
+  #     clan.modules."@arda/servarr" = module;
+  #   };
+  # };
+}

clanServices/servarr/lib.nix

@@ -0,0 +1,317 @@
+{
+  self,
+  config,
+  lib,
+  pkgs,
+  settings,
+  ...
+}: let
+  inherit (lib) mkIf;
+
+  createGenerator = {
+    service,
+    service_options,
+    ...
+  }: {
+    files = {
+      api_key = {
+        secret = true;
+        deploy = true;
+        owner = service;
+        group = "media";
+        restartUnits = ["${service}.service"];
+      };
+      "config.env" = {
+        secret = true;
+        deploy = true;
+        owner = service;
+        group = "media";
+        restartUnits = ["${service}.service"];
+      };
+    };
+
+    runtimeInputs = with pkgs; [pwgen];
+    script = ''
+      pwgen -s 128 1 > $out/api_key
+      echo ${lib.toUpper service}__AUTH__APIKEY="$(cat $out/api_key)" > $out/config.env
+    '';
+  };
+
+  createService = {
+    service,
+    service_options,
+    ...
+  }:
+    {
+      enable = true;
+      openFirewall = true;
+
+      environmentFiles = [
+        config.clan.core.vars.generators.${service}.files."config.env".path
+      ];
+
+      settings = {
+        auth.authenticationMethod = "External";
+
+        server = {
+          bindaddress = "0.0.0.0";
+          port = service_options.port;
+        };
+
+        postgres = {
+          host = "localhost";
+          port = "5432";
+          user = service;
+          maindb = service;
+          logdb = service;
+        };
+      };
+    }
+    // (lib.optionalAttrs (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) {
+      user = service;
+      group = "media";
+    });
+
+  createSystemdService = {
+    service,
+    service_options,
+    ...
+  }: let
+    tofu = lib.getExe pkgs.opentofu;
+    terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration {
+      system = pkgs.stdenv.hostPlatform.system;
+      modules = [
+        (createInfra {inherit service service_options;})
+      ];
+    };
+  in {
+    description = "${service} apply infra";
+
+    wantedBy = ["multi-user.target"];
+    wants = ["${service}.service"];
+
+    preStart = ''
+      install -d -m 0770 -o ${service} -g media /var/lib/${service}-apply-infra
+      ${
+        service_options.rootFolders
+        |> lib.map (folder: "install -d -m 0770 -o media -g media ${folder}")
+        |> lib.join "\n"
+      }
+    '';
+
+    script = ''
+      # Sleep for a bit to give the service a chance to start up
+      sleep 5s
+
+      if [ "$(systemctl is-active ${lib.escapeShellArg service})" != "active" ]; then
+        echo "${service} is not running"
+        exit 1
+      fi
+
+      # Print the path to the source for easier debugging
+      echo "config location: ${terraformConfiguration}"
+
+      # Copy infra code into workspace
+      cp -f ${terraformConfiguration} config.tf.json
+
+      # Initialize OpenTofu
+      ${tofu} init
+
+      # Run the infrastructure code
+      ${tofu} \
+      ${
+        if service_options.debug
+        then "plan"
+        else "apply -auto-approve"
+      } \
+      -var-file='${config.clan.core.vars.generators.servarr.files."config.tfvars".path}'
+    '';
+
+    serviceConfig = {
+      Type = "oneshot";
+      User = service;
+      Group = "media";
+
+      WorkingDirectory = "/var/lib/${service}-apply-infra";
+
+      EnvironmentFile = [
+        config.clan.core.vars.generators.${service}.files."config.env".path
+      ];
+    };
+  };
+
+  # Returns a module to be used in a modules list of terranix
+  createInfra = {
+    service,
+    service_options,
+    ...
+  }: terra: let
+    inherit (terra.lib) tfRef;
+  in {
+    variable = {
+      "${service}_api_key" = {
+        type = "string";
+        description = "${service} API key";
+      };
+
+      qbittorrent_api_key = {
+        type = "string";
+        description = "qbittorrent api key";
+      };
+
+      sabnzbd_api_key = {
+        type = "string";
+        description = "sabnzbd api key";
+      };
+    };
+
+    terraform.required_providers.${service} = {
+      source = "devopsarr/${service}";
+      version =
+        {
+          radarr = "2.3.5";
+          sonarr = "3.4.2";
+          prowlarr = "3.2.1";
+          lidarr = "1.13.0";
+          readarr = "2.1.0";
+          whisparr = "1.2.0";
+        }.${
+          service
+        };
+    };
+
+    provider.${service} = {
+      url = "http://[::1]:${toString service_options.port}";
+      api_key = tfRef "var.${service}_api_key";
+    };
+
+    resource =
+      {
+        "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr" "readarr"]) (
+          service_options.rootFolders
+          |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;})
+          |> lib.listToAttrs
+        );
+
+        "${service}_download_client_qbittorrent" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) {
+          "main" = {
+            name = "qBittorrent";
+            enable = true;
+            priority = 1;
+            host = "localhost";
+            username = "admin";
+            password = tfRef "var.qbittorrent_api_key";
+            url_base = "/";
+            port = config.services.qbittorrent.webuiPort;
+          };
+        };
+
+        "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) {
+          "main" = {
+            name = "SABnzbd";
+            enable = true;
+            priority = 1;
+            host = "localhost";
+            api_key = tfRef "var.sabnzbd_api_key";
+            url_base = "/";
+            port = config.services.sabnzbd.settings.misc.port;
+          };
+        };
+      }
+      // (lib.optionalAttrs (service == "prowlarr") (
+        settings.services
+        |> lib.filterAttrs (s: _: lib.elem s ["radarr" "sonarr" "lidarr" "whisparr"])
+        |> lib.mapAttrsToList (s: {port, ...}: {
+          "prowlarr_application_${s}"."main" = let
+            p = config.services.prowlarr.settings.server.port or 9696;
+          in {
+            name = s;
+            sync_level = "addOnly";
+            base_url = "http://localhost:${toString port}";
+            prowlarr_url = "http://localhost:${toString p}";
+            api_key = tfRef "var.${s}_api_key";
+          };
+        })
+        |> lib.concat [
+          {
+            "prowlarr_indexer" = {
+              "nyaa" = {
+                enable = true;
+
+                app_profile_id = 1;
+                priority = 1;
+
+                name = "Nyaa";
+                implementation = "Cardigann";
+                config_contract = "CardigannSettings";
+                protocol = "torrent";
+
+                fields = [
+                  {
+                    name = "definitionFile";
+                    text_value = "nyaasi";
+                  }
+                  {
+                    name = "baseSettings.limitsUnit";
+                    number_value = 0;
+                  }
+                  {
+                    name = "torrentBaseSettings.preferMagnetUrl";
+                    bool_value = false;
+                  }
+                  {
+                    name = "prefer_magnet_links";
+                    bool_value = true;
+                  }
+                  {
+                    name = "sonarr_compatibility";
+                    bool_value = false;
+                  }
+                  {
+                    name = "strip_s01";
+                    bool_value = false;
+                  }
+                  {
+                    name = "radarr_compatibility";
+                    bool_value = false;
+                  }
+                  {
+                    name = "filter-id";
+                    number_value = 0;
+                  }
+                  {
+                    name = "cat-id";
+                    number_value = 0;
+                  }
+                  {
+                    name = "sort";
+                    number_value = 0;
+                  }
+                  {
+                    name = "type";
+                    number_value = 1;
+                  }
+                ];
+              };
+            };
+          }
+        ]
+        |> lib.mkMerge
+      ));
+  };
+in {
+  createModule = services: {...}: {
+    config =
+      services
+      |> lib.attrsToList
+      |> lib.imap1 (i: service: o: let
+        service_options = o // {port = 2000 + i;};
+      in {
+        clan.core.vars.generators.${service} = createGenerator {inherit service service_options;};
+        services.${service} = createService {inherit service service_options;};
+
+        systemd.services."${service}-apply-infra" = lib.mkIf settings.enable (createSystemdService {inherit service service_options;});
+      })
+      |> lib.mkMerge;
+  };
+}

clanServices/servarr/qbittorrent.nix

@@ -0,0 +1,96 @@
+{
+  config,
+  pkgs,
+  lib,
+  settings,
+  port,
+  ...
+}: {
+  clan.core.vars.generators.qbittorrent = let
+    hash_password = pkgs.writers.writePython3 "hashPassword" {} ''
+      import base64
+      import hashlib
+      import sys
+      import uuid
+
+      password = sys.argv[1]
+      salt = uuid.uuid4()
+      salt_bytes = salt.bytes
+
+      password = str.encode(password)
+      hashed_password = hashlib.pbkdf2_hmac(
+          "sha512",
+          password,
+          salt_bytes,
+          100000,
+          dklen=64
+      )
+      b64_salt = base64.b64encode(salt_bytes).decode("utf-8")
+      b64_password = base64.b64encode(hashed_password).decode("utf-8")
+      password_string = "@ByteArray({salt}:{password})".format(
+          salt=b64_salt, password=b64_password
+      )
+      print(password_string)
+    '';
+  in {
+    files = {
+      "password" = {
+        secret = true;
+        deploy = true;
+      };
+      "password_hash" = {
+        secret = true;
+        deploy = true;
+      };
+      "qBittorrent.conf" = {
+        secret = true;
+        deploy = true;
+        owner = "qbittorrent";
+        group = "media";
+        mode = "0660";
+        restartUnits = ["qbittorrent.service"];
+      };
+    };
+
+    runtimeInputs = with pkgs; [pwgen hash_password];
+
+    script = ''
+      pwgen -s 128 1 > $out/password
+
+      ${hash_password} $(cat $out/password) > $out/password_hash
+
+      cat << EOF > $out/qBittorrent.conf
+      [LegalNotice]
+      Accepted=true
+
+      [Preferences]
+      WebUI\AlternativeUIEnabled=true
+      WebUI\RootFolder=${pkgs.vuetorrent}/share/vuetorrent
+      WebUI\Username=admin
+      WebUI\Password_PBKDF2=$(cat $out/password_hash)
+      EOF
+    '';
+  };
+
+  system.activationScripts.qbittorrent-config = {
+    deps = lib.optional (!config.sops.useSystemdActivation) "setupSecrets";
+    # TODO: If sops-nix is switched to systemd activation, add a systemd unit
+    # for this install step that runs after sops-install-secrets.service,
+    # because this activation-script dependency only orders against setupSecrets.
+    text = ''
+      install -Dm0600 -o ${config.services.qbittorrent.user} -g ${config.services.qbittorrent.group} \
+        ${config.clan.core.vars.generators.qbittorrent.files."qBittorrent.conf".path} \
+        ${config.services.qbittorrent.profileDir}/qBittorrent/config/qBittorrent.conf
+    '';
+  };
+
+  services.qbittorrent = {
+    enable = true;
+    openFirewall = true;
+    webuiPort = port;
+    serverConfig = lib.mkForce {};
+
+    user = "qbittorrent";
+    group = "media";
+  };
+}

clanServices/servarr/sabnzbd.nix

@@ -0,0 +1,95 @@
+{
+  config,
+  lib,
+  pkgs,
+  settings,
+  port,
+  ...
+}: {
+  clan.core.vars.generators.sabnzbd = {
+    files = {
+      "api_key" = {
+        secret = true;
+        deploy = true;
+      };
+      "nzb_key" = {
+        secret = true;
+        deploy = true;
+      };
+      "config.ini" = {
+        secret = true;
+        deploy = true;
+        owner = "sabnzbd";
+        group = "media";
+        mode = "0660";
+      };
+    };
+
+    prompts = {
+      username = {
+        description = "usenet username";
+        type = "hidden";
+        persist = true;
+      };
+      password = {
+        description = "usenet password";
+        type = "hidden";
+        persist = true;
+      };
+    };
+
+    runtimeInputs = with pkgs; [pwgen];
+
+    script = ''
+      pwgen -s 128 1 > $out/api_key
+      pwgen -s 128 1 > $out/nzb_key
+
+      cat << EOF > $out/config.ini
+      [misc]
+      api_key = $(cat $out/api_key)
+      nzb_key = $(cat $out/nzb_key)
+
+      [servers]
+      [[news.sunnyusenet.com]]
+      username = $(cat $prompts/username)
+      password = $(cat $prompts/password)
+      EOF
+    '';
+  };
+
+  services.sabnzbd = {
+    enable = true;
+    openFirewall = true;
+
+    allowConfigWrite = false;
+    configFile = lib.mkForce null;
+
+    secretFiles = [
+      config.clan.core.vars.generators.sabnzbd.files."config.ini".path
+    ];
+
+    settings = {
+      misc = {
+        host = "0.0.0.0";
+        port = port;
+        host_whitelist = "${config.networking.hostName}";
+
+        download_dir = "/var/media/downloads/incomplete";
+        complete_dir = "/var/media/downloads/done";
+      };
+
+      servers = {
+        "news.sunnyusenet.com" = {
+          name = "news.sunnyusenet.com";
+          displayname = "news.sunnyusenet.com";
+          host = "news.sunnyusenet.com";
+          port = 563;
+          timeout = 60;
+        };
+      };
+    };
+
+    user = "sabnzbd";
+    group = "media";
+  };
+}

flake.lock

@@ -351,27 +351,6 @@
         "type": "github"
       }
     },
-    "flake-parts_5": {
-      "inputs": {
-        "nixpkgs-lib": [
-          "terranix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1736143030,
-        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "flake-parts",
-        "type": "github"
-      }
-    },
     "flux": {
       "inputs": {
         "mcman": "mcman",
@@ -1091,7 +1070,9 @@
     },
     "terranix": {
       "inputs": {
-        "flake-parts": "flake-parts_5",
+        "flake-parts": [
+          "flake-parts"
+        ],
         "nixpkgs": [
           "nixpkgs"
         ],

flake.nix

@@ -27,6 +27,12 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    terranix = {
+      url = "github:terranix/terranix";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-parts.follows = "flake-parts";
+    };
+
     clan-core = {
       url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
       inputs = {
@@ -83,11 +89,6 @@
       url = "github:vinceliuice/grub2-themes";
     };
 
-    terranix = {
-      url = "github:terranix/terranix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     mydia = {
       url = "github:chris-kruining/mydia";
       # url = "github:getmydia/mydia";
@@ -108,8 +109,8 @@
         flake-parts.flakeModules.modules
         clan-core.flakeModules.default
         home-manager.flakeModules.default
-        terranix.flakeModule
         ./packages/flake-module.nix
+        ./clanServices/flake-module.nix
       ];
 
       perSystem = {system, ...}: {

machines/mandos/configuration.nix

@@ -1,8 +1,15 @@
-{ ... }:
+{self, ...}: {
-{
   imports = [
     ./disks.nix
     ./hardware.nix
+    self.inputs.home-manager.nixosModules.home-manager
+    self.inputs.himmelblau.nixosModules.himmelblau
+    self.inputs.jovian.nixosModules.default
+    self.inputs.mydia.nixosModules.default
+    self.inputs.nix-minecraft.nixosModules.minecraft-servers
+    self.inputs.nvf.nixosModules.default
+    self.inputs.sops-nix.nixosModules.sops
+    (self.inputs.import-tree ../../modules/nixos)
   ];
 
   nixpkgs.hostPlatform = "x86_64-linux";

machines/manwe/configuration.nix

@@ -1,16 +1,51 @@
-{ pkgs, ...}: {
+{
+  self,
+  lib,
+  pkgs,
+  ...
+}: {
+  _module.args = {
+    pkgs = lib.mkForce (import self.inputs.nixpkgs {
+      system = "x86_64-linux";
+
+      overlays = with self.inputs; [
+        fenix.overlays.default
+        nix-minecraft.overlay
+        flux.overlays.default
+      ];
+
+      config = {
+        allowUnfree = true;
+
+        permittedInsecurePackages = [
+          # I think this is because of zen
+          "qtwebengine-5.15.19"
+
+          # For mautrix-signal, the matrix to signal bridge
+          "olm-3.2.16"
+        ];
+      };
+    });
+  };
+
   imports = [
     ./disks.nix
     ./hardware.nix
+    self.inputs.home-manager.nixosModules.home-manager
+    self.inputs.himmelblau.nixosModules.himmelblau
+    self.inputs.jovian.nixosModules.default
+    self.inputs.mydia.nixosModules.default
+    self.inputs.nix-minecraft.nixosModules.minecraft-servers
+    self.inputs.nvf.nixosModules.default
+    self.inputs.sops-nix.nixosModules.sops
+    (self.inputs.import-tree ../../modules/nixos)
   ];
 
-  nixpkgs.hostPlatform = "x86_64-linux";
-
   system.activationScripts.remove-gtkrc.text = "rm -f /home/chris/.gtkrc-2.0";
 
   services.logrotate.checkConfig = false;
 
-  environment.systemPackages = with pkgs; [ beyond-all-reason openrct2 ];
+  environment.systemPackages = with pkgs; [beyond-all-reason openrct2];
 
   sneeuwvlok = {
     hardware.has = {
@@ -41,4 +76,4 @@
   };
 
   system.stateVersion = "23.11";
-}
+}

machines/manwe/hardware.nix

@@ -1,18 +1,18 @@
-{ config, lib, pkgs, modulesPath, ... }:
-let
-  inherit (lib.modules) mkDefault;
-in
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  config,
-
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkDefault;
+in {
   boot = {
-    initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
-    initrd.kernelModules = [ ];
+    initrd.kernelModules = [];
-    kernelModules = [ "kvm-amd" ];
+    kernelModules = ["kvm-amd"];
     kernelParams = [];
-    extraModulePackages = [ ];
+    extraModulePackages = [];
   };
 
-  nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system;
+  nixpkgs.hostPlatform = "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
 }

machines/orome/configuration.nix

@@ -1,7 +1,19 @@
-{pkgs, ...}: {
+{
+  self,
+  pkgs,
+  ...
+}: {
   imports = [
     ./disks.nix
     ./hardware.nix
+    self.inputs.home-manager.nixosModules.home-manager
+    self.inputs.himmelblau.nixosModules.himmelblau
+    self.inputs.jovian.nixosModules.default
+    self.inputs.mydia.nixosModules.default
+    self.inputs.nix-minecraft.nixosModules.minecraft-servers
+    self.inputs.nvf.nixosModules.default
+    self.inputs.sops-nix.nixosModules.sops
+    (self.inputs.import-tree ../../modules/nixos)
   ];
 
   nixpkgs.hostPlatform = "x86_64-linux";

machines/tulkas/configuration.nix

@@ -1,8 +1,15 @@
-{ ... }:
+{self, ...}: {
-{
   imports = [
     ./disks.nix
     ./hardware.nix
+    self.inputs.home-manager.nixosModules.home-manager
+    self.inputs.himmelblau.nixosModules.himmelblau
+    self.inputs.jovian.nixosModules.default
+    self.inputs.mydia.nixosModules.default
+    self.inputs.nix-minecraft.nixosModules.minecraft-servers
+    self.inputs.nvf.nixosModules.default
+    self.inputs.sops-nix.nixosModules.sops
+    (self.inputs.import-tree ../../modules/nixos)
   ];
 
   nixpkgs.hostPlatform = "x86_64-linux";
@@ -31,4 +38,4 @@
   };
 
   system.stateVersion = "23.11";
-}
+}

machines/ulmo/configuration.nix

@@ -223,39 +223,39 @@
       media.mydia.enable = true;
       media.nfs.enable = true;
       media.jellyfin.enable = true;
-      media.servarr = {
+      # media.servarr = {
-        radarr = {
+      #   radarr = {
-          enable = true;
+      #     enable = true;
-          port = 2001;
+      #     port = 2001;
-          rootFolders = [
+      #     rootFolders = [
-            "/var/media/movies"
+      #       "/var/media/movies"
-          ];
+      #     ];
-        };
+      #   };
 
-        sonarr = {
+      #   sonarr = {
-          enable = true;
+      #     enable = true;
-          # debug = true;
+      #     # debug = true;
-          port = 2002;
+      #     port = 2002;
-          rootFolders = [
+      #     rootFolders = [
-            "/var/media/series"
+      #       "/var/media/series"
-          ];
+      #     ];
-        };
+      #   };
 
-        lidarr = {
+      #   lidarr = {
-          enable = true;
+      #     enable = true;
-          debug = true;
+      #     debug = true;
-          port = 2003;
+      #     port = 2003;
-          rootFolders = [
+      #     rootFolders = [
-            "/var/media/music"
+      #       "/var/media/music"
-          ];
+      #     ];
-        };
+      #   };
 
-        prowlarr = {
+      #   prowlarr = {
-          enable = true;
+      #     enable = true;
-          # debug = true;
+      #     # debug = true;
-          port = 2004;
+      #     port = 2004;
-        };
+      #   };
-      };
+      # };
 
       observability = {
         grafana.enable = true;

modules/home/application/default.nix

@@ -1,17 +0,0 @@
-{
-  imports = [
-    ./bitwarden
-    ./chrome
-    ./discord
-    ./ladybird
-    ./matrix
-    ./obs
-    ./onlyoffice
-    ./signal
-    ./steam
-    ./studio
-    ./teamspeak
-    ./thunderbird
-    ./zen
-  ];
-}

modules/home/default.nix

@@ -9,18 +9,6 @@
 
   cfg = config.sneeuwvlok.defaults;
 in {
-  imports = [
-    ./application
-    ./desktop
-    ./development
-    ./editor
-    ./game
-    ./home-manager
-    ./shell
-    ./terminal
-    ./themes
-  ];
-
   options.sneeuwvlok.defaults = {
     editor = mkOption {
       type = enum ["nano" "nvim" "zed"];

modules/home/desktop/default.nix

@@ -1,5 +0,0 @@
-{
-  imports = [
-    ./plasma
-  ];
-}

modules/home/development/default.nix

@@ -1,7 +0,0 @@
-{
-  imports = [
-    ./dotnet
-    ./javascript
-    ./rust
-  ];
-}

modules/home/editor/default.nix

@@ -1,7 +0,0 @@
-{
-  imports = [
-    ./nano
-    ./nvim
-    ./zed
-  ];
-}

modules/home/game/default.nix

@@ -1,5 +0,0 @@
-{
-  imports = [
-    ./minecraft
-  ];
-}

modules/home/shell/default.nix

@@ -8,11 +8,6 @@
 
   cfg = config.sneeuwvlok.shell;
 in {
-  imports = [
-    ./toolset
-    ./zsh
-  ];
-
   options.sneeuwvlok.shell = {
     corePkgs.enable = mkEnableOption "core shell packages";
   };

modules/home/shell/toolset/default.nix

@@ -1,16 +0,0 @@
-{
-  imports = [
-    ./bat
-    ./btop
-    ./eza
-    ./fzf
-    ./git
-    ./gnugpg
-    ./just
-    ./starship
-    ./tmux
-    ./yazi
-    ./zellij
-    ./zoxide
-  ];
-}

modules/home/terminal/default.nix

@@ -1,6 +0,0 @@
-{
-  imports = [
-    ./alacritty
-    ./ghostty
-  ];
-}

modules/nixos/services/media/servarr/lib.nix

@@ -1,2 +0,0 @@
-{lib, ...}: {
-}

modules/nixos/services/networking/wireguard.nix

@@ -11,7 +11,7 @@
   hasPeers = (cfg.peer |> attrNames |> length) > 0;
 in {
   options.sneeuwvlok.services.networking.wireguard = {
-    # enable = mkEnableOption "enable wireguard" // {default = true;};
+    enable = mkEnableOption "enable wireguard" // {default = true;};
 
     peer = mkOption {
       type = types.attrsOf (types.submodule {
@@ -32,7 +32,7 @@ in {
     };
   };
 
-  config = mkIf hasPeers {
+  config = mkIf (cfg.enable && hasPeers) {
     # networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port);
     # networking.wq-quick = {
     #   # enable = cfg.enable;