7 changed files with 59 additions and 228 deletions
--- a/flake.lock
+++ b/flake.lock
@ -465,27 +465,6 @@
        "type": "github"
      }
    },
-    "home-manager_2": {
-      "inputs": {
-        "nixpkgs": [
-          "zen-browser",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1756842514,
-        "narHash": "sha256-XbtRMewPGJwTNhBC4pnBu3w/xT1XejvB0HfohC2Kga8=",
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "rev": "30fc1b532645a21e157b6e33e3f8b4c154f86382",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "home-manager",
-        "type": "github"
-      }
-    },
    "jovian": {
      "inputs": {
        "nix-github-actions": "nix-github-actions",
@ -1185,19 +1164,18 @@
    },
    "zen-browser": {
      "inputs": {
-        "home-manager": "home-manager_2",
        "nixpkgs": "nixpkgs_10"
      },
      "locked": {
-        "lastModified": 1756876659,
-        "narHash": "sha256-B2bpNR7VOoZuKfuNnASfWI/jGveetP2yhG44S3XnI/k=",
-        "owner": "0xc000022070",
+        "lastModified": 1727721329,
+        "narHash": "sha256-QYlWZwUSwrM7BuO+dXclZIwoPvBIuJr6GpFKv9XKFPI=",
+        "owner": "MarceColl",
        "repo": "zen-browser-flake",
-        "rev": "07c14b39cad581d9a8bb2dc8959a59e17d26d529",
+        "rev": "e6ab73f405e9a2896cce5956c549a9cc359e5fcc",
        "type": "github"
      },
      "original": {
-        "owner": "0xc000022070",
+        "owner": "MarceColl",
        "repo": "zen-browser-flake",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -41,7 +41,7 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    zen-browser.url = "github:0xc000022070/zen-browser-flake";
+    zen-browser.url = "github:MarceColl/zen-browser-flake";

    nix-minecraft.url = "github:Infinidoge/nix-minecraft";

@ -93,12 +93,8 @@
    channels-config = {
      allowUnfree = true;
      permittedInsecurePackages = [
-        # Due to *arr stack
        "dotnet-sdk-6.0.428"
        "aspnetcore-runtime-6.0.36"
-
-        # I think this is because of zen
-        "qtwebengine-5.15.19"
      ];
    };

@ -110,7 +106,7 @@

    homes.modules = with inputs; [
      stylix.homeModules.stylix
-      plasma-manager.homeModules.plasma-manager
+      plasma-manager.homeManagerModules.plasma-manager
    ];
  };
 }
--- a/modules/home/application/zen/default.nix
+++ b/modules/home/application/zen/default.nix
@ -5,15 +5,13 @@ let
  cfg = config.${namespace}.application.zen;
 in
 {
-  imports = [
-    inputs.zen-browser.homeModules.default
-  ];
-
  options.${namespace}.application.zen = {
    enable = mkEnableOption "enable zen";
  };

  config = mkIf cfg.enable {
+    home.packages = [ inputs.zen-browser.packages.${pkgs.system}.specific ];
+
    home.sessionVariables = {
      MOZ_ENABLE_WAYLAND = "1";
    };
@ -22,42 +20,20 @@ in
      policies = {
        AutofillAddressEnabled = true;
        AutofillCreditCardEnabled = false;
-
-        AppAutoUpdate = false;
        DisableAppUpdate = true;
-        ManualAppUpdateOnly = true;
-
        DisableFeedbackCommands = true;
        DisableFirefoxStudies = true;
        DisablePocket = true;
        DisableTelemetry = true;
-
-        DontCheckDefaultBrowser = false;
+        # DontCheckDefaultBrowser = false;
        NoDefaultBookmarks = true;
-        OfferToSaveLogins = false;
+        # OfferToSaveLogins = false;
        EnableTrackingProtection = {
          Value = true;
          Locked = true;
          Cryptomining = true;
          Fingerprinting = true;
        };
-
-        HttpAllowlist = [
-          "http://ulmo"
-        ];
-      };
-
-      policies.ExtensionSettings = let
-        mkExtension = id: {
-          install_url = "https://addons.mozilla.org/firefox/downloads/latest/${builtins.toString id}/latest.xpi";
-          installation_mode = "force_installed";
-        };
-      in
-      {
-        ublock_origin = 4531307;
-        ghostry = 4562168;
-        bitwarden = 4562769;
-        sponsorblock = 4541835;
      };
    };
  };
--- a/modules/nixos/services/media/default.nix
+++ b/modules/nixos/services/media/default.nix
@ -66,73 +66,38 @@ in
    # Services
    #=========================================================================
    services = let
-      arrService = {
+      serviceConf = {
        enable = true;
        openFirewall = true;
-
-        settings = {
-          auth.AuthenticationMethod = "External";
-
-          # postgres = {
-          #   PostgresHost = "localhost";
-          #   PostgresPort = "5432";
-          #   PostgresUser = "media";
-          # };
-        };
-      };
-
-      withPort = port: service: service // { settings.server.Port = builtins.toString port; };
-
-      withUserAndGroup = service: service  // {
        user = cfg.user;
        group = cfg.group;
      };
    in {
-      radarr =
-        arrService
-        |> withPort 2001
-        |> withUserAndGroup;
-
-      sonarr =
-        arrService
-        |> withPort 2002
-        |> withUserAndGroup;
-
-      lidarr =
-        arrService
-        |> withPort 2003
-        |> withUserAndGroup;
-        
-      prowlarr =
-        arrService
-        |> withPort 2004;
-
-      bazarr = {
-        enable = true;
-        openFirewall = true;
-        user = cfg.user;
-        group = cfg.group;
-        listenPort = 2005;
-      };
-
-      # port is harcoded in nixpkgs module
-      jellyfin = {
-        enable = true;
-        openFirewall = true;
-        user = cfg.user;
-        group = cfg.group;
-      };
+      jellyfin = serviceConf;
+      radarr = serviceConf;
+      sonarr = serviceConf;
+      bazarr = serviceConf;
+      lidarr = serviceConf;

      flaresolverr = {
        enable = true;
        openFirewall = true;
-        port = 2007;
+      };
+
+      jellyseerr = {
+        enable = true;
+        openFirewall = true;
+      };
+
+      prowlarr = {
+        enable = true;
+        openFirewall = true;
      };

      qbittorrent = {
        enable = true;
        openFirewall = true;
-        webuiPort = 2008;
+        webuiPort = 5000;

        serverConfig = {
          LegalNotice.Accepted = true;
@ -142,7 +107,6 @@ in
        group = cfg.group;
      };

-      # port is harcoded in nixpkgs module
      sabnzbd = {
        enable = true;
        openFirewall = true;
@ -152,49 +116,46 @@ in
        group = cfg.group;
      };

-      # postgresql = {
-      #   enable = true;
-      #   ensureDatabases = [
-      #     "radarr-main" "radarr-log"
-      #     "sonarr-main" "sonarr-log"
-      #     "lidarr-main" "lidarr-log"
-      #     "prowlarr-main" "prowlarr-log"
-      #   ];
-      #   identMap = ''
-      #     media media radarr-main
-      #     media media radarr-log
-      #     media media sonarr-main
-      #     media media sonarr-log
-      #     media media lidarr-main
-      #     media media lidarr-log
-      #     media media prowlarr-main
-      #     media media prowlarr-log
-      #   '';
-      #   ensureUsers = [
-      #     { name = "radarr-main"; ensureDBOwnership = true; }
-      #     { name = "radarr-log"; ensureDBOwnership = true; }
-
-      #     { name = "sonarr-main"; ensureDBOwnership = true; }
-      #     { name = "sonarr-log"; ensureDBOwnership = true; }
-          
-      #     { name = "lidarr-main"; ensureDBOwnership = true; }
-      #     { name = "lidarr-log"; ensureDBOwnership = true; }
-          
-      #     { name = "prowlarr-main"; ensureDBOwnership = true; }
-      #     { name = "prowlarr-log"; ensureDBOwnership = true; }
-      #   ];
-      # };
-
      caddy = {
        enable = true;
        virtualHosts = {
+          "media.kruining.eu".extraConfig = ''
+            import auth
+
+            reverse_proxy http://127.0.0.1:9494
+          '';
          "jellyfin.kruining.eu".extraConfig = ''
-            reverse_proxy http://[::1]:8096
+            reverse_proxy http://127.0.0.1:8096
          '';
        };
      };
    };

    systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
+
+    ${namespace}.services.virtualisation.podman.enable = true;
+
+    virtualisation = {
+      oci-containers = {
+        backend = "podman";
+
+        containers = {
+          # flaresolverr = {
+          #   image = "flaresolverr/flaresolverr";
+          #   autoStart = true;
+          #   ports = [ "127.0.0.1:8191:8191" ];
+          # };
+
+          reiverr = {
+            image = "ghcr.io/aleksilassila/reiverr:v2.2.0";
+            autoStart = true;
+            ports = [ "127.0.0.1:9494:9494" ];
+            volumes = [ "${cfg.path}/reiverr/config:/config" ];
+          };
+        };
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 6969 ];
  };
 }
--- a/modules/nixos/services/media/homer/default.nix
+++ b/modules/nixos/services/media/homer/default.nix
@ -1,73 +0,0 @@
-{ config, lib, namespace, ... }:
-let
-  inherit (lib) mkIf mkEnableOption;
-
-  cfg = config.${namespace}.services.media.homer;
-in
-{
-  options.${namespace}.services.media.homer = {
-    enable = mkEnableOption "Enable homer";
-  };
-
-  config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [ 2000 ];
-
-    services = {
-      homer = {
-        enable = true;
-
-        virtualHost = {
-          caddy.enable = true;
-          domain = "http://:2000";
-        };
-
-        settings = {
-          title = "Ulmo dashboard";
-
-          columns = 4;
-          connectivityCheck = true;
-
-          links = [
-            {
-              name = "Git";
-              icon = "fab fa-forgejo";
-              url = "https://git.amarth.cloud";
-
-            }
-          ];
-
-          services = [
-            {
-              name = "Services";
-              items = [
-                {
-                  name = "Zitadel";
-                  tag = "authentication";
-                  keywords = "auth";
-                  url = "https://auth.amarth.cloud";
-                }
-              ];
-            }
-
-            {
-              name = "Media";
-              items = [
-                {
-                  name = "Radarr";
-                  tag = "app";
-                  url = "http://${config.networking.hostName}:${builtins.toString config.services.radarr.settings.server.port}";
-                }
-
-                {
-                  name = "Sonarr";
-                  tag = "app";
-                  url = "http://${config.networking.hostName}:${builtins.toString config.services.sonarr.settings.server.port}";
-                }
-              ];
-            }
-          ];
-        };
-      };
-    };
-  };
-}
--- a/modules/nixos/services/security/vaultwarden/default.nix
+++ b/modules/nixos/services/security/vaultwarden/default.nix
@ -76,12 +76,6 @@ in
          "vault.kruining.eu".extraConfig = ''
            encode zstd gzip

-            handle_path /admin {
-              respond 401 {
-                close
-              }
-            }
-
            reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} {
              header_up X-Real-IP {remote_host}
            }
--- a/systems/x86_64-linux/ulmo/default.nix
+++ b/systems/x86_64-linux/ulmo/default.nix
@ -15,7 +15,6 @@
      networking.ssh.enable = true;

      media.enable = true;
-      media.homer.enable = true;
      media.nfs.enable = true;

      observability = {