diff --git a/.jq/format.jq b/.jq/format.jq deleted file mode 100644 index 5c65495..0000000 --- a/.jq/format.jq +++ /dev/null @@ -1,34 +0,0 @@ -def RESET: "0"; -def BOLD: "1"; -def DIM: "2"; -def ITALIC: "3"; -def UNDERLINE: "4"; -def BLINKING: "5"; -def INVERSE: "7"; -def HIDDEN: "8"; -def STRIKETHROUGH: "9"; -def RESET_FONT: "22"; - -def BLACK: 0; -def RED: 1; -def GREEN: 2; -def YELLOW: 3; -def BLUE: 4; -def MAGENTA: 5; -def CYAN: 6; -def WHITE: 7; -def DEFAULT: 9; - -def foreground(color): 30 + color; -def background(color): 40 + color; -def bright(color): 60 + color; - -def escape(options): - (if ((options|type) == "array") then options else [options] end) as $o - | "\u001b[\($o | map(tostring) | join(";"))m"; - -def style(options): escape(options) + . + escape([RESET]); - -def to_title: - (.|ascii_upcase) as $str - | escape([BOLD, foreground(BLACK), background(WHITE)]) + " " + $str + " " + escape([RESET]); diff --git a/.jq/table.jq b/.jq/table.jq deleted file mode 100644 index 04f80c6..0000000 --- a/.jq/table.jq +++ /dev/null @@ -1,58 +0,0 @@ -import "format" as _ {search:"./"}; - -def n_max(limit): - if . > limit then limit else . end; - -def n_min(limit): - if . < limit then limit else . end; - -def pad_right(width): - (. | tostring) as $s - | ($s | length) as $l - | ((width - $l) | n_min(0)) as $w - | ($s + (" " * $w)); - -def to_cells(sizes; fn): - to_entries - | map( - (sizes[.key]) as $size - | (" " + .value) - | pad_right($size + 2) - | fn // . - ); - -def to_cells(sizes): to_cells(sizes; null); - -def to_line(left; joiner; right): - [left, .[0], (.[1:] | map([joiner, .]) ), right] | flatten | join(""); - -def create(data; header_callback; cell_callback): - (data[0] | keys_unsorted) as $keys - | (data | map(to_entries | map(.value))) as $rows - | ([$keys] + $rows) as $cells - | ( - $keys # Use keys so that we have an array of the correct size - | to_entries - | map( - (.key) as $i - | $cells - | map(.[$i] | length) - | max - ) - ) as $column_sizes - | ( - [ - ($column_sizes | map("═" * (. + 2)) | to_line("╔"; "╤"; "╗")), - ($keys | to_cells($column_sizes; header_callback) | to_line("║"; "│"; "║")), - ($rows | map([ - ($column_sizes | map("─" * (. + 2)) | to_line("╟"; "┼"; "╢")), - (. | to_cells($column_sizes; cell_callback) | to_line("║"; "│"; "║")) - ])), - ($column_sizes | map("═" * (. + 2)) | to_line("╚"; "╧"; "╝")) - ] - | flatten - | join("\n") - ); - -def create(data; header_callback): create(data; header_callback; null); -def create(data): create(data; _::style(_::BOLD); null); diff --git a/.just/machine.just b/.just/machine.just index 420197a..3e3ba14 100644 --- a/.just/machine.just +++ b/.just/machine.just @@ -1,14 +1,14 @@ -@_default: list +set unstable := true +set quiet := true + +_default: list [doc('List machines')] -@list: +list: ls -1 ../systems/x86_64-linux/ -[doc('Update target machine')] +[doc('Update the target machine')] [no-exit-message] -@update machine: - echo "Checking vars" - cd .. && just vars _check {{ machine }} - echo "" - just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nixos-rebuild switch -L --sudo --target-host {{ machine }} --build-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json +update machine: + just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | tr '\n' ' ')" + nixos-rebuild switch --use-remote-sudo --target-host {{ machine }} --flake ..#{{ machine }} diff --git a/.just/users.just b/.just/users.just deleted file mode 100644 index e798cc3..0000000 --- a/.just/users.just +++ /dev/null @@ -1,101 +0,0 @@ -set unstable := true -set quiet := true - -_default: - just --list users - -[doc('List available users')] -[script] -list: - cd .. && just vars get ulmo zitadel/users | jq -r -C ' - import ".jq/table" as table; - import ".jq/format" as f; - - fromjson - | to_entries - | sort_by(.key) - | map( - (.key|f::to_title) + ":\n" - + table::create( - .value - | to_entries - | sort_by(.key) - | map({username:.key} + .value) - ) - ) - | join("\n\n┄┄┄\n\n") - '; - -[doc('Add a new user')] -[script] -add: - exec 5>&1 - - pad () { [ "$#" -gt 1 ] && [ -n "$2" ] && printf "%$2.${2#-}s" "$1"; } - - input() { - local label=$1 - local value=$2 - - local res=$(gum input --header "$label" --value "$value") - echo -e "\e[2m$(pad "$label" -11)\e[0m$res" >&5 - echo $res - } - - data=`cd .. && just vars get ulmo zitadel/users | jq 'fromjson'` - - # Gather inputs - org=` - jq -r 'to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which organisation to save to?' --select-if-one - ` - username=`input 'user name' ''` - email=`input 'email' ''` - first_name=`input 'first name' ''` - last_name=`input 'last name' ''` - - user_exists=`jq --arg 'org' "$org" --arg 'username' "$username" '.[$org][$username]? | . != null' <<< "$data"` - - if [ "$user_exists" == "true" ]; then - gum confirm 'User already exists, overwrite it?' --padding="1 1" || exit 0 - fi - - next=` - jq \ - --arg 'org' "$org" \ - --arg 'username' "$username" \ - --arg 'email' "$email" \ - --arg 'first_name' "$first_name" \ - --arg 'last_name' "$last_name" \ - --compact-output \ - '.[$org] += { $username: { email: $email, firstName: $first_name, lastName: $last_name } }' \ - <<< $data - ` - - gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" - -[doc('Remove a new user')] -[script] -remove: - data=`cd .. && just vars get ulmo zitadel/users | jq fromjson` - - # Gather inputs - org=` - jq -r 'to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which organisation?' --select-if-one - ` - user=` - jq -r --arg org "$org" '.[$org] | to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which user?' --select-if-one - ` - - next=` - jq \ - --arg 'org' "$org" \ - --arg 'user' "$user" \ - --compact-output \ - 'del(.[$org][$user])' \ - <<< $data - ` - - gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" diff --git a/.just/vars.just b/.just/vars.just index 7f464fb..230f00c 100644 --- a/.just/vars.just +++ b/.just/vars.just @@ -1,20 +1,18 @@ set unstable := true set quiet := true -base_path := justfile_directory() + "/systems/x86_64-linux" +base_path := invocation_directory() / "systems/x86_64-linux" _default: - just --list vars + just --list -[doc('List all vars of {machine}')] +[doc('list all vars of the target machine')] list machine: sops decrypt {{ base_path }}/{{ machine }}/secrets.yml -[doc('Edit all vars of {machine} in your editor')] edit machine: sops edit {{ base_path }}/{{ machine }}/secrets.yml -[doc('Set var {value} by {key} for {machine}')] @set machine key value: sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\"" @@ -23,11 +21,9 @@ edit machine: echo "Done" -[doc('Get var by {key} from {machine}')] get machine key: - sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\"" + sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')" -[doc('Remove var by {key} for {machine}')] remove machine key: sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" @@ -35,69 +31,3 @@ remove machine key: git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null echo "Done" - -[doc('Remove var by {key} for {machine}')] -[script] -generate machine: - for key in $(nix eval --apply 'builtins.attrNames' --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets | jq -r '.[]'); do - # Skip if there's no script - [ -f "{{ justfile_directory() }}/script/$key" ] || continue - - # Skip if we already have a value - [ $(just vars get {{ machine }} "$key" | jq -r) ] && continue - - echo "Executing script for $key" - just vars set {{ machine }} "$key" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/$key")" && source "./$(basename $key)")" - done - -[script] -check: - cd .. - - for machine in $(ls {{ base_path }}); do - just vars _check "$machine" - done - -[no-exit-message] -[script] -_check machine: - # If the default nix file is missing, - # we can skip this folder as we are - # missing the files used to compare - # the defined vs the configured secrets - if [ ! -f "{{ base_path }}/{{ machine }}/default.nix" ]; then - printf "\r• %-8sskipped\n" "{{ machine }}" - exit 0 - fi - - exec 3< <(jq -nr \ - --rawfile defined <(nix eval --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets 2>/dev/null) \ - --rawfile configured <([ -f "{{ base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \ - ' - [ $configured | fromjson | paths(scalars) | join("/") ] as $conf - | $defined - | fromjson - | map(.key | select(. | IN($conf[]) | not)) - | unique - | .[] - ') - - pid=$! # Process Id of the previous running command - spin='⠇⠋⠙⠸⢰⣠⣄⡆' - - i=0 - while kill -0 $pid 2>/dev/null - do - i=$(( (i+1) %${#spin} )) - printf "\r${spin:$i:1} %s" "{{ machine }}" - sleep .1 - done - - mapfile -t missing <&3 - - if (( ${#missing[@]} > 0 )); then - printf '\r✗ %-8smissing %d secret(s):\n%s\n' "{{ machine }}" "${#missing[@]}" "$(printf -- ' %s\n' "${missing[@]}")" - exit 1 - else - printf "\r✓ %-8sup to date\n" "{{ machine }}" - fi diff --git a/.justfile b/.justfile index cee0db9..1937f04 100644 --- a/.justfile +++ b/.justfile @@ -1,36 +1,40 @@ -@_default: - just --list --list-submodules +_default: + just --list --list-submodules + +set unstable +set quiet -[doc('Manage vars')] mod vars '.just/vars.just' - -[doc('Manage users')] -mod users '.just/users.just' - -[doc('Manage machines')] mod machine '.just/machine.just' [doc('Show information about project')] -@show: - echo "show" +show: + echo "show" [doc('update the flake dependencies')] -@update: - nix flake update - git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null - echo "Done" +update: + nix flake update + git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null + echo "Done" + +[doc('Rebase branch on main')] +rebase: + git stash -q \ + && git fetch \ + && git rebase origin/main \ + && git stash pop -q + + echo "Done" [doc('Introspection on flake output')] -@select key: - nix eval --show-trace --json .#{{ key }} | jq . - - +select key: + nix eval --json .#{{ key }} | jq . #=============================================================================================== # Utils -#=============================================================================================== -[no-exit-message] +# =============================================================================================== [no-cd] +[no-exit-message] [private] -@assert condition message: - [ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; } +assert condition message: + [ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; } diff --git a/.sops.yaml b/.sops.yaml index 1faf874..9e7956c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,6 @@ keys: - &ulmo_1 age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq - &ulmo_2 age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x - - &manwe_1 age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w creation_rules: # All Machine secrets @@ -9,5 +8,4 @@ creation_rules: key_groups: - age: - *ulmo_1 - - *ulmo_2 - - *manwe_1 + - *ulmo_2 \ No newline at end of file diff --git a/flake.lock b/flake.lock index 5faa0c0..07a2120 100644 --- a/flake.lock +++ b/flake.lock @@ -21,17 +21,17 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1765809053, - "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", + "lastModified": 1754405784, + "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", "owner": "tomyun", "repo": "base16-fish", - "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", - "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" } }, @@ -75,6 +75,7 @@ "flake-parts": "flake-parts", "nix-darwin": "nix-darwin", "nix-select": "nix-select", + "nixos-facter-modules": "nixos-facter-modules", "nixpkgs": [ "nixpkgs" ], @@ -83,32 +84,25 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1771802456, - "narHash": "sha256-Ku3vdfRr0JBcTbcu8oNSVYNLLDVrIlDXvuYv0qZaJvg=", - "rev": "e1f0211652ba266dc0ca504fe3c4775d8cad16f8", +<<<<<<< HEAD + "lastModified": 1765033957, + "narHash": "sha256-yL5IjUOne+h6AodxxqoqwPgRy2HXle6+W4Aa2GVJruk=", + "rev": "9985ce76af367e7c9e3022c5b893418059a17491", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/e1f0211652ba266dc0ca504fe3c4775d8cad16f8.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/9985ce76af367e7c9e3022c5b893418059a17491.tar.gz" +======= + "lastModified": 1764220269, + "narHash": "sha256-rSSmhTCjfZLZog3qO6Q5C58pINmDv8EheGUhcojxd6c=", + "rev": "c70c04d09477ceee5820a8da4d9c0d1b50eb6cc6", + "type": "tarball", + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/c70c04d09477ceee5820a8da4d9c0d1b50eb6cc6.tar.gz" +>>>>>>> 122a796 (chore: update dependencies) }, "original": { "type": "tarball", "url": "https://git.clan.lol/clan/clan-core/archive/main.tar.gz" } }, - "crane": { - "locked": { - "lastModified": 1757183466, - "narHash": "sha256-kTdCCMuRE+/HNHES5JYsbRHmgtr+l9mOtf5dpcMppVc=", - "owner": "ipetkov", - "repo": "crane", - "rev": "d599ae4847e7f87603e7082d73ca673aa93c916d", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "data-mesher": { "inputs": { "flake-parts": [ @@ -125,11 +119,11 @@ ] }, "locked": { - "lastModified": 1771586574, - "narHash": "sha256-Nzay8rHhCrlFaIiDqlTpEiKZZTUOQsdZJ8wdB+lrJro=", - "rev": "17da134c02b2e92e10ffcbcb4870e5cde0a6c6f7", + "lastModified": 1762942435, + "narHash": "sha256-zIWGs5FIytTtJN+dhDb8Yx+q4TQI/yczuL539yVcyPE=", + "rev": "0ee328404b12c65e8106bde9e9fab8abf4ecada4", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/17da134c02b2e92e10ffcbcb4870e5cde0a6c6f7.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0ee328404b12c65e8106bde9e9fab8abf4ecada4.tar.gz" }, "original": { "type": "tarball", @@ -144,11 +138,19 @@ ] }, "locked": { - "lastModified": 1771469470, - "narHash": "sha256-GnqdqhrguKNN3HtVfl6z+zbV9R9jhHFm3Z8nu7R6ml0=", +<<<<<<< HEAD + "lastModified": 1764627417, + "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=", "owner": "nix-community", "repo": "disko", - "rev": "4707eec8d1d2db5182ea06ed48c820a86a42dc13", + "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", +======= + "lastModified": 1764110879, + "narHash": "sha256-xanUzIb0tf3kJ+PoOFmXEXV1jM3PjkDT/TQ5DYeNYRc=", + "owner": "nix-community", + "repo": "disko", + "rev": "aecba248f9a7d68c5d1ed15de2d1c8a4c994a3c5", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -160,15 +162,22 @@ "erosanix": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", - "tiny-audio-player": "tiny-audio-player" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1771529616, - "narHash": "sha256-FiVKf4ZSHCcHOKkQAaIcjQGWiTnlepv5462Djk10BeY=", +<<<<<<< HEAD + "lastModified": 1764775116, + "narHash": "sha256-S4fY3fytcqXBuOSbQjEVke2eqK9/e/6Jy3jp0JGM2X4=", "owner": "emmanuelrosa", "repo": "erosanix", - "rev": "ed5217725bf19acfb594be8a4a653e3f576a3397", + "rev": "172661ccc78b1529a294eee5e99ca1616c934f37", +======= + "lastModified": 1763851335, + "narHash": "sha256-mmDc9dREBGGZW1iCB3AbMLBzsXrf48hJ+EzJ6g7Tdbk=", + "owner": "emmanuelrosa", + "repo": "erosanix", + "rev": "17407369c38ac2ade3be648666d30f6469908bdb", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -185,11 +194,19 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1771743970, - "narHash": "sha256-eri4eY0fUouYxBgWxJAJzG+xTGXVI7VeNJGcJrqpEt0=", +<<<<<<< HEAD + "lastModified": 1764915802, + "narHash": "sha256-eHTucU43sRCpvvTt5eey9htcWipS7ZN3B7ts6MiXLxo=", "owner": "nix-community", "repo": "fenix", - "rev": "2af8ae8bbe91833a54bd3b9cc24c326b66972a8e", + "rev": "a83a78fd3587d9f3388f0b459ad9c2bbd6d1b6d8", +======= + "lastModified": 1764226020, + "narHash": "sha256-FzUCFwXNjLnnZmVqYj/FjlBhUpat59SExflEaIGT62s=", + "owner": "nix-community", + "repo": "fenix", + "rev": "2d8176c02f7be6d13578d24d5fd5049f1b46a4c5", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -205,11 +222,19 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1771811831, - "narHash": "sha256-adtW0jeSg/uZ6anL1mhK+kHAPpYR1+X5kmL6ZtDrQkw=", +<<<<<<< HEAD + "lastModified": 1765024561, + "narHash": "sha256-xtfg5gNfyiyBTfWwbKgatV1sPeJjEnUczHCaSWi+crY=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "0cd9d065adab3b7d12747ba54cbf0e9b4154351f", + "rev": "e6f559729459a7890f01b258c33c1025800f5dbb", +======= + "lastModified": 1764242161, + "narHash": "sha256-Yxeu6Zm85RwER/0z0fv3mX2xaBy38PZKgdAAE57huRU=", + "owner": "nix-community", + "repo": "flake-firefox-nightly", + "rev": "ca10e2ff1ec58b1a3722ccb3c052c57c5e070780", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -221,11 +246,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1764873433, - "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", + "lastModified": 1764724327, + "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", + "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", "type": "github" }, "original": { @@ -321,11 +346,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -363,11 +388,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -384,11 +409,11 @@ ] }, "locked": { - "lastModified": 1767609335, - "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -438,7 +463,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_2" + "flake-utils": "flake-utils_4" }, "locked": { "lastModified": 1715533576, @@ -457,7 +482,43 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_5" + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_6" }, "locked": { "lastModified": 1694529238, @@ -475,15 +536,14 @@ }, "flux": { "inputs": { - "mcman": "mcman", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1767316901, - "narHash": "sha256-tllrks9CW9WWWa0w9Brc25uieYixR8pAMUJODith/yU=", + "lastModified": 1729388191, + "narHash": "sha256-Ga5JJPgwfpqMFvk8g4un7ySwfTefGCsbUrCDsSnQyiU=", "owner": "IogaMaster", "repo": "flux", - "rev": "b12173e0b75c10c8f590a9d3a3ad23681f14d038", + "rev": "400896b5c977e0569ea0f8bacb9b42509e0bbd00", "type": "github" }, "original": { @@ -512,11 +572,11 @@ "flake": false, "locked": { "host": "gitlab.gnome.org", - "lastModified": 1767737596, - "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", + "lastModified": 1764524476, + "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "ef02db02bf0ff342734d525b5767814770d85b49", + "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", "type": "gitlab" }, "original": { @@ -529,7 +589,7 @@ }, "grub2-themes": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1757136219, @@ -547,16 +607,26 @@ }, "himmelblau": { "inputs": { + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" - ] + ], + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1771538633, - "narHash": "sha256-MBA5xFLd4dXdNwCYintpO7yBm2xj92PagsNmYpw+tSg=", +<<<<<<< HEAD + "lastModified": 1764617621, + "narHash": "sha256-Eq0TvWs6xhKZs5HXH1hlrNasrHD7AOEdeLkTis//X7w=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "a734234d38833fc4d0522e79e308daf99bd5f1e1", + "rev": "c19494250d8c15e7c75e9301bdc271579a6dc77a", +======= + "lastModified": 1764184347, + "narHash": "sha256-xhzCn/rnBDTybHtuFV2IhCgjLMsCVpbzpEL0w//4Na8=", + "owner": "himmelblau-idm", + "repo": "himmelblau", + "rev": "9f0f6e27b6a9acdb12c4807cc1402132b21009f3", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -572,11 +642,11 @@ ] }, "locked": { - "lastModified": 1771756436, - "narHash": "sha256-Tl2I0YXdhSTufGqAaD1ySh8x+cvVsEI1mJyJg12lxhI=", + "lastModified": 1764194569, + "narHash": "sha256-iUM9ktarEzThkayyZrzQ7oycPshAY2XRQqVKz0xX/L0=", "owner": "nix-community", "repo": "home-manager", - "rev": "5bd3589390b431a63072868a90c0f24771ff4cbb", + "rev": "9651819d75f6c7ffaf8a9227490ac704f29659f0", "type": "github" }, "original": { @@ -593,11 +663,11 @@ ] }, "locked": { - "lastModified": 1771756436, - "narHash": "sha256-Tl2I0YXdhSTufGqAaD1ySh8x+cvVsEI1mJyJg12lxhI=", + "lastModified": 1762964643, + "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", "owner": "nix-community", "repo": "home-manager", - "rev": "5bd3589390b431a63072868a90c0f24771ff4cbb", + "rev": "827f2a23373a774a8805f84ca5344654c31f354b", "type": "github" }, "original": { @@ -614,11 +684,11 @@ ] }, "locked": { - "lastModified": 1771587792, - "narHash": "sha256-XGFLdlLOez7f0rmjlF+1TLXyBguy8gx2aBHx/Q5JXxs=", + "lastModified": 1764236397, + "narHash": "sha256-s/6WrJJryLI6BgphsY8l0s0UmGUg3mgkSFuvvsbN0FM=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "b49fc54950e251f166a2240799315033ab7a8916", + "rev": "50026908d1501193afdcccdf7359d1a485074eda", "type": "github" }, "original": { @@ -633,11 +703,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1771765102, - "narHash": "sha256-RLvOaBEoxgPnGZn9ULbb6xXs98AgiOyPZQpB44XyLvA=", + "lastModified": 1764506612, + "narHash": "sha256-47a2OvGsq1AfffWQqKAGlB9GjmoVa1yXVyfZP3f3kog=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "55efa4ba1ddbbe046a4afd17b51867c5348bdce8", + "rev": "f7208cc4a3200a2573fc566066ef4d3c041bc924", "type": "github" }, "original": { @@ -646,32 +716,13 @@ "type": "github" } }, - "mcman": { - "inputs": { - "crane": "crane", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1766962671, - "narHash": "sha256-n1+76Xuk30JKy4raeU5okeaYZjzDQkS+bBLjX8NGZIg=", - "owner": "deniz-blue", - "repo": "mcman", - "rev": "0e3bef55234406eb0634b80f9cac9a284254768a", - "type": "github" - }, - "original": { - "owner": "deniz-blue", - "repo": "mcman", - "type": "github" - } - }, "mnw": { "locked": { - "lastModified": 1770419553, - "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=", + "lastModified": 1758834834, + "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=", "owner": "Gerg-L", "repo": "mnw", - "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957", + "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001", "type": "github" }, "original": { @@ -683,7 +734,7 @@ "mydia": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1764866402, @@ -699,28 +750,6 @@ "type": "github" } }, - "ndg": { - "inputs": { - "nixpkgs": [ - "nvf", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768214250, - "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=", - "owner": "feel-co", - "repo": "ndg", - "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8", - "type": "github" - }, - "original": { - "owner": "feel-co", - "ref": "refs/tags/v2.6.0", - "repo": "ndg", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -729,11 +758,11 @@ ] }, "locked": { - "lastModified": 1771520882, - "narHash": "sha256-9SeTZ4Pwr730YfT7V8Azb8GFbwk1ZwiQDAwft3qAD+o=", + "lastModified": 1764161084, + "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "6a7fdcd5839ec8b135821179eea3b58092171bcf", + "rev": "e95de00a471d07435e0527ff4db092c84998698e", "type": "github" }, "original": { @@ -767,15 +796,15 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_7", - "systems": "systems_3" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1771641457, - "narHash": "sha256-TIekRGfeCwuEmYcWex40RTx0Gd46pqmyUtxdFKb5juI=", + "lastModified": 1764208886, + "narHash": "sha256-voOx8RsK3miw3EHw05nwuOS4ltzeH8tKJnVr+mxtTPQ=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "c4e2b8969e09067da9d44b6b5762e1e896418f40", + "rev": "7da8a2d675f9cc56b3f6d654b4cccdca5016ac8e", "type": "github" }, "original": { @@ -827,6 +856,21 @@ "type": "github" } }, + "nixos-facter-modules": { + "locked": { + "lastModified": 1764252389, + "narHash": "sha256-3bbuneTKZBkYXlm0bE36kUjiDsasoIC1GWBw/UEJ9T4=", + "owner": "nix-community", + "repo": "nixos-facter-modules", + "rev": "5ea68886d95218646d11d3551a476d458df00778", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-facter-modules", + "type": "github" + } + }, "nixos-generators": { "inputs": { "nixlib": "nixlib", @@ -835,11 +879,11 @@ ] }, "locked": { - "lastModified": 1769813415, - "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=", + "lastModified": 1764234087, + "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "8946737ff703382fda7623b9fab071d037e897d5", + "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", "type": "github" }, "original": { @@ -856,11 +900,11 @@ ] }, "locked": { - "lastModified": 1771563879, - "narHash": "sha256-vA5hocvdGhr+jfBN7A7ogeZqIz2qx01EixXwdVsQcnE=", + "lastModified": 1764072830, + "narHash": "sha256-ezkjlUCohD9o9c47Ey0/I4CamSS0QEORTqGvyGqMud0=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "379d20c55f552e91fb9f3f0382e4a97d3f452943", + "rev": "c7832dd786175e20f2697179e0e03efadffe4201", "type": "github" }, "original": { @@ -871,11 +915,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769914019, - "narHash": "sha256-w3TySosUsTuVdWAoHEVxvPIX42lCv/98Rmt5LRu3Bw8=", + "lastModified": 1764255304, + "narHash": "sha256-oQPux8afXmkbb88ceRtz1lgSGqL9auOgdYnBSqpVgSA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "17317ace7fb805f192bcf5595e41d18b09f9b497", + "rev": "6e86c955fc372d12face4a9c0d932a6e0f7bff4d", "type": "github" }, "original": { @@ -887,11 +931,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1771723719, - "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "lastModified": 1764465291, + "narHash": "sha256-jJ/E4B9Hp7U2ZmT3E0tD1LtAfATw/xjVf8sueNyeYmc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "36b8fcb216736b0e1869740b324ae521e5df23d8", + "rev": "e9537535ae8f4a2f78dbef0aaa0cbb6af4abd047", "type": "github" }, "original": { @@ -902,27 +946,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1771207753, - "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", + "lastModified": 1764517877, + "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", "type": "github" }, "original": { @@ -934,11 +962,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1771742218, - "narHash": "sha256-ofVOq6pFrLkIE6YanvUDElZJRwjSSJaTuilqhdnatMA=", + "lastModified": 1764201071, + "narHash": "sha256-ACX5IcJTSoZYBPVtgFAOHvo/FZ70n9AmaAhoeIF+O9Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "aaf43e7c58bb8093a6325ef1d7b4af616779abc5", + "rev": "8c40e16ba896a3657226780454734265b0534f6a", "type": "github" }, "original": { @@ -950,42 +978,27 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1757347588, - "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", - "owner": "NixOS", + "lastModified": 1712608508, + "narHash": "sha256-vMZ5603yU0wxgyQeHJryOI+O61yrX2AHwY6LOFyV1gM=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "b599843bad24621dcaa5ab60dac98f9b0eb1cabe", + "rev": "4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6", "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "nixos", "ref": "nixos-unstable", - "type": "indirect" + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs_4": { "locked": { - "lastModified": 1766902085, - "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1771829251, - "narHash": "sha256-aCGm04/IRKKAy9qzvSOjSOkcYmNEjaoClo/9FygDp2Y=", + "lastModified": 1764243589, + "narHash": "sha256-JoCEZJaU1Ex0MFG3A2DwTtu+jOCLigyXUAmlZLROBdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cb31c55b2ba66c33f94d251251c37802ff5b1dab", + "rev": "57dcc6d4a389a7b6d1fb4cf20c9435f12b11f98d", "type": "github" }, "original": { @@ -995,7 +1008,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1764242076, "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", @@ -1011,13 +1024,29 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1763966396, + "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", "type": "github" }, "original": { @@ -1029,32 +1058,32 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1771369470, - "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0182a361324364ae3f436a63005877674cf45efb", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_9": { "locked": { - "lastModified": 1771008912, - "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", - "owner": "nixos", + "lastModified": 1763618868, + "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "a82ccc39b39b621151d6732718e3e250109076fa", + "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -1071,11 +1100,11 @@ ] }, "locked": { - "lastModified": 1767810917, - "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", + "lastModified": 1764773531, + "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", "owner": "nix-community", "repo": "NUR", - "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", + "rev": "1d9616689e98beded059ad0384b9951e967a17fa", "type": "github" }, "original": { @@ -1089,16 +1118,15 @@ "flake-compat": "flake-compat_4", "flake-parts": "flake-parts_3", "mnw": "mnw", - "ndg": "ndg", - "nixpkgs": "nixpkgs_9", - "systems": "systems_4" + "nixpkgs": "nixpkgs_8", + "systems": "systems_5" }, "locked": { - "lastModified": 1771704400, - "narHash": "sha256-8U9xnN4HdxPfAXAft3lBsArWSv1ZTTxJci1lOA/xpno=", + "lastModified": 1764904740, + "narHash": "sha256-TzqXUQlESmS5XGJ3tR1/xdoU0vySyp6YUUpmGF5F0kY=", "owner": "notashelf", "repo": "nvf", - "rev": "5c38b357da7e8c870350cd1847fb5b2602a28eb0", + "rev": "249cabe0c5392c384c82fa9d28d3f49fbeb04266", "type": "github" }, "original": { @@ -1117,11 +1145,11 @@ ] }, "locked": { - "lastModified": 1770766818, - "narHash": "sha256-12RCFLyAedyMOdenUi7cN3ioJPEGjA/ZG1BLjugfUVs=", + "lastModified": 1763909441, + "narHash": "sha256-56LwV51TX/FhgX+5LCG6akQ5KrOWuKgcJa+eUsRMxsc=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "44b928068359b7d2310a34de39555c63c93a2c90", + "rev": "b24ed4b272256dfc1cc2291f89a9821d5f9e14b4", "type": "github" }, "original": { @@ -1146,7 +1174,7 @@ "nixos-boot": "nixos-boot", "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "nvf": "nvf", "plasma-manager": "plasma-manager", "snowfall-lib": "snowfall-lib", @@ -1159,11 +1187,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1771639390, - "narHash": "sha256-igbphgls7JmrblWCIbgBGcL/ZWj0Iv+InySvuhLC5Ew=", + "lastModified": 1764175386, + "narHash": "sha256-LfgFqvPz3C80VjaffSjy8lLyRWfbThhB7gE7IWXHjYU=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "af68fc6e782f218c262a8e7e5718ce7276f697a2", + "rev": "71ddf07c1c75046df3bb496cf824de5c053d99ad", "type": "github" }, "original": { @@ -1173,6 +1201,27 @@ "type": "github" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "himmelblau", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1759977258, + "narHash": "sha256-hOxEFSEBoqDmJb7BGX1CzT1gvUPK6r+Qs+n3IxBgfTs=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "1d0c6173f57d07db7957b50e799240d4f2d7520f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "snowfall-lib": { "inputs": { "flake-compat": "flake-compat_5", @@ -1182,11 +1231,11 @@ ] }, "locked": { - "lastModified": 1765361626, - "narHash": "sha256-kX0Dp/kYSRbQ+yd9e3lmmUWdNbipufvKfL2IzbrSpnY=", + "lastModified": 1736130495, + "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=", "owner": "snowfallorg", "repo": "lib", - "rev": "c566ad8b7352c30ec3763435de7c8f1c46ebb357", + "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac", "type": "github" }, "original": { @@ -1203,11 +1252,11 @@ ] }, "locked": { - "lastModified": 1771735105, - "narHash": "sha256-MJuVJeszZEziquykEHh/hmgIHYxUcuoG/1aowpLiSeU=", + "lastModified": 1764021963, + "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d7755d820f5fa8acf7f223309c33e25d4f92e74f", + "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "type": "github" }, "original": { @@ -1218,14 +1267,14 @@ }, "sops-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1771735105, - "narHash": "sha256-MJuVJeszZEziquykEHh/hmgIHYxUcuoG/1aowpLiSeU=", + "lastModified": 1764021963, + "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d7755d820f5fa8acf7f223309c33e25d4f92e74f", + "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "type": "github" }, "original": { @@ -1243,9 +1292,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_4", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_10", "nur": "nur", - "systems": "systems_6", + "systems": "systems_7", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1253,11 +1302,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1771787992, - "narHash": "sha256-Vg4bGwwenNYI8p3nJTl9FRyeIyrjATeZrZr+GyUSDrw=", + "lastModified": 1764191810, + "narHash": "sha256-rofXPD/9TGpHveo1MTlUfpnF0MCG1/uHUB9f0rosdqc=", "owner": "nix-community", "repo": "stylix", - "rev": "30054cca073b49b42a71289edec858f535b27fe9", + "rev": "70c444a10d0c9ef71a25580dfa79af9cd43f3a5e", "type": "github" }, "original": { @@ -1371,20 +1420,35 @@ "type": "github" } }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_7" + "systems": "systems_8" }, "locked": { - "lastModified": 1771504637, - "narHash": "sha256-qPYBCcvws0cqVf4blYyxQ6JNxOdvUPK41s2sfqk6wL0=", + "lastModified": 1762472226, + "narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=", "owner": "terranix", "repo": "terranix", - "rev": "f3d77064bd135823a30916a1e63b90b7fe4453ac", + "rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc", "type": "github" }, "original": { @@ -1429,11 +1493,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1767710407, - "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", + "lastModified": 1763914658, + "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", "owner": "tinted-theming", "repo": "schemes", - "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", + "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", "type": "github" }, "original": { @@ -1445,11 +1509,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1767489635, - "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", + "lastModified": 1764465359, + "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", + "rev": "edf89a780e239263cc691a987721f786ddc4f6aa", "type": "github" }, "original": { @@ -1461,11 +1525,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1767488740, - "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", + "lastModified": 1764464512, + "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", + "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", "type": "github" }, "original": { @@ -1474,27 +1538,6 @@ "type": "github" } }, - "tiny-audio-player": { - "inputs": { - "nixpkgs": [ - "erosanix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1771529133, - "narHash": "sha256-nnd13UkxEGBNCJUpSinNyoDfB1BjhSGnWN8llDM9AW8=", - "owner": "emmanuelrosa", - "repo": "tiny_audio_player", - "rev": "21b191dce6be77dcf0f5baa69564b7e33905c653", - "type": "github" - }, - "original": { - "owner": "emmanuelrosa", - "repo": "tiny_audio_player", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1503,11 +1546,11 @@ ] }, "locked": { - "lastModified": 1770228511, - "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", "type": "github" }, "original": { @@ -1524,11 +1567,11 @@ ] }, "locked": { - "lastModified": 1771829403, - "narHash": "sha256-y6SCyTHx3mfeJphVAP9IcYwmd81l7Owv1WObibVcexw=", + "lastModified": 1764217570, + "narHash": "sha256-vgqUC6lI/gW70uekA0bpNFU6yR0tcZRfLIZcxGfN76g=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "16e6705c152f28f380aac601c705fbe905a58b44", + "rev": "3dc281d86044322f9182b20abbc21db8824c130a", "type": "github" }, "original": { diff --git a/modules/home/application/teamspeak/default.nix b/modules/home/application/teamspeak/default.nix index 3e5e530..d234e9a 100644 --- a/modules/home/application/teamspeak/default.nix +++ b/modules/home/application/teamspeak/default.nix @@ -10,9 +10,6 @@ in }; config = mkIf cfg.enable { - home.packages = with pkgs; [ - # teamspeak3 - teamspeak6-client - ]; + home.packages = with pkgs; [ teamspeak3 teamspeak6-client ]; }; } diff --git a/modules/home/themes/default.nix b/modules/home/themes/default.nix index d338b88..3fb8f15 100644 --- a/modules/home/themes/default.nix +++ b/modules/home/themes/default.nix @@ -26,13 +26,13 @@ in { config = mkIf (cfg.enable) { stylix = { - enable = true; + enable = true; base16Scheme = "${pkgs.base16-schemes}/share/themes/${cfg.theme}.yaml"; image = ./${cfg.theme}.jpg; polarity = cfg.polarity; - targets.qt.platform = mkDefault "kde"; +# targets.qt.platform = mkDefault "kde"; targets.zen-browser.profileNames = [ "Chris" ]; fonts = { diff --git a/modules/nixos/application/steam/default.nix b/modules/nixos/application/steam/default.nix index fc42935..735aa80 100644 --- a/modules/nixos/application/steam/default.nix +++ b/modules/nixos/application/steam/default.nix @@ -15,33 +15,28 @@ in { }; config = mkIf cfg.enable { - # environment.systemPackages = with pkgs; [ steam ]; - programs = { steam = { enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - # package = pkgs.steam.override { - # extraEnv = { - # DXVK_HUD = "compiler"; - # MANGOHUD = true; - # }; - # }; + package = pkgs.steam.override { + extraEnv = { + DXVK_HUD = "compiler"; + MANGOHUD = true; + }; + }; - # gamescopeSession = { - # enable = true; - # args = ["--immediate-flips"]; - # }; + gamescopeSession = { + enable = true; + args = ["--immediate-flips"]; + }; }; # https://github.com/FeralInteractive/gamemode - # gamemode = { - # enable = true; - # enableRenice = true; - # settings = {}; - # }; + gamemode = { + enable = true; + enableRenice = true; + settings = {}; + }; # gamescope = { # enable = true; diff --git a/modules/nixos/desktop/cosmic/default.nix b/modules/nixos/desktop/cosmic/default.nix deleted file mode 100644 index cba6955..0000000 --- a/modules/nixos/desktop/cosmic/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - config, - namespace, - inputs, - ... -}: let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.desktop.cosmic; -in { - options.${namespace}.desktop.cosmic = { - enable = - mkEnableOption "Enable Cosmic desktop" - // { - default = config.${namespace}.desktop.use == "cosmic"; - }; - }; - - config = mkIf cfg.enable { - services = { - displayManager.cosmic-greeter.enable = true; - desktopManager.cosmic.enable = true; - }; - }; -} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 13ef881..9fd9192 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -1,22 +1,18 @@ -{ - lib, - config, - namespace, - inputs, - ... -}: let +{ lib, config, namespace, inputs, ... }: +let inherit (lib) mkIf mkOption mkEnableOption mkMerge; inherit (lib.types) nullOr enum; cfg = config.${namespace}.desktop; -in { +in +{ imports = [ inputs.grub2-themes.nixosModules.default ]; options.${namespace}.desktop = { use = mkOption { - type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); + type = nullOr (enum [ "plasma" "gamescope" "gnome" ]); default = null; example = "plasma"; description = "Which desktop to enable"; @@ -24,11 +20,11 @@ in { }; config = mkMerge [ - { + ({ services.displayManager = { enable = true; }; - } + }) # (mkIf (cfg.use != null) { # ${namespace}.desktop.${cfg.use}.enable = true; diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma/default.nix index aa1e497..d1e2a28 100644 --- a/modules/nixos/desktop/plasma/default.nix +++ b/modules/nixos/desktop/plasma/default.nix @@ -22,7 +22,7 @@ in konsole kate ghostwriter - # oxygen + oxygen ]; environment.sessionVariables.NIXOS_OZONE_WL = "1"; diff --git a/modules/nixos/services/authentication/authelia/default.nix b/modules/nixos/services/authentication/authelia/default.nix index 7aea103..9990003 100644 --- a/modules/nixos/services/authentication/authelia/default.nix +++ b/modules/nixos/services/authentication/authelia/default.nix @@ -1,36 +1,16 @@ -{ - config, - lib, - pkgs, - namespace, - ... -}: let +{ config, lib, pkgs, namespace, ... }: +let inherit (lib) mkIf mkEnableOption; user = "authelia-testing"; cfg = config.${namespace}.services.authentication.authelia; -in { +in +{ options.${namespace}.services.authentication.authelia = { enable = mkEnableOption "Authelia"; }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy = { - hosts = { - "auth.kruining.eu".extraConfig = '' - reverse_proxy http://127.0.0.1:9091 - ''; - }; - extraConfig = '' - (auth) { - forward_auth http://127.0.0.1:9091 { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Groups Remote-Email Remote-Name - } - } - ''; - }; - environment.systemPackages = with pkgs; [ authelia ]; @@ -132,8 +112,8 @@ in { authorization_policy = "one_factor"; userinfo_signed_response_alg = "none"; consent_mode = "implicit"; - scopes = ["openid" "profile" "groups"]; - redirect_uris = ["https://jellyfin.kruining.eu/sso/OID/redirect/authelia"]; + scopes = [ "openid" "profile" "groups" ]; + redirect_uris = [ "https://jellyfin.kruining.eu/sso/OID/redirect/authelia" ]; } { client_id = "streamarr"; @@ -147,8 +127,8 @@ in { authorization_policy = "one_factor"; userinfo_signed_response_alg = "none"; consent_mode = "implicit"; - scopes = ["offline_access" "openid" "email" "picture" "profile" "groups"]; - redirect_uris = ["http://localhost:3000/api/auth/oauth2/callback/authelia"]; + scopes = [ "offline_access" "openid" "email" "picture" "profile" "groups" ]; + redirect_uris = [ "http://localhost:3000/api/auth/oauth2/callback/authelia" ]; } { client_id = "forgejo"; @@ -162,10 +142,10 @@ in { authorization_policy = "one_factor"; userinfo_signed_response_alg = "none"; consent_mode = "implicit"; - scopes = ["offline_access" "openid" "email" "picture" "profile" "groups"]; - response_types = ["code"]; - grant_types = ["authorization_code"]; - redirect_uris = ["http://localhost:5002/user/oauth2/authelia/callback"]; + scopes = [ "offline_access" "openid" "email" "picture" "profile" "groups" ]; + response_types = [ "code" ]; + grant_types = [ "authorization_code" ]; + redirect_uris = [ "http://localhost:5002/user/oauth2/authelia/callback" ]; } ]; }; @@ -215,8 +195,48 @@ in { - jellyfin-users - admin - dev + + jacqueline: + disabled: false + displayname: Jacqueline Bevers + password: $argon2id$v=19$m=65536,t=3,p=4$XgN8yEJV+syAE5yeos3HsA$SlN+j/lJfxJ5VxLu2CdrwowlCiWQNNGhIrSyDpohq18 + groups: + - jellyfin-users + + martijn: + disabled: false + displayname: Martijn Kruining + password: $argon2id$v=19$m=65536,t=3,p=4$XgN8yEJV+syAE5yeos3HsA$SlN+j/lJfxJ5VxLu2CdrwowlCiWQNNGhIrSyDpohq18 + groups: + - jellyfin-users + + andrea: + disabled: false + displayname: Andrea Kruining + password: $argon2id$v=19$m=65536,t=3,p=4$XgN8yEJV+syAE5yeos3HsA$SlN+j/lJfxJ5VxLu2CdrwowlCiWQNNGhIrSyDpohq18 + groups: + - jellyfin-users ''; }; }; + + services.caddy = { + enable = true; + virtualHosts = { + "auth.kruining.eu".extraConfig = '' + reverse_proxy http://127.0.0.1:9091 + ''; + }; + extraConfig = '' + (auth) { + forward_auth http://127.0.0.1:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } + } + ''; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; }; } diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index 082330e..c0d9dc5 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -444,7 +444,8 @@ in |> withRef "org" org |> toResource "${org}_${name}" ) - |> append [ + |> append + [ (forEach "local.extra_users" [ "org" "name" ] { orgId = lib.tfRef "local.orgs[each.value.org]"; userName = lib.tfRef "each.value.name"; @@ -537,25 +538,7 @@ in }; in mkIf cfg.enable { - ${namespace}.services = { - persistance.postgresql.enable = true; - - networking.caddy = { - hosts = { - "auth.kruining.eu" = '' - reverse_proxy h2c://::1:9092 - ''; - }; - extraConfig = '' - (auth) { - forward_auth h2c://::1:9092 { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Groups Remote-Email Remote-Name - } - } - ''; - }; - }; + ${namespace}.services.persistance.postgresql.enable = true; environment.systemPackages = with pkgs; [ zitadel @@ -696,6 +679,23 @@ in } ]; }; + + caddy = { + enable = true; + virtualHosts = { + "auth.kruining.eu".extraConfig = '' + reverse_proxy h2c://::1:9092 + ''; + }; + extraConfig = '' + (auth) { + forward_auth h2c://::1:9092 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } + } + ''; + }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index f20e1ac..6405932 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -15,7 +15,6 @@ port = 4001; database = "synapse"; - keyFile = "/var/lib/element-call/key"; in { options.${namespace}.services.communication.matrix = { enable = mkEnableOption "Matrix server (Synapse)"; @@ -25,77 +24,10 @@ in { ${namespace}.services = { persistance.postgresql.enable = true; # virtualisation.podman.enable = true; - - networking.caddy = { - # globalConfig = '' - # layer4 { - # 127.0.0.1:4004 - # route { - # proxy { - # upstream synapse:4004 - # } - # } - # } - # 127.0.0.1:4005 - # route { - # proxy { - # upstream synapse:4005 - # } - # } - # } - # } - # ''; - hosts = let - server = { - "m.server" = "${fqn}:443"; - }; - client = { - "m.homeserver".base_url = "https://${fqn}"; - "m.identity_server".base_url = "https://auth.${domain}"; - "org.matrix.msc3575.proxy".url = "https://${domain}"; - "org.matrix.msc4143.rtc_foci" = [ - { - type = "livekit"; - livekit_service_url = "https://${domain}/livekit/jwt"; - } - ]; - }; - in { - "${domain}, darkch.at" = '' - # Route for lk-jwt-service - handle /livekit/jwt* { - uri strip_prefix /livekit/jwt - reverse_proxy http://[::1]:${toString config.services.lk-jwt-service.port} { - header_up Host {host} - header_up X-Forwarded-Server {host} - header_up X-Real-IP {remote_host} - header_up X-Forwarded-For {remote_host} - } - } - - handle_path /livekit/sfu* { - reverse_proxy http://[::1]:${toString config.services.livekit.settings.port} { - header_up Host {host} - header_up X-Forwarded-Server {host} - header_up X-Real-IP {remote_host} - header_up X-Forwarded-For {remote_host} - } - } - - header /.well-known/matrix/* Content-Type application/json - header /.well-known/matrix/* Access-Control-Allow-Origin * - respond /.well-known/matrix/server `${toJSON server}` - respond /.well-known/matrix/client `${toJSON client}` - ''; - - "${fqn}" = '' - reverse_proxy /_matrix/* http://::1:${toString port} - reverse_proxy /_synapse/client/* http://::1:${toString port} - ''; - }; - }; }; + networking.firewall.allowedTCPPorts = [4001]; + services = { matrix-synapse = { enable = true; @@ -120,34 +52,11 @@ in { # Since we'll be using OIDC for auth disable all local options enable_registration = false; enable_registration_without_verification = false; - password_config.enabled = true; + password_config.enabled = false; backchannel_logout_enabled = true; - # Element Call options - max_event_delay_duration = "24h"; - rc_message = { - per_second = 0.5; - burst_count = 30; - }; - rc_delayed_event_mgmt = { - per_second = 1; - burst_count = 20; - }; - turn_uris = ["turn:turn.${domain}:4004?transport=udp" "turn:turn.${domain}:4004?transport=tcp"]; - - experimental_features = { - # MSC2965: OAuth 2.0 Authorization Server Metadata discovery - msc2965_enabled = true; - - # MSC3266: Room summary API. Used for knocking over federation - msc3266_enabled = true; - # MSC4222 needed for syncv2 state_after. This allow clients to - # correctly track the state of the room. - msc4222_enabled = true; - }; - sso = { - client_whitelist = ["http://[::1]:9092/" "https://auth.kruining.eu/"]; + client_whitelist = ["http://[::1]:9092"]; update_profile_information = true; }; @@ -186,38 +95,7 @@ in { settings = { appservice = { provisioning.enabled = false; - }; - - homeserver = { - address = "http://[::1]:${toString port}"; - domain = domain; - }; - - bridge = { - permissions = { - "@chris:${domain}" = "admin"; - }; - }; - }; - }; - - mautrix-telegram = { - enable = true; - registerToSynapse = true; - - settings = { - telegram = { - api_id = 32770816; - api_hash = "7b63778a976619c9d4ab62adc51cde79"; - bot_token = "disabled"; - - catch_up = true; - sequential_updates = true; - }; - - appservice = { - port = 40011; - provisioning.enabled = false; + # port = 40011; }; homeserver = { @@ -240,6 +118,7 @@ in { settings = { appservice = { provisioning.enabled = false; + # port = 40012; }; homeserver = { @@ -266,121 +145,35 @@ in { ]; }; - livekit = { + caddy = { enable = true; - openFirewall = true; - inherit keyFile; - - settings = { - port = 4002; - room.auto_create = false; + virtualHosts = let + server = { + "m.server" = "${fqn}:443"; + }; + client = { + "m.homeserver".base_url = "https://${fqn}"; + "m.identity_server".base_url = "https://auth.kruining.eu"; + }; + in { + "${domain}".extraConfig = '' + header /.well-known/matrix/* Content-Type application/json + header /.well-known/matrix/* Access-Control-Allow-Origin * + respond /.well-known/matrix/server `${toJSON server}` + respond /.well-known/matrix/client `${toJSON client}` + ''; + "${fqn}".extraConfig = '' + reverse_proxy /_matrix/* http://::1:4001 + reverse_proxy /_synapse/client/* http://::1:4001 + ''; }; }; - - lk-jwt-service = { - enable = true; - port = 4003; - # can be on the same virtualHost as synapse - livekitUrl = "wss://${domain}/livekit/sfu"; - inherit keyFile; - }; - - coturn = rec { - enable = true; - listening-port = 4004; - tls-listening-port = 40004; - no-cli = true; - no-tcp-relay = true; - min-port = 50000; - max-port = 50100; - use-auth-secret = true; - static-auth-secret-file = config.sops.secrets."coturn/secret".path; - realm = "turn.${domain}"; - # cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; - # pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; - extraConfig = '' - # for debugging - verbose - # ban private IP ranges - no-multicast-peers - denied-peer-ip=0.0.0.0-0.255.255.255 - denied-peer-ip=10.0.0.0-10.255.255.255 - denied-peer-ip=100.64.0.0-100.127.255.255 - denied-peer-ip=127.0.0.0-127.255.255.255 - denied-peer-ip=169.254.0.0-169.254.255.255 - denied-peer-ip=172.16.0.0-172.31.255.255 - denied-peer-ip=192.0.0.0-192.0.0.255 - denied-peer-ip=192.0.2.0-192.0.2.255 - denied-peer-ip=192.88.99.0-192.88.99.255 - denied-peer-ip=192.168.0.0-192.168.255.255 - denied-peer-ip=198.18.0.0-198.19.255.255 - denied-peer-ip=198.51.100.0-198.51.100.255 - denied-peer-ip=203.0.113.0-203.0.113.255 - denied-peer-ip=240.0.0.0-255.255.255.255 - denied-peer-ip=::1 - denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff - denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255 - denied-peer-ip=100::-100::ffff:ffff:ffff:ffff - denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff - ''; - }; - }; - - networking.firewall = { - allowedTCPPortRanges = []; - allowedTCPPorts = [ - # Synapse - port - - # coTURN ports - config.services.coturn.listening-port - config.services.coturn.alt-listening-port - config.services.coturn.tls-listening-port - config.services.coturn.alt-tls-listening-port - ]; - allowedUDPPortRanges = with config.services.coturn; - lib.singleton { - from = min-port; - to = max-port; - }; - allowedUDPPorts = [ - # coTURN ports - config.services.coturn.listening-port - config.services.coturn.alt-listening-port - ]; - }; - - systemd = { - services.livekit-key = { - before = ["lk-jwt-service.service" "livekit.service"]; - wantedBy = ["multi-user.target"]; - path = with pkgs; [livekit coreutils gawk]; - script = '' - echo "Key missing, generating key" - echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}" - ''; - serviceConfig.Type = "oneshot"; - unitConfig.ConditionPathExists = "!${keyFile}"; - }; - services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = "${domain}"; }; sops = { secrets = { - "synapse/oidc_id" = { - restartUnits = ["synapse-matrix.service"]; - }; - "synapse/oidc_secret" = { - restartUnits = ["synapse-matrix.service"]; - }; - "coturn/secret" = { - owner = config.systemd.services.coturn.serviceConfig.User; - group = config.systemd.services.coturn.serviceConfig.Group; - restartUnits = ["coturn.service"]; - }; + "synapse/oidc_id" = {}; + "synapse/oidc_secret" = {}; }; templates = { @@ -395,19 +188,13 @@ in { scopes: - openid - profile - - email - - offline_access client_id: '${config.sops.placeholder."synapse/oidc_id"}' client_secret: '${config.sops.placeholder."synapse/oidc_secret"}' backchannel_logout_enabled: true - user_profile_method: userinfo_endpoint - allow_existing_users: true - enable_registration: true user_mapping_provider: config: localpart_template: "{{ user.preferred_username }}" display_name_template: "{{ user.name }}" - email_template: "{{ user.email }}" ''; restartUnits = ["matrix-synapse.service"]; }; diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo/default.nix index f190b0c..114726e 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo/default.nix @@ -28,20 +28,6 @@ in { ${namespace}.services = { persistance.postgresql.enable = true; virtualisation.podman.enable = true; - - networking.caddy = { - hosts = { - "${domain}" = '' - # import auth - - # stupid dumb way to prevent the login page and go to zitadel instead - # be aware that this does not disable local login at all! - # rewrite /user/login /user/oauth2/Zitadel - - reverse_proxy http://127.0.0.1:${toString cfg.port} - ''; - }; - }; }; environment.systemPackages = with pkgs; [forgejo]; @@ -49,7 +35,6 @@ in { services = { forgejo = { enable = true; - lfs.enable = true; useWizard = false; database.type = "postgres"; @@ -182,6 +167,21 @@ in { }; }; }; + + caddy = { + enable = true; + virtualHosts = { + "${domain}".extraConfig = '' + # import auth + + # stupid dumb way to prevent the login page and go to zitadel instead + # be aware that this does not disable local login at all! + # rewrite /user/login /user/oauth2/Zitadel + + reverse_proxy http://127.0.0.1:${toString cfg.port} + ''; + }; + }; }; users = { diff --git a/modules/nixos/services/games/minecraft/default.nix b/modules/nixos/services/games/minecraft.nix similarity index 77% rename from modules/nixos/services/games/minecraft/default.nix rename to modules/nixos/services/games/minecraft.nix index 84567b3..7f408ae 100644 --- a/modules/nixos/services/games/minecraft/default.nix +++ b/modules/nixos/services/games/minecraft.nix @@ -1,16 +1,11 @@ -{ - inputs, - config, - lib, - pkgs, - namespace, - ... -}: let +{ inputs, config, lib, pkgs, namespace, ... }: +let inherit (lib) mkIf mkEnableOption mkOption; inherit (lib.types) str; cfg = config.${namespace}.services.games.minecraft; -in { +in +{ imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ]; @@ -30,7 +25,7 @@ in { }; config = mkIf cfg.enable { - users.users.${cfg.user} = { + user.users.${cfg.user} = { isSystemUser = true; group = cfg.group; }; @@ -82,7 +77,7 @@ in { inherit whitelist; inherit jvmOpts; - package = pkgs.fabricServers.fabric-1_21_4.override {loaderVersion = "0.16.10";}; + package = pkgs.fabricServers.fabric-1_21_4.override { loaderVersion = "0.16.10"; }; serverProperties = { gamemode = "survival"; @@ -108,14 +103,8 @@ in { inherit (pkgs) linkFarmFromDrvs fetchurl; in { mods = linkFarmFromDrvs "mods" (attrValues { - FabricApi = fetchurl { - url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/ZNwYCTsk/fabric-api-0.118.0%2B1.21.4.jar"; - sha512 = "1e0d31b6663dc2c7be648f3a5a9cf7b698b9a0fd0f7ae16d1d3f32d943d7c5205ff63a4f81b0c4e94a8997482cce026b7ca486e99d9ce35ac069aeb29b02a30d"; - }; - Terralith = fetchurl { - url = "https://cdn.modrinth.com/data/8oi3bsk5/versions/MuJMtPGQ/Terralith_1.21.x_v2.5.8.jar"; - sha512 = "f862ed5435ce4c11a97d2ea5c40eee9f817c908f3223b5fd3e3fff0562a55111d7429dc73a2f1ca0b1af7b1ff6fa0470ed6efebb5de13336c40bb70fb357dd60"; - }; + FabricApi = fetchurl { url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/ZNwYCTsk/fabric-api-0.118.0%2B1.21.4.jar"; sha512 = "1e0d31b6663dc2c7be648f3a5a9cf7b698b9a0fd0f7ae16d1d3f32d943d7c5205ff63a4f81b0c4e94a8997482cce026b7ca486e99d9ce35ac069aeb29b02a30d"; }; + Terralith = fetchurl { url = "https://cdn.modrinth.com/data/8oi3bsk5/versions/MuJMtPGQ/Terralith_1.21.x_v2.5.8.jar"; sha512 = "f862ed5435ce4c11a97d2ea5c40eee9f817c908f3223b5fd3e3fff0562a55111d7429dc73a2f1ca0b1af7b1ff6fa0470ed6efebb5de13336c40bb70fb357dd60"; }; # DistantHorizons = fetchurl { url = "https://cdn.modrinth.com/data/uCdwusMi/versions/jptcCdp2/DistantHorizons-2.2.1-a-1.20.4-forge-fabric.jar"; sha512 = "47368d91099d0b5f364339a69f4e425f8fb1e3a7c3250a8b649da76135e68a22f1a76b191c87e15a5cdc0a1d36bc57f2fa825490d96711d09d96807be97d575d"; }; }); }; @@ -136,7 +125,7 @@ in { inherit whitelist; inherit jvmOpts; - package = pkgs.fabricServers.fabric-1_19_2.override {loaderVersion = "0.16.9";}; + package = pkgs.fabricServers.fabric-1_19_2.override { loaderVersion = "0.16.9"; }; serverProperties = { gamemode = "survival"; @@ -158,31 +147,24 @@ in { inherit (lib) concatMapAttrs; readDirRec = src: dir: fn: - concatMapAttrs ( - name: type: - if type == "directory" - then (readDirRec src "${dir}/${name}" fn) - else {"${dir}/${name}" = fn "${dir}/${name}";} + concatMapAttrs (name: type: if type == "directory" + then (readDirRec src "${dir}/${name}" fn) + else { "${dir}/${name}" = (fn "${dir}/${name}"); } ) (readDir "${src}/${dir}"); copyDir = dir: readDirRec src dir (x: "${src}/${x}"); - in - { - "ops.json" = { - value = ops; - }; - } - // (copyDir "config"); + in { + "ops.json" = { + value = ops; + }; + } + // (copyDir "config"); symlinks = let inherit (builtins) attrNames readDir map; inherit (pkgs) linkFarm; - linkFarmFromDir = name: dir: - linkFarm name (map (x: { - name = x; - path = "${src}/${dir}/${x}"; - }) (attrNames (readDir "${src}/${dir}"))); + linkFarmFromDir = name: dir: linkFarm name (map (x: { name = x; path = "${src}/${dir}/${x}"; }) (attrNames (readDir "${src}/${dir}"))); in { Deftu = linkFarmFromDir "tekxit-deftu" "Deftu"; TKXAddons = linkFarmFromDir "tekxit-TKXAddons" "TKXAddons"; diff --git a/modules/nixos/services/games/palworld.nix b/modules/nixos/services/games/palworld.nix new file mode 100644 index 0000000..dea16b3 --- /dev/null +++ b/modules/nixos/services/games/palworld.nix @@ -0,0 +1,25 @@ +{ config, lib, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.services.games.palworld; +in +{ + options.${namespace}.services.games.palworld = { + enable = mkEnableOption "Palworld"; + }; + + config = mkIf cfg.enable { +# kaas = (pkgs.mkSteamServer rec { +# name = "Palworld"; +# src = pkgs.fetchSteam { +# inherit name; +# appId = "2394010"; +# hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; +# }; +# +# sartCmd = "PalServer.sh"; +# hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; +# }); + }; +} diff --git a/modules/nixos/services/games/palworld/default.nix b/modules/nixos/services/games/palworld/default.nix deleted file mode 100644 index 152891d..0000000 --- a/modules/nixos/services/games/palworld/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - config, - lib, - namespace, - ... -}: let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.services.games.palworld; -in { - options.${namespace}.services.games.palworld = { - enable = mkEnableOption "Palworld"; - }; - - config = mkIf cfg.enable { - # kaas = (pkgs.mkSteamServer rec { - # name = "Palworld"; - # src = pkgs.fetchSteam { - # inherit name; - # appId = "2394010"; - # hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; - # }; - # - # sartCmd = "PalServer.sh"; - # hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; - # }); - - sops.secrets."palworld/password" = {}; - }; -} diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index c10a08e..d257aea 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -35,6 +35,13 @@ in { #========================================================================= environment.systemPackages = with pkgs; [ podman-tui + jellyfin + jellyfin-web + jellyfin-ffmpeg + jellyseerr + mediainfo + id3v2 + yt-dlp ]; #========================================================================= @@ -49,6 +56,9 @@ in { }; systemd.tmpfiles.rules = [ + # "d '${cfg.path}/series' 0770 ${cfg.user} ${cfg.group} - -" + # "d '${cfg.path}/movies' 0770 ${cfg.user} ${cfg.group} - -" + # "d '${cfg.path}/music' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/qbittorrent' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/sabnzbd' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/downloads/incomplete' 0770 ${cfg.user} ${cfg.group} - -" @@ -67,9 +77,54 @@ in { listenPort = 2005; }; + flaresolverr = { + enable = true; + openFirewall = true; + port = 2007; + }; + + # port is harcoded in nixpkgs module + jellyfin = { + enable = true; + openFirewall = true; + user = cfg.user; + group = cfg.group; + }; + postgresql = { enable = true; }; + + caddy = { + enable = true; + virtualHosts = { + "jellyfin.kruining.eu".extraConfig = '' + reverse_proxy http://[::1]:8096 + ''; + }; + }; + }; + + systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; + + sops = { + secrets = { + # "qbittorrent/password" = {}; + "qbittorrent/password_hash" = {}; + }; + + templates = { + "qbittorrent/password.conf" = { + owner = cfg.user; + group = cfg.group; + restartUnits = ["qbittorrent.service"]; + path = "${config.services.qbittorrent.profileDir}/qBittorrent/config/password.conf"; + content = '' + [Preferences] + WebUI\Password_PBKDF2="${config.sops.placeholder."qbittorrent/password_hash"}" + ''; + }; + }; }; }; } diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix index 6af52ef..333035d 100644 --- a/modules/nixos/services/media/glance/default.nix +++ b/modules/nixos/services/media/glance/default.nix @@ -130,6 +130,16 @@ in { } ]; } + { + type = "videos"; + channels = [ + "UCXuqSBlHAE6Xw-yeJA0Tunw" # Linus Tech Tips + "UCR-DXc1voovS8nhAvccRZhg" # Jeff Geerling + "UCsBjURrPoezykLs9EqgamOA" # Fireship + "UCBJycsmduvYEL83R_U4JriQ" # Marques Brownlee + "UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium + ]; + } ]; } diff --git a/modules/nixos/services/media/jellyfin/default.nix b/modules/nixos/services/media/jellyfin/default.nix deleted file mode 100644 index de19896..0000000 --- a/modules/nixos/services/media/jellyfin/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - pkgs, - config, - lib, - namespace, - inputs, - system, - ... -}: let - inherit (builtins) toString; - inherit (lib) mkIf mkEnableOption mkOption types; - - cfg = config.${namespace}.services.media.jellyfin; -in { - options.${namespace}.services.media.jellyfin = { - enable = mkEnableOption "Enable jellyfin server"; - }; - - config = mkIf cfg.enable { - ${namespace}.services.networking.caddy = { - hosts = { - "jellyfin.kruining.eu" = '' - reverse_proxy http://[::1]:8096 - ''; - }; - }; - - environment.systemPackages = with pkgs; [ - jellyfin - jellyfin-web - jellyfin-ffmpeg - mediainfo - id3v2 - yt-dlp - ]; - - services = { - # port is harcoded in nixpkgs module - jellyfin = { - enable = true; - openFirewall = true; - user = "media"; - group = "media"; - }; - }; - - systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; - }; -} diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix index 7e082a3..2bee38a 100644 --- a/modules/nixos/services/media/mydia/default.nix +++ b/modules/nixos/services/media/mydia/default.nix @@ -36,7 +36,7 @@ in { # uri = "file:///var/lib/mydia/mydia.db"; type = "postgres"; uri = "postgres://mydia@localhost:5432/mydia?sslmode=disable"; - passwordFile = config.sops.templates."mydia/database_password".path; + passwordFile = config.sops.secrets."mydia/qbittorrent_password".path; }; secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path; @@ -82,14 +82,5 @@ in { key = "qbittorrent/password"; }; }; - - sops.templates."mydia/database_password" = { - owner = config.services.mydia.user; - group = config.services.mydia.group; - restartUnits = ["mydia.service"]; - content = '' - DATABASE_PASSWORD="" - ''; - }; }; } diff --git a/modules/nixos/services/media/nextcloud/default.nix b/modules/nixos/services/media/nextcloud/default.nix index 06904c6..14d6863 100644 --- a/modules/nixos/services/media/nextcloud/default.nix +++ b/modules/nixos/services/media/nextcloud/default.nix @@ -1,15 +1,11 @@ -{ - config, - lib, - pkgs, - namespace, - ... -}: let +{ config, lib, pkgs, namespace, ... }: +let inherit (lib) mkIf mkEnableOption mkOption; inherit (lib.types) str; cfg = config.${namespace}.services.media.nextcloud; -in { +in +{ options.${namespace}.services.media.nextcloud = { enable = mkEnableOption "Nextcloud"; @@ -25,14 +21,6 @@ in { }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy = { - hosts."cloud.kruining.eu" = '' - php_fastcgi unix//run/phpfpm/nextcloud.sock { - env front_controller_active true - } - ''; - }; - users = { users.${cfg.user} = { isSystemUser = true; @@ -87,5 +75,14 @@ in { # startServices = true; # }; + + services.caddy = { + enable = true; + virtualHosts."cloud.kruining.eu".extraConfig = '' + php_fastcgi unix//run/phpfpm/nextcloud.sock { + env front_controller_active true + } + ''; + }; }; } diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index f868313..373e09b 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -11,8 +11,6 @@ inherit (lib) mkIf mkEnableOption mkOption types; cfg = config.${namespace}.services.media.servarr; - servarr = import ./lib.nix {inherit lib;}; - anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0); in { options.${namespace}.services.media = { servarr = mkOption { @@ -35,7 +33,7 @@ in { }; }; - config = mkIf anyEnabled { + config = { services = cfg |> lib.mapAttrsToList (service: { @@ -69,13 +67,15 @@ in { }; }; } - // (lib.optionalAttrs (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + // (lib.optionalAttrs (service != "prowlarr") { user = service; group = "media"; }); })) - |> lib.concat [ - { + |> lib.mkMerge + |> (set: + set + // { qbittorrent = { enable = true; openFirewall = true; @@ -86,7 +86,6 @@ in { Prefecences.WebUI = { Username = "admin"; - Password_PBKDF2 = config.sops.secrets."qbittorrent/password_hash".path; }; }; @@ -94,46 +93,16 @@ in { group = "media"; }; + # port is harcoded in nixpkgs module sabnzbd = { enable = true; openFirewall = true; - - allowConfigWrite = false; - configFile = lib.mkForce null; - - secretFiles = [ - config.sops.templates."sabnzbd/config.ini".path - ]; - - settings = { - misc = { - port = 2009; - - download_dir = "/var/media/downloads/incomplete"; - complete_dir = "/var/media/downloads/done"; - }; - - servers = { - "news.sunnyusenet.com" = { - name = "news.sunnyusenet.com"; - displayname = "news.sunnyusenet.com"; - host = "news.sunnyusenet.com"; - port = 563; - timeout = 60; - }; - }; - }; + configFile = "${cfg.path}/sabnzbd/config.ini"; user = "sabnzbd"; group = "media"; }; - flaresolverr = { - enable = true; - openFirewall = true; - port = 2007; - }; - postgresql = { ensureDatabases = cfg |> lib.attrNames; ensureUsers = @@ -144,9 +113,7 @@ in { ensureDBOwnership = true; }); }; - } - ] - |> lib.mkMerge; + }); systemd.services = cfg @@ -158,9 +125,6 @@ in { ... }: (mkIf enable { "${service}ApplyTerraform" = let - config' = config; - lib' = lib; - terraformConfiguration = inputs.terranix.lib.terranixConfiguration { inherit system; @@ -171,28 +135,12 @@ in { ... }: { config = { - variable = - cfg - |> lib'.mapAttrsToList (s: _: { - "${s}_api_key" = { - type = "string"; - description = "${s} API key"; - }; - }) - |> lib'.concat [ - { - qbittorrent_api_key = { - type = "string"; - description = "qbittorrent api key"; - }; - - sabnzbd_api_key = { - type = "string"; - description = "sabnzbd api key"; - }; - } - ] - |> lib'.mkMerge; + variable = { + api_key = { + type = "string"; + description = "${service} api key"; + }; + }; terraform.required_providers.${service} = { source = "devopsarr/${service}"; @@ -211,194 +159,16 @@ in { provider.${service} = { url = "http://127.0.0.1:${toString port}"; - api_key = lib.tfRef "var.${service}_api_key"; + api_key = lib.tfRef "var.api_key"; }; - resource = - { - "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( - rootFolders - |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) - |> lib.listToAttrs - ); - - "${service}_download_client_qbittorrent" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { - "main" = { - name = "qBittorrent"; - enable = true; - priority = 1; - host = "localhost"; - username = "admin"; - password = lib.tfRef "var.qbittorrent_api_key"; - url_base = "/"; - port = 2008; - }; - }; - - "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { - "main" = { - name = "SABnzbd"; - enable = true; - priority = 1; - host = "localhost"; - api_key = lib.tfRef "var.sabnzbd_api_key"; - url_base = "/"; - port = 8080; - }; - }; - } - // (lib.optionalAttrs (service == "prowlarr") ( - cfg - |> lib'.filterAttrs (s: _: lib'.elem s ["radarr" "sonarr" "lidarr" "whisparr"]) - |> lib'.mapAttrsToList (s: {port, ...}: { - "prowlarr_application_${s}"."main" = let - p = cfg.prowlarr.port or config'.services.prowlarr.settings.server.port or 9696; - in { - name = s; - sync_level = "addOnly"; - base_url = "http://localhost:${toString port}"; - prowlarr_url = "http://localhost:${toString p}"; - api_key = lib.tfRef "var.${s}_api_key"; - # sync_categories = [3000 3010 3030]; - }; - }) - |> lib'.concat [ - { - "prowlarr_indexer" = { - "nyaa" = { - enable = true; - - app_profile_id = 1; - priority = 1; - - name = "Nyaa"; - implementation = "Cardigann"; - config_contract = "CardigannSettings"; - protocol = "torrent"; - - fields = [ - { - name = "definitionFile"; - text_value = "nyaasi"; - } - { - name = "baseSettings.limitsUnit"; - number_value = 0; - } - { - name = "torrentBaseSettings.preferMagnetUrl"; - bool_value = false; - } - { - name = "prefer_magnet_links"; - bool_value = true; - } - { - name = "sonarr_compatibility"; - bool_value = false; - } - { - name = "strip_s01"; - bool_value = false; - } - { - name = "radarr_compatibility"; - bool_value = false; - } - { - name = "filter-id"; - number_value = 0; - } - { - name = "cat-id"; - number_value = 0; - } - { - name = "sort"; - number_value = 0; - } - { - name = "type"; - number_value = 1; - } - ]; - }; - - # "_1337x" = { - # enable = true; - - # app_profile_id = 1; - # priority = 1; - - # name = "1337x"; - # implementation = "Cardigann"; - # config_contract = "CardigannSettings"; - # protocol = "torrent"; - # tags = [1]; - - # fields = [ - # { - # name = "definitionFile"; - # text_value = "1337x"; - # } - # { - # name = "baseSettings.limitsUnit"; - # number_value = 0; - # } - # { - # name = "torrentBaseSettings.preferMagnetUrl"; - # bool_value = false; - # } - # { - # name = "disablesort"; - # bool_value = false; - # } - # { - # name = "sort"; - # number_value = 2; - # } - # { - # name = "type"; - # number_value = 1; - # } - # ]; - # }; - - # "nzbgeek" = { - # enable = true; - - # app_profile_id = 2; - # priority = 1; - - # name = "NZBgeek"; - # implementation = "Newznab"; - # config_contract = "NewznabSettings"; - # protocol = "usenet"; - - # fields = [ - # { - # name = "baseUrl"; - # text_value = "https://api.nzbgeek.info"; - # } - # { - # name = "apiPath"; - # text_value = "/api"; - # } - # { - # name = "apiKey"; - # text_value = "__TODO_API_KEY_SECRET__"; - # } - # { - # name = "baseSettings.limitsUnit"; - # number_value = 5; - # } - # ]; - # }; - }; - } - ] - |> lib'.mkMerge - )); + resource = { + "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( + rootFolders + |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) + |> lib.listToAttrs + ); + }; }; }) ]; @@ -434,7 +204,7 @@ in { cp -f ${terraformConfiguration} config.tf.json # Initialize OpenTofu - ${lib.getExe pkgs.opentofu} init + ${lib.getExe pkgs.opentofu} init -upgrade # Run the infrastructure code ${lib.getExe pkgs.opentofu} \ @@ -443,7 +213,7 @@ in { then "plan" else "apply -auto-approve" } \ - -var-file='${config.sops.templates."servarr/config.tfvars".path}' + -var-file='${config.sops.templates."${service}/config.tfvars".path}' ''; serviceConfig = { @@ -471,11 +241,6 @@ in { }; groups.${service} = {}; })) - |> lib.concat [ - { - groups.media = {}; - } - ] |> lib.mkMerge; sops = @@ -496,57 +261,17 @@ in { ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}" ''; }; + + "${service}/config.tfvars" = { + owner = service; + group = "media"; + restartUnits = ["${service}.service"]; + content = '' + api_key = "${config.sops.placeholder."${service}/apikey"}" + ''; + }; }; })) - |> lib.concat [ - { - secrets = { - "qbittorrent/password" = {}; - "qbittorrent/password_hash" = { - owner = "qbittorrent"; - group = "media"; - }; - "sabnzbd/apikey" = {}; - "sabnzbd/nzbkey" = {}; - "sabnzbd/sunnyweb/username" = {}; - "sabnzbd/sunnyweb/password" = {}; - }; - - templates = { - "servarr/config.tfvars" = { - owner = "media"; - group = "media"; - mode = "0440"; - restartUnits = cfg |> lib.attrNames |> lib.map (s: "${s}.service"); - content = '' - ${ - cfg - |> lib.attrNames - |> lib.map (s: "${s}_api_key = \"${config.sops.placeholder."${s}/apikey"}\"") - |> lib.join "\n" - } - qbittorrent_api_key = "${config.sops.placeholder."qbittorrent/password"}" - sabnzbd_api_key = "${config.sops.placeholder."sabnzbd/apikey"}" - ''; - }; - "sabnzbd/config.ini" = { - owner = "sabnzbd"; - group = "media"; - mode = "0660"; - content = '' - [misc] - api_key = ${config.sops.placeholder."sabnzbd/apikey"} - nzb_key = ${config.sops.placeholder."sabnzbd/nzbkey"} - - [servers] - [[news.sunnyusenet.com]] - username = ${config.sops.placeholder."sabnzbd/sunnyweb/username"} - password = ${config.sops.placeholder."sabnzbd/sunnyweb/password"} - ''; - }; - }; - } - ] |> lib.mkMerge; }; } diff --git a/modules/nixos/services/media/servarr/lib.nix b/modules/nixos/services/media/servarr/lib.nix deleted file mode 100644 index 8ee412b..0000000 --- a/modules/nixos/services/media/servarr/lib.nix +++ /dev/null @@ -1,2 +0,0 @@ -{lib, ...}: { -} diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix deleted file mode 100644 index f17c737..0000000 --- a/modules/nixos/services/networking/caddy/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - config, - pkgs, - lib, - namespace, - ... -}: let - inherit (builtins) length; - inherit (lib) mkIf mkEnableOption mkOption types attrNames mapAttrs; - - cfg = config.${namespace}.services.networking.caddy; - hasHosts = (cfg.hosts |> attrNames |> length) > 0; -in { - options.${namespace}.services.networking.caddy = { - enable = mkEnableOption "enable caddy" // {default = true;}; - - hosts = mkOption { - type = types.attrsOf types.str; - }; - - extraConfig = mkOption { - type = types.str; - }; - }; - - config = mkIf hasHosts { - services.caddy = { - enable = cfg.enable; - - package = pkgs.caddy.withPlugins { - plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; - hash = "sha256-AdL/LFKXbWmCsJ/xZWZmYBnw57c7sS6s1miR3sSx1Ow="; - }; - - virtualHosts = - cfg.hosts - |> mapAttrs (host: extraConfig: {inherit extraConfig;}); - }; - }; -} diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index e2040d4..6503493 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -1,10 +1,5 @@ -{ - pkgs, - config, - lib, - namespace, - ... -}: let +{ pkgs, config, lib, namespace, ... }: +let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; @@ -12,7 +7,8 @@ db_user = "grafana"; db_name = "grafana"; -in { +in +{ options.${namespace}.services.observability.grafana = { enable = mkEnableOption "enable Grafana"; }; @@ -30,10 +26,6 @@ in { domain = "ulmo"; }; - security = { - secret_key = "$__file{${config.sops.secrets."grafana/secret_key".path}}"; - }; - auth = { disable_login_form = false; oauth_auto_login = true; @@ -43,8 +35,8 @@ in { "auth.generic_oauth" = { enable = true; name = "Zitadel"; - client_id = "$__file{${config.sops.secrets."grafana/oidc_id".path}}"; - client_secret = "$__file{${config.sops.secrets."grafana/oidc_secret".path}}"; + client_id = "334170712283611395"; + client_secret = "AFjypmURdladmQn1gz2Ke0Ta5LQXapnuKkALVZ43riCL4qWicgV2Z6RlwpoWBZg1"; scopes = "openid email profile offline_access urn:zitadel:iam:org:project:roles"; email_attribute_path = "email"; login_attribute_path = "username"; @@ -72,7 +64,7 @@ in { allow_sign_up = false; allow_org_create = false; viewers_can_edit = false; - + default_theme = "system"; }; @@ -123,7 +115,7 @@ in { postgresql = { enable = true; - ensureDatabases = [db_name]; + ensureDatabases = [ db_name ]; ensureUsers = [ { name = db_user; @@ -134,22 +126,5 @@ in { }; environment.etc."/grafana/dashboards/default.json".source = ./dashboards/default.json; - - sops = { - secrets = { - "grafana/secret_key" = { - owner = "grafana"; - group = "grafana"; - }; - "grafana/oidc_id" = { - owner = "grafana"; - group = "grafana"; - }; - "grafana/oidc_secret" = { - owner = "grafana"; - group = "grafana"; - }; - }; - }; }; } diff --git a/modules/nixos/services/persistance/convex/default.nix b/modules/nixos/services/persistance/convex/default.nix new file mode 100644 index 0000000..3e01c59 --- /dev/null +++ b/modules/nixos/services/persistance/convex/default.nix @@ -0,0 +1,21 @@ +{ config, pkgs, lib, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.services.persistance.convex; +in +{ + imports = [ ./source.nix ]; + + options.${namespace}.services.persistance.convex = { + enable = mkEnableOption "enable Convex"; + }; + + config = mkIf cfg.enable { + services.convex = { + enable = true; + package = pkgs.${namespace}.convex; + secret = "ThisIsMyAwesomeSecret"; + }; + }; +} diff --git a/modules/nixos/services/persistance/convex/source.nix b/modules/nixos/services/persistance/convex/source.nix new file mode 100644 index 0000000..c56e3ab --- /dev/null +++ b/modules/nixos/services/persistance/convex/source.nix @@ -0,0 +1,149 @@ +{ config, pkgs, lib, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption mkPackageOption mkOption optional types; + + cfg = config.services.convex; + + default_user = "convex"; + default_group = "convex"; +in +{ + options.services.convex = { + enable = mkEnableOption "enable Convex (backend only for now)"; + + package = mkPackageOption pkgs "convex" {}; + + name = lib.mkOption { + type = types.str; + default = "convex"; + description = '' + Name for the instance. + ''; + }; + + secret = lib.mkOption { + type = types.str; + default = ""; + description = '' + Secret for the instance. + ''; + }; + + apiPort = mkOption { + type = types.port; + default = 3210; + description = '' + The TCP port to use for the API. + ''; + }; + + actionsPort = mkOption { + type = types.port; + default = 3211; + description = '' + The TCP port to use for the HTTP actions. + ''; + }; + + dashboardPort = mkOption { + type = types.port; + default = 6791; + description = '' + The TCP port to use for the Dashboard. + ''; + }; + + openFirewall = lib.mkOption { + type = types.bool; + default = false; + description = '' + Whether to open ports in the firewall for the server. + ''; + }; + + user = lib.mkOption { + type = types.str; + default = default_user; + description = '' + As which user to run the service. + ''; + }; + + group = lib.mkOption { + type = types.str; + default = default_group; + description = '' + As which group to run the service. + ''; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.secret != ""; + message = '' + No secret provided for convex + ''; + } + ]; + + users = { + users.${cfg.user} = { + description = "System user for convex service"; + isSystemUser = true; + group = cfg.group; + }; + + groups.${cfg.group} = {}; + }; + + networking.firewall.allowedTCPPorts = optional cfg.openFirewall [ cfg.apiPort cfg.actionsPort cfg.dashboardPort ]; + + environment.systemPackages = [ cfg.package ]; + + systemd.services.convex = { + description = "Convex Backend server"; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${cfg.package}/bin --instance-name ${cfg.name} --instance-secret ${cfg.secret}"; + Type = "notify"; + + User = cfg.user; + Group = cfg.group; + + RuntimeDirectory = "convex"; + RuntimeDirectoryMode = "0775"; + StateDirectory = "convex"; + StateDirectoryMode = "0775"; + Umask = "0077"; + + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + + # Sandboxing + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + ]; + RestrictNamespaces = true; + LockPersonality = true; + }; + }; + }; +} diff --git a/modules/nixos/services/persistance/postgesql/default.nix b/modules/nixos/services/persistance/postgesql/default.nix index 403c07c..dbd6604 100644 --- a/modules/nixos/services/persistance/postgesql/default.nix +++ b/modules/nixos/services/persistance/postgesql/default.nix @@ -1,19 +1,14 @@ -{ - config, - lib, - pkgs, - namespace, - ... -}: let +{ config, lib, pkgs, namespace, ... }: +let inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.services.persistance.postgresql; -in { +in +{ options.${namespace}.services.persistance.postgresql = { enable = mkEnableOption "Postgresql"; }; - # Access db with `psql -U postgres` config = mkIf cfg.enable { services = { postgresql = { diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden/default.nix index 7dce380..07f7058 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden/default.nix @@ -91,22 +91,6 @@ in { }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy.hosts = { - "vault.kruining.eu" = '' - encode zstd gzip - - handle_path /admin { - respond 401 { - close - } - } - - reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} { - header_up X-Real-IP {remote_host} - } - ''; - }; - systemd.tmpfiles.rules = [ "d '/var/lib/vaultwarden' 0700 vaultwarden vaultwarden - -" ]; @@ -166,6 +150,25 @@ in { } ]; }; + + caddy = { + enable = true; + virtualHosts = { + "vault.kruining.eu".extraConfig = '' + encode zstd gzip + + handle_path /admin { + respond 401 { + close + } + } + + reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} { + header_up X-Real-IP {remote_host} + } + ''; + }; + }; }; sops = { diff --git a/packages/convex/default.nix b/packages/convex/default.nix new file mode 100644 index 0000000..9dab056 --- /dev/null +++ b/packages/convex/default.nix @@ -0,0 +1,59 @@ +{ + lib, + stdenv, + rustPlatform, + fetchFromGitHub, + + # dependencies + openssl, + pkg-config, + cmake, + llvmPackages, + postgresql, + sqlite, + + #options + dbBackend ? "postgresql", + + ... +}: +rustPlatform.buildRustPackage rec { + pname = "convex"; + version = "2025-08-20-c9b561e"; + + src = fetchFromGitHub { + owner = "get-convex"; + repo = "convex-backend"; + rev = "c9b561e1b365c85ef28af35d742cb7dd174b5555"; + hash = "sha256-4h4AQt+rQ+nTw6eTbbB5vqFt9MFjKYw3Z7bGXdXijJ0="; + }; + + cargoHash = "sha256-pcDNWGrk9D0qcF479QAglPLFDZp27f8RueP5/lq9jho="; + + cargoBuildFlags = [ + "-p" "local_backend" + "--bin" "convex-local-backend" + ]; + + env = { + LIBCLANG_PATH = "${llvmPackages.libclang}/lib"; + }; + + strictDeps = true; + + # Build-time dependencies + nativeBuildInputs = [ pkg-config cmake rustPlatform.bindgenHook ]; + + # Run-time dependencies + buildInputs = + [ openssl ] + ++ lib.optional (dbBackend == "sqlite") sqlite + ++ lib.optional (dbBackend == "postgresql") postgresql; + + buildFeatures = ""; + + meta = with lib; { + license = licenses.fsl11Asl20; + mainProgram = "convex"; + }; +} \ No newline at end of file diff --git a/packages/studio/default.nix b/packages/studio/default.nix index 1e6b457..e3061d4 100644 --- a/packages/studio/default.nix +++ b/packages/studio/default.nix @@ -1,109 +1,102 @@ -{ - pkgs, - inputs, -}: let +{ pkgs, inputs }: let inherit (builtins) fetchurl; - inherit (pkgs) makeDesktopItem copyDesktopItems wineWow64Packages; + inherit (pkgs) makeDesktopItem copyDesktopItems wineWowPackages; inherit (inputs.erosanix.lib.x86_64-linux) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons; - wine = wineWow64Packages.base; -in - mkWindowsAppNoCC rec { - inherit wine; + wine = wineWowPackages.base; +in mkWindowsAppNoCC rec { + inherit wine; - pname = "studio"; - version = "2.25.4"; + pname = "studio"; + version = "2.25.4"; - src = fetchurl { - url = "https://studio.download.bricklink.info/Studio2.0+EarlyAccess/Archive/2.25.12_1/Studio+2.0+EarlyAccess.exe"; - sha256 = "sha256:1xl3zvzkzr64zphk7rnpfx3whhbaykzw06m3nd5dc12r2p4sdh3v"; - }; + src = fetchurl { + url = "https://studio.download.bricklink.info/Studio2.0+EarlyAccess/Archive/2.25.4_1/Studio+2.0+EarlyAccess.exe"; + sha256 = "sha256:1gw6pyvfr7zr42g21hqgiwkjs88nvhq2c2v40y21frvwv17hja92"; + }; - enableMonoBootPrompt = false; - dontUnpack = true; + enableMonoBootPrompt = false; + dontUnpack = true; - wineArch = "win64"; - enableInstallNotification = true; + wineArch = "win64"; + enableInstallNotification = true; - fileMap = { - "$HOME/.config/${pname}/Stud.io" = "drive_c/users/$USER/AppData/Local/Stud.io"; - "$HOME/.config/${pname}/Bricklink" = "drive_c/users/$USER/AppData/LocalLow/Bricklink"; - }; + fileMap = { + "$HOME/.config/${pname}/Stud.io" = "drive_c/users/$USER/AppData/Local/Stud.io"; + "$HOME/.config/${pname}/Bricklink" = "drive_c/users/$USER/AppData/LocalLow/Bricklink"; + }; - fileMapDuringAppInstall = false; + fileMapDuringAppInstall = false; - persistRegistry = false; - persistRuntimeLayer = true; - inputHashMethod = "version"; + persistRegistry = false; + persistRuntimeLayer = true; + inputHashMethod = "version"; - # Can be used to precisely select the Direct3D implementation. - # - # | enableVulkan | rendererOverride | Direct3D implementation | - # |--------------|------------------|-------------------------| - # | false | null | OpenGL | - # | true | null | Vulkan (DXVK) | - # | * | dxvk-vulkan | Vulkan (DXVK) | - # | * | wine-opengl | OpenGL | - # | * | wine-vulkan | Vulkan (VKD3D) | - enableVulkan = false; - rendererOverride = null; + # Can be used to precisely select the Direct3D implementation. + # + # | enableVulkan | rendererOverride | Direct3D implementation | + # |--------------|------------------|-------------------------| + # | false | null | OpenGL | + # | true | null | Vulkan (DXVK) | + # | * | dxvk-vulkan | Vulkan (DXVK) | + # | * | wine-opengl | OpenGL | + # | * | wine-vulkan | Vulkan (VKD3D) | + enableVulkan = false; + rendererOverride = null; - enableHUD = false; + enableHUD = false; - enabledWineSymlinks = {}; - graphicsDriver = "auto"; - inhibitIdle = false; + enabledWineSymlinks = { }; + graphicsDriver = "auto"; + inhibitIdle = false; - nativeBuildInputs = [copyDesktopIcons copyDesktopItems]; + nativeBuildInputs = [ copyDesktopIcons copyDesktopItems ]; - winAppInstall = '' - wine64 ${src} + winAppInstall = '' + wine64 ${src} - wineserver -W - wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f - ''; + wineserver -W + wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f + ''; - winAppPreRun = '' - wineserver -W - wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f - ''; + winAppPreRun = ''''; - winAppRun = '' - wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS" - ''; + winAppRun = '' + wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS" + ''; - winAppPostRun = ""; - installPhase = '' - runHook preInstall + winAppPostRun = ""; + installPhase = '' + runHook preInstall - ln -s $out/bin/.launcher $out/bin/${pname} + ln -s $out/bin/.launcher $out/bin/${pname} - runHook postInstall - ''; + runHook postInstall + ''; - desktopItems = [ - (makeDesktopItem { - mimeTypes = []; + desktopItems = [ + (makeDesktopItem { + mimeTypes = []; - name = pname; - exec = pname; - icon = pname; - desktopName = "Bricklink studio"; - genericName = "Lego creation app"; - categories = []; - }) - ]; - - desktopIcon = makeDesktopIcon { name = pname; - src = ./studio.png; - }; + exec = pname; + icon = pname; + desktopName = "Bricklink studio"; + genericName = "Lego creation app"; + categories = []; + }) + ]; - meta = { - description = "App for creating lego builds"; - homepage = "https://www.bricklink.com/v3/studio/main.page"; - license = ""; - maintainers = []; - platforms = ["x86_64-linux"]; - }; - } + desktopIcon = makeDesktopIcon { + name = pname; + src = ./studio.png; + }; + + meta = { + description = "App for creating lego builds"; + homepage = "https://www.bricklink.com/v3/studio/main.page"; + license = ""; + maintainers = []; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/sabnzbd.ini b/sabnzbd.ini deleted file mode 100644 index fd60f57..0000000 --- a/sabnzbd.ini +++ /dev/null @@ -1,395 +0,0 @@ -__version__ = 19 -__encoding__ = utf-8 -[misc] -helpful_warnings = 1 -queue_complete = hibernate_pc -queue_complete_pers = 0 -bandwidth_perc = 100 -refresh_rate = 1 -interface_settings = '{"dateFormat":"YYYY-MM-DD HH:mm","extraQueueColumns":[],"extraHistoryColumns":[],"displayCompact":false,"displayFullWidth":false,"confirmDeleteQueue":true,"confirmDeleteHistory":true,"keyboardShortcuts":true}' -queue_limit = 20 -config_lock = 0 -fixed_ports = 1 -notified_new_skin = 2 -direct_unpack_tested = 1 -sorters_converted = 1 -check_new_rel = 1 -auto_browser = 0 -language = en -enable_https_verification = 0 -host = 0.0.0.0 -port = 8080 -https_port = "" -username = "" -password = "" -bandwidth_max = "" -cache_limit = 1G -web_dir = Glitter -web_color = Auto -https_cert = server.cert -https_key = server.key -https_chain = "" -enable_https = 0 -inet_exposure = 0 -api_key = 0052eba0db9d4b4f93a8a96f0cb85198 -nzb_key = 171ebeb3e0044c379dc7719bef6b3144 -socks5_proxy_url = "" -permissions = "" -download_dir = /var/media/downloads/incomplete -download_free = "" -complete_dir = /var/media/downloads/done -complete_free = "" -fulldisk_autoresume = 0 -script_dir = "" -nzb_backup_dir = "" -admin_dir = admin -backup_dir = "" -dirscan_dir = "" -dirscan_speed = 5 -password_file = "" -log_dir = logs -max_art_tries = 3 -top_only = 0 -sfv_check = 1 -script_can_fail = 0 -enable_recursive = 1 -flat_unpack = 0 -par_option = "" -pre_check = 0 -nice = "" -win_process_prio = 3 -ionice = "" -fail_hopeless_jobs = 1 -fast_fail = 1 -auto_disconnect = 1 -pre_script = None -end_queue_script = None -no_dupes = 0 -no_series_dupes = 0 -no_smart_dupes = 0 -dupes_propercheck = 1 -pause_on_pwrar = 1 -ignore_samples = 0 -deobfuscate_final_filenames = 1 -auto_sort = "" -direct_unpack = 0 -propagation_delay = 0 -folder_rename = 1 -replace_spaces = 0 -replace_underscores = 0 -replace_dots = 0 -safe_postproc = 1 -pause_on_post_processing = 0 -enable_all_par = 0 -sanitize_safe = 0 -cleanup_list = , -unwanted_extensions = , -action_on_unwanted_extensions = 0 -unwanted_extensions_mode = 0 -new_nzb_on_failure = 0 -history_retention = "" -history_retention_option = all -history_retention_number = 1 -quota_size = "" -quota_day = "" -quota_resume = 0 -quota_period = m -enable_tv_sorting = 0 -tv_sort_string = "" -tv_categories = tv, -enable_movie_sorting = 0 -movie_sort_string = "" -movie_sort_extra = -cd%1 -movie_categories = movies, -enable_date_sorting = 0 -date_sort_string = "" -date_categories = tv, -schedlines = , -rss_rate = 60 -ampm = 0 -start_paused = 0 -preserve_paused_state = 0 -enable_par_cleanup = 1 -process_unpacked_par2 = 1 -enable_multipar = 1 -enable_unrar = 1 -enable_7zip = 1 -enable_filejoin = 1 -enable_tsjoin = 1 -overwrite_files = 0 -ignore_unrar_dates = 0 -backup_for_duplicates = 0 -empty_postproc = 0 -wait_for_dfolder = 0 -rss_filenames = 0 -api_logging = 1 -html_login = 1 -warn_dupl_jobs = 0 -keep_awake = 1 -tray_icon = 1 -allow_incomplete_nzb = 0 -enable_broadcast = 1 -ipv6_hosting = 0 -ipv6_staging = 0 -api_warnings = 1 -no_penalties = 0 -x_frame_options = 1 -allow_old_ssl_tls = 0 -enable_season_sorting = 1 -verify_xff_header = 0 -rss_odd_titles = nzbindex.nl/, nzbindex.com/, nzbclub.com/ -quick_check_ext_ignore = nfo, sfv, srr -req_completion_rate = 100.2 -selftest_host = self-test.sabnzbd.org -movie_rename_limit = 100M -episode_rename_limit = 20M -size_limit = 0 -direct_unpack_threads = 3 -history_limit = 5 -wait_ext_drive = 5 -max_foldername_length = 246 -nomedia_marker = "" -ipv6_servers = 1 -url_base = /sabnzbd -host_whitelist = usenet.kruining.eu, ulmo -local_ranges = , -max_url_retries = 10 -downloader_sleep_time = 10 -receive_threads = 2 -switchinterval = 0.005 -ssdp_broadcast_interval = 15 -ext_rename_ignore = , -email_server = "" -email_to = , -email_from = "" -email_account = "" -email_pwd = "" -email_endjob = 0 -email_full = 0 -email_dir = "" -email_rss = 0 -email_cats = *, -config_conversion_version = 4 -disable_par2cmdline = 0 -disable_archive = 0 -unrar_parameters = "" -outgoing_nntp_ip = "" -[logging] -log_level = 1 -max_log_size = 5242880 -log_backups = 5 -[ncenter] -ncenter_enable = 0 -ncenter_cats = *, -ncenter_prio_startup = 0 -ncenter_prio_download = 0 -ncenter_prio_pause_resume = 0 -ncenter_prio_pp = 0 -ncenter_prio_complete = 1 -ncenter_prio_failed = 1 -ncenter_prio_disk_full = 1 -ncenter_prio_new_login = 0 -ncenter_prio_warning = 0 -ncenter_prio_error = 0 -ncenter_prio_queue_done = 0 -ncenter_prio_other = 1 -ncenter_prio_quota = 1 -[acenter] -acenter_enable = 0 -acenter_cats = *, -acenter_prio_startup = 0 -acenter_prio_download = 0 -acenter_prio_pause_resume = 0 -acenter_prio_pp = 0 -acenter_prio_complete = 1 -acenter_prio_failed = 1 -acenter_prio_disk_full = 1 -acenter_prio_new_login = 0 -acenter_prio_warning = 0 -acenter_prio_error = 0 -acenter_prio_queue_done = 0 -acenter_prio_other = 1 -acenter_prio_quota = 1 -[ntfosd] -ntfosd_enable = 1 -ntfosd_cats = *, -ntfosd_prio_startup = 0 -ntfosd_prio_download = 0 -ntfosd_prio_pause_resume = 0 -ntfosd_prio_pp = 0 -ntfosd_prio_complete = 1 -ntfosd_prio_failed = 1 -ntfosd_prio_disk_full = 1 -ntfosd_prio_new_login = 0 -ntfosd_prio_warning = 0 -ntfosd_prio_error = 0 -ntfosd_prio_queue_done = 0 -ntfosd_prio_other = 1 -ntfosd_prio_quota = 1 -[prowl] -prowl_enable = 0 -prowl_cats = *, -prowl_apikey = "" -prowl_prio_startup = -3 -prowl_prio_download = -3 -prowl_prio_pause_resume = -3 -prowl_prio_pp = -3 -prowl_prio_complete = 0 -prowl_prio_failed = 1 -prowl_prio_disk_full = 1 -prowl_prio_new_login = -3 -prowl_prio_warning = -3 -prowl_prio_error = -3 -prowl_prio_queue_done = -3 -prowl_prio_other = 0 -prowl_prio_quota = 0 -[pushover] -pushover_token = "" -pushover_userkey = "" -pushover_device = "" -pushover_emergency_expire = 3600 -pushover_emergency_retry = 60 -pushover_enable = 0 -pushover_cats = *, -pushover_prio_startup = -3 -pushover_prio_download = -2 -pushover_prio_pause_resume = -2 -pushover_prio_pp = -3 -pushover_prio_complete = -1 -pushover_prio_failed = -1 -pushover_prio_disk_full = 1 -pushover_prio_new_login = -3 -pushover_prio_warning = 1 -pushover_prio_error = 1 -pushover_prio_queue_done = -3 -pushover_prio_other = -1 -pushover_prio_quota = -1 -[pushbullet] -pushbullet_enable = 0 -pushbullet_cats = *, -pushbullet_apikey = "" -pushbullet_device = "" -pushbullet_prio_startup = 0 -pushbullet_prio_download = 0 -pushbullet_prio_pause_resume = 0 -pushbullet_prio_pp = 0 -pushbullet_prio_complete = 1 -pushbullet_prio_failed = 1 -pushbullet_prio_disk_full = 1 -pushbullet_prio_new_login = 0 -pushbullet_prio_warning = 0 -pushbullet_prio_error = 0 -pushbullet_prio_queue_done = 0 -pushbullet_prio_other = 1 -pushbullet_prio_quota = 1 -[apprise] -apprise_enable = 0 -apprise_cats = *, -apprise_urls = "" -apprise_target_startup = "" -apprise_target_startup_enable = 0 -apprise_target_download = "" -apprise_target_download_enable = 0 -apprise_target_pause_resume = "" -apprise_target_pause_resume_enable = 0 -apprise_target_pp = "" -apprise_target_pp_enable = 0 -apprise_target_complete = "" -apprise_target_complete_enable = 1 -apprise_target_failed = "" -apprise_target_failed_enable = 1 -apprise_target_disk_full = "" -apprise_target_disk_full_enable = 0 -apprise_target_new_login = "" -apprise_target_new_login_enable = 1 -apprise_target_warning = "" -apprise_target_warning_enable = 0 -apprise_target_error = "" -apprise_target_error_enable = 0 -apprise_target_queue_done = "" -apprise_target_queue_done_enable = 0 -apprise_target_other = "" -apprise_target_other_enable = 1 -apprise_target_quota = "" -apprise_target_quota_enable = 1 -[nscript] -nscript_enable = 0 -nscript_cats = *, -nscript_script = "" -nscript_parameters = "" -nscript_prio_startup = 0 -nscript_prio_download = 0 -nscript_prio_pause_resume = 0 -nscript_prio_pp = 0 -nscript_prio_complete = 1 -nscript_prio_failed = 1 -nscript_prio_disk_full = 1 -nscript_prio_new_login = 0 -nscript_prio_warning = 0 -nscript_prio_error = 0 -nscript_prio_queue_done = 0 -nscript_prio_other = 1 -nscript_prio_quota = 1 -[categories] -[[*]] -name = * -order = 0 -pp = 3 -script = None -dir = "" -newzbin = "" -priority = 0 -[[movies]] -name = movies -order = 1 -pp = "" -script = Default -dir = "" -newzbin = "" -priority = -100 -[[tv]] -name = tv -order = 2 -pp = "" -script = Default -dir = "" -newzbin = "" -priority = -100 -[[audio]] -name = audio -order = 3 -pp = "" -script = Default -dir = "" -newzbin = "" -priority = -100 -[[software]] -name = software -order = 4 -pp = "" -script = Default -dir = "" -newzbin = "" -priority = -100 -[servers] -[[news.sunnyusenet.com]] -name = news.sunnyusenet.com -displayname = news.sunnyusenet.com -host = news.sunnyusenet.com -port = 563 -timeout = 60 -username = michiel@hazelhof.nl -password = dasusenet -connections = 8 -ssl = 1 -ssl_verify = 3 -ssl_ciphers = "" -enable = 1 -required = 0 -optional = 0 -retention = 0 -expire_date = "" -quota = "" -usage_at_start = 0 -priority = 1 -notes = "" diff --git a/script/qbittorrent/hash.py b/script/qbittorrent/hash.py deleted file mode 100644 index a92343f..0000000 --- a/script/qbittorrent/hash.py +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/bash - -import base64 -import hashlib -import sys -import uuid - -password = sys.argv[1] -salt = uuid.uuid4() -salt_bytes = salt.bytes - -password = str.encode(password) -hashed_password = hashlib.pbkdf2_hmac("sha512", password, salt_bytes, 100000, dklen=64) -b64_salt = base64.b64encode(salt_bytes).decode("utf-8") -b64_password = base64.b64encode(hashed_password).decode("utf-8") -password_string = "@ByteArray({salt}:{password})".format( - salt=b64_salt, password=b64_password -) -print(password_string) diff --git a/script/qbittorrent/password b/script/qbittorrent/password deleted file mode 100644 index 85fc69f..0000000 --- a/script/qbittorrent/password +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -pwgen -s 128 1 diff --git a/script/qbittorrent/password_hash b/script/qbittorrent/password_hash deleted file mode 100644 index 86ba315..0000000 --- a/script/qbittorrent/password_hash +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -python ./hash.py "$(just vars get ulmo qbittorrent/password | jq -r)" diff --git a/shells/default/default.nix b/shells/default/default.nix index ed12b5c..5bd5b5f 100644 --- a/shells/default/default.nix +++ b/shells/default/default.nix @@ -17,6 +17,5 @@ mkShell { nixd openssl inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli - nix-output-monitor ]; } diff --git a/systems/x86_64-linux/aule/secrets.yml b/systems/x86_64-linux/aule/secrets.yml deleted file mode 100644 index 7069c7b..0000000 --- a/systems/x86_64-linux/aule/secrets.yml +++ /dev/null @@ -1,33 +0,0 @@ -sops: - age: - - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZMC9nRjVFWnZlMHJJK0Nl - dWFTR0FCUGNBYXIrUHlIUUphZll2QU9IOEZrCitFS3JvK3hYYmpEZ05aRStpdUd1 - L3JjNDl1Z2hQQ3FuNUZNM1hCRUtQUG8KLS0tIEg4VVEvVjZYN3JHSXljQW1xS3E4 - eVpyM1lSWExndlZhMkw2Vis4dVhjSVUKbk+z1h3Hb1A6SEbZ3g5vYui/FfkMyfxx - Zm67JenYittHvQggTIErAgJatTocfVB6Zy4FqJtPCOevTVrRTRkwAg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtOGJXWi9vUzdFbkx2NmVa - YnhITlNMc1RRRXoyOFNPN1B4VWQ5ZDUwNDFBCnVmdDFyUnptekxhOUlwdVcyRjFI - cHRSRkoyWnFVUDJMcXpVcmM5bjRKMkkKLS0tIDROWXR1UFFUa0NxcUtkdEwxQ2Vl - OW50OE9RMWpyT1AvS0QzZ3JVNDViYlkK77H0Uq3eRy0CHgH4bhdo7FVEJpKeR/DB - KZonll74qqsyW4n+hIbIybjaqtF3RBN4kj5ARuIGFmH8sAl6jSyHXA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZOURoRmk4QldEZExTRDYx - cXluYkg4OUFUNDNrQUNiNWRwKzhEQkdaemxzCnM3b25GYm5TM3NuNnBsVWRmQzNL - bTRabmx2UzBkN1dadlhwajN5RDIxVW8KLS0tIDhSQ1o4RGZBdlVHaHRKQWFyazU0 - N0lnMjMvREpmNWZvTUdiT0tjMk4vTk0KmIN1a3gjmFzaEwJBu41sw5Z61UgiO5fc - /pkS22BeVonuB12SmJX+77A1CxFz1EwM8HSShFKlpN2hPCJFJL7Nng== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-25T07:59:24Z" - mac: ENC[AES256_GCM,data:64AkqWb97nUciWtOOHP/SZhUeo/5ahxa0cN14ILw/jmToFkn8uDrSfY8/ibqBB0mmfhwGzcnI/5QpCLVzCSgG1J68bdPeSsYTZPwy2/0S0ven+GeqYHMfJ2Q1eJE7TONyOEvSdYdUWG+ff5t0qhSet9F2BgFnMSKcNeAaxIY6KU=,iv:aMQXbKk8oKSLBHIZyJLJahu5HHEMysmhcgfpDdZG+Ak=,tag:hqBVXis8MdqRorxttYeQaw==,type:str] - unencrypted_suffix: _unencrypted - version: 3.11.0 diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix index 179e410..c2d9978 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/systems/x86_64-linux/manwe/default.nix @@ -1,4 +1,5 @@ -{ pkgs, ...}: { +{ ... }: +{ imports = [ ./disks.nix ./hardware.nix @@ -6,10 +7,6 @@ system.activationScripts.remove-gtkrc.text = "rm -f /home/chris/.gtkrc-2.0"; - services.logrotate.checkConfig = false; - - environment.systemPackages = with pkgs; [ beyond-all-reason ]; - sneeuwvlok = { hardware.has = { gpu.amd = true; @@ -33,6 +30,7 @@ }; }; + services.displayManager.autoLogin = { enable = true; user = "chris"; diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 43a5760..e8602b5 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -27,30 +27,16 @@ }; }; - # virtualisation = { - # containers.enable = true; - # podman = { - # enable = true; - # dockerCompat = true; - # }; + # Expose amarht cloud stuff like this until I have a proper solution + services.caddy.virtualHosts = { + "auth.amarth.cloud".extraConfig = '' + reverse_proxy http://192.168.1.223:9092 + ''; - # oci-containers = { - # backend = "podman"; - # containers = { - # homey = { - # image = "ghcr.io/athombv/homey-shs:latest"; - # autoStart = true; - # privileged = true; - # volumes = [ - # "/home/chris/.homey-shs:/homey/user" - # ]; - # ports = [ - # "4859:4859" - # ]; - # }; - # }; - # }; - # }; + "amarth.cloud".extraConfig = '' + reverse_proxy http://192.168.1.223:8080 + ''; + }; sneeuwvlok = { services = { @@ -132,26 +118,6 @@ grantTypes = ["authorizationCode"]; responseTypes = ["code"]; }; - - grafana = { - redirectUris = ["http://localhost:9001/login/generic_oauth"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - }; - }; - - convex = { - projectRoleCheck = true; - projectRoleAssertion = true; - hasProjectCheck = true; - - application = { - scry = { - redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; }; }; }; @@ -193,22 +159,11 @@ development.forgejo.enable = true; networking.ssh.enable = true; - networking.caddy.hosts = { - # Expose amarht cloud stuff like this until I have a proper solution - "auth.amarth.cloud" = '' - reverse_proxy http://192.168.1.223:9092 - ''; - - "amarth.cloud" = '' - reverse_proxy http://192.168.1.223:8080 - ''; - }; media.enable = true; media.glance.enable = true; media.mydia.enable = true; media.nfs.enable = true; - media.jellyfin.enable = true; media.servarr = { radarr = { enable = true; @@ -238,7 +193,7 @@ prowlarr = { enable = true; - # debug = true; + debug = true; port = 2004; }; }; @@ -251,6 +206,8 @@ # uptime-kuma.enable = true; }; + persistance.convex.enable = true; + security.vaultwarden = { enable = true; database = { diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 005042c..086d86d 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -4,12 +4,13 @@ email: zitadel: masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str] nix: {} - users: ENC[AES256_GCM,data:w/2Vdq0EHXaJ5u/aA/reSCtwRHreWm1U1WoJT927xV81zoN0ytoYOwush610caZu8vVXkL4b0hysK77dyWJkdkYpwLY8xG9pLkYlU3lN5E/2tgEjB7Dd7oY7TFTCNuypmIzYh6V74KiHMeA0vlyWUp9lLNt40Ro3MZLT42DyTYjF6YBoUHUp0fS0rKypILJGobJBrwz2YWagXj80IqaaUmmsIcYAaM2u3dQviLlRkIyUxPd1wjFoMc/OMp5Y8A4ZHroCN0wJitGeEEP33GD+MUy58u05pA430AD5Mo4H2V7b3t0qIkOQ8a0BgSVA8UqmrcY/TfikuIZ1kTyCxvD7kmjPq5tG+bhtHt85wgk1XffVO3NDTK7UrltO8R6KolQ5bBgcKgl7YnFTN5qSAT+xrYg8oZaPrGQBTx6eEVETKHKe4oSDkGlAle86lenhF+jm3k2ALmH9X3P/TpAtfRhuU+sUKqhrqQ2Nf4M7LfBtd7lyt2ESqilKokcl51gWCY+1B75dCEIdb/BPmpwzJBGFOI2nZqhxFnVa8TyMpT7C2TxK7rCBPDt5NnNvWYc4+8sRXHBz7s2R5NTk4gaJODlo3HvyL0MV,iv:XlO48HKJWRgwsozmgXstfirwb5CUY+ywelbgLlcx/n4=,tag:GuQMkL2mpNkTJIep79x0zw==,type:str] + users: ENC[AES256_GCM,data:xkjm0+PBt6gmZyfi3n3OIEe5b+d4OtN0Y3UfmdcbcJHbJZuiz+60oUjlAN0vjtsi0muufoAqtGJTIpm9nDZzzN7b7LK43TAhcuSlIm5LpbZFp1U3H4laRbTwauAT6wA0aDCfAkwTozxAuEUk1jAu+65ktJNJb7b0PR7s/I/wf7IgW2+K4Jv3LIOZIipUwfuvXuTzsxCElYRvGZXmIuXrYq1EaymksHHggemrKeMWLAae7mzz5v3aBbwxiVjQNkQkS4ApsO/5nZUat0oqXA==,iv:fptZn4NmX3iYKSEPLJAOFpt+KQ6TR1w9KaY9IF4p/Wk=,tag:UKvMOSIT5/mhfZA3usbLhQ==,type:str] forgejo: action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str] synapse: oidc_id: ENC[AES256_GCM,data:XbCpyGq0LeRJWq8dv/5Dipvp,iv:YDhgl26z1NBbIQLoLdGVz0+ze6o1ZcmgVHPfwoRj57I=,tag:y2vUuqnDmtTvVQmZCAlnLg==,type:str] oidc_secret: ENC[AES256_GCM,data:nVFi5EFbNMZ0mvrDHVYC0NiwJlo2eEw44D+Fcv9SKSb2oO00lGEDkP/oXDj5YgDq6RLQSe3f/SUOn77ntwnZYg==,iv:awe7VNUYOn9ofl1QlQTrEN5d0i5WkVM35qndruL4VXo=,tag:8Yoc9lFF9aWbtAa5fzQGEA==,type:str] +kaas: ENC[AES256_GCM,data:3yI6lH0rw+f2OFJ94Z7zb0pYwy4FDFs9rJi2wpd9VVWghmey5g4O788ypXa34XqKCQDDHDgTxwyDs6KpvCQQaLV1PDhXd4Po0SSlIOkUtCWhOf6Tp3PM2ASoE+AAAzJLJUc6AZdBJRyYU9V+UvO9jW+WmlpZpsg5crnVMzZo7f2AF0ep9A/A5BL1Y2UhYQE4LDVkLC9AL3hl8IhF5xSdZdO0ugrP0x7CKVUxA7fJyOjx7/IKVwvgKD4xlhIgv9lYPTvE2vUs+w==,iv:e6b98ZnBqf7hh3SSKGdTl63OpQm1oK95lHXdwTiLft8=,tag:IS/lDgvJvSd7OmDLP+uG1g==,type:str] radarr: apikey: ENC[AES256_GCM,data:G141GW4PyS5pbAV39HcVscMw3s30txOgTZzWaL7o+ccZfnfDLv796O6xKXdqGZ8saLsveghLw9Z6a5luusHyQ3Q5ESL6W7SVeZVTuSqSC3i/4jl75FJxhnsgVsfrnYxzLGpKiw==,iv:sZl/XLh6y3WgSAn6nH3sFB6atBifZdghm+QsCNDbcjY=,tag:Tw+R80nrF0T0yDti0Uf+ig==,type:str] sonarr: @@ -23,23 +24,9 @@ mydia: oidc_secret: ENC[AES256_GCM,data:PgI4hmP/3wt9uj+1QvCYcT8Wav0hgCRADouzWM3V695SSfXfbwDgez8tA/tm1/1jymAU2F2sZH8G2hZ1cdHyHQ==,iv:h3o3jsTmnoNE3+mGX12J3ZU0/6PlQNjdndEvaj/czj0=,tag:p3+p4E8fBtR7a8UpM8cUsg==,type:str] secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str] guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str] -grafana: - oidc_id: ENC[AES256_GCM,data:NVdIgCQ6nz4BSUDJYCKyILtK,iv:tcljy9PzC/yyd7TSdngyJt+uh60uXi2PKu47czErbaQ=,tag:zE4q3dD4UQaHIpGeZ1L48Q==,type:str] - oidc_secret: ENC[AES256_GCM,data:b7qILK9ZHW2khtM1Hl/KdjCv3Wq6eOo2Ym/cbjcMB8/3Hn2UelpP4K4lFyiV3bn1/GF6Jl5Z7A0EwMybOx0InA==,iv:3HL/7BiyObwT8DmFxzNPI9CdmCH/4j/4oc9x7qBE1k0=,tag:dBhcq1zLKy6N+jp/v42R4A==,type:str] - secret_key: ENC[AES256_GCM,data:u6IRFV1D/4g+eqQIUPW0QHlkoa+MliymThp34k+QCHqQ247er4bCdgftuWsXgPAPY7DtwFVLG7Do5eBqIiii7g==,iv:FY7LIW0O5/Cp2JvYu17ctInt0rgkzjaPHfxZBs0GTac=,tag:Gtu+ZGAgsi5vzILOKDac1g==,type:str] -sabnzbd: - sunnyweb: - password: ENC[AES256_GCM,data:flw8AahqO1Mx,iv:Qhu8iVWMzzqy18y8dj3aHoBnSZatm74/tYvZ456l2sA=,tag:sCYBdw7kD0zJZFFr5EyPIQ==,type:str] - username: ENC[AES256_GCM,data:IboJ8WDWuVNgvrk7c3V8I5S6Xg==,iv:BRohMuQFQz2S+HFasIaok6npT3C5v/SlhAhbLQXfB0s=,tag:M3/u0WBQ3AufHqe4DCtsrA==,type:str] - apikey: ENC[AES256_GCM,data:j5sPXKbBhMdNHOuoTfZ+c8nGu5JameOgK2z428iLdP01Hi6MvHVaN8Zs8YxMoSBtOjdtIEC8MS+3m1S1rU/P4pCRfZpK5ua1DBHq4l0xROUqokFWjDcAmJJv3pYXl0cQxQcGKQ==,iv:v5hu3gmO1Zn1FfXkHLPGN9f7JOcQjzoQahdqJwfM+xY=,tag:uI1LFcTgcyRgAaTJ1kzKow==,type:str] - nzbkey: ENC[AES256_GCM,data:tGFnZ24XNI7U8pVYq45ENSVTeVkkcWfT5/NewqSJ3sm7Bexxml/PFTMBIl+97mWzNMMFklBurX/115P06NHCj1mxEvIjIc1bF4yuYhZFdSTlqRVWaESE/Ei7gke758FCt37N43wADgaKj4i5jizDHJMIbaw8ncP3qBSCy1F4BAU=,iv:RA+3oYGhVLBG+ikHMwBG3t2iN15lGsncdmlkfF6vJhY=,tag:6FNM18KCSzzpIXYDpQfHSg==,type:str] -whisparr: - apikey: ENC[AES256_GCM,data:kIGCsd4mszm90PoQMzlSEBKw9Ow0GvP1qdLtwXYKkAb6b65l89v8lMWJ2X1MyD2gJX+P+Bv1F/2BSjUFXErq/UYnp4dAjwKi/ezGCbhjMutDM1FvwFWEHRnR3gjd9uXPWJ8Xhg==,iv:98aPQlcZHJovpnzACDs6RtKblLnHg6wyi+Er5DAowj8=,tag:Tl8jz/pWYWAtBCfoztKdyw==,type:str] -coturn: - secret: ENC[AES256_GCM,data:5RmLZ7vQIAvIzvax8oNJkImQ6vXR+MZ2eqxaBJCBlccnFC1rP16/6UtausXVf0eWysw+fpMW5yEmUtAdyxQoPiBCK8lziAZBdkekQnAvFouBaWy8WIZt6XRa71P4xDCDGudpMiGwGGNt+R9yylez+azaLrLyJM3481RPohDMoOM=,iv:2P83lgxGtHwYr+ApAdHopVfRWagxWlC+nt53API/SiQ=,tag:Qv+A03BE1QvEqJMtORiQVA==,type:str] qbittorrent: - password: ENC[AES256_GCM,data:LIDxh0Ni0JgQGWFix/Ihw7IlUPgzMhrMlWNP5LKkAnEM6EoqA9kFwiPeizB0CZ20+vSqRiL9fikBf8qGLA17L7AKh8I4OTFDlpKpMRtRlMq9S5UBEyOqtOMcvkCSf6/qGoORd1KJSlaitZk47SYRuccOpy/2vAvbMRdLm0SYEqc=,iv:tQdN1N9kXoq7OZbR2eYyy50FltsMAAUI4Lr7U4/SpJE=,tag:3ZOLvjHXD7i7WFy1/Ggqtg==,type:str] - password_hash: ENC[AES256_GCM,data:urufJbSErLqPdU6jLLZk+27fe4k+cKLXcGRGSqroUDdGMzDnhSF+ZWuPxwDlJQR3ws2GnuiEASncwNO/SALKXFDk2V2gsKJ4hsjyiIbsqCwSEFB/XMY0nY/x0xrcIfMVE0HdrNYeQ3zT01Z5jQpSd7wo2M63LaULL/Av498=,iv:tnUVhOgrImKa6iii2hJZn5LKrySM5v47B2zDZMgmUow=,tag:g3xa/4Z+t1Q9Wnd4XzefLg==,type:str] + password_hash: ENC[AES256_GCM,data:QWuQYmfBn9eLDYztH7TmQvw74MvmzCQ98OlBtyjm1Icr2c63epRuHWzQbm+Q+1jrCSiQreOB3ZyjLzkeV6SlLonryUSD71uBWVwctgPXO0XDrxE1Vi6dkiwC3TF65JTMDhyjDLEj1YkiMP25Fz5NidJTP/r9GlXTfM7gjWo=,iv:bpgL5IoAv+1PUtgNIjLcbzN8C9z55ndypz4LEELAhLc=,tag:VB+XTCwLeIEYKnOr/0f7zA==,type:str] + password: ENC[AES256_GCM,data:UepYY6UjJV/jo2aXTOEnKRtsjSqOSYPQlKlrAa7rf9rdnt2UXGjCkvN+A72pICuIBCAmhXZBAUMvmWTV9trk6NREHe0cY1xTC7pNv3x9TM/ZQmH498pbT/95pYAKwouHp9heJQ==,iv:FzjF+xPoaOp+gplxpz940V2dkWSTWe8dWUxexCoxxHc=,tag:TDZsboq9fEmmBrwJN/HTpQ==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -60,7 +47,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-05T10:38:19Z" - mac: ENC[AES256_GCM,data:gS6YTRTl6UdOC7Afrj1LrkgA7MWRLF0HNWytfzhkvThLW+JJrHPEhvWiYrsPW1Bm6o2JkKqVP5HfzcuGNIHJySkEQ4HV02BbibtMNiUKqk+voATsWOpo6957bwRJaTbvDvxmzIQ38TSUoj/pt8Z8WTl0hSPAlqNlWYffXX0y8K4=,iv:53R2bKYKiHJi9DTecg7hiuGNb3Kj9rA2U/oPJ+AFO5I=,tag:5uqvmEJCaCS/yNqyt/FPZg==,type:str] + lastmodified: "2025-12-04T11:24:52Z" + mac: ENC[AES256_GCM,data:jIgkl1lcVDSlKqJs9fjaHUAZsGL+22T86/qqKyDziHl0+VU763Ezwm8P+la+55jIIT2zLhFcUjhn2BabBi90OeEPztAC4rGpZj6+ZZ0GDCj/JhjPAAo3LgAKOCG0Xgf8MZWr/rXd6bLhW7Qj36PMJnap26rjEiUZeSvpWS2dz8g=,iv:CDx8fBI9Dl1uwrbMD1fa7/h3C7haK3xZxJI59mtL1LA=,tag:2UDRFJoevGEBKZA/9eUiOw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0