.

fix: zitadel script
chore: revert bash option
2025-12-01 20:56:56 +01:00 · 2025-12-01 15:31:14 +01:00 · 2025-12-01 15:30:47 +01:00 · 2025-12-01 14:27:13 +00:00 · 2025-12-01 14:26:40 +00:00 · 2025-12-01 14:49:33 +01:00
17 changed files with 646 additions and 447 deletions
--- a/.just/machine.just
+++ b/.just/machine.just
@ -4,8 +4,8 @@
@list:
    ls -1 ../systems/x86_64-linux/

-[no-exit-message]
 [doc('Update the target machine')]
+[no-exit-message]
@update machine:
-  just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | tr '\n' ' ')"
+    just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')"
    nixos-rebuild switch --use-remote-sudo --target-host {{ machine }} --flake ..#{{ machine }}
--- a/flake.lock
+++ b/flake.lock
@ -402,7 +402,7 @@
    },
    "flake-utils-plus": {
      "inputs": {
-        "flake-utils": "flake-utils_4"
+        "flake-utils": "flake-utils_5"
      },
      "locked": {
        "lastModified": 1715533576,
@ -457,7 +457,25 @@
    },
    "flake-utils_4": {
      "inputs": {
-        "systems": "systems_6"
+        "systems": "systems_5"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_5": {
+      "inputs": {
+        "systems": "systems_7"
      },
      "locked": {
        "lastModified": 1694529238,
@ -662,6 +680,25 @@
        "type": "github"
      }
    },
+    "mydia": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": "nixpkgs_5"
+      },
+      "locked": {
+        "lastModified": 1764568388,
+        "narHash": "sha256-kl8165eI0lUz9E96sdreZ48/nApydDfJP8IksjBveAw=",
+        "owner": "getmydia",
+        "repo": "mydia",
+        "rev": "74f0cf9a8ca782581ec0a35acf6526fccfbb6e2a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "getmydia",
+        "repo": "mydia",
+        "type": "github"
+      }
+    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@ -708,8 +745,8 @@
    "nix-minecraft": {
      "inputs": {
        "flake-compat": "flake-compat_3",
-        "flake-utils": "flake-utils_3",
-        "nixpkgs": "nixpkgs_5"
+        "flake-utils": "flake-utils_4",
+        "nixpkgs": "nixpkgs_6"
      },
      "locked": {
        "lastModified": 1763171892,
@ -856,6 +893,22 @@
        "type": "github"
      }
    },
+    "nixpkgs_10": {
+      "locked": {
+        "lastModified": 1762977756,
+        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1763469780,
@ -905,6 +958,22 @@
      }
    },
    "nixpkgs_5": {
+      "locked": {
+        "lastModified": 1764242076,
+        "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_6": {
      "locked": {
        "lastModified": 1748929857,
        "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
@ -920,7 +989,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1763421233,
        "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
@ -936,7 +1005,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_7": {
+    "nixpkgs_8": {
      "locked": {
        "lastModified": 1761880412,
        "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=",
@ -952,7 +1021,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_8": {
+    "nixpkgs_9": {
      "locked": {
        "lastModified": 1763191728,
        "narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=",
@ -968,22 +1037,6 @@
        "type": "github"
      }
    },
-    "nixpkgs_9": {
-      "locked": {
-        "lastModified": 1762977756,
-        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "nur": {
      "inputs": {
        "flake-parts": [
@ -1014,8 +1067,8 @@
        "flake-compat": "flake-compat_4",
        "flake-parts": "flake-parts_2",
        "mnw": "mnw",
-        "nixpkgs": "nixpkgs_7",
-        "systems": "systems_5"
+        "nixpkgs": "nixpkgs_8",
+        "systems": "systems_6"
      },
      "locked": {
        "lastModified": 1762622004,
@ -1065,11 +1118,12 @@
        "himmelblau": "himmelblau",
        "home-manager": "home-manager",
        "jovian": "jovian",
+        "mydia": "mydia",
        "nix-minecraft": "nix-minecraft",
        "nixos-boot": "nixos-boot",
        "nixos-generators": "nixos-generators",
        "nixos-wsl": "nixos-wsl",
-        "nixpkgs": "nixpkgs_6",
+        "nixpkgs": "nixpkgs_7",
        "nvf": "nvf",
        "plasma-manager": "plasma-manager",
        "snowfall-lib": "snowfall-lib",
@ -1162,7 +1216,7 @@
    },
    "sops-nix_2": {
      "inputs": {
-        "nixpkgs": "nixpkgs_8"
+        "nixpkgs": "nixpkgs_9"
      },
      "locked": {
        "lastModified": 1763509310,
@ -1187,9 +1241,9 @@
        "firefox-gnome-theme": "firefox-gnome-theme",
        "flake-parts": "flake-parts_3",
        "gnome-shell": "gnome-shell",
-        "nixpkgs": "nixpkgs_9",
+        "nixpkgs": "nixpkgs_10",
        "nur": "nur",
-        "systems": "systems_7",
+        "systems": "systems_8",
        "tinted-foot": "tinted-foot",
        "tinted-kitty": "tinted-kitty",
        "tinted-schemes": "tinted-schemes",
@ -1330,13 +1384,28 @@
        "type": "github"
      }
    },
+    "systems_9": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "terranix": {
      "inputs": {
        "flake-parts": "flake-parts_4",
        "nixpkgs": [
          "nixpkgs"
        ],
-        "systems": "systems_8"
+        "systems": "systems_9"
      },
      "locked": {
        "lastModified": 1762472226,
--- a/flake.nix
+++ b/flake.nix
@ -88,9 +88,14 @@
      url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    mydia = {
+      url = "github:getmydia/mydia";
+    };
  };

-  outputs = inputs: inputs.snowfall-lib.mkFlake {
+  outputs = inputs:
+    inputs.snowfall-lib.mkFlake {
      inherit inputs;
      src = ./.;

--- a/modules/home/application/steam/default.nix
+++ b/modules/home/application/steam/default.nix
@ -10,7 +10,7 @@ in
  };

  config = mkIf cfg.enable {
-    home.packages = with pkgs; [ protonup ];
+    home.packages = with pkgs; [ protonup-ng ];

    home.sessionVariables = {
      STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
--- a/modules/home/application/teamspeak/default.nix
+++ b/modules/home/application/teamspeak/default.nix
@ -10,6 +10,6 @@ in
  };

  config = mkIf cfg.enable {
-    home.packages = with pkgs; [ teamspeak_client ];
+    home.packages = with pkgs; [ teamspeak3 teamspeak6-client ];
  };
 }
--- a/modules/nixos/services/authentication/zitadel/default.nix
+++ b/modules/nixos/services/authentication/zitadel/default.nix
@ -23,7 +23,7 @@ in
            default = false;
            example = "true";
            description = ''
-              True sets the org as default org for the instance. Only one org can be default org. 
+              True sets the '${org}' org as default org for the instance. Only one org can be default org.
              Nothing happens if you set it to false until you set another org as default org.
            '';
          };
@ -335,14 +335,6 @@ in
    ;

    append = attrList: set: set // (listToAttrs attrList);
-    forEach = src: key: set: 
-    let
-      _key = concatMapStringsSep "_" (k: "\${item.${k}}") key;
-    in
-    { 
-      forEach = "{ for item in ${src} : \"${_key}\" => item }"; 
-    }
-    // set;

    config' = config;

@ -352,7 +344,21 @@ in

      modules = [
        ({ config, lib, ... }: {
-          config = {
+          config =
+          let
+            forEach = src: key: set:
+            let
+              _key = concatMapStringsSep "_" (k: "\${item.${k}}") key;
+            in
+            {
+              forEach = lib.tfRef ''{
+                for item in ${src} :
+                "''${item.org}_''${item.name}" => item
+              }'';
+            }
+          // set;
+          in
+          {
            terraform.required_providers.zitadel = {
              source = "zitadel/zitadel";
              version = "2.2.0";
@ -549,7 +555,11 @@ in
      wantedBy = [ "multi-user.target" ];
      wants = [ "zitadel.service" ];

-      script = ''
+      script =
+      let
+        tofu = lib.getExe pkgs.opentofu;
+      in
+      ''
        #!/usr/bin/env bash

        if [ "$(systemctl is-active zitadel)" != "active" ]; then
@ -564,11 +574,11 @@ in
        cp -f ${terraformConfiguration} config.tf.json

        # Initialize OpenTofu
-        ${lib.getExe pkgs.opentofu} init
+        ${tofu} init

        # Run the infrastructure code
-        # ${lib.getExe pkgs.opentofu} plan
-        ${lib.getExe pkgs.opentofu} apply -auto-approve
+        ${tofu} plan -refresh=false -out=tfplan
+        ${tofu} apply -auto-approve tfplan
      '';

      serviceConfig = {
--- a/modules/nixos/services/communication/matrix/default.nix
+++ b/modules/nixos/services/communication/matrix/default.nix
@ -1,5 +1,10 @@
-{ config, lib, pkgs, namespace, ... }:
-let
+{
+  config,
+  lib,
+  pkgs,
+  namespace,
+  ...
+}: let
  inherit (builtins) toString toJSON;
  inherit (lib) mkIf mkEnableOption;

@ -10,8 +15,7 @@ let
  port = 4001;

  database = "synapse";
-in
-{
+in {
  options.${namespace}.services.communication.matrix = {
    enable = mkEnableOption "Matrix server (Synapse)";
  };
--- a/modules/nixos/services/development/forgejo/default.nix
+++ b/modules/nixos/services/development/forgejo/default.nix
@ -1,12 +1,16 @@
-{ config, lib, pkgs, namespace, ... }:
-let
+{
+  config,
+  lib,
+  pkgs,
+  namespace,
+  ...
+}: let
  inherit (builtins) toString;
  inherit (lib) mkIf mkEnableOption mkOption;

  cfg = config.${namespace}.services.development.forgejo;
  domain = "git.amarth.cloud";
-in
-{
+in {
  options.${namespace}.services.development.forgejo = {
    enable = mkEnableOption "Forgejo";

--- a/modules/nixos/services/media/mydia/default.nix
+++ b/modules/nixos/services/media/mydia/default.nix
@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  namespace,
+  inputs,
+  system,
+  ...
+}: let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.services.media.mydia;
+in {
+  imports = [
+    inputs.mydia.nixosModules.default
+  ];
+
+  options.${namespace}.services.media.mydia = {
+    enable = mkEnableOption "Enable Mydia";
+  };
+
+  config = mkIf cfg.enable {
+    services.mydia = {
+      enable = true;
+      package = inputs.mydia.packages.${system}.default;
+
+      port = 2010;
+      listenAddress = "0.0.0.0";
+      openFirewall = true;
+
+      secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path;
+      guardianSecretKeyFile = config.sops.secrets."mydia/guardian_secret".path;
+
+      oidc = {
+        enable = true;
+        issuer = "https://auth.kruining.eu";
+        clientIdFile = config.sops.secrets."mydia/oidc_id".path;
+        clientSecretFile = config.sops.secrets."mydia/oidc_secret".path;
+        scopes = ["openid" "profile" "email"];
+      };
+    };
+
+    sops.secrets =
+      ["secret_key_base" "guardian_secret" "oidc_id" "oidc_secret"]
+      |> lib.map (name:
+        lib.nameValuePair "mydia/${name}" {
+          owner = config.services.mydia.user;
+          group = config.services.mydia.group;
+          restartUnits = ["mydia.service"];
+        })
+      |> lib.listToAttrs;
+  };
+}
--- a/modules/nixos/services/media/servarr/default.nix
+++ b/modules/nixos/services/media/servarr/default.nix
@ -1,11 +1,17 @@
-{ pkgs, config, lib, namespace, inputs, system, ... }:
-let
+{
+  pkgs,
+  config,
+  lib,
+  namespace,
+  inputs,
+  system,
+  ...
+}: let
  inherit (builtins) toString;
  inherit (lib) mkIf mkEnableOption mkOption types;

  cfg = config.${namespace}.services.media.servarr;
-in
-{
+in {
  options.${namespace}.services.media = {
    servarr = mkOption {
      type = types.attrsOf (types.submodule ({name, ...}: {
@ -30,7 +36,11 @@ in
  config = {
    services =
      cfg
-      |> lib.mapAttrsToList  (service: { enable, port, ... }: (mkIf enable {
+      |> lib.mapAttrsToList (service: {
+        enable,
+        port,
+        ...
+      }: (mkIf enable {
        "${service}" = {
          enable = true;
          openFirewall = true;
@ -58,31 +68,44 @@ in
        };
      }))
      |> lib.mergeAttrsList
-      |> (set: set // {
-        postgres = {
+      |> (set:
+        set
+        // {
+          postgresql = {
            ensureDatabases = cfg |> lib.attrNames;
-          ensureUsers = cfg |> lib.attrNames |> lib.map (service: {
+            ensureUsers =
+              cfg
+              |> lib.attrNames
+              |> lib.map (service: {
                name = service;
                ensureDBOwnership = true;
              });
          };
-      })
-    ;
+        });

    systemd =
      cfg
-      |> lib.mapAttrsToList  (service: { enable, debug, port, rootFolders, ... }: (mkIf enable {
+      |> lib.mapAttrsToList (service: {
+        enable,
+        debug,
+        port,
+        rootFolders,
+        ...
+      }: (mkIf enable {
        tmpfiles.rules = [
          "d /var/lib/${service}ApplyTerraform 0755 ${service} ${service} -"
        ];

-        services."${service}ApplyTerraform" = 
-        let
+        services."${service}ApplyTerraform" = let
          terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
            inherit system;

            modules = [
-              ({ config, lib, ... }: {
+              ({
+                config,
+                lib,
+                ...
+              }: {
                config = {
                  variable = {
                    api_key = {
@ -105,15 +128,13 @@ in
                    "${service}_root_folder" =
                      rootFolders
                      |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;})
-                      |> lib.listToAttrs
-                    ;
+                      |> lib.listToAttrs;
                  };
                };
              })
            ];
          };
-        in
-        {
+        in {
          description = "${service} terraform apply";

          wantedBy = ["multi-user.target"];
@ -141,7 +162,11 @@ in

            # Run the infrastructure code
            ${lib.getExe pkgs.opentofu} \
-            ${if debug then "plan" else "apply -auto-approve"} \
+            ${
+              if debug
+              then "plan"
+              else "apply -auto-approve"
+            } \
            -var-file='${config.sops.templates."${service}/config.tfvars".path}'
          '';

@ -158,16 +183,14 @@ in
          };
        };
      }))
-      |> lib.mergeAttrsList
-    ;
+      |> lib.mergeAttrsList;

    users.users =
      cfg
      |> lib.mapAttrsToList (service: {enable, ...}: (mkIf enable {
        "${service}".extraGroups = ["media"];
      }))
-      |> lib.mergeAttrsList
-    ;
+      |> lib.mergeAttrsList;

    sops =
      cfg
@ -198,11 +221,9 @@ in
          };
        };
      }))
-      |> lib.mergeAttrsList
-    ;
+      |> lib.mergeAttrsList;
  };

-
  #   cfg
  #   |> lib.mapAttrsToList  (service: { enable, debug, port, rootFolders, ... }: (mkIf enable {

--- a/modules/nixos/services/security/vaultwarden/default.nix
+++ b/modules/nixos/services/security/vaultwarden/default.nix
@ -1,5 +1,10 @@
-{ pkgs, config, lib, namespace, ... }:
-let
+{
+  pkgs,
+  config,
+  lib,
+  namespace,
+  ...
+}: let
  inherit (builtins) toString;
  inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep;

@ -12,14 +17,15 @@ let
      };

      file = mkOption {
-        type = types.str;
-        description = '''';
+        type = types.path;
+        description = ''
+          Path to sqlite database file.
+        '';
      };
    };
  });

-  databaseProviderPostgresql = types.submodule ({ ... }: 
-  let
+  databaseProviderPostgresql = types.submodule ({...}: let
    urlOptions = lib.${namespace}.options.mkUrlOptions {
      host = {
        description = ''
@ -40,9 +46,9 @@ let
        example = "postgres";
      };
    };
-  in
+  in {
+    options =
      {
-    options = {
        type = mkOption {
          type = types.enum ["postgresql"];
        };
@ -66,10 +72,10 @@ let
            [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS)
          '';
        };
-    } // (urlOptions |> getAttrs [ "protocol" "host" "port" ]);
+      }
+      // (urlOptions |> getAttrs ["protocol" "host" "port"]);
  });
-in
-{
+in {
  options.${namespace}.services.security.vaultwarden = {
    enable = mkEnableOption "enable vaultwarden";

@ -183,15 +189,15 @@ in
          owner = config.users.users.vaultwarden.name;
          group = config.users.groups.vaultwarden.name;
        };
-        temp-db-output.content = 
-          let 
+        temp-db-output.content = let
          config =
            cfg.database
-              |> ({ type, ... }@db: 
-                if type == "sqlite" then
-                  { inherit (db) type file; }
-                else if type == "postgresql" then
-                  { 
+            |> (
+              {type, ...} @ db:
+                if type == "sqlite"
+                then {inherit (db) type file;}
+                else if type == "postgresql"
+                then {
                  inherit (db) type;
                  url = lib.${namespace}.strings.toUrl {
                    inherit (db) protocol host port;
@ -201,13 +207,10 @@ in
                    };
                  };
                }
-                else
-                  {}
+                else {}
            )
-              |> concatMapAttrsStringSep "\n" (n: v: "${toUpper n}=${v}")
-            ;
-          in
-          ''
+            |> concatMapAttrsStringSep "\n" (n: v: "${toUpper n}=${v}");
+        in ''
          # GENERATED VALUES
          ${config}
        '';
--- a/modules/nixos/shells/default.nix
+++ b/modules/nixos/shells/default.nix
@ -1,2 +1,2 @@
-{ ... }:
-{}
+{...}: {
+}
--- a/shells/default/default.nix
+++ b/shells/default/default.nix
@ -1,5 +1,10 @@
-{ mkShell, inputs, pkgs, ... }:
-
+{
+  mkShell,
+  inputs,
+  pkgs,
+  stdenv,
+  ...
+}:
 mkShell {
  packages = with pkgs; [
    bash
@ -7,6 +12,10 @@ mkShell {
    just
    yq
    pwgen
-    inputs.clan-core.packages.x86_64-linux.clan-cli
+    alejandra
+    nil
+    nixd
+    openssl
+    inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli
  ];
 }
--- a/systems/x86_64-linux/ulmo/default.nix
+++ b/systems/x86_64-linux/ulmo/default.nix
@ -1,5 +1,4 @@
-{ ... }:
-{
+{...}: {
  imports = [
    ./disks.nix
    ./hardware.nix
@ -8,7 +7,10 @@
  networking = {
    interfaces.enp2s0 = {
      ipv6.addresses = [
-        { address = "2a0d:6e00:1dc9:0::dead:beef"; prefixLength = 64; }
+        {
+          address = "2a0d:6e00:1dc9:0::dead:beef";
+          prefixLength = 64;
+        }
      ];

      useDHCP = true;
@ -110,6 +112,12 @@
                    grantTypes = ["authorizationCode"];
                    responseTypes = ["code"];
                  };
+
+                  mydia = {
+                    redirectUris = ["http://localhost:2010/auth/oidc/callback"];
+                    grantTypes = ["authorizationCode"];
+                    responseTypes = ["code"];
+                  };
                };
              };
            };
@ -131,8 +139,16 @@
            };

            triggers = [
-              { flowType = "customiseToken"; triggerType = "preUserinfoCreation"; actions = [ "flattenRoles" ]; }
-              { flowType = "customiseToken"; triggerType = "preAccessTokenCreation"; actions = [ "flattenRoles" ]; }
+              {
+                flowType = "customiseToken";
+                triggerType = "preUserinfoCreation";
+                actions = ["flattenRoles"];
+              }
+              {
+                flowType = "customiseToken";
+                triggerType = "preAccessTokenCreation";
+                actions = ["flattenRoles"];
+              }
            ];
          };
        };
@ -146,6 +162,7 @@

      media.enable = true;
      media.homer.enable = true;
+      media.mydia.enable = true;
      media.nfs.enable = true;
      media.servarr = {
        # radarr = {
--- a/systems/x86_64-linux/ulmo/secrets.yml
+++ b/systems/x86_64-linux/ulmo/secrets.yml
@ -19,6 +19,11 @@ lidarr:
    apikey: ENC[AES256_GCM,data:I2eKaxidmxem7C7ukmyIfwASNqrkS4vEOiCcU5kSNY6DR0pXsYg0PBdgu8vzK6llbXODLdG5t55BordIWvVRJGAauo0FMvtp59NSNpza7cK68tdKGvNefD6bqhUIR06BY11niQ==,iv:48AD7cd17TlWY5yAagepLOIVwgxhD/d13Pnup6GsWDA=,tag:teOVtW8opE99hqAXQwvlrA==,type:str]
 prowlarr:
    apikey: ENC[AES256_GCM,data:pyZ2WGEs/PlIdhDsQq2TPGJbplkd5fLF0ZkBjITqIJlnAzYHb+rl+KOM4rHqQcI6yAJM8X1Y3ymGrD7vG7GiRxB7yoEG13SKhZIWOddTnxIhbkz81RfrL2fUJIydOaP6sS//9Q==,iv:Tr6MWoC6nC7rdVTOjT1T2itT+lVL4GnUiAr5/+IHAs0=,tag:keIJNuGeVht8+xSN3FnBGA==,type:str]
+mydia:
+    oidc_id: ENC[AES256_GCM,data:LfYWh9EC0aio3w1Xsj/jtU6z,iv:+dX9KkNtfQMYSX4yr83KyXalWMD/aWby7fC8aL4ZT3I=,tag:CvdbMoMTuC9FohTMIE5pmg==,type:str]
+    oidc_secret: ENC[AES256_GCM,data:PgI4hmP/3wt9uj+1QvCYcT8Wav0hgCRADouzWM3V695SSfXfbwDgez8tA/tm1/1jymAU2F2sZH8G2hZ1cdHyHQ==,iv:h3o3jsTmnoNE3+mGX12J3ZU0/6PlQNjdndEvaj/czj0=,tag:p3+p4E8fBtR7a8UpM8cUsg==,type:str]
+    secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str]
+    guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str]
 sops:
    age:
        - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq
@ -39,7 +44,7 @@ sops:
            TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb
            Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-19T09:51:26Z"
-    mac: ENC[AES256_GCM,data:pMMkxHPochpI8si/oHhU7MHqC1JjNhMP7HCRNQQEkwBQI489xiC02t+qUwpmG4oIheqi8lEcZPpL4t9HzRN9sZImaI2LrJn3cHFojHzXzo7FPfvfUilZe1+JXLfm+wn+bflAEutIcfDiZc/MjiKOxRHwZy5Pr41Mj6uPIUr62zk=,iv:GwvMVgJ6m1DQcRZMVzshbuMK/Kx8vE8Ym83KbxuvYRg=,tag:wVSol9LDRzoFjQppB8J9gA==,type:str]
+    lastmodified: "2025-12-01T14:27:13Z"
+    mac: ENC[AES256_GCM,data:v8t65zlWw6UuFeFQ5oBNVGjnuewPlZZG7ea8P4cEHXN+JnSAE67HivSCyjhUAFmX/UbksxnSLYdl72swTb9ASv6JaW2FVJsaF+5zmZbuM5pAjZl4MR6Y7+Vc9YqAi+axnSE1s8pRe9U1PYmcbLWaY9kRZdccavfM2bsoAIpJRTk=,iv:EevmWMh6ygEAlf9RE4qZ1KVKm6yDR5dTZeraoFHmdRg=,tag:sCdtEYc9iNjfEvyYyXH8rQ==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
Author	SHA1	Message	Date
Chris Kruining	d9dff63cea	.	2025-12-01 20:56:56 +01:00
Chris Kruining	f288c688d0	fix: zitadel script	2025-12-01 15:31:14 +01:00
Chris Kruining	17e059995f	chore: revert bash option	2025-12-01 15:30:47 +01:00
chris	1b2f4c0381	chore(secrets): set secret "mydia/oidc_secret" for machine "ulmo"	2025-12-01 14:27:13 +00:00
chris	179dd7be1f	chore(secrets): set secret "mydia/oidc_id" for machine "ulmo"	2025-12-01 14:26:40 +00:00
Chris Kruining	b739cd4190	fix: forEach implementation in zitadel module	2025-12-01 14:49:33 +01:00
Chris Kruining	9f1a6e85ee	kaas	2025-12-01 14:14:32 +01:00
chris	331a912c82	chore(secrets): set secret "mydia/guardian_secret" for machine "ulmo"	2025-12-01 09:05:12 +00:00
chris	c215f5f358	chore(secrets): set secret "mydia/secret_key_base" for machine "ulmo"	2025-12-01 09:04:53 +00:00
chris	bb75261d95	chore(secrets): set secret "mydia/secret_key_base" for machine "ulmo"	2025-12-01 09:04:18 +00:00
chris	5d9c1fb6fc	chore(secrets): set secret "mydia/oidc_secret" for machine "ulmo"	2025-12-01 09:03:28 +00:00
chris	41bd07afb4	chore(secrets): set secret "mydia/oidc_id" for machine "ulmo"	2025-12-01 09:03:21 +00:00
Chris Kruining	1e5ba64175	feat: fix most issues with mydia	2025-11-27 16:28:33 +01:00
Chris Kruining	829a8dab4e	chore: refactor code	2025-11-27 11:05:35 +01:00
Chris Kruining	be346e0e29	still complaining about missing ffmpeg....	2025-11-26 16:35:52 +01:00
Chris Kruining	2d3726d535	feat: remove bun2nix this is not the route I ended up going for, so I removed the dependency again	2025-11-26 16:34:58 +01:00
Chris Kruining	06cd3dd1ac	feat: start implementation of package for mydia	2025-11-26 16:02:14 +01:00