diff --git a/.forgejo/workflows/action.yml b/.forgejo/workflows/action.yml index 4aac00e..684cfad 100644 --- a/.forgejo/workflows/action.yml +++ b/.forgejo/workflows/action.yml @@ -7,10 +7,9 @@ on: - main jobs: - hello: - name: Print hello world - runs-on: default + kaas: + runs-on: nix steps: - name: Echo run: | - echo "Hello, world!" \ No newline at end of file + nix --version \ No newline at end of file diff --git a/.gitignore b/.gitignore index 87a3018..3cb44c3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,8 @@ +# ---> Nix +# Ignore build outputs from performing a nix-build or `nix build` command result -*.qcow2 +result-* + +# Ignore automatically generated direnv output +.direnv + diff --git a/flake.lock b/flake.lock index 27521bd..51907f8 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1755108317, - "narHash": "sha256-j7RGK7nyoHuJzQjVFBngpsVowIn4DAtprn66UyAFNRQ=", + "lastModified": 1756593129, + "narHash": "sha256-xpdGBk57lErbo03ZJS8uDDF5cZjoza7kzr7X+y0wj2g=", "owner": "emmanuelrosa", "repo": "erosanix", - "rev": "5aa322a6e586a2b46af65ab6c9a3d6042a95ff2e", + "rev": "f28776c49ddb4d34abc01092009fba0cd96836bd", "type": "github" }, "original": { @@ -94,11 +94,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1755153894, - "narHash": "sha256-DEKeIg3MQy5GMFiFRUzcx1hGGBN2ypUPTo0jrMAdmH4=", + "lastModified": 1756622179, + "narHash": "sha256-K3CimrAcMhdDYkErd3oiWPZNaoyaGZEuvGrFuDPFMZY=", "owner": "nix-community", "repo": "fenix", - "rev": "f6874c6e512bc69d881d979a45379b988b80a338", + "rev": "0abcb15ae6279dcb40a8ae7c1ed980705245cb79", "type": "github" }, "original": { @@ -114,11 +114,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1755083788, - "narHash": "sha256-CXiS6gfw0NH+luSpNhtRZjy4NqVFrmsYpoetu3N/fMk=", + "lastModified": 1756643456, + "narHash": "sha256-SbRGlArZnspW/xd/vnMPSyuZGXSVtxyJEoXpvpzDpSE=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "523078b104590da5850a61dfe291650a6b49809c", + "rev": "6772a49573fc08b3e05502cccd90a8f5a82ee42e", "type": "github" }, "original": { @@ -411,11 +411,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1755072091, - "narHash": "sha256-FCkbELHIFXlVREaopW13QFMzwLPr/otjucmyNLQQXeg=", + "lastModified": 1756381920, + "narHash": "sha256-h6FZq485lEhkTICK779ZQ2kUWe3BieUqIKuJ2jef7SI=", "owner": "vinceliuice", "repo": "grub2-themes", - "rev": "03d8c9cf0d1bcf67765ac5fa35263f1b08c584fa", + "rev": "8f30385f556a92ecbcc0c1800521730187da1cd7", "type": "github" }, "original": { @@ -432,11 +432,11 @@ ] }, "locked": { - "lastModified": 1754593854, - "narHash": "sha256-fiWzQKZP92+2nm9wGBa/UYuEdVJkshHqNpCFfklas8k=", + "lastModified": 1756413980, + "narHash": "sha256-pxTwEjWZ1GohJeTEpxoZRHRoLDZjDw9CarGqxE5e908=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "e0b9a3efdcf0c6c59ed3352ffb2b003ab6aa2fed", + "rev": "0c12a2b5862cd673307bbe191c1f7b52cf0f091a", "type": "github" }, "original": { @@ -452,11 +452,32 @@ ] }, "locked": { - "lastModified": 1755121891, - "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", + "lastModified": 1756650373, + "narHash": "sha256-Iz0dNCNvLLxVGjOOF1/TJvZ4iKXE96BTgKDObCs9u+M=", "owner": "nix-community", "repo": "home-manager", - "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", + "rev": "e44549074a574d8bda612945a88e4a1fd3c456a8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "zen-browser", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756842514, + "narHash": "sha256-XbtRMewPGJwTNhBC4pnBu3w/xT1XejvB0HfohC2Kga8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "30fc1b532645a21e157b6e33e3f8b4c154f86382", "type": "github" }, "original": { @@ -473,11 +494,11 @@ ] }, "locked": { - "lastModified": 1755151620, - "narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=", + "lastModified": 1756638688, + "narHash": "sha256-ddxbPTnIchM6tgxb6fRrCvytlPE2KLifckTnde/irVQ=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "16e12d22754d97064867006acae6e16da7a142a6", + "rev": "e7b8679cba79f4167199f018b05c82169249f654", "type": "github" }, "original": { @@ -507,11 +528,11 @@ }, "mnw": { "locked": { - "lastModified": 1748710831, - "narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=", + "lastModified": 1756580127, + "narHash": "sha256-XK+ZQWjnd96Uko73jY1dc23ksnuWnF/Myc4rT/LQOmc=", "owner": "Gerg-L", "repo": "mnw", - "rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d", + "rev": "ecdb5ba1b08ac198d9e9bfbf9de3b234fb1eb252", "type": "github" }, "original": { @@ -549,11 +570,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1755137329, - "narHash": "sha256-9MxuOLH7jk58IVUUDWwLeqk9U4ATE6X37955Ld+4/zw=", + "lastModified": 1756518625, + "narHash": "sha256-Mxh2wumeSsb968dSDksblubQqHTTdRTC5lH0gmhq9jI=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "d9330bc35048238597880e89fb173799de9db5e9", + "rev": "92654796f8f6c3279e4b7d409a3e5b43b0539a19", "type": "github" }, "original": { @@ -621,11 +642,11 @@ ] }, "locked": { - "lastModified": 1755171343, - "narHash": "sha256-h6bbfhqWcHlx9tcyYa7dhaEiNpusLCcFYkJ/AnltLW8=", + "lastModified": 1755261305, + "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "e37cfef071466a9ca649f6899aff05226ce17e9e", + "rev": "203a7b463f307c60026136dd1191d9001c43457f", "type": "github" }, "original": { @@ -683,11 +704,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1755061300, - "narHash": "sha256-eov82CkCrpiECJa3dyQ2da1sPGnAP3HK0UEra5eupaM=", + "lastModified": 1756578978, + "narHash": "sha256-dLgwMLIMyHlSeIDsoT2OcZBkuruIbjhIAv1sGANwtes=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d4df8d6cc1ccfd3e4349a1d54e4fb1171e7ec1f5", + "rev": "a85a50bef870537a9705f64ed75e54d1f4bf9c23", "type": "github" }, "original": { @@ -715,11 +736,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1755178357, - "narHash": "sha256-rzgUmlO5/pt7uPAlY6E70clNjg9JmrgBxalEj2zKq08=", + "lastModified": 1756653691, + "narHash": "sha256-tx6C07uPiAzq57mfb4EWDqPRV4BZVqvrlvDfibzL67U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6eac4364f979ef460fb6ebd17ca65b8dae03cba4", + "rev": "7a1057ff3f7636bc71f58671c3a1210742149f3b", "type": "github" }, "original": { @@ -747,11 +768,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1755027561, - "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", + "lastModified": 1756542300, + "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", + "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "type": "github" }, "original": { @@ -763,11 +784,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1755049066, - "narHash": "sha256-ANrc15FSoOAdNbfKHxqEJjZLftIwIsenJGRb/04K41s=", + "lastModified": 1756536218, + "narHash": "sha256-ynQxPVN2FIPheUgTFhv01gYLbaiSOS7NgWJPm9LF9D0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e45f8f193029378d0aaee5431ba098dc80054e9a", + "rev": "a918bb3594dd243c2f8534b3be01b3cb4ed35fd1", "type": "github" }, "original": { @@ -843,11 +864,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1755115677, - "narHash": "sha256-98Ad2F5w1xW94KymQiBohNBYpFqMa0K28v9S1SzyTY8=", + "lastModified": 1756646417, + "narHash": "sha256-1dU+BRKjczVnsTznKGaM0xrWzg2+MGQqWlde0Id9JnI=", "owner": "notashelf", "repo": "nvf", - "rev": "c5dc7192496a1fad38134e54f8b4fca8ac51a9fe", + "rev": "939fb8cfc630190cd5607526f81693525e3d593b", "type": "github" }, "original": { @@ -866,11 +887,11 @@ ] }, "locked": { - "lastModified": 1754501628, - "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=", + "lastModified": 1756632588, + "narHash": "sha256-ydam6eggXf3ZwRutyCABwSbMAlX+5lW6w1SVZQ+kfSo=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133", + "rev": "d47428e5390d6a5a8f764808a4db15929347cd77", "type": "github" }, "original": { @@ -905,11 +926,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1755004716, - "narHash": "sha256-TbhPR5Fqw5LjAeI3/FOPhNNFQCF3cieKCJWWupeZmiA=", + "lastModified": 1756597274, + "narHash": "sha256-wfaKRKsEVQDB7pQtAt04vRgFphkVscGRpSx3wG1l50E=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "b2a58b8c6eff3c3a2c8b5c70dbf69ead78284194", + "rev": "21614ed2d3279a9aa1f15c88d293e65a98991b30", "type": "github" }, "original": { @@ -978,11 +999,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1755027820, - "narHash": "sha256-hBSU7BEhd05y/pC9tliYjkFp8AblkbNEkPei229+0Pg=", + "lastModified": 1755997543, + "narHash": "sha256-/fejmCQ7AWa655YxyPxRDbhdU7c5+wYsFSjmEMXoBCM=", "owner": "nix-community", "repo": "stylix", - "rev": "c592717e9f713bbae5f718c784013d541346363d", + "rev": "f47c0edcf71e802378b1b7725fa57bb44fe85ee8", "type": "github" }, "original": { @@ -1164,18 +1185,19 @@ }, "zen-browser": { "inputs": { + "home-manager": "home-manager_2", "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1727721329, - "narHash": "sha256-QYlWZwUSwrM7BuO+dXclZIwoPvBIuJr6GpFKv9XKFPI=", - "owner": "MarceColl", + "lastModified": 1756876659, + "narHash": "sha256-B2bpNR7VOoZuKfuNnASfWI/jGveetP2yhG44S3XnI/k=", + "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "e6ab73f405e9a2896cce5956c549a9cc359e5fcc", + "rev": "07c14b39cad581d9a8bb2dc8959a59e17d26d529", "type": "github" }, "original": { - "owner": "MarceColl", + "owner": "0xc000022070", "repo": "zen-browser-flake", "type": "github" } diff --git a/flake.nix b/flake.nix index d696f4b..60e9853 100644 --- a/flake.nix +++ b/flake.nix @@ -41,7 +41,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - zen-browser.url = "github:MarceColl/zen-browser-flake"; + zen-browser.url = "github:0xc000022070/zen-browser-flake"; nix-minecraft.url = "github:Infinidoge/nix-minecraft"; @@ -63,11 +63,11 @@ url = "github:Jovian-Experiments/Jovian-NixOS"; inputs.nixpkgs.follows = "nixpkgs"; }; - + grub2-themes = { url = "github:vinceliuice/grub2-themes"; }; - + nixos-wsl = { url = "github:nix-community/nixos-wsl"; inputs = { @@ -93,8 +93,15 @@ channels-config = { allowUnfree = true; permittedInsecurePackages = [ + # Due to *arr stack "dotnet-sdk-6.0.428" "aspnetcore-runtime-6.0.36" + + # I think this is because of zen + "qtwebengine-5.15.19" + + # For Nheko, the matrix client + "olm-3.2.16" ]; }; @@ -106,7 +113,7 @@ homes.modules = with inputs; [ stylix.homeModules.stylix - plasma-manager.homeManagerModules.plasma-manager + plasma-manager.homeModules.plasma-manager ]; }; } diff --git a/homes/x86_64-linux/chris@manwe/default.nix b/homes/x86_64-linux/chris@manwe/default.nix index cd6fa1a..abeb606 100644 --- a/homes/x86_64-linux/chris@manwe/default.nix +++ b/homes/x86_64-linux/chris@manwe/default.nix @@ -35,6 +35,7 @@ bitwarden.enable = true; discord.enable = true; ladybird.enable = true; + nheko.enable = true; obs.enable = true; onlyoffice.enable = true; signal.enable = true; diff --git a/modules/home/application/nheko/default.nix b/modules/home/application/nheko/default.nix new file mode 100644 index 0000000..b04b375 --- /dev/null +++ b/modules/home/application/nheko/default.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, namespace, osConfig ? {}, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.application.nheko; +in +{ + options.${namespace}.application.nheko = { + enable = mkEnableOption "enable nheko (matrix client)"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [ nheko ]; + }; +} diff --git a/modules/home/application/zen/default.nix b/modules/home/application/zen/default.nix index ad4cb92..4995216 100644 --- a/modules/home/application/zen/default.nix +++ b/modules/home/application/zen/default.nix @@ -5,13 +5,15 @@ let cfg = config.${namespace}.application.zen; in { + imports = [ + inputs.zen-browser.homeModules.default + ]; + options.${namespace}.application.zen = { enable = mkEnableOption "enable zen"; }; config = mkIf cfg.enable { - home.packages = [ inputs.zen-browser.packages.${pkgs.system}.specific ]; - home.sessionVariables = { MOZ_ENABLE_WAYLAND = "1"; }; @@ -20,20 +22,42 @@ in policies = { AutofillAddressEnabled = true; AutofillCreditCardEnabled = false; + + AppAutoUpdate = false; DisableAppUpdate = true; + ManualAppUpdateOnly = true; + DisableFeedbackCommands = true; DisableFirefoxStudies = true; DisablePocket = true; DisableTelemetry = true; - # DontCheckDefaultBrowser = false; + + DontCheckDefaultBrowser = false; NoDefaultBookmarks = true; - # OfferToSaveLogins = false; + OfferToSaveLogins = false; EnableTrackingProtection = { Value = true; Locked = true; Cryptomining = true; Fingerprinting = true; }; + + HttpAllowlist = [ + "http://ulmo" + ]; + }; + + policies.ExtensionSettings = let + mkExtension = id: { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/${builtins.toString id}/latest.xpi"; + installation_mode = "force_installed"; + }; + in + { + ublock_origin = 4531307; + ghostry = 4562168; + bitwarden = 4562769; + sponsorblock = 4541835; }; }; }; diff --git a/modules/home/home-manager/default.nix b/modules/home/home-manager/default.nix index 93bae2e..5f3be03 100644 --- a/modules/home/home-manager/default.nix +++ b/modules/home/home-manager/default.nix @@ -4,7 +4,9 @@ let in { systemd.user.startServices = "sd-switch"; - programs.home-manager.enable = true; + programs.home-manager = { + enable = true; + }; home.stateVersion = mkDefault (osConfig.system.stateVersion or "25.05"); -} \ No newline at end of file +} diff --git a/modules/nixos/home-manager/default.nix b/modules/nixos/home-manager/default.nix new file mode 100644 index 0000000..1a5a964 --- /dev/null +++ b/modules/nixos/home-manager/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + config = { + home-manager.backupFileExtension = "back"; + }; +} diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 7d1f069..3104ecd 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -15,10 +15,10 @@ in nix = { package = pkgs.nixVersions.latest; - extraOptions = "experimental-features = nix-command flakes"; + extraOptions = "experimental-features = nix-command flakes pipe-operators"; settings = { - experimental-features = [ "nix-command" "flakes" ]; + experimental-features = [ "nix-command" "flakes" "pipe-operators" ]; allowed-users = [ "@wheel" ]; trusted-users = [ "@wheel" ]; diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index a95d849..2f65f6f 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, namespace, ... }: let - inherit (lib) mkIf mkEnableOption mkForce; + inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.services.authentication.zitadel; @@ -13,6 +13,8 @@ in }; config = mkIf cfg.enable { + ${namespace}.services.persistance.postgresql.enable = true; + environment.systemPackages = with pkgs; [ zitadel ]; @@ -110,13 +112,6 @@ in ensureDBOwnership = true; } ]; - authentication = mkForce '' - # Generated file, do not edit! - # TYPE DATABASE USER ADDRESS METHOD - local all all trust - host all all 127.0.0.1/32 trust - host all all ::1/128 trust - ''; }; caddy = { diff --git a/modules/nixos/services/communication/conduit/default.nix b/modules/nixos/services/communication/conduit/default.nix new file mode 100644 index 0000000..aa4d5c1 --- /dev/null +++ b/modules/nixos/services/communication/conduit/default.nix @@ -0,0 +1,56 @@ +{ config, lib, pkgs, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.services.communication.conduit; + domain = "matrix.kruining.eu"; +in +{ + options.${namespace}.services.communication.conduit = { + enable = mkEnableOption "conduit (Matrix server)"; + }; + + config = mkIf cfg.enable { + # ${namespace}.services = { + # persistance.postgresql.enable = true; + # virtualisation.podman.enable = true; + # }; + + services = { + matrix-conduit = { + enable = true; + + settings.global = { + address = "::1"; + port = 4001; + + database_backend = "rocksdb"; + + server_name = "chris-matrix"; + }; + }; + + # postgresql = { + # enable = true; + # ensureDatabases = [ "conduit" ]; + # ensureUsers = [ + # { + # name = "conduit"; + # ensureDBOwnership = true; + # } + # ]; + # }; + + caddy = { + enable = true; + virtualHosts = { + ${domain}.extraConfig = '' + # import auth-z + + # reverse_proxy http://127.0.0.1:5002 + ''; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo/default.nix index bdabbd6..46e0995 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo/default.nix @@ -11,7 +11,10 @@ in }; config = mkIf cfg.enable { - ${namespace}.services.virtualisation.podman.enable = true; + ${namespace}.services = { + persistance.postgresql.enable = true; + virtualisation.podman.enable = true; + }; environment.systemPackages = with pkgs; [ forgejo ]; @@ -91,6 +94,7 @@ in actions = { ENABLED = true; + # DEFAULT_ACTIONS_URL = "https://data.forgejo.org"; }; other = { @@ -136,10 +140,12 @@ in # tokenFile = config.age.secrets.forgejo-runner-token.path; token = "ZBetud1F0IQ9VjVFpZ9bu0FXgx9zcsy1x25yvjhw"; labels = [ - "default:docker://node:22-bullseye" + "default:docker://nixos/nix:latest" + "ubuntu:docker://ubuntu:24-bookworm" + "nix:docker://git.amarth.cloud/amarth/runners/default:latest" ]; settings = { - + log.level = "info"; }; }; }; @@ -152,7 +158,7 @@ in # stupid dumb way to prevent the login page and go to zitadel instead # be aware that this does not disable local login at all! - rewrite /user/login /user/oauth2/Zitadel + # rewrite /user/login /user/oauth2/Zitadel reverse_proxy http://127.0.0.1:5002 ''; diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index f76e4ae..bc41fb4 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -66,38 +66,73 @@ in # Services #========================================================================= services = let - serviceConf = { + arrService = { + enable = true; + openFirewall = true; + + settings = { + auth.AuthenticationMethod = "External"; + + # postgres = { + # PostgresHost = "localhost"; + # PostgresPort = "5432"; + # PostgresUser = "media"; + # }; + }; + }; + + withPort = port: service: service // { settings.server.Port = builtins.toString port; }; + + withUserAndGroup = service: service // { + user = cfg.user; + group = cfg.group; + }; + in { + radarr = + arrService + |> withPort 2001 + |> withUserAndGroup; + + sonarr = + arrService + |> withPort 2002 + |> withUserAndGroup; + + lidarr = + arrService + |> withPort 2003 + |> withUserAndGroup; + + prowlarr = + arrService + |> withPort 2004; + + bazarr = { + enable = true; + openFirewall = true; + user = cfg.user; + group = cfg.group; + listenPort = 2005; + }; + + # port is harcoded in nixpkgs module + jellyfin = { enable = true; openFirewall = true; user = cfg.user; group = cfg.group; }; - in { - jellyfin = serviceConf; - radarr = serviceConf; - sonarr = serviceConf; - bazarr = serviceConf; - lidarr = serviceConf; flaresolverr = { enable = true; openFirewall = true; - }; - - jellyseerr = { - enable = true; - openFirewall = true; - }; - - prowlarr = { - enable = true; - openFirewall = true; + port = 2007; }; qbittorrent = { enable = true; openFirewall = true; - webuiPort = 5000; + webuiPort = 2008; serverConfig = { LegalNotice.Accepted = true; @@ -107,6 +142,7 @@ in group = cfg.group; }; + # port is harcoded in nixpkgs module sabnzbd = { enable = true; openFirewall = true; @@ -116,46 +152,49 @@ in group = cfg.group; }; + # postgresql = { + # enable = true; + # ensureDatabases = [ + # "radarr-main" "radarr-log" + # "sonarr-main" "sonarr-log" + # "lidarr-main" "lidarr-log" + # "prowlarr-main" "prowlarr-log" + # ]; + # identMap = '' + # media media radarr-main + # media media radarr-log + # media media sonarr-main + # media media sonarr-log + # media media lidarr-main + # media media lidarr-log + # media media prowlarr-main + # media media prowlarr-log + # ''; + # ensureUsers = [ + # { name = "radarr-main"; ensureDBOwnership = true; } + # { name = "radarr-log"; ensureDBOwnership = true; } + + # { name = "sonarr-main"; ensureDBOwnership = true; } + # { name = "sonarr-log"; ensureDBOwnership = true; } + + # { name = "lidarr-main"; ensureDBOwnership = true; } + # { name = "lidarr-log"; ensureDBOwnership = true; } + + # { name = "prowlarr-main"; ensureDBOwnership = true; } + # { name = "prowlarr-log"; ensureDBOwnership = true; } + # ]; + # }; + caddy = { enable = true; virtualHosts = { - "media.kruining.eu".extraConfig = '' - import auth - - reverse_proxy http://127.0.0.1:9494 - ''; "jellyfin.kruining.eu".extraConfig = '' - reverse_proxy http://127.0.0.1:8096 + reverse_proxy http://[::1]:8096 ''; }; }; }; systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; - - ${namespace}.services.virtualisation.podman.enable = true; - - virtualisation = { - oci-containers = { - backend = "podman"; - - containers = { - # flaresolverr = { - # image = "flaresolverr/flaresolverr"; - # autoStart = true; - # ports = [ "127.0.0.1:8191:8191" ]; - # }; - - reiverr = { - image = "ghcr.io/aleksilassila/reiverr:v2.2.0"; - autoStart = true; - ports = [ "127.0.0.1:9494:9494" ]; - volumes = [ "${cfg.path}/reiverr/config:/config" ]; - }; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 6969 ]; }; } diff --git a/modules/nixos/services/media/homer/default.nix b/modules/nixos/services/media/homer/default.nix new file mode 100644 index 0000000..8fd0ac6 --- /dev/null +++ b/modules/nixos/services/media/homer/default.nix @@ -0,0 +1,161 @@ +{ config, lib, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.services.media.homer; +in +{ + options.${namespace}.services.media.homer = { + enable = mkEnableOption "Enable homer"; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ 2000 ]; + + services = { + homer = { + enable = true; + + virtualHost = { + caddy.enable = true; + domain = "http://:2000"; + }; + + settings = { + title = "Ulmo dashboard"; + + columns = 4; + connectivityCheck = true; + + links = []; + + services = [ + { + name = "Services"; + items = [ + { + name = "Zitadel"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/zitadel.svg"; + tag = "app"; + url = "https://auth.amarth.cloud"; + target = "_blank"; + } + + { + name = "Forgejo"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/forgejo.svg"; + tag = "app"; + type = "Gitea"; + url = "https://git.amarth.cloud"; + target = "_blank"; + } + + { + name = "Vaultwarden"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/vaultwarden.svg"; + type = "Vaultwarden"; + tag = "app"; + url = "https://vault.kruining.eu"; + target = "_blank"; + } + ]; + } + + { + name = "Observability"; + items = [ + { + name = "Grafana"; + type = "Grafana"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/grafana.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:${builtins.toString config.services.grafana.settings.server.http_port}"; + target = "_blank"; + } + + { + name = "Prometheus"; + type = "Prometheus"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/prometheus.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:${builtins.toString config.services.prometheus.port}"; + target = "_blank"; + } + ]; + } + + { + name = "Media"; + items = [ + { + name = "Jellyfin (Movies)"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/jellyfin.svg"; + tag = "app"; + type = "Emby"; + url = "http://${config.networking.hostName}:8096"; + apikey = "e3ceed943eeb409ba8342738db7cc1f5"; + libraryType = "movies"; + target = "_blank"; + } + + { + name = "Radarr"; + type = "Radarr"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/radarr.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:${builtins.toString config.services.radarr.settings.server.port}"; + target = "_blank"; + } + + { + name = "Sonarr"; + type = "Sonarr"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/sonarr.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:${builtins.toString config.services.sonarr.settings.server.port}"; + target = "_blank"; + } + + { + name = "Lidarr"; + type = "Lidarr"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/lidarr.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:${builtins.toString config.services.lidarr.settings.server.port}"; + target = "_blank"; + } + + { + name = "Prowlarr"; + type = "Prowlarr"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/prowlarr.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:${builtins.toString config.services.prowlarr.settings.server.port}"; + target = "_blank"; + } + + { + name = "qBittorrent"; + type = "qBittorrent"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/qbittorrent.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:${builtins.toString config.services.qbittorrent.webuiPort}"; + target = "_blank"; + } + + { + name = "SABnzbd"; + type = "SABnzbd"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/sabnzdb-light.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:8080"; + target = "_blank"; + } + ]; + } + ]; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/persistance/postgesql/default.nix b/modules/nixos/services/persistance/postgesql/default.nix new file mode 100644 index 0000000..dbd6604 --- /dev/null +++ b/modules/nixos/services/persistance/postgesql/default.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.services.persistance.postgresql; +in +{ + options.${namespace}.services.persistance.postgresql = { + enable = mkEnableOption "Postgresql"; + }; + + config = mkIf cfg.enable { + services = { + postgresql = { + enable = true; + authentication = '' + # Generated file, do not edit! + # TYPE DATABASE USER ADDRESS METHOD + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + ''; + }; + }; + }; +} diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden/default.nix index 0bb05f7..db8e162 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden/default.nix @@ -76,6 +76,12 @@ in "vault.kruining.eu".extraConfig = '' encode zstd gzip + handle_path /admin { + respond 401 { + close + } + } + reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} { header_up X-Real-IP {remote_host} } diff --git a/modules/nixos/services/virtualisation/podman/default.nix b/modules/nixos/services/virtualisation/podman/default.nix index 9b9dc89..0faf8ce 100644 --- a/modules/nixos/services/virtualisation/podman/default.nix +++ b/modules/nixos/services/virtualisation/podman/default.nix @@ -12,6 +12,7 @@ in config = mkIf cfg.enable { virtualisation = { containers.enable = true; + oci-containers.backend = "podman"; podman = { enable = true; diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 9876768..3b35750 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -10,11 +10,14 @@ authentication.authelia.enable = true; authentication.zitadel.enable = true; + communication.conduit.enable = true; + development.forgejo.enable = true; networking.ssh.enable = true; media.enable = true; + media.homer.enable = true; media.nfs.enable = true; observability = {