diff --git a/.just/machine.just b/.just/machine.just index 098e101..cbdf345 100644 --- a/.just/machine.just +++ b/.just/machine.just @@ -1,11 +1,11 @@ -@_default: list - -[doc('List machines')] -@list: - ls -1 ../systems/x86_64-linux/ - -[doc('Update the target machine')] -[no-exit-message] -@update machine: - just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nixos-rebuild switch --use-remote-sudo --target-host {{ machine }} --flake ..#{{ machine }} +@_default: list + +[doc('List machines')] +@list: + ls -1 ../systems/x86_64-linux/ + +[no-exit-message] +[doc('Update the target machine')] +@update machine: + just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | tr '\n' ' ')" + nixos-rebuild switch --use-remote-sudo --target-host {{ machine }} --flake ..#{{ machine }} \ No newline at end of file diff --git a/.just/vars.just b/.just/vars.just index 0d381ef..d8bd181 100644 --- a/.just/vars.just +++ b/.just/vars.just @@ -1,36 +1,36 @@ -set unstable - -base_path := invocation_directory() / "systems/x86_64-linux" -# sops := "nix shell nixpkgs#sops --command sops" -# yq := "nix shell nixpkgs#yq --command yq" -sops := "sops" -yq := "yq" - -@_default: - just --list - -[doc('list all vars of the target machine')] -list machine: - sops decrypt {{ base_path }}/{{ machine }}/secrets.yml - -@edit machine: - sops edit {{ base_path }}/{{ machine }}/secrets.yml - -@set machine key value: - sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\"" - - git add {{ base_path }}/{{ machine }}/secrets.yml - git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine}}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null - - echo "Done" - -@get machine key: - sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')" - -@remove machine key: - sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" - - git add {{ base_path }}/{{ machine }}/secrets.yml - git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine}}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null - +set unstable + +base_path := invocation_directory() / "systems/x86_64-linux" +# sops := "nix shell nixpkgs#sops --command sops" +# yq := "nix shell nixpkgs#yq --command yq" +sops := "sops" +yq := "yq" + +@_default: + just --list + +[doc('list all vars of the target machine')] +list machine: + sops decrypt {{ base_path }}/{{ machine }}/secrets.yml + +@edit machine: + sops edit {{ base_path }}/{{ machine }}/secrets.yml + +@set machine key value: + sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\"" + + git add {{ base_path }}/{{ machine }}/secrets.yml + git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine}}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null + + echo "Done" + +@get machine key: + sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')" + +@remove machine key: + sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" + + git add {{ base_path }}/{{ machine }}/secrets.yml + git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine}}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null + echo "Done" \ No newline at end of file diff --git a/.justfile b/.justfile index 87563d0..3a15d20 100644 --- a/.justfile +++ b/.justfile @@ -1,33 +1,33 @@ -@_default: - just --list --list-submodules - -[doc('Manage vars')] -mod vars '.just/vars.just' - -[doc('Manage machines')] -mod machine '.just/machine.just' - -[doc('Show information about project')] -@show: - echo "show" - -[doc('update the flake dependencies')] -@update: - nix flake update - git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null - echo "Done" - -[doc('Introspection on flake output')] -@select key: - nix eval --json .#{{ key }} | jq . - - - -#=============================================================================================== -# Utils -#=============================================================================================== -[no-exit-message] -[no-cd] -[private] -@assert condition message: +@_default: + just --list --list-submodules + +[doc('Manage vars')] +mod vars '.just/vars.just' + +[doc('Manage machines')] +mod machine '.just/machine.just' + +[doc('Show information about project')] +@show: + echo "show" + +[doc('update the flake dependencies')] +@update: + nix flake update + git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null + echo "Done" + +[doc('Introspection on flake output')] +@select key: + nix eval --json .#{{ key }} | jq . + + + +#=============================================================================================== +# Utils +#=============================================================================================== +[no-exit-message] +[no-cd] +[private] +@assert condition message: [ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; } \ No newline at end of file diff --git a/flake.lock b/flake.lock index cab88a5..9d38839 100644 --- a/flake.lock +++ b/flake.lock @@ -402,7 +402,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_5" + "flake-utils": "flake-utils_4" }, "locked": { "lastModified": 1715533576, @@ -457,25 +457,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "inputs": { - "systems": "systems_7" + "systems": "systems_6" }, "locked": { "lastModified": 1694529238, @@ -680,25 +662,6 @@ "type": "github" } }, - "mydia": { - "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1764568388, - "narHash": "sha256-kl8165eI0lUz9E96sdreZ48/nApydDfJP8IksjBveAw=", - "owner": "getmydia", - "repo": "mydia", - "rev": "74f0cf9a8ca782581ec0a35acf6526fccfbb6e2a", - "type": "github" - }, - "original": { - "owner": "getmydia", - "repo": "mydia", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -745,8 +708,8 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_6" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1763171892, @@ -893,22 +856,6 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1762977756, - "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1763469780, @@ -958,22 +905,6 @@ } }, "nixpkgs_5": { - "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1748929857, "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", @@ -989,7 +920,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1763421233, "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", @@ -1005,7 +936,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1761880412, "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", @@ -1021,7 +952,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1763191728, "narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=", @@ -1037,6 +968,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1762977756, + "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -1067,8 +1014,8 @@ "flake-compat": "flake-compat_4", "flake-parts": "flake-parts_2", "mnw": "mnw", - "nixpkgs": "nixpkgs_8", - "systems": "systems_6" + "nixpkgs": "nixpkgs_7", + "systems": "systems_5" }, "locked": { "lastModified": 1762622004, @@ -1118,12 +1065,11 @@ "himmelblau": "himmelblau", "home-manager": "home-manager", "jovian": "jovian", - "mydia": "mydia", "nix-minecraft": "nix-minecraft", "nixos-boot": "nixos-boot", "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nvf": "nvf", "plasma-manager": "plasma-manager", "snowfall-lib": "snowfall-lib", @@ -1216,7 +1162,7 @@ }, "sops-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1763509310, @@ -1241,9 +1187,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_8", + "systems": "systems_7", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1384,28 +1330,13 @@ "type": "github" } }, - "systems_9": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_9" + "systems": "systems_8" }, "locked": { "lastModified": 1762472226, diff --git a/flake.nix b/flake.nix index 5668380..d7a7508 100644 --- a/flake.nix +++ b/flake.nix @@ -88,54 +88,49 @@ url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; - - mydia = { - url = "github:getmydia/mydia"; - }; }; - outputs = inputs: - inputs.snowfall-lib.mkFlake { - inherit inputs; - src = ./.; + outputs = inputs: inputs.snowfall-lib.mkFlake { + inherit inputs; + src = ./.; - snowfall = { - namespace = "sneeuwvlok"; + snowfall = { + namespace = "sneeuwvlok"; - meta = { - name = "sneeuwvlok"; - title = "Sneeuwvlok"; - }; + meta = { + name = "sneeuwvlok"; + title = "Sneeuwvlok"; }; + }; - channels-config = { - allowUnfree = true; - permittedInsecurePackages = [ - # Due to *arr stack - "dotnet-sdk-6.0.428" - "aspnetcore-runtime-6.0.36" + channels-config = { + allowUnfree = true; + permittedInsecurePackages = [ + # Due to *arr stack + "dotnet-sdk-6.0.428" + "aspnetcore-runtime-6.0.36" - # I think this is because of zen - "qtwebengine-5.15.19" + # I think this is because of zen + "qtwebengine-5.15.19" - # For Nheko, the matrix client - "olm-3.2.16" - ]; - }; - - overlays = with inputs; [ - fenix.overlays.default - nix-minecraft.overlay - flux.overlays.default - ]; - - systems.modules = with inputs; [ - clan-core.nixosModules.default - ]; - - homes.modules = with inputs; [ - stylix.homeModules.stylix - plasma-manager.homeModules.plasma-manager + # For Nheko, the matrix client + "olm-3.2.16" ]; }; + + overlays = with inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + systems.modules = with inputs; [ + clan-core.nixosModules.default + ]; + + homes.modules = with inputs; [ + stylix.homeModules.stylix + plasma-manager.homeModules.plasma-manager + ]; + }; } diff --git a/modules/home/application/steam/default.nix b/modules/home/application/steam/default.nix index ec47942..8c87b40 100644 --- a/modules/home/application/steam/default.nix +++ b/modules/home/application/steam/default.nix @@ -1,55 +1,55 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.application.steam; -in -{ - options.${namespace}.application.steam = { - enable = mkEnableOption "enable steam"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ protonup-ng ]; - - home.sessionVariables = { - STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; - }; - - programs = { - # steam = { - # enable = true; - # package = pkgs.steam-small.override { - # extraEnv = { - # DXVK_HUD = "compiler"; - # MANGOHUD = true; - # }; - # }; - - # gamescopeSession = { - # enable = true; - # args = ["--immediate-flips"]; - # }; - # }; - - # https://github.com/FeralInteractive/gamemode - # gamemode = { - # enable = true; - # enableRenice = true; - # settings = {}; - # }; - - # gamescope = { - # enable = true; - # capSysNice = true; - # env = { - # DXVK_HDR = "1"; - # ENABLE_GAMESCOPE_WSI = "1"; - # WINE_FULLSCREEN_FSR = "1"; - # WLR_RENDERER = "vulkan"; - # }; - # args = ["--hdr-enabled"]; - # }; - }; - }; -} +{ inputs, config, lib, pkgs, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.application.steam; +in +{ + options.${namespace}.application.steam = { + enable = mkEnableOption "enable steam"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [ protonup-ng ]; + + home.sessionVariables = { + STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; + }; + + programs = { + # steam = { + # enable = true; + # package = pkgs.steam-small.override { + # extraEnv = { + # DXVK_HUD = "compiler"; + # MANGOHUD = true; + # }; + # }; + + # gamescopeSession = { + # enable = true; + # args = ["--immediate-flips"]; + # }; + # }; + + # https://github.com/FeralInteractive/gamemode + # gamemode = { + # enable = true; + # enableRenice = true; + # settings = {}; + # }; + + # gamescope = { + # enable = true; + # capSysNice = true; + # env = { + # DXVK_HDR = "1"; + # ENABLE_GAMESCOPE_WSI = "1"; + # WINE_FULLSCREEN_FSR = "1"; + # WLR_RENDERER = "vulkan"; + # }; + # args = ["--hdr-enabled"]; + # }; + }; + }; +} diff --git a/modules/home/application/teamspeak/default.nix b/modules/home/application/teamspeak/default.nix index aab3c5d..d234e9a 100644 --- a/modules/home/application/teamspeak/default.nix +++ b/modules/home/application/teamspeak/default.nix @@ -1,15 +1,15 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.application.teamspeak; -in -{ - options.${namespace}.application.teamspeak = { - enable = mkEnableOption "enable teamspeak"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ teamspeak3 teamspeak6-client ]; - }; -} +{ inputs, config, lib, pkgs, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.application.teamspeak; +in +{ + options.${namespace}.application.teamspeak = { + enable = mkEnableOption "enable teamspeak"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [ teamspeak3 teamspeak6-client ]; + }; +} diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index ee06900..9a02f01 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -13,7 +13,7 @@ in organization = mkOption { type = types.attrsOf (types.submodule ({ name, ... }: { - options = + options = let org = name; in @@ -23,11 +23,11 @@ in default = false; example = "true"; description = '' - True sets the '${org}' org as default org for the instance. Only one org can be default org. + True sets the org as default org for the instance. Only one org can be default org. Nothing happens if you set it to false until you set another org as default org. ''; }; - + project = mkOption { default = {}; type = types.attrsOf (types.submodule { @@ -46,7 +46,7 @@ in default = null; example = "enforceProjectResourceOwnerPolicy"; description = '' - Defines from where the private labeling should be triggered, + Defines from where the private labeling should be triggered, supported values: - unspecified @@ -54,7 +54,7 @@ in - allowLoginUserResourceOwnerPolicy ''; }; - + projectRoleAssertion = mkOption { type = types.bool; default = false; @@ -63,7 +63,7 @@ in Describes if roles of user should be added in token. ''; }; - + projectRoleCheck = mkOption { type = types.bool; default = false; @@ -72,11 +72,11 @@ in ZITADEL checks if the user has at least one on this project. ''; }; - + role = mkOption { default = {}; type = types.attrsOf (types.submodule ({ name, ... }: { - options = + options = let roleName = name; in @@ -101,12 +101,12 @@ in }; })); }; - + assign = mkOption { default = {}; type = types.attrsOf (types.listOf types.str); }; - + application = mkOption { default = {}; type = types.attrsOf (types.submodule { @@ -141,8 +141,8 @@ in ''; }; - exportMap = - let + exportMap = + let strOpt = mkOption { type = types.nullOr types.str; default = null; }; in mkOption { @@ -164,11 +164,11 @@ in }; }); }; - + user = mkOption { default = {}; type = types.attrsOf (types.submodule ({ name, ... }: { - options = + options = let username = name; in @@ -226,7 +226,7 @@ in }; })); }; - + action = mkOption { default = {}; type = types.attrsOf (types.submodule ({ name, ... }: { @@ -263,7 +263,7 @@ in }; })); }; - + triggers = mkOption { default = []; type = types.listOf (types.submodule { @@ -321,20 +321,28 @@ in accessTokenType = mapEnum "OIDC_TOKEN_TYPE" value; }."${type}" or value); - toResource = name: value: nameValuePair + toResource = name: value: nameValuePair (toSnakeCase name) (lib.mapAttrs' (k: v: nameValuePair (toSnakeCase k) (mapValue k v)) value); withRef = type: name: attrs: attrs // (mapRef type name); select = keys: callback: set: - if (length keys) == 0 then + if (length keys) == 0 then mapAttrs' callback set else let key = head keys; in concatMapAttrs (k: v: select (drop 1 keys) (callback k) (v.${key} or {})) set ; append = attrList: set: set // (listToAttrs attrList); + forEach = src: key: set: + let + _key = concatMapStringsSep "_" (k: "\${item.${k}}") key; + in + { + forEach = "{ for item in ${src} : \"${_key}\" => item }"; + } + // set; config' = config; @@ -344,21 +352,7 @@ in modules = [ ({ config, lib, ... }: { - config = - let - forEach = src: key: set: - let - _key = concatMapStringsSep "_" (k: "\${item.${k}}") key; - in - { - forEach = lib.tfRef ''{ - for item in ${src} : - "''${item.org}_''${item.name}" => item - }''; - } - // set; - in - { + config = { terraform.required_providers.zitadel = { source = "zitadel/zitadel"; version = "2.2.0"; @@ -382,18 +376,18 @@ in } ] ]) "; - orgs = cfg.organization |> mapAttrs (org: _: lib.tfRef "resource.zitadel_org.${org}.id"); + orgs = cfg.organization |> mapAttrs (org: _: lib.tfRef "resource.zitadel_org.${org}.id"); }; resource = { # Organizations - zitadel_org = cfg.organization |> select [] (name: { isDefault, ... }: + zitadel_org = cfg.organization |> select [] (name: { isDefault, ... }: { inherit name isDefault; } |> toResource name ); # Projects per organization - zitadel_project = cfg.organization |> select [ "project" ] (org: name: { hasProjectCheck, privateLabelingSetting, projectRoleAssertion, projectRoleCheck, ... }: + zitadel_project = cfg.organization |> select [ "project" ] (org: name: { hasProjectCheck, privateLabelingSetting, projectRoleAssertion, projectRoleCheck, ... }: { inherit name hasProjectCheck privateLabelingSetting projectRoleAssertion projectRoleCheck; } @@ -402,7 +396,7 @@ in ); # Each OIDC app per project - zitadel_application_oidc = cfg.organization |> select [ "project" "application" ] (org: project: name: { redirectUris, grantTypes, responseTypes, ...}: + zitadel_application_oidc = cfg.organization |> select [ "project" "application" ] (org: project: name: { redirectUris, grantTypes, responseTypes, ...}: { inherit name redirectUris grantTypes responseTypes; @@ -410,41 +404,41 @@ in idTokenRoleAssertion = true; accessTokenType = "JWT"; } - |> withRef "org" org - |> withRef "project" "${org}_${project}" + |> withRef "org" org + |> withRef "project" "${org}_${project}" |> toResource "${org}_${project}_${name}" ); # Each project role - zitadel_project_role = cfg.organization |> select [ "project" "role" ] (org: project: name: value: + zitadel_project_role = cfg.organization |> select [ "project" "role" ] (org: project: name: value: { inherit (value) displayName group; roleKey = name; } - |> withRef "org" org - |> withRef "project" "${org}_${project}" + |> withRef "org" org + |> withRef "project" "${org}_${project}" |> toResource "${org}_${project}_${name}" ); # Each project role assignment zitadel_user_grant = cfg.organization |> select [ "project" "assign" ] (org: project: user: roles: { roleKeys = roles; } - |> withRef "org" org - |> withRef "project" "${org}_${project}" - |> withRef "user" "${org}_${user}" + |> withRef "org" org + |> withRef "project" "${org}_${project}" + |> withRef "user" "${org}_${user}" |> toResource "${org}_${project}_${user}" ); # Users - zitadel_human_user = - cfg.organization - |> select [ "user" ] (org: name: { email, userName, firstName, lastName, ... }: + zitadel_human_user = + cfg.organization + |> select [ "user" ] (org: name: { email, userName, firstName, lastName, ... }: { inherit email userName firstName lastName; isEmailVerified = true; - } + } |> withRef "org" org |> toResource "${org}_${name}" ) - |> append + |> append [ (forEach "local.extra_users" [ "org" "name" ] { orgId = lib.tfRef "local.orgs[each.value.org]"; @@ -452,7 +446,7 @@ in email = lib.tfRef "each.value.email"; firstName = lib.tfRef "each.value.firstName"; lastName = lib.tfRef "each.value.lastName"; - + isEmailVerified = true; } |> toResource "extraUsers") @@ -460,20 +454,20 @@ in ; # Global user roles - zitadel_instance_member = - cfg.organization + zitadel_instance_member = + cfg.organization |> filterAttrsRecursive (n: v: !(v ? "instanceRoles" && (length v.instanceRoles) == 0)) - |> select [ "user" ] (org: name: { instanceRoles, ... }: - { roles = instanceRoles; } + |> select [ "user" ] (org: name: { instanceRoles, ... }: + { roles = instanceRoles; } |> withRef "user" "${org}_${name}" |> toResource "${org}_${name}" ); # Organazation specific roles - zitadel_org_member = + zitadel_org_member = cfg.organization |> filterAttrsRecursive (n: v: !(v ? "roles" && (length v.roles) == 0)) - |> select [ "user" ] (org: name: { roles, ... }: + |> select [ "user" ] (org: name: { roles, ... }: { inherit roles; } |> withRef "org" org |> withRef "user" "${org}_${name}" @@ -481,9 +475,9 @@ in ); # Organazation's actions - zitadel_action = cfg.organization |> select [ "action" ] (org: name: { timeout, allowedToFail, script, ...}: - { - inherit allowedToFail name; + zitadel_action = cfg.organization |> select [ "action" ] (org: name: { timeout, allowedToFail, script, ...}: + { + inherit allowedToFail name; timeout = "${toString timeout}s"; script = "const ${name} = ${script}"; } @@ -492,20 +486,20 @@ in ); # Organazation's action assignments - zitadel_trigger_actions = + zitadel_trigger_actions = cfg.organization |> concatMapAttrs (org: { triggers, ... }: triggers |> imap0 (i: { flowType, triggerType, actions, ... }: (let name = "trigger_${toString i}"; in { - inherit flowType triggerType; + inherit flowType triggerType; - actionIds = - actions + actionIds = + actions |> map (action: (lib.tfRef "zitadel_action.${org}_${toSnakeCase action}.id")); - } - |> withRef "org" org - |> toResource "${org}_${name}" + } + |> withRef "org" org + |> toResource "${org}_${name}" )) |> listToAttrs ); @@ -522,7 +516,7 @@ in }; # Client credentials per app - local_sensitive_file = cfg.organization |> select [ "project" "application" ] (org: project: name: { exportMap, ... }: + local_sensitive_file = cfg.organization |> select [ "project" "application" ] (org: project: name: { exportMap, ... }: nameValuePair "${org}_${project}_${name}" { content = '' ${if exportMap.client_id != null then exportMap.client_id else "CLIENT_ID"}=${lib.tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_id"} @@ -536,7 +530,7 @@ in }) ]; }; - in + in mkIf cfg.enable { ${namespace}.services.persistance.postgresql.enable = true; @@ -554,7 +548,7 @@ in wantedBy = [ "multi-user.target" ]; wants = [ "zitadel.service" ]; - + script = '' #!/usr/bin/env bash @@ -634,7 +628,7 @@ in Org = { Name = "kruining"; - + Human = { UserName = "chris"; FirstName = "Chris"; @@ -645,7 +639,7 @@ in }; Password = "KaasIsAwesome1!"; }; - + Machine = { Machine = { Username = "terraform-service-user"; @@ -654,7 +648,7 @@ in MachineKey = { ExpirationDate = "2026-01-01T00:00:00Z"; Type = 1; }; # Pat = { ExpirationDate = "2026-01-01T00:00:00Z"; }; }; - + # LoginClient.Machine = { # Username = "terraform-service-user"; # Name = "Terraform"; @@ -695,7 +689,7 @@ in ''; }; }; - + networking.firewall.allowedTCPPorts = [ 80 443 ]; # Secrets diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 6405932..ce92df4 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -1,10 +1,5 @@ -{ - config, - lib, - pkgs, - namespace, - ... -}: let +{ config, lib, pkgs, namespace, ... }: +let inherit (builtins) toString toJSON; inherit (lib) mkIf mkEnableOption; @@ -15,7 +10,8 @@ port = 4001; database = "synapse"; -in { +in +{ options.${namespace}.services.communication.matrix = { enable = mkEnableOption "Matrix server (Synapse)"; }; @@ -26,13 +22,13 @@ in { # virtualisation.podman.enable = true; }; - networking.firewall.allowedTCPPorts = [4001]; + networking.firewall.allowedTCPPorts = [ 4001 ]; services = { matrix-synapse = { enable = true; - extras = ["oidc"]; + extras = [ "oidc" ]; extraConfigFiles = [ config.sops.templates."synapse-oidc.yaml".path @@ -56,7 +52,7 @@ in { backchannel_logout_enabled = true; sso = { - client_whitelist = ["http://[::1]:9092"]; + client_whitelist = [ "http://[::1]:9092" ]; update_profile_information = true; }; @@ -79,7 +75,7 @@ in { resources = [ { - names = ["client" "federation" "openid" "metrics" "media" "health"]; + names = [ "client" "federation" "openid" "metrics" "media" "health" ]; compress = true; } ]; @@ -136,7 +132,7 @@ in { postgresql = { enable = true; - ensureDatabases = [database]; + ensureDatabases = [ database ]; ensureUsers = [ { name = database; @@ -196,7 +192,7 @@ in { localpart_template: "{{ user.preferred_username }}" display_name_template: "{{ user.name }}" ''; - restartUnits = ["matrix-synapse.service"]; + restartUnits = [ "matrix-synapse.service" ]; }; }; }; diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo/default.nix index c7aff89..52f026f 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo/default.nix @@ -1,16 +1,12 @@ -{ - config, - lib, - pkgs, - namespace, - ... -}: let +{ config, lib, pkgs, namespace, ... }: +let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption; cfg = config.${namespace}.services.development.forgejo; domain = "git.amarth.cloud"; -in { +in +{ options.${namespace}.services.development.forgejo = { enable = mkEnableOption "Forgejo"; @@ -30,7 +26,7 @@ in { virtualisation.podman.enable = true; }; - environment.systemPackages = with pkgs; [forgejo]; + environment.systemPackages = with pkgs; [ forgejo ]; services = { forgejo = { @@ -145,7 +141,7 @@ in { }; }; - openssh.settings.AllowUsers = ["forgejo"]; + openssh.settings.AllowUsers = [ "forgejo" ]; gitea-actions-runner = { package = pkgs.forgejo-runner; @@ -188,14 +184,14 @@ in { "forgejo/action_runner_token" = { owner = "gitea-runner"; group = "gitea-runner"; - restartUnits = ["gitea-runner-default.service"]; + restartUnits = [ "gitea-runner-default.service" ]; }; "forgejo/email" = { owner = "forgejo"; group = "forgejo"; key = "email/chris_kruining_eu"; - restartUnits = ["forgejo.service"]; + restartUnits = [ "forgejo.service" ]; }; }; }; diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix deleted file mode 100644 index 6fa94ca..0000000 --- a/modules/nixos/services/media/mydia/default.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ - config, - lib, - namespace, - inputs, - system, - ... -}: let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.services.media.mydia; -in { - imports = [ - inputs.mydia.nixosModules.default - ]; - - options.${namespace}.services.media.mydia = { - enable = mkEnableOption "Enable Mydia"; - }; - - config = mkIf cfg.enable { - services.mydia = { - enable = true; - package = inputs.mydia.packages.${system}.default; - - port = 2010; - openFirewall = true; - - secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path; - guardianSecretKeyFile = config.sops.secrets."mydia/guardian_secret".path; - - oidc = { - enable = true; - issuer = "https://auth.kruining.eu"; - clientIdFile = config.sops.secrets."mydia/oidc_id".path; - clientSecretFile = config.sops.secrets."mydia/oidc_secret".path; - scopes = ["openid" "profile" "email"]; - }; - }; - - sops.secrets = - ["secret_key_base" "guardian_secret" "oidc_id" "oidc_secret"] - |> lib.map (name: - lib.nameValuePair "mydia/${name}" { - owner = config.services.mydia.user; - group = config.services.mydia.group; - restartUnits = ["mydia.service"]; - }) - |> lib.listToAttrs; - }; -} diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 733fe99..c67e52d 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -1,20 +1,14 @@ -{ - pkgs, - config, - lib, - namespace, - inputs, - system, - ... -}: let +{ pkgs, config, lib, namespace, inputs, system, ... }: +let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types; cfg = config.${namespace}.services.media.servarr; -in { +in +{ options.${namespace}.services.media = { servarr = mkOption { - type = types.attrsOf (types.submodule ({name, ...}: { + type = types.attrsOf (types.submodule ({ name, ... }: { options = { enable = mkEnableOption "Enable ${name}"; debug = mkEnableOption "Use tofu plan instead of tofu apply for ${name} "; @@ -34,13 +28,9 @@ in { }; config = { - services = + services = cfg - |> lib.mapAttrsToList (service: { - enable, - port, - ... - }: (mkIf enable { + |> lib.mapAttrsToList (service: { enable, port, ... }: (mkIf enable { "${service}" = { enable = true; openFirewall = true; @@ -68,44 +58,31 @@ in { }; })) |> lib.mergeAttrsList - |> (set: - set - // { - postgresql = { - ensureDatabases = cfg |> lib.attrNames; - ensureUsers = - cfg - |> lib.attrNames - |> lib.map (service: { - name = service; - ensureDBOwnership = true; - }); - }; - }); + |> (set: set // { + postgresql = { + ensureDatabases = cfg |> lib.attrNames; + ensureUsers = cfg |> lib.attrNames |> lib.map (service: { + name = service; + ensureDBOwnership = true; + }); + }; + }) + ; - systemd = + systemd = cfg - |> lib.mapAttrsToList (service: { - enable, - debug, - port, - rootFolders, - ... - }: (mkIf enable { + |> lib.mapAttrsToList (service: { enable, debug, port, rootFolders, ... }: (mkIf enable { tmpfiles.rules = [ "d /var/lib/${service}ApplyTerraform 0755 ${service} ${service} -" ]; - services."${service}ApplyTerraform" = let + services."${service}ApplyTerraform" = + let terraformConfiguration = inputs.terranix.lib.terranixConfiguration { inherit system; modules = [ - ({ - config, - lib, - ... - }: { + ({ config, lib, ... }: { config = { variable = { api_key = { @@ -125,21 +102,23 @@ in { }; resource = { - "${service}_root_folder" = + "${service}_root_folder" = rootFolders - |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) - |> lib.listToAttrs; + |> lib.imap (i: f: lib.nameValuePair "local${toString i}" { path = f; }) + |> lib.listToAttrs + ; }; }; }) ]; }; - in { + in + { description = "${service} terraform apply"; - wantedBy = ["multi-user.target"]; - wants = ["${service}.service"]; - + wantedBy = [ "multi-user.target" ]; + wants = [ "${service}.service" ]; + script = '' #!/usr/bin/env bash @@ -162,11 +141,7 @@ in { # Run the infrastructure code ${lib.getExe pkgs.opentofu} \ - ${ - if debug - then "plan" - else "apply -auto-approve" - } \ + ${if debug then "plan" else "apply -auto-approve"} \ -var-file='${config.sops.templates."${service}/config.tfvars".path}' ''; @@ -183,29 +158,31 @@ in { }; }; })) - |> lib.mergeAttrsList; + |> lib.mergeAttrsList + ; - users.users = + users.users = cfg - |> lib.mapAttrsToList (service: {enable, ...}: (mkIf enable { - "${service}".extraGroups = ["media"]; + |> lib.mapAttrsToList (service: { enable, ... }: (mkIf enable { + "${service}".extraGroups = [ "media" ]; })) - |> lib.mergeAttrsList; + |> lib.mergeAttrsList + ; - sops = + sops = cfg - |> lib.mapAttrsToList (service: {enable, ...}: (mkIf enable { + |> lib.mapAttrsToList (service: { enable, ... }: (mkIf enable { secrets."${service}/apikey" = { owner = service; group = service; - restartUnits = ["${service}.service"]; + restartUnits = [ "${service}.service" ]; }; templates = { "${service}/config.env" = { owner = service; group = service; - restartUnits = ["${service}.service"]; + restartUnits = [ "${service}.service" ]; content = '' ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}" ''; @@ -214,16 +191,18 @@ in { "${service}/config.tfvars" = { owner = service; group = service; - restartUnits = ["${service}.service"]; + restartUnits = [ "${service}.service" ]; content = '' api_key = "${config.sops.placeholder."${service}/apikey"}" ''; }; }; })) - |> lib.mergeAttrsList; + |> lib.mergeAttrsList + ; }; + # cfg # |> lib.mapAttrsToList (service: { enable, debug, port, rootFolders, ... }: (mkIf enable { diff --git a/modules/nixos/shells/default.nix b/modules/nixos/shells/default.nix index 37afd9b..6b5c058 100644 --- a/modules/nixos/shells/default.nix +++ b/modules/nixos/shells/default.nix @@ -1,5 +1,2 @@ -{...}: { - config = { - programs.bash.enableCompletion = true; - }; -} +{ ... }: +{} \ No newline at end of file diff --git a/packages/mydia/default.nix b/packages/mydia/default.nix new file mode 100644 index 0000000..769bef3 --- /dev/null +++ b/packages/mydia/default.nix @@ -0,0 +1,101 @@ +{ + lib, + fetchFromGitHub, + pkgs, + stdenv, + ... +}: let + erlang = pkgs.beam.packagesWith pkgs.beam.interpreters.erlang; + + erlangSystem = + { + aarch64-darwin = "macos-arm64"; + aarch64-linux = "linux-arm64"; + armv7l-linux = "linux-armv7"; + x86_64-darwin = "macos-x64"; + x86_64-linux = "linux-x64"; + } + .${ + stdenv.hostPlatform.system + }; + + version = "v0.6.0"; + pname = "mydia"; + src = fetchFromGitHub { + owner = "getmydia"; + repo = "mydia"; + rev = version; + hash = "sha256-JGT52ulnqcx8o+3e0l50TLAwLIWXEI8nwFGUsA95vH0="; + }; + mixFodDeps = erlang.fetchMixDeps { + inherit version src; + pname = "mix-deps-${pname}-${version}"; + hash = "sha256-19q56IZe8YjuUBXirFGgmBsewJ0cmdOoO1yfiMaWGWk="; + }; + npmFodDeps = pkgs.fetchNpmDeps { + src = "${src}/assets"; + hash = "sha256-0cz75pxhxvzo1RogsV8gTP6GrgLIboWQXcKpq42JZ6o="; + }; +in + erlang.mixRelease { + inherit pname version src mixFodDeps; + + enableDebugInfo = true; + + nativeBuildInputs = with pkgs; [ + which + ffmpeg_6 + fdk_aac + sqlite + postgresql + tailwindcss_4 + esbuild + pkg-config + ]; + + env = { + EXQLITE_USE_SYSTEM = "1"; + EXQLITE_SYSTEM_CFLAGS = "-I${pkgs.sqlite.dev}/include"; + EXQLITE_SYSTEM_LDFLAGS = "-L${pkgs.sqlite.out}/lib -lsqlite3"; + DATABASE_TYPE = "postgres"; + }; + + preInstall = '' + ln -s ${lib.getExe pkgs.tailwindcss_4} _build/tailwind-${erlangSystem} + ln -s ${lib.getExe pkgs.esbuild} _build/esbuild-${erlangSystem} + ln -s ${npmFodDeps} assets/node_modules + + mix do \ + deps.loadpaths --no-deps-check, \ + tailwind default --minify + esbuild default --minify + phx.digest, \ + assets.deploy + ''; + + meta = { + description = "Your personal media companion, built with Phoenix LiveView"; + longDescription = '' + A modern, self-hosted media management platform for tracking, organizing, and monitoring your media library. + + # ✨ Features + + - 📺 Unified Media Management – Track both movies and TV shows with rich metadata from TMDB/TVDB + - 🤖 Automated Downloads – Background search and download with quality profiles and smart release ranking + - ⬇️ Download Clients – qBittorrent, Transmission, SABnzbd, and NZBGet support + - 🔎 Indexer Integration – Search via Prowlarr and Jackett for finding releases + - 📚 Built-in Indexer Library – Native Cardigann support (experimental, limited testing) + - 👥 Multi-User System – Built-in admin/guest roles with request approval workflow + - 🔐 SSO Support – Local authentication plus OIDC/OpenID Connect integration + - 🔔 Release Calendar – Track upcoming releases and monitor episodes + - 🎨 Modern Real-Time UI – Phoenix LiveView with instant updates and responsive design + ''; + + homepage = "https://github.com/getmydia/mydia"; + changelog = "https://github.com/getmydia/mydia/releases"; + license = lib.licenses.agpl3Only; + + maintainers = []; + + platforms = lib.platforms.all; + mainProgram = pname; + }; + } diff --git a/shells/default/default.nix b/shells/default/default.nix index 5bd5b5f..03756be 100644 --- a/shells/default/default.nix +++ b/shells/default/default.nix @@ -15,7 +15,6 @@ mkShell { alejandra nil nixd - openssl inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli ]; } diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 93171d8..0310818 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ./disks.nix ./hardware.nix @@ -7,10 +8,7 @@ networking = { interfaces.enp2s0 = { ipv6.addresses = [ - { - address = "2a0d:6e00:1dc9:0::dead:beef"; - prefixLength = 64; - } + { address = "2a0d:6e00:1dc9:0::dead:beef"; prefixLength = 64; } ]; useDHCP = true; @@ -41,7 +39,7 @@ sneeuwvlok = { services = { backup.borg.enable = true; - + authentication.zitadel = { enable = true; @@ -53,8 +51,8 @@ firstName = "Chris"; lastName = "Kruining"; - roles = ["ORG_OWNER"]; - instanceRoles = ["IAM_OWNER"]; + roles = [ "ORG_OWNER" ]; + instanceRoles = [ "IAM_OWNER" ]; }; kaas = { @@ -80,27 +78,27 @@ }; assign = { - chris = ["jellyfin" "jellyfin_admin"]; - kaas = ["jellyfin"]; + chris = [ "jellyfin" "jellyfin_admin" ]; + kaas = [ "jellyfin" ]; }; application = { jellyfin = { - redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; + redirectUris = [ "https://jellyfin.kruining.eu/sso/OID/redirect/zitadel" ]; + grantTypes = [ "authorizationCode" ]; + responseTypes = [ "code" ]; }; forgejo = { - redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; + redirectUris = [ "https://git.amarth.cloud/user/oauth2/zitadel/callback" ]; + grantTypes = [ "authorizationCode" ]; + responseTypes = [ "code" ]; }; vaultwarden = { - redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; + redirectUris = [ "https://vault.kruining.eu/identity/connect/oidc-signin" ]; + grantTypes = [ "authorizationCode" ]; + responseTypes = [ "code" ]; exportMap = { client_id = "SSO_CLIENT_ID"; client_secret = "SSO_CLIENT_SECRET"; @@ -108,15 +106,9 @@ }; matrix = { - redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - - mydia = { - redirectUris = ["http://localhost:2010/auth/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; + redirectUris = [ "https://matrix.kruining.eu/_synapse/client/oidc/callback" ]; + grantTypes = [ "authorizationCode" ]; + responseTypes = [ "code" ]; }; }; }; @@ -129,9 +121,9 @@ if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { return; } - + const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); - + api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); }; ''; @@ -139,16 +131,8 @@ }; triggers = [ - { - flowType = "customiseToken"; - triggerType = "preUserinfoCreation"; - actions = ["flattenRoles"]; - } - { - flowType = "customiseToken"; - triggerType = "preAccessTokenCreation"; - actions = ["flattenRoles"]; - } + { flowType = "customiseToken"; triggerType = "preUserinfoCreation"; actions = [ "flattenRoles" ]; } + { flowType = "customiseToken"; triggerType = "preAccessTokenCreation"; actions = [ "flattenRoles" ]; } ]; }; }; @@ -162,7 +146,6 @@ media.enable = true; media.homer.enable = true; - media.mydia.enable = true; media.nfs.enable = true; media.servarr = { # radarr = { @@ -207,7 +190,7 @@ database = { # type = "sqlite"; # file = "/var/lib/vaultwarden/state.db"; - + type = "postgresql"; host = "localhost"; port = 5432; diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index b0d432e..7a26401 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -19,11 +19,6 @@ lidarr: apikey: ENC[AES256_GCM,data:I2eKaxidmxem7C7ukmyIfwASNqrkS4vEOiCcU5kSNY6DR0pXsYg0PBdgu8vzK6llbXODLdG5t55BordIWvVRJGAauo0FMvtp59NSNpza7cK68tdKGvNefD6bqhUIR06BY11niQ==,iv:48AD7cd17TlWY5yAagepLOIVwgxhD/d13Pnup6GsWDA=,tag:teOVtW8opE99hqAXQwvlrA==,type:str] prowlarr: apikey: ENC[AES256_GCM,data:pyZ2WGEs/PlIdhDsQq2TPGJbplkd5fLF0ZkBjITqIJlnAzYHb+rl+KOM4rHqQcI6yAJM8X1Y3ymGrD7vG7GiRxB7yoEG13SKhZIWOddTnxIhbkz81RfrL2fUJIydOaP6sS//9Q==,iv:Tr6MWoC6nC7rdVTOjT1T2itT+lVL4GnUiAr5/+IHAs0=,tag:keIJNuGeVht8+xSN3FnBGA==,type:str] -mydia: - oidc_id: ENC[AES256_GCM,data:ymZdkUjbbTuJuGvI5T9d,iv:ccKpjKnzUH+/sGEBnmxnMNU3lY+j8NPUjvj8q4phprs=,tag:11H0Vd28gPajyU+3uAUYUQ==,type:str] - oidc_secret: ENC[AES256_GCM,data:N7qdoueB9ayGx0RWdw/w,iv:k09TaKjNShaFWImZ82Fjqvjj4CPVIqVhCPZ7o1DgjX4=,tag:q+HMYN4zd7pFqCX90uaWgQ==,type:str] - secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str] - guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -44,7 +39,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-01T09:05:11Z" - mac: ENC[AES256_GCM,data:6gFet+aW7tlQqy4aSulBTJ+mYpu1OxfK8Wa3noXNNDlFwTEpCWEhdwFDqWZ+sd5opINQoPrHD23BwiXYoJtKPeLd9/kpn//CgHvYcwgGDpPzCMbyDOLutlspyY4pfYrEezm8+yg3r5TkJK3o7U2Q8kkfdQQcfEGIsr9GDRKSplw=,iv:PYclBivPBifGreNWeCCZ74koSb51xBMYeviHf0SaxbA=,tag:Lb+vlcBUgpJE0XfJ/gwDiw==,type:str] + lastmodified: "2025-11-19T09:51:26Z" + mac: ENC[AES256_GCM,data:pMMkxHPochpI8si/oHhU7MHqC1JjNhMP7HCRNQQEkwBQI489xiC02t+qUwpmG4oIheqi8lEcZPpL4t9HzRN9sZImaI2LrJn3cHFojHzXzo7FPfvfUilZe1+JXLfm+wn+bflAEutIcfDiZc/MjiKOxRHwZy5Pr41Mj6uPIUr62zk=,iv:GwvMVgJ6m1DQcRZMVzshbuMK/Kx8vE8Ym83KbxuvYRg=,tag:wVSol9LDRzoFjQppB8J9gA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0