diff --git a/.jq/format.jq b/.jq/format.jq deleted file mode 100644 index 5c65495..0000000 --- a/.jq/format.jq +++ /dev/null @@ -1,34 +0,0 @@ -def RESET: "0"; -def BOLD: "1"; -def DIM: "2"; -def ITALIC: "3"; -def UNDERLINE: "4"; -def BLINKING: "5"; -def INVERSE: "7"; -def HIDDEN: "8"; -def STRIKETHROUGH: "9"; -def RESET_FONT: "22"; - -def BLACK: 0; -def RED: 1; -def GREEN: 2; -def YELLOW: 3; -def BLUE: 4; -def MAGENTA: 5; -def CYAN: 6; -def WHITE: 7; -def DEFAULT: 9; - -def foreground(color): 30 + color; -def background(color): 40 + color; -def bright(color): 60 + color; - -def escape(options): - (if ((options|type) == "array") then options else [options] end) as $o - | "\u001b[\($o | map(tostring) | join(";"))m"; - -def style(options): escape(options) + . + escape([RESET]); - -def to_title: - (.|ascii_upcase) as $str - | escape([BOLD, foreground(BLACK), background(WHITE)]) + " " + $str + " " + escape([RESET]); diff --git a/.jq/table.jq b/.jq/table.jq deleted file mode 100644 index 5c58aef..0000000 --- a/.jq/table.jq +++ /dev/null @@ -1,59 +0,0 @@ -import "format" as _ {search:"./"}; - -def n_max(limit): - if . > limit then limit else . end; - -def n_min(limit): - if . < limit then limit else . end; - -def pad_right(width): - (. | tostring) as $s - | ($s | length) as $l - | ((width - $l) | n_min(0)) as $w - | ($s + (" " * $w)); - -def to_cells(sizes; fn): - to_entries - | map( - (sizes[.key]) as $size - | (" " + .value) - | pad_right($size + 2) - | fn // . - ); - -def to_cells(sizes): to_cells(sizes; null); - -def to_line(left; joiner; right): - [left, .[1], (.[1:] | map([joiner, .]) ), right] | flatten | join(""); - -def create(data; header_callback; cell_callback): - (data[0] | to_entries | map(.key)) as $keys - | ([$keys]) as $header - | (data | map(to_entries | map(.value))) as $rows - | ($header + $rows) as $cells - | ( - $keys # Use keys so that we have an array of the correct size - | to_entries - | map( - (.key) as $i - | $cells - | map(.[$i] | length) - | max - ) - ) as $column_sizes - | ( - [ - ($column_sizes | map("═" * (. + 2)) | to_line("╔"; "╤"; "╗")), - ($keys | to_cells($column_sizes; header_callback) | to_line("║"; "│"; "║")), - ($rows | map([ - ($column_sizes | map("─" * (. + 2)) | to_line("╟"; "┼"; "╢")), - (. | to_cells($column_sizes; cell_callback) | to_line("║"; "│"; "║")) - ])), - ($column_sizes | map("═" * (. + 2)) | to_line("╚"; "╧"; "╝")) - ] - | flatten - | join("\n") - ); - -def create(data; header_callback): create(data; header_callback; null); -def create(data): create(data; _::style(_::BOLD); null); diff --git a/.just/machine.just b/.just/machine.just index d07986b..3e3ba14 100644 --- a/.just/machine.just +++ b/.just/machine.just @@ -1,11 +1,14 @@ -@_default: list +set unstable := true +set quiet := true + +_default: list [doc('List machines')] -@list: +list: ls -1 ../systems/x86_64-linux/ [doc('Update the target machine')] [no-exit-message] -@update machine: - just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json +update machine: + just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | tr '\n' ' ')" + nixos-rebuild switch --use-remote-sudo --target-host {{ machine }} --flake ..#{{ machine }} diff --git a/.just/users.just b/.just/users.just deleted file mode 100644 index 486ac67..0000000 --- a/.just/users.just +++ /dev/null @@ -1,98 +0,0 @@ -set unstable := true -set quiet := true - -_default: - just --list - -[script] -list: - cd .. && just vars get ulmo zitadel/users | jq -r -C ' - import ".jq/table" as table; - import ".jq/format" as f; - - fromjson - | to_entries - | sort_by(.key) - | map( - (.key|f::to_title) + ":\n" - + table::create( - .value - | to_entries - | sort_by(.key) - | map({username:.key} + .value) - ) - ) - | join("\n\n┄┄┄\n\n") - '; - -[script] -add: - exec 5>&1 - - pad () { [ "$#" -gt 1 ] && [ -n "$2" ] && printf "%$2.${2#-}s" "$1"; } - - input() { - local label=$1 - local value=$2 - - local res=$(gum input --header "$label" --value "$value") - echo -e "\e[2m$(pad "$label" -11)\e[0m$res" >&5 - echo $res - } - - data=`cd .. && just vars get ulmo zitadel/users | jq 'fromjson'` - - # Gather inputs - org=` - jq -r 'to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which organisation to save to?' --select-if-one - ` - username=`input 'user name' 'new-user'` - email=`input 'email' 'new.user@example.com'` - first_name=`input 'first name' 'John'` - last_name=`input 'last name' 'Doe'` - - user_exists=`jq --arg 'org' "$org" --arg 'username' "$username" '.[$org][$username]? | . != null' <<< "$data"` - - if [ "$user_exists" == "true" ]; then - gum confirm 'User already exists, overwrite it?' --padding="1 1" || exit 0 - fi - - next=` - jq \ - --arg 'org' "$org" \ - --arg 'username' "$username" \ - --arg 'email' "$email" \ - --arg 'first_name' "$first_name" \ - --arg 'last_name' "$last_name" \ - --compact-output \ - '.[$org] += { $username: { email: $email, firstName: $first_name, lastName: $last_name } }' \ - <<< $data - ` - - gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" - -[script] -remove: - data=`cd .. && just vars get ulmo zitadel/users | jq fromjson` - - # Gather inputs - org=` - jq -r 'to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which organisation?' --select-if-one - ` - user=` - jq -r --arg org "$org" '.[$org] | to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which user?' --select-if-one - ` - - next=` - jq \ - --arg 'org' "$org" \ - --arg 'user' "$user" \ - --compact-output \ - 'del(.[$org][$user])' \ - <<< $data - ` - - gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" diff --git a/.justfile b/.justfile index cee0db9..1937f04 100644 --- a/.justfile +++ b/.justfile @@ -1,36 +1,40 @@ -@_default: - just --list --list-submodules +_default: + just --list --list-submodules + +set unstable +set quiet -[doc('Manage vars')] mod vars '.just/vars.just' - -[doc('Manage users')] -mod users '.just/users.just' - -[doc('Manage machines')] mod machine '.just/machine.just' [doc('Show information about project')] -@show: - echo "show" +show: + echo "show" [doc('update the flake dependencies')] -@update: - nix flake update - git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null - echo "Done" +update: + nix flake update + git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null + echo "Done" + +[doc('Rebase branch on main')] +rebase: + git stash -q \ + && git fetch \ + && git rebase origin/main \ + && git stash pop -q + + echo "Done" [doc('Introspection on flake output')] -@select key: - nix eval --show-trace --json .#{{ key }} | jq . - - +select key: + nix eval --json .#{{ key }} | jq . #=============================================================================================== # Utils -#=============================================================================================== -[no-exit-message] +# =============================================================================================== [no-cd] +[no-exit-message] [private] -@assert condition message: - [ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; } +assert condition message: + [ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; } diff --git a/flake.lock b/flake.lock index 0aebd9e..07a2120 100644 --- a/flake.lock +++ b/flake.lock @@ -21,17 +21,17 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1765809053, - "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", + "lastModified": 1754405784, + "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", "owner": "tomyun", "repo": "base16-fish", - "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", - "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" } }, @@ -84,11 +84,19 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1767139704, - "narHash": "sha256-ftRAe4dLMx+D3ArFtEJqoTsV0Y1vegFKx4YZb1/v7dU=", - "rev": "7fa4abb7b016c3a7ae3f346784fac0298a9b14fb", +<<<<<<< HEAD + "lastModified": 1765033957, + "narHash": "sha256-yL5IjUOne+h6AodxxqoqwPgRy2HXle6+W4Aa2GVJruk=", + "rev": "9985ce76af367e7c9e3022c5b893418059a17491", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/7fa4abb7b016c3a7ae3f346784fac0298a9b14fb.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/9985ce76af367e7c9e3022c5b893418059a17491.tar.gz" +======= + "lastModified": 1764220269, + "narHash": "sha256-rSSmhTCjfZLZog3qO6Q5C58pINmDv8EheGUhcojxd6c=", + "rev": "c70c04d09477ceee5820a8da4d9c0d1b50eb6cc6", + "type": "tarball", + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/c70c04d09477ceee5820a8da4d9c0d1b50eb6cc6.tar.gz" +>>>>>>> 122a796 (chore: update dependencies) }, "original": { "type": "tarball", @@ -111,11 +119,11 @@ ] }, "locked": { - "lastModified": 1766977667, - "narHash": "sha256-LUALgG4ZpsA0k7pGYzMDto/r6T8aIPlYTok3lGlojjA=", - "rev": "3f852546b5d8bd2e9659a81c6b2cc14922e63a94", + "lastModified": 1762942435, + "narHash": "sha256-zIWGs5FIytTtJN+dhDb8Yx+q4TQI/yczuL539yVcyPE=", + "rev": "0ee328404b12c65e8106bde9e9fab8abf4ecada4", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/3f852546b5d8bd2e9659a81c6b2cc14922e63a94.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0ee328404b12c65e8106bde9e9fab8abf4ecada4.tar.gz" }, "original": { "type": "tarball", @@ -130,11 +138,19 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", +<<<<<<< HEAD + "lastModified": 1764627417, + "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", +======= + "lastModified": 1764110879, + "narHash": "sha256-xanUzIb0tf3kJ+PoOFmXEXV1jM3PjkDT/TQ5DYeNYRc=", + "owner": "nix-community", + "repo": "disko", + "rev": "aecba248f9a7d68c5d1ed15de2d1c8a4c994a3c5", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -149,11 +165,19 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1766957541, - "narHash": "sha256-5uwnfwFgK5UMwgC0eaLIGGNuQpWOEywUiexEnbqeOAs=", +<<<<<<< HEAD + "lastModified": 1764775116, + "narHash": "sha256-S4fY3fytcqXBuOSbQjEVke2eqK9/e/6Jy3jp0JGM2X4=", "owner": "emmanuelrosa", "repo": "erosanix", - "rev": "8c7d54b7d8879c14dfa914ece38815bf9c248f8b", + "rev": "172661ccc78b1529a294eee5e99ca1616c934f37", +======= + "lastModified": 1763851335, + "narHash": "sha256-mmDc9dREBGGZW1iCB3AbMLBzsXrf48hJ+EzJ6g7Tdbk=", + "owner": "emmanuelrosa", + "repo": "erosanix", + "rev": "17407369c38ac2ade3be648666d30f6469908bdb", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -170,11 +194,19 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1767077117, - "narHash": "sha256-tmVJMQC4aNUCME3ofKP2wWEBizabxwFZfLpZSi0S/4Q=", +<<<<<<< HEAD + "lastModified": 1764915802, + "narHash": "sha256-eHTucU43sRCpvvTt5eey9htcWipS7ZN3B7ts6MiXLxo=", "owner": "nix-community", "repo": "fenix", - "rev": "f69c299a340f95776ddcfecfc0b1f6183c0c298e", + "rev": "a83a78fd3587d9f3388f0b459ad9c2bbd6d1b6d8", +======= + "lastModified": 1764226020, + "narHash": "sha256-FzUCFwXNjLnnZmVqYj/FjlBhUpat59SExflEaIGT62s=", + "owner": "nix-community", + "repo": "fenix", + "rev": "2d8176c02f7be6d13578d24d5fd5049f1b46a4c5", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -190,11 +222,19 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1767133124, - "narHash": "sha256-CQPz7FIUZsIX+6uJFBWMvm3VlwjRDunwgXYghHa/o+0=", +<<<<<<< HEAD + "lastModified": 1765024561, + "narHash": "sha256-xtfg5gNfyiyBTfWwbKgatV1sPeJjEnUczHCaSWi+crY=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "a99b92ac7003944b11e5a3ee0a6db65383d9ed58", + "rev": "e6f559729459a7890f01b258c33c1025800f5dbb", +======= + "lastModified": 1764242161, + "narHash": "sha256-Yxeu6Zm85RwER/0z0fv3mX2xaBy38PZKgdAAE57huRU=", + "owner": "nix-community", + "repo": "flake-firefox-nightly", + "rev": "ca10e2ff1ec58b1a3722ccb3c052c57c5e070780", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -306,11 +346,11 @@ ] }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -574,11 +614,19 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1766174774, - "narHash": "sha256-kLeXugTZLamNMh8oPg/nnkLQGH9XXgncTbx/0R7X+w4=", +<<<<<<< HEAD + "lastModified": 1764617621, + "narHash": "sha256-Eq0TvWs6xhKZs5HXH1hlrNasrHD7AOEdeLkTis//X7w=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "fc297543cef873c5c4f4a8a8f0aa7d745361e63a", + "rev": "c19494250d8c15e7c75e9301bdc271579a6dc77a", +======= + "lastModified": 1764184347, + "narHash": "sha256-xhzCn/rnBDTybHtuFV2IhCgjLMsCVpbzpEL0w//4Na8=", + "owner": "himmelblau-idm", + "repo": "himmelblau", + "rev": "9f0f6e27b6a9acdb12c4807cc1402132b21009f3", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -594,11 +642,11 @@ ] }, "locked": { - "lastModified": 1767104570, - "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=", + "lastModified": 1764194569, + "narHash": "sha256-iUM9ktarEzThkayyZrzQ7oycPshAY2XRQqVKz0xX/L0=", "owner": "nix-community", "repo": "home-manager", - "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf", + "rev": "9651819d75f6c7ffaf8a9227490ac704f29659f0", "type": "github" }, "original": { @@ -615,11 +663,11 @@ ] }, "locked": { - "lastModified": 1765682243, - "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=", + "lastModified": 1762964643, + "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", "owner": "nix-community", "repo": "home-manager", - "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03", + "rev": "827f2a23373a774a8805f84ca5344654c31f354b", "type": "github" }, "original": { @@ -636,11 +684,11 @@ ] }, "locked": { - "lastModified": 1767082077, - "narHash": "sha256-2tL1mRb9uFJThUNfuDm/ehrnPvImL/QDtCxfn71IEz4=", + "lastModified": 1764236397, + "narHash": "sha256-s/6WrJJryLI6BgphsY8l0s0UmGUg3mgkSFuvvsbN0FM=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "efd4b22e6fdc6d7fb4e186ae333a4b74e03da440", + "rev": "50026908d1501193afdcccdf7359d1a485074eda", "type": "github" }, "original": { @@ -655,11 +703,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1766926104, - "narHash": "sha256-c5CozmannX3I/ax0Ig9z/QjXRuNY/j3XTOx6KXvMUs4=", + "lastModified": 1764506612, + "narHash": "sha256-47a2OvGsq1AfffWQqKAGlB9GjmoVa1yXVyfZP3f3kog=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "f5c5c917b38bd61e13f781daa317d18ddd28f494", + "rev": "f7208cc4a3200a2573fc566066ef4d3c041bc924", "type": "github" }, "original": { @@ -702,27 +750,6 @@ "type": "github" } }, - "ndg": { - "inputs": { - "nixpkgs": [ - "nvf", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1765720983, - "narHash": "sha256-tWtukpABmux6EC/FuCJEgA1kmRjcRPtED44N+GGPq+4=", - "owner": "feel-co", - "repo": "ndg", - "rev": "f399ace8bb8e1f705dd8942b24d207aa4d75c936", - "type": "github" - }, - "original": { - "owner": "feel-co", - "repo": "ndg", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -731,11 +758,11 @@ ] }, "locked": { - "lastModified": 1767028240, - "narHash": "sha256-0/fLUqwJ4Z774muguUyn5t8AQ6wyxlNbHexpje+5hRo=", + "lastModified": 1764161084, + "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "c31afa6e76da9bbc7c9295e39c7de9fca1071ea1", + "rev": "e95de00a471d07435e0527ff4db092c84998698e", "type": "github" }, "original": { @@ -773,11 +800,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1767060660, - "narHash": "sha256-8sqnhJcmHZ4OzLxmTtblQgpazosuhggeGZ2yeMvWOi0=", + "lastModified": 1764208886, + "narHash": "sha256-voOx8RsK3miw3EHw05nwuOS4ltzeH8tKJnVr+mxtTPQ=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "1d3efec981bcb162a7921b29502ad369056295cb", + "rev": "7da8a2d675f9cc56b3f6d654b4cccdca5016ac8e", "type": "github" }, "original": { @@ -831,11 +858,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1766558141, - "narHash": "sha256-Ud9v49ZPsoDBFuyJSQ2Mpw1ZgAH/aMwUwwzrVoetNus=", + "lastModified": 1764252389, + "narHash": "sha256-3bbuneTKZBkYXlm0bE36kUjiDsasoIC1GWBw/UEJ9T4=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "e796d536e3d83de74267069e179dc620a608ed7d", + "rev": "5ea68886d95218646d11d3551a476d458df00778", "type": "github" }, "original": { @@ -873,11 +900,11 @@ ] }, "locked": { - "lastModified": 1765841014, - "narHash": "sha256-55V0AJ36V5Egh4kMhWtDh117eE3GOjwq5LhwxDn9eHg=", + "lastModified": 1764072830, + "narHash": "sha256-ezkjlUCohD9o9c47Ey0/I4CamSS0QEORTqGvyGqMud0=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "be4af8042e7a61fa12fda58fe9a3b3babdefe17b", + "rev": "c7832dd786175e20f2697179e0e03efadffe4201", "type": "github" }, "original": { @@ -904,11 +931,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1766884708, - "narHash": "sha256-x8nyRwtD0HMeYtX60xuIuZJbwwoI7/UKAdCiATnQNz0=", + "lastModified": 1764465291, + "narHash": "sha256-jJ/E4B9Hp7U2ZmT3E0tD1LtAfATw/xjVf8sueNyeYmc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "15177f81ad356040b4460a676838154cbf7f6213", + "rev": "e9537535ae8f4a2f78dbef0aaa0cbb6af4abd047", "type": "github" }, "original": { @@ -935,11 +962,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1767116409, - "narHash": "sha256-5vKw92l1GyTnjoLzEagJy5V5mDFck72LiQWZSOnSicw=", + "lastModified": 1764201071, + "narHash": "sha256-ACX5IcJTSoZYBPVtgFAOHvo/FZ70n9AmaAhoeIF+O9Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cad22e7d996aea55ecab064e84834289143e44a0", + "rev": "8c40e16ba896a3657226780454734265b0534f6a", "type": "github" }, "original": { @@ -967,11 +994,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1767143992, - "narHash": "sha256-c3jlq36uxltxGLuQ3KPYfxZkue/LLD0Ct3NdhBUsRyo=", + "lastModified": 1764243589, + "narHash": "sha256-JoCEZJaU1Ex0MFG3A2DwTtu+jOCLigyXUAmlZLROBdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5830d8dfe6ae79365987d78bda3dd4152c271d8b", + "rev": "57dcc6d4a389a7b6d1fb4cf20c9435f12b11f98d", "type": "github" }, "original": { @@ -1015,11 +1042,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1766902085, - "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", + "lastModified": 1763966396, + "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", + "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", "type": "github" }, "original": { @@ -1031,11 +1058,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1764081664, - "narHash": "sha256-sUoHmPr/EwXzRMpv1u/kH+dXuvJEyyF2Q7muE+t0EU4=", + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dc205f7b4fdb04c8b7877b43edb7b73be7730081", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", "type": "github" }, "original": { @@ -1047,11 +1074,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1766840161, - "narHash": "sha256-Ss/LHpJJsng8vz1Pe33RSGIWUOcqM1fjrehjUkdrWio=", + "lastModified": 1763618868, + "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3edc4a30ed3903fdf6f90c837f961fa6b49582d1", + "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", "type": "github" }, "original": { @@ -1091,16 +1118,15 @@ "flake-compat": "flake-compat_4", "flake-parts": "flake-parts_3", "mnw": "mnw", - "ndg": "ndg", "nixpkgs": "nixpkgs_8", "systems": "systems_5" }, "locked": { - "lastModified": 1767123832, - "narHash": "sha256-WI+DaMQLJ/QVUKCNk1gvo8y0Rw6C4uDx8BW1mRVVOMU=", + "lastModified": 1764904740, + "narHash": "sha256-TzqXUQlESmS5XGJ3tR1/xdoU0vySyp6YUUpmGF5F0kY=", "owner": "notashelf", "repo": "nvf", - "rev": "0390abd6736ff34a016afc66366d1f46372f28de", + "rev": "249cabe0c5392c384c82fa9d28d3f49fbeb04266", "type": "github" }, "original": { @@ -1161,11 +1187,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1767028829, - "narHash": "sha256-RZ5+NUYTkAZ0rtbR3xBxs3VX0yi0IgYfjL06NBbXipk=", + "lastModified": 1764175386, + "narHash": "sha256-LfgFqvPz3C80VjaffSjy8lLyRWfbThhB7gE7IWXHjYU=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "d7117056a36c0f42a4deea1ac4a8e297db11cbb8", + "rev": "71ddf07c1c75046df3bb496cf824de5c053d99ad", "type": "github" }, "original": { @@ -1205,11 +1231,11 @@ ] }, "locked": { - "lastModified": 1765361626, - "narHash": "sha256-kX0Dp/kYSRbQ+yd9e3lmmUWdNbipufvKfL2IzbrSpnY=", + "lastModified": 1736130495, + "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=", "owner": "snowfallorg", "repo": "lib", - "rev": "c566ad8b7352c30ec3763435de7c8f1c46ebb357", + "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac", "type": "github" }, "original": { @@ -1226,11 +1252,11 @@ ] }, "locked": { - "lastModified": 1766894905, - "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", + "lastModified": 1764021963, + "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", + "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "type": "github" }, "original": { @@ -1244,11 +1270,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1766894905, - "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", + "lastModified": 1764021963, + "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", + "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "type": "github" }, "original": { @@ -1276,11 +1302,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1766603026, - "narHash": "sha256-J2DDdRqSU4w9NNgkMfmMeaLIof5PXtS9RG7y6ckDvQE=", + "lastModified": 1764191810, + "narHash": "sha256-rofXPD/9TGpHveo1MTlUfpnF0MCG1/uHUB9f0rosdqc=", "owner": "nix-community", "repo": "stylix", - "rev": "551df12ee3ebac52c5712058bd97fd9faa4c3430", + "rev": "70c444a10d0c9ef71a25580dfa79af9cd43f3a5e", "type": "github" }, "original": { @@ -1520,11 +1546,11 @@ ] }, "locked": { - "lastModified": 1767122417, - "narHash": "sha256-yOt/FTB7oSEKQH9EZMFMeuldK1HGpQs2eAzdS9hNS/o=", + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "dec15f37015ac2e774c84d0952d57fcdf169b54d", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", "type": "github" }, "original": { @@ -1541,11 +1567,11 @@ ] }, "locked": { - "lastModified": 1767119591, - "narHash": "sha256-4LqJZvu+8i0cTtwz+N3nfIvVf6Ra4xIGw0UxOOHVKAc=", + "lastModified": 1764217570, + "narHash": "sha256-vgqUC6lI/gW70uekA0bpNFU6yR0tcZRfLIZcxGfN76g=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "379639ecac155c03975cd6608a146bb1dc168cf9", + "rev": "3dc281d86044322f9182b20abbc21db8824c130a", "type": "github" }, "original": { diff --git a/modules/nixos/application/steam/default.nix b/modules/nixos/application/steam/default.nix index 5b08d31..735aa80 100644 --- a/modules/nixos/application/steam/default.nix +++ b/modules/nixos/application/steam/default.nix @@ -25,18 +25,18 @@ in { }; }; - # gamescopeSession = { - # enable = true; - # args = ["--immediate-flips"]; - # }; + gamescopeSession = { + enable = true; + args = ["--immediate-flips"]; + }; }; # https://github.com/FeralInteractive/gamemode - # gamemode = { - # enable = true; - # enableRenice = true; - # settings = {}; - # }; + gamemode = { + enable = true; + enableRenice = true; + settings = {}; + }; # gamescope = { # enable = true; diff --git a/modules/nixos/desktop/cosmic/default.nix b/modules/nixos/desktop/cosmic/default.nix deleted file mode 100644 index cba6955..0000000 --- a/modules/nixos/desktop/cosmic/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - config, - namespace, - inputs, - ... -}: let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.desktop.cosmic; -in { - options.${namespace}.desktop.cosmic = { - enable = - mkEnableOption "Enable Cosmic desktop" - // { - default = config.${namespace}.desktop.use == "cosmic"; - }; - }; - - config = mkIf cfg.enable { - services = { - displayManager.cosmic-greeter.enable = true; - desktopManager.cosmic.enable = true; - }; - }; -} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 13ef881..9fd9192 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -1,22 +1,18 @@ -{ - lib, - config, - namespace, - inputs, - ... -}: let +{ lib, config, namespace, inputs, ... }: +let inherit (lib) mkIf mkOption mkEnableOption mkMerge; inherit (lib.types) nullOr enum; cfg = config.${namespace}.desktop; -in { +in +{ imports = [ inputs.grub2-themes.nixosModules.default ]; options.${namespace}.desktop = { use = mkOption { - type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); + type = nullOr (enum [ "plasma" "gamescope" "gnome" ]); default = null; example = "plasma"; description = "Which desktop to enable"; @@ -24,11 +20,11 @@ in { }; config = mkMerge [ - { + ({ services.displayManager = { enable = true; }; - } + }) # (mkIf (cfg.use != null) { # ${namespace}.desktop.${cfg.use}.enable = true; diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index ccdbbaa..6405932 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -52,15 +52,11 @@ in { # Since we'll be using OIDC for auth disable all local options enable_registration = false; enable_registration_without_verification = false; - password_config.enabled = true; + password_config.enabled = false; backchannel_logout_enabled = true; - experimental_features = { - msc2965_enabled = true; - }; - sso = { - client_whitelist = ["http://[::1]:9092/" "https://auth.kruining.eu/"]; + client_whitelist = ["http://[::1]:9092"]; update_profile_information = true; }; @@ -99,38 +95,7 @@ in { settings = { appservice = { provisioning.enabled = false; - }; - - homeserver = { - address = "http://[::1]:${toString port}"; - domain = domain; - }; - - bridge = { - permissions = { - "@chris:${domain}" = "admin"; - }; - }; - }; - }; - - mautrix-telegram = { - enable = true; - registerToSynapse = true; - - settings = { - telegram = { - api_id = 32770816; - api_hash = "7b63778a976619c9d4ab62adc51cde79"; - bot_token = "disabled"; - - catch_up = true; - sequential_updates = true; - }; - - appservice = { - port = 40011; - provisioning.enabled = false; + # port = 40011; }; homeserver = { @@ -153,6 +118,7 @@ in { settings = { appservice = { provisioning.enabled = false; + # port = 40012; }; homeserver = { diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index c10a08e..d257aea 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -35,6 +35,13 @@ in { #========================================================================= environment.systemPackages = with pkgs; [ podman-tui + jellyfin + jellyfin-web + jellyfin-ffmpeg + jellyseerr + mediainfo + id3v2 + yt-dlp ]; #========================================================================= @@ -49,6 +56,9 @@ in { }; systemd.tmpfiles.rules = [ + # "d '${cfg.path}/series' 0770 ${cfg.user} ${cfg.group} - -" + # "d '${cfg.path}/movies' 0770 ${cfg.user} ${cfg.group} - -" + # "d '${cfg.path}/music' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/qbittorrent' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/sabnzbd' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/downloads/incomplete' 0770 ${cfg.user} ${cfg.group} - -" @@ -67,9 +77,54 @@ in { listenPort = 2005; }; + flaresolverr = { + enable = true; + openFirewall = true; + port = 2007; + }; + + # port is harcoded in nixpkgs module + jellyfin = { + enable = true; + openFirewall = true; + user = cfg.user; + group = cfg.group; + }; + postgresql = { enable = true; }; + + caddy = { + enable = true; + virtualHosts = { + "jellyfin.kruining.eu".extraConfig = '' + reverse_proxy http://[::1]:8096 + ''; + }; + }; + }; + + systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; + + sops = { + secrets = { + # "qbittorrent/password" = {}; + "qbittorrent/password_hash" = {}; + }; + + templates = { + "qbittorrent/password.conf" = { + owner = cfg.user; + group = cfg.group; + restartUnits = ["qbittorrent.service"]; + path = "${config.services.qbittorrent.profileDir}/qBittorrent/config/password.conf"; + content = '' + [Preferences] + WebUI\Password_PBKDF2="${config.sops.placeholder."qbittorrent/password_hash"}" + ''; + }; + }; }; }; } diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix index 6af52ef..333035d 100644 --- a/modules/nixos/services/media/glance/default.nix +++ b/modules/nixos/services/media/glance/default.nix @@ -130,6 +130,16 @@ in { } ]; } + { + type = "videos"; + channels = [ + "UCXuqSBlHAE6Xw-yeJA0Tunw" # Linus Tech Tips + "UCR-DXc1voovS8nhAvccRZhg" # Jeff Geerling + "UCsBjURrPoezykLs9EqgamOA" # Fireship + "UCBJycsmduvYEL83R_U4JriQ" # Marques Brownlee + "UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium + ]; + } ]; } diff --git a/modules/nixos/services/media/jellyfin/default.nix b/modules/nixos/services/media/jellyfin/default.nix deleted file mode 100644 index d4323f3..0000000 --- a/modules/nixos/services/media/jellyfin/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - pkgs, - config, - lib, - namespace, - inputs, - system, - ... -}: let - inherit (builtins) toString; - inherit (lib) mkIf mkEnableOption mkOption types; - - cfg = config.${namespace}.services.media.jellyfin; -in { - options.${namespace}.services.media.jellyfin = { - enable = mkEnableOption "Enable jellyfin server"; - }; - - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - jellyfin - jellyfin-web - jellyfin-ffmpeg - mediainfo - id3v2 - yt-dlp - ]; - - services = { - # port is harcoded in nixpkgs module - jellyfin = { - enable = true; - openFirewall = true; - user = "media"; - group = "media"; - }; - - caddy = { - enable = true; - virtualHosts = { - "jellyfin.kruining.eu".extraConfig = '' - reverse_proxy http://[::1]:8096 - ''; - }; - }; - }; - - systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; - }; -} diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix index 7e082a3..2bee38a 100644 --- a/modules/nixos/services/media/mydia/default.nix +++ b/modules/nixos/services/media/mydia/default.nix @@ -36,7 +36,7 @@ in { # uri = "file:///var/lib/mydia/mydia.db"; type = "postgres"; uri = "postgres://mydia@localhost:5432/mydia?sslmode=disable"; - passwordFile = config.sops.templates."mydia/database_password".path; + passwordFile = config.sops.secrets."mydia/qbittorrent_password".path; }; secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path; @@ -82,14 +82,5 @@ in { key = "qbittorrent/password"; }; }; - - sops.templates."mydia/database_password" = { - owner = config.services.mydia.user; - group = config.services.mydia.group; - restartUnits = ["mydia.service"]; - content = '' - DATABASE_PASSWORD="" - ''; - }; }; } diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index bc911f7..373e09b 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -11,8 +11,6 @@ inherit (lib) mkIf mkEnableOption mkOption types; cfg = config.${namespace}.services.media.servarr; - servarr = import ./lib.nix {inherit lib;}; - anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0); in { options.${namespace}.services.media = { servarr = mkOption { @@ -35,7 +33,7 @@ in { }; }; - config = mkIf anyEnabled { + config = { services = cfg |> lib.mapAttrsToList (service: { @@ -69,13 +67,15 @@ in { }; }; } - // (lib.optionalAttrs (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + // (lib.optionalAttrs (service != "prowlarr") { user = service; group = "media"; }); })) - |> lib.concat [ - { + |> lib.mkMerge + |> (set: + set + // { qbittorrent = { enable = true; openFirewall = true; @@ -86,7 +86,6 @@ in { Prefecences.WebUI = { Username = "admin"; - Password_PBKDF2 = "@ByteArray(JpfX3wSUcMolUFD+8AD67w==:fr5kmc6sK9xsCfGW6HkPX2K1lPYHL6g2ncLLwuOVmjphmxkwBJ8pi/XQDsDWzyM/MRh5zPhUld2Xqn8o7BWv3Q==)"; }; }; @@ -98,19 +97,12 @@ in { sabnzbd = { enable = true; openFirewall = true; - configFile = "/var/media/sabnzbd/config.ini"; - # configFile = config.sops.templates."sabnzbd/config.ini".path; + configFile = "${cfg.path}/sabnzbd/config.ini"; user = "sabnzbd"; group = "media"; }; - flaresolverr = { - enable = true; - openFirewall = true; - port = 2007; - }; - postgresql = { ensureDatabases = cfg |> lib.attrNames; ensureUsers = @@ -121,9 +113,7 @@ in { ensureDBOwnership = true; }); }; - } - ] - |> lib.mkMerge; + }); systemd.services = cfg @@ -135,9 +125,6 @@ in { ... }: (mkIf enable { "${service}ApplyTerraform" = let - config' = config; - lib' = lib; - terraformConfiguration = inputs.terranix.lib.terranixConfiguration { inherit system; @@ -148,28 +135,12 @@ in { ... }: { config = { - variable = - cfg - |> lib'.mapAttrsToList (s: _: { - "${s}_api_key" = { - type = "string"; - description = "${s} API key"; - }; - }) - |> lib'.concat [ - { - qbittorrent_api_key = { - type = "string"; - description = "qbittorrent api key"; - }; - - sabnzbd_api_key = { - type = "string"; - description = "sabnzbd api key"; - }; - } - ] - |> lib'.mkMerge; + variable = { + api_key = { + type = "string"; + description = "${service} api key"; + }; + }; terraform.required_providers.${service} = { source = "devopsarr/${service}"; @@ -188,116 +159,16 @@ in { provider.${service} = { url = "http://127.0.0.1:${toString port}"; - api_key = lib.tfRef "var.${service}_api_key"; + api_key = lib.tfRef "var.api_key"; }; - resource = - { - "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( - rootFolders - |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) - |> lib.listToAttrs - ); - - "${service}_download_client_qbittorrent" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { - "main" = { - name = "qBittorrent"; - enable = true; - priority = 1; - host = "localhost"; - username = "admin"; - password = lib.tfRef "var.qbittorrent_api_key"; - # password = "poChieN5feeph0igeaCadeJ9Xux0ohmuy6ruH5ieThaPheib3iuzoo0ahw1aiceif1feegioh9Aimau0pai5thoh5ieH0aechohw"; - url_base = "/"; - port = 2008; - }; - }; - - "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { - "main" = { - name = "SABnzbd"; - enable = true; - priority = 1; - host = "localhost"; - api_key = lib.tfRef "var.sabnzbd_api_key"; - url_base = "/"; - port = 8080; - }; - }; - } - // (lib.optionalAttrs (service == "prowlarr") ( - cfg - |> lib'.filterAttrs (s: _: lib'.elem s ["radarr" "sonarr" "lidarr" "whisparr"]) - |> lib'.mapAttrsToList (s: {port, ...}: { - "prowlarr_application_${s}"."main" = let - p = cfg.prowlarr.port or config'.services.prowlarr.settings.server.port or 9696; - in { - name = s; - sync_level = "addOnly"; - base_url = "http://localhost:${toString port}"; - prowlarr_url = "http://localhost:${toString p}"; - api_key = lib.tfRef "var.${s}_api_key"; - # sync_categories = [3000 3010 3030]; - }; - }) - |> lib'.concat [ - { - "prowlarr_indexer" = { - "nyaa" = { - enable = true; - - app_profile_id = 1; - priority = 1; - - name = "Nyaa"; - implementation = "nyaa"; - config_contract = "nyaa_settings"; - protocol = "torrent"; - - fields = [ - { - name = "targetType"; - value = ""; - } - ]; - }; - - "nzbgeek" = { - enable = true; - - app_profile_id = 2; - priority = 1; - - name = "NZBgeek"; - implementation = "nzbgeek"; - config_contract = "nzbgeek_settings"; - protocol = "torrent"; - - fields = [ - ]; - }; - - # "nzbgeek" = { - # enable = true; - - # app_profile_id = 1; - # name = "NZBgeek"; - # implementation = "nzbgeek"; - # config_contract = "nzbgeek_settings"; - # protocol = "torrent"; - - # fields = [ - # # { - # # name = ""; - # # value = ""; - # # } - # ]; - # }; - }; - } - ] - |> lib'.mkMerge - )); + resource = { + "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( + rootFolders + |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) + |> lib.listToAttrs + ); + }; }; }) ]; @@ -333,7 +204,7 @@ in { cp -f ${terraformConfiguration} config.tf.json # Initialize OpenTofu - ${lib.getExe pkgs.opentofu} init + ${lib.getExe pkgs.opentofu} init -upgrade # Run the infrastructure code ${lib.getExe pkgs.opentofu} \ @@ -342,7 +213,7 @@ in { then "plan" else "apply -auto-approve" } \ - -var-file='${config.sops.templates."servarr/config.tfvars".path}' + -var-file='${config.sops.templates."${service}/config.tfvars".path}' ''; serviceConfig = { @@ -370,11 +241,6 @@ in { }; groups.${service} = {}; })) - |> lib.concat [ - { - groups.media = {}; - } - ] |> lib.mkMerge; sops = @@ -395,74 +261,17 @@ in { ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}" ''; }; + + "${service}/config.tfvars" = { + owner = service; + group = "media"; + restartUnits = ["${service}.service"]; + content = '' + api_key = "${config.sops.placeholder."${service}/apikey"}" + ''; + }; }; })) - |> lib.concat [ - { - secrets = { - "qbittorrent/password" = {}; - "sabnzbd/apikey" = {}; - "sabnzbd/sunnyweb/username" = {}; - "sabnzbd/sunnyweb/password" = {}; - }; - - templates = { - "servarr/config.tfvars" = { - owner = "media"; - group = "media"; - mode = "0440"; - restartUnits = cfg |> lib.attrNames |> lib.map (s: "${s}.service"); - content = '' - ${ - cfg - |> lib.attrNames - |> lib.map (s: "${s}_api_key = \"${config.sops.placeholder."${s}/apikey"}\"") - |> lib.join "\n" - } - qbittorrent_api_key = "${config.sops.placeholder."qbittorrent/password"}" - sabnzbd_api_key = "${config.sops.placeholder."sabnzbd/apikey"}" - ''; - }; - "sabnzbd/config.ini" = { - owner = "sabnzbd"; - group = "media"; - mode = "0660"; - content = '' - __version__ = 19 - __encoding__ = utf-8 - [misc] - download_dir = /var/media/downloads/incomplete - complete_dir = /var/media/downloads/done - api_key = ${config.sops.placeholder."sabnzbd/apikey"} - log_dir = logs - - [servers] - [[news.sunnyusenet.com]] - name = news.sunnyusenet.com - displayname = news.sunnyusenet.com - host = news.sunnyusenet.com - port = 563 - timeout = 60 - username = ${config.sops.placeholder."sabnzbd/sunnyweb/username"} - password = ${config.sops.placeholder."sabnzbd/sunnyweb/password"} - connections = 8 - ssl = 1 - ssl_verify = 3 - ssl_ciphers = "" - enable = 1 - required = 0 - optional = 0 - retention = 0 - expire_date = "" - quota = "" - usage_at_start = 0 - priority = 1 - notes = "" - ''; - }; - }; - } - ] |> lib.mkMerge; }; } diff --git a/modules/nixos/services/media/servarr/lib.nix b/modules/nixos/services/media/servarr/lib.nix deleted file mode 100644 index 8ee412b..0000000 --- a/modules/nixos/services/media/servarr/lib.nix +++ /dev/null @@ -1,2 +0,0 @@ -{lib, ...}: { -} diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index 05d3570..6503493 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -1,10 +1,5 @@ -{ - pkgs, - config, - lib, - namespace, - ... -}: let +{ pkgs, config, lib, namespace, ... }: +let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; @@ -12,7 +7,8 @@ db_user = "grafana"; db_name = "grafana"; -in { +in +{ options.${namespace}.services.observability.grafana = { enable = mkEnableOption "enable Grafana"; }; @@ -39,8 +35,8 @@ in { "auth.generic_oauth" = { enable = true; name = "Zitadel"; - client_id = "$__file{${config.sops.secrets."grafana/oidc_id".path}}"; - client_secret = "$__file{${config.sops.secrets."grafana/oidc_secret".path}}"; + client_id = "334170712283611395"; + client_secret = "AFjypmURdladmQn1gz2Ke0Ta5LQXapnuKkALVZ43riCL4qWicgV2Z6RlwpoWBZg1"; scopes = "openid email profile offline_access urn:zitadel:iam:org:project:roles"; email_attribute_path = "email"; login_attribute_path = "username"; @@ -68,7 +64,7 @@ in { allow_sign_up = false; allow_org_create = false; viewers_can_edit = false; - + default_theme = "system"; }; @@ -119,7 +115,7 @@ in { postgresql = { enable = true; - ensureDatabases = [db_name]; + ensureDatabases = [ db_name ]; ensureUsers = [ { name = db_user; @@ -130,18 +126,5 @@ in { }; environment.etc."/grafana/dashboards/default.json".source = ./dashboards/default.json; - - sops = { - secrets = { - "grafana/oidc_id" = { - owner = "grafana"; - group = "grafana"; - }; - "grafana/oidc_secret" = { - owner = "grafana"; - group = "grafana"; - }; - }; - }; }; } diff --git a/modules/nixos/services/persistance/convex/default.nix b/modules/nixos/services/persistance/convex/default.nix new file mode 100644 index 0000000..3e01c59 --- /dev/null +++ b/modules/nixos/services/persistance/convex/default.nix @@ -0,0 +1,21 @@ +{ config, pkgs, lib, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.services.persistance.convex; +in +{ + imports = [ ./source.nix ]; + + options.${namespace}.services.persistance.convex = { + enable = mkEnableOption "enable Convex"; + }; + + config = mkIf cfg.enable { + services.convex = { + enable = true; + package = pkgs.${namespace}.convex; + secret = "ThisIsMyAwesomeSecret"; + }; + }; +} diff --git a/modules/nixos/services/persistance/convex/source.nix b/modules/nixos/services/persistance/convex/source.nix new file mode 100644 index 0000000..c56e3ab --- /dev/null +++ b/modules/nixos/services/persistance/convex/source.nix @@ -0,0 +1,149 @@ +{ config, pkgs, lib, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption mkPackageOption mkOption optional types; + + cfg = config.services.convex; + + default_user = "convex"; + default_group = "convex"; +in +{ + options.services.convex = { + enable = mkEnableOption "enable Convex (backend only for now)"; + + package = mkPackageOption pkgs "convex" {}; + + name = lib.mkOption { + type = types.str; + default = "convex"; + description = '' + Name for the instance. + ''; + }; + + secret = lib.mkOption { + type = types.str; + default = ""; + description = '' + Secret for the instance. + ''; + }; + + apiPort = mkOption { + type = types.port; + default = 3210; + description = '' + The TCP port to use for the API. + ''; + }; + + actionsPort = mkOption { + type = types.port; + default = 3211; + description = '' + The TCP port to use for the HTTP actions. + ''; + }; + + dashboardPort = mkOption { + type = types.port; + default = 6791; + description = '' + The TCP port to use for the Dashboard. + ''; + }; + + openFirewall = lib.mkOption { + type = types.bool; + default = false; + description = '' + Whether to open ports in the firewall for the server. + ''; + }; + + user = lib.mkOption { + type = types.str; + default = default_user; + description = '' + As which user to run the service. + ''; + }; + + group = lib.mkOption { + type = types.str; + default = default_group; + description = '' + As which group to run the service. + ''; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.secret != ""; + message = '' + No secret provided for convex + ''; + } + ]; + + users = { + users.${cfg.user} = { + description = "System user for convex service"; + isSystemUser = true; + group = cfg.group; + }; + + groups.${cfg.group} = {}; + }; + + networking.firewall.allowedTCPPorts = optional cfg.openFirewall [ cfg.apiPort cfg.actionsPort cfg.dashboardPort ]; + + environment.systemPackages = [ cfg.package ]; + + systemd.services.convex = { + description = "Convex Backend server"; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${cfg.package}/bin --instance-name ${cfg.name} --instance-secret ${cfg.secret}"; + Type = "notify"; + + User = cfg.user; + Group = cfg.group; + + RuntimeDirectory = "convex"; + RuntimeDirectoryMode = "0775"; + StateDirectory = "convex"; + StateDirectoryMode = "0775"; + Umask = "0077"; + + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + + # Sandboxing + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + ]; + RestrictNamespaces = true; + LockPersonality = true; + }; + }; + }; +} diff --git a/packages/convex/default.nix b/packages/convex/default.nix new file mode 100644 index 0000000..9dab056 --- /dev/null +++ b/packages/convex/default.nix @@ -0,0 +1,59 @@ +{ + lib, + stdenv, + rustPlatform, + fetchFromGitHub, + + # dependencies + openssl, + pkg-config, + cmake, + llvmPackages, + postgresql, + sqlite, + + #options + dbBackend ? "postgresql", + + ... +}: +rustPlatform.buildRustPackage rec { + pname = "convex"; + version = "2025-08-20-c9b561e"; + + src = fetchFromGitHub { + owner = "get-convex"; + repo = "convex-backend"; + rev = "c9b561e1b365c85ef28af35d742cb7dd174b5555"; + hash = "sha256-4h4AQt+rQ+nTw6eTbbB5vqFt9MFjKYw3Z7bGXdXijJ0="; + }; + + cargoHash = "sha256-pcDNWGrk9D0qcF479QAglPLFDZp27f8RueP5/lq9jho="; + + cargoBuildFlags = [ + "-p" "local_backend" + "--bin" "convex-local-backend" + ]; + + env = { + LIBCLANG_PATH = "${llvmPackages.libclang}/lib"; + }; + + strictDeps = true; + + # Build-time dependencies + nativeBuildInputs = [ pkg-config cmake rustPlatform.bindgenHook ]; + + # Run-time dependencies + buildInputs = + [ openssl ] + ++ lib.optional (dbBackend == "sqlite") sqlite + ++ lib.optional (dbBackend == "postgresql") postgresql; + + buildFeatures = ""; + + meta = with lib; { + license = licenses.fsl11Asl20; + mainProgram = "convex"; + }; +} \ No newline at end of file diff --git a/sabnzbd.ini b/sabnzbd.ini deleted file mode 100644 index fd60f57..0000000 --- a/sabnzbd.ini +++ /dev/null @@ -1,395 +0,0 @@ -__version__ = 19 -__encoding__ = utf-8 -[misc] -helpful_warnings = 1 -queue_complete = hibernate_pc -queue_complete_pers = 0 -bandwidth_perc = 100 -refresh_rate = 1 -interface_settings = '{"dateFormat":"YYYY-MM-DD HH:mm","extraQueueColumns":[],"extraHistoryColumns":[],"displayCompact":false,"displayFullWidth":false,"confirmDeleteQueue":true,"confirmDeleteHistory":true,"keyboardShortcuts":true}' -queue_limit = 20 -config_lock = 0 -fixed_ports = 1 -notified_new_skin = 2 -direct_unpack_tested = 1 -sorters_converted = 1 -check_new_rel = 1 -auto_browser = 0 -language = en -enable_https_verification = 0 -host = 0.0.0.0 -port = 8080 -https_port = "" -username = "" -password = "" -bandwidth_max = "" -cache_limit = 1G -web_dir = Glitter -web_color = Auto -https_cert = server.cert -https_key = server.key -https_chain = "" -enable_https = 0 -inet_exposure = 0 -api_key = 0052eba0db9d4b4f93a8a96f0cb85198 -nzb_key = 171ebeb3e0044c379dc7719bef6b3144 -socks5_proxy_url = "" -permissions = "" -download_dir = /var/media/downloads/incomplete -download_free = "" -complete_dir = /var/media/downloads/done -complete_free = "" -fulldisk_autoresume = 0 -script_dir = "" -nzb_backup_dir = "" -admin_dir = admin -backup_dir = "" -dirscan_dir = "" -dirscan_speed = 5 -password_file = "" -log_dir = logs -max_art_tries = 3 -top_only = 0 -sfv_check = 1 -script_can_fail = 0 -enable_recursive = 1 -flat_unpack = 0 -par_option = "" -pre_check = 0 -nice = "" -win_process_prio = 3 -ionice = "" -fail_hopeless_jobs = 1 -fast_fail = 1 -auto_disconnect = 1 -pre_script = None -end_queue_script = None -no_dupes = 0 -no_series_dupes = 0 -no_smart_dupes = 0 -dupes_propercheck = 1 -pause_on_pwrar = 1 -ignore_samples = 0 -deobfuscate_final_filenames = 1 -auto_sort = "" -direct_unpack = 0 -propagation_delay = 0 -folder_rename = 1 -replace_spaces = 0 -replace_underscores = 0 -replace_dots = 0 -safe_postproc = 1 -pause_on_post_processing = 0 -enable_all_par = 0 -sanitize_safe = 0 -cleanup_list = , -unwanted_extensions = , -action_on_unwanted_extensions = 0 -unwanted_extensions_mode = 0 -new_nzb_on_failure = 0 -history_retention = "" -history_retention_option = all -history_retention_number = 1 -quota_size = "" -quota_day = "" -quota_resume = 0 -quota_period = m -enable_tv_sorting = 0 -tv_sort_string = "" -tv_categories = tv, -enable_movie_sorting = 0 -movie_sort_string = "" -movie_sort_extra = -cd%1 -movie_categories = movies, -enable_date_sorting = 0 -date_sort_string = "" -date_categories = tv, -schedlines = , -rss_rate = 60 -ampm = 0 -start_paused = 0 -preserve_paused_state = 0 -enable_par_cleanup = 1 -process_unpacked_par2 = 1 -enable_multipar = 1 -enable_unrar = 1 -enable_7zip = 1 -enable_filejoin = 1 -enable_tsjoin = 1 -overwrite_files = 0 -ignore_unrar_dates = 0 -backup_for_duplicates = 0 -empty_postproc = 0 -wait_for_dfolder = 0 -rss_filenames = 0 -api_logging = 1 -html_login = 1 -warn_dupl_jobs = 0 -keep_awake = 1 -tray_icon = 1 -allow_incomplete_nzb = 0 -enable_broadcast = 1 -ipv6_hosting = 0 -ipv6_staging = 0 -api_warnings = 1 -no_penalties = 0 -x_frame_options = 1 -allow_old_ssl_tls = 0 -enable_season_sorting = 1 -verify_xff_header = 0 -rss_odd_titles = nzbindex.nl/, nzbindex.com/, nzbclub.com/ -quick_check_ext_ignore = nfo, sfv, srr -req_completion_rate = 100.2 -selftest_host = self-test.sabnzbd.org -movie_rename_limit = 100M -episode_rename_limit = 20M -size_limit = 0 -direct_unpack_threads = 3 -history_limit = 5 -wait_ext_drive = 5 -max_foldername_length = 246 -nomedia_marker = "" -ipv6_servers = 1 -url_base = /sabnzbd -host_whitelist = usenet.kruining.eu, ulmo -local_ranges = , -max_url_retries = 10 -downloader_sleep_time = 10 -receive_threads = 2 -switchinterval = 0.005 -ssdp_broadcast_interval = 15 -ext_rename_ignore = , -email_server = "" -email_to = , -email_from = "" -email_account = "" -email_pwd = "" -email_endjob = 0 -email_full = 0 -email_dir = "" -email_rss = 0 -email_cats = *, -config_conversion_version = 4 -disable_par2cmdline = 0 -disable_archive = 0 -unrar_parameters = "" -outgoing_nntp_ip = "" -[logging] -log_level = 1 -max_log_size = 5242880 -log_backups = 5 -[ncenter] -ncenter_enable = 0 -ncenter_cats = *, -ncenter_prio_startup = 0 -ncenter_prio_download = 0 -ncenter_prio_pause_resume = 0 -ncenter_prio_pp = 0 -ncenter_prio_complete = 1 -ncenter_prio_failed = 1 -ncenter_prio_disk_full = 1 -ncenter_prio_new_login = 0 -ncenter_prio_warning = 0 -ncenter_prio_error = 0 -ncenter_prio_queue_done = 0 -ncenter_prio_other = 1 -ncenter_prio_quota = 1 -[acenter] -acenter_enable = 0 -acenter_cats = *, -acenter_prio_startup = 0 -acenter_prio_download = 0 -acenter_prio_pause_resume = 0 -acenter_prio_pp = 0 -acenter_prio_complete = 1 -acenter_prio_failed = 1 -acenter_prio_disk_full = 1 -acenter_prio_new_login = 0 -acenter_prio_warning = 0 -acenter_prio_error = 0 -acenter_prio_queue_done = 0 -acenter_prio_other = 1 -acenter_prio_quota = 1 -[ntfosd] -ntfosd_enable = 1 -ntfosd_cats = *, -ntfosd_prio_startup = 0 -ntfosd_prio_download = 0 -ntfosd_prio_pause_resume = 0 -ntfosd_prio_pp = 0 -ntfosd_prio_complete = 1 -ntfosd_prio_failed = 1 -ntfosd_prio_disk_full = 1 -ntfosd_prio_new_login = 0 -ntfosd_prio_warning = 0 -ntfosd_prio_error = 0 -ntfosd_prio_queue_done = 0 -ntfosd_prio_other = 1 -ntfosd_prio_quota = 1 -[prowl] -prowl_enable = 0 -prowl_cats = *, -prowl_apikey = "" -prowl_prio_startup = -3 -prowl_prio_download = -3 -prowl_prio_pause_resume = -3 -prowl_prio_pp = -3 -prowl_prio_complete = 0 -prowl_prio_failed = 1 -prowl_prio_disk_full = 1 -prowl_prio_new_login = -3 -prowl_prio_warning = -3 -prowl_prio_error = -3 -prowl_prio_queue_done = -3 -prowl_prio_other = 0 -prowl_prio_quota = 0 -[pushover] -pushover_token = "" -pushover_userkey = "" -pushover_device = "" -pushover_emergency_expire = 3600 -pushover_emergency_retry = 60 -pushover_enable = 0 -pushover_cats = *, -pushover_prio_startup = -3 -pushover_prio_download = -2 -pushover_prio_pause_resume = -2 -pushover_prio_pp = -3 -pushover_prio_complete = -1 -pushover_prio_failed = -1 -pushover_prio_disk_full = 1 -pushover_prio_new_login = -3 -pushover_prio_warning = 1 -pushover_prio_error = 1 -pushover_prio_queue_done = -3 -pushover_prio_other = -1 -pushover_prio_quota = -1 -[pushbullet] -pushbullet_enable = 0 -pushbullet_cats = *, -pushbullet_apikey = "" -pushbullet_device = "" -pushbullet_prio_startup = 0 -pushbullet_prio_download = 0 -pushbullet_prio_pause_resume = 0 -pushbullet_prio_pp = 0 -pushbullet_prio_complete = 1 -pushbullet_prio_failed = 1 -pushbullet_prio_disk_full = 1 -pushbullet_prio_new_login = 0 -pushbullet_prio_warning = 0 -pushbullet_prio_error = 0 -pushbullet_prio_queue_done = 0 -pushbullet_prio_other = 1 -pushbullet_prio_quota = 1 -[apprise] -apprise_enable = 0 -apprise_cats = *, -apprise_urls = "" -apprise_target_startup = "" -apprise_target_startup_enable = 0 -apprise_target_download = "" -apprise_target_download_enable = 0 -apprise_target_pause_resume = "" -apprise_target_pause_resume_enable = 0 -apprise_target_pp = "" -apprise_target_pp_enable = 0 -apprise_target_complete = "" -apprise_target_complete_enable = 1 -apprise_target_failed = "" -apprise_target_failed_enable = 1 -apprise_target_disk_full = "" -apprise_target_disk_full_enable = 0 -apprise_target_new_login = "" -apprise_target_new_login_enable = 1 -apprise_target_warning = "" -apprise_target_warning_enable = 0 -apprise_target_error = "" -apprise_target_error_enable = 0 -apprise_target_queue_done = "" -apprise_target_queue_done_enable = 0 -apprise_target_other = "" -apprise_target_other_enable = 1 -apprise_target_quota = "" -apprise_target_quota_enable = 1 -[nscript] -nscript_enable = 0 -nscript_cats = *, -nscript_script = "" -nscript_parameters = "" -nscript_prio_startup = 0 -nscript_prio_download = 0 -nscript_prio_pause_resume = 0 -nscript_prio_pp = 0 -nscript_prio_complete = 1 -nscript_prio_failed = 1 -nscript_prio_disk_full = 1 -nscript_prio_new_login = 0 -nscript_prio_warning = 0 -nscript_prio_error = 0 -nscript_prio_queue_done = 0 -nscript_prio_other = 1 -nscript_prio_quota = 1 -[categories] -[[*]] -name = * -order = 0 -pp = 3 -script = None -dir = "" -newzbin = "" -priority = 0 -[[movies]] -name = movies -order = 1 -pp = "" -script = Default -dir = "" -newzbin = "" -priority = -100 -[[tv]] -name = tv -order = 2 -pp = "" -script = Default -dir = "" -newzbin = "" -priority = -100 -[[audio]] -name = audio -order = 3 -pp = "" -script = Default -dir = "" -newzbin = "" -priority = -100 -[[software]] -name = software -order = 4 -pp = "" -script = Default -dir = "" -newzbin = "" -priority = -100 -[servers] -[[news.sunnyusenet.com]] -name = news.sunnyusenet.com -displayname = news.sunnyusenet.com -host = news.sunnyusenet.com -port = 563 -timeout = 60 -username = michiel@hazelhof.nl -password = dasusenet -connections = 8 -ssl = 1 -ssl_verify = 3 -ssl_ciphers = "" -enable = 1 -required = 0 -optional = 0 -retention = 0 -expire_date = "" -quota = "" -usage_at_start = 0 -priority = 1 -notes = "" diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix index a2c478f..c2d9978 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/systems/x86_64-linux/manwe/default.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ./disks.nix ./hardware.nix @@ -6,8 +7,6 @@ system.activationScripts.remove-gtkrc.text = "rm -f /home/chris/.gtkrc-2.0"; - services.logrotate.checkConfig = false; - sneeuwvlok = { hardware.has = { gpu.amd = true; @@ -20,7 +19,7 @@ animated = true; }; - desktop.use = "cosmic"; + desktop.use = "plasma"; application = { steam.enable = true; @@ -31,6 +30,7 @@ }; }; + services.displayManager.autoLogin = { enable = true; user = "chris"; diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 4203859..e8602b5 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -38,31 +38,6 @@ ''; }; - # virtualisation = { - # containers.enable = true; - # podman = { - # enable = true; - # dockerCompat = true; - # }; - - # oci-containers = { - # backend = "podman"; - # containers = { - # homey = { - # image = "ghcr.io/athombv/homey-shs:latest"; - # autoStart = true; - # privileged = true; - # volumes = [ - # "/home/chris/.homey-shs:/homey/user" - # ]; - # ports = [ - # "4859:4859" - # ]; - # }; - # }; - # }; - # }; - sneeuwvlok = { services = { backup.borg.enable = true; @@ -143,12 +118,6 @@ grantTypes = ["authorizationCode"]; responseTypes = ["code"]; }; - - grafana = { - redirectUris = ["http://localhost:9001/login/generic_oauth"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; }; }; }; @@ -195,7 +164,6 @@ media.glance.enable = true; media.mydia.enable = true; media.nfs.enable = true; - media.jellyfin.enable = true; media.servarr = { radarr = { enable = true; @@ -225,7 +193,7 @@ prowlarr = { enable = true; - # debug = true; + debug = true; port = 2004; }; }; @@ -238,6 +206,8 @@ # uptime-kuma.enable = true; }; + persistance.convex.enable = true; + security.vaultwarden = { enable = true; database = { diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 646c768..086d86d 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -4,12 +4,13 @@ email: zitadel: masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str] nix: {} - users: ENC[AES256_GCM,data:yxdJ2PmOJXXCF2NaD1QWLSuwF9AhdIBhLiZDm4GhcTb4sA3zGTyJBw5saH6P5QAwk9ngbOgn8RH0vgeYEJ0z8VzUoCaLWK5xaqLggYgd75ewNQu7Jkh6V/oSHeVfv+6NCRoq4PckHvhBHwQQ4uToaCghUbjX6VJlFSKwSAy6laG30UMIa2Q4hTQHqgVcbjpQUJSu6/ajDz3Ap0MqhCTSOPWKZ9vWZpvRnFhLhsJrTNl0w6zlCuZcy8xqn/zZo4OEuexHr29yFFohbiD9L9CLd0N6NYDMX7eHRjjdB6Ysxfkic9JSWysma/7OwPzg/KK+pQDkNi7ciR+/cT9Gqn73IFpXPvuooe+7wxe4INfGq3iAoRIYSz8=,iv:opqL2iB3sqT+/a03tTzWphFGnwrEwdKybnj/3BNzL3U=,tag:2+CMLgKdsWpPsYrkKAP5hg==,type:str] + users: ENC[AES256_GCM,data:xkjm0+PBt6gmZyfi3n3OIEe5b+d4OtN0Y3UfmdcbcJHbJZuiz+60oUjlAN0vjtsi0muufoAqtGJTIpm9nDZzzN7b7LK43TAhcuSlIm5LpbZFp1U3H4laRbTwauAT6wA0aDCfAkwTozxAuEUk1jAu+65ktJNJb7b0PR7s/I/wf7IgW2+K4Jv3LIOZIipUwfuvXuTzsxCElYRvGZXmIuXrYq1EaymksHHggemrKeMWLAae7mzz5v3aBbwxiVjQNkQkS4ApsO/5nZUat0oqXA==,iv:fptZn4NmX3iYKSEPLJAOFpt+KQ6TR1w9KaY9IF4p/Wk=,tag:UKvMOSIT5/mhfZA3usbLhQ==,type:str] forgejo: action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str] synapse: oidc_id: ENC[AES256_GCM,data:XbCpyGq0LeRJWq8dv/5Dipvp,iv:YDhgl26z1NBbIQLoLdGVz0+ze6o1ZcmgVHPfwoRj57I=,tag:y2vUuqnDmtTvVQmZCAlnLg==,type:str] oidc_secret: ENC[AES256_GCM,data:nVFi5EFbNMZ0mvrDHVYC0NiwJlo2eEw44D+Fcv9SKSb2oO00lGEDkP/oXDj5YgDq6RLQSe3f/SUOn77ntwnZYg==,iv:awe7VNUYOn9ofl1QlQTrEN5d0i5WkVM35qndruL4VXo=,tag:8Yoc9lFF9aWbtAa5fzQGEA==,type:str] +kaas: ENC[AES256_GCM,data:3yI6lH0rw+f2OFJ94Z7zb0pYwy4FDFs9rJi2wpd9VVWghmey5g4O788ypXa34XqKCQDDHDgTxwyDs6KpvCQQaLV1PDhXd4Po0SSlIOkUtCWhOf6Tp3PM2ASoE+AAAzJLJUc6AZdBJRyYU9V+UvO9jW+WmlpZpsg5crnVMzZo7f2AF0ep9A/A5BL1Y2UhYQE4LDVkLC9AL3hl8IhF5xSdZdO0ugrP0x7CKVUxA7fJyOjx7/IKVwvgKD4xlhIgv9lYPTvE2vUs+w==,iv:e6b98ZnBqf7hh3SSKGdTl63OpQm1oK95lHXdwTiLft8=,tag:IS/lDgvJvSd7OmDLP+uG1g==,type:str] radarr: apikey: ENC[AES256_GCM,data:G141GW4PyS5pbAV39HcVscMw3s30txOgTZzWaL7o+ccZfnfDLv796O6xKXdqGZ8saLsveghLw9Z6a5luusHyQ3Q5ESL6W7SVeZVTuSqSC3i/4jl75FJxhnsgVsfrnYxzLGpKiw==,iv:sZl/XLh6y3WgSAn6nH3sFB6atBifZdghm+QsCNDbcjY=,tag:Tw+R80nrF0T0yDti0Uf+ig==,type:str] sonarr: @@ -24,18 +25,8 @@ mydia: secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str] guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str] qbittorrent: - password_hash: ENC[AES256_GCM,data:yCfCslj01wtfwzzPOGlwA6wLLf+EUuEweYa3ZxvDtd/VGMxuV38quV+ob1Of+W0UH3+U4Qmgh4BK3I3IJZuKOvNdkZ0i81YBwW6cgvZUmnxwh8wokpNzxCKbYk5nF7y7SaGEdzQLvV7ad3fNMJsQ+s2zCsKWbm+j8Bwgq0E=,iv:IIktPS9pYXaYPzH0r4wrkp31CpunKnr70Ainu6hOeWY=,tag:bYCfhDfIwiQZ1tKAvITewQ==,type:str] + password_hash: ENC[AES256_GCM,data:QWuQYmfBn9eLDYztH7TmQvw74MvmzCQ98OlBtyjm1Icr2c63epRuHWzQbm+Q+1jrCSiQreOB3ZyjLzkeV6SlLonryUSD71uBWVwctgPXO0XDrxE1Vi6dkiwC3TF65JTMDhyjDLEj1YkiMP25Fz5NidJTP/r9GlXTfM7gjWo=,iv:bpgL5IoAv+1PUtgNIjLcbzN8C9z55ndypz4LEELAhLc=,tag:VB+XTCwLeIEYKnOr/0f7zA==,type:str] password: ENC[AES256_GCM,data:UepYY6UjJV/jo2aXTOEnKRtsjSqOSYPQlKlrAa7rf9rdnt2UXGjCkvN+A72pICuIBCAmhXZBAUMvmWTV9trk6NREHe0cY1xTC7pNv3x9TM/ZQmH498pbT/95pYAKwouHp9heJQ==,iv:FzjF+xPoaOp+gplxpz940V2dkWSTWe8dWUxexCoxxHc=,tag:TDZsboq9fEmmBrwJN/HTpQ==,type:str] -grafana: - oidc_id: ENC[AES256_GCM,data:NVdIgCQ6nz4BSUDJYCKyILtK,iv:tcljy9PzC/yyd7TSdngyJt+uh60uXi2PKu47czErbaQ=,tag:zE4q3dD4UQaHIpGeZ1L48Q==,type:str] - oidc_secret: ENC[AES256_GCM,data:b7qILK9ZHW2khtM1Hl/KdjCv3Wq6eOo2Ym/cbjcMB8/3Hn2UelpP4K4lFyiV3bn1/GF6Jl5Z7A0EwMybOx0InA==,iv:3HL/7BiyObwT8DmFxzNPI9CdmCH/4j/4oc9x7qBE1k0=,tag:dBhcq1zLKy6N+jp/v42R4A==,type:str] -sabnzbd: - sunnyweb: - password: ENC[AES256_GCM,data:flw8AahqO1Mx,iv:Qhu8iVWMzzqy18y8dj3aHoBnSZatm74/tYvZ456l2sA=,tag:sCYBdw7kD0zJZFFr5EyPIQ==,type:str] - username: ENC[AES256_GCM,data:IboJ8WDWuVNgvrk7c3V8I5S6Xg==,iv:BRohMuQFQz2S+HFasIaok6npT3C5v/SlhAhbLQXfB0s=,tag:M3/u0WBQ3AufHqe4DCtsrA==,type:str] - apikey: ENC[AES256_GCM,data:j5sPXKbBhMdNHOuoTfZ+c8nGu5JameOgK2z428iLdP01Hi6MvHVaN8Zs8YxMoSBtOjdtIEC8MS+3m1S1rU/P4pCRfZpK5ua1DBHq4l0xROUqokFWjDcAmJJv3pYXl0cQxQcGKQ==,iv:v5hu3gmO1Zn1FfXkHLPGN9f7JOcQjzoQahdqJwfM+xY=,tag:uI1LFcTgcyRgAaTJ1kzKow==,type:str] -whisparr: - apikey: ENC[AES256_GCM,data:kIGCsd4mszm90PoQMzlSEBKw9Ow0GvP1qdLtwXYKkAb6b65l89v8lMWJ2X1MyD2gJX+P+Bv1F/2BSjUFXErq/UYnp4dAjwKi/ezGCbhjMutDM1FvwFWEHRnR3gjd9uXPWJ8Xhg==,iv:98aPQlcZHJovpnzACDs6RtKblLnHg6wyi+Er5DAowj8=,tag:Tl8jz/pWYWAtBCfoztKdyw==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -56,7 +47,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-28T21:28:31Z" - mac: ENC[AES256_GCM,data:vkGMgBkzmA2+xRIOfgUE01XG6jvTMTpm1vWXVHdZ5xE27s2mn8i6C64t1cia0n413qlKLB3y5qcbiHdRVhdLUoZFdBgFTjfixyIXOKZeVJskjJEqg2L0wZGtYIO8Y2KrfPb925qOffr7p0NcMf4c+d6bIqxHFEGb+jR/aWDOMNo=,iv:PK1FHycgOj2wtJt1UfWEAe0mKSBVksu8KWUxljSp2oo=,tag:F/xAAxJLUDqW9Dnwgrd0Rg==,type:str] + lastmodified: "2025-12-04T11:24:52Z" + mac: ENC[AES256_GCM,data:jIgkl1lcVDSlKqJs9fjaHUAZsGL+22T86/qqKyDziHl0+VU763Ezwm8P+la+55jIIT2zLhFcUjhn2BabBi90OeEPztAC4rGpZj6+ZZ0GDCj/JhjPAAo3LgAKOCG0Xgf8MZWr/rXd6bLhW7Qj36PMJnap26rjEiUZeSvpWS2dz8g=,iv:CDx8fBI9Dl1uwrbMD1fa7/h3C7haK3xZxJI59mtL1LA=,tag:2UDRFJoevGEBKZA/9eUiOw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0