From eab9e8b58d5f180935066440305cb8024470cbbf Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 27 Nov 2025 11:15:49 +0100 Subject: [PATCH 01/43] trying some stuff --- .../services/persistance/convex/default.nix | 21 +++ .../services/persistance/convex/source.nix | 149 ++++++++++++++++++ packages/convex/default.nix | 59 +++++++ systems/x86_64-linux/ulmo/default.nix | 2 + 4 files changed, 231 insertions(+) create mode 100644 modules/nixos/services/persistance/convex/default.nix create mode 100644 modules/nixos/services/persistance/convex/source.nix create mode 100644 packages/convex/default.nix diff --git a/modules/nixos/services/persistance/convex/default.nix b/modules/nixos/services/persistance/convex/default.nix new file mode 100644 index 0000000..3e01c59 --- /dev/null +++ b/modules/nixos/services/persistance/convex/default.nix @@ -0,0 +1,21 @@ +{ config, pkgs, lib, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.services.persistance.convex; +in +{ + imports = [ ./source.nix ]; + + options.${namespace}.services.persistance.convex = { + enable = mkEnableOption "enable Convex"; + }; + + config = mkIf cfg.enable { + services.convex = { + enable = true; + package = pkgs.${namespace}.convex; + secret = "ThisIsMyAwesomeSecret"; + }; + }; +} diff --git a/modules/nixos/services/persistance/convex/source.nix b/modules/nixos/services/persistance/convex/source.nix new file mode 100644 index 0000000..c56e3ab --- /dev/null +++ b/modules/nixos/services/persistance/convex/source.nix @@ -0,0 +1,149 @@ +{ config, pkgs, lib, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption mkPackageOption mkOption optional types; + + cfg = config.services.convex; + + default_user = "convex"; + default_group = "convex"; +in +{ + options.services.convex = { + enable = mkEnableOption "enable Convex (backend only for now)"; + + package = mkPackageOption pkgs "convex" {}; + + name = lib.mkOption { + type = types.str; + default = "convex"; + description = '' + Name for the instance. + ''; + }; + + secret = lib.mkOption { + type = types.str; + default = ""; + description = '' + Secret for the instance. + ''; + }; + + apiPort = mkOption { + type = types.port; + default = 3210; + description = '' + The TCP port to use for the API. + ''; + }; + + actionsPort = mkOption { + type = types.port; + default = 3211; + description = '' + The TCP port to use for the HTTP actions. + ''; + }; + + dashboardPort = mkOption { + type = types.port; + default = 6791; + description = '' + The TCP port to use for the Dashboard. + ''; + }; + + openFirewall = lib.mkOption { + type = types.bool; + default = false; + description = '' + Whether to open ports in the firewall for the server. + ''; + }; + + user = lib.mkOption { + type = types.str; + default = default_user; + description = '' + As which user to run the service. + ''; + }; + + group = lib.mkOption { + type = types.str; + default = default_group; + description = '' + As which group to run the service. + ''; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.secret != ""; + message = '' + No secret provided for convex + ''; + } + ]; + + users = { + users.${cfg.user} = { + description = "System user for convex service"; + isSystemUser = true; + group = cfg.group; + }; + + groups.${cfg.group} = {}; + }; + + networking.firewall.allowedTCPPorts = optional cfg.openFirewall [ cfg.apiPort cfg.actionsPort cfg.dashboardPort ]; + + environment.systemPackages = [ cfg.package ]; + + systemd.services.convex = { + description = "Convex Backend server"; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${cfg.package}/bin --instance-name ${cfg.name} --instance-secret ${cfg.secret}"; + Type = "notify"; + + User = cfg.user; + Group = cfg.group; + + RuntimeDirectory = "convex"; + RuntimeDirectoryMode = "0775"; + StateDirectory = "convex"; + StateDirectoryMode = "0775"; + Umask = "0077"; + + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + + # Sandboxing + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + ]; + RestrictNamespaces = true; + LockPersonality = true; + }; + }; + }; +} diff --git a/packages/convex/default.nix b/packages/convex/default.nix new file mode 100644 index 0000000..9dab056 --- /dev/null +++ b/packages/convex/default.nix @@ -0,0 +1,59 @@ +{ + lib, + stdenv, + rustPlatform, + fetchFromGitHub, + + # dependencies + openssl, + pkg-config, + cmake, + llvmPackages, + postgresql, + sqlite, + + #options + dbBackend ? "postgresql", + + ... +}: +rustPlatform.buildRustPackage rec { + pname = "convex"; + version = "2025-08-20-c9b561e"; + + src = fetchFromGitHub { + owner = "get-convex"; + repo = "convex-backend"; + rev = "c9b561e1b365c85ef28af35d742cb7dd174b5555"; + hash = "sha256-4h4AQt+rQ+nTw6eTbbB5vqFt9MFjKYw3Z7bGXdXijJ0="; + }; + + cargoHash = "sha256-pcDNWGrk9D0qcF479QAglPLFDZp27f8RueP5/lq9jho="; + + cargoBuildFlags = [ + "-p" "local_backend" + "--bin" "convex-local-backend" + ]; + + env = { + LIBCLANG_PATH = "${llvmPackages.libclang}/lib"; + }; + + strictDeps = true; + + # Build-time dependencies + nativeBuildInputs = [ pkg-config cmake rustPlatform.bindgenHook ]; + + # Run-time dependencies + buildInputs = + [ openssl ] + ++ lib.optional (dbBackend == "sqlite") sqlite + ++ lib.optional (dbBackend == "postgresql") postgresql; + + buildFeatures = ""; + + meta = with lib; { + license = licenses.fsl11Asl20; + mainProgram = "convex"; + }; +} \ No newline at end of file diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 9d12de8..e8602b5 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -206,6 +206,8 @@ # uptime-kuma.enable = true; }; + persistance.convex.enable = true; + security.vaultwarden = { enable = true; database = { From 3730ab856ba609e381a3c35bac4d47c40dd27d8d Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 8 Dec 2025 16:31:52 +0100 Subject: [PATCH 02/43] feat: improve justfiles --- .just/machine.just | 13 ++++++++----- .just/vars.just | 15 +++++---------- .justfile | 45 ++++++++++++++++++++++++++------------------- 3 files changed, 39 insertions(+), 34 deletions(-) diff --git a/.just/machine.just b/.just/machine.just index ca10e1c..3e3ba14 100644 --- a/.just/machine.just +++ b/.just/machine.just @@ -1,11 +1,14 @@ -@_default: list +set unstable := true +set quiet := true + +_default: list [doc('List machines')] -@list: +list: ls -1 ../systems/x86_64-linux/ [doc('Update the target machine')] [no-exit-message] -@update machine: - just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nixos-rebuild switch -L --use-remote-sudo --target-host {{ machine }} --flake ..#{{ machine }} +update machine: + just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | tr '\n' ' ')" + nixos-rebuild switch --use-remote-sudo --target-host {{ machine }} --flake ..#{{ machine }} diff --git a/.just/vars.just b/.just/vars.just index 3b706da..230f00c 100644 --- a/.just/vars.just +++ b/.just/vars.just @@ -1,21 +1,16 @@ set unstable := true +set quiet := true base_path := invocation_directory() / "systems/x86_64-linux" -# sops := "nix shell nixpkgs#sops --command sops" -# yq := "nix shell nixpkgs#yq --command yq" - -sops := "sops" -yq := "yq" - -@_default: +_default: just --list [doc('list all vars of the target machine')] list machine: sops decrypt {{ base_path }}/{{ machine }}/secrets.yml -@edit machine: +edit machine: sops edit {{ base_path }}/{{ machine }}/secrets.yml @set machine key value: @@ -26,10 +21,10 @@ list machine: echo "Done" -@get machine key: +get machine key: sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')" -@remove machine key: +remove machine key: sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" git add {{ base_path }}/{{ machine }}/secrets.yml diff --git a/.justfile b/.justfile index 75537e1..1937f04 100644 --- a/.justfile +++ b/.justfile @@ -1,33 +1,40 @@ -@_default: - just --list --list-submodules +_default: + just --list --list-submodules + +set unstable +set quiet -[doc('Manage vars')] mod vars '.just/vars.just' - -[doc('Manage machines')] mod machine '.just/machine.just' [doc('Show information about project')] -@show: - echo "show" +show: + echo "show" [doc('update the flake dependencies')] -@update: - nix flake update - git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null - echo "Done" +update: + nix flake update + git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null + echo "Done" + +[doc('Rebase branch on main')] +rebase: + git stash -q \ + && git fetch \ + && git rebase origin/main \ + && git stash pop -q + + echo "Done" [doc('Introspection on flake output')] -@select key: - nix eval --show-trace --json .#{{ key }} | jq . - - +select key: + nix eval --json .#{{ key }} | jq . #=============================================================================================== # Utils -#=============================================================================================== -[no-exit-message] +# =============================================================================================== [no-cd] +[no-exit-message] [private] -@assert condition message: - [ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; } +assert condition message: + [ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; } From e849826de61f2bf2c5ba8bad4412b92c790efd97 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 8 Dec 2025 16:32:45 +0100 Subject: [PATCH 03/43] chore: update dependencies --- flake.lock | 126 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 87 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index adfa1cf..07a2120 100644 --- a/flake.lock +++ b/flake.lock @@ -84,11 +84,19 @@ "treefmt-nix": "treefmt-nix" }, "locked": { +<<<<<<< HEAD "lastModified": 1765033957, "narHash": "sha256-yL5IjUOne+h6AodxxqoqwPgRy2HXle6+W4Aa2GVJruk=", "rev": "9985ce76af367e7c9e3022c5b893418059a17491", "type": "tarball", "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/9985ce76af367e7c9e3022c5b893418059a17491.tar.gz" +======= + "lastModified": 1764220269, + "narHash": "sha256-rSSmhTCjfZLZog3qO6Q5C58pINmDv8EheGUhcojxd6c=", + "rev": "c70c04d09477ceee5820a8da4d9c0d1b50eb6cc6", + "type": "tarball", + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/c70c04d09477ceee5820a8da4d9c0d1b50eb6cc6.tar.gz" +>>>>>>> 122a796 (chore: update dependencies) }, "original": { "type": "tarball", @@ -130,11 +138,19 @@ ] }, "locked": { +<<<<<<< HEAD "lastModified": 1764627417, "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=", "owner": "nix-community", "repo": "disko", "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", +======= + "lastModified": 1764110879, + "narHash": "sha256-xanUzIb0tf3kJ+PoOFmXEXV1jM3PjkDT/TQ5DYeNYRc=", + "owner": "nix-community", + "repo": "disko", + "rev": "aecba248f9a7d68c5d1ed15de2d1c8a4c994a3c5", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -149,11 +165,19 @@ "nixpkgs": "nixpkgs" }, "locked": { +<<<<<<< HEAD "lastModified": 1764775116, "narHash": "sha256-S4fY3fytcqXBuOSbQjEVke2eqK9/e/6Jy3jp0JGM2X4=", "owner": "emmanuelrosa", "repo": "erosanix", "rev": "172661ccc78b1529a294eee5e99ca1616c934f37", +======= + "lastModified": 1763851335, + "narHash": "sha256-mmDc9dREBGGZW1iCB3AbMLBzsXrf48hJ+EzJ6g7Tdbk=", + "owner": "emmanuelrosa", + "repo": "erosanix", + "rev": "17407369c38ac2ade3be648666d30f6469908bdb", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -170,11 +194,19 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { +<<<<<<< HEAD "lastModified": 1764915802, "narHash": "sha256-eHTucU43sRCpvvTt5eey9htcWipS7ZN3B7ts6MiXLxo=", "owner": "nix-community", "repo": "fenix", "rev": "a83a78fd3587d9f3388f0b459ad9c2bbd6d1b6d8", +======= + "lastModified": 1764226020, + "narHash": "sha256-FzUCFwXNjLnnZmVqYj/FjlBhUpat59SExflEaIGT62s=", + "owner": "nix-community", + "repo": "fenix", + "rev": "2d8176c02f7be6d13578d24d5fd5049f1b46a4c5", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -190,11 +222,19 @@ "nixpkgs": "nixpkgs_2" }, "locked": { +<<<<<<< HEAD "lastModified": 1765024561, "narHash": "sha256-xtfg5gNfyiyBTfWwbKgatV1sPeJjEnUczHCaSWi+crY=", "owner": "nix-community", "repo": "flake-firefox-nightly", "rev": "e6f559729459a7890f01b258c33c1025800f5dbb", +======= + "lastModified": 1764242161, + "narHash": "sha256-Yxeu6Zm85RwER/0z0fv3mX2xaBy38PZKgdAAE57huRU=", + "owner": "nix-community", + "repo": "flake-firefox-nightly", + "rev": "ca10e2ff1ec58b1a3722ccb3c052c57c5e070780", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -574,11 +614,19 @@ "rust-overlay": "rust-overlay" }, "locked": { +<<<<<<< HEAD "lastModified": 1764617621, "narHash": "sha256-Eq0TvWs6xhKZs5HXH1hlrNasrHD7AOEdeLkTis//X7w=", "owner": "himmelblau-idm", "repo": "himmelblau", "rev": "c19494250d8c15e7c75e9301bdc271579a6dc77a", +======= + "lastModified": 1764184347, + "narHash": "sha256-xhzCn/rnBDTybHtuFV2IhCgjLMsCVpbzpEL0w//4Na8=", + "owner": "himmelblau-idm", + "repo": "himmelblau", + "rev": "9f0f6e27b6a9acdb12c4807cc1402132b21009f3", +>>>>>>> 122a796 (chore: update dependencies) "type": "github" }, "original": { @@ -594,11 +642,11 @@ ] }, "locked": { - "lastModified": 1764603455, - "narHash": "sha256-Q70rxlbrxPcTtqWIb9+71rkJESxIOou5isZBvyOieXw=", + "lastModified": 1764194569, + "narHash": "sha256-iUM9ktarEzThkayyZrzQ7oycPshAY2XRQqVKz0xX/L0=", "owner": "nix-community", "repo": "home-manager", - "rev": "effe4c007d6243d9e69ce2242d76a2471c1b8d5c", + "rev": "9651819d75f6c7ffaf8a9227490ac704f29659f0", "type": "github" }, "original": { @@ -636,11 +684,11 @@ ] }, "locked": { - "lastModified": 1764612577, - "narHash": "sha256-sHI+7m/ryVYf7agWkutYbvzUS07aAd8g2NVWgUqhxLg=", + "lastModified": 1764236397, + "narHash": "sha256-s/6WrJJryLI6BgphsY8l0s0UmGUg3mgkSFuvvsbN0FM=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "bcb22e208cf8883004fcec3a33f2500e7dc319a5", + "rev": "50026908d1501193afdcccdf7359d1a485074eda", "type": "github" }, "original": { @@ -752,11 +800,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1764556167, - "narHash": "sha256-/b+oEls56HDRzsSp60tsRfPFRjFebBPHq6k1I+hfPqw=", + "lastModified": 1764208886, + "narHash": "sha256-voOx8RsK3miw3EHw05nwuOS4ltzeH8tKJnVr+mxtTPQ=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "849d1b2b1adddfc7bddbd3be6bffd218a3f5a6fe", + "rev": "7da8a2d675f9cc56b3f6d654b4cccdca5016ac8e", "type": "github" }, "original": { @@ -852,11 +900,11 @@ ] }, "locked": { - "lastModified": 1764591717, - "narHash": "sha256-T/HMA0Bb/O6UnlGQ0Xt+wGe1j8m7eyyQ5+vVcCJslsM=", + "lastModified": 1764072830, + "narHash": "sha256-ezkjlUCohD9o9c47Ey0/I4CamSS0QEORTqGvyGqMud0=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "84d1dab290feb4865d0cfcffc7aa0cf9bc65c3b7", + "rev": "c7832dd786175e20f2697179e0e03efadffe4201", "type": "github" }, "original": { @@ -914,11 +962,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764547213, - "narHash": "sha256-pGXM6frMKLRJmeMcQ228O1QQBuNEUjzmWx9uBd+CbXM=", + "lastModified": 1764201071, + "narHash": "sha256-ACX5IcJTSoZYBPVtgFAOHvo/FZ70n9AmaAhoeIF+O9Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "64de27c1c985895c1a9f92aaeaab4e6a4c0960f5", + "rev": "8c40e16ba896a3657226780454734265b0534f6a", "type": "github" }, "original": { @@ -946,11 +994,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1764618760, - "narHash": "sha256-QTUgygkdUq4sq7mXoO2Q2IPpvkKOZtTAJkbTaTjMi0A=", + "lastModified": 1764243589, + "narHash": "sha256-JoCEZJaU1Ex0MFG3A2DwTtu+jOCLigyXUAmlZLROBdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "29a7d6eec7e1177020f62f7599e5021317219c37", + "rev": "57dcc6d4a389a7b6d1fb4cf20c9435f12b11f98d", "type": "github" }, "original": { @@ -994,11 +1042,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1764517877, - "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", + "lastModified": 1763966396, + "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", + "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", "type": "github" }, "original": { @@ -1026,11 +1074,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1764445028, - "narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=", + "lastModified": 1763618868, + "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a09378c0108815dbf3961a0e085936f4146ec415", + "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", "type": "github" }, "original": { @@ -1139,11 +1187,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1764525349, - "narHash": "sha256-vR3vU9AwzMsBvjNeeG2inA5W/2MwseFk5NIIrLFEMHk=", + "lastModified": 1764175386, + "narHash": "sha256-LfgFqvPz3C80VjaffSjy8lLyRWfbThhB7gE7IWXHjYU=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "d646b23f000d099d845f999c2c1e05b15d9cdc78", + "rev": "71ddf07c1c75046df3bb496cf824de5c053d99ad", "type": "github" }, "original": { @@ -1204,11 +1252,11 @@ ] }, "locked": { - "lastModified": 1764483358, - "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", + "lastModified": 1764021963, + "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5aca6ff67264321d47856a2ed183729271107c9c", + "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "type": "github" }, "original": { @@ -1222,11 +1270,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1764483358, - "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", + "lastModified": 1764021963, + "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5aca6ff67264321d47856a2ed183729271107c9c", + "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "type": "github" }, "original": { @@ -1254,11 +1302,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1764550443, - "narHash": "sha256-ArO2V1YEHmEILilTj4KPtqF4gqc1q2HBrrrmygQ/UyU=", + "lastModified": 1764191810, + "narHash": "sha256-rofXPD/9TGpHveo1MTlUfpnF0MCG1/uHUB9f0rosdqc=", "owner": "nix-community", "repo": "stylix", - "rev": "794b6e1fa75177ebfeb32967f135858a1ab1ba15", + "rev": "70c444a10d0c9ef71a25580dfa79af9cd43f3a5e", "type": "github" }, "original": { @@ -1519,11 +1567,11 @@ ] }, "locked": { - "lastModified": 1764598958, - "narHash": "sha256-sJQHRL8trBoG/ArR+mUlyp5cyKU0pgQY+qDQzZGnVgM=", + "lastModified": 1764217570, + "narHash": "sha256-vgqUC6lI/gW70uekA0bpNFU6yR0tcZRfLIZcxGfN76g=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "8cded25e10b13e2999241f1c73a7d4e5e5d6f69e", + "rev": "3dc281d86044322f9182b20abbc21db8824c130a", "type": "github" }, "original": { From f210c5b5adb44405826e6330eba088e1d4b7f18e Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 9 Dec 2025 07:20:31 +0000 Subject: [PATCH 04/43] chore: update dependencies --- flake.lock | 130 ++++++++++++++++++++++++++--------------------------- 1 file changed, 65 insertions(+), 65 deletions(-) diff --git a/flake.lock b/flake.lock index adfa1cf..6f6ed7e 100644 --- a/flake.lock +++ b/flake.lock @@ -84,11 +84,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1765033957, - "narHash": "sha256-yL5IjUOne+h6AodxxqoqwPgRy2HXle6+W4Aa2GVJruk=", - "rev": "9985ce76af367e7c9e3022c5b893418059a17491", + "lastModified": 1765256668, + "narHash": "sha256-kUcoFL7wNAzJhoHACpCrBOKdjwCRKgunrCV2p6LRqeQ=", + "rev": "c57b02cdf2c8fe313072a71c3433e7110640ce97", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/9985ce76af367e7c9e3022c5b893418059a17491.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/c57b02cdf2c8fe313072a71c3433e7110640ce97.tar.gz" }, "original": { "type": "tarball", @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1762942435, - "narHash": "sha256-zIWGs5FIytTtJN+dhDb8Yx+q4TQI/yczuL539yVcyPE=", - "rev": "0ee328404b12c65e8106bde9e9fab8abf4ecada4", + "lastModified": 1765163284, + "narHash": "sha256-tCrc6IyhXrMTTeF5lZHlwbfMBvDUr0OM5Uz+kToJ+ow=", + "rev": "986035f01ba7339c6c9d80f37aec9c5f93dfa47f", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0ee328404b12c65e8106bde9e9fab8abf4ecada4.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/986035f01ba7339c6c9d80f37aec9c5f93dfa47f.tar.gz" }, "original": { "type": "tarball", @@ -170,11 +170,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1764915802, - "narHash": "sha256-eHTucU43sRCpvvTt5eey9htcWipS7ZN3B7ts6MiXLxo=", + "lastModified": 1765252472, + "narHash": "sha256-byMt/uMi7DJ8tRniFopDFZMO3leSjGp6GS4zWOFT+uQ=", "owner": "nix-community", "repo": "fenix", - "rev": "a83a78fd3587d9f3388f0b459ad9c2bbd6d1b6d8", + "rev": "8456b985f6652e3eef0632ee9992b439735c5544", "type": "github" }, "original": { @@ -190,11 +190,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1765024561, - "narHash": "sha256-xtfg5gNfyiyBTfWwbKgatV1sPeJjEnUczHCaSWi+crY=", + "lastModified": 1765243386, + "narHash": "sha256-JhKIDDrkGLZHFExPSzLLlmiPp2+/Sr0uzMMevzIJ4kQ=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "e6f559729459a7890f01b258c33c1025800f5dbb", + "rev": "8aa54e856394834c594f423c30ae871041e263c1", "type": "github" }, "original": { @@ -574,11 +574,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1764617621, - "narHash": "sha256-Eq0TvWs6xhKZs5HXH1hlrNasrHD7AOEdeLkTis//X7w=", + "lastModified": 1765227577, + "narHash": "sha256-2YyCvI3aGFkFfT6JKmaer8YyhwAk6lJwO6vCikqJwa8=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "c19494250d8c15e7c75e9301bdc271579a6dc77a", + "rev": "70b63803f6429dafa20be0035548072092e0e512", "type": "github" }, "original": { @@ -594,11 +594,11 @@ ] }, "locked": { - "lastModified": 1764603455, - "narHash": "sha256-Q70rxlbrxPcTtqWIb9+71rkJESxIOou5isZBvyOieXw=", + "lastModified": 1765217760, + "narHash": "sha256-BVVyAodLcAD8KOtR3yCStBHSE0WAH/xQWH9f0qsxbmk=", "owner": "nix-community", "repo": "home-manager", - "rev": "effe4c007d6243d9e69ce2242d76a2471c1b8d5c", + "rev": "e5b1f87841810fc24772bf4389f9793702000c9b", "type": "github" }, "original": { @@ -636,11 +636,11 @@ ] }, "locked": { - "lastModified": 1764612577, - "narHash": "sha256-sHI+7m/ryVYf7agWkutYbvzUS07aAd8g2NVWgUqhxLg=", + "lastModified": 1764922999, + "narHash": "sha256-LSvUxKm6S6ZAd/otQSkAHd3+8KJhi8OwGJGSe0K//B8=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "bcb22e208cf8883004fcec3a33f2500e7dc319a5", + "rev": "9b9ead1b5591b68f4048e7205ba1397bc85ce6c4", "type": "github" }, "original": { @@ -655,11 +655,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1764506612, - "narHash": "sha256-47a2OvGsq1AfffWQqKAGlB9GjmoVa1yXVyfZP3f3kog=", + "lastModified": 1765111385, + "narHash": "sha256-Gn8IIq9FGLvQSDK2bXKzsqqkgKExTExLkYfH7n8Nnpk=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "f7208cc4a3200a2573fc566066ef4d3c041bc924", + "rev": "e562ca084a8b3490337d446f1e0d6afadb509d1e", "type": "github" }, "original": { @@ -752,11 +752,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1764556167, - "narHash": "sha256-/b+oEls56HDRzsSp60tsRfPFRjFebBPHq6k1I+hfPqw=", + "lastModified": 1765245994, + "narHash": "sha256-6mra5F/nfee/MXqSXMSxSpjll6U/jfo8D9X+5H2ldmM=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "849d1b2b1adddfc7bddbd3be6bffd218a3f5a6fe", + "rev": "b83769c7fd3f3ab87221fdfda23f454ae95efc46", "type": "github" }, "original": { @@ -852,11 +852,11 @@ ] }, "locked": { - "lastModified": 1764591717, - "narHash": "sha256-T/HMA0Bb/O6UnlGQ0Xt+wGe1j8m7eyyQ5+vVcCJslsM=", + "lastModified": 1765191003, + "narHash": "sha256-d3b3eQsdgXZDW/y4fmDuNiGBjZzwFrLhwD5i3NmM1mM=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "84d1dab290feb4865d0cfcffc7aa0cf9bc65c3b7", + "rev": "a16b061ec61831755df35fae916d19b0ac5a43cc", "type": "github" }, "original": { @@ -883,11 +883,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1764465291, - "narHash": "sha256-jJ/E4B9Hp7U2ZmT3E0tD1LtAfATw/xjVf8sueNyeYmc=", + "lastModified": 1765070080, + "narHash": "sha256-5D1Mcm2dQ1aPzQ0sbXluHVUHququ8A7PKJd7M3eI9+E=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e9537535ae8f4a2f78dbef0aaa0cbb6af4abd047", + "rev": "e0cad9791b0c168931ae562977703b72d9360836", "type": "github" }, "original": { @@ -914,11 +914,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764547213, - "narHash": "sha256-pGXM6frMKLRJmeMcQ228O1QQBuNEUjzmWx9uBd+CbXM=", + "lastModified": 1765183668, + "narHash": "sha256-TBA7CE44IHYfvOPBWcyLncpVrrKEiXWPdOrF8CD6W84=", "owner": "nixos", "repo": "nixpkgs", - "rev": "64de27c1c985895c1a9f92aaeaab4e6a4c0960f5", + "rev": "fc2de1563f89f0843eba27f14576d261df0e3b80", "type": "github" }, "original": { @@ -946,11 +946,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1764618760, - "narHash": "sha256-QTUgygkdUq4sq7mXoO2Q2IPpvkKOZtTAJkbTaTjMi0A=", + "lastModified": 1765264094, + "narHash": "sha256-BCYwzfbI353cpjFesVAcEelBrkPOhu5cQMBNPADkEj4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "29a7d6eec7e1177020f62f7599e5021317219c37", + "rev": "e82b0773d332dc78ba550aa46227f21057cbaff8", "type": "github" }, "original": { @@ -994,11 +994,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1764517877, - "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", + "lastModified": 1764950072, + "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", + "rev": "f61125a668a320878494449750330ca58b78c557", "type": "github" }, "original": { @@ -1026,11 +1026,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1764445028, - "narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=", + "lastModified": 1764947035, + "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a09378c0108815dbf3961a0e085936f4146ec415", + "rev": "a672be65651c80d3f592a89b3945466584a22069", "type": "github" }, "original": { @@ -1074,11 +1074,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1764904740, - "narHash": "sha256-TzqXUQlESmS5XGJ3tR1/xdoU0vySyp6YUUpmGF5F0kY=", + "lastModified": 1765119282, + "narHash": "sha256-iI0fuBBYJMnOprGD2L+rum2P8lHMcZ5n35hzdlpwayI=", "owner": "notashelf", "repo": "nvf", - "rev": "249cabe0c5392c384c82fa9d28d3f49fbeb04266", + "rev": "26c4a7e3c33e739d474ddaf52aa4c5f3d11922ba", "type": "github" }, "original": { @@ -1139,11 +1139,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1764525349, - "narHash": "sha256-vR3vU9AwzMsBvjNeeG2inA5W/2MwseFk5NIIrLFEMHk=", + "lastModified": 1765120009, + "narHash": "sha256-nG76b87rkaDzibWbnB5bYDm6a52b78A+fpm+03pqYIw=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "d646b23f000d099d845f999c2c1e05b15d9cdc78", + "rev": "5e3e9c4e61bba8a5e72134b9ffefbef8f531d008", "type": "github" }, "original": { @@ -1204,11 +1204,11 @@ ] }, "locked": { - "lastModified": 1764483358, - "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", + "lastModified": 1765231718, + "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5aca6ff67264321d47856a2ed183729271107c9c", + "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", "type": "github" }, "original": { @@ -1222,11 +1222,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1764483358, - "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", + "lastModified": 1765231718, + "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5aca6ff67264321d47856a2ed183729271107c9c", + "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", "type": "github" }, "original": { @@ -1254,11 +1254,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1764550443, - "narHash": "sha256-ArO2V1YEHmEILilTj4KPtqF4gqc1q2HBrrrmygQ/UyU=", + "lastModified": 1765047449, + "narHash": "sha256-VQcqjJ2g0kT9TW4ENwA2HBQJzfbCUd5s1Wm3K+R2QZY=", "owner": "nix-community", "repo": "stylix", - "rev": "794b6e1fa75177ebfeb32967f135858a1ab1ba15", + "rev": "bd00e01aab676aee88e6cc5c9238b4a5a7d6639a", "type": "github" }, "original": { @@ -1519,11 +1519,11 @@ ] }, "locked": { - "lastModified": 1764598958, - "narHash": "sha256-sJQHRL8trBoG/ArR+mUlyp5cyKU0pgQY+qDQzZGnVgM=", + "lastModified": 1765175766, + "narHash": "sha256-M4zs4bVUv0UNuVGspwwlcGs5FpCDt52LQBA5a9nj5Lg=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "8cded25e10b13e2999241f1c73a7d4e5e5d6f69e", + "rev": "5126a8426773dc213a8c0f0d646aca116194dab6", "type": "github" }, "original": { From 03e8fea254eb6e3f6d0c51fdcf3dd12abab55bf3 Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 9 Dec 2025 14:53:08 +0000 Subject: [PATCH 05/43] chore(secrets): set secret "grafana/oidc_id" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 086d86d..4e02424 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -27,6 +27,8 @@ mydia: qbittorrent: password_hash: ENC[AES256_GCM,data:QWuQYmfBn9eLDYztH7TmQvw74MvmzCQ98OlBtyjm1Icr2c63epRuHWzQbm+Q+1jrCSiQreOB3ZyjLzkeV6SlLonryUSD71uBWVwctgPXO0XDrxE1Vi6dkiwC3TF65JTMDhyjDLEj1YkiMP25Fz5NidJTP/r9GlXTfM7gjWo=,iv:bpgL5IoAv+1PUtgNIjLcbzN8C9z55ndypz4LEELAhLc=,tag:VB+XTCwLeIEYKnOr/0f7zA==,type:str] password: ENC[AES256_GCM,data:UepYY6UjJV/jo2aXTOEnKRtsjSqOSYPQlKlrAa7rf9rdnt2UXGjCkvN+A72pICuIBCAmhXZBAUMvmWTV9trk6NREHe0cY1xTC7pNv3x9TM/ZQmH498pbT/95pYAKwouHp9heJQ==,iv:FzjF+xPoaOp+gplxpz940V2dkWSTWe8dWUxexCoxxHc=,tag:TDZsboq9fEmmBrwJN/HTpQ==,type:str] +grafana: + oidc_id: ENC[AES256_GCM,data:NVdIgCQ6nz4BSUDJYCKyILtK,iv:tcljy9PzC/yyd7TSdngyJt+uh60uXi2PKu47czErbaQ=,tag:zE4q3dD4UQaHIpGeZ1L48Q==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -47,7 +49,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-04T11:24:52Z" - mac: ENC[AES256_GCM,data:jIgkl1lcVDSlKqJs9fjaHUAZsGL+22T86/qqKyDziHl0+VU763Ezwm8P+la+55jIIT2zLhFcUjhn2BabBi90OeEPztAC4rGpZj6+ZZ0GDCj/JhjPAAo3LgAKOCG0Xgf8MZWr/rXd6bLhW7Qj36PMJnap26rjEiUZeSvpWS2dz8g=,iv:CDx8fBI9Dl1uwrbMD1fa7/h3C7haK3xZxJI59mtL1LA=,tag:2UDRFJoevGEBKZA/9eUiOw==,type:str] + lastmodified: "2025-12-09T14:53:07Z" + mac: ENC[AES256_GCM,data:/dncb2tqTpQiUdAtmR9xhd22Sl2RBUtL7OIawP25ZHd1S6fwAAiwSC/8p3Zn/dYXv4M4Gq/EJ6CzrZD2V5hYob/K1DlEmBZDf1O53oDU+CneMo0SGXwWI9aZWJRwHW2r+zi6wO2cfQKStryPTJe2gwZFzokSG7+zC2x18yKKdhw=,iv:YVZfXN1iUcnxs94f+ikL8bVVAIM4a2Yh9gU71LhVJ8c=,tag:1nCTSVFhpevhCImLayWffg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From f295f0fc487acc96e1ae6fde0d42a5f60549dede Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 9 Dec 2025 14:53:26 +0000 Subject: [PATCH 06/43] chore(secrets): set secret "grafana/oidc_secret" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 4e02424..745479d 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -29,6 +29,7 @@ qbittorrent: password: ENC[AES256_GCM,data:UepYY6UjJV/jo2aXTOEnKRtsjSqOSYPQlKlrAa7rf9rdnt2UXGjCkvN+A72pICuIBCAmhXZBAUMvmWTV9trk6NREHe0cY1xTC7pNv3x9TM/ZQmH498pbT/95pYAKwouHp9heJQ==,iv:FzjF+xPoaOp+gplxpz940V2dkWSTWe8dWUxexCoxxHc=,tag:TDZsboq9fEmmBrwJN/HTpQ==,type:str] grafana: oidc_id: ENC[AES256_GCM,data:NVdIgCQ6nz4BSUDJYCKyILtK,iv:tcljy9PzC/yyd7TSdngyJt+uh60uXi2PKu47czErbaQ=,tag:zE4q3dD4UQaHIpGeZ1L48Q==,type:str] + oidc_secret: ENC[AES256_GCM,data:b7qILK9ZHW2khtM1Hl/KdjCv3Wq6eOo2Ym/cbjcMB8/3Hn2UelpP4K4lFyiV3bn1/GF6Jl5Z7A0EwMybOx0InA==,iv:3HL/7BiyObwT8DmFxzNPI9CdmCH/4j/4oc9x7qBE1k0=,tag:dBhcq1zLKy6N+jp/v42R4A==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -49,7 +50,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-09T14:53:07Z" - mac: ENC[AES256_GCM,data:/dncb2tqTpQiUdAtmR9xhd22Sl2RBUtL7OIawP25ZHd1S6fwAAiwSC/8p3Zn/dYXv4M4Gq/EJ6CzrZD2V5hYob/K1DlEmBZDf1O53oDU+CneMo0SGXwWI9aZWJRwHW2r+zi6wO2cfQKStryPTJe2gwZFzokSG7+zC2x18yKKdhw=,iv:YVZfXN1iUcnxs94f+ikL8bVVAIM4a2Yh9gU71LhVJ8c=,tag:1nCTSVFhpevhCImLayWffg==,type:str] + lastmodified: "2025-12-09T14:53:25Z" + mac: ENC[AES256_GCM,data:bb6YXIClIRCEyvQEYQpuzjqSgAvcHr0Avb0t+HSIoIY69cnCojNxb1cN53b0HBV69qOiXgKlXcQrI4ry2qokfRbAAlp9w5g978+E3fnlefBxGY2wHEeJZL/27BXq7nEfvdepcLVM+o5PMn0iiYUR42OYJkXxAHXqhYNdt9kWjMM=,iv:QfIB9WckrxK2YXMTNVWgUjt6F+QG96KzUlwlYPM5WBc=,tag:X69yLpEsu//3HgtSuHoQig==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 6af9101a135e9c38215177043468eaea0e38b719 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Tue, 9 Dec 2025 16:17:26 +0100 Subject: [PATCH 07/43] feat: add oidc from sops for grafana --- .../observability/grafana/default.nix | 33 ++++++++++++++----- systems/x86_64-linux/ulmo/default.nix | 6 ++++ 2 files changed, 31 insertions(+), 8 deletions(-) diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index 6503493..05d3570 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -1,5 +1,10 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + namespace, + ... +}: let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; @@ -7,8 +12,7 @@ let db_user = "grafana"; db_name = "grafana"; -in -{ +in { options.${namespace}.services.observability.grafana = { enable = mkEnableOption "enable Grafana"; }; @@ -35,8 +39,8 @@ in "auth.generic_oauth" = { enable = true; name = "Zitadel"; - client_id = "334170712283611395"; - client_secret = "AFjypmURdladmQn1gz2Ke0Ta5LQXapnuKkALVZ43riCL4qWicgV2Z6RlwpoWBZg1"; + client_id = "$__file{${config.sops.secrets."grafana/oidc_id".path}}"; + client_secret = "$__file{${config.sops.secrets."grafana/oidc_secret".path}}"; scopes = "openid email profile offline_access urn:zitadel:iam:org:project:roles"; email_attribute_path = "email"; login_attribute_path = "username"; @@ -64,7 +68,7 @@ in allow_sign_up = false; allow_org_create = false; viewers_can_edit = false; - + default_theme = "system"; }; @@ -115,7 +119,7 @@ in postgresql = { enable = true; - ensureDatabases = [ db_name ]; + ensureDatabases = [db_name]; ensureUsers = [ { name = db_user; @@ -126,5 +130,18 @@ in }; environment.etc."/grafana/dashboards/default.json".source = ./dashboards/default.json; + + sops = { + secrets = { + "grafana/oidc_id" = { + owner = "grafana"; + group = "grafana"; + }; + "grafana/oidc_secret" = { + owner = "grafana"; + group = "grafana"; + }; + }; + }; }; } diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index 9d12de8..e661dd8 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -118,6 +118,12 @@ grantTypes = ["authorizationCode"]; responseTypes = ["code"]; }; + + grafana = { + redirectUris = ["http://localhost:9001/login/generic_oauth"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; }; }; }; From 4624b0b0f7037da54c00b7d1bdf68653c0ee8ea8 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Tue, 9 Dec 2025 16:18:09 +0100 Subject: [PATCH 08/43] wip: setting up download clients in the arr stack --- modules/nixos/services/media/default.nix | 20 ------- .../nixos/services/media/servarr/default.nix | 54 ++++++++++++++++--- 2 files changed, 47 insertions(+), 27 deletions(-) diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index d257aea..79d2307 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -106,25 +106,5 @@ in { }; systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; - - sops = { - secrets = { - # "qbittorrent/password" = {}; - "qbittorrent/password_hash" = {}; - }; - - templates = { - "qbittorrent/password.conf" = { - owner = cfg.user; - group = cfg.group; - restartUnits = ["qbittorrent.service"]; - path = "${config.services.qbittorrent.profileDir}/qBittorrent/config/password.conf"; - content = '' - [Preferences] - WebUI\Password_PBKDF2="${config.sops.placeholder."qbittorrent/password_hash"}" - ''; - }; - }; - }; }; } diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 373e09b..c09e66f 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -72,10 +72,8 @@ in { group = "media"; }); })) - |> lib.mkMerge - |> (set: - set - // { + |> lib.concat [ + { qbittorrent = { enable = true; openFirewall = true; @@ -86,6 +84,7 @@ in { Prefecences.WebUI = { Username = "admin"; + Password_PBKDF2 = "@ByteArray(JpfX3wSUcMolUFD+8AD67w==:fr5kmc6sK9xsCfGW6HkPX2K1lPYHL6g2ncLLwuOVmjphmxkwBJ8pi/XQDsDWzyM/MRh5zPhUld2Xqn8o7BWv3Q==)"; }; }; @@ -97,7 +96,7 @@ in { sabnzbd = { enable = true; openFirewall = true; - configFile = "${cfg.path}/sabnzbd/config.ini"; + configFile = config.sops.templates."sabnzbd/config.ini".path; user = "sabnzbd"; group = "media"; @@ -113,7 +112,9 @@ in { ensureDBOwnership = true; }); }; - }); + } + ] + |> lib.mkMerge; systemd.services = cfg @@ -125,6 +126,8 @@ in { ... }: (mkIf enable { "${service}ApplyTerraform" = let + config' = config; + terraformConfiguration = inputs.terranix.lib.terranixConfiguration { inherit system; @@ -168,6 +171,30 @@ in { |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) |> lib.listToAttrs ); + + "${service}_download_client_qbittorrent" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + "main" = { + name = "qBittorrent"; + enable = true; + priority = 1; + host = "localhost"; + username = "admin"; + password = "poChieN5feeph0igeaCadeJ9Xux0ohmuy6ruH5ieThaPheib3iuzoo0ahw1aiceif1feegioh9Aimau0pai5thoh5ieH0aechohw"; + url_base = "/"; + port = 2008; + }; + }; + + # "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + # "main" = { + # name = "SABnzbd"; + # enable = true; + # priority = 1; + # host = "localhost"; + # url_base = "/"; + # port = 8080; + # }; + # }; }; }; }) @@ -204,7 +231,7 @@ in { cp -f ${terraformConfiguration} config.tf.json # Initialize OpenTofu - ${lib.getExe pkgs.opentofu} init -upgrade + ${lib.getExe pkgs.opentofu} init # Run the infrastructure code ${lib.getExe pkgs.opentofu} \ @@ -272,6 +299,19 @@ in { }; }; })) + |> lib.concat [ + { + templates = { + "sabnzbd/config.ini" = { + owner = "sabnzbd"; + group = "media"; + content = '' + + ''; + }; + }; + } + ] |> lib.mkMerge; }; } From f2a0d05f16f5d44b5806b6eebb119122bfa95239 Mon Sep 17 00:00:00 2001 From: chris Date: Wed, 10 Dec 2025 07:21:08 +0000 Subject: [PATCH 09/43] chore(secrets): set secret "qbittorrent/password_hash" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 745479d..12a3115 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -25,7 +25,7 @@ mydia: secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str] guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str] qbittorrent: - password_hash: ENC[AES256_GCM,data:QWuQYmfBn9eLDYztH7TmQvw74MvmzCQ98OlBtyjm1Icr2c63epRuHWzQbm+Q+1jrCSiQreOB3ZyjLzkeV6SlLonryUSD71uBWVwctgPXO0XDrxE1Vi6dkiwC3TF65JTMDhyjDLEj1YkiMP25Fz5NidJTP/r9GlXTfM7gjWo=,iv:bpgL5IoAv+1PUtgNIjLcbzN8C9z55ndypz4LEELAhLc=,tag:VB+XTCwLeIEYKnOr/0f7zA==,type:str] + password_hash: ENC[AES256_GCM,data:yCfCslj01wtfwzzPOGlwA6wLLf+EUuEweYa3ZxvDtd/VGMxuV38quV+ob1Of+W0UH3+U4Qmgh4BK3I3IJZuKOvNdkZ0i81YBwW6cgvZUmnxwh8wokpNzxCKbYk5nF7y7SaGEdzQLvV7ad3fNMJsQ+s2zCsKWbm+j8Bwgq0E=,iv:IIktPS9pYXaYPzH0r4wrkp31CpunKnr70Ainu6hOeWY=,tag:bYCfhDfIwiQZ1tKAvITewQ==,type:str] password: ENC[AES256_GCM,data:UepYY6UjJV/jo2aXTOEnKRtsjSqOSYPQlKlrAa7rf9rdnt2UXGjCkvN+A72pICuIBCAmhXZBAUMvmWTV9trk6NREHe0cY1xTC7pNv3x9TM/ZQmH498pbT/95pYAKwouHp9heJQ==,iv:FzjF+xPoaOp+gplxpz940V2dkWSTWe8dWUxexCoxxHc=,tag:TDZsboq9fEmmBrwJN/HTpQ==,type:str] grafana: oidc_id: ENC[AES256_GCM,data:NVdIgCQ6nz4BSUDJYCKyILtK,iv:tcljy9PzC/yyd7TSdngyJt+uh60uXi2PKu47czErbaQ=,tag:zE4q3dD4UQaHIpGeZ1L48Q==,type:str] @@ -50,7 +50,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-09T14:53:25Z" - mac: ENC[AES256_GCM,data:bb6YXIClIRCEyvQEYQpuzjqSgAvcHr0Avb0t+HSIoIY69cnCojNxb1cN53b0HBV69qOiXgKlXcQrI4ry2qokfRbAAlp9w5g978+E3fnlefBxGY2wHEeJZL/27BXq7nEfvdepcLVM+o5PMn0iiYUR42OYJkXxAHXqhYNdt9kWjMM=,iv:QfIB9WckrxK2YXMTNVWgUjt6F+QG96KzUlwlYPM5WBc=,tag:X69yLpEsu//3HgtSuHoQig==,type:str] + lastmodified: "2025-12-10T07:21:06Z" + mac: ENC[AES256_GCM,data:eKWrwVqOXeVz0+IRushA+N+qN6OL9gTXArNELBjIovMrxYwEgDDa+cqIQ4rpkFBzkMZE+tBhM2K+LFOI9CVrEb4LfhvGx75QI9yz2n7etJJlrXD06yKmI1dbkQ1D0zcpGkuf7poa+R06B+PPgDjI+NkgCZYaeZ4VvOlAEubVAR0=,iv:OQYowrnu3saxSA1R9xVcD1BCC936KRLC7HIQ6m0+uS0=,tag:SnBjtM1hrrN860vO8oP/3w==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From d09699f6e9d9a1941a69d9dee0aeb715d96bfc62 Mon Sep 17 00:00:00 2001 From: chris Date: Wed, 10 Dec 2025 09:29:33 +0000 Subject: [PATCH 10/43] chore(secrets): set secret "sabnzbd/sunnyweb/password" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 12a3115..606c924 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -30,6 +30,9 @@ qbittorrent: grafana: oidc_id: ENC[AES256_GCM,data:NVdIgCQ6nz4BSUDJYCKyILtK,iv:tcljy9PzC/yyd7TSdngyJt+uh60uXi2PKu47czErbaQ=,tag:zE4q3dD4UQaHIpGeZ1L48Q==,type:str] oidc_secret: ENC[AES256_GCM,data:b7qILK9ZHW2khtM1Hl/KdjCv3Wq6eOo2Ym/cbjcMB8/3Hn2UelpP4K4lFyiV3bn1/GF6Jl5Z7A0EwMybOx0InA==,iv:3HL/7BiyObwT8DmFxzNPI9CdmCH/4j/4oc9x7qBE1k0=,tag:dBhcq1zLKy6N+jp/v42R4A==,type:str] +sabnzbd: + sunnyweb: + password: ENC[AES256_GCM,data:flw8AahqO1Mx,iv:Qhu8iVWMzzqy18y8dj3aHoBnSZatm74/tYvZ456l2sA=,tag:sCYBdw7kD0zJZFFr5EyPIQ==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -50,7 +53,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-10T07:21:06Z" - mac: ENC[AES256_GCM,data:eKWrwVqOXeVz0+IRushA+N+qN6OL9gTXArNELBjIovMrxYwEgDDa+cqIQ4rpkFBzkMZE+tBhM2K+LFOI9CVrEb4LfhvGx75QI9yz2n7etJJlrXD06yKmI1dbkQ1D0zcpGkuf7poa+R06B+PPgDjI+NkgCZYaeZ4VvOlAEubVAR0=,iv:OQYowrnu3saxSA1R9xVcD1BCC936KRLC7HIQ6m0+uS0=,tag:SnBjtM1hrrN860vO8oP/3w==,type:str] + lastmodified: "2025-12-10T09:29:32Z" + mac: ENC[AES256_GCM,data:8gr/VN9Hx5YIWKmqSpRTknlVZz9oJOCN8D43jq+gS9hRaLzbZcnKaxeECPfKwcSaKa3dyGNcyegQqsW8/7aC0dU5kQRmPrI5DftWRhjJRBgFyng8sMln8u8FcfgX1PkmPN/vTvWCzKWgaCiIt9f6nmTlGX7GAbatMax/tU/04Tw=,iv:js7VPZrvhll1fkh+IVDktqS+FbxfYO2g0gEQ04b5jc0=,tag:fNWrytKXUcuGApOoA9hUsg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From a2b1664c2272f30f2b5cde8175ba94a7cf23b12d Mon Sep 17 00:00:00 2001 From: chris Date: Wed, 10 Dec 2025 09:30:20 +0000 Subject: [PATCH 11/43] chore(secrets): set secret "sabnzbd/sunnyweb/username" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 606c924..cbb8b16 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -33,6 +33,7 @@ grafana: sabnzbd: sunnyweb: password: ENC[AES256_GCM,data:flw8AahqO1Mx,iv:Qhu8iVWMzzqy18y8dj3aHoBnSZatm74/tYvZ456l2sA=,tag:sCYBdw7kD0zJZFFr5EyPIQ==,type:str] + username: ENC[AES256_GCM,data:IboJ8WDWuVNgvrk7c3V8I5S6Xg==,iv:BRohMuQFQz2S+HFasIaok6npT3C5v/SlhAhbLQXfB0s=,tag:M3/u0WBQ3AufHqe4DCtsrA==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -53,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-10T09:29:32Z" - mac: ENC[AES256_GCM,data:8gr/VN9Hx5YIWKmqSpRTknlVZz9oJOCN8D43jq+gS9hRaLzbZcnKaxeECPfKwcSaKa3dyGNcyegQqsW8/7aC0dU5kQRmPrI5DftWRhjJRBgFyng8sMln8u8FcfgX1PkmPN/vTvWCzKWgaCiIt9f6nmTlGX7GAbatMax/tU/04Tw=,iv:js7VPZrvhll1fkh+IVDktqS+FbxfYO2g0gEQ04b5jc0=,tag:fNWrytKXUcuGApOoA9hUsg==,type:str] + lastmodified: "2025-12-10T09:30:19Z" + mac: ENC[AES256_GCM,data:AyVTsx8XHSD5HVShx5C4qivTvWVftrWmcr68BrkWwzaXZ+UCKIdNKITO9ByQwDqP6ZrU+lFoZRUSzJ/xeHdfgbvGuqGnDPqWPVKH030jmu7Y19mpBrsRSwrnEtu8959uhazo8+NMwFo3MoQFEeGWsr7RsV2bKSqVJxDcF0H0nKg=,iv:prrZlz+jaIP4GlBbGygpSlBMof2eMSvcsZQQAcXdhyI=,tag:WR5hJmj2zuiVUwl8Jec0Aw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 01410856f628bd1e5b14b8d3d92a72919e0790db Mon Sep 17 00:00:00 2001 From: chris Date: Wed, 10 Dec 2025 12:55:32 +0000 Subject: [PATCH 12/43] chore(secrets): set secret "sabnzbd/apikey" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index cbb8b16..3f34c21 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -34,6 +34,7 @@ sabnzbd: sunnyweb: password: ENC[AES256_GCM,data:flw8AahqO1Mx,iv:Qhu8iVWMzzqy18y8dj3aHoBnSZatm74/tYvZ456l2sA=,tag:sCYBdw7kD0zJZFFr5EyPIQ==,type:str] username: ENC[AES256_GCM,data:IboJ8WDWuVNgvrk7c3V8I5S6Xg==,iv:BRohMuQFQz2S+HFasIaok6npT3C5v/SlhAhbLQXfB0s=,tag:M3/u0WBQ3AufHqe4DCtsrA==,type:str] + apikey: ENC[AES256_GCM,data:j5sPXKbBhMdNHOuoTfZ+c8nGu5JameOgK2z428iLdP01Hi6MvHVaN8Zs8YxMoSBtOjdtIEC8MS+3m1S1rU/P4pCRfZpK5ua1DBHq4l0xROUqokFWjDcAmJJv3pYXl0cQxQcGKQ==,iv:v5hu3gmO1Zn1FfXkHLPGN9f7JOcQjzoQahdqJwfM+xY=,tag:uI1LFcTgcyRgAaTJ1kzKow==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -54,7 +55,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-10T09:30:19Z" - mac: ENC[AES256_GCM,data:AyVTsx8XHSD5HVShx5C4qivTvWVftrWmcr68BrkWwzaXZ+UCKIdNKITO9ByQwDqP6ZrU+lFoZRUSzJ/xeHdfgbvGuqGnDPqWPVKH030jmu7Y19mpBrsRSwrnEtu8959uhazo8+NMwFo3MoQFEeGWsr7RsV2bKSqVJxDcF0H0nKg=,iv:prrZlz+jaIP4GlBbGygpSlBMof2eMSvcsZQQAcXdhyI=,tag:WR5hJmj2zuiVUwl8Jec0Aw==,type:str] + lastmodified: "2025-12-10T12:55:31Z" + mac: ENC[AES256_GCM,data:qUZOcbHCssZC5Td1g9+TZFMccgHSDivTPF71+uGpyI88AuZAMt07kZuIuWcP4V8m633fl6WtmDAN/UP9IjbgBSUNLHpRcR5cOCAlxtLu0R0HNNIwMdxgseFTqPV/h/dMNSlEbAu06VZlt9S2CSkuTeyrP+GTpcskPJWF/RC50dk=,iv:QdwALTd3/1eKN7V3YtMf3Av0+XP6D59sQzDwqn7maOU=,tag:MX64z96lIn6RZBBsATi1ZQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 7751f756b7b8edf2ff2e60cbc1b4feed3ae59a33 Mon Sep 17 00:00:00 2001 From: chris Date: Wed, 10 Dec 2025 15:41:34 +0000 Subject: [PATCH 13/43] chore: update dependencies --- flake.lock | 80 +++++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index 6f6ed7e..cd4b600 100644 --- a/flake.lock +++ b/flake.lock @@ -84,11 +84,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1765256668, - "narHash": "sha256-kUcoFL7wNAzJhoHACpCrBOKdjwCRKgunrCV2p6LRqeQ=", - "rev": "c57b02cdf2c8fe313072a71c3433e7110640ce97", + "lastModified": 1765346666, + "narHash": "sha256-UR8bVZF12rA7yI3jdqvlTA50NUXf3F8H6GZvLYiDqYM=", + "rev": "7c9a2e4fb9d90f213f3bf3782ee460e669231bca", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/c57b02cdf2c8fe313072a71c3433e7110640ce97.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/7c9a2e4fb9d90f213f3bf3782ee460e669231bca.tar.gz" }, "original": { "type": "tarball", @@ -130,11 +130,11 @@ ] }, "locked": { - "lastModified": 1764627417, - "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=", + "lastModified": 1765326679, + "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", "owner": "nix-community", "repo": "disko", - "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", + "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", "type": "github" }, "original": { @@ -190,11 +190,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1765243386, - "narHash": "sha256-JhKIDDrkGLZHFExPSzLLlmiPp2+/Sr0uzMMevzIJ4kQ=", + "lastModified": 1765370621, + "narHash": "sha256-3gAVH9nYc2E82tIXKFv2lMe4JohglxJtPgs0ZmXkx9c=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "8aa54e856394834c594f423c30ae871041e263c1", + "rev": "ea98c8041dad75efc80ec036643a32b12467c8b7", "type": "github" }, "original": { @@ -594,11 +594,11 @@ ] }, "locked": { - "lastModified": 1765217760, - "narHash": "sha256-BVVyAodLcAD8KOtR3yCStBHSE0WAH/xQWH9f0qsxbmk=", + "lastModified": 1765337252, + "narHash": "sha256-HuWQp8fM25fyWflbuunQkQI62Hg0ecJxWD52FAgmxqY=", "owner": "nix-community", "repo": "home-manager", - "rev": "e5b1f87841810fc24772bf4389f9793702000c9b", + "rev": "13cc1efd78b943b98c08d74c9060a5b59bf86921", "type": "github" }, "original": { @@ -636,11 +636,11 @@ ] }, "locked": { - "lastModified": 1764922999, - "narHash": "sha256-LSvUxKm6S6ZAd/otQSkAHd3+8KJhi8OwGJGSe0K//B8=", + "lastModified": 1765365489, + "narHash": "sha256-L0uvs+o8P5JzEcTPe2WPA48+0ZiO6+8nlfh7XSjQql4=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "9b9ead1b5591b68f4048e7205ba1397bc85ce6c4", + "rev": "ddf5db234397043a8af5c38433b5ae933d660f27", "type": "github" }, "original": { @@ -752,11 +752,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1765245994, - "narHash": "sha256-6mra5F/nfee/MXqSXMSxSpjll6U/jfo8D9X+5H2ldmM=", + "lastModified": 1765332486, + "narHash": "sha256-nVTejyI8w3ePrX4tW3lBLLg3DheqhRuxtiRefT+ynrk=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "b83769c7fd3f3ab87221fdfda23f454ae95efc46", + "rev": "a3bdc14045dc7e5fb7a94ab11064766f472279eb", "type": "github" }, "original": { @@ -852,11 +852,11 @@ ] }, "locked": { - "lastModified": 1765191003, - "narHash": "sha256-d3b3eQsdgXZDW/y4fmDuNiGBjZzwFrLhwD5i3NmM1mM=", + "lastModified": 1765376994, + "narHash": "sha256-dsgdFdj8+qh81XPB/9SlwvuhJMHPjqsf7Zk0AnsdVpY=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "a16b061ec61831755df35fae916d19b0ac5a43cc", + "rev": "30f6a14293df4938c35173a73efdeba450653d0a", "type": "github" }, "original": { @@ -914,11 +914,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1765183668, - "narHash": "sha256-TBA7CE44IHYfvOPBWcyLncpVrrKEiXWPdOrF8CD6W84=", + "lastModified": 1765357816, + "narHash": "sha256-Uh7y3tL9SUzMjM8eO9CMqf30pPpa1i+P3asBijc32lY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fc2de1563f89f0843eba27f14576d261df0e3b80", + "rev": "004943ed3cf9de5805a0da377599d1bfdd47a98a", "type": "github" }, "original": { @@ -946,11 +946,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1765264094, - "narHash": "sha256-BCYwzfbI353cpjFesVAcEelBrkPOhu5cQMBNPADkEj4=", + "lastModified": 1765380834, + "narHash": "sha256-MUMk4DZ0V+gU7yee7DdiPwieRclS2uMNvLQGLWwew4M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e82b0773d332dc78ba550aa46227f21057cbaff8", + "rev": "bf83174d5ab54f384b1ec5068b3280241dbb849f", "type": "github" }, "original": { @@ -994,11 +994,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1764950072, - "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f61125a668a320878494449750330ca58b78c557", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -1183,11 +1183,11 @@ ] }, "locked": { - "lastModified": 1736130495, - "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=", + "lastModified": 1765361626, + "narHash": "sha256-kX0Dp/kYSRbQ+yd9e3lmmUWdNbipufvKfL2IzbrSpnY=", "owner": "snowfallorg", "repo": "lib", - "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac", + "rev": "c566ad8b7352c30ec3763435de7c8f1c46ebb357", "type": "github" }, "original": { @@ -1254,11 +1254,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1765047449, - "narHash": "sha256-VQcqjJ2g0kT9TW4ENwA2HBQJzfbCUd5s1Wm3K+R2QZY=", + "lastModified": 1765377959, + "narHash": "sha256-MsvpqrovI+iveyVam6sIPlSsUVVcmmhTxpD9w3OOsvw=", "owner": "nix-community", "repo": "stylix", - "rev": "bd00e01aab676aee88e6cc5c9238b4a5a7d6639a", + "rev": "54fcd2f342c6417548cc56f53e401224dcade639", "type": "github" }, "original": { @@ -1519,11 +1519,11 @@ ] }, "locked": { - "lastModified": 1765175766, - "narHash": "sha256-M4zs4bVUv0UNuVGspwwlcGs5FpCDt52LQBA5a9nj5Lg=", + "lastModified": 1765344150, + "narHash": "sha256-RoGBKQglbF19aINeV8F7DHCXxF7FrMRLgL2yjl9vOiQ=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "5126a8426773dc213a8c0f0d646aca116194dab6", + "rev": "1adab25828578301037855c59849e9bbecf8948b", "type": "github" }, "original": { From ddf66697cb0fcbfab13536bd295f923d80dabaee Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 11 Dec 2025 08:32:28 +0100 Subject: [PATCH 14/43] chore: clean up code --- .just/machine.just | 2 +- .just/vars.just | 9 +++++---- modules/nixos/services/communication/matrix/default.nix | 2 -- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/.just/machine.just b/.just/machine.just index ca10e1c..207185a 100644 --- a/.just/machine.just +++ b/.just/machine.just @@ -8,4 +8,4 @@ [no-exit-message] @update machine: just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nixos-rebuild switch -L --use-remote-sudo --target-host {{ machine }} --flake ..#{{ machine }} + nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} diff --git a/.just/vars.just b/.just/vars.just index 3b706da..29a3e56 100644 --- a/.just/vars.just +++ b/.just/vars.just @@ -1,4 +1,5 @@ set unstable := true +set quiet := true base_path := invocation_directory() / "systems/x86_64-linux" @@ -8,14 +9,14 @@ base_path := invocation_directory() / "systems/x86_64-linux" sops := "sops" yq := "yq" -@_default: +_default: just --list [doc('list all vars of the target machine')] list machine: sops decrypt {{ base_path }}/{{ machine }}/secrets.yml -@edit machine: +edit machine: sops edit {{ base_path }}/{{ machine }}/secrets.yml @set machine key value: @@ -26,10 +27,10 @@ list machine: echo "Done" -@get machine key: +get machine key: sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')" -@remove machine key: +remove machine key: sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" git add {{ base_path }}/{{ machine }}/secrets.yml diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 6405932..c8a1f41 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -95,7 +95,6 @@ in { settings = { appservice = { provisioning.enabled = false; - # port = 40011; }; homeserver = { @@ -118,7 +117,6 @@ in { settings = { appservice = { provisioning.enabled = false; - # port = 40012; }; homeserver = { From c9be7ebb43d464a891112fb392bf97f931082213 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 11 Dec 2025 08:34:10 +0100 Subject: [PATCH 15/43] feat: add telegram bridge to matrix --- .../services/communication/matrix/default.nix | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index c8a1f41..8bab5d0 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -110,6 +110,37 @@ in { }; }; + mautrix-telegram = { + enable = true; + registerToSynapse = true; + + settings = { + telegram = { + api_id = 32770816; + api_hash = "7b63778a976619c9d4ab62adc51cde79"; + bot_token = "disabled"; + + catch_up = true; + sequential_updates = false; + }; + + appservice = { + provisioning.enabled = false; + }; + + homeserver = { + address = "http://[::1]:${toString port}"; + domain = domain; + }; + + bridge = { + permissions = { + "@chris:${domain}" = "admin"; + }; + }; + }; + }; + mautrix-whatsapp = { enable = true; registerToSynapse = true; From c16cb15c10f4b6b4c2fe0276f7f142e3d8c1faaa Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 07:35:00 +0000 Subject: [PATCH 16/43] chore(secrets): removed secret "kaas" from machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 3f34c21..976326e 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -10,7 +10,6 @@ forgejo: synapse: oidc_id: ENC[AES256_GCM,data:XbCpyGq0LeRJWq8dv/5Dipvp,iv:YDhgl26z1NBbIQLoLdGVz0+ze6o1ZcmgVHPfwoRj57I=,tag:y2vUuqnDmtTvVQmZCAlnLg==,type:str] oidc_secret: ENC[AES256_GCM,data:nVFi5EFbNMZ0mvrDHVYC0NiwJlo2eEw44D+Fcv9SKSb2oO00lGEDkP/oXDj5YgDq6RLQSe3f/SUOn77ntwnZYg==,iv:awe7VNUYOn9ofl1QlQTrEN5d0i5WkVM35qndruL4VXo=,tag:8Yoc9lFF9aWbtAa5fzQGEA==,type:str] -kaas: ENC[AES256_GCM,data:3yI6lH0rw+f2OFJ94Z7zb0pYwy4FDFs9rJi2wpd9VVWghmey5g4O788ypXa34XqKCQDDHDgTxwyDs6KpvCQQaLV1PDhXd4Po0SSlIOkUtCWhOf6Tp3PM2ASoE+AAAzJLJUc6AZdBJRyYU9V+UvO9jW+WmlpZpsg5crnVMzZo7f2AF0ep9A/A5BL1Y2UhYQE4LDVkLC9AL3hl8IhF5xSdZdO0ugrP0x7CKVUxA7fJyOjx7/IKVwvgKD4xlhIgv9lYPTvE2vUs+w==,iv:e6b98ZnBqf7hh3SSKGdTl63OpQm1oK95lHXdwTiLft8=,tag:IS/lDgvJvSd7OmDLP+uG1g==,type:str] radarr: apikey: ENC[AES256_GCM,data:G141GW4PyS5pbAV39HcVscMw3s30txOgTZzWaL7o+ccZfnfDLv796O6xKXdqGZ8saLsveghLw9Z6a5luusHyQ3Q5ESL6W7SVeZVTuSqSC3i/4jl75FJxhnsgVsfrnYxzLGpKiw==,iv:sZl/XLh6y3WgSAn6nH3sFB6atBifZdghm+QsCNDbcjY=,tag:Tw+R80nrF0T0yDti0Uf+ig==,type:str] sonarr: @@ -55,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-10T12:55:31Z" - mac: ENC[AES256_GCM,data:qUZOcbHCssZC5Td1g9+TZFMccgHSDivTPF71+uGpyI88AuZAMt07kZuIuWcP4V8m633fl6WtmDAN/UP9IjbgBSUNLHpRcR5cOCAlxtLu0R0HNNIwMdxgseFTqPV/h/dMNSlEbAu06VZlt9S2CSkuTeyrP+GTpcskPJWF/RC50dk=,iv:QdwALTd3/1eKN7V3YtMf3Av0+XP6D59sQzDwqn7maOU=,tag:MX64z96lIn6RZBBsATi1ZQ==,type:str] + lastmodified: "2025-12-11T07:34:59Z" + mac: ENC[AES256_GCM,data:wEi918sFOHyo1QE50ce9CffDnxlno6UAGOGduM3GCR33LOsK/brPsQaV79k2EbLOdb2/vOy8A3SYAtmVs7s7tVIpukTyUjOLYL17Zu8DVKiQ5GHnJG+A564hj4kN4vS9fUStkpj+HiaBnkXUvIDRUGmXPkWhomwl8FvQca44ipk=,iv:bjAup4SJI62kQnjU0jzZMjwHJFJgkmtpp601rpl7aqM=,tag:aBrxrysJ/xCvEtM7OoJ1NA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 0fa3b79bd9b1b992ff2435530a5298db511e64da Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 11 Dec 2025 16:48:46 +0100 Subject: [PATCH 17/43] feat: jq just became a 1M times cooler! --- .jq/format.jq | 34 ++ .jq/table.jq | 59 +++ .just/users.just | 27 ++ .just/vars.just | 6 - .justfile | 3 + .../services/communication/matrix/default.nix | 3 +- .../nixos/services/media/mydia/default.nix | 11 +- .../nixos/services/media/servarr/default.nix | 39 +- sabnzbd.ini | 395 ++++++++++++++++++ 9 files changed, 568 insertions(+), 9 deletions(-) create mode 100644 .jq/format.jq create mode 100644 .jq/table.jq create mode 100644 .just/users.just create mode 100644 sabnzbd.ini diff --git a/.jq/format.jq b/.jq/format.jq new file mode 100644 index 0000000..5c65495 --- /dev/null +++ b/.jq/format.jq @@ -0,0 +1,34 @@ +def RESET: "0"; +def BOLD: "1"; +def DIM: "2"; +def ITALIC: "3"; +def UNDERLINE: "4"; +def BLINKING: "5"; +def INVERSE: "7"; +def HIDDEN: "8"; +def STRIKETHROUGH: "9"; +def RESET_FONT: "22"; + +def BLACK: 0; +def RED: 1; +def GREEN: 2; +def YELLOW: 3; +def BLUE: 4; +def MAGENTA: 5; +def CYAN: 6; +def WHITE: 7; +def DEFAULT: 9; + +def foreground(color): 30 + color; +def background(color): 40 + color; +def bright(color): 60 + color; + +def escape(options): + (if ((options|type) == "array") then options else [options] end) as $o + | "\u001b[\($o | map(tostring) | join(";"))m"; + +def style(options): escape(options) + . + escape([RESET]); + +def to_title: + (.|ascii_upcase) as $str + | escape([BOLD, foreground(BLACK), background(WHITE)]) + " " + $str + " " + escape([RESET]); diff --git a/.jq/table.jq b/.jq/table.jq new file mode 100644 index 0000000..83b98f2 --- /dev/null +++ b/.jq/table.jq @@ -0,0 +1,59 @@ +import "format" as _ {search:"./"}; + +def n_max(limit): + if . > limit then limit else . end; + +def n_min(limit): + if . < limit then limit else . end; + +def pad_right(width): + (. | tostring) as $s + | ($s | length) as $l + | ((width - $l) | n_min(0)) as $w + | ($s + (" " * $w)); + +def to_cells(sizes; fn): + to_entries + | map( + (sizes[.key]) as $size + | (" " + .value) + | pad_right($size + 2) + | fn // . + ); + +def to_cells(sizes): to_cells(sizes; null); + +def to_line(left; joiner; right): + [left, .[1], (.[1:] | map([joiner, .]) ), right] | flatten | join(""); + +def to_table(data; header_callback; cell_callback): + (data[0] | to_entries | map(.key)) as $keys + | ([$keys]) as $header + | (data | map(to_entries | map(.value))) as $rows + | ($header + $rows) as $cells + | ( + $keys # Use keys so that we have an array of the correct size + | to_entries + | map( + (.key) as $i + | $cells + | map(.[$i] | length) + | max + ) + ) as $column_sizes + | ( + [ + ($column_sizes | map("═" * (. + 2)) | to_line("╔"; "╤"; "╗")), + ($keys | to_cells($column_sizes; header_callback) | to_line("║"; "│"; "║")), + ($rows | map([ + ($column_sizes | map("─" * (. + 2)) | to_line("╟"; "┼"; "╢")), + (. | to_cells($column_sizes; cell_callback) | to_line("║"; "│"; "║")) + ])), + ($column_sizes | map("═" * (. + 2)) | to_line("╚"; "╧"; "╝")) + ] + | flatten + | join("\n") + ); + +def to_table(data; header_callback): to_table(data; header_callback; null); +def to_table(data): to_table(data; _::style(_::BOLD); null); diff --git a/.just/users.just b/.just/users.just new file mode 100644 index 0000000..cecd74b --- /dev/null +++ b/.just/users.just @@ -0,0 +1,27 @@ +set unstable := true +set quiet := true + +_default: + just --list + +[script] +list: + cd .. && just vars get ulmo zitadel/users \ + | jq fromjson \ + | jq -r -C ' + include ".jq/table"; + include ".jq/format"; + + to_entries + | sort_by(.key) + | map( + (.key|to_title) + ":\n" + + to_table( + .value + | to_entries + | sort_by(.key) + | map({username:.key} + .value) + ) + ) + | join("\n\n┄┄┄\n\n") + ' diff --git a/.just/vars.just b/.just/vars.just index 29a3e56..230f00c 100644 --- a/.just/vars.just +++ b/.just/vars.just @@ -3,12 +3,6 @@ set quiet := true base_path := invocation_directory() / "systems/x86_64-linux" -# sops := "nix shell nixpkgs#sops --command sops" -# yq := "nix shell nixpkgs#yq --command yq" - -sops := "sops" -yq := "yq" - _default: just --list diff --git a/.justfile b/.justfile index 75537e1..cee0db9 100644 --- a/.justfile +++ b/.justfile @@ -4,6 +4,9 @@ [doc('Manage vars')] mod vars '.just/vars.just' +[doc('Manage users')] +mod users '.just/users.just' + [doc('Manage machines')] mod machine '.just/machine.just' diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 8bab5d0..33af8e4 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -121,10 +121,11 @@ in { bot_token = "disabled"; catch_up = true; - sequential_updates = false; + sequential_updates = true; }; appservice = { + port = 40011; provisioning.enabled = false; }; diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix index 2bee38a..7e082a3 100644 --- a/modules/nixos/services/media/mydia/default.nix +++ b/modules/nixos/services/media/mydia/default.nix @@ -36,7 +36,7 @@ in { # uri = "file:///var/lib/mydia/mydia.db"; type = "postgres"; uri = "postgres://mydia@localhost:5432/mydia?sslmode=disable"; - passwordFile = config.sops.secrets."mydia/qbittorrent_password".path; + passwordFile = config.sops.templates."mydia/database_password".path; }; secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path; @@ -82,5 +82,14 @@ in { key = "qbittorrent/password"; }; }; + + sops.templates."mydia/database_password" = { + owner = config.services.mydia.user; + group = config.services.mydia.group; + restartUnits = ["mydia.service"]; + content = '' + DATABASE_PASSWORD="" + ''; + }; }; } diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index c09e66f..bb90352 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -96,7 +96,8 @@ in { sabnzbd = { enable = true; openFirewall = true; - configFile = config.sops.templates."sabnzbd/config.ini".path; + configFile = "/var/media/sabnzbd/config.ini"; + # configFile = config.sops.templates."sabnzbd/config.ini".path; user = "sabnzbd"; group = "media"; @@ -301,12 +302,48 @@ in { })) |> lib.concat [ { + secrets = { + "sabnzbd/apikey" = {}; + "sabnzbd/sunnyweb/username" = {}; + "sabnzbd/sunnyweb/password" = {}; + }; + templates = { "sabnzbd/config.ini" = { owner = "sabnzbd"; group = "media"; + mode = "0660"; content = '' + __version__ = 19 + __encoding__ = utf-8 + [misc] + download_dir = /var/media/downloads/incomplete + complete_dir = /var/media/downloads/done + api_key = ${config.sops.placeholder."sabnzbd/apikey"} + log_dir = logs + [servers] + [[news.sunnyusenet.com]] + name = news.sunnyusenet.com + displayname = news.sunnyusenet.com + host = news.sunnyusenet.com + port = 563 + timeout = 60 + username = ${config.sops.placeholder."sabnzbd/sunnyweb/username"} + password = ${config.sops.placeholder."sabnzbd/sunnyweb/password"} + connections = 8 + ssl = 1 + ssl_verify = 3 + ssl_ciphers = "" + enable = 1 + required = 0 + optional = 0 + retention = 0 + expire_date = "" + quota = "" + usage_at_start = 0 + priority = 1 + notes = "" ''; }; }; diff --git a/sabnzbd.ini b/sabnzbd.ini new file mode 100644 index 0000000..fd60f57 --- /dev/null +++ b/sabnzbd.ini @@ -0,0 +1,395 @@ +__version__ = 19 +__encoding__ = utf-8 +[misc] +helpful_warnings = 1 +queue_complete = hibernate_pc +queue_complete_pers = 0 +bandwidth_perc = 100 +refresh_rate = 1 +interface_settings = '{"dateFormat":"YYYY-MM-DD HH:mm","extraQueueColumns":[],"extraHistoryColumns":[],"displayCompact":false,"displayFullWidth":false,"confirmDeleteQueue":true,"confirmDeleteHistory":true,"keyboardShortcuts":true}' +queue_limit = 20 +config_lock = 0 +fixed_ports = 1 +notified_new_skin = 2 +direct_unpack_tested = 1 +sorters_converted = 1 +check_new_rel = 1 +auto_browser = 0 +language = en +enable_https_verification = 0 +host = 0.0.0.0 +port = 8080 +https_port = "" +username = "" +password = "" +bandwidth_max = "" +cache_limit = 1G +web_dir = Glitter +web_color = Auto +https_cert = server.cert +https_key = server.key +https_chain = "" +enable_https = 0 +inet_exposure = 0 +api_key = 0052eba0db9d4b4f93a8a96f0cb85198 +nzb_key = 171ebeb3e0044c379dc7719bef6b3144 +socks5_proxy_url = "" +permissions = "" +download_dir = /var/media/downloads/incomplete +download_free = "" +complete_dir = /var/media/downloads/done +complete_free = "" +fulldisk_autoresume = 0 +script_dir = "" +nzb_backup_dir = "" +admin_dir = admin +backup_dir = "" +dirscan_dir = "" +dirscan_speed = 5 +password_file = "" +log_dir = logs +max_art_tries = 3 +top_only = 0 +sfv_check = 1 +script_can_fail = 0 +enable_recursive = 1 +flat_unpack = 0 +par_option = "" +pre_check = 0 +nice = "" +win_process_prio = 3 +ionice = "" +fail_hopeless_jobs = 1 +fast_fail = 1 +auto_disconnect = 1 +pre_script = None +end_queue_script = None +no_dupes = 0 +no_series_dupes = 0 +no_smart_dupes = 0 +dupes_propercheck = 1 +pause_on_pwrar = 1 +ignore_samples = 0 +deobfuscate_final_filenames = 1 +auto_sort = "" +direct_unpack = 0 +propagation_delay = 0 +folder_rename = 1 +replace_spaces = 0 +replace_underscores = 0 +replace_dots = 0 +safe_postproc = 1 +pause_on_post_processing = 0 +enable_all_par = 0 +sanitize_safe = 0 +cleanup_list = , +unwanted_extensions = , +action_on_unwanted_extensions = 0 +unwanted_extensions_mode = 0 +new_nzb_on_failure = 0 +history_retention = "" +history_retention_option = all +history_retention_number = 1 +quota_size = "" +quota_day = "" +quota_resume = 0 +quota_period = m +enable_tv_sorting = 0 +tv_sort_string = "" +tv_categories = tv, +enable_movie_sorting = 0 +movie_sort_string = "" +movie_sort_extra = -cd%1 +movie_categories = movies, +enable_date_sorting = 0 +date_sort_string = "" +date_categories = tv, +schedlines = , +rss_rate = 60 +ampm = 0 +start_paused = 0 +preserve_paused_state = 0 +enable_par_cleanup = 1 +process_unpacked_par2 = 1 +enable_multipar = 1 +enable_unrar = 1 +enable_7zip = 1 +enable_filejoin = 1 +enable_tsjoin = 1 +overwrite_files = 0 +ignore_unrar_dates = 0 +backup_for_duplicates = 0 +empty_postproc = 0 +wait_for_dfolder = 0 +rss_filenames = 0 +api_logging = 1 +html_login = 1 +warn_dupl_jobs = 0 +keep_awake = 1 +tray_icon = 1 +allow_incomplete_nzb = 0 +enable_broadcast = 1 +ipv6_hosting = 0 +ipv6_staging = 0 +api_warnings = 1 +no_penalties = 0 +x_frame_options = 1 +allow_old_ssl_tls = 0 +enable_season_sorting = 1 +verify_xff_header = 0 +rss_odd_titles = nzbindex.nl/, nzbindex.com/, nzbclub.com/ +quick_check_ext_ignore = nfo, sfv, srr +req_completion_rate = 100.2 +selftest_host = self-test.sabnzbd.org +movie_rename_limit = 100M +episode_rename_limit = 20M +size_limit = 0 +direct_unpack_threads = 3 +history_limit = 5 +wait_ext_drive = 5 +max_foldername_length = 246 +nomedia_marker = "" +ipv6_servers = 1 +url_base = /sabnzbd +host_whitelist = usenet.kruining.eu, ulmo +local_ranges = , +max_url_retries = 10 +downloader_sleep_time = 10 +receive_threads = 2 +switchinterval = 0.005 +ssdp_broadcast_interval = 15 +ext_rename_ignore = , +email_server = "" +email_to = , +email_from = "" +email_account = "" +email_pwd = "" +email_endjob = 0 +email_full = 0 +email_dir = "" +email_rss = 0 +email_cats = *, +config_conversion_version = 4 +disable_par2cmdline = 0 +disable_archive = 0 +unrar_parameters = "" +outgoing_nntp_ip = "" +[logging] +log_level = 1 +max_log_size = 5242880 +log_backups = 5 +[ncenter] +ncenter_enable = 0 +ncenter_cats = *, +ncenter_prio_startup = 0 +ncenter_prio_download = 0 +ncenter_prio_pause_resume = 0 +ncenter_prio_pp = 0 +ncenter_prio_complete = 1 +ncenter_prio_failed = 1 +ncenter_prio_disk_full = 1 +ncenter_prio_new_login = 0 +ncenter_prio_warning = 0 +ncenter_prio_error = 0 +ncenter_prio_queue_done = 0 +ncenter_prio_other = 1 +ncenter_prio_quota = 1 +[acenter] +acenter_enable = 0 +acenter_cats = *, +acenter_prio_startup = 0 +acenter_prio_download = 0 +acenter_prio_pause_resume = 0 +acenter_prio_pp = 0 +acenter_prio_complete = 1 +acenter_prio_failed = 1 +acenter_prio_disk_full = 1 +acenter_prio_new_login = 0 +acenter_prio_warning = 0 +acenter_prio_error = 0 +acenter_prio_queue_done = 0 +acenter_prio_other = 1 +acenter_prio_quota = 1 +[ntfosd] +ntfosd_enable = 1 +ntfosd_cats = *, +ntfosd_prio_startup = 0 +ntfosd_prio_download = 0 +ntfosd_prio_pause_resume = 0 +ntfosd_prio_pp = 0 +ntfosd_prio_complete = 1 +ntfosd_prio_failed = 1 +ntfosd_prio_disk_full = 1 +ntfosd_prio_new_login = 0 +ntfosd_prio_warning = 0 +ntfosd_prio_error = 0 +ntfosd_prio_queue_done = 0 +ntfosd_prio_other = 1 +ntfosd_prio_quota = 1 +[prowl] +prowl_enable = 0 +prowl_cats = *, +prowl_apikey = "" +prowl_prio_startup = -3 +prowl_prio_download = -3 +prowl_prio_pause_resume = -3 +prowl_prio_pp = -3 +prowl_prio_complete = 0 +prowl_prio_failed = 1 +prowl_prio_disk_full = 1 +prowl_prio_new_login = -3 +prowl_prio_warning = -3 +prowl_prio_error = -3 +prowl_prio_queue_done = -3 +prowl_prio_other = 0 +prowl_prio_quota = 0 +[pushover] +pushover_token = "" +pushover_userkey = "" +pushover_device = "" +pushover_emergency_expire = 3600 +pushover_emergency_retry = 60 +pushover_enable = 0 +pushover_cats = *, +pushover_prio_startup = -3 +pushover_prio_download = -2 +pushover_prio_pause_resume = -2 +pushover_prio_pp = -3 +pushover_prio_complete = -1 +pushover_prio_failed = -1 +pushover_prio_disk_full = 1 +pushover_prio_new_login = -3 +pushover_prio_warning = 1 +pushover_prio_error = 1 +pushover_prio_queue_done = -3 +pushover_prio_other = -1 +pushover_prio_quota = -1 +[pushbullet] +pushbullet_enable = 0 +pushbullet_cats = *, +pushbullet_apikey = "" +pushbullet_device = "" +pushbullet_prio_startup = 0 +pushbullet_prio_download = 0 +pushbullet_prio_pause_resume = 0 +pushbullet_prio_pp = 0 +pushbullet_prio_complete = 1 +pushbullet_prio_failed = 1 +pushbullet_prio_disk_full = 1 +pushbullet_prio_new_login = 0 +pushbullet_prio_warning = 0 +pushbullet_prio_error = 0 +pushbullet_prio_queue_done = 0 +pushbullet_prio_other = 1 +pushbullet_prio_quota = 1 +[apprise] +apprise_enable = 0 +apprise_cats = *, +apprise_urls = "" +apprise_target_startup = "" +apprise_target_startup_enable = 0 +apprise_target_download = "" +apprise_target_download_enable = 0 +apprise_target_pause_resume = "" +apprise_target_pause_resume_enable = 0 +apprise_target_pp = "" +apprise_target_pp_enable = 0 +apprise_target_complete = "" +apprise_target_complete_enable = 1 +apprise_target_failed = "" +apprise_target_failed_enable = 1 +apprise_target_disk_full = "" +apprise_target_disk_full_enable = 0 +apprise_target_new_login = "" +apprise_target_new_login_enable = 1 +apprise_target_warning = "" +apprise_target_warning_enable = 0 +apprise_target_error = "" +apprise_target_error_enable = 0 +apprise_target_queue_done = "" +apprise_target_queue_done_enable = 0 +apprise_target_other = "" +apprise_target_other_enable = 1 +apprise_target_quota = "" +apprise_target_quota_enable = 1 +[nscript] +nscript_enable = 0 +nscript_cats = *, +nscript_script = "" +nscript_parameters = "" +nscript_prio_startup = 0 +nscript_prio_download = 0 +nscript_prio_pause_resume = 0 +nscript_prio_pp = 0 +nscript_prio_complete = 1 +nscript_prio_failed = 1 +nscript_prio_disk_full = 1 +nscript_prio_new_login = 0 +nscript_prio_warning = 0 +nscript_prio_error = 0 +nscript_prio_queue_done = 0 +nscript_prio_other = 1 +nscript_prio_quota = 1 +[categories] +[[*]] +name = * +order = 0 +pp = 3 +script = None +dir = "" +newzbin = "" +priority = 0 +[[movies]] +name = movies +order = 1 +pp = "" +script = Default +dir = "" +newzbin = "" +priority = -100 +[[tv]] +name = tv +order = 2 +pp = "" +script = Default +dir = "" +newzbin = "" +priority = -100 +[[audio]] +name = audio +order = 3 +pp = "" +script = Default +dir = "" +newzbin = "" +priority = -100 +[[software]] +name = software +order = 4 +pp = "" +script = Default +dir = "" +newzbin = "" +priority = -100 +[servers] +[[news.sunnyusenet.com]] +name = news.sunnyusenet.com +displayname = news.sunnyusenet.com +host = news.sunnyusenet.com +port = 563 +timeout = 60 +username = michiel@hazelhof.nl +password = dasusenet +connections = 8 +ssl = 1 +ssl_verify = 3 +ssl_ciphers = "" +enable = 1 +required = 0 +optional = 0 +retention = 0 +expire_date = "" +quota = "" +usage_at_start = 0 +priority = 1 +notes = "" From 4f5b2372d5237ba7ee538f33aed43a81c67a4b64 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 21:13:42 +0000 Subject: [PATCH 18/43] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 976326e..255ae2e 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -4,7 +4,7 @@ email: zitadel: masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str] nix: {} - users: ENC[AES256_GCM,data:xkjm0+PBt6gmZyfi3n3OIEe5b+d4OtN0Y3UfmdcbcJHbJZuiz+60oUjlAN0vjtsi0muufoAqtGJTIpm9nDZzzN7b7LK43TAhcuSlIm5LpbZFp1U3H4laRbTwauAT6wA0aDCfAkwTozxAuEUk1jAu+65ktJNJb7b0PR7s/I/wf7IgW2+K4Jv3LIOZIipUwfuvXuTzsxCElYRvGZXmIuXrYq1EaymksHHggemrKeMWLAae7mzz5v3aBbwxiVjQNkQkS4ApsO/5nZUat0oqXA==,iv:fptZn4NmX3iYKSEPLJAOFpt+KQ6TR1w9KaY9IF4p/Wk=,tag:UKvMOSIT5/mhfZA3usbLhQ==,type:str] + users: ENC[AES256_GCM,data:J8BydII0eLW7gPo2orNS8VQ/YuxqGKtyXiW5CWtoJJY5EN6CtcmSTPCJB5eftBNxnTZy3RNmYp8OYdD8TE5G1BhmizUsEQv7lrbO5R7p4FuMxeix0bi3hRcBtpv6gOLPjC/V3xs4gIX6hCm+2zOW9k/9e0K30TDTN2PEfwmAV8bOSu5oV6jxvMogu2MJ4sXR+RTmrURVg6hu0IC2m7j9RUExG0HDoZlEWKKDWm2KLncd135s5bEh9qXLCGTTZHPsK+9tp38jXxSEs/eHEmCKAHMrE5ZYUkPQLxsAnbfe34kMYAiM/97fPWwDuQpK7wG2eG+y1HbxbzJCVp1KYftcDXpnMSVYmBc=,iv:+bSmAeoKuxaDrx/2H4/uuwNx+M5swzqRnL7AyYuR49k=,tag:KM7OI6oHME2YosGixHvCQw==,type:str] forgejo: action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str] synapse: @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T07:34:59Z" - mac: ENC[AES256_GCM,data:wEi918sFOHyo1QE50ce9CffDnxlno6UAGOGduM3GCR33LOsK/brPsQaV79k2EbLOdb2/vOy8A3SYAtmVs7s7tVIpukTyUjOLYL17Zu8DVKiQ5GHnJG+A564hj4kN4vS9fUStkpj+HiaBnkXUvIDRUGmXPkWhomwl8FvQca44ipk=,iv:bjAup4SJI62kQnjU0jzZMjwHJFJgkmtpp601rpl7aqM=,tag:aBrxrysJ/xCvEtM7OoJ1NA==,type:str] + lastmodified: "2025-12-11T21:13:41Z" + mac: ENC[AES256_GCM,data:TK1gJF2n9C9ja/ubPlDy8DCAqG12KqvyxTD6eVJ69fdApYC6B1nLW0FHV7VEqHQOlAhN66RfVhARIl61YCG2UC66IijO2s37tDKpyQOpZUGNf3s4kipwq9SD2zBMletF2SkggqURiBReeVdVxBgPEnPi3uKBLSJ1UVZSlnc43bY=,iv:WU2eTHYPYnREcOcqClqqj1oOrBE2ijNtNwshz7hpdQ8=,tag:Gt6cdlQEhYm8kg/hdhxYTg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 6641632319a7e15ceaf84c8136876de0c7d52c84 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 21:14:40 +0000 Subject: [PATCH 19/43] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 255ae2e..39a5b5a 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T21:13:41Z" - mac: ENC[AES256_GCM,data:TK1gJF2n9C9ja/ubPlDy8DCAqG12KqvyxTD6eVJ69fdApYC6B1nLW0FHV7VEqHQOlAhN66RfVhARIl61YCG2UC66IijO2s37tDKpyQOpZUGNf3s4kipwq9SD2zBMletF2SkggqURiBReeVdVxBgPEnPi3uKBLSJ1UVZSlnc43bY=,iv:WU2eTHYPYnREcOcqClqqj1oOrBE2ijNtNwshz7hpdQ8=,tag:Gt6cdlQEhYm8kg/hdhxYTg==,type:str] + lastmodified: "2025-12-11T21:14:39Z" + mac: ENC[AES256_GCM,data:IdJz6m8YtzyB5PptPBceFuTQH2KLoS1RQSKiXuAQyjSqibOljtAgisixOxbPzjgKij8OkRWxQuNdlLcSFt7RAf13HPlGh1U2tl+zzsgYyKGkOiQql8kmfWzI0RaPsVHOPeM0CJHcPMJs/K+T1QN5H/OlIuMim5/shLkLImTwb54=,iv:Zxz6vs8gJJA1eGgv9wusDz/45R5r0/Da6Eg3lbzqF80=,tag:5ivhveUm4cPMUHT91uthjQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 769bb3d3d0442baeccd0145561d54171542060a5 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 21:26:03 +0000 Subject: [PATCH 20/43] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 39a5b5a..741511c 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T21:14:39Z" - mac: ENC[AES256_GCM,data:IdJz6m8YtzyB5PptPBceFuTQH2KLoS1RQSKiXuAQyjSqibOljtAgisixOxbPzjgKij8OkRWxQuNdlLcSFt7RAf13HPlGh1U2tl+zzsgYyKGkOiQql8kmfWzI0RaPsVHOPeM0CJHcPMJs/K+T1QN5H/OlIuMim5/shLkLImTwb54=,iv:Zxz6vs8gJJA1eGgv9wusDz/45R5r0/Da6Eg3lbzqF80=,tag:5ivhveUm4cPMUHT91uthjQ==,type:str] + lastmodified: "2025-12-11T21:26:03Z" + mac: ENC[AES256_GCM,data:9HIMBsePObNInn83qMDRX39mZ9qrjYCBDWVXcHB2Ws9I3ag5qp1wM/DmtXTI2tuMqS6op3xw0FgwzK2rkO+UHiWOKWBhiI5PQlw15J0WaWS4mDDqc/L8nGwMrdFF1SVJlkM5gk1IriOXgOcsH3nIrdTgL5+6u5W46VMA1DJ23Xw=,iv:0HbK6wIm/CewWX8ppojMRaZMVRcBGOPMWorLFJUBWQk=,tag:sNBm3YeYEQuFuuFxFzR32g==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 5819545a8b02c9c41b3f728865070997b7ba5716 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 21:32:24 +0000 Subject: [PATCH 21/43] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 741511c..c36cd43 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T21:26:03Z" - mac: ENC[AES256_GCM,data:9HIMBsePObNInn83qMDRX39mZ9qrjYCBDWVXcHB2Ws9I3ag5qp1wM/DmtXTI2tuMqS6op3xw0FgwzK2rkO+UHiWOKWBhiI5PQlw15J0WaWS4mDDqc/L8nGwMrdFF1SVJlkM5gk1IriOXgOcsH3nIrdTgL5+6u5W46VMA1DJ23Xw=,iv:0HbK6wIm/CewWX8ppojMRaZMVRcBGOPMWorLFJUBWQk=,tag:sNBm3YeYEQuFuuFxFzR32g==,type:str] + lastmodified: "2025-12-11T21:32:23Z" + mac: ENC[AES256_GCM,data:Y4K10+NXrZOPVRz1+IPcCF9yqJ0bqoGG5TwHeqZ/MpjSwwOXnPLJojF9L+3BnN2EWvIf+Zex8UsLqQVPPkUef2eI/FcNfcjuOe1OVsNOr6Z05Wkouo5j5qwEpKIMEMNzrI1iG6460UpJ6sZBvGTaSd5ShDMt21fqHy2NhUfWDtA=,iv:2z3kA3pRz51wl5ZRp1BORwfERXGaOizroWHXMdztTbI=,tag:4rAYtmk3u9MXmAEn2QnBrw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 1610ab1ca00f2e52ec05a6afd6bd5744ecd59073 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 21:43:37 +0000 Subject: [PATCH 22/43] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index c36cd43..b7c0cc0 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -4,7 +4,7 @@ email: zitadel: masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str] nix: {} - users: ENC[AES256_GCM,data:J8BydII0eLW7gPo2orNS8VQ/YuxqGKtyXiW5CWtoJJY5EN6CtcmSTPCJB5eftBNxnTZy3RNmYp8OYdD8TE5G1BhmizUsEQv7lrbO5R7p4FuMxeix0bi3hRcBtpv6gOLPjC/V3xs4gIX6hCm+2zOW9k/9e0K30TDTN2PEfwmAV8bOSu5oV6jxvMogu2MJ4sXR+RTmrURVg6hu0IC2m7j9RUExG0HDoZlEWKKDWm2KLncd135s5bEh9qXLCGTTZHPsK+9tp38jXxSEs/eHEmCKAHMrE5ZYUkPQLxsAnbfe34kMYAiM/97fPWwDuQpK7wG2eG+y1HbxbzJCVp1KYftcDXpnMSVYmBc=,iv:+bSmAeoKuxaDrx/2H4/uuwNx+M5swzqRnL7AyYuR49k=,tag:KM7OI6oHME2YosGixHvCQw==,type:str] + users: ENC[AES256_GCM,data:PU1JLhErx3dGQHC8nwph+Kz86T5IlU/pN7aScECKSxt6QJoHtpdTdJzEUlfpHN9cshZXBvZLvK8E+bFunS4UEMqhd557dpr7yj0VKIfrMOV+NmWZ4Jp2KX6R+HSV+LC6Tym5TcRJ6MCyYHB9tnxlukI556bFWpGrjYaxwlvn/4lCAlvCW/4HYjnDsj9ILQ1OLy0w4jMFz0hPUjRoQ/w6c8rKGDIa4HTwxNDr+J6LhkoaewdTT1Z8+g/vTN7JaPJ5dknLliJLtsA0q/czSUw7bCqGRpDSZ2tcAgFaFpyTArAZJHeMqjqvKrqP1mzoVrandVYbERXaQqKy0FAtzMl22ddSNT6V8gEVrgHuf99LlPOIM5hEB5Vs3HDvSVsdCp0pAyee42jHPiaUfN9kyI5r1tZjWAg=,iv:bo4jp4nCDBaZWr7RdKAczbrnkv1+itpXlobVwHqJi2s=,tag:edLXxKbRSr9KU3CixFYECg==,type:str] forgejo: action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str] synapse: @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T21:32:23Z" - mac: ENC[AES256_GCM,data:Y4K10+NXrZOPVRz1+IPcCF9yqJ0bqoGG5TwHeqZ/MpjSwwOXnPLJojF9L+3BnN2EWvIf+Zex8UsLqQVPPkUef2eI/FcNfcjuOe1OVsNOr6Z05Wkouo5j5qwEpKIMEMNzrI1iG6460UpJ6sZBvGTaSd5ShDMt21fqHy2NhUfWDtA=,iv:2z3kA3pRz51wl5ZRp1BORwfERXGaOizroWHXMdztTbI=,tag:4rAYtmk3u9MXmAEn2QnBrw==,type:str] + lastmodified: "2025-12-11T21:43:36Z" + mac: ENC[AES256_GCM,data:DfOJESY42ZRDcrWYWKESRjYx9v3A+tX97dyfVxd+nJUbg3fxirc2ixLNedFG4qiw/O3C2HxikaOOmIntDSTB6iziXfrcgjsRB5fLJ7pyZG0sHl27n/FiNs/MUMd0eJmsiWzujxmYFauozMCuIYX+IjmzSs1k61Bk9OXEjuA+sVM=,iv:fX0fyMQsk6AMiYj6QpaBlxMtVpwnwac2omOMCp3nV1A=,tag:Zq5ggo/t83Ivw3i4ehGZgA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 9247e5c24837cac3ac73a2ed5316bd7d767bf45a Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 21:50:32 +0000 Subject: [PATCH 23/43] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index b7c0cc0..b7f7e4e 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T21:43:36Z" - mac: ENC[AES256_GCM,data:DfOJESY42ZRDcrWYWKESRjYx9v3A+tX97dyfVxd+nJUbg3fxirc2ixLNedFG4qiw/O3C2HxikaOOmIntDSTB6iziXfrcgjsRB5fLJ7pyZG0sHl27n/FiNs/MUMd0eJmsiWzujxmYFauozMCuIYX+IjmzSs1k61Bk9OXEjuA+sVM=,iv:fX0fyMQsk6AMiYj6QpaBlxMtVpwnwac2omOMCp3nV1A=,tag:Zq5ggo/t83Ivw3i4ehGZgA==,type:str] + lastmodified: "2025-12-11T21:50:31Z" + mac: ENC[AES256_GCM,data:abjGTh1BS2n4DYtH8WvSUIsYtVkOVjcJKzIRYhxRi7WzP5LPJroYXL+jgdbr8Ryt+8s2AIZshRnbxitwzfKf3mx6qVQ5pK8+e7C/+sCMHnbQDXf3Z6OKSElqJMT4T5dZBbUj+64lbKM0dbnQLTMHNwjqDmtA9Xn7dCgjLjS+yZ8=,iv:AKyUqCOkoapTpFEK7FZpoDGuIRIqb9SHo2BH2vDy9Ms=,tag:GLQenq7VeIVC9Ir5fwW9Lg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 2e9c79b6f069465585cdb8fbec32cb299f08989e Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 21:51:00 +0000 Subject: [PATCH 24/43] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index b7f7e4e..e644d84 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T21:50:31Z" - mac: ENC[AES256_GCM,data:abjGTh1BS2n4DYtH8WvSUIsYtVkOVjcJKzIRYhxRi7WzP5LPJroYXL+jgdbr8Ryt+8s2AIZshRnbxitwzfKf3mx6qVQ5pK8+e7C/+sCMHnbQDXf3Z6OKSElqJMT4T5dZBbUj+64lbKM0dbnQLTMHNwjqDmtA9Xn7dCgjLjS+yZ8=,iv:AKyUqCOkoapTpFEK7FZpoDGuIRIqb9SHo2BH2vDy9Ms=,tag:GLQenq7VeIVC9Ir5fwW9Lg==,type:str] + lastmodified: "2025-12-11T21:50:59Z" + mac: ENC[AES256_GCM,data:O3I8dUG3JgfhDRC8V4gYjyACfXL/u8kuV0G31yz0qu2J3wkSI0tq3MR4+oZXFxDt8YkMevCUuQFZF4faYyTeFcdwRKlev0WexH1dWT22DUm+tkmcg2R1tv7TI/US6GTlXu/g9WGrLkHZjh1YQZ9AUNxtwL6O/CaKOuiR2nmmtYE=,iv:ojDH8+YWJQK3Rp6dHwj1T+/SVltnFDKKsOmYyeQpoMc=,tag:ieca6xM/sw7pjpu8czdv0A==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 174b85a3e2c0582e3f4d32da50fb422f0a2a9920 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 22:11:51 +0000 Subject: [PATCH 25/43] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index e644d84..8a8b744 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -4,7 +4,7 @@ email: zitadel: masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str] nix: {} - users: ENC[AES256_GCM,data:PU1JLhErx3dGQHC8nwph+Kz86T5IlU/pN7aScECKSxt6QJoHtpdTdJzEUlfpHN9cshZXBvZLvK8E+bFunS4UEMqhd557dpr7yj0VKIfrMOV+NmWZ4Jp2KX6R+HSV+LC6Tym5TcRJ6MCyYHB9tnxlukI556bFWpGrjYaxwlvn/4lCAlvCW/4HYjnDsj9ILQ1OLy0w4jMFz0hPUjRoQ/w6c8rKGDIa4HTwxNDr+J6LhkoaewdTT1Z8+g/vTN7JaPJ5dknLliJLtsA0q/czSUw7bCqGRpDSZ2tcAgFaFpyTArAZJHeMqjqvKrqP1mzoVrandVYbERXaQqKy0FAtzMl22ddSNT6V8gEVrgHuf99LlPOIM5hEB5Vs3HDvSVsdCp0pAyee42jHPiaUfN9kyI5r1tZjWAg=,iv:bo4jp4nCDBaZWr7RdKAczbrnkv1+itpXlobVwHqJi2s=,tag:edLXxKbRSr9KU3CixFYECg==,type:str] + users: ENC[AES256_GCM,data:quxYk+XT5VZy+holUr3g5ycI34Z4BfSp2eKK4CZYBvl5ZES96Jf/oXCAWXhlEpXiKwsvKkAZNBdwLaqWrzRJJBzEi2UwZJfX1I0vDtWMz4VN5mKtzr+Vavty4visrleS46w2O/xg1PzOt/gv2CilyQmcBlpMbhLYVj4A9rbpiaIqXaYB/JMpa0sUyjjs/lxFDugv3pVEvmr7b0Gjqb1+A3TldEDxBT+P10jeomDoVJbMFyF09dpSQZrTlhyDHE742armspwvQyiKjmxmpkK1+L9iRgcBFiKCbkx4aZq5uvh3lNlVbsFqWhBbBRIOMjdgOm9OmQ7FGqqMSihsW6APMi9KTgpWUpk=,iv:mxtamxo8DWaxafC9AsgHKxcqNp5mLOEiPetoHZeA95c=,tag:ITNi8tMqkDxaONEKOYU/UQ==,type:str] forgejo: action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str] synapse: @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T21:50:59Z" - mac: ENC[AES256_GCM,data:O3I8dUG3JgfhDRC8V4gYjyACfXL/u8kuV0G31yz0qu2J3wkSI0tq3MR4+oZXFxDt8YkMevCUuQFZF4faYyTeFcdwRKlev0WexH1dWT22DUm+tkmcg2R1tv7TI/US6GTlXu/g9WGrLkHZjh1YQZ9AUNxtwL6O/CaKOuiR2nmmtYE=,iv:ojDH8+YWJQK3Rp6dHwj1T+/SVltnFDKKsOmYyeQpoMc=,tag:ieca6xM/sw7pjpu8czdv0A==,type:str] + lastmodified: "2025-12-11T22:11:51Z" + mac: ENC[AES256_GCM,data:7/xlEEZZLlElw3YufxHxRW47d5+w3q+mb+3qJrkTe38SSJDZ/MRyH3mR+T+Vm4jM4Iieh4wR2qz14EjIG6um4GSST84pvl2dj1dz8qd3/mrlWCQUxv/EUW5pSpDtd/HIPbfyMdmZApfspJ9CT40gOY2+91/KRzcHoGebe1ZMvV0=,iv:agzozhVd36roI81y8HYP26dt2DBxw77fJ7VafKyCw7Y=,tag:f6AZ0KaBO81rfDgG2R0Y/Q==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 20423eb0cd237c82839f1c3b9d030e93dbe93e66 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 22:19:27 +0000 Subject: [PATCH 26/43] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 8a8b744..7709ea3 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -4,7 +4,7 @@ email: zitadel: masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str] nix: {} - users: ENC[AES256_GCM,data:quxYk+XT5VZy+holUr3g5ycI34Z4BfSp2eKK4CZYBvl5ZES96Jf/oXCAWXhlEpXiKwsvKkAZNBdwLaqWrzRJJBzEi2UwZJfX1I0vDtWMz4VN5mKtzr+Vavty4visrleS46w2O/xg1PzOt/gv2CilyQmcBlpMbhLYVj4A9rbpiaIqXaYB/JMpa0sUyjjs/lxFDugv3pVEvmr7b0Gjqb1+A3TldEDxBT+P10jeomDoVJbMFyF09dpSQZrTlhyDHE742armspwvQyiKjmxmpkK1+L9iRgcBFiKCbkx4aZq5uvh3lNlVbsFqWhBbBRIOMjdgOm9OmQ7FGqqMSihsW6APMi9KTgpWUpk=,iv:mxtamxo8DWaxafC9AsgHKxcqNp5mLOEiPetoHZeA95c=,tag:ITNi8tMqkDxaONEKOYU/UQ==,type:str] + users: ENC[AES256_GCM,data:pMSK3Re/DZeMnFNCEgjTGWWMYYX5eLOoZwGg3oO7WQ0Sx7z7sLRPpqlGVw384G6uYjR19MpnVud6hHPkGY/FoTO0vsJ+a2anFpmLjLsPNehiQ57rnvnWJCeVJyTz0kqKt7vS1kGpdtjH5d98PerNzxR0FvTrjJhQCfHyP/S8/G6vD6cLmeBXaStpKJ6TM0UIPcWSTzrpV3O292xAFooWYv19hkM4C6IJtbej8zTmY8pEsHk5OY3w,iv:r3603xOtSE1CEdMR9epaWclbO3PXjMWpnJT7HEbF57o=,tag:HAPUlIuumY0IjL0P4Q1aFA==,type:str] forgejo: action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str] synapse: @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T22:11:51Z" - mac: ENC[AES256_GCM,data:7/xlEEZZLlElw3YufxHxRW47d5+w3q+mb+3qJrkTe38SSJDZ/MRyH3mR+T+Vm4jM4Iieh4wR2qz14EjIG6um4GSST84pvl2dj1dz8qd3/mrlWCQUxv/EUW5pSpDtd/HIPbfyMdmZApfspJ9CT40gOY2+91/KRzcHoGebe1ZMvV0=,iv:agzozhVd36roI81y8HYP26dt2DBxw77fJ7VafKyCw7Y=,tag:f6AZ0KaBO81rfDgG2R0Y/Q==,type:str] + lastmodified: "2025-12-11T22:19:26Z" + mac: ENC[AES256_GCM,data:J1RVA3s9qemyLGo4svCofqIA4XNYgDWDc3JRbfynGLtAocOQPtXOLKoEauplDWMQ8hFIGRznIzv5XkCH6hfxQhjNI0UCuR0WhFZtnQU59hS+Qg4AQKVukRdjY136RpNiBMCMNhiXs8NAbuVxrFramgFClFQgVO+b6+Q3w2JspNE=,iv:hPUnwDUg+Wbx/YDugY8TjFIJqUzJE75tv4vzc2NHdrQ=,tag:xwqb7I315SbAlK7MlT9uBA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From 9824616c633ce14c35cb27691fa7042e3c9ea427 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 11 Dec 2025 23:20:36 +0100 Subject: [PATCH 27/43] feat: implement user management in just --- .jq/table.jq | 6 ++-- .just/users.just | 89 +++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 83 insertions(+), 12 deletions(-) diff --git a/.jq/table.jq b/.jq/table.jq index 83b98f2..5c58aef 100644 --- a/.jq/table.jq +++ b/.jq/table.jq @@ -26,7 +26,7 @@ def to_cells(sizes): to_cells(sizes; null); def to_line(left; joiner; right): [left, .[1], (.[1:] | map([joiner, .]) ), right] | flatten | join(""); -def to_table(data; header_callback; cell_callback): +def create(data; header_callback; cell_callback): (data[0] | to_entries | map(.key)) as $keys | ([$keys]) as $header | (data | map(to_entries | map(.value))) as $rows @@ -55,5 +55,5 @@ def to_table(data; header_callback; cell_callback): | join("\n") ); -def to_table(data; header_callback): to_table(data; header_callback; null); -def to_table(data): to_table(data; _::style(_::BOLD); null); +def create(data; header_callback): create(data; header_callback; null); +def create(data): create(data; _::style(_::BOLD); null); diff --git a/.just/users.just b/.just/users.just index cecd74b..486ac67 100644 --- a/.just/users.just +++ b/.just/users.just @@ -6,17 +6,16 @@ _default: [script] list: - cd .. && just vars get ulmo zitadel/users \ - | jq fromjson \ - | jq -r -C ' - include ".jq/table"; - include ".jq/format"; + cd .. && just vars get ulmo zitadel/users | jq -r -C ' + import ".jq/table" as table; + import ".jq/format" as f; - to_entries + fromjson + | to_entries | sort_by(.key) | map( - (.key|to_title) + ":\n" - + to_table( + (.key|f::to_title) + ":\n" + + table::create( .value | to_entries | sort_by(.key) @@ -24,4 +23,76 @@ list: ) ) | join("\n\n┄┄┄\n\n") - ' + '; + +[script] +add: + exec 5>&1 + + pad () { [ "$#" -gt 1 ] && [ -n "$2" ] && printf "%$2.${2#-}s" "$1"; } + + input() { + local label=$1 + local value=$2 + + local res=$(gum input --header "$label" --value "$value") + echo -e "\e[2m$(pad "$label" -11)\e[0m$res" >&5 + echo $res + } + + data=`cd .. && just vars get ulmo zitadel/users | jq 'fromjson'` + + # Gather inputs + org=` + jq -r 'to_entries | map(.key)[]' <<< "$data" \ + | gum choose --header 'Which organisation to save to?' --select-if-one + ` + username=`input 'user name' 'new-user'` + email=`input 'email' 'new.user@example.com'` + first_name=`input 'first name' 'John'` + last_name=`input 'last name' 'Doe'` + + user_exists=`jq --arg 'org' "$org" --arg 'username' "$username" '.[$org][$username]? | . != null' <<< "$data"` + + if [ "$user_exists" == "true" ]; then + gum confirm 'User already exists, overwrite it?' --padding="1 1" || exit 0 + fi + + next=` + jq \ + --arg 'org' "$org" \ + --arg 'username' "$username" \ + --arg 'email' "$email" \ + --arg 'first_name' "$first_name" \ + --arg 'last_name' "$last_name" \ + --compact-output \ + '.[$org] += { $username: { email: $email, firstName: $first_name, lastName: $last_name } }' \ + <<< $data + ` + + gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" + +[script] +remove: + data=`cd .. && just vars get ulmo zitadel/users | jq fromjson` + + # Gather inputs + org=` + jq -r 'to_entries | map(.key)[]' <<< "$data" \ + | gum choose --header 'Which organisation?' --select-if-one + ` + user=` + jq -r --arg org "$org" '.[$org] | to_entries | map(.key)[]' <<< "$data" \ + | gum choose --header 'Which user?' --select-if-one + ` + + next=` + jq \ + --arg 'org' "$org" \ + --arg 'user' "$user" \ + --compact-output \ + 'del(.[$org][$user])' \ + <<< $data + ` + + gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" From a361274b27f7db57a2f461a6ec206bcb3405728f Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 22:21:37 +0000 Subject: [PATCH 28/43] chore: update dependencies --- flake.lock | 68 +++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index cd4b600..f4f2381 100644 --- a/flake.lock +++ b/flake.lock @@ -84,11 +84,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1765346666, - "narHash": "sha256-UR8bVZF12rA7yI3jdqvlTA50NUXf3F8H6GZvLYiDqYM=", - "rev": "7c9a2e4fb9d90f213f3bf3782ee460e669231bca", + "lastModified": 1765483630, + "narHash": "sha256-4nLng3hXTHuJF1xeMXWVyK26r0O407YG7aEfkWVD3Jg=", + "rev": "b500c2e4c8f50961e976b7a78991d2fd4f96c423", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/7c9a2e4fb9d90f213f3bf3782ee460e669231bca.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/b500c2e4c8f50961e976b7a78991d2fd4f96c423.tar.gz" }, "original": { "type": "tarball", @@ -170,11 +170,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1765252472, - "narHash": "sha256-byMt/uMi7DJ8tRniFopDFZMO3leSjGp6GS4zWOFT+uQ=", + "lastModified": 1765435813, + "narHash": "sha256-C6tT7K1Lx6VsYw1BY5S3OavtapUvEnDQtmQB5DSgbCc=", "owner": "nix-community", "repo": "fenix", - "rev": "8456b985f6652e3eef0632ee9992b439735c5544", + "rev": "6399553b7a300c77e7f07342904eb696a5b6bf9d", "type": "github" }, "original": { @@ -190,11 +190,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1765370621, - "narHash": "sha256-3gAVH9nYc2E82tIXKFv2lMe4JohglxJtPgs0ZmXkx9c=", + "lastModified": 1765448647, + "narHash": "sha256-y29oz4/jfs7TEGR1+pKlcQn5pBsTZGM8TOhVDJEAtXg=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "ea98c8041dad75efc80ec036643a32b12467c8b7", + "rev": "63947e060742f3b023c87e225c3f327befbbd6a3", "type": "github" }, "original": { @@ -594,11 +594,11 @@ ] }, "locked": { - "lastModified": 1765337252, - "narHash": "sha256-HuWQp8fM25fyWflbuunQkQI62Hg0ecJxWD52FAgmxqY=", + "lastModified": 1765480374, + "narHash": "sha256-HlbvQAqLx7WqZFFQZ8nu5UUJAVlXiV/kqKbyueA8srw=", "owner": "nix-community", "repo": "home-manager", - "rev": "13cc1efd78b943b98c08d74c9060a5b59bf86921", + "rev": "39cb677ed9e908e90478aa9fe5f3383dfc1a63f3", "type": "github" }, "original": { @@ -810,11 +810,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1764252389, - "narHash": "sha256-3bbuneTKZBkYXlm0bE36kUjiDsasoIC1GWBw/UEJ9T4=", + "lastModified": 1765442039, + "narHash": "sha256-k3lYQ+A1F7aTz8HnlU++bd9t/x/NP2A4v9+x6opcVg0=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "5ea68886d95218646d11d3551a476d458df00778", + "rev": "9dd775ee92de63f14edd021d59416e18ac2c00f1", "type": "github" }, "original": { @@ -852,11 +852,11 @@ ] }, "locked": { - "lastModified": 1765376994, - "narHash": "sha256-dsgdFdj8+qh81XPB/9SlwvuhJMHPjqsf7Zk0AnsdVpY=", + "lastModified": 1765483419, + "narHash": "sha256-w6wznH1lBzlSH3+pWDkE+L6xA0F02drFAzu2E7PD/Jo=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "30f6a14293df4938c35173a73efdeba450653d0a", + "rev": "0c040f28b44b18e0d4240e027096078e34dbb029", "type": "github" }, "original": { @@ -914,11 +914,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1765357816, - "narHash": "sha256-Uh7y3tL9SUzMjM8eO9CMqf30pPpa1i+P3asBijc32lY=", + "lastModified": 1765403794, + "narHash": "sha256-bOk4vZjzk419pIkmMWrr8PTg0fK2Oph/owZUAPHWwIE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "004943ed3cf9de5805a0da377599d1bfdd47a98a", + "rev": "6f313d8e9be4d7db523962ecc3ce97c951bacb1f", "type": "github" }, "original": { @@ -946,11 +946,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1765380834, - "narHash": "sha256-MUMk4DZ0V+gU7yee7DdiPwieRclS2uMNvLQGLWwew4M=", + "lastModified": 1765491281, + "narHash": "sha256-adRTsIAzAiMUP40dPHhcAq69+iRcSV93XJdg8YO7lYw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bf83174d5ab54f384b1ec5068b3280241dbb849f", + "rev": "d21f5e3178bdfce2e894e0bd9b6535ac6593a734", "type": "github" }, "original": { @@ -1139,11 +1139,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1765120009, - "narHash": "sha256-nG76b87rkaDzibWbnB5bYDm6a52b78A+fpm+03pqYIw=", + "lastModified": 1765400135, + "narHash": "sha256-D3+4hfNwUhG0fdCpDhOASLwEQ1jKuHi4mV72up4kLQM=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "5e3e9c4e61bba8a5e72134b9ffefbef8f531d008", + "rev": "fface27171988b3d605ef45cf986c25533116f7e", "type": "github" }, "original": { @@ -1254,11 +1254,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1765377959, - "narHash": "sha256-MsvpqrovI+iveyVam6sIPlSsUVVcmmhTxpD9w3OOsvw=", + "lastModified": 1765474444, + "narHash": "sha256-sDG+c73xEnIw1pFNRWffKDnTWiTuyZiEP+Iub0D3mWA=", "owner": "nix-community", "repo": "stylix", - "rev": "54fcd2f342c6417548cc56f53e401224dcade639", + "rev": "dd14de4432a94e93e10d0159f1d411487e435e1e", "type": "github" }, "original": { @@ -1519,11 +1519,11 @@ ] }, "locked": { - "lastModified": 1765344150, - "narHash": "sha256-RoGBKQglbF19aINeV8F7DHCXxF7FrMRLgL2yjl9vOiQ=", + "lastModified": 1765491669, + "narHash": "sha256-LjMIEOyIT5AMvbz/RYRcZPTJ7FB6vnEmeaid9vkIp0k=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "1adab25828578301037855c59849e9bbecf8948b", + "rev": "85feeba579822e7e30cccf549d805f24b86d7235", "type": "github" }, "original": { From 1ee8fa34077bf5fb75018df350afd84eb12e2fa8 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 11 Dec 2025 22:47:02 +0000 Subject: [PATCH 29/43] chore(secrets): set secret "zitadel/users" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 7709ea3..4c9cc8d 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -4,7 +4,7 @@ email: zitadel: masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str] nix: {} - users: ENC[AES256_GCM,data:pMSK3Re/DZeMnFNCEgjTGWWMYYX5eLOoZwGg3oO7WQ0Sx7z7sLRPpqlGVw384G6uYjR19MpnVud6hHPkGY/FoTO0vsJ+a2anFpmLjLsPNehiQ57rnvnWJCeVJyTz0kqKt7vS1kGpdtjH5d98PerNzxR0FvTrjJhQCfHyP/S8/G6vD6cLmeBXaStpKJ6TM0UIPcWSTzrpV3O292xAFooWYv19hkM4C6IJtbej8zTmY8pEsHk5OY3w,iv:r3603xOtSE1CEdMR9epaWclbO3PXjMWpnJT7HEbF57o=,tag:HAPUlIuumY0IjL0P4Q1aFA==,type:str] + users: ENC[AES256_GCM,data:yxdJ2PmOJXXCF2NaD1QWLSuwF9AhdIBhLiZDm4GhcTb4sA3zGTyJBw5saH6P5QAwk9ngbOgn8RH0vgeYEJ0z8VzUoCaLWK5xaqLggYgd75ewNQu7Jkh6V/oSHeVfv+6NCRoq4PckHvhBHwQQ4uToaCghUbjX6VJlFSKwSAy6laG30UMIa2Q4hTQHqgVcbjpQUJSu6/ajDz3Ap0MqhCTSOPWKZ9vWZpvRnFhLhsJrTNl0w6zlCuZcy8xqn/zZo4OEuexHr29yFFohbiD9L9CLd0N6NYDMX7eHRjjdB6Ysxfkic9JSWysma/7OwPzg/KK+pQDkNi7ciR+/cT9Gqn73IFpXPvuooe+7wxe4INfGq3iAoRIYSz8=,iv:opqL2iB3sqT+/a03tTzWphFGnwrEwdKybnj/3BNzL3U=,tag:2+CMLgKdsWpPsYrkKAP5hg==,type:str] forgejo: action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str] synapse: @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T22:19:26Z" - mac: ENC[AES256_GCM,data:J1RVA3s9qemyLGo4svCofqIA4XNYgDWDc3JRbfynGLtAocOQPtXOLKoEauplDWMQ8hFIGRznIzv5XkCH6hfxQhjNI0UCuR0WhFZtnQU59hS+Qg4AQKVukRdjY136RpNiBMCMNhiXs8NAbuVxrFramgFClFQgVO+b6+Q3w2JspNE=,iv:hPUnwDUg+Wbx/YDugY8TjFIJqUzJE75tv4vzc2NHdrQ=,tag:xwqb7I315SbAlK7MlT9uBA==,type:str] + lastmodified: "2025-12-11T22:47:01Z" + mac: ENC[AES256_GCM,data:7d8MOO5luFUGI2DhHUQRoBG4097/KnKvmj32vbdgoPFQWuLmePAdhJJ+n2T3Si89eLNoZVpwd2gvunSLiKG+rTyvVxf3jx1bOuGOhL2VlbbnLHiJPhX6Wi3NhRRUDqWl3oNcq/G9f6Y+fJ5R+Cofkov+aTPhIAM+Ceq/7Bf+J/M=,iv:zpf8r+W2QjUAmULnjzEQdESF4cuNWa3aMIVo6FPe/YI=,tag:z5YFIqlS1URIRsnqjFLquw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From b2a0a2a26d90df96d292bdb29a63898c30c73507 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 18 Dec 2025 15:11:04 +0100 Subject: [PATCH 30/43] fix: only enable media services when needed --- modules/nixos/services/media/servarr/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index bb90352..057b810 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -11,6 +11,7 @@ inherit (lib) mkIf mkEnableOption mkOption types; cfg = config.${namespace}.services.media.servarr; + anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0); in { options.${namespace}.services.media = { servarr = mkOption { @@ -33,7 +34,7 @@ in { }; }; - config = { + config = mkIf anyEnabled { services = cfg |> lib.mapAttrsToList (service: { @@ -269,6 +270,11 @@ in { }; groups.${service} = {}; })) + |> lib.concat [ + { + groups.media = {}; + } + ] |> lib.mkMerge; sops = From c935a034c4661a6a88c253d80aac957903d17b4a Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 18 Dec 2025 15:58:01 +0100 Subject: [PATCH 31/43] AAAARGHHH --- systems/x86_64-linux/manwe/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix index c2d9978..3839cc6 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/systems/x86_64-linux/manwe/default.nix @@ -1,5 +1,4 @@ -{ ... }: -{ +{...}: { imports = [ ./disks.nix ./hardware.nix @@ -7,6 +6,8 @@ system.activationScripts.remove-gtkrc.text = "rm -f /home/chris/.gtkrc-2.0"; + services.logrotate.checkConfig = false; + sneeuwvlok = { hardware.has = { gpu.amd = true; @@ -30,7 +31,6 @@ }; }; - services.displayManager.autoLogin = { enable = true; user = "chris"; From 821767765fea85f7b529a93db27bce820796fc99 Mon Sep 17 00:00:00 2001 From: chris Date: Thu, 18 Dec 2025 15:01:33 +0000 Subject: [PATCH 32/43] chore: update dependencies --- flake.lock | 213 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 124 insertions(+), 89 deletions(-) diff --git a/flake.lock b/flake.lock index f4f2381..004e726 100644 --- a/flake.lock +++ b/flake.lock @@ -21,17 +21,17 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1754405784, - "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" } }, @@ -84,11 +84,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1765483630, - "narHash": "sha256-4nLng3hXTHuJF1xeMXWVyK26r0O407YG7aEfkWVD3Jg=", - "rev": "b500c2e4c8f50961e976b7a78991d2fd4f96c423", + "lastModified": 1766058975, + "narHash": "sha256-HBnRRq9wLq7UfJxMM55wR10lZFK1F0lNyRgUwwOby6s=", + "rev": "9032d11a0e31641808ef1427150aac0f40e2e0b9", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/b500c2e4c8f50961e976b7a78991d2fd4f96c423.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/9032d11a0e31641808ef1427150aac0f40e2e0b9.tar.gz" }, "original": { "type": "tarball", @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1765163284, - "narHash": "sha256-tCrc6IyhXrMTTeF5lZHlwbfMBvDUr0OM5Uz+kToJ+ow=", - "rev": "986035f01ba7339c6c9d80f37aec9c5f93dfa47f", + "lastModified": 1765768061, + "narHash": "sha256-RZ/ocDUJ3WPr2KcDc2MB6Fu+ZPqzwsMKQ16XxqrPi+o=", + "rev": "53351f9953ecf9dbe18795b4784abe53b14e6eee", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/986035f01ba7339c6c9d80f37aec9c5f93dfa47f.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/53351f9953ecf9dbe18795b4784abe53b14e6eee.tar.gz" }, "original": { "type": "tarball", @@ -130,11 +130,11 @@ ] }, "locked": { - "lastModified": 1765326679, - "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=", + "lastModified": 1765794845, + "narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=", "owner": "nix-community", "repo": "disko", - "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e", + "rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9", "type": "github" }, "original": { @@ -149,11 +149,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1764775116, - "narHash": "sha256-S4fY3fytcqXBuOSbQjEVke2eqK9/e/6Jy3jp0JGM2X4=", + "lastModified": 1765983453, + "narHash": "sha256-cH32B1gu+/AQA8arQScPStZhmT73jDnrzSejuNR//F0=", "owner": "emmanuelrosa", "repo": "erosanix", - "rev": "172661ccc78b1529a294eee5e99ca1616c934f37", + "rev": "b742cf8ae93417efb2c1bbcc70146a664126d8be", "type": "github" }, "original": { @@ -190,11 +190,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1765448647, - "narHash": "sha256-y29oz4/jfs7TEGR1+pKlcQn5pBsTZGM8TOhVDJEAtXg=", + "lastModified": 1766067704, + "narHash": "sha256-k8JGGuFfml1qsMI5AW1f1+2+6S3YAHkw+AHXACkZ+l8=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "63947e060742f3b023c87e225c3f327befbbd6a3", + "rev": "59d2f3f13afbf4fc88431316c0eef124f1e6e822", "type": "github" }, "original": { @@ -306,11 +306,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -574,11 +574,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1765227577, - "narHash": "sha256-2YyCvI3aGFkFfT6JKmaer8YyhwAk6lJwO6vCikqJwa8=", + "lastModified": 1765998060, + "narHash": "sha256-RGluSceSmt/1wZVwnkrLGc+oImO94o723fNPTEJm25w=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "70b63803f6429dafa20be0035548072092e0e512", + "rev": "3ba7e3c89968d1a8f70c14550df58bdd997b998d", "type": "github" }, "original": { @@ -594,11 +594,11 @@ ] }, "locked": { - "lastModified": 1765480374, - "narHash": "sha256-HlbvQAqLx7WqZFFQZ8nu5UUJAVlXiV/kqKbyueA8srw=", + "lastModified": 1765980955, + "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=", "owner": "nix-community", "repo": "home-manager", - "rev": "39cb677ed9e908e90478aa9fe5f3383dfc1a63f3", + "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173", "type": "github" }, "original": { @@ -615,11 +615,11 @@ ] }, "locked": { - "lastModified": 1762964643, - "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", + "lastModified": 1765682243, + "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=", "owner": "nix-community", "repo": "home-manager", - "rev": "827f2a23373a774a8805f84ca5344654c31f354b", + "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03", "type": "github" }, "original": { @@ -636,11 +636,11 @@ ] }, "locked": { - "lastModified": 1765365489, - "narHash": "sha256-L0uvs+o8P5JzEcTPe2WPA48+0ZiO6+8nlfh7XSjQql4=", + "lastModified": 1766067735, + "narHash": "sha256-cRC/rOYRtZNzc5y9nTccozyo/mkI4/1eFE33Aqgs+SQ=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "ddf5db234397043a8af5c38433b5ae933d660f27", + "rev": "34a16089be30f77ac9444907ec97c02b4b711896", "type": "github" }, "original": { @@ -655,11 +655,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1765111385, - "narHash": "sha256-Gn8IIq9FGLvQSDK2bXKzsqqkgKExTExLkYfH7n8Nnpk=", + "lastModified": 1765716362, + "narHash": "sha256-ZjICTdeEXwhioCJyYeEIrP5UlW6QZvP8rAAquNy+vso=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "e562ca084a8b3490337d446f1e0d6afadb509d1e", + "rev": "b70d4898e9a4d2ad2d3ff870b9674f371b119fef", "type": "github" }, "original": { @@ -702,6 +702,24 @@ "type": "github" } }, + "ndg": { + "inputs": { + "nixpkgs": "nixpkgs_8" + }, + "locked": { + "lastModified": 1765720983, + "narHash": "sha256-tWtukpABmux6EC/FuCJEgA1kmRjcRPtED44N+GGPq+4=", + "owner": "feel-co", + "repo": "ndg", + "rev": "f399ace8bb8e1f705dd8942b24d207aa4d75c936", + "type": "github" + }, + "original": { + "owner": "feel-co", + "repo": "ndg", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -752,11 +770,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1765332486, - "narHash": "sha256-nVTejyI8w3ePrX4tW3lBLLg3DheqhRuxtiRefT+ynrk=", + "lastModified": 1766023574, + "narHash": "sha256-vx7KhTqR/UBnBUXAei3DKXJ4Nq3p7yLw+kZ03/inm8I=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "a3bdc14045dc7e5fb7a94ab11064766f472279eb", + "rev": "5e0cae13ca72d3e4ef0f101b01725e25441c4ebd", "type": "github" }, "original": { @@ -852,11 +870,11 @@ ] }, "locked": { - "lastModified": 1765483419, - "narHash": "sha256-w6wznH1lBzlSH3+pWDkE+L6xA0F02drFAzu2E7PD/Jo=", + "lastModified": 1765841014, + "narHash": "sha256-55V0AJ36V5Egh4kMhWtDh117eE3GOjwq5LhwxDn9eHg=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "0c040f28b44b18e0d4240e027096078e34dbb029", + "rev": "be4af8042e7a61fa12fda58fe9a3b3babdefe17b", "type": "github" }, "original": { @@ -883,11 +901,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765070080, - "narHash": "sha256-5D1Mcm2dQ1aPzQ0sbXluHVUHququ8A7PKJd7M3eI9+E=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e0cad9791b0c168931ae562977703b72d9360836", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -897,6 +915,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1765457389, + "narHash": "sha256-ddhDtNYvleZeYF7g7TRFSmuQuZh7HCgqstg5YBGwo5s=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f997fa0f94fb1ce55bccb97f60d41412ae8fde4c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1764517877, "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", @@ -914,11 +948,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1765403794, - "narHash": "sha256-bOk4vZjzk419pIkmMWrr8PTg0fK2Oph/owZUAPHWwIE=", + "lastModified": 1766035038, + "narHash": "sha256-tJ8RIG8JiMV9NGYWegYw1bEO/Ja09mH1y7RhuviEN78=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6f313d8e9be4d7db523962ecc3ce97c951bacb1f", + "rev": "da5cc354cf31d8514d763c39f5a685da3fe1eb3e", "type": "github" }, "original": { @@ -946,11 +980,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1765491281, - "narHash": "sha256-adRTsIAzAiMUP40dPHhcAq69+iRcSV93XJdg8YO7lYw=", + "lastModified": 1766068349, + "narHash": "sha256-pb4NHaLbyEo5C+h1XfQAkdI/ceKrKO1YvUEZGLrdIMo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d21f5e3178bdfce2e894e0bd9b6535ac6593a734", + "rev": "fe17732c30a65edbd3f101db6aa6f76a38e21ac2", "type": "github" }, "original": { @@ -994,11 +1028,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1765186076, - "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "lastModified": 1765779637, + "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", "type": "github" }, "original": { @@ -1010,31 +1044,31 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", - "owner": "nixos", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_9": { "locked": { - "lastModified": 1764947035, - "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", - "owner": "NixOS", + "lastModified": 1764081664, + "narHash": "sha256-sUoHmPr/EwXzRMpv1u/kH+dXuvJEyyF2Q7muE+t0EU4=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "a672be65651c80d3f592a89b3945466584a22069", + "rev": "dc205f7b4fdb04c8b7877b43edb7b73be7730081", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" @@ -1070,15 +1104,16 @@ "flake-compat": "flake-compat_4", "flake-parts": "flake-parts_3", "mnw": "mnw", - "nixpkgs": "nixpkgs_8", + "ndg": "ndg", + "nixpkgs": "nixpkgs_9", "systems": "systems_5" }, "locked": { - "lastModified": 1765119282, - "narHash": "sha256-iI0fuBBYJMnOprGD2L+rum2P8lHMcZ5n35hzdlpwayI=", + "lastModified": 1765894398, + "narHash": "sha256-vZmKngMAaZ38mUjWeXavagrCE5f4h4s9yIShf2q75I4=", "owner": "notashelf", "repo": "nvf", - "rev": "26c4a7e3c33e739d474ddaf52aa4c5f3d11922ba", + "rev": "cd81bbb904571b538397d72a29e4c84b98480ee1", "type": "github" }, "original": { @@ -1204,11 +1239,11 @@ ] }, "locked": { - "lastModified": 1765231718, - "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", + "lastModified": 1765836173, + "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", + "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", "type": "github" }, "original": { @@ -1219,14 +1254,14 @@ }, "sops-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1765231718, - "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", + "lastModified": 1765836173, + "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", + "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", "type": "github" }, "original": { @@ -1244,7 +1279,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_4", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "nur": "nur", "systems": "systems_7", "tinted-foot": "tinted-foot", @@ -1254,11 +1289,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1765474444, - "narHash": "sha256-sDG+c73xEnIw1pFNRWffKDnTWiTuyZiEP+Iub0D3mWA=", + "lastModified": 1765897595, + "narHash": "sha256-NgTRxiEC5y96zrhdBygnY+mSzk5FWMML39PcRGVJmxg=", "owner": "nix-community", "repo": "stylix", - "rev": "dd14de4432a94e93e10d0159f1d411487e435e1e", + "rev": "e6829552d4bb659ebab00f08c61d8c62754763f3", "type": "github" }, "original": { @@ -1498,11 +1533,11 @@ ] }, "locked": { - "lastModified": 1762938485, - "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", + "lastModified": 1766000401, + "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", + "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd", "type": "github" }, "original": { @@ -1519,11 +1554,11 @@ ] }, "locked": { - "lastModified": 1765491669, - "narHash": "sha256-LjMIEOyIT5AMvbz/RYRcZPTJ7FB6vnEmeaid9vkIp0k=", + "lastModified": 1766032508, + "narHash": "sha256-7MHR94mOoa5/s4NBrpsXWaNNzrZyRC0OwRwEobp1wzI=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "85feeba579822e7e30cccf549d805f24b86d7235", + "rev": "a7f58a9e3481804915d75a9c86527bca6d9dafb3", "type": "github" }, "original": { From 73929e0cf9e966bfed10d842c8900e4c51ddcf1e Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Thu, 18 Dec 2025 16:22:43 +0100 Subject: [PATCH 33/43] I'm so tired of all this crap... --- modules/nixos/desktop/cosmic/default.nix | 32 ++++++++++++++++++++++++ modules/nixos/desktop/default.nix | 18 +++++++------ systems/x86_64-linux/manwe/default.nix | 2 +- 3 files changed, 44 insertions(+), 8 deletions(-) create mode 100644 modules/nixos/desktop/cosmic/default.nix diff --git a/modules/nixos/desktop/cosmic/default.nix b/modules/nixos/desktop/cosmic/default.nix new file mode 100644 index 0000000..ff4d047 --- /dev/null +++ b/modules/nixos/desktop/cosmic/default.nix @@ -0,0 +1,32 @@ +{ + lib, + config, + namespace, + inputs, + ... +}: let + inherit (lib) mkIf mkEnableOption mkForce; + + cfg = config.${namespace}.desktop.cosmic; +in { + options.${namespace}.desktop.cosmic = { + enable = + mkEnableOption "Enable Cosmic desktop" + // { + default = config.${namespace}.desktop.use == "cosmic"; + }; + }; + + config = mkIf cfg.enable { + services = { + displayManager = { + cosmic-greeter.enable = true; + autoLogin = { + enable = true; + user = "chris"; + }; + }; + desktopManager.cosmic.enable = true; + }; + }; +} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 9fd9192..13ef881 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -1,18 +1,22 @@ -{ lib, config, namespace, inputs, ... }: -let +{ + lib, + config, + namespace, + inputs, + ... +}: let inherit (lib) mkIf mkOption mkEnableOption mkMerge; inherit (lib.types) nullOr enum; cfg = config.${namespace}.desktop; -in -{ +in { imports = [ inputs.grub2-themes.nixosModules.default ]; options.${namespace}.desktop = { use = mkOption { - type = nullOr (enum [ "plasma" "gamescope" "gnome" ]); + type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); default = null; example = "plasma"; description = "Which desktop to enable"; @@ -20,11 +24,11 @@ in }; config = mkMerge [ - ({ + { services.displayManager = { enable = true; }; - }) + } # (mkIf (cfg.use != null) { # ${namespace}.desktop.${cfg.use}.enable = true; diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix index 3839cc6..a2c478f 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/systems/x86_64-linux/manwe/default.nix @@ -20,7 +20,7 @@ animated = true; }; - desktop.use = "plasma"; + desktop.use = "cosmic"; application = { steam.enable = true; From cfd5a40d3cb797a26191f39d8dfa06b96f7124a4 Mon Sep 17 00:00:00 2001 From: chris Date: Sun, 28 Dec 2025 20:38:16 +0000 Subject: [PATCH 34/43] chore(secrets): set secret "qbittorrent/password" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 4c9cc8d..0d7eb55 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -54,7 +54,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-11T22:47:01Z" - mac: ENC[AES256_GCM,data:7d8MOO5luFUGI2DhHUQRoBG4097/KnKvmj32vbdgoPFQWuLmePAdhJJ+n2T3Si89eLNoZVpwd2gvunSLiKG+rTyvVxf3jx1bOuGOhL2VlbbnLHiJPhX6Wi3NhRRUDqWl3oNcq/G9f6Y+fJ5R+Cofkov+aTPhIAM+Ceq/7Bf+J/M=,iv:zpf8r+W2QjUAmULnjzEQdESF4cuNWa3aMIVo6FPe/YI=,tag:z5YFIqlS1URIRsnqjFLquw==,type:str] + lastmodified: "2025-12-28T20:38:15Z" + mac: ENC[AES256_GCM,data:4JHRUEwCDA6FDQvyPluuM0qN5msaeQl8xCuy4hdBzcIzCSlZXWaiN6HDUZk9Nov34QIa9eXMdVwPg3jnnnQuQFpuiQuWn8NGuIueIeYf1L01Xf3aF+grNBsQFJqR4BAftkCwCFCvfayAL9fUjg4zQ9u67MJhKazgkYerBwih8dc=,iv:yLUVGhtOgJwDA13WGrzvx4qDzOTvtUe1hiEzdLnFyi0=,tag:gBwqx1RXzJqWbIKD0P9abQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From d2ee47f78c0ea52c7d3f3dffe77ef1c68b560b3b Mon Sep 17 00:00:00 2001 From: chris Date: Sun, 28 Dec 2025 21:28:31 +0000 Subject: [PATCH 35/43] chore(secrets): set secret "whisparr/apikey" for machine "ulmo" --- systems/x86_64-linux/ulmo/secrets.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 0d7eb55..646c768 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -34,6 +34,8 @@ sabnzbd: password: ENC[AES256_GCM,data:flw8AahqO1Mx,iv:Qhu8iVWMzzqy18y8dj3aHoBnSZatm74/tYvZ456l2sA=,tag:sCYBdw7kD0zJZFFr5EyPIQ==,type:str] username: ENC[AES256_GCM,data:IboJ8WDWuVNgvrk7c3V8I5S6Xg==,iv:BRohMuQFQz2S+HFasIaok6npT3C5v/SlhAhbLQXfB0s=,tag:M3/u0WBQ3AufHqe4DCtsrA==,type:str] apikey: ENC[AES256_GCM,data:j5sPXKbBhMdNHOuoTfZ+c8nGu5JameOgK2z428iLdP01Hi6MvHVaN8Zs8YxMoSBtOjdtIEC8MS+3m1S1rU/P4pCRfZpK5ua1DBHq4l0xROUqokFWjDcAmJJv3pYXl0cQxQcGKQ==,iv:v5hu3gmO1Zn1FfXkHLPGN9f7JOcQjzoQahdqJwfM+xY=,tag:uI1LFcTgcyRgAaTJ1kzKow==,type:str] +whisparr: + apikey: ENC[AES256_GCM,data:kIGCsd4mszm90PoQMzlSEBKw9Ow0GvP1qdLtwXYKkAb6b65l89v8lMWJ2X1MyD2gJX+P+Bv1F/2BSjUFXErq/UYnp4dAjwKi/ezGCbhjMutDM1FvwFWEHRnR3gjd9uXPWJ8Xhg==,iv:98aPQlcZHJovpnzACDs6RtKblLnHg6wyi+Er5DAowj8=,tag:Tl8jz/pWYWAtBCfoztKdyw==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -54,7 +56,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-28T20:38:15Z" - mac: ENC[AES256_GCM,data:4JHRUEwCDA6FDQvyPluuM0qN5msaeQl8xCuy4hdBzcIzCSlZXWaiN6HDUZk9Nov34QIa9eXMdVwPg3jnnnQuQFpuiQuWn8NGuIueIeYf1L01Xf3aF+grNBsQFJqR4BAftkCwCFCvfayAL9fUjg4zQ9u67MJhKazgkYerBwih8dc=,iv:yLUVGhtOgJwDA13WGrzvx4qDzOTvtUe1hiEzdLnFyi0=,tag:gBwqx1RXzJqWbIKD0P9abQ==,type:str] + lastmodified: "2025-12-28T21:28:31Z" + mac: ENC[AES256_GCM,data:vkGMgBkzmA2+xRIOfgUE01XG6jvTMTpm1vWXVHdZ5xE27s2mn8i6C64t1cia0n413qlKLB3y5qcbiHdRVhdLUoZFdBgFTjfixyIXOKZeVJskjJEqg2L0wZGtYIO8Y2KrfPb925qOffr7p0NcMf4c+d6bIqxHFEGb+jR/aWDOMNo=,iv:PK1FHycgOj2wtJt1UfWEAe0mKSBVksu8KWUxljSp2oo=,tag:F/xAAxJLUDqW9Dnwgrd0Rg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 From ab9c4b4c14856ffeb6e7c9c19fb11a59eec04370 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 31 Dec 2025 00:41:52 +0100 Subject: [PATCH 36/43] . --- .just/machine.just | 2 +- modules/nixos/desktop/cosmic/default.nix | 10 +- .../services/communication/matrix/default.nix | 8 +- modules/nixos/services/media/default.nix | 35 --- .../nixos/services/media/glance/default.nix | 10 - .../nixos/services/media/jellyfin/default.nix | 50 +++++ .../nixos/services/media/servarr/default.nix | 200 ++++++++++++++---- modules/nixos/services/media/servarr/lib.nix | 2 + systems/x86_64-linux/manwe/default.nix | 1 + systems/x86_64-linux/ulmo/default.nix | 28 ++- 10 files changed, 243 insertions(+), 103 deletions(-) create mode 100644 modules/nixos/services/media/jellyfin/default.nix create mode 100644 modules/nixos/services/media/servarr/lib.nix diff --git a/.just/machine.just b/.just/machine.just index 207185a..d07986b 100644 --- a/.just/machine.just +++ b/.just/machine.just @@ -8,4 +8,4 @@ [no-exit-message] @update machine: just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} + nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json diff --git a/modules/nixos/desktop/cosmic/default.nix b/modules/nixos/desktop/cosmic/default.nix index ff4d047..cba6955 100644 --- a/modules/nixos/desktop/cosmic/default.nix +++ b/modules/nixos/desktop/cosmic/default.nix @@ -5,7 +5,7 @@ inputs, ... }: let - inherit (lib) mkIf mkEnableOption mkForce; + inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.desktop.cosmic; in { @@ -19,13 +19,7 @@ in { config = mkIf cfg.enable { services = { - displayManager = { - cosmic-greeter.enable = true; - autoLogin = { - enable = true; - user = "chris"; - }; - }; + displayManager.cosmic-greeter.enable = true; desktopManager.cosmic.enable = true; }; }; diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 33af8e4..ccdbbaa 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -52,11 +52,15 @@ in { # Since we'll be using OIDC for auth disable all local options enable_registration = false; enable_registration_without_verification = false; - password_config.enabled = false; + password_config.enabled = true; backchannel_logout_enabled = true; + experimental_features = { + msc2965_enabled = true; + }; + sso = { - client_whitelist = ["http://[::1]:9092"]; + client_whitelist = ["http://[::1]:9092/" "https://auth.kruining.eu/"]; update_profile_information = true; }; diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index 79d2307..c10a08e 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -35,13 +35,6 @@ in { #========================================================================= environment.systemPackages = with pkgs; [ podman-tui - jellyfin - jellyfin-web - jellyfin-ffmpeg - jellyseerr - mediainfo - id3v2 - yt-dlp ]; #========================================================================= @@ -56,9 +49,6 @@ in { }; systemd.tmpfiles.rules = [ - # "d '${cfg.path}/series' 0770 ${cfg.user} ${cfg.group} - -" - # "d '${cfg.path}/movies' 0770 ${cfg.user} ${cfg.group} - -" - # "d '${cfg.path}/music' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/qbittorrent' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/sabnzbd' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/downloads/incomplete' 0770 ${cfg.user} ${cfg.group} - -" @@ -77,34 +67,9 @@ in { listenPort = 2005; }; - flaresolverr = { - enable = true; - openFirewall = true; - port = 2007; - }; - - # port is harcoded in nixpkgs module - jellyfin = { - enable = true; - openFirewall = true; - user = cfg.user; - group = cfg.group; - }; - postgresql = { enable = true; }; - - caddy = { - enable = true; - virtualHosts = { - "jellyfin.kruining.eu".extraConfig = '' - reverse_proxy http://[::1]:8096 - ''; - }; - }; }; - - systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; }; } diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix index 333035d..6af52ef 100644 --- a/modules/nixos/services/media/glance/default.nix +++ b/modules/nixos/services/media/glance/default.nix @@ -130,16 +130,6 @@ in { } ]; } - { - type = "videos"; - channels = [ - "UCXuqSBlHAE6Xw-yeJA0Tunw" # Linus Tech Tips - "UCR-DXc1voovS8nhAvccRZhg" # Jeff Geerling - "UCsBjURrPoezykLs9EqgamOA" # Fireship - "UCBJycsmduvYEL83R_U4JriQ" # Marques Brownlee - "UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium - ]; - } ]; } diff --git a/modules/nixos/services/media/jellyfin/default.nix b/modules/nixos/services/media/jellyfin/default.nix new file mode 100644 index 0000000..d4323f3 --- /dev/null +++ b/modules/nixos/services/media/jellyfin/default.nix @@ -0,0 +1,50 @@ +{ + pkgs, + config, + lib, + namespace, + inputs, + system, + ... +}: let + inherit (builtins) toString; + inherit (lib) mkIf mkEnableOption mkOption types; + + cfg = config.${namespace}.services.media.jellyfin; +in { + options.${namespace}.services.media.jellyfin = { + enable = mkEnableOption "Enable jellyfin server"; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + jellyfin + jellyfin-web + jellyfin-ffmpeg + mediainfo + id3v2 + yt-dlp + ]; + + services = { + # port is harcoded in nixpkgs module + jellyfin = { + enable = true; + openFirewall = true; + user = "media"; + group = "media"; + }; + + caddy = { + enable = true; + virtualHosts = { + "jellyfin.kruining.eu".extraConfig = '' + reverse_proxy http://[::1]:8096 + ''; + }; + }; + }; + + systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; + }; +} diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 057b810..bc911f7 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -11,6 +11,7 @@ inherit (lib) mkIf mkEnableOption mkOption types; cfg = config.${namespace}.services.media.servarr; + servarr = import ./lib.nix {inherit lib;}; anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0); in { options.${namespace}.services.media = { @@ -68,7 +69,7 @@ in { }; }; } - // (lib.optionalAttrs (service != "prowlarr") { + // (lib.optionalAttrs (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { user = service; group = "media"; }); @@ -104,6 +105,12 @@ in { group = "media"; }; + flaresolverr = { + enable = true; + openFirewall = true; + port = 2007; + }; + postgresql = { ensureDatabases = cfg |> lib.attrNames; ensureUsers = @@ -129,6 +136,7 @@ in { }: (mkIf enable { "${service}ApplyTerraform" = let config' = config; + lib' = lib; terraformConfiguration = inputs.terranix.lib.terranixConfiguration { inherit system; @@ -140,12 +148,28 @@ in { ... }: { config = { - variable = { - api_key = { - type = "string"; - description = "${service} api key"; - }; - }; + variable = + cfg + |> lib'.mapAttrsToList (s: _: { + "${s}_api_key" = { + type = "string"; + description = "${s} API key"; + }; + }) + |> lib'.concat [ + { + qbittorrent_api_key = { + type = "string"; + description = "qbittorrent api key"; + }; + + sabnzbd_api_key = { + type = "string"; + description = "sabnzbd api key"; + }; + } + ] + |> lib'.mkMerge; terraform.required_providers.${service} = { source = "devopsarr/${service}"; @@ -164,40 +188,116 @@ in { provider.${service} = { url = "http://127.0.0.1:${toString port}"; - api_key = lib.tfRef "var.api_key"; + api_key = lib.tfRef "var.${service}_api_key"; }; - resource = { - "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( - rootFolders - |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) - |> lib.listToAttrs - ); + resource = + { + "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( + rootFolders + |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) + |> lib.listToAttrs + ); - "${service}_download_client_qbittorrent" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { - "main" = { - name = "qBittorrent"; - enable = true; - priority = 1; - host = "localhost"; - username = "admin"; - password = "poChieN5feeph0igeaCadeJ9Xux0ohmuy6ruH5ieThaPheib3iuzoo0ahw1aiceif1feegioh9Aimau0pai5thoh5ieH0aechohw"; - url_base = "/"; - port = 2008; + "${service}_download_client_qbittorrent" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + "main" = { + name = "qBittorrent"; + enable = true; + priority = 1; + host = "localhost"; + username = "admin"; + password = lib.tfRef "var.qbittorrent_api_key"; + # password = "poChieN5feeph0igeaCadeJ9Xux0ohmuy6ruH5ieThaPheib3iuzoo0ahw1aiceif1feegioh9Aimau0pai5thoh5ieH0aechohw"; + url_base = "/"; + port = 2008; + }; }; - }; - # "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { - # "main" = { - # name = "SABnzbd"; - # enable = true; - # priority = 1; - # host = "localhost"; - # url_base = "/"; - # port = 8080; - # }; - # }; - }; + "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + "main" = { + name = "SABnzbd"; + enable = true; + priority = 1; + host = "localhost"; + api_key = lib.tfRef "var.sabnzbd_api_key"; + url_base = "/"; + port = 8080; + }; + }; + } + // (lib.optionalAttrs (service == "prowlarr") ( + cfg + |> lib'.filterAttrs (s: _: lib'.elem s ["radarr" "sonarr" "lidarr" "whisparr"]) + |> lib'.mapAttrsToList (s: {port, ...}: { + "prowlarr_application_${s}"."main" = let + p = cfg.prowlarr.port or config'.services.prowlarr.settings.server.port or 9696; + in { + name = s; + sync_level = "addOnly"; + base_url = "http://localhost:${toString port}"; + prowlarr_url = "http://localhost:${toString p}"; + api_key = lib.tfRef "var.${s}_api_key"; + # sync_categories = [3000 3010 3030]; + }; + }) + |> lib'.concat [ + { + "prowlarr_indexer" = { + "nyaa" = { + enable = true; + + app_profile_id = 1; + priority = 1; + + name = "Nyaa"; + implementation = "nyaa"; + config_contract = "nyaa_settings"; + protocol = "torrent"; + + fields = [ + { + name = "targetType"; + value = ""; + } + ]; + }; + + "nzbgeek" = { + enable = true; + + app_profile_id = 2; + priority = 1; + + name = "NZBgeek"; + implementation = "nzbgeek"; + config_contract = "nzbgeek_settings"; + protocol = "torrent"; + + fields = [ + ]; + }; + + # "nzbgeek" = { + # enable = true; + + # app_profile_id = 1; + # name = "NZBgeek"; + # implementation = "nzbgeek"; + # config_contract = "nzbgeek_settings"; + # protocol = "torrent"; + + # fields = [ + # # { + # # name = ""; + # # value = ""; + # # } + # ]; + # }; + }; + } + ] + |> lib'.mkMerge + )); }; }) ]; @@ -242,7 +342,7 @@ in { then "plan" else "apply -auto-approve" } \ - -var-file='${config.sops.templates."${service}/config.tfvars".path}' + -var-file='${config.sops.templates."servarr/config.tfvars".path}' ''; serviceConfig = { @@ -295,26 +395,34 @@ in { ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}" ''; }; - - "${service}/config.tfvars" = { - owner = service; - group = "media"; - restartUnits = ["${service}.service"]; - content = '' - api_key = "${config.sops.placeholder."${service}/apikey"}" - ''; - }; }; })) |> lib.concat [ { secrets = { + "qbittorrent/password" = {}; "sabnzbd/apikey" = {}; "sabnzbd/sunnyweb/username" = {}; "sabnzbd/sunnyweb/password" = {}; }; templates = { + "servarr/config.tfvars" = { + owner = "media"; + group = "media"; + mode = "0440"; + restartUnits = cfg |> lib.attrNames |> lib.map (s: "${s}.service"); + content = '' + ${ + cfg + |> lib.attrNames + |> lib.map (s: "${s}_api_key = \"${config.sops.placeholder."${s}/apikey"}\"") + |> lib.join "\n" + } + qbittorrent_api_key = "${config.sops.placeholder."qbittorrent/password"}" + sabnzbd_api_key = "${config.sops.placeholder."sabnzbd/apikey"}" + ''; + }; "sabnzbd/config.ini" = { owner = "sabnzbd"; group = "media"; diff --git a/modules/nixos/services/media/servarr/lib.nix b/modules/nixos/services/media/servarr/lib.nix new file mode 100644 index 0000000..8ee412b --- /dev/null +++ b/modules/nixos/services/media/servarr/lib.nix @@ -0,0 +1,2 @@ +{lib, ...}: { +} diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix index a2c478f..84b180b 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/systems/x86_64-linux/manwe/default.nix @@ -24,6 +24,7 @@ application = { steam.enable = true; + zen.enable = true; }; editor = { diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index e661dd8..4203859 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -38,6 +38,31 @@ ''; }; + # virtualisation = { + # containers.enable = true; + # podman = { + # enable = true; + # dockerCompat = true; + # }; + + # oci-containers = { + # backend = "podman"; + # containers = { + # homey = { + # image = "ghcr.io/athombv/homey-shs:latest"; + # autoStart = true; + # privileged = true; + # volumes = [ + # "/home/chris/.homey-shs:/homey/user" + # ]; + # ports = [ + # "4859:4859" + # ]; + # }; + # }; + # }; + # }; + sneeuwvlok = { services = { backup.borg.enable = true; @@ -170,6 +195,7 @@ media.glance.enable = true; media.mydia.enable = true; media.nfs.enable = true; + media.jellyfin.enable = true; media.servarr = { radarr = { enable = true; @@ -199,7 +225,7 @@ prowlarr = { enable = true; - debug = true; + # debug = true; port = 2004; }; }; From 36f2f501fc46a667edda189aebef849bc270d429 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 31 Dec 2025 01:04:03 +0100 Subject: [PATCH 37/43] . --- systems/x86_64-linux/manwe/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix index 84b180b..8cf5cc1 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/systems/x86_64-linux/manwe/default.nix @@ -24,7 +24,7 @@ application = { steam.enable = true; - zen.enable = true; + # zen.enable = true; }; editor = { From 18b8e43a7596fd9486831690de83704fbbca0282 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 31 Dec 2025 01:10:31 +0100 Subject: [PATCH 38/43] aaaargh --- systems/x86_64-linux/manwe/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix index 8cf5cc1..2270640 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/systems/x86_64-linux/manwe/default.nix @@ -20,7 +20,7 @@ animated = true; }; - desktop.use = "cosmic"; + desktop.use = "plasma"; application = { steam.enable = true; From b42f182de40821e7231fddca4e5c956531fc89ef Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 31 Dec 2025 01:46:41 +0100 Subject: [PATCH 39/43] chore: update dependencies --- flake.lock | 132 +++++++++++++++++++++++------------------------------ 1 file changed, 57 insertions(+), 75 deletions(-) diff --git a/flake.lock b/flake.lock index 004e726..9498a01 100644 --- a/flake.lock +++ b/flake.lock @@ -149,11 +149,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1765983453, - "narHash": "sha256-cH32B1gu+/AQA8arQScPStZhmT73jDnrzSejuNR//F0=", + "lastModified": 1761426037, + "narHash": "sha256-bP3CG+N8nmK7zyg6EN96RaLrB3ZZ6q6tMaTsVuwidcA=", "owner": "emmanuelrosa", "repo": "erosanix", - "rev": "b742cf8ae93417efb2c1bbcc70146a664126d8be", + "rev": "61c63c75dd712afd2a7ba84225a25fef801b5718", "type": "github" }, "original": { @@ -170,11 +170,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1765435813, - "narHash": "sha256-C6tT7K1Lx6VsYw1BY5S3OavtapUvEnDQtmQB5DSgbCc=", + "lastModified": 1761547629, + "narHash": "sha256-4OH1CVm2PdjKRqEJ3RLfkQMDSBdn7VId6iyYCwKOK+U=", "owner": "nix-community", "repo": "fenix", - "rev": "6399553b7a300c77e7f07342904eb696a5b6bf9d", + "rev": "d82a7c64ea441e397914577c9a18f2867e5b364b", "type": "github" }, "original": { @@ -190,11 +190,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1766067704, - "narHash": "sha256-k8JGGuFfml1qsMI5AW1f1+2+6S3YAHkw+AHXACkZ+l8=", + "lastModified": 1761589789, + "narHash": "sha256-rIV3APsvwxQbqxJgrJxeHpuXYxg/J1IQ/U0+dBb++VE=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "59d2f3f13afbf4fc88431316c0eef124f1e6e822", + "rev": "0694df33c2367366cb047d5686b2b01bb1de63ab", "type": "github" }, "original": { @@ -574,11 +574,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1765998060, - "narHash": "sha256-RGluSceSmt/1wZVwnkrLGc+oImO94o723fNPTEJm25w=", + "lastModified": 1761593571, + "narHash": "sha256-rdrHiUJ870eUYhgH8e1QgSkdtkBW+4RWQNukxO7R9J0=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "3ba7e3c89968d1a8f70c14550df58bdd997b998d", + "rev": "1992b35b7d6c188db5323166eaa26c36e6588c66", "type": "github" }, "original": { @@ -594,11 +594,11 @@ ] }, "locked": { - "lastModified": 1765980955, - "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=", + "lastModified": 1761584077, + "narHash": "sha256-dISPEZahlfs5K6d58zR4akRRyogfE9P4WSyPPNT7HiE=", "owner": "nix-community", "repo": "home-manager", - "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173", + "rev": "e82585308aef3d4cc2c36c7b6946051c8cdf24ef", "type": "github" }, "original": { @@ -636,11 +636,11 @@ ] }, "locked": { - "lastModified": 1766067735, - "narHash": "sha256-cRC/rOYRtZNzc5y9nTccozyo/mkI4/1eFE33Aqgs+SQ=", + "lastModified": 1761376732, + "narHash": "sha256-wavx9gROyuRZKSvPCCBh78gOur7o88ndRi545njNRrM=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "34a16089be30f77ac9444907ec97c02b4b711896", + "rev": "8bef482d65425d0cff6b20c11a5f054f85569a38", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1766023574, - "narHash": "sha256-vx7KhTqR/UBnBUXAei3DKXJ4Nq3p7yLw+kZ03/inm8I=", + "lastModified": 1761530861, + "narHash": "sha256-VMhre9pdUAT6TDo0KV1kOjtZywCEoBowKRYSaa7KHP0=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "5e0cae13ca72d3e4ef0f101b01725e25441c4ebd", + "rev": "c90769ae2c7d46fdadcdb81e09a97137b3b87891", "type": "github" }, "original": { @@ -870,11 +870,11 @@ ] }, "locked": { - "lastModified": 1765841014, - "narHash": "sha256-55V0AJ36V5Egh4kMhWtDh117eE3GOjwq5LhwxDn9eHg=", + "lastModified": 1761563673, + "narHash": "sha256-d+1TpVAmRjcNBfjZsh2yQSdwUfN7Xgz1blJ185g73+A=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "be4af8042e7a61fa12fda58fe9a3b3babdefe17b", + "rev": "a518cf710e5ebb935518dc7ac98e07e7ee5014c3", "type": "github" }, "original": { @@ -948,11 +948,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1766035038, - "narHash": "sha256-tJ8RIG8JiMV9NGYWegYw1bEO/Ja09mH1y7RhuviEN78=", + "lastModified": 1761544814, + "narHash": "sha256-t5f0A+2MtSWTfA6hzMNiotpIMGLlSQF2JnK9m6nkzIY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "da5cc354cf31d8514d763c39f5a685da3fe1eb3e", + "rev": "e5aa45ed6c45058ec109658b2b7352a9a062cdf3", "type": "github" }, "original": { @@ -980,11 +980,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1766068349, - "narHash": "sha256-pb4NHaLbyEo5C+h1XfQAkdI/ceKrKO1YvUEZGLrdIMo=", + "lastModified": 1761595987, + "narHash": "sha256-rIUh2oI9qfBmusxTlsqhfAdDU6IAl8OcDAu5OXNyeLc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe17732c30a65edbd3f101db6aa6f76a38e21ac2", + "rev": "ca1d8cb9a4bd42196e73f341d66d0805bce8b1c8", "type": "github" }, "original": { @@ -1028,11 +1028,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1765779637, - "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { @@ -1044,11 +1044,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1760596604, + "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", "type": "github" }, "original": { @@ -1109,11 +1109,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1765894398, - "narHash": "sha256-vZmKngMAaZ38mUjWeXavagrCE5f4h4s9yIShf2q75I4=", + "lastModified": 1761486540, + "narHash": "sha256-O0VNqERaZ1H+4P3XwHNd8wVCqUcGtMPJT1z4cJodRFc=", "owner": "notashelf", "repo": "nvf", - "rev": "cd81bbb904571b538397d72a29e4c84b98480ee1", + "rev": "4b904de36157035fa3dddf0312a4242e5d0d9bd0", "type": "github" }, "original": { @@ -1132,11 +1132,11 @@ ] }, "locked": { - "lastModified": 1763909441, - "narHash": "sha256-56LwV51TX/FhgX+5LCG6akQ5KrOWuKgcJa+eUsRMxsc=", + "lastModified": 1761078382, + "narHash": "sha256-JNJesbe9MMN1Brq41BHEpuH+Z+Zg74y/nI5AFZX84Vw=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "b24ed4b272256dfc1cc2291f89a9821d5f9e14b4", + "rev": "27dfa61b64d0cdb8e4ba6f3aaa4d4e067d64cb5c", "type": "github" }, "original": { @@ -1174,11 +1174,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1765400135, - "narHash": "sha256-D3+4hfNwUhG0fdCpDhOASLwEQ1jKuHi4mV72up4kLQM=", + "lastModified": 1761500479, + "narHash": "sha256-syeBTCCU96qPJHcVpwHeCwmPCiLTDHHgYQYhpZ0iwLo=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "fface27171988b3d605ef45cf986c25533116f7e", + "rev": "049767e6faa84b2d1a951d8f227e6ebd99d728a2", "type": "github" }, "original": { @@ -1196,11 +1196,11 @@ ] }, "locked": { - "lastModified": 1759977258, - "narHash": "sha256-hOxEFSEBoqDmJb7BGX1CzT1gvUPK6r+Qs+n3IxBgfTs=", + "lastModified": 1761532837, + "narHash": "sha256-78mCSQgC/a6/0vWYrvE/g9E3gGsJLyBBGtmHe3ZOLG4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "1d0c6173f57d07db7957b50e799240d4f2d7520f", + "rev": "4f5f89f1cfd8553b1285a4a0879ea1b2b05ad286", "type": "github" }, "original": { @@ -1239,29 +1239,11 @@ ] }, "locked": { - "lastModified": 1765836173, - "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", + "lastModified": 1760998189, + "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "sops-nix_2": { - "inputs": { - "nixpkgs": "nixpkgs_10" - }, - "locked": { - "lastModified": 1765836173, - "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", + "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", "type": "github" }, "original": { @@ -1289,11 +1271,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1765897595, - "narHash": "sha256-NgTRxiEC5y96zrhdBygnY+mSzk5FWMML39PcRGVJmxg=", + "lastModified": 1761028816, + "narHash": "sha256-s1XiIeJHpODVWfzsPaK9e21iz1dQSCU3H4/1OxOsyps=", "owner": "nix-community", "repo": "stylix", - "rev": "e6829552d4bb659ebab00f08c61d8c62754763f3", + "rev": "b81dc0a385443099e7d231fe6275189e32c3b760", "type": "github" }, "original": { @@ -1554,11 +1536,11 @@ ] }, "locked": { - "lastModified": 1766032508, - "narHash": "sha256-7MHR94mOoa5/s4NBrpsXWaNNzrZyRC0OwRwEobp1wzI=", + "lastModified": 1761535208, + "narHash": "sha256-E1PobJMiFmVUX2YdqYk/MpKb0LXavOYvlg8DCBBzlHc=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "a7f58a9e3481804915d75a9c86527bca6d9dafb3", + "rev": "79a94872a3e6993a051c4e22a2dcb02c1d088acf", "type": "github" }, "original": { From e731b476b1ca2928d6b74a7962c96bf59c102763 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 31 Dec 2025 01:19:31 +0100 Subject: [PATCH 40/43] revert --- systems/x86_64-linux/manwe/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix index 2270640..8cf5cc1 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/systems/x86_64-linux/manwe/default.nix @@ -20,7 +20,7 @@ animated = true; }; - desktop.use = "plasma"; + desktop.use = "cosmic"; application = { steam.enable = true; From 168977538edbe1f30f3253dd9c1b805bdedc4229 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 31 Dec 2025 01:47:37 +0100 Subject: [PATCH 41/43] revert --- systems/x86_64-linux/manwe/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix index 8cf5cc1..a2c478f 100644 --- a/systems/x86_64-linux/manwe/default.nix +++ b/systems/x86_64-linux/manwe/default.nix @@ -24,7 +24,6 @@ application = { steam.enable = true; - # zen.enable = true; }; editor = { From 6fb898e01c1ede8c2b42ca97252aec06fa638e7b Mon Sep 17 00:00:00 2001 From: chris Date: Wed, 31 Dec 2025 01:36:28 +0000 Subject: [PATCH 42/43] chore: update dependencies --- flake.lock | 235 +++++++++++++++++++++++++++-------------------------- 1 file changed, 120 insertions(+), 115 deletions(-) diff --git a/flake.lock b/flake.lock index 9498a01..0aebd9e 100644 --- a/flake.lock +++ b/flake.lock @@ -84,11 +84,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1766058975, - "narHash": "sha256-HBnRRq9wLq7UfJxMM55wR10lZFK1F0lNyRgUwwOby6s=", - "rev": "9032d11a0e31641808ef1427150aac0f40e2e0b9", + "lastModified": 1767139704, + "narHash": "sha256-ftRAe4dLMx+D3ArFtEJqoTsV0Y1vegFKx4YZb1/v7dU=", + "rev": "7fa4abb7b016c3a7ae3f346784fac0298a9b14fb", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/9032d11a0e31641808ef1427150aac0f40e2e0b9.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/7fa4abb7b016c3a7ae3f346784fac0298a9b14fb.tar.gz" }, "original": { "type": "tarball", @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1765768061, - "narHash": "sha256-RZ/ocDUJ3WPr2KcDc2MB6Fu+ZPqzwsMKQ16XxqrPi+o=", - "rev": "53351f9953ecf9dbe18795b4784abe53b14e6eee", + "lastModified": 1766977667, + "narHash": "sha256-LUALgG4ZpsA0k7pGYzMDto/r6T8aIPlYTok3lGlojjA=", + "rev": "3f852546b5d8bd2e9659a81c6b2cc14922e63a94", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/53351f9953ecf9dbe18795b4784abe53b14e6eee.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/3f852546b5d8bd2e9659a81c6b2cc14922e63a94.tar.gz" }, "original": { "type": "tarball", @@ -130,11 +130,11 @@ ] }, "locked": { - "lastModified": 1765794845, - "narHash": "sha256-YD5QWlGnusNbZCqR3pxG8tRxx9yUXayLZfAJRWspq2s=", + "lastModified": 1766150702, + "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "owner": "nix-community", "repo": "disko", - "rev": "7194cfe5b7a3660726b0fe7296070eaef601cae9", + "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "type": "github" }, "original": { @@ -149,11 +149,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1761426037, - "narHash": "sha256-bP3CG+N8nmK7zyg6EN96RaLrB3ZZ6q6tMaTsVuwidcA=", + "lastModified": 1766957541, + "narHash": "sha256-5uwnfwFgK5UMwgC0eaLIGGNuQpWOEywUiexEnbqeOAs=", "owner": "emmanuelrosa", "repo": "erosanix", - "rev": "61c63c75dd712afd2a7ba84225a25fef801b5718", + "rev": "8c7d54b7d8879c14dfa914ece38815bf9c248f8b", "type": "github" }, "original": { @@ -170,11 +170,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1761547629, - "narHash": "sha256-4OH1CVm2PdjKRqEJ3RLfkQMDSBdn7VId6iyYCwKOK+U=", + "lastModified": 1767077117, + "narHash": "sha256-tmVJMQC4aNUCME3ofKP2wWEBizabxwFZfLpZSi0S/4Q=", "owner": "nix-community", "repo": "fenix", - "rev": "d82a7c64ea441e397914577c9a18f2867e5b364b", + "rev": "f69c299a340f95776ddcfecfc0b1f6183c0c298e", "type": "github" }, "original": { @@ -190,11 +190,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761589789, - "narHash": "sha256-rIV3APsvwxQbqxJgrJxeHpuXYxg/J1IQ/U0+dBb++VE=", + "lastModified": 1767133124, + "narHash": "sha256-CQPz7FIUZsIX+6uJFBWMvm3VlwjRDunwgXYghHa/o+0=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "0694df33c2367366cb047d5686b2b01bb1de63ab", + "rev": "a99b92ac7003944b11e5a3ee0a6db65383d9ed58", "type": "github" }, "original": { @@ -574,11 +574,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1761593571, - "narHash": "sha256-rdrHiUJ870eUYhgH8e1QgSkdtkBW+4RWQNukxO7R9J0=", + "lastModified": 1766174774, + "narHash": "sha256-kLeXugTZLamNMh8oPg/nnkLQGH9XXgncTbx/0R7X+w4=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "1992b35b7d6c188db5323166eaa26c36e6588c66", + "rev": "fc297543cef873c5c4f4a8a8f0aa7d745361e63a", "type": "github" }, "original": { @@ -594,11 +594,11 @@ ] }, "locked": { - "lastModified": 1761584077, - "narHash": "sha256-dISPEZahlfs5K6d58zR4akRRyogfE9P4WSyPPNT7HiE=", + "lastModified": 1767104570, + "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=", "owner": "nix-community", "repo": "home-manager", - "rev": "e82585308aef3d4cc2c36c7b6946051c8cdf24ef", + "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf", "type": "github" }, "original": { @@ -636,11 +636,11 @@ ] }, "locked": { - "lastModified": 1761376732, - "narHash": "sha256-wavx9gROyuRZKSvPCCBh78gOur7o88ndRi545njNRrM=", + "lastModified": 1767082077, + "narHash": "sha256-2tL1mRb9uFJThUNfuDm/ehrnPvImL/QDtCxfn71IEz4=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "8bef482d65425d0cff6b20c11a5f054f85569a38", + "rev": "efd4b22e6fdc6d7fb4e186ae333a4b74e03da440", "type": "github" }, "original": { @@ -655,11 +655,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1765716362, - "narHash": "sha256-ZjICTdeEXwhioCJyYeEIrP5UlW6QZvP8rAAquNy+vso=", + "lastModified": 1766926104, + "narHash": "sha256-c5CozmannX3I/ax0Ig9z/QjXRuNY/j3XTOx6KXvMUs4=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "b70d4898e9a4d2ad2d3ff870b9674f371b119fef", + "rev": "f5c5c917b38bd61e13f781daa317d18ddd28f494", "type": "github" }, "original": { @@ -704,7 +704,10 @@ }, "ndg": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": [ + "nvf", + "nixpkgs" + ] }, "locked": { "lastModified": 1765720983, @@ -728,11 +731,11 @@ ] }, "locked": { - "lastModified": 1764161084, - "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", + "lastModified": 1767028240, + "narHash": "sha256-0/fLUqwJ4Z774muguUyn5t8AQ6wyxlNbHexpje+5hRo=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "e95de00a471d07435e0527ff4db092c84998698e", + "rev": "c31afa6e76da9bbc7c9295e39c7de9fca1071ea1", "type": "github" }, "original": { @@ -770,11 +773,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1761530861, - "narHash": "sha256-VMhre9pdUAT6TDo0KV1kOjtZywCEoBowKRYSaa7KHP0=", + "lastModified": 1767060660, + "narHash": "sha256-8sqnhJcmHZ4OzLxmTtblQgpazosuhggeGZ2yeMvWOi0=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "c90769ae2c7d46fdadcdb81e09a97137b3b87891", + "rev": "1d3efec981bcb162a7921b29502ad369056295cb", "type": "github" }, "original": { @@ -828,11 +831,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1765442039, - "narHash": "sha256-k3lYQ+A1F7aTz8HnlU++bd9t/x/NP2A4v9+x6opcVg0=", + "lastModified": 1766558141, + "narHash": "sha256-Ud9v49ZPsoDBFuyJSQ2Mpw1ZgAH/aMwUwwzrVoetNus=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "9dd775ee92de63f14edd021d59416e18ac2c00f1", + "rev": "e796d536e3d83de74267069e179dc620a608ed7d", "type": "github" }, "original": { @@ -870,11 +873,11 @@ ] }, "locked": { - "lastModified": 1761563673, - "narHash": "sha256-d+1TpVAmRjcNBfjZsh2yQSdwUfN7Xgz1blJ185g73+A=", + "lastModified": 1765841014, + "narHash": "sha256-55V0AJ36V5Egh4kMhWtDh117eE3GOjwq5LhwxDn9eHg=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "a518cf710e5ebb935518dc7ac98e07e7ee5014c3", + "rev": "be4af8042e7a61fa12fda58fe9a3b3babdefe17b", "type": "github" }, "original": { @@ -901,11 +904,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1766884708, + "narHash": "sha256-x8nyRwtD0HMeYtX60xuIuZJbwwoI7/UKAdCiATnQNz0=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "15177f81ad356040b4460a676838154cbf7f6213", "type": "github" }, "original": { @@ -915,22 +918,6 @@ } }, "nixpkgs_10": { - "locked": { - "lastModified": 1765457389, - "narHash": "sha256-ddhDtNYvleZeYF7g7TRFSmuQuZh7HCgqstg5YBGwo5s=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f997fa0f94fb1ce55bccb97f60d41412ae8fde4c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1764517877, "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", @@ -948,11 +935,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761544814, - "narHash": "sha256-t5f0A+2MtSWTfA6hzMNiotpIMGLlSQF2JnK9m6nkzIY=", + "lastModified": 1767116409, + "narHash": "sha256-5vKw92l1GyTnjoLzEagJy5V5mDFck72LiQWZSOnSicw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e5aa45ed6c45058ec109658b2b7352a9a062cdf3", + "rev": "cad22e7d996aea55ecab064e84834289143e44a0", "type": "github" }, "original": { @@ -980,11 +967,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1761595987, - "narHash": "sha256-rIUh2oI9qfBmusxTlsqhfAdDU6IAl8OcDAu5OXNyeLc=", + "lastModified": 1767143992, + "narHash": "sha256-c3jlq36uxltxGLuQ3KPYfxZkue/LLD0Ct3NdhBUsRyo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ca1d8cb9a4bd42196e73f341d66d0805bce8b1c8", + "rev": "5830d8dfe6ae79365987d78bda3dd4152c271d8b", "type": "github" }, "original": { @@ -1028,11 +1015,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1766902085, + "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", "type": "github" }, "original": { @@ -1043,22 +1030,6 @@ } }, "nixpkgs_8": { - "locked": { - "lastModified": 1760596604, - "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_9": { "locked": { "lastModified": 1764081664, "narHash": "sha256-sUoHmPr/EwXzRMpv1u/kH+dXuvJEyyF2Q7muE+t0EU4=", @@ -1074,6 +1045,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1766840161, + "narHash": "sha256-Ss/LHpJJsng8vz1Pe33RSGIWUOcqM1fjrehjUkdrWio=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3edc4a30ed3903fdf6f90c837f961fa6b49582d1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -1105,15 +1092,15 @@ "flake-parts": "flake-parts_3", "mnw": "mnw", "ndg": "ndg", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_8", "systems": "systems_5" }, "locked": { - "lastModified": 1761486540, - "narHash": "sha256-O0VNqERaZ1H+4P3XwHNd8wVCqUcGtMPJT1z4cJodRFc=", + "lastModified": 1767123832, + "narHash": "sha256-WI+DaMQLJ/QVUKCNk1gvo8y0Rw6C4uDx8BW1mRVVOMU=", "owner": "notashelf", "repo": "nvf", - "rev": "4b904de36157035fa3dddf0312a4242e5d0d9bd0", + "rev": "0390abd6736ff34a016afc66366d1f46372f28de", "type": "github" }, "original": { @@ -1132,11 +1119,11 @@ ] }, "locked": { - "lastModified": 1761078382, - "narHash": "sha256-JNJesbe9MMN1Brq41BHEpuH+Z+Zg74y/nI5AFZX84Vw=", + "lastModified": 1763909441, + "narHash": "sha256-56LwV51TX/FhgX+5LCG6akQ5KrOWuKgcJa+eUsRMxsc=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "27dfa61b64d0cdb8e4ba6f3aaa4d4e067d64cb5c", + "rev": "b24ed4b272256dfc1cc2291f89a9821d5f9e14b4", "type": "github" }, "original": { @@ -1174,11 +1161,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1761500479, - "narHash": "sha256-syeBTCCU96qPJHcVpwHeCwmPCiLTDHHgYQYhpZ0iwLo=", + "lastModified": 1767028829, + "narHash": "sha256-RZ5+NUYTkAZ0rtbR3xBxs3VX0yi0IgYfjL06NBbXipk=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "049767e6faa84b2d1a951d8f227e6ebd99d728a2", + "rev": "d7117056a36c0f42a4deea1ac4a8e297db11cbb8", "type": "github" }, "original": { @@ -1196,11 +1183,11 @@ ] }, "locked": { - "lastModified": 1761532837, - "narHash": "sha256-78mCSQgC/a6/0vWYrvE/g9E3gGsJLyBBGtmHe3ZOLG4=", + "lastModified": 1759977258, + "narHash": "sha256-hOxEFSEBoqDmJb7BGX1CzT1gvUPK6r+Qs+n3IxBgfTs=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "4f5f89f1cfd8553b1285a4a0879ea1b2b05ad286", + "rev": "1d0c6173f57d07db7957b50e799240d4f2d7520f", "type": "github" }, "original": { @@ -1239,11 +1226,29 @@ ] }, "locked": { - "lastModified": 1760998189, - "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", + "lastModified": 1766894905, + "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", + "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "sops-nix_2": { + "inputs": { + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "lastModified": 1766894905, + "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", "type": "github" }, "original": { @@ -1261,7 +1266,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_4", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_10", "nur": "nur", "systems": "systems_7", "tinted-foot": "tinted-foot", @@ -1271,11 +1276,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1761028816, - "narHash": "sha256-s1XiIeJHpODVWfzsPaK9e21iz1dQSCU3H4/1OxOsyps=", + "lastModified": 1766603026, + "narHash": "sha256-J2DDdRqSU4w9NNgkMfmMeaLIof5PXtS9RG7y6ckDvQE=", "owner": "nix-community", "repo": "stylix", - "rev": "b81dc0a385443099e7d231fe6275189e32c3b760", + "rev": "551df12ee3ebac52c5712058bd97fd9faa4c3430", "type": "github" }, "original": { @@ -1515,11 +1520,11 @@ ] }, "locked": { - "lastModified": 1766000401, - "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=", + "lastModified": 1767122417, + "narHash": "sha256-yOt/FTB7oSEKQH9EZMFMeuldK1HGpQs2eAzdS9hNS/o=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd", + "rev": "dec15f37015ac2e774c84d0952d57fcdf169b54d", "type": "github" }, "original": { @@ -1536,11 +1541,11 @@ ] }, "locked": { - "lastModified": 1761535208, - "narHash": "sha256-E1PobJMiFmVUX2YdqYk/MpKb0LXavOYvlg8DCBBzlHc=", + "lastModified": 1767119591, + "narHash": "sha256-4LqJZvu+8i0cTtwz+N3nfIvVf6Ra4xIGw0UxOOHVKAc=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "79a94872a3e6993a051c4e22a2dcb02c1d088acf", + "rev": "379639ecac155c03975cd6608a146bb1dc168cf9", "type": "github" }, "original": { From baa67ad6cd2ea3f6af4911491ad23f1fd5bd3443 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 31 Dec 2025 02:40:44 +0100 Subject: [PATCH 43/43] . --- modules/nixos/application/steam/default.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/nixos/application/steam/default.nix b/modules/nixos/application/steam/default.nix index 735aa80..5b08d31 100644 --- a/modules/nixos/application/steam/default.nix +++ b/modules/nixos/application/steam/default.nix @@ -25,18 +25,18 @@ in { }; }; - gamescopeSession = { - enable = true; - args = ["--immediate-flips"]; - }; + # gamescopeSession = { + # enable = true; + # args = ["--immediate-flips"]; + # }; }; # https://github.com/FeralInteractive/gamemode - gamemode = { - enable = true; - enableRenice = true; - settings = {}; - }; + # gamemode = { + # enable = true; + # enableRenice = true; + # settings = {}; + # }; # gamescope = { # enable = true;