chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: chris:d9dff63ceaa5c93ecf4e6e27d2618aaa4e81c02a
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere
..
compare: chris:b739cd41900b398e927310fa3cc7709a6ecfa04f
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere

No commits in common. "d9dff63ceaa5c93ecf4e6e27d2618aaa4e81c02a" and "b739cd41900b398e927310fa3cc7709a6ecfa04f" have entirely different histories.
d9dff63cea ... b739cd4190

5 changed files with 75 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -555,11 +555,7 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
wants = [ "zitadel.service" ]; wants = [ "zitadel.service" ];
script = script = ''
let
tofu = lib.getExe pkgs.opentofu;
in
''
#!/usr/bin/env bash #!/usr/bin/env bash
if [ "$(systemctl is-active zitadel)" != "active" ]; then if [ "$(systemctl is-active zitadel)" != "active" ]; then
@ -574,11 +570,11 @@ in
cp -f ${terraformConfiguration} config.tf.json cp -f ${terraformConfiguration} config.tf.json
# Initialize OpenTofu # Initialize OpenTofu
${tofu} init ${lib.getExe pkgs.opentofu} init
# Run the infrastructure code # Run the infrastructure code
${tofu} plan -refresh=false -out=tfplan # ${lib.getExe pkgs.opentofu} plan
${tofu} apply -auto-approve tfplan ${lib.getExe pkgs.opentofu} apply -auto-approve
''; '';
serviceConfig = { serviceConfig = {

1
modules/nixos/services/media/mydia/default.nix
View file

@ -24,7 +24,6 @@ in {
package = inputs.mydia.packages.${system}.default; package = inputs.mydia.packages.${system}.default;
port = 2010; port = 2010;
listenAddress = "0.0.0.0";
openFirewall = true; openFirewall = true;
secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path; secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path;

51
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -1,10 +1,5 @@
{ { pkgs, config, lib, namespace, ... }:
pkgs, let
config,
lib,
namespace,
...
}: let
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep; inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep;
@ -17,15 +12,14 @@
}; };
file = mkOption { file = mkOption {
type = types.path; type = types.str;
description = '' description = '''';
Path to sqlite database file.
'';
}; };
}; };
}); });
databaseProviderPostgresql = types.submodule ({...}: let databaseProviderPostgresql = types.submodule ({ ... }:
let
urlOptions = lib.${namespace}.options.mkUrlOptions { urlOptions = lib.${namespace}.options.mkUrlOptions {
host = { host = {
description = '' description = ''
@ -46,9 +40,9 @@
example = "postgres"; example = "postgres";
}; };
}; };
in { in
options =
{ {
options = {
type = mkOption { type = mkOption {
type = types.enum [ "postgresql" ]; type = types.enum [ "postgresql" ];
}; };
@ -72,10 +66,10 @@
[Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS)
''; '';
}; };
} } // (urlOptions |> getAttrs [ "protocol" "host" "port" ]);
// (urlOptions |> getAttrs ["protocol" "host" "port"]);
}); });
in { in
{
options.${namespace}.services.security.vaultwarden = { options.${namespace}.services.security.vaultwarden = {
enable = mkEnableOption "enable vaultwarden"; enable = mkEnableOption "enable vaultwarden";
@ -189,15 +183,15 @@ in {
owner = config.users.users.vaultwarden.name; owner = config.users.users.vaultwarden.name;
group = config.users.groups.vaultwarden.name; group = config.users.groups.vaultwarden.name;
}; };
temp-db-output.content = let temp-db-output.content =
let
config = config =
cfg.database cfg.database
|> ( |> ({ type, ... }@db:
{type, ...} @ db: if type == "sqlite" then
if type == "sqlite" { inherit (db) type file; }
then {inherit (db) type file;} else if type == "postgresql" then
else if type == "postgresql" {
then {
inherit (db) type; inherit (db) type;
url = lib.${namespace}.strings.toUrl { url = lib.${namespace}.strings.toUrl {
inherit (db) protocol host port; inherit (db) protocol host port;
@ -207,10 +201,13 @@ in {
}; };
}; };
} }
else {} else
{}
) )
|> concatMapAttrsStringSep "\n" (n: v: "${toUpper n}=${v}"); |> concatMapAttrsStringSep "\n" (n: v: "${toUpper n}=${v}")
in '' ;
in
''
# GENERATED VALUES # GENERATED VALUES
${config} ${config}
''; '';

3
modules/nixos/shells/default.nix
View file

@ -1,2 +1,5 @@
{...}: { {...}: {
config = {
programs.bash.enableCompletion = true;
};
} }

8
systems/x86_64-linux/ulmo/secrets.yml
View file

@ -20,8 +20,8 @@ lidarr:
prowlarr: prowlarr:
apikey: ENC[AES256_GCM,data:pyZ2WGEs/PlIdhDsQq2TPGJbplkd5fLF0ZkBjITqIJlnAzYHb+rl+KOM4rHqQcI6yAJM8X1Y3ymGrD7vG7GiRxB7yoEG13SKhZIWOddTnxIhbkz81RfrL2fUJIydOaP6sS//9Q==,iv:Tr6MWoC6nC7rdVTOjT1T2itT+lVL4GnUiAr5/+IHAs0=,tag:keIJNuGeVht8+xSN3FnBGA==,type:str] apikey: ENC[AES256_GCM,data:pyZ2WGEs/PlIdhDsQq2TPGJbplkd5fLF0ZkBjITqIJlnAzYHb+rl+KOM4rHqQcI6yAJM8X1Y3ymGrD7vG7GiRxB7yoEG13SKhZIWOddTnxIhbkz81RfrL2fUJIydOaP6sS//9Q==,iv:Tr6MWoC6nC7rdVTOjT1T2itT+lVL4GnUiAr5/+IHAs0=,tag:keIJNuGeVht8+xSN3FnBGA==,type:str]
mydia: mydia:
oidc_id: ENC[AES256_GCM,data:LfYWh9EC0aio3w1Xsj/jtU6z,iv:+dX9KkNtfQMYSX4yr83KyXalWMD/aWby7fC8aL4ZT3I=,tag:CvdbMoMTuC9FohTMIE5pmg==,type:str] oidc_id: ENC[AES256_GCM,data:ymZdkUjbbTuJuGvI5T9d,iv:ccKpjKnzUH+/sGEBnmxnMNU3lY+j8NPUjvj8q4phprs=,tag:11H0Vd28gPajyU+3uAUYUQ==,type:str]
oidc_secret: ENC[AES256_GCM,data:PgI4hmP/3wt9uj+1QvCYcT8Wav0hgCRADouzWM3V695SSfXfbwDgez8tA/tm1/1jymAU2F2sZH8G2hZ1cdHyHQ==,iv:h3o3jsTmnoNE3+mGX12J3ZU0/6PlQNjdndEvaj/czj0=,tag:p3+p4E8fBtR7a8UpM8cUsg==,type:str] oidc_secret: ENC[AES256_GCM,data:N7qdoueB9ayGx0RWdw/w,iv:k09TaKjNShaFWImZ82Fjqvjj4CPVIqVhCPZ7o1DgjX4=,tag:q+HMYN4zd7pFqCX90uaWgQ==,type:str]
secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str] secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str]
guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str] guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str]
sops: sops:
@ -44,7 +44,7 @@ sops:
TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb
Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-01T14:27:13Z" lastmodified: "2025-12-01T09:05:11Z"
mac: ENC[AES256_GCM,data:v8t65zlWw6UuFeFQ5oBNVGjnuewPlZZG7ea8P4cEHXN+JnSAE67HivSCyjhUAFmX/UbksxnSLYdl72swTb9ASv6JaW2FVJsaF+5zmZbuM5pAjZl4MR6Y7+Vc9YqAi+axnSE1s8pRe9U1PYmcbLWaY9kRZdccavfM2bsoAIpJRTk=,iv:EevmWMh6ygEAlf9RE4qZ1KVKm6yDR5dTZeraoFHmdRg=,tag:sCdtEYc9iNjfEvyYyXH8rQ==,type:str] mac: ENC[AES256_GCM,data:6gFet+aW7tlQqy4aSulBTJ+mYpu1OxfK8Wa3noXNNDlFwTEpCWEhdwFDqWZ+sd5opINQoPrHD23BwiXYoJtKPeLd9/kpn//CgHvYcwgGDpPzCMbyDOLutlspyY4pfYrEezm8+yg3r5TkJK3o7U2Q8kkfdQQcfEGIsr9GDRKSplw=,iv:PYclBivPBifGreNWeCCZ74koSb51xBMYeviHf0SaxbA=,tag:Lb+vlcBUgpJE0XfJ/gwDiw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0