chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: chris:e849826de61f2bf2c5ba8bad4412b92c790efd97
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere
..
compare: chris:ccef5caba0e9c199408b93a16bbc9cf4e7bbb56e
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere

2 commits
e849826de6 ... ccef5caba0

Author SHA1 Message Date
Chris Kruining
ccef5caba0
feat: improve justfiles 2025-11-27 11:44:18 +01:00
Chris Kruining
8da8f78ea4
trying some stuff 2025-11-27 11:15:49 +01:00
27 changed files with 880 additions and 1078 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.forgejo/workflows/action.yml
View file

@ -12,4 +12,4 @@ jobs:
steps: steps:
- name: Echo - name: Echo
run: | run: |
nix --version nix --version

4
.gitattributes vendored
View file

@ -1,4 +0,0 @@
* text=auto
core.autocrlf=false
core.eol=lf
core.filemode=false

381
flake.lock generated
View file

@ -38,11 +38,11 @@
"base16-helix": { "base16-helix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1760703920, "lastModified": 1752979451,
"narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-helix", "repo": "base16-helix",
"rev": "d646af9b7d14bff08824538164af99d0c521b185", "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -84,19 +84,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
<<<<<<< HEAD "lastModified": 1763547157,
"lastModified": 1765033957, "narHash": "sha256-lJcMap2uT+x1R8WUUKKQ6ndynysJ/JOkrMThMGz6DP0=",
"narHash": "sha256-yL5IjUOne+h6AodxxqoqwPgRy2HXle6+W4Aa2GVJruk=", "rev": "2cb2134a6ee32d427097077c4fb4c416b52ae988",
"rev": "9985ce76af367e7c9e3022c5b893418059a17491",
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/9985ce76af367e7c9e3022c5b893418059a17491.tar.gz" "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/2cb2134a6ee32d427097077c4fb4c416b52ae988.tar.gz"
=======
"lastModified": 1764220269,
"narHash": "sha256-rSSmhTCjfZLZog3qO6Q5C58pINmDv8EheGUhcojxd6c=",
"rev": "c70c04d09477ceee5820a8da4d9c0d1b50eb6cc6",
"type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/c70c04d09477ceee5820a8da4d9c0d1b50eb6cc6.tar.gz"
>>>>>>> 122a796 (chore: update dependencies)
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@ -138,19 +130,11 @@
] ]
}, },
"locked": { "locked": {
<<<<<<< HEAD "lastModified": 1762276996,
"lastModified": 1764627417, "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
"narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", "rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
=======
"lastModified": 1764110879,
"narHash": "sha256-xanUzIb0tf3kJ+PoOFmXEXV1jM3PjkDT/TQ5DYeNYRc=",
"owner": "nix-community",
"repo": "disko",
"rev": "aecba248f9a7d68c5d1ed15de2d1c8a4c994a3c5",
>>>>>>> 122a796 (chore: update dependencies)
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -165,19 +149,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
<<<<<<< HEAD "lastModified": 1762360792,
"lastModified": 1764775116, "narHash": "sha256-YR7vqk+XEvFUQ/miuBAD3+p+97QUN86ya9Aw0K5feJE=",
"narHash": "sha256-S4fY3fytcqXBuOSbQjEVke2eqK9/e/6Jy3jp0JGM2X4=",
"owner": "emmanuelrosa", "owner": "emmanuelrosa",
"repo": "erosanix", "repo": "erosanix",
"rev": "172661ccc78b1529a294eee5e99ca1616c934f37", "rev": "9075dff5685d3e7269284e53ca496da0beb24596",
=======
"lastModified": 1763851335,
"narHash": "sha256-mmDc9dREBGGZW1iCB3AbMLBzsXrf48hJ+EzJ6g7Tdbk=",
"owner": "emmanuelrosa",
"repo": "erosanix",
"rev": "17407369c38ac2ade3be648666d30f6469908bdb",
>>>>>>> 122a796 (chore: update dependencies)
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -194,19 +170,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
<<<<<<< HEAD "lastModified": 1763534658,
"lastModified": 1764915802, "narHash": "sha256-i/51/Zi/1pM9hZxxSuA3nVPpyqlGoWwJwajyA/loOpo=",
"narHash": "sha256-eHTucU43sRCpvvTt5eey9htcWipS7ZN3B7ts6MiXLxo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "a83a78fd3587d9f3388f0b459ad9c2bbd6d1b6d8", "rev": "69e40ddf45698d0115a62a7a15d8412f35dd4c09",
=======
"lastModified": 1764226020,
"narHash": "sha256-FzUCFwXNjLnnZmVqYj/FjlBhUpat59SExflEaIGT62s=",
"owner": "nix-community",
"repo": "fenix",
"rev": "2d8176c02f7be6d13578d24d5fd5049f1b46a4c5",
>>>>>>> 122a796 (chore: update dependencies)
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -222,19 +190,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
<<<<<<< HEAD "lastModified": 1763504432,
"lastModified": 1765024561, "narHash": "sha256-kpmPI67TdoTxiK7LsmgmkKW3iHoyvZJwZeiJhpwPfmw=",
"narHash": "sha256-xtfg5gNfyiyBTfWwbKgatV1sPeJjEnUczHCaSWi+crY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "flake-firefox-nightly", "repo": "flake-firefox-nightly",
"rev": "e6f559729459a7890f01b258c33c1025800f5dbb", "rev": "49d5d8d42a7650e5353f8467c813839290cb7c9f",
=======
"lastModified": 1764242161,
"narHash": "sha256-Yxeu6Zm85RwER/0z0fv3mX2xaBy38PZKgdAAE57huRU=",
"owner": "nix-community",
"repo": "flake-firefox-nightly",
"rev": "ca10e2ff1ec58b1a3722ccb3c052c57c5e070780",
>>>>>>> 122a796 (chore: update dependencies)
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -246,11 +206,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1764724327, "lastModified": 1758112371,
"narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -346,11 +306,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763759067, "lastModified": 1762980239,
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -360,27 +320,6 @@
} }
}, },
"flake-parts_2": { "flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"mydia",
"nixpkgs"
]
},
"locked": {
"lastModified": 1763759067,
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nvf", "nvf",
@ -401,7 +340,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_4": { "flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"stylix", "stylix",
@ -409,11 +348,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763759067, "lastModified": 1756770412,
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -422,7 +361,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_5": { "flake-parts_4": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"terranix", "terranix",
@ -572,11 +511,11 @@
"flake": false, "flake": false,
"locked": { "locked": {
"host": "gitlab.gnome.org", "host": "gitlab.gnome.org",
"lastModified": 1764524476, "lastModified": 1762869044,
"narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", "narHash": "sha256-nwm/GJ2Syigf7VccLAZ66mFC8mZJFqpJmIxSGKl7+Ds=",
"owner": "GNOME", "owner": "GNOME",
"repo": "gnome-shell", "repo": "gnome-shell",
"rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", "rev": "680e3d195a92203f28d4bf8c6e8bb537cc3ed4ad",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -614,19 +553,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
<<<<<<< HEAD "lastModified": 1763486183,
"lastModified": 1764617621, "narHash": "sha256-10EvBTF9ELezWg+KoKZJ3bxrPzT1Xz95ifurC6HixLY=",
"narHash": "sha256-Eq0TvWs6xhKZs5HXH1hlrNasrHD7AOEdeLkTis//X7w=",
"owner": "himmelblau-idm", "owner": "himmelblau-idm",
"repo": "himmelblau", "repo": "himmelblau",
"rev": "c19494250d8c15e7c75e9301bdc271579a6dc77a", "rev": "fb27f4bee812e4b4df9df9f78bd5280f0aa2193c",
=======
"lastModified": 1764184347,
"narHash": "sha256-xhzCn/rnBDTybHtuFV2IhCgjLMsCVpbzpEL0w//4Na8=",
"owner": "himmelblau-idm",
"repo": "himmelblau",
"rev": "9f0f6e27b6a9acdb12c4807cc1402132b21009f3",
>>>>>>> 122a796 (chore: update dependencies)
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -642,11 +573,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764194569, "lastModified": 1763416652,
"narHash": "sha256-iUM9ktarEzThkayyZrzQ7oycPshAY2XRQqVKz0xX/L0=", "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "9651819d75f6c7ffaf8a9227490ac704f29659f0", "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -684,11 +615,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764236397, "lastModified": 1763453666,
"narHash": "sha256-s/6WrJJryLI6BgphsY8l0s0UmGUg3mgkSFuvvsbN0FM=", "narHash": "sha256-Hu8lDUlbMFvcYX30LBXX7Gq5FbU35bERH0pSX5qHf/Q=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "50026908d1501193afdcccdf7359d1a485074eda", "rev": "b843b551415c7aecc97c8b3ab3fff26fd0cd8bbf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -703,11 +634,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1764506612, "lastModified": 1754828166,
"narHash": "sha256-47a2OvGsq1AfffWQqKAGlB9GjmoVa1yXVyfZP3f3kog=", "narHash": "sha256-i7c+fpXVsnvj2+63Gl3YfU1hVyxbLeqeFj55ZBZACWI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lib-aggregate", "repo": "lib-aggregate",
"rev": "f7208cc4a3200a2573fc566066ef4d3c041bc924", "rev": "f01c8d121a3100230612be96e4ac668e15eafb77",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -731,25 +662,6 @@
"type": "github" "type": "github"
} }
}, },
"mydia": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1764866402,
"narHash": "sha256-0NOWsPks+/vV5ZM9ti71hUPMLy3FzbEIlFI6vxARvuY=",
"owner": "chris-kruining",
"repo": "mydia",
"rev": "458fc9a21c6987d994bc7932efb6c49df25ba806",
"type": "github"
},
"original": {
"owner": "chris-kruining",
"repo": "mydia",
"type": "github"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -758,11 +670,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764161084, "lastModified": 1763136804,
"narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", "narHash": "sha256-6p2ljK42s0S8zS0UU59EsEqupz0GVCaBYRylpUadeBM=",
"owner": "nix-darwin", "owner": "nix-darwin",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "e95de00a471d07435e0527ff4db092c84998698e", "rev": "973db96394513fd90270ea5a1211a82a4a0ba47f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -797,14 +709,14 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1764208886, "lastModified": 1763171892,
"narHash": "sha256-voOx8RsK3miw3EHw05nwuOS4ltzeH8tKJnVr+mxtTPQ=", "narHash": "sha256-6cg9zSiqKA89yJzVtYhBaBptqq6bX4pr4g7WLAHOD4Y=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "7da8a2d675f9cc56b3f6d654b4cccdca5016ac8e", "rev": "316858c27d278b20e776cd4dd8f787812f587ba2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -858,11 +770,11 @@
}, },
"nixos-facter-modules": { "nixos-facter-modules": {
"locked": { "locked": {
"lastModified": 1764252389, "lastModified": 1762264948,
"narHash": "sha256-3bbuneTKZBkYXlm0bE36kUjiDsasoIC1GWBw/UEJ9T4=", "narHash": "sha256-iaRf6n0KPl9hndnIft3blm1YTAyxSREV1oX0MFZ6Tk4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-facter-modules", "repo": "nixos-facter-modules",
"rev": "5ea68886d95218646d11d3551a476d458df00778", "rev": "fa695bff9ec37fd5bbd7ee3181dbeb5f97f53c96",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -879,11 +791,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764234087, "lastModified": 1751903740,
"narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "032a1878682fafe829edfcf5fdfad635a2efe748", "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -900,11 +812,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764072830, "lastModified": 1763537456,
"narHash": "sha256-ezkjlUCohD9o9c47Ey0/I4CamSS0QEORTqGvyGqMud0=", "narHash": "sha256-/WRqcqeE9C+mxxWgI7jy5blMrvg2lHFSlTFjC8pRWos=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-wsl", "repo": "nixos-wsl",
"rev": "c7832dd786175e20f2697179e0e03efadffe4201", "rev": "cd9eb5225fc91eb67629966844d2ff371824abb1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -915,11 +827,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1764255304, "lastModified": 1761828793,
"narHash": "sha256-oQPux8afXmkbb88ceRtz1lgSGqL9auOgdYnBSqpVgSA=", "narHash": "sha256-xjdPwMD4wVuDD85U+3KST62VzFkJueI6oBwIzpzUHLY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6e86c955fc372d12face4a9c0d932a6e0f7bff4d", "rev": "843859a08e114403f44aaf5b996b44c38094aa46",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -931,11 +843,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1764465291, "lastModified": 1754788789,
"narHash": "sha256-jJ/E4B9Hp7U2ZmT3E0tD1LtAfATw/xjVf8sueNyeYmc=", "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "e9537535ae8f4a2f78dbef0aaa0cbb6af4abd047", "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -944,29 +856,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_10": {
"locked": {
"lastModified": 1764517877,
"narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1764201071, "lastModified": 1763469780,
"narHash": "sha256-ACX5IcJTSoZYBPVtgFAOHvo/FZ70n9AmaAhoeIF+O9Y=", "narHash": "sha256-IW67Db/wBNQwJ5e0fF9Yk4SmdivMcecrUVDs7QJoC/s=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8c40e16ba896a3657226780454734265b0534f6a", "rev": "a70b03ca5dc9d46294740f165abdef9f9bea5632",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -994,11 +890,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1764243589, "lastModified": 1763547551,
"narHash": "sha256-JoCEZJaU1Ex0MFG3A2DwTtu+jOCLigyXUAmlZLROBdg=", "narHash": "sha256-YOdXVAqEGmrPUgs71r8ziuu9qqpn3jJEiIxsIls+VQA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "57dcc6d4a389a7b6d1fb4cf20c9435f12b11f98d", "rev": "06aa4d5f488875b6af46e10b45b8000ed0906860",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1009,22 +905,6 @@
} }
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": {
"lastModified": 1764242076,
"narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1748929857, "lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
@ -1040,13 +920,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1763966396, "lastModified": 1763421233,
"narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1056,7 +936,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1761880412, "lastModified": 1761880412,
"narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=",
@ -1072,13 +952,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1763618868, "lastModified": 1763191728,
"narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", "narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", "rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1088,6 +968,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": {
"locked": {
"lastModified": 1762977756,
"narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": [
@ -1100,11 +996,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764773531, "lastModified": 1758998580,
"narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "1d9616689e98beded059ad0384b9951e967a17fa", "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1116,17 +1012,17 @@
"nvf": { "nvf": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_2",
"mnw": "mnw", "mnw": "mnw",
"nixpkgs": "nixpkgs_8", "nixpkgs": "nixpkgs_7",
"systems": "systems_5" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1764904740, "lastModified": 1762622004,
"narHash": "sha256-TzqXUQlESmS5XGJ3tR1/xdoU0vySyp6YUUpmGF5F0kY=", "narHash": "sha256-NpzzgaoMK8aRHnndHWbYNKLcZN0r1y6icCoJvGoBsoE=",
"owner": "notashelf", "owner": "notashelf",
"repo": "nvf", "repo": "nvf",
"rev": "249cabe0c5392c384c82fa9d28d3f49fbeb04266", "rev": "09470524a214ed26633ddc2b6ec0c9bf31a8b909",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1145,11 +1041,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763909441, "lastModified": 1762784320,
"narHash": "sha256-56LwV51TX/FhgX+5LCG6akQ5KrOWuKgcJa+eUsRMxsc=", "narHash": "sha256-odsk96Erywk5hs0dhArF38zb7Oe0q6LZ70gXbxAPKno=",
"owner": "nix-community", "owner": "nix-community",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "b24ed4b272256dfc1cc2291f89a9821d5f9e14b4", "rev": "7911a0f8a44c7e8b29d031be3149ee8943144321",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1169,12 +1065,11 @@
"himmelblau": "himmelblau", "himmelblau": "himmelblau",
"home-manager": "home-manager", "home-manager": "home-manager",
"jovian": "jovian", "jovian": "jovian",
"mydia": "mydia",
"nix-minecraft": "nix-minecraft", "nix-minecraft": "nix-minecraft",
"nixos-boot": "nixos-boot", "nixos-boot": "nixos-boot",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-wsl": "nixos-wsl", "nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_6",
"nvf": "nvf", "nvf": "nvf",
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager",
"snowfall-lib": "snowfall-lib", "snowfall-lib": "snowfall-lib",
@ -1187,11 +1082,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1764175386, "lastModified": 1762860488,
"narHash": "sha256-LfgFqvPz3C80VjaffSjy8lLyRWfbThhB7gE7IWXHjYU=", "narHash": "sha256-rMfWMCOo/pPefM2We0iMBLi2kLBAnYoB9thi4qS7uk4=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "71ddf07c1c75046df3bb496cf824de5c053d99ad", "rev": "2efc80078029894eec0699f62ec8d5c1a56af763",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1252,11 +1147,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764021963, "lastModified": 1763264763,
"narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "narHash": "sha256-N0BEoJIlJ+M6sWZJ8nnfAjGY9VLvM6MXMitRenmhBkY=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "rev": "882e56c8293e44d57d882b800a82f8b2ee7a858f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1267,14 +1162,14 @@
}, },
"sops-nix_2": { "sops-nix_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1764021963, "lastModified": 1763509310,
"narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "narHash": "sha256-s2WzTAD3vJtPACBCZXezNUMTG/wC6SFsU9DxazB9wDI=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "rev": "3ee33c0ed7c5aa61b4e10484d2ebdbdc98afb03e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1290,9 +1185,9 @@
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_3",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_10", "nixpkgs": "nixpkgs_9",
"nur": "nur", "nur": "nur",
"systems": "systems_7", "systems": "systems_7",
"tinted-foot": "tinted-foot", "tinted-foot": "tinted-foot",
@ -1302,11 +1197,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1764191810, "lastModified": 1763497248,
"narHash": "sha256-rofXPD/9TGpHveo1MTlUfpnF0MCG1/uHUB9f0rosdqc=", "narHash": "sha256-OGP6MYc+lVkLVQOTS6ORszDcCnZm7kDOGpFBdDoLd0k=",
"owner": "nix-community", "owner": "nix-community",
"repo": "stylix", "repo": "stylix",
"rev": "70c444a10d0c9ef71a25580dfa79af9cd43f3a5e", "rev": "f19ac46f6aa26188b2020ed40066a5b832be9c53",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1437,7 +1332,7 @@
}, },
"terranix": { "terranix": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_5", "flake-parts": "flake-parts_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -1493,11 +1388,11 @@
"tinted-schemes": { "tinted-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1763914658, "lastModified": 1757716333,
"narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "schemes", "repo": "schemes",
"rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1509,11 +1404,11 @@
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1764465359, "lastModified": 1757811970,
"narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "edf89a780e239263cc691a987721f786ddc4f6aa", "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1525,11 +1420,11 @@
"tinted-zed": { "tinted-zed": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1764464512, "lastModified": 1757811247,
"narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-zed", "repo": "base16-zed",
"rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1567,11 +1462,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764217570, "lastModified": 1763521945,
"narHash": "sha256-vgqUC6lI/gW70uekA0bpNFU6yR0tcZRfLIZcxGfN76g=", "narHash": "sha256-Zcrafbe4niRJMbzaVOwg7+iedJhwBFttre2DpyCC6qA=",
"owner": "0xc000022070", "owner": "0xc000022070",
"repo": "zen-browser-flake", "repo": "zen-browser-flake",
"rev": "3dc281d86044322f9182b20abbc21db8824c130a", "rev": "24d7381b9231c23daceec5d372cc28e877f7785d",
"type": "github" "type": "github"
}, },
"original": { "original": {

76
flake.nix
View file

@ -88,55 +88,49 @@
url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
mydia = {
url = "github:chris-kruining/mydia";
# url = "github:getmydia/mydia";
};
}; };
outputs = inputs: outputs = inputs: inputs.snowfall-lib.mkFlake {
inputs.snowfall-lib.mkFlake { inherit inputs;
inherit inputs; src = ./.;
src = ./.;
snowfall = { snowfall = {
namespace = "sneeuwvlok"; namespace = "sneeuwvlok";
meta = { meta = {
name = "sneeuwvlok"; name = "sneeuwvlok";
title = "Sneeuwvlok"; title = "Sneeuwvlok";
};
}; };
};
channels-config = { channels-config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ permittedInsecurePackages = [
# Due to *arr stack # Due to *arr stack
"dotnet-sdk-6.0.428" "dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36" "aspnetcore-runtime-6.0.36"
# I think this is because of zen # I think this is because of zen
"qtwebengine-5.15.19" "qtwebengine-5.15.19"
# For Nheko, the matrix client # For Nheko, the matrix client
"olm-3.2.16" "olm-3.2.16"
];
};
overlays = with inputs; [
fenix.overlays.default
nix-minecraft.overlay
flux.overlays.default
];
systems.modules = with inputs; [
clan-core.nixosModules.default
];
homes.modules = with inputs; [
stylix.homeModules.stylix
plasma-manager.homeModules.plasma-manager
]; ];
}; };
overlays = with inputs; [
fenix.overlays.default
nix-minecraft.overlay
flux.overlays.default
];
systems.modules = with inputs; [
clan-core.nixosModules.default
];
homes.modules = with inputs; [
stylix.homeModules.stylix
plasma-manager.homeModules.plasma-manager
];
};
} }

9
homes/x86_64-linux/chris@mandos/default.nix
View file

@ -1,11 +1,10 @@
{osConfig, ...}: { { osConfig, ... }:
{
home.stateVersion = osConfig.system.stateVersion; home.stateVersion = osConfig.system.stateVersion;
programs.git = { programs.git = {
settings.user = { userName = "Chris Kruining";
name = "Chris Kruining"; userEmail = "chris@kruining.eu";
email = "chris@kruining.eu";
};
}; };
sneeuwvlok = { sneeuwvlok = {

9
homes/x86_64-linux/chris@manwe/default.nix
View file

@ -1,11 +1,10 @@
{osConfig, ...}: { { osConfig, ... }:
{
home.stateVersion = osConfig.system.stateVersion; home.stateVersion = osConfig.system.stateVersion;
programs.git = { programs.git = {
settings.user = { userName = "Chris Kruining";
name = "Chris Kruining"; userEmail = "chris@kruining.eu";
email = "chris@kruining.eu";
};
}; };
sneeuwvlok = { sneeuwvlok = {

9
homes/x86_64-linux/chris@orome/default.nix
View file

@ -1,11 +1,10 @@
{osConfig, ...}: { { osConfig, ... }:
{
home.stateVersion = osConfig.system.stateVersion; home.stateVersion = osConfig.system.stateVersion;
programs.git = { programs.git = {
settings.user = { userName = "Chris Kruining";
name = "Chris Kruining"; userEmail = "chris@kruining.eu";
email = "chris@kruining.eu";
};
}; };
sneeuwvlok = { sneeuwvlok = {

9
homes/x86_64-linux/chris@tulkas/default.nix
View file

@ -1,11 +1,10 @@
{osConfig, ...}: { { osConfig, ... }:
{
home.stateVersion = osConfig.system.stateVersion; home.stateVersion = osConfig.system.stateVersion;
programs.git = { programs.git = {
settings.user = { userName = "Chris Kruining";
name = "Chris Kruining"; userEmail = "chris@kruining.eu";
email = "chris@kruining.eu";
};
}; };
sneeuwvlok = { sneeuwvlok = {

16
modules/home/application/onlyoffice/default.nix
View file

@ -1,20 +1,16 @@
{ { inputs, config, lib, pkgs, namespace, ... }:
inputs, let
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.onlyoffice; cfg = config.${namespace}.application.onlyoffice;
in { in
{
options.${namespace}.application.onlyoffice = { options.${namespace}.application.onlyoffice = {
enable = mkEnableOption "enable onlyoffice"; enable = mkEnableOption "enable onlyoffice";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [onlyoffice-desktopeditors]; home.packages = with pkgs; [ onlyoffice-bin ];
# fonts.packages = with pkgs; [ corefonts ];
}; };
} }

2
modules/home/application/steam/default.nix
View file

@ -10,7 +10,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ protonup-ng ]; home.packages = with pkgs; [ protonup ];
home.sessionVariables = { home.sessionVariables = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";

2
modules/home/application/teamspeak/default.nix
View file

@ -10,6 +10,6 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ teamspeak3 teamspeak6-client ]; home.packages = with pkgs; [ teamspeak_client ];
}; };
} }

34
modules/home/shell/toolset/git/default.nix
View file

@ -1,14 +1,10 @@
{ { config, lib, pkgs, namespace, ... }:
config, let
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.shell.toolset.git; cfg = config.${namespace}.shell.toolset.git;
in { in
{
options.${namespace}.shell.toolset.git = { options.${namespace}.shell.toolset.git = {
enable = mkEnableOption "version-control system"; enable = mkEnableOption "version-control system";
}; };
@ -16,7 +12,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.sessionVariables.GITHUB_TOKEN = "$(cat /run/agenix/tokenGH)"; home.sessionVariables.GITHUB_TOKEN = "$(cat /run/agenix/tokenGH)";
home.packages = with pkgs; [lazygit lazyjj jujutsu]; home.packages = with pkgs; [ lazygit lazyjj jujutsu ];
programs = { programs = {
zsh.initContent = '' zsh.initContent = ''
@ -33,6 +29,14 @@ in {
git = { git = {
enable = true; enable = true;
package = pkgs.gitFull; package = pkgs.gitFull;
difftastic = {
enable = true;
options = {
background = "dark";
color = "always";
display = "inline";
};
};
ignores = [ ignores = [
# General: # General:
@ -65,7 +69,7 @@ in {
"*.elc" "*.elc"
]; ];
settings = { extraConfig = {
init.defaultBranch = "main"; init.defaultBranch = "main";
core = { core = {
editor = "nvim"; editor = "nvim";
@ -102,16 +106,6 @@ in {
}; };
}; };
}; };
difftastic = {
enable = true;
git.enable = true;
options = {
background = "dark";
color = "always";
display = "inline";
};
};
}; };
}; };
} }

15
modules/nixos/application/steam/default.nix
View file

@ -1,15 +1,10 @@
{ { inputs, config, lib, pkgs, namespace, ... }:
inputs, let
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.steam; cfg = config.${namespace}.application.steam;
in { in
{
options.${namespace}.application.steam = { options.${namespace}.application.steam = {
enable = mkEnableOption "enable steam"; enable = mkEnableOption "enable steam";
}; };
@ -18,7 +13,7 @@ in {
programs = { programs = {
steam = { steam = {
enable = true; enable = true;
package = pkgs.steam.override { package = pkgs.steam-small.override {
extraEnv = { extraEnv = {
DXVK_HUD = "compiler"; DXVK_HUD = "compiler";
MANGOHUD = true; MANGOHUD = true;

15
modules/nixos/services/authentication/himmelblau/default.nix
View file

@ -1,15 +1,10 @@
{ { inputs, lib, config, namespace, ... }: let
inputs,
lib,
config,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.authentication.himmelblau; cfg = config.${namespace}.services.authentication.himmelblau;
in { in
imports = [inputs.himmelblau.nixosModules.himmelblau]; {
imports = [ inputs.himmelblau.nixosModules.himmelblau ];
options.${namespace}.services.authentication.himmelblau = { options.${namespace}.services.authentication.himmelblau = {
enable = mkEnableOption "enable azure entra ID authentication"; enable = mkEnableOption "enable azure entra ID authentication";
@ -19,7 +14,7 @@ in {
services.himmelblau = { services.himmelblau = {
enable = true; enable = true;
settings = { settings = {
domain = ""; domains = [];
pam_allow_groups = []; pam_allow_groups = [];
local_groups = []; local_groups = [];
}; };

154
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -13,7 +13,7 @@ in
organization = mkOption { organization = mkOption {
type = types.attrsOf (types.submodule ({ name, ... }: { type = types.attrsOf (types.submodule ({ name, ... }: {
options = options =
let let
org = name; org = name;
in in
@ -23,11 +23,11 @@ in
default = false; default = false;
example = "true"; example = "true";
description = '' description = ''
True sets the '${org}' org as default org for the instance. Only one org can be default org. True sets the org as default org for the instance. Only one org can be default org.
Nothing happens if you set it to false until you set another org as default org. Nothing happens if you set it to false until you set another org as default org.
''; '';
}; };
project = mkOption { project = mkOption {
default = {}; default = {};
type = types.attrsOf (types.submodule { type = types.attrsOf (types.submodule {
@ -46,7 +46,7 @@ in
default = null; default = null;
example = "enforceProjectResourceOwnerPolicy"; example = "enforceProjectResourceOwnerPolicy";
description = '' description = ''
Defines from where the private labeling should be triggered, Defines from where the private labeling should be triggered,
supported values: supported values:
- unspecified - unspecified
@ -54,7 +54,7 @@ in
- allowLoginUserResourceOwnerPolicy - allowLoginUserResourceOwnerPolicy
''; '';
}; };
projectRoleAssertion = mkOption { projectRoleAssertion = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -63,7 +63,7 @@ in
Describes if roles of user should be added in token. Describes if roles of user should be added in token.
''; '';
}; };
projectRoleCheck = mkOption { projectRoleCheck = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -72,11 +72,11 @@ in
ZITADEL checks if the user has at least one on this project. ZITADEL checks if the user has at least one on this project.
''; '';
}; };
role = mkOption { role = mkOption {
default = {}; default = {};
type = types.attrsOf (types.submodule ({ name, ... }: { type = types.attrsOf (types.submodule ({ name, ... }: {
options = options =
let let
roleName = name; roleName = name;
in in
@ -101,12 +101,12 @@ in
}; };
})); }));
}; };
assign = mkOption { assign = mkOption {
default = {}; default = {};
type = types.attrsOf (types.listOf types.str); type = types.attrsOf (types.listOf types.str);
}; };
application = mkOption { application = mkOption {
default = {}; default = {};
type = types.attrsOf (types.submodule { type = types.attrsOf (types.submodule {
@ -141,8 +141,8 @@ in
''; '';
}; };
exportMap = exportMap =
let let
strOpt = mkOption { type = types.nullOr types.str; default = null; }; strOpt = mkOption { type = types.nullOr types.str; default = null; };
in in
mkOption { mkOption {
@ -164,11 +164,11 @@ in
}; };
}); });
}; };
user = mkOption { user = mkOption {
default = {}; default = {};
type = types.attrsOf (types.submodule ({ name, ... }: { type = types.attrsOf (types.submodule ({ name, ... }: {
options = options =
let let
username = name; username = name;
in in
@ -226,7 +226,7 @@ in
}; };
})); }));
}; };
action = mkOption { action = mkOption {
default = {}; default = {};
type = types.attrsOf (types.submodule ({ name, ... }: { type = types.attrsOf (types.submodule ({ name, ... }: {
@ -263,7 +263,7 @@ in
}; };
})); }));
}; };
triggers = mkOption { triggers = mkOption {
default = []; default = [];
type = types.listOf (types.submodule { type = types.listOf (types.submodule {
@ -321,20 +321,28 @@ in
accessTokenType = mapEnum "OIDC_TOKEN_TYPE" value; accessTokenType = mapEnum "OIDC_TOKEN_TYPE" value;
}."${type}" or value); }."${type}" or value);
toResource = name: value: nameValuePair toResource = name: value: nameValuePair
(toSnakeCase name) (toSnakeCase name)
(lib.mapAttrs' (k: v: nameValuePair (toSnakeCase k) (mapValue k v)) value); (lib.mapAttrs' (k: v: nameValuePair (toSnakeCase k) (mapValue k v)) value);
withRef = type: name: attrs: attrs // (mapRef type name); withRef = type: name: attrs: attrs // (mapRef type name);
select = keys: callback: set: select = keys: callback: set:
if (length keys) == 0 then if (length keys) == 0 then
mapAttrs' callback set mapAttrs' callback set
else let key = head keys; in else let key = head keys; in
concatMapAttrs (k: v: select (drop 1 keys) (callback k) (v.${key} or {})) set concatMapAttrs (k: v: select (drop 1 keys) (callback k) (v.${key} or {})) set
; ;
append = attrList: set: set // (listToAttrs attrList); append = attrList: set: set // (listToAttrs attrList);
forEach = src: key: set:
let
_key = concatMapStringsSep "_" (k: "\${item.${k}}") key;
in
{
forEach = "{ for item in ${src} : \"${_key}\" => item }";
}
// set;
config' = config; config' = config;
@ -344,21 +352,7 @@ in
modules = [ modules = [
({ config, lib, ... }: { ({ config, lib, ... }: {
config = config = {
let
forEach = src: key: set:
let
_key = concatMapStringsSep "_" (k: "\${item.${k}}") key;
in
{
forEach = lib.tfRef ''{
for item in ${src} :
"''${item.org}_''${item.name}" => item
}'';
}
// set;
in
{
terraform.required_providers.zitadel = { terraform.required_providers.zitadel = {
source = "zitadel/zitadel"; source = "zitadel/zitadel";
version = "2.2.0"; version = "2.2.0";
@ -382,18 +376,18 @@ in
} }
] ]) ] ])
"; ";
orgs = cfg.organization |> mapAttrs (org: _: lib.tfRef "resource.zitadel_org.${org}.id"); orgs = cfg.organization |> mapAttrs (org: _: lib.tfRef "resource.zitadel_org.${org}.id");
}; };
resource = { resource = {
# Organizations # Organizations
zitadel_org = cfg.organization |> select [] (name: { isDefault, ... }: zitadel_org = cfg.organization |> select [] (name: { isDefault, ... }:
{ inherit name isDefault; } { inherit name isDefault; }
|> toResource name |> toResource name
); );
# Projects per organization # Projects per organization
zitadel_project = cfg.organization |> select [ "project" ] (org: name: { hasProjectCheck, privateLabelingSetting, projectRoleAssertion, projectRoleCheck, ... }: zitadel_project = cfg.organization |> select [ "project" ] (org: name: { hasProjectCheck, privateLabelingSetting, projectRoleAssertion, projectRoleCheck, ... }:
{ {
inherit name hasProjectCheck privateLabelingSetting projectRoleAssertion projectRoleCheck; inherit name hasProjectCheck privateLabelingSetting projectRoleAssertion projectRoleCheck;
} }
@ -402,7 +396,7 @@ in
); );
# Each OIDC app per project # Each OIDC app per project
zitadel_application_oidc = cfg.organization |> select [ "project" "application" ] (org: project: name: { redirectUris, grantTypes, responseTypes, ...}: zitadel_application_oidc = cfg.organization |> select [ "project" "application" ] (org: project: name: { redirectUris, grantTypes, responseTypes, ...}:
{ {
inherit name redirectUris grantTypes responseTypes; inherit name redirectUris grantTypes responseTypes;
@ -410,41 +404,41 @@ in
idTokenRoleAssertion = true; idTokenRoleAssertion = true;
accessTokenType = "JWT"; accessTokenType = "JWT";
} }
|> withRef "org" org |> withRef "org" org
|> withRef "project" "${org}_${project}" |> withRef "project" "${org}_${project}"
|> toResource "${org}_${project}_${name}" |> toResource "${org}_${project}_${name}"
); );
# Each project role # Each project role
zitadel_project_role = cfg.organization |> select [ "project" "role" ] (org: project: name: value: zitadel_project_role = cfg.organization |> select [ "project" "role" ] (org: project: name: value:
{ inherit (value) displayName group; roleKey = name; } { inherit (value) displayName group; roleKey = name; }
|> withRef "org" org |> withRef "org" org
|> withRef "project" "${org}_${project}" |> withRef "project" "${org}_${project}"
|> toResource "${org}_${project}_${name}" |> toResource "${org}_${project}_${name}"
); );
# Each project role assignment # Each project role assignment
zitadel_user_grant = cfg.organization |> select [ "project" "assign" ] (org: project: user: roles: zitadel_user_grant = cfg.organization |> select [ "project" "assign" ] (org: project: user: roles:
{ roleKeys = roles; } { roleKeys = roles; }
|> withRef "org" org |> withRef "org" org
|> withRef "project" "${org}_${project}" |> withRef "project" "${org}_${project}"
|> withRef "user" "${org}_${user}" |> withRef "user" "${org}_${user}"
|> toResource "${org}_${project}_${user}" |> toResource "${org}_${project}_${user}"
); );
# Users # Users
zitadel_human_user = zitadel_human_user =
cfg.organization cfg.organization
|> select [ "user" ] (org: name: { email, userName, firstName, lastName, ... }: |> select [ "user" ] (org: name: { email, userName, firstName, lastName, ... }:
{ {
inherit email userName firstName lastName; inherit email userName firstName lastName;
isEmailVerified = true; isEmailVerified = true;
} }
|> withRef "org" org |> withRef "org" org
|> toResource "${org}_${name}" |> toResource "${org}_${name}"
) )
|> append |> append
[ [
(forEach "local.extra_users" [ "org" "name" ] { (forEach "local.extra_users" [ "org" "name" ] {
orgId = lib.tfRef "local.orgs[each.value.org]"; orgId = lib.tfRef "local.orgs[each.value.org]";
@ -452,7 +446,7 @@ in
email = lib.tfRef "each.value.email"; email = lib.tfRef "each.value.email";
firstName = lib.tfRef "each.value.firstName"; firstName = lib.tfRef "each.value.firstName";
lastName = lib.tfRef "each.value.lastName"; lastName = lib.tfRef "each.value.lastName";
isEmailVerified = true; isEmailVerified = true;
} }
|> toResource "extraUsers") |> toResource "extraUsers")
@ -460,20 +454,20 @@ in
; ;
# Global user roles # Global user roles
zitadel_instance_member = zitadel_instance_member =
cfg.organization cfg.organization
|> filterAttrsRecursive (n: v: !(v ? "instanceRoles" && (length v.instanceRoles) == 0)) |> filterAttrsRecursive (n: v: !(v ? "instanceRoles" && (length v.instanceRoles) == 0))
|> select [ "user" ] (org: name: { instanceRoles, ... }: |> select [ "user" ] (org: name: { instanceRoles, ... }:
{ roles = instanceRoles; } { roles = instanceRoles; }
|> withRef "user" "${org}_${name}" |> withRef "user" "${org}_${name}"
|> toResource "${org}_${name}" |> toResource "${org}_${name}"
); );
# Organazation specific roles # Organazation specific roles
zitadel_org_member = zitadel_org_member =
cfg.organization cfg.organization
|> filterAttrsRecursive (n: v: !(v ? "roles" && (length v.roles) == 0)) |> filterAttrsRecursive (n: v: !(v ? "roles" && (length v.roles) == 0))
|> select [ "user" ] (org: name: { roles, ... }: |> select [ "user" ] (org: name: { roles, ... }:
{ inherit roles; } { inherit roles; }
|> withRef "org" org |> withRef "org" org
|> withRef "user" "${org}_${name}" |> withRef "user" "${org}_${name}"
@ -481,9 +475,9 @@ in
); );
# Organazation's actions # Organazation's actions
zitadel_action = cfg.organization |> select [ "action" ] (org: name: { timeout, allowedToFail, script, ...}: zitadel_action = cfg.organization |> select [ "action" ] (org: name: { timeout, allowedToFail, script, ...}:
{ {
inherit allowedToFail name; inherit allowedToFail name;
timeout = "${toString timeout}s"; timeout = "${toString timeout}s";
script = "const ${name} = ${script}"; script = "const ${name} = ${script}";
} }
@ -492,20 +486,20 @@ in
); );
# Organazation's action assignments # Organazation's action assignments
zitadel_trigger_actions = zitadel_trigger_actions =
cfg.organization cfg.organization
|> concatMapAttrs (org: { triggers, ... }: |> concatMapAttrs (org: { triggers, ... }:
triggers triggers
|> imap0 (i: { flowType, triggerType, actions, ... }: (let name = "trigger_${toString i}"; in |> imap0 (i: { flowType, triggerType, actions, ... }: (let name = "trigger_${toString i}"; in
{ {
inherit flowType triggerType; inherit flowType triggerType;
actionIds = actionIds =
actions actions
|> map (action: (lib.tfRef "zitadel_action.${org}_${toSnakeCase action}.id")); |> map (action: (lib.tfRef "zitadel_action.${org}_${toSnakeCase action}.id"));
} }
|> withRef "org" org |> withRef "org" org
|> toResource "${org}_${name}" |> toResource "${org}_${name}"
)) ))
|> listToAttrs |> listToAttrs
); );
@ -522,7 +516,7 @@ in
}; };
# Client credentials per app # Client credentials per app
local_sensitive_file = cfg.organization |> select [ "project" "application" ] (org: project: name: { exportMap, ... }: local_sensitive_file = cfg.organization |> select [ "project" "application" ] (org: project: name: { exportMap, ... }:
nameValuePair "${org}_${project}_${name}" { nameValuePair "${org}_${project}_${name}" {
content = '' content = ''
${if exportMap.client_id != null then exportMap.client_id else "CLIENT_ID"}=${lib.tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_id"} ${if exportMap.client_id != null then exportMap.client_id else "CLIENT_ID"}=${lib.tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_id"}
@ -536,7 +530,7 @@ in
}) })
]; ];
}; };
in in
mkIf cfg.enable { mkIf cfg.enable {
${namespace}.services.persistance.postgresql.enable = true; ${namespace}.services.persistance.postgresql.enable = true;
@ -554,12 +548,10 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
wants = [ "zitadel.service" ]; wants = [ "zitadel.service" ];
script = ''
#!/usr/bin/env bash
script =
let
tofu = lib.getExe pkgs.opentofu;
in
''
if [ "$(systemctl is-active zitadel)" != "active" ]; then if [ "$(systemctl is-active zitadel)" != "active" ]; then
echo "Zitadel is not running" echo "Zitadel is not running"
exit 1 exit 1
@ -572,11 +564,11 @@ in
cp -f ${terraformConfiguration} config.tf.json cp -f ${terraformConfiguration} config.tf.json
# Initialize OpenTofu # Initialize OpenTofu
${tofu} init ${lib.getExe pkgs.opentofu} init
# Run the infrastructure code # Run the infrastructure code
${tofu} plan -refresh=false -out=tfplan # ${lib.getExe pkgs.opentofu} plan
${tofu} apply -auto-approve tfplan ${lib.getExe pkgs.opentofu} apply -auto-approve
''; '';
serviceConfig = { serviceConfig = {
@ -636,7 +628,7 @@ in
Org = { Org = {
Name = "kruining"; Name = "kruining";
Human = { Human = {
UserName = "chris"; UserName = "chris";
FirstName = "Chris"; FirstName = "Chris";
@ -647,7 +639,7 @@ in
}; };
Password = "KaasIsAwesome1!"; Password = "KaasIsAwesome1!";
}; };
Machine = { Machine = {
Machine = { Machine = {
Username = "terraform-service-user"; Username = "terraform-service-user";
@ -656,7 +648,7 @@ in
MachineKey = { ExpirationDate = "2026-01-01T00:00:00Z"; Type = 1; }; MachineKey = { ExpirationDate = "2026-01-01T00:00:00Z"; Type = 1; };
# Pat = { ExpirationDate = "2026-01-01T00:00:00Z"; }; # Pat = { ExpirationDate = "2026-01-01T00:00:00Z"; };
}; };
# LoginClient.Machine = { # LoginClient.Machine = {
# Username = "terraform-service-user"; # Username = "terraform-service-user";
# Name = "Terraform"; # Name = "Terraform";
@ -697,7 +689,7 @@ in
''; '';
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
# Secrets # Secrets

24
modules/nixos/services/communication/matrix/default.nix
View file

@ -1,10 +1,5 @@
{ { config, lib, pkgs, namespace, ... }:
config, let
lib,
pkgs,
namespace,
...
}: let
inherit (builtins) toString toJSON; inherit (builtins) toString toJSON;
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
@ -15,7 +10,8 @@
port = 4001; port = 4001;
database = "synapse"; database = "synapse";
in { in
{
options.${namespace}.services.communication.matrix = { options.${namespace}.services.communication.matrix = {
enable = mkEnableOption "Matrix server (Synapse)"; enable = mkEnableOption "Matrix server (Synapse)";
}; };
@ -26,13 +22,13 @@ in {
# virtualisation.podman.enable = true; # virtualisation.podman.enable = true;
}; };
networking.firewall.allowedTCPPorts = [4001]; networking.firewall.allowedTCPPorts = [ 4001 ];
services = { services = {
matrix-synapse = { matrix-synapse = {
enable = true; enable = true;
extras = ["oidc"]; extras = [ "oidc" ];
extraConfigFiles = [ extraConfigFiles = [
config.sops.templates."synapse-oidc.yaml".path config.sops.templates."synapse-oidc.yaml".path
@ -56,7 +52,7 @@ in {
backchannel_logout_enabled = true; backchannel_logout_enabled = true;
sso = { sso = {
client_whitelist = ["http://[::1]:9092"]; client_whitelist = [ "http://[::1]:9092" ];
update_profile_information = true; update_profile_information = true;
}; };
@ -79,7 +75,7 @@ in {
resources = [ resources = [
{ {
names = ["client" "federation" "openid" "metrics" "media" "health"]; names = [ "client" "federation" "openid" "metrics" "media" "health" ];
compress = true; compress = true;
} }
]; ];
@ -136,7 +132,7 @@ in {
postgresql = { postgresql = {
enable = true; enable = true;
ensureDatabases = [database]; ensureDatabases = [ database ];
ensureUsers = [ ensureUsers = [
{ {
name = database; name = database;
@ -196,7 +192,7 @@ in {
localpart_template: "{{ user.preferred_username }}" localpart_template: "{{ user.preferred_username }}"
display_name_template: "{{ user.name }}" display_name_template: "{{ user.name }}"
''; '';
restartUnits = ["matrix-synapse.service"]; restartUnits = [ "matrix-synapse.service" ];
}; };
}; };
}; };

28
modules/nixos/services/development/forgejo/default.nix
View file

@ -1,16 +1,12 @@
{ { config, lib, pkgs, namespace, ... }:
config, let
lib,
pkgs,
namespace,
...
}: let
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption; inherit (lib) mkIf mkEnableOption mkOption;
cfg = config.${namespace}.services.development.forgejo; cfg = config.${namespace}.services.development.forgejo;
domain = "git.amarth.cloud"; domain = "git.amarth.cloud";
in { in
{
options.${namespace}.services.development.forgejo = { options.${namespace}.services.development.forgejo = {
enable = mkEnableOption "Forgejo"; enable = mkEnableOption "Forgejo";
@ -30,7 +26,7 @@ in {
virtualisation.podman.enable = true; virtualisation.podman.enable = true;
}; };
environment.systemPackages = with pkgs; [forgejo]; environment.systemPackages = with pkgs; [ forgejo ];
services = { services = {
forgejo = { forgejo = {
@ -145,7 +141,7 @@ in {
}; };
}; };
openssh.settings.AllowUsers = ["forgejo"]; openssh.settings.AllowUsers = [ "forgejo" ];
gitea-actions-runner = { gitea-actions-runner = {
package = pkgs.forgejo-runner; package = pkgs.forgejo-runner;
@ -184,26 +180,18 @@ in {
}; };
}; };
users = {
users."gitea-runner" = {
isSystemUser = true;
group = "gitea-runner";
};
groups."gitea-runner" = {};
};
sops.secrets = { sops.secrets = {
"forgejo/action_runner_token" = { "forgejo/action_runner_token" = {
owner = "gitea-runner"; owner = "gitea-runner";
group = "gitea-runner"; group = "gitea-runner";
restartUnits = ["gitea-runner-default.service"]; restartUnits = [ "gitea-runner-default.service" ];
}; };
"forgejo/email" = { "forgejo/email" = {
owner = "forgejo"; owner = "forgejo";
group = "forgejo"; group = "forgejo";
key = "email/chris_kruining_eu"; key = "email/chris_kruining_eu";
restartUnits = ["forgejo.service"]; restartUnits = [ "forgejo.service" ];
}; };
}; };
}; };

255
modules/nixos/services/media/default.nix
View file

@ -1,15 +1,13 @@
{ { pkgs, lib, namespace, config, inputs, system, ... }:
pkgs, let
lib,
namespace,
config,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption; inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str; inherit (lib.types) str;
cfg = config.${namespace}.services.media; cfg = config.${namespace}.services.media;
in {
arr = ["radarr" ];
in
{
options.${namespace}.services.media = { options.${namespace}.services.media = {
enable = mkEnableOption "Enable media services"; enable = mkEnableOption "Enable media services";
@ -56,19 +54,56 @@ in {
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
# "d '${cfg.path}/series' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/series' 0700 ${cfg.user} ${cfg.group} - -"
# "d '${cfg.path}/movies' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/movies' 0700 ${cfg.user} ${cfg.group} - -"
# "d '${cfg.path}/music' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/music' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/qbittorrent' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/qbittorrent' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/sabnzbd' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/sabnzbd' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/downloads/incomplete' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/reiverr/config' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/downloads/done' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/downloads/incomplete' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/downloads/done' 0700 ${cfg.user} ${cfg.group} - -"
"d /var/lib/radarrApplyTerraform 0755 ${cfg.user} ${cfg.group} -"
]; ];
#========================================================================= #=========================================================================
# Services # Services
#========================================================================= #=========================================================================
services = { services = let
arr-services =
arr
|> lib.imap (i: service: {
name = service;
value = {
enable = true;
openFirewall = true;
environmentFiles = [
config.sops.templates."${service}/config.env".path
];
settings = {
auth.authenticationMethod = "External";
server = {
bindaddress = "0.0.0.0";
port = 2000 + i;
};
postgres = {
host = "localhost";
port = "5432";
user = service;
maindb = service;
logdb = service;
};
};
}
// (if service != "prowlarr" then { user = cfg.user; group = cfg.group; } else {});
})
|> lib.listToAttrs
;
in
arr-services // {
bazarr = { bazarr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@ -77,12 +112,6 @@ in {
listenPort = 2005; listenPort = 2005;
}; };
flaresolverr = {
enable = true;
openFirewall = true;
port = 2007;
};
# port is harcoded in nixpkgs module # port is harcoded in nixpkgs module
jellyfin = { jellyfin = {
enable = true; enable = true;
@ -91,8 +120,46 @@ in {
group = cfg.group; group = cfg.group;
}; };
postgresql = { flaresolverr = {
enable = true; enable = true;
openFirewall = true;
port = 2007;
};
qbittorrent = {
enable = true;
openFirewall = true;
webuiPort = 2008;
serverConfig = {
LegalNotice.Accepted = true;
};
user = cfg.user;
group = cfg.group;
};
# port is harcoded in nixpkgs module
sabnzbd = {
enable = true;
openFirewall = true;
configFile = "${cfg.path}/sabnzbd/config.ini";
user = cfg.user;
group = cfg.group;
};
postgresql =
let
databases = arr |> lib.concatMap (s: [ s "${s}-log" ]);
in
{
enable = true;
ensureDatabases = arr;
ensureUsers = arr |> lib.map (service: {
name = service;
ensureDBOwnership = true;
});
}; };
caddy = { caddy = {
@ -105,26 +172,136 @@ in {
}; };
}; };
systemd.services.radarrApplyTerraform =
let
# this is a nix package, the generated json file to be exact
terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
inherit system;
modules = [
({ config, lib, ... }: {
config = {
variable = {
api_key = {
type = "string";
description = "Radarr api key";
};
};
terraform.required_providers.radarr = {
source = "devopsarr/radarr";
version = "2.2.0";
};
provider.radarr = {
url = "http://127.0.0.1:2001";
api_key = lib.tfRef "var.api_key";
};
resource = {
radarr_root_folder.local = {
path = "/var/media/movies";
};
};
};
})
];
};
in
{
description = "Radarr terraform apply";
wantedBy = [ "multi-user.target" ];
wants = [ "radarr.service" ];
script = ''
#!/usr/bin/env bash
if [ "$(systemctl is-active radarr)" != "active" ]; then
echo "Radarr is not running"
exit 1
fi
# Sleep for a bit to give radarr the chance to start up
sleep 5s
# Print the path to the source for easier debugging
echo "config location: ${terraformConfiguration}"
# Copy infra code into workspace
cp -f ${terraformConfiguration} config.tf.json
# Initialize OpenTofu
${lib.getExe pkgs.opentofu} init
# Run the infrastructure code
# ${lib.getExe pkgs.opentofu} plan -var-file='${config.sops.templates."radarr/config.tfvars".path}'
${lib.getExe pkgs.opentofu} apply -auto-approve -var-file='${config.sops.templates."radarr/config.tfvars".path}'
'';
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
WorkingDirectory = "/var/lib/radarrApplyTerraform";
EnvironmentFile = [
config.sops.templates."radarr/config.env".path
];
};
};
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
sops = { sops = {
secrets = { secrets =
# "qbittorrent/password" = {}; arr
"qbittorrent/password_hash" = {}; |> lib.map (service: {
}; name = "${service}/apikey";
value = {
owner = cfg.user;
group = cfg.group;
restartUnits = [ "${service}.service" ];
};
})
|> lib.listToAttrs
;
templates = { templates =
"qbittorrent/password.conf" = { let
owner = cfg.user; apikeys =
group = cfg.group; arr
restartUnits = ["qbittorrent.service"]; |> lib.map (service: {
path = "${config.services.qbittorrent.profileDir}/qBittorrent/config/password.conf"; name = "${service}/config.env";
content = '' value = {
[Preferences] owner = cfg.user;
WebUI\Password_PBKDF2="${config.sops.placeholder."qbittorrent/password_hash"}" group = cfg.group;
''; restartUnits = [ "${service}.service" ];
}; content = ''
}; ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}"
'';
};
})
|> lib.listToAttrs;
tfvars =
arr
|> lib.map(service: {
name = "${service}/config.tfvars";
value = {
owner = cfg.user;
group = cfg.group;
restartUnits = [ "${service}ApplyTerraform.service" ];
content = ''
api_key = "${config.sops.placeholder."${service}/apikey"}"
'';
};
})
|> lib.listToAttrs;
in
apikeys // tfvars
;
}; };
}; };
} }

183
modules/nixos/services/media/glance/default.nix
View file

@ -1,183 +0,0 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.glance;
in {
options.${namespace}.services.media.glance = {
enable = mkEnableOption "Enable Glance";
};
config = mkIf cfg.enable {
services.glance = {
enable = true;
openFirewall = true;
environmentFile = config.sops.templates."glance/secrets.env".path;
settings = {
server = {
host = "0.0.0.0";
port = 2000;
};
theme = {
# Teal city predefined theme (https://github.com/glanceapp/glance/blob/main/docs/themes.md#teal-city)
background-color = "225 14 15";
primary-color = "157 47 65";
contrast-multiplier = 1.1;
};
pages = [
{
name = "Home";
columns = [
{
size = "small";
widgets = [
{
type = "calendar";
first-day-of-the-week = "monday";
}
];
}
{
size = "full";
widgets = [
{
type = "monitor";
cache = "1m";
title = "Services";
sites = [
{
title = "Zitadel";
url = "https://auth.kruining.eu";
icon = "sh:zitadel";
}
{
title = "Forgejo";
url = "https://git.amarth.cloud/chris";
icon = "sh:forgejo";
}
{
title = "Vaultwarden";
url = "https://vault.kruining.eu";
icon = "sh:vaultwarden";
}
];
}
{
type = "monitor";
cache = "1m";
title = "Observability";
sites = [
{
title = "Grafana";
url = "http://${config.networking.hostName}:${builtins.toString config.services.grafana.settings.server.http_port}";
icon = "sh:grafana";
}
{
title = "Prometheus";
url = "http://${config.networking.hostName}:${builtins.toString config.services.prometheus.port}";
icon = "sh:prometheus";
}
];
}
{
type = "monitor";
cache = "1m";
title = "Media";
sites = [
{
title = "Jellyfin";
url = "http://${config.networking.hostName}:8096";
icon = "sh:jellyfin";
}
{
title = "Radarr";
url = "http://${config.networking.hostName}:2001";
icon = "sh:radarr";
}
{
title = "Sonarr";
url = "http://${config.networking.hostName}:2002";
icon = "sh:sonarr";
}
{
title = "Lidarr";
url = "http://${config.networking.hostName}:2003";
icon = "sh:lidarr";
}
{
title = "Prowlarr";
url = "http://${config.networking.hostName}:2004";
icon = "sh:prowlarr";
}
{
title = "qBittorrent";
url = "http://${config.networking.hostName}:${builtins.toString config.services.qbittorrent.webuiPort}";
icon = "sh:qbittorrent";
}
{
title = "SABnzbd";
url = "http://${config.networking.hostName}:8080";
icon = "sh:sabnzbd";
}
];
}
{
type = "videos";
channels = [
"UCXuqSBlHAE6Xw-yeJA0Tunw" # Linus Tech Tips
"UCR-DXc1voovS8nhAvccRZhg" # Jeff Geerling
"UCsBjURrPoezykLs9EqgamOA" # Fireship
"UCBJycsmduvYEL83R_U4JriQ" # Marques Brownlee
"UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium
];
}
];
}
{
size = "small";
widgets = [
{
type = "weather";
location = "Amsterdam, The Netherlands";
units = "metric";
hour-format = "24h";
}
{
type = "server-stats";
servers = [
{
type = "local";
name = "Ulmo";
}
];
}
];
}
];
}
];
};
};
sops.templates."glance/secrets.env" = {
# owner = config.services.glance.user;
# group = config.services.glance.group;
content = ''
RADARR_KEY="${config.sops.placeholder."radarr/apikey"}"
SONARR_KEY="${config.sops.placeholder."sonarr/apikey"}"
LIDARR_KEY="${config.sops.placeholder."lidarr/apikey"}"
'';
};
};
}

161
modules/nixos/services/media/homer/default.nix Normal file
View file

@ -0,0 +1,161 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.homer;
in
{
options.${namespace}.services.media.homer = {
enable = mkEnableOption "Enable homer";
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 2000 ];
services = {
homer = {
enable = true;
virtualHost = {
caddy.enable = true;
domain = "http://:2000";
};
settings = {
title = "Ulmo dashboard";
columns = 4;
connectivityCheck = true;
links = [];
services = [
{
name = "Services";
items = [
{
name = "Zitadel";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/zitadel.svg";
tag = "app";
url = "https://auth.kruining.eu";
target = "_blank";
}
{
name = "Forgejo";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/forgejo.svg";
tag = "app";
type = "Gitea";
url = "https://git.amarth.cloud";
target = "_blank";
}
{
name = "Vaultwarden";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/vaultwarden.svg";
type = "Vaultwarden";
tag = "app";
url = "https://vault.kruining.eu";
target = "_blank";
}
];
}
{
name = "Observability";
items = [
{
name = "Grafana";
type = "Grafana";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/grafana.svg";
tag = "app";
url = "http://${config.networking.hostName}:${builtins.toString config.services.grafana.settings.server.http_port}";
target = "_blank";
}
{
name = "Prometheus";
type = "Prometheus";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/prometheus.svg";
tag = "app";
url = "http://${config.networking.hostName}:${builtins.toString config.services.prometheus.port}";
target = "_blank";
}
];
}
{
name = "Media";
items = [
{
name = "Jellyfin (Movies)";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/jellyfin.svg";
tag = "app";
type = "Emby";
url = "http://${config.networking.hostName}:8096";
apikey = "e3ceed943eeb409ba8342738db7cc1f5";
libraryType = "movies";
target = "_blank";
}
{
name = "Radarr";
type = "Radarr";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/radarr.svg";
tag = "app";
url = "http://${config.networking.hostName}:2001";
target = "_blank";
}
{
name = "Sonarr";
type = "Sonarr";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/sonarr.svg";
tag = "app";
url = "http://${config.networking.hostName}:2002";
target = "_blank";
}
{
name = "Lidarr";
type = "Lidarr";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/lidarr.svg";
tag = "app";
url = "http://${config.networking.hostName}:2003";
target = "_blank";
}
{
name = "Prowlarr";
type = "Prowlarr";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/prowlarr.svg";
tag = "app";
url = "http://${config.networking.hostName}:2004";
target = "_blank";
}
{
name = "qBittorrent";
type = "qBittorrent";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/qbittorrent.svg";
tag = "app";
url = "http://${config.networking.hostName}:${builtins.toString config.services.qbittorrent.webuiPort}";
target = "_blank";
}
{
name = "SABnzbd";
type = "SABnzbd";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/sabnzdb-light.svg";
tag = "app";
url = "http://${config.networking.hostName}:8080";
target = "_blank";
}
];
}
];
};
};
};
};
}

86
modules/nixos/services/media/mydia/default.nix
View file

@ -1,86 +0,0 @@
{
config,
lib,
namespace,
inputs,
system,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.mydia;
in {
imports = [
inputs.mydia.nixosModules.default
];
options.${namespace}.services.media.mydia = {
enable = mkEnableOption "Enable Mydia";
};
config = mkIf cfg.enable {
services.mydia = {
enable = true;
port = 2010;
listenAddress = "0.0.0.0";
openFirewall = true;
mediaLibraries = [
"/var/mydia/movies"
"/var/mydia/series"
];
database = {
# type = "sqlite";
# uri = "file:///var/lib/mydia/mydia.db";
type = "postgres";
uri = "postgres://mydia@localhost:5432/mydia?sslmode=disable";
passwordFile = config.sops.secrets."mydia/qbittorrent_password".path;
};
secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path;
guardianSecretKeyFile = config.sops.secrets."mydia/guardian_secret".path;
oidc = {
enable = true;
issuer = "https://auth.kruining.eu";
clientIdFile = config.sops.secrets."mydia/oidc_id".path;
clientSecretFile = config.sops.secrets."mydia/oidc_secret".path;
scopes = ["openid" "profile" "email"];
};
downloadClients = {
qbittorrent = {
type = "qbittorrent";
host = "localhost";
port = 2008;
username = "admin";
passwordFile = config.sops.secrets."mydia/qbittorrent_password".path;
useSsl = false;
};
};
};
sops.secrets = let
base =
["secret_key_base" "guardian_secret" "oidc_id" "oidc_secret"]
|> lib.map (name:
lib.nameValuePair "mydia/${name}" {
owner = config.services.mydia.user;
group = config.services.mydia.group;
restartUnits = ["mydia.service"];
})
|> lib.listToAttrs;
in
base
// {
"mydia/qbittorrent_password" = {
owner = config.services.mydia.user;
group = config.services.mydia.group;
restartUnits = ["mydia.service"];
key = "qbittorrent/password";
};
};
};
}

241
modules/nixos/services/media/servarr/default.nix
View file

@ -1,20 +1,14 @@
{ { pkgs, config, lib, namespace, inputs, system, ... }:
pkgs, let
config,
lib,
namespace,
inputs,
system,
...
}: let
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types; inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.servarr; cfg = config.${namespace}.services.media.servarr;
in { in
{
options.${namespace}.services.media = { options.${namespace}.services.media = {
servarr = mkOption { servarr = mkOption {
type = types.attrsOf (types.submodule ({name, ...}: { type = types.attrsOf (types.submodule ({ name, ... }: {
options = { options = {
enable = mkEnableOption "Enable ${name}"; enable = mkEnableOption "Enable ${name}";
debug = mkEnableOption "Use tofu plan instead of tofu apply for ${name} "; debug = mkEnableOption "Use tofu plan instead of tofu apply for ${name} ";
@ -34,106 +28,61 @@ in {
}; };
config = { config = {
services = services =
cfg cfg
|> lib.mapAttrsToList (service: { |> lib.mapAttrsToList (service: { enable, port, ... }: (mkIf enable {
enable, "${service}" = {
port, enable = true;
... openFirewall = true;
}: (mkIf enable {
"${service}" =
{
enable = true;
openFirewall = true;
environmentFiles = [ environmentFiles = [
config.sops.templates."${service}/config.env".path config.sops.templates."${service}/config.env".path
]; ];
settings = { settings = {
auth.authenticationMethod = "External"; auth.authenticationMethod = "External";
server = { server = {
bindaddress = "0.0.0.0"; bindaddress = "0.0.0.0";
port = port; port = port;
};
postgres = {
host = "localhost";
port = "5432";
user = service;
maindb = service;
logdb = service;
};
}; };
}
// (lib.optionalAttrs (service != "prowlarr") { postgres = {
user = service; host = "localhost";
group = "media"; port = "5432";
}); user = service;
maindb = service;
logdb = service;
};
};
};
})) }))
|> lib.mkMerge |> lib.mergeAttrsList
|> (set: |> (set: set // {
set postgres = {
// { ensureDatabases = cfg |> lib.attrNames;
qbittorrent = { ensureUsers = cfg |> lib.attrNames |> lib.map (service: {
enable = true; name = service;
openFirewall = true; ensureDBOwnership = true;
webuiPort = 2008; });
};
})
;
serverConfig = { systemd =
LegalNotice.Accepted = true;
Prefecences.WebUI = {
Username = "admin";
};
};
user = "qbittorrent";
group = "media";
};
# port is harcoded in nixpkgs module
sabnzbd = {
enable = true;
openFirewall = true;
configFile = "${cfg.path}/sabnzbd/config.ini";
user = "sabnzbd";
group = "media";
};
postgresql = {
ensureDatabases = cfg |> lib.attrNames;
ensureUsers =
cfg
|> lib.attrNames
|> lib.map (service: {
name = service;
ensureDBOwnership = true;
});
};
});
systemd.services =
cfg cfg
|> lib.mapAttrsToList (service: { |> lib.mapAttrsToList (service: { enable, debug, port, rootFolders, ... }: (mkIf enable {
enable, tmpfiles.rules = [
debug, "d /var/lib/${service}ApplyTerraform 0755 ${service} ${service} -"
port, ];
rootFolders,
... services."${service}ApplyTerraform" =
}: (mkIf enable { let
"${service}ApplyTerraform" = let
terraformConfiguration = inputs.terranix.lib.terranixConfiguration { terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
inherit system; inherit system;
modules = [ modules = [
({ ({ config, lib, ... }: {
config,
lib,
...
}: {
config = { config = {
variable = { variable = {
api_key = { api_key = {
@ -144,17 +93,7 @@ in {
terraform.required_providers.${service} = { terraform.required_providers.${service} = {
source = "devopsarr/${service}"; source = "devopsarr/${service}";
version = version = "2.2.0";
{
radarr = "2.3.3";
sonarr = "3.4.0";
prowlarr = "3.1.0";
lidarr = "1.13.0";
readarr = "2.1.0";
whisparr = "1.2.0";
}.${
service
};
}; };
provider.${service} = { provider.${service} = {
@ -163,32 +102,26 @@ in {
}; };
resource = { resource = {
"${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( "${service}_root_folder" =
rootFolders rootFolders
|> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) |> lib.imap (i: f: lib.nameValuePair "local${toString i}" { path = f; })
|> lib.listToAttrs |> lib.listToAttrs
); ;
}; };
}; };
}) })
]; ];
}; };
in { in
{
description = "${service} terraform apply"; description = "${service} terraform apply";
wantedBy = ["multi-user.target"]; wantedBy = [ "multi-user.target" ];
wants = ["${service}.service"]; wants = [ "${service}.service" ];
preStart = ''
install -d -m 0770 -o ${service} -g media /var/lib/${service}ApplyTerraform
${
rootFolders
|> lib.map (folder: "install -d -m 0770 -o media -g media ${folder}")
|> lib.join "\n"
}
'';
script = '' script = ''
#!/usr/bin/env bash
# Sleep for a bit to give the service a chance to start up # Sleep for a bit to give the service a chance to start up
sleep 5s sleep 5s
@ -204,22 +137,18 @@ in {
cp -f ${terraformConfiguration} config.tf.json cp -f ${terraformConfiguration} config.tf.json
# Initialize OpenTofu # Initialize OpenTofu
${lib.getExe pkgs.opentofu} init -upgrade ${lib.getExe pkgs.opentofu} init
# Run the infrastructure code # Run the infrastructure code
${lib.getExe pkgs.opentofu} \ ${lib.getExe pkgs.opentofu} \
${ ${if debug then "plan" else "apply -auto-approve"} \
if debug
then "plan"
else "apply -auto-approve"
} \
-var-file='${config.sops.templates."${service}/config.tfvars".path}' -var-file='${config.sops.templates."${service}/config.tfvars".path}'
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = service; User = service;
Group = "media"; Group = service;
WorkingDirectory = "/var/lib/${service}ApplyTerraform"; WorkingDirectory = "/var/lib/${service}ApplyTerraform";
@ -229,34 +158,31 @@ in {
}; };
}; };
})) }))
|> lib.mkMerge; |> lib.mergeAttrsList
;
users = users.users =
cfg cfg
|> lib.mapAttrsToList (service: {enable, ...}: (mkIf enable { |> lib.mapAttrsToList (service: { enable, ... }: (mkIf enable {
users.${service} = { "${service}".extraGroups = [ "media" ];
isSystemUser = true;
group = lib.mkDefault service;
extraGroups = ["media"];
};
groups.${service} = {};
})) }))
|> lib.mkMerge; |> lib.mergeAttrsList
;
sops = sops =
cfg cfg
|> lib.mapAttrsToList (service: {enable, ...}: (mkIf enable { |> lib.mapAttrsToList (service: { enable, ... }: (mkIf enable {
secrets."${service}/apikey" = { secrets."${service}/apikey" = {
owner = service; owner = service;
group = "media"; group = service;
restartUnits = ["${service}.service"]; restartUnits = [ "${service}.service" ];
}; };
templates = { templates = {
"${service}/config.env" = { "${service}/config.env" = {
owner = service; owner = service;
group = "media"; group = service;
restartUnits = ["${service}.service"]; restartUnits = [ "${service}.service" ];
content = '' content = ''
${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}" ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}"
''; '';
@ -264,14 +190,25 @@ in {
"${service}/config.tfvars" = { "${service}/config.tfvars" = {
owner = service; owner = service;
group = "media"; group = service;
restartUnits = ["${service}.service"]; restartUnits = [ "${service}.service" ];
content = '' content = ''
api_key = "${config.sops.placeholder."${service}/apikey"}" api_key = "${config.sops.placeholder."${service}/apikey"}"
''; '';
}; };
}; };
})) }))
|> lib.mkMerge; |> lib.mergeAttrsList
;
}; };
# cfg
# |> lib.mapAttrsToList (service: { enable, debug, port, rootFolders, ... }: (mkIf enable {
# # sops = {
# # };
# }))
# |> lib.mergeAttrsList
# ;
} }

131
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -1,31 +1,25 @@
{ { pkgs, config, lib, namespace, ... }:
pkgs, let
config,
lib,
namespace,
...
}: let
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep; inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep;
cfg = config.${namespace}.services.security.vaultwarden; cfg = config.${namespace}.services.security.vaultwarden;
databaseProviderSqlite = types.submodule ({...}: { databaseProviderSqlite = types.submodule ({ ... }: {
options = { options = {
type = mkOption { type = mkOption {
type = types.enum ["sqlite"]; type = types.enum [ "sqlite" ];
}; };
file = mkOption { file = mkOption {
type = types.path; type = types.str;
description = '' description = '''';
Path to sqlite database file.
'';
}; };
}; };
}); });
databaseProviderPostgresql = types.submodule ({...}: let databaseProviderPostgresql = types.submodule ({ ... }:
let
urlOptions = lib.${namespace}.options.mkUrlOptions { urlOptions = lib.${namespace}.options.mkUrlOptions {
host = { host = {
description = '' description = ''
@ -46,36 +40,36 @@
example = "postgres"; example = "postgres";
}; };
}; };
in { in
options = {
{ options = {
type = mkOption { type = mkOption {
type = types.enum ["postgresql"]; type = types.enum [ "postgresql" ];
}; };
sslMode = mkOption { sslMode = mkOption {
type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"]; type = types.enum [ "verify-ca" "verify-full" "require" "prefer" "allow" "disabled" ];
default = "verify-full"; default = "verify-full";
example = "verify-ca"; example = "verify-ca";
description = '' description = ''
How to verify the server's ssl How to verify the server's ssl
| mode | eavesdropping protection | MITM protection | Statement | | mode | eavesdropping protection | MITM protection | Statement |
|-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------| |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. | | disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. |
| allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. | | allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. |
| prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. | | prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. |
| require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. | | require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. |
| verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. | | verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. |
| verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. | | verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. |
[Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS)
''; '';
}; };
} } // (urlOptions |> getAttrs [ "protocol" "host" "port" ]);
// (urlOptions |> getAttrs ["protocol" "host" "port"]);
}); });
in { in
{
options.${namespace}.services.security.vaultwarden = { options.${namespace}.services.security.vaultwarden = {
enable = mkEnableOption "enable vaultwarden"; enable = mkEnableOption "enable vaultwarden";
@ -142,7 +136,7 @@ in {
postgresql = { postgresql = {
enable = true; enable = true;
ensureDatabases = ["vaultwarden"]; ensureDatabases = [ "vaultwarden" ];
ensureUsers = [ ensureUsers = [
{ {
name = "vaultwarden"; name = "vaultwarden";
@ -177,7 +171,7 @@ in {
owner = config.users.users.vaultwarden.name; owner = config.users.users.vaultwarden.name;
group = config.users.users.vaultwarden.name; group = config.users.users.vaultwarden.name;
key = "email/chris_kruining_eu"; key = "email/chris_kruining_eu";
restartUnits = ["vaultwarden.service"]; restartUnits = [ "vaultwarden.service" ];
}; };
}; };
@ -189,31 +183,34 @@ in {
owner = config.users.users.vaultwarden.name; owner = config.users.users.vaultwarden.name;
group = config.users.groups.vaultwarden.name; group = config.users.groups.vaultwarden.name;
}; };
temp-db-output.content = let temp-db-output.content =
config = let
cfg.database config =
|> ( cfg.database
{type, ...} @ db: |> ({ type, ... }@db:
if type == "sqlite" if type == "sqlite" then
then {inherit (db) type file;} { inherit (db) type file; }
else if type == "postgresql" else if type == "postgresql" then
then { {
inherit (db) type; inherit (db) type;
url = lib.${namespace}.strings.toUrl { url = lib.${namespace}.strings.toUrl {
inherit (db) protocol host port; inherit (db) protocol host port;
path = "vaultwarden"; path = "vaultwarden";
query = { query = {
sslmode = db.sslMode; sslmode = db.sslMode;
};
}; };
}; }
} else
else {} {}
) )
|> concatMapAttrsStringSep "\n" (n: v: "${toUpper n}=${v}"); |> concatMapAttrsStringSep "\n" (n: v: "${toUpper n}=${v}")
in '' ;
# GENERATED VALUES in
${config} ''
''; # GENERATED VALUES
${config}
'';
}; };
}; };
}; };

4
modules/nixos/shells/default.nix
View file

@ -1,2 +1,2 @@
{...}: { { ... }:
} {}

17
shells/default/default.nix
View file

@ -1,10 +1,5 @@
{ { mkShell, inputs, pkgs, ... }:
mkShell,
inputs,
pkgs,
stdenv,
...
}:
mkShell { mkShell {
packages = with pkgs; [ packages = with pkgs; [
bash bash
@ -12,10 +7,6 @@ mkShell {
just just
yq yq
pwgen pwgen
alejandra inputs.clan-core.packages.x86_64-linux.clan-cli
nil
nixd
openssl
inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli
]; ];
} }

79
systems/x86_64-linux/ulmo/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
imports = [ imports = [
./disks.nix ./disks.nix
./hardware.nix ./hardware.nix
@ -7,10 +8,7 @@
networking = { networking = {
interfaces.enp2s0 = { interfaces.enp2s0 = {
ipv6.addresses = [ ipv6.addresses = [
{ { address = "2a0d:6e00:1dc9:0::dead:beef"; prefixLength = 64; }
address = "2a0d:6e00:1dc9:0::dead:beef";
prefixLength = 64;
}
]; ];
useDHCP = true; useDHCP = true;
@ -41,7 +39,7 @@
sneeuwvlok = { sneeuwvlok = {
services = { services = {
backup.borg.enable = true; backup.borg.enable = true;
authentication.zitadel = { authentication.zitadel = {
enable = true; enable = true;
@ -53,8 +51,8 @@
firstName = "Chris"; firstName = "Chris";
lastName = "Kruining"; lastName = "Kruining";
roles = ["ORG_OWNER"]; roles = [ "ORG_OWNER" ];
instanceRoles = ["IAM_OWNER"]; instanceRoles = [ "IAM_OWNER" ];
}; };
kaas = { kaas = {
@ -80,27 +78,27 @@
}; };
assign = { assign = {
chris = ["jellyfin" "jellyfin_admin"]; chris = [ "jellyfin" "jellyfin_admin" ];
kaas = ["jellyfin"]; kaas = [ "jellyfin" ];
}; };
application = { application = {
jellyfin = { jellyfin = {
redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; redirectUris = [ "https://jellyfin.kruining.eu/sso/OID/redirect/zitadel" ];
grantTypes = ["authorizationCode"]; grantTypes = [ "authorizationCode" ];
responseTypes = ["code"]; responseTypes = [ "code" ];
}; };
forgejo = { forgejo = {
redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; redirectUris = [ "https://git.amarth.cloud/user/oauth2/zitadel/callback" ];
grantTypes = ["authorizationCode"]; grantTypes = [ "authorizationCode" ];
responseTypes = ["code"]; responseTypes = [ "code" ];
}; };
vaultwarden = { vaultwarden = {
redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; redirectUris = [ "https://vault.kruining.eu/identity/connect/oidc-signin" ];
grantTypes = ["authorizationCode"]; grantTypes = [ "authorizationCode" ];
responseTypes = ["code"]; responseTypes = [ "code" ];
exportMap = { exportMap = {
client_id = "SSO_CLIENT_ID"; client_id = "SSO_CLIENT_ID";
client_secret = "SSO_CLIENT_SECRET"; client_secret = "SSO_CLIENT_SECRET";
@ -108,15 +106,9 @@
}; };
matrix = { matrix = {
redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; redirectUris = [ "https://matrix.kruining.eu/_synapse/client/oidc/callback" ];
grantTypes = ["authorizationCode"]; grantTypes = [ "authorizationCode" ];
responseTypes = ["code"]; responseTypes = [ "code" ];
};
mydia = {
redirectUris = ["http://localhost:2010/auth/oidc/callback"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
}; };
}; };
}; };
@ -129,9 +121,9 @@
if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) {
return; return;
} }
const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role));
api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles }));
}; };
''; '';
@ -139,16 +131,8 @@
}; };
triggers = [ triggers = [
{ { flowType = "customiseToken"; triggerType = "preUserinfoCreation"; actions = [ "flattenRoles" ]; }
flowType = "customiseToken"; { flowType = "customiseToken"; triggerType = "preAccessTokenCreation"; actions = [ "flattenRoles" ]; }
triggerType = "preUserinfoCreation";
actions = ["flattenRoles"];
}
{
flowType = "customiseToken";
triggerType = "preAccessTokenCreation";
actions = ["flattenRoles"];
}
]; ];
}; };
}; };
@ -161,17 +145,12 @@
networking.ssh.enable = true; networking.ssh.enable = true;
media.enable = true; media.enable = true;
media.glance.enable = true; media.homer.enable = true;
media.mydia.enable = true;
media.nfs.enable = true; media.nfs.enable = true;
media.servarr = { media.servarr = {
radarr = { # radarr = {
enable = true; # port = 2001;
port = 2001; # };
rootFolders = [
"/var/media/movies"
];
};
sonarr = { sonarr = {
enable = true; enable = true;
@ -213,7 +192,7 @@
database = { database = {
# type = "sqlite"; # type = "sqlite";
# file = "/var/lib/vaultwarden/state.db"; # file = "/var/lib/vaultwarden/state.db";
type = "postgresql"; type = "postgresql";
host = "localhost"; host = "localhost";
port = 5432; port = 5432;

12
systems/x86_64-linux/ulmo/secrets.yml
View file

@ -19,14 +19,6 @@ lidarr:
apikey: ENC[AES256_GCM,data:I2eKaxidmxem7C7ukmyIfwASNqrkS4vEOiCcU5kSNY6DR0pXsYg0PBdgu8vzK6llbXODLdG5t55BordIWvVRJGAauo0FMvtp59NSNpza7cK68tdKGvNefD6bqhUIR06BY11niQ==,iv:48AD7cd17TlWY5yAagepLOIVwgxhD/d13Pnup6GsWDA=,tag:teOVtW8opE99hqAXQwvlrA==,type:str] apikey: ENC[AES256_GCM,data:I2eKaxidmxem7C7ukmyIfwASNqrkS4vEOiCcU5kSNY6DR0pXsYg0PBdgu8vzK6llbXODLdG5t55BordIWvVRJGAauo0FMvtp59NSNpza7cK68tdKGvNefD6bqhUIR06BY11niQ==,iv:48AD7cd17TlWY5yAagepLOIVwgxhD/d13Pnup6GsWDA=,tag:teOVtW8opE99hqAXQwvlrA==,type:str]
prowlarr: prowlarr:
apikey: ENC[AES256_GCM,data:pyZ2WGEs/PlIdhDsQq2TPGJbplkd5fLF0ZkBjITqIJlnAzYHb+rl+KOM4rHqQcI6yAJM8X1Y3ymGrD7vG7GiRxB7yoEG13SKhZIWOddTnxIhbkz81RfrL2fUJIydOaP6sS//9Q==,iv:Tr6MWoC6nC7rdVTOjT1T2itT+lVL4GnUiAr5/+IHAs0=,tag:keIJNuGeVht8+xSN3FnBGA==,type:str] apikey: ENC[AES256_GCM,data:pyZ2WGEs/PlIdhDsQq2TPGJbplkd5fLF0ZkBjITqIJlnAzYHb+rl+KOM4rHqQcI6yAJM8X1Y3ymGrD7vG7GiRxB7yoEG13SKhZIWOddTnxIhbkz81RfrL2fUJIydOaP6sS//9Q==,iv:Tr6MWoC6nC7rdVTOjT1T2itT+lVL4GnUiAr5/+IHAs0=,tag:keIJNuGeVht8+xSN3FnBGA==,type:str]
mydia:
oidc_id: ENC[AES256_GCM,data:LfYWh9EC0aio3w1Xsj/jtU6z,iv:+dX9KkNtfQMYSX4yr83KyXalWMD/aWby7fC8aL4ZT3I=,tag:CvdbMoMTuC9FohTMIE5pmg==,type:str]
oidc_secret: ENC[AES256_GCM,data:PgI4hmP/3wt9uj+1QvCYcT8Wav0hgCRADouzWM3V695SSfXfbwDgez8tA/tm1/1jymAU2F2sZH8G2hZ1cdHyHQ==,iv:h3o3jsTmnoNE3+mGX12J3ZU0/6PlQNjdndEvaj/czj0=,tag:p3+p4E8fBtR7a8UpM8cUsg==,type:str]
secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str]
guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str]
qbittorrent:
password_hash: ENC[AES256_GCM,data:QWuQYmfBn9eLDYztH7TmQvw74MvmzCQ98OlBtyjm1Icr2c63epRuHWzQbm+Q+1jrCSiQreOB3ZyjLzkeV6SlLonryUSD71uBWVwctgPXO0XDrxE1Vi6dkiwC3TF65JTMDhyjDLEj1YkiMP25Fz5NidJTP/r9GlXTfM7gjWo=,iv:bpgL5IoAv+1PUtgNIjLcbzN8C9z55ndypz4LEELAhLc=,tag:VB+XTCwLeIEYKnOr/0f7zA==,type:str]
password: ENC[AES256_GCM,data:UepYY6UjJV/jo2aXTOEnKRtsjSqOSYPQlKlrAa7rf9rdnt2UXGjCkvN+A72pICuIBCAmhXZBAUMvmWTV9trk6NREHe0cY1xTC7pNv3x9TM/ZQmH498pbT/95pYAKwouHp9heJQ==,iv:FzjF+xPoaOp+gplxpz940V2dkWSTWe8dWUxexCoxxHc=,tag:TDZsboq9fEmmBrwJN/HTpQ==,type:str]
sops: sops:
age: age:
- recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq
@ -47,7 +39,7 @@ sops:
TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb
Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-04T11:24:52Z" lastmodified: "2025-11-19T09:51:26Z"
mac: ENC[AES256_GCM,data:jIgkl1lcVDSlKqJs9fjaHUAZsGL+22T86/qqKyDziHl0+VU763Ezwm8P+la+55jIIT2zLhFcUjhn2BabBi90OeEPztAC4rGpZj6+ZZ0GDCj/JhjPAAo3LgAKOCG0Xgf8MZWr/rXd6bLhW7Qj36PMJnap26rjEiUZeSvpWS2dz8g=,iv:CDx8fBI9Dl1uwrbMD1fa7/h3C7haK3xZxJI59mtL1LA=,tag:2UDRFJoevGEBKZA/9eUiOw==,type:str] mac: ENC[AES256_GCM,data:pMMkxHPochpI8si/oHhU7MHqC1JjNhMP7HCRNQQEkwBQI489xiC02t+qUwpmG4oIheqi8lEcZPpL4t9HzRN9sZImaI2LrJn3cHFojHzXzo7FPfvfUilZe1+JXLfm+wn+bflAEutIcfDiZc/MjiKOxRHwZy5Pr41Mj6uPIUr62zk=,iv:GwvMVgJ6m1DQcRZMVzshbuMK/Kx8vE8Ym83KbxuvYRg=,tag:wVSol9LDRzoFjQppB8J9gA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0