alright, time to try it

next iteration for forgejo runners
.
2025-09-08 16:24:36 +02:00 · 2025-09-08 16:18:02 +02:00 · 2025-09-08 16:14:15 +02:00 · 2025-09-08 09:03:27 +02:00 · 2025-09-07 22:26:09 +02:00 · 2025-09-07 20:47:45 +02:00
33 changed files with 1266 additions and 238 deletions
--- a/.forgejo/workflows/action.yml
+++ b/.forgejo/workflows/action.yml
@ -0,0 +1,15 @@
+name: Test action
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  kaas:
+    runs-on: nix
+    steps:
+      - name: Echo
+        run: |
+          nix --version
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,8 @@
+# ---> Nix
+# Ignore build outputs from performing a nix-build or `nix build` command
 result
-*.qcow2
+result-*
+
+# Ignore automatically generated direnv output
+.direnv
+
--- a/flake.lock
+++ b/flake.lock
@ -73,11 +73,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1753879613,
-        "narHash": "sha256-oYhCJSAIZiu3maM2q6JBzh0+MYd4KTaq5eNFIstUurE=",
+        "lastModified": 1756593129,
+        "narHash": "sha256-xpdGBk57lErbo03ZJS8uDDF5cZjoza7kzr7X+y0wj2g=",
        "owner": "emmanuelrosa",
        "repo": "erosanix",
-        "rev": "0ad38bd182cd737f0f4b878ea04cb3676ecd4000",
+        "rev": "f28776c49ddb4d34abc01092009fba0cd96836bd",
        "type": "github"
      },
      "original": {
@ -94,11 +94,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1753944209,
-        "narHash": "sha256-dcGdqxhRRGoA/S38BsWOrwIiLYEBOqXKauHdFwKR310=",
+        "lastModified": 1756622179,
+        "narHash": "sha256-K3CimrAcMhdDYkErd3oiWPZNaoyaGZEuvGrFuDPFMZY=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "5ef8607d6e8a08cfb3946aaacaa0494792adf4ae",
+        "rev": "0abcb15ae6279dcb40a8ae7c1ed980705245cb79",
        "type": "github"
      },
      "original": {
@ -114,11 +114,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1753960679,
-        "narHash": "sha256-q82/pjksNMev2AJqK1v38BcK29kB2f7yB2GTEsrlR2M=",
+        "lastModified": 1756643456,
+        "narHash": "sha256-SbRGlArZnspW/xd/vnMPSyuZGXSVtxyJEoXpvpzDpSE=",
        "owner": "nix-community",
        "repo": "flake-firefox-nightly",
-        "rev": "c709bb72ee604949ff54df9519dc6cb0c6040007",
+        "rev": "6772a49573fc08b3e05502cccd90a8f5a82ee42e",
        "type": "github"
      },
      "original": {
@ -230,11 +230,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753121425,
-        "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
+        "lastModified": 1754487366,
+        "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
+        "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
        "type": "github"
      },
      "original": {
@ -411,11 +411,11 @@
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1753279958,
-        "narHash": "sha256-EJ1udnwKYgWeAJzncAccbLPtbSWiuIANryXTGI9nY6w=",
+        "lastModified": 1756381920,
+        "narHash": "sha256-h6FZq485lEhkTICK779ZQ2kUWe3BieUqIKuJ2jef7SI=",
        "owner": "vinceliuice",
        "repo": "grub2-themes",
-        "rev": "6c26f99622cb1c705b3fe2dbe1eb88521096b25a",
+        "rev": "8f30385f556a92ecbcc0c1800521730187da1cd7",
        "type": "github"
      },
      "original": {
@ -432,11 +432,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753902883,
-        "narHash": "sha256-F7IUdBe//PDtcztUdu3XYxzJuKbYip6TwIRWLdrftO0=",
+        "lastModified": 1756413980,
+        "narHash": "sha256-pxTwEjWZ1GohJeTEpxoZRHRoLDZjDw9CarGqxE5e908=",
        "owner": "himmelblau-idm",
        "repo": "himmelblau",
-        "rev": "d01709bf0100183045927c03b90db78fb8e40bda",
+        "rev": "0c12a2b5862cd673307bbe191c1f7b52cf0f091a",
        "type": "github"
      },
      "original": {
@ -452,11 +452,32 @@
        ]
      },
      "locked": {
-        "lastModified": 1753943136,
-        "narHash": "sha256-eiEE5SabVcIlGSTRcRyBjmJMaYAV95SJnjy8YSsVeW4=",
+        "lastModified": 1756650373,
+        "narHash": "sha256-Iz0dNCNvLLxVGjOOF1/TJvZ4iKXE96BTgKDObCs9u+M=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "bd82507edd860c453471c46957cbbe3c9fd01b5c",
+        "rev": "e44549074a574d8bda612945a88e4a1fd3c456a8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "zen-browser",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1756842514,
+        "narHash": "sha256-XbtRMewPGJwTNhBC4pnBu3w/xT1XejvB0HfohC2Kga8=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "30fc1b532645a21e157b6e33e3f8b4c154f86382",
        "type": "github"
      },
      "original": {
@ -473,11 +494,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753938227,
-        "narHash": "sha256-KzjI9khMC2tOL5FClh3sHq8Gax1O5Rw0bH1hvJ3FU3E=",
+        "lastModified": 1756638688,
+        "narHash": "sha256-ddxbPTnIchM6tgxb6fRrCvytlPE2KLifckTnde/irVQ=",
        "owner": "Jovian-Experiments",
        "repo": "Jovian-NixOS",
-        "rev": "8d1f0004594e0eddc00159ad7666e669a6bcb711",
+        "rev": "e7b8679cba79f4167199f018b05c82169249f654",
        "type": "github"
      },
      "original": {
@ -492,11 +513,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1753618592,
-        "narHash": "sha256-9sDACkrSbZOA1srKWQzvbkBFHZeXvHW8EYpWrVZPxDg=",
+        "lastModified": 1754828166,
+        "narHash": "sha256-i7c+fpXVsnvj2+63Gl3YfU1hVyxbLeqeFj55ZBZACWI=",
        "owner": "nix-community",
        "repo": "lib-aggregate",
-        "rev": "81b2f78680ca3864bfdc0d4cbc3444af3e1ff271",
+        "rev": "f01c8d121a3100230612be96e4ac668e15eafb77",
        "type": "github"
      },
      "original": {
@ -507,11 +528,11 @@
    },
    "mnw": {
      "locked": {
-        "lastModified": 1748710831,
-        "narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=",
+        "lastModified": 1756580127,
+        "narHash": "sha256-XK+ZQWjnd96Uko73jY1dc23ksnuWnF/Myc4rT/LQOmc=",
        "owner": "Gerg-L",
        "repo": "mnw",
-        "rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d",
+        "rev": "ecdb5ba1b08ac198d9e9bfbf9de3b234fb1eb252",
        "type": "github"
      },
      "original": {
@ -549,11 +570,11 @@
        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
-        "lastModified": 1753928630,
-        "narHash": "sha256-ASqyvmJ2EEUCyDJGMHRQ1ZqWnCd4SiVd7hi7dGBuSvw=",
+        "lastModified": 1756518625,
+        "narHash": "sha256-Mxh2wumeSsb968dSDksblubQqHTTdRTC5lH0gmhq9jI=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "30af81148ee29a4a13c938c25d3e68877b1b27fb",
+        "rev": "92654796f8f6c3279e4b7d409a3e5b43b0539a19",
        "type": "github"
      },
      "original": {
@ -621,11 +642,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753704990,
-        "narHash": "sha256-5E14xuNWy2Un1nFR55k68hgbnD8U2x/rE5DXJtYKusw=",
+        "lastModified": 1755261305,
+        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
        "owner": "nix-community",
        "repo": "nixos-wsl",
-        "rev": "58c814cc6d4a789191f9c12e18277107144b0c91",
+        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
        "type": "github"
      },
      "original": {
@ -636,11 +657,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1751186460,
-        "narHash": "sha256-tSnI50oYaXOi/SFUmJC+gZ2xE9pAhTnV0D2/3JoKL7g=",
+        "lastModified": 1754002724,
+        "narHash": "sha256-1NBby4k2UU9FR7a9ioXtCOpv8jYO0tZAGarMsxN8sz8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "dd5540905b1a13176efa13fa2f8dac776bcb275a",
+        "rev": "8271ed4b2e366339dd622f329151e45745ade121",
        "type": "github"
      },
      "original": {
@ -652,11 +673,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1753579242,
-        "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
+        "lastModified": 1754788789,
+        "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
+        "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
        "type": "github"
      },
      "original": {
@ -683,11 +704,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1753948617,
-        "narHash": "sha256-68ounbeMLJTO/Igq0rEqjldNReb/r2gR9zgLU2qiH7A=",
+        "lastModified": 1756578978,
+        "narHash": "sha256-dLgwMLIMyHlSeIDsoT2OcZBkuruIbjhIAv1sGANwtes=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "4f1a1d0af135001efc1a58c8f31ede7bb1045874",
+        "rev": "a85a50bef870537a9705f64ed75e54d1f4bf9c23",
        "type": "github"
      },
      "original": {
@ -715,11 +736,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1753965693,
-        "narHash": "sha256-ks84bo0xIjUdRJGqLHQTyXR5OGb+8zUQg+XarbSEtrw=",
+        "lastModified": 1756653691,
+        "narHash": "sha256-tx6C07uPiAzq57mfb4EWDqPRV4BZVqvrlvDfibzL67U=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "113bb8d5ca48dc31c62835b5fafed82092d87a91",
+        "rev": "7a1057ff3f7636bc71f58671c3a1210742149f3b",
        "type": "github"
      },
      "original": {
@ -747,11 +768,11 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1753694789,
-        "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
+        "lastModified": 1756542300,
+        "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
+        "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
        "type": "github"
      },
      "original": {
@ -763,11 +784,11 @@
    },
    "nixpkgs_7": {
      "locked": {
-        "lastModified": 1753432016,
-        "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=",
+        "lastModified": 1756536218,
+        "narHash": "sha256-ynQxPVN2FIPheUgTFhv01gYLbaiSOS7NgWJPm9LF9D0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "6027c30c8e9810896b92429f0092f624f7b1aace",
+        "rev": "a918bb3594dd243c2f8534b3be01b3cb4ed35fd1",
        "type": "github"
      },
      "original": {
@ -843,11 +864,11 @@
        "systems": "systems_4"
      },
      "locked": {
-        "lastModified": 1753878721,
-        "narHash": "sha256-Y+Kr6FTHggnZ31nhaiOhIboIi+dhnLmQ9p0xf0wwnDc=",
+        "lastModified": 1756646417,
+        "narHash": "sha256-1dU+BRKjczVnsTznKGaM0xrWzg2+MGQqWlde0Id9JnI=",
        "owner": "notashelf",
        "repo": "nvf",
-        "rev": "e35a74c44a35b28fd09f136dd3c0dbe9f300258f",
+        "rev": "939fb8cfc630190cd5607526f81693525e3d593b",
        "type": "github"
      },
      "original": {
@ -866,11 +887,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1748196248,
-        "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=",
+        "lastModified": 1756632588,
+        "narHash": "sha256-ydam6eggXf3ZwRutyCABwSbMAlX+5lW6w1SVZQ+kfSo=",
        "owner": "nix-community",
        "repo": "plasma-manager",
-        "rev": "b7697abe89967839b273a863a3805345ea54ab56",
+        "rev": "d47428e5390d6a5a8f764808a4db15929347cd77",
        "type": "github"
      },
      "original": {
@ -905,11 +926,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1753838657,
-        "narHash": "sha256-4FA7NTmrAqW5yt4A3hhzgDmAFD0LbGRMGKhb1LBSItI=",
+        "lastModified": 1756597274,
+        "narHash": "sha256-wfaKRKsEVQDB7pQtAt04vRgFphkVscGRpSx3wG1l50E=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "8611b714597c89b092f3d4874f14acd3f72f44fd",
+        "rev": "21614ed2d3279a9aa1f15c88d293e65a98991b30",
        "type": "github"
      },
      "original": {
@ -946,11 +967,11 @@
        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
-        "lastModified": 1752544651,
-        "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
+        "lastModified": 1754988908,
+        "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "2c8def626f54708a9c38a5861866660395bb3461",
+        "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
        "type": "github"
      },
      "original": {
@ -978,11 +999,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1753919664,
-        "narHash": "sha256-U7Ts8VbVD4Z6n67gFx00dkpQJu27fMu173IUopX3pNI=",
+        "lastModified": 1755997543,
+        "narHash": "sha256-/fejmCQ7AWa655YxyPxRDbhdU7c5+wYsFSjmEMXoBCM=",
        "owner": "nix-community",
        "repo": "stylix",
-        "rev": "30f5022236cf8dd257941cb0f910e198e7e464c7",
+        "rev": "f47c0edcf71e802378b1b7725fa57bb44fe85ee8",
        "type": "github"
      },
      "original": {
@ -1164,18 +1185,19 @@
    },
    "zen-browser": {
      "inputs": {
+        "home-manager": "home-manager_2",
        "nixpkgs": "nixpkgs_10"
      },
      "locked": {
-        "lastModified": 1727721329,
-        "narHash": "sha256-QYlWZwUSwrM7BuO+dXclZIwoPvBIuJr6GpFKv9XKFPI=",
-        "owner": "MarceColl",
+        "lastModified": 1756876659,
+        "narHash": "sha256-B2bpNR7VOoZuKfuNnASfWI/jGveetP2yhG44S3XnI/k=",
+        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
-        "rev": "e6ab73f405e9a2896cce5956c549a9cc359e5fcc",
+        "rev": "07c14b39cad581d9a8bb2dc8959a59e17d26d529",
        "type": "github"
      },
      "original": {
-        "owner": "MarceColl",
+        "owner": "0xc000022070",
        "repo": "zen-browser-flake",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -41,7 +41,7 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    zen-browser.url = "github:MarceColl/zen-browser-flake";
+    zen-browser.url = "github:0xc000022070/zen-browser-flake";

    nix-minecraft.url = "github:Infinidoge/nix-minecraft";

@ -63,11 +63,11 @@
      url = "github:Jovian-Experiments/Jovian-NixOS";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    
+
    grub2-themes = {
      url = "github:vinceliuice/grub2-themes";
    };
-    
+
    nixos-wsl = {
      url = "github:nix-community/nixos-wsl";
      inputs = {
@ -93,8 +93,15 @@
    channels-config = {
      allowUnfree = true;
      permittedInsecurePackages = [
+        # Due to *arr stack
        "dotnet-sdk-6.0.428"
        "aspnetcore-runtime-6.0.36"
+
+        # I think this is because of zen
+        "qtwebengine-5.15.19"
+
+        # For Nheko, the matrix client
+        "olm-3.2.16"
      ];
    };

@ -106,7 +113,7 @@

    homes.modules = with inputs; [
      stylix.homeModules.stylix
-      plasma-manager.homeManagerModules.plasma-manager
+      plasma-manager.homeModules.plasma-manager
    ];
  };
 }
--- a/homes/x86_64-linux/chris@manwe/default.nix
+++ b/homes/x86_64-linux/chris@manwe/default.nix
@ -35,6 +35,7 @@
      bitwarden.enable = true;
      discord.enable = true;
      ladybird.enable = true;
+      nheko.enable = true;
      obs.enable = true;
      onlyoffice.enable = true;
      signal.enable = true;
--- a/modules/home/application/nheko/default.nix
+++ b/modules/home/application/nheko/default.nix
@ -0,0 +1,15 @@
+{ config, lib, pkgs, namespace, osConfig ? {}, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.application.nheko;
+in
+{
+  options.${namespace}.application.nheko = {
+    enable = mkEnableOption "enable nheko (matrix client)";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [ nheko ];
+  };
+}
--- a/modules/home/application/zen/default.nix
+++ b/modules/home/application/zen/default.nix
@ -5,13 +5,15 @@ let
  cfg = config.${namespace}.application.zen;
 in
 {
+  imports = [
+    inputs.zen-browser.homeModules.default
+  ];
+
  options.${namespace}.application.zen = {
    enable = mkEnableOption "enable zen";
  };

  config = mkIf cfg.enable {
-    home.packages = [ inputs.zen-browser.packages.${pkgs.system}.specific ];
-
    home.sessionVariables = {
      MOZ_ENABLE_WAYLAND = "1";
    };
@ -20,20 +22,42 @@ in
      policies = {
        AutofillAddressEnabled = true;
        AutofillCreditCardEnabled = false;
+
+        AppAutoUpdate = false;
        DisableAppUpdate = true;
+        ManualAppUpdateOnly = true;
+
        DisableFeedbackCommands = true;
        DisableFirefoxStudies = true;
        DisablePocket = true;
        DisableTelemetry = true;
-        # DontCheckDefaultBrowser = false;
+
+        DontCheckDefaultBrowser = false;
        NoDefaultBookmarks = true;
-        # OfferToSaveLogins = false;
+        OfferToSaveLogins = false;
        EnableTrackingProtection = {
          Value = true;
          Locked = true;
          Cryptomining = true;
          Fingerprinting = true;
        };
+
+        HttpAllowlist = [
+          "http://ulmo"
+        ];
+      };
+
+      policies.ExtensionSettings = let
+        mkExtension = id: {
+          install_url = "https://addons.mozilla.org/firefox/downloads/latest/${builtins.toString id}/latest.xpi";
+          installation_mode = "force_installed";
+        };
+      in
+      {
+        ublock_origin = 4531307;
+        ghostry = 4562168;
+        bitwarden = 4562769;
+        sponsorblock = 4541835;
      };
    };
  };
--- a/modules/home/home-manager/default.nix
+++ b/modules/home/home-manager/default.nix
@ -4,7 +4,9 @@ let
 in
 {
  systemd.user.startServices = "sd-switch";
-  programs.home-manager.enable = true;
+  programs.home-manager = {
+    enable = true;
+  };

  home.stateVersion = mkDefault (osConfig.system.stateVersion or "25.05");
-}
+}
--- a/modules/nixos/home-manager/default.nix
+++ b/modules/nixos/home-manager/default.nix
@ -0,0 +1,6 @@
+{ ... }:
+{
+  config = {
+    home-manager.backupFileExtension = "back";
+  };
+}
--- a/modules/nixos/nix/default.nix
+++ b/modules/nixos/nix/default.nix
@ -15,10 +15,10 @@ in
    nix = {
      package = pkgs.nixVersions.latest;

-      extraOptions = "experimental-features = nix-command flakes";
+      extraOptions = "experimental-features = nix-command flakes pipe-operators";

      settings = {
-        experimental-features = [ "nix-command" "flakes" ];
+        experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
        allowed-users = [ "@wheel" ];
        trusted-users = [ "@wheel" ];

--- a/modules/nixos/services/authentication/authelia/default.nix
+++ b/modules/nixos/services/authentication/authelia/default.nix
@ -130,6 +130,23 @@ in
              scopes = [ "offline_access" "openid" "email" "picture" "profile" "groups" ];
              redirect_uris = [ "http://localhost:3000/api/auth/oauth2/callback/authelia" ];
            }
+            {
+              client_id = "forgejo";
+              client_name = "forgejo";
+              # ZPuiW2gpVV6MGXIJFk5P3EeSW8V_ICgqduF.hJVCKkrnVmRqIQXRk0o~HSA8ZdCf8joA4m_F
+              client_secret = "$pbkdf2-sha512$310000$CzZjvJT75bz5z7MjwxsEtg$JtOiIgaY5/HcLLxJgyX4zvsQV9jIoow0e4JdlFsk/LWRDOJ0kc.PzstlYfw7QERTXtJILoWsDqPzmvpneK5Leg";
+              public = false;
+              require_pkce = true;
+              pkce_challenge_method = "S256";
+              token_endpoint_auth_method = "client_secret_post";
+              authorization_policy = "one_factor";
+              userinfo_signed_response_alg = "none";
+              consent_mode = "implicit";
+              scopes = [ "offline_access" "openid" "email" "picture" "profile" "groups" ];
+              response_types = [ "code" ];
+              grant_types = [ "authorization_code" ];
+              redirect_uris = [ "http://localhost:5002/user/oauth2/authelia/callback" ];
+            }
          ];
        };
      };
--- a/modules/nixos/services/authentication/default.nix
+++ b/modules/nixos/services/authentication/default.nix
@ -1 +0,0 @@
-{ ... }: {}
--- a/modules/nixos/services/authentication/himmelblau/default.nix
+++ b/modules/nixos/services/authentication/himmelblau/default.nix
--- a/modules/nixos/services/authentication/zitadel.nix
+++ b/modules/nixos/services/authentication/zitadel.nix
@ -1,86 +0,0 @@
-{ config, lib, pkgs, namespace, ... }:
-let
-  inherit (lib) mkIf mkEnableOption;
-
-  cfg = config.${namespace}.services.authentication.zitadel;
-
-  db_name = "zitadel";
-  db_user = "zitadel";
-in
-{
-  options.${namespace}.services.authentication.zitadel = {
-    enable = mkEnableOption "Zitadel";
-  };
-
-  config = mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [
-      zitadel
-    ];
-
-    services = {
-      zitadel = {
-        enable = true;
-        openFirewall = true;
-        masterKeyFile = config.sops.secrets."zitadel/masterKey".path;
-        tlsMode = "external";
-        settings = {
-          Port = 9092;
-          Database = {
-            Host = "/run/postgresql";
-            # Zitadel will report error if port is not set
-            Port = 5432;
-            Database = db_name;
-            User.Username = db_user;
-          };
-        };
-        steps = {
-          TestInstance = {
-            InstanceName = "Zitadel test";
-            Org = {
-              Name = "Kruining.eu";
-              Human = {
-                UserName = "admin";
-                Password = "kaas";
-              };
-            };
-          };
-        };
-      };
-
-      postgresql = {
-        enable = true;
-        ensureDatabases = [ db_name ];
-        ensureUsers = [
-          {
-            name = db_user;
-            ensureDBOwnership = true;
-          }
-        ];
-      };
-
-      caddy = {
-        enable = true;
-        virtualHosts = {
-          "auth-z.kruining.eu".extraConfig = ''
-            reverse_proxy h2c://127.0.0.1:9092
-          '';
-        };
-        # extraConfig = ''
-        #   (auth) {
-        #     forward_auth h2c://127.0.0.1:9092 {
-        #       uri /api/authz/forward-auth
-        #       copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
-        #     }
-        #   }
-        # '';
-      };
-    };
-
-    # Secrets
-    sops.secrets."zitadel/masterKey" = {
-      owner = "zitadel";
-      group = "zitadel";
-      restartUnits = [ "zitadel.service" ];
-    };
-  };
-}
--- a/modules/nixos/services/authentication/zitadel/default.nix
+++ b/modules/nixos/services/authentication/zitadel/default.nix
@ -0,0 +1,142 @@
+{ config, lib, pkgs, namespace, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.services.authentication.zitadel;
+
+  db_name = "zitadel";
+  db_user = "zitadel";
+in
+{
+  options.${namespace}.services.authentication.zitadel = {
+    enable = mkEnableOption "Zitadel";
+  };
+
+  config = mkIf cfg.enable {
+    ${namespace}.services.persistance.postgresql.enable = true;
+
+    environment.systemPackages = with pkgs; [
+      zitadel
+    ];
+
+    services = {
+      zitadel = {
+        enable = true;
+        openFirewall = true;
+        # masterKeyFile = config.sops.secrets."zitadel/masterKey".path;
+        masterKeyFile = "/var/lib/zitadel/master_key";
+        tlsMode = "external";
+        settings = {
+          Port = 9092;
+
+          ExternalDomain = "auth.amarth.cloud";
+          ExternalPort = 443;
+          ExternalSecure = true;
+
+          Metrics.Type = "otel";
+          Tracing.Type = "otel";
+          Telemetry.Enabled = true;
+
+          SystemDefaults = {
+            PasswordHasher.Hasher.Algorithm = "argon2id";
+            SecretHasher.Hasher.Algorithm = "argon2id";
+          };
+
+          DefaultInstance = {
+            PasswordComplexityPolicy = {
+              MinLength = 20;
+              HasLowercase = false;
+              HasUppercase = false;
+              HasNumber = false;
+              HasSymbol = false;
+            };
+            LoginPolicy = {
+              AllowRegister = false;
+              ForceMFA = true;
+            };
+            LockoutPolicy = {
+              MaxPasswordAttempts = 5;
+              MaxOTPAttempts = 10;
+            };
+            SMTPConfiguration = {
+              SMTP = {
+                Host = "black-mail.nl:587";
+                User = "info@amarth.cloud";
+                Password = "__TODO_USE_SOPS__";
+              };
+              FromName = "Amarth Zitadel";
+            };
+          };
+
+          Database.postgres = {
+            Host = "localhost";
+            # Zitadel will report error if port is not set
+            Port = 5432;
+            Database = db_name;
+            User = {
+              Username = db_user;
+              SSL.Mode = "disable";
+            };
+            Admin = {
+              Username = "postgres";
+              SSL.Mode = "disable";
+            };
+          };
+        };
+        steps = {
+          FirstInstance = {
+            InstanceName = "auth.amarth.cloud";
+            Org = {
+              Name = "Amarth";
+              Human = {
+                UserName = "chris";
+                FirstName = "Chris";
+                LastName = "Kruining";
+                Email = {
+                  Address = "chris@kruining.eu";
+                  Verified = true;
+                };
+                Password = "KaasIsAwesome1!";
+              };
+            };
+          };
+        };
+      };
+
+      postgresql = {
+        enable = true;
+        ensureDatabases = [ db_name ];
+        ensureUsers = [
+          {
+            name = db_user;
+            ensureDBOwnership = true;
+          }
+        ];
+      };
+
+      caddy = {
+        enable = true;
+        virtualHosts = {
+          "auth.amarth.cloud".extraConfig = ''
+            reverse_proxy h2c://127.0.0.1:9092
+          '';
+        };
+        extraConfig = ''
+          (auth-z) {
+            forward_auth h2c://127.0.0.1:9092 {
+              uri /api/authz/forward-auth
+              copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+            }
+          }
+        '';
+      };
+    };
+
+    # Secrets
+    sops.secrets."zitadel/masterKey" = {
+      owner = "zitadel";
+      group = "zitadel";
+      restartUnits = [ "zitadel.service" ];
+    };
+  };
+}
--- a/modules/nixos/services/communication/conduit/default.nix
+++ b/modules/nixos/services/communication/conduit/default.nix
@ -0,0 +1,56 @@
+{ config, lib, pkgs, namespace, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.services.communication.conduit;
+  domain = "matrix.kruining.eu";
+in
+{
+  options.${namespace}.services.communication.conduit = {
+    enable = mkEnableOption "conduit (Matrix server)";
+  };
+
+  config = mkIf cfg.enable {
+    # ${namespace}.services = {
+    #   persistance.postgresql.enable = true;
+    #   virtualisation.podman.enable = true;
+    # };
+
+    services = {
+      matrix-conduit = {
+        enable = true;
+
+        settings.global = {
+          address = "::1";
+          port = 4001;
+
+          database_backend = "rocksdb";
+
+          server_name = "chris-matrix";
+        };
+      };
+
+      # postgresql = {
+      #   enable = true;
+      #   ensureDatabases = [ "conduit" ];
+      #   ensureUsers = [
+      #     {
+      #       name = "conduit";
+      #       ensureDBOwnership = true;
+      #     }
+      #   ];
+      # };
+
+      caddy = {
+        enable = true;
+        virtualHosts = {
+          ${domain}.extraConfig = ''
+            # import auth-z
+
+            # reverse_proxy http://127.0.0.1:5002
+          '';
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/services/development/forgejo/default.nix
+++ b/modules/nixos/services/development/forgejo/default.nix
@ -0,0 +1,169 @@
+{ config, lib, pkgs, namespace, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.services.development.forgejo;
+  domain = "git.amarth.cloud";
+in
+{
+  options.${namespace}.services.development.forgejo = {
+    enable = mkEnableOption "Forgejo";
+  };
+
+  config = mkIf cfg.enable {
+    ${namespace}.services = {
+      persistance.postgresql.enable = true;
+      virtualisation.podman.enable = true;
+    };
+
+    environment.systemPackages = with pkgs; [ forgejo ];
+
+    services = {
+      forgejo = {
+        enable = true;
+        useWizard = false;
+        database.type = "postgres";
+
+        settings = {
+          DEFAULT = {
+            APP_NAME = "Tamin Amarth";
+            APP_SLOGAN = "Where code is forged";
+          };
+
+          server = {
+            DOMAIN = domain;
+            ROOT_URL = "https://${domain}/";
+            HTTP_PORT = 5002;
+            LANDING_PAGE = "explore";
+          };
+
+          cors = {
+            ENABLED = true;
+            ALLOW_DOMAIN = "https://*.amarth.cloud";
+          };
+
+          security = {
+            INSTALL_LOCK = true;
+            PASSWORD_HASH_ALGO = "argon2";
+            DISABLE_WEBHOOKS = true;
+          };
+
+          ui = {
+            EXPLORE_PAGING_NUM = 50;
+            ISSUE_PAGING_NUM = 50;
+            MEMBERS_PAGING_NUM = 50;
+          };
+
+          "ui.meta" = {
+            AUTHOR = "Where code is forged!";
+            DESCRIPTION = "Self-hosted solution for git, because FOSS is the anvil of the future";
+          };
+
+          admin = {
+            USER_DISABLED_FEATURES = "manage_gpg_keys";
+            EXTERNAL_USER_DISABLE_FEATURES = "manage_gpg_keys";
+          };
+
+          service = {
+            # Auth
+            ENABLE_BASIC_AUTHENTICATION = false;
+            DISABLE_REGISTRATION = false;
+            ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+            SHOW_REGISTRATION_BUTTON = false;
+
+            # Privacy
+            DEFAULT_KEEP_EMAIL_PRIVATE = true;
+            DEFAULT_USER_VISIBILITY = "private";
+            DEFAULT_ORG_VISIBILITY = "private";
+
+            # Common sense
+            VALID_SITE_URL_SCHEMES = "https";
+          };
+
+          openid = {
+            ENABLE_OPENID_SIGNIN = true;
+            ENABLE_OPENID_SIGNUP = true;
+            WHITELISTED_URIS = "https://auth.amarth.cloud";
+          };
+
+          oauth2_client = {
+            ENABLE_AUTO_REGISTRATION = true;
+            UPDATE_AVATAR = true;
+            ACCOUNT_LINKING = "auto";
+          };
+
+          actions = {
+            ENABLED = true;
+            # DEFAULT_ACTIONS_URL = "https://data.forgejo.org";
+          };
+
+          other = {
+            SHOW_FOOTER_VERSION = false;
+            SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
+          };
+
+          api = {
+            ENABLE_SWAGGER = false;
+          };
+
+          mirror = {
+            ENABLED = false;
+          };
+
+          session = {
+            PROVIDER = "db";
+            COOKIE_SECURE = true;
+          };
+
+          mailer = {
+            ENABLED = true;
+            PROTOCOL = "smtp+starttls";
+            SMTP_ADDR = "black-mail.nl";
+            SMTP_PORT = 587;
+            FROM = "info@amarth.cloud";
+            USER = "info@amarth.cloud";
+            PASSWD = "__TODO_USE_SOPS__";
+          };
+        };
+      };
+
+      openssh.settings.AllowUsers = [ "forgejo" ];
+
+      gitea-actions-runner = {
+        package = pkgs.forgejo-actions-runner;
+        instances.default = {
+          enable = true;
+          name = "default";
+          url = "https://git.amarth.cloud";
+          # Obtaining the path to the runner token file may differ
+          # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
+          # tokenFile = config.age.secrets.forgejo-runner-token.path;
+          token = "ZBetud1F0IQ9VjVFpZ9bu0FXgx9zcsy1x25yvjhw";
+          labels = [
+            "default:docker://nixos/nix:latest"
+            "ubuntu:docker://ubuntu:24-bookworm"
+            "nix:docker://git.amarth.cloud/amarth/runners/default:latest"
+          ];
+          settings = {
+            log.level = "info";
+          };
+        };
+      };
+
+      caddy = {
+        enable = true;
+        virtualHosts = {
+          ${domain}.extraConfig = ''
+            # import auth-z
+
+            # stupid dumb way to prevent the login page and go to zitadel instead
+            # be aware that this does not disable local login at all!
+            # rewrite /user/login /user/oauth2/Zitadel
+
+            reverse_proxy http://127.0.0.1:5002
+          '';
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/services/media/default.nix
+++ b/modules/nixos/services/media/default.nix
@ -66,33 +66,73 @@ in
    # Services
    #=========================================================================
    services = let
-      serviceConf = {
+      arrService = {
+        enable = true;
+        openFirewall = true;
+
+        settings = {
+          auth.AuthenticationMethod = "External";
+
+          # postgres = {
+          #   PostgresHost = "localhost";
+          #   PostgresPort = "5432";
+          #   PostgresUser = "media";
+          # };
+        };
+      };
+
+      withPort = port: service: service // { settings.server.Port = builtins.toString port; };
+
+      withUserAndGroup = service: service  // {
+        user = cfg.user;
+        group = cfg.group;
+      };
+    in {
+      radarr =
+        arrService
+        |> withPort 2001
+        |> withUserAndGroup;
+
+      sonarr =
+        arrService
+        |> withPort 2002
+        |> withUserAndGroup;
+
+      lidarr =
+        arrService
+        |> withPort 2003
+        |> withUserAndGroup;
+        
+      prowlarr =
+        arrService
+        |> withPort 2004;
+
+      bazarr = {
+        enable = true;
+        openFirewall = true;
+        user = cfg.user;
+        group = cfg.group;
+        listenPort = 2005;
+      };
+
+      # port is harcoded in nixpkgs module
+      jellyfin = {
        enable = true;
        openFirewall = true;
        user = cfg.user;
        group = cfg.group;
      };
-    in {
-      jellyfin = serviceConf;
-      radarr = serviceConf;
-      sonarr = serviceConf;
-      bazarr = serviceConf;
-      lidarr = serviceConf;

-      jellyseerr = {
-        enable = true;
-        openFirewall = true;
-      };
-
-      prowlarr = {
+      flaresolverr = {
        enable = true;
        openFirewall = true;
+        port = 2007;
      };

      qbittorrent = {
        enable = true;
        openFirewall = true;
-        webuiPort = 5000;
+        webuiPort = 2008;

        serverConfig = {
          LegalNotice.Accepted = true;
@ -102,6 +142,7 @@ in
        group = cfg.group;
      };

+      # port is harcoded in nixpkgs module
      sabnzbd = {
        enable = true;
        openFirewall = true;
@ -111,46 +152,49 @@ in
        group = cfg.group;
      };

+      # postgresql = {
+      #   enable = true;
+      #   ensureDatabases = [
+      #     "radarr-main" "radarr-log"
+      #     "sonarr-main" "sonarr-log"
+      #     "lidarr-main" "lidarr-log"
+      #     "prowlarr-main" "prowlarr-log"
+      #   ];
+      #   identMap = ''
+      #     media media radarr-main
+      #     media media radarr-log
+      #     media media sonarr-main
+      #     media media sonarr-log
+      #     media media lidarr-main
+      #     media media lidarr-log
+      #     media media prowlarr-main
+      #     media media prowlarr-log
+      #   '';
+      #   ensureUsers = [
+      #     { name = "radarr-main"; ensureDBOwnership = true; }
+      #     { name = "radarr-log"; ensureDBOwnership = true; }
+
+      #     { name = "sonarr-main"; ensureDBOwnership = true; }
+      #     { name = "sonarr-log"; ensureDBOwnership = true; }
+          
+      #     { name = "lidarr-main"; ensureDBOwnership = true; }
+      #     { name = "lidarr-log"; ensureDBOwnership = true; }
+          
+      #     { name = "prowlarr-main"; ensureDBOwnership = true; }
+      #     { name = "prowlarr-log"; ensureDBOwnership = true; }
+      #   ];
+      # };
+
      caddy = {
        enable = true;
        virtualHosts = {
-          "media.kruining.eu".extraConfig = ''
-            import auth
-
-            reverse_proxy http://127.0.0.1:9494
-          '';
          "jellyfin.kruining.eu".extraConfig = ''
-            reverse_proxy http://127.0.0.1:8096
+            reverse_proxy http://[::1]:8096
          '';
        };
      };
    };

    systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
-
-    ${namespace}.services.virtualisation.podman.enable = true;
-
-    virtualisation = {
-      oci-containers = {
-        backend = "podman";
-
-        containers = {
-          flaresolverr = {
-            image = "flaresolverr/flaresolverr";
-            autoStart = true;
-            ports = [ "127.0.0.1:8191:8191" ];
-          };
-
-          reiverr = {
-            image = "ghcr.io/aleksilassila/reiverr:v2.2.0";
-            autoStart = true;
-            ports = [ "127.0.0.1:9494:9494" ];
-            volumes = [ "${cfg.path}/reiverr/config:/config" ];
-          };
-        };
-      };
-    };
-
-    networking.firewall.allowedTCPPorts = [ 80 443 6969 ];
  };
 }
--- a/modules/nixos/services/media/homer/default.nix
+++ b/modules/nixos/services/media/homer/default.nix
@ -0,0 +1,161 @@
+{ config, lib, namespace, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.services.media.homer;
+in
+{
+  options.${namespace}.services.media.homer = {
+    enable = mkEnableOption "Enable homer";
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ 2000 ];
+
+    services = {
+      homer = {
+        enable = true;
+
+        virtualHost = {
+          caddy.enable = true;
+          domain = "http://:2000";
+        };
+
+        settings = {
+          title = "Ulmo dashboard";
+
+          columns = 4;
+          connectivityCheck = true;
+
+          links = [];
+
+          services = [
+            {
+              name = "Services";
+              items = [
+                {
+                  name = "Zitadel";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/zitadel.svg";
+                  tag = "app";
+                  url = "https://auth.amarth.cloud";
+                  target = "_blank";
+                }
+
+                {
+                  name = "Forgejo";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/forgejo.svg";
+                  tag = "app";
+                  type = "Gitea";
+                  url = "https://git.amarth.cloud";
+                  target = "_blank";
+                }
+
+                {
+                  name = "Vaultwarden";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/vaultwarden.svg";
+                  type = "Vaultwarden";
+                  tag = "app";
+                  url = "https://vault.kruining.eu";
+                  target = "_blank";
+                }
+              ];
+            }
+
+            {
+              name = "Observability";
+              items = [
+                {
+                  name = "Grafana";
+                  type = "Grafana";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/grafana.svg";
+                  tag = "app";
+                  url = "http://${config.networking.hostName}:${builtins.toString config.services.grafana.settings.server.http_port}";
+                  target = "_blank";
+                }
+
+                {
+                  name = "Prometheus";
+                  type = "Prometheus";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/prometheus.svg";
+                  tag = "app";
+                  url = "http://${config.networking.hostName}:${builtins.toString config.services.prometheus.port}";
+                  target = "_blank";
+                }
+              ];
+            }
+
+            {
+              name = "Media";
+              items = [
+                {
+                  name = "Jellyfin (Movies)";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/jellyfin.svg";
+                  tag = "app";
+                  type = "Emby";
+                  url = "http://${config.networking.hostName}:8096";
+                  apikey = "e3ceed943eeb409ba8342738db7cc1f5";
+                  libraryType = "movies";
+                  target = "_blank";
+                }
+
+                {
+                  name = "Radarr";
+                  type = "Radarr";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/radarr.svg";
+                  tag = "app";
+                  url = "http://${config.networking.hostName}:${builtins.toString config.services.radarr.settings.server.port}";
+                  target = "_blank";
+                }
+
+                {
+                  name = "Sonarr";
+                  type = "Sonarr";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/sonarr.svg";
+                  tag = "app";
+                  url = "http://${config.networking.hostName}:${builtins.toString config.services.sonarr.settings.server.port}";
+                  target = "_blank";
+                }
+
+                {
+                  name = "Lidarr";
+                  type = "Lidarr";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/lidarr.svg";
+                  tag = "app";
+                  url = "http://${config.networking.hostName}:${builtins.toString config.services.lidarr.settings.server.port}";
+                  target = "_blank";
+                }
+
+                {
+                  name = "Prowlarr";
+                  type = "Prowlarr";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/prowlarr.svg";
+                  tag = "app";
+                  url = "http://${config.networking.hostName}:${builtins.toString config.services.prowlarr.settings.server.port}";
+                  target = "_blank";
+                }
+
+                {
+                  name = "qBittorrent";
+                  type = "qBittorrent";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/qbittorrent.svg";
+                  tag = "app";
+                  url = "http://${config.networking.hostName}:${builtins.toString config.services.qbittorrent.webuiPort}";
+                  target = "_blank";
+                }
+
+                {
+                  name = "SABnzbd";
+                  type = "SABnzbd";
+                  logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/sabnzdb-light.svg";
+                  tag = "app";
+                  url = "http://${config.networking.hostName}:8080";
+                  target = "_blank";
+                }
+              ];
+            }
+          ];
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/services/media/nextcloud/default.nix
+++ b/modules/nixos/services/media/nextcloud/default.nix
@ -6,7 +6,7 @@ let
  cfg = config.${namespace}.services.media.nextcloud;
 in
 {
-  options.modules.services.nextcloud = {
+  options.${namespace}.services.media.nextcloud = {
    enable = mkEnableOption "Nextcloud";

    user = mkOption {
@ -40,7 +40,7 @@ in

    services.nextcloud = {
      enable = true;
-      webserver = "caddy";
+      # webserver = "caddy";
      package = pkgs.nextcloud31;
      hostName = "localhost";

--- a/modules/nixos/services/media/nfs/default.nix
+++ b/modules/nixos/services/media/nfs/default.nix
@ -2,10 +2,10 @@
 let
  inherit (lib) mkIf mkEnableOption;

-  cfg = config.${namespace}.media.nfs;
+  cfg = config.${namespace}.services.media.nfs;
 in
 {
-  options.${namespace}.media.nfs = {
+  options.${namespace}.services.media.nfs = {
    enable = mkEnableOption "Enable NFS";
  };

--- a/modules/nixos/services/observability/grafana/dashboards/default.json
+++ b/modules/nixos/services/observability/grafana/dashboards/default.json
@ -0,0 +1,7 @@
+{
+  "title": "Default Dash",
+  "description": "The default dashboard",
+  "timezone": "browser",
+  "editable": false,
+  "panels": []
+}
--- a/modules/nixos/services/observability/grafana/default.nix
+++ b/modules/nixos/services/observability/grafana/default.nix
@ -0,0 +1,130 @@
+{ pkgs, config, lib, namespace, ... }:
+let
+  inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
+
+  cfg = config.${namespace}.services.observability.grafana;
+
+  db_user = "grafana";
+  db_name = "grafana";
+in
+{
+  options.${namespace}.services.observability.grafana = {
+    enable = mkEnableOption "enable Grafana";
+  };
+
+  config = mkIf cfg.enable {
+    services = {
+      grafana = {
+        enable = true;
+        openFirewall = true;
+
+        settings = {
+          server = {
+            http_port = 9001;
+            http_addr = "0.0.0.0";
+            domain = "ulmo";
+          };
+
+          auth = {
+            disable_login_form = false;
+            oauth_auto_login = true;
+          };
+
+          "auth.basic".enable = false;
+          "auth.generic_oauth" = {
+            enable = true;
+            name = "Zitadel";
+            client_id = "334170712283611395";
+            client_secret = "AFjypmURdladmQn1gz2Ke0Ta5LQXapnuKkALVZ43riCL4qWicgV2Z6RlwpoWBZg1";
+            scopes = "openid email profile offline_access urn:zitadel:iam:org:project:roles";
+            email_attribute_path = "email";
+            login_attribute_path = "username";
+            name_attribute_path = "full_name";
+            role_attribute_path = "contains(urn:zitadel:iam:org:project:roles[*], 'owner') && 'GrafanaAdmin' || contains(urn:zitadel:iam:org:project:roles[*], 'contributer') && 'Editor' || 'Viewer'";
+            auth_url = "https://auth.amarth.cloud/oauth/v2/authorize";
+            token_url = "https://auth.amarth.cloud/oauth/v2/token";
+            api_url = "https://auth.amarth.cloud/oidc/v1/userinfo";
+            allow_sign_up = true;
+            auto_login = true;
+            use_pkce = true;
+            usr_refresh_token = true;
+            allow_assign_grafana_admin = true;
+          };
+
+          database = {
+            type = "postgres";
+            host = "/var/run/postgresql:5432";
+            name = db_name;
+            user = db_user;
+            ssl_mode = "disable";
+          };
+
+          users = {
+            allow_sign_up = false;
+            allow_org_create = false;
+            viewers_can_edit = false;
+            
+            default_theme = "system";
+          };
+
+          analytics = {
+            reporting_enabled = false;
+            check_for_updates = false;
+            check_for_plugin_updates = false;
+            feedback_links_enabled = false;
+          };
+        };
+
+        provision = {
+          enable = true;
+
+          dashboards.settings = {
+            apiVersion = 1;
+            providers = [
+              {
+                name = "Default Dashboard";
+                disableDeletion = true;
+                allowUiUpdates = false;
+                options = {
+                  path = "/etc/grafana/dashboards";
+                  foldersFromFilesStructure = true;
+                };
+              }
+            ];
+          };
+
+          datasources.settings.datasources = [
+            {
+              name = "Prometheus";
+              type = "prometheus";
+              url = "http://localhost:9005";
+              isDefault = true;
+              editable = false;
+            }
+
+            {
+              name = "Loki";
+              type = "loki";
+              url = "http://localhost:9003";
+              editable = false;
+            }
+          ];
+        };
+      };
+
+      postgresql = {
+        enable = true;
+        ensureDatabases = [ db_name ];
+        ensureUsers = [
+          {
+            name = db_user;
+            ensureDBOwnership = true;
+          }
+        ];
+      };
+    };
+
+    environment.etc."/grafana/dashboards/default.json".source = ./dashboards/default.json;
+  };
+}
--- a/modules/nixos/services/observability/loki/default.nix
+++ b/modules/nixos/services/observability/loki/default.nix
@ -0,0 +1,49 @@
+{ pkgs, config, lib, namespace, ... }:
+let
+  inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
+
+  cfg = config.${namespace}.services.observability.loki;
+in
+{
+  options.${namespace}.services.observability.loki = {
+    enable = mkEnableOption "enable Grafana Loki";
+  };
+
+  config = mkIf cfg.enable {
+    services.loki = {
+      enable = true;
+      configuration = {
+        auth_enabled = false;
+
+        server = {
+          http_listen_port = 9003;
+        };
+
+        common = {
+          ring = {
+            instance_addr = "127.0.0.1";
+            kvstore.store = "inmmemory";
+          };
+          replication_factor = 1;
+          path_prefix = "/tmp/loki";
+        };
+
+        schema_config.configs = [
+          {
+            from = "2025-01-01";
+            store = "tsdb";
+            object_store = "filesystem";
+            schema = "v13";
+            index = {
+              prefix = "index_";
+              period = "24h";
+            };
+          }
+        ];
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ 9003 ];
+  };
+}
--- a/modules/nixos/services/observability/prometheus/default.nix
+++ b/modules/nixos/services/observability/prometheus/default.nix
@ -0,0 +1,48 @@
+{ pkgs, config, lib, namespace, ... }:
+let
+  inherit (builtins) toString;
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.services.observability.prometheus;
+in
+{
+  options.${namespace}.services.observability.prometheus = {
+    enable = mkEnableOption "enable Prometheus";
+  };
+
+  config = mkIf cfg.enable {
+    services.prometheus = {
+      enable = true;
+      port = 9002;
+
+      globalConfig.scrape_interval = "15s";
+
+      scrapeConfigs = [
+        {
+          job_name = "prometheus";
+          static_configs = [
+            { targets = [ "localhost:9002" ]; }
+          ];
+        }
+
+        {
+          job_name = "node";
+          static_configs = [
+            { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
+          ];
+        }
+      ];
+
+      exporters = {
+        node = {
+          enable = true;
+          port = 9005;
+          enabledCollectors = [ "systemd" ];
+          openFirewall = true;
+        };
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ 9002 ];
+  };
+}
--- a/modules/nixos/services/observability/promtail/default.nix
+++ b/modules/nixos/services/observability/promtail/default.nix
@ -0,0 +1,56 @@
+{ pkgs, config, lib, namespace, ... }:
+let
+  inherit (lib.modules) mkIf;
+  inherit (lib.options) mkEnableOption;
+
+  cfg = config.${namespace}.services.observability.promtail;
+in
+{
+  options.${namespace}.services.observability.promtail = {
+    enable = mkEnableOption "enable Grafana Promtail";
+  };
+
+  config = mkIf cfg.enable {
+    services.promtail = {
+      enable = true;
+
+      # Ensures proper permissions
+      extraFlags = [
+        "-config.expand-env=true"
+      ];
+
+      configuration = {
+        server = {
+          http_listen_port = 9004;
+          grpc_listen_port = 0;
+        };
+
+        positions = {
+          filename = "filename";
+        };
+
+        clients = {
+          url = "http://127.0.0.1:3100/loki/api/v1/push";
+        };
+
+        scrape_configs = [
+          {
+            job_name = "journal";
+            journal = {
+              max_age = "12h";
+              labels = {
+                job = "systemd-journal";
+                host = "ulmo";
+              };
+            };
+            relabel_configs = [
+              { source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; }
+            ];
+          }
+        ];
+      };
+    };
+    
+    networking.firewall.allowedTCPPorts = [ 9004 ];
+  };
+}
--- a/modules/nixos/services/persistance/postgesql/default.nix
+++ b/modules/nixos/services/persistance/postgesql/default.nix
@ -0,0 +1,26 @@
+{ config, lib, pkgs, namespace, ... }:
+let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.services.persistance.postgresql;
+in
+{
+  options.${namespace}.services.persistance.postgresql = {
+    enable = mkEnableOption "Postgresql";
+  };
+
+  config = mkIf cfg.enable {
+    services = {
+      postgresql = {
+        enable = true;
+        authentication = ''
+          # Generated file, do not edit!
+          # TYPE  DATABASE  USER  ADDRESS       METHOD
+          local   all       all                 trust
+          host    all       all   127.0.0.1/32  trust
+          host    all       all   ::1/128       trust
+        '';
+      };
+    };
+  };
+}
--- a/modules/nixos/services/security/vaultwarden/default.nix
+++ b/modules/nixos/services/security/vaultwarden/default.nix
@ -1,7 +1,7 @@
 { pkgs, config, lib, namespace, ... }:
 let
-  inherit (lib.modules) mkIf;
-  inherit (lib.options) mkEnableOption;
+  inherit (builtins) toString;
+  inherit (lib) mkIf mkEnableOption;

  cfg = config.${namespace}.services.security.vaultwarden;
 in
@ -11,18 +11,82 @@ in
  };

  config = mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [
-      vaultwarden
-      vaultwarden-postgresql
+    systemd.tmpfiles.rules = [
+      "d '/var/lib/vaultwarden' 0700 vaultwarden vaultwarden - -"
    ];

-    services.vaultwarden = {
-      enable = true;
-      dbBackend = "postgresql";
+    services = {
+      vaultwarden = {
+        enable = true;
+        dbBackend = "postgresql";

-      config = {
-        SIGNUPS_ALLOWED = false;
-        DOMAIN = "https://passwords.kruining.eu";
+        package = pkgs.${namespace}.vaultwarden;
+
+        config = {
+          SIGNUPS_ALLOWED = false;
+          DOMAIN = "https://vault.kruining.eu";
+
+          ADMIN_TOKEN = "";
+
+          DATABASE_URL = "postgres://localhost:5432/vaultwarden?sslmode=disable";
+
+          WEB_VAULT_ENABLED = true;
+
+          SSO_ENABLED = true;
+          SSO_ONLY = true;
+          SSO_PKCE = true;
+          SSO_AUTH_ONLY_NOT_SESSION = false;
+          SSO_ROLES_ENABLED = true;
+          SSO_ORGANIZATIONS_ENABLED = true;
+          SSO_ORGANIZATIONS_REVOCATION = true;
+          SSO_AUTHORITY = "https://auth.amarth.cloud/";
+          SSO_SCOPES = "email profile offline_access";
+          SSO_AUDIENCE_TRUSTED = "^333297815511892227$";
+          SSO_CLIENT_ID = "335178854421299459";
+          SSO_CLIENT_SECRET = "";
+
+          ROCKET_ADDRESS = "::1";
+          ROCKET_PORT = 8222;
+          ROCKET_LOG = "critical";
+
+          SMTP_HOST = "black-mail.nl";
+          SMTP_PORT = 587;
+          SMTP_SECURITY = "starttls";
+          SMTP_USERNAME = "info@amarth.cloud";
+          SMTP_PASSWORD = "";
+          SMTP_FROM = "info@amarth.cloud";
+          SMTP_FROM_NAME = "Chris' Vaultwarden";
+        };
+      };
+
+      postgresql = {
+        enable = true;
+        ensureDatabases = [ "vaultwarden" ];
+        ensureUsers = [
+          {
+            name = "vaultwarden";
+            ensureDBOwnership = true;
+          }
+        ];
+      };
+
+      caddy = {
+        enable = true;
+        virtualHosts = {
+          "vault.kruining.eu".extraConfig = ''
+            encode zstd gzip
+
+            handle_path /admin {
+              respond 401 {
+                close
+              }
+            }
+
+            reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} {
+              header_up X-Real-IP {remote_host}
+            }
+          '';
+        };
      };
    };
  };
--- a/modules/nixos/services/virtualisation/podman/default.nix
+++ b/modules/nixos/services/virtualisation/podman/default.nix
@ -12,6 +12,7 @@ in
  config = mkIf cfg.enable {
    virtualisation = {
      containers.enable = true;
+      oci-containers.backend = "podman";

      podman = {
        enable = true;
--- a/modules/nixos/system/security/sops/default.nix
+++ b/modules/nixos/system/security/sops/default.nix
@ -13,7 +13,7 @@ in
    environment.systemPackages = with pkgs; [ sops ];

    sops = {
-      defaultSopsFile = ../../../../secrets/secrets.yaml;
+      defaultSopsFile = ../../../../../_secrets/secrets.yaml;
      defaultSopsFormat = "yaml";

      age.keyFile = "/home/";
--- a/modules/nixos/system/security/sudo/default.nix
+++ b/modules/nixos/system/security/sudo/default.nix
@ -14,9 +14,8 @@ in
      
      sudo-rs = {
        enable = true;
-        extraConfig = ''
-          Defaults env_keep += "EDITOR PATH DISPLAY"
-        '';
+        execWheelOnly = true;
+        extraConfig = ''Defaults env_keep += "EDITOR PATH DISPLAY"'';
      };
    };
  };
--- a/packages/vaultwarden/default.nix
+++ b/packages/vaultwarden/default.nix
@ -0,0 +1,29 @@
+{ lib, stdenv, rustPlatform, fetchFromGitHub, openssl, pkg-config, postgresql, dbBackend ? "postgresql", ... }:
+rustPlatform.buildRustPackage rec {
+  pname = "vaultwarden";
+  version = "1.34.3";
+
+  src = fetchFromGitHub {
+    owner = "Timshel";
+    repo = "vaultwarden";
+    rev = "1.34.3";
+    hash = "sha256-Dj0ySVRvBZ/57+UHas3VI8bi/0JBRqn0IW1Dq+405J0=";
+  };
+
+  cargoHash = "sha256-4sDagd2XGamBz1XvDj4ycRVJ0F+4iwHOPlj/RglNDqE=";
+
+  # used for "Server Installed" version in admin panel
+  env.VW_VERSION = version;
+
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs =
+    [ openssl ]
+    ++ lib.optional (dbBackend == "postgresql") postgresql;
+
+  buildFeatures = dbBackend;
+
+  meta = with lib; {
+    license = licenses.agpl3Only;
+    mainProgram = "vaultwarden";
+  };
+}
--- a/systems/x86_64-linux/ulmo/default.nix
+++ b/systems/x86_64-linux/ulmo/default.nix
@ -7,8 +7,27 @@

  sneeuwvlok = {
    services = {
+      authentication.authelia.enable = true;
+      authentication.zitadel.enable = true;
+
+      communication.conduit.enable = true;
+
+      development.forgejo.enable = true;
+
      networking.ssh.enable = true;
+
      media.enable = true;
+      media.homer.enable = true;
+      media.nfs.enable = true;
+
+      observability = {
+        grafana.enable = true;
+        prometheus.enable = true;
+        loki.enable = true;
+        promtail.enable = true;
+      };
+
+      security.vaultwarden.enable = true;
    };

    editor = {
Author	SHA1	Message	Date
Chris Kruining	9ebe4fd4e7	alright, time to try it	2025-09-08 16:24:36 +02:00
Chris Kruining	2a79a4eb63	next iteration for forgejo runners	2025-09-08 16:18:02 +02:00
Chris Kruining	1d6f488ebd	. Some checks failed Test action / Print hello world (push) Failing after 2m46s Details	2025-09-08 16:14:15 +02:00
Chris Kruining	ec827c4187	update pipeline Some checks failed Test action / Print hello world (push) Failing after 1m51s Details	2025-09-08 09:03:27 +02:00
Chris Kruining	fe5cce0946	initial conduit setup Some checks failed Test action / Print hello world (push) Failing after 9s Details	2025-09-07 22:26:09 +02:00
Chris Kruining	ce7b147d04	move runner Some checks failed Test action / Print hello world (push) Failing after 9s Details	2025-09-07 20:47:45 +02:00
Chris Kruining	7f6f1166a4	add backup extension for home manager	2025-09-07 20:47:33 +02:00
Chris Kruining	288e354edf	add nheko	2025-09-07 20:06:56 +02:00
Chris Kruining	0689c338ac	solve compilation errors	2025-09-07 18:12:08 +02:00
Chris Kruining	2ca6339fe6	fix typo	2025-09-07 18:11:36 +02:00
Chris Kruining	98c9424db5	aaha, there is the code I forgot to commit... Some checks failed Test action / Print hello world (push) Failing after 1m52s Details	2025-09-07 17:30:52 +02:00
Chris Kruining	d3e7de5f5a	asdf Some checks failed Test action / Print hello world (push) Failing after 1m54s Details	2025-09-04 15:57:29 +02:00
Chris Kruining	7ac547bd81	parameterize git clone	2025-09-04 15:55:58 +02:00
Chris Kruining	f31317304e	riiight, should've seen that one coming.... Some checks failed Test action / Print hello world (push) Failing after 1m53s Details	2025-09-04 15:53:35 +02:00
Chris Kruining	cd53e4c008	sdfasdfg Some checks failed Test action / Print hello world (push) Failing after 1m49s Details	2025-09-04 15:50:38 +02:00
Chris Kruining	522041cbae	waaaaaaggh Some checks failed Test action / Print hello world (push) Failing after 1m50s Details	2025-09-04 15:47:37 +02:00
Chris Kruining	8b9e1a14a8	,... Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 15:47:10 +02:00
Chris Kruining	a0e2d8db71	. Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 15:46:25 +02:00
Chris Kruining	7070382596	runAsRoot requires kvm... Some checks failed Test action / Print hello world (push) Failing after 1m50s Details	2025-09-04 15:43:18 +02:00
Chris Kruining	1cbfb6b5c0	. Some checks failed Test action / Print hello world (push) Failing after 27s Details	2025-09-04 15:34:40 +02:00
Chris Kruining	237d208e93	siiiiigh Some checks failed Test action / Print hello world (push) Failing after 29s Details	2025-09-04 15:28:59 +02:00
Chris Kruining	a114f0a7f8	. Some checks failed Test action / Print hello world (push) Failing after 1m47s Details	2025-09-04 15:26:18 +02:00
Chris Kruining	3aaad47c2b	whoops Some checks failed Test action / Print hello world (push) Failing after 1m49s Details	2025-09-04 15:23:23 +02:00
Chris Kruining	3d02de9c6c	I really don't get it anymore... Some checks failed Test action / Print hello world (push) Failing after 1m49s Details	2025-09-04 15:20:38 +02:00
Chris Kruining	a39cb0cf53	? Some checks failed Test action / Print hello world (push) Failing after 22s Details	2025-09-04 15:19:14 +02:00
Chris Kruining	898cb6c512	local builds again Some checks failed Test action / Print hello world (push) Failing after 17s Details	2025-09-04 15:17:49 +02:00
Chris Kruining	66e400e7c0	uuuuuugh Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 15:11:32 +02:00
Chris Kruining	61505943f9	add base image Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 15:09:34 +02:00
Chris Kruining	e0c37a10a5	another attempt Some checks failed Test action / Print hello world (push) Failing after 21s Details	2025-09-04 15:08:48 +02:00
Chris Kruining	2653f3fc93	sooooo lost right now.... Some checks failed Test action / Print hello world (push) Failing after 20s Details	2025-09-04 15:05:40 +02:00
Chris Kruining	e0002d7254	shadowSetup than??? Some checks failed Test action / Print hello world (push) Failing after 20s Details	2025-09-04 15:00:37 +02:00
Chris Kruining	22333b143b	hmmmmm Some checks failed Test action / Print hello world (push) Failing after 21s Details	2025-09-04 14:58:31 +02:00
Chris Kruining	40cd9d3745	is it podman that needs the kvm? Some checks failed Test action / Print hello world (push) Failing after 26s Details	2025-09-04 14:56:44 +02:00
Chris Kruining	101bf12909	fix warning	2025-09-04 14:55:37 +02:00
Chris Kruining	09a5df6253	fix? Some checks failed Test action / Print hello world (push) Failing after 30s Details	2025-09-04 14:53:50 +02:00
Chris Kruining	b158df262e	ugh Some checks failed Test action / Print hello world (push) Failing after 12s Details	2025-09-04 14:07:06 +02:00
Chris Kruining	716342d556	. Some checks failed Test action / Print hello world (push) Failing after 12s Details	2025-09-04 14:02:34 +02:00
Chris Kruining	e4843997ea	add credentials, but then why do I need to log in???? Some checks failed Test action / Print hello world (push) Failing after 12s Details	2025-09-04 13:58:51 +02:00
Chris Kruining	9c048aca05	hmmmm Some checks failed Test action / Print hello world (push) Failing after 12s Details	2025-09-04 13:56:16 +02:00
Chris Kruining	d917f93a9f	finally some more success????? Some checks failed Test action / Print hello world (push) Failing after 12s Details	2025-09-04 13:55:13 +02:00
Chris Kruining	b8e43fedba	lets try another avenue... Some checks failed Test action / Print hello world (push) Failing after 13s Details	2025-09-04 13:47:02 +02:00
Chris Kruining	33f9a7fbd8	fix package conflict? Some checks failed Test action / Print hello world (push) Failing after 7s Details	2025-09-04 13:24:37 +02:00
Chris Kruining	7d7c3aa53a	. Some checks failed Test action / Print hello world (push) Failing after 16s Details	2025-09-04 13:22:43 +02:00
Chris Kruining	c7f3ed7cd6	. Some checks failed Test action / Print hello world (push) Failing after 7s Details	2025-09-04 13:21:05 +02:00
Chris Kruining	b2cb74657e	ahhh shit, here we go again Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 13:11:35 +02:00
Chris Kruining	25ae5ea1ac	next round Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 13:09:31 +02:00
Chris Kruining	833f4ce5e6	just fuse, got it Some checks failed Test action / Print hello world (push) Failing after 24s Details	2025-09-04 12:09:44 +02:00
Chris Kruining	55d5ea4839	is it a missing dep???? Some checks failed Test action / Print hello world (push) Failing after 2s Details	2025-09-04 12:08:38 +02:00
Chris Kruining	efd98d4b44	gotta love the typos... Some checks failed Test action / Print hello world (push) Failing after 25s Details	2025-09-04 12:05:12 +02:00
Chris Kruining	9ea18b18d5	. Some checks failed Test action / Print hello world (push) Failing after 7s Details	2025-09-04 12:04:28 +02:00
Chris Kruining	68f6620383	right Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 12:03:26 +02:00
Chris Kruining	a42446985c	another attempt Some checks failed Test action / Print hello world (push) Failing after 7s Details	2025-09-04 12:02:40 +02:00
Chris Kruining	4d4f4e67e0	add registry? Some checks failed Test action / Print hello world (push) Failing after 7s Details	2025-09-04 11:23:50 +02:00
Chris Kruining	f9328cd72e	I am an idiot, as proven once more... Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 11:22:59 +02:00
Chris Kruining	b3a9ea6057	. Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 11:19:43 +02:00
Chris Kruining	8b07f55593	. Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 11:14:41 +02:00
Chris Kruining	4a26a4ad11	. Some checks failed Test action / Print hello world (push) Failing after 7s Details	2025-09-04 11:13:15 +02:00
Chris Kruining	fdf1bc34e8	. Some checks failed Test action / Print hello world (push) Failing after 9s Details	2025-09-04 11:11:06 +02:00
Chris Kruining	da1a4d42ed	woooot, more success!!! Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 11:07:58 +02:00
Chris Kruining	4762d4189e	right. obviously... Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 11:06:57 +02:00
Chris Kruining	fa0a4917a2	cool shizzle Some checks failed Test action / Print hello world (push) Failing after 1s Details	2025-09-04 11:04:13 +02:00
Chris Kruining	0d6fb5aab6	update default runner dockerfile	2025-09-04 10:39:31 +02:00
Chris Kruining	e048ada01f	whoops	2025-09-04 10:38:46 +02:00
Chris Kruining	863956c38b	oooooh, closer Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 10:17:08 +02:00
Chris Kruining	95f6b2b8d3	nixpkgs instead???? Some checks failed Test action / Print hello world (push) Failing after 8s Details	2025-09-04 10:14:44 +02:00
Chris Kruining	2b887f188c	aaaaaiiii Some checks failed Test action / Print hello world (push) Failing after 2s Details	2025-09-04 10:14:06 +02:00
Chris Kruining	0b23548559	whoopsie Some checks failed Test action / Print hello world (push) Failing after 1s Details	2025-09-04 10:11:59 +02:00
Chris Kruining	9ed5cbded0	update homer Some checks failed Test action / Print hello world (push) Failing after 0s Details	2025-09-04 10:09:08 +02:00
Chris Kruining	41a4fde9f2	first attempt to push an image	2025-09-04 10:08:59 +02:00
Chris Kruining	fa81dbdcf6	even more homer All checks were successful Test action / Print hello world (push) Successful in 1s Details	2025-09-03 17:47:38 +02:00
Chris Kruining	b8b8e015c5	add pipe-operator nix feature All checks were successful Test action / Print hello world (push) Successful in 1s Details	2025-09-03 17:44:19 +02:00
Chris Kruining	a91afd3b0a	expand homer	2025-09-03 17:44:01 +02:00
Chris Kruining	6d7867b45c	update fogejo runner image All checks were successful Test action / Print hello world (push) Successful in 1s Details	2025-09-03 17:24:43 +02:00
Chris Kruining	7c75cab11b	improve podman config	2025-09-03 17:24:27 +02:00
Chris Kruining	44e7a6fa0f	harden vaultwarden All checks were successful Test action / Print hello world (push) Successful in 19s Details	2025-09-03 16:45:32 +02:00
Chris Kruining	6379b5e2de	improve zen config	2025-09-03 16:45:20 +02:00
Chris Kruining	7758806282	add homer dashboard	2025-09-03 16:44:50 +02:00
Chris Kruining	a29b757530	restructure media services	2025-09-03 15:12:30 +02:00
Chris Kruining	5ddcaf35f6	fix zen	2025-09-03 14:54:18 +02:00
Chris Kruining	39253ca080	update deps Some checks failed Test action / Print hello world (push) Has been cancelled Details	2025-08-31 17:30:45 +02:00
Chris Kruining	9a37316d9e	add vaultwarden Some checks failed Test action / Print hello world (push) Has been cancelled Details	2025-08-27 15:24:12 +02:00
Chris Kruining	f4ff383d28	improve forgejo and zitadel configs Some checks failed Test action / Print hello world (push) Has been cancelled Details	2025-08-21 14:53:28 +02:00
Chris Kruining	995fdaeb1d	working on grafana oidc and introduced new domain for hosting Some checks are pending Test action / Print hello world (push) Waiting to run Details	2025-08-20 15:15:03 +02:00
Chris Kruining	6511e513a3	initial observability setup All checks were successful Test action / Print hello world (push) Successful in 12s Details	2025-08-19 15:56:45 +02:00
Chris Kruining	a3cb9796b1	expand forgejo setup All checks were successful Test action / Print hello world (push) Successful in 12s Details	2025-08-19 11:05:54 +02:00
Chris Kruining	3994f1fb98	woot, got actions working! All checks were successful Test action / Print hello world (push) Successful in 12s Details	2025-08-18 12:43:21 +02:00
Chris Kruining	ba05f561e7	update deps	2025-08-18 12:42:55 +02:00
Chris Kruining	4320acc0fb	add test workflow All checks were successful Test action / Print hello world (push) Successful in 24s Details	2025-08-18 10:28:12 +02:00
Chris Kruining	06ad805206	got zitadel and forgejo mostly up and running	2025-08-14 15:33:27 +02:00
Chris Kruining	7c6c566798	FINALLY, I'm in!	2025-08-14 09:38:43 +02:00
Chris Kruining	d305bf6cee	more zitadel work	2025-08-14 08:28:55 +02:00
Chris Kruining	30f17f692c	fix various bugs	2025-08-13 08:50:26 +02:00
Chris Kruining	f1ffa33976	kaas	2025-08-11 09:49:06 +02:00
Chris Kruining	f289c3663a	switch flaresolverr to systemd service	2025-08-07 15:04:12 +02:00
Chris Kruining	043eded249	fix	2025-08-07 14:12:16 +02:00
Chris Kruining	e011b893e0	add forgejo	2025-08-07 14:09:02 +02:00