chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: chris:main
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere
..
compare: chris:feature/convex
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere

1 commit
main ... feature/co

Author SHA1 Message Date
Chris Kruining
69ecd4ff89
trying some stuff 2025-09-01 10:07:28 +02:00
22 changed files with 367 additions and 511 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.forgejo/workflows/action.yml
View file

@ -7,9 +7,10 @@ on:
- main - main
jobs: jobs:
kaas: hello:
runs-on: nix name: Print hello world
runs-on: default
steps: steps:
- name: Echo - name: Echo
run: | run: |
nix --version echo "Hello, world!"

8
.gitignore vendored
View file

@ -1,8 +1,2 @@
# ---> Nix
# Ignore build outputs from performing a nix-build or `nix build` command
result result
result-* *.qcow2
# Ignore automatically generated direnv output
.direnv

140
flake.lock generated
View file

@ -73,11 +73,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1756593129, "lastModified": 1755108317,
"narHash": "sha256-xpdGBk57lErbo03ZJS8uDDF5cZjoza7kzr7X+y0wj2g=", "narHash": "sha256-j7RGK7nyoHuJzQjVFBngpsVowIn4DAtprn66UyAFNRQ=",
"owner": "emmanuelrosa", "owner": "emmanuelrosa",
"repo": "erosanix", "repo": "erosanix",
"rev": "f28776c49ddb4d34abc01092009fba0cd96836bd", "rev": "5aa322a6e586a2b46af65ab6c9a3d6042a95ff2e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -94,11 +94,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1756622179, "lastModified": 1755153894,
"narHash": "sha256-K3CimrAcMhdDYkErd3oiWPZNaoyaGZEuvGrFuDPFMZY=", "narHash": "sha256-DEKeIg3MQy5GMFiFRUzcx1hGGBN2ypUPTo0jrMAdmH4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "0abcb15ae6279dcb40a8ae7c1ed980705245cb79", "rev": "f6874c6e512bc69d881d979a45379b988b80a338",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -114,11 +114,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1756643456, "lastModified": 1755083788,
"narHash": "sha256-SbRGlArZnspW/xd/vnMPSyuZGXSVtxyJEoXpvpzDpSE=", "narHash": "sha256-CXiS6gfw0NH+luSpNhtRZjy4NqVFrmsYpoetu3N/fMk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "flake-firefox-nightly", "repo": "flake-firefox-nightly",
"rev": "6772a49573fc08b3e05502cccd90a8f5a82ee42e", "rev": "523078b104590da5850a61dfe291650a6b49809c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -411,11 +411,11 @@
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1756381920, "lastModified": 1755072091,
"narHash": "sha256-h6FZq485lEhkTICK779ZQ2kUWe3BieUqIKuJ2jef7SI=", "narHash": "sha256-FCkbELHIFXlVREaopW13QFMzwLPr/otjucmyNLQQXeg=",
"owner": "vinceliuice", "owner": "vinceliuice",
"repo": "grub2-themes", "repo": "grub2-themes",
"rev": "8f30385f556a92ecbcc0c1800521730187da1cd7", "rev": "03d8c9cf0d1bcf67765ac5fa35263f1b08c584fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -432,11 +432,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756413980, "lastModified": 1754593854,
"narHash": "sha256-pxTwEjWZ1GohJeTEpxoZRHRoLDZjDw9CarGqxE5e908=", "narHash": "sha256-fiWzQKZP92+2nm9wGBa/UYuEdVJkshHqNpCFfklas8k=",
"owner": "himmelblau-idm", "owner": "himmelblau-idm",
"repo": "himmelblau", "repo": "himmelblau",
"rev": "0c12a2b5862cd673307bbe191c1f7b52cf0f091a", "rev": "e0b9a3efdcf0c6c59ed3352ffb2b003ab6aa2fed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -452,32 +452,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756650373, "lastModified": 1755121891,
"narHash": "sha256-Iz0dNCNvLLxVGjOOF1/TJvZ4iKXE96BTgKDObCs9u+M=", "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e44549074a574d8bda612945a88e4a1fd3c456a8", "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"zen-browser",
"nixpkgs"
]
},
"locked": {
"lastModified": 1756842514,
"narHash": "sha256-XbtRMewPGJwTNhBC4pnBu3w/xT1XejvB0HfohC2Kga8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "30fc1b532645a21e157b6e33e3f8b4c154f86382",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -494,11 +473,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756638688, "lastModified": 1755151620,
"narHash": "sha256-ddxbPTnIchM6tgxb6fRrCvytlPE2KLifckTnde/irVQ=", "narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "e7b8679cba79f4167199f018b05c82169249f654", "rev": "16e12d22754d97064867006acae6e16da7a142a6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -528,11 +507,11 @@
}, },
"mnw": { "mnw": {
"locked": { "locked": {
"lastModified": 1756580127, "lastModified": 1748710831,
"narHash": "sha256-XK+ZQWjnd96Uko73jY1dc23ksnuWnF/Myc4rT/LQOmc=", "narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "mnw", "repo": "mnw",
"rev": "ecdb5ba1b08ac198d9e9bfbf9de3b234fb1eb252", "rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -570,11 +549,11 @@
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1756518625, "lastModified": 1755137329,
"narHash": "sha256-Mxh2wumeSsb968dSDksblubQqHTTdRTC5lH0gmhq9jI=", "narHash": "sha256-9MxuOLH7jk58IVUUDWwLeqk9U4ATE6X37955Ld+4/zw=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "92654796f8f6c3279e4b7d409a3e5b43b0539a19", "rev": "d9330bc35048238597880e89fb173799de9db5e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -642,11 +621,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755261305, "lastModified": 1755171343,
"narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=", "narHash": "sha256-h6bbfhqWcHlx9tcyYa7dhaEiNpusLCcFYkJ/AnltLW8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-wsl", "repo": "nixos-wsl",
"rev": "203a7b463f307c60026136dd1191d9001c43457f", "rev": "e37cfef071466a9ca649f6899aff05226ce17e9e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -704,11 +683,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1756578978, "lastModified": 1755061300,
"narHash": "sha256-dLgwMLIMyHlSeIDsoT2OcZBkuruIbjhIAv1sGANwtes=", "narHash": "sha256-eov82CkCrpiECJa3dyQ2da1sPGnAP3HK0UEra5eupaM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a85a50bef870537a9705f64ed75e54d1f4bf9c23", "rev": "d4df8d6cc1ccfd3e4349a1d54e4fb1171e7ec1f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -736,11 +715,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1756653691, "lastModified": 1755178357,
"narHash": "sha256-tx6C07uPiAzq57mfb4EWDqPRV4BZVqvrlvDfibzL67U=", "narHash": "sha256-rzgUmlO5/pt7uPAlY6E70clNjg9JmrgBxalEj2zKq08=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7a1057ff3f7636bc71f58671c3a1210742149f3b", "rev": "6eac4364f979ef460fb6ebd17ca65b8dae03cba4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -768,11 +747,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1756542300, "lastModified": 1755027561,
"narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -784,11 +763,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1756536218, "lastModified": 1755049066,
"narHash": "sha256-ynQxPVN2FIPheUgTFhv01gYLbaiSOS7NgWJPm9LF9D0=", "narHash": "sha256-ANrc15FSoOAdNbfKHxqEJjZLftIwIsenJGRb/04K41s=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a918bb3594dd243c2f8534b3be01b3cb4ed35fd1", "rev": "e45f8f193029378d0aaee5431ba098dc80054e9a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -864,11 +843,11 @@
"systems": "systems_4" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1756646417, "lastModified": 1755115677,
"narHash": "sha256-1dU+BRKjczVnsTznKGaM0xrWzg2+MGQqWlde0Id9JnI=", "narHash": "sha256-98Ad2F5w1xW94KymQiBohNBYpFqMa0K28v9S1SzyTY8=",
"owner": "notashelf", "owner": "notashelf",
"repo": "nvf", "repo": "nvf",
"rev": "939fb8cfc630190cd5607526f81693525e3d593b", "rev": "c5dc7192496a1fad38134e54f8b4fca8ac51a9fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -887,11 +866,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756632588, "lastModified": 1754501628,
"narHash": "sha256-ydam6eggXf3ZwRutyCABwSbMAlX+5lW6w1SVZQ+kfSo=", "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "d47428e5390d6a5a8f764808a4db15929347cd77", "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -926,11 +905,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1756597274, "lastModified": 1755004716,
"narHash": "sha256-wfaKRKsEVQDB7pQtAt04vRgFphkVscGRpSx3wG1l50E=", "narHash": "sha256-TbhPR5Fqw5LjAeI3/FOPhNNFQCF3cieKCJWWupeZmiA=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "21614ed2d3279a9aa1f15c88d293e65a98991b30", "rev": "b2a58b8c6eff3c3a2c8b5c70dbf69ead78284194",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -999,11 +978,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1755997543, "lastModified": 1755027820,
"narHash": "sha256-/fejmCQ7AWa655YxyPxRDbhdU7c5+wYsFSjmEMXoBCM=", "narHash": "sha256-hBSU7BEhd05y/pC9tliYjkFp8AblkbNEkPei229+0Pg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "stylix", "repo": "stylix",
"rev": "f47c0edcf71e802378b1b7725fa57bb44fe85ee8", "rev": "c592717e9f713bbae5f718c784013d541346363d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1185,19 +1164,18 @@
}, },
"zen-browser": { "zen-browser": {
"inputs": { "inputs": {
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1756876659, "lastModified": 1727721329,
"narHash": "sha256-B2bpNR7VOoZuKfuNnASfWI/jGveetP2yhG44S3XnI/k=", "narHash": "sha256-QYlWZwUSwrM7BuO+dXclZIwoPvBIuJr6GpFKv9XKFPI=",
"owner": "0xc000022070", "owner": "MarceColl",
"repo": "zen-browser-flake", "repo": "zen-browser-flake",
"rev": "07c14b39cad581d9a8bb2dc8959a59e17d26d529", "rev": "e6ab73f405e9a2896cce5956c549a9cc359e5fcc",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "0xc000022070", "owner": "MarceColl",
"repo": "zen-browser-flake", "repo": "zen-browser-flake",
"type": "github" "type": "github"
} }

11
flake.nix
View file

@ -41,7 +41,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
zen-browser.url = "github:0xc000022070/zen-browser-flake"; zen-browser.url = "github:MarceColl/zen-browser-flake";
nix-minecraft.url = "github:Infinidoge/nix-minecraft"; nix-minecraft.url = "github:Infinidoge/nix-minecraft";
@ -93,15 +93,8 @@
channels-config = { channels-config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ permittedInsecurePackages = [
# Due to *arr stack
"dotnet-sdk-6.0.428" "dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36" "aspnetcore-runtime-6.0.36"
# I think this is because of zen
"qtwebengine-5.15.19"
# For Nheko, the matrix client
"olm-3.2.16"
]; ];
}; };
@ -113,7 +106,7 @@
homes.modules = with inputs; [ homes.modules = with inputs; [
stylix.homeModules.stylix stylix.homeModules.stylix
plasma-manager.homeModules.plasma-manager plasma-manager.homeManagerModules.plasma-manager
]; ];
}; };
} }

1
homes/x86_64-linux/chris@manwe/default.nix
View file

@ -35,7 +35,6 @@
bitwarden.enable = true; bitwarden.enable = true;
discord.enable = true; discord.enable = true;
ladybird.enable = true; ladybird.enable = true;
nheko.enable = true;
obs.enable = true; obs.enable = true;
onlyoffice.enable = true; onlyoffice.enable = true;
signal.enable = true; signal.enable = true;

15
modules/home/application/nheko/default.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, namespace, osConfig ? {}, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.application.nheko;
in
{
options.${namespace}.application.nheko = {
enable = mkEnableOption "enable nheko (matrix client)";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ nheko ];
};
}

32
modules/home/application/zen/default.nix
View file

@ -5,15 +5,13 @@ let
cfg = config.${namespace}.application.zen; cfg = config.${namespace}.application.zen;
in in
{ {
imports = [
inputs.zen-browser.homeModules.default
];
options.${namespace}.application.zen = { options.${namespace}.application.zen = {
enable = mkEnableOption "enable zen"; enable = mkEnableOption "enable zen";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = [ inputs.zen-browser.packages.${pkgs.system}.specific ];
home.sessionVariables = { home.sessionVariables = {
MOZ_ENABLE_WAYLAND = "1"; MOZ_ENABLE_WAYLAND = "1";
}; };
@ -22,42 +20,20 @@ in
policies = { policies = {
AutofillAddressEnabled = true; AutofillAddressEnabled = true;
AutofillCreditCardEnabled = false; AutofillCreditCardEnabled = false;
AppAutoUpdate = false;
DisableAppUpdate = true; DisableAppUpdate = true;
ManualAppUpdateOnly = true;
DisableFeedbackCommands = true; DisableFeedbackCommands = true;
DisableFirefoxStudies = true; DisableFirefoxStudies = true;
DisablePocket = true; DisablePocket = true;
DisableTelemetry = true; DisableTelemetry = true;
# DontCheckDefaultBrowser = false;
DontCheckDefaultBrowser = false;
NoDefaultBookmarks = true; NoDefaultBookmarks = true;
OfferToSaveLogins = false; # OfferToSaveLogins = false;
EnableTrackingProtection = { EnableTrackingProtection = {
Value = true; Value = true;
Locked = true; Locked = true;
Cryptomining = true; Cryptomining = true;
Fingerprinting = true; Fingerprinting = true;
}; };
HttpAllowlist = [
"http://ulmo"
];
};
policies.ExtensionSettings = let
mkExtension = id: {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/${builtins.toString id}/latest.xpi";
installation_mode = "force_installed";
};
in
{
ublock_origin = 4531307;
ghostry = 4562168;
bitwarden = 4562769;
sponsorblock = 4541835;
}; };
}; };
}; };

4
modules/home/home-manager/default.nix
View file

@ -4,9 +4,7 @@ let
in in
{ {
systemd.user.startServices = "sd-switch"; systemd.user.startServices = "sd-switch";
programs.home-manager = { programs.home-manager.enable = true;
enable = true;
};
home.stateVersion = mkDefault (osConfig.system.stateVersion or "25.05"); home.stateVersion = mkDefault (osConfig.system.stateVersion or "25.05");
} }

6
modules/nixos/home-manager/default.nix
View file

@ -1,6 +0,0 @@
{ ... }:
{
config = {
home-manager.backupFileExtension = "back";
};
}

4
modules/nixos/nix/default.nix
View file

@ -15,10 +15,10 @@ in
nix = { nix = {
package = pkgs.nixVersions.latest; package = pkgs.nixVersions.latest;
extraOptions = "experimental-features = nix-command flakes pipe-operators"; extraOptions = "experimental-features = nix-command flakes";
settings = { settings = {
experimental-features = [ "nix-command" "flakes" "pipe-operators" ]; experimental-features = [ "nix-command" "flakes" ];
allowed-users = [ "@wheel" ]; allowed-users = [ "@wheel" ];
trusted-users = [ "@wheel" ]; trusted-users = [ "@wheel" ];

11
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, namespace, ... }: { config, lib, pkgs, namespace, ... }:
let let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption mkForce;
cfg = config.${namespace}.services.authentication.zitadel; cfg = config.${namespace}.services.authentication.zitadel;
@ -13,8 +13,6 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
${namespace}.services.persistance.postgresql.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
zitadel zitadel
]; ];
@ -112,6 +110,13 @@ in
ensureDBOwnership = true; ensureDBOwnership = true;
} }
]; ];
authentication = mkForce ''
# Generated file, do not edit!
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
}; };
caddy = { caddy = {

56
modules/nixos/services/communication/conduit/default.nix
View file

@ -1,56 +0,0 @@
{ config, lib, pkgs, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.communication.conduit;
domain = "matrix.kruining.eu";
in
{
options.${namespace}.services.communication.conduit = {
enable = mkEnableOption "conduit (Matrix server)";
};
config = mkIf cfg.enable {
# ${namespace}.services = {
# persistance.postgresql.enable = true;
# virtualisation.podman.enable = true;
# };
services = {
matrix-conduit = {
enable = true;
settings.global = {
address = "::1";
port = 4001;
database_backend = "rocksdb";
server_name = "chris-matrix";
};
};
# postgresql = {
# enable = true;
# ensureDatabases = [ "conduit" ];
# ensureUsers = [
# {
# name = "conduit";
# ensureDBOwnership = true;
# }
# ];
# };
caddy = {
enable = true;
virtualHosts = {
${domain}.extraConfig = ''
# import auth-z
# reverse_proxy http://127.0.0.1:5002
'';
};
};
};
};
}

14
modules/nixos/services/development/forgejo/default.nix
View file

@ -11,10 +11,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
${namespace}.services = { ${namespace}.services.virtualisation.podman.enable = true;
persistance.postgresql.enable = true;
virtualisation.podman.enable = true;
};
environment.systemPackages = with pkgs; [ forgejo ]; environment.systemPackages = with pkgs; [ forgejo ];
@ -94,7 +91,6 @@ in
actions = { actions = {
ENABLED = true; ENABLED = true;
# DEFAULT_ACTIONS_URL = "https://data.forgejo.org";
}; };
other = { other = {
@ -140,12 +136,10 @@ in
# tokenFile = config.age.secrets.forgejo-runner-token.path; # tokenFile = config.age.secrets.forgejo-runner-token.path;
token = "ZBetud1F0IQ9VjVFpZ9bu0FXgx9zcsy1x25yvjhw"; token = "ZBetud1F0IQ9VjVFpZ9bu0FXgx9zcsy1x25yvjhw";
labels = [ labels = [
"default:docker://nixos/nix:latest" "default:docker://node:22-bullseye"
"ubuntu:docker://ubuntu:24-bookworm"
"nix:docker://git.amarth.cloud/amarth/runners/default:latest"
]; ];
settings = { settings = {
log.level = "info";
}; };
}; };
}; };
@ -158,7 +152,7 @@ in
# stupid dumb way to prevent the login page and go to zitadel instead # stupid dumb way to prevent the login page and go to zitadel instead
# be aware that this does not disable local login at all! # be aware that this does not disable local login at all!
# rewrite /user/login /user/oauth2/Zitadel rewrite /user/login /user/oauth2/Zitadel
reverse_proxy http://127.0.0.1:5002 reverse_proxy http://127.0.0.1:5002
''; '';

135
modules/nixos/services/media/default.nix
View file

@ -66,73 +66,38 @@ in
# Services # Services
#========================================================================= #=========================================================================
services = let services = let
arrService = { serviceConf = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = {
auth.AuthenticationMethod = "External";
# postgres = {
# PostgresHost = "localhost";
# PostgresPort = "5432";
# PostgresUser = "media";
# };
};
};
withPort = port: service: service // { settings.server.Port = builtins.toString port; };
withUserAndGroup = service: service // {
user = cfg.user; user = cfg.user;
group = cfg.group; group = cfg.group;
}; };
in { in {
radarr = jellyfin = serviceConf;
arrService radarr = serviceConf;
|> withPort 2001 sonarr = serviceConf;
|> withUserAndGroup; bazarr = serviceConf;
lidarr = serviceConf;
sonarr =
arrService
|> withPort 2002
|> withUserAndGroup;
lidarr =
arrService
|> withPort 2003
|> withUserAndGroup;
prowlarr =
arrService
|> withPort 2004;
bazarr = {
enable = true;
openFirewall = true;
user = cfg.user;
group = cfg.group;
listenPort = 2005;
};
# port is harcoded in nixpkgs module
jellyfin = {
enable = true;
openFirewall = true;
user = cfg.user;
group = cfg.group;
};
flaresolverr = { flaresolverr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
port = 2007; };
jellyseerr = {
enable = true;
openFirewall = true;
};
prowlarr = {
enable = true;
openFirewall = true;
}; };
qbittorrent = { qbittorrent = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
webuiPort = 2008; webuiPort = 5000;
serverConfig = { serverConfig = {
LegalNotice.Accepted = true; LegalNotice.Accepted = true;
@ -142,7 +107,6 @@ in
group = cfg.group; group = cfg.group;
}; };
# port is harcoded in nixpkgs module
sabnzbd = { sabnzbd = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@ -152,49 +116,46 @@ in
group = cfg.group; group = cfg.group;
}; };
# postgresql = {
# enable = true;
# ensureDatabases = [
# "radarr-main" "radarr-log"
# "sonarr-main" "sonarr-log"
# "lidarr-main" "lidarr-log"
# "prowlarr-main" "prowlarr-log"
# ];
# identMap = ''
# media media radarr-main
# media media radarr-log
# media media sonarr-main
# media media sonarr-log
# media media lidarr-main
# media media lidarr-log
# media media prowlarr-main
# media media prowlarr-log
# '';
# ensureUsers = [
# { name = "radarr-main"; ensureDBOwnership = true; }
# { name = "radarr-log"; ensureDBOwnership = true; }
# { name = "sonarr-main"; ensureDBOwnership = true; }
# { name = "sonarr-log"; ensureDBOwnership = true; }
# { name = "lidarr-main"; ensureDBOwnership = true; }
# { name = "lidarr-log"; ensureDBOwnership = true; }
# { name = "prowlarr-main"; ensureDBOwnership = true; }
# { name = "prowlarr-log"; ensureDBOwnership = true; }
# ];
# };
caddy = { caddy = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"media.kruining.eu".extraConfig = ''
import auth
reverse_proxy http://127.0.0.1:9494
'';
"jellyfin.kruining.eu".extraConfig = '' "jellyfin.kruining.eu".extraConfig = ''
reverse_proxy http://[::1]:8096 reverse_proxy http://127.0.0.1:8096
''; '';
}; };
}; };
}; };
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
${namespace}.services.virtualisation.podman.enable = true;
virtualisation = {
oci-containers = {
backend = "podman";
containers = {
# flaresolverr = {
# image = "flaresolverr/flaresolverr";
# autoStart = true;
# ports = [ "127.0.0.1:8191:8191" ];
# };
reiverr = {
image = "ghcr.io/aleksilassila/reiverr:v2.2.0";
autoStart = true;
ports = [ "127.0.0.1:9494:9494" ];
volumes = [ "${cfg.path}/reiverr/config:/config" ];
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 6969 ];
}; };
} }

161
modules/nixos/services/media/homer/default.nix
View file

@ -1,161 +0,0 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.homer;
in
{
options.${namespace}.services.media.homer = {
enable = mkEnableOption "Enable homer";
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 2000 ];
services = {
homer = {
enable = true;
virtualHost = {
caddy.enable = true;
domain = "http://:2000";
};
settings = {
title = "Ulmo dashboard";
columns = 4;
connectivityCheck = true;
links = [];
services = [
{
name = "Services";
items = [
{
name = "Zitadel";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/zitadel.svg";
tag = "app";
url = "https://auth.amarth.cloud";
target = "_blank";
}
{
name = "Forgejo";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/forgejo.svg";
tag = "app";
type = "Gitea";
url = "https://git.amarth.cloud";
target = "_blank";
}
{
name = "Vaultwarden";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/vaultwarden.svg";
type = "Vaultwarden";
tag = "app";
url = "https://vault.kruining.eu";
target = "_blank";
}
];
}
{
name = "Observability";
items = [
{
name = "Grafana";
type = "Grafana";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/grafana.svg";
tag = "app";
url = "http://${config.networking.hostName}:${builtins.toString config.services.grafana.settings.server.http_port}";
target = "_blank";
}
{
name = "Prometheus";
type = "Prometheus";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/prometheus.svg";
tag = "app";
url = "http://${config.networking.hostName}:${builtins.toString config.services.prometheus.port}";
target = "_blank";
}
];
}
{
name = "Media";
items = [
{
name = "Jellyfin (Movies)";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/jellyfin.svg";
tag = "app";
type = "Emby";
url = "http://${config.networking.hostName}:8096";
apikey = "e3ceed943eeb409ba8342738db7cc1f5";
libraryType = "movies";
target = "_blank";
}
{
name = "Radarr";
type = "Radarr";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/radarr.svg";
tag = "app";
url = "http://${config.networking.hostName}:${builtins.toString config.services.radarr.settings.server.port}";
target = "_blank";
}
{
name = "Sonarr";
type = "Sonarr";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/sonarr.svg";
tag = "app";
url = "http://${config.networking.hostName}:${builtins.toString config.services.sonarr.settings.server.port}";
target = "_blank";
}
{
name = "Lidarr";
type = "Lidarr";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/lidarr.svg";
tag = "app";
url = "http://${config.networking.hostName}:${builtins.toString config.services.lidarr.settings.server.port}";
target = "_blank";
}
{
name = "Prowlarr";
type = "Prowlarr";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/prowlarr.svg";
tag = "app";
url = "http://${config.networking.hostName}:${builtins.toString config.services.prowlarr.settings.server.port}";
target = "_blank";
}
{
name = "qBittorrent";
type = "qBittorrent";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/qbittorrent.svg";
tag = "app";
url = "http://${config.networking.hostName}:${builtins.toString config.services.qbittorrent.webuiPort}";
target = "_blank";
}
{
name = "SABnzbd";
type = "SABnzbd";
logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/sabnzdb-light.svg";
tag = "app";
url = "http://${config.networking.hostName}:8080";
target = "_blank";
}
];
}
];
};
};
};
};
}

21
modules/nixos/services/persistance/convex/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, pkgs, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.persistance.convex;
in
{
imports = [ ./source.nix ];
options.${namespace}.services.persistance.convex = {
enable = mkEnableOption "enable Convex";
};
config = mkIf cfg.enable {
services.convex = {
enable = true;
package = pkgs.${namespace}.convex;
secret = "ThisIsMyAwesomeSecret";
};
};
}

149
modules/nixos/services/persistance/convex/source.nix Normal file
View file

@ -0,0 +1,149 @@
{ config, pkgs, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption mkPackageOption mkOption optional types;
cfg = config.services.convex;
default_user = "convex";
default_group = "convex";
in
{
options.services.convex = {
enable = mkEnableOption "enable Convex (backend only for now)";
package = mkPackageOption pkgs "convex" {};
name = lib.mkOption {
type = types.str;
default = "convex";
description = ''
Name for the instance.
'';
};
secret = lib.mkOption {
type = types.str;
default = "";
description = ''
Secret for the instance.
'';
};
apiPort = mkOption {
type = types.port;
default = 3210;
description = ''
The TCP port to use for the API.
'';
};
actionsPort = mkOption {
type = types.port;
default = 3211;
description = ''
The TCP port to use for the HTTP actions.
'';
};
dashboardPort = mkOption {
type = types.port;
default = 6791;
description = ''
The TCP port to use for the Dashboard.
'';
};
openFirewall = lib.mkOption {
type = types.bool;
default = false;
description = ''
Whether to open ports in the firewall for the server.
'';
};
user = lib.mkOption {
type = types.str;
default = default_user;
description = ''
As which user to run the service.
'';
};
group = lib.mkOption {
type = types.str;
default = default_group;
description = ''
As which group to run the service.
'';
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.secret != "";
message = ''
No secret provided for convex
'';
}
];
users = {
users.${cfg.user} = {
description = "System user for convex service";
isSystemUser = true;
group = cfg.group;
};
groups.${cfg.group} = {};
};
networking.firewall.allowedTCPPorts = optional cfg.openFirewall [ cfg.apiPort cfg.actionsPort cfg.dashboardPort ];
environment.systemPackages = [ cfg.package ];
systemd.services.convex = {
description = "Convex Backend server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin --instance-name ${cfg.name} --instance-secret ${cfg.secret}";
Type = "notify";
User = cfg.user;
Group = cfg.group;
RuntimeDirectory = "convex";
RuntimeDirectoryMode = "0775";
StateDirectory = "convex";
StateDirectoryMode = "0775";
Umask = "0077";
CapabilityBoundingSet = "";
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
LockPersonality = true;
};
};
};
}

26
modules/nixos/services/persistance/postgesql/default.nix
View file

@ -1,26 +0,0 @@
{ config, lib, pkgs, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.persistance.postgresql;
in
{
options.${namespace}.services.persistance.postgresql = {
enable = mkEnableOption "Postgresql";
};
config = mkIf cfg.enable {
services = {
postgresql = {
enable = true;
authentication = ''
# Generated file, do not edit!
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
};
};
}

6
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -76,12 +76,6 @@ in
"vault.kruining.eu".extraConfig = '' "vault.kruining.eu".extraConfig = ''
encode zstd gzip encode zstd gzip
handle_path /admin {
respond 401 {
close
}
}
reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} { reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} {
header_up X-Real-IP {remote_host} header_up X-Real-IP {remote_host}
} }

1
modules/nixos/services/virtualisation/podman/default.nix
View file

@ -12,7 +12,6 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
virtualisation = { virtualisation = {
containers.enable = true; containers.enable = true;
oci-containers.backend = "podman";
podman = { podman = {
enable = true; enable = true;

59
packages/convex/default.nix Normal file
View file

@ -0,0 +1,59 @@
{
lib,
stdenv,
rustPlatform,
fetchFromGitHub,
# dependencies
openssl,
pkg-config,
cmake,
llvmPackages,
postgresql,
sqlite,
#options
dbBackend ? "postgresql",
...
}:
rustPlatform.buildRustPackage rec {
pname = "convex";
version = "2025-08-20-c9b561e";
src = fetchFromGitHub {
owner = "get-convex";
repo = "convex-backend";
rev = "c9b561e1b365c85ef28af35d742cb7dd174b5555";
hash = "sha256-4h4AQt+rQ+nTw6eTbbB5vqFt9MFjKYw3Z7bGXdXijJ0=";
};
cargoHash = "sha256-pcDNWGrk9D0qcF479QAglPLFDZp27f8RueP5/lq9jho=";
cargoBuildFlags = [
"-p" "local_backend"
"--bin" "convex-local-backend"
];
env = {
LIBCLANG_PATH = "${llvmPackages.libclang}/lib";
};
strictDeps = true;
# Build-time dependencies
nativeBuildInputs = [ pkg-config cmake rustPlatform.bindgenHook ];
# Run-time dependencies
buildInputs =
[ openssl ]
++ lib.optional (dbBackend == "sqlite") sqlite
++ lib.optional (dbBackend == "postgresql") postgresql;
buildFeatures = "";
meta = with lib; {
license = licenses.fsl11Asl20;
mainProgram = "convex";
};
}

5
systems/x86_64-linux/ulmo/default.nix
View file

@ -10,14 +10,11 @@
authentication.authelia.enable = true; authentication.authelia.enable = true;
authentication.zitadel.enable = true; authentication.zitadel.enable = true;
communication.conduit.enable = true;
development.forgejo.enable = true; development.forgejo.enable = true;
networking.ssh.enable = true; networking.ssh.enable = true;
media.enable = true; media.enable = true;
media.homer.enable = true;
media.nfs.enable = true; media.nfs.enable = true;
observability = { observability = {
@ -27,6 +24,8 @@
promtail.enable = true; promtail.enable = true;
}; };
persistance.convex.enable = true;
security.vaultwarden.enable = true; security.vaultwarden.enable = true;
}; };