chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: chris:main
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere
..
compare: chris:feature/convex
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere

3 commits
main ... feature/co

Author SHA1 Message Date
Chris Kruining
e849826de6
chore: update dependencies 2025-12-08 16:32:45 +01:00
Chris Kruining
3730ab856b
feat: improve justfiles 2025-12-08 16:31:52 +01:00
Chris Kruining
eab9e8b58d trying some stuff 2025-12-08 15:30:25 +00:00
30 changed files with 733 additions and 1363 deletions
Download patch file Download diff file Expand all files Collapse all files

34
.jq/format.jq
View file

@ -1,34 +0,0 @@
def RESET: "0";
def BOLD: "1";
def DIM: "2";
def ITALIC: "3";
def UNDERLINE: "4";
def BLINKING: "5";
def INVERSE: "7";
def HIDDEN: "8";
def STRIKETHROUGH: "9";
def RESET_FONT: "22";
def BLACK: 0;
def RED: 1;
def GREEN: 2;
def YELLOW: 3;
def BLUE: 4;
def MAGENTA: 5;
def CYAN: 6;
def WHITE: 7;
def DEFAULT: 9;
def foreground(color): 30 + color;
def background(color): 40 + color;
def bright(color): 60 + color;
def escape(options):
(if ((options|type) == "array") then options else [options] end) as $o
| "\u001b[\($o | map(tostring) | join(";"))m";
def style(options): escape(options) + . + escape([RESET]);
def to_title:
(.|ascii_upcase) as $str
| escape([BOLD, foreground(BLACK), background(WHITE)]) + " " + $str + " " + escape([RESET]);

59
.jq/table.jq
View file

@ -1,59 +0,0 @@
import "format" as _ {search:"./"};
def n_max(limit):
if . > limit then limit else . end;
def n_min(limit):
if . < limit then limit else . end;
def pad_right(width):
(. | tostring) as $s
| ($s | length) as $l
| ((width - $l) | n_min(0)) as $w
| ($s + (" " * $w));
def to_cells(sizes; fn):
to_entries
| map(
(sizes[.key]) as $size
| (" " + .value)
| pad_right($size + 2)
| fn // .
);
def to_cells(sizes): to_cells(sizes; null);
def to_line(left; joiner; right):
[left, .[1], (.[1:] | map([joiner, .]) ), right] | flatten | join("");
def create(data; header_callback; cell_callback):
(data[0] | to_entries | map(.key)) as $keys
| ([$keys]) as $header
| (data | map(to_entries | map(.value))) as $rows
| ($header + $rows) as $cells
| (
$keys # Use keys so that we have an array of the correct size
| to_entries
| map(
(.key) as $i
| $cells
| map(.[$i] | length)
| max
)
) as $column_sizes
| (
[
($column_sizes | map("═" * (. + 2)) | to_line("╔"; "╤"; "╗")),
($keys | to_cells($column_sizes; header_callback) | to_line("║"; "│"; "║")),
($rows | map([
($column_sizes | map("─" * (. + 2)) | to_line("╟"; "┼"; "╢")),
(. | to_cells($column_sizes; cell_callback) | to_line("║"; "│"; "║"))
])),
($column_sizes | map("═" * (. + 2)) | to_line("╚"; "╧"; "╝"))
]
| flatten
| join("\n")
);
def create(data; header_callback): create(data; header_callback; null);
def create(data): create(data; _::style(_::BOLD); null);

13
.just/machine.just
View file

@ -1,11 +1,14 @@
@_default: list set unstable := true
set quiet := true
_default: list
[doc('List machines')] [doc('List machines')]
@list: list:
ls -1 ../systems/x86_64-linux/ ls -1 ../systems/x86_64-linux/
[doc('Update the target machine')] [doc('Update the target machine')]
[no-exit-message] [no-exit-message]
@update machine: update machine:
just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | tr '\n' ' ')"
nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json nixos-rebuild switch --use-remote-sudo --target-host {{ machine }} --flake ..#{{ machine }}

98
.just/users.just
View file

@ -1,98 +0,0 @@
set unstable := true
set quiet := true
_default:
just --list
[script]
list:
cd .. && just vars get ulmo zitadel/users | jq -r -C '
import ".jq/table" as table;
import ".jq/format" as f;
fromjson
| to_entries
| sort_by(.key)
| map(
(.key|f::to_title) + ":\n"
+ table::create(
.value
| to_entries
| sort_by(.key)
| map({username:.key} + .value)
)
)
| join("\n\n┄┄┄\n\n")
';
[script]
add:
exec 5>&1
pad () { [ "$#" -gt 1 ] && [ -n "$2" ] && printf "%$2.${2#-}s" "$1"; }
input() {
local label=$1
local value=$2
local res=$(gum input --header "$label" --value "$value")
echo -e "\e[2m$(pad "$label" -11)\e[0m$res" >&5
echo $res
}
data=`cd .. && just vars get ulmo zitadel/users | jq 'fromjson'`
# Gather inputs
org=`
jq -r 'to_entries | map(.key)[]' <<< "$data" \
| gum choose --header 'Which organisation to save to?' --select-if-one
`
username=`input 'user name' 'new-user'`
email=`input 'email' 'new.user@example.com'`
first_name=`input 'first name' 'John'`
last_name=`input 'last name' 'Doe'`
user_exists=`jq --arg 'org' "$org" --arg 'username' "$username" '.[$org][$username]? | . != null' <<< "$data"`
if [ "$user_exists" == "true" ]; then
gum confirm 'User already exists, overwrite it?' --padding="1 1" || exit 0
fi
next=`
jq \
--arg 'org' "$org" \
--arg 'username' "$username" \
--arg 'email' "$email" \
--arg 'first_name' "$first_name" \
--arg 'last_name' "$last_name" \
--compact-output \
'.[$org] += { $username: { email: $email, firstName: $first_name, lastName: $last_name } }' \
<<< $data
`
gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")"
[script]
remove:
data=`cd .. && just vars get ulmo zitadel/users | jq fromjson`
# Gather inputs
org=`
jq -r 'to_entries | map(.key)[]' <<< "$data" \
| gum choose --header 'Which organisation?' --select-if-one
`
user=`
jq -r --arg org "$org" '.[$org] | to_entries | map(.key)[]' <<< "$data" \
| gum choose --header 'Which user?' --select-if-one
`
next=`
jq \
--arg 'org' "$org" \
--arg 'user' "$user" \
--compact-output \
'del(.[$org][$user])' \
<<< $data
`
gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")"

34
.justfile
View file

@ -1,36 +1,40 @@
@_default: _default:
just --list --list-submodules just --list --list-submodules
[doc('Manage vars')] set unstable
set quiet
mod vars '.just/vars.just' mod vars '.just/vars.just'
[doc('Manage users')]
mod users '.just/users.just'
[doc('Manage machines')]
mod machine '.just/machine.just' mod machine '.just/machine.just'
[doc('Show information about project')] [doc('Show information about project')]
@show: show:
echo "show" echo "show"
[doc('update the flake dependencies')] [doc('update the flake dependencies')]
@update: update:
nix flake update nix flake update
git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null
echo "Done" echo "Done"
[doc('Rebase branch on main')]
rebase:
git stash -q \
&& git fetch \
&& git rebase origin/main \
&& git stash pop -q
echo "Done"
[doc('Introspection on flake output')] [doc('Introspection on flake output')]
@select key: select key:
nix eval --show-trace --json .#{{ key }} | jq . nix eval --json .#{{ key }} | jq .
#=============================================================================================== #===============================================================================================
# Utils # Utils
# =============================================================================================== # ===============================================================================================
[no-exit-message]
[no-cd] [no-cd]
[no-exit-message]
[private] [private]
@assert condition message: assert condition message:
[ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; } [ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; }

2
.sops.yaml
View file

@ -1,7 +1,6 @@
keys: keys:
- &ulmo_1 age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq - &ulmo_1 age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq
- &ulmo_2 age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x - &ulmo_2 age1ewes0f5snqx3sh5ul6fa6qtxzhd25829v6mf5rx2wnheat6fefps5rme2x
- &manwe_1 age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w
creation_rules: creation_rules:
# All Machine secrets # All Machine secrets
@ -10,4 +9,3 @@ creation_rules:
- age: - age:
- *ulmo_1 - *ulmo_1
- *ulmo_2 - *ulmo_2
- *manwe_1

593
flake.lock generated
View file

File diff suppressed because it is too large Load diff

5
modules/home/application/teamspeak/default.nix
View file

@ -10,9 +10,6 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [ teamspeak3 teamspeak6-client ];
# teamspeak3
teamspeak6-client
];
}; };
} }

2
modules/home/themes/default.nix
View file

@ -32,7 +32,7 @@ in {
image = ./${cfg.theme}.jpg; image = ./${cfg.theme}.jpg;
polarity = cfg.polarity; polarity = cfg.polarity;
targets.qt.platform = mkDefault "kde"; # targets.qt.platform = mkDefault "kde";
targets.zen-browser.profileNames = [ "Chris" ]; targets.zen-browser.profileNames = [ "Chris" ];
fonts = { fonts = {

35
modules/nixos/application/steam/default.nix
View file

@ -15,33 +15,28 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# environment.systemPackages = with pkgs; [ steam ];
programs = { programs = {
steam = { steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; package = pkgs.steam.override {
dedicatedServer.openFirewall = true; extraEnv = {
localNetworkGameTransfers.openFirewall = true; DXVK_HUD = "compiler";
# package = pkgs.steam.override { MANGOHUD = true;
# extraEnv = { };
# DXVK_HUD = "compiler"; };
# MANGOHUD = true;
# };
# };
# gamescopeSession = { gamescopeSession = {
# enable = true; enable = true;
# args = ["--immediate-flips"]; args = ["--immediate-flips"];
# }; };
}; };
# https://github.com/FeralInteractive/gamemode # https://github.com/FeralInteractive/gamemode
# gamemode = { gamemode = {
# enable = true; enable = true;
# enableRenice = true; enableRenice = true;
# settings = {}; settings = {};
# }; };
# gamescope = { # gamescope = {
# enable = true; # enable = true;

26
modules/nixos/desktop/cosmic/default.nix
View file

@ -1,26 +0,0 @@
{
lib,
config,
namespace,
inputs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.cosmic;
in {
options.${namespace}.desktop.cosmic = {
enable =
mkEnableOption "Enable Cosmic desktop"
// {
default = config.${namespace}.desktop.use == "cosmic";
};
};
config = mkIf cfg.enable {
services = {
displayManager.cosmic-greeter.enable = true;
desktopManager.cosmic.enable = true;
};
};
}

18
modules/nixos/desktop/default.nix
View file

@ -1,22 +1,18 @@
{ { lib, config, namespace, inputs, ... }:
lib, let
config,
namespace,
inputs,
...
}: let
inherit (lib) mkIf mkOption mkEnableOption mkMerge; inherit (lib) mkIf mkOption mkEnableOption mkMerge;
inherit (lib.types) nullOr enum; inherit (lib.types) nullOr enum;
cfg = config.${namespace}.desktop; cfg = config.${namespace}.desktop;
in { in
{
imports = [ imports = [
inputs.grub2-themes.nixosModules.default inputs.grub2-themes.nixosModules.default
]; ];
options.${namespace}.desktop = { options.${namespace}.desktop = {
use = mkOption { use = mkOption {
type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); type = nullOr (enum [ "plasma" "gamescope" "gnome" ]);
default = null; default = null;
example = "plasma"; example = "plasma";
description = "Which desktop to enable"; description = "Which desktop to enable";
@ -24,11 +20,11 @@ in {
}; };
config = mkMerge [ config = mkMerge [
{ ({
services.displayManager = { services.displayManager = {
enable = true; enable = true;
}; };
} })
# (mkIf (cfg.use != null) { # (mkIf (cfg.use != null) {
# ${namespace}.desktop.${cfg.use}.enable = true; # ${namespace}.desktop.${cfg.use}.enable = true;

2
modules/nixos/desktop/plasma/default.nix
View file

@ -22,7 +22,7 @@ in
konsole konsole
kate kate
ghostwriter ghostwriter
# oxygen oxygen
]; ];
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables.NIXOS_OZONE_WL = "1";

42
modules/nixos/services/communication/matrix/default.nix
View file

@ -52,15 +52,11 @@ in {
# Since we'll be using OIDC for auth disable all local options # Since we'll be using OIDC for auth disable all local options
enable_registration = false; enable_registration = false;
enable_registration_without_verification = false; enable_registration_without_verification = false;
password_config.enabled = true; password_config.enabled = false;
backchannel_logout_enabled = true; backchannel_logout_enabled = true;
experimental_features = {
msc2965_enabled = true;
};
sso = { sso = {
client_whitelist = ["http://[::1]:9092/" "https://auth.kruining.eu/"]; client_whitelist = ["http://[::1]:9092"];
update_profile_information = true; update_profile_information = true;
}; };
@ -99,38 +95,7 @@ in {
settings = { settings = {
appservice = { appservice = {
provisioning.enabled = false; provisioning.enabled = false;
}; # port = 40011;
homeserver = {
address = "http://[::1]:${toString port}";
domain = domain;
};
bridge = {
permissions = {
"@chris:${domain}" = "admin";
};
};
};
};
mautrix-telegram = {
enable = true;
registerToSynapse = true;
settings = {
telegram = {
api_id = 32770816;
api_hash = "7b63778a976619c9d4ab62adc51cde79";
bot_token = "disabled";
catch_up = true;
sequential_updates = true;
};
appservice = {
port = 40011;
provisioning.enabled = false;
}; };
homeserver = { homeserver = {
@ -153,6 +118,7 @@ in {
settings = { settings = {
appservice = { appservice = {
provisioning.enabled = false; provisioning.enabled = false;
# port = 40012;
}; };
homeserver = { homeserver = {

55
modules/nixos/services/media/default.nix
View file

@ -35,6 +35,13 @@ in {
#========================================================================= #=========================================================================
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
podman-tui podman-tui
jellyfin
jellyfin-web
jellyfin-ffmpeg
jellyseerr
mediainfo
id3v2
yt-dlp
]; ];
#========================================================================= #=========================================================================
@ -49,6 +56,9 @@ in {
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
# "d '${cfg.path}/series' 0770 ${cfg.user} ${cfg.group} - -"
# "d '${cfg.path}/movies' 0770 ${cfg.user} ${cfg.group} - -"
# "d '${cfg.path}/music' 0770 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/qbittorrent' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/qbittorrent' 0770 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/sabnzbd' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/sabnzbd' 0770 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/downloads/incomplete' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/downloads/incomplete' 0770 ${cfg.user} ${cfg.group} - -"
@ -67,9 +77,54 @@ in {
listenPort = 2005; listenPort = 2005;
}; };
flaresolverr = {
enable = true;
openFirewall = true;
port = 2007;
};
# port is harcoded in nixpkgs module
jellyfin = {
enable = true;
openFirewall = true;
user = cfg.user;
group = cfg.group;
};
postgresql = { postgresql = {
enable = true; enable = true;
}; };
caddy = {
enable = true;
virtualHosts = {
"jellyfin.kruining.eu".extraConfig = ''
reverse_proxy http://[::1]:8096
'';
};
};
};
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
sops = {
secrets = {
# "qbittorrent/password" = {};
"qbittorrent/password_hash" = {};
};
templates = {
"qbittorrent/password.conf" = {
owner = cfg.user;
group = cfg.group;
restartUnits = ["qbittorrent.service"];
path = "${config.services.qbittorrent.profileDir}/qBittorrent/config/password.conf";
content = ''
[Preferences]
WebUI\Password_PBKDF2="${config.sops.placeholder."qbittorrent/password_hash"}"
'';
};
};
}; };
}; };
} }

10
modules/nixos/services/media/glance/default.nix
View file

@ -130,6 +130,16 @@ in {
} }
]; ];
} }
{
type = "videos";
channels = [
"UCXuqSBlHAE6Xw-yeJA0Tunw" # Linus Tech Tips
"UCR-DXc1voovS8nhAvccRZhg" # Jeff Geerling
"UCsBjURrPoezykLs9EqgamOA" # Fireship
"UCBJycsmduvYEL83R_U4JriQ" # Marques Brownlee
"UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium
];
}
]; ];
} }

50
modules/nixos/services/media/jellyfin/default.nix
View file

@ -1,50 +0,0 @@
{
pkgs,
config,
lib,
namespace,
inputs,
system,
...
}: let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.jellyfin;
in {
options.${namespace}.services.media.jellyfin = {
enable = mkEnableOption "Enable jellyfin server";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
mediainfo
id3v2
yt-dlp
];
services = {
# port is harcoded in nixpkgs module
jellyfin = {
enable = true;
openFirewall = true;
user = "media";
group = "media";
};
caddy = {
enable = true;
virtualHosts = {
"jellyfin.kruining.eu".extraConfig = ''
reverse_proxy http://[::1]:8096
'';
};
};
};
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
};
}

11
modules/nixos/services/media/mydia/default.nix
View file

@ -36,7 +36,7 @@ in {
# uri = "file:///var/lib/mydia/mydia.db"; # uri = "file:///var/lib/mydia/mydia.db";
type = "postgres"; type = "postgres";
uri = "postgres://mydia@localhost:5432/mydia?sslmode=disable"; uri = "postgres://mydia@localhost:5432/mydia?sslmode=disable";
passwordFile = config.sops.templates."mydia/database_password".path; passwordFile = config.sops.secrets."mydia/qbittorrent_password".path;
}; };
secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path; secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path;
@ -82,14 +82,5 @@ in {
key = "qbittorrent/password"; key = "qbittorrent/password";
}; };
}; };
sops.templates."mydia/database_password" = {
owner = config.services.mydia.user;
group = config.services.mydia.group;
restartUnits = ["mydia.service"];
content = ''
DATABASE_PASSWORD=""
'';
};
}; };
} }

239
modules/nixos/services/media/servarr/default.nix
View file

@ -11,8 +11,6 @@
inherit (lib) mkIf mkEnableOption mkOption types; inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.servarr; cfg = config.${namespace}.services.media.servarr;
servarr = import ./lib.nix {inherit lib;};
anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0);
in { in {
options.${namespace}.services.media = { options.${namespace}.services.media = {
servarr = mkOption { servarr = mkOption {
@ -35,7 +33,7 @@ in {
}; };
}; };
config = mkIf anyEnabled { config = {
services = services =
cfg cfg
|> lib.mapAttrsToList (service: { |> lib.mapAttrsToList (service: {
@ -69,13 +67,15 @@ in {
}; };
}; };
} }
// (lib.optionalAttrs (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { // (lib.optionalAttrs (service != "prowlarr") {
user = service; user = service;
group = "media"; group = "media";
}); });
})) }))
|> lib.concat [ |> lib.mkMerge
{ |> (set:
set
// {
qbittorrent = { qbittorrent = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@ -86,7 +86,6 @@ in {
Prefecences.WebUI = { Prefecences.WebUI = {
Username = "admin"; Username = "admin";
Password_PBKDF2 = "@ByteArray(JpfX3wSUcMolUFD+8AD67w==:fr5kmc6sK9xsCfGW6HkPX2K1lPYHL6g2ncLLwuOVmjphmxkwBJ8pi/XQDsDWzyM/MRh5zPhUld2Xqn8o7BWv3Q==)";
}; };
}; };
@ -98,19 +97,12 @@ in {
sabnzbd = { sabnzbd = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
configFile = "/var/media/sabnzbd/config.ini"; configFile = "${cfg.path}/sabnzbd/config.ini";
# configFile = config.sops.templates."sabnzbd/config.ini".path;
user = "sabnzbd"; user = "sabnzbd";
group = "media"; group = "media";
}; };
flaresolverr = {
enable = true;
openFirewall = true;
port = 2007;
};
postgresql = { postgresql = {
ensureDatabases = cfg |> lib.attrNames; ensureDatabases = cfg |> lib.attrNames;
ensureUsers = ensureUsers =
@ -121,9 +113,7 @@ in {
ensureDBOwnership = true; ensureDBOwnership = true;
}); });
}; };
} });
]
|> lib.mkMerge;
systemd.services = systemd.services =
cfg cfg
@ -135,9 +125,6 @@ in {
... ...
}: (mkIf enable { }: (mkIf enable {
"${service}ApplyTerraform" = let "${service}ApplyTerraform" = let
config' = config;
lib' = lib;
terraformConfiguration = inputs.terranix.lib.terranixConfiguration { terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
inherit system; inherit system;
@ -148,29 +135,13 @@ in {
... ...
}: { }: {
config = { config = {
variable = variable = {
cfg api_key = {
|> lib'.mapAttrsToList (s: _: {
"${s}_api_key" = {
type = "string"; type = "string";
description = "${s} API key"; description = "${service} api key";
}; };
})
|> lib'.concat [
{
qbittorrent_api_key = {
type = "string";
description = "qbittorrent api key";
}; };
sabnzbd_api_key = {
type = "string";
description = "sabnzbd api key";
};
}
]
|> lib'.mkMerge;
terraform.required_providers.${service} = { terraform.required_providers.${service} = {
source = "devopsarr/${service}"; source = "devopsarr/${service}";
version = version =
@ -188,117 +159,17 @@ in {
provider.${service} = { provider.${service} = {
url = "http://127.0.0.1:${toString port}"; url = "http://127.0.0.1:${toString port}";
api_key = lib.tfRef "var.${service}_api_key"; api_key = lib.tfRef "var.api_key";
}; };
resource = resource = {
{
"${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) (
rootFolders rootFolders
|> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;})
|> lib.listToAttrs |> lib.listToAttrs
); );
"${service}_download_client_qbittorrent" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) {
"main" = {
name = "qBittorrent";
enable = true;
priority = 1;
host = "localhost";
username = "admin";
password = lib.tfRef "var.qbittorrent_api_key";
# password = "poChieN5feeph0igeaCadeJ9Xux0ohmuy6ruH5ieThaPheib3iuzoo0ahw1aiceif1feegioh9Aimau0pai5thoh5ieH0aechohw";
url_base = "/";
port = 2008;
}; };
}; };
"${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) {
"main" = {
name = "SABnzbd";
enable = true;
priority = 1;
host = "localhost";
api_key = lib.tfRef "var.sabnzbd_api_key";
url_base = "/";
port = 8080;
};
};
}
// (lib.optionalAttrs (service == "prowlarr") (
cfg
|> lib'.filterAttrs (s: _: lib'.elem s ["radarr" "sonarr" "lidarr" "whisparr"])
|> lib'.mapAttrsToList (s: {port, ...}: {
"prowlarr_application_${s}"."main" = let
p = cfg.prowlarr.port or config'.services.prowlarr.settings.server.port or 9696;
in {
name = s;
sync_level = "addOnly";
base_url = "http://localhost:${toString port}";
prowlarr_url = "http://localhost:${toString p}";
api_key = lib.tfRef "var.${s}_api_key";
# sync_categories = [3000 3010 3030];
};
})
|> lib'.concat [
{
"prowlarr_indexer" = {
"nyaa" = {
enable = true;
app_profile_id = 1;
priority = 1;
name = "Nyaa";
implementation = "nyaa";
config_contract = "nyaa_settings";
protocol = "torrent";
fields = [
{
name = "targetType";
value = "";
}
];
};
"nzbgeek" = {
enable = true;
app_profile_id = 2;
priority = 1;
name = "NZBgeek";
implementation = "nzbgeek";
config_contract = "nzbgeek_settings";
protocol = "torrent";
fields = [
];
};
# "nzbgeek" = {
# enable = true;
# app_profile_id = 1;
# name = "NZBgeek";
# implementation = "nzbgeek";
# config_contract = "nzbgeek_settings";
# protocol = "torrent";
# fields = [
# # {
# # name = "";
# # value = "";
# # }
# ];
# };
};
}
]
|> lib'.mkMerge
));
};
}) })
]; ];
}; };
@ -333,7 +204,7 @@ in {
cp -f ${terraformConfiguration} config.tf.json cp -f ${terraformConfiguration} config.tf.json
# Initialize OpenTofu # Initialize OpenTofu
${lib.getExe pkgs.opentofu} init ${lib.getExe pkgs.opentofu} init -upgrade
# Run the infrastructure code # Run the infrastructure code
${lib.getExe pkgs.opentofu} \ ${lib.getExe pkgs.opentofu} \
@ -342,7 +213,7 @@ in {
then "plan" then "plan"
else "apply -auto-approve" else "apply -auto-approve"
} \ } \
-var-file='${config.sops.templates."servarr/config.tfvars".path}' -var-file='${config.sops.templates."${service}/config.tfvars".path}'
''; '';
serviceConfig = { serviceConfig = {
@ -370,11 +241,6 @@ in {
}; };
groups.${service} = {}; groups.${service} = {};
})) }))
|> lib.concat [
{
groups.media = {};
}
]
|> lib.mkMerge; |> lib.mkMerge;
sops = sops =
@ -395,74 +261,17 @@ in {
${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}" ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}"
''; '';
}; };
"${service}/config.tfvars" = {
owner = service;
group = "media";
restartUnits = ["${service}.service"];
content = ''
api_key = "${config.sops.placeholder."${service}/apikey"}"
'';
};
}; };
})) }))
|> lib.concat [
{
secrets = {
"qbittorrent/password" = {};
"sabnzbd/apikey" = {};
"sabnzbd/sunnyweb/username" = {};
"sabnzbd/sunnyweb/password" = {};
};
templates = {
"servarr/config.tfvars" = {
owner = "media";
group = "media";
mode = "0440";
restartUnits = cfg |> lib.attrNames |> lib.map (s: "${s}.service");
content = ''
${
cfg
|> lib.attrNames
|> lib.map (s: "${s}_api_key = \"${config.sops.placeholder."${s}/apikey"}\"")
|> lib.join "\n"
}
qbittorrent_api_key = "${config.sops.placeholder."qbittorrent/password"}"
sabnzbd_api_key = "${config.sops.placeholder."sabnzbd/apikey"}"
'';
};
"sabnzbd/config.ini" = {
owner = "sabnzbd";
group = "media";
mode = "0660";
content = ''
__version__ = 19
__encoding__ = utf-8
[misc]
download_dir = /var/media/downloads/incomplete
complete_dir = /var/media/downloads/done
api_key = ${config.sops.placeholder."sabnzbd/apikey"}
log_dir = logs
[servers]
[[news.sunnyusenet.com]]
name = news.sunnyusenet.com
displayname = news.sunnyusenet.com
host = news.sunnyusenet.com
port = 563
timeout = 60
username = ${config.sops.placeholder."sabnzbd/sunnyweb/username"}
password = ${config.sops.placeholder."sabnzbd/sunnyweb/password"}
connections = 8
ssl = 1
ssl_verify = 3
ssl_ciphers = ""
enable = 1
required = 0
optional = 0
retention = 0
expire_date = ""
quota = ""
usage_at_start = 0
priority = 1
notes = ""
'';
};
};
}
]
|> lib.mkMerge; |> lib.mkMerge;
}; };
} }

2
modules/nixos/services/media/servarr/lib.nix
View file

@ -1,2 +0,0 @@
{lib, ...}: {
}

29
modules/nixos/services/observability/grafana/default.nix
View file

@ -1,10 +1,5 @@
{ { pkgs, config, lib, namespace, ... }:
pkgs, let
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf; inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption; inherit (lib.options) mkEnableOption;
@ -12,7 +7,8 @@
db_user = "grafana"; db_user = "grafana";
db_name = "grafana"; db_name = "grafana";
in { in
{
options.${namespace}.services.observability.grafana = { options.${namespace}.services.observability.grafana = {
enable = mkEnableOption "enable Grafana"; enable = mkEnableOption "enable Grafana";
}; };
@ -39,8 +35,8 @@ in {
"auth.generic_oauth" = { "auth.generic_oauth" = {
enable = true; enable = true;
name = "Zitadel"; name = "Zitadel";
client_id = "$__file{${config.sops.secrets."grafana/oidc_id".path}}"; client_id = "334170712283611395";
client_secret = "$__file{${config.sops.secrets."grafana/oidc_secret".path}}"; client_secret = "AFjypmURdladmQn1gz2Ke0Ta5LQXapnuKkALVZ43riCL4qWicgV2Z6RlwpoWBZg1";
scopes = "openid email profile offline_access urn:zitadel:iam:org:project:roles"; scopes = "openid email profile offline_access urn:zitadel:iam:org:project:roles";
email_attribute_path = "email"; email_attribute_path = "email";
login_attribute_path = "username"; login_attribute_path = "username";
@ -130,18 +126,5 @@ in {
}; };
environment.etc."/grafana/dashboards/default.json".source = ./dashboards/default.json; environment.etc."/grafana/dashboards/default.json".source = ./dashboards/default.json;
sops = {
secrets = {
"grafana/oidc_id" = {
owner = "grafana";
group = "grafana";
};
"grafana/oidc_secret" = {
owner = "grafana";
group = "grafana";
};
};
};
}; };
} }

21
modules/nixos/services/persistance/convex/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, pkgs, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.persistance.convex;
in
{
imports = [ ./source.nix ];
options.${namespace}.services.persistance.convex = {
enable = mkEnableOption "enable Convex";
};
config = mkIf cfg.enable {
services.convex = {
enable = true;
package = pkgs.${namespace}.convex;
secret = "ThisIsMyAwesomeSecret";
};
};
}

149
modules/nixos/services/persistance/convex/source.nix Normal file
View file

@ -0,0 +1,149 @@
{ config, pkgs, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption mkPackageOption mkOption optional types;
cfg = config.services.convex;
default_user = "convex";
default_group = "convex";
in
{
options.services.convex = {
enable = mkEnableOption "enable Convex (backend only for now)";
package = mkPackageOption pkgs "convex" {};
name = lib.mkOption {
type = types.str;
default = "convex";
description = ''
Name for the instance.
'';
};
secret = lib.mkOption {
type = types.str;
default = "";
description = ''
Secret for the instance.
'';
};
apiPort = mkOption {
type = types.port;
default = 3210;
description = ''
The TCP port to use for the API.
'';
};
actionsPort = mkOption {
type = types.port;
default = 3211;
description = ''
The TCP port to use for the HTTP actions.
'';
};
dashboardPort = mkOption {
type = types.port;
default = 6791;
description = ''
The TCP port to use for the Dashboard.
'';
};
openFirewall = lib.mkOption {
type = types.bool;
default = false;
description = ''
Whether to open ports in the firewall for the server.
'';
};
user = lib.mkOption {
type = types.str;
default = default_user;
description = ''
As which user to run the service.
'';
};
group = lib.mkOption {
type = types.str;
default = default_group;
description = ''
As which group to run the service.
'';
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.secret != "";
message = ''
No secret provided for convex
'';
}
];
users = {
users.${cfg.user} = {
description = "System user for convex service";
isSystemUser = true;
group = cfg.group;
};
groups.${cfg.group} = {};
};
networking.firewall.allowedTCPPorts = optional cfg.openFirewall [ cfg.apiPort cfg.actionsPort cfg.dashboardPort ];
environment.systemPackages = [ cfg.package ];
systemd.services.convex = {
description = "Convex Backend server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin --instance-name ${cfg.name} --instance-secret ${cfg.secret}";
Type = "notify";
User = cfg.user;
Group = cfg.group;
RuntimeDirectory = "convex";
RuntimeDirectoryMode = "0775";
StateDirectory = "convex";
StateDirectoryMode = "0775";
Umask = "0077";
CapabilityBoundingSet = "";
NoNewPrivileges = true;
# Sandboxing
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
LockPersonality = true;
};
};
};
}

59
packages/convex/default.nix Normal file
View file

@ -0,0 +1,59 @@
{
lib,
stdenv,
rustPlatform,
fetchFromGitHub,
# dependencies
openssl,
pkg-config,
cmake,
llvmPackages,
postgresql,
sqlite,
#options
dbBackend ? "postgresql",
...
}:
rustPlatform.buildRustPackage rec {
pname = "convex";
version = "2025-08-20-c9b561e";
src = fetchFromGitHub {
owner = "get-convex";
repo = "convex-backend";
rev = "c9b561e1b365c85ef28af35d742cb7dd174b5555";
hash = "sha256-4h4AQt+rQ+nTw6eTbbB5vqFt9MFjKYw3Z7bGXdXijJ0=";
};
cargoHash = "sha256-pcDNWGrk9D0qcF479QAglPLFDZp27f8RueP5/lq9jho=";
cargoBuildFlags = [
"-p" "local_backend"
"--bin" "convex-local-backend"
];
env = {
LIBCLANG_PATH = "${llvmPackages.libclang}/lib";
};
strictDeps = true;
# Build-time dependencies
nativeBuildInputs = [ pkg-config cmake rustPlatform.bindgenHook ];
# Run-time dependencies
buildInputs =
[ openssl ]
++ lib.optional (dbBackend == "sqlite") sqlite
++ lib.optional (dbBackend == "postgresql") postgresql;
buildFeatures = "";
meta = with lib; {
license = licenses.fsl11Asl20;
mainProgram = "convex";
};
}

9
packages/studio/default.nix
View file

@ -11,8 +11,8 @@ in mkWindowsAppNoCC rec {
version = "2.25.4"; version = "2.25.4";
src = fetchurl { src = fetchurl {
url = "https://studio.download.bricklink.info/Studio2.0+EarlyAccess/Archive/2.25.12_1/Studio+2.0+EarlyAccess.exe"; url = "https://studio.download.bricklink.info/Studio2.0+EarlyAccess/Archive/2.25.4_1/Studio+2.0+EarlyAccess.exe";
sha256 = "sha256:1xl3zvzkzr64zphk7rnpfx3whhbaykzw06m3nd5dc12r2p4sdh3v"; sha256 = "sha256:1gw6pyvfr7zr42g21hqgiwkjs88nvhq2c2v40y21frvwv17hja92";
}; };
enableMonoBootPrompt = false; enableMonoBootPrompt = false;
@ -59,10 +59,7 @@ in mkWindowsAppNoCC rec {
wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f
''; '';
winAppPreRun = '' winAppPreRun = '''';
wineserver -W
wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f
'';
winAppRun = '' winAppRun = ''
wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS" wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS"

395
sabnzbd.ini
View file

@ -1,395 +0,0 @@
__version__ = 19
__encoding__ = utf-8
[misc]
helpful_warnings = 1
queue_complete = hibernate_pc
queue_complete_pers = 0
bandwidth_perc = 100
refresh_rate = 1
interface_settings = '{"dateFormat":"YYYY-MM-DD HH:mm","extraQueueColumns":[],"extraHistoryColumns":[],"displayCompact":false,"displayFullWidth":false,"confirmDeleteQueue":true,"confirmDeleteHistory":true,"keyboardShortcuts":true}'
queue_limit = 20
config_lock = 0
fixed_ports = 1
notified_new_skin = 2
direct_unpack_tested = 1
sorters_converted = 1
check_new_rel = 1
auto_browser = 0
language = en
enable_https_verification = 0
host = 0.0.0.0
port = 8080
https_port = ""
username = ""
password = ""
bandwidth_max = ""
cache_limit = 1G
web_dir = Glitter
web_color = Auto
https_cert = server.cert
https_key = server.key
https_chain = ""
enable_https = 0
inet_exposure = 0
api_key = 0052eba0db9d4b4f93a8a96f0cb85198
nzb_key = 171ebeb3e0044c379dc7719bef6b3144
socks5_proxy_url = ""
permissions = ""
download_dir = /var/media/downloads/incomplete
download_free = ""
complete_dir = /var/media/downloads/done
complete_free = ""
fulldisk_autoresume = 0
script_dir = ""
nzb_backup_dir = ""
admin_dir = admin
backup_dir = ""
dirscan_dir = ""
dirscan_speed = 5
password_file = ""
log_dir = logs
max_art_tries = 3
top_only = 0
sfv_check = 1
script_can_fail = 0
enable_recursive = 1
flat_unpack = 0
par_option = ""
pre_check = 0
nice = ""
win_process_prio = 3
ionice = ""
fail_hopeless_jobs = 1
fast_fail = 1
auto_disconnect = 1
pre_script = None
end_queue_script = None
no_dupes = 0
no_series_dupes = 0
no_smart_dupes = 0
dupes_propercheck = 1
pause_on_pwrar = 1
ignore_samples = 0
deobfuscate_final_filenames = 1
auto_sort = ""
direct_unpack = 0
propagation_delay = 0
folder_rename = 1
replace_spaces = 0
replace_underscores = 0
replace_dots = 0
safe_postproc = 1
pause_on_post_processing = 0
enable_all_par = 0
sanitize_safe = 0
cleanup_list = ,
unwanted_extensions = ,
action_on_unwanted_extensions = 0
unwanted_extensions_mode = 0
new_nzb_on_failure = 0
history_retention = ""
history_retention_option = all
history_retention_number = 1
quota_size = ""
quota_day = ""
quota_resume = 0
quota_period = m
enable_tv_sorting = 0
tv_sort_string = ""
tv_categories = tv,
enable_movie_sorting = 0
movie_sort_string = ""
movie_sort_extra = -cd%1
movie_categories = movies,
enable_date_sorting = 0
date_sort_string = ""
date_categories = tv,
schedlines = ,
rss_rate = 60
ampm = 0
start_paused = 0
preserve_paused_state = 0
enable_par_cleanup = 1
process_unpacked_par2 = 1
enable_multipar = 1
enable_unrar = 1
enable_7zip = 1
enable_filejoin = 1
enable_tsjoin = 1
overwrite_files = 0
ignore_unrar_dates = 0
backup_for_duplicates = 0
empty_postproc = 0
wait_for_dfolder = 0
rss_filenames = 0
api_logging = 1
html_login = 1
warn_dupl_jobs = 0
keep_awake = 1
tray_icon = 1
allow_incomplete_nzb = 0
enable_broadcast = 1
ipv6_hosting = 0
ipv6_staging = 0
api_warnings = 1
no_penalties = 0
x_frame_options = 1
allow_old_ssl_tls = 0
enable_season_sorting = 1
verify_xff_header = 0
rss_odd_titles = nzbindex.nl/, nzbindex.com/, nzbclub.com/
quick_check_ext_ignore = nfo, sfv, srr
req_completion_rate = 100.2
selftest_host = self-test.sabnzbd.org
movie_rename_limit = 100M
episode_rename_limit = 20M
size_limit = 0
direct_unpack_threads = 3
history_limit = 5
wait_ext_drive = 5
max_foldername_length = 246
nomedia_marker = ""
ipv6_servers = 1
url_base = /sabnzbd
host_whitelist = usenet.kruining.eu, ulmo
local_ranges = ,
max_url_retries = 10
downloader_sleep_time = 10
receive_threads = 2
switchinterval = 0.005
ssdp_broadcast_interval = 15
ext_rename_ignore = ,
email_server = ""
email_to = ,
email_from = ""
email_account = ""
email_pwd = ""
email_endjob = 0
email_full = 0
email_dir = ""
email_rss = 0
email_cats = *,
config_conversion_version = 4
disable_par2cmdline = 0
disable_archive = 0
unrar_parameters = ""
outgoing_nntp_ip = ""
[logging]
log_level = 1
max_log_size = 5242880
log_backups = 5
[ncenter]
ncenter_enable = 0
ncenter_cats = *,
ncenter_prio_startup = 0
ncenter_prio_download = 0
ncenter_prio_pause_resume = 0
ncenter_prio_pp = 0
ncenter_prio_complete = 1
ncenter_prio_failed = 1
ncenter_prio_disk_full = 1
ncenter_prio_new_login = 0
ncenter_prio_warning = 0
ncenter_prio_error = 0
ncenter_prio_queue_done = 0
ncenter_prio_other = 1
ncenter_prio_quota = 1
[acenter]
acenter_enable = 0
acenter_cats = *,
acenter_prio_startup = 0
acenter_prio_download = 0
acenter_prio_pause_resume = 0
acenter_prio_pp = 0
acenter_prio_complete = 1
acenter_prio_failed = 1
acenter_prio_disk_full = 1
acenter_prio_new_login = 0
acenter_prio_warning = 0
acenter_prio_error = 0
acenter_prio_queue_done = 0
acenter_prio_other = 1
acenter_prio_quota = 1
[ntfosd]
ntfosd_enable = 1
ntfosd_cats = *,
ntfosd_prio_startup = 0
ntfosd_prio_download = 0
ntfosd_prio_pause_resume = 0
ntfosd_prio_pp = 0
ntfosd_prio_complete = 1
ntfosd_prio_failed = 1
ntfosd_prio_disk_full = 1
ntfosd_prio_new_login = 0
ntfosd_prio_warning = 0
ntfosd_prio_error = 0
ntfosd_prio_queue_done = 0
ntfosd_prio_other = 1
ntfosd_prio_quota = 1
[prowl]
prowl_enable = 0
prowl_cats = *,
prowl_apikey = ""
prowl_prio_startup = -3
prowl_prio_download = -3
prowl_prio_pause_resume = -3
prowl_prio_pp = -3
prowl_prio_complete = 0
prowl_prio_failed = 1
prowl_prio_disk_full = 1
prowl_prio_new_login = -3
prowl_prio_warning = -3
prowl_prio_error = -3
prowl_prio_queue_done = -3
prowl_prio_other = 0
prowl_prio_quota = 0
[pushover]
pushover_token = ""
pushover_userkey = ""
pushover_device = ""
pushover_emergency_expire = 3600
pushover_emergency_retry = 60
pushover_enable = 0
pushover_cats = *,
pushover_prio_startup = -3
pushover_prio_download = -2
pushover_prio_pause_resume = -2
pushover_prio_pp = -3
pushover_prio_complete = -1
pushover_prio_failed = -1
pushover_prio_disk_full = 1
pushover_prio_new_login = -3
pushover_prio_warning = 1
pushover_prio_error = 1
pushover_prio_queue_done = -3
pushover_prio_other = -1
pushover_prio_quota = -1
[pushbullet]
pushbullet_enable = 0
pushbullet_cats = *,
pushbullet_apikey = ""
pushbullet_device = ""
pushbullet_prio_startup = 0
pushbullet_prio_download = 0
pushbullet_prio_pause_resume = 0
pushbullet_prio_pp = 0
pushbullet_prio_complete = 1
pushbullet_prio_failed = 1
pushbullet_prio_disk_full = 1
pushbullet_prio_new_login = 0
pushbullet_prio_warning = 0
pushbullet_prio_error = 0
pushbullet_prio_queue_done = 0
pushbullet_prio_other = 1
pushbullet_prio_quota = 1
[apprise]
apprise_enable = 0
apprise_cats = *,
apprise_urls = ""
apprise_target_startup = ""
apprise_target_startup_enable = 0
apprise_target_download = ""
apprise_target_download_enable = 0
apprise_target_pause_resume = ""
apprise_target_pause_resume_enable = 0
apprise_target_pp = ""
apprise_target_pp_enable = 0
apprise_target_complete = ""
apprise_target_complete_enable = 1
apprise_target_failed = ""
apprise_target_failed_enable = 1
apprise_target_disk_full = ""
apprise_target_disk_full_enable = 0
apprise_target_new_login = ""
apprise_target_new_login_enable = 1
apprise_target_warning = ""
apprise_target_warning_enable = 0
apprise_target_error = ""
apprise_target_error_enable = 0
apprise_target_queue_done = ""
apprise_target_queue_done_enable = 0
apprise_target_other = ""
apprise_target_other_enable = 1
apprise_target_quota = ""
apprise_target_quota_enable = 1
[nscript]
nscript_enable = 0
nscript_cats = *,
nscript_script = ""
nscript_parameters = ""
nscript_prio_startup = 0
nscript_prio_download = 0
nscript_prio_pause_resume = 0
nscript_prio_pp = 0
nscript_prio_complete = 1
nscript_prio_failed = 1
nscript_prio_disk_full = 1
nscript_prio_new_login = 0
nscript_prio_warning = 0
nscript_prio_error = 0
nscript_prio_queue_done = 0
nscript_prio_other = 1
nscript_prio_quota = 1
[categories]
[[*]]
name = *
order = 0
pp = 3
script = None
dir = ""
newzbin = ""
priority = 0
[[movies]]
name = movies
order = 1
pp = ""
script = Default
dir = ""
newzbin = ""
priority = -100
[[tv]]
name = tv
order = 2
pp = ""
script = Default
dir = ""
newzbin = ""
priority = -100
[[audio]]
name = audio
order = 3
pp = ""
script = Default
dir = ""
newzbin = ""
priority = -100
[[software]]
name = software
order = 4
pp = ""
script = Default
dir = ""
newzbin = ""
priority = -100
[servers]
[[news.sunnyusenet.com]]
name = news.sunnyusenet.com
displayname = news.sunnyusenet.com
host = news.sunnyusenet.com
port = 563
timeout = 60
username = michiel@hazelhof.nl
password = dasusenet
connections = 8
ssl = 1
ssl_verify = 3
ssl_ciphers = ""
enable = 1
required = 0
optional = 0
retention = 0
expire_date = ""
quota = ""
usage_at_start = 0
priority = 1
notes = ""

1
shells/default/default.nix
View file

@ -17,6 +17,5 @@ mkShell {
nixd nixd
openssl openssl
inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli
nix-output-monitor
]; ];
} }

8
systems/x86_64-linux/manwe/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ...}: { { ... }:
{
imports = [ imports = [
./disks.nix ./disks.nix
./hardware.nix ./hardware.nix
@ -6,10 +7,6 @@
system.activationScripts.remove-gtkrc.text = "rm -f /home/chris/.gtkrc-2.0"; system.activationScripts.remove-gtkrc.text = "rm -f /home/chris/.gtkrc-2.0";
services.logrotate.checkConfig = false;
environment.systemPackages = with pkgs; [ beyond-all-reason ];
sneeuwvlok = { sneeuwvlok = {
hardware.has = { hardware.has = {
gpu.amd = true; gpu.amd = true;
@ -33,6 +30,7 @@
}; };
}; };
services.displayManager.autoLogin = { services.displayManager.autoLogin = {
enable = true; enable = true;
user = "chris"; user = "chris";

36
systems/x86_64-linux/ulmo/default.nix
View file

@ -38,31 +38,6 @@
''; '';
}; };
# virtualisation = {
# containers.enable = true;
# podman = {
# enable = true;
# dockerCompat = true;
# };
# oci-containers = {
# backend = "podman";
# containers = {
# homey = {
# image = "ghcr.io/athombv/homey-shs:latest";
# autoStart = true;
# privileged = true;
# volumes = [
# "/home/chris/.homey-shs:/homey/user"
# ];
# ports = [
# "4859:4859"
# ];
# };
# };
# };
# };
sneeuwvlok = { sneeuwvlok = {
services = { services = {
backup.borg.enable = true; backup.borg.enable = true;
@ -143,12 +118,6 @@
grantTypes = ["authorizationCode"]; grantTypes = ["authorizationCode"];
responseTypes = ["code"]; responseTypes = ["code"];
}; };
grafana = {
redirectUris = ["http://localhost:9001/login/generic_oauth"];
grantTypes = ["authorizationCode"];
responseTypes = ["code"];
};
}; };
}; };
}; };
@ -195,7 +164,6 @@
media.glance.enable = true; media.glance.enable = true;
media.mydia.enable = true; media.mydia.enable = true;
media.nfs.enable = true; media.nfs.enable = true;
media.jellyfin.enable = true;
media.servarr = { media.servarr = {
radarr = { radarr = {
enable = true; enable = true;
@ -225,7 +193,7 @@
prowlarr = { prowlarr = {
enable = true; enable = true;
# debug = true; debug = true;
port = 2004; port = 2004;
}; };
}; };
@ -238,6 +206,8 @@
# uptime-kuma.enable = true; # uptime-kuma.enable = true;
}; };
persistance.convex.enable = true;
security.vaultwarden = { security.vaultwarden = {
enable = true; enable = true;
database = { database = {

19
systems/x86_64-linux/ulmo/secrets.yml
View file

@ -4,12 +4,13 @@ email:
zitadel: zitadel:
masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str] masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str]
nix: {} nix: {}
users: ENC[AES256_GCM,data:yxdJ2PmOJXXCF2NaD1QWLSuwF9AhdIBhLiZDm4GhcTb4sA3zGTyJBw5saH6P5QAwk9ngbOgn8RH0vgeYEJ0z8VzUoCaLWK5xaqLggYgd75ewNQu7Jkh6V/oSHeVfv+6NCRoq4PckHvhBHwQQ4uToaCghUbjX6VJlFSKwSAy6laG30UMIa2Q4hTQHqgVcbjpQUJSu6/ajDz3Ap0MqhCTSOPWKZ9vWZpvRnFhLhsJrTNl0w6zlCuZcy8xqn/zZo4OEuexHr29yFFohbiD9L9CLd0N6NYDMX7eHRjjdB6Ysxfkic9JSWysma/7OwPzg/KK+pQDkNi7ciR+/cT9Gqn73IFpXPvuooe+7wxe4INfGq3iAoRIYSz8=,iv:opqL2iB3sqT+/a03tTzWphFGnwrEwdKybnj/3BNzL3U=,tag:2+CMLgKdsWpPsYrkKAP5hg==,type:str] users: ENC[AES256_GCM,data:xkjm0+PBt6gmZyfi3n3OIEe5b+d4OtN0Y3UfmdcbcJHbJZuiz+60oUjlAN0vjtsi0muufoAqtGJTIpm9nDZzzN7b7LK43TAhcuSlIm5LpbZFp1U3H4laRbTwauAT6wA0aDCfAkwTozxAuEUk1jAu+65ktJNJb7b0PR7s/I/wf7IgW2+K4Jv3LIOZIipUwfuvXuTzsxCElYRvGZXmIuXrYq1EaymksHHggemrKeMWLAae7mzz5v3aBbwxiVjQNkQkS4ApsO/5nZUat0oqXA==,iv:fptZn4NmX3iYKSEPLJAOFpt+KQ6TR1w9KaY9IF4p/Wk=,tag:UKvMOSIT5/mhfZA3usbLhQ==,type:str]
forgejo: forgejo:
action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str] action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str]
synapse: synapse:
oidc_id: ENC[AES256_GCM,data:XbCpyGq0LeRJWq8dv/5Dipvp,iv:YDhgl26z1NBbIQLoLdGVz0+ze6o1ZcmgVHPfwoRj57I=,tag:y2vUuqnDmtTvVQmZCAlnLg==,type:str] oidc_id: ENC[AES256_GCM,data:XbCpyGq0LeRJWq8dv/5Dipvp,iv:YDhgl26z1NBbIQLoLdGVz0+ze6o1ZcmgVHPfwoRj57I=,tag:y2vUuqnDmtTvVQmZCAlnLg==,type:str]
oidc_secret: ENC[AES256_GCM,data:nVFi5EFbNMZ0mvrDHVYC0NiwJlo2eEw44D+Fcv9SKSb2oO00lGEDkP/oXDj5YgDq6RLQSe3f/SUOn77ntwnZYg==,iv:awe7VNUYOn9ofl1QlQTrEN5d0i5WkVM35qndruL4VXo=,tag:8Yoc9lFF9aWbtAa5fzQGEA==,type:str] oidc_secret: ENC[AES256_GCM,data:nVFi5EFbNMZ0mvrDHVYC0NiwJlo2eEw44D+Fcv9SKSb2oO00lGEDkP/oXDj5YgDq6RLQSe3f/SUOn77ntwnZYg==,iv:awe7VNUYOn9ofl1QlQTrEN5d0i5WkVM35qndruL4VXo=,tag:8Yoc9lFF9aWbtAa5fzQGEA==,type:str]
kaas: ENC[AES256_GCM,data:3yI6lH0rw+f2OFJ94Z7zb0pYwy4FDFs9rJi2wpd9VVWghmey5g4O788ypXa34XqKCQDDHDgTxwyDs6KpvCQQaLV1PDhXd4Po0SSlIOkUtCWhOf6Tp3PM2ASoE+AAAzJLJUc6AZdBJRyYU9V+UvO9jW+WmlpZpsg5crnVMzZo7f2AF0ep9A/A5BL1Y2UhYQE4LDVkLC9AL3hl8IhF5xSdZdO0ugrP0x7CKVUxA7fJyOjx7/IKVwvgKD4xlhIgv9lYPTvE2vUs+w==,iv:e6b98ZnBqf7hh3SSKGdTl63OpQm1oK95lHXdwTiLft8=,tag:IS/lDgvJvSd7OmDLP+uG1g==,type:str]
radarr: radarr:
apikey: ENC[AES256_GCM,data:G141GW4PyS5pbAV39HcVscMw3s30txOgTZzWaL7o+ccZfnfDLv796O6xKXdqGZ8saLsveghLw9Z6a5luusHyQ3Q5ESL6W7SVeZVTuSqSC3i/4jl75FJxhnsgVsfrnYxzLGpKiw==,iv:sZl/XLh6y3WgSAn6nH3sFB6atBifZdghm+QsCNDbcjY=,tag:Tw+R80nrF0T0yDti0Uf+ig==,type:str] apikey: ENC[AES256_GCM,data:G141GW4PyS5pbAV39HcVscMw3s30txOgTZzWaL7o+ccZfnfDLv796O6xKXdqGZ8saLsveghLw9Z6a5luusHyQ3Q5ESL6W7SVeZVTuSqSC3i/4jl75FJxhnsgVsfrnYxzLGpKiw==,iv:sZl/XLh6y3WgSAn6nH3sFB6atBifZdghm+QsCNDbcjY=,tag:Tw+R80nrF0T0yDti0Uf+ig==,type:str]
sonarr: sonarr:
@ -24,18 +25,8 @@ mydia:
secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str] secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str]
guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str] guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str]
qbittorrent: qbittorrent:
password_hash: ENC[AES256_GCM,data:yCfCslj01wtfwzzPOGlwA6wLLf+EUuEweYa3ZxvDtd/VGMxuV38quV+ob1Of+W0UH3+U4Qmgh4BK3I3IJZuKOvNdkZ0i81YBwW6cgvZUmnxwh8wokpNzxCKbYk5nF7y7SaGEdzQLvV7ad3fNMJsQ+s2zCsKWbm+j8Bwgq0E=,iv:IIktPS9pYXaYPzH0r4wrkp31CpunKnr70Ainu6hOeWY=,tag:bYCfhDfIwiQZ1tKAvITewQ==,type:str] password_hash: ENC[AES256_GCM,data:QWuQYmfBn9eLDYztH7TmQvw74MvmzCQ98OlBtyjm1Icr2c63epRuHWzQbm+Q+1jrCSiQreOB3ZyjLzkeV6SlLonryUSD71uBWVwctgPXO0XDrxE1Vi6dkiwC3TF65JTMDhyjDLEj1YkiMP25Fz5NidJTP/r9GlXTfM7gjWo=,iv:bpgL5IoAv+1PUtgNIjLcbzN8C9z55ndypz4LEELAhLc=,tag:VB+XTCwLeIEYKnOr/0f7zA==,type:str]
password: ENC[AES256_GCM,data:UepYY6UjJV/jo2aXTOEnKRtsjSqOSYPQlKlrAa7rf9rdnt2UXGjCkvN+A72pICuIBCAmhXZBAUMvmWTV9trk6NREHe0cY1xTC7pNv3x9TM/ZQmH498pbT/95pYAKwouHp9heJQ==,iv:FzjF+xPoaOp+gplxpz940V2dkWSTWe8dWUxexCoxxHc=,tag:TDZsboq9fEmmBrwJN/HTpQ==,type:str] password: ENC[AES256_GCM,data:UepYY6UjJV/jo2aXTOEnKRtsjSqOSYPQlKlrAa7rf9rdnt2UXGjCkvN+A72pICuIBCAmhXZBAUMvmWTV9trk6NREHe0cY1xTC7pNv3x9TM/ZQmH498pbT/95pYAKwouHp9heJQ==,iv:FzjF+xPoaOp+gplxpz940V2dkWSTWe8dWUxexCoxxHc=,tag:TDZsboq9fEmmBrwJN/HTpQ==,type:str]
grafana:
oidc_id: ENC[AES256_GCM,data:NVdIgCQ6nz4BSUDJYCKyILtK,iv:tcljy9PzC/yyd7TSdngyJt+uh60uXi2PKu47czErbaQ=,tag:zE4q3dD4UQaHIpGeZ1L48Q==,type:str]
oidc_secret: ENC[AES256_GCM,data:b7qILK9ZHW2khtM1Hl/KdjCv3Wq6eOo2Ym/cbjcMB8/3Hn2UelpP4K4lFyiV3bn1/GF6Jl5Z7A0EwMybOx0InA==,iv:3HL/7BiyObwT8DmFxzNPI9CdmCH/4j/4oc9x7qBE1k0=,tag:dBhcq1zLKy6N+jp/v42R4A==,type:str]
sabnzbd:
sunnyweb:
password: ENC[AES256_GCM,data:flw8AahqO1Mx,iv:Qhu8iVWMzzqy18y8dj3aHoBnSZatm74/tYvZ456l2sA=,tag:sCYBdw7kD0zJZFFr5EyPIQ==,type:str]
username: ENC[AES256_GCM,data:IboJ8WDWuVNgvrk7c3V8I5S6Xg==,iv:BRohMuQFQz2S+HFasIaok6npT3C5v/SlhAhbLQXfB0s=,tag:M3/u0WBQ3AufHqe4DCtsrA==,type:str]
apikey: ENC[AES256_GCM,data:j5sPXKbBhMdNHOuoTfZ+c8nGu5JameOgK2z428iLdP01Hi6MvHVaN8Zs8YxMoSBtOjdtIEC8MS+3m1S1rU/P4pCRfZpK5ua1DBHq4l0xROUqokFWjDcAmJJv3pYXl0cQxQcGKQ==,iv:v5hu3gmO1Zn1FfXkHLPGN9f7JOcQjzoQahdqJwfM+xY=,tag:uI1LFcTgcyRgAaTJ1kzKow==,type:str]
whisparr:
apikey: ENC[AES256_GCM,data:kIGCsd4mszm90PoQMzlSEBKw9Ow0GvP1qdLtwXYKkAb6b65l89v8lMWJ2X1MyD2gJX+P+Bv1F/2BSjUFXErq/UYnp4dAjwKi/ezGCbhjMutDM1FvwFWEHRnR3gjd9uXPWJ8Xhg==,iv:98aPQlcZHJovpnzACDs6RtKblLnHg6wyi+Er5DAowj8=,tag:Tl8jz/pWYWAtBCfoztKdyw==,type:str]
sops: sops:
age: age:
- recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq
@ -56,7 +47,7 @@ sops:
TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb
Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-28T21:28:31Z" lastmodified: "2025-12-04T11:24:52Z"
mac: ENC[AES256_GCM,data:vkGMgBkzmA2+xRIOfgUE01XG6jvTMTpm1vWXVHdZ5xE27s2mn8i6C64t1cia0n413qlKLB3y5qcbiHdRVhdLUoZFdBgFTjfixyIXOKZeVJskjJEqg2L0wZGtYIO8Y2KrfPb925qOffr7p0NcMf4c+d6bIqxHFEGb+jR/aWDOMNo=,iv:PK1FHycgOj2wtJt1UfWEAe0mKSBVksu8KWUxljSp2oo=,tag:F/xAAxJLUDqW9Dnwgrd0Rg==,type:str] mac: ENC[AES256_GCM,data:jIgkl1lcVDSlKqJs9fjaHUAZsGL+22T86/qqKyDziHl0+VU763Ezwm8P+la+55jIIT2zLhFcUjhn2BabBi90OeEPztAC4rGpZj6+ZZ0GDCj/JhjPAAo3LgAKOCG0Xgf8MZWr/rXd6bLhW7Qj36PMJnap26rjEiUZeSvpWS2dz8g=,iv:CDx8fBI9Dl1uwrbMD1fa7/h3C7haK3xZxJI59mtL1LA=,tag:2UDRFJoevGEBKZA/9eUiOw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0