will-holdsworth/dots
1
1
Fork 0
Code Issues 22 Pull requests Projects 1 Releases Packages Wiki Activity Actions 1

Merge branch 'main' of github.com:wi11-holdsworth/dots

Browse source
This commit is contained in:
wi11-holdsworth 2026-01-01 20:11:04 +11:00
commit c15cdd66d9
26 changed files with 250 additions and 182 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/nixos/bundles/server.nix
View file

@ -12,9 +12,9 @@
"immich"
"jellyfin"
"karakeep"
"kavita"
"lidarr"
"miniflux"
"radicale"
"nginx"
"ntfy-sh"
"paperless"
@ -22,6 +22,7 @@
"qbittorrent"
"radarr"
"radicale"
"readarr"
"sonarr"
"syncthing"
"vaultwarden"

7
modules/nixos/features/copyparty.nix
View file

@ -2,12 +2,11 @@
# keep-sorted start
config,
inputs,
lib,
# keep-sorted end
...
}:
let
port = "5000";
port = 5000;
in
{
imports = [ inputs.copyparty.nixosModules.default ];
@ -20,7 +19,7 @@ in
e2dsa = true;
e2ts = true;
e2vu = true;
p = lib.toInt port;
p = port;
};
accounts.will.passwordFile = config.age.secrets.copyparty-will.path;
@ -37,7 +36,7 @@ in
nginx.virtualHosts."copyparty.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};

10
modules/nixos/features/couchdb.nix
View file

@ -1,9 +1,5 @@
{
lib,
...
}:
let
port = "5984";
port = 5984;
in
{
services = {
@ -12,7 +8,7 @@ in
databaseDir = "/srv/couchdb";
viewIndexDir = "/srv/couchdb";
configFile = "/srv/couchdb";
port = lib.toInt port;
inherit port;
extraConfig = {
chttpd = {
require_valid_user = true;
@ -41,7 +37,7 @@ in
nginx.virtualHosts."couchdb.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
}

10
modules/nixos/features/flaresolverr.nix
View file

@ -1,21 +1,17 @@
{
lib,
...
}:
let
port = "5011";
port = 5011;
in
{
services = {
flaresolverr = {
enable = true;
port = lib.toInt port;
inherit port;
};
nginx.virtualHosts."flaresolverr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
}

207
modules/nixos/features/homepage-dashboard.nix
View file

@ -7,7 +7,7 @@
...
}:
let
port = "5004";
port = 5004;
genSecrets =
secrets:
lib.genAttrs secrets (secret: {
@ -25,11 +25,13 @@ let
# keep-sorted start
"immich"
"jellyfin"
"kavita-api"
"lidarr"
"miniflux"
"paperless"
"prowlarr"
"radarr"
"readarr"
"sonarr"
# keep-sorted end
];
@ -38,90 +40,11 @@ in
services = {
homepage-dashboard = {
enable = true;
listenPort = lib.toInt port;
listenPort = port;
allowedHosts = "homepage-dashboard.fi33.buzz";
services = [
# keep-sorted start block=yes
{
"Cloud Services" = [
{
"copyparty" = {
"description" = "Cloud file manager";
"icon" = "sh-copyparty.svg";
"href" = "https://copyparty.fi33.buzz/";
};
}
{
"CouchDB" = {
"description" = "Obsidian sync database";
"icon" = "couchdb.svg";
"href" = "https://couchdb.fi33.buzz/_utils/";
};
}
{
"ntfy" = {
"description" = "Notification service";
"icon" = "ntfy.svg";
"href" = "https://ntfy-sh.fi33.buzz/";
};
}
{
"Radicale" = {
"description" = "CalDAV/CardDAV service";
"icon" = "radicale.svg";
"href" = "https://radicale.fi33.buzz";
};
}
{
"Syncthing" = {
"description" = "Decentralised file synchronisation";
"icon" = "syncthing.svg";
"href" = "https://syncthing.fi33.buzz/";
};
}
{
"qBittorrent" = {
"description" = "BitTorrent client";
"icon" = "qbittorrent.svg";
"href" = "https://qbittorrent.fi33.buzz/";
};
}
{
"Vaultwarden" = {
"description" = "Password manager";
"icon" = "vaultwarden.svg";
"href" = "https://vaultwarden.fi33.buzz/";
};
}
];
}
{
"Media Management" = [
{
"Lidarr" = {
"description" = "Music collection manager";
"icon" = "lidarr.svg";
"href" = "https://lidarr.fi33.buzz/";
"widget" = {
"type" = "lidarr";
"url" = "https://lidarr.fi33.buzz/";
"key" = "@lidarr@";
"enableQueue" = true;
};
};
}
{
"Prowlarr" = {
"description" = "Indexer management tool";
"icon" = "prowlarr.svg";
"href" = "https://prowlarr.fi33.buzz/";
"widget" = {
"type" = "prowlarr";
"url" = "https://prowlarr.fi33.buzz/";
"key" = "@prowlarr@";
};
};
}
{
"Radarr" = {
"description" = "Movie collection manager";
@ -148,6 +71,51 @@ in
};
};
}
{
"Lidarr" = {
"description" = "Music collection manager";
"icon" = "lidarr.svg";
"href" = "https://lidarr.fi33.buzz/";
"widget" = {
"type" = "lidarr";
"url" = "https://lidarr.fi33.buzz/";
"key" = "@lidarr@";
"enableQueue" = true;
};
};
}
{
"Readarr" = {
"description" = "Book collection manager";
"icon" = "readarr.svg";
"href" = "https://readarr.fi33.buzz/";
"widget" = {
"type" = "readarr";
"url" = "https://readarr.fi33.buzz/";
"key" = "@readarr@";
"enableQueue" = true;
};
};
}
{
"Prowlarr" = {
"description" = "Indexer management tool";
"icon" = "prowlarr.svg";
"href" = "https://prowlarr.fi33.buzz/";
"widget" = {
"type" = "prowlarr";
"url" = "https://prowlarr.fi33.buzz/";
"key" = "@prowlarr@";
};
};
}
{
"qBittorrent" = {
"description" = "BitTorrent client";
"icon" = "qbittorrent.svg";
"href" = "https://qbittorrent.fi33.buzz/";
};
}
];
}
{
@ -188,6 +156,18 @@ in
};
};
}
{
"Kavita" = {
"description" = "Book reader";
"icon" = "kavita.svg";
"href" = "https://kavita.fi33.buzz/";
"widget" = {
"type" = "kavita";
"url" = "https://kavita.fi33.buzz/";
"key" = "@kavita-api@";
};
};
}
{
"Miniflux" = {
"description" = "RSS aggregator";
@ -215,6 +195,52 @@ in
}
];
}
{
"Services" = [
{
"copyparty" = {
"description" = "Cloud file manager";
"icon" = "sh-copyparty.svg";
"href" = "https://copyparty.fi33.buzz/";
};
}
{
"CouchDB" = {
"description" = "Obsidian sync database";
"icon" = "couchdb.svg";
"href" = "https://couchdb.fi33.buzz/_utils/";
};
}
{
"ntfy" = {
"description" = "Notification service";
"icon" = "ntfy.svg";
"href" = "https://ntfy-sh.fi33.buzz/";
};
}
{
"Radicale" = {
"description" = "CalDAV/CardDAV service";
"icon" = "radicale.svg";
"href" = "https://radicale.fi33.buzz";
};
}
{
"Syncthing" = {
"description" = "Decentralised file synchronisation";
"icon" = "syncthing.svg";
"href" = "https://syncthing.fi33.buzz/";
};
}
{
"Vaultwarden" = {
"description" = "Password manager";
"icon" = "vaultwarden.svg";
"href" = "https://vaultwarden.fi33.buzz/";
};
}
];
}
{
"Utilities" = [
{
@ -226,7 +252,6 @@ in
}
];
}
# keep-sorted end
];
settings = {
title = "Mission Control";
@ -237,21 +262,21 @@ in
{
"Media Streaming" = {
style = "row";
columns = 4;
columns = 3;
useEqualHeights = true;
};
}
{
"Services" = {
style = "row";
columns = 3;
};
}
{
"Media Management" = {
style = "row";
columns = 4;
useEqualHeights = true;
};
}
{
"Cloud Services" = {
style = "row";
columns = 3;
useEqualHeights = true;
};
}
{
@ -300,7 +325,7 @@ in
nginx.virtualHosts."homepage-dashboard.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};

10
modules/nixos/features/immich.nix
View file

@ -1,15 +1,11 @@
{
lib,
...
}:
let
port = "2283";
port = 2283;
in
{
services = {
immich = {
enable = true;
port = lib.toInt "${port}";
inherit port;
mediaLocation = "/srv/immich";
};
@ -28,7 +24,7 @@ in
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://[::1]:${port}";
proxyPass = "http://[::1]:${toString port}";
proxyWebsockets = true;
};
};

4
modules/nixos/features/jellyfin.nix
View file

@ -1,5 +1,5 @@
let
port = "8096";
port = 8096;
in
{
services = {
@ -12,7 +12,7 @@ in
nginx.virtualHosts."jellyfin.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};

6
modules/nixos/features/karakeep.nix
View file

@ -1,12 +1,12 @@
let
port = "5014";
port = 5014;
in
{
services = {
karakeep = {
enable = true;
extraEnvironment = {
PORT = port;
PORT = toString port;
DISABLE_NEW_RELEASE_CHECK = "true";
};
};
@ -14,7 +14,7 @@ in
nginx.virtualHosts."karakeep.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
}

25
modules/nixos/features/kavita.nix Normal file
View file

@ -0,0 +1,25 @@
{
config,
...
}:
let
port = 5015;
in
{
services = {
kavita = {
enable = true;
dataDir = "/srv/kavita";
settings.Port = port;
tokenKeyFile = config.age.secrets.kavita.path;
};
nginx.virtualHosts."kavita.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
age.secrets.kavita.file = ../../../secrets/kavita.age;
}

12
modules/nixos/features/lidarr.nix
View file

@ -1,23 +1,21 @@
{
lib,
...
}:
let
port = "5012";
port = 5012;
in
{
services = {
lidarr = {
enable = true;
dataDir = "/srv/lidarr";
settings.server.port = lib.toInt port;
settings.server = {
inherit port;
};
group = "media";
};
nginx.virtualHosts."lidarr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
}

6
modules/nixos/features/miniflux.nix
View file

@ -3,7 +3,7 @@
...
}:
let
port = "5010";
port = 5010;
in
{
services = {
@ -12,7 +12,7 @@ in
adminCredentialsFile = config.age.secrets.miniflux-creds.path;
config = {
BASE_URL = "https://miniflux.fi33.buzz";
LISTEN_ADDR = "localhost:${port}";
LISTEN_ADDR = "localhost:${toString port}";
};
};
@ -28,7 +28,7 @@ in
nginx.virtualHosts."miniflux.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};

6
modules/nixos/features/ntfy-sh.nix
View file

@ -1,5 +1,5 @@
let
port = "5002";
port = 5002;
in
{
services = {
@ -7,7 +7,7 @@ in
enable = true;
settings = {
base-url = "https://ntfy-sh.fi33.buzz";
listen-http = ":${port}";
listen-http = ":${toString port}";
behind-proxy = true;
};
};
@ -16,7 +16,7 @@ in
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
proxyPass = "http://localhost:${toString port}";
proxyWebsockets = true;
};
};

7
modules/nixos/features/paperless.nix
View file

@ -1,10 +1,9 @@
{
config,
lib,
...
}:
let
port = "5013";
port = 5013;
in
{
services = {
@ -13,7 +12,7 @@ in
dataDir = "/srv/paperless";
database.createLocally = true;
passwordFile = config.age.secrets.paperless.path;
port = lib.toInt port;
inherit port;
settings = {
PAPERLESS_URL = "https://paperless.fi33.buzz";
};
@ -33,7 +32,7 @@ in
nginx.virtualHosts."paperless.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};

15
modules/nixos/features/prowlarr.nix
View file

@ -1,26 +1,21 @@
{
lib,
...
}:
let
port = "5009";
port = 5009;
in
{
services = {
prowlarr = {
enable = true;
dataDir = "/srv/prowlarr";
settings.server.port = lib.toInt port;
settings.server = {
inherit port;
};
};
nginx = {
virtualHosts."prowlarr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
};

10
modules/nixos/features/qbittorrent.nix
View file

@ -1,15 +1,11 @@
{
lib,
...
}:
let
port = "5005";
port = 5005;
in
{
services = {
qbittorrent = {
enable = true;
webuiPort = lib.toInt port;
webuiPort = port;
profileDir = "/srv";
group = "media";
extraArgs = [
@ -20,7 +16,7 @@ in
nginx.virtualHosts."qbittorrent.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};

12
modules/nixos/features/radarr.nix
View file

@ -1,23 +1,21 @@
{
lib,
...
}:
let
port = "5007";
port = 5007;
in
{
services = {
radarr = {
enable = true;
dataDir = "/srv/radarr";
settings.server.port = lib.toInt port;
settings.server = {
inherit port;
};
group = "media";
};
nginx.virtualHosts."radarr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
}

8
modules/nixos/features/radicale.nix
View file

@ -3,7 +3,7 @@
...
}:
let
port = "5003";
port = 5003;
in
{
services = {
@ -12,8 +12,8 @@ in
settings = {
server = {
hosts = [
"0.0.0.0:${port}"
"[::]:${port}"
"0.0.0.0:${toString port}"
"[::]:${toString port}"
];
};
auth = {
@ -30,7 +30,7 @@ in
nginx.virtualHosts."radicale.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};

33
modules/nixos/features/readarr.nix Normal file
View file

@ -0,0 +1,33 @@
let
port = 5016;
in
{
services = {
readarr = {
enable = true;
dataDir = "/srv/readarr";
settings.server = {
inherit port;
};
group = "media";
};
# borgmatic.settings = {
# source_directories = [ ];
# postgresql_databases = [
# {
# name = "readarr";
# hostname = "localhost";
# username = "root";
# password = "{credential systemd borgmatic-pg}";
# }
# ];
# };
nginx.virtualHosts."readarr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
}

12
modules/nixos/features/sonarr.nix
View file

@ -1,23 +1,21 @@
{
lib,
...
}:
let
port = "5006";
port = 5006;
in
{
services = {
sonarr = {
enable = true;
dataDir = "/srv/sonarr";
settings.server.port = lib.toInt port;
settings.server = {
inherit port;
};
group = "media";
};
nginx.virtualHosts."sonarr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
}

6
modules/nixos/features/syncthing.nix
View file

@ -4,7 +4,7 @@
...
}:
let
port = "5008";
port = 5008;
devicesList = [
# keep-sorted start block=yes
{
@ -45,7 +45,7 @@ in
services = {
syncthing = {
enable = true;
guiAddress = "0.0.0.0:${port}";
guiAddress = "0.0.0.0:${toString port}";
openDefaultPorts = true;
user = "${userName}";
dataDir = "/home/${userName}";
@ -69,7 +69,7 @@ in
nginx.virtualHosts."syncthing.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
}

6
modules/nixos/features/vaultwarden.nix
View file

@ -3,7 +3,7 @@
...
}:
let
port = "5001";
port = 5001;
in
{
services = {
@ -11,7 +11,7 @@ in
enable = true;
backupDir = "/srv/vaultwarden";
config = {
rocketPort = "${port}";
rocketPort = toString port;
domain = "https://vaultwarden.fi33.buzz";
signupsAllowed = false;
invitationsAllowed = false;
@ -26,7 +26,7 @@ in
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
proxyPass = "http://localhost:${toString port}";
proxyWebsockets = true;
};
};

4
modules/templates/web-feature.nix
View file

@ -1,5 +1,5 @@
let
port = "port";
port = 0000;
in
{
services = {
@ -22,7 +22,7 @@ in
nginx.virtualHosts."feature.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
};
};
}

BIN
secrets/kavita-api.age Normal file
View file

Binary file not shown.

BIN
secrets/kavita.age Normal file
View file

Binary file not shown.

10
secrets/readarr.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ qeJ25W5TGvWY8xc1I5sjjtP/98nGqoRMIFk6xLIbmi8
RhUcEjz6mFp6uNVOpOgg6fPyL2cyrZH1ZWJTrax2xOE
-> ssh-ed25519 7+xRyQ jhJX/0+ZO+teoM2rUmdyFuI9V+tMe5kQaaHQFxwBGSU
fJmXSc/c3lth0cQgx8p/7G0WrnfgioSs8OcRa56B2s0
-> ssh-ed25519 LtK9yQ UH9T6lRLG0pi0P84B9Zs/22nCKAoOAwL6KAmj+536U4
h2DEqoPLgFqmVZOk/RhAIuifCexqt3ZFsIsCDm5KI3M
--- 6FY4tnGR8EIQyCWc3Xa3t8EqwcynoORmZqsp9zWUzZM
õ¡ˆÇ<6E>Æ]Z0ñŽ—råTƒªÞi:EÇE!<21>ð™ 
uB{4cüà£fùvÖÞŸÜKÌj^2/`<60>¼

3
secrets/secrets.nix
View file

@ -20,6 +20,8 @@ in
"copyparty-will.age".publicKeys = users;
"immich.age".publicKeys = users;
"jellyfin.age".publicKeys = users;
"kavita-api.age".publicKeys = users;
"kavita.age".publicKeys = users;
"lidarr.age".publicKeys = users;
"miniflux-creds.age".publicKeys = users;
"paperless.age".publicKeys = users;
@ -30,6 +32,7 @@ in
"prowlarr.age".publicKeys = users;
"radarr.age".publicKeys = users;
"radicale.age".publicKeys = users;
"readarr.age".publicKeys = users;
"sonarr.age".publicKeys = users;
"vaultwarden-admin.age".publicKeys = users;
# keep-sorted end