From d893750c097e269f973696adc6caf9ecde405968 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 20 Oct 2025 14:33:52 +1100 Subject: [PATCH 001/126] feat: configure zen browser to use vertical tab bar on the right --- modules/home-manager/features/zen-browser.nix | 121 +++++++++--------- 1 file changed, 64 insertions(+), 57 deletions(-) diff --git a/modules/home-manager/features/zen-browser.nix b/modules/home-manager/features/zen-browser.nix index cdfdbc0..0e50f28 100644 --- a/modules/home-manager/features/zen-browser.nix +++ b/modules/home-manager/features/zen-browser.nix @@ -8,64 +8,71 @@ let in { config = lib.mkIf config.${feature}.enable { - programs.zen-browser = { - enable = true; - policies = - let - mkLockedAttrs = builtins.mapAttrs ( - _: value: { - Value = value; - Status = "locked"; - } - ); - mkExtensionSettings = builtins.mapAttrs ( - _: pluginId: { - install_url = "https://addons.mozilla.org/firefox/downloads/latest/${pluginId}/latest.xpi"; - installation_mode = "force_installed"; - } - ); - in - { - # keep-sorted start block=yes - AutofillCreditCardEnabled = false; - EnableTrackingProtection = { - Value = true; - Category = "strict"; - }; - ExtensionSettings = mkExtensionSettings { - "uBlock0@raymondhill.net" = "ublock-origin"; - "{446900e4-71c2-419f-a6a7-df9c091e268b}" = "bitwarden-password-manager"; - "sponsorBlocker@ajay.app" = "sponsor-block"; - "{762f9885-5a13-4abd-9c77-433dcd38b8fd}" = "return-youtube-dislikes"; - "deArrow@ajay.app" = "dearrow"; - }; - HttpsOnlyMode = "enabled"; - NoDefaultBookmarks = true; - OfferToSaveLogins = false; - Preferences = mkLockedAttrs { - "intl.accept_languages" = "en-AU,en-GB,en-US,en"; - "general.autoScroll" = true; - # disable google safebrowsing - "browser.safebrowsing.malware.enabled" = false; - "browser.safebrowsing.phishing.enabled" = false; - "browser.warnOnQuit" = false; - "browser.tabs.warnOnClose" = false; - # continue where you left off - "browser.startup.page" = 3; - }; - RequestedLocales = [ - "en-AU" - "en-GB" - "en-US" - ]; - SearchEngines = { - Default = "duckduckgo"; - DefaultPrivate = "duckduckgo"; - }; - SearchSuggestEnabled = true; - # keep-sorted end + programs.zen-browser = + let + profileName = "fmnikwnj.Default Profile"; + in + { + enable = true; + profiles.${profileName}.settings = { + zen.tabs.vertical.right-side = true; }; - }; + policies = + let + mkLockedAttrs = builtins.mapAttrs ( + _: value: { + Value = value; + Status = "locked"; + } + ); + mkExtensionSettings = builtins.mapAttrs ( + _: pluginId: { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/${pluginId}/latest.xpi"; + installation_mode = "force_installed"; + } + ); + in + { + # keep-sorted start block=yes + AutofillCreditCardEnabled = false; + EnableTrackingProtection = { + Value = true; + Category = "strict"; + }; + ExtensionSettings = mkExtensionSettings { + "uBlock0@raymondhill.net" = "ublock-origin"; + "{446900e4-71c2-419f-a6a7-df9c091e268b}" = "bitwarden-password-manager"; + "sponsorBlocker@ajay.app" = "sponsor-block"; + "{762f9885-5a13-4abd-9c77-433dcd38b8fd}" = "return-youtube-dislikes"; + "deArrow@ajay.app" = "dearrow"; + }; + HttpsOnlyMode = "enabled"; + NoDefaultBookmarks = true; + OfferToSaveLogins = false; + Preferences = mkLockedAttrs { + "intl.accept_languages" = "en-AU,en-GB,en-US,en"; + "general.autoScroll" = true; + # disable google safebrowsing + "browser.safebrowsing.malware.enabled" = false; + "browser.safebrowsing.phishing.enabled" = false; + "browser.warnOnQuit" = false; + "browser.tabs.warnOnClose" = false; + # continue where you left off + "browser.startup.page" = 3; + }; + RequestedLocales = [ + "en-AU" + "en-GB" + "en-US" + ]; + SearchEngines = { + Default = "duckduckgo"; + DefaultPrivate = "duckduckgo"; + }; + SearchSuggestEnabled = true; + # keep-sorted end + }; + }; }; options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; From 41eaa38d31b04532741177e8290aa8595e2b2fad Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 01:22:05 +1100 Subject: [PATCH 002/126] refactor: switch from modules to import arrays --- flake.nix | 17 +- hosts/desktop/configuration.nix | 35 +- hosts/desktop/home.nix | 22 +- hosts/laptop/configuration.nix | 32 +- hosts/laptop/home.nix | 22 +- hosts/server/configuration.nix | 26 +- hosts/server/home.nix | 4 +- modules/home-manager/bundles/desktop.nix | 26 +- modules/home-manager/bundles/dev.nix | 18 +- modules/home-manager/default.nix | 38 +- modules/home-manager/features/aerc.nix | 106 ++-- modules/home-manager/features/agenix.nix | 10 +- modules/home-manager/features/bat.nix | 22 +- modules/home-manager/features/direnv.nix | 12 +- modules/home-manager/features/espanso.nix | 20 +- modules/home-manager/features/eza.nix | 552 +++++++++--------- modules/home-manager/features/fish.nix | 119 ++-- modules/home-manager/features/gh.nix | 24 +- modules/home-manager/features/git.nix | 78 ++- modules/home-manager/features/kitty.nix | 37 +- modules/home-manager/features/mail.nix | 100 ++-- modules/home-manager/features/obsidian.nix | 228 ++++---- modules/home-manager/features/starship.nix | 22 +- modules/home-manager/features/yazi.nix | 43 +- modules/home-manager/features/zed-editor.nix | 164 +++--- modules/home-manager/features/zellij.nix | 26 +- modules/home-manager/features/zen-browser.nix | 140 ++--- modules/home-manager/features/zoxide.nix | 26 +- modules/nixos/bundles/desktop.nix | 44 +- modules/nixos/bundles/dev.nix | 30 +- modules/nixos/bundles/server.nix | 52 +- modules/nixos/default.nix | 38 +- modules/nixos/features/agenix.nix | 15 +- modules/nixos/features/amd-gpu.nix | 24 +- modules/nixos/features/borgmatic.nix | 153 +++-- modules/nixos/features/copyparty.nix | 76 +-- modules/nixos/features/couchdb.nix | 77 +-- modules/nixos/features/external-speakers.nix | 18 +- modules/nixos/features/flaresolverr.nix | 31 +- modules/nixos/features/fonts.nix | 19 +- modules/nixos/features/gaming.nix | 57 +- modules/nixos/features/gnome.nix | 93 ++- modules/nixos/features/homepage-dashboard.nix | 492 ++++++++-------- modules/nixos/features/immich.nix | 53 +- modules/nixos/features/intel-gpu.nix | 37 +- modules/nixos/features/jellyfin.nix | 40 +- modules/nixos/features/lidarr.nix | 35 +- modules/nixos/features/link2c.nix | 18 +- modules/nixos/features/localisation.nix | 24 +- modules/nixos/features/miniflux.nix | 60 +- modules/nixos/features/network.nix | 17 +- modules/nixos/features/nginx.nix | 63 +- modules/nixos/features/nh.nix | 17 +- modules/nixos/features/nix-settings.nix | 50 +- modules/nixos/features/nixpkgs.nix | 12 +- modules/nixos/features/nixvim.nix | 171 +++--- modules/nixos/features/ntfy-sh.nix | 42 +- modules/nixos/features/paperless.nix | 69 +-- modules/nixos/features/pipewire.nix | 22 +- modules/nixos/features/plasma.nix | 45 +- modules/nixos/features/print-and-scan.nix | 31 +- modules/nixos/features/protonmail-bridge.nix | 16 +- modules/nixos/features/prowlarr.nix | 34 +- modules/nixos/features/qbittorrent.nix | 47 +- modules/nixos/features/radarr.nix | 36 +- modules/nixos/features/sonarr.nix | 36 +- modules/nixos/features/syncthing.nix | 71 +-- modules/nixos/features/systemd-boot.nix | 14 +- modules/nixos/features/tailscale.nix | 24 +- modules/nixos/features/tlp.nix | 38 +- modules/nixos/features/vaultwarden.nix | 44 +- modules/templates/bundle.nix | 9 + modules/templates/feature.nix | 11 - modules/templates/web-feature.nix | 34 +- util.nix | 3 + 75 files changed, 1870 insertions(+), 2541 deletions(-) create mode 100644 modules/templates/bundle.nix create mode 100644 util.nix diff --git a/flake.nix b/flake.nix index fe19135..9cb806e 100644 --- a/flake.nix +++ b/flake.nix @@ -39,6 +39,9 @@ userName ? "will", system ? "x86_64-linux", }: + let + util = import ./util.nix; + in nixpkgs.lib.nixosSystem { modules = [ ./hosts/${hostName}/configuration.nix @@ -52,8 +55,7 @@ ]; backupFileExtension = "backup"; extraSpecialArgs = { - inherit userName; - inherit hostName; + inherit userName hostName util; }; useGlobalPkgs = true; useUserPackages = true; @@ -61,10 +63,13 @@ } ]; specialArgs = { - inherit inputs; - inherit hostName; - inherit userName; - inherit system; + inherit + inputs + hostName + userName + system + util + ; }; inherit system; }; diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index dc40017..80046ef 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -1,25 +1,32 @@ { + # keep-sorted start userName, + util, + # keep-sorted end ... }: { imports = [ + # keep-sorted start ../../modules/nixos/default.nix ./hardware-configuration.nix - ]; - - # reusable modules - - # keep-sorted start - amd-gpu.enable = true; - desktop.enable = true; - dev.enable = true; - external-speakers.enable = true; - gaming.enable = true; - link2c.enable = true; - plasma.enable = true; - # keep-sorted end - # config + # keep-sorted end + ] + ++ (util.toImports ../../modules/nixos/features [ + # keep-sorted start + "amd-gpu" + "external-speakers" + "gaming" + "link2c" + "plasma" + # keep-sorted end + ]) + ++ (util.toImports ../../modules/nixos/bundles [ + # keep-sorted start + "desktop" + "dev" + # keep-sorted end + ]); boot.initrd.luks.devices."luks-b164af31-c1c3-4b4e-83c8-eb39802c2027".device = "/dev/disk/by-uuid/b164af31-c1c3-4b4e-83c8-eb39802c2027"; diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index 975855a..67a1c36 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -1,18 +1,20 @@ { + # keep-sorted start userName, + util, + # keep-sorted end ... }: { - imports = [ ../../modules/home-manager/default.nix ]; - - # reusable modules - - # keep-sorted start - desktop.enable = true; - dev.enable = true; - # keep-sorted end - - # config + imports = [ + ../../modules/home-manager/default.nix + ] + ++ (util.toImports ../../modules/home-manager/bundles [ + # keep-sorted start + "desktop" + "dev" + # keep-sorted end + ]); age.secrets."protonmail-desktop-password".file = ../../secrets/protonmail-desktop-password.age; diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 3247261..d85226d 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -1,24 +1,30 @@ { + # keep-sorted start userName, + util, + # keep-sorted end ... }: { imports = [ + # keep-sorted start ../../modules/nixos/default.nix ./hardware-configuration.nix - ]; - - # reusable modules - - # keep-sorted start - amd-gpu.enable = true; - desktop.enable = true; - dev.enable = true; - gnome.enable = true; - tlp.enable = true; - # keep-sorted end - - # config + # keep-sorted end + ] + ++ (util.toImports ../../modules/nixos/features [ + # keep-sorted start + "amd-gpu" + "gnome" + "tlp" + # keep-sorted end + ]) + ++ (util.toImports ../../modules/nixos/bundles [ + # keep-sorted start + "desktop" + "dev" + # keep-sorted end + ]); boot.initrd.luks.devices."luks-a7726a9d-535f-44bc-9c0e-adc501fad371".device = "/dev/disk/by-uuid/a7726a9d-535f-44bc-9c0e-adc501fad371"; diff --git a/hosts/laptop/home.nix b/hosts/laptop/home.nix index 50f5ec5..2fc7f29 100644 --- a/hosts/laptop/home.nix +++ b/hosts/laptop/home.nix @@ -1,18 +1,20 @@ { + # keep-sorted start userName, + util, + # keep-sorted end ... }: { - imports = [ ../../modules/home-manager/default.nix ]; - - # reusable modules - - # keep-sorted start - desktop.enable = true; - dev.enable = true; - # keep-sorted end - - # config + imports = [ + ../../modules/home-manager/default.nix + ] + ++ (util.toImports ../../modules/home-manager/bundles [ + # keep-sorted start + "desktop" + "dev" + # keep-sorted end + ]); age.secrets."protonmail-laptop-password".file = ../../secrets/protonmail-laptop-password.age; diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 98ffeda..0311fe3 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -1,23 +1,27 @@ { + # keep-sorted start hostName, userName, + util, + # keep-sorted end ... }: { imports = [ + # keep-sorted start ../../modules/nixos/default.nix ./hardware-configuration.nix - ]; - - # reusable modules - - # keep-sorted start - borgmatic.enable = true; - intel-gpu.enable = true; - server.enable = true; - # keep-sorted end - - # config + # keep-sorted end + ] + ++ (util.toImports ../../modules/nixos/features [ + # keep-sorted start + "borgmatic" + "intel-gpu" + # keep-sorted end + ]) + ++ (util.toImports ../../modules/nixos/bundles [ + "server" + ]); networking.hostName = "${hostName}"; diff --git a/hosts/server/home.nix b/hosts/server/home.nix index 605d749..f233ffe 100644 --- a/hosts/server/home.nix +++ b/hosts/server/home.nix @@ -3,7 +3,9 @@ ... }: { - imports = [ ../../modules/home-manager/default.nix ]; + imports = [ + ../../modules/home-manager/default.nix + ]; home = { username = "${userName}"; diff --git a/modules/home-manager/bundles/desktop.nix b/modules/home-manager/bundles/desktop.nix index 6b2c63e..0867706 100644 --- a/modules/home-manager/bundles/desktop.nix +++ b/modules/home-manager/bundles/desktop.nix @@ -1,24 +1,16 @@ { - config, - lib, + util, ... }: -let - feature = "desktop"; -in { - config = lib.mkIf config.${feature}.enable { + imports = util.toImports ../features [ # keep-sorted start - aerc.enable = true; - kitty.enable = true; - mail.enable = true; - obsidian.enable = true; - zellij.enable = true; - zen-browser.enable = true; + "aerc" + "kitty" + "mail" + "obsidian" + "zellij" + "zen-browser" # keep-sorted end - }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + ]; } diff --git a/modules/home-manager/bundles/dev.nix b/modules/home-manager/bundles/dev.nix index bb6638a..817db50 100644 --- a/modules/home-manager/bundles/dev.nix +++ b/modules/home-manager/bundles/dev.nix @@ -1,19 +1,9 @@ { - config, - lib, + util, ... }: -let - feature = "dev"; -in { - config = lib.mkIf config.${feature}.enable { - # keep-sorted start - zed-editor.enable = lib.mkDefault true; - # keep-sorted end - }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + imports = util.toImports ../features [ + "zed-editor" + ]; } diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index a43c364..38bf1f1 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -1,22 +1,20 @@ -{ lib, ... }: -let - featureBundler = - featuresDir: - map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir)); -in { - imports = (featureBundler ./bundles) ++ (featureBundler ./features); - - # keep-sorted start - agenix.enable = lib.mkDefault true; - bat.enable = lib.mkDefault true; - direnv.enable = lib.mkDefault true; - eza.enable = lib.mkDefault true; - fish.enable = lib.mkDefault true; - gh.enable = lib.mkDefault true; - git.enable = lib.mkDefault true; - starship.enable = lib.mkDefault true; - yazi.enable = lib.mkDefault true; - zoxide.enable = lib.mkDefault true; - # keep-sorted end + util, + ... +}: +{ + imports = util.toImports ./features [ + # keep-sorted start + "agenix" + "bat" + "direnv" + "eza" + "fish" + "gh" + "git" + "starship" + "yazi" + "zoxide" + # keep-sorted end + ]; } diff --git a/modules/home-manager/features/aerc.nix b/modules/home-manager/features/aerc.nix index 94559dc..e7a783d 100644 --- a/modules/home-manager/features/aerc.nix +++ b/modules/home-manager/features/aerc.nix @@ -1,67 +1,53 @@ { - config, - lib, - ... -}: -let - feature = "aerc"; -in -{ - config = lib.mkIf config.${feature}.enable { - accounts.email.accounts.personal.aerc.enable = true; - programs.aerc = { - enable = true; - extraAccounts.personal = { - default = "INBOX"; - folders-sort = "INBOX, Starred, Drafts, Sent, Trash, Archive, Spam"; + accounts.email.accounts.personal.aerc.enable = true; + programs.aerc = { + enable = true; + extraAccounts.personal = { + default = "INBOX"; + folders-sort = "INBOX, Starred, Drafts, Sent, Trash, Archive, Spam"; + }; + extraConfig = { + general.unsafe-accounts-conf = true; + filters = { + "text/plain" = "colorize"; + "text/calendar" = "calendar | colorize"; + "text/html" = "html | colorize"; }; - extraConfig = { - general.unsafe-accounts-conf = true; - filters = { - "text/plain" = "colorize"; - "text/calendar" = "calendar | colorize"; - "text/html" = "html | colorize"; - }; - ui = { - styleset-name = "catppuccin-mocha"; - sort = "-r date"; - }; + ui = { + styleset-name = "catppuccin-mocha"; + sort = "-r date"; }; - stylesets = { - catppuccin-mocha = { - "*.default" = true; - "*.normal" = true; - "default.fg" = "#cdd6f4"; - "error.fg" = "#f38ba8"; - "warning.fg" = "#fab387"; - "success.fg" = "#a6e3a1"; - "tab.fg" = "#6c7086"; - "tab.bg" = "#181825"; - "tab.selected.fg" = "#cdd6f4"; - "tab.selected.bg" = "#1e1e2e"; - "tab.selected.bold" = true; - "border.fg" = "#11111b"; - "border.bold" = true; - "msglist_unread.bold" = true; - "msglist_flagged.fg" = "#f9e2af"; - "msglist_flagged.bold" = true; - "msglist_result.fg" = "#89b4fa"; - "msglist_result.bold" = true; - "msglist_*.selected.bold" = true; - "msglist_*.selected.bg" = "#313244"; - "dirlist_*.selected.bold" = true; - "dirlist_*.selected.bg" = "#313244"; - "statusline_default.fg" = "#9399b2"; - "statusline_default.bg" = "#313244"; - "statusline_error.bold" = true; - "statusline_success.bold" = true; - "completion_default.selected.bg" = "#313244"; - }; + }; + stylesets = { + catppuccin-mocha = { + "*.default" = true; + "*.normal" = true; + "default.fg" = "#cdd6f4"; + "error.fg" = "#f38ba8"; + "warning.fg" = "#fab387"; + "success.fg" = "#a6e3a1"; + "tab.fg" = "#6c7086"; + "tab.bg" = "#181825"; + "tab.selected.fg" = "#cdd6f4"; + "tab.selected.bg" = "#1e1e2e"; + "tab.selected.bold" = true; + "border.fg" = "#11111b"; + "border.bold" = true; + "msglist_unread.bold" = true; + "msglist_flagged.fg" = "#f9e2af"; + "msglist_flagged.bold" = true; + "msglist_result.fg" = "#89b4fa"; + "msglist_result.bold" = true; + "msglist_*.selected.bold" = true; + "msglist_*.selected.bg" = "#313244"; + "dirlist_*.selected.bold" = true; + "dirlist_*.selected.bg" = "#313244"; + "statusline_default.fg" = "#9399b2"; + "statusline_default.bg" = "#313244"; + "statusline_error.bold" = true; + "statusline_success.bold" = true; + "completion_default.selected.bg" = "#313244"; }; }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/agenix.nix b/modules/home-manager/features/agenix.nix index b74bd99..9bd6b9b 100644 --- a/modules/home-manager/features/agenix.nix +++ b/modules/home-manager/features/agenix.nix @@ -1,16 +1,8 @@ { - config, - lib, userName, ... }: -let - feature = "agenix"; -in { - config = lib.mkIf config.${feature}.enable { - age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ]; - }; + age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ]; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/bat.nix b/modules/home-manager/features/bat.nix index 30d5324..9326be1 100644 --- a/modules/home-manager/features/bat.nix +++ b/modules/home-manager/features/bat.nix @@ -1,22 +1,8 @@ { - config, - lib, - ... -}: -let - feature = "bat"; -in -{ - config = lib.mkIf config.${feature}.enable { - programs.bat = { - enable = true; - config = { - theme = "Dracula"; - }; + programs.bat = { + enable = true; + config = { + theme = "Dracula"; }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/direnv.nix b/modules/home-manager/features/direnv.nix index d3de702..636a9aa 100644 --- a/modules/home-manager/features/direnv.nix +++ b/modules/home-manager/features/direnv.nix @@ -1,13 +1,3 @@ { - config, - lib, - ... -}: -let - feature = "direnv"; -in -{ - config = lib.mkIf config.${feature}.enable { programs.direnv.enable = true; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + programs.direnv.enable = true; } diff --git a/modules/home-manager/features/espanso.nix b/modules/home-manager/features/espanso.nix index 1a05dd1..74279ae 100644 --- a/modules/home-manager/features/espanso.nix +++ b/modules/home-manager/features/espanso.nix @@ -1,20 +1,6 @@ { - config, - lib, - ... -}: -let - feature = "espanso"; -in -{ - config = lib.mkIf config.${feature}.enable { - services.espanso = { - enable = true; - configs = { }; - }; + services.espanso = { + enable = true; + configs = { }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/eza.nix b/modules/home-manager/features/eza.nix index 643ba8b..46fc91f 100644 --- a/modules/home-manager/features/eza.nix +++ b/modules/home-manager/features/eza.nix @@ -1,297 +1,283 @@ { - config, - lib, - ... -}: -let - feature = "eza"; -in -{ - config = lib.mkIf config.${feature}.enable { - programs.eza = { - enable = true; - extraOptions = [ - "--long" - "--header" - "--group-directories-first" - ]; - git = true; - icons = "always"; - theme = { - colourful = true; + programs.eza = { + enable = true; + extraOptions = [ + "--long" + "--header" + "--group-directories-first" + ]; + git = true; + icons = "always"; + theme = { + colourful = true; - filekinds = { - normal = { - foreground = "#BAC2DE"; - }; - directory = { - foreground = "#89B4FA"; - }; - symlink = { - foreground = "#89DCEB"; - }; - pipe = { - foreground = "#7F849C"; - }; - block_device = { - foreground = "#EBA0AC"; - }; - char_device = { - foreground = "#EBA0AC"; - }; - socket = { - foreground = "#585B70"; - }; - special = { - foreground = "#CBA6F7"; - }; - executable = { - foreground = "#A6E3A1"; - }; - mount_point = { - foreground = "#74C7EC"; - }; + filekinds = { + normal = { + foreground = "#BAC2DE"; }; - - perms = { - user_read = { - foreground = "#CDD6F4"; - }; - user_write = { - foreground = "#F9E2AF"; - }; - user_execute_file = { - foreground = "#A6E3A1"; - }; - user_execute_other = { - foreground = "#A6E3A1"; - }; - group_read = { - foreground = "#BAC2DE"; - }; - group_write = { - foreground = "#F9E2AF"; - }; - group_execute = { - foreground = "#A6E3A1"; - }; - other_read = { - foreground = "#A6ADC8"; - }; - other_write = { - foreground = "#F9E2AF"; - }; - other_execute = { - foreground = "#A6E3A1"; - }; - special_user_file = { - foreground = "#CBA6F7"; - }; - special_other = { - foreground = "#585B70"; - }; - attribute = { - foreground = "#A6ADC8"; - }; + directory = { + foreground = "#89B4FA"; }; - - size = { - major = { - foreground = "#A6ADC8"; - }; - minor = { - foreground = "#89DCEB"; - }; - number_byte = { - foreground = "#CDD6F4"; - }; - number_kilo = { - foreground = "#BAC2DE"; - }; - number_mega = { - foreground = "#89B4FA"; - }; - number_giga = { - foreground = "#CBA6F7"; - }; - number_huge = { - foreground = "#CBA6F7"; - }; - unit_byte = { - foreground = "#A6ADC8"; - }; - unit_kilo = { - foreground = "#89B4FA"; - }; - unit_mega = { - foreground = "#CBA6F7"; - }; - unit_giga = { - foreground = "#CBA6F7"; - }; - unit_huge = { - foreground = "#74C7EC"; - }; - }; - - users = { - user_you = { - foreground = "#CDD6F4"; - }; - user_root = { - foreground = "#F38BA8"; - }; - user_other = { - foreground = "#CBA6F7"; - }; - group_yours = { - foreground = "#BAC2DE"; - }; - group_other = { - foreground = "#7F849C"; - }; - group_root = { - foreground = "#F38BA8"; - }; - - }; - links = { - normal = { - foreground = "#89DCEB"; - }; - multi_link_file = { - foreground = "#74C7EC"; - }; - }; - - git = { - new = { - foreground = "#A6E3A1"; - }; - modified = { - foreground = "#F9E2AF"; - }; - deleted = { - foreground = "#F38BA8"; - }; - renamed = { - foreground = "#94E2D5"; - }; - typechange = { - foreground = "#F5C2E7"; - }; - ignored = { - foreground = "#7F849C"; - }; - conflicted = { - foreground = "#EBA0AC"; - }; - }; - git_repo = { - branch_main = { - foreground = "#CDD6F4"; - }; - branch_other = { - foreground = "#CBA6F7"; - }; - git_clean = { - foreground = "#A6E3A1"; - }; - git_dirty = { - foreground = "#F38BA8"; - }; - }; - security_context = { - colon = { - foreground = "#7F849C"; - }; - user = { - foreground = "#BAC2DE"; - }; - role = { - foreground = "#CBA6F7"; - }; - typ = { - foreground = "#585B70"; - }; - range = { - foreground = "#CBA6F7"; - }; - }; - file_type = { - image = { - foreground = "#F9E2AF"; - }; - video = { - foreground = "#F38BA8"; - }; - music = { - foreground = "#A6E3A1"; - }; - lossless = { - foreground = "#94E2D5"; - }; - crypto = { - foreground = "#585B70"; - }; - document = { - foreground = "#CDD6F4"; - }; - compressed = { - foreground = "#F5C2E7"; - }; - temp = { - foreground = "#EBA0AC"; - }; - compiled = { - foreground = "#74C7EC"; - }; - build = { - foreground = "#585B70"; - }; - source = { - foreground = "#89B4FA"; - }; - }; - punctuation = { - foreground = "#7F849C"; - }; - date = { - foreground = "#F9E2AF"; - }; - inode = { - foreground = "#A6ADC8"; - }; - blocks = { - foreground = "#9399B2"; - }; - header = { - foreground = "#CDD6F4"; - }; - octal = { - foreground = "#94E2D5"; - }; - flags = { - foreground = "#CBA6F7"; - }; - - symlink_path = { + symlink = { foreground = "#89DCEB"; }; - control_char = { - foreground = "#74C7EC"; + pipe = { + foreground = "#7F849C"; }; - broken_symlink = { - foreground = "#F38BA8"; + block_device = { + foreground = "#EBA0AC"; }; - broken_path_overlay = { + char_device = { + foreground = "#EBA0AC"; + }; + socket = { foreground = "#585B70"; }; + special = { + foreground = "#CBA6F7"; + }; + executable = { + foreground = "#A6E3A1"; + }; + mount_point = { + foreground = "#74C7EC"; + }; + }; + + perms = { + user_read = { + foreground = "#CDD6F4"; + }; + user_write = { + foreground = "#F9E2AF"; + }; + user_execute_file = { + foreground = "#A6E3A1"; + }; + user_execute_other = { + foreground = "#A6E3A1"; + }; + group_read = { + foreground = "#BAC2DE"; + }; + group_write = { + foreground = "#F9E2AF"; + }; + group_execute = { + foreground = "#A6E3A1"; + }; + other_read = { + foreground = "#A6ADC8"; + }; + other_write = { + foreground = "#F9E2AF"; + }; + other_execute = { + foreground = "#A6E3A1"; + }; + special_user_file = { + foreground = "#CBA6F7"; + }; + special_other = { + foreground = "#585B70"; + }; + attribute = { + foreground = "#A6ADC8"; + }; + }; + + size = { + major = { + foreground = "#A6ADC8"; + }; + minor = { + foreground = "#89DCEB"; + }; + number_byte = { + foreground = "#CDD6F4"; + }; + number_kilo = { + foreground = "#BAC2DE"; + }; + number_mega = { + foreground = "#89B4FA"; + }; + number_giga = { + foreground = "#CBA6F7"; + }; + number_huge = { + foreground = "#CBA6F7"; + }; + unit_byte = { + foreground = "#A6ADC8"; + }; + unit_kilo = { + foreground = "#89B4FA"; + }; + unit_mega = { + foreground = "#CBA6F7"; + }; + unit_giga = { + foreground = "#CBA6F7"; + }; + unit_huge = { + foreground = "#74C7EC"; + }; + }; + + users = { + user_you = { + foreground = "#CDD6F4"; + }; + user_root = { + foreground = "#F38BA8"; + }; + user_other = { + foreground = "#CBA6F7"; + }; + group_yours = { + foreground = "#BAC2DE"; + }; + group_other = { + foreground = "#7F849C"; + }; + group_root = { + foreground = "#F38BA8"; + }; + + }; + links = { + normal = { + foreground = "#89DCEB"; + }; + multi_link_file = { + foreground = "#74C7EC"; + }; + }; + + git = { + new = { + foreground = "#A6E3A1"; + }; + modified = { + foreground = "#F9E2AF"; + }; + deleted = { + foreground = "#F38BA8"; + }; + renamed = { + foreground = "#94E2D5"; + }; + typechange = { + foreground = "#F5C2E7"; + }; + ignored = { + foreground = "#7F849C"; + }; + conflicted = { + foreground = "#EBA0AC"; + }; + }; + git_repo = { + branch_main = { + foreground = "#CDD6F4"; + }; + branch_other = { + foreground = "#CBA6F7"; + }; + git_clean = { + foreground = "#A6E3A1"; + }; + git_dirty = { + foreground = "#F38BA8"; + }; + }; + security_context = { + colon = { + foreground = "#7F849C"; + }; + user = { + foreground = "#BAC2DE"; + }; + role = { + foreground = "#CBA6F7"; + }; + typ = { + foreground = "#585B70"; + }; + range = { + foreground = "#CBA6F7"; + }; + }; + file_type = { + image = { + foreground = "#F9E2AF"; + }; + video = { + foreground = "#F38BA8"; + }; + music = { + foreground = "#A6E3A1"; + }; + lossless = { + foreground = "#94E2D5"; + }; + crypto = { + foreground = "#585B70"; + }; + document = { + foreground = "#CDD6F4"; + }; + compressed = { + foreground = "#F5C2E7"; + }; + temp = { + foreground = "#EBA0AC"; + }; + compiled = { + foreground = "#74C7EC"; + }; + build = { + foreground = "#585B70"; + }; + source = { + foreground = "#89B4FA"; + }; + }; + punctuation = { + foreground = "#7F849C"; + }; + date = { + foreground = "#F9E2AF"; + }; + inode = { + foreground = "#A6ADC8"; + }; + blocks = { + foreground = "#9399B2"; + }; + header = { + foreground = "#CDD6F4"; + }; + octal = { + foreground = "#94E2D5"; + }; + flags = { + foreground = "#CBA6F7"; + }; + + symlink_path = { + foreground = "#89DCEB"; + }; + control_char = { + foreground = "#74C7EC"; + }; + broken_symlink = { + foreground = "#F38BA8"; + }; + broken_path_overlay = { + foreground = "#585B70"; }; }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/fish.nix b/modules/home-manager/features/fish.nix index cb35659..8b38bbc 100644 --- a/modules/home-manager/features/fish.nix +++ b/modules/home-manager/features/fish.nix @@ -1,74 +1,63 @@ { - config, - lib, pkgs, ... }: -let - feature = "fish"; -in { - config = lib.mkIf config.${feature}.enable { - home.shell.enableFishIntegration = true; - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ''; - shellAliases = { - # keep-sorted start - cat = "bat"; - # cd = "j"; - cut = "choose"; - df = "duf"; - du = "dua"; - # find = "fd"; - g = "lazygit"; - l = "eza"; - la = "eza -a"; - ls = "eza"; - ns = "nh os switch"; - # curl = "xh"; - ping = "gping"; - ps = "procs"; - # sed = "sd"; - # grep = "rga"; - top = "btm"; - unzip = "ripunzip"; - vi = "nvim"; - vim = "nvim"; - # keep-sorted end - }; - plugins = [ - # INFO: Using this to get shell completion for programs added to the path through nix+direnv. - # Issue to upstream into direnv:Add commentMore actions - # https://github.com/direnv/direnv/issues/443 - { - name = "completion-sync"; - src = pkgs.fetchFromGitHub { - owner = "iynaix"; - repo = "fish-completion-sync"; - rev = "4f058ad2986727a5f510e757bc82cbbfca4596f0"; - sha256 = "sha256-kHpdCQdYcpvi9EFM/uZXv93mZqlk1zCi2DRhWaDyK5g="; - }; - } - ]; - }; - - # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell - programs.bash = { - enable = true; - initExtra = '' - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] - then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION - fi - ''; + home.shell.enableFishIntegration = true; + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ''; + shellAliases = { + # keep-sorted start + cat = "bat"; + # cd = "j"; + cut = "choose"; + df = "duf"; + du = "dua"; + # find = "fd"; + g = "lazygit"; + l = "eza"; + la = "eza -a"; + ls = "eza"; + ns = "nh os switch"; + # curl = "xh"; + ping = "gping"; + ps = "procs"; + # sed = "sd"; + # grep = "rga"; + top = "btm"; + unzip = "ripunzip"; + vi = "nvim"; + vim = "nvim"; + # keep-sorted end }; + plugins = [ + # INFO: Using this to get shell completion for programs added to the path through nix+direnv. + # Issue to upstream into direnv:Add commentMore actions + # https://github.com/direnv/direnv/issues/443 + { + name = "completion-sync"; + src = pkgs.fetchFromGitHub { + owner = "iynaix"; + repo = "fish-completion-sync"; + rev = "4f058ad2986727a5f510e757bc82cbbfca4596f0"; + sha256 = "sha256-kHpdCQdYcpvi9EFM/uZXv93mZqlk1zCi2DRhWaDyK5g="; + }; + } + ]; }; - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell + programs.bash = { + enable = true; + initExtra = '' + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + then + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + fi + ''; + }; } diff --git a/modules/home-manager/features/gh.nix b/modules/home-manager/features/gh.nix index 226dd9c..85a858c 100644 --- a/modules/home-manager/features/gh.nix +++ b/modules/home-manager/features/gh.nix @@ -1,23 +1,9 @@ { - config, - lib, - ... -}: -let - feature = "gh"; -in -{ - config = lib.mkIf config.${feature}.enable { - programs.gh = { - enable = true; - settings = { - git_protocol = "ssh"; - editor = "nvim"; - }; + programs.gh = { + enable = true; + settings = { + git_protocol = "ssh"; + editor = "nvim"; }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/git.nix b/modules/home-manager/features/git.nix index daed51d..ea1f4eb 100644 --- a/modules/home-manager/features/git.nix +++ b/modules/home-manager/features/git.nix @@ -1,56 +1,44 @@ { - config, - lib, - ... -}: -let - feature = "git"; -in -{ - config = lib.mkIf config.${feature}.enable { - programs.${feature} = { + programs.git = { + enable = true; + + delta = { enable = true; + options.theme = "Dracula"; + }; - delta = { - enable = true; - options.theme = "Dracula"; - }; + userName = "wi11-holdsworth"; + userEmail = "83637728+wi11-holdsworth@users.noreply.github.com"; - userName = "wi11-holdsworth"; - userEmail = "83637728+wi11-holdsworth@users.noreply.github.com"; + aliases = { + # keep-sorted start + a = "add"; + aa = "add ."; + ap = "add -p"; + c = "commit --verbose"; + ca = "commit -a --verbose"; + cam = "commit -a -m"; + cm = "commit -m"; + co = "checkout"; + cob = "checkout -b"; + d = "diff"; + dc = "diff --cached"; + ds = "diff --stat"; + m = "commit --amend --verbose"; + pl = "pull"; + ps = "push"; + s = "status -s"; + # keep-sorted end + }; - aliases = { - # keep-sorted start - a = "add"; - aa = "add ."; - ap = "add -p"; - c = "commit --verbose"; - ca = "commit -a --verbose"; - cam = "commit -a -m"; - cm = "commit -m"; - co = "checkout"; - cob = "checkout -b"; - d = "diff"; - dc = "diff --cached"; - ds = "diff --stat"; - m = "commit --amend --verbose"; - pl = "pull"; - ps = "push"; - s = "status -s"; - # keep-sorted end - }; + extraConfig = { + init.defaultBranch = "main"; - extraConfig = { - init.defaultBranch = "main"; + core.editor = "nvim"; - core.editor = "nvim"; + push.autoSetupRemote = true; - push.autoSetupRemote = true; - - pull.rebase = false; - }; + pull.rebase = false; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/kitty.nix b/modules/home-manager/features/kitty.nix index 5c4a317..574e777 100644 --- a/modules/home-manager/features/kitty.nix +++ b/modules/home-manager/features/kitty.nix @@ -1,32 +1,21 @@ { - config, - lib, pkgs, ... }: -let - feature = "kitty"; -in { - config = lib.mkIf config.${feature}.enable { - programs.kitty = { - enable = true; - enableGitIntegration = true; - font = { - package = pkgs.nerd-fonts.jetbrains-mono; - name = "JetBrainsMono Nerd Font"; - size = 13; - }; - themeFile = "Catppuccin-Mocha"; - settings = { - shell = "zellij -l welcome"; - remember_window_size = true; - confirm_os_window_close = 0; - }; + programs.kitty = { + enable = true; + enableGitIntegration = true; + font = { + package = pkgs.nerd-fonts.jetbrains-mono; + name = "JetBrainsMono Nerd Font"; + size = 13; + }; + themeFile = "Catppuccin-Mocha"; + settings = { + shell = "zellij -l welcome"; + remember_window_size = true; + confirm_os_window_close = 0; }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/mail.nix b/modules/home-manager/features/mail.nix index 5bf57cd..1690e81 100644 --- a/modules/home-manager/features/mail.nix +++ b/modules/home-manager/features/mail.nix @@ -1,62 +1,54 @@ { + # keep-sorted start config, - lib, hostName, + # keep-sorted end ... }: -let - feature = "mail"; -in { - config = lib.mkIf config.${feature}.enable { - accounts.email = - let - certificatesFile = config.age.secrets.protonmail-cert.path; - in - { - inherit certificatesFile; - accounts = - let - # keep-sorted start block=yes - address = "willholdsworth@pm.me"; - authentication = "login"; - host = "127.0.0.1"; - tls = { - enable = false; - useStartTls = true; - inherit certificatesFile; - }; - # keep-sorted end - in - { - personal = { - enable = true; - # keep-sorted start block=yes - imap = { - port = 1143; - inherit tls; - inherit authentication; - inherit host; - }; - inherit address; - passwordCommand = "cat ${config.age.secrets."protonmail-${hostName}-password".path}"; - primary = true; - realName = "Will Holdsworth"; - smtp = { - port = 1025; - inherit tls; - inherit authentication; - inherit host; - }; - userName = address; - # keep-sorted end - }; + accounts.email = + let + certificatesFile = config.age.secrets.protonmail-cert.path; + in + { + inherit certificatesFile; + accounts = + let + # keep-sorted start block=yes + address = "willholdsworth@pm.me"; + authentication = "login"; + host = "127.0.0.1"; + tls = { + enable = false; + useStartTls = true; + inherit certificatesFile; }; - }; - age.secrets."protonmail-cert".file = ../../../secrets/protonmail-cert.age; - }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + # keep-sorted end + in + { + personal = { + enable = true; + # keep-sorted start block=yes + imap = { + port = 1143; + inherit tls; + inherit authentication; + inherit host; + }; + inherit address; + passwordCommand = "cat ${config.age.secrets."protonmail-${hostName}-password".path}"; + primary = true; + realName = "Will Holdsworth"; + smtp = { + port = 1025; + inherit tls; + inherit authentication; + inherit host; + }; + userName = address; + # keep-sorted end + }; + }; + }; + age.secrets."protonmail-cert".file = ../../../secrets/protonmail-cert.age; } diff --git a/modules/home-manager/features/obsidian.nix b/modules/home-manager/features/obsidian.nix index 8384df1..2f07e05 100644 --- a/modules/home-manager/features/obsidian.nix +++ b/modules/home-manager/features/obsidian.nix @@ -1,126 +1,116 @@ -{ config, lib, ... }: -let - feature = "obsidian"; -in { - config = lib.mkIf config.${feature}.enable { - programs.obsidian = { - enable = true; - defaultSettings = { - app = { - tabSize = 2; - trashOption = "local"; - alwaysUpdateLinks = true; - attachmentFolderPath = "/"; - defaultViewMode = "preview"; - vimMode = true; - showLineNumber = true; - }; - appearance = { - monospaceFontFamily = "JetBrainsMono Nerd Font"; - interfaceFontFamily = "JetBrainsMono Nerd Font"; - textFontFamily = "JetBrainsMono Nerd Font"; - nativeMenus = false; - cssTheme = "Catppuccin"; - showRibbon = false; - }; - communityPlugins = [ - # keep-sorted start - "obsidian-editor-shortcuts" - "obsidian-excalidraw-plugin" - "obsidian-livesync" - "obsidian-relative-line-numbers" - "oz-clear-unused-images" - "pdf-plus" - "tag-wrangler" - "virtual-linker" - # keep-sorted end + programs.obsidian = { + enable = true; + defaultSettings = { + app = { + tabSize = 2; + trashOption = "local"; + alwaysUpdateLinks = true; + attachmentFolderPath = "/"; + defaultViewMode = "preview"; + vimMode = true; + showLineNumber = true; + }; + appearance = { + monospaceFontFamily = "JetBrainsMono Nerd Font"; + interfaceFontFamily = "JetBrainsMono Nerd Font"; + textFontFamily = "JetBrainsMono Nerd Font"; + nativeMenus = false; + cssTheme = "Catppuccin"; + showRibbon = false; + }; + communityPlugins = [ + # keep-sorted start + "obsidian-editor-shortcuts" + "obsidian-excalidraw-plugin" + "obsidian-livesync" + "obsidian-relative-line-numbers" + "oz-clear-unused-images" + "pdf-plus" + "tag-wrangler" + "virtual-linker" + # keep-sorted end + ]; + corePlugins = [ + # keep-sorted start + "backlink" + "bases" + "bookmarks" + "canvas" + "command-palette" + "daily-notes" + "editor-status" + "file-explorer" + "file-recovery" + "global-search" + "graph" + "markdown-importer" + "note-composer" + "outgoing-link" + "outline" + "page-preview" + "properties" + "random-note" + "slash-command" + "slides" + "switcher" + "tag-pane" + "templates" + "word-count" + "workspaces" + "zk-prefixer" + # keep-sorted end + ]; + hotkeys = { + "editor:swap-line-down" = [ + { + "modifiers" = [ "Alt" ]; + "key" = "ArrowDown"; + } ]; - corePlugins = [ - # keep-sorted start - "backlink" - "bases" - "bookmarks" - "canvas" - "command-palette" - "daily-notes" - "editor-status" - "file-explorer" - "file-recovery" - "global-search" - "graph" - "markdown-importer" - "note-composer" - "outgoing-link" - "outline" - "page-preview" - "properties" - "random-note" - "slash-command" - "slides" - "switcher" - "tag-pane" - "templates" - "word-count" - "workspaces" - "zk-prefixer" - # keep-sorted end + "editor:swap-line-up" = [ + { + "modifiers" = [ "Alt" ]; + "key" = "ArrowUp"; + } + ]; + "app:toggle-left-sidebar" = [ + { + "modifiers" = [ + "Mod" + "Shift" + ]; + "key" = "/"; + } + ]; + "app:toggle-right-sidebar" = [ + { + "modifiers" = [ + "Mod" + "Shift" + ]; + "key" = "\\"; + } + ]; + "window:reset-zoom" = [ + { + "modifiers" = [ "Mod" ]; + "key" = "0"; + } + ]; + "app:go-back" = [ + { + "modifiers" = [ "Alt" ]; + "key" = "ArrowLeft"; + } + ]; + "app:go-forward" = [ + { + "modifiers" = [ "Alt" ]; + "key" = "ArrowRight"; + } ]; - hotkeys = { - "editor:swap-line-down" = [ - { - "modifiers" = [ "Alt" ]; - "key" = "ArrowDown"; - } - ]; - "editor:swap-line-up" = [ - { - "modifiers" = [ "Alt" ]; - "key" = "ArrowUp"; - } - ]; - "app:toggle-left-sidebar" = [ - { - "modifiers" = [ - "Mod" - "Shift" - ]; - "key" = "/"; - } - ]; - "app:toggle-right-sidebar" = [ - { - "modifiers" = [ - "Mod" - "Shift" - ]; - "key" = "\\"; - } - ]; - "window:reset-zoom" = [ - { - "modifiers" = [ "Mod" ]; - "key" = "0"; - } - ]; - "app:go-back" = [ - { - "modifiers" = [ "Alt" ]; - "key" = "ArrowLeft"; - } - ]; - "app:go-forward" = [ - { - "modifiers" = [ "Alt" ]; - "key" = "ArrowRight"; - } - ]; - }; }; }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/starship.nix b/modules/home-manager/features/starship.nix index b998cfa..898e19c 100644 --- a/modules/home-manager/features/starship.nix +++ b/modules/home-manager/features/starship.nix @@ -1,21 +1,9 @@ { - config, - lib, - ... -}: -let - feature = "starship"; -in -{ - config = lib.mkIf config.${feature}.enable { - programs.starship = { - enable = true; - settings.character = { - success_symbol = "[%](bold green) "; - error_symbol = "[%](bold red) "; - }; + programs.starship = { + enable = true; + settings.character = { + success_symbol = "[%](bold green) "; + error_symbol = "[%](bold red) "; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/yazi.nix b/modules/home-manager/features/yazi.nix index ff00bce..ed4affc 100644 --- a/modules/home-manager/features/yazi.nix +++ b/modules/home-manager/features/yazi.nix @@ -1,35 +1,24 @@ { - config, - lib, pkgs, ... }: -let - feature = "yazi"; -in { - config = lib.mkIf config.${feature}.enable { - programs.yazi = { - enable = true; - plugins = { - # keep-sorted start - diff = pkgs.yaziPlugins.diff; - git = pkgs.yaziPlugins.git; - mediainfo = pkgs.yaziPlugins.mediainfo; - mount = pkgs.yaziPlugins.mount; - ouch = pkgs.yaziPlugins.ouch; - relative-motions = pkgs.yaziPlugins.relative-motions; - restore = pkgs.yaziPlugins.restore; - rich-preview = pkgs.yaziPlugins.rich-preview; - starship = pkgs.yaziPlugins.starship; - vcs-files = pkgs.yaziPlugins.vcs-files; - yatline-githead = pkgs.yaziPlugins.yatline-githead; - # keep-sorted end - }; + programs.yazi = { + enable = true; + plugins = { + # keep-sorted start + diff = pkgs.yaziPlugins.diff; + git = pkgs.yaziPlugins.git; + mediainfo = pkgs.yaziPlugins.mediainfo; + mount = pkgs.yaziPlugins.mount; + ouch = pkgs.yaziPlugins.ouch; + relative-motions = pkgs.yaziPlugins.relative-motions; + restore = pkgs.yaziPlugins.restore; + rich-preview = pkgs.yaziPlugins.rich-preview; + starship = pkgs.yaziPlugins.starship; + vcs-files = pkgs.yaziPlugins.vcs-files; + yatline-githead = pkgs.yaziPlugins.yatline-githead; + # keep-sorted end }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/zed-editor.nix b/modules/home-manager/features/zed-editor.nix index 3271284..4224e3c 100644 --- a/modules/home-manager/features/zed-editor.nix +++ b/modules/home-manager/features/zed-editor.nix @@ -1,97 +1,89 @@ { - config, + # keep-sorted start lib, pkgs, + # keep-sorted end ... }: -let - feature = "zed-editor"; -in { - config = lib.mkIf config.${feature}.enable { - programs.zed-editor = { - enable = true; - package = pkgs.zed-editor-fhs; - extensions = [ - # keep-sorted start - "catppuccin" - "catppuccin-icons" - "codebook" - "emmet" - "git-firefly" - "haskell" - "html" - "nix" - # keep-sorted end - ]; - extraPackages = with pkgs; [ - # keep-sorted start - haskell-language-server - nil - nixd - package-version-server - rust-analyzer - # keep-sorted end - ]; - installRemoteServer = true; - userSettings = { - # keep-sorted start block=yes - base_keymap = "VSCode"; - buffer_font_family = "JetBrainsMono Nerd Font"; - buffer_font_size = 15; - disable_ai = true; - icon_theme = "Catppuccin Mocha"; - inlay_hints = { - enabled = true; - show_value_hints = true; - show_type_hints = true; - show_parameter_hints = true; - show_other_hints = true; - show_background = false; - edit_debounce_ms = 700; - scroll_debounce_ms = 50; - toggle_on_modifiers_press = { - control = false; - alt = false; - shift = false; - platform = false; - function = false; - }; + programs.zed-editor = { + enable = true; + package = pkgs.zed-editor-fhs; + extensions = [ + # keep-sorted start + "catppuccin" + "catppuccin-icons" + "codebook" + "emmet" + "git-firefly" + "haskell" + "html" + "nix" + # keep-sorted end + ]; + extraPackages = with pkgs; [ + # keep-sorted start + haskell-language-server + nil + nixd + package-version-server + rust-analyzer + # keep-sorted end + ]; + installRemoteServer = true; + userSettings = { + # keep-sorted start block=yes + base_keymap = "VSCode"; + buffer_font_family = "JetBrainsMono Nerd Font"; + buffer_font_size = 15; + disable_ai = true; + icon_theme = "Catppuccin Mocha"; + inlay_hints = { + enabled = true; + show_value_hints = true; + show_type_hints = true; + show_parameter_hints = true; + show_other_hints = true; + show_background = false; + edit_debounce_ms = 700; + scroll_debounce_ms = 50; + toggle_on_modifiers_press = { + control = false; + alt = false; + shift = false; + platform = false; + function = false; }; - # https://wiki.nixos.org/wiki/Zed#rust-analyzer - lsp.rust-analyzer.binary.path = lib.getExe pkgs.rust-analyzer; - minimap = { - show = "auto"; - }; - preferred_line_length = 80; - relative_line_numbers = true; - soft_wrap = "preferred_line_length"; - tab_bar = { - show_nav_history_buttons = false; - }; - tab_size = 2; - tabs = { - file_icons = true; - git_status = true; - }; - telemetry = { - diagnostics = false; - metrics = false; - }; - theme = { - mode = "system"; - light = "One Light"; - dark = "Catppuccin Mocha"; - }; - ui_font_family = "JetBrainsMono Nerd Font"; - ui_font_size = 16; - vim_mode = true; - # keep-sorted end }; + # https://wiki.nixos.org/wiki/Zed#rust-analyzer + lsp.rust-analyzer.binary.path = lib.getExe pkgs.rust-analyzer; + minimap = { + show = "auto"; + }; + preferred_line_length = 80; + relative_line_numbers = true; + soft_wrap = "preferred_line_length"; + tab_bar = { + show_nav_history_buttons = false; + }; + tab_size = 2; + tabs = { + file_icons = true; + git_status = true; + }; + telemetry = { + diagnostics = false; + metrics = false; + }; + theme = { + mode = "system"; + light = "One Light"; + dark = "Catppuccin Mocha"; + }; + ui_font_family = "JetBrainsMono Nerd Font"; + ui_font_size = 16; + vim_mode = true; + # keep-sorted end }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/zellij.nix b/modules/home-manager/features/zellij.nix index 5313695..f7222ed 100644 --- a/modules/home-manager/features/zellij.nix +++ b/modules/home-manager/features/zellij.nix @@ -1,24 +1,10 @@ { - config, - lib, - ... -}: -let - feature = "zellij"; -in -{ - config = lib.mkIf config.${feature}.enable { - programs.zellij = { - enable = true; - settings = { - theme = "catppuccin-mocha"; - show_startup_tips = false; - default_shell = "fish"; - }; + programs.zellij = { + enable = true; + settings = { + theme = "catppuccin-mocha"; + show_startup_tips = false; + default_shell = "fish"; }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/home-manager/features/zen-browser.nix b/modules/home-manager/features/zen-browser.nix index 0e50f28..b64fe5f 100644 --- a/modules/home-manager/features/zen-browser.nix +++ b/modules/home-manager/features/zen-browser.nix @@ -1,79 +1,67 @@ { - config, - lib, - ... -}: -let - feature = "zen-browser"; -in -{ - config = lib.mkIf config.${feature}.enable { - programs.zen-browser = - let - profileName = "fmnikwnj.Default Profile"; - in - { - enable = true; - profiles.${profileName}.settings = { - zen.tabs.vertical.right-side = true; - }; - policies = - let - mkLockedAttrs = builtins.mapAttrs ( - _: value: { - Value = value; - Status = "locked"; - } - ); - mkExtensionSettings = builtins.mapAttrs ( - _: pluginId: { - install_url = "https://addons.mozilla.org/firefox/downloads/latest/${pluginId}/latest.xpi"; - installation_mode = "force_installed"; - } - ); - in - { - # keep-sorted start block=yes - AutofillCreditCardEnabled = false; - EnableTrackingProtection = { - Value = true; - Category = "strict"; - }; - ExtensionSettings = mkExtensionSettings { - "uBlock0@raymondhill.net" = "ublock-origin"; - "{446900e4-71c2-419f-a6a7-df9c091e268b}" = "bitwarden-password-manager"; - "sponsorBlocker@ajay.app" = "sponsor-block"; - "{762f9885-5a13-4abd-9c77-433dcd38b8fd}" = "return-youtube-dislikes"; - "deArrow@ajay.app" = "dearrow"; - }; - HttpsOnlyMode = "enabled"; - NoDefaultBookmarks = true; - OfferToSaveLogins = false; - Preferences = mkLockedAttrs { - "intl.accept_languages" = "en-AU,en-GB,en-US,en"; - "general.autoScroll" = true; - # disable google safebrowsing - "browser.safebrowsing.malware.enabled" = false; - "browser.safebrowsing.phishing.enabled" = false; - "browser.warnOnQuit" = false; - "browser.tabs.warnOnClose" = false; - # continue where you left off - "browser.startup.page" = 3; - }; - RequestedLocales = [ - "en-AU" - "en-GB" - "en-US" - ]; - SearchEngines = { - Default = "duckduckgo"; - DefaultPrivate = "duckduckgo"; - }; - SearchSuggestEnabled = true; - # keep-sorted end - }; + programs.zen-browser = + let + profileName = "fmnikwnj.Default Profile"; + in + { + enable = true; + profiles.${profileName}.settings = { + zen.tabs.vertical.right-side = true; }; - }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + policies = + let + mkLockedAttrs = builtins.mapAttrs ( + _: value: { + Value = value; + Status = "locked"; + } + ); + mkExtensionSettings = builtins.mapAttrs ( + _: pluginId: { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/${pluginId}/latest.xpi"; + installation_mode = "force_installed"; + } + ); + in + { + # keep-sorted start block=yes + AutofillCreditCardEnabled = false; + EnableTrackingProtection = { + Value = true; + Category = "strict"; + }; + ExtensionSettings = mkExtensionSettings { + "uBlock0@raymondhill.net" = "ublock-origin"; + "{446900e4-71c2-419f-a6a7-df9c091e268b}" = "bitwarden-password-manager"; + "sponsorBlocker@ajay.app" = "sponsor-block"; + "{762f9885-5a13-4abd-9c77-433dcd38b8fd}" = "return-youtube-dislikes"; + "deArrow@ajay.app" = "dearrow"; + }; + HttpsOnlyMode = "enabled"; + NoDefaultBookmarks = true; + OfferToSaveLogins = false; + Preferences = mkLockedAttrs { + "intl.accept_languages" = "en-AU,en-GB,en-US,en"; + "general.autoScroll" = true; + # disable google safebrowsing + "browser.safebrowsing.malware.enabled" = false; + "browser.safebrowsing.phishing.enabled" = false; + "browser.warnOnQuit" = false; + "browser.tabs.warnOnClose" = false; + # continue where you left off + "browser.startup.page" = 3; + }; + RequestedLocales = [ + "en-AU" + "en-GB" + "en-US" + ]; + SearchEngines = { + Default = "duckduckgo"; + DefaultPrivate = "duckduckgo"; + }; + SearchSuggestEnabled = true; + # keep-sorted end + }; + }; } diff --git a/modules/home-manager/features/zoxide.nix b/modules/home-manager/features/zoxide.nix index 60afa1f..06cb837 100644 --- a/modules/home-manager/features/zoxide.nix +++ b/modules/home-manager/features/zoxide.nix @@ -1,23 +1,9 @@ { - config, - lib, - ... -}: -let - feature = "zoxide"; -in -{ - config = lib.mkIf config.${feature}.enable { - programs.zoxide = { - enable = true; - enableBashIntegration = true; - options = [ - "--cmd j" - ]; - }; + programs.zoxide = { + enable = true; + enableBashIntegration = true; + options = [ + "--cmd j" + ]; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/bundles/desktop.nix b/modules/nixos/bundles/desktop.nix index a57b21b..90debff 100644 --- a/modules/nixos/bundles/desktop.nix +++ b/modules/nixos/bundles/desktop.nix @@ -1,34 +1,28 @@ { - config, - lib, + # keep-sorted start pkgs, + util, + # keep-sorted end ... }: -let - feature = "desktop"; -in { - config = lib.mkIf config.${feature}.enable { + imports = util.toImports ../features [ # keep-sorted start - pipewire.enable = true; - print-and-scan.enable = true; - protonmail-bridge.enable = true; + "pipewire" + "print-and-scan" + "protonmail-bridge" # keep-sorted end + ]; - environment.systemPackages = with pkgs; [ - # keep-sorted start - beeper - calibre - cameractrls-gtk3 - # https://github.com/NixOS/nixpkgs/issues/437865 - # jellyfin-media-player - onlyoffice-desktopeditors - textsnatcher - # keep-sorted end - ]; - }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + environment.systemPackages = with pkgs; [ + # keep-sorted start + beeper + calibre + cameractrls-gtk3 + # https://github.com/NixOS/nixpkgs/issues/437865 + # jellyfin-media-player + onlyoffice-desktopeditors + textsnatcher + # keep-sorted end + ]; } diff --git a/modules/nixos/bundles/dev.nix b/modules/nixos/bundles/dev.nix index 8bb7de6..e5c5f48 100644 --- a/modules/nixos/bundles/dev.nix +++ b/modules/nixos/bundles/dev.nix @@ -1,26 +1,18 @@ { - config, - lib, pkgs, ... }: -let - feature = "dev"; -in { - config = lib.mkIf config.${feature}.enable { - environment.systemPackages = with pkgs; [ - # keep-sorted start - bacon - cargo-info - devenv - just - mask - rusty-man - vscode - # keep-sorted end - ]; - }; + environment.systemPackages = with pkgs; [ + # keep-sorted start + bacon + cargo-info + devenv + just + mask + rusty-man + vscode + # keep-sorted end + ]; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 0091667..271c07b 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -1,39 +1,31 @@ { - config, - lib, + util, ... }: -let - feature = "server"; -in { - config = lib.mkIf config.${feature}.enable { + imports = util.toImports ../features [ # keep-sorted start - copyparty.enable = true; - couchdb.enable = true; - flaresolverr.enable = true; - homepage-dashboard.enable = true; - immich.enable = true; - jellyfin.enable = true; - lidarr.enable = true; - miniflux.enable = true; - nginx.enable = true; - ntfy-sh.enable = true; - paperless.enable = true; - prowlarr.enable = true; - qbittorrent.enable = true; - radarr.enable = true; - sonarr.enable = true; - syncthing.enable = true; - vaultwarden.enable = true; + "copyparty" + "couchdb" + "flaresolverr" + "homepage-dashboard" + "immich" + "jellyfin" + "lidarr" + "miniflux" + "nginx" + "ntfy-sh" + "paperless" + "prowlarr" + "qbittorrent" + "radarr" + "sonarr" + "syncthing" + "vaultwarden" # keep-sorted end + ]; - users.groups.media = { }; + users.groups.media = { }; - services.borgmatic.settings.source_directories = [ "/srv" ]; - }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + services.borgmatic.settings.source_directories = [ "/srv" ]; } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index ce619c4..b1c31ad 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,28 +1,26 @@ { - lib, + # keep-sorted start pkgs, + util, + # keep-sorted end ... }: -let - featureBundler = - featuresDir: - map (name: featuresDir + "/${name}") (builtins.attrNames (builtins.readDir featuresDir)); -in { - imports = (featureBundler ./bundles) ++ (featureBundler ./features); - # keep-sorted start - agenix.enable = lib.mkDefault true; - fonts.enable = lib.mkDefault true; - localisation.enable = lib.mkDefault true; - network.enable = lib.mkDefault true; - nh.enable = lib.mkDefault true; - nix-settings.enable = lib.mkDefault true; - nixpkgs.enable = lib.mkDefault true; - nixvim.enable = lib.mkDefault true; - syncthing.enable = lib.mkDefault true; - systemd-boot.enable = lib.mkDefault true; - tailscale.enable = lib.mkDefault true; - # keep-sorted end + imports = util.toImports ./features [ + # keep-sorted start + "agenix" + "fonts" + "localisation" + "network" + "nh" + "nix-settings" + "nixpkgs" + "nixvim" + "syncthing" + "systemd-boot" + "tailscale" + # keep-sorted end + ]; environment.systemPackages = with pkgs; diff --git a/modules/nixos/features/agenix.nix b/modules/nixos/features/agenix.nix index 255124a..3c0afae 100644 --- a/modules/nixos/features/agenix.nix +++ b/modules/nixos/features/agenix.nix @@ -1,21 +1,14 @@ { - config, + # keep-sorted start inputs, - lib, system, userName, + # keep-sorted end ... }: -let - feature = "agenix"; -in { - config = lib.mkIf config.${feature}.enable { - environment.systemPackages = [ inputs.agenix.packages.${system}.default ]; - age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ]; - }; + environment.systemPackages = [ inputs.agenix.packages.${system}.default ]; + age.identityPaths = [ "/home/${userName}/.ssh/id_ed25519" ]; imports = [ inputs.agenix.nixosModules.default ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/amd-gpu.nix b/modules/nixos/features/amd-gpu.nix index 7d52f28..bb75e5a 100644 --- a/modules/nixos/features/amd-gpu.nix +++ b/modules/nixos/features/amd-gpu.nix @@ -1,26 +1,16 @@ { - config, - lib, pkgs, ... }: -let - feature = "amd-gpu"; -in { - config = lib.mkIf config.${feature}.enable { + # load graphics drivers before anything else + boot.initrd.kernelModules = [ "amdgpu" ]; - # load graphics drivers before anything else - boot.initrd.kernelModules = [ "amdgpu" ]; - - hardware.graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ amdvlk ]; - }; - - services.xserver.videoDrivers = [ "amdgpu" ]; + hardware.graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ amdvlk ]; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + services.xserver.videoDrivers = [ "amdgpu" ]; } diff --git a/modules/nixos/features/borgmatic.nix b/modules/nixos/features/borgmatic.nix index d7c60b6..c0f8b9a 100644 --- a/modules/nixos/features/borgmatic.nix +++ b/modules/nixos/features/borgmatic.nix @@ -1,92 +1,87 @@ { + # keep-sorted start config, lib, + # keep-sorted end ... }: -let - feature = "borgmatic"; -in { - config = lib.mkIf config.${feature}.enable { - # service - services.borgmatic = { - enable = true; - settings = { - # keep-sorted start block=yes - compression = "auto,zlib"; - encryption_passcommand = "cat ${config.age.secrets.borgmatic.path}"; - keep_daily = 7; - keep_monthly = 6; - keep_weekly = 4; - keep_yearly = 1; - ntfy = { - topic = "backups"; - server = config.services.ntfy-sh.settings.base-url; - finish = { - title = "Ping!"; - message = "Your backups have succeeded :)"; - tags = "tada,BorgBackup,Server"; - }; - fail = { - title = "Ping!"; - message = "Your backups have failed :("; - tags = "rotating_light,BorgBackup,Server"; - }; - states = [ - "finish" - "fail" - ]; + # service + services.borgmatic = { + enable = true; + settings = { + # keep-sorted start block=yes + compression = "auto,zlib"; + encryption_passcommand = "cat ${config.age.secrets.borgmatic.path}"; + keep_daily = 7; + keep_monthly = 6; + keep_weekly = 4; + keep_yearly = 1; + ntfy = { + topic = "backups"; + server = config.services.ntfy-sh.settings.base-url; + finish = { + title = "Ping!"; + message = "Your backups have succeeded :)"; + tags = "tada,BorgBackup,Server"; }; - repositories = [ - { - path = "/backup/repo"; - label = "onsite"; - # encryption = "repokey-blake2"; - } - { - path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; - label = "offsite"; - # encryption = "repokey-blake2"; - } + fail = { + title = "Ping!"; + message = "Your backups have failed :("; + tags = "rotating_light,BorgBackup,Server"; + }; + states = [ + "finish" + "fail" ]; - retries = 3; - retry_wait = 10; - ssh_command = "ssh -i /home/srv/.ssh/id_ed25519"; - # keep-sorted end }; - }; - - # postgres - services.postgresql.ensureUsers = [ - { - name = "root"; - } - ]; - systemd.services.postgresql.postStart = lib.mkAfter '' - /run/current-system/sw/bin/psql postgres -c "GRANT pg_read_all_data TO root" - ''; - systemd.services.borgmatic.path = [ - config.services.postgresql.package - ]; - - # credentials - systemd.services.borgmatic.serviceConfig.LoadCredential = [ - "borgmatic-pg:${config.age.secrets.borgmatic-pg.path}" - ]; - - # onsite drive - services.udisks2.enable = true; - fileSystems."/backup" = { - device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e"; - fsType = "ext4"; - }; - - # secrets - age.secrets = { - "borgmatic".file = ../../../secrets/borgmatic.age; - "borgmatic-pg".file = ../../../secrets/borgmatic-pg.age; + repositories = [ + { + path = "/backup/repo"; + label = "onsite"; + # encryption = "repokey-blake2"; + } + { + path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; + label = "offsite"; + # encryption = "repokey-blake2"; + } + ]; + retries = 3; + retry_wait = 10; + ssh_command = "ssh -i /home/srv/.ssh/id_ed25519"; + # keep-sorted end }; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + # postgres + services.postgresql.ensureUsers = [ + { + name = "root"; + } + ]; + systemd.services.postgresql.postStart = lib.mkAfter '' + /run/current-system/sw/bin/psql postgres -c "GRANT pg_read_all_data TO root" + ''; + systemd.services.borgmatic.path = [ + config.services.postgresql.package + ]; + + # credentials + systemd.services.borgmatic.serviceConfig.LoadCredential = [ + "borgmatic-pg:${config.age.secrets.borgmatic-pg.path}" + ]; + + # onsite drive + services.udisks2.enable = true; + fileSystems."/backup" = { + device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e"; + fsType = "ext4"; + }; + + # secrets + age.secrets = { + "borgmatic".file = ../../../secrets/borgmatic.age; + "borgmatic-pg".file = ../../../secrets/borgmatic-pg.age; + }; } diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index 8f204ac..a3b8114 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -1,67 +1,51 @@ { + # keep-sorted start config, - lib, inputs, + lib, + # keep-sorted end ... }: let - feature = "copyparty"; port = "5000"; in { imports = [ inputs.copyparty.nixosModules.default ]; - config = lib.mkIf config.${feature}.enable { - services = { - # service - copyparty = { - enable = true; - settings = { - z = true; - e2dsa = true; - e2ts = true; - e2vu = true; - p = lib.toInt port; - }; - - accounts = { - will = { - passwordFile = config.age.secrets.copyparty-will.path; - }; - }; - - volumes = { - "/" = { - path = "/srv/copyparty"; - access = { - r = "*"; - A = [ "will" ]; - }; - }; - }; + services = { + copyparty = { + enable = true; + settings = { + z = true; + e2dsa = true; + e2ts = true; + e2vu = true; + p = lib.toInt port; }; - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; + accounts.will.passwordFile = config.age.secrets.copyparty-will.path; + + volumes."/" = { + path = "/srv/copyparty"; + access = { + r = "*"; + A = [ "will" ]; }; }; }; - # secrets - age.secrets."copyparty-will" = { - file = ../../../secrets/copyparty-will.age; - owner = "copyparty"; + nginx.virtualHosts."copyparty.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; }; - - nixpkgs.overlays = [ inputs.copyparty.overlays.default ]; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + # secrets + age.secrets."copyparty-will" = { + file = ../../../secrets/copyparty-will.age; + owner = "copyparty"; + }; + + nixpkgs.overlays = [ inputs.copyparty.overlays.default ]; } diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix index 8206732..5b24367 100644 --- a/modules/nixos/features/couchdb.nix +++ b/modules/nixos/features/couchdb.nix @@ -1,60 +1,47 @@ { - config, lib, ... }: let - feature = "couchdb"; port = "5984"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - couchdb = { - enable = true; - databaseDir = "/srv/couchdb"; - viewIndexDir = "/srv/couchdb"; - configFile = "/srv/couchdb"; - port = lib.toInt port; - extraConfig = { - chttpd = { - require_valid_user = true; - enable_cors = true; - max_http_request_size = 4294967296; - }; - - chttpd_auth.require_valid_user = true; - - httpd = { - WWW-Authenticate = ''Basic realm="couchdb"''; - enable_cors = true; - }; - - couchdb.max_document_size = 50000000; - - cors = { - credentials = true; - origins = '' - app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz - ''; - }; + services = { + couchdb = { + enable = true; + databaseDir = "/srv/couchdb"; + viewIndexDir = "/srv/couchdb"; + configFile = "/srv/couchdb"; + port = lib.toInt port; + extraConfig = { + chttpd = { + require_valid_user = true; + enable_cors = true; + max_http_request_size = 4294967296; }; - }; - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; + chttpd_auth.require_valid_user = true; + + httpd = { + WWW-Authenticate = ''Basic realm="couchdb"''; + enable_cors = true; + }; + + couchdb.max_document_size = 50000000; + + cors = { + credentials = true; + origins = '' + app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz + ''; }; }; }; - }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + nginx.virtualHosts."couchdb.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; + }; } diff --git a/modules/nixos/features/external-speakers.nix b/modules/nixos/features/external-speakers.nix index 2b70586..cec34dc 100644 --- a/modules/nixos/features/external-speakers.nix +++ b/modules/nixos/features/external-speakers.nix @@ -1,17 +1,5 @@ { - config, - lib, - ... -}: -let - feature = "external-speakers"; -in -{ - config = lib.mkIf config.${feature}.enable { - boot.extraModprobeConfig = '' - options snd_hda_intel power_save=0 - ''; - }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + boot.extraModprobeConfig = '' + options snd_hda_intel power_save=0 + ''; } diff --git a/modules/nixos/features/flaresolverr.nix b/modules/nixos/features/flaresolverr.nix index 84124f4..86afdcd 100644 --- a/modules/nixos/features/flaresolverr.nix +++ b/modules/nixos/features/flaresolverr.nix @@ -1,34 +1,21 @@ { - config, lib, ... }: let - feature = "flaresolverr"; port = "5011"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - flaresolverr = { - enable = true; - port = lib.toInt port; - }; + services = { + flaresolverr = { + enable = true; + port = lib.toInt port; + }; - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; - }; - }; + nginx.virtualHosts."flaresolverr.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/fonts.nix b/modules/nixos/features/fonts.nix index 52f5712..d910799 100644 --- a/modules/nixos/features/fonts.nix +++ b/modules/nixos/features/fonts.nix @@ -1,21 +1,10 @@ { - config, - lib, pkgs, ... }: -let - feature = "fonts"; -in { - config = lib.mkIf config.${feature}.enable { - fonts.packages = with pkgs; [ - nerd-fonts.jetbrains-mono - inter-nerdfont - ]; - }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + fonts.packages = with pkgs; [ + nerd-fonts.jetbrains-mono + inter-nerdfont + ]; } diff --git a/modules/nixos/features/gaming.nix b/modules/nixos/features/gaming.nix index d09fc85..0b2bd23 100644 --- a/modules/nixos/features/gaming.nix +++ b/modules/nixos/features/gaming.nix @@ -1,44 +1,35 @@ { - config, - lib, pkgs, ... }: -let - feature = "gaming"; -in { - config = lib.mkIf config.${feature}.enable { - environment.systemPackages = with pkgs; [ - # keep-sorted start - heroic - lutris - mangohud - nexusmods-app - prismlauncher - protonup-qt - wine - wine64 - winetricks - # keep-sorted end - ]; + environment.systemPackages = with pkgs; [ + # keep-sorted start + heroic + lutris + mangohud + nexusmods-app + prismlauncher + protonup-qt + wine + wine64 + winetricks + # keep-sorted end + ]; - programs = { - gamemode.enable = true; - steam = { - enable = true; - gamescopeSession.enable = true; - }; - }; - - services.lact = { + programs = { + gamemode.enable = true; + steam = { enable = true; - settings = { }; + gamescopeSession.enable = true; }; - - # latest kernel - boot.kernelPackages = pkgs.linuxPackages_latest; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + services.lact = { + enable = true; + settings = { }; + }; + + # latest kernel + boot.kernelPackages = pkgs.linuxPackages_latest; } diff --git a/modules/nixos/features/gnome.nix b/modules/nixos/features/gnome.nix index 192d0c6..f1720d2 100644 --- a/modules/nixos/features/gnome.nix +++ b/modules/nixos/features/gnome.nix @@ -1,59 +1,50 @@ { - config, - lib, pkgs, ... }: -let - feature = "gnome"; -in { - config = lib.mkIf config.${feature}.enable { - services = { - desktopManager.gnome.enable = true; - displayManager.gdm.enable = true; - }; - - environment = { - # https://discourse.nixos.org/t/howto-disable-most-gnome-default-applications-and-what-they-are/13505 - gnome.excludePackages = with pkgs; [ - # keep-sorted start - # baobab # disk usage analyzer - # cheese # photo booth - # eog # image viewer - epiphany # web browser - evince # document viewer - # file-roller # archive manager - geary # email client - gedit # text editor - gnome-calculator - gnome-calendar - gnome-characters - gnome-clocks - # gnome-disk-utility - gnome-connections - gnome-contacts - gnome-font-viewer - gnome-logs - gnome-maps - gnome-music - gnome-photos - # gnome-screenshot - # gnome-system-monitor - gnome-terminal - gnome-weather - seahorse # password manager - # simple-scan # document scanner - totem # video player - yelp # help viewer - # keep-sorted end - ]; - systemPackages = with pkgs; [ - gnome-tweaks - bibata-cursors - ]; - }; + services = { + desktopManager.gnome.enable = true; + displayManager.gdm.enable = true; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + environment = { + # https://discourse.nixos.org/t/howto-disable-most-gnome-default-applications-and-what-they-are/13505 + gnome.excludePackages = with pkgs; [ + # keep-sorted start + # baobab # disk usage analyzer + # cheese # photo booth + # eog # image viewer + epiphany # web browser + evince # document viewer + # file-roller # archive manager + geary # email client + gedit # text editor + gnome-calculator + gnome-calendar + gnome-characters + gnome-clocks + # gnome-disk-utility + gnome-connections + gnome-contacts + gnome-font-viewer + gnome-logs + gnome-maps + gnome-music + gnome-photos + # gnome-screenshot + # gnome-system-monitor + gnome-terminal + gnome-weather + seahorse # password manager + # simple-scan # document scanner + totem # video player + yelp # help viewer + # keep-sorted end + ]; + systemPackages = with pkgs; [ + gnome-tweaks + bibata-cursors + ]; + }; } diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 9ecbb23..f171efe 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -1,11 +1,12 @@ { + # keep-sorted start config, lib, pkgs, + # keep-sorted end ... }: let - feature = "homepage-dashboard"; port = "5004"; genSecrets = secrets: @@ -34,280 +35,269 @@ let ]; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - homepage-dashboard = { - enable = true; - listenPort = lib.toInt port; - allowedHosts = "homepage-dashboard.fi33.buzz"; - services = [ - # keep-sorted start block=yes - { - "Cloud Services" = [ - { - "copyparty" = { - "description" = "Cloud file manager"; - "icon" = "sh-copyparty.svg"; - "href" = "https://copyparty.fi33.buzz/"; - }; - } - { - "CouchDB" = { - "description" = "Obsidian sync database"; - "icon" = "couchdb.svg"; - "href" = "https://couchdb.fi33.buzz/_utils/"; - }; - } - { - "ntfy" = { - "description" = "Notification service"; - "icon" = "ntfy.svg"; - "href" = "https://ntfy-sh.fi33.buzz/"; - }; - } - { - "Syncthing" = { - "description" = "Decentralised file synchronisation"; - "icon" = "syncthing.svg"; - "href" = "https://syncthing.fi33.buzz/"; - }; - } - { - "qBittorrent" = { - "description" = "BitTorrent client"; - "icon" = "qbittorrent.svg"; - "href" = "https://qbittorrent.fi33.buzz/"; - }; - } - { - "Vaultwarden" = { - "description" = "Password manager"; - "icon" = "vaultwarden.svg"; - "href" = "https://vaultwarden.fi33.buzz/"; - }; - } - ]; - } - { - "Media Management" = [ - { - "Lidarr" = { - "description" = "Music collection manager"; - "icon" = "lidarr.svg"; - "href" = "https://lidarr.fi33.buzz/"; - "widget" = { - "type" = "lidarr"; - "url" = "https://lidarr.fi33.buzz/"; - "key" = "@lidarr@"; - "enableQueue" = true; - }; - }; - } - { - "Prowlarr" = { - "description" = "Indexer management tool"; - "icon" = "prowlarr.svg"; - "href" = "https://prowlarr.fi33.buzz/"; - "widget" = { - "type" = "prowlarr"; - "url" = "https://prowlarr.fi33.buzz/"; - "key" = "@prowlarr@"; - }; - }; - } - { - "Radarr" = { - "description" = "Movie collection manager"; - "icon" = "radarr.svg"; - "href" = "https://radarr.fi33.buzz/"; - "widget" = { - "type" = "radarr"; - "url" = "https://radarr.fi33.buzz/"; - "key" = "@radarr@"; - "enableQueue" = true; - }; - }; - } - { - "Sonarr" = { - "description" = "TV show collection manager"; - "icon" = "sonarr.svg"; - "href" = "https://sonarr.fi33.buzz/"; - "widget" = { - "type" = "sonarr"; - "url" = "https://sonarr.fi33.buzz/"; - "key" = "@sonarr@"; - "enableQueue" = true; - }; - }; - } - ]; - } - { - "Media Streaming" = [ - { - "Immich" = { - "description" = "Photo backup"; - "icon" = "immich.svg"; - "href" = "https://immich.fi33.buzz/"; - "widget" = { - "type" = "immich"; - "fields" = [ - "users" - "photos" - "videos" - "storage" - ]; - "url" = "https://immich.fi33.buzz/"; - "version" = 2; - "key" = "@immich@"; - }; - }; - } - { - "Jellyfin" = { - "description" = "Media streaming"; - "icon" = "jellyfin.svg"; - "href" = "https://jellyfin.fi33.buzz/"; - "widget" = { - "type" = "jellyfin"; - "url" = "https://jellyfin.fi33.buzz/"; - "key" = "@jellyfin@"; - "enableBlocks" = true; - "enableNowPlaying" = true; - "enableUser" = true; - "showEpisodeNumber" = true; - "expandOneStreamToTwoRows" = false; - }; - }; - } - { - "Miniflux" = { - "description" = "RSS aggregator"; - "icon" = "miniflux.svg"; - "href" = "https://miniflux.fi33.buzz/"; - "widget" = { - "type" = "miniflux"; - "url" = "https://miniflux.fi33.buzz/"; - "key" = "@miniflux@"; - }; - }; - } - { - "Paperless" = { - "description" = "Digital filing cabinet"; - "icon" = "paperless.svg"; - "href" = "https://paperless.fi33.buzz/"; - "widget" = { - "type" = "paperlessngx"; - "url" = "https://paperless.fi33.buzz/"; - "username" = "admin"; - "password" = "@paperless@"; - }; - }; - } - ]; - } - { - "Utilities" = [ - { - "NanoKVM" = { - "description" = "Remote KVM switch"; - "icon" = "mdi-console.svg"; - "href" = "http://nano-kvm/"; - }; - } - ]; - } - # keep-sorted end - ]; - settings = { - title = "Mission Control"; - theme = "dark"; - color = "neutral"; - headerStyle = "clean"; - layout = [ + services = { + homepage-dashboard = { + enable = true; + listenPort = lib.toInt port; + allowedHosts = "homepage-dashboard.fi33.buzz"; + services = [ + # keep-sorted start block=yes + { + "Cloud Services" = [ { - "Media Streaming" = { - style = "row"; - columns = 4; - useEqualHeights = true; + "copyparty" = { + "description" = "Cloud file manager"; + "icon" = "sh-copyparty.svg"; + "href" = "https://copyparty.fi33.buzz/"; }; } { - "Media Management" = { - style = "row"; - columns = 4; - useEqualHeights = true; + "CouchDB" = { + "description" = "Obsidian sync database"; + "icon" = "couchdb.svg"; + "href" = "https://couchdb.fi33.buzz/_utils/"; }; } { - "Cloud Services" = { - style = "row"; - columns = 3; + "ntfy" = { + "description" = "Notification service"; + "icon" = "ntfy.svg"; + "href" = "https://ntfy-sh.fi33.buzz/"; }; } { - "Utilities" = { - style = "row"; - columns = 3; + "Syncthing" = { + "description" = "Decentralised file synchronisation"; + "icon" = "syncthing.svg"; + "href" = "https://syncthing.fi33.buzz/"; + }; + } + { + "qBittorrent" = { + "description" = "BitTorrent client"; + "icon" = "qbittorrent.svg"; + "href" = "https://qbittorrent.fi33.buzz/"; + }; + } + { + "Vaultwarden" = { + "description" = "Password manager"; + "icon" = "vaultwarden.svg"; + "href" = "https://vaultwarden.fi33.buzz/"; }; } ]; - quicklaunch.searchDescriptions = true; - disableUpdateCheck = true; - showStats = true; - statusStyle = "dot"; - }; - widgets = [ + } + { + "Media Management" = [ + { + "Lidarr" = { + "description" = "Music collection manager"; + "icon" = "lidarr.svg"; + "href" = "https://lidarr.fi33.buzz/"; + "widget" = { + "type" = "lidarr"; + "url" = "https://lidarr.fi33.buzz/"; + "key" = "@lidarr@"; + "enableQueue" = true; + }; + }; + } + { + "Prowlarr" = { + "description" = "Indexer management tool"; + "icon" = "prowlarr.svg"; + "href" = "https://prowlarr.fi33.buzz/"; + "widget" = { + "type" = "prowlarr"; + "url" = "https://prowlarr.fi33.buzz/"; + "key" = "@prowlarr@"; + }; + }; + } + { + "Radarr" = { + "description" = "Movie collection manager"; + "icon" = "radarr.svg"; + "href" = "https://radarr.fi33.buzz/"; + "widget" = { + "type" = "radarr"; + "url" = "https://radarr.fi33.buzz/"; + "key" = "@radarr@"; + "enableQueue" = true; + }; + }; + } + { + "Sonarr" = { + "description" = "TV show collection manager"; + "icon" = "sonarr.svg"; + "href" = "https://sonarr.fi33.buzz/"; + "widget" = { + "type" = "sonarr"; + "url" = "https://sonarr.fi33.buzz/"; + "key" = "@sonarr@"; + "enableQueue" = true; + }; + }; + } + ]; + } + { + "Media Streaming" = [ + { + "Immich" = { + "description" = "Photo backup"; + "icon" = "immich.svg"; + "href" = "https://immich.fi33.buzz/"; + "widget" = { + "type" = "immich"; + "fields" = [ + "users" + "photos" + "videos" + "storage" + ]; + "url" = "https://immich.fi33.buzz/"; + "version" = 2; + "key" = "@immich@"; + }; + }; + } + { + "Jellyfin" = { + "description" = "Media streaming"; + "icon" = "jellyfin.svg"; + "href" = "https://jellyfin.fi33.buzz/"; + "widget" = { + "type" = "jellyfin"; + "url" = "https://jellyfin.fi33.buzz/"; + "key" = "@jellyfin@"; + "enableBlocks" = true; + "enableNowPlaying" = true; + "enableUser" = true; + "showEpisodeNumber" = true; + "expandOneStreamToTwoRows" = false; + }; + }; + } + { + "Miniflux" = { + "description" = "RSS aggregator"; + "icon" = "miniflux.svg"; + "href" = "https://miniflux.fi33.buzz/"; + "widget" = { + "type" = "miniflux"; + "url" = "https://miniflux.fi33.buzz/"; + "key" = "@miniflux@"; + }; + }; + } + { + "Paperless" = { + "description" = "Digital filing cabinet"; + "icon" = "paperless.svg"; + "href" = "https://paperless.fi33.buzz/"; + "widget" = { + "type" = "paperlessngx"; + "url" = "https://paperless.fi33.buzz/"; + "username" = "admin"; + "password" = "@paperless@"; + }; + }; + } + ]; + } + { + "Utilities" = [ + { + "NanoKVM" = { + "description" = "Remote KVM switch"; + "icon" = "mdi-console.svg"; + "href" = "http://nano-kvm/"; + }; + } + ]; + } + # keep-sorted end + ]; + settings = { + title = "Mission Control"; + theme = "dark"; + color = "neutral"; + headerStyle = "clean"; + layout = [ { - search = { - provider = [ - "duckduckgo" - "brave" - ]; - focus = true; - showSearchSuggestions = true; - target = "_blank"; + "Media Streaming" = { + style = "row"; + columns = 4; + useEqualHeights = true; }; } { - resources = { - cpu = true; - memory = true; - disk = [ - "/" - "/backup" - ]; - cputemp = true; - tempmin = 0; - tempmax = 100; - units = "metric"; - network = true; - uptime = true; + "Media Management" = { + style = "row"; + columns = 4; + useEqualHeights = true; + }; + } + { + "Cloud Services" = { + style = "row"; + columns = 3; + }; + } + { + "Utilities" = { + style = "row"; + columns = 3; }; } ]; + quicklaunch.searchDescriptions = true; + disableUpdateCheck = true; + showStats = true; + statusStyle = "dot"; }; - - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; + widgets = [ + { + search = { + provider = [ + "duckduckgo" + "brave" + ]; + focus = true; + showSearchSuggestions = true; + target = "_blank"; }; - }; - }; + } + { + resources = { + cpu = true; + memory = true; + disk = [ + "/" + "/backup" + ]; + cputemp = true; + tempmin = 0; + tempmax = 100; + units = "metric"; + network = true; + uptime = true; + }; + } + ]; }; - # secrets - age.secrets = genSecrets secrets; - system.activationScripts = insertSecrets secrets; + nginx.virtualHosts."homepage-dashboard.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + # secrets + age.secrets = genSecrets secrets; + system.activationScripts = insertSecrets secrets; } diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index ab72dee..3d83d33 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -1,46 +1,37 @@ { - config, lib, ... }: let - feature = "immich"; port = "2283"; in { - config = lib.mkIf config.${feature}.enable { - services = { - immich = { - enable = true; - port = builtins.fromJSON "${port}"; - mediaLocation = "/srv/immich"; - }; + services = { + immich = { + enable = true; + port = lib.toInt "${port}"; + mediaLocation = "/srv/immich"; + }; - # database backup - borgmatic.settings = { - postgresql_databases = [ - { - name = "immich"; - hostname = "localhost"; - username = "root"; - password = "{credential systemd borgmatic-pg}"; - } - ]; - }; + borgmatic.settings.postgresql_databases = [ + { + name = "immich"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; + } + ]; - nginx = { - clientMaxBodySize = "50000M"; - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://[::1]:${port}"; - proxyWebsockets = true; - }; + nginx = { + clientMaxBodySize = "50000M"; + virtualHosts."immich.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://[::1]:${port}"; + proxyWebsockets = true; }; }; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/intel-gpu.nix b/modules/nixos/features/intel-gpu.nix index 08809d5..c3b95d1 100644 --- a/modules/nixos/features/intel-gpu.nix +++ b/modules/nixos/features/intel-gpu.nix @@ -1,32 +1,21 @@ { - config, - lib, pkgs, ... }: -let - feature = "intel-gpu"; -in { - config = lib.mkIf config.${feature}.enable { - hardware = { - enableAllFirmware = true; - graphics = { - enable = true; - extraPackages = with pkgs; [ - # keep-sorted start - intel-compute-runtime - intel-media-driver - intel-ocl - libva-vdpau-driver - vpl-gpu-rt - # keep-sorted end - ]; - }; + hardware = { + enableAllFirmware = true; + graphics = { + enable = true; + extraPackages = with pkgs; [ + # keep-sorted start + intel-compute-runtime + intel-media-driver + intel-ocl + libva-vdpau-driver + vpl-gpu-rt + # keep-sorted end + ]; }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index a16e1ca..e64f6ad 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -1,36 +1,24 @@ -{ - config, - lib, - ... -}: let - feature = "jellyfin"; port = "8096"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - jellyfin = { - enable = true; - dataDir = "/srv/jellyfin"; - group = "media"; - }; - - # reverse proxy - nginx.virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + services = { + jellyfin = { + enable = true; + dataDir = "/srv/jellyfin"; + group = "media"; }; - # use intel iGP - systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; - environment.sessionVariables = { - LIBVA_DRIVER_NAME = "iHD"; + nginx.virtualHosts."jellyfin.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; }; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + # use intel iGP + systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; + environment.sessionVariables = { + LIBVA_DRIVER_NAME = "iHD"; + }; } diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 02574d6..39e6253 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -1,36 +1,23 @@ { - config, lib, ... }: let - feature = "lidarr"; port = "5012"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - lidarr = { - enable = true; - dataDir = "/srv/lidarr"; - settings.server.port = lib.toInt port; - group = "media"; - }; + services = { + lidarr = { + enable = true; + dataDir = "/srv/lidarr"; + settings.server.port = lib.toInt port; + group = "media"; + }; - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; - }; - }; + nginx.virtualHosts."lidarr.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/link2c.nix b/modules/nixos/features/link2c.nix index 6a62718..6bb42ea 100644 --- a/modules/nixos/features/link2c.nix +++ b/modules/nixos/features/link2c.nix @@ -1,17 +1,5 @@ { - config, - lib, - ... -}: -let - feature = "link2c"; -in -{ - config = lib.mkIf config.${feature}.enable { - services.udev.extraRules = '' - ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="2e1a", ATTR{idProduct}=="4c03", TEST=="power/control", ATTR{power/control}="on" - ''; - }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + services.udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="2e1a", ATTR{idProduct}=="4c03", TEST=="power/control", ATTR{power/control}="on" + ''; } diff --git a/modules/nixos/features/localisation.nix b/modules/nixos/features/localisation.nix index e00fba5..b6ab05e 100644 --- a/modules/nixos/features/localisation.nix +++ b/modules/nixos/features/localisation.nix @@ -1,21 +1,11 @@ -{ config, lib, ... }: -let - feature = "localisation"; -in { - config = lib.mkIf config.${feature}.enable { - i18n = { - defaultLocale = "en_AU.UTF-8"; - supportedLocales = [ - "en_US.UTF-8/UTF-8" - "en_AU.UTF-8/UTF-8" - ]; - }; - - time.timeZone = "Australia/Melbourne"; + i18n = { + defaultLocale = "en_AU.UTF-8"; + supportedLocales = [ + "en_US.UTF-8/UTF-8" + "en_AU.UTF-8/UTF-8" + ]; }; - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + time.timeZone = "Australia/Melbourne"; } diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index 59bbcbd..7fd7403 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -1,54 +1,36 @@ { config, - lib, ... }: let - feature = "miniflux"; port = "5010"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - miniflux = { - enable = true; - adminCredentialsFile = config.age.secrets.miniflux-creds.path; - config = { - BASE_URL = "https://miniflux.fi33.buzz"; - LISTEN_ADDR = "localhost:${port}"; - }; - }; - - # database backup - borgmatic.settings = { - postgresql_databases = [ - { - name = "miniflux"; - hostname = "localhost"; - username = "root"; - password = "{credential systemd borgmatic-pg}"; - } - ]; - }; - - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; - }; + services = { + miniflux = { + enable = true; + adminCredentialsFile = config.age.secrets.miniflux-creds.path; + config = { + BASE_URL = "https://miniflux.fi33.buzz"; + LISTEN_ADDR = "localhost:${port}"; }; }; - # secrets - age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age; + borgmatic.settings.postgresql_databases = [ + { + name = "miniflux"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; + } + ]; + nginx.virtualHosts."miniflux.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age; } diff --git a/modules/nixos/features/network.nix b/modules/nixos/features/network.nix index ad955f7..5ea2774 100644 --- a/modules/nixos/features/network.nix +++ b/modules/nixos/features/network.nix @@ -1,21 +1,10 @@ { - config, - lib, hostName, ... }: -let - feature = "network"; -in { - config = lib.mkIf config.${feature}.enable { - networking = { - hostName = "${hostName}"; - networkmanager.enable = true; - }; + networking = { + hostName = "${hostName}"; + networkmanager.enable = true; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/nginx.nix b/modules/nixos/features/nginx.nix index c5da142..6ee2f9e 100644 --- a/modules/nixos/features/nginx.nix +++ b/modules/nixos/features/nginx.nix @@ -1,48 +1,37 @@ { config, - lib, ... }: -let - feature = "nginx"; -in { - config = lib.mkIf config.${feature}.enable { - services.nginx = { - enable = true; + services.nginx = { + enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; - virtualHosts."*.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".index = "index.html"; - }; + virtualHosts."*.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".index = "index.html"; }; - - security.acme = { - acceptTerms = true; - defaults.email = "wi11@duck.com"; - certs."fi33.buzz" = { - domain = "fi33.buzz"; - extraDomainNames = [ "*.fi33.buzz" ]; - group = "nginx"; - dnsProvider = "porkbun"; - dnsPropagationCheck = true; - credentialsFile = config.age.secrets."porkbun-api".path; - }; - }; - - # secrets - age.secrets."porkbun-api" = { - file = ../../../secrets/porkbun-api.age; - }; - - users.users.nginx.extraGroups = [ "acme" ]; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + security.acme = { + acceptTerms = true; + defaults.email = "wi11@duck.com"; + certs."fi33.buzz" = { + domain = "fi33.buzz"; + extraDomainNames = [ "*.fi33.buzz" ]; + group = "nginx"; + dnsProvider = "porkbun"; + dnsPropagationCheck = true; + credentialsFile = config.age.secrets."porkbun-api".path; + }; + }; + + age.secrets."porkbun-api".file = ../../../secrets/porkbun-api.age; + + users.users.nginx.extraGroups = [ "acme" ]; } diff --git a/modules/nixos/features/nh.nix b/modules/nixos/features/nh.nix index d26c29c..3f23596 100644 --- a/modules/nixos/features/nh.nix +++ b/modules/nixos/features/nh.nix @@ -1,20 +1,11 @@ { - config, - lib, userName, ... }: -let - feature = "nh"; -in { - config = lib.mkIf config.${feature}.enable { - programs.nh = { - enable = true; - # clean.enable = true; - flake = "/home/${userName}/.dots"; - }; + programs.nh = { + enable = true; + # clean.enable = true; + flake = "/home/${userName}/.dots"; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/nix-settings.nix b/modules/nixos/features/nix-settings.nix index 9fcaf07..eda2992 100644 --- a/modules/nixos/features/nix-settings.nix +++ b/modules/nixos/features/nix-settings.nix @@ -1,34 +1,24 @@ -{ config, lib, ... }: -let - feature = "nix-settings"; -in { - config = lib.mkIf config.${feature}.enable { - nix = { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 20d"; - persistent = true; - }; - optimise = { - automatic = true; - persistent = true; - }; - settings = { - experimental-features = [ - "nix-command" - "flakes" - ]; - trusted-users = [ - "will" - "srv" - ]; - }; + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 20d"; + persistent = true; + }; + optimise = { + automatic = true; + persistent = true; + }; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ + "will" + "srv" + ]; }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/nixpkgs.nix b/modules/nixos/features/nixpkgs.nix index 3bf6858..e95ec3c 100644 --- a/modules/nixos/features/nixpkgs.nix +++ b/modules/nixos/features/nixpkgs.nix @@ -1,13 +1,3 @@ -{ config, lib, ... }: -let - feature = "nixpkgs"; -in { - config = lib.mkIf config.${feature}.enable { - nixpkgs.config.allowUnfree = true; - }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + nixpkgs.config.allowUnfree = true; } diff --git a/modules/nixos/features/nixvim.nix b/modules/nixos/features/nixvim.nix index 76c1773..fd86deb 100644 --- a/modules/nixos/features/nixvim.nix +++ b/modules/nixos/features/nixvim.nix @@ -1,108 +1,97 @@ { - config, inputs, - lib, ... }: -let - feature = "nixvim"; -in { - config = lib.mkIf config.${feature}.enable { - environment.variables.EDITOR = "nvim"; - programs.nixvim = { + environment.variables.EDITOR = "nvim"; + programs.nixvim = { + enable = true; + clipboard = { + providers.wl-copy.enable = true; + register = "unnamedplus"; + }; + colorschemes.catppuccin = { enable = true; - clipboard = { - providers.wl-copy.enable = true; - register = "unnamedplus"; - }; - colorschemes.catppuccin = { + settings.background.dark = "mocha"; + }; + dependencies = { + tree-sitter.enable = true; + gcc.enable = true; + }; + diagnostic.settings.virtual_lines = true; + opts = { + autoindent = true; + expandtab = true; + number = true; + relativenumber = true; + shiftwidth = 2; + tabstop = 2; + colorcolumn = "80"; + }; + plugins = { + # autoclose brackets + autoclose.enable = true; + + # completion window + cmp = { enable = true; - settings.background.dark = "mocha"; + autoEnableSources = true; + settings = { + mapping = { + "" = "cmp.mapping.complete()"; + "" = "cmp.mapping.scroll_docs(-4)"; + "" = "cmp.mapping.close()"; + "" = "cmp.mapping.scroll_docs(4)"; + "" = "cmp.mapping.confirm({ select = true })"; + "" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; + "" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; + }; + sources = [ + { name = "nvim_lsp"; } + { name = "path"; } + { name = "buffer"; } + ]; + }; }; - dependencies = { - tree-sitter.enable = true; - gcc.enable = true; - }; - diagnostic.settings.virtual_lines = true; - opts = { - autoindent = true; - expandtab = true; - number = true; - relativenumber = true; - shiftwidth = 2; - tabstop = 2; - colorcolumn = "80"; - }; - plugins = { - # autoclose brackets - autoclose.enable = true; - # completion window - cmp = { - enable = true; - autoEnableSources = true; - settings = { - mapping = { - "" = "cmp.mapping.complete()"; - "" = "cmp.mapping.scroll_docs(-4)"; - "" = "cmp.mapping.close()"; - "" = "cmp.mapping.scroll_docs(4)"; - "" = "cmp.mapping.confirm({ select = true })"; - "" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; - "" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; - }; - sources = [ - { name = "nvim_lsp"; } - { name = "path"; } - { name = "buffer"; } - ]; + # git changes in margin + gitsigns.enable = true; + + # opens last edit position + lastplace.enable = true; + + # lsp servers + lsp = { + enable = true; + inlayHints = true; + servers = { + nixd.enable = true; + rust_analyzer = { + enable = true; + installCargo = true; + installRustc = true; + }; + hls = { + enable = true; + installGhc = true; }; }; - - # git changes in margin - gitsigns.enable = true; - - # opens last edit position - lastplace.enable = true; - - # lsp servers - lsp = { - enable = true; - inlayHints = true; - servers = { - nixd.enable = true; - } - // lib.optionalAttrs config.dev.enable { - rust_analyzer = { - enable = true; - installCargo = true; - installRustc = true; - }; - hls = { - enable = true; - installGhc = true; - }; - }; - }; - lsp-format.enable = true; - lsp-lines.enable = true; - lsp-signature.enable = true; - lspkind.enable = true; - - # status bar - lualine.enable = true; - - # perform file system operations inside of neovim - oil.enable = true; - - # syntax highlighting - treesitter.enable = true; }; + lsp-format.enable = true; + lsp-lines.enable = true; + lsp-signature.enable = true; + lspkind.enable = true; + + # status bar + lualine.enable = true; + + # perform file system operations inside of neovim + oil.enable = true; + + # syntax highlighting + treesitter.enable = true; }; }; imports = [ inputs.nixvim.nixosModules.nixvim ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index 1182065..681047f 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -1,38 +1,24 @@ -{ - config, - lib, - ... -}: let - feature = "ntfy-sh"; port = "5002"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - ntfy-sh = { - enable = true; - settings = { - base-url = "https://ntfy-sh.fi33.buzz"; - listen-http = ":${port}"; - behind-proxy = true; - }; + services = { + ntfy-sh = { + enable = true; + settings = { + base-url = "https://ntfy-sh.fi33.buzz"; + listen-http = ":${port}"; + behind-proxy = true; }; + }; - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - proxyWebsockets = true; - }; - }; + nginx.virtualHosts."ntfy-sh.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + proxyWebsockets = true; }; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index e6ea41d..eef48b1 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -4,54 +4,41 @@ ... }: let - feature = "paperless"; port = "5013"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - paperless = { - enable = true; - dataDir = "/srv/paperless"; - database.createLocally = true; - passwordFile = config.age.secrets.paperless.path; - port = lib.toInt port; - settings = { - PAPERLESS_URL = "https://paperless.fi33.buzz"; - }; - }; - - # database backup - borgmatic.settings = { - postgresql_databases = [ - { - name = "paperless"; - hostname = "localhost"; - username = "root"; - password = "{credential systemd borgmatic-pg}"; - } - ]; - }; - - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; - }; + services = { + paperless = { + enable = true; + dataDir = "/srv/paperless"; + database.createLocally = true; + passwordFile = config.age.secrets.paperless.path; + port = lib.toInt port; + settings = { + PAPERLESS_URL = "https://paperless.fi33.buzz"; }; }; - age.secrets."paperless" = { - file = ../../../secrets/paperless.age; - owner = "paperless"; + borgmatic.settings = { + postgresql_databases = [ + { + name = "paperless"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; + } + ]; + }; + + nginx.virtualHosts."miniflux.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; }; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + age.secrets."paperless" = { + file = ../../../secrets/paperless.age; + owner = "paperless"; + }; } diff --git a/modules/nixos/features/pipewire.nix b/modules/nixos/features/pipewire.nix index 623dff9..a1264bd 100644 --- a/modules/nixos/features/pipewire.nix +++ b/modules/nixos/features/pipewire.nix @@ -1,19 +1,11 @@ -{ config, lib, ... }: -let - feature = "pipewire"; -in { - config = lib.mkIf config.${feature}.enable { - security.rtkit.enable = true; + security.rtkit.enable = true; - services.pipewire = { - alsa.enable = true; - alsa.support32Bit = true; - enable = true; - jack.enable = true; - pulse.enable = true; - }; + services.pipewire = { + alsa.enable = true; + alsa.support32Bit = true; + enable = true; + jack.enable = true; + pulse.enable = true; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/plasma.nix b/modules/nixos/features/plasma.nix index 0b77958..bed3b90 100644 --- a/modules/nixos/features/plasma.nix +++ b/modules/nixos/features/plasma.nix @@ -1,36 +1,27 @@ { - config, - lib, pkgs, ... }: -let - feature = "plasma"; -in { - config = lib.mkIf config.${feature}.enable { - services = { - desktopManager.plasma6.enable = true; - displayManager.sddm = { - enable = true; - wayland.enable = true; - }; + services = { + desktopManager.plasma6.enable = true; + displayManager.sddm = { + enable = true; + wayland.enable = true; }; - - environment.systemPackages = - with pkgs.kdePackages; - [ - # keep-sorted start - ktorrent - kzones - # keep-sorted end - ] - ++ (with pkgs; [ - # keep-sorted start - haruna - # keep-sorted end - ]); }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + environment.systemPackages = + with pkgs.kdePackages; + [ + # keep-sorted start + ktorrent + kzones + # keep-sorted end + ] + ++ (with pkgs; [ + # keep-sorted start + haruna + # keep-sorted end + ]); } diff --git a/modules/nixos/features/print-and-scan.nix b/modules/nixos/features/print-and-scan.nix index 626edb3..c141962 100644 --- a/modules/nixos/features/print-and-scan.nix +++ b/modules/nixos/features/print-and-scan.nix @@ -1,30 +1,21 @@ { - config, - lib, pkgs, ... }: -let - feature = "print-and-scan"; -in { - config = lib.mkIf config.${feature}.enable { - hardware.sane = { + hardware.sane = { + enable = true; + extraBackends = [ pkgs.hplip ]; + }; + services = { + avahi = { enable = true; - extraBackends = [ pkgs.hplip ]; + nssmdns4 = true; + openFirewall = true; }; - services = { - avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - printing = { - enable = true; - drivers = [ pkgs.hplip ]; - }; + printing = { + enable = true; + drivers = [ pkgs.hplip ]; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/protonmail-bridge.nix b/modules/nixos/features/protonmail-bridge.nix index 2db8958..23bad84 100644 --- a/modules/nixos/features/protonmail-bridge.nix +++ b/modules/nixos/features/protonmail-bridge.nix @@ -1,17 +1,3 @@ { - config, - lib, - ... -}: -let - feature = "protonmail-bridge"; -in -{ - config = lib.mkIf config.${feature}.enable { - services.protonmail-bridge.enable = true; - }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + services.protonmail-bridge.enable = true; } diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 004525f..2e439b5 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -1,35 +1,27 @@ { - config, lib, ... }: let - feature = "prowlarr"; port = "5009"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - prowlarr = { - enable = true; - dataDir = "/srv/prowlarr"; - settings.server.port = lib.toInt port; - }; + services = { + prowlarr = { + enable = true; + dataDir = "/srv/prowlarr"; + settings.server.port = lib.toInt port; + }; - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; + nginx = { + virtualHosts."prowlarr.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://localhost:${port}"; + # proxyWebsockets = true; }; }; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/qbittorrent.nix b/modules/nixos/features/qbittorrent.nix index 1400ac2..b67b01e 100644 --- a/modules/nixos/features/qbittorrent.nix +++ b/modules/nixos/features/qbittorrent.nix @@ -1,37 +1,28 @@ -{ config, lib, ... }: +{ + lib, + ... +}: let - feature = "qbittorrent"; port = "5005"; in { - config = lib.mkIf config.${feature}.enable { - users.users.qbittorrent.extraGroups = [ "media" ]; + services = { + qbittorrent = { + enable = true; + webuiPort = lib.toInt port; + profileDir = "/srv"; + group = "media"; + extraArgs = [ + "--confirm-legal-notice" + ]; + }; - services = { - # service - qbittorrent = { - enable = true; - webuiPort = lib.toInt port; - profileDir = "/srv"; - group = "media"; - extraArgs = [ - "--confirm-legal-notice" - ]; - }; - - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; - }; - }; + nginx.virtualHosts."qbittorrent.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; }; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + users.users.qbittorrent.extraGroups = [ "media" ]; } diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index 104145c..51aeef1 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -1,37 +1,23 @@ { - config, lib, ... }: let - feature = "radarr"; port = "5007"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - radarr = { - enable = true; - dataDir = "/srv/radarr"; - settings.server.port = lib.toInt port; - group = "media"; + services = { + radarr = { + enable = true; + dataDir = "/srv/radarr"; + settings.server.port = lib.toInt port; + group = "media"; + }; - }; - - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; - }; - }; + nginx.virtualHosts."radarr.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 0777fe1..95ac80e 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -1,37 +1,23 @@ { - config, lib, ... }: let - feature = "sonarr"; port = "5006"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - sonarr = { - enable = true; - dataDir = "/srv/sonarr"; - settings.server.port = lib.toInt port; - group = "media"; + services = { + sonarr = { + enable = true; + dataDir = "/srv/sonarr"; + settings.server.port = lib.toInt port; + group = "media"; + }; - }; - - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; - }; - }; + nginx.virtualHosts."sonarr.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index cd66ad3..47e804c 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -1,15 +1,10 @@ { - config, - lib, - pkgs, userName, hostName, ... }: let - feature = "syncthing"; port = "5008"; - devicesList = [ # keep-sorted start block=yes { @@ -30,7 +25,6 @@ let } # keep-sorted end ]; - devices = builtins.listToAttrs ( map ( { device, id }: @@ -48,45 +42,34 @@ let ); in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - syncthing = { - enable = true; - guiAddress = "0.0.0.0:${port}"; - openDefaultPorts = true; - user = "${userName}"; - dataDir = "/home/${userName}"; - overrideDevices = true; - settings = { - inherit devices; - }; - }; - - borgmatic.settings = - if userName == "srv" then - { - source_directories = [ - "/home/srv/.config/syncthing" - "/home/srv/Sync" - ]; - } - else - null; - - # reverse proxy - nginx = { - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; - }; + services = { + syncthing = { + enable = true; + guiAddress = "0.0.0.0:${port}"; + openDefaultPorts = true; + user = "${userName}"; + dataDir = "/home/${userName}"; + overrideDevices = true; + settings = { + inherit devices; }; }; - }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + borgmatic.settings = + if userName == "srv" then + { + source_directories = [ + "/home/srv/.config/syncthing" + "/home/srv/Sync" + ]; + } + else + null; + + nginx.virtualHosts."syncthing.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; + }; } diff --git a/modules/nixos/features/systemd-boot.nix b/modules/nixos/features/systemd-boot.nix index 64fa9f0..fca6970 100644 --- a/modules/nixos/features/systemd-boot.nix +++ b/modules/nixos/features/systemd-boot.nix @@ -1,14 +1,6 @@ -{ config, lib, ... }: -let - feature = "systemd-boot"; -in { - config = lib.mkIf config.${feature}.enable { - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index ad8b1b8..c9f1333 100644 --- a/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -1,22 +1,10 @@ { - config, - lib, - ... -}: -let - feature = "tailscale"; -in -{ - config = lib.mkIf config.${feature}.enable { - services.tailscale = { - enable = true; - extraSetFlags = [ - "--accept-dns=true" - ]; - }; - - networking.firewall.trustedInterfaces = [ "tailscale0" ]; + services.tailscale = { + enable = true; + extraSetFlags = [ + "--accept-dns=true" + ]; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + networking.firewall.trustedInterfaces = [ "tailscale0" ]; } diff --git a/modules/nixos/features/tlp.nix b/modules/nixos/features/tlp.nix index 5aa7d1f..4c0bdf1 100644 --- a/modules/nixos/features/tlp.nix +++ b/modules/nixos/features/tlp.nix @@ -1,29 +1,19 @@ -{ config, lib, ... }: -let - feature = "tlp"; -in { - config = lib.mkIf config.${feature}.enable { - # Disable if devices take long to unsuspend (keyboard, mouse, etc) - powerManagement.powertop.enable = true; - services = { - power-profiles-daemon.enable = false; - tlp = { - enable = true; - settings = { - # keep-sorted start - CPU_BOOST_ON_AC = 1; - CPU_BOOST_ON_BAT = 0; - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - STOP_CHARGE_THRESH_BAT0 = 95; - # keep-sorted end - }; + # Disable if devices take long to unsuspend (keyboard, mouse, etc) + powerManagement.powertop.enable = true; + services = { + power-profiles-daemon.enable = false; + tlp = { + enable = true; + settings = { + # keep-sorted start + CPU_BOOST_ON_AC = 1; + CPU_BOOST_ON_BAT = 0; + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + STOP_CHARGE_THRESH_BAT0 = 95; + # keep-sorted end }; }; }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index 8991a90..c4e069d 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -1,33 +1,28 @@ { config, - lib, ... }: let - feature = "vaultwarden"; port = "5001"; in { - config = lib.mkIf config.${feature}.enable { - services = { - vaultwarden = { - enable = true; - backupDir = "/srv/vaultwarden"; - config = { - rocketPort = "${port}"; - domain = "https://vaultwarden.fi33.buzz"; - signupsAllowed = false; - invitationsAllowed = false; - showPasswordHint = false; - useSyslog = true; - extendedLogging = true; - adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}"; - }; + services = { + vaultwarden = { + enable = true; + backupDir = "/srv/vaultwarden"; + config = { + rocketPort = "${port}"; + domain = "https://vaultwarden.fi33.buzz"; + signupsAllowed = false; + invitationsAllowed = false; + showPasswordHint = false; + useSyslog = true; + extendedLogging = true; + adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}"; }; }; - # reverse proxy - services.nginx.virtualHosts."${feature}.fi33.buzz" = { + nginx.virtualHosts."vaultwarden.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; locations."/" = { @@ -35,13 +30,10 @@ in proxyWebsockets = true; }; }; - - # secrets - age.secrets."vaultwarden-admin" = { - file = ../../../secrets/vaultwarden-admin.age; - owner = "vaultwarden"; - }; }; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; + age.secrets."vaultwarden-admin" = { + file = ../../../secrets/vaultwarden-admin.age; + owner = "vaultwarden"; + }; } diff --git a/modules/templates/bundle.nix b/modules/templates/bundle.nix new file mode 100644 index 0000000..dffb226 --- /dev/null +++ b/modules/templates/bundle.nix @@ -0,0 +1,9 @@ +{ + util, + ... +}: +{ + imports = util.toImports ./features [ + + ]; +} diff --git a/modules/templates/feature.nix b/modules/templates/feature.nix index eaec9f6..0d7a220 100644 --- a/modules/templates/feature.nix +++ b/modules/templates/feature.nix @@ -1,17 +1,6 @@ { - config, - lib, ... }: -let - feature = "replace"; -in { - config = lib.mkIf config.${feature}.enable { - }; - - imports = [ ]; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 77245e2..98eba78 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -1,34 +1,18 @@ -{ - config, - lib, - ... -}: let - feature = "replace"; port = "port"; in { - config = lib.mkIf config.${feature}.enable { - services = { - # service - replace = { - enable = true; - }; + services = { + feature = { + enable = true; + }; - # backup - borgbackup.jobs = feature { }; + borgbackup.jobs = feature { }; - # reverse proxy - nginx.virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; - }; + nginx.virtualHosts."feature.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; }; }; - - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/util.nix b/util.nix new file mode 100644 index 0000000..6606c1e --- /dev/null +++ b/util.nix @@ -0,0 +1,3 @@ +{ + toImports = basedir: modules: map (module: basedir + "/${module}.nix") modules; +} From c0fe082af4d8a0c4312e9d486057eab16255d7dc Mon Sep 17 00:00:00 2001 From: Will <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 01:26:26 +1100 Subject: [PATCH 003/126] Add workflow for updating Nix dependencies --- .github/workflows/main.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..a3d9f58 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,24 @@ +name: "Flake.lock: update Nix dependencies" + +on: + workflow_dispatch: # allows manual triggering + schedule: + - cron: '0 16 * * *' # runs weekly on Sunday at 00:00 + +jobs: + nix-flake-update: + permissions: + contents: write + id-token: write + issues: write + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/determinate-nix-action@v3 + - uses: DeterminateSystems/update-flake-lock@main + with: + pr-title: "Update Nix flake inputs" + pr-labels: | + dependencies + automated From 5e9fa6e6baa0d4caae96e30f56d98b9a8d347bdd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 21 Oct 2025 14:27:23 +0000 Subject: [PATCH 004/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/9edb1787864c4f59ae5074ad498b6272b3ec308d?narHash=sha256-NA/FT2hVhKDftbHSwVnoRTFhes62%2B7dxZbxj5Gxvghs%3D' (2025-08-05) → 'github:ryantm/agenix/2f0f812f69f3eb4140157fe15e12739adf82e32a?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-10-19) • Updated input 'copyparty': 'github:9001/copyparty/1923a258797285ac75487d3d53665063a5bd67df?narHash=sha256-A1xuSrELZIZhoKejIME0yemc9KlxZp/tKNxrF4LHrcw%3D' (2025-09-21) → 'github:9001/copyparty/547a7ab1cc7777f3452f441628339850511c8563?narHash=sha256-omBsQXwVWw%2BQmXo9T4Nazv2xcMEQ9VjB/61tnV3xKQQ%3D' (2025-10-19) • Updated input 'home-manager': 'github:nix-community/home-manager/939e91e1cff1f99736c5b02529658218ed819a2a?narHash=sha256-i56XRXqjwJRdVYmpzVUQ0ktqBBHqNzQHQMQvFRF/acQ%3D' (2025-09-21) → 'github:nix-community/home-manager/84e1adb0cdd13f5f29886091c7234365e12b1e7f?narHash=sha256-r6qbieh8iC1q1eCaWv15f4UIp8SeGffwswhNSA1Qk3s%3D' (2025-10-21) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/8eaee110344796db060382e15d3af0a9fc396e0e?narHash=sha256-iCGWf/LTy%2BaY0zFu8q12lK8KuZp7yvdhStehhyX1v8w%3D' (2025-09-19) → 'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) • Updated input 'nixvim': 'github:nix-community/nixvim/92ba37a3e8c25d470f9affe8d5f36f2cfb21e5dd?narHash=sha256-r2VA33WYfxDJyWmJeo0TmPPrk9yGS9WWb/kld0e7X%2BI%3D' (2025-09-21) → 'github:nix-community/nixvim/e3b77e803b2350b72f4d72c8f175ab0fbfe5a642?narHash=sha256-UP1v%2BsEkHuvD2%2BqyhxbkQpBR%2Bdl9U0ljml3/dMI2jeU%3D' (2025-10-20) • Updated input 'nixvim/flake-parts': 'github:hercules-ci/flake-parts/4524271976b625a4a605beefd893f270620fd751?narHash=sha256-%2BuWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw%3D' (2025-09-01) → 'github:hercules-ci/flake-parts/758cf7296bee11f1706a574c77d072b8a7baa881?narHash=sha256-wfG0S7pltlYyZTM%2BqqlhJ7GMw2fTF4mLKCIVhLii/4M%3D' (2025-10-01) • Updated input 'nixvim/nuschtosSearch': 'github:NuschtOS/search/aa975a3757f28ce862812466c5848787b868e116?narHash=sha256-1u3xTH%2B3kaHhztPmWtLAD8LF5pTYLR2CpsPFWTFnVtQ%3D' (2025-09-19) → 'github:NuschtOS/search/7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4?narHash=sha256-igrxT%2B/MnmcftPOHEb%2BXDwAMq3Xg1Xy7kVYQaHhPlAg%3D' (2025-09-23) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/480746c469a2e14551c73940bd096aa9a9cc7cbd?narHash=sha256-g3%2B737nvjYu3WrxLOiW6Wwtu4Ncdsy1KW9AGSTfzGOM%3D' (2025-10-01) → 'github:0xc000022070/zen-browser-flake/637cb6167da4dbf8ef7f5a50e69933c4f9796095?narHash=sha256-XdDpTJHjFqZJ3ss6xzTWYyi3PEObX2fs%2BkW0Wg/rNDk%3D' (2025-10-21) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index ca5d548..9a05571 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1758493304, - "narHash": "sha256-A1xuSrELZIZhoKejIME0yemc9KlxZp/tKNxrF4LHrcw=", + "lastModified": 1760897985, + "narHash": "sha256-omBsQXwVWw+QmXo9T4Nazv2xcMEQ9VjB/61tnV3xKQQ=", "owner": "9001", "repo": "copyparty", - "rev": "1923a258797285ac75487d3d53665063a5bd67df", + "rev": "547a7ab1cc7777f3452f441628339850511c8563", "type": "github" }, "original": { @@ -72,11 +72,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1759362264, + "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "type": "github" }, "original": { @@ -146,11 +146,11 @@ ] }, "locked": { - "lastModified": 1758464306, - "narHash": "sha256-i56XRXqjwJRdVYmpzVUQ0ktqBBHqNzQHQMQvFRF/acQ=", + "lastModified": 1761005073, + "narHash": "sha256-r6qbieh8iC1q1eCaWv15f4UIp8SeGffwswhNSA1Qk3s=", "owner": "nix-community", "repo": "home-manager", - "rev": "939e91e1cff1f99736c5b02529658218ed819a2a", + "rev": "84e1adb0cdd13f5f29886091c7234365e12b1e7f", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1758277210, - "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -249,11 +249,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1758459270, - "narHash": "sha256-r2VA33WYfxDJyWmJeo0TmPPrk9yGS9WWb/kld0e7X+I=", + "lastModified": 1760960598, + "narHash": "sha256-UP1v+sEkHuvD2+qyhxbkQpBR+dl9U0ljml3/dMI2jeU=", "owner": "nix-community", "repo": "nixvim", - "rev": "92ba37a3e8c25d470f9affe8d5f36f2cfb21e5dd", + "rev": "e3b77e803b2350b72f4d72c8f175ab0fbfe5a642", "type": "github" }, "original": { @@ -272,11 +272,11 @@ ] }, "locked": { - "lastModified": 1758272005, - "narHash": "sha256-1u3xTH+3kaHhztPmWtLAD8LF5pTYLR2CpsPFWTFnVtQ=", + "lastModified": 1758662783, + "narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=", "owner": "NuschtOS", "repo": "search", - "rev": "aa975a3757f28ce862812466c5848787b868e116", + "rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4", "type": "github" }, "original": { @@ -348,11 +348,11 @@ ] }, "locked": { - "lastModified": 1759353433, - "narHash": "sha256-g3+737nvjYu3WrxLOiW6Wwtu4Ncdsy1KW9AGSTfzGOM=", + "lastModified": 1761020606, + "narHash": "sha256-XdDpTJHjFqZJ3ss6xzTWYyi3PEObX2fs+kW0Wg/rNDk=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "480746c469a2e14551c73940bd096aa9a9cc7cbd", + "rev": "637cb6167da4dbf8ef7f5a50e69933c4f9796095", "type": "github" }, "original": { From 8f4041dd684db2a2ac5fe1c730ee898520621c4c Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 01:33:02 +1100 Subject: [PATCH 005/126] build: 'amdvlk' has been removed since it was deprecated by AMD. Its replacement, RADV, is enabled by default. --- modules/nixos/features/amd-gpu.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/nixos/features/amd-gpu.nix b/modules/nixos/features/amd-gpu.nix index bb75e5a..e971e21 100644 --- a/modules/nixos/features/amd-gpu.nix +++ b/modules/nixos/features/amd-gpu.nix @@ -1,7 +1,3 @@ -{ - pkgs, - ... -}: { # load graphics drivers before anything else boot.initrd.kernelModules = [ "amdgpu" ]; @@ -9,7 +5,6 @@ hardware.graphics = { enable = true; enable32Bit = true; - extraPackages = with pkgs; [ amdvlk ]; }; services.xserver.videoDrivers = [ "amdgpu" ]; From 79144c44e5fc79f3cb334c0dd2dbfbeac576c541 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 01:54:38 +1100 Subject: [PATCH 006/126] build: delta has been moved from programs.git.delta to programs.delta --- modules/home-manager/default.nix | 1 + modules/home-manager/features/delta.nix | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 modules/home-manager/features/delta.nix diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 38bf1f1..7c8e20d 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -7,6 +7,7 @@ # keep-sorted start "agenix" "bat" + "delta" "direnv" "eza" "fish" diff --git a/modules/home-manager/features/delta.nix b/modules/home-manager/features/delta.nix new file mode 100644 index 0000000..06dd631 --- /dev/null +++ b/modules/home-manager/features/delta.nix @@ -0,0 +1,6 @@ +{ + programs.delta = { + enable = true; + options.theme = "Dracula"; + }; +} From 4dc85c014eb571547d8ea4b4626131d897d6d9e5 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 01:54:53 +1100 Subject: [PATCH 007/126] build: aerc stylesheets are strings now --- modules/home-manager/features/aerc.nix | 60 +++++++++++++------------- 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/modules/home-manager/features/aerc.nix b/modules/home-manager/features/aerc.nix index e7a783d..0bb36a5 100644 --- a/modules/home-manager/features/aerc.nix +++ b/modules/home-manager/features/aerc.nix @@ -18,36 +18,34 @@ sort = "-r date"; }; }; - stylesets = { - catppuccin-mocha = { - "*.default" = true; - "*.normal" = true; - "default.fg" = "#cdd6f4"; - "error.fg" = "#f38ba8"; - "warning.fg" = "#fab387"; - "success.fg" = "#a6e3a1"; - "tab.fg" = "#6c7086"; - "tab.bg" = "#181825"; - "tab.selected.fg" = "#cdd6f4"; - "tab.selected.bg" = "#1e1e2e"; - "tab.selected.bold" = true; - "border.fg" = "#11111b"; - "border.bold" = true; - "msglist_unread.bold" = true; - "msglist_flagged.fg" = "#f9e2af"; - "msglist_flagged.bold" = true; - "msglist_result.fg" = "#89b4fa"; - "msglist_result.bold" = true; - "msglist_*.selected.bold" = true; - "msglist_*.selected.bg" = "#313244"; - "dirlist_*.selected.bold" = true; - "dirlist_*.selected.bg" = "#313244"; - "statusline_default.fg" = "#9399b2"; - "statusline_default.bg" = "#313244"; - "statusline_error.bold" = true; - "statusline_success.bold" = true; - "completion_default.selected.bg" = "#313244"; - }; - }; + stylesets.catppuccin-mocha = '' + "*.default" = true; + "*.normal" = true; + "default.fg" = "#cdd6f4"; + "error.fg" = "#f38ba8"; + "warning.fg" = "#fab387"; + "success.fg" = "#a6e3a1"; + "tab.fg" = "#6c7086"; + "tab.bg" = "#181825"; + "tab.selected.fg" = "#cdd6f4"; + "tab.selected.bg" = "#1e1e2e"; + "tab.selected.bold" = true; + "border.fg" = "#11111b"; + "border.bold" = true; + "msglist_unread.bold" = true; + "msglist_flagged.fg" = "#f9e2af"; + "msglist_flagged.bold" = true; + "msglist_result.fg" = "#89b4fa"; + "msglist_result.bold" = true; + "msglist_*.selected.bold" = true; + "msglist_*.selected.bg" = "#313244"; + "dirlist_*.selected.bold" = true; + "dirlist_*.selected.bg" = "#313244"; + "statusline_default.fg" = "#9399b2"; + "statusline_default.bg" = "#313244"; + "statusline_error.bold" = true; + "statusline_success.bold" = true; + "completion_default.selected.bg" = "#313244"; + ''; }; } From ae6af79439d4043a82639bb48664da72966604ad Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 01:55:04 +1100 Subject: [PATCH 008/126] build: git settings have been tidied up --- modules/home-manager/features/git.nix | 59 ++++++++++++--------------- 1 file changed, 25 insertions(+), 34 deletions(-) diff --git a/modules/home-manager/features/git.nix b/modules/home-manager/features/git.nix index ea1f4eb..2ee75a1 100644 --- a/modules/home-manager/features/git.nix +++ b/modules/home-manager/features/git.nix @@ -1,44 +1,35 @@ { programs.git = { enable = true; - - delta = { - enable = true; - options.theme = "Dracula"; - }; - - userName = "wi11-holdsworth"; - userEmail = "83637728+wi11-holdsworth@users.noreply.github.com"; - - aliases = { - # keep-sorted start - a = "add"; - aa = "add ."; - ap = "add -p"; - c = "commit --verbose"; - ca = "commit -a --verbose"; - cam = "commit -a -m"; - cm = "commit -m"; - co = "checkout"; - cob = "checkout -b"; - d = "diff"; - dc = "diff --cached"; - ds = "diff --stat"; - m = "commit --amend --verbose"; - pl = "pull"; - ps = "push"; - s = "status -s"; - # keep-sorted end - }; - - extraConfig = { + settings = { init.defaultBranch = "main"; - core.editor = "nvim"; - push.autoSetupRemote = true; - pull.rebase = false; + user = { + name = "wi11-holdsworth"; + email = "83637728+wi11-holdsworth@users.noreply.github.com"; + }; + aliases = { + # keep-sorted start + a = "add"; + aa = "add ."; + ap = "add -p"; + c = "commit --verbose"; + ca = "commit -a --verbose"; + cam = "commit -a -m"; + cm = "commit -m"; + co = "checkout"; + cob = "checkout -b"; + d = "diff"; + dc = "diff --cached"; + ds = "diff --stat"; + m = "commit --amend --verbose"; + pl = "pull"; + ps = "push"; + s = "status -s"; + # keep-sorted end + }; }; }; } From 80bda6662ec5723396e82ecb5a635c216a7cd969 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 01:54:53 +1100 Subject: [PATCH 009/126] build: aerc stylesheets are strings now --- modules/home-manager/features/aerc.nix | 60 +++++++++++++------------- 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/modules/home-manager/features/aerc.nix b/modules/home-manager/features/aerc.nix index e7a783d..5991ed5 100644 --- a/modules/home-manager/features/aerc.nix +++ b/modules/home-manager/features/aerc.nix @@ -18,36 +18,34 @@ sort = "-r date"; }; }; - stylesets = { - catppuccin-mocha = { - "*.default" = true; - "*.normal" = true; - "default.fg" = "#cdd6f4"; - "error.fg" = "#f38ba8"; - "warning.fg" = "#fab387"; - "success.fg" = "#a6e3a1"; - "tab.fg" = "#6c7086"; - "tab.bg" = "#181825"; - "tab.selected.fg" = "#cdd6f4"; - "tab.selected.bg" = "#1e1e2e"; - "tab.selected.bold" = true; - "border.fg" = "#11111b"; - "border.bold" = true; - "msglist_unread.bold" = true; - "msglist_flagged.fg" = "#f9e2af"; - "msglist_flagged.bold" = true; - "msglist_result.fg" = "#89b4fa"; - "msglist_result.bold" = true; - "msglist_*.selected.bold" = true; - "msglist_*.selected.bg" = "#313244"; - "dirlist_*.selected.bold" = true; - "dirlist_*.selected.bg" = "#313244"; - "statusline_default.fg" = "#9399b2"; - "statusline_default.bg" = "#313244"; - "statusline_error.bold" = true; - "statusline_success.bold" = true; - "completion_default.selected.bg" = "#313244"; - }; - }; + stylesets.catppuccin-mocha = '' + "*.default" = true + "*.normal" = true + "default.fg" = "#cdd6f4" + "error.fg" = "#f38ba8" + "warning.fg" = "#fab387" + "success.fg" = "#a6e3a1" + "tab.fg" = "#6c7086" + "tab.bg" = "#181825" + "tab.selected.fg" = "#cdd6f4" + "tab.selected.bg" = "#1e1e2e" + "tab.selected.bold" = true + "border.fg" = "#11111b" + "border.bold" = true + "msglist_unread.bold" = true + "msglist_flagged.fg" = "#f9e2af" + "msglist_flagged.bold" = true + "msglist_result.fg" = "#89b4fa" + "msglist_result.bold" = true + "msglist_*.selected.bold" = true + "msglist_*.selected.bg" = "#313244" + "dirlist_*.selected.bold" = true + "dirlist_*.selected.bg" = "#313244" + "statusline_default.fg" = "#9399b2" + "statusline_default.bg" = "#313244" + "statusline_error.bold" = true + "statusline_success.bold" = true + "completion_default.selected.bg" = "#313244" + ''; }; } From 2d9b057c3a3c57953e02fe517276dbfdcfae7ec5 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 01:55:04 +1100 Subject: [PATCH 010/126] build: git settings have been tidied up --- modules/home-manager/features/git.nix | 59 ++++++++++++--------------- 1 file changed, 25 insertions(+), 34 deletions(-) diff --git a/modules/home-manager/features/git.nix b/modules/home-manager/features/git.nix index ea1f4eb..2ee75a1 100644 --- a/modules/home-manager/features/git.nix +++ b/modules/home-manager/features/git.nix @@ -1,44 +1,35 @@ { programs.git = { enable = true; - - delta = { - enable = true; - options.theme = "Dracula"; - }; - - userName = "wi11-holdsworth"; - userEmail = "83637728+wi11-holdsworth@users.noreply.github.com"; - - aliases = { - # keep-sorted start - a = "add"; - aa = "add ."; - ap = "add -p"; - c = "commit --verbose"; - ca = "commit -a --verbose"; - cam = "commit -a -m"; - cm = "commit -m"; - co = "checkout"; - cob = "checkout -b"; - d = "diff"; - dc = "diff --cached"; - ds = "diff --stat"; - m = "commit --amend --verbose"; - pl = "pull"; - ps = "push"; - s = "status -s"; - # keep-sorted end - }; - - extraConfig = { + settings = { init.defaultBranch = "main"; - core.editor = "nvim"; - push.autoSetupRemote = true; - pull.rebase = false; + user = { + name = "wi11-holdsworth"; + email = "83637728+wi11-holdsworth@users.noreply.github.com"; + }; + aliases = { + # keep-sorted start + a = "add"; + aa = "add ."; + ap = "add -p"; + c = "commit --verbose"; + ca = "commit -a --verbose"; + cam = "commit -a -m"; + cm = "commit -m"; + co = "checkout"; + cob = "checkout -b"; + d = "diff"; + dc = "diff --cached"; + ds = "diff --stat"; + m = "commit --amend --verbose"; + pl = "pull"; + ps = "push"; + s = "status -s"; + # keep-sorted end + }; }; }; } From 96e1951ecfa10bf0cea1ca79fa6202a1d0179d89 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 17:24:23 +1100 Subject: [PATCH 011/126] feat: enable firewall on all systems --- modules/nixos/features/network.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/features/network.nix b/modules/nixos/features/network.nix index 5ea2774..ce2b3a9 100644 --- a/modules/nixos/features/network.nix +++ b/modules/nixos/features/network.nix @@ -6,5 +6,6 @@ networking = { hostName = "${hostName}"; networkmanager.enable = true; + firewall.enable = true; }; } From a62a9b6990de1d19c8793324d75a3dd3c20efa2a Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 17:24:39 +1100 Subject: [PATCH 012/126] feat: confine sudo access to users with the wheel group only --- modules/nixos/features/sudo.nix | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 modules/nixos/features/sudo.nix diff --git a/modules/nixos/features/sudo.nix b/modules/nixos/features/sudo.nix new file mode 100644 index 0000000..78f1db5 --- /dev/null +++ b/modules/nixos/features/sudo.nix @@ -0,0 +1,6 @@ +{ + ... +}: +{ + security.sudo.execWheelOnly = true; +} From 6a9ee249d95e1cd5526ba14cfb36176758a5bed2 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 17:12:38 +1100 Subject: [PATCH 013/126] feat: move lazygit to home manager module --- modules/home-manager/default.nix | 1 + modules/home-manager/features/lazygit.nix | 14 ++++++++++++++ modules/nixos/default.nix | 1 - 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager/features/lazygit.nix diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 7c8e20d..119520d 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -13,6 +13,7 @@ "fish" "gh" "git" + "lazygit" "starship" "yazi" "zoxide" diff --git a/modules/home-manager/features/lazygit.nix b/modules/home-manager/features/lazygit.nix new file mode 100644 index 0000000..e4938bf --- /dev/null +++ b/modules/home-manager/features/lazygit.nix @@ -0,0 +1,14 @@ +{ + ... +}: +{ + programs.lazygit = { + enable = true; + settings = { + log = { + localBranchSortOrder = "recency"; + remoteBranchSortOrder = "recency"; + }; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index b1c31ad..804f01d 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -46,7 +46,6 @@ hexyl # hexadecimal viewer hyperfine # benchmarking tool keep-sorted # alphabetical formatter - lazygit # git tui mprocs # run long running commands and monitor output navi # cheatsheet browser nb # note taking From f2568c2a78ba1d83697bee149d704e1e50a5de22 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 17:06:21 +1100 Subject: [PATCH 014/126] fix: aerc D bind now moves email to trash folder and not just all mail --- modules/home-manager/features/aerc.nix | 130 +++++++++++++++++++++++++ 1 file changed, 130 insertions(+) diff --git a/modules/home-manager/features/aerc.nix b/modules/home-manager/features/aerc.nix index 5991ed5..7debd0a 100644 --- a/modules/home-manager/features/aerc.nix +++ b/modules/home-manager/features/aerc.nix @@ -18,6 +18,136 @@ sort = "-r date"; }; }; + extraBinds = { + global = { + # keep-sorted start + "" = ":next-tab "; + "" = ":prev-tab"; + "" = ":term"; + "?" = ":help keys"; + # keep-sorted end + }; + messages = { + # keep-sorted start + "!" = ":term"; + "$" = ":term"; + "/" = ":search-a"; + "" = ":prev 100%"; + "" = ":next 50%"; + "" = ":next 100%"; + "" = ":prev 50%"; + "" = ":next"; + "" = ":view"; + "" = ":clear"; + "" = ":next 100%"; + "" = ":prev 100%"; + "" = ":prev"; + "\\" = ":filter "; + "|" = ":pipe"; + A = ":archive flat"; + C = ":compose"; + D = ":move Trash"; + G = ":select -1"; + H = ":collapse-folder"; + J = ":next-folder "; + K = ":prev-folder"; + L = ":expand-folder"; + N = ":prev-result"; + R = ":read"; + Rq = ":reply -q"; + Rr = ":reply"; + T = ":toggle-threads"; + U = ":unread"; + V = ":mark -v"; + c = ":cf"; + d = ":prompt 'Really delete this message?' 'delete-message'"; + g = ":select 0 "; + j = ":next "; + k = ":prev "; + n = ":next-result"; + q = ":quit"; + rq = ":reply -aq"; + rr = ":reply -a"; + v = ":mark -t"; + # keep-sorted end + }; + "messages:folder=Drafts" = { + "" = ":recall"; + }; + view = { + # keep-sorted start + "/" = ":toggle-key-passthrough /"; + "" = ":next-part"; + "" = ":prev-part"; + "" = ":open-link "; + "|" = ":pipe"; + A = ":archive flat"; + D = ":move Trash"; + H = ":toggle-headers"; + J = ":next "; + K = ":prev"; + O = ":open"; + R = ":read"; + Rq = ":reply -q"; + Rr = ":reply"; + S = ":save"; + U = ":unread"; + f = ":forward "; + q = ":close"; + rq = ":reply -aq"; + rr = ":reply -a"; + # keep-sorted end + }; + "view::passthrough" = { + # keep-sorted start + "$ex" = ""; + "$noinherit" = "true"; + "" = ":toggle-key-passthrough"; + # keep-sorted end + }; + compose = { + # keep-sorted start + "$ex" = ""; + "$noinherit" = "true"; + "" = ":switch-account -n"; + "" = ":switch-account -p"; + "" = ":next-field"; + "" = ":prev-field"; + "" = ":next-tab"; + "" = ":prev-tab"; + "" = ":next-field"; + # keep-sorted end + }; + "compose::editor" = { + # keep-sorted start + "$ex" = ""; + "$noinherit" = "true"; + "" = ":next-field"; + "" = ":prev-field"; + "" = ":next-tab"; + "" = ":prev-tab"; + # keep-sorted end + }; + "compose::review" = { + # keep-sorted start + a = ":attach"; + d = ":detach"; + e = ":edit"; + n = ":abort"; + p = ":postpone"; + q = ":choose -o d discard abort -o p postpone postpone"; + y = ":send "; + # keep-sorted end + }; + terminal = { + # keep-sorted start + "$ex" = ""; + "$noinherit" = "true"; + "" = ":next-tab"; + "" = ":prev-tab"; + # keep-sorted end + }; + }; stylesets.catppuccin-mocha = '' "*.default" = true "*.normal" = true From f4c10a0a0bf3676c564cd436c8283ac8d64d0335 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 17:26:30 +1100 Subject: [PATCH 015/126] refactor: combine nix-settings and nixpkgs modules into one nix module --- modules/nixos/default.nix | 3 +-- modules/nixos/features/{nix-settings.nix => nix.nix} | 7 +++++++ modules/nixos/features/nixpkgs.nix | 3 --- 3 files changed, 8 insertions(+), 5 deletions(-) rename modules/nixos/features/{nix-settings.nix => nix.nix} (80%) delete mode 100644 modules/nixos/features/nixpkgs.nix diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 804f01d..e980470 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -13,8 +13,7 @@ "localisation" "network" "nh" - "nix-settings" - "nixpkgs" + "nix" "nixvim" "syncthing" "systemd-boot" diff --git a/modules/nixos/features/nix-settings.nix b/modules/nixos/features/nix.nix similarity index 80% rename from modules/nixos/features/nix-settings.nix rename to modules/nixos/features/nix.nix index eda2992..498861b 100644 --- a/modules/nixos/features/nix-settings.nix +++ b/modules/nixos/features/nix.nix @@ -1,4 +1,11 @@ { + lib, + ... +}: +{ + # allow packages with non-free licenses + nixpkgs.config.allowUnfree = true; + nix = { gc = { automatic = true; diff --git a/modules/nixos/features/nixpkgs.nix b/modules/nixos/features/nixpkgs.nix deleted file mode 100644 index e95ec3c..0000000 --- a/modules/nixos/features/nixpkgs.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - nixpkgs.config.allowUnfree = true; -} From ef927bcfda3984a89abcbc46af81b82a8a75c3aa Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 17:28:30 +1100 Subject: [PATCH 016/126] feat: restrict nix package manager to wheel group --- modules/nixos/features/nix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/features/nix.nix b/modules/nixos/features/nix.nix index 498861b..ab6eca1 100644 --- a/modules/nixos/features/nix.nix +++ b/modules/nixos/features/nix.nix @@ -18,6 +18,7 @@ persistent = true; }; settings = { + allowed-users = [ "@wheel" ]; experimental-features = [ "nix-command" "flakes" From 2652248bc3fc13741bb2d655c228a86b6bcf5a2b Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 17:27:36 +1100 Subject: [PATCH 017/126] feat: rip out default packages --- modules/nixos/features/nix.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/nixos/features/nix.nix b/modules/nixos/features/nix.nix index ab6eca1..a73a504 100644 --- a/modules/nixos/features/nix.nix +++ b/modules/nixos/features/nix.nix @@ -3,6 +3,9 @@ ... }: { + # rip out default packages + environment.defaultPackages = lib.mkForce [ ]; + # allow packages with non-free licenses nixpkgs.config.allowUnfree = true; From 77225f2fa1f4f20ba41e0ad61a34864dc9ec8e60 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 17:28:44 +1100 Subject: [PATCH 018/126] feat: harden sshd on server --- hosts/server/configuration.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 0311fe3..8854a0d 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -25,7 +25,19 @@ networking.hostName = "${hostName}"; - services.openssh.enable = true; + # hardened openssh + services.openssh = { + passwordAuthentication = false; + allowSFTP = false; + challengeResponseAuthentication = false; + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + ''; + }; system.stateVersion = "24.11"; From 9793215fed7f14bf84a61b58d3779edc6fb187e7 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 22 Oct 2025 18:02:12 +1100 Subject: [PATCH 019/126] fix: miniflux host specified wrong --- modules/nixos/features/paperless.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index eef48b1..348b42d 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -30,7 +30,7 @@ in ]; }; - nginx.virtualHosts."miniflux.fi33.buzz" = { + nginx.virtualHosts."paperless.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; locations."/".proxyPass = "http://localhost:${port}"; From d200cc6511b1d5a023f89415d4b1d6c1e26df4ee Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 2 Nov 2025 16:05:35 +0000 Subject: [PATCH 020/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/2f0f812f69f3eb4140157fe15e12739adf82e32a?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-10-19) → 'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28) • Updated input 'copyparty': 'github:9001/copyparty/547a7ab1cc7777f3452f441628339850511c8563?narHash=sha256-omBsQXwVWw%2BQmXo9T4Nazv2xcMEQ9VjB/61tnV3xKQQ%3D' (2025-10-19) → 'github:9001/copyparty/ac085b8149ff50e03d260128596dd130ed1c7cae?narHash=sha256-7Q8LtcvKWHbP8znARRTOY2tpU5WoV6FHwp5TZJOI8Us%3D' (2025-11-02) • Updated input 'home-manager': 'github:nix-community/home-manager/84e1adb0cdd13f5f29886091c7234365e12b1e7f?narHash=sha256-r6qbieh8iC1q1eCaWv15f4UIp8SeGffwswhNSA1Qk3s%3D' (2025-10-21) → 'github:nix-community/home-manager/43e205606aeb253bfcee15fd8a4a01d8ce8384ca?narHash=sha256-hpbPma1eUKwLAmiVRoMgIHbHiIKFkcACobJLbDt6ABw%3D' (2025-11-02) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) → 'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) • Updated input 'nixvim': 'github:nix-community/nixvim/e3b77e803b2350b72f4d72c8f175ab0fbfe5a642?narHash=sha256-UP1v%2BsEkHuvD2%2BqyhxbkQpBR%2Bdl9U0ljml3/dMI2jeU%3D' (2025-10-20) → 'github:nix-community/nixvim/660fba984fe25ded6fa2e32016c05aebf4290273?narHash=sha256-XwLZC%2B5T3gJJWVVAZ9atpRPopyXXlHfF5fvkhTigs0E%3D' (2025-11-02) • Updated input 'nixvim/flake-parts': 'github:hercules-ci/flake-parts/758cf7296bee11f1706a574c77d072b8a7baa881?narHash=sha256-wfG0S7pltlYyZTM%2BqqlhJ7GMw2fTF4mLKCIVhLii/4M%3D' (2025-10-01) → 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20) • Updated input 'nixvim/nuschtosSearch': 'github:NuschtOS/search/7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4?narHash=sha256-igrxT%2B/MnmcftPOHEb%2BXDwAMq3Xg1Xy7kVYQaHhPlAg%3D' (2025-09-23) → 'github:NuschtOS/search/e29de6db0cb3182e9aee75a3b1fd1919d995d85b?narHash=sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY%3D' (2025-10-29) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/637cb6167da4dbf8ef7f5a50e69933c4f9796095?narHash=sha256-XdDpTJHjFqZJ3ss6xzTWYyi3PEObX2fs%2BkW0Wg/rNDk%3D' (2025-10-21) → 'github:0xc000022070/zen-browser-flake/68b3775543b442b06a76e498fd342b16a8619757?narHash=sha256-Q7o8NTYIbGMmMrgrx9PTmmaj/GM/DWJjM6U%2Bdaaiiyk%3D' (2025-11-02) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 9a05571..1dddf21 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1760897985, - "narHash": "sha256-omBsQXwVWw+QmXo9T4Nazv2xcMEQ9VjB/61tnV3xKQQ=", + "lastModified": 1762095388, + "narHash": "sha256-7Q8LtcvKWHbP8znARRTOY2tpU5WoV6FHwp5TZJOI8Us=", "owner": "9001", "repo": "copyparty", - "rev": "547a7ab1cc7777f3452f441628339850511c8563", + "rev": "ac085b8149ff50e03d260128596dd130ed1c7cae", "type": "github" }, "original": { @@ -72,11 +72,11 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -146,11 +146,11 @@ ] }, "locked": { - "lastModified": 1761005073, - "narHash": "sha256-r6qbieh8iC1q1eCaWv15f4UIp8SeGffwswhNSA1Qk3s=", + "lastModified": 1762087455, + "narHash": "sha256-hpbPma1eUKwLAmiVRoMgIHbHiIKFkcACobJLbDt6ABw=", "owner": "nix-community", "repo": "home-manager", - "rev": "84e1adb0cdd13f5f29886091c7234365e12b1e7f", + "rev": "43e205606aeb253bfcee15fd8a4a01d8ce8384ca", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -249,11 +249,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1760960598, - "narHash": "sha256-UP1v+sEkHuvD2+qyhxbkQpBR+dl9U0ljml3/dMI2jeU=", + "lastModified": 1762097356, + "narHash": "sha256-XwLZC+5T3gJJWVVAZ9atpRPopyXXlHfF5fvkhTigs0E=", "owner": "nix-community", "repo": "nixvim", - "rev": "e3b77e803b2350b72f4d72c8f175ab0fbfe5a642", + "rev": "660fba984fe25ded6fa2e32016c05aebf4290273", "type": "github" }, "original": { @@ -272,11 +272,11 @@ ] }, "locked": { - "lastModified": 1758662783, - "narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=", + "lastModified": 1761730856, + "narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=", "owner": "NuschtOS", "repo": "search", - "rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4", + "rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b", "type": "github" }, "original": { @@ -348,11 +348,11 @@ ] }, "locked": { - "lastModified": 1761020606, - "narHash": "sha256-XdDpTJHjFqZJ3ss6xzTWYyi3PEObX2fs+kW0Wg/rNDk=", + "lastModified": 1762067864, + "narHash": "sha256-Q7o8NTYIbGMmMrgrx9PTmmaj/GM/DWJjM6U+daaiiyk=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "637cb6167da4dbf8ef7f5a50e69933c4f9796095", + "rev": "68b3775543b442b06a76e498fd342b16a8619757", "type": "github" }, "original": { From 5f03991133b39d00cc1bd42fce4ddcdf09f2647b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 10 Nov 2025 16:06:34 +0000 Subject: [PATCH 021/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28) → 'github:ryantm/agenix/fcdea223397448d35d9b31f798479227e80183f6?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-11-08) • Updated input 'home-manager': 'github:nix-community/home-manager/43e205606aeb253bfcee15fd8a4a01d8ce8384ca?narHash=sha256-hpbPma1eUKwLAmiVRoMgIHbHiIKFkcACobJLbDt6ABw%3D' (2025-11-02) → 'github:nix-community/home-manager/37a3d97f2873e0f68711117c34d04b7c7ead8f4e?narHash=sha256-t2U/GLLXHa2%2BkJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs%3D' (2025-11-10) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) → 'github:nixos/nixpkgs/b6a8526db03f735b89dd5ff348f53f752e7ddc8e?narHash=sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV%2B3DSADBX7/9YQ%3D' (2025-11-08) • Updated input 'nixvim': 'github:nix-community/nixvim/660fba984fe25ded6fa2e32016c05aebf4290273?narHash=sha256-XwLZC%2B5T3gJJWVVAZ9atpRPopyXXlHfF5fvkhTigs0E%3D' (2025-11-02) → 'github:nix-community/nixvim/2dc09e09cc65026f0899cc50291e244ee24835d3?narHash=sha256-z0VQRaEARqF5eARuAFhDixV%2Bg5B%2B5IJ1iDKSUM%2B5EIY%3D' (2025-11-10) • Updated input 'nixvim/flake-parts': 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20) → 'github:hercules-ci/flake-parts/26d05891e14c88eb4a5d5bee659c0db5afb609d8?narHash=sha256-xxdepIcb39UJ94%2BYydGP221rjnpkDZUlykKuF54PsqI%3D' (2025-11-06) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/68b3775543b442b06a76e498fd342b16a8619757?narHash=sha256-Q7o8NTYIbGMmMrgrx9PTmmaj/GM/DWJjM6U%2Bdaaiiyk%3D' (2025-11-02) → 'github:0xc000022070/zen-browser-flake/02bb5919dab81a3fea4d8d4663ea67922a463cd3?narHash=sha256-YgQ80R6TW9GxS0Ozaqe9mTVewuOWqwRmMUhRUpKsoCs%3D' (2025-11-10) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/e8c19a3cec2814c754f031ab3ae7316b64da085b?narHash=sha256-S%2BwmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR%2Bkw%3D' (2025-07-15) → 'github:nix-community/home-manager/b959c67241cae17fc9e4ee7eaf13dfa8512477ea?narHash=sha256-0ptUDbYwxv1kk/uzEX4%2BNJjY2e16MaAhtzAOJ6K0TG0%3D' (2025-11-05) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 1dddf21..eef05fa 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -72,11 +72,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762440070, + "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8", "type": "github" }, "original": { @@ -146,11 +146,11 @@ ] }, "locked": { - "lastModified": 1762087455, - "narHash": "sha256-hpbPma1eUKwLAmiVRoMgIHbHiIKFkcACobJLbDt6ABw=", + "lastModified": 1762787259, + "narHash": "sha256-t2U/GLLXHa2+kJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs=", "owner": "nix-community", "repo": "home-manager", - "rev": "43e205606aeb253bfcee15fd8a4a01d8ce8384ca", + "rev": "37a3d97f2873e0f68711117c34d04b7c7ead8f4e", "type": "github" }, "original": { @@ -167,11 +167,11 @@ ] }, "locked": { - "lastModified": 1752603129, - "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", + "lastModified": 1762351818, + "narHash": "sha256-0ptUDbYwxv1kk/uzEX4+NJjY2e16MaAhtzAOJ6K0TG0=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", + "rev": "b959c67241cae17fc9e4ee7eaf13dfa8512477ea", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1762596750, + "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", "type": "github" }, "original": { @@ -249,11 +249,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1762097356, - "narHash": "sha256-XwLZC+5T3gJJWVVAZ9atpRPopyXXlHfF5fvkhTigs0E=", + "lastModified": 1762789067, + "narHash": "sha256-z0VQRaEARqF5eARuAFhDixV+g5B+5IJ1iDKSUM+5EIY=", "owner": "nix-community", "repo": "nixvim", - "rev": "660fba984fe25ded6fa2e32016c05aebf4290273", + "rev": "2dc09e09cc65026f0899cc50291e244ee24835d3", "type": "github" }, "original": { @@ -348,11 +348,11 @@ ] }, "locked": { - "lastModified": 1762067864, - "narHash": "sha256-Q7o8NTYIbGMmMrgrx9PTmmaj/GM/DWJjM6U+daaiiyk=", + "lastModified": 1762748864, + "narHash": "sha256-YgQ80R6TW9GxS0Ozaqe9mTVewuOWqwRmMUhRUpKsoCs=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "68b3775543b442b06a76e498fd342b16a8619757", + "rev": "02bb5919dab81a3fea4d8d4663ea67922a463cd3", "type": "github" }, "original": { From 5a2c07942c37307c11454526006930a3b7401e38 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 11 Nov 2025 11:51:45 +1100 Subject: [PATCH 022/126] fix: aerc mark as read shortcut clashes with replies, so change to I instead of R --- modules/home-manager/features/aerc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home-manager/features/aerc.nix b/modules/home-manager/features/aerc.nix index 7debd0a..8b114ff 100644 --- a/modules/home-manager/features/aerc.nix +++ b/modules/home-manager/features/aerc.nix @@ -49,11 +49,11 @@ D = ":move Trash"; G = ":select -1"; H = ":collapse-folder"; + I = ":read"; J = ":next-folder "; K = ":prev-folder"; L = ":expand-folder"; N = ":prev-result"; - R = ":read"; Rq = ":reply -q"; Rr = ":reply"; T = ":toggle-threads"; From c88d609d34397a1f972168ace24ae41226c3b074 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 11 Nov 2025 11:51:57 +1100 Subject: [PATCH 023/126] feat: add spellchecking to neovim installation --- modules/nixos/features/nixvim.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/modules/nixos/features/nixvim.nix b/modules/nixos/features/nixvim.nix index fd86deb..e4838bd 100644 --- a/modules/nixos/features/nixvim.nix +++ b/modules/nixos/features/nixvim.nix @@ -20,16 +20,21 @@ }; diagnostic.settings.virtual_lines = true; opts = { + # keep-sorted start autoindent = true; + colorcolumn = "80"; expandtab = true; number = true; relativenumber = true; shiftwidth = 2; + # get suggestions by typing z= + spell = true; + spelllang = "en_au"; tabstop = 2; - colorcolumn = "80"; + # keep-sorted end }; plugins = { - # autoclose brackets + # auto close brackets autoclose.enable = true; # completion window From 358986970cb002b7015d07a0e56b645b03760472 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 11 Nov 2025 16:06:21 +0000 Subject: [PATCH 024/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixvim': 'github:nix-community/nixvim/2dc09e09cc65026f0899cc50291e244ee24835d3?narHash=sha256-z0VQRaEARqF5eARuAFhDixV%2Bg5B%2B5IJ1iDKSUM%2B5EIY%3D' (2025-11-10) → 'github:nix-community/nixvim/9e556e752505263eef8c0d0f982e2ab9029cc512?narHash=sha256-2hkqfvY2wH%2B78M85X/ZApyZURnFc926b2mAHiyHcGDE%3D' (2025-11-11) • Updated input 'nixvim/flake-parts': 'github:hercules-ci/flake-parts/26d05891e14c88eb4a5d5bee659c0db5afb609d8?narHash=sha256-xxdepIcb39UJ94%2BYydGP221rjnpkDZUlykKuF54PsqI%3D' (2025-11-06) → 'github:hercules-ci/flake-parts/0bdadb1b265fb4143a75bd1ec7d8c915898a9923?narHash=sha256-dxFVgQPG%2BR72dkhXTtqUm7KpxElw3u6E%2BYlQ2WaDgt8%3D' (2025-11-10) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/02bb5919dab81a3fea4d8d4663ea67922a463cd3?narHash=sha256-YgQ80R6TW9GxS0Ozaqe9mTVewuOWqwRmMUhRUpKsoCs%3D' (2025-11-10) → 'github:0xc000022070/zen-browser-flake/51f5194aff34d130d07f684df2a85b10a3933558?narHash=sha256-qwUWaKy%2BkmTBk6xxMI0yfkD5IU2gcxXOXNPJ2T%2BEnys%3D' (2025-11-11) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index eef05fa..dad2418 100644 --- a/flake.lock +++ b/flake.lock @@ -72,11 +72,11 @@ ] }, "locked": { - "lastModified": 1762440070, - "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=", + "lastModified": 1762810396, + "narHash": "sha256-dxFVgQPG+R72dkhXTtqUm7KpxElw3u6E+YlQ2WaDgt8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8", + "rev": "0bdadb1b265fb4143a75bd1ec7d8c915898a9923", "type": "github" }, "original": { @@ -249,11 +249,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1762789067, - "narHash": "sha256-z0VQRaEARqF5eARuAFhDixV+g5B+5IJ1iDKSUM+5EIY=", + "lastModified": 1762865386, + "narHash": "sha256-2hkqfvY2wH+78M85X/ZApyZURnFc926b2mAHiyHcGDE=", "owner": "nix-community", "repo": "nixvim", - "rev": "2dc09e09cc65026f0899cc50291e244ee24835d3", + "rev": "9e556e752505263eef8c0d0f982e2ab9029cc512", "type": "github" }, "original": { @@ -348,11 +348,11 @@ ] }, "locked": { - "lastModified": 1762748864, - "narHash": "sha256-YgQ80R6TW9GxS0Ozaqe9mTVewuOWqwRmMUhRUpKsoCs=", + "lastModified": 1762835117, + "narHash": "sha256-qwUWaKy+kmTBk6xxMI0yfkD5IU2gcxXOXNPJ2T+Enys=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "02bb5919dab81a3fea4d8d4663ea67922a463cd3", + "rev": "51f5194aff34d130d07f684df2a85b10a3933558", "type": "github" }, "original": { From 1b5f71f2b74471baecb2fbfdd680c271f7d83b6a Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 1 Dec 2025 16:30:23 +1100 Subject: [PATCH 025/126] fix: backup drive failing should not prevent server startup --- modules/nixos/features/borgmatic.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/nixos/features/borgmatic.nix b/modules/nixos/features/borgmatic.nix index c0f8b9a..469c5a1 100644 --- a/modules/nixos/features/borgmatic.nix +++ b/modules/nixos/features/borgmatic.nix @@ -77,6 +77,9 @@ fileSystems."/backup" = { device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e"; fsType = "ext4"; + options = [ + "nofail" + ]; }; # secrets From 078c58831ff1f70e429b86cb19beaa192394711d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 9 Dec 2025 16:07:06 +0000 Subject: [PATCH 026/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'copyparty': 'github:9001/copyparty/ac085b8' (2025-11-02) → 'github:9001/copyparty/c5c5f9b' (2025-12-04) • Updated input 'home-manager': 'github:nix-community/home-manager/37a3d97' (2025-11-10) → 'github:nix-community/home-manager/e5b1f87' (2025-12-08) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/b6a8526' (2025-11-08) → 'github:nixos/nixpkgs/addf7cf' (2025-12-08) • Updated input 'nixvim': 'github:nix-community/nixvim/9e556e7' (2025-11-11) → 'github:nix-community/nixvim/ba8f6d4' (2025-12-09) • Updated input 'nixvim/flake-parts': 'github:hercules-ci/flake-parts/0bdadb1' (2025-11-10) → 'github:hercules-ci/flake-parts/2cccadc' (2025-11-21) • Removed input 'nixvim/nuschtosSearch' • Removed input 'nixvim/nuschtosSearch/flake-utils' • Removed input 'nixvim/nuschtosSearch/flake-utils/systems' • Removed input 'nixvim/nuschtosSearch/ixx' • Removed input 'nixvim/nuschtosSearch/ixx/flake-utils' • Removed input 'nixvim/nuschtosSearch/ixx/nixpkgs' • Removed input 'nixvim/nuschtosSearch/nixpkgs' • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/51f5194' (2025-11-11) → 'github:0xc000022070/zen-browser-flake/e7f4849' (2025-12-09) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/b959c67' (2025-11-05) → 'github:nix-community/home-manager/827f2a2' (2025-11-12) --- flake.lock | 129 +++++++++-------------------------------------------- 1 file changed, 22 insertions(+), 107 deletions(-) diff --git a/flake.lock b/flake.lock index dad2418..200a21b 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1762095388, - "narHash": "sha256-7Q8LtcvKWHbP8znARRTOY2tpU5WoV6FHwp5TZJOI8Us=", + "lastModified": 1764892674, + "narHash": "sha256-6BhUTKjfh09j3HFPGKrTWbcswSErhhoCpZTM4nwrnmk=", "owner": "9001", "repo": "copyparty", - "rev": "ac085b8149ff50e03d260128596dd130ed1c7cae", + "rev": "c5c5f9b4b828b984cf7109d12f86150a334eb566", "type": "github" }, "original": { @@ -72,11 +72,11 @@ ] }, "locked": { - "lastModified": 1762810396, - "narHash": "sha256-dxFVgQPG+R72dkhXTtqUm7KpxElw3u6E+YlQ2WaDgt8=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0bdadb1b265fb4143a75bd1ec7d8c915898a9923", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -100,24 +100,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -146,11 +128,11 @@ ] }, "locked": { - "lastModified": 1762787259, - "narHash": "sha256-t2U/GLLXHa2+kJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs=", + "lastModified": 1765217760, + "narHash": "sha256-BVVyAodLcAD8KOtR3yCStBHSE0WAH/xQWH9f0qsxbmk=", "owner": "nix-community", "repo": "home-manager", - "rev": "37a3d97f2873e0f68711117c34d04b7c7ead8f4e", + "rev": "e5b1f87841810fc24772bf4389f9793702000c9b", "type": "github" }, "original": { @@ -167,11 +149,11 @@ ] }, "locked": { - "lastModified": 1762351818, - "narHash": "sha256-0ptUDbYwxv1kk/uzEX4+NJjY2e16MaAhtzAOJ6K0TG0=", + "lastModified": 1762964643, + "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", "owner": "nix-community", "repo": "home-manager", - "rev": "b959c67241cae17fc9e4ee7eaf13dfa8512477ea", + "rev": "827f2a23373a774a8805f84ca5344654c31f354b", "type": "github" }, "original": { @@ -180,34 +162,6 @@ "type": "github" } }, - "ixx": { - "inputs": { - "flake-utils": [ - "nixvim", - "nuschtosSearch", - "flake-utils" - ], - "nixpkgs": [ - "nixvim", - "nuschtosSearch", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754860581, - "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", - "owner": "NuschtOS", - "repo": "ixx", - "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "ref": "v0.1.1", - "repo": "ixx", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1748162331, @@ -225,11 +179,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1762596750, - "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", "type": "github" }, "original": { @@ -245,15 +199,14 @@ "nixpkgs": [ "nixpkgs" ], - "nuschtosSearch": "nuschtosSearch", - "systems": "systems_3" + "systems": "systems_2" }, "locked": { - "lastModified": 1762865386, - "narHash": "sha256-2hkqfvY2wH+78M85X/ZApyZURnFc926b2mAHiyHcGDE=", + "lastModified": 1765291075, + "narHash": "sha256-tw7+BDZqn2vvpWbT3OYiumPevZP80dCGXpwdyYucoOs=", "owner": "nix-community", "repo": "nixvim", - "rev": "9e556e752505263eef8c0d0f982e2ab9029cc512", + "rev": "ba8f6d40b14e2ca14433334d0f5d23234c2ac025", "type": "github" }, "original": { @@ -262,29 +215,6 @@ "type": "github" } }, - "nuschtosSearch": { - "inputs": { - "flake-utils": "flake-utils_2", - "ixx": "ixx", - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1761730856, - "narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=", - "owner": "NuschtOS", - "repo": "search", - "rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "repo": "search", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -325,21 +255,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "zen-browser": { "inputs": { "home-manager": "home-manager_3", @@ -348,11 +263,11 @@ ] }, "locked": { - "lastModified": 1762835117, - "narHash": "sha256-qwUWaKy+kmTBk6xxMI0yfkD5IU2gcxXOXNPJ2T+Enys=", + "lastModified": 1765275990, + "narHash": "sha256-2WhSfO4JjBqGIJJvwnwtOpoeTs628Y8GD7KthIoNhIY=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "51f5194aff34d130d07f684df2a85b10a3933558", + "rev": "e7f4849710fe306852551f4ec34c6fc648896c22", "type": "github" }, "original": { From ea0b2ebbfdf28bde1a553307a94e185f27eb7c26 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 10 Dec 2025 19:47:06 +1100 Subject: [PATCH 027/126] feat: install radicale for caldav and carddav support --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/homepage-dashboard.nix | 7 ++++ modules/nixos/features/radicale.nix | 42 +++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 modules/nixos/features/radicale.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 271c07b..08f3bb1 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -13,6 +13,7 @@ "jellyfin" "lidarr" "miniflux" + "radicale" "nginx" "ntfy-sh" "paperless" diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index f171efe..c1eb3d1 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -65,6 +65,13 @@ in "href" = "https://ntfy-sh.fi33.buzz/"; }; } + { + "Radicale" = { + "description" = "CalDAV/CardDAV service"; + "icon" = "radicale.svg"; + "href" = "https://radicale.fi33.buzz"; + }; + } { "Syncthing" = { "description" = "Decentralised file synchronisation"; diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix new file mode 100644 index 0000000..1e0b722 --- /dev/null +++ b/modules/nixos/features/radicale.nix @@ -0,0 +1,42 @@ +{ + config, + ... +}: +let + port = "5003"; +in +{ + services = { + radicale = { + enable = true; + settings = { + server = { + hosts = [ + "0.0.0.0:${port}" + "[::]:${port}" + ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = config.age.secrets.radicale.path; + htpasswd_encryption = "plain"; + }; + storage = { + filesystem_folder = "/srv/radicale"; + }; + }; + }; + + nginx.virtualHosts."radicale.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; + }; + + # secrets + age.secrets."radicale" = { + file = ../../../secrets/radicale.age; + owner = "radicale"; + }; +} From 63774a34f5fd7e21a7cd6ab191e85c018b977f8c Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 10 Dec 2025 19:48:32 +1100 Subject: [PATCH 028/126] fix: options have been renamed in latest release --- hosts/server/configuration.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 8854a0d..6d595e5 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -27,9 +27,7 @@ # hardened openssh services.openssh = { - passwordAuthentication = false; - allowSFTP = false; - challengeResponseAuthentication = false; + allowSFTP = false; extraConfig = '' AllowTcpForwarding yes X11Forwarding no @@ -37,6 +35,10 @@ AllowStreamLocalForwarding no AuthenticationMethods publickey ''; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + }; }; system.stateVersion = "24.11"; From b834611bcb14ffaa16b87838248d1eb9f254090c Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 10 Dec 2025 19:47:06 +1100 Subject: [PATCH 029/126] feat: install radicale for caldav and carddav support --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/homepage-dashboard.nix | 7 ++++ modules/nixos/features/radicale.nix | 42 +++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 modules/nixos/features/radicale.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 271c07b..8e0841f 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -19,6 +19,7 @@ "prowlarr" "qbittorrent" "radarr" + "radicale" "sonarr" "syncthing" "vaultwarden" diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index f171efe..c1eb3d1 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -65,6 +65,13 @@ in "href" = "https://ntfy-sh.fi33.buzz/"; }; } + { + "Radicale" = { + "description" = "CalDAV/CardDAV service"; + "icon" = "radicale.svg"; + "href" = "https://radicale.fi33.buzz"; + }; + } { "Syncthing" = { "description" = "Decentralised file synchronisation"; diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix new file mode 100644 index 0000000..1e0b722 --- /dev/null +++ b/modules/nixos/features/radicale.nix @@ -0,0 +1,42 @@ +{ + config, + ... +}: +let + port = "5003"; +in +{ + services = { + radicale = { + enable = true; + settings = { + server = { + hosts = [ + "0.0.0.0:${port}" + "[::]:${port}" + ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = config.age.secrets.radicale.path; + htpasswd_encryption = "plain"; + }; + storage = { + filesystem_folder = "/srv/radicale"; + }; + }; + }; + + nginx.virtualHosts."radicale.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; + }; + + # secrets + age.secrets."radicale" = { + file = ../../../secrets/radicale.age; + owner = "radicale"; + }; +} From d3868b69c4f194934480c198b8661d392ce40907 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 10 Dec 2025 19:48:32 +1100 Subject: [PATCH 030/126] fix: options have been renamed in latest release --- hosts/server/configuration.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 8854a0d..6d595e5 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -27,9 +27,7 @@ # hardened openssh services.openssh = { - passwordAuthentication = false; - allowSFTP = false; - challengeResponseAuthentication = false; + allowSFTP = false; extraConfig = '' AllowTcpForwarding yes X11Forwarding no @@ -37,6 +35,10 @@ AllowStreamLocalForwarding no AuthenticationMethods publickey ''; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + }; }; system.stateVersion = "24.11"; From bf13c50f4cc8cc13fad77e41eabf75ee68648a61 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 15 Dec 2025 19:54:03 +1100 Subject: [PATCH 031/126] feat: install karakeep --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/karakeep.nix | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 modules/nixos/features/karakeep.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 8e0841f..fae672d 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -11,6 +11,7 @@ "homepage-dashboard" "immich" "jellyfin" + "karakeep" "lidarr" "miniflux" "nginx" diff --git a/modules/nixos/features/karakeep.nix b/modules/nixos/features/karakeep.nix new file mode 100644 index 0000000..c113f66 --- /dev/null +++ b/modules/nixos/features/karakeep.nix @@ -0,0 +1,20 @@ +let + port = "5014"; +in +{ + services = { + karakeep = { + enable = true; + extraEnvironment = { + PORT = port; + DISABLE_NEW_RELEASE_CHECK = "true"; + }; + }; + + nginx.virtualHosts."karakeep.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${port}"; + }; + }; +} From 2f2cd68d760d420e15ad9ce66e777dac1c0c3522 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 17 Dec 2025 16:07:17 +0000 Subject: [PATCH 032/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'copyparty': 'github:9001/copyparty/c5c5f9b' (2025-12-04) → 'github:9001/copyparty/519bfe1' (2025-12-17) • Updated input 'home-manager': 'github:nix-community/home-manager/e5b1f87' (2025-12-08) → 'github:nix-community/home-manager/89c9508' (2025-12-17) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/addf7cf' (2025-12-08) → 'github:nixos/nixpkgs/1306659' (2025-12-15) • Updated input 'nixvim': 'github:nix-community/nixvim/ba8f6d4' (2025-12-09) → 'github:nix-community/nixvim/51bbde5' (2025-12-17) • Updated input 'nixvim/flake-parts': 'github:hercules-ci/flake-parts/2cccadc' (2025-11-21) → 'github:hercules-ci/flake-parts/a34fae9' (2025-12-15) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/e7f4849' (2025-12-09) → 'github:0xc000022070/zen-browser-flake/7db019a' (2025-12-17) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/827f2a2' (2025-11-12) → 'github:nix-community/home-manager/58bf3ec' (2025-12-14) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 200a21b..64afcd2 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1764892674, - "narHash": "sha256-6BhUTKjfh09j3HFPGKrTWbcswSErhhoCpZTM4nwrnmk=", + "lastModified": 1765930735, + "narHash": "sha256-D+b77dVSjCqTfvZsOw3tXAYo5E+I3T9FeahyfqYKWoI=", "owner": "9001", "repo": "copyparty", - "rev": "c5c5f9b4b828b984cf7109d12f86150a334eb566", + "rev": "519bfe1f0b66bf3131105941d0dc704de7c2ec23", "type": "github" }, "original": { @@ -72,11 +72,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -128,11 +128,11 @@ ] }, "locked": { - "lastModified": 1765217760, - "narHash": "sha256-BVVyAodLcAD8KOtR3yCStBHSE0WAH/xQWH9f0qsxbmk=", + "lastModified": 1765980955, + "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=", "owner": "nix-community", "repo": "home-manager", - "rev": "e5b1f87841810fc24772bf4389f9793702000c9b", + "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1762964643, - "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", + "lastModified": 1765682243, + "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=", "owner": "nix-community", "repo": "home-manager", - "rev": "827f2a23373a774a8805f84ca5344654c31f354b", + "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03", "type": "github" }, "original": { @@ -179,11 +179,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1765186076, - "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "lastModified": 1765779637, + "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", "type": "github" }, "original": { @@ -202,11 +202,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1765291075, - "narHash": "sha256-tw7+BDZqn2vvpWbT3OYiumPevZP80dCGXpwdyYucoOs=", + "lastModified": 1765961056, + "narHash": "sha256-RCPRBIqKkwngttpcOhRVMbsCjnKYpc6Q5W7gwp36RN0=", "owner": "nix-community", "repo": "nixvim", - "rev": "ba8f6d40b14e2ca14433334d0f5d23234c2ac025", + "rev": "51bbde565a7538bb4e75defee13b3e951fb0ba81", "type": "github" }, "original": { @@ -263,11 +263,11 @@ ] }, "locked": { - "lastModified": 1765275990, - "narHash": "sha256-2WhSfO4JjBqGIJJvwnwtOpoeTs628Y8GD7KthIoNhIY=", + "lastModified": 1765946036, + "narHash": "sha256-R/qaIkzqm00qBMr8onM6ZZFX49lvsQLZ79adVubqjts=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "e7f4849710fe306852551f4ec34c6fc648896c22", + "rev": "7db019a64483743a8d92319baafbbe71b687d0a1", "type": "github" }, "original": { From ee3385342045d541547081c1b6a6af566c8ed5c9 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Thu, 18 Dec 2025 15:31:08 +1100 Subject: [PATCH 033/126] feat: install firefox --- flake.lock | 43 ++++ flake.nix | 12 +- modules/home-manager/bundles/desktop.nix | 1 + modules/home-manager/features/firefox.nix | 250 ++++++++++++++++++++++ 4 files changed, 304 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager/features/firefox.nix diff --git a/flake.lock b/flake.lock index 64afcd2..00a104d 100644 --- a/flake.lock +++ b/flake.lock @@ -85,6 +85,27 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1678901627, @@ -215,6 +236,27 @@ "type": "github" } }, + "nur": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766030459, + "narHash": "sha256-hWlPTEnYoqfSKozF2Ro2/ymVy11RugLw5U9zex/76f4=", + "owner": "nix-community", + "repo": "NUR", + "rev": "285245c3721e42d2886cd445503485ccb7165b7b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -222,6 +264,7 @@ "home-manager": "home-manager_2", "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", + "nur": "nur", "zen-browser": "zen-browser" } }, diff --git a/flake.nix b/flake.nix index 9cb806e..f8e4131 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,10 @@ url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; }; + nur = { + url = "github:nix-community/NUR"; + inputs.nixpkgs.follows = "nixpkgs"; + }; zen-browser = { url = "github:0xc000022070/zen-browser-flake"; inputs.nixpkgs.follows = "nixpkgs"; @@ -26,10 +30,13 @@ outputs = { - nixpkgs, - home-manager, + # keep-sorted start agenix, + home-manager, + nixpkgs, + nur, zen-browser, + # keep-sorted end ... }@inputs: let @@ -45,6 +52,7 @@ nixpkgs.lib.nixosSystem { modules = [ ./hosts/${hostName}/configuration.nix + nur.modules.nixos.default home-manager.nixosModules.home-manager { home-manager = { diff --git a/modules/home-manager/bundles/desktop.nix b/modules/home-manager/bundles/desktop.nix index 0867706..60e4e46 100644 --- a/modules/home-manager/bundles/desktop.nix +++ b/modules/home-manager/bundles/desktop.nix @@ -6,6 +6,7 @@ imports = util.toImports ../features [ # keep-sorted start "aerc" + "firefox" "kitty" "mail" "obsidian" diff --git a/modules/home-manager/features/firefox.nix b/modules/home-manager/features/firefox.nix new file mode 100644 index 0000000..e7adee0 --- /dev/null +++ b/modules/home-manager/features/firefox.nix @@ -0,0 +1,250 @@ +{ + pkgs, + ... +}: +{ + programs.firefox = { + enable = true; + languagePacks = [ "en-GB" ]; + profiles.will = { + settings = { + # keep-sorted start + "browser.aboutwelcome.enabled" = false; + "browser.bookmarks.addedImportButton" = false; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.newtabpage.enabled" = false; + "browser.safebrowsing.downloads.enabled" = false; + "browser.safebrowsing.malware.enabled" = false; + "browser.safebrowsing.phishing.enabled" = false; + "browser.safebrowsing.remote.block_potentially_unwanted" = false; + "browser.safebrowsing.remote.block_uncommon" = false; + "browser.search.suggest.enabled" = false; + "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; + "browser.startup.page" = 3; + "browser.tabs.groups.smart.userEnabled" = false; + "browser.toolbars.bookmarks.visibility" = "never"; + "browser.urlbar.suggest.searches" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.usage.uploadEnabled" = false; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_ever_enabled" = true; + "extensions.formautofill.creditCards.enabled" = false; + "general.autoScroll" = true; + "intl.locale.requested" = "en-GB"; + "network.trr.mode" = 3; + "network.trr.uri" = "https://firefox.dns.nextdns.io/"; + "privacy.annotate_channels.strict_list.enabled" = true; + "privacy.bounceTrackingProtection.mode" = 1; + "privacy.clearOnShutdown_v2.formdata" = true; + "privacy.fingerprintingProtection" = true; + "privacy.globalprivacycontrol.enabled" = true; + "privacy.globalprivacycontrol.was_ever_enabled" = true; + "privacy.query_stripping.enabled " = true; + "privacy.query_stripping.enabled.pbmode" = true; + "privacy.trackingprotection.allow_list.baseline.enabled" = true; + "privacy.trackingprotection.allow_list.convenience.enabled" = false; + "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; + "privacy.trackingprotection.emailtracking.enabled" = true; + "privacy.trackingprotection.enabled" = true; + "privacy.trackingprotection.socialtracking.enabled" = true; + "sidebar.main.tools" = "syncedtabs,history,bookmarks"; + "sidebar.new-sidebar.has-used" = true; + "sidebar.position_start" = false; + "sidebar.revamp" = true; + "sidebar.verticalTabs" = true; + "sidebar.verticalTabs.dragToPinPromo.dismissed" = true; + "signon.autofillForms" = false; + "signon.firefoxRelay.feature" = "disabled"; + "signon.generation.enabled" = false; + "signon.management.page.breach-alerts.enabled" = false; + "signon.rememberSignons" = false; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + # keep-sorted end + }; + search = { + default = "ddg"; + privateDefault = "ddg"; + engines = { }; + order = [ ]; + force = true; + }; + extensions = { + force = true; + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + # keep-sorted start sticky_comments=no + # detect-cloudflare + bitwarden + dearrow + floccus + nixpkgs-pr-tracker + react-devtools + return-youtube-dislikes + sponsorblock + ublock-origin + # keep-sorted end + ]; + settings = { + # keep-sorted start block=yes + # sponsorblock + "sponsorBlocker@ajay.app".settings = { + hideSegmentCreationInPopup = false; + autoSkipOnMusicVideosUpdate = true; + changeChapterColor = true; + autoSkipOnMusicVideos = false; + hideVideoPlayerControls = false; + useVirtualTime = true; + categoryPillColors = { }; + payments = { + chaptersAllowed = false; + freeAccess = false; + lastCheck = 0; + lastFreeCheck = 0; + licenseKey = null; + }; + allowExpirements = true; + allowScrollingToEdit = true; + audioNotificationOnSkip = false; + autoHideInfoButton = true; + categoryPillUpdate = true; + chapterCategoryAdded = true; + checkForUnlistedVideos = false; + cleanPopup = false; + darkMode = true; + deArrowInstalled = true; + defaultCategory = "chooseACategory"; + disableSkipping = false; + donateClicked = 0; + dontShowNotice = false; + forceChannelCheck = false; + fullVideoLabelsOnThumbnails = true; + fullVideoSegments = true; + hideDeleteButtonPlayerControls = false; + hideDiscordLaunches = 0; + hideDiscordLink = false; + hideInfoButtonPlayerControls = false; + hideSkipButtonPlayerControls = false; + hideUploadButtonPlayerControls = false; + categorySelections = [ + { + name = "sponsor"; + option = 2; + } + { + name = "poi_highlight"; + option = 1; + } + { + name = "exclusive_access"; + option = 0; + } + { + name = "chapter"; + option = 0; + } + { + name = "selfpromo"; + option = 1; + } + { + name = "interaction"; + option = 1; + } + { + name = "intro"; + option = 1; + } + { + name = "outro"; + option = 1; + } + { + name = "preview"; + option = 1; + } + { + name = "filler"; + option = 1; + } + { + name = "music_offtopic"; + option = 2; + } + { + name = "hook"; + option = 1; + } + ]; + manualSkipOnFullVideo = false; + minDuration = 0; + isVip = false; + muteSegments = false; + noticeVisibilityMode = 3; + renderSegmentsAsChapters = false; + scrollToEditTimeUpdate = false; + serverAddress = "https://sponsor.ajay.app"; + showAutogeneratedChapters = false; + showCategoryGuidelines = true; + showCategoryWithoutPermission = false; + showChapterInfoMessage = true; + showDeArrowInSettings = true; + showDeArrowPromotion = true; + showDonationLink = false; + showNewFeaturePopups = false; + showSegmentFailedToFetchWarning = true; + showSegmentNameInChapterBar = true; + showTimeWithSkips = true; + showUpcomingNotice = false; + showUpsells = false; + minutesSaved = 67.630516; + shownDeArrowPromotion = false; + showZoomToFillError2 = false; + skipNoticeDuration = 4; + sponsorTimesContributed = 0; + testingServer = false; + trackDownvotes = false; + trackDownvotesInPrivate = false; + trackViewCount = false; + trackViewCountInPrivate = false; + ytInfoPermissionGranted = false; + skipNonMusicOnlyOnYoutubeMusic = false; + hookUpdate = false; + permissions = { + sponsor = true; + selfpromo = true; + exclusive_access = true; + interaction = true; + intro = true; + outro = true; + preview = true; + hook = true; + music_offtopic = true; + filler = true; + poi_highlight = true; + chapter = false; + }; + segmentListDefaultTab = 0; + prideTheme = false; + }; + # ublock-origin + "uBlock0@raymondhill.net".settings = { + advancedUserEnabled = true; + selectedFilterLists = [ + "user-filters" + "ublock-filters" + "ublock-badware" + "ublock-privacy" + "ublock-quick-fixes" + "ublock-unbreak" + "easylist" + "easyprivacy" + "adguard-spyware-url" + "urlhaus-1" + "plowe-0" + ]; + }; + # keep-sorted end + }; + }; + }; + }; +} From 0f2801f823bdb3e8b3e5cde88d8a3de8b0292d1c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 28 Dec 2025 16:05:50 +0000 Subject: [PATCH 034/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'copyparty': 'github:9001/copyparty/519bfe1' (2025-12-17) → 'github:9001/copyparty/4642d32' (2025-12-26) • Updated input 'home-manager': 'github:nix-community/home-manager/89c9508' (2025-12-17) → 'github:nix-community/home-manager/80cca72' (2025-12-28) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/1306659' (2025-12-15) → 'github:nixos/nixpkgs/3e2499d' (2025-12-25) • Updated input 'nixvim': 'github:nix-community/nixvim/51bbde5' (2025-12-17) → 'github:nix-community/nixvim/51ae991' (2025-12-28) • Updated input 'nur': 'github:nix-community/NUR/285245c' (2025-12-18) → 'github:nix-community/NUR/6580345' (2025-12-28) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/7db019a' (2025-12-17) → 'github:0xc000022070/zen-browser-flake/fe8d1a6' (2025-12-28) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 00a104d..5eef214 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1765930735, - "narHash": "sha256-D+b77dVSjCqTfvZsOw3tXAYo5E+I3T9FeahyfqYKWoI=", + "lastModified": 1766769718, + "narHash": "sha256-HUFMhHktTdcdXL31Bhhjm+35W32xhts7ki67zADYwmw=", "owner": "9001", "repo": "copyparty", - "rev": "519bfe1f0b66bf3131105941d0dc704de7c2ec23", + "rev": "4642d32366e30c131d933c8bd0a519b69f4d3fff", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1765980955, - "narHash": "sha256-rB45jv4uwC90vM9UZ70plfvY/2Kdygs+zlQ07dGQFk4=", + "lastModified": 1766936966, + "narHash": "sha256-LfixPDPlysn7sAUVyHEL8sjzgoYv2abDLoCxAlzY440=", "owner": "nix-community", "repo": "home-manager", - "rev": "89c9508bbe9b40d36b3dc206c2483ef176f15173", + "rev": "80cca72314c3b18896f2a412f2f070d17810b45f", "type": "github" }, "original": { @@ -200,11 +200,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1765779637, - "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", + "lastModified": 1766651565, + "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", + "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", "type": "github" }, "original": { @@ -223,11 +223,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1765961056, - "narHash": "sha256-RCPRBIqKkwngttpcOhRVMbsCjnKYpc6Q5W7gwp36RN0=", + "lastModified": 1766918207, + "narHash": "sha256-G/Msy+w6e6W5Z517draGcMC0Fqpl4cfutZS5ijndpyM=", "owner": "nix-community", "repo": "nixvim", - "rev": "51bbde565a7538bb4e75defee13b3e951fb0ba81", + "rev": "51ae9913767528723397e1b227bd32a080058bb5", "type": "github" }, "original": { @@ -244,11 +244,11 @@ ] }, "locked": { - "lastModified": 1766030459, - "narHash": "sha256-hWlPTEnYoqfSKozF2Ro2/ymVy11RugLw5U9zex/76f4=", + "lastModified": 1766935682, + "narHash": "sha256-9Lgge+E7rWEtMux+AVKOXMjoc0kQuPp5KSMf74xVdfU=", "owner": "nix-community", "repo": "NUR", - "rev": "285245c3721e42d2886cd445503485ccb7165b7b", + "rev": "6580345ce88dd3b98aaaefc253ea3c0c712e0dc2", "type": "github" }, "original": { @@ -306,11 +306,11 @@ ] }, "locked": { - "lastModified": 1765946036, - "narHash": "sha256-R/qaIkzqm00qBMr8onM6ZZFX49lvsQLZ79adVubqjts=", + "lastModified": 1766897152, + "narHash": "sha256-mD1GDg1eIHYUwk536j4uJX1IfQArsLQm2SL7rTQwAPI=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "7db019a64483743a8d92319baafbbe71b687d0a1", + "rev": "fe8d1a61a904b336f453d7ab5ae7d691a21c5cbf", "type": "github" }, "original": { From 4502e197bfbb63d1c5d7a0ab1d4cb0773db9c933 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 29 Dec 2025 14:00:36 +1100 Subject: [PATCH 035/126] refactor: store port as integer --- modules/nixos/features/copyparty.nix | 7 +++---- modules/nixos/features/couchdb.nix | 10 +++------- modules/nixos/features/flaresolverr.nix | 10 +++------- modules/nixos/features/homepage-dashboard.nix | 6 +++--- modules/nixos/features/immich.nix | 10 +++------- modules/nixos/features/jellyfin.nix | 4 ++-- modules/nixos/features/karakeep.nix | 6 +++--- modules/nixos/features/lidarr.nix | 12 +++++------- modules/nixos/features/miniflux.nix | 6 +++--- modules/nixos/features/ntfy-sh.nix | 6 +++--- modules/nixos/features/paperless.nix | 7 +++---- modules/nixos/features/prowlarr.nix | 15 +++++---------- modules/nixos/features/qbittorrent.nix | 10 +++------- modules/nixos/features/radarr.nix | 12 +++++------- modules/nixos/features/radicale.nix | 8 ++++---- modules/nixos/features/sonarr.nix | 12 +++++------- modules/nixos/features/syncthing.nix | 6 +++--- modules/nixos/features/vaultwarden.nix | 6 +++--- modules/templates/web-feature.nix | 4 ++-- 19 files changed, 64 insertions(+), 93 deletions(-) diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index a3b8114..560df1e 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -2,12 +2,11 @@ # keep-sorted start config, inputs, - lib, # keep-sorted end ... }: let - port = "5000"; + port = 5000; in { imports = [ inputs.copyparty.nixosModules.default ]; @@ -20,7 +19,7 @@ in e2dsa = true; e2ts = true; e2vu = true; - p = lib.toInt port; + p = port; }; accounts.will.passwordFile = config.age.secrets.copyparty-will.path; @@ -37,7 +36,7 @@ in nginx.virtualHosts."copyparty.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix index 5b24367..d7656ee 100644 --- a/modules/nixos/features/couchdb.nix +++ b/modules/nixos/features/couchdb.nix @@ -1,9 +1,5 @@ -{ - lib, - ... -}: let - port = "5984"; + port = 5984; in { services = { @@ -12,7 +8,7 @@ in databaseDir = "/srv/couchdb"; viewIndexDir = "/srv/couchdb"; configFile = "/srv/couchdb"; - port = lib.toInt port; + inherit port; extraConfig = { chttpd = { require_valid_user = true; @@ -41,7 +37,7 @@ in nginx.virtualHosts."couchdb.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; } diff --git a/modules/nixos/features/flaresolverr.nix b/modules/nixos/features/flaresolverr.nix index 86afdcd..e9f7f45 100644 --- a/modules/nixos/features/flaresolverr.nix +++ b/modules/nixos/features/flaresolverr.nix @@ -1,21 +1,17 @@ -{ - lib, - ... -}: let - port = "5011"; + port = 5011; in { services = { flaresolverr = { enable = true; - port = lib.toInt port; + inherit port; }; nginx.virtualHosts."flaresolverr.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; } diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index c1eb3d1..df30830 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -7,7 +7,7 @@ ... }: let - port = "5004"; + port = 5004; genSecrets = secrets: lib.genAttrs secrets (secret: { @@ -38,7 +38,7 @@ in services = { homepage-dashboard = { enable = true; - listenPort = lib.toInt port; + listenPort = port; allowedHosts = "homepage-dashboard.fi33.buzz"; services = [ # keep-sorted start block=yes @@ -300,7 +300,7 @@ in nginx.virtualHosts."homepage-dashboard.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index 3d83d33..6a0abd4 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -1,15 +1,11 @@ -{ - lib, - ... -}: let - port = "2283"; + port = 2283; in { services = { immich = { enable = true; - port = lib.toInt "${port}"; + inherit port; mediaLocation = "/srv/immich"; }; @@ -28,7 +24,7 @@ in forceSSL = true; useACMEHost = "fi33.buzz"; locations."/" = { - proxyPass = "http://[::1]:${port}"; + proxyPass = "http://[::1]:${toString port}"; proxyWebsockets = true; }; }; diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index e64f6ad..330adff 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -1,5 +1,5 @@ let - port = "8096"; + port = 8096; in { services = { @@ -12,7 +12,7 @@ in nginx.virtualHosts."jellyfin.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; diff --git a/modules/nixos/features/karakeep.nix b/modules/nixos/features/karakeep.nix index c113f66..09f8163 100644 --- a/modules/nixos/features/karakeep.nix +++ b/modules/nixos/features/karakeep.nix @@ -1,12 +1,12 @@ let - port = "5014"; + port = 5014; in { services = { karakeep = { enable = true; extraEnvironment = { - PORT = port; + PORT = toString port; DISABLE_NEW_RELEASE_CHECK = "true"; }; }; @@ -14,7 +14,7 @@ in nginx.virtualHosts."karakeep.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; } diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 39e6253..8132318 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -1,23 +1,21 @@ -{ - lib, - ... -}: let - port = "5012"; + port = 5012; in { services = { lidarr = { enable = true; dataDir = "/srv/lidarr"; - settings.server.port = lib.toInt port; + settings.server = { + inherit port; + }; group = "media"; }; nginx.virtualHosts."lidarr.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; } diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index 7fd7403..10c4eeb 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -3,7 +3,7 @@ ... }: let - port = "5010"; + port = 5010; in { services = { @@ -12,7 +12,7 @@ in adminCredentialsFile = config.age.secrets.miniflux-creds.path; config = { BASE_URL = "https://miniflux.fi33.buzz"; - LISTEN_ADDR = "localhost:${port}"; + LISTEN_ADDR = "localhost:${toString port}"; }; }; @@ -28,7 +28,7 @@ in nginx.virtualHosts."miniflux.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index 681047f..d5a70e8 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -1,5 +1,5 @@ let - port = "5002"; + port = 5002; in { services = { @@ -7,7 +7,7 @@ in enable = true; settings = { base-url = "https://ntfy-sh.fi33.buzz"; - listen-http = ":${port}"; + listen-http = ":${toString port}"; behind-proxy = true; }; }; @@ -16,7 +16,7 @@ in forceSSL = true; useACMEHost = "fi33.buzz"; locations."/" = { - proxyPass = "http://localhost:${port}"; + proxyPass = "http://localhost:${toString port}"; proxyWebsockets = true; }; }; diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 348b42d..6b61e35 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -1,10 +1,9 @@ { config, - lib, ... }: let - port = "5013"; + port = 5013; in { services = { @@ -13,7 +12,7 @@ in dataDir = "/srv/paperless"; database.createLocally = true; passwordFile = config.age.secrets.paperless.path; - port = lib.toInt port; + inherit port; settings = { PAPERLESS_URL = "https://paperless.fi33.buzz"; }; @@ -33,7 +32,7 @@ in nginx.virtualHosts."paperless.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 2e439b5..9fbb8e6 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -1,26 +1,21 @@ -{ - lib, - ... -}: let - port = "5009"; + port = 5009; in { services = { prowlarr = { enable = true; dataDir = "/srv/prowlarr"; - settings.server.port = lib.toInt port; + settings.server = { + inherit port; + }; }; nginx = { virtualHosts."prowlarr.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; }; diff --git a/modules/nixos/features/qbittorrent.nix b/modules/nixos/features/qbittorrent.nix index b67b01e..0134eb1 100644 --- a/modules/nixos/features/qbittorrent.nix +++ b/modules/nixos/features/qbittorrent.nix @@ -1,15 +1,11 @@ -{ - lib, - ... -}: let - port = "5005"; + port = 5005; in { services = { qbittorrent = { enable = true; - webuiPort = lib.toInt port; + webuiPort = port; profileDir = "/srv"; group = "media"; extraArgs = [ @@ -20,7 +16,7 @@ in nginx.virtualHosts."qbittorrent.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index 51aeef1..8cce599 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -1,23 +1,21 @@ -{ - lib, - ... -}: let - port = "5007"; + port = 5007; in { services = { radarr = { enable = true; dataDir = "/srv/radarr"; - settings.server.port = lib.toInt port; + settings.server = { + inherit port; + }; group = "media"; }; nginx.virtualHosts."radarr.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; } diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix index 1e0b722..6ced520 100644 --- a/modules/nixos/features/radicale.nix +++ b/modules/nixos/features/radicale.nix @@ -3,7 +3,7 @@ ... }: let - port = "5003"; + port = 5003; in { services = { @@ -12,8 +12,8 @@ in settings = { server = { hosts = [ - "0.0.0.0:${port}" - "[::]:${port}" + "0.0.0.0:${toString port}" + "[::]:${toString port}" ]; }; auth = { @@ -30,7 +30,7 @@ in nginx.virtualHosts."radicale.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 95ac80e..f5ff5b3 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -1,23 +1,21 @@ -{ - lib, - ... -}: let - port = "5006"; + port = 5006; in { services = { sonarr = { enable = true; dataDir = "/srv/sonarr"; - settings.server.port = lib.toInt port; + settings.server = { + inherit port; + }; group = "media"; }; nginx.virtualHosts."sonarr.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; } diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index 47e804c..513b467 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -4,7 +4,7 @@ ... }: let - port = "5008"; + port = 5008; devicesList = [ # keep-sorted start block=yes { @@ -45,7 +45,7 @@ in services = { syncthing = { enable = true; - guiAddress = "0.0.0.0:${port}"; + guiAddress = "0.0.0.0:${toString port}"; openDefaultPorts = true; user = "${userName}"; dataDir = "/home/${userName}"; @@ -69,7 +69,7 @@ in nginx.virtualHosts."syncthing.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; } diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index c4e069d..2ffb556 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -3,7 +3,7 @@ ... }: let - port = "5001"; + port = 5001; in { services = { @@ -11,7 +11,7 @@ in enable = true; backupDir = "/srv/vaultwarden"; config = { - rocketPort = "${port}"; + rocketPort = toString port; domain = "https://vaultwarden.fi33.buzz"; signupsAllowed = false; invitationsAllowed = false; @@ -26,7 +26,7 @@ in forceSSL = true; useACMEHost = "fi33.buzz"; locations."/" = { - proxyPass = "http://localhost:${port}"; + proxyPass = "http://localhost:${toString port}"; proxyWebsockets = true; }; }; diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 98eba78..ab1b9f0 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -1,5 +1,5 @@ let - port = "port"; + port = 0000; in { services = { @@ -12,7 +12,7 @@ in nginx.virtualHosts."feature.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyPass = "http://localhost:${toString port}"; }; }; } From 6130f543b933164a10bbb083b1fc1697782d5758 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 29 Dec 2025 14:08:20 +1100 Subject: [PATCH 036/126] fix: web-feature template now includes a more fleshed-out backup section --- modules/templates/web-feature.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index ab1b9f0..6240e4e 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -7,7 +7,17 @@ in enable = true; }; - borgbackup.jobs = feature { }; + # borgmatic.settings = { + # source_directories = [ ]; + # postgresql_databases = [ + # { + # name = "feature"; + # hostname = "localhost"; + # username = "root"; + # password = "{credential systemd borgmatic-pg}"; + # } + # ]; + # }; nginx.virtualHosts."feature.fi33.buzz" = { forceSSL = true; From b5c3d6419cada5f6008f68f40378e74ea895d4a5 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 29 Dec 2025 15:26:32 +1100 Subject: [PATCH 037/126] feat: re-order services on homepage dashboard --- modules/nixos/features/homepage-dashboard.nix | 274 +++++++++--------- 1 file changed, 137 insertions(+), 137 deletions(-) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index df30830..b4b7897 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -43,7 +43,134 @@ in services = [ # keep-sorted start block=yes { - "Cloud Services" = [ + "Media Management" = [ + { + "Immich" = { + "description" = "Photo backup"; + "icon" = "immich.svg"; + "href" = "https://immich.fi33.buzz/"; + "widget" = { + "type" = "immich"; + "fields" = [ + "users" + "photos" + "videos" + "storage" + ]; + "url" = "https://immich.fi33.buzz/"; + "version" = 2; + "key" = "@immich@"; + }; + }; + } + { + "Miniflux" = { + "description" = "RSS aggregator"; + "icon" = "miniflux.svg"; + "href" = "https://miniflux.fi33.buzz/"; + "widget" = { + "type" = "miniflux"; + "url" = "https://miniflux.fi33.buzz/"; + "key" = "@miniflux@"; + }; + }; + } + { + "Paperless" = { + "description" = "Digital filing cabinet"; + "icon" = "paperless.svg"; + "href" = "https://paperless.fi33.buzz/"; + "widget" = { + "type" = "paperlessngx"; + "url" = "https://paperless.fi33.buzz/"; + "username" = "admin"; + "password" = "@paperless@"; + }; + }; + } + ]; + } + { + "Media Streaming" = [ + { + "Jellyfin" = { + "description" = "Media streaming"; + "icon" = "jellyfin.svg"; + "href" = "https://jellyfin.fi33.buzz/"; + "widget" = { + "type" = "jellyfin"; + "url" = "https://jellyfin.fi33.buzz/"; + "key" = "@jellyfin@"; + "enableBlocks" = true; + "enableNowPlaying" = true; + "enableUser" = true; + "showEpisodeNumber" = true; + "expandOneStreamToTwoRows" = false; + }; + }; + } + { + "Radarr" = { + "description" = "Movie collection manager"; + "icon" = "radarr.svg"; + "href" = "https://radarr.fi33.buzz/"; + "widget" = { + "type" = "radarr"; + "url" = "https://radarr.fi33.buzz/"; + "key" = "@radarr@"; + "enableQueue" = true; + }; + }; + } + { + "Sonarr" = { + "description" = "TV show collection manager"; + "icon" = "sonarr.svg"; + "href" = "https://sonarr.fi33.buzz/"; + "widget" = { + "type" = "sonarr"; + "url" = "https://sonarr.fi33.buzz/"; + "key" = "@sonarr@"; + "enableQueue" = true; + }; + }; + } + { + "Lidarr" = { + "description" = "Music collection manager"; + "icon" = "lidarr.svg"; + "href" = "https://lidarr.fi33.buzz/"; + "widget" = { + "type" = "lidarr"; + "url" = "https://lidarr.fi33.buzz/"; + "key" = "@lidarr@"; + "enableQueue" = true; + }; + }; + } + { + "Prowlarr" = { + "description" = "Indexer management tool"; + "icon" = "prowlarr.svg"; + "href" = "https://prowlarr.fi33.buzz/"; + "widget" = { + "type" = "prowlarr"; + "url" = "https://prowlarr.fi33.buzz/"; + "key" = "@prowlarr@"; + }; + }; + } + { + "qBittorrent" = { + "description" = "BitTorrent client"; + "icon" = "qbittorrent.svg"; + "href" = "https://qbittorrent.fi33.buzz/"; + }; + } + ]; + } + { + "Services" = [ { "copyparty" = { "description" = "Cloud file manager"; @@ -79,13 +206,6 @@ in "href" = "https://syncthing.fi33.buzz/"; }; } - { - "qBittorrent" = { - "description" = "BitTorrent client"; - "icon" = "qbittorrent.svg"; - "href" = "https://qbittorrent.fi33.buzz/"; - }; - } { "Vaultwarden" = { "description" = "Password manager"; @@ -95,126 +215,6 @@ in } ]; } - { - "Media Management" = [ - { - "Lidarr" = { - "description" = "Music collection manager"; - "icon" = "lidarr.svg"; - "href" = "https://lidarr.fi33.buzz/"; - "widget" = { - "type" = "lidarr"; - "url" = "https://lidarr.fi33.buzz/"; - "key" = "@lidarr@"; - "enableQueue" = true; - }; - }; - } - { - "Prowlarr" = { - "description" = "Indexer management tool"; - "icon" = "prowlarr.svg"; - "href" = "https://prowlarr.fi33.buzz/"; - "widget" = { - "type" = "prowlarr"; - "url" = "https://prowlarr.fi33.buzz/"; - "key" = "@prowlarr@"; - }; - }; - } - { - "Radarr" = { - "description" = "Movie collection manager"; - "icon" = "radarr.svg"; - "href" = "https://radarr.fi33.buzz/"; - "widget" = { - "type" = "radarr"; - "url" = "https://radarr.fi33.buzz/"; - "key" = "@radarr@"; - "enableQueue" = true; - }; - }; - } - { - "Sonarr" = { - "description" = "TV show collection manager"; - "icon" = "sonarr.svg"; - "href" = "https://sonarr.fi33.buzz/"; - "widget" = { - "type" = "sonarr"; - "url" = "https://sonarr.fi33.buzz/"; - "key" = "@sonarr@"; - "enableQueue" = true; - }; - }; - } - ]; - } - { - "Media Streaming" = [ - { - "Immich" = { - "description" = "Photo backup"; - "icon" = "immich.svg"; - "href" = "https://immich.fi33.buzz/"; - "widget" = { - "type" = "immich"; - "fields" = [ - "users" - "photos" - "videos" - "storage" - ]; - "url" = "https://immich.fi33.buzz/"; - "version" = 2; - "key" = "@immich@"; - }; - }; - } - { - "Jellyfin" = { - "description" = "Media streaming"; - "icon" = "jellyfin.svg"; - "href" = "https://jellyfin.fi33.buzz/"; - "widget" = { - "type" = "jellyfin"; - "url" = "https://jellyfin.fi33.buzz/"; - "key" = "@jellyfin@"; - "enableBlocks" = true; - "enableNowPlaying" = true; - "enableUser" = true; - "showEpisodeNumber" = true; - "expandOneStreamToTwoRows" = false; - }; - }; - } - { - "Miniflux" = { - "description" = "RSS aggregator"; - "icon" = "miniflux.svg"; - "href" = "https://miniflux.fi33.buzz/"; - "widget" = { - "type" = "miniflux"; - "url" = "https://miniflux.fi33.buzz/"; - "key" = "@miniflux@"; - }; - }; - } - { - "Paperless" = { - "description" = "Digital filing cabinet"; - "icon" = "paperless.svg"; - "href" = "https://paperless.fi33.buzz/"; - "widget" = { - "type" = "paperlessngx"; - "url" = "https://paperless.fi33.buzz/"; - "username" = "admin"; - "password" = "@paperless@"; - }; - }; - } - ]; - } { "Utilities" = [ { @@ -234,22 +234,22 @@ in color = "neutral"; headerStyle = "clean"; layout = [ - { - "Media Streaming" = { - style = "row"; - columns = 4; - useEqualHeights = true; - }; - } { "Media Management" = { style = "row"; - columns = 4; + columns = 3; useEqualHeights = true; }; } { - "Cloud Services" = { + "Media Streaming" = { + style = "row"; + columns = 3; + useEqualHeights = true; + }; + } + { + "Services" = { style = "row"; columns = 3; }; From 7af587d54655fdc52e312ab790439d0a2b390473 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 29 Dec 2025 16:37:00 +1100 Subject: [PATCH 038/126] feat: install readarr --- modules/nixos/bundles/server.nix | 2 +- modules/nixos/features/homepage-dashboard.nix | 160 ++++++++++-------- modules/nixos/features/readarr.nix | 33 ++++ secrets/readarr.age | 10 ++ secrets/secrets.nix | 1 + 5 files changed, 131 insertions(+), 75 deletions(-) create mode 100644 modules/nixos/features/readarr.nix create mode 100644 secrets/readarr.age diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index c4ea292..210735e 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -14,7 +14,6 @@ "karakeep" "lidarr" "miniflux" - "radicale" "nginx" "ntfy-sh" "paperless" @@ -22,6 +21,7 @@ "qbittorrent" "radarr" "radicale" + "readarr" "sonarr" "syncthing" "vaultwarden" diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index b4b7897..42a4f2a 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -30,6 +30,7 @@ let "paperless" "prowlarr" "radarr" + "readarr" "sonarr" # keep-sorted end ]; @@ -41,74 +42,8 @@ in listenPort = port; allowedHosts = "homepage-dashboard.fi33.buzz"; services = [ - # keep-sorted start block=yes { "Media Management" = [ - { - "Immich" = { - "description" = "Photo backup"; - "icon" = "immich.svg"; - "href" = "https://immich.fi33.buzz/"; - "widget" = { - "type" = "immich"; - "fields" = [ - "users" - "photos" - "videos" - "storage" - ]; - "url" = "https://immich.fi33.buzz/"; - "version" = 2; - "key" = "@immich@"; - }; - }; - } - { - "Miniflux" = { - "description" = "RSS aggregator"; - "icon" = "miniflux.svg"; - "href" = "https://miniflux.fi33.buzz/"; - "widget" = { - "type" = "miniflux"; - "url" = "https://miniflux.fi33.buzz/"; - "key" = "@miniflux@"; - }; - }; - } - { - "Paperless" = { - "description" = "Digital filing cabinet"; - "icon" = "paperless.svg"; - "href" = "https://paperless.fi33.buzz/"; - "widget" = { - "type" = "paperlessngx"; - "url" = "https://paperless.fi33.buzz/"; - "username" = "admin"; - "password" = "@paperless@"; - }; - }; - } - ]; - } - { - "Media Streaming" = [ - { - "Jellyfin" = { - "description" = "Media streaming"; - "icon" = "jellyfin.svg"; - "href" = "https://jellyfin.fi33.buzz/"; - "widget" = { - "type" = "jellyfin"; - "url" = "https://jellyfin.fi33.buzz/"; - "key" = "@jellyfin@"; - "enableBlocks" = true; - "enableNowPlaying" = true; - "enableUser" = true; - "showEpisodeNumber" = true; - "expandOneStreamToTwoRows" = false; - }; - }; - } { "Radarr" = { "description" = "Movie collection manager"; @@ -148,6 +83,19 @@ in }; }; } + { + "Readarr" = { + "description" = "Book collection manager"; + "icon" = "readarr.svg"; + "href" = "https://readarr.fi33.buzz/"; + "widget" = { + "type" = "readarr"; + "url" = "https://readarr.fi33.buzz/"; + "key" = "@readarr@"; + "enableQueue" = true; + }; + }; + } { "Prowlarr" = { "description" = "Indexer management tool"; @@ -169,6 +117,71 @@ in } ]; } + { + "Media Streaming" = [ + { + "Immich" = { + "description" = "Photo backup"; + "icon" = "immich.svg"; + "href" = "https://immich.fi33.buzz/"; + "widget" = { + "type" = "immich"; + "fields" = [ + "users" + "photos" + "videos" + "storage" + ]; + "url" = "https://immich.fi33.buzz/"; + "version" = 2; + "key" = "@immich@"; + }; + }; + } + { + "Jellyfin" = { + "description" = "Media streaming"; + "icon" = "jellyfin.svg"; + "href" = "https://jellyfin.fi33.buzz/"; + "widget" = { + "type" = "jellyfin"; + "url" = "https://jellyfin.fi33.buzz/"; + "key" = "@jellyfin@"; + "enableBlocks" = true; + "enableNowPlaying" = true; + "enableUser" = true; + "showEpisodeNumber" = true; + "expandOneStreamToTwoRows" = false; + }; + }; + } + { + "Miniflux" = { + "description" = "RSS aggregator"; + "icon" = "miniflux.svg"; + "href" = "https://miniflux.fi33.buzz/"; + "widget" = { + "type" = "miniflux"; + "url" = "https://miniflux.fi33.buzz/"; + "key" = "@miniflux@"; + }; + }; + } + { + "Paperless" = { + "description" = "Digital filing cabinet"; + "icon" = "paperless.svg"; + "href" = "https://paperless.fi33.buzz/"; + "widget" = { + "type" = "paperlessngx"; + "url" = "https://paperless.fi33.buzz/"; + "username" = "admin"; + "password" = "@paperless@"; + }; + }; + } + ]; + } { "Services" = [ { @@ -226,7 +239,6 @@ in } ]; } - # keep-sorted end ]; settings = { title = "Mission Control"; @@ -234,13 +246,6 @@ in color = "neutral"; headerStyle = "clean"; layout = [ - { - "Media Management" = { - style = "row"; - columns = 3; - useEqualHeights = true; - }; - } { "Media Streaming" = { style = "row"; @@ -254,6 +259,13 @@ in columns = 3; }; } + { + "Media Management" = { + style = "row"; + columns = 3; + useEqualHeights = true; + }; + } { "Utilities" = { style = "row"; diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix new file mode 100644 index 0000000..f0f3227 --- /dev/null +++ b/modules/nixos/features/readarr.nix @@ -0,0 +1,33 @@ +let + port = 5016; +in +{ + services = { + readarr = { + enable = true; + dataDir = "/srv/readarr"; + settings.server = { + inherit port; + }; + group = "media"; + }; + + # borgmatic.settings = { + # source_directories = [ ]; + # postgresql_databases = [ + # { + # name = "readarr"; + # hostname = "localhost"; + # username = "root"; + # password = "{credential systemd borgmatic-pg}"; + # } + # ]; + # }; + + nginx.virtualHosts."readarr.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${toString port}"; + }; + }; +} diff --git a/secrets/readarr.age b/secrets/readarr.age new file mode 100644 index 0000000..e0d0607 --- /dev/null +++ b/secrets/readarr.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ qeJ25W5TGvWY8xc1I5sjjtP/98nGqoRMIFk6xLIbmi8 +RhUcEjz6mFp6uNVOpOgg6fPyL2cyrZH1ZWJTrax2xOE +-> ssh-ed25519 7+xRyQ jhJX/0+ZO+teoM2rUmdyFuI9V+tMe5kQaaHQFxwBGSU +fJmXSc/c3lth0cQgx8p/7G0WrnfgioSs8OcRa56B2s0 +-> ssh-ed25519 LtK9yQ UH9T6lRLG0pi0P84B9Zs/22nCKAoOAwL6KAmj+536U4 +h2DEqoPLgFqmVZOk/RhAIuifCexqt3ZFsIsCDm5KI3M +--- 6FY4tnGR8EIQyCWc3Xa3t8EqwcynoORmZqsp9zWUzZM +nā]Z0rTi:EE!  +uB{4cfvޟKj^2/` \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 69b1be1..74ef3d4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -30,6 +30,7 @@ in "prowlarr.age".publicKeys = users; "radarr.age".publicKeys = users; "radicale.age".publicKeys = users; + "readarr.age".publicKeys = users; "sonarr.age".publicKeys = users; "vaultwarden-admin.age".publicKeys = users; # keep-sorted end From 3d2a47ec7931c761a87701b194a081965ac2a73e Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 29 Dec 2025 13:55:36 +1100 Subject: [PATCH 039/126] feat: install kavita --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/kavita.nix | 25 +++++++++++++++++++++++++ secrets/kavita.age | Bin 0 -> 521 bytes secrets/secrets.nix | 1 + 4 files changed, 27 insertions(+) create mode 100644 modules/nixos/features/kavita.nix create mode 100644 secrets/kavita.age diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 210735e..a084543 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -12,6 +12,7 @@ "immich" "jellyfin" "karakeep" + "kavita" "lidarr" "miniflux" "nginx" diff --git a/modules/nixos/features/kavita.nix b/modules/nixos/features/kavita.nix new file mode 100644 index 0000000..c62259e --- /dev/null +++ b/modules/nixos/features/kavita.nix @@ -0,0 +1,25 @@ +{ + config, + ... +}: +let + port = 5015; +in +{ + services = { + kavita = { + enable = true; + dataDir = "/srv/kavita"; + settings.Port = port; + tokenKeyFile = config.age.secrets.kavita.path; + }; + + nginx.virtualHosts."kavita.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${toString port}"; + }; + }; + + age.secrets.kavita.file = ../../../secrets/kavita.age; +} diff --git a/secrets/kavita.age b/secrets/kavita.age new file mode 100644 index 0000000000000000000000000000000000000000..97f3de850e05cf85dd0a3d49f77d52de0835240c GIT binary patch literal 521 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^a;^+2~-F%F)ufa z2=ofi%6HH3GjuAlaL+2&&a4VCD{^yok1$Ru$;x)g&oNAOcH|1m&I&0@O|~ow2r~D~ zarDfHND0Yx^+|EgNYPIAt;kMJFYqfg3=b;JN=CQMT)QHuGEl*|)F{t9Bf{At&_LVE zI3gp>-6%IQ-NLD$pfJfRr=-L?pt34E!_42P!hp*tJt;Lc(l0%!(kL*$)FaZ{&&@X@ z-^eu7BqdclLc2K3(77NbpxDo^#24K*pAv7&%0Pw4C}(FUmz4BW&vK{2qDn8H5aSdJ zXYI^j^T6wnLqji< zFdxIxTrbl+PapGw@_a5`U0nsEfK-bJGuOlj_f)4+gPPa=@4@X?I&^nD ze_wTi{UHNyXfj)2)pu$3KVtc8y+4Id%Dp&JCt!He`%ls5j!x-XQ;w6BnOD~T<7!U7 mYnwg4GbcIq_Sxr8j;`G~ecM-KUdB~odRIHz<~c8zdKUmPg19aK literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 74ef3d4..7f26d4e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,6 +20,7 @@ in "copyparty-will.age".publicKeys = users; "immich.age".publicKeys = users; "jellyfin.age".publicKeys = users; + "kavita.age".publicKeys = users; "lidarr.age".publicKeys = users; "miniflux-creds.age".publicKeys = users; "paperless.age".publicKeys = users; From ea62d6906056907d60ce694c34433b5577d413e0 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 29 Dec 2025 16:47:09 +1100 Subject: [PATCH 040/126] feat: add kavita to dashboard --- modules/nixos/features/homepage-dashboard.nix | 13 +++++++++++++ secrets/kavita-api.age | Bin 0 -> 469 bytes secrets/secrets.nix | 1 + 3 files changed, 14 insertions(+) create mode 100644 secrets/kavita-api.age diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 42a4f2a..8d0a871 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -25,6 +25,7 @@ let # keep-sorted start "immich" "jellyfin" + "kavita-api" "lidarr" "miniflux" "paperless" @@ -155,6 +156,18 @@ in }; }; } + { + "Kavita" = { + "description" = "Book reader"; + "icon" = "kavita.svg"; + "href" = "https://kavita.fi33.buzz/"; + "widget" = { + "type" = "kavita"; + "url" = "https://kavita.fi33.buzz/"; + "key" = "@kavita-api@"; + }; + }; + } { "Miniflux" = { "description" = "RSS aggregator"; diff --git a/secrets/kavita-api.age b/secrets/kavita-api.age new file mode 100644 index 0000000000000000000000000000000000000000..0422408b32a713877aa84bb04b6c76feb99b64cd GIT binary patch literal 469 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^a;^+2~^OoC^e`o zHw!58DJk%;D#=VKHj0c&&v3~qGBWZs&JE1-N(~Loh)nm(bma;R$<{UtD9cDH%5o}k zb;>S_N{uMzJE6}sT-ypIqP2b0O((>9+HZ_CO+g#wTK5JTro=lm+?vPjnm@4QfxtZe^+ zh?Ml?loFHtbmu&$;ym*peedvcF5|EqpN!n{?BuM}G~fK-z?6zWg95kUEXR;+A4hLb zXZQ5voI;~Cw=fF>E?r$+1rw9pva~Fdd>`{fPc!GBz?4GEkO0G^KrctbEd3Duq%hZ9 z$Fd^l(6A5#F1wVR9S1MG<5^($yzIQCv?^yYOxx7Je9Tq+mw2bmr?2rJA^ Date: Mon, 29 Dec 2025 14:08:20 +1100 Subject: [PATCH 041/126] fix: web-feature template now includes a more fleshed-out backup section --- modules/templates/web-feature.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 98eba78..ef07755 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -7,7 +7,17 @@ in enable = true; }; - borgbackup.jobs = feature { }; + # borgmatic.settings = { + # source_directories = [ ]; + # postgresql_databases = [ + # { + # name = "feature"; + # hostname = "localhost"; + # username = "root"; + # password = "{credential systemd borgmatic-pg}"; + # } + # ]; + # }; nginx.virtualHosts."feature.fi33.buzz" = { forceSSL = true; From afe85b158ce2cb344f7e44d176ee5b6ed56279d2 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Fri, 2 Jan 2026 20:37:11 +1100 Subject: [PATCH 042/126] feat: add karakeep to homepage --- modules/nixos/features/homepage-dashboard.nix | 13 +++++++++++++ secrets/karakeep.age | Bin 0 -> 490 bytes secrets/secrets.nix | 1 + 3 files changed, 14 insertions(+) create mode 100644 secrets/karakeep.age diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 8d0a871..5662f96 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -25,6 +25,7 @@ let # keep-sorted start "immich" "jellyfin" + "karakeep" "kavita-api" "lidarr" "miniflux" @@ -168,6 +169,18 @@ in }; }; } + { + "Karakeep" = { + "description" = "Web clipper"; + "icon" = "karakeep.svg"; + "href" = "https://karakeep.fi33.buzz/"; + "widget" = { + "type" = "karakeep"; + "url" = "https://karakeep.fi33.buzz/"; + "key" = "@karakeep@"; + }; + }; + } { "Miniflux" = { "description" = "RSS aggregator"; diff --git a/secrets/karakeep.age b/secrets/karakeep.age new file mode 100644 index 0000000000000000000000000000000000000000..0ec5e36823d2d4bab74a3e5511eef34fddced75a GIT binary patch literal 490 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^a;^+2~>!PEcMKa z%FNf!@CdYY2@1AwP6}}k(hk=4&Z{zu%nJ3_PtCUoGxrDzPUi|R_07rmF!L*RG<7wP zattr=^Q-XBNeoCX3@J#C$jlCL3a!Ygbaf9*iA1-}T)QHuGEkw+puEgI*C-;yBP}95 z)GIZ`sM0dmJhZ?wsIXYEWO-iS98Chz|zvha0@Qalmd4P*TmwG;`}1tilhj4Z;SNEu+*@MKu5P+ z_tcz<4DH}#r(i?3Pzx?yU0sDFvy4gu&#)|GujIU3!(>zMz!H-Zv)sJ2v=SeSBGW`| zi=xte7jw%f7Za`m_U#WdR-apOf}_|(bWb2p;id-NboJIH_fA{KeS3L#<^sJ0?gQ25 zGxu9cF=W`zHO`SR3#2 Date: Sun, 4 Jan 2026 16:05:55 +0000 Subject: [PATCH 043/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'copyparty': 'github:9001/copyparty/4642d32' (2025-12-26) → 'github:9001/copyparty/364f74a' (2026-01-04) • Updated input 'home-manager': 'github:nix-community/home-manager/80cca72' (2025-12-28) → 'github:nix-community/home-manager/7d5927b' (2026-01-04) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/3e2499d' (2025-12-25) → 'github:nixos/nixpkgs/fb7944c' (2026-01-02) • Updated input 'nixvim': 'github:nix-community/nixvim/51ae991' (2025-12-28) → 'github:nix-community/nixvim/d61584c' (2026-01-02) • Updated input 'nur': 'github:nix-community/NUR/6580345' (2025-12-28) → 'github:nix-community/NUR/3b2e3c6' (2026-01-04) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/fe8d1a6' (2025-12-28) → 'github:0xc000022070/zen-browser-flake/e3efa5e' (2026-01-04) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/58bf3ec' (2025-12-14) → 'github:nix-community/home-manager/e4e78a2' (2025-12-30) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 5eef214..2464ca4 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1766769718, - "narHash": "sha256-HUFMhHktTdcdXL31Bhhjm+35W32xhts7ki67zADYwmw=", + "lastModified": 1767530379, + "narHash": "sha256-1TKk9TuhGqEMkQhPN53n6skMT4qFfkbEWWscCIE0UMw=", "owner": "9001", "repo": "copyparty", - "rev": "4642d32366e30c131d933c8bd0a519b69f4d3fff", + "rev": "364f74a1bd1020a3d7663c453ac5bf1b1408ff8f", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1766936966, - "narHash": "sha256-LfixPDPlysn7sAUVyHEL8sjzgoYv2abDLoCxAlzY440=", + "lastModified": 1767525999, + "narHash": "sha256-1E9xlYlyl3EnUrwxoaJMTK7dFrC2llL/TJ+T4xIcXDY=", "owner": "nix-community", "repo": "home-manager", - "rev": "80cca72314c3b18896f2a412f2f070d17810b45f", + "rev": "7d5927b63cea63deb655b3e8421ae17ebb9feac2", "type": "github" }, "original": { @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1765682243, - "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=", + "lastModified": 1767104570, + "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=", "owner": "nix-community", "repo": "home-manager", - "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03", + "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf", "type": "github" }, "original": { @@ -200,11 +200,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1766651565, - "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", + "lastModified": 1767379071, + "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", + "rev": "fb7944c166a3b630f177938e478f0378e64ce108", "type": "github" }, "original": { @@ -223,11 +223,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1766918207, - "narHash": "sha256-G/Msy+w6e6W5Z517draGcMC0Fqpl4cfutZS5ijndpyM=", + "lastModified": 1767361654, + "narHash": "sha256-EQeicMekc0p+A8HBIAOdnyeAijqJKQYuj1CfTW4Wd+k=", "owner": "nix-community", "repo": "nixvim", - "rev": "51ae9913767528723397e1b227bd32a080058bb5", + "rev": "d61584cc4cac9af1ba74ad235992df575391276d", "type": "github" }, "original": { @@ -244,11 +244,11 @@ ] }, "locked": { - "lastModified": 1766935682, - "narHash": "sha256-9Lgge+E7rWEtMux+AVKOXMjoc0kQuPp5KSMf74xVdfU=", + "lastModified": 1767541705, + "narHash": "sha256-ZuHmgfkTmEngJtlRaB50ALCX2emLfI5KoDfD4Z0JSU0=", "owner": "nix-community", "repo": "NUR", - "rev": "6580345ce88dd3b98aaaefc253ea3c0c712e0dc2", + "rev": "3b2e3c6474266559c666fbc8415a08998ab9de3c", "type": "github" }, "original": { @@ -306,11 +306,11 @@ ] }, "locked": { - "lastModified": 1766897152, - "narHash": "sha256-mD1GDg1eIHYUwk536j4uJX1IfQArsLQm2SL7rTQwAPI=", + "lastModified": 1767502237, + "narHash": "sha256-rRrn9I4H692troUl5pBtE3Y5mG2msSMU/2ro7+ZQrFM=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "fe8d1a61a904b336f453d7ab5ae7d691a21c5cbf", + "rev": "e3efa5e2b53982f985044062c98426ec75d6695b", "type": "github" }, "original": { From 3e02dccb0dd92a75339738f2f0bef82fed5e2ff6 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 5 Jan 2026 20:46:49 +1100 Subject: [PATCH 044/126] feat: install jellyfin desktop client --- modules/nixos/bundles/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/bundles/desktop.nix b/modules/nixos/bundles/desktop.nix index 90debff..156acdc 100644 --- a/modules/nixos/bundles/desktop.nix +++ b/modules/nixos/bundles/desktop.nix @@ -19,6 +19,7 @@ beeper calibre cameractrls-gtk3 + jellyfin-desktop # https://github.com/NixOS/nixpkgs/issues/437865 # jellyfin-media-player onlyoffice-desktopeditors From 371cb76021ff2173957889a786bc8db1bf892dd8 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 5 Jan 2026 20:50:38 +1100 Subject: [PATCH 045/126] fix: dogdns is unmaintained, recommended to switch to doggo --- modules/nixos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index e980470..c9e0229 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -31,7 +31,7 @@ circumflex # hacker news browsing cointop # crypto ticker ddgr # web search - dogdns # dns + doggo # dns dua # du duf # df epy # ebook reading From 671284abc19dfe5642532b6e3fe97a6e45b554ab Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 5 Jan 2026 23:54:56 +1100 Subject: [PATCH 046/126] refactor: re-classify home manager modules --- modules/home-manager/bundles/desktop.nix | 3 --- modules/home-manager/bundles/dev.nix | 3 +++ modules/home-manager/default.nix | 4 +++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/home-manager/bundles/desktop.nix b/modules/home-manager/bundles/desktop.nix index 60e4e46..b85caa6 100644 --- a/modules/home-manager/bundles/desktop.nix +++ b/modules/home-manager/bundles/desktop.nix @@ -5,12 +5,9 @@ { imports = util.toImports ../features [ # keep-sorted start - "aerc" "firefox" "kitty" - "mail" "obsidian" - "zellij" "zen-browser" # keep-sorted end ]; diff --git a/modules/home-manager/bundles/dev.nix b/modules/home-manager/bundles/dev.nix index 817db50..c5510a2 100644 --- a/modules/home-manager/bundles/dev.nix +++ b/modules/home-manager/bundles/dev.nix @@ -4,6 +4,9 @@ }: { imports = util.toImports ../features [ + # keep-sorted start + "direnv" "zed-editor" + # keep-sorted end ]; } diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 119520d..6433535 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -5,17 +5,19 @@ { imports = util.toImports ./features [ # keep-sorted start + "aerc" "agenix" "bat" "delta" - "direnv" "eza" "fish" "gh" "git" "lazygit" + "mail" "starship" "yazi" + "zellij" "zoxide" # keep-sorted end ]; From f2b6808c9377330ae6172407041560f1334e894a Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 6 Jan 2026 12:30:26 +1100 Subject: [PATCH 047/126] refactor: move graphical applications to a separate bundle this facilitates lean clients, e.g. a laptop with only a virutal console --- hosts/desktop/configuration.nix | 1 + hosts/desktop/home.nix | 1 + hosts/laptop/configuration.nix | 1 + hosts/laptop/home.nix | 1 + modules/home-manager/bundles/desktop.nix | 7 +++---- modules/home-manager/bundles/gui.nix | 14 ++++++++++++++ modules/home-manager/default.nix | 3 --- modules/nixos/bundles/desktop.nix | 16 ---------------- modules/nixos/bundles/gui.nix | 24 ++++++++++++++++++++++++ modules/nixos/default.nix | 1 - 10 files changed, 45 insertions(+), 24 deletions(-) create mode 100644 modules/home-manager/bundles/gui.nix create mode 100644 modules/nixos/bundles/gui.nix diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 80046ef..a56569e 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -25,6 +25,7 @@ # keep-sorted start "desktop" "dev" + "gui" # keep-sorted end ]); diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index 67a1c36..b745929 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -13,6 +13,7 @@ # keep-sorted start "desktop" "dev" + "gui" # keep-sorted end ]); diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index d85226d..209193a 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -23,6 +23,7 @@ # keep-sorted start "desktop" "dev" + "gui" # keep-sorted end ]); diff --git a/hosts/laptop/home.nix b/hosts/laptop/home.nix index 2fc7f29..1de2aff 100644 --- a/hosts/laptop/home.nix +++ b/hosts/laptop/home.nix @@ -13,6 +13,7 @@ # keep-sorted start "desktop" "dev" + "gui" # keep-sorted end ]); diff --git a/modules/home-manager/bundles/desktop.nix b/modules/home-manager/bundles/desktop.nix index b85caa6..9287ba2 100644 --- a/modules/home-manager/bundles/desktop.nix +++ b/modules/home-manager/bundles/desktop.nix @@ -5,10 +5,9 @@ { imports = util.toImports ../features [ # keep-sorted start - "firefox" - "kitty" - "obsidian" - "zen-browser" + "aerc" + "mail" + "zellij" # keep-sorted end ]; } diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix new file mode 100644 index 0000000..b85caa6 --- /dev/null +++ b/modules/home-manager/bundles/gui.nix @@ -0,0 +1,14 @@ +{ + util, + ... +}: +{ + imports = util.toImports ../features [ + # keep-sorted start + "firefox" + "kitty" + "obsidian" + "zen-browser" + # keep-sorted end + ]; +} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 6433535..56bc171 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -5,7 +5,6 @@ { imports = util.toImports ./features [ # keep-sorted start - "aerc" "agenix" "bat" "delta" @@ -14,10 +13,8 @@ "gh" "git" "lazygit" - "mail" "starship" "yazi" - "zellij" "zoxide" # keep-sorted end ]; diff --git a/modules/nixos/bundles/desktop.nix b/modules/nixos/bundles/desktop.nix index 156acdc..b5b48c2 100644 --- a/modules/nixos/bundles/desktop.nix +++ b/modules/nixos/bundles/desktop.nix @@ -1,8 +1,5 @@ { - # keep-sorted start - pkgs, util, - # keep-sorted end ... }: { @@ -13,17 +10,4 @@ "protonmail-bridge" # keep-sorted end ]; - - environment.systemPackages = with pkgs; [ - # keep-sorted start - beeper - calibre - cameractrls-gtk3 - jellyfin-desktop - # https://github.com/NixOS/nixpkgs/issues/437865 - # jellyfin-media-player - onlyoffice-desktopeditors - textsnatcher - # keep-sorted end - ]; } diff --git a/modules/nixos/bundles/gui.nix b/modules/nixos/bundles/gui.nix new file mode 100644 index 0000000..d1b81bc --- /dev/null +++ b/modules/nixos/bundles/gui.nix @@ -0,0 +1,24 @@ +{ + # keep-sorted start + pkgs, + util, + # keep-sorted end + ... +}: +{ + imports = util.toImports ../features [ + # keep-sorted start + "fonts" + # keep-sorted end + ]; + + environment.systemPackages = with pkgs; [ + # keep-sorted start + beeper + cameractrls-gtk3 + jellyfin-desktop + onlyoffice-desktopeditors + textsnatcher + # keep-sorted end + ]; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index c9e0229..05188b5 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -9,7 +9,6 @@ imports = util.toImports ./features [ # keep-sorted start "agenix" - "fonts" "localisation" "network" "nh" From bcc0914e323cbceb109a9465e4e4695dc38c7180 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 7 Jan 2026 12:16:39 +1100 Subject: [PATCH 048/126] fix: deprecate zen in favour of vanilla firefox firefox has vertical tabs now, tab grouping, and soon split view --- flake.lock | 45 +--------------------------- flake.nix | 12 ++++---- modules/home-manager/bundles/gui.nix | 2 +- modules/nixos/bundles/dev.nix | 2 +- 4 files changed, 9 insertions(+), 52 deletions(-) diff --git a/flake.lock b/flake.lock index 2464ca4..bdf29d4 100644 --- a/flake.lock +++ b/flake.lock @@ -162,27 +162,6 @@ "type": "github" } }, - "home-manager_3": { - "inputs": { - "nixpkgs": [ - "zen-browser", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1767104570, - "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1748162331, @@ -264,8 +243,7 @@ "home-manager": "home-manager_2", "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", - "nur": "nur", - "zen-browser": "zen-browser" + "nur": "nur" } }, "systems": { @@ -297,27 +275,6 @@ "repo": "default", "type": "github" } - }, - "zen-browser": { - "inputs": { - "home-manager": "home-manager_3", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1767502237, - "narHash": "sha256-rRrn9I4H692troUl5pBtE3Y5mG2msSMU/2ro7+ZQrFM=", - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "rev": "e3efa5e2b53982f985044062c98426ec75d6695b", - "type": "github" - }, - "original": { - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f8e4131..16035c9 100644 --- a/flake.nix +++ b/flake.nix @@ -21,10 +21,10 @@ url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "nixpkgs"; }; - zen-browser = { - url = "github:0xc000022070/zen-browser-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # zen-browser = { + # url = "github:0xc000022070/zen-browser-flake"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # keep-sorted end }; @@ -35,7 +35,7 @@ home-manager, nixpkgs, nur, - zen-browser, + # zen-browser, # keep-sorted end ... }@inputs: @@ -59,7 +59,7 @@ users.${userName}.imports = [ ./hosts/${hostName}/home.nix agenix.homeManagerModules.default - zen-browser.homeModules.twilight + # zen-browser.homeModules.twilight ]; backupFileExtension = "backup"; extraSpecialArgs = { diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix index b85caa6..93f579c 100644 --- a/modules/home-manager/bundles/gui.nix +++ b/modules/home-manager/bundles/gui.nix @@ -8,7 +8,7 @@ "firefox" "kitty" "obsidian" - "zen-browser" + # "zen-browser" # keep-sorted end ]; } diff --git a/modules/nixos/bundles/dev.nix b/modules/nixos/bundles/dev.nix index e5c5f48..b9eb440 100644 --- a/modules/nixos/bundles/dev.nix +++ b/modules/nixos/bundles/dev.nix @@ -10,7 +10,7 @@ devenv just mask - rusty-man + # rusty-man vscode # keep-sorted end ]; From 070305fe6ede63beb2c96a67ba9d2a90df5489ea Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 6 Jan 2026 14:39:22 +1100 Subject: [PATCH 049/126] feat: move /media directory on host to external drive under /mnt/external --- hosts/server/configuration.nix | 16 ++++++++++++++++ modules/nixos/features/borgmatic.nix | 10 +--------- modules/nixos/features/homepage-dashboard.nix | 2 +- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 6d595e5..2e6b0b8 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -23,6 +23,22 @@ "server" ]); + # external drive + services.udisks2.enable = true; + fileSystems."/mnt/external" = { + device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e"; + fsType = "ext4"; + options = [ + "nofail" + "defaults" + "user" + "rw" + "utf8" + "noauto" + "umask=000" + ]; + }; + networking.hostName = "${hostName}"; # hardened openssh diff --git a/modules/nixos/features/borgmatic.nix b/modules/nixos/features/borgmatic.nix index 469c5a1..5652eb7 100644 --- a/modules/nixos/features/borgmatic.nix +++ b/modules/nixos/features/borgmatic.nix @@ -37,7 +37,7 @@ }; repositories = [ { - path = "/backup/repo"; + path = "/mnt/external/backup/repo"; label = "onsite"; # encryption = "repokey-blake2"; } @@ -73,14 +73,6 @@ ]; # onsite drive - services.udisks2.enable = true; - fileSystems."/backup" = { - device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e"; - fsType = "ext4"; - options = [ - "nofail" - ]; - }; # secrets age.secrets = { diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 5662f96..4a2be45 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -322,7 +322,7 @@ in memory = true; disk = [ "/" - "/backup" + "/mnt/external" ]; cputemp = true; tempmin = 0; From a314b1022fdd2af36e0c52a8e9b4bcc49e2715c9 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 7 Jan 2026 12:20:18 +1100 Subject: [PATCH 050/126] feat(git): rebase branch by default when pulling --- modules/home-manager/features/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home-manager/features/git.nix b/modules/home-manager/features/git.nix index 2ee75a1..8bffb72 100644 --- a/modules/home-manager/features/git.nix +++ b/modules/home-manager/features/git.nix @@ -5,7 +5,7 @@ init.defaultBranch = "main"; core.editor = "nvim"; push.autoSetupRemote = true; - pull.rebase = false; + pull.rebase = true; user = { name = "wi11-holdsworth"; email = "83637728+wi11-holdsworth@users.noreply.github.com"; From f7d138dd19376056a013bdec24aa1bdbee9dc012 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 31 Dec 2025 16:05:35 +1100 Subject: [PATCH 051/126] feat: install bazarr --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/bazarr.nix | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 modules/nixos/features/bazarr.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index a084543..127e2c3 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -5,6 +5,7 @@ { imports = util.toImports ../features [ # keep-sorted start + "bazarr" "copyparty" "couchdb" "flaresolverr" diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix new file mode 100644 index 0000000..c1ebae6 --- /dev/null +++ b/modules/nixos/features/bazarr.nix @@ -0,0 +1,19 @@ +let + port = 5017; +in +{ + services = { + bazarr = { + enable = true; + dataDir = "/srv/bazarr"; + group = "media"; + listenPort = port; + }; + + nginx.virtualHosts."bazarr.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${toString port}"; + }; + }; +} From 9ee61d787aa72c9b4bffbe011696f97d9d4ace3a Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 31 Dec 2025 16:40:40 +1100 Subject: [PATCH 052/126] feat: add bazarr to homepage dashboard --- modules/nixos/features/homepage-dashboard.nix | 13 +++++++++++++ secrets/bazarr.age | 9 +++++++++ secrets/secrets.nix | 1 + 3 files changed, 23 insertions(+) create mode 100644 secrets/bazarr.age diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 4a2be45..bd2a28b 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -23,6 +23,7 @@ let secrets = [ # keep-sorted start + "bazarr" "immich" "jellyfin" "karakeep" @@ -98,6 +99,18 @@ in }; }; } + { + "Bazarr" = { + "description" = "Subtitle downloader and manager"; + "icon" = "bazarr.svg"; + "href" = "https://bazarr.fi33.buzz/"; + "widget" = { + "type" = "bazarr"; + "url" = "https://bazarr.fi33.buzz/"; + "key" = "@bazarr@"; + }; + }; + } { "Prowlarr" = { "description" = "Indexer management tool"; diff --git a/secrets/bazarr.age b/secrets/bazarr.age new file mode 100644 index 0000000..82d61ca --- /dev/null +++ b/secrets/bazarr.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ pNb65h8kPUdFi7vgKoENqFf9NuQAfegSAM+SVxoTdGQ +7pDfhxs55Q4HQetasY6tZX76aOleLTCTi3xEdCqPdFo +-> ssh-ed25519 7+xRyQ SiBuQH6fIUFidqFUIFfE9i0zJhuMAWYmDCeszOJLZlE +ASEBjHaAVrH6z/43Rfnh2P0REg7f0b53fqbLHD44P8g +-> ssh-ed25519 LtK9yQ F6FnS/nRerbt/tMCl48CMjyKwhgCI8ti40klovGXdGU +ksVfKN3xowiBhwzyS9DLdmVX1QLCo8hvNiNux0MkiXU +--- rMrNsQ0G/k0MAwDOBd9IYDb2Lc8N/RaGXIGKtm9FL1c +q 9o-dtB7v*i:.G/t),+/vCD}SX(} *4[~l \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e52a32d..d13f6ed 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -15,6 +15,7 @@ let in { # keep-sorted start + "bazarr.age".publicKeys = users; "borgmatic-pg.age".publicKeys = users; "borgmatic.age".publicKeys = users; "copyparty-will.age".publicKeys = users; From ee83c94cf93e482f693b99a5e0c9c8af46af28c9 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 7 Jan 2026 17:53:50 +1100 Subject: [PATCH 053/126] fix(flaresolverr): unlikely to ever work again, cloudflare team always monitoring --- modules/nixos/bundles/server.nix | 1 - modules/nixos/features/flaresolverr.nix | 17 ----------------- 2 files changed, 18 deletions(-) delete mode 100644 modules/nixos/features/flaresolverr.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 127e2c3..f5aede1 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -8,7 +8,6 @@ "bazarr" "copyparty" "couchdb" - "flaresolverr" "homepage-dashboard" "immich" "jellyfin" diff --git a/modules/nixos/features/flaresolverr.nix b/modules/nixos/features/flaresolverr.nix deleted file mode 100644 index e9f7f45..0000000 --- a/modules/nixos/features/flaresolverr.nix +++ /dev/null @@ -1,17 +0,0 @@ -let - port = 5011; -in -{ - services = { - flaresolverr = { - enable = true; - inherit port; - }; - - nginx.virtualHosts."flaresolverr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; - }; -} From 2f5065d610537d606f5cc72c5a3fbe93e432e344 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 7 Jan 2026 18:02:14 +1100 Subject: [PATCH 054/126] feat(server): remove unneccesary media group and add *arr apps to srv group --- modules/nixos/bundles/server.nix | 2 -- modules/nixos/features/bazarr.nix | 2 +- modules/nixos/features/jellyfin.nix | 2 +- modules/nixos/features/lidarr.nix | 2 +- modules/nixos/features/qbittorrent.nix | 4 +--- modules/nixos/features/radarr.nix | 2 +- modules/nixos/features/readarr.nix | 14 +------------- modules/nixos/features/sonarr.nix | 2 +- 8 files changed, 7 insertions(+), 23 deletions(-) diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index f5aede1..36b7329 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -29,7 +29,5 @@ # keep-sorted end ]; - users.groups.media = { }; - services.borgmatic.settings.source_directories = [ "/srv" ]; } diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix index c1ebae6..5407a2f 100644 --- a/modules/nixos/features/bazarr.nix +++ b/modules/nixos/features/bazarr.nix @@ -6,7 +6,7 @@ in bazarr = { enable = true; dataDir = "/srv/bazarr"; - group = "media"; + group = "srv"; listenPort = port; }; diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index 330adff..a4490be 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -6,7 +6,7 @@ in jellyfin = { enable = true; dataDir = "/srv/jellyfin"; - group = "media"; + group = "srv"; }; nginx.virtualHosts."jellyfin.fi33.buzz" = { diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 8132318..0b6fb4b 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -9,7 +9,7 @@ in settings.server = { inherit port; }; - group = "media"; + group = "srv"; }; nginx.virtualHosts."lidarr.fi33.buzz" = { diff --git a/modules/nixos/features/qbittorrent.nix b/modules/nixos/features/qbittorrent.nix index 0134eb1..f4e8d54 100644 --- a/modules/nixos/features/qbittorrent.nix +++ b/modules/nixos/features/qbittorrent.nix @@ -7,7 +7,7 @@ in enable = true; webuiPort = port; profileDir = "/srv"; - group = "media"; + group = "srv"; extraArgs = [ "--confirm-legal-notice" ]; @@ -19,6 +19,4 @@ in locations."/".proxyPass = "http://localhost:${toString port}"; }; }; - - users.users.qbittorrent.extraGroups = [ "media" ]; } diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index 8cce599..8cbcc4c 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -9,7 +9,7 @@ in settings.server = { inherit port; }; - group = "media"; + group = "srv"; }; nginx.virtualHosts."radarr.fi33.buzz" = { diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix index f0f3227..4f8e419 100644 --- a/modules/nixos/features/readarr.nix +++ b/modules/nixos/features/readarr.nix @@ -9,21 +9,9 @@ in settings.server = { inherit port; }; - group = "media"; + group = "srv"; }; - # borgmatic.settings = { - # source_directories = [ ]; - # postgresql_databases = [ - # { - # name = "readarr"; - # hostname = "localhost"; - # username = "root"; - # password = "{credential systemd borgmatic-pg}"; - # } - # ]; - # }; - nginx.virtualHosts."readarr.fi33.buzz" = { forceSSL = true; useACMEHost = "fi33.buzz"; diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index f5ff5b3..f0d0a26 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -9,7 +9,7 @@ in settings.server = { inherit port; }; - group = "media"; + group = "srv"; }; nginx.virtualHosts."sonarr.fi33.buzz" = { From 8683f1838bb6133cbe354d4641b8206d01740f3a Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 7 Jan 2026 16:43:26 +1100 Subject: [PATCH 055/126] feat(nzbget): install --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/homepage-dashboard.nix | 16 +++++++++++++- modules/nixos/features/nzbget.nix | 21 +++++++++++++++++++ secrets/nzbget.age | 9 ++++++++ secrets/secrets.nix | 1 + 5 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 modules/nixos/features/nzbget.nix create mode 100644 secrets/nzbget.age diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 36b7329..315cffb 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -17,6 +17,7 @@ "miniflux" "nginx" "ntfy-sh" + "nzbget" "paperless" "prowlarr" "qbittorrent" diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index bd2a28b..bd94636 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -30,6 +30,7 @@ let "kavita-api" "lidarr" "miniflux" + "nzbget" "paperless" "prowlarr" "radarr" @@ -123,6 +124,19 @@ in }; }; } + { + "NZBget" = { + "description" = "Usenet client"; + "icon" = "nzbget.svg"; + "href" = "https://nzbget.fi33.buzz/"; + "widget" = { + "type" = "nzbget"; + "url" = "https://nzbget.fi33.buzz/"; + "username" = "will"; + "password" = "@nzbget@"; + }; + }; + } { "qBittorrent" = { "description" = "BitTorrent client"; @@ -301,7 +315,7 @@ in { "Media Management" = { style = "row"; - columns = 3; + columns = 4; useEqualHeights = true; }; } diff --git a/modules/nixos/features/nzbget.nix b/modules/nixos/features/nzbget.nix new file mode 100644 index 0000000..6d2199f --- /dev/null +++ b/modules/nixos/features/nzbget.nix @@ -0,0 +1,21 @@ +let + port = 5018; +in +{ + services = { + nzbget = { + enable = true; + settings = { + MainDir = "/srv/nzbget"; + ControlPort = port; + }; + group = "srv"; + }; + + nginx.virtualHosts."nzbget.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${toString port}"; + }; + }; +} diff --git a/secrets/nzbget.age b/secrets/nzbget.age new file mode 100644 index 0000000..d1b0116 --- /dev/null +++ b/secrets/nzbget.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ dVoQlNoygZ2PJphsgjcNHARKCqqY8Qw7Rj3KFG4xOBc +/iQwxHFppTms9eA65uUbueylExReDhltYO2gxRGhoYk +-> ssh-ed25519 7+xRyQ 2ffDFWxx+fzdEr0c1U9stintGCQOIddSQR3F3N5/Kn0 +RkK+M3d3O9Kw2XI0mAEGfelu/wMmqI7FoaatMy2scdc +-> ssh-ed25519 LtK9yQ 4KeORDGwLz3xUCwevFWjBr7F9Jl0J4hUHG32YyloqBk +kYUveBVUZLEdU1hO+Z8S7NOtNwnPYFE4VMu4NmdPPqs +--- ldpx8r1tWc4sCfV3oWtYMa6L6MWkRUDjtrzZ7GVC0cw +>!sX=S`76* \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d13f6ed..70d624e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -26,6 +26,7 @@ in "kavita.age".publicKeys = users; "lidarr.age".publicKeys = users; "miniflux-creds.age".publicKeys = users; + "nzbget.age".publicKeys = users; "paperless.age".publicKeys = users; "porkbun-api.age".publicKeys = users; "protonmail-cert.age".publicKeys = users; From 2517ff6067b61a25bad88e62ebc4f70175db1a35 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 7 Jan 2026 18:53:38 +1100 Subject: [PATCH 056/126] fix(homepage-dashboard): prowlarr api key changed --- secrets/prowlarr.age | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/secrets/prowlarr.age b/secrets/prowlarr.age index bb7d73c..8883300 100644 --- a/secrets/prowlarr.age +++ b/secrets/prowlarr.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 LtK9yQ YVgPDwV8XS85LpMBbpgsXmoc2E0w2qopErn//kDHJzo -ZX3RIdYPxwOzpLddoGhi0aJ4H89hcpmlPgJuyTiYzlE --> ssh-ed25519 qLT+DQ KQMInU5B/vVG4dr0DGAFk1Yf+LbnPkV7OqfiqRaNgzo -BeMLVvtSKSKIPplIorIJSBMciQj5GYF1ltGbUn8SsJA --> ssh-ed25519 7+xRyQ Cr+rUSSDpC5WLh/bvWKJkf2SWIcljLofx3ybcVcK0z4 -kqabKTHxNxH9xfgShKTcleNXjBf/huoU+hH9tnOx5hg ---- J6RjAbLUNOKkb2UQyVjgTyrfyrIkDFMkQtXZypBDfWw -14%6p< ($$toI8;pZb83hf!mNסc8U \ No newline at end of file +-> ssh-ed25519 qLT+DQ EgHCxhqEyRGiBNRBw8Cs2NmM4nihbZSEw4C3JJ2muRE +Pqnh8JpDHEvsgkJTwJzrkx/A0oBg2n7TumVCgHOceD8 +-> ssh-ed25519 7+xRyQ WLCkfRiBsqZohjc+z4rs4sHFMAtsRvqiocsnUlZkAVg +ebJft8vHhi4rd9T0BOl388SKun+3vF3P6/u7U4vdy5c +-> ssh-ed25519 LtK9yQ 8suX3vEyfqVcbNy4ZQxPRvaJg+4TJTR0cSlAgV04rzc +i8cmfhsETd4Y7epbyan5ION7W2g5QazyJA3AcGlXKKI +--- 7jsZ4aF4WyshNUtjP83yf2yHaR1UXfWEdbHhwmfyGhM +&zP 'س],qTx@l}Io.qGT|!= \ No newline at end of file From 655226908175de74cb82c5c65f363579e0b3a4ed Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 7 Jan 2026 18:54:44 +1100 Subject: [PATCH 057/126] fix(borgmatic): moving backup repo to another drive disabled backup momentarily --- modules/nixos/features/borgmatic.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/features/borgmatic.nix b/modules/nixos/features/borgmatic.nix index 5652eb7..bd45777 100644 --- a/modules/nixos/features/borgmatic.nix +++ b/modules/nixos/features/borgmatic.nix @@ -35,6 +35,7 @@ "fail" ]; }; + relocated_repo_access_is_ok = true; repositories = [ { path = "/mnt/external/backup/repo"; From b3eaee27c91bdb1daf71a0599f969f1cc2e79a81 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Mon, 12 Jan 2026 17:17:41 +1100 Subject: [PATCH 058/126] feat(nzbget): install unrar to enable nzbget to extract rar arhcives --- modules/nixos/features/nzbget.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/features/nzbget.nix b/modules/nixos/features/nzbget.nix index 6d2199f..ff6f7d5 100644 --- a/modules/nixos/features/nzbget.nix +++ b/modules/nixos/features/nzbget.nix @@ -1,3 +1,7 @@ +{ + pkgs, + ... +}: let port = 5018; in @@ -18,4 +22,6 @@ in locations."/".proxyPass = "http://localhost:${toString port}"; }; }; + + environment.systemPackages = with pkgs; [ unrar ]; } From a56efefe1e684f219d42970fffa9c96b8a908ec9 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 13 Jan 2026 13:03:51 +1100 Subject: [PATCH 059/126] fix(homepage-dashboard): update login credentials for nzbget --- modules/nixos/features/homepage-dashboard.nix | 2 +- secrets/nzbget.age | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index bd94636..c52cdf0 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -132,7 +132,7 @@ in "widget" = { "type" = "nzbget"; "url" = "https://nzbget.fi33.buzz/"; - "username" = "will"; + "username" = "nzbget"; "password" = "@nzbget@"; }; }; diff --git a/secrets/nzbget.age b/secrets/nzbget.age index d1b0116..6d7bec1 100644 --- a/secrets/nzbget.age +++ b/secrets/nzbget.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 qLT+DQ dVoQlNoygZ2PJphsgjcNHARKCqqY8Qw7Rj3KFG4xOBc -/iQwxHFppTms9eA65uUbueylExReDhltYO2gxRGhoYk --> ssh-ed25519 7+xRyQ 2ffDFWxx+fzdEr0c1U9stintGCQOIddSQR3F3N5/Kn0 -RkK+M3d3O9Kw2XI0mAEGfelu/wMmqI7FoaatMy2scdc --> ssh-ed25519 LtK9yQ 4KeORDGwLz3xUCwevFWjBr7F9Jl0J4hUHG32YyloqBk -kYUveBVUZLEdU1hO+Z8S7NOtNwnPYFE4VMu4NmdPPqs ---- ldpx8r1tWc4sCfV3oWtYMa6L6MWkRUDjtrzZ7GVC0cw ->!sX=S`76* \ No newline at end of file +-> ssh-ed25519 qLT+DQ lEh3/6XbXaiVdCK5gEl/Vy5wIyeg4oD+1q9js0p/bG0 +5O+ivgDvislMJbvE/bSRy6mF+ie6aGK6yAoc2TWlPOk +-> ssh-ed25519 7+xRyQ D03BRt3lUgEihDcJDFspP2RPt6WorIvGiRI1jnDT+gk +GuOES+KE5CUj733aSC+5wslfYRvCm27rvNnUDi/DiRE +-> ssh-ed25519 LtK9yQ K35hFXPZN4JhS9L8YfG+fwE2bbWLPc4r/rsQnxq68XM +GhWHGZzESMKKhQjCXT9yDHgpa/Y7eAxwi935lWts72A +--- wlbsANHwH3ah2YNlkaefazTv2zWsxE5kHCFOGcuSJQ0 + |,K+% (E"K" m`"\:'xljujU`TF;Z9M \ No newline at end of file From 489a5b5f261d2865fe9b72d5e44c85ce11688e2c Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 13 Jan 2026 12:45:06 +1100 Subject: [PATCH 060/126] feat(qui): install --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/qui.nix | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 modules/nixos/features/qui.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 315cffb..3789693 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -21,6 +21,7 @@ "paperless" "prowlarr" "qbittorrent" + "qui" "radarr" "radicale" "readarr" diff --git a/modules/nixos/features/qui.nix b/modules/nixos/features/qui.nix new file mode 100644 index 0000000..f7392f5 --- /dev/null +++ b/modules/nixos/features/qui.nix @@ -0,0 +1,30 @@ +{ + # keep-sorted start + lib, + pkgs, + # keep-sorted end + ... +}: +let + port = 5019; +in +{ + environment.systemPackages = [ pkgs.qui ]; + + systemd.user.services.qui = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${lib.getExe pkgs.qui} serve"; + + environment = { + QUI__PORT = toString port; + QUI__DATA_DIR = "/srv/qui"; + }; + }; + + services.nginx.virtualHosts."qui.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${toString port}"; + }; +} From 8ab2740c3f8b9a324ecfac7f5d6d4ecc4c516f90 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 13 Jan 2026 13:06:40 +1100 Subject: [PATCH 061/126] feat(homepage-dashboard): add link to qui --- modules/nixos/features/homepage-dashboard.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index c52cdf0..ea29999 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -137,6 +137,13 @@ in }; }; } + { + "qui" = { + "description" = "qBittorrent front end"; + "icon" = "qui.svg"; + "href" = "https://qui.fi33.buzz/"; + }; + } { "qBittorrent" = { "description" = "BitTorrent client"; @@ -315,7 +322,7 @@ in { "Media Management" = { style = "row"; - columns = 4; + columns = 3; useEqualHeights = true; }; } From bae532c1b1cc6ddc1d88169c680210b6c7cf13db Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 12 Jan 2026 16:07:40 +0000 Subject: [PATCH 062/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'copyparty': 'github:9001/copyparty/364f74a' (2026-01-04) → 'github:9001/copyparty/d5a8a34' (2026-01-12) • Updated input 'home-manager': 'github:nix-community/home-manager/7d5927b' (2026-01-04) → 'github:nix-community/home-manager/8bc5473' (2026-01-10) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/fb7944c' (2026-01-02) → 'github:nixos/nixpkgs/ffbc9f8' (2026-01-11) • Updated input 'nixvim': 'github:nix-community/nixvim/d61584c' (2026-01-02) → 'github:nix-community/nixvim/7eb8f36' (2026-01-08) • Updated input 'nur': 'github:nix-community/NUR/3b2e3c6' (2026-01-04) → 'github:nix-community/NUR/ecccc8e' (2026-01-12) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index bdf29d4..b1f1728 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1767530379, - "narHash": "sha256-1TKk9TuhGqEMkQhPN53n6skMT4qFfkbEWWscCIE0UMw=", + "lastModified": 1768232598, + "narHash": "sha256-G+KqlGfXQ8PWvJbG5IqSBJcNLltS+erRkVhn9D0UBM4=", "owner": "9001", "repo": "copyparty", - "rev": "364f74a1bd1020a3d7663c453ac5bf1b1408ff8f", + "rev": "d5a8a34bcafde04165c4e07e4885b11f6ddd2aff", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1767525999, - "narHash": "sha256-1E9xlYlyl3EnUrwxoaJMTK7dFrC2llL/TJ+T4xIcXDY=", + "lastModified": 1768068402, + "narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=", "owner": "nix-community", "repo": "home-manager", - "rev": "7d5927b63cea63deb655b3e8421ae17ebb9feac2", + "rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c", "type": "github" }, "original": { @@ -179,11 +179,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1767379071, - "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", + "lastModified": 1768127708, + "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fb7944c166a3b630f177938e478f0378e64ce108", + "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", "type": "github" }, "original": { @@ -202,11 +202,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1767361654, - "narHash": "sha256-EQeicMekc0p+A8HBIAOdnyeAijqJKQYuj1CfTW4Wd+k=", + "lastModified": 1767906546, + "narHash": "sha256-AoSWS8+P+7hQ/jIdv0wBjgH1MvnerdWBFXO4GV3JoQs=", "owner": "nix-community", "repo": "nixvim", - "rev": "d61584cc4cac9af1ba74ad235992df575391276d", + "rev": "7eb8f36f085b85a2aeff929aff52d0f6aa14e000", "type": "github" }, "original": { @@ -223,11 +223,11 @@ ] }, "locked": { - "lastModified": 1767541705, - "narHash": "sha256-ZuHmgfkTmEngJtlRaB50ALCX2emLfI5KoDfD4Z0JSU0=", + "lastModified": 1768233111, + "narHash": "sha256-+ispedVffXCQUVDCgJDY6USEILM8rZsEZaxPZdXzKtA=", "owner": "nix-community", "repo": "NUR", - "rev": "3b2e3c6474266559c666fbc8415a08998ab9de3c", + "rev": "ecccc8eec0e39e4b8bf12dc73d57083e4682f162", "type": "github" }, "original": { From a5c57fa4e777fe76623ba17c8b04d175325c259e Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 13 Jan 2026 11:45:38 +1100 Subject: [PATCH 063/126] refactor(default): nixfmt-rfc-style has been replaced with nixfmt --- modules/nixos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 05188b5..7f1307d 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -49,7 +49,7 @@ nb # note taking nil # nix language server nixd # nix language server - nixfmt-rfc-style # nix file formatting + nixfmt # nix file formatting nom # stylistic nix dependency graphs pastel # colour generation pdd # datetime calculations From 46770f6e109853b348c13a5ff86817d16632219d Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 13 Jan 2026 13:51:35 +1100 Subject: [PATCH 064/126] feat(gaming): no longer need latest kernel for optimal performance --- modules/nixos/features/gaming.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/features/gaming.nix b/modules/nixos/features/gaming.nix index 0b2bd23..a33787d 100644 --- a/modules/nixos/features/gaming.nix +++ b/modules/nixos/features/gaming.nix @@ -31,5 +31,5 @@ }; # latest kernel - boot.kernelPackages = pkgs.linuxPackages_latest; + # boot.kernelPackages = pkgs.linuxPackages_latest; } From 6a128893542ec8fbfcf9c24ad58f34868be6ea98 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 13 Jan 2026 14:23:56 +1100 Subject: [PATCH 065/126] feat(alacritty): install and enable in gui bundle --- modules/home-manager/bundles/gui.nix | 1 + modules/home-manager/features/alacritty.nix | 27 +++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 modules/home-manager/features/alacritty.nix diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix index 93f579c..d4a7604 100644 --- a/modules/home-manager/bundles/gui.nix +++ b/modules/home-manager/bundles/gui.nix @@ -5,6 +5,7 @@ { imports = util.toImports ../features [ # keep-sorted start + "alacritty" "firefox" "kitty" "obsidian" diff --git a/modules/home-manager/features/alacritty.nix b/modules/home-manager/features/alacritty.nix new file mode 100644 index 0000000..2c9fc5d --- /dev/null +++ b/modules/home-manager/features/alacritty.nix @@ -0,0 +1,27 @@ +{ + # keep-sorted start + lib, + pkgs, + # keep-sorted end + ... +}: +{ + programs.alacritty = { + enable = true; + settings = { + font = { + normal = { + family = "JetBrainsMono Nerd Font"; + style = "Regular"; + }; + size = 13; + }; + window.startup_mode = "Maximized"; + terminal.shell = { + program = "${lib.getExe pkgs.zellij}"; + args = [ "-l=welcome" ]; + }; + }; + theme = "catppuccin_mocha"; + }; +} From b20f8db92fb4b927a82c8765502b6dd5ac34bfcb Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 13 Jan 2026 14:24:36 +1100 Subject: [PATCH 066/126] refactor(kitty): deprecate in favour of alacritty --- modules/home-manager/bundles/gui.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix index d4a7604..de6e9a8 100644 --- a/modules/home-manager/bundles/gui.nix +++ b/modules/home-manager/bundles/gui.nix @@ -7,7 +7,6 @@ # keep-sorted start "alacritty" "firefox" - "kitty" "obsidian" # "zen-browser" # keep-sorted end From ec0d6928b08aa5ddf530a2e109ff69f7bac56a7e Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 14 Jan 2026 01:32:36 +1100 Subject: [PATCH 067/126] feat(llm): install to desktop with some basic models --- hosts/desktop/configuration.nix | 1 + modules/nixos/features/llm.nix | 46 +++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 modules/nixos/features/llm.nix diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index a56569e..6900948 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -18,6 +18,7 @@ "external-speakers" "gaming" "link2c" + "llm" "plasma" # keep-sorted end ]) diff --git a/modules/nixos/features/llm.nix b/modules/nixos/features/llm.nix new file mode 100644 index 0000000..fcd470c --- /dev/null +++ b/modules/nixos/features/llm.nix @@ -0,0 +1,46 @@ +{ + pkgs, + ... +}: +{ + environment.systemPackages = [ pkgs.ollama-rocm ]; + + services = { + open-webui.enable = true; + + ollama = { + enable = true; + package = pkgs.ollama-rocm; + loadModels = [ + # small + # keep-sorted start + "deepseek-r1:1.5b" + "gemma3:1b" + "gemma3:270m" + "gemma3:4b" + "llama3.2:1b" + "llama3.2:3b" + "ministral-3:3b" + "qwen3:0.6b" + "qwen3:1.7b" + "qwen3:4b" + # keep-sorted end + # medium + # keep-sorted start + "deepseek-r1:7b" + "deepseek-r1:8b" + "llama3.1:8b" + "ministral-3:8b" + "qwen3:8b" + # keep-sorted end + # large + # keep-sorted start + "deepseek-r1:14b" + "gemma3:12b" + "ministral-3:14b" + "qwen3:14b" + # keep-sorted end + ]; + }; + }; +} From 4bb49ae5108cb556fb72b12a7e1f2110f99c8883 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 14 Jan 2026 11:56:05 +1100 Subject: [PATCH 068/126] feat(bottom): create package module with theme --- modules/home-manager/default.nix | 1 + modules/home-manager/features/bottom.nix | 78 ++++++++++++++++++++++++ modules/nixos/default.nix | 1 - 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager/features/bottom.nix diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 56bc171..8e86aac 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -7,6 +7,7 @@ # keep-sorted start "agenix" "bat" + "bottom" "delta" "eza" "fish" diff --git a/modules/home-manager/features/bottom.nix b/modules/home-manager/features/bottom.nix new file mode 100644 index 0000000..f339706 --- /dev/null +++ b/modules/home-manager/features/bottom.nix @@ -0,0 +1,78 @@ +{ + programs.bottom = { + enable = true; + settings = { + flags = { + group_processes = true; + process_memory_as_value = true; + }; + styles = { + cpu = { + all_entry_color = "#f5e0dc"; + avg_entry_color = "#eba0ac"; + cpu_core_colors = [ + "#f38ba8" + "#fab387" + "#f9e2af" + "#a6e3a1" + "#74c7ec" + "#cba6f7" + ]; + }; + memory = { + ram_color = "#a6e3a1"; + cache_color = "#f38ba8"; + swap_color = "#fab387"; + gpu_colors = [ + "#74c7ec" + "#cba6f7" + "#f38ba8" + "#fab387" + "#f9e2af" + "#a6e3a1" + ]; + arc_color = "#89dceb"; + }; + network = { + rx_color = "#a6e3a1"; + tx_color = "#f38ba8"; + rx_total_color = "#89dceb"; + tx_total_color = "#a6e3a1"; + }; + battery = { + high_battery_color = "#a6e3a1"; + medium_battery_color = "#f9e2af"; + low_battery_color = "#f38ba8"; + }; + tables = { + headers = { + color = "#f5e0dc"; + }; + }; + graphs = { + graph_color = "#a6adc8"; + legend_text = { + color = "#a6adc8"; + }; + }; + widgets = { + border_color = "#585b70"; + selected_border_color = "#f5c2e7"; + widget_title = { + color = "#f2cdcd"; + }; + text = { + color = "#cdd6f4"; + }; + selected_text = { + color = "#11111b"; + bg_color = "#cba6f7"; + }; + disabled_text = { + color = "#1e1e2e"; + }; + }; + }; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 7f1307d..3da65b6 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -24,7 +24,6 @@ with pkgs; [ # keep-sorted start - bottom # top broot # large directory browser choose # cut circumflex # hacker news browsing From a729f8b6eaf4ca7fd57bfe70716efeaac6d6694f Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 14 Jan 2026 11:56:21 +1100 Subject: [PATCH 069/126] feat(fd): create package module --- modules/home-manager/default.nix | 1 + modules/home-manager/features/fd.nix | 6 ++++++ modules/nixos/default.nix | 1 - 3 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager/features/fd.nix diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 8e86aac..2bd1c85 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -10,6 +10,7 @@ "bottom" "delta" "eza" + "fd" "fish" "gh" "git" diff --git a/modules/home-manager/features/fd.nix b/modules/home-manager/features/fd.nix new file mode 100644 index 0000000..b46e74c --- /dev/null +++ b/modules/home-manager/features/fd.nix @@ -0,0 +1,6 @@ +{ + programs.fd = { + enable = true; + hidden = true; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 3da65b6..8eea45c 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -33,7 +33,6 @@ dua # du duf # df epy # ebook reading - fd # find fselect # find with sql syntax fx # json processor and viewer fzf # fuzzy finder From fa31cbd29da94436fca608597b219c0edf561df9 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 14 Jan 2026 12:22:28 +1100 Subject: [PATCH 070/126] refactor(fish): prefix aliases that replace a command with a comma --- modules/home-manager/features/fish.nix | 41 +++++++++++++------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/modules/home-manager/features/fish.nix b/modules/home-manager/features/fish.nix index 8b38bbc..a3fdf4c 100644 --- a/modules/home-manager/features/fish.nix +++ b/modules/home-manager/features/fish.nix @@ -11,26 +11,27 @@ ''; shellAliases = { # keep-sorted start - cat = "bat"; - # cd = "j"; - cut = "choose"; - df = "duf"; - du = "dua"; - # find = "fd"; - g = "lazygit"; - l = "eza"; - la = "eza -a"; - ls = "eza"; - ns = "nh os switch"; - # curl = "xh"; - ping = "gping"; - ps = "procs"; - # sed = "sd"; - # grep = "rga"; - top = "btm"; - unzip = "ripunzip"; - vi = "nvim"; - vim = "nvim"; + ",cat" = "bat"; + ",curl" = "xh"; + ",cut" = "choose"; + ",df" = "duf"; + ",diff" = "delta"; + ",du" = "dua"; + ",find" = "fd"; + ",grep" = "rga"; + ",ping" = "gping"; + ",ps" = "procs"; + ",sed" = "sd"; + ",ss" = "snitch"; + ",top" = "btm"; + ",unzip" = "ripunzip"; + "g" = "lazygit"; + "l" = "eza"; + "la" = "eza -a"; + "ls" = "eza"; + "ns" = "nh os switch"; + "vi" = "nvim"; + "vim" = "nvim"; # keep-sorted end }; plugins = [ From 394bf7519e7c47d7789ef00b3b258f0394e19971 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 14 Jan 2026 12:22:43 +1100 Subject: [PATCH 071/126] feat: install snitch --- modules/nixos/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 8eea45c..0c733d4 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -59,6 +59,7 @@ ripunzip # unzip sd # sed slides # presentations + snitch # netstat ticker # stock ticker tldr # cheat sheets tmpmail # temporary email address From a9b65fc1fcb61eac462c8ea979afdf24efe75e31 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 14 Jan 2026 14:27:38 +1100 Subject: [PATCH 072/126] feat(star-citizen): install --- flake.lock | 199 +++++++++++++++++++++++- flake.nix | 13 +- hosts/desktop/configuration.nix | 1 + modules/nixos/features/gaming.nix | 1 + modules/nixos/features/star-citizen.nix | 23 +++ 5 files changed, 231 insertions(+), 6 deletions(-) create mode 100644 modules/nixos/features/star-citizen.nix diff --git a/flake.lock b/flake.lock index b1f1728..dd23c79 100644 --- a/flake.lock +++ b/flake.lock @@ -65,6 +65,45 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nix-citizen", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -85,7 +124,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nur", @@ -162,6 +201,71 @@ "type": "github" } }, + "nix-citizen": { + "inputs": { + "flake-parts": "flake-parts", + "nix-gaming": [ + "nix-gaming" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_2", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1768085843, + "narHash": "sha256-fwh2ImVwwHWsUhem3xlscEM6n7q4rkeKXEv25QWdzjs=", + "owner": "LovingMelody", + "repo": "nix-citizen", + "rev": "7b5ad5f6593893cc70c30a5ce45028ea0cd97ab3", + "type": "github" + }, + "original": { + "owner": "LovingMelody", + "repo": "nix-citizen", + "type": "github" + } + }, + "nix-gaming": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1768269856, + "narHash": "sha256-O7Qy+w2fK4kBq2I70haCDJYpzbpPW58FscHpRzw9lfA=", + "owner": "fufexan", + "repo": "nix-gaming", + "rev": "c104472764fc9e8926e40ccc7e0e6d540d718458", + "type": "github" + }, + "original": { + "owner": "fufexan", + "repo": "nix-gaming", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "nix-citizen", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737420293, + "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1748162331, @@ -177,7 +281,54 @@ "type": "indirect" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1767892417, + "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1768032153, + "narHash": "sha256-6kD1MdY9fsE6FgSwdnx29hdH2UcBKs3/+JJleMShuJg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3146c6aa9995e7351a398e17470e15305e6e18ff", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1768127708, "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", @@ -195,11 +346,11 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1767906546, @@ -217,7 +368,7 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ] @@ -241,7 +392,9 @@ "agenix": "agenix", "copyparty": "copyparty", "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_2", + "nix-citizen": "nix-citizen", + "nix-gaming": "nix-gaming", + "nixpkgs": "nixpkgs_4", "nixvim": "nixvim", "nur": "nur" } @@ -275,6 +428,42 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nix-citizen", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767801790, + "narHash": "sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2+gM5tf8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "778a1d691f1ef45dd68c661715c5bf8cbf131c80", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 16035c9..4ce9e45 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,11 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + nix-citizen = { + url = "github:LovingMelody/nix-citizen"; + inputs.nix-gaming.follows = "nix-gaming"; + }; + nix-gaming.url = "github:fufexan/nix-gaming"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixvim = { url = "github:nix-community/nixvim"; @@ -63,7 +68,13 @@ ]; backupFileExtension = "backup"; extraSpecialArgs = { - inherit userName hostName util; + inherit + inputs + hostName + userName + system + util + ; }; useGlobalPkgs = true; useUserPackages = true; diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 6900948..16a3b7b 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -20,6 +20,7 @@ "link2c" "llm" "plasma" + "star-citizen" # keep-sorted end ]) ++ (util.toImports ../../modules/nixos/bundles [ diff --git a/modules/nixos/features/gaming.nix b/modules/nixos/features/gaming.nix index a33787d..381ede3 100644 --- a/modules/nixos/features/gaming.nix +++ b/modules/nixos/features/gaming.nix @@ -19,6 +19,7 @@ programs = { gamemode.enable = true; + gamescope.enable = true; steam = { enable = true; gamescopeSession.enable = true; diff --git a/modules/nixos/features/star-citizen.nix b/modules/nixos/features/star-citizen.nix new file mode 100644 index 0000000..e54f03a --- /dev/null +++ b/modules/nixos/features/star-citizen.nix @@ -0,0 +1,23 @@ +{ + # keep-sorted start + inputs, + system, + # keep-sorted end + ... +}: +{ + nix.settings = { + substituters = [ "https://nix-citizen.cachix.org" ]; + trusted-public-keys = [ "nix-citizen.cachix.org-1:lPMkWc2X8XD4/7YPEEwXKKBg+SVbYTVrAaLA2wQTKCo=" ]; + }; + + environment.systemPackages = [ + inputs.nix-citizen.packages.${system}.rsi-launcher + ]; + + zramSwap = { + enable = true; + memoryPercent = 100; + writebackDevice = "/dev/sda1"; + }; +} From 4ec5efa5ace37fbbb39983126a2638fd3e340965 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 14 Jan 2026 14:27:56 +1100 Subject: [PATCH 073/126] refactor(gaming): remove lutris as star citizen is installed separetely now --- modules/nixos/features/gaming.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/nixos/features/gaming.nix b/modules/nixos/features/gaming.nix index 381ede3..2bae347 100644 --- a/modules/nixos/features/gaming.nix +++ b/modules/nixos/features/gaming.nix @@ -6,7 +6,6 @@ environment.systemPackages = with pkgs; [ # keep-sorted start heroic - lutris mangohud nexusmods-app prismlauncher From f793bee495f6bc11b95f2235f35ad8e152317f50 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 7 Jan 2026 12:21:35 +1100 Subject: [PATCH 074/126] feat(firefly): install --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/firefly.nix | 65 ++++++++++++++++++++++++++++++ secrets/firefly-db.age | 9 +++++ secrets/firefly.age | 10 +++++ secrets/secrets.nix | 2 + 5 files changed, 87 insertions(+) create mode 100644 modules/nixos/features/firefly.nix create mode 100644 secrets/firefly-db.age create mode 100644 secrets/firefly.age diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 3789693..669f78e 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -8,6 +8,7 @@ "bazarr" "copyparty" "couchdb" + "firefly" "homepage-dashboard" "immich" "jellyfin" diff --git a/modules/nixos/features/firefly.nix b/modules/nixos/features/firefly.nix new file mode 100644 index 0000000..e456886 --- /dev/null +++ b/modules/nixos/features/firefly.nix @@ -0,0 +1,65 @@ +{ + config, + ... +}: +{ + services = { + firefly-iii = { + enable = true; + dataDir = "/srv/firefly"; + group = "nginx"; + settings = { + # keep-sorted start + ALLOW_WEBHOOKS = "true"; + APP_KEY_FILE = config.age.secrets.firefly.path; + APP_URL = "https://firefly.fi33.buzz"; + DEFAULT_LANGUAGE = "en_GB"; + REPORT_ERRORS_ONLINE = "false"; + TRUSTED_PROXIES = "**"; + TZ = "Australia/Melbourne"; + # keep-sorted end + }; + }; + + borgmatic.settings.sqlite_databases = [ + { + name = "firefly"; + path = "/srv/firefly/storage/database/database.sqlite"; + } + ]; + + nginx.virtualHosts."firefly.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + root = "${config.services.firefly-iii.package}/public"; + locations = { + "/" = { + tryFiles = "$uri $uri/ /index.php?$query_string"; + index = "index.php"; + extraConfig = '' + sendfile off; + ''; + }; + "~ \\.php$" = { + extraConfig = '' + include ${config.services.nginx.package}/conf/fastcgi_params ; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:${config.services.phpfpm.pools.firefly-iii.socket}; + ''; + }; + }; + }; + }; + + age.secrets = { + firefly = { + file = ../../../secrets/firefly.age; + owner = "firefly-iii"; + }; + firefly-db = { + file = ../../../secrets/firefly-db.age; + owner = "firefly-iii"; + }; + }; +} diff --git a/secrets/firefly-db.age b/secrets/firefly-db.age new file mode 100644 index 0000000..d4cbe78 --- /dev/null +++ b/secrets/firefly-db.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ zL4NAxPigHwUnYz0KUoDXlzXJ3PtnxIYl81oLP3e40M +yricJ+r8OTXwGd0Bt4+CsW7/M8lOSha04i0Fb0QCHGo +-> ssh-ed25519 7+xRyQ 2UhHfwz3DvXT/bEDp8QrluyPa/po5CCB5rUKxBqfn2c +2pWexi7bU3UlOo9SKfw/9k/DJ535tsgPvZXAbLruL00 +-> ssh-ed25519 LtK9yQ 8XOO4u1di+FedjGcaj/Fhna8Y+LRRPa9L4ShAx5dASA +F51SLqQEZ1LQAP2SgXphszVBhKaB+/OAVWEHr/thtFo +--- ovyL3oCODPSbd8Fe7KdS3sKCc+bjcj2y+6aS1qVqQsg + %>IOդ77ZFhu<4)cҚUZ*UCk|xCox P \ No newline at end of file diff --git a/secrets/firefly.age b/secrets/firefly.age new file mode 100644 index 0000000..430908f --- /dev/null +++ b/secrets/firefly.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ DhWZZ8fB3bwSaI88j9M5Ix/jCwoJWPUVmR56OwxJFUs +/pxA0PTShUGloixcyUoAW5cOKWAjD9M0byLAQUgnPvA +-> ssh-ed25519 7+xRyQ LrUQ5trcyyhcjK8IhGKVOAz6g7HjBI8t0m/snDiVMkE +hi0My/e0Enno50niPMKcy278Wr5z1sq3X1yJn7H8uBo +-> ssh-ed25519 LtK9yQ ke0bLtqFny2oUkCvtawPcHzPlyi2Lvi6WpZP2lDyelE +VFjTwnbTcayuruXVmVnfK97KcwB+luOoLU2x6Ug3HVM +--- NxMB9mtZ480lLRRmk0ne5BaL/tfF81Yr3wGBUvECGQY +HH9?܂獠 |ؽ15i/FlG$EwG +;;߽ݤ$}/[g] \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 70d624e..de24194 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -19,6 +19,8 @@ in "borgmatic-pg.age".publicKeys = users; "borgmatic.age".publicKeys = users; "copyparty-will.age".publicKeys = users; + "firefly-db.age".publicKeys = users; + "firefly.age".publicKeys = users; "immich.age".publicKeys = users; "jellyfin.age".publicKeys = users; "karakeep.age".publicKeys = users; From d9785dcd0576029f2c601aa177a2e1ced4989234 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 14 Jan 2026 21:33:09 +1100 Subject: [PATCH 075/126] feat(upbank2firefly): install as a docker container --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/upbank2firefly.nix | 58 ++++++++++++++++++++++ secrets/secrets.nix | 1 + secrets/upbank2firefly.age | Bin 0 -> 1865 bytes 4 files changed, 60 insertions(+) create mode 100644 modules/nixos/features/upbank2firefly.nix create mode 100644 secrets/upbank2firefly.age diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 669f78e..0e0f13d 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -28,6 +28,7 @@ "readarr" "sonarr" "syncthing" + "upbank2firefly" "vaultwarden" # keep-sorted end ]; diff --git a/modules/nixos/features/upbank2firefly.nix b/modules/nixos/features/upbank2firefly.nix new file mode 100644 index 0000000..fbf18f4 --- /dev/null +++ b/modules/nixos/features/upbank2firefly.nix @@ -0,0 +1,58 @@ +{ + config, + pkgs, + ... +}: +let + port = 5021; +in +{ + virtualisation.oci-containers = { + backend = "docker"; + containers.upbank2firefly = { + extraOptions = [ + "--network=host" + ]; + image = "compose2nix/upbank2firefly"; + environment = { + FIREFLY_BASEURL = "https://firefly.fi33.buzz"; + TZ = "Australia/Melbourne"; + }; + environmentFiles = [ config.age.secrets.upbank2firefly.path ]; + volumes = [ + "/srv/upbank2firefly/app:/app:rw" + ]; + ports = [ + "${toString port}:80/tcp" + ]; + }; + }; + + systemd = { + services = { + "docker-build-upbank2firefly" = { + path = with pkgs; [ + docker + git + ]; + serviceConfig = { + Type = "oneshot"; + TimeoutSec = 300; + }; + script = '' + cd /srv/upbank2firefly + git pull + docker build -t compose2nix/upbank2firefly . + ''; + }; + }; + }; + + services.nginx.virtualHosts."upbank2firefly.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/".proxyPass = "http://localhost:${toString port}"; + }; + + age.secrets.upbank2firefly.file = ../../../secrets/upbank2firefly.age; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index de24194..5dc6b1d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -39,6 +39,7 @@ in "radicale.age".publicKeys = users; "readarr.age".publicKeys = users; "sonarr.age".publicKeys = users; + "upbank2firefly.age".publicKeys = users; "vaultwarden-admin.age".publicKeys = users; # keep-sorted end } diff --git a/secrets/upbank2firefly.age b/secrets/upbank2firefly.age new file mode 100644 index 0000000000000000000000000000000000000000..56d99d4befb50ebda4e24758de2e321040c54d66 GIT binary patch literal 1865 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^a;^+2~@~Tbo5Hf zjBeNT)QHuGEl)OIM}(+(y^d0J2K79 zuqZ6VI5oh_P2Vl6BDvJfRlBId$2=p@(KFmE!j~(wtir;%*vz#oyvjMTxWLK6yVA|g zDbmu=*EK4_xHu&}+25($DJ{n|&k@}=pAv7&%0LAdlMMZ=K%dG8mvCeEKz;Y{0?#~u zBcs&ND$@$r(Cj21^W@Y5XZ=d=pir*#$Vd;AFBlif? zfC~LgOQ)jza!0P1hNCV1+x+a$$L&=AT&AI)&0juK?tZ1>zaa7B3pNOG2fhEt^!xAs z>(b|L-OZVGOZv@+veP;p$uYYxdF)TQlOQqU*QRsw6=CiNbA3Zrcrh+@er);5_;5$j z9FtBBYo)2Xk}b~h_14utt8Be%=%HL?@Biwa_8tKju6$LCBb*m1cYoTqyhuNCd+IFT zq!}t}+l<%#a(l*}cP#QzsLaweoVD}Rnfjj{Rx`YAnfqUS`#z^o$!hx}JS+V_{A2W% ztW7DQIc&Al~K5TkoioR@X^?s>6b%!7oFa*d+yZ_U7uf_Q0qKwr1^jHF+QG% zAMY<6S*_-3By;x4>x-`*#tJDcjCiy4_q%r+3r{?*Kl^`;>gFcT{YA^>E>!)H6ZPni z-OGm$`uKg9>1h0C;J+c_cjUCFrhx*>MT_^k5+bWFb>}*sslPD!;Ze717lh87FN=`) zvhVMj{aMdtmidY&a$XTQeU({>%jU7l9;>f02R~%*VE?JKbbV#kl1Q!8SyFP7Q+C8( z?-p^m`+xJj6Vr^-n6|BR>)gEKMrfnA`p!Gir3deCo_u?D*~{Yp-+nsG^4DDC_vR)4 zgVOrttvV?iY7XD*`Q~P`<C zISBadUVq3->(fWRrunKd|6YB}*ZpbW#kY`cbw}*1zM}tcl=+W3?$A%atzC8F$FKXA z^Zc$X=+bE?!YcCS0paW?B_-w&G;;OX$~p~gpFqu*La zmrakfWga-)|2d&1rsVXu?k)S9gr-^Cn_#~A$u#GF?$+`RMq;TyL(Ya4Jy^2g-`_Wr z1DH}D1UUW8Oy9Zv>8}1`4^#y6tu5IPmQKyj*dKVRrO5pagZA`GYuz$3ax))Eyl%VE zpFDqRzEt+1j7Re?8z1k<5SsRG#RMU9r>io*@{_-mW*WtxzqcjKdE>pZ>04O7S52%H zTKjMRv*fnv3kFSoAB38}*T{9NV z>DigY(a;t0qS4x<@7L}*qQ{OE&iLY`Thf**{J%o~ZmIQ;+=T|gW|I0Ue&#{3dga-h zZdvb62tPFU$K2}L=sw%~tkd)>pPcDle=#}r z)=utizk2@}AKq)(T7G8N-xHfN&Hrb*c`@WfUjO^3D`>TJ)+2*O?Y{GL6x9}YeRp@C zexh%}58-8Q{Y!UW?s}>8^>yD9wp~5CjPV@``tGfc$F4W&b$*X3pS!|Jf^FN;MST_@ z_eSZTSts}TpN(4aCd)2Afpb%Z^CN|?wEs~w7x{MCVdswZ{;Ew}y9_0EeB<3&wEBn* z!;yL7@#3$Sv@x_FeIe*?eMkCr(JcvO`=g37@1)}X+;e-o^L+4m*1rb@qyL!4_Dp$s z&hGWb)29w_|Kqzf@8mWC9oFBM#LCPzTP3V!D*StRTFU=W?TtA-+sipS;(FNvv!;Cj E0H!f-djJ3c literal 0 HcmV?d00001 From ab95710e1fcca82ea372534337472b33eb3e56d3 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 14 Jan 2026 23:57:34 +1100 Subject: [PATCH 076/126] refactor(syncthing): new phone, new syncthing client id --- modules/nixos/features/syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index 513b467..fb1539e 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -17,7 +17,7 @@ let } { device = "phone"; - id = "DF56S5M-2EDKAML-LZBB35J-MNNK7UE-WAYE2QW-EKUGKXN-U5JW3RX-S3FUGA4"; + id = "KAZ3SOB-SSJHY33-6JF64KW-VF3CPSP-565565I-YXOJHU6-E273VR5-CKQFNQ6"; } { device = "server"; From c9dc8d54ac45cd04ec34f2eae6bbdc3ba1936327 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Thu, 15 Jan 2026 00:16:48 +1100 Subject: [PATCH 077/126] fix(localisation): consolidate host-specific settings into single module --- hosts/desktop/configuration.nix | 2 -- hosts/laptop/configuration.nix | 2 -- modules/nixos/features/localisation.nix | 5 +++-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 16a3b7b..982b9a1 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -40,8 +40,6 @@ system.stateVersion = "24.11"; - i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8"; - users.users.${userName} = { extraGroups = [ # keep-sorted start diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 209193a..b81886a 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -32,8 +32,6 @@ system.stateVersion = "24.11"; - i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8"; - users.users.${userName} = { extraGroups = [ # keep-sorted start diff --git a/modules/nixos/features/localisation.nix b/modules/nixos/features/localisation.nix index b6ab05e..ea5750f 100644 --- a/modules/nixos/features/localisation.nix +++ b/modules/nixos/features/localisation.nix @@ -1,10 +1,11 @@ { i18n = { defaultLocale = "en_AU.UTF-8"; - supportedLocales = [ + extraLocales = [ + "en_GB.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" - "en_AU.UTF-8/UTF-8" ]; + extraLocaleSettings.LC_ALL = "en_GB.UTF-8"; }; time.timeZone = "Australia/Melbourne"; From 500c704cf4cec0b5ff5753caaac9bf2f16a43de8 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Thu, 15 Jan 2026 00:30:14 +1100 Subject: [PATCH 078/126] feat(homepage-dashboard): add firefly --- modules/nixos/features/homepage-dashboard.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index ea29999..aded82a 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -258,6 +258,13 @@ in "href" = "https://couchdb.fi33.buzz/_utils/"; }; } + { + "Firefly" = { + "description" = "Budget Planner"; + "icon" = "firefly-iii.svg"; + "href" = "https://firefly.fi33.buzz/"; + }; + } { "ntfy" = { "description" = "Notification service"; @@ -316,7 +323,7 @@ in { "Services" = { style = "row"; - columns = 3; + columns = 4; }; } { From 33af7eaadf1675b8b98686faddee00dcbee91ed3 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 14 Jan 2026 23:45:35 +1100 Subject: [PATCH 079/126] feat(caddy): install and replace nginx --- modules/nixos/bundles/server.nix | 2 +- modules/nixos/features/bazarr.nix | 12 +++--- modules/nixos/features/caddy.nix | 28 ++++++++++++++ modules/nixos/features/copyparty.nix | 12 +++--- modules/nixos/features/couchdb.nix | 12 +++--- modules/nixos/features/firefly.nix | 38 ++++++++----------- modules/nixos/features/homepage-dashboard.nix | 12 +++--- modules/nixos/features/immich.nix | 18 ++++----- modules/nixos/features/jellyfin.nix | 12 +++--- modules/nixos/features/karakeep.nix | 12 +++--- modules/nixos/features/kavita.nix | 12 +++--- modules/nixos/features/lidarr.nix | 12 +++--- modules/nixos/features/miniflux.nix | 12 +++--- modules/nixos/features/ntfy-sh.nix | 15 ++++---- modules/nixos/features/nzbget.nix | 12 +++--- modules/nixos/features/paperless.nix | 12 +++--- modules/nixos/features/prowlarr.nix | 14 +++---- modules/nixos/features/qbittorrent.nix | 12 +++--- modules/nixos/features/qui.nix | 12 +++--- modules/nixos/features/radarr.nix | 12 +++--- modules/nixos/features/radicale.nix | 12 +++--- modules/nixos/features/readarr.nix | 12 +++--- modules/nixos/features/sonarr.nix | 12 +++--- modules/nixos/features/syncthing.nix | 12 +++--- modules/nixos/features/upbank2firefly.nix | 12 +++--- modules/nixos/features/vaultwarden.nix | 15 ++++---- modules/templates/web-feature.nix | 12 +++--- 27 files changed, 212 insertions(+), 158 deletions(-) create mode 100644 modules/nixos/features/caddy.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 0e0f13d..b7f4b53 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -6,6 +6,7 @@ imports = util.toImports ../features [ # keep-sorted start "bazarr" + "caddy" "copyparty" "couchdb" "firefly" @@ -16,7 +17,6 @@ "kavita" "lidarr" "miniflux" - "nginx" "ntfy-sh" "nzbget" "paperless" diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix index 5407a2f..541235c 100644 --- a/modules/nixos/features/bazarr.nix +++ b/modules/nixos/features/bazarr.nix @@ -1,5 +1,6 @@ let port = 5017; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -10,10 +11,11 @@ in listenPort = port; }; - nginx.virtualHosts."bazarr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."bazarr.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/caddy.nix b/modules/nixos/features/caddy.nix new file mode 100644 index 0000000..ca45981 --- /dev/null +++ b/modules/nixos/features/caddy.nix @@ -0,0 +1,28 @@ +{ + config, + ... +}: +{ + services.caddy = { + enable = true; + dataDir = "/srv/caddy"; + globalConfig = '' + auto_https disable_redirects + ''; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "festive-steed-fit@duck.com"; + certs."fi33.buzz" = { + group = config.services.caddy.group; + domain = "fi33.buzz"; + extraDomainNames = [ "*.fi33.buzz" ]; + dnsProvider = "porkbun"; + dnsPropagationCheck = true; + credentialsFile = config.age.secrets."porkbun-api".path; + }; + }; + + age.secrets."porkbun-api".file = ../../../secrets/porkbun-api.age; +} diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index 560df1e..bd31797 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -7,6 +7,7 @@ }: let port = 5000; + certloc = "/var/lib/acme/fi33.buzz"; in { imports = [ inputs.copyparty.nixosModules.default ]; @@ -33,11 +34,12 @@ in }; }; - nginx.virtualHosts."copyparty.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."copyparty.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; # secrets diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix index d7656ee..0f0d44d 100644 --- a/modules/nixos/features/couchdb.nix +++ b/modules/nixos/features/couchdb.nix @@ -1,5 +1,6 @@ let port = 5984; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -34,10 +35,11 @@ in }; }; - nginx.virtualHosts."couchdb.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."couchdb.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/firefly.nix b/modules/nixos/features/firefly.nix index e456886..92ee22d 100644 --- a/modules/nixos/features/firefly.nix +++ b/modules/nixos/features/firefly.nix @@ -2,12 +2,15 @@ config, ... }: +let + certloc = "/var/lib/acme/fi33.buzz"; +in { services = { firefly-iii = { enable = true; dataDir = "/srv/firefly"; - group = "nginx"; + group = config.services.caddy.group; settings = { # keep-sorted start ALLOW_WEBHOOKS = "true"; @@ -28,28 +31,17 @@ } ]; - nginx.virtualHosts."firefly.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - root = "${config.services.firefly-iii.package}/public"; - locations = { - "/" = { - tryFiles = "$uri $uri/ /index.php?$query_string"; - index = "index.php"; - extraConfig = '' - sendfile off; - ''; - }; - "~ \\.php$" = { - extraConfig = '' - include ${config.services.nginx.package}/conf/fastcgi_params ; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice - fastcgi_pass unix:${config.services.phpfpm.pools.firefly-iii.socket}; - ''; - }; - }; - }; + caddy.virtualHosts."firefly.fi33.buzz".extraConfig = '' + root * ${config.services.firefly-iii.package}/public + php_fastcgi unix//${config.services.phpfpm.pools.firefly-iii.socket} + try_files {path} {path}/ /index.php?{query} + file_server { + index index.php + } + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; age.secrets = { diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index aded82a..3ab99c5 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -38,6 +38,7 @@ let "sonarr" # keep-sorted end ]; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -376,11 +377,12 @@ in ]; }; - nginx.virtualHosts."homepage-dashboard.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."homepage-dashboard.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; # secrets diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index 6a0abd4..de5443f 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -1,5 +1,6 @@ let port = 2283; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -18,16 +19,11 @@ in } ]; - nginx = { - clientMaxBodySize = "50000M"; - virtualHosts."immich.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://[::1]:${toString port}"; - proxyWebsockets = true; - }; - }; - }; + caddy.virtualHosts."immich.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index a4490be..9fab896 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -1,5 +1,6 @@ let port = 8096; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -9,11 +10,12 @@ in group = "srv"; }; - nginx.virtualHosts."jellyfin.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."jellyfin.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; # use intel iGP diff --git a/modules/nixos/features/karakeep.nix b/modules/nixos/features/karakeep.nix index 09f8163..cebc5f8 100644 --- a/modules/nixos/features/karakeep.nix +++ b/modules/nixos/features/karakeep.nix @@ -1,5 +1,6 @@ let port = 5014; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -11,10 +12,11 @@ in }; }; - nginx.virtualHosts."karakeep.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."karakeep.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/kavita.nix b/modules/nixos/features/kavita.nix index c62259e..bbb2322 100644 --- a/modules/nixos/features/kavita.nix +++ b/modules/nixos/features/kavita.nix @@ -4,6 +4,7 @@ }: let port = 5015; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -14,11 +15,12 @@ in tokenKeyFile = config.age.secrets.kavita.path; }; - nginx.virtualHosts."kavita.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."kavita.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; age.secrets.kavita.file = ../../../secrets/kavita.age; diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 0b6fb4b..78aa609 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -1,5 +1,6 @@ let port = 5012; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -12,10 +13,11 @@ in group = "srv"; }; - nginx.virtualHosts."lidarr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."lidarr.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index 10c4eeb..82aeeb5 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -4,6 +4,7 @@ }: let port = 5010; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -25,11 +26,12 @@ in } ]; - nginx.virtualHosts."miniflux.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."miniflux.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age; diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index d5a70e8..e53a792 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -1,5 +1,6 @@ let port = 5002; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -12,13 +13,11 @@ in }; }; - nginx.virtualHosts."ntfy-sh.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${toString port}"; - proxyWebsockets = true; - }; - }; + caddy.virtualHosts."ntfy-sh.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/nzbget.nix b/modules/nixos/features/nzbget.nix index ff6f7d5..ba469f2 100644 --- a/modules/nixos/features/nzbget.nix +++ b/modules/nixos/features/nzbget.nix @@ -4,6 +4,7 @@ }: let port = 5018; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -16,11 +17,12 @@ in group = "srv"; }; - nginx.virtualHosts."nzbget.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."nzbget.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; environment.systemPackages = with pkgs; [ unrar ]; diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 6b61e35..01bc88d 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -4,6 +4,7 @@ }: let port = 5013; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -29,11 +30,12 @@ in ]; }; - nginx.virtualHosts."paperless.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; +caddy.virtualHosts."paperless.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; age.secrets."paperless" = { diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 9fbb8e6..23e090f 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -1,5 +1,6 @@ let port = 5009; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -11,12 +12,11 @@ in }; }; - nginx = { - virtualHosts."prowlarr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; - }; + caddy.virtualHosts."prowlarr.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/qbittorrent.nix b/modules/nixos/features/qbittorrent.nix index f4e8d54..577f0c9 100644 --- a/modules/nixos/features/qbittorrent.nix +++ b/modules/nixos/features/qbittorrent.nix @@ -1,5 +1,6 @@ let port = 5005; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -13,10 +14,11 @@ in ]; }; - nginx.virtualHosts."qbittorrent.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."qbittorrent.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/qui.nix b/modules/nixos/features/qui.nix index f7392f5..8c34edf 100644 --- a/modules/nixos/features/qui.nix +++ b/modules/nixos/features/qui.nix @@ -7,6 +7,7 @@ }: let port = 5019; + certloc = "/var/lib/acme/fi33.buzz"; in { environment.systemPackages = [ pkgs.qui ]; @@ -22,9 +23,10 @@ in }; }; - services.nginx.virtualHosts."qui.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + services.caddy.virtualHosts."qui.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; } diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index 8cbcc4c..30063eb 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -1,5 +1,6 @@ let port = 5007; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -12,10 +13,11 @@ in group = "srv"; }; - nginx.virtualHosts."radarr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."radarr.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix index 6ced520..73155e6 100644 --- a/modules/nixos/features/radicale.nix +++ b/modules/nixos/features/radicale.nix @@ -4,6 +4,7 @@ }: let port = 5003; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -27,11 +28,12 @@ in }; }; - nginx.virtualHosts."radicale.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."radicale.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; # secrets diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix index 4f8e419..42a884b 100644 --- a/modules/nixos/features/readarr.nix +++ b/modules/nixos/features/readarr.nix @@ -1,5 +1,6 @@ let port = 5016; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -12,10 +13,11 @@ in group = "srv"; }; - nginx.virtualHosts."readarr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."readarr.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index f0d0a26..691b4b8 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -1,5 +1,6 @@ let port = 5006; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -12,10 +13,11 @@ in group = "srv"; }; - nginx.virtualHosts."sonarr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."sonarr.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index fb1539e..d9624c3 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -40,6 +40,7 @@ let } ) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList) ); + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -66,10 +67,11 @@ in else null; - nginx.virtualHosts."syncthing.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."syncthing.fi33.buzz".extraConfig = '' + reverse_proxy http://localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/upbank2firefly.nix b/modules/nixos/features/upbank2firefly.nix index fbf18f4..e711bb8 100644 --- a/modules/nixos/features/upbank2firefly.nix +++ b/modules/nixos/features/upbank2firefly.nix @@ -5,6 +5,7 @@ }: let port = 5021; + certloc = "/var/lib/acme/fi33.buzz"; in { virtualisation.oci-containers = { @@ -48,11 +49,12 @@ in }; }; - services.nginx.virtualHosts."upbank2firefly.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + services.caddy.virtualHosts."upbank2firefly.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; age.secrets.upbank2firefly.file = ../../../secrets/upbank2firefly.age; } diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index 2ffb556..be8cb7a 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -4,6 +4,7 @@ }: let port = 5001; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -22,14 +23,12 @@ in }; }; - nginx.virtualHosts."vaultwarden.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${toString port}"; - proxyWebsockets = true; - }; - }; + caddy.virtualHosts."vaultwarden.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; age.secrets."vaultwarden-admin" = { diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 6240e4e..8fa5ed6 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -1,5 +1,6 @@ let port = 0000; + certloc = "/var/lib/acme/fi33.buzz"; in { services = { @@ -19,10 +20,11 @@ in # ]; # }; - nginx.virtualHosts."feature.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${toString port}"; - }; + caddy.virtualHosts."feature.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } From 48b0a2325d4230e1cf0dc35ac178f9dc965bcb63 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Thu, 15 Jan 2026 00:54:42 +1100 Subject: [PATCH 080/126] fix(tailscale): exposing the network interface is not necessary --- modules/nixos/features/tailscale.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index c9f1333..6c4f1fa 100644 --- a/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -5,6 +5,4 @@ "--accept-dns=true" ]; }; - - networking.firewall.trustedInterfaces = [ "tailscale0" ]; } From 2197490b63a74739e61ecec1202e760d2730a509 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Thu, 15 Jan 2026 15:38:54 +1100 Subject: [PATCH 081/126] feat(borgmatic): ensure that all sqlite databases are backed up separately from the services they store data for --- modules/nixos/features/bazarr.nix | 7 +++++++ modules/nixos/features/jellyfin.nix | 7 +++++++ modules/nixos/features/karakeep.nix | 7 +++++++ modules/nixos/features/kavita.nix | 7 +++++++ modules/nixos/features/lidarr.nix | 7 +++++++ modules/nixos/features/paperless.nix | 2 +- modules/nixos/features/prowlarr.nix | 7 +++++++ modules/nixos/features/qui.nix | 7 +++++++ modules/nixos/features/radarr.nix | 7 +++++++ modules/nixos/features/readarr.nix | 7 +++++++ modules/nixos/features/sonarr.nix | 7 +++++++ modules/nixos/features/vaultwarden.nix | 7 +++++++ 12 files changed, 78 insertions(+), 1 deletion(-) diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix index 541235c..b1cd4a9 100644 --- a/modules/nixos/features/bazarr.nix +++ b/modules/nixos/features/bazarr.nix @@ -11,6 +11,13 @@ in listenPort = port; }; + borgmatic.settings.sqlite_databases = [ + { + name = "bazarr"; + path = "/srv/bazarr/db/bazarr.db"; + } + ]; + caddy.virtualHosts."bazarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index 9fab896..b6cbcc4 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -10,6 +10,13 @@ in group = "srv"; }; + borgmatic.settings.sqlite_databases = [ + { + name = "jellyfin"; + path = "/srv/jellyfin/data/jellyfin.db"; + } + ]; + caddy.virtualHosts."jellyfin.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/karakeep.nix b/modules/nixos/features/karakeep.nix index cebc5f8..0eb9bba 100644 --- a/modules/nixos/features/karakeep.nix +++ b/modules/nixos/features/karakeep.nix @@ -12,6 +12,13 @@ in }; }; + borgmatic.settings.sqlite_databases = [ + { + name = "karakeep"; + path = "/var/lib/karakeep/db.db"; + } + ]; + caddy.virtualHosts."karakeep.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/kavita.nix b/modules/nixos/features/kavita.nix index bbb2322..d1fe035 100644 --- a/modules/nixos/features/kavita.nix +++ b/modules/nixos/features/kavita.nix @@ -15,6 +15,13 @@ in tokenKeyFile = config.age.secrets.kavita.path; }; + borgmatic.settings.sqlite_databases = [ + { + name = "kavita"; + path = "/srv/kavita/config/kavita.db"; + } + ]; + caddy.virtualHosts."kavita.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 78aa609..5c297d7 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -13,6 +13,13 @@ in group = "srv"; }; + borgmatic.settings.sqlite_databases = [ + { + name = "lidarr"; + path = "/srv/lidarr/lidarr.db"; + } + ]; + caddy.virtualHosts."lidarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 01bc88d..174eb40 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -30,7 +30,7 @@ in ]; }; -caddy.virtualHosts."paperless.fi33.buzz".extraConfig = '' + caddy.virtualHosts."paperless.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 23e090f..d5f24e7 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -12,6 +12,13 @@ in }; }; + borgmatic.settings.sqlite_databases = [ + { + name = "prowlarr"; + path = "/srv/prowlarr/prowlarr.db"; + } + ]; + caddy.virtualHosts."prowlarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/qui.nix b/modules/nixos/features/qui.nix index 8c34edf..bcb5c96 100644 --- a/modules/nixos/features/qui.nix +++ b/modules/nixos/features/qui.nix @@ -23,6 +23,13 @@ in }; }; + services.borgmatic.settings.sqlite_databases = [ + { + name = "qui"; + path = "/srv/qui/qui.db"; + } + ]; + services.caddy.virtualHosts."qui.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index 30063eb..2c5c019 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -13,6 +13,13 @@ in group = "srv"; }; + borgmatic.settings.sqlite_databases = [ + { + name = "radarr"; + path = "/srv/radarr/radarr.db"; + } + ]; + caddy.virtualHosts."radarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix index 42a884b..f616480 100644 --- a/modules/nixos/features/readarr.nix +++ b/modules/nixos/features/readarr.nix @@ -13,6 +13,13 @@ in group = "srv"; }; + borgmatic.settings.sqlite_databases = [ + { + name = "readarr"; + path = "/srv/readarr/readarr.db"; + } + ]; + caddy.virtualHosts."readarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 691b4b8..4be089e 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -13,6 +13,13 @@ in group = "srv"; }; + borgmatic.settings.sqlite_databases = [ + { + name = "sonarr"; + path = "/srv/sonarr/sonarr.db"; + } + ]; + caddy.virtualHosts."sonarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index be8cb7a..76d8acc 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -23,6 +23,13 @@ in }; }; + borgmatic.settings.sqlite_databases = [ + { + name = "vaultwarden"; + path = "/srv/vaultwarden/db.sqlite3"; + } + ]; + caddy.virtualHosts."vaultwarden.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { From 69c335dc2f5954a598bd9622e55ca262b7cd053d Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Fri, 16 Jan 2026 07:58:32 +1100 Subject: [PATCH 082/126] feat(shell-aliases): break out to separate module to ensure aliases can be used over all shells --- modules/home-manager/default.nix | 1 + modules/home-manager/features/fish.nix | 25 ----------------- .../home-manager/features/shell-aliases.nix | 27 +++++++++++++++++++ 3 files changed, 28 insertions(+), 25 deletions(-) create mode 100644 modules/home-manager/features/shell-aliases.nix diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 2bd1c85..797b6e2 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -15,6 +15,7 @@ "gh" "git" "lazygit" + "shell-aliases" "starship" "yazi" "zoxide" diff --git a/modules/home-manager/features/fish.nix b/modules/home-manager/features/fish.nix index a3fdf4c..4c8e865 100644 --- a/modules/home-manager/features/fish.nix +++ b/modules/home-manager/features/fish.nix @@ -9,31 +9,6 @@ interactiveShellInit = '' set fish_greeting ''; - shellAliases = { - # keep-sorted start - ",cat" = "bat"; - ",curl" = "xh"; - ",cut" = "choose"; - ",df" = "duf"; - ",diff" = "delta"; - ",du" = "dua"; - ",find" = "fd"; - ",grep" = "rga"; - ",ping" = "gping"; - ",ps" = "procs"; - ",sed" = "sd"; - ",ss" = "snitch"; - ",top" = "btm"; - ",unzip" = "ripunzip"; - "g" = "lazygit"; - "l" = "eza"; - "la" = "eza -a"; - "ls" = "eza"; - "ns" = "nh os switch"; - "vi" = "nvim"; - "vim" = "nvim"; - # keep-sorted end - }; plugins = [ # INFO: Using this to get shell completion for programs added to the path through nix+direnv. # Issue to upstream into direnv:Add commentMore actions diff --git a/modules/home-manager/features/shell-aliases.nix b/modules/home-manager/features/shell-aliases.nix new file mode 100644 index 0000000..0c78ca6 --- /dev/null +++ b/modules/home-manager/features/shell-aliases.nix @@ -0,0 +1,27 @@ +{ + home.shellAliases = { + # keep-sorted start + ",cat" = "bat"; + ",curl" = "xh"; + ",cut" = "choose"; + ",df" = "duf"; + ",diff" = "delta"; + ",du" = "dua"; + ",find" = "fd"; + ",grep" = "rga"; + ",ping" = "gping"; + ",ps" = "procs"; + ",sed" = "sd"; + ",ss" = "snitch"; + ",top" = "btm"; + ",unzip" = "ripunzip"; + "g" = "lazygit"; + "l" = "eza"; + "la" = "eza -a"; + "ls" = "eza"; + "ns" = "nh os switch"; + "vi" = "nvim"; + "vim" = "nvim"; + # keep-sorted end + }; +} From 3f069b939135ecddddb97893b9b89cfaf2a84f9e Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 20 Jan 2026 14:59:20 +1100 Subject: [PATCH 083/126] feat(homepage-dashboard): use equal heights in all sections --- modules/nixos/features/homepage-dashboard.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 3ab99c5..425587f 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -325,6 +325,7 @@ in "Services" = { style = "row"; columns = 4; + useEqualHeights = true; }; } { @@ -338,6 +339,7 @@ in "Utilities" = { style = "row"; columns = 3; + useEqualHeights = true; }; } ]; From b9ec41d4621c67cbbcf2d7fdd5ad8a50972ad7a0 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 20 Jan 2026 15:02:24 +1100 Subject: [PATCH 084/126] refactor(homepage-dashboard): remove unnecessary quotes around non-spaced words --- modules/nixos/features/homepage-dashboard.nix | 298 +++++++++--------- 1 file changed, 149 insertions(+), 149 deletions(-) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 425587f..d56c755 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -50,106 +50,106 @@ in { "Media Management" = [ { - "Radarr" = { - "description" = "Movie collection manager"; - "icon" = "radarr.svg"; - "href" = "https://radarr.fi33.buzz/"; - "widget" = { - "type" = "radarr"; - "url" = "https://radarr.fi33.buzz/"; - "key" = "@radarr@"; - "enableQueue" = true; + Radarr = { + description = "Movie collection manager"; + icon = "radarr.svg"; + href = "https://radarr.fi33.buzz/"; + widget = { + type = "radarr"; + url = "https://radarr.fi33.buzz/"; + key = "@radarr@"; + enableQueue = true; }; }; } { - "Sonarr" = { - "description" = "TV show collection manager"; - "icon" = "sonarr.svg"; - "href" = "https://sonarr.fi33.buzz/"; - "widget" = { - "type" = "sonarr"; - "url" = "https://sonarr.fi33.buzz/"; - "key" = "@sonarr@"; - "enableQueue" = true; + Sonarr = { + description = "TV show collection manager"; + icon = "sonarr.svg"; + href = "https://sonarr.fi33.buzz/"; + widget = { + type = "sonarr"; + url = "https://sonarr.fi33.buzz/"; + key = "@sonarr@"; + enableQueue = true; }; }; } { - "Lidarr" = { - "description" = "Music collection manager"; - "icon" = "lidarr.svg"; - "href" = "https://lidarr.fi33.buzz/"; - "widget" = { - "type" = "lidarr"; - "url" = "https://lidarr.fi33.buzz/"; - "key" = "@lidarr@"; - "enableQueue" = true; + Lidarr = { + description = "Music collection manager"; + icon = "lidarr.svg"; + href = "https://lidarr.fi33.buzz/"; + widget = { + type = "lidarr"; + url = "https://lidarr.fi33.buzz/"; + key = "@lidarr@"; + enableQueue = true; }; }; } { - "Readarr" = { - "description" = "Book collection manager"; - "icon" = "readarr.svg"; - "href" = "https://readarr.fi33.buzz/"; - "widget" = { - "type" = "readarr"; - "url" = "https://readarr.fi33.buzz/"; - "key" = "@readarr@"; - "enableQueue" = true; + Readarr = { + description = "Book collection manager"; + icon = "readarr.svg"; + href = "https://readarr.fi33.buzz/"; + widget = { + type = "readarr"; + url = "https://readarr.fi33.buzz/"; + key = "@readarr@"; + enableQueue = true; }; }; } { - "Bazarr" = { - "description" = "Subtitle downloader and manager"; - "icon" = "bazarr.svg"; - "href" = "https://bazarr.fi33.buzz/"; - "widget" = { - "type" = "bazarr"; - "url" = "https://bazarr.fi33.buzz/"; - "key" = "@bazarr@"; + Bazarr = { + description = "Subtitle downloader and manager"; + icon = "bazarr.svg"; + href = "https://bazarr.fi33.buzz/"; + widget = { + type = "bazarr"; + url = "https://bazarr.fi33.buzz/"; + key = "@bazarr@"; }; }; } { - "Prowlarr" = { - "description" = "Indexer management tool"; - "icon" = "prowlarr.svg"; - "href" = "https://prowlarr.fi33.buzz/"; - "widget" = { - "type" = "prowlarr"; - "url" = "https://prowlarr.fi33.buzz/"; - "key" = "@prowlarr@"; + Prowlarr = { + description = "Indexer management tool"; + icon = "prowlarr.svg"; + href = "https://prowlarr.fi33.buzz/"; + widget = { + type = "prowlarr"; + url = "https://prowlarr.fi33.buzz/"; + key = "@prowlarr@"; }; }; } { - "NZBget" = { - "description" = "Usenet client"; - "icon" = "nzbget.svg"; - "href" = "https://nzbget.fi33.buzz/"; - "widget" = { - "type" = "nzbget"; - "url" = "https://nzbget.fi33.buzz/"; - "username" = "nzbget"; - "password" = "@nzbget@"; + NZBget = { + description = "Usenet client"; + icon = "nzbget.svg"; + href = "https://nzbget.fi33.buzz/"; + widget = { + type = "nzbget"; + url = "https://nzbget.fi33.buzz/"; + username = "nzbget"; + password = "@nzbget@"; }; }; } { - "qui" = { - "description" = "qBittorrent front end"; - "icon" = "qui.svg"; - "href" = "https://qui.fi33.buzz/"; + qui = { + description = "qBittorrent front end"; + icon = "qui.svg"; + href = "https://qui.fi33.buzz/"; }; } { - "qBittorrent" = { - "description" = "BitTorrent client"; - "icon" = "qbittorrent.svg"; - "href" = "https://qbittorrent.fi33.buzz/"; + qBittorrent = { + description = "BitTorrent client"; + icon = "qbittorrent.svg"; + href = "https://qbittorrent.fi33.buzz/"; }; } ]; @@ -157,38 +157,38 @@ in { "Media Streaming" = [ { - "Immich" = { - "description" = "Photo backup"; - "icon" = "immich.svg"; - "href" = "https://immich.fi33.buzz/"; - "widget" = { - "type" = "immich"; - "fields" = [ + Immich = { + description = "Photo backup"; + icon = "immich.svg"; + href = "https://immich.fi33.buzz/"; + widget = { + type = "immich"; + fields = [ "users" "photos" "videos" "storage" ]; - "url" = "https://immich.fi33.buzz/"; - "version" = 2; - "key" = "@immich@"; + url = "https://immich.fi33.buzz/"; + version = 2; + key = "@immich@"; }; }; } { - "Jellyfin" = { - "description" = "Media streaming"; - "icon" = "jellyfin.svg"; - "href" = "https://jellyfin.fi33.buzz/"; - "widget" = { - "type" = "jellyfin"; - "url" = "https://jellyfin.fi33.buzz/"; - "key" = "@jellyfin@"; - "enableBlocks" = true; - "enableNowPlaying" = true; - "enableUser" = true; - "showEpisodeNumber" = true; - "expandOneStreamToTwoRows" = false; + Jellyfin = { + description = "Media streaming"; + icon = "jellyfin.svg"; + href = "https://jellyfin.fi33.buzz/"; + widget = { + type = "jellyfin"; + url = "https://jellyfin.fi33.buzz/"; + key = "@jellyfin@"; + enableBlocks = true; + enableNowPlaying = true; + enableUser = true; + showEpisodeNumber = true; + expandOneStreamToTwoRows = false; }; }; } @@ -205,46 +205,46 @@ in }; } { - "Karakeep" = { - "description" = "Web clipper"; - "icon" = "karakeep.svg"; - "href" = "https://karakeep.fi33.buzz/"; - "widget" = { - "type" = "karakeep"; - "url" = "https://karakeep.fi33.buzz/"; - "key" = "@karakeep@"; + Karakeep = { + description = "Web clipper"; + icon = "karakeep.svg"; + href = "https://karakeep.fi33.buzz/"; + widget = { + type = "karakeep"; + url = "https://karakeep.fi33.buzz/"; + key = "@karakeep@"; }; }; } { - "Miniflux" = { - "description" = "RSS aggregator"; - "icon" = "miniflux.svg"; - "href" = "https://miniflux.fi33.buzz/"; - "widget" = { - "type" = "miniflux"; - "url" = "https://miniflux.fi33.buzz/"; - "key" = "@miniflux@"; + Miniflux = { + description = "RSS aggregator"; + icon = "miniflux.svg"; + href = "https://miniflux.fi33.buzz/"; + widget = { + type = "miniflux"; + url = "https://miniflux.fi33.buzz/"; + key = "@miniflux@"; }; }; } { - "Paperless" = { - "description" = "Digital filing cabinet"; - "icon" = "paperless.svg"; - "href" = "https://paperless.fi33.buzz/"; - "widget" = { - "type" = "paperlessngx"; - "url" = "https://paperless.fi33.buzz/"; - "username" = "admin"; - "password" = "@paperless@"; + Paperless = { + description = "Digital filing cabinet"; + icon = "paperless.svg"; + href = "https://paperless.fi33.buzz/"; + widget = { + type = "paperlessngx"; + url = "https://paperless.fi33.buzz/"; + username = "admin"; + password = "@paperless@"; }; }; } ]; } { - "Services" = [ + Services = [ { "copyparty" = { "description" = "Cloud file manager"; @@ -253,56 +253,56 @@ in }; } { - "CouchDB" = { - "description" = "Obsidian sync database"; - "icon" = "couchdb.svg"; - "href" = "https://couchdb.fi33.buzz/_utils/"; + CouchDB = { + description = "Obsidian sync database"; + icon = "couchdb.svg"; + href = "https://couchdb.fi33.buzz/_utils/"; }; } { - "Firefly" = { - "description" = "Budget Planner"; - "icon" = "firefly-iii.svg"; - "href" = "https://firefly.fi33.buzz/"; + Firefly = { + description = "Budget Planner"; + icon = "firefly-iii.svg"; + href = "https://firefly.fi33.buzz/"; }; } { - "ntfy" = { - "description" = "Notification service"; - "icon" = "ntfy.svg"; - "href" = "https://ntfy-sh.fi33.buzz/"; + ntfy = { + description = "Notification service"; + icon = "ntfy.svg"; + href = "https://ntfy-sh.fi33.buzz/"; }; } { - "Radicale" = { - "description" = "CalDAV/CardDAV service"; - "icon" = "radicale.svg"; - "href" = "https://radicale.fi33.buzz"; + Radicale = { + description = "CalDAV/CardDAV service"; + icon = "radicale.svg"; + href = "https://radicale.fi33.buzz"; }; } { - "Syncthing" = { - "description" = "Decentralised file synchronisation"; - "icon" = "syncthing.svg"; - "href" = "https://syncthing.fi33.buzz/"; + Syncthing = { + description = "Decentralised file synchronisation"; + icon = "syncthing.svg"; + href = "https://syncthing.fi33.buzz/"; }; } { - "Vaultwarden" = { - "description" = "Password manager"; - "icon" = "vaultwarden.svg"; - "href" = "https://vaultwarden.fi33.buzz/"; + Vaultwarden = { + description = "Password manager"; + icon = "vaultwarden.svg"; + href = "https://vaultwarden.fi33.buzz/"; }; } ]; } { - "Utilities" = [ + Utilities = [ { - "NanoKVM" = { - "description" = "Remote KVM switch"; - "icon" = "mdi-console.svg"; - "href" = "http://nano-kvm/"; + NanoKVM = { + description = "Remote KVM switch"; + icon = "mdi-console.svg"; + href = "http://nano-kvm/"; }; } ]; @@ -322,7 +322,7 @@ in }; } { - "Services" = { + Services = { style = "row"; columns = 4; useEqualHeights = true; @@ -336,7 +336,7 @@ in }; } { - "Utilities" = { + Utilities = { style = "row"; columns = 3; useEqualHeights = true; From ce72f5129a6017ba46bd4684e966615ebced3a7a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 16 Feb 2026 16:15:54 +0000 Subject: [PATCH 085/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/fcdea22' (2025-11-08) → 'github:ryantm/agenix/b027ee2' (2026-02-04) • Updated input 'copyparty': 'github:9001/copyparty/d5a8a34' (2026-01-12) → 'github:9001/copyparty/d067d2a' (2026-02-14) • Updated input 'home-manager': 'github:nix-community/home-manager/8bc5473' (2026-01-10) → 'github:nix-community/home-manager/ae8003d' (2026-02-15) • Updated input 'nix-citizen': 'github:LovingMelody/nix-citizen/7b5ad5f' (2026-01-10) → 'github:LovingMelody/nix-citizen/2affbcd' (2026-02-13) • Updated input 'nix-citizen/flake-parts': 'github:hercules-ci/flake-parts/250481a' (2026-01-05) → 'github:hercules-ci/flake-parts/5792860' (2026-02-02) • Updated input 'nix-citizen/nixpkgs': 'github:NixOS/nixpkgs/3497aa5' (2026-01-08) → 'github:NixOS/nixpkgs/ec7c70d' (2026-02-11) • Updated input 'nix-citizen/treefmt-nix': 'github:numtide/treefmt-nix/778a1d6' (2026-01-07) → 'github:numtide/treefmt-nix/337a4fe' (2026-02-04) • Updated input 'nix-gaming': 'github:fufexan/nix-gaming/c104472' (2026-01-13) → 'github:fufexan/nix-gaming/0c4bf3a' (2026-02-15) • Updated input 'nix-gaming/flake-parts': 'github:hercules-ci/flake-parts/250481a' (2026-01-05) → 'github:hercules-ci/flake-parts/5792860' (2026-02-02) • Updated input 'nix-gaming/flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/2075416' (2025-12-14) → 'github:nix-community/nixpkgs.lib/7271616' (2026-02-01) • Updated input 'nix-gaming/nixpkgs': 'github:NixOS/nixpkgs/3146c6a' (2026-01-10) → 'github:NixOS/nixpkgs/2343bbb' (2026-02-11) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/ffbc9f8' (2026-01-11) → 'github:nixos/nixpkgs/a82ccc3' (2026-02-13) • Updated input 'nixvim': 'github:nix-community/nixvim/7eb8f36' (2026-01-08) → 'github:nix-community/nixvim/ed0424f' (2026-02-15) • Updated input 'nixvim/flake-parts': 'github:hercules-ci/flake-parts/a34fae9' (2025-12-15) → 'github:hercules-ci/flake-parts/5792860' (2026-02-02) • Updated input 'nur': 'github:nix-community/NUR/ecccc8e' (2026-01-12) → 'github:nix-community/NUR/76daea0' (2026-02-16) --- flake.lock | 90 +++++++++++++++++++++++++++--------------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/flake.lock b/flake.lock index dd23c79..f754091 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1768232598, - "narHash": "sha256-G+KqlGfXQ8PWvJbG5IqSBJcNLltS+erRkVhn9D0UBM4=", + "lastModified": 1771111169, + "narHash": "sha256-WNHK8xPTw4uHn/Y3ClSCPJj1rfXlsHElUDDPZi2LH6Q=", "owner": "9001", "repo": "copyparty", - "rev": "d5a8a34bcafde04165c4e07e4885b11f6ddd2aff", + "rev": "d067d2a6384e159d4d950a4a596a1f91af14f0c5", "type": "github" }, "original": { @@ -72,11 +72,11 @@ ] }, "locked": { - "lastModified": 1767609335, - "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -90,11 +90,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1767609335, - "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -111,11 +111,11 @@ ] }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -188,11 +188,11 @@ ] }, "locked": { - "lastModified": 1768068402, - "narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=", + "lastModified": 1771188132, + "narHash": "sha256-qLXxN/tPrZtnekaLBQuVtxQfvqqs5cT5WbyH4zZaTGI=", "owner": "nix-community", "repo": "home-manager", - "rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c", + "rev": "ae8003d8b61d0d373e7ca3da1a48f9c870d15df9", "type": "github" }, "original": { @@ -213,11 +213,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1768085843, - "narHash": "sha256-fwh2ImVwwHWsUhem3xlscEM6n7q4rkeKXEv25QWdzjs=", + "lastModified": 1771024909, + "narHash": "sha256-nCTsyqZqKJDSjzxE3GcNAp685SrU5Qa01+b1d3fHvho=", "owner": "LovingMelody", "repo": "nix-citizen", - "rev": "7b5ad5f6593893cc70c30a5ce45028ea0cd97ab3", + "rev": "2affbcd1cbc73d68b38f1b0de1184f55e61f0ad0", "type": "github" }, "original": { @@ -232,11 +232,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1768269856, - "narHash": "sha256-O7Qy+w2fK4kBq2I70haCDJYpzbpPW58FscHpRzw9lfA=", + "lastModified": 1771123156, + "narHash": "sha256-Px1IFFTw3zdP8RNram2g41EvUTjIZRDLCgZyXgpBty0=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "c104472764fc9e8926e40ccc7e0e6d540d718458", + "rev": "0c4bf3ac4eaf5b693e5d7ae75f3caba8fcf15d8f", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1767892417, - "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", + "lastModified": 1770841267, + "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", + "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1768032153, - "narHash": "sha256-6kD1MdY9fsE6FgSwdnx29hdH2UcBKs3/+JJleMShuJg=", + "lastModified": 1770843696, + "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3146c6aa9995e7351a398e17470e15305e6e18ff", + "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", "type": "github" }, "original": { @@ -330,11 +330,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1768127708, - "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "lastModified": 1771008912, + "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "rev": "a82ccc39b39b621151d6732718e3e250109076fa", "type": "github" }, "original": { @@ -353,11 +353,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1767906546, - "narHash": "sha256-AoSWS8+P+7hQ/jIdv0wBjgH1MvnerdWBFXO4GV3JoQs=", + "lastModified": 1771135771, + "narHash": "sha256-wyvBIhDuyCRyjB3yPg77qoyxrlgQtBR1rVW3c9knV3E=", "owner": "nix-community", "repo": "nixvim", - "rev": "7eb8f36f085b85a2aeff929aff52d0f6aa14e000", + "rev": "ed0424f0b08d303a7348f52f7850ad1b2704f9ba", "type": "github" }, "original": { @@ -374,11 +374,11 @@ ] }, "locked": { - "lastModified": 1768233111, - "narHash": "sha256-+ispedVffXCQUVDCgJDY6USEILM8rZsEZaxPZdXzKtA=", + "lastModified": 1771256997, + "narHash": "sha256-zSKbic6sOY5U+nhyoyx7/EBsHEdBOfwdA3lf81Bvk3k=", "owner": "nix-community", "repo": "NUR", - "rev": "ecccc8eec0e39e4b8bf12dc73d57083e4682f162", + "rev": "76daea059507c8058d4518d8d95775f4a5bc954f", "type": "github" }, "original": { @@ -452,11 +452,11 @@ ] }, "locked": { - "lastModified": 1767801790, - "narHash": "sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2+gM5tf8=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "778a1d691f1ef45dd68c661715c5bf8cbf131c80", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { From c0e7f6f64970120f5a9eafd93218657b333cbe30 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 18 Feb 2026 19:22:10 +1100 Subject: [PATCH 086/126] fix: nexus mods app is no longer maintained --- modules/nixos/features/gaming.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/nixos/features/gaming.nix b/modules/nixos/features/gaming.nix index 2bae347..94c90ae 100644 --- a/modules/nixos/features/gaming.nix +++ b/modules/nixos/features/gaming.nix @@ -7,7 +7,6 @@ # keep-sorted start heroic mangohud - nexusmods-app prismlauncher protonup-qt wine From a54857c3659c31a20822ea80654899b1fc02793a Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Sat, 21 Feb 2026 23:12:46 +1100 Subject: [PATCH 087/126] refactor: remove software associated with llms --- hosts/desktop/configuration.nix | 1 - hosts/server/configuration.nix | 6 ---- modules/home-manager/bundles/dev.nix | 1 - modules/home-manager/default.nix | 3 +- modules/home-manager/features/bash.nix | 4 +++ modules/home-manager/features/firefox.nix | 1 - modules/home-manager/features/zellij.nix | 1 - modules/home-manager/features/zoxide.nix | 1 - modules/nixos/bundles/dev.nix | 5 ---- modules/nixos/bundles/gui.nix | 4 +-- modules/nixos/bundles/server.nix | 4 --- modules/nixos/default.nix | 2 -- modules/nixos/features/homepage-dashboard.nix | 29 +------------------ 13 files changed, 8 insertions(+), 54 deletions(-) create mode 100644 modules/home-manager/features/bash.nix diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 982b9a1..2ae8322 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -18,7 +18,6 @@ "external-speakers" "gaming" "link2c" - "llm" "plasma" "star-citizen" # keep-sorted end diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 2e6b0b8..aff95a3 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -30,12 +30,6 @@ fsType = "ext4"; options = [ "nofail" - "defaults" - "user" - "rw" - "utf8" - "noauto" - "umask=000" ]; }; diff --git a/modules/home-manager/bundles/dev.nix b/modules/home-manager/bundles/dev.nix index c5510a2..8b0003b 100644 --- a/modules/home-manager/bundles/dev.nix +++ b/modules/home-manager/bundles/dev.nix @@ -6,7 +6,6 @@ imports = util.toImports ../features [ # keep-sorted start "direnv" - "zed-editor" # keep-sorted end ]; } diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 797b6e2..eed9e76 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -6,13 +6,12 @@ imports = util.toImports ./features [ # keep-sorted start "agenix" + "bash" "bat" "bottom" "delta" "eza" "fd" - "fish" - "gh" "git" "lazygit" "shell-aliases" diff --git a/modules/home-manager/features/bash.nix b/modules/home-manager/features/bash.nix new file mode 100644 index 0000000..4f7de2a --- /dev/null +++ b/modules/home-manager/features/bash.nix @@ -0,0 +1,4 @@ +{ + home.shell.enableBashIntegration = true; + programs.bash.enable = true; +} diff --git a/modules/home-manager/features/firefox.nix b/modules/home-manager/features/firefox.nix index e7adee0..4231d89 100644 --- a/modules/home-manager/features/firefox.nix +++ b/modules/home-manager/features/firefox.nix @@ -75,7 +75,6 @@ # detect-cloudflare bitwarden dearrow - floccus nixpkgs-pr-tracker react-devtools return-youtube-dislikes diff --git a/modules/home-manager/features/zellij.nix b/modules/home-manager/features/zellij.nix index f7222ed..43d706b 100644 --- a/modules/home-manager/features/zellij.nix +++ b/modules/home-manager/features/zellij.nix @@ -4,7 +4,6 @@ settings = { theme = "catppuccin-mocha"; show_startup_tips = false; - default_shell = "fish"; }; }; } diff --git a/modules/home-manager/features/zoxide.nix b/modules/home-manager/features/zoxide.nix index 06cb837..61faad9 100644 --- a/modules/home-manager/features/zoxide.nix +++ b/modules/home-manager/features/zoxide.nix @@ -1,7 +1,6 @@ { programs.zoxide = { enable = true; - enableBashIntegration = true; options = [ "--cmd j" ]; diff --git a/modules/nixos/bundles/dev.nix b/modules/nixos/bundles/dev.nix index b9eb440..2af44dc 100644 --- a/modules/nixos/bundles/dev.nix +++ b/modules/nixos/bundles/dev.nix @@ -7,12 +7,7 @@ # keep-sorted start bacon cargo-info - devenv - just mask - # rusty-man - vscode # keep-sorted end ]; - } diff --git a/modules/nixos/bundles/gui.nix b/modules/nixos/bundles/gui.nix index d1b81bc..9459711 100644 --- a/modules/nixos/bundles/gui.nix +++ b/modules/nixos/bundles/gui.nix @@ -14,10 +14,10 @@ environment.systemPackages = with pkgs; [ # keep-sorted start - beeper cameractrls-gtk3 jellyfin-desktop - onlyoffice-desktopeditors + libreoffice + signal-desktop textsnatcher # keep-sorted end ]; diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index b7f4b53..7a6bac2 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -9,11 +9,9 @@ "caddy" "copyparty" "couchdb" - "firefly" "homepage-dashboard" "immich" "jellyfin" - "karakeep" "kavita" "lidarr" "miniflux" @@ -22,13 +20,11 @@ "paperless" "prowlarr" "qbittorrent" - "qui" "radarr" "radicale" "readarr" "sonarr" "syncthing" - "upbank2firefly" "vaultwarden" # keep-sorted end ]; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 0c733d4..c1243e6 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -26,8 +26,6 @@ # keep-sorted start broot # large directory browser choose # cut - circumflex # hacker news browsing - cointop # crypto ticker ddgr # web search doggo # dns dua # du diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index d56c755..2933366 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -26,7 +26,6 @@ let "bazarr" "immich" "jellyfin" - "karakeep" "kavita-api" "lidarr" "miniflux" @@ -138,13 +137,6 @@ in }; }; } - { - qui = { - description = "qBittorrent front end"; - icon = "qui.svg"; - href = "https://qui.fi33.buzz/"; - }; - } { qBittorrent = { description = "BitTorrent client"; @@ -204,18 +196,6 @@ in }; }; } - { - Karakeep = { - description = "Web clipper"; - icon = "karakeep.svg"; - href = "https://karakeep.fi33.buzz/"; - widget = { - type = "karakeep"; - url = "https://karakeep.fi33.buzz/"; - key = "@karakeep@"; - }; - }; - } { Miniflux = { description = "RSS aggregator"; @@ -259,13 +239,6 @@ in href = "https://couchdb.fi33.buzz/_utils/"; }; } - { - Firefly = { - description = "Budget Planner"; - icon = "firefly-iii.svg"; - href = "https://firefly.fi33.buzz/"; - }; - } { ntfy = { description = "Notification service"; @@ -324,7 +297,7 @@ in { Services = { style = "row"; - columns = 4; + columns = 3; useEqualHeights = true; }; } From 3323c6ba7aeefdd09f13dd428231d8892e8cfa45 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Sat, 21 Feb 2026 23:13:18 +1100 Subject: [PATCH 088/126] fix(syncthing): only needs to be defined in the default module, not also the server module --- modules/nixos/bundles/server.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 7a6bac2..2795aca 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -24,7 +24,6 @@ "radicale" "readarr" "sonarr" - "syncthing" "vaultwarden" # keep-sorted end ]; From b6dafe490811eab4a788b9c8eba0a11b2071ad29 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Sat, 21 Feb 2026 23:30:05 +1100 Subject: [PATCH 089/126] fix(yazi): update shell wrapper name --- modules/home-manager/features/yazi.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home-manager/features/yazi.nix b/modules/home-manager/features/yazi.nix index ed4affc..42575dd 100644 --- a/modules/home-manager/features/yazi.nix +++ b/modules/home-manager/features/yazi.nix @@ -5,6 +5,7 @@ { programs.yazi = { enable = true; + shellWrapperName = "y"; plugins = { # keep-sorted start diff = pkgs.yaziPlugins.diff; From 9bdffc9a3a02200d801384973231d2734129d3f5 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Sun, 22 Feb 2026 16:47:21 +1100 Subject: [PATCH 090/126] fix(copyparty): support reverse proxies --- modules/nixos/features/copyparty.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index bd31797..7994bf3 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -21,6 +21,8 @@ in e2ts = true; e2vu = true; p = port; + xff-hdr = "x-forwarded-for"; + rproxy = 1; }; accounts.will.passwordFile = config.age.secrets.copyparty-will.path; From fbd4da91c07198bb6a7f61c653ed35545e052af5 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Sun, 22 Feb 2026 16:47:38 +1100 Subject: [PATCH 091/126] fix(copyparty): disable read access for all non-users --- modules/nixos/features/copyparty.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index 7994bf3..73006f6 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -30,7 +30,6 @@ in volumes."/" = { path = "/srv/copyparty"; access = { - r = "*"; A = [ "will" ]; }; }; From 3c46d9e066e6b7d5105f1433d486459780581f92 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Sun, 22 Feb 2026 16:49:11 +1100 Subject: [PATCH 092/126] feat: prepare for exposure to the internet * open ports 80 and 443 * password-protect copyparty and ntfy-sh * randomise usernames for radicale and copyparty --- hosts/server/configuration.nix | 8 +++++++- modules/nixos/features/borgmatic.nix | 3 +++ modules/nixos/features/caddy.nix | 1 + modules/nixos/features/copyparty.nix | 8 ++++---- modules/nixos/features/ntfy-sh.nix | 12 ++++++++++++ secrets/borgmatic-ntfy.age | 9 +++++++++ secrets/{copyparty-will.age => copyparty.age} | Bin secrets/radicale.age | Bin 492 -> 498 bytes secrets/secrets.nix | 3 ++- 9 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 secrets/borgmatic-ntfy.age rename secrets/{copyparty-will.age => copyparty.age} (100%) diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index aff95a3..a331fc7 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -33,7 +33,13 @@ ]; }; - networking.hostName = "${hostName}"; + networking = { + hostName = "${hostName}"; + firewall.interfaces."enp2s0".allowedTCPPorts = [ + 80 + 443 + ]; + }; # hardened openssh services.openssh = { diff --git a/modules/nixos/features/borgmatic.nix b/modules/nixos/features/borgmatic.nix index bd45777..6628f8e 100644 --- a/modules/nixos/features/borgmatic.nix +++ b/modules/nixos/features/borgmatic.nix @@ -20,6 +20,8 @@ ntfy = { topic = "backups"; server = config.services.ntfy-sh.settings.base-url; + username = "borgmatic"; + password = "{credential file ${config.age.secrets.borgmatic-ntfy.path}}"; finish = { title = "Ping!"; message = "Your backups have succeeded :)"; @@ -78,6 +80,7 @@ # secrets age.secrets = { "borgmatic".file = ../../../secrets/borgmatic.age; + "borgmatic-ntfy".file = ../../../secrets/borgmatic-ntfy.age; "borgmatic-pg".file = ../../../secrets/borgmatic-pg.age; }; } diff --git a/modules/nixos/features/caddy.nix b/modules/nixos/features/caddy.nix index ca45981..4c8978a 100644 --- a/modules/nixos/features/caddy.nix +++ b/modules/nixos/features/caddy.nix @@ -9,6 +9,7 @@ globalConfig = '' auto_https disable_redirects ''; + openFirewall = true; }; security.acme = { diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index 73006f6..ac21d2c 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -25,12 +25,12 @@ in rproxy = 1; }; - accounts.will.passwordFile = config.age.secrets.copyparty-will.path; + accounts.Impatient7119.passwordFile = config.age.secrets.copyparty.path; volumes."/" = { path = "/srv/copyparty"; access = { - A = [ "will" ]; + A = [ "Impatient7119" ]; }; }; }; @@ -44,8 +44,8 @@ in }; # secrets - age.secrets."copyparty-will" = { - file = ../../../secrets/copyparty-will.age; + age.secrets."copyparty" = { + file = ../../../secrets/copyparty.age; owner = "copyparty"; }; diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index e53a792..b82a4f0 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -10,9 +10,21 @@ in base-url = "https://ntfy-sh.fi33.buzz"; listen-http = ":${toString port}"; behind-proxy = true; + auth-default-access = "deny-all"; + auth-users = [ + "Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin" + "borgmatic:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:user" + ]; + auth-access = [ "borgmatic:backups:wo" ]; }; }; + borgmatic.settings = { + source_directories = [ + "/var/lib/ntfy-sh/user.db" + ]; + }; + caddy.virtualHosts."ntfy-sh.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/secrets/borgmatic-ntfy.age b/secrets/borgmatic-ntfy.age new file mode 100644 index 0000000..86e7ba8 --- /dev/null +++ b/secrets/borgmatic-ntfy.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ GTuLiTsgOVunKC+DyalVPV3gKm3WiKoSIQXg/0ElJF8 +UiOLJdTn4Q5oTkqAtZ6K0uxW+EsrpfA156uC1ncrIY0 +-> ssh-ed25519 7+xRyQ k2ta2Gl7zCvHiv4DwzgRK5REDYayIoTfC32BF5yHxgg +n7sqfJ6fx/3VnQCD+H4n92ekGdoFCdk/SeXdSU8FZHc +-> ssh-ed25519 LtK9yQ BQ9U3//Lzx7dX+iDyP2lqx6K860kFTu/iB5uMAskKhA +xiV+QxL8ffx9n9gIUr5wwQ5zGvZlFsf2DclayQh8SJI +--- k06SInBOn82DqWfIf4t62pjAZ1R0uWAyQTi5ELDD/6U +f_$T56"TH;4}HRrifMU}Yh}5Cene_&aGrLufklypcR)#HNN}!^ zzk!jfabTq*S5F6kLAkrnwN23dhzx^@c1#TmM(DMqHI zhL#FGCEk{mfeP6rzMc_gQI;|V~dCNS_ w$?9p@t1ix(of2Q+^vixKmwD&JnSX44@hs7B4gPtw|B!yi3ZbKRkAHsx0Ox?F2mk;8 delta 465 zcmeyw{DyggYQ0a1w`FCZLYY%(c|odQNK#35c~p6RV1ZM5M3i@#p+$soluNl`XtrOX zyJ>1cadC!jYKoDmsiCDpp-+gmOQ3>Nm~T#?eu=MhR=rt3a7bENqN#JCo2h$FaZ;$I zwwHdGziX<0az?tBp`$04XQF`X?L6w0DE=ECqCdFYTmJt=XepT*y8Ad@a70&tEMcPL7!9k{$1?8c^ z7M4YYMH$Z7T;YKxA#OR9MqYs)W(C2i9u~$CL8W0?Zq6S0StZ)Wq0as;rAhkvp{7Qm zT)Mit3K`+SZmEf>xy8wTky*i>r3TrhVV02=mI1Co1{S_KA!*u`j;U3pMPa$+TmfML zGJcoYa|#ZyaRhI%cX$2f_4-Y8 Date: Mon, 23 Feb 2026 16:21:07 +0000 Subject: [PATCH 093/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'copyparty': 'github:9001/copyparty/d067d2a' (2026-02-14) → 'github:9001/copyparty/ab8bd01' (2026-02-23) • Updated input 'home-manager': 'github:nix-community/home-manager/ae8003d' (2026-02-15) → 'github:nix-community/home-manager/9a4b494' (2026-02-23) • Updated input 'nix-citizen': 'github:LovingMelody/nix-citizen/2affbcd' (2026-02-13) → 'github:LovingMelody/nix-citizen/bebdc04' (2026-02-20) • Updated input 'nix-citizen/nixpkgs': 'github:NixOS/nixpkgs/ec7c70d' (2026-02-11) → 'github:NixOS/nixpkgs/0182a36' (2026-02-17) • Updated input 'nix-gaming': 'github:fufexan/nix-gaming/0c4bf3a' (2026-02-15) → 'github:fufexan/nix-gaming/e70ef85' (2026-02-23) • Updated input 'nix-gaming/nixpkgs': 'github:NixOS/nixpkgs/2343bbb' (2026-02-11) → 'github:NixOS/nixpkgs/d1c15b7' (2026-02-16) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/a82ccc3' (2026-02-13) → 'github:nixos/nixpkgs/0182a36' (2026-02-17) • Updated input 'nur': 'github:nix-community/NUR/76daea0' (2026-02-16) → 'github:nix-community/NUR/c5fa7a8' (2026-02-23) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index f754091..42e5940 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1771111169, - "narHash": "sha256-WNHK8xPTw4uHn/Y3ClSCPJj1rfXlsHElUDDPZi2LH6Q=", + "lastModified": 1771834427, + "narHash": "sha256-B1j0ahVuxyZtpbFfy34gk2DjacimPIuzyzCPvDhvxI4=", "owner": "9001", "repo": "copyparty", - "rev": "d067d2a6384e159d4d950a4a596a1f91af14f0c5", + "rev": "ab8bd0178b26a0b6c6406f7bae835d13b16ef188", "type": "github" }, "original": { @@ -188,11 +188,11 @@ ] }, "locked": { - "lastModified": 1771188132, - "narHash": "sha256-qLXxN/tPrZtnekaLBQuVtxQfvqqs5cT5WbyH4zZaTGI=", + "lastModified": 1771851181, + "narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "ae8003d8b61d0d373e7ca3da1a48f9c870d15df9", + "rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c", "type": "github" }, "original": { @@ -213,11 +213,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1771024909, - "narHash": "sha256-nCTsyqZqKJDSjzxE3GcNAp685SrU5Qa01+b1d3fHvho=", + "lastModified": 1771619527, + "narHash": "sha256-y/jb+wpBP0FGwoa8Jin7NAE0bGP2N6c8GlffAz4AgsA=", "owner": "LovingMelody", "repo": "nix-citizen", - "rev": "2affbcd1cbc73d68b38f1b0de1184f55e61f0ad0", + "rev": "bebdc0400deffc548360bf900aa26e41af7ee4be", "type": "github" }, "original": { @@ -232,11 +232,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1771123156, - "narHash": "sha256-Px1IFFTw3zdP8RNram2g41EvUTjIZRDLCgZyXgpBty0=", + "lastModified": 1771830876, + "narHash": "sha256-18G4VyxjjQ/fM7yjBIbHQEdJlodUd/J5KlG5RuFqRG0=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "0c4bf3ac4eaf5b693e5d7ae75f3caba8fcf15d8f", + "rev": "e70ef8581abe41fc62428cd4a5da47405233b19d", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1770841267, - "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", + "lastModified": 1771369470, + "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", + "rev": "0182a361324364ae3f436a63005877674cf45efb", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1770843696, - "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", + "lastModified": 1771207753, + "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", + "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", "type": "github" }, "original": { @@ -330,11 +330,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1771008912, - "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", + "lastModified": 1771369470, + "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a82ccc39b39b621151d6732718e3e250109076fa", + "rev": "0182a361324364ae3f436a63005877674cf45efb", "type": "github" }, "original": { @@ -374,11 +374,11 @@ ] }, "locked": { - "lastModified": 1771256997, - "narHash": "sha256-zSKbic6sOY5U+nhyoyx7/EBsHEdBOfwdA3lf81Bvk3k=", + "lastModified": 1771863000, + "narHash": "sha256-kQqPXgZkT7AGuVKEBh99IoawtxnyLg38HJFYNwWQxNk=", "owner": "nix-community", "repo": "NUR", - "rev": "76daea059507c8058d4518d8d95775f4a5bc954f", + "rev": "c5fa7a8e1f27f220045e3c7d9a1188a9254ac804", "type": "github" }, "original": { From e3c18152d5ba0f60c5a2c52db9e4d4486977ee6b Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 24 Feb 2026 22:25:00 +1100 Subject: [PATCH 094/126] fix(homepage-dashboard): for some bizzare reason, the "bazarr" key wasn't working but I changed the name to "subtitles" and it works so yay --- modules/nixos/features/homepage-dashboard.nix | 4 ++-- secrets/bazarr.age | 16 ++++++++-------- secrets/secrets.nix | 2 +- secrets/subtitles.age | Bin 0 -> 465 bytes 4 files changed, 11 insertions(+), 11 deletions(-) create mode 100644 secrets/subtitles.age diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 2933366..abd4624 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -23,7 +23,6 @@ let secrets = [ # keep-sorted start - "bazarr" "immich" "jellyfin" "kavita-api" @@ -35,6 +34,7 @@ let "radarr" "readarr" "sonarr" + "subtitles" # keep-sorted end ]; certloc = "/var/lib/acme/fi33.buzz"; @@ -108,7 +108,7 @@ in widget = { type = "bazarr"; url = "https://bazarr.fi33.buzz/"; - key = "@bazarr@"; + key = "@subtitles@"; }; }; } diff --git a/secrets/bazarr.age b/secrets/bazarr.age index 82d61ca..108c2a4 100644 --- a/secrets/bazarr.age +++ b/secrets/bazarr.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 qLT+DQ pNb65h8kPUdFi7vgKoENqFf9NuQAfegSAM+SVxoTdGQ -7pDfhxs55Q4HQetasY6tZX76aOleLTCTi3xEdCqPdFo --> ssh-ed25519 7+xRyQ SiBuQH6fIUFidqFUIFfE9i0zJhuMAWYmDCeszOJLZlE -ASEBjHaAVrH6z/43Rfnh2P0REg7f0b53fqbLHD44P8g --> ssh-ed25519 LtK9yQ F6FnS/nRerbt/tMCl48CMjyKwhgCI8ti40klovGXdGU -ksVfKN3xowiBhwzyS9DLdmVX1QLCo8hvNiNux0MkiXU ---- rMrNsQ0G/k0MAwDOBd9IYDb2Lc8N/RaGXIGKtm9FL1c -q 9o-dtB7v*i:.G/t),+/vCD}SX(} *4[~l \ No newline at end of file +-> ssh-ed25519 qLT+DQ sHlKSMDLuGOLY2qwoFCS2ZiC/903ChAP0wp4wJYksi8 +jIzt2BvZy53dMdUSYBEa2QsWQ7yluk9ltdk4wrTkIbo +-> ssh-ed25519 7+xRyQ /JHmkqPhx/nJFhOxWu5nrX89NCBI/Bhyih81bIv2OR8 +VJPt3EFgYWc6bYBSNNzLFnWBNVx7RYJaG/hNF2EswQ4 +-> ssh-ed25519 LtK9yQ znUR+X5uu9wdKPdUBEOhs295e/zLAD8E49vZ0QEaL10 +ADBASujra+DSzavY/m/gU3xgAzaSqlTh2txpzyyJIJQ +--- j21Ms0NWBwHJV1NPbIp19lSgCMkCHSUX3UwWjg43OLk +[,WM?&>ʄ 1P ī"oKޓjhiҪ&UMPr& \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b3b9380..9b08c62 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -15,7 +15,6 @@ let in { # keep-sorted start - "bazarr.age".publicKeys = users; "borgmatic-ntfy.age".publicKeys = users; "borgmatic-pg.age".publicKeys = users; "borgmatic.age".publicKeys = users; @@ -40,6 +39,7 @@ in "radicale.age".publicKeys = users; "readarr.age".publicKeys = users; "sonarr.age".publicKeys = users; + "subtitles.age".publicKeys = users; "upbank2firefly.age".publicKeys = users; "vaultwarden-admin.age".publicKeys = users; # keep-sorted end diff --git a/secrets/subtitles.age b/secrets/subtitles.age new file mode 100644 index 0000000000000000000000000000000000000000..11a88e57574906ef962fca7bf9fa1efd39203c10 GIT binary patch literal 465 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^a;^+2~; z)GN&|u&Tr?KQ}waE8D~=(Y?IbEGeVNF|#}{Bb}?tr>G<--_C`pO^h#$uNok0b?OYfTObgW!@*w85S98M?ovKA g;lkWQH}(W%#=Dq(*m&lVaHH=#*6*jif~WNW0JM#s6aWAK literal 0 HcmV?d00001 From b1369d9233626c6891b86bb4505dd2f8aa85f4cf Mon Sep 17 00:00:00 2001 From: wi11-holdsworth Date: Tue, 24 Feb 2026 22:48:30 +1100 Subject: [PATCH 095/126] feat(git): add signing key to secrets store and sign all commits by default --- modules/home-manager/features/git.nix | 27 ++++++++++++++++++-------- secrets/git_signing_key.age | Bin 0 -> 831 bytes secrets/git_signing_key.pub.age | 10 ++++++++++ secrets/secrets.nix | 2 ++ 4 files changed, 31 insertions(+), 8 deletions(-) create mode 100644 secrets/git_signing_key.age create mode 100644 secrets/git_signing_key.pub.age diff --git a/modules/home-manager/features/git.nix b/modules/home-manager/features/git.nix index 8bffb72..7be9e6c 100644 --- a/modules/home-manager/features/git.nix +++ b/modules/home-manager/features/git.nix @@ -1,15 +1,12 @@ +{ + userName, + ... +}: { programs.git = { enable = true; settings = { - init.defaultBranch = "main"; - core.editor = "nvim"; - push.autoSetupRemote = true; - pull.rebase = true; - user = { - name = "wi11-holdsworth"; - email = "83637728+wi11-holdsworth@users.noreply.github.com"; - }; + # keep-sorted start block=yes aliases = { # keep-sorted start a = "add"; @@ -30,6 +27,20 @@ s = "status -s"; # keep-sorted end }; + core.editor = "nvim"; + init.defaultBranch = "main"; + pull.rebase = true; + push.autoSetupRemote = true; + user = { + name = "Will Holdsworth"; + email = "me@fi33.buzz"; + }; + # keep-sorted end + }; + signing = { + key = "/home/${userName}/.ssh/git_signature.pub"; + format = "ssh"; + signByDefault = true; }; }; } diff --git a/secrets/git_signing_key.age b/secrets/git_signing_key.age new file mode 100644 index 0000000000000000000000000000000000000000..d3a4680ae7605e2344c388ab6db32944a419f9fc GIT binary patch literal 831 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^a;^+2~ReH8?-0IK3*syR!&E;iq|hL(DACBk(-++~pAv7&%0PugGpC?ZXESFX3vY8*L$64SlFG{L zki<~S%m^Q!$Q14H6qizq{QN|ph=1s12;oa-A?|EKlo2RKGRwmr1dg)eg+@;vR-{kzd zzn$Ll_waGfWt&)kJG?gc?i9Pjc;t@l<$d;Z^{2=tDu%e3ESs-CYr3Jou8w*``mgOP zLIrbzZhhG{V|ENK6=KTxqsrg$oEI-JuuzS|Y|LfnD&o{dE zmP_xOSrWsN1OH~`EO$Ekky~ey1RWZHuaV!u+6%~ zby5AgM6&84|H6IgYkIg|#w(=0JzR4me!gyD=Z9*E`(NzTCjKa1(()u~>&EJy4K=6d zI+-rGtH7qb`y8`HAZLHE^Y5u~azWivlIa&+R)^lIwu-j2o3&ppA}sV|cXvYhMb4$R ze^&%-x7w)9vGw$X$=^6#`hOp+eslT!tgzqejUFQ2mJG9WrwYH)(plsY`(VnpWG{iQ z9Fx1t^F(4V4sdlmkG5=G$>lC-#4=sq?C<>h0D+cD Ab^rhX literal 0 HcmV?d00001 diff --git a/secrets/git_signing_key.pub.age b/secrets/git_signing_key.pub.age new file mode 100644 index 0000000..f0b53bc --- /dev/null +++ b/secrets/git_signing_key.pub.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ NMzN1Cll+cH5GgEQvCRpb8c1m7CDHWBtUZ5QNMluKkg +H77YBVoCAZerRyoG90h9W6PKZbpjNBl2mfsW3Eco27w +-> ssh-ed25519 7+xRyQ 67NFmrcLe9R5ni0HnvIiHcN0tlRVXpAiaVOQfIpqWzI +H7jbIgVXVl+lENksb4KUfASeIKPBI/FtHhhlQzhXwik +-> ssh-ed25519 LtK9yQ jvrWRlZF/H20QARL4lWWX0cDDoIK0Et5ZMxdsPJPXn0 +g+ZaDYycq65tBEBFuDpSl1BKuCTmxCJuYqG8kSCtL9U +--- jZ2xp/oW3CgXPc8jriK53zTODB9lhDNZr8YfSYLAmio +AKw;2R +֨bS'7//kXHӖW†

Date: Tue, 24 Feb 2026 23:38:12 +1100 Subject: [PATCH 096/126] refactor(agenix): remove unused keys --- secrets/secrets.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1004c24..c5f907c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -19,13 +19,10 @@ in "borgmatic-pg.age".publicKeys = users; "borgmatic.age".publicKeys = users; "copyparty.age".publicKeys = users; - "firefly-db.age".publicKeys = users; - "firefly.age".publicKeys = users; "git_signing_key.age".publicKeys = users; "git_signing_key.pub.age".publicKeys = users; "immich.age".publicKeys = users; "jellyfin.age".publicKeys = users; - "karakeep.age".publicKeys = users; "kavita-api.age".publicKeys = users; "kavita.age".publicKeys = users; "lidarr.age".publicKeys = users; @@ -35,14 +32,12 @@ in "porkbun-api.age".publicKeys = users; "protonmail-cert.age".publicKeys = users; "protonmail-desktop-password.age".publicKeys = users; - "protonmail-laptop-password.age".publicKeys = users; "prowlarr.age".publicKeys = users; "radarr.age".publicKeys = users; "radicale.age".publicKeys = users; "readarr.age".publicKeys = users; "sonarr.age".publicKeys = users; "subtitles.age".publicKeys = users; - "upbank2firefly.age".publicKeys = users; "vaultwarden-admin.age".publicKeys = users; # keep-sorted end } From cab4e8fd57682139819a66d4597bcce769aa8060 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Sun, 1 Mar 2026 13:16:31 +1100 Subject: [PATCH 097/126] fix(borgmatic): revert #2197490b --- modules/nixos/features/bazarr.nix | 7 ------- modules/nixos/features/jellyfin.nix | 7 ------- modules/nixos/features/karakeep.nix | 7 ------- modules/nixos/features/kavita.nix | 7 ------- modules/nixos/features/lidarr.nix | 7 ------- modules/nixos/features/prowlarr.nix | 7 ------- modules/nixos/features/qui.nix | 7 ------- modules/nixos/features/radarr.nix | 7 ------- modules/nixos/features/readarr.nix | 7 ------- modules/nixos/features/sonarr.nix | 7 ------- modules/nixos/features/vaultwarden.nix | 7 ------- 11 files changed, 77 deletions(-) diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix index b1cd4a9..541235c 100644 --- a/modules/nixos/features/bazarr.nix +++ b/modules/nixos/features/bazarr.nix @@ -11,13 +11,6 @@ in listenPort = port; }; - borgmatic.settings.sqlite_databases = [ - { - name = "bazarr"; - path = "/srv/bazarr/db/bazarr.db"; - } - ]; - caddy.virtualHosts."bazarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index b6cbcc4..9fab896 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -10,13 +10,6 @@ in group = "srv"; }; - borgmatic.settings.sqlite_databases = [ - { - name = "jellyfin"; - path = "/srv/jellyfin/data/jellyfin.db"; - } - ]; - caddy.virtualHosts."jellyfin.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/karakeep.nix b/modules/nixos/features/karakeep.nix index 0eb9bba..cebc5f8 100644 --- a/modules/nixos/features/karakeep.nix +++ b/modules/nixos/features/karakeep.nix @@ -12,13 +12,6 @@ in }; }; - borgmatic.settings.sqlite_databases = [ - { - name = "karakeep"; - path = "/var/lib/karakeep/db.db"; - } - ]; - caddy.virtualHosts."karakeep.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/kavita.nix b/modules/nixos/features/kavita.nix index d1fe035..bbb2322 100644 --- a/modules/nixos/features/kavita.nix +++ b/modules/nixos/features/kavita.nix @@ -15,13 +15,6 @@ in tokenKeyFile = config.age.secrets.kavita.path; }; - borgmatic.settings.sqlite_databases = [ - { - name = "kavita"; - path = "/srv/kavita/config/kavita.db"; - } - ]; - caddy.virtualHosts."kavita.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 5c297d7..78aa609 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -13,13 +13,6 @@ in group = "srv"; }; - borgmatic.settings.sqlite_databases = [ - { - name = "lidarr"; - path = "/srv/lidarr/lidarr.db"; - } - ]; - caddy.virtualHosts."lidarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index d5f24e7..23e090f 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -12,13 +12,6 @@ in }; }; - borgmatic.settings.sqlite_databases = [ - { - name = "prowlarr"; - path = "/srv/prowlarr/prowlarr.db"; - } - ]; - caddy.virtualHosts."prowlarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/qui.nix b/modules/nixos/features/qui.nix index bcb5c96..8c34edf 100644 --- a/modules/nixos/features/qui.nix +++ b/modules/nixos/features/qui.nix @@ -23,13 +23,6 @@ in }; }; - services.borgmatic.settings.sqlite_databases = [ - { - name = "qui"; - path = "/srv/qui/qui.db"; - } - ]; - services.caddy.virtualHosts."qui.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index 2c5c019..30063eb 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -13,13 +13,6 @@ in group = "srv"; }; - borgmatic.settings.sqlite_databases = [ - { - name = "radarr"; - path = "/srv/radarr/radarr.db"; - } - ]; - caddy.virtualHosts."radarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix index f616480..42a884b 100644 --- a/modules/nixos/features/readarr.nix +++ b/modules/nixos/features/readarr.nix @@ -13,13 +13,6 @@ in group = "srv"; }; - borgmatic.settings.sqlite_databases = [ - { - name = "readarr"; - path = "/srv/readarr/readarr.db"; - } - ]; - caddy.virtualHosts."readarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 4be089e..691b4b8 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -13,13 +13,6 @@ in group = "srv"; }; - borgmatic.settings.sqlite_databases = [ - { - name = "sonarr"; - path = "/srv/sonarr/sonarr.db"; - } - ]; - caddy.virtualHosts."sonarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index 76d8acc..be8cb7a 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -23,13 +23,6 @@ in }; }; - borgmatic.settings.sqlite_databases = [ - { - name = "vaultwarden"; - path = "/srv/vaultwarden/db.sqlite3"; - } - ]; - caddy.virtualHosts."vaultwarden.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { From afa8f669c9fc9e02d9245ab880ef7de4daa77ffc Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Sun, 1 Mar 2026 13:40:40 +1100 Subject: [PATCH 098/126] fix(prowlarr): data dir doesn't seem to be supported properly, just use default data dir at /var/lib --- modules/nixos/features/prowlarr.nix | 3 ++- secrets/prowlarr.age | 16 ++++++++-------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 23e090f..a7f409f 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -6,12 +6,13 @@ in services = { prowlarr = { enable = true; - dataDir = "/srv/prowlarr"; settings.server = { inherit port; }; }; + borgmatic.settings.source_directories = [ "/var/lib/prowlarr" ]; + caddy.virtualHosts."prowlarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/secrets/prowlarr.age b/secrets/prowlarr.age index 8883300..08436c5 100644 --- a/secrets/prowlarr.age +++ b/secrets/prowlarr.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 qLT+DQ EgHCxhqEyRGiBNRBw8Cs2NmM4nihbZSEw4C3JJ2muRE -Pqnh8JpDHEvsgkJTwJzrkx/A0oBg2n7TumVCgHOceD8 --> ssh-ed25519 7+xRyQ WLCkfRiBsqZohjc+z4rs4sHFMAtsRvqiocsnUlZkAVg -ebJft8vHhi4rd9T0BOl388SKun+3vF3P6/u7U4vdy5c --> ssh-ed25519 LtK9yQ 8suX3vEyfqVcbNy4ZQxPRvaJg+4TJTR0cSlAgV04rzc -i8cmfhsETd4Y7epbyan5ION7W2g5QazyJA3AcGlXKKI ---- 7jsZ4aF4WyshNUtjP83yf2yHaR1UXfWEdbHhwmfyGhM -&zP 'س],qTx@l}Io.qGT|!= \ No newline at end of file +-> ssh-ed25519 qLT+DQ k6AiMFgWygHRf2yPApcnQYDPaJx/Dp6BTq3+BdyBiyM +64MyfaTpMcAl8o9zkWXCoZQ5uy+7izd30A90LLiALTY +-> ssh-ed25519 7+xRyQ YcPcsux5lCSDbV8hSCvhkI+1qnAmXcpd5FDmT7bMXk0 +bbkjozzt/bL7j7uJTtgkklI/qJ11zYgQsYmZhFwGV+c +-> ssh-ed25519 LtK9yQ Ol8eU/Pyb3gDCsIzE1zT8FNsTCGKZZc5zfX6lW/5+2w +Gj0ssfpyQcy0vfVXgNXxzFzHGpPBOyfkR7UeRYina4A +--- +iLccZwqDkqDg2atoNRSuhEf3v3fyU6oda4vOw+BuKc +&L: 9:"| dm9v1y"vOYnx=4D \ No newline at end of file From 143f1dafacacba93b81240b36d1a427b35860d22 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 21:46:01 +1100 Subject: [PATCH 099/126] feat(send): install --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/send.nix | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 modules/nixos/features/send.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 2795aca..2d34890 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -23,6 +23,7 @@ "radarr" "radicale" "readarr" + "send" "sonarr" "vaultwarden" # keep-sorted end diff --git a/modules/nixos/features/send.nix b/modules/nixos/features/send.nix new file mode 100644 index 0000000..defb025 --- /dev/null +++ b/modules/nixos/features/send.nix @@ -0,0 +1,28 @@ +let + port = 5020; + certloc = "/var/lib/acme/fi33.buzz"; +in +{ + services = { + send = { + enable = true; + inherit port; + baseUrl = "https://send.fi33.buzz"; + environment = { + DEFAULT_EXPIRE_SECONDS = 360; + EXPIRE_TIMES_SECONDS = "360"; + DOWNLOAD_COUNTS = "1"; + MAX_DOWNLOADS = 1; + MAX_EXPIRE_SECONDS = 1024; + MAX_FILE_SIZE = 134217728; + }; + }; + + caddy.virtualHosts."send.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} From 0c8fb875c3216aac68acd25098477ca775df9f5c Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 21:46:11 +1100 Subject: [PATCH 100/126] feat(homepage-dashboard): add send --- modules/nixos/features/homepage-dashboard.nix | 115 ++++++++++-------- 1 file changed, 67 insertions(+), 48 deletions(-) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index abd4624..57c8a5d 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -46,6 +46,17 @@ in listenPort = port; allowedHosts = "homepage-dashboard.fi33.buzz"; services = [ + { + "Public Services" = [ + { + Send = { + description = " Simple, private file sharing"; + icon = "send.svg"; + href = "https://send.fi33.buzz/"; + }; + } + ]; + } { "Media Management" = [ { @@ -146,6 +157,52 @@ in } ]; } + { + "Private Services" = [ + { + "copyparty" = { + "description" = "Cloud file manager"; + "icon" = "sh-copyparty.svg"; + "href" = "https://copyparty.fi33.buzz/"; + }; + } + { + CouchDB = { + description = "Obsidian sync database"; + icon = "couchdb.svg"; + href = "https://couchdb.fi33.buzz/_utils/"; + }; + } + { + ntfy = { + description = "Notification service"; + icon = "ntfy.svg"; + href = "https://ntfy-sh.fi33.buzz/"; + }; + } + { + Radicale = { + description = "CalDAV/CardDAV service"; + icon = "radicale.svg"; + href = "https://radicale.fi33.buzz"; + }; + } + { + Syncthing = { + description = "Decentralised file synchronisation"; + icon = "syncthing.svg"; + href = "https://syncthing.fi33.buzz/"; + }; + } + { + Vaultwarden = { + description = "Password manager"; + icon = "vaultwarden.svg"; + href = "https://vaultwarden.fi33.buzz/"; + }; + } + ]; + } { "Media Streaming" = [ { @@ -223,52 +280,7 @@ in } ]; } - { - Services = [ - { - "copyparty" = { - "description" = "Cloud file manager"; - "icon" = "sh-copyparty.svg"; - "href" = "https://copyparty.fi33.buzz/"; - }; - } - { - CouchDB = { - description = "Obsidian sync database"; - icon = "couchdb.svg"; - href = "https://couchdb.fi33.buzz/_utils/"; - }; - } - { - ntfy = { - description = "Notification service"; - icon = "ntfy.svg"; - href = "https://ntfy-sh.fi33.buzz/"; - }; - } - { - Radicale = { - description = "CalDAV/CardDAV service"; - icon = "radicale.svg"; - href = "https://radicale.fi33.buzz"; - }; - } - { - Syncthing = { - description = "Decentralised file synchronisation"; - icon = "syncthing.svg"; - href = "https://syncthing.fi33.buzz/"; - }; - } - { - Vaultwarden = { - description = "Password manager"; - icon = "vaultwarden.svg"; - href = "https://vaultwarden.fi33.buzz/"; - }; - } - ]; - } + { Utilities = [ { @@ -288,14 +300,21 @@ in headerStyle = "clean"; layout = [ { - "Media Streaming" = { + "Public Services" = { style = "row"; columns = 3; useEqualHeights = true; }; } { - Services = { + "Private Services" = { + style = "row"; + columns = 3; + useEqualHeights = true; + }; + } + { + "Media Streaming" = { style = "row"; columns = 3; useEqualHeights = true; From 7f0f92dcf2525eddc99e55645e125ec491fc2734 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 21:46:11 +1100 Subject: [PATCH 101/126] feat(homepage-dashboard): add send --- modules/nixos/features/homepage-dashboard.nix | 115 ++++++++++-------- 1 file changed, 67 insertions(+), 48 deletions(-) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index abd4624..2ccc718 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -46,6 +46,17 @@ in listenPort = port; allowedHosts = "homepage-dashboard.fi33.buzz"; services = [ + { + "Public Services" = [ + { + Send = { + description = "Simple, private file sharing"; + icon = "send.svg"; + href = "https://send.fi33.buzz/"; + }; + } + ]; + } { "Media Management" = [ { @@ -146,6 +157,52 @@ in } ]; } + { + "Private Services" = [ + { + "copyparty" = { + "description" = "Cloud file manager"; + "icon" = "sh-copyparty.svg"; + "href" = "https://copyparty.fi33.buzz/"; + }; + } + { + CouchDB = { + description = "Obsidian sync database"; + icon = "couchdb.svg"; + href = "https://couchdb.fi33.buzz/_utils/"; + }; + } + { + ntfy = { + description = "Notification service"; + icon = "ntfy.svg"; + href = "https://ntfy-sh.fi33.buzz/"; + }; + } + { + Radicale = { + description = "CalDAV/CardDAV service"; + icon = "radicale.svg"; + href = "https://radicale.fi33.buzz"; + }; + } + { + Syncthing = { + description = "Decentralised file synchronisation"; + icon = "syncthing.svg"; + href = "https://syncthing.fi33.buzz/"; + }; + } + { + Vaultwarden = { + description = "Password manager"; + icon = "vaultwarden.svg"; + href = "https://vaultwarden.fi33.buzz/"; + }; + } + ]; + } { "Media Streaming" = [ { @@ -223,52 +280,7 @@ in } ]; } - { - Services = [ - { - "copyparty" = { - "description" = "Cloud file manager"; - "icon" = "sh-copyparty.svg"; - "href" = "https://copyparty.fi33.buzz/"; - }; - } - { - CouchDB = { - description = "Obsidian sync database"; - icon = "couchdb.svg"; - href = "https://couchdb.fi33.buzz/_utils/"; - }; - } - { - ntfy = { - description = "Notification service"; - icon = "ntfy.svg"; - href = "https://ntfy-sh.fi33.buzz/"; - }; - } - { - Radicale = { - description = "CalDAV/CardDAV service"; - icon = "radicale.svg"; - href = "https://radicale.fi33.buzz"; - }; - } - { - Syncthing = { - description = "Decentralised file synchronisation"; - icon = "syncthing.svg"; - href = "https://syncthing.fi33.buzz/"; - }; - } - { - Vaultwarden = { - description = "Password manager"; - icon = "vaultwarden.svg"; - href = "https://vaultwarden.fi33.buzz/"; - }; - } - ]; - } + { Utilities = [ { @@ -288,14 +300,21 @@ in headerStyle = "clean"; layout = [ { - "Media Streaming" = { + "Public Services" = { style = "row"; columns = 3; useEqualHeights = true; }; } { - Services = { + "Private Services" = { + style = "row"; + columns = 3; + useEqualHeights = true; + }; + } + { + "Media Streaming" = { style = "row"; columns = 3; useEqualHeights = true; From 2551f74ca474eb9247e78e0c0d1e78a9b40f709e Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 22:01:48 +1100 Subject: [PATCH 102/126] feat(cryptpad): install --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/cryptpad.nix | 49 +++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 modules/nixos/features/cryptpad.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 2d34890..a4a7fbf 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -9,6 +9,7 @@ "caddy" "copyparty" "couchdb" + "cryptpad" "homepage-dashboard" "immich" "jellyfin" diff --git a/modules/nixos/features/cryptpad.nix b/modules/nixos/features/cryptpad.nix new file mode 100644 index 0000000..8c031ff --- /dev/null +++ b/modules/nixos/features/cryptpad.nix @@ -0,0 +1,49 @@ +let + httpPort = 5022; + websocketPort = 5024; + certloc = "/var/lib/acme/fi33.buzz"; +in +{ + services = { + cryptpad = { + enable = true; + settings = { + inherit httpPort; + inherit websocketPort; + httpUnsafeOrigin = "https://cryptpad.fi33.buzz"; + httpSafeOrigin = "https://cryptpad-ui.fi33.buzz"; + inactiveTime = 7; + archiveRetentionTime = 7; + accountRetentionTime = 7; + }; + }; + + caddy.virtualHosts."cryptpad.fi33.buzz, cryptpad-ui.fi33.buzz".extraConfig = '' + header Strict-Transport-Security "includeSubDomains; preload" + + handle /cryptpad_websocket* { + reverse_proxy localhost:${toString websocketPort} { + header_up Host {host} + header_up X-Real-IP {remote_host} + } + } + + handle { + reverse_proxy localhost:${toString httpPort} { + header_up Host {host} + header_up X-Real-IP {remote_host} + } + } + + @register { + host cryptpad.fi33.buzz + path /register* + } + respond @register 403 + + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} From 036e7758351638006efa911be62fabcffc94af82 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 22:02:02 +1100 Subject: [PATCH 103/126] feat(homepage-dashboard): add cryptpad --- modules/nixos/features/homepage-dashboard.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 2ccc718..63f9cae 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -48,6 +48,13 @@ in services = [ { "Public Services" = [ + { + CryptPad = { + description = "Collaborative office suite"; + icon = "cryptpad.svg"; + href = "https://cryptpad.fi33.buzz/"; + }; + } { Send = { description = "Simple, private file sharing"; From de21c82acbe2790ee13a4c94c1445658e48f0c6f Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 22:51:46 +1100 Subject: [PATCH 104/126] style(homepage-dashboard): update service taglines by taking inspiration from repository taglines --- modules/nixos/features/homepage-dashboard.nix | 57 +++++++++---------- 1 file changed, 28 insertions(+), 29 deletions(-) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 63f9cae..e7de1ba 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -68,7 +68,7 @@ in "Media Management" = [ { Radarr = { - description = "Movie collection manager"; + description = "Movie organizer/manager"; icon = "radarr.svg"; href = "https://radarr.fi33.buzz/"; widget = { @@ -81,7 +81,7 @@ in } { Sonarr = { - description = "TV show collection manager"; + description = "Smart PVR"; icon = "sonarr.svg"; href = "https://sonarr.fi33.buzz/"; widget = { @@ -94,7 +94,7 @@ in } { Lidarr = { - description = "Music collection manager"; + description = "Like Sonarr but made for music"; icon = "lidarr.svg"; href = "https://lidarr.fi33.buzz/"; widget = { @@ -107,7 +107,7 @@ in } { Readarr = { - description = "Book collection manager"; + description = "Book Manager and Automation"; icon = "readarr.svg"; href = "https://readarr.fi33.buzz/"; widget = { @@ -120,7 +120,7 @@ in } { Bazarr = { - description = "Subtitle downloader and manager"; + description = "Subtitle manager and downloader"; icon = "bazarr.svg"; href = "https://bazarr.fi33.buzz/"; widget = { @@ -132,7 +132,7 @@ in } { Prowlarr = { - description = "Indexer management tool"; + description = "Indexer manager/proxy"; icon = "prowlarr.svg"; href = "https://prowlarr.fi33.buzz/"; widget = { @@ -144,7 +144,7 @@ in } { NZBget = { - description = "Usenet client"; + description = "Usenet Downloader"; icon = "nzbget.svg"; href = "https://nzbget.fi33.buzz/"; widget = { @@ -167,43 +167,43 @@ in { "Private Services" = [ { - "copyparty" = { - "description" = "Cloud file manager"; - "icon" = "sh-copyparty.svg"; - "href" = "https://copyparty.fi33.buzz/"; + copyparty = { + description = "Portable file server"; + icon = "sh-copyparty.svg"; + href = "https://copyparty.fi33.buzz/"; }; } { CouchDB = { - description = "Obsidian sync database"; + description = "Syncing database"; icon = "couchdb.svg"; href = "https://couchdb.fi33.buzz/_utils/"; }; } { ntfy = { - description = "Notification service"; + description = "Send push notifications using PUT/POST"; icon = "ntfy.svg"; href = "https://ntfy-sh.fi33.buzz/"; }; } { Radicale = { - description = "CalDAV/CardDAV service"; + description = "A simple CalDAV (calendar) and CardDAV (contact) server"; icon = "radicale.svg"; href = "https://radicale.fi33.buzz"; }; } { Syncthing = { - description = "Decentralised file synchronisation"; + description = "Open Source Continuous File Synchronization"; icon = "syncthing.svg"; href = "https://syncthing.fi33.buzz/"; }; } { Vaultwarden = { - description = "Password manager"; + description = "Unofficial Bitwarden compatible server"; icon = "vaultwarden.svg"; href = "https://vaultwarden.fi33.buzz/"; }; @@ -214,7 +214,7 @@ in "Media Streaming" = [ { Immich = { - description = "Photo backup"; + description = "Photo and video management solution"; icon = "immich.svg"; href = "https://immich.fi33.buzz/"; widget = { @@ -233,7 +233,7 @@ in } { Jellyfin = { - description = "Media streaming"; + description = "Media System"; icon = "jellyfin.svg"; href = "https://jellyfin.fi33.buzz/"; widget = { @@ -249,20 +249,20 @@ in }; } { - "Kavita" = { - "description" = "Book reader"; - "icon" = "kavita.svg"; - "href" = "https://kavita.fi33.buzz/"; - "widget" = { - "type" = "kavita"; - "url" = "https://kavita.fi33.buzz/"; - "key" = "@kavita-api@"; + Kavita = { + description = "Reading server"; + icon = "kavita.svg"; + href = "https://kavita.fi33.buzz/"; + widget = { + type = "kavita"; + url = "https://kavita.fi33.buzz/"; + key = "@kavita-api@"; }; }; } { Miniflux = { - description = "RSS aggregator"; + description = "Feed reader"; icon = "miniflux.svg"; href = "https://miniflux.fi33.buzz/"; widget = { @@ -274,7 +274,7 @@ in } { Paperless = { - description = "Digital filing cabinet"; + description = "Document management system"; icon = "paperless.svg"; href = "https://paperless.fi33.buzz/"; widget = { @@ -287,7 +287,6 @@ in } ]; } - { Utilities = [ { From d4118655df2c5440db9d5e405f16baf40eda02f2 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 22:56:51 +1100 Subject: [PATCH 105/126] feat(libretranslate): install --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/libretranslate.nix | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 modules/nixos/features/libretranslate.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index a4a7fbf..305b7ba 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -14,6 +14,7 @@ "immich" "jellyfin" "kavita" + "libretranslate" "lidarr" "miniflux" "ntfy-sh" diff --git a/modules/nixos/features/libretranslate.nix b/modules/nixos/features/libretranslate.nix new file mode 100644 index 0000000..5372e1e --- /dev/null +++ b/modules/nixos/features/libretranslate.nix @@ -0,0 +1,20 @@ +let + port = 5023; + certloc = "/var/lib/acme/fi33.buzz"; +in +{ + services = { + libretranslate = { + enable = true; + inherit port; + updateModels = true; + }; + + caddy.virtualHosts."translate.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} From a9ac65f3f7003a6bf113c969e6779f7b42fbb45e Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 22:57:53 +1100 Subject: [PATCH 106/126] feat(homepage-dashboard): add libretranslate --- modules/nixos/features/homepage-dashboard.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index e7de1ba..bacf131 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -55,6 +55,13 @@ in href = "https://cryptpad.fi33.buzz/"; }; } + { + LibreTranslate = { + description = "Machine Translation API"; + icon = "libretranslate.svg"; + href = "https://translate.fi33.buzz/"; + }; + } { Send = { description = "Simple, private file sharing"; From 7a4898b4db59a50736011b56fa54712edf96656b Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 23:21:50 +1100 Subject: [PATCH 107/126] feat(homepage-dashboard): add status monitoring --- modules/nixos/features/homepage-dashboard.nix | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index bacf131..522d254 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -53,6 +53,7 @@ in description = "Collaborative office suite"; icon = "cryptpad.svg"; href = "https://cryptpad.fi33.buzz/"; + siteMonitor = "https://cryptpad.fi33.buzz/"; }; } { @@ -60,6 +61,7 @@ in description = "Machine Translation API"; icon = "libretranslate.svg"; href = "https://translate.fi33.buzz/"; + siteMonitor = "https://translate.fi33.buzz/"; }; } { @@ -67,6 +69,7 @@ in description = "Simple, private file sharing"; icon = "send.svg"; href = "https://send.fi33.buzz/"; + siteMonitor = "https://send.fi33.buzz/"; }; } ]; @@ -78,6 +81,7 @@ in description = "Movie organizer/manager"; icon = "radarr.svg"; href = "https://radarr.fi33.buzz/"; + siteMonitor = "https://radarr.fi33.buzz/"; widget = { type = "radarr"; url = "https://radarr.fi33.buzz/"; @@ -91,6 +95,7 @@ in description = "Smart PVR"; icon = "sonarr.svg"; href = "https://sonarr.fi33.buzz/"; + siteMonitor = "https://sonarr.fi33.buzz/"; widget = { type = "sonarr"; url = "https://sonarr.fi33.buzz/"; @@ -104,6 +109,7 @@ in description = "Like Sonarr but made for music"; icon = "lidarr.svg"; href = "https://lidarr.fi33.buzz/"; + siteMonitor = "https://lidarr.fi33.buzz/"; widget = { type = "lidarr"; url = "https://lidarr.fi33.buzz/"; @@ -117,6 +123,7 @@ in description = "Book Manager and Automation"; icon = "readarr.svg"; href = "https://readarr.fi33.buzz/"; + siteMonitor = "https://readarr.fi33.buzz/"; widget = { type = "readarr"; url = "https://readarr.fi33.buzz/"; @@ -130,6 +137,7 @@ in description = "Subtitle manager and downloader"; icon = "bazarr.svg"; href = "https://bazarr.fi33.buzz/"; + siteMonitor = "https://bazarr.fi33.buzz/"; widget = { type = "bazarr"; url = "https://bazarr.fi33.buzz/"; @@ -142,6 +150,7 @@ in description = "Indexer manager/proxy"; icon = "prowlarr.svg"; href = "https://prowlarr.fi33.buzz/"; + siteMonitor = "https://prowlarr.fi33.buzz/"; widget = { type = "prowlarr"; url = "https://prowlarr.fi33.buzz/"; @@ -154,6 +163,7 @@ in description = "Usenet Downloader"; icon = "nzbget.svg"; href = "https://nzbget.fi33.buzz/"; + siteMonitor = "https://nzbget.fi33.buzz/"; widget = { type = "nzbget"; url = "https://nzbget.fi33.buzz/"; @@ -167,6 +177,7 @@ in description = "BitTorrent client"; icon = "qbittorrent.svg"; href = "https://qbittorrent.fi33.buzz/"; + siteMonitor = "https://qbittorrent.fi33.buzz/"; }; } ]; @@ -178,6 +189,7 @@ in description = "Portable file server"; icon = "sh-copyparty.svg"; href = "https://copyparty.fi33.buzz/"; + siteMonitor = "https://copyparty.fi33.buzz/"; }; } { @@ -185,6 +197,7 @@ in description = "Syncing database"; icon = "couchdb.svg"; href = "https://couchdb.fi33.buzz/_utils/"; + siteMonitor = "https://couchdb.fi33.buzz/_utils/"; }; } { @@ -192,6 +205,7 @@ in description = "Send push notifications using PUT/POST"; icon = "ntfy.svg"; href = "https://ntfy-sh.fi33.buzz/"; + siteMonitor = "https://ntfy-sh.fi33.buzz/"; }; } { @@ -199,6 +213,7 @@ in description = "A simple CalDAV (calendar) and CardDAV (contact) server"; icon = "radicale.svg"; href = "https://radicale.fi33.buzz"; + siteMonitor = "https://radicale.fi33.buzz"; }; } { @@ -206,6 +221,7 @@ in description = "Open Source Continuous File Synchronization"; icon = "syncthing.svg"; href = "https://syncthing.fi33.buzz/"; + siteMonitor = "https://syncthing.fi33.buzz/"; }; } { @@ -213,6 +229,7 @@ in description = "Unofficial Bitwarden compatible server"; icon = "vaultwarden.svg"; href = "https://vaultwarden.fi33.buzz/"; + siteMonitor = "https://vaultwarden.fi33.buzz/"; }; } ]; @@ -224,6 +241,7 @@ in description = "Photo and video management solution"; icon = "immich.svg"; href = "https://immich.fi33.buzz/"; + siteMonitor = "https://immich.fi33.buzz/"; widget = { type = "immich"; fields = [ @@ -243,6 +261,7 @@ in description = "Media System"; icon = "jellyfin.svg"; href = "https://jellyfin.fi33.buzz/"; + siteMonitor = "https://jellyfin.fi33.buzz/"; widget = { type = "jellyfin"; url = "https://jellyfin.fi33.buzz/"; @@ -260,6 +279,7 @@ in description = "Reading server"; icon = "kavita.svg"; href = "https://kavita.fi33.buzz/"; + siteMonitor = "https://kavita.fi33.buzz/"; widget = { type = "kavita"; url = "https://kavita.fi33.buzz/"; @@ -272,6 +292,7 @@ in description = "Feed reader"; icon = "miniflux.svg"; href = "https://miniflux.fi33.buzz/"; + siteMonitor = "https://miniflux.fi33.buzz/"; widget = { type = "miniflux"; url = "https://miniflux.fi33.buzz/"; @@ -284,6 +305,7 @@ in description = "Document management system"; icon = "paperless.svg"; href = "https://paperless.fi33.buzz/"; + siteMonitor = "https://paperless.fi33.buzz/"; widget = { type = "paperlessngx"; url = "https://paperless.fi33.buzz/"; @@ -351,7 +373,6 @@ in quicklaunch.searchDescriptions = true; disableUpdateCheck = true; showStats = true; - statusStyle = "dot"; }; widgets = [ { From c96f08c3f19da1cae4bb69ae1f909d4b5f5ce9f7 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 23:35:01 +1100 Subject: [PATCH 108/126] feat(homepage-dashboard): initially collapse utilities section, and hide app version --- modules/nixos/features/homepage-dashboard.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 522d254..d24f8f3 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -333,6 +333,7 @@ in theme = "dark"; color = "neutral"; headerStyle = "clean"; + hideVersion = true; layout = [ { "Public Services" = { @@ -367,6 +368,7 @@ in style = "row"; columns = 3; useEqualHeights = true; + initiallyCollapsed = true; }; } ]; From 663b39451c262b71bda216ac31e11f711b4ed64d Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Wed, 4 Mar 2026 17:54:55 +1100 Subject: [PATCH 109/126] feat(laptop): update hardware uuids and ssh keys --- hosts/laptop/configuration.nix | 5 ++--- hosts/laptop/hardware-configuration.nix | 8 ++++---- modules/nixos/features/syncthing.nix | 2 +- secrets/secrets.nix | 2 +- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index b81886a..7788ef5 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -27,10 +27,9 @@ # keep-sorted end ]); - boot.initrd.luks.devices."luks-a7726a9d-535f-44bc-9c0e-adc501fad371".device = - "/dev/disk/by-uuid/a7726a9d-535f-44bc-9c0e-adc501fad371"; + boot.initrd.luks.devices."luks-c2f5123c-0be0-4357-b383-b3f422e99a34".device = "/dev/disk/by-uuid/c2f5123c-0be0-4357-b383-b3f422e99a34"; - system.stateVersion = "24.11"; + system.stateVersion = "25.05"; users.users.${userName} = { extraGroups = [ diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index 359872d..9530183 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -14,20 +14,20 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/b772799b-5434-4d5e-b0f9-ab425e36b9a1"; + { device = "/dev/disk/by-uuid/a240787a-6cc8-4c03-8a01-742adf305b1e"; fsType = "ext4"; }; - boot.initrd.luks.devices."luks-de6f14d8-8c7e-4e77-bfe5-264a39ef0bea".device = "/dev/disk/by-uuid/de6f14d8-8c7e-4e77-bfe5-264a39ef0bea"; + boot.initrd.luks.devices."luks-f7d7a54f-d217-4260-8754-3cac7022e7d5".device = "/dev/disk/by-uuid/f7d7a54f-d217-4260-8754-3cac7022e7d5"; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3730-5237"; + { device = "/dev/disk/by-uuid/B3C9-7C0A"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; swapDevices = - [ { device = "/dev/disk/by-uuid/081de704-5e9a-4e6d-ae8d-df492d0f662c"; } + [ { device = "/dev/disk/by-uuid/b07c858a-2bd7-4b9a-aec3-3f9593c461c9"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index d9624c3..adabfa1 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -13,7 +13,7 @@ let } { device = "laptop"; - id = "XDDGWB2-5OFYWSY-7LN652V-3WNQMWV-4WCVHCR-2EXLDW7-FUL2MC4-MMLO4QV"; + id = "CTU345T-27VU5KK-HXLPSMO-H6C47TL-XZG3BVU-AZF7HSX-FCQHAMA-QOA3CAT"; } { device = "phone"; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c5f907c..4eed98d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,7 +1,7 @@ let # keep-sorted start desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHAnTQP77HQ/8nbf1oX7xftfKYtbH6MSh83wic0qdBy"; - laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeu5HwuRayiXIZE35AxX6PmxHxbXZ8NTlTgHrcPwhcQ"; + laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmM4LEjGPJbcUeG5363NpB3XJUyn/4B+eBCFzzuC/Td"; srv = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeV0NxqIGIXXgLYE6ntkHE4PARceZBp1FTI7kKLBbk8"; # keep-sorted end From fe11ecea2a45c6d9906646764d209bf3ac070d5f Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 2 Mar 2026 23:22:07 +1100 Subject: [PATCH 110/126] feat(gatus): install --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/gatus.nix | 47 ++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 modules/nixos/features/gatus.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 305b7ba..c1eeded 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -10,6 +10,7 @@ "copyparty" "couchdb" "cryptpad" + "gatus" "homepage-dashboard" "immich" "jellyfin" diff --git a/modules/nixos/features/gatus.nix b/modules/nixos/features/gatus.nix new file mode 100644 index 0000000..c06fb6e --- /dev/null +++ b/modules/nixos/features/gatus.nix @@ -0,0 +1,47 @@ +let + port = 5025; + certloc = "/var/lib/acme/fi33.buzz"; +in +{ + services = { + gatus = { + enable = true; + settings = { + web = { + inherit port; + }; + endpoints = [ + { + name = "website"; + url = "https://twin.sh/health"; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[BODY].status == UP" + "[RESPONSE_TIME] < 300" + ]; + } + ]; + }; + }; + + # borgmatic.settings = { + # source_directories = [ ]; + # postgresql_databases = [ + # { + # name = "gatus"; + # hostname = "localhost"; + # username = "root"; + # password = "{credential systemd borgmatic-pg}"; + # } + # ]; + # }; + + caddy.virtualHosts."uptime.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} From 48315cfb8e067cf310c75b5270b9a02e1378d11e Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Wed, 4 Mar 2026 21:26:18 +1100 Subject: [PATCH 111/126] feat: add gatus entry for each subdomain --- modules/nixos/features/bazarr.nix | 18 ++- modules/nixos/features/copyparty.nix | 18 ++- modules/nixos/features/couchdb.nix | 20 ++- modules/nixos/features/cryptpad.nix | 22 +++- modules/nixos/features/gatus.nix | 34 +---- modules/nixos/features/homepage-dashboard.nix | 122 +++++++++++------- modules/nixos/features/immich.nix | 18 ++- modules/nixos/features/jellyfin.nix | 18 ++- modules/nixos/features/kavita.nix | 18 ++- modules/nixos/features/libretranslate.nix | 18 ++- modules/nixos/features/lidarr.nix | 18 ++- modules/nixos/features/miniflux.nix | 20 ++- modules/nixos/features/ntfy-sh.nix | 20 ++- modules/nixos/features/nzbget.nix | 18 ++- modules/nixos/features/paperless.nix | 20 ++- modules/nixos/features/prowlarr.nix | 18 ++- modules/nixos/features/qbittorrent.nix | 18 ++- modules/nixos/features/radarr.nix | 18 ++- modules/nixos/features/radicale.nix | 18 ++- modules/nixos/features/readarr.nix | 18 ++- modules/nixos/features/send.nix | 20 ++- modules/nixos/features/sonarr.nix | 18 ++- modules/nixos/features/syncthing.nix | 18 ++- modules/nixos/features/vaultwarden.nix | 20 ++- modules/templates/web-feature.nix | 4 +- 25 files changed, 464 insertions(+), 108 deletions(-) diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix index 541235c..c25b32d 100644 --- a/modules/nixos/features/bazarr.nix +++ b/modules/nixos/features/bazarr.nix @@ -1,6 +1,8 @@ let port = 5017; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "subtitles.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -11,7 +13,21 @@ in listenPort = port; }; - caddy.virtualHosts."bazarr.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Bazarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index ac21d2c..d06aadf 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -8,6 +8,8 @@ let port = 5000; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "files.fi33.buzz"; + url = "https://${hostname}"; in { imports = [ inputs.copyparty.nixosModules.default ]; @@ -35,7 +37,21 @@ in }; }; - caddy.virtualHosts."copyparty.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "copyparty"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix index 0f0d44d..9a53e77 100644 --- a/modules/nixos/features/couchdb.nix +++ b/modules/nixos/features/couchdb.nix @@ -1,6 +1,8 @@ let port = 5984; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "couchdb.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -29,13 +31,27 @@ in cors = { credentials = true; origins = '' - app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz + app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://${hostname},http://${hostname},${url} ''; }; }; }; - caddy.virtualHosts."couchdb.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "CouchDB"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 401" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/cryptpad.nix b/modules/nixos/features/cryptpad.nix index 8c031ff..a74d2ba 100644 --- a/modules/nixos/features/cryptpad.nix +++ b/modules/nixos/features/cryptpad.nix @@ -2,6 +2,8 @@ let httpPort = 5022; websocketPort = 5024; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "cryptpad.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -10,7 +12,7 @@ in settings = { inherit httpPort; inherit websocketPort; - httpUnsafeOrigin = "https://cryptpad.fi33.buzz"; + httpUnsafeOrigin = url; httpSafeOrigin = "https://cryptpad-ui.fi33.buzz"; inactiveTime = 7; archiveRetentionTime = 7; @@ -18,7 +20,21 @@ in }; }; - caddy.virtualHosts."cryptpad.fi33.buzz, cryptpad-ui.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "CryptPad"; + group = "Public Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts."${hostname} cryptpad-ui.fi33.buzz".extraConfig = '' header Strict-Transport-Security "includeSubDomains; preload" handle /cryptpad_websocket* { @@ -36,7 +52,7 @@ in } @register { - host cryptpad.fi33.buzz + host ${hostname} path /register* } respond @register 403 diff --git a/modules/nixos/features/gatus.nix b/modules/nixos/features/gatus.nix index c06fb6e..9de288c 100644 --- a/modules/nixos/features/gatus.nix +++ b/modules/nixos/features/gatus.nix @@ -1,43 +1,17 @@ let port = 5025; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "status.fi33.buzz"; + url = "https://${hostname}"; in { services = { gatus = { enable = true; - settings = { - web = { - inherit port; - }; - endpoints = [ - { - name = "website"; - url = "https://twin.sh/health"; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[BODY].status == UP" - "[RESPONSE_TIME] < 300" - ]; - } - ]; - }; + settings.web.port = port; }; - # borgmatic.settings = { - # source_directories = [ ]; - # postgresql_databases = [ - # { - # name = "gatus"; - # hostname = "localhost"; - # username = "root"; - # password = "{credential systemd borgmatic-pg}"; - # } - # ]; - # }; - - caddy.virtualHosts."uptime.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index d24f8f3..c329bba 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -38,13 +38,15 @@ let # keep-sorted end ]; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "home.fi33.buzz"; + url = "https://${hostname}"; in { services = { homepage-dashboard = { enable = true; listenPort = port; - allowedHosts = "homepage-dashboard.fi33.buzz"; + allowedHosts = hostname; services = [ { "Public Services" = [ @@ -80,11 +82,11 @@ in Radarr = { description = "Movie organizer/manager"; icon = "radarr.svg"; - href = "https://radarr.fi33.buzz/"; - siteMonitor = "https://radarr.fi33.buzz/"; + href = "https://movies.fi33.buzz/"; + siteMonitor = "https://movies.fi33.buzz/"; widget = { type = "radarr"; - url = "https://radarr.fi33.buzz/"; + url = "https://movies.fi33.buzz/"; key = "@radarr@"; enableQueue = true; }; @@ -94,11 +96,11 @@ in Sonarr = { description = "Smart PVR"; icon = "sonarr.svg"; - href = "https://sonarr.fi33.buzz/"; - siteMonitor = "https://sonarr.fi33.buzz/"; + href = "https://shows.fi33.buzz/"; + siteMonitor = "https://shows.fi33.buzz/"; widget = { type = "sonarr"; - url = "https://sonarr.fi33.buzz/"; + url = "https://shows.fi33.buzz/"; key = "@sonarr@"; enableQueue = true; }; @@ -108,11 +110,11 @@ in Lidarr = { description = "Like Sonarr but made for music"; icon = "lidarr.svg"; - href = "https://lidarr.fi33.buzz/"; - siteMonitor = "https://lidarr.fi33.buzz/"; + href = "https://music.fi33.buzz/"; + siteMonitor = "https://music.fi33.buzz/"; widget = { type = "lidarr"; - url = "https://lidarr.fi33.buzz/"; + url = "https://music.fi33.buzz/"; key = "@lidarr@"; enableQueue = true; }; @@ -122,11 +124,11 @@ in Readarr = { description = "Book Manager and Automation"; icon = "readarr.svg"; - href = "https://readarr.fi33.buzz/"; - siteMonitor = "https://readarr.fi33.buzz/"; + href = "https://books.fi33.buzz/"; + siteMonitor = "https://books.fi33.buzz/"; widget = { type = "readarr"; - url = "https://readarr.fi33.buzz/"; + url = "https://books.fi33.buzz/"; key = "@readarr@"; enableQueue = true; }; @@ -136,11 +138,11 @@ in Bazarr = { description = "Subtitle manager and downloader"; icon = "bazarr.svg"; - href = "https://bazarr.fi33.buzz/"; - siteMonitor = "https://bazarr.fi33.buzz/"; + href = "https://subtitles.fi33.buzz/"; + siteMonitor = "https://subtitles.fi33.buzz/"; widget = { type = "bazarr"; - url = "https://bazarr.fi33.buzz/"; + url = "https://subtitles.fi33.buzz/"; key = "@subtitles@"; }; }; @@ -162,11 +164,11 @@ in NZBget = { description = "Usenet Downloader"; icon = "nzbget.svg"; - href = "https://nzbget.fi33.buzz/"; - siteMonitor = "https://nzbget.fi33.buzz/"; + href = "https://usenet.fi33.buzz/"; + siteMonitor = "https://usenet.fi33.buzz/"; widget = { type = "nzbget"; - url = "https://nzbget.fi33.buzz/"; + url = "https://usenet.fi33.buzz/"; username = "nzbget"; password = "@nzbget@"; }; @@ -176,8 +178,8 @@ in qBittorrent = { description = "BitTorrent client"; icon = "qbittorrent.svg"; - href = "https://qbittorrent.fi33.buzz/"; - siteMonitor = "https://qbittorrent.fi33.buzz/"; + href = "https://bittorrent.fi33.buzz/"; + siteMonitor = "https://bittorrent.fi33.buzz/"; }; } ]; @@ -188,8 +190,8 @@ in copyparty = { description = "Portable file server"; icon = "sh-copyparty.svg"; - href = "https://copyparty.fi33.buzz/"; - siteMonitor = "https://copyparty.fi33.buzz/"; + href = "https://files.fi33.buzz/"; + siteMonitor = "https://files.fi33.buzz/"; }; } { @@ -204,32 +206,32 @@ in ntfy = { description = "Send push notifications using PUT/POST"; icon = "ntfy.svg"; - href = "https://ntfy-sh.fi33.buzz/"; - siteMonitor = "https://ntfy-sh.fi33.buzz/"; + href = "https://notify.fi33.buzz/"; + siteMonitor = "https://notify.fi33.buzz/"; }; } { Radicale = { description = "A simple CalDAV (calendar) and CardDAV (contact) server"; icon = "radicale.svg"; - href = "https://radicale.fi33.buzz"; - siteMonitor = "https://radicale.fi33.buzz"; + href = "https://caldav.fi33.buzz"; + siteMonitor = "https://caldav.fi33.buzz"; }; } { Syncthing = { description = "Open Source Continuous File Synchronization"; icon = "syncthing.svg"; - href = "https://syncthing.fi33.buzz/"; - siteMonitor = "https://syncthing.fi33.buzz/"; + href = "https://sync.fi33.buzz/"; + siteMonitor = "https://sync.fi33.buzz/"; }; } { Vaultwarden = { description = "Unofficial Bitwarden compatible server"; icon = "vaultwarden.svg"; - href = "https://vaultwarden.fi33.buzz/"; - siteMonitor = "https://vaultwarden.fi33.buzz/"; + href = "https://vault.fi33.buzz/"; + siteMonitor = "https://vault.fi33.buzz/"; }; } ]; @@ -240,8 +242,8 @@ in Immich = { description = "Photo and video management solution"; icon = "immich.svg"; - href = "https://immich.fi33.buzz/"; - siteMonitor = "https://immich.fi33.buzz/"; + href = "https://photos.fi33.buzz/"; + siteMonitor = "https://photos.fi33.buzz/"; widget = { type = "immich"; fields = [ @@ -250,7 +252,7 @@ in "videos" "storage" ]; - url = "https://immich.fi33.buzz/"; + url = "https://photos.fi33.buzz/"; version = 2; key = "@immich@"; }; @@ -260,11 +262,11 @@ in Jellyfin = { description = "Media System"; icon = "jellyfin.svg"; - href = "https://jellyfin.fi33.buzz/"; - siteMonitor = "https://jellyfin.fi33.buzz/"; + href = "https://media.fi33.buzz/"; + siteMonitor = "https://media.fi33.buzz/"; widget = { type = "jellyfin"; - url = "https://jellyfin.fi33.buzz/"; + url = "https://media.fi33.buzz/"; key = "@jellyfin@"; enableBlocks = true; enableNowPlaying = true; @@ -278,11 +280,11 @@ in Kavita = { description = "Reading server"; icon = "kavita.svg"; - href = "https://kavita.fi33.buzz/"; - siteMonitor = "https://kavita.fi33.buzz/"; + href = "https://library.fi33.buzz/"; + siteMonitor = "https://library.fi33.buzz/"; widget = { type = "kavita"; - url = "https://kavita.fi33.buzz/"; + url = "https://library.fi33.buzz/"; key = "@kavita-api@"; }; }; @@ -291,11 +293,11 @@ in Miniflux = { description = "Feed reader"; icon = "miniflux.svg"; - href = "https://miniflux.fi33.buzz/"; - siteMonitor = "https://miniflux.fi33.buzz/"; + href = "https://feeds.fi33.buzz/"; + siteMonitor = "https://feeds.fi33.buzz/"; widget = { type = "miniflux"; - url = "https://miniflux.fi33.buzz/"; + url = "https://feeds.fi33.buzz/"; key = "@miniflux@"; }; }; @@ -304,11 +306,11 @@ in Paperless = { description = "Document management system"; icon = "paperless.svg"; - href = "https://paperless.fi33.buzz/"; - siteMonitor = "https://paperless.fi33.buzz/"; + href = "https://documents.fi33.buzz/"; + siteMonitor = "https://documents.fi33.buzz/"; widget = { type = "paperlessngx"; - url = "https://paperless.fi33.buzz/"; + url = "https://documents.fi33.buzz/"; username = "admin"; password = "@paperless@"; }; @@ -318,6 +320,18 @@ in } { Utilities = [ + { + Gatus = { + description = "Status page"; + icon = "gatus.svg"; + href = "https://status.fi33.buzz/"; + siteMonitor = "https://status.fi33.buzz/"; + widget = { + type = "gatus"; + url = "https://status.fi33.buzz/"; + }; + }; + } { NanoKVM = { description = "Remote KVM switch"; @@ -407,7 +421,21 @@ in ]; }; - caddy.virtualHosts."homepage-dashboard.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Homepage Dashboard"; + group = "Utilities"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index de5443f..f06222d 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -1,6 +1,8 @@ let port = 2283; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "photos.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -10,6 +12,20 @@ in mediaLocation = "/srv/immich"; }; + gatus.settings.endpoints = [ + { + name = "Immich"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings.postgresql_databases = [ { name = "immich"; @@ -19,7 +35,7 @@ in } ]; - caddy.virtualHosts."immich.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index 9fab896..c2c9df3 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -1,6 +1,8 @@ let port = 8096; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "media.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -10,7 +12,21 @@ in group = "srv"; }; - caddy.virtualHosts."jellyfin.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Jellyfin"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/kavita.nix b/modules/nixos/features/kavita.nix index bbb2322..769a1da 100644 --- a/modules/nixos/features/kavita.nix +++ b/modules/nixos/features/kavita.nix @@ -5,6 +5,8 @@ let port = 5015; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "library.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -15,7 +17,21 @@ in tokenKeyFile = config.age.secrets.kavita.path; }; - caddy.virtualHosts."kavita.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Kavita"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/libretranslate.nix b/modules/nixos/features/libretranslate.nix index 5372e1e..8cda40a 100644 --- a/modules/nixos/features/libretranslate.nix +++ b/modules/nixos/features/libretranslate.nix @@ -1,6 +1,8 @@ let port = 5023; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "translate.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -10,7 +12,21 @@ in updateModels = true; }; - caddy.virtualHosts."translate.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "LibreTranslate"; + group = "Public Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 78aa609..2945dda 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -1,6 +1,8 @@ let port = 5012; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "music.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,7 +15,21 @@ in group = "srv"; }; - caddy.virtualHosts."lidarr.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Lidarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index 82aeeb5..e58fad1 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -5,6 +5,8 @@ let port = 5010; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "feeds.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -12,11 +14,25 @@ in enable = true; adminCredentialsFile = config.age.secrets.miniflux-creds.path; config = { - BASE_URL = "https://miniflux.fi33.buzz"; + BASE_URL = url; LISTEN_ADDR = "localhost:${toString port}"; }; }; + gatus.settings.endpoints = [ + { + name = "Miniflux"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings.postgresql_databases = [ { name = "miniflux"; @@ -26,7 +42,7 @@ in } ]; - caddy.virtualHosts."miniflux.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index b82a4f0..4ee0a1b 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -1,13 +1,15 @@ let port = 5002; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "notify.fi33.buzz"; + url = "https://${hostname}"; in { services = { ntfy-sh = { enable = true; settings = { - base-url = "https://ntfy-sh.fi33.buzz"; + base-url = url; listen-http = ":${toString port}"; behind-proxy = true; auth-default-access = "deny-all"; @@ -19,13 +21,27 @@ in }; }; + gatus.settings.endpoints = [ + { + name = "ntfy"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings = { source_directories = [ "/var/lib/ntfy-sh/user.db" ]; }; - caddy.virtualHosts."ntfy-sh.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/nzbget.nix b/modules/nixos/features/nzbget.nix index ba469f2..fd0b01f 100644 --- a/modules/nixos/features/nzbget.nix +++ b/modules/nixos/features/nzbget.nix @@ -5,6 +5,8 @@ let port = 5018; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "usenet.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -17,7 +19,21 @@ in group = "srv"; }; - caddy.virtualHosts."nzbget.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "NZBget"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 401" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 174eb40..0bf057c 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -5,6 +5,8 @@ let port = 5013; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "documents.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -15,10 +17,24 @@ in passwordFile = config.age.secrets.paperless.path; inherit port; settings = { - PAPERLESS_URL = "https://paperless.fi33.buzz"; + PAPERLESS_URL = url; }; }; + gatus.settings.endpoints = [ + { + name = "Paperless"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings = { postgresql_databases = [ { @@ -30,7 +46,7 @@ in ]; }; - caddy.virtualHosts."paperless.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index a7f409f..5dcc180 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -1,6 +1,8 @@ let port = 5009; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "prowlarr.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -11,9 +13,23 @@ in }; }; + gatus.settings.endpoints = [ + { + name = "Prowlarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings.source_directories = [ "/var/lib/prowlarr" ]; - caddy.virtualHosts."prowlarr.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/qbittorrent.nix b/modules/nixos/features/qbittorrent.nix index 577f0c9..bee470a 100644 --- a/modules/nixos/features/qbittorrent.nix +++ b/modules/nixos/features/qbittorrent.nix @@ -1,6 +1,8 @@ let port = 5005; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "bittorrent.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -14,7 +16,21 @@ in ]; }; - caddy.virtualHosts."qbittorrent.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "qBittorrent"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index 30063eb..1d7301a 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -1,6 +1,8 @@ let port = 5007; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "movies.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,7 +15,21 @@ in group = "srv"; }; - caddy.virtualHosts."radarr.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Radarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix index 73155e6..787c809 100644 --- a/modules/nixos/features/radicale.nix +++ b/modules/nixos/features/radicale.nix @@ -5,6 +5,8 @@ let port = 5003; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "caldav.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -28,7 +30,21 @@ in }; }; - caddy.virtualHosts."radicale.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Radicale"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix index 42a884b..1ec6fa2 100644 --- a/modules/nixos/features/readarr.nix +++ b/modules/nixos/features/readarr.nix @@ -1,6 +1,8 @@ let port = 5016; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "books.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,7 +15,21 @@ in group = "srv"; }; - caddy.virtualHosts."readarr.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Readarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/send.nix b/modules/nixos/features/send.nix index defb025..f7b3d50 100644 --- a/modules/nixos/features/send.nix +++ b/modules/nixos/features/send.nix @@ -1,13 +1,15 @@ let port = 5020; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "send.fi33.buzz"; + url = "https://${hostname}"; in { services = { send = { enable = true; inherit port; - baseUrl = "https://send.fi33.buzz"; + baseUrl = url; environment = { DEFAULT_EXPIRE_SECONDS = 360; EXPIRE_TIMES_SECONDS = "360"; @@ -18,7 +20,21 @@ in }; }; - caddy.virtualHosts."send.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Send"; + group = "Public Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 691b4b8..8c2b746 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -1,6 +1,8 @@ let port = 5006; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "shows.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,7 +15,21 @@ in group = "srv"; }; - caddy.virtualHosts."sonarr.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Sonarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index adabfa1..af882c0 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -41,6 +41,8 @@ let ) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList) ); certloc = "/var/lib/acme/fi33.buzz"; + hostname = "sync.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -56,6 +58,20 @@ in }; }; + gatus.settings.endpoints = [ + { + name = "Syncthing"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings = if userName == "srv" then { @@ -67,7 +83,7 @@ in else null; - caddy.virtualHosts."syncthing.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy http://localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index be8cb7a..d080ada 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -5,6 +5,8 @@ let port = 5001; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "vault.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,7 +15,7 @@ in backupDir = "/srv/vaultwarden"; config = { rocketPort = toString port; - domain = "https://vaultwarden.fi33.buzz"; + domain = url; signupsAllowed = false; invitationsAllowed = false; showPasswordHint = false; @@ -23,7 +25,21 @@ in }; }; - caddy.virtualHosts."vaultwarden.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Vaultwarden"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 8fa5ed6..5a2ddbf 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -1,6 +1,8 @@ let port = 0000; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "feature.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -20,7 +22,7 @@ in # ]; # }; - caddy.virtualHosts."feature.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 From a7b5995e01f971e0ec19dd1fd6b0477378ec7972 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Sat, 7 Mar 2026 13:35:14 +1100 Subject: [PATCH 112/126] feat(gatus): add custom appearance --- modules/nixos/features/gatus.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/nixos/features/gatus.nix b/modules/nixos/features/gatus.nix index 9de288c..cfd2629 100644 --- a/modules/nixos/features/gatus.nix +++ b/modules/nixos/features/gatus.nix @@ -8,7 +8,18 @@ in services = { gatus = { enable = true; - settings.web.port = port; + settings = { + ui = { + title = "Health Dashboard | Fi33Buzz"; + description = "Fi33Buzz health dashboard"; + dashboard-heading = ""; + dashboard-subheading = ""; + header = "Fi33Buzz Status"; + link = "https://home.fi33.buzz/"; + default-sort-by = "group"; + }; + web.port = port; + }; }; caddy.virtualHosts.${hostname}.extraConfig = '' From 9a7169c1cb0680ecca6fbe19d566eb1e58225ca5 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Sat, 7 Mar 2026 13:38:39 +1100 Subject: [PATCH 113/126] feat(ntfy): add user for gatus with token --- modules/nixos/features/ntfy-sh.nix | 13 ++++++++++++- secrets/ntfy.age | 9 +++++++++ secrets/secrets.nix | 2 ++ 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 secrets/ntfy.age diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index 4ee0a1b..de396ff 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -1,3 +1,7 @@ +{ + config, + ... +}: let port = 5002; certloc = "/var/lib/acme/fi33.buzz"; @@ -8,6 +12,7 @@ in services = { ntfy-sh = { enable = true; + environmentFile = config.age.secrets.ntfy.path; settings = { base-url = url; listen-http = ":${toString port}"; @@ -16,8 +21,12 @@ in auth-users = [ "Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin" "borgmatic:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:user" + "gatus:$2a$12$OswG3sB8oDaB.KpawKM3P.78dID.Tj/0y5qeVD5BE6EH5bpGKe.na:user" + ]; + auth-access = [ + "borgmatic:backups:wo" + "gatus:services:wo" ]; - auth-access = [ "borgmatic:backups:wo" ]; }; }; @@ -48,4 +57,6 @@ in } ''; }; + + age.secrets.ntfy.file = ../../../secrets/ntfy.age; } diff --git a/secrets/ntfy.age b/secrets/ntfy.age new file mode 100644 index 0000000..c173ff0 --- /dev/null +++ b/secrets/ntfy.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ jySlchGAPxdkjpZzg+5BLH7O5yM+O5a9CleBVMqbck8 +I5OEMjXJNrNKIBumXmiAMXRa1AZx0cKQ0BfM7HYCcRc +-> ssh-ed25519 NanIwQ 29upo2jTQF8Vz91yWmYCXnQW4LgYcvt1TcF/HLA5klA +eQla3EMQnRPzhd5MyDL3byPhIiio0rFFM+yesPLEtv8 +-> ssh-ed25519 LtK9yQ Vx/lQ6M/wYa9483YpuCwwobNuIZjv/Sy9vl695H05BQ +qqUWRnrMYfflhcznrF2QKfODDa7vmz6Uy7fk1zSpbEE +--- xunznREPjjEVRWAmqI/4xKp/NrNk6C3B1Z+3Vjf2TL4 +m{z\,TSS7Tk)hVX0mN?=ӟx TdY0[)ۓSZ:>FU֙~ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 4eed98d..8909f33 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -19,6 +19,7 @@ in "borgmatic-pg.age".publicKeys = users; "borgmatic.age".publicKeys = users; "copyparty.age".publicKeys = users; + "gatus.age".publicKeys = users; "git_signing_key.age".publicKeys = users; "git_signing_key.pub.age".publicKeys = users; "immich.age".publicKeys = users; @@ -27,6 +28,7 @@ in "kavita.age".publicKeys = users; "lidarr.age".publicKeys = users; "miniflux-creds.age".publicKeys = users; + "ntfy.age".publicKeys = users; "nzbget.age".publicKeys = users; "paperless.age".publicKeys = users; "porkbun-api.age".publicKeys = users; From c41995561a2b9d9a3646cd3ff21a9c43d687fa10 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Sat, 7 Mar 2026 13:39:05 +1100 Subject: [PATCH 114/126] feat(gatus): add ntfy alerting for all services --- modules/nixos/features/bazarr.nix | 1 + modules/nixos/features/copyparty.nix | 1 + modules/nixos/features/couchdb.nix | 1 + modules/nixos/features/cryptpad.nix | 1 + modules/nixos/features/gatus.nix | 23 +++++++++++++++++++ modules/nixos/features/homepage-dashboard.nix | 1 + modules/nixos/features/immich.nix | 1 + modules/nixos/features/jellyfin.nix | 1 + modules/nixos/features/kavita.nix | 1 + modules/nixos/features/libretranslate.nix | 1 + modules/nixos/features/lidarr.nix | 1 + modules/nixos/features/miniflux.nix | 1 + modules/nixos/features/nzbget.nix | 1 + modules/nixos/features/paperless.nix | 1 + modules/nixos/features/prowlarr.nix | 1 + modules/nixos/features/qbittorrent.nix | 1 + modules/nixos/features/radarr.nix | 1 + modules/nixos/features/radicale.nix | 1 + modules/nixos/features/readarr.nix | 1 + modules/nixos/features/send.nix | 1 + modules/nixos/features/sonarr.nix | 1 + modules/nixos/features/syncthing.nix | 1 + modules/nixos/features/vaultwarden.nix | 1 + secrets/gatus.age | 10 ++++++++ 24 files changed, 55 insertions(+) create mode 100644 secrets/gatus.age diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix index c25b32d..a121fa5 100644 --- a/modules/nixos/features/bazarr.nix +++ b/modules/nixos/features/bazarr.nix @@ -24,6 +24,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index d06aadf..1eff57b 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -48,6 +48,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix index 9a53e77..a5edbb0 100644 --- a/modules/nixos/features/couchdb.nix +++ b/modules/nixos/features/couchdb.nix @@ -48,6 +48,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/cryptpad.nix b/modules/nixos/features/cryptpad.nix index a74d2ba..be8c7ad 100644 --- a/modules/nixos/features/cryptpad.nix +++ b/modules/nixos/features/cryptpad.nix @@ -31,6 +31,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/gatus.nix b/modules/nixos/features/gatus.nix index cfd2629..2fe39ce 100644 --- a/modules/nixos/features/gatus.nix +++ b/modules/nixos/features/gatus.nix @@ -1,3 +1,7 @@ +{ + config, + ... +}: let port = 5025; certloc = "/var/lib/acme/fi33.buzz"; @@ -8,7 +12,24 @@ in services = { gatus = { enable = true; + environmentFile = config.age.secrets.gatus.path; settings = { + alerting = { + ntfy = { + topic = "services"; + url = config.services.ntfy-sh.settings.base-url; + token = "$NTFY_TOKEN"; + click = url; + default-alert = { + description = "Health Check Failed"; + send-on-resolved = true; + }; + }; + }; + connectivity.checker = { + target = "1.1.1.1:53"; + interval = "60s"; + }; ui = { title = "Health Dashboard | Fi33Buzz"; description = "Fi33Buzz health dashboard"; @@ -29,4 +50,6 @@ in } ''; }; + + age.secrets.gatus.file = ../../../secrets/gatus.age; } diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index c329bba..694ad77 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -432,6 +432,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index f06222d..0908fd1 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -23,6 +23,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index c2c9df3..6e1f7b8 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -23,6 +23,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/kavita.nix b/modules/nixos/features/kavita.nix index 769a1da..814cd91 100644 --- a/modules/nixos/features/kavita.nix +++ b/modules/nixos/features/kavita.nix @@ -28,6 +28,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/libretranslate.nix b/modules/nixos/features/libretranslate.nix index 8cda40a..ed20161 100644 --- a/modules/nixos/features/libretranslate.nix +++ b/modules/nixos/features/libretranslate.nix @@ -23,6 +23,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 2945dda..620f684 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -26,6 +26,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index e58fad1..fcd6526 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -30,6 +30,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/nzbget.nix b/modules/nixos/features/nzbget.nix index fd0b01f..18fc272 100644 --- a/modules/nixos/features/nzbget.nix +++ b/modules/nixos/features/nzbget.nix @@ -30,6 +30,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 0bf057c..13cdd59 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -32,6 +32,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 5dcc180..a6126c9 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -24,6 +24,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/qbittorrent.nix b/modules/nixos/features/qbittorrent.nix index bee470a..c44683a 100644 --- a/modules/nixos/features/qbittorrent.nix +++ b/modules/nixos/features/qbittorrent.nix @@ -27,6 +27,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index 1d7301a..cdbfe0d 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -26,6 +26,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix index 787c809..1cbaf04 100644 --- a/modules/nixos/features/radicale.nix +++ b/modules/nixos/features/radicale.nix @@ -41,6 +41,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix index 1ec6fa2..d78a322 100644 --- a/modules/nixos/features/readarr.nix +++ b/modules/nixos/features/readarr.nix @@ -26,6 +26,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/send.nix b/modules/nixos/features/send.nix index f7b3d50..cdb6620 100644 --- a/modules/nixos/features/send.nix +++ b/modules/nixos/features/send.nix @@ -31,6 +31,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 8c2b746..696872d 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -26,6 +26,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index af882c0..07976f2 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -69,6 +69,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index d080ada..5833a18 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -36,6 +36,7 @@ in "[CONNECTED] == true" "[RESPONSE_TIME] < 500" ]; + alerts = [ { type = "ntfy"; } ]; } ]; diff --git a/secrets/gatus.age b/secrets/gatus.age new file mode 100644 index 0000000..13d455e --- /dev/null +++ b/secrets/gatus.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ 3vJV+PZ1IvwiFPplPEwXkaZK4y0QLxkvi/stzAV+HWg +3htQOBS3ph9+OXG2ZYtMyzErGtYRP1vzycua+vhPX+4 +-> ssh-ed25519 NanIwQ 748IDG9uT6jMj0CSU3EeBqRd7lZ7NTJoUldo4FUfkFI +bYaXhcXjYgKqEaUeRZQhx9neK1pDVN3QbhblLOcGUg0 +-> ssh-ed25519 LtK9yQ au/UGPL91M0sUzMeOKPOkltXWDPoWeCrUWrD2OIsJA0 +thILTQH9hrcBYBbRSZaHMODAhCKWsqomDuEK4hcKAqM +--- UpA2kIfSBwfgMxjt2x61KFAiUaV3sHQ6Gp2R87cvnwo +*D27p梔 pQ +Fufpڰ4Q5ѨeӪ ވ;ꖓz8i{@Ǘ \ No newline at end of file From 3ac81e38e8575c30b2c4d389a6b04f5b69337cdd Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Sat, 7 Mar 2026 13:39:16 +1100 Subject: [PATCH 115/126] feat: add gatus config to web-feature template --- modules/templates/web-feature.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 5a2ddbf..8e8978c 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -10,6 +10,21 @@ in enable = true; }; + gatus.settings.endpoints = [ + { + name = "feature"; + group = ""; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + # borgmatic.settings = { # source_directories = [ ]; # postgresql_databases = [ From 5a6da0744bdd6c8adaf1afacbd6a8c8f010597fd Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Sat, 7 Mar 2026 14:34:23 +1100 Subject: [PATCH 116/126] feat(fi33.buzz): host personal website --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/fi33.buzz.nix | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 modules/nixos/features/fi33.buzz.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index c1eeded..0cbc9e9 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -10,6 +10,7 @@ "copyparty" "couchdb" "cryptpad" + "fi33.buzz" "gatus" "homepage-dashboard" "immich" diff --git a/modules/nixos/features/fi33.buzz.nix b/modules/nixos/features/fi33.buzz.nix new file mode 100644 index 0000000..947026e --- /dev/null +++ b/modules/nixos/features/fi33.buzz.nix @@ -0,0 +1,19 @@ +let + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "www.fi33.buzz"; +in +{ + # TODO why can't I serve content on fi33.buzz? dns propagation issue? + services.caddy.virtualHosts = { + "fi33.buzz".extraConfig = '' + redir https://www.fi33.buzz{uri} permanent + ''; + ${hostname}.extraConfig = '' + root * /srv/fi33.buzz/public + file_server + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} From 254804698513c586519014c18d30fdde81b9b933 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Sat, 7 Mar 2026 16:42:57 +1100 Subject: [PATCH 117/126] feat(mealie): install --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/mealie.nix | 56 +++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 modules/nixos/features/mealie.nix diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 0cbc9e9..1aa12e4 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -18,6 +18,7 @@ "kavita" "libretranslate" "lidarr" + "mealie" "miniflux" "ntfy-sh" "nzbget" diff --git a/modules/nixos/features/mealie.nix b/modules/nixos/features/mealie.nix new file mode 100644 index 0000000..368ee09 --- /dev/null +++ b/modules/nixos/features/mealie.nix @@ -0,0 +1,56 @@ +{ + config, + ... +}: +let + port = 5026; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "mealie.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + mealie = { + enable = true; + inherit port; + settings = { + TZ = "Australia/Melbourne"; + ALLOW_SIGNUP = "false"; + }; + }; + + gatus.settings.endpoints = [ + { + name = "Mealie"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + # borgmatic.settings = { + # source_directories = [ ]; + # postgresql_databases = [ + # { + # name = "mealie"; + # hostname = "localhost"; + # username = "root"; + # password = "{credential systemd borgmatic-pg}"; + # } + # ]; + # }; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} From 1b86bc33db643908e8ea658d16796afb13b77ff7 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Sat, 7 Mar 2026 16:43:12 +1100 Subject: [PATCH 118/126] feat(homepage-dashboard): add mealie --- modules/nixos/features/homepage-dashboard.nix | 15 +++++++++++++++ secrets/mealie.age | Bin 0 -> 681 bytes secrets/secrets.nix | 1 + 3 files changed, 16 insertions(+) create mode 100644 secrets/mealie.age diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 694ad77..3516600 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -27,6 +27,7 @@ let "jellyfin" "kavita-api" "lidarr" + "mealie" "miniflux" "nzbget" "paperless" @@ -202,6 +203,20 @@ in siteMonitor = "https://couchdb.fi33.buzz/_utils/"; }; } + { + Mealie = { + description = "Recipe manager and meal planner"; + icon = "mealie.svg"; + href = "https://mealie.fi33.buzz/"; + siteMonitor = "https://mealie.fi33.buzz/"; + widget = { + type = "mealie"; + url = "https://mealie.fi33.buzz/"; + version = 2; + key = "@mealie@"; + }; + }; + } { ntfy = { description = "Send push notifications using PUT/POST"; diff --git a/secrets/mealie.age b/secrets/mealie.age new file mode 100644 index 0000000000000000000000000000000000000000..e15d8914dfafbca8a0cacf30ed3bc2aa2bd22ce6 GIT binary patch literal 681 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^a;^+2~==&G_eeF z)3z*6^0D+V3($87FL5i$jw&`W^G%jgPYS3kP0u$e2`KQ+3p6SZs7g0;GeNh_FEP)vJWwGb!q7Cb*x$l9%G@wd zJ3`;jvLY-rvLMXU(A_7wusq1e!ad4Auh7@Pqns;)i}*8CD_>` z*VWU_!`<1SB+sqP!yw$Nq9QS?G!or5pAv7&%0LC9(t@&57ZWdwAP?8f%19RrV`Bra zz#Pw{K*RD}3m<>?&@AsHZ9{E$4^J+$N~1g{V-x?vsPw2*=d98o?{aNNuhO94vZTPE z0!ND?PuEhna`#Y69}6yBU0sE$@bYrUL-Oa#p^xyn_V~|7qXF6r*+Ob`!i*hyn^f|PJOS!(?Xl)`YKCYf6RW#pD+Ag zu=h^S*w{r|Ere2!rG+=8w;E2@x3EZN{LR#-F5H#%IpoE+eFdwkzs|F@HkkHq&oi54%gSXkf Date: Sun, 8 Mar 2026 16:07:14 +0000 Subject: [PATCH 119/126] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'copyparty': 'github:9001/copyparty/ab8bd01' (2026-02-23) → 'github:9001/copyparty/981a7cd' (2026-03-08) • Updated input 'home-manager': 'github:nix-community/home-manager/9a4b494' (2026-02-23) → 'github:nix-community/home-manager/5be5d82' (2026-03-08) • Updated input 'nix-citizen': 'github:LovingMelody/nix-citizen/bebdc04' (2026-02-20) → 'github:LovingMelody/nix-citizen/73c8d04' (2026-03-06) • Updated input 'nix-citizen/flake-parts': 'github:hercules-ci/flake-parts/5792860' (2026-02-02) → 'github:hercules-ci/flake-parts/f20dc5d' (2026-03-01) • Updated input 'nix-citizen/nixpkgs': 'github:NixOS/nixpkgs/0182a36' (2026-02-17) → 'github:NixOS/nixpkgs/80bdc1e' (2026-03-04) • Updated input 'nix-citizen/treefmt-nix': 'github:numtide/treefmt-nix/337a4fe' (2026-02-04) → 'github:numtide/treefmt-nix/3710e0e' (2026-03-04) • Updated input 'nix-gaming': 'github:fufexan/nix-gaming/e70ef85' (2026-02-23) → 'github:fufexan/nix-gaming/d2b0b28' (2026-03-08) • Updated input 'nix-gaming/flake-parts': 'github:hercules-ci/flake-parts/5792860' (2026-02-02) → 'github:hercules-ci/flake-parts/f20dc5d' (2026-03-01) • Updated input 'nix-gaming/flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/7271616' (2026-02-01) → 'github:nix-community/nixpkgs.lib/c185c7a' (2026-03-01) • Added input 'nix-gaming/git-hooks': 'github:cachix/git-hooks.nix/8baab58' (2026-03-07) • Added input 'nix-gaming/git-hooks/flake-compat': 'github:NixOS/flake-compat/5edf11c' (2025-12-29) • Added input 'nix-gaming/git-hooks/gitignore': 'github:hercules-ci/gitignore.nix/637db32' (2024-02-28) • Added input 'nix-gaming/git-hooks/gitignore/nixpkgs': follows 'nix-gaming/git-hooks/nixpkgs' • Added input 'nix-gaming/git-hooks/nixpkgs': follows 'nix-gaming/nixpkgs' • Updated input 'nix-gaming/nixpkgs': 'github:NixOS/nixpkgs/d1c15b7' (2026-02-16) → 'github:NixOS/nixpkgs/917fec9' (2026-03-05) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/0182a36' (2026-02-17) → 'github:nixos/nixpkgs/aca4d95' (2026-03-06) • Updated input 'nixvim': 'github:nix-community/nixvim/ed0424f' (2026-02-15) → 'github:nix-community/nixvim/21ae25e' (2026-03-01) • Updated input 'nur': 'github:nix-community/NUR/c5fa7a8' (2026-02-23) → 'github:nix-community/NUR/407db2f' (2026-03-08) --- flake.lock | 140 ++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 101 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 42e5940..358544d 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1771834427, - "narHash": "sha256-B1j0ahVuxyZtpbFfy34gk2DjacimPIuzyzCPvDhvxI4=", + "lastModified": 1772965444, + "narHash": "sha256-VjcI4CozsowxGkZBzxQ6LYe49e9T1qfT1BzNrnc96y0=", "owner": "9001", "repo": "copyparty", - "rev": "ab8bd0178b26a0b6c6406f7bae835d13b16ef188", + "rev": "981a7cd9dda0acedbc7f53b2c44adb241c38cb84", "type": "github" }, "original": { @@ -64,6 +64,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -72,11 +88,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -90,11 +106,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -160,6 +176,51 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nix-gaming", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nix-gaming", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -188,11 +249,11 @@ ] }, "locked": { - "lastModified": 1771851181, - "narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=", + "lastModified": 1772985285, + "narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=", "owner": "nix-community", "repo": "home-manager", - "rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c", + "rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85", "type": "github" }, "original": { @@ -213,11 +274,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1771619527, - "narHash": "sha256-y/jb+wpBP0FGwoa8Jin7NAE0bGP2N6c8GlffAz4AgsA=", + "lastModified": 1772840927, + "narHash": "sha256-WdIuEJpH7eUP3ya8laJAYf71WilE4x7xetgMferL5Ko=", "owner": "LovingMelody", "repo": "nix-citizen", - "rev": "bebdc0400deffc548360bf900aa26e41af7ee4be", + "rev": "73c8d04ba69fb0bb5c4521c4b91a930a0ce283a5", "type": "github" }, "original": { @@ -229,14 +290,15 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", + "git-hooks": "git-hooks", "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1771830876, - "narHash": "sha256-18G4VyxjjQ/fM7yjBIbHQEdJlodUd/J5KlG5RuFqRG0=", + "lastModified": 1772937574, + "narHash": "sha256-Yw1tP/ASebNYuW2GcYDTgWf2Mg9qcUYo6MTagXyeFCs=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "e70ef8581abe41fc62428cd4a5da47405233b19d", + "rev": "d2b0b283deb24cdbb2750e658fa7001fee5ad586", "type": "github" }, "original": { @@ -283,11 +345,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -298,11 +360,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1771369470, - "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", + "lastModified": 1772624091, + "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0182a361324364ae3f436a63005877674cf45efb", + "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", "type": "github" }, "original": { @@ -314,11 +376,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1771207753, - "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", + "lastModified": 1772736753, + "narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", + "rev": "917fec990948658ef1ccd07cef2a1ef060786846", "type": "github" }, "original": { @@ -330,11 +392,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1771369470, - "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", + "lastModified": 1772773019, + "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0182a361324364ae3f436a63005877674cf45efb", + "rev": "aca4d95fce4914b3892661bcb80b8087293536c6", "type": "github" }, "original": { @@ -353,11 +415,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1771135771, - "narHash": "sha256-wyvBIhDuyCRyjB3yPg77qoyxrlgQtBR1rVW3c9knV3E=", + "lastModified": 1772402258, + "narHash": "sha256-3DmCFOdmbkFML1/G9gj8Wb+rCCZFPOQtNoMCpqOF8SA=", "owner": "nix-community", "repo": "nixvim", - "rev": "ed0424f0b08d303a7348f52f7850ad1b2704f9ba", + "rev": "21ae25e13b01d3b4cdc750b5f9e7bad68b150c10", "type": "github" }, "original": { @@ -374,11 +436,11 @@ ] }, "locked": { - "lastModified": 1771863000, - "narHash": "sha256-kQqPXgZkT7AGuVKEBh99IoawtxnyLg38HJFYNwWQxNk=", + "lastModified": 1772985100, + "narHash": "sha256-EXFbJvUZrElVq839MnMgJEDnyXWn84Zx+MiHcZiCQmg=", "owner": "nix-community", "repo": "NUR", - "rev": "c5fa7a8e1f27f220045e3c7d9a1188a9254ac804", + "rev": "407db2f6f4ba94992815f872ffce9a9d99ccc13c", "type": "github" }, "original": { @@ -452,11 +514,11 @@ ] }, "locked": { - "lastModified": 1770228511, - "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", + "lastModified": 1772660329, + "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", + "rev": "3710e0e1218041bbad640352a0440114b1e10428", "type": "github" }, "original": { From a2d43c4dd917e01a249817ab51ad264432896a49 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 9 Mar 2026 14:03:47 +1100 Subject: [PATCH 120/126] feat(borgbackup): replace borgmatic --- hosts/server/configuration.nix | 2 +- modules/nixos/bundles/server.nix | 5 ++- modules/nixos/features/borgbackup.nix | 57 +++++++++++++++++++++++++++ modules/nixos/features/borgmatic.nix | 4 -- modules/nixos/features/firefly.nix | 7 ---- modules/nixos/features/immich.nix | 9 ----- modules/nixos/features/mealie.nix | 21 +++++----- modules/nixos/features/miniflux.nix | 9 ----- modules/nixos/features/ntfy-sh.nix | 9 ++--- modules/nixos/features/paperless.nix | 11 ------ modules/nixos/features/prowlarr.nix | 13 +++++- modules/nixos/features/syncthing.nix | 10 +++-- modules/templates/web-feature.nix | 15 ++----- secrets/borgbackup-offsite.age | 9 +++++ secrets/borgbackup-onsite.age | 9 +++++ secrets/borgmatic-pg.age | 9 ----- secrets/borgmatic.age | 9 ----- secrets/secrets.nix | 5 +-- 18 files changed, 117 insertions(+), 96 deletions(-) create mode 100644 modules/nixos/features/borgbackup.nix create mode 100644 secrets/borgbackup-offsite.age create mode 100644 secrets/borgbackup-onsite.age delete mode 100644 secrets/borgmatic-pg.age delete mode 100644 secrets/borgmatic.age diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index a331fc7..9593963 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -15,7 +15,7 @@ ] ++ (util.toImports ../../modules/nixos/features [ # keep-sorted start - "borgmatic" + "borgbackup" "intel-gpu" # keep-sorted end ]) diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 1aa12e4..7a9f017 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -34,5 +34,8 @@ # keep-sorted end ]; - services.borgmatic.settings.source_directories = [ "/srv" ]; + services.borgbackup.jobs = { + onsite.paths = [ "/srv" ]; + offsite.paths = [ "/srv" ]; + }; } diff --git a/modules/nixos/features/borgbackup.nix b/modules/nixos/features/borgbackup.nix new file mode 100644 index 0000000..c30799a --- /dev/null +++ b/modules/nixos/features/borgbackup.nix @@ -0,0 +1,57 @@ +{ + config, + pkgs, + ... +}: +let + jobConfig = { + compression = "auto,zlib"; + doInit = false; + preHook = '' + /run/wrappers/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dumpall > /srv/backup/database/postgres/dump.sql + ''; + postHook = '' + rm /srv/backup/database/postgres/dump.sql + ''; + prune.keep = { + daily = 7; + weekly = 4; + monthly = 6; + yearly = 1; + }; + readWritePaths = [ + "/srv/backup" + ]; + startAt = "*-*-* 03:00:00"; + extraCreateArgs = [ "-v" ]; + }; +in +{ + services.borgbackup = { + jobs = { + onsite = { + encryption = { + passCommand = "cat ${config.age.secrets.borgbackup-onsite.path}"; + mode = "repokey-blake2"; + }; + removableDevice = true; + repo = "/mnt/external/backup/take2"; + } + // jobConfig; + offsite = { + encryption = { + passCommand = "cat ${config.age.secrets.borgbackup-offsite.path}"; + mode = "repokey-blake2"; + }; + environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519"; + repo = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; + } + // jobConfig; + }; + }; + + age.secrets = { + borgbackup-onsite.file = ../../../secrets/borgbackup-onsite.age; + borgbackup-offsite.file = ../../../secrets/borgbackup-offsite.age; + }; +} diff --git a/modules/nixos/features/borgmatic.nix b/modules/nixos/features/borgmatic.nix index 6628f8e..112eeda 100644 --- a/modules/nixos/features/borgmatic.nix +++ b/modules/nixos/features/borgmatic.nix @@ -42,12 +42,10 @@ { path = "/mnt/external/backup/repo"; label = "onsite"; - # encryption = "repokey-blake2"; } { path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; label = "offsite"; - # encryption = "repokey-blake2"; } ]; retries = 3; @@ -75,8 +73,6 @@ "borgmatic-pg:${config.age.secrets.borgmatic-pg.path}" ]; - # onsite drive - # secrets age.secrets = { "borgmatic".file = ../../../secrets/borgmatic.age; diff --git a/modules/nixos/features/firefly.nix b/modules/nixos/features/firefly.nix index 92ee22d..c32df14 100644 --- a/modules/nixos/features/firefly.nix +++ b/modules/nixos/features/firefly.nix @@ -24,13 +24,6 @@ in }; }; - borgmatic.settings.sqlite_databases = [ - { - name = "firefly"; - path = "/srv/firefly/storage/database/database.sqlite"; - } - ]; - caddy.virtualHosts."firefly.fi33.buzz".extraConfig = '' root * ${config.services.firefly-iii.package}/public php_fastcgi unix//${config.services.phpfpm.pools.firefly-iii.socket} diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index 0908fd1..ce89f21 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -27,15 +27,6 @@ in } ]; - borgmatic.settings.postgresql_databases = [ - { - name = "immich"; - hostname = "localhost"; - username = "root"; - password = "{credential systemd borgmatic-pg}"; - } - ]; - caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/mealie.nix b/modules/nixos/features/mealie.nix index 368ee09..324c241 100644 --- a/modules/nixos/features/mealie.nix +++ b/modules/nixos/features/mealie.nix @@ -1,5 +1,5 @@ { - config, + pkgs, ... }: let @@ -34,17 +34,14 @@ in } ]; - # borgmatic.settings = { - # source_directories = [ ]; - # postgresql_databases = [ - # { - # name = "mealie"; - # hostname = "localhost"; - # username = "root"; - # password = "{credential systemd borgmatic-pg}"; - # } - # ]; - # }; + borgbackup.jobs = { + onsite = { + paths = [ "/var/lib/mealie" ]; + }; + offsite = { + paths = [ "/var/lib/mealie" ]; + }; + }; caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index fcd6526..094bdc2 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -34,15 +34,6 @@ in } ]; - borgmatic.settings.postgresql_databases = [ - { - name = "miniflux"; - hostname = "localhost"; - username = "root"; - password = "{credential systemd borgmatic-pg}"; - } - ]; - caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index de396ff..0d101eb 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -20,11 +20,9 @@ in auth-default-access = "deny-all"; auth-users = [ "Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin" - "borgmatic:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:user" "gatus:$2a$12$OswG3sB8oDaB.KpawKM3P.78dID.Tj/0y5qeVD5BE6EH5bpGKe.na:user" ]; auth-access = [ - "borgmatic:backups:wo" "gatus:services:wo" ]; }; @@ -44,10 +42,9 @@ in } ]; - borgmatic.settings = { - source_directories = [ - "/var/lib/ntfy-sh/user.db" - ]; + borgbackup.jobs = { + onsite.paths = [ "/var/lib/ntfy-sh" ]; + offsite.paths = [ "/var/lib/ntfy-sh" ]; }; caddy.virtualHosts.${hostname}.extraConfig = '' diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 13cdd59..5be0efb 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -36,17 +36,6 @@ in } ]; - borgmatic.settings = { - postgresql_databases = [ - { - name = "paperless"; - hostname = "localhost"; - username = "root"; - password = "{credential systemd borgmatic-pg}"; - } - ]; - }; - caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index a6126c9..050cc56 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -1,3 +1,7 @@ +{ + pkgs, + ... +}: let port = 5009; certloc = "/var/lib/acme/fi33.buzz"; @@ -28,7 +32,14 @@ in } ]; - borgmatic.settings.source_directories = [ "/var/lib/prowlarr" ]; + borgbackup.jobs = { + onsite = { + paths = [ "/var/lib/prowlarr" ]; + }; + offsite = { + paths = [ "/var/lib/prowlarr" ]; + }; + }; caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index 07976f2..0f74271 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -73,12 +73,16 @@ in } ]; - borgmatic.settings = + borgbackup.jobs = if userName == "srv" then { - source_directories = [ + onsite.paths = [ "/home/srv/.config/syncthing" - "/home/srv/Sync" + "/home/srv/Sync/" + ]; + offsite.paths = [ + "/home/srv/.config/syncthing" + "/home/srv/Sync/" ]; } else diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 8e8978c..29f389c 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -25,17 +25,10 @@ in } ]; - # borgmatic.settings = { - # source_directories = [ ]; - # postgresql_databases = [ - # { - # name = "feature"; - # hostname = "localhost"; - # username = "root"; - # password = "{credential systemd borgmatic-pg}"; - # } - # ]; - # }; + borgbackup.jobs = { + onsite.paths = [ "" ]; + offsite.paths = [ "" ]; + }; caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} diff --git a/secrets/borgbackup-offsite.age b/secrets/borgbackup-offsite.age new file mode 100644 index 0000000..e1809a9 --- /dev/null +++ b/secrets/borgbackup-offsite.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ NuEGxxieL0H7mUFKft+fuH1jd0XFDf3xESLrVcb9GAg +KxJcj9P/+cr63TmqEIPwfykz07luqe9VLRLzs3CWx9Y +-> ssh-ed25519 NanIwQ HRHMV4jFn7vJVHd6gFqcOTA14VI6+QaITXMpZbeGoDg +aANuHXv4O1KKwPCClatphXgWDFnsCy/AoQJT0+D560o +-> ssh-ed25519 LtK9yQ NHLTdStEdoXSGKxoz4/gR+oT9bLq8wwz4XRHS2rd9Xo +lndB74KBkWrfNuZyuQufl35lQIPNqbppLfSZRerIDaA +--- dro8ECdWcFtleQv5nffX/Wh97w/FGXQZwSIjPE9WIX8 +8R#;rpEhȾW8-. `OW']kJdC .T)N_kq_=ϰ \ No newline at end of file diff --git a/secrets/borgbackup-onsite.age b/secrets/borgbackup-onsite.age new file mode 100644 index 0000000..86c240f --- /dev/null +++ b/secrets/borgbackup-onsite.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ 3UW3CErZDv6UkjXJZldymqYmmJoQcbSjVX4IUX7KRn8 +pnbegKpKiNW8QY9rD7pD1mrhOSdD+cxUxcNKtLM5uOQ +-> ssh-ed25519 NanIwQ qAl2RheS1lTOU60xeodc4/WvyzYRGiWR+55QvsVE5H0 +j/UoLITpRpMF2t0J/Y0zL0kAgz5nJ02I/nwUp+pEowg +-> ssh-ed25519 LtK9yQ sbldK/F2u6MMgIR8F6c5ZFkMesq+GHKRmlqt3n6L2yw +GTSzhGfj+Shg+MQ3hde12pKi6zfeGNw6RXwSAoGyaak +--- 6WmdTjpwgwb6/1o06i5xtvnOQcvNztwpBmvH/9wYbmo +K^ѭUb|:m@*ޱg1>)qs,n{ DdvɜEuH ssh-ed25519 qLT+DQ C3A3TKOyIWzbW8JupvhTmLKetnr+0uzkPq985NA0DCs -ahrHVR7WadjOfOXBWOqBAf9L0UdCNeD0Ynk6sKDF7WM --> ssh-ed25519 7+xRyQ evZ6zSS3olbORnqiCnEAL68D1FNPgg2oBoJSaquLAAA -BYoo9AVOHsRsTbXkRQdS/7WN25vBuJOAb0YfnSY+hGQ --> ssh-ed25519 LtK9yQ jLIdKPvVhPsRIJevWLmads3P2hM29c0B143OWoINzlY -ziCUQ1TtB6BUgbNZ/zFXoaOtpxyrbKobsTvXo/dSpSA ---- Q6JHS+5vuYLIqyIb6x3qCbIJvsjk2++ovL1zkVGs69o -쇽NM1WByM.-|Gl]8Z,(5豲P!pmpEa;(tq!KU4m \ No newline at end of file diff --git a/secrets/borgmatic.age b/secrets/borgmatic.age deleted file mode 100644 index fca1c53..0000000 --- a/secrets/borgmatic.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ zfLZc8A30KjoMrhUSl4OgTp+Yg11fmVjDioxtIYMqDU -URhJwUCElaJcSd+k5wBQAXvdC/68ZcCA5WbHGAJTYfY --> ssh-ed25519 7+xRyQ mrGrjW0fQIRNMDdw4Hoc9N/xAEm1P0IFukShfeVdKE8 -yLUmj7LBfHQ/i4buBB57ktNUOnHpoC8NYTQUnK5e5y4 --> ssh-ed25519 LtK9yQ THjOsSIr/DQTulFlwd4r5DYb73VQ0vWgyDHkfJV3NR0 -Dl8FwK1WciiEMs5MdrFcUIOFGmlbZf3APOWzLN6rkOE ---- 3mjYPT9APy0F5NNbbCIQhzZ0XjKBtB9YGGS3t37eoRU -T^vU{>[dhPC6Z|K|~lݝbDt΄]1P$10 A$ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ac60688..2bd9a15 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -15,9 +15,8 @@ let in { # keep-sorted start - "borgmatic-ntfy.age".publicKeys = users; - "borgmatic-pg.age".publicKeys = users; - "borgmatic.age".publicKeys = users; + "borgbackup-offsite.age".publicKeys = users; + "borgbackup-onsite.age".publicKeys = users; "copyparty.age".publicKeys = users; "gatus.age".publicKeys = users; "git_signing_key.age".publicKeys = users; From 6328d80bdf648ea73e5122704efab1681532ea52 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Mon, 9 Mar 2026 14:36:45 +1100 Subject: [PATCH 121/126] fix(lazygit): allow rewording signed commits --- modules/home-manager/features/lazygit.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home-manager/features/lazygit.nix b/modules/home-manager/features/lazygit.nix index e4938bf..6672936 100644 --- a/modules/home-manager/features/lazygit.nix +++ b/modules/home-manager/features/lazygit.nix @@ -5,6 +5,7 @@ programs.lazygit = { enable = true; settings = { + git.overrideGpg = true; log = { localBranchSortOrder = "recency"; remoteBranchSortOrder = "recency"; From f98b6fe4a73f8e45bc53f4fbaa11d679186a0e0f Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Thu, 12 Mar 2026 19:01:05 +1100 Subject: [PATCH 122/126] fix(syncthing): alternative config should be empty set, not null --- modules/nixos/features/syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index 0f74271..0b141f7 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -86,7 +86,7 @@ in ]; } else - null; + { }; caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy http://localhost:${toString port} From 5acabc97450eb8f118887fee7e4e694a27b09462 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Thu, 12 Mar 2026 19:48:50 +1100 Subject: [PATCH 123/126] feat(librewolf): install --- modules/home-manager/bundles/gui.nix | 1 + modules/home-manager/features/librewolf.nix | 255 ++++++++++++++++++++ 2 files changed, 256 insertions(+) create mode 100644 modules/home-manager/features/librewolf.nix diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix index de6e9a8..300f80e 100644 --- a/modules/home-manager/bundles/gui.nix +++ b/modules/home-manager/bundles/gui.nix @@ -7,6 +7,7 @@ # keep-sorted start "alacritty" "firefox" + "librewolf" "obsidian" # "zen-browser" # keep-sorted end diff --git a/modules/home-manager/features/librewolf.nix b/modules/home-manager/features/librewolf.nix new file mode 100644 index 0000000..31a34b2 --- /dev/null +++ b/modules/home-manager/features/librewolf.nix @@ -0,0 +1,255 @@ +{ + pkgs, + ... +}: +{ + programs.librewolf = { + enable = true; + languagePacks = [ "en-GB" ]; + profiles.will = { + settings = { + # keep-sorted start + "browser.aboutwelcome.enabled" = false; + "browser.bookmarks.addedImportButton" = false; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.download.useDownloadDir" = true; + "browser.newtabpage.enabled" = false; + "browser.safebrowsing.downloads.enabled" = false; + "browser.safebrowsing.malware.enabled" = false; + "browser.safebrowsing.phishing.enabled" = false; + "browser.safebrowsing.remote.block_potentially_unwanted" = false; + "browser.safebrowsing.remote.block_uncommon" = false; + "browser.search.suggest.enabled" = false; + "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; + "browser.startup.page" = 3; + "browser.tabs.groups.smart.userEnabled" = false; + "browser.tabs.warnOnClose" = true; + "browser.tabs.warnOnOpen" = false; + "browser.toolbars.bookmarks.visibility" = "never"; + "browser.urlbar.suggest.searches" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.usage.uploadEnabled" = false; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_ever_enabled" = true; + "extensions.formautofill.creditCards.enabled" = false; + "general.autoScroll" = true; + "identity.fxaccounts.enabled" = true; + "intl.locale.requested" = "en-GB"; + "network.trr.mode" = 3; + "network.trr.uri" = "https://firefox.dns.nextdns.io/"; + "privacy.annotate_channels.strict_list.enabled" = true; + "privacy.bounceTrackingProtection.mode" = 1; + "privacy.fingerprintingProtection" = true; + "privacy.globalprivacycontrol.enabled" = true; + "privacy.globalprivacycontrol.was_ever_enabled" = true; + "privacy.history.custom" = false; + "privacy.query_stripping.enabled " = true; + "privacy.query_stripping.enabled.pbmode" = true; + "privacy.sanitize.sanitizeOnShutdown" = false; + "privacy.trackingprotection.allow_list.baseline.enabled" = true; + "privacy.trackingprotection.allow_list.convenience.enabled" = false; + "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; + "privacy.trackingprotection.emailtracking.enabled" = true; + "privacy.trackingprotection.enabled" = true; + "privacy.trackingprotection.socialtracking.enabled" = true; + "services.sync.engine.passwords" = false; + "sidebar.main.tools" = "syncedtabs,history,bookmarks"; + "sidebar.new-sidebar.has-used" = true; + "sidebar.position_start" = false; + "sidebar.revamp" = true; + "sidebar.verticalTabs" = true; + "sidebar.verticalTabs.dragToPinPromo.dismissed" = true; + "signon.autofillForms" = false; + "signon.firefoxRelay.feature" = "disabled"; + "signon.generation.enabled" = false; + "signon.management.page.breach-alerts.enabled" = false; + "signon.rememberSignons" = false; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + # keep-sorted end + }; + search = { + default = "ddg"; + privateDefault = "ddg"; + engines = { }; + order = [ ]; + force = true; + }; + extensions = { + force = true; + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + # keep-sorted start sticky_comments=no + # detect-cloudflare + bitwarden + dearrow + nixpkgs-pr-tracker + react-devtools + return-youtube-dislikes + sponsorblock + ublock-origin + # keep-sorted end + ]; + settings = { + # keep-sorted start block=yes + # sponsorblock + "sponsorBlocker@ajay.app".settings = { + hideSegmentCreationInPopup = false; + autoSkipOnMusicVideosUpdate = true; + changeChapterColor = true; + autoSkipOnMusicVideos = false; + hideVideoPlayerControls = false; + useVirtualTime = true; + categoryPillColors = { }; + payments = { + chaptersAllowed = false; + freeAccess = false; + lastCheck = 0; + lastFreeCheck = 0; + licenseKey = null; + }; + allowExpirements = true; + allowScrollingToEdit = true; + audioNotificationOnSkip = false; + autoHideInfoButton = true; + categoryPillUpdate = true; + chapterCategoryAdded = true; + checkForUnlistedVideos = false; + cleanPopup = false; + darkMode = true; + deArrowInstalled = true; + defaultCategory = "chooseACategory"; + disableSkipping = false; + donateClicked = 0; + dontShowNotice = false; + forceChannelCheck = false; + fullVideoLabelsOnThumbnails = true; + fullVideoSegments = true; + hideDeleteButtonPlayerControls = false; + hideDiscordLaunches = 0; + hideDiscordLink = false; + hideInfoButtonPlayerControls = false; + hideSkipButtonPlayerControls = false; + hideUploadButtonPlayerControls = false; + categorySelections = [ + { + name = "sponsor"; + option = 2; + } + { + name = "poi_highlight"; + option = 1; + } + { + name = "exclusive_access"; + option = 0; + } + { + name = "chapter"; + option = 0; + } + { + name = "selfpromo"; + option = 1; + } + { + name = "interaction"; + option = 1; + } + { + name = "intro"; + option = 1; + } + { + name = "outro"; + option = 1; + } + { + name = "preview"; + option = 1; + } + { + name = "filler"; + option = 1; + } + { + name = "music_offtopic"; + option = 2; + } + { + name = "hook"; + option = 1; + } + ]; + manualSkipOnFullVideo = false; + minDuration = 0; + isVip = false; + muteSegments = false; + noticeVisibilityMode = 3; + renderSegmentsAsChapters = false; + scrollToEditTimeUpdate = false; + serverAddress = "https://sponsor.ajay.app"; + showAutogeneratedChapters = false; + showCategoryGuidelines = true; + showCategoryWithoutPermission = false; + showChapterInfoMessage = true; + showDeArrowInSettings = true; + showDeArrowPromotion = true; + showDonationLink = false; + showNewFeaturePopups = false; + showSegmentFailedToFetchWarning = true; + showSegmentNameInChapterBar = true; + showTimeWithSkips = true; + showUpcomingNotice = false; + showUpsells = false; + minutesSaved = 67.630516; + shownDeArrowPromotion = false; + showZoomToFillError2 = false; + skipNoticeDuration = 4; + sponsorTimesContributed = 0; + testingServer = false; + trackDownvotes = false; + trackDownvotesInPrivate = false; + trackViewCount = false; + trackViewCountInPrivate = false; + ytInfoPermissionGranted = false; + skipNonMusicOnlyOnYoutubeMusic = false; + hookUpdate = false; + permissions = { + sponsor = true; + selfpromo = true; + exclusive_access = true; + interaction = true; + intro = true; + outro = true; + preview = true; + hook = true; + music_offtopic = true; + filler = true; + poi_highlight = true; + chapter = false; + }; + segmentListDefaultTab = 0; + prideTheme = false; + }; + # ublock-origin + "uBlock0@raymondhill.net".settings = { + advancedUserEnabled = true; + selectedFilterLists = [ + "user-filters" + "ublock-filters" + "ublock-badware" + "ublock-privacy" + "ublock-quick-fixes" + "ublock-unbreak" + "easylist" + "easyprivacy" + "adguard-spyware-url" + "urlhaus-1" + "plowe-0" + ]; + }; + # keep-sorted end + }; + }; + }; + }; +} From d7196bb7461dffd22be56018e13e93fec87728d8 Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Thu, 12 Mar 2026 19:49:00 +1100 Subject: [PATCH 124/126] feat(firefox): update config based on librewolf config --- modules/home-manager/features/firefox.nix | 281 +++++++++++----------- 1 file changed, 143 insertions(+), 138 deletions(-) diff --git a/modules/home-manager/features/firefox.nix b/modules/home-manager/features/firefox.nix index 4231d89..b0c16b3 100644 --- a/modules/home-manager/features/firefox.nix +++ b/modules/home-manager/features/firefox.nix @@ -12,6 +12,7 @@ "browser.aboutwelcome.enabled" = false; "browser.bookmarks.addedImportButton" = false; "browser.bookmarks.restore_default_bookmarks" = false; + "browser.download.useDownloadDir" = true; "browser.newtabpage.enabled" = false; "browser.safebrowsing.downloads.enabled" = false; "browser.safebrowsing.malware.enabled" = false; @@ -22,6 +23,8 @@ "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; "browser.startup.page" = 3; "browser.tabs.groups.smart.userEnabled" = false; + "browser.tabs.warnOnClose" = true; + "browser.tabs.warnOnOpen" = false; "browser.toolbars.bookmarks.visibility" = "never"; "browser.urlbar.suggest.searches" = false; "datareporting.healthreport.uploadEnabled" = false; @@ -35,18 +38,20 @@ "network.trr.uri" = "https://firefox.dns.nextdns.io/"; "privacy.annotate_channels.strict_list.enabled" = true; "privacy.bounceTrackingProtection.mode" = 1; - "privacy.clearOnShutdown_v2.formdata" = true; "privacy.fingerprintingProtection" = true; "privacy.globalprivacycontrol.enabled" = true; "privacy.globalprivacycontrol.was_ever_enabled" = true; + "privacy.history.custom" = false; "privacy.query_stripping.enabled " = true; "privacy.query_stripping.enabled.pbmode" = true; + "privacy.sanitize.sanitizeOnShutdown" = false; "privacy.trackingprotection.allow_list.baseline.enabled" = true; "privacy.trackingprotection.allow_list.convenience.enabled" = false; "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; "privacy.trackingprotection.emailtracking.enabled" = true; "privacy.trackingprotection.enabled" = true; "privacy.trackingprotection.socialtracking.enabled" = true; + "services.sync.engine.passwords" = false; "sidebar.main.tools" = "syncedtabs,history,bookmarks"; "sidebar.new-sidebar.has-used" = true; "sidebar.position_start" = false; @@ -86,144 +91,144 @@ # keep-sorted start block=yes # sponsorblock "sponsorBlocker@ajay.app".settings = { - hideSegmentCreationInPopup = false; - autoSkipOnMusicVideosUpdate = true; - changeChapterColor = true; - autoSkipOnMusicVideos = false; - hideVideoPlayerControls = false; - useVirtualTime = true; - categoryPillColors = { }; - payments = { - chaptersAllowed = false; - freeAccess = false; - lastCheck = 0; - lastFreeCheck = 0; - licenseKey = null; - }; - allowExpirements = true; - allowScrollingToEdit = true; - audioNotificationOnSkip = false; - autoHideInfoButton = true; - categoryPillUpdate = true; - chapterCategoryAdded = true; - checkForUnlistedVideos = false; - cleanPopup = false; - darkMode = true; - deArrowInstalled = true; - defaultCategory = "chooseACategory"; - disableSkipping = false; - donateClicked = 0; - dontShowNotice = false; - forceChannelCheck = false; - fullVideoLabelsOnThumbnails = true; - fullVideoSegments = true; - hideDeleteButtonPlayerControls = false; - hideDiscordLaunches = 0; - hideDiscordLink = false; - hideInfoButtonPlayerControls = false; - hideSkipButtonPlayerControls = false; - hideUploadButtonPlayerControls = false; - categorySelections = [ - { - name = "sponsor"; - option = 2; - } - { - name = "poi_highlight"; - option = 1; - } - { - name = "exclusive_access"; - option = 0; - } - { - name = "chapter"; - option = 0; - } - { - name = "selfpromo"; - option = 1; - } - { - name = "interaction"; - option = 1; - } - { - name = "intro"; - option = 1; - } - { - name = "outro"; - option = 1; - } - { - name = "preview"; - option = 1; - } - { - name = "filler"; - option = 1; - } - { - name = "music_offtopic"; - option = 2; - } - { - name = "hook"; - option = 1; - } - ]; - manualSkipOnFullVideo = false; - minDuration = 0; - isVip = false; - muteSegments = false; - noticeVisibilityMode = 3; - renderSegmentsAsChapters = false; - scrollToEditTimeUpdate = false; - serverAddress = "https://sponsor.ajay.app"; - showAutogeneratedChapters = false; - showCategoryGuidelines = true; - showCategoryWithoutPermission = false; - showChapterInfoMessage = true; - showDeArrowInSettings = true; - showDeArrowPromotion = true; - showDonationLink = false; - showNewFeaturePopups = false; - showSegmentFailedToFetchWarning = true; - showSegmentNameInChapterBar = true; - showTimeWithSkips = true; - showUpcomingNotice = false; - showUpsells = false; - minutesSaved = 67.630516; - shownDeArrowPromotion = false; - showZoomToFillError2 = false; - skipNoticeDuration = 4; - sponsorTimesContributed = 0; - testingServer = false; - trackDownvotes = false; - trackDownvotesInPrivate = false; - trackViewCount = false; - trackViewCountInPrivate = false; - ytInfoPermissionGranted = false; - skipNonMusicOnlyOnYoutubeMusic = false; - hookUpdate = false; - permissions = { - sponsor = true; - selfpromo = true; - exclusive_access = true; - interaction = true; - intro = true; - outro = true; - preview = true; - hook = true; - music_offtopic = true; - filler = true; - poi_highlight = true; - chapter = false; - }; - segmentListDefaultTab = 0; - prideTheme = false; + hideSegmentCreationInPopup = false; + autoSkipOnMusicVideosUpdate = true; + changeChapterColor = true; + autoSkipOnMusicVideos = false; + hideVideoPlayerControls = false; + useVirtualTime = true; + categoryPillColors = { }; + payments = { + chaptersAllowed = false; + freeAccess = false; + lastCheck = 0; + lastFreeCheck = 0; + licenseKey = null; }; + allowExpirements = true; + allowScrollingToEdit = true; + audioNotificationOnSkip = false; + autoHideInfoButton = true; + categoryPillUpdate = true; + chapterCategoryAdded = true; + checkForUnlistedVideos = false; + cleanPopup = false; + darkMode = true; + deArrowInstalled = true; + defaultCategory = "chooseACategory"; + disableSkipping = false; + donateClicked = 0; + dontShowNotice = false; + forceChannelCheck = false; + fullVideoLabelsOnThumbnails = true; + fullVideoSegments = true; + hideDeleteButtonPlayerControls = false; + hideDiscordLaunches = 0; + hideDiscordLink = false; + hideInfoButtonPlayerControls = false; + hideSkipButtonPlayerControls = false; + hideUploadButtonPlayerControls = false; + categorySelections = [ + { + name = "sponsor"; + option = 2; + } + { + name = "poi_highlight"; + option = 1; + } + { + name = "exclusive_access"; + option = 0; + } + { + name = "chapter"; + option = 0; + } + { + name = "selfpromo"; + option = 1; + } + { + name = "interaction"; + option = 1; + } + { + name = "intro"; + option = 1; + } + { + name = "outro"; + option = 1; + } + { + name = "preview"; + option = 1; + } + { + name = "filler"; + option = 1; + } + { + name = "music_offtopic"; + option = 2; + } + { + name = "hook"; + option = 1; + } + ]; + manualSkipOnFullVideo = false; + minDuration = 0; + isVip = false; + muteSegments = false; + noticeVisibilityMode = 3; + renderSegmentsAsChapters = false; + scrollToEditTimeUpdate = false; + serverAddress = "https://sponsor.ajay.app"; + showAutogeneratedChapters = false; + showCategoryGuidelines = true; + showCategoryWithoutPermission = false; + showChapterInfoMessage = true; + showDeArrowInSettings = true; + showDeArrowPromotion = true; + showDonationLink = false; + showNewFeaturePopups = false; + showSegmentFailedToFetchWarning = true; + showSegmentNameInChapterBar = true; + showTimeWithSkips = true; + showUpcomingNotice = false; + showUpsells = false; + minutesSaved = 67.630516; + shownDeArrowPromotion = false; + showZoomToFillError2 = false; + skipNoticeDuration = 4; + sponsorTimesContributed = 0; + testingServer = false; + trackDownvotes = false; + trackDownvotesInPrivate = false; + trackViewCount = false; + trackViewCountInPrivate = false; + ytInfoPermissionGranted = false; + skipNonMusicOnlyOnYoutubeMusic = false; + hookUpdate = false; + permissions = { + sponsor = true; + selfpromo = true; + exclusive_access = true; + interaction = true; + intro = true; + outro = true; + preview = true; + hook = true; + music_offtopic = true; + filler = true; + poi_highlight = true; + chapter = false; + }; + segmentListDefaultTab = 0; + prideTheme = false; + }; # ublock-origin "uBlock0@raymondhill.net".settings = { advancedUserEnabled = true; From 7483af690a5364861e19c731430373bb14f4781c Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Thu, 12 Mar 2026 19:49:14 +1100 Subject: [PATCH 125/126] feat(firefox): remove for now in favour of librewolf --- modules/home-manager/bundles/gui.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix index 300f80e..0d4ec42 100644 --- a/modules/home-manager/bundles/gui.nix +++ b/modules/home-manager/bundles/gui.nix @@ -6,7 +6,6 @@ imports = util.toImports ../features [ # keep-sorted start "alacritty" - "firefox" "librewolf" "obsidian" # "zen-browser" From 81bf6d1c45cc9eb1d0fcdc63d529c209a944851f Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Thu, 12 Mar 2026 20:02:32 +1100 Subject: [PATCH 126/126] feat(tailscale): disable for now, ssh works without --- modules/nixos/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index c1243e6..bba0af7 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -16,7 +16,6 @@ "nixvim" "syncthing" "systemd-boot" - "tailscale" # keep-sorted end ]; @@ -61,7 +60,7 @@ ticker # stock ticker tldr # cheat sheets tmpmail # temporary email address - topydo # todo.txt helper tool + # topydo # todo.txt helper tool tt # typing test wtfutil # terminal homepage xh # curl