diff --git a/flake.lock b/flake.lock index 358544d..dd23c79 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1770165109, - "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1772965444, - "narHash": "sha256-VjcI4CozsowxGkZBzxQ6LYe49e9T1qfT1BzNrnc96y0=", + "lastModified": 1768232598, + "narHash": "sha256-G+KqlGfXQ8PWvJbG5IqSBJcNLltS+erRkVhn9D0UBM4=", "owner": "9001", "repo": "copyparty", - "rev": "981a7cd9dda0acedbc7f53b2c44adb241c38cb84", + "rev": "d5a8a34bcafde04165c4e07e4885b11f6ddd2aff", "type": "github" }, "original": { @@ -64,22 +64,6 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -88,11 +72,11 @@ ] }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -106,11 +90,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -127,11 +111,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -176,51 +160,6 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "nix-gaming", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1772893680, - "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "nix-gaming", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -249,11 +188,11 @@ ] }, "locked": { - "lastModified": 1772985285, - "narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=", + "lastModified": 1768068402, + "narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=", "owner": "nix-community", "repo": "home-manager", - "rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85", + "rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c", "type": "github" }, "original": { @@ -274,11 +213,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1772840927, - "narHash": "sha256-WdIuEJpH7eUP3ya8laJAYf71WilE4x7xetgMferL5Ko=", + "lastModified": 1768085843, + "narHash": "sha256-fwh2ImVwwHWsUhem3xlscEM6n7q4rkeKXEv25QWdzjs=", "owner": "LovingMelody", "repo": "nix-citizen", - "rev": "73c8d04ba69fb0bb5c4521c4b91a930a0ce283a5", + "rev": "7b5ad5f6593893cc70c30a5ce45028ea0cd97ab3", "type": "github" }, "original": { @@ -290,15 +229,14 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "git-hooks": "git-hooks", "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1772937574, - "narHash": "sha256-Yw1tP/ASebNYuW2GcYDTgWf2Mg9qcUYo6MTagXyeFCs=", + "lastModified": 1768269856, + "narHash": "sha256-O7Qy+w2fK4kBq2I70haCDJYpzbpPW58FscHpRzw9lfA=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "d2b0b283deb24cdbb2750e658fa7001fee5ad586", + "rev": "c104472764fc9e8926e40ccc7e0e6d540d718458", "type": "github" }, "original": { @@ -345,11 +283,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1772328832, - "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -360,11 +298,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1772624091, - "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", + "lastModified": 1767892417, + "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", + "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", "type": "github" }, "original": { @@ -376,11 +314,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1772736753, - "narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", + "lastModified": 1768032153, + "narHash": "sha256-6kD1MdY9fsE6FgSwdnx29hdH2UcBKs3/+JJleMShuJg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "917fec990948658ef1ccd07cef2a1ef060786846", + "rev": "3146c6aa9995e7351a398e17470e15305e6e18ff", "type": "github" }, "original": { @@ -392,11 +330,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1772773019, - "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=", + "lastModified": 1768127708, + "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "aca4d95fce4914b3892661bcb80b8087293536c6", + "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", "type": "github" }, "original": { @@ -415,11 +353,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1772402258, - "narHash": "sha256-3DmCFOdmbkFML1/G9gj8Wb+rCCZFPOQtNoMCpqOF8SA=", + "lastModified": 1767906546, + "narHash": "sha256-AoSWS8+P+7hQ/jIdv0wBjgH1MvnerdWBFXO4GV3JoQs=", "owner": "nix-community", "repo": "nixvim", - "rev": "21ae25e13b01d3b4cdc750b5f9e7bad68b150c10", + "rev": "7eb8f36f085b85a2aeff929aff52d0f6aa14e000", "type": "github" }, "original": { @@ -436,11 +374,11 @@ ] }, "locked": { - "lastModified": 1772985100, - "narHash": "sha256-EXFbJvUZrElVq839MnMgJEDnyXWn84Zx+MiHcZiCQmg=", + "lastModified": 1768233111, + "narHash": "sha256-+ispedVffXCQUVDCgJDY6USEILM8rZsEZaxPZdXzKtA=", "owner": "nix-community", "repo": "NUR", - "rev": "407db2f6f4ba94992815f872ffce9a9d99ccc13c", + "rev": "ecccc8eec0e39e4b8bf12dc73d57083e4682f162", "type": "github" }, "original": { @@ -514,11 +452,11 @@ ] }, "locked": { - "lastModified": 1772660329, - "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", + "lastModified": 1767801790, + "narHash": "sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2+gM5tf8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3710e0e1218041bbad640352a0440114b1e10428", + "rev": "778a1d691f1ef45dd68c661715c5bf8cbf131c80", "type": "github" }, "original": { diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 2ae8322..982b9a1 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -18,6 +18,7 @@ "external-speakers" "gaming" "link2c" + "llm" "plasma" "star-citizen" # keep-sorted end diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index 7788ef5..b81886a 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -27,9 +27,10 @@ # keep-sorted end ]); - boot.initrd.luks.devices."luks-c2f5123c-0be0-4357-b383-b3f422e99a34".device = "/dev/disk/by-uuid/c2f5123c-0be0-4357-b383-b3f422e99a34"; + boot.initrd.luks.devices."luks-a7726a9d-535f-44bc-9c0e-adc501fad371".device = + "/dev/disk/by-uuid/a7726a9d-535f-44bc-9c0e-adc501fad371"; - system.stateVersion = "25.05"; + system.stateVersion = "24.11"; users.users.${userName} = { extraGroups = [ diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index 9530183..359872d 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -14,20 +14,20 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/a240787a-6cc8-4c03-8a01-742adf305b1e"; + { device = "/dev/disk/by-uuid/b772799b-5434-4d5e-b0f9-ab425e36b9a1"; fsType = "ext4"; }; - boot.initrd.luks.devices."luks-f7d7a54f-d217-4260-8754-3cac7022e7d5".device = "/dev/disk/by-uuid/f7d7a54f-d217-4260-8754-3cac7022e7d5"; + boot.initrd.luks.devices."luks-de6f14d8-8c7e-4e77-bfe5-264a39ef0bea".device = "/dev/disk/by-uuid/de6f14d8-8c7e-4e77-bfe5-264a39ef0bea"; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/B3C9-7C0A"; + { device = "/dev/disk/by-uuid/3730-5237"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; swapDevices = - [ { device = "/dev/disk/by-uuid/b07c858a-2bd7-4b9a-aec3-3f9593c461c9"; } + [ { device = "/dev/disk/by-uuid/081de704-5e9a-4e6d-ae8d-df492d0f662c"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 9593963..2e6b0b8 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -15,7 +15,7 @@ ] ++ (util.toImports ../../modules/nixos/features [ # keep-sorted start - "borgbackup" + "borgmatic" "intel-gpu" # keep-sorted end ]) @@ -30,16 +30,16 @@ fsType = "ext4"; options = [ "nofail" + "defaults" + "user" + "rw" + "utf8" + "noauto" + "umask=000" ]; }; - networking = { - hostName = "${hostName}"; - firewall.interfaces."enp2s0".allowedTCPPorts = [ - 80 - 443 - ]; - }; + networking.hostName = "${hostName}"; # hardened openssh services.openssh = { diff --git a/modules/home-manager/bundles/dev.nix b/modules/home-manager/bundles/dev.nix index 8b0003b..c5510a2 100644 --- a/modules/home-manager/bundles/dev.nix +++ b/modules/home-manager/bundles/dev.nix @@ -6,6 +6,7 @@ imports = util.toImports ../features [ # keep-sorted start "direnv" + "zed-editor" # keep-sorted end ]; } diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix index 0d4ec42..de6e9a8 100644 --- a/modules/home-manager/bundles/gui.nix +++ b/modules/home-manager/bundles/gui.nix @@ -6,7 +6,7 @@ imports = util.toImports ../features [ # keep-sorted start "alacritty" - "librewolf" + "firefox" "obsidian" # "zen-browser" # keep-sorted end diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index eed9e76..2bd1c85 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -6,15 +6,15 @@ imports = util.toImports ./features [ # keep-sorted start "agenix" - "bash" "bat" "bottom" "delta" "eza" "fd" + "fish" + "gh" "git" "lazygit" - "shell-aliases" "starship" "yazi" "zoxide" diff --git a/modules/home-manager/features/bash.nix b/modules/home-manager/features/bash.nix deleted file mode 100644 index 4f7de2a..0000000 --- a/modules/home-manager/features/bash.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - home.shell.enableBashIntegration = true; - programs.bash.enable = true; -} diff --git a/modules/home-manager/features/firefox.nix b/modules/home-manager/features/firefox.nix index b0c16b3..e7adee0 100644 --- a/modules/home-manager/features/firefox.nix +++ b/modules/home-manager/features/firefox.nix @@ -12,7 +12,6 @@ "browser.aboutwelcome.enabled" = false; "browser.bookmarks.addedImportButton" = false; "browser.bookmarks.restore_default_bookmarks" = false; - "browser.download.useDownloadDir" = true; "browser.newtabpage.enabled" = false; "browser.safebrowsing.downloads.enabled" = false; "browser.safebrowsing.malware.enabled" = false; @@ -23,8 +22,6 @@ "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; "browser.startup.page" = 3; "browser.tabs.groups.smart.userEnabled" = false; - "browser.tabs.warnOnClose" = true; - "browser.tabs.warnOnOpen" = false; "browser.toolbars.bookmarks.visibility" = "never"; "browser.urlbar.suggest.searches" = false; "datareporting.healthreport.uploadEnabled" = false; @@ -38,20 +35,18 @@ "network.trr.uri" = "https://firefox.dns.nextdns.io/"; "privacy.annotate_channels.strict_list.enabled" = true; "privacy.bounceTrackingProtection.mode" = 1; + "privacy.clearOnShutdown_v2.formdata" = true; "privacy.fingerprintingProtection" = true; "privacy.globalprivacycontrol.enabled" = true; "privacy.globalprivacycontrol.was_ever_enabled" = true; - "privacy.history.custom" = false; "privacy.query_stripping.enabled " = true; "privacy.query_stripping.enabled.pbmode" = true; - "privacy.sanitize.sanitizeOnShutdown" = false; "privacy.trackingprotection.allow_list.baseline.enabled" = true; "privacy.trackingprotection.allow_list.convenience.enabled" = false; "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; "privacy.trackingprotection.emailtracking.enabled" = true; "privacy.trackingprotection.enabled" = true; "privacy.trackingprotection.socialtracking.enabled" = true; - "services.sync.engine.passwords" = false; "sidebar.main.tools" = "syncedtabs,history,bookmarks"; "sidebar.new-sidebar.has-used" = true; "sidebar.position_start" = false; @@ -80,6 +75,7 @@ # detect-cloudflare bitwarden dearrow + floccus nixpkgs-pr-tracker react-devtools return-youtube-dislikes @@ -91,144 +87,144 @@ # keep-sorted start block=yes # sponsorblock "sponsorBlocker@ajay.app".settings = { - hideSegmentCreationInPopup = false; - autoSkipOnMusicVideosUpdate = true; - changeChapterColor = true; - autoSkipOnMusicVideos = false; - hideVideoPlayerControls = false; - useVirtualTime = true; - categoryPillColors = { }; - payments = { - chaptersAllowed = false; - freeAccess = false; - lastCheck = 0; - lastFreeCheck = 0; - licenseKey = null; + hideSegmentCreationInPopup = false; + autoSkipOnMusicVideosUpdate = true; + changeChapterColor = true; + autoSkipOnMusicVideos = false; + hideVideoPlayerControls = false; + useVirtualTime = true; + categoryPillColors = { }; + payments = { + chaptersAllowed = false; + freeAccess = false; + lastCheck = 0; + lastFreeCheck = 0; + licenseKey = null; + }; + allowExpirements = true; + allowScrollingToEdit = true; + audioNotificationOnSkip = false; + autoHideInfoButton = true; + categoryPillUpdate = true; + chapterCategoryAdded = true; + checkForUnlistedVideos = false; + cleanPopup = false; + darkMode = true; + deArrowInstalled = true; + defaultCategory = "chooseACategory"; + disableSkipping = false; + donateClicked = 0; + dontShowNotice = false; + forceChannelCheck = false; + fullVideoLabelsOnThumbnails = true; + fullVideoSegments = true; + hideDeleteButtonPlayerControls = false; + hideDiscordLaunches = 0; + hideDiscordLink = false; + hideInfoButtonPlayerControls = false; + hideSkipButtonPlayerControls = false; + hideUploadButtonPlayerControls = false; + categorySelections = [ + { + name = "sponsor"; + option = 2; + } + { + name = "poi_highlight"; + option = 1; + } + { + name = "exclusive_access"; + option = 0; + } + { + name = "chapter"; + option = 0; + } + { + name = "selfpromo"; + option = 1; + } + { + name = "interaction"; + option = 1; + } + { + name = "intro"; + option = 1; + } + { + name = "outro"; + option = 1; + } + { + name = "preview"; + option = 1; + } + { + name = "filler"; + option = 1; + } + { + name = "music_offtopic"; + option = 2; + } + { + name = "hook"; + option = 1; + } + ]; + manualSkipOnFullVideo = false; + minDuration = 0; + isVip = false; + muteSegments = false; + noticeVisibilityMode = 3; + renderSegmentsAsChapters = false; + scrollToEditTimeUpdate = false; + serverAddress = "https://sponsor.ajay.app"; + showAutogeneratedChapters = false; + showCategoryGuidelines = true; + showCategoryWithoutPermission = false; + showChapterInfoMessage = true; + showDeArrowInSettings = true; + showDeArrowPromotion = true; + showDonationLink = false; + showNewFeaturePopups = false; + showSegmentFailedToFetchWarning = true; + showSegmentNameInChapterBar = true; + showTimeWithSkips = true; + showUpcomingNotice = false; + showUpsells = false; + minutesSaved = 67.630516; + shownDeArrowPromotion = false; + showZoomToFillError2 = false; + skipNoticeDuration = 4; + sponsorTimesContributed = 0; + testingServer = false; + trackDownvotes = false; + trackDownvotesInPrivate = false; + trackViewCount = false; + trackViewCountInPrivate = false; + ytInfoPermissionGranted = false; + skipNonMusicOnlyOnYoutubeMusic = false; + hookUpdate = false; + permissions = { + sponsor = true; + selfpromo = true; + exclusive_access = true; + interaction = true; + intro = true; + outro = true; + preview = true; + hook = true; + music_offtopic = true; + filler = true; + poi_highlight = true; + chapter = false; + }; + segmentListDefaultTab = 0; + prideTheme = false; }; - allowExpirements = true; - allowScrollingToEdit = true; - audioNotificationOnSkip = false; - autoHideInfoButton = true; - categoryPillUpdate = true; - chapterCategoryAdded = true; - checkForUnlistedVideos = false; - cleanPopup = false; - darkMode = true; - deArrowInstalled = true; - defaultCategory = "chooseACategory"; - disableSkipping = false; - donateClicked = 0; - dontShowNotice = false; - forceChannelCheck = false; - fullVideoLabelsOnThumbnails = true; - fullVideoSegments = true; - hideDeleteButtonPlayerControls = false; - hideDiscordLaunches = 0; - hideDiscordLink = false; - hideInfoButtonPlayerControls = false; - hideSkipButtonPlayerControls = false; - hideUploadButtonPlayerControls = false; - categorySelections = [ - { - name = "sponsor"; - option = 2; - } - { - name = "poi_highlight"; - option = 1; - } - { - name = "exclusive_access"; - option = 0; - } - { - name = "chapter"; - option = 0; - } - { - name = "selfpromo"; - option = 1; - } - { - name = "interaction"; - option = 1; - } - { - name = "intro"; - option = 1; - } - { - name = "outro"; - option = 1; - } - { - name = "preview"; - option = 1; - } - { - name = "filler"; - option = 1; - } - { - name = "music_offtopic"; - option = 2; - } - { - name = "hook"; - option = 1; - } - ]; - manualSkipOnFullVideo = false; - minDuration = 0; - isVip = false; - muteSegments = false; - noticeVisibilityMode = 3; - renderSegmentsAsChapters = false; - scrollToEditTimeUpdate = false; - serverAddress = "https://sponsor.ajay.app"; - showAutogeneratedChapters = false; - showCategoryGuidelines = true; - showCategoryWithoutPermission = false; - showChapterInfoMessage = true; - showDeArrowInSettings = true; - showDeArrowPromotion = true; - showDonationLink = false; - showNewFeaturePopups = false; - showSegmentFailedToFetchWarning = true; - showSegmentNameInChapterBar = true; - showTimeWithSkips = true; - showUpcomingNotice = false; - showUpsells = false; - minutesSaved = 67.630516; - shownDeArrowPromotion = false; - showZoomToFillError2 = false; - skipNoticeDuration = 4; - sponsorTimesContributed = 0; - testingServer = false; - trackDownvotes = false; - trackDownvotesInPrivate = false; - trackViewCount = false; - trackViewCountInPrivate = false; - ytInfoPermissionGranted = false; - skipNonMusicOnlyOnYoutubeMusic = false; - hookUpdate = false; - permissions = { - sponsor = true; - selfpromo = true; - exclusive_access = true; - interaction = true; - intro = true; - outro = true; - preview = true; - hook = true; - music_offtopic = true; - filler = true; - poi_highlight = true; - chapter = false; - }; - segmentListDefaultTab = 0; - prideTheme = false; - }; # ublock-origin "uBlock0@raymondhill.net".settings = { advancedUserEnabled = true; diff --git a/modules/home-manager/features/fish.nix b/modules/home-manager/features/fish.nix index 4c8e865..a3fdf4c 100644 --- a/modules/home-manager/features/fish.nix +++ b/modules/home-manager/features/fish.nix @@ -9,6 +9,31 @@ interactiveShellInit = '' set fish_greeting ''; + shellAliases = { + # keep-sorted start + ",cat" = "bat"; + ",curl" = "xh"; + ",cut" = "choose"; + ",df" = "duf"; + ",diff" = "delta"; + ",du" = "dua"; + ",find" = "fd"; + ",grep" = "rga"; + ",ping" = "gping"; + ",ps" = "procs"; + ",sed" = "sd"; + ",ss" = "snitch"; + ",top" = "btm"; + ",unzip" = "ripunzip"; + "g" = "lazygit"; + "l" = "eza"; + "la" = "eza -a"; + "ls" = "eza"; + "ns" = "nh os switch"; + "vi" = "nvim"; + "vim" = "nvim"; + # keep-sorted end + }; plugins = [ # INFO: Using this to get shell completion for programs added to the path through nix+direnv. # Issue to upstream into direnv:Add commentMore actions diff --git a/modules/home-manager/features/git.nix b/modules/home-manager/features/git.nix index 7be9e6c..8bffb72 100644 --- a/modules/home-manager/features/git.nix +++ b/modules/home-manager/features/git.nix @@ -1,12 +1,15 @@ -{ - userName, - ... -}: { programs.git = { enable = true; settings = { - # keep-sorted start block=yes + init.defaultBranch = "main"; + core.editor = "nvim"; + push.autoSetupRemote = true; + pull.rebase = true; + user = { + name = "wi11-holdsworth"; + email = "83637728+wi11-holdsworth@users.noreply.github.com"; + }; aliases = { # keep-sorted start a = "add"; @@ -27,20 +30,6 @@ s = "status -s"; # keep-sorted end }; - core.editor = "nvim"; - init.defaultBranch = "main"; - pull.rebase = true; - push.autoSetupRemote = true; - user = { - name = "Will Holdsworth"; - email = "me@fi33.buzz"; - }; - # keep-sorted end - }; - signing = { - key = "/home/${userName}/.ssh/git_signature.pub"; - format = "ssh"; - signByDefault = true; }; }; } diff --git a/modules/home-manager/features/lazygit.nix b/modules/home-manager/features/lazygit.nix index 6672936..e4938bf 100644 --- a/modules/home-manager/features/lazygit.nix +++ b/modules/home-manager/features/lazygit.nix @@ -5,7 +5,6 @@ programs.lazygit = { enable = true; settings = { - git.overrideGpg = true; log = { localBranchSortOrder = "recency"; remoteBranchSortOrder = "recency"; diff --git a/modules/home-manager/features/librewolf.nix b/modules/home-manager/features/librewolf.nix deleted file mode 100644 index 31a34b2..0000000 --- a/modules/home-manager/features/librewolf.nix +++ /dev/null @@ -1,255 +0,0 @@ -{ - pkgs, - ... -}: -{ - programs.librewolf = { - enable = true; - languagePacks = [ "en-GB" ]; - profiles.will = { - settings = { - # keep-sorted start - "browser.aboutwelcome.enabled" = false; - "browser.bookmarks.addedImportButton" = false; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.download.useDownloadDir" = true; - "browser.newtabpage.enabled" = false; - "browser.safebrowsing.downloads.enabled" = false; - "browser.safebrowsing.malware.enabled" = false; - "browser.safebrowsing.phishing.enabled" = false; - "browser.safebrowsing.remote.block_potentially_unwanted" = false; - "browser.safebrowsing.remote.block_uncommon" = false; - "browser.search.suggest.enabled" = false; - "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; - "browser.startup.page" = 3; - "browser.tabs.groups.smart.userEnabled" = false; - "browser.tabs.warnOnClose" = true; - "browser.tabs.warnOnOpen" = false; - "browser.toolbars.bookmarks.visibility" = "never"; - "browser.urlbar.suggest.searches" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.usage.uploadEnabled" = false; - "dom.security.https_only_mode" = true; - "dom.security.https_only_mode_ever_enabled" = true; - "extensions.formautofill.creditCards.enabled" = false; - "general.autoScroll" = true; - "identity.fxaccounts.enabled" = true; - "intl.locale.requested" = "en-GB"; - "network.trr.mode" = 3; - "network.trr.uri" = "https://firefox.dns.nextdns.io/"; - "privacy.annotate_channels.strict_list.enabled" = true; - "privacy.bounceTrackingProtection.mode" = 1; - "privacy.fingerprintingProtection" = true; - "privacy.globalprivacycontrol.enabled" = true; - "privacy.globalprivacycontrol.was_ever_enabled" = true; - "privacy.history.custom" = false; - "privacy.query_stripping.enabled " = true; - "privacy.query_stripping.enabled.pbmode" = true; - "privacy.sanitize.sanitizeOnShutdown" = false; - "privacy.trackingprotection.allow_list.baseline.enabled" = true; - "privacy.trackingprotection.allow_list.convenience.enabled" = false; - "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; - "privacy.trackingprotection.emailtracking.enabled" = true; - "privacy.trackingprotection.enabled" = true; - "privacy.trackingprotection.socialtracking.enabled" = true; - "services.sync.engine.passwords" = false; - "sidebar.main.tools" = "syncedtabs,history,bookmarks"; - "sidebar.new-sidebar.has-used" = true; - "sidebar.position_start" = false; - "sidebar.revamp" = true; - "sidebar.verticalTabs" = true; - "sidebar.verticalTabs.dragToPinPromo.dismissed" = true; - "signon.autofillForms" = false; - "signon.firefoxRelay.feature" = "disabled"; - "signon.generation.enabled" = false; - "signon.management.page.breach-alerts.enabled" = false; - "signon.rememberSignons" = false; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - # keep-sorted end - }; - search = { - default = "ddg"; - privateDefault = "ddg"; - engines = { }; - order = [ ]; - force = true; - }; - extensions = { - force = true; - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - # keep-sorted start sticky_comments=no - # detect-cloudflare - bitwarden - dearrow - nixpkgs-pr-tracker - react-devtools - return-youtube-dislikes - sponsorblock - ublock-origin - # keep-sorted end - ]; - settings = { - # keep-sorted start block=yes - # sponsorblock - "sponsorBlocker@ajay.app".settings = { - hideSegmentCreationInPopup = false; - autoSkipOnMusicVideosUpdate = true; - changeChapterColor = true; - autoSkipOnMusicVideos = false; - hideVideoPlayerControls = false; - useVirtualTime = true; - categoryPillColors = { }; - payments = { - chaptersAllowed = false; - freeAccess = false; - lastCheck = 0; - lastFreeCheck = 0; - licenseKey = null; - }; - allowExpirements = true; - allowScrollingToEdit = true; - audioNotificationOnSkip = false; - autoHideInfoButton = true; - categoryPillUpdate = true; - chapterCategoryAdded = true; - checkForUnlistedVideos = false; - cleanPopup = false; - darkMode = true; - deArrowInstalled = true; - defaultCategory = "chooseACategory"; - disableSkipping = false; - donateClicked = 0; - dontShowNotice = false; - forceChannelCheck = false; - fullVideoLabelsOnThumbnails = true; - fullVideoSegments = true; - hideDeleteButtonPlayerControls = false; - hideDiscordLaunches = 0; - hideDiscordLink = false; - hideInfoButtonPlayerControls = false; - hideSkipButtonPlayerControls = false; - hideUploadButtonPlayerControls = false; - categorySelections = [ - { - name = "sponsor"; - option = 2; - } - { - name = "poi_highlight"; - option = 1; - } - { - name = "exclusive_access"; - option = 0; - } - { - name = "chapter"; - option = 0; - } - { - name = "selfpromo"; - option = 1; - } - { - name = "interaction"; - option = 1; - } - { - name = "intro"; - option = 1; - } - { - name = "outro"; - option = 1; - } - { - name = "preview"; - option = 1; - } - { - name = "filler"; - option = 1; - } - { - name = "music_offtopic"; - option = 2; - } - { - name = "hook"; - option = 1; - } - ]; - manualSkipOnFullVideo = false; - minDuration = 0; - isVip = false; - muteSegments = false; - noticeVisibilityMode = 3; - renderSegmentsAsChapters = false; - scrollToEditTimeUpdate = false; - serverAddress = "https://sponsor.ajay.app"; - showAutogeneratedChapters = false; - showCategoryGuidelines = true; - showCategoryWithoutPermission = false; - showChapterInfoMessage = true; - showDeArrowInSettings = true; - showDeArrowPromotion = true; - showDonationLink = false; - showNewFeaturePopups = false; - showSegmentFailedToFetchWarning = true; - showSegmentNameInChapterBar = true; - showTimeWithSkips = true; - showUpcomingNotice = false; - showUpsells = false; - minutesSaved = 67.630516; - shownDeArrowPromotion = false; - showZoomToFillError2 = false; - skipNoticeDuration = 4; - sponsorTimesContributed = 0; - testingServer = false; - trackDownvotes = false; - trackDownvotesInPrivate = false; - trackViewCount = false; - trackViewCountInPrivate = false; - ytInfoPermissionGranted = false; - skipNonMusicOnlyOnYoutubeMusic = false; - hookUpdate = false; - permissions = { - sponsor = true; - selfpromo = true; - exclusive_access = true; - interaction = true; - intro = true; - outro = true; - preview = true; - hook = true; - music_offtopic = true; - filler = true; - poi_highlight = true; - chapter = false; - }; - segmentListDefaultTab = 0; - prideTheme = false; - }; - # ublock-origin - "uBlock0@raymondhill.net".settings = { - advancedUserEnabled = true; - selectedFilterLists = [ - "user-filters" - "ublock-filters" - "ublock-badware" - "ublock-privacy" - "ublock-quick-fixes" - "ublock-unbreak" - "easylist" - "easyprivacy" - "adguard-spyware-url" - "urlhaus-1" - "plowe-0" - ]; - }; - # keep-sorted end - }; - }; - }; - }; -} diff --git a/modules/home-manager/features/shell-aliases.nix b/modules/home-manager/features/shell-aliases.nix deleted file mode 100644 index 0c78ca6..0000000 --- a/modules/home-manager/features/shell-aliases.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - home.shellAliases = { - # keep-sorted start - ",cat" = "bat"; - ",curl" = "xh"; - ",cut" = "choose"; - ",df" = "duf"; - ",diff" = "delta"; - ",du" = "dua"; - ",find" = "fd"; - ",grep" = "rga"; - ",ping" = "gping"; - ",ps" = "procs"; - ",sed" = "sd"; - ",ss" = "snitch"; - ",top" = "btm"; - ",unzip" = "ripunzip"; - "g" = "lazygit"; - "l" = "eza"; - "la" = "eza -a"; - "ls" = "eza"; - "ns" = "nh os switch"; - "vi" = "nvim"; - "vim" = "nvim"; - # keep-sorted end - }; -} diff --git a/modules/home-manager/features/yazi.nix b/modules/home-manager/features/yazi.nix index 42575dd..ed4affc 100644 --- a/modules/home-manager/features/yazi.nix +++ b/modules/home-manager/features/yazi.nix @@ -5,7 +5,6 @@ { programs.yazi = { enable = true; - shellWrapperName = "y"; plugins = { # keep-sorted start diff = pkgs.yaziPlugins.diff; diff --git a/modules/home-manager/features/zellij.nix b/modules/home-manager/features/zellij.nix index 43d706b..f7222ed 100644 --- a/modules/home-manager/features/zellij.nix +++ b/modules/home-manager/features/zellij.nix @@ -4,6 +4,7 @@ settings = { theme = "catppuccin-mocha"; show_startup_tips = false; + default_shell = "fish"; }; }; } diff --git a/modules/home-manager/features/zoxide.nix b/modules/home-manager/features/zoxide.nix index 61faad9..06cb837 100644 --- a/modules/home-manager/features/zoxide.nix +++ b/modules/home-manager/features/zoxide.nix @@ -1,6 +1,7 @@ { programs.zoxide = { enable = true; + enableBashIntegration = true; options = [ "--cmd j" ]; diff --git a/modules/nixos/bundles/dev.nix b/modules/nixos/bundles/dev.nix index 2af44dc..b9eb440 100644 --- a/modules/nixos/bundles/dev.nix +++ b/modules/nixos/bundles/dev.nix @@ -7,7 +7,12 @@ # keep-sorted start bacon cargo-info + devenv + just mask + # rusty-man + vscode # keep-sorted end ]; + } diff --git a/modules/nixos/bundles/gui.nix b/modules/nixos/bundles/gui.nix index 9459711..d1b81bc 100644 --- a/modules/nixos/bundles/gui.nix +++ b/modules/nixos/bundles/gui.nix @@ -14,10 +14,10 @@ environment.systemPackages = with pkgs; [ # keep-sorted start + beeper cameractrls-gtk3 jellyfin-desktop - libreoffice - signal-desktop + onlyoffice-desktopeditors textsnatcher # keep-sorted end ]; diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 7a9f017..b7f4b53 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -9,33 +9,29 @@ "caddy" "copyparty" "couchdb" - "cryptpad" - "fi33.buzz" - "gatus" + "firefly" "homepage-dashboard" "immich" "jellyfin" + "karakeep" "kavita" - "libretranslate" "lidarr" - "mealie" "miniflux" "ntfy-sh" "nzbget" "paperless" "prowlarr" "qbittorrent" + "qui" "radarr" "radicale" "readarr" - "send" "sonarr" + "syncthing" + "upbank2firefly" "vaultwarden" # keep-sorted end ]; - services.borgbackup.jobs = { - onsite.paths = [ "/srv" ]; - offsite.paths = [ "/srv" ]; - }; + services.borgmatic.settings.source_directories = [ "/srv" ]; } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index bba0af7..0c733d4 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -16,6 +16,7 @@ "nixvim" "syncthing" "systemd-boot" + "tailscale" # keep-sorted end ]; @@ -25,6 +26,8 @@ # keep-sorted start broot # large directory browser choose # cut + circumflex # hacker news browsing + cointop # crypto ticker ddgr # web search doggo # dns dua # du @@ -60,7 +63,7 @@ ticker # stock ticker tldr # cheat sheets tmpmail # temporary email address - # topydo # todo.txt helper tool + topydo # todo.txt helper tool tt # typing test wtfutil # terminal homepage xh # curl diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix index a121fa5..541235c 100644 --- a/modules/nixos/features/bazarr.nix +++ b/modules/nixos/features/bazarr.nix @@ -1,8 +1,6 @@ let port = 5017; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "subtitles.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -13,22 +11,7 @@ in listenPort = port; }; - gatus.settings.endpoints = [ - { - name = "Bazarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."bazarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/borgbackup.nix b/modules/nixos/features/borgbackup.nix deleted file mode 100644 index c30799a..0000000 --- a/modules/nixos/features/borgbackup.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - jobConfig = { - compression = "auto,zlib"; - doInit = false; - preHook = '' - /run/wrappers/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dumpall > /srv/backup/database/postgres/dump.sql - ''; - postHook = '' - rm /srv/backup/database/postgres/dump.sql - ''; - prune.keep = { - daily = 7; - weekly = 4; - monthly = 6; - yearly = 1; - }; - readWritePaths = [ - "/srv/backup" - ]; - startAt = "*-*-* 03:00:00"; - extraCreateArgs = [ "-v" ]; - }; -in -{ - services.borgbackup = { - jobs = { - onsite = { - encryption = { - passCommand = "cat ${config.age.secrets.borgbackup-onsite.path}"; - mode = "repokey-blake2"; - }; - removableDevice = true; - repo = "/mnt/external/backup/take2"; - } - // jobConfig; - offsite = { - encryption = { - passCommand = "cat ${config.age.secrets.borgbackup-offsite.path}"; - mode = "repokey-blake2"; - }; - environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519"; - repo = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; - } - // jobConfig; - }; - }; - - age.secrets = { - borgbackup-onsite.file = ../../../secrets/borgbackup-onsite.age; - borgbackup-offsite.file = ../../../secrets/borgbackup-offsite.age; - }; -} diff --git a/modules/nixos/features/borgmatic.nix b/modules/nixos/features/borgmatic.nix index 112eeda..bd45777 100644 --- a/modules/nixos/features/borgmatic.nix +++ b/modules/nixos/features/borgmatic.nix @@ -20,8 +20,6 @@ ntfy = { topic = "backups"; server = config.services.ntfy-sh.settings.base-url; - username = "borgmatic"; - password = "{credential file ${config.age.secrets.borgmatic-ntfy.path}}"; finish = { title = "Ping!"; message = "Your backups have succeeded :)"; @@ -42,10 +40,12 @@ { path = "/mnt/external/backup/repo"; label = "onsite"; + # encryption = "repokey-blake2"; } { path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; label = "offsite"; + # encryption = "repokey-blake2"; } ]; retries = 3; @@ -73,10 +73,11 @@ "borgmatic-pg:${config.age.secrets.borgmatic-pg.path}" ]; + # onsite drive + # secrets age.secrets = { "borgmatic".file = ../../../secrets/borgmatic.age; - "borgmatic-ntfy".file = ../../../secrets/borgmatic-ntfy.age; "borgmatic-pg".file = ../../../secrets/borgmatic-pg.age; }; } diff --git a/modules/nixos/features/caddy.nix b/modules/nixos/features/caddy.nix index 4c8978a..ca45981 100644 --- a/modules/nixos/features/caddy.nix +++ b/modules/nixos/features/caddy.nix @@ -9,7 +9,6 @@ globalConfig = '' auto_https disable_redirects ''; - openFirewall = true; }; security.acme = { diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index 1eff57b..bd31797 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -8,8 +8,6 @@ let port = 5000; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "files.fi33.buzz"; - url = "https://${hostname}"; in { imports = [ inputs.copyparty.nixosModules.default ]; @@ -23,36 +21,20 @@ in e2ts = true; e2vu = true; p = port; - xff-hdr = "x-forwarded-for"; - rproxy = 1; }; - accounts.Impatient7119.passwordFile = config.age.secrets.copyparty.path; + accounts.will.passwordFile = config.age.secrets.copyparty-will.path; volumes."/" = { path = "/srv/copyparty"; access = { - A = [ "Impatient7119" ]; + r = "*"; + A = [ "will" ]; }; }; }; - gatus.settings.endpoints = [ - { - name = "copyparty"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."copyparty.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 @@ -61,8 +43,8 @@ in }; # secrets - age.secrets."copyparty" = { - file = ../../../secrets/copyparty.age; + age.secrets."copyparty-will" = { + file = ../../../secrets/copyparty-will.age; owner = "copyparty"; }; diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix index a5edbb0..0f0d44d 100644 --- a/modules/nixos/features/couchdb.nix +++ b/modules/nixos/features/couchdb.nix @@ -1,8 +1,6 @@ let port = 5984; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "couchdb.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -31,28 +29,13 @@ in cors = { credentials = true; origins = '' - app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://${hostname},http://${hostname},${url} + app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz ''; }; }; }; - gatus.settings.endpoints = [ - { - name = "CouchDB"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 401" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."couchdb.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/cryptpad.nix b/modules/nixos/features/cryptpad.nix deleted file mode 100644 index be8c7ad..0000000 --- a/modules/nixos/features/cryptpad.nix +++ /dev/null @@ -1,66 +0,0 @@ -let - httpPort = 5022; - websocketPort = 5024; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "cryptpad.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - cryptpad = { - enable = true; - settings = { - inherit httpPort; - inherit websocketPort; - httpUnsafeOrigin = url; - httpSafeOrigin = "https://cryptpad-ui.fi33.buzz"; - inactiveTime = 7; - archiveRetentionTime = 7; - accountRetentionTime = 7; - }; - }; - - gatus.settings.endpoints = [ - { - name = "CryptPad"; - group = "Public Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts."${hostname} cryptpad-ui.fi33.buzz".extraConfig = '' - header Strict-Transport-Security "includeSubDomains; preload" - - handle /cryptpad_websocket* { - reverse_proxy localhost:${toString websocketPort} { - header_up Host {host} - header_up X-Real-IP {remote_host} - } - } - - handle { - reverse_proxy localhost:${toString httpPort} { - header_up Host {host} - header_up X-Real-IP {remote_host} - } - } - - @register { - host ${hostname} - path /register* - } - respond @register 403 - - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/fi33.buzz.nix b/modules/nixos/features/fi33.buzz.nix deleted file mode 100644 index 947026e..0000000 --- a/modules/nixos/features/fi33.buzz.nix +++ /dev/null @@ -1,19 +0,0 @@ -let - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "www.fi33.buzz"; -in -{ - # TODO why can't I serve content on fi33.buzz? dns propagation issue? - services.caddy.virtualHosts = { - "fi33.buzz".extraConfig = '' - redir https://www.fi33.buzz{uri} permanent - ''; - ${hostname}.extraConfig = '' - root * /srv/fi33.buzz/public - file_server - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/firefly.nix b/modules/nixos/features/firefly.nix index c32df14..92ee22d 100644 --- a/modules/nixos/features/firefly.nix +++ b/modules/nixos/features/firefly.nix @@ -24,6 +24,13 @@ in }; }; + borgmatic.settings.sqlite_databases = [ + { + name = "firefly"; + path = "/srv/firefly/storage/database/database.sqlite"; + } + ]; + caddy.virtualHosts."firefly.fi33.buzz".extraConfig = '' root * ${config.services.firefly-iii.package}/public php_fastcgi unix//${config.services.phpfpm.pools.firefly-iii.socket} diff --git a/modules/nixos/features/gaming.nix b/modules/nixos/features/gaming.nix index 94c90ae..2bae347 100644 --- a/modules/nixos/features/gaming.nix +++ b/modules/nixos/features/gaming.nix @@ -7,6 +7,7 @@ # keep-sorted start heroic mangohud + nexusmods-app prismlauncher protonup-qt wine diff --git a/modules/nixos/features/gatus.nix b/modules/nixos/features/gatus.nix deleted file mode 100644 index 2fe39ce..0000000 --- a/modules/nixos/features/gatus.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - config, - ... -}: -let - port = 5025; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "status.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - gatus = { - enable = true; - environmentFile = config.age.secrets.gatus.path; - settings = { - alerting = { - ntfy = { - topic = "services"; - url = config.services.ntfy-sh.settings.base-url; - token = "$NTFY_TOKEN"; - click = url; - default-alert = { - description = "Health Check Failed"; - send-on-resolved = true; - }; - }; - }; - connectivity.checker = { - target = "1.1.1.1:53"; - interval = "60s"; - }; - ui = { - title = "Health Dashboard | Fi33Buzz"; - description = "Fi33Buzz health dashboard"; - dashboard-heading = ""; - dashboard-subheading = ""; - header = "Fi33Buzz Status"; - link = "https://home.fi33.buzz/"; - default-sort-by = "group"; - }; - web.port = port; - }; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; - - age.secrets.gatus.file = ../../../secrets/gatus.age; -} diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index 3516600..3ab99c5 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -23,11 +23,12 @@ let secrets = [ # keep-sorted start + "bazarr" "immich" "jellyfin" + "karakeep" "kavita-api" "lidarr" - "mealie" "miniflux" "nzbget" "paperless" @@ -35,218 +36,120 @@ let "radarr" "readarr" "sonarr" - "subtitles" # keep-sorted end ]; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "home.fi33.buzz"; - url = "https://${hostname}"; in { services = { homepage-dashboard = { enable = true; listenPort = port; - allowedHosts = hostname; + allowedHosts = "homepage-dashboard.fi33.buzz"; services = [ - { - "Public Services" = [ - { - CryptPad = { - description = "Collaborative office suite"; - icon = "cryptpad.svg"; - href = "https://cryptpad.fi33.buzz/"; - siteMonitor = "https://cryptpad.fi33.buzz/"; - }; - } - { - LibreTranslate = { - description = "Machine Translation API"; - icon = "libretranslate.svg"; - href = "https://translate.fi33.buzz/"; - siteMonitor = "https://translate.fi33.buzz/"; - }; - } - { - Send = { - description = "Simple, private file sharing"; - icon = "send.svg"; - href = "https://send.fi33.buzz/"; - siteMonitor = "https://send.fi33.buzz/"; - }; - } - ]; - } { "Media Management" = [ { - Radarr = { - description = "Movie organizer/manager"; - icon = "radarr.svg"; - href = "https://movies.fi33.buzz/"; - siteMonitor = "https://movies.fi33.buzz/"; - widget = { - type = "radarr"; - url = "https://movies.fi33.buzz/"; - key = "@radarr@"; - enableQueue = true; + "Radarr" = { + "description" = "Movie collection manager"; + "icon" = "radarr.svg"; + "href" = "https://radarr.fi33.buzz/"; + "widget" = { + "type" = "radarr"; + "url" = "https://radarr.fi33.buzz/"; + "key" = "@radarr@"; + "enableQueue" = true; }; }; } { - Sonarr = { - description = "Smart PVR"; - icon = "sonarr.svg"; - href = "https://shows.fi33.buzz/"; - siteMonitor = "https://shows.fi33.buzz/"; - widget = { - type = "sonarr"; - url = "https://shows.fi33.buzz/"; - key = "@sonarr@"; - enableQueue = true; + "Sonarr" = { + "description" = "TV show collection manager"; + "icon" = "sonarr.svg"; + "href" = "https://sonarr.fi33.buzz/"; + "widget" = { + "type" = "sonarr"; + "url" = "https://sonarr.fi33.buzz/"; + "key" = "@sonarr@"; + "enableQueue" = true; }; }; } { - Lidarr = { - description = "Like Sonarr but made for music"; - icon = "lidarr.svg"; - href = "https://music.fi33.buzz/"; - siteMonitor = "https://music.fi33.buzz/"; - widget = { - type = "lidarr"; - url = "https://music.fi33.buzz/"; - key = "@lidarr@"; - enableQueue = true; + "Lidarr" = { + "description" = "Music collection manager"; + "icon" = "lidarr.svg"; + "href" = "https://lidarr.fi33.buzz/"; + "widget" = { + "type" = "lidarr"; + "url" = "https://lidarr.fi33.buzz/"; + "key" = "@lidarr@"; + "enableQueue" = true; }; }; } { - Readarr = { - description = "Book Manager and Automation"; - icon = "readarr.svg"; - href = "https://books.fi33.buzz/"; - siteMonitor = "https://books.fi33.buzz/"; - widget = { - type = "readarr"; - url = "https://books.fi33.buzz/"; - key = "@readarr@"; - enableQueue = true; + "Readarr" = { + "description" = "Book collection manager"; + "icon" = "readarr.svg"; + "href" = "https://readarr.fi33.buzz/"; + "widget" = { + "type" = "readarr"; + "url" = "https://readarr.fi33.buzz/"; + "key" = "@readarr@"; + "enableQueue" = true; }; }; } { - Bazarr = { - description = "Subtitle manager and downloader"; - icon = "bazarr.svg"; - href = "https://subtitles.fi33.buzz/"; - siteMonitor = "https://subtitles.fi33.buzz/"; - widget = { - type = "bazarr"; - url = "https://subtitles.fi33.buzz/"; - key = "@subtitles@"; + "Bazarr" = { + "description" = "Subtitle downloader and manager"; + "icon" = "bazarr.svg"; + "href" = "https://bazarr.fi33.buzz/"; + "widget" = { + "type" = "bazarr"; + "url" = "https://bazarr.fi33.buzz/"; + "key" = "@bazarr@"; }; }; } { - Prowlarr = { - description = "Indexer manager/proxy"; - icon = "prowlarr.svg"; - href = "https://prowlarr.fi33.buzz/"; - siteMonitor = "https://prowlarr.fi33.buzz/"; - widget = { - type = "prowlarr"; - url = "https://prowlarr.fi33.buzz/"; - key = "@prowlarr@"; + "Prowlarr" = { + "description" = "Indexer management tool"; + "icon" = "prowlarr.svg"; + "href" = "https://prowlarr.fi33.buzz/"; + "widget" = { + "type" = "prowlarr"; + "url" = "https://prowlarr.fi33.buzz/"; + "key" = "@prowlarr@"; }; }; } { - NZBget = { - description = "Usenet Downloader"; - icon = "nzbget.svg"; - href = "https://usenet.fi33.buzz/"; - siteMonitor = "https://usenet.fi33.buzz/"; - widget = { - type = "nzbget"; - url = "https://usenet.fi33.buzz/"; - username = "nzbget"; - password = "@nzbget@"; + "NZBget" = { + "description" = "Usenet client"; + "icon" = "nzbget.svg"; + "href" = "https://nzbget.fi33.buzz/"; + "widget" = { + "type" = "nzbget"; + "url" = "https://nzbget.fi33.buzz/"; + "username" = "nzbget"; + "password" = "@nzbget@"; }; }; } { - qBittorrent = { - description = "BitTorrent client"; - icon = "qbittorrent.svg"; - href = "https://bittorrent.fi33.buzz/"; - siteMonitor = "https://bittorrent.fi33.buzz/"; - }; - } - ]; - } - { - "Private Services" = [ - { - copyparty = { - description = "Portable file server"; - icon = "sh-copyparty.svg"; - href = "https://files.fi33.buzz/"; - siteMonitor = "https://files.fi33.buzz/"; + "qui" = { + "description" = "qBittorrent front end"; + "icon" = "qui.svg"; + "href" = "https://qui.fi33.buzz/"; }; } { - CouchDB = { - description = "Syncing database"; - icon = "couchdb.svg"; - href = "https://couchdb.fi33.buzz/_utils/"; - siteMonitor = "https://couchdb.fi33.buzz/_utils/"; - }; - } - { - Mealie = { - description = "Recipe manager and meal planner"; - icon = "mealie.svg"; - href = "https://mealie.fi33.buzz/"; - siteMonitor = "https://mealie.fi33.buzz/"; - widget = { - type = "mealie"; - url = "https://mealie.fi33.buzz/"; - version = 2; - key = "@mealie@"; - }; - }; - } - { - ntfy = { - description = "Send push notifications using PUT/POST"; - icon = "ntfy.svg"; - href = "https://notify.fi33.buzz/"; - siteMonitor = "https://notify.fi33.buzz/"; - }; - } - { - Radicale = { - description = "A simple CalDAV (calendar) and CardDAV (contact) server"; - icon = "radicale.svg"; - href = "https://caldav.fi33.buzz"; - siteMonitor = "https://caldav.fi33.buzz"; - }; - } - { - Syncthing = { - description = "Open Source Continuous File Synchronization"; - icon = "syncthing.svg"; - href = "https://sync.fi33.buzz/"; - siteMonitor = "https://sync.fi33.buzz/"; - }; - } - { - Vaultwarden = { - description = "Unofficial Bitwarden compatible server"; - icon = "vaultwarden.svg"; - href = "https://vault.fi33.buzz/"; - siteMonitor = "https://vault.fi33.buzz/"; + "qBittorrent" = { + "description" = "BitTorrent client"; + "icon" = "qbittorrent.svg"; + "href" = "https://qbittorrent.fi33.buzz/"; }; } ]; @@ -254,104 +157,152 @@ in { "Media Streaming" = [ { - Immich = { - description = "Photo and video management solution"; - icon = "immich.svg"; - href = "https://photos.fi33.buzz/"; - siteMonitor = "https://photos.fi33.buzz/"; - widget = { - type = "immich"; - fields = [ + "Immich" = { + "description" = "Photo backup"; + "icon" = "immich.svg"; + "href" = "https://immich.fi33.buzz/"; + "widget" = { + "type" = "immich"; + "fields" = [ "users" "photos" "videos" "storage" ]; - url = "https://photos.fi33.buzz/"; - version = 2; - key = "@immich@"; + "url" = "https://immich.fi33.buzz/"; + "version" = 2; + "key" = "@immich@"; }; }; } { - Jellyfin = { - description = "Media System"; - icon = "jellyfin.svg"; - href = "https://media.fi33.buzz/"; - siteMonitor = "https://media.fi33.buzz/"; - widget = { - type = "jellyfin"; - url = "https://media.fi33.buzz/"; - key = "@jellyfin@"; - enableBlocks = true; - enableNowPlaying = true; - enableUser = true; - showEpisodeNumber = true; - expandOneStreamToTwoRows = false; + "Jellyfin" = { + "description" = "Media streaming"; + "icon" = "jellyfin.svg"; + "href" = "https://jellyfin.fi33.buzz/"; + "widget" = { + "type" = "jellyfin"; + "url" = "https://jellyfin.fi33.buzz/"; + "key" = "@jellyfin@"; + "enableBlocks" = true; + "enableNowPlaying" = true; + "enableUser" = true; + "showEpisodeNumber" = true; + "expandOneStreamToTwoRows" = false; }; }; } { - Kavita = { - description = "Reading server"; - icon = "kavita.svg"; - href = "https://library.fi33.buzz/"; - siteMonitor = "https://library.fi33.buzz/"; - widget = { - type = "kavita"; - url = "https://library.fi33.buzz/"; - key = "@kavita-api@"; + "Kavita" = { + "description" = "Book reader"; + "icon" = "kavita.svg"; + "href" = "https://kavita.fi33.buzz/"; + "widget" = { + "type" = "kavita"; + "url" = "https://kavita.fi33.buzz/"; + "key" = "@kavita-api@"; }; }; } { - Miniflux = { - description = "Feed reader"; - icon = "miniflux.svg"; - href = "https://feeds.fi33.buzz/"; - siteMonitor = "https://feeds.fi33.buzz/"; - widget = { - type = "miniflux"; - url = "https://feeds.fi33.buzz/"; - key = "@miniflux@"; + "Karakeep" = { + "description" = "Web clipper"; + "icon" = "karakeep.svg"; + "href" = "https://karakeep.fi33.buzz/"; + "widget" = { + "type" = "karakeep"; + "url" = "https://karakeep.fi33.buzz/"; + "key" = "@karakeep@"; }; }; } { - Paperless = { - description = "Document management system"; - icon = "paperless.svg"; - href = "https://documents.fi33.buzz/"; - siteMonitor = "https://documents.fi33.buzz/"; - widget = { - type = "paperlessngx"; - url = "https://documents.fi33.buzz/"; - username = "admin"; - password = "@paperless@"; + "Miniflux" = { + "description" = "RSS aggregator"; + "icon" = "miniflux.svg"; + "href" = "https://miniflux.fi33.buzz/"; + "widget" = { + "type" = "miniflux"; + "url" = "https://miniflux.fi33.buzz/"; + "key" = "@miniflux@"; + }; + }; + } + { + "Paperless" = { + "description" = "Digital filing cabinet"; + "icon" = "paperless.svg"; + "href" = "https://paperless.fi33.buzz/"; + "widget" = { + "type" = "paperlessngx"; + "url" = "https://paperless.fi33.buzz/"; + "username" = "admin"; + "password" = "@paperless@"; }; }; } ]; } { - Utilities = [ + "Services" = [ { - Gatus = { - description = "Status page"; - icon = "gatus.svg"; - href = "https://status.fi33.buzz/"; - siteMonitor = "https://status.fi33.buzz/"; - widget = { - type = "gatus"; - url = "https://status.fi33.buzz/"; - }; + "copyparty" = { + "description" = "Cloud file manager"; + "icon" = "sh-copyparty.svg"; + "href" = "https://copyparty.fi33.buzz/"; }; } { - NanoKVM = { - description = "Remote KVM switch"; - icon = "mdi-console.svg"; - href = "http://nano-kvm/"; + "CouchDB" = { + "description" = "Obsidian sync database"; + "icon" = "couchdb.svg"; + "href" = "https://couchdb.fi33.buzz/_utils/"; + }; + } + { + "Firefly" = { + "description" = "Budget Planner"; + "icon" = "firefly-iii.svg"; + "href" = "https://firefly.fi33.buzz/"; + }; + } + { + "ntfy" = { + "description" = "Notification service"; + "icon" = "ntfy.svg"; + "href" = "https://ntfy-sh.fi33.buzz/"; + }; + } + { + "Radicale" = { + "description" = "CalDAV/CardDAV service"; + "icon" = "radicale.svg"; + "href" = "https://radicale.fi33.buzz"; + }; + } + { + "Syncthing" = { + "description" = "Decentralised file synchronisation"; + "icon" = "syncthing.svg"; + "href" = "https://syncthing.fi33.buzz/"; + }; + } + { + "Vaultwarden" = { + "description" = "Password manager"; + "icon" = "vaultwarden.svg"; + "href" = "https://vaultwarden.fi33.buzz/"; + }; + } + ]; + } + { + "Utilities" = [ + { + "NanoKVM" = { + "description" = "Remote KVM switch"; + "icon" = "mdi-console.svg"; + "href" = "http://nano-kvm/"; }; } ]; @@ -362,22 +313,7 @@ in theme = "dark"; color = "neutral"; headerStyle = "clean"; - hideVersion = true; layout = [ - { - "Public Services" = { - style = "row"; - columns = 3; - useEqualHeights = true; - }; - } - { - "Private Services" = { - style = "row"; - columns = 3; - useEqualHeights = true; - }; - } { "Media Streaming" = { style = "row"; @@ -385,6 +321,12 @@ in useEqualHeights = true; }; } + { + "Services" = { + style = "row"; + columns = 4; + }; + } { "Media Management" = { style = "row"; @@ -393,17 +335,16 @@ in }; } { - Utilities = { + "Utilities" = { style = "row"; columns = 3; - useEqualHeights = true; - initiallyCollapsed = true; }; } ]; quicklaunch.searchDescriptions = true; disableUpdateCheck = true; showStats = true; + statusStyle = "dot"; }; widgets = [ { @@ -436,22 +377,7 @@ in ]; }; - gatus.settings.endpoints = [ - { - name = "Homepage Dashboard"; - group = "Utilities"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."homepage-dashboard.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index ce89f21..de5443f 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -1,8 +1,6 @@ let port = 2283; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "photos.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -12,22 +10,16 @@ in mediaLocation = "/srv/immich"; }; - gatus.settings.endpoints = [ + borgmatic.settings.postgresql_databases = [ { - name = "Immich"; - group = "Media Streaming"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; + name = "immich"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; } ]; - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."immich.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index 6e1f7b8..9fab896 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -1,8 +1,6 @@ let port = 8096; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "media.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -12,22 +10,7 @@ in group = "srv"; }; - gatus.settings.endpoints = [ - { - name = "Jellyfin"; - group = "Media Streaming"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."jellyfin.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/kavita.nix b/modules/nixos/features/kavita.nix index 814cd91..bbb2322 100644 --- a/modules/nixos/features/kavita.nix +++ b/modules/nixos/features/kavita.nix @@ -5,8 +5,6 @@ let port = 5015; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "library.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -17,22 +15,7 @@ in tokenKeyFile = config.age.secrets.kavita.path; }; - gatus.settings.endpoints = [ - { - name = "Kavita"; - group = "Media Streaming"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."kavita.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/libretranslate.nix b/modules/nixos/features/libretranslate.nix deleted file mode 100644 index ed20161..0000000 --- a/modules/nixos/features/libretranslate.nix +++ /dev/null @@ -1,37 +0,0 @@ -let - port = 5023; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "translate.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - libretranslate = { - enable = true; - inherit port; - updateModels = true; - }; - - gatus.settings.endpoints = [ - { - name = "LibreTranslate"; - group = "Public Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 620f684..78aa609 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -1,8 +1,6 @@ let port = 5012; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "music.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -15,22 +13,7 @@ in group = "srv"; }; - gatus.settings.endpoints = [ - { - name = "Lidarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."lidarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/mealie.nix b/modules/nixos/features/mealie.nix deleted file mode 100644 index 324c241..0000000 --- a/modules/nixos/features/mealie.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - pkgs, - ... -}: -let - port = 5026; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "mealie.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - mealie = { - enable = true; - inherit port; - settings = { - TZ = "Australia/Melbourne"; - ALLOW_SIGNUP = "false"; - }; - }; - - gatus.settings.endpoints = [ - { - name = "Mealie"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - borgbackup.jobs = { - onsite = { - paths = [ "/var/lib/mealie" ]; - }; - offsite = { - paths = [ "/var/lib/mealie" ]; - }; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index 094bdc2..82aeeb5 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -5,8 +5,6 @@ let port = 5010; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "feeds.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -14,27 +12,21 @@ in enable = true; adminCredentialsFile = config.age.secrets.miniflux-creds.path; config = { - BASE_URL = url; + BASE_URL = "https://miniflux.fi33.buzz"; LISTEN_ADDR = "localhost:${toString port}"; }; }; - gatus.settings.endpoints = [ + borgmatic.settings.postgresql_databases = [ { - name = "Miniflux"; - group = "Media Streaming"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; + name = "miniflux"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; } ]; - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."miniflux.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index 0d101eb..e53a792 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -1,59 +1,23 @@ -{ - config, - ... -}: let port = 5002; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "notify.fi33.buzz"; - url = "https://${hostname}"; in { services = { ntfy-sh = { enable = true; - environmentFile = config.age.secrets.ntfy.path; settings = { - base-url = url; + base-url = "https://ntfy-sh.fi33.buzz"; listen-http = ":${toString port}"; behind-proxy = true; - auth-default-access = "deny-all"; - auth-users = [ - "Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin" - "gatus:$2a$12$OswG3sB8oDaB.KpawKM3P.78dID.Tj/0y5qeVD5BE6EH5bpGKe.na:user" - ]; - auth-access = [ - "gatus:services:wo" - ]; }; }; - gatus.settings.endpoints = [ - { - name = "ntfy"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - } - ]; - - borgbackup.jobs = { - onsite.paths = [ "/var/lib/ntfy-sh" ]; - offsite.paths = [ "/var/lib/ntfy-sh" ]; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."ntfy-sh.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 } ''; }; - - age.secrets.ntfy.file = ../../../secrets/ntfy.age; } diff --git a/modules/nixos/features/nzbget.nix b/modules/nixos/features/nzbget.nix index 18fc272..ba469f2 100644 --- a/modules/nixos/features/nzbget.nix +++ b/modules/nixos/features/nzbget.nix @@ -5,8 +5,6 @@ let port = 5018; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "usenet.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -19,22 +17,7 @@ in group = "srv"; }; - gatus.settings.endpoints = [ - { - name = "NZBget"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 401" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."nzbget.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 5be0efb..01bc88d 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -5,8 +5,6 @@ let port = 5013; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "documents.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -17,26 +15,22 @@ in passwordFile = config.age.secrets.paperless.path; inherit port; settings = { - PAPERLESS_URL = url; + PAPERLESS_URL = "https://paperless.fi33.buzz"; }; }; - gatus.settings.endpoints = [ - { - name = "Paperless"; - group = "Media Streaming"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; + borgmatic.settings = { + postgresql_databases = [ + { + name = "paperless"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; + } + ]; + }; - caddy.virtualHosts.${hostname}.extraConfig = '' +caddy.virtualHosts."paperless.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 050cc56..23e090f 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -1,47 +1,18 @@ -{ - pkgs, - ... -}: let port = 5009; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "prowlarr.fi33.buzz"; - url = "https://${hostname}"; in { services = { prowlarr = { enable = true; + dataDir = "/srv/prowlarr"; settings.server = { inherit port; }; }; - gatus.settings.endpoints = [ - { - name = "Prowlarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - borgbackup.jobs = { - onsite = { - paths = [ "/var/lib/prowlarr" ]; - }; - offsite = { - paths = [ "/var/lib/prowlarr" ]; - }; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."prowlarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/qbittorrent.nix b/modules/nixos/features/qbittorrent.nix index c44683a..577f0c9 100644 --- a/modules/nixos/features/qbittorrent.nix +++ b/modules/nixos/features/qbittorrent.nix @@ -1,8 +1,6 @@ let port = 5005; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "bittorrent.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -16,22 +14,7 @@ in ]; }; - gatus.settings.endpoints = [ - { - name = "qBittorrent"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."qbittorrent.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index cdbfe0d..30063eb 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -1,8 +1,6 @@ let port = 5007; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "movies.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -15,22 +13,7 @@ in group = "srv"; }; - gatus.settings.endpoints = [ - { - name = "Radarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."radarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix index 1cbaf04..73155e6 100644 --- a/modules/nixos/features/radicale.nix +++ b/modules/nixos/features/radicale.nix @@ -5,8 +5,6 @@ let port = 5003; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "caldav.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -30,22 +28,7 @@ in }; }; - gatus.settings.endpoints = [ - { - name = "Radicale"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."radicale.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix index d78a322..42a884b 100644 --- a/modules/nixos/features/readarr.nix +++ b/modules/nixos/features/readarr.nix @@ -1,8 +1,6 @@ let port = 5016; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "books.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -15,22 +13,7 @@ in group = "srv"; }; - gatus.settings.endpoints = [ - { - name = "Readarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."readarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/send.nix b/modules/nixos/features/send.nix deleted file mode 100644 index cdb6620..0000000 --- a/modules/nixos/features/send.nix +++ /dev/null @@ -1,45 +0,0 @@ -let - port = 5020; - certloc = "/var/lib/acme/fi33.buzz"; - hostname = "send.fi33.buzz"; - url = "https://${hostname}"; -in -{ - services = { - send = { - enable = true; - inherit port; - baseUrl = url; - environment = { - DEFAULT_EXPIRE_SECONDS = 360; - EXPIRE_TIMES_SECONDS = "360"; - DOWNLOAD_COUNTS = "1"; - MAX_DOWNLOADS = 1; - MAX_EXPIRE_SECONDS = 1024; - MAX_FILE_SIZE = 134217728; - }; - }; - - gatus.settings.endpoints = [ - { - name = "Send"; - group = "Public Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' - reverse_proxy localhost:${toString port} - tls ${certloc}/cert.pem ${certloc}/key.pem { - protocols tls1.3 - } - ''; - }; -} diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 696872d..691b4b8 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -1,8 +1,6 @@ let port = 5006; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "shows.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -15,22 +13,7 @@ in group = "srv"; }; - gatus.settings.endpoints = [ - { - name = "Sonarr"; - group = "Media Management"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."sonarr.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index 0b141f7..d9624c3 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -13,7 +13,7 @@ let } { device = "laptop"; - id = "CTU345T-27VU5KK-HXLPSMO-H6C47TL-XZG3BVU-AZF7HSX-FCQHAMA-QOA3CAT"; + id = "XDDGWB2-5OFYWSY-7LN652V-3WNQMWV-4WCVHCR-2EXLDW7-FUL2MC4-MMLO4QV"; } { device = "phone"; @@ -41,8 +41,6 @@ let ) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList) ); certloc = "/var/lib/acme/fi33.buzz"; - hostname = "sync.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -58,37 +56,18 @@ in }; }; - gatus.settings.endpoints = [ - { - name = "Syncthing"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - borgbackup.jobs = + borgmatic.settings = if userName == "srv" then { - onsite.paths = [ + source_directories = [ "/home/srv/.config/syncthing" - "/home/srv/Sync/" - ]; - offsite.paths = [ - "/home/srv/.config/syncthing" - "/home/srv/Sync/" + "/home/srv/Sync" ]; } else - { }; + null; - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."syncthing.fi33.buzz".extraConfig = '' reverse_proxy http://localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/upbank2firefly.nix b/modules/nixos/features/upbank2firefly.nix index e711bb8..bebab7f 100644 --- a/modules/nixos/features/upbank2firefly.nix +++ b/modules/nixos/features/upbank2firefly.nix @@ -46,6 +46,24 @@ in docker build -t compose2nix/upbank2firefly . ''; }; + "upbank2firefly-getall" = { + script = '' + cd /srv/upbank2firefly + docker container exec -e FLASK_APP=main upbank2firefly flask getall --since "$(date -d "1 hour ago" +"%Y-%m-%d %H:%M:%S")" + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + }; + timers."upbank2firefly-getall" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + Unit = "upbank2firefly-getall.service"; + OnCalendar = "hourly"; + Persistent = true; + }; }; }; diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index 5833a18..be8cb7a 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -5,8 +5,6 @@ let port = 5001; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "vault.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -15,7 +13,7 @@ in backupDir = "/srv/vaultwarden"; config = { rocketPort = toString port; - domain = url; + domain = "https://vaultwarden.fi33.buzz"; signupsAllowed = false; invitationsAllowed = false; showPasswordHint = false; @@ -25,22 +23,7 @@ in }; }; - gatus.settings.endpoints = [ - { - name = "Vaultwarden"; - group = "Private Services"; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."vaultwarden.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 29f389c..8fa5ed6 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -1,8 +1,6 @@ let port = 0000; certloc = "/var/lib/acme/fi33.buzz"; - hostname = "feature.fi33.buzz"; - url = "https://${hostname}"; in { services = { @@ -10,27 +8,19 @@ in enable = true; }; - gatus.settings.endpoints = [ - { - name = "feature"; - group = ""; - inherit url; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[CONNECTED] == true" - "[RESPONSE_TIME] < 500" - ]; - alerts = [ { type = "ntfy"; } ]; - } - ]; + # borgmatic.settings = { + # source_directories = [ ]; + # postgresql_databases = [ + # { + # name = "feature"; + # hostname = "localhost"; + # username = "root"; + # password = "{credential systemd borgmatic-pg}"; + # } + # ]; + # }; - borgbackup.jobs = { - onsite.paths = [ "" ]; - offsite.paths = [ "" ]; - }; - - caddy.virtualHosts.${hostname}.extraConfig = '' + caddy.virtualHosts."feature.fi33.buzz".extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/secrets/bazarr.age b/secrets/bazarr.age index 108c2a4..82d61ca 100644 --- a/secrets/bazarr.age +++ b/secrets/bazarr.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 qLT+DQ sHlKSMDLuGOLY2qwoFCS2ZiC/903ChAP0wp4wJYksi8 -jIzt2BvZy53dMdUSYBEa2QsWQ7yluk9ltdk4wrTkIbo --> ssh-ed25519 7+xRyQ /JHmkqPhx/nJFhOxWu5nrX89NCBI/Bhyih81bIv2OR8 -VJPt3EFgYWc6bYBSNNzLFnWBNVx7RYJaG/hNF2EswQ4 --> ssh-ed25519 LtK9yQ znUR+X5uu9wdKPdUBEOhs295e/zLAD8E49vZ0QEaL10 -ADBASujra+DSzavY/m/gU3xgAzaSqlTh2txpzyyJIJQ ---- j21Ms0NWBwHJV1NPbIp19lSgCMkCHSUX3UwWjg43OLk -[,WM?&>ʄ 1P ī"oKޓjhiҪ&UMPr& \ No newline at end of file +-> ssh-ed25519 qLT+DQ pNb65h8kPUdFi7vgKoENqFf9NuQAfegSAM+SVxoTdGQ +7pDfhxs55Q4HQetasY6tZX76aOleLTCTi3xEdCqPdFo +-> ssh-ed25519 7+xRyQ SiBuQH6fIUFidqFUIFfE9i0zJhuMAWYmDCeszOJLZlE +ASEBjHaAVrH6z/43Rfnh2P0REg7f0b53fqbLHD44P8g +-> ssh-ed25519 LtK9yQ F6FnS/nRerbt/tMCl48CMjyKwhgCI8ti40klovGXdGU +ksVfKN3xowiBhwzyS9DLdmVX1QLCo8hvNiNux0MkiXU +--- rMrNsQ0G/k0MAwDOBd9IYDb2Lc8N/RaGXIGKtm9FL1c +q 9o-dtB7v*i:.G/t),+/vCD}SX(} *4[~l \ No newline at end of file diff --git a/secrets/borgbackup-offsite.age b/secrets/borgbackup-offsite.age deleted file mode 100644 index e1809a9..0000000 --- a/secrets/borgbackup-offsite.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ NuEGxxieL0H7mUFKft+fuH1jd0XFDf3xESLrVcb9GAg -KxJcj9P/+cr63TmqEIPwfykz07luqe9VLRLzs3CWx9Y --> ssh-ed25519 NanIwQ HRHMV4jFn7vJVHd6gFqcOTA14VI6+QaITXMpZbeGoDg -aANuHXv4O1KKwPCClatphXgWDFnsCy/AoQJT0+D560o --> ssh-ed25519 LtK9yQ NHLTdStEdoXSGKxoz4/gR+oT9bLq8wwz4XRHS2rd9Xo -lndB74KBkWrfNuZyuQufl35lQIPNqbppLfSZRerIDaA ---- dro8ECdWcFtleQv5nffX/Wh97w/FGXQZwSIjPE9WIX8 -8R#;rpEhȾW8-. `OW']kJdC .T)N_kq_=ϰ \ No newline at end of file diff --git a/secrets/borgbackup-onsite.age b/secrets/borgbackup-onsite.age deleted file mode 100644 index 86c240f..0000000 --- a/secrets/borgbackup-onsite.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ 3UW3CErZDv6UkjXJZldymqYmmJoQcbSjVX4IUX7KRn8 -pnbegKpKiNW8QY9rD7pD1mrhOSdD+cxUxcNKtLM5uOQ --> ssh-ed25519 NanIwQ qAl2RheS1lTOU60xeodc4/WvyzYRGiWR+55QvsVE5H0 -j/UoLITpRpMF2t0J/Y0zL0kAgz5nJ02I/nwUp+pEowg --> ssh-ed25519 LtK9yQ sbldK/F2u6MMgIR8F6c5ZFkMesq+GHKRmlqt3n6L2yw -GTSzhGfj+Shg+MQ3hde12pKi6zfeGNw6RXwSAoGyaak ---- 6WmdTjpwgwb6/1o06i5xtvnOQcvNztwpBmvH/9wYbmo -K^ѭUb|:m@*ޱg1>)qs,n{ DdvɜEuH ssh-ed25519 qLT+DQ GTuLiTsgOVunKC+DyalVPV3gKm3WiKoSIQXg/0ElJF8 -UiOLJdTn4Q5oTkqAtZ6K0uxW+EsrpfA156uC1ncrIY0 --> ssh-ed25519 7+xRyQ k2ta2Gl7zCvHiv4DwzgRK5REDYayIoTfC32BF5yHxgg -n7sqfJ6fx/3VnQCD+H4n92ekGdoFCdk/SeXdSU8FZHc --> ssh-ed25519 LtK9yQ BQ9U3//Lzx7dX+iDyP2lqx6K860kFTu/iB5uMAskKhA -xiV+QxL8ffx9n9gIUr5wwQ5zGvZlFsf2DclayQh8SJI ---- k06SInBOn82DqWfIf4t62pjAZ1R0uWAyQTi5ELDD/6U -f_$T56"TH;4} ssh-ed25519 qLT+DQ C3A3TKOyIWzbW8JupvhTmLKetnr+0uzkPq985NA0DCs +ahrHVR7WadjOfOXBWOqBAf9L0UdCNeD0Ynk6sKDF7WM +-> ssh-ed25519 7+xRyQ evZ6zSS3olbORnqiCnEAL68D1FNPgg2oBoJSaquLAAA +BYoo9AVOHsRsTbXkRQdS/7WN25vBuJOAb0YfnSY+hGQ +-> ssh-ed25519 LtK9yQ jLIdKPvVhPsRIJevWLmads3P2hM29c0B143OWoINzlY +ziCUQ1TtB6BUgbNZ/zFXoaOtpxyrbKobsTvXo/dSpSA +--- Q6JHS+5vuYLIqyIb6x3qCbIJvsjk2++ovL1zkVGs69o +쇽NM1WByM.-|Gl]8Z,(5豲P!pmpEa;(tq!KU4m \ No newline at end of file diff --git a/secrets/borgmatic.age b/secrets/borgmatic.age new file mode 100644 index 0000000..fca1c53 --- /dev/null +++ b/secrets/borgmatic.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ zfLZc8A30KjoMrhUSl4OgTp+Yg11fmVjDioxtIYMqDU +URhJwUCElaJcSd+k5wBQAXvdC/68ZcCA5WbHGAJTYfY +-> ssh-ed25519 7+xRyQ mrGrjW0fQIRNMDdw4Hoc9N/xAEm1P0IFukShfeVdKE8 +yLUmj7LBfHQ/i4buBB57ktNUOnHpoC8NYTQUnK5e5y4 +-> ssh-ed25519 LtK9yQ THjOsSIr/DQTulFlwd4r5DYb73VQ0vWgyDHkfJV3NR0 +Dl8FwK1WciiEMs5MdrFcUIOFGmlbZf3APOWzLN6rkOE +--- 3mjYPT9APy0F5NNbbCIQhzZ0XjKBtB9YGGS3t37eoRU +T^vU{>[dhPC6Z|K|~lݝbDt΄]1P$10 A$ \ No newline at end of file diff --git a/secrets/copyparty.age b/secrets/copyparty-will.age similarity index 100% rename from secrets/copyparty.age rename to secrets/copyparty-will.age diff --git a/secrets/gatus.age b/secrets/gatus.age deleted file mode 100644 index 13d455e..0000000 --- a/secrets/gatus.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ 3vJV+PZ1IvwiFPplPEwXkaZK4y0QLxkvi/stzAV+HWg -3htQOBS3ph9+OXG2ZYtMyzErGtYRP1vzycua+vhPX+4 --> ssh-ed25519 NanIwQ 748IDG9uT6jMj0CSU3EeBqRd7lZ7NTJoUldo4FUfkFI -bYaXhcXjYgKqEaUeRZQhx9neK1pDVN3QbhblLOcGUg0 --> ssh-ed25519 LtK9yQ au/UGPL91M0sUzMeOKPOkltXWDPoWeCrUWrD2OIsJA0 -thILTQH9hrcBYBbRSZaHMODAhCKWsqomDuEK4hcKAqM ---- UpA2kIfSBwfgMxjt2x61KFAiUaV3sHQ6Gp2R87cvnwo -*D27p梔 pQ -Fufpڰ4Q5ѨeӪ ވ;ꖓz8i{@Ǘ \ No newline at end of file diff --git a/secrets/git_signing_key.age b/secrets/git_signing_key.age deleted file mode 100644 index d3a4680..0000000 Binary files a/secrets/git_signing_key.age and /dev/null differ diff --git a/secrets/git_signing_key.pub.age b/secrets/git_signing_key.pub.age deleted file mode 100644 index f0b53bc..0000000 --- a/secrets/git_signing_key.pub.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ NMzN1Cll+cH5GgEQvCRpb8c1m7CDHWBtUZ5QNMluKkg -H77YBVoCAZerRyoG90h9W6PKZbpjNBl2mfsW3Eco27w --> ssh-ed25519 7+xRyQ 67NFmrcLe9R5ni0HnvIiHcN0tlRVXpAiaVOQfIpqWzI -H7jbIgVXVl+lENksb4KUfASeIKPBI/FtHhhlQzhXwik --> ssh-ed25519 LtK9yQ jvrWRlZF/H20QARL4lWWX0cDDoIK0Et5ZMxdsPJPXn0 -g+ZaDYycq65tBEBFuDpSl1BKuCTmxCJuYqG8kSCtL9U ---- jZ2xp/oW3CgXPc8jriK53zTODB9lhDNZr8YfSYLAmio -AKw;2R -֨bS'7//kXHӖW†

ssh-ed25519 qLT+DQ jySlchGAPxdkjpZzg+5BLH7O5yM+O5a9CleBVMqbck8 -I5OEMjXJNrNKIBumXmiAMXRa1AZx0cKQ0BfM7HYCcRc --> ssh-ed25519 NanIwQ 29upo2jTQF8Vz91yWmYCXnQW4LgYcvt1TcF/HLA5klA -eQla3EMQnRPzhd5MyDL3byPhIiio0rFFM+yesPLEtv8 --> ssh-ed25519 LtK9yQ Vx/lQ6M/wYa9483YpuCwwobNuIZjv/Sy9vl695H05BQ -qqUWRnrMYfflhcznrF2QKfODDa7vmz6Uy7fk1zSpbEE ---- xunznREPjjEVRWAmqI/4xKp/NrNk6C3B1Z+3Vjf2TL4 -m{z\,TSS7Tk)hVX0mN?=ӟx TdY0[)ۓSZ:>FU֙~ \ No newline at end of file diff --git a/secrets/prowlarr.age b/secrets/prowlarr.age index 08436c5..8883300 100644 --- a/secrets/prowlarr.age +++ b/secrets/prowlarr.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 qLT+DQ k6AiMFgWygHRf2yPApcnQYDPaJx/Dp6BTq3+BdyBiyM -64MyfaTpMcAl8o9zkWXCoZQ5uy+7izd30A90LLiALTY --> ssh-ed25519 7+xRyQ YcPcsux5lCSDbV8hSCvhkI+1qnAmXcpd5FDmT7bMXk0 -bbkjozzt/bL7j7uJTtgkklI/qJ11zYgQsYmZhFwGV+c --> ssh-ed25519 LtK9yQ Ol8eU/Pyb3gDCsIzE1zT8FNsTCGKZZc5zfX6lW/5+2w -Gj0ssfpyQcy0vfVXgNXxzFzHGpPBOyfkR7UeRYina4A ---- +iLccZwqDkqDg2atoNRSuhEf3v3fyU6oda4vOw+BuKc -&L: 9:"| dm9v1y"vOYnx=4D \ No newline at end of file +-> ssh-ed25519 qLT+DQ EgHCxhqEyRGiBNRBw8Cs2NmM4nihbZSEw4C3JJ2muRE +Pqnh8JpDHEvsgkJTwJzrkx/A0oBg2n7TumVCgHOceD8 +-> ssh-ed25519 7+xRyQ WLCkfRiBsqZohjc+z4rs4sHFMAtsRvqiocsnUlZkAVg +ebJft8vHhi4rd9T0BOl388SKun+3vF3P6/u7U4vdy5c +-> ssh-ed25519 LtK9yQ 8suX3vEyfqVcbNy4ZQxPRvaJg+4TJTR0cSlAgV04rzc +i8cmfhsETd4Y7epbyan5ION7W2g5QazyJA3AcGlXKKI +--- 7jsZ4aF4WyshNUtjP83yf2yHaR1UXfWEdbHhwmfyGhM +&zP 'س],qTx@l}Io.qGT|!= \ No newline at end of file diff --git a/secrets/radicale.age b/secrets/radicale.age index d8553a7..172d31e 100644 Binary files a/secrets/radicale.age and b/secrets/radicale.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2bd9a15..5dc6b1d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,7 +1,7 @@ let # keep-sorted start desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHAnTQP77HQ/8nbf1oX7xftfKYtbH6MSh83wic0qdBy"; - laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmM4LEjGPJbcUeG5363NpB3XJUyn/4B+eBCFzzuC/Td"; + laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeu5HwuRayiXIZE35AxX6PmxHxbXZ8NTlTgHrcPwhcQ"; srv = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeV0NxqIGIXXgLYE6ntkHE4PARceZBp1FTI7kKLBbk8"; # keep-sorted end @@ -15,31 +15,31 @@ let in { # keep-sorted start - "borgbackup-offsite.age".publicKeys = users; - "borgbackup-onsite.age".publicKeys = users; - "copyparty.age".publicKeys = users; - "gatus.age".publicKeys = users; - "git_signing_key.age".publicKeys = users; - "git_signing_key.pub.age".publicKeys = users; + "bazarr.age".publicKeys = users; + "borgmatic-pg.age".publicKeys = users; + "borgmatic.age".publicKeys = users; + "copyparty-will.age".publicKeys = users; + "firefly-db.age".publicKeys = users; + "firefly.age".publicKeys = users; "immich.age".publicKeys = users; "jellyfin.age".publicKeys = users; + "karakeep.age".publicKeys = users; "kavita-api.age".publicKeys = users; "kavita.age".publicKeys = users; "lidarr.age".publicKeys = users; - "mealie.age".publicKeys = users; "miniflux-creds.age".publicKeys = users; - "ntfy.age".publicKeys = users; "nzbget.age".publicKeys = users; "paperless.age".publicKeys = users; "porkbun-api.age".publicKeys = users; "protonmail-cert.age".publicKeys = users; "protonmail-desktop-password.age".publicKeys = users; + "protonmail-laptop-password.age".publicKeys = users; "prowlarr.age".publicKeys = users; "radarr.age".publicKeys = users; "radicale.age".publicKeys = users; "readarr.age".publicKeys = users; "sonarr.age".publicKeys = users; - "subtitles.age".publicKeys = users; + "upbank2firefly.age".publicKeys = users; "vaultwarden-admin.age".publicKeys = users; # keep-sorted end } diff --git a/secrets/subtitles.age b/secrets/subtitles.age deleted file mode 100644 index 11a88e5..0000000 Binary files a/secrets/subtitles.age and /dev/null differ