diff --git a/flake.lock b/flake.lock index 9a05571..358544d 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -29,11 +29,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1760897985, - "narHash": "sha256-omBsQXwVWw+QmXo9T4Nazv2xcMEQ9VjB/61tnV3xKQQ=", + "lastModified": 1772965444, + "narHash": "sha256-VjcI4CozsowxGkZBzxQ6LYe49e9T1qfT1BzNrnc96y0=", "owner": "9001", "repo": "copyparty", - "rev": "547a7ab1cc7777f3452f441628339850511c8563", + "rev": "981a7cd9dda0acedbc7f53b2c44adb241c38cb84", "type": "github" }, "original": { @@ -64,7 +64,62 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nix-citizen", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -72,11 +127,32 @@ ] }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -100,21 +176,48 @@ "type": "github" } }, - "flake-utils_2": { + "git-hooks": { "inputs": { - "systems": "systems_2" + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nix-gaming", + "nixpkgs" + ] }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nix-gaming", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", "type": "github" } }, @@ -146,11 +249,11 @@ ] }, "locked": { - "lastModified": 1761005073, - "narHash": "sha256-r6qbieh8iC1q1eCaWv15f4UIp8SeGffwswhNSA1Qk3s=", + "lastModified": 1772985285, + "narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=", "owner": "nix-community", "repo": "home-manager", - "rev": "84e1adb0cdd13f5f29886091c7234365e12b1e7f", + "rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85", "type": "github" }, "original": { @@ -159,52 +262,69 @@ "type": "github" } }, - "home-manager_3": { + "nix-citizen": { "inputs": { - "nixpkgs": [ - "zen-browser", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1752603129, - "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "ixx": { - "inputs": { - "flake-utils": [ - "nixvim", - "nuschtosSearch", - "flake-utils" + "flake-parts": "flake-parts", + "nix-gaming": [ + "nix-gaming" ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_2", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1772840927, + "narHash": "sha256-WdIuEJpH7eUP3ya8laJAYf71WilE4x7xetgMferL5Ko=", + "owner": "LovingMelody", + "repo": "nix-citizen", + "rev": "73c8d04ba69fb0bb5c4521c4b91a930a0ce283a5", + "type": "github" + }, + "original": { + "owner": "LovingMelody", + "repo": "nix-citizen", + "type": "github" + } + }, + "nix-gaming": { + "inputs": { + "flake-parts": "flake-parts_2", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1772937574, + "narHash": "sha256-Yw1tP/ASebNYuW2GcYDTgWf2Mg9qcUYo6MTagXyeFCs=", + "owner": "fufexan", + "repo": "nix-gaming", + "rev": "d2b0b283deb24cdbb2750e658fa7001fee5ad586", + "type": "github" + }, + "original": { + "owner": "fufexan", + "repo": "nix-gaming", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { "nixpkgs": [ - "nixvim", - "nuschtosSearch", + "nix-citizen", "nixpkgs" ] }, "locked": { - "lastModified": 1754860581, - "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", - "owner": "NuschtOS", - "repo": "ixx", - "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "lastModified": 1737420293, + "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", "type": "github" }, "original": { - "owner": "NuschtOS", - "ref": "v0.1.1", - "repo": "ixx", + "owner": "nix-community", + "repo": "nix-github-actions", "type": "github" } }, @@ -223,13 +343,60 @@ "type": "indirect" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs_2": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1772624091, + "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1772736753, + "narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "917fec990948658ef1ccd07cef2a1ef060786846", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1772773019, + "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "aca4d95fce4914b3892661bcb80b8087293536c6", "type": "github" }, "original": { @@ -241,19 +408,18 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], - "nuschtosSearch": "nuschtosSearch", "systems": "systems_3" }, "locked": { - "lastModified": 1760960598, - "narHash": "sha256-UP1v+sEkHuvD2+qyhxbkQpBR+dl9U0ljml3/dMI2jeU=", + "lastModified": 1772402258, + "narHash": "sha256-3DmCFOdmbkFML1/G9gj8Wb+rCCZFPOQtNoMCpqOF8SA=", "owner": "nix-community", "repo": "nixvim", - "rev": "e3b77e803b2350b72f4d72c8f175ab0fbfe5a642", + "rev": "21ae25e13b01d3b4cdc750b5f9e7bad68b150c10", "type": "github" }, "original": { @@ -262,26 +428,24 @@ "type": "github" } }, - "nuschtosSearch": { + "nur": { "inputs": { - "flake-utils": "flake-utils_2", - "ixx": "ixx", + "flake-parts": "flake-parts_4", "nixpkgs": [ - "nixvim", "nixpkgs" ] }, "locked": { - "lastModified": 1758662783, - "narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=", - "owner": "NuschtOS", - "repo": "search", - "rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4", + "lastModified": 1772985100, + "narHash": "sha256-EXFbJvUZrElVq839MnMgJEDnyXWn84Zx+MiHcZiCQmg=", + "owner": "nix-community", + "repo": "NUR", + "rev": "407db2f6f4ba94992815f872ffce9a9d99ccc13c", "type": "github" }, "original": { - "owner": "NuschtOS", - "repo": "search", + "owner": "nix-community", + "repo": "NUR", "type": "github" } }, @@ -290,9 +454,11 @@ "agenix": "agenix", "copyparty": "copyparty", "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_2", + "nix-citizen": "nix-citizen", + "nix-gaming": "nix-gaming", + "nixpkgs": "nixpkgs_4", "nixvim": "nixvim", - "zen-browser": "zen-browser" + "nur": "nur" } }, "systems": { @@ -340,24 +506,24 @@ "type": "github" } }, - "zen-browser": { + "treefmt-nix": { "inputs": { - "home-manager": "home-manager_3", "nixpkgs": [ + "nix-citizen", "nixpkgs" ] }, "locked": { - "lastModified": 1761020606, - "narHash": "sha256-XdDpTJHjFqZJ3ss6xzTWYyi3PEObX2fs+kW0Wg/rNDk=", - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "rev": "637cb6167da4dbf8ef7f5a50e69933c4f9796095", + "lastModified": 1772660329, + "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "3710e0e1218041bbad640352a0440114b1e10428", "type": "github" }, "original": { - "owner": "0xc000022070", - "repo": "zen-browser-flake", + "owner": "numtide", + "repo": "treefmt-nix", "type": "github" } } diff --git a/flake.nix b/flake.nix index 9cb806e..4ce9e45 100644 --- a/flake.nix +++ b/flake.nix @@ -12,24 +12,36 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + nix-citizen = { + url = "github:LovingMelody/nix-citizen"; + inputs.nix-gaming.follows = "nix-gaming"; + }; + nix-gaming.url = "github:fufexan/nix-gaming"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixvim = { url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; }; - zen-browser = { - url = "github:0xc000022070/zen-browser-flake"; + nur = { + url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "nixpkgs"; }; + # zen-browser = { + # url = "github:0xc000022070/zen-browser-flake"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # keep-sorted end }; outputs = { - nixpkgs, - home-manager, + # keep-sorted start agenix, - zen-browser, + home-manager, + nixpkgs, + nur, + # zen-browser, + # keep-sorted end ... }@inputs: let @@ -45,17 +57,24 @@ nixpkgs.lib.nixosSystem { modules = [ ./hosts/${hostName}/configuration.nix + nur.modules.nixos.default home-manager.nixosModules.home-manager { home-manager = { users.${userName}.imports = [ ./hosts/${hostName}/home.nix agenix.homeManagerModules.default - zen-browser.homeModules.twilight + # zen-browser.homeModules.twilight ]; backupFileExtension = "backup"; extraSpecialArgs = { - inherit userName hostName util; + inherit + inputs + hostName + userName + system + util + ; }; useGlobalPkgs = true; useUserPackages = true; diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 80046ef..2ae8322 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -19,12 +19,14 @@ "gaming" "link2c" "plasma" + "star-citizen" # keep-sorted end ]) ++ (util.toImports ../../modules/nixos/bundles [ # keep-sorted start "desktop" "dev" + "gui" # keep-sorted end ]); @@ -37,8 +39,6 @@ system.stateVersion = "24.11"; - i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8"; - users.users.${userName} = { extraGroups = [ # keep-sorted start diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index 67a1c36..b745929 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -13,6 +13,7 @@ # keep-sorted start "desktop" "dev" + "gui" # keep-sorted end ]); diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index d85226d..7788ef5 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -23,15 +23,13 @@ # keep-sorted start "desktop" "dev" + "gui" # keep-sorted end ]); - boot.initrd.luks.devices."luks-a7726a9d-535f-44bc-9c0e-adc501fad371".device = - "/dev/disk/by-uuid/a7726a9d-535f-44bc-9c0e-adc501fad371"; + boot.initrd.luks.devices."luks-c2f5123c-0be0-4357-b383-b3f422e99a34".device = "/dev/disk/by-uuid/c2f5123c-0be0-4357-b383-b3f422e99a34"; - system.stateVersion = "24.11"; - - i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8"; + system.stateVersion = "25.05"; users.users.${userName} = { extraGroups = [ diff --git a/hosts/laptop/hardware-configuration.nix b/hosts/laptop/hardware-configuration.nix index 359872d..9530183 100644 --- a/hosts/laptop/hardware-configuration.nix +++ b/hosts/laptop/hardware-configuration.nix @@ -14,20 +14,20 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/b772799b-5434-4d5e-b0f9-ab425e36b9a1"; + { device = "/dev/disk/by-uuid/a240787a-6cc8-4c03-8a01-742adf305b1e"; fsType = "ext4"; }; - boot.initrd.luks.devices."luks-de6f14d8-8c7e-4e77-bfe5-264a39ef0bea".device = "/dev/disk/by-uuid/de6f14d8-8c7e-4e77-bfe5-264a39ef0bea"; + boot.initrd.luks.devices."luks-f7d7a54f-d217-4260-8754-3cac7022e7d5".device = "/dev/disk/by-uuid/f7d7a54f-d217-4260-8754-3cac7022e7d5"; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3730-5237"; + { device = "/dev/disk/by-uuid/B3C9-7C0A"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; swapDevices = - [ { device = "/dev/disk/by-uuid/081de704-5e9a-4e6d-ae8d-df492d0f662c"; } + [ { device = "/dev/disk/by-uuid/b07c858a-2bd7-4b9a-aec3-3f9593c461c9"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/hosts/laptop/home.nix b/hosts/laptop/home.nix index 2fc7f29..1de2aff 100644 --- a/hosts/laptop/home.nix +++ b/hosts/laptop/home.nix @@ -13,6 +13,7 @@ # keep-sorted start "desktop" "dev" + "gui" # keep-sorted end ]); diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 8854a0d..9593963 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -15,7 +15,7 @@ ] ++ (util.toImports ../../modules/nixos/features [ # keep-sorted start - "borgmatic" + "borgbackup" "intel-gpu" # keep-sorted end ]) @@ -23,13 +23,27 @@ "server" ]); - networking.hostName = "${hostName}"; + # external drive + services.udisks2.enable = true; + fileSystems."/mnt/external" = { + device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e"; + fsType = "ext4"; + options = [ + "nofail" + ]; + }; + + networking = { + hostName = "${hostName}"; + firewall.interfaces."enp2s0".allowedTCPPorts = [ + 80 + 443 + ]; + }; # hardened openssh services.openssh = { - passwordAuthentication = false; - allowSFTP = false; - challengeResponseAuthentication = false; + allowSFTP = false; extraConfig = '' AllowTcpForwarding yes X11Forwarding no @@ -37,6 +51,10 @@ AllowStreamLocalForwarding no AuthenticationMethods publickey ''; + settings = { + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + }; }; system.stateVersion = "24.11"; diff --git a/modules/home-manager/bundles/desktop.nix b/modules/home-manager/bundles/desktop.nix index 0867706..9287ba2 100644 --- a/modules/home-manager/bundles/desktop.nix +++ b/modules/home-manager/bundles/desktop.nix @@ -6,11 +6,8 @@ imports = util.toImports ../features [ # keep-sorted start "aerc" - "kitty" "mail" - "obsidian" "zellij" - "zen-browser" # keep-sorted end ]; } diff --git a/modules/home-manager/bundles/dev.nix b/modules/home-manager/bundles/dev.nix index 817db50..8b0003b 100644 --- a/modules/home-manager/bundles/dev.nix +++ b/modules/home-manager/bundles/dev.nix @@ -4,6 +4,8 @@ }: { imports = util.toImports ../features [ - "zed-editor" + # keep-sorted start + "direnv" + # keep-sorted end ]; } diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix new file mode 100644 index 0000000..0d4ec42 --- /dev/null +++ b/modules/home-manager/bundles/gui.nix @@ -0,0 +1,14 @@ +{ + util, + ... +}: +{ + imports = util.toImports ../features [ + # keep-sorted start + "alacritty" + "librewolf" + "obsidian" + # "zen-browser" + # keep-sorted end + ]; +} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix index 119520d..eed9e76 100644 --- a/modules/home-manager/default.nix +++ b/modules/home-manager/default.nix @@ -6,14 +6,15 @@ imports = util.toImports ./features [ # keep-sorted start "agenix" + "bash" "bat" + "bottom" "delta" - "direnv" "eza" - "fish" - "gh" + "fd" "git" "lazygit" + "shell-aliases" "starship" "yazi" "zoxide" diff --git a/modules/home-manager/features/aerc.nix b/modules/home-manager/features/aerc.nix index 7debd0a..8b114ff 100644 --- a/modules/home-manager/features/aerc.nix +++ b/modules/home-manager/features/aerc.nix @@ -49,11 +49,11 @@ D = ":move Trash"; G = ":select -1"; H = ":collapse-folder"; + I = ":read"; J = ":next-folder "; K = ":prev-folder"; L = ":expand-folder"; N = ":prev-result"; - R = ":read"; Rq = ":reply -q"; Rr = ":reply"; T = ":toggle-threads"; diff --git a/modules/home-manager/features/alacritty.nix b/modules/home-manager/features/alacritty.nix new file mode 100644 index 0000000..2c9fc5d --- /dev/null +++ b/modules/home-manager/features/alacritty.nix @@ -0,0 +1,27 @@ +{ + # keep-sorted start + lib, + pkgs, + # keep-sorted end + ... +}: +{ + programs.alacritty = { + enable = true; + settings = { + font = { + normal = { + family = "JetBrainsMono Nerd Font"; + style = "Regular"; + }; + size = 13; + }; + window.startup_mode = "Maximized"; + terminal.shell = { + program = "${lib.getExe pkgs.zellij}"; + args = [ "-l=welcome" ]; + }; + }; + theme = "catppuccin_mocha"; + }; +} diff --git a/modules/home-manager/features/bash.nix b/modules/home-manager/features/bash.nix new file mode 100644 index 0000000..4f7de2a --- /dev/null +++ b/modules/home-manager/features/bash.nix @@ -0,0 +1,4 @@ +{ + home.shell.enableBashIntegration = true; + programs.bash.enable = true; +} diff --git a/modules/home-manager/features/bottom.nix b/modules/home-manager/features/bottom.nix new file mode 100644 index 0000000..f339706 --- /dev/null +++ b/modules/home-manager/features/bottom.nix @@ -0,0 +1,78 @@ +{ + programs.bottom = { + enable = true; + settings = { + flags = { + group_processes = true; + process_memory_as_value = true; + }; + styles = { + cpu = { + all_entry_color = "#f5e0dc"; + avg_entry_color = "#eba0ac"; + cpu_core_colors = [ + "#f38ba8" + "#fab387" + "#f9e2af" + "#a6e3a1" + "#74c7ec" + "#cba6f7" + ]; + }; + memory = { + ram_color = "#a6e3a1"; + cache_color = "#f38ba8"; + swap_color = "#fab387"; + gpu_colors = [ + "#74c7ec" + "#cba6f7" + "#f38ba8" + "#fab387" + "#f9e2af" + "#a6e3a1" + ]; + arc_color = "#89dceb"; + }; + network = { + rx_color = "#a6e3a1"; + tx_color = "#f38ba8"; + rx_total_color = "#89dceb"; + tx_total_color = "#a6e3a1"; + }; + battery = { + high_battery_color = "#a6e3a1"; + medium_battery_color = "#f9e2af"; + low_battery_color = "#f38ba8"; + }; + tables = { + headers = { + color = "#f5e0dc"; + }; + }; + graphs = { + graph_color = "#a6adc8"; + legend_text = { + color = "#a6adc8"; + }; + }; + widgets = { + border_color = "#585b70"; + selected_border_color = "#f5c2e7"; + widget_title = { + color = "#f2cdcd"; + }; + text = { + color = "#cdd6f4"; + }; + selected_text = { + color = "#11111b"; + bg_color = "#cba6f7"; + }; + disabled_text = { + color = "#1e1e2e"; + }; + }; + }; + }; + }; +} diff --git a/modules/home-manager/features/fd.nix b/modules/home-manager/features/fd.nix new file mode 100644 index 0000000..b46e74c --- /dev/null +++ b/modules/home-manager/features/fd.nix @@ -0,0 +1,6 @@ +{ + programs.fd = { + enable = true; + hidden = true; + }; +} diff --git a/modules/home-manager/features/firefox.nix b/modules/home-manager/features/firefox.nix new file mode 100644 index 0000000..b0c16b3 --- /dev/null +++ b/modules/home-manager/features/firefox.nix @@ -0,0 +1,254 @@ +{ + pkgs, + ... +}: +{ + programs.firefox = { + enable = true; + languagePacks = [ "en-GB" ]; + profiles.will = { + settings = { + # keep-sorted start + "browser.aboutwelcome.enabled" = false; + "browser.bookmarks.addedImportButton" = false; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.download.useDownloadDir" = true; + "browser.newtabpage.enabled" = false; + "browser.safebrowsing.downloads.enabled" = false; + "browser.safebrowsing.malware.enabled" = false; + "browser.safebrowsing.phishing.enabled" = false; + "browser.safebrowsing.remote.block_potentially_unwanted" = false; + "browser.safebrowsing.remote.block_uncommon" = false; + "browser.search.suggest.enabled" = false; + "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; + "browser.startup.page" = 3; + "browser.tabs.groups.smart.userEnabled" = false; + "browser.tabs.warnOnClose" = true; + "browser.tabs.warnOnOpen" = false; + "browser.toolbars.bookmarks.visibility" = "never"; + "browser.urlbar.suggest.searches" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.usage.uploadEnabled" = false; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_ever_enabled" = true; + "extensions.formautofill.creditCards.enabled" = false; + "general.autoScroll" = true; + "intl.locale.requested" = "en-GB"; + "network.trr.mode" = 3; + "network.trr.uri" = "https://firefox.dns.nextdns.io/"; + "privacy.annotate_channels.strict_list.enabled" = true; + "privacy.bounceTrackingProtection.mode" = 1; + "privacy.fingerprintingProtection" = true; + "privacy.globalprivacycontrol.enabled" = true; + "privacy.globalprivacycontrol.was_ever_enabled" = true; + "privacy.history.custom" = false; + "privacy.query_stripping.enabled " = true; + "privacy.query_stripping.enabled.pbmode" = true; + "privacy.sanitize.sanitizeOnShutdown" = false; + "privacy.trackingprotection.allow_list.baseline.enabled" = true; + "privacy.trackingprotection.allow_list.convenience.enabled" = false; + "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; + "privacy.trackingprotection.emailtracking.enabled" = true; + "privacy.trackingprotection.enabled" = true; + "privacy.trackingprotection.socialtracking.enabled" = true; + "services.sync.engine.passwords" = false; + "sidebar.main.tools" = "syncedtabs,history,bookmarks"; + "sidebar.new-sidebar.has-used" = true; + "sidebar.position_start" = false; + "sidebar.revamp" = true; + "sidebar.verticalTabs" = true; + "sidebar.verticalTabs.dragToPinPromo.dismissed" = true; + "signon.autofillForms" = false; + "signon.firefoxRelay.feature" = "disabled"; + "signon.generation.enabled" = false; + "signon.management.page.breach-alerts.enabled" = false; + "signon.rememberSignons" = false; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + # keep-sorted end + }; + search = { + default = "ddg"; + privateDefault = "ddg"; + engines = { }; + order = [ ]; + force = true; + }; + extensions = { + force = true; + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + # keep-sorted start sticky_comments=no + # detect-cloudflare + bitwarden + dearrow + nixpkgs-pr-tracker + react-devtools + return-youtube-dislikes + sponsorblock + ublock-origin + # keep-sorted end + ]; + settings = { + # keep-sorted start block=yes + # sponsorblock + "sponsorBlocker@ajay.app".settings = { + hideSegmentCreationInPopup = false; + autoSkipOnMusicVideosUpdate = true; + changeChapterColor = true; + autoSkipOnMusicVideos = false; + hideVideoPlayerControls = false; + useVirtualTime = true; + categoryPillColors = { }; + payments = { + chaptersAllowed = false; + freeAccess = false; + lastCheck = 0; + lastFreeCheck = 0; + licenseKey = null; + }; + allowExpirements = true; + allowScrollingToEdit = true; + audioNotificationOnSkip = false; + autoHideInfoButton = true; + categoryPillUpdate = true; + chapterCategoryAdded = true; + checkForUnlistedVideos = false; + cleanPopup = false; + darkMode = true; + deArrowInstalled = true; + defaultCategory = "chooseACategory"; + disableSkipping = false; + donateClicked = 0; + dontShowNotice = false; + forceChannelCheck = false; + fullVideoLabelsOnThumbnails = true; + fullVideoSegments = true; + hideDeleteButtonPlayerControls = false; + hideDiscordLaunches = 0; + hideDiscordLink = false; + hideInfoButtonPlayerControls = false; + hideSkipButtonPlayerControls = false; + hideUploadButtonPlayerControls = false; + categorySelections = [ + { + name = "sponsor"; + option = 2; + } + { + name = "poi_highlight"; + option = 1; + } + { + name = "exclusive_access"; + option = 0; + } + { + name = "chapter"; + option = 0; + } + { + name = "selfpromo"; + option = 1; + } + { + name = "interaction"; + option = 1; + } + { + name = "intro"; + option = 1; + } + { + name = "outro"; + option = 1; + } + { + name = "preview"; + option = 1; + } + { + name = "filler"; + option = 1; + } + { + name = "music_offtopic"; + option = 2; + } + { + name = "hook"; + option = 1; + } + ]; + manualSkipOnFullVideo = false; + minDuration = 0; + isVip = false; + muteSegments = false; + noticeVisibilityMode = 3; + renderSegmentsAsChapters = false; + scrollToEditTimeUpdate = false; + serverAddress = "https://sponsor.ajay.app"; + showAutogeneratedChapters = false; + showCategoryGuidelines = true; + showCategoryWithoutPermission = false; + showChapterInfoMessage = true; + showDeArrowInSettings = true; + showDeArrowPromotion = true; + showDonationLink = false; + showNewFeaturePopups = false; + showSegmentFailedToFetchWarning = true; + showSegmentNameInChapterBar = true; + showTimeWithSkips = true; + showUpcomingNotice = false; + showUpsells = false; + minutesSaved = 67.630516; + shownDeArrowPromotion = false; + showZoomToFillError2 = false; + skipNoticeDuration = 4; + sponsorTimesContributed = 0; + testingServer = false; + trackDownvotes = false; + trackDownvotesInPrivate = false; + trackViewCount = false; + trackViewCountInPrivate = false; + ytInfoPermissionGranted = false; + skipNonMusicOnlyOnYoutubeMusic = false; + hookUpdate = false; + permissions = { + sponsor = true; + selfpromo = true; + exclusive_access = true; + interaction = true; + intro = true; + outro = true; + preview = true; + hook = true; + music_offtopic = true; + filler = true; + poi_highlight = true; + chapter = false; + }; + segmentListDefaultTab = 0; + prideTheme = false; + }; + # ublock-origin + "uBlock0@raymondhill.net".settings = { + advancedUserEnabled = true; + selectedFilterLists = [ + "user-filters" + "ublock-filters" + "ublock-badware" + "ublock-privacy" + "ublock-quick-fixes" + "ublock-unbreak" + "easylist" + "easyprivacy" + "adguard-spyware-url" + "urlhaus-1" + "plowe-0" + ]; + }; + # keep-sorted end + }; + }; + }; + }; +} diff --git a/modules/home-manager/features/fish.nix b/modules/home-manager/features/fish.nix index 8b38bbc..4c8e865 100644 --- a/modules/home-manager/features/fish.nix +++ b/modules/home-manager/features/fish.nix @@ -9,30 +9,6 @@ interactiveShellInit = '' set fish_greeting ''; - shellAliases = { - # keep-sorted start - cat = "bat"; - # cd = "j"; - cut = "choose"; - df = "duf"; - du = "dua"; - # find = "fd"; - g = "lazygit"; - l = "eza"; - la = "eza -a"; - ls = "eza"; - ns = "nh os switch"; - # curl = "xh"; - ping = "gping"; - ps = "procs"; - # sed = "sd"; - # grep = "rga"; - top = "btm"; - unzip = "ripunzip"; - vi = "nvim"; - vim = "nvim"; - # keep-sorted end - }; plugins = [ # INFO: Using this to get shell completion for programs added to the path through nix+direnv. # Issue to upstream into direnv:Add commentMore actions diff --git a/modules/home-manager/features/git.nix b/modules/home-manager/features/git.nix index 2ee75a1..7be9e6c 100644 --- a/modules/home-manager/features/git.nix +++ b/modules/home-manager/features/git.nix @@ -1,15 +1,12 @@ +{ + userName, + ... +}: { programs.git = { enable = true; settings = { - init.defaultBranch = "main"; - core.editor = "nvim"; - push.autoSetupRemote = true; - pull.rebase = false; - user = { - name = "wi11-holdsworth"; - email = "83637728+wi11-holdsworth@users.noreply.github.com"; - }; + # keep-sorted start block=yes aliases = { # keep-sorted start a = "add"; @@ -30,6 +27,20 @@ s = "status -s"; # keep-sorted end }; + core.editor = "nvim"; + init.defaultBranch = "main"; + pull.rebase = true; + push.autoSetupRemote = true; + user = { + name = "Will Holdsworth"; + email = "me@fi33.buzz"; + }; + # keep-sorted end + }; + signing = { + key = "/home/${userName}/.ssh/git_signature.pub"; + format = "ssh"; + signByDefault = true; }; }; } diff --git a/modules/home-manager/features/lazygit.nix b/modules/home-manager/features/lazygit.nix index e4938bf..6672936 100644 --- a/modules/home-manager/features/lazygit.nix +++ b/modules/home-manager/features/lazygit.nix @@ -5,6 +5,7 @@ programs.lazygit = { enable = true; settings = { + git.overrideGpg = true; log = { localBranchSortOrder = "recency"; remoteBranchSortOrder = "recency"; diff --git a/modules/home-manager/features/librewolf.nix b/modules/home-manager/features/librewolf.nix new file mode 100644 index 0000000..31a34b2 --- /dev/null +++ b/modules/home-manager/features/librewolf.nix @@ -0,0 +1,255 @@ +{ + pkgs, + ... +}: +{ + programs.librewolf = { + enable = true; + languagePacks = [ "en-GB" ]; + profiles.will = { + settings = { + # keep-sorted start + "browser.aboutwelcome.enabled" = false; + "browser.bookmarks.addedImportButton" = false; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.download.useDownloadDir" = true; + "browser.newtabpage.enabled" = false; + "browser.safebrowsing.downloads.enabled" = false; + "browser.safebrowsing.malware.enabled" = false; + "browser.safebrowsing.phishing.enabled" = false; + "browser.safebrowsing.remote.block_potentially_unwanted" = false; + "browser.safebrowsing.remote.block_uncommon" = false; + "browser.search.suggest.enabled" = false; + "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; + "browser.startup.page" = 3; + "browser.tabs.groups.smart.userEnabled" = false; + "browser.tabs.warnOnClose" = true; + "browser.tabs.warnOnOpen" = false; + "browser.toolbars.bookmarks.visibility" = "never"; + "browser.urlbar.suggest.searches" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.usage.uploadEnabled" = false; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_ever_enabled" = true; + "extensions.formautofill.creditCards.enabled" = false; + "general.autoScroll" = true; + "identity.fxaccounts.enabled" = true; + "intl.locale.requested" = "en-GB"; + "network.trr.mode" = 3; + "network.trr.uri" = "https://firefox.dns.nextdns.io/"; + "privacy.annotate_channels.strict_list.enabled" = true; + "privacy.bounceTrackingProtection.mode" = 1; + "privacy.fingerprintingProtection" = true; + "privacy.globalprivacycontrol.enabled" = true; + "privacy.globalprivacycontrol.was_ever_enabled" = true; + "privacy.history.custom" = false; + "privacy.query_stripping.enabled " = true; + "privacy.query_stripping.enabled.pbmode" = true; + "privacy.sanitize.sanitizeOnShutdown" = false; + "privacy.trackingprotection.allow_list.baseline.enabled" = true; + "privacy.trackingprotection.allow_list.convenience.enabled" = false; + "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; + "privacy.trackingprotection.emailtracking.enabled" = true; + "privacy.trackingprotection.enabled" = true; + "privacy.trackingprotection.socialtracking.enabled" = true; + "services.sync.engine.passwords" = false; + "sidebar.main.tools" = "syncedtabs,history,bookmarks"; + "sidebar.new-sidebar.has-used" = true; + "sidebar.position_start" = false; + "sidebar.revamp" = true; + "sidebar.verticalTabs" = true; + "sidebar.verticalTabs.dragToPinPromo.dismissed" = true; + "signon.autofillForms" = false; + "signon.firefoxRelay.feature" = "disabled"; + "signon.generation.enabled" = false; + "signon.management.page.breach-alerts.enabled" = false; + "signon.rememberSignons" = false; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + # keep-sorted end + }; + search = { + default = "ddg"; + privateDefault = "ddg"; + engines = { }; + order = [ ]; + force = true; + }; + extensions = { + force = true; + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + # keep-sorted start sticky_comments=no + # detect-cloudflare + bitwarden + dearrow + nixpkgs-pr-tracker + react-devtools + return-youtube-dislikes + sponsorblock + ublock-origin + # keep-sorted end + ]; + settings = { + # keep-sorted start block=yes + # sponsorblock + "sponsorBlocker@ajay.app".settings = { + hideSegmentCreationInPopup = false; + autoSkipOnMusicVideosUpdate = true; + changeChapterColor = true; + autoSkipOnMusicVideos = false; + hideVideoPlayerControls = false; + useVirtualTime = true; + categoryPillColors = { }; + payments = { + chaptersAllowed = false; + freeAccess = false; + lastCheck = 0; + lastFreeCheck = 0; + licenseKey = null; + }; + allowExpirements = true; + allowScrollingToEdit = true; + audioNotificationOnSkip = false; + autoHideInfoButton = true; + categoryPillUpdate = true; + chapterCategoryAdded = true; + checkForUnlistedVideos = false; + cleanPopup = false; + darkMode = true; + deArrowInstalled = true; + defaultCategory = "chooseACategory"; + disableSkipping = false; + donateClicked = 0; + dontShowNotice = false; + forceChannelCheck = false; + fullVideoLabelsOnThumbnails = true; + fullVideoSegments = true; + hideDeleteButtonPlayerControls = false; + hideDiscordLaunches = 0; + hideDiscordLink = false; + hideInfoButtonPlayerControls = false; + hideSkipButtonPlayerControls = false; + hideUploadButtonPlayerControls = false; + categorySelections = [ + { + name = "sponsor"; + option = 2; + } + { + name = "poi_highlight"; + option = 1; + } + { + name = "exclusive_access"; + option = 0; + } + { + name = "chapter"; + option = 0; + } + { + name = "selfpromo"; + option = 1; + } + { + name = "interaction"; + option = 1; + } + { + name = "intro"; + option = 1; + } + { + name = "outro"; + option = 1; + } + { + name = "preview"; + option = 1; + } + { + name = "filler"; + option = 1; + } + { + name = "music_offtopic"; + option = 2; + } + { + name = "hook"; + option = 1; + } + ]; + manualSkipOnFullVideo = false; + minDuration = 0; + isVip = false; + muteSegments = false; + noticeVisibilityMode = 3; + renderSegmentsAsChapters = false; + scrollToEditTimeUpdate = false; + serverAddress = "https://sponsor.ajay.app"; + showAutogeneratedChapters = false; + showCategoryGuidelines = true; + showCategoryWithoutPermission = false; + showChapterInfoMessage = true; + showDeArrowInSettings = true; + showDeArrowPromotion = true; + showDonationLink = false; + showNewFeaturePopups = false; + showSegmentFailedToFetchWarning = true; + showSegmentNameInChapterBar = true; + showTimeWithSkips = true; + showUpcomingNotice = false; + showUpsells = false; + minutesSaved = 67.630516; + shownDeArrowPromotion = false; + showZoomToFillError2 = false; + skipNoticeDuration = 4; + sponsorTimesContributed = 0; + testingServer = false; + trackDownvotes = false; + trackDownvotesInPrivate = false; + trackViewCount = false; + trackViewCountInPrivate = false; + ytInfoPermissionGranted = false; + skipNonMusicOnlyOnYoutubeMusic = false; + hookUpdate = false; + permissions = { + sponsor = true; + selfpromo = true; + exclusive_access = true; + interaction = true; + intro = true; + outro = true; + preview = true; + hook = true; + music_offtopic = true; + filler = true; + poi_highlight = true; + chapter = false; + }; + segmentListDefaultTab = 0; + prideTheme = false; + }; + # ublock-origin + "uBlock0@raymondhill.net".settings = { + advancedUserEnabled = true; + selectedFilterLists = [ + "user-filters" + "ublock-filters" + "ublock-badware" + "ublock-privacy" + "ublock-quick-fixes" + "ublock-unbreak" + "easylist" + "easyprivacy" + "adguard-spyware-url" + "urlhaus-1" + "plowe-0" + ]; + }; + # keep-sorted end + }; + }; + }; + }; +} diff --git a/modules/home-manager/features/shell-aliases.nix b/modules/home-manager/features/shell-aliases.nix new file mode 100644 index 0000000..0c78ca6 --- /dev/null +++ b/modules/home-manager/features/shell-aliases.nix @@ -0,0 +1,27 @@ +{ + home.shellAliases = { + # keep-sorted start + ",cat" = "bat"; + ",curl" = "xh"; + ",cut" = "choose"; + ",df" = "duf"; + ",diff" = "delta"; + ",du" = "dua"; + ",find" = "fd"; + ",grep" = "rga"; + ",ping" = "gping"; + ",ps" = "procs"; + ",sed" = "sd"; + ",ss" = "snitch"; + ",top" = "btm"; + ",unzip" = "ripunzip"; + "g" = "lazygit"; + "l" = "eza"; + "la" = "eza -a"; + "ls" = "eza"; + "ns" = "nh os switch"; + "vi" = "nvim"; + "vim" = "nvim"; + # keep-sorted end + }; +} diff --git a/modules/home-manager/features/yazi.nix b/modules/home-manager/features/yazi.nix index ed4affc..42575dd 100644 --- a/modules/home-manager/features/yazi.nix +++ b/modules/home-manager/features/yazi.nix @@ -5,6 +5,7 @@ { programs.yazi = { enable = true; + shellWrapperName = "y"; plugins = { # keep-sorted start diff = pkgs.yaziPlugins.diff; diff --git a/modules/home-manager/features/zellij.nix b/modules/home-manager/features/zellij.nix index f7222ed..43d706b 100644 --- a/modules/home-manager/features/zellij.nix +++ b/modules/home-manager/features/zellij.nix @@ -4,7 +4,6 @@ settings = { theme = "catppuccin-mocha"; show_startup_tips = false; - default_shell = "fish"; }; }; } diff --git a/modules/home-manager/features/zoxide.nix b/modules/home-manager/features/zoxide.nix index 06cb837..61faad9 100644 --- a/modules/home-manager/features/zoxide.nix +++ b/modules/home-manager/features/zoxide.nix @@ -1,7 +1,6 @@ { programs.zoxide = { enable = true; - enableBashIntegration = true; options = [ "--cmd j" ]; diff --git a/modules/nixos/bundles/desktop.nix b/modules/nixos/bundles/desktop.nix index 90debff..b5b48c2 100644 --- a/modules/nixos/bundles/desktop.nix +++ b/modules/nixos/bundles/desktop.nix @@ -1,8 +1,5 @@ { - # keep-sorted start - pkgs, util, - # keep-sorted end ... }: { @@ -13,16 +10,4 @@ "protonmail-bridge" # keep-sorted end ]; - - environment.systemPackages = with pkgs; [ - # keep-sorted start - beeper - calibre - cameractrls-gtk3 - # https://github.com/NixOS/nixpkgs/issues/437865 - # jellyfin-media-player - onlyoffice-desktopeditors - textsnatcher - # keep-sorted end - ]; } diff --git a/modules/nixos/bundles/dev.nix b/modules/nixos/bundles/dev.nix index e5c5f48..2af44dc 100644 --- a/modules/nixos/bundles/dev.nix +++ b/modules/nixos/bundles/dev.nix @@ -7,12 +7,7 @@ # keep-sorted start bacon cargo-info - devenv - just mask - rusty-man - vscode # keep-sorted end ]; - } diff --git a/modules/nixos/bundles/gui.nix b/modules/nixos/bundles/gui.nix new file mode 100644 index 0000000..9459711 --- /dev/null +++ b/modules/nixos/bundles/gui.nix @@ -0,0 +1,24 @@ +{ + # keep-sorted start + pkgs, + util, + # keep-sorted end + ... +}: +{ + imports = util.toImports ../features [ + # keep-sorted start + "fonts" + # keep-sorted end + ]; + + environment.systemPackages = with pkgs; [ + # keep-sorted start + cameractrls-gtk3 + jellyfin-desktop + libreoffice + signal-desktop + textsnatcher + # keep-sorted end + ]; +} diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 271c07b..7a9f017 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -5,27 +5,37 @@ { imports = util.toImports ../features [ # keep-sorted start + "bazarr" + "caddy" "copyparty" "couchdb" - "flaresolverr" + "cryptpad" + "fi33.buzz" + "gatus" "homepage-dashboard" "immich" "jellyfin" + "kavita" + "libretranslate" "lidarr" + "mealie" "miniflux" - "nginx" "ntfy-sh" + "nzbget" "paperless" "prowlarr" "qbittorrent" "radarr" + "radicale" + "readarr" + "send" "sonarr" - "syncthing" "vaultwarden" # keep-sorted end ]; - users.groups.media = { }; - - services.borgmatic.settings.source_directories = [ "/srv" ]; + services.borgbackup.jobs = { + onsite.paths = [ "/srv" ]; + offsite.paths = [ "/srv" ]; + }; } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index e980470..bba0af7 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -9,7 +9,6 @@ imports = util.toImports ./features [ # keep-sorted start "agenix" - "fonts" "localisation" "network" "nh" @@ -17,7 +16,6 @@ "nixvim" "syncthing" "systemd-boot" - "tailscale" # keep-sorted end ]; @@ -25,17 +23,13 @@ with pkgs; [ # keep-sorted start - bottom # top broot # large directory browser choose # cut - circumflex # hacker news browsing - cointop # crypto ticker ddgr # web search - dogdns # dns + doggo # dns dua # du duf # df epy # ebook reading - fd # find fselect # find with sql syntax fx # json processor and viewer fzf # fuzzy finder @@ -50,7 +44,7 @@ nb # note taking nil # nix language server nixd # nix language server - nixfmt-rfc-style # nix file formatting + nixfmt # nix file formatting nom # stylistic nix dependency graphs pastel # colour generation pdd # datetime calculations @@ -62,10 +56,11 @@ ripunzip # unzip sd # sed slides # presentations + snitch # netstat ticker # stock ticker tldr # cheat sheets tmpmail # temporary email address - topydo # todo.txt helper tool + # topydo # todo.txt helper tool tt # typing test wtfutil # terminal homepage xh # curl diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix new file mode 100644 index 0000000..a121fa5 --- /dev/null +++ b/modules/nixos/features/bazarr.nix @@ -0,0 +1,38 @@ +let + port = 5017; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "subtitles.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + bazarr = { + enable = true; + dataDir = "/srv/bazarr"; + group = "srv"; + listenPort = port; + }; + + gatus.settings.endpoints = [ + { + name = "Bazarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} diff --git a/modules/nixos/features/borgbackup.nix b/modules/nixos/features/borgbackup.nix new file mode 100644 index 0000000..c30799a --- /dev/null +++ b/modules/nixos/features/borgbackup.nix @@ -0,0 +1,57 @@ +{ + config, + pkgs, + ... +}: +let + jobConfig = { + compression = "auto,zlib"; + doInit = false; + preHook = '' + /run/wrappers/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dumpall > /srv/backup/database/postgres/dump.sql + ''; + postHook = '' + rm /srv/backup/database/postgres/dump.sql + ''; + prune.keep = { + daily = 7; + weekly = 4; + monthly = 6; + yearly = 1; + }; + readWritePaths = [ + "/srv/backup" + ]; + startAt = "*-*-* 03:00:00"; + extraCreateArgs = [ "-v" ]; + }; +in +{ + services.borgbackup = { + jobs = { + onsite = { + encryption = { + passCommand = "cat ${config.age.secrets.borgbackup-onsite.path}"; + mode = "repokey-blake2"; + }; + removableDevice = true; + repo = "/mnt/external/backup/take2"; + } + // jobConfig; + offsite = { + encryption = { + passCommand = "cat ${config.age.secrets.borgbackup-offsite.path}"; + mode = "repokey-blake2"; + }; + environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519"; + repo = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; + } + // jobConfig; + }; + }; + + age.secrets = { + borgbackup-onsite.file = ../../../secrets/borgbackup-onsite.age; + borgbackup-offsite.file = ../../../secrets/borgbackup-offsite.age; + }; +} diff --git a/modules/nixos/features/borgmatic.nix b/modules/nixos/features/borgmatic.nix index c0f8b9a..112eeda 100644 --- a/modules/nixos/features/borgmatic.nix +++ b/modules/nixos/features/borgmatic.nix @@ -20,6 +20,8 @@ ntfy = { topic = "backups"; server = config.services.ntfy-sh.settings.base-url; + username = "borgmatic"; + password = "{credential file ${config.age.secrets.borgmatic-ntfy.path}}"; finish = { title = "Ping!"; message = "Your backups have succeeded :)"; @@ -35,16 +37,15 @@ "fail" ]; }; + relocated_repo_access_is_ok = true; repositories = [ { - path = "/backup/repo"; + path = "/mnt/external/backup/repo"; label = "onsite"; - # encryption = "repokey-blake2"; } { path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; label = "offsite"; - # encryption = "repokey-blake2"; } ]; retries = 3; @@ -72,16 +73,10 @@ "borgmatic-pg:${config.age.secrets.borgmatic-pg.path}" ]; - # onsite drive - services.udisks2.enable = true; - fileSystems."/backup" = { - device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e"; - fsType = "ext4"; - }; - # secrets age.secrets = { "borgmatic".file = ../../../secrets/borgmatic.age; + "borgmatic-ntfy".file = ../../../secrets/borgmatic-ntfy.age; "borgmatic-pg".file = ../../../secrets/borgmatic-pg.age; }; } diff --git a/modules/nixos/features/caddy.nix b/modules/nixos/features/caddy.nix new file mode 100644 index 0000000..4c8978a --- /dev/null +++ b/modules/nixos/features/caddy.nix @@ -0,0 +1,29 @@ +{ + config, + ... +}: +{ + services.caddy = { + enable = true; + dataDir = "/srv/caddy"; + globalConfig = '' + auto_https disable_redirects + ''; + openFirewall = true; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "festive-steed-fit@duck.com"; + certs."fi33.buzz" = { + group = config.services.caddy.group; + domain = "fi33.buzz"; + extraDomainNames = [ "*.fi33.buzz" ]; + dnsProvider = "porkbun"; + dnsPropagationCheck = true; + credentialsFile = config.age.secrets."porkbun-api".path; + }; + }; + + age.secrets."porkbun-api".file = ../../../secrets/porkbun-api.age; +} diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index a3b8114..1eff57b 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -2,12 +2,14 @@ # keep-sorted start config, inputs, - lib, # keep-sorted end ... }: let - port = "5000"; + port = 5000; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "files.fi33.buzz"; + url = "https://${hostname}"; in { imports = [ inputs.copyparty.nixosModules.default ]; @@ -20,30 +22,47 @@ in e2dsa = true; e2ts = true; e2vu = true; - p = lib.toInt port; + p = port; + xff-hdr = "x-forwarded-for"; + rproxy = 1; }; - accounts.will.passwordFile = config.age.secrets.copyparty-will.path; + accounts.Impatient7119.passwordFile = config.age.secrets.copyparty.path; volumes."/" = { path = "/srv/copyparty"; access = { - r = "*"; - A = [ "will" ]; + A = [ "Impatient7119" ]; }; }; }; - nginx.virtualHosts."copyparty.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + gatus.settings.endpoints = [ + { + name = "copyparty"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; # secrets - age.secrets."copyparty-will" = { - file = ../../../secrets/copyparty-will.age; + age.secrets."copyparty" = { + file = ../../../secrets/copyparty.age; owner = "copyparty"; }; diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix index 5b24367..a5edbb0 100644 --- a/modules/nixos/features/couchdb.nix +++ b/modules/nixos/features/couchdb.nix @@ -1,9 +1,8 @@ -{ - lib, - ... -}: let - port = "5984"; + port = 5984; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "couchdb.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -12,7 +11,7 @@ in databaseDir = "/srv/couchdb"; viewIndexDir = "/srv/couchdb"; configFile = "/srv/couchdb"; - port = lib.toInt port; + inherit port; extraConfig = { chttpd = { require_valid_user = true; @@ -32,16 +31,32 @@ in cors = { credentials = true; origins = '' - app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz + app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://${hostname},http://${hostname},${url} ''; }; }; }; - nginx.virtualHosts."couchdb.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + gatus.settings.endpoints = [ + { + name = "CouchDB"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 401" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/cryptpad.nix b/modules/nixos/features/cryptpad.nix new file mode 100644 index 0000000..be8c7ad --- /dev/null +++ b/modules/nixos/features/cryptpad.nix @@ -0,0 +1,66 @@ +let + httpPort = 5022; + websocketPort = 5024; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "cryptpad.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + cryptpad = { + enable = true; + settings = { + inherit httpPort; + inherit websocketPort; + httpUnsafeOrigin = url; + httpSafeOrigin = "https://cryptpad-ui.fi33.buzz"; + inactiveTime = 7; + archiveRetentionTime = 7; + accountRetentionTime = 7; + }; + }; + + gatus.settings.endpoints = [ + { + name = "CryptPad"; + group = "Public Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts."${hostname} cryptpad-ui.fi33.buzz".extraConfig = '' + header Strict-Transport-Security "includeSubDomains; preload" + + handle /cryptpad_websocket* { + reverse_proxy localhost:${toString websocketPort} { + header_up Host {host} + header_up X-Real-IP {remote_host} + } + } + + handle { + reverse_proxy localhost:${toString httpPort} { + header_up Host {host} + header_up X-Real-IP {remote_host} + } + } + + @register { + host ${hostname} + path /register* + } + respond @register 403 + + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} diff --git a/modules/nixos/features/fi33.buzz.nix b/modules/nixos/features/fi33.buzz.nix new file mode 100644 index 0000000..947026e --- /dev/null +++ b/modules/nixos/features/fi33.buzz.nix @@ -0,0 +1,19 @@ +let + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "www.fi33.buzz"; +in +{ + # TODO why can't I serve content on fi33.buzz? dns propagation issue? + services.caddy.virtualHosts = { + "fi33.buzz".extraConfig = '' + redir https://www.fi33.buzz{uri} permanent + ''; + ${hostname}.extraConfig = '' + root * /srv/fi33.buzz/public + file_server + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} diff --git a/modules/nixos/features/firefly.nix b/modules/nixos/features/firefly.nix new file mode 100644 index 0000000..c32df14 --- /dev/null +++ b/modules/nixos/features/firefly.nix @@ -0,0 +1,50 @@ +{ + config, + ... +}: +let + certloc = "/var/lib/acme/fi33.buzz"; +in +{ + services = { + firefly-iii = { + enable = true; + dataDir = "/srv/firefly"; + group = config.services.caddy.group; + settings = { + # keep-sorted start + ALLOW_WEBHOOKS = "true"; + APP_KEY_FILE = config.age.secrets.firefly.path; + APP_URL = "https://firefly.fi33.buzz"; + DEFAULT_LANGUAGE = "en_GB"; + REPORT_ERRORS_ONLINE = "false"; + TRUSTED_PROXIES = "**"; + TZ = "Australia/Melbourne"; + # keep-sorted end + }; + }; + + caddy.virtualHosts."firefly.fi33.buzz".extraConfig = '' + root * ${config.services.firefly-iii.package}/public + php_fastcgi unix//${config.services.phpfpm.pools.firefly-iii.socket} + try_files {path} {path}/ /index.php?{query} + file_server { + index index.php + } + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; + + age.secrets = { + firefly = { + file = ../../../secrets/firefly.age; + owner = "firefly-iii"; + }; + firefly-db = { + file = ../../../secrets/firefly-db.age; + owner = "firefly-iii"; + }; + }; +} diff --git a/modules/nixos/features/flaresolverr.nix b/modules/nixos/features/flaresolverr.nix deleted file mode 100644 index 86afdcd..0000000 --- a/modules/nixos/features/flaresolverr.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - lib, - ... -}: -let - port = "5011"; -in -{ - services = { - flaresolverr = { - enable = true; - port = lib.toInt port; - }; - - nginx.virtualHosts."flaresolverr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; - }; -} diff --git a/modules/nixos/features/gaming.nix b/modules/nixos/features/gaming.nix index 0b2bd23..94c90ae 100644 --- a/modules/nixos/features/gaming.nix +++ b/modules/nixos/features/gaming.nix @@ -6,9 +6,7 @@ environment.systemPackages = with pkgs; [ # keep-sorted start heroic - lutris mangohud - nexusmods-app prismlauncher protonup-qt wine @@ -19,6 +17,7 @@ programs = { gamemode.enable = true; + gamescope.enable = true; steam = { enable = true; gamescopeSession.enable = true; @@ -31,5 +30,5 @@ }; # latest kernel - boot.kernelPackages = pkgs.linuxPackages_latest; + # boot.kernelPackages = pkgs.linuxPackages_latest; } diff --git a/modules/nixos/features/gatus.nix b/modules/nixos/features/gatus.nix new file mode 100644 index 0000000..2fe39ce --- /dev/null +++ b/modules/nixos/features/gatus.nix @@ -0,0 +1,55 @@ +{ + config, + ... +}: +let + port = 5025; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "status.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + gatus = { + enable = true; + environmentFile = config.age.secrets.gatus.path; + settings = { + alerting = { + ntfy = { + topic = "services"; + url = config.services.ntfy-sh.settings.base-url; + token = "$NTFY_TOKEN"; + click = url; + default-alert = { + description = "Health Check Failed"; + send-on-resolved = true; + }; + }; + }; + connectivity.checker = { + target = "1.1.1.1:53"; + interval = "60s"; + }; + ui = { + title = "Health Dashboard | Fi33Buzz"; + description = "Fi33Buzz health dashboard"; + dashboard-heading = ""; + dashboard-subheading = ""; + header = "Fi33Buzz Status"; + link = "https://home.fi33.buzz/"; + default-sort-by = "group"; + }; + web.port = port; + }; + }; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; + + age.secrets.gatus.file = ../../../secrets/gatus.age; +} diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index f171efe..3516600 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -7,7 +7,7 @@ ... }: let - port = "5004"; + port = 5004; genSecrets = secrets: lib.genAttrs secrets (secret: { @@ -25,65 +25,54 @@ let # keep-sorted start "immich" "jellyfin" + "kavita-api" "lidarr" + "mealie" "miniflux" + "nzbget" "paperless" "prowlarr" "radarr" + "readarr" "sonarr" + "subtitles" # keep-sorted end ]; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "home.fi33.buzz"; + url = "https://${hostname}"; in { services = { homepage-dashboard = { enable = true; - listenPort = lib.toInt port; - allowedHosts = "homepage-dashboard.fi33.buzz"; + listenPort = port; + allowedHosts = hostname; services = [ - # keep-sorted start block=yes { - "Cloud Services" = [ + "Public Services" = [ { - "copyparty" = { - "description" = "Cloud file manager"; - "icon" = "sh-copyparty.svg"; - "href" = "https://copyparty.fi33.buzz/"; + CryptPad = { + description = "Collaborative office suite"; + icon = "cryptpad.svg"; + href = "https://cryptpad.fi33.buzz/"; + siteMonitor = "https://cryptpad.fi33.buzz/"; }; } { - "CouchDB" = { - "description" = "Obsidian sync database"; - "icon" = "couchdb.svg"; - "href" = "https://couchdb.fi33.buzz/_utils/"; + LibreTranslate = { + description = "Machine Translation API"; + icon = "libretranslate.svg"; + href = "https://translate.fi33.buzz/"; + siteMonitor = "https://translate.fi33.buzz/"; }; } { - "ntfy" = { - "description" = "Notification service"; - "icon" = "ntfy.svg"; - "href" = "https://ntfy-sh.fi33.buzz/"; - }; - } - { - "Syncthing" = { - "description" = "Decentralised file synchronisation"; - "icon" = "syncthing.svg"; - "href" = "https://syncthing.fi33.buzz/"; - }; - } - { - "qBittorrent" = { - "description" = "BitTorrent client"; - "icon" = "qbittorrent.svg"; - "href" = "https://qbittorrent.fi33.buzz/"; - }; - } - { - "Vaultwarden" = { - "description" = "Password manager"; - "icon" = "vaultwarden.svg"; - "href" = "https://vaultwarden.fi33.buzz/"; + Send = { + description = "Simple, private file sharing"; + icon = "send.svg"; + href = "https://send.fi33.buzz/"; + siteMonitor = "https://send.fi33.buzz/"; }; } ]; @@ -91,173 +80,330 @@ in { "Media Management" = [ { - "Lidarr" = { - "description" = "Music collection manager"; - "icon" = "lidarr.svg"; - "href" = "https://lidarr.fi33.buzz/"; - "widget" = { - "type" = "lidarr"; - "url" = "https://lidarr.fi33.buzz/"; - "key" = "@lidarr@"; - "enableQueue" = true; + Radarr = { + description = "Movie organizer/manager"; + icon = "radarr.svg"; + href = "https://movies.fi33.buzz/"; + siteMonitor = "https://movies.fi33.buzz/"; + widget = { + type = "radarr"; + url = "https://movies.fi33.buzz/"; + key = "@radarr@"; + enableQueue = true; }; }; } { - "Prowlarr" = { - "description" = "Indexer management tool"; - "icon" = "prowlarr.svg"; - "href" = "https://prowlarr.fi33.buzz/"; - "widget" = { - "type" = "prowlarr"; - "url" = "https://prowlarr.fi33.buzz/"; - "key" = "@prowlarr@"; + Sonarr = { + description = "Smart PVR"; + icon = "sonarr.svg"; + href = "https://shows.fi33.buzz/"; + siteMonitor = "https://shows.fi33.buzz/"; + widget = { + type = "sonarr"; + url = "https://shows.fi33.buzz/"; + key = "@sonarr@"; + enableQueue = true; }; }; } { - "Radarr" = { - "description" = "Movie collection manager"; - "icon" = "radarr.svg"; - "href" = "https://radarr.fi33.buzz/"; - "widget" = { - "type" = "radarr"; - "url" = "https://radarr.fi33.buzz/"; - "key" = "@radarr@"; - "enableQueue" = true; + Lidarr = { + description = "Like Sonarr but made for music"; + icon = "lidarr.svg"; + href = "https://music.fi33.buzz/"; + siteMonitor = "https://music.fi33.buzz/"; + widget = { + type = "lidarr"; + url = "https://music.fi33.buzz/"; + key = "@lidarr@"; + enableQueue = true; }; }; } { - "Sonarr" = { - "description" = "TV show collection manager"; - "icon" = "sonarr.svg"; - "href" = "https://sonarr.fi33.buzz/"; - "widget" = { - "type" = "sonarr"; - "url" = "https://sonarr.fi33.buzz/"; - "key" = "@sonarr@"; - "enableQueue" = true; + Readarr = { + description = "Book Manager and Automation"; + icon = "readarr.svg"; + href = "https://books.fi33.buzz/"; + siteMonitor = "https://books.fi33.buzz/"; + widget = { + type = "readarr"; + url = "https://books.fi33.buzz/"; + key = "@readarr@"; + enableQueue = true; }; }; } + { + Bazarr = { + description = "Subtitle manager and downloader"; + icon = "bazarr.svg"; + href = "https://subtitles.fi33.buzz/"; + siteMonitor = "https://subtitles.fi33.buzz/"; + widget = { + type = "bazarr"; + url = "https://subtitles.fi33.buzz/"; + key = "@subtitles@"; + }; + }; + } + { + Prowlarr = { + description = "Indexer manager/proxy"; + icon = "prowlarr.svg"; + href = "https://prowlarr.fi33.buzz/"; + siteMonitor = "https://prowlarr.fi33.buzz/"; + widget = { + type = "prowlarr"; + url = "https://prowlarr.fi33.buzz/"; + key = "@prowlarr@"; + }; + }; + } + { + NZBget = { + description = "Usenet Downloader"; + icon = "nzbget.svg"; + href = "https://usenet.fi33.buzz/"; + siteMonitor = "https://usenet.fi33.buzz/"; + widget = { + type = "nzbget"; + url = "https://usenet.fi33.buzz/"; + username = "nzbget"; + password = "@nzbget@"; + }; + }; + } + { + qBittorrent = { + description = "BitTorrent client"; + icon = "qbittorrent.svg"; + href = "https://bittorrent.fi33.buzz/"; + siteMonitor = "https://bittorrent.fi33.buzz/"; + }; + } + ]; + } + { + "Private Services" = [ + { + copyparty = { + description = "Portable file server"; + icon = "sh-copyparty.svg"; + href = "https://files.fi33.buzz/"; + siteMonitor = "https://files.fi33.buzz/"; + }; + } + { + CouchDB = { + description = "Syncing database"; + icon = "couchdb.svg"; + href = "https://couchdb.fi33.buzz/_utils/"; + siteMonitor = "https://couchdb.fi33.buzz/_utils/"; + }; + } + { + Mealie = { + description = "Recipe manager and meal planner"; + icon = "mealie.svg"; + href = "https://mealie.fi33.buzz/"; + siteMonitor = "https://mealie.fi33.buzz/"; + widget = { + type = "mealie"; + url = "https://mealie.fi33.buzz/"; + version = 2; + key = "@mealie@"; + }; + }; + } + { + ntfy = { + description = "Send push notifications using PUT/POST"; + icon = "ntfy.svg"; + href = "https://notify.fi33.buzz/"; + siteMonitor = "https://notify.fi33.buzz/"; + }; + } + { + Radicale = { + description = "A simple CalDAV (calendar) and CardDAV (contact) server"; + icon = "radicale.svg"; + href = "https://caldav.fi33.buzz"; + siteMonitor = "https://caldav.fi33.buzz"; + }; + } + { + Syncthing = { + description = "Open Source Continuous File Synchronization"; + icon = "syncthing.svg"; + href = "https://sync.fi33.buzz/"; + siteMonitor = "https://sync.fi33.buzz/"; + }; + } + { + Vaultwarden = { + description = "Unofficial Bitwarden compatible server"; + icon = "vaultwarden.svg"; + href = "https://vault.fi33.buzz/"; + siteMonitor = "https://vault.fi33.buzz/"; + }; + } ]; } { "Media Streaming" = [ { - "Immich" = { - "description" = "Photo backup"; - "icon" = "immich.svg"; - "href" = "https://immich.fi33.buzz/"; - "widget" = { - "type" = "immich"; - "fields" = [ + Immich = { + description = "Photo and video management solution"; + icon = "immich.svg"; + href = "https://photos.fi33.buzz/"; + siteMonitor = "https://photos.fi33.buzz/"; + widget = { + type = "immich"; + fields = [ "users" "photos" "videos" "storage" ]; - "url" = "https://immich.fi33.buzz/"; - "version" = 2; - "key" = "@immich@"; + url = "https://photos.fi33.buzz/"; + version = 2; + key = "@immich@"; }; }; } { - "Jellyfin" = { - "description" = "Media streaming"; - "icon" = "jellyfin.svg"; - "href" = "https://jellyfin.fi33.buzz/"; - "widget" = { - "type" = "jellyfin"; - "url" = "https://jellyfin.fi33.buzz/"; - "key" = "@jellyfin@"; - "enableBlocks" = true; - "enableNowPlaying" = true; - "enableUser" = true; - "showEpisodeNumber" = true; - "expandOneStreamToTwoRows" = false; + Jellyfin = { + description = "Media System"; + icon = "jellyfin.svg"; + href = "https://media.fi33.buzz/"; + siteMonitor = "https://media.fi33.buzz/"; + widget = { + type = "jellyfin"; + url = "https://media.fi33.buzz/"; + key = "@jellyfin@"; + enableBlocks = true; + enableNowPlaying = true; + enableUser = true; + showEpisodeNumber = true; + expandOneStreamToTwoRows = false; }; }; } { - "Miniflux" = { - "description" = "RSS aggregator"; - "icon" = "miniflux.svg"; - "href" = "https://miniflux.fi33.buzz/"; - "widget" = { - "type" = "miniflux"; - "url" = "https://miniflux.fi33.buzz/"; - "key" = "@miniflux@"; + Kavita = { + description = "Reading server"; + icon = "kavita.svg"; + href = "https://library.fi33.buzz/"; + siteMonitor = "https://library.fi33.buzz/"; + widget = { + type = "kavita"; + url = "https://library.fi33.buzz/"; + key = "@kavita-api@"; }; }; } { - "Paperless" = { - "description" = "Digital filing cabinet"; - "icon" = "paperless.svg"; - "href" = "https://paperless.fi33.buzz/"; - "widget" = { - "type" = "paperlessngx"; - "url" = "https://paperless.fi33.buzz/"; - "username" = "admin"; - "password" = "@paperless@"; + Miniflux = { + description = "Feed reader"; + icon = "miniflux.svg"; + href = "https://feeds.fi33.buzz/"; + siteMonitor = "https://feeds.fi33.buzz/"; + widget = { + type = "miniflux"; + url = "https://feeds.fi33.buzz/"; + key = "@miniflux@"; + }; + }; + } + { + Paperless = { + description = "Document management system"; + icon = "paperless.svg"; + href = "https://documents.fi33.buzz/"; + siteMonitor = "https://documents.fi33.buzz/"; + widget = { + type = "paperlessngx"; + url = "https://documents.fi33.buzz/"; + username = "admin"; + password = "@paperless@"; }; }; } ]; } { - "Utilities" = [ + Utilities = [ { - "NanoKVM" = { - "description" = "Remote KVM switch"; - "icon" = "mdi-console.svg"; - "href" = "http://nano-kvm/"; + Gatus = { + description = "Status page"; + icon = "gatus.svg"; + href = "https://status.fi33.buzz/"; + siteMonitor = "https://status.fi33.buzz/"; + widget = { + type = "gatus"; + url = "https://status.fi33.buzz/"; + }; + }; + } + { + NanoKVM = { + description = "Remote KVM switch"; + icon = "mdi-console.svg"; + href = "http://nano-kvm/"; }; } ]; } - # keep-sorted end ]; settings = { title = "Mission Control"; theme = "dark"; color = "neutral"; headerStyle = "clean"; + hideVersion = true; layout = [ + { + "Public Services" = { + style = "row"; + columns = 3; + useEqualHeights = true; + }; + } + { + "Private Services" = { + style = "row"; + columns = 3; + useEqualHeights = true; + }; + } { "Media Streaming" = { style = "row"; - columns = 4; + columns = 3; useEqualHeights = true; }; } { "Media Management" = { style = "row"; - columns = 4; + columns = 3; useEqualHeights = true; }; } { - "Cloud Services" = { - style = "row"; - columns = 3; - }; - } - { - "Utilities" = { + Utilities = { style = "row"; columns = 3; + useEqualHeights = true; + initiallyCollapsed = true; }; } ]; quicklaunch.searchDescriptions = true; disableUpdateCheck = true; showStats = true; - statusStyle = "dot"; }; widgets = [ { @@ -277,7 +423,7 @@ in memory = true; disk = [ "/" - "/backup" + "/mnt/external" ]; cputemp = true; tempmin = 0; @@ -290,11 +436,27 @@ in ]; }; - nginx.virtualHosts."homepage-dashboard.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + gatus.settings.endpoints = [ + { + name = "Homepage Dashboard"; + group = "Utilities"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; # secrets diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index 3d83d33..ce89f21 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -1,37 +1,37 @@ -{ - lib, - ... -}: let - port = "2283"; + port = 2283; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "photos.fi33.buzz"; + url = "https://${hostname}"; in { services = { immich = { enable = true; - port = lib.toInt "${port}"; + inherit port; mediaLocation = "/srv/immich"; }; - borgmatic.settings.postgresql_databases = [ + gatus.settings.endpoints = [ { - name = "immich"; - hostname = "localhost"; - username = "root"; - password = "{credential systemd borgmatic-pg}"; + name = "Immich"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; } ]; - nginx = { - clientMaxBodySize = "50000M"; - virtualHosts."immich.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://[::1]:${port}"; - proxyWebsockets = true; - }; - }; - }; + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index e64f6ad..6e1f7b8 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -1,19 +1,38 @@ let - port = "8096"; + port = 8096; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "media.fi33.buzz"; + url = "https://${hostname}"; in { services = { jellyfin = { enable = true; dataDir = "/srv/jellyfin"; - group = "media"; + group = "srv"; }; - nginx.virtualHosts."jellyfin.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + gatus.settings.endpoints = [ + { + name = "Jellyfin"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; # use intel iGP diff --git a/modules/nixos/features/karakeep.nix b/modules/nixos/features/karakeep.nix new file mode 100644 index 0000000..cebc5f8 --- /dev/null +++ b/modules/nixos/features/karakeep.nix @@ -0,0 +1,22 @@ +let + port = 5014; + certloc = "/var/lib/acme/fi33.buzz"; +in +{ + services = { + karakeep = { + enable = true; + extraEnvironment = { + PORT = toString port; + DISABLE_NEW_RELEASE_CHECK = "true"; + }; + }; + + caddy.virtualHosts."karakeep.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} diff --git a/modules/nixos/features/kavita.nix b/modules/nixos/features/kavita.nix new file mode 100644 index 0000000..814cd91 --- /dev/null +++ b/modules/nixos/features/kavita.nix @@ -0,0 +1,44 @@ +{ + config, + ... +}: +let + port = 5015; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "library.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + kavita = { + enable = true; + dataDir = "/srv/kavita"; + settings.Port = port; + tokenKeyFile = config.age.secrets.kavita.path; + }; + + gatus.settings.endpoints = [ + { + name = "Kavita"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; + + age.secrets.kavita.file = ../../../secrets/kavita.age; +} diff --git a/modules/nixos/features/libretranslate.nix b/modules/nixos/features/libretranslate.nix new file mode 100644 index 0000000..ed20161 --- /dev/null +++ b/modules/nixos/features/libretranslate.nix @@ -0,0 +1,37 @@ +let + port = 5023; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "translate.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + libretranslate = { + enable = true; + inherit port; + updateModels = true; + }; + + gatus.settings.endpoints = [ + { + name = "LibreTranslate"; + group = "Public Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 39e6253..620f684 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -1,23 +1,40 @@ -{ - lib, - ... -}: let - port = "5012"; + port = 5012; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "music.fi33.buzz"; + url = "https://${hostname}"; in { services = { lidarr = { enable = true; dataDir = "/srv/lidarr"; - settings.server.port = lib.toInt port; - group = "media"; + settings.server = { + inherit port; + }; + group = "srv"; }; - nginx.virtualHosts."lidarr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + gatus.settings.endpoints = [ + { + name = "Lidarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/llm.nix b/modules/nixos/features/llm.nix new file mode 100644 index 0000000..fcd470c --- /dev/null +++ b/modules/nixos/features/llm.nix @@ -0,0 +1,46 @@ +{ + pkgs, + ... +}: +{ + environment.systemPackages = [ pkgs.ollama-rocm ]; + + services = { + open-webui.enable = true; + + ollama = { + enable = true; + package = pkgs.ollama-rocm; + loadModels = [ + # small + # keep-sorted start + "deepseek-r1:1.5b" + "gemma3:1b" + "gemma3:270m" + "gemma3:4b" + "llama3.2:1b" + "llama3.2:3b" + "ministral-3:3b" + "qwen3:0.6b" + "qwen3:1.7b" + "qwen3:4b" + # keep-sorted end + # medium + # keep-sorted start + "deepseek-r1:7b" + "deepseek-r1:8b" + "llama3.1:8b" + "ministral-3:8b" + "qwen3:8b" + # keep-sorted end + # large + # keep-sorted start + "deepseek-r1:14b" + "gemma3:12b" + "ministral-3:14b" + "qwen3:14b" + # keep-sorted end + ]; + }; + }; +} diff --git a/modules/nixos/features/localisation.nix b/modules/nixos/features/localisation.nix index b6ab05e..ea5750f 100644 --- a/modules/nixos/features/localisation.nix +++ b/modules/nixos/features/localisation.nix @@ -1,10 +1,11 @@ { i18n = { defaultLocale = "en_AU.UTF-8"; - supportedLocales = [ + extraLocales = [ + "en_GB.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" - "en_AU.UTF-8/UTF-8" ]; + extraLocaleSettings.LC_ALL = "en_GB.UTF-8"; }; time.timeZone = "Australia/Melbourne"; diff --git a/modules/nixos/features/mealie.nix b/modules/nixos/features/mealie.nix new file mode 100644 index 0000000..324c241 --- /dev/null +++ b/modules/nixos/features/mealie.nix @@ -0,0 +1,53 @@ +{ + pkgs, + ... +}: +let + port = 5026; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "mealie.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + mealie = { + enable = true; + inherit port; + settings = { + TZ = "Australia/Melbourne"; + ALLOW_SIGNUP = "false"; + }; + }; + + gatus.settings.endpoints = [ + { + name = "Mealie"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + borgbackup.jobs = { + onsite = { + paths = [ "/var/lib/mealie" ]; + }; + offsite = { + paths = [ "/var/lib/mealie" ]; + }; + }; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index 7fd7403..094bdc2 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -3,7 +3,10 @@ ... }: let - port = "5010"; + port = 5010; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "feeds.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -11,25 +14,32 @@ in enable = true; adminCredentialsFile = config.age.secrets.miniflux-creds.path; config = { - BASE_URL = "https://miniflux.fi33.buzz"; - LISTEN_ADDR = "localhost:${port}"; + BASE_URL = url; + LISTEN_ADDR = "localhost:${toString port}"; }; }; - borgmatic.settings.postgresql_databases = [ + gatus.settings.endpoints = [ { - name = "miniflux"; - hostname = "localhost"; - username = "root"; - password = "{credential systemd borgmatic-pg}"; + name = "Miniflux"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; } ]; - nginx.virtualHosts."miniflux.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age; diff --git a/modules/nixos/features/nixvim.nix b/modules/nixos/features/nixvim.nix index fd86deb..e4838bd 100644 --- a/modules/nixos/features/nixvim.nix +++ b/modules/nixos/features/nixvim.nix @@ -20,16 +20,21 @@ }; diagnostic.settings.virtual_lines = true; opts = { + # keep-sorted start autoindent = true; + colorcolumn = "80"; expandtab = true; number = true; relativenumber = true; shiftwidth = 2; + # get suggestions by typing z= + spell = true; + spelllang = "en_au"; tabstop = 2; - colorcolumn = "80"; + # keep-sorted end }; plugins = { - # autoclose brackets + # auto close brackets autoclose.enable = true; # completion window diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index 681047f..0d101eb 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -1,24 +1,59 @@ +{ + config, + ... +}: let - port = "5002"; + port = 5002; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "notify.fi33.buzz"; + url = "https://${hostname}"; in { services = { ntfy-sh = { enable = true; + environmentFile = config.age.secrets.ntfy.path; settings = { - base-url = "https://ntfy-sh.fi33.buzz"; - listen-http = ":${port}"; + base-url = url; + listen-http = ":${toString port}"; behind-proxy = true; + auth-default-access = "deny-all"; + auth-users = [ + "Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin" + "gatus:$2a$12$OswG3sB8oDaB.KpawKM3P.78dID.Tj/0y5qeVD5BE6EH5bpGKe.na:user" + ]; + auth-access = [ + "gatus:services:wo" + ]; }; }; - nginx.virtualHosts."ntfy-sh.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - proxyWebsockets = true; - }; + gatus.settings.endpoints = [ + { + name = "ntfy"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + borgbackup.jobs = { + onsite.paths = [ "/var/lib/ntfy-sh" ]; + offsite.paths = [ "/var/lib/ntfy-sh" ]; }; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; + + age.secrets.ntfy.file = ../../../secrets/ntfy.age; } diff --git a/modules/nixos/features/nzbget.nix b/modules/nixos/features/nzbget.nix new file mode 100644 index 0000000..18fc272 --- /dev/null +++ b/modules/nixos/features/nzbget.nix @@ -0,0 +1,46 @@ +{ + pkgs, + ... +}: +let + port = 5018; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "usenet.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + nzbget = { + enable = true; + settings = { + MainDir = "/srv/nzbget"; + ControlPort = port; + }; + group = "srv"; + }; + + gatus.settings.endpoints = [ + { + name = "NZBget"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 401" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; + + environment.systemPackages = with pkgs; [ unrar ]; +} diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 348b42d..5be0efb 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -1,10 +1,12 @@ { config, - lib, ... }: let - port = "5013"; + port = 5013; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "documents.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,28 +15,33 @@ in dataDir = "/srv/paperless"; database.createLocally = true; passwordFile = config.age.secrets.paperless.path; - port = lib.toInt port; + inherit port; settings = { - PAPERLESS_URL = "https://paperless.fi33.buzz"; + PAPERLESS_URL = url; }; }; - borgmatic.settings = { - postgresql_databases = [ - { - name = "paperless"; - hostname = "localhost"; - username = "root"; - password = "{credential systemd borgmatic-pg}"; - } - ]; - }; + gatus.settings.endpoints = [ + { + name = "Paperless"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; - nginx.virtualHosts."paperless.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; age.secrets."paperless" = { diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 2e439b5..050cc56 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -1,27 +1,51 @@ { - lib, + pkgs, ... }: let - port = "5009"; + port = 5009; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "prowlarr.fi33.buzz"; + url = "https://${hostname}"; in { services = { prowlarr = { enable = true; - dataDir = "/srv/prowlarr"; - settings.server.port = lib.toInt port; - }; - - nginx = { - virtualHosts."prowlarr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - # proxyWebsockets = true; - }; + settings.server = { + inherit port; }; }; + + gatus.settings.endpoints = [ + { + name = "Prowlarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + borgbackup.jobs = { + onsite = { + paths = [ "/var/lib/prowlarr" ]; + }; + offsite = { + paths = [ "/var/lib/prowlarr" ]; + }; + }; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/qbittorrent.nix b/modules/nixos/features/qbittorrent.nix index b67b01e..c44683a 100644 --- a/modules/nixos/features/qbittorrent.nix +++ b/modules/nixos/features/qbittorrent.nix @@ -1,28 +1,41 @@ -{ - lib, - ... -}: let - port = "5005"; + port = 5005; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "bittorrent.fi33.buzz"; + url = "https://${hostname}"; in { services = { qbittorrent = { enable = true; - webuiPort = lib.toInt port; + webuiPort = port; profileDir = "/srv"; - group = "media"; + group = "srv"; extraArgs = [ "--confirm-legal-notice" ]; }; - nginx.virtualHosts."qbittorrent.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; - }; + gatus.settings.endpoints = [ + { + name = "qBittorrent"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; - users.users.qbittorrent.extraGroups = [ "media" ]; + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; } diff --git a/modules/nixos/features/qui.nix b/modules/nixos/features/qui.nix new file mode 100644 index 0000000..8c34edf --- /dev/null +++ b/modules/nixos/features/qui.nix @@ -0,0 +1,32 @@ +{ + # keep-sorted start + lib, + pkgs, + # keep-sorted end + ... +}: +let + port = 5019; + certloc = "/var/lib/acme/fi33.buzz"; +in +{ + environment.systemPackages = [ pkgs.qui ]; + + systemd.user.services.qui = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${lib.getExe pkgs.qui} serve"; + + environment = { + QUI__PORT = toString port; + QUI__DATA_DIR = "/srv/qui"; + }; + }; + + services.caddy.virtualHosts."qui.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; +} diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index 51aeef1..cdbfe0d 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -1,23 +1,40 @@ -{ - lib, - ... -}: let - port = "5007"; + port = 5007; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "movies.fi33.buzz"; + url = "https://${hostname}"; in { services = { radarr = { enable = true; dataDir = "/srv/radarr"; - settings.server.port = lib.toInt port; - group = "media"; + settings.server = { + inherit port; + }; + group = "srv"; }; - nginx.virtualHosts."radarr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + gatus.settings.endpoints = [ + { + name = "Radarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix new file mode 100644 index 0000000..1cbaf04 --- /dev/null +++ b/modules/nixos/features/radicale.nix @@ -0,0 +1,61 @@ +{ + config, + ... +}: +let + port = 5003; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "caldav.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + radicale = { + enable = true; + settings = { + server = { + hosts = [ + "0.0.0.0:${toString port}" + "[::]:${toString port}" + ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = config.age.secrets.radicale.path; + htpasswd_encryption = "plain"; + }; + storage = { + filesystem_folder = "/srv/radicale"; + }; + }; + }; + + gatus.settings.endpoints = [ + { + name = "Radicale"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; + + # secrets + age.secrets."radicale" = { + file = ../../../secrets/radicale.age; + owner = "radicale"; + }; +} diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix new file mode 100644 index 0000000..d78a322 --- /dev/null +++ b/modules/nixos/features/readarr.nix @@ -0,0 +1,40 @@ +let + port = 5016; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "books.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + readarr = { + enable = true; + dataDir = "/srv/readarr"; + settings.server = { + inherit port; + }; + group = "srv"; + }; + + gatus.settings.endpoints = [ + { + name = "Readarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} diff --git a/modules/nixos/features/send.nix b/modules/nixos/features/send.nix new file mode 100644 index 0000000..cdb6620 --- /dev/null +++ b/modules/nixos/features/send.nix @@ -0,0 +1,45 @@ +let + port = 5020; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "send.fi33.buzz"; + url = "https://${hostname}"; +in +{ + services = { + send = { + enable = true; + inherit port; + baseUrl = url; + environment = { + DEFAULT_EXPIRE_SECONDS = 360; + EXPIRE_TIMES_SECONDS = "360"; + DOWNLOAD_COUNTS = "1"; + MAX_DOWNLOADS = 1; + MAX_EXPIRE_SECONDS = 1024; + MAX_FILE_SIZE = 134217728; + }; + }; + + gatus.settings.endpoints = [ + { + name = "Send"; + group = "Public Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + }; +} diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 95ac80e..696872d 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -1,23 +1,40 @@ -{ - lib, - ... -}: let - port = "5006"; + port = 5006; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "shows.fi33.buzz"; + url = "https://${hostname}"; in { services = { sonarr = { enable = true; dataDir = "/srv/sonarr"; - settings.server.port = lib.toInt port; - group = "media"; + settings.server = { + inherit port; + }; + group = "srv"; }; - nginx.virtualHosts."sonarr.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + gatus.settings.endpoints = [ + { + name = "Sonarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/star-citizen.nix b/modules/nixos/features/star-citizen.nix new file mode 100644 index 0000000..e54f03a --- /dev/null +++ b/modules/nixos/features/star-citizen.nix @@ -0,0 +1,23 @@ +{ + # keep-sorted start + inputs, + system, + # keep-sorted end + ... +}: +{ + nix.settings = { + substituters = [ "https://nix-citizen.cachix.org" ]; + trusted-public-keys = [ "nix-citizen.cachix.org-1:lPMkWc2X8XD4/7YPEEwXKKBg+SVbYTVrAaLA2wQTKCo=" ]; + }; + + environment.systemPackages = [ + inputs.nix-citizen.packages.${system}.rsi-launcher + ]; + + zramSwap = { + enable = true; + memoryPercent = 100; + writebackDevice = "/dev/sda1"; + }; +} diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index 47e804c..0b141f7 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -4,7 +4,7 @@ ... }: let - port = "5008"; + port = 5008; devicesList = [ # keep-sorted start block=yes { @@ -13,11 +13,11 @@ let } { device = "laptop"; - id = "XDDGWB2-5OFYWSY-7LN652V-3WNQMWV-4WCVHCR-2EXLDW7-FUL2MC4-MMLO4QV"; + id = "CTU345T-27VU5KK-HXLPSMO-H6C47TL-XZG3BVU-AZF7HSX-FCQHAMA-QOA3CAT"; } { device = "phone"; - id = "DF56S5M-2EDKAML-LZBB35J-MNNK7UE-WAYE2QW-EKUGKXN-U5JW3RX-S3FUGA4"; + id = "KAZ3SOB-SSJHY33-6JF64KW-VF3CPSP-565565I-YXOJHU6-E273VR5-CKQFNQ6"; } { device = "server"; @@ -40,12 +40,15 @@ let } ) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList) ); + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "sync.fi33.buzz"; + url = "https://${hostname}"; in { services = { syncthing = { enable = true; - guiAddress = "0.0.0.0:${port}"; + guiAddress = "0.0.0.0:${toString port}"; openDefaultPorts = true; user = "${userName}"; dataDir = "/home/${userName}"; @@ -55,21 +58,41 @@ in }; }; - borgmatic.settings = + gatus.settings.endpoints = [ + { + name = "Syncthing"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + borgbackup.jobs = if userName == "srv" then { - source_directories = [ + onsite.paths = [ "/home/srv/.config/syncthing" - "/home/srv/Sync" + "/home/srv/Sync/" + ]; + offsite.paths = [ + "/home/srv/.config/syncthing" + "/home/srv/Sync/" ]; } else - null; + { }; - nginx.virtualHosts."syncthing.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; - }; + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy http://localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index c9f1333..6c4f1fa 100644 --- a/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -5,6 +5,4 @@ "--accept-dns=true" ]; }; - - networking.firewall.trustedInterfaces = [ "tailscale0" ]; } diff --git a/modules/nixos/features/upbank2firefly.nix b/modules/nixos/features/upbank2firefly.nix new file mode 100644 index 0000000..e711bb8 --- /dev/null +++ b/modules/nixos/features/upbank2firefly.nix @@ -0,0 +1,60 @@ +{ + config, + pkgs, + ... +}: +let + port = 5021; + certloc = "/var/lib/acme/fi33.buzz"; +in +{ + virtualisation.oci-containers = { + backend = "docker"; + containers.upbank2firefly = { + extraOptions = [ + "--network=host" + ]; + image = "compose2nix/upbank2firefly"; + environment = { + FIREFLY_BASEURL = "https://firefly.fi33.buzz"; + TZ = "Australia/Melbourne"; + }; + environmentFiles = [ config.age.secrets.upbank2firefly.path ]; + volumes = [ + "/srv/upbank2firefly/app:/app:rw" + ]; + ports = [ + "${toString port}:80/tcp" + ]; + }; + }; + + systemd = { + services = { + "docker-build-upbank2firefly" = { + path = with pkgs; [ + docker + git + ]; + serviceConfig = { + Type = "oneshot"; + TimeoutSec = 300; + }; + script = '' + cd /srv/upbank2firefly + git pull + docker build -t compose2nix/upbank2firefly . + ''; + }; + }; + }; + + services.caddy.virtualHosts."upbank2firefly.fi33.buzz".extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; + + age.secrets.upbank2firefly.file = ../../../secrets/upbank2firefly.age; +} diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index c4e069d..5833a18 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -3,7 +3,10 @@ ... }: let - port = "5001"; + port = 5001; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "vault.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -11,8 +14,8 @@ in enable = true; backupDir = "/srv/vaultwarden"; config = { - rocketPort = "${port}"; - domain = "https://vaultwarden.fi33.buzz"; + rocketPort = toString port; + domain = url; signupsAllowed = false; invitationsAllowed = false; showPasswordHint = false; @@ -22,14 +25,27 @@ in }; }; - nginx.virtualHosts."vaultwarden.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://localhost:${port}"; - proxyWebsockets = true; - }; - }; + gatus.settings.endpoints = [ + { + name = "Vaultwarden"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; age.secrets."vaultwarden-admin" = { diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 98eba78..29f389c 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -1,5 +1,8 @@ let - port = "port"; + port = 0000; + certloc = "/var/lib/acme/fi33.buzz"; + hostname = "feature.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -7,12 +10,31 @@ in enable = true; }; - borgbackup.jobs = feature { }; + gatus.settings.endpoints = [ + { + name = "feature"; + group = ""; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + alerts = [ { type = "ntfy"; } ]; + } + ]; - nginx.virtualHosts."feature.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/".proxyPass = "http://localhost:${port}"; + borgbackup.jobs = { + onsite.paths = [ "" ]; + offsite.paths = [ "" ]; }; + + caddy.virtualHosts.${hostname}.extraConfig = '' + reverse_proxy localhost:${toString port} + tls ${certloc}/cert.pem ${certloc}/key.pem { + protocols tls1.3 + } + ''; }; } diff --git a/secrets/bazarr.age b/secrets/bazarr.age new file mode 100644 index 0000000..108c2a4 --- /dev/null +++ b/secrets/bazarr.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ sHlKSMDLuGOLY2qwoFCS2ZiC/903ChAP0wp4wJYksi8 +jIzt2BvZy53dMdUSYBEa2QsWQ7yluk9ltdk4wrTkIbo +-> ssh-ed25519 7+xRyQ /JHmkqPhx/nJFhOxWu5nrX89NCBI/Bhyih81bIv2OR8 +VJPt3EFgYWc6bYBSNNzLFnWBNVx7RYJaG/hNF2EswQ4 +-> ssh-ed25519 LtK9yQ znUR+X5uu9wdKPdUBEOhs295e/zLAD8E49vZ0QEaL10 +ADBASujra+DSzavY/m/gU3xgAzaSqlTh2txpzyyJIJQ +--- j21Ms0NWBwHJV1NPbIp19lSgCMkCHSUX3UwWjg43OLk +[,WM?&>ʄ 1P ī"oKޓjhiҪ&UMPr& \ No newline at end of file diff --git a/secrets/borgbackup-offsite.age b/secrets/borgbackup-offsite.age new file mode 100644 index 0000000..e1809a9 --- /dev/null +++ b/secrets/borgbackup-offsite.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ NuEGxxieL0H7mUFKft+fuH1jd0XFDf3xESLrVcb9GAg +KxJcj9P/+cr63TmqEIPwfykz07luqe9VLRLzs3CWx9Y +-> ssh-ed25519 NanIwQ HRHMV4jFn7vJVHd6gFqcOTA14VI6+QaITXMpZbeGoDg +aANuHXv4O1KKwPCClatphXgWDFnsCy/AoQJT0+D560o +-> ssh-ed25519 LtK9yQ NHLTdStEdoXSGKxoz4/gR+oT9bLq8wwz4XRHS2rd9Xo +lndB74KBkWrfNuZyuQufl35lQIPNqbppLfSZRerIDaA +--- dro8ECdWcFtleQv5nffX/Wh97w/FGXQZwSIjPE9WIX8 +8R#;rpEhȾW8-. `OW']kJdC .T)N_kq_=ϰ \ No newline at end of file diff --git a/secrets/borgbackup-onsite.age b/secrets/borgbackup-onsite.age new file mode 100644 index 0000000..86c240f --- /dev/null +++ b/secrets/borgbackup-onsite.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ 3UW3CErZDv6UkjXJZldymqYmmJoQcbSjVX4IUX7KRn8 +pnbegKpKiNW8QY9rD7pD1mrhOSdD+cxUxcNKtLM5uOQ +-> ssh-ed25519 NanIwQ qAl2RheS1lTOU60xeodc4/WvyzYRGiWR+55QvsVE5H0 +j/UoLITpRpMF2t0J/Y0zL0kAgz5nJ02I/nwUp+pEowg +-> ssh-ed25519 LtK9yQ sbldK/F2u6MMgIR8F6c5ZFkMesq+GHKRmlqt3n6L2yw +GTSzhGfj+Shg+MQ3hde12pKi6zfeGNw6RXwSAoGyaak +--- 6WmdTjpwgwb6/1o06i5xtvnOQcvNztwpBmvH/9wYbmo +K^ѭUb|:m@*ޱg1>)qs,n{ DdvɜEuH ssh-ed25519 qLT+DQ GTuLiTsgOVunKC+DyalVPV3gKm3WiKoSIQXg/0ElJF8 +UiOLJdTn4Q5oTkqAtZ6K0uxW+EsrpfA156uC1ncrIY0 +-> ssh-ed25519 7+xRyQ k2ta2Gl7zCvHiv4DwzgRK5REDYayIoTfC32BF5yHxgg +n7sqfJ6fx/3VnQCD+H4n92ekGdoFCdk/SeXdSU8FZHc +-> ssh-ed25519 LtK9yQ BQ9U3//Lzx7dX+iDyP2lqx6K860kFTu/iB5uMAskKhA +xiV+QxL8ffx9n9gIUr5wwQ5zGvZlFsf2DclayQh8SJI +--- k06SInBOn82DqWfIf4t62pjAZ1R0uWAyQTi5ELDD/6U +f_$T56"TH;4} ssh-ed25519 qLT+DQ C3A3TKOyIWzbW8JupvhTmLKetnr+0uzkPq985NA0DCs -ahrHVR7WadjOfOXBWOqBAf9L0UdCNeD0Ynk6sKDF7WM --> ssh-ed25519 7+xRyQ evZ6zSS3olbORnqiCnEAL68D1FNPgg2oBoJSaquLAAA -BYoo9AVOHsRsTbXkRQdS/7WN25vBuJOAb0YfnSY+hGQ --> ssh-ed25519 LtK9yQ jLIdKPvVhPsRIJevWLmads3P2hM29c0B143OWoINzlY -ziCUQ1TtB6BUgbNZ/zFXoaOtpxyrbKobsTvXo/dSpSA ---- Q6JHS+5vuYLIqyIb6x3qCbIJvsjk2++ovL1zkVGs69o -쇽NM1WByM.-|Gl]8Z,(5豲P!pmpEa;(tq!KU4m \ No newline at end of file diff --git a/secrets/borgmatic.age b/secrets/borgmatic.age deleted file mode 100644 index fca1c53..0000000 --- a/secrets/borgmatic.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ zfLZc8A30KjoMrhUSl4OgTp+Yg11fmVjDioxtIYMqDU -URhJwUCElaJcSd+k5wBQAXvdC/68ZcCA5WbHGAJTYfY --> ssh-ed25519 7+xRyQ mrGrjW0fQIRNMDdw4Hoc9N/xAEm1P0IFukShfeVdKE8 -yLUmj7LBfHQ/i4buBB57ktNUOnHpoC8NYTQUnK5e5y4 --> ssh-ed25519 LtK9yQ THjOsSIr/DQTulFlwd4r5DYb73VQ0vWgyDHkfJV3NR0 -Dl8FwK1WciiEMs5MdrFcUIOFGmlbZf3APOWzLN6rkOE ---- 3mjYPT9APy0F5NNbbCIQhzZ0XjKBtB9YGGS3t37eoRU -T^vU{>[dhPC6Z|K|~lݝbDt΄]1P$10 A$ \ No newline at end of file diff --git a/secrets/copyparty-will.age b/secrets/copyparty.age similarity index 100% rename from secrets/copyparty-will.age rename to secrets/copyparty.age diff --git a/secrets/firefly-db.age b/secrets/firefly-db.age new file mode 100644 index 0000000..d4cbe78 --- /dev/null +++ b/secrets/firefly-db.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ zL4NAxPigHwUnYz0KUoDXlzXJ3PtnxIYl81oLP3e40M +yricJ+r8OTXwGd0Bt4+CsW7/M8lOSha04i0Fb0QCHGo +-> ssh-ed25519 7+xRyQ 2UhHfwz3DvXT/bEDp8QrluyPa/po5CCB5rUKxBqfn2c +2pWexi7bU3UlOo9SKfw/9k/DJ535tsgPvZXAbLruL00 +-> ssh-ed25519 LtK9yQ 8XOO4u1di+FedjGcaj/Fhna8Y+LRRPa9L4ShAx5dASA +F51SLqQEZ1LQAP2SgXphszVBhKaB+/OAVWEHr/thtFo +--- ovyL3oCODPSbd8Fe7KdS3sKCc+bjcj2y+6aS1qVqQsg + %>IOդ77ZFhu<4)cҚUZ*UCk|xCox P \ No newline at end of file diff --git a/secrets/firefly.age b/secrets/firefly.age new file mode 100644 index 0000000..430908f --- /dev/null +++ b/secrets/firefly.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ DhWZZ8fB3bwSaI88j9M5Ix/jCwoJWPUVmR56OwxJFUs +/pxA0PTShUGloixcyUoAW5cOKWAjD9M0byLAQUgnPvA +-> ssh-ed25519 7+xRyQ LrUQ5trcyyhcjK8IhGKVOAz6g7HjBI8t0m/snDiVMkE +hi0My/e0Enno50niPMKcy278Wr5z1sq3X1yJn7H8uBo +-> ssh-ed25519 LtK9yQ ke0bLtqFny2oUkCvtawPcHzPlyi2Lvi6WpZP2lDyelE +VFjTwnbTcayuruXVmVnfK97KcwB+luOoLU2x6Ug3HVM +--- NxMB9mtZ480lLRRmk0ne5BaL/tfF81Yr3wGBUvECGQY +HH9?܂獠 |ؽ15i/FlG$EwG +;;߽ݤ$}/[g] \ No newline at end of file diff --git a/secrets/gatus.age b/secrets/gatus.age new file mode 100644 index 0000000..13d455e --- /dev/null +++ b/secrets/gatus.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ 3vJV+PZ1IvwiFPplPEwXkaZK4y0QLxkvi/stzAV+HWg +3htQOBS3ph9+OXG2ZYtMyzErGtYRP1vzycua+vhPX+4 +-> ssh-ed25519 NanIwQ 748IDG9uT6jMj0CSU3EeBqRd7lZ7NTJoUldo4FUfkFI +bYaXhcXjYgKqEaUeRZQhx9neK1pDVN3QbhblLOcGUg0 +-> ssh-ed25519 LtK9yQ au/UGPL91M0sUzMeOKPOkltXWDPoWeCrUWrD2OIsJA0 +thILTQH9hrcBYBbRSZaHMODAhCKWsqomDuEK4hcKAqM +--- UpA2kIfSBwfgMxjt2x61KFAiUaV3sHQ6Gp2R87cvnwo +*D27p梔 pQ +Fufpڰ4Q5ѨeӪ ވ;ꖓz8i{@Ǘ \ No newline at end of file diff --git a/secrets/git_signing_key.age b/secrets/git_signing_key.age new file mode 100644 index 0000000..d3a4680 Binary files /dev/null and b/secrets/git_signing_key.age differ diff --git a/secrets/git_signing_key.pub.age b/secrets/git_signing_key.pub.age new file mode 100644 index 0000000..f0b53bc --- /dev/null +++ b/secrets/git_signing_key.pub.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ NMzN1Cll+cH5GgEQvCRpb8c1m7CDHWBtUZ5QNMluKkg +H77YBVoCAZerRyoG90h9W6PKZbpjNBl2mfsW3Eco27w +-> ssh-ed25519 7+xRyQ 67NFmrcLe9R5ni0HnvIiHcN0tlRVXpAiaVOQfIpqWzI +H7jbIgVXVl+lENksb4KUfASeIKPBI/FtHhhlQzhXwik +-> ssh-ed25519 LtK9yQ jvrWRlZF/H20QARL4lWWX0cDDoIK0Et5ZMxdsPJPXn0 +g+ZaDYycq65tBEBFuDpSl1BKuCTmxCJuYqG8kSCtL9U +--- jZ2xp/oW3CgXPc8jriK53zTODB9lhDNZr8YfSYLAmio +AKw;2R +֨bS'7//kXHӖW†

ssh-ed25519 qLT+DQ jySlchGAPxdkjpZzg+5BLH7O5yM+O5a9CleBVMqbck8 +I5OEMjXJNrNKIBumXmiAMXRa1AZx0cKQ0BfM7HYCcRc +-> ssh-ed25519 NanIwQ 29upo2jTQF8Vz91yWmYCXnQW4LgYcvt1TcF/HLA5klA +eQla3EMQnRPzhd5MyDL3byPhIiio0rFFM+yesPLEtv8 +-> ssh-ed25519 LtK9yQ Vx/lQ6M/wYa9483YpuCwwobNuIZjv/Sy9vl695H05BQ +qqUWRnrMYfflhcznrF2QKfODDa7vmz6Uy7fk1zSpbEE +--- xunznREPjjEVRWAmqI/4xKp/NrNk6C3B1Z+3Vjf2TL4 +m{z\,TSS7Tk)hVX0mN?=ӟx TdY0[)ۓSZ:>FU֙~ \ No newline at end of file diff --git a/secrets/nzbget.age b/secrets/nzbget.age new file mode 100644 index 0000000..6d7bec1 --- /dev/null +++ b/secrets/nzbget.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ lEh3/6XbXaiVdCK5gEl/Vy5wIyeg4oD+1q9js0p/bG0 +5O+ivgDvislMJbvE/bSRy6mF+ie6aGK6yAoc2TWlPOk +-> ssh-ed25519 7+xRyQ D03BRt3lUgEihDcJDFspP2RPt6WorIvGiRI1jnDT+gk +GuOES+KE5CUj733aSC+5wslfYRvCm27rvNnUDi/DiRE +-> ssh-ed25519 LtK9yQ K35hFXPZN4JhS9L8YfG+fwE2bbWLPc4r/rsQnxq68XM +GhWHGZzESMKKhQjCXT9yDHgpa/Y7eAxwi935lWts72A +--- wlbsANHwH3ah2YNlkaefazTv2zWsxE5kHCFOGcuSJQ0 + |,K+% (E"K" m`"\:'xljujU`TF;Z9M \ No newline at end of file diff --git a/secrets/prowlarr.age b/secrets/prowlarr.age index bb7d73c..08436c5 100644 --- a/secrets/prowlarr.age +++ b/secrets/prowlarr.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 LtK9yQ YVgPDwV8XS85LpMBbpgsXmoc2E0w2qopErn//kDHJzo -ZX3RIdYPxwOzpLddoGhi0aJ4H89hcpmlPgJuyTiYzlE --> ssh-ed25519 qLT+DQ KQMInU5B/vVG4dr0DGAFk1Yf+LbnPkV7OqfiqRaNgzo -BeMLVvtSKSKIPplIorIJSBMciQj5GYF1ltGbUn8SsJA --> ssh-ed25519 7+xRyQ Cr+rUSSDpC5WLh/bvWKJkf2SWIcljLofx3ybcVcK0z4 -kqabKTHxNxH9xfgShKTcleNXjBf/huoU+hH9tnOx5hg ---- J6RjAbLUNOKkb2UQyVjgTyrfyrIkDFMkQtXZypBDfWw -14%6p< ($$toI8;pZb83hf!mNסc8U \ No newline at end of file +-> ssh-ed25519 qLT+DQ k6AiMFgWygHRf2yPApcnQYDPaJx/Dp6BTq3+BdyBiyM +64MyfaTpMcAl8o9zkWXCoZQ5uy+7izd30A90LLiALTY +-> ssh-ed25519 7+xRyQ YcPcsux5lCSDbV8hSCvhkI+1qnAmXcpd5FDmT7bMXk0 +bbkjozzt/bL7j7uJTtgkklI/qJ11zYgQsYmZhFwGV+c +-> ssh-ed25519 LtK9yQ Ol8eU/Pyb3gDCsIzE1zT8FNsTCGKZZc5zfX6lW/5+2w +Gj0ssfpyQcy0vfVXgNXxzFzHGpPBOyfkR7UeRYina4A +--- +iLccZwqDkqDg2atoNRSuhEf3v3fyU6oda4vOw+BuKc +&L: 9:"| dm9v1y"vOYnx=4D \ No newline at end of file diff --git a/secrets/radicale.age b/secrets/radicale.age index 172d31e..d8553a7 100644 Binary files a/secrets/radicale.age and b/secrets/radicale.age differ diff --git a/secrets/readarr.age b/secrets/readarr.age new file mode 100644 index 0000000..e0d0607 --- /dev/null +++ b/secrets/readarr.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ qeJ25W5TGvWY8xc1I5sjjtP/98nGqoRMIFk6xLIbmi8 +RhUcEjz6mFp6uNVOpOgg6fPyL2cyrZH1ZWJTrax2xOE +-> ssh-ed25519 7+xRyQ jhJX/0+ZO+teoM2rUmdyFuI9V+tMe5kQaaHQFxwBGSU +fJmXSc/c3lth0cQgx8p/7G0WrnfgioSs8OcRa56B2s0 +-> ssh-ed25519 LtK9yQ UH9T6lRLG0pi0P84B9Zs/22nCKAoOAwL6KAmj+536U4 +h2DEqoPLgFqmVZOk/RhAIuifCexqt3ZFsIsCDm5KI3M +--- 6FY4tnGR8EIQyCWc3Xa3t8EqwcynoORmZqsp9zWUzZM +nā]Z0rTi:EE!  +uB{4cfvޟKj^2/` \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 69b1be1..2bd9a15 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,7 +1,7 @@ let # keep-sorted start desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHAnTQP77HQ/8nbf1oX7xftfKYtbH6MSh83wic0qdBy"; - laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeu5HwuRayiXIZE35AxX6PmxHxbXZ8NTlTgHrcPwhcQ"; + laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmM4LEjGPJbcUeG5363NpB3XJUyn/4B+eBCFzzuC/Td"; srv = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeV0NxqIGIXXgLYE6ntkHE4PARceZBp1FTI7kKLBbk8"; # keep-sorted end @@ -15,22 +15,31 @@ let in { # keep-sorted start - "borgmatic-pg.age".publicKeys = users; - "borgmatic.age".publicKeys = users; - "copyparty-will.age".publicKeys = users; + "borgbackup-offsite.age".publicKeys = users; + "borgbackup-onsite.age".publicKeys = users; + "copyparty.age".publicKeys = users; + "gatus.age".publicKeys = users; + "git_signing_key.age".publicKeys = users; + "git_signing_key.pub.age".publicKeys = users; "immich.age".publicKeys = users; "jellyfin.age".publicKeys = users; + "kavita-api.age".publicKeys = users; + "kavita.age".publicKeys = users; "lidarr.age".publicKeys = users; + "mealie.age".publicKeys = users; "miniflux-creds.age".publicKeys = users; + "ntfy.age".publicKeys = users; + "nzbget.age".publicKeys = users; "paperless.age".publicKeys = users; "porkbun-api.age".publicKeys = users; "protonmail-cert.age".publicKeys = users; "protonmail-desktop-password.age".publicKeys = users; - "protonmail-laptop-password.age".publicKeys = users; "prowlarr.age".publicKeys = users; "radarr.age".publicKeys = users; "radicale.age".publicKeys = users; + "readarr.age".publicKeys = users; "sonarr.age".publicKeys = users; + "subtitles.age".publicKeys = users; "vaultwarden-admin.age".publicKeys = users; # keep-sorted end } diff --git a/secrets/subtitles.age b/secrets/subtitles.age new file mode 100644 index 0000000..11a88e5 Binary files /dev/null and b/secrets/subtitles.age differ diff --git a/secrets/upbank2firefly.age b/secrets/upbank2firefly.age new file mode 100644 index 0000000..56d99d4 Binary files /dev/null and b/secrets/upbank2firefly.age differ