will-holdsworth/dots
1
1
Fork 0
Code Issues 22 Pull requests Projects 1 Releases Packages Wiki Activity Actions 1

Compare commits

base: will-holdsworth:enhancement/32
Branches Tags
will-holdsworth:main
will-holdsworth:100
will-holdsworth:update_flake_lock_action
will-holdsworth:71
will-holdsworth:enhancement/32
will-holdsworth:enhancement/6
..
compare: will-holdsworth:main
Branches Tags
will-holdsworth:main
will-holdsworth:100
will-holdsworth:update_flake_lock_action
will-holdsworth:71
will-holdsworth:enhancement/32
will-holdsworth:enhancement/6

134 commits
enhancemen ... main

Author SHA1 Message Date
Will Holdsworth
81bf6d1c45
feat(tailscale): disable for now, ssh works without 2026-03-12 20:02:34 +11:00
Will Holdsworth
9d3c2336dc Merge pull request 'Install LibreWolf' (#137) from 99 into main 
Reviewed-on: #137
 2026-03-12 20:01:30 +11:00
Will Holdsworth
7483af690a
feat(firefox): remove for now in favour of librewolf 2026-03-12 19:49:14 +11:00
Will Holdsworth
d7196bb746
feat(firefox): update config based on librewolf config 2026-03-12 19:49:00 +11:00
Will Holdsworth
5acabc9745
feat(librewolf): install 2026-03-12 19:48:50 +11:00
Will Holdsworth
f98b6fe4a7
fix(syncthing): alternative config should be empty set, not null 2026-03-12 19:01:05 +11:00
Will Holdsworth
6328d80bdf
fix(lazygit): allow rewording signed commits 2026-03-09 14:36:45 +11:00
Will Holdsworth
a2d43c4dd9
feat(borgbackup): replace borgmatic 2026-03-09 14:09:06 +11:00
github-actions[bot]
d26b436626 flake.lock: Update 
Flake lock file updates:

• Updated input 'copyparty':
    'github:9001/copyparty/ab8bd01' (2026-02-23)
  → 'github:9001/copyparty/981a7cd' (2026-03-08)
• Updated input 'home-manager':
    'github:nix-community/home-manager/9a4b494' (2026-02-23)
  → 'github:nix-community/home-manager/5be5d82' (2026-03-08)
• Updated input 'nix-citizen':
    'github:LovingMelody/nix-citizen/bebdc04' (2026-02-20)
  → 'github:LovingMelody/nix-citizen/73c8d04' (2026-03-06)
• Updated input 'nix-citizen/flake-parts':
    'github:hercules-ci/flake-parts/5792860' (2026-02-02)
  → 'github:hercules-ci/flake-parts/f20dc5d' (2026-03-01)
• Updated input 'nix-citizen/nixpkgs':
    'github:NixOS/nixpkgs/0182a36' (2026-02-17)
  → 'github:NixOS/nixpkgs/80bdc1e' (2026-03-04)
• Updated input 'nix-citizen/treefmt-nix':
    'github:numtide/treefmt-nix/337a4fe' (2026-02-04)
  → 'github:numtide/treefmt-nix/3710e0e' (2026-03-04)
• Updated input 'nix-gaming':
    'github:fufexan/nix-gaming/e70ef85' (2026-02-23)
  → 'github:fufexan/nix-gaming/d2b0b28' (2026-03-08)
• Updated input 'nix-gaming/flake-parts':
    'github:hercules-ci/flake-parts/5792860' (2026-02-02)
  → 'github:hercules-ci/flake-parts/f20dc5d' (2026-03-01)
• Updated input 'nix-gaming/flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/7271616' (2026-02-01)
  → 'github:nix-community/nixpkgs.lib/c185c7a' (2026-03-01)
• Added input 'nix-gaming/git-hooks':
    'github:cachix/git-hooks.nix/8baab58' (2026-03-07)
• Added input 'nix-gaming/git-hooks/flake-compat':
    'github:NixOS/flake-compat/5edf11c' (2025-12-29)
• Added input 'nix-gaming/git-hooks/gitignore':
    'github:hercules-ci/gitignore.nix/637db32' (2024-02-28)
• Added input 'nix-gaming/git-hooks/gitignore/nixpkgs':
    follows 'nix-gaming/git-hooks/nixpkgs'
• Added input 'nix-gaming/git-hooks/nixpkgs':
    follows 'nix-gaming/nixpkgs'
• Updated input 'nix-gaming/nixpkgs':
    'github:NixOS/nixpkgs/d1c15b7' (2026-02-16)
  → 'github:NixOS/nixpkgs/917fec9' (2026-03-05)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/0182a36' (2026-02-17)
  → 'github:nixos/nixpkgs/aca4d95' (2026-03-06)
• Updated input 'nixvim':
    'github:nix-community/nixvim/ed0424f' (2026-02-15)
  → 'github:nix-community/nixvim/21ae25e' (2026-03-01)
• Updated input 'nur':
    'github:nix-community/NUR/c5fa7a8' (2026-02-23)
  → 'github:nix-community/NUR/407db2f' (2026-03-08)
 2026-03-08 16:07:14 +00:00
Will
adba178f3d
Merge pull request #134 from wi11-holdsworth/111 
feat(mealie): install
 2026-03-07 16:54:55 +11:00
Will Holdsworth
1b86bc33db
feat(homepage-dashboard): add mealie 2026-03-07 16:54:55 +11:00
Will Holdsworth
2548046985
feat(mealie): install 2026-03-07 16:54:55 +11:00
Will
e71dd7e87d
Merge pull request #133 from wi11-holdsworth/101 
feat(fi33.buzz): host personal website
 2026-03-07 14:34:48 +11:00
Will Holdsworth
5a6da0744b
feat(fi33.buzz): host personal website 2026-03-07 14:34:23 +11:00
Will
ebf47820a0
Merge pull request #132 from wi11-holdsworth/123 
feat(gatus): add ntfy alerting for all services
 2026-03-07 13:39:56 +11:00
Will Holdsworth
3ac81e38e8
feat: add gatus config to web-feature template 2026-03-07 13:39:16 +11:00
Will Holdsworth
c41995561a
feat(gatus): add ntfy alerting for all services 2026-03-07 13:39:05 +11:00
Will Holdsworth
9a7169c1cb
feat(ntfy): add user for gatus with token 2026-03-07 13:38:39 +11:00
Will
a89d9a1952
Merge pull request #131 from wi11-holdsworth/129 
feat(gatus): add custom appearance
 2026-03-07 13:35:41 +11:00
Will Holdsworth
a7b5995e01
feat(gatus): add custom appearance 2026-03-07 13:35:14 +11:00
Will
c30348d810
Merge pull request #122 from wi11-holdsworth/95 
Host gatus
 2026-03-04 21:27:32 +11:00
Will Holdsworth
48315cfb8e
feat: add gatus entry for each subdomain 2026-03-04 21:26:18 +11:00
Will Holdsworth
fe11ecea2a
feat(gatus): install 2026-03-04 18:53:49 +11:00
Will Holdsworth
663b39451c
feat(laptop): update hardware uuids and ssh keys 2026-03-04 18:17:22 +11:00
Will Holdsworth
c96f08c3f1
feat(homepage-dashboard): initially collapse utilities section, and hide app version 2026-03-02 23:35:01 +11:00
Will Holdsworth
7a4898b4db
feat(homepage-dashboard): add status monitoring 2026-03-02 23:21:50 +11:00
Will
81c741f5da
Merge pull request #121 from wi11-holdsworth/116 
Host LibreTranslate
 2026-03-02 04:08:19 -08:00
Will Holdsworth
a9ac65f3f7
feat(homepage-dashboard): add libretranslate 2026-03-02 23:07:50 +11:00
Will Holdsworth
d4118655df
feat(libretranslate): install 2026-03-02 23:07:50 +11:00
Will Holdsworth
de21c82acb
style(homepage-dashboard): update service taglines by taking inspiration from repository taglines 2026-03-02 22:51:55 +11:00
Will
e032370b99
Merge pull request #120 from wi11-holdsworth/114 
Host CryptPad
 2026-03-02 03:51:14 -08:00
Will
c545418355
Merge branch 'main' into 114 2026-03-02 03:51:06 -08:00
Will Holdsworth
036e775835
feat(homepage-dashboard): add cryptpad 2026-03-02 22:46:03 +11:00
Will Holdsworth
2551f74ca4
feat(cryptpad): install 2026-03-02 22:46:03 +11:00
Will
522c9fc253
Merge pull request #119 from wi11-holdsworth/113 
Install send
 2026-03-02 21:54:50 +11:00
Will Holdsworth
7f0f92dcf2
feat(homepage-dashboard): add send 2026-03-02 21:54:50 +11:00
Will
bd1de92aea
Merge pull request #119 from wi11-holdsworth/113 
Install send
 2026-03-02 02:46:46 -08:00
Will Holdsworth
0c8fb875c3
feat(homepage-dashboard): add send 2026-03-02 21:46:11 +11:00
Will Holdsworth
143f1dafac
feat(send): install 2026-03-02 21:46:01 +11:00
Will
cea5fc1df7
Merge pull request #110 from wi11-holdsworth/79 
fix(prowlarr): data dir doesn't seem to be supported properly
 2026-03-02 21:18:08 +11:00
Will Holdsworth
afa8f669c9
fix(prowlarr): data dir doesn't seem to be supported properly, just use default data dir at /var/lib 2026-03-02 21:18:08 +11:00
Will Holdsworth
cab4e8fd57
fix(borgmatic): revert #2197490b 2026-03-01 13:16:31 +11:00
Will Holdsworth
927428224f
refactor(agenix): remove unused keys 2026-02-24 23:38:12 +11:00
wi11-holdsworth
b1369d9233
feat(git): add signing key to secrets store and sign all commits by default 2026-02-24 23:15:49 +11:00
wi11-holdsworth
e3c18152d5 fix(homepage-dashboard): for some bizzare reason, the "bazarr" key wasn't working but I changed the name to "subtitles" and it works so yay 2026-02-24 22:25:00 +11:00
github-actions[bot]
9ce15bc963 flake.lock: Update 
Flake lock file updates:

• Updated input 'copyparty':
    'github:9001/copyparty/d067d2a' (2026-02-14)
  → 'github:9001/copyparty/ab8bd01' (2026-02-23)
• Updated input 'home-manager':
    'github:nix-community/home-manager/ae8003d' (2026-02-15)
  → 'github:nix-community/home-manager/9a4b494' (2026-02-23)
• Updated input 'nix-citizen':
    'github:LovingMelody/nix-citizen/2affbcd' (2026-02-13)
  → 'github:LovingMelody/nix-citizen/bebdc04' (2026-02-20)
• Updated input 'nix-citizen/nixpkgs':
    'github:NixOS/nixpkgs/ec7c70d' (2026-02-11)
  → 'github:NixOS/nixpkgs/0182a36' (2026-02-17)
• Updated input 'nix-gaming':
    'github:fufexan/nix-gaming/0c4bf3a' (2026-02-15)
  → 'github:fufexan/nix-gaming/e70ef85' (2026-02-23)
• Updated input 'nix-gaming/nixpkgs':
    'github:NixOS/nixpkgs/2343bbb' (2026-02-11)
  → 'github:NixOS/nixpkgs/d1c15b7' (2026-02-16)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/a82ccc3' (2026-02-13)
  → 'github:nixos/nixpkgs/0182a36' (2026-02-17)
• Updated input 'nur':
    'github:nix-community/NUR/76daea0' (2026-02-16)
  → 'github:nix-community/NUR/c5fa7a8' (2026-02-23)
 2026-02-24 22:08:31 +11:00
wi11-holdsworth
3c46d9e066 feat: prepare for exposure to the internet 
* open ports 80 and 443
* password-protect copyparty and ntfy-sh
* randomise usernames for radicale and copyparty
 2026-02-24 22:08:31 +11:00
wi11-holdsworth
fbd4da91c0 fix(copyparty): disable read access for all non-users 2026-02-22 16:47:53 +11:00
wi11-holdsworth
9bdffc9a3a fix(copyparty): support reverse proxies 2026-02-22 16:47:53 +11:00
wi11-holdsworth
b6dafe4908 fix(yazi): update shell wrapper name 2026-02-22 16:47:53 +11:00
wi11-holdsworth
3323c6ba7a fix(syncthing): only needs to be defined in the default module, not also the server module 2026-02-22 16:47:53 +11:00
wi11-holdsworth
a54857c365 refactor: remove software associated with llms 2026-02-22 16:47:53 +11:00
wi11-holdsworth
c0e7f6f649 fix: nexus mods app is no longer maintained 2026-02-18 19:22:10 +11:00
github-actions[bot]
ce72f5129a flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/fcdea22' (2025-11-08)
  → 'github:ryantm/agenix/b027ee2' (2026-02-04)
• Updated input 'copyparty':
    'github:9001/copyparty/d5a8a34' (2026-01-12)
  → 'github:9001/copyparty/d067d2a' (2026-02-14)
• Updated input 'home-manager':
    'github:nix-community/home-manager/8bc5473' (2026-01-10)
  → 'github:nix-community/home-manager/ae8003d' (2026-02-15)
• Updated input 'nix-citizen':
    'github:LovingMelody/nix-citizen/7b5ad5f' (2026-01-10)
  → 'github:LovingMelody/nix-citizen/2affbcd' (2026-02-13)
• Updated input 'nix-citizen/flake-parts':
    'github:hercules-ci/flake-parts/250481a' (2026-01-05)
  → 'github:hercules-ci/flake-parts/5792860' (2026-02-02)
• Updated input 'nix-citizen/nixpkgs':
    'github:NixOS/nixpkgs/3497aa5' (2026-01-08)
  → 'github:NixOS/nixpkgs/ec7c70d' (2026-02-11)
• Updated input 'nix-citizen/treefmt-nix':
    'github:numtide/treefmt-nix/778a1d6' (2026-01-07)
  → 'github:numtide/treefmt-nix/337a4fe' (2026-02-04)
• Updated input 'nix-gaming':
    'github:fufexan/nix-gaming/c104472' (2026-01-13)
  → 'github:fufexan/nix-gaming/0c4bf3a' (2026-02-15)
• Updated input 'nix-gaming/flake-parts':
    'github:hercules-ci/flake-parts/250481a' (2026-01-05)
  → 'github:hercules-ci/flake-parts/5792860' (2026-02-02)
• Updated input 'nix-gaming/flake-parts/nixpkgs-lib':
    'github:nix-community/nixpkgs.lib/2075416' (2025-12-14)
  → 'github:nix-community/nixpkgs.lib/7271616' (2026-02-01)
• Updated input 'nix-gaming/nixpkgs':
    'github:NixOS/nixpkgs/3146c6a' (2026-01-10)
  → 'github:NixOS/nixpkgs/2343bbb' (2026-02-11)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/ffbc9f8' (2026-01-11)
  → 'github:nixos/nixpkgs/a82ccc3' (2026-02-13)
• Updated input 'nixvim':
    'github:nix-community/nixvim/7eb8f36' (2026-01-08)
  → 'github:nix-community/nixvim/ed0424f' (2026-02-15)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/a34fae9' (2025-12-15)
  → 'github:hercules-ci/flake-parts/5792860' (2026-02-02)
• Updated input 'nur':
    'github:nix-community/NUR/ecccc8e' (2026-01-12)
  → 'github:nix-community/NUR/76daea0' (2026-02-16)
 2026-02-16 16:15:54 +00:00
wi11-holdsworth
b9ec41d462 refactor(homepage-dashboard): remove unnecessary quotes around non-spaced words 2026-01-20 15:43:57 +11:00
wi11-holdsworth
3f069b9391 feat(homepage-dashboard): use equal heights in all sections 2026-01-20 15:43:54 +11:00
wi11-holdsworth
69c335dc2f feat(shell-aliases): break out to separate module to ensure aliases can be used over all shells 2026-01-20 13:13:57 +11:00
wi11-holdsworth
2197490b63 feat(borgmatic): ensure that all sqlite databases are backed up separately from the services they store data for 2026-01-20 13:13:57 +11:00
wi11-holdsworth
48b0a2325d fix(tailscale): exposing the network interface is not necessary 2026-01-15 00:54:42 +11:00
Will
585885f28d Merge pull request #80 from wi11-holdsworth/55 
Switch to caddy
 2026-01-15 00:54:19 +11:00
wi11-holdsworth
33af7eaadf feat(caddy): install and replace nginx 2026-01-15 00:54:19 +11:00
wi11-holdsworth
500c704cf4 feat(homepage-dashboard): add firefly 2026-01-15 00:33:50 +11:00
wi11-holdsworth
c9dc8d54ac fix(localisation): consolidate host-specific settings into single module 2026-01-15 00:33:50 +11:00
wi11-holdsworth
ab95710e1f refactor(syncthing): new phone, new syncthing client id 2026-01-14 23:57:40 +11:00
Will
15a3fbc455 Merge pull request #78 from wi11-holdsworth/71 
Set up upbank2firefly
 2026-01-14 22:25:29 +11:00
wi11-holdsworth
d9785dcd05 feat(upbank2firefly): install as a docker container 2026-01-14 21:33:09 +11:00
Will
4200f49728
Merge pull request #77 from wi11-holdsworth/68 
Install firefly
 2026-01-14 15:29:17 +11:00
wi11-holdsworth
f793bee495 feat(firefly): install 2026-01-14 15:28:18 +11:00
wi11-holdsworth
4ec5efa5ac refactor(gaming): remove lutris as star citizen is installed separetely now 2026-01-14 14:27:56 +11:00
wi11-holdsworth
a9b65fc1fc feat(star-citizen): install 2026-01-14 14:27:38 +11:00
wi11-holdsworth
394bf7519e feat: install snitch 2026-01-14 12:22:43 +11:00
wi11-holdsworth
fa31cbd29d refactor(fish): prefix aliases that replace a command with a comma 2026-01-14 12:22:28 +11:00
wi11-holdsworth
a729f8b6ea feat(fd): create package module 2026-01-14 11:57:32 +11:00
wi11-holdsworth
4bb49ae510 feat(bottom): create package module with theme 2026-01-14 11:57:28 +11:00
wi11-holdsworth
ec0d6928b0 feat(llm): install to desktop with some basic models 2026-01-14 01:32:36 +11:00
wi11-holdsworth
b20f8db92f refactor(kitty): deprecate in favour of alacritty 2026-01-13 14:24:36 +11:00
wi11-holdsworth
6a12889354 feat(alacritty): install and enable in gui bundle 2026-01-13 14:23:56 +11:00
wi11-holdsworth
46770f6e10 feat(gaming): no longer need latest kernel for optimal performance 2026-01-13 13:51:35 +11:00
wi11-holdsworth
a5c57fa4e7 refactor(default): nixfmt-rfc-style has been replaced with nixfmt 2026-01-13 13:50:44 +11:00
github-actions[bot]
bae532c1b1 flake.lock: Update 
Flake lock file updates:

• Updated input 'copyparty':
    'github:9001/copyparty/364f74a' (2026-01-04)
  → 'github:9001/copyparty/d5a8a34' (2026-01-12)
• Updated input 'home-manager':
    'github:nix-community/home-manager/7d5927b' (2026-01-04)
  → 'github:nix-community/home-manager/8bc5473' (2026-01-10)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/fb7944c' (2026-01-02)
  → 'github:nixos/nixpkgs/ffbc9f8' (2026-01-11)
• Updated input 'nixvim':
    'github:nix-community/nixvim/d61584c' (2026-01-02)
  → 'github:nix-community/nixvim/7eb8f36' (2026-01-08)
• Updated input 'nur':
    'github:nix-community/NUR/3b2e3c6' (2026-01-04)
  → 'github:nix-community/NUR/ecccc8e' (2026-01-12)
 2026-01-13 13:50:44 +11:00
Will
74a6ea5c76
Merge pull request #75 from wi11-holdsworth/73 
Install qui
 2026-01-13 13:10:55 +11:00
wi11-holdsworth
8ab2740c3f feat(homepage-dashboard): add link to qui 2026-01-13 13:06:40 +11:00
wi11-holdsworth
489a5b5f26 feat(qui): install 2026-01-13 13:06:24 +11:00
wi11-holdsworth
a56efefe1e fix(homepage-dashboard): update login credentials for nzbget 2026-01-13 13:06:06 +11:00
Will
64761c9e89
Merge pull request #74 from wi11-holdsworth/56 
Install NZBget
 2026-01-12 17:18:52 +11:00
wi11-holdsworth
b3eaee27c9 feat(nzbget): install unrar to enable nzbget to extract rar arhcives 2026-01-12 17:17:41 +11:00
wi11-holdsworth
6552269081 fix(borgmatic): moving backup repo to another drive disabled backup momentarily 2026-01-07 18:54:44 +11:00
wi11-holdsworth
2517ff6067 fix(homepage-dashboard): prowlarr api key changed 2026-01-07 18:54:08 +11:00
wi11-holdsworth
8683f1838b feat(nzbget): install 2026-01-07 18:53:29 +11:00
wi11-holdsworth
2f5065d610 feat(server): remove unneccesary media group and add *arr apps to srv group 2026-01-07 18:02:29 +11:00
wi11-holdsworth
ee83c94cf9 fix(flaresolverr): unlikely to ever work again, cloudflare team always monitoring 2026-01-07 18:02:29 +11:00
Will
813d71eea4
Merge pull request #72 from wi11-holdsworth/enhancement/57 
enhancement/57
 2026-01-07 15:50:37 +11:00
wi11-holdsworth
9ee61d787a feat: add bazarr to homepage dashboard 2026-01-07 15:50:00 +11:00
wi11-holdsworth
f7d138dd19 feat: install bazarr 2026-01-07 15:03:44 +11:00
wi11-holdsworth
a314b1022f feat(git): rebase branch by default when pulling 2026-01-07 15:03:33 +11:00
wi11-holdsworth
070305fe6e feat: move /media directory on host to external drive under /mnt/external 2026-01-07 15:03:33 +11:00
wi11-holdsworth
bcc0914e32 fix: deprecate zen in favour of vanilla firefox 
firefox has vertical tabs now, tab grouping, and soon split view
 2026-01-07 15:03:33 +11:00
wi11-holdsworth
f2b6808c93 refactor: move graphical applications to a separate bundle 
this facilitates lean clients, e.g. a laptop with only a virutal console
 2026-01-06 13:29:42 +11:00
wi11-holdsworth
20372363f5 Merge branch 'main' of github.com:wi11-holdsworth/dots 2026-01-06 13:18:57 +11:00
wi11-holdsworth
671284abc1 refactor: re-classify home manager modules 2026-01-06 13:18:57 +11:00
wi11-holdsworth
371cb76021 fix: dogdns is unmaintained, recommended to switch to doggo 2026-01-05 20:50:38 +11:00
wi11-holdsworth
c148b813eb Merge remote-tracking branch 'origin/update_flake_lock_action' 2026-01-05 20:47:28 +11:00
wi11-holdsworth
3e02dccb0d feat: install jellyfin desktop client 2026-01-05 20:46:49 +11:00
github-actions[bot]
5bed4291c8 flake.lock: Update 
Flake lock file updates:

• Updated input 'copyparty':
    'github:9001/copyparty/4642d32' (2025-12-26)
  → 'github:9001/copyparty/364f74a' (2026-01-04)
• Updated input 'home-manager':
    'github:nix-community/home-manager/80cca72' (2025-12-28)
  → 'github:nix-community/home-manager/7d5927b' (2026-01-04)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/3e2499d' (2025-12-25)
  → 'github:nixos/nixpkgs/fb7944c' (2026-01-02)
• Updated input 'nixvim':
    'github:nix-community/nixvim/51ae991' (2025-12-28)
  → 'github:nix-community/nixvim/d61584c' (2026-01-02)
• Updated input 'nur':
    'github:nix-community/NUR/6580345' (2025-12-28)
  → 'github:nix-community/NUR/3b2e3c6' (2026-01-04)
• Updated input 'zen-browser':
    'github:0xc000022070/zen-browser-flake/fe8d1a6' (2025-12-28)
  → 'github:0xc000022070/zen-browser-flake/e3efa5e' (2026-01-04)
• Updated input 'zen-browser/home-manager':
    'github:nix-community/home-manager/58bf3ec' (2025-12-14)
  → 'github:nix-community/home-manager/e4e78a2' (2025-12-30)
 2026-01-04 16:05:55 +00:00
wi11-holdsworth
afe85b158c feat: add karakeep to homepage 2026-01-02 20:37:11 +11:00
wi11-holdsworth
c15cdd66d9 Merge branch 'main' of github.com:wi11-holdsworth/dots 2026-01-01 20:11:04 +11:00
wi11-holdsworth
c9c81b4036 fix: web-feature template now includes a more fleshed-out backup section 2026-01-01 20:11:00 +11:00
Will
aa28e4bcf8
Merge pull request #64 from wi11-holdsworth/enhancement/61 
enhancement/61
 2025-12-29 18:47:47 +13:00
wi11-holdsworth
ea62d69060 feat: add kavita to dashboard 2025-12-29 16:47:09 +11:00
wi11-holdsworth
3d2a47ec79 feat: install kavita 2025-12-29 16:41:09 +11:00
Will
d167466d68
Merge pull request #63 from wi11-holdsworth/enhancement/62 
feat: install readarr
 2025-12-29 18:40:37 +13:00
wi11-holdsworth
7af587d546 feat: install readarr 2025-12-29 16:39:52 +11:00
wi11-holdsworth
b5c3d6419c feat: re-order services on homepage dashboard 2025-12-29 15:26:32 +11:00
wi11-holdsworth
6130f543b9 fix: web-feature template now includes a more fleshed-out backup section 2025-12-29 14:19:31 +11:00
wi11-holdsworth
4502e197bf refactor: store port as integer 2025-12-29 14:19:31 +11:00
github-actions[bot]
0f2801f823 flake.lock: Update 
Flake lock file updates:

• Updated input 'copyparty':
    'github:9001/copyparty/519bfe1' (2025-12-17)
  → 'github:9001/copyparty/4642d32' (2025-12-26)
• Updated input 'home-manager':
    'github:nix-community/home-manager/89c9508' (2025-12-17)
  → 'github:nix-community/home-manager/80cca72' (2025-12-28)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/1306659' (2025-12-15)
  → 'github:nixos/nixpkgs/3e2499d' (2025-12-25)
• Updated input 'nixvim':
    'github:nix-community/nixvim/51bbde5' (2025-12-17)
  → 'github:nix-community/nixvim/51ae991' (2025-12-28)
• Updated input 'nur':
    'github:nix-community/NUR/285245c' (2025-12-18)
  → 'github:nix-community/NUR/6580345' (2025-12-28)
• Updated input 'zen-browser':
    'github:0xc000022070/zen-browser-flake/7db019a' (2025-12-17)
  → 'github:0xc000022070/zen-browser-flake/fe8d1a6' (2025-12-28)
 2025-12-29 14:49:49 +13:00
wi11-holdsworth
ee33853420 feat: install firefox 2025-12-18 16:38:16 +11:00
github-actions[bot]
2f2cd68d76 flake.lock: Update 
Flake lock file updates:

• Updated input 'copyparty':
    'github:9001/copyparty/c5c5f9b' (2025-12-04)
  → 'github:9001/copyparty/519bfe1' (2025-12-17)
• Updated input 'home-manager':
    'github:nix-community/home-manager/e5b1f87' (2025-12-08)
  → 'github:nix-community/home-manager/89c9508' (2025-12-17)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/addf7cf' (2025-12-08)
  → 'github:nixos/nixpkgs/1306659' (2025-12-15)
• Updated input 'nixvim':
    'github:nix-community/nixvim/ba8f6d4' (2025-12-09)
  → 'github:nix-community/nixvim/51bbde5' (2025-12-17)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/2cccadc' (2025-11-21)
  → 'github:hercules-ci/flake-parts/a34fae9' (2025-12-15)
• Updated input 'zen-browser':
    'github:0xc000022070/zen-browser-flake/e7f4849' (2025-12-09)
  → 'github:0xc000022070/zen-browser-flake/7db019a' (2025-12-17)
• Updated input 'zen-browser/home-manager':
    'github:nix-community/home-manager/827f2a2' (2025-11-12)
  → 'github:nix-community/home-manager/58bf3ec' (2025-12-14)
 2025-12-17 16:07:17 +00:00
Will
e211bca3ff
Merge pull request #54 from wi11-holdsworth/enhancement/52 
enhancement/52
 2025-12-15 21:34:45 +11:00
wi11-holdsworth
bf13c50f4c feat: install karakeep 2025-12-15 21:33:01 +11:00
wi11-holdsworth
d3868b69c4 fix: options have been renamed in latest release 2025-12-15 19:55:58 +11:00
wi11-holdsworth
b834611bcb feat: install radicale for caldav and carddav support 2025-12-15 19:55:58 +11:00
wi11-holdsworth
63774a34f5 fix: options have been renamed in latest release 2025-12-10 20:22:33 +11:00
wi11-holdsworth
ea0b2ebbfd feat: install radicale for caldav and carddav support 2025-12-10 19:47:06 +11:00
github-actions[bot]
078c58831f flake.lock: Update 
Flake lock file updates:

• Updated input 'copyparty':
    'github:9001/copyparty/ac085b8' (2025-11-02)
  → 'github:9001/copyparty/c5c5f9b' (2025-12-04)
• Updated input 'home-manager':
    'github:nix-community/home-manager/37a3d97' (2025-11-10)
  → 'github:nix-community/home-manager/e5b1f87' (2025-12-08)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/b6a8526' (2025-11-08)
  → 'github:nixos/nixpkgs/addf7cf' (2025-12-08)
• Updated input 'nixvim':
    'github:nix-community/nixvim/9e556e7' (2025-11-11)
  → 'github:nix-community/nixvim/ba8f6d4' (2025-12-09)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/0bdadb1' (2025-11-10)
  → 'github:hercules-ci/flake-parts/2cccadc' (2025-11-21)
• Removed input 'nixvim/nuschtosSearch'
• Removed input 'nixvim/nuschtosSearch/flake-utils'
• Removed input 'nixvim/nuschtosSearch/flake-utils/systems'
• Removed input 'nixvim/nuschtosSearch/ixx'
• Removed input 'nixvim/nuschtosSearch/ixx/flake-utils'
• Removed input 'nixvim/nuschtosSearch/ixx/nixpkgs'
• Removed input 'nixvim/nuschtosSearch/nixpkgs'
• Updated input 'zen-browser':
    'github:0xc000022070/zen-browser-flake/51f5194' (2025-11-11)
  → 'github:0xc000022070/zen-browser-flake/e7f4849' (2025-12-09)
• Updated input 'zen-browser/home-manager':
    'github:nix-community/home-manager/b959c67' (2025-11-05)
  → 'github:nix-community/home-manager/827f2a2' (2025-11-12)
 2025-12-09 16:07:06 +00:00
wi11-holdsworth
1b5f71f2b7 fix: backup drive failing should not prevent server startup 2025-12-01 16:30:23 +11:00
github-actions[bot]
358986970c flake.lock: Update 
Flake lock file updates:

• Updated input 'nixvim':
    'github:nix-community/nixvim/2dc09e09cc65026f0899cc50291e244ee24835d3?narHash=sha256-z0VQRaEARqF5eARuAFhDixV%2Bg5B%2B5IJ1iDKSUM%2B5EIY%3D' (2025-11-10)
  → 'github:nix-community/nixvim/9e556e752505263eef8c0d0f982e2ab9029cc512?narHash=sha256-2hkqfvY2wH%2B78M85X/ZApyZURnFc926b2mAHiyHcGDE%3D' (2025-11-11)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/26d05891e14c88eb4a5d5bee659c0db5afb609d8?narHash=sha256-xxdepIcb39UJ94%2BYydGP221rjnpkDZUlykKuF54PsqI%3D' (2025-11-06)
  → 'github:hercules-ci/flake-parts/0bdadb1b265fb4143a75bd1ec7d8c915898a9923?narHash=sha256-dxFVgQPG%2BR72dkhXTtqUm7KpxElw3u6E%2BYlQ2WaDgt8%3D' (2025-11-10)
• Updated input 'zen-browser':
    'github:0xc000022070/zen-browser-flake/02bb5919dab81a3fea4d8d4663ea67922a463cd3?narHash=sha256-YgQ80R6TW9GxS0Ozaqe9mTVewuOWqwRmMUhRUpKsoCs%3D' (2025-11-10)
  → 'github:0xc000022070/zen-browser-flake/51f5194aff34d130d07f684df2a85b10a3933558?narHash=sha256-qwUWaKy%2BkmTBk6xxMI0yfkD5IU2gcxXOXNPJ2T%2BEnys%3D' (2025-11-11)
 2025-11-12 14:08:47 +11:00
wi11-holdsworth
c88d609d34 feat: add spellchecking to neovim installation 2025-11-11 17:34:10 +11:00
wi11-holdsworth
5a2c07942c fix: aerc mark as read shortcut clashes with replies, so change to I instead of R 2025-11-11 11:51:45 +11:00
github-actions[bot]
5f03991133 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28)
  → 'github:ryantm/agenix/fcdea223397448d35d9b31f798479227e80183f6?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-11-08)
• Updated input 'home-manager':
    'github:nix-community/home-manager/43e205606aeb253bfcee15fd8a4a01d8ce8384ca?narHash=sha256-hpbPma1eUKwLAmiVRoMgIHbHiIKFkcACobJLbDt6ABw%3D' (2025-11-02)
  → 'github:nix-community/home-manager/37a3d97f2873e0f68711117c34d04b7c7ead8f4e?narHash=sha256-t2U/GLLXHa2%2BkJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs%3D' (2025-11-10)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31)
  → 'github:nixos/nixpkgs/b6a8526db03f735b89dd5ff348f53f752e7ddc8e?narHash=sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV%2B3DSADBX7/9YQ%3D' (2025-11-08)
• Updated input 'nixvim':
    'github:nix-community/nixvim/660fba984fe25ded6fa2e32016c05aebf4290273?narHash=sha256-XwLZC%2B5T3gJJWVVAZ9atpRPopyXXlHfF5fvkhTigs0E%3D' (2025-11-02)
  → 'github:nix-community/nixvim/2dc09e09cc65026f0899cc50291e244ee24835d3?narHash=sha256-z0VQRaEARqF5eARuAFhDixV%2Bg5B%2B5IJ1iDKSUM%2B5EIY%3D' (2025-11-10)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20)
  → 'github:hercules-ci/flake-parts/26d05891e14c88eb4a5d5bee659c0db5afb609d8?narHash=sha256-xxdepIcb39UJ94%2BYydGP221rjnpkDZUlykKuF54PsqI%3D' (2025-11-06)
• Updated input 'zen-browser':
    'github:0xc000022070/zen-browser-flake/68b3775543b442b06a76e498fd342b16a8619757?narHash=sha256-Q7o8NTYIbGMmMrgrx9PTmmaj/GM/DWJjM6U%2Bdaaiiyk%3D' (2025-11-02)
  → 'github:0xc000022070/zen-browser-flake/02bb5919dab81a3fea4d8d4663ea67922a463cd3?narHash=sha256-YgQ80R6TW9GxS0Ozaqe9mTVewuOWqwRmMUhRUpKsoCs%3D' (2025-11-10)
• Updated input 'zen-browser/home-manager':
    'github:nix-community/home-manager/e8c19a3cec2814c754f031ab3ae7316b64da085b?narHash=sha256-S%2BwmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR%2Bkw%3D' (2025-07-15)
  → 'github:nix-community/home-manager/b959c67241cae17fc9e4ee7eaf13dfa8512477ea?narHash=sha256-0ptUDbYwxv1kk/uzEX4%2BNJjY2e16MaAhtzAOJ6K0TG0%3D' (2025-11-05)
 2025-11-11 11:37:31 +11:00
github-actions[bot]
d200cc6511 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/2f0f812f69f3eb4140157fe15e12739adf82e32a?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-10-19)
  → 'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28)
• Updated input 'copyparty':
    'github:9001/copyparty/547a7ab1cc7777f3452f441628339850511c8563?narHash=sha256-omBsQXwVWw%2BQmXo9T4Nazv2xcMEQ9VjB/61tnV3xKQQ%3D' (2025-10-19)
  → 'github:9001/copyparty/ac085b8149ff50e03d260128596dd130ed1c7cae?narHash=sha256-7Q8LtcvKWHbP8znARRTOY2tpU5WoV6FHwp5TZJOI8Us%3D' (2025-11-02)
• Updated input 'home-manager':
    'github:nix-community/home-manager/84e1adb0cdd13f5f29886091c7234365e12b1e7f?narHash=sha256-r6qbieh8iC1q1eCaWv15f4UIp8SeGffwswhNSA1Qk3s%3D' (2025-10-21)
  → 'github:nix-community/home-manager/43e205606aeb253bfcee15fd8a4a01d8ce8384ca?narHash=sha256-hpbPma1eUKwLAmiVRoMgIHbHiIKFkcACobJLbDt6ABw%3D' (2025-11-02)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19)
  → 'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31)
• Updated input 'nixvim':
    'github:nix-community/nixvim/e3b77e803b2350b72f4d72c8f175ab0fbfe5a642?narHash=sha256-UP1v%2BsEkHuvD2%2BqyhxbkQpBR%2Bdl9U0ljml3/dMI2jeU%3D' (2025-10-20)
  → 'github:nix-community/nixvim/660fba984fe25ded6fa2e32016c05aebf4290273?narHash=sha256-XwLZC%2B5T3gJJWVVAZ9atpRPopyXXlHfF5fvkhTigs0E%3D' (2025-11-02)
• Updated input 'nixvim/flake-parts':
    'github:hercules-ci/flake-parts/758cf7296bee11f1706a574c77d072b8a7baa881?narHash=sha256-wfG0S7pltlYyZTM%2BqqlhJ7GMw2fTF4mLKCIVhLii/4M%3D' (2025-10-01)
  → 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20)
• Updated input 'nixvim/nuschtosSearch':
    'github:NuschtOS/search/7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4?narHash=sha256-igrxT%2B/MnmcftPOHEb%2BXDwAMq3Xg1Xy7kVYQaHhPlAg%3D' (2025-09-23)
  → 'github:NuschtOS/search/e29de6db0cb3182e9aee75a3b1fd1919d995d85b?narHash=sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY%3D' (2025-10-29)
• Updated input 'zen-browser':
    'github:0xc000022070/zen-browser-flake/637cb6167da4dbf8ef7f5a50e69933c4f9796095?narHash=sha256-XdDpTJHjFqZJ3ss6xzTWYyi3PEObX2fs%2BkW0Wg/rNDk%3D' (2025-10-21)
  → 'github:0xc000022070/zen-browser-flake/68b3775543b442b06a76e498fd342b16a8619757?narHash=sha256-Q7o8NTYIbGMmMrgrx9PTmmaj/GM/DWJjM6U%2Bdaaiiyk%3D' (2025-11-02)
 2025-11-03 18:55:08 +11:00
wi11-holdsworth
73740ab091 Merge branch 'main' of github.com:wi11-holdsworth/dots 2025-10-29 12:55:43 +11:00
wi11-holdsworth
ae6af79439 build: git settings have been tidied up 2025-10-22 01:55:30 +11:00
wi11-holdsworth
4dc85c014e build: aerc stylesheets are strings now 2025-10-22 01:55:21 +11:00
98 changed files with 2757 additions and 657 deletions
Download patch file Download diff file Expand all files Collapse all files

340
flake.lock generated
View file

@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1760836749, "lastModified": 1770165109,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -29,11 +29,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1760897985, "lastModified": 1772965444,
"narHash": "sha256-omBsQXwVWw+QmXo9T4Nazv2xcMEQ9VjB/61tnV3xKQQ=", "narHash": "sha256-VjcI4CozsowxGkZBzxQ6LYe49e9T1qfT1BzNrnc96y0=",
"owner": "9001", "owner": "9001",
"repo": "copyparty", "repo": "copyparty",
"rev": "547a7ab1cc7777f3452f441628339850511c8563", "rev": "981a7cd9dda0acedbc7f53b2c44adb241c38cb84",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -64,7 +64,62 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixvim", "nixvim",
@ -72,11 +127,32 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759362264, "lastModified": 1769996383,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -100,21 +176,48 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": { "git-hooks": {
"inputs": { "inputs": {
"systems": "systems_2" "flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nix-gaming",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1772893680,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
"owner": "numtide", "owner": "cachix",
"repo": "flake-utils", "repo": "git-hooks.nix",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "cachix",
"repo": "flake-utils", "repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nix-gaming",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github" "type": "github"
} }
}, },
@ -146,11 +249,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1761005073, "lastModified": 1772985285,
"narHash": "sha256-r6qbieh8iC1q1eCaWv15f4UIp8SeGffwswhNSA1Qk3s=", "narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "84e1adb0cdd13f5f29886091c7234365e12b1e7f", "rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -159,52 +262,69 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_3": { "nix-citizen": {
"inputs": { "inputs": {
"nixpkgs": [ "flake-parts": "flake-parts",
"zen-browser", "nix-gaming": [
"nixpkgs" "nix-gaming"
]
},
"locked": {
"lastModified": 1752603129,
"narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
], ],
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1772840927,
"narHash": "sha256-WdIuEJpH7eUP3ya8laJAYf71WilE4x7xetgMferL5Ko=",
"owner": "LovingMelody",
"repo": "nix-citizen",
"rev": "73c8d04ba69fb0bb5c4521c4b91a930a0ce283a5",
"type": "github"
},
"original": {
"owner": "LovingMelody",
"repo": "nix-citizen",
"type": "github"
}
},
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts_2",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1772937574,
"narHash": "sha256-Yw1tP/ASebNYuW2GcYDTgWf2Mg9qcUYo6MTagXyeFCs=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "d2b0b283deb24cdbb2750e658fa7001fee5ad586",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "nix-gaming",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [ "nixpkgs": [
"nixvim", "nix-citizen",
"nuschtosSearch",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1754860581, "lastModified": 1737420293,
"narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
"owner": "NuschtOS", "owner": "nix-community",
"repo": "ixx", "repo": "nix-github-actions",
"rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NuschtOS", "owner": "nix-community",
"ref": "v0.1.1", "repo": "nix-github-actions",
"repo": "ixx",
"type": "github" "type": "github"
} }
}, },
@ -223,13 +343,60 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-lib": {
"locked": {
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1760878510, "lastModified": 1772624091,
"narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1772736753,
"narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "917fec990948658ef1ccd07cef2a1ef060786846",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1772773019,
"narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -241,19 +408,18 @@
}, },
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_3" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1760960598, "lastModified": 1772402258,
"narHash": "sha256-UP1v+sEkHuvD2+qyhxbkQpBR+dl9U0ljml3/dMI2jeU=", "narHash": "sha256-3DmCFOdmbkFML1/G9gj8Wb+rCCZFPOQtNoMCpqOF8SA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "e3b77e803b2350b72f4d72c8f175ab0fbfe5a642", "rev": "21ae25e13b01d3b4cdc750b5f9e7bad68b150c10",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -262,26 +428,24 @@
"type": "github" "type": "github"
} }
}, },
"nuschtosSearch": { "nur": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-parts": "flake-parts_4",
"ixx": "ixx",
"nixpkgs": [ "nixpkgs": [
"nixvim",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1758662783, "lastModified": 1772985100,
"narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=", "narHash": "sha256-EXFbJvUZrElVq839MnMgJEDnyXWn84Zx+MiHcZiCQmg=",
"owner": "NuschtOS", "owner": "nix-community",
"repo": "search", "repo": "NUR",
"rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4", "rev": "407db2f6f4ba94992815f872ffce9a9d99ccc13c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NuschtOS", "owner": "nix-community",
"repo": "search", "repo": "NUR",
"type": "github" "type": "github"
} }
}, },
@ -290,9 +454,11 @@
"agenix": "agenix", "agenix": "agenix",
"copyparty": "copyparty", "copyparty": "copyparty",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_2", "nix-citizen": "nix-citizen",
"nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_4",
"nixvim": "nixvim", "nixvim": "nixvim",
"zen-browser": "zen-browser" "nur": "nur"
} }
}, },
"systems": { "systems": {
@ -340,24 +506,24 @@
"type": "github" "type": "github"
} }
}, },
"zen-browser": { "treefmt-nix": {
"inputs": { "inputs": {
"home-manager": "home-manager_3",
"nixpkgs": [ "nixpkgs": [
"nix-citizen",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1761020606, "lastModified": 1772660329,
"narHash": "sha256-XdDpTJHjFqZJ3ss6xzTWYyi3PEObX2fs+kW0Wg/rNDk=", "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
"owner": "0xc000022070", "owner": "numtide",
"repo": "zen-browser-flake", "repo": "treefmt-nix",
"rev": "637cb6167da4dbf8ef7f5a50e69933c4f9796095", "rev": "3710e0e1218041bbad640352a0440114b1e10428",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "0xc000022070", "owner": "numtide",
"repo": "zen-browser-flake", "repo": "treefmt-nix",
"type": "github" "type": "github"
} }
} }

33
flake.nix
View file

@ -12,24 +12,36 @@
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-citizen = {
url = "github:LovingMelody/nix-citizen";
inputs.nix-gaming.follows = "nix-gaming";
};
nix-gaming.url = "github:fufexan/nix-gaming";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixvim = { nixvim = {
url = "github:nix-community/nixvim"; url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
zen-browser = { nur = {
url = "github:0xc000022070/zen-browser-flake"; url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# zen-browser = {
# url = "github:0xc000022070/zen-browser-flake";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# keep-sorted end # keep-sorted end
}; };
outputs = outputs =
{ {
nixpkgs, # keep-sorted start
home-manager,
agenix, agenix,
zen-browser, home-manager,
nixpkgs,
nur,
# zen-browser,
# keep-sorted end
... ...
}@inputs: }@inputs:
let let
@ -45,17 +57,24 @@
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
modules = [ modules = [
./hosts/${hostName}/configuration.nix ./hosts/${hostName}/configuration.nix
nur.modules.nixos.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager = { home-manager = {
users.${userName}.imports = [ users.${userName}.imports = [
./hosts/${hostName}/home.nix ./hosts/${hostName}/home.nix
agenix.homeManagerModules.default agenix.homeManagerModules.default
zen-browser.homeModules.twilight # zen-browser.homeModules.twilight
]; ];
backupFileExtension = "backup"; backupFileExtension = "backup";
extraSpecialArgs = { extraSpecialArgs = {
inherit userName hostName util; inherit
inputs
hostName
userName
system
util
;
}; };
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;

4
hosts/desktop/configuration.nix
View file

@ -19,12 +19,14 @@
"gaming" "gaming"
"link2c" "link2c"
"plasma" "plasma"
"star-citizen"
# keep-sorted end # keep-sorted end
]) ])
++ (util.toImports ../../modules/nixos/bundles [ ++ (util.toImports ../../modules/nixos/bundles [
# keep-sorted start # keep-sorted start
"desktop" "desktop"
"dev" "dev"
"gui"
# keep-sorted end # keep-sorted end
]); ]);
@ -37,8 +39,6 @@
system.stateVersion = "24.11"; system.stateVersion = "24.11";
i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8";
users.users.${userName} = { users.users.${userName} = {
extraGroups = [ extraGroups = [
# keep-sorted start # keep-sorted start

1
hosts/desktop/home.nix
View file

@ -13,6 +13,7 @@
# keep-sorted start # keep-sorted start
"desktop" "desktop"
"dev" "dev"
"gui"
# keep-sorted end # keep-sorted end
]); ]);

8
hosts/laptop/configuration.nix
View file

@ -23,15 +23,13 @@
# keep-sorted start # keep-sorted start
"desktop" "desktop"
"dev" "dev"
"gui"
# keep-sorted end # keep-sorted end
]); ]);
boot.initrd.luks.devices."luks-a7726a9d-535f-44bc-9c0e-adc501fad371".device = boot.initrd.luks.devices."luks-c2f5123c-0be0-4357-b383-b3f422e99a34".device = "/dev/disk/by-uuid/c2f5123c-0be0-4357-b383-b3f422e99a34";
"/dev/disk/by-uuid/a7726a9d-535f-44bc-9c0e-adc501fad371";
system.stateVersion = "24.11"; system.stateVersion = "25.05";
i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8";
users.users.${userName} = { users.users.${userName} = {
extraGroups = [ extraGroups = [

8
hosts/laptop/hardware-configuration.nix
View file

@ -14,20 +14,20 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/b772799b-5434-4d5e-b0f9-ab425e36b9a1"; { device = "/dev/disk/by-uuid/a240787a-6cc8-4c03-8a01-742adf305b1e";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-de6f14d8-8c7e-4e77-bfe5-264a39ef0bea".device = "/dev/disk/by-uuid/de6f14d8-8c7e-4e77-bfe5-264a39ef0bea"; boot.initrd.luks.devices."luks-f7d7a54f-d217-4260-8754-3cac7022e7d5".device = "/dev/disk/by-uuid/f7d7a54f-d217-4260-8754-3cac7022e7d5";
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3730-5237"; { device = "/dev/disk/by-uuid/B3C9-7C0A";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [ "fmask=0077" "dmask=0077" ];
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/081de704-5e9a-4e6d-ae8d-df492d0f662c"; } [ { device = "/dev/disk/by-uuid/b07c858a-2bd7-4b9a-aec3-3f9593c461c9"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

1
hosts/laptop/home.nix
View file

@ -13,6 +13,7 @@
# keep-sorted start # keep-sorted start
"desktop" "desktop"
"dev" "dev"
"gui"
# keep-sorted end # keep-sorted end
]); ]);

26
hosts/server/configuration.nix
View file

@ -15,7 +15,7 @@
] ]
++ (util.toImports ../../modules/nixos/features [ ++ (util.toImports ../../modules/nixos/features [
# keep-sorted start # keep-sorted start
"borgmatic" "borgbackup"
"intel-gpu" "intel-gpu"
# keep-sorted end # keep-sorted end
]) ])
@ -23,13 +23,27 @@
"server" "server"
]); ]);
networking.hostName = "${hostName}"; # external drive
services.udisks2.enable = true;
fileSystems."/mnt/external" = {
device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e";
fsType = "ext4";
options = [
"nofail"
];
};
networking = {
hostName = "${hostName}";
firewall.interfaces."enp2s0".allowedTCPPorts = [
80
443
];
};
# hardened openssh # hardened openssh
services.openssh = { services.openssh = {
passwordAuthentication = false;
allowSFTP = false; allowSFTP = false;
challengeResponseAuthentication = false;
extraConfig = '' extraConfig = ''
AllowTcpForwarding yes AllowTcpForwarding yes
X11Forwarding no X11Forwarding no
@ -37,6 +51,10 @@
AllowStreamLocalForwarding no AllowStreamLocalForwarding no
AuthenticationMethods publickey AuthenticationMethods publickey
''; '';
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
}; };
system.stateVersion = "24.11"; system.stateVersion = "24.11";

3
modules/home-manager/bundles/desktop.nix
View file

@ -6,11 +6,8 @@
imports = util.toImports ../features [ imports = util.toImports ../features [
# keep-sorted start # keep-sorted start
"aerc" "aerc"
"kitty"
"mail" "mail"
"obsidian"
"zellij" "zellij"
"zen-browser"
# keep-sorted end # keep-sorted end
]; ];
} }

4
modules/home-manager/bundles/dev.nix
View file

@ -4,6 +4,8 @@
}: }:
{ {
imports = util.toImports ../features [ imports = util.toImports ../features [
"zed-editor" # keep-sorted start
"direnv"
# keep-sorted end
]; ];
} }

14
modules/home-manager/bundles/gui.nix Normal file
View file

@ -0,0 +1,14 @@
{
util,
...
}:
{
imports = util.toImports ../features [
# keep-sorted start
"alacritty"
"librewolf"
"obsidian"
# "zen-browser"
# keep-sorted end
];
}

7
modules/home-manager/default.nix
View file

@ -6,14 +6,15 @@
imports = util.toImports ./features [ imports = util.toImports ./features [
# keep-sorted start # keep-sorted start
"agenix" "agenix"
"bash"
"bat" "bat"
"bottom"
"delta" "delta"
"direnv"
"eza" "eza"
"fish" "fd"
"gh"
"git" "git"
"lazygit" "lazygit"
"shell-aliases"
"starship" "starship"
"yazi" "yazi"
"zoxide" "zoxide"

2
modules/home-manager/features/aerc.nix
View file

@ -49,11 +49,11 @@
D = ":move Trash<Enter>"; D = ":move Trash<Enter>";
G = ":select -1<Enter>"; G = ":select -1<Enter>";
H = ":collapse-folder<Enter>"; H = ":collapse-folder<Enter>";
I = ":read<Enter>";
J = ":next-folder <Enter>"; J = ":next-folder <Enter>";
K = ":prev-folder<Enter>"; K = ":prev-folder<Enter>";
L = ":expand-folder<Enter>"; L = ":expand-folder<Enter>";
N = ":prev-result<Enter>"; N = ":prev-result<Enter>";
R = ":read<Enter>";
Rq = ":reply -q<Enter>"; Rq = ":reply -q<Enter>";
Rr = ":reply<Enter>"; Rr = ":reply<Enter>";
T = ":toggle-threads<Enter>"; T = ":toggle-threads<Enter>";

27
modules/home-manager/features/alacritty.nix Normal file
View file

@ -0,0 +1,27 @@
{
# keep-sorted start
lib,
pkgs,
# keep-sorted end
...
}:
{
programs.alacritty = {
enable = true;
settings = {
font = {
normal = {
family = "JetBrainsMono Nerd Font";
style = "Regular";
};
size = 13;
};
window.startup_mode = "Maximized";
terminal.shell = {
program = "${lib.getExe pkgs.zellij}";
args = [ "-l=welcome" ];
};
};
theme = "catppuccin_mocha";
};
}

4
modules/home-manager/features/bash.nix Normal file
View file

@ -0,0 +1,4 @@
{
home.shell.enableBashIntegration = true;
programs.bash.enable = true;
}

78
modules/home-manager/features/bottom.nix Normal file
View file

@ -0,0 +1,78 @@
{
programs.bottom = {
enable = true;
settings = {
flags = {
group_processes = true;
process_memory_as_value = true;
};
styles = {
cpu = {
all_entry_color = "#f5e0dc";
avg_entry_color = "#eba0ac";
cpu_core_colors = [
"#f38ba8"
"#fab387"
"#f9e2af"
"#a6e3a1"
"#74c7ec"
"#cba6f7"
];
};
memory = {
ram_color = "#a6e3a1";
cache_color = "#f38ba8";
swap_color = "#fab387";
gpu_colors = [
"#74c7ec"
"#cba6f7"
"#f38ba8"
"#fab387"
"#f9e2af"
"#a6e3a1"
];
arc_color = "#89dceb";
};
network = {
rx_color = "#a6e3a1";
tx_color = "#f38ba8";
rx_total_color = "#89dceb";
tx_total_color = "#a6e3a1";
};
battery = {
high_battery_color = "#a6e3a1";
medium_battery_color = "#f9e2af";
low_battery_color = "#f38ba8";
};
tables = {
headers = {
color = "#f5e0dc";
};
};
graphs = {
graph_color = "#a6adc8";
legend_text = {
color = "#a6adc8";
};
};
widgets = {
border_color = "#585b70";
selected_border_color = "#f5c2e7";
widget_title = {
color = "#f2cdcd";
};
text = {
color = "#cdd6f4";
};
selected_text = {
color = "#11111b";
bg_color = "#cba6f7";
};
disabled_text = {
color = "#1e1e2e";
};
};
};
};
};
}

6
modules/home-manager/features/fd.nix Normal file
View file

@ -0,0 +1,6 @@
{
programs.fd = {
enable = true;
hidden = true;
};
}

254
modules/home-manager/features/firefox.nix Normal file
View file

@ -0,0 +1,254 @@
{
pkgs,
...
}:
{
programs.firefox = {
enable = true;
languagePacks = [ "en-GB" ];
profiles.will = {
settings = {
# keep-sorted start
"browser.aboutwelcome.enabled" = false;
"browser.bookmarks.addedImportButton" = false;
"browser.bookmarks.restore_default_bookmarks" = false;
"browser.download.useDownloadDir" = true;
"browser.newtabpage.enabled" = false;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.remote.block_uncommon" = false;
"browser.search.suggest.enabled" = false;
"browser.startup.homepage" = "chrome://browser/content/blanktab.html";
"browser.startup.page" = 3;
"browser.tabs.groups.smart.userEnabled" = false;
"browser.tabs.warnOnClose" = true;
"browser.tabs.warnOnOpen" = false;
"browser.toolbars.bookmarks.visibility" = "never";
"browser.urlbar.suggest.searches" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.usage.uploadEnabled" = false;
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.formautofill.creditCards.enabled" = false;
"general.autoScroll" = true;
"intl.locale.requested" = "en-GB";
"network.trr.mode" = 3;
"network.trr.uri" = "https://firefox.dns.nextdns.io/";
"privacy.annotate_channels.strict_list.enabled" = true;
"privacy.bounceTrackingProtection.mode" = 1;
"privacy.fingerprintingProtection" = true;
"privacy.globalprivacycontrol.enabled" = true;
"privacy.globalprivacycontrol.was_ever_enabled" = true;
"privacy.history.custom" = false;
"privacy.query_stripping.enabled " = true;
"privacy.query_stripping.enabled.pbmode" = true;
"privacy.sanitize.sanitizeOnShutdown" = false;
"privacy.trackingprotection.allow_list.baseline.enabled" = true;
"privacy.trackingprotection.allow_list.convenience.enabled" = false;
"privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false;
"privacy.trackingprotection.emailtracking.enabled" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
"services.sync.engine.passwords" = false;
"sidebar.main.tools" = "syncedtabs,history,bookmarks";
"sidebar.new-sidebar.has-used" = true;
"sidebar.position_start" = false;
"sidebar.revamp" = true;
"sidebar.verticalTabs" = true;
"sidebar.verticalTabs.dragToPinPromo.dismissed" = true;
"signon.autofillForms" = false;
"signon.firefoxRelay.feature" = "disabled";
"signon.generation.enabled" = false;
"signon.management.page.breach-alerts.enabled" = false;
"signon.rememberSignons" = false;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
# keep-sorted end
};
search = {
default = "ddg";
privateDefault = "ddg";
engines = { };
order = [ ];
force = true;
};
extensions = {
force = true;
packages = with pkgs.nur.repos.rycee.firefox-addons; [
# keep-sorted start sticky_comments=no
# detect-cloudflare
bitwarden
dearrow
nixpkgs-pr-tracker
react-devtools
return-youtube-dislikes
sponsorblock
ublock-origin
# keep-sorted end
];
settings = {
# keep-sorted start block=yes
# sponsorblock
"sponsorBlocker@ajay.app".settings = {
hideSegmentCreationInPopup = false;
autoSkipOnMusicVideosUpdate = true;
changeChapterColor = true;
autoSkipOnMusicVideos = false;
hideVideoPlayerControls = false;
useVirtualTime = true;
categoryPillColors = { };
payments = {
chaptersAllowed = false;
freeAccess = false;
lastCheck = 0;
lastFreeCheck = 0;
licenseKey = null;
};
allowExpirements = true;
allowScrollingToEdit = true;
audioNotificationOnSkip = false;
autoHideInfoButton = true;
categoryPillUpdate = true;
chapterCategoryAdded = true;
checkForUnlistedVideos = false;
cleanPopup = false;
darkMode = true;
deArrowInstalled = true;
defaultCategory = "chooseACategory";
disableSkipping = false;
donateClicked = 0;
dontShowNotice = false;
forceChannelCheck = false;
fullVideoLabelsOnThumbnails = true;
fullVideoSegments = true;
hideDeleteButtonPlayerControls = false;
hideDiscordLaunches = 0;
hideDiscordLink = false;
hideInfoButtonPlayerControls = false;
hideSkipButtonPlayerControls = false;
hideUploadButtonPlayerControls = false;
categorySelections = [
{
name = "sponsor";
option = 2;
}
{
name = "poi_highlight";
option = 1;
}
{
name = "exclusive_access";
option = 0;
}
{
name = "chapter";
option = 0;
}
{
name = "selfpromo";
option = 1;
}
{
name = "interaction";
option = 1;
}
{
name = "intro";
option = 1;
}
{
name = "outro";
option = 1;
}
{
name = "preview";
option = 1;
}
{
name = "filler";
option = 1;
}
{
name = "music_offtopic";
option = 2;
}
{
name = "hook";
option = 1;
}
];
manualSkipOnFullVideo = false;
minDuration = 0;
isVip = false;
muteSegments = false;
noticeVisibilityMode = 3;
renderSegmentsAsChapters = false;
scrollToEditTimeUpdate = false;
serverAddress = "https://sponsor.ajay.app";
showAutogeneratedChapters = false;
showCategoryGuidelines = true;
showCategoryWithoutPermission = false;
showChapterInfoMessage = true;
showDeArrowInSettings = true;
showDeArrowPromotion = true;
showDonationLink = false;
showNewFeaturePopups = false;
showSegmentFailedToFetchWarning = true;
showSegmentNameInChapterBar = true;
showTimeWithSkips = true;
showUpcomingNotice = false;
showUpsells = false;
minutesSaved = 67.630516;
shownDeArrowPromotion = false;
showZoomToFillError2 = false;
skipNoticeDuration = 4;
sponsorTimesContributed = 0;
testingServer = false;
trackDownvotes = false;
trackDownvotesInPrivate = false;
trackViewCount = false;
trackViewCountInPrivate = false;
ytInfoPermissionGranted = false;
skipNonMusicOnlyOnYoutubeMusic = false;
hookUpdate = false;
permissions = {
sponsor = true;
selfpromo = true;
exclusive_access = true;
interaction = true;
intro = true;
outro = true;
preview = true;
hook = true;
music_offtopic = true;
filler = true;
poi_highlight = true;
chapter = false;
};
segmentListDefaultTab = 0;
prideTheme = false;
};
# ublock-origin
"uBlock0@raymondhill.net".settings = {
advancedUserEnabled = true;
selectedFilterLists = [
"user-filters"
"ublock-filters"
"ublock-badware"
"ublock-privacy"
"ublock-quick-fixes"
"ublock-unbreak"
"easylist"
"easyprivacy"
"adguard-spyware-url"
"urlhaus-1"
"plowe-0"
];
};
# keep-sorted end
};
};
};
};
}

24
modules/home-manager/features/fish.nix
View file

@ -9,30 +9,6 @@
interactiveShellInit = '' interactiveShellInit = ''
set fish_greeting set fish_greeting
''; '';
shellAliases = {
# keep-sorted start
cat = "bat";
# cd = "j";
cut = "choose";
df = "duf";
du = "dua";
# find = "fd";
g = "lazygit";
l = "eza";
la = "eza -a";
ls = "eza";
ns = "nh os switch";
# curl = "xh";
ping = "gping";
ps = "procs";
# sed = "sd";
# grep = "rga";
top = "btm";
unzip = "ripunzip";
vi = "nvim";
vim = "nvim";
# keep-sorted end
};
plugins = [ plugins = [
# INFO: Using this to get shell completion for programs added to the path through nix+direnv. # INFO: Using this to get shell completion for programs added to the path through nix+direnv.
# Issue to upstream into direnv:Add commentMore actions # Issue to upstream into direnv:Add commentMore actions

27
modules/home-manager/features/git.nix
View file

@ -1,15 +1,12 @@
{
userName,
...
}:
{ {
programs.git = { programs.git = {
enable = true; enable = true;
settings = { settings = {
init.defaultBranch = "main"; # keep-sorted start block=yes
core.editor = "nvim";
push.autoSetupRemote = true;
pull.rebase = false;
user = {
name = "wi11-holdsworth";
email = "83637728+wi11-holdsworth@users.noreply.github.com";
};
aliases = { aliases = {
# keep-sorted start # keep-sorted start
a = "add"; a = "add";
@ -30,6 +27,20 @@
s = "status -s"; s = "status -s";
# keep-sorted end # keep-sorted end
}; };
core.editor = "nvim";
init.defaultBranch = "main";
pull.rebase = true;
push.autoSetupRemote = true;
user = {
name = "Will Holdsworth";
email = "me@fi33.buzz";
};
# keep-sorted end
};
signing = {
key = "/home/${userName}/.ssh/git_signature.pub";
format = "ssh";
signByDefault = true;
}; };
}; };
} }

1
modules/home-manager/features/lazygit.nix
View file

@ -5,6 +5,7 @@
programs.lazygit = { programs.lazygit = {
enable = true; enable = true;
settings = { settings = {
git.overrideGpg = true;
log = { log = {
localBranchSortOrder = "recency"; localBranchSortOrder = "recency";
remoteBranchSortOrder = "recency"; remoteBranchSortOrder = "recency";

255
modules/home-manager/features/librewolf.nix Normal file
View file

@ -0,0 +1,255 @@
{
pkgs,
...
}:
{
programs.librewolf = {
enable = true;
languagePacks = [ "en-GB" ];
profiles.will = {
settings = {
# keep-sorted start
"browser.aboutwelcome.enabled" = false;
"browser.bookmarks.addedImportButton" = false;
"browser.bookmarks.restore_default_bookmarks" = false;
"browser.download.useDownloadDir" = true;
"browser.newtabpage.enabled" = false;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.remote.block_uncommon" = false;
"browser.search.suggest.enabled" = false;
"browser.startup.homepage" = "chrome://browser/content/blanktab.html";
"browser.startup.page" = 3;
"browser.tabs.groups.smart.userEnabled" = false;
"browser.tabs.warnOnClose" = true;
"browser.tabs.warnOnOpen" = false;
"browser.toolbars.bookmarks.visibility" = "never";
"browser.urlbar.suggest.searches" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.usage.uploadEnabled" = false;
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.formautofill.creditCards.enabled" = false;
"general.autoScroll" = true;
"identity.fxaccounts.enabled" = true;
"intl.locale.requested" = "en-GB";
"network.trr.mode" = 3;
"network.trr.uri" = "https://firefox.dns.nextdns.io/";
"privacy.annotate_channels.strict_list.enabled" = true;
"privacy.bounceTrackingProtection.mode" = 1;
"privacy.fingerprintingProtection" = true;
"privacy.globalprivacycontrol.enabled" = true;
"privacy.globalprivacycontrol.was_ever_enabled" = true;
"privacy.history.custom" = false;
"privacy.query_stripping.enabled " = true;
"privacy.query_stripping.enabled.pbmode" = true;
"privacy.sanitize.sanitizeOnShutdown" = false;
"privacy.trackingprotection.allow_list.baseline.enabled" = true;
"privacy.trackingprotection.allow_list.convenience.enabled" = false;
"privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false;
"privacy.trackingprotection.emailtracking.enabled" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
"services.sync.engine.passwords" = false;
"sidebar.main.tools" = "syncedtabs,history,bookmarks";
"sidebar.new-sidebar.has-used" = true;
"sidebar.position_start" = false;
"sidebar.revamp" = true;
"sidebar.verticalTabs" = true;
"sidebar.verticalTabs.dragToPinPromo.dismissed" = true;
"signon.autofillForms" = false;
"signon.firefoxRelay.feature" = "disabled";
"signon.generation.enabled" = false;
"signon.management.page.breach-alerts.enabled" = false;
"signon.rememberSignons" = false;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
# keep-sorted end
};
search = {
default = "ddg";
privateDefault = "ddg";
engines = { };
order = [ ];
force = true;
};
extensions = {
force = true;
packages = with pkgs.nur.repos.rycee.firefox-addons; [
# keep-sorted start sticky_comments=no
# detect-cloudflare
bitwarden
dearrow
nixpkgs-pr-tracker
react-devtools
return-youtube-dislikes
sponsorblock
ublock-origin
# keep-sorted end
];
settings = {
# keep-sorted start block=yes
# sponsorblock
"sponsorBlocker@ajay.app".settings = {
hideSegmentCreationInPopup = false;
autoSkipOnMusicVideosUpdate = true;
changeChapterColor = true;
autoSkipOnMusicVideos = false;
hideVideoPlayerControls = false;
useVirtualTime = true;
categoryPillColors = { };
payments = {
chaptersAllowed = false;
freeAccess = false;
lastCheck = 0;
lastFreeCheck = 0;
licenseKey = null;
};
allowExpirements = true;
allowScrollingToEdit = true;
audioNotificationOnSkip = false;
autoHideInfoButton = true;
categoryPillUpdate = true;
chapterCategoryAdded = true;
checkForUnlistedVideos = false;
cleanPopup = false;
darkMode = true;
deArrowInstalled = true;
defaultCategory = "chooseACategory";
disableSkipping = false;
donateClicked = 0;
dontShowNotice = false;
forceChannelCheck = false;
fullVideoLabelsOnThumbnails = true;
fullVideoSegments = true;
hideDeleteButtonPlayerControls = false;
hideDiscordLaunches = 0;
hideDiscordLink = false;
hideInfoButtonPlayerControls = false;
hideSkipButtonPlayerControls = false;
hideUploadButtonPlayerControls = false;
categorySelections = [
{
name = "sponsor";
option = 2;
}
{
name = "poi_highlight";
option = 1;
}
{
name = "exclusive_access";
option = 0;
}
{
name = "chapter";
option = 0;
}
{
name = "selfpromo";
option = 1;
}
{
name = "interaction";
option = 1;
}
{
name = "intro";
option = 1;
}
{
name = "outro";
option = 1;
}
{
name = "preview";
option = 1;
}
{
name = "filler";
option = 1;
}
{
name = "music_offtopic";
option = 2;
}
{
name = "hook";
option = 1;
}
];
manualSkipOnFullVideo = false;
minDuration = 0;
isVip = false;
muteSegments = false;
noticeVisibilityMode = 3;
renderSegmentsAsChapters = false;
scrollToEditTimeUpdate = false;
serverAddress = "https://sponsor.ajay.app";
showAutogeneratedChapters = false;
showCategoryGuidelines = true;
showCategoryWithoutPermission = false;
showChapterInfoMessage = true;
showDeArrowInSettings = true;
showDeArrowPromotion = true;
showDonationLink = false;
showNewFeaturePopups = false;
showSegmentFailedToFetchWarning = true;
showSegmentNameInChapterBar = true;
showTimeWithSkips = true;
showUpcomingNotice = false;
showUpsells = false;
minutesSaved = 67.630516;
shownDeArrowPromotion = false;
showZoomToFillError2 = false;
skipNoticeDuration = 4;
sponsorTimesContributed = 0;
testingServer = false;
trackDownvotes = false;
trackDownvotesInPrivate = false;
trackViewCount = false;
trackViewCountInPrivate = false;
ytInfoPermissionGranted = false;
skipNonMusicOnlyOnYoutubeMusic = false;
hookUpdate = false;
permissions = {
sponsor = true;
selfpromo = true;
exclusive_access = true;
interaction = true;
intro = true;
outro = true;
preview = true;
hook = true;
music_offtopic = true;
filler = true;
poi_highlight = true;
chapter = false;
};
segmentListDefaultTab = 0;
prideTheme = false;
};
# ublock-origin
"uBlock0@raymondhill.net".settings = {
advancedUserEnabled = true;
selectedFilterLists = [
"user-filters"
"ublock-filters"
"ublock-badware"
"ublock-privacy"
"ublock-quick-fixes"
"ublock-unbreak"
"easylist"
"easyprivacy"
"adguard-spyware-url"
"urlhaus-1"
"plowe-0"
];
};
# keep-sorted end
};
};
};
};
}

27
modules/home-manager/features/shell-aliases.nix Normal file
View file

@ -0,0 +1,27 @@
{
home.shellAliases = {
# keep-sorted start
",cat" = "bat";
",curl" = "xh";
",cut" = "choose";
",df" = "duf";
",diff" = "delta";
",du" = "dua";
",find" = "fd";
",grep" = "rga";
",ping" = "gping";
",ps" = "procs";
",sed" = "sd";
",ss" = "snitch";
",top" = "btm";
",unzip" = "ripunzip";
"g" = "lazygit";
"l" = "eza";
"la" = "eza -a";
"ls" = "eza";
"ns" = "nh os switch";
"vi" = "nvim";
"vim" = "nvim";
# keep-sorted end
};
}

1
modules/home-manager/features/yazi.nix
View file

@ -5,6 +5,7 @@
{ {
programs.yazi = { programs.yazi = {
enable = true; enable = true;
shellWrapperName = "y";
plugins = { plugins = {
# keep-sorted start # keep-sorted start
diff = pkgs.yaziPlugins.diff; diff = pkgs.yaziPlugins.diff;

1
modules/home-manager/features/zellij.nix
View file

@ -4,7 +4,6 @@
settings = { settings = {
theme = "catppuccin-mocha"; theme = "catppuccin-mocha";
show_startup_tips = false; show_startup_tips = false;
default_shell = "fish";
}; };
}; };
} }

1
modules/home-manager/features/zoxide.nix
View file

@ -1,7 +1,6 @@
{ {
programs.zoxide = { programs.zoxide = {
enable = true; enable = true;
enableBashIntegration = true;
options = [ options = [
"--cmd j" "--cmd j"
]; ];

15
modules/nixos/bundles/desktop.nix
View file

@ -1,8 +1,5 @@
{ {
# keep-sorted start
pkgs,
util, util,
# keep-sorted end
... ...
}: }:
{ {
@ -13,16 +10,4 @@
"protonmail-bridge" "protonmail-bridge"
# keep-sorted end # keep-sorted end
]; ];
environment.systemPackages = with pkgs; [
# keep-sorted start
beeper
calibre
cameractrls-gtk3
# https://github.com/NixOS/nixpkgs/issues/437865
# jellyfin-media-player
onlyoffice-desktopeditors
textsnatcher
# keep-sorted end
];
} }

5
modules/nixos/bundles/dev.nix
View file

@ -7,12 +7,7 @@
# keep-sorted start # keep-sorted start
bacon bacon
cargo-info cargo-info
devenv
just
mask mask
rusty-man
vscode
# keep-sorted end # keep-sorted end
]; ];
} }

24
modules/nixos/bundles/gui.nix Normal file
View file

@ -0,0 +1,24 @@
{
# keep-sorted start
pkgs,
util,
# keep-sorted end
...
}:
{
imports = util.toImports ../features [
# keep-sorted start
"fonts"
# keep-sorted end
];
environment.systemPackages = with pkgs; [
# keep-sorted start
cameractrls-gtk3
jellyfin-desktop
libreoffice
signal-desktop
textsnatcher
# keep-sorted end
];
}

23
modules/nixos/bundles/server.nix
View file

@ -5,28 +5,37 @@
{ {
imports = util.toImports ../features [ imports = util.toImports ../features [
# keep-sorted start # keep-sorted start
"bazarr"
"caddy"
"copyparty" "copyparty"
"couchdb" "couchdb"
"flaresolverr" "cryptpad"
"fi33.buzz"
"gatus"
"homepage-dashboard" "homepage-dashboard"
"immich" "immich"
"jellyfin" "jellyfin"
"kavita"
"libretranslate"
"lidarr" "lidarr"
"mealie"
"miniflux" "miniflux"
"nginx"
"ntfy-sh" "ntfy-sh"
"owntracks" "nzbget"
"paperless" "paperless"
"prowlarr" "prowlarr"
"qbittorrent" "qbittorrent"
"radarr" "radarr"
"radicale"
"readarr"
"send"
"sonarr" "sonarr"
"syncthing"
"vaultwarden" "vaultwarden"
# keep-sorted end # keep-sorted end
]; ];
users.groups.media = { }; services.borgbackup.jobs = {
onsite.paths = [ "/srv" ];
services.borgmatic.settings.source_directories = [ "/srv" ]; offsite.paths = [ "/srv" ];
};
} }

13
modules/nixos/default.nix
View file

@ -9,7 +9,6 @@
imports = util.toImports ./features [ imports = util.toImports ./features [
# keep-sorted start # keep-sorted start
"agenix" "agenix"
"fonts"
"localisation" "localisation"
"network" "network"
"nh" "nh"
@ -17,7 +16,6 @@
"nixvim" "nixvim"
"syncthing" "syncthing"
"systemd-boot" "systemd-boot"
"tailscale"
# keep-sorted end # keep-sorted end
]; ];
@ -25,17 +23,13 @@
with pkgs; with pkgs;
[ [
# keep-sorted start # keep-sorted start
bottom # top
broot # large directory browser broot # large directory browser
choose # cut choose # cut
circumflex # hacker news browsing
cointop # crypto ticker
ddgr # web search ddgr # web search
dogdns # dns doggo # dns
dua # du dua # du
duf # df duf # df
epy # ebook reading epy # ebook reading
fd # find
fselect # find with sql syntax fselect # find with sql syntax
fx # json processor and viewer fx # json processor and viewer
fzf # fuzzy finder fzf # fuzzy finder
@ -50,7 +44,7 @@
nb # note taking nb # note taking
nil # nix language server nil # nix language server
nixd # nix language server nixd # nix language server
nixfmt-rfc-style # nix file formatting nixfmt # nix file formatting
nom # stylistic nix dependency graphs nom # stylistic nix dependency graphs
pastel # colour generation pastel # colour generation
pdd # datetime calculations pdd # datetime calculations
@ -62,10 +56,11 @@
ripunzip # unzip ripunzip # unzip
sd # sed sd # sed
slides # presentations slides # presentations
snitch # netstat
ticker # stock ticker ticker # stock ticker
tldr # cheat sheets tldr # cheat sheets
tmpmail # temporary email address tmpmail # temporary email address
topydo # todo.txt helper tool # topydo # todo.txt helper tool
tt # typing test tt # typing test
wtfutil # terminal homepage wtfutil # terminal homepage
xh # curl xh # curl

38
modules/nixos/features/bazarr.nix Normal file
View file

@ -0,0 +1,38 @@
let
port = 5017;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "subtitles.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
bazarr = {
enable = true;
dataDir = "/srv/bazarr";
group = "srv";
listenPort = port;
};
gatus.settings.endpoints = [
{
name = "Bazarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

57
modules/nixos/features/borgbackup.nix Normal file
View file

@ -0,0 +1,57 @@
{
config,
pkgs,
...
}:
let
jobConfig = {
compression = "auto,zlib";
doInit = false;
preHook = ''
/run/wrappers/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dumpall > /srv/backup/database/postgres/dump.sql
'';
postHook = ''
rm /srv/backup/database/postgres/dump.sql
'';
prune.keep = {
daily = 7;
weekly = 4;
monthly = 6;
yearly = 1;
};
readWritePaths = [
"/srv/backup"
];
startAt = "*-*-* 03:00:00";
extraCreateArgs = [ "-v" ];
};
in
{
services.borgbackup = {
jobs = {
onsite = {
encryption = {
passCommand = "cat ${config.age.secrets.borgbackup-onsite.path}";
mode = "repokey-blake2";
};
removableDevice = true;
repo = "/mnt/external/backup/take2";
}
// jobConfig;
offsite = {
encryption = {
passCommand = "cat ${config.age.secrets.borgbackup-offsite.path}";
mode = "repokey-blake2";
};
environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519";
repo = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo";
}
// jobConfig;
};
};
age.secrets = {
borgbackup-onsite.file = ../../../secrets/borgbackup-onsite.age;
borgbackup-offsite.file = ../../../secrets/borgbackup-offsite.age;
};
}

15
modules/nixos/features/borgmatic.nix
View file

@ -20,6 +20,8 @@
ntfy = { ntfy = {
topic = "backups"; topic = "backups";
server = config.services.ntfy-sh.settings.base-url; server = config.services.ntfy-sh.settings.base-url;
username = "borgmatic";
password = "{credential file ${config.age.secrets.borgmatic-ntfy.path}}";
finish = { finish = {
title = "Ping!"; title = "Ping!";
message = "Your backups have succeeded :)"; message = "Your backups have succeeded :)";
@ -35,16 +37,15 @@
"fail" "fail"
]; ];
}; };
relocated_repo_access_is_ok = true;
repositories = [ repositories = [
{ {
path = "/backup/repo"; path = "/mnt/external/backup/repo";
label = "onsite"; label = "onsite";
# encryption = "repokey-blake2";
} }
{ {
path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo";
label = "offsite"; label = "offsite";
# encryption = "repokey-blake2";
} }
]; ];
retries = 3; retries = 3;
@ -72,16 +73,10 @@
"borgmatic-pg:${config.age.secrets.borgmatic-pg.path}" "borgmatic-pg:${config.age.secrets.borgmatic-pg.path}"
]; ];
# onsite drive
services.udisks2.enable = true;
fileSystems."/backup" = {
device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e";
fsType = "ext4";
};
# secrets # secrets
age.secrets = { age.secrets = {
"borgmatic".file = ../../../secrets/borgmatic.age; "borgmatic".file = ../../../secrets/borgmatic.age;
"borgmatic-ntfy".file = ../../../secrets/borgmatic-ntfy.age;
"borgmatic-pg".file = ../../../secrets/borgmatic-pg.age; "borgmatic-pg".file = ../../../secrets/borgmatic-pg.age;
}; };
} }

29
modules/nixos/features/caddy.nix Normal file
View file

@ -0,0 +1,29 @@
{
config,
...
}:
{
services.caddy = {
enable = true;
dataDir = "/srv/caddy";
globalConfig = ''
auto_https disable_redirects
'';
openFirewall = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "festive-steed-fit@duck.com";
certs."fi33.buzz" = {
group = config.services.caddy.group;
domain = "fi33.buzz";
extraDomainNames = [ "*.fi33.buzz" ];
dnsProvider = "porkbun";
dnsPropagationCheck = true;
credentialsFile = config.age.secrets."porkbun-api".path;
};
};
age.secrets."porkbun-api".file = ../../../secrets/porkbun-api.age;
}

45
modules/nixos/features/copyparty.nix
View file

@ -2,12 +2,14 @@
# keep-sorted start # keep-sorted start
config, config,
inputs, inputs,
lib,
# keep-sorted end # keep-sorted end
... ...
}: }:
let let
port = "5000"; port = 5000;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "files.fi33.buzz";
url = "https://${hostname}";
in in
{ {
imports = [ inputs.copyparty.nixosModules.default ]; imports = [ inputs.copyparty.nixosModules.default ];
@ -20,30 +22,47 @@ in
e2dsa = true; e2dsa = true;
e2ts = true; e2ts = true;
e2vu = true; e2vu = true;
p = lib.toInt port; p = port;
xff-hdr = "x-forwarded-for";
rproxy = 1;
}; };
accounts.will.passwordFile = config.age.secrets.copyparty-will.path; accounts.Impatient7119.passwordFile = config.age.secrets.copyparty.path;
volumes."/" = { volumes."/" = {
path = "/srv/copyparty"; path = "/srv/copyparty";
access = { access = {
r = "*"; A = [ "Impatient7119" ];
A = [ "will" ];
}; };
}; };
}; };
nginx.virtualHosts."copyparty.fi33.buzz" = { gatus.settings.endpoints = [
forceSSL = true; {
useACMEHost = "fi33.buzz"; name = "copyparty";
locations."/".proxyPass = "http://localhost:${port}"; group = "Private Services";
}; inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
# secrets # secrets
age.secrets."copyparty-will" = { age.secrets."copyparty" = {
file = ../../../secrets/copyparty-will.age; file = ../../../secrets/copyparty.age;
owner = "copyparty"; owner = "copyparty";
}; };

39
modules/nixos/features/couchdb.nix
View file

@ -1,9 +1,8 @@
{
lib,
...
}:
let let
port = "5984"; port = 5984;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "couchdb.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -12,7 +11,7 @@ in
databaseDir = "/srv/couchdb"; databaseDir = "/srv/couchdb";
viewIndexDir = "/srv/couchdb"; viewIndexDir = "/srv/couchdb";
configFile = "/srv/couchdb"; configFile = "/srv/couchdb";
port = lib.toInt port; inherit port;
extraConfig = { extraConfig = {
chttpd = { chttpd = {
require_valid_user = true; require_valid_user = true;
@ -32,16 +31,32 @@ in
cors = { cors = {
credentials = true; credentials = true;
origins = '' origins = ''
app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://${hostname},http://${hostname},${url}
''; '';
}; };
}; };
}; };
nginx.virtualHosts."couchdb.fi33.buzz" = { gatus.settings.endpoints = [
forceSSL = true; {
useACMEHost = "fi33.buzz"; name = "CouchDB";
locations."/".proxyPass = "http://localhost:${port}"; group = "Private Services";
}; inherit url;
interval = "5m";
conditions = [
"[STATUS] == 401"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

66
modules/nixos/features/cryptpad.nix Normal file
View file

@ -0,0 +1,66 @@
let
httpPort = 5022;
websocketPort = 5024;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "cryptpad.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
cryptpad = {
enable = true;
settings = {
inherit httpPort;
inherit websocketPort;
httpUnsafeOrigin = url;
httpSafeOrigin = "https://cryptpad-ui.fi33.buzz";
inactiveTime = 7;
archiveRetentionTime = 7;
accountRetentionTime = 7;
};
};
gatus.settings.endpoints = [
{
name = "CryptPad";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts."${hostname} cryptpad-ui.fi33.buzz".extraConfig = ''
header Strict-Transport-Security "includeSubDomains; preload"
handle /cryptpad_websocket* {
reverse_proxy localhost:${toString websocketPort} {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
handle {
reverse_proxy localhost:${toString httpPort} {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
@register {
host ${hostname}
path /register*
}
respond @register 403
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

19
modules/nixos/features/fi33.buzz.nix Normal file
View file

@ -0,0 +1,19 @@
let
certloc = "/var/lib/acme/fi33.buzz";
hostname = "www.fi33.buzz";
in
{
# TODO why can't I serve content on fi33.buzz? dns propagation issue?
services.caddy.virtualHosts = {
"fi33.buzz".extraConfig = ''
redir https://www.fi33.buzz{uri} permanent
'';
${hostname}.extraConfig = ''
root * /srv/fi33.buzz/public
file_server
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

50
modules/nixos/features/firefly.nix Normal file
View file

@ -0,0 +1,50 @@
{
config,
...
}:
let
certloc = "/var/lib/acme/fi33.buzz";
in
{
services = {
firefly-iii = {
enable = true;
dataDir = "/srv/firefly";
group = config.services.caddy.group;
settings = {
# keep-sorted start
ALLOW_WEBHOOKS = "true";
APP_KEY_FILE = config.age.secrets.firefly.path;
APP_URL = "https://firefly.fi33.buzz";
DEFAULT_LANGUAGE = "en_GB";
REPORT_ERRORS_ONLINE = "false";
TRUSTED_PROXIES = "**";
TZ = "Australia/Melbourne";
# keep-sorted end
};
};
caddy.virtualHosts."firefly.fi33.buzz".extraConfig = ''
root * ${config.services.firefly-iii.package}/public
php_fastcgi unix//${config.services.phpfpm.pools.firefly-iii.socket}
try_files {path} {path}/ /index.php?{query}
file_server {
index index.php
}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
age.secrets = {
firefly = {
file = ../../../secrets/firefly.age;
owner = "firefly-iii";
};
firefly-db = {
file = ../../../secrets/firefly-db.age;
owner = "firefly-iii";
};
};
}

21
modules/nixos/features/flaresolverr.nix
View file

@ -1,21 +0,0 @@
{
lib,
...
}:
let
port = "5011";
in
{
services = {
flaresolverr = {
enable = true;
port = lib.toInt port;
};
nginx.virtualHosts."flaresolverr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
}

5
modules/nixos/features/gaming.nix
View file

@ -6,9 +6,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# keep-sorted start # keep-sorted start
heroic heroic
lutris
mangohud mangohud
nexusmods-app
prismlauncher prismlauncher
protonup-qt protonup-qt
wine wine
@ -19,6 +17,7 @@
programs = { programs = {
gamemode.enable = true; gamemode.enable = true;
gamescope.enable = true;
steam = { steam = {
enable = true; enable = true;
gamescopeSession.enable = true; gamescopeSession.enable = true;
@ -31,5 +30,5 @@
}; };
# latest kernel # latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest; # boot.kernelPackages = pkgs.linuxPackages_latest;
} }

55
modules/nixos/features/gatus.nix Normal file
View file

@ -0,0 +1,55 @@
{
config,
...
}:
let
port = 5025;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "status.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
gatus = {
enable = true;
environmentFile = config.age.secrets.gatus.path;
settings = {
alerting = {
ntfy = {
topic = "services";
url = config.services.ntfy-sh.settings.base-url;
token = "$NTFY_TOKEN";
click = url;
default-alert = {
description = "Health Check Failed";
send-on-resolved = true;
};
};
};
connectivity.checker = {
target = "1.1.1.1:53";
interval = "60s";
};
ui = {
title = "Health Dashboard | Fi33Buzz";
description = "Fi33Buzz health dashboard";
dashboard-heading = "";
dashboard-subheading = "";
header = "Fi33Buzz Status";
link = "https://home.fi33.buzz/";
default-sort-by = "group";
};
web.port = port;
};
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
age.secrets.gatus.file = ../../../secrets/gatus.age;
}

432
modules/nixos/features/homepage-dashboard.nix
View file

@ -7,7 +7,7 @@
... ...
}: }:
let let
port = "5004"; port = 5004;
genSecrets = genSecrets =
secrets: secrets:
lib.genAttrs secrets (secret: { lib.genAttrs secrets (secret: {
@ -25,65 +25,54 @@ let
# keep-sorted start # keep-sorted start
"immich" "immich"
"jellyfin" "jellyfin"
"kavita-api"
"lidarr" "lidarr"
"mealie"
"miniflux" "miniflux"
"nzbget"
"paperless" "paperless"
"prowlarr" "prowlarr"
"radarr" "radarr"
"readarr"
"sonarr" "sonarr"
"subtitles"
# keep-sorted end # keep-sorted end
]; ];
certloc = "/var/lib/acme/fi33.buzz";
hostname = "home.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
homepage-dashboard = { homepage-dashboard = {
enable = true; enable = true;
listenPort = lib.toInt port; listenPort = port;
allowedHosts = "homepage-dashboard.fi33.buzz"; allowedHosts = hostname;
services = [ services = [
# keep-sorted start block=yes
{ {
"Cloud Services" = [ "Public Services" = [
{ {
"copyparty" = { CryptPad = {
"description" = "Cloud file manager"; description = "Collaborative office suite";
"icon" = "sh-copyparty.svg"; icon = "cryptpad.svg";
"href" = "https://copyparty.fi33.buzz/"; href = "https://cryptpad.fi33.buzz/";
siteMonitor = "https://cryptpad.fi33.buzz/";
}; };
} }
{ {
"CouchDB" = { LibreTranslate = {
"description" = "Obsidian sync database"; description = "Machine Translation API";
"icon" = "couchdb.svg"; icon = "libretranslate.svg";
"href" = "https://couchdb.fi33.buzz/_utils/"; href = "https://translate.fi33.buzz/";
siteMonitor = "https://translate.fi33.buzz/";
}; };
} }
{ {
"ntfy" = { Send = {
"description" = "Notification service"; description = "Simple, private file sharing";
"icon" = "ntfy.svg"; icon = "send.svg";
"href" = "https://ntfy-sh.fi33.buzz/"; href = "https://send.fi33.buzz/";
}; siteMonitor = "https://send.fi33.buzz/";
}
{
"Syncthing" = {
"description" = "Decentralised file synchronisation";
"icon" = "syncthing.svg";
"href" = "https://syncthing.fi33.buzz/";
};
}
{
"qBittorrent" = {
"description" = "BitTorrent client";
"icon" = "qbittorrent.svg";
"href" = "https://qbittorrent.fi33.buzz/";
};
}
{
"Vaultwarden" = {
"description" = "Password manager";
"icon" = "vaultwarden.svg";
"href" = "https://vaultwarden.fi33.buzz/";
}; };
} }
]; ];
@ -91,173 +80,330 @@ in
{ {
"Media Management" = [ "Media Management" = [
{ {
"Lidarr" = { Radarr = {
"description" = "Music collection manager"; description = "Movie organizer/manager";
"icon" = "lidarr.svg"; icon = "radarr.svg";
"href" = "https://lidarr.fi33.buzz/"; href = "https://movies.fi33.buzz/";
"widget" = { siteMonitor = "https://movies.fi33.buzz/";
"type" = "lidarr"; widget = {
"url" = "https://lidarr.fi33.buzz/"; type = "radarr";
"key" = "@lidarr@"; url = "https://movies.fi33.buzz/";
"enableQueue" = true; key = "@radarr@";
enableQueue = true;
}; };
}; };
} }
{ {
"Prowlarr" = { Sonarr = {
"description" = "Indexer management tool"; description = "Smart PVR";
"icon" = "prowlarr.svg"; icon = "sonarr.svg";
"href" = "https://prowlarr.fi33.buzz/"; href = "https://shows.fi33.buzz/";
"widget" = { siteMonitor = "https://shows.fi33.buzz/";
"type" = "prowlarr"; widget = {
"url" = "https://prowlarr.fi33.buzz/"; type = "sonarr";
"key" = "@prowlarr@"; url = "https://shows.fi33.buzz/";
key = "@sonarr@";
enableQueue = true;
}; };
}; };
} }
{ {
"Radarr" = { Lidarr = {
"description" = "Movie collection manager"; description = "Like Sonarr but made for music";
"icon" = "radarr.svg"; icon = "lidarr.svg";
"href" = "https://radarr.fi33.buzz/"; href = "https://music.fi33.buzz/";
"widget" = { siteMonitor = "https://music.fi33.buzz/";
"type" = "radarr"; widget = {
"url" = "https://radarr.fi33.buzz/"; type = "lidarr";
"key" = "@radarr@"; url = "https://music.fi33.buzz/";
"enableQueue" = true; key = "@lidarr@";
enableQueue = true;
}; };
}; };
} }
{ {
"Sonarr" = { Readarr = {
"description" = "TV show collection manager"; description = "Book Manager and Automation";
"icon" = "sonarr.svg"; icon = "readarr.svg";
"href" = "https://sonarr.fi33.buzz/"; href = "https://books.fi33.buzz/";
"widget" = { siteMonitor = "https://books.fi33.buzz/";
"type" = "sonarr"; widget = {
"url" = "https://sonarr.fi33.buzz/"; type = "readarr";
"key" = "@sonarr@"; url = "https://books.fi33.buzz/";
"enableQueue" = true; key = "@readarr@";
enableQueue = true;
}; };
}; };
} }
{
Bazarr = {
description = "Subtitle manager and downloader";
icon = "bazarr.svg";
href = "https://subtitles.fi33.buzz/";
siteMonitor = "https://subtitles.fi33.buzz/";
widget = {
type = "bazarr";
url = "https://subtitles.fi33.buzz/";
key = "@subtitles@";
};
};
}
{
Prowlarr = {
description = "Indexer manager/proxy";
icon = "prowlarr.svg";
href = "https://prowlarr.fi33.buzz/";
siteMonitor = "https://prowlarr.fi33.buzz/";
widget = {
type = "prowlarr";
url = "https://prowlarr.fi33.buzz/";
key = "@prowlarr@";
};
};
}
{
NZBget = {
description = "Usenet Downloader";
icon = "nzbget.svg";
href = "https://usenet.fi33.buzz/";
siteMonitor = "https://usenet.fi33.buzz/";
widget = {
type = "nzbget";
url = "https://usenet.fi33.buzz/";
username = "nzbget";
password = "@nzbget@";
};
};
}
{
qBittorrent = {
description = "BitTorrent client";
icon = "qbittorrent.svg";
href = "https://bittorrent.fi33.buzz/";
siteMonitor = "https://bittorrent.fi33.buzz/";
};
}
];
}
{
"Private Services" = [
{
copyparty = {
description = "Portable file server";
icon = "sh-copyparty.svg";
href = "https://files.fi33.buzz/";
siteMonitor = "https://files.fi33.buzz/";
};
}
{
CouchDB = {
description = "Syncing database";
icon = "couchdb.svg";
href = "https://couchdb.fi33.buzz/_utils/";
siteMonitor = "https://couchdb.fi33.buzz/_utils/";
};
}
{
Mealie = {
description = "Recipe manager and meal planner";
icon = "mealie.svg";
href = "https://mealie.fi33.buzz/";
siteMonitor = "https://mealie.fi33.buzz/";
widget = {
type = "mealie";
url = "https://mealie.fi33.buzz/";
version = 2;
key = "@mealie@";
};
};
}
{
ntfy = {
description = "Send push notifications using PUT/POST";
icon = "ntfy.svg";
href = "https://notify.fi33.buzz/";
siteMonitor = "https://notify.fi33.buzz/";
};
}
{
Radicale = {
description = "A simple CalDAV (calendar) and CardDAV (contact) server";
icon = "radicale.svg";
href = "https://caldav.fi33.buzz";
siteMonitor = "https://caldav.fi33.buzz";
};
}
{
Syncthing = {
description = "Open Source Continuous File Synchronization";
icon = "syncthing.svg";
href = "https://sync.fi33.buzz/";
siteMonitor = "https://sync.fi33.buzz/";
};
}
{
Vaultwarden = {
description = "Unofficial Bitwarden compatible server";
icon = "vaultwarden.svg";
href = "https://vault.fi33.buzz/";
siteMonitor = "https://vault.fi33.buzz/";
};
}
]; ];
} }
{ {
"Media Streaming" = [ "Media Streaming" = [
{ {
"Immich" = { Immich = {
"description" = "Photo backup"; description = "Photo and video management solution";
"icon" = "immich.svg"; icon = "immich.svg";
"href" = "https://immich.fi33.buzz/"; href = "https://photos.fi33.buzz/";
"widget" = { siteMonitor = "https://photos.fi33.buzz/";
"type" = "immich"; widget = {
"fields" = [ type = "immich";
fields = [
"users" "users"
"photos" "photos"
"videos" "videos"
"storage" "storage"
]; ];
"url" = "https://immich.fi33.buzz/"; url = "https://photos.fi33.buzz/";
"version" = 2; version = 2;
"key" = "@immich@"; key = "@immich@";
}; };
}; };
} }
{ {
"Jellyfin" = { Jellyfin = {
"description" = "Media streaming"; description = "Media System";
"icon" = "jellyfin.svg"; icon = "jellyfin.svg";
"href" = "https://jellyfin.fi33.buzz/"; href = "https://media.fi33.buzz/";
"widget" = { siteMonitor = "https://media.fi33.buzz/";
"type" = "jellyfin"; widget = {
"url" = "https://jellyfin.fi33.buzz/"; type = "jellyfin";
"key" = "@jellyfin@"; url = "https://media.fi33.buzz/";
"enableBlocks" = true; key = "@jellyfin@";
"enableNowPlaying" = true; enableBlocks = true;
"enableUser" = true; enableNowPlaying = true;
"showEpisodeNumber" = true; enableUser = true;
"expandOneStreamToTwoRows" = false; showEpisodeNumber = true;
expandOneStreamToTwoRows = false;
}; };
}; };
} }
{ {
"Miniflux" = { Kavita = {
"description" = "RSS aggregator"; description = "Reading server";
"icon" = "miniflux.svg"; icon = "kavita.svg";
"href" = "https://miniflux.fi33.buzz/"; href = "https://library.fi33.buzz/";
"widget" = { siteMonitor = "https://library.fi33.buzz/";
"type" = "miniflux"; widget = {
"url" = "https://miniflux.fi33.buzz/"; type = "kavita";
"key" = "@miniflux@"; url = "https://library.fi33.buzz/";
key = "@kavita-api@";
}; };
}; };
} }
{ {
"Paperless" = { Miniflux = {
"description" = "Digital filing cabinet"; description = "Feed reader";
"icon" = "paperless.svg"; icon = "miniflux.svg";
"href" = "https://paperless.fi33.buzz/"; href = "https://feeds.fi33.buzz/";
"widget" = { siteMonitor = "https://feeds.fi33.buzz/";
"type" = "paperlessngx"; widget = {
"url" = "https://paperless.fi33.buzz/"; type = "miniflux";
"username" = "admin"; url = "https://feeds.fi33.buzz/";
"password" = "@paperless@"; key = "@miniflux@";
};
};
}
{
Paperless = {
description = "Document management system";
icon = "paperless.svg";
href = "https://documents.fi33.buzz/";
siteMonitor = "https://documents.fi33.buzz/";
widget = {
type = "paperlessngx";
url = "https://documents.fi33.buzz/";
username = "admin";
password = "@paperless@";
}; };
}; };
} }
]; ];
} }
{ {
"Utilities" = [ Utilities = [
{ {
"NanoKVM" = { Gatus = {
"description" = "Remote KVM switch"; description = "Status page";
"icon" = "mdi-console.svg"; icon = "gatus.svg";
"href" = "http://nano-kvm/"; href = "https://status.fi33.buzz/";
siteMonitor = "https://status.fi33.buzz/";
widget = {
type = "gatus";
url = "https://status.fi33.buzz/";
};
};
}
{
NanoKVM = {
description = "Remote KVM switch";
icon = "mdi-console.svg";
href = "http://nano-kvm/";
}; };
} }
]; ];
} }
# keep-sorted end
]; ];
settings = { settings = {
title = "Mission Control"; title = "Mission Control";
theme = "dark"; theme = "dark";
color = "neutral"; color = "neutral";
headerStyle = "clean"; headerStyle = "clean";
hideVersion = true;
layout = [ layout = [
{
"Public Services" = {
style = "row";
columns = 3;
useEqualHeights = true;
};
}
{
"Private Services" = {
style = "row";
columns = 3;
useEqualHeights = true;
};
}
{ {
"Media Streaming" = { "Media Streaming" = {
style = "row"; style = "row";
columns = 4; columns = 3;
useEqualHeights = true; useEqualHeights = true;
}; };
} }
{ {
"Media Management" = { "Media Management" = {
style = "row"; style = "row";
columns = 4; columns = 3;
useEqualHeights = true; useEqualHeights = true;
}; };
} }
{ {
"Cloud Services" = { Utilities = {
style = "row";
columns = 3;
};
}
{
"Utilities" = {
style = "row"; style = "row";
columns = 3; columns = 3;
useEqualHeights = true;
initiallyCollapsed = true;
}; };
} }
]; ];
quicklaunch.searchDescriptions = true; quicklaunch.searchDescriptions = true;
disableUpdateCheck = true; disableUpdateCheck = true;
showStats = true; showStats = true;
statusStyle = "dot";
}; };
widgets = [ widgets = [
{ {
@ -277,7 +423,7 @@ in
memory = true; memory = true;
disk = [ disk = [
"/" "/"
"/backup" "/mnt/external"
]; ];
cputemp = true; cputemp = true;
tempmin = 0; tempmin = 0;
@ -290,11 +436,27 @@ in
]; ];
}; };
nginx.virtualHosts."homepage-dashboard.fi33.buzz" = { gatus.settings.endpoints = [
forceSSL = true; {
useACMEHost = "fi33.buzz"; name = "Homepage Dashboard";
locations."/".proxyPass = "http://localhost:${port}"; group = "Utilities";
}; inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
# secrets # secrets

44
modules/nixos/features/immich.nix
View file

@ -1,37 +1,37 @@
{
lib,
...
}:
let let
port = "2283"; port = 2283;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "photos.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
immich = { immich = {
enable = true; enable = true;
port = lib.toInt "${port}"; inherit port;
mediaLocation = "/srv/immich"; mediaLocation = "/srv/immich";
}; };
borgmatic.settings.postgresql_databases = [ gatus.settings.endpoints = [
{ {
name = "immich"; name = "Immich";
hostname = "localhost"; group = "Media Streaming";
username = "root"; inherit url;
password = "{credential systemd borgmatic-pg}"; interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
} }
]; ];
nginx = { caddy.virtualHosts.${hostname}.extraConfig = ''
clientMaxBodySize = "50000M"; reverse_proxy localhost:${toString port}
virtualHosts."immich.fi33.buzz" = { tls ${certloc}/cert.pem ${certloc}/key.pem {
forceSSL = true; protocols tls1.3
useACMEHost = "fi33.buzz"; }
locations."/" = { '';
proxyPass = "http://[::1]:${port}";
proxyWebsockets = true;
};
};
};
}; };
} }

33
modules/nixos/features/jellyfin.nix
View file

@ -1,19 +1,38 @@
let let
port = "8096"; port = 8096;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "media.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
jellyfin = { jellyfin = {
enable = true; enable = true;
dataDir = "/srv/jellyfin"; dataDir = "/srv/jellyfin";
group = "media"; group = "srv";
}; };
nginx.virtualHosts."jellyfin.fi33.buzz" = { gatus.settings.endpoints = [
forceSSL = true; {
useACMEHost = "fi33.buzz"; name = "Jellyfin";
locations."/".proxyPass = "http://localhost:${port}"; group = "Media Streaming";
}; inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
# use intel iGP # use intel iGP

22
modules/nixos/features/karakeep.nix Normal file
View file

@ -0,0 +1,22 @@
let
port = 5014;
certloc = "/var/lib/acme/fi33.buzz";
in
{
services = {
karakeep = {
enable = true;
extraEnvironment = {
PORT = toString port;
DISABLE_NEW_RELEASE_CHECK = "true";
};
};
caddy.virtualHosts."karakeep.fi33.buzz".extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

44
modules/nixos/features/kavita.nix Normal file
View file

@ -0,0 +1,44 @@
{
config,
...
}:
let
port = 5015;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "library.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
kavita = {
enable = true;
dataDir = "/srv/kavita";
settings.Port = port;
tokenKeyFile = config.age.secrets.kavita.path;
};
gatus.settings.endpoints = [
{
name = "Kavita";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
age.secrets.kavita.file = ../../../secrets/kavita.age;
}

37
modules/nixos/features/libretranslate.nix Normal file
View file

@ -0,0 +1,37 @@
let
port = 5023;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "translate.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
libretranslate = {
enable = true;
inherit port;
updateModels = true;
};
gatus.settings.endpoints = [
{
name = "LibreTranslate";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

41
modules/nixos/features/lidarr.nix
View file

@ -1,23 +1,40 @@
{
lib,
...
}:
let let
port = "5012"; port = 5012;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "music.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
lidarr = { lidarr = {
enable = true; enable = true;
dataDir = "/srv/lidarr"; dataDir = "/srv/lidarr";
settings.server.port = lib.toInt port; settings.server = {
group = "media"; inherit port;
};
group = "srv";
}; };
nginx.virtualHosts."lidarr.fi33.buzz" = { gatus.settings.endpoints = [
forceSSL = true; {
useACMEHost = "fi33.buzz"; name = "Lidarr";
locations."/".proxyPass = "http://localhost:${port}"; group = "Media Management";
}; inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

46
modules/nixos/features/llm.nix Normal file
View file

@ -0,0 +1,46 @@
{
pkgs,
...
}:
{
environment.systemPackages = [ pkgs.ollama-rocm ];
services = {
open-webui.enable = true;
ollama = {
enable = true;
package = pkgs.ollama-rocm;
loadModels = [
# small
# keep-sorted start
"deepseek-r1:1.5b"
"gemma3:1b"
"gemma3:270m"
"gemma3:4b"
"llama3.2:1b"
"llama3.2:3b"
"ministral-3:3b"
"qwen3:0.6b"
"qwen3:1.7b"
"qwen3:4b"
# keep-sorted end
# medium
# keep-sorted start
"deepseek-r1:7b"
"deepseek-r1:8b"
"llama3.1:8b"
"ministral-3:8b"
"qwen3:8b"
# keep-sorted end
# large
# keep-sorted start
"deepseek-r1:14b"
"gemma3:12b"
"ministral-3:14b"
"qwen3:14b"
# keep-sorted end
];
};
};
}

5
modules/nixos/features/localisation.nix
View file

@ -1,10 +1,11 @@
{ {
i18n = { i18n = {
defaultLocale = "en_AU.UTF-8"; defaultLocale = "en_AU.UTF-8";
supportedLocales = [ extraLocales = [
"en_GB.UTF-8/UTF-8"
"en_US.UTF-8/UTF-8" "en_US.UTF-8/UTF-8"
"en_AU.UTF-8/UTF-8"
]; ];
extraLocaleSettings.LC_ALL = "en_GB.UTF-8";
}; };
time.timeZone = "Australia/Melbourne"; time.timeZone = "Australia/Melbourne";

53
modules/nixos/features/mealie.nix Normal file
View file

@ -0,0 +1,53 @@
{
pkgs,
...
}:
let
port = 5026;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "mealie.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
mealie = {
enable = true;
inherit port;
settings = {
TZ = "Australia/Melbourne";
ALLOW_SIGNUP = "false";
};
};
gatus.settings.endpoints = [
{
name = "Mealie";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
borgbackup.jobs = {
onsite = {
paths = [ "/var/lib/mealie" ];
};
offsite = {
paths = [ "/var/lib/mealie" ];
};
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

36
modules/nixos/features/miniflux.nix
View file

@ -3,7 +3,10 @@
... ...
}: }:
let let
port = "5010"; port = 5010;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "feeds.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -11,25 +14,32 @@ in
enable = true; enable = true;
adminCredentialsFile = config.age.secrets.miniflux-creds.path; adminCredentialsFile = config.age.secrets.miniflux-creds.path;
config = { config = {
BASE_URL = "https://miniflux.fi33.buzz"; BASE_URL = url;
LISTEN_ADDR = "localhost:${port}"; LISTEN_ADDR = "localhost:${toString port}";
}; };
}; };
borgmatic.settings.postgresql_databases = [ gatus.settings.endpoints = [
{ {
name = "miniflux"; name = "Miniflux";
hostname = "localhost"; group = "Media Streaming";
username = "root"; inherit url;
password = "{credential systemd borgmatic-pg}"; interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
} }
]; ];
nginx.virtualHosts."miniflux.fi33.buzz" = { caddy.virtualHosts.${hostname}.extraConfig = ''
forceSSL = true; reverse_proxy localhost:${toString port}
useACMEHost = "fi33.buzz"; tls ${certloc}/cert.pem ${certloc}/key.pem {
locations."/".proxyPass = "http://localhost:${port}"; protocols tls1.3
}; }
'';
}; };
age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age; age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age;

9
modules/nixos/features/nixvim.nix
View file

@ -20,16 +20,21 @@
}; };
diagnostic.settings.virtual_lines = true; diagnostic.settings.virtual_lines = true;
opts = { opts = {
# keep-sorted start
autoindent = true; autoindent = true;
colorcolumn = "80";
expandtab = true; expandtab = true;
number = true; number = true;
relativenumber = true; relativenumber = true;
shiftwidth = 2; shiftwidth = 2;
# get suggestions by typing z=
spell = true;
spelllang = "en_au";
tabstop = 2; tabstop = 2;
colorcolumn = "80"; # keep-sorted end
}; };
plugins = { plugins = {
# autoclose brackets # auto close brackets
autoclose.enable = true; autoclose.enable = true;
# completion window # completion window

55
modules/nixos/features/ntfy-sh.nix
View file

@ -1,24 +1,59 @@
{
config,
...
}:
let let
port = "5002"; port = 5002;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "notify.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
ntfy-sh = { ntfy-sh = {
enable = true; enable = true;
environmentFile = config.age.secrets.ntfy.path;
settings = { settings = {
base-url = "https://ntfy-sh.fi33.buzz"; base-url = url;
listen-http = ":${port}"; listen-http = ":${toString port}";
behind-proxy = true; behind-proxy = true;
auth-default-access = "deny-all";
auth-users = [
"Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin"
"gatus:$2a$12$OswG3sB8oDaB.KpawKM3P.78dID.Tj/0y5qeVD5BE6EH5bpGKe.na:user"
];
auth-access = [
"gatus:services:wo"
];
}; };
}; };
nginx.virtualHosts."ntfy-sh.fi33.buzz" = { gatus.settings.endpoints = [
forceSSL = true; {
useACMEHost = "fi33.buzz"; name = "ntfy";
locations."/" = { group = "Private Services";
proxyPass = "http://localhost:${port}"; inherit url;
proxyWebsockets = true; interval = "5m";
}; conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
borgbackup.jobs = {
onsite.paths = [ "/var/lib/ntfy-sh" ];
offsite.paths = [ "/var/lib/ntfy-sh" ];
}; };
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
age.secrets.ntfy.file = ../../../secrets/ntfy.age;
} }

46
modules/nixos/features/nzbget.nix Normal file
View file

@ -0,0 +1,46 @@
{
pkgs,
...
}:
let
port = 5018;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "usenet.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
nzbget = {
enable = true;
settings = {
MainDir = "/srv/nzbget";
ControlPort = port;
};
group = "srv";
};
gatus.settings.endpoints = [
{
name = "NZBget";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 401"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
environment.systemPackages = with pkgs; [ unrar ];
}

32
modules/nixos/features/owntracks-frontend.nix
View file

@ -1,32 +0,0 @@
{
stdenv,
writeText,
fetchzip,
}:
stdenv.mkDerivation {
pname = "owntracks-frontend";
version = "v2.15.3";
src = fetchzip {
url = "https://github.com/owntracks/frontend/releases/download/v2.15.3/v2.15.3-dist.zip";
sha256 = "iy+yISPcOD/2lTyJUb1eI3wufLku1mKfVDm0+Dy8OKk=";
};
config = writeText "config.js" ''
window.owntracks = window.owntracks || {};
window.owntracks.config = {
api: {
baseUrl: "https://owntracks.fi33.buzz:5014"
},
router: {
basePath: "owntracks"
}
};
'';
installPhase = ''
runHook preInstall
cp -r . $out
cp $config $out/config/config.js
runHook postInstall
'';
}

41
modules/nixos/features/owntracks.nix
View file

@ -1,41 +0,0 @@
{
pkgs,
...
}:
let
host = "owntracks.fi33.buzz";
port = "5014";
in
{
systemd.services.owntracks = {
enable = true;
description = "owntracks recorder";
serviceConfig = {
ExecStart = ''
${pkgs.owntracks-recorder}/bin/ot-recorder \
--storage /var/lib/owntracks/recorder/store \
--port 0
--http-port ${port}
--http-host https://${host}
'';
DynamicUser = true;
StateDirectory = "owntracks";
Restart = "always";
};
wantedBy = [ "multi-user.target" ];
};
services = {
# borgbackup.jobs = owntracks { };
nginx.virtualHosts.${host} =
let
owntracks-frontend = pkgs.callPackage ./owntracks-frontend.nix;
in
{
forceSSL = true;
useACMEHost = "fi33.buzz";
root = "/var/www/html";
locations."/owntracks/".alias = "${owntracks-frontend}";
};
};
}

45
modules/nixos/features/paperless.nix
View file

@ -1,10 +1,12 @@
{ {
config, config,
lib,
... ...
}: }:
let let
port = "5013"; port = 5013;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "documents.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -13,28 +15,33 @@ in
dataDir = "/srv/paperless"; dataDir = "/srv/paperless";
database.createLocally = true; database.createLocally = true;
passwordFile = config.age.secrets.paperless.path; passwordFile = config.age.secrets.paperless.path;
port = lib.toInt port; inherit port;
settings = { settings = {
PAPERLESS_URL = "https://paperless.fi33.buzz"; PAPERLESS_URL = url;
}; };
}; };
borgmatic.settings = { gatus.settings.endpoints = [
postgresql_databases = [ {
{ name = "Paperless";
name = "paperless"; group = "Media Streaming";
hostname = "localhost"; inherit url;
username = "root"; interval = "5m";
password = "{credential systemd borgmatic-pg}"; conditions = [
} "[STATUS] == 200"
]; "[CONNECTED] == true"
}; "[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
nginx.virtualHosts."paperless.fi33.buzz" = { caddy.virtualHosts.${hostname}.extraConfig = ''
forceSSL = true; reverse_proxy localhost:${toString port}
useACMEHost = "fi33.buzz"; tls ${certloc}/cert.pem ${certloc}/key.pem {
locations."/".proxyPass = "http://localhost:${port}"; protocols tls1.3
}; }
'';
}; };
age.secrets."paperless" = { age.secrets."paperless" = {

52
modules/nixos/features/prowlarr.nix
View file

@ -1,27 +1,51 @@
{ {
lib, pkgs,
... ...
}: }:
let let
port = "5009"; port = 5009;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "prowlarr.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
prowlarr = { prowlarr = {
enable = true; enable = true;
dataDir = "/srv/prowlarr"; settings.server = {
settings.server.port = lib.toInt port; inherit port;
};
nginx = {
virtualHosts."prowlarr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/" = {
proxyPass = "http://localhost:${port}";
# proxyWebsockets = true;
};
}; };
}; };
gatus.settings.endpoints = [
{
name = "Prowlarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
borgbackup.jobs = {
onsite = {
paths = [ "/var/lib/prowlarr" ];
};
offsite = {
paths = [ "/var/lib/prowlarr" ];
};
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

41
modules/nixos/features/qbittorrent.nix
View file

@ -1,28 +1,41 @@
{
lib,
...
}:
let let
port = "5005"; port = 5005;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "bittorrent.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
qbittorrent = { qbittorrent = {
enable = true; enable = true;
webuiPort = lib.toInt port; webuiPort = port;
profileDir = "/srv"; profileDir = "/srv";
group = "media"; group = "srv";
extraArgs = [ extraArgs = [
"--confirm-legal-notice" "--confirm-legal-notice"
]; ];
}; };
nginx.virtualHosts."qbittorrent.fi33.buzz" = { gatus.settings.endpoints = [
forceSSL = true; {
useACMEHost = "fi33.buzz"; name = "qBittorrent";
locations."/".proxyPass = "http://localhost:${port}"; group = "Media Management";
}; inherit url;
}; interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
users.users.qbittorrent.extraGroups = [ "media" ]; caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
} }

32
modules/nixos/features/qui.nix Normal file
View file

@ -0,0 +1,32 @@
{
# keep-sorted start
lib,
pkgs,
# keep-sorted end
...
}:
let
port = 5019;
certloc = "/var/lib/acme/fi33.buzz";
in
{
environment.systemPackages = [ pkgs.qui ];
systemd.user.services.qui = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${lib.getExe pkgs.qui} serve";
environment = {
QUI__PORT = toString port;
QUI__DATA_DIR = "/srv/qui";
};
};
services.caddy.virtualHosts."qui.fi33.buzz".extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}

41
modules/nixos/features/radarr.nix
View file

@ -1,23 +1,40 @@
{
lib,
...
}:
let let
port = "5007"; port = 5007;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "movies.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
radarr = { radarr = {
enable = true; enable = true;
dataDir = "/srv/radarr"; dataDir = "/srv/radarr";
settings.server.port = lib.toInt port; settings.server = {
group = "media"; inherit port;
};
group = "srv";
}; };
nginx.virtualHosts."radarr.fi33.buzz" = { gatus.settings.endpoints = [
forceSSL = true; {
useACMEHost = "fi33.buzz"; name = "Radarr";
locations."/".proxyPass = "http://localhost:${port}"; group = "Media Management";
}; inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

61
modules/nixos/features/radicale.nix Normal file
View file

@ -0,0 +1,61 @@
{
config,
...
}:
let
port = 5003;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "caldav.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
radicale = {
enable = true;
settings = {
server = {
hosts = [
"0.0.0.0:${toString port}"
"[::]:${toString port}"
];
};
auth = {
type = "htpasswd";
htpasswd_filename = config.age.secrets.radicale.path;
htpasswd_encryption = "plain";
};
storage = {
filesystem_folder = "/srv/radicale";
};
};
};
gatus.settings.endpoints = [
{
name = "Radicale";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
# secrets
age.secrets."radicale" = {
file = ../../../secrets/radicale.age;
owner = "radicale";
};
}

40
modules/nixos/features/readarr.nix Normal file
View file

@ -0,0 +1,40 @@
let
port = 5016;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "books.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
readarr = {
enable = true;
dataDir = "/srv/readarr";
settings.server = {
inherit port;
};
group = "srv";
};
gatus.settings.endpoints = [
{
name = "Readarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

45
modules/nixos/features/send.nix Normal file
View file

@ -0,0 +1,45 @@
let
port = 5020;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "send.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
send = {
enable = true;
inherit port;
baseUrl = url;
environment = {
DEFAULT_EXPIRE_SECONDS = 360;
EXPIRE_TIMES_SECONDS = "360";
DOWNLOAD_COUNTS = "1";
MAX_DOWNLOADS = 1;
MAX_EXPIRE_SECONDS = 1024;
MAX_FILE_SIZE = 134217728;
};
};
gatus.settings.endpoints = [
{
name = "Send";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

41
modules/nixos/features/sonarr.nix
View file

@ -1,23 +1,40 @@
{
lib,
...
}:
let let
port = "5006"; port = 5006;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "shows.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
sonarr = { sonarr = {
enable = true; enable = true;
dataDir = "/srv/sonarr"; dataDir = "/srv/sonarr";
settings.server.port = lib.toInt port; settings.server = {
group = "media"; inherit port;
};
group = "srv";
}; };
nginx.virtualHosts."sonarr.fi33.buzz" = { gatus.settings.endpoints = [
forceSSL = true; {
useACMEHost = "fi33.buzz"; name = "Sonarr";
locations."/".proxyPass = "http://localhost:${port}"; group = "Media Management";
}; inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

23
modules/nixos/features/star-citizen.nix Normal file
View file

@ -0,0 +1,23 @@
{
# keep-sorted start
inputs,
system,
# keep-sorted end
...
}:
{
nix.settings = {
substituters = [ "https://nix-citizen.cachix.org" ];
trusted-public-keys = [ "nix-citizen.cachix.org-1:lPMkWc2X8XD4/7YPEEwXKKBg+SVbYTVrAaLA2wQTKCo=" ];
};
environment.systemPackages = [
inputs.nix-citizen.packages.${system}.rsi-launcher
];
zramSwap = {
enable = true;
memoryPercent = 100;
writebackDevice = "/dev/sda1";
};
}

49
modules/nixos/features/syncthing.nix
View file

@ -4,7 +4,7 @@
... ...
}: }:
let let
port = "5008"; port = 5008;
devicesList = [ devicesList = [
# keep-sorted start block=yes # keep-sorted start block=yes
{ {
@ -13,11 +13,11 @@ let
} }
{ {
device = "laptop"; device = "laptop";
id = "XDDGWB2-5OFYWSY-7LN652V-3WNQMWV-4WCVHCR-2EXLDW7-FUL2MC4-MMLO4QV"; id = "CTU345T-27VU5KK-HXLPSMO-H6C47TL-XZG3BVU-AZF7HSX-FCQHAMA-QOA3CAT";
} }
{ {
device = "phone"; device = "phone";
id = "DF56S5M-2EDKAML-LZBB35J-MNNK7UE-WAYE2QW-EKUGKXN-U5JW3RX-S3FUGA4"; id = "KAZ3SOB-SSJHY33-6JF64KW-VF3CPSP-565565I-YXOJHU6-E273VR5-CKQFNQ6";
} }
{ {
device = "server"; device = "server";
@ -40,12 +40,15 @@ let
} }
) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList) ) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList)
); );
certloc = "/var/lib/acme/fi33.buzz";
hostname = "sync.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
syncthing = { syncthing = {
enable = true; enable = true;
guiAddress = "0.0.0.0:${port}"; guiAddress = "0.0.0.0:${toString port}";
openDefaultPorts = true; openDefaultPorts = true;
user = "${userName}"; user = "${userName}";
dataDir = "/home/${userName}"; dataDir = "/home/${userName}";
@ -55,21 +58,41 @@ in
}; };
}; };
borgmatic.settings = gatus.settings.endpoints = [
{
name = "Syncthing";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
borgbackup.jobs =
if userName == "srv" then if userName == "srv" then
{ {
source_directories = [ onsite.paths = [
"/home/srv/.config/syncthing" "/home/srv/.config/syncthing"
"/home/srv/Sync" "/home/srv/Sync/"
];
offsite.paths = [
"/home/srv/.config/syncthing"
"/home/srv/Sync/"
]; ];
} }
else else
null; { };
nginx.virtualHosts."syncthing.fi33.buzz" = { caddy.virtualHosts.${hostname}.extraConfig = ''
forceSSL = true; reverse_proxy http://localhost:${toString port}
useACMEHost = "fi33.buzz"; tls ${certloc}/cert.pem ${certloc}/key.pem {
locations."/".proxyPass = "http://localhost:${port}"; protocols tls1.3
}; }
'';
}; };
} }

2
modules/nixos/features/tailscale.nix
View file

@ -5,6 +5,4 @@
"--accept-dns=true" "--accept-dns=true"
]; ];
}; };
networking.firewall.trustedInterfaces = [ "tailscale0" ];
} }

60
modules/nixos/features/upbank2firefly.nix Normal file
View file

@ -0,0 +1,60 @@
{
config,
pkgs,
...
}:
let
port = 5021;
certloc = "/var/lib/acme/fi33.buzz";
in
{
virtualisation.oci-containers = {
backend = "docker";
containers.upbank2firefly = {
extraOptions = [
"--network=host"
];
image = "compose2nix/upbank2firefly";
environment = {
FIREFLY_BASEURL = "https://firefly.fi33.buzz";
TZ = "Australia/Melbourne";
};
environmentFiles = [ config.age.secrets.upbank2firefly.path ];
volumes = [
"/srv/upbank2firefly/app:/app:rw"
];
ports = [
"${toString port}:80/tcp"
];
};
};
systemd = {
services = {
"docker-build-upbank2firefly" = {
path = with pkgs; [
docker
git
];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
cd /srv/upbank2firefly
git pull
docker build -t compose2nix/upbank2firefly .
'';
};
};
};
services.caddy.virtualHosts."upbank2firefly.fi33.buzz".extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
age.secrets.upbank2firefly.file = ../../../secrets/upbank2firefly.age;
}

38
modules/nixos/features/vaultwarden.nix
View file

@ -3,7 +3,10 @@
... ...
}: }:
let let
port = "5001"; port = 5001;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "vault.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -11,8 +14,8 @@ in
enable = true; enable = true;
backupDir = "/srv/vaultwarden"; backupDir = "/srv/vaultwarden";
config = { config = {
rocketPort = "${port}"; rocketPort = toString port;
domain = "https://vaultwarden.fi33.buzz"; domain = url;
signupsAllowed = false; signupsAllowed = false;
invitationsAllowed = false; invitationsAllowed = false;
showPasswordHint = false; showPasswordHint = false;
@ -22,14 +25,27 @@ in
}; };
}; };
nginx.virtualHosts."vaultwarden.fi33.buzz" = { gatus.settings.endpoints = [
forceSSL = true; {
useACMEHost = "fi33.buzz"; name = "Vaultwarden";
locations."/" = { group = "Private Services";
proxyPass = "http://localhost:${port}"; inherit url;
proxyWebsockets = true; interval = "5m";
}; conditions = [
}; "[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
age.secrets."vaultwarden-admin" = { age.secrets."vaultwarden-admin" = {

34
modules/templates/web-feature.nix
View file

@ -1,5 +1,8 @@
let let
port = "port"; port = 0000;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "feature.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -7,12 +10,31 @@ in
enable = true; enable = true;
}; };
borgbackup.jobs = feature { }; gatus.settings.endpoints = [
{
name = "feature";
group = "";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
nginx.virtualHosts."feature.fi33.buzz" = { borgbackup.jobs = {
forceSSL = true; onsite.paths = [ "" ];
useACMEHost = "fi33.buzz"; offsite.paths = [ "" ];
locations."/".proxyPass = "http://localhost:${port}";
}; };
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

9
secrets/bazarr.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ sHlKSMDLuGOLY2qwoFCS2ZiC/903ChAP0wp4wJYksi8
jIzt2BvZy53dMdUSYBEa2QsWQ7yluk9ltdk4wrTkIbo
-> ssh-ed25519 7+xRyQ /JHmkqPhx/nJFhOxWu5nrX89NCBI/Bhyih81bIv2OR8
VJPt3EFgYWc6bYBSNNzLFnWBNVx7RYJaG/hNF2EswQ4
-> ssh-ed25519 LtK9yQ znUR+X5uu9wdKPdUBEOhs295e/zLAD8E49vZ0QEaL10
ADBASujra+DSzavY/m/gU3xgAzaSqlTh2txpzyyJIJQ
--- j21Ms0NWBwHJV1NPbIp19lSgCMkCHSUX3UwWjg43OLk
©[“Ù,´WM¨ÎÑ?¿&>“Ê„ Žä1ÛP<03> ˜Ä«Ñßí"oÍìKÞ“j¤hÊiÒª&UMïþ¤ÊPãÐr&

9
secrets/borgbackup-offsite.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ NuEGxxieL0H7mUFKft+fuH1jd0XFDf3xESLrVcb9GAg
KxJcj9P/+cr63TmqEIPwfykz07luqe9VLRLzs3CWx9Y
-> ssh-ed25519 NanIwQ HRHMV4jFn7vJVHd6gFqcOTA14VI6+QaITXMpZbeGoDg
aANuHXv4O1KKwPCClatphXgWDFnsCy/AoQJT0+D560o
-> ssh-ed25519 LtK9yQ NHLTdStEdoXSGKxoz4/gR+oT9bLq8wwz4XRHS2rd9Xo
lndB74KBkWrfNuZyuQufl35lQIPNqbppLfSZRerIDaA
--- dro8ECdWcFtleQv5nffX/Wh97w/FGXQZwSIjPE9WIX8
8…ƒÄRé#ÇÉç;ÒrpEÚ÷hȾW8-.ÿ é `OÎW¸']Úk§JdõC žÛï.ÿÆßT)Nø_ÅkqüëÕ_=Ï°ç

9
secrets/borgbackup-onsite.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ 3UW3CErZDv6UkjXJZldymqYmmJoQcbSjVX4IUX7KRn8
pnbegKpKiNW8QY9rD7pD1mrhOSdD+cxUxcNKtLM5uOQ
-> ssh-ed25519 NanIwQ qAl2RheS1lTOU60xeodc4/WvyzYRGiWR+55QvsVE5H0
j/UoLITpRpMF2t0J/Y0zL0kAgz5nJ02I/nwUp+pEowg
-> ssh-ed25519 LtK9yQ sbldK/F2u6MMgIR8F6c5ZFkMesq+GHKRmlqt3n6L2yw
GTSzhGfj+Shg+MQ3hde12pKi6zfeGNw6RXwSAoGyaak
--- 6WmdTjpwgwb6/1o06i5xtvnOQcvNztwpBmvH/9wYbmo
K®öò<EFBFBD>°^¼Ñ­þ¢Ubù|œ:m@*Þ±Žö<>ÚСg1ž>)±–Çã«ÚqëÐs,n{™ DdvÅöÉœÿEuH<j4Ëì

9
secrets/borgmatic-ntfy.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ GTuLiTsgOVunKC+DyalVPV3gKm3WiKoSIQXg/0ElJF8
UiOLJdTn4Q5oTkqAtZ6K0uxW+EsrpfA156uC1ncrIY0
-> ssh-ed25519 7+xRyQ k2ta2Gl7zCvHiv4DwzgRK5REDYayIoTfC32BF5yHxgg
n7sqfJ6fx/3VnQCD+H4n92ekGdoFCdk/SeXdSU8FZHc
-> ssh-ed25519 LtK9yQ BQ9U3//Lzx7dX+iDyP2lqx6K860kFTu/iB5uMAskKhA
xiV+QxL8ffx9n9gIUr5wwQ5zGvZlFsf2DclayQh8SJI
--- k06SInBOn82DqWfIf4t62pjAZ1R0uWAyQTi5ELDD/6U
 _$®T56"T­Hô;4}ù<M Á/Œ“ð8j¡³?H~Þ„Oó}…bGßj4tn ô2mçÁÈC R

9
secrets/borgmatic-pg.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ C3A3TKOyIWzbW8JupvhTmLKetnr+0uzkPq985NA0DCs
ahrHVR7WadjOfOXBWOqBAf9L0UdCNeD0Ynk6sKDF7WM
-> ssh-ed25519 7+xRyQ evZ6zSS3olbORnqiCnEAL68D1FNPgg2oBoJSaquLAAA
BYoo9AVOHsRsTbXkRQdS/7WN25vBuJOAb0YfnSY+hGQ
-> ssh-ed25519 LtK9yQ jLIdKPvVhPsRIJevWLmads3P2hM29c0B143OWoINzlY
ziCUQ1TtB6BUgbNZ/zFXoaOtpxyrbKobsTvXo/dSpSA
--- Q6JHS+5vuYLIqyIb6x3qCbIJvsjk2++ovL1zkVGs69o
<EFBFBD>ã쇽NM1±WBýy•M.ù²ø-Ø|GlºÈ]¡8Z,(5è±²P¶èè!ÿpmp¡¢°Eaû¤;<3B>Ôâ¿Ä(tq!ÊKÕU4×m

9
secrets/borgmatic.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ zfLZc8A30KjoMrhUSl4OgTp+Yg11fmVjDioxtIYMqDU
URhJwUCElaJcSd+k5wBQAXvdC/68ZcCA5WbHGAJTYfY
-> ssh-ed25519 7+xRyQ mrGrjW0fQIRNMDdw4Hoc9N/xAEm1P0IFukShfeVdKE8
yLUmj7LBfHQ/i4buBB57ktNUOnHpoC8NYTQUnK5e5y4
-> ssh-ed25519 LtK9yQ THjOsSIr/DQTulFlwd4r5DYb73VQ0vWgyDHkfJV3NR0
Dl8FwK1WciiEMs5MdrFcUIOFGmlbZf3APOWzLN6rkOE
--- 3mjYPT9APy0F5NNbbCIQhzZ0XjKBtB9YGGS3t37eoRU
ôT^væ—U‹§òÏ{™>[÷õ¦dhé§PC6þZ|é£ûýK|~lÝ<6C>bŒÀD¢ûÖÙt”΄¨ø]¨1P$ø10¨ ¿ïAý±$

0
secrets/copyparty-will.age → secrets/copyparty.age
View file

9
secrets/firefly-db.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ zL4NAxPigHwUnYz0KUoDXlzXJ3PtnxIYl81oLP3e40M
yricJ+r8OTXwGd0Bt4+CsW7/M8lOSha04i0Fb0QCHGo
-> ssh-ed25519 7+xRyQ 2UhHfwz3DvXT/bEDp8QrluyPa/po5CCB5rUKxBqfn2c
2pWexi7bU3UlOo9SKfw/9k/DJ535tsgPvZXAbLruL00
-> ssh-ed25519 LtK9yQ 8XOO4u1di+FedjGcaj/Fhna8Y+LRRPa9L4ShAx5dASA
F51SLqQEZ1LQAP2SgXphszVBhKaB+/OAVWEHr/thtFo
--- ovyL3oCODPSbd8Fe7KdS3sKCc+bjcj2y+6aS1qVqQsg
ン福 %隸>キカIOユ、<EFBE95>ナ7レ7ZFh、uサゥ<ァ4リ)シcメ啅ウZャ*UCk|エホxC覚噎 P

10
secrets/firefly.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ DhWZZ8fB3bwSaI88j9M5Ix/jCwoJWPUVmR56OwxJFUs
/pxA0PTShUGloixcyUoAW5cOKWAjD9M0byLAQUgnPvA
-> ssh-ed25519 7+xRyQ LrUQ5trcyyhcjK8IhGKVOAz6g7HjBI8t0m/snDiVMkE
hi0My/e0Enno50niPMKcy278Wr5z1sq3X1yJn7H8uBo
-> ssh-ed25519 LtK9yQ ke0bLtqFny2oUkCvtawPcHzPlyi2Lvi6WpZP2lDyelE
VFjTwnbTcayuruXVmVnfK97KcwB+luOoLU2x6Ug3HVM
--- NxMB9mtZ480lLRRmk0ne5BaL/tfF81Yr3wGBUvECGQY
ááÂH•¬öšH9‡…?†Üç<E2809A>  Á|½<>ؽ1þ³5¶Ái/éFl©G$E·à¿w
šÍ¾‘;ÒÍ߽ݤÃ$þÉóÿ}ê/¾[g]

10
secrets/gatus.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ 3vJV+PZ1IvwiFPplPEwXkaZK4y0QLxkvi/stzAV+HWg
3htQOBS3ph9+OXG2ZYtMyzErGtYRP1vzycua+vhPX+4
-> ssh-ed25519 NanIwQ 748IDG9uT6jMj0CSU3EeBqRd7lZ7NTJoUldo4FUfkFI
bYaXhcXjYgKqEaUeRZQhx9neK1pDVN3QbhblLOcGUg0
-> ssh-ed25519 LtK9yQ au/UGPL91M0sUzMeOKPOkltXWDPoWeCrUWrD2OIsJA0
thILTQH9hrcBYBbRSZaHMODAhCKWsqomDuEK4hcKAqM
--- UpA2kIfSBwfgMxjt2x61KFAiUaV3sHQ6Gp2R87cvnwo
*D2Ä7Êpƒ梔 °p·ï¥·Q
Fuf°ýïpÚ°4±ÉQ<C389>5ÀµËѨeÿéÓªã <0B>Þˆá;šê“z8ýi{@ÛÇ—›

BIN
secrets/git_signing_key.age Normal file
View file

Binary file not shown.

10
secrets/git_signing_key.pub.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ NMzN1Cll+cH5GgEQvCRpb8c1m7CDHWBtUZ5QNMluKkg
H77YBVoCAZerRyoG90h9W6PKZbpjNBl2mfsW3Eco27w
-> ssh-ed25519 7+xRyQ 67NFmrcLe9R5ni0HnvIiHcN0tlRVXpAiaVOQfIpqWzI
H7jbIgVXVl+lENksb4KUfASeIKPBI/FtHhhlQzhXwik
-> ssh-ed25519 LtK9yQ jvrWRlZF/H20QARL4lWWX0cDDoIK0Et5ZMxdsPJPXn0
g+ZaDYycq65tBEBFuDpSl1BKuCTmxCJuYqG8kSCtL9U
--- jZ2xp/oW3CgXPc8jriK53zTODB9lhDNZr8YfSYLAmio
íAûKwÕ;÷À2R
Ö¨†Ø<11>Øb—éSÓ'æÀ7/ˆ‘¾/ÎkXÿHÓ–ùÿªÉÝW†œƒ<°P p•HcÁTáúæG÷ÿÒ 'ŠFå¾…&Î!‹†(… ³=˜6 ŒŸ”HØ_ y <79>éËTlj­ªUbëó1

BIN
secrets/karakeep.age Normal file
View file

Binary file not shown.

BIN
secrets/kavita-api.age Normal file
View file

Binary file not shown.

BIN
secrets/kavita.age Normal file
View file

Binary file not shown.

BIN
secrets/mealie.age Normal file
View file

Binary file not shown.

9
secrets/ntfy.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ jySlchGAPxdkjpZzg+5BLH7O5yM+O5a9CleBVMqbck8
I5OEMjXJNrNKIBumXmiAMXRa1AZx0cKQ0BfM7HYCcRc
-> ssh-ed25519 NanIwQ 29upo2jTQF8Vz91yWmYCXnQW4LgYcvt1TcF/HLA5klA
eQla3EMQnRPzhd5MyDL3byPhIiio0rFFM+yesPLEtv8
-> ssh-ed25519 LtK9yQ Vx/lQ6M/wYa9483YpuCwwobNuIZjv/Sy9vl695H05BQ
qqUWRnrMYfflhcznrF2QKfODDa7vmz6Uy7fk1zSpbEE
--- xunznREPjjEVRWAmqI/4xKp/NrNk6C3B1Z+3Vjf2TL4
ˆÔm³{­œšïž¾²úz\ÀÂ,TºSS7T<0E>¤k«)úhçÙ—V—X´¶²€—¢0m»N?=ÓŸx TdÄY0²[)Û“SZš¸Ùñ:û><3E>FUÖ™~

9
secrets/nzbget.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ lEh3/6XbXaiVdCK5gEl/Vy5wIyeg4oD+1q9js0p/bG0
5O+ivgDvislMJbvE/bSRy6mF+ie6aGK6yAoc2TWlPOk
-> ssh-ed25519 7+xRyQ D03BRt3lUgEihDcJDFspP2RPt6WorIvGiRI1jnDT+gk
GuOES+KE5CUj733aSC+5wslfYRvCm27rvNnUDi/DiRE
-> ssh-ed25519 LtK9yQ K35hFXPZN4JhS9L8YfG+fwE2bbWLPc4r/rsQnxq68XM
GhWHGZzESMKKhQjCXT9yDHgpa/Y7eAxwi935lWts72A
--- wlbsANHwH3ah2YNlkaefazTv2zWsxE5kHCFOGcuSJQ0
|õ,K+êæíÂ% (Í"K" <1B>õð‰`Â"\:'xíÙlÜjuj¹U`T§«¸ÚžF;Z9M

16
secrets/prowlarr.age
View file

@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 LtK9yQ YVgPDwV8XS85LpMBbpgsXmoc2E0w2qopErn//kDHJzo -> ssh-ed25519 qLT+DQ k6AiMFgWygHRf2yPApcnQYDPaJx/Dp6BTq3+BdyBiyM
ZX3RIdYPxwOzpLddoGhi0aJ4H89hcpmlPgJuyTiYzlE 64MyfaTpMcAl8o9zkWXCoZQ5uy+7izd30A90LLiALTY
-> ssh-ed25519 qLT+DQ KQMInU5B/vVG4dr0DGAFk1Yf+LbnPkV7OqfiqRaNgzo -> ssh-ed25519 7+xRyQ YcPcsux5lCSDbV8hSCvhkI+1qnAmXcpd5FDmT7bMXk0
BeMLVvtSKSKIPplIorIJSBMciQj5GYF1ltGbUn8SsJA bbkjozzt/bL7j7uJTtgkklI/qJ11zYgQsYmZhFwGV+c
-> ssh-ed25519 7+xRyQ Cr+rUSSDpC5WLh/bvWKJkf2SWIcljLofx3ybcVcK0z4 -> ssh-ed25519 LtK9yQ Ol8eU/Pyb3gDCsIzE1zT8FNsTCGKZZc5zfX6lW/5+2w
kqabKTHxNxH9xfgShKTcleNXjBf/huoU+hH9tnOx5hg Gj0ssfpyQcy0vfVXgNXxzFzHGpPBOyfkR7UeRYina4A
--- J6RjAbLUNOKkb2UQyVjgTyrfyrIkDFMkQtXZypBDfWw --- +iLccZwqDkqDg2atoNRSuhEf3v3fyU6oda4vOw+BuKc
1£4ôÒ%6½œpÒ< («â$$to¨ÁI8Þý‰;ƒÜpZ°ìÍb8Þ3hf!¢mNס<C397> ¼c8UÐ &LÝóÓ:đ 9:"‰¤<>|©· d¸m9<6D>§ĂČvń1€ďy"ŇĂvOŰYüŞĎnx=ň4D

BIN
secrets/radicale.age
View file

Binary file not shown.

10
secrets/readarr.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ qeJ25W5TGvWY8xc1I5sjjtP/98nGqoRMIFk6xLIbmi8
RhUcEjz6mFp6uNVOpOgg6fPyL2cyrZH1ZWJTrax2xOE
-> ssh-ed25519 7+xRyQ jhJX/0+ZO+teoM2rUmdyFuI9V+tMe5kQaaHQFxwBGSU
fJmXSc/c3lth0cQgx8p/7G0WrnfgioSs8OcRa56B2s0
-> ssh-ed25519 LtK9yQ UH9T6lRLG0pi0P84B9Zs/22nCKAoOAwL6KAmj+536U4
h2DEqoPLgFqmVZOk/RhAIuifCexqt3ZFsIsCDm5KI3M
--- 6FY4tnGR8EIQyCWc3Xa3t8EqwcynoORmZqsp9zWUzZM
õ¡ˆÇ<6E>Æ]Z0ñŽ—råTƒªÞi:EÇE!<21>ð™ 
uB{4cüà£fùvÖÞŸÜKÌj^2/`<60>¼

19
secrets/secrets.nix
View file

@ -1,7 +1,7 @@
let let
# keep-sorted start # keep-sorted start
desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHAnTQP77HQ/8nbf1oX7xftfKYtbH6MSh83wic0qdBy"; desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHAnTQP77HQ/8nbf1oX7xftfKYtbH6MSh83wic0qdBy";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeu5HwuRayiXIZE35AxX6PmxHxbXZ8NTlTgHrcPwhcQ"; laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmM4LEjGPJbcUeG5363NpB3XJUyn/4B+eBCFzzuC/Td";
srv = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeV0NxqIGIXXgLYE6ntkHE4PARceZBp1FTI7kKLBbk8"; srv = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeV0NxqIGIXXgLYE6ntkHE4PARceZBp1FTI7kKLBbk8";
# keep-sorted end # keep-sorted end
@ -15,22 +15,31 @@ let
in in
{ {
# keep-sorted start # keep-sorted start
"borgmatic-pg.age".publicKeys = users; "borgbackup-offsite.age".publicKeys = users;
"borgmatic.age".publicKeys = users; "borgbackup-onsite.age".publicKeys = users;
"copyparty-will.age".publicKeys = users; "copyparty.age".publicKeys = users;
"gatus.age".publicKeys = users;
"git_signing_key.age".publicKeys = users;
"git_signing_key.pub.age".publicKeys = users;
"immich.age".publicKeys = users; "immich.age".publicKeys = users;
"jellyfin.age".publicKeys = users; "jellyfin.age".publicKeys = users;
"kavita-api.age".publicKeys = users;
"kavita.age".publicKeys = users;
"lidarr.age".publicKeys = users; "lidarr.age".publicKeys = users;
"mealie.age".publicKeys = users;
"miniflux-creds.age".publicKeys = users; "miniflux-creds.age".publicKeys = users;
"ntfy.age".publicKeys = users;
"nzbget.age".publicKeys = users;
"paperless.age".publicKeys = users; "paperless.age".publicKeys = users;
"porkbun-api.age".publicKeys = users; "porkbun-api.age".publicKeys = users;
"protonmail-cert.age".publicKeys = users; "protonmail-cert.age".publicKeys = users;
"protonmail-desktop-password.age".publicKeys = users; "protonmail-desktop-password.age".publicKeys = users;
"protonmail-laptop-password.age".publicKeys = users;
"prowlarr.age".publicKeys = users; "prowlarr.age".publicKeys = users;
"radarr.age".publicKeys = users; "radarr.age".publicKeys = users;
"radicale.age".publicKeys = users; "radicale.age".publicKeys = users;
"readarr.age".publicKeys = users;
"sonarr.age".publicKeys = users; "sonarr.age".publicKeys = users;
"subtitles.age".publicKeys = users;
"vaultwarden-admin.age".publicKeys = users; "vaultwarden-admin.age".publicKeys = users;
# keep-sorted end # keep-sorted end
} }

BIN
secrets/subtitles.age Normal file
View file

Binary file not shown.

BIN
secrets/upbank2firefly.age Normal file
View file

Binary file not shown.