will-holdsworth/dots
1
1
Fork 0
Code Issues 22 Pull requests Projects 1 Releases Packages Wiki Activity Actions 1

Compare commits

base: will-holdsworth:main
Branches Tags
will-holdsworth:main
will-holdsworth:100
will-holdsworth:update_flake_lock_action
will-holdsworth:71
will-holdsworth:enhancement/32
will-holdsworth:enhancement/6
..
compare: will-holdsworth:enhancement/32
Branches Tags
will-holdsworth:main
will-holdsworth:100
will-holdsworth:update_flake_lock_action
will-holdsworth:71
will-holdsworth:enhancement/32
will-holdsworth:enhancement/6

7 commits
main ... enhancemen

Author SHA1 Message Date
wi11-holdsworth
f0a4c6c3d5 Merge branch 'enhancement/32' of github.com:wi11-holdsworth/dots into enhancement/32 2025-10-22 18:09:00 +11:00
wi11-holdsworth
046f47b082 feat: install owntracks frontend 2025-10-22 18:08:53 +11:00
wi11-holdsworth
0b8a87e87c fix: pass port into owntracks-recorder config as a string, not an int 2025-10-22 18:08:53 +11:00
wi11-holdsworth
0a57515130 feat: install owntracks backend 2025-10-22 18:08:53 +11:00
wi11-holdsworth
0e059a51b3 feat: install owntracks frontend 2025-10-22 18:07:50 +11:00
wi11-holdsworth
cac7aedbba fix: pass port into owntracks-recorder config as a string, not an int 2025-10-22 18:07:43 +11:00
wi11-holdsworth
66787f06e7 feat: install owntracks backend 2025-10-22 17:46:28 +11:00
98 changed files with 654 additions and 2754 deletions
Download patch file Download diff file Expand all files Collapse all files

338
flake.lock generated
View file

@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1770165109, "lastModified": 1760836749,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -29,11 +29,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1772965444, "lastModified": 1760897985,
"narHash": "sha256-VjcI4CozsowxGkZBzxQ6LYe49e9T1qfT1BzNrnc96y0=", "narHash": "sha256-omBsQXwVWw+QmXo9T4Nazv2xcMEQ9VjB/61tnV3xKQQ=",
"owner": "9001", "owner": "9001",
"repo": "copyparty", "repo": "copyparty",
"rev": "981a7cd9dda0acedbc7f53b2c44adb241c38cb84", "rev": "547a7ab1cc7777f3452f441628339850511c8563",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -64,62 +64,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nix-citizen",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixvim", "nixvim",
@ -127,32 +72,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769996383, "lastModified": 1759362264,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -176,48 +100,21 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": { "flake-utils_2": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "systems": "systems_2"
"gitignore": "gitignore",
"nixpkgs": [
"nix-gaming",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1772893680, "lastModified": 1731533236,
"narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "cachix", "owner": "numtide",
"repo": "git-hooks.nix", "repo": "flake-utils",
"rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "cachix", "owner": "numtide",
"repo": "git-hooks.nix", "repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nix-gaming",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github" "type": "github"
} }
}, },
@ -249,11 +146,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772985285, "lastModified": 1761005073,
"narHash": "sha256-wEEmvfqJcl9J0wyMgMrj1TixOgInBW/6tLPhWGoZE3s=", "narHash": "sha256-r6qbieh8iC1q1eCaWv15f4UIp8SeGffwswhNSA1Qk3s=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5be5d8245cbc7bc0c09fbb5f38f23f223c543f85", "rev": "84e1adb0cdd13f5f29886091c7234365e12b1e7f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -262,69 +159,52 @@
"type": "github" "type": "github"
} }
}, },
"nix-citizen": { "home-manager_3": {
"inputs": {
"flake-parts": "flake-parts",
"nix-gaming": [
"nix-gaming"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1772840927,
"narHash": "sha256-WdIuEJpH7eUP3ya8laJAYf71WilE4x7xetgMferL5Ko=",
"owner": "LovingMelody",
"repo": "nix-citizen",
"rev": "73c8d04ba69fb0bb5c4521c4b91a930a0ce283a5",
"type": "github"
},
"original": {
"owner": "LovingMelody",
"repo": "nix-citizen",
"type": "github"
}
},
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts_2",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1772937574,
"narHash": "sha256-Yw1tP/ASebNYuW2GcYDTgWf2Mg9qcUYo6MTagXyeFCs=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "d2b0b283deb24cdbb2750e658fa7001fee5ad586",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "nix-gaming",
"type": "github"
}
},
"nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nix-citizen", "zen-browser",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1737420293, "lastModified": 1752603129,
"narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-github-actions", "repo": "home-manager",
"rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-github-actions", "repo": "home-manager",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1754860581,
"narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.1.1",
"repo": "ixx",
"type": "github" "type": "github"
} }
}, },
@ -343,60 +223,13 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-lib": {
"locked": {
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1772624091, "lastModified": 1760878510,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1772736753,
"narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "917fec990948658ef1ccd07cef2a1ef060786846",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1772773019,
"narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "aca4d95fce4914b3892661bcb80b8087293536c6", "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -408,18 +241,19 @@
}, },
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_3" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1772402258, "lastModified": 1760960598,
"narHash": "sha256-3DmCFOdmbkFML1/G9gj8Wb+rCCZFPOQtNoMCpqOF8SA=", "narHash": "sha256-UP1v+sEkHuvD2+qyhxbkQpBR+dl9U0ljml3/dMI2jeU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "21ae25e13b01d3b4cdc750b5f9e7bad68b150c10", "rev": "e3b77e803b2350b72f4d72c8f175ab0fbfe5a642",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -428,24 +262,26 @@
"type": "github" "type": "github"
} }
}, },
"nur": { "nuschtosSearch": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_4", "flake-utils": "flake-utils_2",
"ixx": "ixx",
"nixpkgs": [ "nixpkgs": [
"nixvim",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1772985100, "lastModified": 1758662783,
"narHash": "sha256-EXFbJvUZrElVq839MnMgJEDnyXWn84Zx+MiHcZiCQmg=", "narHash": "sha256-igrxT+/MnmcftPOHEb+XDwAMq3Xg1Xy7kVYQaHhPlAg=",
"owner": "nix-community", "owner": "NuschtOS",
"repo": "NUR", "repo": "search",
"rev": "407db2f6f4ba94992815f872ffce9a9d99ccc13c", "rev": "7d4c0fc4ffe3bd64e5630417162e9e04e64b27a4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "NuschtOS",
"repo": "NUR", "repo": "search",
"type": "github" "type": "github"
} }
}, },
@ -454,11 +290,9 @@
"agenix": "agenix", "agenix": "agenix",
"copyparty": "copyparty", "copyparty": "copyparty",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nix-citizen": "nix-citizen", "nixpkgs": "nixpkgs_2",
"nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_4",
"nixvim": "nixvim", "nixvim": "nixvim",
"nur": "nur" "zen-browser": "zen-browser"
} }
}, },
"systems": { "systems": {
@ -506,24 +340,24 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": { "zen-browser": {
"inputs": { "inputs": {
"home-manager": "home-manager_3",
"nixpkgs": [ "nixpkgs": [
"nix-citizen",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1772660329, "lastModified": 1761020606,
"narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", "narHash": "sha256-XdDpTJHjFqZJ3ss6xzTWYyi3PEObX2fs+kW0Wg/rNDk=",
"owner": "numtide", "owner": "0xc000022070",
"repo": "treefmt-nix", "repo": "zen-browser-flake",
"rev": "3710e0e1218041bbad640352a0440114b1e10428", "rev": "637cb6167da4dbf8ef7f5a50e69933c4f9796095",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "0xc000022070",
"repo": "treefmt-nix", "repo": "zen-browser-flake",
"type": "github" "type": "github"
} }
} }

33
flake.nix
View file

@ -12,36 +12,24 @@
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-citizen = {
url = "github:LovingMelody/nix-citizen";
inputs.nix-gaming.follows = "nix-gaming";
};
nix-gaming.url = "github:fufexan/nix-gaming";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixvim = { nixvim = {
url = "github:nix-community/nixvim"; url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nur = { zen-browser = {
url = "github:nix-community/NUR"; url = "github:0xc000022070/zen-browser-flake";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# zen-browser = {
# url = "github:0xc000022070/zen-browser-flake";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# keep-sorted end # keep-sorted end
}; };
outputs = outputs =
{ {
# keep-sorted start
agenix,
home-manager,
nixpkgs, nixpkgs,
nur, home-manager,
# zen-browser, agenix,
# keep-sorted end zen-browser,
... ...
}@inputs: }@inputs:
let let
@ -57,24 +45,17 @@
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
modules = [ modules = [
./hosts/${hostName}/configuration.nix ./hosts/${hostName}/configuration.nix
nur.modules.nixos.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager = { home-manager = {
users.${userName}.imports = [ users.${userName}.imports = [
./hosts/${hostName}/home.nix ./hosts/${hostName}/home.nix
agenix.homeManagerModules.default agenix.homeManagerModules.default
# zen-browser.homeModules.twilight zen-browser.homeModules.twilight
]; ];
backupFileExtension = "backup"; backupFileExtension = "backup";
extraSpecialArgs = { extraSpecialArgs = {
inherit inherit userName hostName util;
inputs
hostName
userName
system
util
;
}; };
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;

4
hosts/desktop/configuration.nix
View file

@ -19,14 +19,12 @@
"gaming" "gaming"
"link2c" "link2c"
"plasma" "plasma"
"star-citizen"
# keep-sorted end # keep-sorted end
]) ])
++ (util.toImports ../../modules/nixos/bundles [ ++ (util.toImports ../../modules/nixos/bundles [
# keep-sorted start # keep-sorted start
"desktop" "desktop"
"dev" "dev"
"gui"
# keep-sorted end # keep-sorted end
]); ]);
@ -39,6 +37,8 @@
system.stateVersion = "24.11"; system.stateVersion = "24.11";
i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8";
users.users.${userName} = { users.users.${userName} = {
extraGroups = [ extraGroups = [
# keep-sorted start # keep-sorted start

1
hosts/desktop/home.nix
View file

@ -13,7 +13,6 @@
# keep-sorted start # keep-sorted start
"desktop" "desktop"
"dev" "dev"
"gui"
# keep-sorted end # keep-sorted end
]); ]);

8
hosts/laptop/configuration.nix
View file

@ -23,13 +23,15 @@
# keep-sorted start # keep-sorted start
"desktop" "desktop"
"dev" "dev"
"gui"
# keep-sorted end # keep-sorted end
]); ]);
boot.initrd.luks.devices."luks-c2f5123c-0be0-4357-b383-b3f422e99a34".device = "/dev/disk/by-uuid/c2f5123c-0be0-4357-b383-b3f422e99a34"; boot.initrd.luks.devices."luks-a7726a9d-535f-44bc-9c0e-adc501fad371".device =
"/dev/disk/by-uuid/a7726a9d-535f-44bc-9c0e-adc501fad371";
system.stateVersion = "25.05"; system.stateVersion = "24.11";
i18n.extraLocaleSettings.LC_ALL = "en_AU.UTF-8";
users.users.${userName} = { users.users.${userName} = {
extraGroups = [ extraGroups = [

8
hosts/laptop/hardware-configuration.nix
View file

@ -14,20 +14,20 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/a240787a-6cc8-4c03-8a01-742adf305b1e"; { device = "/dev/disk/by-uuid/b772799b-5434-4d5e-b0f9-ab425e36b9a1";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-f7d7a54f-d217-4260-8754-3cac7022e7d5".device = "/dev/disk/by-uuid/f7d7a54f-d217-4260-8754-3cac7022e7d5"; boot.initrd.luks.devices."luks-de6f14d8-8c7e-4e77-bfe5-264a39ef0bea".device = "/dev/disk/by-uuid/de6f14d8-8c7e-4e77-bfe5-264a39ef0bea";
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/B3C9-7C0A"; { device = "/dev/disk/by-uuid/3730-5237";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [ "fmask=0077" "dmask=0077" ];
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/b07c858a-2bd7-4b9a-aec3-3f9593c461c9"; } [ { device = "/dev/disk/by-uuid/081de704-5e9a-4e6d-ae8d-df492d0f662c"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

1
hosts/laptop/home.nix
View file

@ -13,7 +13,6 @@
# keep-sorted start # keep-sorted start
"desktop" "desktop"
"dev" "dev"
"gui"
# keep-sorted end # keep-sorted end
]); ]);

26
hosts/server/configuration.nix
View file

@ -15,7 +15,7 @@
] ]
++ (util.toImports ../../modules/nixos/features [ ++ (util.toImports ../../modules/nixos/features [
# keep-sorted start # keep-sorted start
"borgbackup" "borgmatic"
"intel-gpu" "intel-gpu"
# keep-sorted end # keep-sorted end
]) ])
@ -23,27 +23,13 @@
"server" "server"
]); ]);
# external drive networking.hostName = "${hostName}";
services.udisks2.enable = true;
fileSystems."/mnt/external" = {
device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e";
fsType = "ext4";
options = [
"nofail"
];
};
networking = {
hostName = "${hostName}";
firewall.interfaces."enp2s0".allowedTCPPorts = [
80
443
];
};
# hardened openssh # hardened openssh
services.openssh = { services.openssh = {
passwordAuthentication = false;
allowSFTP = false; allowSFTP = false;
challengeResponseAuthentication = false;
extraConfig = '' extraConfig = ''
AllowTcpForwarding yes AllowTcpForwarding yes
X11Forwarding no X11Forwarding no
@ -51,10 +37,6 @@
AllowStreamLocalForwarding no AllowStreamLocalForwarding no
AuthenticationMethods publickey AuthenticationMethods publickey
''; '';
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
};
}; };
system.stateVersion = "24.11"; system.stateVersion = "24.11";

3
modules/home-manager/bundles/desktop.nix
View file

@ -6,8 +6,11 @@
imports = util.toImports ../features [ imports = util.toImports ../features [
# keep-sorted start # keep-sorted start
"aerc" "aerc"
"kitty"
"mail" "mail"
"obsidian"
"zellij" "zellij"
"zen-browser"
# keep-sorted end # keep-sorted end
]; ];
} }

4
modules/home-manager/bundles/dev.nix
View file

@ -4,8 +4,6 @@
}: }:
{ {
imports = util.toImports ../features [ imports = util.toImports ../features [
# keep-sorted start "zed-editor"
"direnv"
# keep-sorted end
]; ];
} }

14
modules/home-manager/bundles/gui.nix
View file

@ -1,14 +0,0 @@
{
util,
...
}:
{
imports = util.toImports ../features [
# keep-sorted start
"alacritty"
"librewolf"
"obsidian"
# "zen-browser"
# keep-sorted end
];
}

7
modules/home-manager/default.nix
View file

@ -6,15 +6,14 @@
imports = util.toImports ./features [ imports = util.toImports ./features [
# keep-sorted start # keep-sorted start
"agenix" "agenix"
"bash"
"bat" "bat"
"bottom"
"delta" "delta"
"direnv"
"eza" "eza"
"fd" "fish"
"gh"
"git" "git"
"lazygit" "lazygit"
"shell-aliases"
"starship" "starship"
"yazi" "yazi"
"zoxide" "zoxide"

2
modules/home-manager/features/aerc.nix
View file

@ -49,11 +49,11 @@
D = ":move Trash<Enter>"; D = ":move Trash<Enter>";
G = ":select -1<Enter>"; G = ":select -1<Enter>";
H = ":collapse-folder<Enter>"; H = ":collapse-folder<Enter>";
I = ":read<Enter>";
J = ":next-folder <Enter>"; J = ":next-folder <Enter>";
K = ":prev-folder<Enter>"; K = ":prev-folder<Enter>";
L = ":expand-folder<Enter>"; L = ":expand-folder<Enter>";
N = ":prev-result<Enter>"; N = ":prev-result<Enter>";
R = ":read<Enter>";
Rq = ":reply -q<Enter>"; Rq = ":reply -q<Enter>";
Rr = ":reply<Enter>"; Rr = ":reply<Enter>";
T = ":toggle-threads<Enter>"; T = ":toggle-threads<Enter>";

27
modules/home-manager/features/alacritty.nix
View file

@ -1,27 +0,0 @@
{
# keep-sorted start
lib,
pkgs,
# keep-sorted end
...
}:
{
programs.alacritty = {
enable = true;
settings = {
font = {
normal = {
family = "JetBrainsMono Nerd Font";
style = "Regular";
};
size = 13;
};
window.startup_mode = "Maximized";
terminal.shell = {
program = "${lib.getExe pkgs.zellij}";
args = [ "-l=welcome" ];
};
};
theme = "catppuccin_mocha";
};
}

4
modules/home-manager/features/bash.nix
View file

@ -1,4 +0,0 @@
{
home.shell.enableBashIntegration = true;
programs.bash.enable = true;
}

78
modules/home-manager/features/bottom.nix
View file

@ -1,78 +0,0 @@
{
programs.bottom = {
enable = true;
settings = {
flags = {
group_processes = true;
process_memory_as_value = true;
};
styles = {
cpu = {
all_entry_color = "#f5e0dc";
avg_entry_color = "#eba0ac";
cpu_core_colors = [
"#f38ba8"
"#fab387"
"#f9e2af"
"#a6e3a1"
"#74c7ec"
"#cba6f7"
];
};
memory = {
ram_color = "#a6e3a1";
cache_color = "#f38ba8";
swap_color = "#fab387";
gpu_colors = [
"#74c7ec"
"#cba6f7"
"#f38ba8"
"#fab387"
"#f9e2af"
"#a6e3a1"
];
arc_color = "#89dceb";
};
network = {
rx_color = "#a6e3a1";
tx_color = "#f38ba8";
rx_total_color = "#89dceb";
tx_total_color = "#a6e3a1";
};
battery = {
high_battery_color = "#a6e3a1";
medium_battery_color = "#f9e2af";
low_battery_color = "#f38ba8";
};
tables = {
headers = {
color = "#f5e0dc";
};
};
graphs = {
graph_color = "#a6adc8";
legend_text = {
color = "#a6adc8";
};
};
widgets = {
border_color = "#585b70";
selected_border_color = "#f5c2e7";
widget_title = {
color = "#f2cdcd";
};
text = {
color = "#cdd6f4";
};
selected_text = {
color = "#11111b";
bg_color = "#cba6f7";
};
disabled_text = {
color = "#1e1e2e";
};
};
};
};
};
}

6
modules/home-manager/features/fd.nix
View file

@ -1,6 +0,0 @@
{
programs.fd = {
enable = true;
hidden = true;
};
}

254
modules/home-manager/features/firefox.nix
View file

@ -1,254 +0,0 @@
{
pkgs,
...
}:
{
programs.firefox = {
enable = true;
languagePacks = [ "en-GB" ];
profiles.will = {
settings = {
# keep-sorted start
"browser.aboutwelcome.enabled" = false;
"browser.bookmarks.addedImportButton" = false;
"browser.bookmarks.restore_default_bookmarks" = false;
"browser.download.useDownloadDir" = true;
"browser.newtabpage.enabled" = false;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.remote.block_uncommon" = false;
"browser.search.suggest.enabled" = false;
"browser.startup.homepage" = "chrome://browser/content/blanktab.html";
"browser.startup.page" = 3;
"browser.tabs.groups.smart.userEnabled" = false;
"browser.tabs.warnOnClose" = true;
"browser.tabs.warnOnOpen" = false;
"browser.toolbars.bookmarks.visibility" = "never";
"browser.urlbar.suggest.searches" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.usage.uploadEnabled" = false;
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.formautofill.creditCards.enabled" = false;
"general.autoScroll" = true;
"intl.locale.requested" = "en-GB";
"network.trr.mode" = 3;
"network.trr.uri" = "https://firefox.dns.nextdns.io/";
"privacy.annotate_channels.strict_list.enabled" = true;
"privacy.bounceTrackingProtection.mode" = 1;
"privacy.fingerprintingProtection" = true;
"privacy.globalprivacycontrol.enabled" = true;
"privacy.globalprivacycontrol.was_ever_enabled" = true;
"privacy.history.custom" = false;
"privacy.query_stripping.enabled " = true;
"privacy.query_stripping.enabled.pbmode" = true;
"privacy.sanitize.sanitizeOnShutdown" = false;
"privacy.trackingprotection.allow_list.baseline.enabled" = true;
"privacy.trackingprotection.allow_list.convenience.enabled" = false;
"privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false;
"privacy.trackingprotection.emailtracking.enabled" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
"services.sync.engine.passwords" = false;
"sidebar.main.tools" = "syncedtabs,history,bookmarks";
"sidebar.new-sidebar.has-used" = true;
"sidebar.position_start" = false;
"sidebar.revamp" = true;
"sidebar.verticalTabs" = true;
"sidebar.verticalTabs.dragToPinPromo.dismissed" = true;
"signon.autofillForms" = false;
"signon.firefoxRelay.feature" = "disabled";
"signon.generation.enabled" = false;
"signon.management.page.breach-alerts.enabled" = false;
"signon.rememberSignons" = false;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
# keep-sorted end
};
search = {
default = "ddg";
privateDefault = "ddg";
engines = { };
order = [ ];
force = true;
};
extensions = {
force = true;
packages = with pkgs.nur.repos.rycee.firefox-addons; [
# keep-sorted start sticky_comments=no
# detect-cloudflare
bitwarden
dearrow
nixpkgs-pr-tracker
react-devtools
return-youtube-dislikes
sponsorblock
ublock-origin
# keep-sorted end
];
settings = {
# keep-sorted start block=yes
# sponsorblock
"sponsorBlocker@ajay.app".settings = {
hideSegmentCreationInPopup = false;
autoSkipOnMusicVideosUpdate = true;
changeChapterColor = true;
autoSkipOnMusicVideos = false;
hideVideoPlayerControls = false;
useVirtualTime = true;
categoryPillColors = { };
payments = {
chaptersAllowed = false;
freeAccess = false;
lastCheck = 0;
lastFreeCheck = 0;
licenseKey = null;
};
allowExpirements = true;
allowScrollingToEdit = true;
audioNotificationOnSkip = false;
autoHideInfoButton = true;
categoryPillUpdate = true;
chapterCategoryAdded = true;
checkForUnlistedVideos = false;
cleanPopup = false;
darkMode = true;
deArrowInstalled = true;
defaultCategory = "chooseACategory";
disableSkipping = false;
donateClicked = 0;
dontShowNotice = false;
forceChannelCheck = false;
fullVideoLabelsOnThumbnails = true;
fullVideoSegments = true;
hideDeleteButtonPlayerControls = false;
hideDiscordLaunches = 0;
hideDiscordLink = false;
hideInfoButtonPlayerControls = false;
hideSkipButtonPlayerControls = false;
hideUploadButtonPlayerControls = false;
categorySelections = [
{
name = "sponsor";
option = 2;
}
{
name = "poi_highlight";
option = 1;
}
{
name = "exclusive_access";
option = 0;
}
{
name = "chapter";
option = 0;
}
{
name = "selfpromo";
option = 1;
}
{
name = "interaction";
option = 1;
}
{
name = "intro";
option = 1;
}
{
name = "outro";
option = 1;
}
{
name = "preview";
option = 1;
}
{
name = "filler";
option = 1;
}
{
name = "music_offtopic";
option = 2;
}
{
name = "hook";
option = 1;
}
];
manualSkipOnFullVideo = false;
minDuration = 0;
isVip = false;
muteSegments = false;
noticeVisibilityMode = 3;
renderSegmentsAsChapters = false;
scrollToEditTimeUpdate = false;
serverAddress = "https://sponsor.ajay.app";
showAutogeneratedChapters = false;
showCategoryGuidelines = true;
showCategoryWithoutPermission = false;
showChapterInfoMessage = true;
showDeArrowInSettings = true;
showDeArrowPromotion = true;
showDonationLink = false;
showNewFeaturePopups = false;
showSegmentFailedToFetchWarning = true;
showSegmentNameInChapterBar = true;
showTimeWithSkips = true;
showUpcomingNotice = false;
showUpsells = false;
minutesSaved = 67.630516;
shownDeArrowPromotion = false;
showZoomToFillError2 = false;
skipNoticeDuration = 4;
sponsorTimesContributed = 0;
testingServer = false;
trackDownvotes = false;
trackDownvotesInPrivate = false;
trackViewCount = false;
trackViewCountInPrivate = false;
ytInfoPermissionGranted = false;
skipNonMusicOnlyOnYoutubeMusic = false;
hookUpdate = false;
permissions = {
sponsor = true;
selfpromo = true;
exclusive_access = true;
interaction = true;
intro = true;
outro = true;
preview = true;
hook = true;
music_offtopic = true;
filler = true;
poi_highlight = true;
chapter = false;
};
segmentListDefaultTab = 0;
prideTheme = false;
};
# ublock-origin
"uBlock0@raymondhill.net".settings = {
advancedUserEnabled = true;
selectedFilterLists = [
"user-filters"
"ublock-filters"
"ublock-badware"
"ublock-privacy"
"ublock-quick-fixes"
"ublock-unbreak"
"easylist"
"easyprivacy"
"adguard-spyware-url"
"urlhaus-1"
"plowe-0"
];
};
# keep-sorted end
};
};
};
};
}

24
modules/home-manager/features/fish.nix
View file

@ -9,6 +9,30 @@
interactiveShellInit = '' interactiveShellInit = ''
set fish_greeting set fish_greeting
''; '';
shellAliases = {
# keep-sorted start
cat = "bat";
# cd = "j";
cut = "choose";
df = "duf";
du = "dua";
# find = "fd";
g = "lazygit";
l = "eza";
la = "eza -a";
ls = "eza";
ns = "nh os switch";
# curl = "xh";
ping = "gping";
ps = "procs";
# sed = "sd";
# grep = "rga";
top = "btm";
unzip = "ripunzip";
vi = "nvim";
vim = "nvim";
# keep-sorted end
};
plugins = [ plugins = [
# INFO: Using this to get shell completion for programs added to the path through nix+direnv. # INFO: Using this to get shell completion for programs added to the path through nix+direnv.
# Issue to upstream into direnv:Add commentMore actions # Issue to upstream into direnv:Add commentMore actions

27
modules/home-manager/features/git.nix
View file

@ -1,12 +1,15 @@
{
userName,
...
}:
{ {
programs.git = { programs.git = {
enable = true; enable = true;
settings = { settings = {
# keep-sorted start block=yes init.defaultBranch = "main";
core.editor = "nvim";
push.autoSetupRemote = true;
pull.rebase = false;
user = {
name = "wi11-holdsworth";
email = "83637728+wi11-holdsworth@users.noreply.github.com";
};
aliases = { aliases = {
# keep-sorted start # keep-sorted start
a = "add"; a = "add";
@ -27,20 +30,6 @@
s = "status -s"; s = "status -s";
# keep-sorted end # keep-sorted end
}; };
core.editor = "nvim";
init.defaultBranch = "main";
pull.rebase = true;
push.autoSetupRemote = true;
user = {
name = "Will Holdsworth";
email = "me@fi33.buzz";
};
# keep-sorted end
};
signing = {
key = "/home/${userName}/.ssh/git_signature.pub";
format = "ssh";
signByDefault = true;
}; };
}; };
} }

1
modules/home-manager/features/lazygit.nix
View file

@ -5,7 +5,6 @@
programs.lazygit = { programs.lazygit = {
enable = true; enable = true;
settings = { settings = {
git.overrideGpg = true;
log = { log = {
localBranchSortOrder = "recency"; localBranchSortOrder = "recency";
remoteBranchSortOrder = "recency"; remoteBranchSortOrder = "recency";

255
modules/home-manager/features/librewolf.nix
View file

@ -1,255 +0,0 @@
{
pkgs,
...
}:
{
programs.librewolf = {
enable = true;
languagePacks = [ "en-GB" ];
profiles.will = {
settings = {
# keep-sorted start
"browser.aboutwelcome.enabled" = false;
"browser.bookmarks.addedImportButton" = false;
"browser.bookmarks.restore_default_bookmarks" = false;
"browser.download.useDownloadDir" = true;
"browser.newtabpage.enabled" = false;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.remote.block_uncommon" = false;
"browser.search.suggest.enabled" = false;
"browser.startup.homepage" = "chrome://browser/content/blanktab.html";
"browser.startup.page" = 3;
"browser.tabs.groups.smart.userEnabled" = false;
"browser.tabs.warnOnClose" = true;
"browser.tabs.warnOnOpen" = false;
"browser.toolbars.bookmarks.visibility" = "never";
"browser.urlbar.suggest.searches" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.usage.uploadEnabled" = false;
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.formautofill.creditCards.enabled" = false;
"general.autoScroll" = true;
"identity.fxaccounts.enabled" = true;
"intl.locale.requested" = "en-GB";
"network.trr.mode" = 3;
"network.trr.uri" = "https://firefox.dns.nextdns.io/";
"privacy.annotate_channels.strict_list.enabled" = true;
"privacy.bounceTrackingProtection.mode" = 1;
"privacy.fingerprintingProtection" = true;
"privacy.globalprivacycontrol.enabled" = true;
"privacy.globalprivacycontrol.was_ever_enabled" = true;
"privacy.history.custom" = false;
"privacy.query_stripping.enabled " = true;
"privacy.query_stripping.enabled.pbmode" = true;
"privacy.sanitize.sanitizeOnShutdown" = false;
"privacy.trackingprotection.allow_list.baseline.enabled" = true;
"privacy.trackingprotection.allow_list.convenience.enabled" = false;
"privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false;
"privacy.trackingprotection.emailtracking.enabled" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
"services.sync.engine.passwords" = false;
"sidebar.main.tools" = "syncedtabs,history,bookmarks";
"sidebar.new-sidebar.has-used" = true;
"sidebar.position_start" = false;
"sidebar.revamp" = true;
"sidebar.verticalTabs" = true;
"sidebar.verticalTabs.dragToPinPromo.dismissed" = true;
"signon.autofillForms" = false;
"signon.firefoxRelay.feature" = "disabled";
"signon.generation.enabled" = false;
"signon.management.page.breach-alerts.enabled" = false;
"signon.rememberSignons" = false;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
# keep-sorted end
};
search = {
default = "ddg";
privateDefault = "ddg";
engines = { };
order = [ ];
force = true;
};
extensions = {
force = true;
packages = with pkgs.nur.repos.rycee.firefox-addons; [
# keep-sorted start sticky_comments=no
# detect-cloudflare
bitwarden
dearrow
nixpkgs-pr-tracker
react-devtools
return-youtube-dislikes
sponsorblock
ublock-origin
# keep-sorted end
];
settings = {
# keep-sorted start block=yes
# sponsorblock
"sponsorBlocker@ajay.app".settings = {
hideSegmentCreationInPopup = false;
autoSkipOnMusicVideosUpdate = true;
changeChapterColor = true;
autoSkipOnMusicVideos = false;
hideVideoPlayerControls = false;
useVirtualTime = true;
categoryPillColors = { };
payments = {
chaptersAllowed = false;
freeAccess = false;
lastCheck = 0;
lastFreeCheck = 0;
licenseKey = null;
};
allowExpirements = true;
allowScrollingToEdit = true;
audioNotificationOnSkip = false;
autoHideInfoButton = true;
categoryPillUpdate = true;
chapterCategoryAdded = true;
checkForUnlistedVideos = false;
cleanPopup = false;
darkMode = true;
deArrowInstalled = true;
defaultCategory = "chooseACategory";
disableSkipping = false;
donateClicked = 0;
dontShowNotice = false;
forceChannelCheck = false;
fullVideoLabelsOnThumbnails = true;
fullVideoSegments = true;
hideDeleteButtonPlayerControls = false;
hideDiscordLaunches = 0;
hideDiscordLink = false;
hideInfoButtonPlayerControls = false;
hideSkipButtonPlayerControls = false;
hideUploadButtonPlayerControls = false;
categorySelections = [
{
name = "sponsor";
option = 2;
}
{
name = "poi_highlight";
option = 1;
}
{
name = "exclusive_access";
option = 0;
}
{
name = "chapter";
option = 0;
}
{
name = "selfpromo";
option = 1;
}
{
name = "interaction";
option = 1;
}
{
name = "intro";
option = 1;
}
{
name = "outro";
option = 1;
}
{
name = "preview";
option = 1;
}
{
name = "filler";
option = 1;
}
{
name = "music_offtopic";
option = 2;
}
{
name = "hook";
option = 1;
}
];
manualSkipOnFullVideo = false;
minDuration = 0;
isVip = false;
muteSegments = false;
noticeVisibilityMode = 3;
renderSegmentsAsChapters = false;
scrollToEditTimeUpdate = false;
serverAddress = "https://sponsor.ajay.app";
showAutogeneratedChapters = false;
showCategoryGuidelines = true;
showCategoryWithoutPermission = false;
showChapterInfoMessage = true;
showDeArrowInSettings = true;
showDeArrowPromotion = true;
showDonationLink = false;
showNewFeaturePopups = false;
showSegmentFailedToFetchWarning = true;
showSegmentNameInChapterBar = true;
showTimeWithSkips = true;
showUpcomingNotice = false;
showUpsells = false;
minutesSaved = 67.630516;
shownDeArrowPromotion = false;
showZoomToFillError2 = false;
skipNoticeDuration = 4;
sponsorTimesContributed = 0;
testingServer = false;
trackDownvotes = false;
trackDownvotesInPrivate = false;
trackViewCount = false;
trackViewCountInPrivate = false;
ytInfoPermissionGranted = false;
skipNonMusicOnlyOnYoutubeMusic = false;
hookUpdate = false;
permissions = {
sponsor = true;
selfpromo = true;
exclusive_access = true;
interaction = true;
intro = true;
outro = true;
preview = true;
hook = true;
music_offtopic = true;
filler = true;
poi_highlight = true;
chapter = false;
};
segmentListDefaultTab = 0;
prideTheme = false;
};
# ublock-origin
"uBlock0@raymondhill.net".settings = {
advancedUserEnabled = true;
selectedFilterLists = [
"user-filters"
"ublock-filters"
"ublock-badware"
"ublock-privacy"
"ublock-quick-fixes"
"ublock-unbreak"
"easylist"
"easyprivacy"
"adguard-spyware-url"
"urlhaus-1"
"plowe-0"
];
};
# keep-sorted end
};
};
};
};
}

27
modules/home-manager/features/shell-aliases.nix
View file

@ -1,27 +0,0 @@
{
home.shellAliases = {
# keep-sorted start
",cat" = "bat";
",curl" = "xh";
",cut" = "choose";
",df" = "duf";
",diff" = "delta";
",du" = "dua";
",find" = "fd";
",grep" = "rga";
",ping" = "gping";
",ps" = "procs";
",sed" = "sd";
",ss" = "snitch";
",top" = "btm";
",unzip" = "ripunzip";
"g" = "lazygit";
"l" = "eza";
"la" = "eza -a";
"ls" = "eza";
"ns" = "nh os switch";
"vi" = "nvim";
"vim" = "nvim";
# keep-sorted end
};
}

1
modules/home-manager/features/yazi.nix
View file

@ -5,7 +5,6 @@
{ {
programs.yazi = { programs.yazi = {
enable = true; enable = true;
shellWrapperName = "y";
plugins = { plugins = {
# keep-sorted start # keep-sorted start
diff = pkgs.yaziPlugins.diff; diff = pkgs.yaziPlugins.diff;

1
modules/home-manager/features/zellij.nix
View file

@ -4,6 +4,7 @@
settings = { settings = {
theme = "catppuccin-mocha"; theme = "catppuccin-mocha";
show_startup_tips = false; show_startup_tips = false;
default_shell = "fish";
}; };
}; };
} }

1
modules/home-manager/features/zoxide.nix
View file

@ -1,6 +1,7 @@
{ {
programs.zoxide = { programs.zoxide = {
enable = true; enable = true;
enableBashIntegration = true;
options = [ options = [
"--cmd j" "--cmd j"
]; ];

15
modules/nixos/bundles/desktop.nix
View file

@ -1,5 +1,8 @@
{ {
# keep-sorted start
pkgs,
util, util,
# keep-sorted end
... ...
}: }:
{ {
@ -10,4 +13,16 @@
"protonmail-bridge" "protonmail-bridge"
# keep-sorted end # keep-sorted end
]; ];
environment.systemPackages = with pkgs; [
# keep-sorted start
beeper
calibre
cameractrls-gtk3
# https://github.com/NixOS/nixpkgs/issues/437865
# jellyfin-media-player
onlyoffice-desktopeditors
textsnatcher
# keep-sorted end
];
} }

5
modules/nixos/bundles/dev.nix
View file

@ -7,7 +7,12 @@
# keep-sorted start # keep-sorted start
bacon bacon
cargo-info cargo-info
devenv
just
mask mask
rusty-man
vscode
# keep-sorted end # keep-sorted end
]; ];
} }

24
modules/nixos/bundles/gui.nix
View file

@ -1,24 +0,0 @@
{
# keep-sorted start
pkgs,
util,
# keep-sorted end
...
}:
{
imports = util.toImports ../features [
# keep-sorted start
"fonts"
# keep-sorted end
];
environment.systemPackages = with pkgs; [
# keep-sorted start
cameractrls-gtk3
jellyfin-desktop
libreoffice
signal-desktop
textsnatcher
# keep-sorted end
];
}

23
modules/nixos/bundles/server.nix
View file

@ -5,37 +5,28 @@
{ {
imports = util.toImports ../features [ imports = util.toImports ../features [
# keep-sorted start # keep-sorted start
"bazarr"
"caddy"
"copyparty" "copyparty"
"couchdb" "couchdb"
"cryptpad" "flaresolverr"
"fi33.buzz"
"gatus"
"homepage-dashboard" "homepage-dashboard"
"immich" "immich"
"jellyfin" "jellyfin"
"kavita"
"libretranslate"
"lidarr" "lidarr"
"mealie"
"miniflux" "miniflux"
"nginx"
"ntfy-sh" "ntfy-sh"
"nzbget" "owntracks"
"paperless" "paperless"
"prowlarr" "prowlarr"
"qbittorrent" "qbittorrent"
"radarr" "radarr"
"radicale"
"readarr"
"send"
"sonarr" "sonarr"
"syncthing"
"vaultwarden" "vaultwarden"
# keep-sorted end # keep-sorted end
]; ];
services.borgbackup.jobs = { users.groups.media = { };
onsite.paths = [ "/srv" ];
offsite.paths = [ "/srv" ]; services.borgmatic.settings.source_directories = [ "/srv" ];
};
} }

13
modules/nixos/default.nix
View file

@ -9,6 +9,7 @@
imports = util.toImports ./features [ imports = util.toImports ./features [
# keep-sorted start # keep-sorted start
"agenix" "agenix"
"fonts"
"localisation" "localisation"
"network" "network"
"nh" "nh"
@ -16,6 +17,7 @@
"nixvim" "nixvim"
"syncthing" "syncthing"
"systemd-boot" "systemd-boot"
"tailscale"
# keep-sorted end # keep-sorted end
]; ];
@ -23,13 +25,17 @@
with pkgs; with pkgs;
[ [
# keep-sorted start # keep-sorted start
bottom # top
broot # large directory browser broot # large directory browser
choose # cut choose # cut
circumflex # hacker news browsing
cointop # crypto ticker
ddgr # web search ddgr # web search
doggo # dns dogdns # dns
dua # du dua # du
duf # df duf # df
epy # ebook reading epy # ebook reading
fd # find
fselect # find with sql syntax fselect # find with sql syntax
fx # json processor and viewer fx # json processor and viewer
fzf # fuzzy finder fzf # fuzzy finder
@ -44,7 +50,7 @@
nb # note taking nb # note taking
nil # nix language server nil # nix language server
nixd # nix language server nixd # nix language server
nixfmt # nix file formatting nixfmt-rfc-style # nix file formatting
nom # stylistic nix dependency graphs nom # stylistic nix dependency graphs
pastel # colour generation pastel # colour generation
pdd # datetime calculations pdd # datetime calculations
@ -56,11 +62,10 @@
ripunzip # unzip ripunzip # unzip
sd # sed sd # sed
slides # presentations slides # presentations
snitch # netstat
ticker # stock ticker ticker # stock ticker
tldr # cheat sheets tldr # cheat sheets
tmpmail # temporary email address tmpmail # temporary email address
# topydo # todo.txt helper tool topydo # todo.txt helper tool
tt # typing test tt # typing test
wtfutil # terminal homepage wtfutil # terminal homepage
xh # curl xh # curl

38
modules/nixos/features/bazarr.nix
View file

@ -1,38 +0,0 @@
let
port = 5017;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "subtitles.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
bazarr = {
enable = true;
dataDir = "/srv/bazarr";
group = "srv";
listenPort = port;
};
gatus.settings.endpoints = [
{
name = "Bazarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

57
modules/nixos/features/borgbackup.nix
View file

@ -1,57 +0,0 @@
{
config,
pkgs,
...
}:
let
jobConfig = {
compression = "auto,zlib";
doInit = false;
preHook = ''
/run/wrappers/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dumpall > /srv/backup/database/postgres/dump.sql
'';
postHook = ''
rm /srv/backup/database/postgres/dump.sql
'';
prune.keep = {
daily = 7;
weekly = 4;
monthly = 6;
yearly = 1;
};
readWritePaths = [
"/srv/backup"
];
startAt = "*-*-* 03:00:00";
extraCreateArgs = [ "-v" ];
};
in
{
services.borgbackup = {
jobs = {
onsite = {
encryption = {
passCommand = "cat ${config.age.secrets.borgbackup-onsite.path}";
mode = "repokey-blake2";
};
removableDevice = true;
repo = "/mnt/external/backup/take2";
}
// jobConfig;
offsite = {
encryption = {
passCommand = "cat ${config.age.secrets.borgbackup-offsite.path}";
mode = "repokey-blake2";
};
environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519";
repo = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo";
}
// jobConfig;
};
};
age.secrets = {
borgbackup-onsite.file = ../../../secrets/borgbackup-onsite.age;
borgbackup-offsite.file = ../../../secrets/borgbackup-offsite.age;
};
}

15
modules/nixos/features/borgmatic.nix
View file

@ -20,8 +20,6 @@
ntfy = { ntfy = {
topic = "backups"; topic = "backups";
server = config.services.ntfy-sh.settings.base-url; server = config.services.ntfy-sh.settings.base-url;
username = "borgmatic";
password = "{credential file ${config.age.secrets.borgmatic-ntfy.path}}";
finish = { finish = {
title = "Ping!"; title = "Ping!";
message = "Your backups have succeeded :)"; message = "Your backups have succeeded :)";
@ -37,15 +35,16 @@
"fail" "fail"
]; ];
}; };
relocated_repo_access_is_ok = true;
repositories = [ repositories = [
{ {
path = "/mnt/external/backup/repo"; path = "/backup/repo";
label = "onsite"; label = "onsite";
# encryption = "repokey-blake2";
} }
{ {
path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo";
label = "offsite"; label = "offsite";
# encryption = "repokey-blake2";
} }
]; ];
retries = 3; retries = 3;
@ -73,10 +72,16 @@
"borgmatic-pg:${config.age.secrets.borgmatic-pg.path}" "borgmatic-pg:${config.age.secrets.borgmatic-pg.path}"
]; ];
# onsite drive
services.udisks2.enable = true;
fileSystems."/backup" = {
device = "/dev/disk/by-uuid/d3b3d7dc-d634-4327-9ea2-9d8daa4ecf4e";
fsType = "ext4";
};
# secrets # secrets
age.secrets = { age.secrets = {
"borgmatic".file = ../../../secrets/borgmatic.age; "borgmatic".file = ../../../secrets/borgmatic.age;
"borgmatic-ntfy".file = ../../../secrets/borgmatic-ntfy.age;
"borgmatic-pg".file = ../../../secrets/borgmatic-pg.age; "borgmatic-pg".file = ../../../secrets/borgmatic-pg.age;
}; };
} }

29
modules/nixos/features/caddy.nix
View file

@ -1,29 +0,0 @@
{
config,
...
}:
{
services.caddy = {
enable = true;
dataDir = "/srv/caddy";
globalConfig = ''
auto_https disable_redirects
'';
openFirewall = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "festive-steed-fit@duck.com";
certs."fi33.buzz" = {
group = config.services.caddy.group;
domain = "fi33.buzz";
extraDomainNames = [ "*.fi33.buzz" ];
dnsProvider = "porkbun";
dnsPropagationCheck = true;
credentialsFile = config.age.secrets."porkbun-api".path;
};
};
age.secrets."porkbun-api".file = ../../../secrets/porkbun-api.age;
}

45
modules/nixos/features/copyparty.nix
View file

@ -2,14 +2,12 @@
# keep-sorted start # keep-sorted start
config, config,
inputs, inputs,
lib,
# keep-sorted end # keep-sorted end
... ...
}: }:
let let
port = 5000; port = "5000";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "files.fi33.buzz";
url = "https://${hostname}";
in in
{ {
imports = [ inputs.copyparty.nixosModules.default ]; imports = [ inputs.copyparty.nixosModules.default ];
@ -22,47 +20,30 @@ in
e2dsa = true; e2dsa = true;
e2ts = true; e2ts = true;
e2vu = true; e2vu = true;
p = port; p = lib.toInt port;
xff-hdr = "x-forwarded-for";
rproxy = 1;
}; };
accounts.Impatient7119.passwordFile = config.age.secrets.copyparty.path; accounts.will.passwordFile = config.age.secrets.copyparty-will.path;
volumes."/" = { volumes."/" = {
path = "/srv/copyparty"; path = "/srv/copyparty";
access = { access = {
A = [ "Impatient7119" ]; r = "*";
A = [ "will" ];
}; };
}; };
}; };
gatus.settings.endpoints = [ nginx.virtualHosts."copyparty.fi33.buzz" = {
{ forceSSL = true;
name = "copyparty"; useACMEHost = "fi33.buzz";
group = "Private Services"; locations."/".proxyPass = "http://localhost:${port}";
inherit url; };
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
# secrets # secrets
age.secrets."copyparty" = { age.secrets."copyparty-will" = {
file = ../../../secrets/copyparty.age; file = ../../../secrets/copyparty-will.age;
owner = "copyparty"; owner = "copyparty";
}; };

39
modules/nixos/features/couchdb.nix
View file

@ -1,8 +1,9 @@
{
lib,
...
}:
let let
port = 5984; port = "5984";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "couchdb.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -11,7 +12,7 @@ in
databaseDir = "/srv/couchdb"; databaseDir = "/srv/couchdb";
viewIndexDir = "/srv/couchdb"; viewIndexDir = "/srv/couchdb";
configFile = "/srv/couchdb"; configFile = "/srv/couchdb";
inherit port; port = lib.toInt port;
extraConfig = { extraConfig = {
chttpd = { chttpd = {
require_valid_user = true; require_valid_user = true;
@ -31,32 +32,16 @@ in
cors = { cors = {
credentials = true; credentials = true;
origins = '' origins = ''
app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://${hostname},http://${hostname},${url} app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz
''; '';
}; };
}; };
}; };
gatus.settings.endpoints = [ nginx.virtualHosts."couchdb.fi33.buzz" = {
{ forceSSL = true;
name = "CouchDB"; useACMEHost = "fi33.buzz";
group = "Private Services"; locations."/".proxyPass = "http://localhost:${port}";
inherit url; };
interval = "5m";
conditions = [
"[STATUS] == 401"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

66
modules/nixos/features/cryptpad.nix
View file

@ -1,66 +0,0 @@
let
httpPort = 5022;
websocketPort = 5024;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "cryptpad.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
cryptpad = {
enable = true;
settings = {
inherit httpPort;
inherit websocketPort;
httpUnsafeOrigin = url;
httpSafeOrigin = "https://cryptpad-ui.fi33.buzz";
inactiveTime = 7;
archiveRetentionTime = 7;
accountRetentionTime = 7;
};
};
gatus.settings.endpoints = [
{
name = "CryptPad";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts."${hostname} cryptpad-ui.fi33.buzz".extraConfig = ''
header Strict-Transport-Security "includeSubDomains; preload"
handle /cryptpad_websocket* {
reverse_proxy localhost:${toString websocketPort} {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
handle {
reverse_proxy localhost:${toString httpPort} {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
@register {
host ${hostname}
path /register*
}
respond @register 403
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

19
modules/nixos/features/fi33.buzz.nix
View file

@ -1,19 +0,0 @@
let
certloc = "/var/lib/acme/fi33.buzz";
hostname = "www.fi33.buzz";
in
{
# TODO why can't I serve content on fi33.buzz? dns propagation issue?
services.caddy.virtualHosts = {
"fi33.buzz".extraConfig = ''
redir https://www.fi33.buzz{uri} permanent
'';
${hostname}.extraConfig = ''
root * /srv/fi33.buzz/public
file_server
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

50
modules/nixos/features/firefly.nix
View file

@ -1,50 +0,0 @@
{
config,
...
}:
let
certloc = "/var/lib/acme/fi33.buzz";
in
{
services = {
firefly-iii = {
enable = true;
dataDir = "/srv/firefly";
group = config.services.caddy.group;
settings = {
# keep-sorted start
ALLOW_WEBHOOKS = "true";
APP_KEY_FILE = config.age.secrets.firefly.path;
APP_URL = "https://firefly.fi33.buzz";
DEFAULT_LANGUAGE = "en_GB";
REPORT_ERRORS_ONLINE = "false";
TRUSTED_PROXIES = "**";
TZ = "Australia/Melbourne";
# keep-sorted end
};
};
caddy.virtualHosts."firefly.fi33.buzz".extraConfig = ''
root * ${config.services.firefly-iii.package}/public
php_fastcgi unix//${config.services.phpfpm.pools.firefly-iii.socket}
try_files {path} {path}/ /index.php?{query}
file_server {
index index.php
}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
age.secrets = {
firefly = {
file = ../../../secrets/firefly.age;
owner = "firefly-iii";
};
firefly-db = {
file = ../../../secrets/firefly-db.age;
owner = "firefly-iii";
};
};
}

21
modules/nixos/features/flaresolverr.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
...
}:
let
port = "5011";
in
{
services = {
flaresolverr = {
enable = true;
port = lib.toInt port;
};
nginx.virtualHosts."flaresolverr.fi33.buzz" = {
forceSSL = true;
useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
};
};
}

5
modules/nixos/features/gaming.nix
View file

@ -6,7 +6,9 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# keep-sorted start # keep-sorted start
heroic heroic
lutris
mangohud mangohud
nexusmods-app
prismlauncher prismlauncher
protonup-qt protonup-qt
wine wine
@ -17,7 +19,6 @@
programs = { programs = {
gamemode.enable = true; gamemode.enable = true;
gamescope.enable = true;
steam = { steam = {
enable = true; enable = true;
gamescopeSession.enable = true; gamescopeSession.enable = true;
@ -30,5 +31,5 @@
}; };
# latest kernel # latest kernel
# boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
} }

55
modules/nixos/features/gatus.nix
View file

@ -1,55 +0,0 @@
{
config,
...
}:
let
port = 5025;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "status.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
gatus = {
enable = true;
environmentFile = config.age.secrets.gatus.path;
settings = {
alerting = {
ntfy = {
topic = "services";
url = config.services.ntfy-sh.settings.base-url;
token = "$NTFY_TOKEN";
click = url;
default-alert = {
description = "Health Check Failed";
send-on-resolved = true;
};
};
};
connectivity.checker = {
target = "1.1.1.1:53";
interval = "60s";
};
ui = {
title = "Health Dashboard | Fi33Buzz";
description = "Fi33Buzz health dashboard";
dashboard-heading = "";
dashboard-subheading = "";
header = "Fi33Buzz Status";
link = "https://home.fi33.buzz/";
default-sort-by = "group";
};
web.port = port;
};
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
age.secrets.gatus.file = ../../../secrets/gatus.age;
}

432
modules/nixos/features/homepage-dashboard.nix
View file

@ -7,7 +7,7 @@
... ...
}: }:
let let
port = 5004; port = "5004";
genSecrets = genSecrets =
secrets: secrets:
lib.genAttrs secrets (secret: { lib.genAttrs secrets (secret: {
@ -25,54 +25,65 @@ let
# keep-sorted start # keep-sorted start
"immich" "immich"
"jellyfin" "jellyfin"
"kavita-api"
"lidarr" "lidarr"
"mealie"
"miniflux" "miniflux"
"nzbget"
"paperless" "paperless"
"prowlarr" "prowlarr"
"radarr" "radarr"
"readarr"
"sonarr" "sonarr"
"subtitles"
# keep-sorted end # keep-sorted end
]; ];
certloc = "/var/lib/acme/fi33.buzz";
hostname = "home.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
homepage-dashboard = { homepage-dashboard = {
enable = true; enable = true;
listenPort = port; listenPort = lib.toInt port;
allowedHosts = hostname; allowedHosts = "homepage-dashboard.fi33.buzz";
services = [ services = [
# keep-sorted start block=yes
{ {
"Public Services" = [ "Cloud Services" = [
{ {
CryptPad = { "copyparty" = {
description = "Collaborative office suite"; "description" = "Cloud file manager";
icon = "cryptpad.svg"; "icon" = "sh-copyparty.svg";
href = "https://cryptpad.fi33.buzz/"; "href" = "https://copyparty.fi33.buzz/";
siteMonitor = "https://cryptpad.fi33.buzz/";
}; };
} }
{ {
LibreTranslate = { "CouchDB" = {
description = "Machine Translation API"; "description" = "Obsidian sync database";
icon = "libretranslate.svg"; "icon" = "couchdb.svg";
href = "https://translate.fi33.buzz/"; "href" = "https://couchdb.fi33.buzz/_utils/";
siteMonitor = "https://translate.fi33.buzz/";
}; };
} }
{ {
Send = { "ntfy" = {
description = "Simple, private file sharing"; "description" = "Notification service";
icon = "send.svg"; "icon" = "ntfy.svg";
href = "https://send.fi33.buzz/"; "href" = "https://ntfy-sh.fi33.buzz/";
siteMonitor = "https://send.fi33.buzz/"; };
}
{
"Syncthing" = {
"description" = "Decentralised file synchronisation";
"icon" = "syncthing.svg";
"href" = "https://syncthing.fi33.buzz/";
};
}
{
"qBittorrent" = {
"description" = "BitTorrent client";
"icon" = "qbittorrent.svg";
"href" = "https://qbittorrent.fi33.buzz/";
};
}
{
"Vaultwarden" = {
"description" = "Password manager";
"icon" = "vaultwarden.svg";
"href" = "https://vaultwarden.fi33.buzz/";
}; };
} }
]; ];
@ -80,330 +91,173 @@ in
{ {
"Media Management" = [ "Media Management" = [
{ {
Radarr = { "Lidarr" = {
description = "Movie organizer/manager"; "description" = "Music collection manager";
icon = "radarr.svg"; "icon" = "lidarr.svg";
href = "https://movies.fi33.buzz/"; "href" = "https://lidarr.fi33.buzz/";
siteMonitor = "https://movies.fi33.buzz/"; "widget" = {
widget = { "type" = "lidarr";
type = "radarr"; "url" = "https://lidarr.fi33.buzz/";
url = "https://movies.fi33.buzz/"; "key" = "@lidarr@";
key = "@radarr@"; "enableQueue" = true;
enableQueue = true;
}; };
}; };
} }
{ {
Sonarr = { "Prowlarr" = {
description = "Smart PVR"; "description" = "Indexer management tool";
icon = "sonarr.svg"; "icon" = "prowlarr.svg";
href = "https://shows.fi33.buzz/"; "href" = "https://prowlarr.fi33.buzz/";
siteMonitor = "https://shows.fi33.buzz/"; "widget" = {
widget = { "type" = "prowlarr";
type = "sonarr"; "url" = "https://prowlarr.fi33.buzz/";
url = "https://shows.fi33.buzz/"; "key" = "@prowlarr@";
key = "@sonarr@";
enableQueue = true;
}; };
}; };
} }
{ {
Lidarr = { "Radarr" = {
description = "Like Sonarr but made for music"; "description" = "Movie collection manager";
icon = "lidarr.svg"; "icon" = "radarr.svg";
href = "https://music.fi33.buzz/"; "href" = "https://radarr.fi33.buzz/";
siteMonitor = "https://music.fi33.buzz/"; "widget" = {
widget = { "type" = "radarr";
type = "lidarr"; "url" = "https://radarr.fi33.buzz/";
url = "https://music.fi33.buzz/"; "key" = "@radarr@";
key = "@lidarr@"; "enableQueue" = true;
enableQueue = true;
}; };
}; };
} }
{ {
Readarr = { "Sonarr" = {
description = "Book Manager and Automation"; "description" = "TV show collection manager";
icon = "readarr.svg"; "icon" = "sonarr.svg";
href = "https://books.fi33.buzz/"; "href" = "https://sonarr.fi33.buzz/";
siteMonitor = "https://books.fi33.buzz/"; "widget" = {
widget = { "type" = "sonarr";
type = "readarr"; "url" = "https://sonarr.fi33.buzz/";
url = "https://books.fi33.buzz/"; "key" = "@sonarr@";
key = "@readarr@"; "enableQueue" = true;
enableQueue = true;
}; };
}; };
} }
{
Bazarr = {
description = "Subtitle manager and downloader";
icon = "bazarr.svg";
href = "https://subtitles.fi33.buzz/";
siteMonitor = "https://subtitles.fi33.buzz/";
widget = {
type = "bazarr";
url = "https://subtitles.fi33.buzz/";
key = "@subtitles@";
};
};
}
{
Prowlarr = {
description = "Indexer manager/proxy";
icon = "prowlarr.svg";
href = "https://prowlarr.fi33.buzz/";
siteMonitor = "https://prowlarr.fi33.buzz/";
widget = {
type = "prowlarr";
url = "https://prowlarr.fi33.buzz/";
key = "@prowlarr@";
};
};
}
{
NZBget = {
description = "Usenet Downloader";
icon = "nzbget.svg";
href = "https://usenet.fi33.buzz/";
siteMonitor = "https://usenet.fi33.buzz/";
widget = {
type = "nzbget";
url = "https://usenet.fi33.buzz/";
username = "nzbget";
password = "@nzbget@";
};
};
}
{
qBittorrent = {
description = "BitTorrent client";
icon = "qbittorrent.svg";
href = "https://bittorrent.fi33.buzz/";
siteMonitor = "https://bittorrent.fi33.buzz/";
};
}
];
}
{
"Private Services" = [
{
copyparty = {
description = "Portable file server";
icon = "sh-copyparty.svg";
href = "https://files.fi33.buzz/";
siteMonitor = "https://files.fi33.buzz/";
};
}
{
CouchDB = {
description = "Syncing database";
icon = "couchdb.svg";
href = "https://couchdb.fi33.buzz/_utils/";
siteMonitor = "https://couchdb.fi33.buzz/_utils/";
};
}
{
Mealie = {
description = "Recipe manager and meal planner";
icon = "mealie.svg";
href = "https://mealie.fi33.buzz/";
siteMonitor = "https://mealie.fi33.buzz/";
widget = {
type = "mealie";
url = "https://mealie.fi33.buzz/";
version = 2;
key = "@mealie@";
};
};
}
{
ntfy = {
description = "Send push notifications using PUT/POST";
icon = "ntfy.svg";
href = "https://notify.fi33.buzz/";
siteMonitor = "https://notify.fi33.buzz/";
};
}
{
Radicale = {
description = "A simple CalDAV (calendar) and CardDAV (contact) server";
icon = "radicale.svg";
href = "https://caldav.fi33.buzz";
siteMonitor = "https://caldav.fi33.buzz";
};
}
{
Syncthing = {
description = "Open Source Continuous File Synchronization";
icon = "syncthing.svg";
href = "https://sync.fi33.buzz/";
siteMonitor = "https://sync.fi33.buzz/";
};
}
{
Vaultwarden = {
description = "Unofficial Bitwarden compatible server";
icon = "vaultwarden.svg";
href = "https://vault.fi33.buzz/";
siteMonitor = "https://vault.fi33.buzz/";
};
}
]; ];
} }
{ {
"Media Streaming" = [ "Media Streaming" = [
{ {
Immich = { "Immich" = {
description = "Photo and video management solution"; "description" = "Photo backup";
icon = "immich.svg"; "icon" = "immich.svg";
href = "https://photos.fi33.buzz/"; "href" = "https://immich.fi33.buzz/";
siteMonitor = "https://photos.fi33.buzz/"; "widget" = {
widget = { "type" = "immich";
type = "immich"; "fields" = [
fields = [
"users" "users"
"photos" "photos"
"videos" "videos"
"storage" "storage"
]; ];
url = "https://photos.fi33.buzz/"; "url" = "https://immich.fi33.buzz/";
version = 2; "version" = 2;
key = "@immich@"; "key" = "@immich@";
}; };
}; };
} }
{ {
Jellyfin = { "Jellyfin" = {
description = "Media System"; "description" = "Media streaming";
icon = "jellyfin.svg"; "icon" = "jellyfin.svg";
href = "https://media.fi33.buzz/"; "href" = "https://jellyfin.fi33.buzz/";
siteMonitor = "https://media.fi33.buzz/"; "widget" = {
widget = { "type" = "jellyfin";
type = "jellyfin"; "url" = "https://jellyfin.fi33.buzz/";
url = "https://media.fi33.buzz/"; "key" = "@jellyfin@";
key = "@jellyfin@"; "enableBlocks" = true;
enableBlocks = true; "enableNowPlaying" = true;
enableNowPlaying = true; "enableUser" = true;
enableUser = true; "showEpisodeNumber" = true;
showEpisodeNumber = true; "expandOneStreamToTwoRows" = false;
expandOneStreamToTwoRows = false;
}; };
}; };
} }
{ {
Kavita = { "Miniflux" = {
description = "Reading server"; "description" = "RSS aggregator";
icon = "kavita.svg"; "icon" = "miniflux.svg";
href = "https://library.fi33.buzz/"; "href" = "https://miniflux.fi33.buzz/";
siteMonitor = "https://library.fi33.buzz/"; "widget" = {
widget = { "type" = "miniflux";
type = "kavita"; "url" = "https://miniflux.fi33.buzz/";
url = "https://library.fi33.buzz/"; "key" = "@miniflux@";
key = "@kavita-api@";
}; };
}; };
} }
{ {
Miniflux = { "Paperless" = {
description = "Feed reader"; "description" = "Digital filing cabinet";
icon = "miniflux.svg"; "icon" = "paperless.svg";
href = "https://feeds.fi33.buzz/"; "href" = "https://paperless.fi33.buzz/";
siteMonitor = "https://feeds.fi33.buzz/"; "widget" = {
widget = { "type" = "paperlessngx";
type = "miniflux"; "url" = "https://paperless.fi33.buzz/";
url = "https://feeds.fi33.buzz/"; "username" = "admin";
key = "@miniflux@"; "password" = "@paperless@";
};
};
}
{
Paperless = {
description = "Document management system";
icon = "paperless.svg";
href = "https://documents.fi33.buzz/";
siteMonitor = "https://documents.fi33.buzz/";
widget = {
type = "paperlessngx";
url = "https://documents.fi33.buzz/";
username = "admin";
password = "@paperless@";
}; };
}; };
} }
]; ];
} }
{ {
Utilities = [ "Utilities" = [
{ {
Gatus = { "NanoKVM" = {
description = "Status page"; "description" = "Remote KVM switch";
icon = "gatus.svg"; "icon" = "mdi-console.svg";
href = "https://status.fi33.buzz/"; "href" = "http://nano-kvm/";
siteMonitor = "https://status.fi33.buzz/";
widget = {
type = "gatus";
url = "https://status.fi33.buzz/";
};
};
}
{
NanoKVM = {
description = "Remote KVM switch";
icon = "mdi-console.svg";
href = "http://nano-kvm/";
}; };
} }
]; ];
} }
# keep-sorted end
]; ];
settings = { settings = {
title = "Mission Control"; title = "Mission Control";
theme = "dark"; theme = "dark";
color = "neutral"; color = "neutral";
headerStyle = "clean"; headerStyle = "clean";
hideVersion = true;
layout = [ layout = [
{
"Public Services" = {
style = "row";
columns = 3;
useEqualHeights = true;
};
}
{
"Private Services" = {
style = "row";
columns = 3;
useEqualHeights = true;
};
}
{ {
"Media Streaming" = { "Media Streaming" = {
style = "row"; style = "row";
columns = 3; columns = 4;
useEqualHeights = true; useEqualHeights = true;
}; };
} }
{ {
"Media Management" = { "Media Management" = {
style = "row"; style = "row";
columns = 3; columns = 4;
useEqualHeights = true; useEqualHeights = true;
}; };
} }
{ {
Utilities = { "Cloud Services" = {
style = "row";
columns = 3;
};
}
{
"Utilities" = {
style = "row"; style = "row";
columns = 3; columns = 3;
useEqualHeights = true;
initiallyCollapsed = true;
}; };
} }
]; ];
quicklaunch.searchDescriptions = true; quicklaunch.searchDescriptions = true;
disableUpdateCheck = true; disableUpdateCheck = true;
showStats = true; showStats = true;
statusStyle = "dot";
}; };
widgets = [ widgets = [
{ {
@ -423,7 +277,7 @@ in
memory = true; memory = true;
disk = [ disk = [
"/" "/"
"/mnt/external" "/backup"
]; ];
cputemp = true; cputemp = true;
tempmin = 0; tempmin = 0;
@ -436,27 +290,11 @@ in
]; ];
}; };
gatus.settings.endpoints = [ nginx.virtualHosts."homepage-dashboard.fi33.buzz" = {
{ forceSSL = true;
name = "Homepage Dashboard"; useACMEHost = "fi33.buzz";
group = "Utilities"; locations."/".proxyPass = "http://localhost:${port}";
inherit url; };
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
# secrets # secrets

44
modules/nixos/features/immich.nix
View file

@ -1,37 +1,37 @@
{
lib,
...
}:
let let
port = 2283; port = "2283";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "photos.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
immich = { immich = {
enable = true; enable = true;
inherit port; port = lib.toInt "${port}";
mediaLocation = "/srv/immich"; mediaLocation = "/srv/immich";
}; };
gatus.settings.endpoints = [ borgmatic.settings.postgresql_databases = [
{ {
name = "Immich"; name = "immich";
group = "Media Streaming"; hostname = "localhost";
inherit url; username = "root";
interval = "5m"; password = "{credential systemd borgmatic-pg}";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
} }
]; ];
caddy.virtualHosts.${hostname}.extraConfig = '' nginx = {
reverse_proxy localhost:${toString port} clientMaxBodySize = "50000M";
tls ${certloc}/cert.pem ${certloc}/key.pem { virtualHosts."immich.fi33.buzz" = {
protocols tls1.3 forceSSL = true;
} useACMEHost = "fi33.buzz";
''; locations."/" = {
proxyPass = "http://[::1]:${port}";
proxyWebsockets = true;
};
};
};
}; };
} }

33
modules/nixos/features/jellyfin.nix
View file

@ -1,38 +1,19 @@
let let
port = 8096; port = "8096";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "media.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
jellyfin = { jellyfin = {
enable = true; enable = true;
dataDir = "/srv/jellyfin"; dataDir = "/srv/jellyfin";
group = "srv"; group = "media";
}; };
gatus.settings.endpoints = [ nginx.virtualHosts."jellyfin.fi33.buzz" = {
{ forceSSL = true;
name = "Jellyfin"; useACMEHost = "fi33.buzz";
group = "Media Streaming"; locations."/".proxyPass = "http://localhost:${port}";
inherit url; };
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
# use intel iGP # use intel iGP

22
modules/nixos/features/karakeep.nix
View file

@ -1,22 +0,0 @@
let
port = 5014;
certloc = "/var/lib/acme/fi33.buzz";
in
{
services = {
karakeep = {
enable = true;
extraEnvironment = {
PORT = toString port;
DISABLE_NEW_RELEASE_CHECK = "true";
};
};
caddy.virtualHosts."karakeep.fi33.buzz".extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

44
modules/nixos/features/kavita.nix
View file

@ -1,44 +0,0 @@
{
config,
...
}:
let
port = 5015;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "library.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
kavita = {
enable = true;
dataDir = "/srv/kavita";
settings.Port = port;
tokenKeyFile = config.age.secrets.kavita.path;
};
gatus.settings.endpoints = [
{
name = "Kavita";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
age.secrets.kavita.file = ../../../secrets/kavita.age;
}

37
modules/nixos/features/libretranslate.nix
View file

@ -1,37 +0,0 @@
let
port = 5023;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "translate.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
libretranslate = {
enable = true;
inherit port;
updateModels = true;
};
gatus.settings.endpoints = [
{
name = "LibreTranslate";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

41
modules/nixos/features/lidarr.nix
View file

@ -1,40 +1,23 @@
{
lib,
...
}:
let let
port = 5012; port = "5012";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "music.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
lidarr = { lidarr = {
enable = true; enable = true;
dataDir = "/srv/lidarr"; dataDir = "/srv/lidarr";
settings.server = { settings.server.port = lib.toInt port;
inherit port; group = "media";
};
group = "srv";
}; };
gatus.settings.endpoints = [ nginx.virtualHosts."lidarr.fi33.buzz" = {
{ forceSSL = true;
name = "Lidarr"; useACMEHost = "fi33.buzz";
group = "Media Management"; locations."/".proxyPass = "http://localhost:${port}";
inherit url; };
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

46
modules/nixos/features/llm.nix
View file

@ -1,46 +0,0 @@
{
pkgs,
...
}:
{
environment.systemPackages = [ pkgs.ollama-rocm ];
services = {
open-webui.enable = true;
ollama = {
enable = true;
package = pkgs.ollama-rocm;
loadModels = [
# small
# keep-sorted start
"deepseek-r1:1.5b"
"gemma3:1b"
"gemma3:270m"
"gemma3:4b"
"llama3.2:1b"
"llama3.2:3b"
"ministral-3:3b"
"qwen3:0.6b"
"qwen3:1.7b"
"qwen3:4b"
# keep-sorted end
# medium
# keep-sorted start
"deepseek-r1:7b"
"deepseek-r1:8b"
"llama3.1:8b"
"ministral-3:8b"
"qwen3:8b"
# keep-sorted end
# large
# keep-sorted start
"deepseek-r1:14b"
"gemma3:12b"
"ministral-3:14b"
"qwen3:14b"
# keep-sorted end
];
};
};
}

5
modules/nixos/features/localisation.nix
View file

@ -1,11 +1,10 @@
{ {
i18n = { i18n = {
defaultLocale = "en_AU.UTF-8"; defaultLocale = "en_AU.UTF-8";
extraLocales = [ supportedLocales = [
"en_GB.UTF-8/UTF-8"
"en_US.UTF-8/UTF-8" "en_US.UTF-8/UTF-8"
"en_AU.UTF-8/UTF-8"
]; ];
extraLocaleSettings.LC_ALL = "en_GB.UTF-8";
}; };
time.timeZone = "Australia/Melbourne"; time.timeZone = "Australia/Melbourne";

53
modules/nixos/features/mealie.nix
View file

@ -1,53 +0,0 @@
{
pkgs,
...
}:
let
port = 5026;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "mealie.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
mealie = {
enable = true;
inherit port;
settings = {
TZ = "Australia/Melbourne";
ALLOW_SIGNUP = "false";
};
};
gatus.settings.endpoints = [
{
name = "Mealie";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
borgbackup.jobs = {
onsite = {
paths = [ "/var/lib/mealie" ];
};
offsite = {
paths = [ "/var/lib/mealie" ];
};
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

36
modules/nixos/features/miniflux.nix
View file

@ -3,10 +3,7 @@
... ...
}: }:
let let
port = 5010; port = "5010";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "feeds.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -14,32 +11,25 @@ in
enable = true; enable = true;
adminCredentialsFile = config.age.secrets.miniflux-creds.path; adminCredentialsFile = config.age.secrets.miniflux-creds.path;
config = { config = {
BASE_URL = url; BASE_URL = "https://miniflux.fi33.buzz";
LISTEN_ADDR = "localhost:${toString port}"; LISTEN_ADDR = "localhost:${port}";
}; };
}; };
gatus.settings.endpoints = [ borgmatic.settings.postgresql_databases = [
{ {
name = "Miniflux"; name = "miniflux";
group = "Media Streaming"; hostname = "localhost";
inherit url; username = "root";
interval = "5m"; password = "{credential systemd borgmatic-pg}";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
} }
]; ];
caddy.virtualHosts.${hostname}.extraConfig = '' nginx.virtualHosts."miniflux.fi33.buzz" = {
reverse_proxy localhost:${toString port} forceSSL = true;
tls ${certloc}/cert.pem ${certloc}/key.pem { useACMEHost = "fi33.buzz";
protocols tls1.3 locations."/".proxyPass = "http://localhost:${port}";
} };
'';
}; };
age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age; age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age;

9
modules/nixos/features/nixvim.nix
View file

@ -20,21 +20,16 @@
}; };
diagnostic.settings.virtual_lines = true; diagnostic.settings.virtual_lines = true;
opts = { opts = {
# keep-sorted start
autoindent = true; autoindent = true;
colorcolumn = "80";
expandtab = true; expandtab = true;
number = true; number = true;
relativenumber = true; relativenumber = true;
shiftwidth = 2; shiftwidth = 2;
# get suggestions by typing z=
spell = true;
spelllang = "en_au";
tabstop = 2; tabstop = 2;
# keep-sorted end colorcolumn = "80";
}; };
plugins = { plugins = {
# auto close brackets # autoclose brackets
autoclose.enable = true; autoclose.enable = true;
# completion window # completion window

55
modules/nixos/features/ntfy-sh.nix
View file

@ -1,59 +1,24 @@
{
config,
...
}:
let let
port = 5002; port = "5002";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "notify.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
ntfy-sh = { ntfy-sh = {
enable = true; enable = true;
environmentFile = config.age.secrets.ntfy.path;
settings = { settings = {
base-url = url; base-url = "https://ntfy-sh.fi33.buzz";
listen-http = ":${toString port}"; listen-http = ":${port}";
behind-proxy = true; behind-proxy = true;
auth-default-access = "deny-all";
auth-users = [
"Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin"
"gatus:$2a$12$OswG3sB8oDaB.KpawKM3P.78dID.Tj/0y5qeVD5BE6EH5bpGKe.na:user"
];
auth-access = [
"gatus:services:wo"
];
}; };
}; };
gatus.settings.endpoints = [ nginx.virtualHosts."ntfy-sh.fi33.buzz" = {
{ forceSSL = true;
name = "ntfy"; useACMEHost = "fi33.buzz";
group = "Private Services"; locations."/" = {
inherit url; proxyPass = "http://localhost:${port}";
interval = "5m"; proxyWebsockets = true;
conditions = [ };
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
borgbackup.jobs = {
onsite.paths = [ "/var/lib/ntfy-sh" ];
offsite.paths = [ "/var/lib/ntfy-sh" ];
}; };
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
age.secrets.ntfy.file = ../../../secrets/ntfy.age;
} }

46
modules/nixos/features/nzbget.nix
View file

@ -1,46 +0,0 @@
{
pkgs,
...
}:
let
port = 5018;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "usenet.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
nzbget = {
enable = true;
settings = {
MainDir = "/srv/nzbget";
ControlPort = port;
};
group = "srv";
};
gatus.settings.endpoints = [
{
name = "NZBget";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 401"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
environment.systemPackages = with pkgs; [ unrar ];
}

32
modules/nixos/features/owntracks-frontend.nix Normal file
View file

@ -0,0 +1,32 @@
{
stdenv,
writeText,
fetchzip,
}:
stdenv.mkDerivation {
pname = "owntracks-frontend";
version = "v2.15.3";
src = fetchzip {
url = "https://github.com/owntracks/frontend/releases/download/v2.15.3/v2.15.3-dist.zip";
sha256 = "iy+yISPcOD/2lTyJUb1eI3wufLku1mKfVDm0+Dy8OKk=";
};
config = writeText "config.js" ''
window.owntracks = window.owntracks || {};
window.owntracks.config = {
api: {
baseUrl: "https://owntracks.fi33.buzz:5014"
},
router: {
basePath: "owntracks"
}
};
'';
installPhase = ''
runHook preInstall
cp -r . $out
cp $config $out/config/config.js
runHook postInstall
'';
}

41
modules/nixos/features/owntracks.nix Normal file
View file

@ -0,0 +1,41 @@
{
pkgs,
...
}:
let
host = "owntracks.fi33.buzz";
port = "5014";
in
{
systemd.services.owntracks = {
enable = true;
description = "owntracks recorder";
serviceConfig = {
ExecStart = ''
${pkgs.owntracks-recorder}/bin/ot-recorder \
--storage /var/lib/owntracks/recorder/store \
--port 0
--http-port ${port}
--http-host https://${host}
'';
DynamicUser = true;
StateDirectory = "owntracks";
Restart = "always";
};
wantedBy = [ "multi-user.target" ];
};
services = {
# borgbackup.jobs = owntracks { };
nginx.virtualHosts.${host} =
let
owntracks-frontend = pkgs.callPackage ./owntracks-frontend.nix;
in
{
forceSSL = true;
useACMEHost = "fi33.buzz";
root = "/var/www/html";
locations."/owntracks/".alias = "${owntracks-frontend}";
};
};
}

39
modules/nixos/features/paperless.nix
View file

@ -1,12 +1,10 @@
{ {
config, config,
lib,
... ...
}: }:
let let
port = 5013; port = "5013";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "documents.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -15,33 +13,28 @@ in
dataDir = "/srv/paperless"; dataDir = "/srv/paperless";
database.createLocally = true; database.createLocally = true;
passwordFile = config.age.secrets.paperless.path; passwordFile = config.age.secrets.paperless.path;
inherit port; port = lib.toInt port;
settings = { settings = {
PAPERLESS_URL = url; PAPERLESS_URL = "https://paperless.fi33.buzz";
}; };
}; };
gatus.settings.endpoints = [ borgmatic.settings = {
postgresql_databases = [
{ {
name = "Paperless"; name = "paperless";
group = "Media Streaming"; hostname = "localhost";
inherit url; username = "root";
interval = "5m"; password = "{credential systemd borgmatic-pg}";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
} }
]; ];
};
caddy.virtualHosts.${hostname}.extraConfig = '' nginx.virtualHosts."paperless.fi33.buzz" = {
reverse_proxy localhost:${toString port} forceSSL = true;
tls ${certloc}/cert.pem ${certloc}/key.pem { useACMEHost = "fi33.buzz";
protocols tls1.3 locations."/".proxyPass = "http://localhost:${port}";
} };
'';
}; };
age.secrets."paperless" = { age.secrets."paperless" = {

48
modules/nixos/features/prowlarr.nix
View file

@ -1,51 +1,27 @@
{ {
pkgs, lib,
... ...
}: }:
let let
port = 5009; port = "5009";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "prowlarr.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
prowlarr = { prowlarr = {
enable = true; enable = true;
settings.server = { dataDir = "/srv/prowlarr";
inherit port; settings.server.port = lib.toInt port;
};
}; };
gatus.settings.endpoints = [ nginx = {
{ virtualHosts."prowlarr.fi33.buzz" = {
name = "Prowlarr"; forceSSL = true;
group = "Media Management"; useACMEHost = "fi33.buzz";
inherit url; locations."/" = {
interval = "5m"; proxyPass = "http://localhost:${port}";
conditions = [ # proxyWebsockets = true;
"[STATUS] == 200" };
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
borgbackup.jobs = {
onsite = {
paths = [ "/var/lib/prowlarr" ];
};
offsite = {
paths = [ "/var/lib/prowlarr" ];
}; };
}; };
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

41
modules/nixos/features/qbittorrent.nix
View file

@ -1,41 +1,28 @@
{
lib,
...
}:
let let
port = 5005; port = "5005";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "bittorrent.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
qbittorrent = { qbittorrent = {
enable = true; enable = true;
webuiPort = port; webuiPort = lib.toInt port;
profileDir = "/srv"; profileDir = "/srv";
group = "srv"; group = "media";
extraArgs = [ extraArgs = [
"--confirm-legal-notice" "--confirm-legal-notice"
]; ];
}; };
gatus.settings.endpoints = [ nginx.virtualHosts."qbittorrent.fi33.buzz" = {
{ forceSSL = true;
name = "qBittorrent"; useACMEHost = "fi33.buzz";
group = "Media Management"; locations."/".proxyPass = "http://localhost:${port}";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
};
users.users.qbittorrent.extraGroups = [ "media" ];
} }

32
modules/nixos/features/qui.nix
View file

@ -1,32 +0,0 @@
{
# keep-sorted start
lib,
pkgs,
# keep-sorted end
...
}:
let
port = 5019;
certloc = "/var/lib/acme/fi33.buzz";
in
{
environment.systemPackages = [ pkgs.qui ];
systemd.user.services.qui = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${lib.getExe pkgs.qui} serve";
environment = {
QUI__PORT = toString port;
QUI__DATA_DIR = "/srv/qui";
};
};
services.caddy.virtualHosts."qui.fi33.buzz".extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}

41
modules/nixos/features/radarr.nix
View file

@ -1,40 +1,23 @@
{
lib,
...
}:
let let
port = 5007; port = "5007";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "movies.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
radarr = { radarr = {
enable = true; enable = true;
dataDir = "/srv/radarr"; dataDir = "/srv/radarr";
settings.server = { settings.server.port = lib.toInt port;
inherit port; group = "media";
};
group = "srv";
}; };
gatus.settings.endpoints = [ nginx.virtualHosts."radarr.fi33.buzz" = {
{ forceSSL = true;
name = "Radarr"; useACMEHost = "fi33.buzz";
group = "Media Management"; locations."/".proxyPass = "http://localhost:${port}";
inherit url; };
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

61
modules/nixos/features/radicale.nix
View file

@ -1,61 +0,0 @@
{
config,
...
}:
let
port = 5003;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "caldav.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
radicale = {
enable = true;
settings = {
server = {
hosts = [
"0.0.0.0:${toString port}"
"[::]:${toString port}"
];
};
auth = {
type = "htpasswd";
htpasswd_filename = config.age.secrets.radicale.path;
htpasswd_encryption = "plain";
};
storage = {
filesystem_folder = "/srv/radicale";
};
};
};
gatus.settings.endpoints = [
{
name = "Radicale";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
# secrets
age.secrets."radicale" = {
file = ../../../secrets/radicale.age;
owner = "radicale";
};
}

40
modules/nixos/features/readarr.nix
View file

@ -1,40 +0,0 @@
let
port = 5016;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "books.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
readarr = {
enable = true;
dataDir = "/srv/readarr";
settings.server = {
inherit port;
};
group = "srv";
};
gatus.settings.endpoints = [
{
name = "Readarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

45
modules/nixos/features/send.nix
View file

@ -1,45 +0,0 @@
let
port = 5020;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "send.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
send = {
enable = true;
inherit port;
baseUrl = url;
environment = {
DEFAULT_EXPIRE_SECONDS = 360;
EXPIRE_TIMES_SECONDS = "360";
DOWNLOAD_COUNTS = "1";
MAX_DOWNLOADS = 1;
MAX_EXPIRE_SECONDS = 1024;
MAX_FILE_SIZE = 134217728;
};
};
gatus.settings.endpoints = [
{
name = "Send";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

41
modules/nixos/features/sonarr.nix
View file

@ -1,40 +1,23 @@
{
lib,
...
}:
let let
port = 5006; port = "5006";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "shows.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
sonarr = { sonarr = {
enable = true; enable = true;
dataDir = "/srv/sonarr"; dataDir = "/srv/sonarr";
settings.server = { settings.server.port = lib.toInt port;
inherit port; group = "media";
};
group = "srv";
}; };
gatus.settings.endpoints = [ nginx.virtualHosts."sonarr.fi33.buzz" = {
{ forceSSL = true;
name = "Sonarr"; useACMEHost = "fi33.buzz";
group = "Media Management"; locations."/".proxyPass = "http://localhost:${port}";
inherit url; };
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

23
modules/nixos/features/star-citizen.nix
View file

@ -1,23 +0,0 @@
{
# keep-sorted start
inputs,
system,
# keep-sorted end
...
}:
{
nix.settings = {
substituters = [ "https://nix-citizen.cachix.org" ];
trusted-public-keys = [ "nix-citizen.cachix.org-1:lPMkWc2X8XD4/7YPEEwXKKBg+SVbYTVrAaLA2wQTKCo=" ];
};
environment.systemPackages = [
inputs.nix-citizen.packages.${system}.rsi-launcher
];
zramSwap = {
enable = true;
memoryPercent = 100;
writebackDevice = "/dev/sda1";
};
}

49
modules/nixos/features/syncthing.nix
View file

@ -4,7 +4,7 @@
... ...
}: }:
let let
port = 5008; port = "5008";
devicesList = [ devicesList = [
# keep-sorted start block=yes # keep-sorted start block=yes
{ {
@ -13,11 +13,11 @@ let
} }
{ {
device = "laptop"; device = "laptop";
id = "CTU345T-27VU5KK-HXLPSMO-H6C47TL-XZG3BVU-AZF7HSX-FCQHAMA-QOA3CAT"; id = "XDDGWB2-5OFYWSY-7LN652V-3WNQMWV-4WCVHCR-2EXLDW7-FUL2MC4-MMLO4QV";
} }
{ {
device = "phone"; device = "phone";
id = "KAZ3SOB-SSJHY33-6JF64KW-VF3CPSP-565565I-YXOJHU6-E273VR5-CKQFNQ6"; id = "DF56S5M-2EDKAML-LZBB35J-MNNK7UE-WAYE2QW-EKUGKXN-U5JW3RX-S3FUGA4";
} }
{ {
device = "server"; device = "server";
@ -40,15 +40,12 @@ let
} }
) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList) ) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList)
); );
certloc = "/var/lib/acme/fi33.buzz";
hostname = "sync.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
syncthing = { syncthing = {
enable = true; enable = true;
guiAddress = "0.0.0.0:${toString port}"; guiAddress = "0.0.0.0:${port}";
openDefaultPorts = true; openDefaultPorts = true;
user = "${userName}"; user = "${userName}";
dataDir = "/home/${userName}"; dataDir = "/home/${userName}";
@ -58,41 +55,21 @@ in
}; };
}; };
gatus.settings.endpoints = [ borgmatic.settings =
{
name = "Syncthing";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
borgbackup.jobs =
if userName == "srv" then if userName == "srv" then
{ {
onsite.paths = [ source_directories = [
"/home/srv/.config/syncthing" "/home/srv/.config/syncthing"
"/home/srv/Sync/" "/home/srv/Sync"
];
offsite.paths = [
"/home/srv/.config/syncthing"
"/home/srv/Sync/"
]; ];
} }
else else
{ }; null;
caddy.virtualHosts.${hostname}.extraConfig = '' nginx.virtualHosts."syncthing.fi33.buzz" = {
reverse_proxy http://localhost:${toString port} forceSSL = true;
tls ${certloc}/cert.pem ${certloc}/key.pem { useACMEHost = "fi33.buzz";
protocols tls1.3 locations."/".proxyPass = "http://localhost:${port}";
} };
'';
}; };
} }

2
modules/nixos/features/tailscale.nix
View file

@ -5,4 +5,6 @@
"--accept-dns=true" "--accept-dns=true"
]; ];
}; };
networking.firewall.trustedInterfaces = [ "tailscale0" ];
} }

60
modules/nixos/features/upbank2firefly.nix
View file

@ -1,60 +0,0 @@
{
config,
pkgs,
...
}:
let
port = 5021;
certloc = "/var/lib/acme/fi33.buzz";
in
{
virtualisation.oci-containers = {
backend = "docker";
containers.upbank2firefly = {
extraOptions = [
"--network=host"
];
image = "compose2nix/upbank2firefly";
environment = {
FIREFLY_BASEURL = "https://firefly.fi33.buzz";
TZ = "Australia/Melbourne";
};
environmentFiles = [ config.age.secrets.upbank2firefly.path ];
volumes = [
"/srv/upbank2firefly/app:/app:rw"
];
ports = [
"${toString port}:80/tcp"
];
};
};
systemd = {
services = {
"docker-build-upbank2firefly" = {
path = with pkgs; [
docker
git
];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
cd /srv/upbank2firefly
git pull
docker build -t compose2nix/upbank2firefly .
'';
};
};
};
services.caddy.virtualHosts."upbank2firefly.fi33.buzz".extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
age.secrets.upbank2firefly.file = ../../../secrets/upbank2firefly.age;
}

38
modules/nixos/features/vaultwarden.nix
View file

@ -3,10 +3,7 @@
... ...
}: }:
let let
port = 5001; port = "5001";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "vault.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -14,8 +11,8 @@ in
enable = true; enable = true;
backupDir = "/srv/vaultwarden"; backupDir = "/srv/vaultwarden";
config = { config = {
rocketPort = toString port; rocketPort = "${port}";
domain = url; domain = "https://vaultwarden.fi33.buzz";
signupsAllowed = false; signupsAllowed = false;
invitationsAllowed = false; invitationsAllowed = false;
showPasswordHint = false; showPasswordHint = false;
@ -25,27 +22,14 @@ in
}; };
}; };
gatus.settings.endpoints = [ nginx.virtualHosts."vaultwarden.fi33.buzz" = {
{ forceSSL = true;
name = "Vaultwarden"; useACMEHost = "fi33.buzz";
group = "Private Services"; locations."/" = {
inherit url; proxyPass = "http://localhost:${port}";
interval = "5m"; proxyWebsockets = true;
conditions = [ };
"[STATUS] == 200" };
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
age.secrets."vaultwarden-admin" = { age.secrets."vaultwarden-admin" = {

34
modules/templates/web-feature.nix
View file

@ -1,8 +1,5 @@
let let
port = 0000; port = "port";
certloc = "/var/lib/acme/fi33.buzz";
hostname = "feature.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -10,31 +7,12 @@ in
enable = true; enable = true;
}; };
gatus.settings.endpoints = [ borgbackup.jobs = feature { };
{
name = "feature";
group = "";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
alerts = [ { type = "ntfy"; } ];
}
];
borgbackup.jobs = { nginx.virtualHosts."feature.fi33.buzz" = {
onsite.paths = [ "" ]; forceSSL = true;
offsite.paths = [ "" ]; useACMEHost = "fi33.buzz";
locations."/".proxyPass = "http://localhost:${port}";
}; };
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
}; };
} }

9
secrets/bazarr.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ sHlKSMDLuGOLY2qwoFCS2ZiC/903ChAP0wp4wJYksi8
jIzt2BvZy53dMdUSYBEa2QsWQ7yluk9ltdk4wrTkIbo
-> ssh-ed25519 7+xRyQ /JHmkqPhx/nJFhOxWu5nrX89NCBI/Bhyih81bIv2OR8
VJPt3EFgYWc6bYBSNNzLFnWBNVx7RYJaG/hNF2EswQ4
-> ssh-ed25519 LtK9yQ znUR+X5uu9wdKPdUBEOhs295e/zLAD8E49vZ0QEaL10
ADBASujra+DSzavY/m/gU3xgAzaSqlTh2txpzyyJIJQ
--- j21Ms0NWBwHJV1NPbIp19lSgCMkCHSUX3UwWjg43OLk
©[“Ù,´WM¨ÎÑ?¿&>“Ê„ Žä1ÛP<03> ˜Ä«Ñßí"oÍìKÞ“j¤hÊiÒª&UMïþ¤ÊPãÐr&

9
secrets/borgbackup-offsite.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ NuEGxxieL0H7mUFKft+fuH1jd0XFDf3xESLrVcb9GAg
KxJcj9P/+cr63TmqEIPwfykz07luqe9VLRLzs3CWx9Y
-> ssh-ed25519 NanIwQ HRHMV4jFn7vJVHd6gFqcOTA14VI6+QaITXMpZbeGoDg
aANuHXv4O1KKwPCClatphXgWDFnsCy/AoQJT0+D560o
-> ssh-ed25519 LtK9yQ NHLTdStEdoXSGKxoz4/gR+oT9bLq8wwz4XRHS2rd9Xo
lndB74KBkWrfNuZyuQufl35lQIPNqbppLfSZRerIDaA
--- dro8ECdWcFtleQv5nffX/Wh97w/FGXQZwSIjPE9WIX8
8…ƒÄRé#ÇÉç;ÒrpEÚ÷hȾW8-.ÿ é `OÎW¸']Úk§JdõC žÛï.ÿÆßT)Nø_ÅkqüëÕ_=Ï°ç

9
secrets/borgbackup-onsite.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ 3UW3CErZDv6UkjXJZldymqYmmJoQcbSjVX4IUX7KRn8
pnbegKpKiNW8QY9rD7pD1mrhOSdD+cxUxcNKtLM5uOQ
-> ssh-ed25519 NanIwQ qAl2RheS1lTOU60xeodc4/WvyzYRGiWR+55QvsVE5H0
j/UoLITpRpMF2t0J/Y0zL0kAgz5nJ02I/nwUp+pEowg
-> ssh-ed25519 LtK9yQ sbldK/F2u6MMgIR8F6c5ZFkMesq+GHKRmlqt3n6L2yw
GTSzhGfj+Shg+MQ3hde12pKi6zfeGNw6RXwSAoGyaak
--- 6WmdTjpwgwb6/1o06i5xtvnOQcvNztwpBmvH/9wYbmo
K®öò<EFBFBD>°^¼Ñ­þ¢Ubù|œ:m@*Þ±Žö<>ÚСg1ž>)±–Çã«ÚqëÐs,n{™ DdvÅöÉœÿEuH<j4Ëì

9
secrets/borgmatic-ntfy.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ GTuLiTsgOVunKC+DyalVPV3gKm3WiKoSIQXg/0ElJF8
UiOLJdTn4Q5oTkqAtZ6K0uxW+EsrpfA156uC1ncrIY0
-> ssh-ed25519 7+xRyQ k2ta2Gl7zCvHiv4DwzgRK5REDYayIoTfC32BF5yHxgg
n7sqfJ6fx/3VnQCD+H4n92ekGdoFCdk/SeXdSU8FZHc
-> ssh-ed25519 LtK9yQ BQ9U3//Lzx7dX+iDyP2lqx6K860kFTu/iB5uMAskKhA
xiV+QxL8ffx9n9gIUr5wwQ5zGvZlFsf2DclayQh8SJI
--- k06SInBOn82DqWfIf4t62pjAZ1R0uWAyQTi5ELDD/6U
 _$®T56"T­Hô;4}ù<M Á/Œ“ð8j¡³?H~Þ„Oó}…bGßj4tn ô2mçÁÈC R

9
secrets/borgmatic-pg.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ C3A3TKOyIWzbW8JupvhTmLKetnr+0uzkPq985NA0DCs
ahrHVR7WadjOfOXBWOqBAf9L0UdCNeD0Ynk6sKDF7WM
-> ssh-ed25519 7+xRyQ evZ6zSS3olbORnqiCnEAL68D1FNPgg2oBoJSaquLAAA
BYoo9AVOHsRsTbXkRQdS/7WN25vBuJOAb0YfnSY+hGQ
-> ssh-ed25519 LtK9yQ jLIdKPvVhPsRIJevWLmads3P2hM29c0B143OWoINzlY
ziCUQ1TtB6BUgbNZ/zFXoaOtpxyrbKobsTvXo/dSpSA
--- Q6JHS+5vuYLIqyIb6x3qCbIJvsjk2++ovL1zkVGs69o
<EFBFBD>ã쇽NM1±WBýy•M.ù²ø-Ø|GlºÈ]¡8Z,(5è±²P¶èè!ÿpmp¡¢°Eaû¤;<3B>Ôâ¿Ä(tq!ÊKÕU4×m

9
secrets/borgmatic.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ zfLZc8A30KjoMrhUSl4OgTp+Yg11fmVjDioxtIYMqDU
URhJwUCElaJcSd+k5wBQAXvdC/68ZcCA5WbHGAJTYfY
-> ssh-ed25519 7+xRyQ mrGrjW0fQIRNMDdw4Hoc9N/xAEm1P0IFukShfeVdKE8
yLUmj7LBfHQ/i4buBB57ktNUOnHpoC8NYTQUnK5e5y4
-> ssh-ed25519 LtK9yQ THjOsSIr/DQTulFlwd4r5DYb73VQ0vWgyDHkfJV3NR0
Dl8FwK1WciiEMs5MdrFcUIOFGmlbZf3APOWzLN6rkOE
--- 3mjYPT9APy0F5NNbbCIQhzZ0XjKBtB9YGGS3t37eoRU
ôT^væ—U‹§òÏ{™>[÷õ¦dhé§PC6þZ|é£ûýK|~lÝ<6C>bŒÀD¢ûÖÙt”΄¨ø]¨1P$ø10¨ ¿ïAý±$

0
secrets/copyparty.age → secrets/copyparty-will.age
View file

9
secrets/firefly-db.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ zL4NAxPigHwUnYz0KUoDXlzXJ3PtnxIYl81oLP3e40M
yricJ+r8OTXwGd0Bt4+CsW7/M8lOSha04i0Fb0QCHGo
-> ssh-ed25519 7+xRyQ 2UhHfwz3DvXT/bEDp8QrluyPa/po5CCB5rUKxBqfn2c
2pWexi7bU3UlOo9SKfw/9k/DJ535tsgPvZXAbLruL00
-> ssh-ed25519 LtK9yQ 8XOO4u1di+FedjGcaj/Fhna8Y+LRRPa9L4ShAx5dASA
F51SLqQEZ1LQAP2SgXphszVBhKaB+/OAVWEHr/thtFo
--- ovyL3oCODPSbd8Fe7KdS3sKCc+bjcj2y+6aS1qVqQsg
ン福 %隸>キカIOユ、<EFBE95>ナ7レ7ZFh、uサゥ<ァ4リ)シcメ啅ウZャ*UCk|エホxC覚噎 P

10
secrets/firefly.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ DhWZZ8fB3bwSaI88j9M5Ix/jCwoJWPUVmR56OwxJFUs
/pxA0PTShUGloixcyUoAW5cOKWAjD9M0byLAQUgnPvA
-> ssh-ed25519 7+xRyQ LrUQ5trcyyhcjK8IhGKVOAz6g7HjBI8t0m/snDiVMkE
hi0My/e0Enno50niPMKcy278Wr5z1sq3X1yJn7H8uBo
-> ssh-ed25519 LtK9yQ ke0bLtqFny2oUkCvtawPcHzPlyi2Lvi6WpZP2lDyelE
VFjTwnbTcayuruXVmVnfK97KcwB+luOoLU2x6Ug3HVM
--- NxMB9mtZ480lLRRmk0ne5BaL/tfF81Yr3wGBUvECGQY
ááÂH•¬öšH9‡…?†Üç<E2809A>  Á|½<>ؽ1þ³5¶Ái/éFl©G$E·à¿w
šÍ¾‘;ÒÍ߽ݤÃ$þÉóÿ}ê/¾[g]

10
secrets/gatus.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ 3vJV+PZ1IvwiFPplPEwXkaZK4y0QLxkvi/stzAV+HWg
3htQOBS3ph9+OXG2ZYtMyzErGtYRP1vzycua+vhPX+4
-> ssh-ed25519 NanIwQ 748IDG9uT6jMj0CSU3EeBqRd7lZ7NTJoUldo4FUfkFI
bYaXhcXjYgKqEaUeRZQhx9neK1pDVN3QbhblLOcGUg0
-> ssh-ed25519 LtK9yQ au/UGPL91M0sUzMeOKPOkltXWDPoWeCrUWrD2OIsJA0
thILTQH9hrcBYBbRSZaHMODAhCKWsqomDuEK4hcKAqM
--- UpA2kIfSBwfgMxjt2x61KFAiUaV3sHQ6Gp2R87cvnwo
*D2Ä7Êpƒ梔 °p·ï¥·Q
Fuf°ýïpÚ°4±ÉQ<C389>5ÀµËѨeÿéÓªã <0B>Þˆá;šê“z8ýi{@ÛÇ—›

BIN
secrets/git_signing_key.age
View file

Binary file not shown.

10
secrets/git_signing_key.pub.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ NMzN1Cll+cH5GgEQvCRpb8c1m7CDHWBtUZ5QNMluKkg
H77YBVoCAZerRyoG90h9W6PKZbpjNBl2mfsW3Eco27w
-> ssh-ed25519 7+xRyQ 67NFmrcLe9R5ni0HnvIiHcN0tlRVXpAiaVOQfIpqWzI
H7jbIgVXVl+lENksb4KUfASeIKPBI/FtHhhlQzhXwik
-> ssh-ed25519 LtK9yQ jvrWRlZF/H20QARL4lWWX0cDDoIK0Et5ZMxdsPJPXn0
g+ZaDYycq65tBEBFuDpSl1BKuCTmxCJuYqG8kSCtL9U
--- jZ2xp/oW3CgXPc8jriK53zTODB9lhDNZr8YfSYLAmio
íAûKwÕ;÷À2R
Ö¨†Ø<11>Øb—éSÓ'æÀ7/ˆ‘¾/ÎkXÿHÓ–ùÿªÉÝW†œƒ<°P p•HcÁTáúæG÷ÿÒ 'ŠFå¾…&Î!‹†(… ³=˜6 ŒŸ”HØ_ y <79>éËTlj­ªUbëó1

BIN
secrets/karakeep.age
View file

Binary file not shown.

BIN
secrets/kavita-api.age
View file

Binary file not shown.

BIN
secrets/kavita.age
View file

Binary file not shown.

BIN
secrets/mealie.age
View file

Binary file not shown.

9
secrets/ntfy.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ jySlchGAPxdkjpZzg+5BLH7O5yM+O5a9CleBVMqbck8
I5OEMjXJNrNKIBumXmiAMXRa1AZx0cKQ0BfM7HYCcRc
-> ssh-ed25519 NanIwQ 29upo2jTQF8Vz91yWmYCXnQW4LgYcvt1TcF/HLA5klA
eQla3EMQnRPzhd5MyDL3byPhIiio0rFFM+yesPLEtv8
-> ssh-ed25519 LtK9yQ Vx/lQ6M/wYa9483YpuCwwobNuIZjv/Sy9vl695H05BQ
qqUWRnrMYfflhcznrF2QKfODDa7vmz6Uy7fk1zSpbEE
--- xunznREPjjEVRWAmqI/4xKp/NrNk6C3B1Z+3Vjf2TL4
ˆÔm³{­œšïž¾²úz\ÀÂ,TºSS7T<0E>¤k«)úhçÙ—V—X´¶²€—¢0m»N?=ÓŸx TdÄY0²[)Û“SZš¸Ùñ:û><3E>FUÖ™~

9
secrets/nzbget.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ lEh3/6XbXaiVdCK5gEl/Vy5wIyeg4oD+1q9js0p/bG0
5O+ivgDvislMJbvE/bSRy6mF+ie6aGK6yAoc2TWlPOk
-> ssh-ed25519 7+xRyQ D03BRt3lUgEihDcJDFspP2RPt6WorIvGiRI1jnDT+gk
GuOES+KE5CUj733aSC+5wslfYRvCm27rvNnUDi/DiRE
-> ssh-ed25519 LtK9yQ K35hFXPZN4JhS9L8YfG+fwE2bbWLPc4r/rsQnxq68XM
GhWHGZzESMKKhQjCXT9yDHgpa/Y7eAxwi935lWts72A
--- wlbsANHwH3ah2YNlkaefazTv2zWsxE5kHCFOGcuSJQ0
|õ,K+êæíÂ% (Í"K" <1B>õð‰`Â"\:'xíÙlÜjuj¹U`T§«¸ÚžF;Z9M

16
secrets/prowlarr.age
View file

@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 qLT+DQ k6AiMFgWygHRf2yPApcnQYDPaJx/Dp6BTq3+BdyBiyM -> ssh-ed25519 LtK9yQ YVgPDwV8XS85LpMBbpgsXmoc2E0w2qopErn//kDHJzo
64MyfaTpMcAl8o9zkWXCoZQ5uy+7izd30A90LLiALTY ZX3RIdYPxwOzpLddoGhi0aJ4H89hcpmlPgJuyTiYzlE
-> ssh-ed25519 7+xRyQ YcPcsux5lCSDbV8hSCvhkI+1qnAmXcpd5FDmT7bMXk0 -> ssh-ed25519 qLT+DQ KQMInU5B/vVG4dr0DGAFk1Yf+LbnPkV7OqfiqRaNgzo
bbkjozzt/bL7j7uJTtgkklI/qJ11zYgQsYmZhFwGV+c BeMLVvtSKSKIPplIorIJSBMciQj5GYF1ltGbUn8SsJA
-> ssh-ed25519 LtK9yQ Ol8eU/Pyb3gDCsIzE1zT8FNsTCGKZZc5zfX6lW/5+2w -> ssh-ed25519 7+xRyQ Cr+rUSSDpC5WLh/bvWKJkf2SWIcljLofx3ybcVcK0z4
Gj0ssfpyQcy0vfVXgNXxzFzHGpPBOyfkR7UeRYina4A kqabKTHxNxH9xfgShKTcleNXjBf/huoU+hH9tnOx5hg
--- +iLccZwqDkqDg2atoNRSuhEf3v3fyU6oda4vOw+BuKc --- J6RjAbLUNOKkb2UQyVjgTyrfyrIkDFMkQtXZypBDfWw
&LÝóÓ:đ 9:"‰¤<>|©· d¸m9<6D>§ĂČvń1€ďy"ŇĂvOŰYüŞĎnx=ň4D 1£4ôÒ%6½œpÒ< («â$$to¨ÁI8Þý‰;ƒÜpZ°ìÍb8Þ3hf!¢mNס<C397> ¼c8UÐ

BIN
secrets/radicale.age
View file

Binary file not shown.

10
secrets/readarr.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 qLT+DQ qeJ25W5TGvWY8xc1I5sjjtP/98nGqoRMIFk6xLIbmi8
RhUcEjz6mFp6uNVOpOgg6fPyL2cyrZH1ZWJTrax2xOE
-> ssh-ed25519 7+xRyQ jhJX/0+ZO+teoM2rUmdyFuI9V+tMe5kQaaHQFxwBGSU
fJmXSc/c3lth0cQgx8p/7G0WrnfgioSs8OcRa56B2s0
-> ssh-ed25519 LtK9yQ UH9T6lRLG0pi0P84B9Zs/22nCKAoOAwL6KAmj+536U4
h2DEqoPLgFqmVZOk/RhAIuifCexqt3ZFsIsCDm5KI3M
--- 6FY4tnGR8EIQyCWc3Xa3t8EqwcynoORmZqsp9zWUzZM
õ¡ˆÇ<6E>Æ]Z0ñŽ—råTƒªÞi:EÇE!<21>ð™ 
uB{4cüà£fùvÖÞŸÜKÌj^2/`<60>¼

19
secrets/secrets.nix
View file

@ -1,7 +1,7 @@
let let
# keep-sorted start # keep-sorted start
desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHAnTQP77HQ/8nbf1oX7xftfKYtbH6MSh83wic0qdBy"; desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHAnTQP77HQ/8nbf1oX7xftfKYtbH6MSh83wic0qdBy";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmM4LEjGPJbcUeG5363NpB3XJUyn/4B+eBCFzzuC/Td"; laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeu5HwuRayiXIZE35AxX6PmxHxbXZ8NTlTgHrcPwhcQ";
srv = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeV0NxqIGIXXgLYE6ntkHE4PARceZBp1FTI7kKLBbk8"; srv = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeV0NxqIGIXXgLYE6ntkHE4PARceZBp1FTI7kKLBbk8";
# keep-sorted end # keep-sorted end
@ -15,31 +15,22 @@ let
in in
{ {
# keep-sorted start # keep-sorted start
"borgbackup-offsite.age".publicKeys = users; "borgmatic-pg.age".publicKeys = users;
"borgbackup-onsite.age".publicKeys = users; "borgmatic.age".publicKeys = users;
"copyparty.age".publicKeys = users; "copyparty-will.age".publicKeys = users;
"gatus.age".publicKeys = users;
"git_signing_key.age".publicKeys = users;
"git_signing_key.pub.age".publicKeys = users;
"immich.age".publicKeys = users; "immich.age".publicKeys = users;
"jellyfin.age".publicKeys = users; "jellyfin.age".publicKeys = users;
"kavita-api.age".publicKeys = users;
"kavita.age".publicKeys = users;
"lidarr.age".publicKeys = users; "lidarr.age".publicKeys = users;
"mealie.age".publicKeys = users;
"miniflux-creds.age".publicKeys = users; "miniflux-creds.age".publicKeys = users;
"ntfy.age".publicKeys = users;
"nzbget.age".publicKeys = users;
"paperless.age".publicKeys = users; "paperless.age".publicKeys = users;
"porkbun-api.age".publicKeys = users; "porkbun-api.age".publicKeys = users;
"protonmail-cert.age".publicKeys = users; "protonmail-cert.age".publicKeys = users;
"protonmail-desktop-password.age".publicKeys = users; "protonmail-desktop-password.age".publicKeys = users;
"protonmail-laptop-password.age".publicKeys = users;
"prowlarr.age".publicKeys = users; "prowlarr.age".publicKeys = users;
"radarr.age".publicKeys = users; "radarr.age".publicKeys = users;
"radicale.age".publicKeys = users; "radicale.age".publicKeys = users;
"readarr.age".publicKeys = users;
"sonarr.age".publicKeys = users; "sonarr.age".publicKeys = users;
"subtitles.age".publicKeys = users;
"vaultwarden-admin.age".publicKeys = users; "vaultwarden-admin.age".publicKeys = users;
# keep-sorted end # keep-sorted end
} }

BIN
secrets/subtitles.age
View file

Binary file not shown.

BIN
secrets/upbank2firefly.age
View file

Binary file not shown.