diff --git a/hosts/server/toggles.nix b/hosts/server/toggles.nix index c59f1c4..f107579 100644 --- a/hosts/server/toggles.nix +++ b/hosts/server/toggles.nix @@ -18,8 +18,8 @@ in apps.dictionaries.enable = true; apps.dictionaries.users = "jawz"; shell = enableList mkEnabledWithUsers [ - "tools" "multimedia" + "tools" ]; services = enableList mkEnabled [ "network" @@ -32,21 +32,21 @@ in "sh" ]; units = enableList mkEnabled [ - "downloadManga" "download" + "downloadManga" "stream-dl" ]; scripts = enableList mkEnabled [ - "run" "download" - "split-dir" - "ffmpreg" "ffmpeg4discord" - "manage-library" - "library-report" - "stream-dl" - "pika-list" + "ffmpreg" "find-dup-episodes" + "library-report" + "manage-library" + "pika-list" + "run" + "split-dir" + "stream-dl" "tuh-activity-logger" ]; servers = { @@ -57,40 +57,41 @@ in }; } // enableList mkEnabled [ - "syncplay" - "qbittorrent" - "sabnzbd" - "unpackerr" - "postgres" - "paperless" - "stash" + "atticd" "bazarr" "collabora" + "gitea" "homepage" + "jellyfin" "kavita" "lidarr" "maloja" - "microbin" - "multi-scrobbler" - "plex" - "prowlarr" - "radarr" - "ryot" - "sonarr" - "synapse" - "jellyfin" - "gitea" "mealie" "metube" - "atticd" + "microbin" + "multi-scrobbler" + "paperless" + "plex" + "postgres" + "prowlarr" + "qbittorrent" + "radarr" + "ryot" + "sabnzbd" + "sonarr" + "stash" + "synapse" + "syncplay" + "unpackerr" ] // enableList mkEnabledIp [ "audiobookshelf" - "vaultwarden" - "readeck" - "keycloak" - "oauth2-proxy" "isso" + "keycloak" + "linkwarden" + "oauth2-proxy" "plausible" + "readeck" + "vaultwarden" ]; } diff --git a/modules/network/nginx.nix b/modules/network/nginx.nix index 1071f36..e8bf7d3 100644 --- a/modules/network/nginx.nix +++ b/modules/network/nginx.nix @@ -6,34 +6,35 @@ }: let proxyReverseServices = [ - "firefox-syncserver" - "isso" - "plausible" - "readeck" - "microbin" - "ryot" "bazarr" - "shiori" - "metube" - "maloja" - "vaultwarden" - "mealie" - "kavita" - "multi-scrobbler" - "nix-serve" + "firefox-syncserver" "flame" "flameSecret" + "isso" + "kavita" + "linkwarden" + "maloja" + "mealie" + "metube" + "microbin" + "multi-scrobbler" + "nix-serve" + "plausible" + "readeck" + "ryot" + "shiori" + "vaultwarden" ]; proxyReverseFixServices = [ + "atticd" "audiobookshelf" - "lidarr" "gitea" - "prowlarr" + "lidarr" "ombi" + "prowlarr" "radarr" "sonarr" "stash" - "atticd" ]; proxyReversePrivateServices = [ "homepage" diff --git a/modules/servers/linkwarden.nix b/modules/servers/linkwarden.nix new file mode 100644 index 0000000..bc8df0b --- /dev/null +++ b/modules/servers/linkwarden.nix @@ -0,0 +1,34 @@ +{ + lib, + config, + ... +}: +let + setup = import ../factories/mkserver.nix { inherit lib config; }; + cfg = config.my.servers.linkwarden; +in +{ + options.my.servers.linkwarden = setup.mkOptions "linkwarden" "links" 3000; + config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) { + sops.secrets.linkwarden.sopsFile = ../../secrets/env.yaml; + services.linkwarden = { + inherit (cfg) enable; + host = cfg.ip; + port = cfg.port; + openFirewall = true; + environment = { + NEXTAUTH_URL = "${cfg.url}/api/v1/auth"; + NEXT_PUBLIC_KEYCLOAK_ENABLED = "true"; + OPENAI_MODEL = "gpt-4o"; + KEYCLOAK_ISSUER = "${config.my.servers.keycloak.url}/realms/homelab"; + }; + environmentFile = config.sops.secrets.linkwarden.path; + database = { + host = config.my.postgresSocket; + name = cfg.name; + user = cfg.name; + createLocally = true; + }; + }; + }; +} diff --git a/modules/servers/postgres.nix b/modules/servers/postgres.nix index 2e34e30..ec41dfa 100644 --- a/modules/servers/postgres.nix +++ b/modules/servers/postgres.nix @@ -27,20 +27,21 @@ let "$@" ''; dbNames = [ - "jawz" - "paperless" - "nextcloud" - "ryot" - "vaultwarden" - "shiori" - "mealie" - "firefly-iii" - "matrix-synapse" - "readeck" - "sonarqube" - "gitea" "atticd" + "firefly-iii" + "gitea" + "jawz" "keycloak" + "linkwarden" + "matrix-synapse" + "mealie" + "nextcloud" + "paperless" + "readeck" + "ryot" + "shiori" + "sonarqube" + "vaultwarden" "webref" ]; in diff --git a/secrets/env.yaml b/secrets/env.yaml index 0238cc4..ca7b203 100644 --- a/secrets/env.yaml +++ b/secrets/env.yaml @@ -1,3 +1,4 @@ +linkwarden: ENC[AES256_GCM,data:G73i29pEyjmcHqo9NbHFUL6XMyLRzxln8WJyon+pk1uqb4I+eqYWlxk+uHNARPXOg0vXfDkDXDGPP7ogCa1En4yOZoY7ApuC0iTUOxicZY3/E8WQGXDEsvOlbr8yPiNLWQGj9aDtSMOOMv/NMv0GN2d7AfT5Kso9Rjrza4bUeq29DMttwa2Nfoum+zykGS3/zbsVH+aHYLJU3dCyY7RSdq84JfVBPaINVgBG+akeO7Uz3ArUOBn5sjmva9Ve5pbY6c5pBLnC//ypmGkqu4sb9Fy84XUw739Ay2kOZeB3oiZ59GwIdoUmx4JLVDaq2ykqJ09YFDf9OdKnMjYel8iHr7zq/+fgvfefiUz9riYuhQ9DLzQO+WQwQMYJL2SX8jeNiACNNTF0zoPitZqXKbZZLb542wUKN9ucbR/w,iv:Yc04FHnaZfbhOmDyaY3/hePmjgWvjWmtt+B8lB8e0xQ=,tag:1nwtm1bDbVRx8frgbLNh5Q==,type:str] gitea: ENC[AES256_GCM,data:8o+U4qFdyIhCPNlYyflQIuLHsQHtbT6G/a0OyCUeg9DtIeABXNVFhiy4iFRuIF0=,iv:AYwqDRNML1XuzwQnD4VmI4rKWYfTJjOjibrAbI5qgcA=,tag:UPL3UlETdkoFXLihEIGcSw==,type:str] shiori: ENC[AES256_GCM,data:tV7+1GusZvcli8dM86xOD71dc2mzcyfQwMeTh//LDb0=,iv:ED9wR6QjQgwd9Ll/UC5FK3CyYK3b0RniC/D6Y0nGEOI=,tag:X/aopMc2vhnRW2iTphFflQ==,type:str] flame: ENC[AES256_GCM,data:XsYRsA2xs+juWje2Od2Yl2xIvU0OS8xMrtwtcK/0NyyRrg==,iv:FR8lHsNQNCaOy4P+7BsIjNCz+H38i5RlwLYQ4fpB2+w=,tag:61EV7H04pcr1bSX4nSvlpw==,type:str] @@ -52,7 +53,7 @@ sops: QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb 9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-26T03:14:55Z" - mac: ENC[AES256_GCM,data:gIWqEMtFkoEnFV/I4cefglnXxxr1XwON/Oiv/iHv1h5zVLvEwdGC9hyQB1KEKUEHDxWjh8GpKXn9rkZ5pncs7vZdjgiMXyVC7IAiN7uT03RfyGjPtLy7T9qqzmac2uOWLoCnda6No4VIBGG50leh5J7WDk4hKXvlm49xCwSlcLw=,iv:fVtqpXMO3klwAztFRXODLp5H9kq9LJt82Zsoq/59dTU=,tag:XTa90qDkg7ehW6xoXRwEVw==,type:str] + lastmodified: "2026-02-01T21:49:36Z" + mac: ENC[AES256_GCM,data:QeEH5mof77IhB2Gr5HCKWKnNWKt529ruDvjBQHXZ0YlIxRHOtNckH0tjR4ldbDWJKhInnpe76c3IJdaE6PbEzk975dTc3YJ+WElJHbJ/9ESqXBbi5XmqxbnYUlf7cmKR+OuoVhvfqAAQl94758p7jgJTvKQFrdIthFI1PzDMU/A=,iv:sx5GX8qqYIAdR0bpNpAPu5e8cGpa4DIuIqSK6hXStZI=,tag:hf98Cs7BqLfsBl98/pvTQw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0