jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: jawz:weekly-2025-11-28
Branches Tags
jawz:main jawz:keycloak
jawz:weekly-2025-12-29 jawz:weekly-2025-12-15 jawz:weekly-2025-12-08 jawz:weekly-2025-12-05 jawz:weekly-2025-12-01 jawz:weekly-2025-11-28
...
compare: jawz:e714a8d184b7602555a886cf96c43c59331ef9d0
Branches Tags
jawz:main jawz:keycloak
jawz:weekly-2025-12-29 jawz:weekly-2025-12-15 jawz:weekly-2025-12-08 jawz:weekly-2025-12-05 jawz:weekly-2025-12-01 jawz:weekly-2025-11-28

14 Commits
weekly-202 ... e714a8d184

Author SHA1 Message Date
Danilo Reyes
e714a8d184 Update Keycloak configuration to use new secrets file and adjust environment variable references 2025-12-10 02:29:34 -06:00
Danilo Reyes
4d788d90ca linting 2025-12-10 02:29:25 -06:00
Danilo Reyes
303cd2db36 Add SOPS secrets for Keycloak database password and update configuration 2025-12-10 02:12:06 -06:00
Danilo Reyes
2cd3afe2b3 Rename Keycloak database configuration key from 'databaseName' to 'name' 2025-12-10 02:06:28 -06:00
Danilo Reyes
92492b6323 Update Keycloak database configuration to use 'databaseName' instead of 'database' 2025-12-10 02:04:17 -06:00
Danilo Reyes
6d5ae474c6 keycloak init 2025-12-10 02:00:12 -06:00
NixOS Builder Bot
ac66f35d93 Weekly flake update: 2025-12-08 10:04 UTC 2025-12-08 04:04:46 -06:00
NixOS Builder Bot
e3bae4db52 Weekly flake update: 2025-12-05 10:37 UTC 2025-12-05 04:37:42 -06:00
Danilo Reyes
3fe51d5901 25.11!
All checks were successful
Weekly NixOS Build & Cache / build-and-cache (push) Successful in 1h7m11s
Details
2025-12-05 02:40:17 -06:00
Danilo Reyes
76f0aeb07a low latency module messes up btd600 2025-12-02 16:53:01 -06:00
NixOS Builder Bot
0904751654 Weekly flake update: 2025-12-01 11:45 UTC 2025-12-01 05:45:55 -06:00
Danilo Reyes
6e6fbc7c3f new flake
All checks were successful
Weekly NixOS Build & Cache / build-and-cache (push) Successful in 2h15m41s
Details
2025-11-30 13:18:24 -06:00
Danilo Reyes
c0578a4bf4 corrupted flake 2025-11-30 13:15:30 -06:00
Danilo Reyes
bcbb624e28 changed Pictures path to capitalized 2025-11-30 13:14:54 -06:00
12 changed files with 214 additions and 101 deletions
Expand all files Collapse all files

39
TODO.md Normal file
View File

@@ -0,0 +1,39 @@
# Keycloak SSO Rollout (Server)
## Compatible services to cover (assume up-to-date versions)
- Gitea (OAuth2/OIDC)
- Nextcloud (Social Login app)
- Paperless-ngx (OIDC)
- Mealie (OIDC v1+)
- Jellyfin (OIDC plugin)
- Kavita (OIDC-capable builds)
- Readeck (OIDC-capable builds)
- Audiobookshelf (OIDC-capable builds)
- Matrix Synapse intentionally excluded (see below) but natively OIDC if needed
## Explicit exclusions (no SSO for now)
- Syncplay
- Matrix/Synapse
- Arr stack (sonarr, radarr, lidarr, prowlarr, bazarr)
- qbittorrent
- sabnzbd
- metube
- multi-scrobbler
- microbin
- ryot
- maloja
- plex
- atticd
## Phased rollout plan
1) Base identity
- Add Keycloak deployment/module and realm/client defaults.
2) Gateway/proxy auth
- Add oauth2-proxy (Keycloak provider) + nginx auth_request for non-OIDC apps (e.g., homepage-dashboard, stash).
3) Native OIDC wiring
- Configure native OIDC services (Gitea, Nextcloud, Paperless, Mealie, Jellyfin/Kavita/Readeck/Audiobookshelf) with Keycloak clients.
4) Per-service rollout
- Enable per app in priority order; document client IDs/secrets and callback URLs.
5) Verification
- Smoke-test login flows and cache any needed public keys/metadata.

2
config/overlay.nix
View File

@@ -38,7 +38,7 @@ _final: prev: {
waybar = prev.waybar.overrideAttrs (old: { waybar = prev.waybar.overrideAttrs (old: {
mesonFlags = old.mesonFlags ++ [ "-Dexperimental=true" ]; mesonFlags = old.mesonFlags ++ [ "-Dexperimental=true" ];
}); });
qbittorrent = prev.qbittorrent.overrideAttrs (old: rec { qbittorrent = prev.qbittorrent.overrideAttrs (_old: rec {
version = "5.1.3"; version = "5.1.3";
src = prev.fetchFromGitHub { src = prev.fetchFromGitHub {
owner = "qbittorrent"; owner = "qbittorrent";

3
config/users.nix
View File

@@ -1,5 +1,4 @@
{ ... }: _: {
{
users.users = { users.users = {
sonarr = { sonarr = {
uid = 274; uid = 274;

4
environments/hyprland.nix
View File

@@ -112,8 +112,8 @@ in
"${mod} SHIFT, 8, movetoworkspace, 8" "${mod} SHIFT, 8, movetoworkspace, 8"
"${mod} SHIFT, 9, movetoworkspace, 9" "${mod} SHIFT, 9, movetoworkspace, 9"
"${mod} SHIFT, 0, movetoworkspace, 10" "${mod} SHIFT, 0, movetoworkspace, 10"
"${mod}, F3, exec, grimblast save area ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png" "${mod}, F3, exec, grimblast save area ~/Pictures/Screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
"${mod} SHIFT, F3, exec, grimblast save screen ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png" "${mod} SHIFT, F3, exec, grimblast save screen ~/Pictures/Screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
]; ];
binde = [ binde = [
"${mod} SHIFT, h, moveactive, -20 0" "${mod} SHIFT, h, moveactive, -20 0"

182
flake.lock generated
View File

@@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763922789, "lastModified": 1764714051,
"narHash": "sha256-XnkWjCpeXfip9tqYdL0b0zzBDjq+dgdISvEdSVGdVyA=", "narHash": "sha256-AjcMlM3UoavFoLzr0YrcvsIxALShjyvwe+o7ikibpCM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "a20a0e67a33b6848378a91b871b89588d3a12573", "rev": "a43bedcceced5c21ad36578ed823e6099af78214",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -71,11 +71,11 @@
"base16-helix": { "base16-helix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1752979451, "lastModified": 1760703920,
"narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-helix", "repo": "base16-helix",
"rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", "rev": "d646af9b7d14bff08824538164af99d0c521b185",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -182,11 +182,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1758112371, "lastModified": 1764724327,
"narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -293,11 +293,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756770412, "lastModified": 1763759067,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751", "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -382,11 +382,11 @@
"flake": false, "flake": false,
"locked": { "locked": {
"host": "gitlab.gnome.org", "host": "gitlab.gnome.org",
"lastModified": 1762869044, "lastModified": 1764524476,
"narHash": "sha256-nwm/GJ2Syigf7VccLAZ66mFC8mZJFqpJmIxSGKl7+Ds=", "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=",
"owner": "GNOME", "owner": "GNOME",
"repo": "gnome-shell", "repo": "gnome-shell",
"rev": "680e3d195a92203f28d4bf8c6e8bb537cc3ed4ad", "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -404,11 +404,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764177491, "lastModified": 1765170903,
"narHash": "sha256-dhX2abFWxeXab3Aad4Pg1xGtn9W84/qetNXfmYUwktw=", "narHash": "sha256-O8VTGey1xxiRW+Fpb+Ps9zU7ShmxUA1a7cMTcENCVNg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2217780c39169a9c77915200137550c2ef0fa974", "rev": "20561be440a11ec57a89715480717baf19fe6343",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -486,6 +486,7 @@
"hyprlang": "hyprlang", "hyprlang": "hyprlang",
"hyprutils": "hyprutils", "hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner", "hyprwayland-scanner": "hyprwayland-scanner",
"hyprwire": "hyprwire",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@@ -494,11 +495,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1764283894, "lastModified": 1765141510,
"narHash": "sha256-5BWYZDmJKwUGxhY+43obUZItkAL6rm3xkvBYdltUWz4=", "narHash": "sha256-IjlKl72fJ40zZFiag9VTF37249jHCRHAE4RP7bI0OXA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "7e1e24fea615503a3cc05218c12b06c1b6cabdc7", "rev": "a5b7c91329313503e8864761f24ef43fb630f35c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -540,11 +541,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763727565, "lastModified": 1764812575,
"narHash": "sha256-vRff/2R1U1jzPBy4OODqh2kfUzmizW/nfV2ROzTDIKo=", "narHash": "sha256-1bK1yGgaR82vajUrt6z+BSljQvFn91D74WJ/vJsydtE=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-guiutils", "repo": "hyprland-guiutils",
"rev": "7724d3a12a0453e7aae05f2ef39474219f05a4b4", "rev": "fd321368a40c782cfa299991e5584ca338e36ebe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -594,11 +595,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763819661, "lastModified": 1764612430,
"narHash": "sha256-0jLarTR/BLWdGlboM86bPVP2zKJNI2jvo3JietnDkOM=", "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "a318deec0c12409ec39c68d2be8096b636dc2a5c", "rev": "0d00dc118981531aa731150b6ea551ef037acddd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -646,11 +647,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763503177, "lastModified": 1764592794,
"narHash": "sha256-VPoiswJBBmTLVuNncvT/8FpFR+sYcAi/LgP/zTZ+5rA=", "narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprtoolkit", "repo": "hyprtoolkit",
"rev": "f4e1e12755567ecf39090203b8f43eace8279630", "rev": "5cfe0743f0e608e1462972303778d8a0859ee63e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -671,11 +672,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763996058, "lastModified": 1764962281,
"narHash": "sha256-DsqzFZvrEV+aDmavjaD4/bk5qxeZwhGxPWBQdpFyM9Y=", "narHash": "sha256-rGbEMhTTyTzw4iyz45lch5kXseqnqcEpmrHdy+zHsfo=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "0168583075baffa083032ed13a8bea8ea12f281a", "rev": "fe686486ac867a1a24f99c753bb40ffed338e4b0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -709,6 +710,35 @@
"type": "github" "type": "github"
} }
}, },
"hyprwire": {
"inputs": {
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1764872015,
"narHash": "sha256-INI9AVrQG5nJZFvGPSiUZ9FEUZJLfGdsqjF1QSak7Gc=",
"owner": "hyprwm",
"repo": "hyprwire",
"rev": "7997451dcaab7b9d9d442f18985d514ec5891608",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwire",
"type": "github"
}
},
"jawz-scripts": { "jawz-scripts": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -717,11 +747,11 @@
"sudoku-solver": "sudoku-solver" "sudoku-solver": "sudoku-solver"
}, },
"locked": { "locked": {
"lastModified": 1763060154, "lastModified": 1764529970,
"narHash": "sha256-Fuzkzmi5Vfwae3XCFLTLUlIVd8iAhoh2J0hjIbpjZcI=", "narHash": "sha256-XskTPGgQJlMXMpiD16J+EyG7G01SwybwK0MXgsfqi5E=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "b1ba215f4a81e8750696cb234f010746d86b1bdb", "rev": "e40d6fc2bb35c360078d8523b987c071591357c3",
"revCount": 121, "revCount": 122,
"type": "git", "type": "git",
"url": "https://git.lebubu.org/jawz/scripts.git" "url": "https://git.lebubu.org/jawz/scripts.git"
}, },
@@ -758,11 +788,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764294866, "lastModified": 1765073338,
"narHash": "sha256-Kn0+e5avInNAX7Rf3qKlUGunpcc8ryutoZLRXzQa6BY=", "narHash": "sha256-UGkNtTs0E1SzskcUkkkWoh3vfZwPiHrk0SMRoQL86oE=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "f189ee5932ef2e0fcc4f63d12a698a968b8450e8", "rev": "7480cfb8bba3e352edf2c9334ff4b7c3ac84eb87",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -873,11 +903,11 @@
}, },
"nixpkgs-small": { "nixpkgs-small": {
"locked": { "locked": {
"lastModified": 1764294158, "lastModified": 1765178948,
"narHash": "sha256-jYgxKfpElNtpjkH6iNHk3v1V84U3nDrMaK7bf6O9MeQ=", "narHash": "sha256-Kb3mIrj4xLg2LeMvok0tpiGPis1VnrNJO0l4kW+0xmc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c9bf37b26e96d5abc45336fc2cbdccc8e45e3e96", "rev": "f376a52d0dc796aec60b5606a2676240ff1565b9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -889,11 +919,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1764242076, "lastModified": 1764950072,
"narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "rev": "f61125a668a320878494449750330ca58b78c557",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -905,11 +935,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1764173365, "lastModified": 1764983851,
"narHash": "sha256-JaNFPy3nywPNxSDpEgFFqvngQww5Igb6twG4NhMo8oc=", "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2fecba9952096ba043c16b9ef40b92851ff3e5d9", "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -948,11 +978,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764321059, "lastModified": 1765185832,
"narHash": "sha256-OP0j9fWgJegPyOqOLVA1UsKaFXf/WQoOp+8AkVlxN9Y=", "narHash": "sha256-z8duEjztk7g+Zm4DbZfAAYMAqb+ooaNPuOBhpvx7TiU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "5eff8a78843aad75d7712aea91583c6f8a3dbcd1", "rev": "7be17d29475559cb8d7e35b5ed185b5a8ed8d7b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -973,11 +1003,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758998580, "lastModified": 1764773531,
"narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", "rev": "1d9616689e98beded059ad0384b9951e967a17fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -996,11 +1026,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763988335, "lastModified": 1765016596,
"narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1012,11 +1042,11 @@
"qbit_manage": { "qbit_manage": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1763222957, "lastModified": 1764428351,
"narHash": "sha256-F9EPEvJ8sjVb6Epa7V+3t9gEkvqwWF1opUCVQkjR6bs=", "narHash": "sha256-JCsbf2mPRhs7Mbekl946G/y/CSNSSvQBLvlwVy/Avcg=",
"owner": "StuffAnThings", "owner": "StuffAnThings",
"repo": "qbit_manage", "repo": "qbit_manage",
"rev": "b1e91d7259bcc35b0829c5dc52ea87deedaef6b5", "rev": "371627bbeb082e68f057bbe4599565c2e63a14c7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1055,11 +1085,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764021963, "lastModified": 1765079830,
"narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", "narHash": "sha256-i9GMbBLkeZ7MVvy7+aAuErXkBkdRylHofrAjtpUPKt8=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", "rev": "aeb517262102f13683d7a191c7e496b34df8d24c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1089,11 +1119,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1764193603, "lastModified": 1765065096,
"narHash": "sha256-guX30TWe8HRG2qPFiM9893F2uTw4B8D/xkE6Mq7MiYg=", "narHash": "sha256-abrrONk8vzRtY6fHEkjZOyRJpKHjPlFqMBE0+/DxfAU=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "9bf8725a3d65b3ff0ba68ce13779657f5095e36b", "rev": "84d9d55885d463d461234f3aac07b2389a2577d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1216,11 +1246,11 @@
"tinted-schemes": { "tinted-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1757716333, "lastModified": 1763914658,
"narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "schemes", "repo": "schemes",
"rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1232,11 +1262,11 @@
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1757811970, "lastModified": 1764465359,
"narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", "rev": "edf89a780e239263cc691a987721f786ddc4f6aa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1248,11 +1278,11 @@
"tinted-zed": { "tinted-zed": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1757811247, "lastModified": 1764464512,
"narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-zed", "repo": "base16-zed",
"rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a",
"type": "github" "type": "github"
}, },
"original": { "original": {

46
modules/servers/keycloak.nix Normal file
View File

@@ -0,0 +1,46 @@
{
lib,
config,
inputs,
...
}:
let
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.keycloak;
in
{
options.my.servers.keycloak = setup.mkOptions "keycloak" "auth" 8090;
config = lib.mkIf (cfg.enable && config.my.secureHost) {
sops.secrets.keycloak = {
sopsFile = ../../secrets/env.yaml;
owner = "keycloak";
group = "keycloak";
};
sops.secrets.postgres-password = {
sopsFile = ../../secrets/secrets.yaml;
owner = "keycloak";
group = "keycloak";
};
services.keycloak = {
inherit (cfg) enable;
database = {
type = "postgresql";
host = "localhost";
createLocally = false;
username = "keycloak";
name = "keycloak";
passwordFile = config.sops.secrets."keycloak/db_password".path;
};
settings.hostname = cfg.host;
"hostname-strict" = true;
"hostname-strict-https" = false;
"http-enabled" = true;
"http-port" = cfg.port;
"proxy" = "edge";
};
systemd.services.keycloak.serviceConfig.EnvironmentFile = config.sops.secrets.keycloak.path;
services.nginx.virtualHosts.${cfg.host} = lib.mkIf (cfg.enableProxy && config.my.enableProxy) (
inputs.self.lib.proxyReverseFix cfg
);
};
}

1
modules/servers/postgres.nix
View File

@@ -40,6 +40,7 @@ let
"sonarqube" "sonarqube"
"gitea" "gitea"
"atticd" "atticd"
"keycloak"
]; ];
in in
{ {

4
modules/servers/qbittorrent.nix
View File

@@ -7,10 +7,6 @@
}: }:
let let
inherit (inputs) qbit_manage; inherit (inputs) qbit_manage;
pkgsU = import inputs.nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfree = true;
};
vuetorrent = pkgs.fetchzip { vuetorrent = pkgs.fetchzip {
url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.31.0/vuetorrent.zip"; url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.31.0/vuetorrent.zip";
sha256 = "sha256-kVDnDoCoJlY2Ew71lEMeE67kNOrKTJEMqNj2OfP01qw="; sha256 = "sha256-kVDnDoCoJlY2Ew71lEMeE67kNOrKTJEMqNj2OfP01qw=";

14
modules/services/sound.nix
View File

@@ -1,11 +1,10 @@
{ {
config, config,
lib, lib,
inputs,
... ...
}: }:
{ {
imports = [ inputs.nix-gaming.nixosModules.pipewireLowLatency ]; # imports = [ inputs.nix-gaming.nixosModules.pipewireLowLatency ];
options.my.services.sound.enable = lib.mkEnableOption "audio system and PipeWire"; options.my.services.sound.enable = lib.mkEnableOption "audio system and PipeWire";
config = lib.mkIf config.my.services.sound.enable { config = lib.mkIf config.my.services.sound.enable {
services.pulseaudio.enable = false; services.pulseaudio.enable = false;
@@ -15,11 +14,12 @@
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
lowLatency = { wireplumber.enable = true;
enable = true; # lowLatency = {
quantum = 64; # enable = true;
rate = 48000; # quantum = 64;
}; # rate = 48000;
# };
}; };
}; };
} }

8
modules/services/syncthing.nix
View File

@@ -69,10 +69,10 @@ in
}; };
folders = { folders = {
cache = mkMobile "~/Downloads/cache/"; cache = mkMobile "~/Downloads/cache/";
friends = mkMobile "~/Pictures/artist/friends/"; friends = mkMobile "~/Pictures/Artist/friends/";
forme = mkMobile "~/Pictures/art for me/"; forme = mkMobile "~/Pictures/Art for me/";
comfy = mkMobile "~/Development/AI/ComfyUI/output/"; comfy = mkMobile "~/Development/AI/ComfyUI/output/";
clean = mkMobile "~/Pictures/unorganized/unified mess/sync"; clean = mkMobile "~/Pictures/Unorganized/unified mess/sync";
gdl = { gdl = {
path = "~/.config/jawz/"; path = "~/.config/jawz/";
ignorePerms = false; ignorePerms = false;
@@ -105,7 +105,7 @@ in
]; ];
}; };
friend_share = { friend_share = {
path = "~/Pictures/encrypted/friends"; path = "~/Pictures/Encrypted/friends";
ignorePerms = false; ignorePerms = false;
type = "sendreceive"; type = "sendreceive";
devices = [ devices = [

5
secrets/env.yaml
View File

@@ -11,6 +11,7 @@ cloudflare-api: ENC[AES256_GCM,data:iNUMlY8rz5yHVitpK4HGaFSK7j+c8Pm7rOQMOQGmSJ3a
synapse: ENC[AES256_GCM,data:IR0pFwQBEM4O8mzzYXrPe2FjulSUGuitzLDLms2uovr6gEU82mCkRO/UCQOybNm03iOQeXX0Whz739kpYSGSInEyx69BNG/etH+bMu+GbYeMdrTEyXHSa7kcH4Ug,iv:Vn2ILYXnCj+Op/E2kWoxV+2ZtlxYJxO6XK3Ql41KW6w=,tag:9wogJFLlmfM5PRgPdwFlcw==,type:str] synapse: ENC[AES256_GCM,data:IR0pFwQBEM4O8mzzYXrPe2FjulSUGuitzLDLms2uovr6gEU82mCkRO/UCQOybNm03iOQeXX0Whz739kpYSGSInEyx69BNG/etH+bMu+GbYeMdrTEyXHSa7kcH4Ug,iv:Vn2ILYXnCj+Op/E2kWoxV+2ZtlxYJxO6XK3Ql41KW6w=,tag:9wogJFLlmfM5PRgPdwFlcw==,type:str]
readeck: ENC[AES256_GCM,data:TsIkHLji37dDHQRt78SquBhoSREHDgvgbc6+M1k2MLrgMGJ/Ejfy5AZXCIp/Qj5sXDzKP4j6Y6xFvGLswCqe02XjqGCpX13gZVCFPuKr8Nq051Xg,iv:Rc/pjYP+Vd/DvLCYsfJjDrnAlAiUlZOcNeeYzE6O3UY=,tag:OvR+CXMmrUFbsrHvduhnjA==,type:str] readeck: ENC[AES256_GCM,data:TsIkHLji37dDHQRt78SquBhoSREHDgvgbc6+M1k2MLrgMGJ/Ejfy5AZXCIp/Qj5sXDzKP4j6Y6xFvGLswCqe02XjqGCpX13gZVCFPuKr8Nq051Xg,iv:Rc/pjYP+Vd/DvLCYsfJjDrnAlAiUlZOcNeeYzE6O3UY=,tag:OvR+CXMmrUFbsrHvduhnjA==,type:str]
lidarr-mb-gap: ENC[AES256_GCM,data:bNzD9Nf9BWAPkm0Yk0J4MJbmo908QX9VsD+40Rngnfec9nzH4vZ2DrelxRllgT1kgnXMQzvoSgNhBwkDN4fgX73hz1FjkytTwahlO0wcY6R+tw4aokh0QYy0TVx5pZ4u1FEQOAp3IMgBsP8HOqaL/NEsEo3yb0K9iC3AfFihkLDJmVh26Pg=,iv:go0qS7/BcfcAMPkAdGWCoL61gNqBG5lWDev++y9DJ/I=,tag:LgtEyTZH8NfhfrKTcAigZw==,type:str] lidarr-mb-gap: ENC[AES256_GCM,data:bNzD9Nf9BWAPkm0Yk0J4MJbmo908QX9VsD+40Rngnfec9nzH4vZ2DrelxRllgT1kgnXMQzvoSgNhBwkDN4fgX73hz1FjkytTwahlO0wcY6R+tw4aokh0QYy0TVx5pZ4u1FEQOAp3IMgBsP8HOqaL/NEsEo3yb0K9iC3AfFihkLDJmVh26Pg=,iv:go0qS7/BcfcAMPkAdGWCoL61gNqBG5lWDev++y9DJ/I=,tag:LgtEyTZH8NfhfrKTcAigZw==,type:str]
keycloak: ENC[AES256_GCM,data:BmwZxuJaOB8F7zmBNAf42lkw36s5TepimtdyT2xjdGVyuHgRHbTZqeVen7/0II39qrJjko4agZJgToIZ1uhaC/gpGSoHZlib3rJozPCqmBc42nO6SOtpIO8=,iv:kPModK85937/liNk6iLIRiQ/G5yB7S7h24ZzPb8A1zo=,tag:lWvDQAHVRiBz8XZUoADKvw==,type:str]
sops: sops:
age: age:
- recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37 - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
@@ -49,7 +50,7 @@ sops:
QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb
9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q== 9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-11T23:18:34Z" lastmodified: "2025-12-10T08:26:05Z"
mac: ENC[AES256_GCM,data:i3U364pjZB5Y61Wf7ETbXhNWyfH1gw0oyPcNyT+nCIJmePh8JWiP9hnHmZfLS1BKkI2powQdezbz9R0XDvU7g2SkV8EsWmn/h3rFwbopUZbeRQ2SCoX7LGFez74l1oTPQjL8zWJVdrUtfAFgbZKSEWuz7rsDieKBVhIJwWaeePY=,iv:N4z+X3eD6jH+zQfY24qec+U6wkfhLGPm4MzY8T2Km/A=,tag:yluW5YSKMZ4Kk+wcXbkj8Q==,type:str] mac: ENC[AES256_GCM,data:rUc4vtnyqK7U6Zvx+BCVMT6yqhCBBsKY/Cfp13XzPzKqa/8sRI7PSEUBY+RSH0t2ShCUep+dWu0ghgFq9L2olJkwuOQ3MHPyIRw3ldwbuYwoRiCtvTkyvtZMaJouy/QrD+mHBr8a6UZRIl/6gnIxcqktzXUeKbCtJcSFj5ScHIg=,iv:j/mtZ3RJwMilVF5AFFUjo4Jm5IDlRIzZx1MdjOE+4gc=,tag:w4Niu71q3Lutu32VdFruHw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0

7
secrets/secrets.yaml
View File

@@ -14,6 +14,7 @@ stash:
unpackerr: unpackerr:
sonarr-api: ENC[AES256_GCM,data:74/aSs7Q2tcDh9hPGm88h2hIneOcJ+P9HaCqoeuL6FQ=,iv:1AOpCii7ED1EyOFNCzvgRp5tR2ic1U6oRi7yg0hUcLk=,tag:k1miUivDQPxRgBWhXi9f+w==,type:str] sonarr-api: ENC[AES256_GCM,data:74/aSs7Q2tcDh9hPGm88h2hIneOcJ+P9HaCqoeuL6FQ=,iv:1AOpCii7ED1EyOFNCzvgRp5tR2ic1U6oRi7yg0hUcLk=,tag:k1miUivDQPxRgBWhXi9f+w==,type:str]
radarr-api: ENC[AES256_GCM,data:bZiJNk/ewREIBss+z4daVwL1UyI4rt8GxVmC/bpTNvc=,iv:li2kMzOgdWtLLr4l244P082Z0jwDB2aEC6iRYt3o/HY=,tag:mi9SY/pT2qTIzR/ngp8bGg==,type:str] radarr-api: ENC[AES256_GCM,data:bZiJNk/ewREIBss+z4daVwL1UyI4rt8GxVmC/bpTNvc=,iv:li2kMzOgdWtLLr4l244P082Z0jwDB2aEC6iRYt3o/HY=,tag:mi9SY/pT2qTIzR/ngp8bGg==,type:str]
postgres-password: ENC[AES256_GCM,data:V0g4T1cLUFnTN94zZZR83/KVJFUDGEWVEn6nyijnver4QCELUFkNr99s9g==,iv:1ymHA0JaVC2/aHdg4TmJmuKOG8JGZRRvynrgQIGdTss=,tag:xsCVpc+HBaNeswYvzo0PaA==,type:str]
sops: sops:
age: age:
- recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37 - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
@@ -52,7 +53,7 @@ sops:
RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM
QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw== QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-02T20:02:38Z" lastmodified: "2025-12-10T08:27:18Z"
mac: ENC[AES256_GCM,data:DnbkeF+evVTMhYTg3OU528cRQ+jBiUl7Q7JZxyGRL6USjB2OdIRxqnnCH8L36K2hSAIkKQ/kojyJs+8Pgkx5uD/qsCbGlNT9pSBU1qPdSBxqJsVPxHZmkuf/QxGtE4pgV/50xJMrVyzAetWPZuxcYVfWAPszxDZcR5XDuD+Yjk4=,iv:i2Vt6nv6etIgaaoxsbVlxEnIhIx4adOQZFeyGM/4Saw=,tag:jugPmHU78lap7Hy7RJd9pg==,type:str] mac: ENC[AES256_GCM,data:Q9mdmt8HI+yzOu3IiEbxtZ7jg/2+6EHtHyRAJndrlwKCbTM59Nqza3YJ5+EpOrQw+ydYhiG2gXZ8qU/f70s0XdDUlpo/EgOkYoLDCgqFQ8TQu7R7Fwjv9Lw27IomGyCtTouWLfIQC1lZV1I1Df61P8HiPzUmV3pEr87o7qD0f/w=,iv:Cst3qxD65ijqmB+ftLNdpRGmRjSjqW7MrSskd33Ght8=,tag:+zgclBJw/PYTQYzPMAFQUA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.11.0