Compare commits
58 Commits
weekly-202
...
2893487ffc
| Author | SHA1 | Date | |
|---|---|---|---|
|
2893487ffc | ||
|
|
9629493d02 | ||
|
|
495f6e2e25 | ||
|
|
b89d193445 | ||
|
|
4e835aca1b | ||
|
|
597f9ee5b8 | ||
|
|
d4c7ea8742 | ||
|
|
f630e1483b | ||
|
|
983e271075 | ||
|
|
7aed2c9a65 | ||
|
|
9cf2b7df40 | ||
|
|
2a793a3dec | ||
|
|
89c3c0badc | ||
|
|
43294b20c0 | ||
|
|
4b88749d17 | ||
|
|
5c53ad615e | ||
|
|
5fbc4e1389 | ||
|
|
648a22252a | ||
|
|
467708a7e6 | ||
|
|
cfb0ad1a31 | ||
|
|
e80425e0f6 | ||
|
|
7289f6c5d2 | ||
|
|
54609e54bb | ||
|
|
4c924f6bb4 | ||
|
|
8e0c2783cd | ||
|
|
2dd20fab48 | ||
|
|
07a083dfa2 | ||
| 9d8defe07b | |||
| 089ea908e3 | |||
|
|
76924a4021 | ||
|
|
3325d8b931 | ||
|
|
75520f3b86 | ||
|
|
7846f5a822 | ||
|
|
41850af033 | ||
|
|
6cf501ab62 | ||
|
|
b00459e26e | ||
|
|
e279e3811f | ||
|
|
1ade9dd65a | ||
|
|
016b181d1b | ||
|
|
8c55d42ba2 | ||
|
|
b864c98786 | ||
|
|
451359dc4d | ||
|
|
7ab8789799 | ||
|
|
b5a5d42910 | ||
|
|
8f04f99c85 | ||
|
|
dfe8ce2e4b | ||
|
|
bd26dc247b | ||
|
|
3f40666ebf | ||
|
|
b912aa82fa | ||
|
|
616db8006e | ||
|
|
ba41e8f804 | ||
|
|
5289193961 | ||
|
|
e714a8d184 | ||
|
|
4d788d90ca | ||
|
|
303cd2db36 | ||
|
|
2cd3afe2b3 | ||
|
|
92492b6323 | ||
|
|
6d5ae474c6 |
39
TODO.md
Normal file
39
TODO.md
Normal file
@@ -0,0 +1,39 @@
|
||||
# Keycloak SSO Rollout (Server)
|
||||
|
||||
## Compatible services to cover (assume up-to-date versions)
|
||||
- Gitea (OAuth2/OIDC)
|
||||
- Nextcloud (Social Login app)
|
||||
- Paperless-ngx (OIDC)
|
||||
- Mealie (OIDC v1+)
|
||||
- Jellyfin (OIDC plugin)
|
||||
- Kavita (OIDC-capable builds)
|
||||
- Readeck (OIDC-capable builds)
|
||||
- Audiobookshelf (OIDC-capable builds)
|
||||
- Matrix Synapse – intentionally excluded (see below) but natively OIDC if needed
|
||||
|
||||
## Explicit exclusions (no SSO for now)
|
||||
- Syncplay
|
||||
- Matrix/Synapse
|
||||
- Arr stack (sonarr, radarr, lidarr, prowlarr, bazarr)
|
||||
- qbittorrent
|
||||
- sabnzbd
|
||||
- metube
|
||||
- multi-scrobbler
|
||||
- microbin
|
||||
- ryot
|
||||
- maloja
|
||||
- plex
|
||||
- atticd
|
||||
|
||||
## Phased rollout plan
|
||||
1) Base identity
|
||||
- Add Keycloak deployment/module and realm/client defaults.
|
||||
2) Gateway/proxy auth
|
||||
- Add oauth2-proxy (Keycloak provider) + nginx auth_request for non-OIDC apps (e.g., homepage-dashboard, stash).
|
||||
3) Native OIDC wiring
|
||||
- Configure native OIDC services (Gitea, Nextcloud, Paperless, Mealie, Jellyfin/Kavita/Readeck/Audiobookshelf) with Keycloak clients.
|
||||
4) Per-service rollout
|
||||
- Enable per app in priority order; document client IDs/secrets and callback URLs.
|
||||
5) Verification
|
||||
- Smoke-test login flows and cache any needed public keys/metadata.
|
||||
|
||||
@@ -66,6 +66,8 @@
|
||||
groups = {
|
||||
users.gid = 100;
|
||||
piracy.gid = 985;
|
||||
core.gid = 1251;
|
||||
glue.gid = 6969;
|
||||
};
|
||||
};
|
||||
nixpkgs.config = {
|
||||
|
||||
47
config/derek.nix
Normal file
47
config/derek.nix
Normal file
@@ -0,0 +1,47 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
sops.secrets = lib.mkIf config.my.secureHost {
|
||||
derek-password.neededForUsers = true;
|
||||
};
|
||||
services = {
|
||||
tailscale.enable = true;
|
||||
sunshine = {
|
||||
enable = true;
|
||||
autoStart = true;
|
||||
capSysAdmin = true;
|
||||
openFirewall = true;
|
||||
|
||||
};
|
||||
};
|
||||
users.users.bearded_dragonn = {
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
hashedPasswordFile = config.sops.secrets.derek-password.path;
|
||||
packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
davinci-resolve
|
||||
shotcut
|
||||
pitivi
|
||||
bottles
|
||||
vscode
|
||||
nextcloud-client
|
||||
firefox
|
||||
warp
|
||||
;
|
||||
inherit (pkgs.kdePackages)
|
||||
kdenlive
|
||||
;
|
||||
};
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"video"
|
||||
"input"
|
||||
"games"
|
||||
];
|
||||
};
|
||||
}
|
||||
@@ -61,6 +61,8 @@ in
|
||||
"scanner"
|
||||
"lp"
|
||||
"piracy"
|
||||
"core"
|
||||
"glue"
|
||||
"kavita"
|
||||
"video"
|
||||
"docker"
|
||||
|
||||
@@ -38,7 +38,7 @@ _final: prev: {
|
||||
waybar = prev.waybar.overrideAttrs (old: {
|
||||
mesonFlags = old.mesonFlags ++ [ "-Dexperimental=true" ];
|
||||
});
|
||||
qbittorrent = prev.qbittorrent.overrideAttrs (old: rec {
|
||||
qbittorrent = prev.qbittorrent.overrideAttrs (_old: rec {
|
||||
version = "5.1.3";
|
||||
src = prev.fetchFromGitHub {
|
||||
owner = "qbittorrent";
|
||||
|
||||
@@ -9,7 +9,7 @@ let
|
||||
schemesFile = import ./schemes.nix {
|
||||
inherit pkgs inputs;
|
||||
};
|
||||
scheme = schemesFile.schemes.jesus;
|
||||
scheme = schemesFile.schemes.paul;
|
||||
cfg = config.my.stylix;
|
||||
gnomeEnabled = config.services.desktopManager.gnome.enable;
|
||||
in
|
||||
@@ -23,7 +23,7 @@ in
|
||||
targets.qt.platform = lib.mkForce "qtct";
|
||||
}
|
||||
// lib.optionalAttrs (scheme ? base16Scheme) { inherit (scheme) base16Scheme; };
|
||||
home-manager.users.jawz = {
|
||||
home-manager.users = inputs.self.lib.mkHomeManagerUsers lib config.my.toggleUsers.stylix (user: {
|
||||
gtk = lib.mkIf (!cfg.enable && gnomeEnabled) {
|
||||
enable = true;
|
||||
iconTheme = {
|
||||
@@ -44,9 +44,9 @@ in
|
||||
};
|
||||
targets.librewolf = {
|
||||
firefoxGnomeTheme.enable = true;
|
||||
profileNames = [ "jawz" ];
|
||||
profileNames = [ user ];
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
{ ... }:
|
||||
{
|
||||
_: {
|
||||
users.users = {
|
||||
sonarr = {
|
||||
uid = 274;
|
||||
|
||||
188
flake.lock
generated
188
flake.lock
generated
@@ -20,11 +20,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1764714051,
|
||||
"narHash": "sha256-AjcMlM3UoavFoLzr0YrcvsIxALShjyvwe+o7ikibpCM=",
|
||||
"lastModified": 1767024902,
|
||||
"narHash": "sha256-sMdk6QkMDhIOnvULXKUM8WW8iyi551SWw2i6KQHbrrU=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "aquamarine",
|
||||
"rev": "a43bedcceced5c21ad36578ed823e6099af78214",
|
||||
"rev": "b8a0c5ba5a9fbd2c660be7dd98bdde0ff3798556",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -54,17 +54,17 @@
|
||||
"base16-fish": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1754405784,
|
||||
"narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=",
|
||||
"lastModified": 1765809053,
|
||||
"narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=",
|
||||
"owner": "tomyun",
|
||||
"repo": "base16-fish",
|
||||
"rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
|
||||
"rev": "86cbea4dca62e08fb7fd83a70e96472f92574782",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tomyun",
|
||||
"repo": "base16-fish",
|
||||
"rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
|
||||
"rev": "86cbea4dca62e08fb7fd83a70e96472f92574782",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
@@ -182,11 +182,11 @@
|
||||
"firefox-gnome-theme": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1764724327,
|
||||
"narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=",
|
||||
"lastModified": 1764873433,
|
||||
"narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=",
|
||||
"owner": "rafaelmardojai",
|
||||
"repo": "firefox-gnome-theme",
|
||||
"rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047",
|
||||
"rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -198,15 +198,15 @@
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1761588595,
|
||||
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
|
||||
"owner": "edolstra",
|
||||
"lastModified": 1767039857,
|
||||
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
|
||||
"owner": "NixOS",
|
||||
"repo": "flake-compat",
|
||||
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
|
||||
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"owner": "NixOS",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
@@ -216,11 +216,11 @@
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1763759067,
|
||||
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
|
||||
"lastModified": 1768135262,
|
||||
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
|
||||
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -234,11 +234,11 @@
|
||||
"nixpkgs-lib": "nixpkgs-lib_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1763759067,
|
||||
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
|
||||
"lastModified": 1767609335,
|
||||
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
|
||||
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -293,11 +293,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1763759067,
|
||||
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
|
||||
"lastModified": 1767609335,
|
||||
"narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
|
||||
"rev": "250481aafeb741edfe23d29195671c19b36b6dca",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -382,11 +382,11 @@
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"host": "gitlab.gnome.org",
|
||||
"lastModified": 1764524476,
|
||||
"narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=",
|
||||
"lastModified": 1767737596,
|
||||
"narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=",
|
||||
"owner": "GNOME",
|
||||
"repo": "gnome-shell",
|
||||
"rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22",
|
||||
"rev": "ef02db02bf0ff342734d525b5767814770d85b49",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
@@ -404,11 +404,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1765170903,
|
||||
"narHash": "sha256-O8VTGey1xxiRW+Fpb+Ps9zU7ShmxUA1a7cMTcENCVNg=",
|
||||
"lastModified": 1767910483,
|
||||
"narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "20561be440a11ec57a89715480717baf19fe6343",
|
||||
"rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -463,11 +463,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1763733840,
|
||||
"narHash": "sha256-JnET78yl5RvpGuDQy3rCycOCkiKoLr5DN1fPhRNNMco=",
|
||||
"lastModified": 1766946335,
|
||||
"narHash": "sha256-MRD+Jr2bY11MzNDfenENhiK6pvN+nHygxdHoHbZ1HtE=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprgraphics",
|
||||
"rev": "8f1bec691b2d198c60cccabca7a94add2df4ed1a",
|
||||
"rev": "4af02a3925b454deb1c36603843da528b67ded6c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -495,11 +495,11 @@
|
||||
"xdph": "xdph"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1765141510,
|
||||
"narHash": "sha256-IjlKl72fJ40zZFiag9VTF37249jHCRHAE4RP7bI0OXA=",
|
||||
"lastModified": 1768551081,
|
||||
"narHash": "sha256-rMflM+m81G612HrehUCEgCvEweGnfUFRKIz07vWp1c0=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "Hyprland",
|
||||
"rev": "a5b7c91329313503e8864761f24ef43fb630f35c",
|
||||
"rev": "0b13d398fe597c9b30beb8207828586718b8a9b0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -541,11 +541,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1764812575,
|
||||
"narHash": "sha256-1bK1yGgaR82vajUrt6z+BSljQvFn91D74WJ/vJsydtE=",
|
||||
"lastModified": 1767023960,
|
||||
"narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprland-guiutils",
|
||||
"rev": "fd321368a40c782cfa299991e5584ca338e36ebe",
|
||||
"rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -566,11 +566,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759610243,
|
||||
"narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
|
||||
"lastModified": 1765214753,
|
||||
"narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprland-protocols",
|
||||
"rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
|
||||
"rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -672,11 +672,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1764962281,
|
||||
"narHash": "sha256-rGbEMhTTyTzw4iyz45lch5kXseqnqcEpmrHdy+zHsfo=",
|
||||
"lastModified": 1766253372,
|
||||
"narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprutils",
|
||||
"rev": "fe686486ac867a1a24f99c753bb40ffed338e4b0",
|
||||
"rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -726,11 +726,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1764872015,
|
||||
"narHash": "sha256-INI9AVrQG5nJZFvGPSiUZ9FEUZJLfGdsqjF1QSak7Gc=",
|
||||
"lastModified": 1767473322,
|
||||
"narHash": "sha256-RGOeG+wQHeJ6BKcsSB8r0ZU77g9mDvoQzoTKj2dFHwA=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprwire",
|
||||
"rev": "7997451dcaab7b9d9d442f18985d514ec5891608",
|
||||
"rev": "d5e7d6b49fe780353c1cf9a1cf39fa8970bd9d11",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -747,11 +747,11 @@
|
||||
"sudoku-solver": "sudoku-solver"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1764529970,
|
||||
"narHash": "sha256-XskTPGgQJlMXMpiD16J+EyG7G01SwybwK0MXgsfqi5E=",
|
||||
"lastModified": 1766276320,
|
||||
"narHash": "sha256-0OjLvaFkXUPy1lCICUH/QUsUpcDpB2rlDner/f8wirQ=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "e40d6fc2bb35c360078d8523b987c071591357c3",
|
||||
"revCount": 122,
|
||||
"rev": "64676aca5db212e7a84b154811d69b74c9cd265f",
|
||||
"revCount": 125,
|
||||
"type": "git",
|
||||
"url": "https://git.lebubu.org/jawz/scripts.git"
|
||||
},
|
||||
@@ -788,11 +788,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1765073338,
|
||||
"narHash": "sha256-UGkNtTs0E1SzskcUkkkWoh3vfZwPiHrk0SMRoQL86oE=",
|
||||
"lastModified": 1768529562,
|
||||
"narHash": "sha256-cI1jFNllTDYVPJtRoxDjP6Vi6gi+igYSDgwHfO4fQPk=",
|
||||
"owner": "fufexan",
|
||||
"repo": "nix-gaming",
|
||||
"rev": "7480cfb8bba3e352edf2c9334ff4b7c3ac84eb87",
|
||||
"rev": "e8e7c08a45de0c9b806887d91b1f64f5c9ed1a8a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -855,11 +855,11 @@
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1761765539,
|
||||
"narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
|
||||
"lastModified": 1765674936,
|
||||
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
|
||||
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -870,11 +870,11 @@
|
||||
},
|
||||
"nixpkgs-lib_2": {
|
||||
"locked": {
|
||||
"lastModified": 1761765539,
|
||||
"narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
|
||||
"lastModified": 1765674936,
|
||||
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
|
||||
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -903,11 +903,11 @@
|
||||
},
|
||||
"nixpkgs-small": {
|
||||
"locked": {
|
||||
"lastModified": 1765178948,
|
||||
"narHash": "sha256-Kb3mIrj4xLg2LeMvok0tpiGPis1VnrNJO0l4kW+0xmc=",
|
||||
"lastModified": 1768455256,
|
||||
"narHash": "sha256-bbwUg9KmGwM34t9IAt+zst1XBhp9Rtxvvgd41fvog6k=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "f376a52d0dc796aec60b5606a2676240ff1565b9",
|
||||
"rev": "0ac615ad4da024ace7fa5e0be5b01a3414c2295f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -919,11 +919,11 @@
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1764950072,
|
||||
"narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",
|
||||
"lastModified": 1768305791,
|
||||
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "f61125a668a320878494449750330ca58b78c557",
|
||||
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -935,11 +935,11 @@
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1764983851,
|
||||
"narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
|
||||
"lastModified": 1768323494,
|
||||
"narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",
|
||||
"rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -978,11 +978,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1765185832,
|
||||
"narHash": "sha256-z8duEjztk7g+Zm4DbZfAAYMAqb+ooaNPuOBhpvx7TiU=",
|
||||
"lastModified": 1768554759,
|
||||
"narHash": "sha256-AipphBIOSOUJgivI2xc3lfRYF4PIkzDtfxAt3P+hFmA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nur",
|
||||
"rev": "7be17d29475559cb8d7e35b5ed185b5a8ed8d7b6",
|
||||
"rev": "da17a42da6f01227a10f156767f7425de5f3477d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1003,11 +1003,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1764773531,
|
||||
"narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=",
|
||||
"lastModified": 1767886815,
|
||||
"narHash": "sha256-pB2BBv6X9cVGydEV/9Y8+uGCvuYJAlsprs1v1QHjccA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "1d9616689e98beded059ad0384b9951e967a17fa",
|
||||
"rev": "4ff84374d77ff62e2e13a46c33bfeb73590f9fef",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1026,11 +1026,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1765016596,
|
||||
"narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
|
||||
"lastModified": 1767281941,
|
||||
"narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
|
||||
"rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1085,11 +1085,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1765079830,
|
||||
"narHash": "sha256-i9GMbBLkeZ7MVvy7+aAuErXkBkdRylHofrAjtpUPKt8=",
|
||||
"lastModified": 1768481291,
|
||||
"narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "aeb517262102f13683d7a191c7e496b34df8d24c",
|
||||
"rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1119,11 +1119,11 @@
|
||||
"tinted-zed": "tinted-zed"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1765065096,
|
||||
"narHash": "sha256-abrrONk8vzRtY6fHEkjZOyRJpKHjPlFqMBE0+/DxfAU=",
|
||||
"lastModified": 1768493544,
|
||||
"narHash": "sha256-9qk2W/6GJWLAFXNruK/zdJ0bm3bfP50vJFbtuAjQpa4=",
|
||||
"owner": "danth",
|
||||
"repo": "stylix",
|
||||
"rev": "84d9d55885d463d461234f3aac07b2389a2577d8",
|
||||
"rev": "362306faaa7459bebf8eabf135879785f3da9bd2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1246,11 +1246,11 @@
|
||||
"tinted-schemes": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1763914658,
|
||||
"narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=",
|
||||
"lastModified": 1767817087,
|
||||
"narHash": "sha256-eGE8OYoK6HzhJt/7bOiNV2cx01IdIrHL7gXgjkHRdNo=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "schemes",
|
||||
"rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c",
|
||||
"rev": "bd99656235aab343e3d597bf196df9bc67429507",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1262,11 +1262,11 @@
|
||||
"tinted-tmux": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1764465359,
|
||||
"narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=",
|
||||
"lastModified": 1767489635,
|
||||
"narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-tmux",
|
||||
"rev": "edf89a780e239263cc691a987721f786ddc4f6aa",
|
||||
"rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1278,11 +1278,11 @@
|
||||
"tinted-zed": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1764464512,
|
||||
"narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=",
|
||||
"lastModified": 1767488740,
|
||||
"narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-zed",
|
||||
"rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a",
|
||||
"rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -27,6 +27,8 @@
|
||||
3452 # sonarqube
|
||||
8448 # synapse ssl
|
||||
8265 # tdarr
|
||||
5173 # media map
|
||||
51412 # qbittorrent
|
||||
];
|
||||
};
|
||||
nix.buildMachines = [
|
||||
@@ -90,7 +92,7 @@
|
||||
};
|
||||
lidarr-mb-gap = {
|
||||
enable = true;
|
||||
package = inputs.lidarr-mb-gap.packages.${pkgs.system}.lidarr-mb-gap;
|
||||
package = inputs.lidarr-mb-gap.packages.${pkgs.stdenv.hostPlatform.system}.lidarr-mb-gap;
|
||||
home = "/var/lib/lidarr-mb-gap";
|
||||
envFile = config.sops.secrets.lidarr-mb-gap.path;
|
||||
runInterval = "weekly";
|
||||
|
||||
@@ -81,5 +81,9 @@ in
|
||||
"audiobookshelf"
|
||||
"vaultwarden"
|
||||
"readeck"
|
||||
"keycloak"
|
||||
"oauth2-proxy"
|
||||
"isso"
|
||||
"plausible"
|
||||
];
|
||||
}
|
||||
|
||||
@@ -22,6 +22,7 @@ in
|
||||
../../config/base.nix
|
||||
../../config/stylix.nix
|
||||
../../environments/gnome.nix
|
||||
../../config/derek.nix
|
||||
];
|
||||
my = import ./toggles.nix { inherit inputs; } // {
|
||||
nix.cores = 8;
|
||||
@@ -31,6 +32,16 @@ in
|
||||
"nixserver"
|
||||
"nixminiserver"
|
||||
];
|
||||
# Example: Configure which user(s) get packages from each toggle category
|
||||
# By default, all categories install to "jawz", but you can override:
|
||||
# toggleUsers = {
|
||||
# apps = "jawz"; # Apps go to jawz (single user)
|
||||
# apps = [ "jawz" "bearded_dragonn" ]; # Or install to multiple users
|
||||
# dev = "bearded_dragonn"; # Dev tools go to bearded_dragonn
|
||||
# shell = "jawz"; # Shell tools go to jawz
|
||||
# scripts = "jawz"; # Scripts go to jawz
|
||||
# services = "jawz"; # Service user packages go to jawz
|
||||
# };
|
||||
};
|
||||
home-manager.users.jawz.programs = {
|
||||
vscode = {
|
||||
@@ -143,27 +154,7 @@ in
|
||||
acceleration = "cuda";
|
||||
models = "/srv/ai/ollama";
|
||||
};
|
||||
postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_17;
|
||||
enableTCPIP = true;
|
||||
authentication = pkgs.lib.mkOverride 10 ''
|
||||
local all all trust
|
||||
host all all ${config.my.localhost}/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
ensureDatabases = [ "webref" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "webref";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
programs.virt-manager.enable = true;
|
||||
users.groups.libvirtd.members = [ "jawz" ];
|
||||
virtualisation.libvirtd.enable = true;
|
||||
systemd.services.minio-init = {
|
||||
description = "Initialize MinIO buckets";
|
||||
after = [ "minio.service" ];
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -39,5 +40,9 @@ in
|
||||
apps.art.enable = lib.mkEnableOption "digital art and creative applications";
|
||||
dev.gameDev.enable = lib.mkEnableOption "game development tools and engines";
|
||||
};
|
||||
config.users.users.jawz.packages = artPackages ++ gameDevPackages;
|
||||
config.users.users =
|
||||
let
|
||||
packages = artPackages ++ gameDevPackages;
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.apps packages;
|
||||
}
|
||||
|
||||
@@ -1,21 +1,25 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
hunspell
|
||||
;
|
||||
inherit (pkgs.hunspellDicts)
|
||||
it_IT
|
||||
es_MX
|
||||
en_CA-large
|
||||
;
|
||||
};
|
||||
in
|
||||
{
|
||||
options.my.apps.dictionaries.enable = lib.mkEnableOption "dictionaries and language tools";
|
||||
config = lib.mkIf config.my.apps.dictionaries.enable {
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
hunspell
|
||||
;
|
||||
inherit (pkgs.hunspellDicts)
|
||||
it_IT
|
||||
es_MX
|
||||
en_CA-large
|
||||
;
|
||||
};
|
||||
users.users = inputs.self.lib.mkUserPackages lib config.my.toggleUsers.apps packages;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
inputs,
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -50,23 +50,27 @@ in
|
||||
# environmentFile = config.sops.secrets.switch-presence.path;
|
||||
# };
|
||||
};
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit retroarchWithCores;
|
||||
inherit (pkgs)
|
||||
shipwright # zelda OoT port
|
||||
mangohud # fps & stats overlay
|
||||
lutris # games launcher & emulator hub
|
||||
cartridges # games launcher
|
||||
gamemode # optimizes linux to have better gaming performance
|
||||
heroic # install epic games
|
||||
protonup-qt # update proton-ge
|
||||
ns-usbloader # load games into my switch
|
||||
# emulators
|
||||
rpcs3 # ps3
|
||||
cemu # wii u
|
||||
ryubing # switch
|
||||
prismlauncher # minecraft launcher with jdk overlays
|
||||
;
|
||||
};
|
||||
users.users =
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
inherit retroarchWithCores;
|
||||
inherit (pkgs)
|
||||
shipwright # zelda OoT port
|
||||
mangohud # fps & stats overlay
|
||||
lutris # games launcher & emulator hub
|
||||
cartridges # games launcher
|
||||
gamemode # optimizes linux to have better gaming performance
|
||||
heroic # install epic games
|
||||
protonup-qt # update proton-ge
|
||||
ns-usbloader # load games into my switch
|
||||
# emulators
|
||||
rpcs3 # ps3
|
||||
cemu # wii u
|
||||
ryubing # switch
|
||||
prismlauncher # minecraft launcher with jdk overlays
|
||||
;
|
||||
};
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.apps packages;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -29,24 +30,30 @@ in
|
||||
{
|
||||
options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps";
|
||||
config = lib.mkIf config.my.apps.internet.enable {
|
||||
home-manager.users.jawz.programs.librewolf = import ./librewolf.nix;
|
||||
home-manager.users = inputs.self.lib.mkHomeManagerUsers lib config.my.toggleUsers.apps (_user: {
|
||||
programs.librewolf = import ./librewolf.nix;
|
||||
});
|
||||
programs.geary.enable = true;
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
# inherit (inputs.zen-browser.packages.x86_64-linux) twilight;
|
||||
inherit krisp-patcher;
|
||||
inherit (pkgs)
|
||||
# thunderbird # email client
|
||||
warp # transfer files with based ppl
|
||||
nextcloud-client # self-hosted google-drive alternative
|
||||
fragments # beautiful torrent client
|
||||
tor-browser # dark web, so dark!
|
||||
telegram-desktop # furry chat
|
||||
nicotine-plus # remember Ares?
|
||||
discord # :3
|
||||
vdhcoapp # video download helper assistant
|
||||
nextcloud-talk-desktop # nextcloud talk client
|
||||
fractal # matrix client
|
||||
;
|
||||
};
|
||||
users.users =
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
# inherit (inputs.zen-browser.packages.x86_64-linux) twilight;
|
||||
inherit krisp-patcher;
|
||||
inherit (pkgs)
|
||||
# thunderbird # email client
|
||||
warp # transfer files with based ppl
|
||||
nextcloud-client # self-hosted google-drive alternative
|
||||
fragments # beautiful torrent client
|
||||
tor-browser # dark web, so dark!
|
||||
telegram-desktop # furry chat
|
||||
nicotine-plus # remember Ares?
|
||||
discord # :3
|
||||
vdhcoapp # video download helper assistant
|
||||
nextcloud-talk-desktop # nextcloud talk client
|
||||
fractal # matrix client
|
||||
;
|
||||
};
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.apps packages;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -7,13 +8,17 @@
|
||||
{
|
||||
options.my.apps.misc.enable = lib.mkEnableOption "miscellaneous desktop applications";
|
||||
config = lib.mkIf config.my.apps.misc.enable {
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
blanket # background noise
|
||||
metadata-cleaner # remove any metadata and geolocation from files
|
||||
pika-backup # backups
|
||||
gnome-obfuscate # censor private information
|
||||
;
|
||||
};
|
||||
users.users =
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
blanket # background noise
|
||||
metadata-cleaner # remove any metadata and geolocation from files
|
||||
pika-backup # backups
|
||||
gnome-obfuscate # censor private information
|
||||
;
|
||||
};
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.apps packages;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -7,15 +8,19 @@
|
||||
{
|
||||
options.my.apps.multimedia.enable = lib.mkEnableOption "multimedia applications and media players";
|
||||
config = lib.mkIf config.my.apps.multimedia.enable {
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
curtail # image compressor
|
||||
easyeffects # equalizer
|
||||
identity # compare images or videos
|
||||
mousai # poor man shazam
|
||||
shortwave # listen to world radio
|
||||
tagger # tag music files
|
||||
;
|
||||
};
|
||||
users.users =
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
curtail # image compressor
|
||||
easyeffects # equalizer
|
||||
identity # compare images or videos
|
||||
mousai # poor man shazam
|
||||
shortwave # listen to world radio
|
||||
tagger # tag music files
|
||||
;
|
||||
};
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.apps packages;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -7,12 +8,16 @@
|
||||
{
|
||||
options.my.apps.piano.enable = lib.mkEnableOption "piano learning and music theory apps";
|
||||
config = lib.mkIf config.my.apps.piano.enable {
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
neothesia
|
||||
linthesia
|
||||
timidity
|
||||
;
|
||||
};
|
||||
users.users =
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
neothesia
|
||||
linthesia
|
||||
timidity
|
||||
;
|
||||
};
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.apps packages;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -8,15 +9,19 @@
|
||||
options.my.apps.office.enable = lib.mkEnableOption "office applications and productivity tools";
|
||||
config = lib.mkIf config.my.apps.office.enable {
|
||||
environment.variables.CALIBRE_USE_SYSTEM_THEME = "1";
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
jre17_minimal # for libreoffice extensions
|
||||
libreoffice # office, but based & european
|
||||
calibre # ugly af eBook library manager
|
||||
newsflash # feed reader, syncs with nextcloud
|
||||
furtherance # I packaged this one tehee track time utility
|
||||
# planify # let's pretend I will organize my tasks
|
||||
;
|
||||
};
|
||||
users.users =
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
jre17_minimal # for libreoffice extensions
|
||||
libreoffice # office, but based & european
|
||||
calibre # ugly af eBook library manager
|
||||
newsflash # feed reader, syncs with nextcloud
|
||||
furtherance # I packaged this one tehee track time utility
|
||||
# planify # let's pretend I will organize my tasks
|
||||
;
|
||||
};
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.apps packages;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -31,6 +32,6 @@ in
|
||||
};
|
||||
};
|
||||
config = lib.mkIf config.my.dev.cc.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -29,7 +30,7 @@ in
|
||||
};
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf config.my.dev.docker.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
})
|
||||
{
|
||||
environment.variables.DOCKER_CONFIG = "\${XDG_CONFIG_HOME}/docker";
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
{
|
||||
options.my.emacs.enable = lib.mkEnableOption "Doom Emacs configuration";
|
||||
config = lib.mkIf config.my.emacs.enable {
|
||||
home-manager.users.jawz = {
|
||||
home-manager.users = inputs.self.lib.mkHomeManagerUsers lib config.my.toggleUsers.dev (_user: {
|
||||
xdg.dataFile = {
|
||||
"doom/templates/events.org".source = ../../dotfiles/doom/templates/events.org;
|
||||
"doom/templates/default.org".source = ../../dotfiles/doom/templates/default.org;
|
||||
@@ -21,30 +21,34 @@
|
||||
edit = "emacsclient -t";
|
||||
e = "edit";
|
||||
};
|
||||
};
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs.xorg) xwininfo;
|
||||
inherit (pkgs)
|
||||
#emacs everywhere
|
||||
xdotool
|
||||
xclip
|
||||
wl-clipboard-rs
|
||||
fd # modern find, faster searches
|
||||
fzf # fuzzy finder! super cool and useful
|
||||
ripgrep # modern grep
|
||||
tree-sitter # code parsing based on symbols and shit, I do not get it
|
||||
graphviz # graphs
|
||||
tetex # export pdf
|
||||
languagetool # proofreader for English
|
||||
# lsps
|
||||
yaml-language-server
|
||||
markdownlint-cli
|
||||
;
|
||||
inherit (pkgs.nodePackages)
|
||||
vscode-json-languageserver
|
||||
prettier # multi-language linter
|
||||
;
|
||||
};
|
||||
});
|
||||
users.users =
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
inherit (pkgs.xorg) xwininfo;
|
||||
inherit (pkgs)
|
||||
#emacs everywhere
|
||||
xdotool
|
||||
xclip
|
||||
wl-clipboard-rs
|
||||
fd # modern find, faster searches
|
||||
fzf # fuzzy finder! super cool and useful
|
||||
ripgrep # modern grep
|
||||
tree-sitter # code parsing based on symbols and shit, I do not get it
|
||||
graphviz # graphs
|
||||
tetex # export pdf
|
||||
languagetool # proofreader for English
|
||||
# lsps
|
||||
yaml-language-server
|
||||
markdownlint-cli
|
||||
;
|
||||
inherit (pkgs.nodePackages)
|
||||
vscode-json-languageserver
|
||||
prettier # multi-language linter
|
||||
;
|
||||
};
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.dev packages;
|
||||
services.emacs = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
@@ -55,7 +59,8 @@
|
||||
extraPackages =
|
||||
epkgs:
|
||||
let
|
||||
inherit (config.home-manager.users.jawz.programs.emacs)
|
||||
inherit
|
||||
(config.home-manager.users.${inputs.self.lib.getFirstUser config.my.toggleUsers.dev}.programs.emacs)
|
||||
extraPackages
|
||||
extraConfig
|
||||
;
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -38,7 +39,7 @@ in
|
||||
environment.variables = { inherit GOPATH; };
|
||||
}
|
||||
(lib.mkIf config.my.dev.go.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -33,7 +34,7 @@ in
|
||||
};
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf config.my.dev.haskell.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
})
|
||||
{
|
||||
environment.variables = {
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -27,16 +28,18 @@ in
|
||||
};
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf config.my.dev.javascript.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
})
|
||||
{
|
||||
home-manager.users.jawz.xdg.configFile = {
|
||||
"npm/npmrc".source = ../../dotfiles/npmrc;
|
||||
"configstore/update-notifier-npm-check.json".text = builtins.toJSON {
|
||||
optOut = false;
|
||||
lastUpdateCheck = 1646662583446;
|
||||
home-manager.users = inputs.self.lib.mkHomeManagerUsers lib config.my.toggleUsers.dev (_user: {
|
||||
xdg.configFile = {
|
||||
"npm/npmrc".source = ../../dotfiles/npmrc;
|
||||
"configstore/update-notifier-npm-check.json".text = builtins.toJSON {
|
||||
optOut = false;
|
||||
lastUpdateCheck = 1646662583446;
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
environment.variables = {
|
||||
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
|
||||
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -25,6 +26,6 @@ in
|
||||
};
|
||||
};
|
||||
config = lib.mkIf config.my.dev.julia.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
};
|
||||
}
|
||||
|
||||
@@ -33,20 +33,20 @@ in
|
||||
};
|
||||
};
|
||||
config = lib.mkIf config.my.dev.nix.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
home-manager.users.jawz.programs.${shellType}.shellAliases =
|
||||
inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
|
||||
{
|
||||
nixformat = ''
|
||||
deadnix -e && \
|
||||
nix run nixpkgs#nixfmt-tree && \
|
||||
statix fix
|
||||
'';
|
||||
nix-push-cache = ''
|
||||
nix build $NH_FLAKE#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel \
|
||||
--print-out-paths --fallback --max-jobs 100 --cores 0 |
|
||||
nix run nixpkgs#attic-client -- push lan:nixos --stdin
|
||||
'';
|
||||
};
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
home-manager.users = inputs.self.lib.mkHomeManagerUsers lib config.my.toggleUsers.dev (_user: {
|
||||
programs.${shellType}.shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
|
||||
nixformat = ''
|
||||
deadnix -e && \
|
||||
nix run nixpkgs#nixfmt-tree && \
|
||||
statix fix
|
||||
'';
|
||||
nix-push-cache = ''
|
||||
nix build $NH_FLAKE#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel \
|
||||
--print-out-paths --fallback --max-jobs 100 --cores 0 |
|
||||
nix run nixpkgs#attic-client -- push lan:nixos --stdin
|
||||
'';
|
||||
};
|
||||
});
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -46,10 +47,12 @@ in
|
||||
};
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf config.my.dev.python.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
})
|
||||
{
|
||||
home-manager.users.jawz.xdg.configFile."python/pythonrc".source = ../../dotfiles/pythonrc;
|
||||
home-manager.users = inputs.self.lib.mkHomeManagerUsers lib config.my.toggleUsers.dev (_user: {
|
||||
xdg.configFile."python/pythonrc".source = ../../dotfiles/pythonrc;
|
||||
});
|
||||
environment.variables.PYTHONSTARTUP = "\${XDG_CONFIG_HOME}/python/pythonrc";
|
||||
}
|
||||
];
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -27,7 +28,7 @@ in
|
||||
};
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf config.my.dev.ruby.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
})
|
||||
{
|
||||
environment.variables = {
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -32,7 +33,7 @@ in
|
||||
};
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf config.my.dev.rust.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
})
|
||||
{
|
||||
environment.variables.CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -30,6 +31,6 @@ in
|
||||
};
|
||||
};
|
||||
config = lib.mkIf config.my.dev.sh.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -28,6 +29,6 @@ in
|
||||
};
|
||||
};
|
||||
config = lib.mkIf config.my.dev.zig.enable {
|
||||
users.users.jawz = { inherit packages; };
|
||||
users.users = inputs.self.lib.mkUserAttrs lib config.my.toggleUsers.dev { inherit packages; };
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -36,10 +37,14 @@
|
||||
description = "Configuration for multiple scripts.";
|
||||
};
|
||||
config = lib.mkIf (lib.any (s: s.enable) (lib.attrValues config.my.scripts)) {
|
||||
users.users.jawz.packages =
|
||||
config.my.scripts
|
||||
|> lib.mapAttrsToList (_name: script: lib.optional (script.enable && script.install) script.package)
|
||||
|> lib.flatten;
|
||||
users.users =
|
||||
let
|
||||
packages =
|
||||
config.my.scripts
|
||||
|> lib.mapAttrsToList (_name: script: lib.optional (script.enable && script.install) script.package)
|
||||
|> lib.flatten;
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.scripts packages;
|
||||
systemd.user.services =
|
||||
config.my.scripts
|
||||
|> lib.mapAttrs' (
|
||||
|
||||
@@ -103,6 +103,31 @@ in
|
||||
};
|
||||
enableContainers = lib.mkEnableOption "container services (Docker/Podman)";
|
||||
enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
|
||||
toggleUsers = lib.mkOption {
|
||||
type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str));
|
||||
default = {
|
||||
apps = "jawz";
|
||||
dev = "jawz";
|
||||
shell = "jawz";
|
||||
scripts = "jawz";
|
||||
services = "jawz";
|
||||
stylix = "jawz";
|
||||
};
|
||||
description = "Map toggle categories to users. Can be a single user (string) or multiple users (list). Determines which user(s) get packages from each toggle category.";
|
||||
example = {
|
||||
apps = "jawz";
|
||||
dev = "bearded_dragonn";
|
||||
shell = "jawz";
|
||||
gaming = [
|
||||
"jawz"
|
||||
"bearded_dragonn"
|
||||
];
|
||||
stylix = [
|
||||
"jawz"
|
||||
"bearded_dragonn"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
config = {
|
||||
assertions =
|
||||
|
||||
@@ -7,6 +7,8 @@
|
||||
let
|
||||
proxyReverseServices = [
|
||||
"firefox-syncserver"
|
||||
"isso"
|
||||
"plausible"
|
||||
"readeck"
|
||||
"microbin"
|
||||
"ryot"
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
cloudflare-api.sopsFile = ../../secrets/env.yaml;
|
||||
dns = {
|
||||
sopsFile = ../../secrets/env.yaml;
|
||||
owner = config.users.users.jawz.name;
|
||||
inherit (config.users.users.jawz) group;
|
||||
owner = config.users.users.${config.my.toggleUsers.scripts}.name;
|
||||
inherit (config.users.users.${config.my.toggleUsers.scripts}) group;
|
||||
};
|
||||
};
|
||||
services.cloudflare-dyndns = {
|
||||
|
||||
@@ -30,6 +30,10 @@ in
|
||||
FROM = config.my.smtpemail;
|
||||
SENDMAIL_PATH = "${pkgs.msmtp}/bin/msmtp";
|
||||
};
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
||||
};
|
||||
};
|
||||
database = {
|
||||
socket = config.my.postgresSocket;
|
||||
|
||||
39
modules/servers/isso.nix
Normal file
39
modules/servers/isso.nix
Normal file
@@ -0,0 +1,39 @@
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
let
|
||||
setup = import ../factories/mkserver.nix { inherit lib config; };
|
||||
cfg = config.my.servers.isso;
|
||||
in
|
||||
{
|
||||
options.my.servers.isso = setup.mkOptions "isso" "comments" 8180;
|
||||
config = lib.mkIf (cfg.enable && config.my.secureHost) {
|
||||
my.servers.isso.domain = "danilo-reyes.com";
|
||||
sops.secrets.isso = {
|
||||
sopsFile = ../../secrets/env.yaml;
|
||||
};
|
||||
services.isso = {
|
||||
inherit (cfg) enable;
|
||||
settings = {
|
||||
guard.require-author = true;
|
||||
server.listen = "http://${cfg.ip}:${toString cfg.port}/";
|
||||
admin = {
|
||||
enabled = true;
|
||||
password = "$ISSO_ADMIN_PASSWORD";
|
||||
};
|
||||
general = {
|
||||
host = "https://blog.${cfg.domain}";
|
||||
max-age = "1h";
|
||||
gravatar = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.services.isso = {
|
||||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
serviceConfig.EnvironmentFile = config.sops.secrets.isso.path;
|
||||
};
|
||||
};
|
||||
}
|
||||
44
modules/servers/keycloak.nix
Normal file
44
modules/servers/keycloak.nix
Normal file
@@ -0,0 +1,44 @@
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
setup = import ../factories/mkserver.nix { inherit lib config; };
|
||||
cfg = config.my.servers.keycloak;
|
||||
in
|
||||
{
|
||||
options.my.servers.keycloak = setup.mkOptions "keycloak" "auth" 8090;
|
||||
config = lib.mkIf (cfg.enable && config.my.secureHost) {
|
||||
sops.secrets.postgres-password.sopsFile = ../../secrets/secrets.yaml;
|
||||
sops.secrets.keycloak = {
|
||||
sopsFile = ../../secrets/env.yaml;
|
||||
restartUnits = [ "keycloak.service" ];
|
||||
};
|
||||
services.keycloak = {
|
||||
inherit (cfg) enable;
|
||||
database = {
|
||||
type = "postgresql";
|
||||
host = "localhost";
|
||||
createLocally = false;
|
||||
username = "keycloak";
|
||||
name = "keycloak";
|
||||
passwordFile = config.sops.secrets.postgres-password.path;
|
||||
};
|
||||
settings = {
|
||||
hostname = cfg.host;
|
||||
hostname-strict = true;
|
||||
hostname-strict-https = false;
|
||||
http-enabled = true;
|
||||
http-port = cfg.port;
|
||||
http-host = cfg.ip;
|
||||
proxy-headers = "xforwarded";
|
||||
};
|
||||
};
|
||||
systemd.services.keycloak.serviceConfig.EnvironmentFile = config.sops.secrets.keycloak.path;
|
||||
services.nginx.virtualHosts.${cfg.host} = lib.mkIf (cfg.enableProxy && config.my.enableProxy) (
|
||||
inputs.self.lib.proxyReverseFix cfg
|
||||
);
|
||||
};
|
||||
}
|
||||
@@ -17,7 +17,7 @@ in
|
||||
TZ = config.my.timeZone;
|
||||
DEFAULT_GROUP = "Home";
|
||||
BASE_URL = cfg.url;
|
||||
API_DOCS = "false";
|
||||
API_DOCS = "true";
|
||||
ALLOW_SIGNUP = "false";
|
||||
DB_ENGINE = "postgres";
|
||||
POSTGRES_URL_OVERRIDE = "postgresql://${cfg.name}:@/${cfg.name}?host=${config.my.postgresSocket}";
|
||||
@@ -25,6 +25,13 @@ in
|
||||
WEB_CONCURRENCY = "1";
|
||||
SMTP_HOST = "smtp.gmail.com";
|
||||
SMTP_PORT = "587";
|
||||
OIDC_AUTH_ENABLED = "true";
|
||||
OIDC_SIGNUP_ENABLED = "true";
|
||||
OIDC_CLIENT_ID = "mealie";
|
||||
OIDC_ADMIN_GROUP = "/admins";
|
||||
OIDC_USER_CLAIM = "email";
|
||||
OIDC_PROVIDER_NAME = "keycloak";
|
||||
OIDC_SIGNING_ALGORITHM = "RS256";
|
||||
};
|
||||
credentialsFile = config.sops.secrets.mealie.path;
|
||||
};
|
||||
|
||||
@@ -10,7 +10,7 @@ in
|
||||
{
|
||||
options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881;
|
||||
config.virtualisation.oci-containers.containers.metube = lib.mkIf cfg.enable {
|
||||
image = "ghcr.io/alexta69/metube:latest";
|
||||
image = "ghcr.io/alexta69/metube:2026.01.02";
|
||||
ports = [ "${toString cfg.port}:8081" ];
|
||||
volumes = [
|
||||
"${config.my.containerData}/metube:/downloads"
|
||||
|
||||
51
modules/servers/oauth2-proxy.nix
Normal file
51
modules/servers/oauth2-proxy.nix
Normal file
@@ -0,0 +1,51 @@
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
let
|
||||
setup = import ../factories/mkserver.nix { inherit lib config; };
|
||||
cfg = config.my.servers.oauth2-proxy;
|
||||
in
|
||||
{
|
||||
options.my.servers.oauth2-proxy = setup.mkOptions "oauth2-proxy" "auth-proxy" 4180;
|
||||
config = lib.mkIf (cfg.enable && config.my.secureHost) {
|
||||
sops.secrets.oauth2-proxy = {
|
||||
sopsFile = ../../secrets/env.yaml;
|
||||
restartUnits = [ "oauth2-proxy.service" ];
|
||||
};
|
||||
sops.secrets.oauth2-proxy-cookie = {
|
||||
sopsFile = ../../secrets/secrets.yaml;
|
||||
restartUnits = [ "oauth2-proxy.service" ];
|
||||
};
|
||||
services.oauth2-proxy = {
|
||||
inherit (cfg) enable;
|
||||
provider = "keycloak-oidc";
|
||||
clientID = "oauth2-proxy";
|
||||
keyFile = config.sops.secrets.oauth2-proxy.path;
|
||||
oidcIssuerUrl = "${config.my.servers.keycloak.url}/realms/homelab";
|
||||
httpAddress = "${cfg.ip}:${toString cfg.port}";
|
||||
email.domains = [ "*" ];
|
||||
cookie = {
|
||||
name = "_oauth2_proxy";
|
||||
secure = true;
|
||||
expire = "168h";
|
||||
refresh = "1h";
|
||||
domain = ".lebubu.org";
|
||||
secret = config.sops.secrets.oauth2-proxy-cookie.path;
|
||||
};
|
||||
extraConfig = {
|
||||
skip-auth-route = [ "^/ping$" ];
|
||||
set-xauthrequest = true;
|
||||
pass-access-token = true;
|
||||
pass-user-headers = true;
|
||||
request-logging = true;
|
||||
auth-logging = true;
|
||||
session-store-type = "cookie";
|
||||
skip-provider-button = true;
|
||||
code-challenge-method = "S256";
|
||||
whitelist-domain = [ ".lebubu.org" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,21 +1,28 @@
|
||||
{ lib, config, ... }:
|
||||
let
|
||||
cfg = config.my.servers.paperless;
|
||||
inherit (config.services.paperless) port;
|
||||
in
|
||||
{
|
||||
options.my.servers.paperless.enable = lib.mkEnableOption "Paperless-ngx document management system";
|
||||
config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
|
||||
networking.firewall.allowedTCPPorts = [ config.services.paperless.port ];
|
||||
networking.firewall.allowedTCPPorts = [ port ];
|
||||
services.paperless = {
|
||||
inherit (cfg) enable;
|
||||
address = "0.0.0.0";
|
||||
address = config.my.ips.server;
|
||||
consumptionDirIsPublic = true;
|
||||
consumptionDir = "/srv/pool/scans/";
|
||||
settings = {
|
||||
PAPERLESS_ACCOUNT_DEFAULT_HTTP_PROTOCOL = "http";
|
||||
PAPERLESS_URL = "http://${config.my.ips.server}:${builtins.toString port}";
|
||||
PAPERLESS_DBENGINE = "postgress";
|
||||
PAPERLESS_DBNAME = "paperless";
|
||||
PAPERLESS_DBHOST = config.my.postgresSocket;
|
||||
PAPERLESS_TIME_ZONE = config.my.timeZone;
|
||||
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
|
||||
PAPERLESS_ACCOUNT_ALLOW_SIGNUPS = false;
|
||||
PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS = true;
|
||||
PAPERLESS_SOCIAL_AUTO_SIGNUP = true;
|
||||
PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [
|
||||
".DS_STORE/*"
|
||||
"desktop.ini"
|
||||
|
||||
27
modules/servers/plausible.nix
Normal file
27
modules/servers/plausible.nix
Normal file
@@ -0,0 +1,27 @@
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
let
|
||||
setup = import ../factories/mkserver.nix { inherit lib config; };
|
||||
cfg = config.my.servers.plausible;
|
||||
in
|
||||
{
|
||||
options.my.servers.plausible = setup.mkOptions "plausible" "analytics" 8439;
|
||||
config = lib.mkIf (cfg.enable && config.my.secureHost) {
|
||||
sops.secrets.plausible.sopsFile = ../../secrets/secrets.yaml;
|
||||
services.plausible = {
|
||||
inherit (cfg) enable;
|
||||
database.postgres.socket = config.my.postgresSocket;
|
||||
mail.email = config.my.smtpemail;
|
||||
server = {
|
||||
inherit (cfg) port;
|
||||
baseUrl = cfg.url;
|
||||
listenAddress = cfg.ip;
|
||||
secretKeybaseFile = config.sops.secrets.plausible.path;
|
||||
disableRegistration = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -40,6 +40,8 @@ let
|
||||
"sonarqube"
|
||||
"gitea"
|
||||
"atticd"
|
||||
"keycloak"
|
||||
"webref"
|
||||
];
|
||||
in
|
||||
{
|
||||
|
||||
@@ -7,10 +7,6 @@
|
||||
}:
|
||||
let
|
||||
inherit (inputs) qbit_manage;
|
||||
pkgsU = import inputs.nixpkgs-unstable {
|
||||
system = "x86_64-linux";
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
vuetorrent = pkgs.fetchzip {
|
||||
url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.31.0/vuetorrent.zip";
|
||||
sha256 = "sha256-kVDnDoCoJlY2Ew71lEMeE67kNOrKTJEMqNj2OfP01qw=";
|
||||
|
||||
@@ -37,7 +37,7 @@ in
|
||||
};
|
||||
services.stash = {
|
||||
inherit (cfg) enable;
|
||||
group = "piracy";
|
||||
group = "glue";
|
||||
mutableSettings = true;
|
||||
username = "Suing8150";
|
||||
passwordFile = config.sops.secrets."stash/password".path;
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -13,7 +14,11 @@ in
|
||||
{
|
||||
options.my.services.printing.enable = lib.mkEnableOption "printing services and drivers";
|
||||
config = lib.mkIf config.my.services.printing.enable {
|
||||
users.users.jawz.packages = [ pkgs.simple-scan ];
|
||||
users.users =
|
||||
let
|
||||
packages = [ pkgs.simple-scan ];
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.services packages;
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = printingDrivers;
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -14,7 +15,11 @@
|
||||
description = "The shell to use system-wide (bash or zsh)";
|
||||
};
|
||||
config = {
|
||||
users.users.jawz.shell = pkgs.${config.my.shell.type};
|
||||
users.users = lib.mkMerge (
|
||||
map (user: {
|
||||
${user}.shell = pkgs.${config.my.shell.type};
|
||||
}) (inputs.self.lib.normalizeUsers config.my.toggleUsers.shell)
|
||||
);
|
||||
programs.zsh.enable = config.my.shell.type == "zsh";
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
@@ -7,11 +8,15 @@
|
||||
{
|
||||
options.my.shell.exercism.enable = lib.mkEnableOption "Exercism coding practice platform";
|
||||
config = lib.mkIf config.my.shell.exercism.enable {
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
exercism # learn to code
|
||||
bats # testing system, required by Exercism
|
||||
;
|
||||
};
|
||||
users.users =
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
exercism # learn to code
|
||||
bats # testing system, required by Exercism
|
||||
;
|
||||
};
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.shell packages;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -8,41 +8,52 @@
|
||||
{
|
||||
options.my.shell.multimedia.enable = lib.mkEnableOption "multimedia CLI tools and codecs";
|
||||
config = lib.mkIf config.my.shell.multimedia.enable {
|
||||
sops.secrets."gallery-dl/secrets" = {
|
||||
sopsFile = ../../secrets/gallery.yaml;
|
||||
owner = "jawz";
|
||||
mode = "0400";
|
||||
};
|
||||
home-manager.users.jawz.programs = {
|
||||
yt-dlp = {
|
||||
enable = true;
|
||||
settings = {
|
||||
embed-thumbnail = true;
|
||||
embed-subs = true;
|
||||
sub-langs = "all";
|
||||
cookies-from-browser = "firefox+gnomekeyring:/home/jawz/.librewolf/jawz";
|
||||
sops.secrets."gallery-dl/secrets" =
|
||||
let
|
||||
# Use first user for secret ownership
|
||||
user = inputs.self.lib.getFirstUser config.my.toggleUsers.shell;
|
||||
in
|
||||
{
|
||||
sopsFile = ../../secrets/gallery.yaml;
|
||||
owner = user;
|
||||
mode = "0400";
|
||||
};
|
||||
home-manager.users = inputs.self.lib.mkHomeManagerUsers lib config.my.toggleUsers.shell (user: {
|
||||
programs = {
|
||||
yt-dlp = {
|
||||
enable = true;
|
||||
settings = {
|
||||
embed-thumbnail = true;
|
||||
embed-subs = true;
|
||||
sub-langs = "all";
|
||||
cookies-from-browser = "firefox+gnomekeyring:/home/${user}/.librewolf/${user}";
|
||||
};
|
||||
};
|
||||
gallery-dl = {
|
||||
enable = true;
|
||||
settings = inputs.self.lib.importDotfile ../../dotfiles/gallery-dl.nix;
|
||||
};
|
||||
${config.my.shell.type} = {
|
||||
initExtra = lib.mkAfter ''
|
||||
if [ -r "${config.sops.secrets."gallery-dl/secrets".path}" ]; then
|
||||
set -a # automatically export all variables
|
||||
source "${config.sops.secrets."gallery-dl/secrets".path}"
|
||||
set +a # stop automatically exporting
|
||||
fi
|
||||
'';
|
||||
};
|
||||
};
|
||||
gallery-dl = {
|
||||
enable = true;
|
||||
settings = inputs.self.lib.importDotfile ../../dotfiles/gallery-dl.nix;
|
||||
};
|
||||
${config.my.shell.type} = {
|
||||
initExtra = lib.mkAfter ''
|
||||
if [ -r "${config.sops.secrets."gallery-dl/secrets".path}" ]; then
|
||||
set -a # automatically export all variables
|
||||
source "${config.sops.secrets."gallery-dl/secrets".path}"
|
||||
set +a # stop automatically exporting
|
||||
fi
|
||||
'';
|
||||
};
|
||||
};
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
ffmpeg # not ffmpreg, the coolest video conversion tool!
|
||||
imagemagick # photoshop what??
|
||||
ffpb # make ffmpeg encoding... a bit fun
|
||||
;
|
||||
};
|
||||
});
|
||||
users.users =
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
ffmpeg # not ffmpreg, the coolest video conversion tool!
|
||||
imagemagick # photoshop what??
|
||||
ffpb # make ffmpeg encoding... a bit fun
|
||||
;
|
||||
};
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.shell packages;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -11,80 +11,82 @@ in
|
||||
{
|
||||
options.my.shell.tools.enable = lib.mkEnableOption "shell tools and utilities";
|
||||
config = lib.mkIf config.my.shell.tools.enable {
|
||||
home-manager.users.jawz.programs = {
|
||||
hstr.enable = true;
|
||||
htop = {
|
||||
enable = true;
|
||||
package = pkgs.htop-vim;
|
||||
};
|
||||
eza = {
|
||||
enable = true;
|
||||
git = true;
|
||||
icons = "auto";
|
||||
};
|
||||
zoxide = {
|
||||
enable = true;
|
||||
enableBashIntegration = shellType == "bash";
|
||||
enableZshIntegration = shellType == "zsh";
|
||||
};
|
||||
bat = {
|
||||
enable = true;
|
||||
config.pager = "less -FR";
|
||||
extraPackages = builtins.attrValues {
|
||||
inherit (pkgs.bat-extras)
|
||||
batman # man pages
|
||||
batpipe # piping
|
||||
batgrep # ripgrep
|
||||
batdiff # this is getting crazy!
|
||||
batwatch # probably my next best friend
|
||||
prettybat # trans your sourcecode!
|
||||
;
|
||||
home-manager.users = inputs.self.lib.mkHomeManagerUsers lib config.my.toggleUsers.shell (user: {
|
||||
programs = {
|
||||
hstr.enable = true;
|
||||
htop = {
|
||||
enable = true;
|
||||
package = pkgs.htop-vim;
|
||||
};
|
||||
};
|
||||
password-store = {
|
||||
enable = false;
|
||||
package = pkgs.gopass;
|
||||
settings = {
|
||||
PASSWORD_STORE_AUTOCLIP = "true";
|
||||
PASSWORD_STORE_AUTOIMPORT = "false";
|
||||
PASSWORD_STORE_CLIPTIMEOUT = "45";
|
||||
PASSWORD_STORE_EXPORTKEYS = "false";
|
||||
PASSWORD_STORE_NOPAGER = "false";
|
||||
PASSWORD_STORE_NOTIFICATIONS = "false";
|
||||
PASSWORD_STORE_PARSING = "true";
|
||||
PASSWORD_STORE_PATH = "/home/jawz/.local/share/pass";
|
||||
PASSWORD_STORE_SAFECONTENT = "true";
|
||||
eza = {
|
||||
enable = true;
|
||||
git = true;
|
||||
icons = "auto";
|
||||
};
|
||||
};
|
||||
${shellType} = {
|
||||
shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
|
||||
cd = "z";
|
||||
hh = "hstr";
|
||||
ls = "eza --icons --group-directories-first";
|
||||
rm = "trash";
|
||||
b = "bat";
|
||||
f = "fzf --multi --exact -i";
|
||||
unique-extensions = ''
|
||||
fd -tf | rev | cut -d. -f1 | rev |
|
||||
tr '[:upper:]' '[:lower:]' | sort |
|
||||
uniq --count | sort -rn'';
|
||||
zoxide = {
|
||||
enable = true;
|
||||
enableBashIntegration = shellType == "bash";
|
||||
enableZshIntegration = shellType == "zsh";
|
||||
};
|
||||
}
|
||||
//
|
||||
inputs.self.lib.shellConditional shellType
|
||||
''
|
||||
if command -v fzf-share >/dev/null; then
|
||||
source "$(fzf-share)/key-bindings.bash"
|
||||
source "$(fzf-share)/completion.bash"
|
||||
fi
|
||||
''
|
||||
''
|
||||
if command -v fzf-share >/dev/null; then
|
||||
source "$(fzf-share)/key-bindings.bash"
|
||||
source "$(fzf-share)/completion.bash"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
bat = {
|
||||
enable = true;
|
||||
config.pager = "less -FR";
|
||||
extraPackages = builtins.attrValues {
|
||||
inherit (pkgs.bat-extras)
|
||||
batman # man pages
|
||||
batpipe # piping
|
||||
batgrep # ripgrep
|
||||
batdiff # this is getting crazy!
|
||||
batwatch # probably my next best friend
|
||||
prettybat # trans your sourcecode!
|
||||
;
|
||||
};
|
||||
};
|
||||
password-store = {
|
||||
enable = false;
|
||||
package = pkgs.gopass;
|
||||
settings = {
|
||||
PASSWORD_STORE_AUTOCLIP = "true";
|
||||
PASSWORD_STORE_AUTOIMPORT = "false";
|
||||
PASSWORD_STORE_CLIPTIMEOUT = "45";
|
||||
PASSWORD_STORE_EXPORTKEYS = "false";
|
||||
PASSWORD_STORE_NOPAGER = "false";
|
||||
PASSWORD_STORE_NOTIFICATIONS = "false";
|
||||
PASSWORD_STORE_PARSING = "true";
|
||||
PASSWORD_STORE_PATH = "/home/${user}/.local/share/pass";
|
||||
PASSWORD_STORE_SAFECONTENT = "true";
|
||||
};
|
||||
};
|
||||
${shellType} = {
|
||||
shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
|
||||
cd = "z";
|
||||
hh = "hstr";
|
||||
ls = "eza --icons --group-directories-first";
|
||||
rm = "trash";
|
||||
b = "bat";
|
||||
f = "fzf --multi --exact -i";
|
||||
unique-extensions = ''
|
||||
fd -tf | rev | cut -d. -f1 | rev |
|
||||
tr '[:upper:]' '[:lower:]' | sort |
|
||||
uniq --count | sort -rn'';
|
||||
};
|
||||
}
|
||||
//
|
||||
inputs.self.lib.shellConditional shellType
|
||||
''
|
||||
if command -v fzf-share >/dev/null; then
|
||||
source "$(fzf-share)/key-bindings.bash"
|
||||
source "$(fzf-share)/completion.bash"
|
||||
fi
|
||||
''
|
||||
''
|
||||
if command -v fzf-share >/dev/null; then
|
||||
source "$(fzf-share)/key-bindings.bash"
|
||||
source "$(fzf-share)/completion.bash"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
});
|
||||
programs = {
|
||||
starship.enable = true;
|
||||
tmux.enable = true;
|
||||
@@ -94,21 +96,25 @@ in
|
||||
vimAlias = true;
|
||||
};
|
||||
};
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
ripgrep # modern grep
|
||||
dust # rusty du similar to gdu
|
||||
fd # modern find, faster searches
|
||||
fzf # fuzzy finder! super cool and useful
|
||||
gdu # disk-space utility checker, somewhat useful
|
||||
tealdeer # man for retards
|
||||
trash-cli # oop! did not meant to delete that
|
||||
jq # json parser
|
||||
yq # yaml parser
|
||||
smartmontools # check hard drie health
|
||||
rmlint # amazing dupe finder that integrates well with BTRFS
|
||||
;
|
||||
};
|
||||
users.users =
|
||||
let
|
||||
packages = builtins.attrValues {
|
||||
inherit (pkgs)
|
||||
ripgrep # modern grep
|
||||
dust # rusty du similar to gdu
|
||||
fd # modern find, faster searches
|
||||
fzf # fuzzy finder! super cool and useful
|
||||
gdu # disk-space utility checker, somewhat useful
|
||||
tealdeer # man for retards
|
||||
trash-cli # oop! did not meant to delete that
|
||||
jq # json parser
|
||||
yq # yaml parser
|
||||
smartmontools # check hard drie health
|
||||
rmlint # amazing dupe finder that integrates well with BTRFS
|
||||
;
|
||||
};
|
||||
in
|
||||
inputs.self.lib.mkUserPackages lib config.my.toggleUsers.shell packages;
|
||||
environment.variables = {
|
||||
HISTFILE = "\${XDG_STATE_HOME}/bash/history";
|
||||
LESSHISTFILE = "-";
|
||||
|
||||
@@ -213,6 +213,30 @@ in
|
||||
windows_vm = ../secrets/ssh/ed25519_windows_vm.pub;
|
||||
};
|
||||
getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
|
||||
# Helper functions for multi-user toggle support
|
||||
normalizeUsers = users: if builtins.isString users then [ users ] else users;
|
||||
mkUserPackages =
|
||||
lib: users: packages:
|
||||
lib.mkMerge (
|
||||
map (user: {
|
||||
${user}.packages = packages;
|
||||
}) (inputs.self.lib.normalizeUsers users)
|
||||
);
|
||||
mkUserAttrs =
|
||||
lib: users: attrs:
|
||||
lib.mkMerge (
|
||||
map (user: {
|
||||
${user} = attrs;
|
||||
}) (inputs.self.lib.normalizeUsers users)
|
||||
);
|
||||
mkHomeManagerUsers =
|
||||
lib: users: fn:
|
||||
lib.mkMerge (
|
||||
map (user: {
|
||||
${user} = fn user;
|
||||
}) (inputs.self.lib.normalizeUsers users)
|
||||
);
|
||||
getFirstUser = users: if builtins.isString users then users else (builtins.head users);
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,15 +1,18 @@
|
||||
gitea: ENC[AES256_GCM,data:8o+U4qFdyIhCPNlYyflQIuLHsQHtbT6G/a0OyCUeg9DtIeABXNVFhiy4iFRuIF0=,iv:AYwqDRNML1XuzwQnD4VmI4rKWYfTJjOjibrAbI5qgcA=,tag:UPL3UlETdkoFXLihEIGcSw==,type:str]
|
||||
shiori: ENC[AES256_GCM,data:tV7+1GusZvcli8dM86xOD71dc2mzcyfQwMeTh//LDb0=,iv:ED9wR6QjQgwd9Ll/UC5FK3CyYK3b0RniC/D6Y0nGEOI=,tag:X/aopMc2vhnRW2iTphFflQ==,type:str]
|
||||
flame: ENC[AES256_GCM,data:XsYRsA2xs+juWje2Od2Yl2xIvU0OS8xMrtwtcK/0NyyRrg==,iv:FR8lHsNQNCaOy4P+7BsIjNCz+H38i5RlwLYQ4fpB2+w=,tag:61EV7H04pcr1bSX4nSvlpw==,type:str]
|
||||
ryot: ENC[AES256_GCM,data:VMWf3VqcUdyJu2Ygd3XmoqGNWY/W/VJ4213ej0FrA95kAoX+S+j0+4a4B65NtW9UheDSxD1swTXebyenJCIN/tEZwH2wj9I12akNNvSDpt/LG3d1/BZ62cvLCb5n9vyE/vcXgJVfPUqmc67pYDWLpEV/vkKjpqwNH4Y8vnapVo1ytIgsjkTuBb7VFbnRPvYs6J1M0rnaTtkVhOBoRxv+Xg3pWYCgFEXdM/Pg/WKqdHpyh+tJqR74Z91Mwv6G56ZYEDQmAp+Cn+Kk2zZ+t44UAu1SQOgYXPLep+4/PgWw/vQMuyN7GNNP6TrsX3g+ONtJtkdmGu6ArcfbRAky4vM14DxlQP4xSjYSu+FDWGJL/J4TMw6IVDuw/TDVNpMrhBmZdPujYLUW1c6GCCEchBknNfw/Wt+NyTjOzCmZLVw760jY05Fa9kcW2kz+P0iAGTviY7yJZWDctP6PrVNtG1cXc4noJqV/uJ9sQmuGWCiTzaCIIZEhwRKnvjpvZNisKPhx4tctZMWm8l9gKO/TJC/SHMIhvEazmH4v0AzCiRUzdTfnWQZGTNenDrCUetztPh/UUJbLZjhFBH3QR26w/3I5oNpUzUDhfDhcEYtfWuB7ckbkXT8nyYMfe0OR16yJTfQCdnIPBhAUi1g1ZV3jFg+OhYWxk73lPiqC1ADRNh01L1k90PMMWtLXXm6aQ28cB+iQTvvgKbDrr76U8bXoZUyEl30waOQ2HT6nDG61OBUtQHTu6/cFhfhrnU6poAD/k+L7SyqcBoMYAZJN6Us1y3SKhV/3mXVKjRwSl5XZSW+ZpcRe/Cg4bonxFBYsZyY3VjK0LC4Cj8ijh4LpYWrGWtVmWOt/gg7UQPTd81A=,iv:Oa2pvfDpfPr3pqeAg2kYIzjf8KUK9ckMfbVymM78FyE=,tag:XyjYEvWo46BliYXdDH8QrQ==,type:str]
|
||||
mealie: ENC[AES256_GCM,data:RjKqDs70lWhGN0LXPp3feQfW/WtfJlR6vX++0hwGtqcA3iepEh2Ab/36YRKbsVRBkglp0u18MusTmP0LSHUpzgCn/c/5ZzzRLGL83K3aQRlg8JtdTvzvEnLQSdE=,iv:GEfa8LwpOhkqWtLk0I5F14zkHcnFjVhVaHeLSFlDkN4=,tag:lkGcFn91hVxraMHCKF7rXQ==,type:str]
|
||||
maloja: ENC[AES256_GCM,data:yCwokfD4I1Boy2NOhOTLA3dWgUVOdSzWKIEdYC0klvYu41IGcM8bM65uYFmiOtk+jHgt6j3kO/pBBlC4w/iTElphTqFyFRGdBN4fNRntAhMzqOszBZII,iv:Vf9hfNwSTBkh2cXV7Y2fv4NA8kng2M1i7BtTXJvy4u4=,tag:KLc8sP6N2/Pp/9069E3aPQ==,type:str]
|
||||
multi-scrobbler: ENC[AES256_GCM,data:ce3dd0PKm6eyD2AqWmw+8iex/tBHgMhG8ASoOMkT3c9k6kiZabpTTFTkcouMO+s42P+qjWQAUJcJlDdYVYJZbAqw8nnxLrtYmKoBknSbbWijlR//CpgfwuuAWIyGQAGVPliuxz+lR+1cf/G2mXM+FJIfp8Sliak3v/nGg3ry0bdjbOLVoBM4rS90Jrq98ZuBrjlFVhcJTKkEHtgDv8N56wWbPL/r3cTlS9MoEu2ulCSLvfu/snr8HqJ5yssAGQ==,iv:jOJulX6o3t+W6DrD6sU7amDH7JQP/JFGBI9IM8m/sXU=,tag:jFZoLpYFXj+xplbypf3nvw==,type:str]
|
||||
vaultwarden: ENC[AES256_GCM,data:NituIOyGrYALEkuwKT0RRS1gvi3wjC6ZSAfUIejfi8xoePE6vSNztJTGsRSIh4sJnRrQIiDuKTmRKZDM6AtX/oEBsNW8MVq+lWAq/vtcO7fuTriySEungmpXhQwRZD6NsXE+9283P3s6RshpA4iipmENiW2v2/uxkIXxtTguUxfX0psWYtF6mx5/hpaoNZ523OB69m6veAxD6Pmnj+pTOAORGXHldoNrxNc35WBDdndjAZICyO873tbs22VJOWD9a66BNxtfwIPYoFkuPO6QG3nnFfyPSQ==,iv:rmDJbrP+NQ5HGdRCWSYfymP8dU9WJdMEhAg80eupgeY=,tag:kdNzgWjgeqaTCjqUCc4uWw==,type:str]
|
||||
dns: ENC[AES256_GCM,data:fQN3SOm0HzOjSjTohRAD4KlXdEu5PbQc3DvK3rLC1S4G0G4HUPkgucN6vJUwVJPiY0AB+L/iLNcqCRz8OH0qNtfnikBbDicq0OfrwjnN+VzmbwmrS6AdFo6lilbxI3Jb8YwGMrQxXg0U9F2/WVLETbzICG2KpukwIER0xxQpb51OVL+2hviGV8JpWKo66S6pug628Zc+uMJXEBPSqCpz2vXHXnXWMszP6MlqVfNm/zE=,iv:DOj0e8y+2N9eRA81nlT0kS66sXWZoLSVn0NAiUkNcDY=,tag:+0Baqs6TbTAmt3lRfncE6Q==,type:str]
|
||||
oauth2-proxy: ENC[AES256_GCM,data:MnAMX4adm8joZGaxZhgMDGf/15U2tk3dE/0dHFwETIi4JdpNvG/PUHTWGmXJrUnRrFxdZaOtGUzAMF47,iv:eEoo0YM+wt2/pCcONHM9YPRj/q4fC9OQZr+ckRsmhjY=,tag:AevxpvvRt13T5w5xwzay5w==,type:str]
|
||||
cloudflare-api: ENC[AES256_GCM,data:iNUMlY8rz5yHVitpK4HGaFSK7j+c8Pm7rOQMOQGmSJ3a8ASyrtouPgLbcnoPY/jalsJYAj991dSiui+Vwqs=,iv:qWONG/KLd9/F4tqrWF5T25Zxst3bk+kOYaOFBFSBAAY=,tag:gRFxar8KS8gnX8oaCD156Q==,type:str]
|
||||
synapse: ENC[AES256_GCM,data:IR0pFwQBEM4O8mzzYXrPe2FjulSUGuitzLDLms2uovr6gEU82mCkRO/UCQOybNm03iOQeXX0Whz739kpYSGSInEyx69BNG/etH+bMu+GbYeMdrTEyXHSa7kcH4Ug,iv:Vn2ILYXnCj+Op/E2kWoxV+2ZtlxYJxO6XK3Ql41KW6w=,tag:9wogJFLlmfM5PRgPdwFlcw==,type:str]
|
||||
readeck: ENC[AES256_GCM,data:TsIkHLji37dDHQRt78SquBhoSREHDgvgbc6+M1k2MLrgMGJ/Ejfy5AZXCIp/Qj5sXDzKP4j6Y6xFvGLswCqe02XjqGCpX13gZVCFPuKr8Nq051Xg,iv:Rc/pjYP+Vd/DvLCYsfJjDrnAlAiUlZOcNeeYzE6O3UY=,tag:OvR+CXMmrUFbsrHvduhnjA==,type:str]
|
||||
keycloak: ENC[AES256_GCM,data:BmwZxuJaOB8F7zmBNAf42lkw36s5TepimtdyT2xjdGVyuHgRHbTZqeVen7/0II39qrJjko4agZJgToIZ1uhaC/gpGSoHZlib3rJozPCqmBc42nO6SOtpIO8=,iv:kPModK85937/liNk6iLIRiQ/G5yB7S7h24ZzPb8A1zo=,tag:lWvDQAHVRiBz8XZUoADKvw==,type:str]
|
||||
ryot: ENC[AES256_GCM,data:VMWf3VqcUdyJu2Ygd3XmoqGNWY/W/VJ4213ej0FrA95kAoX+S+j0+4a4B65NtW9UheDSxD1swTXebyenJCIN/tEZwH2wj9I12akNNvSDpt/LG3d1/BZ62cvLCb5n9vyE/vcXgJVfPUqmc67pYDWLpEV/vkKjpqwNH4Y8vnapVo1ytIgsjkTuBb7VFbnRPvYs6J1M0rnaTtkVhOBoRxv+Xg3pWYCgFEXdM/Pg/WKqdHpyh+tJqR74Z91Mwv6G56ZYEDQmAp+Cn+Kk2zZ+t44UAu1SQOgYXPLep+4/PgWw/vQMuyN7GNNP6TrsX3g+ONtJtkdmGu6ArcfbRAky4vM14DxlQP4xSjYSu+FDWGJL/J4TMw6IVDuw/TDVNpMrhBmZdPujYLUW1c6GCCEchBknNfw/Wt+NyTjOzCmZLVw760jY05Fa9kcW2kz+P0iAGTviY7yJZWDctP6PrVNtG1cXc4noJqV/uJ9sQmuGWCiTzaCIIZEhwRKnvjpvZNisKPhx4tctZMWm8l9gKO/TJC/SHMIhvEazmH4v0AzCiRUzdTfnWQZGTNenDrCUetztPh/UUJbLZjhFBH3QR26w/3I5oNpUzUDhfDhcEYtfWuB7ckbkXT8nyYMfe0OR16yJTfQCdnIPBhAUi1g1ZV3jFg+OhYWxk73lPiqC1ADRNh01L1k90PMMWtLXXm6aQ28cB+iQTvvgKbDrr76U8bXoZUyEl30waOQ2HT6nDG61OBUtQHTu6/cFhfhrnU6poAD/k+L7SyqcBoMYAZJN6Us1y3SKhV/3mXVKjRwSl5XZSW+ZpcRe/Cg4bonxFBYsZyY3VjK0LC4Cj8ijh4LpYWrGWtVmWOt/gg7UQPTd81A=,iv:Oa2pvfDpfPr3pqeAg2kYIzjf8KUK9ckMfbVymM78FyE=,tag:XyjYEvWo46BliYXdDH8QrQ==,type:str]
|
||||
isso: ENC[AES256_GCM,data:yfcIsfGuEH3pcpsbBZWXbxrO39AQxHYMaNDHpjhJmwQBUnWgKSWCynIDWgUm+Gjy5r/4GP373xCSiWg3ti7MMgbmqKpd2fL886mrk/7fLMocQqW4sCfWaObzwoEjDvrjDbqAaaJxP4PDcrxOUjj3MiIzQSMPY35I02tbJKTuB6WQw+DftI5Or1/H,iv:j8qp9BSWegV2lKLDlNhlTnWtYABQFPIBEuZJQNpGMjs=,tag:zsiY5crL9bVwOXtwhAeDPw==,type:str]
|
||||
mealie: ENC[AES256_GCM,data:/XRyhFGfsSF9y2UEvWIjB05LGkYx4kbl1u5ninGEnkPkbmyRfW0TXybeVKwcX/By05KkbUk+C4N00qykmo16KpI/lRytfnsQHmutST6dV1C5CB6XiPymG8WcntwOtmUiMEwm9qqgEJfoaeFfwdY+03+GFuS2cSphGe6XN8dUOTe+IjNIO4U8U2FXtvcNEsd5SohWkbnObZScKocOSFemjjKoSySwJpK64sQwVKOyIgVECuWo1asXShvmYY3iE6coB7DEk3PaS3hj5u7neN+muZrdANBZjlFxANWDhvFLX6fplRXZLS7DE0KjTqeVjC237Q==,iv:RyRG36wUkiGIZ6l9bXY2cj7jdi8SSJLrbpkOA4uRigU=,tag:frzKD0eabB8O6UH/+pJBTw==,type:str]
|
||||
multi-scrobbler: ENC[AES256_GCM,data:ce3dd0PKm6eyD2AqWmw+8iex/tBHgMhG8ASoOMkT3c9k6kiZabpTTFTkcouMO+s42P+qjWQAUJcJlDdYVYJZbAqw8nnxLrtYmKoBknSbbWijlR//CpgfwuuAWIyGQAGVPliuxz+lR+1cf/G2mXM+FJIfp8Sliak3v/nGg3ry0bdjbOLVoBM4rS90Jrq98ZuBrjlFVhcJTKkEHtgDv8N56wWbPL/r3cTlS9MoEu2ulCSLvfu/snr8HqJ5yssAGQ==,iv:jOJulX6o3t+W6DrD6sU7amDH7JQP/JFGBI9IM8m/sXU=,tag:jFZoLpYFXj+xplbypf3nvw==,type:str]
|
||||
vaultwarden: ENC[AES256_GCM,data:6PID5tUMZ6BlyddmxumG3Z4uoxDezr8OIRJPYd7SrW1kTGUaQyewIxFajngOY3r251t61IwbKe0MwWeugpi7w2kxVJN4e0WErwUZDjBPCQxukbu81kVbUzCS3VDm1TP0fKylJUPIK3bkKKHkD5XDGo22YtuhICyaPkYXNtEEs2TCAHagBuSrVVEYPbp8as7FS1j8L47XUkjaT919w298nB8s7jNo4VvaNeHFgWVdH0oRRD/VUJj7yewXaugk+mlsRMuNd9HqxpOophIHzX2B59YG3rBA6w==,iv:Xgv4OTDJNf+atQHFAvSEYMXcW65cm7wqN9VtmDHS3MU=,tag:ZN/igsxJb025HmCriLcCZQ==,type:str]
|
||||
dns: ENC[AES256_GCM,data:fQN3SOm0HzOjSjTohRAD4KlXdEu5PbQc3DvK3rLC1S4G0G4HUPkgucN6vJUwVJPiY0AB+L/iLNcqCRz8OH0qNtfnikBbDicq0OfrwjnN+VzmbwmrS6AdFo6lilbxI3Jb8YwGMrQxXg0U9F2/WVLETbzICG2KpukwIER0xxQpb51OVL+2hviGV8JpWKo66S6pug628Zc+uMJXEBPSqCpz2vXHXnXWMszP6MlqVfNm/zE=,iv:DOj0e8y+2N9eRA81nlT0kS66sXWZoLSVn0NAiUkNcDY=,tag:+0Baqs6TbTAmt3lRfncE6Q==,type:str]
|
||||
lidarr-mb-gap: ENC[AES256_GCM,data:bNzD9Nf9BWAPkm0Yk0J4MJbmo908QX9VsD+40Rngnfec9nzH4vZ2DrelxRllgT1kgnXMQzvoSgNhBwkDN4fgX73hz1FjkytTwahlO0wcY6R+tw4aokh0QYy0TVx5pZ4u1FEQOAp3IMgBsP8HOqaL/NEsEo3yb0K9iC3AfFihkLDJmVh26Pg=,iv:go0qS7/BcfcAMPkAdGWCoL61gNqBG5lWDev++y9DJ/I=,tag:LgtEyTZH8NfhfrKTcAigZw==,type:str]
|
||||
sops:
|
||||
age:
|
||||
@@ -49,7 +52,7 @@ sops:
|
||||
QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb
|
||||
9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-11-11T23:18:34Z"
|
||||
mac: ENC[AES256_GCM,data:i3U364pjZB5Y61Wf7ETbXhNWyfH1gw0oyPcNyT+nCIJmePh8JWiP9hnHmZfLS1BKkI2powQdezbz9R0XDvU7g2SkV8EsWmn/h3rFwbopUZbeRQ2SCoX7LGFez74l1oTPQjL8zWJVdrUtfAFgbZKSEWuz7rsDieKBVhIJwWaeePY=,iv:N4z+X3eD6jH+zQfY24qec+U6wkfhLGPm4MzY8T2Km/A=,tag:yluW5YSKMZ4Kk+wcXbkj8Q==,type:str]
|
||||
lastmodified: "2025-12-26T03:14:55Z"
|
||||
mac: ENC[AES256_GCM,data:gIWqEMtFkoEnFV/I4cefglnXxxr1XwON/Oiv/iHv1h5zVLvEwdGC9hyQB1KEKUEHDxWjh8GpKXn9rkZ5pncs7vZdjgiMXyVC7IAiN7uT03RfyGjPtLy7T9qqzmac2uOWLoCnda6No4VIBGG50leh5J7WDk4hKXvlm49xCwSlcLw=,iv:fVtqpXMO3klwAztFRXODLp5H9kq9LJt82Zsoq/59dTU=,tag:XTa90qDkg7ehW6xoXRwEVw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str]
|
||||
smtp-password: ENC[AES256_GCM,data:KAIn6lp6JXY39SgMPGP3tQ==,iv:Mgmo9bLT3iIGXw6THqJO6+IuPV65VXo1+vE3PrmS44Y=,tag:8urcnZtccaPJSOuHiZAp5A==,type:str]
|
||||
derek-password: ENC[AES256_GCM,data:gMX5fWnfYYUOArD6YJeyTgSHqE2KFKvTU2zNqr4YkEZx443zGYajRcuE4QRx1HXY71r/sipWpIURntBQrCksDy4rEtpKuHMeQdTfZWp5dSZU7oHcLr9MEr86kgMArFpaIELdNNprbS7Tqw==,iv:6kWIXFMNiH3Z2tAPVtylWYF+v8qeKVzk37fIpBQ486E=,tag:Akik/1gUm1R4zcGdSLWKag==,type:str]
|
||||
smtp-password: ENC[AES256_GCM,data:Reb6wDlZivAn5DVI2swNfQ==,iv:ZT4QvFXYmgFl1Ut07Yic1qnA8JvapSTfKw2DPCoQMEU=,tag:A5jIqUrmUwROS/LKbsahsQ==,type:str]
|
||||
nextcloud-adminpass: ENC[AES256_GCM,data:g0bnifEbMykPBVwMF14EhT/RWGsnEzJ6sXXmxSJ6kIVDeRr8XVRbFzusxlxAOOlseVwPT6e4Ad8=,iv:Gy0LwUNCw8gnqlwk91qguSEeufIJDtaqNNLX1vZp7vA=,tag:y8H42B1rue0X7/4nG/Whsw==,type:str]
|
||||
firefly-iii-keyfile: ENC[AES256_GCM,data:HTifd3/5apa9f0RiOh33aRRoVkRskgo/2FV9S01wQSEmKFLg2M9gNNFm6gv2/WCQvNc1,iv:4yLIQQkfqhLixQtAOsbQePNlKOrU2p6Dqw9aLPDoJrM=,tag:uSbAMCy4FWRMU+QhExAE2w==,type:str]
|
||||
resilio:
|
||||
host: ENC[AES256_GCM,data:iITbrqpJSdM52A==,iv:8sahhsUA9iIXNlJYKAkakllQDbYVOsGuwBulK9FyvTU=,tag:zKKHwrEFUkl3Fcd0RJcIjw==,type:str]
|
||||
user: ENC[AES256_GCM,data:31s2ihj2cN9C5Lyr2w==,iv:2MzKiRoDosawbeQ04LUKbfbSVFUUD6uUYynB6B0WNWw=,tag:GR0lXvLZAPof6WE3Verimg==,type:str]
|
||||
password: ENC[AES256_GCM,data:codFGm4O9QkI2+hbrVK3UqwFWETXyfl9y3Q5lY6UfnIRe/IqWG8Ibly1BUlh7OjKIepXm6m35e6QPioVSiUT5Ll1SIE=,iv:QWqKyKrvm2y2UM2Ir1COxjV0jgU8jTeu9ehnyeXTwCE=,tag:Xtr+r7EphaiLjGwK5gmsMQ==,type:str]
|
||||
postgres-password: ENC[AES256_GCM,data:V0g4T1cLUFnTN94zZZR83/KVJFUDGEWVEn6nyijnver4QCELUFkNr99s9g==,iv:1ymHA0JaVC2/aHdg4TmJmuKOG8JGZRRvynrgQIGdTss=,tag:xsCVpc+HBaNeswYvzo0PaA==,type:str]
|
||||
oauth2-proxy-cookie: ENC[AES256_GCM,data:eWEgnIGcdq1aRXWokmVO9DDb+t2oAxNCwFeyOUITzHQ=,iv:x5CROKQ5arUMESWQsroC15xbtMA6/HvnArhBiGwAx6k=,tag:U5yYk1ztExZsou7gVvA8Og==,type:str]
|
||||
plausible: ENC[AES256_GCM,data:Vze/uzsB4VkmeQwqJCVwlwT2kLpFoKSKXgaCmZ2633J2L6pVpL+OxnGxiSS7dmEuWRL5HOkMOJJdFWWCUhrv+QUMpp2RQ9bjy1q6gIOtejNTYPNm6/wg+A==,iv:d+ILv3ZDpanUxDJ2IkWaZ3TC14mldafxnjL3yAE+SK0=,tag:YqhGhMtCtvwaazeN7pXQJA==,type:str]
|
||||
kavita-token: ENC[AES256_GCM,data:kt3bTZNf4S7sKfbxzXc4Q+9yTPFTKzvEaR+mysBhhdnht+FuN9o9i9liqy2pKvB7WQmPnjQ/aYEYkcPSPg0NC5NwE7lNY7kUJtyHzYm2wkKqkkDIc/aI+dHhtX1SBF99ZpWEhmgnIA2HtCpYXUjkl4pUTKgNi0cn+bb1NULMY0zHyF2f7faOOKTWatQEuG1ZvBpiNIbPbsMznfdrWe9VEKrdtMg8IkK138Cn+EOSu0mCHdU=,iv:NCjegkB9/O6xq3fdWqhyVJy5YetqIpcDmD0yyBh3XXQ=,tag:IiqZY0mhqyUHJ61DRNHPlw==,type:str]
|
||||
stash:
|
||||
password: ENC[AES256_GCM,data:ZYwrETIJ1K5RJePR9TvmPdVHpZY=,iv:nqIvm5MkSmZxgSLUpZC0Iq2QOp4lU9rh9wtE8FhO7a0=,tag:YIlj9iPGjDVewgtjq0tdag==,type:str]
|
||||
@@ -52,7 +52,7 @@ sops:
|
||||
RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM
|
||||
QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-10-02T20:02:38Z"
|
||||
mac: ENC[AES256_GCM,data:DnbkeF+evVTMhYTg3OU528cRQ+jBiUl7Q7JZxyGRL6USjB2OdIRxqnnCH8L36K2hSAIkKQ/kojyJs+8Pgkx5uD/qsCbGlNT9pSBU1qPdSBxqJsVPxHZmkuf/QxGtE4pgV/50xJMrVyzAetWPZuxcYVfWAPszxDZcR5XDuD+Yjk4=,iv:i2Vt6nv6etIgaaoxsbVlxEnIhIx4adOQZFeyGM/4Saw=,tag:jugPmHU78lap7Hy7RJd9pg==,type:str]
|
||||
lastmodified: "2026-01-16T15:38:39Z"
|
||||
mac: ENC[AES256_GCM,data:4xaoGvLq1UIdozNqQ7v+pORVPDCk+FZRsCRvZ3C5AZOwSaM+UfDYZcI32AI0K80yFyhVIrrjqylykvXghbpQGAju3mv7+7Tbn5p2gqXrB/m1FuyVe/ftw7SSn8FTGL14cdHuPPkQTvV/u7z1IfX4YAOEGqtWiEfOe4YoWT3xc3A=,iv:dygbKjQ0ljgBPyk2aEIa/Mpbs/At+UzuhYy8Sndx/nk=,tag:jYbROlRxeDxqF1YqrBGL8A==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
version: 3.11.0
|
||||
|
||||
Reference in New Issue
Block a user