ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: ambroisie:2172710dc8fbec03b42e707b2164aa7f96f0e761
Branches Tags
ambroisie:main
ambroisie:add-jj
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix
..
compare: ambroisie:fbe0b026e57a91a6b0565a8c2e0e50436bccb9d9
Branches Tags
ambroisie:add-jj
ambroisie:main
ambroisie:xdg-mime-apps
ambroisie:tmux-undercurls
ambroisie:export-nixos-homes
ambroisie:native-vim-snippets
ambroisie:add-impermanence
ambroisie:add-typos-hook
ambroisie:add-bazel-template
ambroisie:nvim-lua-lsp
ambroisie:xdg-nix

1 commit
2172710dc8 ... fbe0b026e5

Author SHA1 Message Date
Bruno BELANYI
fbe0b026e5 WIP: nixos: services: add aria
All checks were successful
ci/woodpecker/push/check Pipeline was successful
Details
2023-12-22 23:27:16 +01:00
74 changed files with 476 additions and 328 deletions
Download patch file Download diff file Expand all files Collapse all files

71
flake.lock generated
View file

@ -8,17 +8,14 @@
],
"nixpkgs": [
"nixpkgs"
],
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1703433843,
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
"lastModified": 1701216516,
"narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
"owner": "ryantm",
"repo": "agenix",
"rev": "417caa847f9383e111d1397039c9d4337d024bf0",
"rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
"type": "github"
},
"original": {
@ -36,11 +33,11 @@
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
@ -53,11 +50,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -73,11 +70,11 @@
]
},
"locked": {
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github"
},
"original": {
@ -89,16 +86,14 @@
},
"futils": {
"inputs": {
"systems": [
"systems"
]
"systems": "systems"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -116,11 +111,11 @@
]
},
"locked": {
"lastModified": 1703887061,
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
@ -136,11 +131,11 @@
]
},
"locked": {
"lastModified": 1705879479,
"narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=",
"lastModified": 1702538064,
"narHash": "sha256-At5GwJPu2tzvS9dllhBoZmqK6lkkh/sOp2YefWRlaL8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913",
"rev": "0e2e443ff24f9d75925e91b89d1da44b863734af",
"type": "github"
},
"original": {
@ -152,11 +147,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1705856552,
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
"lastModified": 1702312524,
"narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
"rev": "a9bf124c46ef298113270b1f84a164865987a91c",
"type": "github"
},
"original": {
@ -168,11 +163,11 @@
},
"nur": {
"locked": {
"lastModified": 1705927265,
"narHash": "sha256-eUUIBb3qYMrQB0ONGEj2kzKN8yzqwDmR4+Ct5/dvJcs=",
"lastModified": 1702558663,
"narHash": "sha256-MHq/DdwsBwsTRqwFg1JuFtcoGArgvaH/XwbxgWQ4Zn0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "a29c6f71063d0ce903e927fa7885651c00abd33b",
"rev": "b839a2bae27c0c14dd99dcc1f6d18f83b0af59bd",
"type": "github"
},
"original": {
@ -197,11 +192,11 @@
]
},
"locked": {
"lastModified": 1705757126,
"narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=",
"lastModified": 1702456155,
"narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc",
"rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc",
"type": "github"
},
"original": {
@ -219,8 +214,7 @@
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nur": "nur",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems"
"pre-commit-hooks": "pre-commit-hooks"
}
},
"systems": {
@ -234,7 +228,6 @@
},
"original": {
"owner": "nix-systems",
"ref": "main",
"repo": "default",
"type": "github"
}

11
flake.nix
View file

@ -9,7 +9,6 @@
inputs = {
home-manager.follows = "home-manager";
nixpkgs.follows = "nixpkgs";
systems.follows = "systems";
};
};
@ -28,9 +27,6 @@
owner = "numtide";
repo = "flake-utils";
ref = "main";
inputs = {
systems.follows = "systems";
};
};
home-manager = {
@ -68,13 +64,6 @@
nixpkgs-stable.follows = "nixpkgs";
};
};
systems = {
type = "github";
owner = "nix-systems";
repo = "default";
ref = "main";
};
};
# Can't eta-reduce a flake outputs...

2
hosts/homes/ambroisie@bazin/default.nix
View file

@ -1,4 +1,4 @@
# Google Laptop configuration
# Google Cloudtop configuration
{ lib, pkgs, ... }:
{
services.gpg-agent.enable = lib.mkForce false;

4
hosts/nixos/aramis/home.nix
View file

@ -2,7 +2,7 @@
{
my.home = {
# Use graphical pinentry
bitwarden.pinentry = "qt";
bitwarden.pinentry = "gtk2";
# Ebook library
calibre.enable = true;
# Some amount of social life
@ -14,7 +14,7 @@
# Blue light filter
gammastep.enable = true;
# Use a small popup to enter passwords
gpg.pinentry = "qt";
gpg.pinentry = "gtk2";
# Machine specific packages
packages.additionalPackages = with pkgs; [
element-desktop # Matrix client

16
hosts/nixos/porthos/secrets/acme/dns-key.age
View file

@ -1,8 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw
zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y
-> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8
uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw
--- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg
¾r ú&…¥‹{~v?¨}=Ä
}+ ¿SQM[²]Œ±k MÒAàtŒÃmMë/£µLsü|Þ…m©CÀñiYC}ƒŽ‡çxŽ€
-> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo
NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c
-> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw
j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68
-> z}.q-grease s2W<qM_Z t
n1Yfs/gmNsl/n9HtuKBIIT8iwIjYca2yxlh7Q1XAT1B+RZ8oGjW8yCPj1unbDGZL
e5BfLO3zgkEZnQ
--- FSgNKEdDeeTjCx9jN9UtOFl58mC/Lbu1PAYRGK0CZW4
U€¿+æ©jïÝ{gø`GŽ›ÆàˆQk]šóïdÐ6å˜úy5T²$Äñs~Ùh‰Ä£òÔ<C3B2>Fº¢ç%°vöÌm<C38C>

BIN
hosts/nixos/porthos/secrets/backup/credentials.age
View file

Binary file not shown.

13
hosts/nixos/porthos/secrets/backup/password.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ
Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM
-> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE
xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo
--- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU
<¥ö¡Ãñ<ýØ{VÇ?ñfk/¤áI®"<22>ï×/5K"Š¸(ì¢ùiÃÔôìñ
-> ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4
F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw
-> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI
P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ
-> *z4/`-grease S/)a{e sFd";=
--- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA
õ#+¥àÎvøSÈ4èá}<7D>§Rì%ίF4fnDœ˜J¹¤Z¸A¥Û™,_

BIN
hosts/nixos/porthos/secrets/drone/gitea.age
View file

Binary file not shown.

14
hosts/nixos/porthos/secrets/drone/secret.age
View file

@ -1,7 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4
tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA
-> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo
O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU
--- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM
+堍6JNm裶遁[ Eb1p)vD究侖PL9捦€z逡<7A>煸!縺贿噮'嘥閍顖卷赿5: [控d肯峈撟M抪庱zj<7A>
-> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y
oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM
-> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc
/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0
-> *Lc$@-grease
pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN
--- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY
YžŠXjb2uþnd;i0íýX]…§é0þL„PÔT~óú ƒÙ^kc”$D×ÚÛr¹úu³¶fr€e¸¸þ<C2B8>+p•¨<E280A2><C2A8>&ãw®öϨ

BIN
hosts/nixos/porthos/secrets/drone/ssh/private-key.age
View file

Binary file not shown.

14
hosts/nixos/porthos/secrets/gitea/mail-password.age
View file

@ -1,7 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig
gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg
-> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o
r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os
--- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s
Ž+)´”¯ÛPô¢nåWT,.<2E>²eÚNW€Îñ YƱkçÿF4Ê#=˜)üîò™6Ö±ÛmȵîJ<4A>ª#
-> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M
7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo
-> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww
bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs
-> jK/-grease Oz.R ?;)G ],
AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok
--- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18
)gЪeuÞ! œš- ÞTì¥YAðM+ˆãGbMe@­|A,è&ãÆE!܆p=P²=û9¹ÙP¹!ÜöQ|Ðä r

BIN
hosts/nixos/porthos/secrets/lohr/secret.age
View file

Binary file not shown.

BIN
hosts/nixos/porthos/secrets/lohr/ssh-key.age
View file

Binary file not shown.

16
hosts/nixos/porthos/secrets/matrix/mail.age
View file

@ -1,9 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA
QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg
-> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8
eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc
--- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc
¹Ã@Úl<C39A>ôQûsÈ„ÿ×£©Dƒ}^{ºžá¾X)¸nYóJhXhg8wƒž´ ­ “ú°˜Ó¨ÇÇw‡y(œ¸ìê.0>|ÚPSlOÃ|ÈÊE‰õÂÙé°€¡<E282AC>BWó_ˆ³ÜÌ)|x4©„šºë\_F¶
ZÒo0=dts j<E28093>[ùŽõ0O+ÑÕRž8±‡ÕiüËçŽÜ»ˆõŒæÆdÀ«ß8j»â©ê
g¹©$x Œÿò¥Æbâ÷í<C3B7>­˜äX·¢gÂ^¼íùG¼Êô¤Ž$UÏûB*ö°é²¡£ÈÔ)[t¶ÃHa•vŸ7<>ÌÑj£âD.z¸+¬[~–õ ÁÃé9Ùý<C399>àz¼øô`sé¶,_!^YÓïʯ2H¹øS¿¼©øÅ<C3B8>øý*âñó@êjZ^ˆôæÎv~غ¶@ò<>
-> ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s
ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M
-> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw
/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI
-> 32;%1s-grease
JafjuSZty6a4NSO/y4y5wHWL8Mw
--- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY
oi,`ÓÜ#uÄwW%PoubÚ­cy8<79>ó ƒÃÉ><¿F‰Ååq…ÂKÃÇk0Çk/<2F>hÀ¥Ÿ5势ÝF+ýu‡ •e<06>¾Ÿ²óôbãè>1QŠ2®ñwn˜WbÖB˜âî<C3A2>iŸ^xurâ†- /llùÒÀÀ-ã=°7;jã0»I×%Fi¼<69>í€ø™A;Y†ìUd]KÅI0(½ ”øAg£Ðóž^†uG:äpkJŸ:q<>¢šWSaLw¯¿Ô!ïM³4ã L/ùZŇ®¢D¶-XéUb»vÊbPó0ÇÅfÂ9êú<08> †âJ`ÃX°ôÐOÅ!s{ÙÄQAšc€c;ÏÃÑ4öMíچݹ lxH&ïéöé{é}ÁäÛzZ¦œ9ûÊXžÜ“g‰]Vϱ•0gt¡¿…žw·

BIN
hosts/nixos/porthos/secrets/matrix/secret.age
View file

Binary file not shown.

15
hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age
View file

@ -1,8 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E
OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c
-> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg
cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg
--- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY
"W9<57>Äbg¸©~Ì/áÕb4ãÕ†ú³ÜÔIÊ
Û}ð §ËÅË-³²ªNó±”ÑC7vWœbºØ?¦8=œÉwÆB ÃUpJClï²OÈ™³œnOÁ\
-> ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk
HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU
-> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc
JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8
-> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl<D{T-
+fAc0cajqxhYWu55HCY
--- SrmtWXQXGYxNTabSrb5tBRXHnK1F22Qoiy7hKYrrF+0
ñD·û²: ,õn0i<>½Àß^ÆŠ`üÔ2Æ#y'ý9ÖñÓÒŽéÿæ<C3BF>r]Àعx“³S=ú°ˆôuJéEÛóc€lH Ê~ ŸKtévo'êv+

BIN
hosts/nixos/porthos/secrets/miniflux/credentials.age
View file

Binary file not shown.

17
hosts/nixos/porthos/secrets/monitoring/password.age
View file

@ -1,9 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E
Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI
-> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM
rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI
--- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM
äBLsś ?ÖsÓ“s<E2809C>2Îy
R!<fü9txB7dň<13>™ÚŠň^©ô É‡LJ&ńW €<©e]
ţ/$$
-> ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y
yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg
-> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4
di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10
-> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s
yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/
CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q
--- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0
.|…rr>©†ðìì1ÅÆ2SÉž.×hw<12>w qºš%i˜øé *U^­)Öè'qžµO2ÓœümòQÝ7˜¯m`

BIN
hosts/nixos/porthos/secrets/monitoring/secret-key.age
View file

Binary file not shown.

BIN
hosts/nixos/porthos/secrets/nextcloud/password.age
View file

Binary file not shown.

BIN
hosts/nixos/porthos/secrets/nix-cache/cache-key.age
View file

Binary file not shown.

16
hosts/nixos/porthos/secrets/paperless/password.age
View file

@ -1,8 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ
92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w
-> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY
qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE
--- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc
x²Žê Ã>ùý²ç¦©ðóÁÇ_ÏC9d™T5ŸûKzЄqØcZ©°É¾pŒš¾¡ ใºv
)Œ³õ²¥
-> ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE
fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I
-> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM
8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo
-> xjK'w-grease
f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg
--- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE
š×—®JÚ dő oŞę'YFUź@
r7”ă“_N$‰˙Ź–č‡>‚ˇę]hq»-¨FŰ°qX˙?Î| Ę

15
hosts/nixos/porthos/secrets/paperless/secret-key.age
View file

@ -1,7 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4
LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q
-> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk
6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0
--- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo
°c#Ž=^Ì~?5ú-w—NT†Ì¡<C38C>¨+¶¨Ä!z¥<7A> " Zö"2ºëðù×M!pž5×V¬ÈÛjçΡѡŽâ¥âL¹ÁÌyóÐŹúš› n÷ÄŠ8zQö°+¨ËÁØ©9WSµ§<C2B5>Æ0¨u}YÚ
-> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4
Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI
-> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs
KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0
-> 2E"/OFW-grease o Qp3HFe^
bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh
TCJCTvZG31Qxvikp
--- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY
Tª /N¯<4E>¨¹i7m4#³MhiñP¹šÒÞ›Á¥-ÏgI÷ñ±%@E†(iÿ7·ý©ýYg¦k±´"+㸠Àª(þ]o¨¸ý†ð<E280A0>@báÊÞ§+Ï[Y"ÿÌBóóCR[ >-Ë.4d…¤b9v

14
hosts/nixos/porthos/secrets/podgrab/password.age
View file

@ -1,7 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc
FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw
-> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY
RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc
--- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8
{R<>ラ=42<34> y<>咨ッ眺テj嚀廁<E59A80>WQ▽隯%畊ス宅 顕褜返<E8A49C>弁K<E5BC81>蘊マFョモ?埴膕K歯「
-> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs
ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU
-> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0
MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY
-> COK%H7-grease
6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ
--- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo
¿vývû´ÊNÊbæ@Ÿ¡Â<C2A1>FÛMMíYËÆíÌ&‰’/%¤¹Ñm¨®ØtÁÖ“ªd†h„­|¡ðŒß©8¼Ž Ú½¨9®<11>Cã¯/Å

BIN
hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age
View file

Binary file not shown.

BIN
hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age
View file

Binary file not shown.

BIN
hosts/nixos/porthos/secrets/sso/auth-key.age
View file

Binary file not shown.

BIN
hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age
View file

Binary file not shown.

16
hosts/nixos/porthos/secrets/transmission/credentials.age
View file

@ -1,8 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM
FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU
-> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM
NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ
--- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs
®àµÕ¨ENÜžämÂÛ2uÂ~Ju¼b´´t[Ý$Tñþ^2°<E28093>½jœÙÜi@xªÒ¸*Ä°g[MÞH½½Xš!”‰6Áez¼…¥DW]ÓÕ<‰` XÛâêÁÜÄPóéý÷ÃÞ
¶¥q*Îo¼½ÃÑ$‚åÓ<²
-> ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g
f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U
-> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY
hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA
-> J<-grease
n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN
chDccuSPLYk45Ov+SD/qqqFZlQ
--- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM
¢ìÛ±S·7 <EFBFBD>ý£÷ÜãV»»Bðßâø±³ˆ¶ïO‰lEt˜Á…šqý</Ç—Ø©9²ã(ØP†$Wƒ0h;÷‰±àJy¯feø >·_D,PºVFp\æ"AM}èg?<3F>ÿ<EFBFBD>Ý/\²Ä;ùy ¬Óš(<28>ÑSñKË

BIN
hosts/nixos/porthos/secrets/vikunja/mail.age
View file

Binary file not shown.

16
hosts/nixos/porthos/secrets/wireguard/private-key.age
View file

@ -1,8 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI
NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w
-> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA
nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M
--- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0
Bb<ÅŒb!ÏëE?:ÇÓô=÷srJC<4A>œüKz5ø®Ô{Æ4`¾&N0€ÕÈö¹57ñüví©+´1
+(d§á¡{ ìQŠÙ
-> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w
sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA
-> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY
ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw
-> l-grease |PIcZ NIr >0;*
4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I
m51A8uWS4nSj36N/76v6K4kelxKzWUg
--- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw
ýqýŐ$ň`żw'čS“X¸]Ąá÷ř®úî…?¤6Đ/ĆN(Bžň N«a” HŽ7żí•I<E280A2>ú÷Ŕoz‡/4:sK",7J

BIN
hosts/nixos/porthos/secrets/woodpecker/gitea.age
View file

Binary file not shown.

15
hosts/nixos/porthos/secrets/woodpecker/secret.age
View file

@ -1,7 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0
cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU
-> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k
nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0
--- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0
¨Ãd>ò±cE?nb¹vš_²'2ûûà³<1B>Õµ¥_6Pu:ÊusºE“8õ“ØÏ“xuڶ̪…Îxù̧ïžC[†®°ˆÁ .õêŽ6‰¯  qÌÀÍîJ°Ä5GäKÌ)N<ÊyYÉ¥tX=l7T´2­¨ùRÙ
-> ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY
6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8
-> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I
L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ
-> I[G-grease p
AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr
wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1
--- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q
ÑmW„rµœ_\)Í°]QŠ¦xMÃs/݃ÎݪäœóÍ6óº“k±äÅY§xïMy¶ J¿¸GßÃ)i2_'ÖœHF€þ.âg_Îe5³#uätñØÕ 7j„ŽPñ²'TÞ¥8´•\IàW«UùäK­°1Úº9½è

BIN
hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age
View file

Binary file not shown.

1
modules/home/default.nix
View file

@ -23,7 +23,6 @@
./gtk
./htop
./jq
./keyboard
./mail
./mpv
./nix

6
modules/home/firefox/tridactyl/tridactylrc
View file

@ -22,8 +22,8 @@ bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"]
bindurl reddit.com gu urlparent 3
" Only hint search results on Google
bindurl www.google.com f hint -Jc #search a
bindurl www.google.com F hint -Jbc #search a
bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a
bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a
" Only hint search results on DuckDuckGo
bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"]
@ -69,6 +69,8 @@ unbind <C-f>
" Redirections {{{
" Always redirect Reddit to the old site
autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
" Use a better Twitter front-end
autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net")
" }}}
" Disabled websites {{{

1
modules/home/mpv/default.nix
View file

@ -13,7 +13,6 @@ in
scripts = [
pkgs.mpvScripts.mpris # Allow controlling using media keys
pkgs.mpvScripts.uosc # Nicer UI
];
};
};

6
modules/home/vim/after/ftplugin/gn.vim
View file

@ -1,6 +0,0 @@
" Create the `b:undo_ftplugin` variable if it doesn't exist
call ftplugined#check_undo_ft()
" Set comment string, as it seems that no official GN support exists upstream
setlocal commentstring=#\ %s
let b:undo_ftplugin.='|setlocal commentstring<'

2
modules/home/vim/ftdetect/automake.lua
View file

@ -1,4 +1,4 @@
-- Use Automake filetype for `local.am` files
-- Use Automake filetype for `local.am` files, explicit `set` to force override
vim.filetype.add({
filename = {
["local.am"] = "automake",

7
modules/home/vim/ftdetect/glsl.lua
View file

@ -1,7 +0,0 @@
-- Use GLSL filetype for common shader file extensions
vim.filetype.add({
extension = {
frag = "glsl",
vert = "glsl",
},
})

7
modules/home/vim/ftdetect/gn.lua
View file

@ -1,7 +0,0 @@
-- Use GN filetype for Chromium Generate Ninja files
vim.filetype.add({
extension = {
gn = "gn",
gni = "gn",
},
})

2
modules/home/wm/i3bar/default.nix
View file

@ -74,7 +74,7 @@ in
)
{
block = "net";
format = " $icon{| $ssid|}{| $ip|}{| $signal_strength|} ";
format = " $icon{| $ssid|} $ip{| $signal_strength|} ";
}
{
block = "backlight";

4
modules/home/x/default.nix
View file

@ -3,6 +3,10 @@ let
cfg = config.my.home.x;
in
{
imports = [
./keyboard
];
options.my.home.x = with lib; {
enable = mkEnableOption "X server configuration";
};

6
modules/home/keyboard/default.nix → modules/home/x/keyboard/default.nix
View file

@ -1,12 +1,8 @@
{ config, lib, ... }:
let
cfg = config.my.home.keyboard;
cfg = config.my.home.x;
in
{
options.my.home.keyboard = with lib; {
enable = my.mkDisableOption "keyboard configuration";
};
config = lib.mkIf cfg.enable {
home.keyboard = {
layout = "fr";

5
modules/nixos/services/aria/default.nix
View file

@ -20,7 +20,6 @@ in
description = "Download directory";
};
# FIXME: secrets file
};
config = lib.mkIf cfg.enable {
@ -30,10 +29,12 @@ in
inherit (cfg) downloadDir;
rpcListenPort = cfg.rpcPort;
openPorts = false; # I don't want to expose the RPC port
};
# Expose DHT ports, but not RPC ports
# Expose DHT ports
networking.firewall = {
# FIXME: check for overlap?
allowedUDPPortRanges = config.services.aria2.listenPortRange;
};

3
modules/nixos/services/blog/default.nix
View file

@ -5,10 +5,11 @@ let
domain = config.networking.domain;
makeHostInfo = subdomain: {
inherit subdomain;
root = "/var/www/${subdomain}";
};
hostsInfo = lib.flip lib.genAttrs makeHostInfo [ "cv" "dev" "key" ];
hostsInfo = map makeHostInfo [ "cv" "dev" "key" ];
in
{
options.my.services.blog = {

9
modules/nixos/services/calibre-web/default.nix
View file

@ -40,11 +40,12 @@ in
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
library = {
my.services.nginx.virtualHosts = [
{
subdomain = "library";
inherit (cfg) port;
};
};
}
];
my.services.backup = {
paths = [

9
modules/nixos/services/drone/server/default.nix
View file

@ -45,10 +45,11 @@ in
}];
};
my.services.nginx.virtualHosts = {
drone = {
my.services.nginx.virtualHosts = [
{
subdomain = "drone";
inherit (cfg) port;
};
};
}
];
};
}

9
modules/nixos/services/flood/default.nix
View file

@ -40,10 +40,11 @@ in
};
};
my.services.nginx.virtualHosts = {
flood = {
my.services.nginx.virtualHosts = [
{
subdomain = "flood";
inherit (cfg) port;
};
};
}
];
};
}

14
modules/nixos/services/gitea/default.nix
View file

@ -116,16 +116,18 @@ in
};
users.groups.git = { };
my.services.nginx.virtualHosts = {
my.services.nginx.virtualHosts = [
# Proxy to Gitea
git = {
{
subdomain = "git";
inherit (cfg) port;
};
}
# Redirect `gitea.` to actual forge subdomain
gitea = {
{
subdomain = "gitea";
redirect = config.services.gitea.settings.server.ROOT_URL;
};
};
}
];
my.services.backup = {
paths = [

27
modules/nixos/services/indexers/default.nix
View file

@ -28,11 +28,12 @@ in
};
};
my.services.nginx.virtualHosts = {
jackett = {
my.services.nginx.virtualHosts = [
{
subdomain = "jackett";
port = jackettPort;
};
};
}
];
})
(lib.mkIf cfg.nzbhydra.enable {
@ -40,11 +41,12 @@ in
enable = true;
};
my.services.nginx.virtualHosts = {
nzbhydra = {
my.services.nginx.virtualHosts = [
{
subdomain = "nzbhydra";
port = nzbhydraPort;
};
};
}
];
})
(lib.mkIf cfg.prowlarr.enable {
@ -52,11 +54,12 @@ in
enable = true;
};
my.services.nginx.virtualHosts = {
prowlarr = {
my.services.nginx.virtualHosts = [
{
subdomain = "prowlarr";
port = prowlarrPort;
};
};
}
];
services.fail2ban.jails = {
prowlarr = ''

16
modules/nixos/services/jellyfin/default.nix
View file

@ -17,15 +17,9 @@ in
# Set-up media group
users.groups.media = { };
systemd.services.jellyfin = {
serviceConfig = {
# Loose umask to make Jellyfin metadata more broadly readable
UMask = lib.mkForce "0002";
};
};
my.services.nginx.virtualHosts = {
jellyfin = {
my.services.nginx.virtualHosts = [
{
subdomain = "jellyfin";
port = 8096;
extraConfig = {
locations."/" = {
@ -39,7 +33,7 @@ in
proxyWebsockets = true;
};
};
};
};
}
];
};
}

9
modules/nixos/services/lohr/default.nix
View file

@ -98,10 +98,11 @@ in
};
users.groups.lohr = { };
my.services.nginx.virtualHosts = {
lohr = {
my.services.nginx.virtualHosts = [
{
subdomain = "lohr";
inherit (cfg) port;
};
};
}
];
};
}

42
modules/nixos/services/matrix/default.nix
View file

@ -104,22 +104,23 @@ in
extraConfigFiles = [
cfg.mailConfigFile
] ++ lib.optional (cfg.secretFile != null) cfg.secretFile;
};
services.matrix-sliding-sync = {
enable = true;
sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = "https://${matrixDomain}";
SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
settings = {
SYNCV3_SERVER = "https://${matrixDomain}";
SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}";
};
environmentFile = cfg.slidingSync.secretFile;
};
environmentFile = cfg.slidingSync.secretFile;
};
my.services.nginx.virtualHosts = {
my.services.nginx.virtualHosts = [
# Element Web app deployment
chat = {
{
subdomain = "chat";
root = pkgs.element-web.override {
conf = {
default_server_config = {
@ -144,19 +145,22 @@ in
};
};
};
};
}
# Dummy VHosts for port collision detection
matrix-federation = {
{
subdomain = "matrix-federation";
port = federationPort.private;
};
matrix-client = {
}
{
subdomain = "matrix-client";
port = clientPort.private;
};
}
# Sliding sync
matrix-sync = {
{
subdomain = "matrix-sync";
inherit (cfg.slidingSync) port;
};
};
}
];
# Those are too complicated to use my wrapper...
services.nginx.virtualHosts = {
@ -181,7 +185,7 @@ in
# Sliding sync
"~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
proxyPass = "http://${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}";
};
};

9
modules/nixos/services/miniflux/default.nix
View file

@ -43,10 +43,11 @@ in
};
};
my.services.nginx.virtualHosts = {
reader = {
my.services.nginx.virtualHosts = [
{
subdomain = "reader";
inherit (cfg) port;
};
};
}
];
};
}

9
modules/nixos/services/monitoring/default.nix
View file

@ -125,10 +125,11 @@ in
];
};
my.services.nginx.virtualHosts = {
monitoring = {
my.services.nginx.virtualHosts = [
{
subdomain = "monitoring";
inherit (cfg.grafana) port;
};
};
}
];
};
}

9
modules/nixos/services/navidrome/default.nix
View file

@ -47,10 +47,11 @@ in
};
};
my.services.nginx.virtualHosts = {
music = {
my.services.nginx.virtualHosts = [
{
subdomain = "music";
inherit (cfg) port;
};
};
}
];
};
}

9
modules/nixos/services/nextcloud/default.nix
View file

@ -31,7 +31,7 @@ in
config = lib.mkIf cfg.enable {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud28;
package = pkgs.nextcloud27;
hostName = "nextcloud.${config.networking.domain}";
home = "/var/lib/nextcloud";
maxUploadSize = cfg.maxSize;
@ -41,12 +41,7 @@ in
adminpassFile = cfg.passwordFile;
dbtype = "pgsql";
dbhost = "/run/postgresql";
};
https = true;
extraOptions = {
overwriteprotocol = "https"; # Nginx only allows SSL
overwriteProtocol = "https"; # Nginx only allows SSL
};
notify_push = {

46
modules/nixos/services/nginx/default.nix
View file

@ -5,11 +5,10 @@ let
domain = config.networking.domain;
virtualHostOption = with lib; types.submodule ({ name, ... }: {
virtualHostOption = with lib; types.submodule {
options = {
subdomain = mkOption {
type = types.str;
default = name;
example = "dev";
description = ''
Which subdomain, under config.networking.domain, to use
@ -73,7 +72,7 @@ let
'';
};
};
});
};
in
{
imports = [
@ -98,18 +97,20 @@ in
};
virtualHosts = mkOption {
type = types.attrsOf virtualHostOption;
default = { };
type = types.listOf virtualHostOption;
default = [ ];
example = litteralExample ''
{
gitea = {
subdomain = "git";
[
{
subdomain = "gitea";
port = 8080;
};
dev = {
}
{
subdomain = "dev";
root = "/var/www/dev";
};
jellyfin = {
}
{
subdomain = "jellyfin";
port = 8096;
extraConfig = {
locations."/socket" = {
@ -117,8 +118,8 @@ in
proxyWebsockets = true;
};
};
};
}
}
]
'';
description = ''
List of virtual hosts to set-up using default settings.
@ -189,7 +190,7 @@ in
config = lib.mkIf cfg.enable {
assertions = [ ]
++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args:
++ (lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args:
let
conflicts = [ "port" "root" "socket" "redirect" ];
optionsNotNull = builtins.map (v: args.${v} != null) conflicts;
@ -208,7 +209,7 @@ in
ports = lib.my.mapFilter
(v: v != null)
({ port, ... }: port)
(lib.attrValues cfg.virtualHosts);
cfg.virtualHosts;
portCounts = lib.my.countValues ports;
nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts;
nonUniques = builtins.attrNames nonUniquesCounts;
@ -220,7 +221,7 @@ in
map mkAssertion nonUniques
) ++ (
let
subs = lib.mapAttrsToList (_: { subdomain, ... }: subdomain) cfg.virtualHosts;
subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts;
subsCounts = lib.my.countValues subs;
nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts;
nonUniques = builtins.attrNames nonUniquesCounts;
@ -324,7 +325,7 @@ in
])
);
in
lib.my.genAttrs' (lib.attrValues cfg.virtualHosts) mkVHost;
lib.my.genAttrs' cfg.virtualHosts mkVHost;
sso = {
enable = true;
@ -402,11 +403,12 @@ in
};
};
my.services.nginx.virtualHosts = {
${cfg.sso.subdomain} = {
my.services.nginx.virtualHosts = [
{
subdomain = "login";
inherit (cfg.sso) port;
};
};
}
];
networking.firewall.allowedTCPPorts = [ 80 443 ];

9
modules/nixos/services/nix-cache/default.nix
View file

@ -43,10 +43,11 @@ in
signKeyPath = cfg.secretKeyFile;
};
my.services.nginx.virtualHosts = {
cache = {
my.services.nginx.virtualHosts = [
{
subdomain = "cache";
inherit (cfg) port;
};
};
}
];
};
}

11
modules/nixos/services/paperless/default.nix
View file

@ -52,7 +52,7 @@ in
mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath;
settings =
extraConfig =
let
paperlessDomain = "paperless.${config.networking.domain}";
in
@ -143,8 +143,9 @@ in
extraGroups = [ "media" ];
};
my.services.nginx.virtualHosts = {
paperless = {
my.services.nginx.virtualHosts = [
{
subdomain = "paperless";
inherit (cfg) port;
sso = {
enable = true;
@ -154,8 +155,8 @@ in
extraConfig = {
locations."/".proxyWebsockets = true;
};
};
};
}
];
my.services.backup = {
paths = [

9
modules/nixos/services/pirate/default.nix
View file

@ -21,11 +21,12 @@ let
};
mkRedirection = service: {
my.services.nginx.virtualHosts = {
${service} = {
my.services.nginx.virtualHosts = [
{
subdomain = service;
port = ports.${service};
};
};
}
];
};
mkFail2Ban = service: lib.mkIf cfg.${service}.enable {

9
modules/nixos/services/podgrab/default.nix
View file

@ -31,10 +31,11 @@ in
inherit (cfg) passwordFile port;
};
my.services.nginx.virtualHosts = {
podgrab = {
my.services.nginx.virtualHosts = [
{
subdomain = "podgrab";
inherit (cfg) port;
};
};
}
];
};
}

9
modules/nixos/services/sabnzbd/default.nix
View file

@ -18,11 +18,12 @@ in
# Set-up media group
users.groups.media = { };
my.services.nginx.virtualHosts = {
sabnzbd = {
my.services.nginx.virtualHosts = [
{
subdomain = "sabnzbd";
inherit port;
};
};
}
];
services.fail2ban.jails = {
sabnzbd = ''

9
modules/nixos/services/tandoor-recipes/default.nix
View file

@ -70,10 +70,11 @@ in
];
};
my.services.nginx.virtualHosts = {
recipes = {
my.services.nginx.virtualHosts = [
{
subdomain = "recipes";
inherit (cfg) port;
};
};
}
];
};
}

9
modules/nixos/services/transmission/default.nix
View file

@ -80,11 +80,12 @@ in
# Default transmission webui, I prefer combustion but its development
# seems to have stalled
my.services.nginx.virtualHosts = {
transmission = {
my.services.nginx.virtualHosts = [
{
subdomain = "transmission";
inherit (cfg) port;
};
};
}
];
networking.firewall = {
allowedTCPPorts = [ cfg.peerPort ];

9
modules/nixos/services/vikunja/default.nix
View file

@ -59,8 +59,9 @@ in
};
# This is a weird setup
my.services.nginx.virtualHosts = {
${subdomain} = {
my.services.nginx.virtualHosts = [
{
inherit subdomain;
# Serve the root for the web-ui
root = config.services.vikunja.package-frontend;
@ -79,8 +80,8 @@ in
};
};
};
};
};
}
];
systemd.services.vikunja-api = {
serviceConfig = {

14
modules/nixos/services/woodpecker/server/default.nix
View file

@ -52,14 +52,16 @@ in
}];
};
my.services.nginx.virtualHosts = {
woodpecker = {
my.services.nginx.virtualHosts = [
{
subdomain = "woodpecker";
inherit (cfg) port;
};
}
# I might want to be able to RPC from other hosts in the future
woodpecker-rpc = {
{
subdomain = "woodpecker-rpc";
port = cfg.rpcPort;
};
};
}
];
};
}

6
pkgs/default.nix
View file

@ -14,6 +14,8 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
drone-rsync = pkgs.callPackage ./drone-rsync { };
drone-scp = pkgs.callPackage ./drone-scp { };
i3-get-window-criteria = pkgs.callPackage ./i3-get-window-criteria { };
lohr = pkgs.callPackage ./lohr { };
@ -28,5 +30,9 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: {
unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { };
unified-hosts-lists = pkgs.callPackage ./unified-hosts-lists { };
wifi-qr = pkgs.callPackage ./wifi-qr { };
zsh-done = pkgs.callPackage ./zsh-done { };
})

25
pkgs/drone-scp/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "drone-scp";
version = "1.6.3";
src = fetchFromGitHub {
owner = "appleboy";
repo = "drone-scp";
rev = "v${version}";
hash = "sha256-ELjPqoRR4O6gmc/PgthQuSXuSTQNzBZoAUT80zVVbV0=";
};
vendorHash = "sha256-/c103hTJ/Qdz2KTkdl/ACvAaSSTKcl1DQY3+Us6OxaI=";
doCheck = false; # Needs a specific user...
meta = with lib; {
description = ''
Copy files and artifacts via SSH using a binary, docker or Drone CI
'';
homepage = "https://github.com/appleboy/drone-scp";
license = licenses.mit;
mainProgram = "drone-scp";
};
}

4
pkgs/matrix-notifier/default.nix
View file

@ -1,13 +1,13 @@
{ lib, curl, jq, fetchFromGitHub, makeWrapper, pandoc, stdenvNoCC }:
stdenvNoCC.mkDerivation rec {
pname = "matrix-notifier";
version = "0.4.0";
version = "0.3.0";
src = fetchFromGitHub {
owner = "ambroisie";
repo = "matrix-notifier";
rev = "v${version}";
hash = "sha256-6KHteQx0bHodpNp7cuUIGM7uBRPaj386n2t5yz6umpY=";
hash = "sha256-NE9RO0ep2ibrT9EUPGTnUE3ofdNTCHwelxnX9tCflg0=";
};
nativeBuildInputs = [

14
pkgs/unbound-zones-adblock/default.nix
View file

@ -1,9 +1,9 @@
{ lib, gawk, stdenvNoCC, stevenblack-blocklist }:
{ lib, gawk, stdenvNoCC, unified-hosts-lists }:
stdenvNoCC.mkDerivation {
name = "unbound-zones-adblock";
version = stevenblack-blocklist.rev;
version = unified-hosts-lists.version;
src = stevenblack-blocklist;
src = unified-hosts-lists;
dontUnpack = true;
@ -18,11 +18,9 @@ stdenvNoCC.mkDerivation {
];
in
''
shopt -s globstar
for file in $src/**/hosts; do
outFile="$out/''${file#$src}"
mkdir -p "$(dirname "$outFile")"
${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > "$outFile"
mkdir -p $out
for file in $src/*; do
${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > $out/$(basename $file)
done
'';

34
pkgs/unified-hosts-lists/default.nix Normal file
View file

@ -0,0 +1,34 @@
{ lib, fetchFromGitHub, stdenvNoCC }:
stdenvNoCC.mkDerivation rec {
pname = "unified-hosts-lists";
version = "3.14.37";
src = fetchFromGitHub {
owner = "StevenBlack";
repo = "hosts";
rev = version;
hash = "sha256-HoNX57lCoIr36B/7HMuazWSWeAPPfWY1oZf6dXnxYIE=";
};
dontUnpack = true;
installPhase = ''
mkdir -p $out
cp -r $src/hosts $out
for file in $src/alternates/*/hosts; do
cp $file $out/$(basename $(dirname $file))
done
'';
meta = with lib; {
description = "Unified host lists";
longDescription = ''
Consolidating and extending hosts files from several well-curated sources.
Optionally pick extensions for porn, social media, and other categories.
'';
homepage = "https://github.com/StevenBlack/hosts";
license = licenses.mit;
maintainers = with maintainers; [ ambroisie ];
platforms = platforms.all;
};
}

81
pkgs/wifi-qr/default.nix Normal file
View file

@ -0,0 +1,81 @@
{ lib
, fetchFromGitHub
, gnome
, installShellFiles
, makeWrapper
, networkmanager
, qrencode
, stdenvNoCC
, xdg-utils
, zbar
}:
stdenvNoCC.mkDerivation rec {
pname = "wifi-qr";
version = "unstable-2023-04-19";
outputs = [ "out" "man" ];
src = fetchFromGitHub {
owner = "kokoye2007";
repo = "wifi-qr";
rev = "b81d4a44257252f07e745464879aa5618ae3d434";
hash = "sha256-oGTAr+raJGpK4PV4GdBxX8fIUE8gcbXw7W0SvQJAee0=";
};
nativeBuildInputs = [
installShellFiles
makeWrapper
];
dontBuild = true;
dontConfigure = true;
postPatch = ''
substituteInPlace wifi-qr.desktop \
--replace "Exec=sh -c 'wifi-qr g'" "Exec=$out/bin/wifi-qr g" \
--replace "Exec=sh -c 'wifi-qr q'" "Exec=$out/bin/wifi-qr q" \
--replace "Exec=sh -c 'wifi-qr p'" "Exec=$out/bin/wifi-qr p" \
--replace "Exec=sh -c 'wifi-qr c'" "Exec=$out/bin/wifi-qr c" \
--replace "Icon=wifi-qr.svg" "Icon=wifi-qr"
'';
installPhase = ''
runHook preInstall
install -Dm755 wifi-qr $out/bin/wifi-qr
install -Dm644 wifi-qr.desktop $out/share/applications/wifi-qr.desktop
install -Dm644 wifi-qr.svg $out/share/icons/hicolor/scalable/apps/wifi-qr.svg
installManPage wifi-qr.1
runHook postInstall
'';
wrapperPath = lib.makeBinPath [
gnome.zenity
networkmanager
qrencode
xdg-utils
zbar
];
fixupPhase = ''
runHook preFixup
patchShebangs $out/bin/wifi-qr
wrapProgram $out/bin/wifi-qr --suffix PATH : "${wrapperPath}"
runHook postFixup
'';
meta = with lib; {
description = "WiFi password sharing via QR codes";
homepage = "https://github.com/kokoye2007/wifi-qr";
license = with licenses; [ gpl3Plus ];
mainProgram = "wifi-qr";
maintainers = with maintainers; [ ambroisie ];
platforms = platforms.linux;
};
}