Compare commits

...

8 commits

21 changed files with 231 additions and 3 deletions

View file

@ -1,4 +1,4 @@
{ config, profile-path, pkgs, ... }:
{ config, profile-path, ... }:
let
user = config.profile.user;
stateVersion = config.profile.system.stateVersion;
@ -10,6 +10,7 @@ in
./programs
./modules
./games
./environments
./direnv.nix
./config/ideavim
@ -43,5 +44,10 @@ in
path = "${config.home.homeDirectory}/.ssh/id_ed25519";
mode = "0400";
};
"netrc" = {
sopsFile = ../secrets/netrc.yaml;
path = "${config.home.homeDirectory}/.netrc";
mode = "0400";
};
};
}

View file

@ -0,0 +1,6 @@
{ ... }:
{
imports = [
./protobuf.nix
];
}

View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.home.environments.protobuf;
inherit (lib) mkIf;
in
{
config = mkIf cfg.enable {
home.packages = with pkgs; [
buf
buf-language-server
protoc-gen-go
protoc-gen-go-grpc
protoc-gen-js
protoc-gen-connect-go
];
};
}

View file

@ -7,6 +7,7 @@
./dbeaver.nix
./discord.nix
./easyeffects.nix
./elisa.nix
./foot.nix
./git.nix
./github.nix

12
home/programs/elisa.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, config, lib, ... }:
let
cfg = config.profile.home.programs.elisa;
inherit (lib) mkIf;
in
{
config = mkIf cfg.enable {
home.packages = with pkgs; [
kdePackages.elisa
];
};
}

View file

@ -7,6 +7,7 @@
./podman.nix
./services.nix
./games.nix
./environments.nix
];
options.profile = {

11
options/environments.nix Normal file
View file

@ -0,0 +1,11 @@
{ lib, ... }:
let
inherit (lib) mkEnableOption;
in
{
options.profile = {
home.environments = {
protobuf.enable = mkEnableOption "protobuf environments";
};
};
}

View file

@ -16,6 +16,7 @@ in
minecraft.enable = mkEnableOption "minecraft server podman";
memos.enable = mkEnableOption "memos podman";
morphos.enable = mkEnableOption "morphos podman";
soulseek.enable = mkEnableOption "soulseek podman";
servarr = {
enable = mkEnableOption "servarr group";

View file

@ -110,6 +110,7 @@
foot.enable = lib.mkEnableOption "foot";
bruno.enable = lib.mkEnableOption "bruno";
zoom.enable = lib.mkEnableOption "zoom";
elisa.enable = lib.mkEnableOption "elisa";
};
programs = {

View file

@ -21,5 +21,6 @@ in
rust-motd.enable = mkEnableOption "rust-motd";
wireguard.enable = mkEnableOption "wireguard";
photoprism.enable = mkEnableOption "photoprism";
navidrome.enable = mkEnableOption "navidrome";
};
}

View file

@ -82,6 +82,7 @@ in
zathura.enable = true;
bruno.enable = true;
zoom.enable = true;
elisa.enable = true;
};
programs.easyeffects.enable = true;
programs.wezterm.enable = true;

View file

@ -74,6 +74,11 @@
foot.enable = true;
zellij.enable = false;
bruno.enable = true;
elisa.enable = true;
};
home.environments = {
protobuf.enable = true;
};
games.minecraft.enable = true;

View file

@ -40,6 +40,7 @@
minecraft.enable = true;
memos.enable = true;
morphos.enable = true;
soulseek.enable = true;
};
docker = {
@ -59,7 +60,7 @@
forgejo.enable = true;
kavita.enable = true;
samba.enable = true;
nextcloud.enable = true;
nextcloud.enable = false;
syncthing.enable = true;
openvpn.enable = false;
stubby.enable = true;
@ -67,6 +68,7 @@
rust-motd.enable = true;
wireguard.enable = true;
photoprism.enable = true;
navidrome.enable = true;
};
};
}

21
secrets/netrc.yaml Normal file
View file

@ -0,0 +1,21 @@
netrc: ENC[AES256_GCM,data:aTCNh1OJVqIf8PrHxjR2wgejZmap43aHRCAQVmlW2voEIBbTe5UWTyT/HaEd5YUW/F3fe1bTlBExhKNKJSFAmq9cDNYb7QTrCSBOWMccfryozY7THLVrOMK9A5weI8RwNJDTYhkShsuYhGVl2Q==,iv:c3kA0peOyim68oKbEluX99FnLDBIzc9unV2SgbJj234=,tag:w7vaspE2ndSO0HAQMmQoUg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZExlc3VwOE1xYjl6YzlU
K2ZUTEV3UHA3UDNSdDFvRUg4SXc1YXVnQm1FCkNRcnBMQlFvRHNIQzBXemQ0YURi
ZTlPc3lqMlVKOXlkMnBUNTdJQ1VqUDAKLS0tIEVPS01vTWljQWpiZldFc3g0YmYv
dDE2NU5oZFZnQXV6NEZKU3dZcXBuQm8KzmHuRnb82JdMXsVBBKVof1h56fDlDxPV
vRzS1RZ6KkYFjmCDwK6TJhqJGijTFBKpXGzOcB/wvD6Dg6jK0ZR1PQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-22T03:40:38Z"
mac: ENC[AES256_GCM,data:558OTZqpP/YT7IRNEgHS44Nzsi1yL+dP7ekk8BYkzLLOnZd4OOwX+nppnLy6/jwOOsz/FTS/kjhKwmEnivUUt29jjCOs40A3X4ifSLFYVjLaqR0QEy+Gj4rtZM+b1w2s6gtIVek8Euy5BddU2KYrd8hhEnsEsMxGwXw6vZCmDt0=,iv:YgiUPUr7HVkfn0YPqxgVaGbRXg82aidzhF+zDaBSNmc=,tag:6S7nPeGPiCb6Hw+sS1CmCw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

22
secrets/soulseek.yaml Normal file
View file

@ -0,0 +1,22 @@
soulseek:
env: ENC[AES256_GCM,data:r9AABW2U8Zr4fnYwF66SkJts/ljRyLsqpXQZWMQdtRpe6bkSY+s7hwXYVexjp1UVruLcAu+x7A==,iv:rngXQd3Xn/8nl5fE33BDQl++EGdHMMJPvg9KQfDA/II=,tag:r5WvaCGpo6pq8SgYEwv3UA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZWNVU2szamhkZFlBcjF1
UDZxZHJqZjRETCs1YlpHUTFtUmFWWGErbENJClNJNWxkVVc1YXBxdVRXVCt2SGRy
SVdRY2lYOW9Ob1d6ZUkrYWJ2Yno4WlkKLS0tIFBMT3FGdVhWRDVaTnNYTlpuZ2x1
M3NzdHlsL2hENll3QnVBaXBiN2JPRzgKytdiV9iYS69v1+ub790lu4sPaMe4Auac
dnYZHUyMBFqvHjdQH+y4wYZ+k/O6vLwWJE0uR7ErhShrpLQmYVwdAw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-20T12:21:42Z"
mac: ENC[AES256_GCM,data:n4zNdElxX38hgAUpVNpbfSlyFedriNoB1jXB8whrXVVu/X7Y5GX2Jg1sxNjLGrY/UXHen2sc7v25iz+2eM/IGXZhKn9ZOfuLUedRyR4wJP48h1RsPt9a20Mo6dTsUKHnyHBbbGA2iLlmt815yUtEwQPbj28SMGh1Ir6ppxNrLvI=,iv:3lC6pSyB1K7gN8yHhfaLL8JEa9pwTSKqMKgTlxDK9XU=,tag:fALAy3QdW0iTIu+vv4T5qw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -50,6 +50,7 @@ in
./redmage-demo.nix
./redmage.nix
./servarr
./soulseek.nix
./suwayomi.nix
./ytptube.nix
];

View file

@ -46,6 +46,9 @@ in
EOF 200
'';
# Minecraft only autoupdates at startup
#
# To keep up with the update, restart the server at 4am everyday.
systemd =
let serviceName = "podman-${name}"; in
{
@ -59,7 +62,7 @@ in
description = "Podman container ${name} autorestart";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.podman}/bin/podman restart podman-${name}";
ExecStart = "${pkgs.podman}/bin/podman restart ${name}";
};
};

View file

@ -0,0 +1,81 @@
{ config, lib, pkgs, ... }:
let
name = "soulseek";
podman = config.profile.podman;
inherit (lib) mkIf;
ip = "10.88.60.80";
image = "ghcr.io/fletchto99/nicotine-plus-docker:latest";
rootVolume = "/nas/podman/soulseek";
rootVolumeMusic = "/nas/Syncthing/Sync/Music";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:6080
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${rootVolume}/{config,downloads,incomplete}
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}
'';
# Soulseek only autoscans on startup
#
# Once a day at 4am, restart the container to trigger a rescan
systemd =
let
serviceName = "podman-${name}-autorestart";
in
{
services.${serviceName} = {
description = "Podman container ${name} autorestart";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.podman}/bin/podman restart ${name}";
};
};
timers.${serviceName} = {
description = "Podman container ${name} autorestart";
timerConfig = {
OnCalendar = "*-*-* 04:00:00";
};
wantedBy = [ "timers.target" ];
};
};
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
environment = {
TZ = "Asia/Jakarta";
PUID = uid;
PGID = gid;
};
volumes = [
"${rootVolume}/config:/config"
"${rootVolume}/incomplete:/data/incomplete_downloads"
"${rootVolumeMusic}:/data/shared"
];
ports = [
"2234-2239:2234-2239"
];
extraOptions = [
"--network=podman"
"--ip=${ip}"
"--security-opt=seccomp=unconfined"
"--device=/dev/dri:/dev/dri"
];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
}

View file

@ -6,6 +6,7 @@
./forgejo.nix
./jellyfin.nix
./kavita.nix
./navidrome.nix
./nextcloud.nix
./openvpn.nix
./rust-motd.nix

View file

@ -0,0 +1,24 @@
{ config, lib, ... }:
let
cfg = config.profile.services.navidrome;
user = config.profile.user;
inherit (lib) mkIf;
in
{
config = mkIf cfg.enable {
services.caddy.virtualHosts."navidrome.tigor.web.id".extraConfig = ''
reverse_proxy 0.0.0.0:${toString config.services.navidrome.settings.Port}
'';
users.groups.navidrome.members = [ user.name ];
users.groups.${user.name}.members = [ "navidrome" ];
services.navidrome = {
enable = true;
settings = {
Address = "0.0.0.0";
MusicFolder = "/nas/Syncthing/Sync/Music";
};
};
};
}

View file

@ -133,6 +133,16 @@ in
"windows"
];
};
"/nas/Syncthing/Sync/Music" = {
label = "Music";
id = "Music";
devices = [
"s20fe"
"work-laptop"
"windows"
"living-room-system"
];
};
};
devices = {
s20fe = {