Compare commits
8 commits
9b1e86cde4
...
353e2184d8
| Author | SHA1 | Date | |
|---|---|---|---|
 Tigor Hutasuhut
|
353e2184d8 | ||
|
Tigor Hutasuhut
|
ac5748349d | ||
|
Tigor Hutasuhut
|
6b3b479615 | ||
|
Tigor Hutasuhut
|
e9b80b24f8 | ||
|
Tigor Hutasuhut
|
48ce3dfa79 | ||
|
Tigor Hutasuhut
|
cf90158871 | ||
|
Tigor Hutasuhut
|
f091c080d9 | ||
|
Tigor Hutasuhut
|
44be975d4b |
|
|
@ -1,4 +1,4 @@
|
|||
{ config, profile-path, pkgs, ... }:
|
||||
{ config, profile-path, ... }:
|
||||
let
|
||||
user = config.profile.user;
|
||||
stateVersion = config.profile.system.stateVersion;
|
||||
|
|
@ -10,6 +10,7 @@ in
|
|||
./programs
|
||||
./modules
|
||||
./games
|
||||
./environments
|
||||
|
||||
./direnv.nix
|
||||
./config/ideavim
|
||||
|
|
@ -43,5 +44,10 @@ in
|
|||
path = "${config.home.homeDirectory}/.ssh/id_ed25519";
|
||||
mode = "0400";
|
||||
};
|
||||
"netrc" = {
|
||||
sopsFile = ../secrets/netrc.yaml;
|
||||
path = "${config.home.homeDirectory}/.netrc";
|
||||
mode = "0400";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
6
home/environments/default.nix
Normal file
6
home/environments/default.nix
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./protobuf.nix
|
||||
];
|
||||
}
|
||||
17
home/environments/protobuf.nix
Normal file
17
home/environments/protobuf.nix
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.profile.home.environments.protobuf;
|
||||
inherit (lib) mkIf;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
buf
|
||||
buf-language-server
|
||||
protoc-gen-go
|
||||
protoc-gen-go-grpc
|
||||
protoc-gen-js
|
||||
protoc-gen-connect-go
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
@ -7,6 +7,7 @@
|
|||
./dbeaver.nix
|
||||
./discord.nix
|
||||
./easyeffects.nix
|
||||
./elisa.nix
|
||||
./foot.nix
|
||||
./git.nix
|
||||
./github.nix
|
||||
|
|
|
|||
12
home/programs/elisa.nix
Normal file
12
home/programs/elisa.nix
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.home.programs.elisa;
|
||||
inherit (lib) mkIf;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
kdePackages.elisa
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
@ -7,6 +7,7 @@
|
|||
./podman.nix
|
||||
./services.nix
|
||||
./games.nix
|
||||
./environments.nix
|
||||
];
|
||||
options.profile = {
|
||||
|
||||
|
|
|
|||
11
options/environments.nix
Normal file
11
options/environments.nix
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib) mkEnableOption;
|
||||
in
|
||||
{
|
||||
options.profile = {
|
||||
home.environments = {
|
||||
protobuf.enable = mkEnableOption "protobuf environments";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -16,6 +16,7 @@ in
|
|||
minecraft.enable = mkEnableOption "minecraft server podman";
|
||||
memos.enable = mkEnableOption "memos podman";
|
||||
morphos.enable = mkEnableOption "morphos podman";
|
||||
soulseek.enable = mkEnableOption "soulseek podman";
|
||||
|
||||
servarr = {
|
||||
enable = mkEnableOption "servarr group";
|
||||
|
|
|
|||
|
|
@ -110,6 +110,7 @@
|
|||
foot.enable = lib.mkEnableOption "foot";
|
||||
bruno.enable = lib.mkEnableOption "bruno";
|
||||
zoom.enable = lib.mkEnableOption "zoom";
|
||||
elisa.enable = lib.mkEnableOption "elisa";
|
||||
};
|
||||
|
||||
programs = {
|
||||
|
|
|
|||
|
|
@ -21,5 +21,6 @@ in
|
|||
rust-motd.enable = mkEnableOption "rust-motd";
|
||||
wireguard.enable = mkEnableOption "wireguard";
|
||||
photoprism.enable = mkEnableOption "photoprism";
|
||||
navidrome.enable = mkEnableOption "navidrome";
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -82,6 +82,7 @@ in
|
|||
zathura.enable = true;
|
||||
bruno.enable = true;
|
||||
zoom.enable = true;
|
||||
elisa.enable = true;
|
||||
};
|
||||
programs.easyeffects.enable = true;
|
||||
programs.wezterm.enable = true;
|
||||
|
|
|
|||
|
|
@ -74,6 +74,11 @@
|
|||
foot.enable = true;
|
||||
zellij.enable = false;
|
||||
bruno.enable = true;
|
||||
elisa.enable = true;
|
||||
};
|
||||
|
||||
home.environments = {
|
||||
protobuf.enable = true;
|
||||
};
|
||||
|
||||
games.minecraft.enable = true;
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@
|
|||
minecraft.enable = true;
|
||||
memos.enable = true;
|
||||
morphos.enable = true;
|
||||
soulseek.enable = true;
|
||||
};
|
||||
|
||||
docker = {
|
||||
|
|
@ -59,7 +60,7 @@
|
|||
forgejo.enable = true;
|
||||
kavita.enable = true;
|
||||
samba.enable = true;
|
||||
nextcloud.enable = true;
|
||||
nextcloud.enable = false;
|
||||
syncthing.enable = true;
|
||||
openvpn.enable = false;
|
||||
stubby.enable = true;
|
||||
|
|
@ -67,6 +68,7 @@
|
|||
rust-motd.enable = true;
|
||||
wireguard.enable = true;
|
||||
photoprism.enable = true;
|
||||
navidrome.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
21
secrets/netrc.yaml
Normal file
21
secrets/netrc.yaml
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
netrc: ENC[AES256_GCM,data:aTCNh1OJVqIf8PrHxjR2wgejZmap43aHRCAQVmlW2voEIBbTe5UWTyT/HaEd5YUW/F3fe1bTlBExhKNKJSFAmq9cDNYb7QTrCSBOWMccfryozY7THLVrOMK9A5weI8RwNJDTYhkShsuYhGVl2Q==,iv:c3kA0peOyim68oKbEluX99FnLDBIzc9unV2SgbJj234=,tag:w7vaspE2ndSO0HAQMmQoUg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZExlc3VwOE1xYjl6YzlU
|
||||
K2ZUTEV3UHA3UDNSdDFvRUg4SXc1YXVnQm1FCkNRcnBMQlFvRHNIQzBXemQ0YURi
|
||||
ZTlPc3lqMlVKOXlkMnBUNTdJQ1VqUDAKLS0tIEVPS01vTWljQWpiZldFc3g0YmYv
|
||||
dDE2NU5oZFZnQXV6NEZKU3dZcXBuQm8KzmHuRnb82JdMXsVBBKVof1h56fDlDxPV
|
||||
vRzS1RZ6KkYFjmCDwK6TJhqJGijTFBKpXGzOcB/wvD6Dg6jK0ZR1PQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-22T03:40:38Z"
|
||||
mac: ENC[AES256_GCM,data:558OTZqpP/YT7IRNEgHS44Nzsi1yL+dP7ekk8BYkzLLOnZd4OOwX+nppnLy6/jwOOsz/FTS/kjhKwmEnivUUt29jjCOs40A3X4ifSLFYVjLaqR0QEy+Gj4rtZM+b1w2s6gtIVek8Euy5BddU2KYrd8hhEnsEsMxGwXw6vZCmDt0=,iv:YgiUPUr7HVkfn0YPqxgVaGbRXg82aidzhF+zDaBSNmc=,tag:6S7nPeGPiCb6Hw+sS1CmCw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
22
secrets/soulseek.yaml
Normal file
22
secrets/soulseek.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
soulseek:
|
||||
env: ENC[AES256_GCM,data:r9AABW2U8Zr4fnYwF66SkJts/ljRyLsqpXQZWMQdtRpe6bkSY+s7hwXYVexjp1UVruLcAu+x7A==,iv:rngXQd3Xn/8nl5fE33BDQl++EGdHMMJPvg9KQfDA/II=,tag:r5WvaCGpo6pq8SgYEwv3UA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZWNVU2szamhkZFlBcjF1
|
||||
UDZxZHJqZjRETCs1YlpHUTFtUmFWWGErbENJClNJNWxkVVc1YXBxdVRXVCt2SGRy
|
||||
SVdRY2lYOW9Ob1d6ZUkrYWJ2Yno4WlkKLS0tIFBMT3FGdVhWRDVaTnNYTlpuZ2x1
|
||||
M3NzdHlsL2hENll3QnVBaXBiN2JPRzgKytdiV9iYS69v1+ub790lu4sPaMe4Auac
|
||||
dnYZHUyMBFqvHjdQH+y4wYZ+k/O6vLwWJE0uR7ErhShrpLQmYVwdAw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-20T12:21:42Z"
|
||||
mac: ENC[AES256_GCM,data:n4zNdElxX38hgAUpVNpbfSlyFedriNoB1jXB8whrXVVu/X7Y5GX2Jg1sxNjLGrY/UXHen2sc7v25iz+2eM/IGXZhKn9ZOfuLUedRyR4wJP48h1RsPt9a20Mo6dTsUKHnyHBbbGA2iLlmt815yUtEwQPbj28SMGh1Ir6ppxNrLvI=,iv:3lC6pSyB1K7gN8yHhfaLL8JEa9pwTSKqMKgTlxDK9XU=,tag:fALAy3QdW0iTIu+vv4T5qw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
@ -50,6 +50,7 @@ in
|
|||
./redmage-demo.nix
|
||||
./redmage.nix
|
||||
./servarr
|
||||
./soulseek.nix
|
||||
./suwayomi.nix
|
||||
./ytptube.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -46,6 +46,9 @@ in
|
|||
EOF 200
|
||||
'';
|
||||
|
||||
# Minecraft only autoupdates at startup
|
||||
#
|
||||
# To keep up with the update, restart the server at 4am everyday.
|
||||
systemd =
|
||||
let serviceName = "podman-${name}"; in
|
||||
{
|
||||
|
|
@ -59,7 +62,7 @@ in
|
|||
description = "Podman container ${name} autorestart";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.podman}/bin/podman restart podman-${name}";
|
||||
ExecStart = "${pkgs.podman}/bin/podman restart ${name}";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
81
system/podman/soulseek.nix
Normal file
81
system/podman/soulseek.nix
Normal file
|
|
@ -0,0 +1,81 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
name = "soulseek";
|
||||
podman = config.profile.podman;
|
||||
inherit (lib) mkIf;
|
||||
ip = "10.88.60.80";
|
||||
image = "ghcr.io/fletchto99/nicotine-plus-docker:latest";
|
||||
rootVolume = "/nas/podman/soulseek";
|
||||
rootVolumeMusic = "/nas/Syncthing/Sync/Music";
|
||||
domain = "${name}.tigor.web.id";
|
||||
user = config.profile.user;
|
||||
uid = toString user.uid;
|
||||
gid = toString user.gid;
|
||||
in
|
||||
{
|
||||
config = mkIf (podman.enable && podman.${name}.enable) {
|
||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||
reverse_proxy ${ip}:6080
|
||||
'';
|
||||
|
||||
system.activationScripts."podman-${name}" = ''
|
||||
mkdir -p ${rootVolume}/{config,downloads,incomplete}
|
||||
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}
|
||||
'';
|
||||
|
||||
|
||||
# Soulseek only autoscans on startup
|
||||
#
|
||||
# Once a day at 4am, restart the container to trigger a rescan
|
||||
systemd =
|
||||
let
|
||||
serviceName = "podman-${name}-autorestart";
|
||||
in
|
||||
{
|
||||
services.${serviceName} = {
|
||||
description = "Podman container ${name} autorestart";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.podman}/bin/podman restart ${name}";
|
||||
};
|
||||
};
|
||||
timers.${serviceName} = {
|
||||
description = "Podman container ${name} autorestart";
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 04:00:00";
|
||||
};
|
||||
wantedBy = [ "timers.target" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
virtualisation.oci-containers.containers.${name} = {
|
||||
inherit image;
|
||||
hostname = name;
|
||||
autoStart = true;
|
||||
environment = {
|
||||
TZ = "Asia/Jakarta";
|
||||
PUID = uid;
|
||||
PGID = gid;
|
||||
};
|
||||
volumes = [
|
||||
"${rootVolume}/config:/config"
|
||||
"${rootVolume}/incomplete:/data/incomplete_downloads"
|
||||
"${rootVolumeMusic}:/data/shared"
|
||||
];
|
||||
ports = [
|
||||
"2234-2239:2234-2239"
|
||||
];
|
||||
extraOptions = [
|
||||
"--network=podman"
|
||||
"--ip=${ip}"
|
||||
"--security-opt=seccomp=unconfined"
|
||||
"--device=/dev/dri:/dev/dri"
|
||||
];
|
||||
labels = {
|
||||
"io.containers.autoupdate" = "registry";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
@ -6,6 +6,7 @@
|
|||
./forgejo.nix
|
||||
./jellyfin.nix
|
||||
./kavita.nix
|
||||
./navidrome.nix
|
||||
./nextcloud.nix
|
||||
./openvpn.nix
|
||||
./rust-motd.nix
|
||||
|
|
|
|||
24
system/services/navidrome.nix
Normal file
24
system/services/navidrome.nix
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.services.navidrome;
|
||||
user = config.profile.user;
|
||||
inherit (lib) mkIf;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
services.caddy.virtualHosts."navidrome.tigor.web.id".extraConfig = ''
|
||||
reverse_proxy 0.0.0.0:${toString config.services.navidrome.settings.Port}
|
||||
'';
|
||||
|
||||
users.groups.navidrome.members = [ user.name ];
|
||||
users.groups.${user.name}.members = [ "navidrome" ];
|
||||
|
||||
services.navidrome = {
|
||||
enable = true;
|
||||
settings = {
|
||||
Address = "0.0.0.0";
|
||||
MusicFolder = "/nas/Syncthing/Sync/Music";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -133,6 +133,16 @@ in
|
|||
"windows"
|
||||
];
|
||||
};
|
||||
"/nas/Syncthing/Sync/Music" = {
|
||||
label = "Music";
|
||||
id = "Music";
|
||||
devices = [
|
||||
"s20fe"
|
||||
"work-laptop"
|
||||
"windows"
|
||||
"living-room-system"
|
||||
];
|
||||
};
|
||||
};
|
||||
devices = {
|
||||
s20fe = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue