From dc0b2518da674272f6894766ed9312f22231735c Mon Sep 17 00:00:00 2001 From: Truxnell <19149206+truxnell@users.noreply.github.com> Date: Sun, 14 Apr 2024 08:46:48 +1000 Subject: [PATCH] Add restic backups and glances (#89) * flesh out impermanence * glances * hack * hacking in plex and tautulli * hack * hacking * Auto lint/format --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com> Co-authored-by: truxnell --- .sops.yaml | 2 +- .taskfiles/nix/update-all.sh | 2 +- .taskfiles/nix/update-single-machine.sh | 4 +- flake.lock | 76 +-------------- flake.nix | 37 +------- .../browsers/firefox/profile-default.nix | 2 +- nixos/home/modules/shell/default.nix | 1 + nixos/home/modules/shell/git/default.nix | 77 +++++++++++++++ nixos/home/truxnell/workstation.nix | 21 ++++- nixos/hosts/daedalus/default.nix | 5 +- nixos/hosts/durandal/default.nix | 23 ++--- nixos/modules/nixos/browser/default.nix | 5 - nixos/modules/nixos/browser/firefox.nix | 22 ----- .../nixos/containers/arr/lidarr/default.nix | 17 ++-- .../containers/arr/lidarr/secrets.sops.yaml | 68 +++++++------- .../nixos/containers/arr/prowlarr/default.nix | 15 +-- .../containers/arr/prowlarr/secrets.sops.yaml | 68 +++++++------- .../nixos/containers/arr/radarr/default.nix | 17 ++-- .../containers/arr/radarr/secrets.sops.yaml | 68 +++++++------- .../nixos/containers/arr/readarr/default.nix | 15 +-- .../containers/arr/readarr/secrets.sops.yaml | 68 +++++++------- .../nixos/containers/arr/sonarr/default.nix | 15 +-- .../containers/arr/sonarr/secrets.sops.yaml | 68 +++++++------- nixos/modules/nixos/containers/default.nix | 2 + .../nixos/containers/gatus/default.nix | 34 +++---- .../nixos/containers/gatus/secrets.sops.yaml | 68 +++++++------- .../nixos/containers/homepage/default.nix | 12 ++- .../containers/homepage/secrets.sops.yaml | 68 +++++++------- .../modules/nixos/containers/plex/default.nix | 81 ++++++++++++++++ .../nixos/containers/qbittorrent/default.nix | 11 ++- .../nixos/containers/sabnzbd/default.nix | 11 ++- .../nixos/containers/tautulli/default.nix | 71 ++++++++++++++ nixos/modules/nixos/default.nix | 14 ++- nixos/modules/nixos/lib.nix | 30 ++++++ .../nixos/services/bind/secrets.sops.yaml | 70 +++++++------- .../cloudflare-dyndns.sops.yaml | 70 +++++++------- nixos/modules/nixos/services/default.nix | 3 +- .../dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml | 68 +++++++------- .../nixos/services/glances/default.nix | 94 +++++++++++++++++++ .../nixos/services/maddy/maddy.sops.yaml | 68 +++++++------- nixos/modules/nixos/services/nfs/default.nix | 2 +- .../modules/nixos/services/podman/default.nix | 5 + .../nixos/services/syncthing/default.nix | 39 ++++++++ .../nixos/services/traefik/default.nix | 72 +++++++------- .../nixos/services/traefik/secrets.sops.yaml | 70 +++++++------- nixos/modules/nixos/system/default.nix | 2 - nixos/modules/nixos/system/security.nix | 2 +- nixos/overlays/default.nix | 2 - nixos/profiles/global.nix | 48 +++++----- nixos/profiles/global/nix.nix | 2 - nixos/profiles/global/secrets.sops.yaml | 66 +++++++++++++ nixos/profiles/global/sops.nix | 2 +- nixos/profiles/global/users.nix | 6 +- .../default.nix => profiles/impermanence.nix} | 20 ++-- nixos/profiles/role-server.nix | 2 +- nixos/profiles/role-worstation.nix | 1 - 56 files changed, 1080 insertions(+), 732 deletions(-) create mode 100644 nixos/home/modules/shell/git/default.nix delete mode 100644 nixos/modules/nixos/browser/default.nix delete mode 100644 nixos/modules/nixos/browser/firefox.nix create mode 100644 nixos/modules/nixos/containers/plex/default.nix create mode 100644 nixos/modules/nixos/containers/tautulli/default.nix create mode 100644 nixos/modules/nixos/lib.nix create mode 100644 nixos/modules/nixos/services/glances/default.nix create mode 100644 nixos/modules/nixos/services/syncthing/default.nix create mode 100644 nixos/profiles/global/secrets.sops.yaml rename nixos/{modules/nixos/system/impermanence/default.nix => profiles/impermanence.nix} (68%) diff --git a/.sops.yaml b/.sops.yaml index a99c5aa..fe98395 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -14,7 +14,7 @@ keys: - &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - - &daedalus age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - &daedalus age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh creation_rules: - path_regex: .*\.sops\.yaml$ diff --git a/.taskfiles/nix/update-all.sh b/.taskfiles/nix/update-all.sh index e3b47ce..19d6963 100755 --- a/.taskfiles/nix/update-all.sh +++ b/.taskfiles/nix/update-all.sh @@ -23,7 +23,7 @@ for host in "${hosts[@]}"; do if [[ " ${skip[*]} " =~ " ${host} " ]]; then continue fi - fqdn="$host.l.trux.dev" + fqdn="$host.l.voltaicforge.com" if [ $reboot -eq 0 ]; then echo $fqdn nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host" diff --git a/.taskfiles/nix/update-single-machine.sh b/.taskfiles/nix/update-single-machine.sh index fbd9ded..acd967f 100755 --- a/.taskfiles/nix/update-single-machine.sh +++ b/.taskfiles/nix/update-single-machine.sh @@ -14,7 +14,7 @@ while getopts ":r" option; do r) reboot=1 host=$2 - fqdn="$host.l.trux.dev" + fqdn="$host.l.voltaicforge.com" echo "$fqdn with reboot" nixos-rebuild boot -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host" # ssh -i $rsa_key $fqdn 'sudo reboot' @@ -25,7 +25,7 @@ done if [ $reboot -eq 0 ]; then host=$1 - fqdn="$host.l.trux.dev" + fqdn="$host.l.voltaicforge.com" echo "$fqdn" nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host" fi diff --git a/flake.lock b/flake.lock index 62a0c88..0dcb3ca 100644 --- a/flake.lock +++ b/flake.lock @@ -1,27 +1,5 @@ { "nodes": { - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1711973905, - "narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -38,25 +16,9 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1710146030, @@ -115,7 +77,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" @@ -216,7 +178,6 @@ }, "root": { "inputs": { - "deploy-rs": "deploy-rs", "home-manager": "home-manager", "nix-index-database": "nix-index-database", "nix-vscode-extensions": "nix-vscode-extensions", @@ -262,39 +223,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index e46e379..6c48ace 100644 --- a/flake.nix +++ b/flake.nix @@ -26,12 +26,6 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - # deploy-rs - Remote deployment - # https://github.com/serokell/deploy-rs - deploy-rs = { - url = "github:serokell/deploy-rs"; - inputs.nixpkgs.follows = "nixpkgs"; - }; # VSCode community extensions # https://github.com/nix-community/nix-vscode-extensions @@ -51,7 +45,6 @@ { self , nixpkgs , sops-nix - , deploy-rs , home-manager , nix-vscode-extensions , ... @@ -216,6 +209,7 @@ ]; profileModules = [ ./nixos/profiles/role-server.nix + ./nixos/profiles/impermanence.nix { home-manager.users.truxnell = ./nixos/home/truxnell/server.nix; } ]; }; @@ -253,35 +247,6 @@ # images.rpi4 = nixosConfigurations.rpi4.config.system.build.sdImage; # images.iso = nixosConfigurations.iso.config.system.build.isoImage; - # deploy-rs - deploy.nodes = - let - mkDeployConfig = hostname: configuration: { - inherit hostname; - profiles.system = - let - inherit (configuration.config.nixpkgs.hostPlatform) system; - in - { - path = inputs.deploy-rs.lib."${system}".activate.nixos configuration; - sshUser = "truxnell"; - user = "root"; - sshOpts = [ "-t" ]; - autoRollback = false; - magicRollback = true; - }; - }; - in - { - dns01 = mkDeployConfig "dns01" self.nixosConfigurations.dns01; - dns02 = mkDeployConfig "dns02" self.nixosConfigurations.dns02; - - # dns02 = mkDeployConfig "dns02.natallan.com" self.nixosConfigurations.dns02; - }; - - # deploy-rs: This is highly advised, and will prevent many possible mistakes - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; - # Convenience output that aggregates the outputs for home, nixos. # Also used in ci to build targets generally. top = diff --git a/nixos/home/modules/programs/browsers/firefox/profile-default.nix b/nixos/home/modules/programs/browsers/firefox/profile-default.nix index b224f33..725dff5 100644 --- a/nixos/home/modules/programs/browsers/firefox/profile-default.nix +++ b/nixos/home/modules/programs/browsers/firefox/profile-default.nix @@ -4,7 +4,7 @@ name = "default"; isDefault = true; settings = { - "browser.startup.homepage" = "https://search.trux.dev"; + "browser.startup.homepage" = "https://homepage.trux.dev"; "browser.search.defaultenginename" = "whoogle"; "browser.search.order.1" = "whoogle"; "browser.search.suggest.enabled.private" = false; diff --git a/nixos/home/modules/shell/default.nix b/nixos/home/modules/shell/default.nix index 4c1112f..c86c159 100644 --- a/nixos/home/modules/shell/default.nix +++ b/nixos/home/modules/shell/default.nix @@ -3,5 +3,6 @@ ./fish ./starship ./wezterm + ./git ]; } diff --git a/nixos/home/modules/shell/git/default.nix b/nixos/home/modules/shell/git/default.nix new file mode 100644 index 0000000..117edc0 --- /dev/null +++ b/nixos/home/modules/shell/git/default.nix @@ -0,0 +1,77 @@ +{ pkgs +, config +, lib +, ... +}: +let + cfg = config.myHome.shell.git; + inherit (pkgs.stdenv) isDarwin; +in +{ + options.myHome.shell.git = { + enable = lib.mkEnableOption "git"; + username = lib.mkOption { + type = lib.types.str; + }; + email = lib.mkOption { + type = lib.types.str; + }; + signingKey = lib.mkOption { + type = lib.types.str; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + programs.gh.enable = true; + programs.gpg.enable = true; + + programs.git = { + enable = true; + + userName = cfg.username; + userEmail = cfg.email; + + extraConfig = { + core = { + autocrlf = "input"; + }; + init = { + defaultBranch = "main"; + }; + pull = { + rebase = true; + }; + rebase = { + autoStash = true; + }; + }; + aliases = { + co = "checkout"; + }; + ignores = [ + # Mac OS X hidden files + ".DS_Store" + # Windows files + "Thumbs.db" + # asdf + ".tool-versions" + # Sops + ".decrypted~*" + "*.decrypted.*" + # Python virtualenvs + ".venv" + ]; + # signing = lib.mkIf (cfg.signingKey != "") { + # signByDefault = true; + # key = cfg.signingKey; + # }; + }; + + home.packages = [ + pkgs.git-filter-repo + pkgs.tig + ]; + }) + ]; +} diff --git a/nixos/home/truxnell/workstation.nix b/nixos/home/truxnell/workstation.nix index 0b1ac77..9d07019 100644 --- a/nixos/home/truxnell/workstation.nix +++ b/nixos/home/truxnell/workstation.nix @@ -6,9 +6,6 @@ with config; ]; myHome.programs.firefox.enable = true; - myHome.shell.starship.enable = true; - myHome.shell.fish.enable = true; - myHome.shell.wezterm.enable = true; myHome.security = { ssh = { @@ -49,7 +46,6 @@ with config; daedalus = { hostname = "daedalus"; - user = "nat"; port = 22; identityFile = "~/.ssh/id_ed25519"; }; @@ -58,6 +54,23 @@ with config; }; }; + myHome.shell = { + + starship.enable = true; + fish.enable = true; + wezterm.enable = true; + + git = { + enable = true; + username = "truxnell"; + email = "19149206+truxnell@users.noreply.github.com"; + # signingKey = ""; # TODO setup signing keys n shit + }; + + }; + + + home = { diff --git a/nixos/hosts/daedalus/default.nix b/nixos/hosts/daedalus/default.nix index 8818f52..8d4f2ba 100644 --- a/nixos/hosts/daedalus/default.nix +++ b/nixos/hosts/daedalus/default.nix @@ -26,14 +26,11 @@ sabnzbd.enable = true; qbittorrent.enable = true; }; - mySystem.nasFolder = "/tank/"; + mySystem.nasFolder = "/tank"; mySystem.system = { zfs.enable = true; zfs.mountPoolsAtBoot = [ "tank" ]; - - # run impermanence - impermanence.enable = true; }; mySystem.services.nfs.enable = true; diff --git a/nixos/hosts/durandal/default.nix b/nixos/hosts/durandal/default.nix index f7cbbec..d26ecd9 100644 --- a/nixos/hosts/durandal/default.nix +++ b/nixos/hosts/durandal/default.nix @@ -6,24 +6,18 @@ , pkgs , ... }: { - imports = [ - - - ]; mySystem.services = { openssh.enable = true; podman.enable = true; - # traefik.enable = true; - # homepage.enable = true; - # sonarr.enable = true; - # radarr.enable = true; - # lidarr.enable = true; - # readarr.enable = true; - # gatus.enable = true; - # sabnzbd.enable = true; - # qbittorrent.enable = true; + traefik.enable = true; + + plex.enable = true; + tautulli.enable = true; + syncthing.enable = true; + }; + mySystem.nfs.nas.enable = true; mySystem.persistentFolder = "/persistent/nixos"; @@ -41,6 +35,7 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; # why not ensure we can memtest workstatons easily? + # TODO check whether this is actually working, cant see it in grub? grub.memtest86.enable = true; }; @@ -64,6 +59,4 @@ swapDevices = [{ device = "/dev/disk/by-uuid/0ae2765b-f3f4-4b1a-8ea6-599f37504d70"; }]; - - } diff --git a/nixos/modules/nixos/browser/default.nix b/nixos/modules/nixos/browser/default.nix deleted file mode 100644 index 1c7c3ee..0000000 --- a/nixos/modules/nixos/browser/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./firefox.nix - ]; -} diff --git a/nixos/modules/nixos/browser/firefox.nix b/nixos/modules/nixos/browser/firefox.nix deleted file mode 100644 index 58b22a3..0000000 --- a/nixos/modules/nixos/browser/firefox.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ lib -, config -, ... -}: - -with lib; -let - cfg = config.mySystem.browser.firefox; -in -{ - options.mySystem.browser.firefox.enable = mkEnableOption "Firefox"; - - config = mkIf cfg.enable { - - programs.firefox = { - enable = true; - }; - - }; - - -} diff --git a/nixos/modules/nixos/containers/arr/lidarr/default.nix b/nixos/modules/nixos/containers/arr/lidarr/default.nix index f433e00..b26f45b 100644 --- a/nixos/modules/nixos/containers/arr/lidarr/default.nix +++ b/nixos/modules/nixos/containers/arr/lidarr/default.nix @@ -10,7 +10,7 @@ let user = "568"; #string group = "568"; #string port = 8686; #int - cfg = config.mySystem.services.sonarr; + cfg = config.mySystem.services.${app}; persistentFolder = "${config.mySystem.persistentFolder}/${app}"; in { @@ -41,15 +41,15 @@ in dependsOn = [ "prowlarr" ]; environment = { PUSHOVER_DEBUG = "false"; - PUSHOVER_APP_URL = "${app}.${config.networking.domain}"; + PUSHOVER_APP_URL = "${app}.${config.mySystem.domain}"; LIDARR__INSTANCE_NAME = "Lidarr"; - LIDARR__APPLICATION_URL = "https://${app}.${config.networking.domain}"; + LIDARR__APPLICATION_URL = "https://${app}.${config.mySystem.domain}"; LIDARR__LOG_LEVEL = "info"; }; environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; volumes = [ "${persistentFolder}:/config:rw" - "${config.mySystem.nasFolder}natflix:/media:rw" + "${config.mySystem.nasFolder}/natflix:/media:rw" "/etc/localtime:/etc/localtime:ro" ]; labels = config.lib.mySystem.mkTraefikLabels { @@ -62,12 +62,13 @@ in { Lidarr = { icon = "${app}.png"; - href = "https://${app}.${config.networking.domain}"; + href = "https://${app}.${config.mySystem.domain}"; + ping = "https://${app}.${config.mySystem.domain}"; description = "Music management"; container = "${app}"; widget = { type = "${app}"; - url = "https://${app}.${config.networking.domain}"; + url = "https://${app}.${config.mySystem.domain}"; key = "{{HOMEPAGE_VAR_LIDARR__API_KEY}}"; }; }; @@ -77,8 +78,8 @@ in mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ name = app; - group = "arr"; - url = "https://${app}.${config.networking.domain}"; + group = "media"; + url = "https://${app}.${config.mySystem.domain}"; interval = "30s"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; }]; diff --git a/nixos/modules/nixos/containers/arr/lidarr/secrets.sops.yaml b/nixos/modules/nixos/containers/arr/lidarr/secrets.sops.yaml index 80c5da8..c02b8ca 100644 --- a/nixos/modules/nixos/containers/arr/lidarr/secrets.sops.yaml +++ b/nixos/modules/nixos/containers/arr/lidarr/secrets.sops.yaml @@ -1,6 +1,6 @@ services: lidarr: - env: ENC[AES256_GCM,data:lxWrT4S/irVLwthc75RUX3bM5JEHcsGup9sdJlUe3Utq4XJnBfcFE/tcdOdjGrQuSfRguOFnoAlFSAsQkl0SLUb1OodcfYylKhY7CMg1ZFcpl5vWZdq0Ot6/tEGxkUqeDZDRg2RNedotJ98nrPc=,iv:gmnwzagAiX4XCdsFy4Xp2n3FsgPUD017S8XL8qOhOjc=,tag:1343PXN07VjR9Jct1Pk+Ww==,type:str] + env: ENC[AES256_GCM,data:CNeLt9d/2eZhiazlJXKJzr3oLRvtMRLCJbNQ3ZEapLj3DwswxkC8SH4003DCCyyw98eDNzcTTwFpeu26nAuCmChJqNbyaD7j9k87xGgr+k+OjYdzUfaW3kNnz0dh2Ip2ryg7XTws9q/2laWlqyY=,iv:H2VVi2j0JI8WhawPXQKdMoHCK3S6SH1N9fwRXsz+sAw=,tag:o9ZEB1Pxogere0/gV9uHZQ==,type:str] sops: kms: [] gcp_kms: [] @@ -10,59 +10,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkcVZDNlJUZ2dJRWVEYnpU - MU1ud2o2UEVxS21DZmd1QnZjcHpLMjlpUVVBCkY2VktEdkM2OElTdS8xUkovclBh - QzduZ1A1VitaTDFjeFZ3SElOYUV5amcKLS0tIHNBQXYyd1Z0TFI0QkcrVC9FQWdx - WXVvMjU4eU5QZCsxU25QZStBTWhZQWcKv6Mgm2Y2SzrtuzkH7Z43by6T8ROxCgus - QaEukJv1ut6ISvYusApAJvKDaF5KofSR8zMNHcUZqtYKP4TppB7Qnw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4N1p4aFNmbit6ODBacUVO + bUh1Sk1oQWZwaUF0RW5UVTN5b1RHdnRjRXhVCm95cndpQjdmdGRTd1gxV3ZVS3NF + WUxrY1FyNkpKb0MzS0d0bjJvVFdVazQKLS0tIElPN0JqMkUvbmM0aWxVOFY3TkZh + dDRjb1l1dHcwNXpqY3YwVHdRR3FTYTQKlklHK/ARZQvcDBFa/am6aza1NdUl1mmP + bvP437PbtoSTZJNQCcRE1tv+3i4xC+OPVmuE7e5BJ/BBdHGSdyziPA== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtR3EwWFpDbHFNMXJOSUkx - SG5rV0JRcWNLT1RnYnBzTFIvRmorSVZMZGxnClRvK0JWaGQzdDY0eEFEV3RMbXRP - ZGhkWGpPVHRhc3RULzlJME5qSkU3SXcKLS0tIFpCYThyV3pGcUtYcktzSGQ5WU5v - Q2hqUlBkU2ZITDV3SFgyTDd3WC92TlkKbS6OxsGcP4v2U1t83ucQ0zUUVbgT35sg - C5KGUS+2+W6J850hzjvd8aYTxx1fBrC6KrWGgqhLUDYfhmHUP0evAA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuLy9zY216TDBaTmdDcnJo + NWR0QzRXb3NyaDdHVExsSnJ4NlFKc1lMUnh3CjM2VGpBdjNMY3RJOGVMS054Z3Ji + elJPMzV3ZHA2anZUbmpXaDhoMnE3WjgKLS0tIFZndDQvcWhlVDM3U1piZnhOQzBu + bGpPemtXY1Z6NXNjc29JMDNBOG5Kc2cKcavrDAWBVmzjY7kO4PFve7oP/mSkrtLN + by6Y4jFH6ndySi5dZlPX+GeyVhlgOtV3CXIcojtVFSVSY4x6DxUARw== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVFNTUldORnN2V3RLRUdT - VEpobWdISDBHTzI3WXgxd1JaOWJsaXRCQ1ZFCit4UFdmS1N4cTFnYUVIbTN5NDhs - WDJhS1JxZlloSDR5aW1sQ1lZZjkyYmMKLS0tIG5IdjVOWkpEMytmUWRYbjlRZkxo - ZDNQTCtucS81UXVXYm1BZWZzaVFCR1kKjfx36fR7lTBAa/NNn6NhIVKmzmfpZ4il - sxh0ISEEjqCBo04WvidZmxPK2w21Pbkvj/yZ0n+sjY+FBIBBo4GH3g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0cktRZHlHMjFPa2x1QTJW + Y1RPS0lVRTQ3MmhRNW1zaEhxTkFzVWtIcFVrCkRFWHpTMU15bkFib1lHWkFJMGJ1 + TStXaWN6eE9tU2RvNmNpMnQyWkdaM3MKLS0tIHhhQjBtd1FLcHlOV1Q1NG12MFlI + T2hpS1hYWnJUaUE3ZGFzVzFza0tjSEEKhnpYBWngmgWQfn756hmclB3oeEyFye70 + Kd4PdabjMOECpMWAuFbPe/4tZW7K4Y/wqylQ+Z2oz3TkcLxrm6S+zQ== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4KzdtYTgremIzVS9RMFdZ - Z0MxRHM5eG9HSjZaNzhOdGZoY3Q2THcrWGk0CldIbk04anRGakNaS0tmSDUzd3Mx - WHlvOHF4SmIzTUxmRktYb2hqcVhrUUkKLS0tIDdKSTdienRncXFTZHlZYlRJMkN6 - N0xTdkJKNzdJNG9JQW5HTU45UkQrSWcKgW99UNgbs3CdMj8rmtLxRa4IRlx5VwYy - yNbHvTnl41DJRdv7kn7e05pFJ7Y3WeYH0XfozKw+Tk3pct7h7hGOBQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6RmlSZHI5byszTkducW9l + aUk4cTY4dWhILytpb0c3SElBTnZvdTBIT3pVCkxZYUJzb09DQzNCK2QzYno1bmR4 + ajFVL3V1WkdUN3MzRGxaNHRVQUVZbTQKLS0tIGU2TWdtSXBpRTB4N0t3YzR4ZVhi + NHc1Q0dmWXJLYlFpOXdJVS9NY0FuVHcKjdqOjcj9lO/cAjAR9IC8MHhWwsZLASEW + dLXvW2Uq9yemF+X/lVh5FcWdZH9/GzaRVSIF7dtJquMD7QPie9tUzg== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVMXJmRFlxc2VqMnhCVU1U - THhVSG9QS3RKRmxXRE9VL3pUOFBYd2VrbVFnClZGdFZnOXBjazcwQ2QrcTNWT1lV - OGxkM1pVVDV3UEVjM3krcWpGN1cyeVUKLS0tIDU5Mi9ock05YUMvOGFXdUNpQWUv - RjlsTWJueG5tL1dxUEgvYVVVUHhjM1kKcHay9WYhxOY9BHDAd5logzzMmGzMuW16 - Njz2FcsymdZ+YBFhQ0oyAk1v7oYpu2JrMwP5MI5E75/PgGsbQgm3uw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTHhDU2ZCK3EyWkdBQ3Mx + MmZzT1B5Ukt2QkhVOVorQVdnTHI3MnRwTENrClgwWXg3cHpocDAwcGJNRnJXajY4 + b3QvcUZia1JZc0d2VUJnOC9Pamw1WTgKLS0tIE04dDEwVUREVkFpaGZPU3U0NHRL + cG15eUk4TDJPZ2VwYUlweEVWS09yWUEKygFWuuYw7T30P83Ds6dJo6yU5UkcTGl0 + w04upLLxzCTZW141ACNS1s2ydTrs/tfFvzgmP/Hm8AoBrfBbSgVObA== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGWVcwN0g2UHRnUlNuNEl2 - M2FhTW1aQVNuMkQ3eWpVY0VHMFhrQUZGc1hVCmlqSjljWThkeVhPUnZVbmVEN3hx - RDJteC8zWTdDVkRaM2xEMUVROUxkTlkKLS0tIGQyZDIrdmtLWnZQN0ZXTDhQWEVG - ZzI4ZGNYME1IL295NTNDYnF5eUJVNWcKHtkBcI9hycZbL3FJmZS5VH1Ig8yhbvk7 - lvZEAbNpObvFiG3pNyuOSJ2oMMT0bOEGAnBUER/rx8S1s8GDONONBw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MHl6N2pPdUMzUzV6YVY3 + TzB4UmRFc3hmSk1MQURUakZReExZMVZLd1VFCmN6MWxHVFFJcEgvdFFYZ2lsRllD + Rkd4ZjVMdXlmYll1cXVWdS9SRXNWZ1kKLS0tIGxodVM3Q3c3K1p0UVBLa2Vpc3FP + ZXZscmZZN0VRdlVqdnlSWkx4WHMzOHMKbixVd4tn+cmwDp0Fw2/05Q+k0VxLqeqn + E7PSrCkdxnW5x8fJO9JUKsXeisif2AqCNOXQTuH5PXN43QWEsfKdng== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:Dl5La9KOKdZHMx5xtdgpJTOD0t7Tt3YoUq4i7y7yjGV5ylVkHRXIg3thaADIBcCgu4sVcJjGz46fqyDbezcSoaWgZBu+dpJEpY4VMBjIIygn12Nj0Dwhc8ILImnIH9vQydCc2hukdM80eZfKgeDjq4oBjLtZqhiENoP6EnWh6fY=,iv:JY62wTyhAzlTQgCi0WtWFb1hUCjJZ3VMtcIWanNyQlY=,tag:5jAmHLV69B5CkVXIJVKrgA==,type:str] + lastmodified: "2024-04-11T11:56:37Z" + mac: ENC[AES256_GCM,data:9HRLNEt7he7qoSTHCi0wAHkuzLoAg0JOFbr4syvomYy5TAIH1PzVgX9AUrZCz90pUBQdHx+JDbnsfjP3EcVNwxdABHAlF6GzA1RsfVne4nRr2W9rFeQtREGPuNH8imTMitxEo2C+42tnLr4oYneawNZ2EHrBKlQRhIcxQCylQWg=,iv:kmnE66eFBI7ggNYfknktB06tVwn82y/9Y4NGrUqpAMQ=,tag:8U1IiM0ofEnRHSy6Zz6W5g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/containers/arr/prowlarr/default.nix b/nixos/modules/nixos/containers/arr/prowlarr/default.nix index 4070cc2..e119c69 100644 --- a/nixos/modules/nixos/containers/arr/prowlarr/default.nix +++ b/nixos/modules/nixos/containers/arr/prowlarr/default.nix @@ -10,7 +10,7 @@ let user = "568"; #string group = "568"; #string port = 9696; #int - cfg = config.mySystem.services.sonarr; + cfg = config.mySystem.services.${app}; persistentFolder = "${config.mySystem.persistentFolder}/${app}"; in { @@ -40,9 +40,9 @@ in user = "${user}:${group}"; environment = { PUSHOVER_DEBUG = "false"; - PUSHOVER_APP_URL = "${app}.${config.networking.domain}"; + PUSHOVER_APP_URL = "${app}.${config.mySystem.domain}"; PROWLARR__INSTANCE_NAME = "Prowlarr"; - PROWLARR__APPLICATION_URL = "https://${app}.${config.networking.domain}"; + PROWLARR__APPLICATION_URL = "https://${app}.${config.mySystem.domain}"; PROWLARR__LOG_LEVEL = "info"; }; environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; @@ -61,12 +61,13 @@ in { Prowlarr = { icon = "${app}.png"; - href = "https://${app}.${config.networking.domain}"; + href = "https://${app}.${config.mySystem.domain}"; + ping = "https://${app}.${config.mySystem.domain}"; description = "Content locator"; container = "${app}"; widget = { type = "${app}"; - url = "https://${app}.${config.networking.domain}"; + url = "https://${app}.${config.mySystem.domain}"; key = "{{HOMEPAGE_VAR_PROWLARR__API_KEY}}"; }; }; @@ -76,8 +77,8 @@ in mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ name = app; - group = "arr"; - url = "https://${app}.${config.networking.domain}"; + group = "media"; + url = "https://${app}.${config.mySystem.domain}"; interval = "30s"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; }]; diff --git a/nixos/modules/nixos/containers/arr/prowlarr/secrets.sops.yaml b/nixos/modules/nixos/containers/arr/prowlarr/secrets.sops.yaml index 317b652..28ae70a 100644 --- a/nixos/modules/nixos/containers/arr/prowlarr/secrets.sops.yaml +++ b/nixos/modules/nixos/containers/arr/prowlarr/secrets.sops.yaml @@ -1,6 +1,6 @@ services: prowlarr: - env: ENC[AES256_GCM,data:hUd/39VQBX5mrtVVBE9pB/10FysJflAPgbVbSZpsw8DFXj3yoHxjJX6SAzRIz6K1iHD4kLTLjlO2jQ/L/C95byuLqNhgUHuGpdMQNJvkye3apJSwnCxE4wv2oNnB9cJXF81K8efvP0cqBNhBMfNUwNYa,iv:UCk6Z7oVY40c7hF5gJ8xR21jgxV5n6MIIAD3YZ9r6KU=,tag:EfCCHmJ+IqA82JEhIAzQBA==,type:str] + env: ENC[AES256_GCM,data:tosSq3uaBG3aWTf2HjIbYDwwgi4HcbRjZ+yU5udmgueraBcdgGkbzftziFOXaMJAsXQTuWl1xBRMYf7/oLKQFpS6ZsqyV8jpCOY4aDCb9g7AiNmBiqzYEoCNhorARX2o0CHDwUruU5TxSanx/ahT3GVU,iv:VY9n7WgNHyQDUfhgcjcx50w/5dJSdh94WPhnjHumCT8=,tag:JRArtemWaxiEweBS4MQpDw==,type:str] sops: kms: [] gcp_kms: [] @@ -10,59 +10,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoTUdVOUc3R01XREtPODN6 - YmpHbS9wRlZsaG1nSi9uRkVXNTc3cE9NR0hzClNXSVQvSW5KU3pkSHROU2JhK1VE - NXVIWTljYnJueG9udzBmcUJEZDNnSmMKLS0tIG12VW16dkxrQmRYOEkyNFBCWitH - d1VnTHVjTm9VK3pzY2FzMkptMjk3VE0K9Wz2lmxhe1MdJ+7Z/bIDsgxHNkHGDVB0 - eM1fRSOWBdmZJvd7UxJ79LTgymgiRjP/gDGUAtIuLMaAHkChIbN8Ww== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WVRlOGV6QVdtYXRxenN4 + dmI2LzVYNEZSdnBDWmdYbXlJcVQzdlYrQ0ZrCmRiUlZnVXdLOTZXNEV6ODdQM1p3 + dWxCL2VhdjcrSHdwT3kvbWR3cHVaSE0KLS0tIDdEbzY3TmFJSWJKSmtaZ3dzc2dL + TG5sU29veFBObjZackhtcE5WczI5eDgKpUFMN37YWaUbpu6kuNr25CkJvI3O1CNe + jmcJQOW5QwSbIZbmk6U3TvELBvz766RlK66heE5KGx10Li9AJBXaEA== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MjR1azhEcnhqaGVtazBJ - eHNwN2lYZ2VRRVJESkZyaDJ4TEV3eEc0cHo0CkxLL3ZpeFUwd0dIY2JKemNlcWFq - a1o5a3F3RFVSSEQ1UWc0K09QWXg0aE0KLS0tIDdJb05aTjZNQ0czWlhNQnRmdXVy - S1o4STZydVNZbzFwSm9kUjhpcHRFUEkKdmKu/jDfBgwhMDKY1sfz9bKjaqhu/1Eg - uYqLGaf9TCxOnYSTtdSQH+Q0usU0IV/DcrPNJZsJbkRpXpJLIz11/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SkYxd3RRcHJlTE9Sb2Ry + VXJtVDB1RTN3ZnNPV05FQ2RCSTZPT0xUdWtzCmRaMWhsVjBFNTlZcGtpWi91RDM4 + dlZIcDl4NVFUOElPY293aUg5NE1BaVUKLS0tIDlnMGhkdXV3S1dMS1F3NDBha05K + QStGQlgvT2JuZzk1eFQ1MEhRd2RCUWsKJ4Rbbye9WKsMfmsFSrzKp4EsCc46/CQB + X6AqxkIi/fvwy9ZWrqDzLZn2iq4O2Zt8g6wEYaUDudxEWlR1C4JGcQ== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbGpqbDdZcWdlbVYwOXBm - VzdDQ3JIRGNEQm45TjV2OEZCZjVlUm9uT1JjClBtb1ZCOWNNbnlVekIxREtKRnRi - V1hDK0R6QncxMGdmVGh0eHB0ZEJNbTAKLS0tIHVrbXRjVnJhUkNNYnIvYmg1Y25H - dzQ5SjYvUHA0bTNJS1NkbXlUK2tDYXMKx4u7Elq6jjqSR84PBnXNwqyKJCETv6f9 - Bn06vcCHuzApT8SGuvm4+v34IbZmUwFK930aZiMkSnjDn1LLF7DqcQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVVzFFRkExbkw2c3JqVHcy + ZUl0azlTeC9JTkNMdGdPamVVbVZBZ2tOcHdZClpQcVdISUlEcUE1UEtrVlpISlNx + RytnSEFua2h1Yy9rRkFxNkJldHBDNm8KLS0tIENKcE9vZHJUek5jdkUrSmVDSzlF + M05MN2RQajhPR1oyaTM2YWRLWm1LcmsK3m970XSRhwIbMaSjd2OnH7Wm+qVkI0qA + 5HhJ0EsGCQIDVrSFCnCV85mcgUlglCnRaSu0tWL7lH/qIvzNOG1YUQ== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZVVWU3lRSnRvbmdoTll0 - c0tYZkdKYTI3eFZSSTRuUlhPT2lHQTFYRDJVCmdUeTJvZWlIdXRqdjNBVXhWL21r - WHFmdDVuRnN5S0tzcmYvT1h1Vm9qUjAKLS0tIDBJRTNVaG11WFo4OWRGYzVya1Vn - VElmRlVDRVdLNGVvVXRhNGkxY1VhQncKo3zk7GuHxOzDg1eYKkCLRSvulQ0PmNff - HrJfk6a4CprFKKdhv0EPIu7u/ggBsOyWpmHRoN0+0IzMgkXU4Sjthw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0WFVmWXgyZGpseXVIK2FV + bTZuSFdXTUNET290UGRDZ2d2OWZ1WGZXeFM4CnRNNHc5eWtSWnNvMHBEMnBXTll4 + NDhrL1NrNFRXR0dlYXdYWjliaVVsVkEKLS0tIE5yUVE1dFQ2bzBSYnZiNzRmNjk5 + ZmNrNjJFWDVYT0M5Nms4aFAzd3E0SUUKL5cKrLsmk9zZGCmPhlo9LTH+dZicq2GQ + /lcvE5Zr7H9QfaAfXIjgc4g5DLvCbxq0tQxzbUdg0mtCuhIUXpTSsg== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNys4ejR1WHZwdjdCa2ZM - VCtmS1ptWUVwNlgzVEs0c3RkTTBVbnJRNTI0CkhIVHZVeXhJdGtmM05yTEFhdVdl - TDNDc3FYa2pmY1hVd0ZrSDBiT0g4M3cKLS0tIGJuOUZIZCtUbkZYZGFyTzZheTZp - QjdZS0IzYXl6d01xS1ZTR0xLRi8rSkEK19L6i+KSc9rnZ+pF2BKfIrp1zeipyNNy - VGcwyh+YD2K1S9KAgCffvr1zJ0Vwf/Ttc4/pqiSTnYIUJeBHNx/s4A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbnMrS3FZUWsrOFNhU3R2 + bGtnMjVzRXpxWVRUb2NqQm9YRlJPS0hyY1hzCjc5Vk5iMXZNcFpZdWxMM21qNmI0 + UzhWSTYyZ1BuOVdjQVFBUU9BNCtrQnMKLS0tIGtFdFlObDdYSkRpUkdTaS93eGM5 + eUJldE5jRURQUmM5Ykd2eXJXbExxdDgKQUOwrK0wbhqXMTEtV4FUMZdHsXaXf8kT + lzhAovOKimF2Q47Zr58QFnJTAk7HBGoZ4sBEAa9dfvG6jRg4B3NVkQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ZE85THN3MDF3Um5TckU1 - SHJlaDc5eWRTUGROU3krcmorbkZmTEFBcXhJCjRFNTNOVXIxMW8vQjZEY1U1OE5C - ZS9lUFNkNVhHaHYybTc2YjdpaWxIaFkKLS0tIE1lZ1MvdG90aVd2aE5PUXZrSFps - cmpuTEp1U1BoTjJ1NnVtcTNlQ0FaS0EKDtNAMdObm+nK0WQ1BtQllguTkzchIIZ7 - 99kkhXumgi/qsri19ZSXsz9GhDliISNHW2oo4ClCwJg2Wk3wWIRUow== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1M2FqSkpKZkZ1QW9UYXNQ + enVIdzlldXVJZXVWdVRmMEpkWHpVOHlObURZCk9xTWh5MVl5UjJxZnplMC9lN1Qw + cDJ3ZDBsWWN2R2xWR09NU3VFT3hueUUKLS0tIHhmMGNBWkRZNGQ1TitIbG1ZVFJF + ZXFacDJYeUdjbUk2QjhuWVV1dEpNdk0KU+zEg4KPciFx+H8/W2ajrlLPHL+WX2fL + q0ULbEBieZ0SrCqrnRl/XR1ZxKi5RlJJKKIIfOjEDryy6AtlEU+3SQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:nxW6oesMxMTUEy492qiSW6A3D7xZHo2YaIaJ3WZCk7Pr9bPPzGQnJmkYeiANiIOJNPdeguMZrBJ69Ng6wObBzn4YQc/noLItuMOPzJscpg/p7obPdG9ijMpl3/HIcY1HVdV0skJsXW8l3LvcCE6Ynx/jxbbxzXtyEV8Pm5KU6oc=,iv:l0nE1E/xjmk5fzqYyCzgmZMaSdfGbKbZ3XkXBW1FeTs=,tag:HHqtBv3rFOzXqvb/IsOl5g==,type:str] + lastmodified: "2024-04-11T11:56:37Z" + mac: ENC[AES256_GCM,data:m3pQR6lC0DzLOi6ZFK9DPWfjKnROPcFXdlukUP7f/udjLhqWeZSl9HDs7d+xS+o/MdSeoV7BnMs6NcMhzXHz5//AB1pG0eNxxO0mALZKRqjEcs4ZRrnTeYb7TPOVLpGh+nDCe+RzJ81xqM2cDXC+ajZlnJpZ5XLalxGBu/vXupg=,iv:ZW2yiNKrm2TwZVqhR6vtAuc0/Dy2mPSN8z6ey8dcpJ4=,tag:DzxtOSRMUP5LDMEvJavy0w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/containers/arr/radarr/default.nix b/nixos/modules/nixos/containers/arr/radarr/default.nix index 80acc4b..5618023 100644 --- a/nixos/modules/nixos/containers/arr/radarr/default.nix +++ b/nixos/modules/nixos/containers/arr/radarr/default.nix @@ -10,7 +10,7 @@ let user = "568"; #string group = "568"; #string port = 7878; #int - cfg = config.mySystem.services.sonarr; + cfg = config.mySystem.services.${app}; persistentFolder = "${config.mySystem.persistentFolder}/${app}"; in { @@ -41,15 +41,15 @@ in dependsOn = [ "prowlarr" ]; environment = { PUSHOVER_DEBUG = "false"; - PUSHOVER_APP_URL = "${app}.${config.networking.domain}"; + PUSHOVER_APP_URL = "${app}.${config.mySystem.domain}"; RADARR__INSTANCE_NAME = "Radarr"; - RADARR__APPLICATION_URL = "https://${app}.${config.networking.domain}"; + RADARR__APPLICATION_URL = "https://${app}.${config.mySystem.domain}"; RADARR__LOG_LEVEL = "info"; }; environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; volumes = [ "${persistentFolder}:/config:rw" - "${config.mySystem.nasFolder}natflix:/media:rw" + "${config.mySystem.nasFolder}/natflix:/media:rw" "/etc/localtime:/etc/localtime:ro" ]; labels = config.lib.mySystem.mkTraefikLabels { @@ -62,12 +62,13 @@ in { Radarr = { icon = "${app}.png"; - href = "https://${app}.${config.networking.domain}"; + href = "https://${app}.${config.mySystem.domain}"; + ping = "https://${app}.${config.mySystem.domain}"; description = "Movie management"; container = "${app}"; widget = { type = "${app}"; - url = "https://${app}.${config.networking.domain}"; + url = "https://${app}.${config.mySystem.domain}"; key = "{{HOMEPAGE_VAR_RADARR__API_KEY}}"; }; }; @@ -77,8 +78,8 @@ in mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ name = app; - group = "arr"; - url = "https://${app}.${config.networking.domain}"; + group = "media"; + url = "https://${app}.${config.mySystem.domain}"; interval = "30s"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; }]; diff --git a/nixos/modules/nixos/containers/arr/radarr/secrets.sops.yaml b/nixos/modules/nixos/containers/arr/radarr/secrets.sops.yaml index 91b6bfc..dbcfc50 100644 --- a/nixos/modules/nixos/containers/arr/radarr/secrets.sops.yaml +++ b/nixos/modules/nixos/containers/arr/radarr/secrets.sops.yaml @@ -1,6 +1,6 @@ services: radarr: - env: ENC[AES256_GCM,data:ukUND0l3OVMVD2ChJhzGXwzeM2fCgxkEVygfXdRkWo0XH2QZB5FlYSqx+AasTAXcqOaaH96YrAIQWeYQADrXP2mmSBG3e2V7ZFOyADN89MSEkwr4XtSdTEBl2l4v49geN6mhkHI67Wm/kdV3Vpnj8ViOTnwXIgaRgTc+r9Jp0pyg1WXdZqdU8jOtPNbniCzfRemcxLM5MBIF5Wd5bBrHW8/+yj42/1xL18iO6bgpN9k1tenq7/60ajgDXD00AiAMYKtyCDtJEqvaKiAF/1yf,iv:e/Bb4ztBM/cSnouFxgxQy5iVkRYnOwaz1bYdDKA6ySQ=,tag:UcAGRhEI6Gep+V4L+YjdMw==,type:str] + env: ENC[AES256_GCM,data:xNR1zU9Il+jeL2uuKtiMxQV3IHDZ6uAAOnP8/odiQIlysPpcKMrP23z6iKSeUgLha+WtYYk61FmtR9gr5QcLl6WK1EWcyVfiw7ndbZgczWUr1irGCNAGGbKcyqoohUFg9aPcOUBz4MQOpdPK9gc4Uk2QAAB63HxcZxfLDQCHc9M/U6Tm8Mu81x0DtFa6gzAGeAPjeydofrY8/ZnMIkAIVxuCKOw9N6pFSCeF6YS4YsGGC0pcXSyRelnF30SuJewLm1NmE6ub0e7+FW+0Y5nO,iv:XzoK7NaQjmi/8smaJTyWLAoUENVG4DRkYL12Bb09AT8=,tag:jFAHyoSjrp1CBSG0SDlADA==,type:str] sops: kms: [] gcp_kms: [] @@ -10,59 +10,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwN1ZCTHkrRkRzY2FvMEFB - TnhuRFdFckY2UVJBWGxEOEE3T05SOXlRaENZCnpPbGc1aG9vQ1Z2emlSY29rYVNJ - c0xkUWRuK0tBelkvOUpvRi8vbERGTWsKLS0tIFQ2Wmh1ZzRmdElBbEo0S0NrQWNM - MG1LMEJSTzBzcDlPYlhTOVhJY29mb1UKU6F0gaSPshJJ/7s5E8nFcX8sznmNGAAO - U7e2YoImKOteHOTCp4mCIDvJMbTWAls7LeElkVTZrdG8Cd0qFQLbZQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSkhzTTg5MTgxMS9pbm1q + cTdERTJwU281YXF0N0NQNmIwMWw3T05ZMHpnCmttbmcwdjEzNVVXZGN3WXNwcll2 + bUxmRlhIbnJ4aDNFM3Y0ekVReFNuTWcKLS0tIEdCSDI4MzY2b3d0M055d2lMN0kw + NzEwbkJTd0d1WWxvUHFNUTNiMVVhSDQKvq54ESh7DU/VGOu4Oe9D1esq+mbVOeKy + 7xcX7vU4cI1dqMBRciigwfV/45Aq/fhcZWDY+gv77claD18BgjXZjw== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArYUJycWowckorWDI5TW9W - WVNuaFJrbHRqUUp2MG1MWFcxMFRIc0lmTzFVCnZ6N2RpRWphaTN1dk1iU2xYYWh3 - VUhmLzlkVWxJNzNpc0dPRTNRMmZaU2cKLS0tIHkwdHlYQ1hDRzlxUGVlYmZZOWZO - M05EYmU4SDU3YlR4Y1FNTjNrNSt3d1UKjOYnX6tAYGV1FIQ1KhsxlpP3G4iGKvzQ - B856D24XmztXROWxLekQRqG2zA/tfBnRzyeNnnPf0k///4lPFBfhRA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsamdmNnpaTjdUdklxNlhm + U3BEVVJJZWxlQ0hUQlAxVmV6MnNUaWpaTVhVCk5PL24vcUsxeVM2aGtxZ3JlN2VN + STF5VW5aeTRrbHFGNDFXeGE5akx6LzAKLS0tIGRzbXVvTUs5ak0zd0Ewd2JYM21u + cjFRTjFVNzFyZzI1Ti9kK1E1U01zcTQK7a5HVOPOQ6dEjjc6fLIiR0gPBQp2sl65 + bZnjLPl4OW1C1vQisk2c+jw8setNdtHZ1cNEX/Tpp5jMRvG6wfFdDQ== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OHZjNFBxNHJPaXRxMGpt - SS8yUDI2RUJraGRXV1hpMzRMc0ZnUEJrN0hvCkNOMENQbXlJd1JxNytFT0FpS3NB - VXNUd2NSWTBFbmhuaVcyTXFWWU1SQlkKLS0tIG4wTGlxeEx5SlN6NEhjbm9ma3R6 - MWNGdlFvZkg0OTl6M2pOb3RyTEQ0ZDgKVJ161HNXY9dh6bTIlf/G093ZJNUuDFIW - inXia0GDh06Vq3V6f9Lt4DW+a9HZdoIT8NaAOcNmc+8a0F1h/5jZxw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTU0JWZlV0WnptcWk0V2tW + RGp4NXU0TlVrcThnY1ovcnFCT0tFYk5qWVI4CmxPWVdNd2pjNndKQzlpVjdzRndU + VC9GRFkxK1dZakc4VWJTK3dhNFI1dWsKLS0tIEVKQkxmK3BCcVlCTExxaytWc3p4 + ZWJWaWlQUE5panE2UExRdk5VTXFLVTQK7b+YCdLJfBuDGjdTT3+jBrt/UtLgqopl + Eyu8qA1vcANG/nHyWNIsv9ogXXPns5tx/EjHoDWFtmK+xYb35elahQ== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMejVkNTZGaDF5NVMybVRE - RE5WNDFoKzRURjdMbHBHSXNsajJiQW90MlRRCmpyaE1MQVFGM3pDSDU3Q3lPQ1BV - QjVRVk5rcUVFb3pqdmVPMitRUXFDWlEKLS0tIElKV05IQnRVbFE2TnI1OGxOcENE - bzZpZjJtdDJpWWVCcUZ1YVoxalFDMlUKnhnYyirfgIhVZBnYN8PnXY3eRm5eDWn7 - NMnsvahaQfplfIzY7nf3LV1y4s4eptnpmpPrygn52Y1TNiC8neF3vg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYT2ljZ0l4ZXNKQnNvcExW + dWxnaURiTWx4Ykt6M0VueVRLREh0NEkrR3k4ClYxR3F3a3hDazV6ZWpYZ3lZUmJY + OFZBeFc0YXBvWUU4TVBPWjR3WDM4NTgKLS0tIFJUTzNmZXBPbFhZZG10cWNQK2pW + ZVBpZmFMeGswNUVOa1k1WVdmeFdrVW8KXjm74fFrEhWTP81MVpGxT8DOPGdfldFV + 6AmRLlon/j4LFfhHEa+mMQyRBQ4Yf3ddA1ZGkMENpmYaZANEMK27VQ== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SElkOTdpRWN6TnkyQWJt - dHBBSkVYeWRERXlPZWxwT0lhRzcwd3FrR0FZCk5NRmg2T1dZZEtOcjk3QytnUWF2 - T3JJR3lHV01reDZPZ2xtY2RKYnNDTWcKLS0tIFNHZEhHblU5aDBJUGlBMXhGQktz - QjRST1RQVWNZZ25nM0p6Q0FzQ3o3bzAKQqKRumMEIggkkzcPfuRfDkfRqbkLLbok - 9DDYqxWQDuEDa3wDm3n13uoN0iwVzdDIUj2V2i5xgNyQgFFyEvT4xA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMzViTnhNSVpuNGRQUmZI + ZmVicEIzb3VEYU12K1JFWC9lTlh2NzEyVUZjCk9qQUFmSm5od1pKQ1hOMEZ1dzV5 + U1BxcDB2RjFndTBKV1BxWWRqbHZYVjAKLS0tIE0rMDJuMWFzQzRUL3Q5aHB3WDI4 + b1JJOFNxYVBPdHc5Q0FvYTBYdG1pQ2MKClJdJIeOlCsZbV5crlNWb0ibIRo4jgb1 + x2qfjH4kcyyxueYaYQmVAsJwus+mF5DphQH6GLyEBWhecWU7hd13+A== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYWlJSVBCTEVVVXB4SVJS - NVl2ZXp4b2ZxeDFKRk43ZEMzL2FQOTZBd2swCll0Tlc4OEJUWENWUDh6THhHYWtj - S0RzdEtQemF6TkVCSUZJaFVGZVg3T2cKLS0tIGRqclN4YXJNNG9SY09TOHhmWWc3 - Z3RQZ000Lytoa2lwUnN6SVB3UngyNGsKnF7qVwcmVJmJhY8GfW3yrC9QEu/V0/wv - eHruyTb3CfUqJ9rrhhQ0uOUCZ3YHZjg0rMfOjj6bsZPjGL3kH0OeWQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Z2ttbFphWEJOZGlXbTAx + ejAvSW5RQ0ZtZnY2R3hZcFQ1dEpZVjlabFZrCnVCZzMzSlpJcmhLVUNaRXdZUDRq + OEhqbkRxT1lvN3l3K0VuZ01aeEZBTGsKLS0tIEszd0ZjbGxJc3BJYVdIeDVCSnFC + S1lZN3NiQlZYclVQeHBheFpnS0dHNlkKnm38ebqxyazFs2f3R+Z9JxBDi05fMmgL + 7zt4SrK5puEz6Tps+Uzxc3tIw72s3IKjiolJ5NTLggVDxJC5RTHK6w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:1GVohNu9Mz+6v7QHjAvsq8QVYaHnjdmWAG/CpMU8Xg5e/4MJr0N21jh92M8/09hZ7quv0Tvh9KfD/O0j4cssuYcZpCGZPrKSZ5D4NVTYN6bI4oVGgiloPtMR06g1TLJBOmov+fdwGtU5JPf0J8HjbUx/63ZLBB9o6CjRWK7C3Ns=,iv:lxn7ZCH6YWcccZ6Rs7d/hEV/rhDkmGVMb12W27zgN58=,tag:LejroHBhmmHL9NPMHa+y+w==,type:str] + lastmodified: "2024-04-11T11:56:37Z" + mac: ENC[AES256_GCM,data:eBU8ATyScttrDfc8M17qCGrNVNxpfnW+u2f3JTiuKl79+KgVLF958K7BUiYGZ3J+BrmWHsV8YeAso6hjHS/3JLJJyRGlMeQ+ywJxglnj87TKVitqRMk0Kx+BVE24SjGxJ97/IsDUhBmLVxphv49aeiaHtPAPQ97+OfFKwFOaHwQ=,iv:0KvN1Xc25QQd9/v7apuM22Dyr5VRCwiP7eRTPi6Jrcs=,tag:lyiiNPo/Y9+RWiBzV3RmMg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/containers/arr/readarr/default.nix b/nixos/modules/nixos/containers/arr/readarr/default.nix index 930c9b3..c582121 100644 --- a/nixos/modules/nixos/containers/arr/readarr/default.nix +++ b/nixos/modules/nixos/containers/arr/readarr/default.nix @@ -10,7 +10,7 @@ let user = "568"; #string group = "568"; #string port = 8787; #int - cfg = config.mySystem.services.sonarr; + cfg = config.mySystem.services.${app}; persistentFolder = "${config.mySystem.persistentFolder}/${app}"; in { @@ -42,13 +42,13 @@ in environment = { TZ = "${config.time.timeZone}"; READARR__INSTANCE_NAME = "Lidarr"; - READARR__APPLICATION_URL = "https://${app}.${config.networking.domain}"; + READARR__APPLICATION_URL = "https://${app}.${config.mySystem.domain}"; READARR__LOG_LEVEL = "info"; }; environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; volumes = [ "${persistentFolder}:/config:rw" - "${config.mySystem.nasFolder}natflix:/media:rw" + "${config.mySystem.nasFolder}/natflix:/media:rw" "/etc/localtime:/etc/localtime:ro" ]; labels = config.lib.mySystem.mkTraefikLabels { @@ -61,12 +61,13 @@ in { Readar = { icon = "${app}.png"; - href = "https://${app}.${config.networking.domain}"; + href = "https://${app}.${config.mySystem.domain}"; + ping = "https://${app}.${config.mySystem.domain}"; description = "Book management"; container = "${app}"; widget = { type = "${app}"; - url = "https://${app}.${config.networking.domain}"; + url = "https://${app}.${config.mySystem.domain}"; key = "{{HOMEPAGE_VAR_READARR__API_KEY}}"; }; }; @@ -76,8 +77,8 @@ in mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ name = app; - group = "arr"; - url = "https://${app}.${config.networking.domain}"; + group = "media"; + url = "https://${app}.${config.mySystem.domain}"; interval = "30s"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; }]; diff --git a/nixos/modules/nixos/containers/arr/readarr/secrets.sops.yaml b/nixos/modules/nixos/containers/arr/readarr/secrets.sops.yaml index 926ee15..d7565ae 100644 --- a/nixos/modules/nixos/containers/arr/readarr/secrets.sops.yaml +++ b/nixos/modules/nixos/containers/arr/readarr/secrets.sops.yaml @@ -1,6 +1,6 @@ services: readarr: - env: ENC[AES256_GCM,data:E+p2naBJFyYW3FsuwT9pi+w/o/s7Kf6LCN5v2fiz9cMxWHTR4X9WYrqPhYPrWFoVxc2xyYZgNQWH7+g1Oncy6tWcHVN2AWiVzNXAH+zKkiWjRGbhLkxiAJXct3BUXtB+x9YP+TVDAsXkE3SbIR1KwQ==,iv:/qsVs0cI7Z5oFzVBvlvmirMBF5jWqqqPOlHn4XGqz8Y=,tag:4Yixp4lN7dDdtvMOo/Os9g==,type:str] + env: ENC[AES256_GCM,data:YrtC84SDPVC/pWrKeg1kmA5T3QKOqxt+y9x0rnYC0pErta9v8xGU+pgC1jVZfqh4Dp81tRohhmQBMC9KZz4bmmn/5YsAHAB8Y4xJSwm/kZ3LNjVRuZ+PmvEh2ggfwvs2nFDRbMx/TLETbSZ9t6NGtg==,iv:ZwvHaREcEkFSXyL+VBDFFKgZZwg7+utMs8qZex7pzHU=,tag:+3GdLnxxo63XxvMQ3UwK+A==,type:str] sops: kms: [] gcp_kms: [] @@ -10,59 +10,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VklCdjREc3R4MFdDVTFp - ZllReFdrOXdWQXUrdVd6SGVuRDEzMkNIZlUwCnQ0MWFHbVlaV2xvNFRKajZJbzAr - ZEFLM2V5THcveXh6R1hmL1lDWi9wbEUKLS0tIDU4cmJMZTdIYmZmOHZ0eC9wUWc2 - emRVT0JXU25hUzdQY0Vna2xFQ0tpZ3cKr+pvCb1xnyBfE4FcCNwHvcVkNJTmmOsB - jaD7VxiZy/p4WRndex4VVHpJ+qFJs8bPyCCT8a618du4ZGv1Y/xX8w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTd1pGYXZCeG9RTm9pTmhC + dVc4MHYvZE9leHF3L1JwS3ZwVXRaY1VZOEE4CmVVeW04TWRNVXFFbmNFMkZvMEEv + ZUdLUmZjSXppeG9zT2xjWGlMVTVISlkKLS0tIDh3YXk2MzQyMnozbkdXQmx0NmpZ + ZTlicGQ3WlhkTk81dHlhUUhNNGl2bEUKziPthUL3m69WSsKwAblDeQff3kyoUOp6 + 3e8h1C/+rAx7LZIlQaMvBKFy2IiAb2bb47tb7L3k3BLx38FP2g7a2g== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneS8zSXJRTHdmY3ZzcXZT - OTlCQXRvN2FONWphcGYzWlhlbzg2YkJ4R1g0ClkwSGJ6QU1JbEtZUC9xQzdBMGEy - VmNZT3NJRERpV1I1Ym5DL2NYQXhKVjAKLS0tIGVGZEYzQmg3YVdRL0x5TDBsbEYr - ekpvaytPeFBoSEJJL0pMN1pybFFDVlUKb5pQPix1Q0c/7VTPFeinRy+l8WqJpyzb - ueep961qEfS4jtesoNvHGdS3Vf+yq6ucfcryJ14vvRFks+OlrVhUNg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZUoyeTFycXZuZTJnblJY + cDNxUk5YWWVMRHlHUXZPYmdVUmNvS0tadlN3CmlFbjNuU2t3OENySmNqenlLSnlD + ZnRNZnJnN052eHJUNzYwbG5SWTZTWU0KLS0tIFd2bk54RWV4TzVheXRyekpreElR + YmVoVVM1T1Zwb0hOVzVpemwvOTY2WE0KjfJ8ertgqaFEEN6lgWNOVTv2UdL2/+uD + 5W68LANkIHbVNuY6IFE6HEeBUww7BfshW/D3NjJ9/GHMdVyO0MFs3A== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXSmxEQXpYaXA3aHJ6ZDBx - YXpBOXBBMlFDQzU2c3FCQmNIQStRMHdiY1dnCkNTSDVwTm9QRkhmWDZ0clBuNjdq - b0tJYXU1ZEZyaUlqOVNiRTVJQjdVeGsKLS0tICtjdFVVakp4NTU2ZEpGWlF6Rll1 - QzV3OTQveU9XenhDZ2FWSUdrZlRpeDgK/u5xjNdLQNjZnOEd4o60loTIuEr71vak - MxXpg/2G115YSY1p6o4N8uy0GN3Shh2quTLYjkUm1PPAzvbE8arkpA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dTFNSUVQRmpaL1FrSFkr + cXQzRFAvcUNsSUIyT2piZHJyR25hMTYwQ3hnCjdFbjFvNlBFSkVzMXdJd2U5ZE1s + U2srMktJSnVVQjVDZnpFYUtKL2QwR3MKLS0tIEd5eUlJbnB6NmJvcXh2ODY5cGhk + VlBldU5pRXdiK0NwYWtPOThOYllyQmsK/onUlwfcxSA1uj7UeO0Al5SDrOnlnY+q + A/8BRBjvc4NZbmQRqQFL1jAbnjWGKkr8nga68+Po41o5HGK7bQLjLA== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WWM0ZDhKeC9CKy9tNzA0 - UmdhSHBJcVhudDBpZncwMzB6WWt5TyttMkR3CmQ2Mm1tOWFoZkNXc0hMYmJRMW93 - UzB5ZXZCb2pzM2NQVW4xQ2xoOVdDTVUKLS0tIHpIajZsb1kzVmRVN3JjN1p0YTVS - K3AzSWx6QUI5Rk9uQTBmZEI2NEhHdDQKAlE/XMS0NKCZXORSWcPcknoFGWjq7pBf - BjEbBX5Q8hOW0thpw1gythyxav213cHj7xzuwCer+k04/OcKzF/F2w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2d3V1RUVjNTRzUm1scTAx + aE81TUtFZkJxK1kvelY5UzFDdm4yY3RDNVRJCmNnZmpyWkNMZXNUNlZNenFtVzAz + b0tSVnBmMEhzQ1ZCeVFlZE45aFpsVHcKLS0tIDBLYXBrblpwUDZHdXBkU05WeUM0 + S0R5dWM1Z21vVDdYZTVPdzZybGdKNDQKKMGfvicyhJLtRljF8+2aN7B05lOQdVue + 9fbkdQqmyjlDBzgcpXlWYEiFXAGQw47QursiRgi5IWNrPIYUsNUGVg== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOam5UZ2VweGw5OG92L2hK - dlk0b09TcnZvK0RHUmd5Zkd1TVVYLzM2Tm1VCldWNEVMWnJnM0xNZG0yOU5oTTcz - MGRmQW1DdUZmWStUNHFhdk1DNzMyVjQKLS0tIFJ6czFVN2VjNHZxVmI5eStOUmcr - WjVIU3JLdWg1clZXbng5TndXd0lwQ0kKil4CF12Gnb5BQFxcH+QWPfHwabHDSdaI - bC2LpzoLZRlkZZwmmL2tLosaSBHqFzPMA3BR1dotRnQtMF0El0MnaA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnazdub1l5SHZrakNJem1Y + R2Y4dUdLYUNYekZUaTF6UGp0NThSRStRdEM0CmtZajZkaURXSXdwQ0xyYVBxMGox + Wm8reDU0SklpQVlwN0FVUWphUU41Rm8KLS0tIEFvem1QckhSLzdZUzFYU1lkeU52 + bHEvamFnRm1hQzhWVzc2NlpMdDZjamsKHw2l5wMqtMHgOlDa40+3RWMrFrC1I23i + rXFmm5x6BR1xfHFfor5rJK2CrIEhgWoRLSqcj4CN2lv1CQ9Q3CZchw== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOTF1TEEwTDFZYTRIUDJ2 - cHpieUN3eXN5b0ovVnJOUThUWEwxMnNBelM4CkExei9GaEgxNUd6V1lDdTRRbzRC - M21MQ2p2MnBBSXRPU25WSGJESWgrU1kKLS0tIFg2YnQwS3YvRnh1SkNJQ3NUd0NW - VDA1TjVZWVhHakJCdHM0dXRVTUdKaEUKMYzg0tMqXOds30d+GF1JCb1J26DOghYb - P58AMxqVAG2IAtVFFrye2RRUlAfa5t7vzilpWUWZqRPYXvaDVoOE3w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMWZDOTdvY3ZtVWIxYXEw + YlFwcjA2ay9ySDRuRmFuOURUQ2lOUlA5SGhRClZhY3FCZENHWkFNeDBIeEw1M21N + QS9OcmhSVzhTZmdvZG83aWZqRkZUQXMKLS0tIE04elFzaWlTYlBBNDJIcXg4b2hy + UENsWnZLZXZwUlZkOElHazM0aHJvNHMKtc3HGsZ6jmAZEapTWNGCfUmSpjpH7bIl + dClmX+63ZVOL++SrUMRh9gZJF4utXzFbwgJsh8WrVpbg1SNplA+tKA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:GeVWlsIrfEoJtANhgAvhLGsbpYCQSrE3/2V30/wTUjoywdO23Su+0vcmQEBbppH/ArGCVA4WwnExNd/jfORXffGDdJL9336pHVvlJ+n4QTYNx97lbwu2IAgixM//qof45Ob3OOvThfffAyeENcAANrBNb5eIPFYV1uurbhAEixA=,iv:NWzQaAO5/aCcMNwiQxpB0/2Hw74aqSzZrO/6JyRvWKY=,tag:I5nLIZI8se0hCjaQzB47sg==,type:str] + lastmodified: "2024-04-11T11:56:37Z" + mac: ENC[AES256_GCM,data:etgC8IZtH6YGGhbDoGK3tKjbrtIyu9mYwXRMDygCVK0uJfrktW8I7OJwKa2PAHLDzG6ffIQRJdgDNFIgVobK5hFx2MgY1mR4dwopmClovBD6H2OvXT8IdzVjAUW5xJY7rk9L9tmeackKp+sWnAxlfVtZ8rWl+i5vBYxm08UrHv4=,iv:ITUc8sDSyP/uYUSyC+B4pEjlxJ7gheTk2Wk7ibmuIyw=,tag:khG/fPxlCl/ru68iBAZntA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/containers/arr/sonarr/default.nix b/nixos/modules/nixos/containers/arr/sonarr/default.nix index ed0bbd5..af86a27 100644 --- a/nixos/modules/nixos/containers/arr/sonarr/default.nix +++ b/nixos/modules/nixos/containers/arr/sonarr/default.nix @@ -43,15 +43,15 @@ in environment = { TZ = "${config.time.timeZone}"; PUSHOVER_DEBUG = "false"; - PUSHOVER_APP_URL = "${app}.${config.networking.domain}"; + PUSHOVER_APP_URL = "${app}.${config.mySystem.domain}"; SONARR__INSTANCE_NAME = "Radarr"; - SONARR__APPLICATION_URL = "https://${app}.${config.networking.domain}"; + SONARR__APPLICATION_URL = "https://${app}.${config.mySystem.domain}"; SONARR__LOG_LEVEL = "info"; }; environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; volumes = [ "${persistentFolder}:${containerPersistentFolder}:rw" - "${config.mySystem.nasFolder}natflix:/media:rw" + "${config.mySystem.nasFolder}/natflix:/media:rw" "/etc/localtime:/etc/localtime:ro" ]; labels = config.lib.mySystem.mkTraefikLabels { @@ -64,12 +64,13 @@ in { Sonarr = { icon = "${app}.png"; - href = "https://${app}.${config.networking.domain}"; + href = "https://${app}.${config.mySystem.domain}"; + ping = "https://${app}.${config.mySystem.domain}"; description = "TV show management"; container = "${app}"; widget = { type = "${app}"; - url = "https://${app}.${config.networking.domain}"; + url = "https://${app}.${config.mySystem.domain}"; key = "{{HOMEPAGE_VAR_SONARR__API_KEY}}"; }; }; @@ -79,8 +80,8 @@ in mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ name = app; - group = "arr"; - url = "https://${app}.${config.networking.domain}"; + group = "media"; + url = "https://${app}.${config.mySystem.domain}"; interval = "30s"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; }]; diff --git a/nixos/modules/nixos/containers/arr/sonarr/secrets.sops.yaml b/nixos/modules/nixos/containers/arr/sonarr/secrets.sops.yaml index c5eeede..94c9790 100644 --- a/nixos/modules/nixos/containers/arr/sonarr/secrets.sops.yaml +++ b/nixos/modules/nixos/containers/arr/sonarr/secrets.sops.yaml @@ -1,6 +1,6 @@ services: sonarr: - env: ENC[AES256_GCM,data:kfTyr1nndHNK60uADWYhS5bMr8U2MolgdHGM72t4wWhjIRL3OHFF6zwFtAU7nbOHw3hroa9v9zjzFRSAoHNpzqOE9Gdj4zIKzU3FpxulRyhUzI983zZkN20aZCVJYTdPm0KwJP1+bLdaaJKMqhYePM17mSMCxAJPEY9vLeEI+C1OwIdr8V6XJ5RCD54PuzCsBNjX19vhFjADJLasDUAT3IZCt72zhPNp59rJPlKMLyKPwbPiILHJmP5ly3ZmldaZ3iz4I/+c4HCy36qBQ9xh,iv:4AauiPFfgtFMvf9g0mTMpSOD/78eN7qL0OL2fu4J8aM=,tag:nLw2hgQndHUKdZEzoaNkGg==,type:str] + env: ENC[AES256_GCM,data:oMGIe0t1e23S1W/7XbarR/fb53VB9AnUFHOl/RVy6tQxLanVgnvupexvWzwgCAHV5RTvbqm4leOw/ho/PUoCsh9HKgTNgzZnsDctoaXxnZ/r+z2uzl4VNWhpPW6WIBMHA2tkK+93972hNWrxhttmNAC/iIn7dymByWrqCIFt6BE4uQwDmetb4pgwlbPDkF/qfrZlcrAESQhJht73jk1TuRCP1oTnZFCY8O1mqiwVbdt43d/wXG+lQ0TmrPQ5LafNbnx2meL6BZbwZzMDPYEP,iv:e8+AfvHozU8V0yu0nD9foriv3ButNPuKUWJ6m2L322o=,tag:ElYdWzj5VLgWZyeLpjXGLg==,type:str] sops: kms: [] gcp_kms: [] @@ -10,59 +10,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Y2g3K2t6b3BQUzh0NUFP - eUg5aENGcnRsZlJBd0s3NDlzdlV2WEZ4NndNCnBKeldSVTdVYUNYd0EySkVYb1I0 - S2JFUTBZcUdHQXZWYk5TYWhxUGhnOVEKLS0tIGFQcDlCN1VqMk1tbHdNdk1yR3ha - REd0R2RLSld6dVZCVGsrTWNLRE1XTGcKYlqyo1Hu6Bs22mAVQCNZoKLOZGX9tl3b - VjpYta/cVokokWIP7xA9fL1zBEbOiFMBz+wNE+x1OT10VH0GllKrGw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWTFZWFNZTWRxMm5qRmRk + MXNmSEJnZEZSWHpBTjk5ZU1Ld3pQUGNFVGhBCk9PMWdlbm1adGE5UXo0NERqT2c3 + V0ZpN2FIYzBkSEVXQ2lyUitoUkphczAKLS0tIDBsTXFBMDY5YldLLy9iaTFvbVFD + MU02RVF2dXRFcElhM3JVeFJKK2tTTWcKb2WurFhZ0ANk+iyyMVjk26Ldo25cO2cH + DMfkmK5NEy7iKrZZdNYQR8gBkO1GgQfI1Wm4JPaLc0vIBT9CXVDlLg== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWmM4aGJzNDdVRjJlZGYv - S2dSMGFnMzFrbTU1NnhySDMrU2hhWk0wMjJzCmJVZVJIYVhVUy84eXg1Znp6U1Zk - V2ljd3VVc29hTmhHczM5MkFhS2pMTXcKLS0tIFNqanBSQksrenJTNHlKRGhyeWtE - aXRQRlNuYjNKSGVwRzJ5cGdRV2wvSjgKtg3q7su7I0E2bBIhr3tRrsnPTm1yYRHX - 5lRDuoz9kvcgBxzCtyWZSFwXfHQfdoFcz2D+u4SjyNH3ELpwo/Gkmg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRitPYkxWOHJ1WkFRbndv + NklNS0JZaXJEQ2ZkOG9SUzlySFR3ZFVvWUZVCnFXY1czNURBY3hINllEWVJpNXA2 + RHp0VlYzN2ZlMkNnMmhPOXlPNCtpQ1kKLS0tIGg5cU5Nc2k2bEtOSmx1NmhJWVVD + dmtjSWxjN0xRYWtNbzhUQ0FNaFVpTFEKM9wSMsEYgJErzO79L6YOXfZpGnd57Xcy + jxrwzFhZ9AVVtPjGmyozYWY3uGlMzJtxDCNNRV7BbK4m+AsjtYJ9fQ== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXemxCWmVUcFRTbnloS1RN - RUJGaExmSHVWVjl5K2VPTUVHdzZvNUVwd1hBCmpyb3E5QnhsaHlyZGRFVVluUVhG - WE5UdGoxRzVkTFRXZ2hzNThDNUtZY3cKLS0tIEtkL3l0WW9abG5rMjJUbjlRSVpa - ZUtwZ2dML2ZocWJvMERUbWJhVk1kK1EKzu8syOj2Wrage1MDSv3bXDaYMqZkCP2G - cRW02byav6dHdsrGHRiLpLEbRUP3QXf/P1QuZGQvnF6p4mgZ/FHfGg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaldmZW0zQkZkNG1sTzFp + UTRUMEtwRCsxdGZFbmdiUWdVVjNsd2F0WUJJCjFRNnBVcU1GWTQ2NGFheHkvZytC + TkgwVm4rWlN1NklIeS9YTGh1dXNQVnMKLS0tIGZ2UlNXWUM5cnVLaWxDNXdzSE1P + TTVEanZuVyt6SkE2RWRQOEprbi9mVk0Kjrh4oB+EfFVDx4CW3h3be61X+RNDrZ8O + IDNFRznHaYUM757C16GMLx3We/pAinPvDlZd1eDBj8kpHGGMjIU+Ew== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VWd5dnUzbmdueEUzdzAz - R1lsTmNMd3BSSCt1MDZpYldvNVI1OWhqZ1ZvCkhWY1FJSzNlMFoxVnFLVTE5blVM - UXNtWU5LN3FiOUI2aDJuMS9VQ0NSZFkKLS0tIDZmZzkyTjJqdWRjcUlXQXRBY1N2 - b1dBUlcydVA5Y0tNaU0rcGFTMW1Hb0kKwNHD4G+k7o84TjvjTDCoSS5N8D5AU2Kg - TUeYt03ZRILHd7f+9Q3ko0RC+oUnYBHVPYl1YQOlJhvLib3lxTL4xQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQ29URGpEUHRJb1NzbitL + MGFFUFJLQjhxQWtoMXRIRnlkZUpmRkhERnhrCjFqNnRwc3VoZEIxZlh0UG1UaDI2 + M0pFSzdLcmI1MU5NcVpRdEx0c01kaTAKLS0tIGZSRXdDZUtNRXhjbHJtSTNJRkxh + SGJOR0E5N3NkZFhuMkd5L05veUx5Ym8KEVUDZCs151SwCfDC7b9vb/xK++/TftWK + 9FdCeNNEMEpTOuX8Z2Osmh003aoMpCk61VOYPBVUMrf43oSQFSb+mA== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNXRzT2ZHd2tYTmZWVWJ6 - KzMvQU0veXpnTEgxMGV6Nm1EUDg5V0VsaWh3CmJNTE9uZDZISnlqdm4waHRGVGcx - TTA4Y1VjL29wQzFpWjdBS3pYRmdWNXMKLS0tIEVwMFJGdVhBZFZEM0xTVWVZTjZW - K0xQSWdlbmwveGlMbW1NN2tVelkvMjQKndZZ4Bw6c93Lp/IjL6mpdQ0vQFamNeZN - 6Xpte6FefJefauux7rtPBod7mA477zmLxGcXwlQDYLxTFilzxNLzhw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YW83VGI5WXNhOGg4S0hF + eGk4c0o1R1ZEc2dwcjJqNFdQVEFQN2JGNmxjCmJQUkRFcmY0cWVLV3R5NzBKaGlJ + b2Z5QW5RSXlpR0g1M2gzYk80THQwSm8KLS0tIEtHc0VFTWVKSlVWV2xTLytVNWlo + blBoaFdETkw5T2R0S1RQN2RFZmgyK2MKz7PDVFyumWboD3OgPQgmPSR9dk4xQi3V + ivvJsiV6eb0rv2T9kp3Zs3Zfbj4G4o/GhBrTNka7SkqsNPV2h3c7Kw== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuMzczVnZMVHZDS2x4RUR3 - cG5CWHNLa2lFRFc3UVc3Q3dXcmc0UnJFb1M0CnpsOXcyMXBXQkwycHZ4dVZRa0Ns - Zzc5MXpwVmxWTkNzWGtBYUd1LzZGemsKLS0tIHZHYi9ucys5VHh1SzIrbVRKcU1v - R1BkQWZocitWNFFienNDeklVOW8zelUKi4JyarjoWZIOf5yFDG4LrKCs2BcnfhHD - iLo+h3PVWMaqEQUqkW5DwyOtxeAd/wkCoe0Q0cNyohxxSponsQ4k3Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMGxWR1Z3MmQrZWQ4aVlJ + QmVtZkwzbXRxckVDRnN4TGd6em51MXRzYmlRCkx6OVczMTBwZklXSkhxbFdHR1Bs + OVFlMTB3REY3N3pEU0FqTSt1TUp3U1kKLS0tIFFiK2dxSVd1OHVqcEdWMDNIUGZm + dDlCa1Z0Sm1Yeko0Qm00R012NzdobVEKOwMKLmb5khE1oh+Gr22UxeGrV7nDWSrC + 7WJy9NFYrfZpRveRAoIDJoZsQjsGE41J5e7oRguocmmz6K1oLazxwQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:1iCI435tp39RXAL+rHrOKYHZFLGXRWJ1RN9m0AhTuQV3HbqKTl4RS1qrs3tEBM9T660QfoxMLxcBDPpyJW6vqogKu1BfGKH2KtDBtCvVaPdnZewS6aJLfn4n9cMWBbhbHrdl+zP/X54eZtWhveuSs2y3dz/B3lT9Fz2Gb2dnXxU=,iv:X/fp7H5rh4UGbfYLBJB24/dSFQrvpApTt4DqGpJJxiQ=,tag:4i17h5kdVmLWLXhUGpL93g==,type:str] + lastmodified: "2024-04-11T11:56:37Z" + mac: ENC[AES256_GCM,data:qUGaCVWO8S6XHkm/bnwi7ICZsVdKyLHV2HF0BmuBci0qaINuP6316TB81Fsi362acXnd1kAQLWtpT6OVg4/sTQw7gXO6K6Hu4VhtpDf56MrTqvfkzbro3en24mrEtGqaPm4AE90TjbWQcgo1TVfPOuxmYBKvlEsBWB+GRwGWweI=,iv:Exqcdd0HhLG3Rb2+Wz5qhafPnJbjRPJBwTGd+iyGUag=,tag:aQzhUOz+XUIV5BYuxHViPw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/containers/default.nix b/nixos/modules/nixos/containers/default.nix index 97f13d7..a833281 100644 --- a/nixos/modules/nixos/containers/default.nix +++ b/nixos/modules/nixos/containers/default.nix @@ -5,5 +5,7 @@ ./gatus ./sabnzbd ./qbittorrent + ./plex + ./tautulli ]; } diff --git a/nixos/modules/nixos/containers/gatus/default.nix b/nixos/modules/nixos/containers/gatus/default.nix index b5b722e..e704146 100644 --- a/nixos/modules/nixos/containers/gatus/default.nix +++ b/nixos/modules/nixos/containers/gatus/default.nix @@ -17,7 +17,7 @@ let { name = "firewall"; group = "servers"; - url = "icmp://unifi.l.trux.dev"; + url = "icmp://unifi.${config.mySystem.internalDomain}"; interval = "30s"; alerts = [{ type = "pushover"; }]; conditions = [ "[CONNECTED] == true" ]; @@ -25,7 +25,7 @@ let { name = "pikvm"; group = "servers"; - url = "icmp://pikvm.l.trux.dev"; + url = "icmp://pikvm.${config.mySystem.internalDomain}"; interval = "30s"; alerts = [{ type = "pushover"; }]; conditions = [ "[CONNECTED] == true" ]; @@ -33,7 +33,7 @@ let { name = "octoprint"; group = "servers"; - url = "icmp://prusa.l.trux.dev"; + url = "icmp://prusa.${config.mySystem.internalDomain}"; interval = "30s"; alerts = [{ type = "pushover"; }]; conditions = [ "[CONNECTED] == true" ]; @@ -41,7 +41,7 @@ let { name = "icarus"; group = "k8s"; - url = "icmp://icarus.l.trux.dev"; + url = "icmp://icarus.${config.mySystem.internalDomain}"; interval = "30s"; alerts = [{ type = "pushover"; }]; conditions = [ "[CONNECTED] == true" ]; @@ -49,7 +49,7 @@ let { name = "xerxes"; group = "k8s"; - url = "icmp://xerxes.l.trux.dev"; + url = "icmp://xerxes.${config.mySystem.internalDomain}"; interval = "30s"; alerts = [{ type = "pushover"; }]; conditions = [ "[CONNECTED] == true" ]; @@ -57,7 +57,7 @@ let { name = "shodan"; group = "k8s"; - url = "icmp://shodan.l.trux.dev"; + url = "icmp://shodan.${config.mySystem.internalDomain}"; interval = "30s"; alerts = [{ type = "pushover"; }]; conditions = [ "[CONNECTED] == true" ]; @@ -66,7 +66,7 @@ let { name = "daedalus"; group = "servers"; - url = "icmp://daedalus.l.trux.dev"; + url = "icmp://daedalus.${config.mySystem.internalDomain}"; interval = "30s"; alerts = [{ type = "pushover"; }]; conditions = [ "[CONNECTED] == true" ]; @@ -74,7 +74,7 @@ let { name = "dns01 external dns"; group = "dns"; - url = "dns01.l.trux.dev"; + url = "dns01.${config.mySystem.internalDomain}"; dns = { query-name = "cloudflare.com"; query-type = "A"; @@ -86,7 +86,7 @@ let { name = "dns02 external dns"; group = "dns"; - url = "dns02.l.trux.dev"; + url = "dns02.${config.mySystem.internalDomain}"; dns = { query-name = "cloudflare.com"; query-type = "A"; @@ -98,9 +98,9 @@ let { name = "dns01 internal dns"; group = "dns"; - url = "dns01.l.trux.dev"; + url = "dns01.${config.mySystem.internalDomain}"; dns = { - query-name = "unifi.l.trux.dev"; + query-name = "unifi.${config.mySystem.internalDomain}"; query-type = "A"; }; interval = "30s"; @@ -110,9 +110,9 @@ let { name = "dns02 internal dns"; group = "dns"; - url = "dns02.l.trux.dev"; + url = "dns02.${config.mySystem.internalDomain}"; dns = { - query-name = "unifi.l.trux.dev"; + query-name = "unifi.${config.mySystem.internalDomain}"; query-type = "A"; }; interval = "30s"; @@ -122,7 +122,7 @@ let { name = "dns01 split DNS"; group = "dns"; - url = "dns01.l.trux.dev"; + url = "dns01.${config.mySystem.internalDomain}"; dns = { query-name = "${app}.trux.dev"; query-type = "A"; @@ -134,7 +134,7 @@ let { name = "dns02 split DNS"; group = "dns"; - url = "dns02.l.trux.dev"; + url = "dns02.${config.mySystem.internalDomain}"; dns = { query-name = "${app}.trux.dev"; query-type = "A"; @@ -216,12 +216,12 @@ in { "Gatus Internal" = { icon = "${app}.png"; - href = "https://${app}.${config.networking.domain}"; + href = "https://${app}.${config.mySystem.domain}"; description = "Internal Infrastructure Monitoring"; container = "${app}"; widget = { type = "${app}"; - url = "https://${app}.${config.networking.domain}"; + url = "https://${app}.${config.mySystem.domain}"; }; }; } diff --git a/nixos/modules/nixos/containers/gatus/secrets.sops.yaml b/nixos/modules/nixos/containers/gatus/secrets.sops.yaml index 86a7211..49f886d 100644 --- a/nixos/modules/nixos/containers/gatus/secrets.sops.yaml +++ b/nixos/modules/nixos/containers/gatus/secrets.sops.yaml @@ -1,6 +1,6 @@ services: gatus: - env: ENC[AES256_GCM,data:eMGiI7GIWa4nPbT/mb08KvaOC64krGnzHlR6zR5PVBocLsD2mlKGhPzRHXJYdfubuhs/aUn8ML1PyKc6CxZOk3N/Fg4m20cT8OuWJzid5Z0u7kDh4JFI3CO2lKwTTtyQu5by,iv:ffeXqvCH0jLe68q+zjAd4nuVglkSPeBDLVg67EYROwg=,tag:SFwvCcEbzxN+hpuKGTXNoQ==,type:str] + env: ENC[AES256_GCM,data:77RkFJ6MfTxdVu2QbKHLvIRHxB18oUKJ/Jq0bxHKCAZkbQ0DqJ+npjTchX9aAHp54oROApBQklk3Rf4E7Wjn04BirxI1yh42I9AgfoRphlLB6JFAhWPmsRZIMWUjjLdA81gH,iv:odRx/Ht6Nku7WSakECHEbjZbRtLiT1HtLCv8LkLbDWg=,tag:ZFL1u/Kg3+TdGOpby40Ndw==,type:str] sops: kms: [] gcp_kms: [] @@ -10,59 +10,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0V0xPSnVpcGNTNEkwcTFu - c0pTUGFlQ0s2cjYyT0IwdHpPOTREQ2paSlJJCllMRW9lVm83dVZkWDlTNXBlNmtV - TDQxcmI5YkNEeTlJOGt5d0o1NDVSdDAKLS0tIGFPeVllRU1RMkRiVGtaZWtGNFlG - SnFuaUxJWll4KzNaRlo0Q3EyMjRLWTQKzl7TRHQwyKi1YMjJZ/EUeioWP3UONAtJ - 1lkNGggPSQ/rlpoxg4lNvoiCnzQKhoEikJExCVWCLQFmsTNCCzEQug== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCL096VEdTdzE3ZnpTU1M2 + NngxUEY5d0FNd1cwR0VrN1E3eWJmOEVEOWtVCjNOQUErL2NvOERJR0x5NVFYcHJH + ekdVNVc5TnIrQ0E2OFI3K3VIdFo0RWMKLS0tIGtEcFBWQ29KbmkyRng0bXovUTB6 + NWJBdDJYU2JjU2Y2KzZPaERyZE1HdEUKHOJMtRFmWNTzwr/j7cxL6E8BnaZk75Dr + RYW+8oGT905PMP0jh6dFKuUIsxAuCGQXZUfnUXlbCBUJjYIjeCNGOQ== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNDlSbmY3RzMvS3FlclN4 - VlBGN2twazgxaGNrWUc3c0RwM215djhoVUZ3CkNRVkhwUWdObzBtaXJEbDZrdDV3 - YTRld1pOU3VZQm5GMTBKYStNYUhWNVEKLS0tIGNBbklXVUhmaHdVOUlMRU1kL2VE - YUVXRzgwL3NESE1RRCtpM3BFT2R3OUUKITmM4vr/kbbaZS1AayK3SL0lVpylQDwz - 5cU3F+Ykgo86A4RqouSm3grd2PoOnXCpzxRDGP+MLiQK6j+Z8+HXOg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ck00a0xwOER3SmZ6OTM5 + WGEwVjZ6ZUJhUit6SU1KTmtqak9uTHJDT2xRCjcrMHlvRkw3SGMyNE50WXRjcUtw + bldUSUdTZlhRUGVPQ1FaTWFva015RmcKLS0tIERrd0F5eVBMYllYS3BCZkt3bW1v + VFlYQVp5cURqWXV2ZmczWFF2UlpYKzQKWlw1CxLh2LwA9z92ZVbkZPhJuleUZHdN + hOfpFEfd/nP2Mh22NW41ZN1X5nT6hG+0N5LANmjzGoRUCS7pYaPTGw== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2WGZ6RzFxREtTb2VubVl4 - bVlyWW12RDE1dFRqcmFuSmdMemxQWTY5YkNrCmlQYm85YmJQalVVSDNXTGw1cjBZ - ZlVEemQ1TTR4dE94Z0NVTzd6YXB0bFUKLS0tIHBPd000M1ZTaW52RFArNHYvNzRm - eVZxRkNRcWIvbzFvWUVCcHVQZC9KWXMKQROjso1zSegkmz0G1KMDBSLDwMuYmwBG - rOBnQGjVeXzFi5pxDO+imE1BkbR2Z0xftWVPooB9/ZfAYbNd3ZZ96A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVR3U1OTJncTgvcVdrUSs1 + VDBBaHpUU283QVFRZVNhMHJEUDZYaUZTTlNzCnFyMHYvbGwzb2VmL2Y1dnREdEpl + Z0ZkbGwzTUpoWEVQaTlPMnNFN3ArNkUKLS0tIGxtSS81TVF1SVVHcCtVZHhES015 + YVBza2hzM1ZaVjFIbWhoOW9QRVZEamcKImmazw+OsTpec1pJMrmHlSS6R3MBFDPc + j6I/7AKS0mdspo9T/csjLVQWTXYgCe2x0gHhqY6I4997Dagqc8SaHw== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycFdxSEtERHEyQTcrRjha - c0hEMy91TW1ZUFJ2SHhJVTh1aS9Wd3FtWTE4Cm5kcVhwZno4MFB6eHJoNDV2YU9m - SWJaSTlMNkJVSnN0VTdOUk9NSGNtVmcKLS0tIEM3UVVIUEhXRTNBUkJEMzdaY0Uv - WFV3UkRRV3NnL1hGUzR5c1dXRVlneDgKfrRxl/eAx8gdBlujm/KwVGlElJWZOELe - nEsEu7g2ECOaIjiZo45sn8GcmQUwbetA8U2xoGsvO9kcnEs4cvbG2A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEMTUrQXJpWVQ0OGpkS21p + eWVURUJGbkE2SStmbE5oSE02Tll6YXl4ekFjClNjTGtMNWFkdzh2TXlndEl2ZjZG + K21KOFRCdUJHMml2TlVHUXU5cnVpUGsKLS0tIHE4NS9ob2JoREU5QU4xYkN0c3BY + YXBQeXNnWVEzaGF0WjNKaWhmK2dtTVkKoSxBOjZmZeucQrHob3wEr69L7535zN/N + rpZqBmmTnLPuD0+fuYhLVbsRVp3cEULepRfltpQuutEJbhDAhWpTKg== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxOVZCcVRwU2JhR3k2all5 - a3hoWlY2Q1NwdTVwQ2tHUWk3NUhuWEdlMFRFClVKTzNCSHpuM1VwQlJjU1ZFSUw4 - NzJMWVhRQTErQ0hzcEgrVlR5T0QyK3MKLS0tIDhSN2FQSzYyOG4reGFuOXFiK0R1 - Y0hpOE8wTlZlZnlBZDZBTnVtQWUwSVkKOmQTv5OdFAYXFmOzSWpcRtjDnQ/8XbfF - eEDsEOshSVtvW8SYUsxMwQxlQfwuJkASGQfqhY/HJ06+B1yNqReiaQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBazAyNmswaTdnclNpMDkz + c1BDTFQyTFNiYlpPVU1zR05DaEQ0U2tDVXpFCkttdFNSL292eDErbzJ3VFZEUHhm + THRJWWhadW95VTFxZmtsQVl1d1RiUzQKLS0tIHNrQW5WVWF0TlFvN3JJM01PT0dl + dUxBa3FuM3JFMlVMa3Nobkh0bjFBQjAK+WhiuurDU3OwT+kuWJ/+kZOdIYwjsjgn + DkcUNWEt6IP8CKWJws6RoqlkH1cO+6JsKd/LWMwI14UhzaQI7zms8A== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEVUh6ci9iYURmZzNDV01h - L205QnpKVW1jdm1rZm1OWjZIUTNSRkRvdmo0CkIyOXBrbkY4b00rT2xqM3I2RDc4 - a05JbERwTGYvV29yTC9ST3VYeTZiN3MKLS0tIHl5Rm9Kamd2Nk10SkNXZ0ZtbWRw - My96ajRqRmtIZ3A5d1ZOUFVVVEhuSHcKUpLC/u4V2+gsYkkOyWJIqZoAgSf9YDDG - PzBbnTNmyFzH51rY/NJqJtLvkC+iFFKpIyc/6ujW757DTDT34nGR8A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucWtiUkhlVTBDRHQrYWlV + elcxeFJ2Y2Vxd0tTUERCaVRvQUZCaTU1U0FjCngrZ2sza0NzNWFZNkk1Vnc5VTJY + WjF4MU1jcHorc09IdDFlU0FRT3hhUnMKLS0tIEUrYU9aTkcwTVhCbmQ1Unp4eEpU + R2RkZnZaNTBPTWJMdjlTSjhCK0tuMU0KsSsbacU86FneM4NHNYxd6YEBvOW2Pcmm + dzIaD9ZlQGQEEwqTFFHmXI1pMVibMNG8I2LlNml4xM8J8yH+e/7YzQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:/w3KbS5sK9RVZjNfxPFX2TWBLxvVCj16vXs8rI3n5tO1z9diGYJL3PYOex07fdXSuU/E8c8zpgr8MzeimiazaQry+XYxOQrfR6u0xVz7EFZsHFM2Y/trNs11rw5MPfYBgiKKvB4k1pW7wDKgPq6oC/NfNNylioDl5hf3dTtrg9M=,iv:59PgjcBY8yU5FaE+el1Mhvol4cL/DIzH8gbgFp5wpZA=,tag:UBXKM3+yeWBDvNzL5U0fYA==,type:str] + lastmodified: "2024-04-11T11:56:37Z" + mac: ENC[AES256_GCM,data:cELSGJgfHkR0RPVZAJxTd3jmaYNHb+HBNPccSZ+pD5dBsa7WBhlcdTVy+O/XkhQkiYvcVcpXZZgODcv9SwvJM24yA6s2+5nhcs6mJzVtYT15hSzH0YepAe2OHk8rR5S7ucUZZYIJzjFOTxWPvExx2ntsBVngZhHCrLm/EyjWbv0=,iv:yTDtfR1R9SVmCvwiLgdiMX4Eso6PIK1eiqlPtwW++lY=,tag:wxSrF/qz04Cdw9VATtnd3w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/containers/homepage/default.nix b/nixos/modules/nixos/containers/homepage/default.nix index 6171d40..74f432b 100644 --- a/nixos/modules/nixos/containers/homepage/default.nix +++ b/nixos/modules/nixos/containers/homepage/default.nix @@ -23,7 +23,7 @@ let showStats = true; disableCollape = true; cardBlur = "md"; - statusStyle = "none"; + statusStyle = "dot"; datetime = { text_size = "l"; @@ -100,11 +100,12 @@ let extraInfrastructure = [ { "UDMP" = { - href = "https://10.8.10.1"; + href = "https://unifi.${config.mySystem.internalDomain}"; + ping = "https://unifi.${config.mySystem.internalDomain}"; description = "Unifi Dream Machine Pro"; icon = "ubiquiti"; widget = { - url = "https://10.8.10.1:443"; + url = "https://unifi.${config.mySystem.internalDomain}"; username = "unifi_read_only"; password = "{{HOMEPAGE_VAR_UNIFI_PASSWORD}}"; type = "unifi"; @@ -142,7 +143,8 @@ let extraHome = [ { "Prusa Octoprint" = { - href = "http://prusa:5000"; # TODO fix with better hostname + href = "http://prusa.${config.mySystem.internalDomain}:5000"; + ping = "http://prusa.${config.mySystem.internalDomain}:5000"; description = "Prusa MK3s 3D printer"; icon = "octoprint"; widget = { @@ -288,7 +290,7 @@ in mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ name = app; group = "infrastructure"; - url = "https://${app}.${config.networking.domain}"; + url = "https://${app}.${config.mySystem.domain}"; interval = "30s"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; }]; diff --git a/nixos/modules/nixos/containers/homepage/secrets.sops.yaml b/nixos/modules/nixos/containers/homepage/secrets.sops.yaml index a371085..8ad649a 100644 --- a/nixos/modules/nixos/containers/homepage/secrets.sops.yaml +++ b/nixos/modules/nixos/containers/homepage/secrets.sops.yaml @@ -1,6 +1,6 @@ services: homepage: - env: ENC[AES256_GCM,data:g3DEqsekcQ2pH0sDo77bGSwBOr3zfvk8mgZgZdDi9G1xbTQPDXtAc6pjmEmjglkM131Rf87gTffHJKwD1poLF54LHYOJ+Qx7fhy+yjerV418QumccJaRkb9GqJWGoTLYZpdYTwHg4Wry0S2QiOxfQ//hDK1INIl/duJhdaeGNrpqMXviq+PqOM9fbWkI2iRzTvWjQioUINiF8I4YixuYXLTqAwEOdcCcr8tBZtToFaOzWzLtCICHKm3l9D7TefLCn9RBTTgaN8ahavMNPBKC7HRKXFi7b3NRyzJuH9zXtzMpNz9XNeG7jXfmhN+W2gNFTlTVbqYc2aIb+OI8hYTDk0EiA5vJ2rqYXl884CmcxpCE872Zo8xynelZO+Xjn0hq/2WHjclTuN1H9J7gIOfbrNQ9NiFc2q2d3UeyS0aX73tkp4Zx55J2XgTB1uS2pm3Rl4KfgYsCc1MyG0f4qVfpMOHCZsQoBdCFdp/yJzGsdYJt2K9R/acO+1JA4nSB2v/MvckluldzHOUVHXqs8WguCBXf3RERq04+Jt0kVxtk3QUOqBVhRUBDKiJ4Fyqye2bkG5ZmT2KNWKBKoLH1oJrBqNIqwqHytAqPgltsn5uq61iAZ/6kVRsmpHQz+itUBsnApiH4vfh1Q7Wv7S0KzhQ79Lnf3koyIqH4ZJu6YmfaGEbXpDzhx83A8T0L7ZCfsWWfwA41YBiPlf+c/TCNr5RaDcARZfGKi7hxqK0Cd0bHDKMWfPsiNfNt2MP9lBxFyItJ12yI/doI+lk/rwtVuwl72qW62CZCrUuIge/t9fuwYaUZtA==,iv:JBQxAqYRFKzAD7poNGjvqzEwfxIQcXGMzwLiP3eqcXg=,tag:ZSPjAkr4OnLuiyW4+QG2Vg==,type:str] + env: ENC[AES256_GCM,data:eC/ML1lypdxqPKmSpry9C46qD8h+LFhLXF47Z3qmeW6R/KOsyjVA7LwHFJ2JMZa2dq1G27FVGwDFSc0BBFjSEAq4QEHrHINf2kotSkS4bLHgnI+x7ZbO4EQezJqQQSstpaflJbX5SC/lTox7xhSjMYF9+9RUKu1FShv8buLNCc3TyQI7JCM21nXo3st4xOxTsPWDeFyOR7uvXi/kj04+2LQJveNGkN45+foc73VXD0jMA0mBJihwLRqL6PpAM64dQfwspDZ4dThNTGJzSQpnVfb1zDw/u8KWZeHZ8NMdT4SB0DjuOtaxQ6elIXzu96NOQYV/ncE9tZiAhjhpTleJsV/KWM9RhAKV7SEWT7x+vEmvmiZkwwz2wKWKgM1SKOplAupk3EsJ/NeDJAP+NltYWymN9qeOnFqcqXT2EWNkrCgHJwiVIuuMf1eh5l9xuxj5u0Es+a4plpbKiuNi8Ws/3IvL/ClJ1LU9ONZj4TSReOzuqJWvSKtAAx/kXeSP+H1bU4qyK+oOzJ6KUphZHctRX7H+c1jovkPKhRMit90/G31ydKo41MJwhV59lEr0pvz3BXrw8INJrBxgGRCylC55vgbJmgeZlIE4x+UpU+GNB0HnFC1PUxELOxBX7jTAN9mf48K58VLNH+kvvXuE4+tZt7sSJMw6HFlsQPxNoTFg3XxqVWB2FrFpf4mCd9K8cZUxEz0OtyLHDRuLgNtAv2cP4J8azvjhtH3rTKZOFrVtNB3K3mE2B6nyeeMCrpXoj+qpbApqfDInToz96CQSzx7GPkG7hrZkGr/nVd5U1LrLg3eulg==,iv:ntzX/uBd2wShWGAm+oOOYRZtZBazeVR6r8Jjp/ewLsU=,tag:Rsb3/GLTBnvv98bUicJRTw==,type:str] sops: kms: [] gcp_kms: [] @@ -10,59 +10,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuN0lFdkdyYmZibm9jT0dG - aVZGKzBpREVRYlZkbkRBNmlLdmhQRTE4Zms0CjZLYUo4K0hWcnlzTnNqUWZ4SVFn - S3VFQnBycGJzLzgva2hObCtINmRxRTQKLS0tIE1IR0orOS83Sk8wLzJDSi9aOVNo - ZGUzeHZVdFd4bHJjZXpYRUJZcWdXWWsKVgJAiuoSekJb9656urzv8fg5rCRorZ+4 - zD26aBUA9lB/BqZgO/sXaE8Vw90FsypgSO5+tPMyLiPMNZsRFYsg0A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4MXN2MXZZdWk0QzZvUUtR + bytQUmxVZXh3cHg2dUhaNFNMM2FxbjU5Z1JVCjhDVlZEWXZYV1R5UlBXL0ZrN2FF + dFkxZnE4QzBaWnZvYWp4bUxzdzJCMlUKLS0tIERCeis3eGVpSWZiMnNkUzFDMWlv + MEUvelQ0d1BETW94eTIwb3FYRU05SHcKIwkwqn+/TQYPD2E9Y8Y5CKYWWOOlOqNX + INWN0DgzQb3pVn/L3HD6R7rpCIujQhV/KE42p4theakT56cEFMpjaQ== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WnRWV0VMbGZLQ25pMEdv - QTB5aytUcGR6WEZKcitrU1F5MUlvQUJoZEdNClZsQXlQN296UGhreEF1aUlSQlRD - ZFdGb3NVZmNwWU5XR3hZTW5MVVNXSU0KLS0tIEV5Ry93S2tvUGlwYVZSVU84MnVU - NmtSUzV3Y2M5eHBiSXkrSTNOTGQyS1EK1oAfIrAx9s1TjkvqKvdWMwNXVDK2m0b0 - mGW/JDm8rGr8BaY5NpYJnKBn6OwwAlFsOt82gHmfKhVYjJFOWGuHpA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UWYwVWlGWUtENWhuQlpY + THhSbnJkaENaUnNVekE2UndKeUpsRElpNFdZCmoxODUxQ1FvVW9UcFFiN3M1TFh6 + UzRRbkdzQWs1SXVCUyt2ZTlPaDlwK0UKLS0tIEJSdk4rU1M0bmR4QTlEeFRwbUxT + dlpkaW13VkNCWVcvcGlVT0JSVm1jd2sKxDSwNVZkt+1VrEIEkSDFSL6XpkmRU0UZ + bsRYQjTxdqMxAVtyeKVIocMizGQIcsbjrwxL2RMnUev73wjNEKjAJA== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZEtJc2lCbWJpekN1dlBJ - YnhnOUt3TEUxRFdESEpTcmlFMDNsaGdOK1ZBCjdHQ1M2d3hZQjNkVG43SGdibXNm - S2RoT0N0M3l5SGo3UTVwN0p4dU1rbVUKLS0tIGtvdTgyZGhTTDl6Z0xuSXNIK2NT - RE1yRitIMSt3NFVua1hDcUZwek1STmsKgTMExZ/Dnlh/yPRAid/yMWR71Txjsyuj - 7tUY0roAhMKBPGECbJinpit3vlDouwfWAIhOdLpybSgkVaBi+MO96A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSVowcEdHQVV5U1h3Szky + Wk9zTSsyZU5lWUxXNXlGcGNBQUd6dTBXSkI4Cndsb05DUy9QYUl5K1VGT3NLOFVl + NzdCeG5wSjZ2SG0xSlVSZ29EQzlzT1kKLS0tIForSGZzWWdsYlJVSXhRUzMxS2dO + ZG5SbFo5VzdsZ3BHMlhpUWVYajNVUm8KIL/y0lbYiYruyLRmdgj7/4bP4NLdL/uU + /bR46RvXfAhgyncp+4hXrhh1CdPUwkg4Bh6WfwYaO+0kp/4FU47u+A== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdmZxY0NmaHZFYmViWlNR - WXUxZjU2WjRPdStNVXBPSm5XZ29RWmhJeGo4CmYzKytFN242RklHYTg0LzVldHVa - WGxWb0hRNzdvUTlEL2dyMkZpbWpqRUUKLS0tIEx6dlNpWVI3WkEvcmQxdWFNblI4 - NGZyK2tXZGRicng5MVVLYi83WmVmN28KJn80I7V4qiMrLMpZ8ZkUBKj6ng3vyzR1 - YWx0IRufErdXF2v594839zqjw563l09BhHTX3hA6wJmwktwxkLpbNQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdjJZMmhqTzNrZWk4SGJ5 + bkVaOHdCOXRwT2V3VEd4Q2VDRzlCMDFDelFZCk5LMWZoK0g5YUt1ck1jQlZONDRS + MDFpSzRQaDRmMDg5YWk4NnBtU2RXcDQKLS0tIHZ1aWxjcS9mejRaTnVKV3pDUmgx + RGJFZHhsME96WFFOWUx4QUtZeWpCSDAKX6odRaFPR8vHTSZ+YD5POCeFVMeWk+Q0 + f4zjiGN1HXOk4pwH286z66VAZ9Eem+c15mb60ZmKFRhxTeJc0Xvq6g== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScFUzdDlOVUI5UmQxdEw3 - V1ZIM3ZndjZkRGFsV05nWUZyaFRFNHIwZjBZCmNkcHljR1N0ek4wWUk2Njd3OHpx - L3BPSEpyb0NHWFdCemdOR1MxbXRwQ1EKLS0tIFNYSGwvL3h6M21Rb2hTNGJNdXJa - NEZNR21RWG8wajJBQTEySEpVdTdEbVEKgo8VaYuBs5Jg3Q5gnhCVTy3MM99bBC6A - VpomgvMz6ELblyYXz/mlcOfkTkHHlwjbw0ERHs5i09idDBM/HaqQWA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMy9OYWdsNjRXZ0YwdjJI + YmtJK0krNm1XamU3bGlyWDVPL3FscmNqREhJCmtQR255bkcxMEFheEZ5WXFvUjVJ + NWNQOVc3YnVZNVBSSkRZMGxCVjhsdFkKLS0tIGNyQS9BbnFJclFtYjlYZ1h1dFhi + bUEzWmRZUzZIYjJJQ09YVU4wVUgrV1UK+PmTnYJ67rUGld61S0/GMa3ZQYSAePul + +a/5BKlvLgPJVua6Fv5LIoA0zzmFLEpOOsnLarbmRfWm9XpQDD5wEg== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOcWN5M24ya2hTbS9rRUND - WXJWQUtPWlRVTFlNMTltQktMT1lwRXF5SUhzCnBNRXJSQnV4djdBTmlqeThQUVJn - TjE5aFFyQWhSclFwenV1NTY1bE5ZRHcKLS0tIGoxUW44d01NRytiRGowanFiMTR2 - dkVDRktHejJQK25HQW9vMStDODJENW8KUYt/n6qvgaLWgiUA6pZcO8QtiCiHdkwo - GIZXXpVgBazi3zOtZZ6Wl4NnrFH824VQZqTL8sJbtG4Oz3HZ688YHA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsaGdWWVgzQUwwbVlHZVgr + U2NDSk9SV2FRQS9GSUUxK010WTFaK3g1dmg0Ck5Ld0Y4ZEticFhoTDFNb0x1NDk1 + SWxXcFk0RDh3V0xQUS94ZjRoK2xESnMKLS0tIE15LzRjYXVjS01JTEEwcDNuS2lz + YWR3NnNjbjUrTTVCS0t3TzRydnlSNkkKKIi0I49zJ574JR7aVu4x7PZcaRvxnzvm + Z2IXLciMBKkiIQNf0eRocSjfSumToBAhXORJVklAxW9j67haSuKZMA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:2HwYgQj/gyEur81qo0w73B0cCvZB5hCEBkYDEAALn2BW53ZyGX2s0qj16S6WNh9UxKDgnsPeSxmq7Pf8CtkfwjRAXpNxEfYDY2htVj68DR/UGaWauxI20EfI8T8uwaNZ837oW6yJbtk8IKj2eQusx4PgvKwBZvKZUncAbAOWBXQ=,iv:RCmODe480/Yt8JZBLV0o9ZVh1omAOvbWRkpNjr50uTM=,tag:yXeZ4iBQm3euk2O6zX69VA==,type:str] + lastmodified: "2024-04-11T11:56:37Z" + mac: ENC[AES256_GCM,data:7IBluUr6uRBeQoaIG4LG3CFEUa42UEl2NMUS/V01W/fKlEBb97Jog2dpdivMQ0P4Az3MSzPqfq0Y7b4XBcU/LnSGNBNKFAXO75rBwvmuKF5qcw7X8MUl28qgTyS6DImDL33r+ydA731lTzQazntAzgqquFTtjNqixkF/2qDTgeY=,iv:ROdwE2T5M6zofyP/vxJRhvRj1X3BCKiG0Kjmfp1Jd1A=,tag:oOs4LF7RHxEb40w7KvFFcA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/containers/plex/default.nix b/nixos/modules/nixos/containers/plex/default.nix new file mode 100644 index 0000000..e8b1cd6 --- /dev/null +++ b/nixos/modules/nixos/containers/plex/default.nix @@ -0,0 +1,81 @@ +{ lib +, config +, pkgs +, ... +}: +with lib; +let + app = "plex"; + image = "ghcr.io/onedr0p/plex:1.40.1.8227-c0dd5a73e@sha256:c8d74539a40530fa9770c6d67f37aef8f3a7b3f30ee353c2cb5685b84ed5b04c"; + user = "568"; #string + group = "568"; #string + port = 32400; #int + cfg = config.mySystem.services.${app}; + persistentFolder = "${config.mySystem.persistentFolder}/${app}"; +in +{ + options.mySystem.services.${app} = + { + enable = mkEnableOption "${app}"; + addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; }; + openFirewall = mkEnableOption "Open firewall for ${app}" // { + default = true; + }; + }; + + config = mkIf cfg.enable { + # ensure folder exist and has correct owner/group + systemd.tmpfiles.rules = [ + "d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period + ]; + + virtualisation.oci-containers.containers.${app} = { + image = "${image}"; + user = "${user}:${group}"; + volumes = [ + "${persistentFolder}:/config:rw" + "${config.mySystem.nasFolder}/natflix:/media:rw" + "${config.mySystem.nasFolder}/backup/kubernetes/apps/plex:/config/backup:rw" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ (builtins.toString port) ]; # expose port + labels = config.lib.mySystem.mkTraefikLabels { + name = app; + inherit port; + }; + }; + networking.firewall = mkIf cfg.openFirewall { + + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + + + mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [ + { + Plex = { + icon = "${app}.png"; + href = "https://${app}.${config.mySystem.domain}"; + ping = "https://${app}.${config.mySystem.domain}"; + description = "Media streaming service"; + container = "${app}"; + widget = { + type = "${app}"; + url = "https://${app}.${config.mySystem.domain}"; + key = "{{HOMEPAGE_VAR_LIDARR__API_KEY}}"; + }; + }; + } + ]; + + mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ + + name = app; + group = "media"; + url = "https://${app}.${config.mySystem.domain}"; + interval = "30s"; + conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; + }]; + + }; +} diff --git a/nixos/modules/nixos/containers/qbittorrent/default.nix b/nixos/modules/nixos/containers/qbittorrent/default.nix index f0bb000..533013d 100644 --- a/nixos/modules/nixos/containers/qbittorrent/default.nix +++ b/nixos/modules/nixos/containers/qbittorrent/default.nix @@ -34,7 +34,7 @@ in }; volumes = [ "${persistentFolder}:/config:rw" - "${config.mySystem.nasFolder}natflix:/media:rw" + "${config.mySystem.nasFolder}/natflix:/media:rw" "/etc/localtime:/etc/localtime:ro" ]; labels = config.lib.mySystem.mkTraefikLabels { @@ -47,12 +47,13 @@ in { Qbittorrent = { icon = "${app}.png"; - href = "https://${app}.${config.networking.domain}"; + href = "https://${app}.${config.mySystem.domain}"; + ping = "https://${app}.${config.mySystem.domain}"; description = "Torrent Downloader"; container = "${app}"; widget = { type = "${app}"; - url = "https://${app}.${config.networking.domain}"; + url = "https://${app}.${config.mySystem.domain}"; }; }; } @@ -61,8 +62,8 @@ in mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ name = app; - group = "arr"; - url = "https://${app}.${config.networking.domain}"; + group = "media"; + url = "https://${app}.${config.mySystem.domain}"; interval = "30s"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; }]; diff --git a/nixos/modules/nixos/containers/sabnzbd/default.nix b/nixos/modules/nixos/containers/sabnzbd/default.nix index 66cc792..7c82876 100644 --- a/nixos/modules/nixos/containers/sabnzbd/default.nix +++ b/nixos/modules/nixos/containers/sabnzbd/default.nix @@ -34,7 +34,7 @@ in }; volumes = [ "${persistentFolder}:/config:rw" - "${config.mySystem.nasFolder}natflix:/media:rw" + "${config.mySystem.nasFolder}/natflix:/media:rw" "/etc/localtime:/etc/localtime:ro" ]; labels = config.lib.mySystem.mkTraefikLabels { @@ -47,12 +47,12 @@ in { Sabnzbd = { icon = "${app}.png"; - href = "https://${app}.${config.networking.domain}"; + href = "https://${app}.${config.mySystem.domain}"; description = "Usenet Downloader"; container = "${app}"; widget = { type = "${app}"; - url = "https://${app}.${config.networking.domain}"; + url = "https://${app}.${config.mySystem.domain}"; key = "{{HOMEPAGE_VAR_SABNZBD__API_KEY}}"; }; }; @@ -62,8 +62,9 @@ in mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ name = app; - group = "arr"; - url = "https://${app}.${config.networking.domain}"; + group = "media"; + url = "https://${app}.${config.mySystem.domain}"; + ping = "https://${app}.${config.mySystem.domain}"; interval = "30s"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; }]; diff --git a/nixos/modules/nixos/containers/tautulli/default.nix b/nixos/modules/nixos/containers/tautulli/default.nix new file mode 100644 index 0000000..fe0dc5d --- /dev/null +++ b/nixos/modules/nixos/containers/tautulli/default.nix @@ -0,0 +1,71 @@ +{ lib +, config +, pkgs +, ... +}: +with lib; +let + app = "tautulli"; + image = "ghcr.io/onedr0p/tautulli:2.13.4@sha256:809bccf944ee56c33af99993841e797e18dc85243639788de3c9d668c291b215"; + user = "568"; #string + group = "568"; #string + port = 8181; #int + cfg = config.mySystem.services.${app}; + persistentFolder = "${config.mySystem.persistentFolder}/${app}"; +in +{ + options.mySystem.services.${app} = + { + enable = mkEnableOption "${app}"; + addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; }; + }; + + config = mkIf cfg.enable { + # ensure folder exist and has correct owner/group + systemd.tmpfiles.rules = [ + "d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period + ]; + + virtualisation.oci-containers.containers.${app} = { + image = "${image}"; + user = "${user}:${group}"; + volumes = [ + "${persistentFolder}:/config:rw" + "${config.mySystem.nasFolder}/natflix:/media:rw" + "${config.mySystem.nasFolder}/backup/kubernetes/apps/tautulli:/config/backup:rw" + "/etc/localtime:/etc/localtime:ro" + ]; + labels = config.lib.mySystem.mkTraefikLabels { + name = app; + inherit port; + }; + }; + + mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [ + { + Tautulli = { + icon = "${app}.png"; + href = "https://${app}.${config.mySystem.domain}"; + ping = "https://${app}.${config.mySystem.domain}"; + description = "Plex Monitoring & Stats"; + container = "${app}"; + widget = { + type = "${app}"; + url = "https://${app}.${config.mySystem.domain}"; + key = "{{HOMEPAGE_VAR_LIDARR__API_KEY}}"; + }; + }; + } + ]; + + mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ + + name = app; + group = "media"; + url = "https://${app}.${config.mySystem.domain}"; + interval = "30s"; + conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; + }]; + + }; +} diff --git a/nixos/modules/nixos/default.nix b/nixos/modules/nixos/default.nix index 284cc84..2c509ac 100644 --- a/nixos/modules/nixos/default.nix +++ b/nixos/modules/nixos/default.nix @@ -4,16 +4,16 @@ ./system ./programs ./services - ./browser ./de ./editor ./hardware ./containers + ./lib.nix ]; options.mySystem.persistentFolder = lib.mkOption { type = lib.types.str; - description = "persistent folter for mutable files"; + description = "persistent folder for nixos mutable files"; default = "/persist/nixos"; }; @@ -22,6 +22,16 @@ description = "folder where nas mounts reside"; default = "/mnt/nas"; }; + options.mySystem.domain = lib.mkOption { + type = lib.types.str; + description = "domain for hosted services"; + default = ""; + }; + options.mySystem.internalDomain = lib.mkOption { + type = lib.types.str; + description = "domain for local devices"; + default = ""; + }; config = { systemd.tmpfiles.rules = [ diff --git a/nixos/modules/nixos/lib.nix b/nixos/modules/nixos/lib.nix new file mode 100644 index 0000000..e544225 --- /dev/null +++ b/nixos/modules/nixos/lib.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: +{ + + + lib.mySystem.mkTraefikLabels = options: ( + let + inherit (options) name; + subdomain = if builtins.hasAttr "subdomain" options then options.subdomain else options.name; + + # created if port is specified + service = if builtins.hasAttr "service" options then options.service else options.name; + middleware = if builtins.hasAttr "middleware" options then options.middleware else "local-ip-only@file"; + in + { + "traefik.enable" = "true"; + "traefik.http.routers.${name}.rule" = "Host(`${options.name}.${config.mySystem.domain}`)"; + "traefik.http.routers.${name}.entrypoints" = "websecure"; + "traefik.http.routers.${name}.middlewares" = "${middleware}"; + } // lib.attrsets.optionalAttrs (builtins.hasAttr "port" options) { + "traefik.http.routers.${name}.service" = service; + "traefik.http.services.${service}.loadbalancer.server.port" = "${builtins.toString options.port}"; + } // lib.attrsets.optionalAttrs (builtins.hasAttr "scheme" options) { + "traefik.http.routers.${name}.service" = service; + "traefik.http.services.${service}.loadbalancer.server.scheme" = "${options.scheme}"; + } // lib.attrsets.optionalAttrs (builtins.hasAttr "service" options) { + "traefik.http.routers.${name}.service" = service; + } + ); + +} diff --git a/nixos/modules/nixos/services/bind/secrets.sops.yaml b/nixos/modules/nixos/services/bind/secrets.sops.yaml index 6f4e2cf..b4e3d31 100644 --- a/nixos/modules/nixos/services/bind/secrets.sops.yaml +++ b/nixos/modules/nixos/services/bind/secrets.sops.yaml @@ -1,8 +1,8 @@ system: networking: bind: - trux.dev: ENC[AES256_GCM,data:ReWcaafRGpgrMBiWBl4ofSVFK6NU/P2n/FTN0f4ILe/dBFtZiMJxyLsmi4tb/JBD1ndil0C/eZvld13+xVk+FsTgh7C/4YnJm+9SpgQv8kxorVzGnKU3JGufku7LDyrnING/A+yjMo6vD0h6SQnSt6i2YB72rN09+o7aO7obHNLWJ+B2GSS/IiQb2voncDCjDuiu8ESZevTPVGHhmnP/VrWZOy/cwTOqgF/i65gcOdqbqfeF+iXQBKV1WJa2vEBcj1+yLrS5+YSSueReGec7tn4ulrTKiNPFczCOM32kFbwxEhI6TlxIh6MasjQtHAo/qMyEgk63oiZWKsaz21VfXyPNOnDJB1woE6T0IqRLMUUbuw7150TaRtBWnKazfCH3cdxwi0llh3zp9HBAKPrLOa0V7rOSOrE5f26x0ZA9AoVLQY82Ms1ibMHDNJ+cZa1TYmxcGLlag5g6gaLwkKGM0YJ+FgrI3zBLqcrOe8SysoNI2Ru2uAA5a9K8TWDasF0R+/Z6WWFeu1qFr8th/QvoHHehXKEiXGz+89X2hC4TBm61/IKIMcls9zIYKExeZ5ePPPU8w/oiG4SAxjnl+ppMs18a50/wXpBvi8GPeG6gdvrfUnhWv5j5au+43IHrQiBTb3jGGur5rLQ0cKNGzEBNvjPyhXRi6H2KuFwi+XVKNjnWYoTa4PFGZMK6OHqJa+yOhqF8h1r5ydlhGLumBGU+RzEG6wSU2L0ewOXH3XPb8T2bUejyg/kq9ruGe7/Unx4gfyuxgI03Jv7+repZk0gbN26ZiPh62FpDLKS8YFHFSIEFJJJwCUU0Lhb3xxQL8klrGbuxcZrFcK4sxFCF0UiexRO5betiN0RG4KS3jJ96iaSvrAc8T24pJb6cZtvTgGNcMyeQSaEiyp0l2wjEXzE3xNmTTZ1AcIcig+9dY8bKBLx2EDRS1YN/C/ucuXI+9/6V6O2cjmw1SvonQUr2D1UemndrJy242SUrguAch/Iay6nsWgurCrPe7IJgwaWh5SIGDmmA7sfYW4GjtIqwo9J1NoooD9ROwAZhv6aEm9Iy2350eSOUV1SE105wh73FTV8HKBW0QpEFL+ebw1OVbjFXQ5iTHh+s/XVihsbf5y22s+E6p6wzwmpzty9fToXcm2RbdCMaHnKdoEPvnfCY940s5th4cn4+d6lurlHuulmizLtZJnrfnb1LRBqyrK0dOdi+nP8fB4unOiBSUoOkdaoLKpL1yikUtPwsAFGgQKYP4KCvmkGhUfm18ZLI4HzvX1TKmAGfrnD10OGzlZnj3QtmPhfuhfqgYzYn17YlyFp7r1MwIch64lEf0Y5LiGzRdQ3swFwunS/A8C4iPCP6oxLWk3lKftBfQXvdYLghUS47dxXw5yTRNPSaZPqWhCEPHu9eTO7/ZAgEQ4e0HpnON5zGYqPiyPwsC5h7Q1rOqgAN45iY762q+bx8IAj43J96sHEfJxVUFvjGZvIRKZ0Lg+CtWKtjMSEtzCeR6R6Q79EazEyAagOpKShI3URLkgGlfixmVArekPq8SUzBgtSl93fuXNyuu4n65CCo39VHXEPlmE8rLK4R0SCTNgzCffZQqzoelta8CEcRCx53KvWDblfAgFciy5my7zr9Jg4mHX4cjB194VnXmEL7gUrCV+WXT/p7NYQqiLe+z3roesi4VdCkYASwkg2C7TIL5dbhSaiiKH3/43DChmEDhLib36BAxD+EmBc7p+yuy8NOlT4pjimziCbA31qdY7bTe+6V3eSqkVNKE4+6hBVJM1m8eBuxcw7Ed7tkUmDqInZF+bKg0ZsdZrKtxzSdoN5QidJ6oPokU+IcAqF8ey71qIODwbzEls33K5RH3f9K2YtQziWoc9ditSjBb5hv/x7a7fJ16ouhoJWCQ4FNIRF2RdeitolAHgtbyAcuocNCUhPQ+/5pdlozbPdmsvLCG7aJSrVByC90gaFYEvjBv6nK/tbgAKSYnuw0JvPvg87LZIQXjULSrOl537PP1ivyVjNMV9R91HKYuFGr+Rjf7mxjlCetYtTPDDdxtVx3ZPhVpyW07EVHflGl50WNqHa9YUMWHFjjAHQgFkvZnNA0Yf01fG3rp09IHK+U/oisHeSMt9+uuaQ+6+Jcn8PAjZZH31esc/5BbzH8QbOZ+6AMRuxyIAvJRQ87KMC2PxMUceUooDmq3zE0K+KDot0SYDgGi8z3d/4Te3pqHAzWpVU0ttLnwt6e+dhu4kM7uCdOqeiBqDNBxonmTrosx/izB88GhTkLGo8SX9LC/zVGLcTMMbWceJxjgTXu0J/VXVeAJrmfJWIu8f/u8VMQ3IBLR1hKDLy60tj2w4aIApCEY8PZJwBTiuf9eMtLLIFSmCIcERwH25sJ7Hc7KFnZP+NYah1k8XDU4hHCs0TjTc5kcneLwLxUD289meqZkBmN2KFF72mRqP5ZC8f6pPJDg6lctB9FNldpOKM5qWJXGLOu1D7/dhk6ilAyPpK+k9GySrd74khiN9m1kevTBKKsBrgdaxmwym86reK71m8C6txQ5PbaRFEn8t/8Liy3vF8ecKGir4qjwFcqATJUQjN9p87IPDnTdFOGBFXhan4mPg1JY+TSvFH0v0QSoIf3mxz2rSBlg6s538X6Oiqzyg7KrUng+7x93auAJG4xY9+ja5wK96Li4mLm0YL4MftDwpCBjOf5ML9ZuyA9CFBEz1An01dpHnqK0UCgZCArqxAb3hLVzCk7qwxZf5s8SZoMjJR2+wvdLi1K4sW2ayq/trcpwawWgoFevedk9sRpBv99xBwWnbWe+zT8hMYJR8O/b60I/tSOVSJ5S7ZbklA84zc/X9KJQ8s22Se12Bvr+h18rmAsxc9RSW+5/JCJohhO/IEB/zhqwQK9aKrHURKwZ4mKsguk4B74+xUAqkxh+Lbn625EZ7EI3MRUEtM/A5I1mYPDt5F+xfKUo/6NF69FCRwOlOlQ7nToobPlfNcm+ttnSzj9NAIG9LQWajiC5lWSB5aLHvfDGpsPrAxauQOPUG2avTA22UXANfA1KAkxvmsUtavOFVLyjHctxnsZI7nCZMIIy+efPXu1FKyijM2uKOkHdrEnS0mb7ZLGUKlwQHJvOsu+5zsRsXZ5FPcdm0zNP+f05DGtKw0saWrjyP8AiiiG89rv6LPGnhwRxGI3yZfJOVcXwhoPNSJ/BHgjk4OF4d8/T6y25+xETrTr819N+ocVrhrNFZbSW11BzCBCd3kwTx6SFNcwmlm3tGyfB255YX1tF6G9HuuVD4A=,iv:pjMSO0iSk9K4+Z1TpYfI6YudZETkL7b2KndChnE0ITU=,tag:kMf6a1UornfzCjzuPUTvvQ==,type:str] - natallan.com: ENC[AES256_GCM,data:yCeI4+Dk63MmpiwjtU/fl1Y6lIiTS5tzXqsXsJUlZ7Xg0fFhnt0YFslNNgtbeDP14ACdrF1lMXSDi8AkUuJ2w6x/LO6WEKo8cV0PFUvR6DHIjatS/6ttm9tJdRtX3b5sO5dyTrMeTv6qtOQY1Gk1l9jWRYvll+GXbAf+8pcufe+IHZ+/TA/+AYs2ryIszCKCm96wXq4Bs8p/ihFgS18YcpLcxly3FVqZIz8xB4Z9yYIcHinNMhGvOKXDnsSPkXUoB+s/Nm0jPxzN2i6beBsu/8sOg83LgEdM3c0UGVyRcctFhCZurPR6xs9A/WhmRCoj/A8V/3aVHR2Ky0HmyFKzue5Pe5khA2Sy8nv4QrR6YX3yqYempwGTxrZXu0/TymUQbmG1HXlVCk6cgYTFbK4NItHDsopML0QKBAwovtiAGnV5f7jA366XPo/3c7rQDo9qRuWZLMGAbXIHsgxFdnbMA/CXnf/8hEBuf8kdfUVX8U7EQgxoQGbOV0d99gCy0O6qZYwwk8rseGSLPk6nYN4ChiHvsoyrFjXUZJP8CR/wMSscKw4wqW0Y7ec56yiOJ/iPuVIZL+G6D56gZ9M+21dQp4QvfdPyEBElVSZNyBuo00ipJiTLs/G5Sh61oQCUZfWHf+1vnnkSAdoD2BpCqCoYm/ZkxYnOzU+7SCm2obHixcySCWz1B3EgwAargqaKECJNKpL+AR054jApYZVvIaJnERTPZvPqY8O7DkcLzJuvSCac2GwSqT7uG6722ZfO2geUD1REp1YWRtP5dHDIhG2Zg6rwQxCr6VdicHQlx90llaSWq9WtJU9xhw==,iv:OeFQXQdLbXynTqHxfV5OtWIzwckGDkEzL/IRZonpukM=,tag:ex0TYR1Q7LsCAIuHJJQlmA==,type:str] + trux.dev: ENC[AES256_GCM,data:Qr2DNPQrymbiTaZYPN+aFT+njbzEAO4X1qRiVEo5Lz03GsmQ2ct9bmF5VyNGrjKyBVkjEZVeX5istUYXOf7Opq5NA04N7z8uCZCBU2YuzUEVfkz6PXSU1F3NbdBlika+2iogLpDcJRttg3ciNhSrWDiWSlns/VZBKIxjrRX7yGLvCF71UdgaBdCYiTDQNU2kpHQaYLafftppAtLXzWA8HAp6lxsP8a4RISBvA78o1+fr1WzEffjFd8jbdfr61kWhOIygGhdWbVs0taQ5vLzjd4+eN9YFdjNRiHZdktyrJS1PpteJ8FwAZwulDHdKoMvLhm6PnuSw/iTk/CnEXPiaFOKf8g4NxLOcM6kJUgcfiwqorvY6YYQ1j2DfZ2eyiE1TdC/a27oj4ZqoQSKyn+nuILXRu0ptP7IfNEX1QlAeKl2Gi6qgiZLQ1F/67dzJvLAA0onncMkyGV+cHGSSqmb15aBESJ9T/gcTa8b+JjYj++bSL7b5KedHf5VwmoJ6Tug1qPXxubscGP1mD7i7uxZmgW7UYCStAtx+GyIK7dTlCuAjKoLkGxgiQD1elQjuqwJ0RM2YV9cdWwpeFb78sAOSyUfZKfQZDmnutSWzNInW42yLJoNO8URBWsWvc9lpwDLlAGfPo4BXUfzdG+qX5UCFmfPn6AvcYIcLOUz8vEw2YG3byJ1QUYXRIQ851D+aeBte84P41ZlXwC+ov/A9PXztJlz8phCFJQZpe/6LwUqchtwl6CJAvop6nHcgYnQfIrRJGEKkQDLYWLeDrQtovpDqNgZTNkmk0KXeuPGKjPCrXhvmqs4YYUIyQdvGqqli/OLhs7Zq7GOvSSGNWx/wCrptavgxiG/eGBlc1veDOACPdrV4q8LdTfavCTbzNO8lCq8kkzzL9zN7NJYu2vButkkOsmSQ8y0nubpnsxw26a7okeMx5wh1YTZ9dllKS89zVIuXbwuIxRu5z13RrDoOQWm6UGjgvuoTpIsptPfSSA/EGJvy7AQwsWQsmcgm46MLffoRfhD5p6LgwQVVetGGM4iCOmtUDsnFsBbY7KcyPUAw7KI4NacGlAlsJEkdpAlR8HvL229/J8xuOzDSH45nJ53nwH5Ki5WjurS3ovl+ByMg4v5EX4fEY7bWDsYAYzhhQfZrDWFYvJdNEO7j2Wtl7t8gIPiGPOhOnXExZoL6WAauFKer3N9nOE13xqkTJIL9KAJrf3oE39W4i9fWLa3vMknbyKLUu4ycW9r3ndKPk7KIb3kd2TBNqGXUyc6ZomE369lhGs8oajtv6M24V3d9ggE/eHWjUllq35go4YmJG29i7G3vQR5o9HEFxe+RnCqe7j26/lU48+2xDJZtve4uCvAbkU+awLoKz8/n4PQJ309aPPODOMZgA9HWe+I1V93UHZUZuKc0ySsgykru2+dvN8Z53nRwyZWrn5XxVVi5zf+5y1YK/r9SUq2cklny58jr/r34lACLkanXPR2+RMihumcQz00VrTdpadWAsdSk351O86aY9JxSQDqTgvLRZgz4urUCKo9IxhXs3XigIRQlRwPaxUtZuvuSagTqAFnw6qcU7Js2AL/obQ6R6ciU3W+IGid5DZi02GV4Gwxx0FJdXPmx7jOoGghwrZv00h0GCtT4BCqH7VWdEE9ZPShglOhUaPMcN9N7RdN1+iHq4/4KO0McuoTtVCYhHI4lKkq8NJZBP7y3ft8lcsI+PLKUXN7wdy3lcTCYvS8wOVM7WuBncpqdobD/A1TZZm7czEZqi/y7fDPqsQ1g316XNdVqKHzOdg3ejDFIjQST87ep4JnWwaIEFklassPPCy6BJ7sLLPUux7JuSIgaWyMPAbB7U7SY6N5uZl4A1+f14mMb9qheWBqwDcWQ83R6QMjpoum2es7XxXGB2/9oYopslyM9glWigPMJPLojWZydJpZbIiB7o4yQBp/OFozl+AJLij/IIrbtECug6bap27LjajVKRSjQVwvZeOg+omttYcwR6dlqW/sHMNR5pkDhJ5lXzWeyvO1C1WIg2qFLE2WwrgM0/V9JDZHo8Uk7q3NUmnVOYlUyTyrTR/OKFEas7GYBv+/f9l5h4UqQZWzU7S6cMAFbQXYxcX3YzdDIJ4edmuzDdWCuIAy+dQsu1h7cVCRYO3tNKSDyYJ2XymEtNUu8tewicf2t52AF4UCR/3dRr+rgEFbrTpxn1Sm0O8azMIkBiRZSF/hF8qzWZmCEqvMtxWjnZDSAeHVv58/83ZFRx9M42gLqzlc9WaAvKNtIWgTQDOz7lJ3ymWdHdYaFq8z3aOh2IgOBhwAFee9rP1IXu6ASsl9NjlK9TRy1FrTpMzZKRLtqQgXaQKFs20FeoGQR+as7ZBCfIyANF2a/amjQOlV7nAVMGtpPS91DG7NcejHuVklVwBwZ62FAH8Wlm7VuBSKPCJqlbqO3ixsuHtuhUE1IBJNIR5kQbxtkoDjfaIpWB4m2VBUIxmV6d+Bw7lWII0UZPIjoImZ8QnLe67NotgJfRXx/pFnm4zpcSBGMaHpP5HoXVDWbpTjkTZPP99e9v8uWr1qaJfJEBykwAOCRXGM6qh3rj/uqwwUKC8KH1cqOrG5tKudtdE3sWGpV/7YwJMnHEardDCKuKQtOqtWHerZ8b1euhRqQClOB/HVNerAMO1I6mym31btePgRDfcLGPBjL8hE5wC+iuZlYjl4RUHVvhvCVXUwF9aGEv0u7Ut9WfUj2f4YRinI43KawVeQTIPGUD7k6c9RLwVwz3YujY03ruzgDq1urDtTFI2N2PtFR6iiTzk3R9To6Wodjd8lbk8GWYipg1IKORHaQ3e0wgZPbgBI4tj2xwZN1WHIzvM/MLqu8XFW/fnhV3+TZ8JfjNOXFn29Nn79F8rHuil5DUfBQHJh6z/EWQ9+2Wu/B8OA45JqBO4HpLGKN3JmuCuQeqwJi5Rcd9OBJl2OK0Ccm38uGWyYWGsIIL5SefZaAioMoPZs1T/Z7PejwKDamve7sGTIOXvFMIx2S4glqZ3/da9/GeIqCQ5NRG18slP9jbx9RD2GEytsXDJhWo6bgCfKIhk5j0s3vKnQ1cbMpBbRib+RtPsQGfBDw1IasWg3oGZXPclH/zYd9HZsAZN+qY2ny7VZOCY3wswXvCZjda+pYF9I30LcVIfErM19REQn2L3iUqvPJN/Wj+KfosARZAl984FHlvui7IfJN9EuHEMA7c9s9EuyoNWXi7wOcFrt7CBnURk6nNZwq6RbKtSPVCkrRgY9W2sRPlhOXvRFcVM0vRnXAtkpYX0+sVfMQSrmTeS74ippLLwKItjZMgi/M3ZczQkewdMeFbGa0mUZQbjM/bAYQqQ==,iv:amqQUxzTVYI91hO/xbfuAmclf0KLXMwHa7fStRAA4WU=,tag:rMOqMsMfanq45O4Vm2+SSg==,type:str] + natallan.com: ENC[AES256_GCM,data:LFZgRF1LvGxERKW/oJh//K6KzgN7thRouJB2JDLyn46tR/1QVrhbOomVYynGMJayRC08wMY0nYABrkkVMkzXGWbcR1Qxwi8yWp8eDSGPUqnIvMy5y5N84HC6F6vuTbBkNlxOipAWgTLa4iG5UuIs9Rq4hk2oIDvNM4oeGScaLjbw6oOlMivRCqrzUsrqjnnR2AIkLsbb/NhwlKlfN+r+IzULi8dYtjvz38RJ+pQT7nFD4aq31hCKHEovH/FhP+JOC2Nw95gaa00ORodBqs+tdTgBH/7x6PomjiSfY9V/47XlccgBRR/ax6R8j2Nb0xydxTR2EVt19EUWpAsA18xjkWhefoD5qAPRI+MS2IQGSW8hO0wYVxQ2bCXohw2/AmqACNwar0Otbi7mlSQ+UmsWgh7CaWhWrRR09yljLs5nV/qKZl7v15cuzhyqYRgeQiwYNWYhK8L3HgBOy64sIFp3vcVLzkVnvL95213pg5Z+tXuwiyP3zPwUPHMOvsaajVJZtE4SEe70ivhpwgHJRaQ0KjtupCjZAYOpdOXyuyk3w2DF/kWpBGa04b5cUmIER4uFCbJwxhY5nqtMMdMZ0uzCzHxL0cK4JUWqfgXAJsPkn1qPI0bL1/k77MnSDr5wvaIqH2WtUc3tywBss5EdF7xb51FCRNfnDaGy1NI0465n02HkseyslWvXC9bOqO8VMfUOerxdqDtyPc8EAoJyCaZXHrYxq4DRXFi8pAek9VhBTI7xdWraIFbuWHXUswSeE01zeNVvkFKCP1NIclmNvtngJRwTUESPK27RLJisNM3oMGXOaHvOdz/V1Q==,iv:NoGshUs7G4p9wQ7O+PpxtinwPa0SrdALeK49SkwYLFY=,tag:S4L+h7wkP34DWxB3RpjqyQ==,type:str] sops: kms: [] gcp_kms: [] @@ -12,59 +12,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RjJQblo2d2NINTdabkhx - MUl5enArczB5V1JteENjNnJmb05uN3VDSkFzCm95THZkRmg2TkR1WklscW5UdEs4 - MXR2a0JxZWxjeENyeE0xZFBYL215VXcKLS0tIHNZOEVFbUFGOUZEL1MreUlNamZ4 - Q0p0MGZpdnVJc28zZUFOdTI0RjlkOEEK7YOXO0412wSTu+1oW3eDoA0p90bskEGv - VEhdI4NgUn4Ibg2xOFLP4dTtFRLVoghkehCb8YO0Hci82gdAa3yF/w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUlNkMnpmTjZsRnNBaitv + U253MTlac3BueGJ2RG5SdUNkaExOSWYzQWxFCldOemJQUjFJdE04TjVuNGRIV2RN + NTNocEZtd2tDZmFjVDEwR2liMi92TVEKLS0tIE1SUDd3andzeEFrOGxlZGdSTEIw + K1VyWHFSR1cvV25RTXIvR3BrNDZGczgKwaUCUNINj+o7d2DlIcq6V1Ls9ZJqxXQd + L9lSOMTZ7wG2liFnySqCSKSSgQELCzHVRo0njv8LU7JLt2VFAjU2Qw== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNV0JHei9pOFhvaFFuSGRC - ZWMyVFlRZ0I4NklJSGF0WDRUNG5RelhTNDN3CmdRRC9QSkRnMGMrL0FLNzNEbVlB - NGMwQndWNitWZStwWmpZSStYMzJEZXcKLS0tIFdHVDVaL3FyZk0vQUhNM2xRS3o3 - K2xiRVFOL2hQSlFCNHNBblphdG1VR1UKMhrKTi5bsNAC1/JTcz1BTndXV81ylHZk - AqxpgFh6M/fI52KCzXTACQPbNUW9oh2vKmdNHFJiThaZl3k8vgbbhQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzOW9wVW9RUzFTdDRZUXJx + Uk9Vcjd1UWN2amFOaXM4aHk2dkg5ZXpGNTBjCnA5allSZGZWRVZVNW5GQ09Iekpt + NDNoTUlZa0VLanBYTjlsREtZeGRmZzAKLS0tIGlNUW9OTHkxVkNrVXVmRkdBUWtz + KytWWnFzSVY3YU40bW90blZuWm1PTFEK4EDj8GtLCWcd5FIEx/fywU+XLVeU0X87 + UwJfkWaUYbLouqMTSKZZc1wf4KvL1GH1qyEANnjY6EDHf3kBGZMkTw== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcjdqWUs2L090TlB2NGxp - OWFwWGpMNTNvaEk4OHlOaXNzRjBEZW01SW1ZClg1d21IbkpTWXNHUjhGR3c5OXlp - cDY4d3p0MzJ3ZmZBSkxEa0VNbHpsOFEKLS0tIDI1QWZsTERodWZIVXV3eFhaeHRK - MURpU21sNm1CYk5xd1dDNzAya0xiVDAKD6q1WT7nqaEb3ZxtZHvHWu3KP3QKf57j - 35+K0BBQwvQajR8Pmq6z5uTP0SmuJhKrMG9/WbwCL0laRJHZ1SO8sw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVGxsMC95MW5tZjRzSEQy + VmpqT1dSUjdSL25vTmJOVnlTR1lLWUdBdVJrCjk2TVAyWmtHSjVDNEhsVG52RzNu + aTNJbjlIbVFucktyd3hVak5weWtORmcKLS0tIFdwSkVGamt6dTNlOGNoVDJ1dy8r + RExTQlByTm5NUFA2aW1tR2lSZ1Q5d1UK8e7BRwBzeOvOUXYFwkgBraP1+vrZ3HvL + gaMH+5AEH4GiEd34svgjLAtmbSzm2/VNhboxYmAWUk+Ff4jn7+tvmw== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVHdsSkRiVk1ISU9SVVlm - Y3NYTWN2V1ZIdUtwaTE1bllsY3M3RTZtQkJNCnU3Z2RINmZMdWNTVFpLNEpKNmhi - OUptWEx2NXl0ay9hYk1qWGRtU0MrdUkKLS0tIFVPRmprU1RwdjFjc09TeU9tam5K - WEtWdENWbkFyb1o5b2FUc0NocWNoWG8Kt3qnXdryCQMSHlzQGdb/yd1L0zP+e++Y - QdYLfvzFu5QXoFzwbEPMrWMfZvt5hJ5hxgWTO6OqDX9p6b3AyMmOxg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUHBUWnZIcHEyZXVUdGRJ + MC9UT3lEM2hlOXJna1MzRzRvMjVtUThQWjBjCnB6OVVqNDE0dFNMTFBWMGkwSEMx + YkRQL1VJYXZjQU00YTJ1eDdPUWREeFEKLS0tIFpYRWtOaTlTWFFOdUd3VXZGNGcr + TXZFN1BzMEhkMUlObXdYV3BxbzV5dUEKCVGvWx1ZiU8VEZoFvThef2mfa5QmgYp4 + rqgTrivwQv6uwp80i+mGzrVpdqhCYhwYgiQ29M8sGJqJSawbUTZ+5w== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWlZIa0J3bndUeldPTDVV - K2xVNFlHQ25xMnNHcGdEOXFlOU9qMS9sY3hzCnRONTBaRHlTNEJ5bTF6VTNVeXpR - TjhWMlk0UFN1d1dqT2hFVERwZ01Ca3MKLS0tIDUvcTh2aEpJV1RtYUM2Qmxzc2x1 - K21pUFgyb2ZHM1pmcVQ2Y2VXY3ZTR1kKGqi1hEmSR+wTaabmwZxvq2hFHlJwXo6K - BNSCTKdEMLuknH1+Hn1QkPd05eBRUj6TlNMP//23BHBN64K5BusdZA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZMDdGN3pRekxsbmdmOUNL + SHZJc0xvV2tvMi83dkdDT1Y0bDVIemt5QTFJCjZKbzAzRElMczBTNmkrU3lnU2lR + dm5pRDQvOExJTW5NRnZXNXVnSmx6UGcKLS0tIEdlU1hSQW9GaEZFeU1xUUFPcFZI + bFU2bmVvcDNSUUZqRjhXbVQwZDFzWGcKJBad1AlJUOPjvVVqFUuzee14Bkt+Ounu + LhhZ+UviDzZ2El1S4gwBY3Rut3aq/vR7n2EziXjNIz9OJtKW141LOw== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTkxrelNzYmpCclNHSld1 - YmlkMUpXUVpXYlc4dE1oR2NNUU1rSGJrdlNRCjVtZ3BTdStnYWEzMnA5RmxwVU9N - dUc4aGFWQnNXTXZYaW9UaUs3V0ZQQVUKLS0tIHRqekd1NU9lcVF2RHo4Njd5WjhJ - Y3VsOEYzL3dtZVRWREtySWU3OUVvcTAKiGVzvIu9hTFbw3KEWKzwp3hr8SJC5Ck6 - 1oiLHPK36xK0iTiCFxrHfypwjiuOPC5hYNWBqAXCQ9lJ3qruZLjoWg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMmVtZUhFUzlpVHNXYnFP + Z3RSa2JYRURQR0ZRZTJjMTg0eVlkNmZGVXpzCnR1TEduZFA2MzhGeStKMHo4SDNW + WFplb2MyQnBjSW1oNlBMQXZWZmZaWTgKLS0tIHA0NVdhbVdncTZZMGU0cjB6cmxr + Tk9pSnZsNEdmQ1UzSUQyeHEzZkZKMkEK2dAdumuwokijR1Oj6Bt1UXZlk4ZeRWq2 + beEr19lYPqQVdluR5X/5+JYb+aRQCKN+y3VYDo+7a4bn5967xVilAA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:TVSeK1Ci9IpnhQonAXqunPvNJ/zQT3E4JnPZAqjaXL7xu1Hv1YAGea9RH6xMWB9jhU2nm8GiBO768yPrx32TQ5iMk0hvE556FeY3od1M2HK8fxeqebySuzw9+EMHFHdNruIyh4XGZIU+P99EnfsMnH4AsZtlkvF2UrhHudpJYBQ=,iv:G960JXYcvKGQBZf6nWhtXCPfFyRRuHxiTTXdar3QevI=,tag:u2RgMusHWBHrTFZQ821img==,type:str] + lastmodified: "2024-04-12T10:42:56Z" + mac: ENC[AES256_GCM,data:QF+mFqddIId16iEkXb6euJW/BUTGkwV+cIuJNWt6/rivHJCGYtd+GX6RgSui/hYKooJP04vFzmcaeilwvbq1/sR+D1exQZZ1p4tG5LFRTrbermPHvcYy7Lel7On1c1OkjPTR8tJ6Vhs1en/FESUeL1JdgAX79IPuxa2WveIPE2s=,iv:pM0d7mPEY2kQ70qE+uiawCTwqFzkY1UhIjrkdKejYOw=,tag:eR5gNrTbZuYz4MHOgk9VJg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/services/cloudflare-dyndns/cloudflare-dyndns.sops.yaml b/nixos/modules/nixos/services/cloudflare-dyndns/cloudflare-dyndns.sops.yaml index 8607cd8..750621d 100644 --- a/nixos/modules/nixos/services/cloudflare-dyndns/cloudflare-dyndns.sops.yaml +++ b/nixos/modules/nixos/services/cloudflare-dyndns/cloudflare-dyndns.sops.yaml @@ -1,8 +1,8 @@ system: networking: - #ENC[AES256_GCM,data:xrdExx+mG8yvJowdOsxDm1aXWDak4Fc2n7n8W3aFm7OnlAGrDymmWh4EvCP9UImfT6dsgWjbb/TcFbGH8ATLpj/sjXfA91Y2iK+GDA==,iv:K7eNWL9MKzDu4lSZXrr6HDDco+BgUuLnwzXSjUPT+DA=,tag:y8nUEt+XaMfmA1JJqwDN6Q==,type:comment] + #ENC[AES256_GCM,data:rMKS8YbaNQi7RL9FcxPX9GrbYQ56yzosmLzzL3AZeZvEVQTInKbbWR6tcj3AW5bBntzNRomeKMH83cdqQ2xtkqLH1RsTUmV/mr+8Ng==,iv:+bFJXtcz7kpOeRVUvco8MuwH6y6bb0HqS+R1urbbqQ4=,tag:9yexHkeG5jGtL9Q4tEr4+g==,type:comment] cloudflare-dyndns: - apiTokenFile: ENC[AES256_GCM,data:Rp6OM+m1nN2JTDwmtHeVeyktWGCeDoklE4pMoYFZlf9nw7AEPdX7fLpZnnxcz7yFx1Yv6ycKo7s/1S2VpoSEevsxLcDQKx+9AEhvCH7SxZGJrhZX34qgeez2hZBN9EGRcj0yTzWxfPcnVztXym4AoNlW1A==,iv:frSkgoxKljh59CqzKIlU1tLcqOU5BSy6zHfyKA97I8A=,tag:JZVKFScpTXCAdGhSViB9EA==,type:str] + apiTokenFile: ENC[AES256_GCM,data:ImeFlc6BAwq+1X1K8PWegOIJDJzEW63VING8lH0aYgpRbInckoarJ6a2OfYD38Powynl8mLqkcDYrlvgTDF57sRzEMGBa8mybhYZKn4ORFZPkbTpon5GuAz55Vbt9nMgoLDwiwOaE+DN2bbLVND3absLfQ==,iv:rN81afwtVNZtFqwI7s1ZA+OGNp7236IvprPE6pBSVvY=,tag:ekjTmihMMhCuBYFXpgxkDg==,type:str] sops: kms: [] gcp_kms: [] @@ -12,59 +12,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5YkQrUjlQRVhPRGtSNUxD - VHl0SUJEcUs0akplZzNRRkFsYkVOdFlacW13CkVvVEM2Q1J1ZXVxeXJVSnRWNDgr - UlUxejdXN1JLSTRWSjJ2UGEzRFI3cHMKLS0tIDF5RGhkK3BWR3JaUTIraUw3c2ZV - d04xbzFPVnFob2JQbVhoRkYzd21zQ3MKZldbeUx6NXLU8qxOml+WXqfcpJVY5JRY - IsSALDe5yK/CgrgmC2H69GTBshYCHBE2las+UVJjSvQfUv4WMHsBoA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva09IMGhuSXQ5dVVqZmtx + bm5UNjRVN0tKSytuc3dBdTdrUG9DZDBGVEJnCnNTclg1cUUxVFE5UCt4K1BobDZi + QllLTXFmY205cVlsMDI1cks4TEkxaTQKLS0tIGtjek5OZ21OREl5ZElmY3MzUEcr + YTNyZUtHTFhWYWRhcFNoN3ZCYjYwNHMK6wyDzfQAJe+722HF1f3DegqcdGsj2y1j + ZK3wfCxqo7X39goywNcbnVbugHUltMvd1KW7nEKMuCF/YV9EK521xA== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNY0hNWlVaRm9iOWFxRkht - SVBaZ0ROZTJFK2xhWHJuM2hNdFd0YmNRYmpRCk0rR1BkSFdrRFhSN01ZWDZDNkta - SCtzb0k2a3loZEU4MHRUZGVSVEVXdUUKLS0tIEFBeE5BaWt3ZkxYajh2VlR1R20w - WHdEV2RucDNnSlZ6K3A1Y0JVTEN4REUK8OGgcNn9J2BQAoVw9YVU/C0jt/7rUL+Z - QRGNHxQfn41+v0qm5fiX7Rfyjx9HUfcLf+unj0oCNMwKXvRayMZlbQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2LzVrU25Qcnppd1pzYU44 + Qm4yTlJkSEZhajJBTmFXdk53b0lPYUU2TmdJCmNTUDBQT0dIT0RnZ3UzQUFFbW82 + aTd4T0JKU0p3NFQ2NzJHR1VMbG5BWGsKLS0tIGZPa1hqUzFNaDZVWjhFRi8rZXRL + U2RtMjFSbGRIS1FaWFVOSHArWWFJYU0K34Ct6CN5d96bBB0XBYYoVwL+i8+/pAJl + qpSxekXpw8K1nuHLy5102Vws0AEEMCHNAkEHsjesMXjV3S/cjJWMig== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZml2STc4MWR6RUZxRHlj - UWRZMVRSQUlxa0VyUTlPT0w4aThrdUtyM0dVCnY2N0I2YTlncVpadUpKelgyVXZa - dHZNQkRZNDlnUmIzK0IxdGJDMUlWK1UKLS0tIFVrR1FsM0JaUE9RVHhsaGttTWxL - QlJ0VWxBT3p6UkVVWVpVekwwNUJMU2MKreBun8A7dy1VkUjdTQqTmKz3mb60AmUd - axdWZU9Qk78S0AeE3zrr80NQHw7i4oiSFs1Lyz2N2MtmdMMdGSVROA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRVJmcE5VYngvUGRBMSt3 + dHRod0FMWmVOTlN6eHlvUE50dHNiMzRuZ1V3CmpCamdobFhoNVc0amI5TUxHck9y + MHo3RkdPMnduK3QzZFlxYVV1VWZKQVUKLS0tIDFFR2U4cVdRN2RaeFFuUmtCSkFE + MnZVeElOTFJGc3kxS0NxZ2xvaXdOQjgKOPZe0NQpG02tsAFFpyfDQVsCw2lZeSOr + sOPOXV/zPxCGYqs4dxzx33RG/YaiAVtqA6wp00BE5y8jrxWU6HOv4A== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcEVHQUtRZmpwd21lOFdV - ME9IbVBOd0lPQnFvdTVhU05yaEVON2xlTjBvCnBiUUZTaVJSLy80SVJGQy9NVlVw - REJRWEhrZHR2Z2lJeEVxVlBWRUd3ZkkKLS0tIGhPZDdoSTJ0WCtCVC9IeXRwVFBp - WFZFbmtVMXo4WW5NQkE2U1RFLy9JMEUKzYezCTgRxYKwSn+3cNZ5KgiX55pvwZBf - vFcy2V/nYpyvULGZ5+mdPkPwJQqIE6olD6GtWoLtIc2y1GUk+T6M6A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRW9mcnJjVU01Ky9PUFdT + TmNHVS85ekhSTGE4aWlnK05oUWFIdTBnVGo0ClYrNzh5WEp0UTJmdFFkSzdhYTdj + d2hOVWNhQmJQNERSdEpBMDJNbEMwdDgKLS0tIEtrV2NFTTNDSS9rL1l5cWRvdlAv + RWg4VUoyLy9WTis0N2hKSXNVRW1wdDQKIpSGvd5Npk0RrfpgvkFI3VCaMmoMd/uX + J4ci1P2jMb8Q+oeNi5MulBOJMx6P83BLqzTZC2rbniZJH/ItUZL1ow== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWd25WNnByTSt0UnhnTStQ - TWZlS1V3elNjZGZtWXlvSGtIemFMTkpTemw0CkUyMzBkRkZ1SzViTTJFMHo3bGFp - ejR4dkFFZ0lnQ0NhRFRvNnBxYkh5R2MKLS0tIEpLZHZFZUxxWkN2alJGZGs2VS9L - cnBRTnYvYk5Kd3dMZXRrYXA3YzMrME0KtpMwDN2wTJumIyGcR/ww36VITWJ9DGvo - kf0QBL7cGbEQTlpcNAwD43Mb4Wakk5COK9qWbSsL1qy1UyaUWpqA/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMjExWXkxbjYybkE2NEs0 + c3hpV05oMU9PWEFMQW9OUXN5SzJYZTJZVVg4Cm9nWmlKVU15OFM2YjM3WVdrYm1w + NTA3QVZsMUFzR0psdWg2N2N0VjhlOUkKLS0tIExCbXZoSTJwMW0wSzZuYWQ5VDV6 + d2tnMXJPY2kxcFJKNDdWY1dVb3pYVVUKVCfLKncZvTagMZ5pLnzryIPxvILaXo9l + I004nyoMSOasctN6+TbVV+qshTa4pTZsn3czjOgTMb3fg1QCVLLb8Q== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORTFacjRLVitKRDAxQ0lp - cG9KNkhGOGo1UWtsU0lJa3BoNDBMQ3RncVNVCkVQbmJweElOQWl6UlQ2RlJpOGVY - anpISGlEZVZNZnZMczBKMmNoSnhOdG8KLS0tIHVvTWJ2LzFYQW5vUlliZGVTY2dN - UVZPL1p4ZkQ1Z1pnMEkzU2x3b0tsdGsKVPnAAQd9RqYQW+TUJ+yMqdQIVUyjqvf+ - mcEbwNKI2ZHvGn86JzqJNGnBLy8kY742aQcKXv3ce8+R5zpMh2jchQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcTBhemdHcEdrbTQ0SFVQ + K2h0MmpRZmNtTG9GWm1jaDFnT0grbmk2N0IwCkt4THh6OFRNdUltZEc2VXQ2a3Fs + alQyUW1NMGtVYVFtYzNNT3hYdzZEV2cKLS0tIGVyK0hPUWRPUFRCdGFscXFRVXB2 + QStyYVowM3NDZVErSzlkVGV1WXRndFEKdJdRlJp6W9ZgSihAwDnw75mnj1JtZns7 + v9DG0nl9+O3Z+e7HXX/LKg7DhjizfNjrwXlh7YeuYvQqTS2Hw9F9KA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:qw4g+yKwgoOa2kS/tj1dryk1fAUfhsn0fxj6ZAFT3qrv92d81vvb1ioj5qqGFNArCe1/vnRxDuTB8Vv0cGwIAxQf9X6rNYJw9/QzxeVDL0pI8/EK+mz/SmFA6T6l9/2K15USLOzcFovqTzqoK9EqcI46jLKYH5jvZcH8B6K3OGU=,iv:YtTCXwza5zIMOlTIGD5f7/JronMPRnM0uLUYaeOahAw=,tag:0t0mCAunDrsxB34GVywaLg==,type:str] + lastmodified: "2024-04-11T11:56:37Z" + mac: ENC[AES256_GCM,data:OEzJ9yXtbBf89s7d780P7Zy/bTH9WJbimuW7MPh4VVy0V+O23EEkEg+veCsJqNyqwCGZc7jfHkgBDglMKk/rcF6zYFOpxq359kLdXrbtdsb/74SRylN2ux7YwWMZNIlGN8eIMo4nqd/47SH4ALmH01DqztFjaXQZhe0tvUT1t0w=,iv:WVzo5MR7tmFqYGL0SpiDAkXkC3kS/+rUemw617bcR7Y=,tag:94M7kvTQjuO1dSdl9ytAGw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/services/default.nix b/nixos/modules/nixos/services/default.nix index 69578ac..21972bc 100644 --- a/nixos/modules/nixos/services/default.nix +++ b/nixos/modules/nixos/services/default.nix @@ -11,6 +11,7 @@ ./nfs ./nix-serve ./bind - + ./glances + ./syncthing ]; } diff --git a/nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml b/nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml index 0ca99d8..f5ddfa1 100644 --- a/nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml +++ b/nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml @@ -1,7 +1,7 @@ system: networking: dnscrypt-proxy2: - forwarding-rules: ENC[AES256_GCM,data:OqEb7P7c62CRZ8oGa2q7g4fuVQmG2H4nLpxP6XxKC0i6ibOqrRMXj9smSorlTGtGhQEk28i3rXlTZblQObXYnXn2KWglZhmA2EDOZQ==,iv:XqdkpxdqFALb4nv2JVSagjPtcuSmUZ82k/OGzrRfkzs=,tag:fhmeV4AO4CcNSe1TLQ3uhg==,type:str] + forwarding-rules: ENC[AES256_GCM,data:XsHHK0gDDDi0Vjxytx64QXtX+CEb6BoPCbfg3TnAnpG6uFaor3/YEJHNnlmguVlThIjbXAf4B1TeJf1Mch95y3iN1EG2iw+ginzejXUFfWPahOOvKnnb+rXSsdiqX3bXKbmcx2IrSINKhQw=,iv:MMccx35r0sQz5irLHmeZLQbAFNZZq49nP7CKmMPLg+w=,tag:xCAKUdgPIpSKky0WTpsqKQ==,type:str] sops: kms: [] gcp_kms: [] @@ -11,59 +11,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJT1lrUUlRNjEwSGVEREVi - cHp3dHVQTXZyWXhWNmk1U0sybm5qdUM3aWdrCnJkZmZWVkg1S2Y5M1I5UGFNL3B3 - V090RXUvdEtkNEhBS1BSUlpHbURkUDgKLS0tIEdSNGdWRyt4b1c3cFh1VFBZTktE - Yzh5OWdvdTZwOEpnYnBRVzlGL01LNFUKPpXMygtxw4tOAKmboe8yxmiiRoDJhVkh - 4YY7sbpeoDYVwfuJmMkaKGfPWDr7REbxVzZDoyw8fFh/Ea0lcqVfbA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXb0hRQjJKNEJncWRTUGw5 + QjRFSkk4WXVmdG9XNE03V2NYb0pnUCs5QVQ0Ck1aWVVGTmtmQ2pZVUVyRk83WXlI + VkcyTis4UU1SOWdFTGRIOHhYQnhVdjQKLS0tIDRLS0dTNk9mOVByK1BTSm50SUds + eVRPSkdFRGFUaWJZMzFjakt1aXVRYkUKmi3m1Shpz+nMJ0lGZ8/JBJQyZ4y/CWwL + yb2U4SZFEzBsxszKCBl0rk90Hpx7HduS0hDVauhmfWzpYzr55bEh9g== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUjJGNFlmbk5PdldYOEM4 - eGZwaGJNdWdPZ3dpbE5CQWJRRFYyV3lPdGprCmZjQ1YwdUVra0ZvQmIzOC8zU1lU - VU1nQUU1ajhNOVdVNFVDbUR5TXlSZEUKLS0tIC9GZzJXS2VQck9zbk1kM3hhR2Nl - dFdjRzgvMVBCckFCdlFnWVAvTCtHSW8KaAMKb+P9TaavlrFt1esYlOO7XuQ4LTzl - MlxgJIjgSGmOc4dRLK1fRFvcFRTRl+0LsqZT1OkE3wWLXr/ElN0OoA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJSFpKdTVBUUE0UjhRM3hK + NDB5KzNJOWozK3cySEZYbFdJSSsxTWdVWUJJCkJ5WjY4Y0xEY0RPcGplM0xsUWRY + bWZEaFpBMnd6Rll3MVhlNi9pQlA5VGcKLS0tIFlSdVVLTzd5RGlPY2RSN2JRdldN + UFdXSklWd3UwbHZlRVR4RmZ4VzF5aU0KsAwJJimAUcW7pGJfZ5RIHNHQtAwy0HZj + oaaeV704j6VtFUhv2Bcf8OYjA0dH8RIn8psYS0j2WCnNrC19q3Nwrw== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXT3UxYWRzaU5oRXZTYlIr - KzhQVklzN1ZzeXZuc0doOXErNjdwZitHb3dVCnpMaVRuZ2gxWFpSd2JyK1U4Sytr - c2FBeTdBOGo4WGFyaDdqaHdPbGUyU2sKLS0tIG4yYWVoTm9oc2RtRW9XdCtORHda - WVkyL1AzNGZ4YzNrYjRPYU9CMHpqeU0KESkMmihHwhh7oIW3mmmHJwFfdfEDWkI0 - WWA3656EKVXQ2s3bqUfeOS+6rPLmnU1bkXO5okWIG6j7BXyO+dPp/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5K3Q5VlNZaXVNdklybDF6 + QUFuNDZtOFJINzUxdWNLU0YxL3JQT1lJcjFrCnJoZ3Y5NFNMd3grTll2QktIQVhp + Nkc5dU5uVks4MVlRVTM0S1RFVlo0aU0KLS0tIFFpV2w3M2xwU1k1ODVxVU5pMnpE + ZWp5ODJYVkZjekFkSTcvRU45MjZJcTQKCX9kK2wNXJJOLNJnDcvJ5zBumLZeU5Fe + 2yUJJFfZe9mkzXz9++muE3LpBh9rlyXvnuOMD+0V3+Tgqbax0tA5qw== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBR1dDZUlWand0ZXNlZ005 - WXU0djlkWHhIRnR5L0FNcEFZc25nNlMvelRJCkV0WERlS1A5L1RTUE1jSlNYb3hU - YjNBMTY3d1JPNHdSaGxVSHhpR1J4dGsKLS0tIHpRYXdhR2Q4OGswNWthSXNCL0ht - RE1YNnhzWXV0U3VLQkFOMTJINTE1eG8KcvhtqFq0ywMDxspOxq7hKoteU8rTixsi - M0xrR9hSFDpytNqr1qv0hZIaIrl80GaBkzhogRaT8RDito01B5r7Fg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcXZVK05oV1BRK3U1dHFp + OVZoTlpDdm52SHFDZ1ZobldKM3IrTi8wYTEwCmhNNFlZc2NNejZwK1FxbEdvMFJC + M09DSFJKK0dyWk1mVXdHZDlnSS85R2cKLS0tIDdkZm1uaXR0U3NOWlJ6WDkrK2Zu + RVZ2UUJ0RWo4UzlsSUhWejZySHFGZmsKOXFJVA3AHLgSyIPEn+RtDo0f2oNBUHuV + pgjTtjD7bsrlCuhH/mMPFCHf7PH8XZA8PMDfU3hNvpVWxOB2io4RvA== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrRVFYOXVpTVNpOXBiMGI2 - N1UxVjkxS2lvT2ZNUmF1cnFCb3Fsc283NVFRCllQR2wzclpGTjJjWjV4cW9mdmxQ - TjRBaXdtbzg0dDZZcVU5UDZOMTBuR0EKLS0tIFg2UVhGbEYrRHVUT0I3UDFTUUpp - YUpzKzUzRjhhc01ZL3dERUZ4R04ySmMKpZb+juKeLyo2oIg5ottWszJ56uiRbQaW - BVdydsbyo/++odMEQzlIh+MHFaHioSSztyQ0el2WDzAkby1xK7iGOQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WUMzeXFmcW5WcFdnOWZI + UDBYZyt4Y0hQRkhCaE9MMVducVBRU2szZENJCkFHNnJCc2Q4RlJlUlpKTnZLM0w2 + aTgxeUNCRmpWZ001UVRLNElwcWxUNkkKLS0tIFBFNnVOUldOcUVIVDk1TjgyRGJJ + UlgrT0VwaGJISUxpeUxuS1hiamJsVTAKVZKDd0naQHxadHsd0eRNWqweRb/7z6Q1 + Mf3NbnkQOKTMILntxousk8ZszvDQVZ87wyZ3mzmGay1B2B19QrPkGQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBueVJ2MGN3WVJFNXFSWUN5 - ZmVFWndCYTd6QWZKamQ2by8xT2xQTjFGS2lNCitsSzhUZWVQQzZiUUpDbUxtaEI3 - dFdyeGZUOE14MG9rVDRXRTJTdTFkbjgKLS0tIDlEM3hjUFR1YXVUZzdNc2tUdDNV - OVlPVVgySWNsZlVTcXBBVVhyUUVhdGMKrc7PnV32vHEcdOC5bPi/ZEEfwDkvwkIF - OJeCIpfOQ76aeV7Lsb5xSeDYkOFGEfsnvnayXABZjsp05Vz4Y6Qspw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVb2R2YzV3eHF5UGNPZmE0 + MWcyK0NwNFdFVXpzbENFZkM1dDFMbElRUWg4Cm9ORXk5TCtzdXRxcEhQcURmaCtI + R1BRZVE0WHF6THh1VGhUVVEyTFZHemsKLS0tIFpGVFJGZFpSenVLNkloZlhvK0Nz + QThCYlc3N0ZtSnBES2dCWm1PMW42L00KSmKKlPDzs4sUYoVZOzW4pAsbQP4m2gu3 + mPTtlyqZrSbhGSgtwEw8C+p+LZOqQXnelkhGb8I759TpR7DASrqP8Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:qJxctGzBG+I9sb4NF0bRRf08C9ughPyvIxDk1lvG9ypbU9eqZ/sZXTbhyBvz8D68CfyouIjnZctsts/1urjZTBD0Z4C3eWtuwWtJTqnO4MzuiMLUCgpNaT1ouhCFKQSpaJbtF5ioo1eYZ/DuGRD04WDoFkuqhB9J/otveuh4+9A=,iv:Ly92+d3lcVSv2AMOnUjpqxsXMozlLYMfAG2DQGQRyYA=,tag:InW7hx7Yc3Qve/JCe2pq2Q==,type:str] + lastmodified: "2024-04-11T23:56:52Z" + mac: ENC[AES256_GCM,data:z4v5yRXeB/MCa3ltyf9KZl6NEXqsiIfSmEzzZAJRchOreJ1aIjWj2te5DM0n/08iW2ijFi/bekpcsl3U+5UJkwAjA+82zlvRnw91ppmb7mtnojEq25yhpB6tAUXoimLmT21saY3PnrHx/DFeVqg/P6cX/pGo9iGB2izwH7oCfUI=,iv:NDr9ypPZlTXS5npdrRGCwI51zhU0qCkvEUZfx3JxhUU=,tag:v3NLWsekZlxRyLsCCNR/Vw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/services/glances/default.nix b/nixos/modules/nixos/services/glances/default.nix new file mode 100644 index 0000000..8a896cd --- /dev/null +++ b/nixos/modules/nixos/services/glances/default.nix @@ -0,0 +1,94 @@ +{ pkgs +, config +, lib +, ... +}: +let + cfg = config.mySystem.services.glances; + app = "Glances"; +in +with lib; +{ + options.mySystem.services.glances = + { + enable = mkEnableOption "Glances system monitor"; + monitor = mkOption + { + type = lib.types.bool; + description = "Enable gatus monitoring"; + default = true; + + }; + addToHomepage = mkOption + { + type = lib.types.bool; + description = "Add to homepage"; + default = true; + + }; + + }; + config = { + + environment.systemPackages = with pkgs; + [ glances python310Packages.psutil hddtemp ]; + + # port 61208 + systemd.services.glances = { + script = '' + ${pkgs.glances}/bin/glances --enable-plugin smart --webserver --bind 0.0.0.0 + ''; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + }; + + networking = { + firewall.allowedTCPPorts = [ 61208 ]; + }; + + + environment.etc."glances/glances.conf" = { + text = '' + [global] + check_update=False + + [network] + hide=lo,docker.* + + [diskio] + hide=loop.* + + [containers] + disable=False + podman_sock=unix:///var/run/podman/podman.sock + + [connections] + disable=True + + [irq] + disable=True + ''; + }; + + mySystem.services.gatus.monitors = mkIf cfg.monitor [{ + + name = "${app} ${config.networking.hostName}"; + group = "${app}"; + url = "http://${config.networking.hostName}.${config.mySystem.internalDomain}:61208"; + ping = "http://${config.networking.hostName}.${config.mySystem.internalDomain}:61208"; + interval = "30s"; + conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; + }]; + + mySystem.services.homepage.infrastructure-services = mkIf cfg.addToHomepage [ + { + "Glances ${config.networking.hostName}" = { + icon = "${app}.png"; + href = "http://${config.networking.hostName}.${config.mySystem.internalDomain}:61208"; + description = "System Monitoring"; + container = "Infrastructure"; + }; + } + ]; + }; +} diff --git a/nixos/modules/nixos/services/maddy/maddy.sops.yaml b/nixos/modules/nixos/services/maddy/maddy.sops.yaml index 155d5cb..b3ea582 100644 --- a/nixos/modules/nixos/services/maddy/maddy.sops.yaml +++ b/nixos/modules/nixos/services/maddy/maddy.sops.yaml @@ -1,7 +1,7 @@ system: mail: maddy: - envFile: ENC[AES256_GCM,data:O7Wj/RcP8aBWnhxhDrxwu3pZdXFtarqPvRIK5ijO33nIfZ7Lvuh/tJcriQAvu3kSQ+UwfURLI2z/1BPOsBx9T9J8gJvPUwT/9BbuuaTsAfQjf/mmF2tBWBLtJ16VL+omS8h0gJrzOw8Zi4HtRAnO6+IW7vvqdNqH/0KGKeINpNs/Dxs=,iv:DQDHphtI0I95V1E1EvcTfIktr0Q5hyGL46IHtIczLFY=,tag:yK/Bpwf6BgZK0KODps0/Mg==,type:str] + envFile: ENC[AES256_GCM,data:QIP7YvY/kYYkqwxwLsrRC6ptExf2tzw7/+t4fdkyDwOUqWM4dI0TpjKr1LXfASCjHrVwb2a6+iqt7N+9ievD4MsrEEsoRYMYIjOlpsmPiHam85ql5WJlfTbOy91VebN35Q2aThC2NmeGcptJ7UX7cigO2KcmYPa5i4evIE+grruoQhM=,iv:0x8ezgw3xDkhQRYbASpz4IAw4hE7nRzImB/5rrs63Rg=,tag:Azm6Fn1gwLibRh7wjD6rWw==,type:str] sops: kms: [] gcp_kms: [] @@ -11,59 +11,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VkJURmFnSlBqRFMzR3Bv - VUVzeGV1UEdqOEZxQWFhTlR0ckhHNldBckNvCjFDbU80WmFTKzhPSkJoeWJoVU54 - ZWNmbUljKzBqNWxIOVlNeVQrenNQRG8KLS0tIE03NUFxcGVueG1ueXdNZ0xsb1o5 - MWhmMTk4R0dUM2Nsb3o5dUlvZ1k1bE0KBXVMIte5E84vKgyEUgZdOfUasJNTN4US - 1IpvfJ98Upss6id5UhAgQSLEdnUJNjOjz38lxhufinbvxwsiuGzyHw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdFBMdFg0aVdXVTFWSHY4 + STNQcFM1VnVnNHhkVmhhMGZpb3V0ZnJBOGxzClcyQlBOMXo1UXRTYVkyQ1FxSU52 + K0h4SjJCUHdZcS8xQStSTFU3S0trTDAKLS0tIGV3WW8rOE8rSmhLc0MwYW9tVDZO + ZGdpbmovK3NBMms1Yy9WTkk5eE9mem8KXnwaEyS2Ztwd8NVY9R+B70AwMukAeFmf + 3Gvj3C57EivrRLDTgot5Sh8TSni5VAlzXJPwwSfgEIiia4qiSUkkXg== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OTdhekNmTVV4aDhQZ1I5 - d2Faa3BJMlBab0YzdmNjTk5McGZvZzhMMlhvClF1K3lKV1VCTkRIRDQvZ2RQRDk5 - cU9VZG1SZjN2b0MzWmZ6cEVCdUh0NlUKLS0tIHV0bXhFWkhoTEQrdzF2RkZnTmty - Y0IrcHhHcnpLT2Z5M2Q5YmVuWGhYSE0Ku8WrjvwEJZQXdLKoUvgZQZTM/akml0kO - lSTUMDfBqQLj5mXwwMLvffqNdiJjL3ONpyUHeyDlWQG6MRTY/kYjnA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6YnlzaXRjMElRM1djdkNx + UmprK3N2UmxyL295UmhoRC9DS2FvNGk4eEU4CkdiK0xVWWt6dWJEcHpjSHQ4elpq + WHJhazhveUgxUW1ObWRmaTE4N1ZUMkUKLS0tIDVYekQ0OE1vSVl4YVFmZTV2VEl0 + amQ4NnU3WFRyc0FBTUk2NmZqdm9haVEKZ67m9O3CLBrF0U2q/1x1KQYx1gxs747t + KDNfjNXQgIx3VI6xgIVOflzK4vePUWWQ4OMr3M5h5qSCKmHImIMCvQ== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZUw4N3U0ei8rNUV4VCtv - ZEhpZEc4M2s2U0xlQTlTNjZWcnNMYkFndVE0ClpCaldTVFJobnZtSW5BK0M1RFI0 - bW1PTy96cHl3NnZJQllNYzlMdy9lWm8KLS0tIHRKT0lGa0NGc0NRQ0wwY0ZseUlZ - N0RxTFdoUU1LdkdQcHg2OEIySHFVNDAKeXH3fzCqd5zoCNSykuNIp39S4Ntvrg8z - g8UgS8edE4q2/wzvhKh3yZXhEnyUfVPKzUFHVaVcIzaQmQitzF8kgQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbUh2TFR5c3d6MWdmeHBr + QjNpN1EyZTFINVc3b0xaMHB4dzdoWUVzUkJBCnBYKzhNRHF0L3JiSlpaM09STlg2 + V0RiYTRWUDhPV0xVK3d0VFFVeWZzemMKLS0tIE9kMys2QlZ5VFc1UnI5RTdSdVRX + dmNZL3IrSFRSQXFnTTBzMVEwMVg3UlEKxf+eHlF4Lq5XbnT89fel8+332gYNKv0O + toOh5OJvN591LAk/NFy32BYXuxL1Fj3AE6wFvpx5Bkl5UYrWmwbHjw== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRazZyVmVDYXFuL28zTlZ1 - QTFIdTRlekZJUzcrZlc5NzhJUG83NWxpd1VRClVnalNWaVQ4NjB4V3lnSTUxOXRz - VTZkTCtPeVdpUEgrbTdxcllSTTBtOTgKLS0tIEpSK2ExT2pHNGh2SnpvMnBoenVG - Mno1dkxoc21wNGJpZ2pCSDZ2cGhSL2cKz568EszLyjw8GjZcvYB2uHkjUpN+owhn - 2Hg3fsqFO/Q+pYEZ2uC4aPs2pVkoI3GN8AnvXpX1UdROlPpoZB4S8Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON25iQlpWK290UkxHK0Fr + dWxCRnd5bEsxL0F1Q0NWd0NCV0ZJeFlXaUhNClVVTFhsZzIvRk5vQXpaSDdOT0VN + UDFTTGF1N1VMU3g5ZTVUWStmRGtLQjQKLS0tIHV3ZkpnbHcwai84NS8xaVAwUG1G + TzlsSkdWZUF5TnNMRXFKL3dXN1Z6QzQK8JCT3nzdHwkpoQE3tvSPSzoRYd/gwdpr + 63jF28zhmEY8hoMxof6rfiqk9souAobIzwbnfW/CkF86L5iS/1iepQ== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMzA5TlVRRjZrTm9mSkEv - UVlRU0Z2dVRsbHE5WDVacXA4dUkrTDdxWjNvCkt5b3pFSDMxSkJvK1NBa3BEK1pQ - WmF3VlRDRlprRFNjRTN2NEZVMS9QZk0KLS0tIGxvdUhSdTlrNmlTejk1Q0xxUnJI - dlVRbEk3QU1kbmkxYmpiRFZMSnNua0EKup42WKbdn/e52YIys7Btt5dGbOS0C0t0 - r3ifAGANhSGm/47OGmrp3D3zBdDPJynt2DXjd+Z4eSpGyXlcNmKdSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHSzdsa3Q0SUQ1RDBsN2s0 + bnBPM0dwUFRoalVqS2d1bVVQbUNOaVh6M21jCm9VYlRydlZtV3MwZ1BPR2g4dThu + TW5hZHYyc1VFOW1YSURRN0RiRFJyR2sKLS0tIGF4NkZmQ1F0WTcwaFB0d3c1V0Zv + Ynduc3pCcEVhQmdoZWZvZDg2NXRWWHcK884kU6xQiLuJ8foQY2rdZHEWzqGo1FGd + /Xfj8A7EGJWOSdi/n4dJZ6AWB7Z6rPAAzNBr4Her1yckG7JVxv4Oww== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseXp5L2F0SmFYV3JRQkRy - TGdQaVlETFVYODNORUxDRHh1UTJpZFI5S0c4CllNcGQweUUzR2Q0bE9ZL0dtWVY0 - WUNMRk96YzdQdXc5SmxLSldEUDd4WlEKLS0tIE5HY1kzWXRxWGRRTEJnamlBbUhk - UEdsT0tsRnBWeGRTNHRtMEw1STFRRjgKEFLv+SdRAulVyQyUZKQjOKkg+nzqlnY7 - qvCpAqEciZbFVlpD/aaLQ58jP2Ly/t1aHQFcWnEIWuhPYXw+k1gmOQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxa1RkMmtaS0pSOGU0bWJN + R283VWU1cSs2eGF3dkJVejI2RUhManJMRUNJCkpRV2NCYklzeVdYZ3VySzZ6MjBq + QTlpRWRDTUx2YjZIREhyb2pMcmFKeEkKLS0tIEtNKy9DQjJBa0VZeGxpUzI4TlJl + THlORDQwdXJ3RGZmVTFtaWNlODhVYzAKKDvNETiOrLrrE6eiYM45c7JRa3UCx1iF + soxcSqU7iKhr+bvo2X8idMQlwS9EhkPerFMWcON7ubcW4IznSMCXhQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:bMDjOYp2S9uT4671XD4T5LRYgoVBftLLbpNKsmx7ALlgcbSpHHF64k8IiR+KgUeGPp7uNiMGe6BT3w4be//yWUxJVwydxjF/V56q/VkYa4SRU+PZZw8bUp/rE2RnczvJp6OwSt/dAmyFfY8UG9bhNOGWeBBfwjrgzS0pfzIyVJ0=,iv:p5tDvddXy0cApRfeQaYcEYEpqGYPDXl/TrayS9qcmCw=,tag:Khj3RUhrbFDtPtwE4BGNmQ==,type:str] + lastmodified: "2024-04-11T11:56:37Z" + mac: ENC[AES256_GCM,data:QmlccYlL5IJD0OJ8CGfpma6fXSsrLISvBIlv8yvCFMitPnrFowWYzwN5EDOFIEGq1bIKef0tygBC2JDua+mH2xK5ZKftC9tTjhavZZpw4w3nWq1PP2zZWuPh2NmoSk1RtpQ760XTs1U+AloTJGIiCIUxhO/OT9fLo8WW2GyMJ1A=,iv:zXfkO1vJc1EtKgOz3Qs8BtwFQPGCvvWzLu60seO04WM=,tag:kzUS6IPrz4I2ke8kVviPgA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/services/nfs/default.nix b/nixos/modules/nixos/services/nfs/default.nix index 990cde7..2c47f2b 100644 --- a/nixos/modules/nixos/services/nfs/default.nix +++ b/nixos/modules/nixos/services/nfs/default.nix @@ -22,7 +22,7 @@ in mountConfig = { Options = "noatime"; }; - what = "daedalus:/tank"; + what = "daedalus.${config.mySystem.internalDomain}:/tank"; where = "/mnt/nas"; }]; diff --git a/nixos/modules/nixos/services/podman/default.nix b/nixos/modules/nixos/services/podman/default.nix index d3e54cb..d9f1d88 100644 --- a/nixos/modules/nixos/services/podman/default.nix +++ b/nixos/modules/nixos/services/podman/default.nix @@ -31,6 +31,11 @@ in virtualisation.oci-containers = { backend = "podman"; }; + + environment.systemPackages = with pkgs; [ + podman-tui # status of containers in the terminal + ]; + networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ]; # extra user for containers diff --git a/nixos/modules/nixos/services/syncthing/default.nix b/nixos/modules/nixos/services/syncthing/default.nix new file mode 100644 index 0000000..52840a3 --- /dev/null +++ b/nixos/modules/nixos/services/syncthing/default.nix @@ -0,0 +1,39 @@ +{ lib +, config +, pkgs +, ... +}: +with lib; +let + cfg = config.mySystem.services.syncthing; +in +{ + options.mySystem.services.syncthing.enable = mkEnableOption "Syncthing"; + options.mySystem.services.syncthing.openFirewall = mkEnableOption "Syncthing" // { default = true; }; + + config = mkIf cfg.enable { + + services.syncthing = { + enable = true; + group = "users"; + guiAddress = "0.0.0.0:8384"; + settings.options.urAccepted = -1; # decline telemetry + openDefaultPorts = cfg.openFirewall; + + }; + + mySystem.services.traefik.routers = [{ + http.routers.syncthing = { + rule = "Host(`syncthing.${config.mySystem.domain}`)"; + entrypoints = "websecure"; + middlewares = "local-ip-only@file"; + service = "syncthing"; + }; + http.routers.syncthing.loadbalancer.server = { + port = "8384"; + }; + }]; + + + }; +} diff --git a/nixos/modules/nixos/services/traefik/default.nix b/nixos/modules/nixos/services/traefik/default.nix index 11e7afa..5c9d6a2 100644 --- a/nixos/modules/nixos/services/traefik/default.nix +++ b/nixos/modules/nixos/services/traefik/default.nix @@ -7,38 +7,22 @@ with lib; let cfg = config.mySystem.services.traefik; + routersFile = builtins.toFile "routers.yaml" (builtins.toJSON cfg.routers); + in { - options.mySystem.services.traefik.enable = mkEnableOption "Traefik reverse proxy"; - + options.mySystem.services.traefik = { + enable = mkEnableOption "Traefik reverse proxy"; + routers = lib.mkOption { + type = lib.types.listOf lib.types.attrs; + description = "Routers to add to traefik"; + default = [ ]; + }; + }; config = mkIf cfg.enable { - lib.mySystem.mkTraefikLabels = options: ( - let - inherit (options) name; - subdomain = if builtins.hasAttr "subdomain" options then options.subdomain else options.name; - # created if port is specified - service = if builtins.hasAttr "service" options then options.service else options.name; - middleware = if builtins.hasAttr "middleware" options then options.middleware else "local-ip-only@file"; - in - { - "traefik.enable" = "true"; - "traefik.http.routers.${name}.rule" = "Host(`${options.name}.${config.networking.domain}`)"; - "traefik.http.routers.${name}.entrypoints" = "websecure"; - "traefik.http.routers.${name}.middlewares" = "${middleware}"; - } // lib.attrsets.optionalAttrs (builtins.hasAttr "port" options) { - "traefik.http.routers.${name}.service" = service; - "traefik.http.services.${service}.loadbalancer.server.port" = "${builtins.toString options.port}"; - } // lib.attrsets.optionalAttrs (builtins.hasAttr "scheme" options) { - "traefik.http.routers.${name}.service" = service; - "traefik.http.services.${service}.loadbalancer.server.scheme" = "${options.scheme}"; - } // lib.attrsets.optionalAttrs (builtins.hasAttr "service" options) { - "traefik.http.routers.${name}.service" = service; - } - ); - networking.firewall.allowedTCPPorts = [ 80 443 ]; sops.secrets."system/services/traefik/apiTokenFile".sopsFile = ./secrets.sops.yaml; @@ -56,6 +40,7 @@ in users.users.truxnell.extraGroups = [ config.services.traefik.group ]; services.traefik = { + # TODO refactor into subfiles enable = true; group = "podman"; # podman backend, required to access socket @@ -76,12 +61,18 @@ in # Allow backend services to have self-signed certs serversTransport.insecureSkipVerify = true; - providers.docker = { - endpoint = "unix:///var/run/podman/podman.sock"; - # endpoint = "tcp://127.0.0.1:2375"; - exposedByDefault = false; - defaultRule = "Host(`{{ normalize .Name }}.${config.networking.domain}`)"; - # network = "proxy"; + providers = { + docker = { + endpoint = "unix:///var/run/podman/podman.sock"; + exposedByDefault = false; + defaultRule = "Host(`{{ normalize .Name }}.${config.mySystem.domain}`)"; + # network = "proxy"; + }; + file = { + filename = routersFile; + watch = true; + }; + }; # Listen on port 80 and redirect to port 443 @@ -96,8 +87,8 @@ in http = { tls = { certresolver = "letsencrypt"; - domains.main = "${config.networking.domain}"; - domains.sans = "*.${config.networking.domain}"; + domains.main = "${config.mySystem.domain}"; + domains.sans = "*.${config.mySystem.domain}"; }; }; http3 = { }; @@ -173,11 +164,11 @@ in http.routers = { traefik = { entrypoints = "websecure"; - rule = "Host(`traefik.${config.networking.domain}`)"; + rule = "Host(`traefik-${config.networking.hostName}.${config.mySystem.domain}`)"; tls.certresolver = "letsencrypt"; tls.domains = [{ - main = "${config.networking.domain}"; - sans = "*.${config.networking.domain}"; + main = "${config.mySystem.domain}"; + sans = "*.${config.mySystem.domain}"; }]; middlewares = "local-ip-only@file"; service = "api@internal"; @@ -190,11 +181,12 @@ in { Traefik = { icon = "traefik.png"; - href = "https://traefik.${config.networking.domain}/dashboard/"; + href = "https://traefik.${config.mySystem.domain}/dashboard/"; + ping = "https://traefik.${config.mySystem.domain}/dashboard/"; description = "Reverse Proxy"; widget = { type = "traefik"; - url = "https://traefik.${config.networking.domain}"; + url = "https://traefik.${config.mySystem.domain}"; }; }; } @@ -204,7 +196,7 @@ in name = "traefik"; group = "infrastructure"; - url = "https://traefik.${config.networking.domain}"; + url = "https://traefik.${config.mySystem.domain}"; interval = "30s"; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; }]; diff --git a/nixos/modules/nixos/services/traefik/secrets.sops.yaml b/nixos/modules/nixos/services/traefik/secrets.sops.yaml index 0450c3c..7754705 100644 --- a/nixos/modules/nixos/services/traefik/secrets.sops.yaml +++ b/nixos/modules/nixos/services/traefik/secrets.sops.yaml @@ -1,8 +1,8 @@ system: services: - #ENC[AES256_GCM,data:YEM+PywM4mm+0BlFscjwyDRdQLzJR2E11RumZ3NFJzjz7vyD+yZQI3dC5mIAFEI3ZmPNtxadtvGvQIIMs5XdHf3bm3lcVX2bsMfqWQ==,iv:4JhcykwwFc98iMXZZp9gBX13TFyic1kVKmimsT5a9q0=,tag:8TpvQcQQgoCD+z4+lNcduQ==,type:comment] + #ENC[AES256_GCM,data:XPfrPhKBn7rS7oL1ob3KqOuGprzSsdfnEKHm8ep6Lr2qWgKUpnLyiOqkPapooPO0E2RnHXDv1GeLpl6+NbHQRWUCcfP0ypEko0ZZPw==,iv:R/sUawRMIts93Gdz8dRBJz7VWdK3nFXQfaGk+rWXK2c=,tag:xwONcjRqD05CiSyg8u7Yvw==,type:comment] traefik: - apiTokenFile: ENC[AES256_GCM,data:BoFswFKyWhg2nAkdQ8eNW0+rWSMeIKvc/p0e/7ZHOsiltI/vgcYGQdz97mvwh2zck7OUvYRJbKZQ/W2bLmSZSmPScd1+drbKGPdo8s/K1KZSlqhfk4ldXqr9kpI+QV6FUw==,iv:mupO6Dj0lXafJK4+vXp85PlkVJLRP8HuQ4Jfj/EhcIs=,tag:CPhKdlAvtBtAs/IFZq+ZFw==,type:str] + apiTokenFile: ENC[AES256_GCM,data:qFz1VRqM6Jfu33ImmglKp2L1WihYbZE86zx0BuXvgUSLrHodcgQ8ft8vpy0ur+I8I0i2/HLNKSrdz9bAdfDWdqqBpLwQA5SSu3pod/pxXTMvVEqZqYGwvXD24SifSHLKLA==,iv:YXah2ezPGDVJ9FWL5TJdqIT/ZPSEW6MxlKSqb33MNzE=,tag:UjJOl0g1UltdGicLDxqJQA==,type:str] sops: kms: [] gcp_kms: [] @@ -12,59 +12,59 @@ sops: - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDYzFWUDduWnNZNVFHd0VC - aFM4aTR2N2xTQ1FXcFU1NXRjZHNoanVxc3o0Cml1MHFxcU1oSXZSWGhLTDQwRjBS - SFlkYW1LZUhpUU5Kd014b3ErL2tVbGMKLS0tIFVIaXIvZXNWMlhsdC9YME5lK0JT - NXFtV01BVG90dGpqT1YvTFlhZGdHZnMKMgARGl+FIQRafv5n9H54jdtD9K82J8b+ - uXXJgLas5GKc5dPKUuMXIGgYQjuDKbpn9282OhXBeNXtxhk6LPiHcw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVME1FckowdTFIaFByNFk4 + cHM4WnprZk55WUdlcUlkcSsxQXIrRjloTXhJCm1GMWw4UGU4WnpaQmUycUxCci9i + WmtmbzdPSTZ5Q2l6QTZVdHkxajlpTE0KLS0tIDVxQ1ZMaFlSS3d0akQ1UDM5TFJG + T096em14d1FRUjF3dm85MkthRVh6UnMKelOf2qNobndcxX5QR+iTt4sSIsngRbvj + wy6W5s53x2bqe4K21RSNhAUkUO3AshotN/caiYKzYx/kBZk2kRcVXw== -----END AGE ENCRYPTED FILE----- - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNemtaYlNCWm9ReXozU2dt - VGVRa1YzRU5qV2xueFFGZXJwNGVuUXdXVDNBCnp2WnZmMUVvZmk1Tnc2dGRrTVJV - KzdjQkZRdU9pRXUxay9KcVVkTlhma1UKLS0tIG5vZmt6LzkwUG9adnVxUmRZVE8w - cnBCTFl2ZmFaa0RMa3BGK1lSRlZHNzAKytTZsl1Qs1Ln5lUFsWf4B3sTtMNUjQsn - zOWT/aL5EkDhKYI5afpaMLdgjrZNcUn53UTsN1QqGJfN9xz8I87VMQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwTHczMFY1Rm5IQlV0TTJV + Sk5lKyswTlBteVZRRVE0TWY2Zm5uNXFjalNZCmVVU3FQZENSOUNtb0FGbEtqSmtG + SnYyNEgyeDIvaW94U0wyV2dFd3g2VFUKLS0tIDN0Vmg2RjNkanp4b2wvK1RVbTU1 + ZzQ4Q2VLNXI0M3hXL1pyV2gvbzhuUTgK4MjauT0PDEBn9HJicK3J8FXamsoSdqGA + 5F0E6ettiC80jYV7Cp48cyQ1vo18glFSvQ1IrJ1x0z5Oznr+ZPXK2g== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VVovZ0Nuc2kxQTgzWVAy - bCtRMDVlOHJ6R09wMDN1NHRVc0dKQW1FSEJVCjNpQ0dUbGdEWDhKTFBEdUQ3Qm9N - RGZ4ZmJ6b3Q4YUl6b084dE50QkVIMmMKLS0tIGt0SGNsYUUzRTBwbGNnR1VPQVBa - YmJtbEF5NW9Od2RTcjNra09JNERwYkEKL3yA04+igcbuwc01x7vx9DcnoUL34YHo - P6t+eTnKP7d0TmFHSieKSKu6Kk4rzeFVoQCkxlsyjrSNtht3QCj91g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOFpvYnRWY2F1bTAvbmpC + SEh2SmhaeEVEK2ZLbzBPeE1YVlkxM1FlQTBRClRNRWNZQ3BZcVE0VTF0bDUwWk1k + Q1l5RWtYSy93V09EeGUxcVBzOVd0eDAKLS0tIDd3QlBQcHovWDlsdEg3eDlmVWtn + OUhNMWxENzhqNmdaZTFkQWNVM3I0cW8KKeEKoG+e+rClRk8bWWtdGEjcyYiIPF3u + 24flOm0iStrfy4b0Cf33sTzozFR6cdG3DZ1bqQLR3rwKAh9XdWbAhg== -----END AGE ENCRYPTED FILE----- - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTkdNdEdPcGhCRkFHVlR2 - bVpKZXZDNjMxdjkzVGJEMFVHUDdMRUczOEVRCnlUeTFzaTdOa01rdVhNS3pTWEs4 - YnNPdGNKbkdJUTZpR2RmbGhqTkdZcXMKLS0tIHlwK0Yzdm9SSWtycTU1Wm1OSHRn - b0pBdUxtcVlsc2NDTlRBUTd1b25oajQKFnpXnZ/8PmXD65oICcYpyAj0Op0nDSRH - 0hCWLscdq6KQiyG6Zi0/EQXHhXDc8PJbMHgGQ1rn3tqWhXozOP9ZTQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjakxOcDBvcm05ckYzekIw + Mm54a1k2U0Q3SkNtWVpqNGlnOWprK21lbVFnCnNZa0FReG54MFhPQVJESmM5eklS + Zlpxeml3QnZVY2V1U1VRRXJsd05jajgKLS0tIGYxTjZkNk40eG91aHZOa1AvWHl5 + L2JqS0FjVzF1a1dZb29lM2dIVitiVWcKtyN9D5aqvwr5wKI7cZ+6ARZ2ntFN77bb + xRS99lmHiOzEHoDK7KaU0trdeCLiUCGdVUye8RgPbe/SUXa8Nb36pw== -----END AGE ENCRYPTED FILE----- - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJM2NmMzc5K2ZwZTVlSXZq - YkdzRWttdWZPQjBFaDh4UGUwZFFRVDlETFUwCk83emxCS0dXWitCV0hHZWphdnpF - R3dLQlZRenpsRlkweS85dnpGSzVITGsKLS0tIGlEWUM2SmowbUdhcVgrRitaUkVL - Q3ZaaS81TjQ1MTE4ZVUwR01VUTNnMVUKlyPkDLQmkT2B6+ud0yrrTEbuHqaEQN4f - 7ABgPx3GHrqgbZY/Xi1R75NiQ9n7+TGoB3v7AAjc+xc4b90yRuyx1g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWERTcWZNZlM2Wm10aUps + dGQ5eEFVTkVBYVJCdlN5WFZKUUI4MzBwL1I0CnAxbUNocHFCZFZHRnVmbzhwd0xY + aGcyelVJREh5MzBSUXNKaklXdGRFb1kKLS0tIFRvLzhsNFNvNGVvZWFPVXVFTC9H + NGQ5ZTk2dFVKNGdiQTJaNjZtR0d3YjgKz2AluV3wR0Cz7bJEXAUqBwHbdk7zmD5P + nux9nLQfoD9YDfbp2DIBDktHPL5KjY5H4/zn+Obo3fPeq+PrZMNZZw== -----END AGE ENCRYPTED FILE----- - - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSk9lUTNGUFJaK3psT1Zj - Y0h2akx6SktqOSs1ckRRL29YNkxIcHhVdmxnCmZSeWdtckFQMHNtZUxEN1FNSnR2 - VmxjR0ptT01FYjBRRGRZMjdSS3ZEcDQKLS0tIERpWmcxSHM2a3FhRy8zOTdmaEtC - blZJb3F4MTdoQVIyRVo1RnVCR3FYelEKYDXcpDVDrf/VYTEzNAM/XHkrx9cLkdC5 - OCGfMqoqJPHZn4tGJOD2FpfZK8AVhih73gZKAHItDizm2aBuaT5yig== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WDhQckJCdW1tTXBEalE5 + VTJNL3dJWlIzMm9LTjVaUFl3SlNNVERwM3lRCmhCT25UWkxCYkdUNytjUjZCVWF2 + NjY5ZU5xWkxRZ2tIUzRNTzl4Mk5RK3cKLS0tIGxJamh0SnJIZWIxTjZzSEtHaXdy + M1V2S01iclNnMzZta2lYY29HM1dMVXMK6omDe7Pgb57Q/zA6KUQV3mt/QQN3NlUZ + QESTtrrtDveuK/GBeiTQZpOdetYja3V2UHnePR5IHuMw3QexIKUlKw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-11T07:59:07Z" - mac: ENC[AES256_GCM,data:jpvoc5aacRAYifmVljRBZ2p8uXaeUiIbflGyjaYxVIy25N5Fa4v3wQOqmC1VGaSoOIMmx0Bt+p8ihdvhf2ihRwLF/L/jO+oSl0EiVqrx+u6xIXB19jD0flvw8d4lTE4E2DTxqvPGwGAOAp5g2fstdPAbrkDY+3/f6PMhlbvlPFw=,iv:T3HESCilOJ1S2cntErmaFmBhrLLmLRC2cFZN8gUFAUU=,tag:qXgobz+R/rDsrYs2wQhQQA==,type:str] + lastmodified: "2024-04-11T11:56:37Z" + mac: ENC[AES256_GCM,data:ZIOBc6KR2K5ttfx3EvZTL4Iod8aJCxHB90g+5cIMG0Cx5X6sf9RNVznab7/fTuCDcqEzG9KOrWhaSI1fx8NN1xbNY3GZ3iKFa8NEXlg6mO+7Kyir9GPBQaRTjCAUVKQnCukEq/50KPQsFRETyx4lOt9VFnd1GXpc1QgIXg8jnaQ=,iv:+TQstFomD658x6QYyY49Y7y2CduD16Bl8uhcIW09g6Y=,tag:bcfwfk3xfQsXom44OJq81g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/modules/nixos/system/default.nix b/nixos/modules/nixos/system/default.nix index fe14aea..f7d7dcd 100644 --- a/nixos/modules/nixos/system/default.nix +++ b/nixos/modules/nixos/system/default.nix @@ -7,7 +7,5 @@ ./nix.nix ./zfs.nix ./nfs - ./impermanence - ]; } diff --git a/nixos/modules/nixos/system/security.nix b/nixos/modules/nixos/system/security.nix index c1b5623..774860d 100644 --- a/nixos/modules/nixos/system/security.nix +++ b/nixos/modules/nixos/system/security.nix @@ -28,7 +28,7 @@ in security = { sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword; # Don't bother with the lecture or the need to keep state about who's been lectured - security.sudo.extraConfig = "Defaults lecture=\"never\""; + sudo.extraConfig = "Defaults lecture=\"never\""; pam.enableSSHAgentAuth = cfg.sshAgentAuth.enable; diff --git a/nixos/overlays/default.nix b/nixos/overlays/default.nix index 21be2ad..93f7c26 100644 --- a/nixos/overlays/default.nix +++ b/nixos/overlays/default.nix @@ -2,8 +2,6 @@ , ... }: { - # deploy-rs overlay - deploy-rs = inputs.deploy-rs.overlays.default; nur = inputs.nur.overlay; diff --git a/nixos/profiles/global.nix b/nixos/profiles/global.nix index 5c2fa49..76df4f8 100644 --- a/nixos/profiles/global.nix +++ b/nixos/profiles/global.nix @@ -9,38 +9,44 @@ with lib; # Not sure at this point a good way to manage globals in one place # without mono-repo config. - imports = [ (modulesPath + "/installer/scan/not-detected.nix") # Generated by nixos-config-generate ./global ]; - mySystem = { - - # basics for all devices - time.timeZone = "Australia/Melbourne"; - security.increaseWheelLoginLimits = true; - system.packages = [ pkgs.bat ]; - - # Lets see if fish everywhere is OK on the pi's - # TODO decide if i drop to bash on pis? - shell.fish.enable = true; - # But wont enable plugins globally, leave them for workstations + options.mySystem.system.impermanence = { + enable = mkEnableOption "impermanence"; + # explicitly specify ssh path key + # just so I can track where sops-nix needs to find it + sshPath = mkOption { + type = types.str; + default = "/etc/ssh"; + }; }; - environment.systemPackages = with pkgs; [ - curl - wget - dnsutils - ]; + config = { + mySystem = { + # basics for all devices + time.timeZone = "Australia/Melbourne"; + security.increaseWheelLoginLimits = true; + system.packages = [ pkgs.bat ]; + domain = "trux.dev"; + internalDomain = "l.voltaicforge.com"; + shell.fish.enable = true; + # But wont enable plugins globally, leave them for workstations + }; - networking.useDHCP = lib.mkDefault true; - networking.domain = "trux.dev"; # TODO make variable - - + environment.systemPackages = with pkgs; [ + curl + wget + dnsutils + ]; + networking.useDHCP = lib.mkDefault true; + networking.domain = config.mySystem.domain; + }; } diff --git a/nixos/profiles/global/nix.nix b/nixos/profiles/global/nix.nix index 5646e0f..72cc6da 100644 --- a/nixos/profiles/global/nix.nix +++ b/nixos/profiles/global/nix.nix @@ -30,14 +30,12 @@ "https://cache.garnix.io" "https://nix-community.cachix.org" "https://numtide.cachix.org" - "https://deploy-rs.cachix.org" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" ]; # Fallback quickly if substituters are not available. diff --git a/nixos/profiles/global/secrets.sops.yaml b/nixos/profiles/global/secrets.sops.yaml new file mode 100644 index 0000000..3a9fce6 --- /dev/null +++ b/nixos/profiles/global/secrets.sops.yaml @@ -0,0 +1,66 @@ +truxnell-password: ENC[AES256_GCM,data:/ZLxonyxqLLRJvVSuPczEkeiOaY/Z/1pmtwnOl8HQAds/hAnTWzVnfaovOP5KbsrS5GohTbHTAL80NOBflB1vZz+pWzhKVBbqQxnmYXGpp3jdO7q6Vo9yKPTnu4ClkFkN2QkX4xmUgSIRQ==,iv:xMhbcgBwqjCeKx0ZfTwORonxaFNZZ9yzBb2F27s0KO0=,tag:legRUJEC2ZXWTHCF0Kb7DA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkR0xqVzZsZzN4VEFsbXJn + RW1uNjJqNjVUcjN5c3Z3RkRMbUpERzRidVZBCjdLYis2TzdnMkJGalN5WEJ4NzdC + eEMvSFhjamllM1VPSGhGWFAwSzltYm8KLS0tIHFLWHlPdkVsYmpWUW5YWmdzUXZQ + dCtSdXNWdGdrNGlLcVg3bVBWWEdWeG8KFNFYMPp+uPhlFyDXzps946gowRM+EpnG + SljpZ2XTMHLZ2ZNHqrkdXaou8H7dDZjafo010I5c+U0/BzYg3GKwlw== + -----END AGE ENCRYPTED FILE----- + - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1dWtHWVR4NFNaMS9LM2xr + dm9UamZkTmVwOGtaMmdJeU5uZGY5TGJwcnpVCmpyZ201OVpJSmFnT0V3aGluZUxP + djRTYUJCNis5NHhKbmNtZ3NlQldXdWMKLS0tIEJuSTJPVzhJVW93Qi8zSFFvSzlk + SW9jdk5BaHRhc3puVzE0cEwrMlRMcVEKV5++1oZk48SA2iuxf64NVg1gQo997tM/ + 06VqoVuLX1Vqo/InVmWzMJJA6IKSAe1k8eOeoZ7Sbgty7rcd3al1VQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSVhBNnpKREgrWHFSd0lC + bVd4b2ZmblR6Zlp6alEwV01CQm1TWGdFU3o4Ck5PY2R2VU5OSDZxME8zWkkyZ2Yr + bjJpZmFjUEdHY1hxWUZQSVd1Rlhnb3cKLS0tIEE2SnlkTThtR0pOdmF0SStNOUxi + MnJ2Ri9xb0E5Wis3ejhTVDdtQUVPc28KpDiexpCl7Pocrv1PAHEWVHEFEDUDq4F5 + CsUxpyH4+odoi1Qzj2iDkbuaun5mTER96B/gfXKb8UZqOIygHA/89g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0bHZmS3FkSnhlNndWOGhU + eC9oSlEvUEorTHlvKzZ4RjhZNWthUzFTdTFrCktNWUNCYlQvZDY5OC9YRFJ1ei9V + UEY0MGhDMDVHai9LZzRrYWtqMzNJd0UKLS0tIGtPZHVPOTFXeXJEWTFwVmZoZFdX + ckF5M1Z6Z3lRRC9yYVIvaGJsbllSK1EK8JODbe2VZg5ABspZn5eNmvF3pJziVY9X + B05xe15jisD3k5mXcbolo3wkt78+fBV1M5EYuOYgtwI4bdWp1he+TQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZk8zS3c4alFyL09WSkMr + aDFhZGhQRVBYUExmV05DbjlJb3B4ZmFmcEcwCkx4aGhRbFNudGFEeHN3Q2xSSkxa + SnBxeG40L3YwbkFZL2FLY1hWYTA3N0kKLS0tIEZOM0o4VUFPWm1YUERzTS85Zmsr + ZHgwR2xPTE5zaGx3dDIxZ3F6allKRjgKgpcA82ZC8WrCF5b9EqkaHvrCQQYEFWXI + BxY8+3w3/hqnDiWzlPdwRQGN0J0e2WeIUFzSaQFYpR7kemP3DJ+MtQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0YnNXdkZSclc2L2NYMEJs + MG9LeURhc2VsM1Zxa3dIU0dNSTZpYTJqblUwCjV0QnE4eHljZHU1cGZTTUhLNzkv + WEJyQnFDS1JTRTd4dzJYa21EcW5hekUKLS0tIGMzMC9aVjJkZEZnM1JlTU9uTWdl + OUN5d2lEYnJCdW0vTXJnUWt4d3hCT28KjuBFDRjCyU037UV7s4ZSaMxPhZhUBakG + 6IEpCm0U2NYfLAgqDrq9Pn1J9Ut1Q3Uep/UWBfqNET/yARoiXPDTvg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-12T03:04:28Z" + mac: ENC[AES256_GCM,data:lDxEN6svXfQEHyWRrDcs8XU8Sblxof820ZOcMoVfSMkjgNcx883E6ZKbZlE1lQztlG1RCyvGgpPotjfEN7KgH87IZ3EpUdq6t+4f2ag8T2xnjDNoU1PeiLLTGvd5rt5MeKK3YqhxQ17OKrdvwVDL+wcnZedF9X0vgbpFehBTIhY=,iv:S4cRp1It/BNYknkLk8x75oi615ddXp3FbS7Q5HBtgrg=,tag:9ugtzg2cw5Gc3/KpHbmuFQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nixos/profiles/global/sops.nix b/nixos/profiles/global/sops.nix index 543aa98..ed9fde5 100644 --- a/nixos/profiles/global/sops.nix +++ b/nixos/profiles/global/sops.nix @@ -1,6 +1,6 @@ { config, ... }: { - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.age.sshKeyPaths = [ "${config.mySystem.system.impermanence.sshPath}/ssh_host_ed25519_key" ]; } diff --git a/nixos/profiles/global/users.nix b/nixos/profiles/global/users.nix index 69b3b53..9ed8a6b 100644 --- a/nixos/profiles/global/users.nix +++ b/nixos/profiles/global/users.nix @@ -9,7 +9,7 @@ in sops.secrets = { truxnell-password = { - sopsFile = ./secret.sops.yaml; + sopsFile = ./secrets.sops.yaml; neededForUsers = true; }; }; @@ -17,7 +17,7 @@ in users.users.truxnell = { isNormalUser = true; shell = pkgs.fish; - passwordFile = config.sops.secrets.truxnell-password.path; + hashedPasswordFile = config.sops.secrets.truxnell-password.path; extraGroups = [ "wheel" @@ -26,7 +26,9 @@ in "network" "samba-users" "docker" + "podman" "audio" # pulseaudio + "libvirtd" ]; openssh.authorizedKeys.keys = [ diff --git a/nixos/modules/nixos/system/impermanence/default.nix b/nixos/profiles/impermanence.nix similarity index 68% rename from nixos/modules/nixos/system/impermanence/default.nix rename to nixos/profiles/impermanence.nix index 6934f54..cb4099d 100644 --- a/nixos/modules/nixos/system/impermanence/default.nix +++ b/nixos/profiles/impermanence.nix @@ -8,7 +8,6 @@ in with lib; { options.mySystem.system.impermanence = { - enable = lib.mkEnableOption "impermanence"; rootBlankSnapshotName = lib.mkOption { type = lib.types.str; default = "blank"; @@ -22,26 +21,27 @@ with lib; default = "/persist"; }; - - impermanenceRollback = lib.mkEnableOption "Rollback root on boot for impermance"; - }; - config = lib.mkIf cfg.enable { + config = { + + # move ssh keys + mySystem.system.impermanence.sshPath = "${cfg.persistPath}/nixos/etc/ssh"; + mySystem.system.impermanence.enable = true; # bind a initrd command to rollback to blank root after boot - boot.initrd.postDeviceCommands = (lib.mkAfter '' + boot.initrd.postDeviceCommands = lib.mkAfter '' zfs rollback -r ${cfg.rootPoolName}@${cfg.rootBlankSnapshotName} - ''); + ''; # move ssh keys to persist folder services.openssh.hostKeys = mkIf config.services.openssh.enable [ { - path = "${cfg.persistPath}/nixos/ssh/ssh_host_ed25519_key"; + path = "${config.mySystem.system.impermanence.sshPath}/ssh_host_ed25519_key"; type = "ed25519"; } { - path = "${cfg.persistPath}/nixos/ssh/ssh_host_rsa_key"; + path = "${config.mySystem.system.impermanence.sshPath}/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } @@ -49,7 +49,7 @@ with lib; # If impermanent, move key location to safe systemd.tmpfiles.rules = mkIf config.services.openssh.enable [ - "d ${cfg.persistPath}/nixos/ssh/ 0755 root root -" #The - disables automatic cleanup, so the file wont be removed after a period + "d ${config.mySystem.system.impermanence.sshPath}/ 0755 root root -" #The - disables automatic cleanup, so the file wont be removed after a period ]; # set machine id for log continuity diff --git a/nixos/profiles/role-server.nix b/nixos/profiles/role-server.nix index 8da5d3d..e2d45a5 100644 --- a/nixos/profiles/role-server.nix +++ b/nixos/profiles/role-server.nix @@ -19,7 +19,7 @@ with lib; name = config.networking.hostName; group = "servers"; - url = "icmp://${config.networking.hostName}.l.trux.dev"; + url = "icmp://${config.networking.hostName}.${config.mySystem.internalDomain}"; interval = "30s"; conditions = [ "[CONNECTED] == true" ]; }]; diff --git a/nixos/profiles/role-worstation.nix b/nixos/profiles/role-worstation.nix index 7a0e308..8f0c1fa 100644 --- a/nixos/profiles/role-worstation.nix +++ b/nixos/profiles/role-worstation.nix @@ -62,7 +62,6 @@ with config; yq btop vim - unstable.deploy-rs git dnsutils nix