jahanson/nix-config-tn
Archived
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Add restic backups and glances (#89)

Browse source 
* flesh out impermanence

* glances

* hack

* hacking in plex and tautulli

* hack

* hacking

* Auto lint/format

---------

Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
Co-authored-by: truxnell <truxnell@users.noreply.github.com>
This commit is contained in:
Truxnell 2024-04-14 08:46:48 +10:00 committed by GitHub
parent 504e0b1feb
commit dc0b2518da
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
56 changed files with 1080 additions and 732 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -14,7 +14,7 @@ keys:
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
- &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
- &daedalus age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - &daedalus age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
creation_rules: creation_rules:
- path_regex: .*\.sops\.yaml$ - path_regex: .*\.sops\.yaml$

2
.taskfiles/nix/update-all.sh
View file

@ -23,7 +23,7 @@ for host in "${hosts[@]}"; do
if [[ " ${skip[*]} " =~ " ${host} " ]]; then if [[ " ${skip[*]} " =~ " ${host} " ]]; then
continue continue
fi fi
fqdn="$host.l.trux.dev" fqdn="$host.l.voltaicforge.com"
if [ $reboot -eq 0 ]; then if [ $reboot -eq 0 ]; then
echo $fqdn echo $fqdn
nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host" nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"

4
.taskfiles/nix/update-single-machine.sh
View file

@ -14,7 +14,7 @@ while getopts ":r" option; do
r) r)
reboot=1 reboot=1
host=$2 host=$2
fqdn="$host.l.trux.dev" fqdn="$host.l.voltaicforge.com"
echo "$fqdn with reboot" echo "$fqdn with reboot"
nixos-rebuild boot -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host" nixos-rebuild boot -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
# ssh -i $rsa_key $fqdn 'sudo reboot' # ssh -i $rsa_key $fqdn 'sudo reboot'
@ -25,7 +25,7 @@ done
if [ $reboot -eq 0 ]; then if [ $reboot -eq 0 ]; then
host=$1 host=$1
fqdn="$host.l.trux.dev" fqdn="$host.l.voltaicforge.com"
echo "$fqdn" echo "$fqdn"
nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host" nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
fi fi

76
flake.lock
View file

@ -1,27 +1,5 @@
{ {
"nodes": { "nodes": {
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1711973905,
"narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -38,25 +16,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -115,7 +77,7 @@
}, },
"nix-vscode-extensions": { "nix-vscode-extensions": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -216,7 +178,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"deploy-rs": "deploy-rs",
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
@ -262,39 +223,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

37
flake.nix
View file

@ -26,12 +26,6 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# deploy-rs - Remote deployment
# https://github.com/serokell/deploy-rs
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
# VSCode community extensions # VSCode community extensions
# https://github.com/nix-community/nix-vscode-extensions # https://github.com/nix-community/nix-vscode-extensions
@ -51,7 +45,6 @@
{ self { self
, nixpkgs , nixpkgs
, sops-nix , sops-nix
, deploy-rs
, home-manager , home-manager
, nix-vscode-extensions , nix-vscode-extensions
, ... , ...
@ -216,6 +209,7 @@
]; ];
profileModules = [ profileModules = [
./nixos/profiles/role-server.nix ./nixos/profiles/role-server.nix
./nixos/profiles/impermanence.nix
{ home-manager.users.truxnell = ./nixos/home/truxnell/server.nix; } { home-manager.users.truxnell = ./nixos/home/truxnell/server.nix; }
]; ];
}; };
@ -253,35 +247,6 @@
# images.rpi4 = nixosConfigurations.rpi4.config.system.build.sdImage; # images.rpi4 = nixosConfigurations.rpi4.config.system.build.sdImage;
# images.iso = nixosConfigurations.iso.config.system.build.isoImage; # images.iso = nixosConfigurations.iso.config.system.build.isoImage;
# deploy-rs
deploy.nodes =
let
mkDeployConfig = hostname: configuration: {
inherit hostname;
profiles.system =
let
inherit (configuration.config.nixpkgs.hostPlatform) system;
in
{
path = inputs.deploy-rs.lib."${system}".activate.nixos configuration;
sshUser = "truxnell";
user = "root";
sshOpts = [ "-t" ];
autoRollback = false;
magicRollback = true;
};
};
in
{
dns01 = mkDeployConfig "dns01" self.nixosConfigurations.dns01;
dns02 = mkDeployConfig "dns02" self.nixosConfigurations.dns02;
# dns02 = mkDeployConfig "dns02.natallan.com" self.nixosConfigurations.dns02;
};
# deploy-rs: This is highly advised, and will prevent many possible mistakes
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
# Convenience output that aggregates the outputs for home, nixos. # Convenience output that aggregates the outputs for home, nixos.
# Also used in ci to build targets generally. # Also used in ci to build targets generally.
top = top =

2
nixos/home/modules/programs/browsers/firefox/profile-default.nix
View file

@ -4,7 +4,7 @@
name = "default"; name = "default";
isDefault = true; isDefault = true;
settings = { settings = {
"browser.startup.homepage" = "https://search.trux.dev"; "browser.startup.homepage" = "https://homepage.trux.dev";
"browser.search.defaultenginename" = "whoogle"; "browser.search.defaultenginename" = "whoogle";
"browser.search.order.1" = "whoogle"; "browser.search.order.1" = "whoogle";
"browser.search.suggest.enabled.private" = false; "browser.search.suggest.enabled.private" = false;

1
nixos/home/modules/shell/default.nix
View file

@ -3,5 +3,6 @@
./fish ./fish
./starship ./starship
./wezterm ./wezterm
./git
]; ];
} }

77
nixos/home/modules/shell/git/default.nix Normal file
View file

@ -0,0 +1,77 @@
{ pkgs
, config
, lib
, ...
}:
let
cfg = config.myHome.shell.git;
inherit (pkgs.stdenv) isDarwin;
in
{
options.myHome.shell.git = {
enable = lib.mkEnableOption "git";
username = lib.mkOption {
type = lib.types.str;
};
email = lib.mkOption {
type = lib.types.str;
};
signingKey = lib.mkOption {
type = lib.types.str;
};
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
programs.gh.enable = true;
programs.gpg.enable = true;
programs.git = {
enable = true;
userName = cfg.username;
userEmail = cfg.email;
extraConfig = {
core = {
autocrlf = "input";
};
init = {
defaultBranch = "main";
};
pull = {
rebase = true;
};
rebase = {
autoStash = true;
};
};
aliases = {
co = "checkout";
};
ignores = [
# Mac OS X hidden files
".DS_Store"
# Windows files
"Thumbs.db"
# asdf
".tool-versions"
# Sops
".decrypted~*"
"*.decrypted.*"
# Python virtualenvs
".venv"
];
# signing = lib.mkIf (cfg.signingKey != "") {
# signByDefault = true;
# key = cfg.signingKey;
# };
};
home.packages = [
pkgs.git-filter-repo
pkgs.tig
];
})
];
}

21
nixos/home/truxnell/workstation.nix
View file

@ -6,9 +6,6 @@ with config;
]; ];
myHome.programs.firefox.enable = true; myHome.programs.firefox.enable = true;
myHome.shell.starship.enable = true;
myHome.shell.fish.enable = true;
myHome.shell.wezterm.enable = true;
myHome.security = { myHome.security = {
ssh = { ssh = {
@ -49,7 +46,6 @@ with config;
daedalus = { daedalus = {
hostname = "daedalus"; hostname = "daedalus";
user = "nat";
port = 22; port = 22;
identityFile = "~/.ssh/id_ed25519"; identityFile = "~/.ssh/id_ed25519";
}; };
@ -58,6 +54,23 @@ with config;
}; };
}; };
myHome.shell = {
starship.enable = true;
fish.enable = true;
wezterm.enable = true;
git = {
enable = true;
username = "truxnell";
email = "19149206+truxnell@users.noreply.github.com";
# signingKey = ""; # TODO setup signing keys n shit
};
};
home = { home = {

5
nixos/hosts/daedalus/default.nix
View file

@ -26,14 +26,11 @@
sabnzbd.enable = true; sabnzbd.enable = true;
qbittorrent.enable = true; qbittorrent.enable = true;
}; };
mySystem.nasFolder = "/tank/"; mySystem.nasFolder = "/tank";
mySystem.system = { mySystem.system = {
zfs.enable = true; zfs.enable = true;
zfs.mountPoolsAtBoot = [ "tank" ]; zfs.mountPoolsAtBoot = [ "tank" ];
# run impermanence
impermanence.enable = true;
}; };
mySystem.services.nfs.enable = true; mySystem.services.nfs.enable = true;

23
nixos/hosts/durandal/default.nix
View file

@ -6,24 +6,18 @@
, pkgs , pkgs
, ... , ...
}: { }: {
imports = [
];
mySystem.services = { mySystem.services = {
openssh.enable = true; openssh.enable = true;
podman.enable = true; podman.enable = true;
# traefik.enable = true; traefik.enable = true;
# homepage.enable = true;
# sonarr.enable = true; plex.enable = true;
# radarr.enable = true; tautulli.enable = true;
# lidarr.enable = true; syncthing.enable = true;
# readarr.enable = true;
# gatus.enable = true;
# sabnzbd.enable = true;
# qbittorrent.enable = true;
}; };
mySystem.nfs.nas.enable = true; mySystem.nfs.nas.enable = true;
mySystem.persistentFolder = "/persistent/nixos"; mySystem.persistentFolder = "/persistent/nixos";
@ -41,6 +35,7 @@
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
# why not ensure we can memtest workstatons easily? # why not ensure we can memtest workstatons easily?
# TODO check whether this is actually working, cant see it in grub?
grub.memtest86.enable = true; grub.memtest86.enable = true;
}; };
@ -64,6 +59,4 @@
swapDevices = swapDevices =
[{ device = "/dev/disk/by-uuid/0ae2765b-f3f4-4b1a-8ea6-599f37504d70"; }]; [{ device = "/dev/disk/by-uuid/0ae2765b-f3f4-4b1a-8ea6-599f37504d70"; }];
} }

5
nixos/modules/nixos/browser/default.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./firefox.nix
];
}

22
nixos/modules/nixos/browser/firefox.nix
View file

@ -1,22 +0,0 @@
{ lib
, config
, ...
}:
with lib;
let
cfg = config.mySystem.browser.firefox;
in
{
options.mySystem.browser.firefox.enable = mkEnableOption "Firefox";
config = mkIf cfg.enable {
programs.firefox = {
enable = true;
};
};
}

17
nixos/modules/nixos/containers/arr/lidarr/default.nix
View file

@ -10,7 +10,7 @@ let
user = "568"; #string user = "568"; #string
group = "568"; #string group = "568"; #string
port = 8686; #int port = 8686; #int
cfg = config.mySystem.services.sonarr; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; persistentFolder = "${config.mySystem.persistentFolder}/${app}";
in in
{ {
@ -41,15 +41,15 @@ in
dependsOn = [ "prowlarr" ]; dependsOn = [ "prowlarr" ];
environment = { environment = {
PUSHOVER_DEBUG = "false"; PUSHOVER_DEBUG = "false";
PUSHOVER_APP_URL = "${app}.${config.networking.domain}"; PUSHOVER_APP_URL = "${app}.${config.mySystem.domain}";
LIDARR__INSTANCE_NAME = "Lidarr"; LIDARR__INSTANCE_NAME = "Lidarr";
LIDARR__APPLICATION_URL = "https://${app}.${config.networking.domain}"; LIDARR__APPLICATION_URL = "https://${app}.${config.mySystem.domain}";
LIDARR__LOG_LEVEL = "info"; LIDARR__LOG_LEVEL = "info";
}; };
environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
volumes = [ volumes = [
"${persistentFolder}:/config:rw" "${persistentFolder}:/config:rw"
"${config.mySystem.nasFolder}natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = config.lib.mySystem.mkTraefikLabels {
@ -62,12 +62,13 @@ in
{ {
Lidarr = { Lidarr = {
icon = "${app}.png"; icon = "${app}.png";
href = "https://${app}.${config.networking.domain}"; href = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}";
description = "Music management"; description = "Music management";
container = "${app}"; container = "${app}";
widget = { widget = {
type = "${app}"; type = "${app}";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
key = "{{HOMEPAGE_VAR_LIDARR__API_KEY}}"; key = "{{HOMEPAGE_VAR_LIDARR__API_KEY}}";
}; };
}; };
@ -77,8 +78,8 @@ in
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app; name = app;
group = "arr"; group = "media";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
interval = "30s"; interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];

68
nixos/modules/nixos/containers/arr/lidarr/secrets.sops.yaml
View file

@ -1,6 +1,6 @@
services: services:
lidarr: lidarr:
env: ENC[AES256_GCM,data:lxWrT4S/irVLwthc75RUX3bM5JEHcsGup9sdJlUe3Utq4XJnBfcFE/tcdOdjGrQuSfRguOFnoAlFSAsQkl0SLUb1OodcfYylKhY7CMg1ZFcpl5vWZdq0Ot6/tEGxkUqeDZDRg2RNedotJ98nrPc=,iv:gmnwzagAiX4XCdsFy4Xp2n3FsgPUD017S8XL8qOhOjc=,tag:1343PXN07VjR9Jct1Pk+Ww==,type:str] env: ENC[AES256_GCM,data:CNeLt9d/2eZhiazlJXKJzr3oLRvtMRLCJbNQ3ZEapLj3DwswxkC8SH4003DCCyyw98eDNzcTTwFpeu26nAuCmChJqNbyaD7j9k87xGgr+k+OjYdzUfaW3kNnz0dh2Ip2ryg7XTws9q/2laWlqyY=,iv:H2VVi2j0JI8WhawPXQKdMoHCK3S6SH1N9fwRXsz+sAw=,tag:o9ZEB1Pxogere0/gV9uHZQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkcVZDNlJUZ2dJRWVEYnpU YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4N1p4aFNmbit6ODBacUVO
MU1ud2o2UEVxS21DZmd1QnZjcHpLMjlpUVVBCkY2VktEdkM2OElTdS8xUkovclBh bUh1Sk1oQWZwaUF0RW5UVTN5b1RHdnRjRXhVCm95cndpQjdmdGRTd1gxV3ZVS3NF
QzduZ1A1VitaTDFjeFZ3SElOYUV5amcKLS0tIHNBQXYyd1Z0TFI0QkcrVC9FQWdx WUxrY1FyNkpKb0MzS0d0bjJvVFdVazQKLS0tIElPN0JqMkUvbmM0aWxVOFY3TkZh
WXVvMjU4eU5QZCsxU25QZStBTWhZQWcKv6Mgm2Y2SzrtuzkH7Z43by6T8ROxCgus dDRjb1l1dHcwNXpqY3YwVHdRR3FTYTQKlklHK/ARZQvcDBFa/am6aza1NdUl1mmP
QaEukJv1ut6ISvYusApAJvKDaF5KofSR8zMNHcUZqtYKP4TppB7Qnw== bvP437PbtoSTZJNQCcRE1tv+3i4xC+OPVmuE7e5BJ/BBdHGSdyziPA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtR3EwWFpDbHFNMXJOSUkx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuLy9zY216TDBaTmdDcnJo
SG5rV0JRcWNLT1RnYnBzTFIvRmorSVZMZGxnClRvK0JWaGQzdDY0eEFEV3RMbXRP NWR0QzRXb3NyaDdHVExsSnJ4NlFKc1lMUnh3CjM2VGpBdjNMY3RJOGVMS054Z3Ji
ZGhkWGpPVHRhc3RULzlJME5qSkU3SXcKLS0tIFpCYThyV3pGcUtYcktzSGQ5WU5v elJPMzV3ZHA2anZUbmpXaDhoMnE3WjgKLS0tIFZndDQvcWhlVDM3U1piZnhOQzBu
Q2hqUlBkU2ZITDV3SFgyTDd3WC92TlkKbS6OxsGcP4v2U1t83ucQ0zUUVbgT35sg bGpPemtXY1Z6NXNjc29JMDNBOG5Kc2cKcavrDAWBVmzjY7kO4PFve7oP/mSkrtLN
C5KGUS+2+W6J850hzjvd8aYTxx1fBrC6KrWGgqhLUDYfhmHUP0evAA== by6Y4jFH6ndySi5dZlPX+GeyVhlgOtV3CXIcojtVFSVSY4x6DxUARw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVFNTUldORnN2V3RLRUdT YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0cktRZHlHMjFPa2x1QTJW
VEpobWdISDBHTzI3WXgxd1JaOWJsaXRCQ1ZFCit4UFdmS1N4cTFnYUVIbTN5NDhs Y1RPS0lVRTQ3MmhRNW1zaEhxTkFzVWtIcFVrCkRFWHpTMU15bkFib1lHWkFJMGJ1
WDJhS1JxZlloSDR5aW1sQ1lZZjkyYmMKLS0tIG5IdjVOWkpEMytmUWRYbjlRZkxo TStXaWN6eE9tU2RvNmNpMnQyWkdaM3MKLS0tIHhhQjBtd1FLcHlOV1Q1NG12MFlI
ZDNQTCtucS81UXVXYm1BZWZzaVFCR1kKjfx36fR7lTBAa/NNn6NhIVKmzmfpZ4il T2hpS1hYWnJUaUE3ZGFzVzFza0tjSEEKhnpYBWngmgWQfn756hmclB3oeEyFye70
sxh0ISEEjqCBo04WvidZmxPK2w21Pbkvj/yZ0n+sjY+FBIBBo4GH3g== Kd4PdabjMOECpMWAuFbPe/4tZW7K4Y/wqylQ+Z2oz3TkcLxrm6S+zQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4KzdtYTgremIzVS9RMFdZ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6RmlSZHI5byszTkducW9l
Z0MxRHM5eG9HSjZaNzhOdGZoY3Q2THcrWGk0CldIbk04anRGakNaS0tmSDUzd3Mx aUk4cTY4dWhILytpb0c3SElBTnZvdTBIT3pVCkxZYUJzb09DQzNCK2QzYno1bmR4
WHlvOHF4SmIzTUxmRktYb2hqcVhrUUkKLS0tIDdKSTdienRncXFTZHlZYlRJMkN6 ajFVL3V1WkdUN3MzRGxaNHRVQUVZbTQKLS0tIGU2TWdtSXBpRTB4N0t3YzR4ZVhi
N0xTdkJKNzdJNG9JQW5HTU45UkQrSWcKgW99UNgbs3CdMj8rmtLxRa4IRlx5VwYy NHc1Q0dmWXJLYlFpOXdJVS9NY0FuVHcKjdqOjcj9lO/cAjAR9IC8MHhWwsZLASEW
yNbHvTnl41DJRdv7kn7e05pFJ7Y3WeYH0XfozKw+Tk3pct7h7hGOBQ== dLXvW2Uq9yemF+X/lVh5FcWdZH9/GzaRVSIF7dtJquMD7QPie9tUzg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVMXJmRFlxc2VqMnhCVU1U YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTHhDU2ZCK3EyWkdBQ3Mx
THhVSG9QS3RKRmxXRE9VL3pUOFBYd2VrbVFnClZGdFZnOXBjazcwQ2QrcTNWT1lV MmZzT1B5Ukt2QkhVOVorQVdnTHI3MnRwTENrClgwWXg3cHpocDAwcGJNRnJXajY4
OGxkM1pVVDV3UEVjM3krcWpGN1cyeVUKLS0tIDU5Mi9ock05YUMvOGFXdUNpQWUv b3QvcUZia1JZc0d2VUJnOC9Pamw1WTgKLS0tIE04dDEwVUREVkFpaGZPU3U0NHRL
RjlsTWJueG5tL1dxUEgvYVVVUHhjM1kKcHay9WYhxOY9BHDAd5logzzMmGzMuW16 cG15eUk4TDJPZ2VwYUlweEVWS09yWUEKygFWuuYw7T30P83Ds6dJo6yU5UkcTGl0
Njz2FcsymdZ+YBFhQ0oyAk1v7oYpu2JrMwP5MI5E75/PgGsbQgm3uw== w04upLLxzCTZW141ACNS1s2ydTrs/tfFvzgmP/Hm8AoBrfBbSgVObA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGWVcwN0g2UHRnUlNuNEl2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MHl6N2pPdUMzUzV6YVY3
M2FhTW1aQVNuMkQ3eWpVY0VHMFhrQUZGc1hVCmlqSjljWThkeVhPUnZVbmVEN3hx TzB4UmRFc3hmSk1MQURUakZReExZMVZLd1VFCmN6MWxHVFFJcEgvdFFYZ2lsRllD
RDJteC8zWTdDVkRaM2xEMUVROUxkTlkKLS0tIGQyZDIrdmtLWnZQN0ZXTDhQWEVG Rkd4ZjVMdXlmYll1cXVWdS9SRXNWZ1kKLS0tIGxodVM3Q3c3K1p0UVBLa2Vpc3FP
ZzI4ZGNYME1IL295NTNDYnF5eUJVNWcKHtkBcI9hycZbL3FJmZS5VH1Ig8yhbvk7 ZXZscmZZN0VRdlVqdnlSWkx4WHMzOHMKbixVd4tn+cmwDp0Fw2/05Q+k0VxLqeqn
lvZEAbNpObvFiG3pNyuOSJ2oMMT0bOEGAnBUER/rx8S1s8GDONONBw== E7PSrCkdxnW5x8fJO9JUKsXeisif2AqCNOXQTuH5PXN43QWEsfKdng==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T11:56:37Z"
mac: ENC[AES256_GCM,data:Dl5La9KOKdZHMx5xtdgpJTOD0t7Tt3YoUq4i7y7yjGV5ylVkHRXIg3thaADIBcCgu4sVcJjGz46fqyDbezcSoaWgZBu+dpJEpY4VMBjIIygn12Nj0Dwhc8ILImnIH9vQydCc2hukdM80eZfKgeDjq4oBjLtZqhiENoP6EnWh6fY=,iv:JY62wTyhAzlTQgCi0WtWFb1hUCjJZ3VMtcIWanNyQlY=,tag:5jAmHLV69B5CkVXIJVKrgA==,type:str] mac: ENC[AES256_GCM,data:9HRLNEt7he7qoSTHCi0wAHkuzLoAg0JOFbr4syvomYy5TAIH1PzVgX9AUrZCz90pUBQdHx+JDbnsfjP3EcVNwxdABHAlF6GzA1RsfVne4nRr2W9rFeQtREGPuNH8imTMitxEo2C+42tnLr4oYneawNZ2EHrBKlQRhIcxQCylQWg=,iv:kmnE66eFBI7ggNYfknktB06tVwn82y/9Y4NGrUqpAMQ=,tag:8U1IiM0ofEnRHSy6Zz6W5g==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

15
nixos/modules/nixos/containers/arr/prowlarr/default.nix
View file

@ -10,7 +10,7 @@ let
user = "568"; #string user = "568"; #string
group = "568"; #string group = "568"; #string
port = 9696; #int port = 9696; #int
cfg = config.mySystem.services.sonarr; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; persistentFolder = "${config.mySystem.persistentFolder}/${app}";
in in
{ {
@ -40,9 +40,9 @@ in
user = "${user}:${group}"; user = "${user}:${group}";
environment = { environment = {
PUSHOVER_DEBUG = "false"; PUSHOVER_DEBUG = "false";
PUSHOVER_APP_URL = "${app}.${config.networking.domain}"; PUSHOVER_APP_URL = "${app}.${config.mySystem.domain}";
PROWLARR__INSTANCE_NAME = "Prowlarr"; PROWLARR__INSTANCE_NAME = "Prowlarr";
PROWLARR__APPLICATION_URL = "https://${app}.${config.networking.domain}"; PROWLARR__APPLICATION_URL = "https://${app}.${config.mySystem.domain}";
PROWLARR__LOG_LEVEL = "info"; PROWLARR__LOG_LEVEL = "info";
}; };
environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
@ -61,12 +61,13 @@ in
{ {
Prowlarr = { Prowlarr = {
icon = "${app}.png"; icon = "${app}.png";
href = "https://${app}.${config.networking.domain}"; href = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}";
description = "Content locator"; description = "Content locator";
container = "${app}"; container = "${app}";
widget = { widget = {
type = "${app}"; type = "${app}";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
key = "{{HOMEPAGE_VAR_PROWLARR__API_KEY}}"; key = "{{HOMEPAGE_VAR_PROWLARR__API_KEY}}";
}; };
}; };
@ -76,8 +77,8 @@ in
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app; name = app;
group = "arr"; group = "media";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
interval = "30s"; interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];

68
nixos/modules/nixos/containers/arr/prowlarr/secrets.sops.yaml
View file

@ -1,6 +1,6 @@
services: services:
prowlarr: prowlarr:
env: ENC[AES256_GCM,data:hUd/39VQBX5mrtVVBE9pB/10FysJflAPgbVbSZpsw8DFXj3yoHxjJX6SAzRIz6K1iHD4kLTLjlO2jQ/L/C95byuLqNhgUHuGpdMQNJvkye3apJSwnCxE4wv2oNnB9cJXF81K8efvP0cqBNhBMfNUwNYa,iv:UCk6Z7oVY40c7hF5gJ8xR21jgxV5n6MIIAD3YZ9r6KU=,tag:EfCCHmJ+IqA82JEhIAzQBA==,type:str] env: ENC[AES256_GCM,data:tosSq3uaBG3aWTf2HjIbYDwwgi4HcbRjZ+yU5udmgueraBcdgGkbzftziFOXaMJAsXQTuWl1xBRMYf7/oLKQFpS6ZsqyV8jpCOY4aDCb9g7AiNmBiqzYEoCNhorARX2o0CHDwUruU5TxSanx/ahT3GVU,iv:VY9n7WgNHyQDUfhgcjcx50w/5dJSdh94WPhnjHumCT8=,tag:JRArtemWaxiEweBS4MQpDw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoTUdVOUc3R01XREtPODN6 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WVRlOGV6QVdtYXRxenN4
YmpHbS9wRlZsaG1nSi9uRkVXNTc3cE9NR0hzClNXSVQvSW5KU3pkSHROU2JhK1VE dmI2LzVYNEZSdnBDWmdYbXlJcVQzdlYrQ0ZrCmRiUlZnVXdLOTZXNEV6ODdQM1p3
NXVIWTljYnJueG9udzBmcUJEZDNnSmMKLS0tIG12VW16dkxrQmRYOEkyNFBCWitH dWxCL2VhdjcrSHdwT3kvbWR3cHVaSE0KLS0tIDdEbzY3TmFJSWJKSmtaZ3dzc2dL
d1VnTHVjTm9VK3pzY2FzMkptMjk3VE0K9Wz2lmxhe1MdJ+7Z/bIDsgxHNkHGDVB0 TG5sU29veFBObjZackhtcE5WczI5eDgKpUFMN37YWaUbpu6kuNr25CkJvI3O1CNe
eM1fRSOWBdmZJvd7UxJ79LTgymgiRjP/gDGUAtIuLMaAHkChIbN8Ww== jmcJQOW5QwSbIZbmk6U3TvELBvz766RlK66heE5KGx10Li9AJBXaEA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MjR1azhEcnhqaGVtazBJ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SkYxd3RRcHJlTE9Sb2Ry
eHNwN2lYZ2VRRVJESkZyaDJ4TEV3eEc0cHo0CkxLL3ZpeFUwd0dIY2JKemNlcWFq VXJtVDB1RTN3ZnNPV05FQ2RCSTZPT0xUdWtzCmRaMWhsVjBFNTlZcGtpWi91RDM4
a1o5a3F3RFVSSEQ1UWc0K09QWXg0aE0KLS0tIDdJb05aTjZNQ0czWlhNQnRmdXVy dlZIcDl4NVFUOElPY293aUg5NE1BaVUKLS0tIDlnMGhkdXV3S1dMS1F3NDBha05K
S1o4STZydVNZbzFwSm9kUjhpcHRFUEkKdmKu/jDfBgwhMDKY1sfz9bKjaqhu/1Eg QStGQlgvT2JuZzk1eFQ1MEhRd2RCUWsKJ4Rbbye9WKsMfmsFSrzKp4EsCc46/CQB
uYqLGaf9TCxOnYSTtdSQH+Q0usU0IV/DcrPNJZsJbkRpXpJLIz11/A== X6AqxkIi/fvwy9ZWrqDzLZn2iq4O2Zt8g6wEYaUDudxEWlR1C4JGcQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbGpqbDdZcWdlbVYwOXBm YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVVzFFRkExbkw2c3JqVHcy
VzdDQ3JIRGNEQm45TjV2OEZCZjVlUm9uT1JjClBtb1ZCOWNNbnlVekIxREtKRnRi ZUl0azlTeC9JTkNMdGdPamVVbVZBZ2tOcHdZClpQcVdISUlEcUE1UEtrVlpISlNx
V1hDK0R6QncxMGdmVGh0eHB0ZEJNbTAKLS0tIHVrbXRjVnJhUkNNYnIvYmg1Y25H RytnSEFua2h1Yy9rRkFxNkJldHBDNm8KLS0tIENKcE9vZHJUek5jdkUrSmVDSzlF
dzQ5SjYvUHA0bTNJS1NkbXlUK2tDYXMKx4u7Elq6jjqSR84PBnXNwqyKJCETv6f9 M05MN2RQajhPR1oyaTM2YWRLWm1LcmsK3m970XSRhwIbMaSjd2OnH7Wm+qVkI0qA
Bn06vcCHuzApT8SGuvm4+v34IbZmUwFK930aZiMkSnjDn1LLF7DqcQ== 5HhJ0EsGCQIDVrSFCnCV85mcgUlglCnRaSu0tWL7lH/qIvzNOG1YUQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZVVWU3lRSnRvbmdoTll0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0WFVmWXgyZGpseXVIK2FV
c0tYZkdKYTI3eFZSSTRuUlhPT2lHQTFYRDJVCmdUeTJvZWlIdXRqdjNBVXhWL21r bTZuSFdXTUNET290UGRDZ2d2OWZ1WGZXeFM4CnRNNHc5eWtSWnNvMHBEMnBXTll4
WHFmdDVuRnN5S0tzcmYvT1h1Vm9qUjAKLS0tIDBJRTNVaG11WFo4OWRGYzVya1Vn NDhrL1NrNFRXR0dlYXdYWjliaVVsVkEKLS0tIE5yUVE1dFQ2bzBSYnZiNzRmNjk5
VElmRlVDRVdLNGVvVXRhNGkxY1VhQncKo3zk7GuHxOzDg1eYKkCLRSvulQ0PmNff ZmNrNjJFWDVYT0M5Nms4aFAzd3E0SUUKL5cKrLsmk9zZGCmPhlo9LTH+dZicq2GQ
HrJfk6a4CprFKKdhv0EPIu7u/ggBsOyWpmHRoN0+0IzMgkXU4Sjthw== /lcvE5Zr7H9QfaAfXIjgc4g5DLvCbxq0tQxzbUdg0mtCuhIUXpTSsg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNys4ejR1WHZwdjdCa2ZM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbnMrS3FZUWsrOFNhU3R2
VCtmS1ptWUVwNlgzVEs0c3RkTTBVbnJRNTI0CkhIVHZVeXhJdGtmM05yTEFhdVdl bGtnMjVzRXpxWVRUb2NqQm9YRlJPS0hyY1hzCjc5Vk5iMXZNcFpZdWxMM21qNmI0
TDNDc3FYa2pmY1hVd0ZrSDBiT0g4M3cKLS0tIGJuOUZIZCtUbkZYZGFyTzZheTZp UzhWSTYyZ1BuOVdjQVFBUU9BNCtrQnMKLS0tIGtFdFlObDdYSkRpUkdTaS93eGM5
QjdZS0IzYXl6d01xS1ZTR0xLRi8rSkEK19L6i+KSc9rnZ+pF2BKfIrp1zeipyNNy eUJldE5jRURQUmM5Ykd2eXJXbExxdDgKQUOwrK0wbhqXMTEtV4FUMZdHsXaXf8kT
VGcwyh+YD2K1S9KAgCffvr1zJ0Vwf/Ttc4/pqiSTnYIUJeBHNx/s4A== lzhAovOKimF2Q47Zr58QFnJTAk7HBGoZ4sBEAa9dfvG6jRg4B3NVkQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ZE85THN3MDF3Um5TckU1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1M2FqSkpKZkZ1QW9UYXNQ
SHJlaDc5eWRTUGROU3krcmorbkZmTEFBcXhJCjRFNTNOVXIxMW8vQjZEY1U1OE5C enVIdzlldXVJZXVWdVRmMEpkWHpVOHlObURZCk9xTWh5MVl5UjJxZnplMC9lN1Qw
ZS9lUFNkNVhHaHYybTc2YjdpaWxIaFkKLS0tIE1lZ1MvdG90aVd2aE5PUXZrSFps cDJ3ZDBsWWN2R2xWR09NU3VFT3hueUUKLS0tIHhmMGNBWkRZNGQ1TitIbG1ZVFJF
cmpuTEp1U1BoTjJ1NnVtcTNlQ0FaS0EKDtNAMdObm+nK0WQ1BtQllguTkzchIIZ7 ZXFacDJYeUdjbUk2QjhuWVV1dEpNdk0KU+zEg4KPciFx+H8/W2ajrlLPHL+WX2fL
99kkhXumgi/qsri19ZSXsz9GhDliISNHW2oo4ClCwJg2Wk3wWIRUow== q0ULbEBieZ0SrCqrnRl/XR1ZxKi5RlJJKKIIfOjEDryy6AtlEU+3SQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T11:56:37Z"
mac: ENC[AES256_GCM,data:nxW6oesMxMTUEy492qiSW6A3D7xZHo2YaIaJ3WZCk7Pr9bPPzGQnJmkYeiANiIOJNPdeguMZrBJ69Ng6wObBzn4YQc/noLItuMOPzJscpg/p7obPdG9ijMpl3/HIcY1HVdV0skJsXW8l3LvcCE6Ynx/jxbbxzXtyEV8Pm5KU6oc=,iv:l0nE1E/xjmk5fzqYyCzgmZMaSdfGbKbZ3XkXBW1FeTs=,tag:HHqtBv3rFOzXqvb/IsOl5g==,type:str] mac: ENC[AES256_GCM,data:m3pQR6lC0DzLOi6ZFK9DPWfjKnROPcFXdlukUP7f/udjLhqWeZSl9HDs7d+xS+o/MdSeoV7BnMs6NcMhzXHz5//AB1pG0eNxxO0mALZKRqjEcs4ZRrnTeYb7TPOVLpGh+nDCe+RzJ81xqM2cDXC+ajZlnJpZ5XLalxGBu/vXupg=,iv:ZW2yiNKrm2TwZVqhR6vtAuc0/Dy2mPSN8z6ey8dcpJ4=,tag:DzxtOSRMUP5LDMEvJavy0w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

17
nixos/modules/nixos/containers/arr/radarr/default.nix
View file

@ -10,7 +10,7 @@ let
user = "568"; #string user = "568"; #string
group = "568"; #string group = "568"; #string
port = 7878; #int port = 7878; #int
cfg = config.mySystem.services.sonarr; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; persistentFolder = "${config.mySystem.persistentFolder}/${app}";
in in
{ {
@ -41,15 +41,15 @@ in
dependsOn = [ "prowlarr" ]; dependsOn = [ "prowlarr" ];
environment = { environment = {
PUSHOVER_DEBUG = "false"; PUSHOVER_DEBUG = "false";
PUSHOVER_APP_URL = "${app}.${config.networking.domain}"; PUSHOVER_APP_URL = "${app}.${config.mySystem.domain}";
RADARR__INSTANCE_NAME = "Radarr"; RADARR__INSTANCE_NAME = "Radarr";
RADARR__APPLICATION_URL = "https://${app}.${config.networking.domain}"; RADARR__APPLICATION_URL = "https://${app}.${config.mySystem.domain}";
RADARR__LOG_LEVEL = "info"; RADARR__LOG_LEVEL = "info";
}; };
environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
volumes = [ volumes = [
"${persistentFolder}:/config:rw" "${persistentFolder}:/config:rw"
"${config.mySystem.nasFolder}natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = config.lib.mySystem.mkTraefikLabels {
@ -62,12 +62,13 @@ in
{ {
Radarr = { Radarr = {
icon = "${app}.png"; icon = "${app}.png";
href = "https://${app}.${config.networking.domain}"; href = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}";
description = "Movie management"; description = "Movie management";
container = "${app}"; container = "${app}";
widget = { widget = {
type = "${app}"; type = "${app}";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
key = "{{HOMEPAGE_VAR_RADARR__API_KEY}}"; key = "{{HOMEPAGE_VAR_RADARR__API_KEY}}";
}; };
}; };
@ -77,8 +78,8 @@ in
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app; name = app;
group = "arr"; group = "media";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
interval = "30s"; interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];

68
nixos/modules/nixos/containers/arr/radarr/secrets.sops.yaml
View file

@ -1,6 +1,6 @@
services: services:
radarr: radarr:
env: ENC[AES256_GCM,data:ukUND0l3OVMVD2ChJhzGXwzeM2fCgxkEVygfXdRkWo0XH2QZB5FlYSqx+AasTAXcqOaaH96YrAIQWeYQADrXP2mmSBG3e2V7ZFOyADN89MSEkwr4XtSdTEBl2l4v49geN6mhkHI67Wm/kdV3Vpnj8ViOTnwXIgaRgTc+r9Jp0pyg1WXdZqdU8jOtPNbniCzfRemcxLM5MBIF5Wd5bBrHW8/+yj42/1xL18iO6bgpN9k1tenq7/60ajgDXD00AiAMYKtyCDtJEqvaKiAF/1yf,iv:e/Bb4ztBM/cSnouFxgxQy5iVkRYnOwaz1bYdDKA6ySQ=,tag:UcAGRhEI6Gep+V4L+YjdMw==,type:str] env: ENC[AES256_GCM,data:xNR1zU9Il+jeL2uuKtiMxQV3IHDZ6uAAOnP8/odiQIlysPpcKMrP23z6iKSeUgLha+WtYYk61FmtR9gr5QcLl6WK1EWcyVfiw7ndbZgczWUr1irGCNAGGbKcyqoohUFg9aPcOUBz4MQOpdPK9gc4Uk2QAAB63HxcZxfLDQCHc9M/U6Tm8Mu81x0DtFa6gzAGeAPjeydofrY8/ZnMIkAIVxuCKOw9N6pFSCeF6YS4YsGGC0pcXSyRelnF30SuJewLm1NmE6ub0e7+FW+0Y5nO,iv:XzoK7NaQjmi/8smaJTyWLAoUENVG4DRkYL12Bb09AT8=,tag:jFAHyoSjrp1CBSG0SDlADA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwN1ZCTHkrRkRzY2FvMEFB YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSkhzTTg5MTgxMS9pbm1q
TnhuRFdFckY2UVJBWGxEOEE3T05SOXlRaENZCnpPbGc1aG9vQ1Z2emlSY29rYVNJ cTdERTJwU281YXF0N0NQNmIwMWw3T05ZMHpnCmttbmcwdjEzNVVXZGN3WXNwcll2
c0xkUWRuK0tBelkvOUpvRi8vbERGTWsKLS0tIFQ2Wmh1ZzRmdElBbEo0S0NrQWNM bUxmRlhIbnJ4aDNFM3Y0ekVReFNuTWcKLS0tIEdCSDI4MzY2b3d0M055d2lMN0kw
MG1LMEJSTzBzcDlPYlhTOVhJY29mb1UKU6F0gaSPshJJ/7s5E8nFcX8sznmNGAAO NzEwbkJTd0d1WWxvUHFNUTNiMVVhSDQKvq54ESh7DU/VGOu4Oe9D1esq+mbVOeKy
U7e2YoImKOteHOTCp4mCIDvJMbTWAls7LeElkVTZrdG8Cd0qFQLbZQ== 7xcX7vU4cI1dqMBRciigwfV/45Aq/fhcZWDY+gv77claD18BgjXZjw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArYUJycWowckorWDI5TW9W YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsamdmNnpaTjdUdklxNlhm
WVNuaFJrbHRqUUp2MG1MWFcxMFRIc0lmTzFVCnZ6N2RpRWphaTN1dk1iU2xYYWh3 U3BEVVJJZWxlQ0hUQlAxVmV6MnNUaWpaTVhVCk5PL24vcUsxeVM2aGtxZ3JlN2VN
VUhmLzlkVWxJNzNpc0dPRTNRMmZaU2cKLS0tIHkwdHlYQ1hDRzlxUGVlYmZZOWZO STF5VW5aeTRrbHFGNDFXeGE5akx6LzAKLS0tIGRzbXVvTUs5ak0zd0Ewd2JYM21u
M05EYmU4SDU3YlR4Y1FNTjNrNSt3d1UKjOYnX6tAYGV1FIQ1KhsxlpP3G4iGKvzQ cjFRTjFVNzFyZzI1Ti9kK1E1U01zcTQK7a5HVOPOQ6dEjjc6fLIiR0gPBQp2sl65
B856D24XmztXROWxLekQRqG2zA/tfBnRzyeNnnPf0k///4lPFBfhRA== bZnjLPl4OW1C1vQisk2c+jw8setNdtHZ1cNEX/Tpp5jMRvG6wfFdDQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OHZjNFBxNHJPaXRxMGpt YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTU0JWZlV0WnptcWk0V2tW
SS8yUDI2RUJraGRXV1hpMzRMc0ZnUEJrN0hvCkNOMENQbXlJd1JxNytFT0FpS3NB RGp4NXU0TlVrcThnY1ovcnFCT0tFYk5qWVI4CmxPWVdNd2pjNndKQzlpVjdzRndU
VXNUd2NSWTBFbmhuaVcyTXFWWU1SQlkKLS0tIG4wTGlxeEx5SlN6NEhjbm9ma3R6 VC9GRFkxK1dZakc4VWJTK3dhNFI1dWsKLS0tIEVKQkxmK3BCcVlCTExxaytWc3p4
MWNGdlFvZkg0OTl6M2pOb3RyTEQ0ZDgKVJ161HNXY9dh6bTIlf/G093ZJNUuDFIW ZWJWaWlQUE5panE2UExRdk5VTXFLVTQK7b+YCdLJfBuDGjdTT3+jBrt/UtLgqopl
inXia0GDh06Vq3V6f9Lt4DW+a9HZdoIT8NaAOcNmc+8a0F1h/5jZxw== Eyu8qA1vcANG/nHyWNIsv9ogXXPns5tx/EjHoDWFtmK+xYb35elahQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMejVkNTZGaDF5NVMybVRE YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYT2ljZ0l4ZXNKQnNvcExW
RE5WNDFoKzRURjdMbHBHSXNsajJiQW90MlRRCmpyaE1MQVFGM3pDSDU3Q3lPQ1BV dWxnaURiTWx4Ykt6M0VueVRLREh0NEkrR3k4ClYxR3F3a3hDazV6ZWpYZ3lZUmJY
QjVRVk5rcUVFb3pqdmVPMitRUXFDWlEKLS0tIElKV05IQnRVbFE2TnI1OGxOcENE OFZBeFc0YXBvWUU4TVBPWjR3WDM4NTgKLS0tIFJUTzNmZXBPbFhZZG10cWNQK2pW
bzZpZjJtdDJpWWVCcUZ1YVoxalFDMlUKnhnYyirfgIhVZBnYN8PnXY3eRm5eDWn7 ZVBpZmFMeGswNUVOa1k1WVdmeFdrVW8KXjm74fFrEhWTP81MVpGxT8DOPGdfldFV
NMnsvahaQfplfIzY7nf3LV1y4s4eptnpmpPrygn52Y1TNiC8neF3vg== 6AmRLlon/j4LFfhHEa+mMQyRBQ4Yf3ddA1ZGkMENpmYaZANEMK27VQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SElkOTdpRWN6TnkyQWJt YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMzViTnhNSVpuNGRQUmZI
dHBBSkVYeWRERXlPZWxwT0lhRzcwd3FrR0FZCk5NRmg2T1dZZEtOcjk3QytnUWF2 ZmVicEIzb3VEYU12K1JFWC9lTlh2NzEyVUZjCk9qQUFmSm5od1pKQ1hOMEZ1dzV5
T3JJR3lHV01reDZPZ2xtY2RKYnNDTWcKLS0tIFNHZEhHblU5aDBJUGlBMXhGQktz U1BxcDB2RjFndTBKV1BxWWRqbHZYVjAKLS0tIE0rMDJuMWFzQzRUL3Q5aHB3WDI4
QjRST1RQVWNZZ25nM0p6Q0FzQ3o3bzAKQqKRumMEIggkkzcPfuRfDkfRqbkLLbok b1JJOFNxYVBPdHc5Q0FvYTBYdG1pQ2MKClJdJIeOlCsZbV5crlNWb0ibIRo4jgb1
9DDYqxWQDuEDa3wDm3n13uoN0iwVzdDIUj2V2i5xgNyQgFFyEvT4xA== x2qfjH4kcyyxueYaYQmVAsJwus+mF5DphQH6GLyEBWhecWU7hd13+A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYWlJSVBCTEVVVXB4SVJS YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Z2ttbFphWEJOZGlXbTAx
NVl2ZXp4b2ZxeDFKRk43ZEMzL2FQOTZBd2swCll0Tlc4OEJUWENWUDh6THhHYWtj ejAvSW5RQ0ZtZnY2R3hZcFQ1dEpZVjlabFZrCnVCZzMzSlpJcmhLVUNaRXdZUDRq
S0RzdEtQemF6TkVCSUZJaFVGZVg3T2cKLS0tIGRqclN4YXJNNG9SY09TOHhmWWc3 OEhqbkRxT1lvN3l3K0VuZ01aeEZBTGsKLS0tIEszd0ZjbGxJc3BJYVdIeDVCSnFC
Z3RQZ000Lytoa2lwUnN6SVB3UngyNGsKnF7qVwcmVJmJhY8GfW3yrC9QEu/V0/wv S1lZN3NiQlZYclVQeHBheFpnS0dHNlkKnm38ebqxyazFs2f3R+Z9JxBDi05fMmgL
eHruyTb3CfUqJ9rrhhQ0uOUCZ3YHZjg0rMfOjj6bsZPjGL3kH0OeWQ== 7zt4SrK5puEz6Tps+Uzxc3tIw72s3IKjiolJ5NTLggVDxJC5RTHK6w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T11:56:37Z"
mac: ENC[AES256_GCM,data:1GVohNu9Mz+6v7QHjAvsq8QVYaHnjdmWAG/CpMU8Xg5e/4MJr0N21jh92M8/09hZ7quv0Tvh9KfD/O0j4cssuYcZpCGZPrKSZ5D4NVTYN6bI4oVGgiloPtMR06g1TLJBOmov+fdwGtU5JPf0J8HjbUx/63ZLBB9o6CjRWK7C3Ns=,iv:lxn7ZCH6YWcccZ6Rs7d/hEV/rhDkmGVMb12W27zgN58=,tag:LejroHBhmmHL9NPMHa+y+w==,type:str] mac: ENC[AES256_GCM,data:eBU8ATyScttrDfc8M17qCGrNVNxpfnW+u2f3JTiuKl79+KgVLF958K7BUiYGZ3J+BrmWHsV8YeAso6hjHS/3JLJJyRGlMeQ+ywJxglnj87TKVitqRMk0Kx+BVE24SjGxJ97/IsDUhBmLVxphv49aeiaHtPAPQ97+OfFKwFOaHwQ=,iv:0KvN1Xc25QQd9/v7apuM22Dyr5VRCwiP7eRTPi6Jrcs=,tag:lyiiNPo/Y9+RWiBzV3RmMg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

15
nixos/modules/nixos/containers/arr/readarr/default.nix
View file

@ -10,7 +10,7 @@ let
user = "568"; #string user = "568"; #string
group = "568"; #string group = "568"; #string
port = 8787; #int port = 8787; #int
cfg = config.mySystem.services.sonarr; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; persistentFolder = "${config.mySystem.persistentFolder}/${app}";
in in
{ {
@ -42,13 +42,13 @@ in
environment = { environment = {
TZ = "${config.time.timeZone}"; TZ = "${config.time.timeZone}";
READARR__INSTANCE_NAME = "Lidarr"; READARR__INSTANCE_NAME = "Lidarr";
READARR__APPLICATION_URL = "https://${app}.${config.networking.domain}"; READARR__APPLICATION_URL = "https://${app}.${config.mySystem.domain}";
READARR__LOG_LEVEL = "info"; READARR__LOG_LEVEL = "info";
}; };
environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
volumes = [ volumes = [
"${persistentFolder}:/config:rw" "${persistentFolder}:/config:rw"
"${config.mySystem.nasFolder}natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = config.lib.mySystem.mkTraefikLabels {
@ -61,12 +61,13 @@ in
{ {
Readar = { Readar = {
icon = "${app}.png"; icon = "${app}.png";
href = "https://${app}.${config.networking.domain}"; href = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}";
description = "Book management"; description = "Book management";
container = "${app}"; container = "${app}";
widget = { widget = {
type = "${app}"; type = "${app}";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
key = "{{HOMEPAGE_VAR_READARR__API_KEY}}"; key = "{{HOMEPAGE_VAR_READARR__API_KEY}}";
}; };
}; };
@ -76,8 +77,8 @@ in
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app; name = app;
group = "arr"; group = "media";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
interval = "30s"; interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];

68
nixos/modules/nixos/containers/arr/readarr/secrets.sops.yaml
View file

@ -1,6 +1,6 @@
services: services:
readarr: readarr:
env: ENC[AES256_GCM,data:E+p2naBJFyYW3FsuwT9pi+w/o/s7Kf6LCN5v2fiz9cMxWHTR4X9WYrqPhYPrWFoVxc2xyYZgNQWH7+g1Oncy6tWcHVN2AWiVzNXAH+zKkiWjRGbhLkxiAJXct3BUXtB+x9YP+TVDAsXkE3SbIR1KwQ==,iv:/qsVs0cI7Z5oFzVBvlvmirMBF5jWqqqPOlHn4XGqz8Y=,tag:4Yixp4lN7dDdtvMOo/Os9g==,type:str] env: ENC[AES256_GCM,data:YrtC84SDPVC/pWrKeg1kmA5T3QKOqxt+y9x0rnYC0pErta9v8xGU+pgC1jVZfqh4Dp81tRohhmQBMC9KZz4bmmn/5YsAHAB8Y4xJSwm/kZ3LNjVRuZ+PmvEh2ggfwvs2nFDRbMx/TLETbSZ9t6NGtg==,iv:ZwvHaREcEkFSXyL+VBDFFKgZZwg7+utMs8qZex7pzHU=,tag:+3GdLnxxo63XxvMQ3UwK+A==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VklCdjREc3R4MFdDVTFp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTd1pGYXZCeG9RTm9pTmhC
ZllReFdrOXdWQXUrdVd6SGVuRDEzMkNIZlUwCnQ0MWFHbVlaV2xvNFRKajZJbzAr dVc4MHYvZE9leHF3L1JwS3ZwVXRaY1VZOEE4CmVVeW04TWRNVXFFbmNFMkZvMEEv
ZEFLM2V5THcveXh6R1hmL1lDWi9wbEUKLS0tIDU4cmJMZTdIYmZmOHZ0eC9wUWc2 ZUdLUmZjSXppeG9zT2xjWGlMVTVISlkKLS0tIDh3YXk2MzQyMnozbkdXQmx0NmpZ
emRVT0JXU25hUzdQY0Vna2xFQ0tpZ3cKr+pvCb1xnyBfE4FcCNwHvcVkNJTmmOsB ZTlicGQ3WlhkTk81dHlhUUhNNGl2bEUKziPthUL3m69WSsKwAblDeQff3kyoUOp6
jaD7VxiZy/p4WRndex4VVHpJ+qFJs8bPyCCT8a618du4ZGv1Y/xX8w== 3e8h1C/+rAx7LZIlQaMvBKFy2IiAb2bb47tb7L3k3BLx38FP2g7a2g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneS8zSXJRTHdmY3ZzcXZT YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZUoyeTFycXZuZTJnblJY
OTlCQXRvN2FONWphcGYzWlhlbzg2YkJ4R1g0ClkwSGJ6QU1JbEtZUC9xQzdBMGEy cDNxUk5YWWVMRHlHUXZPYmdVUmNvS0tadlN3CmlFbjNuU2t3OENySmNqenlLSnlD
VmNZT3NJRERpV1I1Ym5DL2NYQXhKVjAKLS0tIGVGZEYzQmg3YVdRL0x5TDBsbEYr ZnRNZnJnN052eHJUNzYwbG5SWTZTWU0KLS0tIFd2bk54RWV4TzVheXRyekpreElR
ekpvaytPeFBoSEJJL0pMN1pybFFDVlUKb5pQPix1Q0c/7VTPFeinRy+l8WqJpyzb YmVoVVM1T1Zwb0hOVzVpemwvOTY2WE0KjfJ8ertgqaFEEN6lgWNOVTv2UdL2/+uD
ueep961qEfS4jtesoNvHGdS3Vf+yq6ucfcryJ14vvRFks+OlrVhUNg== 5W68LANkIHbVNuY6IFE6HEeBUww7BfshW/D3NjJ9/GHMdVyO0MFs3A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXSmxEQXpYaXA3aHJ6ZDBx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dTFNSUVQRmpaL1FrSFkr
YXpBOXBBMlFDQzU2c3FCQmNIQStRMHdiY1dnCkNTSDVwTm9QRkhmWDZ0clBuNjdq cXQzRFAvcUNsSUIyT2piZHJyR25hMTYwQ3hnCjdFbjFvNlBFSkVzMXdJd2U5ZE1s
b0tJYXU1ZEZyaUlqOVNiRTVJQjdVeGsKLS0tICtjdFVVakp4NTU2ZEpGWlF6Rll1 U2srMktJSnVVQjVDZnpFYUtKL2QwR3MKLS0tIEd5eUlJbnB6NmJvcXh2ODY5cGhk
QzV3OTQveU9XenhDZ2FWSUdrZlRpeDgK/u5xjNdLQNjZnOEd4o60loTIuEr71vak VlBldU5pRXdiK0NwYWtPOThOYllyQmsK/onUlwfcxSA1uj7UeO0Al5SDrOnlnY+q
MxXpg/2G115YSY1p6o4N8uy0GN3Shh2quTLYjkUm1PPAzvbE8arkpA== A/8BRBjvc4NZbmQRqQFL1jAbnjWGKkr8nga68+Po41o5HGK7bQLjLA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4WWM0ZDhKeC9CKy9tNzA0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2d3V1RUVjNTRzUm1scTAx
UmdhSHBJcVhudDBpZncwMzB6WWt5TyttMkR3CmQ2Mm1tOWFoZkNXc0hMYmJRMW93 aE81TUtFZkJxK1kvelY5UzFDdm4yY3RDNVRJCmNnZmpyWkNMZXNUNlZNenFtVzAz
UzB5ZXZCb2pzM2NQVW4xQ2xoOVdDTVUKLS0tIHpIajZsb1kzVmRVN3JjN1p0YTVS b0tSVnBmMEhzQ1ZCeVFlZE45aFpsVHcKLS0tIDBLYXBrblpwUDZHdXBkU05WeUM0
K3AzSWx6QUI5Rk9uQTBmZEI2NEhHdDQKAlE/XMS0NKCZXORSWcPcknoFGWjq7pBf S0R5dWM1Z21vVDdYZTVPdzZybGdKNDQKKMGfvicyhJLtRljF8+2aN7B05lOQdVue
BjEbBX5Q8hOW0thpw1gythyxav213cHj7xzuwCer+k04/OcKzF/F2w== 9fbkdQqmyjlDBzgcpXlWYEiFXAGQw47QursiRgi5IWNrPIYUsNUGVg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOam5UZ2VweGw5OG92L2hK YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnazdub1l5SHZrakNJem1Y
dlk0b09TcnZvK0RHUmd5Zkd1TVVYLzM2Tm1VCldWNEVMWnJnM0xNZG0yOU5oTTcz R2Y4dUdLYUNYekZUaTF6UGp0NThSRStRdEM0CmtZajZkaURXSXdwQ0xyYVBxMGox
MGRmQW1DdUZmWStUNHFhdk1DNzMyVjQKLS0tIFJ6czFVN2VjNHZxVmI5eStOUmcr Wm8reDU0SklpQVlwN0FVUWphUU41Rm8KLS0tIEFvem1QckhSLzdZUzFYU1lkeU52
WjVIU3JLdWg1clZXbng5TndXd0lwQ0kKil4CF12Gnb5BQFxcH+QWPfHwabHDSdaI bHEvamFnRm1hQzhWVzc2NlpMdDZjamsKHw2l5wMqtMHgOlDa40+3RWMrFrC1I23i
bC2LpzoLZRlkZZwmmL2tLosaSBHqFzPMA3BR1dotRnQtMF0El0MnaA== rXFmm5x6BR1xfHFfor5rJK2CrIEhgWoRLSqcj4CN2lv1CQ9Q3CZchw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOTF1TEEwTDFZYTRIUDJ2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMWZDOTdvY3ZtVWIxYXEw
cHpieUN3eXN5b0ovVnJOUThUWEwxMnNBelM4CkExei9GaEgxNUd6V1lDdTRRbzRC YlFwcjA2ay9ySDRuRmFuOURUQ2lOUlA5SGhRClZhY3FCZENHWkFNeDBIeEw1M21N
M21MQ2p2MnBBSXRPU25WSGJESWgrU1kKLS0tIFg2YnQwS3YvRnh1SkNJQ3NUd0NW QS9OcmhSVzhTZmdvZG83aWZqRkZUQXMKLS0tIE04elFzaWlTYlBBNDJIcXg4b2hy
VDA1TjVZWVhHakJCdHM0dXRVTUdKaEUKMYzg0tMqXOds30d+GF1JCb1J26DOghYb UENsWnZLZXZwUlZkOElHazM0aHJvNHMKtc3HGsZ6jmAZEapTWNGCfUmSpjpH7bIl
P58AMxqVAG2IAtVFFrye2RRUlAfa5t7vzilpWUWZqRPYXvaDVoOE3w== dClmX+63ZVOL++SrUMRh9gZJF4utXzFbwgJsh8WrVpbg1SNplA+tKA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T11:56:37Z"
mac: ENC[AES256_GCM,data:GeVWlsIrfEoJtANhgAvhLGsbpYCQSrE3/2V30/wTUjoywdO23Su+0vcmQEBbppH/ArGCVA4WwnExNd/jfORXffGDdJL9336pHVvlJ+n4QTYNx97lbwu2IAgixM//qof45Ob3OOvThfffAyeENcAANrBNb5eIPFYV1uurbhAEixA=,iv:NWzQaAO5/aCcMNwiQxpB0/2Hw74aqSzZrO/6JyRvWKY=,tag:I5nLIZI8se0hCjaQzB47sg==,type:str] mac: ENC[AES256_GCM,data:etgC8IZtH6YGGhbDoGK3tKjbrtIyu9mYwXRMDygCVK0uJfrktW8I7OJwKa2PAHLDzG6ffIQRJdgDNFIgVobK5hFx2MgY1mR4dwopmClovBD6H2OvXT8IdzVjAUW5xJY7rk9L9tmeackKp+sWnAxlfVtZ8rWl+i5vBYxm08UrHv4=,iv:ITUc8sDSyP/uYUSyC+B4pEjlxJ7gheTk2Wk7ibmuIyw=,tag:khG/fPxlCl/ru68iBAZntA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

15
nixos/modules/nixos/containers/arr/sonarr/default.nix
View file

@ -43,15 +43,15 @@ in
environment = { environment = {
TZ = "${config.time.timeZone}"; TZ = "${config.time.timeZone}";
PUSHOVER_DEBUG = "false"; PUSHOVER_DEBUG = "false";
PUSHOVER_APP_URL = "${app}.${config.networking.domain}"; PUSHOVER_APP_URL = "${app}.${config.mySystem.domain}";
SONARR__INSTANCE_NAME = "Radarr"; SONARR__INSTANCE_NAME = "Radarr";
SONARR__APPLICATION_URL = "https://${app}.${config.networking.domain}"; SONARR__APPLICATION_URL = "https://${app}.${config.mySystem.domain}";
SONARR__LOG_LEVEL = "info"; SONARR__LOG_LEVEL = "info";
}; };
environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
volumes = [ volumes = [
"${persistentFolder}:${containerPersistentFolder}:rw" "${persistentFolder}:${containerPersistentFolder}:rw"
"${config.mySystem.nasFolder}natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = config.lib.mySystem.mkTraefikLabels {
@ -64,12 +64,13 @@ in
{ {
Sonarr = { Sonarr = {
icon = "${app}.png"; icon = "${app}.png";
href = "https://${app}.${config.networking.domain}"; href = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}";
description = "TV show management"; description = "TV show management";
container = "${app}"; container = "${app}";
widget = { widget = {
type = "${app}"; type = "${app}";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
key = "{{HOMEPAGE_VAR_SONARR__API_KEY}}"; key = "{{HOMEPAGE_VAR_SONARR__API_KEY}}";
}; };
}; };
@ -79,8 +80,8 @@ in
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app; name = app;
group = "arr"; group = "media";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
interval = "30s"; interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];

68
nixos/modules/nixos/containers/arr/sonarr/secrets.sops.yaml
View file

@ -1,6 +1,6 @@
services: services:
sonarr: sonarr:
env: ENC[AES256_GCM,data:kfTyr1nndHNK60uADWYhS5bMr8U2MolgdHGM72t4wWhjIRL3OHFF6zwFtAU7nbOHw3hroa9v9zjzFRSAoHNpzqOE9Gdj4zIKzU3FpxulRyhUzI983zZkN20aZCVJYTdPm0KwJP1+bLdaaJKMqhYePM17mSMCxAJPEY9vLeEI+C1OwIdr8V6XJ5RCD54PuzCsBNjX19vhFjADJLasDUAT3IZCt72zhPNp59rJPlKMLyKPwbPiILHJmP5ly3ZmldaZ3iz4I/+c4HCy36qBQ9xh,iv:4AauiPFfgtFMvf9g0mTMpSOD/78eN7qL0OL2fu4J8aM=,tag:nLw2hgQndHUKdZEzoaNkGg==,type:str] env: ENC[AES256_GCM,data:oMGIe0t1e23S1W/7XbarR/fb53VB9AnUFHOl/RVy6tQxLanVgnvupexvWzwgCAHV5RTvbqm4leOw/ho/PUoCsh9HKgTNgzZnsDctoaXxnZ/r+z2uzl4VNWhpPW6WIBMHA2tkK+93972hNWrxhttmNAC/iIn7dymByWrqCIFt6BE4uQwDmetb4pgwlbPDkF/qfrZlcrAESQhJht73jk1TuRCP1oTnZFCY8O1mqiwVbdt43d/wXG+lQ0TmrPQ5LafNbnx2meL6BZbwZzMDPYEP,iv:e8+AfvHozU8V0yu0nD9foriv3ButNPuKUWJ6m2L322o=,tag:ElYdWzj5VLgWZyeLpjXGLg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Y2g3K2t6b3BQUzh0NUFP YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWTFZWFNZTWRxMm5qRmRk
eUg5aENGcnRsZlJBd0s3NDlzdlV2WEZ4NndNCnBKeldSVTdVYUNYd0EySkVYb1I0 MXNmSEJnZEZSWHpBTjk5ZU1Ld3pQUGNFVGhBCk9PMWdlbm1adGE5UXo0NERqT2c3
S2JFUTBZcUdHQXZWYk5TYWhxUGhnOVEKLS0tIGFQcDlCN1VqMk1tbHdNdk1yR3ha V0ZpN2FIYzBkSEVXQ2lyUitoUkphczAKLS0tIDBsTXFBMDY5YldLLy9iaTFvbVFD
REd0R2RLSld6dVZCVGsrTWNLRE1XTGcKYlqyo1Hu6Bs22mAVQCNZoKLOZGX9tl3b MU02RVF2dXRFcElhM3JVeFJKK2tTTWcKb2WurFhZ0ANk+iyyMVjk26Ldo25cO2cH
VjpYta/cVokokWIP7xA9fL1zBEbOiFMBz+wNE+x1OT10VH0GllKrGw== DMfkmK5NEy7iKrZZdNYQR8gBkO1GgQfI1Wm4JPaLc0vIBT9CXVDlLg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWmM4aGJzNDdVRjJlZGYv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRitPYkxWOHJ1WkFRbndv
S2dSMGFnMzFrbTU1NnhySDMrU2hhWk0wMjJzCmJVZVJIYVhVUy84eXg1Znp6U1Zk NklNS0JZaXJEQ2ZkOG9SUzlySFR3ZFVvWUZVCnFXY1czNURBY3hINllEWVJpNXA2
V2ljd3VVc29hTmhHczM5MkFhS2pMTXcKLS0tIFNqanBSQksrenJTNHlKRGhyeWtE RHp0VlYzN2ZlMkNnMmhPOXlPNCtpQ1kKLS0tIGg5cU5Nc2k2bEtOSmx1NmhJWVVD
aXRQRlNuYjNKSGVwRzJ5cGdRV2wvSjgKtg3q7su7I0E2bBIhr3tRrsnPTm1yYRHX dmtjSWxjN0xRYWtNbzhUQ0FNaFVpTFEKM9wSMsEYgJErzO79L6YOXfZpGnd57Xcy
5lRDuoz9kvcgBxzCtyWZSFwXfHQfdoFcz2D+u4SjyNH3ELpwo/Gkmg== jxrwzFhZ9AVVtPjGmyozYWY3uGlMzJtxDCNNRV7BbK4m+AsjtYJ9fQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXemxCWmVUcFRTbnloS1RN YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaldmZW0zQkZkNG1sTzFp
RUJGaExmSHVWVjl5K2VPTUVHdzZvNUVwd1hBCmpyb3E5QnhsaHlyZGRFVVluUVhG UTRUMEtwRCsxdGZFbmdiUWdVVjNsd2F0WUJJCjFRNnBVcU1GWTQ2NGFheHkvZytC
WE5UdGoxRzVkTFRXZ2hzNThDNUtZY3cKLS0tIEtkL3l0WW9abG5rMjJUbjlRSVpa TkgwVm4rWlN1NklIeS9YTGh1dXNQVnMKLS0tIGZ2UlNXWUM5cnVLaWxDNXdzSE1P
ZUtwZ2dML2ZocWJvMERUbWJhVk1kK1EKzu8syOj2Wrage1MDSv3bXDaYMqZkCP2G TTVEanZuVyt6SkE2RWRQOEprbi9mVk0Kjrh4oB+EfFVDx4CW3h3be61X+RNDrZ8O
cRW02byav6dHdsrGHRiLpLEbRUP3QXf/P1QuZGQvnF6p4mgZ/FHfGg== IDNFRznHaYUM757C16GMLx3We/pAinPvDlZd1eDBj8kpHGGMjIU+Ew==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1VWd5dnUzbmdueEUzdzAz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQ29URGpEUHRJb1NzbitL
R1lsTmNMd3BSSCt1MDZpYldvNVI1OWhqZ1ZvCkhWY1FJSzNlMFoxVnFLVTE5blVM MGFFUFJLQjhxQWtoMXRIRnlkZUpmRkhERnhrCjFqNnRwc3VoZEIxZlh0UG1UaDI2
UXNtWU5LN3FiOUI2aDJuMS9VQ0NSZFkKLS0tIDZmZzkyTjJqdWRjcUlXQXRBY1N2 M0pFSzdLcmI1MU5NcVpRdEx0c01kaTAKLS0tIGZSRXdDZUtNRXhjbHJtSTNJRkxh
b1dBUlcydVA5Y0tNaU0rcGFTMW1Hb0kKwNHD4G+k7o84TjvjTDCoSS5N8D5AU2Kg SGJOR0E5N3NkZFhuMkd5L05veUx5Ym8KEVUDZCs151SwCfDC7b9vb/xK++/TftWK
TUeYt03ZRILHd7f+9Q3ko0RC+oUnYBHVPYl1YQOlJhvLib3lxTL4xQ== 9FdCeNNEMEpTOuX8Z2Osmh003aoMpCk61VOYPBVUMrf43oSQFSb+mA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNXRzT2ZHd2tYTmZWVWJ6 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YW83VGI5WXNhOGg4S0hF
KzMvQU0veXpnTEgxMGV6Nm1EUDg5V0VsaWh3CmJNTE9uZDZISnlqdm4waHRGVGcx eGk4c0o1R1ZEc2dwcjJqNFdQVEFQN2JGNmxjCmJQUkRFcmY0cWVLV3R5NzBKaGlJ
TTA4Y1VjL29wQzFpWjdBS3pYRmdWNXMKLS0tIEVwMFJGdVhBZFZEM0xTVWVZTjZW b2Z5QW5RSXlpR0g1M2gzYk80THQwSm8KLS0tIEtHc0VFTWVKSlVWV2xTLytVNWlo
K0xQSWdlbmwveGlMbW1NN2tVelkvMjQKndZZ4Bw6c93Lp/IjL6mpdQ0vQFamNeZN blBoaFdETkw5T2R0S1RQN2RFZmgyK2MKz7PDVFyumWboD3OgPQgmPSR9dk4xQi3V
6Xpte6FefJefauux7rtPBod7mA477zmLxGcXwlQDYLxTFilzxNLzhw== ivvJsiV6eb0rv2T9kp3Zs3Zfbj4G4o/GhBrTNka7SkqsNPV2h3c7Kw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuMzczVnZMVHZDS2x4RUR3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMGxWR1Z3MmQrZWQ4aVlJ
cG5CWHNLa2lFRFc3UVc3Q3dXcmc0UnJFb1M0CnpsOXcyMXBXQkwycHZ4dVZRa0Ns QmVtZkwzbXRxckVDRnN4TGd6em51MXRzYmlRCkx6OVczMTBwZklXSkhxbFdHR1Bs
Zzc5MXpwVmxWTkNzWGtBYUd1LzZGemsKLS0tIHZHYi9ucys5VHh1SzIrbVRKcU1v OVFlMTB3REY3N3pEU0FqTSt1TUp3U1kKLS0tIFFiK2dxSVd1OHVqcEdWMDNIUGZm
R1BkQWZocitWNFFienNDeklVOW8zelUKi4JyarjoWZIOf5yFDG4LrKCs2BcnfhHD dDlCa1Z0Sm1Yeko0Qm00R012NzdobVEKOwMKLmb5khE1oh+Gr22UxeGrV7nDWSrC
iLo+h3PVWMaqEQUqkW5DwyOtxeAd/wkCoe0Q0cNyohxxSponsQ4k3Q== 7WJy9NFYrfZpRveRAoIDJoZsQjsGE41J5e7oRguocmmz6K1oLazxwQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T11:56:37Z"
mac: ENC[AES256_GCM,data:1iCI435tp39RXAL+rHrOKYHZFLGXRWJ1RN9m0AhTuQV3HbqKTl4RS1qrs3tEBM9T660QfoxMLxcBDPpyJW6vqogKu1BfGKH2KtDBtCvVaPdnZewS6aJLfn4n9cMWBbhbHrdl+zP/X54eZtWhveuSs2y3dz/B3lT9Fz2Gb2dnXxU=,iv:X/fp7H5rh4UGbfYLBJB24/dSFQrvpApTt4DqGpJJxiQ=,tag:4i17h5kdVmLWLXhUGpL93g==,type:str] mac: ENC[AES256_GCM,data:qUGaCVWO8S6XHkm/bnwi7ICZsVdKyLHV2HF0BmuBci0qaINuP6316TB81Fsi362acXnd1kAQLWtpT6OVg4/sTQw7gXO6K6Hu4VhtpDf56MrTqvfkzbro3en24mrEtGqaPm4AE90TjbWQcgo1TVfPOuxmYBKvlEsBWB+GRwGWweI=,iv:Exqcdd0HhLG3Rb2+Wz5qhafPnJbjRPJBwTGd+iyGUag=,tag:aQzhUOz+XUIV5BYuxHViPw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

2
nixos/modules/nixos/containers/default.nix
View file

@ -5,5 +5,7 @@
./gatus ./gatus
./sabnzbd ./sabnzbd
./qbittorrent ./qbittorrent
./plex
./tautulli
]; ];
} }

34
nixos/modules/nixos/containers/gatus/default.nix
View file

@ -17,7 +17,7 @@ let
{ {
name = "firewall"; name = "firewall";
group = "servers"; group = "servers";
url = "icmp://unifi.l.trux.dev"; url = "icmp://unifi.${config.mySystem.internalDomain}";
interval = "30s"; interval = "30s";
alerts = [{ type = "pushover"; }]; alerts = [{ type = "pushover"; }];
conditions = [ "[CONNECTED] == true" ]; conditions = [ "[CONNECTED] == true" ];
@ -25,7 +25,7 @@ let
{ {
name = "pikvm"; name = "pikvm";
group = "servers"; group = "servers";
url = "icmp://pikvm.l.trux.dev"; url = "icmp://pikvm.${config.mySystem.internalDomain}";
interval = "30s"; interval = "30s";
alerts = [{ type = "pushover"; }]; alerts = [{ type = "pushover"; }];
conditions = [ "[CONNECTED] == true" ]; conditions = [ "[CONNECTED] == true" ];
@ -33,7 +33,7 @@ let
{ {
name = "octoprint"; name = "octoprint";
group = "servers"; group = "servers";
url = "icmp://prusa.l.trux.dev"; url = "icmp://prusa.${config.mySystem.internalDomain}";
interval = "30s"; interval = "30s";
alerts = [{ type = "pushover"; }]; alerts = [{ type = "pushover"; }];
conditions = [ "[CONNECTED] == true" ]; conditions = [ "[CONNECTED] == true" ];
@ -41,7 +41,7 @@ let
{ {
name = "icarus"; name = "icarus";
group = "k8s"; group = "k8s";
url = "icmp://icarus.l.trux.dev"; url = "icmp://icarus.${config.mySystem.internalDomain}";
interval = "30s"; interval = "30s";
alerts = [{ type = "pushover"; }]; alerts = [{ type = "pushover"; }];
conditions = [ "[CONNECTED] == true" ]; conditions = [ "[CONNECTED] == true" ];
@ -49,7 +49,7 @@ let
{ {
name = "xerxes"; name = "xerxes";
group = "k8s"; group = "k8s";
url = "icmp://xerxes.l.trux.dev"; url = "icmp://xerxes.${config.mySystem.internalDomain}";
interval = "30s"; interval = "30s";
alerts = [{ type = "pushover"; }]; alerts = [{ type = "pushover"; }];
conditions = [ "[CONNECTED] == true" ]; conditions = [ "[CONNECTED] == true" ];
@ -57,7 +57,7 @@ let
{ {
name = "shodan"; name = "shodan";
group = "k8s"; group = "k8s";
url = "icmp://shodan.l.trux.dev"; url = "icmp://shodan.${config.mySystem.internalDomain}";
interval = "30s"; interval = "30s";
alerts = [{ type = "pushover"; }]; alerts = [{ type = "pushover"; }];
conditions = [ "[CONNECTED] == true" ]; conditions = [ "[CONNECTED] == true" ];
@ -66,7 +66,7 @@ let
{ {
name = "daedalus"; name = "daedalus";
group = "servers"; group = "servers";
url = "icmp://daedalus.l.trux.dev"; url = "icmp://daedalus.${config.mySystem.internalDomain}";
interval = "30s"; interval = "30s";
alerts = [{ type = "pushover"; }]; alerts = [{ type = "pushover"; }];
conditions = [ "[CONNECTED] == true" ]; conditions = [ "[CONNECTED] == true" ];
@ -74,7 +74,7 @@ let
{ {
name = "dns01 external dns"; name = "dns01 external dns";
group = "dns"; group = "dns";
url = "dns01.l.trux.dev"; url = "dns01.${config.mySystem.internalDomain}";
dns = { dns = {
query-name = "cloudflare.com"; query-name = "cloudflare.com";
query-type = "A"; query-type = "A";
@ -86,7 +86,7 @@ let
{ {
name = "dns02 external dns"; name = "dns02 external dns";
group = "dns"; group = "dns";
url = "dns02.l.trux.dev"; url = "dns02.${config.mySystem.internalDomain}";
dns = { dns = {
query-name = "cloudflare.com"; query-name = "cloudflare.com";
query-type = "A"; query-type = "A";
@ -98,9 +98,9 @@ let
{ {
name = "dns01 internal dns"; name = "dns01 internal dns";
group = "dns"; group = "dns";
url = "dns01.l.trux.dev"; url = "dns01.${config.mySystem.internalDomain}";
dns = { dns = {
query-name = "unifi.l.trux.dev"; query-name = "unifi.${config.mySystem.internalDomain}";
query-type = "A"; query-type = "A";
}; };
interval = "30s"; interval = "30s";
@ -110,9 +110,9 @@ let
{ {
name = "dns02 internal dns"; name = "dns02 internal dns";
group = "dns"; group = "dns";
url = "dns02.l.trux.dev"; url = "dns02.${config.mySystem.internalDomain}";
dns = { dns = {
query-name = "unifi.l.trux.dev"; query-name = "unifi.${config.mySystem.internalDomain}";
query-type = "A"; query-type = "A";
}; };
interval = "30s"; interval = "30s";
@ -122,7 +122,7 @@ let
{ {
name = "dns01 split DNS"; name = "dns01 split DNS";
group = "dns"; group = "dns";
url = "dns01.l.trux.dev"; url = "dns01.${config.mySystem.internalDomain}";
dns = { dns = {
query-name = "${app}.trux.dev"; query-name = "${app}.trux.dev";
query-type = "A"; query-type = "A";
@ -134,7 +134,7 @@ let
{ {
name = "dns02 split DNS"; name = "dns02 split DNS";
group = "dns"; group = "dns";
url = "dns02.l.trux.dev"; url = "dns02.${config.mySystem.internalDomain}";
dns = { dns = {
query-name = "${app}.trux.dev"; query-name = "${app}.trux.dev";
query-type = "A"; query-type = "A";
@ -216,12 +216,12 @@ in
{ {
"Gatus Internal" = { "Gatus Internal" = {
icon = "${app}.png"; icon = "${app}.png";
href = "https://${app}.${config.networking.domain}"; href = "https://${app}.${config.mySystem.domain}";
description = "Internal Infrastructure Monitoring"; description = "Internal Infrastructure Monitoring";
container = "${app}"; container = "${app}";
widget = { widget = {
type = "${app}"; type = "${app}";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
}; };
}; };
} }

68
nixos/modules/nixos/containers/gatus/secrets.sops.yaml
View file

@ -1,6 +1,6 @@
services: services:
gatus: gatus:
env: ENC[AES256_GCM,data:eMGiI7GIWa4nPbT/mb08KvaOC64krGnzHlR6zR5PVBocLsD2mlKGhPzRHXJYdfubuhs/aUn8ML1PyKc6CxZOk3N/Fg4m20cT8OuWJzid5Z0u7kDh4JFI3CO2lKwTTtyQu5by,iv:ffeXqvCH0jLe68q+zjAd4nuVglkSPeBDLVg67EYROwg=,tag:SFwvCcEbzxN+hpuKGTXNoQ==,type:str] env: ENC[AES256_GCM,data:77RkFJ6MfTxdVu2QbKHLvIRHxB18oUKJ/Jq0bxHKCAZkbQ0DqJ+npjTchX9aAHp54oROApBQklk3Rf4E7Wjn04BirxI1yh42I9AgfoRphlLB6JFAhWPmsRZIMWUjjLdA81gH,iv:odRx/Ht6Nku7WSakECHEbjZbRtLiT1HtLCv8LkLbDWg=,tag:ZFL1u/Kg3+TdGOpby40Ndw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0V0xPSnVpcGNTNEkwcTFu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCL096VEdTdzE3ZnpTU1M2
c0pTUGFlQ0s2cjYyT0IwdHpPOTREQ2paSlJJCllMRW9lVm83dVZkWDlTNXBlNmtV NngxUEY5d0FNd1cwR0VrN1E3eWJmOEVEOWtVCjNOQUErL2NvOERJR0x5NVFYcHJH
TDQxcmI5YkNEeTlJOGt5d0o1NDVSdDAKLS0tIGFPeVllRU1RMkRiVGtaZWtGNFlG ekdVNVc5TnIrQ0E2OFI3K3VIdFo0RWMKLS0tIGtEcFBWQ29KbmkyRng0bXovUTB6
SnFuaUxJWll4KzNaRlo0Q3EyMjRLWTQKzl7TRHQwyKi1YMjJZ/EUeioWP3UONAtJ NWJBdDJYU2JjU2Y2KzZPaERyZE1HdEUKHOJMtRFmWNTzwr/j7cxL6E8BnaZk75Dr
1lkNGggPSQ/rlpoxg4lNvoiCnzQKhoEikJExCVWCLQFmsTNCCzEQug== RYW+8oGT905PMP0jh6dFKuUIsxAuCGQXZUfnUXlbCBUJjYIjeCNGOQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNDlSbmY3RzMvS3FlclN4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ck00a0xwOER3SmZ6OTM5
VlBGN2twazgxaGNrWUc3c0RwM215djhoVUZ3CkNRVkhwUWdObzBtaXJEbDZrdDV3 WGEwVjZ6ZUJhUit6SU1KTmtqak9uTHJDT2xRCjcrMHlvRkw3SGMyNE50WXRjcUtw
YTRld1pOU3VZQm5GMTBKYStNYUhWNVEKLS0tIGNBbklXVUhmaHdVOUlMRU1kL2VE bldUSUdTZlhRUGVPQ1FaTWFva015RmcKLS0tIERrd0F5eVBMYllYS3BCZkt3bW1v
YUVXRzgwL3NESE1RRCtpM3BFT2R3OUUKITmM4vr/kbbaZS1AayK3SL0lVpylQDwz VFlYQVp5cURqWXV2ZmczWFF2UlpYKzQKWlw1CxLh2LwA9z92ZVbkZPhJuleUZHdN
5cU3F+Ykgo86A4RqouSm3grd2PoOnXCpzxRDGP+MLiQK6j+Z8+HXOg== hOfpFEfd/nP2Mh22NW41ZN1X5nT6hG+0N5LANmjzGoRUCS7pYaPTGw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2WGZ6RzFxREtTb2VubVl4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVR3U1OTJncTgvcVdrUSs1
bVlyWW12RDE1dFRqcmFuSmdMemxQWTY5YkNrCmlQYm85YmJQalVVSDNXTGw1cjBZ VDBBaHpUU283QVFRZVNhMHJEUDZYaUZTTlNzCnFyMHYvbGwzb2VmL2Y1dnREdEpl
ZlVEemQ1TTR4dE94Z0NVTzd6YXB0bFUKLS0tIHBPd000M1ZTaW52RFArNHYvNzRm Z0ZkbGwzTUpoWEVQaTlPMnNFN3ArNkUKLS0tIGxtSS81TVF1SVVHcCtVZHhES015
eVZxRkNRcWIvbzFvWUVCcHVQZC9KWXMKQROjso1zSegkmz0G1KMDBSLDwMuYmwBG YVBza2hzM1ZaVjFIbWhoOW9QRVZEamcKImmazw+OsTpec1pJMrmHlSS6R3MBFDPc
rOBnQGjVeXzFi5pxDO+imE1BkbR2Z0xftWVPooB9/ZfAYbNd3ZZ96A== j6I/7AKS0mdspo9T/csjLVQWTXYgCe2x0gHhqY6I4997Dagqc8SaHw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycFdxSEtERHEyQTcrRjha YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEMTUrQXJpWVQ0OGpkS21p
c0hEMy91TW1ZUFJ2SHhJVTh1aS9Wd3FtWTE4Cm5kcVhwZno4MFB6eHJoNDV2YU9m eWVURUJGbkE2SStmbE5oSE02Tll6YXl4ekFjClNjTGtMNWFkdzh2TXlndEl2ZjZG
SWJaSTlMNkJVSnN0VTdOUk9NSGNtVmcKLS0tIEM3UVVIUEhXRTNBUkJEMzdaY0Uv K21KOFRCdUJHMml2TlVHUXU5cnVpUGsKLS0tIHE4NS9ob2JoREU5QU4xYkN0c3BY
WFV3UkRRV3NnL1hGUzR5c1dXRVlneDgKfrRxl/eAx8gdBlujm/KwVGlElJWZOELe YXBQeXNnWVEzaGF0WjNKaWhmK2dtTVkKoSxBOjZmZeucQrHob3wEr69L7535zN/N
nEsEu7g2ECOaIjiZo45sn8GcmQUwbetA8U2xoGsvO9kcnEs4cvbG2A== rpZqBmmTnLPuD0+fuYhLVbsRVp3cEULepRfltpQuutEJbhDAhWpTKg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxOVZCcVRwU2JhR3k2all5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBazAyNmswaTdnclNpMDkz
a3hoWlY2Q1NwdTVwQ2tHUWk3NUhuWEdlMFRFClVKTzNCSHpuM1VwQlJjU1ZFSUw4 c1BDTFQyTFNiYlpPVU1zR05DaEQ0U2tDVXpFCkttdFNSL292eDErbzJ3VFZEUHhm
NzJMWVhRQTErQ0hzcEgrVlR5T0QyK3MKLS0tIDhSN2FQSzYyOG4reGFuOXFiK0R1 THRJWWhadW95VTFxZmtsQVl1d1RiUzQKLS0tIHNrQW5WVWF0TlFvN3JJM01PT0dl
Y0hpOE8wTlZlZnlBZDZBTnVtQWUwSVkKOmQTv5OdFAYXFmOzSWpcRtjDnQ/8XbfF dUxBa3FuM3JFMlVMa3Nobkh0bjFBQjAK+WhiuurDU3OwT+kuWJ/+kZOdIYwjsjgn
eEDsEOshSVtvW8SYUsxMwQxlQfwuJkASGQfqhY/HJ06+B1yNqReiaQ== DkcUNWEt6IP8CKWJws6RoqlkH1cO+6JsKd/LWMwI14UhzaQI7zms8A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEVUh6ci9iYURmZzNDV01h YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucWtiUkhlVTBDRHQrYWlV
L205QnpKVW1jdm1rZm1OWjZIUTNSRkRvdmo0CkIyOXBrbkY4b00rT2xqM3I2RDc4 elcxeFJ2Y2Vxd0tTUERCaVRvQUZCaTU1U0FjCngrZ2sza0NzNWFZNkk1Vnc5VTJY
a05JbERwTGYvV29yTC9ST3VYeTZiN3MKLS0tIHl5Rm9Kamd2Nk10SkNXZ0ZtbWRw WjF4MU1jcHorc09IdDFlU0FRT3hhUnMKLS0tIEUrYU9aTkcwTVhCbmQ1Unp4eEpU
My96ajRqRmtIZ3A5d1ZOUFVVVEhuSHcKUpLC/u4V2+gsYkkOyWJIqZoAgSf9YDDG R2RkZnZaNTBPTWJMdjlTSjhCK0tuMU0KsSsbacU86FneM4NHNYxd6YEBvOW2Pcmm
PzBbnTNmyFzH51rY/NJqJtLvkC+iFFKpIyc/6ujW757DTDT34nGR8A== dzIaD9ZlQGQEEwqTFFHmXI1pMVibMNG8I2LlNml4xM8J8yH+e/7YzQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T11:56:37Z"
mac: ENC[AES256_GCM,data:/w3KbS5sK9RVZjNfxPFX2TWBLxvVCj16vXs8rI3n5tO1z9diGYJL3PYOex07fdXSuU/E8c8zpgr8MzeimiazaQry+XYxOQrfR6u0xVz7EFZsHFM2Y/trNs11rw5MPfYBgiKKvB4k1pW7wDKgPq6oC/NfNNylioDl5hf3dTtrg9M=,iv:59PgjcBY8yU5FaE+el1Mhvol4cL/DIzH8gbgFp5wpZA=,tag:UBXKM3+yeWBDvNzL5U0fYA==,type:str] mac: ENC[AES256_GCM,data:cELSGJgfHkR0RPVZAJxTd3jmaYNHb+HBNPccSZ+pD5dBsa7WBhlcdTVy+O/XkhQkiYvcVcpXZZgODcv9SwvJM24yA6s2+5nhcs6mJzVtYT15hSzH0YepAe2OHk8rR5S7ucUZZYIJzjFOTxWPvExx2ntsBVngZhHCrLm/EyjWbv0=,iv:yTDtfR1R9SVmCvwiLgdiMX4Eso6PIK1eiqlPtwW++lY=,tag:wxSrF/qz04Cdw9VATtnd3w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

12
nixos/modules/nixos/containers/homepage/default.nix
View file

@ -23,7 +23,7 @@ let
showStats = true; showStats = true;
disableCollape = true; disableCollape = true;
cardBlur = "md"; cardBlur = "md";
statusStyle = "none"; statusStyle = "dot";
datetime = { datetime = {
text_size = "l"; text_size = "l";
@ -100,11 +100,12 @@ let
extraInfrastructure = [ extraInfrastructure = [
{ {
"UDMP" = { "UDMP" = {
href = "https://10.8.10.1"; href = "https://unifi.${config.mySystem.internalDomain}";
ping = "https://unifi.${config.mySystem.internalDomain}";
description = "Unifi Dream Machine Pro"; description = "Unifi Dream Machine Pro";
icon = "ubiquiti"; icon = "ubiquiti";
widget = { widget = {
url = "https://10.8.10.1:443"; url = "https://unifi.${config.mySystem.internalDomain}";
username = "unifi_read_only"; username = "unifi_read_only";
password = "{{HOMEPAGE_VAR_UNIFI_PASSWORD}}"; password = "{{HOMEPAGE_VAR_UNIFI_PASSWORD}}";
type = "unifi"; type = "unifi";
@ -142,7 +143,8 @@ let
extraHome = [ extraHome = [
{ {
"Prusa Octoprint" = { "Prusa Octoprint" = {
href = "http://prusa:5000"; # TODO fix with better hostname href = "http://prusa.${config.mySystem.internalDomain}:5000";
ping = "http://prusa.${config.mySystem.internalDomain}:5000";
description = "Prusa MK3s 3D printer"; description = "Prusa MK3s 3D printer";
icon = "octoprint"; icon = "octoprint";
widget = { widget = {
@ -288,7 +290,7 @@ in
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app; name = app;
group = "infrastructure"; group = "infrastructure";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
interval = "30s"; interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];

68
nixos/modules/nixos/containers/homepage/secrets.sops.yaml
View file

@ -1,6 +1,6 @@
services: services:
homepage: homepage:
env: ENC[AES256_GCM,data:g3DEqsekcQ2pH0sDo77bGSwBOr3zfvk8mgZgZdDi9G1xbTQPDXtAc6pjmEmjglkM131Rf87gTffHJKwD1poLF54LHYOJ+Qx7fhy+yjerV418QumccJaRkb9GqJWGoTLYZpdYTwHg4Wry0S2QiOxfQ//hDK1INIl/duJhdaeGNrpqMXviq+PqOM9fbWkI2iRzTvWjQioUINiF8I4YixuYXLTqAwEOdcCcr8tBZtToFaOzWzLtCICHKm3l9D7TefLCn9RBTTgaN8ahavMNPBKC7HRKXFi7b3NRyzJuH9zXtzMpNz9XNeG7jXfmhN+W2gNFTlTVbqYc2aIb+OI8hYTDk0EiA5vJ2rqYXl884CmcxpCE872Zo8xynelZO+Xjn0hq/2WHjclTuN1H9J7gIOfbrNQ9NiFc2q2d3UeyS0aX73tkp4Zx55J2XgTB1uS2pm3Rl4KfgYsCc1MyG0f4qVfpMOHCZsQoBdCFdp/yJzGsdYJt2K9R/acO+1JA4nSB2v/MvckluldzHOUVHXqs8WguCBXf3RERq04+Jt0kVxtk3QUOqBVhRUBDKiJ4Fyqye2bkG5ZmT2KNWKBKoLH1oJrBqNIqwqHytAqPgltsn5uq61iAZ/6kVRsmpHQz+itUBsnApiH4vfh1Q7Wv7S0KzhQ79Lnf3koyIqH4ZJu6YmfaGEbXpDzhx83A8T0L7ZCfsWWfwA41YBiPlf+c/TCNr5RaDcARZfGKi7hxqK0Cd0bHDKMWfPsiNfNt2MP9lBxFyItJ12yI/doI+lk/rwtVuwl72qW62CZCrUuIge/t9fuwYaUZtA==,iv:JBQxAqYRFKzAD7poNGjvqzEwfxIQcXGMzwLiP3eqcXg=,tag:ZSPjAkr4OnLuiyW4+QG2Vg==,type:str] env: ENC[AES256_GCM,data:eC/ML1lypdxqPKmSpry9C46qD8h+LFhLXF47Z3qmeW6R/KOsyjVA7LwHFJ2JMZa2dq1G27FVGwDFSc0BBFjSEAq4QEHrHINf2kotSkS4bLHgnI+x7ZbO4EQezJqQQSstpaflJbX5SC/lTox7xhSjMYF9+9RUKu1FShv8buLNCc3TyQI7JCM21nXo3st4xOxTsPWDeFyOR7uvXi/kj04+2LQJveNGkN45+foc73VXD0jMA0mBJihwLRqL6PpAM64dQfwspDZ4dThNTGJzSQpnVfb1zDw/u8KWZeHZ8NMdT4SB0DjuOtaxQ6elIXzu96NOQYV/ncE9tZiAhjhpTleJsV/KWM9RhAKV7SEWT7x+vEmvmiZkwwz2wKWKgM1SKOplAupk3EsJ/NeDJAP+NltYWymN9qeOnFqcqXT2EWNkrCgHJwiVIuuMf1eh5l9xuxj5u0Es+a4plpbKiuNi8Ws/3IvL/ClJ1LU9ONZj4TSReOzuqJWvSKtAAx/kXeSP+H1bU4qyK+oOzJ6KUphZHctRX7H+c1jovkPKhRMit90/G31ydKo41MJwhV59lEr0pvz3BXrw8INJrBxgGRCylC55vgbJmgeZlIE4x+UpU+GNB0HnFC1PUxELOxBX7jTAN9mf48K58VLNH+kvvXuE4+tZt7sSJMw6HFlsQPxNoTFg3XxqVWB2FrFpf4mCd9K8cZUxEz0OtyLHDRuLgNtAv2cP4J8azvjhtH3rTKZOFrVtNB3K3mE2B6nyeeMCrpXoj+qpbApqfDInToz96CQSzx7GPkG7hrZkGr/nVd5U1LrLg3eulg==,iv:ntzX/uBd2wShWGAm+oOOYRZtZBazeVR6r8Jjp/ewLsU=,tag:Rsb3/GLTBnvv98bUicJRTw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuN0lFdkdyYmZibm9jT0dG YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4MXN2MXZZdWk0QzZvUUtR
aVZGKzBpREVRYlZkbkRBNmlLdmhQRTE4Zms0CjZLYUo4K0hWcnlzTnNqUWZ4SVFn bytQUmxVZXh3cHg2dUhaNFNMM2FxbjU5Z1JVCjhDVlZEWXZYV1R5UlBXL0ZrN2FF
S3VFQnBycGJzLzgva2hObCtINmRxRTQKLS0tIE1IR0orOS83Sk8wLzJDSi9aOVNo dFkxZnE4QzBaWnZvYWp4bUxzdzJCMlUKLS0tIERCeis3eGVpSWZiMnNkUzFDMWlv
ZGUzeHZVdFd4bHJjZXpYRUJZcWdXWWsKVgJAiuoSekJb9656urzv8fg5rCRorZ+4 MEUvelQ0d1BETW94eTIwb3FYRU05SHcKIwkwqn+/TQYPD2E9Y8Y5CKYWWOOlOqNX
zD26aBUA9lB/BqZgO/sXaE8Vw90FsypgSO5+tPMyLiPMNZsRFYsg0A== INWN0DgzQb3pVn/L3HD6R7rpCIujQhV/KE42p4theakT56cEFMpjaQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WnRWV0VMbGZLQ25pMEdv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UWYwVWlGWUtENWhuQlpY
QTB5aytUcGR6WEZKcitrU1F5MUlvQUJoZEdNClZsQXlQN296UGhreEF1aUlSQlRD THhSbnJkaENaUnNVekE2UndKeUpsRElpNFdZCmoxODUxQ1FvVW9UcFFiN3M1TFh6
ZFdGb3NVZmNwWU5XR3hZTW5MVVNXSU0KLS0tIEV5Ry93S2tvUGlwYVZSVU84MnVU UzRRbkdzQWs1SXVCUyt2ZTlPaDlwK0UKLS0tIEJSdk4rU1M0bmR4QTlEeFRwbUxT
NmtSUzV3Y2M5eHBiSXkrSTNOTGQyS1EK1oAfIrAx9s1TjkvqKvdWMwNXVDK2m0b0 dlpkaW13VkNCWVcvcGlVT0JSVm1jd2sKxDSwNVZkt+1VrEIEkSDFSL6XpkmRU0UZ
mGW/JDm8rGr8BaY5NpYJnKBn6OwwAlFsOt82gHmfKhVYjJFOWGuHpA== bsRYQjTxdqMxAVtyeKVIocMizGQIcsbjrwxL2RMnUev73wjNEKjAJA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZEtJc2lCbWJpekN1dlBJ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSVowcEdHQVV5U1h3Szky
YnhnOUt3TEUxRFdESEpTcmlFMDNsaGdOK1ZBCjdHQ1M2d3hZQjNkVG43SGdibXNm Wk9zTSsyZU5lWUxXNXlGcGNBQUd6dTBXSkI4Cndsb05DUy9QYUl5K1VGT3NLOFVl
S2RoT0N0M3l5SGo3UTVwN0p4dU1rbVUKLS0tIGtvdTgyZGhTTDl6Z0xuSXNIK2NT NzdCeG5wSjZ2SG0xSlVSZ29EQzlzT1kKLS0tIForSGZzWWdsYlJVSXhRUzMxS2dO
RE1yRitIMSt3NFVua1hDcUZwek1STmsKgTMExZ/Dnlh/yPRAid/yMWR71Txjsyuj ZG5SbFo5VzdsZ3BHMlhpUWVYajNVUm8KIL/y0lbYiYruyLRmdgj7/4bP4NLdL/uU
7tUY0roAhMKBPGECbJinpit3vlDouwfWAIhOdLpybSgkVaBi+MO96A== /bR46RvXfAhgyncp+4hXrhh1CdPUwkg4Bh6WfwYaO+0kp/4FU47u+A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdmZxY0NmaHZFYmViWlNR YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdjJZMmhqTzNrZWk4SGJ5
WXUxZjU2WjRPdStNVXBPSm5XZ29RWmhJeGo4CmYzKytFN242RklHYTg0LzVldHVa bkVaOHdCOXRwT2V3VEd4Q2VDRzlCMDFDelFZCk5LMWZoK0g5YUt1ck1jQlZONDRS
WGxWb0hRNzdvUTlEL2dyMkZpbWpqRUUKLS0tIEx6dlNpWVI3WkEvcmQxdWFNblI4 MDFpSzRQaDRmMDg5YWk4NnBtU2RXcDQKLS0tIHZ1aWxjcS9mejRaTnVKV3pDUmgx
NGZyK2tXZGRicng5MVVLYi83WmVmN28KJn80I7V4qiMrLMpZ8ZkUBKj6ng3vyzR1 RGJFZHhsME96WFFOWUx4QUtZeWpCSDAKX6odRaFPR8vHTSZ+YD5POCeFVMeWk+Q0
YWx0IRufErdXF2v594839zqjw563l09BhHTX3hA6wJmwktwxkLpbNQ== f4zjiGN1HXOk4pwH286z66VAZ9Eem+c15mb60ZmKFRhxTeJc0Xvq6g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScFUzdDlOVUI5UmQxdEw3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMy9OYWdsNjRXZ0YwdjJI
V1ZIM3ZndjZkRGFsV05nWUZyaFRFNHIwZjBZCmNkcHljR1N0ek4wWUk2Njd3OHpx YmtJK0krNm1XamU3bGlyWDVPL3FscmNqREhJCmtQR255bkcxMEFheEZ5WXFvUjVJ
L3BPSEpyb0NHWFdCemdOR1MxbXRwQ1EKLS0tIFNYSGwvL3h6M21Rb2hTNGJNdXJa NWNQOVc3YnVZNVBSSkRZMGxCVjhsdFkKLS0tIGNyQS9BbnFJclFtYjlYZ1h1dFhi
NEZNR21RWG8wajJBQTEySEpVdTdEbVEKgo8VaYuBs5Jg3Q5gnhCVTy3MM99bBC6A bUEzWmRZUzZIYjJJQ09YVU4wVUgrV1UK+PmTnYJ67rUGld61S0/GMa3ZQYSAePul
VpomgvMz6ELblyYXz/mlcOfkTkHHlwjbw0ERHs5i09idDBM/HaqQWA== +a/5BKlvLgPJVua6Fv5LIoA0zzmFLEpOOsnLarbmRfWm9XpQDD5wEg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOcWN5M24ya2hTbS9rRUND YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsaGdWWVgzQUwwbVlHZVgr
WXJWQUtPWlRVTFlNMTltQktMT1lwRXF5SUhzCnBNRXJSQnV4djdBTmlqeThQUVJn U2NDSk9SV2FRQS9GSUUxK010WTFaK3g1dmg0Ck5Ld0Y4ZEticFhoTDFNb0x1NDk1
TjE5aFFyQWhSclFwenV1NTY1bE5ZRHcKLS0tIGoxUW44d01NRytiRGowanFiMTR2 SWxXcFk0RDh3V0xQUS94ZjRoK2xESnMKLS0tIE15LzRjYXVjS01JTEEwcDNuS2lz
dkVDRktHejJQK25HQW9vMStDODJENW8KUYt/n6qvgaLWgiUA6pZcO8QtiCiHdkwo YWR3NnNjbjUrTTVCS0t3TzRydnlSNkkKKIi0I49zJ574JR7aVu4x7PZcaRvxnzvm
GIZXXpVgBazi3zOtZZ6Wl4NnrFH824VQZqTL8sJbtG4Oz3HZ688YHA== Z2IXLciMBKkiIQNf0eRocSjfSumToBAhXORJVklAxW9j67haSuKZMA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T11:56:37Z"
mac: ENC[AES256_GCM,data:2HwYgQj/gyEur81qo0w73B0cCvZB5hCEBkYDEAALn2BW53ZyGX2s0qj16S6WNh9UxKDgnsPeSxmq7Pf8CtkfwjRAXpNxEfYDY2htVj68DR/UGaWauxI20EfI8T8uwaNZ837oW6yJbtk8IKj2eQusx4PgvKwBZvKZUncAbAOWBXQ=,iv:RCmODe480/Yt8JZBLV0o9ZVh1omAOvbWRkpNjr50uTM=,tag:yXeZ4iBQm3euk2O6zX69VA==,type:str] mac: ENC[AES256_GCM,data:7IBluUr6uRBeQoaIG4LG3CFEUa42UEl2NMUS/V01W/fKlEBb97Jog2dpdivMQ0P4Az3MSzPqfq0Y7b4XBcU/LnSGNBNKFAXO75rBwvmuKF5qcw7X8MUl28qgTyS6DImDL33r+ydA731lTzQazntAzgqquFTtjNqixkF/2qDTgeY=,iv:ROdwE2T5M6zofyP/vxJRhvRj1X3BCKiG0Kjmfp1Jd1A=,tag:oOs4LF7RHxEb40w7KvFFcA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

81
nixos/modules/nixos/containers/plex/default.nix Normal file
View file

@ -0,0 +1,81 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
app = "plex";
image = "ghcr.io/onedr0p/plex:1.40.1.8227-c0dd5a73e@sha256:c8d74539a40530fa9770c6d67f37aef8f3a7b3f30ee353c2cb5685b84ed5b04c";
user = "568"; #string
group = "568"; #string
port = 32400; #int
cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
in
{
options.mySystem.services.${app} =
{
enable = mkEnableOption "${app}";
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
openFirewall = mkEnableOption "Open firewall for ${app}" // {
default = true;
};
};
config = mkIf cfg.enable {
# ensure folder exist and has correct owner/group
systemd.tmpfiles.rules = [
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
];
virtualisation.oci-containers.containers.${app} = {
image = "${image}";
user = "${user}:${group}";
volumes = [
"${persistentFolder}:/config:rw"
"${config.mySystem.nasFolder}/natflix:/media:rw"
"${config.mySystem.nasFolder}/backup/kubernetes/apps/plex:/config/backup:rw"
"/etc/localtime:/etc/localtime:ro"
];
ports = [ (builtins.toString port) ]; # expose port
labels = config.lib.mySystem.mkTraefikLabels {
name = app;
inherit port;
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
{
Plex = {
icon = "${app}.png";
href = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}";
description = "Media streaming service";
container = "${app}";
widget = {
type = "${app}";
url = "https://${app}.${config.mySystem.domain}";
key = "{{HOMEPAGE_VAR_LIDARR__API_KEY}}";
};
};
}
];
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app;
group = "media";
url = "https://${app}.${config.mySystem.domain}";
interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}];
};
}

11
nixos/modules/nixos/containers/qbittorrent/default.nix
View file

@ -34,7 +34,7 @@ in
}; };
volumes = [ volumes = [
"${persistentFolder}:/config:rw" "${persistentFolder}:/config:rw"
"${config.mySystem.nasFolder}natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = config.lib.mySystem.mkTraefikLabels {
@ -47,12 +47,13 @@ in
{ {
Qbittorrent = { Qbittorrent = {
icon = "${app}.png"; icon = "${app}.png";
href = "https://${app}.${config.networking.domain}"; href = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}";
description = "Torrent Downloader"; description = "Torrent Downloader";
container = "${app}"; container = "${app}";
widget = { widget = {
type = "${app}"; type = "${app}";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
}; };
}; };
} }
@ -61,8 +62,8 @@ in
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app; name = app;
group = "arr"; group = "media";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
interval = "30s"; interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];

11
nixos/modules/nixos/containers/sabnzbd/default.nix
View file

@ -34,7 +34,7 @@ in
}; };
volumes = [ volumes = [
"${persistentFolder}:/config:rw" "${persistentFolder}:/config:rw"
"${config.mySystem.nasFolder}natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
labels = config.lib.mySystem.mkTraefikLabels { labels = config.lib.mySystem.mkTraefikLabels {
@ -47,12 +47,12 @@ in
{ {
Sabnzbd = { Sabnzbd = {
icon = "${app}.png"; icon = "${app}.png";
href = "https://${app}.${config.networking.domain}"; href = "https://${app}.${config.mySystem.domain}";
description = "Usenet Downloader"; description = "Usenet Downloader";
container = "${app}"; container = "${app}";
widget = { widget = {
type = "${app}"; type = "${app}";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
key = "{{HOMEPAGE_VAR_SABNZBD__API_KEY}}"; key = "{{HOMEPAGE_VAR_SABNZBD__API_KEY}}";
}; };
}; };
@ -62,8 +62,9 @@ in
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{ mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app; name = app;
group = "arr"; group = "media";
url = "https://${app}.${config.networking.domain}"; url = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}";
interval = "30s"; interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];

71
nixos/modules/nixos/containers/tautulli/default.nix Normal file
View file

@ -0,0 +1,71 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
app = "tautulli";
image = "ghcr.io/onedr0p/tautulli:2.13.4@sha256:809bccf944ee56c33af99993841e797e18dc85243639788de3c9d668c291b215";
user = "568"; #string
group = "568"; #string
port = 8181; #int
cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
in
{
options.mySystem.services.${app} =
{
enable = mkEnableOption "${app}";
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
};
config = mkIf cfg.enable {
# ensure folder exist and has correct owner/group
systemd.tmpfiles.rules = [
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
];
virtualisation.oci-containers.containers.${app} = {
image = "${image}";
user = "${user}:${group}";
volumes = [
"${persistentFolder}:/config:rw"
"${config.mySystem.nasFolder}/natflix:/media:rw"
"${config.mySystem.nasFolder}/backup/kubernetes/apps/tautulli:/config/backup:rw"
"/etc/localtime:/etc/localtime:ro"
];
labels = config.lib.mySystem.mkTraefikLabels {
name = app;
inherit port;
};
};
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
{
Tautulli = {
icon = "${app}.png";
href = "https://${app}.${config.mySystem.domain}";
ping = "https://${app}.${config.mySystem.domain}";
description = "Plex Monitoring & Stats";
container = "${app}";
widget = {
type = "${app}";
url = "https://${app}.${config.mySystem.domain}";
key = "{{HOMEPAGE_VAR_LIDARR__API_KEY}}";
};
};
}
];
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
name = app;
group = "media";
url = "https://${app}.${config.mySystem.domain}";
interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}];
};
}

14
nixos/modules/nixos/default.nix
View file

@ -4,16 +4,16 @@
./system ./system
./programs ./programs
./services ./services
./browser
./de ./de
./editor ./editor
./hardware ./hardware
./containers ./containers
./lib.nix
]; ];
options.mySystem.persistentFolder = lib.mkOption { options.mySystem.persistentFolder = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "persistent folter for mutable files"; description = "persistent folder for nixos mutable files";
default = "/persist/nixos"; default = "/persist/nixos";
}; };
@ -22,6 +22,16 @@
description = "folder where nas mounts reside"; description = "folder where nas mounts reside";
default = "/mnt/nas"; default = "/mnt/nas";
}; };
options.mySystem.domain = lib.mkOption {
type = lib.types.str;
description = "domain for hosted services";
default = "";
};
options.mySystem.internalDomain = lib.mkOption {
type = lib.types.str;
description = "domain for local devices";
default = "";
};
config = { config = {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

30
nixos/modules/nixos/lib.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib, config, ... }:
{
lib.mySystem.mkTraefikLabels = options: (
let
inherit (options) name;
subdomain = if builtins.hasAttr "subdomain" options then options.subdomain else options.name;
# created if port is specified
service = if builtins.hasAttr "service" options then options.service else options.name;
middleware = if builtins.hasAttr "middleware" options then options.middleware else "local-ip-only@file";
in
{
"traefik.enable" = "true";
"traefik.http.routers.${name}.rule" = "Host(`${options.name}.${config.mySystem.domain}`)";
"traefik.http.routers.${name}.entrypoints" = "websecure";
"traefik.http.routers.${name}.middlewares" = "${middleware}";
} // lib.attrsets.optionalAttrs (builtins.hasAttr "port" options) {
"traefik.http.routers.${name}.service" = service;
"traefik.http.services.${service}.loadbalancer.server.port" = "${builtins.toString options.port}";
} // lib.attrsets.optionalAttrs (builtins.hasAttr "scheme" options) {
"traefik.http.routers.${name}.service" = service;
"traefik.http.services.${service}.loadbalancer.server.scheme" = "${options.scheme}";
} // lib.attrsets.optionalAttrs (builtins.hasAttr "service" options) {
"traefik.http.routers.${name}.service" = service;
}
);
}

70
nixos/modules/nixos/services/bind/secrets.sops.yaml
View file

@ -1,8 +1,8 @@
system: system:
networking: networking:
bind: bind:
trux.dev: ENC[AES256_GCM,data:ReWcaafRGpgrMBiWBl4ofSVFK6NU/P2n/FTN0f4ILe/dBFtZiMJxyLsmi4tb/JBD1ndil0C/eZvld13+xVk+FsTgh7C/4YnJm+9SpgQv8kxorVzGnKU3JGufku7LDyrnING/A+yjMo6vD0h6SQnSt6i2YB72rN09+o7aO7obHNLWJ+B2GSS/IiQb2voncDCjDuiu8ESZevTPVGHhmnP/VrWZOy/cwTOqgF/i65gcOdqbqfeF+iXQBKV1WJa2vEBcj1+yLrS5+YSSueReGec7tn4ulrTKiNPFczCOM32kFbwxEhI6TlxIh6MasjQtHAo/qMyEgk63oiZWKsaz21VfXyPNOnDJB1woE6T0IqRLMUUbuw7150TaRtBWnKazfCH3cdxwi0llh3zp9HBAKPrLOa0V7rOSOrE5f26x0ZA9AoVLQY82Ms1ibMHDNJ+cZa1TYmxcGLlag5g6gaLwkKGM0YJ+FgrI3zBLqcrOe8SysoNI2Ru2uAA5a9K8TWDasF0R+/Z6WWFeu1qFr8th/QvoHHehXKEiXGz+89X2hC4TBm61/IKIMcls9zIYKExeZ5ePPPU8w/oiG4SAxjnl+ppMs18a50/wXpBvi8GPeG6gdvrfUnhWv5j5au+43IHrQiBTb3jGGur5rLQ0cKNGzEBNvjPyhXRi6H2KuFwi+XVKNjnWYoTa4PFGZMK6OHqJa+yOhqF8h1r5ydlhGLumBGU+RzEG6wSU2L0ewOXH3XPb8T2bUejyg/kq9ruGe7/Unx4gfyuxgI03Jv7+repZk0gbN26ZiPh62FpDLKS8YFHFSIEFJJJwCUU0Lhb3xxQL8klrGbuxcZrFcK4sxFCF0UiexRO5betiN0RG4KS3jJ96iaSvrAc8T24pJb6cZtvTgGNcMyeQSaEiyp0l2wjEXzE3xNmTTZ1AcIcig+9dY8bKBLx2EDRS1YN/C/ucuXI+9/6V6O2cjmw1SvonQUr2D1UemndrJy242SUrguAch/Iay6nsWgurCrPe7IJgwaWh5SIGDmmA7sfYW4GjtIqwo9J1NoooD9ROwAZhv6aEm9Iy2350eSOUV1SE105wh73FTV8HKBW0QpEFL+ebw1OVbjFXQ5iTHh+s/XVihsbf5y22s+E6p6wzwmpzty9fToXcm2RbdCMaHnKdoEPvnfCY940s5th4cn4+d6lurlHuulmizLtZJnrfnb1LRBqyrK0dOdi+nP8fB4unOiBSUoOkdaoLKpL1yikUtPwsAFGgQKYP4KCvmkGhUfm18ZLI4HzvX1TKmAGfrnD10OGzlZnj3QtmPhfuhfqgYzYn17YlyFp7r1MwIch64lEf0Y5LiGzRdQ3swFwunS/A8C4iPCP6oxLWk3lKftBfQXvdYLghUS47dxXw5yTRNPSaZPqWhCEPHu9eTO7/ZAgEQ4e0HpnON5zGYqPiyPwsC5h7Q1rOqgAN45iY762q+bx8IAj43J96sHEfJxVUFvjGZvIRKZ0Lg+CtWKtjMSEtzCeR6R6Q79EazEyAagOpKShI3URLkgGlfixmVArekPq8SUzBgtSl93fuXNyuu4n65CCo39VHXEPlmE8rLK4R0SCTNgzCffZQqzoelta8CEcRCx53KvWDblfAgFciy5my7zr9Jg4mHX4cjB194VnXmEL7gUrCV+WXT/p7NYQqiLe+z3roesi4VdCkYASwkg2C7TIL5dbhSaiiKH3/43DChmEDhLib36BAxD+EmBc7p+yuy8NOlT4pjimziCbA31qdY7bTe+6V3eSqkVNKE4+6hBVJM1m8eBuxcw7Ed7tkUmDqInZF+bKg0ZsdZrKtxzSdoN5QidJ6oPokU+IcAqF8ey71qIODwbzEls33K5RH3f9K2YtQziWoc9ditSjBb5hv/x7a7fJ16ouhoJWCQ4FNIRF2RdeitolAHgtbyAcuocNCUhPQ+/5pdlozbPdmsvLCG7aJSrVByC90gaFYEvjBv6nK/tbgAKSYnuw0JvPvg87LZIQXjULSrOl537PP1ivyVjNMV9R91HKYuFGr+Rjf7mxjlCetYtTPDDdxtVx3ZPhVpyW07EVHflGl50WNqHa9YUMWHFjjAHQgFkvZnNA0Yf01fG3rp09IHK+U/oisHeSMt9+uuaQ+6+Jcn8PAjZZH31esc/5BbzH8QbOZ+6AMRuxyIAvJRQ87KMC2PxMUceUooDmq3zE0K+KDot0SYDgGi8z3d/4Te3pqHAzWpVU0ttLnwt6e+dhu4kM7uCdOqeiBqDNBxonmTrosx/izB88GhTkLGo8SX9LC/zVGLcTMMbWceJxjgTXu0J/VXVeAJrmfJWIu8f/u8VMQ3IBLR1hKDLy60tj2w4aIApCEY8PZJwBTiuf9eMtLLIFSmCIcERwH25sJ7Hc7KFnZP+NYah1k8XDU4hHCs0TjTc5kcneLwLxUD289meqZkBmN2KFF72mRqP5ZC8f6pPJDg6lctB9FNldpOKM5qWJXGLOu1D7/dhk6ilAyPpK+k9GySrd74khiN9m1kevTBKKsBrgdaxmwym86reK71m8C6txQ5PbaRFEn8t/8Liy3vF8ecKGir4qjwFcqATJUQjN9p87IPDnTdFOGBFXhan4mPg1JY+TSvFH0v0QSoIf3mxz2rSBlg6s538X6Oiqzyg7KrUng+7x93auAJG4xY9+ja5wK96Li4mLm0YL4MftDwpCBjOf5ML9ZuyA9CFBEz1An01dpHnqK0UCgZCArqxAb3hLVzCk7qwxZf5s8SZoMjJR2+wvdLi1K4sW2ayq/trcpwawWgoFevedk9sRpBv99xBwWnbWe+zT8hMYJR8O/b60I/tSOVSJ5S7ZbklA84zc/X9KJQ8s22Se12Bvr+h18rmAsxc9RSW+5/JCJohhO/IEB/zhqwQK9aKrHURKwZ4mKsguk4B74+xUAqkxh+Lbn625EZ7EI3MRUEtM/A5I1mYPDt5F+xfKUo/6NF69FCRwOlOlQ7nToobPlfNcm+ttnSzj9NAIG9LQWajiC5lWSB5aLHvfDGpsPrAxauQOPUG2avTA22UXANfA1KAkxvmsUtavOFVLyjHctxnsZI7nCZMIIy+efPXu1FKyijM2uKOkHdrEnS0mb7ZLGUKlwQHJvOsu+5zsRsXZ5FPcdm0zNP+f05DGtKw0saWrjyP8AiiiG89rv6LPGnhwRxGI3yZfJOVcXwhoPNSJ/BHgjk4OF4d8/T6y25+xETrTr819N+ocVrhrNFZbSW11BzCBCd3kwTx6SFNcwmlm3tGyfB255YX1tF6G9HuuVD4A=,iv:pjMSO0iSk9K4+Z1TpYfI6YudZETkL7b2KndChnE0ITU=,tag:kMf6a1UornfzCjzuPUTvvQ==,type:str] trux.dev: ENC[AES256_GCM,data:Qr2DNPQrymbiTaZYPN+aFT+njbzEAO4X1qRiVEo5Lz03GsmQ2ct9bmF5VyNGrjKyBVkjEZVeX5istUYXOf7Opq5NA04N7z8uCZCBU2YuzUEVfkz6PXSU1F3NbdBlika+2iogLpDcJRttg3ciNhSrWDiWSlns/VZBKIxjrRX7yGLvCF71UdgaBdCYiTDQNU2kpHQaYLafftppAtLXzWA8HAp6lxsP8a4RISBvA78o1+fr1WzEffjFd8jbdfr61kWhOIygGhdWbVs0taQ5vLzjd4+eN9YFdjNRiHZdktyrJS1PpteJ8FwAZwulDHdKoMvLhm6PnuSw/iTk/CnEXPiaFOKf8g4NxLOcM6kJUgcfiwqorvY6YYQ1j2DfZ2eyiE1TdC/a27oj4ZqoQSKyn+nuILXRu0ptP7IfNEX1QlAeKl2Gi6qgiZLQ1F/67dzJvLAA0onncMkyGV+cHGSSqmb15aBESJ9T/gcTa8b+JjYj++bSL7b5KedHf5VwmoJ6Tug1qPXxubscGP1mD7i7uxZmgW7UYCStAtx+GyIK7dTlCuAjKoLkGxgiQD1elQjuqwJ0RM2YV9cdWwpeFb78sAOSyUfZKfQZDmnutSWzNInW42yLJoNO8URBWsWvc9lpwDLlAGfPo4BXUfzdG+qX5UCFmfPn6AvcYIcLOUz8vEw2YG3byJ1QUYXRIQ851D+aeBte84P41ZlXwC+ov/A9PXztJlz8phCFJQZpe/6LwUqchtwl6CJAvop6nHcgYnQfIrRJGEKkQDLYWLeDrQtovpDqNgZTNkmk0KXeuPGKjPCrXhvmqs4YYUIyQdvGqqli/OLhs7Zq7GOvSSGNWx/wCrptavgxiG/eGBlc1veDOACPdrV4q8LdTfavCTbzNO8lCq8kkzzL9zN7NJYu2vButkkOsmSQ8y0nubpnsxw26a7okeMx5wh1YTZ9dllKS89zVIuXbwuIxRu5z13RrDoOQWm6UGjgvuoTpIsptPfSSA/EGJvy7AQwsWQsmcgm46MLffoRfhD5p6LgwQVVetGGM4iCOmtUDsnFsBbY7KcyPUAw7KI4NacGlAlsJEkdpAlR8HvL229/J8xuOzDSH45nJ53nwH5Ki5WjurS3ovl+ByMg4v5EX4fEY7bWDsYAYzhhQfZrDWFYvJdNEO7j2Wtl7t8gIPiGPOhOnXExZoL6WAauFKer3N9nOE13xqkTJIL9KAJrf3oE39W4i9fWLa3vMknbyKLUu4ycW9r3ndKPk7KIb3kd2TBNqGXUyc6ZomE369lhGs8oajtv6M24V3d9ggE/eHWjUllq35go4YmJG29i7G3vQR5o9HEFxe+RnCqe7j26/lU48+2xDJZtve4uCvAbkU+awLoKz8/n4PQJ309aPPODOMZgA9HWe+I1V93UHZUZuKc0ySsgykru2+dvN8Z53nRwyZWrn5XxVVi5zf+5y1YK/r9SUq2cklny58jr/r34lACLkanXPR2+RMihumcQz00VrTdpadWAsdSk351O86aY9JxSQDqTgvLRZgz4urUCKo9IxhXs3XigIRQlRwPaxUtZuvuSagTqAFnw6qcU7Js2AL/obQ6R6ciU3W+IGid5DZi02GV4Gwxx0FJdXPmx7jOoGghwrZv00h0GCtT4BCqH7VWdEE9ZPShglOhUaPMcN9N7RdN1+iHq4/4KO0McuoTtVCYhHI4lKkq8NJZBP7y3ft8lcsI+PLKUXN7wdy3lcTCYvS8wOVM7WuBncpqdobD/A1TZZm7czEZqi/y7fDPqsQ1g316XNdVqKHzOdg3ejDFIjQST87ep4JnWwaIEFklassPPCy6BJ7sLLPUux7JuSIgaWyMPAbB7U7SY6N5uZl4A1+f14mMb9qheWBqwDcWQ83R6QMjpoum2es7XxXGB2/9oYopslyM9glWigPMJPLojWZydJpZbIiB7o4yQBp/OFozl+AJLij/IIrbtECug6bap27LjajVKRSjQVwvZeOg+omttYcwR6dlqW/sHMNR5pkDhJ5lXzWeyvO1C1WIg2qFLE2WwrgM0/V9JDZHo8Uk7q3NUmnVOYlUyTyrTR/OKFEas7GYBv+/f9l5h4UqQZWzU7S6cMAFbQXYxcX3YzdDIJ4edmuzDdWCuIAy+dQsu1h7cVCRYO3tNKSDyYJ2XymEtNUu8tewicf2t52AF4UCR/3dRr+rgEFbrTpxn1Sm0O8azMIkBiRZSF/hF8qzWZmCEqvMtxWjnZDSAeHVv58/83ZFRx9M42gLqzlc9WaAvKNtIWgTQDOz7lJ3ymWdHdYaFq8z3aOh2IgOBhwAFee9rP1IXu6ASsl9NjlK9TRy1FrTpMzZKRLtqQgXaQKFs20FeoGQR+as7ZBCfIyANF2a/amjQOlV7nAVMGtpPS91DG7NcejHuVklVwBwZ62FAH8Wlm7VuBSKPCJqlbqO3ixsuHtuhUE1IBJNIR5kQbxtkoDjfaIpWB4m2VBUIxmV6d+Bw7lWII0UZPIjoImZ8QnLe67NotgJfRXx/pFnm4zpcSBGMaHpP5HoXVDWbpTjkTZPP99e9v8uWr1qaJfJEBykwAOCRXGM6qh3rj/uqwwUKC8KH1cqOrG5tKudtdE3sWGpV/7YwJMnHEardDCKuKQtOqtWHerZ8b1euhRqQClOB/HVNerAMO1I6mym31btePgRDfcLGPBjL8hE5wC+iuZlYjl4RUHVvhvCVXUwF9aGEv0u7Ut9WfUj2f4YRinI43KawVeQTIPGUD7k6c9RLwVwz3YujY03ruzgDq1urDtTFI2N2PtFR6iiTzk3R9To6Wodjd8lbk8GWYipg1IKORHaQ3e0wgZPbgBI4tj2xwZN1WHIzvM/MLqu8XFW/fnhV3+TZ8JfjNOXFn29Nn79F8rHuil5DUfBQHJh6z/EWQ9+2Wu/B8OA45JqBO4HpLGKN3JmuCuQeqwJi5Rcd9OBJl2OK0Ccm38uGWyYWGsIIL5SefZaAioMoPZs1T/Z7PejwKDamve7sGTIOXvFMIx2S4glqZ3/da9/GeIqCQ5NRG18slP9jbx9RD2GEytsXDJhWo6bgCfKIhk5j0s3vKnQ1cbMpBbRib+RtPsQGfBDw1IasWg3oGZXPclH/zYd9HZsAZN+qY2ny7VZOCY3wswXvCZjda+pYF9I30LcVIfErM19REQn2L3iUqvPJN/Wj+KfosARZAl984FHlvui7IfJN9EuHEMA7c9s9EuyoNWXi7wOcFrt7CBnURk6nNZwq6RbKtSPVCkrRgY9W2sRPlhOXvRFcVM0vRnXAtkpYX0+sVfMQSrmTeS74ippLLwKItjZMgi/M3ZczQkewdMeFbGa0mUZQbjM/bAYQqQ==,iv:amqQUxzTVYI91hO/xbfuAmclf0KLXMwHa7fStRAA4WU=,tag:rMOqMsMfanq45O4Vm2+SSg==,type:str]
natallan.com: ENC[AES256_GCM,data:yCeI4+Dk63MmpiwjtU/fl1Y6lIiTS5tzXqsXsJUlZ7Xg0fFhnt0YFslNNgtbeDP14ACdrF1lMXSDi8AkUuJ2w6x/LO6WEKo8cV0PFUvR6DHIjatS/6ttm9tJdRtX3b5sO5dyTrMeTv6qtOQY1Gk1l9jWRYvll+GXbAf+8pcufe+IHZ+/TA/+AYs2ryIszCKCm96wXq4Bs8p/ihFgS18YcpLcxly3FVqZIz8xB4Z9yYIcHinNMhGvOKXDnsSPkXUoB+s/Nm0jPxzN2i6beBsu/8sOg83LgEdM3c0UGVyRcctFhCZurPR6xs9A/WhmRCoj/A8V/3aVHR2Ky0HmyFKzue5Pe5khA2Sy8nv4QrR6YX3yqYempwGTxrZXu0/TymUQbmG1HXlVCk6cgYTFbK4NItHDsopML0QKBAwovtiAGnV5f7jA366XPo/3c7rQDo9qRuWZLMGAbXIHsgxFdnbMA/CXnf/8hEBuf8kdfUVX8U7EQgxoQGbOV0d99gCy0O6qZYwwk8rseGSLPk6nYN4ChiHvsoyrFjXUZJP8CR/wMSscKw4wqW0Y7ec56yiOJ/iPuVIZL+G6D56gZ9M+21dQp4QvfdPyEBElVSZNyBuo00ipJiTLs/G5Sh61oQCUZfWHf+1vnnkSAdoD2BpCqCoYm/ZkxYnOzU+7SCm2obHixcySCWz1B3EgwAargqaKECJNKpL+AR054jApYZVvIaJnERTPZvPqY8O7DkcLzJuvSCac2GwSqT7uG6722ZfO2geUD1REp1YWRtP5dHDIhG2Zg6rwQxCr6VdicHQlx90llaSWq9WtJU9xhw==,iv:OeFQXQdLbXynTqHxfV5OtWIzwckGDkEzL/IRZonpukM=,tag:ex0TYR1Q7LsCAIuHJJQlmA==,type:str] natallan.com: ENC[AES256_GCM,data:LFZgRF1LvGxERKW/oJh//K6KzgN7thRouJB2JDLyn46tR/1QVrhbOomVYynGMJayRC08wMY0nYABrkkVMkzXGWbcR1Qxwi8yWp8eDSGPUqnIvMy5y5N84HC6F6vuTbBkNlxOipAWgTLa4iG5UuIs9Rq4hk2oIDvNM4oeGScaLjbw6oOlMivRCqrzUsrqjnnR2AIkLsbb/NhwlKlfN+r+IzULi8dYtjvz38RJ+pQT7nFD4aq31hCKHEovH/FhP+JOC2Nw95gaa00ORodBqs+tdTgBH/7x6PomjiSfY9V/47XlccgBRR/ax6R8j2Nb0xydxTR2EVt19EUWpAsA18xjkWhefoD5qAPRI+MS2IQGSW8hO0wYVxQ2bCXohw2/AmqACNwar0Otbi7mlSQ+UmsWgh7CaWhWrRR09yljLs5nV/qKZl7v15cuzhyqYRgeQiwYNWYhK8L3HgBOy64sIFp3vcVLzkVnvL95213pg5Z+tXuwiyP3zPwUPHMOvsaajVJZtE4SEe70ivhpwgHJRaQ0KjtupCjZAYOpdOXyuyk3w2DF/kWpBGa04b5cUmIER4uFCbJwxhY5nqtMMdMZ0uzCzHxL0cK4JUWqfgXAJsPkn1qPI0bL1/k77MnSDr5wvaIqH2WtUc3tywBss5EdF7xb51FCRNfnDaGy1NI0465n02HkseyslWvXC9bOqO8VMfUOerxdqDtyPc8EAoJyCaZXHrYxq4DRXFi8pAek9VhBTI7xdWraIFbuWHXUswSeE01zeNVvkFKCP1NIclmNvtngJRwTUESPK27RLJisNM3oMGXOaHvOdz/V1Q==,iv:NoGshUs7G4p9wQ7O+PpxtinwPa0SrdALeK49SkwYLFY=,tag:S4L+h7wkP34DWxB3RpjqyQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,59 +12,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RjJQblo2d2NINTdabkhx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUlNkMnpmTjZsRnNBaitv
MUl5enArczB5V1JteENjNnJmb05uN3VDSkFzCm95THZkRmg2TkR1WklscW5UdEs4 U253MTlac3BueGJ2RG5SdUNkaExOSWYzQWxFCldOemJQUjFJdE04TjVuNGRIV2RN
MXR2a0JxZWxjeENyeE0xZFBYL215VXcKLS0tIHNZOEVFbUFGOUZEL1MreUlNamZ4 NTNocEZtd2tDZmFjVDEwR2liMi92TVEKLS0tIE1SUDd3andzeEFrOGxlZGdSTEIw
Q0p0MGZpdnVJc28zZUFOdTI0RjlkOEEK7YOXO0412wSTu+1oW3eDoA0p90bskEGv K1VyWHFSR1cvV25RTXIvR3BrNDZGczgKwaUCUNINj+o7d2DlIcq6V1Ls9ZJqxXQd
VEhdI4NgUn4Ibg2xOFLP4dTtFRLVoghkehCb8YO0Hci82gdAa3yF/w== L9lSOMTZ7wG2liFnySqCSKSSgQELCzHVRo0njv8LU7JLt2VFAjU2Qw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNV0JHei9pOFhvaFFuSGRC YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzOW9wVW9RUzFTdDRZUXJx
ZWMyVFlRZ0I4NklJSGF0WDRUNG5RelhTNDN3CmdRRC9QSkRnMGMrL0FLNzNEbVlB Uk9Vcjd1UWN2amFOaXM4aHk2dkg5ZXpGNTBjCnA5allSZGZWRVZVNW5GQ09Iekpt
NGMwQndWNitWZStwWmpZSStYMzJEZXcKLS0tIFdHVDVaL3FyZk0vQUhNM2xRS3o3 NDNoTUlZa0VLanBYTjlsREtZeGRmZzAKLS0tIGlNUW9OTHkxVkNrVXVmRkdBUWtz
K2xiRVFOL2hQSlFCNHNBblphdG1VR1UKMhrKTi5bsNAC1/JTcz1BTndXV81ylHZk KytWWnFzSVY3YU40bW90blZuWm1PTFEK4EDj8GtLCWcd5FIEx/fywU+XLVeU0X87
AqxpgFh6M/fI52KCzXTACQPbNUW9oh2vKmdNHFJiThaZl3k8vgbbhQ== UwJfkWaUYbLouqMTSKZZc1wf4KvL1GH1qyEANnjY6EDHf3kBGZMkTw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCcjdqWUs2L090TlB2NGxp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVGxsMC95MW5tZjRzSEQy
OWFwWGpMNTNvaEk4OHlOaXNzRjBEZW01SW1ZClg1d21IbkpTWXNHUjhGR3c5OXlp VmpqT1dSUjdSL25vTmJOVnlTR1lLWUdBdVJrCjk2TVAyWmtHSjVDNEhsVG52RzNu
cDY4d3p0MzJ3ZmZBSkxEa0VNbHpsOFEKLS0tIDI1QWZsTERodWZIVXV3eFhaeHRK aTNJbjlIbVFucktyd3hVak5weWtORmcKLS0tIFdwSkVGamt6dTNlOGNoVDJ1dy8r
MURpU21sNm1CYk5xd1dDNzAya0xiVDAKD6q1WT7nqaEb3ZxtZHvHWu3KP3QKf57j RExTQlByTm5NUFA2aW1tR2lSZ1Q5d1UK8e7BRwBzeOvOUXYFwkgBraP1+vrZ3HvL
35+K0BBQwvQajR8Pmq6z5uTP0SmuJhKrMG9/WbwCL0laRJHZ1SO8sw== gaMH+5AEH4GiEd34svgjLAtmbSzm2/VNhboxYmAWUk+Ff4jn7+tvmw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVHdsSkRiVk1ISU9SVVlm YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUHBUWnZIcHEyZXVUdGRJ
Y3NYTWN2V1ZIdUtwaTE1bllsY3M3RTZtQkJNCnU3Z2RINmZMdWNTVFpLNEpKNmhi MC9UT3lEM2hlOXJna1MzRzRvMjVtUThQWjBjCnB6OVVqNDE0dFNMTFBWMGkwSEMx
OUptWEx2NXl0ay9hYk1qWGRtU0MrdUkKLS0tIFVPRmprU1RwdjFjc09TeU9tam5K YkRQL1VJYXZjQU00YTJ1eDdPUWREeFEKLS0tIFpYRWtOaTlTWFFOdUd3VXZGNGcr
WEtWdENWbkFyb1o5b2FUc0NocWNoWG8Kt3qnXdryCQMSHlzQGdb/yd1L0zP+e++Y TXZFN1BzMEhkMUlObXdYV3BxbzV5dUEKCVGvWx1ZiU8VEZoFvThef2mfa5QmgYp4
QdYLfvzFu5QXoFzwbEPMrWMfZvt5hJ5hxgWTO6OqDX9p6b3AyMmOxg== rqgTrivwQv6uwp80i+mGzrVpdqhCYhwYgiQ29M8sGJqJSawbUTZ+5w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWlZIa0J3bndUeldPTDVV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZMDdGN3pRekxsbmdmOUNL
K2xVNFlHQ25xMnNHcGdEOXFlOU9qMS9sY3hzCnRONTBaRHlTNEJ5bTF6VTNVeXpR SHZJc0xvV2tvMi83dkdDT1Y0bDVIemt5QTFJCjZKbzAzRElMczBTNmkrU3lnU2lR
TjhWMlk0UFN1d1dqT2hFVERwZ01Ca3MKLS0tIDUvcTh2aEpJV1RtYUM2Qmxzc2x1 dm5pRDQvOExJTW5NRnZXNXVnSmx6UGcKLS0tIEdlU1hSQW9GaEZFeU1xUUFPcFZI
K21pUFgyb2ZHM1pmcVQ2Y2VXY3ZTR1kKGqi1hEmSR+wTaabmwZxvq2hFHlJwXo6K bFU2bmVvcDNSUUZqRjhXbVQwZDFzWGcKJBad1AlJUOPjvVVqFUuzee14Bkt+Ounu
BNSCTKdEMLuknH1+Hn1QkPd05eBRUj6TlNMP//23BHBN64K5BusdZA== LhhZ+UviDzZ2El1S4gwBY3Rut3aq/vR7n2EziXjNIz9OJtKW141LOw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTkxrelNzYmpCclNHSld1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMmVtZUhFUzlpVHNXYnFP
YmlkMUpXUVpXYlc4dE1oR2NNUU1rSGJrdlNRCjVtZ3BTdStnYWEzMnA5RmxwVU9N Z3RSa2JYRURQR0ZRZTJjMTg0eVlkNmZGVXpzCnR1TEduZFA2MzhGeStKMHo4SDNW
dUc4aGFWQnNXTXZYaW9UaUs3V0ZQQVUKLS0tIHRqekd1NU9lcVF2RHo4Njd5WjhJ WFplb2MyQnBjSW1oNlBMQXZWZmZaWTgKLS0tIHA0NVdhbVdncTZZMGU0cjB6cmxr
Y3VsOEYzL3dtZVRWREtySWU3OUVvcTAKiGVzvIu9hTFbw3KEWKzwp3hr8SJC5Ck6 Tk9pSnZsNEdmQ1UzSUQyeHEzZkZKMkEK2dAdumuwokijR1Oj6Bt1UXZlk4ZeRWq2
1oiLHPK36xK0iTiCFxrHfypwjiuOPC5hYNWBqAXCQ9lJ3qruZLjoWg== beEr19lYPqQVdluR5X/5+JYb+aRQCKN+y3VYDo+7a4bn5967xVilAA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-12T10:42:56Z"
mac: ENC[AES256_GCM,data:TVSeK1Ci9IpnhQonAXqunPvNJ/zQT3E4JnPZAqjaXL7xu1Hv1YAGea9RH6xMWB9jhU2nm8GiBO768yPrx32TQ5iMk0hvE556FeY3od1M2HK8fxeqebySuzw9+EMHFHdNruIyh4XGZIU+P99EnfsMnH4AsZtlkvF2UrhHudpJYBQ=,iv:G960JXYcvKGQBZf6nWhtXCPfFyRRuHxiTTXdar3QevI=,tag:u2RgMusHWBHrTFZQ821img==,type:str] mac: ENC[AES256_GCM,data:QF+mFqddIId16iEkXb6euJW/BUTGkwV+cIuJNWt6/rivHJCGYtd+GX6RgSui/hYKooJP04vFzmcaeilwvbq1/sR+D1exQZZ1p4tG5LFRTrbermPHvcYy7Lel7On1c1OkjPTR8tJ6Vhs1en/FESUeL1JdgAX79IPuxa2WveIPE2s=,iv:pM0d7mPEY2kQ70qE+uiawCTwqFzkY1UhIjrkdKejYOw=,tag:eR5gNrTbZuYz4MHOgk9VJg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

70
nixos/modules/nixos/services/cloudflare-dyndns/cloudflare-dyndns.sops.yaml
View file

@ -1,8 +1,8 @@
system: system:
networking: networking:
#ENC[AES256_GCM,data:xrdExx+mG8yvJowdOsxDm1aXWDak4Fc2n7n8W3aFm7OnlAGrDymmWh4EvCP9UImfT6dsgWjbb/TcFbGH8ATLpj/sjXfA91Y2iK+GDA==,iv:K7eNWL9MKzDu4lSZXrr6HDDco+BgUuLnwzXSjUPT+DA=,tag:y8nUEt+XaMfmA1JJqwDN6Q==,type:comment] #ENC[AES256_GCM,data:rMKS8YbaNQi7RL9FcxPX9GrbYQ56yzosmLzzL3AZeZvEVQTInKbbWR6tcj3AW5bBntzNRomeKMH83cdqQ2xtkqLH1RsTUmV/mr+8Ng==,iv:+bFJXtcz7kpOeRVUvco8MuwH6y6bb0HqS+R1urbbqQ4=,tag:9yexHkeG5jGtL9Q4tEr4+g==,type:comment]
cloudflare-dyndns: cloudflare-dyndns:
apiTokenFile: ENC[AES256_GCM,data:Rp6OM+m1nN2JTDwmtHeVeyktWGCeDoklE4pMoYFZlf9nw7AEPdX7fLpZnnxcz7yFx1Yv6ycKo7s/1S2VpoSEevsxLcDQKx+9AEhvCH7SxZGJrhZX34qgeez2hZBN9EGRcj0yTzWxfPcnVztXym4AoNlW1A==,iv:frSkgoxKljh59CqzKIlU1tLcqOU5BSy6zHfyKA97I8A=,tag:JZVKFScpTXCAdGhSViB9EA==,type:str] apiTokenFile: ENC[AES256_GCM,data:ImeFlc6BAwq+1X1K8PWegOIJDJzEW63VING8lH0aYgpRbInckoarJ6a2OfYD38Powynl8mLqkcDYrlvgTDF57sRzEMGBa8mybhYZKn4ORFZPkbTpon5GuAz55Vbt9nMgoLDwiwOaE+DN2bbLVND3absLfQ==,iv:rN81afwtVNZtFqwI7s1ZA+OGNp7236IvprPE6pBSVvY=,tag:ekjTmihMMhCuBYFXpgxkDg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,59 +12,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5YkQrUjlQRVhPRGtSNUxD YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva09IMGhuSXQ5dVVqZmtx
VHl0SUJEcUs0akplZzNRRkFsYkVOdFlacW13CkVvVEM2Q1J1ZXVxeXJVSnRWNDgr bm5UNjRVN0tKSytuc3dBdTdrUG9DZDBGVEJnCnNTclg1cUUxVFE5UCt4K1BobDZi
UlUxejdXN1JLSTRWSjJ2UGEzRFI3cHMKLS0tIDF5RGhkK3BWR3JaUTIraUw3c2ZV QllLTXFmY205cVlsMDI1cks4TEkxaTQKLS0tIGtjek5OZ21OREl5ZElmY3MzUEcr
d04xbzFPVnFob2JQbVhoRkYzd21zQ3MKZldbeUx6NXLU8qxOml+WXqfcpJVY5JRY YTNyZUtHTFhWYWRhcFNoN3ZCYjYwNHMK6wyDzfQAJe+722HF1f3DegqcdGsj2y1j
IsSALDe5yK/CgrgmC2H69GTBshYCHBE2las+UVJjSvQfUv4WMHsBoA== ZK3wfCxqo7X39goywNcbnVbugHUltMvd1KW7nEKMuCF/YV9EK521xA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNY0hNWlVaRm9iOWFxRkht YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2LzVrU25Qcnppd1pzYU44
SVBaZ0ROZTJFK2xhWHJuM2hNdFd0YmNRYmpRCk0rR1BkSFdrRFhSN01ZWDZDNkta Qm4yTlJkSEZhajJBTmFXdk53b0lPYUU2TmdJCmNTUDBQT0dIT0RnZ3UzQUFFbW82
SCtzb0k2a3loZEU4MHRUZGVSVEVXdUUKLS0tIEFBeE5BaWt3ZkxYajh2VlR1R20w aTd4T0JKU0p3NFQ2NzJHR1VMbG5BWGsKLS0tIGZPa1hqUzFNaDZVWjhFRi8rZXRL
WHdEV2RucDNnSlZ6K3A1Y0JVTEN4REUK8OGgcNn9J2BQAoVw9YVU/C0jt/7rUL+Z U2RtMjFSbGRIS1FaWFVOSHArWWFJYU0K34Ct6CN5d96bBB0XBYYoVwL+i8+/pAJl
QRGNHxQfn41+v0qm5fiX7Rfyjx9HUfcLf+unj0oCNMwKXvRayMZlbQ== qpSxekXpw8K1nuHLy5102Vws0AEEMCHNAkEHsjesMXjV3S/cjJWMig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZml2STc4MWR6RUZxRHlj YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRVJmcE5VYngvUGRBMSt3
UWRZMVRSQUlxa0VyUTlPT0w4aThrdUtyM0dVCnY2N0I2YTlncVpadUpKelgyVXZa dHRod0FMWmVOTlN6eHlvUE50dHNiMzRuZ1V3CmpCamdobFhoNVc0amI5TUxHck9y
dHZNQkRZNDlnUmIzK0IxdGJDMUlWK1UKLS0tIFVrR1FsM0JaUE9RVHhsaGttTWxL MHo3RkdPMnduK3QzZFlxYVV1VWZKQVUKLS0tIDFFR2U4cVdRN2RaeFFuUmtCSkFE
QlJ0VWxBT3p6UkVVWVpVekwwNUJMU2MKreBun8A7dy1VkUjdTQqTmKz3mb60AmUd MnZVeElOTFJGc3kxS0NxZ2xvaXdOQjgKOPZe0NQpG02tsAFFpyfDQVsCw2lZeSOr
axdWZU9Qk78S0AeE3zrr80NQHw7i4oiSFs1Lyz2N2MtmdMMdGSVROA== sOPOXV/zPxCGYqs4dxzx33RG/YaiAVtqA6wp00BE5y8jrxWU6HOv4A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcEVHQUtRZmpwd21lOFdV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRW9mcnJjVU01Ky9PUFdT
ME9IbVBOd0lPQnFvdTVhU05yaEVON2xlTjBvCnBiUUZTaVJSLy80SVJGQy9NVlVw TmNHVS85ekhSTGE4aWlnK05oUWFIdTBnVGo0ClYrNzh5WEp0UTJmdFFkSzdhYTdj
REJRWEhrZHR2Z2lJeEVxVlBWRUd3ZkkKLS0tIGhPZDdoSTJ0WCtCVC9IeXRwVFBp d2hOVWNhQmJQNERSdEpBMDJNbEMwdDgKLS0tIEtrV2NFTTNDSS9rL1l5cWRvdlAv
WFZFbmtVMXo4WW5NQkE2U1RFLy9JMEUKzYezCTgRxYKwSn+3cNZ5KgiX55pvwZBf RWg4VUoyLy9WTis0N2hKSXNVRW1wdDQKIpSGvd5Npk0RrfpgvkFI3VCaMmoMd/uX
vFcy2V/nYpyvULGZ5+mdPkPwJQqIE6olD6GtWoLtIc2y1GUk+T6M6A== J4ci1P2jMb8Q+oeNi5MulBOJMx6P83BLqzTZC2rbniZJH/ItUZL1ow==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWd25WNnByTSt0UnhnTStQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMjExWXkxbjYybkE2NEs0
TWZlS1V3elNjZGZtWXlvSGtIemFMTkpTemw0CkUyMzBkRkZ1SzViTTJFMHo3bGFp c3hpV05oMU9PWEFMQW9OUXN5SzJYZTJZVVg4Cm9nWmlKVU15OFM2YjM3WVdrYm1w
ejR4dkFFZ0lnQ0NhRFRvNnBxYkh5R2MKLS0tIEpLZHZFZUxxWkN2alJGZGs2VS9L NTA3QVZsMUFzR0psdWg2N2N0VjhlOUkKLS0tIExCbXZoSTJwMW0wSzZuYWQ5VDV6
cnBRTnYvYk5Kd3dMZXRrYXA3YzMrME0KtpMwDN2wTJumIyGcR/ww36VITWJ9DGvo d2tnMXJPY2kxcFJKNDdWY1dVb3pYVVUKVCfLKncZvTagMZ5pLnzryIPxvILaXo9l
kf0QBL7cGbEQTlpcNAwD43Mb4Wakk5COK9qWbSsL1qy1UyaUWpqA/A== I004nyoMSOasctN6+TbVV+qshTa4pTZsn3czjOgTMb3fg1QCVLLb8Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORTFacjRLVitKRDAxQ0lp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcTBhemdHcEdrbTQ0SFVQ
cG9KNkhGOGo1UWtsU0lJa3BoNDBMQ3RncVNVCkVQbmJweElOQWl6UlQ2RlJpOGVY K2h0MmpRZmNtTG9GWm1jaDFnT0grbmk2N0IwCkt4THh6OFRNdUltZEc2VXQ2a3Fs
anpISGlEZVZNZnZMczBKMmNoSnhOdG8KLS0tIHVvTWJ2LzFYQW5vUlliZGVTY2dN alQyUW1NMGtVYVFtYzNNT3hYdzZEV2cKLS0tIGVyK0hPUWRPUFRCdGFscXFRVXB2
UVZPL1p4ZkQ1Z1pnMEkzU2x3b0tsdGsKVPnAAQd9RqYQW+TUJ+yMqdQIVUyjqvf+ QStyYVowM3NDZVErSzlkVGV1WXRndFEKdJdRlJp6W9ZgSihAwDnw75mnj1JtZns7
mcEbwNKI2ZHvGn86JzqJNGnBLy8kY742aQcKXv3ce8+R5zpMh2jchQ== v9DG0nl9+O3Z+e7HXX/LKg7DhjizfNjrwXlh7YeuYvQqTS2Hw9F9KA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T11:56:37Z"
mac: ENC[AES256_GCM,data:qw4g+yKwgoOa2kS/tj1dryk1fAUfhsn0fxj6ZAFT3qrv92d81vvb1ioj5qqGFNArCe1/vnRxDuTB8Vv0cGwIAxQf9X6rNYJw9/QzxeVDL0pI8/EK+mz/SmFA6T6l9/2K15USLOzcFovqTzqoK9EqcI46jLKYH5jvZcH8B6K3OGU=,iv:YtTCXwza5zIMOlTIGD5f7/JronMPRnM0uLUYaeOahAw=,tag:0t0mCAunDrsxB34GVywaLg==,type:str] mac: ENC[AES256_GCM,data:OEzJ9yXtbBf89s7d780P7Zy/bTH9WJbimuW7MPh4VVy0V+O23EEkEg+veCsJqNyqwCGZc7jfHkgBDglMKk/rcF6zYFOpxq359kLdXrbtdsb/74SRylN2ux7YwWMZNIlGN8eIMo4nqd/47SH4ALmH01DqztFjaXQZhe0tvUT1t0w=,iv:WVzo5MR7tmFqYGL0SpiDAkXkC3kS/+rUemw617bcR7Y=,tag:94M7kvTQjuO1dSdl9ytAGw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

3
nixos/modules/nixos/services/default.nix
View file

@ -11,6 +11,7 @@
./nfs ./nfs
./nix-serve ./nix-serve
./bind ./bind
./glances
./syncthing
]; ];
} }

68
nixos/modules/nixos/services/dnscrypt-proxy2/dnscrypt-proxy2.sops.yaml
View file

@ -1,7 +1,7 @@
system: system:
networking: networking:
dnscrypt-proxy2: dnscrypt-proxy2:
forwarding-rules: ENC[AES256_GCM,data:OqEb7P7c62CRZ8oGa2q7g4fuVQmG2H4nLpxP6XxKC0i6ibOqrRMXj9smSorlTGtGhQEk28i3rXlTZblQObXYnXn2KWglZhmA2EDOZQ==,iv:XqdkpxdqFALb4nv2JVSagjPtcuSmUZ82k/OGzrRfkzs=,tag:fhmeV4AO4CcNSe1TLQ3uhg==,type:str] forwarding-rules: ENC[AES256_GCM,data:XsHHK0gDDDi0Vjxytx64QXtX+CEb6BoPCbfg3TnAnpG6uFaor3/YEJHNnlmguVlThIjbXAf4B1TeJf1Mch95y3iN1EG2iw+ginzejXUFfWPahOOvKnnb+rXSsdiqX3bXKbmcx2IrSINKhQw=,iv:MMccx35r0sQz5irLHmeZLQbAFNZZq49nP7CKmMPLg+w=,tag:xCAKUdgPIpSKky0WTpsqKQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -11,59 +11,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJT1lrUUlRNjEwSGVEREVi YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXb0hRQjJKNEJncWRTUGw5
cHp3dHVQTXZyWXhWNmk1U0sybm5qdUM3aWdrCnJkZmZWVkg1S2Y5M1I5UGFNL3B3 QjRFSkk4WXVmdG9XNE03V2NYb0pnUCs5QVQ0Ck1aWVVGTmtmQ2pZVUVyRk83WXlI
V090RXUvdEtkNEhBS1BSUlpHbURkUDgKLS0tIEdSNGdWRyt4b1c3cFh1VFBZTktE VkcyTis4UU1SOWdFTGRIOHhYQnhVdjQKLS0tIDRLS0dTNk9mOVByK1BTSm50SUds
Yzh5OWdvdTZwOEpnYnBRVzlGL01LNFUKPpXMygtxw4tOAKmboe8yxmiiRoDJhVkh eVRPSkdFRGFUaWJZMzFjakt1aXVRYkUKmi3m1Shpz+nMJ0lGZ8/JBJQyZ4y/CWwL
4YY7sbpeoDYVwfuJmMkaKGfPWDr7REbxVzZDoyw8fFh/Ea0lcqVfbA== yb2U4SZFEzBsxszKCBl0rk90Hpx7HduS0hDVauhmfWzpYzr55bEh9g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUjJGNFlmbk5PdldYOEM4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJSFpKdTVBUUE0UjhRM3hK
eGZwaGJNdWdPZ3dpbE5CQWJRRFYyV3lPdGprCmZjQ1YwdUVra0ZvQmIzOC8zU1lU NDB5KzNJOWozK3cySEZYbFdJSSsxTWdVWUJJCkJ5WjY4Y0xEY0RPcGplM0xsUWRY
VU1nQUU1ajhNOVdVNFVDbUR5TXlSZEUKLS0tIC9GZzJXS2VQck9zbk1kM3hhR2Nl bWZEaFpBMnd6Rll3MVhlNi9pQlA5VGcKLS0tIFlSdVVLTzd5RGlPY2RSN2JRdldN
dFdjRzgvMVBCckFCdlFnWVAvTCtHSW8KaAMKb+P9TaavlrFt1esYlOO7XuQ4LTzl UFdXSklWd3UwbHZlRVR4RmZ4VzF5aU0KsAwJJimAUcW7pGJfZ5RIHNHQtAwy0HZj
MlxgJIjgSGmOc4dRLK1fRFvcFRTRl+0LsqZT1OkE3wWLXr/ElN0OoA== oaaeV704j6VtFUhv2Bcf8OYjA0dH8RIn8psYS0j2WCnNrC19q3Nwrw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXT3UxYWRzaU5oRXZTYlIr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5K3Q5VlNZaXVNdklybDF6
KzhQVklzN1ZzeXZuc0doOXErNjdwZitHb3dVCnpMaVRuZ2gxWFpSd2JyK1U4Sytr QUFuNDZtOFJINzUxdWNLU0YxL3JQT1lJcjFrCnJoZ3Y5NFNMd3grTll2QktIQVhp
c2FBeTdBOGo4WGFyaDdqaHdPbGUyU2sKLS0tIG4yYWVoTm9oc2RtRW9XdCtORHda Nkc5dU5uVks4MVlRVTM0S1RFVlo0aU0KLS0tIFFpV2w3M2xwU1k1ODVxVU5pMnpE
WVkyL1AzNGZ4YzNrYjRPYU9CMHpqeU0KESkMmihHwhh7oIW3mmmHJwFfdfEDWkI0 ZWp5ODJYVkZjekFkSTcvRU45MjZJcTQKCX9kK2wNXJJOLNJnDcvJ5zBumLZeU5Fe
WWA3656EKVXQ2s3bqUfeOS+6rPLmnU1bkXO5okWIG6j7BXyO+dPp/g== 2yUJJFfZe9mkzXz9++muE3LpBh9rlyXvnuOMD+0V3+Tgqbax0tA5qw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBR1dDZUlWand0ZXNlZ005 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcXZVK05oV1BRK3U1dHFp
WXU0djlkWHhIRnR5L0FNcEFZc25nNlMvelRJCkV0WERlS1A5L1RTUE1jSlNYb3hU OVZoTlpDdm52SHFDZ1ZobldKM3IrTi8wYTEwCmhNNFlZc2NNejZwK1FxbEdvMFJC
YjNBMTY3d1JPNHdSaGxVSHhpR1J4dGsKLS0tIHpRYXdhR2Q4OGswNWthSXNCL0ht M09DSFJKK0dyWk1mVXdHZDlnSS85R2cKLS0tIDdkZm1uaXR0U3NOWlJ6WDkrK2Zu
RE1YNnhzWXV0U3VLQkFOMTJINTE1eG8KcvhtqFq0ywMDxspOxq7hKoteU8rTixsi RVZ2UUJ0RWo4UzlsSUhWejZySHFGZmsKOXFJVA3AHLgSyIPEn+RtDo0f2oNBUHuV
M0xrR9hSFDpytNqr1qv0hZIaIrl80GaBkzhogRaT8RDito01B5r7Fg== pgjTtjD7bsrlCuhH/mMPFCHf7PH8XZA8PMDfU3hNvpVWxOB2io4RvA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrRVFYOXVpTVNpOXBiMGI2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WUMzeXFmcW5WcFdnOWZI
N1UxVjkxS2lvT2ZNUmF1cnFCb3Fsc283NVFRCllQR2wzclpGTjJjWjV4cW9mdmxQ UDBYZyt4Y0hQRkhCaE9MMVducVBRU2szZENJCkFHNnJCc2Q4RlJlUlpKTnZLM0w2
TjRBaXdtbzg0dDZZcVU5UDZOMTBuR0EKLS0tIFg2UVhGbEYrRHVUT0I3UDFTUUpp aTgxeUNCRmpWZ001UVRLNElwcWxUNkkKLS0tIFBFNnVOUldOcUVIVDk1TjgyRGJJ
YUpzKzUzRjhhc01ZL3dERUZ4R04ySmMKpZb+juKeLyo2oIg5ottWszJ56uiRbQaW UlgrT0VwaGJISUxpeUxuS1hiamJsVTAKVZKDd0naQHxadHsd0eRNWqweRb/7z6Q1
BVdydsbyo/++odMEQzlIh+MHFaHioSSztyQ0el2WDzAkby1xK7iGOQ== Mf3NbnkQOKTMILntxousk8ZszvDQVZ87wyZ3mzmGay1B2B19QrPkGQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBueVJ2MGN3WVJFNXFSWUN5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVb2R2YzV3eHF5UGNPZmE0
ZmVFWndCYTd6QWZKamQ2by8xT2xQTjFGS2lNCitsSzhUZWVQQzZiUUpDbUxtaEI3 MWcyK0NwNFdFVXpzbENFZkM1dDFMbElRUWg4Cm9ORXk5TCtzdXRxcEhQcURmaCtI
dFdyeGZUOE14MG9rVDRXRTJTdTFkbjgKLS0tIDlEM3hjUFR1YXVUZzdNc2tUdDNV R1BRZVE0WHF6THh1VGhUVVEyTFZHemsKLS0tIFpGVFJGZFpSenVLNkloZlhvK0Nz
OVlPVVgySWNsZlVTcXBBVVhyUUVhdGMKrc7PnV32vHEcdOC5bPi/ZEEfwDkvwkIF QThCYlc3N0ZtSnBES2dCWm1PMW42L00KSmKKlPDzs4sUYoVZOzW4pAsbQP4m2gu3
OJeCIpfOQ76aeV7Lsb5xSeDYkOFGEfsnvnayXABZjsp05Vz4Y6Qspw== mPTtlyqZrSbhGSgtwEw8C+p+LZOqQXnelkhGb8I759TpR7DASrqP8Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T23:56:52Z"
mac: ENC[AES256_GCM,data:qJxctGzBG+I9sb4NF0bRRf08C9ughPyvIxDk1lvG9ypbU9eqZ/sZXTbhyBvz8D68CfyouIjnZctsts/1urjZTBD0Z4C3eWtuwWtJTqnO4MzuiMLUCgpNaT1ouhCFKQSpaJbtF5ioo1eYZ/DuGRD04WDoFkuqhB9J/otveuh4+9A=,iv:Ly92+d3lcVSv2AMOnUjpqxsXMozlLYMfAG2DQGQRyYA=,tag:InW7hx7Yc3Qve/JCe2pq2Q==,type:str] mac: ENC[AES256_GCM,data:z4v5yRXeB/MCa3ltyf9KZl6NEXqsiIfSmEzzZAJRchOreJ1aIjWj2te5DM0n/08iW2ijFi/bekpcsl3U+5UJkwAjA+82zlvRnw91ppmb7mtnojEq25yhpB6tAUXoimLmT21saY3PnrHx/DFeVqg/P6cX/pGo9iGB2izwH7oCfUI=,iv:NDr9ypPZlTXS5npdrRGCwI51zhU0qCkvEUZfx3JxhUU=,tag:v3NLWsekZlxRyLsCCNR/Vw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

94
nixos/modules/nixos/services/glances/default.nix Normal file
View file

@ -0,0 +1,94 @@
{ pkgs
, config
, lib
, ...
}:
let
cfg = config.mySystem.services.glances;
app = "Glances";
in
with lib;
{
options.mySystem.services.glances =
{
enable = mkEnableOption "Glances system monitor";
monitor = mkOption
{
type = lib.types.bool;
description = "Enable gatus monitoring";
default = true;
};
addToHomepage = mkOption
{
type = lib.types.bool;
description = "Add to homepage";
default = true;
};
};
config = {
environment.systemPackages = with pkgs;
[ glances python310Packages.psutil hddtemp ];
# port 61208
systemd.services.glances = {
script = ''
${pkgs.glances}/bin/glances --enable-plugin smart --webserver --bind 0.0.0.0
'';
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
};
networking = {
firewall.allowedTCPPorts = [ 61208 ];
};
environment.etc."glances/glances.conf" = {
text = ''
[global]
check_update=False
[network]
hide=lo,docker.*
[diskio]
hide=loop.*
[containers]
disable=False
podman_sock=unix:///var/run/podman/podman.sock
[connections]
disable=True
[irq]
disable=True
'';
};
mySystem.services.gatus.monitors = mkIf cfg.monitor [{
name = "${app} ${config.networking.hostName}";
group = "${app}";
url = "http://${config.networking.hostName}.${config.mySystem.internalDomain}:61208";
ping = "http://${config.networking.hostName}.${config.mySystem.internalDomain}:61208";
interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}];
mySystem.services.homepage.infrastructure-services = mkIf cfg.addToHomepage [
{
"Glances ${config.networking.hostName}" = {
icon = "${app}.png";
href = "http://${config.networking.hostName}.${config.mySystem.internalDomain}:61208";
description = "System Monitoring";
container = "Infrastructure";
};
}
];
};
}

68
nixos/modules/nixos/services/maddy/maddy.sops.yaml
View file

@ -1,7 +1,7 @@
system: system:
mail: mail:
maddy: maddy:
envFile: ENC[AES256_GCM,data:O7Wj/RcP8aBWnhxhDrxwu3pZdXFtarqPvRIK5ijO33nIfZ7Lvuh/tJcriQAvu3kSQ+UwfURLI2z/1BPOsBx9T9J8gJvPUwT/9BbuuaTsAfQjf/mmF2tBWBLtJ16VL+omS8h0gJrzOw8Zi4HtRAnO6+IW7vvqdNqH/0KGKeINpNs/Dxs=,iv:DQDHphtI0I95V1E1EvcTfIktr0Q5hyGL46IHtIczLFY=,tag:yK/Bpwf6BgZK0KODps0/Mg==,type:str] envFile: ENC[AES256_GCM,data:QIP7YvY/kYYkqwxwLsrRC6ptExf2tzw7/+t4fdkyDwOUqWM4dI0TpjKr1LXfASCjHrVwb2a6+iqt7N+9ievD4MsrEEsoRYMYIjOlpsmPiHam85ql5WJlfTbOy91VebN35Q2aThC2NmeGcptJ7UX7cigO2KcmYPa5i4evIE+grruoQhM=,iv:0x8ezgw3xDkhQRYbASpz4IAw4hE7nRzImB/5rrs63Rg=,tag:Azm6Fn1gwLibRh7wjD6rWw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -11,59 +11,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VkJURmFnSlBqRFMzR3Bv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdFBMdFg0aVdXVTFWSHY4
VUVzeGV1UEdqOEZxQWFhTlR0ckhHNldBckNvCjFDbU80WmFTKzhPSkJoeWJoVU54 STNQcFM1VnVnNHhkVmhhMGZpb3V0ZnJBOGxzClcyQlBOMXo1UXRTYVkyQ1FxSU52
ZWNmbUljKzBqNWxIOVlNeVQrenNQRG8KLS0tIE03NUFxcGVueG1ueXdNZ0xsb1o5 K0h4SjJCUHdZcS8xQStSTFU3S0trTDAKLS0tIGV3WW8rOE8rSmhLc0MwYW9tVDZO
MWhmMTk4R0dUM2Nsb3o5dUlvZ1k1bE0KBXVMIte5E84vKgyEUgZdOfUasJNTN4US ZGdpbmovK3NBMms1Yy9WTkk5eE9mem8KXnwaEyS2Ztwd8NVY9R+B70AwMukAeFmf
1IpvfJ98Upss6id5UhAgQSLEdnUJNjOjz38lxhufinbvxwsiuGzyHw== 3Gvj3C57EivrRLDTgot5Sh8TSni5VAlzXJPwwSfgEIiia4qiSUkkXg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OTdhekNmTVV4aDhQZ1I5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6YnlzaXRjMElRM1djdkNx
d2Faa3BJMlBab0YzdmNjTk5McGZvZzhMMlhvClF1K3lKV1VCTkRIRDQvZ2RQRDk5 UmprK3N2UmxyL295UmhoRC9DS2FvNGk4eEU4CkdiK0xVWWt6dWJEcHpjSHQ4elpq
cU9VZG1SZjN2b0MzWmZ6cEVCdUh0NlUKLS0tIHV0bXhFWkhoTEQrdzF2RkZnTmty WHJhazhveUgxUW1ObWRmaTE4N1ZUMkUKLS0tIDVYekQ0OE1vSVl4YVFmZTV2VEl0
Y0IrcHhHcnpLT2Z5M2Q5YmVuWGhYSE0Ku8WrjvwEJZQXdLKoUvgZQZTM/akml0kO amQ4NnU3WFRyc0FBTUk2NmZqdm9haVEKZ67m9O3CLBrF0U2q/1x1KQYx1gxs747t
lSTUMDfBqQLj5mXwwMLvffqNdiJjL3ONpyUHeyDlWQG6MRTY/kYjnA== KDNfjNXQgIx3VI6xgIVOflzK4vePUWWQ4OMr3M5h5qSCKmHImIMCvQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZUw4N3U0ei8rNUV4VCtv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbUh2TFR5c3d6MWdmeHBr
ZEhpZEc4M2s2U0xlQTlTNjZWcnNMYkFndVE0ClpCaldTVFJobnZtSW5BK0M1RFI0 QjNpN1EyZTFINVc3b0xaMHB4dzdoWUVzUkJBCnBYKzhNRHF0L3JiSlpaM09STlg2
bW1PTy96cHl3NnZJQllNYzlMdy9lWm8KLS0tIHRKT0lGa0NGc0NRQ0wwY0ZseUlZ V0RiYTRWUDhPV0xVK3d0VFFVeWZzemMKLS0tIE9kMys2QlZ5VFc1UnI5RTdSdVRX
N0RxTFdoUU1LdkdQcHg2OEIySHFVNDAKeXH3fzCqd5zoCNSykuNIp39S4Ntvrg8z dmNZL3IrSFRSQXFnTTBzMVEwMVg3UlEKxf+eHlF4Lq5XbnT89fel8+332gYNKv0O
g8UgS8edE4q2/wzvhKh3yZXhEnyUfVPKzUFHVaVcIzaQmQitzF8kgQ== toOh5OJvN591LAk/NFy32BYXuxL1Fj3AE6wFvpx5Bkl5UYrWmwbHjw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRazZyVmVDYXFuL28zTlZ1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON25iQlpWK290UkxHK0Fr
QTFIdTRlekZJUzcrZlc5NzhJUG83NWxpd1VRClVnalNWaVQ4NjB4V3lnSTUxOXRz dWxCRnd5bEsxL0F1Q0NWd0NCV0ZJeFlXaUhNClVVTFhsZzIvRk5vQXpaSDdOT0VN
VTZkTCtPeVdpUEgrbTdxcllSTTBtOTgKLS0tIEpSK2ExT2pHNGh2SnpvMnBoenVG UDFTTGF1N1VMU3g5ZTVUWStmRGtLQjQKLS0tIHV3ZkpnbHcwai84NS8xaVAwUG1G
Mno1dkxoc21wNGJpZ2pCSDZ2cGhSL2cKz568EszLyjw8GjZcvYB2uHkjUpN+owhn TzlsSkdWZUF5TnNMRXFKL3dXN1Z6QzQK8JCT3nzdHwkpoQE3tvSPSzoRYd/gwdpr
2Hg3fsqFO/Q+pYEZ2uC4aPs2pVkoI3GN8AnvXpX1UdROlPpoZB4S8Q== 63jF28zhmEY8hoMxof6rfiqk9souAobIzwbnfW/CkF86L5iS/1iepQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMzA5TlVRRjZrTm9mSkEv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHSzdsa3Q0SUQ1RDBsN2s0
UVlRU0Z2dVRsbHE5WDVacXA4dUkrTDdxWjNvCkt5b3pFSDMxSkJvK1NBa3BEK1pQ bnBPM0dwUFRoalVqS2d1bVVQbUNOaVh6M21jCm9VYlRydlZtV3MwZ1BPR2g4dThu
WmF3VlRDRlprRFNjRTN2NEZVMS9QZk0KLS0tIGxvdUhSdTlrNmlTejk1Q0xxUnJI TW5hZHYyc1VFOW1YSURRN0RiRFJyR2sKLS0tIGF4NkZmQ1F0WTcwaFB0d3c1V0Zv
dlVRbEk3QU1kbmkxYmpiRFZMSnNua0EKup42WKbdn/e52YIys7Btt5dGbOS0C0t0 Ynduc3pCcEVhQmdoZWZvZDg2NXRWWHcK884kU6xQiLuJ8foQY2rdZHEWzqGo1FGd
r3ifAGANhSGm/47OGmrp3D3zBdDPJynt2DXjd+Z4eSpGyXlcNmKdSA== /Xfj8A7EGJWOSdi/n4dJZ6AWB7Z6rPAAzNBr4Her1yckG7JVxv4Oww==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseXp5L2F0SmFYV3JRQkRy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxa1RkMmtaS0pSOGU0bWJN
TGdQaVlETFVYODNORUxDRHh1UTJpZFI5S0c4CllNcGQweUUzR2Q0bE9ZL0dtWVY0 R283VWU1cSs2eGF3dkJVejI2RUhManJMRUNJCkpRV2NCYklzeVdYZ3VySzZ6MjBq
WUNMRk96YzdQdXc5SmxLSldEUDd4WlEKLS0tIE5HY1kzWXRxWGRRTEJnamlBbUhk QTlpRWRDTUx2YjZIREhyb2pMcmFKeEkKLS0tIEtNKy9DQjJBa0VZeGxpUzI4TlJl
UEdsT0tsRnBWeGRTNHRtMEw1STFRRjgKEFLv+SdRAulVyQyUZKQjOKkg+nzqlnY7 THlORDQwdXJ3RGZmVTFtaWNlODhVYzAKKDvNETiOrLrrE6eiYM45c7JRa3UCx1iF
qvCpAqEciZbFVlpD/aaLQ58jP2Ly/t1aHQFcWnEIWuhPYXw+k1gmOQ== soxcSqU7iKhr+bvo2X8idMQlwS9EhkPerFMWcON7ubcW4IznSMCXhQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T11:56:37Z"
mac: ENC[AES256_GCM,data:bMDjOYp2S9uT4671XD4T5LRYgoVBftLLbpNKsmx7ALlgcbSpHHF64k8IiR+KgUeGPp7uNiMGe6BT3w4be//yWUxJVwydxjF/V56q/VkYa4SRU+PZZw8bUp/rE2RnczvJp6OwSt/dAmyFfY8UG9bhNOGWeBBfwjrgzS0pfzIyVJ0=,iv:p5tDvddXy0cApRfeQaYcEYEpqGYPDXl/TrayS9qcmCw=,tag:Khj3RUhrbFDtPtwE4BGNmQ==,type:str] mac: ENC[AES256_GCM,data:QmlccYlL5IJD0OJ8CGfpma6fXSsrLISvBIlv8yvCFMitPnrFowWYzwN5EDOFIEGq1bIKef0tygBC2JDua+mH2xK5ZKftC9tTjhavZZpw4w3nWq1PP2zZWuPh2NmoSk1RtpQ760XTs1U+AloTJGIiCIUxhO/OT9fLo8WW2GyMJ1A=,iv:zXfkO1vJc1EtKgOz3Qs8BtwFQPGCvvWzLu60seO04WM=,tag:kzUS6IPrz4I2ke8kVviPgA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

2
nixos/modules/nixos/services/nfs/default.nix
View file

@ -22,7 +22,7 @@ in
mountConfig = { mountConfig = {
Options = "noatime"; Options = "noatime";
}; };
what = "daedalus:/tank"; what = "daedalus.${config.mySystem.internalDomain}:/tank";
where = "/mnt/nas"; where = "/mnt/nas";
}]; }];

5
nixos/modules/nixos/services/podman/default.nix
View file

@ -31,6 +31,11 @@ in
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "podman"; backend = "podman";
}; };
environment.systemPackages = with pkgs; [
podman-tui # status of containers in the terminal
];
networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ]; networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
# extra user for containers # extra user for containers

39
nixos/modules/nixos/services/syncthing/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
cfg = config.mySystem.services.syncthing;
in
{
options.mySystem.services.syncthing.enable = mkEnableOption "Syncthing";
options.mySystem.services.syncthing.openFirewall = mkEnableOption "Syncthing" // { default = true; };
config = mkIf cfg.enable {
services.syncthing = {
enable = true;
group = "users";
guiAddress = "0.0.0.0:8384";
settings.options.urAccepted = -1; # decline telemetry
openDefaultPorts = cfg.openFirewall;
};
mySystem.services.traefik.routers = [{
http.routers.syncthing = {
rule = "Host(`syncthing.${config.mySystem.domain}`)";
entrypoints = "websecure";
middlewares = "local-ip-only@file";
service = "syncthing";
};
http.routers.syncthing.loadbalancer.server = {
port = "8384";
};
}];
};
}

72
nixos/modules/nixos/services/traefik/default.nix
View file

@ -7,38 +7,22 @@
with lib; with lib;
let let
cfg = config.mySystem.services.traefik; cfg = config.mySystem.services.traefik;
routersFile = builtins.toFile "routers.yaml" (builtins.toJSON cfg.routers);
in in
{ {
options.mySystem.services.traefik.enable = mkEnableOption "Traefik reverse proxy"; options.mySystem.services.traefik = {
enable = mkEnableOption "Traefik reverse proxy";
routers = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
description = "Routers to add to traefik";
default = [ ];
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
lib.mySystem.mkTraefikLabels = options: (
let
inherit (options) name;
subdomain = if builtins.hasAttr "subdomain" options then options.subdomain else options.name;
# created if port is specified
service = if builtins.hasAttr "service" options then options.service else options.name;
middleware = if builtins.hasAttr "middleware" options then options.middleware else "local-ip-only@file";
in
{
"traefik.enable" = "true";
"traefik.http.routers.${name}.rule" = "Host(`${options.name}.${config.networking.domain}`)";
"traefik.http.routers.${name}.entrypoints" = "websecure";
"traefik.http.routers.${name}.middlewares" = "${middleware}";
} // lib.attrsets.optionalAttrs (builtins.hasAttr "port" options) {
"traefik.http.routers.${name}.service" = service;
"traefik.http.services.${service}.loadbalancer.server.port" = "${builtins.toString options.port}";
} // lib.attrsets.optionalAttrs (builtins.hasAttr "scheme" options) {
"traefik.http.routers.${name}.service" = service;
"traefik.http.services.${service}.loadbalancer.server.scheme" = "${options.scheme}";
} // lib.attrsets.optionalAttrs (builtins.hasAttr "service" options) {
"traefik.http.routers.${name}.service" = service;
}
);
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
sops.secrets."system/services/traefik/apiTokenFile".sopsFile = ./secrets.sops.yaml; sops.secrets."system/services/traefik/apiTokenFile".sopsFile = ./secrets.sops.yaml;
@ -56,6 +40,7 @@ in
users.users.truxnell.extraGroups = [ config.services.traefik.group ]; users.users.truxnell.extraGroups = [ config.services.traefik.group ];
services.traefik = { services.traefik = {
# TODO refactor into subfiles
enable = true; enable = true;
group = "podman"; # podman backend, required to access socket group = "podman"; # podman backend, required to access socket
@ -76,12 +61,18 @@ in
# Allow backend services to have self-signed certs # Allow backend services to have self-signed certs
serversTransport.insecureSkipVerify = true; serversTransport.insecureSkipVerify = true;
providers.docker = { providers = {
endpoint = "unix:///var/run/podman/podman.sock"; docker = {
# endpoint = "tcp://127.0.0.1:2375"; endpoint = "unix:///var/run/podman/podman.sock";
exposedByDefault = false; exposedByDefault = false;
defaultRule = "Host(`{{ normalize .Name }}.${config.networking.domain}`)"; defaultRule = "Host(`{{ normalize .Name }}.${config.mySystem.domain}`)";
# network = "proxy"; # network = "proxy";
};
file = {
filename = routersFile;
watch = true;
};
}; };
# Listen on port 80 and redirect to port 443 # Listen on port 80 and redirect to port 443
@ -96,8 +87,8 @@ in
http = { http = {
tls = { tls = {
certresolver = "letsencrypt"; certresolver = "letsencrypt";
domains.main = "${config.networking.domain}"; domains.main = "${config.mySystem.domain}";
domains.sans = "*.${config.networking.domain}"; domains.sans = "*.${config.mySystem.domain}";
}; };
}; };
http3 = { }; http3 = { };
@ -173,11 +164,11 @@ in
http.routers = { http.routers = {
traefik = { traefik = {
entrypoints = "websecure"; entrypoints = "websecure";
rule = "Host(`traefik.${config.networking.domain}`)"; rule = "Host(`traefik-${config.networking.hostName}.${config.mySystem.domain}`)";
tls.certresolver = "letsencrypt"; tls.certresolver = "letsencrypt";
tls.domains = [{ tls.domains = [{
main = "${config.networking.domain}"; main = "${config.mySystem.domain}";
sans = "*.${config.networking.domain}"; sans = "*.${config.mySystem.domain}";
}]; }];
middlewares = "local-ip-only@file"; middlewares = "local-ip-only@file";
service = "api@internal"; service = "api@internal";
@ -190,11 +181,12 @@ in
{ {
Traefik = { Traefik = {
icon = "traefik.png"; icon = "traefik.png";
href = "https://traefik.${config.networking.domain}/dashboard/"; href = "https://traefik.${config.mySystem.domain}/dashboard/";
ping = "https://traefik.${config.mySystem.domain}/dashboard/";
description = "Reverse Proxy"; description = "Reverse Proxy";
widget = { widget = {
type = "traefik"; type = "traefik";
url = "https://traefik.${config.networking.domain}"; url = "https://traefik.${config.mySystem.domain}";
}; };
}; };
} }
@ -204,7 +196,7 @@ in
name = "traefik"; name = "traefik";
group = "infrastructure"; group = "infrastructure";
url = "https://traefik.${config.networking.domain}"; url = "https://traefik.${config.mySystem.domain}";
interval = "30s"; interval = "30s";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];

70
nixos/modules/nixos/services/traefik/secrets.sops.yaml
View file

@ -1,8 +1,8 @@
system: system:
services: services:
#ENC[AES256_GCM,data:YEM+PywM4mm+0BlFscjwyDRdQLzJR2E11RumZ3NFJzjz7vyD+yZQI3dC5mIAFEI3ZmPNtxadtvGvQIIMs5XdHf3bm3lcVX2bsMfqWQ==,iv:4JhcykwwFc98iMXZZp9gBX13TFyic1kVKmimsT5a9q0=,tag:8TpvQcQQgoCD+z4+lNcduQ==,type:comment] #ENC[AES256_GCM,data:XPfrPhKBn7rS7oL1ob3KqOuGprzSsdfnEKHm8ep6Lr2qWgKUpnLyiOqkPapooPO0E2RnHXDv1GeLpl6+NbHQRWUCcfP0ypEko0ZZPw==,iv:R/sUawRMIts93Gdz8dRBJz7VWdK3nFXQfaGk+rWXK2c=,tag:xwONcjRqD05CiSyg8u7Yvw==,type:comment]
traefik: traefik:
apiTokenFile: ENC[AES256_GCM,data:BoFswFKyWhg2nAkdQ8eNW0+rWSMeIKvc/p0e/7ZHOsiltI/vgcYGQdz97mvwh2zck7OUvYRJbKZQ/W2bLmSZSmPScd1+drbKGPdo8s/K1KZSlqhfk4ldXqr9kpI+QV6FUw==,iv:mupO6Dj0lXafJK4+vXp85PlkVJLRP8HuQ4Jfj/EhcIs=,tag:CPhKdlAvtBtAs/IFZq+ZFw==,type:str] apiTokenFile: ENC[AES256_GCM,data:qFz1VRqM6Jfu33ImmglKp2L1WihYbZE86zx0BuXvgUSLrHodcgQ8ft8vpy0ur+I8I0i2/HLNKSrdz9bAdfDWdqqBpLwQA5SSu3pod/pxXTMvVEqZqYGwvXD24SifSHLKLA==,iv:YXah2ezPGDVJ9FWL5TJdqIT/ZPSEW6MxlKSqb33MNzE=,tag:UjJOl0g1UltdGicLDxqJQA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,59 +12,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDYzFWUDduWnNZNVFHd0VC YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVME1FckowdTFIaFByNFk4
aFM4aTR2N2xTQ1FXcFU1NXRjZHNoanVxc3o0Cml1MHFxcU1oSXZSWGhLTDQwRjBS cHM4WnprZk55WUdlcUlkcSsxQXIrRjloTXhJCm1GMWw4UGU4WnpaQmUycUxCci9i
SFlkYW1LZUhpUU5Kd014b3ErL2tVbGMKLS0tIFVIaXIvZXNWMlhsdC9YME5lK0JT WmtmbzdPSTZ5Q2l6QTZVdHkxajlpTE0KLS0tIDVxQ1ZMaFlSS3d0akQ1UDM5TFJG
NXFtV01BVG90dGpqT1YvTFlhZGdHZnMKMgARGl+FIQRafv5n9H54jdtD9K82J8b+ T096em14d1FRUjF3dm85MkthRVh6UnMKelOf2qNobndcxX5QR+iTt4sSIsngRbvj
uXXJgLas5GKc5dPKUuMXIGgYQjuDKbpn9282OhXBeNXtxhk6LPiHcw== wy6W5s53x2bqe4K21RSNhAUkUO3AshotN/caiYKzYx/kBZk2kRcVXw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNemtaYlNCWm9ReXozU2dt YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwTHczMFY1Rm5IQlV0TTJV
VGVRa1YzRU5qV2xueFFGZXJwNGVuUXdXVDNBCnp2WnZmMUVvZmk1Tnc2dGRrTVJV Sk5lKyswTlBteVZRRVE0TWY2Zm5uNXFjalNZCmVVU3FQZENSOUNtb0FGbEtqSmtG
KzdjQkZRdU9pRXUxay9KcVVkTlhma1UKLS0tIG5vZmt6LzkwUG9adnVxUmRZVE8w SnYyNEgyeDIvaW94U0wyV2dFd3g2VFUKLS0tIDN0Vmg2RjNkanp4b2wvK1RVbTU1
cnBCTFl2ZmFaa0RMa3BGK1lSRlZHNzAKytTZsl1Qs1Ln5lUFsWf4B3sTtMNUjQsn ZzQ4Q2VLNXI0M3hXL1pyV2gvbzhuUTgK4MjauT0PDEBn9HJicK3J8FXamsoSdqGA
zOWT/aL5EkDhKYI5afpaMLdgjrZNcUn53UTsN1QqGJfN9xz8I87VMQ== 5F0E6ettiC80jYV7Cp48cyQ1vo18glFSvQ1IrJ1x0z5Oznr+ZPXK2g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VVovZ0Nuc2kxQTgzWVAy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOFpvYnRWY2F1bTAvbmpC
bCtRMDVlOHJ6R09wMDN1NHRVc0dKQW1FSEJVCjNpQ0dUbGdEWDhKTFBEdUQ3Qm9N SEh2SmhaeEVEK2ZLbzBPeE1YVlkxM1FlQTBRClRNRWNZQ3BZcVE0VTF0bDUwWk1k
RGZ4ZmJ6b3Q4YUl6b084dE50QkVIMmMKLS0tIGt0SGNsYUUzRTBwbGNnR1VPQVBa Q1l5RWtYSy93V09EeGUxcVBzOVd0eDAKLS0tIDd3QlBQcHovWDlsdEg3eDlmVWtn
YmJtbEF5NW9Od2RTcjNra09JNERwYkEKL3yA04+igcbuwc01x7vx9DcnoUL34YHo OUhNMWxENzhqNmdaZTFkQWNVM3I0cW8KKeEKoG+e+rClRk8bWWtdGEjcyYiIPF3u
P6t+eTnKP7d0TmFHSieKSKu6Kk4rzeFVoQCkxlsyjrSNtht3QCj91g== 24flOm0iStrfy4b0Cf33sTzozFR6cdG3DZ1bqQLR3rwKAh9XdWbAhg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTkdNdEdPcGhCRkFHVlR2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjakxOcDBvcm05ckYzekIw
bVpKZXZDNjMxdjkzVGJEMFVHUDdMRUczOEVRCnlUeTFzaTdOa01rdVhNS3pTWEs4 Mm54a1k2U0Q3SkNtWVpqNGlnOWprK21lbVFnCnNZa0FReG54MFhPQVJESmM5eklS
YnNPdGNKbkdJUTZpR2RmbGhqTkdZcXMKLS0tIHlwK0Yzdm9SSWtycTU1Wm1OSHRn Zlpxeml3QnZVY2V1U1VRRXJsd05jajgKLS0tIGYxTjZkNk40eG91aHZOa1AvWHl5
b0pBdUxtcVlsc2NDTlRBUTd1b25oajQKFnpXnZ/8PmXD65oICcYpyAj0Op0nDSRH L2JqS0FjVzF1a1dZb29lM2dIVitiVWcKtyN9D5aqvwr5wKI7cZ+6ARZ2ntFN77bb
0hCWLscdq6KQiyG6Zi0/EQXHhXDc8PJbMHgGQ1rn3tqWhXozOP9ZTQ== xRS99lmHiOzEHoDK7KaU0trdeCLiUCGdVUye8RgPbe/SUXa8Nb36pw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJM2NmMzc5K2ZwZTVlSXZq YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWERTcWZNZlM2Wm10aUps
YkdzRWttdWZPQjBFaDh4UGUwZFFRVDlETFUwCk83emxCS0dXWitCV0hHZWphdnpF dGQ5eEFVTkVBYVJCdlN5WFZKUUI4MzBwL1I0CnAxbUNocHFCZFZHRnVmbzhwd0xY
R3dLQlZRenpsRlkweS85dnpGSzVITGsKLS0tIGlEWUM2SmowbUdhcVgrRitaUkVL aGcyelVJREh5MzBSUXNKaklXdGRFb1kKLS0tIFRvLzhsNFNvNGVvZWFPVXVFTC9H
Q3ZaaS81TjQ1MTE4ZVUwR01VUTNnMVUKlyPkDLQmkT2B6+ud0yrrTEbuHqaEQN4f NGQ5ZTk2dFVKNGdiQTJaNjZtR0d3YjgKz2AluV3wR0Cz7bJEXAUqBwHbdk7zmD5P
7ABgPx3GHrqgbZY/Xi1R75NiQ9n7+TGoB3v7AAjc+xc4b90yRuyx1g== nux9nLQfoD9YDfbp2DIBDktHPL5KjY5H4/zn+Obo3fPeq+PrZMNZZw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl - recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSk9lUTNGUFJaK3psT1Zj YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WDhQckJCdW1tTXBEalE5
Y0h2akx6SktqOSs1ckRRL29YNkxIcHhVdmxnCmZSeWdtckFQMHNtZUxEN1FNSnR2 VTJNL3dJWlIzMm9LTjVaUFl3SlNNVERwM3lRCmhCT25UWkxCYkdUNytjUjZCVWF2
VmxjR0ptT01FYjBRRGRZMjdSS3ZEcDQKLS0tIERpWmcxSHM2a3FhRy8zOTdmaEtC NjY5ZU5xWkxRZ2tIUzRNTzl4Mk5RK3cKLS0tIGxJamh0SnJIZWIxTjZzSEtHaXdy
blZJb3F4MTdoQVIyRVo1RnVCR3FYelEKYDXcpDVDrf/VYTEzNAM/XHkrx9cLkdC5 M1V2S01iclNnMzZta2lYY29HM1dMVXMK6omDe7Pgb57Q/zA6KUQV3mt/QQN3NlUZ
OCGfMqoqJPHZn4tGJOD2FpfZK8AVhih73gZKAHItDizm2aBuaT5yig== QESTtrrtDveuK/GBeiTQZpOdetYja3V2UHnePR5IHuMw3QexIKUlKw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T07:59:07Z" lastmodified: "2024-04-11T11:56:37Z"
mac: ENC[AES256_GCM,data:jpvoc5aacRAYifmVljRBZ2p8uXaeUiIbflGyjaYxVIy25N5Fa4v3wQOqmC1VGaSoOIMmx0Bt+p8ihdvhf2ihRwLF/L/jO+oSl0EiVqrx+u6xIXB19jD0flvw8d4lTE4E2DTxqvPGwGAOAp5g2fstdPAbrkDY+3/f6PMhlbvlPFw=,iv:T3HESCilOJ1S2cntErmaFmBhrLLmLRC2cFZN8gUFAUU=,tag:qXgobz+R/rDsrYs2wQhQQA==,type:str] mac: ENC[AES256_GCM,data:ZIOBc6KR2K5ttfx3EvZTL4Iod8aJCxHB90g+5cIMG0Cx5X6sf9RNVznab7/fTuCDcqEzG9KOrWhaSI1fx8NN1xbNY3GZ3iKFa8NEXlg6mO+7Kyir9GPBQaRTjCAUVKQnCukEq/50KPQsFRETyx4lOt9VFnd1GXpc1QgIXg8jnaQ=,iv:+TQstFomD658x6QYyY49Y7y2CduD16Bl8uhcIW09g6Y=,tag:bcfwfk3xfQsXom44OJq81g==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

2
nixos/modules/nixos/system/default.nix
View file

@ -7,7 +7,5 @@
./nix.nix ./nix.nix
./zfs.nix ./zfs.nix
./nfs ./nfs
./impermanence
]; ];
} }

2
nixos/modules/nixos/system/security.nix
View file

@ -28,7 +28,7 @@ in
security = { security = {
sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword; sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword;
# Don't bother with the lecture or the need to keep state about who's been lectured # Don't bother with the lecture or the need to keep state about who's been lectured
security.sudo.extraConfig = "Defaults lecture=\"never\""; sudo.extraConfig = "Defaults lecture=\"never\"";
pam.enableSSHAgentAuth = cfg.sshAgentAuth.enable; pam.enableSSHAgentAuth = cfg.sshAgentAuth.enable;

2
nixos/overlays/default.nix
View file

@ -2,8 +2,6 @@
, ... , ...
}: }:
{ {
# deploy-rs overlay
deploy-rs = inputs.deploy-rs.overlays.default;
nur = inputs.nur.overlay; nur = inputs.nur.overlay;

48
nixos/profiles/global.nix
View file

@ -9,38 +9,44 @@ with lib;
# Not sure at this point a good way to manage globals in one place # Not sure at this point a good way to manage globals in one place
# without mono-repo config. # without mono-repo config.
imports = imports =
[ [
(modulesPath + "/installer/scan/not-detected.nix") # Generated by nixos-config-generate (modulesPath + "/installer/scan/not-detected.nix") # Generated by nixos-config-generate
./global ./global
]; ];
mySystem = { options.mySystem.system.impermanence = {
enable = mkEnableOption "impermanence";
# basics for all devices # explicitly specify ssh path key
time.timeZone = "Australia/Melbourne"; # just so I can track where sops-nix needs to find it
security.increaseWheelLoginLimits = true; sshPath = mkOption {
system.packages = [ pkgs.bat ]; type = types.str;
default = "/etc/ssh";
# Lets see if fish everywhere is OK on the pi's };
# TODO decide if i drop to bash on pis?
shell.fish.enable = true;
# But wont enable plugins globally, leave them for workstations
}; };
environment.systemPackages = with pkgs; [ config = {
curl mySystem = {
wget
dnsutils
];
# basics for all devices
time.timeZone = "Australia/Melbourne";
security.increaseWheelLoginLimits = true;
system.packages = [ pkgs.bat ];
domain = "trux.dev";
internalDomain = "l.voltaicforge.com";
shell.fish.enable = true;
# But wont enable plugins globally, leave them for workstations
};
networking.useDHCP = lib.mkDefault true; environment.systemPackages = with pkgs; [
networking.domain = "trux.dev"; # TODO make variable curl
wget
dnsutils
];
networking.useDHCP = lib.mkDefault true;
networking.domain = config.mySystem.domain;
};
} }

2
nixos/profiles/global/nix.nix
View file

@ -30,14 +30,12 @@
"https://cache.garnix.io" "https://cache.garnix.io"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://numtide.cachix.org" "https://numtide.cachix.org"
"https://deploy-rs.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI="
]; ];
# Fallback quickly if substituters are not available. # Fallback quickly if substituters are not available.

66
nixos/profiles/global/secrets.sops.yaml Normal file
View file

@ -0,0 +1,66 @@
truxnell-password: ENC[AES256_GCM,data:/ZLxonyxqLLRJvVSuPczEkeiOaY/Z/1pmtwnOl8HQAds/hAnTWzVnfaovOP5KbsrS5GohTbHTAL80NOBflB1vZz+pWzhKVBbqQxnmYXGpp3jdO7q6Vo9yKPTnu4ClkFkN2QkX4xmUgSIRQ==,iv:xMhbcgBwqjCeKx0ZfTwORonxaFNZZ9yzBb2F27s0KO0=,tag:legRUJEC2ZXWTHCF0Kb7DA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkR0xqVzZsZzN4VEFsbXJn
RW1uNjJqNjVUcjN5c3Z3RkRMbUpERzRidVZBCjdLYis2TzdnMkJGalN5WEJ4NzdC
eEMvSFhjamllM1VPSGhGWFAwSzltYm8KLS0tIHFLWHlPdkVsYmpWUW5YWmdzUXZQ
dCtSdXNWdGdrNGlLcVg3bVBWWEdWeG8KFNFYMPp+uPhlFyDXzps946gowRM+EpnG
SljpZ2XTMHLZ2ZNHqrkdXaou8H7dDZjafo010I5c+U0/BzYg3GKwlw==
-----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1dWtHWVR4NFNaMS9LM2xr
dm9UamZkTmVwOGtaMmdJeU5uZGY5TGJwcnpVCmpyZ201OVpJSmFnT0V3aGluZUxP
djRTYUJCNis5NHhKbmNtZ3NlQldXdWMKLS0tIEJuSTJPVzhJVW93Qi8zSFFvSzlk
SW9jdk5BaHRhc3puVzE0cEwrMlRMcVEKV5++1oZk48SA2iuxf64NVg1gQo997tM/
06VqoVuLX1Vqo/InVmWzMJJA6IKSAe1k8eOeoZ7Sbgty7rcd3al1VQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSVhBNnpKREgrWHFSd0lC
bVd4b2ZmblR6Zlp6alEwV01CQm1TWGdFU3o4Ck5PY2R2VU5OSDZxME8zWkkyZ2Yr
bjJpZmFjUEdHY1hxWUZQSVd1Rlhnb3cKLS0tIEE2SnlkTThtR0pOdmF0SStNOUxi
MnJ2Ri9xb0E5Wis3ejhTVDdtQUVPc28KpDiexpCl7Pocrv1PAHEWVHEFEDUDq4F5
CsUxpyH4+odoi1Qzj2iDkbuaun5mTER96B/gfXKb8UZqOIygHA/89g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0bHZmS3FkSnhlNndWOGhU
eC9oSlEvUEorTHlvKzZ4RjhZNWthUzFTdTFrCktNWUNCYlQvZDY5OC9YRFJ1ei9V
UEY0MGhDMDVHai9LZzRrYWtqMzNJd0UKLS0tIGtPZHVPOTFXeXJEWTFwVmZoZFdX
ckF5M1Z6Z3lRRC9yYVIvaGJsbllSK1EK8JODbe2VZg5ABspZn5eNmvF3pJziVY9X
B05xe15jisD3k5mXcbolo3wkt78+fBV1M5EYuOYgtwI4bdWp1he+TQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZk8zS3c4alFyL09WSkMr
aDFhZGhQRVBYUExmV05DbjlJb3B4ZmFmcEcwCkx4aGhRbFNudGFEeHN3Q2xSSkxa
SnBxeG40L3YwbkFZL2FLY1hWYTA3N0kKLS0tIEZOM0o4VUFPWm1YUERzTS85Zmsr
ZHgwR2xPTE5zaGx3dDIxZ3F6allKRjgKgpcA82ZC8WrCF5b9EqkaHvrCQQYEFWXI
BxY8+3w3/hqnDiWzlPdwRQGN0J0e2WeIUFzSaQFYpR7kemP3DJ+MtQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0YnNXdkZSclc2L2NYMEJs
MG9LeURhc2VsM1Zxa3dIU0dNSTZpYTJqblUwCjV0QnE4eHljZHU1cGZTTUhLNzkv
WEJyQnFDS1JTRTd4dzJYa21EcW5hekUKLS0tIGMzMC9aVjJkZEZnM1JlTU9uTWdl
OUN5d2lEYnJCdW0vTXJnUWt4d3hCT28KjuBFDRjCyU037UV7s4ZSaMxPhZhUBakG
6IEpCm0U2NYfLAgqDrq9Pn1J9Ut1Q3Uep/UWBfqNET/yARoiXPDTvg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-12T03:04:28Z"
mac: ENC[AES256_GCM,data:lDxEN6svXfQEHyWRrDcs8XU8Sblxof820ZOcMoVfSMkjgNcx883E6ZKbZlE1lQztlG1RCyvGgpPotjfEN7KgH87IZ3EpUdq6t+4f2ag8T2xnjDNoU1PeiLLTGvd5rt5MeKK3YqhxQ17OKrdvwVDL+wcnZedF9X0vgbpFehBTIhY=,iv:S4cRp1It/BNYknkLk8x75oi615ddXp3FbS7Q5HBtgrg=,tag:9ugtzg2cw5Gc3/KpHbmuFQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

2
nixos/profiles/global/sops.nix
View file

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
{ {
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "${config.mySystem.system.impermanence.sshPath}/ssh_host_ed25519_key" ];
} }

6
nixos/profiles/global/users.nix
View file

@ -9,7 +9,7 @@ in
sops.secrets = { sops.secrets = {
truxnell-password = { truxnell-password = {
sopsFile = ./secret.sops.yaml; sopsFile = ./secrets.sops.yaml;
neededForUsers = true; neededForUsers = true;
}; };
}; };
@ -17,7 +17,7 @@ in
users.users.truxnell = { users.users.truxnell = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.fish; shell = pkgs.fish;
passwordFile = config.sops.secrets.truxnell-password.path; hashedPasswordFile = config.sops.secrets.truxnell-password.path;
extraGroups = extraGroups =
[ [
"wheel" "wheel"
@ -26,7 +26,9 @@ in
"network" "network"
"samba-users" "samba-users"
"docker" "docker"
"podman"
"audio" # pulseaudio "audio" # pulseaudio
"libvirtd"
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [

20
nixos/modules/nixos/system/impermanence/default.nix → nixos/profiles/impermanence.nix
View file

@ -8,7 +8,6 @@ in
with lib; with lib;
{ {
options.mySystem.system.impermanence = { options.mySystem.system.impermanence = {
enable = lib.mkEnableOption "impermanence";
rootBlankSnapshotName = lib.mkOption { rootBlankSnapshotName = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "blank"; default = "blank";
@ -22,26 +21,27 @@ with lib;
default = "/persist"; default = "/persist";
}; };
impermanenceRollback = lib.mkEnableOption "Rollback root on boot for impermance";
}; };
config = lib.mkIf cfg.enable { config = {
# move ssh keys
mySystem.system.impermanence.sshPath = "${cfg.persistPath}/nixos/etc/ssh";
mySystem.system.impermanence.enable = true;
# bind a initrd command to rollback to blank root after boot # bind a initrd command to rollback to blank root after boot
boot.initrd.postDeviceCommands = (lib.mkAfter '' boot.initrd.postDeviceCommands = lib.mkAfter ''
zfs rollback -r ${cfg.rootPoolName}@${cfg.rootBlankSnapshotName} zfs rollback -r ${cfg.rootPoolName}@${cfg.rootBlankSnapshotName}
''); '';
# move ssh keys to persist folder # move ssh keys to persist folder
services.openssh.hostKeys = mkIf config.services.openssh.enable [ services.openssh.hostKeys = mkIf config.services.openssh.enable [
{ {
path = "${cfg.persistPath}/nixos/ssh/ssh_host_ed25519_key"; path = "${config.mySystem.system.impermanence.sshPath}/ssh_host_ed25519_key";
type = "ed25519"; type = "ed25519";
} }
{ {
path = "${cfg.persistPath}/nixos/ssh/ssh_host_rsa_key"; path = "${config.mySystem.system.impermanence.sshPath}/ssh_host_rsa_key";
type = "rsa"; type = "rsa";
bits = 4096; bits = 4096;
} }
@ -49,7 +49,7 @@ with lib;
# If impermanent, move key location to safe # If impermanent, move key location to safe
systemd.tmpfiles.rules = mkIf config.services.openssh.enable [ systemd.tmpfiles.rules = mkIf config.services.openssh.enable [
"d ${cfg.persistPath}/nixos/ssh/ 0755 root root -" #The - disables automatic cleanup, so the file wont be removed after a period "d ${config.mySystem.system.impermanence.sshPath}/ 0755 root root -" #The - disables automatic cleanup, so the file wont be removed after a period
]; ];
# set machine id for log continuity # set machine id for log continuity

2
nixos/profiles/role-server.nix
View file

@ -19,7 +19,7 @@ with lib;
name = config.networking.hostName; name = config.networking.hostName;
group = "servers"; group = "servers";
url = "icmp://${config.networking.hostName}.l.trux.dev"; url = "icmp://${config.networking.hostName}.${config.mySystem.internalDomain}";
interval = "30s"; interval = "30s";
conditions = [ "[CONNECTED] == true" ]; conditions = [ "[CONNECTED] == true" ];
}]; }];

1
nixos/profiles/role-worstation.nix
View file

@ -62,7 +62,6 @@ with config;
yq yq
btop btop
vim vim
unstable.deploy-rs
git git
dnsutils dnsutils
nix nix