sora/nixconfig
1
0
Fork 0
Code Issues 2 Pull Requests Actions Releases Activity

Compare commits

base: sora:5dac3d02ce19366c53dbdad12b734e2b62e7ce38
Branches Tags
sora:main sora:dev
...
compare: sora:dev
Branches Tags
sora:main sora:dev

54 Commits
5dac3d02ce ... dev

Author SHA1 Message Date
soraefir
d9e7775afc fix internal 2026-05-22 01:04:33 +02:00
soraefir
424f12f5f7 test 2026-05-22 00:59:46 +02:00
soraefir
7ca8362d39 auth token 2026-05-22 00:53:29 +02:00
soraefir
f54977fe42 perm 2026-05-22 00:48:05 +02:00
soraefir
1b05194939 openport 2026-05-22 00:42:42 +02:00
soraefir
4e31a9f54a stable db 2026-05-22 00:33:52 +02:00
soraefir
7cd78511e7 influx port 2026-05-22 00:33:05 +02:00
soraefir
88d100dd77 update influx 2026-05-22 00:25:59 +02:00
soraefir
775e3e93bb tmpfs 2026-05-22 00:17:12 +02:00
soraefir
bfec529d88 lock update 2026-05-22 00:00:59 +02:00
soraefir
2afcbf6d99 fix metrum 2026-05-21 23:55:42 +02:00
soraefir
2cd45ef7de influx secret 2026-05-21 23:43:02 +02:00
soraefir
4d743836ca add influx, disable gitea login proxy 2026-05-21 23:39:36 +02:00
soraefir
9a6dda390b FIX 2026-05-21 22:17:36 +02:00
soraefir
dcd998830c more openhab features 2026-05-21 22:15:47 +02:00
soraefir
57bcf4d33c openhab setup 2026-05-21 03:18:36 +02:00
soraefir
7cc516a0be fix auth midleware 2026-05-21 02:28:42 +02:00
soraefir
37143eff2d openhab 2026-05-21 02:16:30 +02:00
soraefir
c3edd3c9fa setup 2026-05-21 02:15:48 +02:00
soraefir
775b0b4823 Radarr Naming 2026-05-21 02:14:33 +02:00
soraefir
ce0797b73b disable openhab 2026-05-21 02:08:58 +02:00
soraefir
a8bbbdc518 fix? 2026-05-21 02:06:43 +02:00
soraefir
742760afa7 fix openhab 2026-05-21 02:00:42 +02:00
soraefir
8b9187b17a Fix stuff 2026-05-21 01:56:13 +02:00
soraefir
8d50d4ecaf Add Radarr setup 2026-05-21 01:51:07 +02:00
soraefir
7ee341ee06 flip size 2026-05-21 01:43:12 +02:00
soraefir
5288f83c2e Fix 2026-05-21 01:39:16 +02:00
soraefir
dd70ef6499 Remove linebreak 2026-05-21 01:23:47 +02:00
soraefir
beaed878f8 Fix rm 2026-05-21 01:18:32 +02:00
soraefir
09ca162eed Fix 2026-05-21 01:14:46 +02:00
soraefir
4f5e6f210d Fix 2026-05-21 01:10:32 +02:00
soraefir
4a61f43eb9 fix 2026-05-21 01:09:52 +02:00
soraefir
a257a3153d Setup Script 2026-05-21 01:08:59 +02:00
soraefir
7da9acfcdc fix 2026-05-21 00:24:57 +02:00
soraefir
f838eb9850 fix 2026-05-21 00:23:01 +02:00
soraefir
302f9ae51b fix 2026-05-21 00:20:42 +02:00
soraefir
90b5828663 Add indexers 2026-05-21 00:16:37 +02:00
soraefir
1d9c5cdcd2 fix setup 2026-05-20 22:57:29 +02:00
soraefir
b59eecd26a add stuff 2026-05-20 20:43:06 +02:00
soraefir
6f8c8c92f1 fix 2026-05-20 20:05:52 +02:00
soraefir
f24102d752 fix url 2026-05-20 19:39:11 +02:00
soraefir
23147ca625 disable for testing 2026-05-20 19:29:18 +02:00
soraefir
40cf001ffa update servarr setup 2026-05-20 19:21:41 +02:00
soraefir
46fae29477 wip 2026-05-20 19:04:51 +02:00
soraefir
deea98b2de url envar 2026-05-20 18:45:43 +02:00
soraefir
b7aa160baa new stuff 2026-05-20 18:39:11 +02:00
soraefir
b91e9cacfd temp 2026-05-20 01:06:30 +02:00
soraefir
46b6b4db4f root 2026-05-20 00:56:23 +02:00
soraefir
5dcb3a7d4a add usr 2026-05-20 00:48:40 +02:00
soraefir
43780f80aa fix 2026-05-20 00:43:56 +02:00
soraefir
23cd521445 test 2026-05-20 00:36:30 +02:00
soraefir
51b6d88c64 test 2026-05-20 00:24:37 +02:00
soraefir
bc9b06f3ae fix 2026-05-20 00:06:38 +02:00
soraefir
220aee72ef key length 2026-05-20 00:03:23 +02:00
12 changed files with 626 additions and 151 deletions
Expand all files Collapse all files

104
flake.lock generated
View File

@@ -1,27 +1,5 @@
{ {
"nodes": { "nodes": {
"arion": {
"inputs": {
"flake-parts": "flake-parts",
"haskell-flake": "haskell-flake",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1770259557,
"narHash": "sha256-EvZ09k9+mzXAngPzU2K7oLLUDlKoT1numb4bDb3Gtl4=",
"owner": "hercules-ci",
"repo": "arion",
"rev": "9b24cf65c72cb0e9616e437d55e1ac8e5c6bc715",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "arion",
"type": "github"
}
},
"base16-schemes": { "base16-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -45,11 +23,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777780666, "lastModified": 1779036909,
"narHash": "sha256-8wURyQMdDkGUarSTKOGdCuFfYiwa3HbzwscUfn3STDE=", "narHash": "sha256-zXcwYQGCT6pzinK+1dBB2ekTVtfxGZAapb3Evdcu4fY=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "8c62fba0854ba15c8917aed18894dbccb48a3777", "rev": "56c666e108467d87d13508936aade6d567f2a501",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -60,27 +38,6 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nur", "nur",
@@ -103,11 +60,11 @@
}, },
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1778143761, "lastModified": 1779258371,
"narHash": "sha256-lkesY6x2X2qxlqLM7CT2iM/0rP2JB7fruPN3h8POXmI=", "narHash": "sha256-j1iZsLy6oFApqR1oiDmHhvkwxXqcNi0aoSJj643LuwU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "3bcaa367d4c550d687a17ac792fd5cda214ee871", "rev": "c97bc4d15bd3473dd095e8e8ba57330ab1943a77",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -116,22 +73,6 @@
"type": "github" "type": "github"
} }
}, },
"haskell-flake": {
"locked": {
"lastModified": 1675296942,
"narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
"owner": "srid",
"repo": "haskell-flake",
"rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
"type": "github"
},
"original": {
"owner": "srid",
"ref": "0.1.0",
"repo": "haskell-flake",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -139,11 +80,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777851538, "lastModified": 1778905220,
"narHash": "sha256-Gp8qwTEYNoy2yvmErVGlvLOQvrtEECCAKbonW7VJef8=", "narHash": "sha256-ox/5IHc8uwy6UTw6N7Shp6uCHIgu/S2PsWeuXsOHSo8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "cc09c0f9b7eaa95c2d9827338a5eb03d32505ca5", "rev": "d1686dc7d36cbd1234cb226ad6ef97e882716acb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -174,11 +115,11 @@
}, },
"nixUnstable": { "nixUnstable": {
"locked": { "locked": {
"lastModified": 1778274207, "lastModified": 1779259093,
"narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=", "narHash": "sha256-7DKWmH23hL2eYdkxCKeqj2i+yljTKuU+3Nk1UPHOnxc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7", "rev": "d99b013d5d1931ad77fe3912ed218170dec5d9a4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -190,11 +131,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1778003029, "lastModified": 1779102034,
"narHash": "sha256-q/nkKLDtHIyLjZpKhWk3cSK5IYsFqtMd6UtXF3ddjgA=", "narHash": "sha256-vZJZjLo513IeI8hjzHFc6TDezUd4uCE2Eq4SNO3DNNg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0c88e1f2bdb93d5999019e99cb0e61e1fe2af4c5", "rev": "687f05a9184cad4eaf905c48b63649e3a86f5433",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -221,11 +162,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1777954456, "lastModified": 1778869304,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", "narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", "rev": "d233902339c02a9c334e7e593de68855ad26c4cb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -237,15 +178,15 @@
}, },
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1778376280, "lastModified": 1779398206,
"narHash": "sha256-pL2F2FF2FN7zWr5o/vG7GiYOSjp+DUNyPIYqNaLQFFs=", "narHash": "sha256-jX+5X7dr4ZLA/LgCZUkKngFsA6MGHBMReOspOiE1mYI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "828688994167eb57628c98fd1d7e1223b079cda1", "rev": "a592294d7840cea33f00c2a9f1efd396710f75af",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -256,7 +197,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"arion": "arion",
"darwin": "darwin", "darwin": "darwin",
"hardware": "hardware", "hardware": "hardware",
"home-manager": "home-manager", "home-manager": "home-manager",

2
modules/nixos/system/network/base/default.nix
View File

@@ -13,7 +13,7 @@
allowedTCPPorts = allowedTCPPorts =
(if (config.syscfg.server != false && config.syscfg.server.web) then [ 80 443 22 ] else [ ]) ++ (if (config.syscfg.server != false && config.syscfg.server.web) then [ 80 443 22 ] else [ ]) ++
(if (config.syscfg.server != false) then [ 5432 6379 ] else [ ]) ++ (if (config.syscfg.server != false) then [ 5432 6379 8181 ] else [ ]) ++
[ ]; [ ];
}; };
}; };

1
modules/server/containers/apps/.todo.md
View File

@@ -3,5 +3,6 @@
RSS: TTRSS / FreshRSS RSS: TTRSS / FreshRSS
Monitoring: Telegraf + InfluxDB Monitoring: Telegraf + InfluxDB
https://github.com/tarampampam/error-pages ? https://github.com/tarampampam/error-pages ?
kavita + mylar ? kapowarr ?
- Transmission Cfg and API/Token handling - Transmission Cfg and API/Token handling

2
modules/server/containers/apps/gitea.nix
View File

@@ -73,7 +73,7 @@ in {
} else {}); } else {});
extraLabels = { extraLabels = {
"traefik.http.routers.${containerCfg.subdomain}-login.rule" = "Host(`${containerCfg.subdomain}.${serverCfg.domain}`) && Path(`/user/login`) "; "traefik.http.routers.${containerCfg.subdomain}-login.rule" = "Host(`${containerCfg.subdomain}.${serverCfg.domain}`) && Path(`/user/login`) ";
"traefik.http.routers.${containerCfg.subdomain}-login.middlewares" = if serverCfg.containers?authentik then "authentik" else ""; "traefik.http.routers.${containerCfg.subdomain}-login.middlewares" = if (serverCfg.containers?authentik && false) then "authentik" else "";
"traefik.http.routers.${containerCfg.subdomain}-login.priority" = "100"; "traefik.http.routers.${containerCfg.subdomain}-login.priority" = "100";
"traefik.http.routers.${containerCfg.subdomain}-login.entrypoints" = "web-secure"; "traefik.http.routers.${containerCfg.subdomain}-login.entrypoints" = "web-secure";
"traefik.http.routers.${containerCfg.subdomain}-login.tls" = "true"; "traefik.http.routers.${containerCfg.subdomain}-login.tls" = "true";

6
modules/server/containers/apps/handbrake.nix
View File

@@ -2,6 +2,10 @@
let let
serverCfg = config.syscfg.server; serverCfg = config.syscfg.server;
version = "latest"; version = "latest";
routerName = if containerCfg.subpath != null
then "${containerCfg.subdomain}-${lib.strings.sanitizeDerivationName containerCfg.subpath}"
else containerCfg.subdomain;
in { in {
paths = [{ paths = [{
@@ -27,7 +31,7 @@ in {
AUTOMATED_CONVERSION_OUTPUT_SUBDIR = "SAME_AS_SRC"; AUTOMATED_CONVERSION_OUTPUT_SUBDIR = "SAME_AS_SRC";
}; };
extraLabels = { } // (if serverCfg.containers ? authentik then { extraLabels = { } // (if serverCfg.containers ? authentik then {
"traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik"; "traefik.http.routers.${routerName}.middlewares" = "authentik";
} else {}); } else {});
extraOptions = [ extraOptions = [
"--tmpfs=/tmp:rw,noexec,nosuid,size=512m" "--tmpfs=/tmp:rw,noexec,nosuid,size=512m"

52
modules/server/containers/apps/influx.nix
View File

@@ -1,44 +1,58 @@
{ config, containerCfg, pkgs, lib, builder, name, ... }: { config, containerCfg, pkgs, lib, builder, name, ... }:
let let
serverCfg = config.syscfg.server; serverCfg = config.syscfg.server;
influxPkg = pkgs.influxdb2; version = "latest";
image = pkgs.dockerTools.streamLayeredImage {
name = influxPkg.name;
tag = influxPkg.version;
contents = [ ];
config = {
Entrypoint = [ "${influxPkg}/bin/influxd" ];
ExposedPorts = {
"8086/tcp" = {}; # Combined Engine and UI port
};
};
};
in { in {
sops = true; sops = true;
db = true;
paths = [{ paths = [{
path = "${serverCfg.configPath}/influxdb/"; path = "${serverCfg.configPath}/influxdb/";
mode = "0700"; mode = "0700";
}{
path = "${serverCfg.dataPath}/influxdb/";
owner = "1500:1500";
mode = "0700";
}]; }];
containers = { containers = {
server = builder.mkContainer { server = builder.mkContainer {
subdomain = containerCfg.subdomain; subdomain = containerCfg.subdomain;
imageStream = image; image = "influxdata/influxdb3-ui:${version}";
port = 8086; port = 8080;
secret = name; secret = name;
extraEnv = { extraEnv = {
INFLUXD_CONFIG_PATH = "var/lib/influxdb2/config"; SESSION_SECRET_KEY = "7b0024c13ae770000f797c201e2f210b9932a689c04d34de04379faa44e88e97";
INFLUXD_BOLT_PATH = "/var/lib/influxdb2/influxdb.bolt"; DATABASE_URL = "/db/sqlite.db";
INFLUXD_ENGINE_PATH = "/var/lib/influxdb2/engine";
}; };
extraOptions = [
"--tmpfs=/tmp:rw,noexec,nosuid,size=512m"
];
overrides = { overrides = {
cmd = [ "--mode=admin" ];
volumes = [ volumes = [
"${serverCfg.configPath}/influxdb/:/var/lib/influxdb2" "${serverCfg.dataPath}/influxdb:/db:rw"
"${serverCfg.configPath}/influxdb/:/app-root/config:ro"
]; ];
}; };
}; };
}; };
setup = {
trigger = "server";
script = pkgs.writeShellScript "setup" ''
cat > ${serverCfg.configPath}/influxdb/config.json << 'EOF'
{
"DEFAULT_INFLUX_SERVER": "http://${builder.host}:8181",
"DEFAULT_INFLUX_DATABASE": "main",
"DEFAULT_API_TOKEN": "b27686e85a883437666f61586e084f7deb763958497739479ca48bc913ee90afd1a920332156133c89fb8674cb197ced17706074e6a42fc7ce6b2d54ac6119c9",
"DEFAULT_SERVER_NAME": "${serverCfg.domain}"
}
EOF
chown 1500:1500 ${serverCfg.configPath}/influxdb/config.json
'';
};
} }

78
modules/server/containers/apps/openhab.nix
View File

@@ -1,3 +1,77 @@
{... }:{ { config, containerCfg, pkgs, lib, builder, name,... }:
let
serverCfg = config.syscfg.server;
version = "5.1.4";
in {
sops = false;
db = false;
paths = [
{ path="${serverCfg.configPath}/openhab/conf"; owner="1000:1000"; mode = "0755"; }
{ path="${serverCfg.configPath}/openhab/userdata"; owner="1000:1000"; mode = "0755"; }
{ path="${serverCfg.configPath}/openhab/addons"; owner="1000:1000"; mode = "0755"; }
];
containers = {
server = builder.mkContainer {
subdomain = containerCfg.subdomain;
image = "openhab/openhab:${version}";
port = 8080;
extraEnv = {
USER_ID = "1000";
GROUP_ID = "1000";
CRYPTO_POLICY = "unlimited";
OPENHAB_HTTP_PORT = "8080";
};
extraOptions = [
"--network=host"
"--cap-add=NET_ADMIN"
"--cap-add=NET_RAW"
"--no-healthcheck"
];
overrides = {
volumes = [
"${serverCfg.configPath}/openhab/conf:/openhab/conf"
"${serverCfg.configPath}/openhab/userdata:/openhab/userdata"
"${serverCfg.configPath}/openhab/addons:/opt/openhab/addons"
"/var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro"
];
};
};
};
setup = {
trigger = "server";
envFile = [ config.sops.secrets."CUSTOM".path ];
script = pkgs.writeShellScript "setup" ''
# Pre-generate openHAB directories on the host
OHAB="${pkgs.podman}/bin/podman --events-backend=none exec openhab-server /openhab/runtime/bin/client -u openhab -p habopen"
sleep 20
exit 0
$OHAB openhab:users add $DEFAULT_ADMIN_USERNAME $DEFAULT_ADMIN_PASSWORD administrator
$OHAB feature:list
$OHAB openhab:addons install persistance-mapdb
$OHAB openhab:addons install persistance-influxdb
$OHAB openhab:addons install ui-basic
$OHAB openhab:addons install automation-jsscripting
$OHAB openhab:addons install binding-telegram
$OHAB openhab:addons install binding-matter
$OHAB openhab:addons install binding-mqtt
$OHAB openhab:addons install binding-bluetooth
$OHAB openhab:addons install binding-zigbee
$OHAB openhab:addons install binding-chromecast
$OHAB openhab:addons install binding-astro
$OHAB openhab:addons install binding-meteoblue
$OHAB openhab:addons install binding-publictransportswitzerland
#IF APPLE DEVICE: HomeKit (siri/apple bridge)
#IF UBIQUITY NET: Unifi + UnifiProtect (net/cam bridge)
#IF YAMAHA+EPSON: EpsonProjector + Yamaha (projector and sound)
#IF BAMBULAB DEVICE: BambuLab (notify print state)
#IF GARDENA DEVICE: Gardena (smart watering)
#Extra: AndroidTV/Jellyfin (Bind with lights + more)
'';
};
} }

483
modules/server/containers/apps/servarr.nix
View File

File diff suppressed because one or more lines are too long

4
modules/server/containers/builder.nix
View File

@@ -40,7 +40,7 @@ let
] ++ extraOptions; ] ++ extraOptions;
}; };
in lib.recursiveUpdate base overrides; in lib.recursiveUpdate base overrides;
vmBuilder = { name, vm }: (import "${pkgs.path}/nixos/lib/eval-config.nix" { vmBuilder = { name, vm }: ((import "${pkgs.path}/nixos/lib/eval-config.nix" {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ vm.cfg modules = [ vm.cfg
({ config, lib, modulesPath, ... }: { ({ config, lib, modulesPath, ... }: {
@@ -65,7 +65,7 @@ let
in if (vm ? portForward && vm.portForward != null) then map parsePortString vm.portForward else []; in if (vm ? portForward && vm.portForward != null) then map parsePortString vm.portForward else [];
};}) };})
]; ];
}.config.system.build.vm); }).config.system.build.vm);
in { in {
mkContainer = contBuilder; mkContainer = contBuilder;
mkVm = vmBuilder; mkVm = vmBuilder;

22
modules/server/database/default.nix
View File

@@ -39,6 +39,28 @@ in {
bind = "*"; bind = "*";
settings.protected-mode = "no"; settings.protected-mode = "no";
}; };
systemd.services.influxdb3 = {
description = "InfluxDB 3 Time Series Database Engine";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
INFLUXDB3_NODE_IDENTIFIER_PREFIX = "node0";
INFLUXDB3_OBJECT_STORE = "file";
INFLUXDB3_DATA_DIR = "${config.syscfg.server.dataPath}/influxdb";
INFLUXDB3_DB_DIR = "${config.syscfg.server.dataPath}/influxdb";
INFLUXDB3_ENABLE_INTERNAL_DB = "true";
INFLUXDB3_INITIAL_ADMIN_TOKEN = "b27686e85a883437666f61586e084f7deb763958497739479ca48bc913ee90afd1a920332156133c89fb8674cb197ced17706074e6a42fc7ce6b2d54ac6119c9";
};
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.influxdb3}/bin/influxdb3 serve";
Restart = "on-failure";
StateDirectory = "influxdb3";
PrivateTmp = true;
NoNewPrivileges = true;
};
};
systemd.services.postgresql-init = { systemd.services.postgresql-init = {

7
modules/server/sops/server.yaml
View File

@@ -10,7 +10,8 @@ SEARXNG: ENC[AES256_GCM,data:gtKhEmMemzLRl4c3cYhMAQ+5vUth1IhWQeLvW1YtaG5TbhQHBR4
UMAMI: ENC[AES256_GCM,data:onB/uXLajaRLmeQMGNHFsjREzPih9ha+cogGRw+nRomERSRrbBv+6gCqEr8F3Dcm818JB4jGRYKoIYG8Jl6gMDaz5QQiA4qAnbG19LuzVeVUgz4NGEgXBULoT/0sQacnyAPIfPEp+ESWRQH81nO6Qcs+rICpS2Xfeye5hb+8rSAxmLpY991AJ3+avGyMwPcpfNCkixWt68KuG5ZN/IGDksM/sSLGgyMisClbEdhigq4mwibOxpiWjcKk/17xYgY6Xz93h/yloHKZIZZpnyA+85YC6oNWgCPhkGIAVu3dGshp10a0nk1A2INm6vxNPbfUjYLkt3zDAPZtoBRCqUs+43Eh62hYgajgWCQJhjJkDgF4Y1ifGfDerIXs/cDpIKLt2+7VqM6/ouqIDPJ7khSAr+8bcHU4CKDtsDagob5PpCG4ABt44cg9cGw=,iv:HD450JZuWn2+V0pvOsDHy9oVAanFMf1el9LA1z0PULY=,tag:p7Vl7dtM8UdAUNgmdG+7cg==,type:str] UMAMI: ENC[AES256_GCM,data:onB/uXLajaRLmeQMGNHFsjREzPih9ha+cogGRw+nRomERSRrbBv+6gCqEr8F3Dcm818JB4jGRYKoIYG8Jl6gMDaz5QQiA4qAnbG19LuzVeVUgz4NGEgXBULoT/0sQacnyAPIfPEp+ESWRQH81nO6Qcs+rICpS2Xfeye5hb+8rSAxmLpY991AJ3+avGyMwPcpfNCkixWt68KuG5ZN/IGDksM/sSLGgyMisClbEdhigq4mwibOxpiWjcKk/17xYgY6Xz93h/yloHKZIZZpnyA+85YC6oNWgCPhkGIAVu3dGshp10a0nk1A2INm6vxNPbfUjYLkt3zDAPZtoBRCqUs+43Eh62hYgajgWCQJhjJkDgF4Y1ifGfDerIXs/cDpIKLt2+7VqM6/ouqIDPJ7khSAr+8bcHU4CKDtsDagob5PpCG4ABt44cg9cGw=,iv:HD450JZuWn2+V0pvOsDHy9oVAanFMf1el9LA1z0PULY=,tag:p7Vl7dtM8UdAUNgmdG+7cg==,type:str]
IMMICH: ENC[AES256_GCM,data:1y78yeawkRjUXLWPyFdMB5HCDQhb1PoxEMfHmKSZfv0CWloOrQWT735dlH+W9yC6ljZjqVD9Fwq/9GqqKQMTFMCpr8wVRwSHEuqmaG3UgKzbLA3aWZ1SIB0AiJi+eUunzHj2vikUJx9dMRjC+iNXrsVWh2HqMrOyFCWetZoIfxNiAgsgNKPgYYsHLv6OAZs9XT7V3veqe0zc0nyw7ghWSXne/yNhQESyyGlMAdagrJRNimvXIp/AoAUKl2WUJm2MBl7lb6K1YeJ1XW8OjAHzV8isBiUwU8ZD81VJog0fgTGjbUa+HO7jEo+9YwmDIMx3f5z9N4A=,iv:pboITW2rr7+w8VNZM6uYMMEFZ1S/JtqjNOVthpYJ2tQ=,tag:0dgrJ191sB4MLJHMoQBlCg==,type:str] IMMICH: ENC[AES256_GCM,data:1y78yeawkRjUXLWPyFdMB5HCDQhb1PoxEMfHmKSZfv0CWloOrQWT735dlH+W9yC6ljZjqVD9Fwq/9GqqKQMTFMCpr8wVRwSHEuqmaG3UgKzbLA3aWZ1SIB0AiJi+eUunzHj2vikUJx9dMRjC+iNXrsVWh2HqMrOyFCWetZoIfxNiAgsgNKPgYYsHLv6OAZs9XT7V3veqe0zc0nyw7ghWSXne/yNhQESyyGlMAdagrJRNimvXIp/AoAUKl2WUJm2MBl7lb6K1YeJ1XW8OjAHzV8isBiUwU8ZD81VJog0fgTGjbUa+HO7jEo+9YwmDIMx3f5z9N4A=,iv:pboITW2rr7+w8VNZM6uYMMEFZ1S/JtqjNOVthpYJ2tQ=,tag:0dgrJ191sB4MLJHMoQBlCg==,type:str]
INVIDIOUS: ENC[AES256_GCM,data:ZfgU5UFMmG9Cx9UaR0xnKr9VPebG3kut0difTFZmoqOSs+stG6YJfV82OOhj1RQLVJlPr/scydYy1+3LytwvP1BT7tLe0jII7XupbkL0w3n79KBaiIzAPdicqLxeqjKH45I0NjHra4djdnO2Ff4T8CTiFDlPn1rMuiw=,iv:UaDmOKJ4bFPGCaIePLXkWot9E6sTu2nhaVs83sI38G0=,tag:spTjxWEmLfPc8BZl2GglBA==,type:str] INVIDIOUS: ENC[AES256_GCM,data:ZfgU5UFMmG9Cx9UaR0xnKr9VPebG3kut0difTFZmoqOSs+stG6YJfV82OOhj1RQLVJlPr/scydYy1+3LytwvP1BT7tLe0jII7XupbkL0w3n79KBaiIzAPdicqLxeqjKH45I0NjHra4djdnO2Ff4T8CTiFDlPn1rMuiw=,iv:UaDmOKJ4bFPGCaIePLXkWot9E6sTu2nhaVs83sI38G0=,tag:spTjxWEmLfPc8BZl2GglBA==,type:str]
SERVARR: ENC[AES256_GCM,data:KvQ5lGGstmVUlIII9t7KpaHJ+Mcn++kKEtYnvCDbGx4gIX6ismL9f7vYGclePkidmhu+XPM+0xlpLL2xrpS0r3BrUmHE8uvBoL0fd70=,iv:vdshE1PKQJJ9uEkQWvMBDZ3l8ezQBO3TtL7TaWJwliE=,tag:1HWPXqa9ZACdq0ogVdzOyg==,type:str] SERVARR: ENC[AES256_GCM,data:757WdthmToCGr2boph7iW1ycs3tQyGgD3lhYOcX/X3hjs9dLLPCWGI2zt5axp72IGJ/sVYEop2rqsRLxdPn3VIyQLvQ+3MYdo8Z/yOuMy7DAlnITQQQUI2ylZKHVmFAt39/xBpwsVjh3m/hBQvn/LbCDtR2s4qa+8fQDfeZXksTtnf7YZbVygTF7jWZ+0oVvkvNO1ZUejvP+uHL+jHwgMEwQnR22hOYWEKZ1s7PI+EZHujqyOhnwXB4jRG+XD7R4N6AhC5Z+nmkFpy3ffszCJ0/H,iv:NrNbkL6GWN4r+uzxNYrhoECD1APbRsRBcMBbVHD3DwM=,tag:YK1O50wV+lHAQa6TX9huUw==,type:str]
INFLUX: ENC[AES256_GCM,data:woaZ/8zWRFtuO6U3HQ==,iv:iLo33tykE6oQW2jUNVGtR/JwrZbs9Fe1fFQ5/LnvaRY=,tag:6UDOU0JJgR7eyQ0hL8j5Qw==,type:str]
sops: sops:
age: age:
- recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
@@ -31,8 +32,8 @@ sops:
S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk
d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA== d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-19T21:46:47Z" lastmodified: "2026-05-21T21:42:55Z"
mac: ENC[AES256_GCM,data:dvxK7tOIZTZmoF2WMuarmzBfKXh6TYK8lgbF9UuNfBK6eU0/hBZsLtsQ+UrwrHhjNxWCyreFxP1s9slhHZhI16/Jq5+a0TmOqI4vQxf2DY1OIYwzjMj+XWD2OfS7sruUFHRVCMgSxWSKm4aVIc7MDKapmEq59vWiIoNN8Shdiyw=,iv:bYgXD0i/8nBi/hopKxWBO6TnoorFcJ28KuF8GXy+P2I=,tag:V2V/fWu2nqjMzEknRi/IAA==,type:str] mac: ENC[AES256_GCM,data:6FCnBXQ1ueiNECTZDo2AGw8CXCimGWKXQYbI+4in0tCfI477Ip9OISwodK4cFhZPKEYFOB4z5KU5vXJ014jErYDylaPlHYj7Bj/4ugkYt/ywDg3VEYZVVZfBI7bhe1x8/kbkg+Y6ZwURf74xPyg7X+7IH5VGQA4eKck5rTPwGZQ=,iv:04MI9S51azQLEvDtbxL0cf6NUNtV4hRALBcsMmrAFKg=,tag:5oxAZwCfWmatWnghZ97W6g==,type:str]
pgp: pgp:
- created_at: "2026-05-05T23:46:27Z" - created_at: "2026-05-05T23:46:27Z"
enc: |- enc: |-

16
systems/sandbox/cfg.nix
View File

@@ -39,13 +39,13 @@
authentik.subdomain = "sso"; authentik.subdomain = "sso";
searxng.subdomain = "searx"; searxng.subdomain = "searx";
# ===== CLOUD ===== # ===== CLOUD =====
nextcloud.subdomain = "cloud"; # nextcloud.subdomain = "cloud";
collabora.subdomain = "office"; # collabora.subdomain = "office";
etherpad.subdomain = "pad"; # etherpad.subdomain = "pad";
ethercalc.subdomain = "calc"; # ethercalc.subdomain = "calc";
immich.subdomain = "pic"; # immich.subdomain = "pic";
# ===== FLIX ===== # ===== FLIX =====
invidious.subdomain = "yt"; # invidious.subdomain = "yt";
jellyfin.subdomain = "flix"; jellyfin.subdomain = "flix";
servarr.subdomain = "arr"; servarr.subdomain = "arr";
transmission = { subdomain = "arr"; subpath = "transmission"; }; transmission = { subdomain = "arr"; subpath = "transmission"; };
@@ -53,9 +53,9 @@
# ===== DEV ===== # ===== DEV =====
gitea.subdomain = "git"; gitea.subdomain = "git";
# ===== HOME ===== # ===== HOME =====
openhab.subdomain = "hass"; openhab.subdomain = "hab";
# trmnl = { subdomain = "hass"; subpath = "trmnl"; }; # trmnl = { subdomain = "hass"; subpath = "trmnl"; };
# influx.subdomain = "metrum"; influx.subdomain = "metrum";
}; };
}; };
}; };