commit dbde26070463e8f9d51adc8fbddefd39584a0b43 Author: admin Date: Mon Jun 16 20:43:22 2025 +0100 inital commit diff --git a/config/common.nix b/config/common.nix new file mode 100644 index 0000000..d5d75ab --- /dev/null +++ b/config/common.nix @@ -0,0 +1,88 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ + config, + pkgs, + home-manager, + ... +}: + +{ + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/London"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_GB.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.admin = { + isNormalUser = true; + description = "admin"; + shell = pkgs.zsh; + extraGroups = [ + "networkmanager" + "wheel" + ]; + packages = with pkgs; [ + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + programs = { + zsh.enable = true; + }; + + fileSystems."/mnt/media" = { + device = "192.168.0.20:/mnt/pool/media"; + fsType = "nfs"; + }; + fileSystems."/mnt/services" = { + device = "192.168.0.20:/mnt/pool/services"; + fsType = "nfs"; + }; + fileSystems."/mnt/data" = { + device = "192.168.0.20:/mnt/pool/data"; + fsType = "nfs"; + }; + + nix = { + gc.automatic = true; + optimise.automatic = true; + }; + +} diff --git a/config/desktop.nix b/config/desktop.nix new file mode 100644 index 0000000..44abd45 --- /dev/null +++ b/config/desktop.nix @@ -0,0 +1,212 @@ +{ pkgs, ... }: + +{ + + hardware.graphics = { + enable = true; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + # Enable automatic login for the user. + services.displayManager.autoLogin.enable = true; + services.displayManager.autoLogin.user = "admin"; + + # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@tty1".enable = false; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + boot = { + # Graphical boot + plymouth.enable = true; + # Allow higher virtual memory for games + kernel.sysctl."vm.max_map_count" = 2147483642; + }; + + environment.gnome.excludePackages = with pkgs; [ + epiphany # web browser + geary # email + gnome-calendar + gnome-music + gnome-software + gnome-tour + totem # video player + xterm + yelp # help + ]; + + environment.systemPackages = with pkgs; [ + audacity + blender + #cura + gimp + gnomeExtensions.appindicator + gnomeExtensions.blur-my-shell + gnomeExtensions.dash-to-dock + inkscape + joplin-desktop + kiwix + libreoffice + obs-studio + ollama + protonmail-desktop + prismlauncher + ungoogled-chromium + signal-desktop + wireshark + monero-gui + vscodium + zsh + dconf-editor + + #gaymig? + heroic + lutris + + #TUI + fastfetch + nixfmt-rfc-style + yt-dlp + ansible + cataclysm-dda + exiftool + ffmpeg + git + htop + lm_sensors + mangohud + mediainfo + pciutils # lspci + nmap + #umu-launcher + qrencode + smartmontools + nixpkgs-fmt # nix formatter + ]; + + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk-sans + #noto-fonts-emoji + noto-fonts-extra + whatsapp-emoji-font + corefonts + fantasque-sans-mono + ]; + + programs = { + coolercontrol = { + enable = true; + nvidiaSupport = true; + }; + + gamescope = { + enable = true; + capSysNice = true; + }; + + steam = { + enable = true; + gamescopeSession.enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + + gamemode.enable = true; + + dconf = { + enable = true; + profiles.user.databases = [ + { + lockAll = true; # prevents overriding + settings = { + "org/gnome/shell" = { + favourite-apps = [ + "org.gnome.Nautilus.desktop" + "chromium-browser.desktop" + "proton-mail.desktop" + "@joplinapp-desktop.desktop" + "signal-desktop.desktop" + "steam.desktop" + "org.gnome.Settings.desktop" + "org.gnome.Console.desktop" + ]; + enabled-extensions = [ + pkgs.gnomeExtensions.appindicator.extensionUuid + pkgs.gnomeExtensions.blur-my-shell.extensionUuid + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + ]; + }; + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + "org/gnome/desktop/interface" = { + clock-show-weekday = true; + color-scheme = "prefer-dark"; + document-font-name = "Noto Sans 11"; + enable-hot-corners = false; + font-name = "Noto Sans 11"; + gtk-theme = "Adwaita-dark"; + monospace-font-name = "Fantasque Sans Mono 12"; + }; + "org/gnome/desktop/peripherals.mouse" = { + accel-profile = "flat"; + }; + "org/gnome/desktop/wm/preferences" = { + button-layout = ":minimize,maximize,close"; + }; + "org/gnome/nautilus/list-view" = { + default-zoom-level = "small"; + }; + "org/gnome/nautilus/preferences" = { + default-folder-viewer = "list-view"; + }; + "org/gnome/shell/extensions/dash-to-dock" = { + #apply-custom-theme = true; + click-action = "focus-minimize-or-previews"; + dock-fixed = true; + multi-monitor = true; + show-mounts = false; + show-show-apps-button = false; + }; + "org/gnome/shell/keybindings" = { + show-screenshot-ui = "s"; + }; + }; + } + ]; + }; + }; + +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..1645f36 --- /dev/null +++ b/flake.lock @@ -0,0 +1,162 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "owner": "ryantm", + "repo": "agenix", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747556831, + "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "e81fd167b33121269149c57806599045fd33eeed", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1745391562, + "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1747825515, + "narHash": "sha256-BWpMQymVI73QoKZdcVCxUCCK3GNvr/xa2Dc4DM1o2BE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cd2812de55cf87df88a9e09bf3be1ce63d50c1a6", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "home-manager": "home-manager_2", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..68609c0 --- /dev/null +++ b/flake.nix @@ -0,0 +1,67 @@ +{ + description = "A very basic flake"; + + inputs = { + agenix.url = "github:ryantm/agenix"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixos-hardware.url = "github:nixos/nixos-hardware/master"; + home-manager.url = "github:nix-community/home-manager/release-25.05"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = + { + self, + nixpkgs, + nixos-hardware, + home-manager, + agenix, + }: + { + nixosConfigurations.desktop = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./config/common.nix + ./config/desktop.nix + ./hosts/desktop/hardware.nix + ./hosts/desktop/settings.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.admin = { + imports = [ + ./home/common.nix + ./home/desktop.nix + ]; + }; + } + ]; + }; + + nixosConfigurations.nixos-server = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./config/common.nix + ./hosts/server/hardware.nix + ./hosts/server/settings.nix + agenix.nixosModules.default + { + environment.systemPackages = [ agenix.packages.x86_64-linux.default ]; + } + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.admin = { + imports = [ + ./home/common.nix + ./home/podman.nix + agenix.homeManagerModules.default + ]; + }; + } + ]; + }; + }; +} diff --git a/home/common.nix b/home/common.nix new file mode 100644 index 0000000..49f7204 --- /dev/null +++ b/home/common.nix @@ -0,0 +1,67 @@ +{ + + programs = { + + neovim = { + enable = true; + viAlias = true; + vimAlias = true; + extraConfig = '' + set nocompatible + syntax on + + set fileformat=unix + set encoding=utf8 + set number relativenumber + set wrap + + set tabstop=4 + set shiftwidth=4 + set softtabstop=4 + set smarttab + set autoindent + set colorcolumn=80 + highlight ColorColumn ctermbg=8 + + set clipboard=unnamed,unnamedplus + set list listchars=tab:>-,trail:_,extends:>,precedes:<,nbsp:~ + set showbreak=> + + let mapleader=" " + + "# disable macro mode + map q + ''; + }; + + tmux = { + enable = true; + historyLimit = 10000; + }; + + fzf = { + enable = true; + enableZshIntegration = true; + }; + + zsh = { + enable = true; + dotDir = ".config/zsh"; + #enableCompletions = true; + #autosuggestions.enable = true; + syntaxHighlighting.enable = true; + oh-my-zsh = { + enable = true; + plugins = [ "git" ]; + theme = "robbyrussell"; + }; + }; + + git = { + enable = true; + userName = "Faris"; + userEmail = "faris@mektem.com"; + }; + }; + +} diff --git a/home/desktop.nix b/home/desktop.nix new file mode 100644 index 0000000..f3f12fc --- /dev/null +++ b/home/desktop.nix @@ -0,0 +1,48 @@ +{ pkgs, ... }: + +{ + programs = { + + mpv = { + enable = true; + + package = ( + pkgs.mpv-unwrapped.wrapper { + scripts = with pkgs.mpvScripts; [ + #uosc + sponsorblock + ]; + + mpv = pkgs.mpv-unwrapped.override { + waylandSupport = true; + }; + } + ); + + config = { + profile = "high-quality"; + ytdl-format = "bestvideo+bestaudio"; + cache-default = 4000000; + loop-file = "inf"; + }; + }; + + joplin-desktop = { + enable = true; + sync.target = "joplin-server"; + }; + }; + # add bookmarks for shared drives + xdg.configFile."gtk-3.0/bookmarks" = { + force = true; + text = '' + file:/// root + file:///mnt/data data + file:///mnt/media media + file:///mnt/services services + ''; + }; + + # Don't touch + home.stateVersion = "24.11"; +} diff --git a/home/podman.nix b/home/podman.nix new file mode 100644 index 0000000..28ab926 --- /dev/null +++ b/home/podman.nix @@ -0,0 +1,871 @@ +{ + lib, + pkgs, + config, + ... +}: + +{ + services.podman.enable = true; + services.podman.autoUpdate.enable = true; + services.podman.autoUpdate.onCalendar = "*-*-* 00:00"; + services.podman.containers = { + + actual = { + image = "docker.io/actualbudget/actual-server:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/actual:/data" + ]; + ports = [ + "5006:5006" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + archivebox = { + image = "docker.io/archivebox/archivebox:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/archivebox" + ]; + volumes = [ + "/mnt/services/podman/archivebox:/data" + ]; + ports = [ + "8002:8000" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + bazarr = { + image = "lscr.io/linuxserver/bazarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/bazarr:/config" + "/mnt/media/video/movies:/movies" + "/mnt/media/video/tv:/tv" + ]; + ports = [ + "6767:6767" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + ddclient = { + image = "lscr.io/linuxserver/ddclient:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/ddclient:/config" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + eclipse-mosquitto = { + image = "docker.io/eclipse-mosquitto:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/eclipse-mosquitto:/mosquitto" + ]; + ports = [ + "1883:1883" + "9001:9001" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + freshrss = { + image = "lscr.io/linuxserver/freshrss:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/home/admin/podman/freshrss:/config" + ]; + ports = [ + "8555:80" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + frigate = { + image = "ghcr.io/blakeblackshear/frigate:stable"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + devices = [ "nvidia.com/gpu=all" ]; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/frigate" + ]; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/mnt/services/podman/frigate:/config" + "/mnt/services/cctv:/media/frigate" + ]; + ports = [ + "5005:5000" + "5001:8971" + "1935:1935" + "8554:8554" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + gitea = { + image = "docker.gitea.com/gitea:1.23.7"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/gitea" + ]; + volumes = [ + "/mnt/services/podman/gitea:/data" + ]; + ports = [ + "3001:3000" + "222:22" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + home-assistant = { + image = "ghcr.io/home-assistant/home-assistant:stable"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/mnt/services/podman/homeassistant:/config" + ]; + ports = [ + "8123:8123" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-db = { + image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/immich" + ]; + volumes = [ + "/mnt/services/podman/immich/db:/var/lib/postgresql/data:z" + ]; + ports = [ + "5433:5432" + ]; + userNS = "keep-id"; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-machine-learning = { + image = "ghcr.io/immich-app/immich-machine-learning:release-cuda"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/immich" + ]; + volumes = [ + "/mnt/services/podman/immich/cache:/cache" + ]; + ports = [ + "3003:3003" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-redis = { + image = "registry.hub.docker.com/library/redis:6.2-alpine"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/immich" + ]; + ports = [ + "6379:6379" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-server = { + image = "ghcr.io/immich-app/immich-server:release"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/immich" + ]; + volumes = [ + "/mnt/services/immich:/usr/src/app/upload" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ + "2283:2283" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + jellyfin = { + image = "docker.io/jellyfin/jellyfin:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + devices = [ "nvidia.com/gpu=all" ]; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/jellyfin:/config" + "/mnt/media/video/movies:/movies" + "/mnt/media/video/tv:/tv" + "/mnt/media/audio/music/flac:/music" + "/mnt/media/video/family:/family" + "/mnt/media/video/livetv:/livetv" + ]; + ports = [ + "8096:8096" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + jellyseerr = { + image = "ghcr.io/fallenbagel/jellyseerr"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/jellyseerr:/app/config" + ]; + ports = [ + "5055:5055" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + joplin = { + image = "docker.io/joplin/server:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/joplin" + ]; + ports = [ + "22300:22300" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + joplin-db = { + image = "docker.io/postgres:15"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/joplin" + ]; + volumes = [ + "/home/admin/podman/joplin-db:/var/lib/postgresql/data" + ]; + ports = [ + "5432:5432" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + kiwix = { + image = "ghcr.io/kiwix/kiwix-serve:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + exec = "*.zim"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/media/kiwix:/data" + ]; + ports = [ + "8088:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + lidarr = { + image = "lscr.io/linuxserver/lidarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/lidarr:/config" + "/mnt/media/audio/music/flac:/music" + "/mnt/media/torrents:/downloads" + ]; + ports = [ + "8686:8686" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + metube = { + image = "ghcr.io/alexta69/metube:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/media/youtube-dl:/downloads" + "/mnt/media/audio/music/flac:/music" + ]; + ports = [ + "8081:8081" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + nginx = { + image = "docker.io/nginx:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/nginx" + ]; + volumes = [ + "/mnt/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro" + "/mnt/services/podman/nginx/html:/usr/share/nginx/html" + ]; + ports = [ + "888:80" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + nginx-proxy-manager = { + image = "docker.io/jc21/nginx-proxy-manager:2.9.22"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/nginx-proxy-manager:/data" + "/mnt/services/podman/letsencrypt:/etc/letsencrypt" + ]; + ports = [ + "80:80" + "443:443" + "81:81" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + ollama = { + image = "docker.io/ollama/ollama:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/ollama" + ]; + volumes = [ + "/mnt/services/podman/ollama:/root/.ollama" + ]; + ports = [ + "11434:11434" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + open-webui = { + image = "ghcr.io/open-webui/open-webui:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/open-webui" + ]; + volumes = [ + "/mnt/services/podman/open-webui:/app/backend/data" + ]; + ports = [ + "3000:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + prowlarr = { + image = "lscr.io/linuxserver/prowlarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/prowlarr:/config" + ]; + ports = [ + "9696:9696" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + radarr = { + image = "lscr.io/linuxserver/radarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/radarr:/config" + "/mnt/media/video/movies:/movies" + "/mnt/media/torrents:/downloads" + ]; + ports = [ + "7878:7878" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + readarr = { + image = "lscr.io/linuxserver/readarr:develop"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/readarr:/config" + "/mnt/media/books:/books" + "/mnt/media/torrents:/downloads" + ]; + ports = [ + "8787:8787" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + rutorrent = { + image = "docker.io/crazymax/rtorrent-rutorrent:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/home/admin/podman/rutorrent/passwd:/passwd" + "/home/admin/podman/rutorrent/data:/data" + "/mnt/media/torrents:/downloads" + ]; + ports = [ + "8888:8080" + "5000:8000" + "50000:50000" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + searxng = { + image = "docker.io/searxng/searxng:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/searxng:/etc/searxng" + ]; + ports = [ + "8880:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + sonarr = { + image = "lscr.io/linuxserver/sonarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/sonarr:/config" + "/mnt/media/video/tv:/tv" + "/mnt/media/torrents:/downloads" + ]; + ports = [ + "8989:8989" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + tandoor = { + image = "docker.io/vabene1111/recipes"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/tandoor" + ]; + volumes = [ + "/mnt/services/podman/tandoor/staticfiles:/opt/recipes/staticfiles" + "/mnt/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles" + ]; + ports = [ + "9092:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + tandoor-db = { + image = "docker.io/postgres:16-alpine"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/tandoor" + ]; + volumes = [ + "/home/admin/podman/tandoor/db:/var/lib/postgresql/data" + ]; + ports = [ + "5434:5432" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + thelounge = { + image = "lscr.io/linuxserver/thelounge:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/thelounge:/config" + ]; + ports = [ + "9000:9000" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + unifi-network-application = { + image = "lscr.io/linuxserver/unifi-network-application:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/unifi-network-application" + ]; + volumes = [ + "/mnt/services/podman/unifi-network-application:/config" + ]; + ports = [ + "8443:8443" + "10001:10001/udp" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + unifi-network-application-db = { + image = "docker.io/mongo:7.0"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/unifi-network-application" + ]; + volumes = [ + "/mnt/services/podman/unifi-network-application-db" + ]; + ports = [ + "27017:27017" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + vaultwarden = { + image = "docker.io/vaultwarden/server:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/vaultwarden" + ]; + volumes = [ + "/mnt/services/podman/vaultwarden:/data/" + ]; + ports = [ + "8000:80" + "3012:3012" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + wireguard = { + image = "lscr.io/linuxserver/wireguard:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + addCapabilities = [ + "NET_RAW" + "NET_ADMIN" + "SYS_MODULE" + ]; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/wireguard" + ]; + volumes = [ + "/mnt/services/podman/wireguard:/config" + #"/lib/modules:/lib/modules" + ]; + ports = [ + "51820:51820/udp" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + zigbee2mqtt = { + image = "docker.io/koenkk/zigbee2mqtt"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + devices = [ "/dev/ttyACM0:/dev/ttyACM0" ]; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/zigbee2mqtt:/app/data" + ]; + ports = [ + "8808:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + }; + + # Don't touch + home.stateVersion = "24.11"; +} diff --git a/hosts/desktop/hardware.nix b/hosts/desktop/hardware.nix new file mode 100644 index 0000000..44587c8 --- /dev/null +++ b/hosts/desktop/hardware.nix @@ -0,0 +1,61 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "uas" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/ba76c63c-7fe5-4e61-8b24-0961de838681"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-2af03012-1c9a-4245-8b4d-a4df773d6a14".device = + "/dev/disk/by-uuid/2af03012-1c9a-4245-8b4d-a4df773d6a14"; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7AEC-64D7"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/34d32441-0c17-4592-b026-56b28bf7e3bf"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/desktop/settings.nix b/hosts/desktop/settings.nix new file mode 100644 index 0000000..80cb1d4 --- /dev/null +++ b/hosts/desktop/settings.nix @@ -0,0 +1,37 @@ +{ config, ... }: + +{ + boot.kernelParams = [ + "nvidia_drm.modeset=1" + "nvidia_drm.fbdev=1" + "nvidia.NVreg_PreserveVideoMemoryAllocations=1" + "module_blacklist=amdgpu" + ]; + networking.hostName = "nixos-desktop"; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices."luks-d6ea38c1-693a-4aa1-b844-24f005b321ab".device = + "/dev/disk/by-uuid/d6ea38c1-693a-4aa1-b844-24f005b321ab"; + + services.xserver.videoDrivers = [ "nvidia" ]; + + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = true; + powerManagement.finegrained = false; + open = false; + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + + # this fixes the sleep/wake issue + systemd.services."systemd-suspend" = { + serviceConfig = { + Environment = ''"SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false"''; + }; + }; + + system.stateVersion = "24.11"; +} diff --git a/hosts/server/hardware.nix b/hosts/server/hardware.nix new file mode 100644 index 0000000..133ddfd --- /dev/null +++ b/hosts/server/hardware.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ahci" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/b2f2c042-9011-455a-bc30-fbe632ffa293"; + fsType = "ext4"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/29b09fa3-40a4-4ba9-bfcd-34e50d5aa2d5"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/server/settings.nix b/hosts/server/settings.nix new file mode 100644 index 0000000..d7a811f --- /dev/null +++ b/hosts/server/settings.nix @@ -0,0 +1,121 @@ +{ config, pkgs, ... }: + +{ + users.users.admin.linger = true; + age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ]; + + nixpkgs.config.allowUnfree = true; + hardware.nvidia-container-toolkit.enable = true; + + services.xserver.videoDrivers = [ "nvidia" ]; + + hardware.graphics.enable = true; + + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = true; + powerManagement.finegrained = false; + open = false; + nvidiaSettings = false; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + + networking.hostName = "nixos-server"; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.useOSProber = true; + + environment.systemPackages = with pkgs; [ + zsh + htop + fastfetch + restic + nixpkgs-fmt + nixfmt-rfc-style + ]; + + networking.firewall.enable = false; + networking.interfaces.ens18.ipv4.addresses = [ + { + address = "192.168.0.30"; + prefixLength = 24; + } + ]; + networking.defaultGateway = "192.168.0.1"; + networking.nameservers = [ "1.1.1.1" ]; + + boot.kernel.sysctl = { + "net.ipv4.ip_unprivileged_port_start" = 80; + "net.ipv4.conf.all.src_valid_mark" = 1; + "net.ipv4.conf.all.forwarding" = 1; + "net.ipv4.ip_forward" = 1; + }; + + virtualisation = { + containers.enable = true; + podman = { + enable = true; + autoPrune.enable = true; + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; + }; + + age.secrets = { + "restic/environmentFile".file = ../../secrets/restic/environmentFile.age; + "restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age; + "restic/passwordFile".file = ../../secrets/restic/passwordFile.age; + }; + + services.restic.backups.backup = { + initialize = true; + environmentFile = config.age.secrets."restic/environmentFile".path; + repositoryFile = config.age.secrets."restic/repositoryFile".path; + passwordFile = config.age.secrets."restic/passwordFile".path; + + paths = [ + "/mnt/services" + "/mnt/data" + ]; + + exclude = [ + "/mnt/services/cctv" + ]; + + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + ]; + + }; + + systemd.timers."prune-podman" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + Unit = "podman-prune.service"; + }; + }; + + systemd.services."prune-podman" = { + script = '' + set -eu + ${pkgs.coreutils}/bin/echo "heeeeelpppppp" + ${pkgs.podman}/bin/podman system prune -af + ''; + serviceConfig = { + Type = "oneshot"; + User = "admin"; + }; + }; + + system.stateVersion = "24.11"; + + # give permissions for zigbee USB transceiver + system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0''; +} diff --git a/secrets/podman/archivebox.age b/secrets/podman/archivebox.age new file mode 100644 index 0000000..441616c --- /dev/null +++ b/secrets/podman/archivebox.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w YrkLsFjR7+oYed3CT1NTy2pAFdB5R5zdxKO7mALhGxI +Mf+GTmElPO7u0t0btC6OQPvYsOZK55V3U/kXy1Q5DoE +--- PBhiiGF8DyW6h8xHM9nbKc8Hy6gdwSXL4KHLegbVrOY +Z +wx]qbI 4>Aݒ3l9 MjrT#` …)܉xvtMdù4p\<rÊ9 ssh-ed25519 XBJw1w pV0hcqdF8HNjmPqhNZcNNpYct2gjChqMIt3T2V4pbg4 +h99ssWIwfePRODbgKsgxTiSQRYPxSU6ALJYKBE4uYSM +--- F3f51NlLMKQXb2QKjX5IlCpaK6y6Tc3neFL5yGQuaQs + VқIucG;  y]=tx>t:.-Qw~n"i@k bH +}̥ \ No newline at end of file diff --git a/secrets/podman/frigate.age b/secrets/podman/frigate.age new file mode 100644 index 0000000..ae8aa1d --- /dev/null +++ b/secrets/podman/frigate.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w CPGMAFD2JqqasZ2zBXeYjcKDMmjRvvQn0p1T4WzgzTQ +g2Pg6kOnlRAUMtRO9bVFRukNoKJX9ZoDypcqCrBfsOI +--- t9bhlp4c+srjytHQtjfoPoLkSRMhz8+UN/Uh2mcs9GI +\Y CgO6ȭo6H + 7ul +ph2|mtQXXv u cdF \ No newline at end of file diff --git a/secrets/podman/gitea.age b/secrets/podman/gitea.age new file mode 100644 index 0000000..549f9eb Binary files /dev/null and b/secrets/podman/gitea.age differ diff --git a/secrets/podman/immich.age b/secrets/podman/immich.age new file mode 100644 index 0000000..1aee997 Binary files /dev/null and b/secrets/podman/immich.age differ diff --git a/secrets/podman/joplin.age b/secrets/podman/joplin.age new file mode 100644 index 0000000..4b4fbe5 --- /dev/null +++ b/secrets/podman/joplin.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w IRiClsh/t9oYx54GwyzXiXGhafCQsoAqhX3KYd1MLAU +Q30hHqH+rrFvTxKQp3/6e0IrGs8UEt7Q3ukhzYDilBg +--- 7zos7CO/1R0oM3Po32TdtT2vn+0dZNuwXimY5oCTw6E +r0TD9uC)MѫU35}ɘW4 , `4C6 ssh-ed25519 XBJw1w dfIt9D68fTDiv3E/vRCAulWPFtiQHQPkAHwmgTT3iVc +nI5jOSRnaXwuzuosmDwn/WDEpSeWGT3/5wQ4U5tCcQU +--- 4By9gEMbv47Ty1hcnaIjlXjD6Ruz54mHZ3oFyhjGoKU +%i5ĵkUD=m=(~¿tYN3V5HmM7* \ No newline at end of file diff --git a/secrets/podman/old/host_ip.age b/secrets/podman/old/host_ip.age new file mode 100644 index 0000000..143a955 --- /dev/null +++ b/secrets/podman/old/host_ip.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w xlTqx7SHEtpjf7o09+3NRQcdOU8O6G8RayAln5nXa3k +hqneq8qtnDlzpg10LCKQZFoxzmHP0TmdwaGzVJwqDT8 +--- bADrlXdsANlKpeI6aPqlP23JAM480M1DQ8uWfRNf2FI +8 b2~)G[T*\ W#=&˃Bzer \ No newline at end of file diff --git a/secrets/podman/old/immich_db_password.age b/secrets/podman/old/immich_db_password.age new file mode 100644 index 0000000..e69a303 --- /dev/null +++ b/secrets/podman/old/immich_db_password.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w uDKGYe0iG2aYNC0qbdMxZde4WoveT2w/qYCcXYiAvAI +Z83hIm4UPo1Y0GC4q9A5yh0hrwdMhedJ/Q7WM34iEJw +--- AFJLZCIEtkkFsmCJhz2NOjeyXVjMON+6ho57r0WGOQo +(+Mt!ਏC]ք>nk \ No newline at end of file diff --git a/secrets/podman/old/joplin_password.age b/secrets/podman/old/joplin_password.age new file mode 100644 index 0000000..6c970c7 --- /dev/null +++ b/secrets/podman/old/joplin_password.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w b2jXA+YoWTi+0k4hGa4PpXWnDNdvYlAabsbFEtQVuxs +xxVUlBbreKZ43LkNMxC4EkHeQM9N7zg+Os07MMO/tUo +--- zulfS/NwoQvQJaHcKLsE0y4Zgd9pdaI5HTFeLn1aWww +"x(wmf<*/wKXޓ/}2ܟ \ No newline at end of file diff --git a/secrets/podman/old/personal_site_host.age b/secrets/podman/old/personal_site_host.age new file mode 100644 index 0000000..4c9634b --- /dev/null +++ b/secrets/podman/old/personal_site_host.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w FUG2pT0R1avaaqVy8Vpy5QrYxlvY3+vVCCgavBw3xlg +12nHFrhBaMB6cSIkoFwJBQJoR6LHDDOdOrvtHKWtXhg +--- 0WGJ0gBPnNZen1p6BjRTtO//Fcth6bP+kF6UGuHoZ1g +.0V'лĐ}4~'*[L^2csn \ No newline at end of file diff --git a/secrets/podman/old/public_ip.age b/secrets/podman/old/public_ip.age new file mode 100644 index 0000000..8509353 Binary files /dev/null and b/secrets/podman/old/public_ip.age differ diff --git a/secrets/podman/old/rtsp_password.age b/secrets/podman/old/rtsp_password.age new file mode 100644 index 0000000..a9ee350 --- /dev/null +++ b/secrets/podman/old/rtsp_password.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w IeLI2Bq8rRH28AytcdzLZmY0qI3HE1NRazbXlZ9m0DA +m6LOrMY3s4oEizfeSk0k94xSHCs1ONXvtU4DZU612DA +--- 2FuHGub471XSe8rh4N/cuWNGCxH/eptxV+uc0vqzBCs +_ Ȓ;-gHo'nW1IhNT|W \ No newline at end of file diff --git a/secrets/podman/ollama.age b/secrets/podman/ollama.age new file mode 100644 index 0000000..fc8a642 --- /dev/null +++ b/secrets/podman/ollama.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w 57h4tQZaUZb2KEeBJYvFm540IJdKtOMZKUy+IoMhSCc +DWqRNJ4tIug47ZfGKZZ4lA6fuOjen/1G7mViwuwdXnw +--- /j7V6AfcdpzpApHvNWyNWEivlup/t41thrItJe9ZNXg +}I ϵ+q*wM~"W@seҕh6v-ؒu7h_ \ No newline at end of file diff --git a/secrets/podman/open-webui.age b/secrets/podman/open-webui.age new file mode 100644 index 0000000..a9117e3 Binary files /dev/null and b/secrets/podman/open-webui.age differ diff --git a/secrets/podman/tandoor.age b/secrets/podman/tandoor.age new file mode 100644 index 0000000..33a4592 Binary files /dev/null and b/secrets/podman/tandoor.age differ diff --git a/secrets/podman/unifi-network-application.age b/secrets/podman/unifi-network-application.age new file mode 100644 index 0000000..96490c3 Binary files /dev/null and b/secrets/podman/unifi-network-application.age differ diff --git a/secrets/podman/vaultwarden.age b/secrets/podman/vaultwarden.age new file mode 100644 index 0000000..aaf1682 --- /dev/null +++ b/secrets/podman/vaultwarden.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w 6rRcfL/VxHcTPjh+iS8nDleqqBbd3/zkHjj89eYGLDU +YSdAVEsmO4L2TbYMY/fjUwYo91GHSRxtDmG4MqYY2i8 +--- JPrUeceRt2ABYPpX8nnyKl/Kxd2zEix2MQAmiR/eD84 +GT$Hk-.{jL˻dLrL5,Z$>b`+w|"$zeqauQgm( d7I׿й$x[i?i24^Q^P9ۡ; W ssh-ed25519 XBJw1w 5QBy9W87Ku629S6LyEnmP0D9XjZ+lprKLfgfKhKEliA +slX94kja145e7sKi+kSF6HgrRIgnb7P8N1jT/BgzvWM +--- kEdZbGsXLYj3s917fUUV93Ht7x90hSjEMUXS82nWmho +ף5D;ݤ9IuL$˶ +']"Vg%x5 ssh-ed25519 XBJw1w ZDccgWxYDXp8C4PUSnFJvUsHD9dvkVgy7sHdKpRNhgg +DTWL2jyTo79eB9npr0CRHQYH7yx/OFowpjUTt2HUx7I +--- APu/KvLmlr8noZOouXaSo4/sVGcxYzfnbGB4S/DKpkM +H5Y!g͖VuK U¨tt