From dbde26070463e8f9d51adc8fbddefd39584a0b43 Mon Sep 17 00:00:00 2001 From: admin Date: Mon, 16 Jun 2025 20:43:22 +0100 Subject: [PATCH] inital commit --- config/common.nix | 88 ++ config/desktop.nix | 212 +++++ flake.lock | 162 ++++ flake.nix | 67 ++ home/common.nix | 67 ++ home/desktop.nix | 48 + home/podman.nix | 871 +++++++++++++++++++ hosts/desktop/hardware.nix | 61 ++ hosts/desktop/settings.nix | 37 + hosts/server/hardware.nix | 46 + hosts/server/settings.nix | 121 +++ secrets/podman/archivebox.age | 6 + secrets/podman/default.age | 6 + secrets/podman/frigate.age | 7 + secrets/podman/gitea.age | Bin 0 -> 238 bytes secrets/podman/immich.age | Bin 0 -> 1314 bytes secrets/podman/joplin.age | 5 + secrets/podman/nginx.age | 5 + secrets/podman/old/host_ip.age | 5 + secrets/podman/old/immich_db_password.age | 5 + secrets/podman/old/joplin_password.age | 5 + secrets/podman/old/personal_site_host.age | 5 + secrets/podman/old/public_ip.age | Bin 0 -> 224 bytes secrets/podman/old/rtsp_password.age | 5 + secrets/podman/ollama.age | 5 + secrets/podman/open-webui.age | Bin 0 -> 397 bytes secrets/podman/tandoor.age | Bin 0 -> 371 bytes secrets/podman/unifi-network-application.age | Bin 0 -> 404 bytes secrets/podman/vaultwarden.age | 5 + secrets/podman/wireguard.age | Bin 0 -> 346 bytes secrets/restic/environmentFile.age | 6 + secrets/restic/passwordFile.age | 6 + secrets/restic/repositoryFile.age | Bin 0 -> 228 bytes secrets/secrets.nix | 22 + 34 files changed, 1878 insertions(+) create mode 100644 config/common.nix create mode 100644 config/desktop.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 home/common.nix create mode 100644 home/desktop.nix create mode 100644 home/podman.nix create mode 100644 hosts/desktop/hardware.nix create mode 100644 hosts/desktop/settings.nix create mode 100644 hosts/server/hardware.nix create mode 100644 hosts/server/settings.nix create mode 100644 secrets/podman/archivebox.age create mode 100644 secrets/podman/default.age create mode 100644 secrets/podman/frigate.age create mode 100644 secrets/podman/gitea.age create mode 100644 secrets/podman/immich.age create mode 100644 secrets/podman/joplin.age create mode 100644 secrets/podman/nginx.age create mode 100644 secrets/podman/old/host_ip.age create mode 100644 secrets/podman/old/immich_db_password.age create mode 100644 secrets/podman/old/joplin_password.age create mode 100644 secrets/podman/old/personal_site_host.age create mode 100644 secrets/podman/old/public_ip.age create mode 100644 secrets/podman/old/rtsp_password.age create mode 100644 secrets/podman/ollama.age create mode 100644 secrets/podman/open-webui.age create mode 100644 secrets/podman/tandoor.age create mode 100644 secrets/podman/unifi-network-application.age create mode 100644 secrets/podman/vaultwarden.age create mode 100644 secrets/podman/wireguard.age create mode 100644 secrets/restic/environmentFile.age create mode 100644 secrets/restic/passwordFile.age create mode 100644 secrets/restic/repositoryFile.age create mode 100644 secrets/secrets.nix diff --git a/config/common.nix b/config/common.nix new file mode 100644 index 0000000..d5d75ab --- /dev/null +++ b/config/common.nix @@ -0,0 +1,88 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ + config, + pkgs, + home-manager, + ... +}: + +{ + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/London"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_GB.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_GB.UTF-8"; + LC_IDENTIFICATION = "en_GB.UTF-8"; + LC_MEASUREMENT = "en_GB.UTF-8"; + LC_MONETARY = "en_GB.UTF-8"; + LC_NAME = "en_GB.UTF-8"; + LC_NUMERIC = "en_GB.UTF-8"; + LC_PAPER = "en_GB.UTF-8"; + LC_TELEPHONE = "en_GB.UTF-8"; + LC_TIME = "en_GB.UTF-8"; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.admin = { + isNormalUser = true; + description = "admin"; + shell = pkgs.zsh; + extraGroups = [ + "networkmanager" + "wheel" + ]; + packages = with pkgs; [ + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + programs = { + zsh.enable = true; + }; + + fileSystems."/mnt/media" = { + device = "192.168.0.20:/mnt/pool/media"; + fsType = "nfs"; + }; + fileSystems."/mnt/services" = { + device = "192.168.0.20:/mnt/pool/services"; + fsType = "nfs"; + }; + fileSystems."/mnt/data" = { + device = "192.168.0.20:/mnt/pool/data"; + fsType = "nfs"; + }; + + nix = { + gc.automatic = true; + optimise.automatic = true; + }; + +} diff --git a/config/desktop.nix b/config/desktop.nix new file mode 100644 index 0000000..44abd45 --- /dev/null +++ b/config/desktop.nix @@ -0,0 +1,212 @@ +{ pkgs, ... }: + +{ + + hardware.graphics = { + enable = true; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + # Enable automatic login for the user. + services.displayManager.autoLogin.enable = true; + services.displayManager.autoLogin.user = "admin"; + + # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229 + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@tty1".enable = false; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + boot = { + # Graphical boot + plymouth.enable = true; + # Allow higher virtual memory for games + kernel.sysctl."vm.max_map_count" = 2147483642; + }; + + environment.gnome.excludePackages = with pkgs; [ + epiphany # web browser + geary # email + gnome-calendar + gnome-music + gnome-software + gnome-tour + totem # video player + xterm + yelp # help + ]; + + environment.systemPackages = with pkgs; [ + audacity + blender + #cura + gimp + gnomeExtensions.appindicator + gnomeExtensions.blur-my-shell + gnomeExtensions.dash-to-dock + inkscape + joplin-desktop + kiwix + libreoffice + obs-studio + ollama + protonmail-desktop + prismlauncher + ungoogled-chromium + signal-desktop + wireshark + monero-gui + vscodium + zsh + dconf-editor + + #gaymig? + heroic + lutris + + #TUI + fastfetch + nixfmt-rfc-style + yt-dlp + ansible + cataclysm-dda + exiftool + ffmpeg + git + htop + lm_sensors + mangohud + mediainfo + pciutils # lspci + nmap + #umu-launcher + qrencode + smartmontools + nixpkgs-fmt # nix formatter + ]; + + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk-sans + #noto-fonts-emoji + noto-fonts-extra + whatsapp-emoji-font + corefonts + fantasque-sans-mono + ]; + + programs = { + coolercontrol = { + enable = true; + nvidiaSupport = true; + }; + + gamescope = { + enable = true; + capSysNice = true; + }; + + steam = { + enable = true; + gamescopeSession.enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + + gamemode.enable = true; + + dconf = { + enable = true; + profiles.user.databases = [ + { + lockAll = true; # prevents overriding + settings = { + "org/gnome/shell" = { + favourite-apps = [ + "org.gnome.Nautilus.desktop" + "chromium-browser.desktop" + "proton-mail.desktop" + "@joplinapp-desktop.desktop" + "signal-desktop.desktop" + "steam.desktop" + "org.gnome.Settings.desktop" + "org.gnome.Console.desktop" + ]; + enabled-extensions = [ + pkgs.gnomeExtensions.appindicator.extensionUuid + pkgs.gnomeExtensions.blur-my-shell.extensionUuid + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + ]; + }; + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + "org/gnome/desktop/interface" = { + clock-show-weekday = true; + color-scheme = "prefer-dark"; + document-font-name = "Noto Sans 11"; + enable-hot-corners = false; + font-name = "Noto Sans 11"; + gtk-theme = "Adwaita-dark"; + monospace-font-name = "Fantasque Sans Mono 12"; + }; + "org/gnome/desktop/peripherals.mouse" = { + accel-profile = "flat"; + }; + "org/gnome/desktop/wm/preferences" = { + button-layout = ":minimize,maximize,close"; + }; + "org/gnome/nautilus/list-view" = { + default-zoom-level = "small"; + }; + "org/gnome/nautilus/preferences" = { + default-folder-viewer = "list-view"; + }; + "org/gnome/shell/extensions/dash-to-dock" = { + #apply-custom-theme = true; + click-action = "focus-minimize-or-previews"; + dock-fixed = true; + multi-monitor = true; + show-mounts = false; + show-show-apps-button = false; + }; + "org/gnome/shell/keybindings" = { + show-screenshot-ui = "s"; + }; + }; + } + ]; + }; + }; + +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..1645f36 --- /dev/null +++ b/flake.lock @@ -0,0 +1,162 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "owner": "ryantm", + "repo": "agenix", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747556831, + "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "e81fd167b33121269149c57806599045fd33eeed", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1745391562, + "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1747825515, + "narHash": "sha256-BWpMQymVI73QoKZdcVCxUCCK3GNvr/xa2Dc4DM1o2BE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cd2812de55cf87df88a9e09bf3be1ce63d50c1a6", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "home-manager": "home-manager_2", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_2" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..68609c0 --- /dev/null +++ b/flake.nix @@ -0,0 +1,67 @@ +{ + description = "A very basic flake"; + + inputs = { + agenix.url = "github:ryantm/agenix"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixos-hardware.url = "github:nixos/nixos-hardware/master"; + home-manager.url = "github:nix-community/home-manager/release-25.05"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = + { + self, + nixpkgs, + nixos-hardware, + home-manager, + agenix, + }: + { + nixosConfigurations.desktop = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./config/common.nix + ./config/desktop.nix + ./hosts/desktop/hardware.nix + ./hosts/desktop/settings.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.admin = { + imports = [ + ./home/common.nix + ./home/desktop.nix + ]; + }; + } + ]; + }; + + nixosConfigurations.nixos-server = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./config/common.nix + ./hosts/server/hardware.nix + ./hosts/server/settings.nix + agenix.nixosModules.default + { + environment.systemPackages = [ agenix.packages.x86_64-linux.default ]; + } + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.admin = { + imports = [ + ./home/common.nix + ./home/podman.nix + agenix.homeManagerModules.default + ]; + }; + } + ]; + }; + }; +} diff --git a/home/common.nix b/home/common.nix new file mode 100644 index 0000000..49f7204 --- /dev/null +++ b/home/common.nix @@ -0,0 +1,67 @@ +{ + + programs = { + + neovim = { + enable = true; + viAlias = true; + vimAlias = true; + extraConfig = '' + set nocompatible + syntax on + + set fileformat=unix + set encoding=utf8 + set number relativenumber + set wrap + + set tabstop=4 + set shiftwidth=4 + set softtabstop=4 + set smarttab + set autoindent + set colorcolumn=80 + highlight ColorColumn ctermbg=8 + + set clipboard=unnamed,unnamedplus + set list listchars=tab:>-,trail:_,extends:>,precedes:<,nbsp:~ + set showbreak=> + + let mapleader=" " + + "# disable macro mode + map q + ''; + }; + + tmux = { + enable = true; + historyLimit = 10000; + }; + + fzf = { + enable = true; + enableZshIntegration = true; + }; + + zsh = { + enable = true; + dotDir = ".config/zsh"; + #enableCompletions = true; + #autosuggestions.enable = true; + syntaxHighlighting.enable = true; + oh-my-zsh = { + enable = true; + plugins = [ "git" ]; + theme = "robbyrussell"; + }; + }; + + git = { + enable = true; + userName = "Faris"; + userEmail = "faris@mektem.com"; + }; + }; + +} diff --git a/home/desktop.nix b/home/desktop.nix new file mode 100644 index 0000000..f3f12fc --- /dev/null +++ b/home/desktop.nix @@ -0,0 +1,48 @@ +{ pkgs, ... }: + +{ + programs = { + + mpv = { + enable = true; + + package = ( + pkgs.mpv-unwrapped.wrapper { + scripts = with pkgs.mpvScripts; [ + #uosc + sponsorblock + ]; + + mpv = pkgs.mpv-unwrapped.override { + waylandSupport = true; + }; + } + ); + + config = { + profile = "high-quality"; + ytdl-format = "bestvideo+bestaudio"; + cache-default = 4000000; + loop-file = "inf"; + }; + }; + + joplin-desktop = { + enable = true; + sync.target = "joplin-server"; + }; + }; + # add bookmarks for shared drives + xdg.configFile."gtk-3.0/bookmarks" = { + force = true; + text = '' + file:/// root + file:///mnt/data data + file:///mnt/media media + file:///mnt/services services + ''; + }; + + # Don't touch + home.stateVersion = "24.11"; +} diff --git a/home/podman.nix b/home/podman.nix new file mode 100644 index 0000000..28ab926 --- /dev/null +++ b/home/podman.nix @@ -0,0 +1,871 @@ +{ + lib, + pkgs, + config, + ... +}: + +{ + services.podman.enable = true; + services.podman.autoUpdate.enable = true; + services.podman.autoUpdate.onCalendar = "*-*-* 00:00"; + services.podman.containers = { + + actual = { + image = "docker.io/actualbudget/actual-server:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/actual:/data" + ]; + ports = [ + "5006:5006" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + archivebox = { + image = "docker.io/archivebox/archivebox:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/archivebox" + ]; + volumes = [ + "/mnt/services/podman/archivebox:/data" + ]; + ports = [ + "8002:8000" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + bazarr = { + image = "lscr.io/linuxserver/bazarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/bazarr:/config" + "/mnt/media/video/movies:/movies" + "/mnt/media/video/tv:/tv" + ]; + ports = [ + "6767:6767" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + ddclient = { + image = "lscr.io/linuxserver/ddclient:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/ddclient:/config" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + eclipse-mosquitto = { + image = "docker.io/eclipse-mosquitto:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/eclipse-mosquitto:/mosquitto" + ]; + ports = [ + "1883:1883" + "9001:9001" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + freshrss = { + image = "lscr.io/linuxserver/freshrss:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/home/admin/podman/freshrss:/config" + ]; + ports = [ + "8555:80" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + frigate = { + image = "ghcr.io/blakeblackshear/frigate:stable"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + devices = [ "nvidia.com/gpu=all" ]; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/frigate" + ]; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/mnt/services/podman/frigate:/config" + "/mnt/services/cctv:/media/frigate" + ]; + ports = [ + "5005:5000" + "5001:8971" + "1935:1935" + "8554:8554" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + gitea = { + image = "docker.gitea.com/gitea:1.23.7"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/gitea" + ]; + volumes = [ + "/mnt/services/podman/gitea:/data" + ]; + ports = [ + "3001:3000" + "222:22" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + home-assistant = { + image = "ghcr.io/home-assistant/home-assistant:stable"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/mnt/services/podman/homeassistant:/config" + ]; + ports = [ + "8123:8123" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-db = { + image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/immich" + ]; + volumes = [ + "/mnt/services/podman/immich/db:/var/lib/postgresql/data:z" + ]; + ports = [ + "5433:5432" + ]; + userNS = "keep-id"; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-machine-learning = { + image = "ghcr.io/immich-app/immich-machine-learning:release-cuda"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/immich" + ]; + volumes = [ + "/mnt/services/podman/immich/cache:/cache" + ]; + ports = [ + "3003:3003" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-redis = { + image = "registry.hub.docker.com/library/redis:6.2-alpine"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/immich" + ]; + ports = [ + "6379:6379" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + immich-server = { + image = "ghcr.io/immich-app/immich-server:release"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/immich" + ]; + volumes = [ + "/mnt/services/immich:/usr/src/app/upload" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ + "2283:2283" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + jellyfin = { + image = "docker.io/jellyfin/jellyfin:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + devices = [ "nvidia.com/gpu=all" ]; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/jellyfin:/config" + "/mnt/media/video/movies:/movies" + "/mnt/media/video/tv:/tv" + "/mnt/media/audio/music/flac:/music" + "/mnt/media/video/family:/family" + "/mnt/media/video/livetv:/livetv" + ]; + ports = [ + "8096:8096" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + jellyseerr = { + image = "ghcr.io/fallenbagel/jellyseerr"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/jellyseerr:/app/config" + ]; + ports = [ + "5055:5055" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + joplin = { + image = "docker.io/joplin/server:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/joplin" + ]; + ports = [ + "22300:22300" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + joplin-db = { + image = "docker.io/postgres:15"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/joplin" + ]; + volumes = [ + "/home/admin/podman/joplin-db:/var/lib/postgresql/data" + ]; + ports = [ + "5432:5432" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + kiwix = { + image = "ghcr.io/kiwix/kiwix-serve:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + exec = "*.zim"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/media/kiwix:/data" + ]; + ports = [ + "8088:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + lidarr = { + image = "lscr.io/linuxserver/lidarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/lidarr:/config" + "/mnt/media/audio/music/flac:/music" + "/mnt/media/torrents:/downloads" + ]; + ports = [ + "8686:8686" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + metube = { + image = "ghcr.io/alexta69/metube:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/media/youtube-dl:/downloads" + "/mnt/media/audio/music/flac:/music" + ]; + ports = [ + "8081:8081" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + nginx = { + image = "docker.io/nginx:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/nginx" + ]; + volumes = [ + "/mnt/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro" + "/mnt/services/podman/nginx/html:/usr/share/nginx/html" + ]; + ports = [ + "888:80" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + nginx-proxy-manager = { + image = "docker.io/jc21/nginx-proxy-manager:2.9.22"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/nginx-proxy-manager:/data" + "/mnt/services/podman/letsencrypt:/etc/letsencrypt" + ]; + ports = [ + "80:80" + "443:443" + "81:81" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + ollama = { + image = "docker.io/ollama/ollama:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/ollama" + ]; + volumes = [ + "/mnt/services/podman/ollama:/root/.ollama" + ]; + ports = [ + "11434:11434" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + open-webui = { + image = "ghcr.io/open-webui/open-webui:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/open-webui" + ]; + volumes = [ + "/mnt/services/podman/open-webui:/app/backend/data" + ]; + ports = [ + "3000:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + prowlarr = { + image = "lscr.io/linuxserver/prowlarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/prowlarr:/config" + ]; + ports = [ + "9696:9696" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + radarr = { + image = "lscr.io/linuxserver/radarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/radarr:/config" + "/mnt/media/video/movies:/movies" + "/mnt/media/torrents:/downloads" + ]; + ports = [ + "7878:7878" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + readarr = { + image = "lscr.io/linuxserver/readarr:develop"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/readarr:/config" + "/mnt/media/books:/books" + "/mnt/media/torrents:/downloads" + ]; + ports = [ + "8787:8787" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + rutorrent = { + image = "docker.io/crazymax/rtorrent-rutorrent:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/home/admin/podman/rutorrent/passwd:/passwd" + "/home/admin/podman/rutorrent/data:/data" + "/mnt/media/torrents:/downloads" + ]; + ports = [ + "8888:8080" + "5000:8000" + "50000:50000" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + searxng = { + image = "docker.io/searxng/searxng:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/searxng:/etc/searxng" + ]; + ports = [ + "8880:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + sonarr = { + image = "lscr.io/linuxserver/sonarr:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/sonarr:/config" + "/mnt/media/video/tv:/tv" + "/mnt/media/torrents:/downloads" + ]; + ports = [ + "8989:8989" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + tandoor = { + image = "docker.io/vabene1111/recipes"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/tandoor" + ]; + volumes = [ + "/mnt/services/podman/tandoor/staticfiles:/opt/recipes/staticfiles" + "/mnt/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles" + ]; + ports = [ + "9092:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + tandoor-db = { + image = "docker.io/postgres:16-alpine"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/tandoor" + ]; + volumes = [ + "/home/admin/podman/tandoor/db:/var/lib/postgresql/data" + ]; + ports = [ + "5434:5432" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + thelounge = { + image = "lscr.io/linuxserver/thelounge:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/thelounge:/config" + ]; + ports = [ + "9000:9000" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + unifi-network-application = { + image = "lscr.io/linuxserver/unifi-network-application:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/unifi-network-application" + ]; + volumes = [ + "/mnt/services/podman/unifi-network-application:/config" + ]; + ports = [ + "8443:8443" + "10001:10001/udp" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + unifi-network-application-db = { + image = "docker.io/mongo:7.0"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/unifi-network-application" + ]; + volumes = [ + "/mnt/services/podman/unifi-network-application-db" + ]; + ports = [ + "27017:27017" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + vaultwarden = { + image = "docker.io/vaultwarden/server:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/vaultwarden" + ]; + volumes = [ + "/mnt/services/podman/vaultwarden:/data/" + ]; + ports = [ + "8000:80" + "3012:3012" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + wireguard = { + image = "lscr.io/linuxserver/wireguard:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + addCapabilities = [ + "NET_RAW" + "NET_ADMIN" + "SYS_MODULE" + ]; + environmentFile = [ + "/mnt/services/secrets/default" + "/mnt/services/secrets/wireguard" + ]; + volumes = [ + "/mnt/services/podman/wireguard:/config" + #"/lib/modules:/lib/modules" + ]; + ports = [ + "51820:51820/udp" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + zigbee2mqtt = { + image = "docker.io/koenkk/zigbee2mqtt"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + devices = [ "/dev/ttyACM0:/dev/ttyACM0" ]; + environmentFile = [ + "/mnt/services/secrets/default" + ]; + volumes = [ + "/mnt/services/podman/zigbee2mqtt:/app/data" + ]; + ports = [ + "8808:8080" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + + }; + + # Don't touch + home.stateVersion = "24.11"; +} diff --git a/hosts/desktop/hardware.nix b/hosts/desktop/hardware.nix new file mode 100644 index 0000000..44587c8 --- /dev/null +++ b/hosts/desktop/hardware.nix @@ -0,0 +1,61 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "uas" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/ba76c63c-7fe5-4e61-8b24-0961de838681"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-2af03012-1c9a-4245-8b4d-a4df773d6a14".device = + "/dev/disk/by-uuid/2af03012-1c9a-4245-8b4d-a4df773d6a14"; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7AEC-64D7"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/34d32441-0c17-4592-b026-56b28bf7e3bf"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/desktop/settings.nix b/hosts/desktop/settings.nix new file mode 100644 index 0000000..80cb1d4 --- /dev/null +++ b/hosts/desktop/settings.nix @@ -0,0 +1,37 @@ +{ config, ... }: + +{ + boot.kernelParams = [ + "nvidia_drm.modeset=1" + "nvidia_drm.fbdev=1" + "nvidia.NVreg_PreserveVideoMemoryAllocations=1" + "module_blacklist=amdgpu" + ]; + networking.hostName = "nixos-desktop"; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices."luks-d6ea38c1-693a-4aa1-b844-24f005b321ab".device = + "/dev/disk/by-uuid/d6ea38c1-693a-4aa1-b844-24f005b321ab"; + + services.xserver.videoDrivers = [ "nvidia" ]; + + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = true; + powerManagement.finegrained = false; + open = false; + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + + # this fixes the sleep/wake issue + systemd.services."systemd-suspend" = { + serviceConfig = { + Environment = ''"SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false"''; + }; + }; + + system.stateVersion = "24.11"; +} diff --git a/hosts/server/hardware.nix b/hosts/server/hardware.nix new file mode 100644 index 0000000..133ddfd --- /dev/null +++ b/hosts/server/hardware.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ahci" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/b2f2c042-9011-455a-bc30-fbe632ffa293"; + fsType = "ext4"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/29b09fa3-40a4-4ba9-bfcd-34e50d5aa2d5"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/server/settings.nix b/hosts/server/settings.nix new file mode 100644 index 0000000..d7a811f --- /dev/null +++ b/hosts/server/settings.nix @@ -0,0 +1,121 @@ +{ config, pkgs, ... }: + +{ + users.users.admin.linger = true; + age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ]; + + nixpkgs.config.allowUnfree = true; + hardware.nvidia-container-toolkit.enable = true; + + services.xserver.videoDrivers = [ "nvidia" ]; + + hardware.graphics.enable = true; + + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = true; + powerManagement.finegrained = false; + open = false; + nvidiaSettings = false; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + + networking.hostName = "nixos-server"; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.useOSProber = true; + + environment.systemPackages = with pkgs; [ + zsh + htop + fastfetch + restic + nixpkgs-fmt + nixfmt-rfc-style + ]; + + networking.firewall.enable = false; + networking.interfaces.ens18.ipv4.addresses = [ + { + address = "192.168.0.30"; + prefixLength = 24; + } + ]; + networking.defaultGateway = "192.168.0.1"; + networking.nameservers = [ "1.1.1.1" ]; + + boot.kernel.sysctl = { + "net.ipv4.ip_unprivileged_port_start" = 80; + "net.ipv4.conf.all.src_valid_mark" = 1; + "net.ipv4.conf.all.forwarding" = 1; + "net.ipv4.ip_forward" = 1; + }; + + virtualisation = { + containers.enable = true; + podman = { + enable = true; + autoPrune.enable = true; + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; + }; + + age.secrets = { + "restic/environmentFile".file = ../../secrets/restic/environmentFile.age; + "restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age; + "restic/passwordFile".file = ../../secrets/restic/passwordFile.age; + }; + + services.restic.backups.backup = { + initialize = true; + environmentFile = config.age.secrets."restic/environmentFile".path; + repositoryFile = config.age.secrets."restic/repositoryFile".path; + passwordFile = config.age.secrets."restic/passwordFile".path; + + paths = [ + "/mnt/services" + "/mnt/data" + ]; + + exclude = [ + "/mnt/services/cctv" + ]; + + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + ]; + + }; + + systemd.timers."prune-podman" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + Unit = "podman-prune.service"; + }; + }; + + systemd.services."prune-podman" = { + script = '' + set -eu + ${pkgs.coreutils}/bin/echo "heeeeelpppppp" + ${pkgs.podman}/bin/podman system prune -af + ''; + serviceConfig = { + Type = "oneshot"; + User = "admin"; + }; + }; + + system.stateVersion = "24.11"; + + # give permissions for zigbee USB transceiver + system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0''; +} diff --git a/secrets/podman/archivebox.age b/secrets/podman/archivebox.age new file mode 100644 index 0000000..441616c --- /dev/null +++ b/secrets/podman/archivebox.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w YrkLsFjR7+oYed3CT1NTy2pAFdB5R5zdxKO7mALhGxI +Mf+GTmElPO7u0t0btC6OQPvYsOZK55V3U/kXy1Q5DoE +--- PBhiiGF8DyW6h8xHM9nbKc8Hy6gdwSXL4KHLegbVrOY +Z +wx]qbI 4>Aݒ3l9 MjrT#` …)܉xvtMdù4p\<rÊ9 ssh-ed25519 XBJw1w pV0hcqdF8HNjmPqhNZcNNpYct2gjChqMIt3T2V4pbg4 +h99ssWIwfePRODbgKsgxTiSQRYPxSU6ALJYKBE4uYSM +--- F3f51NlLMKQXb2QKjX5IlCpaK6y6Tc3neFL5yGQuaQs + VқIucG;  y]=tx>t:.-Qw~n"i@k bH +}̥ \ No newline at end of file diff --git a/secrets/podman/frigate.age b/secrets/podman/frigate.age new file mode 100644 index 0000000..ae8aa1d --- /dev/null +++ b/secrets/podman/frigate.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w CPGMAFD2JqqasZ2zBXeYjcKDMmjRvvQn0p1T4WzgzTQ +g2Pg6kOnlRAUMtRO9bVFRukNoKJX9ZoDypcqCrBfsOI +--- t9bhlp4c+srjytHQtjfoPoLkSRMhz8+UN/Uh2mcs9GI +\Y CgO6ȭo6H + 7ul +ph2|mtQXXv u cdF \ No newline at end of file diff --git a/secrets/podman/gitea.age b/secrets/podman/gitea.age new file mode 100644 index 0000000000000000000000000000000000000000..549f9ebc69a5aa43211b7af0f13b4a443e60eb43 GIT binary patch literal 238 zcmVsZXP;X&UH)Kz4X=86TV^?%5b}&tIQZNc>PE$!)Mp;rh zZ%t4(OaOHm3fEiE7~b5>7TS$9xNVnRW2 zaxq9kVM1ebIZbCtK{Rf2SW{$3PH9ScGcPejLu(2@*OHSG0eiM@AI*Cp02&}~EKC!y osuL6q-nhb)GRDm#NkG+n&L2^SEK<<5akGkJ90*~)M}1bWRf!By)Bpeg literal 0 HcmV?d00001 diff --git a/secrets/podman/immich.age b/secrets/podman/immich.age new file mode 100644 index 0000000000000000000000000000000000000000..1aee99727b822d8cbb847a92b249d825d6163b51 GIT binary patch literal 1314 zcmV+-1>O2#XJsvAZewzJaCB*JZZ2NZf^=QZ%Ao5P+4$n zP;@nAH8@IkFKTH}X;L|QFhf{(Fmp*zMOr~kd2w=bMNJAVEiE8LZEJByFjO{YNKINp zHaSp1X-!K;WkGT`LqF8PD~&RXHay{Y`KN^4mrhv`t` zCC;5HbqsMs(_mPMmlO^vfrJ*=>Ze#-4!V;Ld_&1Ly9&Znvz0ikgVDbCokouLMnMUw zy6d4{($aE~W(atnKTX&b<@kQLlrs`wF1UiFYHfS&2PeD_%*PO3?B;WDnCqmuOrX;Y zXK3#>y{T&W_MchKOUQG$9Hq+#J-i193f>XQ3LeHPCS@II9EG!}#K&mx12xIx$Q+ zW{_8(3@>K}lX4^fF_3zHg-VGvfZdhtWl=6QmA4PELY~_7kBx@$v=vD6Zm$d*@F1^Z z1Ykn*&7zna*KW%CL&eD9u~$)T8wp&hnk8SX1CP{D+ycJ1^h$+cF2=vKH=dOp}hEy_zKz-F{($ zKDRaUu@vhzTZ*v0zCOOUBaT9Ay-{zZKPe`%`Pjr4say!|vt1C>@Z{1%a}%#eOP};u zcIbP1DbORwFD`%nqnS>XQEsB_daL{XS=z6(agbv?0zSJIP;=@EI(ub6qn!(N@d??m zOz#c9%>cicn*-1Sl_8K8CO-(-A`5muzbOpFfABP0?mbXKQ3R>IPX3Mor`Ksnpm+UZ z=sNCB!S7brpq|g*KTRLc=YCQ59Sz)TN0Y~xy+PWx{PHocnc}yn;c%iG2Ptf?=Npik zgKvy`p?7hF4@oY*SnVHh7!Q(GMSA%puoYTfjAs#K7y ssh-ed25519 XBJw1w IRiClsh/t9oYx54GwyzXiXGhafCQsoAqhX3KYd1MLAU +Q30hHqH+rrFvTxKQp3/6e0IrGs8UEt7Q3ukhzYDilBg +--- 7zos7CO/1R0oM3Po32TdtT2vn+0dZNuwXimY5oCTw6E +r0TD9uC)MѫU35}ɘW4 , `4C6 ssh-ed25519 XBJw1w dfIt9D68fTDiv3E/vRCAulWPFtiQHQPkAHwmgTT3iVc +nI5jOSRnaXwuzuosmDwn/WDEpSeWGT3/5wQ4U5tCcQU +--- 4By9gEMbv47Ty1hcnaIjlXjD6Ruz54mHZ3oFyhjGoKU +%i5ĵkUD=m=(~¿tYN3V5HmM7* \ No newline at end of file diff --git a/secrets/podman/old/host_ip.age b/secrets/podman/old/host_ip.age new file mode 100644 index 0000000..143a955 --- /dev/null +++ b/secrets/podman/old/host_ip.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w xlTqx7SHEtpjf7o09+3NRQcdOU8O6G8RayAln5nXa3k +hqneq8qtnDlzpg10LCKQZFoxzmHP0TmdwaGzVJwqDT8 +--- bADrlXdsANlKpeI6aPqlP23JAM480M1DQ8uWfRNf2FI +8 b2~)G[T*\ W#=&˃Bzer \ No newline at end of file diff --git a/secrets/podman/old/immich_db_password.age b/secrets/podman/old/immich_db_password.age new file mode 100644 index 0000000..e69a303 --- /dev/null +++ b/secrets/podman/old/immich_db_password.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w uDKGYe0iG2aYNC0qbdMxZde4WoveT2w/qYCcXYiAvAI +Z83hIm4UPo1Y0GC4q9A5yh0hrwdMhedJ/Q7WM34iEJw +--- AFJLZCIEtkkFsmCJhz2NOjeyXVjMON+6ho57r0WGOQo +(+Mt!ਏC]ք>nk \ No newline at end of file diff --git a/secrets/podman/old/joplin_password.age b/secrets/podman/old/joplin_password.age new file mode 100644 index 0000000..6c970c7 --- /dev/null +++ b/secrets/podman/old/joplin_password.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w b2jXA+YoWTi+0k4hGa4PpXWnDNdvYlAabsbFEtQVuxs +xxVUlBbreKZ43LkNMxC4EkHeQM9N7zg+Os07MMO/tUo +--- zulfS/NwoQvQJaHcKLsE0y4Zgd9pdaI5HTFeLn1aWww +"x(wmf<*/wKXޓ/}2ܟ \ No newline at end of file diff --git a/secrets/podman/old/personal_site_host.age b/secrets/podman/old/personal_site_host.age new file mode 100644 index 0000000..4c9634b --- /dev/null +++ b/secrets/podman/old/personal_site_host.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w FUG2pT0R1avaaqVy8Vpy5QrYxlvY3+vVCCgavBw3xlg +12nHFrhBaMB6cSIkoFwJBQJoR6LHDDOdOrvtHKWtXhg +--- 0WGJ0gBPnNZen1p6BjRTtO//Fcth6bP+kF6UGuHoZ1g +.0V'лĐ}4~'*[L^2csn \ No newline at end of file diff --git a/secrets/podman/old/public_ip.age b/secrets/podman/old/public_ip.age new file mode 100644 index 0000000000000000000000000000000000000000..850935329510ba2f3dfb406862792d8797abfbc4 GIT binary patch literal 224 zcmV<603ZKhXJsvAZewzJaCB*JZZ2K8hS9w}zIZIJ#c}iJgY+^AmWie`2Nn%k`Z!ub0XLVymX*3E&VRdpgICo}t zL0NAxK~r&gRZ%rKNL5g0H&;%0a%@#$IafzZQAv7jR#6HqEiE8;WOidgP*hGxVpv&f zYIJpFH+E}kcWO>gIeA7|bxJl_dTcUfN?B`Vb#Dqt8RB20kwWs4_6rC;hI;%!(m+Dk aQ|`8Y@eeWh$V&}`y^R1%O32y)^|;}hZ&MEd literal 0 HcmV?d00001 diff --git a/secrets/podman/old/rtsp_password.age b/secrets/podman/old/rtsp_password.age new file mode 100644 index 0000000..a9ee350 --- /dev/null +++ b/secrets/podman/old/rtsp_password.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w IeLI2Bq8rRH28AytcdzLZmY0qI3HE1NRazbXlZ9m0DA +m6LOrMY3s4oEizfeSk0k94xSHCs1ONXvtU4DZU612DA +--- 2FuHGub471XSe8rh4N/cuWNGCxH/eptxV+uc0vqzBCs +_ Ȓ;-gHo'nW1IhNT|W \ No newline at end of file diff --git a/secrets/podman/ollama.age b/secrets/podman/ollama.age new file mode 100644 index 0000000..fc8a642 --- /dev/null +++ b/secrets/podman/ollama.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w 57h4tQZaUZb2KEeBJYvFm540IJdKtOMZKUy+IoMhSCc +DWqRNJ4tIug47ZfGKZZ4lA6fuOjen/1G7mViwuwdXnw +--- /j7V6AfcdpzpApHvNWyNWEivlup/t41thrItJe9ZNXg +}I ϵ+q*wM~"W@seҕh6v-ؒu7h_ \ No newline at end of file diff --git a/secrets/podman/open-webui.age b/secrets/podman/open-webui.age new file mode 100644 index 0000000000000000000000000000000000000000..a9117e3e68b5aed2510a8817f5e7b4280d8dcffc GIT binary patch literal 397 zcmV;80doFfXJsvAZewzJaCB*JZZ2v8q|k-I0`H>$}Y$iLR?0$KjREH*l896gB} z=Kz>9G2#Mh<n#h~j2nhrJ_Yu$8=*3d=2*M?qmlM{YqfQZY7HZ&*oiOi4m3Mso^eO=WpjNikz% zMQKiQa!of%dO1{7S$SG)Su$x>Z%8siGDS{AZgF*ZRYeLdEiE8wZgps3YcNMnNM&g@ zb~Sfyb~!LFM0!DCbwX)(c{emhOe;unNmesvMpX(rb$Q&kqFfW1yWtQRmb4Qco9uJ7 zeq8Te!jB}GI4wVn&jkvR*qtto3X5Ihba>>TA`5OZqe{7U&Q!D)U-Z^<*vuN2FQo?W z)b)H2Ro^lF5<-j?4O7$IU8l*P1=rr>6LKWpCgJD+l~L7KDrb=sIsflu#3D279eHdm zQJaWu@8%cY@9l?~&S%{9F-1rm;6=kWX3)P_k)@d#=RHK+y=btgNaV{EJt57I$@N(Y R#}mn`U#9d%zore@*co(7nfCwy literal 0 HcmV?d00001 diff --git a/secrets/podman/unifi-network-application.age b/secrets/podman/unifi-network-application.age new file mode 100644 index 0000000000000000000000000000000000000000..96490c3f4fb822fd59861dbb79f08fbff18c458d GIT binary patch literal 404 zcmV;F0c-wYXJsvAZewzJaCB*JZZ2j}HXlh7mGc<8mcT7??F>4BTOL#eGT2e7f zHfcytb5m<&N_I|aD_22nG%-guSu{{|O;%`TPI^gdOf(8DEiE8IGjnxEF-}l8cTP`h zY-w6ZY&KUV1bMe-nx1JZPq_L5TLvFASYTR{ zkS|v?)Zr^~jp(!k_|CIuHi|Xe2M8q%yzJtPWv^^m1qmoM{8Bz44?K=;#qb8CnbLVx z%=j|vPXN|i2k$$cL8(#QAU&X1FwbWN)$e@}4 literal 0 HcmV?d00001 diff --git a/secrets/podman/vaultwarden.age b/secrets/podman/vaultwarden.age new file mode 100644 index 0000000..aaf1682 --- /dev/null +++ b/secrets/podman/vaultwarden.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w 6rRcfL/VxHcTPjh+iS8nDleqqBbd3/zkHjj89eYGLDU +YSdAVEsmO4L2TbYMY/fjUwYo91GHSRxtDmG4MqYY2i8 +--- JPrUeceRt2ABYPpX8nnyKl/Kxd2zEix2MQAmiR/eD84 +GT$Hk-.{jL˻dLrL5,Z$>b`+w|"$zeqauQgm( d7I׿й$x[i?i24^Q^P9ۡ; WadJ>}K}iZwQ!6n|a7$T5 zV?k+5Xlg4nV^?=pNOM?mac(y-LqTdzQdej~W^`&aYB&llEiE8VcV>8LGD&HAXg5Sz zNH%X)F;y=#Y<5>fXEjY>ZZ9-3S#~QpZCW@`c1a5U|2(FrzeUw($-&};;13Dt9sZL1KXxv5S~KqdT*A6M>hW68(UFDb)Sy{0Z*zT6^7Zrur}b s(28geqQJmWcp5Q8CVgdG>_R{@1%ImVhy>}Z@R|q}no&>+B^vw0_hDs>!~g&Q literal 0 HcmV?d00001 diff --git a/secrets/restic/environmentFile.age b/secrets/restic/environmentFile.age new file mode 100644 index 0000000..7ec7519 --- /dev/null +++ b/secrets/restic/environmentFile.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w 5QBy9W87Ku629S6LyEnmP0D9XjZ+lprKLfgfKhKEliA +slX94kja145e7sKi+kSF6HgrRIgnb7P8N1jT/BgzvWM +--- kEdZbGsXLYj3s917fUUV93Ht7x90hSjEMUXS82nWmho +ף5D;ݤ9IuL$˶ +']"Vg%x5 ssh-ed25519 XBJw1w ZDccgWxYDXp8C4PUSnFJvUsHD9dvkVgy7sHdKpRNhgg +DTWL2jyTo79eB9npr0CRHQYH7yx/OFowpjUTt2HUx7I +--- APu/KvLmlr8noZOouXaSo4/sVGcxYzfnbGB4S/DKpkM +H5Y!g͖VuK U¨tt(ZMmcX