Faris/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

inital commit

Browse Source
This commit is contained in:
admin 2025-06-16 20:43:22 +01:00
commit dbde260704
34 changed files with 1878 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
config/common.nix Normal file
View File

@ -0,0 +1,88 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
home-manager,
...
}:
{
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/London";
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.admin = {
isNormalUser = true;
description = "admin";
shell = pkgs.zsh;
extraGroups = [
"networkmanager"
"wheel"
];
packages = with pkgs; [
];
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# Enable the OpenSSH daemon.
services.openssh.enable = true;
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
programs = {
zsh.enable = true;
};
fileSystems."/mnt/media" = {
device = "192.168.0.20:/mnt/pool/media";
fsType = "nfs";
};
fileSystems."/mnt/services" = {
device = "192.168.0.20:/mnt/pool/services";
fsType = "nfs";
};
fileSystems."/mnt/data" = {
device = "192.168.0.20:/mnt/pool/data";
fsType = "nfs";
};
nix = {
gc.automatic = true;
optimise.automatic = true;
};
}

212
config/desktop.nix Normal file
View File

@ -0,0 +1,212 @@
{ pkgs, ... }:
{
hardware.graphics = {
enable = true;
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Enable automatic login for the user.
services.displayManager.autoLogin.enable = true;
services.displayManager.autoLogin.user = "admin";
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
boot = {
# Graphical boot
plymouth.enable = true;
# Allow higher virtual memory for games
kernel.sysctl."vm.max_map_count" = 2147483642;
};
environment.gnome.excludePackages = with pkgs; [
epiphany # web browser
geary # email
gnome-calendar
gnome-music
gnome-software
gnome-tour
totem # video player
xterm
yelp # help
];
environment.systemPackages = with pkgs; [
audacity
blender
#cura
gimp
gnomeExtensions.appindicator
gnomeExtensions.blur-my-shell
gnomeExtensions.dash-to-dock
inkscape
joplin-desktop
kiwix
libreoffice
obs-studio
ollama
protonmail-desktop
prismlauncher
ungoogled-chromium
signal-desktop
wireshark
monero-gui
vscodium
zsh
dconf-editor
#gaymig?
heroic
lutris
#TUI
fastfetch
nixfmt-rfc-style
yt-dlp
ansible
cataclysm-dda
exiftool
ffmpeg
git
htop
lm_sensors
mangohud
mediainfo
pciutils # lspci
nmap
#umu-launcher
qrencode
smartmontools
nixpkgs-fmt # nix formatter
];
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
#noto-fonts-emoji
noto-fonts-extra
whatsapp-emoji-font
corefonts
fantasque-sans-mono
];
programs = {
coolercontrol = {
enable = true;
nvidiaSupport = true;
};
gamescope = {
enable = true;
capSysNice = true;
};
steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
gamemode.enable = true;
dconf = {
enable = true;
profiles.user.databases = [
{
lockAll = true; # prevents overriding
settings = {
"org/gnome/shell" = {
favourite-apps = [
"org.gnome.Nautilus.desktop"
"chromium-browser.desktop"
"proton-mail.desktop"
"@joplinapp-desktop.desktop"
"signal-desktop.desktop"
"steam.desktop"
"org.gnome.Settings.desktop"
"org.gnome.Console.desktop"
];
enabled-extensions = [
pkgs.gnomeExtensions.appindicator.extensionUuid
pkgs.gnomeExtensions.blur-my-shell.extensionUuid
pkgs.gnomeExtensions.dash-to-dock.extensionUuid
];
};
"org/gnome/desktop/calendar" = {
show-weekdate = true;
};
"org/gnome/desktop/interface" = {
clock-show-weekday = true;
color-scheme = "prefer-dark";
document-font-name = "Noto Sans 11";
enable-hot-corners = false;
font-name = "Noto Sans 11";
gtk-theme = "Adwaita-dark";
monospace-font-name = "Fantasque Sans Mono 12";
};
"org/gnome/desktop/peripherals.mouse" = {
accel-profile = "flat";
};
"org/gnome/desktop/wm/preferences" = {
button-layout = ":minimize,maximize,close";
};
"org/gnome/nautilus/list-view" = {
default-zoom-level = "small";
};
"org/gnome/nautilus/preferences" = {
default-folder-viewer = "list-view";
};
"org/gnome/shell/extensions/dash-to-dock" = {
#apply-custom-theme = true;
click-action = "focus-minimize-or-previews";
dock-fixed = true;
multi-monitor = true;
show-mounts = false;
show-show-apps-button = false;
};
"org/gnome/shell/keybindings" = {
show-screenshot-ui = "<Shift><Super>s";
};
};
}
];
};
};
}

162
flake.lock generated Normal file
View File

@ -0,0 +1,162 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1747575206,
"narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
"owner": "ryantm",
"repo": "agenix",
"rev": "4835b1dc898959d8547a871ef484930675cb47f1",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1747556831,
"narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1747129300,
"narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "e81fd167b33121269149c57806599045fd33eeed",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1745391562,
"narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1747825515,
"narHash": "sha256-BWpMQymVI73QoKZdcVCxUCCK3GNvr/xa2Dc4DM1o2BE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "cd2812de55cf87df88a9e09bf3be1ce63d50c1a6",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager_2",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

67
flake.nix Normal file
View File

@ -0,0 +1,67 @@
{
description = "A very basic flake";
inputs = {
agenix.url = "github:ryantm/agenix";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixos-hardware.url = "github:nixos/nixos-hardware/master";
home-manager.url = "github:nix-community/home-manager/release-25.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
nixpkgs,
nixos-hardware,
home-manager,
agenix,
}:
{
nixosConfigurations.desktop = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./config/common.nix
./config/desktop.nix
./hosts/desktop/hardware.nix
./hosts/desktop/settings.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.admin = {
imports = [
./home/common.nix
./home/desktop.nix
];
};
}
];
};
nixosConfigurations.nixos-server = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./config/common.nix
./hosts/server/hardware.nix
./hosts/server/settings.nix
agenix.nixosModules.default
{
environment.systemPackages = [ agenix.packages.x86_64-linux.default ];
}
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.admin = {
imports = [
./home/common.nix
./home/podman.nix
agenix.homeManagerModules.default
];
};
}
];
};
};
}

67
home/common.nix Normal file
View File

@ -0,0 +1,67 @@
{
programs = {
neovim = {
enable = true;
viAlias = true;
vimAlias = true;
extraConfig = ''
set nocompatible
syntax on
set fileformat=unix
set encoding=utf8
set number relativenumber
set wrap
set tabstop=4
set shiftwidth=4
set softtabstop=4
set smarttab
set autoindent
set colorcolumn=80
highlight ColorColumn ctermbg=8
set clipboard=unnamed,unnamedplus
set list listchars=tab:>-,trail:_,extends:>,precedes:<,nbsp:~
set showbreak=>
let mapleader=" "
"# disable macro mode
map q <Nop>
'';
};
tmux = {
enable = true;
historyLimit = 10000;
};
fzf = {
enable = true;
enableZshIntegration = true;
};
zsh = {
enable = true;
dotDir = ".config/zsh";
#enableCompletions = true;
#autosuggestions.enable = true;
syntaxHighlighting.enable = true;
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
theme = "robbyrussell";
};
};
git = {
enable = true;
userName = "Faris";
userEmail = "faris@mektem.com";
};
};
}

48
home/desktop.nix Normal file
View File

@ -0,0 +1,48 @@
{ pkgs, ... }:
{
programs = {
mpv = {
enable = true;
package = (
pkgs.mpv-unwrapped.wrapper {
scripts = with pkgs.mpvScripts; [
#uosc
sponsorblock
];
mpv = pkgs.mpv-unwrapped.override {
waylandSupport = true;
};
}
);
config = {
profile = "high-quality";
ytdl-format = "bestvideo+bestaudio";
cache-default = 4000000;
loop-file = "inf";
};
};
joplin-desktop = {
enable = true;
sync.target = "joplin-server";
};
};
# add bookmarks for shared drives
xdg.configFile."gtk-3.0/bookmarks" = {
force = true;
text = ''
file:/// root
file:///mnt/data data
file:///mnt/media media
file:///mnt/services services
'';
};
# Don't touch
home.stateVersion = "24.11";
}

871
home/podman.nix Normal file
View File

@ -0,0 +1,871 @@
{
lib,
pkgs,
config,
...
}:
{
services.podman.enable = true;
services.podman.autoUpdate.enable = true;
services.podman.autoUpdate.onCalendar = "*-*-* 00:00";
services.podman.containers = {
actual = {
image = "docker.io/actualbudget/actual-server:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/actual:/data"
];
ports = [
"5006:5006"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
archivebox = {
image = "docker.io/archivebox/archivebox:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/archivebox"
];
volumes = [
"/mnt/services/podman/archivebox:/data"
];
ports = [
"8002:8000"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
bazarr = {
image = "lscr.io/linuxserver/bazarr:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/bazarr:/config"
"/mnt/media/video/movies:/movies"
"/mnt/media/video/tv:/tv"
];
ports = [
"6767:6767"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
ddclient = {
image = "lscr.io/linuxserver/ddclient:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/ddclient:/config"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
eclipse-mosquitto = {
image = "docker.io/eclipse-mosquitto:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/eclipse-mosquitto:/mosquitto"
];
ports = [
"1883:1883"
"9001:9001"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
freshrss = {
image = "lscr.io/linuxserver/freshrss:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/home/admin/podman/freshrss:/config"
];
ports = [
"8555:80"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
frigate = {
image = "ghcr.io/blakeblackshear/frigate:stable";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
devices = [ "nvidia.com/gpu=all" ];
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/frigate"
];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/mnt/services/podman/frigate:/config"
"/mnt/services/cctv:/media/frigate"
];
ports = [
"5005:5000"
"5001:8971"
"1935:1935"
"8554:8554"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
gitea = {
image = "docker.gitea.com/gitea:1.23.7";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/gitea"
];
volumes = [
"/mnt/services/podman/gitea:/data"
];
ports = [
"3001:3000"
"222:22"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
home-assistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/mnt/services/podman/homeassistant:/config"
];
ports = [
"8123:8123"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
immich-db = {
image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/immich"
];
volumes = [
"/mnt/services/podman/immich/db:/var/lib/postgresql/data:z"
];
ports = [
"5433:5432"
];
userNS = "keep-id";
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
immich-machine-learning = {
image = "ghcr.io/immich-app/immich-machine-learning:release-cuda";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/immich"
];
volumes = [
"/mnt/services/podman/immich/cache:/cache"
];
ports = [
"3003:3003"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
immich-redis = {
image = "registry.hub.docker.com/library/redis:6.2-alpine";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/immich"
];
ports = [
"6379:6379"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
immich-server = {
image = "ghcr.io/immich-app/immich-server:release";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/immich"
];
volumes = [
"/mnt/services/immich:/usr/src/app/upload"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"2283:2283"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
jellyfin = {
image = "docker.io/jellyfin/jellyfin:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
devices = [ "nvidia.com/gpu=all" ];
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/jellyfin:/config"
"/mnt/media/video/movies:/movies"
"/mnt/media/video/tv:/tv"
"/mnt/media/audio/music/flac:/music"
"/mnt/media/video/family:/family"
"/mnt/media/video/livetv:/livetv"
];
ports = [
"8096:8096"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
jellyseerr = {
image = "ghcr.io/fallenbagel/jellyseerr";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/jellyseerr:/app/config"
];
ports = [
"5055:5055"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
joplin = {
image = "docker.io/joplin/server:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/joplin"
];
ports = [
"22300:22300"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
joplin-db = {
image = "docker.io/postgres:15";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/joplin"
];
volumes = [
"/home/admin/podman/joplin-db:/var/lib/postgresql/data"
];
ports = [
"5432:5432"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
kiwix = {
image = "ghcr.io/kiwix/kiwix-serve:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
exec = "*.zim";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/media/kiwix:/data"
];
ports = [
"8088:8080"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
lidarr = {
image = "lscr.io/linuxserver/lidarr:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/lidarr:/config"
"/mnt/media/audio/music/flac:/music"
"/mnt/media/torrents:/downloads"
];
ports = [
"8686:8686"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
metube = {
image = "ghcr.io/alexta69/metube:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/media/youtube-dl:/downloads"
"/mnt/media/audio/music/flac:/music"
];
ports = [
"8081:8081"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
nginx = {
image = "docker.io/nginx:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/nginx"
];
volumes = [
"/mnt/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"
"/mnt/services/podman/nginx/html:/usr/share/nginx/html"
];
ports = [
"888:80"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
nginx-proxy-manager = {
image = "docker.io/jc21/nginx-proxy-manager:2.9.22";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/nginx-proxy-manager:/data"
"/mnt/services/podman/letsencrypt:/etc/letsencrypt"
];
ports = [
"80:80"
"443:443"
"81:81"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
ollama = {
image = "docker.io/ollama/ollama:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/ollama"
];
volumes = [
"/mnt/services/podman/ollama:/root/.ollama"
];
ports = [
"11434:11434"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
open-webui = {
image = "ghcr.io/open-webui/open-webui:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/open-webui"
];
volumes = [
"/mnt/services/podman/open-webui:/app/backend/data"
];
ports = [
"3000:8080"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
prowlarr = {
image = "lscr.io/linuxserver/prowlarr:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/prowlarr:/config"
];
ports = [
"9696:9696"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
radarr = {
image = "lscr.io/linuxserver/radarr:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/radarr:/config"
"/mnt/media/video/movies:/movies"
"/mnt/media/torrents:/downloads"
];
ports = [
"7878:7878"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
readarr = {
image = "lscr.io/linuxserver/readarr:develop";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/readarr:/config"
"/mnt/media/books:/books"
"/mnt/media/torrents:/downloads"
];
ports = [
"8787:8787"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
rutorrent = {
image = "docker.io/crazymax/rtorrent-rutorrent:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/home/admin/podman/rutorrent/passwd:/passwd"
"/home/admin/podman/rutorrent/data:/data"
"/mnt/media/torrents:/downloads"
];
ports = [
"8888:8080"
"5000:8000"
"50000:50000"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
searxng = {
image = "docker.io/searxng/searxng:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/searxng:/etc/searxng"
];
ports = [
"8880:8080"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
sonarr = {
image = "lscr.io/linuxserver/sonarr:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/sonarr:/config"
"/mnt/media/video/tv:/tv"
"/mnt/media/torrents:/downloads"
];
ports = [
"8989:8989"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
tandoor = {
image = "docker.io/vabene1111/recipes";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/tandoor"
];
volumes = [
"/mnt/services/podman/tandoor/staticfiles:/opt/recipes/staticfiles"
"/mnt/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles"
];
ports = [
"9092:8080"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
tandoor-db = {
image = "docker.io/postgres:16-alpine";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/tandoor"
];
volumes = [
"/home/admin/podman/tandoor/db:/var/lib/postgresql/data"
];
ports = [
"5434:5432"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
thelounge = {
image = "lscr.io/linuxserver/thelounge:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/thelounge:/config"
];
ports = [
"9000:9000"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
unifi-network-application = {
image = "lscr.io/linuxserver/unifi-network-application:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/unifi-network-application"
];
volumes = [
"/mnt/services/podman/unifi-network-application:/config"
];
ports = [
"8443:8443"
"10001:10001/udp"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
unifi-network-application-db = {
image = "docker.io/mongo:7.0";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/unifi-network-application"
];
volumes = [
"/mnt/services/podman/unifi-network-application-db"
];
ports = [
"27017:27017"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
vaultwarden = {
image = "docker.io/vaultwarden/server:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/vaultwarden"
];
volumes = [
"/mnt/services/podman/vaultwarden:/data/"
];
ports = [
"8000:80"
"3012:3012"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
wireguard = {
image = "lscr.io/linuxserver/wireguard:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
addCapabilities = [
"NET_RAW"
"NET_ADMIN"
"SYS_MODULE"
];
environmentFile = [
"/mnt/services/secrets/default"
"/mnt/services/secrets/wireguard"
];
volumes = [
"/mnt/services/podman/wireguard:/config"
#"/lib/modules:/lib/modules"
];
ports = [
"51820:51820/udp"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
zigbee2mqtt = {
image = "docker.io/koenkk/zigbee2mqtt";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
devices = [ "/dev/ttyACM0:/dev/ttyACM0" ];
environmentFile = [
"/mnt/services/secrets/default"
];
volumes = [
"/mnt/services/podman/zigbee2mqtt:/app/data"
];
ports = [
"8808:8080"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
};
# Don't touch
home.stateVersion = "24.11";
}

61
hosts/desktop/hardware.nix Normal file
View File

@ -0,0 +1,61 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"uas"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ba76c63c-7fe5-4e61-8b24-0961de838681";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-2af03012-1c9a-4245-8b4d-a4df773d6a14".device =
"/dev/disk/by-uuid/2af03012-1c9a-4245-8b4d-a4df773d6a14";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7AEC-64D7";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/34d32441-0c17-4592-b026-56b28bf7e3bf"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

37
hosts/desktop/settings.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, ... }:
{
boot.kernelParams = [
"nvidia_drm.modeset=1"
"nvidia_drm.fbdev=1"
"nvidia.NVreg_PreserveVideoMemoryAllocations=1"
"module_blacklist=amdgpu"
];
networking.hostName = "nixos-desktop";
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-d6ea38c1-693a-4aa1-b844-24f005b321ab".device =
"/dev/disk/by-uuid/d6ea38c1-693a-4aa1-b844-24f005b321ab";
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = false;
open = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
# this fixes the sleep/wake issue
systemd.services."systemd-suspend" = {
serviceConfig = {
Environment = ''"SYSTEMD_SLEEP_FREEZE_USER_SESSIONS=false"'';
};
};
system.stateVersion = "24.11";
}

46
hosts/server/hardware.nix Normal file
View File

@ -0,0 +1,46 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b2f2c042-9011-455a-bc30-fbe632ffa293";
fsType = "ext4";
};
swapDevices = [
{ device = "/dev/disk/by-uuid/29b09fa3-40a4-4ba9-bfcd-34e50d5aa2d5"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

121
hosts/server/settings.nix Normal file
View File

@ -0,0 +1,121 @@
{ config, pkgs, ... }:
{
users.users.admin.linger = true;
age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ];
nixpkgs.config.allowUnfree = true;
hardware.nvidia-container-toolkit.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.graphics.enable = true;
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = false;
open = false;
nvidiaSettings = false;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
networking.hostName = "nixos-server";
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
boot.loader.grub.useOSProber = true;
environment.systemPackages = with pkgs; [
zsh
htop
fastfetch
restic
nixpkgs-fmt
nixfmt-rfc-style
];
networking.firewall.enable = false;
networking.interfaces.ens18.ipv4.addresses = [
{
address = "192.168.0.30";
prefixLength = 24;
}
];
networking.defaultGateway = "192.168.0.1";
networking.nameservers = [ "1.1.1.1" ];
boot.kernel.sysctl = {
"net.ipv4.ip_unprivileged_port_start" = 80;
"net.ipv4.conf.all.src_valid_mark" = 1;
"net.ipv4.conf.all.forwarding" = 1;
"net.ipv4.ip_forward" = 1;
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
autoPrune.enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
age.secrets = {
"restic/environmentFile".file = ../../secrets/restic/environmentFile.age;
"restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age;
"restic/passwordFile".file = ../../secrets/restic/passwordFile.age;
};
services.restic.backups.backup = {
initialize = true;
environmentFile = config.age.secrets."restic/environmentFile".path;
repositoryFile = config.age.secrets."restic/repositoryFile".path;
passwordFile = config.age.secrets."restic/passwordFile".path;
paths = [
"/mnt/services"
"/mnt/data"
];
exclude = [
"/mnt/services/cctv"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
];
};
systemd.timers."prune-podman" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
Unit = "podman-prune.service";
};
};
systemd.services."prune-podman" = {
script = ''
set -eu
${pkgs.coreutils}/bin/echo "heeeeelpppppp"
${pkgs.podman}/bin/podman system prune -af
'';
serviceConfig = {
Type = "oneshot";
User = "admin";
};
};
system.stateVersion = "24.11";
# give permissions for zigbee USB transceiver
system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0'';
}

6
secrets/podman/archivebox.age Normal file
View File

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w YrkLsFjR7+oYed3CT1NTy2pAFdB5R5zdxKO7mALhGxI
Mf+GTmElPO7u0t0btC6OQPvYsOZK55V3U/kXy1Q5DoE
--- PBhiiGF8DyW6h8xHM9nbKc8Hy6gdwSXL4KHLegbVrOY
Z¡Ü
w”âx¿ô]Šq¯bI ·è4òÄÈé>AÙÝ·3l9üô M¶jrT#—` îÂ…¶£·Ç®Ç£)Å܉–½Ôîô‚ÞåÔÿvtM<74>ÚËd´ôµÃ¹4•p‡\<Š»ê±ÇŠrÊ»Õ9<ÌóU ÞÞš4¤ZŒ-€ ˜ùÎØø °'¼7âK~W)¦lwЭZg¨_ÊäWjmˆ

6
secrets/podman/default.age Normal file
View File

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w pV0hcqdF8HNjmPqhNZcNNpYct2gjChqMIt3T2V4pbg4
h99ssWIwfePRODbgKsgxTiSQRYPxSU6ALJYKBE4uYSM
--- F3f51NlLMKQXb2QKjX5IlCpaK6y6Tc3neFL5yGQuaQs
ÅÊ °VºÒIÒu²cGÌ;  Óy]=tóxý>t:¹.-QØ¢w~nˆ"ÚææñÓiÕ@k bšH
}Ì¥

7
secrets/podman/frigate.age Normal file
View File

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w CPGMAFD2JqqasZ2zBXeYjcKDMmjRvvQn0p1T4WzgzTQ
g2Pg6kOnlRAUMtRO9bVFRukNoKJX9ZoDypcqCrBfsOI
--- t9bhlp4c+srjytHQtjfoPoLkSRMhz8+UN/Uh2mcs9GI
<EFBFBD>˜\ìþæY ¡Cè½gÏõO6È­o6ö<07><>HÓÞè‰
˜ù„û¶7ÞÛuÿlŒâê
®Ÿ¤Œ¡øóëp²h2Ó÷Ó|Ûßmª¡tQ<>XXv u ¼ÿcdF

BIN
secrets/podman/gitea.age Normal file
View File

Binary file not shown.

BIN
secrets/podman/immich.age Normal file
View File

Binary file not shown.

5
secrets/podman/joplin.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w IRiClsh/t9oYx54GwyzXiXGhafCQsoAqhX3KYd1MLAU
Q30hHqH+rrFvTxKQp3/6e0IrGs8UEt7Q3ukhzYDilBg
--- 7zos7CO/1R0oM3Po32TdtT2vn+0dZNuwXimY5oCTw6E
Ùr0ˆT¡D9æu)ìMÑ«ÉU¼35}ïɘWÑ4 ,<2C> Ö`4÷C¾6<<3C>J%ºÕiíÙ<C3AD>31ܯîÙYéb‰\ű¸Q°/aŒ­ê©L” ’ÇÈËák¿Võr,;ߤñ<aÀªT`ø9E†nÙP·% ÑãùÜ—vÃTñ¶Že˜Rj»‡QÁ©º¨<C2BA>$(5¸D"LõST=ëzÇuòtù¸ ŸæuÏ\…Ð} ­O9Ÿ »Ö»V Ótù²D¼hªûˆydîSîÍeMnõ®=]|õì

5
secrets/podman/nginx.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w dfIt9D68fTDiv3E/vRCAulWPFtiQHQPkAHwmgTT3iVc
nI5jOSRnaXwuzuosmDwn/WDEpSeWGT3/5wQ4U5tCcQU
--- 4By9gEMbv47Ty1hcnaIjlXjD6Ruz54mHZ3oFyhjGoKU
ƒ«›ùì%þiž5ºÔéĵkUÀû÷©ÖDÌ=m=Š¸‡šÅõ(~™Â¿¤tY‰N©3öVý5Hñˆ¨mMÙÉä7Ü*

5
secrets/podman/old/host_ip.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w xlTqx7SHEtpjf7o09+3NRQcdOU8O6G8RayAln5nXa3k
hqneq8qtnDlzpg10LCKQZFoxzmHP0TmdwaGzVJwqDT8
--- bADrlXdsANlKpeI6aPqlP23JAM480M1DQ8uWfRNf2FI
8 b†2<32>~‘Ó)Gõ[ŠÞûT¦¿²¸Í*\² îW#=&Ô˃Bzer

5
secrets/podman/old/immich_db_password.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w uDKGYe0iG2aYNC0qbdMxZde4WoveT2w/qYCcXYiAvAI
Z83hIm4UPo1Y0GC4q9A5yh0hrwdMhedJ/Q7WM34iEJw
--- AFJLZCIEtkkFsmCJhz2NOjeyXVjMON+6ho57r0WGOQo
(×ÒÍß´ Âà+ šáMt¬¤©‰!à¨<C3A0> ½C]ºËßÖ„>“ánk

5
secrets/podman/old/joplin_password.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w b2jXA+YoWTi+0k4hGa4PpXWnDNdvYlAabsbFEtQVuxs
xxVUlBbreKZ43LkNMxC4EkHeQM9N7zg+Os07MMO/tUo
--- zulfS/NwoQvQJaHcKLsE0y4Zgd9pdaI5HTFeLn1aWww
È"xñŽ¶(wmf<éÎÒÑÇ*Ý/wK«XìðÞ“Œ/}2Þ±ú¸žÜŸ

5
secrets/podman/old/personal_site_host.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w FUG2pT0R1avaaqVy8Vpy5QrYxlvY3+vVCCgavBw3xlg
12nHFrhBaMB6cSIkoFwJBQJoR6LHDDOdOrvtHKWtXhg
--- 0WGJ0gBPnNZen1p6BjRTtO//Fcth6bP+kF6UGuHoZ1g
.¼â0²V'ÑлÄ<C2BB>Ò}×ý4ó~ï'*[L^Õ2æõcásn¶“¸ô

BIN
secrets/podman/old/public_ip.age Normal file
View File

Binary file not shown.

5
secrets/podman/old/rtsp_password.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w IeLI2Bq8rRH28AytcdzLZmY0qI3HE1NRazbXlZ9m0DA
m6LOrMY3s4oEizfeSk0k94xSHCs1ONXvtU4DZU612DA
--- 2FuHGub471XSe8rh4N/cuWNGCxH/eptxV+uc0vqzBCs
Ù_ ¦È’ì;¯-gµôH©o ö•„'n÷W¡»1IhÉà<C389>NìÁT|£W

5
secrets/podman/ollama.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w 57h4tQZaUZb2KEeBJYvFm540IJdKtOMZKUy+IoMhSCc
DWqRNJ4tIug47ZfGKZZ4lA6fuOjen/1G7mViwuwdXnw
--- /j7V6AfcdpzpApHvNWyNWEivlup/t41thrItJe9ZNXg
}I Ùϵ+q*À…ýÊãw†«M…~"Ž‡ðW@<40>seõÒ•êh6<E2809A>v¡-Øu7h_Ã

BIN
secrets/podman/open-webui.age Normal file
View File

Binary file not shown.

BIN
secrets/podman/tandoor.age Normal file
View File

Binary file not shown.

BIN
secrets/podman/unifi-network-application.age Normal file
View File

Binary file not shown.

5
secrets/podman/vaultwarden.age Normal file
View File

@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w 6rRcfL/VxHcTPjh+iS8nDleqqBbd3/zkHjj89eYGLDU
YSdAVEsmO4L2TbYMY/fjUwYo91GHSRxtDmG4MqYY2i8
--- JPrUeceRt2ABYPpX8nnyKl/Kxd2zEix2MQAmiR/eD84
„GTÅü¦â$èø ÀHk-.{jLË»dLrLˆ,éZö´$©>b<62>ô`¾Œ+£w|"Ž½$Ž³eqËa•£œuªQ÷gÐãËm(Ïæé¹ dÂø7…I׿þй$xü[i¹?i2Í4üÇÀ^ùÜQ^P£9»Û¡; ˆŸ¼<C5B8>W¼¨úà<c²I

BIN
secrets/podman/wireguard.age Normal file
View File

Binary file not shown.

6
secrets/restic/environmentFile.age Normal file
View File

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w 5QBy9W87Ku629S6LyEnmP0D9XjZ+lprKLfgfKhKEliA
slX94kja145e7sKi+kSF6HgrRIgnb7P8N1jT/BgzvWM
--- kEdZbGsXLYj3s917fUUV93Ht7x90hSjEMUXS82nWmho
Â÷×£5ïõÀéD;ŸÔÑݤ9üÀ²IuÞL$˶
'™]Ù"Vg¼%x<>°5¬<Sï©òu”Îêèó,âÚžé<C5BE>„¡C+m©Ý°Â¥šúå<C3A5>&2ú¿Á7Ð(f0×Ò:ËÛ‡}Gé¬Õ }ëÈcÅèvi¶,

6
secrets/restic/passwordFile.age Normal file
View File

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w ZDccgWxYDXp8C4PUSnFJvUsHD9dvkVgy7sHdKpRNhgg
DTWL2jyTo79eB9npr0CRHQYH7yx/OFowpjUTt2HUx7I
--- APu/KvLmlr8noZOouXaSo4/sVGcxYzfnbGB4S/DKpkM
„¾5Ù÷Y!gÍ©Vu¾æK<C3A6> ˜U“¨t‰t<Nå(
Ë‘Ã'º²†À¨Gx£öÉÖôþœŠÌ

BIN
secrets/restic/repositoryFile.age Normal file
View File

Binary file not shown.

22
secrets/secrets.nix Normal file
View File

@ -0,0 +1,22 @@
let
agenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOW2QuTDyMA/sdEWkKBAQmcqc164/RmQ6PULKGAb3jiD";
in
{
"podman/default.age".publicKeys = [ agenix ];
"podman/archivebox.age".publicKeys = [ agenix ];
"podman/frigate.age".publicKeys = [ agenix ];
"podman/gitea.age".publicKeys = [ agenix ];
"podman/immich.age".publicKeys = [ agenix ];
"podman/joplin.age".publicKeys = [ agenix ];
"podman/nginx.age".publicKeys = [ agenix ];
"podman/ollama.age".publicKeys = [ agenix ];
"podman/open-webui.age".publicKeys = [ agenix ];
"podman/tandoor.age".publicKeys = [ agenix ];
"podman/unifi-network-application.age".publicKeys = [ agenix ];
"podman/vaultwarden.age".publicKeys = [ agenix ];
"podman/wireguard.age".publicKeys = [ agenix ];
"restic/environmentFile.age".publicKeys = [ agenix ];
"restic/passwordFile.age".publicKeys = [ agenix ];
"restic/repositoryFile.age".publicKeys = [ agenix ];
}