diff --git a/common/default.nix b/common/default.nix index afa330f..3f4de91 100644 --- a/common/default.nix +++ b/common/default.nix @@ -26,7 +26,11 @@ networking.firewall.allowedTCPPorts = [8384 22000]; networking.firewall.allowedUDPPorts = [22000 21027]; - environment.systemPackages = with pkgs; [sops]; + environment.systemPackages = with pkgs; [ + sops + tldr + inputs.compose2nix.packages.${pkgs.system}.default + ]; programs.nix-ld = { enable = true; @@ -37,9 +41,11 @@ trusted-users = ["xqtc"]; substituters = [ "https://nix-community.cachix.org" + "https://cache.saumon.network/proxmox-nixoshttps://cache.saumon.network/proxmox-nixos" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "proxmox-nixos:nveXDuVVhFDRFx8Dn19f1WDEaNRJjPrF2CPD2D+m1ys=" ]; }; } diff --git a/flake.lock b/flake.lock index fdbe5f2..df852ee 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,26 @@ "type": "github" } }, + "compose2nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720032541, + "narHash": "sha256-PqBjivVCJS3qUXVBMeTLj03OlY2E5/TfJssd/p2m8js=", + "owner": "aksiksi", + "repo": "compose2nix", + "rev": "923f6bc058118f76e69ed96332e40a472d8fd702", + "type": "github" + }, + "original": { + "owner": "aksiksi", + "repo": "compose2nix", + "type": "github" + } + }, "devshell": { "inputs": { "flake-utils": "flake-utils_4", @@ -49,11 +69,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1720065790, - "narHash": "sha256-zZH4PDvXP0yR2b9WN4t1odiP2l/5vhrQHDb1lNLrVbA=", + "lastModified": 1720238603, + "narHash": "sha256-XWcTKM/uVy7GP7QT8skZ9ywPqIPLhb9Sw7qBH+ZF5YM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "b359c6cd1a96f9c0c1325d375ffc7c0ffd8fb31c", + "rev": "c8799be7f004121f87ad702d61980d738405a51a", "type": "gitlab" }, "original": { @@ -287,11 +307,11 @@ ] }, "locked": { - "lastModified": 1720045378, - "narHash": "sha256-lmE7B+QXw7lWdBu5GQlUABSpzPk3YBb9VbV+IYK5djk=", + "lastModified": 1720188602, + "narHash": "sha256-lC3byBmhVZFzWl/dCic8+cKUEEAXAswWOYjq4paFmbo=", "owner": "nix-community", "repo": "home-manager", - "rev": "0a30138c694ab3b048ac300794c2eb599dc40266", + "rev": "e3582e5151498bc4d757e8361431ace8529e7bb7", "type": "github" }, "original": { @@ -446,13 +466,29 @@ "type": "github" } }, - "nixpkgs-master": { + "nixpkgs-2405": { "locked": { - "lastModified": 1720112438, - "narHash": "sha256-oALk4w8/wxwriVLUiAVef2h2rMw8Vzsc3IJmxeY4KgE=", + "lastModified": 1720110830, + "narHash": "sha256-E5dN9GDV4LwMEduhBLSkyEz51zM17XkWZ3/9luvNOPs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "225b5d75242add18ffaf67579acb6549510ca2f7", + "rev": "c0d0be00d4ecc4b51d2d6948e37466194c1e6c51", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-master": { + "locked": { + "lastModified": 1720263701, + "narHash": "sha256-fKYOxXAXAv7zgfPVC1jWPJH6QrJ650IdJpFD9Mm5j0Y=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "731dc15f156f9d28a60bf6b4629994d6bf883975", "type": "github" }, "original": { @@ -464,16 +500,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1719663039, - "narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=", + "lastModified": 1719720450, + "narHash": "sha256-57+R2Uj3wPeDeq8p8un19tzFFlgWiXJ8PbzgKtBgBX8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119", + "rev": "78f8641796edff3bfabbf1ef5029deadfe4a21d0", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } @@ -572,11 +608,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1720021470, - "narHash": "sha256-wJ8NGzPRkwDao4Om9/P+RLxussLGvtGGH2XdjDgJqRE=", + "lastModified": 1720222362, + "narHash": "sha256-3chuZmpQDhod758MzQJQQnoa08NalySx6gyv/T6LEIQ=", "owner": "nix-community", "repo": "nixvim", - "rev": "9b25eaaa6f64a584ffccdd90b23d0962d9138352", + "rev": "edc8602d4723e172405ae00e778c7b407885d6c8", "type": "github" }, "original": { @@ -588,6 +624,7 @@ "root": { "inputs": { "apple-silicon": "apple-silicon", + "compose2nix": "compose2nix", "firefox-addons": "firefox-addons", "flake-utils": "flake-utils_2", "home-manager": "home-manager", @@ -596,6 +633,7 @@ "nixos-aarch64-widevine": "nixos-aarch64-widevine", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_5", + "nixpkgs-2405": "nixpkgs-2405", "nixpkgs-master": "nixpkgs-master", "nixvim": "nixvim", "sops-nix": "sops-nix", @@ -626,11 +664,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1719873517, - "narHash": "sha256-D1dxZmXf6M2h5lNE1m6orojuUawVPjogbGRsqSBX+1g=", + "lastModified": 1720187017, + "narHash": "sha256-Zq+T1Bvd0ShZB9XM+bP0VJK3HjsSVQBLolkaCLBQnfQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "a11224af8d824935f363928074b4717ca2e280db", + "rev": "1b11e208cee97c47677439625dc22e5289dcdead", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index db311bd..2bd4834 100644 --- a/flake.nix +++ b/flake.nix @@ -1,10 +1,15 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs-2405.url = "github:NixOS/nixpkgs/nixos-24.05"; flake-utils.url = "github:numtide/flake-utils"; nixos-aarch64-widevine.url = "github:epetousis/nixos-aarch64-widevine"; nixpkgs-master.url = "github:NixOS/nixpkgs/master"; apple-silicon.url = "github:tpwrules/nixos-apple-silicon"; + compose2nix = { + url = "github:aksiksi/compose2nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; @@ -53,15 +58,12 @@ }; in { nixosConfigurations = { - #pkgs.util.mapHostAttrs (host: host) (host: - # lib.nixosSystem { - # system = "x86_64-linux"; - # modules = [./hosts/x86_64-linux/${host}]; - # specialArgs = {inherit inputs;}; - # }); "asmodeus" = lib.nixosSystem { system = "x86_64-linux"; - modules = [./hosts/x86_64-linux/asmodeus lix-module.nixosModules.default]; + modules = [ + ./hosts/x86_64-linux/asmodeus + lix-module.nixosModules.default + ]; specialArgs = {inherit inputs;}; }; "seraphim" = lib.nixosSystem { diff --git a/home/modules/firefox.nix b/home/modules/firefox.nix index 3ddd347..1505785 100644 --- a/home/modules/firefox.nix +++ b/home/modules/firefox.nix @@ -26,7 +26,7 @@ with inputs; { sidebery leechblock-ng darkreader - ipvfoo + ipvfoo stylus shinigami-eyes violentmonkey diff --git a/home/modules/git.nix b/home/modules/git.nix index 729dc85..e1df58d 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -8,5 +8,10 @@ enable = true; userName = "xqtc161"; userEmail = "xqtc@tutanota.com"; + extraConfig = { + init = { + defaultBranch = "main"; + }; + }; }; } diff --git a/home/modules/nixvim.nix b/home/modules/nixvim.nix index e26ccfe..abf55a7 100644 --- a/home/modules/nixvim.nix +++ b/home/modules/nixvim.nix @@ -42,6 +42,7 @@ lsp = { enable = true; servers = { + docker-compose-language-service.enable = true; pylsp.enable = true; bashls.enable = true; lua-ls.enable = true; diff --git a/hosts/x86_64-linux/beleth/borg.nix b/hosts/x86_64-linux/beleth/borg.nix index 3d36135..a1d1ad2 100644 --- a/hosts/x86_64-linux/beleth/borg.nix +++ b/hosts/x86_64-linux/beleth/borg.nix @@ -27,9 +27,9 @@ "[u410986-sub2.your-storagebox.de]:23" ]; publicKey = '' - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw== - ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw== - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs + ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw== + ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw== + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs ''; }; }; diff --git a/hosts/x86_64-linux/beleth/default.nix b/hosts/x86_64-linux/beleth/default.nix index e544a3b..4a85f15 100644 --- a/hosts/x86_64-linux/beleth/default.nix +++ b/hosts/x86_64-linux/beleth/default.nix @@ -18,7 +18,7 @@ with lib; { ./git.nix ./nextcloud.nix ./paperless.nix - ./docker.nix + # ./docker-compose-crime.nix # ./borg.nix # ./nfs.nix ../../gc.nix @@ -97,8 +97,8 @@ with lib; { }; "jellyfin.heroin.trade" = { extraConfig = '' - reverse_proxy http://127.0.0.1:8096 - redir /metrics* / + reverse_proxy http://127.0.0.1:8096 + redir /metrics* / ''; }; "calibre.heroin.trade" = { @@ -122,9 +122,9 @@ with lib; { ''; }; "servers" = { - extraConfig = '' - metrics - ''; + extraConfig = '' + metrics + ''; }; }; }; diff --git a/hosts/x86_64-linux/beleth/docker-compose-crime.nix b/hosts/x86_64-linux/beleth/docker-compose-crime.nix new file mode 100644 index 0000000..88e7cb1 --- /dev/null +++ b/hosts/x86_64-linux/beleth/docker-compose-crime.nix @@ -0,0 +1,211 @@ +# Auto-generated using compose2nix v0.2.0-pre. +{ + pkgs, + lib, + config, + inputs, + ... +}: +{ + # Runtime + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + # Containers + virtualisation.oci-containers.containers."crime-gluetun" = { + image = "qmcgaw/gluetun"; + environment = { + SERVER_CITIES = "Frankfurt"; + VPN_SERVICE_PROVIDER = "mullvad"; + VPN_TYPE = "wireguard"; + WIREGUARD_ADDRESSES = "10.71.178.75/32"; + WIREGUARD_PRIVATE_KEY = ""; + }; + ports = [ + "6881:6881/tcp" + "6881:6881/udp" + "8085:8085/tcp" + "7878:7878/tcp" + "8989:8989/tcp" + "9696:9696/tcp" + ]; + log-driver = "journald"; + extraOptions = [ + "--cap-add=NET_ADMIN" + "--network-alias=gluetun" + "--network=crime_default" + ]; + }; + systemd.services."podman-crime-gluetun" = { + serviceConfig = { + Restart = lib.mkOverride 500 "\"no\""; + }; + after = [ + "podman-network-crime_default.service" + ]; + requires = [ + "podman-network-crime_default.service" + ]; + partOf = [ + "podman-compose-crime-root.target" + ]; + wantedBy = [ + "podman-compose-crime-root.target" + ]; + }; + virtualisation.oci-containers.containers."prowlarr" = { + image = "lscr.io/linuxserver/prowlarr:latest"; + environment = { + PGID = "1000"; + PUID = "1000"; + TZ = "Etc/UTC"; + }; + volumes = [ + "/home/crime/prowlarr/data:/config:rw" + ]; + dependsOn = [ + "crime-gluetun" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:crime-gluetun" + ]; + }; + systemd.services."podman-prowlarr" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + partOf = [ + "podman-compose-crime-root.target" + ]; + wantedBy = [ + "podman-compose-crime-root.target" + ]; + }; + virtualisation.oci-containers.containers."qbittorrent" = { + image = "lscr.io/linuxserver/qbittorrent"; + environment = { + PGID = "1000"; + PUID = "1000"; + TZ = "Europe/Berlin"; + WEBUI_PORT = "8085"; + }; + volumes = [ + "/home/crime/qbittorrent:/config:rw" + "/home/crime/qbittorrent/downloads:/downloads:rw" + ]; + dependsOn = [ + "crime-gluetun" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:crime-gluetun" + ]; + }; + systemd.services."podman-qbittorrent" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + partOf = [ + "podman-compose-crime-root.target" + ]; + wantedBy = [ + "podman-compose-crime-root.target" + ]; + }; + virtualisation.oci-containers.containers."radarr" = { + image = "lscr.io/linuxserver/radarr:latest"; + environment = { + PGID = "1000"; + PUID = "1000"; + TZ = "Etc/UTC"; + }; + volumes = [ + "/home/crime/radarr/data:/config:rw" + "/home/crime/radarr/downloadclient-downloads:/downloads:rw" + "/home/crime/radarr/movies:/movies:rw" + ]; + dependsOn = [ + "crime-gluetun" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:crime-gluetun" + ]; + }; + systemd.services."podman-radarr" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + partOf = [ + "podman-compose-crime-root.target" + ]; + wantedBy = [ + "podman-compose-crime-root.target" + ]; + }; + virtualisation.oci-containers.containers."sonarr" = { + image = "lscr.io/linuxserver/sonarr:latest"; + environment = { + PGID = "1000"; + PUID = "1000"; + TZ = "Etc/UTC"; + }; + volumes = [ + "/home/crime/sonarr/data:/config:rw" + "/home/crime/sonarr/downloadclient-downloads:/downloads:rw" + "/home/crime/sonarr/tvseries:/tv:rw" + ]; + dependsOn = [ + "crime-gluetun" + ]; + log-driver = "journald"; + extraOptions = [ + "--network=container:crime-gluetun" + ]; + }; + systemd.services."podman-sonarr" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + partOf = [ + "podman-compose-crime-root.target" + ]; + wantedBy = [ + "podman-compose-crime-root.target" + ]; + }; + + # Networks + systemd.services."podman-network-crime_default" = { + path = [pkgs.podman]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "${pkgs.podman}/bin/podman network rm -f crime_default"; + }; + script = '' + podman network inspect crime_default || podman network create crime_default + ''; + partOf = ["podman-compose-crime-root.target"]; + wantedBy = ["podman-compose-crime-root.target"]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."podman-compose-crime-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = ["multi-user.target"]; + }; +} diff --git a/hosts/x86_64-linux/beleth/monitoring.nix b/hosts/x86_64-linux/beleth/monitoring.nix index 01500c1..53bfe21 100644 --- a/hosts/x86_64-linux/beleth/monitoring.nix +++ b/hosts/x86_64-linux/beleth/monitoring.nix @@ -46,11 +46,11 @@ enable = true; }; nextcloud = { - enable = true; - user = "nextcloud"; - username = "xqtc"; - passwordFile = config.sops.secrets.nextcloud_user_password.path; - url = "https://${toString config.services.nextcloud.hostName}"; + enable = true; + user = "nextcloud"; + username = "xqtc"; + passwordFile = config.sops.secrets.nextcloud_user_password.path; + url = "https://${toString config.services.nextcloud.hostName}"; }; }; scrapeConfigs = [ diff --git a/secrets.yaml b/secrets.yaml index 8557650..27cac60 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -5,6 +5,7 @@ public_keys: nextcloud_password: ENC[AES256_GCM,data:lwqQio1I1xTv07bLRyrvig1HRyCxcueSPgDpPRhXBqCi8d42OJt7rA==,iv:R0JxpCJz9zycph9p7Ewwt4QTEXQxaxJ691aWCXfEsFE=,tag:Qz3dD2cOkmneEWP7tI54Dg==,type:str] nextcloud_user_password: ENC[AES256_GCM,data:fkX/1pOgRLvhHTtoK9i5F0kO+mRKj40BH2s7VD7ifPEnyJhWqy5mvg==,iv:iEnW4Z8vCY9oapOpVZNuLMa50SXT01clYaScUN+q/k8=,tag:0G0Y8XCSj+dBAy6Cw8YOHg==,type:str] paperless_password: ENC[AES256_GCM,data:OCrc00vUb+lgel8TmFm+9Ee4QJZZV7W6+Jl9+R7AfjfDh6v590ibvw==,iv:emM7g0JRcEH4xuYdvZN64drOhduXyQy6HwF1xByaLvE=,tag:D2O1qAeKtYWGf+Zd3RuBTQ==,type:str] +#ENC[AES256_GCM,data:UmGDAz/qalmP6Z2r4VSH802m9ddAoCQ8IaAtAmyQV+Psg0rNpLF7du5ykDepTyHAb6YAG1k2k9ziqfV8P9SUNMvLC7D3TmFk9oZtW8HLrN84tcbp9i4HDFfQ+Q==,iv:PzHlSFj0H4/eSab9j3y9lYAFUPMEb+G74M2/2cmv70A=,tag:GFstk6NgtJCNm207zO1fjQ==,type:comment] sops: kms: [] gcp_kms: [] @@ -56,8 +57,8 @@ sops: a2ZHZmQ0dEVMZFlJRENmU2lGejFuMzAKOO3kTP/VWRYn5CrwPyjUIGS7kjxPvNYZ HMt+cCG9FYeJdqPpHWiM0TeHYUG0h7XlltIMg7KhE4Qj/GARegmuZQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-05T15:42:51Z" - mac: ENC[AES256_GCM,data:HKjqJxfseQcrP/hViiY933NQdZQpTYS+wHigWlIOKDUhW4HOjVcRPc/lcbtb/41RBXl5xPKJyYSNzj3AdSM6kMznE0USEmYU9+XHFDd845n1YVg6qRHYUH/fFKsdDF2L5tEZ9DPEZQ6mW2EpxW+9AVVlU1L7wNsm7rtpcPTPcb4=,iv:arNw7DvxMfMBALJjp63bwNrsBedohhVWRJZFboXaZpI=,tag:OKQNf28nm/LrgUueOtwDsg==,type:str] + lastmodified: "2024-07-06T14:20:40Z" + mac: ENC[AES256_GCM,data:tiYyfsKlYF4j5YqIezO34L8nkGmHTWQeR7y6e3M2PFFujCqw87Q/WdAdKiyErvPmPwMbkyfXQZgIs2fAKx/C6t5lh5TFFQYZyvCV9A17y4vn8f5SK1HFDePQTfaCqQ4IlSXAXZYpBMMFJn+WBVJQUCb3xM5meuVYTTZpqE8dmso=,iv:NwLsBzVa/Kf9YS6lfS+4VpWkYxpqxPEbRHquuNJ0klY=,tag:LgsV5KBk0Dwij4jEbB99xA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1