diff --git a/homes/x86_64-linux/kylekrein/niri/niri.nix b/homes/x86_64-linux/kylekrein/niri/niri.nix index db21436..6b7d688 100644 --- a/homes/x86_64-linux/kylekrein/niri/niri.nix +++ b/homes/x86_64-linux/kylekrein/niri/niri.nix @@ -367,6 +367,18 @@ in open-floating = true; open-focused = true; } + { + #Screenshots + matches = [ + { + title = "satty"; + } + ]; + open-floating = true; + open-focused = true; + min-width = 700; + min-height = 350; + } { #PiP matches = [ diff --git a/modules/nixos/programs/sops/secrets/secrets.yaml b/modules/nixos/programs/sops/secrets/secrets.yaml index 16f7c67..5a129a8 100644 --- a/modules/nixos/programs/sops/secrets/secrets.yaml +++ b/modules/nixos/programs/sops/secrets/secrets.yaml @@ -4,6 +4,7 @@ users: andrej: ENC[AES256_GCM,data:x/cWcswSDMFxXSLXe1JWGnQAuPYWM5AU4X3WxVAqUIifcYWxxynMfL9LXEgo3sP1IvRyp4FW+voWQrJM/KGdbYkkrAJNhbD7/Q==,iv:C51H9Zz4nxB+K1cohRq+1oPQ/ckDgVCMW4vB4+3wEt8=,tag:8ENLfMIoHbJGxceCKZulxg==,type:str] services: conduwuit: ENC[AES256_GCM,data:1shEq67QJTkeqrfYSr/eYG7gYWH//5ey6XQ=,iv:hy5wQmue8qU4ALfn9BrNQLnsTk8BsVVXY/8bDj18mXk=,tag:h6+hL0HjgSzd15Kc7Zg4ng==,type:str] + nextcloud: ENC[AES256_GCM,data:YLRMhChTu/UQI+HIcUjNFFK+CfSCl2+0kfSkSfauAftRO2A1VHhyCjP5,iv:DLfhSvNRWXVU5XE3SwV4vZmAQI2ZVa+ak/g5Nu+Fgcg=,tag:K3nWfJRNxodeMkxGG3ljmg==,type:str] gitlab: dbPassword: ENC[AES256_GCM,data:itn9xyNZO+xkSk0GKvLzjLRzM0uZ+TalqLtj6tyjKXM=,iv:U8bX/On89wz6Lz4R2/fZ+FWRObehlnjFhUQdAhmxb60=,tag:oEbee14jCGfRs8i5bJZ5FA==,type:str] rootPassword: ENC[AES256_GCM,data:lXq+GIn6ooTzZL4iMYFzx3kn8gdcdsNaLQ/zVCr75Nw=,iv:mGp9gxL9uABpbod/ZNNyEllBbcfrQuFG4pQgs0v/xbk=,tag:CZzj4hauh/Qi8fvtmaZ/KQ==,type:str] @@ -52,7 +53,7 @@ sops: MU43ZWEwMXEwdGx5d0hUNlhiaGdjWU0K9UoNQOnMxTy0KdfiYOgm0TxH5qFUV3gi f7z2RzR44ndf0nHwIzr8e1bmF9q5mc685Wq9qyM7aLCE+yUU/vUO7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-30T16:15:59Z" - mac: ENC[AES256_GCM,data:mmJH3BEqsrboGaQM7yWuHF1MWREC4bLc+RAZgsqlNvhgoWLoaVDLuBjEfuXCDPdnvDPesbUrI8HHA5gz523C0PoJdkoFcRoVOwhLqj6tJjT4JnlaTgpBMN5UqBqt9Gm68mqekE0bm7ihdc3lnn/OkRrxJI3Th5KzUC4zMmdjVsI=,iv:K0f75ft3PQdQ1AUFzrannvLv03fl6FS6se/muMcyQkY=,tag:y3FJQDthKoWvoMHdmcvRQA==,type:str] + lastmodified: "2025-09-18T10:36:22Z" + mac: ENC[AES256_GCM,data:5PQZXtuWcWn/PDSM6uA1ycFKOPeJIzxEcTDZBbUeemr4lXzM6pB1ZPREfiAWP+d49m4aotgv6GW2qz5n7JY/GUJCjAWnAlnzlWdh91BNAwhZ6TPQ0+hN/AfF+EHEpvwrAklXl0fGjc3O7J2FwPEdAUCIyYG11zswXmIOovOcivw=,iv:bByp/c1xlgrgQZYrxo1XnXFdacKIDIeVinR46yFy2k8=,tag:aMU5V9EtWoUtQS7/VulKEw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/systems/x86_64-linux/kylekrein-framework12/default.nix b/systems/x86_64-linux/kylekrein-framework12/default.nix index 00a868e..2ad0ddf 100644 --- a/systems/x86_64-linux/kylekrein-framework12/default.nix +++ b/systems/x86_64-linux/kylekrein-framework12/default.nix @@ -59,6 +59,10 @@ in blender video-downloader ]; + + services.fprintd.enable = true; + #services.fprintd.tod.enable = true; + #services.fprintd.tod.driver = pkgs.libfprint-2-tod1-elan; #services.power-profiles-daemon.enable = true; #services.tlp.enable = false; #Chat host diff --git a/systems/x86_64-linux/stargate/default.nix b/systems/x86_64-linux/stargate/default.nix index 45d3047..aa1ac03 100644 --- a/systems/x86_64-linux/stargate/default.nix +++ b/systems/x86_64-linux/stargate/default.nix @@ -13,7 +13,10 @@ }: with lib; with lib.custom; { - #facter.reportPath = ./facter.json; + facter.reportPath = + if (builtins.pathExists ./facter.json) + then ./facter.json + else null; imports = lib.snowfall.fs.get-non-default-nix-files ./. ++ [./services]; #systemd.network.wait-online.enable = lib.mkForce false; #facter boot.supportedFilesystems = ["zfs"]; diff --git a/systems/x86_64-linux/stargate/services/caddy.nix b/systems/x86_64-linux/stargate/services/caddy.nix new file mode 100644 index 0000000..6e00674 --- /dev/null +++ b/systems/x86_64-linux/stargate/services/caddy.nix @@ -0,0 +1,57 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.custom; { + services.caddy = { + enable = true; + #virtualHosts."kylekrein.com:8448".extraConfig = '' + # reverse_proxy http://localhost:6167 + #''; + virtualHosts."kylekrein.com".extraConfig = config.services.caddy.virtualHosts."matrix.kylekrein.com".extraConfig; + # reverse_proxy /.well-known/* http://localhost:6167 + #''; + virtualHosts."matrix.kylekrein.com".extraConfig = '' + handle_path /.well-known/matrix/* { + + header Access-Control-Allow-Origin * + + ## `Content-Type: application/json` isn't required by the matrix spec + ## but some browsers (firefox) and some other tooling might preview json + ## content prettier when they are made aware via Content-Type + header Content-Type application/json + + respond /client `{ "m.homeserver": { "base_url": "https://matrix.kylekrein.com/" }, "org.matrix.msc3575.proxy": { "url": "https://matrix.kylekrein.com/"}, "org.matrix.msc4143.rtc_foci": [ { "type": "livekit", "livekit_service_url": "https://livekit-jwt.call.matrix.org" } ] }` + + respond /server `{ "m.server": "matrix.kylekrein.com:443" }` + + ## return http/404 if nothing matches + respond 404 + } + respond /.well-known/element/element.json `{"call":{"widget_url":"https://call.element.io"}}` + reverse_proxy * http://localhost:6167 + ''; + virtualHosts."gitlab.kylekrein.com".extraConfig = '' + reverse_proxy * unix//run/gitlab/gitlab-workhorse.socket + ''; + virtualHosts."immich.kylekrein.com".extraConfig = '' + reverse_proxy * http://[::1]:${toString config.services.immich.port} + ''; + virtualHosts."nextcloud.kylekrein.com".extraConfig = '' + reverse_proxy * http://nextcloud.localhost" + ''; + virtualHosts."ntfy.kylekrein.com".extraConfig = '' + reverse_proxy * http://[::1]${config.services.ntfy-sh.settings.listen-http} + ''; + }; +} diff --git a/systems/x86_64-linux/stargate/services/default.nix b/systems/x86_64-linux/stargate/services/default.nix index 11347cb..b045ab0 100644 --- a/systems/x86_64-linux/stargate/services/default.nix +++ b/systems/x86_64-linux/stargate/services/default.nix @@ -13,4 +13,5 @@ }: with lib; with lib.custom; { + imports = lib.snowfall.fs.get-non-default-nix-files ./.; } diff --git a/systems/x86_64-linux/stargate/services/immich.nix b/systems/x86_64-linux/stargate/services/immich.nix new file mode 100644 index 0000000..00b93bb --- /dev/null +++ b/systems/x86_64-linux/stargate/services/immich.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.custom; { + #https://wiki.nixos.org/wiki/Immich + services.immich = { + enable = true; + port = 2283; + accelerationDevices = null; + }; + users.users.immich.extraGroups = ["video" "render"]; + hardware.graphics = { + enable = true; + }; + #networking.firewallAllowedTCPPorts = [config.services.immich.port]; +} diff --git a/systems/x86_64-linux/stargate/services/nextcloud.nix b/systems/x86_64-linux/stargate/services/nextcloud.nix new file mode 100644 index 0000000..2a0f807 --- /dev/null +++ b/systems/x86_64-linux/stargate/services/nextcloud.nix @@ -0,0 +1,26 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.custom; { + sops.secrets."services/nextcloud" = {owner = "nextcloud";}; + services.nextcloud = { + enable = true; + database.createLocally = true; + config = { + dbtype = "pgsql"; + adminpassFile = config.sops.secrets."services/nextcloud".path; + }; + hostName = "nextcloud.localhost"; + }; +} diff --git a/systems/x86_64-linux/stargate/services/ntfy-sh.nix b/systems/x86_64-linux/stargate/services/ntfy-sh.nix new file mode 100644 index 0000000..7c40f6a --- /dev/null +++ b/systems/x86_64-linux/stargate/services/ntfy-sh.nix @@ -0,0 +1,26 @@ +{ + lib, + pkgs, + inputs, + namespace, + system, + target, + format, + virtual, + systems, + config, + ... +}: +with lib; +with lib.custom; { + services.ntfy-sh = { + enable = true; + settings = { + base-url = "https://ntfy.kylekrein.com"; + listen-http = ":9000"; + auth-default-access = "deny-all"; + behind-proxy = true; + enable-login = false; + }; + }; +}