kylekrein/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Services

Browse source
This commit is contained in:
Aleksandr Lebedev 2025-09-19 16:28:03 +02:00
parent fb0d8526ff
commit 22a3f0b5de
9 changed files with 160 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
homes/x86_64-linux/kylekrein/niri/niri.nix
View file

@ -367,6 +367,18 @@ in
open-floating = true; open-floating = true;
open-focused = true; open-focused = true;
} }
{
#Screenshots
matches = [
{
title = "satty";
}
];
open-floating = true;
open-focused = true;
min-width = 700;
min-height = 350;
}
{ {
#PiP #PiP
matches = [ matches = [

5
modules/nixos/programs/sops/secrets/secrets.yaml
View file

@ -4,6 +4,7 @@ users:
andrej: ENC[AES256_GCM,data:x/cWcswSDMFxXSLXe1JWGnQAuPYWM5AU4X3WxVAqUIifcYWxxynMfL9LXEgo3sP1IvRyp4FW+voWQrJM/KGdbYkkrAJNhbD7/Q==,iv:C51H9Zz4nxB+K1cohRq+1oPQ/ckDgVCMW4vB4+3wEt8=,tag:8ENLfMIoHbJGxceCKZulxg==,type:str] andrej: ENC[AES256_GCM,data:x/cWcswSDMFxXSLXe1JWGnQAuPYWM5AU4X3WxVAqUIifcYWxxynMfL9LXEgo3sP1IvRyp4FW+voWQrJM/KGdbYkkrAJNhbD7/Q==,iv:C51H9Zz4nxB+K1cohRq+1oPQ/ckDgVCMW4vB4+3wEt8=,tag:8ENLfMIoHbJGxceCKZulxg==,type:str]
services: services:
conduwuit: ENC[AES256_GCM,data:1shEq67QJTkeqrfYSr/eYG7gYWH//5ey6XQ=,iv:hy5wQmue8qU4ALfn9BrNQLnsTk8BsVVXY/8bDj18mXk=,tag:h6+hL0HjgSzd15Kc7Zg4ng==,type:str] conduwuit: ENC[AES256_GCM,data:1shEq67QJTkeqrfYSr/eYG7gYWH//5ey6XQ=,iv:hy5wQmue8qU4ALfn9BrNQLnsTk8BsVVXY/8bDj18mXk=,tag:h6+hL0HjgSzd15Kc7Zg4ng==,type:str]
nextcloud: ENC[AES256_GCM,data:YLRMhChTu/UQI+HIcUjNFFK+CfSCl2+0kfSkSfauAftRO2A1VHhyCjP5,iv:DLfhSvNRWXVU5XE3SwV4vZmAQI2ZVa+ak/g5Nu+Fgcg=,tag:K3nWfJRNxodeMkxGG3ljmg==,type:str]
gitlab: gitlab:
dbPassword: ENC[AES256_GCM,data:itn9xyNZO+xkSk0GKvLzjLRzM0uZ+TalqLtj6tyjKXM=,iv:U8bX/On89wz6Lz4R2/fZ+FWRObehlnjFhUQdAhmxb60=,tag:oEbee14jCGfRs8i5bJZ5FA==,type:str] dbPassword: ENC[AES256_GCM,data:itn9xyNZO+xkSk0GKvLzjLRzM0uZ+TalqLtj6tyjKXM=,iv:U8bX/On89wz6Lz4R2/fZ+FWRObehlnjFhUQdAhmxb60=,tag:oEbee14jCGfRs8i5bJZ5FA==,type:str]
rootPassword: ENC[AES256_GCM,data:lXq+GIn6ooTzZL4iMYFzx3kn8gdcdsNaLQ/zVCr75Nw=,iv:mGp9gxL9uABpbod/ZNNyEllBbcfrQuFG4pQgs0v/xbk=,tag:CZzj4hauh/Qi8fvtmaZ/KQ==,type:str] rootPassword: ENC[AES256_GCM,data:lXq+GIn6ooTzZL4iMYFzx3kn8gdcdsNaLQ/zVCr75Nw=,iv:mGp9gxL9uABpbod/ZNNyEllBbcfrQuFG4pQgs0v/xbk=,tag:CZzj4hauh/Qi8fvtmaZ/KQ==,type:str]
@ -52,7 +53,7 @@ sops:
MU43ZWEwMXEwdGx5d0hUNlhiaGdjWU0K9UoNQOnMxTy0KdfiYOgm0TxH5qFUV3gi MU43ZWEwMXEwdGx5d0hUNlhiaGdjWU0K9UoNQOnMxTy0KdfiYOgm0TxH5qFUV3gi
f7z2RzR44ndf0nHwIzr8e1bmF9q5mc685Wq9qyM7aLCE+yUU/vUO7Q== f7z2RzR44ndf0nHwIzr8e1bmF9q5mc685Wq9qyM7aLCE+yUU/vUO7Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-30T16:15:59Z" lastmodified: "2025-09-18T10:36:22Z"
mac: ENC[AES256_GCM,data:mmJH3BEqsrboGaQM7yWuHF1MWREC4bLc+RAZgsqlNvhgoWLoaVDLuBjEfuXCDPdnvDPesbUrI8HHA5gz523C0PoJdkoFcRoVOwhLqj6tJjT4JnlaTgpBMN5UqBqt9Gm68mqekE0bm7ihdc3lnn/OkRrxJI3Th5KzUC4zMmdjVsI=,iv:K0f75ft3PQdQ1AUFzrannvLv03fl6FS6se/muMcyQkY=,tag:y3FJQDthKoWvoMHdmcvRQA==,type:str] mac: ENC[AES256_GCM,data:5PQZXtuWcWn/PDSM6uA1ycFKOPeJIzxEcTDZBbUeemr4lXzM6pB1ZPREfiAWP+d49m4aotgv6GW2qz5n7JY/GUJCjAWnAlnzlWdh91BNAwhZ6TPQ0+hN/AfF+EHEpvwrAklXl0fGjc3O7J2FwPEdAUCIyYG11zswXmIOovOcivw=,iv:bByp/c1xlgrgQZYrxo1XnXFdacKIDIeVinR46yFy2k8=,tag:aMU5V9EtWoUtQS7/VulKEw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2

4
systems/x86_64-linux/kylekrein-framework12/default.nix
View file

@ -59,6 +59,10 @@ in
blender blender
video-downloader video-downloader
]; ];
services.fprintd.enable = true;
#services.fprintd.tod.enable = true;
#services.fprintd.tod.driver = pkgs.libfprint-2-tod1-elan;
#services.power-profiles-daemon.enable = true; #services.power-profiles-daemon.enable = true;
#services.tlp.enable = false; #services.tlp.enable = false;
#Chat host #Chat host

5
systems/x86_64-linux/stargate/default.nix
View file

@ -13,7 +13,10 @@
}: }:
with lib; with lib;
with lib.custom; { with lib.custom; {
#facter.reportPath = ./facter.json; facter.reportPath =
if (builtins.pathExists ./facter.json)
then ./facter.json
else null;
imports = lib.snowfall.fs.get-non-default-nix-files ./. ++ [./services]; imports = lib.snowfall.fs.get-non-default-nix-files ./. ++ [./services];
#systemd.network.wait-online.enable = lib.mkForce false; #facter #systemd.network.wait-online.enable = lib.mkForce false; #facter
boot.supportedFilesystems = ["zfs"]; boot.supportedFilesystems = ["zfs"];

57
systems/x86_64-linux/stargate/services/caddy.nix Normal file
View file

@ -0,0 +1,57 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.custom; {
services.caddy = {
enable = true;
#virtualHosts."kylekrein.com:8448".extraConfig = ''
# reverse_proxy http://localhost:6167
#'';
virtualHosts."kylekrein.com".extraConfig = config.services.caddy.virtualHosts."matrix.kylekrein.com".extraConfig;
# reverse_proxy /.well-known/* http://localhost:6167
#'';
virtualHosts."matrix.kylekrein.com".extraConfig = ''
handle_path /.well-known/matrix/* {
header Access-Control-Allow-Origin *
## `Content-Type: application/json` isn't required by the matrix spec
## but some browsers (firefox) and some other tooling might preview json
## content prettier when they are made aware via Content-Type
header Content-Type application/json
respond /client `{ "m.homeserver": { "base_url": "https://matrix.kylekrein.com/" }, "org.matrix.msc3575.proxy": { "url": "https://matrix.kylekrein.com/"}, "org.matrix.msc4143.rtc_foci": [ { "type": "livekit", "livekit_service_url": "https://livekit-jwt.call.matrix.org" } ] }`
respond /server `{ "m.server": "matrix.kylekrein.com:443" }`
## return http/404 if nothing matches
respond 404
}
respond /.well-known/element/element.json `{"call":{"widget_url":"https://call.element.io"}}`
reverse_proxy * http://localhost:6167
'';
virtualHosts."gitlab.kylekrein.com".extraConfig = ''
reverse_proxy * unix//run/gitlab/gitlab-workhorse.socket
'';
virtualHosts."immich.kylekrein.com".extraConfig = ''
reverse_proxy * http://[::1]:${toString config.services.immich.port}
'';
virtualHosts."nextcloud.kylekrein.com".extraConfig = ''
reverse_proxy * http://nextcloud.localhost"
'';
virtualHosts."ntfy.kylekrein.com".extraConfig = ''
reverse_proxy * http://[::1]${config.services.ntfy-sh.settings.listen-http}
'';
};
}

1
systems/x86_64-linux/stargate/services/default.nix
View file

@ -13,4 +13,5 @@
}: }:
with lib; with lib;
with lib.custom; { with lib.custom; {
imports = lib.snowfall.fs.get-non-default-nix-files ./.;
} }

27
systems/x86_64-linux/stargate/services/immich.nix Normal file
View file

@ -0,0 +1,27 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.custom; {
#https://wiki.nixos.org/wiki/Immich
services.immich = {
enable = true;
port = 2283;
accelerationDevices = null;
};
users.users.immich.extraGroups = ["video" "render"];
hardware.graphics = {
enable = true;
};
#networking.firewallAllowedTCPPorts = [config.services.immich.port];
}

26
systems/x86_64-linux/stargate/services/nextcloud.nix Normal file
View file

@ -0,0 +1,26 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.custom; {
sops.secrets."services/nextcloud" = {owner = "nextcloud";};
services.nextcloud = {
enable = true;
database.createLocally = true;
config = {
dbtype = "pgsql";
adminpassFile = config.sops.secrets."services/nextcloud".path;
};
hostName = "nextcloud.localhost";
};
}

26
systems/x86_64-linux/stargate/services/ntfy-sh.nix Normal file
View file

@ -0,0 +1,26 @@
{
lib,
pkgs,
inputs,
namespace,
system,
target,
format,
virtual,
systems,
config,
...
}:
with lib;
with lib.custom; {
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy.kylekrein.com";
listen-http = ":9000";
auth-default-access = "deny-all";
behind-proxy = true;
enable-login = false;
};
};
}