msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(deertopia): *Arr suite

Browse Source
This commit is contained in:
Madeleine Sydney
2025-03-27 16:02:11 -06:00
parent 45a66fe1ab
commit 50af3792f9
19 changed files with 572 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
flake.lock generated
View File

@@ -541,6 +541,30 @@
"type": "github" "type": "github"
} }
}, },
"nixarr": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"vpnconfinement": [
"vpn-confinement"
],
"website-builder": "website-builder"
},
"locked": {
"lastModified": 1742243092,
"narHash": "sha256-pTMB/aLTufgNX3rJlT5Ia64TofZxOdEGMl9nfc3D++o=",
"owner": "rasmus-kirk",
"repo": "nixarr",
"rev": "046ec8d875611ec2c93d5c45eebf6b46f0f350e8",
"type": "github"
},
"original": {
"owner": "rasmus-kirk",
"repo": "nixarr",
"type": "github"
}
},
"nixcord": { "nixcord": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@@ -836,12 +860,14 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"niri": "niri", "niri": "niri",
"nixarr": "nixarr",
"nixcord": "nixcord", "nixcord": "nixcord",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_7",
"nur": "nur", "nur": "nur",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"stylix": "stylix", "stylix": "stylix",
"sydnix-cli": "sydnix-cli" "sydnix-cli": "sydnix-cli",
"vpn-confinement": "vpn-confinement"
} }
}, },
"sops-nix": { "sops-nix": {
@@ -1101,6 +1127,42 @@
"type": "github" "type": "github"
} }
}, },
"vpn-confinement": {
"locked": {
"lastModified": 1742138327,
"narHash": "sha256-Y71Mjej98CjaUKa1ecAIOo0eJ1B3ZVQl2ng6xl7/s9Y=",
"owner": "Maroka-chan",
"repo": "VPN-Confinement",
"rev": "38eeb3bc501900b48d1caf8c52a5b7f2fb7a52c5",
"type": "github"
},
"original": {
"owner": "Maroka-chan",
"repo": "VPN-Confinement",
"type": "github"
}
},
"website-builder": {
"inputs": {
"nixpkgs": [
"nixarr",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741594814,
"narHash": "sha256-YPAIywsWZVhQuy/cPJLi3PiWgoWDrqvQCBytXeSQYCk=",
"owner": "rasmus-kirk",
"repo": "website-builder",
"rev": "e0239195b33103a4923011d8e96ef39a3397631b",
"type": "github"
},
"original": {
"owner": "rasmus-kirk",
"repo": "website-builder",
"type": "github"
}
},
"xwayland-satellite-stable": { "xwayland-satellite-stable": {
"flake": false, "flake": false,
"locked": { "locked": {

6
flake.nix
View File

@@ -17,6 +17,12 @@
stylix.url = "github:danth/stylix"; stylix.url = "github:danth/stylix";
# nixcord.url = "github:kaylorben/nixcord"; # nixcord.url = "github:kaylorben/nixcord";
nixcord.url = "github:msyds/nixcord/irc-colours"; nixcord.url = "github:msyds/nixcord/irc-colours";
vpn-confinement.url = "github:Maroka-chan/VPN-Confinement";
nixarr = {
url = "github:rasmus-kirk/nixarr";
inputs.nixpkgs.follows = "nixpkgs";
inputs.vpnconfinement.follows = "vpn-confinement";
};
# Used for Firefox extensions/addons. # Used for Firefox extensions/addons.
nur = { nur = {
url = "github:nix-community/NUR"; url = "github:nix-community/NUR";

24
hosts/deertopia/configuration.nix
View File

@@ -40,7 +40,7 @@
deertopia = { deertopia = {
authelia.enable = true; authelia.enable = true;
bepasty.enable = true; bepasty.enable = true;
jellyfin.enable = true; jellyfin.enable = false;
lldap.enable = true; lldap.enable = true;
nginx.enable = true; nginx.enable = true;
slskd.enable = true; slskd.enable = true;
@@ -49,6 +49,17 @@
syncthing.enable = true; syncthing.enable = true;
cache.enable = true; cache.enable = true;
mullvad.enable = true; mullvad.enable = true;
servarr = {
enable = true;
prowlarr.enable = true;
jellyfin.enable = true;
transmission.enable = true;
sonarr.enable = true;
lidarr.enable = true;
radarr.enable = true;
# sabnzbd.enable = true;
# slskd.enable = true;
};
# A simple default webpage. This should probably live somewhere else. # A simple default webpage. This should probably live somewhere else.
nginx.vhosts."www" = { nginx.vhosts."www" = {
@@ -67,17 +78,6 @@
sydnix.sops.secrets.buffalo-nas-creds = {}; sydnix.sops.secrets.buffalo-nas-creds = {};
fileSystems."/nas/media" = {
# DNS is seemingly unavailable to the mount service.
device = "//192.168.68.62/media";
mountPoint = "/nas/media";
fsType = "cifs";
options = [
"vers=2.0"
"cred=/run/secrets/buffalo-nas-creds"
];
};
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;

85
hosts/nixos-testbed/configuration.nix
View File

@@ -24,17 +24,51 @@
# just think it's annoying to edit ~/.ssh/known_hosts all the time. # just think it's annoying to edit ~/.ssh/known_hosts all the time.
"/etc/ssh" "/etc/ssh"
]; ];
# rollback = { rollback = {
# enable = true; enable = true;
# device = "/dev/sda2"; device = "/dev/sda2";
# subvolume = "rootfs"; subvolume = "rootfs";
# }; };
};
sops = {
enable = true;
keyFile = "/persist/private-keys/age/deertopia";
};
deertopia = {
# authelia.enable = true;
# bepasty.enable = true;
# jellyfin.enable = true;
# lldap.enable = true;
nginx.enable = true;
# slskd.enable = true;
# webdav.enable = true;
# copyparty.enable = true;
# syncthing.enable = true;
# cache.enable = true;
# mullvad.enable = true;
servarr.enable = true;
servarr.prowlarr.enable = true;
servarr.jellyfin.enable = true;
servarr.transmission.enable = true;
servarr.sonarr.enable = true;
}; };
}; };
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = false; efi.canTouchEfiVariables = true;
};
time.timeZone = "America/Denver";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
# keyMap = "us";
useXkbConfig = true; # use xkb.options in tty.
}; };
fileSystems."/persist/dots" = { fileSystems."/persist/dots" = {
@@ -43,35 +77,34 @@
mountPoint = "/persist/dots"; mountPoint = "/persist/dots";
}; };
networking.hostId = "238e9b1e"; # head -c 8 /etc/machine-id
time.timeZone = "America/Denver";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true; # Use xkb.options in TTY.
};
services.xserver.enable = true;
services.xserver.xkb.layout = "us"; services.xserver.xkb.layout = "us";
services.xserver.xkb.options = "ctrl:swapcaps"; services.xserver.xkb.options = "caps:escape";
environment.systemPackages = [ hardware.graphics = {
pkgs.neovim enable = true;
pkgs.git enable32Bit = true;
pkgs.waypipe };
environment.systemPackages = with pkgs; [
neovim
git
waypipe
sydnix-cli.packages.x86_64-linux.default sydnix-cli.packages.x86_64-linux.default
(import ../../scripts/port-tools { inherit pkgs; }) (import ../../scripts/port-tools { inherit pkgs; })
]; ];
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings = {
settings.X11Forwarding = true; PermitRootLogin = "yes";
X11Forwarding = true;
# This server is connected to the internet! Port 22 is open!!
# Aagghhhh!!! Stay safe!
PasswordAuthentication = false;
};
}; };
# TODO: Move to defaults.
users.mutableUsers = false; users.mutableUsers = false;
nix = { nix = {
@@ -80,12 +113,10 @@
"@wheel" "@wheel"
]; ];
substituters = [ substituters = [
"https://cache.deertopia.net"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.nixos.org" "https://cache.nixos.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
(builtins.readFile ../../public-keys/deertopia-cache.pub.pem)
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
]; ];
}; };

15
modules/nixos/deertopia/copyparty.nix
View File

@@ -20,9 +20,11 @@ in {
nixpkgs.overlays = [ inputs.copyparty.overlays.default ]; nixpkgs.overlays = [ inputs.copyparty.overlays.default ];
# HACK: Ad-hoc permissions, as typical. # HACK: Ad-hoc permissions, as typical.
users.users.copyparty.extraGroups = [ "jellyfin" ]; users.users.copyparty.extraGroups = [
"media"
];
# HACK: Make files created by copypaste.service initialise with the mode # HACK: Make files created by copyparty.service initialise with the mode
# 775. # 775.
systemd.services.copyparty.serviceConfig.UMask = lib.mkForce "002"; systemd.services.copyparty.serviceConfig.UMask = lib.mkForce "002";
@@ -46,12 +48,17 @@ in {
path = "/var/lib/slskd"; path = "/var/lib/slskd";
access.r = "*"; access.r = "*";
}; };
"/Jellyfin" = { "/Media library" = {
path = "/persist/vault/jellyfin"; path = "/persist/media/library";
# View and upload, but no deleting. # View and upload, but no deleting.
access.rw = "*"; access.rw = "*";
access.rwmd = "@jellyfin-admin"; access.rwmd = "@jellyfin-admin";
}; };
"/Torrents" = {
path = "/persist/media/torrents";
access.r = "*";
access.rwmd = "@jellyfin-admin";
};
}; };
}; };

1
modules/nixos/deertopia/nginx.nix
View File

@@ -29,6 +29,7 @@ in
vhosts = lib.mkOption { vhosts = lib.mkOption {
# NOTE: `name` shouldn't contain spaces. # NOTE: `name` shouldn't contain spaces.
default = {};
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = { options = {
enable = lib.mkOption { enable = lib.mkOption {

96
modules/nixos/deertopia/servarr.nix Normal file
View File

@@ -0,0 +1,96 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr;
in {
options.sydnix.deertopia.servarr = {
enable = lib.mkEnableOption "Deertopia's *arr suite";
peer = lib.mkOption {
default = "us-den-wg-101";
type = lib.types.str;
description = ''
The name of a Wireguard configuration file in
modules/nixos/deertopia/mullvad/, without the .conf suffix. Ideally, we
would support multiple peers without rebuilding, but...
'';
};
};
imports = [
./servarr/jellyfin.nix
./servarr/lidarr.nix
./servarr/prowlarr.nix
./servarr/sabnzbd.nix
./servarr/sonarr.nix
./servarr/radarr.nix
./servarr/transmission.nix
# ./servarr/slskd.nix
];
config = lib.mkIf cfg.enable {
sydnix.impermanence.directories = [
# "All services support state management and all state that they manage is
# located by default in /data/.state/nixarr/*"
# See https://nixarr.com/nixos-options/
config.nixarr.stateDir
];
# Mount our NAS's 'media' share.
fileSystems."/persist/media/library" = {
# DNS is seemingly unavailable to the mount service.
device = "//192.168.68.62/media";
mountPoint = "/persist/media/library";
fsType = "cifs";
options = [
"vers=2.0"
"cred=/run/secrets/buffalo-nas-creds"
# It appears that the group/user names used by Nixarr are hard-coded.
"gid=media"
"uid=streamer"
# Mysteriously, 0664 doesn't work…
"dir_mode=0770"
"file_mode=0770"
];
};
sydnix.sops.secrets.wireguard-mullvad-key = {};
systemd.services."create-wireguard-config" = {
script = ''
wgConf="${config.nixarr.stateDir}/wg.conf"
cp "/persist/dots/modules/nixos/deertopia/mullvad/${cfg.peer}.conf" \
"$wgConf"
${pkgs.replace-secret}/bin/replace-secret \
'{{WG_PRIVATE_KEY}}' \
/run/secrets/wireguard-mullvad-key \
"$wgConf"
${pkgs.gnused}/bin/sed -i -e 's/^DNS.*/DNS = 1.1.1.1/' "$wgConf"
chmod 700 "$wgConf"
chown root "$wgConf"
'';
requiredBy = [ "wg.service" ];
};
systemd.services.test-mullvad-connection = {
script = ''
${pkgs.curl}/bin/curl -s https://am.i.mullvad.net/connected >&2
${pkgs.curl}/bin/curl -s https://am.i.mullvad.net/connected 2>/dev/null
'';
vpnconfinement = {
enable = true;
vpnnamespace = "wg";
};
};
nixarr = {
enable = true;
# The default value is overly anti-FHS.
stateDir = "/var/lib/nixarr";
mediaDir = "/persist/media";
vpn = {
enable = true;
wgConf = "${config.nixarr.stateDir}/wg.conf";
};
};
};
}

67
modules/nixos/deertopia/servarr/jellyfin.nix Normal file
View File

@@ -0,0 +1,67 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.jellyfin;
in {
options.sydnix.deertopia.servarr.jellyfin = {
enable = lib.mkEnableOption "Jellyfin (via Nixarr)";
};
config = lib.mkIf cfg.enable {
sydnix.deertopia.nginx.vhosts."watch".vhost =
# Currently no (convenient) way to specify Jellyfin's port from Nix.
let port = builtins.toString 8096;
in {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
# Proxy main Jellyfin traffic.
proxy_pass $jellyfin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon
# streaming.
proxy_buffering off;
'';
locations."/socket".extraConfig = ''
# Proxy Jellyfin Websockets traffic
proxy_pass $jellyfin;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
extraConfig = ''
set $jellyfin http://127.0.0.1:${port};
'';
};
nixarr.jellyfin = {
enable = true;
openFirewall = true;
};
sydnix.deertopia.nginx.vhosts."jellyseer".vhost =
# Currently no (convenient) way to specify Jellyfin's port from Nix.
let port = builtins.toString 8096;
in {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:5055";
};
nixarr.jellyseerr = {
enable = true;
openFirewall = true;
};
};
}

33
modules/nixos/deertopia/servarr/lidarr.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.lidarr;
in {
options.sydnix.deertopia.servarr.lidarr = {
enable = lib.mkEnableOption "Lidarr (via Nixarr)";
};
config = lib.mkIf cfg.enable {
sydnix.deertopia.nginx.vhosts."lidarr" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
extraConfig = ''
# include ${../authelia/authelia-location.conf};
set $upstream http://127.0.0.1:8686;
'';
locations."/".extraConfig = ''
# include ${../authelia/authelia-authrequest.conf};
# include ${../authelia/proxy.conf};
proxy_pass $upstream;
'';
};
};
nixarr.lidarr = {
enable = true;
openFirewall = true;
};
};
}

32
modules/nixos/deertopia/servarr/prowlarr.nix Normal file
View File

@@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.prowlarr;
in {
options.sydnix.deertopia.servarr.prowlarr = {
enable = lib.mkEnableOption "Prowlarr (via Nixarr)";
};
config = lib.mkIf cfg.enable {
nixarr.prowlarr = {
enable = true;
openFirewall = true;
};
sydnix.deertopia.nginx.vhosts."prowlarr" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
extraConfig = ''
# include ${../authelia/authelia-location.conf};
set $upstream http://127.0.0.1:9696;
'';
locations."/".extraConfig = ''
# include ${../authelia/authelia-authrequest.conf};
# include ${../authelia/proxy.conf};
proxy_pass $upstream;
'';
};
};
};
}

33
modules/nixos/deertopia/servarr/radarr.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.radarr;
in {
options.sydnix.deertopia.servarr.radarr = {
enable = lib.mkEnableOption "Radarr (via Nixarr)";
};
config = lib.mkIf cfg.enable {
nixarr.radarr = {
enable = true;
openFirewall = true;
};
sydnix.deertopia.nginx.vhosts."radarr" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
extraConfig = ''
# include ${../authelia/authelia-location.conf};
set $upstream http://127.0.0.1:7878;
'';
locations."/".extraConfig = ''
# include ${../authelia/authelia-authrequest.conf};
# include ${../authelia/proxy.conf};
proxy_pass $upstream;
'';
};
};
};
}

17
modules/nixos/deertopia/servarr/sabnzbd.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.sabnzbd;
in {
options.sydnix.deertopia.servarr.sabnzbd = {
enable = lib.mkEnableOption "SABnzbd (via Nixarr)";
};
config = lib.mkIf cfg.enable {
nixarr.sabnzbd = {
enable = true;
# vpn.enable = true;
openFirewall = true;
guiPort = 43288;
};
};
}

74
modules/nixos/deertopia/servarr/slskd.nix Normal file
View File

@@ -0,0 +1,74 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.slskd;
in {
options.sydnix.deertopia.servarr.slskd = {
enable = lib.mkEnableOption "Slskd (à la Nixarr)";
};
config = lib.mkIf cfg.enable {
sydnix.sops.secrets.slskd-credentials = {
owner = "torrenter";
};
# TODO: Patch Nixpkgs to add option services.slskd.appDir.
services.slskd = {
enable = true;
user = "torrenter";
group = "media";
openFirewall = true;
domain = null;
environmentFile = "/run/secrets/slskd-credentials";
settings = {
# Disable slskd's authentication in favour of Authelia.
web.authentication.disabled = true;
shares.directories = [
config.nixarr.mediaDir
];
directories = {
downloads = "/var/lib/slskd/downloads";
incomplete = "/var/lib/slskd/incomplete";
};
};
};
networking.firewall.allowedTCPPorts = [
config.services.slskd.settings.web.port
];
sydnix.deertopia.nginx.vhosts."slsk" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
extraConfig =
let port = builtins.toString config.services.slskd.settings.web.port;
in ''
include ${../authelia/authelia-location.conf};
set $upstream http://127.0.0.1:${port};
'';
locations."/".extraConfig = ''
include ${../authelia/authelia-authrequest.conf};
include ${../authelia/proxy.conf};
proxy_pass $upstream;
'';
locations."/hub".extraConfig = ''
proxy_pass $upstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
};
};
};
}

32
modules/nixos/deertopia/servarr/sonarr.nix Normal file
View File

@@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.sonarr;
in {
options.sydnix.deertopia.servarr.sonarr = {
enable = lib.mkEnableOption "Sonarr (via Nixarr)";
};
config = lib.mkIf cfg.enable {
nixarr.sonarr = {
enable = true;
openFirewall = true;
};
sydnix.deertopia.nginx.vhosts."sonarr" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
extraConfig = ''
# include ${../authelia/authelia-location.conf};
set $upstream http://127.0.0.1:8989;
'';
locations."/".extraConfig = ''
# include ${../authelia/authelia-authrequest.conf};
# include ${../authelia/proxy.conf};
proxy_pass $upstream;
'';
};
};
};
}

24
modules/nixos/deertopia/servarr/transmission.nix Normal file
View File

@@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.transmission;
in {
options.sydnix.deertopia.servarr.transmission = {
enable = lib.mkEnableOption "Transmission (via Nixarr)";
};
config = lib.mkIf cfg.enable {
sydnix.sops.secrets.transmission-credentials = {
owner = config.services.transmission.user;
group = config.services.transmission.group;
mode = "700";
};
nixarr.transmission = {
enable = true;
vpn.enable = true;
credentialsFile = "/run/secrets/transmission-credentials";
# Default (9091) conflicts with Authelia.
uiPort = 7052;
};
};
}

11
modules/nixos/deertopia/slskd.nix
View File

@@ -22,11 +22,12 @@ in {
# Disable slskd's authentication in favour of Authelia. # Disable slskd's authentication in favour of Authelia.
web.authentication.disabled = true; web.authentication.disabled = true;
shares.directories = [ shares.directories = [
"/persist/vault/jellyfin/Music" "/persist/media/library"
"/persist/vault/jellyfin/Shows" # "/persist/vault/jellyfin/Music"
"/persist/vault/jellyfin/Documents" # "/persist/vault/jellyfin/Shows"
"/persist/vault/jellyfin/Music Videos" # "/persist/vault/jellyfin/Documents"
"/persist/vault/jellyfin/Movies" # "/persist/vault/jellyfin/Music Videos"
# "/persist/vault/jellyfin/Movies"
]; ];
# directories.downloads = "/persist/vault/jellyfin/Music"; # directories.downloads = "/persist/vault/jellyfin/Music";
}; };

1
outputs/nixosConfigurations.nix
View File

@@ -36,6 +36,7 @@ let
inputs.copyparty.nixosModules.default inputs.copyparty.nixosModules.default
inputs.niri.nixosModules.niri inputs.niri.nixosModules.niri
inputs.stylix.nixosModules.stylix inputs.stylix.nixosModules.stylix
inputs.nixarr.nixosModules.default
# Directory name should always match host name. # Directory name should always match host name.
({ ... }: { networking.hostName = hostName; }) ({ ... }: { networking.hostName = hostName; })

5
secrets.yaml Executable file → Normal file
View File

@@ -18,6 +18,7 @@ authelia-authentication-backend-ldap-password: ENC[AES256_GCM,data:VWHW3rjjYCiEw
wireguard-mullvad-key: ENC[AES256_GCM,data:UHvISlmMz9pqpegyOr9SEHQcgklLp9f4myCGWYR0BoeGHj/dYkLT333FTsE=,iv:4JJo2NUpb9TcAnoSFPVtpk58eDBOwziJ72xJ2ibg9zU=,tag:61a5tcZgMVu3BeJMDOB4Fw==,type:str] wireguard-mullvad-key: ENC[AES256_GCM,data:UHvISlmMz9pqpegyOr9SEHQcgklLp9f4myCGWYR0BoeGHj/dYkLT333FTsE=,iv:4JJo2NUpb9TcAnoSFPVtpk58eDBOwziJ72xJ2ibg9zU=,tag:61a5tcZgMVu3BeJMDOB4Fw==,type:str]
deertopia-cache-key: ENC[AES256_GCM,data:icKy8QZ59/zvQXgsTqN0PInUH3kgZBquwoAF0Lz3yy1avRI6z5DPuBAmj15lC8UmoDhTqi8nCvm5CGW1Xp5YgAQ5TgEWRpm8FWXxSofhLw8BotM4S3zxtCyefxcrW8Z7Lh7p25ECLrSX5F1h,iv:NNOWrgLrtg4WgG6IYWrVOhaTBmAaSeephvVwTT3VeUQ=,tag:zHmAil/falzhWXkvAV4PQA==,type:str] deertopia-cache-key: ENC[AES256_GCM,data:icKy8QZ59/zvQXgsTqN0PInUH3kgZBquwoAF0Lz3yy1avRI6z5DPuBAmj15lC8UmoDhTqi8nCvm5CGW1Xp5YgAQ5TgEWRpm8FWXxSofhLw8BotM4S3zxtCyefxcrW8Z7Lh7p25ECLrSX5F1h,iv:NNOWrgLrtg4WgG6IYWrVOhaTBmAaSeephvVwTT3VeUQ=,tag:zHmAil/falzhWXkvAV4PQA==,type:str]
buffalo-nas-creds: ENC[AES256_GCM,data:dG8aA6KtATFyfDVGqF0a1wavhXDIv9bxnw==,iv:3H6T/THSxAAWTjDi35Q17Syq0Fz6jsHItzJUPxamzhA=,tag:f8kUnPX1Ik5HT6sDuHaFaw==,type:str] buffalo-nas-creds: ENC[AES256_GCM,data:dG8aA6KtATFyfDVGqF0a1wavhXDIv9bxnw==,iv:3H6T/THSxAAWTjDi35Q17Syq0Fz6jsHItzJUPxamzhA=,tag:f8kUnPX1Ik5HT6sDuHaFaw==,type:str]
transmission-credentials: ENC[AES256_GCM,data:HQtayxLRPATLXfS2DvPx9cNjSHk996QhSz6hiF0dnOS4Mdt1u+Ru+r7UNsfNLKOtB8j+mITizVH9S/5GryqTUB+ffJVet5Iw,iv:JRD3MVOwKPaL9S8Xa+amG32qOGaCN1c1N25kCcuVfpU=,tag:FG8ZsAEBpVAiXCYhw3MdZQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -42,8 +43,8 @@ sops:
TXFLY2l0UHJ3Z0NGZjVpbTQ2UC8yaTQKA7wTmW9Ha6T2KmCr/nkXdizgv8+V6SAp TXFLY2l0UHJ3Z0NGZjVpbTQ2UC8yaTQKA7wTmW9Ha6T2KmCr/nkXdizgv8+V6SAp
ZhDO+uDQ1evIh2wLWMOXNJ3d/zplLCOTzR2xkqBIUp5V7MXj45RUIA== ZhDO+uDQ1evIh2wLWMOXNJ3d/zplLCOTzR2xkqBIUp5V7MXj45RUIA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-01T12:20:42Z" lastmodified: "2025-04-01T14:04:42Z"
mac: ENC[AES256_GCM,data:7Z9Uo2J4LBcThM1dBJrTelgXEd614RYwHMS9BSZDommWuG3EicWv+l76GCijHQwGnK8NWXgacc+wEY3rCL9n6Dceuy795ZeIxUBsigaVwuqBsSNAAitMKZelX4W++fIBLk5wzMQUdfjJPOHRXWB8o5ayZPSM5g4gUo9warZ0C94=,iv:v58EcYGC93IHeEpf9wDrolqcL7VKcGD44cwk6RfmW8A=,tag:nbPdqtuZ7pS1Y1ucyihkyg==,type:str] mac: ENC[AES256_GCM,data:EgvhxUBjbs71Exke3c3oI/uzfThbN/SgeaC7wJOTbp1wFV9YgSI+wOzTKApJl72EvRxr6qpep6jchNIDQj++V+wmjgi2Eh3hkfMfzlfeHQk0q3/BFea+8JNXsLNPTQhiWTbttmHNLqgr03j6BeXfLDhm4D+rpvRwzog5N3k356w=,iv:zeUmPgpYw3HGzJobKEssZND9WVB6lc8YYP5KdnBWeMA=,tag:Te6FH2/7ZWpVAdHNTF9IDQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4

4
users/lain/default.nix
View File

@@ -14,8 +14,10 @@
"annex" "annex"
# Can modify Deertopia's Jellyfin libraries. # Can modify Deertopia's Jellyfin libraries.
"jellyfin" "jellyfin"
# Can access slskd's downloads # Can access slskd's downloads.
"slskd" "slskd"
# Can access Nixarr's media.
"media"
]; ];
initialHashedPassword = initialHashedPassword =
"$y$j9T$aEFDDwdTZbAc6VQRXrkBJ0$K8wxTGTWDihyX1wxJ.ZMH//wmQFfrGGUkLkxIU0Lyq8"; "$y$j9T$aEFDDwdTZbAc6VQRXrkBJ0$K8wxTGTWDihyX1wxJ.ZMH//wmQFfrGGUkLkxIU0Lyq8";