adriangl/nix-dotfiles
1
2
Fork 0
mirror of https://github.com/adrlau/nix-dotfiles.git synced 2026-03-17 06:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: adriangl:c5d4cac1a0c6b86a5398b20cc11ca59eefdde3d0
Branches Tags
adriangl:main adriangl:2411 adriangl:sway-fixes
...
compare: adriangl:34f84a18b3269846212a140ae906547ae8c1e1a4
Branches Tags
adriangl:main adriangl:2411 adriangl:sway-fixes

4 Commits
c5d4cac1a0 ... 34f84a18b3

Author SHA1 Message Date
Adrian Gunnar Lauterer
34f84a18b3 needed new stuff 2025-09-28 22:54:21 +02:00
Adrian Gunnar Lauterer
ac36f0adf2 jupyter qbit 2025-09-28 22:54:21 +02:00
Adrian G L
e50397c2e3 add jupyter to routers 2025-09-24 11:56:16 +02:00
Adrian G L
4634d35eb2 moved miniflux 2025-09-24 09:34:30 +02:00
9 changed files with 367 additions and 124 deletions
Expand all files Collapse all files

12
machines/elrond/routes.nix
View File

@@ -81,14 +81,22 @@
basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
};
virtualHosts."jupyter.lauterer.it" = {
forceSSL = true;
useACMEHost = config.networking.domain;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://100.84.215.84:8771";
};
#basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
};
virtualHosts."rss.lauterer.it" = {
forceSSL = true;
useACMEHost = config.networking.domain;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://100.84.215.84:8081";
proxyPass = "http://100.84.215.84:8089";
};
#basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
};

3
machines/galadriel/configuration.nix
View File

@@ -20,11 +20,14 @@
#../../services/smb.nix
#../../services/wordpress.nix # lets not
../../services/bitwarden.nix
../../services/torrent.nix
../../services/jupyterhub.nix
#../../services/ozai.nix
#../../services/stableDiffusion.nix
../../services/rss.nix
../../services/shiori.nix
../../services/mealie.nix
];
# Bootloader.

13
secrets/secrets.yaml
View File

@@ -10,6 +10,8 @@ qbittorrent:
interfaceAddress: ENC[AES256_GCM,data:GsDv+UB07bQGh/DISw==,iv:Hn1zGJweLj5jy8sk4aN9rob/6kfzo7iLXPgaLBIMSVs=,tag:fbKSrAIOqTsnCCI1DBUZkA==,type:str]
miniflux:
adminCredentialsFile: ENC[AES256_GCM,data:FPcdTiJqbI6MloU9JqAYPABoD/odegXks+JyEeCri8hOV0dPMd0TNDV8fN1bbIiJ4llzaclZbjl0HKM=,iv:5fd3O008aP34+7lGlG8vBPAIdmEjFPoneH+rJ6d9TI0=,tag:HKOHjGLiAIDBR54HJv9teA==,type:str]
vaultwarden:
environmentFile: ENC[AES256_GCM,data:5AvlU42RmYip4TKTtbvTq/eiLrYbNNYbUddq4z5B6N6XKa2KKolVXeNiVC2v/GSq2iRYXBUOOgTHXwoBSA40mh4ui3Yy3BKuiMEITmEbSxFDW+6KGbMNrPm5Xu5SEnjRMKiKUkL78QT7YVe72pcwVWIasZumzrHw1i39aCe2hDD1/2HraG4Y7e3ZD0TH0kyIdnj2kOmS46BuZQg+3KHi8Fg5ar4zVh6WTW4T//cfkb+Y2611TbXmo+w5j7Gt+ARKmsLFzer73Ut7+xNyqEbEgL06gsI3jj0/QzGV7nrZUste0VVqB5kM7iG6OugH8zoJRnhM0LvaU12vYXcQ7DxPEKBzuQIhhpaLu7PJgVYuDueyDYpRiYnV568BAlGLpTrfJCFT4YsGGetK2ktOsu9M2QjoDD2GfrS8j/RZfZawFY5q7qzg8gKXxeZ4pGUnX/k2+TBLMuYTdu+aF4aML7TcQZw7Ai/aneH6JNrfzFaFhKYAzx1pcF500QdZUXp6XdOOhDNXLkcYzM1Ovz6gg9QRKWQ0SsTYIlprdWOaWoGcHtYdo83oTFGz/uCga9NAcIjVJRQI989Oak6rAxtW98En+/wlIoEOW4Q/irRdBQ6gYeyC9LBOXDzKfwDtvG7LEsDj63CITv8hUbYvPEUG2wy5WAmfaC6vrtRg52G/GHxfjMlY23clRXKQB9AYw5ywrUTrMzqHGqYevQR97yhzx7qi0DUlhj3bBh0RsnxbbIA2vqyhg+l6Rp3oYb8NRqm9hHjyDfBvdomU5s7mrxxz4H/mjOURF7+iUuK7N4oDQM/pF+Dh+3hE/0WzgdY0pK/hWKbol8EbfLGuy8QCCrcXwTkwYfgnwNQEnEx+MvA67il4aKhI/eDPXU9d2Lt7lFEteTkPXQYgcIM7KV7y3hwSUIudUc5I84uHa058FMg1HnRcFxpBhN9twCAOmI3Ec+qEz0vJIEmda+ZPrAG0drOJix/VmtyD5LG7G6hAQ8vFGz4/9oz/xmkzdh6vU7R/D7onUAzPy8t6uP2LDP4lT7uETJYMbbU4XGk0dHE4WICmGzcodxFN92A1gshl74DikLIgH+hTbWyRbKB9v5/p676IXWfEqfH3ymOaQkEUC+Y6bqXWSpbprG6VQPbtdiNuKYLgNqY8w8sVvjqNrsVVtBCyzm35PMc0xomUBtH/s37dmXPwiNKxr91BVGnsr5ASb4vL5UpnGhk7QedO4JOsqj20Oj0OMFZcGQ+roTBr9hUI6FwB9pGiRmot28LvqjMxYZDYSRcGI551FoAYycZKj7jGHs47BXNxaVlSzVipWGryYyvLzMXLBXqlft4azIIZ6UUT3MSAauRt13BXuyLEIDSgA08YNP0B9dIJ0cHXXachLNn/Jl4Y4po0Ua4CnnqmXBS2CCDCJY4032+jYYl8GzmcjQ43cT8cWFuZzSjCHOymFCvt4ZrVvXE9btNASveLekv17KGRCw7jiC0oIoNIh5C1ImZCxn6KgJaRFSUeS4bplGoZEMQ5Q0RjJeZW7LXRPdWdQ8uYo7bWQnJLn5fVXhIFXkC1xcpP/gtWy2NvdFx1W8fg/eIsIHjZY50YiybmbGHBpBm58Du7qLUB0eu+dE1sGCKFNaSdVUYK42Q3TjuF40moZWBBxAkrdAoFUiS363i1e+cW7mD/fbPJ+m3BYC/fo9OZfVxDsRMrs8T+OXP/LnrxdgGTnbim/hmyTIuPGzX+xrjDo2yCFQRwdZ/QGaiMN93CJeHMMtO7FCT5+RlOmMFLzk09Z/OTEqM2vHlURHZclBA99zt7TZ5S1ep3zv/nHy0DvXzNJL956KKP2T0SD1/EhToulER+P+dryeO8eX1nCVJO/pitv6nzNOvoE9CaGTkwn0c0flJi8EeKm9dbuIOVVYPnNStUu6YuAiHrBNVQeYawuK9T7nqe4MgWPf3qAM25uGLODZv8gZessJao65H9j8uOogN678iGPTnLKQZ2+5JgqpemmD3MLpBKAFgVJrGrMWtk670Hl4N11PIHT2hVUFc=,iv:jSlHx+PODfAcsYTZOju5z8mawPXAV+TKvj89nrdCYkE=,tag:j+4gdsBV4COe/FduaejI2A==,type:str]
openvpn:
galadriel:
config: ENC[AES256_GCM,data:f9uDYNLHP63oee5lGMPsmZ76f80n51eYxd3hvF5ZhPGtCspBEOMLHRonTSEril1wKCT3i1DWR967lWTdjJs6KOpoX5JqKz2Qj9tkpXS5jnHZAf0JQg1l7jmf9/a2OKJparVCFJyNPTN5mzl3gGOyDGe0TIT+ZtP8/PCWsQNjB89Crd/kHSSAmIUb2fcNXEkxs6XwgsBAlhbR69e+06NYaRyX5ydVV/kDekx+ixpx2bIqMQqIdEk358RLCauP3wAh1FoqTTJ2eqLcDhuPySFol9cLCInWnColNdyb/0+czrEa4DiLrbFVXx7bUVwjd9rb+eoajC1e09d41aJkVHG1LxlSRjq1sBlI3v3E1vaUBJWegZBROEpqEOCKfHSagkmaanaBv/KMq1MFmXJ1MzyskDJb9MdNFKRQBjQLwBXnURts/Yj9ChrT51z+/bwItxt8XmlwIEgL65F/8h1+bUJGOi27ZAvfkixflff0ELYSPvQI+N1vFlF9QP6AmIFxF2SdmOSlYzTYIz0+LMejLltCEUdU2qdlZ0a9DuYlsxvnZ75JgWXviw==,iv:C2Zb1DLTMlsEqQ5/UUrpT9k5Z51YYGu3SUcu1F20ydc=,tag:wGkQ7LWgCfy0K3zM38JxHQ==,type:str]
@@ -18,10 +20,6 @@ openvpn:
userkey: ENC[AES256_GCM,data:qaJIx3uJPnRf/ZN3PUj8CdbIDZYwfDHG4APWlQTUBHtJqYZbP+sLVFmpvgCD+yFgomghLeeDCt+Hm7ti+XYjLRciDPZQb/CAlsdgQW7JbsGA2Sdfj5wwn+vF0F0BLO0hORcB4VW2cY62yuf3koS6IbgXeHRVmLe4hmTftZ2ILZm/nPdjsG2sktLklORG26h/zaLX8fe/+2E9kFu8swyFxI3b+2xDkbm8/jsYSN08sL6L/kCaRlmITISMzVOodrms2FYv7oYnKsyq8ABBnpYECRJheukWNIzcFiJ6+QQwqJUCiJvdJ2Hu60LHgSP20plm5SJ631KBEK8NelwRUhpWe0WBiTfilcmwGJUhADtOIaDIO5r6Ou/OfZupPUEQtg0XhElwWiwqnnnMA//POUxMRQ7mxbhZU9XA2BAHv+RH2SUq7IEgTYkOps4zEWk48yyCI7338hB6DOZs2lR/yWkfR/JtDF3HM8RqLVDB3b9BypkWwfXh/M1RlK4XHid0gv575rQXe507mCAb4KJ82RJSbQ213974e8jXRdMtERM4ZujcP0hfeqxj5vrKLRqVgyLDH3Lz7c9eYhUVS/JN2HC3t/BPdN5J9LJud4r1VLYR01Ru5U+IDqOi71T5jiASndrc+QQa1mulEGLIWj/2c8oe2S0p2EU+P6V5RSrqLRuYGpvCcMOs7ydzKBd3oHBMY/VDhpbKlZEw/Kofbs+Easuz5zBlLlPxc0O+AttNlfsSgxuTD5/NiUKT9+TsToSrBZQiBDKvgDpQjZsq2Clw7ZAvFNrPNTiu0sU7YCe4xO9gQ7RIcXzI6S1B1eoHAbnfv7lKE0VvxRCsfngK8Kp/NccXIsNfDCZ/1x7/WHmq9wr5XmWqY41rf1LFeouQFwydjI5iPp4jHwUzPkiGBkkaOdkb8Ovjjy4urMekTiyO5JKJUJCmtZiSj2DHCOBWm6nRQOFCenLHD6ls2NeUpqqsA2wna5DVn0EPvpaPIkmrdIqHh8d85+N9C8UbYDwAnEFvqcAIlFDWj/tUWVUyfWLRl0JSc1wQFzXavJUaLhhLfP0Gh3n5/ayALGLrLwAeUWQz+tLu7oTs27PaEbQknyPvBczG4I/usAzpdlzr4VfdKWfvdjWST1c5ZCPl4qS8T9+/5jOE1+g/y3kcZED9qjFXdnVpoSJfLx+3cY59inv2LMAnavY++zEV1SWIwKFgAgJoYR4hCKANySWY8kBxCDcRjdBno2rAM3xLfU6I1sLb0lm+6LBswOEqHTb9E20u8RXum9JUI/6iauhJHmfoyMLVvhD5XQyolbQ5n/r1qq5LOjsKWGMvo/AeosBwcAY3u67xyvNnNgrd29SBwOYyGYNKG0jyhg7HDfHFIpSDzfAI4IOyhs44cPGFoN759+Y0BNLjW1mqDiWpErvSaNc4zH2cr2fSCaGpEBbf6q3hMh4tRQJayxVSEeD2emO69UNBd4jCkHo4vaK6D9aSBEcpWR2SQM0c968zDcdmOTajsLzPYoIyaOgWFAIs+9A6f8eyqlhDfWIxp6e1fVY8sCFotZaDXRqb9/umCy0IqNQChuKYcB5oB/hvwwMMuTE+4Q4Dd7RXfW8ZMAZz3Z1bqimVhFeVXDkyT+8DXMf2166bLxxwxpxSCPd3XmmOSUiNKysTHykh5MKaPjEyTl7xgvbhqZ16k0pvkh+z5Op1NcU2tm6W+/FL1JV83KnsjC1jAdwMEeFn+0MAFXTBARAG+qAb3pGowYz/wNSsvf93a3JTANA609opK/7MK84h5n7M6TulRBw5Phnw0HUdio5SJ7DBRPr4kYGgVTMwWzxfOY3lDF/fnsqTOjGWxUoLrRXrZ8aaAHWaUYFzx52SW3J3rczRBWTC0jUUEVs7cslfR7N7VGvEXV9p9TuJOsfAyvFyseRIh66Uwi9Pwq+QBOadUttcT+iBgz72BEPwuIAcKre+ShoxE9cHGrtpvlgi7eDSlI1bZ7km+8j0TWryzKLK8P9N4MhspwRO/zGXiErAOoBe4MaBvMvjGCgCRFgnLypoDoeHeoLO1WvgskKUhHXIZV/02nBhhnxPUmJjzsqp722aDztxWKU1VX6lHooRFgpMRzOymD7XVxfZNyDrxuf0VJluIzZlFCzGpswgGnxocs0hFgTMePzhoMx2XnU9d6NM3hl1fOCCwV7Be8KjahNRc5qGChPS4kLzEyvsWHD7EiKK2gCYS0ysiPTNxKrcC9JFXqR7iX1QSQ8W5Sy5IBWYZWuBNj0STJ4J9VXImEaOnWnkNLcncwQh1Ty8OTDX15jeC7/ltfQ6KVjPj3iPs8cEADnOW7ez91vtXOg4dFhjuLAylipQYFIaUpjJOwNQuEcp121LKR1YXHeLRI4y2Cvw9ZL9HXZbB8yQR5/NNba2PScDjfg05ZhFb4yFfcrT+OOrvO6ej1mX4qPzK4X4Sxzi+c632Xi98I/L6rKE5WCLg0dXPUhy4YwD495ZoCFfT5hzNHrNjeCGG03mVC4qLTcopwyn4TlcN+SnZEzI9kVvTwOhtW2J9ol1GNjiGsmfDq9I/+jOfALFQgA/nFVyqBi14pui9yhno6WDyPGifDeKsoNBoZq63lQ/exxGzTH/sPRqeumAUWU81n3/4FLcknH1ssucMC73scO5S4+lzpF89PFCV5Qnkcghzu+vEC5/Z0roU+jQL+wPpjnq1QAuX94TX0iLVozSmcPfFwv4PyzqiCRK7dbk8TtTQlqdM+elzKzKbQkUQXvY2vGTyKnZxJjrwHx71QuEYMfu3QqO7v5XUJSayON1o/RcfQdwfxenLaLOzXYPVod2eylalY7vXKtJOclz0OsCHVL/IAs2p+qvnBhDi2LcBKFgYRgI9ZrOFWGBvk2hzNjieQtM/a9BAcAjzR8jNTgBYqTQWIuloJEjd+KtRC7S4qFVSwp5E+2eFD3QpBaf+TFuDCvSteWpHZSXIrrLEGAichsWVHK09KKGsFPb//S2bEIrHeMYwPbDZ4JFR5YzUJTnfuHFCAGxsL4qali4ZA8BlTEp675TwJ47FWpS349/10di0DbIm7+eeQUVv4obn9sk0st1tDHS5kWsWQq587t52OFuqwXZv+GdEMn/jfo4F4dEF61DbkXtMzMs0/DU9x60m0pp41LvJQsm7GyGjvtUV0ltD5n8lF40pmVZnrcrQb/VSd2mLZbkTl8K+1J2rDnel2vf5DcUSysTha8o+g0X4fqMeGnIot71ZS7bqtzYzACQukMYkSxqE/vnalxN2G4cmP0RCSwb4YhOdgsKjqUwEr560xv5M58RSMW92cFC59CHtu4G7rPyvuA9Bp6lJnxsRAfPB57QF4aqYg0VpBTpP4MHdeVuG7v7REATjyexnjuli5BSx9540nHgjrcMVcSVkcNcIykAJsHVk4PJZ01o5Ycmubvw3fHvt9OKyxY2Y7CLQpVcSwgfp4KOLnUe3+88fLfMUfg3V4rVjiriivqHVKx0aMKqkW1Od6fT5nZAd6h5rMxLWDU2U++wUcc/lfRK+J2GgY+r6MmBb1qRajW8VS3ms7e/RylxzHpaU/meUTFiFxop4iCCwBn3IjgFtZWcn+8eERkQQ0wZfuz8u5Lfy0uPQoaRhoHPXtBZQEWuQd/MIGKaetHU85XRu/1HYvQ4V5+Elu12D8idTCennGv6gqIOFZBhS1CCKbPtzTmYuV9JlmbMNhQthwuxKKbZoXhI+GNDggPMxkkmhxGChj4X2NymV7u3Yqrr1FnNGTMcuBJ10+BDeNNY9KV4MZCKH//rRjUxVEgiln0EEGFTeA/WSyG8wu72maDu2OvcfoNH3KkYYJ7JqSzvZ8raVMiWSx9nkAN18xRWxWIz4wNndrk963Ol4rwxymVcXDE9/Qrz27MAZmNhrEaF4qsut7VDLxWvnrcWCIXddNPFcqgU1IQVF48U7WAGgTFDJdDEp+Q33FNIbo70koN0KLE8ot0jIqWuwBFhA5fI7NSv5cEIOueTcD2p3J2snBebQbRtsDtu8mJBunYPqcvP3YH9xiDJkdiij/g21Wtb7FY/WPP1uVt8RJu51kxTw9VZJLLQqisk1usn3kAKM+m3gQAKpbgiFmfjb3pif3nHTCi+tRAM4hGX2VWHY8F/iaTCAZpSyd34SD6OqYIzh83nchwyaMOU9QrrOIG7Vbrd923/AMBcFVaZnQB4eGNIe6fnEiet67kb6g0yxHNKyORM0+fg9INbywzT1MzjbjozvNw5JEHm49C2J/oWcyGDW13XtQXw8uvCBVEqXpz4baNng7Xzge5WwBLTlF2+hh136npAE62aHkNZyy0E3Fa1V6ludI//BcnZ4jqYEO0/w5SA9wYFT6Aun9ltRpq60VZnYc1Jr2A=,iv:kR5g0wvCQ3NGAqviN1jvqscgAYrGzHLqhooIljtJ+gg=,tag:Z+U5Wn4U5ADIxjdfI37cBA==,type:str]
tlscrypt: ENC[AES256_GCM,data:zG12fAsc9/LcxO0eGx4ytjHm07BMnf5aBHlfTtif4noCXcPAx5xunhJCOaWEoTobwOEpdgXoZzQcJa7EW6N/4kEnGzk8gfSl+BFswO6LEoqzYJb4sfy2qJJQrjUNxsI9yib+OCgb4DQ94apdvVG/dVypdMQrw+x+xg8K+hdZ5LZWdZLKKcBxHKeHoZ+lt/gJNv3BbtQP6Vy+1biWxjdHy1YfvLm+iqaJfi3/9HV8YAi/iePoY+rNNtc8GlaUp/HrHfmCFF4EBWuFr2knQ5t8bx7sHGlhdcTIyHJwNQdCUIsyVqckhxDulLM8luuGJZsiulkdK2f4NSpa6CPYZPWPHQ2BfSnugBEjbWrF2RQT3eOLAEJBS9YSV1/nvHA/lU2ymf0PBzzXhE9Ms0twecrS8Ql/qRbWSqiQNzHv/P7k5i5E8iw4zqaUtir7gpu3AkC2GxMVuQfowiruZGPi6i2YbDzgaBi5fZJAosWQHvZXnVApqFqzWXCzw4ACXlMI6MZ1rb3Ut9wEDXHGMRhhcWmHDsCO6I4/EphDfLiexYeVHKB++MLilXaUa6wXN0yGefj+NC3Am5YQRwR3rd4KrjXOrbKWELoIkyYrGWkZ5w5O5fC4Z+h8jxPjng/lNM3JAzREgKcw+0IcY5q3/bRXWGMScVm5qqc9LXozhWU9gghQOhbcb4NYFob8yczTJT8IdA6D72N4pAm+524DMjTPRiAi1KQInICeZp2mILvT5aUgTEXtj+iwyqyo+io3ffOjQdHa9HU2IrZKmoapkvEOsFHm3L63uY1T92/Han8=,iv:cjIKuwyLtXT5Wg/VzinC2Lf5EysoxsgnEsHei/+Yum8=,tag:b5LKO8urIBC7BJgyfs5kWw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14cpm59h7hx8gr54hrn4uxu4xnrp9wy3f2kdxvy6xwuyxsfg8g9zs8z5e77
enc: |
@@ -32,8 +30,7 @@ sops:
OHNBdXMzZTN0VEVTYkVSbUVRYmo3eUUKvRiPgmrCCK1F5QoSHlV89C2MPl5FvU5i
z61NMJu68UEDsDu8qNRaW3aqpT+1GYsr1evi5imzNwr0qTM2oRwkFQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-15T01:14:16Z"
mac: ENC[AES256_GCM,data:4hqXQvlmPKuPkQEcUIpTEUudVknNVNjXjP8pB2UPnPmnr79nLWy/ZOzAcpSob1XNHyB7We5neBUEDYO56PjOM9C022XdZfaqXUC931uqLqo1iLQupApCphf/HR5bwDayv63Mr1Ys9MBdhCrYtlfy4iPiEdlpfDhLuD268EM8x0w=,iv:rgzgkB+5r/xDrN4i8O1f6CXyGxF7Peo+24kkQf96yf4=,tag:TZPaNEEYxFZ0m1CRbPQ0kA==,type:str]
pgp: []
lastmodified: "2025-09-28T20:50:07Z"
mac: ENC[AES256_GCM,data:RL8OmwcGAfFC/x5MZq6zC+wlLoyyma+ZTK5uq4Qe80SJlAJP8Sep1zp82fCuBe2ogl7h0UjrBcpOtwOPxoEs7ez2qaDpHyhmK+IFahvnLiodoP95JCSgpHLhTPK3Fxt3bPhO6T52HoLq/coiKO8YQhRdMPtat9+KF0SbcrH1uAE=,iv:tsieRtJTf00Haa8Elc+CyWB73qiMChLY1SC6HMVC84s=,tag:f+jjKdYfmr/ef/FJbCU1Dg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.10.2

24
services/bitwarden.nix Normal file
View File

@@ -0,0 +1,24 @@
{ config, pkgs, lib, ... }:
{
# environment.systemPackages = [
# pkgs.sendmail
# ];
sops.secrets."vaultwarden/environmentFile" = {
restartUnits = [ "vaultwarden.service" ];
owner = "vaultwarden";
mode = "0755";
};
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."vaultwarden/environmentFile".path;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
};
}

99
services/jupyterhub.nix Normal file
View File

@@ -0,0 +1,99 @@
{ config, pkgs, lib, ... }:
let
myPython = pkgs.python3;
myJupyterHubEnv = myPython.withPackages (ps: with ps; [
jupyterhub
jupyterhub-systemdspawner
ipython
jupyterlab
notebook
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]);
myJupyterLabEnv = myPython.withPackages (ps: with ps; [
jupyterhub
jupyterlab
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]);
in
{
environment.systemPackages = with pkgs; [
python3Packages.numpy
python3Packages.scipy
python3Packages.pandas
python3Packages.matplotlib
python3Packages.seaborn
python3Packages.scikit-learn
];
users.users.tdt4117 = {
isNormalUser = true;
home = "/home/tdt4117";
description = "Alice Foobar";
extraGroups = [ ];
# openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... " ];
};
services.jupyterhub = {
jupyterhubEnv = myJupyterHubEnv;
jupyterlabEnv = myJupyterLabEnv;
enable = true;
port = 8770;
host = "0.0.0.0";
extraConfig = ''
c.Authenticator.allow_all = True
c.ConfigurableHTTPProxy.api_url = 'http://0.0.0.0:8770'
c.JupyterHub.bind_url = 'http://0.0.0.0:8771'
'';
kernels = {
python3 = let
env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
ipykernel
pandas
scikit-learn
seaborn
pandas
huggingface-hub
datasets
matplotlib
tqdm
numpy
scipy
]));
in {
displayName = "Python 3 for machine learning";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
};
};
}

11
services/mealie.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, lib, ... }:
{
services.mealie = {
enable = true;
settings = {
ALLOW_SIGNUP = "true";
};
database.createLocally = true;
};
}

139
services/qbittorrent-old.nix Normal file
View File

@@ -0,0 +1,139 @@
{ config, lib, pkgs, ... }:
let
port = 8090;
torrentPort = 44183;
savePath = "/Main/Data/media/Downloads/";
path = "/var/lib/qbittorrent";
configurationFile = ''
[Application]
FileLogger\Age=1
FileLogger\AgeType=1
FileLogger\Backup=true
FileLogger\DeleteOld=true
FileLogger\Enabled=true
FileLogger\MaxSizeBytes=66560
FileLogger\Path=/Main/Data/media/.qbittorrent/logs
MemoryWorkingSetLimit=8192
[BitTorrent]
Session\AddExtensionToIncompleteFiles=true
Session\AlternativeGlobalDLSpeedLimit=1000
Session\AlternativeGlobalUPSpeedLimit=1000
Session\AnonymousModeEnabled=false
Session\BTProtocol=Both
Session\BandwidthSchedulerEnabled=false
Session\DefaultSavePath=/Main/Data/media/Downloads
Session\Encryption=1
Session\ExcludedFileNames=
Session\FinishedTorrentExportDirectory=/Main/Data/media/Downloads/torrents-complete
Session\GlobalDLSpeedLimit=0
Session\GlobalMaxRatio=1.5
Session\GlobalUPSpeedLimit=0
Session\I2P\Enabled=true
Session\IgnoreLimitsOnLAN=true
Session\IncludeOverheadInLimits=true
Session\Interface=tun0
Session\InterfaceAddress=${config.sops.placeholder."qbittorrent/interfaceAddress"}
Session\InterfaceName=tun0
Session\LSDEnabled=true
Session\MaxActiveCheckingTorrents=15
Session\MaxRatioAction=1
Session\Port=44183
Session\Preallocation=true
Session\QueueingSystemEnabled=false
Session\SubcategoriesEnabled=true
Session\Tags=movie, anime
Session\TempPath=/Main/Data/media/Downloads/temp
Session\TempPathEnabled=true
Session\TorrentContentLayout=Subfolder
Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents
Session\UseAlternativeGlobalSpeedLimit=false
[Core]
AutoDeleteAddedTorrentFile=Never
[LegalNotice]
Accepted=true
[Meta]
MigrationVersion=6
[Network]
PortForwardingEnabled=true
[Preferences]
General\Locale=en
MailNotification\req_auth=true
Scheduler\days=Weekday
Scheduler\end_time=@Variant(\0\0\0\xf\x5%q\xa0)
WebUI\AuthSubnetWhitelist=192.168.1.0/24, 100.0.0.0/8
WebUI\AuthSubnetWhitelistEnabled=true
WebUI\Port=${toString port}
WebUI\UseUPnP=false
[RSS]
AutoDownloader\DownloadRepacks=true
AutoDownloader\EnableProcessing=true
AutoDownloader\SmartEpisodeFilter=s(\\d+)e(\\d+), (\\d+)x(\\d+), "(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})", "(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})"
Session\EnableProcessing=true
'';
in
{
imports = [
../profiles/sops.nix
];
networking.firewall.allowedTCPPorts = [ port torrentPort];
networking.firewall.allowedUDPPorts = [ port torrentPort];
sops.secrets."qbittorrent/interfaceAddress" = {
restartUnits = [ "qbittorrent-nox.service" ];
owner = "qbittorrent";
mode = "0755";
};
sops.templates."qbittorrent/configuration" = {
content = configurationFile;
#path = "${path}/.config/qBittorrent/qBittorrent.conf"; #did not seem to work
owner = "qbittorrent";
mode = "0755";
};
users.users.qbittorrent = {
isNormalUser = true; #make this a normal user to be able to make files
home = path;
group = "media";
};
users.groups.qbittorrent = {};
systemd.services."qbittorrent-nox" = {
after = [ "network.target" ];
wants = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/mkdir -p ${path} && ${pkgs.coreutils}/bin/chmod -R 755 ${path} && ${pkgs.coreutils}/bin/cp ${config.sops.templates."qbittorrent/configuration".path} ${path}/.config/qBittorrent/qBittorrent.conf'";
ExecStart = "${pkgs.unstable.qbittorrent-nox}/bin/qbittorrent-nox";
User = "qbittorrent";
Group = "media";
Restart = "on-failure";
ProtectKernelModules = true;
NoNewPrivileges = true;
};
};
services.nginx.virtualHosts."qbittorrent.${config.networking.hostName}.${config.networking.domain}" = {
forceSSL = true;
#useACMEHost = config.networking.domain; #not sure if this will work, unless
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:${port}";
};
basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
};
}

2
services/rss.nix
View File

@@ -18,7 +18,7 @@
services.miniflux.enable = true;
services.miniflux.config.LISTEN_ADDR = "0.0.0.0:8081";
services.miniflux.config.LISTEN_ADDR = "0.0.0.0:8089";
services.miniflux.adminCredentialsFile = config.sops.secrets."miniflux/adminCredentialsFile".path;
}

188
services/torrent.nix
View File

@@ -1,85 +1,6 @@
{ config, lib, pkgs, ... }:
let
port = 8090;
torrentPort = 44183;
savePath = "/Main/Data/media/Downloads/";
path = "/var/lib/qbittorrent";
configurationFile = ''
[Application]
FileLogger\Age=1
FileLogger\AgeType=1
FileLogger\Backup=true
FileLogger\DeleteOld=true
FileLogger\Enabled=true
FileLogger\MaxSizeBytes=66560
FileLogger\Path=/Main/Data/media/.qbittorrent/logs
MemoryWorkingSetLimit=8192
[BitTorrent]
Session\AddExtensionToIncompleteFiles=true
Session\AlternativeGlobalDLSpeedLimit=1000
Session\AlternativeGlobalUPSpeedLimit=1000
Session\AnonymousModeEnabled=false
Session\BTProtocol=Both
Session\BandwidthSchedulerEnabled=false
Session\DefaultSavePath=/Main/Data/media/Downloads
Session\Encryption=1
Session\ExcludedFileNames=
Session\FinishedTorrentExportDirectory=/Main/Data/media/Downloads/torrents-complete
Session\GlobalDLSpeedLimit=0
Session\GlobalMaxRatio=1.5
Session\GlobalUPSpeedLimit=0
Session\I2P\Enabled=true
Session\IgnoreLimitsOnLAN=true
Session\IncludeOverheadInLimits=true
Session\Interface=tun0
Session\InterfaceAddress=${config.sops.placeholder."qbittorrent/interfaceAddress"}
Session\InterfaceName=tun0
Session\LSDEnabled=true
Session\MaxActiveCheckingTorrents=15
Session\MaxRatioAction=1
Session\Port=44183
Session\Preallocation=true
Session\QueueingSystemEnabled=false
Session\SubcategoriesEnabled=true
Session\Tags=movie, anime
Session\TempPath=/Main/Data/media/Downloads/temp
Session\TempPathEnabled=true
Session\TorrentContentLayout=Subfolder
Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents
Session\UseAlternativeGlobalSpeedLimit=false
[Core]
AutoDeleteAddedTorrentFile=Never
[LegalNotice]
Accepted=true
[Meta]
MigrationVersion=6
[Network]
PortForwardingEnabled=true
[Preferences]
General\Locale=en
MailNotification\req_auth=true
Scheduler\days=Weekday
Scheduler\end_time=@Variant(\0\0\0\xf\x5%q\xa0)
WebUI\AuthSubnetWhitelist=192.168.1.0/24, 100.0.0.0/8
WebUI\AuthSubnetWhitelistEnabled=true
WebUI\Port=${toString port}
WebUI\UseUPnP=false
[RSS]
AutoDownloader\DownloadRepacks=true
AutoDownloader\EnableProcessing=true
AutoDownloader\SmartEpisodeFilter=s(\\d+)e(\\d+), (\\d+)x(\\d+), "(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})", "(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})"
Session\EnableProcessing=true
'';
interfaceaddress = builtins.readFile config.sops.secrets."qbittorrent/interfaceAddress".path;
in
{
@@ -87,8 +8,6 @@ in
../profiles/sops.nix
];
networking.firewall.allowedTCPPorts = [ port torrentPort];
networking.firewall.allowedUDPPorts = [ port torrentPort];
sops.secrets."qbittorrent/interfaceAddress" = {
restartUnits = [ "qbittorrent-nox.service" ];
@@ -96,44 +15,87 @@ in
mode = "0755";
};
sops.templates."qbittorrent/configuration" = {
content = configurationFile;
#path = "${path}/.config/qBittorrent/qBittorrent.conf"; #did not seem to work
owner = "qbittorrent";
mode = "0755";
};
users.users.qbittorrent = {
isNormalUser = true; #make this a normal user to be able to make files
home = path;
group = "media";
group = lib.mkForce "media";
};
users.groups.qbittorrent = {};
systemd.services."qbittorrent-nox" = {
after = [ "network.target" ];
wants = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/mkdir -p ${path} && ${pkgs.coreutils}/bin/chmod -R 755 ${path} && ${pkgs.coreutils}/bin/cp ${config.sops.templates."qbittorrent/configuration".path} ${path}/.config/qBittorrent/qBittorrent.conf'";
ExecStart = "${pkgs.unstable.qbittorrent-nox}/bin/qbittorrent-nox";
User = "qbittorrent";
Group = "media";
Restart = "on-failure";
ProtectKernelModules = true;
NoNewPrivileges = true;
};
};
services.nginx.virtualHosts."qbittorrent.${config.networking.hostName}.${config.networking.domain}" = {
forceSSL = true;
#useACMEHost = config.networking.domain; #not sure if this will work, unless
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:${port}";
services.qbittorrent = {
enable = true;
extraArgs = [
"--confirm-legal-notice"
];
webuiPort = 8090;
torrentingPort = 44183;
serverConfig = {
LegalNotice.Accepted = true;
Meta.MigrationVersion=6;
Network.PortForwardingEnabled=true;
Preferences = {
WebUI = {
AuthSubnetWhitelist="192.168.1.0/24, 100.0.0.0/8";
AuthSubnetWhitelistEnabled=true;
UseUPnP=false;
};
BitTorrent = {
Session = {
AddExtensionToIncompleteFiles=true;
AlternativeGlobalDLSpeedLimit=1000;
AlternativeGlobalUPSpeedLimit=1000;
AnonymousModeEnabled=false;
BTProtocol="Both";
BandwidthSchedulerEnabled=false;
DefaultSavePath="/Main/Data/media/Downloads";
Encryption=1;
FinishedTorrentExportDirectory="/Main/Data/media/Downloads/torrents-complete";
GlobalDLSpeedLimit=0;
GlobalMaxRatio=1.5;
GlobalUPSpeedLimit=0;
I2P.Enabled=true;
IgnoreLimitsOnLAN=true;
IncludeOverheadInLimits=true;
Interface="tun0";
#InterfaceAddress="${config.sops.placeholder."qbittorrent/interfaceAddress"}";
InterfaceAddress="${interfaceaddress}";
InterfaceName="tun0";
LSDEnabled="true";
MaxActiveCheckingTorrents=15;
MaxRatioAction=1;
Port=44183;
Preallocation=true;
QueueingSystemEnabled=false;
SubcategoriesEnabled=true;
Tags="movie, anime";
TempPath="/Main/Data/media/Downloads/temp";
TempPathEnabled=true;
TorrentContentLayout="Subfolder";
TorrentExportDirectory="/Main/Data/media/Downloads/torrents";
UseAlternativeGlobalSpeedLimit=false;
};
};
basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
RSS = {
AutoDownloader = {
DownloadRepacks=true;
EnableProcessing=true;
SmartEpisodeFilter="s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
};
Session.EnableProcessing=true;
};
General.Locale = "en";
};
};
};
}