feat(nixos): update flake.lock and configure services for ryu and tako

feat(home): adjust vicinae and eilmeldung configurations feat(neovim): enable folding in neovim configuration fix(nixos): disable resolved dns and remove fallback dns on tako chore(nixos): add pihole and resolved services to tsuba chore(home): remove unused packages from programs chore(nixos): add gamescope-wsi and vulkan-tools to steam configuration chore(nixos): update navidrome service with sops integration and systemd tmpfiles chore(darwin): use dynamic user in shiro configuration chore(secrets): add lastfm and pihole secrets to secrets.yaml
2025-12-30 04:32:13 +05:30
parent 0fa7586c97
commit e8aece3f47
15 changed files with 229 additions and 111 deletions
--- a/nixos/tako/services/homepage.nix
+++ b/nixos/tako/services/homepage.nix
@@ -86,13 +86,6 @@
                href = "https://cloud.darksailor.dev";
              };
            }
-            # {
-            #   "Open WebUI" = {
-            #     icon = "open-webui.png";
-            #     description = "Open WebUI for self hosted llms";
-            #     href = "https://llama.darksailor.dev";
-            #   };
-            # }
            {
              "Immich" = {
                icon = "immich.png";
@@ -107,6 +100,13 @@
                href = "https://draw.darksailor.dev";
              };
            }
+            {
+              "Navidrome" = {
+                icon = "navidrome.png";
+                description = "A self-hosted music server and streamer.";
+                href = "https://music.darksailor.dev";
+              };
+            }
          ];
        }
      ];
--- a/nixos/tako/services/navidrome.nix
+++ b/nixos/tako/services/navidrome.nix
@@ -1,4 +1,18 @@
-{...}: {
+{
+  device,
+  config,
+  ...
+}: let
+  socket = "/run/navidrome/navidrome.sock";
+in {
+  sops = {
+    secrets."lastfm/api_key" = {};
+    secrets."lastfm/shared_secret" = {};
+    templates."lastfm.env".content = ''
+      ND_LASTFM_APIKEY=${config.sops.placeholder."lastfm/api_key"}
+      ND_LASTFM_SECRET=${config.sops.placeholder."lastfm/shared_secret"}
+    '';
+  };
  services = {
    navidrome = {
      enable = true;
@@ -6,14 +20,15 @@
        MusicFolder = "/media/music";
        ReverseProxyUserHeader = "Remote-User";
        ReverseProxyWhitelist = "@";
-        Address = "/var/run/navidrome/navidrome.sock";
+        Address = "unix:${socket}";
+        BaseUrl = "https://music.darksailor.dev";
      };
+      environmentFile = config.sops.templates."lastfm.env".path;
    };
    caddy = {
      virtualHosts."music.darksailor.dev".extraConfig = ''
        import auth
-        # reverse_proxy localhost:4533
-        reverse_proxy unix//var/run/navidrome/navidrome.sock
+        reverse_proxy unix/${socket}
      '';
    };
    authelia = {
@@ -38,4 +53,20 @@
      };
    };
  };
+  systemd.services.navidrome.requires = ["systemd-tmpfiles-setup.service"];
+  systemd.tmpfiles.settings = {
+    navidromeDirs = {
+      "/run/navidrome".d = {
+        mode = "775";
+        user = "navidrome";
+        group = "navidrome";
+      };
+    };
+  };
+  users.users.${device.user} = {
+    extraGroups = ["navidrome"];
+  };
+  users.users.caddy = {
+    extraGroups = ["navidrome"];
+  };
 }