servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: servius:f3c22f29bf28a2879b20a94cdc440697f216309d
Branches Tags
servius:master
..
compare: servius:67cc456503dd2be6d286b2f015b0db9fcde60923
Branches Tags
servius:master

3 Commits
f3c22f29bf ... 67cc456503

Author SHA1 Message Date
uttarayan21
67cc456503 feat(home): enable shadps4
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-12-30 06:39:50 +05:30
uttarayan21
e8aece3f47 feat(nixos): update flake.lock and configure services for ryu and tako 
feat(home): adjust vicinae and eilmeldung configurations

feat(neovim): enable folding in neovim configuration

fix(nixos): disable resolved dns and remove fallback dns on tako

chore(nixos): add pihole and resolved services to tsuba

chore(home): remove unused packages from programs

chore(nixos): add gamescope-wsi and vulkan-tools to steam configuration

chore(nixos): update navidrome service with sops integration and systemd tmpfiles

chore(darwin): use dynamic user in shiro configuration

chore(secrets): add lastfm and pihole secrets to secrets.yaml
 2025-12-30 04:32:13 +05:30
uttarayan21
0fa7586c97 feat: Update eilmeldung config and update nix flakes 2025-12-27 21:23:44 +05:30
16 changed files with 235 additions and 117 deletions
Expand all files Collapse all files

2
darwin/shiro/configuration.nix
View File

@@ -35,7 +35,7 @@
distributedBuilds = true;
};
users.users.servius = {
users.users.${device.user} = {
# isNormalUser = true;
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub

157
flake.lock generated
View File

@@ -494,11 +494,11 @@
},
"crane_4": {
"locked": {
"lastModified": 1766194365,
"narHash": "sha256-4AFsUZ0kl6MXSm4BaQgItD0VGlEKR3iq7gIaL7TjBvc=",
"lastModified": 1766774972,
"narHash": "sha256-8qxEFpj4dVmIuPn9j9z6NTbU+hrcGjBOvaxTzre5HmM=",
"owner": "ipetkov",
"repo": "crane",
"rev": "7d8ec2c71771937ab99790b45e6d9b93d15d9379",
"rev": "01bc1d404a51a0a07e9d8759cd50a7903e218c82",
"type": "github"
},
"original": {
@@ -777,11 +777,11 @@
]
},
"locked": {
"lastModified": 1766741907,
"narHash": "sha256-e1PkluoDF0mEypF0b/IfRE8Vt1BW9toN7ngQqjyLr5o=",
"lastModified": 1767041062,
"narHash": "sha256-YYtxrnIxljusx/4AP5KDgTD/t/vbSlngrhV68wFj2oM=",
"owner": "christo-auer",
"repo": "eilmeldung",
"rev": "c9d06b118486871659cc03604373de17d0be9137",
"rev": "62710ae3aeb8165371a4ea5acf95f33abda444a9",
"type": "github"
},
"original": {
@@ -1034,7 +1034,7 @@
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz?rev=ff81ac966bb2cae68946d5ed5fc4994f96d0ffec&revCount=69"
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
},
"original": {
"type": "tarball",
@@ -1656,11 +1656,11 @@
"zon2nix": "zon2nix"
},
"locked": {
"lastModified": 1766762267,
"narHash": "sha256-j0LKnqi6J44f6CUC9zmtN2CKuMDkf7BhbBDzKMATN6Y=",
"lastModified": 1767039136,
"narHash": "sha256-unPtIKK1yfb2S2k3rbyvd2K5eX9DAjyPbZKdKy5oTZ8=",
"owner": "ghostty-org",
"repo": "ghostty",
"rev": "90075045c76bdc0e50575bf61dfcdc063e9c0ac0",
"rev": "b9ad1f05ef1e070d230019201248362ebb5ed91b",
"type": "github"
},
"original": {
@@ -1874,11 +1874,11 @@
]
},
"locked": {
"lastModified": 1766682973,
"narHash": "sha256-GKO35onS711ThCxwWcfuvbIBKXwriahGqs+WZuJ3v9E=",
"lastModified": 1767045600,
"narHash": "sha256-OAnTZWHhE7J2g9SfIzmLmxYeZHg6Kvs6TnNnFjT8/Y0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "91cdb0e2d574c64fae80d221f4bf09d5592e9ec2",
"rev": "64f4dadb80d0dd4d6d8879d8651143f3949423af",
"type": "github"
},
"original": {
@@ -2014,11 +2014,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1766761711,
"narHash": "sha256-m9VZ9cxYUl9Q9+ROSKmYpVeyIAvz1faqNqBKZ4WamWI=",
"lastModified": 1767021696,
"narHash": "sha256-q365S7ePBQStSDPEzssCU14TzRqdKzEdh0+0rR2KDnU=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "33df518f97b930316742736ecb07dc322da4c5d3",
"rev": "ea444c35bb23b6e34505ab6753e069de7801cc25",
"type": "github"
},
"original": {
@@ -2392,11 +2392,11 @@
]
},
"locked": {
"lastModified": 1766649308,
"narHash": "sha256-m+yAeG3T/2+tX4aTPql+L1GsN55WtpnYjQBQcXzgTf4=",
"lastModified": 1767014307,
"narHash": "sha256-JeHZoSYzss2S/YUrB9uMf7y67bQ5qgXyvsGDm5uBpXg=",
"owner": "ikawrakow",
"repo": "ik_llama.cpp",
"rev": "03ed5f7096874e292accc957a7005cd7e2416931",
"rev": "5a206e3cef36b3a99daec71a66ee7c0a78a27baf",
"type": "github"
},
"original": {
@@ -2415,11 +2415,11 @@
]
},
"locked": {
"lastModified": 1766755594,
"narHash": "sha256-tdBw+Z1czCHOIHhb0XM+CpEE2fruCzDUl7eX8sN8C14=",
"lastModified": 1767018623,
"narHash": "sha256-AZe3f+SH8uc1WOKTCi51hwtbaDaGWXjIivoaHuPjqB8=",
"owner": "JakeStanger",
"repo": "ironbar",
"rev": "25d6e95578085ef1422bf65427740fdedca37356",
"rev": "cce35665c40a93ae4fafa4b5f1f0325810205593",
"type": "github"
},
"original": {
@@ -2438,11 +2438,11 @@
"rust-overlay": "rust-overlay_6"
},
"locked": {
"lastModified": 1766582277,
"narHash": "sha256-mUZRMKId7Uycwnt31RytPwhmY/8UTbk92ckZWHoS0Eg=",
"lastModified": 1767013031,
"narHash": "sha256-p8ANXBakAtfX/aEhLbU6w0tuQe3nrBvLdHbKirJP7ug=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "4c78502846c1ef668eedbd4f55d818ebac5388ac",
"rev": "c2a82339373daee8cbbcad5f51f22ae6b71069e0",
"type": "github"
},
"original": {
@@ -2613,11 +2613,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1766717208,
"narHash": "sha256-iuWKRjSW50pxqpW3JJp13KRYNUe94ShCo9taNjBHWWk=",
"lastModified": 1766976975,
"narHash": "sha256-kS1zZw42JnbAx+ZJEhQqCbp7diRoDSji4aUfyhtbiB0=",
"owner": "numtide",
"repo": "nix-auth",
"rev": "eacb72b7ab43c311251ce22022a7874e8e99bff8",
"rev": "c7b37c1a0e03f5d6700217a4fca8bbdbf817734b",
"type": "github"
},
"original": {
@@ -2633,11 +2633,11 @@
]
},
"locked": {
"lastModified": 1766524813,
"narHash": "sha256-N/sxS27+t9nGvGWqwwAceSMW/Y5ddcypS/aiTnZ7ScA=",
"lastModified": 1767028240,
"narHash": "sha256-0/fLUqwJ4Z774muguUyn5t8AQ6wyxlNbHexpje+5hRo=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "c2b36207f2c396c79dbed9d40536db221bd4e363",
"rev": "c31afa6e76da9bbc7c9295e39c7de9fca1071ea1",
"type": "github"
},
"original": {
@@ -2776,11 +2776,11 @@
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1766628630,
"narHash": "sha256-ULKQFi7/TohrfOsLP/ESfwvd1DjAuwwshLkgj5lqijM=",
"lastModified": 1766975172,
"narHash": "sha256-cxBO7AN4kZJu2zwgX23fKYKLsxgzft36y8ShSQiSRkk=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "649604ce765f36edee9abbb44f65d88575811c41",
"rev": "a0f29488bed0b2cd7f2111b41f56145cef7cc148",
"type": "github"
},
"original": {
@@ -2939,11 +2939,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1766764153,
"narHash": "sha256-cQ1IZ9r6ToKSdmK8uXupdnv22tEHpLgbpOq+IktgAoI=",
"lastModified": 1767048408,
"narHash": "sha256-4BljnBz1sHgdvuf+YcYROVFuB5nAdRnki6vy+dgO7f0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9048967b346a39e4f927b5a01accdb9ffc4197ec",
"rev": "7267b84c21dbf72ab05356b75d64c1899aca6cd4",
"type": "github"
},
"original": {
@@ -2981,11 +2981,11 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1766538331,
"narHash": "sha256-biwvZsCGC4vCXS6rzs3tUkELqqEXPko0E3R9IhYKavE=",
"lastModified": 1767009828,
"narHash": "sha256-Io/kwhM4ImImCPXcD2QML70lsCFj45xGDiInR7t61X4=",
"owner": "nix-community",
"repo": "nixpkgs-xr",
"rev": "9e8efcd2c4ea906772dea99204a9819284a29b81",
"rev": "e7a3f91bcfac7ebf7a625201b64aab195006adb6",
"type": "github"
},
"original": {
@@ -3028,11 +3028,11 @@
},
"nixpkgs_12": {
"locked": {
"lastModified": 1766651565,
"narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
"lastModified": 1766902085,
"narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
"rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
"type": "github"
},
"original": {
@@ -3153,11 +3153,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1766651565,
"narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
"lastModified": 1766902085,
"narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
"rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4",
"type": "github"
},
"original": {
@@ -3169,11 +3169,11 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1766471942,
"narHash": "sha256-Wv+xrUNXgtxAXAMZE3EDzzeRgN1MEw+PnKr8zDozeLU=",
"lastModified": 1766840161,
"narHash": "sha256-Ss/LHpJJsng8vz1Pe33RSGIWUOcqM1fjrehjUkdrWio=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cfc52a405c6e85462364651a8f11e28ae8065c91",
"rev": "3edc4a30ed3903fdf6f90c837f961fa6b49582d1",
"type": "github"
},
"original": {
@@ -3190,11 +3190,11 @@
"systems": "systems_19"
},
"locked": {
"lastModified": 1766721995,
"narHash": "sha256-2qZLSojZFP3AzbC6UNF3ASCIDLahNniR2XP7l/qINm4=",
"lastModified": 1767002962,
"narHash": "sha256-HGFRwMRUwt56E+SiVX9YQOzpOwHy0/rtEqMoEbkF8Yg=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "66a5dc70e2d8433034bccdbb9c3c7bcecd86f9a6",
"rev": "63c957603751f0a107c4d9c2cbaff1c8749fc9f1",
"type": "github"
},
"original": {
@@ -3215,11 +3215,11 @@
"norg-meta": "norg-meta"
},
"locked": {
"lastModified": 1766752774,
"narHash": "sha256-a8SzpUE2vEpwLw4Sb/F5JJ8edaBKPcy5UUd7+nInYww=",
"lastModified": 1767039769,
"narHash": "sha256-5Yj9GtPuThRx/B+ANrgaJvyrhw2sbJ9y40OUqZEe9mc=",
"owner": "nvim-neorg",
"repo": "nixpkgs-neorg-overlay",
"rev": "6628ca8cc0b3fe7db065c8aec6b9d68065c68fc2",
"rev": "3a201a3e1e424fb6cf7e7a48bd5754b44fa49428",
"type": "github"
},
"original": {
@@ -3275,11 +3275,11 @@
"nixpkgs": "nixpkgs_12"
},
"locked": {
"lastModified": 1766763610,
"narHash": "sha256-/rkIn2XAVIxrQj15m9CG3Th5hjMCfe9i0Nb5dF4Gd38=",
"lastModified": 1767047953,
"narHash": "sha256-jarajO4YJV+AZGW+t4Xx32sCqESVSwsbBS+dDqQ1Bgo=",
"owner": "nix-community",
"repo": "nur",
"rev": "593decbc84d2fb6fdd852d651ebc5d5175f84d55",
"rev": "2168e7e84bac48f8fa60d4b991899fffb5615ee3",
"type": "github"
},
"original": {
@@ -3355,16 +3355,17 @@
]
},
"locked": {
"lastModified": 1765698311,
"narHash": "sha256-78sPqekEDJiol2YD3Hx2zHu5E4AtrbNrUKi0032HMHo=",
"owner": "berberman",
"lastModified": 1766178214,
"narHash": "sha256-tKDXreDwrRkdjvfot5fr1++ed6oOq3+/hW/Dj8WfTgs=",
"owner": "Red-M",
"repo": "nvfetcher",
"rev": "dbae9626c46b93d9fd6b85c8b292939ae569c4fc",
"rev": "a84b3ce67f1d7acd85b3aa2b9967ab91ed6e7a71",
"type": "github"
},
"original": {
"owner": "berberman",
"owner": "Red-M",
"repo": "nvfetcher",
"rev": "a84b3ce67f1d7acd85b3aa2b9967ab91ed6e7a71",
"type": "github"
}
},
@@ -3719,11 +3720,11 @@
]
},
"locked": {
"lastModified": 1766285238,
"narHash": "sha256-DqVXFZ4ToiFHgnxebMWVL70W+U+JOxpmfD37eWD/Qc8=",
"lastModified": 1766976750,
"narHash": "sha256-w+o3AIBI56tzfMJRqRXg9tSXnpQRN5hAT15o2t9rxYw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "c4249d0c370d573d95e33b472014eae4f2507c2f",
"rev": "9fe44e7f05b734a64a01f92fc51ad064fb0a884f",
"type": "github"
},
"original": {
@@ -3766,11 +3767,11 @@
]
},
"locked": {
"lastModified": 1766717007,
"narHash": "sha256-ZjLiHCHgoH2maP5ZAKn0anrHymbjGOS5/PZqfJUK8Ik=",
"lastModified": 1766976750,
"narHash": "sha256-w+o3AIBI56tzfMJRqRXg9tSXnpQRN5hAT15o2t9rxYw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "a18efe8a9112175e43397cf870fb6bc1ca480548",
"rev": "9fe44e7f05b734a64a01f92fc51ad064fb0a884f",
"type": "github"
},
"original": {
@@ -3807,11 +3808,11 @@
]
},
"locked": {
"lastModified": 1766289575,
"narHash": "sha256-BOKCwOQQIP4p9z8DasT5r+qjri3x7sPCOq+FTjY8Z+o=",
"lastModified": 1766894905,
"narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "9836912e37aef546029e48c8749834735a6b9dad",
"rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7",
"type": "github"
},
"original": {
@@ -4662,11 +4663,11 @@
"systems": "systems_25"
},
"locked": {
"lastModified": 1766696834,
"narHash": "sha256-IJjWGdo/isuXbXh7ndVjFhk+pDHMM7zeVmYo0cb6mrs=",
"lastModified": 1766947253,
"narHash": "sha256-bzdD637oY/d23QH7CKbyndBmmTBIM19HsnPtj49xCM0=",
"owner": "vicinaehq",
"repo": "vicinae",
"rev": "6a71a7426db6d9edf86291377afda1ca18e774f4",
"rev": "68faea42c62862614e071cee329486d907b3641a",
"type": "github"
},
"original": {
@@ -4777,11 +4778,11 @@
]
},
"locked": {
"lastModified": 1766697593,
"narHash": "sha256-mGZBEN67mxeOsBhplBRLm6L+y++8jU46EEUYgemG1aQ=",
"lastModified": 1766897152,
"narHash": "sha256-mD1GDg1eIHYUwk536j4uJX1IfQArsLQm2SL7rTQwAPI=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "98d8f48ba80a4b6e3b56addad850d57132301075",
"rev": "fe8d1a61a904b336f453d7ab5ae7d691a21c5cbf",
"type": "github"
},
"original": {

2
home/apps/default.nix
View File

@@ -30,7 +30,7 @@ lib.optionalAttrs device.hasGui {
# ./pcsx2.nix
./prismlauncher.nix
# ./rpcs3.nix
# ./shadps4.nix
./shadps4.nix
./slack.nix
# ./thunderbird.nix
# ./tsukimi.nix

5
home/apps/vicinae.nix
View File

@@ -7,7 +7,10 @@
imports = [inputs.vicinae.homeManagerModules.default];
services.vicinae = {
enable = device.is "ryu";
systemd.autoStart = true;
systemd = {
enable = true;
autoStart = true;
};
extensions = [];
# package = pkgs.vicinae.overrideAttrs (old: {
# patches = [../../patches/vicinae-ctrl-np.patch];

7
home/programs/default.nix
View File

@@ -60,10 +60,8 @@
home.packages = with pkgs;
[
_1password-cli
asciidoctor
alejandra
aria2
ast-grep
bottom
btop
cachix
@@ -73,19 +71,14 @@
file
fzf
gnupg
gpg-tui
jq
just
macchina
nb
p7zip
pandoc
pfetch-rs
pkg-config
ripgrep
sd
tldr
# vcpkg-tool
]
++ lib.optionals (!device.isServer) [
monaspace

18
home/programs/eilmeldung.nix
View File

@@ -1,9 +1,13 @@
{inputs, ...}: {
{
inputs,
device,
...
}: {
imports = [
inputs.eilmeldung.homeManager.default
];
programs.eilmeldung = {
enable = true;
enable = device.is "ryu";
settings = {
refresh_fps = 60;
@@ -17,11 +21,11 @@
};
input_config.mappings = {
"q" = "quit";
"j" = "down";
"k" = "up";
"g g" = "gotofirst";
"G" = "gotolast";
"q" = ["quit"];
"j" = ["down"];
"k" = ["up"];
"g g" = ["gotofirst"];
"G" = ["gotolast"];
"o" = ["open" "read" "nextunread"];
};

2
neovim/default.nix
View File

@@ -362,7 +362,7 @@ in {
additional_vim_regex_highlighting = true;
};
};
folding = true;
folding.enable = true;
grammarPackages =
(with pkgs.tree-sitter-grammars; [
tree-sitter-norg

2
nixos/ryu/configuration.nix
View File

@@ -176,7 +176,7 @@
};
hostName = "ryu"; # Define your hostname.
# nameservers = ["1.1.1.1" "8.8.8.8"];
nameservers = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
# nameservers = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";

5
nixos/ryu/programs/steam.nix
View File

@@ -8,7 +8,9 @@
extraCompatPackages = [
pkgs.proton-ge-bin
pkgs.gamescope
pkgs.gamescope-wsi
pkgs.mangohud
pkgs.vulkan-tools
];
};
programs.gamescope = {
@@ -17,5 +19,8 @@
};
environment.systemPackages = [
pkgs.protonup-qt
pkgs.vulkan-tools
pkgs.gamescope
pkgs.gamescope-wsi
];
}

4
nixos/ryu/services/resolved.nix
View File

@@ -1,9 +1,11 @@
{...}: {
# Disable all the dns stuff in favour of tailscale's DNS
services.resolved = {
enable = true;
dnssec = "true";
dnsovertls = "true";
domains = ["lemur-newton.ts.net"];
fallbackDns = ["1.1.1.1"];
fallbackDns = [];
};
networking.nameservers = [];
}

14
nixos/tako/services/homepage.nix
View File

@@ -86,13 +86,6 @@
href = "https://cloud.darksailor.dev";
};
}
# {
# "Open WebUI" = {
# icon = "open-webui.png";
# description = "Open WebUI for self hosted llms";
# href = "https://llama.darksailor.dev";
# };
# }
{
"Immich" = {
icon = "immich.png";
@@ -107,6 +100,13 @@
href = "https://draw.darksailor.dev";
};
}
{
"Navidrome" = {
icon = "navidrome.png";
description = "A self-hosted music server and streamer.";
href = "https://music.darksailor.dev";
};
}
];
}
];

39
nixos/tako/services/navidrome.nix
View File

@@ -1,4 +1,18 @@
{...}: {
{
device,
config,
...
}: let
socket = "/run/navidrome/navidrome.sock";
in {
sops = {
secrets."lastfm/api_key" = {};
secrets."lastfm/shared_secret" = {};
templates."lastfm.env".content = ''
ND_LASTFM_APIKEY=${config.sops.placeholder."lastfm/api_key"}
ND_LASTFM_SECRET=${config.sops.placeholder."lastfm/shared_secret"}
'';
};
services = {
navidrome = {
enable = true;
@@ -6,14 +20,15 @@
MusicFolder = "/media/music";
ReverseProxyUserHeader = "Remote-User";
ReverseProxyWhitelist = "@";
Address = "/var/run/navidrome/navidrome.sock";
Address = "unix:${socket}";
BaseUrl = "https://music.darksailor.dev";
};
environmentFile = config.sops.templates."lastfm.env".path;
};
caddy = {
virtualHosts."music.darksailor.dev".extraConfig = ''
import auth
# reverse_proxy localhost:4533
reverse_proxy unix//var/run/navidrome/navidrome.sock
reverse_proxy unix/${socket}
'';
};
authelia = {
@@ -38,4 +53,20 @@
};
};
};
systemd.services.navidrome.requires = ["systemd-tmpfiles-setup.service"];
systemd.tmpfiles.settings = {
navidromeDirs = {
"/run/navidrome".d = {
mode = "775";
user = "navidrome";
group = "navidrome";
};
};
};
users.users.${device.user} = {
extraGroups = ["navidrome"];
};
users.users.caddy = {
extraGroups = ["navidrome"];
};
}

2
nixos/tsuba/services/default.nix
View File

@@ -10,5 +10,7 @@
./flaresolverr.nix
./caddy.nix
./monitoring.nix
./pihole.nix
./resolved.nix
];
}

70
nixos/tsuba/services/pihole.nix Normal file
View File

@@ -0,0 +1,70 @@
{
pkgs,
config,
...
}: {
sops = {
secrets."pihole/password" = {};
templates."pihole.env".content = ''
FTLCONF_webserver_api_password=${config.sops.placeholder."pihole/password"}
'';
};
virtualisation.oci-containers = {
containers = {
pihole = {
image = "pihole/pihole:latest";
ports = [
"53:53/tcp"
"53:53/udp"
"127.0.0.1:8053:80/tcp"
];
privileged = true;
environment = {
TZ = config.time.timeZone;
FTLCONF_dns_listeningMode = "ALL";
};
environmentFiles = [
config.sops.templates."pihole.env".path
];
volumes = [
"/etc/pihole:/etc/pihole"
];
capabilities = {
"NET_ADMIN" = true;
"SYS_TIME" = true;
"SYS_NICE" = true;
};
};
};
};
services.caddy = {
virtualHosts."pihole.darksailor.dev".extraConfig = ''
import cloudflare
redir / /admin permanent
reverse_proxy localhost:8053
'';
};
# Systemd service to pull latest Home Assistant image
systemd.services.pihole-image-update = {
description = "Pull latest Pi Hole Docker image";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.docker}/bin/docker pull pihole/pihole:latest";
ExecStartPost = "${pkgs.systemd}/bin/systemctl restart docker-pihole.service";
};
};
# Systemd timer to run the update service every 5 days
systemd.timers.pihole-image-update = {
description = "Timer for Pi-Hole image updates";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "Mon *-*-* 02:00:00";
OnUnitInactiveSec = "5d";
Persistent = true;
RandomizedDelaySec = "1h";
};
};
}

14
nixos/tsuba/services/resolved.nix
View File

@@ -1,9 +1,11 @@
{...}: {
{lib, ...}: {
services.resolved = {
enable = true;
dnssec = "true";
domains = ["~." "lemur-newton.ts.net"];
fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
dnsovertls = "true";
enable = false;
# dnssec = "true";
# domains = ["~." "lemur-newton.ts.net"];
# fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
fallbackDns = [];
# dnsovertls = "true";
};
networking.nameservers = [];
}

9
secrets/secrets.yaml
View File

@@ -73,6 +73,11 @@ grafana:
secretKey: ENC[AES256_GCM,data:LD0x8Fa6SU1+6mwxLkKa/o+ZqeuRIr7o/AKS7EmrDYj0vzrA3/FjViVJNfkOJDch9TbVyjIpk2ZLwxHXOZx7MA==,iv:t6UwZj2JZpMIDsDDeJ4rZah4aBoMIKaoiu9VU2VhViE=,tag:MIz/b8JWYtOpUCcg6gYhJg==,type:str]
discord:
token: ENC[AES256_GCM,data:M6TayHpIa0J1w3zVRKPPU0P/f18UXOpxzU7fjKNCx8YxzSAaQfY52S5XpiqDgjPWfWdSxzG2VVDqu1708Vwofa8IRKwWafam,iv:x0ySoaS68aLRVUcQin096RoeQGRELvNwdFJxezPj/cA=,tag:Omv5uL97y7ZTI8juVJFNug==,type:str]
lastfm:
shared_secret: ENC[AES256_GCM,data:F5jKgUXcssteGYukS3eCJkBsSN1qHZzrH2pvZCFC2ac=,iv:c1YiTd26sxSv3PO2dtKgC1Zvk3W1x4U1C1+x3PG79IM=,tag:boeLy29lukY5pp+sij8cgA==,type:str]
api_key: ENC[AES256_GCM,data:5sFOaTAeiinetn8NfUBOFTcfuZmnnRNDTbuxVzAT4MU=,iv:RUmZ0PQpON3wkwj6GrSo7FHADM2pr4bavHT1omgR+Xw=,tag:ST7v4R8Scp+9ikYkiZ8Vtw==,type:str]
pihole:
password: ENC[AES256_GCM,data:xOpsEFN6zbgPwYnSudmFqlYOghY=,iv:isO0RtKgi8G8noumyhIfLLfmH9w5ybt9NVxh7bRVykM=,tag:17UcPypyqquJDTFZAc5iyA==,type:str]
sops:
age:
- recipient: age1pw7kluxp7872c63ne4jecq75glj060jkmqwzkk6esatuyck9egfswufdpk
@@ -84,7 +89,7 @@ sops:
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-27T16:07:40Z"
mac: ENC[AES256_GCM,data:uoEAPUETfHQHnuvP1Mv4OqLUmWqMZxEr4VAElMwaOoYmkMR2blr6htMY5A3y1Qzc1CDv9o5p7cUUNdkYU1VoCj/bGwKgASYjZKM7gZDmrivyl0/XXcdA56pmgPfmO5PCkml1SJwQwwty4uwGNruKfUDrhMH5fIfS4KbS/GmnFeQ=,iv:IIQNHJOoMY9WrWEw2blenTv7RDGRVN8dXxYwMDyZPg8=,tag:vTP8Zv3TOoacVs8JqgMi3A==,type:str]
lastmodified: "2025-12-29T22:55:29Z"
mac: ENC[AES256_GCM,data:eEYsNcqFKFRS2wb5dht6AI86d7IWJGKGBdKVF4hk87ieVpZ6UaflgPbjAUYHMNFB7PCvhx3gjIPscb2oNZ/sYx8aTx9zFeexosQ8C8OqCWxGEEn3OxVGEqVNvIEQ7HvTg/2Dj5644IAIKD5bltAMPtfdfBzUm7KrA+nc8BMuPVk=,iv:i1EufRekIBASVf+EAphtJsHDnlwKLVSZKeC4RE0w2ac=,tag:efFizvzVBEXvE5ly25rsvA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0