From bbe47c8fe64d66dc2fa1aa0291554e5e4f023c24 Mon Sep 17 00:00:00 2001 From: Lucy Hochkamp Date: Sun, 7 Sep 2025 00:53:50 +0200 Subject: [PATCH] new services --- flake.nix | 2 +- instances/ds9/configuration.nix | 4 +- instances/ds9/secrets/atticd.yaml | 57 ++++++++++++ instances/ds9/secrets/woodpecker.yaml | 59 ++++++++++++ instances/ds9/services/attic.nix | 29 ++++++ instances/ds9/services/woodpecker.nix | 75 +++++++++++++++ instances/ds9/services/ytdl-sub.nix | 129 ++++++++++++++++++++++++++ 7 files changed, 353 insertions(+), 2 deletions(-) create mode 100644 instances/ds9/secrets/atticd.yaml create mode 100644 instances/ds9/secrets/woodpecker.yaml create mode 100644 instances/ds9/services/attic.nix create mode 100644 instances/ds9/services/woodpecker.nix create mode 100644 instances/ds9/services/ytdl-sub.nix diff --git a/flake.nix b/flake.nix index df838a32..0a225a7a 100644 --- a/flake.nix +++ b/flake.nix @@ -110,7 +110,7 @@ ); nixosConfigurations = lib.xyno.loadInstances ./instances (modules); - devShell."x86_64-linux" = + devShells."x86_64-linux".default = let pkgs = genPkgs "x86_64-linux"; in diff --git a/instances/ds9/configuration.nix b/instances/ds9/configuration.nix index 2346c049..8f640680 100644 --- a/instances/ds9/configuration.nix +++ b/instances/ds9/configuration.nix @@ -8,9 +8,11 @@ nixpkgs.system = "x86_64-linux"; imports = [ ./hardware-configuration.nix + ./services/attic.nix ./services/immich.nix - ./services/paperless.nix ./services/jellyfin.nix + ./services/paperless.nix + ./services/ytdl-sub.nix ]; time.timeZone = "Europe/Berlin"; diff --git a/instances/ds9/secrets/atticd.yaml b/instances/ds9/secrets/atticd.yaml new file mode 100644 index 00000000..1f3a5fb1 --- /dev/null +++ b/instances/ds9/secrets/atticd.yaml @@ -0,0 +1,57 @@ +atticd: + env: ENC[AES256_GCM,data:UIwCkHrApoH5XX3z8067UcoOxjc/olzVdQp27l2kD7uZIvGcfYfy2XbOJ3DrdDPX1IZdaY0x8eT1SGnHCZrOlE4U0gQ2AKSxCAGrT5RjDvj0/0lzTIEYFQoOVgqByeEPnhe2/gLNs29x2A3qsLqXZp+yDzTKwcIlUELNdlgTP4ZrA4IVnJUMgQokYxpdUN10HtMO2Hvch88t80H9A0EKrBK2dRuMyr/MLD4YTta/R2ROzmLqwmCjOC5R4+Gb4VKwRb5n7inidjWXnBFVA1+MPQ/0a3GVi2EWQyXyfxgPqNRHHTpbhmXOGkgSgYsd4tQsqQqz0z3KtRhyLqHQ9LWKR64P8vCUtarkagco5kGyhj/q6EQjqqIcCfB9QHa903Rf8eqx8WoGwwfgjZhyxrt1X/7Oov7m5jGKJe98vroPvzvaAUzDwN/eGdzAhqLoQh0GPAM0nmtiWOeD3hv2D+wPeH3C1zhJKkbf0yyOG0qrnObI1TFJwEf+t5Boema/GBtDxN0nx3C6OKDe5KI+PHxoZcOgomSBcio/JZlUGrZ6R2f+pjjt3IYl/gsik7cpv2Bz5sNKw4jiGqE2i67fgmxF/frQKyWBJzq+AWVyS4UD8PNBSXh/nZ25Q8B1TXSsmK7m+Q1J5vdW8oojZHaxX2xT6hIy9GtOHff3fcKulTJwmS9zreAN9e3msv2l3laJodKhj453mmjIA5o78JOZa6B0ydlAHFW/j26lPWjD4DU/GZou5VBS3v+/YuH1qHOajhT+tyV1Or7cziL6WVgwDuS0VL/tRuA898trEYId0DSi/xKjJrbpU+JaXBOFhFZg0D8JcrGey7SIJdpiXej+kfbKWY+ZXwwms0oxZb/nFvPLkmtClVMIxzJGmCGDvCCStZYA5Xu7WbFhhl3NOf1EXHEa9fIvoOhLX/ygyJZtjRZfuaQZQ/lP1QjJ+pQ2/PZVd7DwDjuUdV6TCIYYhB9Rd4JxnlKvr0SVLtppn4KxLbpZG19OM2/TUqYzLDTaiNeNZ0ZXDQM5TvSvPSS51dcG6iUCwvNjYqfiQnrCMgeIOXWd2oCF0HMCZbGAPJwqRcD+U+9838MZhzHsoQcRIkrNuaRVDjI2THZgkdTNRLBkGTMKLSAosg9l7pis1jRok0XdMmcj+A+1BEVTLN9nSgYb9RpVp24PamemCAPyY4ccy8SprHny29Yb26hZzkznVjWMWHLskaY+SwofYHrvyQZIHaAT0aeddRUho85LsNiGdW7kxiVltgx3GmGr7xpFMTR5GNpAqAnsbXaNtanuwkfjrrjACgfbeO0SolzZi6PclHAUyvf3imXpcnxjZswxxs/WiTlcw6nZ4ci5CTs808JOGwqKKWfo/dMgjoAfZnXfU9RmNO0nqAvOjal1w7XCkQ+erhlXZfSUmCqr0yD15CbM1exGCUMZYH8h4pFqc4I748sV/sjONHISSh5hKz6OTyB9woxIU8kXaJHXRz2OJKiFIiJNlPZAj5g3KkcCUVjFYmv/sQizzCvCNxEA91UJWkBprKc0pavoAYK2RcJggJs9gZ3bMTgarYx1Asvb0QmB/YWwxcX8VwP8aogvVWx/xXxF+LIbQqpPoEbNZ29dhl+tXvZxP+smi3gjaQ89IL/FzSzxVQ1O5PI2rgcKh6U0zJfx9+tY8cDskuvDZvRMvUE8QgGFRPSjsvTcsZhRxgi2pNV5aBFCHVcnP0No66aOCQPA9XaYqdq7oSwCWCOeeQYMKCt2WmlNdz9i4HgnEEHblnyUe4l8wddtmtgD3nvHIwAvBBE9BZJ0OP0DeRt+rWPPNSUqu8Jzb621xkYSX8YeCocTZzCpK371smg8QYgTp69ZvqwJGnpFRs08DBpuhG2yPB+TAqJdzaN8LtoJ+qWdTeY6rDtCLpWPo84w9mEgSDc08Hr4PZtXNRpNhfWg9r3y1QhZ0CvmSZU5l6Fi66VIZluUKr92qD7BpSItOeuzn9dlu8F/3upTlRtH6Q+cNccRDZhQs+BghMnaaGSc4QJJOtWMMXgfdiTAMG1QckCAx4O1e/dfwzfZ3mI9Iu40VjQkIlhK4RXCbxFtLf+a5xyPgdmcVhXaOsOF+DsEA+hkA4iFVyoSgtXKxDrjif+HtOHVQz5nA5mTIx3ntQ8JGFYlTW29rVn4txNdsYQQzFHOv9YsDPo4obUke5q5xFCU2/+1D9oAinvnyRACyY7p/QHv1cJU8uafqwafk7+fOytDvkumKbkC/z0mUX0hGBV+WwLhV+M+0oXnDHKC8czTWbOxN/p8HRZj3jwXJSMePE7wqi9g1XswXWz4hd/1QrNgSdF9LXKWL2kMA5I++3ab90Xjziz5y2WOLFCkphGntq398C2w1P8hYUERF04m2Iei7Ph0KwO1d5aZ1FjAFLQxx+tVQ60CnGypEPDX3S7X0kW/DwXndGElRbwkF5cCX4BXhzGGyvBm2wfhOj2P00Ue+mnci5mqzbev7HVT2MMZHYnMWpBJHFqh0gP1wumEEUmroKT39sKPgrJNxYqKcTi0qHqLd9TMnI3cI8T7k8uI+712XZO0Qm1XlOY9tJxaA2AfrUvlbcj7aPfi0bN7eHk+eTVuMz0dKcyC106Tvo2qbTjcz4sCc5BA41CkY/9AhEkfCONXjfrQbbXaDjYwbZf+xJf+2Ivhire/bLQf6bwnEUPgoc3ks1bqFbBxAyhmE9Co3jDmVSy5Wb9l8cVvbb4T1etxlhS+FNeDx/CCq04SpjqD25MinDz7qvhOn1hkW7zyc+83zc6JCjucR7C/io/VEPIwfgCbQ0XM1otZSBbakqppYScWAgxuK6QZhpn/LDr6F8yYzluDnl9T6Rf5lJqh4XYTdn9+flNyUARzUuGS0rTGZr6iIrqD1SgoC8KNbpzcAs4U2RIVWbj2ODu+OyHVdPIjI/09qx1reX27RIC43nm7yFaEJM0hKw4jWVMp1Tt3wC7sqA8ZB+1KM8miR1aua+Ktb+lff7H9eez+7XeBU85rFrhvyr50s0oh6ikv8ydReYqNMv2075Nhfbsof/p9V5X/b3twAGLYPlL+i6cNBd3/MMmjLsl3cSIewTxpTcs1DoHaN6TwAH+wu0iFPi6slh2J+0t0WprPde2jLozfAtFVdwz4auIQyviBuXLMyx7+ymzOCmOMhymlbcLQap6j41Sr04XClbrbfKaTEVwvZs+Xo/+ER1Tx7/d2LSGRbRAaTnjrVjtiNsJGYZTC7lfI+mknFxNtmzVX0EF5P+DCJ3+c7DDJiQnJq913p3lGoDxBdTrIxcaTrHkjGNWILELWn7fvP0lzoElSGgCZmw0bpKFk2xwDVjw6VAlyKwrCWQpOGellM6gl4904IysaEK01IHBBdgZOp3YIjuHcRYKhPsa6n6KWcVdCYfUEGNvi7Mc/9hLJzQz8/+g2SzahAJEgPgNwffi0WnxTdtLBGO4GYMKOFotWlgUJ9uFGzPk6G2LkGmxryB8DQFNhFW6eOiEpUnsue9c088+i1lzHOY3Ky4aspOxf+8kPbPuWqRfBSAEqTrxkfQPNL/p4TBBu79p5IH0gL9ktKE1F3rKgK+Gen5Ttywjnx0wZGgcMuSROftApWKn5dMCro4uns6lsosbwLddfTXCmv+r79FlRlWrrIYqm4hJ/ndh49n/dQnI+HWOC8g8kCdcEFHvmz4nEI0t7iC+Mjcx9SB6xVyamHg3SfDjYRfuLCJoFuGn6pBEYo0Uj7FXAilvnKhJCzc7qEegfMFb1UtpcCuIhMyWFwRDSTz/7KBOHZoW9ALbSd/2OqFqtc5vuTnBGU+Zgx48/GbHTbZtMp/jJN90oqGiWSeOS4yWeM90fMaq9xoAlpM62cke1FTtc+/uI/8432p841sY7xtZa23UxBhNHQCa4UTvnkKV+7HyYlBVqQKnAzsuRhuPrMiXvDgmwBI3nK/KhQS87+Q2fJim8SirmdPkp7Pkp9GMf3wHumZ5+5PJb1MQVqBw/g2qd2LzjFAPJpyJU0wuiKq4IjYCE+2gyTr8bojwx+ALPaddkuxsT2Pc9rU51lT00kSRLGo/erW/feIIq6UNtb3FFzWYoCqjMedEYnzbNBHjXB+VjejBb8G/yggCRgSJzXffsGkpRVsEiyLqy8t8ef6sm2ZL7Hvt2OT+da+ePK0B8DgX31DlVsX1/UHCveYQZAq0JuLW/Fvs41aewGVJEf/jWtChZ1NsVtayfXgZDcD9hsTeGhDjc0mCgT6YxU+YCvzmDr0ukJCnSy9UP15w1CQ1GOLFGMRcviDMD/IzOgXLKxfYksSIujRk0nOhSViliSSFyc2dtd52X8zLC9p3yAf0pDbBeWiQ8IW7Ehxd66sl3ralGmc46OqDQqaApFuBJzJP3f7icUxEZFQfHg6MHrOAkWPF+nrCWFlB5xCqTV3MKiK+Wa/82X4+hnUSedJVOaLEuw36705OIFd7WoNKB9cm50SYOIbGPHriabgH/mXw2BL/vCPpNdkDHGrBRRoKejSxhYiaREgGc/uy4ejXvEliunE5tKwcEzVLo2CBxGH7x4f5avSR34ARz8KGLC+71S08xaWS9ieJP0Kavq3IuLfzW9UbODeI/4qSAuHu16fdKyUhrshKmO3WTOM/JIBp7APK9jLqP4fZGB2lFCFtbEveE42v3PA7fG0FG2tUXH36OEBSnBgM+ltpAva1YOUdIiLTAR4T2/JZ35Y0vrFgzlSgDgsdV38P+0NN4ZYDXTpEAkSUJPeIorlPMS0iS+b4tbg2nc16Fw9CmIzY+2neeTzMZ6t9ZjnOCrONGJYgZBtSFejk+cU0UPI0KAeJs/fp1w2HuE2ZJdKpQXG+/OY/lp7IqE6pTQD8R3VVHS2bA2pCW5KPgZJmNE1QdjjdKRSdRjAyhscCUK5h95bDQj3pWfYICaaDwYfZBhZDzFU6i2CSXXs57DDzWlOCIFsaEpEXHmfgOWC7xtDCLXC6tVdDB2wkUfP4KrwgoL4Xcouo3nFlvV6FbJXYv/DMuUic4/5n7cd7+V3+Coaxz13ijMbvbZC2zR8m62uC9J+IvHmhXn4gwaGKnItBrqqBl58iABC/gyEdGqAMI5KpAFk2VuQKsypoRkXgQFNRRO7kWupP5u/rCu2foyQNEQdSNnJBkwL3cdHn2qG+SIRNXnYSW77Wc+fwASo6A8xfHGgL0av42CQ6pYbcSd6+MSr3TOijwjY54Wo6/fazreY95UWSWBgeepppNweSVaSb466ZUvim8ue1cfY18OiXdujZCu7UckaTorTSUGwDnePY5xTktNHOSQ2fVBlLBVUDglFh8F8qYyfBXm4ixvAUHlooiLmuSZSbLjVhWmYOl/O+vSSthnbCEpQp1C127tuOSm3XWbIzjpwm3SL61A7U9z2q4fUkd1MMvc3yQuhr6yF2xNj3qmg/BnlROntzWdO8ZDRKrKgQkEd91H+tYxCgDavDGi9sAME9Te1hX6lBtrABK7kyO/OySh7zIC7Vh2VQCOnSCEYs4GOV2Ci1S4j2uR4jYXwWqbg7jy1OKFNt7yEX5Puby9kSciIHPFkOQgulFXbjTRlEPEazNQYhbzd0u+Qu7z99LSHUFk6+4HBvhKQTXCFNaDqZuwgObY3VWo8fCRnILZQrU/TF0apn93vGQ+5HB3Y49eUrDTE34xaoPlOa7b82Q6Hf+kCK7vbPdB3eIGIDHLelX2Mx0KRL4UTplWte52QqatUi/ROG13UGZ49xZooriLUWv7JmsN4icQGGI9vWUXh/awms1fRPH40KINp/gBGPMCZ5E6sA3WJaY7IF2g5gnuKQOeEyrF3LYCBqrc8ngKnCKLb4xZzo=,iv:0fuGVSoeudi/IVnVlmL+Tw1cS6Ksw6ehVSsYS2XvD9Q=,tag:9jq15k4vAik0Xm6OezRl5g==,type:str] +sops: + lastmodified: "2025-09-06T22:36:15Z" + mac: ENC[AES256_GCM,data:6B/1nHOu0IGXpv0cnPb9wYPMIXALTpuh7tNpWxagInQIZfXYP2m2tMNS6VlL9y8kQD36cuZKSM5BzAYru2rkIwHZK4qv0rogd/Po+eiipgaJA4ub4r1XkmECDZihChSxv1LXvXRum7Pb6linir95JsyueRu7EsP/XWz4vMQDKqE=,iv:gajQtx3I9NCnwgsehITnad/7rM2sa8Q3DebMnkuNzhM=,tag:YUpTmEhgKptaVxABBemuig==,type:str] + pgp: + - created_at: "2025-09-06T22:35:08Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hL4DAAAAAAAAAAASBAMENL6qpnpesj3NNiGUNWhUfdlCCybQNyegk1EdphsEA0qR + 3gKzUAeebZgPTwXuAi92Cv8bWAey5tbpXCDXkl4Qcx1sEwC9uLz9Tj3a+oFBbvtk + Rfd8QPQDXfvTbTzBn6OF27Lf2ksLTFxSxMgwu+KOVBl53WA3nZfWFqhQciGMSsYw + k/HG+7pMSpWo+bOk+078MfOi0Z+tmfVLDVkV1ruyT3JaIlEWY3E+Rif3gWFLyvuZ + 0l4B4kxu2TyH39bGk6zqG46EH3sZFM7cA/fMInD98+KoN49sFOLpdbvCKH4rs8gz + Q5KwW4AggUHKtxXhjPfXp9fYWN5WNxm9sPdHx+lJY3pUV/85b+2waWNP7RWU2qwS + =L1pP + -----END PGP MESSAGE----- + fp: 0D98D5964AC8BB1CA034CE4EC456133700066642 + - created_at: "2025-09-06T22:35:08Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMAwAAAAAAAAAAAQv/ec7bMdbkVVjrdqqY69pJmnEaFiKVzChDtDi4i/d8dpjQ + 0iP+tyRIAG/nhjvAOL/9qyd/9UCcD9PvIIr7Qy9wfoqPQMxpjEj50pto1C0RpH5e + 6w1zDDCNwhddM1SyMwHIQiKeUAIqa9qNKOPdBI0mla0CixCizwBN7yUXpOkZtxXW + IDzcxHAC8hpTkVvEzL/8WziOPuwnDfRwYDbg4kldTaVGYKfxSVvHWhA8AhLPmPCi + IahmVYJagReAbEiOQzXqZbHQhRwTIT2pMdCkvRVrRnKcgNaUja+p4NnKJrnm1/TT + z8XSy/juwemDLtRCbLRp37LJMhZVTkGIAzpq/BF6n1VFapR+UUf35Yc54OCuyWSv + 0Ds2GSzvSigJMlzGEje7ZFQbPxjNNs4JQuHZS/hABEOwbCx76oP6OgeIUcoa+i8g + 09O92PztoVNb4291A3/REnotBwOo5/khJmgInwmbv3aYeUOCh/Ab6n9waqHMLNzP + kMrwOTIQmh5KWfGmCdCo0lgBIZBtH4SG6CG2zy/vA2AYyYXqk4QYuRyOikXGqvrT + BrJM68p0MYygPFD+2CHxbAMoiYe87ZJYeZhcVRIYaMCrq22bqK+rIJwT/wO7Mc2p + Evz6UXmpcovE + =khBj + -----END PGP MESSAGE----- + fp: fada7e7be28e186e463ad745a38d17f36849d8a7 + - created_at: "2025-09-06T22:35:08Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMAwAAAAAAAAAAAQv/UN26uNXN7dPcDpkx5mOtIGHMDn0+mJoMNkCDWqv/72Lk + 2Jtxao8ToPnBrgjWBUVlfZ5SjqMf/Tcc20G4KOh4LBp/8Dp4eJacLoSSwDr26Wzf + XU/Tnzmxgff797UTN/r1LyCUS4c9v94mNpq+7ccBsUlpo8gPPY2mckNLvjyZXa0N + dLLzZFbr1lMNvp2oMMgYgg4ZKYYrJEB+KmQhDBWT//Q3TnY7X6DbdsSQNcP8uHT+ + UB4HqLmsE/9PtUzD+/mVxOVLCUUajZ7L42tUM4WPzw/4s41C3vqba7nMuFjuzOPs + 9Br+ZzwL6xOfjHV564dEqAz24O0StWJVxRi6DFIv14FPpaTaAcMoc5T3kWCI9Tpv + ssm+h8htztpZcrvlFLn6u6kulPV/1Zq2pc+d4nt/aknClT9bwz7TNP/p2WbozHM5 + ARUPuvv02DFc+z/MCIb6ghiAZQd/Lcdc3fqWotyTnpc9Om9uDJ4Rk0lPWvh/USa2 + fnIpW7+SpkI4LbZePX3Y0lgBJFW9HX4N6sVxQp86Cqn0s9tZzo9Z7pHvySNVATiX + 0ktgdzBoy5bemi/810EBh9a2sv6UWo4OWml9wby1fqYmFthmpwWR4uPoKe+kuTwO + tq3R7H/MHqeB + =AQ+v + -----END PGP MESSAGE----- + fp: b730b2bf54eb792a14bfd3e68c14c08894376c5f + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/instances/ds9/secrets/woodpecker.yaml b/instances/ds9/secrets/woodpecker.yaml new file mode 100644 index 00000000..c9a32294 --- /dev/null +++ b/instances/ds9/secrets/woodpecker.yaml @@ -0,0 +1,59 @@ +woodpecker: + agent_secret: ENC[AES256_GCM,data:3UeEZus6umg6PgIHRz91PN3oiUqpq/PWMrleOt3MCtfUf/oSefFdAZ/QuHK0jhrYMXBbbswql9jEu7DY1ztzP05oEfk2XtGQHnXr9yhizLRvCeJ4izFNYEc=,iv:c9RipnwCLe2RRSQJrVh+Rh6pDA2kssTNe0aNvcQbBnE=,tag:JfHn71sb6/ZE6OLzzCxcNQ==,type:str] + gitea: ENC[AES256_GCM,data:nG6YB4MK/GJG98LsVEMbeaEDvlGHmAsQRpoQZQ==,iv:7Ew2Ri/QTV0N3u3BrJ+uafDktcw57c3jArGaq7Wrrr8=,tag:eYCYxhGuYVZb51qGI4uynQ==,type:str] + prometheus: ENC[AES256_GCM,data:q2Z8uO7Cvg31eY9c8rPcYIEuzF/VIHVfViPKWej4DIBYmJqxEWbwdDEPYN1iDKLQDr/PwDj9Zm0QeOqek7qLPanNaLsynZmz29j//bqQOjds2KrPhQQZ,iv:kujSbMkIOtAUfOsftT7mbH2n/M1y/eeoOcMTqKwI4Wo=,tag:V3Lpe54p4oBcxe/KGdHQFw==,type:str] +sops: + lastmodified: "2025-09-06T22:46:06Z" + mac: ENC[AES256_GCM,data:LpSU8hHNrMOXfx+4DZstOYlRF/2MjJWwCwUwjyA4Gxn4+OivfC/tVLxicYw3UYMwIksG4ENwMgdm3j+UI3+x9UWdG1qjBnXKOqQK35IlSP7sF0/Ksa+4suB7axhz/kXNm+ntuvyzTKIRtYnYT0uBWPhAuEIwn2yIdY2x0AOPOjo=,iv:5+kExY4v6i4ws7pGABx0dXUrFEq7F2njNUWPzuhz5ZU=,tag:e36ICN2K2hkhtHOBNYmb1A==,type:str] + pgp: + - created_at: "2025-09-06T22:36:49Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hL4DAAAAAAAAAAASBAMELJIJb18SjKdjEsA9tR4uBLctJlaD4L4i3f1bYzUFiu/Q + Skn+W1TwQKMYxZnr7YlIAQcZSjpZLzQE1AY/ZjzgLDtTesx9RQejtWzaXrk744Ge + /o53slD0pOd/bwvb5YFFBQzR9o0leK7Rfogps9DXDG9UsSJmW8HUFqaBOOeYVNEw + o6zHGUYRNef8U5nxW50PWa1YbH6g5mX0Q8vP6j7lWBe6UGbBwXTJIctMknxUViid + 0l4Bedn5GIN3xC0EJuJQ9mhVhHH2YMwcqKSQR2YcimKXIayy3ADVSWqnh0uEhXHD + EBkUmk5a9FVxrWr/D+2ZW6Md0SG6fV33VcxT13Yx/YVg/L1nNLYcfP2ZWDVpibq0 + =DFT7 + -----END PGP MESSAGE----- + fp: 0D98D5964AC8BB1CA034CE4EC456133700066642 + - created_at: "2025-09-06T22:36:49Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMAwAAAAAAAAAAAQwAtVrcsgUEgocwIx8OQ4cba/KQYl5nyIuL2ElnJcKBHoOu + 2tsC9zXFomGpguGh+RnTsbApOXajSVbEmvH85flShEi1qm8IUUTofO2I1e9/bXDt + tDu4QXH5Z2mp6x6HZZRC2tx/otem3Inn/RMmNJWaaotsBq6AFCRrSzlaaXkNZEJQ + zaIolujXoNgXE6xEZ4J2RfjIyITBktHI7IwfkKXBWeb920QGRXG88rTwenlkhPOS + gXyu8hGvLuDL6y4TPvDO0E3rnelDyeLwaCek7S4qLAyd+pvx1bTla2svCZTVZCfh + WxRQ4S5fZt9HnsmLe91vYYkxLi7O1qzVKhueAEqa1T1/Bp0RHbAcDph/rakGm0Z0 + 1GQJD77TrGtsj2ZD+1OtYDX9Uj/TmaJktTwYNhe3HxelOM1+GL3MybPuW+kgEN3x + 1LRu3X1Gk3MzpmEpv3aehwHGOWplGwmCygptgg3x27O68c+Nf2Qdz5aa04mhzV3g + R2G3uX9HXJmrXIaXURwi0lgBkBbh26shJIrqTvo2K+ZB3LTFtOozSlcw2KAP5TKo + S3gUpdl8WZ8tK51U5WI+KQkeXGmGlLtmkorB1PS1lL03A4s/TBgHcpAmaz4/CdfI + 3kfq/UxdviG/ + =n2oS + -----END PGP MESSAGE----- + fp: fada7e7be28e186e463ad745a38d17f36849d8a7 + - created_at: "2025-09-06T22:36:49Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQGMAwAAAAAAAAAAAQwAqKJADgVZRAYxVg4ddDtzJjdh/XyaQaFktn1BkAyq/bUT + T5rtyrRsDnRW/JvYIWJt9O9ewsNYRWF0CPfPRaLeUaWMXnvmRPFeZB+CqfIjxQdE + qZcDLq0UL6lv4y7RUYi7HL8qoKATqVyxmBkKb04SWm/R6iGm2O7mO1cg/sqwCCnv + m0abeQvn/wlIl0yeQxsT/b1ZUzxIn/5TPOPu5MIbpeUNRZJU3xgD+6K9ZFZphx3T + 0FQjz54MHgJ+GHEAfPIVJ1zZ1pnAY2EsigWqLOwttG5FwXKAhmtkCXcZc9biG3bO + K5mI1zosHO9ktp04YA8hE7cybgnlut3roWFlnPb1UFj3T2q8UUUKXjB9ztIF58Nd + GCIg1zua/5Iuz58G3nTCmUg4+0tnJGbTYRTixZLdF9q3Ff0R3ckOIw7wFZQL6ZHm + Fx1XXZ+3CffjySf2iBT2j+eR8Pe6Aue3aD7dkmq/m7hatoG/0FqnrDWeiMXBqBrY + MEad4gm8QC4IVTzDSfR60lgBTMVc9vJAS22UwEcVgCDxXeoQnXu4HCsnxi5XmWQc + BNeQ5gdVrmDQZ56ER1ik6hYUUzmZd3iOGV+r7oi3qWq6PHAjl9tx9KZkhEO3Sqvf + kzeCBEUPKfGc + =rb5/ + -----END PGP MESSAGE----- + fp: b730b2bf54eb792a14bfd3e68c14c08894376c5f + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/instances/ds9/services/attic.nix b/instances/ds9/services/attic.nix new file mode 100644 index 00000000..124e2a2e --- /dev/null +++ b/instances/ds9/services/attic.nix @@ -0,0 +1,29 @@ +{ + pkgs, + config, + lib, + ... +}: +{ + xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.attic.extraConfig = + "reverse_proxy http://[::1]:8089"; + services.postgresql.ensureDatabases = [ "atticd" ]; + services.postgresql.ensureUsers = [ + { + name = "atticd"; + ensureDBOwnership = true; + } + ]; + services.atticd = { + enable = true; + settings.database.url = "postgresql://atticd@localhost/atticd?host=/run/postgresql"; + settings.listen = "[::1]:8089"; + settings.allowed-hosts = [ "attic.hailsatan.eu" ]; + settings.api_endpoint = [ "https://attic.hailsatan.eu/" ]; + environmentFile = config.sops.secrets."atticd/env".path; + }; + sops.secrets."atticd/env" = { + sopsFile = ../secrets/atticd.yaml; + }; + xyno.impermanence.directories = [ "/var/lib/atticd" ]; +} diff --git a/instances/ds9/services/woodpecker.nix b/instances/ds9/services/woodpecker.nix new file mode 100644 index 00000000..99f347db --- /dev/null +++ b/instances/ds9/services/woodpecker.nix @@ -0,0 +1,75 @@ +{ + pkgs, + config, + lib, + ... +}: +{ + xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.woodpecker.extraConfig = + "reverse_proxy http://[::1]:18000"; + xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.woodpecker-agent.extraConfig = + "reverse_proxy h2c://[::1]:19000"; + services.postgresql.ensureDatabases = [ "woodpecker" ]; + services.postgresql.ensureUsers = [ + { + name = "woodpecker"; + ensureDBOwnership = true; + } + ]; + + services.woodpecker-server = { + enable = true; + environment = { + GITEA = true; + GITEA_URL = "https://git.xyno.systems"; + GRPC_ADDR = ":19000"; + SERVER_ADDR = ":18000"; + WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker@localhost/woodpecker?host=/run/postgresql"; + WOODPECKER_DATABASE_DRIVER = "postgres"; + WOODPECKER_HOST = "https://woodpecker.hailsatan.eu"; + }; + environmentFile = [ + config.sops.secrets."woodpecker/agent_secret".path + config.sops.secrets."woodpecker/gitea".path + ]; + }; + + virtualisation.podman = { + dockerSocket.enable = true; + enable = true; + autoPrune.enable = true; + defaultNetwork.settings = { + dns_enabled = true; + }; + }; + # This is needed for podman to be able to talk over dns + networking.firewall.interfaces."podman0" = { + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; + }; + services.woodpecker-agents.podman = { + environment = { + WOODPECKER_SERVER = "[::1]:19000"; + WOODPECKER_BACKEND = "docker"; + WOODPECKER_MAX_WORKFLOWS = 4; + DOCKER_HOST = "unix:///run/podman/podman.sock"; + }; + environmentFile = [ + config.sops.secrets."woodpecker/agent_secret".path + ]; + extraGroups = [ "podman" ]; + }; + sops.secrets."woodpecker/agent_secret" = { + sopsFile = ../secrets/woodpecker.yaml; + }; + sops.secrets."woodpecker/gitea" = { + sopsFile = ../secrets/woodpecker.yaml; + }; + sops.secrets."woodpecker/prometheus" = { + sopsFile = ../secrets/woodpecker.yaml; + }; + xyno.impermanence.directories = [ + "/var/lib/woodpecker" + "/var/lib/containers" + ]; +} diff --git a/instances/ds9/services/ytdl-sub.nix b/instances/ds9/services/ytdl-sub.nix new file mode 100644 index 00000000..c0bbf5d7 --- /dev/null +++ b/instances/ds9/services/ytdl-sub.nix @@ -0,0 +1,129 @@ +{ + config, + pkgs, + lib, + inputs, + ... +}: +with lib; +let + channels = { + "Entertainment" = [ + "2BoredGuysOfficial" + "AlexPrinz" + "BagelBoyOfficial" + "DiedeutschenBackrooms" + "DankPods" + "Defunctland" + "Ididathing" + "GarbageTime420" + "Boy_Boy" + "ContraPoints" + "PhilosophyTube" + "PosyMusic" + "RobBubble" + "agingwheels" + "NileBlue" + "NileRed" + "styropyro" + "williamosman" + "billwurtz" + "f4micom" + "hbomberguy" + "simonegiertz" + "Parabelritter" + "DeviantOllam" + "MaxFosh" + "MichaelReeves" + "TomScottGo" + "WilliamOsman2" + ]; + "Tism" = [ + "Echoray1" # alwin meschede + "TechnologyConnections" + "TechnologyConnextras" + "TheB1M" + "bahnblick_eu" + "jameshoffmann" + "scottmanley" + "theCodyReeder" + "standupmaths" + ]; + "Making" = [ + "DIYPerks" + "MaxMakerChannel" + "Nerdforge" + "iliketomakestuff" + "ZackFreedman" + + ]; + "Games" = [ + "TylerMcVicker1" + "gabe.follower" + "altf4games" + ]; + "Programming" = [ + "BenEater" + "NoBoilerplate" + "stacksmashing" + ]; + "Tech" = [ + "LinusTechTips" + ]; + }; +in + +{ + systemd.services."ytdl-sub-default".serviceConfig.ReadWritePaths = [ "/data/media/yt" ]; + services.ytdl-sub = { + instances.default = { + enable = true; + schedule = "0/6:0"; + config = { + presets."Sponsorblock" = { + ytdl_options.cookiefile = "/data/media/yt/cookies.Personal.txt"; + subtitles = { + embed_subtitles = true; + languages = [ + "en" + "de" + ]; + allow_auto_generated_subtitles = false; + }; + chapters = { + embed_chapters = true; + sponsorblock_categories = [ + # "outro" + "selfpromo" + "preview" + "interaction" + "sponsor" + "music_offtopic" + # "intro" + ]; + remove_sponsorblock_categories = "all"; + force_key_frames = false; + }; + }; + }; + subscriptions = { + "__preset__".overrides = { + tv_show_directory = "/data/media/yt"; + only_recent_max_files = 30; + # only_recent_date_range = "30days"; + }; + "Jellyfin TV Show by Date | Sponsorblock | Only Recent | Max 1080p" = mapAttrs' ( + n: v: nameValuePair "= ${n}" (genAttrs v (x: "https://youtube.com/@${x}")) + ) channels; + "Jellyfin TV Show Collection | Sponsorblock" = { + "~Murder Drones" = { + s01_url = "https://www.youtube.com/playlist?list=PLHovnlOusNLiJz3sm0d5i2Evwa2LDLdrg"; + tv_show_collection_episode_ordering = "playlist-index"; + }; + }; + }; + }; + group = "users"; + + }; +}