xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

new services

Browse source
This commit is contained in:
Lucy Hochkamp 2025-09-07 00:53:50 +02:00
parent f2fcbfb679
commit bbe47c8fe6
No known key found for this signature in database
7 changed files with 353 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -110,7 +110,7 @@
); );
nixosConfigurations = lib.xyno.loadInstances ./instances (modules); nixosConfigurations = lib.xyno.loadInstances ./instances (modules);
devShell."x86_64-linux" = devShells."x86_64-linux".default =
let let
pkgs = genPkgs "x86_64-linux"; pkgs = genPkgs "x86_64-linux";
in in

4
instances/ds9/configuration.nix
View file

@ -8,9 +8,11 @@
nixpkgs.system = "x86_64-linux"; nixpkgs.system = "x86_64-linux";
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./services/attic.nix
./services/immich.nix ./services/immich.nix
./services/paperless.nix
./services/jellyfin.nix ./services/jellyfin.nix
./services/paperless.nix
./services/ytdl-sub.nix
]; ];
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";

57
instances/ds9/secrets/atticd.yaml Normal file
View file

File diff suppressed because one or more lines are too long

59
instances/ds9/secrets/woodpecker.yaml Normal file
View file

@ -0,0 +1,59 @@
woodpecker:
agent_secret: ENC[AES256_GCM,data:3UeEZus6umg6PgIHRz91PN3oiUqpq/PWMrleOt3MCtfUf/oSefFdAZ/QuHK0jhrYMXBbbswql9jEu7DY1ztzP05oEfk2XtGQHnXr9yhizLRvCeJ4izFNYEc=,iv:c9RipnwCLe2RRSQJrVh+Rh6pDA2kssTNe0aNvcQbBnE=,tag:JfHn71sb6/ZE6OLzzCxcNQ==,type:str]
gitea: ENC[AES256_GCM,data:nG6YB4MK/GJG98LsVEMbeaEDvlGHmAsQRpoQZQ==,iv:7Ew2Ri/QTV0N3u3BrJ+uafDktcw57c3jArGaq7Wrrr8=,tag:eYCYxhGuYVZb51qGI4uynQ==,type:str]
prometheus: ENC[AES256_GCM,data:q2Z8uO7Cvg31eY9c8rPcYIEuzF/VIHVfViPKWej4DIBYmJqxEWbwdDEPYN1iDKLQDr/PwDj9Zm0QeOqek7qLPanNaLsynZmz29j//bqQOjds2KrPhQQZ,iv:kujSbMkIOtAUfOsftT7mbH2n/M1y/eeoOcMTqKwI4Wo=,tag:V3Lpe54p4oBcxe/KGdHQFw==,type:str]
sops:
lastmodified: "2025-09-06T22:46:06Z"
mac: ENC[AES256_GCM,data:LpSU8hHNrMOXfx+4DZstOYlRF/2MjJWwCwUwjyA4Gxn4+OivfC/tVLxicYw3UYMwIksG4ENwMgdm3j+UI3+x9UWdG1qjBnXKOqQK35IlSP7sF0/Ksa+4suB7axhz/kXNm+ntuvyzTKIRtYnYT0uBWPhAuEIwn2yIdY2x0AOPOjo=,iv:5+kExY4v6i4ws7pGABx0dXUrFEq7F2njNUWPzuhz5ZU=,tag:e36ICN2K2hkhtHOBNYmb1A==,type:str]
pgp:
- created_at: "2025-09-06T22:36:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hL4DAAAAAAAAAAASBAMELJIJb18SjKdjEsA9tR4uBLctJlaD4L4i3f1bYzUFiu/Q
Skn+W1TwQKMYxZnr7YlIAQcZSjpZLzQE1AY/ZjzgLDtTesx9RQejtWzaXrk744Ge
/o53slD0pOd/bwvb5YFFBQzR9o0leK7Rfogps9DXDG9UsSJmW8HUFqaBOOeYVNEw
o6zHGUYRNef8U5nxW50PWa1YbH6g5mX0Q8vP6j7lWBe6UGbBwXTJIctMknxUViid
0l4Bedn5GIN3xC0EJuJQ9mhVhHH2YMwcqKSQR2YcimKXIayy3ADVSWqnh0uEhXHD
EBkUmk5a9FVxrWr/D+2ZW6Md0SG6fV33VcxT13Yx/YVg/L1nNLYcfP2ZWDVpibq0
=DFT7
-----END PGP MESSAGE-----
fp: 0D98D5964AC8BB1CA034CE4EC456133700066642
- created_at: "2025-09-06T22:36:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQGMAwAAAAAAAAAAAQwAtVrcsgUEgocwIx8OQ4cba/KQYl5nyIuL2ElnJcKBHoOu
2tsC9zXFomGpguGh+RnTsbApOXajSVbEmvH85flShEi1qm8IUUTofO2I1e9/bXDt
tDu4QXH5Z2mp6x6HZZRC2tx/otem3Inn/RMmNJWaaotsBq6AFCRrSzlaaXkNZEJQ
zaIolujXoNgXE6xEZ4J2RfjIyITBktHI7IwfkKXBWeb920QGRXG88rTwenlkhPOS
gXyu8hGvLuDL6y4TPvDO0E3rnelDyeLwaCek7S4qLAyd+pvx1bTla2svCZTVZCfh
WxRQ4S5fZt9HnsmLe91vYYkxLi7O1qzVKhueAEqa1T1/Bp0RHbAcDph/rakGm0Z0
1GQJD77TrGtsj2ZD+1OtYDX9Uj/TmaJktTwYNhe3HxelOM1+GL3MybPuW+kgEN3x
1LRu3X1Gk3MzpmEpv3aehwHGOWplGwmCygptgg3x27O68c+Nf2Qdz5aa04mhzV3g
R2G3uX9HXJmrXIaXURwi0lgBkBbh26shJIrqTvo2K+ZB3LTFtOozSlcw2KAP5TKo
S3gUpdl8WZ8tK51U5WI+KQkeXGmGlLtmkorB1PS1lL03A4s/TBgHcpAmaz4/CdfI
3kfq/UxdviG/
=n2oS
-----END PGP MESSAGE-----
fp: fada7e7be28e186e463ad745a38d17f36849d8a7
- created_at: "2025-09-06T22:36:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQGMAwAAAAAAAAAAAQwAqKJADgVZRAYxVg4ddDtzJjdh/XyaQaFktn1BkAyq/bUT
T5rtyrRsDnRW/JvYIWJt9O9ewsNYRWF0CPfPRaLeUaWMXnvmRPFeZB+CqfIjxQdE
qZcDLq0UL6lv4y7RUYi7HL8qoKATqVyxmBkKb04SWm/R6iGm2O7mO1cg/sqwCCnv
m0abeQvn/wlIl0yeQxsT/b1ZUzxIn/5TPOPu5MIbpeUNRZJU3xgD+6K9ZFZphx3T
0FQjz54MHgJ+GHEAfPIVJ1zZ1pnAY2EsigWqLOwttG5FwXKAhmtkCXcZc9biG3bO
K5mI1zosHO9ktp04YA8hE7cybgnlut3roWFlnPb1UFj3T2q8UUUKXjB9ztIF58Nd
GCIg1zua/5Iuz58G3nTCmUg4+0tnJGbTYRTixZLdF9q3Ff0R3ckOIw7wFZQL6ZHm
Fx1XXZ+3CffjySf2iBT2j+eR8Pe6Aue3aD7dkmq/m7hatoG/0FqnrDWeiMXBqBrY
MEad4gm8QC4IVTzDSfR60lgBTMVc9vJAS22UwEcVgCDxXeoQnXu4HCsnxi5XmWQc
BNeQ5gdVrmDQZ56ER1ik6hYUUzmZd3iOGV+r7oi3qWq6PHAjl9tx9KZkhEO3Sqvf
kzeCBEUPKfGc
=rb5/
-----END PGP MESSAGE-----
fp: b730b2bf54eb792a14bfd3e68c14c08894376c5f
unencrypted_suffix: _unencrypted
version: 3.10.2

29
instances/ds9/services/attic.nix Normal file
View file

@ -0,0 +1,29 @@
{
pkgs,
config,
lib,
...
}:
{
xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.attic.extraConfig =
"reverse_proxy http://[::1]:8089";
services.postgresql.ensureDatabases = [ "atticd" ];
services.postgresql.ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
];
services.atticd = {
enable = true;
settings.database.url = "postgresql://atticd@localhost/atticd?host=/run/postgresql";
settings.listen = "[::1]:8089";
settings.allowed-hosts = [ "attic.hailsatan.eu" ];
settings.api_endpoint = [ "https://attic.hailsatan.eu/" ];
environmentFile = config.sops.secrets."atticd/env".path;
};
sops.secrets."atticd/env" = {
sopsFile = ../secrets/atticd.yaml;
};
xyno.impermanence.directories = [ "/var/lib/atticd" ];
}

75
instances/ds9/services/woodpecker.nix Normal file
View file

@ -0,0 +1,75 @@
{
pkgs,
config,
lib,
...
}:
{
xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.woodpecker.extraConfig =
"reverse_proxy http://[::1]:18000";
xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.woodpecker-agent.extraConfig =
"reverse_proxy h2c://[::1]:19000";
services.postgresql.ensureDatabases = [ "woodpecker" ];
services.postgresql.ensureUsers = [
{
name = "woodpecker";
ensureDBOwnership = true;
}
];
services.woodpecker-server = {
enable = true;
environment = {
GITEA = true;
GITEA_URL = "https://git.xyno.systems";
GRPC_ADDR = ":19000";
SERVER_ADDR = ":18000";
WOODPECKER_DATABASE_DATASOURCE = "postgresql://woodpecker@localhost/woodpecker?host=/run/postgresql";
WOODPECKER_DATABASE_DRIVER = "postgres";
WOODPECKER_HOST = "https://woodpecker.hailsatan.eu";
};
environmentFile = [
config.sops.secrets."woodpecker/agent_secret".path
config.sops.secrets."woodpecker/gitea".path
];
};
virtualisation.podman = {
dockerSocket.enable = true;
enable = true;
autoPrune.enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
# This is needed for podman to be able to talk over dns
networking.firewall.interfaces."podman0" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
services.woodpecker-agents.podman = {
environment = {
WOODPECKER_SERVER = "[::1]:19000";
WOODPECKER_BACKEND = "docker";
WOODPECKER_MAX_WORKFLOWS = 4;
DOCKER_HOST = "unix:///run/podman/podman.sock";
};
environmentFile = [
config.sops.secrets."woodpecker/agent_secret".path
];
extraGroups = [ "podman" ];
};
sops.secrets."woodpecker/agent_secret" = {
sopsFile = ../secrets/woodpecker.yaml;
};
sops.secrets."woodpecker/gitea" = {
sopsFile = ../secrets/woodpecker.yaml;
};
sops.secrets."woodpecker/prometheus" = {
sopsFile = ../secrets/woodpecker.yaml;
};
xyno.impermanence.directories = [
"/var/lib/woodpecker"
"/var/lib/containers"
];
}

129
instances/ds9/services/ytdl-sub.nix Normal file
View file

@ -0,0 +1,129 @@
{
config,
pkgs,
lib,
inputs,
...
}:
with lib;
let
channels = {
"Entertainment" = [
"2BoredGuysOfficial"
"AlexPrinz"
"BagelBoyOfficial"
"DiedeutschenBackrooms"
"DankPods"
"Defunctland"
"Ididathing"
"GarbageTime420"
"Boy_Boy"
"ContraPoints"
"PhilosophyTube"
"PosyMusic"
"RobBubble"
"agingwheels"
"NileBlue"
"NileRed"
"styropyro"
"williamosman"
"billwurtz"
"f4micom"
"hbomberguy"
"simonegiertz"
"Parabelritter"
"DeviantOllam"
"MaxFosh"
"MichaelReeves"
"TomScottGo"
"WilliamOsman2"
];
"Tism" = [
"Echoray1" # alwin meschede
"TechnologyConnections"
"TechnologyConnextras"
"TheB1M"
"bahnblick_eu"
"jameshoffmann"
"scottmanley"
"theCodyReeder"
"standupmaths"
];
"Making" = [
"DIYPerks"
"MaxMakerChannel"
"Nerdforge"
"iliketomakestuff"
"ZackFreedman"
];
"Games" = [
"TylerMcVicker1"
"gabe.follower"
"altf4games"
];
"Programming" = [
"BenEater"
"NoBoilerplate"
"stacksmashing"
];
"Tech" = [
"LinusTechTips"
];
};
in
{
systemd.services."ytdl-sub-default".serviceConfig.ReadWritePaths = [ "/data/media/yt" ];
services.ytdl-sub = {
instances.default = {
enable = true;
schedule = "0/6:0";
config = {
presets."Sponsorblock" = {
ytdl_options.cookiefile = "/data/media/yt/cookies.Personal.txt";
subtitles = {
embed_subtitles = true;
languages = [
"en"
"de"
];
allow_auto_generated_subtitles = false;
};
chapters = {
embed_chapters = true;
sponsorblock_categories = [
# "outro"
"selfpromo"
"preview"
"interaction"
"sponsor"
"music_offtopic"
# "intro"
];
remove_sponsorblock_categories = "all";
force_key_frames = false;
};
};
};
subscriptions = {
"__preset__".overrides = {
tv_show_directory = "/data/media/yt";
only_recent_max_files = 30;
# only_recent_date_range = "30days";
};
"Jellyfin TV Show by Date | Sponsorblock | Only Recent | Max 1080p" = mapAttrs' (
n: v: nameValuePair "= ${n}" (genAttrs v (x: "https://youtube.com/@${x}"))
) channels;
"Jellyfin TV Show Collection | Sponsorblock" = {
"~Murder Drones" = {
s01_url = "https://www.youtube.com/playlist?list=PLHovnlOusNLiJz3sm0d5i2Evwa2LDLdrg";
tv_show_collection_episode_ordering = "playlist-index";
};
};
};
};
group = "users";
};
}