aaaaa

2025-08-26 00:58:27 +02:00 · 2025-08-26 00:58:27 +02:00 · d3a93fd115
commit d3a93fd115
parent 414e830efa
35 changed files with 1832 additions and 228 deletions
--- a/instances/ds9/configuration.nix
+++ b/instances/ds9/configuration.nix
@ -5,12 +5,21 @@
  ...
 }:
 {
-  imports = [ ./hardware-configuration.nix ];
+  nixpkgs.system = "x86_64-linux";
+  imports = [
+    ./hardware-configuration.nix
+    ./services/immich.nix
+    ./services/paperless.nix
+    ./services/jellyfin.nix
+
+  ];
  time.timeZone = "Europe/Berlin";

-  services.tailscale.enable = true;
-  services.tailscale.useRoutingFeatures = "client";
  xyno.presets.cli.enable = true;
+  xyno.services.wireguard.enable = true;
+  xyno.services.caddy.enable = true;
+  xyno.services.monitoring.enable = true;
+  xyno.services.authentik.enable = true;
  xyno.presets.home-manager.enable = true;
  xyno.system.user.enable = true;
  xyno.networking.networkd = {
--- a/instances/ds9/default.nix
+++ b/instances/ds9/default.nix
@ -1,8 +1,11 @@
 {
  modules = [ ./configuration.nix ];
-  system = "x86_64-linux";
  hostName = "ds9";
  publicHostname = "ds9.hailsatan.eu";
-  wgPubKey = "";
-  wgServer = true;
+  prometheusServer = true;
+  wg = {
+    pubKey = "";
+    server = true;
+    v4 = "10.13.12.1";
+  };
 }
--- a/instances/ds9/services/immich.nix
+++ b/instances/ds9/services/immich.nix
@ -0,0 +1,19 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+{
+  xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.immich.extraConfig =
+    "reverse_proxy http://[::1]:${toString config.services.immich.port}";
+  services.immich = {
+    enable = true;
+    group = "users";
+    mediaLocation = "/data/immich";
+    settings = {
+      newVersionCheck.enabled = false;
+      externalDomain = "https://immich.hailsatan.eu";
+    };
+  };
+}
--- a/instances/ds9/services/jellyfin.nix
+++ b/instances/ds9/services/jellyfin.nix
@ -0,0 +1,20 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+{
+  xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.j.extraConfig =
+    "reverse_proxy http://[::1]:8096";
+  xyno.impermanence.directories = [ config.services.jellyfin.dataDir ];
+  xyno.services.authentik.ldapApps.jellyfin = {
+    name = "Lucy+";
+    meta_description = "Jellyfin";
+    meta_launch_url = "https://j.hailsatan.eu";
+  };
+  services.jellyfin = {
+    enable = true;
+    group = "users";
+  };
+}
--- a/instances/ds9/services/paperless.nix
+++ b/instances/ds9/services/paperless.nix
@ -0,0 +1,25 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+{
+  xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.paperless.extraConfig =
+    "import reverse_proxy_auth http://${config.services.paperless.address}:${toString config.services.paperless.port}";
+  xyno.impermanence.directories = [ config.services.paperless.dataDir ];
+  xyno.services.authentik.proxyApps.paperless = {
+    externalHost = "https://paperless.hailsatan.eu";
+    name = "Paperless";
+    groups = [ "admin" ];
+  };
+  services.paperless = {
+    configureTika = true;
+    enable = true;
+    database.createLocally = true;
+    exporter = {
+      enable = true;
+      directory = "/data/paperless-export";
+    };
+  };
+}
--- a/instances/theseus/configuration.nix
+++ b/instances/theseus/configuration.nix
@ -9,6 +9,7 @@
  nixpkgs.system = "x86_64-linux";
  imports = [ ./hardware-configuration.nix ];
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  services.fido2-hid-bridge.enable = true;
  home-manager.users.${config.xyno.system.user.name} = (
    { ... }:
    {
@ -16,7 +17,10 @@
      xyno.borgmatic.enable = true;
      home.packages = [
        # work
-        (pkgs.unstable.jetbrains.rider.override  { jdk = pkgs.unstable.openjdk21; })
+        # (pkgs.unstable.jetbrains.rider.override { jdk = pkgs.unstable.openjdk21; })
+        pkgs.unstable.jetbrains.rider
+        pkgs.android-studio
+        # (pkgs.unstable.android-studio.override { jdk = pkgs.unstable.openjdk21; })
        (pkgs.firefox-devedition.overrideAttrs (super: self: { meta.priority = 1; }))
      ];
      services.flatpak.update.auto.enable = true;
@ -41,6 +45,8 @@
  nixpkgs.config.permittedInsecurePackages = [
    "olm-3.2.16"
  ];
+  virtualisation.podman.enable = true;
+      services.vsmartcard-vpcd.enable = true;

  environment.systemPackages = with pkgs; [
    aerc
@ -55,6 +61,35 @@
    tectonic
    rquickshare
    supersonic
+    nheko
+    anki-bin
+    nixpkgs-manual
+    nixpkgs-manual.lib-docs
+    (
+      let
+        helpScript = pkgs.writeShellScriptBin "nixpkgs-help" ''
+          exec xdg-open ${pkgs.nixpkgs-manual}/share/doc/nixpkgs/index.html
+        '';
+        desktopItem = pkgs.makeDesktopItem {
+          name = "nixpkgs-manual";
+          desktopName = "nixpkgs Manual";
+          genericName = "System Manual";
+          comment = "View nixpkgs documentation in a web browser";
+          icon = "nix-snowflake";
+          exec = "nixpkgs-help";
+          categories = [ "System" ];
+        };
+
+      in
+      pkgs.symlinkJoin {
+        name = "nixpkgs-help";
+        paths = [
+          helpScript
+          desktopItem
+        ];
+
+      }
+    )
    # (nheko.overrideAttrs (
    #   super: self: {
    #     src = inputs.nheko;
--- a/instances/theseus/default.nix
+++ b/instances/theseus/default.nix
@ -1,4 +1,7 @@
 {
  modules = [ ./configuration.nix ];
  hostName = "theseus";
+  wg = {
+    pubKey = "";
+  };
 }