Merge remote-tracking branch 'refs/remotes/origin/master'

2025-12-04 15:00:13 +01:00 · 2025-07-07 23:21:48 +02:00 · 2025-07-07 23:21:48 +02:00 · 04d9c6edec
commit 04d9c6edec
parent 7b5b3d0208 35db81ac4d
15 changed files with 176 additions and 81 deletions
--- a/modules/core/sshd.nix
+++ b/modules/core/sshd.nix
@ -17,5 +17,6 @@
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # main laptop
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # main phone
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv2zxCy22KU1tZOH2hA1p8fWVpOSrTYF68+3E5r330O liv@ichiyo" # 2nd laptop
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGm9dLpj13r+Iso5SuHSCSQbriumwW1Fs7TkgaBmmXeo liv@azalea" # linux phone
  ];
 }
--- a/modules/home/hyprland/config.nix
+++ b/modules/home/hyprland/config.nix
@ -226,6 +226,7 @@
        "$mainMod SHIFT, W, exec, wdisplays"
        "$mainMod SHIFT, T, exec, thunderbird"
        "$mainMod SHIFT, E, exec, element-desktop"
+        "$mainMod SHIFT, X, exec, gajim"
        "$mainMod SHIFT, P, exec, pavucontrol-qt"
        "$mainMod SHIFT, N ,exec, notes"
        "$mainMod, N,exec, swaync-client -t"
--- a/modules/home/packages.nix
+++ b/modules/home/packages.nix
@ -59,6 +59,7 @@

    # GUI shit
    element-desktop
+    gajim
    signal-desktop
    anki-bin
    obs-studio
--- a/modules/services/borg.nix
+++ b/modules/services/borg.nix
@ -1,7 +1,12 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  username,
+  ...
+}:
 let
  hostname = "violet";
-  repo = "ssh://dandelion.booping.local:${toString config.services.openssh.ports}/spinners/rootvol/backups/${hostname}";
+  baseRepo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/${hostname}";
 in
 {
  services.borgbackup.jobs = {
@ -9,55 +14,41 @@ in
      paths = [
        "/home/liv/MinecraftDocker"
      ];
-      repo = "${repo}/MinecraftDocker-tulip";
-      compression = "auto,zstd";
-      startAt = "daily";
+      repo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/violet/MinecraftDocker-tulip";
+      encryption.mode = "none";
+      compression = "auto,zstd,10";
+      startAt = [ "3:00" ];
      postHook = ''
        if [ $exitStatus -eq 2 ]; then
-          ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) failed with errors"
+          ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) failed with errors"
        else
-          ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) completed succesfully with exit status $exitStatus"
+          ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) completed succesfully with exit status $exitStatus"
        fi
      '';
+      user = "${username}";
+      environment = {
+        BORG_RSH = "ssh -p 9123 -i /home/liv/.ssh/id_ed25519";
+      };
    };
    "violet-lib" = {
      paths = [
        "/var/lib"
      ];
-      repo = "${repo}/var-lib";
+      repo = "${baseRepo}/var-lib";
+      encryption.mode = "none";
      compression = "auto,zstd";
      startAt = "daily";
      postHook = ''
        if [ $exitStatus -eq 2 ]; then
-          ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) failed with errors"
+          ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) failed with errors"
        else
-          ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) completed succesfully with exit status $exitStatus"
+          ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) completed succesfully with exit status $exitStatus"
        fi
      '';
+      # user = "${username}";
+      environment = {
+        BORG_RSH = "ssh -p 9123 -i /home/liv/.ssh/id_ed25519";
+      };
    };
-    # "violet-random" = {
-    #   paths = [
-    #     "/random"
-    #   ];
-    #   exclude = [
-    #     "/random/a"
-    #     "/random/a"
-    #   ];
-    #  encryption = {
-    #    mode = "";
-    #    passCommand = "";
-    #  };
-    #  environment.BORG_RSH = "ssh -i ${config.sops.secrets."ssh_private_key_violet".path}";
-    #  repo = "${repo}/violet/random";
-    #  compression = "auto,zstd";
-    #  startAt = "daily";
-    #  postHook = ''
-    #    if [ $exitStatus -eq 2 ]; then
-    #      ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.${domain}/nixbox "BorgBackup: nixbox backup failed with errors"
-    #    else
-    #      ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.${domain}/nixbox "BorgBackup: nixbox backup completed succesfully with exit status $exitStatus"
-    #    fi
-    #  '';
-    # };
  };
 }
--- a/modules/services/dandelion.nix
+++ b/modules/services/dandelion.nix
@ -8,5 +8,6 @@
    ++ [ (import ./monitoring.nix) ]
    ++ [ (import ./smart-monitoring.nix) ]
    ++ [ (import ./tailscale.nix) ]
+    ++ [ (import ./nfs.nix) ]
    ++ [ (import ./hd-idle.nix) ];
 }
--- a/modules/services/frp.nix
+++ b/modules/services/frp.nix
@ -0,0 +1,34 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+{
+  services.frp = {
+    enable = true;
+    role = "client";
+    settings = {
+      serverAddr = "";
+      serverPort = 7000;
+      auth.method = "token";
+      auth.token = "";
+      proxies = [
+        {
+          name = "http";
+          type = "tcp";
+          localIP = "localhost";
+          localPort = 80;
+          remotePort = 80;
+        }
+        {
+          name = "https";
+          type = "tcp";
+          localIP = "localhost";
+          localPort = 443;
+          remotePort = 443;
+        }
+      ];
+    };
+  };
+}
--- a/modules/services/immich.nix
+++ b/modules/services/immich.nix
@ -1,9 +1,12 @@
 { config, ... }:
 {
-  services.immich = {
-    enable = true;
-    port = 2283;
-  };
+  # services.immich = {
+  # enable = true;
+  # port = 2283;
+  # mediaLocation = "/spinners/rootvol/immich/";
+  # openFirewall = true;
+  # machine-learning.enable = true;
+  # };

  # services.nginx.virtualHosts."" = {
  #   forceSSL = true;
--- a/modules/services/mpd.nix
+++ b/modules/services/mpd.nix
@ -1,8 +1,13 @@
-{ username, config, ... }:
+{
+  username,
+  config,
+  pkgs,
+  ...
+}:
 {
  services.mpd = {
    enable = true;
-    musicDirectory = "/dandelion/home/liv/music";
+    musicDirectory = "/home/liv/Music";
    extraConfig = ''
      audio_output {
        type "pipewire"
@ -13,10 +18,14 @@

    # Optional:
    # network.listenAddress = "any"; # if you want to allow non-localhost connections
-    network.startWhenNeeded = false; # systemd feature: only start MPD service upon connection to its socket
  };
  systemd.services.mpd.environment = {
    # see: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/609
-    XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.userRunningPipeWire.uid}"; # User-id must match above user. MPD will look inside this directory for the PipeWire socket.
+    XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.${username}.uid}"; # User-id must match above user. MPD will look inside this directory for the PipeWire socket.
  };
+
+  environment.systemPackages = with pkgs; [
+    mpdris2
+    ncmpcpp
+  ];
 }
--- a/modules/services/nfs.nix
+++ b/modules/services/nfs.nix
@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services = {
+    # Network shares
+    samba = {
+      package = pkgs.samba4Full;
+      # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support (compared to the default package, `samba`
+      # Required for samba to register mDNS records for auto discovery
+      # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268
+      enable = true;
+      openFirewall = true;
+      shares.main = {
+        path = "/spinners/rootvol/nfs";
+        writable = "true";
+        comment = "Hello world!";
+      };
+    };
+    avahi = {
+      publish.enable = true;
+      publish.userServices = true;
+      # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
+      #nssmdns4 = true;
+      # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
+      enable = true;
+      openFirewall = true;
+    };
+    samba-wsdd = {
+      # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued
+      enable = true;
+      openFirewall = true;
+    };
+  };
+}
--- a/modules/services/prosody.nix
+++ b/modules/services/prosody.nix
@ -1,29 +0,0 @@
-{
-  services.prosody = {
-    enable = false;
-    user = "acme";
-    modules = {
-      welcome = true;
-      websocket = true;
-      watchregistrations = true;
-    };
-    admins = [ "liv@liv.town" ];
-    allowRegistration = false;
-    ssl.cert = "/var/lib/acme/liv.town/cert.pem";
-    ssl.key = "/var/lib/acme/liv.town/key.pem";
-    virtualHosts."liv.town" = {
-      enabled = true;
-      domain = "liv.town";
-      ssl.cert = "/var/lib/acme/liv.town/fullchain.pem";
-      ssl.key = "/var/lib/acme/liv.town/key.pem";
-    };
-    muc = [
-      {
-        domain = "conference.liv.town";
-      }
-    ];
-    uploadHttp = {
-      domain = "upload.liv.town";
-    };
-  };
-}
--- a/modules/services/violet.nix
+++ b/modules/services/violet.nix
@ -3,11 +3,14 @@
  imports =
    [ (import ./invidious.nix) ]
    ++ [ (import ./anubis.nix) ]
+    ++ [ (import ./borg.nix) ]
    ++ [ (import ./binternet-proxy.nix) ]
+    ++ [ (import ./bluemap-proxy.nix) ]
    ++ [ (import ./docker.nix) ]
-    ++ [ (import ./frp.nix) ]
+    # ++ [ (import ./frp.nix) ]
    ++ [ (import ./forgejo.nix) ]
    ++ [ (import ./grafana.nix) ]
+    ++ [ (import ./guacamole.nix) ]
    ++ [ (import ./gokapi.nix) ]
    ++ [ (import ./jellyfin.nix) ]
    ++ [ (import ./librey-proxy.nix) ]
@ -16,15 +19,13 @@
    ++ [ (import ./mumble.nix) ]
    ++ [ (import ./monitoring.nix) ]
    ++ [ (import ./ntfy.nix) ]
-    ++ [ (import ./bluemap-proxy.nix) ]
-    ++ [ (import ./sharkey-proxy.nix) ]
    ++ [ (import ./nginx.nix) ]
-    # ++ [(import ./komga.nix)]
    ++ [ (import ./radicale.nix) ]
-    ++ [ (import ./prosody.nix) ]
-    ++ [ (import ./tailscale.nix) ]
-    ++ [ (import ./guacamole.nix) ]
-    ++ [ (import ./readarr.nix) ];
-  # ++ [(import ./smart-monitoring.nix)]
-  # ++ [(import ./jitsi-meet.nix)]
+    ++ [ (import ./readarr.nix) ]
+    ++ [ (import ./sharkey-proxy.nix) ]
+    # ++ [ (import ./komga.nix) ]
+    # ++ [ (import ./prosody.nix) ]
+    ++ [ (import ./tailscale.nix) ];
+  # ++ [ (import ./smart-monitoring.nix) ]
+  # ++ [ (import ./jitsi-meet.nix) ]
 }
--- a/modules/services/xmpp.nix
+++ b/modules/services/xmpp.nix
@ -0,0 +1,29 @@
+{
+  # services.prosody = {
+  #   enable = false;
+  #   user = "acme";
+  #   modules = {
+  #     welcome = true;
+  #     websocket = true;
+  #     watchregistrations = true;
+  #   };
+  #   admins = [ "liv@liv.town" ];
+  #   allowRegistration = false;
+  #   ssl.cert = "/var/lib/acme/liv.town/cert.pem";
+  #   ssl.key = "/var/lib/acme/liv.town/key.pem";
+  #   virtualHosts."liv.town" = {
+  #     enabled = true;
+  #     domain = "liv.town";
+  #     ssl.cert = "/var/lib/acme/liv.town/fullchain.pem";
+  #     ssl.key = "/var/lib/acme/liv.town/key.pem";
+  #   };
+  #   muc = [
+  #     {
+  #       domain = "conference.liv.town";
+  #     }
+  #   ];
+  #   uploadHttp = {
+  #     domain = "upload.liv.town";
+  #   };
+  # };
+}