liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2025-12-04 06:50:14 +01:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

chore: merge remote-tracking branch 'refs/remotes/origin/master'

Browse source
This commit is contained in:
Ahwx 2025-11-21 11:50:22 +01:00
commit a83e6f907a
22 changed files with 142 additions and 451 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -19,6 +19,7 @@
spicetify-nix.url = "github:Gerg-L/spicetify-nix"; spicetify-nix.url = "github:Gerg-L/spicetify-nix";
oisd.url = "https://big.oisd.nl/domainswild"; oisd.url = "https://big.oisd.nl/domainswild";
oisd.flake = false; oisd.flake = false;
funkwhale.url = "github:mmai/funkwhale-flake";
}; };
outputs = outputs =

17
hosts/dandelion/variables.nix
View file

@ -1,17 +0,0 @@
{
lib,
config,
...
}: let
inherit (lib) mkOption types;
inherit (config.liv) variables;
in {
options.liv.variables.dandelion = {
thisMachine = mkOption {
default = "dandelion.srv.${variables.primaryDomain}";
type = types.str;
readOnly = true;
description = "Domain of this specific machine";
};
};
}

7
hosts/iris/default.nix
View file

@ -46,6 +46,13 @@
gui.enable = true; gui.enable = true;
}; };
# Enable ROCM support
hardware.amdgpu.opencl.enable = true;
environment.systemPackages = with pkgs; [
pkgs.davinci-resolve
];
boot = { boot = {
kernelParams = [ ]; kernelParams = [ ];
kernelModules = [ "acpi_call" ]; kernelModules = [ "acpi_call" ];

265
hosts/lily/default.nix
View file

@ -1,265 +0,0 @@
{
lib,
pkgs,
config,
...
}:
let
externalInterface = "wan0";
# networks = config.homelab.networks.local;
# internalInterfaces = lib.mapAttrsToList (_: val: val.interface) networks;
# internalIPs = lib.mapAttrsToList (
# _: val: lib.strings.removeSuffix ".1" val.cidr + ".0/24"
# ) networks;
commonDhcpOptions = [
{
name = "domain-name-servers";
data = "9.9.9.9";
}
{
name = "time-servers";
data = "172.16.1.1";
}
{
name = "domain-name";
data = "beeping.local";
}
{
name = "domain-search";
data = "beeping.local";
}
];
in
{
imports = [
./hardware-configuration.nix
./variables.nix
./dns.nix
./wireguard.nix
./../../modules/core/default.router.nix
./../../modules/services/lily.nix
];
liv = {
server.enable = true;
router.enable = true;
};
boot = {
loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
};
kernel = {
sysctl = {
# Forward both IPv4 and IPv6 on all interfaces
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = false;
# By default, do not automatically configure any IPv6 addresses.
# "net.ipv6.conf.all.accept_ra" = 0;
# "net.ipv6.conf.all.autoconf" = 0;
# "net.ipv6.conf.all.use_tempaddr" = 0;
# Allow IPv6 autoconfiguration and tempory address use on WAN.
"net.ipv6.conf.${externalInterface}.accept_ra" = 2;
"net.ipv6.conf.${externalInterface}.autoconf" = 1;
};
};
};
# label network interfaces
services.udev.extraRules = ''
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6e", ATTR{type}=="1", NAME="wan0"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6f", ATTR{type}=="1", NAME="lan0"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:80", ATTR{type}=="1", NAME="lan1"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:81", ATTR{type}=="1", NAME="lan2"
'';
networking = {
nameservers = [
"9.9.9.9"
"149.112.112.112"
];
interfaces = {
wan0.useDHCP = true;
lan0.useDHCP = false;
lan1.useDHCP = false;
lan2.useDHCP = false;
};
firewall = {
enable = false;
allowPing = true;
# allow ssh on *all* interfaces, even wan.
allowedTCPPorts = lib.mkForce [ 22 ];
allowedUDPPorts = lib.mkForce [ 22 ];
# interface-specific rules
interfaces = {
"lan0" = {
allowedTCPPorts = [
22
53
];
allowedUDPPorts = [
22
53
];
};
};
};
# <100 is trusted; =>100 is untrusted.
vlans = {
lan = {
id = 1;
interface = "lan1";
};
servers = {
id = 10;
interface = "lan1";
};
management = {
id = 21;
interface = "lan1";
};
iot = {
id = 100;
interface = "lan1";
};
guest = {
id = 110;
interface = "lan1";
};
};
};
services = {
kea.dhcp4 = {
enable = true;
settings = {
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
interfaces-config = {
interfaces = [
"lan"
"servers"
"management"
"iot"
"guest"
];
};
option-data = [
{
name = "domain-name-servers";
data = "";
always-send = true;
}
{
name = "routers";
data = "";
}
{
name = "domain-name";
data = "beeping.local";
}
];
rebind-timer = 2000;
renew-timer = 1000;
valid-lifetime = 43200;
# option domain-name-servers 9.9.9.9, 149.112.112.112;
# TODO: these should be dynamically generated based on ${config.networking.vlans}
subnet4 = [
({
id = 1;
interface = "lan";
subnet = "172.16.1.0/24";
pools = [ { pool = "172.16.1.50 - 172.16.1.254"; } ];
option-data = [
{
name = "routers";
data = "172.16.1.1";
}
] ++ commonDhcpOptions;
})
({
id = 10;
interface = "servers";
subnet = "172.16.10.0/24";
pools = [ { pool = "172.16.10.50 - 172.16.10.254"; } ];
option-data = [
{
name = "routers";
data = "172.16.10.1";
}
] ++ commonDhcpOptions;
})
({
id = 21;
interface = "management";
subnet = "172.16.21.0/24";
pools = [ { pool = "172.16.21.50 - 172.16.21.254"; } ];
option-data = [
{
name = "routers";
data = "172.16.21.1";
}
] ++ commonDhcpOptions;
})
({
id = 100;
interface = "iot";
subnet = "172.16.100.0/24";
pools = [ { pool = "172.16.100.50 - 172.16.100.254"; } ];
option-data = [
{
name = "routers";
data = "172.16.100.1";
}
] ++ commonDhcpOptions;
})
({
id = 110;
interface = "guest";
subnet = "172.16.110.0/24";
pools = [ { pool = "172.16.110.50 - 172.16.110.254"; } ];
option-data = [
{
name = "routers";
data = "172.16.110.1";
}
] ++ commonDhcpOptions;
})
];
};
};
avahi = {
enable = true;
reflector = true;
interfaces = [
"lan"
"iot"
];
};
};
networking.hostName = "lily";
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [
kitty.terminfo
tcpdump
dnsutils
bind
ethtool
];
}

31
hosts/lily/dns.nix
View file

@ -1,31 +0,0 @@
{ lib, config, ... }:
{
services = {
dnsmasq = {
enable = false; # try some other options first
settings = {
cache-size = 10000; # Specifies the size of the DNS query cache. It will store up to n cached DNS queries to improve response times for frequently accessed domains.
server = [
"9.9.9.9"
"149.112.112.112"
];
domain-needed = true; # Ensures that DNS queries are only forwarded for domains that are not found in the local configuration.
bogus-priv = true; # Blocks DNS queries for private IP address ranges to prevent accidental exposure of private resources.
no-resolv = true; # Prevents dnsmasq from using /etc/resolv.conf for DNS server configuration.
# configure DHCP server; get leases by running: `cat /var/lib/dnsmasq/dnsmasq.leases`
dhcp-range = [ "br-lan,172.16.10.50,172.16.10.254,24h" ];
interface = "br-lan";
dhcp-host = "172.16.10.1";
# local sets the local domain name to "n". Combinded with expand-hosts = true, it will add a .local suffix to any local defined name when trying to resolve it.
local = "/local/";
domain = "local";
expand-hosts = true;
no-hosts = true; # Prevents the use of /etc/hosts. This ensures that the local hosts file is not used to override DNS resolution.
address = "/booping.local/172.16.10.1";
};
};
};
}

37
hosts/lily/hardware-configuration.nix
View file

@ -1,37 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/75447a73-848e-4b34-a1b3-d5b7a8e804ee";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/d4552527-c7c6-4047-929b-aeb3500299e3"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
hosts/lily/variables.nix
View file

@ -1,19 +0,0 @@
{
lib,
config,
...
}:
let
inherit (lib) mkOption types;
inherit (config.liv) variables;
in
{
options.liv.variables.lily = {
thisMachine = mkOption {
default = "lily.srv.${variables.primaryDomain}";
type = types.str;
readOnly = true;
description = "Domain of this specific machine";
};
};
}

3
hosts/lily/wireguard.nix
View file

@ -1,3 +0,0 @@
{
}

54
hosts/violet/backups.nix
View file

@ -1,54 +0,0 @@
let
borgbackupMonitor =
{
config,
pkgs,
lib,
...
}:
with lib;
{
key = "borgbackupMonitor";
_file = "borgbackupMonitor";
config.systemd.services =
{
"notify-problems@" = {
enable = true;
serviceConfig.User = "liv";
environment.SERVICE = "%i";
script = ''
${pkgs.curl}/bin/curl -d "$SERVICE FAILED! - service $SERVICE on host $(hostname) failed, run journalctl -u $SERVICE for details."
'';
};
}
// flip mapAttrs' config.services.borgbackup.jobs (
name: value:
nameValuePair "borgbackup-job-${name}" {
unitConfig.OnFailure = "notify-problems@%i.service";
}
);
# optional, but this actually forces backup after boot in case laptop was powered off during scheduled event
# for example, if you scheduled backups daily, your laptop should be powered on at 00:00
config.systemd.timers = flip mapAttrs' config.services.borgbackup.jobs (
name: value:
nameValuePair "borgbackup-job-${name}" {
timerConfig.Persistent = true;
}
);
};
in
{
imports = [ borgbackupMonitor ];
services = {
borgbackup.jobs.liv-violet = {
paths = "/home/liv";
encryption.mode = "none";
environment.BORG_RSH = "ssh -i /home/liv/.ssh/id_ed25519";
repo = "ssh://liv@100.115.178.50:9123/spinners/rootvol/backups/hosts/violet";
compression = "auto,zstd";
startAt = "daily";
};
};
}

2
modules/core/sops.nix
View file

@ -19,11 +19,13 @@
"systemMailerPassword" = { }; "systemMailerPassword" = { };
"forgejoWorkerSecret" = { }; "forgejoWorkerSecret" = { };
"minioRootCredentials" = { }; "minioRootCredentials" = { };
"atticdEnvironment" = { };
"matrixRegistrationSecret" = { "matrixRegistrationSecret" = {
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
"smbLoginDetails" = { }; "smbLoginDetails" = { };
"syncplay" = { }; "syncplay" = { };
"funkwhaleDjangoSecret" = { };
} }
else if (host == "sakura") then else if (host == "sakura") then
{ {

1
modules/core/sshd.nix
View file

@ -20,6 +20,7 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQtG69zrMFsoHForwZEi66y1tPvctqg1OgjQFrF3OI+ liv@iris" # iris "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQtG69zrMFsoHForwZEi66y1tPvctqg1OgjQFrF3OI+ liv@iris" # iris
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKI2KQn97mykFLIaMUWMftA1txJec9qW56hAMj5/MhE liv@dandelion" # dandelion "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKI2KQn97mykFLIaMUWMftA1txJec9qW56hAMj5/MhE liv@dandelion" # dandelion
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILwDS8tXjGjUtk3eQAaPf0S0f9JgwEGPlNYQ7OvACX1Z liv@imilia" # imilia "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILwDS8tXjGjUtk3eQAaPf0S0f9JgwEGPlNYQ7OvACX1Z liv@imilia" # imilia
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7Qlz0vKb8EtqiyRRz1PLmcWR9mxq39BaAcUU4Ls2pM liv@myrtle" # myrtle
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mHVQp99G0osUAtnVoq5TARR8x5wjCkdbe7ChnzLRa liv@azalea" # linux phone "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mHVQp99G0osUAtnVoq5TARR8x5wjCkdbe7ChnzLRa liv@azalea" # linux phone
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # xz1c "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # xz1c

8
modules/home/hyprland/config.nix
View file

@ -36,11 +36,12 @@
"mpDris2 &" "mpDris2 &"
"foot --server &" "foot --server &"
"hyprfloat &" "hyprfloat &"
"gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark' &"
]; ];
input = { input = {
kb_layout = "us,jp"; kb_layout = "us,jp";
kb_options = "caps:ctrl_modifier"; kb_options = "caps:ctrl_modifier,compose:ralt";
numlock_by_default = true; numlock_by_default = true;
follow_mouse = 1; follow_mouse = 1;
sensitivity = 0; sensitivity = 0;
@ -171,6 +172,7 @@
"$mainMod, Space, togglefloating," "$mainMod, Space, togglefloating,"
"$mainMod, D, exec, bemenu-run -l 5 --ignorecase" "$mainMod, D, exec, bemenu-run -l 5 --ignorecase"
"SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png" "SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png"
"SUPER, L, exec, swaylock --image /home/${username}/.local/share/bg.png"
"$mainMod, E, exec, thunar" "$mainMod, E, exec, thunar"
"$mainMod SHIFT, B, exec, pkill -SIGUSR1 .waybar-wrapped" "$mainMod SHIFT, B, exec, pkill -SIGUSR1 .waybar-wrapped"
"$mainMod, C,exec, hyprpicker -a" "$mainMod, C,exec, hyprpicker -a"
@ -269,6 +271,10 @@
"$mainMod, XF86MonBrightnessDown, exec, brightnessctl set 100%-" "$mainMod, XF86MonBrightnessDown, exec, brightnessctl set 100%-"
]; ];
bindl = [
",switch:[Lid Switch], exec, hyprlock"
];
# mouse binding # mouse binding
bindm = [ bindm = [
"$mainMod, mouse:272, movewindow" "$mainMod, mouse:272, movewindow"

8
modules/home/hyprland/default.nix
View file

@ -1,9 +1,11 @@
{ inputs, ... }: { inputs, ... }:
{ {
imports = [ (import ./hyprland.nix) ] imports =
[ (import ./hyprland.nix) ]
++ [ (import ./config.nix) ] ++ [ (import ./config.nix) ]
++ [ (import ./scripts.nix) ] ++ [ (import ./scripts.nix) ]
++ [ (import ./variables.nix) ] ++ [ (import ./variables.nix) ]
# ++ [ (import ./hyprlock.nix) ] ++ [ (import ./../hyprsunset.nix) ]
++ [ (import ./../hyprlock.nix) ]
++ [ inputs.hyprland.homeManagerModules.default ]; ++ [ inputs.hyprland.homeManagerModules.default ];
} }

16
modules/home/hyprsunset.nix Normal file
View file

@ -0,0 +1,16 @@
{
services.hyprsunset.enable = true;
home.file.".config/hypr/hyprsunset.conf".text = ''
max-gamma = 200;
profile {
time = 06:00;
identity = true;
}
profile {
time = 21:00;
temperature = 5500;
gamma = 0.8;
}
'';
}

3
modules/home/sway/default.nix
View file

@ -198,11 +198,12 @@ in
{ command = "swaycons &"; } { command = "swaycons &"; }
# { command = "wlsunset -S '06:30' -s '19:30' -d 1800 "; } # { command = "wlsunset -S '06:30' -s '19:30' -d 1800 "; }
{ command = "foot --server &"; } { command = "foot --server &"; }
{ command = "gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'"; }
{ command = "footclient"; } { command = "footclient"; }
]; ];
workspaceAutoBackAndForth = false; workspaceAutoBackAndForth = false;
}; };
# systemd.enable = true; # ??? # systemd.enable = true; # why would anyone do this???
wrapperFeatures = { wrapperFeatures = {
gtk = true; gtk = true;
}; };

2
modules/home/waybar/default.nix
View file

@ -295,7 +295,7 @@
}, },
"battery": { "battery": {
"bat": "BAT0", "bat": "BAT1",
"interval": 20, "interval": 20,
"states": { "states": {
"warning": 20, "warning": 20,

52
modules/services/attic.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, ... }:
{
services = {
atticd = {
enable = true;
# File containing the server token in the following format:
# ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=<...>
# You can generate the token by running the following command:
# openssl genrsa -traditional 4096 | base64 -w0
environmentFile = config.sops.secrets.atticdEnvironment.path;
settings = {
# Listen on some port. Replace it!
listen = "[::]:8060";
# The two lines below should be set to the URL where your Attic cache will be available.
allowed-hosts = [ "cache.liv.town" ];
# Apparently it's very important this ends in a "/"
api-endpoint = "https://cache.liv.town/";
jwt = { };
database = {
# I used Postgres here, but if you leave it empty
# it will use an in-memory SQLite DB instead.
# url = "postgresql://atticd@127.0.0.1/atticd";
# heartbeat = true;
};
storage = {
# You could also use S3 here. But nah lol shit's expensive.
type = "local";
# Leave this empty to use the default path,
# or change it to some path that Attic can write to.
path = "/mnt/nfs/violet/nix";
};
};
};
anubis.instances.atticd = {
settings = {
TARGET = "http://localhost:8060";
BIND = ":8061";
BIND_NETWORK = "tcp";
};
};
nginx.virtualHosts."cache.liv.town" = {
forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = {
proxyPass = "http://localhost${toString config.services.anubis.instances.atticd.settings.BIND}";
proxyWebsockets = true;
};
};
};
}

35
modules/services/forgejo.nix
View file

@ -46,19 +46,28 @@ in
}; };
secrets.mailer.PASSWD = config.sops.secrets.systemMailerPassword.path; secrets.mailer.PASSWD = config.sops.secrets.systemMailerPassword.path;
}; };
gitea-actions-runner = { # gitea-actions-runner = {
package = pkgs.forgejo-runner; # package = pkgs.forgejo-runner;
instances.code-liv-town = { # instances.forgejo-01 = {
enable = true; # enable = true;
name = "forgejo-01"; # name = "forgejo-01";
tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}"; # tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}";
url = "https://code.liv.town"; # url = "https://code.liv.town";
labels = [ # labels = [
"node-22:docker://node:22-bookworm" # "node-22:docker://node:22-bookworm"
"nixos-latest:docker://nixos/nix" # "nixos-latest:docker://nixos/nix"
]; # # "docker:docker://node:24-alpine"
}; # # "alpine-latest:docker://node:24-alpine"
}; # ];
# settings = {
# log.level = "info";
# runner = {
# file = ".runner";
# timeout = "3h";
# };
# };
# };
# };
anubis.instances.forgejo = { anubis.instances.forgejo = {
settings = { settings = {
TARGET = "http://localhost:3050"; TARGET = "http://localhost:3050";

16
modules/services/funkwhale.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, inputs, ... }:
{
nixpkgs.overlays = [ inputs.funkwhale.overlay ];
services = {
funkwhale = {
enable = true;
hostname = "music.liv.town";
defaultFromEmail = "notifications@liv.town";
protocol = "https";
forceSSL = true; # uncomment when LetsEncrypt needs to access "http:" in order to check domain
api = {
djangoSecretKeyFile = config.sops.secrets.funkwhaleDjangoSecret.path;
};
};
};
}

4
modules/services/ollama.nix
View file

@ -3,7 +3,7 @@
enable = true; enable = true;
# Optional: preload models, see https://ollama.com/library # Optional: preload models, see https://ollama.com/library
# loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b"]; # loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b"];
# acceleration = "rocm"; # nope, 5700XT is too old for this acceleration = "rocm"; # nope, 5700XT is too old for this
}; };
services.open-webui.enable = false; services.open-webui.enable = true;
} }

2
modules/services/violet.nix
View file

@ -3,12 +3,14 @@
imports = imports =
[ (import ./invidious.nix) ] [ (import ./invidious.nix) ]
++ [ (import ./anubis.nix) ] ++ [ (import ./anubis.nix) ]
++ [ (import ./attic.nix) ]
++ [ (import ./borg.nix) ] ++ [ (import ./borg.nix) ]
++ [ (import ./binternet-proxy.nix) ] ++ [ (import ./binternet-proxy.nix) ]
++ [ (import ./bluemap-proxy.nix) ] ++ [ (import ./bluemap-proxy.nix) ]
++ [ (import ./docker.nix) ] ++ [ (import ./docker.nix) ]
++ [ (import ./email.nix) ] ++ [ (import ./email.nix) ]
++ [ (import ./forgejo.nix) ] ++ [ (import ./forgejo.nix) ]
# ++ [ (import ./funkwhale.nix) ]
++ [ (import ./grafana.nix) ] ++ [ (import ./grafana.nix) ]
++ [ (import ./guacamole.nix) ] ++ [ (import ./guacamole.nix) ]
++ [ (import ./gokapi.nix) ] ++ [ (import ./gokapi.nix) ]

10
secrets/violet/secrets.yaml
View file

File diff suppressed because one or more lines are too long