diff --git a/flake.lock b/flake.lock index fa411eb..e401d03 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ ] }, "locked": { - "lastModified": 1760101617, - "narHash": "sha256-8jf/3ZCi+B7zYpIyV04+3wm72BD7Z801IlOzsOACR7I=", + "lastModified": 1762356719, + "narHash": "sha256-qwd/xdoOya1m8FENle+4hWnydCtlXUWLAW/Auk6WL7s=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "1826a9923881320306231b1c2090379ebf9fa4f8", + "rev": "6d0b3567584691bf9d8fedb5d0093309e2f979c7", "type": "github" }, "original": { @@ -206,6 +206,24 @@ "type": "github" } }, + "funkwhale": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1715161072, + "narHash": "sha256-idIdylmqPibBVePO2T67X4y6b9EZoAQq5w1hZZn38rY=", + "owner": "mmai", + "repo": "funkwhale-flake", + "rev": "4a744ac59a55323eefc6a0f263aa55ebdc61146e", + "type": "github" + }, + "original": { + "owner": "mmai", + "repo": "funkwhale-flake", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -235,11 +253,11 @@ ] }, "locked": { - "lastModified": 1762183399, - "narHash": "sha256-vr2aL1QLfERYTfYBgK8cW3T9eSdSEThH462wKaGlmEU=", + "lastModified": 1762787259, + "narHash": "sha256-t2U/GLLXHa2+kJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs=", "owner": "nix-community", "repo": "home-manager", - "rev": "a5fee077929ae2f2800c3087dce5e1abb4edfbc6", + "rev": "37a3d97f2873e0f68711117c34d04b7c7ead8f4e", "type": "github" }, "original": { @@ -250,7 +268,7 @@ }, "hypr-contrib": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1759613406, @@ -311,11 +329,11 @@ ] }, "locked": { - "lastModified": 1760445448, - "narHash": "sha256-fXGjL6dw31FPFRrmIemzGiNSlfvEJTJNsmadZi+qNhI=", + "lastModified": 1762462052, + "narHash": "sha256-6roLYzcDf4V38RUMSqycsOwAnqfodL6BmhRkUtwIgdA=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "50fb9f069219f338a11cf0bcccb9e58357d67757", + "rev": "ffc999d980c7b3bca85d3ebd0a9fbadf984a8162", "type": "github" }, "original": { @@ -329,8 +347,8 @@ "aquamarine": "aquamarine", "hyprcursor": "hyprcursor", "hyprgraphics": "hyprgraphics", + "hyprland-guiutils": "hyprland-guiutils", "hyprland-protocols": "hyprland-protocols", - "hyprland-qtutils": "hyprland-qtutils", "hyprlang": "hyprlang", "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", @@ -342,11 +360,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1761869718, - "narHash": "sha256-CiKN7TRaCk3MF/FAwCMEO91TKFWS6bONhF8mhYPKhAU=", + "lastModified": 1762755326, + "narHash": "sha256-lXEBpx5Q2LdGZCXKTa1v7NhlaSxOvcvnepRi0r38+jg=", "ref": "refs/heads/main", - "rev": "8e9add2afda58d233a75e4c5ce8503b24fa59ceb", - "revCount": 6549, + "rev": "0b1d690676589503f0addece30e936a240733699", + "revCount": 6564, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -357,6 +375,52 @@ "url": "https://github.com/hyprwm/Hyprland" } }, + "hyprland-guiutils": { + "inputs": { + "aquamarine": [ + "hyprland", + "aquamarine" + ], + "hyprgraphics": [ + "hyprland", + "hyprgraphics" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprtoolkit": "hyprtoolkit", + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1762755186, + "narHash": "sha256-ZjjETUHtoEhVN7JI1Cbt3p/KcXpK8ZQaPHx7UkG1OgA=", + "owner": "hyprwm", + "repo": "hyprland-guiutils", + "rev": "66356e20a8ed348aa49c1b9ceace786e224225b3", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-guiutils", + "type": "github" + } + }, "hyprland-protocols": { "inputs": { "nixpkgs": [ @@ -407,74 +471,6 @@ "type": "github" } }, - "hyprland-qt-support": { - "inputs": { - "hyprlang": [ - "hyprland", - "hyprland-qtutils", - "hyprlang" - ], - "nixpkgs": [ - "hyprland", - "hyprland-qtutils", - "nixpkgs" - ], - "systems": [ - "hyprland", - "hyprland-qtutils", - "systems" - ] - }, - "locked": { - "lastModified": 1749154592, - "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=", - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "type": "github" - } - }, - "hyprland-qtutils": { - "inputs": { - "hyprland-qt-support": "hyprland-qt-support", - "hyprlang": [ - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "hyprland", - "hyprland-qtutils", - "hyprlang", - "hyprutils" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1759080228, - "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=", - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "type": "github" - } - }, "hyprlang": { "inputs": { "hyprutils": [ @@ -537,15 +533,15 @@ "inputs": { "hyprutils": "hyprutils_2", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "systems": "systems_2" }, "locked": { - "lastModified": 1761923011, - "narHash": "sha256-7wjem/IGv2+El/JWMm9c5amTU7ifX72ALK8XgmZRoiQ=", + "lastModified": 1762388741, + "narHash": "sha256-4PKO/B0C53Qb60UIXB6QjXTvWX3ap34WdcnMoH6+ng0=", "owner": "hyprwm", "repo": "hyprpicker", - "rev": "b645b892b14d0f55be7636555044836ec57c6d06", + "rev": "5ab0e1aaa489ceb807c884a73b4948d395d9e229", "type": "github" }, "original": { @@ -560,7 +556,7 @@ "hyprlang": "hyprlang_2", "hyprutils": "hyprutils_3", "hyprwayland-scanner": "hyprwayland-scanner_3", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "systems": "systems_3" }, "locked": { @@ -577,6 +573,58 @@ "type": "github" } }, + "hyprtoolkit": { + "inputs": { + "aquamarine": [ + "hyprland", + "hyprland-guiutils", + "aquamarine" + ], + "hyprgraphics": [ + "hyprland", + "hyprland-guiutils", + "hyprgraphics" + ], + "hyprlang": [ + "hyprland", + "hyprland-guiutils", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprland-guiutils", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprland-guiutils", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "hyprland-guiutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-guiutils", + "systems" + ] + }, + "locked": { + "lastModified": 1762463729, + "narHash": "sha256-2fYkU/mdz8WKY3dkDPlE/j6hTxIwqultsx4gMMsMns0=", + "owner": "hyprwm", + "repo": "hyprtoolkit", + "rev": "88483bdee5329ec985f0c8f834c519cd18cfe532", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprtoolkit", + "type": "github" + } + }, "hyprutils": { "inputs": { "nixpkgs": [ @@ -589,11 +637,11 @@ ] }, "locked": { - "lastModified": 1759619523, - "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=", + "lastModified": 1762387740, + "narHash": "sha256-gQ9zJ+pUI4o+Gh4Z6jhJll7jjCSwi8ZqJIhCE2oqwhQ=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef", + "rev": "926689ddb9c0a8787e58c02c765a62e32d63d1f7", "type": "github" }, "original": { @@ -759,11 +807,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762179181, - "narHash": "sha256-T4+TNfXlF/gHbcNCC2HY7sMGBKgqNzyYeMBWmcbH7/o=", + "lastModified": 1762847253, + "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "256770618502d2eda892af3ae91da5e386ce9586", + "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", "type": "github" }, "original": { @@ -805,11 +853,27 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1760596604, - "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", + "lastModified": 1762596750, + "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { + "locked": { + "lastModified": 1762361079, + "narHash": "sha256-lz718rr1BDpZBYk7+G8cE6wee3PiBUpn8aomG/vLLiY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", + "rev": "ffcdcf99d65c61956d882df249a9be53e5902ea5", "type": "github" }, "original": { @@ -819,13 +883,13 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { @@ -853,27 +917,27 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1712163089, - "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_4": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1712163089, + "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", "type": "github" }, "original": { @@ -901,11 +965,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -916,6 +980,22 @@ } }, "nixpkgs_7": { + "locked": { + "lastModified": 1762596750, + "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { "locked": { "lastModified": 1743315132, "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", @@ -931,7 +1011,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1742800061, "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", @@ -947,26 +1027,10 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixvim": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixvim": "nixvim_2" }, "locked": { @@ -986,7 +1050,7 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nuschtosSearch": "nuschtosSearch" }, "locked": { @@ -1006,14 +1070,14 @@ "nur": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1762180725, - "narHash": "sha256-Lrh11WTceP1e1AG7t2o8lNdvmiTijAZfkxD9gntpIjU=", + "lastModified": 1762856806, + "narHash": "sha256-amezM/CNkaIWbmfzPJi4A4zH1k7t+3552SNpy9Doh34=", "owner": "nix-community", "repo": "NUR", - "rev": "4ca815f76d28487bd3cca3de56a4777fab95525f", + "rev": "27b24a13d45b022bcf2b0fe29f3c8a11af342f47", "type": "github" }, "original": { @@ -1056,11 +1120,11 @@ ] }, "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "lastModified": 1762441963, + "narHash": "sha256-j+rNQ119ffYUkYt2YYS6rnd6Jh/crMZmbqpkGLXaEt0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "rev": "8e7576e79b88c16d7ee3bbd112c8d90070832885", "type": "github" }, "original": { @@ -1073,13 +1137,14 @@ "inputs": { "alejandra": "alejandra", "disko": "disko", + "funkwhale": "funkwhale", "home-manager": "home-manager", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", "hyprpicker": "hyprpicker", "hyprsunset": "hyprsunset", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixvim": "nixvim", "nur": "nur", "sops-nix": "sops-nix", @@ -1105,14 +1170,14 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1760998189, - "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", + "lastModified": 1762812535, + "narHash": "sha256-A91a+K0Q9wfdPLwL06e/kbHeAWSzPYy2EGdTDsyfb+s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", + "rev": "d75e4f89e58fdda39e4809f8c52013caa22483b7", "type": "github" }, "original": { @@ -1123,15 +1188,15 @@ }, "spicetify-nix": { "inputs": { - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "systems": "systems_5" }, "locked": { - "lastModified": 1762057664, - "narHash": "sha256-mdEEvepIi8ebpGP1WWOHNvNQyd8rF0mUrKAiU6mwHCk=", + "lastModified": 1762718300, + "narHash": "sha256-oOQimZTaV1jCw0OBmmK2g7Rdj3E8YGVpkJYD32BWKRQ=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "4aa6e43d29e3c8acf544aa6782a1963a11369208", + "rev": "c7175bd485ed5052df5075fcdde395b631316e94", "type": "github" }, "original": { @@ -1243,11 +1308,11 @@ ] }, "locked": { - "lastModified": 1760713634, - "narHash": "sha256-5HXelmz2x/uO26lvW7MudnadbAfoBnve4tRBiDVLtOM=", + "lastModified": 1761431178, + "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "753bbbdf6a052994da94062e5b753288cef28dfb", + "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 53d9727..d6febf5 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,7 @@ sops-nix.url = "github:Mic92/sops-nix"; disko.url = "github:nix-community/disko/latest"; spicetify-nix.url = "github:Gerg-L/spicetify-nix"; + funkwhale.url = "github:mmai/funkwhale-flake"; }; outputs = diff --git a/modules/core/sops.nix b/modules/core/sops.nix index 91bd2f0..cbd6db1 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -19,11 +19,13 @@ "systemMailerPassword" = { }; "forgejoWorkerSecret" = { }; "minioRootCredentials" = { }; + "atticdEnvironment" = { }; "matrixRegistrationSecret" = { owner = "matrix-synapse"; }; "smbLoginDetails" = { }; "syncplay" = { }; + "funkwhaleDjangoSecret" = { }; } else if (host == "sakura") then { diff --git a/modules/services/attic.nix b/modules/services/attic.nix new file mode 100644 index 0000000..ca91497 --- /dev/null +++ b/modules/services/attic.nix @@ -0,0 +1,52 @@ +{ config, ... }: +{ + services = { + atticd = { + enable = true; + + # File containing the server token in the following format: + # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=<...> + # You can generate the token by running the following command: + # openssl genrsa -traditional 4096 | base64 -w0 + environmentFile = config.sops.secrets.atticdEnvironment.path; + settings = { + # Listen on some port. Replace it! + listen = "[::]:8060"; + # The two lines below should be set to the URL where your Attic cache will be available. + allowed-hosts = [ "cache.liv.town" ]; + # Apparently it's very important this ends in a "/" + api-endpoint = "https://cache.liv.town/"; + jwt = { }; + database = { + # I used Postgres here, but if you leave it empty + # it will use an in-memory SQLite DB instead. + # url = "postgresql://atticd@127.0.0.1/atticd"; + # heartbeat = true; + }; + storage = { + # You could also use S3 here. But nah lol shit's expensive. + type = "local"; + # Leave this empty to use the default path, + # or change it to some path that Attic can write to. + path = "/mnt/nfs/violet/nix"; + }; + }; + }; + anubis.instances.atticd = { + settings = { + TARGET = "http://localhost:8060"; + BIND = ":8061"; + BIND_NETWORK = "tcp"; + }; + }; + nginx.virtualHosts."cache.liv.town" = { + forceSSL = true; + sslCertificate = "/var/lib/acme/liv.town/cert.pem"; + sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; + locations."/" = { + proxyPass = "http://localhost${toString config.services.anubis.instances.atticd.settings.BIND}"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 38e10dd..942a874 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -46,19 +46,28 @@ in }; secrets.mailer.PASSWD = config.sops.secrets.systemMailerPassword.path; }; - gitea-actions-runner = { - package = pkgs.forgejo-runner; - instances.code-liv-town = { - enable = true; - name = "forgejo-01"; - tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}"; - url = "https://code.liv.town"; - labels = [ - "node-22:docker://node:22-bookworm" - "nixos-latest:docker://nixos/nix" - ]; - }; - }; + # gitea-actions-runner = { + # package = pkgs.forgejo-runner; + # instances.forgejo-01 = { + # enable = true; + # name = "forgejo-01"; + # tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}"; + # url = "https://code.liv.town"; + # labels = [ + # "node-22:docker://node:22-bookworm" + # "nixos-latest:docker://nixos/nix" + # # "docker:docker://node:24-alpine" + # # "alpine-latest:docker://node:24-alpine" + # ]; + # settings = { + # log.level = "info"; + # runner = { + # file = ".runner"; + # timeout = "3h"; + # }; + # }; + # }; + # }; anubis.instances.forgejo = { settings = { TARGET = "http://localhost:3050"; diff --git a/modules/services/funkwhale.nix b/modules/services/funkwhale.nix new file mode 100644 index 0000000..247f9cc --- /dev/null +++ b/modules/services/funkwhale.nix @@ -0,0 +1,16 @@ +{ config, inputs, ... }: +{ + nixpkgs.overlays = [ inputs.funkwhale.overlay ]; + services = { + funkwhale = { + enable = true; + hostname = "music.liv.town"; + defaultFromEmail = "notifications@liv.town"; + protocol = "https"; + forceSSL = true; # uncomment when LetsEncrypt needs to access "http:" in order to check domain + api = { + djangoSecretKeyFile = config.sops.secrets.funkwhaleDjangoSecret.path; + }; + }; + }; +} diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 4cf4b48..6705874 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -3,12 +3,14 @@ imports = [ (import ./invidious.nix) ] ++ [ (import ./anubis.nix) ] + ++ [ (import ./attic.nix) ] ++ [ (import ./borg.nix) ] ++ [ (import ./binternet-proxy.nix) ] ++ [ (import ./bluemap-proxy.nix) ] ++ [ (import ./docker.nix) ] ++ [ (import ./email.nix) ] ++ [ (import ./forgejo.nix) ] + # ++ [ (import ./funkwhale.nix) ] ++ [ (import ./grafana.nix) ] ++ [ (import ./guacamole.nix) ] ++ [ (import ./gokapi.nix) ] diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml index 57aabc9..6c30384 100644 --- a/secrets/violet/secrets.yaml +++ b/secrets/violet/secrets.yaml @@ -1,9 +1,11 @@ systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer66DK09U7CEB8ZBqe+Y+DqjcOJUHHHSo8Qk1XGvGQWypkGICxmxNP8KWvmY42Woh3677APvotUdjW5fVKTgB+Y1m/6/cvXKicJFjbw5LOzZ2/JcXP01KPSkRxWb/X4xzvawSMY=,iv:vbchTqHaH2PB9Mll/s8q4zLhN6ThAsCVvhoggOhj7H4=,tag:6b+TiV1YYHWOn0P9qJZ/bQ==,type:str] -forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str] +forgejoWorkerSecret: ENC[AES256_GCM,data:AEWtWSjEPMbArrPYa6sTjiYp0GiePcTQ4gXKk1LP6UDK7auX1y7eOQ==,iv:TGEerZVCfL0TMka4/vBGb0ejhqxA5GbUpQIRbXnuCNs=,tag:IUKoyT9dmq65oWu/D7K1ag==,type:str] matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str] minioRootCredentials: ENC[AES256_GCM,data:/IrpspB6Puy+6scHheBSBp6zQVh8uwpu4nFPLSkueuohSUESPHbRb0w1XAp4V5HraMtOThFqlm0JeBW0XbhY4E8L1P+S3/aMLKjp2voA928l9AjF6sTaSKsO7qh6LEmo90qm9Jo0nDo=,iv:M5NOGfSsl+LggLyEjV49vcWCaYmbG0eJcgwI2v7AKcI=,tag:A+CrDTL+TkEayOqBUII4aQ==,type:str] smbLoginDetails: ENC[AES256_GCM,data:Puv+Vewv0TDpiYM+Uym180CLT+vXKoeSW/uNxAX7f9y0NvG2Uqqglj/HcCMhyQn9GpCIQyb+xidlLWn3Ywdg6ybaf4WN5EdAEXMK/FRQyVIvvOcCcwG+IeUc1Wc5NmM2qEbxLqLNDWxiH8/QsrT9rWWxxx4c4eD1HOpIv9LCuavXXLmKy6JvtxYwtOv4u8ukp+e0uP7pLN7d,iv:XH+6soi7lZiGz9ZGlQb49f44API715ib/Y7Zh3hFnDM=,tag:iz8RYRSwNxrMxy+rqeM07Q==,type:str] syncplay: ENC[AES256_GCM,data:Vrn1GmmUnIikiTKIQtP3qBfZIZRW2Za2Xhhegp7PAulujxumLGMAz9lBnTPBy3uofpayP8NJuU9v8cpU4a4w5A==,iv:s4RFaZwftqmI3BhpO1msvpfO2u3AGlPik7nMX2hjnyE=,tag:13zft7dmd85udoi7CnfWYg==,type:str] +atticdEnvironment: ENC[AES256_GCM,data:ddsrYQn49C5j+lkaTHVBZp2Q4yR6KMTeoYE8wdoBdjQz+7+d0FZTMQagDriNv0nIazNBS/5WrDJ2/L+BOieUuHUfGLLIMICgpo2zzbChTT4Ox63cH/Bkonx09jkAvKEZ9xW7o/L+OTwCsMH7wULFzEFvUdp3m339qk5GEGnjTqgWAiglQHLbaMtEQHnt6IJh1Q3g/h0g+faN2seHSijGzIMIMCBsk7yC54HmuyCl8BhmBNERmJ1s/4X/QXVpKy0pu7be+Ydby80LO8IPyl8+M3PR3DL+q+zOH0LWO55yuVGwAXS/H1ljVz8dThbVLWoTkudn9YB8l4dhXty0exDLyyhqe3dKaCbmN9whR6URfXP20Pn0eYlogXHNBNtdHO7Au9kVOE2m6XvaA1Q14FQqi/ZEQVhwNVTPlvmXGOp6yk7Qj/Z5W8XED1oq/Cx72TK75JQtYRKYVFaGWLB5J4EjaD7ypRURUQTK9+U0MMldXlscucsRIBQeKglgPyWvo9IZeqML6Zn815rVa/pv9Z/SJTgAruqJyJq7q8a6a6RR/m7hfHA0s3te2SvFbPiRYKpy70plCD/u+VxaXtMsmMBIV6iIdS4NjEjVm4OqpOg20KSv2Iq0oYa/UxnbgcGdp0c0zNUYM+POrnIYqosfobQFys3HxIfsD3TawofVJ+p3LFVfnmO83O+n3LbYNvuzBgkeR1rryY4pJBJkNbxPCCQUIhHtuibdI5I+yHwRzPTRvEiRok+vvfS//JKJ6BaUwzkS7ZnwXiU4QcvC4F3yR5d/ADF9MxPoezXuC5Oet9Tw1n2zRlJAs/heZXoE9GXAzrICjeAK1ZdkomJ3n8TnHYpfTPO6n3AnaJ+u0RFZJtbd20JWd1i+jcFQc1xMNkQXCzRL22WJHKQJnJiNGlqqn+V+8L5TkElaubrqzR0KHE9SE5RLzVDrFrAiTFd1/jOE82K/Vaeh0UyVZpNqJxhMV1wg6A3EKeOe/WRSbPOEoqxSjYUImyX6trX5zK5IgsGL0bk1BGMbDfrcOCRGd4qYZxvJ5JAJiWDjkRHrWK5q1peA5c7mEC/VEX02BZqxlHQap0+d4puheRqEEJBrLXgCbOGorxFeoUDQZvBMnMzCowGi3pAsgJRVUqyoB84CtH2joPZVBigjApRRspyEfNjUKUfuNtRXsLnunmqhTlZnCX2JvaDPzSTr/XgxOTJO/PQPACnLtZEL8xWUJV8iM10aUv93eKalro1c6hcAKrPrn/qJ9yawzG23GU6Gouro1PSnf0O9fuPuxw90hssKnGO99QTGMp8wv26OdeqD4iOsyyh/65bYMPwxfL2nS8/GWPvJ8ZyXGALrkkFWZ8PFEEUu29g3T12f7wPqie3RiKtczk1PLFABNErSSOuTySfEDYQJiUH1dKCijhoQztEb4TMqAS/nvPO8tVQgeWIQX6yZBchrLtJ2hM8ZG25TiOooVTXF9HW6G1MMsL/AAhfR/YJFM3aMV6Q1rYBDOf5dFE+U0cjHAl7rtJEEUyl+LxPp+FRO9MrCNsuRm2IsgbhrZ1fe95nUB2VM6vAhsaQbuLoxFUm1LcxuaGbAmbf/EFvwMQXFe1NeoVfBKJpOuBH/b+u8oBwmqGUI0dE8snwKYHtcwF2xD9H8WSkWmF3UtPa4vhtf3BOAPkKlTu0Ouy3QiTfQ6hRhpf4DA90MhwgltNO1Zc6pO3uIaqOK49zvMlb65kbZm14j/CvbRC7Y4h43xIauT/Xc4ynVJdRhYYrZi7tF6QrPNyJ7Xa7veHbxkKXStNH4Xs0vYRPopjctEZa1jOlePO5KCEvyBu3yi5TBtz1OtjI/rZfjG9X4240uKg1vrvBrKQLh1Z7UsPO9AT2NXPyxgxRWTLybiyAl8hoin+47Lwzo3HZLG07PeCCl0oQUpdGYuGPuE/aAwO92QqcQNk234IyehGFcZdthaXXSj5gRimh7W103awzENxop0SQ7HYAY76g29DVH0DDiCa4K8GqyC5ewvuLbbJw24ekK4RU/59pNfOqAD6p1RBJz9gd3lbw0KTcyzf1tbhzAZVK9szenNQESaI9eoGc/2U4rslcPWE8UnJ/sB8LDHnqDYNoAq2U1BW4MF7q9/ZJGD62FCQohNJ/rxQSih4w7mNvtkjW/4KIcXv5lFuSBmB1gkxJvPZTGXGzKfYUDS6juHYWK1MGnteRX5Ium9sScGpwjFV/6qbsiuhmW3rk84vzexX3QEOZcxATAg6mXifdG69dnwAo4U8rAPkMv69Y5okREzzJ79/Shf2JDbdgiY9hs3nBtY721ZcBn5RtAAdFtIci/OS8RZYjnqgrkTAspIigZ+Jj/zlSG4vc5hIrx82BCKYEKzyB8KvfnhgC8AxA//jgZkDTiKcLabvaUSh+9pjpavwGMf6sCswLgCcvmTFNaL3RRrEAL5l3UVKfZg+ZBv4Qr2VVyECvvhnL8+nGae5ujpM5r3M7b6CSRSP0X0bBZAVxTiv+/qkHSZlPivO9YrhnXeoYnwGQKvp/WdVmb9OH/02FDxqSNuLUhSEVb4oRjnmYFchHTIWiXzktOYX1eQV1RQ4v028PuD3h1LGgZ5AeYPvgdRXgdTcPWSwhiznbIUo1mU1dZtiJfpACdwTamtluFWtOU+/gyp0xoEFGKYS+HsFm2Zg5p/Jr7ioQMkNguI5al2XCR0Q0StN53NJYlGy8hudh6f9wHDk/ASEfOlYI20th2VhEk/zA1bdi2xmIYMGYfNN1Iz5MGrvWetEmEoQ4cwJ6AKJdqY1rYnvwybZTN4J24ckxoX2/XEiiRDo4K9X8pJYuCq1jCVO8jfOZ9Xoy+DbPDqLPDsTBWGBcKaSJAZQGgW/YKlM+Hrxpz789reKeMKNJYyHwkFb5/U2eBjzW5jbLZQ1g0VByNOrKHW3hHxezt1jaEageKPiq6kMlqtWK+NOH9OjCs9UJuCgo3WtskSvMrJj4b8IdkGKv2tiu+I6c1U8mGbfntjUHkkMjbN72HTdsADyNZA5TWaqbdaKTxHomWaOgBq7L8h0rCdzEpERO+zJhu5lLi2xP61O+9ZaVMzaDZGUin3Z7D7tUOklU+7NXil4IAD2ZLX+prPIOxrZ9uYACweUOPwWd5PKU9SH6z6tfwleOjLkbdqbxD882sFI73Y4aSxHA/PRBbhN9OnLcGK/VWDzGh/BZo9tSQ+wuQddkmJhKZBxk2bKhDSZVLCYbMyQazTz4Hu8ICtz8aRgvPwGmoMNhcxrtWOPDOCg7WroHzowjcIn3NWK/LAN4L2ENQwYN5zD9HWQR/+gx4yQabPXFZ5WunL5PYWoUcGkWOsCuLjj6H9nvgeKKHZLmY8gO+7+UcTDrzx8bSS0O5Ti6OL34dP3sNFehlI5YBNRnaYOctUT4gbgbZtgDaAxMhZgpP4mMLHfTXagfYpTqP0HG13u20m6LKwe2O9RSNQ6j4beNHhPvcOsKE4XCi1XBfggH+ERSiIdpIlvSp1V4JmcxPfIlCqrOZqk/v575h+RmJoML+r+mDi6VaW6IKNcFUzpVHQz4QGnMf3UzC+MstRquXCXNBN7QAOez5Z6uiDEjTS1U5hH5D6Gpxp8DZCTL4pThIQtzL4aAa5jNE77qrFfdMXbgGtRf3kAEae8mB6NAFoThkbxhL9BT//7w67M0N94nVLp8g3UzGl9ojH7wnxmj/HFXVXuBi9U+PtfMXFWlZmL0SG7ETfJNl5P60FBIfotLVy86hagVEL+ayA0IW+c9ButaLzzXML0z/dniou+vRMchQLbGuTWnFnoh+hhJDkTMVbKrEG5zCm3iHQsl9FTrVa0qfVC5KUalTsu2ueF5BQ3aQTZoWxmf8CeiztxNmLYinNXCxLn5HakmvkNxyt3LRYhiKga28ppP3N8MOLkuTvB+VXA/TA/K5KkJlycATdEFYEfSt/nGHRb2LVztOyVYC9mG6oS0N5dLjToVnpa6BA+Dr9iYT1zIYATgvk3syw7laeqsg88KdofaHUt4NjaPy6BL3r2T1RLQKSoWM9AGTrSQvoqkTjk42bTFWsOtv+3jRQNTj6OT4VDfjWEJ4/UcfzGtJLQsqz7vYm9YAKQOHVTuYG8cU3MZwRcTuCeE0pEcGOT/07ZjM7/y86s2p9f8QCfPr74HPNB6kHLa6tt47jl+wNcBraMSVILsTC2CwC1u8X39KrmyNAprZtPJWC6uzhpO+priWMn6VgdKV9F916FxnX0lg/C/t3/tM5pvsPOEdsp6rrWU6dWXVAniiDEaZmwxK+MRAmLyjZTXNolZ6j7eCW4jRO6s0dwa5FT6Vq8oFv8Gehb5musrVH5so7Ar/rZTDKWXfrUwESIJOcKF/wjBDrliqg4IYQma3dDig4SZOht5X81OzbkbBPG6/3QZGHpz4FhUJlrY3ynoxuMhXzPG5WScIv6our31InTuO7IF6Uh7uM14YldG6eCK5yaAzZrFnSjK0oR8Qcqt/otl5xQc3SqauodXweHiAq5m8VFy2Aqv4vayjAzQ9ce9hE2GCbubAjFY9RSqmaVyNGUrJlnJXCkKmaGWGkdWMn+qs2Y1xX10ffT5dIy9sMVvwLTX056T3uEJEdcAxEUG+Syr6m5nxpqaABVXPfn9oesyzVRh8vAWq2Y9YI4LHMMLg1BB1cg3LM2N8XZl7RdpF4jTf9c7QkzGv/E0LtzvO+UJTNY6V0klvoEP3vrMFqouYJryFsdMFdo0OfZNZFmq6lPQY8DcIa9InI7qqPGB+sbtG6SDpe1VjypF4iJ8iLH9mLHIQN632KaoMaVLO7J3X6jXFNHlzwORYIlzsBeO9VnMTtOKg2o+G25eXb4vGHRBd+PNbGxh1C6R2vsnzMmK4MYuME7BbCDMMcYxCaoq1UnqF3mhzlbj2Uw3mB37EBNHe2zx6d7hKIO28He8skyT0efSspktMZB9XU/2Z9rnJEnSgFKu65UnHT31wvpUg+O8uzdU6/5IfjOZcZL9XJh1cZ0T5JDOizB4A/42CwT8jg0VOVOCMcZx2jhc2GZO+MxU8Uq7wqq3Ov8yQfuI43Yp8fHsWnomX/Y/49oPL//+UnVZGrHCTwjgowjSk2veRthz6b3e3fG9CkXGf9WpYTwofQRsAHs8u7Im8m2DqxNNsasFfR91jbM8/GpeCn0dzFdJlyxXSLyH4H60POUHNGhayory9SiYc8RFjVimGYg9MZ+dKvX+Zy7SJ7oDasoIhN2EOV/2eBSce8caqgShTbCSAC3whEKu37WAKZ3dP5fQiRpkfonockuTliR3pz1Bdpp7Q6SHg+2agwUTuIWDGd3I0jpty5i5s9fgsejJNx+6iZYSlpX2RCz/9Sz0Ks0lZ4bC58urhkcNA19Ogb2jEy1pWLb8/VD3UeEXxnU7OzT6bLmJKH3Jxt5N9e4Y8CSC4DpJygH6dyxR5qkuTRHz8vLtYE8Nmc9Ny42NnhXif+rHi0fn3SrlNtD10bJrKXu0RIuu6vmOGfFjSvibreSzjICgXop27wYFRa5xOCfI4rCaosLs6t8JYklLGyhErLU8WlbPDelEDjhJvPnX+ucrSkVBiJu3Bxet42FG/u94/CYR2gWbjGJzdR09rtt/lADcMh5ZVSsMZviqMFoqEaU0fHIArz2EvcrRR00kuFPeTFIu5eFwxzZ368m4jU+8heg0MBdQKLe5gaQ9tTSdSPX9JxcXgZ0ry4xsOErtzZCODxWKwH0BP5H0p8NXMz0n8E5Cw1YF11v4YjnZlGZZRpSGzh505KkrvLWhjty4WHu2u620wfltJC8iqVCS0AZscT/hK3B1jpxpwtFGulm1gFttOK8usB/uyzw==,iv:EcWY/Msbns1O6Cm4cZQDRZbdDCWr6+QRH9X3/Wl/jAM=,tag:+Iwec3h+bP9r6RVv7GIqOA==,type:str] +funkwhaleDjangoSecret: ENC[AES256_GCM,data:5IQC3gN7nGMaquV/xuIUU/vk64QQ9WQ4nrBUe/I1uulqW9J8c/nM/cPCS9gFRdp7I42LRFObo+sc23OnK3IBxuNBGEk2ZJwdf1/NVY4=,iv:BYqE6LsC7BXe3HH5Iq9LDDnx4vGZdVlugxbZuKHfUyE=,tag:Fyjwkq8Nd9/MSlNCHky38g==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -24,7 +26,7 @@ sops: S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-19T10:22:44Z" - mac: ENC[AES256_GCM,data:aJcXcdCR9nKbiaGEcGIQxr0kW7D8p2OzC2YDh18AFinWhdUSUDh6B8vkHR3ScIgUOYWc70/vSVsn3+M5JmtH3+mKMwMwSKF2plhicSBGdRELkeeowy6tCZGOVUvRsBhUpynd86qxxvWbJO4Q6mCSNbBQ/cr8493OZWenzB/fedQ=,iv:UqgIWA4ZK3cVn0iepeBPF8KuNREuGKNnijo/oGd4/q0=,tag:CT2uFz+flsZyNAM6SnhveA==,type:str] + lastmodified: "2025-10-24T11:13:12Z" + mac: ENC[AES256_GCM,data:dIGc4xkSmahgewnMRVL+Hox+fcGPMZ1lKRRHve11gQbZpiuRMOjJL+7fhBYtybsr6Tf7NZtToY8HlXap2U+geE4hjNmYbJplqIKIVjdngw5mIMQaAuXqcF+5zOW3LgjwJ5JBM9OX+kp0p5IgD4uTP0iteGJ4BST0e7F7sndHnL4=,iv:cdOz/3vUXaZxsWn7obDsezZ/k8XPOZyoVvoRzjWLDCY=,tag:MCWAN4UPEPQP/iBTequOfA==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0