commit d690c4556440da35648aac47cd543e50fb5086e6 · aylac.top/nixcfg-own-knot

+18 -18

flake.lock

···

       73
       73
        
               "nixpkgs": "nixpkgs"

     

       74
       74
        
             },

     

       75
       75
        
             "locked": {

     

       76
       76
       -
               "lastModified": 1755903555,

     

       77
       77
       -
               "narHash": "sha256-bxHqVgbAMcha/Xobz1v6QSySofwzrJEC7QES6naocvs=",

     

       76
       76
       +
               "lastModified": 1756071305,

     

       77
       77
       +
               "narHash": "sha256-X1Rs+GV5daPlu4waWuk+4G0LT3nSWySCjF2uzNhlOr4=",

     

       78
       78
        
               "owner": "9001",

     

       79
       79
        
               "repo": "copyparty",

     

       80
       80
       -
               "rev": "ad0e6c7fde1fc67a681ff1b69426b001c8b43b4b",

     

       80
       80
       +
               "rev": "abffda5474cd9309c53fa0736395221c7c43bec1",

     

       81
       81
        
               "type": "github"

     

       82
       82
        
             },

     

       83
       83
        
             "original": {

     
···

       468
       468
        
               ]

     

       469
       469
        
             },

     

       470
       470
        
             "locked": {

     

       471
       471
       -
               "lastModified": 1755879220,

     

       472
       472
       -
               "narHash": "sha256-2KZl6cU5rzEwXKMW369kLTzinJXXkF3TRExA6qEeVbc=",

     

       471
       471
       +
               "lastModified": 1755960406,

     

       472
       472
       +
               "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",

     

       473
       473
        
               "owner": "cachix",

     

       474
       474
        
               "repo": "git-hooks.nix",

     

       475
       475
       -
               "rev": "3ff4596663c8cbbffe06d863ee4c950bce2c3b78",

     

       475
       475
       +
               "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",

     

       476
       476
        
               "type": "github"

     

       477
       477
        
             },

     

       478
       478
        
             "original": {

     
···

       619
       619
        
               ]

     

       620
       620
        
             },

     

       621
       621
        
             "locked": {

     

       622
       622
       -
               "lastModified": 1755914636,

     

       623
       623
       -
               "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=",

     

       622
       622
       +
               "lastModified": 1756022458,

     

       623
       623
       +
               "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=",

     

       624
       624
        
               "owner": "nix-community",

     

       625
       625
        
               "repo": "home-manager",

     

       626
       626
       -
               "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0",

     

       626
       626
       +
               "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740",

     

       627
       627
        
               "type": "github"

     

       628
       628
        
             },

     

       629
       629
        
             "original": {

     
···

       765
       765
        
           },

     

       766
       766
        
           "nixpkgs-unstable": {

     

       767
       767
        
             "locked": {

     

       768
       768
       -
               "lastModified": 1755736253,

     

       769
       769
       -
               "narHash": "sha256-jlIQRypNhB1PcB1BE+expE4xZeJxzoAGr1iUbHQta8s=",

     

       768
       768
       +
               "lastModified": 1755829505,

     

       769
       769
       +
               "narHash": "sha256-4/Jd+LkQ2ssw8luQVkqVs9spDBVE6h/u/hC/tzngsPo=",

     

       770
       770
        
               "owner": "NixOS",

     

       771
       771
        
               "repo": "nixpkgs",

     

       772
       772
       -
               "rev": "596312aae91421d6923f18cecce934a7d3bfd6b8",

     

       772
       772
       +
               "rev": "f937f8ecd1c70efd7e9f90ba13dfb400cf559de4",

     

       773
       773
        
               "type": "github"

     

       774
       774
        
             },

     

       775
       775
        
             "original": {

     
···

       833
       833
        
               "nixpkgs": "nixpkgs_4"

     

       834
       834
        
             },

     

       835
       835
        
             "locked": {

     

       836
       836
       -
               "lastModified": 1755918818,

     

       837
       837
       -
               "narHash": "sha256-a7k/fml8k4CxIcVW26luwqVl3lsRMNXBRCyC8uSF0GA=",

     

       836
       836
       +
               "lastModified": 1756071831,

     

       837
       837
       +
               "narHash": "sha256-ofdJDbiSzq0uOT7aLneiK6VQruXvbifrJ1Y8w1xmn/o=",

     

       838
       838
        
               "owner": "nix-community",

     

       839
       839
        
               "repo": "NUR",

     

       840
       840
       -
               "rev": "1a47d83c521c098debd6d1f2c2ae313a5bb729f9",

     

       840
       840
       +
               "rev": "4b342fb632bfbcc68ea9bc8f0c04df1ab4051f59",

     

       841
       841
        
               "type": "github"

     

       842
       842
        
             },

     

       843
       843
        
             "original": {

     
···

       974
       974
        
               ]

     

       975
       975
        
             },

     

       976
       976
        
             "locked": {

     

       977
       977
       -
               "lastModified": 1755904687,

     

       978
       978
       -
               "narHash": "sha256-ABBEPeZ1oJYlWSahpxo5zgLC8L9aCcQdOZsZ5IiYFRI=",

     

       977
       977
       +
               "lastModified": 1756073902,

     

       978
       978
       +
               "narHash": "sha256-c+nkNP2iK4BtNL9fkSgjO/ZQstfJKE0G6hanuTtGtf8=",

     

       979
       979
        
               "owner": "0xc000022070",

     

       980
       980
        
               "repo": "zen-browser-flake",

     

       981
       981
       -
               "rev": "446073255a1097755b583291f5854204b57bbee2",

     

       981
       981
       +
               "rev": "7c096513336dbff12d5e11e352148a676d042820",

     

       982
       982
        
               "type": "github"

     

       983
       983
        
             },

     

       984
       984
        
             "original": {

+6 -1

hosts/jezebel/default.nix

···

       5
       5
        
       }: {

     

       6
       6
        
         imports = [

     

       7
       7
        
           ./secrets.nix

     

       8
       8
       -
           ./services.nix

     

       9
       8
        
           self.nixosModules.locale-en-gb

     

       10
       9
        
           "${modulesPath}/profiles/qemu-guest.nix"

     

       11
       10
        
           self.diskoConfigurations.btrfs-vps

     
···

       48
       47
        
               enable = true;

     

       49
       48
        
               enableCaddy = true;

     

       50
       49
        
             };

     

       50
       50
       +
             uptime-kuma.enable = true;

     

       51
       51
        
           };

     

       52
       52
       +
         };

     

       53
       53
       +
       

     

       54
       54
       +
         security.acme = {

     

       55
       55
       +
           acceptTerms = true;

     

       56
       56
       +
           defaults.email = "contact@aylac.top";

     

       52
       57
        
         };

     

       53
       58
        
       }

-39

hosts/jezebel/services.nix

···

       1
       1
       -
       {config, ...}: {

     

       2
       2
       -
         security.acme = {

     

       3
       3
       -
           acceptTerms = true;

     

       4
       4
       -
           defaults.email = "contact@aylac.top";

     

       5
       5
       -
         };

     

       6
       6
       -
       

     

       7
       7
       -
         services = {

     

       8
       8
       -
           caddy = {

     

       9
       9
       -
             email = "contact@aylac.top";

     

       10
       10
       -
       

     

       11
       11
       -
             virtualHosts = {

     

       12
       12
       -
               "${config.mySnippets.tailnet.networkMap.uptime-kuma.vHost}" = {

     

       13
       13
       -
                 extraConfig = ''

     

       14
       14
       -
                   bind tailscale/uptime-kuma

     

       15
       15
       -
                   encode zstd gzip

     

       16
       16
       -
                   reverse_proxy ${config.mySnippets.tailnet.networkMap.uptime-kuma.hostName}:${toString config.mySnippets.tailnet.networkMap.uptime-kuma.port}

     

       17
       17
       -
                 '';

     

       18
       18
       -
               };

     

       19
       19
       -
       

     

       20
       20
       -
               "${config.mySnippets.aylac-top.networkMap.uptime-kuma.vHost}" = {

     

       21
       21
       -
                 extraConfig = ''

     

       22
       22
       -
                   encode gzip zstd

     

       23
       23
       -
                   reverse_proxy ${config.mySnippets.aylac-top.networkMap.uptime-kuma.hostName}:${toString config.mySnippets.aylac-top.networkMap.uptime-kuma.port}

     

       24
       24
       -
                 '';

     

       25
       25
       -
               };

     

       26
       26
       -
             };

     

       27
       27
       -
           };

     

       28
       28
       -
       

     

       29
       29
       -
           uptime-kuma = {

     

       30
       30
       -
             enable = true;

     

       31
       31
       -
             appriseSupport = true;

     

       32
       32
       -
       

     

       33
       33
       -
             settings = {

     

       34
       34
       -
               PORT = toString config.mySnippets.aylac-top.networkMap.uptime-kuma.port;

     

       35
       35
       -
               HOST = "0.0.0.0";

     

       36
       36
       -
             };

     

       37
       37
       -
           };

     

       38
       38
       -
         };

     

       39
       39
       -
       }

hosts/morgana/default.nix

···

       39
       39
        
       

     

       40
       40
        
             autoUpgrade = {

     

       41
       41
        
               enable = true;

     

       42
       42
       +
               allowReboot = false;

     

       42
       43
        
               operation = "switch";

     

       43
       44
        
             };

     

       44
       45
        
           };

-1

hosts/morgana/secrets.nix

···

       3
       3
        
           tailscaleAuthKey.file = "${self.inputs.secrets}/tailscale/auth.age";

     

       4
       4
        
           syncthingCert.file = "${self.inputs.secrets}/ayla/syncthing/morgana/cert.age";

     

       5
       5
        
           syncthingKey.file = "${self.inputs.secrets}/ayla/syncthing/morgana/key.age";

     

       6
       6
       -
           rclone.file = "${self.inputs.secrets}/rclone.age";

     

       7
       6
        
           ntfyAuto.file = "${self.inputs.secrets}/ntfyAuto.age";

     

       8
       7
        
         };

     

       9
       8
        
       }

+22 -10

hosts/nanpi/default.nix

···

       6
       6
        
         imports = [

     

       7
       7
        
           ./home.nix

     

       8
       8
        
           ./secrets.nix

     

       9
       9
       -
           ./services.nix

     

       10
       10
       -
           ./glance.nix

     

       11
       9
        
           ./notifier.nix

     

       12
       10
        
           self.nixosModules.locale-en-gb

     

       13
       11
        
           self.diskoConfigurations.luks-btrfs-subvolumes

     
···

       26
       24
        
           profiles = {

     

       27
       25
        
             base.enable = true;

     

       28
       26
        
             server.enable = true;

     

       29
       29
       -
             #autoUpgrade = {

     

       30
       30
       -
             #  enable = true;

     

       31
       31
       -
             #  operation = "boot";

     

       32
       32
       -
             #};

     

       27
       27
       +
             autoUpgrade = {

     

       28
       28
       +
               enable = true;

     

       29
       29
       +
               operation = "boot";

     

       30
       30
       +
               allowReboot = false;

     

       31
       31
       +
             };

     

       33
       32
        
             backups.enable = true;

     

       34
       33
        
             btrfs = {

     

       35
       34
        
               enable = true;

     
···

       43
       42
        
             arr.enable = true;

     

       44
       43
        
           };

     

       45
       44
        
           services = {

     

       45
       45
       +
             audiobookshelf.enable = true;

     

       46
       46
        
             caddy.enable = true;

     

       47
       47
       +
             cloudflared.enable = true;

     

       48
       48
       +
             copyparty.enable = true;

     

       49
       49
       +
             couchdb.enable = true;

     

       47
       50
        
             dnsmasq.enable = true;

     

       51
       51
       +
             forgejo = {

     

       52
       52
       +
               enable = true;

     

       53
       53
       +
               db = "postgresql";

     

       54
       54
       +
             };

     

       55
       55
       +
             glance.enable = true;

     

       56
       56
       +
             jellyfin.enable = true;

     

       57
       57
       +
             karakeep.enable = true;

     

       58
       58
       +
             miniflux.enable = true;

     

       59
       59
       +
             ntfy.enable = true;

     

       60
       60
       +
             pds.enable = true;

     

       48
       61
        
             tailscale = {

     

       49
       62
        
               enable = true;

     

       50
       63
        
               enableCaddy = true;

     
···

       61
       74
        
               webuiPort = config.mySnippets.tailnet.networkMap.qbittorrent.port;

     

       62
       75
        
               openFirewall = true;

     

       63
       76
        
             };

     

       64
       64
       -
             forgejo = {

     

       65
       65
       -
               enable = true;

     

       66
       66
       -
               db = "postgresql";

     

       67
       67
       -
             };

     

       77
       77
       +
             radicale.enable = true;

     

       78
       78
       +
             redlib.enable = true;

     

       79
       79
       +
             webdav.enable = true;

     

       68
       80
        
           };

     

       69
       81
        
         };

     

       70
       82

-166

hosts/nanpi/glance.nix

···

       1
       1
       -
       {config, ...}: {

     

       2
       2
       -
         services.glance = {

     

       3
       3
       -
           enable = true;

     

       4
       4
       -
           openFirewall = true;

     

       5
       5
       -
       

     

       6
       6
       -
           settings = {

     

       7
       7
       -
             pages = [

     

       8
       8
       -
               {

     

       9
       9
       -
                 name = config.mySnippets.aylac-top.networkMap.glance.vHost;

     

       10
       10
       -
                 width = "slim";

     

       11
       11
       -
                 hide-desktop-navigation = true;

     

       12
       12
       -
                 center-vertically = true;

     

       13
       13
       -
                 columns = [

     

       14
       14
       -
                   {

     

       15
       15
       -
                     size = "full";

     

       16
       16
       -
                     widgets = [

     

       17
       17
       -
                       {

     

       18
       18
       -
                         type = "monitor";

     

       19
       19
       -
                         cache = "1m";

     

       20
       20
       -
                         title = "Public Services";

     

       21
       21
       -
       

     

       22
       22
       -
                         sites = [

     

       23
       23
       -
                           {

     

       24
       24
       -
                             title = "Forgejo";

     

       25
       25
       -
                             url = "https://${config.mySnippets.aylac-top.networkMap.forgejo.vHost}/";

     

       26
       26
       -
                             check-url = "http://${config.mySnippets.aylac-top.networkMap.forgejo.hostName}:${toString config.mySnippets.aylac-top.networkMap.forgejo.port}/";

     

       27
       27
       -
                             icon = "di:forgejo";

     

       28
       28
       -
                           }

     

       29
       29
       -
                           {

     

       30
       30
       -
                             title = "PDS";

     

       31
       31
       -
                             url = "https://${config.mySnippets.aylac-top.networkMap.pds.vHost}/";

     

       32
       32
       -
                             check-url = "http://${config.mySnippets.aylac-top.networkMap.pds.hostName}:${toString config.mySnippets.aylac-top.networkMap.pds.port}/";

     

       33
       33
       -
                             icon = "di:bluesky";

     

       34
       34
       -
                           }

     

       35
       35
       -
                           {

     

       36
       36
       -
                             title = "Vaultwarden";

     

       37
       37
       -
                             url = "https://${config.mySnippets.aylac-top.networkMap.vaultwarden.vHost}/";

     

       38
       38
       -
                             check-url = "http://${config.mySnippets.aylac-top.networkMap.vaultwarden.hostName}:${toString config.mySnippets.aylac-top.networkMap.vaultwarden.port}/";

     

       39
       39
       -
                             icon = "di:vaultwarden";

     

       40
       40
       -
                           }

     

       41
       41
       -
                           {

     

       42
       42
       -
                             title = "ntfy";

     

       43
       43
       -
                             url = "https://${config.mySnippets.aylac-top.networkMap.ntfy.vHost}/";

     

       44
       44
       -
                             check-url = "http://${config.mySnippets.aylac-top.networkMap.ntfy.hostName}:${toString config.mySnippets.aylac-top.networkMap.ntfy.port}/";

     

       45
       45
       -
                             icon = "di:ntfy";

     

       46
       46
       -
                           }

     

       47
       47
       -
                         ];

     

       48
       48
       -
                       }

     

       49
       49
       -
                       {

     

       50
       50
       -
                         type = "monitor";

     

       51
       51
       -
                         cache = "1m";

     

       52
       52
       -
                         title = "Private Services";

     

       53
       53
       -
       

     

       54
       54
       -
                         sites = [

     

       55
       55
       -
                           {

     

       56
       56
       -
                             title = "Karakeep";

     

       57
       57
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.karakeep.vHost}/";

     

       58
       58
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.karakeep.hostName}:${toString config.mySnippets.tailnet.networkMap.karakeep.port}/";

     

       59
       59
       -
                             icon = "di:karakeep";

     

       60
       60
       -
                           }

     

       61
       61
       -
                           {

     

       62
       62
       -
                             title = "Jellyfin";

     

       63
       63
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.jellyfin.vHost}/";

     

       64
       64
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.jellyfin.hostName}:${toString config.mySnippets.tailnet.networkMap.jellyfin.port}/web/index.html";

     

       65
       65
       -
                             icon = "di:jellyfin";

     

       66
       66
       -
                           }

     

       67
       67
       -
                           {

     

       68
       68
       -
                             title = "Jellyseerr";

     

       69
       69
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.jellyseerr.vHost}/";

     

       70
       70
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.jellyseerr.hostName}:${toString config.mySnippets.tailnet.networkMap.jellyseerr.port}/";

     

       71
       71
       -
                             icon = "di:jellyseerr";

     

       72
       72
       -
                           }

     

       73
       73
       -
                           {

     

       74
       74
       -
                             title = "Sonarr";

     

       75
       75
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.sonarr.vHost}/";

     

       76
       76
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.sonarr.hostName}:${toString config.mySnippets.tailnet.networkMap.sonarr.port}/";

     

       77
       77
       -
                             icon = "di:sonarr";

     

       78
       78
       -
                           }

     

       79
       79
       -
                           {

     

       80
       80
       -
                             title = "Radarr";

     

       81
       81
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.radarr.vHost}/";

     

       82
       82
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.radarr.hostName}:${toString config.mySnippets.tailnet.networkMap.radarr.port}/";

     

       83
       83
       -
                             icon = "di:radarr";

     

       84
       84
       -
                           }

     

       85
       85
       -
                           #{

     

       86
       86
       -
                           #  title = "Lidarr";

     

       87
       87
       -
                           #  url = "https://${config.mySnippets.tailnet.networkMap.lidarr.vHost}/";

     

       88
       88
       -
                           #  check-url = "http://${config.mySnippets.tailnet.networkMap.lidarr.hostName}:${toString config.mySnippets.tailnet.networkMap.lidarr.port}/";

     

       89
       89
       -
                           #  icon = "di:lidarr";

     

       90
       90
       -
                           #}

     

       91
       91
       -
                           {

     

       92
       92
       -
                             title = "Prowlarr";

     

       93
       93
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.prowlarr.vHost}/";

     

       94
       94
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.prowlarr.hostName}:${toString config.mySnippets.tailnet.networkMap.prowlarr.port}/";

     

       95
       95
       -
                             icon = "di:prowlarr";

     

       96
       96
       -
                           }

     

       97
       97
       -
                           {

     

       98
       98
       -
                             title = "Bazarr";

     

       99
       99
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.bazarr.vHost}/";

     

       100
       100
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.bazarr.hostName}:${toString config.mySnippets.tailnet.networkMap.bazarr.port}/";

     

       101
       101
       -
                             icon = "di:bazarr";

     

       102
       102
       -
                           }

     

       103
       103
       -
                           {

     

       104
       104
       -
                             title = "Autobrr";

     

       105
       105
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.autobrr.vHost}/";

     

       106
       106
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.autobrr.hostName}:${toString config.mySnippets.tailnet.networkMap.autobrr.port}/";

     

       107
       107
       -
                             icon = "di:autobrr";

     

       108
       108
       -
                           }

     

       109
       109
       -
                           {

     

       110
       110
       -
                             title = "qBittorrent";

     

       111
       111
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.qbittorrent.vHost}/";

     

       112
       112
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.qbittorrent.hostName}:${toString config.mySnippets.tailnet.networkMap.qbittorrent.port}/";

     

       113
       113
       -
                             icon = "di:qbittorrent";

     

       114
       114
       -
                             alt-status-codes = [401];

     

       115
       115
       -
                           }

     

       116
       116
       -
                           {

     

       117
       117
       -
                             title = "Uptime Kuma";

     

       118
       118
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.uptime-kuma.vHost}/";

     

       119
       119
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.uptime-kuma.hostName}:${toString config.mySnippets.tailnet.networkMap.uptime-kuma.port}/";

     

       120
       120
       -
                             icon = "di:uptime-kuma";

     

       121
       121
       -
                           }

     

       122
       122
       -
                           {

     

       123
       123
       -
                             title = "Radicale";

     

       124
       124
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.radicale.vHost}/";

     

       125
       125
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.radicale.hostName}:${toString config.mySnippets.tailnet.networkMap.radicale.port}/";

     

       126
       126
       -
                             icon = "di:radicale";

     

       127
       127
       -
                           }

     

       128
       128
       -
                           {

     

       129
       129
       -
                             title = "Copyparty";

     

       130
       130
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.copyparty.vHost}/";

     

       131
       131
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.copyparty.hostName}:${toString config.mySnippets.tailnet.networkMap.copyparty.port}/";

     

       132
       132
       -
                             icon = "di:copyparty";

     

       133
       133
       -
                           }

     

       134
       134
       -
                           {

     

       135
       135
       -
                             title = "Redlib";

     

       136
       136
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.redlib.vHost}/";

     

       137
       137
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.redlib.hostName}:${toString config.mySnippets.tailnet.networkMap.redlib.port}/";

     

       138
       138
       -
                             icon = "di:redlib";

     

       139
       139
       -
                           }

     

       140
       140
       -
                           {

     

       141
       141
       -
                             title = "Miniflux";

     

       142
       142
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.miniflux.vHost}/";

     

       143
       143
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.miniflux.hostName}:${toString config.mySnippets.tailnet.networkMap.miniflux.port}/";

     

       144
       144
       -
                             icon = "di:miniflux";

     

       145
       145
       -
                           }

     

       146
       146
       -
                           {

     

       147
       147
       -
                             title = "audiobookshelf";

     

       148
       148
       -
                             url = "https://${config.mySnippets.tailnet.networkMap.audiobookshelf.vHost}/";

     

       149
       149
       -
                             check-url = "http://${config.mySnippets.tailnet.networkMap.audiobookshelf.hostName}:${toString config.mySnippets.tailnet.networkMap.audiobookshelf.port}/";

     

       150
       150
       -
                             icon = "di:audiobookshelf";

     

       151
       151
       -
                           }

     

       152
       152
       -
                         ];

     

       153
       153
       -
                       }

     

       154
       154
       -
                     ];

     

       155
       155
       -
                   }

     

       156
       156
       -
                 ];

     

       157
       157
       -
               }

     

       158
       158
       -
             ];

     

       159
       159
       -
       

     

       160
       160
       -
             server = {

     

       161
       161
       -
               host = "0.0.0.0";

     

       162
       162
       -
               inherit (config.mySnippets.tailnet.networkMap.glance) port;

     

       163
       163
       -
             };

     

       164
       164
       -
           };

     

       165
       165
       -
         };

     

       166
       166
       -
       }

-12

hosts/nanpi/secrets.nix

···

       1
       1
        
       {self, ...}: {

     

       2
       2
        
         age.secrets = {

     

       3
       3
       -
           cloudflareCertificate.file = "${self.inputs.secrets}/cloudflare/certificate.age";

     

       4
       4
       -
           cloudflareCredentials.file = "${self.inputs.secrets}/cloudflare/credentials.age";

     

       5
       3
        
           pds.file = "${self.inputs.secrets}/pds.age";

     

       6
       4
        
           resticPassword.file = "${self.inputs.secrets}/restic-passwd.age";

     

       7
       5
        
           rclone.file = "${self.inputs.secrets}/rclone.age";

     

       8
       6
        
           tailscaleAuthKey.file = "${self.inputs.secrets}/tailscale/auth.age";

     

       9
       7
        
           syncthingCert.file = "${self.inputs.secrets}/ayla/syncthing/nanpi/cert.age";

     

       10
       8
        
           syncthingKey.file = "${self.inputs.secrets}/ayla/syncthing/nanpi/key.age";

     

       11
       11
       -
           vaultwarden.file = "${self.inputs.secrets}/vaultwarden.age";

     

       12
       12
       -
           gemini.file = "${self.inputs.secrets}/gemini.age";

     

       13
       13
       -
           copyparty = {

     

       14
       14
       -
             file = "${self.inputs.secrets}/copyparty.age";

     

       15
       15
       -
             owner = "copyparty";

     

       16
       16
       -
             group = "copyparty";

     

       17
       17
       -
             mode = "0400";

     

       18
       18
       -
           };

     

       19
       19
       -
           autobrr.file = "${self.inputs.secrets}/autobrr.age";

     

       20
       9
        
           ntfyAuto.file = "${self.inputs.secrets}/ntfyAuto.age";

     

       21
       21
       -
           miniflux.file = "${self.inputs.secrets}/miniflux.age";

     

       22
       10
        
         };

     

       23
       11
        
       }

-352

hosts/nanpi/services.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         config,

     

       3
       3
       -
         pkgs,

     

       4
       4
       -
         ...

     

       5
       5
       -
       }: let

     

       6
       6
       -
         dataDirectory = "/var/lib";

     

       7
       7
       -
       

     

       8
       8
       -
         mkCaddyVHosts = services:

     

       9
       9
       -
           pkgs.lib.listToAttrs (map (service: let

     

       10
       10
       -
             netMap = config.mySnippets.${service.location or "tailnet"}.networkMap.${service.name};

     

       11
       11
       -
             flush = service.flushInterval or false;

     

       12
       12
       -
             proxyConfig =

     

       13
       13
       -
               if flush

     

       14
       14
       -
               then ''

     

       15
       15
       -
                 reverse_proxy ${netMap.hostName}:${toString netMap.port} {

     

       16
       16
       -
                   flush_interval -1

     

       17
       17
       -
                 }

     

       18
       18
       -
               ''

     

       19
       19
       -
               else "reverse_proxy ${netMap.hostName}:${toString netMap.port}";

     

       20
       20
       -
           in

     

       21
       21
       -
             pkgs.lib.nameValuePair "${netMap.vHost}" {

     

       22
       22
       -
               extraConfig = ''

     

       23
       23
       -
                 bind tailscale/${service.name}

     

       24
       24
       -
                 encode zstd gzip

     

       25
       25
       -
                 ${proxyConfig}

     

       26
       26
       -
               '';

     

       27
       27
       -
             })

     

       28
       28
       -
           services);

     

       29
       29
       -
       

     

       30
       30
       -
         mkCloudflareIngress = services:

     

       31
       31
       -
           pkgs.lib.listToAttrs (map (service: let

     

       32
       32
       -
             netMap = config.mySnippets.${service.location or "aylac-top"}.networkMap.${service.name};

     

       33
       33
       -
           in

     

       34
       34
       -
             pkgs.lib.nameValuePair netMap.vHost "http://${netMap.hostName}:${toString netMap.port}")

     

       35
       35
       -
           services);

     

       36
       36
       -
       

     

       37
       37
       -
         pdsHomePage = ''

     

       38
       38
       -
           hiii this is an ATProto PDS!! You will find my (ayla) account here!!

     

       39
       39
       -
           i should probably put some cool ass art in here or maybe an actual homepage

     

       40
       40
       -
           but having this by itself is fun

     

       41
       41
       -
       

     

       42
       42
       -
           most API routes are under /xrpc/

     

       43
       43
       -
         '';

     

       44
       44
       -
       in {

     

       45
       45
       -
         services = {

     

       46
       46
       -
           cloudflared = {

     

       47
       47
       -
             enable = true;

     

       48
       48
       -
             certificateFile = config.age.secrets.cloudflareCertificate.path;

     

       49
       49
       -
             tunnels = {

     

       50
       50
       -
               "efe3d484-102d-4c58-bb17-ceaede4d7a4f" = {

     

       51
       51
       -
                 certificateFile = config.age.secrets.cloudflareCertificate.path;

     

       52
       52
       -
                 credentialsFile = config.age.secrets.cloudflareCredentials.path;

     

       53
       53
       -
                 default = "http_status:404";

     

       54
       54
       -
                 ingress =

     

       55
       55
       -
                   mkCloudflareIngress [

     

       56
       56
       -
                     {name = "forgejo";}

     

       57
       57
       -
                     {name = "glance";}

     

       58
       58
       -
                     {name = "ntfy";}

     

       59
       59
       -
                     {name = "vaultwarden";}

     

       60
       60
       -
                   ]

     

       61
       61
       -
                   // {

     

       62
       62
       -
                     "${config.mySnippets.aylac-top.networkMap.pds.vHost}" = "http://${config.mySnippets.aylac-top.networkMap.pds.hostName}";

     

       63
       63
       -
                   };

     

       64
       64
       -
               };

     

       65
       65
       -
             };

     

       66
       66
       -
           };

     

       67
       67
       -
       

     

       68
       68
       -
           caddy.virtualHosts =

     

       69
       69
       -
             mkCaddyVHosts [

     

       70
       70
       -
               {name = "audiobookshelf";}

     

       71
       71
       -
               {name = "autobrr";}

     

       72
       72
       -
               {name = "bazarr";}

     

       73
       73
       -
               {name = "copyparty";}

     

       74
       74
       -
               {name = "couchdb";}

     

       75
       75
       -
               {name = "glance";}

     

       76
       76
       -
               {

     

       77
       77
       -
                 name = "jellyfin";

     

       78
       78
       -
                 flushInterval = true;

     

       79
       79
       -
               }

     

       80
       80
       -
               {name = "jellyseerr";}

     

       81
       81
       -
               {name = "karakeep";}

     

       82
       82
       -
               {name = "miniflux";}

     

       83
       83
       -
               {name = "prowlarr";}

     

       84
       84
       -
               {name = "qbittorrent";}

     

       85
       85
       -
               {name = "radarr";}

     

       86
       86
       -
               {name = "radicale";}

     

       87
       87
       -
               {name = "redlib";}

     

       88
       88
       -
               {name = "sonarr";}

     

       89
       89
       -
               {name = "webdav";}

     

       90
       90
       -
             ]

     

       91
       91
       -
             // {

     

       92
       92
       -
               "http://${config.mySnippets.aylac-top.networkMap.pds.vHost}" = {

     

       93
       93
       -
                 extraConfig = ''

     

       94
       94
       -
                   encode zstd gzip

     

       95
       95
       -
       

     

       96
       96
       -
                   handle / {

     

       97
       97
       -
                     respond "${pdsHomePage}"

     

       98
       98
       -
                   }

     

       99
       99
       -
       

     

       100
       100
       -
                   handle /xrpc/app.bsky.unspecced.getAgeAssuranceState {

     

       101
       101
       -
                   	header content-type "application/json"

     

       102
       102
       -
                   	header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy"

     

       103
       103
       -
                   	header access-control-allow-origin "*"

     

       104
       104
       -
                   	respond `{"lastInitiatedAt":"2025-07-14T14:22:43.912Z","status":"assured"}` 200

     

       105
       105
       -
                   }

     

       106
       106
       -
       

     

       107
       107
       -
                   handle {

     

       108
       108
       -
                     reverse_proxy ${config.mySnippets.aylac-top.networkMap.pds.hostName}:${toString config.mySnippets.aylac-top.networkMap.pds.port}

     

       109
       109
       -
                   }

     

       110
       110
       -
                 '';

     

       111
       111
       -
               };

     

       112
       112
       -
             };

     

       113
       113
       -
       

     

       114
       114
       -
           pds = {

     

       115
       115
       -
             enable = true;

     

       116
       116
       -
             environmentFiles = [config.age.secrets.pds.path];

     

       117
       117
       -
             pdsadmin.enable = true;

     

       118
       118
       -
             settings = {

     

       119
       119
       -
               PDS_HOSTNAME = config.mySnippets.aylac-top.networkMap.pds.vHost;

     

       120
       120
       -
               # PDS_BSKY_APP_VIEW_URL = "https://bsky.zeppelin.social";

     

       121
       121
       -
               # PDS_BSKY_APP_VIEW_DID = "did:web:bsky.zeppelin.social";

     

       122
       122
       -
             };

     

       123
       123
       -
           };

     

       124
       124
       -
       

     

       125
       125
       -
           #immich = {

     

       126
       126
       -
           #  enable = true;

     

       127
       127
       -
           #  host = "0.0.0.0";

     

       128
       128
       -
           #  mediaLocation = "${dataDirectory}/immich";

     

       129
       129
       -
           #  openFirewall = true;

     

       130
       130
       -
           #  inherit (config.mySnippets.tailnet.networkMap.immich) port;

     

       131
       131
       -
           #};

     

       132
       132
       -
       

     

       133
       133
       -
           audiobookshelf = {

     

       134
       134
       -
             enable = true;

     

       135
       135
       -
             host = "0.0.0.0";

     

       136
       136
       -
             openFirewall = true;

     

       137
       137
       -
             inherit (config.mySnippets.tailnet.networkMap.audiobookshelf) port;

     

       138
       138
       -
           };

     

       139
       139
       -
       

     

       140
       140
       -
           vaultwarden = {

     

       141
       141
       -
             enable = true;

     

       142
       142
       -
       

     

       143
       143
       -
             config = {

     

       144
       144
       -
               DOMAIN = "https://${config.mySnippets.aylac-top.networkMap.vaultwarden.vHost}";

     

       145
       145
       -
               ROCKET_ADDRESS = "0.0.0.0";

     

       146
       146
       -
               ROCKET_LOG = "critical";

     

       147
       147
       -
               ROCKET_PORT = config.mySnippets.aylac-top.networkMap.vaultwarden.port;

     

       148
       148
       -
               SIGNUPS_ALLOWED = false;

     

       149
       149
       -
               ICON_SERVICE = "bitwarden";

     

       150
       150
       -
               ICON_CACHE_TTL = 0;

     

       151
       151
       -
               IP_HEADER = "CF-Connecting-IP";

     

       152
       152
       -
             };

     

       153
       153
       -
       

     

       154
       154
       -
             environmentFile = config.age.secrets.vaultwarden.path;

     

       155
       155
       -
           };

     

       156
       156
       -
       

     

       157
       157
       -
           jellyfin = {

     

       158
       158
       -
             enable = true;

     

       159
       159
       -
             openFirewall = true;

     

       160
       160
       -
             dataDir = "${dataDirectory}/jellyfin";

     

       161
       161
       -
           };

     

       162
       162
       -
       

     

       163
       163
       -
           radicale = {

     

       164
       164
       -
             enable = true;

     

       165
       165
       -
             settings = {

     

       166
       166
       -
               server = {

     

       167
       167
       -
                 hosts = ["0.0.0.0:${toString config.mySnippets.tailnet.networkMap.radicale.port}" "[::]:${toString config.mySnippets.tailnet.networkMap.radicale.port}"];

     

       168
       168
       -
               };

     

       169
       169
       -
               auth = {

     

       170
       170
       -
                 type = "htpasswd";

     

       171
       171
       -
                 htpasswd_filename = "/var/lib/radicale/users";

     

       172
       172
       -
                 htpasswd_encryption = "autodetect";

     

       173
       173
       -
               };

     

       174
       174
       -
               storage = {

     

       175
       175
       -
                 filesystem_folder = "/var/lib/radicale/collections";

     

       176
       176
       -
               };

     

       177
       177
       -
             };

     

       178
       178
       -
           };

     

       179
       179
       -
       

     

       180
       180
       -
           redlib = {

     

       181
       181
       -
             enable = true;

     

       182
       182
       -
             openFirewall = true;

     

       183
       183
       -
             inherit (config.mySnippets.tailnet.networkMap.redlib) port;

     

       184
       184
       -
             settings = {

     

       185
       185
       -
               ENABLE_RSS = "on";

     

       186
       186
       -
               REDLIB_DEFAULT_SHOW_NSFW = "on";

     

       187
       187
       -
               REDLIB_DEFAULT_USE_HLS = "on";

     

       188
       188
       -
               FULL_URL = "https://${config.mySnippets.tailnet.networkMap.redlib.vHost}";

     

       189
       189
       -
             };

     

       190
       190
       -
           };

     

       191
       191
       -
       

     

       192
       192
       -
           karakeep = {

     

       193
       193
       -
             enable = true;

     

       194
       194
       -
       

     

       195
       195
       -
             extraEnvironment = rec {

     

       196
       196
       -
               DISABLE_NEW_RELEASE_CHECK = "true";

     

       197
       197
       -
               DISABLE_SIGNUPS = "true";

     

       198
       198
       -
               OPENAI_BASE_URL = "https://generativelanguage.googleapis.com/v1beta/openai/";

     

       199
       199
       -
               INFERENCE_TEXT_MODEL = "gemini-2.5-flash";

     

       200
       200
       -
               INFERENCE_IMAGE_MODEL = INFERENCE_TEXT_MODEL;

     

       201
       201
       -
               EMBEDDING_TEXT_MODEL = INFERENCE_TEXT_MODEL;

     

       202
       202
       -
               INFERENCE_CONTEXT_LENGTH = "600000";

     

       203
       203
       -
               INFERENCE_LANG = "english";

     

       204
       204
       -
               INFERENCE_NUM_WORKERS = "2";

     

       205
       205
       -
               NEXTAUTH_URL = "https://${config.mySnippets.tailnet.networkMap.karakeep.vHost}";

     

       206
       206
       -
               PORT = "7020";

     

       207
       207
       -
             };

     

       208
       208
       -
             environmentFile = config.age.secrets.gemini.path;

     

       209
       209
       -
           };

     

       210
       210
       -
       

     

       211
       211
       -
           miniflux = {

     

       212
       212
       -
             enable = true;

     

       213
       213
       -
             adminCredentialsFile = config.age.secrets.miniflux.path;

     

       214
       214
       -
             config = {

     

       215
       215
       -
               BATCH_SIZE = 100;

     

       216
       216
       -
               CLEANUP_FREQUENCY_HOURS = 48;

     

       217
       217
       -
               LISTEN_ADDR = "${config.mySnippets.tailnet.networkMap.miniflux.hostName}:${toString config.mySnippets.tailnet.networkMap.miniflux.port}";

     

       218
       218
       -
               BASE_URL = "https://${config.mySnippets.tailnet.networkMap.miniflux.vHost}";

     

       219
       219
       -
               WEBAUTHN = "enabled";

     

       220
       220
       -
             };

     

       221
       221
       -
           };

     

       222
       222
       -
       

     

       223
       223
       -
           ntfy-sh = {

     

       224
       224
       -
             enable = true;

     

       225
       225
       -
             user = "ntfy";

     

       226
       226
       -
             group = "ntfy";

     

       227
       227
       -
             settings = {

     

       228
       228
       -
               listen-http = ":${toString config.mySnippets.aylac-top.networkMap.ntfy.port}";

     

       229
       229
       -
               base-url = "https://${config.mySnippets.aylac-top.networkMap.ntfy.vHost}";

     

       230
       230
       -
               cache-duration = "30d";

     

       231
       231
       -
               cache-startup-queries = ''

     

       232
       232
       -
                 pragma journal_mode = WAL;

     

       233
       233
       -
                 pragma synchronous = normal;

     

       234
       234
       -
                 pragma temp_store = memory;

     

       235
       235
       -
               '';

     

       236
       236
       -
               behind-proxy = true;

     

       237
       237
       -
               auth-default-access = "deny-all";

     

       238
       238
       -
               auth-users = [

     

       239
       239
       -
                 "ayla:$2a$10$hh05DMOuVQ3Zf67Rn8VUl.HYUop/.90V04IhNPmOsSYh9FSHCbL1K:admin"

     

       240
       240
       -
                 "auto:$2a$10$w7EDB/6orrpM9JVBqu4jHeBKvXliA4jvRI7Nd.fn.Fo4rGTHD50ju:user"

     

       241
       241
       -
               ];

     

       242
       242
       -
               auth-access = [

     

       243
       243
       -
                 "everyone:up*:wo"

     

       244
       244
       -
                 "auto:*:wo"

     

       245
       245
       -
                 "everyone:message-to-ayla:wo"

     

       246
       246
       -
               ];

     

       247
       247
       -
             };

     

       248
       248
       -
           };

     

       249
       249
       -
       

     

       250
       250
       -
           jellyseerr = {

     

       251
       251
       -
             enable = true;

     

       252
       252
       -
             inherit (config.mySnippets.tailnet.networkMap.jellyseerr) port;

     

       253
       253
       -
             openFirewall = true;

     

       254
       254
       -
           };

     

       255
       255
       -
       

     

       256
       256
       -
           copyparty = {

     

       257
       257
       -
             enable = true;

     

       258
       258
       -
             settings = {

     

       259
       259
       -
               i = "0.0.0.0";

     

       260
       260
       -
               p = [config.mySnippets.tailnet.networkMap.copyparty.port (config.mySnippets.tailnet.networkMap.copyparty.port + 1)];

     

       261
       261
       -
               no-reload = true;

     

       262
       262
       -
               ignored-flag = false;

     

       263
       263
       -
             };

     

       264
       264
       -
             accounts = {

     

       265
       265
       -
               ayla = {

     

       266
       266
       -
                 passwordFile = config.age.secrets.copyparty.path;

     

       267
       267
       -
               };

     

       268
       268
       -
             };

     

       269
       269
       -
             volumes = {

     

       270
       270
       -
               "/" = {

     

       271
       271
       -
                 path = "/data/copyparty";

     

       272
       272
       -
                 access = {

     

       273
       273
       -
                   r = ["*"];

     

       274
       274
       -
                   A = ["ayla"];

     

       275
       275
       -
                 };

     

       276
       276
       -
                 flags = {

     

       277
       277
       -
                   fk = 4;

     

       278
       278
       -
                   scan = 480;

     

       279
       279
       -
                 };

     

       280
       280
       -
               };

     

       281
       281
       -
             };

     

       282
       282
       -
           };

     

       283
       283
       -
       

     

       284
       284
       -
           webdav-server-rs = {

     

       285
       285
       -
             enable = true;

     

       286
       286
       -
             settings = {

     

       287
       287
       -
               server.listen = ["0.0.0.0:${toString config.mySnippets.tailnet.networkMap.webdav.port}" "[::]:${toString config.mySnippets.tailnet.networkMap.webdav.port}"];

     

       288
       288
       -
               accounts = {

     

       289
       289
       -
                 auth-type = "htpasswd.default";

     

       290
       290
       -
                 acct-type = "unix";

     

       291
       291
       -
               };

     

       292
       292
       -
               htpasswd.default = {

     

       293
       293
       -
                 htpasswd = pkgs.writeText "htpasswd" ''

     

       294
       294
       -
                   ayla:$2y$05$LD.VqJF.yVGsp.C3L6IJFO0SvYTeCKbGoGn70ZQaht4gxyEq2XbCS

     

       295
       295
       -
                 '';

     

       296
       296
       -
               };

     

       297
       297
       -
               location = [

     

       298
       298
       -
                 {

     

       299
       299
       -
                   route = ["/*path"];

     

       300
       300
       -
                   directory = "${dataDirectory}/webdav";

     

       301
       301
       -
                   handler = "filesystem";

     

       302
       302
       -
                   methods = ["webdav-rw"];

     

       303
       303
       -
                   autoindex = true;

     

       304
       304
       -
                   auth = "true";

     

       305
       305
       -
                 }

     

       306
       306
       -
               ];

     

       307
       307
       -
             };

     

       308
       308
       -
           };

     

       309
       309
       -
       

     

       310
       310
       -
           couchdb = {

     

       311
       311
       -
             inherit (config.mySnippets.tailnet.networkMap.couchdb) port;

     

       312
       312
       -
             enable = true;

     

       313
       313
       -
             bindAddress = "0.0.0.0";

     

       314
       314
       -
       

     

       315
       315
       -
             extraConfig = {

     

       316
       316
       -
               couchdb = {

     

       317
       317
       -
                 single_node = true;

     

       318
       318
       -
                 max_document_size = 50000000;

     

       319
       319
       -
               };

     

       320
       320
       -
       

     

       321
       321
       -
               chttpd = {

     

       322
       322
       -
                 require_valid_user = true;

     

       323
       323
       -
                 max_http_request_size = 4294967296;

     

       324
       324
       -
                 enable_cors = true;

     

       325
       325
       -
               };

     

       326
       326
       -
       

     

       327
       327
       -
               chttpd_auth = {

     

       328
       328
       -
                 require_valid_user = true;

     

       329
       329
       -
                 authentication_redirect = "/_utils/session.html";

     

       330
       330
       -
               };

     

       331
       331
       -
       

     

       332
       332
       -
               httpd = {

     

       333
       333
       -
                 enable_cors = true;

     

       334
       334
       -
                 "WWW-Authenticate" = "Basic realm=\"couchdb\"";

     

       335
       335
       -
                 bind_address = "0.0.0.0";

     

       336
       336
       -
               };

     

       337
       337
       -
       

     

       338
       338
       -
               cors = {

     

       339
       339
       -
                 origins = "app://obsidian.md,capacitor://localhost,http://localhost";

     

       340
       340
       -
                 credentials = true;

     

       341
       341
       -
                 headers = "accept, authorization, content-type, origin, referer";

     

       342
       342
       -
                 methods = "GET,PUT,POST,HEAD,DELETE";

     

       343
       343
       -
                 max_age = 3600;

     

       344
       344
       -
               };

     

       345
       345
       -
             };

     

       346
       346
       -
           };

     

       347
       347
       -
         };

     

       348
       348
       -
       

     

       349
       349
       -
         systemd.tmpfiles.rules = [

     

       350
       350
       -
           "d /var/lib/webdav 0755 webdav webdav - -"

     

       351
       351
       -
         ];

     

       352
       352
       -
       }

+2 -1

modules/hardware/acer/aspire/A515-52G/default.nix

···

       27
       27
        
           };

     

       28
       28
        
       

     

       29
       29
        
           myHardware = {

     

       30
       30
       -
             nvidia.gpu.enable = true;

     

       30
       30
       +
             # disabled it to see if my laptop gets less hot

     

       31
       31
       +
             nvidia.gpu.enable = false;

     

       31
       32
        
             intel = {

     

       32
       33
        
               cpu.enable = true;

     

       33
       34
        
               gpu.enable = true;

modules/home/desktop/gnome/default.nix

···

       138
       138
        
             gnome-tweaks

     

       139
       139
        
             adw-gtk3

     

       140
       140
        
             gnome-extension-manager

     

       141
       141
       +
             morewaita-icon-theme

     

       142
       142
       +
             nautilus-open-any-terminal

     

       141
       143
        
           ];

     

       142
       144
        
       

     

       143
       145
        
           myHome.profiles.defaultApps = {

-1

modules/nixos/desktop/gnome/default.nix

···

       34
       34
        
           services.gnome.gcr-ssh-agent.enable = true;

     

       35
       35
        
       

     

       36
       36
        
           programs = {

     

       37
       37
       -
             nautilus-open-any-terminal.enable = true;

     

       38
       37
        
             kdeconnect = {

     

       39
       38
        
               enable = true;

     

       40
       39
        
               package = pkgs.gnomeExtensions.gsconnect;

+63 -17

modules/nixos/profiles/arr/default.nix

···

       1
       1
        
       {

     

       2
       2
        
         config,

     

       3
       3
        
         lib,

     

       4
       4
       +
         self,

     

       4
       5
        
         ...

     

       5
       5
       -
       }: {

     

       6
       6
       +
       }: let

     

       7
       7
       +
         cfg = config.myNixOS.profiles.arr;

     

       8
       8
       +
       

     

       9
       9
       +
         netMap = config.mySnippets.tailnet.networkMap;

     

       10
       10
       +
       in {

     

       6
       11
        
         options.myNixOS.profiles.arr = {

     

       7
       12
        
           enable = lib.mkEnableOption "*arr services";

     

       8
       13
        
       

     
···

       11
       16
        
             default = "/var/lib";

     

       12
       17
        
             description = "The directory where *arr stores its data files.";

     

       13
       18
        
           };

     

       19
       19
       +
       

     

       20
       20
       +
           autoProxy = lib.mkOption {

     

       21
       21
       +
             default = true;

     

       22
       22
       +
             example = false;

     

       23
       23
       +
             description = "auto proxy the *arrs";

     

       24
       24
       +
             type = lib.types.bool;

     

       25
       25
       +
           };

     

       14
       26
        
         };

     

       15
       27
        
       

     

       16
       28
        
         config = lib.mkMerge [

     

       17
       17
       -
           (lib.mkIf config.myNixOS.profiles.arr.enable {

     

       29
       29
       +
           (lib.mkIf cfg.enable {

     

       30
       30
       +
             age.secrets.autobrr.file = "${self.inputs.secrets}/autobrr.age";

     

       31
       31
       +
       

     

       18
       32
        
             services = {

     

       33
       33
       +
               caddy.virtualHosts = lib.mkIf cfg.autoProxy {

     

       34
       34
       +
                 "${netMap.autobrr.vHost}".extraConfig = ''

     

       35
       35
       +
                   bind tailscale/autobrr

     

       36
       36
       +
                   encode zstd gzip

     

       37
       37
       +
                   reverse_proxy ${netMap.autobrr.hostName}:${toString netMap.autobrr.port}

     

       38
       38
       +
                 '';

     

       39
       39
       +
       

     

       40
       40
       +
                 "${netMap.bazarr.vHost}".extraConfig = ''

     

       41
       41
       +
                   bind tailscale/bazarr

     

       42
       42
       +
                   encode zstd gzip

     

       43
       43
       +
                   reverse_proxy ${netMap.bazarr.hostName}:${toString netMap.bazarr.port}

     

       44
       44
       +
                 '';

     

       45
       45
       +
       

     

       46
       46
       +
                 "${netMap.prowlarr.vHost}".extraConfig = ''

     

       47
       47
       +
                   bind tailscale/prowlarr

     

       48
       48
       +
                   encode zstd gzip

     

       49
       49
       +
                   reverse_proxy ${netMap.prowlarr.hostName}:${toString netMap.prowlarr.port}

     

       50
       50
       +
                 '';

     

       51
       51
       +
       

     

       52
       52
       +
                 "${netMap.radarr.vHost}".extraConfig = ''

     

       53
       53
       +
                   bind tailscale/radarr

     

       54
       54
       +
                   encode zstd gzip

     

       55
       55
       +
                   reverse_proxy ${netMap.radarr.hostName}:${toString netMap.radarr.port}

     

       56
       56
       +
                 '';

     

       57
       57
       +
       

     

       58
       58
       +
                 "${netMap.sonarr.vHost}".extraConfig = ''

     

       59
       59
       +
                   bind tailscale/sonarr

     

       60
       60
       +
                   encode zstd gzip

     

       61
       61
       +
                   reverse_proxy ${netMap.sonarr.hostName}:${toString netMap.sonarr.port}

     

       62
       62
       +
                 '';

     

       63
       63
       +
               };

     

       64
       64
       +
       

     

       65
       65
       +
               autobrr = {

     

       66
       66
       +
                 enable = true;

     

       67
       67
       +
                 openFirewall = true; # Port: 7474

     

       68
       68
       +
                 secretFile = config.age.secrets.autobrr.path;

     

       69
       69
       +
                 settings = {

     

       70
       70
       +
                   host = "0.0.0.0";

     

       71
       71
       +
                   port = 7474;

     

       72
       72
       +
                 };

     

       73
       73
       +
               };

     

       74
       74
       +
       

     

       19
       75
        
               bazarr = {

     

       20
       76
        
                 enable = true;

     

       21
       21
       -
                 dataDir = "${config.myNixOS.profiles.arr.dataDir}/bazarr";

     

       77
       77
       +
                 dataDir = "${cfg.dataDir}/bazarr";

     

       22
       78
        
                 openFirewall = true; # Port: 6767

     

       23
       79
        
               };

     

       24
       80
        
       

     

       25
       81
        
               #lidarr = {

     

       26
       82
        
               #  enable = true;

     

       27
       27
       -
               #  dataDir = "${config.myNixOS.profiles.arr.dataDir}/lidarr/.config/Lidarr";

     

       83
       83
       +
               #  dataDir = "${cfg.dataDir}/lidarr/.config/Lidarr";

     

       28
       84
        
               #  openFirewall = true; # Port: 8686

     

       29
       85
        
               #};

     

       30
       86
        
       

     

       31
       87
        
               prowlarr = {

     

       32
       88
        
                 enable = true;

     

       33
       33
       -
                 # dataDir = "${config.myNixOS.profiles.arr.dataDir}/prowlarr";

     

       89
       89
       +
                 # dataDir = "${cfg.dataDir}/prowlarr";

     

       34
       90
        
                 openFirewall = true; # Port: 9696

     

       35
       91
        
               };

     

       36
       92
        
       

     

       37
       93
        
               radarr = {

     

       38
       94
        
                 enable = true;

     

       39
       39
       -
                 dataDir = "${config.myNixOS.profiles.arr.dataDir}/radarr/.config/Radarr/";

     

       95
       95
       +
                 dataDir = "${cfg.dataDir}/radarr/.config/Radarr/";

     

       40
       96
        
                 openFirewall = true; # Port: 7878

     

       41
       97
        
               };

     

       42
       98
        
       

     

       43
       99
        
               sonarr = {

     

       44
       100
        
                 enable = true;

     

       45
       45
       -
                 dataDir = "${config.myNixOS.profiles.arr.dataDir}/sonarr/.config/NzbDrone/";

     

       101
       101
       +
                 dataDir = "${cfg.dataDir}/sonarr/.config/NzbDrone/";

     

       46
       102
        
                 openFirewall = true; # Port: 8989

     

       47
       47
       -
               };

     

       48
       48
       -
       

     

       49
       49
       -
               autobrr = {

     

       50
       50
       -
                 enable = true;

     

       51
       51
       -
                 openFirewall = true; # Port: 7474

     

       52
       52
       -
                 secretFile = config.age.secrets.autobrr.path;

     

       53
       53
       -
                 settings = {

     

       54
       54
       -
                   host = "0.0.0.0";

     

       55
       55
       -
                   port = 7474;

     

       56
       56
       -
                 };

     

       57
       103
        
               };

     

       58
       104
        
             };

     

       59
       105

+7 -1

modules/nixos/profiles/autoUpgrade/default.nix

···

       12
       12
        
             default = "boot";

     

       13
       13
        
             description = "Operation to perform on auto-upgrade. Can be 'boot', 'switch', or 'test'.";

     

       14
       14
        
           };

     

       15
       15
       +
       

     

       16
       16
       +
           allowReboot = lib.mkOption {

     

       17
       17
       +
             type = lib.types.bool;

     

       18
       18
       +
             default = true;

     

       19
       19
       +
             description = "Allow auto-upgrade to reboot the system.";

     

       20
       20
       +
           };

     

       15
       21
        
         };

     

       16
       22
        
       

     

       17
       23
        
         config = lib.mkIf config.myNixOS.profiles.autoUpgrade.enable {

     
···

       19
       25
        
             inherit (config.myNixOS.profiles.autoUpgrade) operation;

     

       20
       26
        
       

     

       21
       27
        
             enable = true;

     

       22
       22
       -
             allowReboot = lib.mkDefault true;

     

       28
       28
       +
             inherit (config.myNixOS.profiles.autoUpgrade) allowReboot;

     

       23
       29
        
             dates = "02:00";

     

       24
       30
        
             flags = ["--accept-flake-config"];

     

       25
       31
        
             flake = config.environment.variables.FLAKE or "github:ayla6/nixcfg";

+38

modules/nixos/services/audiobookshelf/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         name = "audiobookshelf";

     

       7
       7
       +
         cfg = config.myNixOS.services.${name};

     

       8
       8
       +
       

     

       9
       9
       +
         network = config.mySnippets.tailnet;

     

       10
       10
       +
         service = network.networkMap.${name};

     

       11
       11
       +
       in {

     

       12
       12
       +
         options.myNixOS.services.${name} = {

     

       13
       13
       +
           enable = lib.mkEnableOption "${name} server";

     

       14
       14
       +
           autoProxy = lib.mkOption {

     

       15
       15
       +
             default = true;

     

       16
       16
       +
             example = false;

     

       17
       17
       +
             description = "${name} auto proxy";

     

       18
       18
       +
             type = lib.types.bool;

     

       19
       19
       +
           };

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         config = lib.mkIf cfg.enable {

     

       23
       23
       +
           services = {

     

       24
       24
       +
             caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       25
       25
       +
               bind tailscale/${name}

     

       26
       26
       +
               encode zstd gzip

     

       27
       27
       +
               reverse_proxy ${service.hostName}:${toString service.port}

     

       28
       28
       +
             '';

     

       29
       29
       +
       

     

       30
       30
       +
             audiobookshelf = {

     

       31
       31
       +
               enable = true;

     

       32
       32
       +
               host = "0.0.0.0";

     

       33
       33
       +
               openFirewall = true;

     

       34
       34
       +
               inherit (service) port;

     

       35
       35
       +
             };

     

       36
       36
       +
           };

     

       37
       37
       +
         };

     

       38
       38
       +
       }

+27

modules/nixos/services/cloudflared/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         self,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }: {

     

       7
       7
       +
         options.myNixOS.services.cloudflared.enable = lib.mkEnableOption "Cloudflared for all your cloudflare tunnels needs";

     

       8
       8
       +
       

     

       9
       9
       +
         config = lib.mkIf config.myNixOS.services.cloudflared.enable {

     

       10
       10
       +
           age.secrets = {

     

       11
       11
       +
             cloudflareCertificate.file = "${self.inputs.secrets}/cloudflare/certificate.age";

     

       12
       12
       +
             cloudflareCredentials.file = "${self.inputs.secrets}/cloudflare/credentials.age";

     

       13
       13
       +
           };

     

       14
       14
       +
       

     

       15
       15
       +
           services.cloudflared = {

     

       16
       16
       +
             enable = true;

     

       17
       17
       +
             certificateFile = config.age.secrets.cloudflareCertificate.path;

     

       18
       18
       +
             tunnels = {

     

       19
       19
       +
               ${config.mySnippets.aylac-top.cloudflareTunnel} = {

     

       20
       20
       +
                 certificateFile = config.age.secrets.cloudflareCertificate.path;

     

       21
       21
       +
                 credentialsFile = config.age.secrets.cloudflareCredentials.path;

     

       22
       22
       +
                 default = "http_status:404";

     

       23
       23
       +
               };

     

       24
       24
       +
             };

     

       25
       25
       +
           };

     

       26
       26
       +
         };

     

       27
       27
       +
       }

+67

modules/nixos/services/copyparty/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         self,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }: let

     

       7
       7
       +
         name = "copyparty";

     

       8
       8
       +
         cfg = config.myNixOS.services.${name};

     

       9
       9
       +
       

     

       10
       10
       +
         network = config.mySnippets.tailnet;

     

       11
       11
       +
         service = network.networkMap.${name};

     

       12
       12
       +
       in {

     

       13
       13
       +
         options.myNixOS.services.${name} = {

     

       14
       14
       +
           enable = lib.mkEnableOption "${name} server";

     

       15
       15
       +
           autoProxy = lib.mkOption {

     

       16
       16
       +
             default = true;

     

       17
       17
       +
             example = false;

     

       18
       18
       +
             description = "${name} auto proxy";

     

       19
       19
       +
             type = lib.types.bool;

     

       20
       20
       +
           };

     

       21
       21
       +
         };

     

       22
       22
       +
       

     

       23
       23
       +
         config = lib.mkIf cfg.enable {

     

       24
       24
       +
           age.secrets.copyparty = {

     

       25
       25
       +
             file = "${self.inputs.secrets}/copyparty.age";

     

       26
       26
       +
             owner = "copyparty";

     

       27
       27
       +
             group = "copyparty";

     

       28
       28
       +
             mode = "0400";

     

       29
       29
       +
           };

     

       30
       30
       +
       

     

       31
       31
       +
           services = {

     

       32
       32
       +
             caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       33
       33
       +
               bind tailscale/${name}

     

       34
       34
       +
               encode zstd gzip

     

       35
       35
       +
               reverse_proxy ${service.hostName}:${toString service.port}

     

       36
       36
       +
             '';

     

       37
       37
       +
       

     

       38
       38
       +
             copyparty = {

     

       39
       39
       +
               enable = true;

     

       40
       40
       +
               settings = {

     

       41
       41
       +
                 i = "0.0.0.0";

     

       42
       42
       +
                 p = [service.port (service.port + 1)];

     

       43
       43
       +
                 no-reload = true;

     

       44
       44
       +
                 ignored-flag = false;

     

       45
       45
       +
               };

     

       46
       46
       +
               accounts = {

     

       47
       47
       +
                 ayla = {

     

       48
       48
       +
                   passwordFile = config.age.secrets.copyparty.path;

     

       49
       49
       +
                 };

     

       50
       50
       +
               };

     

       51
       51
       +
               volumes = {

     

       52
       52
       +
                 "/" = {

     

       53
       53
       +
                   path = "/data/copyparty";

     

       54
       54
       +
                   access = {

     

       55
       55
       +
                     r = ["*"];

     

       56
       56
       +
                     A = ["ayla"];

     

       57
       57
       +
                   };

     

       58
       58
       +
                   flags = {

     

       59
       59
       +
                     fk = 4;

     

       60
       60
       +
                     scan = 480;

     

       61
       61
       +
                   };

     

       62
       62
       +
                 };

     

       63
       63
       +
               };

     

       64
       64
       +
             };

     

       65
       65
       +
           };

     

       66
       66
       +
         };

     

       67
       67
       +
       }

+69

modules/nixos/services/couchdb/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         name = "couchdb";

     

       7
       7
       +
         cfg = config.myNixOS.services.${name};

     

       8
       8
       +
       

     

       9
       9
       +
         network = config.mySnippets.tailnet;

     

       10
       10
       +
         service = network.networkMap.${name};

     

       11
       11
       +
       in {

     

       12
       12
       +
         options.myNixOS.services.${name} = {

     

       13
       13
       +
           enable = lib.mkEnableOption "${name} server";

     

       14
       14
       +
           autoProxy = lib.mkOption {

     

       15
       15
       +
             default = true;

     

       16
       16
       +
             example = false;

     

       17
       17
       +
             description = "${name} auto proxy";

     

       18
       18
       +
             type = lib.types.bool;

     

       19
       19
       +
           };

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         config = lib.mkIf cfg.enable {

     

       23
       23
       +
           services = {

     

       24
       24
       +
             caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       25
       25
       +
               bind tailscale/${name}

     

       26
       26
       +
               encode zstd gzip

     

       27
       27
       +
               reverse_proxy ${service.hostName}:${toString service.port}

     

       28
       28
       +
             '';

     

       29
       29
       +
       

     

       30
       30
       +
             couchdb = {

     

       31
       31
       +
               inherit (service) port;

     

       32
       32
       +
               enable = true;

     

       33
       33
       +
               bindAddress = "0.0.0.0";

     

       34
       34
       +
       

     

       35
       35
       +
               extraConfig = {

     

       36
       36
       +
                 couchdb = {

     

       37
       37
       +
                   single_node = true;

     

       38
       38
       +
                   max_document_size = 50000000;

     

       39
       39
       +
                 };

     

       40
       40
       +
       

     

       41
       41
       +
                 chttpd = {

     

       42
       42
       +
                   require_valid_user = true;

     

       43
       43
       +
                   max_http_request_size = 4294967296;

     

       44
       44
       +
                   enable_cors = true;

     

       45
       45
       +
                 };

     

       46
       46
       +
       

     

       47
       47
       +
                 chttpd_auth = {

     

       48
       48
       +
                   require_valid_user = true;

     

       49
       49
       +
                   authentication_redirect = "/_utils/session.html";

     

       50
       50
       +
                 };

     

       51
       51
       +
       

     

       52
       52
       +
                 httpd = {

     

       53
       53
       +
                   enable_cors = true;

     

       54
       54
       +
                   "WWW-Authenticate" = "Basic realm=\"couchdb\"";

     

       55
       55
       +
                   bind_address = "0.0.0.0";

     

       56
       56
       +
                 };

     

       57
       57
       +
       

     

       58
       58
       +
                 cors = {

     

       59
       59
       +
                   origins = "app://obsidian.md,capacitor://localhost,http://localhost";

     

       60
       60
       +
                   credentials = true;

     

       61
       61
       +
                   headers = "accept, authorization, content-type, origin, referer";

     

       62
       62
       +
                   methods = "GET,PUT,POST,HEAD,DELETE";

     

       63
       63
       +
                   max_age = 3600;

     

       64
       64
       +
                 };

     

       65
       65
       +
               };

     

       66
       66
       +
             };

     

       67
       67
       +
           };

     

       68
       68
       +
         };

     

       69
       69
       +
       }

+17 -1

modules/nixos/services/default.nix

···

       1
       1
        
       {...}: {

     

       2
       2
        
         imports = [

     

       3
       3
       +
           ./audiobookshelf

     

       3
       4
        
           ./aria2

     

       5
       5
       +
           ./couchdb

     

       6
       6
       +
           ./cloudflared

     

       7
       7
       +
           ./copyparty

     

       4
       8
        
           ./caddy

     

       5
       9
        
           ./dnsmasq

     

       6
       10
        
           ./fail2ban

     

       7
       11
        
           ./forgejo

     

       8
       12
        
           ./gdm

     

       13
       13
       +
           ./glance

     

       14
       14
       +
           ./jellyfin

     

       15
       15
       +
           ./jellyseerr

     

       16
       16
       +
           ./karakeep

     

       17
       17
       +
           ./miniflux

     

       18
       18
       +
           ./monitoring

     

       19
       19
       +
           ./ntfy

     

       20
       20
       +
           ./pds

     

       9
       21
        
           ./qbittorrent

     

       22
       22
       +
           ./radicale

     

       23
       23
       +
           ./redlib

     

       10
       24
        
           ./syncthing

     

       11
       25
        
           ./tailscale

     

       12
       12
       -
           ./monitoring

     

       26
       26
       +
           ./uptime-kuma

     

       27
       27
       +
           ./vaultwarden

     

       28
       28
       +
           ./webdav-server-rs

     

       13
       29
        
         ];

     

       14
       30
        
       }

+5 -1

modules/nixos/services/fail2ban/default.nix

···

       19
       19
        
         options.myNixOS.services.fail2ban.enable = lib.mkEnableOption "fail2ban";

     

       20
       20
        
       

     

       21
       21
        
         config = lib.mkIf config.myNixOS.services.fail2ban.enable {

     

       22
       22
       +
           age.secrets = {

     

       23
       23
       +
             cloudflareFail2ban.file = "${self.inputs.secrets}/cloudflare/fail2ban.age";

     

       24
       24
       +
           };

     

       25
       25
       +
       

     

       22
       26
        
           environment.etc = {

     

       23
       27
        
             "fail2ban/action.d/mycloudflare.conf" = {

     

       24
       28
        
               user = "root";

     

       25
       29
        
               group = "root";

     

       26
       30
        
               mode = "0640";

     

       27
       27
       -
               source = "${self.inputs.secrets}/cloudflare/fail2ban.age";

     

       31
       31
       +
               source = config.age.secrets.cloudflareFail2ban.path;

     

       28
       32
        
             };

     

       29
       33
        
       

     

       30
       34
        
             "fail2ban/action.d/ntfy.conf".text = ''

+27 -12

modules/nixos/services/forgejo/default.nix

···

       4
       4
        
         pkgs,

     

       5
       5
        
         self,

     

       6
       6
        
         ...

     

       7
       7
       -
       }: {

     

       7
       7
       +
       }: let

     

       8
       8
       +
         name = "forgejo";

     

       9
       9
       +
         cfg = config.myNixOS.services.${name};

     

       10
       10
       +
       

     

       11
       11
       +
         network = config.mySnippets.aylac-top;

     

       12
       12
       +
         service = network.networkMap.${name};

     

       13
       13
       +
       in {

     

       8
       14
        
         options.myNixOS.services.forgejo = {

     

       9
       9
       -
           enable = lib.mkEnableOption "forĝejo git forge";

     

       15
       15
       +
           enable = lib.mkEnableOption "forgejo git forge";

     

       10
       16
        
       

     

       11
       17
        
           db = lib.mkOption {

     

       12
       18
        
             description = "Database to use (sqlite or postgresql).";

     

       13
       19
        
             default = "sqlite";

     

       14
       20
        
             type = lib.types.str;

     

       15
       21
        
           };

     

       22
       22
       +
       

     

       23
       23
       +
           autoProxy = lib.mkOption {

     

       24
       24
       +
             default = true;

     

       25
       25
       +
             example = false;

     

       26
       26
       +
             description = "${name} auto proxy";

     

       27
       27
       +
             type = lib.types.bool;

     

       28
       28
       +
           };

     

       16
       29
        
         };

     

       17
       30
        
       

     

       18
       18
       -
         config = lib.mkIf config.myNixOS.services.forgejo.enable {

     

       19
       19
       -
           age.secrets = {

     

       20
       20
       -
             postgres-forgejo.file = "${self.inputs.secrets}/postgres/forgejo.age";

     

       21
       21
       -
           };

     

       31
       31
       +
         config = lib.mkIf cfg.enable {

     

       32
       32
       +
           age.secrets.forgejo.file = "${self.inputs.secrets}/postgres/forgejo.age";

     

       22
       33
        
       

     

       23
       34
        
           services = {

     

       24
       24
       -
             postgresql = lib.mkIf (config.myNixOS.services.forgejo.db

     

       35
       35
       +
             cloudflared.tunnels."${network.cloudflareTunnel}".ingress = lib.mkIf cfg.autoProxy {

     

       36
       36
       +
               "${service.vHost}" = "http://${service.hostName}:${toString service.port}";

     

       37
       37
       +
             };

     

       38
       38
       +
       

     

       39
       39
       +
             postgresql = lib.mkIf (cfg.db

     

       25
       40
        
               == "postgresql") {

     

       26
       41
        
               enable = true;

     

       27
       42
        
               package = pkgs.postgresql_16;

     
···

       38
       53
        
             forgejo = {

     

       39
       54
        
               enable = true;

     

       40
       55
        
       

     

       41
       41
       -
               database = lib.mkIf (config.myNixOS.services.forgejo.db

     

       56
       56
       +
               database = lib.mkIf (cfg.db

     

       42
       57
        
                 == "postgresql") {

     

       43
       58
        
                 createDatabase = true;

     

       44
       59
        
                 host = "127.0.0.1";

     

       45
       60
        
                 name = "forgejo";

     

       46
       46
       -
                 passwordFile = config.age.secrets.postgres-forgejo.path;

     

       61
       61
       +
                 passwordFile = config.age.secrets.forgejo.path;

     

       47
       62
        
                 type = "postgres";

     

       48
       63
        
                 user = "forgejo";

     

       49
       64
        
               };

     
···

       95
       110
        
                 security.PASSWORD_CHECK_PWN = true;

     

       96
       111
        
       

     

       97
       112
        
                 server = {

     

       98
       98
       -
                   DOMAIN = config.mySnippets.aylac-top.networkMap.forgejo.vHost;

     

       99
       99
       -
                   HTTP_PORT = config.mySnippets.aylac-top.networkMap.forgejo.port;

     

       113
       113
       +
                   DOMAIN = service.vHost;

     

       114
       114
       +
                   HTTP_PORT = service.port;

     

       100
       115
        
                   LANDING_PAGE = "explore";

     

       101
       116
        
                   LFS_START_SERVER = true;

     

       102
       102
       -
                   ROOT_URL = "https://${config.mySnippets.aylac-top.networkMap.forgejo.vHost}/";

     

       117
       117
       +
                   ROOT_URL = "https://${service.vHost}/";

     

       103
       118
        
                   DISABLE_SSH = true;

     

       104
       119
        
                 };

     

       105
       120

+203

modules/nixos/services/glance/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         name = "glance";

     

       7
       7
       +
         cfg = config.myNixOS.services.${name};

     

       8
       8
       +
       

     

       9
       9
       +
         inherit (config.mySnippets) aylac-top;

     

       10
       10
       +
         inherit (config.mySnippets) tailnet;

     

       11
       11
       +
       

     

       12
       12
       +
         publicNetwork = aylac-top;

     

       13
       13
       +
         privateNetwork = tailnet;

     

       14
       14
       +
       in {

     

       15
       15
       +
         options.myNixOS.services.${name} = {

     

       16
       16
       +
           enable = lib.mkEnableOption "${name} server";

     

       17
       17
       +
           autoProxy = lib.mkOption {

     

       18
       18
       +
             default = true;

     

       19
       19
       +
             example = false;

     

       20
       20
       +
             description = "${name} auto proxy";

     

       21
       21
       +
             type = lib.types.bool;

     

       22
       22
       +
           };

     

       23
       23
       +
         };

     

       24
       24
       +
       

     

       25
       25
       +
         config = lib.mkIf cfg.enable {

     

       26
       26
       +
           services = {

     

       27
       27
       +
             caddy.virtualHosts."${privateNetwork.networkMap.${name}.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       28
       28
       +
               bind tailscale/${name}

     

       29
       29
       +
               encode zstd gzip

     

       30
       30
       +
               reverse_proxy ${privateNetwork.networkMap.${name}.hostName}:${toString privateNetwork.networkMap.${name}.port}

     

       31
       31
       +
             '';

     

       32
       32
       +
       

     

       33
       33
       +
             cloudflared.tunnels."${publicNetwork.cloudflareTunnel}".ingress = lib.mkIf cfg.autoProxy {

     

       34
       34
       +
               "${publicNetwork.networkMap.pds.vHost}" = "http://${publicNetwork.networkMap.pds.hostName}";

     

       35
       35
       +
             };

     

       36
       36
       +
       

     

       37
       37
       +
             glance = {

     

       38
       38
       +
               enable = true;

     

       39
       39
       +
               openFirewall = true;

     

       40
       40
       +
       

     

       41
       41
       +
               settings = {

     

       42
       42
       +
                 pages = [

     

       43
       43
       +
                   {

     

       44
       44
       +
                     name = publicNetwork.networkMap.glance.vHost;

     

       45
       45
       +
                     width = "slim";

     

       46
       46
       +
                     hide-desktop-navigation = true;

     

       47
       47
       +
                     center-vertically = true;

     

       48
       48
       +
                     columns = [

     

       49
       49
       +
                       {

     

       50
       50
       +
                         size = "full";

     

       51
       51
       +
                         widgets = [

     

       52
       52
       +
                           {

     

       53
       53
       +
                             type = "monitor";

     

       54
       54
       +
                             cache = "1m";

     

       55
       55
       +
                             title = "Public Services";

     

       56
       56
       +
       

     

       57
       57
       +
                             sites = [

     

       58
       58
       +
                               {

     

       59
       59
       +
                                 title = "Forgejo";

     

       60
       60
       +
                                 url = "https://${aylac-top.networkMap.forgejo.vHost}/";

     

       61
       61
       +
                                 check-url = "http://${aylac-top.networkMap.forgejo.hostName}:${toString aylac-top.networkMap.forgejo.port}/";

     

       62
       62
       +
                                 icon = "di:forgejo";

     

       63
       63
       +
                               }

     

       64
       64
       +
                               {

     

       65
       65
       +
                                 title = "PDS";

     

       66
       66
       +
                                 url = "https://${aylac-top.networkMap.pds.vHost}/";

     

       67
       67
       +
                                 check-url = "http://${aylac-top.networkMap.pds.hostName}:${toString aylac-top.networkMap.pds.port}/";

     

       68
       68
       +
                                 icon = "di:bluesky";

     

       69
       69
       +
                               }

     

       70
       70
       +
                               {

     

       71
       71
       +
                                 title = "Vaultwarden";

     

       72
       72
       +
                                 url = "https://${aylac-top.networkMap.vaultwarden.vHost}/";

     

       73
       73
       +
                                 check-url = "http://${aylac-top.networkMap.vaultwarden.hostName}:${toString aylac-top.networkMap.vaultwarden.port}/";

     

       74
       74
       +
                                 icon = "di:vaultwarden";

     

       75
       75
       +
                               }

     

       76
       76
       +
                               {

     

       77
       77
       +
                                 title = "ntfy";

     

       78
       78
       +
                                 url = "https://${aylac-top.networkMap.ntfy.vHost}/";

     

       79
       79
       +
                                 check-url = "http://${aylac-top.networkMap.ntfy.hostName}:${toString aylac-top.networkMap.ntfy.port}/";

     

       80
       80
       +
                                 icon = "di:ntfy";

     

       81
       81
       +
                               }

     

       82
       82
       +
                             ];

     

       83
       83
       +
                           }

     

       84
       84
       +
                           {

     

       85
       85
       +
                             type = "monitor";

     

       86
       86
       +
                             cache = "1m";

     

       87
       87
       +
                             title = "Private Services";

     

       88
       88
       +
       

     

       89
       89
       +
                             sites = [

     

       90
       90
       +
                               {

     

       91
       91
       +
                                 title = "Karakeep";

     

       92
       92
       +
                                 url = "https://${tailnet.networkMap.karakeep.vHost}/";

     

       93
       93
       +
                                 check-url = "http://${tailnet.networkMap.karakeep.hostName}:${toString tailnet.networkMap.karakeep.port}/";

     

       94
       94
       +
                                 icon = "di:karakeep";

     

       95
       95
       +
                               }

     

       96
       96
       +
                               {

     

       97
       97
       +
                                 title = "Jellyfin";

     

       98
       98
       +
                                 url = "https://${tailnet.networkMap.jellyfin.vHost}/";

     

       99
       99
       +
                                 check-url = "http://${tailnet.networkMap.jellyfin.hostName}:${toString tailnet.networkMap.jellyfin.port}/web/index.html";

     

       100
       100
       +
                                 icon = "di:jellyfin";

     

       101
       101
       +
                               }

     

       102
       102
       +
                               {

     

       103
       103
       +
                                 title = "Jellyseerr";

     

       104
       104
       +
                                 url = "https://${tailnet.networkMap.jellyseerr.vHost}/";

     

       105
       105
       +
                                 check-url = "http://${tailnet.networkMap.jellyseerr.hostName}:${toString tailnet.networkMap.jellyseerr.port}/";

     

       106
       106
       +
                                 icon = "di:jellyseerr";

     

       107
       107
       +
                               }

     

       108
       108
       +
                               {

     

       109
       109
       +
                                 title = "Sonarr";

     

       110
       110
       +
                                 url = "https://${tailnet.networkMap.sonarr.vHost}/";

     

       111
       111
       +
                                 check-url = "http://${tailnet.networkMap.sonarr.hostName}:${toString tailnet.networkMap.sonarr.port}/";

     

       112
       112
       +
                                 icon = "di:sonarr";

     

       113
       113
       +
                               }

     

       114
       114
       +
                               {

     

       115
       115
       +
                                 title = "Radarr";

     

       116
       116
       +
                                 url = "https://${tailnet.networkMap.radarr.vHost}/";

     

       117
       117
       +
                                 check-url = "http://${tailnet.networkMap.radarr.hostName}:${toString tailnet.networkMap.radarr.port}/";

     

       118
       118
       +
                                 icon = "di:radarr";

     

       119
       119
       +
                               }

     

       120
       120
       +
                               #{

     

       121
       121
       +
                               #  title = "Lidarr";

     

       122
       122
       +
                               #  url = "https://${tailnet.networkMap.lidarr.vHost}/";

     

       123
       123
       +
                               #  check-url = "http://${tailnet.networkMap.lidarr.hostName}:${toString tailnet.networkMap.lidarr.port}/";

     

       124
       124
       +
                               #  icon = "di:lidarr";

     

       125
       125
       +
                               #}

     

       126
       126
       +
                               {

     

       127
       127
       +
                                 title = "Prowlarr";

     

       128
       128
       +
                                 url = "https://${tailnet.networkMap.prowlarr.vHost}/";

     

       129
       129
       +
                                 check-url = "http://${tailnet.networkMap.prowlarr.hostName}:${toString tailnet.networkMap.prowlarr.port}/";

     

       130
       130
       +
                                 icon = "di:prowlarr";

     

       131
       131
       +
                               }

     

       132
       132
       +
                               {

     

       133
       133
       +
                                 title = "Bazarr";

     

       134
       134
       +
                                 url = "https://${tailnet.networkMap.bazarr.vHost}/";

     

       135
       135
       +
                                 check-url = "http://${tailnet.networkMap.bazarr.hostName}:${toString tailnet.networkMap.bazarr.port}/";

     

       136
       136
       +
                                 icon = "di:bazarr";

     

       137
       137
       +
                               }

     

       138
       138
       +
                               {

     

       139
       139
       +
                                 title = "Autobrr";

     

       140
       140
       +
                                 url = "https://${tailnet.networkMap.autobrr.vHost}/";

     

       141
       141
       +
                                 check-url = "http://${tailnet.networkMap.autobrr.hostName}:${toString tailnet.networkMap.autobrr.port}/";

     

       142
       142
       +
                                 icon = "di:autobrr";

     

       143
       143
       +
                               }

     

       144
       144
       +
                               {

     

       145
       145
       +
                                 title = "qBittorrent";

     

       146
       146
       +
                                 url = "https://${tailnet.networkMap.qbittorrent.vHost}/";

     

       147
       147
       +
                                 check-url = "http://${tailnet.networkMap.qbittorrent.hostName}:${toString tailnet.networkMap.qbittorrent.port}/";

     

       148
       148
       +
                                 icon = "di:qbittorrent";

     

       149
       149
       +
                                 alt-status-codes = [401];

     

       150
       150
       +
                               }

     

       151
       151
       +
                               {

     

       152
       152
       +
                                 title = "Uptime Kuma";

     

       153
       153
       +
                                 url = "https://${tailnet.networkMap.uptime-kuma.vHost}/";

     

       154
       154
       +
                                 check-url = "http://${tailnet.networkMap.uptime-kuma.hostName}:${toString tailnet.networkMap.uptime-kuma.port}/";

     

       155
       155
       +
                                 icon = "di:uptime-kuma";

     

       156
       156
       +
                               }

     

       157
       157
       +
                               {

     

       158
       158
       +
                                 title = "Radicale";

     

       159
       159
       +
                                 url = "https://${tailnet.networkMap.radicale.vHost}/";

     

       160
       160
       +
                                 check-url = "http://${tailnet.networkMap.radicale.hostName}:${toString tailnet.networkMap.radicale.port}/";

     

       161
       161
       +
                                 icon = "di:radicale";

     

       162
       162
       +
                               }

     

       163
       163
       +
                               {

     

       164
       164
       +
                                 title = "Copyparty";

     

       165
       165
       +
                                 url = "https://${tailnet.networkMap.copyparty.vHost}/";

     

       166
       166
       +
                                 check-url = "http://${tailnet.networkMap.copyparty.hostName}:${toString tailnet.networkMap.copyparty.port}/";

     

       167
       167
       +
                                 icon = "di:copyparty";

     

       168
       168
       +
                               }

     

       169
       169
       +
                               {

     

       170
       170
       +
                                 title = "Redlib";

     

       171
       171
       +
                                 url = "https://${tailnet.networkMap.redlib.vHost}/";

     

       172
       172
       +
                                 check-url = "http://${tailnet.networkMap.redlib.hostName}:${toString tailnet.networkMap.redlib.port}/";

     

       173
       173
       +
                                 icon = "di:redlib";

     

       174
       174
       +
                               }

     

       175
       175
       +
                               {

     

       176
       176
       +
                                 title = "Miniflux";

     

       177
       177
       +
                                 url = "https://${tailnet.networkMap.miniflux.vHost}/";

     

       178
       178
       +
                                 check-url = "http://${tailnet.networkMap.miniflux.hostName}:${toString tailnet.networkMap.miniflux.port}/";

     

       179
       179
       +
                                 icon = "di:miniflux";

     

       180
       180
       +
                               }

     

       181
       181
       +
                               {

     

       182
       182
       +
                                 title = "audiobookshelf";

     

       183
       183
       +
                                 url = "https://${tailnet.networkMap.audiobookshelf.vHost}/";

     

       184
       184
       +
                                 check-url = "http://${tailnet.networkMap.audiobookshelf.hostName}:${toString tailnet.networkMap.audiobookshelf.port}/";

     

       185
       185
       +
                                 icon = "di:audiobookshelf";

     

       186
       186
       +
                               }

     

       187
       187
       +
                             ];

     

       188
       188
       +
                           }

     

       189
       189
       +
                         ];

     

       190
       190
       +
                       }

     

       191
       191
       +
                     ];

     

       192
       192
       +
                   }

     

       193
       193
       +
                 ];

     

       194
       194
       +
       

     

       195
       195
       +
                 server = {

     

       196
       196
       +
                   host = "0.0.0.0";

     

       197
       197
       +
                   inherit (tailnet.networkMap.glance) port;

     

       198
       198
       +
                 };

     

       199
       199
       +
               };

     

       200
       200
       +
             };

     

       201
       201
       +
           };

     

       202
       202
       +
         };

     

       203
       203
       +
       }

+41

modules/nixos/services/jellyfin/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         name = "jellyfin";

     

       7
       7
       +
         cfg = config.myNixOS.services.${name};

     

       8
       8
       +
       

     

       9
       9
       +
         network = config.mySnippets.tailnet;

     

       10
       10
       +
         service = network.networkMap.${name};

     

       11
       11
       +
       

     

       12
       12
       +
         dataDirectory = "/var/lib";

     

       13
       13
       +
       in {

     

       14
       14
       +
         options.myNixOS.services.${name} = {

     

       15
       15
       +
           enable = lib.mkEnableOption "${name} server";

     

       16
       16
       +
           autoProxy = lib.mkOption {

     

       17
       17
       +
             default = true;

     

       18
       18
       +
             example = false;

     

       19
       19
       +
             description = "${name} auto proxy";

     

       20
       20
       +
             type = lib.types.bool;

     

       21
       21
       +
           };

     

       22
       22
       +
         };

     

       23
       23
       +
       

     

       24
       24
       +
         config = lib.mkIf cfg.enable {

     

       25
       25
       +
           services = {

     

       26
       26
       +
             caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       27
       27
       +
               bind tailscale/${name}

     

       28
       28
       +
               encode zstd gzip

     

       29
       29
       +
               reverse_proxy ${service.hostName}:${toString service.port} {

     

       30
       30
       +
                 flush_interval -1

     

       31
       31
       +
               }

     

       32
       32
       +
             '';

     

       33
       33
       +
       

     

       34
       34
       +
             jellyfin = {

     

       35
       35
       +
               enable = true;

     

       36
       36
       +
               openFirewall = true;

     

       37
       37
       +
               dataDir = "${dataDirectory}/jellyfin";

     

       38
       38
       +
             };

     

       39
       39
       +
           };

     

       40
       40
       +
         };

     

       41
       41
       +
       }

+37

modules/nixos/services/jellyseerr/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         name = "jellyseerr";

     

       7
       7
       +
         cfg = config.myNixOS.services.${name};

     

       8
       8
       +
       

     

       9
       9
       +
         network = config.mySnippets.tailnet;

     

       10
       10
       +
         service = network.networkMap.${name};

     

       11
       11
       +
       in {

     

       12
       12
       +
         options.myNixOS.services.${name} = {

     

       13
       13
       +
           enable = lib.mkEnableOption "${name} server";

     

       14
       14
       +
           autoProxy = lib.mkOption {

     

       15
       15
       +
             default = true;

     

       16
       16
       +
             example = false;

     

       17
       17
       +
             description = "${name} auto proxy";

     

       18
       18
       +
             type = lib.types.bool;

     

       19
       19
       +
           };

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         config = lib.mkIf cfg.enable {

     

       23
       23
       +
           services = {

     

       24
       24
       +
             caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       25
       25
       +
               bind tailscale/${name}

     

       26
       26
       +
               encode zstd gzip

     

       27
       27
       +
               reverse_proxy ${service.hostName}:${toString service.port}

     

       28
       28
       +
             '';

     

       29
       29
       +
       

     

       30
       30
       +
             jellyseerr = {

     

       31
       31
       +
               enable = true;

     

       32
       32
       +
               inherit (service) port;

     

       33
       33
       +
               openFirewall = true;

     

       34
       34
       +
             };

     

       35
       35
       +
           };

     

       36
       36
       +
         };

     

       37
       37
       +
       }

+53

modules/nixos/services/karakeep/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         self,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }: let

     

       7
       7
       +
         name = "karakeep";

     

       8
       8
       +
         cfg = config.myNixOS.services.${name};

     

       9
       9
       +
       

     

       10
       10
       +
         network = config.mySnippets.tailnet;

     

       11
       11
       +
         service = network.networkMap.${name};

     

       12
       12
       +
       in {

     

       13
       13
       +
         options.myNixOS.services.${name} = {

     

       14
       14
       +
           enable = lib.mkEnableOption "${name} server";

     

       15
       15
       +
           autoProxy = lib.mkOption {

     

       16
       16
       +
             default = true;

     

       17
       17
       +
             example = false;

     

       18
       18
       +
             description = "${name} auto proxy";

     

       19
       19
       +
             type = lib.types.bool;

     

       20
       20
       +
           };

     

       21
       21
       +
         };

     

       22
       22
       +
       

     

       23
       23
       +
         config = lib.mkIf cfg.enable {

     

       24
       24
       +
           age.secrets.gemini.file = "${self.inputs.secrets}/gemini.age";

     

       25
       25
       +
       

     

       26
       26
       +
           services = {

     

       27
       27
       +
             caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       28
       28
       +
               bind tailscale/${name}

     

       29
       29
       +
               encode zstd gzip

     

       30
       30
       +
               reverse_proxy ${service.hostName}:${toString service.port}

     

       31
       31
       +
             '';

     

       32
       32
       +
       

     

       33
       33
       +
             karakeep = {

     

       34
       34
       +
               enable = true;

     

       35
       35
       +
       

     

       36
       36
       +
               extraEnvironment = rec {

     

       37
       37
       +
                 DISABLE_NEW_RELEASE_CHECK = "true";

     

       38
       38
       +
                 DISABLE_SIGNUPS = "true";

     

       39
       39
       +
                 OPENAI_BASE_URL = "https://generativelanguage.googleapis.com/v1beta/openai/";

     

       40
       40
       +
                 INFERENCE_TEXT_MODEL = "gemini-2.5-flash";

     

       41
       41
       +
                 INFERENCE_IMAGE_MODEL = INFERENCE_TEXT_MODEL;

     

       42
       42
       +
                 EMBEDDING_TEXT_MODEL = INFERENCE_TEXT_MODEL;

     

       43
       43
       +
                 INFERENCE_CONTEXT_LENGTH = "600000";

     

       44
       44
       +
                 INFERENCE_LANG = "english";

     

       45
       45
       +
                 INFERENCE_NUM_WORKERS = "2";

     

       46
       46
       +
                 NEXTAUTH_URL = "https://${service.vHost}";

     

       47
       47
       +
                 PORT = "7020";

     

       48
       48
       +
               };

     

       49
       49
       +
               environmentFile = config.age.secrets.gemini.path;

     

       50
       50
       +
             };

     

       51
       51
       +
           };

     

       52
       52
       +
         };

     

       53
       53
       +
       }

+46

modules/nixos/services/miniflux/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         self,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }: let

     

       7
       7
       +
         name = "miniflux";

     

       8
       8
       +
         cfg = config.myNixOS.services.${name};

     

       9
       9
       +
       

     

       10
       10
       +
         network = config.mySnippets.tailnet;

     

       11
       11
       +
         service = network.networkMap.${name};

     

       12
       12
       +
       in {

     

       13
       13
       +
         options.myNixOS.services.${name} = {

     

       14
       14
       +
           enable = lib.mkEnableOption "${name} server";

     

       15
       15
       +
           autoProxy = lib.mkOption {

     

       16
       16
       +
             default = true;

     

       17
       17
       +
             example = false;

     

       18
       18
       +
             description = "${name} auto proxy";

     

       19
       19
       +
             type = lib.types.bool;

     

       20
       20
       +
           };

     

       21
       21
       +
         };

     

       22
       22
       +
       

     

       23
       23
       +
         config = lib.mkIf cfg.enable {

     

       24
       24
       +
           age.secrets.miniflux.file = "${self.inputs.secrets}/miniflux.age";

     

       25
       25
       +
       

     

       26
       26
       +
           services = {

     

       27
       27
       +
             caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       28
       28
       +
               bind tailscale/${name}

     

       29
       29
       +
               encode zstd gzip

     

       30
       30
       +
               reverse_proxy ${service.hostName}:${toString service.port}

     

       31
       31
       +
             '';

     

       32
       32
       +
       

     

       33
       33
       +
             miniflux = {

     

       34
       34
       +
               enable = true;

     

       35
       35
       +
               adminCredentialsFile = config.age.secrets.miniflux.path;

     

       36
       36
       +
               config = {

     

       37
       37
       +
                 BATCH_SIZE = 100;

     

       38
       38
       +
                 CLEANUP_FREQUENCY_HOURS = 48;

     

       39
       39
       +
                 LISTEN_ADDR = "${service.hostName}:${toString service.port}";

     

       40
       40
       +
                 BASE_URL = "https://${service.vHost}";

     

       41
       41
       +
                 WEBAUTHN = "enabled";

     

       42
       42
       +
               };

     

       43
       43
       +
             };

     

       44
       44
       +
           };

     

       45
       45
       +
         };

     

       46
       46
       +
       }

+56

modules/nixos/services/ntfy/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         name = "ntfy";

     

       7
       7
       +
         cfg = config.myNixOS.services.${name};

     

       8
       8
       +
       

     

       9
       9
       +
         network = config.mySnippets.aylac-top;

     

       10
       10
       +
         service = network.networkMap.${name};

     

       11
       11
       +
       in {

     

       12
       12
       +
         options.myNixOS.services.${name} = {

     

       13
       13
       +
           enable = lib.mkEnableOption "${name} server";

     

       14
       14
       +
           autoProxy = lib.mkOption {

     

       15
       15
       +
             default = true;

     

       16
       16
       +
             example = false;

     

       17
       17
       +
             description = "${name} auto proxy";

     

       18
       18
       +
             type = lib.types.bool;

     

       19
       19
       +
           };

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         config = lib.mkIf cfg.enable {

     

       23
       23
       +
           services = {

     

       24
       24
       +
             cloudflared.tunnels."${network.cloudflareTunnel}".ingress = lib.mkIf cfg.autoProxy {

     

       25
       25
       +
               "${service.vHost}" = "http://${service.hostName}:${toString service.port}";

     

       26
       26
       +
             };

     

       27
       27
       +
       

     

       28
       28
       +
             ntfy-sh = {

     

       29
       29
       +
               enable = true;

     

       30
       30
       +
               user = "ntfy";

     

       31
       31
       +
               group = "ntfy";

     

       32
       32
       +
               settings = {

     

       33
       33
       +
                 listen-http = ":${toString service.port}";

     

       34
       34
       +
                 base-url = "https://${service.vHost}";

     

       35
       35
       +
                 cache-duration = "30d";

     

       36
       36
       +
                 cache-startup-queries = ''

     

       37
       37
       +
                   pragma journal_mode = WAL;

     

       38
       38
       +
                   pragma synchronous = normal;

     

       39
       39
       +
                   pragma temp_store = memory;

     

       40
       40
       +
                 '';

     

       41
       41
       +
                 behind-proxy = true;

     

       42
       42
       +
                 auth-default-access = "deny-all";

     

       43
       43
       +
                 auth-users = [

     

       44
       44
       +
                   "ayla:$2a$10$hh05DMOuVQ3Zf67Rn8VUl.HYUop/.90V04IhNPmOsSYh9FSHCbL1K:admin"

     

       45
       45
       +
                   "auto:$2a$10$w7EDB/6orrpM9JVBqu4jHeBKvXliA4jvRI7Nd.fn.Fo4rGTHD50ju:user"

     

       46
       46
       +
                 ];

     

       47
       47
       +
                 auth-access = [

     

       48
       48
       +
                   "everyone:up*:wo"

     

       49
       49
       +
                   "auto:*:wo"

     

       50
       50
       +
                   "everyone:message-to-ayla:wo"

     

       51
       51
       +
                 ];

     

       52
       52
       +
               };

     

       53
       53
       +
             };

     

       54
       54
       +
           };

     

       55
       55
       +
         };

     

       56
       56
       +
       }

+67

modules/nixos/services/pds/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         name = "pds";

     

       7
       7
       +
         cfg = config.myNixOS.services.${name};

     

       8
       8
       +
       

     

       9
       9
       +
         network = config.mySnippets.aylac-top;

     

       10
       10
       +
         service = network.networkMap.${name};

     

       11
       11
       +
       

     

       12
       12
       +
         pdsHomePage = ''

     

       13
       13
       +
           hiii this is an ATProto PDS!! You will find my (ayla) account here!!

     

       14
       14
       +
           i should probably put some cool ass art in here or maybe an actual homepage

     

       15
       15
       +
           but having this by itself is fun

     

       16
       16
       +
       

     

       17
       17
       +
           most API routes are under /xrpc/

     

       18
       18
       +
         '';

     

       19
       19
       +
       in {

     

       20
       20
       +
         options.myNixOS.services.${name} = {

     

       21
       21
       +
           enable = lib.mkEnableOption "atproto pds";

     

       22
       22
       +
           autoProxy = lib.mkOption {

     

       23
       23
       +
             default = true;

     

       24
       24
       +
             example = false;

     

       25
       25
       +
             description = "${name} auto proxy";

     

       26
       26
       +
             type = lib.types.bool;

     

       27
       27
       +
           };

     

       28
       28
       +
         };

     

       29
       29
       +
       

     

       30
       30
       +
         config = lib.mkIf cfg.enable {

     

       31
       31
       +
           services = {

     

       32
       32
       +
             cloudflared.tunnels."${network.cloudflareTunnel}".ingress = lib.mkIf cfg.autoProxy {

     

       33
       33
       +
               "${service.vHost}" = "http://${service.hostName}";

     

       34
       34
       +
             };

     

       35
       35
       +
       

     

       36
       36
       +
             caddy.virtualHosts."http://${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       37
       37
       +
               encode zstd gzip

     

       38
       38
       +
       

     

       39
       39
       +
               handle / {

     

       40
       40
       +
                 respond "${pdsHomePage}"

     

       41
       41
       +
               }

     

       42
       42
       +
       

     

       43
       43
       +
               handle /xrpc/app.bsky.unspecced.getAgeAssuranceState {

     

       44
       44
       +
               	header content-type "application/json"

     

       45
       45
       +
               	header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy"

     

       46
       46
       +
               	header access-control-allow-origin "*"

     

       47
       47
       +
               	respond `{"lastInitiatedAt":"2025-07-14T14:22:43.912Z","status":"assured"}` 200

     

       48
       48
       +
               }

     

       49
       49
       +
       

     

       50
       50
       +
               handle {

     

       51
       51
       +
                 reverse_proxy ${service.hostName}:${toString service.port}

     

       52
       52
       +
               }

     

       53
       53
       +
             '';

     

       54
       54
       +
       

     

       55
       55
       +
             pds = {

     

       56
       56
       +
               enable = true;

     

       57
       57
       +
               environmentFiles = [config.age.secrets.pds.path];

     

       58
       58
       +
               pdsadmin.enable = true;

     

       59
       59
       +
               settings = {

     

       60
       60
       +
                 PDS_HOSTNAME = service.vHost;

     

       61
       61
       +
                 # PDS_BSKY_APP_VIEW_URL = "https://bsky.zeppelin.social";

     

       62
       62
       +
                 # PDS_BSKY_APP_VIEW_DID = "did:web:bsky.zeppelin.social";

     

       63
       63
       +
               };

     

       64
       64
       +
             };

     

       65
       65
       +
           };

     

       66
       66
       +
         };

     

       67
       67
       +
       }

+18 -1

modules/nixos/services/qbittorrent/default.nix

···

       6
       6
        
         utils,

     

       7
       7
        
         ...

     

       8
       8
        
       }: let

     

       9
       9
       -
         cfg = config.myNixOS.services.qbittorrent;

     

       9
       9
       +
         name = "qbittorrent";

     

       10
       10
       +
         cfg = config.myNixOS.services.${name};

     

       11
       11
       +
       

     

       12
       12
       +
         network = config.mySnippets.tailnet;

     

       13
       13
       +
         service = network.networkMap.${name};

     

       10
       14
        
       in {

     

       11
       15
        
         options.myNixOS.services.qbittorrent = {

     

       12
       16
        
           enable = lib.mkEnableOption "qBittorrent headless";

     
···

       64
       68
        
               "--confirm-legal-notice"

     

       65
       69
        
             ];

     

       66
       70
        
           };

     

       71
       71
       +
       

     

       72
       72
       +
           autoProxy = lib.mkOption {

     

       73
       73
       +
             default = true;

     

       74
       74
       +
             example = false;

     

       75
       75
       +
             description = "${name} auto proxy";

     

       76
       76
       +
             type = lib.types.bool;

     

       77
       77
       +
           };

     

       67
       78
        
         };

     

       68
       79
        
       

     

       69
       80
        
         config = lib.mkIf cfg.enable {

     
···

       71
       82
        
             lib.optionals (cfg.webuiPort != null) [cfg.webuiPort]

     

       72
       83
        
             ++ lib.optionals (cfg.torrentingPort != null) [cfg.torrentingPort]

     

       73
       84
        
           );

     

       85
       85
       +
       

     

       86
       86
       +
           services.caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       87
       87
       +
             bind tailscale/${name}

     

       88
       88
       +
             encode zstd gzip

     

       89
       89
       +
             reverse_proxy ${service.hostName}:${toString service.port}

     

       90
       90
       +
           '';

     

       74
       91
        
       

     

       75
       92
        
           systemd.services.qbittorrent = {

     

       76
       93
        
             after = ["local-fs.target" "network-online.target"];

+48

modules/nixos/services/radicale/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         name = "radicale";

     

       7
       7
       +
         cfg = config.myNixOS.services.${name};

     

       8
       8
       +
       

     

       9
       9
       +
         network = config.mySnippets.tailnet;

     

       10
       10
       +
         service = network.networkMap.${name};

     

       11
       11
       +
       in {

     

       12
       12
       +
         options.myNixOS.services.${name} = {

     

       13
       13
       +
           enable = lib.mkEnableOption "${name} server";

     

       14
       14
       +
           autoProxy = lib.mkOption {

     

       15
       15
       +
             default = true;

     

       16
       16
       +
             example = false;

     

       17
       17
       +
             description = "${name} auto proxy";

     

       18
       18
       +
             type = lib.types.bool;

     

       19
       19
       +
           };

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         config = lib.mkIf cfg.enable {

     

       23
       23
       +
           services = {

     

       24
       24
       +
             caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       25
       25
       +
               bind tailscale/${name}

     

       26
       26
       +
               encode zstd gzip

     

       27
       27
       +
               reverse_proxy ${service.hostName}:${toString service.port}

     

       28
       28
       +
             '';

     

       29
       29
       +
       

     

       30
       30
       +
             radicale = {

     

       31
       31
       +
               enable = true;

     

       32
       32
       +
               settings = {

     

       33
       33
       +
                 server = {

     

       34
       34
       +
                   hosts = ["0.0.0.0:${toString service.port}" "[::]:${toString service.port}"];

     

       35
       35
       +
                 };

     

       36
       36
       +
                 auth = {

     

       37
       37
       +
                   type = "htpasswd";

     

       38
       38
       +
                   htpasswd_filename = "/var/lib/radicale/users";

     

       39
       39
       +
                   htpasswd_encryption = "autodetect";

     

       40
       40
       +
                 };

     

       41
       41
       +
                 storage = {

     

       42
       42
       +
                   filesystem_folder = "/var/lib/radicale/collections";

     

       43
       43
       +
                 };

     

       44
       44
       +
               };

     

       45
       45
       +
             };

     

       46
       46
       +
           };

     

       47
       47
       +
         };

     

       48
       48
       +
       }

+43

modules/nixos/services/redlib/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         name = "redlib";

     

       7
       7
       +
         cfg = config.myNixOS.services.${name};

     

       8
       8
       +
       

     

       9
       9
       +
         network = config.mySnippets.tailnet;

     

       10
       10
       +
         service = network.networkMap.${name};

     

       11
       11
       +
       in {

     

       12
       12
       +
         options.myNixOS.services.${name} = {

     

       13
       13
       +
           enable = lib.mkEnableOption "${name} server";

     

       14
       14
       +
           autoProxy = lib.mkOption {

     

       15
       15
       +
             default = true;

     

       16
       16
       +
             example = false;

     

       17
       17
       +
             description = "${name} auto proxy";

     

       18
       18
       +
             type = lib.types.bool;

     

       19
       19
       +
           };

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         config = lib.mkIf cfg.enable {

     

       23
       23
       +
           services = {

     

       24
       24
       +
             caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       25
       25
       +
               bind tailscale/${name}

     

       26
       26
       +
               encode zstd gzip

     

       27
       27
       +
               reverse_proxy ${service.hostName}:${toString service.port}

     

       28
       28
       +
             '';

     

       29
       29
       +
       

     

       30
       30
       +
             redlib = {

     

       31
       31
       +
               enable = true;

     

       32
       32
       +
               openFirewall = true;

     

       33
       33
       +
               inherit (service) port;

     

       34
       34
       +
               settings = {

     

       35
       35
       +
                 ENABLE_RSS = "on";

     

       36
       36
       +
                 REDLIB_DEFAULT_SHOW_NSFW = "on";

     

       37
       37
       +
                 REDLIB_DEFAULT_USE_HLS = "on";

     

       38
       38
       +
                 FULL_URL = "https://${service.vHost}";

     

       39
       39
       +
               };

     

       40
       40
       +
             };

     

       41
       41
       +
           };

     

       42
       42
       +
         };

     

       43
       43
       +
       }

+63

modules/nixos/services/uptime-kuma/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         name = "uptime-kuma";

     

       7
       7
       +
         cfg = config.myNixOS.services.${name};

     

       8
       8
       +
       

     

       9
       9
       +
         inherit (config.mySnippets) aylac-top;

     

       10
       10
       +
         inherit (config.mySnippets) tailnet;

     

       11
       11
       +
       

     

       12
       12
       +
         publicNetwork = aylac-top;

     

       13
       13
       +
         privateNetwork = tailnet;

     

       14
       14
       +
       in {

     

       15
       15
       +
         options.myNixOS.services.${name} = {

     

       16
       16
       +
           enable = lib.mkEnableOption "${name} server";

     

       17
       17
       +
           autoProxy = lib.mkOption {

     

       18
       18
       +
             default = true;

     

       19
       19
       +
             example = false;

     

       20
       20
       +
             description = "${name} auto proxy";

     

       21
       21
       +
             type = lib.types.bool;

     

       22
       22
       +
           };

     

       23
       23
       +
           publicProxy = lib.mkOption {

     

       24
       24
       +
             default = "caddy";

     

       25
       25
       +
             example = "cf";

     

       26
       26
       +
             description = "Public proxy provider for ${name}";

     

       27
       27
       +
             type = lib.types.enum ["none" "cf" "caddy"];

     

       28
       28
       +
           };

     

       29
       29
       +
         };

     

       30
       30
       +
       

     

       31
       31
       +
         config = lib.mkIf cfg.enable {

     

       32
       32
       +
           services = {

     

       33
       33
       +
             caddy.virtualHosts = {

     

       34
       34
       +
               "${privateNetwork.networkMap.${name}.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       35
       35
       +
                 bind tailscale/${name}

     

       36
       36
       +
                 encode zstd gzip

     

       37
       37
       +
                 reverse_proxy ${privateNetwork.networkMap.${name}.hostName}:${toString privateNetwork.networkMap.${name}.port}

     

       38
       38
       +
               '';

     

       39
       39
       +
       

     

       40
       40
       +
               "${publicNetwork.networkMap.${name}.vHost}" = lib.mkIf (cfg.publicProxy == "caddy") {

     

       41
       41
       +
                 extraConfig = ''

     

       42
       42
       +
                   encode gzip zstd

     

       43
       43
       +
                   reverse_proxy ${publicNetwork.networkMap.${name}.hostName}:${toString publicNetwork.networkMap.${name}.port}

     

       44
       44
       +
                 '';

     

       45
       45
       +
               };

     

       46
       46
       +
             };

     

       47
       47
       +
       

     

       48
       48
       +
             cloudflared.tunnels."${publicNetwork.cloudflareTunnel}".ingress = lib.mkIf (cfg.publicProxy == "cf") {

     

       49
       49
       +
               "${publicNetwork.networkMap.pds.vHost}" = "http://${publicNetwork.networkMap.pds.hostName}";

     

       50
       50
       +
             };

     

       51
       51
       +
       

     

       52
       52
       +
             uptime-kuma = {

     

       53
       53
       +
               enable = true;

     

       54
       54
       +
               appriseSupport = true;

     

       55
       55
       +
       

     

       56
       56
       +
               settings = {

     

       57
       57
       +
                 PORT = toString publicNetwork.networkMap.${name}.port;

     

       58
       58
       +
                 HOST = "0.0.0.0";

     

       59
       59
       +
               };

     

       60
       60
       +
             };

     

       61
       61
       +
           };

     

       62
       62
       +
         };

     

       63
       63
       +
       }

+49

modules/nixos/services/vaultwarden/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         self,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }: let

     

       7
       7
       +
         name = "vaultwarden";

     

       8
       8
       +
         cfg = config.myNixOS.services.${name};

     

       9
       9
       +
       

     

       10
       10
       +
         network = config.mySnippets.aylac-top;

     

       11
       11
       +
         service = network.networkMap.${name};

     

       12
       12
       +
       in {

     

       13
       13
       +
         options.myNixOS.services.${name} = {

     

       14
       14
       +
           enable = lib.mkEnableOption "${name} server";

     

       15
       15
       +
           autoProxy = lib.mkOption {

     

       16
       16
       +
             default = true;

     

       17
       17
       +
             example = false;

     

       18
       18
       +
             description = "${name} auto proxy";

     

       19
       19
       +
             type = lib.types.bool;

     

       20
       20
       +
           };

     

       21
       21
       +
         };

     

       22
       22
       +
       

     

       23
       23
       +
         config = lib.mkIf cfg.enable {

     

       24
       24
       +
           age.secrets.vaultwarden.file = "${self.inputs.secrets}/vaultwarden.age";

     

       25
       25
       +
       

     

       26
       26
       +
           services = {

     

       27
       27
       +
             cloudflared.tunnels."${network.cloudflareTunnel}".ingress = lib.mkIf cfg.autoProxy {

     

       28
       28
       +
               "${service.vHost}" = "http://${service.hostName}:${toString service.port}";

     

       29
       29
       +
             };

     

       30
       30
       +
       

     

       31
       31
       +
             vaultwarden = {

     

       32
       32
       +
               enable = true;

     

       33
       33
       +
       

     

       34
       34
       +
               config = {

     

       35
       35
       +
                 DOMAIN = "https://${service.vHost}";

     

       36
       36
       +
                 ROCKET_ADDRESS = "0.0.0.0";

     

       37
       37
       +
                 ROCKET_LOG = "critical";

     

       38
       38
       +
                 ROCKET_PORT = service.port;

     

       39
       39
       +
                 SIGNUPS_ALLOWED = false;

     

       40
       40
       +
                 ICON_SERVICE = "bitwarden";

     

       41
       41
       +
                 ICON_CACHE_TTL = 0;

     

       42
       42
       +
                 IP_HEADER = "CF-Connecting-IP";

     

       43
       43
       +
               };

     

       44
       44
       +
       

     

       45
       45
       +
               environmentFile = config.age.secrets.vaultwarden.path;

     

       46
       46
       +
             };

     

       47
       47
       +
           };

     

       48
       48
       +
         };

     

       49
       49
       +
       }

+64

modules/nixos/services/webdav-server-rs/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }: let

     

       7
       7
       +
         name = "webdav";

     

       8
       8
       +
         cfg = config.myNixOS.services.${name};

     

       9
       9
       +
       

     

       10
       10
       +
         network = config.mySnippets.tailnet;

     

       11
       11
       +
         service = network.networkMap.${name};

     

       12
       12
       +
       

     

       13
       13
       +
         dataDirectory = "/var/lib";

     

       14
       14
       +
       in {

     

       15
       15
       +
         options.myNixOS.services.${name} = {

     

       16
       16
       +
           enable = lib.mkEnableOption "${name} server";

     

       17
       17
       +
           autoProxy = lib.mkOption {

     

       18
       18
       +
             default = true;

     

       19
       19
       +
             example = false;

     

       20
       20
       +
             description = "${name} auto proxy";

     

       21
       21
       +
             type = lib.types.bool;

     

       22
       22
       +
           };

     

       23
       23
       +
         };

     

       24
       24
       +
       

     

       25
       25
       +
         config = lib.mkIf cfg.enable {

     

       26
       26
       +
           services = {

     

       27
       27
       +
             caddy.virtualHosts."${service.vHost}".extraConfig = lib.mkIf cfg.autoProxy ''

     

       28
       28
       +
               bind tailscale/${name}

     

       29
       29
       +
               encode zstd gzip

     

       30
       30
       +
               reverse_proxy ${service.hostName}:${toString service.port}

     

       31
       31
       +
             '';

     

       32
       32
       +
       

     

       33
       33
       +
             webdav-server-rs = {

     

       34
       34
       +
               enable = true;

     

       35
       35
       +
               settings = {

     

       36
       36
       +
                 server.listen = ["0.0.0.0:${toString service.port}" "[::]:${toString service.port}"];

     

       37
       37
       +
                 accounts = {

     

       38
       38
       +
                   auth-type = "htpasswd.default";

     

       39
       39
       +
                   acct-type = "unix";

     

       40
       40
       +
                 };

     

       41
       41
       +
                 htpasswd.default = {

     

       42
       42
       +
                   htpasswd = pkgs.writeText "htpasswd" ''

     

       43
       43
       +
                     ayla:$2y$05$LD.VqJF.yVGsp.C3L6IJFO0SvYTeCKbGoGn70ZQaht4gxyEq2XbCS

     

       44
       44
       +
                   '';

     

       45
       45
       +
                 };

     

       46
       46
       +
                 location = [

     

       47
       47
       +
                   {

     

       48
       48
       +
                     route = ["/*path"];

     

       49
       49
       +
                     directory = "${dataDirectory}/webdav";

     

       50
       50
       +
                     handler = "filesystem";

     

       51
       51
       +
                     methods = ["webdav-rw"];

     

       52
       52
       +
                     autoindex = true;

     

       53
       53
       +
                     auth = "true";

     

       54
       54
       +
                   }

     

       55
       55
       +
                 ];

     

       56
       56
       +
               };

     

       57
       57
       +
             };

     

       58
       58
       +
           };

     

       59
       59
       +
       

     

       60
       60
       +
           systemd.tmpfiles.rules = [

     

       61
       61
       +
             "d /var/lib/webdav 0755 webdav webdav - -"

     

       62
       62
       +
           ];

     

       63
       63
       +
         };

     

       64
       64
       +
       }

+42 -34

modules/snippets/aylac-top/default.nix

···

       3
       3
        
         config,

     

       4
       4
        
         ...

     

       5
       5
        
       }: {

     

       6
       6
       -
         options.mySnippets.aylac-top.networkMap = lib.mkOption {

     

       7
       7
       -
           type = lib.types.attrs;

     

       8
       8
       -
           description = "Hostnames, ports, and vHosts for aylac.top services.";

     

       6
       6
       +
         options.mySnippets.aylac-top = {

     

       7
       7
       +
           cloudflareTunnel = lib.mkOption {

     

       8
       8
       +
             type = lib.types.str;

     

       9
       9
       +
             description = "Cloudflare Tunnel ID";

     

       10
       10
       +
             default = "efe3d484-102d-4c58-bb17-ceaede4d7a4f";

     

       11
       11
       +
           };

     

       9
       12
        
       

     

       10
       10
       -
           default = {

     

       11
       11
       -
             forgejo = {

     

       12
       12
       -
               hostName = "nanpi";

     

       13
       13
       -
               port = 3001;

     

       14
       14
       -
               sshVHost = "ssh.aylac.top";

     

       15
       15
       -
               vHost = "git.aylac.top";

     

       16
       16
       -
             };

     

       13
       13
       +
           networkMap = lib.mkOption {

     

       14
       14
       +
             type = lib.types.attrs;

     

       15
       15
       +
             description = "Hostnames, ports, and vHosts for aylac.top services.";

     

       17
       16
        
       

     

       18
       18
       -
             pds = {

     

       19
       19
       -
               hostName = "nanpi";

     

       20
       20
       -
               port = 3000;

     

       21
       21
       -
               vHost = "pds.aylac.top";

     

       22
       22
       -
             };

     

       17
       17
       +
             default = {

     

       18
       18
       +
               forgejo = {

     

       19
       19
       +
                 hostName = "nanpi";

     

       20
       20
       +
                 port = 3001;

     

       21
       21
       +
                 sshVHost = "ssh.aylac.top";

     

       22
       22
       +
                 vHost = "git.aylac.top";

     

       23
       23
       +
               };

     

       23
       24
        
       

     

       24
       24
       -
             vaultwarden = {

     

       25
       25
       -
               hostName = "nanpi";

     

       26
       26
       -
               port = 8222;

     

       27
       27
       -
               vHost = "vault.aylac.top";

     

       28
       28
       -
             };

     

       25
       25
       +
               pds = {

     

       26
       26
       +
                 hostName = "nanpi";

     

       27
       27
       +
                 port = 3000;

     

       28
       28
       +
                 vHost = "pds.aylac.top";

     

       29
       29
       +
               };

     

       29
       30
        
       

     

       30
       30
       -
             ntfy = {

     

       31
       31
       -
               hostName = "nanpi";

     

       32
       32
       -
               port = 9024;

     

       33
       33
       -
               vHost = "ntfy.aylac.top";

     

       34
       34
       -
             };

     

       31
       31
       +
               vaultwarden = {

     

       32
       32
       +
                 hostName = "nanpi";

     

       33
       33
       +
                 port = 8222;

     

       34
       34
       +
                 vHost = "vault.aylac.top";

     

       35
       35
       +
               };

     

       35
       36
        
       

     

       36
       36
       -
             uptime-kuma = {

     

       37
       37
       -
               inherit (config.mySnippets.tailnet.networkMap.uptime-kuma) hostName;

     

       38
       38
       -
               inherit (config.mySnippets.tailnet.networkMap.uptime-kuma) port;

     

       39
       39
       -
               vHost = "status.aylac.top";

     

       40
       40
       -
             };

     

       37
       37
       +
               ntfy = {

     

       38
       38
       +
                 hostName = "nanpi";

     

       39
       39
       +
                 port = 9024;

     

       40
       40
       +
                 vHost = "ntfy.aylac.top";

     

       41
       41
       +
               };

     

       42
       42
       +
       

     

       43
       43
       +
               uptime-kuma = {

     

       44
       44
       +
                 inherit (config.mySnippets.tailnet.networkMap.uptime-kuma) hostName;

     

       45
       45
       +
                 inherit (config.mySnippets.tailnet.networkMap.uptime-kuma) port;

     

       46
       46
       +
                 vHost = "status.aylac.top";

     

       47
       47
       +
               };

     

       41
       48
        
       

     

       42
       42
       -
             glance = {

     

       43
       43
       -
               inherit (config.mySnippets.tailnet.networkMap.glance) hostName;

     

       44
       44
       -
               inherit (config.mySnippets.tailnet.networkMap.glance) port;

     

       45
       45
       -
               vHost = "services.aylac.top";

     

       49
       49
       +
               glance = {

     

       50
       50
       +
                 inherit (config.mySnippets.tailnet.networkMap.glance) hostName;

     

       51
       51
       +
                 inherit (config.mySnippets.tailnet.networkMap.glance) port;

     

       52
       52
       +
                 vHost = "services.aylac.top";

     

       53
       53
       +
               };

     

       46
       54
        
             };

     

       47
       55
        
           };

     

       48
       56
        
         };