commit 3f26e51a90a32bfdc27a57885645e45854f7e0d2 · pyrox.dev/nix

+6

lib/data/services.toml

···

       21
       21
        
       port = 6907

     

       22
       22
        
       host = "marvin"

     

       23
       23
        
       extUrl = "deemix.pyrox.dev"

     

       24
       24
       +
       tsHost = "deemix"

     

       24
       25
        
       

     

       25
       26
        
       [git]

     

       26
       27
        
       port = 6904

     
···

       65
       66
        
       port = 6927

     

       66
       67
        
       host = "marvin"

     

       67
       68
        
       extUrl = "office.pyrox.dev"

     

       69
       69
       +
       

     

       70
       70
       +
       [pinchflat]

     

       71
       71
       +
       port = 6930

     

       72
       72
       +
       host = "marvin"

     

       73
       73
       +
       tsHost = "yt"

     

       68
       74
        
       

     

       69
       75
        
       [planka]

     

       70
       76
        
       port = 6929

+2

systems/x86_64-linux/marvin/default.nix

···

       21
       21
        
           ./services/miniflux.nix

     

       22
       22
        
           ./services/nginx.nix

     

       23
       23
        
           ./services/nextcloud

     

       24
       24
       +
           ./services/pinchflat.nix

     

       24
       25
        
           ./services/planka.nix

     

       25
       26
        
           ./services/podman.nix

     

       26
       27
        
           ./services/postgres.nix

     
···

       64
       65
        
         };

     

       65
       66
        
         swapDevices = [ { device = "/dev/disk/by-uuid/e69409bc-9cf0-4795-8620-33a021a4b729"; } ];

     

       66
       67
        
         users.groups.misc.gid = 1000;

     

       68
       68
       +
         time.timeZone = "America/New_York";

     

       67
       69
        
         py = {

     

       68
       70
        
           users.default.enable = true;

     

       69
       71
        
           programs = {

+35

systems/x86_64-linux/marvin/services/pinchflat.nix

···

       1
       1
       +
       { config, lib, ... }:

     

       2
       2
       +
       let

     

       3
       3
       +
         age = config.age.secrets;

     

       4
       4
       +
         d = lib.py.data.services.pinchflat;

     

       5
       5
       +
       in

     

       6
       6
       +
       {

     

       7
       7
       +
         services.pinchflat = {

     

       8
       8
       +
           enable = true;

     

       9
       9
       +
           port = d.port;

     

       10
       10
       +
           secretsFile = age.pinchflat-secrets.path;

     

       11
       11
       +
           mediaDir = "/var/lib/youtube";

     

       12
       12
       +
           extraConfig = {

     

       13
       13
       +
             YT_DLP_WORKER_CONCURRENCY = 2;

     

       14
       14
       +
           };

     

       15
       15
       +
         };

     

       16
       16
       +
         systemd.services.pinchflat = {

     

       17
       17
       +
           serviceConfig = {

     

       18
       18
       +
             DynamicUser = lib.mkForce false;

     

       19
       19
       +
             User = lib.mkForce "pinchflat";

     

       20
       20
       +
             Group = lib.mkForce "pinchflat";

     

       21
       21
       +
           };

     

       22
       22
       +
         };

     

       23
       23
       +
         users.users.pinchflat = {

     

       24
       24
       +
           isSystemUser = true;

     

       25
       25
       +
           group = "pinchflat";

     

       26
       26
       +
         };

     

       27
       27
       +
         users.groups.pinchflat = { };

     

       28
       28
       +
         age.secrets = {

     

       29
       29
       +
           pinchflat-secrets = {

     

       30
       30
       +
             owner = "pinchflat";

     

       31
       31
       +
             group = "pinchflat";

     

       32
       32
       +
             file = ./secrets/pinchflat-secrets.age;

     

       33
       33
       +
           };

     

       34
       34
       +
         };

     

       35
       35
       +
       }

systems/x86_64-linux/marvin/services/secrets/pinchflat-secrets.age

This is a binary file and will not be displayed.

+1

systems/x86_64-linux/marvin/services/secrets/secrets.nix

···

       32
       32
        
         "miniflux-admin.age".publicKeys = marvinDefault;

     

       33
       33
        
         "../nextcloud/nextcloud-admin-pw.age".publicKeys = marvinDefault;

     

       34
       34
        
         "nix-serve-priv.age".publicKeys = marvinDefault;

     

       35
       35
       +
         "pinchflat-secrets.age".publicKeys = marvinDefault;

     

       35
       36
        
         "planka-env.age".publicKeys = marvinDefault;

     

       36
       37
        
         "vaultwarden-vars.age".publicKeys = marvinDefault;

     

       37
       38
        
         "vaultwarden-pgpass.age".publicKeys = marvinDefault;