diff --git a/nixos/celestia/configuration.nix b/nixos/celestia/configuration.nix index 658a3e5..96260be 100644 --- a/nixos/celestia/configuration.nix +++ b/nixos/celestia/configuration.nix @@ -33,6 +33,8 @@ in { sops.defaultSopsFile = ./secrets.yaml; sops.secrets."acme.env" = {}; sops.secrets."tailscale-auth-key" = {}; + sops.secrets."act-runner-token" = {}; + sops.secrets."photoprism-password-file" = {}; imports = [ ./hardware-configuration.nix @@ -167,8 +169,8 @@ in { public = "yes"; "guest only" = "yes"; writable = "yes"; - "force create mode" = "0666"; - "force directory mode" = "0777"; + # "force create mode" = "0666"; + # "force directory mode" = "0777"; }; video = { path = "/tank/video"; @@ -176,8 +178,9 @@ in { public = "yes"; "guest only" = "yes"; writable = "yes"; - "force create mode" = "0666"; - "force directory mode" = "0777"; + "force group" = "nas"; + # "force create mode" = "0666"; + # "force directory mode" = "0777"; }; }; }; @@ -186,8 +189,29 @@ in { autoScrub.enable = true; }; + gitea-actions-runner.instances = { + runner1 = { + enable = true; + name = "celestia"; + url = "https://git.fuckwit.dev"; + tokenFile = config.sops.secrets."act-runner-token".path; + labels = [ + "native:host" + ]; + hostPackages = with pkgs; [ + bash + coreutils + curl + wget + gnused + gitMinimal + ]; + }; + }; + nginx = { enable = true; + clientMaxBodySize = "500m"; virtualHosts = makeVirtualHosts [ { subdomain = "jdownloader"; @@ -217,6 +241,10 @@ in { subdomain = "homepage"; port = 8082; } + { + subdomain = "photoprism"; + port = 2342; + } ]; }; @@ -257,17 +285,21 @@ in { enable = true; group = "nas"; dataDir = "/var/lib/sonarr"; - # package = pkgs.sonarr.override { - # version = "4.0.0.748"; - # src = lib.fetchurl { - # url = "https://download.sonarr.tv/v4/main/${version}/Sonarr.main.${version}.linux-x64.tar.gz"; - # hash = ""; - # }; - # }; }; jellyfin.enable = true; + photoprism = { + enable = true; + originalsPath = "/tank/images/pictures"; + importPath = "/tank/images/import"; + passwordFile = config.sops.secrets."photoprism-password-file".path; + settings = { + PHOTOPRISM_ADMIN_USER = "root"; + PHOTOPRISM_DEFAULT_LOCALE = "de"; + }; + }; + homepage-dashboard = { enable = true; @@ -419,7 +451,7 @@ in { script = '' while read -r evt file; do ${pkgs.coreutils}/bin/chown ${user}:${group} "$file" - ${pkgs.coreutils}/bin/chmod 755 "$file" + ${pkgs.coreutils}/bin/chmod 775 "$file" done < <(${pkgs.inotify-tools}/bin/inotifywait -e create,move -m -r --format '%e %w%f' ${path}) ''; }; diff --git a/nixos/celestia/secrets.yaml b/nixos/celestia/secrets.yaml index 2f1e609..6278a96 100644 --- a/nixos/celestia/secrets.yaml +++ b/nixos/celestia/secrets.yaml @@ -1,5 +1,7 @@ acme.env: ENC[AES256_GCM,data:VgSJO2Q32csfN0DEH6kTsaN0z/hRa0fRHLUleju+gqBPjoQmZGIQjlLKHzj1Ys3zS591iVRkeYExBGyCPakPIJo=,iv:sOIPofteCvO4Na+z8qw7EjfJ6CEr83kYaonhUCgFwA4=,tag:RhHGyTrmdY4f8QkQ0DhhJw==,type:str] tailscale-auth-key: ENC[AES256_GCM,data:Rvq2wL9civCoH6acKk3lYIXbVAME+kUmeuQYOTl+rvdb5bFoI5i688qI58ceF47PGKi1jeXe46SkJGJe0iY=,iv:b0kavSFEG40Jxa3yAjttarN5N3nOLEbZYqP3LOXvBrU=,tag:cpgYzoX9L6+1IHnmjfZfQg==,type:str] +act-runner-token: ENC[AES256_GCM,data:vNYCpt96yFeEUERCXYlk5p1NbVrQOBps7jEUI+4aXonxTDTDfyPZF8tjCjERfg==,iv:hMUz99UdHlXwhTGKr4QlrvkDTfy+jVCSOQlQEENTDI8=,tag:buvPFy10R0BKu4tQBMJhEg==,type:str] +photoprism-password-file: ENC[AES256_GCM,data:a0fqrjRDc2M=,iv:H/kLPIJsti8QsOJjwPGFSELD4LHb8u8dIkq8pd7W61E=,tag:xp/vpqE/n+alm17d9eIRcA==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +17,8 @@ sops: K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-21T19:42:27Z" - mac: ENC[AES256_GCM,data:1LZ/jcx2yOW5OgWYmGlu8ySpOLrvLTmyAc8CrK6gKDeoc/VN5RuRapwkGD6XfgDaUvMCccgcRpyL5QDPPdRw6zzwpW4Ce1hreOoC1zV23TNDuAbn1G+gFjlJ2l5IEY6EZeNoWsOC2ID16HRwls1Bau1+hcWKefFYNVjE3+3l16U=,iv:9FFP84Be7UzfuLz/FnFtvOXmudccMq1jFDGXJUN0t48=,tag:U9SOsMUbHm8hzZnS3yK1Lg==,type:str] + lastmodified: "2024-08-26T08:34:59Z" + mac: ENC[AES256_GCM,data:bqt8+j+t4p2T6+y3+GkeZB2DsHpf9ugBNBnnR1+m9nyKRsS1bR7divl0GZyndlmPMEzOxGJSeHjDhTwrQ/w6szmmHFuUEpogkiJUxzZM9UUa/k4zBQlgVliQM/uuAvYEQJgWVwBJgkIEHsn/F3QGFPCOY/9N9epkhqr1BgfkMQo=,iv:3DhlnJQ70blHqK+n1DrV8FdjUj6qDQ7L8t/r7tOkEQY=,tag:exY8TN8XIuLvoRDhEHDWTQ==,type:str] pgp: - created_at: "2024-01-25T08:00:56Z" enc: |- @@ -31,4 +33,4 @@ sops: -----END PGP MESSAGE----- fp: 5FA64909521A5C85992F26E0F819AEFF941BB849 unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/nixos/framework/configuration.nix b/nixos/framework/configuration.nix index 3d6044e..547d558 100644 --- a/nixos/framework/configuration.nix +++ b/nixos/framework/configuration.nix @@ -128,5 +128,6 @@ programs = { hyprland.enable = true; gnupg.agent.enable = true; + ssh.enableAskPassword = false; # disable setting of $SSH_ASKPASS }; } diff --git a/nixos/primordial/configuration.nix b/nixos/primordial/configuration.nix index b85f387..6104245 100644 --- a/nixos/primordial/configuration.nix +++ b/nixos/primordial/configuration.nix @@ -236,6 +236,7 @@ in { domain = "grafana.fuckwit.dev"; http_addr = "127.0.0.1"; http_port = 8002; + root_url = "https://grafana.fuckwit.dev"; }; };