upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-07 21:42:16 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

Compare commits

base: upRootNutrition:56fa5bbf5c3bffa8b6b95578696489116924bf28
Branches Tags
upRootNutrition:main
..
compare: upRootNutrition:8c4d36d89bd7946ae75ac36cf9667a333f6fed83
Branches Tags
upRootNutrition:main

No commits in common. "56fa5bbf5c3bffa8b6b95578696489116924bf28" and "8c4d36d89bd7946ae75ac36cf9667a333f6fed83" have entirely different histories.
56fa5bbf5c ... 8c4d36d89b

4 changed files with 13 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/nixos/default.nix
View file

@ -55,18 +55,26 @@ in
imports = builtins.attrValues { imports = builtins.attrValues {
inherit (modules) inherit (modules)
acme acme
# audiobookshelf
caddy caddy
ceresOpenCloud
comfyui comfyui
# filesorter
firefly-iii firefly-iii
forgejo forgejo
# glance
jellyfin jellyfin
# logrotate
mastodon mastodon
microvm microvm
# midnight
minecraft minecraft
# ollamaCeres
ceresOpenCloud
# postgresCeres
projectSite projectSite
restic # prompter
sambaCeres sambaCeres
# searx
vaultwarden vaultwarden
website website
zookeeper zookeeper

26
modules/nixos/guests/mastodon/default.nix
View file

@ -322,33 +322,9 @@ in
}; };
mastodon-init-db.serviceConfig.EnvironmentFile = "/var/lib/mastodon/.secrets_env"; mastodon-init-db.serviceConfig.EnvironmentFile = "/var/lib/mastodon/.secrets_env";
systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ]; systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ];
};
opensearch-install-plugins = {
description = "Install OpenSearch plugins";
before = [ "opensearch.service" ];
requiredBy = [ "opensearch.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
PLUGIN_DIR="/var/lib/opensearch/plugins/analysis-icu"
if [ ! -d "$PLUGIN_DIR" ]; then
# Create the plugins directory if it doesn't exist
mkdir -p /var/lib/opensearch/plugins
# Install using the proper OpenSearch plugin command
export OPENSEARCH_JAVA_HOME="${pkgs.jdk17}/lib/openjdk"
${pkgs.opensearch}/bin/opensearch-plugin install --batch analysis-icu || {
echo "Plugin installation failed, but continuing anyway"
exit 0
}
fi
'';
};
};
timers.fedifetcher = { timers.fedifetcher = {
description = "Timer for FediFetcher"; description = "Timer for FediFetcher";
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];

75
modules/nixos/services/restic/default.nix
View file

@ -1,75 +0,0 @@
{
config,
flake,
pkgs,
...
}:
let
inherit (flake.config.services) instances;
inherit (flake.config.people) user0;
envFile = "backblaze/env";
repoFile = "backblaze/repo";
passFile = "restic-pass";
in
{
services.restic = {
backups = {
remote = {
environmentFile = config.sops.secrets.${envFile}.path;
initialize = true;
passwordFile = config.sops.secrets.${passFile}.path;
repositoryFile = config.sops.secrets.${repoFile}.path;
timerConfig = {
OnCalendar = "0/4:00";
Persistent = true;
};
paths = [
"/home/${user0}/.ssh"
instances.firefly-iii.mntPaths.path0
instances.forgejo.mntPaths.path0
instances.mastodon.mntPaths.path0
instances.minecraft.mntPaths.path0
instances.opencloud.mntPaths.path0
instances.vaultwarden.mntPaths.path0
"${instances.jellyfin.mntPaths.path0}/cache"
"${instances.jellyfin.mntPaths.path0}/data"
"${instances.jellyfin.mntPaths.path0}/media/Music"
];
};
};
};
sops = {
secrets = builtins.listToAttrs (
map
(secret: {
name = secret;
value = {
path = "/run/secrets/${secret}";
owner = "root";
group = "root";
mode = "0600";
};
})
[
envFile
repoFile
passFile
]
);
};
environment = {
variables = {
# AWS_ACCESS_KEY_ID = "";
# AWS_SECRET_ACCESS_KEY = "";
# RESTIC_PASSWORD_FILE = "pass.txt";
# RESTIC_REPOSITORY = "";
};
systemPackages = builtins.attrValues {
inherit (pkgs)
restic
;
};
};
}

8
secrets/secrets.yaml
View file

@ -54,10 +54,6 @@ firefly-iii:
pass: ENC[AES256_GCM,data:WjHcoTuEzEq9pfw4QoqRjI4jhu5VPEMOXlHL0olg9dqUj4EGa1Shv5T/kIxdRFuao0y3zQ==,iv:4/fmFOxxDLzplsNGpSJMQOeoNviZw2c2pFlB1ZkRu+o=,tag:7TQ2q/kEFDU4tZxPx53ebw==,type:str] pass: ENC[AES256_GCM,data:WjHcoTuEzEq9pfw4QoqRjI4jhu5VPEMOXlHL0olg9dqUj4EGa1Shv5T/kIxdRFuao0y3zQ==,iv:4/fmFOxxDLzplsNGpSJMQOeoNviZw2c2pFlB1ZkRu+o=,tag:7TQ2q/kEFDU4tZxPx53ebw==,type:str]
data: ENC[AES256_GCM,data:921LhcRTWVk24eEAQoDMV+RllSP3PbSXCCIDXlQA80Mq,iv:YXEgas77DgdyPTnBZa/ySjcERBIwmdDZJbijeNKNF24=,tag:Wj25wA7tLJ2bZ/faG9DUhg==,type:str] data: ENC[AES256_GCM,data:921LhcRTWVk24eEAQoDMV+RllSP3PbSXCCIDXlQA80Mq,iv:YXEgas77DgdyPTnBZa/ySjcERBIwmdDZJbijeNKNF24=,tag:Wj25wA7tLJ2bZ/faG9DUhg==,type:str]
smtp: ENC[AES256_GCM,data:+e4MiRZ2WOZyWYpMf+By1Eb45ih4TA+svLI2+00yQk82,iv:+52+kJouMwkOSDEaOCA8V80+wT/VzNxgtCkOO68SCdk=,tag:YrtrJAXIhQpsUTEeYvrVwQ==,type:str] smtp: ENC[AES256_GCM,data:+e4MiRZ2WOZyWYpMf+By1Eb45ih4TA+svLI2+00yQk82,iv:+52+kJouMwkOSDEaOCA8V80+wT/VzNxgtCkOO68SCdk=,tag:YrtrJAXIhQpsUTEeYvrVwQ==,type:str]
backblaze:
env: ENC[AES256_GCM,data:cdOYt77KocuGB3aqYz13oBokoLkEIgI1AW+cYC5uutgZYujG3PqoLEh6Gvbpzn3O+0OWg1/4UAYr4f2v7oCsgwFzPWS3HrhqC5+kIBjrPCyAnxDxlu2xaQ9hR+ogFh5UTDo=,iv:6+jx4Dj5CNV72DAss6NNYm44f9gSHco/EUBvL2o2CNI=,tag:6/cx84MgTDqQJxu/zINEeA==,type:str]
repo: ENC[AES256_GCM,data:sRae9XELIfkWPaXelCdgEXIDbLTHVqGcRO0o+WA9aBfB8MUw92JjRCYgMgGXT0Apy38eszyuEHFB3XPpRmtQ7g==,iv:EilVA9zdHm6B9pTIhNxyj6Th1248nXvh0kpnEqZJ5HI=,tag:q9ASAgx5vgY0IePws4rT5Q==,type:str]
restic-pass: ENC[AES256_GCM,data:WtVFKDBKIdSAgPCsgpSGIMxIjFD2itFUVxzr9T5zWyk=,iv:KEgauoBqD9Htemfznm7n2ImH3HyB3ivYL/etGZHIcC0=,tag:mzJsu5QzqDMTuvulKAxtOA==,type:str]
password-user0: ENC[AES256_GCM,data:VKrySmPAKh3UwCQXJS0EnOPPLDrigWtw5g4WMbSGz/VRtbzlQxMIgs42c/8NnHiqr98ifWy7u9c280oo7SrHhQmEOOvxfITQ9A==,iv:toGkVKCjsmtPP5Ukk/q8kPSmJo3FcTAyj2vcIEkHmU0=,tag:Nhucsk1kgx7zDZZQKycKZQ==,type:str] password-user0: ENC[AES256_GCM,data:VKrySmPAKh3UwCQXJS0EnOPPLDrigWtw5g4WMbSGz/VRtbzlQxMIgs42c/8NnHiqr98ifWy7u9c280oo7SrHhQmEOOvxfITQ9A==,iv:toGkVKCjsmtPP5Ukk/q8kPSmJo3FcTAyj2vcIEkHmU0=,tag:Nhucsk1kgx7zDZZQKycKZQ==,type:str]
sops: sops:
age: age:
@ -70,7 +66,7 @@ sops:
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-22T08:22:22Z" lastmodified: "2025-11-21T10:16:47Z"
mac: ENC[AES256_GCM,data:aGtZuHEsxcUZCfMdiYoX0oHd71XNIEG5UgxtoSqIr1ICqnjGV1hrNeLu+coSslkvYjAteYkgDBk8lHiO1kBY7G3d9fn0cRnR7wpgcaiFDCPaKdjXlrZmDdbsN+4NF62Y1LkclvGOWGEvM4pR+HxnNxK3nVEU0e10TaZ0r9/b0+o=,iv:MCid50yHr9Sk8hzsbu8wBQwW4vnERxaCEuivq1TUvhA=,tag:T7F2lS5lWY7zncWOY4VSbA==,type:str] mac: ENC[AES256_GCM,data:cgsHkgbaVkMYIaWPugPjX9yRbV6eBPcMmQnD1qRJbp647c/FF+KA4qJhB8eQD5/yA+u76in1LSEopRuKaXEGX9LRNzpUKknih/QN8bjHbbwpC2zKm/cxgkkING9Or5Fk821+RPhAb4ezZoUOl+lSG3LUl66GoDcbNAW3qxZhwO8=,iv:3rKoaAKKTskY47IqxZuKUDXeNFC58Av45nk/P/xYIzg=,tag:vfWE0td8UHxCquWW6WlqBg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0