diff --git a/modules/config/default.nix b/modules/config/default.nix index 5c7cb29..746948e 100755 --- a/modules/config/default.nix +++ b/modules/config/default.nix @@ -57,6 +57,7 @@ let label = stringType; name = stringType; hostname = stringType; + tags = listType; domains = genOptions stringType "url"; dns = genOptions stringType "provider"; localhost = genOptions stringType "address"; @@ -241,6 +242,7 @@ in sopsPath = "/var/lib/secrets"; sslPath = "/var/lib/acme"; varLib = "/var/lib"; + synologyName = "synology"; dummy = ""; }; diff --git a/modules/config/instances/config/audiobookshelf.nix b/modules/config/instances/config/audiobookshelf.nix index 1d6eab9..b548863 100755 --- a/modules/config/instances/config/audiobookshelf.nix +++ b/modules/config/instances/config/audiobookshelf.nix @@ -21,6 +21,9 @@ in url0 = audiobookshelfDomain; }; subdomain = audiobookshelfSubdomain; + tags = [ + + ]; paths = { path0 = "${servicePath}/${audiobookshelfLabel}"; }; diff --git a/modules/config/instances/config/forgejo.nix b/modules/config/instances/config/forgejo.nix index dd82743..d769152 100755 --- a/modules/config/instances/config/forgejo.nix +++ b/modules/config/instances/config/forgejo.nix @@ -25,6 +25,11 @@ in url0 = domain; }; subdomain = subdomain; + tags = [ + name + "forge" + "git" + ]; paths = { path0 = "${servicePath}/${label}"; }; diff --git a/modules/config/instances/config/glance.nix b/modules/config/instances/config/glance.nix index 783049d..9d76723 100755 --- a/modules/config/instances/config/glance.nix +++ b/modules/config/instances/config/glance.nix @@ -25,6 +25,12 @@ in url0 = domain; }; subdomain = subdomain; + tags = [ + "glance" + "dashboard" + "weather" + "podcasts" + ]; paths = { path0 = "${servicePath}/${label}"; }; diff --git a/modules/config/instances/config/jellyfin.nix b/modules/config/instances/config/jellyfin.nix index 4b6eb3e..31c1b48 100755 --- a/modules/config/instances/config/jellyfin.nix +++ b/modules/config/instances/config/jellyfin.nix @@ -19,6 +19,14 @@ in domains = { url0 = domain; }; + tags = [ + "jelly" + "video" + "streaming" + "movies" + "shows" + "music" + ]; subdomain = name; paths = { path0 = "${servicePath}/${label}"; diff --git a/modules/config/instances/config/mastodon.nix b/modules/config/instances/config/mastodon.nix index 589ad64..cf7095a 100755 --- a/modules/config/instances/config/mastodon.nix +++ b/modules/config/instances/config/mastodon.nix @@ -22,6 +22,11 @@ in url0 = domain; }; subdomain = subdomain; + tags = [ + name + "mast" + "md" + ]; sops = { path0 = "${sopsPath}/${name}"; }; diff --git a/modules/config/instances/config/matrix.nix b/modules/config/instances/config/matrix.nix index 679708d..a3efe24 100755 --- a/modules/config/instances/config/matrix.nix +++ b/modules/config/instances/config/matrix.nix @@ -15,6 +15,9 @@ in path0 = "${sopsPath}/${name}"; }; subdomain = name; + tags = [ + + ]; paths = { path0 = "${servicePath}/${label}"; path1 = ""; diff --git a/modules/config/instances/config/nextcloud.nix b/modules/config/instances/config/nextcloud.nix index 6538cca..233a213 100755 --- a/modules/config/instances/config/nextcloud.nix +++ b/modules/config/instances/config/nextcloud.nix @@ -24,6 +24,12 @@ in url0 = domain; }; subdomain = name; + tags = [ + name + "next" + "cloud" + "calendar" + ]; paths = { path0 = "${servicePath}/${label}"; }; diff --git a/modules/config/instances/config/ollama.nix b/modules/config/instances/config/ollama.nix index b1bcd66..643f7ab 100755 --- a/modules/config/instances/config/ollama.nix +++ b/modules/config/instances/config/ollama.nix @@ -21,6 +21,11 @@ in url0 = domain; }; subdomain = name; + tags = [ + name + "chat" + "ai" + ]; paths = { path0 = "${servicePath}/${label}"; path1 = "/mnt/media/storage/${name}"; diff --git a/modules/config/instances/config/opencloud.nix b/modules/config/instances/config/opencloud.nix new file mode 100755 index 0000000..179a3d0 --- /dev/null +++ b/modules/config/instances/config/opencloud.nix @@ -0,0 +1,43 @@ +{ moduleFunctions }: +let + inherit (moduleFunctions.instancesFunctions) + domain0 + servicePath + sslPath + sopsPath + ; + + label = "OpenCloud"; + name = "opencloud"; + subdomain = "cloud"; + domain = "${subdomain}.${domain0}"; +in +{ + label = label; + name = name; + email = { + address0 = "noreply@${domain0}"; + }; + sops = { + path0 = "${sopsPath}/${name}"; + }; + domains = { + url0 = domain; + }; + subdomain = subdomain; + tags = [ + name + "opencloud" + "cloud" + ]; + paths = { + path0 = "${servicePath}/${label}"; + }; + ports = { + port0 = 9200; + }; + ssl = { + cert = "${sslPath}/${subdomain}.${domain0}/fullchain.pem"; + key = "${sslPath}/${subdomain}.${domain0}/key.pem"; + }; +} diff --git a/modules/config/instances/config/owncast.nix b/modules/config/instances/config/owncast.nix index a18ce48..5d7f072 100755 --- a/modules/config/instances/config/owncast.nix +++ b/modules/config/instances/config/owncast.nix @@ -22,6 +22,9 @@ in url0 = domain; }; subdomain = subdomain; + tags = [ + + ]; paths = { path0 = "${servicePath}/${label}"; path1 = "/mnt/media/storage/${name}"; diff --git a/modules/config/instances/config/peertube.nix b/modules/config/instances/config/peertube.nix index 81a4ab0..93b0a73 100755 --- a/modules/config/instances/config/peertube.nix +++ b/modules/config/instances/config/peertube.nix @@ -25,6 +25,9 @@ in url0 = domain; }; subdomain = subdomain; + tags = [ + + ]; paths = { path0 = "${servicePath}/${label}"; }; diff --git a/modules/config/instances/config/searx.nix b/modules/config/instances/config/searx.nix index 82e793b..087f75b 100755 --- a/modules/config/instances/config/searx.nix +++ b/modules/config/instances/config/searx.nix @@ -25,6 +25,11 @@ in url0 = domain; }; subdomain = subdomain; + tags = [ + "search" + "sear" + "searx" + ]; paths = { path0 = "${servicePath}/${label}"; }; diff --git a/modules/config/instances/config/syncthing.nix b/modules/config/instances/config/syncthing.nix index 3795acb..22badb1 100755 --- a/modules/config/instances/config/syncthing.nix +++ b/modules/config/instances/config/syncthing.nix @@ -4,6 +4,7 @@ let domain0 sslPath sopsPath + synologyName ; label = "Syncthing"; @@ -20,6 +21,12 @@ in url0 = domain; }; subdomain = name; + tags = [ + name + synologyName + "sync" + "thing" + ]; ports = { port0 = 8388; # Syncthing (WebUI) port1 = 21027; # Syncthing (Discovery) diff --git a/modules/config/instances/config/synology.nix b/modules/config/instances/config/synology.nix index 3138ac0..0af590d 100755 --- a/modules/config/instances/config/synology.nix +++ b/modules/config/instances/config/synology.nix @@ -2,14 +2,20 @@ let inherit (moduleFunctions.instancesFunctions) sopsPath + synologyName ; label = "Synology"; - name = "synology"; + name = synologyName; in { label = label; name = name; + tags = [ + name + "dsm" + "cloud" + ]; sops = { path0 = "${sopsPath}/${name}"; }; diff --git a/modules/config/instances/config/upRootNutrition.nix b/modules/config/instances/config/upRootNutrition.nix index 3702b08..5748123 100755 --- a/modules/config/instances/config/upRootNutrition.nix +++ b/modules/config/instances/config/upRootNutrition.nix @@ -18,6 +18,13 @@ in sops = { path0 = "${sopsPath}/${name}"; }; + domains = { + url0 = domain3; + }; + tags = [ + name + "blog" + ]; paths = { path0 = "/var/lib/website/dist"; path1 = ""; diff --git a/modules/config/instances/config/vaultwarden.nix b/modules/config/instances/config/vaultwarden.nix index 5ea9dd2..a2bf140 100755 --- a/modules/config/instances/config/vaultwarden.nix +++ b/modules/config/instances/config/vaultwarden.nix @@ -24,6 +24,13 @@ in url0 = domain; }; subdomain = name; + tags = [ + name + "bitwarden" + "vault" + "bit" + "warden" + ]; paths = { path0 = "${servicePath}/${label}/BackupDir"; }; diff --git a/modules/config/instances/config/web.nix b/modules/config/instances/config/web.nix index 4f8a1c9..beedbf9 100755 --- a/modules/config/instances/config/web.nix +++ b/modules/config/instances/config/web.nix @@ -8,6 +8,8 @@ let ; in { + name = "router"; + label = "Router"; domains = { url0 = domain0; url1 = domain1; @@ -17,6 +19,10 @@ in dns = { provider0 = "namecheap"; }; + tags = [ + "router" + "asus" + ]; localhost = { address0 = "127.0.0.1"; # Local address1 = "0.0.0.0"; # All diff --git a/modules/home/gui/apps/browsers/floorp/config/bookmarks/config/flake/selfHosted.nix b/modules/home/gui/apps/browsers/floorp/config/bookmarks/config/flake/selfHosted.nix index 8650db2..48f7fe3 100755 --- a/modules/home/gui/apps/browsers/floorp/config/bookmarks/config/flake/selfHosted.nix +++ b/modules/home/gui/apps/browsers/floorp/config/bookmarks/config/flake/selfHosted.nix @@ -15,25 +15,6 @@ let instances ; - jellyfinTags = [ - "jelly" - "video" - "streaming" - "movies" - "shows" - "music" - ]; - ollamaTags = [ - instances.ollama.name - "chat" - "ai" - ]; - syncthingTags = [ - instances.syncthing.name - "sync" - "thing" - instances.synology.name - ]; in { name = "Self Hosted"; @@ -49,35 +30,39 @@ in ]; keyword = "Website"; } + { + name = instances.opencloud.label; + url = "https://${instances.opencloud.domains.url0}"; + tags = [ + + ]; + keyword = "Cloud"; + } { name = instances.forgejo.label; url = "https://${instances.forgejo.domains.url0}"; tags = [ - instances.forgejo.name - "forge" - "git" + ]; keyword = instances.forgejo.label; } { name = "${instances.jellyfin.label} (Internet)"; url = "https://${instances.jellyfin.domains.url0}"; - tags = jellyfinTags; + tags = [ ]; keyword = instances.jellyfin.label; } { name = "${instances.jellyfin.label} (Local)"; url = "http://${ceres.ip.address0}:${toString instances.jellyfin.ports.port1}"; - tags = jellyfinTags; + tags = [ ]; keyword = instances.jellyfin.label; } { name = instances.mastodon.label; url = "https://${instances.mastodon.domains.url0}"; tags = [ - instances.mastodon.name - "mast" - "md" + ]; keyword = instances.mastodon.label; } @@ -96,51 +81,34 @@ in name = instances.nextcloud.label; url = "https://${instances.nextcloud.domains.url0}"; tags = [ - instances.nextcloud.name - "next" - "cloud" - "calendar" + ]; keyword = instances.nextcloud.label; } - { - name = aliases.name2; - url = instances.web.domains.url2; - tags = [ - aliases.name3 - "blog" - ]; - keyword = aliases.name2; - } { name = "${instances.glance.label} (Local)"; url = "https://${instances.glance.domains.url0}"; tags = [ - "glance" - "dashboard" - "weather" - "podcasts" + ]; keyword = instances.glance.label; } { name = "${instances.ollama.label} (Server)"; url = "https://${instances.ollama.domains.url0}"; - tags = ollamaTags; + tags = [ ]; keyword = instances.ollama.label; } { name = "${instances.ollama.label} (Desktop)"; url = "http://${mars.ip.address0}:${toString instances.ollama.ports.port0}"; - tags = ollamaTags; + tags = [ ]; keyword = instances.ollama.label; } { name = "Router"; url = "http://${instances.web.localhost.address2}"; tags = [ - "router" - "asus" ]; keyword = "Router"; } @@ -148,9 +116,7 @@ in name = "${instances.searx.label} (Internet)"; url = "https://${instances.searx.domains.url0}"; tags = [ - "search" - "sear" - "searx" + ]; keyword = instances.searx.label; } @@ -158,25 +124,21 @@ in name = "${instances.syncthing.label} (${instances.synology.label})"; url = "http://${synology.ip.address0}:${toString instances.syncthing.ports.port0}"; tags = [ - "synology" - ] ++ syncthingTags; + ]; keyword = instances.syncthing.label; } { name = "${instances.syncthing.label} (Desktop)"; url = "http://localhost:${toString instances.syncthing.ports.port0}"; tags = [ - "desktop" - ] ++ syncthingTags; + ]; keyword = instances.syncthing.label; } { name = instances.synology.label; url = "https://${synology.ip.address0}:${toString instances.synology.ports.port0}"; tags = [ - instances.synology.name - "dsm" - "cloud" + ]; keyword = instances.synology.label; } @@ -184,11 +146,7 @@ in name = instances.vaultwarden.label; url = "https://${instances.vaultwarden.domains.url0}"; tags = [ - instances.vaultwarden.name - "bitwarden" - "vault" - "bit" - "warden" + ]; keyword = instances.vaultwarden.label; } diff --git a/modules/home/gui/apps/code/zed/config/userSettings/config/assistant/default.nix b/modules/home/gui/apps/code/zed/config/userSettings/config/assistant/default.nix index 729c207..71ff3aa 100755 --- a/modules/home/gui/apps/code/zed/config/userSettings/config/assistant/default.nix +++ b/modules/home/gui/apps/code/zed/config/userSettings/config/assistant/default.nix @@ -11,7 +11,7 @@ let localhost = web.localhost.address0; in { - assistant = { + agent = { enabled = true; default_model = { provider = "zed.dev"; diff --git a/modules/home/gui/apps/code/zed/default.nix b/modules/home/gui/apps/code/zed/default.nix index 142d84b..7d2d81f 100755 --- a/modules/home/gui/apps/code/zed/default.nix +++ b/modules/home/gui/apps/code/zed/default.nix @@ -23,7 +23,7 @@ in { programs.zed-editor = { enable = true; - package = packagePath; + # package = packagePath; extraPackages = extraPackagesPath; extensions = extensionsPath; userKeymaps = userKeymapsPath; diff --git a/modules/home/gui/desktop/hypr/land/config/bind.nix b/modules/home/gui/desktop/hypr/land/config/bind.nix index 82d2bd7..d0f8d9d 100755 --- a/modules/home/gui/desktop/hypr/land/config/bind.nix +++ b/modules/home/gui/desktop/hypr/land/config/bind.nix @@ -84,11 +84,14 @@ let "3, movetoworkspacesilent, 3" "4, movetoworkspacesilent, 4" "5, movetoworkspacesilent, 5" - # Window Move "C, movewindow, l" "A, movewindow, u" "E, movewindow, d" "I, movewindow, r" + "Left, movewindow, l" + "Up, movewindow, u" + "Down, movewindow, d" + "Right, movewindow, r" ]; shiftBinds = builtins.map (x: "SHIFT, " + x) [ @@ -108,10 +111,6 @@ let "3, movetoworkspacesilent, 3" "4, movetoworkspacesilent, 4" "5, movetoworkspacesilent, 5" - "Left, movewindow, l" - "Up, movewindow, u" - "Down, movewindow, d" - "Right, movewindow, r" ]; functionBinds = builtins.map (x: " , " + x) [ diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index a84622f..8228d2f 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -58,6 +58,7 @@ in mastodon minecraft ollama + opencloud postgresql samba searx diff --git a/modules/nixos/services/acme/default.nix b/modules/nixos/services/acme/default.nix index 06fd49c..b02564c 100755 --- a/modules/nixos/services/acme/default.nix +++ b/modules/nixos/services/acme/default.nix @@ -41,6 +41,7 @@ in "searx" "syncthing" "vaultwarden" + "opencloud" ] ) ++ (map diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index e51bbff..ce7bce6 100755 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -107,7 +107,6 @@ in }) [ "pass" - "smtp" ] ); }; diff --git a/modules/nixos/services/opencloud/default.nix b/modules/nixos/services/opencloud/default.nix new file mode 100755 index 0000000..9c415ee --- /dev/null +++ b/modules/nixos/services/opencloud/default.nix @@ -0,0 +1,79 @@ +{ config, flake, ... }: +let + inherit (flake.config.machines.devices) ceres; + inherit (flake.config.services.instances) opencloud web; + service = opencloud; + localhost = web.localhost.address0; + host = service.domains.url0; +in +{ + services = { + opencloud = { + enable = true; + url = "https://${host}"; + port = service.ports.port0; + address = localhost; + stateDir = "/var/lib/${service.name}"; + environmentFile = config.sops.secrets."${service.name}/env".path; + }; + caddy = { + virtualHosts = { + "${host}" = { + extraConfig = '' + reverse_proxy https://${localhost}:${toString service.ports.port0} { + transport http { + tls_insecure_skip_verify + } + } + tls ${service.ssl.cert} ${service.ssl.key} + ''; + }; + }; + }; + }; + + sops = + let + sopsPath = secret: { + path = "${service.sops.path0}/${service.name}-${secret}"; + owner = service.name; + mode = "600"; + }; + in + { + secrets = builtins.listToAttrs ( + map + (secret: { + name = "${service.name}/${secret}"; + value = sopsPath secret; + }) + [ + "env" + ] + ); + }; + + fileSystems."/var/lib/${service.name}" = { + device = service.paths.path0; + fsType = "none"; + options = [ + "bind" + ]; + depends = [ + ceres.storage0.mount + ]; + }; + + systemd.tmpfiles.rules = [ + "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" + "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" + ]; + + networking = { + firewall = { + allowedTCPPorts = [ + service.ports.port0 + ]; + }; + }; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index a682cf8..6e0daa0 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -47,6 +47,8 @@ kanboard-smtp: ENC[AES256_GCM,data:eOIEGwJZlvbJaTfDRU3IFQ==,iv:Jex01WlHG3uxqUnTS podgrab-pass: ENC[AES256_GCM,data:DVmJDb4VqcZDKNcedSaRA5dqKOzx1tSzDiK3i23+a6v3nK+4Kh7n8EA=,iv:SiiUjJLHkCOO1VKCmubftKx06laFqNv79tIPnkVYrJU=,tag:kdkT+03DemlNAsuzps8fnw==,type:str] firefly-iii-key: ENC[AES256_GCM,data:tLJfwB8De1vdGeccr4SxifU7KYAfnasoXISvz5mSR28=,iv:vknG+h2D04lECHE/PPA53aZqWk4ouYcH+WfP7WooPYU=,tag:HKma2cydw58pAnvOFH53fA==,type:str] firefly-iii-pass: ENC[AES256_GCM,data:eJwIM4YHnXTqTOUfU/0CKMSS534VEZIxkBviI1pd7R4=,iv:pUv8ok5nLDGeCcP2hsTculk+MPPAjkupidQO0Jkc3Wc=,tag:zq7+lFjdOr5ORpthqXW8EA==,type:str] +opencloud: + env: ENC[AES256_GCM,data:JZOs+86/jhHtXuOb4fsk4ceZuFpSa6PAMN2/vmGlvlXvsx/Yk2ZXeZZU0jtwweN8Sk61A2538OdPpfKynBgwsZ2SgoxAIyJtQl3HZWdZzNZ6+/t+AFvvav/x9nUv1O5704FP5OYOMniQAmqu0ds0JIX3YV/cstoo+rNhNW2emlVhj2ABYhTxy0BFJ8A+Re9y5FN5WT4tmloF/21ZrIwtTw8ULQPCksJfTFwEE+cCN3aIWZn00/4zUuv6CEtZeKeOeLxgQL+G2pPhNrQzG+lw+AKLzXA2mJM+3Zfq0MplyXeFCLkV1GCHksrMPp2w5j2RdtfcdE9IP+tXoD/fZNfYgCK1Pk/JhkXcV9EPbz4KUL/+OpgFqh+RvKGPXH2iTV0B8t2Ag7NowxULI2jKw0c=,iv:1ClzjY1n48cQ9bdBewM5A5Lr/c13HbSSYJ7xYCwZDzA=,tag:FavwE2sX+wSgKOEpywFeMw==,type:str] sops: age: - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0 @@ -58,7 +60,7 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-04T00:40:18Z" - mac: ENC[AES256_GCM,data:N2BwAzga2/Ig96p49rqNhhZ2udYWt7mQ9JD8DFXuxa3HOh3gtx7FWeWpGjvLnLWCgGcT4R61RKmgZQZRADNxYPE3vtdpPOFz0XvgcYSDlwslzBdSsVc08sh77P0LDgZsCzE1MxYynQ6nzFcc6gW5sorInLarsHoCCBC+Z5YpOVg=,iv:H6d3VrERM02/1zI5boFemEpMYD3greYZRqlSpBqROzM=,tag:TEakUvOlKoZYo/XPS6HVnA==,type:str] + lastmodified: "2025-07-07T22:29:06Z" + mac: ENC[AES256_GCM,data:MmVn9KJcM92hiubQti6vbw5sg4NldFU7uxAgX4b6lL7+6LaaIznrqBcplIAcelVWCvZhcQ25L4oQP0da7JgJDzMsiPYawy33MsSWatdST3PPr7ozvQqSgucbUcPja7Fyl6Yr0ijqkH2d8EdOg5km15LaEGir2jkDi+lBRmL2Msc=,iv:VYsheWRXrih4SYgtS5qVa9ZM8kw0k7ZOlKpEkCmBsHQ=,tag:eByH+iVgznc7A0F3HSX9/g==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2