From 86bf66c817b23168c2fcd579c9941d6c99cf3e86 Mon Sep 17 00:00:00 2001 From: Timo Boomers Date: Fri, 2 May 2025 16:43:49 +0200 Subject: [PATCH 1/7] Added storage and home assistant --- hosts/v-th-ctr-01/home.nix | 2 + modules/home/containers/caddy.nix | 15 ++++++++ modules/home/containers/homeassistant.nix | 31 +++++++++++++++ modules/home/containers/homepage.nix | 1 + modules/home/containers/storage.nix | 47 +++++++++++++++++++++++ modules/home/default.nix | 2 + 6 files changed, 98 insertions(+) create mode 100644 modules/home/containers/homeassistant.nix create mode 100644 modules/home/containers/storage.nix diff --git a/hosts/v-th-ctr-01/home.nix b/hosts/v-th-ctr-01/home.nix index c0639a8..b78c324 100644 --- a/hosts/v-th-ctr-01/home.nix +++ b/hosts/v-th-ctr-01/home.nix @@ -50,6 +50,8 @@ vaultwarden.enable = true; paperless-ngx.enable = true; beszel.enable = true; + storage.enable = true; + homeassistant.enable = true; }; }; diff --git a/modules/home/containers/caddy.nix b/modules/home/containers/caddy.nix index 1964b15..2b70a0b 100644 --- a/modules/home/containers/caddy.nix +++ b/modules/home/containers/caddy.nix @@ -71,6 +71,11 @@ in { handle @pingvin-share { reverse_proxy pingvin-share:3000 } + + @dufs host files.tbmrs.nl + handle @dufs { + reverse_proxy dufs:5000 + } } *.local.tbmrs.nl { @@ -93,6 +98,16 @@ in { handle @beszel { reverse_proxy beszel:8090 } + + @syncthing host syncthing.local.tbmrs.nl + handle @syncthing { + reverse_proxy syncthing:8384 + } + + @homeassistant host home-assistant.local.tbmrs.nl + handle @homeassistant { + reverse_proxy homeassistant:8123 + } } ''; }; diff --git a/modules/home/containers/homeassistant.nix b/modules/home/containers/homeassistant.nix new file mode 100644 index 0000000..7dea2b1 --- /dev/null +++ b/modules/home/containers/homeassistant.nix @@ -0,0 +1,31 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.settings.containers.homeassistant; +in { + options = { + settings.containers.homeassistant.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable storage configuration + ''; + }; + }; + + config = mkIf cfg.enable { + services.podman.containers.homeassistant = { + image = "ghcr.io/home-assistant/home-assistant:stable"; + network = "proxy"; + volumes = [ + "%h/containers/homeassistant/config:/config" + ]; + userNS = "keep-id"; + environment = { + TZ = "Europe/Amsterdam"; + }; + }; + }; +} diff --git a/modules/home/containers/homepage.nix b/modules/home/containers/homepage.nix index b553725..f80fe5a 100644 --- a/modules/home/containers/homepage.nix +++ b/modules/home/containers/homepage.nix @@ -26,6 +26,7 @@ in { "%h/containers/homepage/config/docker.yaml:/app/config/docker.yaml" "/run/user/1000/podman/podman.sock:/var/run/podman.sock:ro" ]; + userNS = "keep-id"; environment = { HOMEPAGE_ALLOWED_HOSTS = "home.tbmrs.nl"; }; diff --git a/modules/home/containers/storage.nix b/modules/home/containers/storage.nix new file mode 100644 index 0000000..f779a83 --- /dev/null +++ b/modules/home/containers/storage.nix @@ -0,0 +1,47 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.settings.containers.storage; +in { + options = { + settings.containers.storage.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable storage configuration + ''; + }; + }; + + config = mkIf cfg.enable { + services.podman.containers.dufs = { + image = "sigoden/dufs"; + network = "proxy"; + volumes = [ + "%h/storage:/data" + ]; + userNS = "keep-id"; + environment = { + DUFS_SERVE_PATH = "data"; + DUFS_AUTH = "@/tboomers/public:ro|tboomers:password@/tboomers:rw"; + DUFS_ALLOW_ALL = true; + }; + }; + + services.podman.containers.syncthing = { + image = "syncthing/syncthing"; + network = "proxy"; + volumes = [ + "%h/storage:/storage" + "%h/containers/syncthing/data:/var/syncthing" + ]; + userNS = "keep-id"; + ports = [ + "22000:22000/tcp" + "22000:22000/udp" + ]; + }; + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index 2acfa23..b53b30d 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -37,5 +37,7 @@ ./containers/vaultwarden.nix ./containers/paperless-ngx.nix ./containers/beszel.nix + ./containers/storage.nix + ./containers/homeassistant.nix ]; } From c1d56759274cde6f023ae01cac1dc6a7ac1202bf Mon Sep 17 00:00:00 2001 From: Timo Boomers Date: Fri, 9 May 2025 08:40:34 +0200 Subject: [PATCH 2/7] Added wezterm and added aliases for justfile --- hosts/ch-clt-dsk01/home.nix | 1 + hosts/ti-clt-dsk01/default.nix | 5 ++ hosts/ti-clt-dsk01/home.nix | 7 ++ hosts/ti-clt-lpt01/home.nix | 1 + hosts/ti-clt-tbl01/home.nix | 1 + hosts/v-th-ctr-01/home.nix | 1 + justfile | 6 ++ modules/home/applications/wezterm.nix | 107 ++++++++++++++++++++++++++ modules/home/default.nix | 1 + modules/home/theming/stylix.nix | 1 + 10 files changed, 131 insertions(+) create mode 100644 modules/home/applications/wezterm.nix diff --git a/hosts/ch-clt-dsk01/home.nix b/hosts/ch-clt-dsk01/home.nix index 0c6b6ab..ca6ef97 100644 --- a/hosts/ch-clt-dsk01/home.nix +++ b/hosts/ch-clt-dsk01/home.nix @@ -24,6 +24,7 @@ applications.thunderbird.enable = false; applications.yazi.enable = false; applications.zellij.enable = false; + applications.wezterm.enable = false; services.nextcloud-sync.enable = false; diff --git a/hosts/ti-clt-dsk01/default.nix b/hosts/ti-clt-dsk01/default.nix index 90b4e20..c6324b6 100644 --- a/hosts/ti-clt-dsk01/default.nix +++ b/hosts/ti-clt-dsk01/default.nix @@ -88,6 +88,11 @@ "vault.local.tbmrs.nl" "paperless.local.tbmrs.nl" "monitor.local.tbmrs.nl" + "files.tbmrs.nl" + "syncthing.local.tbmrs.nl" + "home-assistant.local.tbmrs.nl" + "karakeep.local.tbmrs.nl" + "vikunja.local.tbmrs.nl" ]; }; diff --git a/hosts/ti-clt-dsk01/home.nix b/hosts/ti-clt-dsk01/home.nix index 1ec5e40..f41fa7c 100644 --- a/hosts/ti-clt-dsk01/home.nix +++ b/hosts/ti-clt-dsk01/home.nix @@ -24,6 +24,7 @@ applications.thunderbird.enable = true; applications.yazi.enable = true; applications.zellij.enable = true; + applications.wezterm.enable = true; services.nextcloud-sync.enable = true; @@ -46,11 +47,17 @@ unstable.freecad unstable.hoppscotch unstable.signal-desktop + unstable.ladybird + unstable.prusa-slicer unstable.surfer # waveform viewer # Office libreoffice + + # Scripts + wl-clipboard-rs + (import ../../modules/scripts/save_image.nix { inherit pkgs; }) ]; # Enable home-manager diff --git a/hosts/ti-clt-lpt01/home.nix b/hosts/ti-clt-lpt01/home.nix index d231f78..01a8fd0 100644 --- a/hosts/ti-clt-lpt01/home.nix +++ b/hosts/ti-clt-lpt01/home.nix @@ -24,6 +24,7 @@ applications.thunderbird.enable = true; applications.yazi.enable = true; applications.zellij.enable = true; + applications.wezterm.enable = true; services.nextcloud-sync.enable = true; diff --git a/hosts/ti-clt-tbl01/home.nix b/hosts/ti-clt-tbl01/home.nix index 1439603..7cf079e 100644 --- a/hosts/ti-clt-tbl01/home.nix +++ b/hosts/ti-clt-tbl01/home.nix @@ -24,6 +24,7 @@ applications.thunderbird.enable = false; applications.yazi.enable = true; applications.zellij.enable = false; + applications.wezterm.enable = false; services.nextcloud-sync.enable = true; diff --git a/hosts/v-th-ctr-01/home.nix b/hosts/v-th-ctr-01/home.nix index c0639a8..0e9c562 100644 --- a/hosts/v-th-ctr-01/home.nix +++ b/hosts/v-th-ctr-01/home.nix @@ -24,6 +24,7 @@ applications.thunderbird.enable = false; applications.yazi.enable = true; applications.zellij.enable = true; + applications.wezterm.enable = false; services.nextcloud-sync.enable = false; services.podman.enable = true; diff --git a/justfile b/justfile index 6641b5e..49de3ed 100644 --- a/justfile +++ b/justfile @@ -15,12 +15,18 @@ clean: fmt: nix fmt +alias s := switch + switch: sudo nixos-rebuild switch --flake . home-manager switch --flake . +alias sw := switch-system + switch-system: sudo nixos-rebuild switch --flake . +alias sh := switch-home-manager + switch-home-manager: home-manager switch --flake . diff --git a/modules/home/applications/wezterm.nix b/modules/home/applications/wezterm.nix new file mode 100644 index 0000000..71d9632 --- /dev/null +++ b/modules/home/applications/wezterm.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.settings.applications.wezterm; +in { + options = { + settings.applications.wezterm.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable wezterm terminal + ''; + }; + }; + + config = mkIf cfg.enable { + programs.wezterm = { + enable = true; + enableZshIntegration = true; + package = pkgs.unstable.wezterm; + extraConfig = /* lua */ '' + -- Pull in the wezterm API + local wezterm = require 'wezterm' + + -- This will hold the configuration. + local config = wezterm.config_builder() + local act = wezterm.action + + -- This is where you actually apply your config choices + + -- For example, changing the color scheme: + config.enable_tab_bar = true + config.use_fancy_tab_bar = false + config.window_decorations = "NONE" + config.tab_bar_at_bottom = true + + config.keys = { + -- Pane controls + { + key = 'h', + mods = 'CTRL', + action = act.ActivatePaneDirection 'Left', + }, + { + key = 'l', + mods = 'CTRL', + action = act.ActivatePaneDirection 'Right', + }, + { + key = 'k', + mods = 'CTRL', + action = act.ActivatePaneDirection 'Up', + }, + { + key = 'j', + mods = 'CTRL', + action = act.ActivatePaneDirection 'Down', + }, + + -- Pane resizing + { + key = 'H', + mods = 'CTRL', + action = act.AdjustPaneSize { 'Left', 5 }, + }, + { + key = 'L', + mods = 'CTRL', + action = act.AdjustPaneSize { 'Right', 5 }, + }, + { + key = 'K', + mods = 'CTRL', + action = act.AdjustPaneSize { 'Up', 5 }, + }, + { + key = 'J', + mods = 'CTRL', + action = act.AdjustPaneSize { 'Down', 5 }, + }, + { + key = 'q', + mods = 'CTRL', + action = act.CloseCurrentPane { confirm = false }, + }, + + -- Tab management + { key = '1', mods = 'ALT', action = act.ActivateTab(0) }, + { key = '2', mods = 'ALT', action = act.ActivateTab(1) }, + { key = '3', mods = 'ALT', action = act.ActivateTab(2) }, + { key = '4', mods = 'ALT', action = act.ActivateTab(3) }, + { key = '5', mods = 'ALT', action = act.ActivateTab(4) }, + { + key = 'q', + mods = 'ALT', + action = act.CloseCurrentTab { confirm = false }, + }, + } + + -- and finally, return the configuration to wezterm + return config + ''; + }; + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index cdb3b4b..4602a67 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -13,6 +13,7 @@ ./applications/thunderbird.nix ./applications/yazi.nix ./applications/zellij.nix + ./applications/wezterm.nix ./services/nextcloud.nix ./services/podman.nix diff --git a/modules/home/theming/stylix.nix b/modules/home/theming/stylix.nix index efbd583..23dc43b 100644 --- a/modules/home/theming/stylix.nix +++ b/modules/home/theming/stylix.nix @@ -42,6 +42,7 @@ in { stylix.base16Scheme = lib.mkIf (cfg.theme != "theme") "${pkgs.base16-schemes}/share/themes/${cfg.theme}.yaml"; stylix.autoEnable = true; + stylix.opacity.terminal = 0.95; stylix.cursor = { package = pkgs.phinger-cursors; From 42cab14829f44d9f1819c0507462609219cc2b4e Mon Sep 17 00:00:00 2001 From: Timo Boomers Date: Fri, 9 May 2025 08:43:06 +0200 Subject: [PATCH 3/7] disabled nushell --- hosts/ti-clt-lpt01/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/ti-clt-lpt01/home.nix b/hosts/ti-clt-lpt01/home.nix index e339cc3..502c1f6 100644 --- a/hosts/ti-clt-lpt01/home.nix +++ b/hosts/ti-clt-lpt01/home.nix @@ -25,7 +25,7 @@ applications.yazi.enable = true; applications.zellij.enable = true; applications.wezterm.enable = true; - applications.nushell.enable = true; + applications.nushell.enable = false; services.nextcloud-sync.enable = true; From 5c78d0c1f56d8e915e147386511c83e1a79e86ae Mon Sep 17 00:00:00 2001 From: Timo Boomers Date: Fri, 9 May 2025 12:18:16 +0200 Subject: [PATCH 4/7] Modularized helix --- hosts/ti-clt-dsk01/home.nix | 11 ++- modules/home/applications/helix.nix | 135 ++++++++++++++++------------ 2 files changed, 88 insertions(+), 58 deletions(-) diff --git a/hosts/ti-clt-dsk01/home.nix b/hosts/ti-clt-dsk01/home.nix index f41fa7c..d92a98c 100644 --- a/hosts/ti-clt-dsk01/home.nix +++ b/hosts/ti-clt-dsk01/home.nix @@ -18,7 +18,15 @@ applications.devenv.enable = true; applications.firefox.enable = true; applications.git.enable = true; - applications.helix.enable = true; + applications.helix = { + enable = true; + markdown = true; + rust = true; + systemverilog = true; + nix = true; + latex = true; + vue = true; + }; applications.zsh.enable = true; applications.ssh.enable = true; applications.thunderbird.enable = true; @@ -51,6 +59,7 @@ unstable.prusa-slicer unstable.surfer # waveform viewer + pomodoro-gtk # Office libreoffice diff --git a/modules/home/applications/helix.nix b/modules/home/applications/helix.nix index 701551c..3b6662a 100644 --- a/modules/home/applications/helix.nix +++ b/modules/home/applications/helix.nix @@ -12,47 +12,79 @@ in { Enable helix text editor ''; }; + + settings.applications.helix.markdown = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable markdown language support + ''; + }; + + settings.applications.helix.systemverilog = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable systemverilog language support + ''; + }; + + settings.applications.helix.nix = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Enable nix language support + ''; + }; + + settings.applications.helix.latex = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Enable latex language support + ''; + }; + + settings.applications.helix.vue = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Enable vue/nuxt language support + ''; + }; + + settings.applications.helix.rust = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable rust language support + ''; + }; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ - # Markdown - unstable.marksman - unstable.markdown-oxide - dprint - - # Systemverilog - unstable.svls - - # Assembly - unstable.asm-lsp - - # Nixos - unstable.nil - unstable.nixpkgs-fmt - - # Latex - tectonic - unstable.texlab - - # Vue/Nuxt - unstable.vue-language-server - unstable.typescript - unstable.typescript-language-server + home.packages = with pkgs; lib.concatLists [ + (lib.optionals cfg.markdown [ unstable.marksman unstable.markdown-oxide dprint ]) + (lib.optionals cfg.systemverilog [ unstable.svls ]) + (lib.optionals cfg.nix [ unstable.nix unstable.nixpkgs-fmt ]) + (lib.optionals cfg.latex [ tectonic unstable.texlab ]) + (lib.optionals cfg.vue [ unstable.vue-language-server unstable.typescript unstable.typescript-language-server ]) ]; # Markdown - home.file.".config/.dprint.json".text ='' - { - "markdown": { - "lineWidth":120, - }, - "excludes": [], - "plugins": [ - "https://plugins.dprint.dev/markdown-0.16.1.wasm" - ] - } - ''; + home.file.".config/.dprint.json" = lib.mkIf cfg.markdown { + text = '' + { + "markdown": { + "lineWidth":120, + }, + "excludes": [], + "plugins": [ + "https://plugins.dprint.dev/markdown-0.16.1.wasm" + ] + } + ''; + }; programs.helix = { enable = true; @@ -65,24 +97,19 @@ in { }; languages = { # Rust - language-server.rust-analyzer.config = { + language-server.rust-analyzer.config = lib.mkIf cfg.rust { cargo = { features = "all"; }; }; # Systemverilog - language-server.svls = { + language-server.svls = lib.mkIf cfg.systemverilog { command = "svls"; }; - # Systemverilog - language-server.asm = { - command = "asm-lsp"; - }; - # Latex - language-server.texlab = { + language-server.texlab = lib.mkIf cfg.latex { config = { texlab.chktex = { onOpenAndSave = true; @@ -116,7 +143,7 @@ in { }; }; - language-server.typescript-language-server.config = { + language-server.typescript-language-server.config = lib.mkIf cfg.vue { # tsserver = { # path = "${pkgs.unstable.typescript}/bin/tsserver"; # }; @@ -148,18 +175,12 @@ in { # }; # }; - language = [ - { + language = lib.concatLists [ + (lib.optionals cfg.systemverilog [{ name = "verilog"; language-servers = [ "svls" ]; - } - { - name = "asm"; - scope = "source.s"; - language-servers = [ "asm" ]; - file-types = [ "s" "S" ]; - } - { + }]) + (lib.optionals cfg.markdown [{ name = "markdown"; auto-format = true; language-servers = [ "markdown-oxide" ]; @@ -170,11 +191,11 @@ in { name = "typst"; auto-format = false; formatter.command = "${pkgs.typstfmt}/bin/typstfmt"; - } - { + }]) + (lib.optionals cfg.vue [{ name = "vue"; language-servers = ["vuels" "typescript-language-server"]; - } + }]) ]; }; }; From 6d3dea12ffdeb8b290d8f70ab8398a76cb8dd915 Mon Sep 17 00:00:00 2001 From: Timo Boomers Date: Fri, 9 May 2025 12:19:47 +0200 Subject: [PATCH 5/7] Changed helix preferences --- hosts/ti-clt-lpt01/home.nix | 10 +++++++++- hosts/v-th-ctr-01/home.nix | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/hosts/ti-clt-lpt01/home.nix b/hosts/ti-clt-lpt01/home.nix index 502c1f6..c1556a4 100644 --- a/hosts/ti-clt-lpt01/home.nix +++ b/hosts/ti-clt-lpt01/home.nix @@ -18,7 +18,15 @@ applications.devenv.enable = true; applications.firefox.enable = true; applications.git.enable = true; - applications.helix.enable = true; + applications.helix = { + enable = true; + markdown = true; + rust = true; + systemverilog = true; + nix = true; + latex = true; + vue = true; + }; applications.zsh.enable = true; applications.ssh.enable = true; applications.thunderbird.enable = true; diff --git a/hosts/v-th-ctr-01/home.nix b/hosts/v-th-ctr-01/home.nix index f338943..1331e54 100644 --- a/hosts/v-th-ctr-01/home.nix +++ b/hosts/v-th-ctr-01/home.nix @@ -18,7 +18,7 @@ applications.devenv.enable = false; applications.firefox.enable = false; applications.git.enable = false; - applications.helix.enable = false; + applications.helix.enable = true; applications.zsh.enable = true; applications.ssh.enable = true; applications.thunderbird.enable = false; From 87b73dc10ebf2cb788205a7ac0e30559ff093730 Mon Sep 17 00:00:00 2001 From: Timo Boomers Date: Fri, 9 May 2025 13:02:38 +0200 Subject: [PATCH 6/7] Added podman aliases --- modules/home/services/podman.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/modules/home/services/podman.nix b/modules/home/services/podman.nix index c073d04..413d171 100644 --- a/modules/home/services/podman.nix +++ b/modules/home/services/podman.nix @@ -13,11 +13,30 @@ in { Enable podman configuration ''; }; + + settings.services.podman.systemctlAliases = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Enable podman systemctl aliases configuration + ''; + }; }; config = mkIf cfg.enable { services.podman = { enable = true; }; + + home.shellAliases = lib.mkIf cfg.systemctlAliases { + scu = "systemctl --user"; + scus = "systemctl --user start"; + scur = "systemctl --user restart"; + scust = "systemctl --user stop"; + scusts = "systemctl --user status"; + + jcu = "journalctl --user"; + jcur = "journalctl --user -xe"; + }; }; } From ad155e63cea5248802a6b19f5699c2e10524c759 Mon Sep 17 00:00:00 2001 From: Timo Boomers Date: Fri, 9 May 2025 13:06:33 +0200 Subject: [PATCH 7/7] Added more services --- hosts/v-th-ctr-01/home.nix | 2 + modules/home/containers/caddy.nix | 10 +++ modules/home/containers/homepage.nix | 108 +++++++++++++++++++-------- modules/home/containers/karakeep.nix | 82 ++++++++++++++++++++ modules/home/containers/vikunja.nix | 29 +++++++ modules/home/default.nix | 2 + secrets/deploy.yaml | 7 +- 7 files changed, 207 insertions(+), 33 deletions(-) create mode 100644 modules/home/containers/karakeep.nix create mode 100644 modules/home/containers/vikunja.nix diff --git a/hosts/v-th-ctr-01/home.nix b/hosts/v-th-ctr-01/home.nix index 1331e54..3106533 100644 --- a/hosts/v-th-ctr-01/home.nix +++ b/hosts/v-th-ctr-01/home.nix @@ -53,6 +53,8 @@ beszel.enable = true; storage.enable = true; homeassistant.enable = true; + karakeep.enable = true; + vikunja.enable = true; }; }; diff --git a/modules/home/containers/caddy.nix b/modules/home/containers/caddy.nix index 2b70a0b..262a760 100644 --- a/modules/home/containers/caddy.nix +++ b/modules/home/containers/caddy.nix @@ -108,6 +108,16 @@ in { handle @homeassistant { reverse_proxy homeassistant:8123 } + + @karakeep host karakeep.local.tbmrs.nl + handle @karakeep { + reverse_proxy karakeep:3000 + } + + @vikunja host vikunja.local.tbmrs.nl + handle @vikunja { + reverse_proxy vikunja:3456 + } } ''; }; diff --git a/modules/home/containers/homepage.nix b/modules/home/containers/homepage.nix index f80fe5a..199e86e 100644 --- a/modules/home/containers/homepage.nix +++ b/modules/home/containers/homepage.nix @@ -37,40 +37,19 @@ in { description = "server from Timo"; theme = "dark"; color = "slate"; + layout = { + Services = { + style = "row"; + columns = "4"; + }; + Infra = { + style = "row"; + columns = "4"; + }; + }; }; home.file."containers/homepage/config/services.yaml".source = (pkgs.formats.yaml { }).generate "services" [ - { - "Infra" = [ - { - "Kanidm" = { - href = "https://auth.tbmrs.nl"; - description = "Oauth2 and ldap provider"; - icon = "kanidm"; - server = "podman"; - container = "kanidm"; - }; - } - { - "Uptime Kuma" = { - href = "https://uptime.tbmrs.nl"; - description = "Uptime and status"; - icon = "uptime-kuma"; - server = "podman"; - container = "uptime-kuma"; - }; - } - { - "Beszel" = { - href = "https://monitor.local.tbmrs.nl"; - description = "Server monitoring"; - icon = "beszel"; - server = "podman"; - container = "beszel"; - }; - } - ]; - } { "Services" = [ { @@ -118,6 +97,73 @@ in { container = "paperless-ngx"; }; } + { + "Home Assistant" = { + href = "https://home-assistant.local.tbmrs.nl"; + description = "Home automation"; + icon = "home-assistant"; + server = "podman"; + container = "homeassistant"; + }; + } + { + "Syncthing" = { + href = "https://syncthing.local.tbmrs.nl"; + description = "File syncronisation"; + icon = "syncthing"; + server = "podman"; + container = "syncthing"; + }; + } + { + "Dufs" = { + href = "https://files.tbmrs.nl"; + description = "File management"; + icon = "dufs"; + server = "podman"; + container = "dufs"; + }; + } + { + "Karakeep" = { + href = "https://karakeep.local.tbmrs.nl"; + description = "Data hoarder"; + icon = "karakeep"; + server = "podman"; + container = "karakeep"; + }; + } + ]; + } + { + "Infra" = [ + { + "Kanidm" = { + href = "https://auth.tbmrs.nl"; + description = "Oauth2 and ldap provider"; + icon = "kanidm"; + server = "podman"; + container = "kanidm"; + }; + } + { + "Uptime Kuma" = { + href = "https://uptime.tbmrs.nl"; + description = "Uptime and status"; + icon = "uptime-kuma"; + server = "podman"; + container = "uptime-kuma"; + }; + } + { + "Beszel" = { + href = "https://monitor.local.tbmrs.nl"; + description = "Server monitoring"; + icon = "beszel"; + server = "podman"; + container = "beszel"; + }; + } ]; } ]; diff --git a/modules/home/containers/karakeep.nix b/modules/home/containers/karakeep.nix new file mode 100644 index 0000000..9d66881 --- /dev/null +++ b/modules/home/containers/karakeep.nix @@ -0,0 +1,82 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.settings.containers.karakeep; +in { + options = { + settings.containers.karakeep.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable karakeep container + ''; + }; + }; + + config = mkIf cfg.enable { + services.podman.containers.karakeep = { + image = "ghcr.io/karakeep-app/karakeep:release"; + network = "proxy"; + volumes = [ + "%h/containers/karakeep/data:/data" + ]; + environment = { + MEILI_ADDR = "http://karakeep-meilisearch:7700"; + BROWSER_WEB_URL = "http://karakeep-chrome:9222"; + DATA_DIR = "/data"; + }; + environmentFile = [ + "${config.sops.templates."container-karakeep.env".path}" + ]; + extraConfig = { + Unit = { + After = [ + "podman-karakeep-chrome.service" + "podman-karakeep-meilisearch.service" + ]; + Requires = [ + "podman-karakeep-chrome.service" + "podman-karakeep-meilisearch.service" + ]; + }; + }; + }; + + services.podman.containers.karakeep-chrome = { + image = "gcr.io/zenika-hub/alpine-chrome:123"; + network = "proxy"; + exec = "--no-sandbox --disable-gpu --disable-dev-shm-usage --remote-debugging-address=0.0.0.0 --remote-debugging-port=9222 --hide-scrollbars"; + }; + + services.podman.containers.karakeep-meilisearch = { + image = "getmeili/meilisearch:v1.13.3"; + network = "proxy"; + environment = { + MEILI_NO_ANALYTICS = "true"; + }; + volumes = [ + "%h/containers/karakeep/meilisearch:/meili_data" + ]; + }; + + settings.services.sops.enable = true; + + sops.secrets = { + "containers/karakeep/nextauth-secret" = { }; + "containers/karakeep/meili-key" = { }; + }; + + sops.templates = { + "container-karakeep.env" = { + content = '' + KARAKEEP_VERSION=release + NEXTAUTH_SECRET=${config.sops.placeholder."containers/karakeep/nextauth-secret"} + MEILI_MASTER_KEY=${config.sops.placeholder."containers/karakeep/meili-key"} + NEXTAUTH_URL=https://karakeep.local.tbmrs.nl + ''; + }; + }; + }; +} diff --git a/modules/home/containers/vikunja.nix b/modules/home/containers/vikunja.nix new file mode 100644 index 0000000..ac17cbc --- /dev/null +++ b/modules/home/containers/vikunja.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.settings.containers.vikunja; +in { + options = { + settings.containers.vikunja.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable vikunja container + ''; + }; + }; + + config = mkIf cfg.enable { + services.podman.containers.vikunja = { + image = "vikunja/vikunja"; + network = "proxy"; + userNS = "keep-id"; + volumes = [ + "%h/containers/vikunja/files:/app/vikunja/files" + "%h/containers/vikunja/db:/db" + ]; + }; + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index 3d14754..b7a03b2 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -40,5 +40,7 @@ ./containers/beszel.nix ./containers/storage.nix ./containers/homeassistant.nix + ./containers/karakeep.nix + ./containers/vikunja.nix ]; } diff --git a/secrets/deploy.yaml b/secrets/deploy.yaml index fc70749..657c330 100644 --- a/secrets/deploy.yaml +++ b/secrets/deploy.yaml @@ -4,6 +4,9 @@ containers: oidc-secret: ENC[AES256_GCM,data:jO5fvIK/1XnFweqKvedPMED0xvsqErjDP+eT7wAwXFuREbS6KakwY7pUzi20wdI0,iv:SnnmXiZoawpZV83483esQ1TIaFTACiIUcA6hcoXsw0I=,tag:cC/ftyj8jlK1re/rX4IiEw==,type:str] beszel: key: ENC[AES256_GCM,data:rRtx8Jx/aHOqeRa9dlyc42/62UwwqhkiLDLnZCM65rpW5nL5cQG2dS81YOMVPrE7Sa/cHlE3bvxqETaxMmsJGYukjmZph8skpF0qukCDe4Q=,iv:OS/+jF4MtwPdijXPpG2pgpJQTYyer9bms97B+kO8XhI=,tag:va7jCSGrXp2YKBlYzLI39g==,type:str] + karakeep: + nextauth-secret: ENC[AES256_GCM,data:ck8O7bZOcpxOB6dQRDchPBaFinVtzBphOvT2oQcdTcnRj0PFCMF7mKcEbRFvk6hi,iv:98su3bR8jMLr1jF5XBiNePMZ7qz4pMDQ6B4i8rMxIQQ=,tag:cfqzRVf9NDhsb1cvG8Tq+w==,type:str] + meili-key: ENC[AES256_GCM,data:YrIlR+f94wcTlWqfYdqUWOZGp8QaPtLQeXi+ok54bXnuKvv1qjkuAbKuClyi4MS9,iv:OjAmWJWmGtIsSeIFWNlqT8hv8H8LLz+WQtvlvyu9Lx0=,tag:8jI5LBhMG3hhji7+dE6shg==,type:str] paperless-ngx: db-password: ENC[AES256_GCM,data:H21HVshmFuWJ5qNIrjm0VMGHEsT7cCvScgamU+CAaNZ6j5ux/r4xiF9zP7Qh40sKTOvyoWGTcHGPHE5ClpGuQA==,iv:tDIRfThBOfHr+gGRqywlHAk/x4MkhHRFsJEp5nnlGPA=,tag:XbYKD90l3u93Ur4VOqOn6w==,type:str] secret: ENC[AES256_GCM,data:+1hriBiSbt+zUjEkBTEM90PFNlxfNwRAmz8wHyeyOnq6ThI+PtlDu83sunBFL2FUYJX0N4h3R4FvJBUkrPr0NQ==,iv:zzhFaoLnskspp1S291KABLZITgcof63cjShnsZrlAmw=,tag:+aafTLgZVBWeclQLQvVlQg==,type:str] @@ -23,8 +26,8 @@ sops: bGpsMnpoQWlxbmlobVdVSjU2ZWp1dGMKql+6ZqtuixZ9TJgJMaTOFsB0gsLLvuqE ZQikUHunrP8d5n/TvzL4VyIF2Oqy+cjTnjX/9fcqsjB6w3oY4qDXkg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-30T13:11:24Z" - mac: ENC[AES256_GCM,data:JA1T9q0otjshJWyb8fingvD0CmYyTKdhvNMI3RVoZaMEAwBV4AwMCftG9zWMOgof4NcG4EhdOI7KG7qhctpo25K9j5IhaY8GA/p7BStBopuowTTUZecWHxXy4OFEtuW1PXBGrkgfkupV+RZfeisoa1gGFhQ2tW+fOqtoTFFCLHA=,iv:CM5zgvA2krzLHGiVeiSTVzcswwk9+QJmNCr+3hqw+To=,tag:H0x1UasoXNb38+Cq0CP0YA==,type:str] + lastmodified: "2025-05-06T15:45:07Z" + mac: ENC[AES256_GCM,data:1B0X0XIdI+fVeuusfyrcXR8HPhcWM5pjkJG7UoAgIBfGxROHzZm8KTvW/LGxZ9JKHBUjnt4YVr7ZECGTNFEyH/xo0N8aJ66BqT0TxfKHydWVA5odS0dCPXs/8yDNItGaVjJyNpdn0NpRHCCDCGHjo16XILSVoOxbs6BIQ5wVvEE=,iv:h5x99Svyod4iSBdmRDcy9VelYzEV9ArKQVeNuMmEMGQ=,tag:PTLqyRFa45NyR5mDKxBgmg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4