Removed homelab and updated config

2025-01-09 22:52:28 +01:00 · 2025-01-09 22:52:28 +01:00 · c0661b2522
commit c0661b2522
parent e09285d330
56 changed files with 15 additions and 7415 deletions
--- a/homelab/.gitignore
+++ b/homelab/.gitignore
@ -1,2 +0,0 @@
 secrets/
 .env
--- a/homelab/README.md
+++ b/homelab/README.md
@ -1,44 +0,0 @@
 # Configuration steps
 ## 1. Install [NixOS](https://nixos.org/)
 Follow the steps from the [NixOS Manual Installation](https://nixos.org/manual/nixos/stable/#sec-installation-manual)
 > At the edit configuration.nix step you must:
 >
 > - Add a user to the configuration file and set a password
 > - Enable openssh
 ## 2. Configuring flake
 1. Clone this repository
 2. Copy hardware configuration to host<br>
   `cp /etc/nixos/hardware-configuration.nix ~/nix/hosts/<host>/hardware-configuration.nix`
 3. Rebuild system
   `sudo nixos-rebuild switch --flake .#<host>`
 4. Rebuild home-manager
   `home-manager switch --flake .#<user>@<host>`
 5. Reboot
 ## 3. Configuring docker containers
 1. Create proxy network<br>
   `docker network create proxy`
 2. Configure [Adguard](./adguard/README.md)
 3. Configure [Caddy](./caddy/README.md)
 4. Configure [Authelia](./authelia/README.md)
 5. Configure the rest of the services
 # Services
 | Name    | Use            | Domain                        | Auth   |
 | ------- | -------------- | ----------------------------- | ------ |
 | Adguard | DNS            | https://adguard.timo.bmrs.nl/ | local  |
 | Caddy   | Reverse proxy  | -                             | -      |
 | Forgejo | Git            | https://git.timo.bmrs.nl/     | Openid |
 | Ldap    | User directory | https://ldap.timo.bmrs.nl/    | -      |
 # Services to try out
 - [Beszel](https://github.com/henrygd/beszel)
--- a/homelab/adguard/README.md
+++ b/homelab/adguard/README.md
@ -1,7 +0,0 @@
 # Adguard Home
 1. Temporaraly edit ports in docker-compose file to setup
 2. Configuration screen<br>
   1. Change listen interface to port 3000
 3. Add DNS rewrite for *.timo.bmrs.nl
 4. Delete temporaraly port edit in docker-compose
--- a/homelab/adguard/docker-compose.yml
+++ b/homelab/adguard/docker-compose.yml
@ -1,21 +0,0 @@
 services:
  adguardhome:
    image: adguard/adguardhome:latest
    container_name: adguardhome
    restart: unless-stopped
    ports:
      - 53:53/tcp
      - 53:53/udp
      # - 80:3000 # Only use during setup
    volumes:
      - work:/opt/adguardhome/work
      - conf:/opt/adguardhome/conf
 volumes:
  work:
  conf:
 networks:
  default:
    name: proxy
    external: true
--- a/homelab/authelia/.gitignore
+++ b/homelab/authelia/.gitignore
@ -1 +0,0 @@
 keys/
--- a/homelab/authelia/README.md
+++ b/homelab/authelia/README.md
@ -1,13 +0,0 @@
 # Authelia
 1. Edit environment variables.
   1. For HMAC_SECRET, JWT_SECRET, ADMIN_PASSWORD, SESSION_SECRET, STORAGE_ENCRYPTION_KEY, LLDAP_KEY_SEED use an random alphanumeric string of at least 64 characters
   2. For CLIENT_SECRET, CLIEND_ID: [Generate client identifier](https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-a-client-identifier-or-client-secret)
      1. Use single quotes for the client secret
 2. Generate PAM file using and save it to the /config/keys directory: [Generating keypair](https://www.authelia.com/reference/guides/generating-secure-values/#generating-an-rsa-keypair)
   1. Save the random password
 3. Configure LLDAP
   1. Create a user in LLDAP with the group: lldap_password_manager
   2. Create groups: forgejo
--- a/homelab/authelia/config/configuration.yml
+++ b/homelab/authelia/config/configuration.yml
--- a/homelab/authelia/docker-compose.yml
+++ b/homelab/authelia/docker-compose.yml
@ -1,44 +0,0 @@
 services:
  authelia:
    image: authelia/authelia:latest
    container_name: authelia
    restart: unless-stopped
    depends_on:
      - lldap
    volumes:
      - ./config/configuration.yml:/config/configuration.yml
      - ./config/keys:/keys
      - data_authelia:/config
    environment:
      X_AUTHELIA_CONFIG_FILTERS: template
      JWT_SECRET: ${AUTHELIA_JWT_SECRET}
      SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
      STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
      AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${LLDAP_ADMIN_PASSWORD}
      HMAC_SECRET: ${AUTHELIA_HMAC_SECRET}
      CLIENT_SECRET_FORGEJO: ${AUTHELIA_CLIENT_SECRET_FORGEJO}
      CLIENT_ID_FORGEJO: ${AUTHELIA_CLIENT_ID_FORGEJO}
      CLIENT_SECRET_PAPERLESS: ${AUTHELIA_CLIENT_SECRET_PAPERLESS}
      CLIENT_ID_PAPERLESS: ${AUTHELIA_CLIENT_ID_PAPERLESS}
  lldap:
    image: lldap/lldap:latest
    container_name: lldap
    restart: unless-stopped
    volumes:
      - data_lldap:/data
    environment:
      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
      LLDAP_KEY_SEED: ${LLDAP_KEY_SEED}
      LLDAP_LDAP_BASE_DN: dc=bmrs,dc=nl
      LLDAP_LDAP_USER_PASS: ${LLDAP_ADMIN_PASSWORD}
 volumes:
  data_lldap:
  data_authelia:
 networks:
  default:
    name: proxy
    external: true
--- a/homelab/caddy/Dockerfile
+++ b/homelab/caddy/Dockerfile
@ -1,8 +0,0 @@
 FROM caddy:2.8-builder AS builder
 RUN xcaddy build \
  --with github.com/caddy-dns/cloudflare
 FROM caddy:2.8
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy
--- a/homelab/caddy/README.md
+++ b/homelab/caddy/README.md
@ -1,4 +0,0 @@
 # Caddy reverse proxy
 1. Obtain cloudflare tokens: [Caddy Cloudflare](https://github.com/caddy-dns/cloudflare)
 2. Set environment variables
--- a/homelab/caddy/caddyfiles/Caddyfile
+++ b/homelab/caddy/caddyfiles/Caddyfile
@ -1,21 +0,0 @@
 localhost {
 	respond "Hello world!"
 }
 *.timo.bmrs.nl timo.bmrs.nl {
 	tls {
 		dns cloudflare {
 			zone_token {env.CF_ZONE_TOKEN}
 			api_token {env.CF_API_TOKEN}
 		}
 		resolvers 1.1.1.1
 	}
 	forward_auth authelia:9091 {
 		uri /api/authz/forward-auth
 		copy_headers Remote-User Remote-Groups Remote-Email Remote-Name		
 	}
 	import routes/*
 }
--- a/homelab/caddy/caddyfiles/routes/adguard
+++ b/homelab/caddy/caddyfiles/routes/adguard
@ -1,4 +0,0 @@
@adguard host adguard.timo.bmrs.nl
 handle @adguard {
 	reverse_proxy adguardhome:3000
 }
--- a/homelab/caddy/caddyfiles/routes/authelia
+++ b/homelab/caddy/caddyfiles/routes/authelia
@ -1,9 +0,0 @@
@ldap host ldap.timo.bmrs.nl
 handle @ldap {
 	reverse_proxy lldap:17170
 }
@authelia host auth.timo.bmrs.nl
 handle @authelia {
 	reverse_proxy authelia:9091
 }
--- a/homelab/caddy/caddyfiles/routes/dozzle
+++ b/homelab/caddy/caddyfiles/routes/dozzle
@ -1,9 +0,0 @@
@dozzle host dozzle.timo.bmrs.nl
 handle @dozzle {
 	forward_auth authelia:9091 {
 		uri /api/authz/forward-auth
 		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
 	}
 	reverse_proxy dozzle:8080
 }
--- a/homelab/caddy/caddyfiles/routes/forgejo
+++ b/homelab/caddy/caddyfiles/routes/forgejo
@ -1,4 +0,0 @@
@forgejo host git.timo.bmrs.nl
 handle @forgejo {
 	reverse_proxy forgejo:3000
 }
--- a/homelab/caddy/caddyfiles/routes/homeassistant
+++ b/homelab/caddy/caddyfiles/routes/homeassistant
@ -1,4 +0,0 @@
@homeassistant host homeassistant.timo.bmrs.nl
 handle @homeassistant {
 	reverse_proxy homeassistant:8123
 }
--- a/homelab/caddy/caddyfiles/routes/homepage
+++ b/homelab/caddy/caddyfiles/routes/homepage
@ -1,4 +0,0 @@
@homepage host home.timo.bmrs.nl
 handle @homepage {
 	reverse_proxy homepage:3000
 }
--- a/homelab/caddy/caddyfiles/routes/immich
+++ b/homelab/caddy/caddyfiles/routes/immich
@ -1,4 +0,0 @@
@immich host immich.timo.bmrs.nl
 handle @immich {
 	reverse_proxy immich:2283
 }
--- a/homelab/caddy/caddyfiles/routes/nextcloud
+++ b/homelab/caddy/caddyfiles/routes/nextcloud
@ -1,12 +0,0 @@
@nextcloud host cloud.timo.bmrs.nl
 handle @nextcloud {
 	redir /.well-known/carddav /remote.php/dav/ 301
    redir /.well-known/caldav /remote.php/dav/ 301
 	reverse_proxy nextcloud:80
 }
@office host office.timo.bmrs.nl
 handle @office {
 	reverse_proxy nextcloud-office:9980
 }
--- a/homelab/caddy/caddyfiles/routes/paperless-ngx
+++ b/homelab/caddy/caddyfiles/routes/paperless-ngx
@ -1,4 +0,0 @@
@paperless-ngx host paperless.timo.bmrs.nl
 handle @paperless-ngx {
 	reverse_proxy paperless-ngx:8000
 }
--- a/homelab/caddy/caddyfiles/routes/searxng
+++ b/homelab/caddy/caddyfiles/routes/searxng
@ -1,4 +0,0 @@
@searxng host search.timo.bmrs.nl
 handle @searxng {
 	reverse_proxy searxng:8080
 }
--- a/homelab/caddy/caddyfiles/routes/uptime-kuma
+++ b/homelab/caddy/caddyfiles/routes/uptime-kuma
@ -1,4 +0,0 @@
@uptime-kuma host uptime.timo.bmrs.nl
 handle @uptime-kuma {
 	reverse_proxy uptime-kuma:3001
 }
--- a/homelab/caddy/caddyfiles/routes/vaultwarden
+++ b/homelab/caddy/caddyfiles/routes/vaultwarden
@ -1,4 +0,0 @@
@vaultwarden host bitwarden.timo.bmrs.nl
 handle @vaultwarden {
 	reverse_proxy vaultwarden:80
 }
--- a/homelab/caddy/docker-compose.yml
+++ b/homelab/caddy/docker-compose.yml
@ -1,33 +0,0 @@
 services:
  caddy:
    build: .
    container_name: caddy
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
    volumes:
      - data:/data
      - config:/config
      - ./caddyfiles:/etc/caddy/
    environment:
      CF_ZONE_TOKEN: ${CF_ZONE_TOKEN}
      CF_API_TOKEN: ${CF_API_TOKEN}
    networks:
      proxy:
        aliases:
          - auth.timo.bmrs.nl
          - cloud.timo.bmrs.nl
          - office.timo.bmrs.nl
 volumes:
  data:
  config:
 networks:
  proxy:
    name: proxy
    external: true
--- a/homelab/dozzle/docker-compose.yml
+++ b/homelab/dozzle/docker-compose.yml
@ -1,15 +0,0 @@
 services:
  dozzle:
    image: amir20/dozzle:latest
    container_name: dozzle
    restart: unless-stopped
    volumes:
      - /run/user/1000/docker.sock:/var/run/docker.sock:ro
    environment:
      DOZZLE_ENABLE_ACTIONS: true
      DOZZLE_AUTH_PROVIDER: forward-proxy
 networks:
  default:
    external: true
    name: proxy
--- a/homelab/forgejo/config/app.ini
+++ b/homelab/forgejo/config/app.ini
--- a/homelab/forgejo/docker-compose.yml
+++ b/homelab/forgejo/docker-compose.yml
@ -1,40 +0,0 @@
 services:
  forgejo:
    image: codeberg.org/forgejo/forgejo:9
    container_name: forgejo
    restart: unless-stopped
    depends_on:
      - db
    ports:
      - 222:22
    volumes:
      - data:/data
      - ./config/app.ini:/etc/forgejo/app.ini
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro 
    environment:
      FORGEJO__database__DB_TYPE: postgres
      FORGEJO__database__HOST: "forgejo-db"
      FORGEJO__database__NAME: forgejo
      FORGEJO__database__USER: forgejo
      FORGEJO__database__PASSWD: ${DB_PASSWORD}
  db:
    image: postgres:14
    container_name: forgejo-db
    restart: unless-stopped
    volumes:
      - data_db:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: forgejo
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGES_DB: forgejo
 volumes:
  data:
  data_db:
 networks:
  default:
    name: proxy
    external: true
--- a/homelab/homeassistant/config/configuration.yaml
+++ b/homelab/homeassistant/config/configuration.yaml
@ -1,15 +0,0 @@
 # Loads default set of integrations. Do not remove.
 default_config:
 # Load frontend themes from the themes folder
 frontend:
  themes: !include_dir_merge_named themes
 automation: !include automations.yaml
 script: !include scripts.yaml
 scene: !include scenes.yaml
 http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.18.0.0/24
--- a/homelab/homeassistant/docker-compose.yml
+++ b/homelab/homeassistant/docker-compose.yml
@ -1,17 +0,0 @@
 services:
  homeassistant:
    image: ghcr.io/home-assistant/home-assistant:stable
    container_name: homeassistant
    restart: unless-stopped
    volumes:
      - config:/config
      - ./config/configuration.yaml:/config/configuration.yaml
      - /etc/localtime:/etc/localtime:ro
 volumes:
  config:
 networks:
  default:
    name: proxy
    external: true
--- a/homelab/homepage/config/.gitignore
+++ b/homelab/homepage/config/.gitignore
@ -1 +0,0 @@
 logs/
--- a/homelab/homepage/config/bookmarks.yaml
+++ b/homelab/homepage/config/bookmarks.yaml
@ -1,3 +0,0 @@
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/configs/bookmarks
--- a/homelab/homepage/config/custom.css
+++ b/homelab/homepage/config/custom.css
--- a/homelab/homepage/config/custom.js
+++ b/homelab/homepage/config/custom.js
--- a/homelab/homepage/config/docker.yaml
+++ b/homelab/homepage/config/docker.yaml
@ -1,10 +0,0 @@
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/configs/docker/
 # my-docker:
 #   host: 127.0.0.1
 #   port: 2375
 docker:
  socket: /var/run/docker.sock
--- a/homelab/homepage/config/kubernetes.yaml
+++ b/homelab/homepage/config/kubernetes.yaml
@ -1,2 +0,0 @@
 ---
 # sample kubernetes config
--- a/homelab/homepage/config/services.yaml
+++ b/homelab/homepage/config/services.yaml
@ -1,56 +0,0 @@
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/configs/services
 - Primary Services:
    - Adguard:
        href: https://adguard.timo.bmrs.nl/
        description: DNS
        icon: adguard-home
        server: docker
        container: adguardhome
        widget:
            type: adguard
            url: http://adguardhome:3000
            username: xeovalyte
            password: {{HOMEPAGE_VAR_ADGUARD_PASSWORD}}
    - Forgejo:
        href: https://git.timo.bmrs.nl/
        description: Git
        icon: forgejo
        server: docker
        container: forgejo
    - Uptime Kuma:
        href: https://uptime.timo.bmrs.nl/
        description: Uptime monitoring
        icon: uptime-kuma
        server: docker
        container: uptime-kuma
    - Vaultwarden:
        href: https://bitwarden.timo.bmrs.nl/
        description: Password manager
        icon: bitwarden
        server: docker
        container: vaultwarden
 - Backend Services:
    - Authelia:
        description: SSO
        icon: authelia
        server: docker
        container: authelia
    - Caddy:
        description: Reverse proxy
        icon: caddy
        server: docker
        container: caddy
    - LLDAP:
        description: Active directory
        href: https://ldap.timo.bmrs.nl/
        server: docker
        container: lldap
--- a/homelab/homepage/config/settings.yaml
+++ b/homelab/homepage/config/settings.yaml
@ -1,21 +0,0 @@
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/configs/settings
 providers:
  openweathermap: openweathermapapikey
  weatherapi: weatherapiapikey
 title: Xeovalyte's Dashboard
 color: slate
 headerStyle: boxedWidgets
 layout:
  Primary Services:
    style: row
    columns: 3
  Backend Services:
    style: row
    columns: 4
--- a/homelab/homepage/config/widgets.yaml
+++ b/homelab/homepage/config/widgets.yaml
@ -1,12 +0,0 @@
 ---
 # For configuration options and examples, please see:
 # https://gethomepage.dev/configs/service-widgets
 - resources:
    cpu: true
    memory: true
    disk: /
 - search:
    provider: duckduckgo
    target: _blank
--- a/homelab/homepage/docker-compose.yml
+++ b/homelab/homepage/docker-compose.yml
@ -1,19 +0,0 @@
 services:
  homepage:
    image: ghcr.io/gethomepage/homepage:latest
    container_name: homepage
    restart: unless-stopped
    volumes:
      - ./config:/app/config
      - logs:/app/config/logs
      - /run/user/1000/docker.sock:/var/run/docker.sock
    environment:
      HOMEPAGE_VAR_ADGUARD_PASSWORD: $ADGUARD_PASSWORD
 volumes:
  logs:
 networks:
  default:
    name: proxy
    external: true
--- a/homelab/immich/docker-compose.yml
+++ b/homelab/immich/docker-compose.yml
@ -1,78 +0,0 @@
 services:
  immich:
    image: ghcr.io/immich-app/immich-server:release
    container_name: immich
    restart: unless-stopped
    volumes:
      - data:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    environment:
      DB_HOSTNAME: "immich-db"
    env_file:
      - .env
    depends_on:
      - redis
      - db
  immich-machine-learning:
    image: ghcr.io/immich-app/immich-machine-learning:release
    container_name: immich-machine-learning
    restart: unless-stopped
    volumes:
      - cache:/cache
    env_file:
      - .env
  redis:
    image: docker.io/redis:6.2-alpine@sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5
    container_name: immich-redis
    restart: unless-stopped
    healthcheck:
      test: redis-cli ping || exit 1
    volumes:
      - data_redis:/data
  db:
    image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    container_name: immich-db
    restart: unless-stopped
    volumes:
      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
      - data_db:/var/lib/postgresql/data
    healthcheck:
      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    command:
      [
        'postgres',
        '-c',
        'shared_preload_libraries=vectors.so',
        '-c',
        'search_path="$$user", public, vectors',
        '-c',
        'logging_collector=on',
        '-c',
        'max_wal_size=2GB',
        '-c',
        'shared_buffers=512MB',
        '-c',
        'wal_compression=on',
      ]
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_INITDB_ARGS: '--data-checksums'
 volumes:
  data:
  data_db:
  data_redis:
  cache:
 networks:
  default:
    name: proxy
    external: true
--- a/homelab/nextcloud/README.md
+++ b/homelab/nextcloud/README.md
@ -1,4 +0,0 @@
 # Nextcloud
 1. Configure environment variables
 2. Update office configuration
--- a/homelab/nextcloud/docker-compose.yml
+++ b/homelab/nextcloud/docker-compose.yml
@ -1,54 +0,0 @@
 services:
  nextcloud:
    image: nextcloud:apache
    container_name: nextcloud
    restart: unless-stopped
    volumes:
      - data:/var/www/html
    environment:
      POSTGRES_HOST: nextcloud-db
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
      REDIS_HOST: nextcloud-redis
      TRUSTED_PROXIES: "172.23.0.0/24"
    depends_on:
      - db
      - redis
  db:
    image: postgres:16
    container_name: nextcloud-db
    restart: unless-stopped
    volumes:
      - data_db:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: nextcloud
      POSTGRES_USER: nextcloud
  redis:
    image: redis:alpine
    container_name: nextcloud-redis
    restart: unless-stopped
    volumes:
      - data_redis:/data
  office:
    image: collabora/code
    container_name: nextcloud-office
    restart: unless-stopped
    environment:
      DOMAIN: "cloud.timo.bmrs.nl"
      extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
 volumes:
  data:
  data_db:
  data_redis:
 networks:
  default:
    name: proxy
    external: true
--- a/homelab/paperless-ngx/README.md
+++ b/homelab/paperless-ngx/README.md
@ -1,3 +0,0 @@
 # Paperless NGX
 - Create super user: `docker compose exec paperless-ngx python3 manage.py createsuperuser`
 - Follow [Paperless wiki](https://www.authelia.com/integration/openid-connect/paperless/) for configuring oauth
--- a/homelab/paperless-ngx/docker-compose.yml
+++ b/homelab/paperless-ngx/docker-compose.yml
@ -1,50 +0,0 @@
 services:
  paperless-ngx:
    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    container_name: paperless-ngx
    restart: unless-stopped
    depends_on:
      - broker
      - db
    volumes:
      - data:/usr/src/paperless/data
      - media:/usr/src/paperless/media
    environment:
      PAPERLESS_REDIS: redis://paperless-ngx-broker:6379
      PAPERLESS_DBHOST: paperless-ngx-db
      PAPERLESS_DBPASS: ${POSTGRES_PASSWORD}
      PAPERLESS_URL: https://paperless.timo.bmrs.nl
      PAPERLESS_DISABLE_REGULAR_LOGIN: true
      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
      PAPERLESS_SOCIALACCOUNT_PROVIDERS: ${PAPERLESS_SOCIALACCOUNT_PROVIDERS}
  broker:
    image: docker.io/library/redis:7
    container_name: paperless-ngx-broker
    restart: unless-stopped
    volumes:
      - data_redis:/data
  db:
    image: docker.io/library/postgres:16
    container_name: paperless-ngx-db
    restart: unless-stopped
    volumes:
      - data_db:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: paperless
      POSTGRES_USER: paperless
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
 volumes:
  data:
  data_db:
  data_redis:
  media:
 networks:
  default:
    name: proxy
    external: true
--- a/homelab/searxng/config/settings.yml
+++ b/homelab/searxng/config/settings.yml
--- a/homelab/searxng/config/uwsgi.ini
+++ b/homelab/searxng/config/uwsgi.ini
@ -1,54 +0,0 @@
 [uwsgi]
 # Who will run the code
 uid = searxng
 gid = searxng
 # Number of workers (usually CPU count)
 # default value: %k (= number of CPU core, see Dockerfile)
 workers = %k
 # Number of threads per worker
 # default value: 4 (see Dockerfile)
 threads = 4
 # The right granted on the created socket
 chmod-socket = 666
 # Plugin to use and interpreter config
 single-interpreter = true
 master = true
 plugin = python3
 lazy-apps = true
 enable-threads = 4
 # Module to import
 module = searx.webapp
 # Virtualenv and python path
 pythonpath = /usr/local/searxng/
 chdir = /usr/local/searxng/searx/
 # automatically set processes name to something meaningful
 auto-procname = true
 # Disable request logging for privacy
 disable-logging = true
 log-5xx = true
 # Set the max size of a request (request-body excluded)
 buffer-size = 8192
 # No keep alive
 # See https://github.com/searx/searx-docker/issues/24
 add-header = Connection: close
 # Follow SIGTERM convention
 # See https://github.com/searxng/searxng/issues/3427
 die-on-term
 # uwsgi serves the static files
 static-map = /static=/usr/local/searxng/searx/static
 # expires set to one day
 static-expires = /* 86400
 static-gzip-all = True
 offload-threads = 4
--- a/homelab/searxng/docker-compose.yml
+++ b/homelab/searxng/docker-compose.yml
@ -1,15 +0,0 @@
 services:
  searxng:
    image: searxng/searxng
    container_name: searxng
    restart: unless-stopped
    volumes:
      - ./config:/etc/searxng
    environment:
      BASE_URL: "https://search.timo.bmrs.nl/"
      SEARXNG_SECRET: "PO8rO5ZW7K67sroemisMS8wpiq5pXEHecvXzGs4CdAgTQIQvAI09m65vFKGVVkZW"
 networks:
  default:
    external: true
    name: proxy
--- a/homelab/uptime-kuma/docker-compose.yml
+++ b/homelab/uptime-kuma/docker-compose.yml
@ -1,15 +0,0 @@
 services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    container_name: uptime-kuma
    restart: unless-stopped
    volumes:
      - data:/app/data
 volumes:
  data:
 networks:
  default:
    name: proxy
    external: true
--- a/homelab/vaultwarden/docker-compose.yml
+++ b/homelab/vaultwarden/docker-compose.yml
@ -1,17 +0,0 @@
 services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: unless-stopped
    volumes:
      - data:/data
    environment:
      SIGNUPS_ALLOWED: "true"
 volumes:
  data:
 networks:
  default:
    name: proxy
    external: true
--- a/hosts/ch-clt-dsk01/home.nix
+++ b/hosts/ch-clt-dsk01/home.nix
@ -30,7 +30,6 @@
      services.nextcloud-sync.enable = false;
      theming.fonts.enable = true;
      theming.nix-colors.enable = false;
      theming.stylix.enable = true;
      theming.stylix.wallpaper = "kiiwy.png";
      theming.stylix.theme = "theme";
--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@ -30,7 +30,6 @@
      services.nextcloud-sync.enable = true;
      theming.fonts.enable = true;
      theming.nix-colors.enable = false;
      theming.stylix.enable = true;
      theming.stylix.wallpaper = "wallpaper-2.png";
      theming.stylix.theme = "da-one-ocean";
--- a/hosts/laptop/home.nix
+++ b/hosts/laptop/home.nix
@ -12,8 +12,6 @@
      homeDirectory = "/home/xeovalyte";
    };
    host = "xv-laptop";
    settings = {
      hostname = "xv-laptop";
@ -32,8 +30,9 @@
      services.nextcloud-sync.enable = true;
      theming.fonts.enable = true;
      theming.nix-colors.enable = false;
      theming.stylix.enable = true;
      theming.stylix.wallpaper = "wallpaper-2.png";
      theming.stylix.theme = "da-one-ocean";
      desktop-environments.hyprland.enable = false;
    };
--- a/hosts/surface/home.nix
+++ b/hosts/surface/home.nix
@ -6,32 +6,15 @@
    ../../modules/home/default.nix
  ];
  options = {
    host = lib.mkOption {
      type = with lib.types; str;
      description = ''
        Define the host of the machine
      '';
    };
    headless = lib.mkOption {
      type = with lib.types; bool;
      description = ''
        Is this machine headless?
      '';
    };
  };
  config = {
    home = {
      username = "xeovalyte";
      homeDirectory = "/home/xeovalyte";
    };
    host = "xv-surface";
    headless = false;
    settings = {
      hostname = "xv-surface";
      applications.common.enable = true;
      applications.alacritty.enable = false;
      applications.devenv.enable = false;
@ -47,8 +30,9 @@
      services.nextcloud-sync.enable = true;
      theming.fonts.enable = true;
      theming.nix-colors.enable = false;
      theming.stylix.enable = true;
      theming.stylix.wallpaper = "wallpaper-2.png";
      theming.stylix.theme = "da-one-ocean";
      desktop-environments.hyprland.enable = false;
    };
@ -67,4 +51,12 @@
    home.stateVersion = "24.05";
  };
  options = {
    settings.hostname = lib.mkOption {
      type = with lib.types; str;
      description = ''
        Define the host of the machine
      '';
    };
  };
 }
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@ -17,7 +17,6 @@
    ./services/nextcloud.nix
    ./theming/fonts.nix
    ./theming/nix-colors.nix
    ./theming/stylix.nix
    ./desktop-environments/hyprland/default.nix
--- a/modules/home/theming/nix-colors.nix
+++ b/modules/home/theming/nix-colors.nix
@ -1,55 +0,0 @@
 { config, nix-colors, pkgs, lib, ... }:
 with lib;
 let
  cfg = config.settings.theming.nix-colors;
  inherit
  (nix-colors.lib-contrib { inherit pkgs; })
  gtkThemeFromScheme;
 in {
  options = {
    settings.theming.nix-colors.enable = lib.mkOption {
      type = lib.types.bool;
      description = ''
        Enable nix colors configuration
      '';
    };
  };
  imports = [
    nix-colors.homeManagerModules.default
  ];
  config = mkIf cfg.enable {
    colorScheme = nix-colors.colorSchemes.da-one-sea;
    gtk = lib.mkIf (config.headless == false) {
      enable = true;
      theme = {
        name = "${config.colorScheme.slug}";
        package = gtkThemeFromScheme { scheme = config.colorScheme; };
      };
      iconTheme = {
        package = pkgs.qogir-icon-theme;
        name = "Qogir-dark";
      };
    };
    qt = lib.mkIf (config.headless == false) {
      enable = true;
      platformTheme.name = "gtk";
      style = {
        name = "gtk2";
        package = pkgs.qt6Packages.qt6gtk2;
      };
    };
    home.pointerCursor = lib.mkIf (config.headless == false) {
      package = pkgs.phinger-cursors;
      name = "phinger-cursors-dark";
      size = 24;
      gtk.enable = true;
    };
  };
 }
--- a/modules/home/theming/stylix.nix
+++ b/modules/home/theming/stylix.nix
@ -21,7 +21,7 @@ in {
    };
    settings.theming.stylix.theme = lib.mkOption {
-      type = lib.types.string;
+      type = lib.types.str;
      description = ''
        Choose theme name. Use "theme" to use them based on wallpaper generation
      '';