From b5f1220ea906e484a71c93ca8c5de9e30f9bdc13 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 4 Aug 2025 21:39:05 +0100 Subject: [PATCH 1/8] alpine: loki fixes --- nixos/services/authentik.nix | 2 +- nixos/services/grafana.nix | 2 +- nixos/services/loki.nix | 116 +++++++++++++++++------------------ nixos/services/nfs.nix | 13 ++++ 4 files changed, 71 insertions(+), 62 deletions(-) create mode 100644 nixos/services/nfs.nix diff --git a/nixos/services/authentik.nix b/nixos/services/authentik.nix index 9496e99..3f95bab 100644 --- a/nixos/services/authentik.nix +++ b/nixos/services/authentik.nix @@ -10,7 +10,7 @@ }; authentik-config = { autoStart = true; - image = "ghcr.io/goauthentik/server:2025.6.0"; + image = "ghcr.io/goauthentik/server:2025.6.3"; volumes = ["/home/tristan/pods/authentik/media:/media"]; environment = { AUTHENTIK_POSTGRESQL__USER = postgres.user; diff --git a/nixos/services/grafana.nix b/nixos/services/grafana.nix index 9bfb549..c6790ba 100644 --- a/nixos/services/grafana.nix +++ b/nixos/services/grafana.nix @@ -48,7 +48,7 @@ in { { name = "synapse"; url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/grafana/synapse.json"; - sha256 = "sha256:07qlr0waw9phmyd38bv22bn5v303w3397b89l44l3lzwhpnhs16s"; + sha256 = "sha256:16fl81sx1by0wldw4vda0zr1pvbq1dpih1fikzwlvmk63mpc80kb"; } ]; }]; diff --git a/nixos/services/loki.nix b/nixos/services/loki.nix index d114318..a5bf354 100644 --- a/nixos/services/loki.nix +++ b/nixos/services/loki.nix @@ -21,78 +21,74 @@ in { storage_config."filesystem".directory = "/tmp/loki/chunks"; common = { ring = { - instance_addr = "127.0.0.1"; kvstore.store = "inmemory"; }; replication_factor = 1; path_prefix = "/tmp/loki"; }; + # https://grafana.com/docs/loki/latest/configure/#limits_config limits_config = { ingestion_rate_strategy = "local"; - ingestion_rate_mb = 24; - ingestion_burst_size_mb = 36; + ingestion_rate_mb = 128; + ingestion_burst_size_mb = 256; + max_streams_per_user = 0; + max_global_streams_per_user = 0; }; }; }; - services.prometheus.scrapeConfigs = [{ - job_name = "loki"; - static_configs = [ - { - targets = ["localhost:3100"]; - } - ]; - }]; - services.promtail = { - enable = true; - # https://grafana.com/docs/loki/latest/send-data/promtail/configuration/ - configuration = { - server = { - http_listen_port = 9080; - grpc_listen_port = 0; - }; - clients = [ - {url = "http://localhost:3100/loki/api/v1/push";} - ]; - scrape_configs = [ + services.prometheus.scrapeConfigs = [ + { + job_name = "loki"; + static_configs = [ { - job_name = "system"; - journal = { - path = "/var/log/journal/"; - }; - relabel_configs = [ - { - source_labels = ["__journal_message"]; - target_label = "message"; - regex = "(.+)"; - } - { - source_labels = ["__journal__systemd_unit"]; - target_label = "systemd_unit"; - regex = "(.+)"; - } - { - source_labels = ["__journal__systemd_user_unit"]; - target_label = "systemd_user_unit"; - regex = "(.+)"; - } - { - source_labels = ["__journal__transport"]; - target_label = "transport"; - regex = "(.+)"; - } - { - source_labels = ["__journal__priority_keyword"]; - target_label = "severity"; - regex = "(.+)"; - } - ]; + targets = ["localhost:3100"]; } ]; - }; + } + ]; + services.alloy = { + enable = true; }; - services.grafana.provision.datasources.settings.datasources = [{ - name = "Loki"; - type = "loki"; - url = "http://localhost:${toString loki.configuration.server.http_listen_port}"; - }]; + environment.etc."alloy/config.alloy" = { + text = '' + discovery.relabel "system" { + targets = [] + + rule { + source_labels = ["__journal__systemd_unit", "__journal__systemd_user_unit"] + regex = "(.+)" + target_label = "systemd_unit" + } + + rule { + source_labels = ["__journal__priority_keyword"] + regex = "(.+)" + target_label = "severity" + } + } + + loki.source.journal "system" { + max_age = "1h0m0s" + path = "/var/log/journal/" + relabel_rules = discovery.relabel.system.rules + forward_to = [loki.write.default.receiver] + labels = {} + } + + loki.write "default" { + endpoint { + url = "http://localhost:3100/loki/api/v1/push" + } + max_streams = 24 + } + + ''; + }; + services.grafana.provision.datasources.settings.datasources = [ + { + name = "Loki"; + type = "loki"; + url = "http://localhost:${toString loki.configuration.server.http_listen_port}"; + } + ]; } diff --git a/nixos/services/nfs.nix b/nixos/services/nfs.nix new file mode 100644 index 0000000..aa645de --- /dev/null +++ b/nixos/services/nfs.nix @@ -0,0 +1,13 @@ +{config, ...}: { + services.nfs = { + settings = { + mountd.manage-gids = true; + }; + server = { + enable = true; + exports = '' + /mnt/storage/media 100.106.241.122/8(rw,fsid=root) + ''; + }; + }; +} From 19811d68546a3089daf665351af3fc7e24abac60 Mon Sep 17 00:00:00 2001 From: Tristan Date: Tue, 5 Aug 2025 14:37:57 +0100 Subject: [PATCH 2/8] alpine: add samba for public jellyfin library --- flake.nix | 2 ++ nixos/services/fail2ban.nix | 5 ++++ nixos/services/loki.nix | 5 +++- nixos/services/samba.nix | 52 +++++++++++++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 nixos/services/fail2ban.nix create mode 100644 nixos/services/samba.nix diff --git a/flake.nix b/flake.nix index 67b55a2..e93b95e 100644 --- a/flake.nix +++ b/flake.nix @@ -84,6 +84,7 @@ alpine = mkConf { nixos-modules = [ ./hardware/alpine.nix + ./nixos/services/fail2ban.nix ./nixos/services/anki.nix ./nixos/services/forgejo.nix ./nixos/services/vaultwarden.nix @@ -99,6 +100,7 @@ ./nixos/services/authentik.nix ./nixos/services/monero.nix ./nixos/services/arr.nix + ./nixos/services/samba.nix ]; }; diff --git a/nixos/services/fail2ban.nix b/nixos/services/fail2ban.nix new file mode 100644 index 0000000..8b05b75 --- /dev/null +++ b/nixos/services/fail2ban.nix @@ -0,0 +1,5 @@ +{...}: { + services.fail2ban = { + enable = true; + }; +} diff --git a/nixos/services/loki.nix b/nixos/services/loki.nix index a5bf354..67afff0 100644 --- a/nixos/services/loki.nix +++ b/nixos/services/loki.nix @@ -48,6 +48,9 @@ in { ]; services.alloy = { enable = true; + extraFlags = [ + "--server.http.listen-addr=100.106.241.122:12345" + ]; }; environment.etc."alloy/config.alloy" = { text = '' @@ -79,7 +82,7 @@ in { endpoint { url = "http://localhost:3100/loki/api/v1/push" } - max_streams = 24 + max_streams = 64 } ''; diff --git a/nixos/services/samba.nix b/nixos/services/samba.nix new file mode 100644 index 0000000..e1e0fb8 --- /dev/null +++ b/nixos/services/samba.nix @@ -0,0 +1,52 @@ +{...}: { + users.users.guest = { + extraGroups = ["media"]; + isNormalUser = true; + }; + services.samba = { + enable = true; + openFirewall = true; + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "Tristan's Media Server"; + "netbios name" = "alpine"; + "security" = "user"; + #"use sendfile" = "yes"; + #"max protocol" = "smb2"; + # note: localhost is the ipv6 localhostĀ ::1 + "hosts allow" = "192.168.1. 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "guest"; + "map to guest" = "bad user"; + }; + "Music" = { + "path" = "/mnt/storage/media/Public/"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "guest only" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.avahi = { + publish.enable = true; + publish.userServices = true; + # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile` + nssmdns4 = true; + # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it + enable = true; + openFirewall = true; + }; + + networking.firewall.enable = true; + networking.firewall.allowPing = true; +} From 4500bace9c25b0d6d8bfb63f5f69cfd5599e3847 Mon Sep 17 00:00:00 2001 From: tristan Date: Sat, 9 Aug 2025 16:07:34 +0100 Subject: [PATCH 3/8] zenix: niri display settings --- home/desktop/niri/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/home/desktop/niri/default.nix b/home/desktop/niri/default.nix index 8dca46d..9fd5805 100644 --- a/home/desktop/niri/default.nix +++ b/home/desktop/niri/default.nix @@ -56,6 +56,24 @@ NIXOS_OZONE_WL = "1"; DISPLAY = ":1"; }; + outputs."DP-3" = { + mode = { + width = 1920; + height = 1080; + refresh = 143.855; + }; + variable-refresh-rate = true; + scale = 1.0; + }; + outputs."HDMI-A-1" = { + mode = { + width = 3840; + height = 2160; + refresh = 120.0; + }; + variable-refresh-rate = true; + scale = 2.5; + }; binds = with config.lib.niri.actions; { "Mod+Return".action.spawn = [(lib.getExe config.programs.terminal)]; "Mod+O".action.spawn = [(lib.getExe pkgs.cosmic-files)]; From 5980c2ef82d3e341ac470f63b78d50d3cd523297 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 9 Aug 2025 16:11:32 +0100 Subject: [PATCH 4/8] alpine: remove samba --- flake.nix | 1 - nixos/services/synapse/default.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e93b95e..1c1bbae 100644 --- a/flake.nix +++ b/flake.nix @@ -100,7 +100,6 @@ ./nixos/services/authentik.nix ./nixos/services/monero.nix ./nixos/services/arr.nix - ./nixos/services/samba.nix ]; }; diff --git a/nixos/services/synapse/default.nix b/nixos/services/synapse/default.nix index c09c4ed..229063e 100644 --- a/nixos/services/synapse/default.nix +++ b/nixos/services/synapse/default.nix @@ -63,6 +63,7 @@ in { services.matrix-synapse = { enable = true; extraConfigFiles = [templates."synapse/secrets.yaml".path]; + # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html settings = { signing_key_path = secrets."synapse/signing_key".path; server_name = domain; From aedd86fee7d00d755fd0ae9815215a4ec529a68d Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 9 Aug 2025 16:15:10 +0100 Subject: [PATCH 5/8] zenix: update --- flake.lock | 78 ++++++++++++++++++------------------- home/default.nix | 1 - home/programs/graphical.nix | 14 +++---- home/programs/work.nix | 3 ++ pkgs/mpv-skipsilence.nix | 2 +- 5 files changed, 49 insertions(+), 49 deletions(-) diff --git a/flake.lock b/flake.lock index 741ed8f..43e5c2f 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1752544374, - "narHash": "sha256-ReX0NG6nIAEtQQjLqeu1vUU2jjZuMlpymNtb4VQYeus=", + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "owner": "nix-community", "repo": "home-manager", - "rev": "2e00ed310c218127e02ffcf28ddd4e0f669fde3e", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", "type": "github" }, "original": { @@ -300,11 +300,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1752659960, - "narHash": "sha256-AP/Gds8b1hhU50prgLjYSv5qpy9D8E6Xre/r/gb3K8M=", + "lastModified": 1754744872, + "narHash": "sha256-rcMHMs+dFWaDXev092gfxTfxHEWcUY/6SRV+cseNevQ=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "8e3f7bbada0cf637d23de4200c6e1a5a157de9cc", + "rev": "346fc31bcc4d2dbcc3e8ce8dbb622e4255ff54b7", "type": "github" }, "original": { @@ -333,11 +333,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1752656275, - "narHash": "sha256-tTRMyGxqHF5IkYcnvHbwCgRBRUBhvRapxtuUfrN/8Ic=", + "lastModified": 1754742008, + "narHash": "sha256-Tp0FG7VpLudVEC622d91z2hbdfPLCXxw0Nv43iNN4O0=", "owner": "YaLTeR", "repo": "niri", - "rev": "7b065f8618f63b7cf761ebe05a2cebd556113a6c", + "rev": "67361f88fd01974ebee4cf80f0e29c87d805cc39", "type": "github" }, "original": { @@ -364,11 +364,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1752436162, - "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=", + "lastModified": 1754689972, + "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8", + "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", "type": "github" }, "original": { @@ -380,11 +380,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1752436162, - "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=", + "lastModified": 1754689972, + "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8", + "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", "type": "github" }, "original": { @@ -395,11 +395,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", + "lastModified": 1754214453, + "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", "type": "github" }, "original": { @@ -419,11 +419,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1752010420, - "narHash": "sha256-fboKrq2WeEC2Y4LaZNiiH2dptUYHtSbYhzE0FTN/u+M=", + "lastModified": 1754262585, + "narHash": "sha256-Yz5dJ0VzGRzSRHdHldsWQbuFYmtP3NWNreCvPfCi9CI=", "owner": "nix-community", "repo": "nixvim", - "rev": "a11133507a930dfd235324cdf776bdb5e6ddd717", + "rev": "ab1b5962e1ca90b42de47e1172e0d24ca80e6256", "type": "github" }, "original": { @@ -469,11 +469,11 @@ ] }, "locked": { - "lastModified": 1749730855, - "narHash": "sha256-L3x2nSlFkXkM6tQPLJP3oCBMIsRifhIDPMQQdHO5xWo=", + "lastModified": 1753771532, + "narHash": "sha256-Pmpke0JtLRzgdlwDC5a+aiLVZ11JPUO5Bcqkj0nHE/k=", "owner": "NuschtOS", "repo": "search", - "rev": "8dfe5879dd009ff4742b668d9c699bc4b9761742", + "rev": "2a65adaf2c0c428efb0f4a2bc406aab466e96a06", "type": "github" }, "original": { @@ -502,11 +502,11 @@ ] }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1754328224, + "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", "type": "github" }, "original": { @@ -536,11 +536,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1752599753, - "narHash": "sha256-8ppgjqbFc/697OXgMntMhk+kAQF4BHBog73oP6Xds8Y=", + "lastModified": 1754599117, + "narHash": "sha256-AzAYdZlat002vCjCKWdFpGi2xUaiOU4DtIPnv1nomD8=", "owner": "danth", "repo": "stylix", - "rev": "a35db84c7568c75f3ec665fdcd962cc9c52b6c0a", + "rev": "312dec38b2231b21f36903d1bdce96daa11548ff", "type": "github" }, "original": { @@ -718,11 +718,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1752338000, - "narHash": "sha256-Fxlp/yKtynug0jyuauAmvZU2SzHCfwlwWf85j+IvQ0U=", + "lastModified": 1754533920, + "narHash": "sha256-fCZ68Yud1sUCq6UNXj0SDyiBgVA8gJUE+14ZFGsFJG8=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "ba78881a68182ce338041846164cbfed0d70935c", + "rev": "e0d1dad25a158551ab58547b2ece4b7d5a19929c", "type": "github" }, "original": { @@ -736,11 +736,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1752293576, - "narHash": "sha256-84tAzrC/kioWRmG0jLt1HWRP/wHON7zjLtXCwWRNI/g=", + "lastModified": 1754540523, + "narHash": "sha256-Wgv2qVckt8q11/xErY7hYdLAPcoOnZ0BkMLqyXegCzQ=", "owner": "youwen5", "repo": "zen-browser-flake", - "rev": "1a40cdcb093a0025631ef692caa53130f821dd77", + "rev": "451454de40a4433174153e823994fe2ecd3c869e", "type": "github" }, "original": { diff --git a/home/default.nix b/home/default.nix index 46d886d..8edb0ac 100644 --- a/home/default.nix +++ b/home/default.nix @@ -6,7 +6,6 @@ }: { imports = [ ./programs/neovim/. - ./programs/helix.nix ./programs/git.nix ./programs/lf/. ./programs/zsh.nix diff --git a/home/programs/graphical.nix b/home/programs/graphical.nix index a9d9e5a..301b503 100644 --- a/home/programs/graphical.nix +++ b/home/programs/graphical.nix @@ -1,7 +1,11 @@ -{pkgs, inputs, user, ...}: { +{ + pkgs, + inputs, + user, + ... +}: { imports = [ ./mpv.nix - ./vscode.nix ]; home.packages = with pkgs; [ @@ -14,15 +18,10 @@ # tools inkscape - kdePackages.okular gimp3 libreoffice - dbeaver-bin - zed-editor - insomnia # entertainment - kdePackages.kasts shortwave youtube-music transmission_4-gtk @@ -73,5 +72,4 @@ enable = true; package = pkgs.brave; }; - } diff --git a/home/programs/work.nix b/home/programs/work.nix index 5830e43..65a96ff 100644 --- a/home/programs/work.nix +++ b/home/programs/work.nix @@ -5,6 +5,9 @@ }: let modifier = config.windowManager.modifierKey; in { + imports = [ + ./vscode.nix + ]; roles.email = { enable = true; email = "tristan.beedell@cryoserver.com"; diff --git a/pkgs/mpv-skipsilence.nix b/pkgs/mpv-skipsilence.nix index 33d6b1f..1391603 100644 --- a/pkgs/mpv-skipsilence.nix +++ b/pkgs/mpv-skipsilence.nix @@ -10,7 +10,7 @@ buildLua { src = fetchgit { url = "https://codeberg.org/ferreum/mpv-skipsilence.git"; - hash = "sha256-fg8vfeb68nr0bTBIvr0FnRnoB48/kV957pn22tWcz1g="; + hash = "sha256-+sOMWFFumJUk5gFE1iCTvWub3PWzYOkulXJLCGS4fYA="; }; passthru.updateScript = gitUpdater {}; From e7c8cec95e1b01c65933f3e05aaec80a4171ca51 Mon Sep 17 00:00:00 2001 From: Tristan Date: Tue, 19 Aug 2025 17:17:52 +0100 Subject: [PATCH 6/8] alpine: point samba at music --- nixos/services/samba.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/services/samba.nix b/nixos/services/samba.nix index e1e0fb8..8c8cf05 100644 --- a/nixos/services/samba.nix +++ b/nixos/services/samba.nix @@ -21,7 +21,7 @@ "map to guest" = "bad user"; }; "Music" = { - "path" = "/mnt/storage/media/Public/"; + "path" = "/mnt/storage/media/Music"; "browseable" = "yes"; "read only" = "no"; "guest ok" = "yes"; From c993639066831ef755b86037738feddd81425c45 Mon Sep 17 00:00:00 2001 From: Tristan Date: Tue, 19 Aug 2025 19:51:12 +0100 Subject: [PATCH 7/8] alpine: add prowlarr and exportarr --- nixos/services/arr.nix | 73 ++++++++++++++++++-------- nixos/services/prometheus.nix | 98 ++++++++++++++++++----------------- secrets/secrets.yaml | 17 +++--- 3 files changed, 111 insertions(+), 77 deletions(-) diff --git a/nixos/services/arr.nix b/nixos/services/arr.nix index 833614f..e4c344e 100644 --- a/nixos/services/arr.nix +++ b/nixos/services/arr.nix @@ -1,20 +1,20 @@ -{config, lib, user, ...}: let +{ + config, + lib, + user, + ... +}: let inherit (config) sops; inherit (sops) templates placeholder; in { - nixpkgs.config.permittedInsecurePackages = [ - "aspnetcore-runtime-6.0.36" - "aspnetcore-runtime-wrapped-6.0.36" - "dotnet-sdk-6.0.428" - "dotnet-sdk-wrapped-6.0.428" - ]; users.users.${user}.extraGroups = ["media"]; users.groups.media = { gid = 979; }; - services.jackett = { + services.prowlarr = { enable = true; }; + services.flaresolverr.enable = true; services.lidarr = { enable = true; group = "media"; @@ -27,21 +27,13 @@ in { enable = true; group = "media"; }; + services.bazarr = { + enable = true; + group = "media"; + }; services.jellyseerr.enable = true; - sops.secrets.sonarr-sslkey = { - sopsFile = ../../certs/alpine.prawn-justice.ts.net.key; - format = "binary"; - owner = "nginx"; - }; - # this was fun to figure out, but pointless atm. - services.nginx.virtualHosts."alpine.prawn-justice.ts.net" = { - forceSSL = true; - sslCertificateKey = config.sops.secrets.sonarr-sslkey.path; - sslCertificate = ../../certs/alpine.prawn-justice.ts.net.crt; - }; # probably easier if i just put this in a nixos-container virtualisation.oci-containers.containers.transmission = { - autoStart = false; image = "docker.io/haugene/transmission-openvpn:5.3.2"; ports = ["9091:9091"]; volumes = [ @@ -49,7 +41,7 @@ in { "/home/tristan/pods/transmission/config:/config" "/mnt/storage/media/unsorted:/data/completed" ]; - environmentFiles = [ templates."transmission/env".path ]; + environmentFiles = [templates."transmission/env".path]; environment = { PUID = "1000"; PGID = toString config.users.groups.media.gid; @@ -79,4 +71,43 @@ in { OPENVPN_PASSWORD=${placeholder."transmission/auth/OPENVPN_PASSWORD"} ''; }; + + sops.secrets."sonarr/api_key" = {}; + sops.secrets."radarr/api_key" = {}; + sops.secrets."prowlarr/api_key" = {}; + services.prometheus.exporters.exportarr-sonarr = { + enable = true; + url = "http://localhost:${toString config.services.sonarr.settings.server.port}/sonarr"; + port = 9708; + apiKeyFile = config.sops.secrets."sonarr/api_key".path; + }; + services.prometheus.exporters.exportarr-radarr = { + enable = true; + url = "http://localhost:${toString config.services.radarr.settings.server.port}"; + port = 9709; + apiKeyFile = config.sops.secrets."radarr/api_key".path; + }; + services.prometheus.exporters.exportarr-prowlarr = { + enable = true; + url = "http://localhost:${toString config.services.prowlarr.settings.server.port}"; + port = 9710; + apiKeyFile = config.sops.secrets."prowlarr/api_key".path; + }; + services.prometheus = { + enable = true; + scrapeConfigs = [ + { + job_name = "exportarr"; + static_configs = [ + { + targets = [ + "localhost:${toString config.services.prometheus.exporters.exportarr-radarr.port}" + "localhost:${toString config.services.prometheus.exporters.exportarr-sonarr.port}" + "localhost:${toString config.services.prometheus.exporters.exportarr-prowlarr.port}" + ]; + } + ]; + } + ]; + }; } diff --git a/nixos/services/prometheus.nix b/nixos/services/prometheus.nix index 8581e70..bae5c9f 100644 --- a/nixos/services/prometheus.nix +++ b/nixos/services/prometheus.nix @@ -29,28 +29,34 @@ in { ]; rules = [ (builtins.toJSON { - groups = [{ - name = "node"; - rules = [ - { - alert = "io error"; - expr = ''node_filesystem_device_error{device_error!="permission denied"} > 0''; - } - { - alert = "disk full"; - expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}''; - } - ]; - }]; + groups = [ + { + name = "node"; + rules = [ + { + alert = "io error"; + expr = ''node_filesystem_device_error{device_error!="permission denied"} > 0''; + } + { + alert = "disk full"; + expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}''; + } + ]; + } + ]; }) ]; - alertmanagers = [ { - static_configs = [ { - targets = [ - "localhost:9093" + alertmanagers = [ + { + static_configs = [ + { + targets = [ + "localhost:9093" + ]; + } ]; - } ]; - } ]; + } + ]; exporters = { postgres = { enable = true; @@ -58,39 +64,35 @@ in { }; }; alertmanager = { - enable = true; + enable = false; configuration = { - receivers = [{ - name = "ntfy"; - webhook_configs = [{ - url = "http://localhost${config.services.ntfy-sh.settings.listen-http}/alert/trigger"; - }]; - }]; route = { - receiver = "ntfy"; - # routes = [{ - # matchers = [ - # ''node_filesystem_device_error != 0'' - # ]; - # }]; + receiver = "alertmanager-ntfy"; + routes = [{ + matchers = [ + ''node_filesystem_device_error != 0'' + ]; + }]; + }; + }; + }; + alertmanager-ntfy = { + enable = false; + settings = { + ntfy = { + baseurl = "https://up.tristans.cloud"; + notification = { + topic = "alert"; + }; }; }; }; - # alertmanager-ntfy = { - # enable = true; - # settings = { - # ntfy = { - # baseurl = "https://up.tristans.cloud"; - # notification = { - # topic = "alert"; - # }; - # }; - # }; - # }; }; - services.grafana.provision.datasources.settings.datasources = [{ - name = "Prometheus"; - type = "prometheus"; - url = "http://localhost:${toString prometheus.port}"; - }]; + services.grafana.provision.datasources.settings.datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + url = "http://localhost:${toString prometheus.port}"; + } + ]; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 7ef2c52..8af60d8 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -33,11 +33,13 @@ transmission: OPENVPN_USERNAME: ENC[AES256_GCM,data:RQ+hGLE6YEgN/aaa2TLpkg==,iv:oG794WxGe0t1ZI0PyC45ZgCPA0Ar2m/dSVDdMYBKJvY=,tag:CGnEu8ds0s4aH4ImCrNWNQ==,type:str] OPENVPN_PASSWORD: ENC[AES256_GCM,data:Jw==,iv:uGAaXFWfpSaeqY7yC9cR9iqblH3E3hudnrnIlOvdRCg=,tag:P1XJ2SBY82z9YZP9J/n5SA==,type:str] namecheap: ENC[AES256_GCM,data:PTEQK8+G1FfmvRk9IxrAZjCAhiKdV0AA+JxaJRZvbHU=,iv:xTrJzPooM0xzs9xgkNGWKRzRHeIIhMGa8EYW2/41ZvA=,tag:KHdLKuip439QNeAiBwreqg==,type:str] +sonarr: + api_key: ENC[AES256_GCM,data:mBq+ndbhDtErh/sytTybutes7btHMIkg6wT9C7t4M9I=,iv:JicYavIQJpnmYbFpO+AVOTwrp2DeOB5xWBROwSYNF4Y=,tag:xmlaKpdn8A9s/HpdsBR+0g==,type:str] +radarr: + api_key: ENC[AES256_GCM,data:iHDX/wLjde/6dj6+ORJaAnFCzXn82DXUWy3yh6fkmiQ=,iv:NcgRPa6Cy9tKLKYJ4OGr2cdW5smvpHbiXtBYJlEqOfw=,tag:BJ1YeMLXrhuDrZKsB5Z4YQ==,type:str] +prowlarr: + api_key: ENC[AES256_GCM,data:p1KRHilxv8qSy8NEKQlBy8ppXDxmQDeZXAzRYyc7psA=,iv:HyK3YEKLvE01fLCkxR89G96uViAegIPi7Xb43mFeWlQ=,tag:B8pNOT9+2rPUqVL+rTDRHg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age106vffwu4y8cx90y0rtzajgpafl8jq7ty5hf6pur2gjsuq3g2lf5qjmdq0q enc: | @@ -48,8 +50,7 @@ sops: S3ZwcHhkdEEvY0pINDloand5S0NycHcKEpIt5EeIKhLQK7f74sWVN/x5gzh/Jq7x UUN5QtysRbWVGnWRxdNB8LIMjDJY9jRojycdQfSNebaz5ZLjEp8dZQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-18T02:00:29Z" - mac: ENC[AES256_GCM,data:x3J0tRfNynM2qlB4YUUAUMYI/94opN1kJ1j0kOyeZ1GZHx+EA4dQZif4nPQOERo+5xRt8C4YXVDZEnCjD1TpQE6LYik0n0iY+84sY5fSr2SYiXzq2P72Tk7BzBklI9/zjndeJLJbydTJDMzOCvdEWIfHYZsHODnKXBO9pYwjAqU=,iv:z+QD93t72S2w0CqMV5sQk9oK9LMnQAxyaiExmqEcSp0=,tag:dbtyHUQ+n2EQvHEkQa7zrw==,type:str] - pgp: [] + lastmodified: "2025-08-19T18:47:49Z" + mac: ENC[AES256_GCM,data:xgsPA3TDBZ4C6aQVYoamOz2fi2iEaiUtT2eOFUnldBB4Wt+YNM4b4RVavXnlND1vOat9FtRzjmvI1rlkxoPV95tZz4B4QDfH/LUBWCwiOnZdLwrd4W0VWJLSxcX/hAmZ7qnGMpA7/G/0d45A2y0yMHJ3KGfqTsCikE/MPwrQbkg=,iv:1GEIIYygolYOGfS2LG1CmZCnacLaeOfBw+TGeh713DQ=,tag:E7mrU7xK2Zppq9QCwKdveQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.10.2 From 5553012178d5f1fdde2bccb527e97cdfeeb39d4c Mon Sep 17 00:00:00 2001 From: Tristan Date: Tue, 12 Aug 2025 15:00:41 +0100 Subject: [PATCH 8/8] framework: nixvim tweaks --- lib/nixvim.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/nixvim.nix b/lib/nixvim.nix index 1b26adb..55d2a9a 100644 --- a/lib/nixvim.nix +++ b/lib/nixvim.nix @@ -28,6 +28,7 @@ in { scrolloff = 4; smoothscroll = true; ignorecase = true; + winborder = "rounded"; undofile = true; undodir = lua ''vim.fn.expand("$HOME/.local/share/nvim/undo")''; @@ -72,10 +73,10 @@ in { options.desc = "copy to clipboard"; } { - key = "ca"; - action = '' - require("actions-preview").code_actions - ''; + mode = "n"; + options.desc = "LSP Format"; + key = "cf"; + action = luaFunc "vim.lsp.buf.format({async = true;})"; } { key = "";