diff --git a/.sops.yaml b/.sops.yaml index 0fd042a..96b61cd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -113,3 +113,8 @@ creation_rules: - age: - *yt - *cy + - path_regex: secrets/services/zipline.yaml + key_groups: + - age: + - *chunk + - *cy diff --git a/flake.lock b/flake.lock index b36b229..33c8825 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "anki": { + "locked": { + "lastModified": 1739471491, + "narHash": "sha256-ZCKWgsNqKWkVOAQFaFSmK3EN/uDdamNOcSItzvooWYs=", + "owner": "cything", + "repo": "nixpkgs", + "rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248", + "type": "github" + }, + "original": { + "owner": "cything", + "repo": "nixpkgs", + "rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248", + "type": "github" + } + }, "attic": { "inputs": { "crane": "crane", @@ -562,11 +578,11 @@ ] }, "locked": { - "lastModified": 1739381933, - "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=", + "lastModified": 1739470101, + "narHash": "sha256-NxNe32VB4XI/xIXrsKmIfrcgtEx5r/5s52pL3CpEcA4=", "owner": "nix-community", "repo": "home-manager", - "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba", + "rev": "5031c6d2978109336637977c165f82aa49fa16a7", "type": "github" }, "original": { @@ -683,11 +699,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1739192059, - "narHash": "sha256-r40TUIL6zij0kWBpqKyI7O2brT3Myaa3aAGamkZEvfc=", + "lastModified": 1739445948, + "narHash": "sha256-mmfFqhYjKP7nke1cs3x+bjP6GOG8A82Zxvrc9IfYwEA=", "ref": "refs/heads/main", - "rev": "3bca42eb0049772d9079f29f25186575f8e5a4ae", - "revCount": 17406, + "rev": "406f4fed35fe495457a0f6487a7be3b025cab1c4", + "revCount": 17410, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -763,11 +779,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1739339370, - "narHash": "sha256-kvuVhsaVa8j0P9Genf96CLX2cNjForojX5aB1BN+Bwk=", + "lastModified": 1739496005, + "narHash": "sha256-qr7v18JupLdyjUhC3zczdYzUEC4zzsxGjxsVGgYzwYg=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "498e8bbc149b38fd14d4ff7fbf31c49fdaa23282", + "rev": "e072f4a57cad4fb92e656fd69a340c8d372cacac", "type": "github" }, "original": { @@ -796,11 +812,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1739336386, - "narHash": "sha256-H9E3lfJibzWwqV9C1pI81uhav1RLWRA8JbH3ADv3X/4=", + "lastModified": 1739432365, + "narHash": "sha256-uQm3OhhgUQHA5eV+0v/qAFmFHly8yHg2P+BVVy/3DcY=", "owner": "YaLTeR", "repo": "niri", - "rev": "7e552333a993e83a2dba52392109617e486f5f60", + "rev": "4c98b874862c2e6df7f71bdf36df0ba527690fbb", "type": "github" }, "original": { @@ -1027,11 +1043,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1739206421, - "narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=", + "lastModified": 1739357830, + "narHash": "sha256-9xim3nJJUFbVbJCz48UP4fGRStVW5nv4VdbimbKxJ3I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "44534bc021b85c8d78e465021e21f33b856e2540", + "rev": "0ff09db9d034a04acd4e8908820ba0b410d7a33a", "type": "github" }, "original": { @@ -1091,11 +1107,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1739346810, - "narHash": "sha256-RNNghMmVysP8+zpmlFK3fMfrFOK5ZUtPCCi5nW7yZS4=", + "lastModified": 1739478914, + "narHash": "sha256-qljqSeAWOFbd6HNg8Ey28RdZYdVN8bMb6HJK7uqCKZ0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "696f2000ad7ad6f600159d49647a88bdf0e42f9f", + "rev": "6f9b8ea84c04411c48ab5aab4620ab204936d9fc", "type": "github" }, "original": { @@ -1128,11 +1144,11 @@ ] }, "locked": { - "lastModified": 1739353096, - "narHash": "sha256-w/T2uYCoq4k6K46GX2CMGWsKfMvcqnxC41LIgnvGifE=", + "lastModified": 1739469954, + "narHash": "sha256-faUXxkM3yYm++fpEw02tbAgPJprVB0xOtrU87BEQkuI=", "owner": "nix-community", "repo": "nixvim", - "rev": "78b6f8e1e5b37a7789216e17a96ebc117660f0e7", + "rev": "7f29e4b2ae34c1ba5fe650d74c8f28b0d1fa21ee", "type": "github" }, "original": { @@ -1265,6 +1281,7 @@ }, "root": { "inputs": { + "anki": "anki", "conduwuit": "conduwuit", "crane": "crane_2", "disko": "disko", @@ -1313,11 +1330,11 @@ ] }, "locked": { - "lastModified": 1739327257, - "narHash": "sha256-rlGK8wxz/e50Z+PQRzuP+m03IrGkhcPGmgkBnkEZ9C8=", + "lastModified": 1739500069, + "narHash": "sha256-eCxWMqMsP2KQkleWWhs9KzFvxgd9v0F0iq7Piw6XDAs=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e01f2c035b7b8a428c119b183f4cbc55f2eef07c", + "rev": "cd3e0a87bf9edadb0f311ba1eb677bbae7a08b81", "type": "github" }, "original": { @@ -1409,11 +1426,11 @@ ] }, "locked": { - "lastModified": 1739324903, - "narHash": "sha256-VqtzYG8GK1BBaJx/zdxoLdeHSskETlldfYKZHSt6Ew8=", + "lastModified": 1739497746, + "narHash": "sha256-Bfok+AZ/iTOmJNndwR7wOZbsuL5/gks3GH2qvWTxpGs=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "00d1dbcc3d422c6eabf9285759a4469a5a5a7542", + "rev": "6113f471097e12ff293e86b36e74aee21c55204e", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9ef5b79..b9d76bf 100644 --- a/flake.nix +++ b/flake.nix @@ -100,6 +100,9 @@ flake-utils.url = "github:numtide/flake-utils"; crane.url = "github:ipetkov/crane"; flake-compat.url = "github:edolstra/flake-compat"; + + # unmerged PRs + anki.url = "github:cything/nixpkgs/1562f5286858b3c1e5ea7e60f4bf6b3578519248"; }; nixConfig = { diff --git a/home/codium.nix b/home/codium.nix index e429959..b35231a 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -6,16 +6,20 @@ enableUpdateCheck = false; enableExtensionUpdateCheck = false; mutableExtensionsDir = false; - extensions = (with pkgs.open-vsx; [ - vscodevim.vim - jnoortheen.nix-ide - editorconfig.editorconfig - github.github-vscode-theme - rust-lang.rust-analyzer - ]) ++ - (with pkgs.vscode-marketplace; [ - github.codespaces - ]); + extensions = + # if unfree + # (with pkgs.vscode-marketplace; [ + ( + with pkgs.open-vsx; + [ + vscodevim.vim + jnoortheen.nix-ide + editorconfig.editorconfig + github.github-vscode-theme + rust-lang.rust-analyzer + shd101wyy.markdown-preview-enhanced + ] + ); userSettings = { "workbench.colorTheme" = "GitHub Dark Default"; "files.autoSave" = "afterDelay"; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 9577771..aeb7906 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -72,6 +72,9 @@ "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; }; + "zipline/env" = { + sopsFile = ../../secrets/services/zipline.yaml; + }; }; boot = { @@ -207,4 +210,5 @@ environment.enableAllTerminfo = true; my.roundcube.enable = true; + my.zipline.enable = true; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index a6f39dd..e6c8af1 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -8,7 +8,7 @@ s3_api = { s3_region = "earth"; api_bind_addr = "[::]:3900"; - root_domain = ".s3.cy7.sh"; + root_domain = "s3.cy7.sh"; }; s3_web = { bind_addr = "[::]:3902"; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 37b8763..cd3a38e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -402,4 +402,9 @@ enable = true; enableQt5Integration = true; }; + + programs.appimage = { + enable = true; + binfmt = true; + }; } diff --git a/modules/default.nix b/modules/default.nix index 810c2f4..96ea519 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -4,5 +4,6 @@ ./backup.nix ./caddy.nix ./roundcube.nix + ./zipline.nix ]; } diff --git a/modules/zipline.nix b/modules/zipline.nix new file mode 100644 index 0000000..b66cad6 --- /dev/null +++ b/modules/zipline.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.zipline; +in +{ + options.my.zipline = { + enable = lib.mkEnableOption "zipline"; + }; + + config = lib.mkIf cfg.enable { + services.zipline = { + enable = true; + settings = { + CORE_PORT = 3001; + DATASOURCE_TYPE = "s3"; + DATASOURCE_S3_ENDPOINT = "e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + DATASOURCE_S3_BUCKET = "zipline"; + DATASOURCE_S3_REGION = "auto"; + DATASOURCE_S3_USE_SSL = "true"; + DATASOURCE_S3_FORCE_S3_PATH = "false"; + FEATURES_THUMBNAILS = "true"; + EXIF_REMOVE_GPS = "true"; + CHUNKS_CHUNKS_SIZE = "50mb"; + CHUNKS_MAX_SIZE = "95mb"; + FEATURES_OAUTH_REGISTRATION = "true"; + }; + environmentFiles = [ config.sops.secrets."zipline/env".path ]; + }; + + services.caddy.virtualHosts."host.cy7.sh".extraConfig = '' + import common + reverse_proxy 127.0.0.1:3001 + ''; + }; +} diff --git a/overlay/default.nix b/overlay/default.nix index 219f1ad..5695d30 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -20,6 +20,7 @@ importedOverlays lldb = pkgFrom stable "lldb"; calibre = pkgFrom stable "calibre"; nil = inputs.nil.packages.${prev.system}.nil; + anki = pkgFrom inputs.anki "anki-bin"; } ) ] diff --git a/secrets/services/zipline.yaml b/secrets/services/zipline.yaml new file mode 100644 index 0000000..b82f9a3 --- /dev/null +++ b/secrets/services/zipline.yaml @@ -0,0 +1,31 @@ +zipline: + env: ENC[AES256_GCM,data:lsR/+bET/C7ssik0xv5IBITT+KEnoyqNjSZ9jvkkb7lmNAQzow6dCm1nprfimiJC0EF2LyiEPm0wchdtrLTNEtUkJWkworEJXeWGrGGbHgZW0/HC1BSERqlLmZTPyLWkhsl3rObvuhRoTKlUN5EMwtK8x06aOX6PcxLdwVjps7UxkBXej712IcKPvHVSJIQMvVHP2lqSppJc+sEMt4u3Vnf1ZYGsQS3bWnI7w40sOdGR8LGBadfmWwIj0/3XTaG7S7Lhi4AOFGZtpdyOmxxIH3Vd5qesfiqPHm0nTmu/JxPftYm+F/hDnbJHrbg7cNVlJahDFtQp8QdlVvdMU3ccNptpRXGWIwFOz3JtuzDo7pxkYRqO2dKqYbKhOknrMW0PYuB48XEKj3e4Q+T8tUhFTsOHfqT0J8ati26dQaUO5wvw22o=,iv:QeR8fU9bRVO5OuqjbEeiC1vihbLxrNgnR0k0K/mRmSw=,tag:6x2XELOlJ9JWeOuVBBHNpg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUDFDSnFEM1NZK0lSMnUx + YkI3MWlpY1VjYXdaKzBCOFc5NWp5NXdBbkdVCmI0Z2tuSXBOSFN2NXJTUWxKQXNu + SGhhTTYzUDFSOFFXdU5aVHlmYnJNa1UKLS0tIGlrUTErQkVRdFBYYWxUcklHaUVY + UkQ3eVlDR2lMOEZGNXRjU3J3RXpwZkUKNJL/dvPsGu0AJiXryR8uSM0jE//cQi0b + AeYUjXLRcouUq5zWL6AsKDOUAo9t//AAFZqv3DGUboR8UzdymYRYMw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Wk9ZYkExU3k0ZWpOZEhF + TkswRGxTd1hpcGJaa1pmcUJFQnZMcGV6L0ZFCnp3K05YdU56WUl1TktVSFNQWWZH + bG5COXVuSjFCUWpEYXQweVFPaDAzcTQKLS0tIFgralQ1TWUzajVOM3RyS3RDcnRx + WHZSeVJIaGRldmhmcWZvT3YzL3hPbFEKVUtCU1l/RhFOlwdjE0ejW/Ym+cMVNxIW + AdvVcWoilMGTsDJIIlLu7fPbhmGotPvqGjxMC2yEpEgJUt/rsz2vPA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-14T03:37:09Z" + mac: ENC[AES256_GCM,data:KViPAUWWpE5UTZOp55f3QeXhHkXBvyl9Np/Tlj5bY7t3qt1U370OLq1yL87WWbvRWa/K/ZYN2gjN16dgfp5o834VniSJM6dnw+vC76QNaXjCfE2HKozRx6NlHFMflzzV8TXvqzJvuPa43E8DRaBctY2a7aIbJ4DJki1dfmrrO3Y=,iv:vPeMWOWQNZX3t4BoYzpuI74tZJ3rCXwbxmqcRAW5ZXY=,tag:i4ZjIXg0JOj2U2jMwurChw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4