diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 290761f..c955639 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -74,7 +74,7 @@ jobs: run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ $package @@ -143,7 +143,7 @@ jobs: run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ $package diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 4f76a1d..c188482 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -62,7 +62,7 @@ jobs: if: '!cancelled()' run: | nix run git+https://git.cy7.sh/cy/nixcp.git -- \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \ -u https://nix-community.cachix.org \ -u https://nixcache.web.cy7.sh \ "${{ matrix.package }}" diff --git a/.sops.yaml b/.sops.yaml index 5dca48c..21d2151 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -135,10 +135,4 @@ creation_rules: - *yt - *cy - *chunk - - path_regex: secrets/services/karakeep.yaml - key_groups: - - age: - - *yt - - *cy - - *chunk diff --git a/flake.lock b/flake.lock index ba20fb3..0fe0871 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1743780871, - "narHash": "sha256-xmDepDLHsIWiwpWYjhI40XOrV9jCKrYJQ+EK1EOIdRg=", + "lastModified": 1743473828, + "narHash": "sha256-x/sfh6LCHGAz8rL23GHhH7dac1LtHBbRRJi1p8gOdtI=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "4e5b87d0cd16f3d015f4b61285b369d027bb909d", + "rev": "0f81c1e1ccdcb0c5c6d5a27e82f16eb37b1e61c8", "type": "github" }, "original": { @@ -151,11 +151,11 @@ }, "crane_2": { "locked": { - "lastModified": 1739936662, - "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", "owner": "ipetkov", "repo": "crane", - "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", "type": "github" }, "original": { @@ -167,11 +167,11 @@ }, "crane_3": { "locked": { - "lastModified": 1737689766, - "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", "owner": "ipetkov", "repo": "crane", - "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", "type": "github" }, "original": { @@ -182,11 +182,11 @@ }, "crane_4": { "locked": { - "lastModified": 1741148495, - "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", + "lastModified": 1742394900, + "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=", "owner": "ipetkov", "repo": "crane", - "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", + "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd", "type": "github" }, "original": { @@ -386,11 +386,11 @@ ] }, "locked": { - "lastModified": 1740872218, - "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3876f6b87db82f33775b1ef5ea343986105db764", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -610,11 +610,11 @@ ] }, "locked": { - "lastModified": 1743948087, - "narHash": "sha256-B6cIi2ScgVSROPPlTti6len+TdR0K25B9R3oKvbw3M8=", + "lastModified": 1743556466, + "narHash": "sha256-rvU79DJ6rPDxiH0sTp686Vlm+JewwAZPGcwt8OfHJbM=", "owner": "nix-community", "repo": "home-manager", - "rev": "ef3b2a6b602c3f1a80c6897d6de3ee62339a3eb7", + "rev": "5ee44bc7c2e853f144390a12ebe5174ad7e3b9e0", "type": "github" }, "original": { @@ -826,11 +826,11 @@ ] }, "locked": { - "lastModified": 1743911143, - "narHash": "sha256-4j4JPwr0TXHH4ZyorXN5yIcmqIQr0WYacsuPA4ktONo=", + "lastModified": 1743306489, + "narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "a36f6a7148aec2c77d78e4466215cceb2f5f4bfb", + "rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d", "type": "github" }, "original": { @@ -909,11 +909,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1743813633, - "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", + "lastModified": 1743501102, + "narHash": "sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", + "rev": "02f2af8c8a8c3b2c05028936a1e84daefa1171d4", "type": "github" }, "original": { @@ -973,11 +973,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "lastModified": 1743448293, + "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", "type": "github" }, "original": { @@ -989,11 +989,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1743862455, - "narHash": "sha256-I/QXtrqznq1321mYR9TyMPX/zCWb9iAH64hO+pEBY00=", + "lastModified": 1743559129, + "narHash": "sha256-7gpAWsENV3tY2HmeHYQ2MoQxGpys+jQWnkS/BHAMXVk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "06f3516b0397bd241bde2daefc8538fc886c5467", + "rev": "adae22bea8bcc0aa2fd6e8732044660fb7755f5e", "type": "github" }, "original": { @@ -1110,11 +1110,11 @@ ] }, "locked": { - "lastModified": 1741228283, - "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", + "lastModified": 1743561237, + "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", + "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", "type": "github" }, "original": { @@ -1131,11 +1131,11 @@ ] }, "locked": { - "lastModified": 1741055476, - "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", + "lastModified": 1743561237, + "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "aefb7017d710f150970299685e8d8b549d653649", + "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", "type": "github" }, "original": { @@ -1151,11 +1151,11 @@ ] }, "locked": { - "lastModified": 1743906877, - "narHash": "sha256-Thah1oU8Vy0gs9bh5QhNcQh1iuQiowMnZPbrkURonZA=", + "lastModified": 1743561237, + "narHash": "sha256-dd97LXek202OWmUXvKYFdYWj0jHrn3p+L5Ojh1SEOqs=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "9d00c6b69408dd40d067603012938d9fbe95cfcd", + "rev": "1de27ae43712a971c1da100dcd84386356f03ec7", "type": "github" }, "original": { @@ -1171,11 +1171,11 @@ ] }, "locked": { - "lastModified": 1743910657, - "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=", + "lastModified": 1743502316, + "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "523f58a4faff6c67f5f685bed33a7721e984c304", + "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", "type": "github" }, "original": { @@ -1267,11 +1267,11 @@ ] }, "locked": { - "lastModified": 1743904774, - "narHash": "sha256-dHnwYLz1b6ohGP2DjWKpDFEZ9WOm4vYuPXKUna08awU=", + "lastModified": 1743558944, + "narHash": "sha256-LtmHSXZjFXUWYwWhvEPWSbnmAD62TrvLdZGqQvcSHIY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "da51d4cab526bef885e8c95ab2b9455bfe0940d4", + "rev": "bc23f562c367b3e6300d596c24f0080220897df7", "type": "github" }, "original": { diff --git a/home/codium.nix b/home/codium.nix index 706736d..117c9e0 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -24,7 +24,6 @@ golang.go ms-python.python christian-kohler.path-intellisense - # firefox-devtools.vscode-firefox-debug ]; userSettings = let @@ -75,11 +74,6 @@ "telemetry.enableTelemetry" = false; "telemetry.telemetryLevel" = "off"; "window.titleBarStyle" = "custom"; - # https://github.com/ChristianKohler/PathIntellisense#installation - "typescript.suggest.paths" = false; - "javascript.suggest.paths" = false; - - "path-intellisense.absolutePathToWorkspace" = true; # terminal stuff "terminal.integrated.cursorBlinking" = true; diff --git a/home/kitty.nix b/home/kitty.nix index a77a432..ea7047f 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -17,11 +17,10 @@ # will probably lower this later but the max allowed is actually 4GB # this is NOT stored in memory and can only be viewed with scrollback_pager - "scrollback_pager_history_size" = "10"; # in MB + "scrollback_pager_history_size" = "1024"; # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; - # "scrollback_lines" = 20000; - wheel_scroll_multiplier = 50; + "scrollback_lines" = 20000; }; keybindings = { # kitty_mod is ctrl+shift by default @@ -59,29 +58,18 @@ "kitty_mod+alt+p" = "move_tab_backward"; "kitty_mod+q" = "close_tab"; "kitty_mod+t" = "new_tab_with_cwd"; + "ctrl+f2" = "detach_tab"; # hints # > basically means the preceding key is a prefix (think tmux) "kitty_mod+o>o" = "open_url_with_hints"; - # `--program @` means copy to clipboard - "kitty_mod+o>u" = "kitten hints --type url --program @"; - "kitty_mod+o>p" = "kitten hints --type path --program @"; - "kitty_mod+o>n" = "kitten hints --type line --program @"; - "kitty_mod+o>w" = "kitten hints --type word --program @"; - "kitty_mod+o>h" = "kitten hints --type hash --program @"; + "kitty_mod+o>p" = "kitten hints --type path --program -"; + "kitty_mod+o>n" = "kitten hints --type line --program -"; + "kitty_mod+o>w" = "kitten hints --type word --program -"; + "kitty_mod+o>h" = "kitten hints --type hash --program -"; "kitty_mod+o>l" = "kitten hints --type linenum"; - - # scrolling - "kitty_mod+u" = "scroll_page_up"; - "kitty_mod+d" = "scroll_page_down"; - "kitty_mod+a" = "scroll_home"; - "kitty_mod+e" = "scroll_end"; - "kitty_mod+z" = "scroll_to_prompt -1"; # scroll to previous shell prompt - "kitty_mod+x" = "scroll_to_prompt 1"; # scroll to next shell prompt - "kitty_mod+y" = "show_scrollback"; # browse scrollback buffer in pager - "kitty_mod+g" = "show_last_command_output"; # browse output of last command in pager }; }; - programs.zsh.shellAliases."ssh" = "kitten ssh"; + # programs.zsh.shellAliases."ssh" = "kitten ssh"; # doesn't seem to work with bitwarden ssh agent :( } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 9c6289d..56bae51 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -18,6 +18,7 @@ ./grafana.nix ./conduwuit.nix ./immich.nix + ./element.nix ./forgejo.nix ./garage.nix ./tailscale.nix @@ -46,14 +47,20 @@ "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/chunk.yaml; }; + "attic/env" = { + sopsFile = ../../secrets/services/attic.yaml; + }; "garage/env" = { sopsFile = ../../secrets/services/garage.yaml; }; "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; }; - "karakeep/env" = { - sopsFile = ../../secrets/services/karakeep.yaml; + "zipline/env" = { + sopsFile = ../../secrets/services/zipline.yaml; + }; + "searx/env" = { + sopsFile = ../../secrets/services/searx.yaml; }; }; @@ -180,10 +187,9 @@ programs.git.enable = true; my.caddy.enable = true; + + # container stuff my.containerization.enable = true; + my.authelia.enable = true; - my.karakeep = { - enable = true; - dataDir = "/opt/karakeep"; - }; } diff --git a/hosts/chunk/element.nix b/hosts/chunk/element.nix new file mode 100644 index 0000000..5a12e1e --- /dev/null +++ b/hosts/chunk/element.nix @@ -0,0 +1,33 @@ +{ + pkgs, + config, + ... +}: +{ + virtualisation.oci-containers.containers.element = { + image = "vectorim/element-web"; + autoStart = true; + ports = [ "127.0.0.1:8089:8089" ]; + pull = "newer"; + networks = [ "element-net" ]; + environment = { + ELEMENT_WEB_PORT = "8089"; + }; + }; + + systemd.services.create-element-net = { + serviceConfig.Type = "oneshot"; + wantedBy = with config.virtualisation.oci-containers; [ + "${backend}-element.service" + ]; + script = '' + ${pkgs.podman}/bin/podman network exists element-net || \ + ${pkgs.podman}/bin/podman network create element-net + ''; + }; + + services.caddy.virtualHosts."element.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8089 + ''; +} diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index a36dc49..982e1f4 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -17,7 +17,6 @@ }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; - rpc_public_addr = "100.122.132.30:3901"; replication_factor = 1; db_engine = "lmdb"; disable_scrub = true; diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index 33a77a0..f79a7ff 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -42,7 +42,6 @@ services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' import common - import authelia reverse_proxy localhost:8088 ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 1e7e497..62505f9 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -11,7 +11,7 @@ dialect = "postgresql"; }; port = 8085; - domain = "pad.cy7.sh"; + domain = "pad.cything.io"; allowEmailRegister = false; protocolUseSSL = true; }; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1c474af..c592fbb 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -14,19 +14,18 @@ let --config ${config.sops.secrets."rclone/config".path} \ --allow-other \ --cache-dir /var/cache/rclone \ - --transfers 64 \ + --transfers 32 \ --vfs-cache-mode full \ --vfs-cache-min-free-space 5G \ --dir-cache-time 30d \ --no-checksum \ --no-modtime \ --vfs-fast-fingerprint \ - --vfs-read-chunk-size 8M \ + --vfs-read-chunk-size 16M \ --vfs-read-chunk-streams 16 \ - --sftp-concurrency 128 \ + --sftp-concurrency 64 \ --sftp-chunk-size 255k \ --buffer-size 0 \ - --write-back-cache \ ${remote} ${mount} ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; diff --git a/modules/authelia.nix b/modules/authelia.nix index f231f50..afd8b52 100644 --- a/modules/authelia.nix +++ b/modules/authelia.nix @@ -49,14 +49,9 @@ in webauthn = { enable_passkey_login = true; }; - identity_providers.oidc.claims_policies = { - # https://github.com/karakeep-app/karakeep/issues/410 - # https://www.authelia.com/integration/openid-connect/openid-connect-1.0-claims/#restore-functionality-prior-to-claims-parameter - karakeep.id_token = [ "email" ]; - }; identity_providers.oidc.clients = [ { - client_id = "4EIrpRb9rnwHWjYWvlz2gYrtTmoOLF1D5gqXw28BvmOS0f-9T2p4CFwuctf4Co1hkpo2sd4Y"; + client_id = "immich"; client_name = "immich"; client_secret = "$argon2id$v=19$m=65536,t=3,p=4$Vny2G8EbSPafSwnIuq2Zkg$eF2om4WDEaqCFmrAG27h2mYl+cXxXyttPJ7gaPLs+f8"; public = false; @@ -70,7 +65,7 @@ in userinfo_signed_response_alg = "none"; } { - client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU"; + client_id = "forgejo"; client_name = "Forgejo"; client_secret = "$argon2id$v=19$m=65536,t=3,p=4$O2O5r/7A8hc4EMvernQ4Dw$YOVqtwY3jv0HlcxmviPq2CRnD7Dw85V9KDtTSUQE7bA"; public = false; @@ -82,34 +77,6 @@ in userinfo_signed_response_alg = "none"; token_endpoint_auth_method = "client_secret_basic"; } - { - client_id = "b_ITCG0uNzy9lZ5nVC~Ny5R35te8I3hoQW1uraCbdxeiE9VuiCIelMmZZ7dAZLg_anTUWSQG"; - client_name = "HedgeDoc"; - client_secret = "$argon2id$v=19$m=65536,t=3,p=4$MFSXW3gjIZf0M3e8s8RJCg$6KWwksJe2vdUebPEdYc0Zy88fzGcHPrbStcqkiXl+Hg"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ - "https://pad.cy7.sh/auth/oauth2/callback" - ]; - scopes = [ "openid" "profile" "email" ]; - userinfo_signed_response_alg = "none"; - grant_types = [ "refresh_token" "authorization_code" ]; - response_types = [ "code" ]; - response_modes = [ "form_post" "query" "fragment" ]; - audience = []; - token_endpoint_auth_method = "client_secret_post"; - } - { - client_id = "0SbsGvw5APYJ4px~dv38rCVgXtK2XWrF1QvyuaFz48cgsNm-rAXkSgNOctfxS21IWOFSfsm5"; - client_name = "Karakeep"; - client_secret = "$pbkdf2-sha512$310000$4UanDZq.6oholJW3CmKwtQ$9e3hqR8qGU4LoneR/Y9jtJTx0iSzATI4iXymrs8QrmGw4JY1BPF4.IJ9Jbc.8cikU4qpfUIFO6r2dG7JHznCnw"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ "https://keep.cy7.sh/api/auth/callback/custom" ]; - scopes = [ "openid" "profile" "email" ]; - userinfo_signed_response_alg = "none"; - claims_policy = "karakeep"; - } ]; }; secrets = { @@ -134,4 +101,4 @@ in reverse_proxy localhost:9091 ''; }; -} +} \ No newline at end of file diff --git a/modules/containerization.nix b/modules/containerization.nix index 2bcc8dd..fd39da9 100644 --- a/modules/containerization.nix +++ b/modules/containerization.nix @@ -30,10 +30,6 @@ in }; # answer on /var/run/docker.sock dockerSocket.enable = true; - autoPrune = { - enable = true; - dates = "daily"; - }; }; docker.enable = lib.mkIf (!cfg.usePodman) true; oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; diff --git a/modules/default.nix b/modules/default.nix index 0d4638f..db7bfa4 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -10,6 +10,5 @@ ./searx.nix ./attic.nix ./authelia.nix - ./karakeep.nix ]; } diff --git a/modules/karakeep.nix b/modules/karakeep.nix deleted file mode 100644 index 3e75f74..0000000 --- a/modules/karakeep.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.karakeep; -in -{ - options.my.karakeep = { - enable = lib.mkEnableOption "karakeep"; - dataDir = lib.mkOption { - type = lib.types.path; - }; - port = lib.mkOption { - default = 3002; - description = "port for the web service"; - type = lib.types.port; - }; - domain = lib.mkOption { - default = "keep.cy7.sh"; - type = lib.types.str; - }; - environmentFile = lib.mkOption { - default = config.sops.secrets."karakeep/env".path; - type = lib.types.path; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation.oci-containers.containers = { - karakeep-web = { - image = "ghcr.io/karakeep-app/karakeep:release"; - pull = "newer"; - volumes = [ "${cfg.dataDir}:/data" ]; - ports = [ "${toString cfg.port}:3000"]; - dependsOn = [ - "karakeep-chrome" - "karakeep-meilisearch" - ]; - environment = { - MEILI_ADDR = "http://karakeep-meilisearch:7700"; - BROWSER_WEB_URL = "http://karakeep-chrome:9222"; - DATA_DIR = "/data"; - NEXTAUTH_URL = "https://${cfg.domain}"; - DISABLE_PASSWORD_AUTH = "true"; - OAUTH_WELLKNOWN_URL = "https://auth.cy7.sh/.well-known/openid-configuration"; - OAUTH_CLIENT_ID = "0SbsGvw5APYJ4px~dv38rCVgXtK2XWrF1QvyuaFz48cgsNm-rAXkSgNOctfxS21IWOFSfsm5"; - OAUTH_PROVIDER_NAME = "Authelia"; - OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = "true"; - }; - # needs NEXTAUTH_SECRET - environmentFiles = [ "${cfg.environmentFile}" ]; - }; - - karakeep-chrome = { - image = "ghcr.io/zenika/alpine-chrome:latest"; - pull = "newer"; - cmd = [ - "--no-sandbox" - "--disable-gpu" - "--disable-dev-shm-usage" - "--remote-debugging-address=0.0.0.0" - "--remote-debugging-port=9222" - "--hide-scrollbars" - ]; - }; - - karakeep-meilisearch = { - image = "getmeili/meilisearch:latest"; - volumes = [ "meilisearch:/meili_data" ]; - environment = { - MEILI_NO_ANALYTICS = "true"; - }; - # needs MEILI_MASTER_KEY - environmentFiles = [ "${cfg.environmentFile}" ]; - }; - }; - - services.caddy.virtualHosts.${cfg.domain}.extraConfig = '' - import common - reverse_proxy localhost:${toString cfg.port} - ''; - }; -} \ No newline at end of file diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml index 0c693dc..84ef3d6 100644 --- a/secrets/services/hedgedoc.yaml +++ b/secrets/services/hedgedoc.yaml @@ -1,6 +1,10 @@ hedgedoc: - env: ENC[AES256_GCM,data:9xnOlQrk1qCyiAHSjmu8dvj2/z/BrJlngNGAQnMwvLsL0pnyvvyJLnYWTDYix1a9o8OJUNLw6Qhq7KbY4uXfxsNZkfGdVHwvkvhySjR2rcX/r90txqHJUUIxE/TzdsBvonzQ0F85KfXhsi69gKHp016gCj+jNf6CCY+tOVpt71el4Z+jzqLHasuQET8GctKJRzHOfNfCx/X2kJeb7RQl3JFC6/VmYT45bUk7uFfveFD9ao03wJwLKi27wO1WDrfpOigFdvkmqpbWZjaILYHYmkdhdlhr7w330CiCmGHT/ssmSPcu5cYUc8tjYPgpYLjusiUzpE5jmut5GaNwZsY9hNuow/mUVnQ/tCDH0ChOq0DQisJ07VMYlRII9tMdcuT4IbjjwiRcYlORAHsTFUuo5DCaDp8a4mx846BGp1YMQsvqJQgOe4x15VMpeB/ptxm79qxcLZKZ3BkiJaKmDdWsVk9RfqVgsxqiq16Me2EQhknO2s/oBjGOaoIiT4NEuRFQl0BIPgIMD0lYzKx0uDaYyclID5W0DqMI+SrcBd+WH/BB9HPdZx92rFe34PzjZse0i6+5UZHXUu8au6CyLMqGkUlzkSFwVT5W7Lv2m9P3+6YjgPRMaYbg8b6kmavB6EtjiqWtTbMKr3nxPVYJc5FRImvebfFqiLy5MWoNV6Qe7TUGIk6QtX2OWBhQ1UB+IpR+180QH7yw7UpgJ9EM8dD2m2/smar5P0BjAaqAFib++GzoB0OfFtxJNUjrejQC11tRWBXYvcHWwa78VbKPul0xqiEMmsAZufMix4lD1EgutTf1CXfv7l0rUpLwkYbWIq2hT5UI53L0YWJDl7zlhi94ANdXV8z8kCvMeXm2Fwl/vIgJ9JuFeVeVYPpXwx2coLBwE6uI4SuFvY1d4ojvzY8KftcHWO7srVzpuwrwW+6gKLwPQyEazv+sRKXAGo0ffMO2/2KRgOu9zGwaOFaNDAZ6gYFDWbPz6TMfNWHzfLEFK5BlVAL8KDb78IODUBYcMr2CX1Y=,iv:LDkuJgxIbohEVf7wmdtOZ/vlPddMYa7uzHGkL+0MnUM=,tag:pnJiCJydjTmUbS761fPUPw==,type:str] + env: ENC[AES256_GCM,data:15rWiIYWyIJ0Hxl5I8m+EBV+FkNDT/OHlLK9shVS46UE7SQtuIh45N5hvwgs0rg9E9Tawu+lyE2aozWNh6HSDUZ1h4FYrB+JHwIetGkOqXSLHfXi,iv:v9ohLTtlxw3fsRoJJoOY5VYxVsxUyDEsQHRjcGKg/GY=,tag:Wncm1reqNblnVhRTYjU3Pg==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn enc: | @@ -20,7 +24,8 @@ sops: enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e 9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-05T21:08:15Z" - mac: ENC[AES256_GCM,data:cPisYUoZWd/vd+wWzz3xTnftj1RdjK20dWFo+MKssm/eu7eCOWDIaZdcJg13gkTleBpMWQy/mG1drC6GLfGQiBmkS99UCPAoo0aLTBL4FbSm6FEXdbVjoOI7URu6Sj31drWCMAm+lXYymWsHwZJrNLhjsCTQsxTPvFq8oOdNlXo=,iv:KpmJoZ/BGEEhZ75jXfXxegNglm7k6mtleRuVud6tX2g=,tag:lsiqX+YSz4mGK6mw9gdKNg==,type:str] + lastmodified: "2024-12-17T03:25:54Z" + mac: ENC[AES256_GCM,data:1cxiK/HhqYzatT2PhZxjvtizII2QMHqbbyOujUtx4cT8x488j2wecu6hOfSkuHbQ43AxA8kDH1NAruPCSdCpj3PytMR+np+R/5WuRcK+OF/FCnWvWvvHqgDnBs/wYjllnR6HyWBlhrROpINxu9ch4fzN0Def3I7O+wJgpojnPiU=,iv:PKPykPv9zSHj9+HXnrg1v8Ty78te66D9ZH6c1V7Qlh4=,tag:JQk68u6p317r3Df+hv16+g==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.10.1 + version: 3.9.2 diff --git a/secrets/services/karakeep.yaml b/secrets/services/karakeep.yaml deleted file mode 100644 index cc09262..0000000 --- a/secrets/services/karakeep.yaml +++ /dev/null @@ -1,35 +0,0 @@ -karakeep: - env: ENC[AES256_GCM,data:SWc26EQaKR5d9hMDYzVHA/r7XfjwFZ0d44Co0IS6OayR24ej7yqLAtkNttROKoKFuYc0sHgN9bOy4MyX0s3qiSWYovIIUJgFiJjPQFYDAo+50WR4+5W5FgvYI6e42fcWrQhaCXWQrDyzch/zT2OITZsjXcQhT5E+IiPLVkaGOjGptE07GjM7ZXI4UxBzINFQOhxdfIO0km1o6Wq8GhJdWsz4exz4ahRslR+WjK/flV2GZVAj6EHSJ5sHohm74QlhxaShEbc/8IKP6R2gSjBFP7l8VvwFyIUD9sLzYGvS3iU=,iv:gSPQU0bZ+VRFbuaNDc90dW0ogWX2SMH7kewtq/u/11E=,tag:L0Y4EWSQUhcn2eHt+yZ7qQ==,type:str] -sops: - age: - - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaWQ1Q1JwRHJxQjNjdTAx - TXRsWjVZOG1mNEptNVhscHBaK2I5MHhjdlFjCkNqOEhwT3hyOHpHQ2k0ZmowUXB4 - eks2dlpUS0V6VjBEYW9UWnhFOEw4VGsKLS0tIFo2a0FTRE5WdHBGVW5DOUFkaE9p - bitvUnJXSnB6UnV3VTEzSjlSYmEwVUEKHOwFCRu+SIyM0uJ6bNEAo+MMlsc8la6G - bLYdCoykcBu+uVXqn3BYTbrS5ylQMRYcbcPFJw5BVdmjIYF4LU5W6A== - -----END AGE ENCRYPTED FILE----- - - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrU2ZnNVAyeVdJeHlTSW1x - QUhKRzlNclVUWE1ucHFLZW5sL1lnUDhkd0Y4CjFuekNEOE1icDNqL1JyT0hEYW16 - Q2VyajJFWWtGUnBzOENGOEZHbWROZzAKLS0tIE8wMVc3TkV5Y1VyenIvOW02NDNq - cStTeUcvY1pJWEN2MzFEeThKT0JPc1EKXrtVG49a6YZVKiL1F8Xg3t3niTYv3LwN - NeAQ8srV0F6ckky7OCkvUp9GInZCWRzULXV/x+4IUb6C+KQaNm2vYA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdDdUSUlmMk5VcytyT01N - UmRaK2k5Wkh5SlhPT3QrczY2eW9vZk5KWFZBCnBteitnNFlHdWRaaTRxSWYvYmtG - ZnY5ZXlYa3Z5aENlRy9BQjVSU1F3UzQKLS0tIFpjN1dOaWNKaU9PaENyaXc1K3BU - K2orZ0Y2Z05LSUZ5WHQ4TnVVY0QwSzQKiUQT4aSxXnaq0kEMp+q5WnIUoGypEmZ+ - DQEhkB9yu/BrkjXH+HGQr1W5B4sJyb5rnl0+SQ+IypRIRyaX4CdFxg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-05T19:44:58Z" - mac: ENC[AES256_GCM,data:OmqsJI9BaICOTiH1cq4gZlNBbkAxn/pAOWBtkIjHdqpikABLG6fMY+sLpyeaovXjexIj9MZk7fPmV8dRZ5VNLHCqlYXK/cVoQBZ2HK+p/cGTAFelNAShu9NSgZdFmVgJJtOjVvFp8dtuY8VcQj861k/MPX0mNZt9pmXYdumjpNM=,iv:efHkp1KUctwtCjG9A8i5qs7nQfQqv2ya1yYlHHOt8pU=,tag:4lChpspl0oOUMiXzvGuA2Q==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.1