newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: newedge:inventree-test
Branches Tags
newedge:main newedge:mob/inventree-nixpkgs-test newedge:inventree-nixpkgs-test newedge:mob/inventree-test newedge:inventree-test newedge:mob/phonebox-multi-clients newedge:phonebox-multi-clients newedge:buna-machine newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:vega-ups newedge:mob/gitea newedge:gitea
..
compare: newedge:3bf4fa6772376dd386b4249b7f8a6bc78c409ccd
Branches Tags
newedge:mob/inventree-nixpkgs-test newedge:inventree-nixpkgs-test newedge:main newedge:mob/inventree-test newedge:inventree-test newedge:mob/phonebox-multi-clients newedge:phonebox-multi-clients newedge:buna-machine newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:vega-ups newedge:mob/gitea newedge:gitea

11 Commits
inventree- ... 3bf4fa6772

Author SHA1 Message Date
kurogeek
3bf4fa6772 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:inventories/default.nix
 2026-01-12 17:54:00 +07:00
kurogeek
3d14ae1bcf Update vars via generator tor_tor for machine rana 2026-01-12 17:53:57 +07:00
kurogeek
5f7aae7f41 Update vars via generator state-version for machine rana 2026-01-12 17:53:55 +07:00
kurogeek
5d3758e132 Update vars via generator root-password for machine rana 2026-01-12 17:53:55 +07:00
kurogeek
15331dcfd5 Update vars via generator openssh for machine rana 2026-01-12 17:53:54 +07:00
kurogeek
1a59f89f50 Add machine rana to secrets 2026-01-12 17:53:54 +07:00
kurogeek
f8174d4186 Update secret rana-age.key 2026-01-12 17:53:54 +07:00
kurogeek
32b01c84db mob next [ci-skip] [ci skip] [skip ci] 
lastFile:inventories/default.nix
 2026-01-12 17:43:05 +07:00
kurogeek
8982b61d79 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:machines/rana/configuration.nix
 2026-01-12 17:17:23 +07:00
kurogeek
7b48370a1c mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/home-manager-users/emmie/home.nix
 2026-01-12 16:54:10 +07:00
kurogeek
96811a2ac8 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:flake.lock
 2026-01-12 14:47:18 +07:00
47 changed files with 217 additions and 5785 deletions
Expand all files Collapse all files

6
flake.lock generated
View File

@@ -225,11 +225,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1768395095, "lastModified": 1761656231,
"narHash": "sha256-ZhuYJbwbZT32QA95tSkXd9zXHcdZj90EzHpEXBMabaw=", "narHash": "sha256-krgZxGAIIIKFJS+UB0l8do3sYUDWJc75M72tepmVMzE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "13868c071cc73a5e9f610c47d7bb08e5da64fdd5", "rev": "d7f52a7a640bc54c7bb414cca603835bf8dd4b10",
"type": "github" "type": "github"
}, },
"original": { "original": {

21
inventories/default.nix
View File

@@ -1,5 +1,4 @@
{ {
imports = [ ./personal-computer.nix ];
clan = { clan = {
inventory = { inventory = {
@@ -12,7 +11,6 @@
b4l = [ b4l = [
"rigel" "rigel"
"neptune" "neptune"
"rana"
]; ];
phonebox = [ phonebox = [
"neptune" "neptune"
@@ -48,6 +46,14 @@
}; };
}; };
user-emmie = {
module = {
name = "emmie-home";
input = "self";
};
# roles.default.machines."rana" = { };
};
tor = { tor = {
module = { module = {
name = "tor"; name = "tor";
@@ -162,6 +168,13 @@
}; };
roles.default.machines.b4l = { }; roles.default.machines.b4l = { };
}; };
pingvin = {
module = {
name = "pingvin";
input = "self";
};
roles.default.machines.b4l = { };
};
paperless = { paperless = {
module = { module = {
name = "paperless"; name = "paperless";
@@ -227,7 +240,7 @@
ftdi-sd-spi = { }; ftdi-sd-spi = { };
go-go-gadget = { }; go-go-gadget = { };
hacking-the-kindle = { }; hacking-the-kindle = { };
islands = PUBLIC; islands = { };
kt = { }; kt = { };
legba = { }; legba = { };
llb = PUBLIC; llb = PUBLIC;
@@ -237,7 +250,7 @@
navi = { }; navi = { };
notmuch-memoryhole = PUBLIC; notmuch-memoryhole = PUBLIC;
pms5003 = { }; pms5003 = { };
thinc = PUBLIC; thinc = { };
toad = { }; toad = { };
yggdrasil-erlang = { }; yggdrasil-erlang = { };
}; };

37
inventories/personal-computer.nix
View File

@@ -1,37 +0,0 @@
{
clan.inventory = {
tags = {
kde-desktop = [ "rana" ];
personal-computer = [ "rana" ];
};
instances = {
emmie-home = {
module = {
name = "home-user";
input = "self";
};
roles.default.settings = {
username = "emmie";
kbLayout = "us,th";
kbOptions = "grp:win_space_toggle,grp:alt_shift_toggle";
};
roles.default.machines."rana" = { };
};
personal-computer = {
module = {
name = "personal-computer";
input = "self";
};
roles.default.tags."personal-computer" = { };
};
kde = {
module = {
name = "kde";
input = "clan-core";
};
roles.default.tags."kde-desktop" = { };
};
};
};
}

3
inventory.json
View File

@@ -20,9 +20,6 @@
}, },
"buna": { "buna": {
"installedAt": 1765343708 "installedAt": 1765343708
},
"rana": {
"installedAt": 1768294839
} }
} }
} }

2
machines/b4l/services/nextcloud.nix
View File

@@ -19,7 +19,7 @@ in
services.nextcloud = { services.nextcloud = {
hostName = ncDomain; hostName = ncDomain;
package = pkgs.nextcloud32; package = pkgs.nextcloud31;
settings = { settings = {

45
machines/b4l/services/pingvin.nix Normal file
View File

@@ -0,0 +1,45 @@
{
pkgs,
config,
...
}:
let
serviceName = "${config.networking.hostName}-pingvin";
domain-name = "${
config.clan.core.vars.generators."${serviceName}".files.subdomain.value
}.${config.networking.fqdn}";
in
{
clan.core.vars.generators."${serviceName}" = {
files = {
subdomain.secret = false;
};
prompts = {
subdomain = {
persist = true;
type = "line";
description = "Sub-domain for Pingvin. Default:(share)";
};
};
runtimeInputs = [
pkgs.xkcdpass
pkgs.coreutils
];
script = ''
prompt_domain=$(cat "$prompts"/subdomain)
if [[ -n "''${prompt_domain-}" ]]; then
echo $prompt_domain | tr -d "\n" > "$out"/subdomain
else
echo -n "share" > "$out"/subdomain
fi
'';
};
services.pingvin-share = {
nginx.enable = true;
https = true;
hostname = domain-name;
};
}

6
machines/rana/configuration.nix
View File

@@ -1,9 +1,5 @@
{ self, ... }: { ... }:
{ {
imports = [
self.nixosModules.common
];
nixpkgs.hostPlatform = { nixpkgs.hostPlatform = {
system = "x86_64-linux"; system = "x86_64-linux";
}; };

2
machines/rana/disko.nix
View File

@@ -1,7 +1,7 @@
{ ... }: { ... }:
let let
hashDisk = disk: "os-${builtins.substring 0 5 (builtins.hashString "sha256" disk)}"; hashDisk = disk: "os-${builtins.substring 0 5 (builtins.hashString "sha256" disk)}";
os = "/dev/disk/by-id/nvme-SAMSUNG_MZVL81T0HFLB-00BLL_S7XKNF0Y966645"; os = "/dev/disk/by-id/FIXME";
in in
{ {

5395
machines/rana/facter.json
View File

File diff suppressed because it is too large Load Diff

2
modules/clan/actual-budget/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "actual-budget"; manifest.name = "actual-budget";
manifest.description = "A local-first personal finance app "; manifest.description = "A local-first personal finance app ";
manifest.readme = "A local-first personal finance app";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "A default server role.";
perInstance.nixosModule = perInstance.nixosModule =
{ {

2
modules/clan/git-daemon/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "git-daemon"; manifest.name = "git-daemon";
manifest.description = "a really simple server for git repositories"; manifest.description = "a really simple server for git repositories";
manifest.readme = "a really simple server for git repositories";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default server role";
interface = interface =
{ lib, ... }: { lib, ... }:
{ {

2
modules/clan/grafana/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "grafana"; manifest.name = "grafana";
manifest.description = "Platform for data analytics and monitoring"; manifest.description = "Platform for data analytics and monitoring";
manifest.readme = "Platform for data analytics and monitoring";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "A default server role";
perInstance.nixosModule = perInstance.nixosModule =
{ {

31
modules/clan/home-manager-users/emmie/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "emmie";
manifest.description = "Home manager for user Emmie";
manifest.categories = [ "System" ];
roles.default = {
perInstance.nixosModule =
{
config,
lib,
inputs,
...
}:
let
username = "emmie";
in
{
imports = [ inputs.home-manager.flakeModules.home-manager ];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.${username} = ./home.nix;
home-manager.extraSpecialArgs = {
inherit inputs;
};
};
};
}

15
modules/clan/home-profiles/home-user/home.nix → modules/clan/home-manager-users/emmie/home.nix
View File

@@ -1,14 +1,11 @@
{ { osConfig, pkgs, ... }:
osConfig, let
pkgs, username = "emmie";
lib, in
username,
...
}:
{ {
home = { home = {
inherit username; inherit username;
homeDirectory = lib.mkForce "/home/${username}"; homeDirectory = "/home/${username}";
stateVersion = osConfig.system.stateVersion; stateVersion = osConfig.system.stateVersion;
packages = with pkgs; [ packages = with pkgs; [
libreoffice libreoffice
@@ -16,8 +13,8 @@
brave brave
firefox firefox
keepassxc keepassxc
drawio
vlc vlc
thunderbird
]; ];
}; };
programs.home-manager.enable = true; programs.home-manager.enable = true;

10
modules/clan/home-manager-users/flake-module.nix Normal file
View File

@@ -0,0 +1,10 @@
{ lib, ... }:
let
emmie = lib.modules.importApply ./emmie/default.nix { };
in
{
clan.modules = {
emmie-home = emmie;
};
}

6
modules/clan/home-profiles/flake-module.nix
View File

@@ -1,6 +0,0 @@
{ lib, ... }:
{
clan.modules = {
home-user = lib.modules.importApply ./home-user { };
};
}

64
modules/clan/home-profiles/home-user/default.nix
View File

@@ -1,64 +0,0 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "common-user-home-manager";
manifest.description = "General users' home-manager profile generator";
manifest.readme = "General users' home-manager profile generator";
manifest.categories = [ "System" ];
roles.default = {
description = "a default role for the user";
interface =
{ lib, ... }:
{
options = {
username = lib.mkOption {
type = lib.types.str;
};
kbLayout = lib.mkOption {
type = lib.types.str;
default = "us";
};
kbOptions = lib.mkOption {
type = lib.types.str;
default = "grp:win_space_toggle";
};
};
};
perInstance =
{ settings, ... }:
{
nixosModule =
{ inputs, ... }:
let
username = settings.username;
in
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
users.users.${username} = {
initialPassword = "";
isNormalUser = true;
extraGroups = [
"audio"
"video"
"networkmanager"
];
};
services.xserver = {
enable = true;
xkb.layout = settings.kbLayout;
xkb.options = settings.kbOptions;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.${username} = ./home.nix;
home-manager.extraSpecialArgs = {
inherit inputs username;
};
};
};
};
}

25
modules/clan/jukebox/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "jukebox"; manifest.name = "jukebox";
manifest.description = "mpd server, library on removable disks"; manifest.description = "mpd server, library on removable disks";
manifest.readme = "mpd server, library on removable disks";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default server role";
interface = interface =
{ lib, ... }: { lib, ... }:
{ {
@@ -113,22 +111,19 @@
services.mpd = { services.mpd = {
enable = true; enable = true;
openFirewall = true; musicDirectory = settings.baseDir;
settings = { network.listenAddress = "any";
bind_to_address = "any"; extraConfig = ''
music_directory = settings.baseDir; audio_output {
audio_output = [ type "pulse"
{ name "jukebox"
type = "pulse"; server "localhost"
name = "jukebox"; }
server = "localhost"; '';
}
];
};
}; };
networking.firewall.interfaces = lib.genAttrs settings.binds (_: { networking.firewall.interfaces = lib.genAttrs settings.binds (_: {
allowedTCPPorts = [ config.services.mpd.settings.port ]; allowedTCPPorts = [ config.services.mpd.network.port ];
}); });
environment.systemPackages = [ pkgs.mpc ]; environment.systemPackages = [ pkgs.mpc ];

2
modules/clan/nextcloud/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "nextcloud"; manifest.name = "nextcloud";
manifest.description = "Nextcloud server, a safe home for all your data"; manifest.description = "Nextcloud server, a safe home for all your data";
manifest.readme = "Nextcloud server, a safe home for all your data";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default server role";
perInstance.nixosModule = perInstance.nixosModule =
{ {

2
modules/clan/paperless/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "paperless"; manifest.name = "paperless";
manifest.description = "A community-supported supercharged document management system: scan, index and archive all your documents"; manifest.description = "A community-supported supercharged document management system: scan, index and archive all your documents";
manifest.readme = "A community-supported supercharged document management system: scan, index and archive all your documents";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default server role";
perInstance.nixosModule = perInstance.nixosModule =
{ {

8
modules/clan/personal-computer/automatic-timezone.nix
View File

@@ -1,8 +0,0 @@
{ lib, ... }:
{
services.automatic-timezoned.enable = true;
services.geoclue2 = {
enableDemoAgent = lib.mkForce true;
geoProviderUrl = "https://beacondb.net/v1/geolocate";
};
}

21
modules/clan/personal-computer/default.nix
View File

@@ -1,21 +0,0 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "personal-computer";
manifest.description = "A service for configuring personal computer such as printing, automatic-timezone, etc.";
manifest.readme = "A service for configuring personal computer such as printing, automatic-timezone, etc.";
manifest.categories = [ "System" ];
roles.default = {
description = "an only one default role";
perInstance.nixosModule =
{ inputs, lib, ... }:
{
imports = [
(inputs.import-tree.initFilter (
p: !lib.hasSuffix "default.nix" p && !lib.hasSuffix "flake-module.nix" p
) ./.)
];
};
};
}

4
modules/clan/personal-computer/desktop-environment.nix
View File

@@ -1,4 +0,0 @@
{ config, ... }:
{
security.pam.services."sddm".kwallet.enable = config.services.desktopManager.plasma6.enable;
}

6
modules/clan/personal-computer/flake-module.nix
View File

@@ -1,6 +0,0 @@
{ lib, ... }:
{
clan.modules = {
personal-computer = lib.modules.importApply ./default.nix { };
};
}

11
modules/clan/personal-computer/libinput.nix
View File

@@ -1,11 +0,0 @@
{
services = {
libinput = {
enable = true;
touchpad = {
disableWhileTyping = true;
naturalScrolling = true;
};
};
};
}

62
modules/clan/personal-computer/printing.nix
View File

@@ -1,62 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
allowManageGroups = [
"root"
"wheel"
"lpadmin"
];
polkitAllowGroups = builtins.concatStringsSep "||" (
builtins.map (group: ''subject.isInGroup("${group}")'') allowManageGroups
);
printerMember = lib.map (user: user.name) (
lib.attrsets.attrsToList (
lib.attrsets.filterAttrs (name: value: value.isNormalUser) config.users.users
)
);
in
{
services.printing = {
enable = true;
drivers = [
pkgs.brlaser
pkgs.gutenprint
];
extraFilesConf = ''
SystemGroup ${builtins.concatStringsSep " " allowManageGroups}
'';
};
security.polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function(action, subject) {
var actionMatchs = (
action.id.indexOf('org.opensuse.cupspkhelper.mechanism.') === 0
);
if (actionMatchs) {
if (${polkitAllowGroups}) {
return polkit.Result.YES
}
}
});
'';
};
hardware.sane = {
enable = true;
};
users.groups.lpadmin.members = printerMember;
users.groups.lp.members = printerMember;
users.groups.scanner.members = printerMember;
}

11
modules/clan/personal-computer/users.nix
View File

@@ -1,11 +0,0 @@
{ lib, ... }:
{
users.mutableUsers = lib.mkForce true;
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.accounts.change-own-password")) {
return polkit.Result.AUTH_SELF;
}
});
'';
}

4
modules/clan/personal-computer/wireless.nix
View File

@@ -1,4 +0,0 @@
{
networking.networkmanager.enable = true;
hardware.bluetooth.enable = true;
}

4
modules/clan/phonebox/default.nix
View File

@@ -5,12 +5,10 @@
{ {
_class = "clan.service"; _class = "clan.service";
manifest.name = "phonebox"; manifest.name = "phonebox";
manifest.description = "A peer to peer phone relay network built on top of yggdrasil."; manifest.description = "";
manifest.readme = "A peer to peer phone relay network built on top of yggdrasil.";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default server role";
interface = interface =
{ lib, ... }: { lib, ... }:
{ {

23
modules/clan/pingvin/default.nix Normal file
View File

@@ -0,0 +1,23 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "pingvin";
manifest.description = "A self-hosted file sharing platform that combines lightness and beauty, perfect for seamless and efficient file sharing.";
manifest.categories = [ "System" ];
roles.default = {
perInstance.nixosModule =
{
config,
...
}:
{
services.pingvin-share = {
enable = true;
};
clan.core.state.pingvin-share.folders = [ config.services.pingvin-share.dataDir ];
};
};
}

19
modules/clan/pingvin/flake-module.nix Normal file
View File

@@ -0,0 +1,19 @@
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
pingvin = module;
};
perSystem =
{ ... }:
{
clan.nixosTests.service-pingvin = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/pingvin" = module;
};
};
}

42
modules/clan/pingvin/tests/vm/default.nix Normal file
View File

@@ -0,0 +1,42 @@
{
...
}:
{
name = "service-pingvin";
clan = {
directory = ./.;
inventory = {
machines.server = { };
instances = {
pingvin-test = {
module.name = "@clan/pingvin";
module.input = "self";
roles.default.machines."server".settings = { };
};
};
};
};
nodes = {
server = {
services.pingvin-share = {
hostname = "share.localhost";
frontend.port = 3000;
backend.port = 8000;
};
};
};
testScript = ''
start_all()
server.wait_for_unit("pingvin-share-frontend")
server.succeed("systemctl status pingvin-share-frontend")
server.wait_for_open_port(3000)
server.wait_for_open_port(8000)
server.succeed("curl -H \"Host: share.localhost\" http://127.0.0.1:3000 ")
'';
}

2
modules/clan/pocket-id/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "pocket-id"; manifest.name = "pocket-id";
manifest.description = "A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services."; manifest.description = "A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.";
manifest.readme = "A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default server role";
perInstance.nixosModule = perInstance.nixosModule =
{ {

2
modules/clan/pulse-stream/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "pulse-stream"; manifest.name = "pulse-stream";
manifest.description = "stream audio to attached speakers"; manifest.description = "stream audio to attached speakers";
manifest.readme = "stream audio to attached speakers";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default role";
interface = interface =
{ lib, ... }: { lib, ... }:
{ {

2
modules/clan/stirling-pdf/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "stirling-pdf"; manifest.name = "stirling-pdf";
manifest.description = "Your locally hosted one-stop-shop for all your PDF needs."; manifest.description = "Your locally hosted one-stop-shop for all your PDF needs.";
manifest.readme = "Your locally hosted one-stop-shop for all your PDF needs.";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default server role";
perInstance.nixosModule = perInstance.nixosModule =
{ {
lib, lib,

2
modules/clan/victoriametrics/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "Victoria Metrics"; manifest.name = "Victoria Metrics";
manifest.description = "VictoriaMetrics: fast, cost-effective monitoring solution and time series database"; manifest.description = "VictoriaMetrics: fast, cost-effective monitoring solution and time series database";
manifest.readme = "VictoriaMetrics: fast, cost-effective monitoring solution and time series database";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default server role";
perInstance.nixosModule = perInstance.nixosModule =
{ {
config, config,

2
modules/clan/vikunja/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "vikunja"; manifest.name = "vikunja";
manifest.description = "The to-do app to organize your life."; manifest.description = "The to-do app to organize your life.";
manifest.readme = "The to-do app to organize your life.";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default server role";
perInstance.nixosModule = perInstance.nixosModule =
{ {
lib, lib,

2
modules/clan/yggdrasil/default.nix
View File

@@ -3,11 +3,9 @@
_class = "clan.service"; _class = "clan.service";
manifest.name = "yggdrasil"; manifest.name = "yggdrasil";
manifest.description = "An in scalable routing as an encrypted IPv6 overlay network"; manifest.description = "An in scalable routing as an encrypted IPv6 overlay network";
manifest.readme = "An in scalable routing as an encrypted IPv6 overlay network";
manifest.categories = [ "System" ]; manifest.categories = [ "System" ];
roles.default = { roles.default = {
description = "a default peer role";
perInstance.nixosModule = perInstance.nixosModule =
{ {
lib, lib,

17
modules/nixos/think-backend-gtcm.nix
View File

@@ -57,7 +57,7 @@ in
dataDir = lib.mkOption { dataDir = lib.mkOption {
type = lib.types.path; type = lib.types.path;
default = "/var/lib/think-backend.greaterchiangmai.com"; default = "/var/lib/think-backend.greaterchiangmai.com";
description = "A place where to store states"; description = ''A place where to store states'';
}; };
user = lib.mkOption { user = lib.mkOption {
@@ -263,7 +263,6 @@ in
# migrate & seed db # migrate & seed db
${lib.getExe php} artisan key:generate --force ${lib.getExe php} artisan key:generate --force
${lib.getExe php} artisan migrate --force ${lib.getExe php} artisan migrate --force
${lib.getExe php} artisan storage:link
${lib.getExe php} artisan config:cache ${lib.getExe php} artisan config:cache
''; '';
}; };
@@ -271,8 +270,8 @@ in
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${cfg.dataDir} 0710 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir} 0710 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/cache 0700 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/cache 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/public 0755 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/public 0750 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/public/uploads 0755 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/public/uploads 0750 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage 0700 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/storage 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/app 0700 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/storage/app 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/fonts 0700 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/storage/fonts 0700 ${cfg.user} ${cfg.group} - -"
@@ -305,16 +304,6 @@ in
index = "index.php"; index = "index.php";
tryFiles = "$uri $uri/ /index.php?$query_string"; tryFiles = "$uri $uri/ /index.php?$query_string";
}; };
"/uploads" = {
root = "${cfg.dataDir}/public/uploads";
index = "index.php index.html";
tryFiles = "$uri $uri/ /index.php";
};
"/storage" = {
root = "${cfg.dataDir}/public/storage";
index = "index.php index.html";
tryFiles = "$uri $uri/ /index.php";
};
"~ \\.php$".extraConfig = '' "~ \\.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools."think-backend-gtcm".socket}; fastcgi_pass unix:${config.services.phpfpm.pools."think-backend-gtcm".socket};
''; '';

14
modules/nixos/think-gtcm.nix
View File

@@ -33,7 +33,7 @@ in
dataDir = lib.mkOption { dataDir = lib.mkOption {
type = lib.types.path; type = lib.types.path;
default = "/var/lib/think.greaterchiangmai.com"; default = "/var/lib/think.greaterchiangmai.com";
description = "A place where to store states"; description = ''A place where to store states'';
}; };
user = lib.mkOption { user = lib.mkOption {
@@ -228,7 +228,6 @@ in
# migrate & seed db # migrate & seed db
${lib.getExe php} artisan key:generate --force ${lib.getExe php} artisan key:generate --force
${lib.getExe php} artisan migrate --force ${lib.getExe php} artisan migrate --force
${lib.getExe php} artisan storage:link
${lib.getExe php} artisan config:cache ${lib.getExe php} artisan config:cache
''; '';
}; };
@@ -268,16 +267,7 @@ in
index = "index.php"; index = "index.php";
tryFiles = "$uri $uri/ /index.php?$query_string"; tryFiles = "$uri $uri/ /index.php?$query_string";
}; };
"/uploads" = {
root = "${cfg.dataDir}/public/uploads";
index = "index.php index.html";
tryFiles = "$uri $uri/ /index.php";
};
"/storage" = {
root = "${cfg.dataDir}/public/storage";
index = "index.php index.html";
tryFiles = "$uri $uri/ /index.php";
};
"~ \\.php$".extraConfig = '' "~ \\.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools."think-gtcm".socket}; fastcgi_pass unix:${config.services.phpfpm.pools."think-gtcm".socket};
''; '';

6
pkgs/think-backend-gtcm.nix
View File

@@ -21,16 +21,12 @@ php.buildComposerProject2 (finalAttrs: {
runHook preInstall runHook preInstall
mkdir -p $out mkdir -p $out
cp -R * $out cp -R * $out
rm -rf $out/storage rm -rf $out/storage
ln -s ${dataDir}/.env $out/.env ln -s ${dataDir}/.env $out/.env
ln -s ${dataDir}/storage $out/storage ln -s ${dataDir}/storage $out/storage
ln -s ${dataDir}/public/storage $out/public/storage
ln -s ${dataDir}/public/uploads $out/public/uploads
runHook postInstall runHook postInstall
''; '';
composerStrictValidation = false; composerStrictValidation = false;
vendorHash = "sha256-wGfbprSDULBje1s5y3+ZiU/nCwYGDEULobZzyzGZ9bQ="; vendorHash = "sha256-eXm1x3E9KHWojaT2RU4inMdZqQVcWdLCKlvzhOlIZrc=";
}) })

6
pkgs/think-gtcm.nix
View File

@@ -21,16 +21,12 @@ php.buildComposerProject2 (finalAttrs: {
runHook preInstall runHook preInstall
mkdir -p $out mkdir -p $out
cp -R * $out cp -R * $out
rm -rf $out/storage rm -rf $out/storage
ln -s ${dataDir}/.env $out/.env ln -s ${dataDir}/.env $out/.env
ln -s ${dataDir}/storage $out/storage ln -s ${dataDir}/storage $out/storage
ln -s ${dataDir}/public/storage $out/public/storage
ln -s ${dataDir}/public/uploads $out/public/uploads
runHook postInstall runHook postInstall
''; '';
composerStrictValidation = false; composerStrictValidation = false;
vendorHash = "sha256-b8+AKUmjQiOdV8UC9GYfJzAHFs9+FRSH91YsxKt0rDA="; vendorHash = "sha256-QV3hR3U3GwCqrCRxfkazmJwDpO1vFyMfA6YqUb4bjMI=";
}) })

1
vars/per-machine/rana/zerotier/zerotier-identity-secret/groups/admins
View File

@@ -1 +0,0 @@
../../../../../../sops/groups/admins

1
vars/per-machine/rana/zerotier/zerotier-identity-secret/machines/rana
View File

@@ -1 +0,0 @@
../../../../../../sops/machines/rana

50
vars/per-machine/rana/zerotier/zerotier-identity-secret/secret
View File

@@ -1,50 +0,0 @@
{
"data": "ENC[AES256_GCM,data:yUOVTbLI7vWM1K4pnC+bqK3K0TBj/nC/v9bh/QUBnoIaHrC8YtiVpEYqUOohkxc8DghoYHNcDrR26Qulr3SI85+t9krBJ6B2JkxTNBNKL0cpttE49OH+/maWPRw7Lf8YznX9sBFAd6p7bRYDaIBu0HP9R3exsqYwmd+FnyaKhSssdji+PCAydeQBSbLhTHYSAGKJtNw9UrfM3igzImemvBZXV8qa57nf3Qi67a/d6gbdjaV6fwVPuI0z6pUd45T+kXI7hOChASyNxTQEbQavzM58MuPpIToy68Peu4efiiBMrUmYgaTXQw8Av6+C+1dGgZqyXKxHEeYR8YuWWCCCJpJBWb4K2dVIBZDGQJeq,iv:+PASIqOP9Kl9nCjqzafM7FMlrdWuAM02ouiUPU5/sog=,tag:mpgdImbYgzia9io/vkWonQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjam5Ia0J3Yjl1bGNyUUhx\nZFplK3JPb3ZaMEZqd3JsTlRhNXVUZktCTTNzCndoL2U4Q1BJem0reWZRNElwTGp4\nQ2d6eWk4eHZEN01nMUFqR3ZxRFhlOFkKLS0tIEVkUUNmQXBsVWFJWEJWc01UUHhL\nWWlGYmY4VTlKbm1jWG4rSWoxbU02ZWMKa2m8hH3nxWb1oiV+Ts2KJgtEBAAMv5gk\nN+2vFxndrfseu28kTKKMiAh56P0pfdiF/GS0WIdP4tigTby4FgE21Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age14l00770djurg4uycw5988nklpeha2wxy35t5jx7x8yp2d6uv7y6s47nskp",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdmlYdEJWOE91RWxqYTBO\nNGVzMGpjS2c4dG9SQVl2M201U1N1K01wTGxvCjQ1QVM3QlJiNGx0YTFaTHptL1hv\nc0lqMUJtNmJWbm9NVlNudFNZTUZ2R00KLS0tIGRxYzhHOWlFWExybTkrTkZORk5i\nZ1pEQ0tzblRmZ1MyZjVsbk9LZ2xmK1UKyHViPWllmDqKNoNpnyvUhJXGKOkDPO6H\nFBcLgokBal7Qb/2uRZ5LAYGZP1RleVANZYmx1dtRBmyLOGcjoA9jyw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3SDk0YUNVZ3htQkxrM0Z2\nK2Y4dTJqY1RBRDRycldTTTBLU3FJV3BWb1c4CmczNE1WNkRyaTMva1BJZm1jMkIz\nS2ZudWRJTXJ4VlIxd0xQcHhISm9wTnMKLS0tIFpFUHE4MDdoNWx1Ty9JS01rNmtj\nSTFaaU1sdGJpV1EwQmFBelhoTGw3MncKk8fHdw1hhJ4s3/p9X6/K3RBL0o/0/Vlo\nXnWiowpLI6oR+EHKZ2wQPVIwYPqEr5RiavupNBVdJQfJwO2k1Gk+2Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIEF1ZmhOUlhX\ncU5seXJyTzJYbzFVYjNERlZJSDcrOHA0QUc3UENTT0t5RU0gQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQowQzVOc3Z0YWlHMzZRQlU2c1VSQURH\nRDJ1ejMwbW5MUVdSOW9FR2YrR2h3Ci0tLSBxNWRaM05BQVlvR1RUbWk1TjB5YjFL\nZ3JCS1JCaGFMV0g3alJLZkNMWnBvCo+PJk9XFaKbl5qsxVBCqPt4FIOgvgMinmAE\nha9wnYuIOseXxA2f9XJ78C/4OuDlcXhLpq6N9nYHe9BaJ6DgNzw=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIFRWQXVBS2Iz\nNEVrRmxHRmc2b2llNzVvTVRxZjB5Q0h2WlgzVi9HendjaGMgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwpmd2Z5T1Y4VnZnN2ZnV3lDdURPaHRs\nZk5jWmF3Nk5qNHhpcEpwN2dtZ2JnCi0tLSBNa0RvNWdOc0JqSENTV2dGY3lkTndD\ncjdKOFczVFlOYWNRSDVwem1xQ3M4Cr6kGSazPYHLFFkAkepxpZ+hlA4vuZCzTl2q\npuoaAsqxDyFrywxCQTXALRr3bZoq7URuWEZQQryPUg6KWpz32aU=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIGI0aHBlRmd0\nSEMyWmRvSkl0RFREeGw3bW1DMnQ0RWZTQ3MvUmdER3dYeWsgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpTaXNjQUxUalkrNUIwenBrZnJzR1hD\nU1VwYkduWHRCUFExOFZsTXp5Q2V3Ci0tLSBteTdwYXpvSWQ1RUVrV1drMTVOSXRS\neHh6V2NSUUpBc1U4Qy92eXZseS8wCj9ILLyLzFDZcHfaLUB6H39/FKIHNp3hF3Ov\nxre6zPI7kuSqVuxnstzmyVakBUlHSyMSWhd4RPme0w67RPr17PY=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneHZoNHhNb1JHdjVnS1pM\nK05GYWJ1K1RCK290TzJ4b0dMWlNSY0QzMmdJCng4VnZDcHpoUkVBeFlFZ3Eydmp3\nU0JHZStmTWppejBvOWxNOHAybHFrMkkKLS0tIHdWWkFhOVpVeTJRNVNiS2hPU3hm\nM3EzeklYMXZkQnFMK3cwNFRCSlRHaDgKK1k/C0v+u0iezcRo1JPt+2Edx0uyohXV\nKKXqG4zgksh6Cbw0si6pKawgxafjzjrYJwo96jNz1YDBfDLpAUC6xg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtQU9IbHpXUWlOTE9NYmNW\nUFRYTUQwcnp4QTl0MDBMVFI3Y3duWkxUQ3hBCkkvVnBRV3ZQam9CUnpmTmJ1NFh6\nRi9zRHlNMHo0Y21wRHZOMW5UcDBTQ2cKLS0tIGNYMUQ4VWp3RytCaDhwbUpudElL\nU2NQWVlvZno4V29iOGliczhmLzdzYm8KNzGmyLLVO3A0H940KntObPdBGw/lZA1t\nF9bV1txctvZf+QHfbgUdFwuF4MORVjo0fCRRjjw5kqNUHosStHTynw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRY1FIMVFjZmg1V1RBblNM\nVlhlTWJlS0ZzS3J4MW1BNGNrWGRkemJVMkRBCk5HRktxaVk2d1ExYzNGMWR4ak5N\nR2lrQlVBcEVjUGRVNGJnSlJSSkdEcmsKLS0tIHVRbmlrbUFwUWQ1ZUx2VHNmYWpV\nM3czbXRZWW1GQ0VJSUhlSUhkeExjelUKymIxMBBlD67h4u518h0/7sarJtNowkD/\nE9ThbqRkCWt/JxGEykQnl4WYWlNX45N/vT1llEeVJmd9oOncHBY+qQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3aHljai9FK1YrWmdTelEw\nTkhQT1hpbkRDYkE3SzdxbDVYQWxkMndWZGlJCm1reGVuMytaYkhPSUdUNHpZR2ZW\nK2tFSEp4THhqRG5SOUwxOFZDSU5kbWcKLS0tIEhhVUlCQTZnOVRPU2xkQk5obGph\nb0dBMldUNlI5cmpDZlV4UTR0eDdmN2sKjvTgRnn6afEdL1mHbWbJwfR/AKWhJ/rC\nbSPW5q5rtqbVYq1gpufPUZK+/KUzhhaT+YfhEZrYMYpknbzdArqQ3Q==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-01-15T02:33:50Z",
"mac": "ENC[AES256_GCM,data:Wb1zaCFrFFy4+REhmA8OSRETqQLLAzKZyVomsvUCxHihTJ08reMpbg9oreN9FoMcRMmB2TgtnLGnZ4I2ogvnytzbdTNfknmmoT0JWJCxKRV2XdR61UXRJeUT2v6wm528aZmKrqt2QhArec7+h04zWD8WGUQsYHFrq0Ho2OFDO8A=,iv:r1nmy5OvuThlcz+nJc9wg4Lnl3PjP34FreK+y+f6Bjw=,tag:qxhUn7PFykKoB710u0vB5g==,type:str]",
"version": "3.11.0"
}
}

1
vars/per-machine/rana/zerotier/zerotier-identity-secret/users/kurogeek
View File

@@ -1 +0,0 @@
../../../../../../sops/users/kurogeek

1
vars/per-machine/rana/zerotier/zerotier-ip/value
View File

@@ -1 +0,0 @@
fd79:fada:fbe9:8c5d:d899:93c1:e7fc:2733