From 05a9d96d4e808f6c9552f2eec941b161bf8915c4 Mon Sep 17 00:00:00 2001 From: Lilith Date: Thu, 4 Dec 2025 13:28:25 +0100 Subject: [PATCH] update --- flake.lock | 337 +++++++++++++---------- flake.nix | 3 +- home/lilith/messaging.nix | 1 + home/lilith/packages.nix | 1 + hosts/lilith-lab/default.nix | 12 +- hosts/lilith-lab/secrets/default.yaml | 6 +- hosts/lilith-lab/secrets/networking.yaml | 42 +++ hosts/lilith-pad/default.nix | 2 +- server/arr/default.nix | 65 +++++ server/default.nix | 12 + server/deluge/default.nix | 154 +++++++++++ server/home-assistant/bathroom.nix | 30 ++ server/home-assistant/default.nix | 66 +++++ server/home-assistant/heating.nix | 16 ++ server/home-assistant/lights.nix | 55 ++++ server/home-assistant/mosquitto.nix | 20 ++ server/home-assistant/wyoming.nix | 19 ++ server/home-assistant/zones.nix | 27 ++ server/jellyfin/default.nix | 51 ++++ server/nfs-server.nix | 33 +++ server/ollama.nix | 29 ++ server/wireguard.nix | 1 + system/optional/default.nix | 2 +- system/optional/ollama.nix | 20 -- system/optional/wireguard.nix | 31 +++ unfree.nix | 8 + 26 files changed, 861 insertions(+), 182 deletions(-) create mode 100644 hosts/lilith-lab/secrets/networking.yaml create mode 100644 server/arr/default.nix create mode 100644 server/default.nix create mode 100644 server/deluge/default.nix create mode 100644 server/home-assistant/bathroom.nix create mode 100644 server/home-assistant/default.nix create mode 100644 server/home-assistant/heating.nix create mode 100644 server/home-assistant/lights.nix create mode 100644 server/home-assistant/mosquitto.nix create mode 100644 server/home-assistant/wyoming.nix create mode 100644 server/home-assistant/zones.nix create mode 100644 server/jellyfin/default.nix create mode 100644 server/nfs-server.nix create mode 100644 server/ollama.nix create mode 100644 server/wireguard.nix delete mode 100644 system/optional/ollama.nix create mode 100644 system/optional/wireguard.nix diff --git a/flake.lock b/flake.lock index da5480fa..a125ce09 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ ] }, "locked": { - "lastModified": 1755946532, - "narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=", + "lastModified": 1764370710, + "narHash": "sha256-7iZklFmziy6Vn5ZFy9mvTSuFopp3kJNuPxL5QAvtmFQ=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada", + "rev": "561ae7fbe1ca15dfd908262ec815bf21a13eef63", "type": "github" }, "original": { @@ -54,27 +54,28 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "lastModified": 1754405784, + "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", "owner": "tomyun", "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" } }, "base16-helix": { "flake": false, "locked": { - "lastModified": 1752979451, - "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "lastModified": 1760703920, + "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "rev": "d646af9b7d14bff08824538164af99d0c521b185", "type": "github" }, "original": { @@ -103,11 +104,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1756083905, - "narHash": "sha256-UqYGTBgI5ypGh0Kf6zZjom/vABg7HQocB4gmxzl12uo=", + "lastModified": 1764724327, + "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "b655eaf16d4cbec9c3472f62eee285d4b419a808", + "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", "type": "github" }, "original": { @@ -119,11 +120,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -161,11 +162,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -176,11 +177,11 @@ }, "flake-private": { "locked": { - "lastModified": 1755291684, - "narHash": "sha256-odToLtFoY6GJQWqOksrDW4vCYIvA/utOkwjAedQpJ0w=", + "lastModified": 1764851282, + "narHash": "sha256-3Fiap0wQOUlp2V1YHSzpIqIdR188s5u7jYfBR0B+/wI=", "ref": "main", - "rev": "88b0a0e5b1bb9bd25803e5c2c4d6aacb54205786", - "revCount": 8, + "rev": "c959ec66d9861b99eeb5948c5108f2b8ed4a3c4b", + "revCount": 9, "type": "git", "url": "ssh://git@git.firelilith.org/lilith/flake-private.git" }, @@ -249,18 +250,20 @@ "gnome-shell": { "flake": false, "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "host": "gitlab.gnome.org", + "lastModified": 1764524476, + "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", - "type": "github" + "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", + "type": "gitlab" }, "original": { + "host": "gitlab.gnome.org", "owner": "GNOME", - "ref": "48.2", + "ref": "gnome-49", "repo": "gnome-shell", - "type": "github" + "type": "gitlab" } }, "home-manager": { @@ -270,11 +273,11 @@ ] }, "locked": { - "lastModified": 1758719112, - "narHash": "sha256-IsR8OZWlkMNdeWFBV7ONT4id3+PQ1Dv8UQd2yf3pYxg=", + "lastModified": 1764839789, + "narHash": "sha256-QCgaXEj8036JlfyVM2e5fgKIxoF7IgGRcAi8LkehKvo=", "owner": "nix-community", "repo": "home-manager", - "rev": "d398f95f1e9108f18c7dbe45423c71ccf52497c4", + "rev": "d441981b200305ebb8e2e2921395f51d207fded6", "type": "github" }, "original": { @@ -328,11 +331,11 @@ ] }, "locked": { - "lastModified": 1758192433, - "narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=", + "lastModified": 1763733840, + "narHash": "sha256-JnET78yl5RvpGuDQy3rCycOCkiKoLr5DN1fPhRNNMco=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7", + "rev": "8f1bec691b2d198c60cccabca7a94add2df4ed1a", "type": "github" }, "original": { @@ -353,11 +356,11 @@ ] }, "locked": { - "lastModified": 1758631015, - "narHash": "sha256-IN0xWy9AkyMLuWIGZES+VUVD94FgrN7Sd+f1+c7o9X8=", + "lastModified": 1764502778, + "narHash": "sha256-FKbMxf2Y45ZCVG7CCjM/xHF9qndjkl0SZtL8IQ2ijU0=", "owner": "horriblename", "repo": "hyprgrass", - "rev": "35eea3b6fc939778170b2b23d4e20a3fec79e96a", + "rev": "0a1780ca3851e6960c4c7c4c66e1e37fefd7b0f3", "type": "github" }, "original": { @@ -371,8 +374,8 @@ "aquamarine": "aquamarine", "hyprcursor": "hyprcursor", "hyprgraphics": "hyprgraphics", + "hyprland-guiutils": "hyprland-guiutils", "hyprland-protocols": "hyprland-protocols", - "hyprland-qtutils": "hyprland-qtutils", "hyprlang": "hyprlang", "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", @@ -384,11 +387,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1758654510, - "narHash": "sha256-V4hLuM9uB4ecz0sFnnrt0idxpw0kGIw+6tLmBw2X0u8=", + "lastModified": 1764801806, + "narHash": "sha256-AlEo8j1V9S20PJd23DXqR/tjwtUjxMcn87Euei9zFeA=", "ref": "refs/heads/main", - "rev": "ec9a72d9fbe8372c4cc4e86966f6b13d178b0bba", - "revCount": 6449, + "rev": "9b1891e4765e2c5b84c8c61725e3973ca9940e05", + "revCount": 6669, "type": "git", "url": "https://github.com/hyprwm/Hyprland" }, @@ -397,6 +400,52 @@ "url": "https://github.com/hyprwm/Hyprland" } }, + "hyprland-guiutils": { + "inputs": { + "aquamarine": [ + "hyprland", + "aquamarine" + ], + "hyprgraphics": [ + "hyprland", + "hyprgraphics" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprtoolkit": "hyprtoolkit", + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1764616927, + "narHash": "sha256-wRT0MKkpPo11ijSX3KeMN+EQWnpSeUlRtyF3pFLtlRU=", + "owner": "hyprwm", + "repo": "hyprland-guiutils", + "rev": "25cedbfdc5b3ea391d8307c9a5bea315e5df3c52", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-guiutils", + "type": "github" + } + }, "hyprland-protocols": { "inputs": { "nixpkgs": [ @@ -409,11 +458,11 @@ ] }, "locked": { - "lastModified": 1749046714, - "narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=", + "lastModified": 1759610243, + "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=", "owner": "hyprwm", "repo": "hyprland-protocols", - "rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330", + "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622", "type": "github" }, "original": { @@ -422,74 +471,6 @@ "type": "github" } }, - "hyprland-qt-support": { - "inputs": { - "hyprlang": [ - "hyprland", - "hyprland-qtutils", - "hyprlang" - ], - "nixpkgs": [ - "hyprland", - "hyprland-qtutils", - "nixpkgs" - ], - "systems": [ - "hyprland", - "hyprland-qtutils", - "systems" - ] - }, - "locked": { - "lastModified": 1749154592, - "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=", - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "type": "github" - } - }, - "hyprland-qtutils": { - "inputs": { - "hyprland-qt-support": "hyprland-qt-support", - "hyprlang": [ - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "hyprland", - "hyprland-qtutils", - "hyprlang", - "hyprutils" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1757694755, - "narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=", - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "type": "github" - } - }, "hyprlang": { "inputs": { "hyprutils": [ @@ -506,11 +487,11 @@ ] }, "locked": { - "lastModified": 1756810301, - "narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=", + "lastModified": 1764612430, + "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931", + "rev": "0d00dc118981531aa731150b6ea551ef037acddd", "type": "github" }, "original": { @@ -519,6 +500,58 @@ "type": "github" } }, + "hyprtoolkit": { + "inputs": { + "aquamarine": [ + "hyprland", + "hyprland-guiutils", + "aquamarine" + ], + "hyprgraphics": [ + "hyprland", + "hyprland-guiutils", + "hyprgraphics" + ], + "hyprlang": [ + "hyprland", + "hyprland-guiutils", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprland-guiutils", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprland-guiutils", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "hyprland-guiutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-guiutils", + "systems" + ] + }, + "locked": { + "lastModified": 1764592794, + "narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=", + "owner": "hyprwm", + "repo": "hyprtoolkit", + "rev": "5cfe0743f0e608e1462972303778d8a0859ee63e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprtoolkit", + "type": "github" + } + }, "hyprutils": { "inputs": { "nixpkgs": [ @@ -531,11 +564,11 @@ ] }, "locked": { - "lastModified": 1756117388, - "narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=", + "lastModified": 1764637132, + "narHash": "sha256-vSyiKCzSY48kA3v39GFu6qgRfigjKCU/9k1KTK475gg=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0", + "rev": "2f2413801beee37303913fc3c964bbe92252a963", "type": "github" }, "original": { @@ -556,11 +589,11 @@ ] }, "locked": { - "lastModified": 1755184602, - "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=", + "lastModified": 1763640274, + "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d", + "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671", "type": "github" }, "original": { @@ -586,11 +619,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1758446476, - "narHash": "sha256-5rdAi7CTvM/kSs6fHe1bREIva5W3TbImsto+dxG4mBo=", + "lastModified": 1764794580, + "narHash": "sha256-UMVihg0OQ980YqmOAPz+zkuCEb9hpE5Xj2v+ZGNjQ+M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a1f79a1770d05af18111fbbe2a3ab2c42c0f6cd0", + "rev": "ebc94f855ef25347c314258c10393a92794e7ab9", "type": "github" }, "original": { @@ -624,11 +657,11 @@ ] }, "locked": { - "lastModified": 1758712580, - "narHash": "sha256-0xmCEK2sIjE5ZcmMuJjbvl/Xo5AtB/OqE2oWjQzRefg=", + "lastModified": 1764847781, + "narHash": "sha256-OBuBBqMKXt8xlzJ3z27i9A36sEYAfVmeMxZ5yGFV+4Q=", "owner": "nix-community", "repo": "NUR", - "rev": "7f3ecc7eeb5cdfc43c27126200220fc928883e68", + "rev": "6f944b9a614527821456c45421833dd771a0e739", "type": "github" }, "original": { @@ -649,11 +682,11 @@ ] }, "locked": { - "lastModified": 1756961635, - "narHash": "sha256-hETvQcILTg5kChjYNns1fD5ELdsYB/VVgVmBtqKQj9A=", + "lastModified": 1764773531, + "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", "owner": "nix-community", "repo": "NUR", - "rev": "6ca27b2654ac55e3f6e0ca434c1b4589ae22b370", + "rev": "1d9616689e98beded059ad0384b9951e967a17fa", "type": "github" }, "original": { @@ -672,11 +705,11 @@ ] }, "locked": { - "lastModified": 1758108966, - "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", + "lastModified": 1763988335, + "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", "type": "github" }, "original": { @@ -736,11 +769,11 @@ ] }, "locked": { - "lastModified": 1758425756, - "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", + "lastModified": 1764483358, + "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", + "rev": "5aca6ff67264321d47856a2ed183729271107c9c", "type": "github" }, "original": { @@ -770,11 +803,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1758716250, - "narHash": "sha256-PvOo4vSk7WAOhSifgL+rzExihquU9DOIOQPrUVuFHpE=", + "lastModified": 1764798099, + "narHash": "sha256-IIwR5ZWo7tjxjRpkz0tViF9KFbQ1YXs9Wkan46WQbfk=", "owner": "danth", "repo": "stylix", - "rev": "526c882800837cce7676f3e11bb3e13e975c6032", + "rev": "4b9e0e7ba3cccb86fe2bf0f4a2dd18256bef1cc6", "type": "github" }, "original": { @@ -864,11 +897,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1754779259, - "narHash": "sha256-8KG2lXGaXLUE0F/JVwLQe7kOVm21IDfNEo0gfga5P4M=", + "lastModified": 1763914658, + "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", "owner": "tinted-theming", "repo": "schemes", - "rev": "097d751b9e3c8b97ce158e7d141e5a292545b502", + "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", "type": "github" }, "original": { @@ -880,11 +913,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1754788770, - "narHash": "sha256-LAu5nBr7pM/jD9jwFc6/kyFY4h7Us4bZz7dvVvehuwo=", + "lastModified": 1764465359, + "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "fb2175accef8935f6955503ec9dd3c973eec385c", + "rev": "edf89a780e239263cc691a987721f786ddc4f6aa", "type": "github" }, "original": { @@ -896,11 +929,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1755613540, - "narHash": "sha256-zBFrrTxHLDMDX/OYxkCwGGbAhPXLi8FrnLhYLsSOKeY=", + "lastModified": 1764464512, + "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "937bada16cd3200bdbd3a2f5776fc3b686d5cba0", + "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", "type": "github" }, "original": { @@ -937,11 +970,11 @@ ] }, "locked": { - "lastModified": 1755354946, - "narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=", + "lastModified": 1761431178, + "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0", + "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2031e096..5a6dbd27 100644 --- a/flake.nix +++ b/flake.nix @@ -103,9 +103,10 @@ modules = [ ./hosts/${host}/default.nix ./hosts/${host}/hardware-configuration.nix - ./system { networking.hostName = host; } + ./system + ./server ./home ]; }; diff --git a/home/lilith/messaging.nix b/home/lilith/messaging.nix index 789880cd..976e34f5 100644 --- a/home/lilith/messaging.nix +++ b/home/lilith/messaging.nix @@ -3,6 +3,7 @@ programs.iamb = { enable = true; settings = { + default_profile = "fau"; profiles.personal.user_id = "@lilith:matrix.firelilith.org"; profiles.fau.user_id = "@faub1941:fau.org"; diff --git a/home/lilith/packages.nix b/home/lilith/packages.nix index 31477faf..34e37900 100644 --- a/home/lilith/packages.nix +++ b/home/lilith/packages.nix @@ -45,6 +45,7 @@ btop htop + grc nix-output-monitor nvd diff --git a/hosts/lilith-lab/default.nix b/hosts/lilith-lab/default.nix index 58560763..4c4b3a53 100644 --- a/hosts/lilith-lab/default.nix +++ b/hosts/lilith-lab/default.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, ... }: +{ lib, config, ... }: let mkHostOverride = lib.mkOverride 75; in @@ -7,7 +7,11 @@ in nfs.host.enable = true; - hardware.graphics.extraPackages = [ pkgs.rocmPackages.clr.icd ]; - environment.systemPackages = [ pkgs.rocmPackages.clr.icd ]; - boot.kernelModules = [ "amdgpu" ]; + hardware.nvidia = { + package = config.boot.kernelPackages.nvidiaPackages.stable; + nvidiaSettings = true; + + open = false; + modesetting.enable = true; + }; } diff --git a/hosts/lilith-lab/secrets/default.yaml b/hosts/lilith-lab/secrets/default.yaml index f86ee03e..dd2b536f 100644 --- a/hosts/lilith-lab/secrets/default.yaml +++ b/hosts/lilith-lab/secrets/default.yaml @@ -1,5 +1,5 @@ user: - password: ENC[AES256_GCM,data:0VEVhqf0R/fduL2mX+3MQkZakCbX2mDWTzLyaWjaDbFyZphLsHThFHuh3Zm0wH+6LedwJXpbaUYsxXgwlV2F82dZ2J0aotVY2A==,iv:d23Exq0N9oBLhPVA1OrfQ9TT5Iyr53lnWrsof3rB8Bs=,tag:JeOakCtfczjxzo9JHnHzlQ==,type:str] + password: ENC[AES256_GCM,data:RffjNA5OunSxt0HQfx7A9lPiQl/4XnkeLTTG5zaGsDzIKEJ1kzYkDwsiZ18ZoYaQWGOD6yiN1nknTktfT8b8BFEdNUn4kIacfA==,iv:D6sW541Q86z/KP0S9dzasQ8oL/4Vm/Rdn1mUUCAkXns=,tag:BNQCt/x26oQyrFs8VXWuFg==,type:str] ssh: public: ENC[AES256_GCM,data:Nnxczf9a4vdFxd4r7JsFJU0kMG6jqm4eOiVHK4J0cbbHWCthaOvy0x6BjAjzqMpnRrEB0DrvPMxfCesr39yLlCYa26mNYx86AT5vi8taOGRg,iv:XLeEi0Oe7eoUHZBU5TvdxhU02aP2V1VtrnJ3V1Ckznk=,tag:fV+V2S2MOyb64HkTQP3mBw==,type:str] private: ENC[AES256_GCM,data:Yk+YHVeVBYfl0W+BbauYeuQmNR+MV9G7u5cuVthsC2oNIE8RFUfZ2oj4bzAJsPfzdHIl/gYatbw6N8gxwJLtc4PzapunKtWsCMPdmYKvtvZOvijXsrIZI0u8zf+HzZOVf+QAr0oSTos4CWcskRKl5Ue1dRs3Y6oJfnlj12s3unRMhGSYMq0k+6HZnuiBqAndPLI+YVMH8hQ22r6KBc6kmv+DLKf8saQ+E0oow4lPb9lLu2i1HIWA5s2pghOBWvagq9bOSXFx6L6gydOUdYWUsQPbgylBcd5CSZ1OdULzIFkwavqalwhp4qdhyPKqGKQ0HLypuRe5dgvr1TN92lSrsxqHNDDHTt5JyWiBq3PrXRO7pSZQtT9Sa9/nLia6QS2RTqos7nca1qOIrAGbRCLO3VZ6G2zRk9q0HKjXqR/+I7Hh5loLNAZ1BeRNYfEPEqBdlx2ma2aGFrPYtTWg6EDCXNY0Mh81PSgWEyEDdenVi4nhHSESejkcUyv02Qg4sZDpZn4WAJGi6AKY6ZbF88RIDpbMV5rIwNgqxGSeLyRP6zs=,iv:s91jTBGApdhK6oIfUtndkup6GGpdh3+DTNPfDEFkYoQ=,tag:3VeT0kk7X3OIg/ar6RTh9Q==,type:str] @@ -18,8 +18,8 @@ sops: Q0lSZ2J3cHM1Zjc3TXMwWDlnaHdWazAKo64uQ1arscAhF4gbq3ly8mCNPzSDPWql F+75SNZB24Vet5HNf0lsjZw6Iz5xiF43w05/yrSKg49cqAuij+PiCw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-21T19:26:01Z" - mac: ENC[AES256_GCM,data:tZ+hsckQrJlZfVgaFIDcffBH6TNlfZ7nEUQyd+sspaVEuOBGhruBdrAFVWWensooEOoKzHLAeh0L0ryVF1X5w09zoMZvs2hPvQ9GUBJh5U6WjnFGhfqo8MhYwOW4cKuia7dO6PYqVUhRmRdCN6vbmNWmNKsNkGmxveFd7LQA3oM=,iv:uVdd7yBhAE2GIcV3sLETCowXcPV43/e3OkXgzPKUJGg=,tag:KjktUqIOlRbYOKiY6pWeNQ==,type:str] + lastmodified: "2025-10-17T12:27:37Z" + mac: ENC[AES256_GCM,data:Tp1wJp6nZc/SqqUPXmyEpsD02bDAqrCwh3X8jyUPWy2W5O8kUCq17U1rZkd2RErpx1BaSiVQ+wIEofSJ5L8vOtSVUiScRLv+LOjmivutrxRjqkYIrzO831lDqvsYKDI4tXmBPnLh2EpVLwSghhv35+4we9CjTA0LGVxwQZpov6k=,iv:9tviyo8teegHylyP628KxgKSAR0Ec3mHeQg1srXPqEU=,tag:cIP4cELP/FoHQrGr918tjQ==,type:str] pgp: - created_at: "2025-08-21T19:07:51Z" enc: |- diff --git a/hosts/lilith-lab/secrets/networking.yaml b/hosts/lilith-lab/secrets/networking.yaml new file mode 100644 index 00000000..54fdf411 --- /dev/null +++ b/hosts/lilith-lab/secrets/networking.yaml @@ -0,0 +1,42 @@ +wireguard: + private: ENC[AES256_GCM,data:NeX0VxXVvrEUAQoRRrjUA44bygWhyvONxp/HZFJmB+kX7bl8N6eixWE569I=,iv:c1knx4eTPZQTqBurrBeHgDEVpmS/BQoLkJzmeuwlL8k=,tag:xTPutJS4eOQq/C7incehgQ==,type:str] + public: ENC[AES256_GCM,data:fQMKK8SidK6PdSqnWyFVHiUI5RKtsyYqVSh8czlS+4pBwphYuWFFR8kArOQ=,iv:gCcTpQBvIzbPuUT0WkE1f6SGU0eIKZTUZRqNA3Yb8rg=,tag:S1/woWnIinnorS9Z4czpfw==,type:str] + preshared: + lilith-phone: ENC[AES256_GCM,data:4FV8Q6A/3zRwPpUMJG4XAkY5d2PvBP/2waEWM0D3A+plgcSE50Ng2lzP5Ak=,iv:bSDfxsDiEyOeZst6lyQsMJQt9cHVbWkZaw8PuFdAUjs=,tag:eLBKYidmZXhkfcXa0ZiueA==,type:str] + lilith-pad: ENC[AES256_GCM,data:enQk/mPhrWBHEAkzIe6WLVx1ipCX5Tthq9ets7J3A470VRAWrfNotajQTGU=,iv:+V3maDCwYizOH2d7jBW6m4Eu+3nefqAgZ3c+81vMOks=,tag:Y99BMLLjJZZ8Fw8KE8QiTA==,type:str] +wireguard-bridge: + private: ENC[AES256_GCM,data:Z/Bf0u+Dgqidq6QB1QymhW7dyK4E8/aTUFjVTQaYEl8K3xU3LByzUu16FV4=,iv:frID3D1VSLQSxwxrV4jX02CG1OYYCJo53SPIBtTWozI=,tag:yD6LeGW9XQuFsFzoDhRBrA==,type:str] + public: ENC[AES256_GCM,data:j2UyFO/ynMAXHqoJh5yUdvTWRxhI3NT4mopfvTBT65E7eULMx+/N6BzcydY=,iv:xZyVkk+dKrpu30vnrq98FEfpK5l7A0u2FpDhFScTG/4=,tag:OVSo1r7DG8WXfvSkhIm2zw==,type:str] +mullvad: + private: ENC[AES256_GCM,data:p03PnOPD5S9m2BXq5Ugv/bw8C4+CrO0/kO7N5gk93fm3h9dvem5D5Kul1T4=,iv:YLJs6BlaMnCWMAmsDEdqYxiQhFMaEgvHl2oNET6ZjdU=,tag:CCP31oZnRw677sHWhDTAcQ==,type:str] + public: ENC[AES256_GCM,data:HMVNaMU04xMn5VRQBYcchW7SnWxQR6fOUFW7piKyW0v0wf61v9tV4Hs7TmU=,iv:0ZZKQatO+BT+54fa+vsAHhGNMGVaVdKT+COc1dQnLeI=,tag:erb87XB+H+tq3H5HVve9JQ==,type:str] +home-assistant: + mosquitto: + hass: ENC[AES256_GCM,data:yzm/ETAQ7y5nCtR40IL0fvnjMyVHMTbF7qpVm5upMqs3v+wdV5H0/bsmTKl3r6PduumU9bT5XrbBHZoBWDfKiCHzCNOLvFCvKxE8pvvMg13nbWYT/5Iq3iqdUpjiQWdAPzN/jgHkOyClkL5JjNki6Q==,iv:Er/sEpydmTyW9CnaObc2XxsgAx2D41K+NWATgsUwiu8=,tag:1Fuu0S7LYnZEQMztdgId+w==,type:str] +sops: + age: + - recipient: age1aqks8n6temvwfnqqk8pua56du4xz8krz8edmslg69pu8hpkla96q5hfxp6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3WTJvK3RRcjRPVkVoZkEy + bUVTSy9yS2ovOXNxS25KYTNBRjc2R3g3bnlJCjdTdmp2WExaQmV2eWFyN0hQYUtK + MzU5VUVQSVNPTkVpdXlUdWpaRFFXMHMKLS0tIGZXN1Zab2huSlFvQkVLR0tsQTBY + VUJxWUhnbEpGUkFUbDBveEpCTkYrQjAKVrVBFELhFvmLdUc2yIqdHCSUWQUToTGV + qBiwM4u9hjpwTr5zCHWEvXOXoDHuBMy8Ud4ha8wshbgf0iD/axXjOQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-10-17T12:29:14Z" + mac: ENC[AES256_GCM,data:xsh2nmx1M+eCT6sVwJ0JBeBh5d8mz3pmxpSn5RgIWmARfIbnt4Q4ysLNV6SAbJvtHLvOQKZsboHGRjAEpu3H+g3pSB3hu+s+uSNiPUcBO2eq0jA/d0DwtckPMS+9bs/eEKAyPcGbxe5H3erISgZUr3+WtZCnd7XwjCD3mKG+8iw=,iv:DIOnx+6RJ3eYTgaYNI0arzG3R9L0uJu3tlPNsyDZQ8k=,tag:MD6/b/5dugTb3jayL1/VyQ==,type:str] + pgp: + - created_at: "2025-10-17T12:29:08Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DCgMW7d7co2gSAQdA7HgG4AoCCg7Un8w1MIY/WHDaH0D7Ix3dx+X2cLi7mFkw + MgzvF9i9MLQlE2bFknbZdAQL8LW/eBauC3vaUPoIZrDGTCHt7D2sPI4Eap25GRl6 + 0l4BG1SUmTDjZb5S75QFo7+O6UvO+PDuhXbmjes9926I2ohPfIOGCUjELV8HyNXO + 35SadPJ1jcolURhMkSuEdt7lFRPslC3iXRVP7LEnuVP68ZXo7xa1uvFAvkBAtIsv + =oIH1 + -----END PGP MESSAGE----- + fp: 35FA53C3B39A778CBD0F0ADD0A0316EDDEDCA368 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/hosts/lilith-pad/default.nix b/hosts/lilith-pad/default.nix index 775e8ebd..d9ad309b 100644 --- a/hosts/lilith-pad/default.nix +++ b/hosts/lilith-pad/default.nix @@ -14,7 +14,7 @@ in nfs.client.enable = true; auto_styling.enable = true; - ollama.enable = false; + # ollama.enable = false; home-manager.users."lilith".wayland.windowManager.hyprland.settings = { monitor = mkHostOverride [ diff --git a/server/arr/default.nix b/server/arr/default.nix new file mode 100644 index 00000000..430a10ab --- /dev/null +++ b/server/arr/default.nix @@ -0,0 +1,65 @@ +{ lib, config, ... }: +{ + options.server.arr.enable = lib.mkEnableOption "Enable *arr suite"; + + config = lib.mkIf config.server.arr.enable { + networking.firewall.allowedTCPPorts = [ + 7878 + 8191 + 8686 + 8989 + 9696 + ]; + + services.radarr = { + user = "jellyfin"; + group = "jellyfin"; + enable = true; + }; + + services.sonarr = { + user = "jellyfin"; + group = "jellyfin"; + enable = true; + }; + + # services.lidarr = { + # user = "jellyfin"; + # group = "jellyfin"; + # enable = true; + # }; + + virtualisation.oci-containers.containers."lidarr" = { + image = "ghcr.io/linuxserver-labs/prarr:lidarr-plugins"; + volumes = [ + "config:/config" + "/data:/data" + "music:/music" + ]; + environment = { + "PUID" = "994"; + "GUID" = "994"; + }; + extraOptions = [ "--network=host" ]; + }; + + services.prowlarr = { + enable = true; + }; + + # services.flaresolverr = { + # enable = true; + # }; + + services.readarr = { + user = "jellyfin"; + group = "jellyfin"; + enable = true; + }; + + virtualisation.oci-containers.containers."flaresolverr" = { + image = "ghcr.io/flaresolverr/flaresolverr:latest"; + extraOptions = [ "--network=host" ]; + }; + }; +} diff --git a/server/default.nix b/server/default.nix new file mode 100644 index 00000000..6dcb5883 --- /dev/null +++ b/server/default.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + imports = [ + ./ollama.nix + ./jellyfin + ./wireguard.nix + ./deluge + ./nfs-server.nix + ./arr + # ./home-assistant + ]; +} diff --git a/server/deluge/default.nix b/server/deluge/default.nix new file mode 100644 index 00000000..4485218d --- /dev/null +++ b/server/deluge/default.nix @@ -0,0 +1,154 @@ +{ + lib, + config, + pkgs, + ... +}: +{ + options.server.deluge.enable = lib.mkEnableOption "Enable deluge torrent client"; + + config = lib.mkIf config.server.deluge.enable { + services.deluge = { + enable = true; + web.enable = true; + }; + + environment.systemPackages = with pkgs; [ libnatpmp ]; + + networking.firewall.allowedTCPPorts = [ 8112 ]; + + # creating network namespace + systemd.services."netns@" = { + description = "%I network namespace"; + before = [ "network.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.iproute2}/bin/ip netns add %I"; + ExecStop = "${pkgs.iproute2}/bin/ip netns del %I"; + }; + }; + + systemd.services.wg-port-opener = { + description = "port opener for protonvpn"; + bindsTo = [ "netns@wg.service" ]; + requires = [ "network-online.target" ]; + after = [ "netns@wg.service" ]; + serviceConfig = { + Type = "exec"; + NetworkNamespacePath = [ "/var/run/netns/wg" ]; + ExecStart = + with pkgs; + writers.writeBash "port-opening" '' + while true; do + date; + ${libnatpmp}/bin/natpmpc -a 1 0 udp 60 -g 10.2.0.1 || { echo -e "ERROR with natpmpc udp command \a" ; break ; }; + ${libnatpmp}/bin/natpmpc -a 1 0 tcp 60 -g 10.2.0.1 || { echo -e "ERROR with natpmpc tcp command \a" ; break ; }; + sleep 45; + done; + ''; + }; + }; + + # setting up wireguard interface within network namespace + systemd.services.wg = { + description = "wg network interface"; + bindsTo = [ "netns@wg.service" ]; + requires = [ "network-online.target" ]; + after = [ "netns@wg.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = + with pkgs; + writers.writeBash "wg-up" '' + ${iproute2}/bin/ip link add wg0 type wireguard + ${iproute2}/bin/ip link set wg0 netns wg + ${iproute2}/bin/ip -n wg address add 10.2.0.2/32 dev wg0 + # ${iproute2}/bin/ip -n wg -6 address add fc00:bbbb:bbbb:bb01::a:1674/128 dev wg0 + ${iproute2}/bin/ip netns exec wg \ + ${wireguard-tools}/bin/wg setconf wg0 /root/proton.conf + ${iproute2}/bin/ip -n wg link set wg0 up + # need to set lo up as network namespace is started with lo down + ${iproute2}/bin/ip -n wg link set lo up + ${iproute2}/bin/ip -n wg route add default dev wg0 + ${iproute2}/bin/ip -n wg -6 route add default dev wg0 + ''; + ExecStop = + with pkgs; + writers.writeBash "wg-down" '' + ${iproute2}/bin/ip -n wg route del default dev wg0 + ${iproute2}/bin/ip -n wg -6 route del default dev wg0 + ${iproute2}/bin/ip -n wg link del wg0 + ''; + }; + }; + + # binding deluged to network namespace + systemd.services.deluged.bindsTo = [ "netns@wg.service" ]; + systemd.services.deluged.requires = [ + "network-online.target" + "wg.service" + ]; + systemd.services.deluged.serviceConfig.NetworkNamespacePath = [ "/var/run/netns/wg" ]; + + systemd.services.deluge-port-setter = { + description = "sets deluge ports"; + bindsTo = [ "netns@wg.service" ]; + requires = [ "network-online.target" ]; + after = [ "deluged.service" ]; + serviceConfig = { + Type = "oneshot"; + User = "deluge"; + RemainAfterExit = true; + NetworkNamespacePath = [ "/var/run/netns/wg" ]; + ExecStart = + with pkgs; + writers.writeBash "deluge-ports" '' + TCP=($(${libnatpmp}/bin/natpmpc -a 1 0 tcp 60 -g 10.2.0.1 2> /dev/null | grep Mapped)) + TCP_PORT=''${TCP[3]} + UDP=($(${libnatpmp}/bin/natpmpc -a 1 0 udp 60 -g 10.2.0.1 2> /dev/null | grep Mapped)) + UDP_PORT=''${UDP[3]} + echo "The ports are" + echo "TCP: $TCP_PORT" + echo "UDP: $UDP_PORT" + PORTS="($TCP_PORT, $UDP_PORT)" + ${deluge}/bin/deluge-console "config -s random_port false; config -s listen_ports $PORTS" + + exit 0 + ''; + }; + }; + + # allowing delugeweb to access deluged in network namespace, a socket is necesarry + systemd.sockets."proxy-to-deluged" = { + enable = true; + description = "Socket for Proxy to Deluge Daemon"; + listenStreams = [ "58846" ]; + wantedBy = [ "sockets.target" ]; + }; + + # creating proxy service on socket, which forwards the same port from the root namespace to the isolated namespace + systemd.services."proxy-to-deluged" = { + enable = true; + description = "Proxy to Deluge Daemon in Network Namespace"; + requires = [ + "deluged.service" + "proxy-to-deluged.socket" + ]; + after = [ + "deluged.service" + "proxy-to-deluged.socket" + ]; + unitConfig = { + JoinsNamespaceOf = "deluged.service"; + }; + serviceConfig = { + User = "deluge"; + Group = "deluge"; + ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 127.0.0.1:58846"; + PrivateNetwork = "yes"; + }; + }; + }; +} diff --git a/server/home-assistant/bathroom.nix b/server/home-assistant/bathroom.nix new file mode 100644 index 00000000..19e6b646 --- /dev/null +++ b/server/home-assistant/bathroom.nix @@ -0,0 +1,30 @@ +{ ... }: +{ + services.home-assistant.config = { + "automation" = [ + { + alias = "Towel Warmer Timer"; + trigger = { + type = "turned_on"; + device_id = "bf77f1611d1d9959e967b4e35ba5234c"; + entity_id = "b674ce8cc70a4d0c1bfba7c6946ab3e4"; + domain = "switch"; + trigger = "device"; + for = { + hours = 0; + minutes = 60; + seconds = 0; + }; + }; + action = [ + { + type = "turn_off"; + device_id = "bf77f1611d1d9959e967b4e35ba5234c"; + entity_id = "b674ce8cc70a4d0c1bfba7c6946ab3e4"; + domain = "switch"; + } + ]; + } + ]; + }; +} diff --git a/server/home-assistant/default.nix b/server/home-assistant/default.nix new file mode 100644 index 00000000..dfb14fe7 --- /dev/null +++ b/server/home-assistant/default.nix @@ -0,0 +1,66 @@ +{ lib, config, ... }: +{ + options.server.home-assistant.enable = lib.mkEnableOption "Enable home-assistant"; + + config = lib.mkIf config.server.home-assistant.enable { + networking.firewall.allowedTCPPorts = [ + 8123 + 5683 + ]; + + imports = [ + ./zones.nix + ./wyoming.nix + ./mosquitto.nix + ./bathroom.nix + ./lights.nix + ./heating.nix + ]; + + services.home-assistant = { + enable = true; + + extraComponents = [ + "pushover" + "isal" + "nina" + "jellyfin" + "deluge" + "conversation" + + "ollama" + "anthropic" + + "mqtt" + + "shelly" + "tasmota" + + "wyoming" + "whisper" + "piper" + + "open_meteo" + + "wake_on_lan" + "bluetooth" + "bthome" + "fritz" + ]; + + config = { + default_config = { }; + + # anthropic = { + # intents = [ + # "HassTurnOn" + # "HassTurnOff" + # "HassGetWeather" + # ]; + # }; + + intent = { }; + }; + }; + }; +} diff --git a/server/home-assistant/heating.nix b/server/home-assistant/heating.nix new file mode 100644 index 00000000..822d717e --- /dev/null +++ b/server/home-assistant/heating.nix @@ -0,0 +1,16 @@ +{...}: { + services.home-assistant.config.automation = [ + { + description = "Pause Heating when Window opens"; + alias = "Heating Pause"; + use_blueprint = { + path = "raffy-ops/hvac_pause.yaml"; + input = { + climate_device = "climate.shellyblutrv_286847ef7fc0"; + doors_windows = "binary_sensor.shelly_blu_door_window_3a5a_window"; + action_first = true; + }; + }; + } + ]; +} diff --git a/server/home-assistant/lights.nix b/server/home-assistant/lights.nix new file mode 100644 index 00000000..d93de989 --- /dev/null +++ b/server/home-assistant/lights.nix @@ -0,0 +1,55 @@ +{...}: { + services.home-assistant.config.automation = [ + { + alias = "Wake Up Light"; + description = "Turn on the light on alarm ringing"; + trigger = { + platform = "time"; + at = "sensor.lilith_phone_next_alarm"; + }; + condition = []; + action = [ + { + action = "light.turn_on"; + metadata = {}; + data = { + transition = 3; + kelvin = 3000; + brightness_pct = 100; + }; + target = { + device_id = "7d40ebcac890a2743d7dc2a6dc4ca797"; + }; + } + ]; + mode = "single"; + } + { + alias = "Automatic Light Off"; + description = "Turn off the light after 15 minutes once Liv leaves the house"; + trigger = { + platform = "state"; + entity_id = "person.liv_benstem"; + from = "home"; + to = "not_home"; + for = { + hours = 0; + minutes = 10; + seconds = 0; + }; + }; + condition = []; + action = [ + { + action = "light.turn_off"; + metadata = {}; + data = {}; + target = { + area_id = "bedroom"; + }; + } + ]; + mode = "single"; + } + ]; +} diff --git a/server/home-assistant/mosquitto.nix b/server/home-assistant/mosquitto.nix new file mode 100644 index 00000000..232a7c02 --- /dev/null +++ b/server/home-assistant/mosquitto.nix @@ -0,0 +1,20 @@ +{ sops, config, ...}: { + + sops.secrets."home-assistant/mosquitto/hass" = {}; + + services.mosquitto = { + enable = true; + listeners = [ + { + address = "192.168.178.111"; + port = 1883; + users.hass = { + acl = [ "readwrite #" ]; + hashedPasswordFile = config.sops.secrets."home-assistant/mosquitto/hass".path; + }; + } + ]; + }; + + networking.firewall.allowedTCPPorts = [ 1883 ]; +} diff --git a/server/home-assistant/wyoming.nix b/server/home-assistant/wyoming.nix new file mode 100644 index 00000000..a58947e9 --- /dev/null +++ b/server/home-assistant/wyoming.nix @@ -0,0 +1,19 @@ +{...}: { + services.wyoming = { + piper.servers = { + alba = { + enable=true; + uri="tcp://localhost:12001"; + voice="en_GB-alba-medium"; + }; + }; + faster-whisper.servers = { + tiny = { + enable=true; + uri="tcp://localhost:12002"; + model="tiny-int8"; + language="en"; + }; + }; + }; +} diff --git a/server/home-assistant/zones.nix b/server/home-assistant/zones.nix new file mode 100644 index 00000000..e13b446e --- /dev/null +++ b/server/home-assistant/zones.nix @@ -0,0 +1,27 @@ +{ + services.home-assistant.config.homeassistant = { + name = "Home"; + latitude = "52.405212"; + country = "DE"; + longitude = "13.047246"; + elevation = "45"; + unit_system = "metric"; + time_zone = "Europe/Berlin"; + }; + services.home-assistant.config.zone = [ + { + name = "University"; + icon = "mdi:school"; + latitude = "52.408866"; + longitude = "12.97513"; + radius = "500"; + } + { + name = "Parents"; + icon = "mdi:human-male-female-child"; + latitude = "52.153352"; + longitude = "9.919335"; + radius = "100"; + } + ]; +} diff --git a/server/jellyfin/default.nix b/server/jellyfin/default.nix new file mode 100644 index 00000000..83474aad --- /dev/null +++ b/server/jellyfin/default.nix @@ -0,0 +1,51 @@ +{ + lib, + config, + pkgs, + ... +}: +{ + options.server.jellyfin.enable = lib.mkEnableOption "Enable Jellyfin+Jellyseerr"; + + config = lib.mkIf config.server.jellyfin.enable { + networking.firewall.allowedTCPPorts = [ + 5055 + 8096 + ]; + networking.firewall.allowedUDPPorts = [ 8096 ]; + + # Jellyfin + + environment.systemPackages = with pkgs; [ + jellyfin + jellyfin-web + jellyfin-ffmpeg + ]; + + services.jellyfin.enable = true; + + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + intel-vaapi-driver # previously vaapiIntel + vaapiVdpau + intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) + vpl-gpu-rt # QSV on 11th gen or newer + intel-media-sdk # QSV up to 11th gen + ]; + }; + + # services.jellyseerr = { + # enable = true; + # port = 5055; + # openFirewall = true; + # }; + + virtualisation.oci-containers.containers."jellyseerr-music" = { + image = "fallenbagel/jellyseerr:preview-music-support"; + extraOptions = [ "--network=host" ]; + volumes = [ "/var/lib/jellyseerr/config:/app/config" ]; + }; + }; +} diff --git a/server/nfs-server.nix b/server/nfs-server.nix new file mode 100644 index 00000000..fd0150cf --- /dev/null +++ b/server/nfs-server.nix @@ -0,0 +1,33 @@ +{ lib, config, ... }: +{ + options.server.nfs.enable = lib.mkEnableOption "Enable NFS shares"; + + config = lib.mkIf config.server.nfs.enable { + services.nfs.server = { + enable = true; + exports = '' + /export 192.168.178.111/24(rw,fsid=0,no_subtree_check) + /export/share 192.168.178.111/24(rw,nohide,insecure,no_subtree_check) + /export/torrent 192.168.178.111/24(rw,nohide,insecure,no_subtree_check) + ''; + }; + + services.nfs.settings.main = { + UDP = false; + vers2 = false; + vers3 = false; + }; + + fileSystems."/export/share" = { + device = "/data/share"; + options = [ "bind" ]; + }; + + fileSystems."/export/torrent" = { + device = "/data/torrent"; + options = [ "bind" ]; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; + }; +} diff --git a/server/ollama.nix b/server/ollama.nix new file mode 100644 index 00000000..0ab890bb --- /dev/null +++ b/server/ollama.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +{ + options.server.ollama.enable = lib.mkEnableOption "Enable Ollama server /w GPU acceleration"; + options.server.ollama.options = lib.mkOption { + description = "additional options to pass to ollama"; + default = { }; + }; + + config = lib.mkIf config.server.ollama.enable { + services.ollama = lib.attrsets.recursiveUpdate { + enable = true; + host = "0.0.0.0"; + + # acceleration = "rocm"; + # rocmOverrideGfx = "11.0.0"; + } config.server.ollama.options; + + networking.firewall.allowedTCPPorts = [ 11434 ]; + + environment.persistence."/persist/cache".directories = [ + { + directory = "/var/lib/private/ollama"; + user = "nouser"; + group = "nogroup"; + mode = "u=rwx,g=,o="; + } + ]; + }; +} diff --git a/server/wireguard.nix b/server/wireguard.nix new file mode 100644 index 00000000..c915eb0a --- /dev/null +++ b/server/wireguard.nix @@ -0,0 +1 @@ +{ ... }: { } diff --git a/system/optional/default.nix b/system/optional/default.nix index 705a8255..d2dbfd0a 100644 --- a/system/optional/default.nix +++ b/system/optional/default.nix @@ -6,7 +6,7 @@ ./desktop.nix ./gaming.nix ./stylix.nix - ./ollama.nix + ./wireguard.nix ./sdr.nix ]; } diff --git a/system/optional/ollama.nix b/system/optional/ollama.nix deleted file mode 100644 index c1c3e716..00000000 --- a/system/optional/ollama.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, ... }: -{ - options.ollama.enable = lib.mkEnableOption "Enable Ollama server /w GPU acceleration"; - - config.services.ollama = lib.mkIf config.ollama.enable { - enable = true; - host = "0.0.0.0"; - acceleration = "rocm"; - rocmOverrideGfx = "11.0.0"; - }; - config.networking.firewall = lib.mkIf config.ollama.enable { allowedTCPPorts = [ 11434 ]; }; - config.environment.persistence."/persist/cache".directories = lib.mkIf config.ollama.enable [ - { - directory = "/var/lib/private/ollama"; - user = "nouser"; - group = "nogroup"; - mode = "u=rwx,g=,o="; - } - ]; -} diff --git a/system/optional/wireguard.nix b/system/optional/wireguard.nix new file mode 100644 index 00000000..f41daca9 --- /dev/null +++ b/system/optional/wireguard.nix @@ -0,0 +1,31 @@ +{ lib, config, ... }: +{ + options.wireguard.enable = lib.mkEnableOption "Enable wireguard"; + options.wireguard.ip = lib.mkOption { + type = with lib.types; uniq string; + descriptions = "Wireguard ip"; + }; + + config = lib.mkIf config.wireguard.enable { + sops.secrets."wireguard/private" = { + sopsFile = ../../hosts/${config.networking.hostname}/secrets/networking.yaml; + }; + + networking.wireguard.interfaces = { + server-wg = { + ips = [ config.wireguard.ip ]; + listenPort = 51821; + privateKeyFile = config.sops.secrets."wireguard/private".path; + + peers = [ + { + publicKey = "kYJn39tFStvzJ6QOMy3NabNWrJREaYdxwo/GdYD0MRk="; + allowedIPs = [ "10.0.1.2/32" ]; + endpoint = "95.217.79.106:51821"; + persistentKeepalive = 25; + } + ]; + }; + }; + }; +} diff --git a/unfree.nix b/unfree.nix index 6675cc39..9c465338 100644 --- a/unfree.nix +++ b/unfree.nix @@ -2,5 +2,13 @@ allowed = [ "steam" "steam-unwrapped" + + "libcublas" + "cuda_cudart" + "cuda_cccl" + "cuda_nvcc" + "nvidia-x11" + "nvidia-settings" + "nvidia-persistenced" ]; }