so mad

2026-06-11 12:40:44 +03:00 · 2025-08-07 01:46:58 +03:00
parent 185d6e22b4
commit de44801150
62 changed files with 5 additions and 43 deletions
@@ -0,0 +1,72 @@
+{ inputs, ... }@flakeContext:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services = {
+    cloudflared = {
+      enable = false;
+      certificateFile = "${config.xlib.dirs.server-credentials}/cloudflared/cert.pem";
+      tunnels = {
+        "58b340ee-e98a-4af9-b786-74600c71f49e" = {
+          credentialsFile = "${config.xlib.dirs.server-credentials}/cloudflared/server.json";
+          warp-routing.enabled = true;
+          ingress = {
+            "immich.zeroq.ru" = {
+              service = "http://localhost:2283";
+            };
+            "nextcloud.zeroq.ru" = {
+              service = "http://localhost:10000";
+            };
+          };
+          default = "http_status:404";
+        };
+        #         "58b340ee-e98a-4af9-b786-74600c71f49e" = {
+        #           credentialsFile = "${config.xlib.dirs.server-credentials}/cloudflared/server.json";
+        #           warp-routing.enabled = true;
+        #           ingress = {
+        #             "nextcloud.zeroq.ru" = {
+        #               service = "http://localhost:10000";
+        #             };
+        #           };
+        #           default = "http_status:404";
+        #         };
+      };
+    };
+  };
+
+  #   users.users = {
+  #     cloudflared = {
+  #       group = "cloudflared";
+  #       isSystemUser = true;
+  #     };
+  #   };
+  #   users.groups.cloudflared = { };
+  #
+  #   systemd.services.cloudflared = {
+  #     after = [
+  #       "network.target"
+  #       "network-online.target"
+  #     ];
+  #     wants = [
+  #       "network.target"
+  #       "network-online.target"
+  #     ];
+  #     wantedBy = [ "multi-user.target" ];
+  #     serviceConfig = {
+  #       ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate --config=${config.xlib.dirs.server-credentials}/cloudflared/config.yaml --origincert=${config.xlib.dirs.server-credentials}/cloudflared/cert.pem --credentials-file=${config.xlib.dirs.server-credentials}/cloudflared/server.json run";
+  #       Group = "root";
+  #       User = "root";
+  #       Restart = "on-failure";
+  #     };
+  #   };
+
+  environment = {
+    systemPackages = with pkgs; [
+      cloudflared
+    ];
+  };
+}
@@ -6,5 +6,7 @@
 {
  imports = [
    ./stirling-pdf.nix
+    #./cloudflared.nix
+    ./immich.nix
  ];
 }
@@ -0,0 +1,48 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services = {
+    immich = {
+      #package = pkgs-src.immich;
+      enable = true;
+      port = 2283;
+      host = "0.0.0.0";
+      openFirewall = true;
+      accelerationDevices = null;
+      machine-learning.enable = false;
+      mediaLocation = "/mnt/immich";
+    };
+  };
+
+  fileSystems."${config.services.immich.mediaLocation}" = {
+    device = "${config.xlib.dirs.immich-folder}";
+    options = [
+      "bind"
+      #"uid=1000"
+      #"gid=1000"
+      #"fmask=0007"
+      #"dmask=0007"
+      "nofail"
+      "x-systemd.device-timeout=0"
+    ];
+  };
+
+  systemd.tmpfiles.rules = [
+    "z /mnt/immich 0755 immich immich -" # beets absolute paths
+  ];
+
+  users.users.immich.extraGroups = [
+    "video"
+    "render"
+  ];
+
+  environment = {
+    systemPackages = with pkgs; [
+      immich-cli
+    ];
+  };
+}
@@ -0,0 +1,11 @@
+{
+  config,
+  ...
+}:
+{
+  services.mealie = {
+    enable = false;
+    listenAddress = "0.0.0.0";
+    port = 9000;
+  };
+}
@@ -0,0 +1,13 @@
+{
+  config,
+  ...
+}:
+{
+  services.miniflux = {
+    enable = false;
+    config = {
+      CLEANUP_FREQUENCY = 48;
+      LISTEN_ADDR = "localhost:6061";
+    };
+  };
+}
@@ -0,0 +1,94 @@
+{ inputs, ... }@flakeContext:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services = {
+    # nextcloud-whiteboard-server = {
+    #   enable = true;
+    #   settings = {
+    #     NEXTCLOUD_URL = "http://localhost:10000";
+    #   };
+    #   secrets = [ "${inputs.zeroq-credentials}/services/nextcloud/jwt-secret.txt" ];
+    # };
+    nextcloud = {
+      enable = true;
+      package = pkgs.nextcloud31;
+      hostName = "localhost:10000";
+      database.createLocally = true;
+      home = "/mnt/nextcloud";
+      config = {
+        dbtype = "pgsql";
+        dbuser = "nextcloud";
+        #dbhost = "/run/postgresql";
+        dbname = "nextcloud";
+        adminuser = "oqyude";
+        adminpassFile = "${inputs.zeroq-credentials}/services/nextcloud/admin-pass.txt";
+      };
+      settings = {
+        appstoreEnable = false;
+        log_type = "file";
+        trusted_domains = [
+          "nextcloud.zeroq.ru"
+          "100.64.0.0"
+          "192.168.1.20"
+          "localhost"
+          "sapphira.latxa-platy.ts.net"
+        ];
+        overwriteprotocol = "https";
+      };
+      extraAppsEnable = true;
+      extraApps = {
+        inherit (pkgs.nextcloud31Packages.apps)
+          deck
+          end_to_end_encryption
+          groupfolders
+          impersonate
+          onlyoffice
+          bookmarks
+          calendar
+          contacts
+          cookbook
+          cospend
+          forms
+          gpoddersync
+          integration_paperless
+          mail
+          maps
+          memories
+          music
+          notes
+          notify_push
+          polls
+          previewgenerator
+          richdocuments
+          spreed
+          tasks
+          user_oidc
+          user_saml
+          whiteboard
+          ;
+      };
+    };
+  };
+
+  fileSystems."/mnt/nextcloud" = {
+    device = "${config.xlib.dirs.nextcloud-folder}";
+    options = [
+      "bind"
+      #"uid=1000"
+      #"gid=1000"
+      #"fmask=0007"
+      #"dmask=0007"
+      "nofail"
+      "x-systemd.device-timeout=0"
+    ];
+  };
+
+  systemd.tmpfiles.rules = [
+    "z /mnt/nextcloud 0755 nextcloud nextcloud -"
+  ];
+}
@@ -0,0 +1,34 @@
+{ inputs, ... }@flakeContext:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services = {
+    nginx = {
+      enable = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      virtualHosts = {
+        "localhost:10000" = {
+          forceSSL = false;
+          enableACME = false;
+          listen = [
+            {
+              addr = "100.64.0.0";
+              port = 10000;
+            }
+            {
+              addr = "192.168.1.20";
+              port = 10000;
+            }
+          ];
+        };
+      };
+    };
+  };
+}
@@ -0,0 +1,35 @@
+{ inputs, ... }@flakeContext:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  fix = import inputs.nixpkgs-last-unstable {
+    system = "x86_64-linux";
+    config.allowUnfree = true;
+  }; # temp
+in
+{
+  services = {
+    open-webui = {
+      enable = true;
+      package = fix.open-webui;
+      host = "0.0.0.0";
+      port = 11112;
+      openFirewall = true;
+      environment = {
+        ANONYMIZED_TELEMETRY = "False";
+        DO_NOT_TRACK = "True";
+        SCARF_NO_ANALYTICS = "True";
+        OPENAI_API_BASE_URL = "http://localhost:1234/v1";
+        #OLLAMA_API_BASE_URL = "http://127.0.0.1:1234";
+        WEBUI_AUTH = "True";
+        ENABLE_SIGNUP = "True";
+        ENABLE_SIGNUP_PASSWORD_CONFIRMATION = "True";
+        ENABLE_VERSION_UPDATE_CHECK = "False";
+      };
+    };
+  };
+}
@@ -0,0 +1,24 @@
+{ inputs, ... }@flakeContext:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services = {
+    zerotierone = {
+      enable = enable;
+      joinNetworks = [
+        "db64858fedde087e"
+      ];
+      port = 9993;
+    };
+  };
+
+  # environment = {
+  #   systemPackages = with pkgs; [
+  #     zerotierone
+  #   ];
+  # };
+}