feat(git): adding gitea and postgresql, copied jtojnar setup to play around with

feat(dashy): broken

flake.lock

@@ -28,11 +28,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1757042560,
+        "lastModified": 1757840226,
-        "narHash": "sha256-M+N9yi0ziCVeMGuqMnLRZBoIoZHXCvWNlkLBpyp+4Jo=",
+        "narHash": "sha256-Bxacqw2208XnOsOeDFLg0XqZ8b48jenepwS2OshA7D4=",
         "owner": "anyrun-org",
         "repo": "anyrun",
-        "rev": "df2a914b5acdd0f39ed4bf4336afc9e94fb28be8",
+        "rev": "b21edf8db8bf914774c8beb29f2161f1acb0ea9b",
         "type": "github"
       },
       "original": {
@@ -83,11 +83,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1757122261,
+        "lastModified": 1757789833,
-        "narHash": "sha256-K4b+ujyYhbur7TY4JCiiKXdNLeAvsAkoFW8ulOkfayY=",
+        "narHash": "sha256-cpYiHtQ9ROyutuFEkqDNkc3sOVayEeNHAtCVQI5reoc=",
         "owner": "chaotic-cx",
         "repo": "nyx",
-        "rev": "e347ef625cf40c90592e419521b0d5127272a045",
+        "rev": "5a088eb3f84aeea80b2d240e25c4f72a0fbdea4e",
         "type": "github"
       },
       "original": {
@@ -142,11 +142,11 @@
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1756795219,
+        "lastModified": 1757831996,
-        "narHash": "sha256-tKBQtz1JLKWrCJUxVkHKR+YKmVpm0KZdJdPWmR2slQ8=",
+        "narHash": "sha256-vLvo3VmGXA+mvra90asjpZTdjElDOZB62xuQP31pO2s=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "80dbdab137f2809e3c823ed027e1665ce2502d74",
+        "rev": "7b679aa06678433ff15df49c9fc50671fc4fc4cc",
         "type": "github"
       },
       "original": {
@@ -384,11 +384,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755960406,
+        "lastModified": 1757588530,
-        "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
+        "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
+        "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411",
         "type": "github"
       },
       "original": {
@@ -464,11 +464,11 @@
     },
     "hardware": {
       "locked": {
-        "lastModified": 1757103352,
+        "lastModified": 1757891025,
-        "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=",
+        "narHash": "sha256-NfiTk59huy/YK9H4W4wVwRYyiP2u86QqROM5KK4f5F4=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "11b2a10c7be726321bb854403fdeec391e798bf0",
+        "rev": "4c38a024fa32e61db2be8573e5282b15d9733a79",
         "type": "github"
       },
       "original": {
@@ -483,11 +483,11 @@
         "rust-overlay": "rust-overlay_2"
       },
       "locked": {
-        "lastModified": 1757082973,
+        "lastModified": 1757891477,
-        "narHash": "sha256-mnzEsFAJkw26fvE0SE1jrzdAZrwDDleTTgNL7huXABI=",
+        "narHash": "sha256-xNZXCWqmJ1XOYbNYGKgp6o5sWcayyLWrSE3b7wzEA7k=",
         "owner": "helix-editor",
         "repo": "helix",
-        "rev": "d0218f7e78bc0c3af4b0995ab8bda66b9c542cf3",
+        "rev": "1f020b1d724fdbd1c8542c9654f2cb78c4f147b6",
         "type": "github"
       },
       "original": {
@@ -503,11 +503,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757075491,
+        "lastModified": 1757910558,
-        "narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=",
+        "narHash": "sha256-qD2UBG+JfmIE50OmjumOQZ73LKUacxO7uq2hxkna0rA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf",
+        "rev": "5e06d0f1844bd150e7813368b06f32b03c816a0d",
         "type": "github"
       },
       "original": {
@@ -545,11 +545,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757072639,
+        "lastModified": 1757698511,
-        "narHash": "sha256-8aC1lUvVpu2BBBgX7iKYyf5nyuGfoyYStxD4es3mzuM=",
+        "narHash": "sha256-UqHHGydF/q3jfYXCpvYLA0TWtvByOp1NwOKCUjhYmPs=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a51e585a05d318f988dfe09ec7fe31de966d9a76",
+        "rev": "a3fcc92180c7462082cd849498369591dfb20855",
         "type": "github"
       },
       "original": {
@@ -603,11 +603,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755678602,
+        "lastModified": 1757542864,
-        "narHash": "sha256-uEC5O/NIUNs1zmc1aH1+G3GRACbODjk2iS0ET5hXtuk=",
+        "narHash": "sha256-8i9tsVoOmLQDHJkNgzJWnmxYFGkJNsSndimYpCoqmoA=",
         "owner": "hyprwm",
         "repo": "hyprgraphics",
-        "rev": "157cc52065a104fc3b8fa542ae648b992421d1c7",
+        "rev": "aa9d14963b94186934fd0715d9a7f0f2719e64bb",
         "type": "github"
       },
       "original": {
@@ -667,11 +667,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756291201,
+        "lastModified": 1757420192,
-        "narHash": "sha256-YzRWE3rCnsY0WDRJcn4KvyWUoe+5zdkUYNIaHGP9BZ4=",
+        "narHash": "sha256-jVkY2ax7e+V+M4RwLZTJnOVTdjR5Bj10VstJuK60tl4=",
         "owner": "hyprwm",
         "repo": "hypridle",
-        "rev": "5430b73ddf148651bcf35fa39ed4d757c7534028",
+        "rev": "f158b2fe9293f9b25f681b8e46d84674e7bc7f01",
         "type": "github"
       },
       "original": {
@@ -696,11 +696,11 @@
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1756977414,
+        "lastModified": 1757811161,
-        "narHash": "sha256-Hz5S4fILpYd1smWDZ+uLYjHgW22v6JS/04j15I4cFZE=",
+        "narHash": "sha256-laCB71qgn9Eht7bH1nobIzEiR5r7WRHAB7XHHxLTiLQ=",
         "owner": "hyprwm",
         "repo": "hyprland",
-        "rev": "4e785d12a91117cd5b255052799d1a051d9976c0",
+        "rev": "559024c3314e4b1180b10b80fce4e9f20bad14c8",
         "type": "github"
       },
       "original": {
@@ -717,11 +717,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755680610,
+        "lastModified": 1757889285,
-        "narHash": "sha256-g7/g5o0spemkZCzPa8I21RgCmN0Kv41B5z9Z5HQWraY=",
+        "narHash": "sha256-IUDbY2sjfa+ySyI+BEw61QANuzCYXGIdCrbkULLAr1s=",
         "owner": "hyprwm",
         "repo": "contrib",
-        "rev": "04721247f417256ca96acf28cdfe946cf1006263",
+        "rev": "bc9dbdebbebeb8eb75115a865f74c8acc3ec2424",
         "type": "github"
       },
       "original": {
@@ -835,11 +835,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753819801,
+        "lastModified": 1757508108,
-        "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=",
+        "narHash": "sha256-bTYedtQFqqVBAh42scgX7+S3O6XKLnT6FTC6rpmyCCc=",
         "owner": "hyprwm",
         "repo": "hyprland-qtutils",
-        "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc",
+        "rev": "119bcb9aa742658107b326c50dcd24ab59b309b7",
         "type": "github"
       },
       "original": {
@@ -864,11 +864,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753622892,
+        "lastModified": 1756810301,
-        "narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=",
+        "narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809",
+        "rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931",
         "type": "github"
       },
       "original": {
@@ -899,11 +899,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756969494,
+        "lastModified": 1757520666,
-        "narHash": "sha256-gpTDaJT8CSTqumMdENIw4x+mmbeoP1D3ywuAaOaRfac=",
+        "narHash": "sha256-jYV+vPzfii7HSr3RSHMMP8msjvljsfOQd6JWpKjgLuw=",
         "owner": "hyprwm",
         "repo": "hyprlock",
-        "rev": "04cfdc4e5bb0e53036e70cc20922ab346ce165cd",
+        "rev": "450ae1e5f09fa95c970fb370c037e60d3b4783f2",
         "type": "github"
       },
       "original": {
@@ -1084,11 +1084,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757052778,
+        "lastModified": 1757230583,
-        "narHash": "sha256-rYszJwY0EArAqK6q0i5bB1zxNCNRk6gVmD9SIvnoXW8=",
+        "narHash": "sha256-4uqu7sFPOaVTCogsxaGMgbzZ2vK40GVGMfUmrvK3/LY=",
         "owner": "Jovian-Experiments",
         "repo": "Jovian-NixOS",
-        "rev": "ceaa413a68f28bbf6731464594fdb2c3513e9110",
+        "rev": "fc3960e6c32c9d4f95fff2ef84444284d24d3bea",
         "type": "github"
       },
       "original": {
@@ -1145,11 +1145,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1757698528,
+        "lastModified": 1757870947,
-        "narHash": "sha256-vXZaxm2LfFrVyuUOKkyWpwR0K2WB7k2oo94HN1o4910=",
+        "narHash": "sha256-0N8w6SB6a68kWioFmlr+KfwfG44KVjPjJIBSQKNdNhE=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "2418edea929640fb5f856bc0a25fb91f54dfc229",
+        "rev": "8e9b1a571399104e42d8fa5de6c28c63bff0c16a",
         "type": "github"
       },
       "original": {
@@ -1178,11 +1178,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1757656821,
+        "lastModified": 1757832020,
-        "narHash": "sha256-MDaLusQZflxngGMU41g6cqabM7KE8I55UazzAZsjNN0=",
+        "narHash": "sha256-SCdus7r4IS8l3jzF8mcMFMlDvACTdmDCcsPnGUEqll0=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "b7909dbf61c7c1511b9a51ef46e1d503d5ba3d05",
+        "rev": "e6a8ad38479eb179dc7301755316f993e3e872ea",
         "type": "github"
       },
       "original": {
@@ -1201,11 +1201,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757123094,
+        "lastModified": 1757814419,
-        "narHash": "sha256-S0lJ5N55/DQuCeudcbZZnBZWeVs+uU+G69hgMMCosTk=",
+        "narHash": "sha256-wmlDAkOrwX9cvhXQa7wekGr/5G6SfE2D5KlvuvSEEXc=",
         "owner": "fufexan",
         "repo": "nix-gaming",
-        "rev": "77c3d68d549bfd1d43269ed2584a2cdee6320946",
+        "rev": "17db183a6a2ba1217bbfc123b47d4b5ee70b256a",
         "type": "github"
       },
       "original": {
@@ -1270,11 +1270,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1757545623,
+        "lastModified": 1757810152,
-        "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=",
+        "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8cd5ce828d5d1d16feff37340171a98fc3bf6526",
+        "rev": "9a094440e02a699be5c57453a092a8baf569bdad",
         "type": "github"
       },
       "original": {
@@ -1318,11 +1318,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1756989294,
+        "lastModified": 1757598577,
-        "narHash": "sha256-vh3F0p7pGvj9tItYjlqiZ3zTJCuw9+d74RhYCYLuaBQ=",
+        "narHash": "sha256-+PccWxBVh1cFy2sDWHlpSBG+OP0b6o/DE2EzCxsB0ns=",
         "owner": "PedroHLC",
         "repo": "nixpkgs",
-        "rev": "f04ea9d87566cfe950cf45d7311a9964dcf3bf38",
+        "rev": "7bbfafff0e9f1c9a0d10ca4d4c26aaa49a13d893",
         "type": "github"
       },
       "original": {
@@ -1366,11 +1366,11 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1756266583,
+        "lastModified": 1757487488,
-        "narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=",
+        "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2",
+        "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0",
         "type": "github"
       },
       "original": {
@@ -1398,11 +1398,11 @@
     },
     "nixpkgs_8": {
       "locked": {
-        "lastModified": 1757487488,
+        "lastModified": 1757745802,
-        "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=",
+        "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0",
+        "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
         "type": "github"
       },
       "original": {
@@ -1414,11 +1414,11 @@
     },
     "nixpkgs_9": {
       "locked": {
-        "lastModified": 1756787288,
+        "lastModified": 1757745802,
-        "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
+        "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
+        "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
         "type": "github"
       },
       "original": {
@@ -1437,11 +1437,11 @@
         "systems": "systems_4"
       },
       "locked": {
-        "lastModified": 1757095994,
+        "lastModified": 1757773905,
-        "narHash": "sha256-AXwM6/7CuQ39iwBqmc6ZNkVcCdFiK4MFRIGQgU6Mkyk=",
+        "narHash": "sha256-lM1K3cJsPQyiSGI3rE/F7u02fA/JYBsinMN49IQCY1s=",
         "owner": "notashelf",
         "repo": "nvf",
-        "rev": "fb31022b366ad21951f0352f0cc282cc6a8e9e6f",
+        "rev": "7e74ee604a7c18dda21e6a809720ad37ab5bae43",
         "type": "github"
       },
       "original": {
@@ -1460,11 +1460,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1755960406,
+        "lastModified": 1757588530,
-        "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
+        "narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
+        "rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411",
         "type": "github"
       },
       "original": {
@@ -1531,11 +1531,11 @@
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1756597274,
+        "lastModified": 1757362324,
-        "narHash": "sha256-wfaKRKsEVQDB7pQtAt04vRgFphkVscGRpSx3wG1l50E=",
+        "narHash": "sha256-/PAhxheUq4WBrW5i/JHzcCqK5fGWwLKdH6/Lu1tyS18=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "21614ed2d3279a9aa1f15c88d293e65a98991b30",
+        "rev": "9edc9cbe5d8e832b5864e09854fa94861697d2fd",
         "type": "github"
       },
       "original": {
@@ -1553,11 +1553,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757039615,
+        "lastModified": 1757730403,
-        "narHash": "sha256-qm53+EUFfzyF8F0MEscHGqf9tx462GV3/zUZrn9wiQU=",
+        "narHash": "sha256-Jxl4OZRVsXs8JxEHUVQn3oPu6zcqFyGGKaFrlNgbzp0=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "4486e04adbb4b0e39f593767f2c36e2211003d01",
+        "rev": "3232f7f8bd07849fc6f4ae77fe695e0abb2eba2c",
         "type": "github"
       },
       "original": {
@@ -1821,11 +1821,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757106493,
+        "lastModified": 1757279270,
-        "narHash": "sha256-erGDiPr316aVzFoFKX0aaAU1ZHuhn07HySbnYlpOH5w=",
+        "narHash": "sha256-q9XVkyORjd+5uZKuSbErz0nEzlKLR3TRwLtxPgkiJVI=",
         "ref": "refs/heads/main",
-        "rev": "91ee5973cc8c7bd350eb15da5ab6aa0d765c3516",
+        "rev": "2a6161f5ef9c2c65ce1e324fa0d3e0adc12a9c95",
-        "revCount": 127,
+        "revCount": 130,
         "type": "git",
         "url": "https://git.sr.ht/~canasta/zen-browser-flake"
       },

hosts/bunk/modules.nix

@@ -73,8 +73,8 @@
         enable = false;
       };
       hyprland = {
-        enable = true;
+        enable = false;
-        withUWSM = true;
+        withUWSM = false;
       };
       inkscape = {
         enable = false;
@@ -85,6 +85,9 @@
       microfetch = {
         enable = true;
       };
+      niri = {
+        enable = true;
+      };
       pkgs = {
         enable = true;
         common = {

hosts/bunk/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH72llEVDSHH/FZnjLVCe6zfdkdJRRVg2QL+ifHiPXXk root@cnix

hosts/kima/default.nix

@@ -46,6 +46,8 @@ in
   environment.variables = {
     NH_FLAKE = "/home/cnst/.nix-config";
     GEMINI_API_KEY = config.age.secrets.gcapi.path;
+    QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
+    NIXOS_OZONE_WL = "1";
   };
 
   #   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion

hosts/sobotka/server.nix

@@ -1,5 +1,4 @@
-{ config, ... }:
+{config, ...}: {
-{
   server = {
     enable = true;
     email = "adam@cnst.dev";
@@ -9,11 +8,9 @@
     uid = 994;
     gid = 993;
 
-    mounts = {
+    gitea = {
-      fast = "/mnt/user";
+      enable = true;
-      config = "/persist/opt/services";
     };
-
     unbound = {
       enable = true;
     };

modules/default.nix

@@ -137,6 +137,8 @@
         ./server/unbound
         ./server/uptime-kuma
         ./server/keepalived
+        ./server/gitea
+        ./server/postgres
       ];
     };
     settings = {

modules/home/programs/rofi/default.nix

@@ -15,7 +15,7 @@ in
   config = mkIf cfg.enable {
     programs.rofi = {
       enable = true;
-      package = pkgs.rofi-wayland;
+      package = pkgs.rofi;
       theme = ./style.rasi;
       font = "Input Mono Narrow Light 12";
       extraConfig = {

modules/server/caddy/default.nix

@@ -2,33 +2,27 @@
   config,
   lib,
   ...
-}:
+}: let
-let
   inherit (lib) mkIf mkEnableOption;
   cfg = config.server.caddy;
 
-  getCloudflareCredentials =
+  getCloudflareCredentials = hostname:
-    hostname:
+    if hostname == "ziggy"
-    if hostname == "ziggy" then
+    then config.age.secrets.cloudflareDnsCredentialsZiggy.path
-      config.age.secrets.cloudflareDnsCredentialsZiggy.path
+    else if hostname == "sobotka"
-    else if hostname == "sobotka" then
+    then config.age.secrets.cloudflareDnsCredentials.path
-      config.age.secrets.cloudflareDnsCredentials.path
+    else throw "Unknown hostname: ${hostname}";
-    else
+in {
-      throw "Unknown hostname: ${hostname}";
-  in      
-{
   options = {
     server.caddy.enable = mkEnableOption "Enables caddy";
   };
   config = mkIf cfg.enable {
-    networking.firewall =
+    networking.firewall = let
-      let
       ports = [
         80
         443
       ];
-      in
+    in {
-      {
       allowedTCPPorts = ports;
     };
 
@@ -36,9 +30,9 @@ let
       acceptTerms = true;
       defaults.email = config.server.email;
       certs.${config.server.domain} = {
-        reloadServices = [ "caddy.service" ];
+        reloadServices = ["caddy.service"];
         domain = "${config.server.domain}";
-        extraDomainNames = [ "*.${config.server.domain}" ];
+        extraDomainNames = ["*.${config.server.domain}"];
         dnsProvider = "cloudflare";
         dnsResolver = "1.1.1.1:53";
         dnsPropagationCheck = true;

modules/server/default.nix

@@ -11,20 +11,6 @@ in
 {
   options.server = {
     enable = lib.mkEnableOption "The server services and configuration variables";
-    mounts.fast = lib.mkOption {
-      default = "/mnt/cache";
-      type = lib.types.path;
-      description = ''
-        Path to the 'fast' tier mount
-      '';
-    };
-    mounts.config = lib.mkOption {
-      default = "/persist/opt/services";
-      type = lib.types.path;
-      description = ''
-        Path to the service configuration files
-      '';
-    };
     email = mkOption {
       default = "";
       type = types.str;

modules/server/gitea/default.nix

@@ -0,0 +1,112 @@
+# taken from @jtojnar
+{
+  config,
+  lib,
+  ...
+}: let
+  unit = "gitea";
+  srv = config.server;
+  cfg = config.server.${unit};
+in {
+  options.server.${unit} = {
+    enable = lib.mkEnableOption {
+      description = "Enable ${unit}";
+    };
+    url = lib.mkOption {
+      type = lib.types.str;
+      default = "git.${srv.domain}";
+    };
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 5003;
+      description = "The port to host Gitea on.";
+    };
+    homepage.name = lib.mkOption {
+      type = lib.types.str;
+      default = "Gitea";
+    };
+    homepage.description = lib.mkOption {
+      type = lib.types.str;
+      default = "Git with a cup of tea";
+    };
+    homepage.icon = lib.mkOption {
+      type = lib.types.str;
+      default = "gitea.svg";
+    };
+    homepage.category = lib.mkOption {
+      type = lib.types.str;
+      default = "Services";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.${unit} = {
+      enable = true;
+      appName = "cnix code forge";
+
+      database = {
+        type = "postgres";
+        socket = "/run/postgresql";
+        name = "gitea";
+        user = "gitea";
+        createDatabase = false;
+      };
+
+      lfs = {
+        enable = true;
+      };
+
+      settings = {
+        cors = {
+          ENABLED = true;
+          SCHEME = "https";
+          ALLOW_DOMAIN = cfg.url;
+        };
+        log = {
+          MODE = "console";
+        };
+        mailer = {
+          ENABLED = true;
+          MAILER_TYPE = "sendmail";
+          FROM = "noreply+adam@cnst.dev";
+          SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
+        };
+        picture = {
+          DISABLE_GRAVATAR = true;
+        };
+        repository = {
+          DEFAULT_BRANCH = "main";
+          DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
+          DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true;
+        };
+        server = {
+          DOMAIN = cfg.url;
+          LANDING_PAGE = "explore";
+          HTTP_PORT = cfg.port;
+          ROOT_URL = "https://${cfg.url}/";
+        };
+        security = {
+          DISABLE_GIT_HOOKS = false;
+        };
+        service = {
+          DISABLE_REGISTRATION = true;
+        };
+        session = {
+          COOKIE_SECURE = true;
+        };
+      };
+    };
+
+    services.caddy.virtualHosts."${cfg.url}" = {
+      useACMEHost = srv.domain;
+      extraConfig = ''
+        reverse_proxy http://127.0.0.1:5003
+      '';
+    };
+
+    server.postgresql.databases = [
+      {
+        database = "gitea";
+      }
+    ];
+  };
+}

modules/server/homepage-dashboard/default.nix

@@ -42,71 +42,7 @@ in
     services.${unit} = {
       enable = true;
       allowedHosts = srv.domain;
-      # environmentFile = config.age.secrets.homepageEnvironment.path;
-      # customCSS = ''
-      #   @font-face {
-      #     font-family: "VCR OSD Mono";
-      #     src: url("https://git.sr.ht/~canasta/fonts/tree/main/item/fonts/vcr-mono/TTF/vcr-mono.ttf")
-      #       format("truetype");
-      #   }
-      #   body,
-      #   html {
-      #     --mint: #d7ffff;
-      #     --outerspace: #f8ffff;
-      #     --ghostY: #0d090f;
-      #     background: var(--ghostY);
-      #   }
-      #   .font-medium {
-      #     font-weight: 700 !important;
-      #   }
-      #   .font-light {
-      #     font-weight: 500 !important;
-      #   }
-      #   .font-thin {
-      #     font-weight: 400 !important;
-      #   }
-      #   body .colorOverlay {
-      #     background: linear-gradient(0deg, var(--overlayA) 0%, var(--overlayB) 100%);
-      #     z-index: 2147483647;
-      #     pointer-events: none;
-      #     position: absolute;
-      #     top: 0;
-      #     bottom: 0;
-      #     left: 0;
-      #     right: 0;
-      #     overflow: hidden;
-      #     body {
-      #       background: var(--ghostY);
-      #       color: var(--mint);
-      #       fill: var(--outerspace);
-      #       min-width: 320px;
-      #       max-width: 100%;
-      #       min-height: 100%;
-      #       -webkit-font-smoothing: antialiased;
-      #       --overlayA: rgba(130, 0, 100, 0.07);
-      #       --overlayB: rgba(30, 190, 180, 0.07);
-      #       margin: 0;
-      #       padding: 0;
-      #       font: inherit;
-      #       font-family: VCR OSD Mono Regular;
-      #       font-size: 16px;
-      #       font-weight: 600;
-      #       position: relative;
-      #     }
-      #     #information-widgets {
-      #       padding-left: 1.5rem;
-      #       padding-right: 1.5rem;
-      #     }
-      #     div#footer {
-      #       display: none;
-      #     }
-      #     .services-group.basis-full.flex-1.px-1.-my-1 {
-      #       padding-bottom: 3rem;
-      #     }
-      #   }
-      # '';
       settings = {
-        background = "/fonts/foto.jpg";
         layout = [
           {
             Glances = {

modules/server/keepalived/default.nix

@@ -60,7 +60,7 @@ in
         unicastPeers = peers;
         virtualIps = [
           {
-            addr = "10.2.1.69/24";
+            addr = "192.168.88.69/24";
           }
         ];
         extraConfig = ''

modules/server/podman/default.nix

@@ -1,33 +1,30 @@
 {
   config,
   lib,
+  pkgs,
   ...
-}:
+}: let
-let
   srv = config.server;
   cfg = config.server.podman;
 
   piholeUrl =
-    if config.networking.hostName == "sobotka" then
+    if config.networking.hostName == "sobotka"
-      "pihole0"
+    then "pihole0"
-    else if config.networking.hostName == "ziggy" then
+    else if config.networking.hostName == "ziggy"
-      "pihole1"
+    then "pihole1"
-    else
+    else throw "Unknown hostname";
-      throw "Unknown hostname";
 
-  getPiholeSecret =
+  getPiholeSecret = hostname:
-    hostname:
+    if hostname == "ziggy"
-    if hostname == "ziggy" then
+    then [config.age.secrets.piholeZiggy.path]
-      [ config.age.secrets.piholeZiggy.path ]
+    else if hostname == "sobotka"
-    else if hostname == "sobotka" then
+    then [config.age.secrets.pihole.path]
-      [ config.age.secrets.pihole.path ]
+    else throw "Unknown hostname: ${hostname}";
-    else
+in {
-      throw "Unknown hostname: ${hostname}";
-in
-{
   options.server.podman = {
     enable = lib.mkEnableOption "Enables Podman";
     gluetun.enable = lib.mkEnableOption "Enables gluetun";
+
     qbittorrent = {
       enable = lib.mkEnableOption "Enable qBittorrent";
       url = lib.mkOption {
@@ -181,12 +178,12 @@ in
             "5031:5031"
             "50300:50300"
           ];
-          devices = [ "/dev/net/tun:/dev/net/tun" ];
+          devices = ["/dev/net/tun:/dev/net/tun"];
           autoStart = true;
           extraOptions = [
             "--cap-add=NET_ADMIN"
           ];
-          volumes = [ "/var:/gluetun" ];
+          volumes = ["/var:/gluetun"];
           environmentFiles = [
             config.age.secrets.gluetunEnvironment.path
           ];
@@ -203,7 +200,7 @@ in
         qbittorrent = {
           image = "ghcr.io/hotio/qbittorrent:latest";
           autoStart = true;
-          dependsOn = [ "gluetun" ];
+          dependsOn = ["gluetun"];
           ports = [
             "8080:8080"
             "58846:58846"
@@ -231,7 +228,7 @@ in
         slskd = {
           image = "slskd/slskd:latest";
           autoStart = true;
-          dependsOn = [ "gluetun" ];
+          dependsOn = ["gluetun"];
           ports = [
             "5030:5030"
             "5031:5031"

modules/server/postgres/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./postgres.nix
+    ./postgres-upgrade.nix
+  ];
+}

modules/server/postgres/postgres-upgrade.nix

@@ -0,0 +1,48 @@
+# taken from @jtojnar
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) types mkOption;
+
+  cfg = config.server.postgresql;
+in {
+  options = {
+    server.postgresql = {
+      upgradeTargetPackage = mkOption {
+        type = types.nullOr types.package;
+        default = null;
+        description = "PostgreSQL package that we want to upgrade to. When set, an update script will be installed.";
+      };
+    };
+  };
+
+  config = {
+    # https://nixos.org/manual/nixos/unstable/#module-services-postgres-upgrading
+    environment.systemPackages = lib.mkIf (cfg.upgradeTargetPackage != null) [
+      (pkgs.writeScriptBin "upgrade-pg-cluster" ''
+        set -eux
+        # XXX it's perhaps advisable to stop all services that depend on postgresql
+        systemctl stop postgresql
+
+        export NEWDATA="/var/lib/postgresql/${cfg.upgradeTargetPackage.psqlSchema}"
+
+        export NEWBIN="${cfg.upgradeTargetPackage}/bin"
+
+        export OLDDATA="${config.services.postgresql.dataDir}"
+        export OLDBIN="${config.services.postgresql.package}/bin"
+
+        install -d -m 0700 -o postgres -g postgres "$NEWDATA"
+        cd "$NEWDATA"
+        sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
+
+        sudo -u postgres $NEWBIN/pg_upgrade \
+          --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
+          --old-bindir $OLDBIN --new-bindir $NEWBIN \
+          "$@"
+      '')
+    ];
+  };
+}

modules/server/postgres/postgres.nix

@@ -0,0 +1,139 @@
+# taken from @jtojnar
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) types mkOption;
+
+  cfg = config.server.postgresql;
+
+  database = {name, ...}: {
+    options = {
+      database = mkOption {
+        type = types.str;
+        description = "Database name";
+      };
+
+      extraUsers = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = "List of extra users with access to this database.";
+      };
+
+      extensions = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = "List of extensions to install and enable.";
+      };
+    };
+  };
+in {
+  options = {
+    server.postgresql = {
+      databases = mkOption {
+        type = types.listOf (types.submodule database);
+        default = [];
+        description = "List of databases to set up.";
+      };
+    };
+  };
+
+  config = lib.mkIf (cfg.databases != []) {
+    services.postgresql = {
+      enable = true;
+      package = pkgs.postgresql_17;
+      extensions = lib.filter (x: x != null) (
+        lib.concatMap (
+          {extensions, ...}: map (ext: config.services.postgresql.package.pkgs.${ext} or null) extensions
+        )
+        cfg.databases
+      );
+      authentication = lib.mkForce ''
+        local all postgres peer
+        local sameuser all peer
+
+        # extra users
+        ${lib.concatMapStringsSep "\n" (
+            {
+              database,
+              extraUsers,
+              ...
+            }:
+              lib.concatMapStringsSep "\n" (user: "local ${database} ${user} peer") extraUsers
+          )
+          cfg.databases}
+      '';
+      ensureUsers = let
+        dbToUsers = {
+          database,
+          extraUsers,
+          ...
+        }:
+        # we use same username as dbname
+          [database] ++ extraUsers;
+      in
+        map (name: {inherit name;}) (lib.unique (builtins.concatMap dbToUsers cfg.databases));
+    };
+
+    systemd.services = {
+      postgres-setup = let
+        pgsql = config.services.postgresql;
+      in {
+        after = ["postgresql.service"];
+        wantedBy = ["multi-user.target"];
+        path = [pgsql.package];
+        script =
+          lib.concatMapStringsSep "\n" (
+            {
+              database,
+              extensions,
+              extraUsers,
+              ...
+            }: let
+              createExtensionsSql =
+                lib.concatMapStringsSep "; " (
+                  ext: ''CREATE EXTENSION IF NOT EXISTS "${ext}"''
+                )
+                extensions;
+              createExtensionsIfAny = lib.optionalString (extensions != []) ''
+                $PSQL -d '${database}' -c '${createExtensionsSql}'
+              '';
+            in ''
+              set -eu
+
+              PSQL="${pkgs.util-linux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.settings.port} --tuples-only --no-align"
+
+              if ! $PSQL -c "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep --quiet 1; then
+                  $PSQL -c 'CREATE DATABASE "${database}" WITH OWNER = "${database}"'
+                  ${createExtensionsIfAny}
+              fi
+              ${
+                lib.optionalString (extraUsers != [])
+                "$PSQL '${database}' -c '${
+                  lib.concatMapStringsSep "\n" (
+                    user: "GRANT ALL ON ALL TABLES IN SCHEMA public TO ${user};"
+                  )
+                  extraUsers
+                }'"
+              }
+            ''
+          )
+          cfg.databases;
+
+        serviceConfig = {
+          Type = "oneshot";
+        };
+      };
+
+      postgresql.serviceConfig = {
+        # Required by PLV8.
+        MemoryDenyWriteExecute = false;
+        SystemCallFilter = [
+          "@pkey"
+        ];
+      };
+    };
+  };
+}

modules/server/prowlarr/default.nix

@@ -39,21 +39,28 @@ in
     };
   };
   config = lib.mkIf cfg.enable {
-    services.${unit} = {
+    services = {
+      ${unit} = {
         enable = true;
-      # user = srv.user;
-      # group = srv.group;
       };
-    services.caddy.virtualHosts."${cfg.url}" = {
+      flaresolverr = {
+        enable = true;
+      };
+
+      caddy = {
+        virtualHosts."${cfg.url}" = {
           useACMEHost = srv.domain;
           extraConfig = ''
             reverse_proxy http://127.0.0.1:9696
           '';
         };
-    # users.users.prowlarr = {
+        virtualHosts."flaresolverr.${srv.domain}" = {
-    #   group = "prowlarr";
+          useACMEHost = srv.domain;
-    #   isSystemUser = true;
+          extraConfig = ''
-    # };
+            reverse_proxy http://127.0.0.1:8191
-    # users.groups.prowlarr = {};
+          '';
+        };
+      };
+    };
   };
 }

nix/default.nix

@@ -22,7 +22,15 @@
       flakeInputs = lib.filterAttrs (_: v: lib.isType "flake" v) inputs;
     in
     {
-      package = pkgs.lix;
+      package = pkgs.lix.overrideAttrs (old: {
+        patches = (old.patches or [ ]) ++ [
+          (pkgs.fetchpatch2 {
+            name = "lix-lowdown-1.4.0.patch";
+            url = "https://git.lix.systems/lix-project/lix/commit/858de5f47a1bfd33835ec97794ece339a88490f1.patch";
+            hash = "sha256-FfLO2dFSWV1qwcupIg8dYEhCHir2XX6/Hs89eLwd+SY=";
+          })
+        ];
+      });
 
       # pin the registry to avoid downloading and evaling a new nixpkgs version every time
       registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs;

users/cnst/modules/bunkmod.nix

@@ -44,9 +44,6 @@
       helix = {
         enable = true;
       };
-      hyprlock = {
-        enable = true;
-      };
       jujutsu = {
         enable = false;
       };
@@ -127,12 +124,6 @@
       gtk = {
         enable = true;
       };
-      hypridle = {
-        enable = true;
-      };
-      hyprpaper = {
-        enable = true;
-      };
       mako = {
         enable = false;
       };