diff --git a/flake.lock b/flake.lock index 18bbb8f..9ff3034 100644 --- a/flake.lock +++ b/flake.lock @@ -370,6 +370,24 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -448,6 +466,31 @@ "type": "github" } }, + "gomod2nix": { + "inputs": { + "flake-utils": [ + "transmission-protonvpn", + "flake-utils" + ], + "nixpkgs": [ + "transmission-protonvpn", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705314449, + "narHash": "sha256-yfQQ67dLejP0FLK76LKHbkzcQqNIrux6MFe32MMFGNQ=", + "owner": "tweag", + "repo": "gomod2nix", + "rev": "30e3c3a9ec4ac8453282ca7f67fca9e1da12c3e6", + "type": "github" + }, + "original": { + "owner": "tweag", + "repo": "gomod2nix", + "type": "github" + } + }, "helix": { "inputs": { "nixpkgs": [ @@ -841,6 +884,26 @@ "url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz" } }, + "nixarr": { + "inputs": { + "nixpkgs": "nixpkgs", + "vpnconfinement": "vpnconfinement", + "website-builder": "website-builder" + }, + "locked": { + "lastModified": 1755601892, + "narHash": "sha256-4FECnCcaUVQHnocuuu/KRldPW2yj7hFpd1F7bfWxTxY=", + "owner": "rasmus-kirk", + "repo": "nixarr", + "rev": "c6cd890fa028ec2a8d735a121cb0a161d265101c", + "type": "github" + }, + "original": { + "owner": "rasmus-kirk", + "repo": "nixarr", + "type": "github" + } + }, "nixos-facter-modules": { "locked": { "lastModified": 1750412875, @@ -886,11 +949,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754651824, - "narHash": "sha256-aB7ft6njy9EJfuW+rdToNChfRrHNRw/yTg5cSEnG+HI=", + "lastModified": 1748662220, + "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b069b7c1e2fe1a3a24221428558bf44128d3d5c8", + "rev": "59138c7667b7970d205d6a05a8bfa2d78caa3643", "type": "github" }, "original": { @@ -947,6 +1010,38 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1754651824, + "narHash": "sha256-aB7ft6njy9EJfuW+rdToNChfRrHNRw/yTg5cSEnG+HI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b069b7c1e2fe1a3a24221428558bf44128d3d5c8", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1705403940, + "narHash": "sha256-bl7E3w35Bleiexg01WsN0RuAQEL23HaQeNBC2zjt+9w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f0326542989e1bdac955ad6269b334a8da4b0c95", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "flake-parts": [ @@ -1094,8 +1189,9 @@ "niri": "niri", "nix-index-database": "nix-index-database", "nix-monitored": "nix-monitored", + "nixarr": "nixarr", "nixos-mailserver": "nixos-mailserver", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", "nur": "nur", "plenary-nvim": "plenary-nvim", @@ -1105,6 +1201,7 @@ "stylix": "stylix", "systems": "systems_2", "timers": "timers", + "transmission-protonvpn": "transmission-protonvpn", "treefmt-nix": "treefmt-nix", "zola-theme": "zola-theme" } @@ -1292,6 +1389,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "timers": { "inputs": { "naersk": "naersk", @@ -1395,6 +1507,26 @@ "type": "github" } }, + "transmission-protonvpn": { + "inputs": { + "flake-utils": "flake-utils_3", + "gomod2nix": "gomod2nix", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1754144961, + "narHash": "sha256-m9Kr3pIf75mdPzFszrtQg1vjbDUUV7ydR8KAVN4R184=", + "owner": "pborzenkov", + "repo": "transmission-protonvpn-nat-pmp", + "rev": "c79d5ab4db76db6932d770fe842260e96236730e", + "type": "github" + }, + "original": { + "owner": "pborzenkov", + "repo": "transmission-protonvpn-nat-pmp", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -1433,6 +1565,42 @@ "type": "github" } }, + "vpnconfinement": { + "locked": { + "lastModified": 1743810720, + "narHash": "sha256-kbv/W4gizUSa6qH2rUQdgPj9AJaeN9k2XSWUYqj7IMU=", + "owner": "Maroka-chan", + "repo": "VPN-Confinement", + "rev": "74ae51e6d18b972ecc918ab43e8bde60c21a65d8", + "type": "github" + }, + "original": { + "owner": "Maroka-chan", + "repo": "VPN-Confinement", + "type": "github" + } + }, + "website-builder": { + "inputs": { + "nixpkgs": [ + "nixarr", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750317638, + "narHash": "sha256-B4RWcXXOLO6gMeYyV+K4olu+kGGsYamKH+JAm0cIXqI=", + "owner": "rasmus-kirk", + "repo": "website-builder", + "rev": "b54192000a00e865947f45bacf3184d56363ee38", + "type": "github" + }, + "original": { + "owner": "rasmus-kirk", + "repo": "website-builder", + "type": "github" + } + }, "xwayland-satellite-stable": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 4a8ad21..57396ff 100644 --- a/flake.nix +++ b/flake.nix @@ -154,6 +154,8 @@ stylix.url = "github:nix-community/stylix"; base16-helix.url = "github:MoritzBoehme/base16-helix/fix-primary-cursor-color"; base16-helix.flake = false; + nixarr.url = "github:rasmus-kirk/nixarr"; + transmission-protonvpn.url = "github:pborzenkov/transmission-protonvpn-nat-pmp"; # Programs timers.url = "git+https://gitea.moritzboeh.me/moritz/timers.git"; diff --git a/machines/moritz-server/configuration.nix b/machines/moritz-server/configuration.nix index 8d3b531..95216d8 100644 --- a/machines/moritz-server/configuration.nix +++ b/machines/moritz-server/configuration.nix @@ -9,6 +9,7 @@ ../../modules/moritz/shared.nix ./reverse-proxy.nix ./ddns.nix + ./nixarr ./mail-server.nix ./website/root ./navidrome.nix diff --git a/machines/moritz-server/navidrome.nix b/machines/moritz-server/navidrome.nix index b143645..5cc82cb 100644 --- a/machines/moritz-server/navidrome.nix +++ b/machines/moritz-server/navidrome.nix @@ -6,7 +6,7 @@ services.navidrome = { enable = true; settings = { - MusicFolder = "/mnt/music/tagged"; + MusicFolder = "/data/music/tagged"; DataFolder = "/var/lib/navidrome"; }; }; @@ -27,7 +27,7 @@ enable = true; settings = { directory = config.services.navidrome.settings.MusicFolder; - library = "/mnt/music/beet/musiclibrary.db"; + library = "/data/music/beet/musiclibrary.db"; plugins = [ "autobpm" "mbsync" diff --git a/machines/moritz-server/nixarr/autobrr.nix b/machines/moritz-server/nixarr/autobrr.nix new file mode 100644 index 0000000..0d3aa43 --- /dev/null +++ b/machines/moritz-server/nixarr/autobrr.nix @@ -0,0 +1,73 @@ +{ + pkgs, + config, + lib, + ... +}: let + cfg = config.nixarr.autobrr; + + createAdminUser = pkgs.writeShellApplication { + name = "create-admin-user"; + runtimeInputs = [config.nixarr.autobrr.package]; + text = '' + file="${cfg.stateDir}/admin-created" + if [ ! -f $file ]; then + autobrrctl --config "${cfg.stateDir}" create-user admin < "${config.clan.core.vars.generators.nixarr-autobrr.files.password.path}" + touch "$file" + fi + ''; + }; +in { + clan.core.vars.generators."nixarr-autobrr" = { + prompts.password = { + type = "hidden"; + persist = true; + description = "Leave empty to generate automatically"; + }; + + files.password = {}; + + runtimeInputs = [ + pkgs.coreutils + pkgs.xkcdpass + ]; + + script = '' + prompt_value="$(cat "$prompts/password")" + if [[ -n "''${prompt_value-}" ]]; then + echo "$prompt_value" | tr -d "\n" > "$out"/password + else + xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/password + fi + ''; + }; + systemd.services.autobrr-setup = { + description = "Setup autobrr user"; + wantedBy = ["default.target"]; + requires = ["autobrr.service"]; + after = ["autobrr.service"]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = lib.getExe createAdminUser; + }; + }; + + nixarr.autobrr = { + enable = true; + vpn.enable = true; + settings = { + checkForUpdates = false; + port = 7474; + host = lib.mkForce "192.168.15.1"; + logLevel = "INFO"; + }; + }; + services.nginx.virtualHosts."autobrr.moritz.place" = { + forceSSL = true; + useACMEHost = "any.moritz.place"; + locations."/" = { + proxyPass = "http://192.168.15.1:${builtins.toString config.nixarr.autobrr.settings.port}"; + }; + }; +} diff --git a/machines/moritz-server/nixarr/default.nix b/machines/moritz-server/nixarr/default.nix new file mode 100644 index 0000000..31beb0e --- /dev/null +++ b/machines/moritz-server/nixarr/default.nix @@ -0,0 +1,33 @@ +{ + inputs, + config, + ... +}: { + imports = [ + inputs.nixarr.nixosModules.default + ./autobrr.nix + ./jellyfin.nix + ./jellyseerr.nix + ./ntfy.nix + ./prowlarr.nix + ./radarr.nix + ./recyclarr.nix + ./sonarr.nix + ./transmission.nix + ]; + + nixarr = { + enable = true; + stateDir = "/var/lib/nixarr"; + mediaDir = "/data/nixarr"; + vpn = { + enable = true; + wgConf = config.clan.core.vars.generators.nixarr-vpn.files.config.path; + }; + }; + + clan.core.vars.generators."nixarr-vpn" = { + prompts.config.type = "multiline"; + prompts.config.persist = true; + }; +} diff --git a/machines/moritz-server/nixarr/jellyfin.nix b/machines/moritz-server/nixarr/jellyfin.nix new file mode 100644 index 0000000..d2fdf5f --- /dev/null +++ b/machines/moritz-server/nixarr/jellyfin.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + pkgs, + ... +}: { + nixarr.jellyfin = { + # NOTE: cannot set password so just set the generated one manually + enable = true; + }; + services.nginx.virtualHosts."jellyfin.moritz.place" = { + forceSSL = true; + useACMEHost = "any.moritz.place"; + locations."/" = { + proxyPass = "http://127.0.0.1:8096"; + }; + }; + # 1. enable vaapi on OS-level + systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; # Or "i965" if using older driver + environment.sessionVariables = {LIBVA_DRIVER_NAME = "iHD";}; # Same here + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver # For Broadwell (2014) or newer processors. LIBVA_DRIVER_NAME=iHD + libva-vdpau-driver # Previously vaapiVdpau + intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) + vpl-gpu-rt # QSV on 11th gen or newer + intel-ocl # OpenCL support + ]; + }; + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "intel-ocl" + ]; + + clan.core.vars.generators."nixarr-ds-share".prompts.config = { + type = "multiline"; + persist = true; + }; + + fileSystems."/mnt/ds_media" = { + device = "//192.168.0.2/media/"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in ["${automount_opts},credentials=${config.clan.core.vars.generators.nixarr-ds-share.files.config.path},gid=${builtins.toString config.users.groups.media.gid}"]; + }; +} diff --git a/machines/moritz-server/nixarr/jellyseerr.nix b/machines/moritz-server/nixarr/jellyseerr.nix new file mode 100644 index 0000000..3519eba --- /dev/null +++ b/machines/moritz-server/nixarr/jellyseerr.nix @@ -0,0 +1,17 @@ +{ + pkgs, + config, + ... +}: { + nixarr.jellyseerr = { + # NOTE: cannot set password so just set the generated one manually + enable = true; + }; + services.nginx.virtualHosts."jellyseerr.moritz.place" = { + forceSSL = true; + useACMEHost = "any.moritz.place"; + locations."/" = { + proxyPass = "http://127.0.0.1:5055"; + }; + }; +} diff --git a/machines/moritz-server/nixarr/ntfy.nix b/machines/moritz-server/nixarr/ntfy.nix new file mode 100644 index 0000000..d15c38e --- /dev/null +++ b/machines/moritz-server/nixarr/ntfy.nix @@ -0,0 +1,72 @@ +{ + pkgs, + config, + lib, + ... +}: let + createAdminUser = pkgs.writeShellApplication { + name = "create-admin-user"; + runtimeInputs = [config.services.ntfy-sh.package]; + text = '' + file="/var/lib/ntfy-sh/admin-created" + if [ ! -f $file ]; then + NTFY_PASSWORD="$(cat "${config.clan.core.vars.generators.ntfy.files.password.path}")" ntfy user add --role=admin admin + touch "$file" + fi + ''; + }; +in { + clan.core.vars.generators."ntfy" = { + prompts.password = { + type = "hidden"; + persist = true; + description = "Leave empty to generate automatically"; + }; + + files.password = {}; + + runtimeInputs = [ + pkgs.coreutils + pkgs.xkcdpass + ]; + + script = '' + prompt_value="$(cat "$prompts/password")" + if [[ -n "''${prompt_value-}" ]]; then + echo "$prompt_value" | tr -d "\n" > "$out"/password + else + xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/password + fi + ''; + }; + services.ntfy-sh = { + enable = true; + settings = { + base-url = "https://ntfy.moritz.place"; + listen-http = ":2586"; + behind-proxy = true; + auth-default-access = "deny-all"; + }; + }; + + systemd.services.ntfy-sh-setup = { + description = "Setup ntfy user"; + wantedBy = ["default.target"]; + requires = ["ntfy-sh.service"]; + after = ["ntfy-sh.service"]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = lib.getExe createAdminUser; + }; + }; + + services.nginx.virtualHosts."ntfy.moritz.place" = { + forceSSL = true; + useACMEHost = "any.moritz.place"; + locations."/" = { + proxyPass = "http://127.0.0.1:2586"; + proxyWebsockets = true; + }; + }; +} diff --git a/machines/moritz-server/nixarr/prowlarr.nix b/machines/moritz-server/nixarr/prowlarr.nix new file mode 100644 index 0000000..1c248a9 --- /dev/null +++ b/machines/moritz-server/nixarr/prowlarr.nix @@ -0,0 +1,46 @@ +{ + config, + pkgs, + ... +}: { + clan.core.vars.generators."nixarr-prowlarr" = { + prompts.password = { + type = "hidden"; + persist = true; + description = "Leave empty to generate automatically"; + }; + + files.password.deploy = false; + + runtimeInputs = [ + pkgs.coreutils + pkgs.xkcdpass + ]; + + script = '' + prompt_value="$(cat "$prompts/password")" + if [[ -n "''${prompt_value-}" ]]; then + echo "$prompt_value" | tr -d "\n" > "$out"/password + else + xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/password + fi + ''; + }; + nixarr.prowlarr = { + # NOTE: cannot set password so just set the generated one manually + enable = true; + vpn.enable = true; + }; + services.flaresolverr.enable = true; + systemd.services.flaresolverr.vpnConfinement = { + enable = true; + vpnNamespace = "wg"; + }; + services.nginx.virtualHosts."prowlarr.moritz.place" = { + forceSSL = true; + useACMEHost = "any.moritz.place"; + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString config.nixarr.prowlarr.port}"; + }; + }; +} diff --git a/machines/moritz-server/nixarr/radarr.nix b/machines/moritz-server/nixarr/radarr.nix new file mode 100644 index 0000000..5fd6b61 --- /dev/null +++ b/machines/moritz-server/nixarr/radarr.nix @@ -0,0 +1,48 @@ +{ + pkgs, + config, + ... +}: { + clan.core.vars.generators."nixarr-radarr" = { + prompts.password = { + type = "hidden"; + persist = true; + description = "Leave empty to generate automatically"; + }; + + files.password.deploy = false; + + runtimeInputs = [ + pkgs.coreutils + pkgs.xkcdpass + ]; + + script = '' + prompt_value="$(cat "$prompts/password")" + if [[ -n "''${prompt_value-}" ]]; then + echo "$prompt_value" | tr -d "\n" > "$out"/password + else + xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/password + fi + ''; + }; + nixarr.radarr = { + # NOTE: cannot set password so just set the generated one manually + enable = true; + }; + services.nginx.virtualHosts."radarr.moritz.place" = { + forceSSL = true; + useACMEHost = "any.moritz.place"; + locations."/" = { + proxyPass = "http://127.0.0.1:7878"; + }; + }; + fileSystems."/mnt/ds_movies" = { + device = "//192.168.0.2/media/movies"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in ["${automount_opts},credentials=${config.clan.core.vars.generators.nixarr-ds-share.files.config.path},gid=${builtins.toString config.users.groups.media.gid},uid=${builtins.toString config.users.users.radarr.uid}"]; + }; +} diff --git a/machines/moritz-server/nixarr/recyclarr.nix b/machines/moritz-server/nixarr/recyclarr.nix new file mode 100644 index 0000000..575a473 --- /dev/null +++ b/machines/moritz-server/nixarr/recyclarr.nix @@ -0,0 +1,284 @@ +{pkgs, ...}: { + nixarr.recyclarr = { + # NOTE: cannot set password so just set the generated one manually + enable = true; + configFile = pkgs.writeTextFile { + name = "config.yaml"; + text = + /* + yaml + */ + '' + radarr: + movies: + api_key: !env_var RADARR_API_KEY + base_url: http://127.0.0.1:7878 + delete_old_custom_formats: true + quality_definition: + type: movie + media_naming: + folder: default + movie: + rename: true + standard: default + include: + # Comment out any of the following includes to disable them + - template: radarr-quality-definition-movie + - template: radarr-quality-profile-hd-bluray-web + - template: radarr-custom-formats-hd-bluray-web + + - template: radarr-quality-definition-movie + - template: radarr-quality-profile-uhd-bluray-web + - template: radarr-custom-formats-uhd-bluray-web + + - template: radarr-quality-definition-anime + - template: radarr-quality-profile-anime + - template: radarr-custom-formats-anime + + custom_formats: + # Movie Versions + - trash_ids: + # Uncomment any of the following lines to prefer these movie versions + # - 570bc9ebecd92723d2d21500f4be314c # Remaster + # - eca37840c13c6ef2dd0262b141a5482f # 4K Remaster + # - e0c07d59beb37348e975a930d5e50319 # Criterion Collection + # - 9d27d9d2181838f76dee150882bdc58c # Masters of Cinema + # - db9b4c4b53d312a3ca5f1378f6440fc9 # Vinegar Syndrome + # - 957d0f44b592285f26449575e8b1167e # Special Edition + # - eecf3a857724171f968a66cb5719e152 # IMAX + # - 9f6cbff8cfe4ebbc1bde14c7b7bec0de # IMAX Enhanced + assign_scores_to: + - name: HD Bluray + WEB + + # Optional + - trash_ids: + # - b6832f586342ef70d9c128d40c07b872 # Bad Dual Groups + # - cc444569854e9de0b084ab2b8b1532b2 # Black and White Editions + # - ae9b7c9ebde1f3bd336a8cbd1ec4c5e5 # No-RlsGroup + # - 7357cf5161efbf8c4d5d0c30b4815ee2 # Obfuscated + # - 5c44f52a8714fdd79bb4d98e2673be1f # Retags + # - f537cf427b64c38c8e36298f657e4828 # Scene + assign_scores_to: + - name: HD Bluray + WEB + + - trash_ids: + # Uncomment the next six lines to allow x265 HD releases with HDR/DV + - dc98083864ea246d05a42df0d05f81cc # x265 (HD) + assign_scores_to: + - name: HD Bluray + WEB + score: 0 + - trash_ids: + - 839bea857ed2c0a8e084f3cbdbd65ecb # x265 (no HDR/DV) + assign_scores_to: + - name: HD Bluray + WEB + + # Audio + - trash_ids: + # Uncomment the next section to enable Advanced Audio Formats + # - 496f355514737f7d83bf7aa4d24f8169 # TrueHD Atmos + # - 2f22d89048b01681dde8afe203bf2e95 # DTS X + # - 417804f7f2c4308c1f4c5d380d4c4475 # ATMOS (undefined) + # - 1af239278386be2919e1bcee0bde047e # DD+ ATMOS + # - 3cafb66171b47f226146a0770576870f # TrueHD + # - dcf3ec6938fa32445f590a4da84256cd # DTS-HD MA + # - a570d4a0e56a2874b64e5bfa55202a1b # FLAC + # - e7c2fcae07cbada050a0af3357491d7b # PCM + # - 8e109e50e0a0b83a5098b056e13bf6db # DTS-HD HRA + # - 185f1dd7264c4562b9022d963ac37424 # DD+ + # - f9f847ac70a0af62ea4a08280b859636 # DTS-ES + # - 1c1a4c5e823891c75bc50380a6866f73 # DTS + # - 240770601cc226190c367ef59aba7463 # AAC + # - c2998bd0d90ed5621d8df281e839436e # DD + assign_scores_to: + - name: UHD Bluray + WEB + + # Movie Versions + - trash_ids: + # Uncomment any of the following lines to prefer these movie versions + # - 570bc9ebecd92723d2d21500f4be314c # Remaster + # - eca37840c13c6ef2dd0262b141a5482f # 4K Remaster + # - e0c07d59beb37348e975a930d5e50319 # Criterion Collection + # - 9d27d9d2181838f76dee150882bdc58c # Masters of Cinema + # - db9b4c4b53d312a3ca5f1378f6440fc9 # Vinegar Syndrome + # - 957d0f44b592285f26449575e8b1167e # Special Edition + # - eecf3a857724171f968a66cb5719e152 # IMAX + # - 9f6cbff8cfe4ebbc1bde14c7b7bec0de # IMAX Enhanced + assign_scores_to: + - name: UHD Bluray + WEB + + # Optional + - trash_ids: + # - b6832f586342ef70d9c128d40c07b872 # Bad Dual Groups + # - cc444569854e9de0b084ab2b8b1532b2 # Black and White Editions + # - ae9b7c9ebde1f3bd336a8cbd1ec4c5e5 # No-RlsGroup + # - 7357cf5161efbf8c4d5d0c30b4815ee2 # Obfuscated + # - 5c44f52a8714fdd79bb4d98e2673be1f # Retags + # - f537cf427b64c38c8e36298f657e4828 # Scene + assign_scores_to: + - name: UHD Bluray + WEB + + - trash_ids: + # Uncomment the next six lines to allow x265 HD releases with HDR/DV + - dc98083864ea246d05a42df0d05f81cc # x265 (HD) + assign_scores_to: + - name: UHD Bluray + WEB + score: 0 + - trash_ids: + - 839bea857ed2c0a8e084f3cbdbd65ecb # x265 (no HDR/DV) + assign_scores_to: + - name: UHD Bluray + WEB + + - trash_ids: + # Comment out the next line if you and all of your users' setups are fully DV compatible + - 923b6abef9b17f937fab56cfcf89e1f1 # DV (WEBDL) + + # HDR10+ Boost - Uncomment the next two lines if any of your devices DO support HDR10+ + # - b17886cb4158d9fea189859409975758 # HDR10Plus Boost + # - 55a5b50cb416dea5a50c4955896217ab # DV HDR10+ Boost + assign_scores_to: + - name: UHD Bluray + WEB + + # Optional SDR + # Only ever use ONE of the following custom formats: + # SDR - block ALL SDR releases + # SDR (no WEBDL) - block UHD/4k Remux and Bluray encode SDR releases, but allow SDR WEB + - trash_ids: + # - 9c38ebb7384dada637be8899efa68e6f # SDR + - 25c12f78430a3a23413652cbd1d48d77 # SDR (no WEBDL) + assign_scores_to: + - name: UHD Bluray + WEB + + # Anime + - trash_ids: + - 064af5f084a0a24458cc8ecd3220f93f # Uncensored + assign_scores_to: + - name: Remux-1080p - Anime + score: 0 # Adjust scoring as desired + + - trash_ids: + - a5d148168c4506b55cf53984107c396e # 10bit + assign_scores_to: + - name: Remux-1080p - Anime + score: 0 # Adjust scoring as desired + + - trash_ids: + - 4a3b087eea2ce012fcc1ce319259a3be # Anime Dual Audio + assign_scores_to: + - name: Remux-1080p - Anime + score: 0 # Adjust scoring as desired + sonarr: + series: + api_key: !env_var SONARR_API_KEY + base_url: http://127.0.0.1:8989 + delete_old_custom_formats: true + quality_definition: + type: series + media_naming: + series: default + season: default + episodes: + rename: true + standard: default + daily: default + anime: default + include: + # Comment out any of the following includes to disable them + - template: sonarr-quality-definition-series + - template: sonarr-v4-quality-profile-web-1080p + - template: sonarr-v4-custom-formats-web-1080p + + - template: sonarr-quality-definition-series + - template: sonarr-v4-quality-profile-web-2160p + - template: sonarr-v4-custom-formats-web-2160p + + - template: sonarr-quality-definition-anime + - template: sonarr-v4-quality-profile-anime + - template: sonarr-v4-custom-formats-anime + + # Custom Formats: https://recyclarr.dev/wiki/yaml/config-reference/custom-formats/ + custom_formats: + # Optional + - trash_ids: + # - 32b367365729d530ca1c124a0b180c64 # Bad Dual Groups + # - 82d40da2bc6923f41e14394075dd4b03 # No-RlsGroup + # - e1a997ddb54e3ecbfe06341ad323c458 # Obfuscated + # - 06d66ab109d4d2eddb2794d21526d140 # Retags + # - 1b3994c551cbb92a2c781af061f4ab44 # Scene + assign_scores_to: + - name: WEB-1080p + + - trash_ids: + # Uncomment the next six lines to allow x265 HD releases with HDR/DV + - 47435ece6b99a0b477caf360e79ba0bb # x265 (HD) + assign_scores_to: + - name: WEB-1080p + score: 0 + - trash_ids: + - 9b64dff695c2115facf1b6ea59c9bd07 # x265 (no HDR/DV) + assign_scores_to: + - name: WEB-1080p + + # HDR Formats + - trash_ids: + # Comment out the next line if you and all of your users' setups are fully DV compatible + - 9b27ab6498ec0f31a3353992e19434ca # DV (WEBDL) + + # HDR10+ Boost - Uncomment the next two lines if any of your devices DO support HDR10+ + # - 0dad0a507451acddd754fe6dc3a7f5e7 # HDR10+ Boost + # - 385e9e8581d33133c3961bdcdeffb7b4 # DV HDR10+ Boost + assign_scores_to: + - name: WEB-2160p + + # Optional + - trash_ids: + # - 32b367365729d530ca1c124a0b180c64 # Bad Dual Groups + # - 82d40da2bc6923f41e14394075dd4b03 # No-RlsGroup + # - e1a997ddb54e3ecbfe06341ad323c458 # Obfuscated + # - 06d66ab109d4d2eddb2794d21526d140 # Retags + # - 1b3994c551cbb92a2c781af061f4ab44 # Scene + assign_scores_to: + - name: WEB-2160p + + - trash_ids: + # Uncomment the next six lines to allow x265 HD releases with HDR/DV + - 47435ece6b99a0b477caf360e79ba0bb # x265 (HD) + assign_scores_to: + - name: WEB-2160p + score: 0 + - trash_ids: + - 9b64dff695c2115facf1b6ea59c9bd07 # x265 (no HDR/DV) + assign_scores_to: + - name: WEB-2160p + + # Optional SDR + # Only ever use ONE of the following custom formats: + # SDR - block ALL SDR releases + # SDR (no WEBDL) - block UHD/4k Remux and Bluray encode SDR releases, but allow SDR WEB + - trash_ids: + # - 2016d1676f5ee13a5b7257ff86ac9a93 # SDR + - 83304f261cf516bb208c18c54c0adf97 # SDR (no WEBDL) + assign_scores_to: + - name: WEB-2160p + + # Anime + - trash_ids: + - 026d5aadd1a6b4e550b134cb6c72b3ca # Uncensored + assign_scores_to: + - name: Remux-1080p - Anime + score: 0 # Adjust scoring as desired + + - trash_ids: + - b2550eb333d27b75833e25b8c2557b38 # 10bit + assign_scores_to: + - name: Remux-1080p - Anime + score: 0 # Adjust scoring as desired + + - trash_ids: + - 418f50b10f1907201b6cfdf881f467b7 # Anime Dual Audio + assign_scores_to: + - name: Remux-1080p - Anime + score: 0 # Adjust scoring as desired + ''; + }; + }; +} diff --git a/machines/moritz-server/nixarr/sonarr.nix b/machines/moritz-server/nixarr/sonarr.nix new file mode 100644 index 0000000..0f21ce0 --- /dev/null +++ b/machines/moritz-server/nixarr/sonarr.nix @@ -0,0 +1,48 @@ +{ + pkgs, + config, + ... +}: { + clan.core.vars.generators."nixarr-sonarr" = { + prompts.password = { + type = "hidden"; + persist = true; + description = "Leave empty to generate automatically"; + }; + + files.password.deploy = false; + + runtimeInputs = [ + pkgs.coreutils + pkgs.xkcdpass + ]; + + script = '' + prompt_value="$(cat "$prompts/password")" + if [[ -n "''${prompt_value-}" ]]; then + echo "$prompt_value" | tr -d "\n" > "$out"/password + else + xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/password + fi + ''; + }; + nixarr.sonarr = { + # NOTE: cannot set password so just set the generated one manually + enable = true; + }; + services.nginx.virtualHosts."sonarr.moritz.place" = { + forceSSL = true; + useACMEHost = "any.moritz.place"; + locations."/" = { + proxyPass = "http://127.0.0.1:8989"; + }; + }; + fileSystems."/mnt/ds_tv" = { + device = "//192.168.0.2/media/tv"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in ["${automount_opts},credentials=${config.clan.core.vars.generators.nixarr-ds-share.files.config.path},gid=${builtins.toString config.users.groups.media.gid},uid=${builtins.toString config.users.users.sonarr.uid}"]; + }; +} diff --git a/machines/moritz-server/nixarr/transmission.nix b/machines/moritz-server/nixarr/transmission.nix new file mode 100644 index 0000000..e26ebf1 --- /dev/null +++ b/machines/moritz-server/nixarr/transmission.nix @@ -0,0 +1,106 @@ +{ + inputs, + config, + pkgs, + lib, + ... +}: let + transmissionUserName = "admin"; +in { + imports = [inputs.nixarr.nixosModules.default]; + + clan.core.vars.generators."nixarr-transmission" = { + prompts.password = { + type = "hidden"; + persist = true; + description = "Leave empty to generate automatically"; + }; + + files.credentialsFile = {}; + files.password.deploy = false; + files.cross-seed-credentialsFile = {}; + + runtimeInputs = [ + pkgs.coreutils + pkgs.xkcdpass + pkgs.mkpasswd + pkgs.openssl + ]; + + script = '' + prompt_value="$(cat "$prompts/password")" + if [[ -n "''${prompt_value-}" ]]; then + echo "$prompt_value" | tr -d "\n" > "$out"/password + else + xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/password + fi + + PASS="$(cat "$out/password")" + SALT="$(openssl rand -hex 4)" + HASH="$(echo -n "$PASS$SALT" | sha1sum | cut -d" " -f 1)" + + echo "{\"rpc-password\": \"{$HASH$SALT\", \"rpc-authentication-required\": true, \"rpc-username\": \"${transmissionUserName}\"}" > $out/credentialsFile + echo "{\"transmissionRpcUrl\": \"http://admin:$PASS@localhost:9091/transmission/rpc\"}" > $out/cross-seed-credentialsFile + ''; + }; + nixarr.transmission = { + enable = true; + vpn.enable = true; + peerPort = 39350; + credentialsFile = config.clan.core.vars.generators.nixarr-transmission.files.credentialsFile.path; + }; + services.nginx.virtualHosts."torrent.moritz.place" = { + forceSSL = true; + useACMEHost = "any.moritz.place"; + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString config.nixarr.transmission.uiPort}"; + }; + }; + nixarr.transmission.privateTrackers.cross-seed = { + enable = true; + extraSettings = { + delay = 30; + matchMode = "partial"; + skipRecheck = true; + autoResumeMaxDownload = 52428800; + ignoreNonRelevantFilesToResume = false; + linkDirs = [ + "${config.nixarr.mediaDir}/torrents/.linking" + ]; + excludeOlder = "2 weeks"; + excludeRecentSearch = "3 days"; + searchCadence = "1 day"; + snatchTimeout = "30 seconds"; + searchTimeout = "2 minutes"; + }; + indexIds = [ + 4 + 1 + ]; + }; + systemd.services.cross-seed = { + serviceConfig = { + ExecStartPre = let + cross-seed-credentialsFile = config.clan.core.vars.generators.nixarr-transmission.files.cross-seed-credentialsFile.path; + cfg = config.util-nixarr.services.cross-seed; + in + lib.mkAfter [ + ( + "+" + + pkgs.writeShellScript "transmission-prestart-custom" '' + tmp="$(mktemp)" + ${pkgs.jq}/bin/jq --slurp add '${cfg.dataDir}/config.json' '${cross-seed-credentialsFile}' > "$tmp" + install -D -m 600 -o '${cfg.user}' "$tmp" '${cfg.dataDir}/config.json' + rm -rf "$tmp" + '' + ) + ]; + }; + }; + systemd.tmpfiles.rules = let + cfg = config.nixarr; + in lib.mkAfter [ + "d '${cfg.mediaDir}/torrents/.linking' 0750 cross-seed cross-seed - -" + "d '${cfg.mediaDir}/torrents/.cross-seed' 0750 cross-seed cross-seed - -" + ]; +} diff --git a/machines/moritz-server/yottamaster.nix b/machines/moritz-server/yottamaster.nix index faeb536..ccd4fa6 100644 --- a/machines/moritz-server/yottamaster.nix +++ b/machines/moritz-server/yottamaster.nix @@ -1,15 +1,9 @@ { - clan-core, - config, lib, ... }: let - suffix = config.clan.core.vars.generators.disk-id.files.diskId.value; + suffix = "ec39b1a05fa0435186d503ca901baac0"; in { - imports = [ - clan-core.clanModules.disk-id - ]; - boot.loader.systemd-boot.enable = true; disko.devices = { disk = let @@ -49,13 +43,22 @@ in { rootFsOptions = { compression = "zstd"; "com.sun:auto-snapshot" = "false"; + "canmount" = "noauto"; }; + mountpoint = null; datasets = { music = { type = "zfs_fs"; - mountpoint = "/music"; + mountpoint = "/data/music"; options."com.sun:auto-snapshot" = "true"; + options."canmount" = "noauto"; + }; + nixarr = { + type = "zfs_fs"; + mountpoint = "/data/nixarr"; + options."com.sun:auto-snapshot" = "true"; + options."canmount" = "noauto"; }; }; }; diff --git a/modules/zfs_unencrypted.nix b/modules/zfs_unencrypted.nix index 8c47af6..5c33a7c 100644 --- a/modules/zfs_unencrypted.nix +++ b/modules/zfs_unencrypted.nix @@ -1,14 +1,6 @@ -{ - clan-core, - config, - ... -}: let - suffix = config.clan.core.vars.generators.disk-id.files.diskId.value; +{...}: let + suffix = "ec39b1a05fa0435186d503ca901baac0"; in { - imports = [ - clan-core.clanModules.disk-id - ]; - boot.loader.systemd-boot.enable = true; disko.devices = { disk = { diff --git a/vars/per-machine/moritz-server/nixarr-autobrr/password/machines/moritz-server b/vars/per-machine/moritz-server/nixarr-autobrr/password/machines/moritz-server new file mode 120000 index 0000000..f18ca49 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-autobrr/password/machines/moritz-server @@ -0,0 +1 @@ +../../../../../../sops/machines/moritz-server \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-autobrr/password/secret b/vars/per-machine/moritz-server/nixarr-autobrr/password/secret new file mode 100644 index 0000000..c7fecc4 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-autobrr/password/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:lVRDTykTSRdNEJH1wfneC9kmh8vMcI/c1drIBvczQz8=,iv:K92h48oIa1qLQRREJ+R4pokz07rx+dMsrFHNqvHWI9Q=,tag:UTtBH7buFRp6AlI28H4DBA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1wwlwwv9gscl9z6k59z6pp8hcay7vehvqp6y5f85pjyd9seqe8s0q5dkmr4", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUkExQjFGcm9tQVlKUEcz\nVldjUVp2cUF2T0R3SGplYkN4OTM1bzBzTEJ3CnFRMnB1YldzMitKVGhxZmh4bk9U\nZDFIYWlLVXJSWm5IWFBUT1ZtbXNYaGMKLS0tIDcyc2ltc0lSaXZCaThra3haM3l5\nVmtCZFNGdFhzMjB6K1gvMVQzaXphdG8KqIvMMizgE2AY01flyIKKWRCTQxfzsf3N\npvhOazr2fVydTZI6fGg9FouNp34m54WUXDnxVRCuJy4lRSju+VGueg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYOS9OUjZXcGVBdEptSjBa\nblgxNzZSYXlxNWlZd2VFV0tBQ2tudGptbkZRCjJJOUpucE5PZnV5cStRRmpFNmxG\nM3NjS00zaFlmVmlaSWNyQkVnb0U2alUKLS0tIExkc0pETGlDZ2pMQ0ViVG90Tm1M\nUCt5QVdCcGF2WjFLenVoUmhFVmo2MWMKPAnGxXru4AYaGl6xiaAM772OyrCEEEj/\nYYfMyZzSySTg0jjnvOKu0wyTllMOvVnLZTIPnra27rxG61dfIyv8rg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-26T07:09:17Z", + "mac": "ENC[AES256_GCM,data:0+2BfCchg9UhjQgM1RKbZxboKhjrfA8nooHo23mqFsbwkIL/SAILWJRjlkGXeQKJDq5PUT1a+dyWI+KxXASdf/5IXVlOunM8GV1u6V0EjzsAfdSj0oqpoF1fvIQlMoQTxTPEmJGQLHd6dhLtG19+3nTv7c59EVtOfDrhyDzH8VM=,iv:J83qjr96mXe16UHm5dRY8uYFzmbJDyIxbdbFiI23BoI=,tag:yNTYqai91xZ5n9WewbBZDw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/nixarr-autobrr/password/users/moritz b/vars/per-machine/moritz-server/nixarr-autobrr/password/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-autobrr/password/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-ds-share/config/machines/moritz-server b/vars/per-machine/moritz-server/nixarr-ds-share/config/machines/moritz-server new file mode 120000 index 0000000..f18ca49 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-ds-share/config/machines/moritz-server @@ -0,0 +1 @@ +../../../../../../sops/machines/moritz-server \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-ds-share/config/secret b/vars/per-machine/moritz-server/nixarr-ds-share/config/secret new file mode 100644 index 0000000..1c5ba8e --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-ds-share/config/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:2bpFC/bJUfOB/K0YmxIoAyzGTV37ceEQt3rfvqxLBrf1gxtxgX1J4HCAFY5j5MdymPfEvc+/ioBNU/MZXx6ghvVMQ4uLU5ZYsSs=,iv:8p3nETbU8vGCXbPhR81DNdWFjRjYln8mzsIXqa1/z/Y=,tag:86FtW1EHYtTV7b2J4IzT7Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZEtDb3R2NzBWWEZLRW03\nbVhvMFNUd1VYcFpMcWk5WFRERm0yVm5wREJjCitOSjU5ZG5pRVJQUWU3TzdsVzdx\nWEtONTVicUtSMmxLVEtxejVzdnR1WjgKLS0tIDUwREcydGlnM1Bab0JETm5DUWtw\nbENTbVFEY2hOZFcwcmg3KzhiRlNtQ1UKFVi8ANd2mkUpRJhSRYC8Q50T/74dKxnl\ny98tkS0Et9pn8siKkwjKWadZT9scg04ax9pobT7XIYpN3tsV/hV5Nw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1wwlwwv9gscl9z6k59z6pp8hcay7vehvqp6y5f85pjyd9seqe8s0q5dkmr4", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUmZEbU5DbWk2OFd3VXpy\nNXBodERMSDhjMzQvRk5pa0NDMDBIYStCZXhJCnVKMytxWU9uZkpWQ09SUVFKdi95\nQmRvQVQzcjl2dHkzbFYzdURjUTdqMGsKLS0tIEVYeWFFbzZoaDRLaFJCVmFScjQ0\nZW5WTlVzazhhS2ZFeThWUGU4L0IzYlEKm61XL118FqamCKx1trrEAylSjgPayUoC\ngviZ+G1VZnRrlzdBAId686OcFynIIH4nns7SaB8zVQWG7KOmv0dZSw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-25T19:17:51Z", + "mac": "ENC[AES256_GCM,data:WG3XTgoH8rxyjGyt4zrMsq82gF+6fYim7pgUPWZYa0JAzhluy2svu6w/Lmz8eNS9SEMGZm8UNW5X6yB91tH9ijsQThV2azpEqdyuYQyqp1bOXERJ0UnP2KuyeayoeJ6fZcT/Y5m7Y77IrxBFScE5xL0gXAVouhWPT2c9I3x7N84=,iv:UMNGcT77cydi4df85kpCUkyedWhET4MlmooNth+OPts=,tag:tGyf1pYjt9r2d0ljJYowFw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/nixarr-ds-share/config/users/moritz b/vars/per-machine/moritz-server/nixarr-ds-share/config/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-ds-share/config/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-jellyseerr/password/secret b/vars/per-machine/moritz-server/nixarr-jellyseerr/password/secret new file mode 100644 index 0000000..d94e116 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-jellyseerr/password/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:ARF1JOiLGOrh8E4nWvwpTK8UgUvjSIdjcGbWORtFRCG5ZA==,iv:kaAgvX5ZVG6ML7MGsHtNM0DMpuAi3HrVZ2GCtFAbGhA=,tag:XjQ5YfZMvO8mfd7tdN/76Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1NGxrOTdDQUVhckp0bkc1\naVFFWTdrMkRNUW1PQ3lqVGFidUNPYjVIelY4CmFuR2FtSDY2MzZZQzdMVUEvdEl6\nUkczcnI0ajNaYURyeEJIelBNL1grVDgKLS0tIEFXaFQyMDBkRmoyaDdLZElxVk83\nTXZINFo5TmYvUGY3MDJyL3JFTk04YmcKyg9IkN0H5KoS09ZdMLQwfcxi5b+QtMLs\n3De55H2KF8Nq2W92l7izHTaXv/vTRCY7hTKakWt8XPWN/2OBEswGAg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-26T09:01:16Z", + "mac": "ENC[AES256_GCM,data:7y8yJnqFb9tmJcQTccdet6n2oFFZSnalfsWFnCUzoI4olMyMof75djCP6SUwP9cw9bm2aYqv69pDU4kJZpv0eK/4SwdDq9xSc5JprVSd/gSHNwB/gU7qMG+5UOyrPyl1oh7d6eS8Z7JhOsi/1l/JvIrchcqXJER+PnZWDHl1pd8=,iv:EbXHxhFX+Tp5DgC8yOxI/+2rYOrFkZEN5p3g5gw9wV4=,tag:xhSSt+/w+DfQSn4PTLEo6Q==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/nixarr-jellyseerr/password/users/moritz b/vars/per-machine/moritz-server/nixarr-jellyseerr/password/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-jellyseerr/password/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-prowlarr/password/secret b/vars/per-machine/moritz-server/nixarr-prowlarr/password/secret new file mode 100644 index 0000000..5c9ffe8 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-prowlarr/password/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:IeempgJEMPvHCRjyqliRgQ2q7S2xkhjvoiz4pFc3zA==,iv:xVe2suNuCjvzPdZs8a9Yvf7qqL1RQC+PMO/tpyXbQrg=,tag:B51jJi/jx74z6fccNkvVUg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwKzE0d1pPUm1MaUtCT05U\nNkwyeTBKYXhNM3Bxcm5wb1lwblRwNzF1b3pFCjhHWmdsYzJVdVVGSCtvK3hkTGlU\ndHJ5Z1lrYXNodDN3Rm5uZ0VGZHY1bzgKLS0tIG5sNEhHSVBidVZoT09IUVBXRVUr\nWlk0Vld6SHVXWjZ5UVl1YXkvREJKakkKExdXndo9UsgodHPOWqHLzWIJ0DKSvm4s\npcNw/DHqDDHy1tRnIdEYtszT7HuzpE4GHAkq0ONe1rYe602geUy9Mw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-25T10:38:45Z", + "mac": "ENC[AES256_GCM,data:5bgJtmS4ewpOjagfd7mrbo/8pelrUmNXDpHfc4LLeWYzvIS1cXjsqLB3TAs2yITHlBRMJPpFwguh40j23/Rb5v7USZsLfnKT/jgoca53/+JG08ZT9zynB20V/4BoNq87hx9rGWLJpx5pS3gK2D3QsOs8KjaSYtt0KAcGaCarPJE=,iv:Yjy9kWdPZtOcwp3KbQAiQb99Wk6NtbFMd7xa75XzZvs=,tag:GC/qDaD+4QZkTaV5JZPtHQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/nixarr-prowlarr/password/users/moritz b/vars/per-machine/moritz-server/nixarr-prowlarr/password/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-prowlarr/password/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-radarr/password/secret b/vars/per-machine/moritz-server/nixarr-radarr/password/secret new file mode 100644 index 0000000..fd355d7 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-radarr/password/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:Ehh/4LVs4jPVCm7Zg3hsrdUrfSjdcQJIWLNk/UY=,iv:YvmKSkNF9i+8o+PezHEYs+jN/mt84cfnhvTzC5IZ5s8=,tag:o9DhJ6Nf3xt748Azg3LKFw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTK1MvUWdFSlUwYVFwcm9x\nR0lzc2lab2ZEelB3WklPTndOMVdmTlVQYTJNCnZpM1R1WnVYRlBJTlVmTHJ6cXNZ\nTjZuM28xak9zNjBzY3VHRDRPQytqNTgKLS0tIC9NWU9WZmtiZ2ZudUMzR3QrRHBE\nQjNSbGUrb3BXTkFWN0NkRHpzZnljdzQKsb7DlBjcG2WN8swGhfns9nCUt5j8nhhT\nZ8kXWUabgQA9T2T8iHpunLYfpfiFSFJ3zDbwbAdEc01ckA7ZjMWg5g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-25T12:33:17Z", + "mac": "ENC[AES256_GCM,data:gdY7kyM1Bgv5BDMFaOye9f0rzk7Fs5yJDWw8iqLV9H+5SN9+EWKZwW0Ch489s5tdzAkbolMExbcGqVjSFfJDpiSdMOeNncMIvqrH1m0yhYj098pKlPyYq4UTlIWNaZkeeZHKsWXZ3Ri03Vq982emc8OkODTnRssMz9kUeVzhCp0=,iv:XPCcEje588PL7vhsJlji7LtFlvL3GRhoPMPyyQHRzvM=,tag:5codCpqd3fSAXNVEHQutbg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/nixarr-radarr/password/users/moritz b/vars/per-machine/moritz-server/nixarr-radarr/password/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-radarr/password/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-sonarr/password/secret b/vars/per-machine/moritz-server/nixarr-sonarr/password/secret new file mode 100644 index 0000000..92e5d3a --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-sonarr/password/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:cb6pTcGjVMTXF7j+C1w5lMhQRnNz68Q43bmdlFuRaw==,iv:nrZnxN1Y/eoLw3nuUMd+jIboJcOOh0G4PNio75dYS9g=,tag:3z9xvOs8crBGtJ5yolM7Hw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQWRaYjVITHFjVkpEczhh\nZ0Zod25HMWRSbEljTE80enE3bytHTE9IYVRnCjg5Nzc5enAwSURzQmdaUnhDWE14\nbUFzZTN6aU0wOVlyWkJ2RTYzSmpsckEKLS0tIGNkQmJpZE9BamJPM1Z2WHF1OFNn\nN0xCL1FkWlFCcXRHSjZPcXVkQnBPRGMKaK0Y5+R/sdQ05Wb5QY64cW7xCQ47L6ex\n8c/Y+v/LgPmc7hnijbQ7G9rC9qWtZKDXF6vNp9lQ5jt27dMY09FYlw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-25T12:33:19Z", + "mac": "ENC[AES256_GCM,data:YdXBi8QA0JOvkw6RFofvill5nmsJ0Tdx4YkzZa6Ho/qsYGAPyoahmeQ4DAoeS4BvBjXKyKYcnPh1sHLU9X3iOJzblwoqHwLpYsNiBlg/vuaNvm5DefjjJ60BXmvOEa6co5rbbKmKZek//CNztmVg8qv/F8PlEia3vMuinUJlGx0=,iv:ulv4NoscP5uvDGL/jnelLO9c2ESJB9nKNySUYrb0r7I=,tag:IM3ZmdRyhWKzDelNgIZAgQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/nixarr-sonarr/password/users/moritz b/vars/per-machine/moritz-server/nixarr-sonarr/password/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-sonarr/password/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-transmission/credentialsFile/machines/moritz-server b/vars/per-machine/moritz-server/nixarr-transmission/credentialsFile/machines/moritz-server new file mode 120000 index 0000000..f18ca49 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-transmission/credentialsFile/machines/moritz-server @@ -0,0 +1 @@ +../../../../../../sops/machines/moritz-server \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-transmission/credentialsFile/secret b/vars/per-machine/moritz-server/nixarr-transmission/credentialsFile/secret new file mode 100644 index 0000000..f0df7c3 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-transmission/credentialsFile/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:PC6y70qSnlp2v5Pyy9nI5w8CR46Q2E1wicJ2w3QRI8dEaYn9/f3W06cvxW90z4dPDi8jbczXSc13wzgnYb+oPJceTRRg5S6ILumiX1aAW1QrUtjsqeIylXBCsG1y2BS7qmK6vCjU0kwIMb1PjFfoFlVnKJwv6cskw/v+0YAxVqZN06Gq,iv:i6XV6M92CLnd0k++Jeo33S2vKf10CDp1q/VjZ+zLPX8=,tag:nwZFIqutHjCyQhBpsrAH6w==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxbDM3WWFQN29sMm9XR3Fk\nb3Z2NTBCREFwc2dyZUpZMUZ1US9zZmhMMkY4CldCMnZCcldOdFZqeFFyOUVvL1pT\nZkxSRmIzQkExK2FTcW5RNklCaVlkR1EKLS0tIGlrdTh4U0dXNVFHY2xuVTZvUjZK\nS3RUY00wYnhKdjhUR004TTlMYWN5c1EKP4F0sofTsvwZy0Zi+QZST2qhm/Vhr138\n8c+c0EVtcrWSkdQfH8QuUcXLyc59symuNmla0x0nwh49+fbX+fXRtw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1wwlwwv9gscl9z6k59z6pp8hcay7vehvqp6y5f85pjyd9seqe8s0q5dkmr4", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwY01ESVNwZXV0RVR5TWVO\nQjRxaThEVnNFT2s3MkkzR3FXN0VSSnZsUzNNCk1uTWlYaE5HanBLUktDK00zb3B3\nRlhxRmgrY0V1cXhZdUorTGg1bTRBOVkKLS0tIFRoRzVJaWtaczRTbmFlaWtnR3N5\nQlFEd0ltQ3N2TjNLcnV2MVpJdkdYRnMKyemR1It3uzAW52AWAjtY+QUzcg3the70\nJ1XPR2EHDaZqlRBwghq+L12B/snfWgvLiSer4Oe/AZDC+CZG2oWZHQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-26T12:27:28Z", + "mac": "ENC[AES256_GCM,data:zeH7UmGVEPUKLronjeVwTgs1U9dg/OGg/h3Tbqvb7msKJDSqbU7QZ2LYzTHvKQSNZnzudL+DoaE4W/pGHTiLrRO61SzlTdTvufSlWHVwHeOtVNFToLlf4gI1Hd/2qKVlJ22KBcNWFA9iUNQdw7rIKvUjMblWc8SQn5LZmxYOGC4=,iv:isonTtz2wd6d/4E/Q8eR+8+sA+gwL4c4zz9HEvz5Ej0=,tag:EPT3f1dQK5iXwoUwnvupHg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/nixarr-transmission/credentialsFile/users/moritz b/vars/per-machine/moritz-server/nixarr-transmission/credentialsFile/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-transmission/credentialsFile/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-transmission/cross-seed-credentialsFile/machines/moritz-server b/vars/per-machine/moritz-server/nixarr-transmission/cross-seed-credentialsFile/machines/moritz-server new file mode 120000 index 0000000..f18ca49 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-transmission/cross-seed-credentialsFile/machines/moritz-server @@ -0,0 +1 @@ +../../../../../../sops/machines/moritz-server \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-transmission/cross-seed-credentialsFile/secret b/vars/per-machine/moritz-server/nixarr-transmission/cross-seed-credentialsFile/secret new file mode 100644 index 0000000..dcd2c2a --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-transmission/cross-seed-credentialsFile/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:wmhpUjgD6U9Epf0BpxCBxtgAZSmSSjmhy1YJZ+irt17pZTUuT+zqZZn9drKCtZm+IS99iiPpLZYMpEaOQ8kW5knWkl8WWWF/kNA4Ag00AaMSnr34NrxmDEPXpHbtsQDg+fCarQxH9uY=,iv:Q1fEucsGOJCKR5SkvnnddGdCwnP0YDsINl40+MQ0aNY=,tag:uJMXfleQcdnVQ7OEZWXzyQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbXQ3M1dmS3JOdk5zUWE2\nZ0lMN1VYdDNOaTJVYjNCQnhLd1ZlM3ZZQm5rCnR5S2txL3lhRWxwMkg3S0owZ0tC\nMG1sb0x2eTVYajh4ZlFVOFBVNmgzaWcKLS0tIGx1c1VUamRwK3pXcFhJUVhhY3ov\nbEd3QTQ0bkl1M0s1Zi9hNEQxeWFXY3cKKb0xx/6K++Zu8mqEmG456+0TivvbRnSw\nJwqsQayUGgeF2ju1fkGEpRy+MYrCI+1gYWkULm9Ts3E3G0w45sDe9g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1wwlwwv9gscl9z6k59z6pp8hcay7vehvqp6y5f85pjyd9seqe8s0q5dkmr4", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQek11RktXVzBwYi8zRG1C\nZ3NHZ296dE1yU05IV1ZZbHQ5VmVnL2U2NWdNCnRCbHJGSFB5VU1mSTQrdnpzZml0\nUnh2eWEwYldSZ1NyenNrejlTekZLZkUKLS0tIE5RZWtBdXBXd1hEeDUrUVQ0dVAz\nRWQxUTJHeGpXOEt0aWFGQmEyS1NxMlkKBvDendGbWT8wxjvbOM8wYoRbYPuYVHEW\n7O4V8LoYGPppt7EvUqiPP/aG8qgMwfF4YsFfAOoiv4SOEhPlQcrRjg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-26T12:27:28Z", + "mac": "ENC[AES256_GCM,data:lNNZjTJIMcRmgdjFIC34Muh4U7CgBPOaoFApLkvQ6F04RlI/CMLSSzj3U0k9FJ+GIQIMOzGT9+VFyTzqBCBtEyhgjU0Onf3Tc/YhEC07epmy63PaKdb+PFYWd8TviRoJeWzbv+xaw/HoaXGwhxP8u47sSW6Dax0M8ee3lLPxd8w=,iv:ymUca8qxHRtfuZ08uQOTyeNwN1Ezsg7r+di35BFlzfQ=,tag:RghxGa26M+i2of+CdtvoOQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/nixarr-transmission/cross-seed-credentialsFile/users/moritz b/vars/per-machine/moritz-server/nixarr-transmission/cross-seed-credentialsFile/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-transmission/cross-seed-credentialsFile/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-transmission/password/secret b/vars/per-machine/moritz-server/nixarr-transmission/password/secret new file mode 100644 index 0000000..fe3f4c0 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-transmission/password/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:U2ACysz/6V0LsMJ7yTd8r3VH7Bz9FsEnHH/yd2fZCEI=,iv:/NuoxVuFwYQyNBav5o7IKzPDHx6/6A41jynwocoBd4g=,tag:1Z81L79XdsGb8b8NPdSrEw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNUlZNXhITXd1a0xPZ0Z2\nK3lLL2JFeXp2RXhVdk9FK01rczg2ZjE5WWxVCkZDQ2YzdlBrc0YvblR5blZFYkcv\nYlVlajBDaWJjbWJwcFhxcFIwTGNoUWsKLS0tIExHSk9wOVlMaFBsTW8vNXF5Qi8w\nbGhvMkI1MEljbkFZMUtWZEFYUnBDMVkKBlkVFLGpUS+tlgX5A53/4nvGBINWit/l\nREttvALVCiTV1AzAKpvtcorOWCYEooHxa94fEayekDUVw3FicSnFSQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-26T12:27:29Z", + "mac": "ENC[AES256_GCM,data:ZEdystY5p6AymqKQFwm35/Kxkn5LoGHaVoOoCLHBdLxZeurC4h7Paq9+355YLMQDXbiqyMxtOIS6nPorfF+/II9ZlsLOqLeXK9t9Om9h+ljRNMyO3k3bHQcyQJFW+xXH4ryLl6w+RFDWN8pEm/IiOwg6kjfR+j0bLZFQ8LZqE/o=,iv:ovqe/uPG/pX6b+iDmvpH0tnlLmBAvRMv18Lje0BXPXs=,tag:pvUq7e9SyNuJQJknHySeSw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/nixarr-transmission/password/users/moritz b/vars/per-machine/moritz-server/nixarr-transmission/password/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-transmission/password/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-vpn/config/machines/moritz-server b/vars/per-machine/moritz-server/nixarr-vpn/config/machines/moritz-server new file mode 120000 index 0000000..f18ca49 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-vpn/config/machines/moritz-server @@ -0,0 +1 @@ +../../../../../../sops/machines/moritz-server \ No newline at end of file diff --git a/vars/per-machine/moritz-server/nixarr-vpn/config/secret b/vars/per-machine/moritz-server/nixarr-vpn/config/secret new file mode 100644 index 0000000..cbb1e91 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-vpn/config/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:9Cd47ujZqKg+Ygk8RHQUYoj3l4S+pCUUGptURvW2P3tuD8G6vBtQ2CynBV5zM+tccpRZeVor6TpxUevWLDDFFJbmRDMpuQthj2SKTIZHAmuIjE4c8KvEsCsLntOc3yL1bhrGYnFyiSFrB8/iefwSdtIOsu5NObkmRxlEw8nMoaWE7zkS8yCRNmmoxZaZ/+pKOnl7jK1fjnQofsarNXe8jj2615Eph9f4FvEdgvXwdfOe67S1EamVkXYpp00bNgfKkWrkCiaVRcHJJIb+WoSdeefYJjeBXTjbIiCGs0HRfTlNZeMrICWKcJz8gZYOwsijKJAlpNqhw0+jtEiQzdqtD+3EkkpT9ms6njDTIy4hNrE212B+nfIUpgd8D4rzrWGtVAGKupG8ReNHWYjGf3PGO14Ty9GrcHNPSp7xAu6JuiK8lPZgcWR0bU++XgFLgrqbgbc9cqGkIl0OJRfeEcevTU1WhT0mjVb/DFZ0Nn9O5alza5pJP/yUvmJPzQFlYEC3b4CK53J9iPIbbb9VZIw9cpEyNmlOjA==,iv:NeVDPDwCKagW6oVYHCQfXNJmLBmcwvwEzMgWjwZ0HDI=,tag:gWnEGONTZiG27UMqpiHJGQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQ3NqYlZ5aVdWRDRnR01G\nRURKVEp1ckMxK2krMlBnVDBGUFJxUTFtSjJjCkpWWFVOWXZ1TXQxMi9nc0FmQ2lW\nS1lCb3N5MUlGS0Nmc2ppTjVZRktjc2sKLS0tIFUvN0xWdUlRNzlCN0VqeXViS0tC\ncnJXZVVMdWVCZXdzQ0hXalBTdzNORmsKZiw6QFoZi7YykncNAmTOjo0HMq62PcBX\nlENTHMsmRmHc22TdN5J89OKXbNwMucLLbui2X6aQgsOQgdR+g/yTaA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1wwlwwv9gscl9z6k59z6pp8hcay7vehvqp6y5f85pjyd9seqe8s0q5dkmr4", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQTBsTVI1clhjcjFCSk9r\nbEFjNzNIU0t3bm9sSDRsTGxzeDZZVDIyM2swCkNFZXRkcjdna2NvM1gyN1g3bFox\nOHQxVHhWbEo4VDdwYlBJcXhZcythcFkKLS0tIG14UWw1QWtrbGVGVkJkQjVCTEJp\nMEtjQnMyRkwrWEZCM0RDOUpqTVE0S0kKehdBMnlWu+WqYsJFtG632y0EHeUirJ9s\nOquUmgGZhAjSMYXqm0dxwEmz5HwuQ99WiY07GEy4l0dA8mX9/eus5A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-25T08:11:11Z", + "mac": "ENC[AES256_GCM,data:6rNVDdfssmrMSORoj/7BG6e+zG0RgzvXteZl+1XBJD12vKOwtQ15hTodwyLbnpRM9kISMv8POmoBbS8boP/lwwEbP4DfqSzSjp2qr8XbFEgEGsi8dj0uEwDdCs3OIyFTcitlnSyVLKrdcL6kAcMcemOdyvrqy5RYp4sT/3cJlto=,iv:3mpzOF2l166dGlG46Xjrawv8Jfxuav/ioFXnv5h0YQU=,tag:L/WuF+K4QTxQglQIXiQyag==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/nixarr-vpn/config/users/moritz b/vars/per-machine/moritz-server/nixarr-vpn/config/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/nixarr-vpn/config/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-server/ntfy/password/machines/moritz-server b/vars/per-machine/moritz-server/ntfy/password/machines/moritz-server new file mode 120000 index 0000000..f18ca49 --- /dev/null +++ b/vars/per-machine/moritz-server/ntfy/password/machines/moritz-server @@ -0,0 +1 @@ +../../../../../../sops/machines/moritz-server \ No newline at end of file diff --git a/vars/per-machine/moritz-server/ntfy/password/secret b/vars/per-machine/moritz-server/ntfy/password/secret new file mode 100644 index 0000000..6b8c27e --- /dev/null +++ b/vars/per-machine/moritz-server/ntfy/password/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:XjmXeAfOK7MCnOJX2gI+/RskQ7Ne06Jw4MDmwPwLVPhaGsg=,iv:aKQ/CzQzyiMLoA3y+SUbD0u00JtyA6ta3W8l5Z0k70U=,tag:hyFiMfeV8rlgfENthDll+Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGd2o3eFRtYjVHUks2OTVR\ndXNqemdKMzArZ2Jybk0ramtBOERkL3NHZVZzCkFvWFczc2V2UDZrL3RCRWpzR0I2\nbUtOZ2lrYzh3QUZMRTk4T21DVTFTWGsKLS0tIEUyTjVjZVhHc2NRRlhId085RHph\na2w1ZnIyRkkybVZhNDAwWjBld3RBTzAKp/wUB+CaJttgKKnMAQXtG1Ut8VabPnTt\nCwB8Gxfea6pf2RmoWQFGip96P7prlLTEnCvD+nHYBLq3qGLw4BlyaQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1wwlwwv9gscl9z6k59z6pp8hcay7vehvqp6y5f85pjyd9seqe8s0q5dkmr4", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBweUxUdVZNdFphdEVwTUcv\nMTBFdDgvYlRIZzAwVW80dmFGTHA5QUQyQ3dZCnpJSGZCbkFYdWlndjRMVzcyS1Ns\nK0Flc3dRcWJhazlueEpRVWpGeGcycWcKLS0tIFNUOWZvNEIxSDhaZHhjR2JQYy9u\nZVdKR2ZyVC91K0l3OWN2d1JpTU1FT2cKS30fK0mm3MEgXt9ESjCSdOnJKT2+fpNj\n8/orXf/AQ1bgHI2sdqlqm+5F32jRdIUpnzzIEVDWw7CTZgzInVtclg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-26T07:58:00Z", + "mac": "ENC[AES256_GCM,data:tPmA5tirAJqNIKNPHajsw8lFae6/8rbAoWfeWyOznaStJoMzvpbSuuahSDqyNsC9Q2K4LjpuIvCQ6TbhOgMZLp3F2gGPVwtu1WYaGDkc1dV/dJRb/4anlcU7trHSq8Ey30K/slRnYah/6UpnZJVZrpQ3WidrvrIDaEV9rV/C0rg=,iv:1vDKE8fcpU6qLoyncK21fmAJqibOEVTCB2Y4zBj60bA=,tag:KOlN+wn37Rv1gDaOyqhjow==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-server/ntfy/password/users/moritz b/vars/per-machine/moritz-server/ntfy/password/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-server/ntfy/password/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file