From efe166e4cab203c06ec333789fc3f9c5cbab5057 Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Sat, 13 Jul 2024 11:14:08 -0400
Subject: [PATCH 1/9] setup backups for immich

---
 modules/hosts/nixos/nixnuc/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix
index 5725664..5640eed 100644
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@@ -361,6 +361,7 @@ in {
       config.services.nextcloud.home
       "${config.users.users.${username}.home}/compose-files/tandoor"
       "${config.users.users.${username}.home}/compose-files/wallabag"
+      "/orico/immich/library"
       "/orico/jellyfin/data"
       "/orico/jellyfin/staging/downloaded-files"
       "/var/backup/postgresql"

From 9e4f2b7d6956dd1d86693dec0073281c9d57d338 Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Wed, 14 Aug 2024 20:56:51 -0400
Subject: [PATCH 2/9] Mealie

---
 modules/hosts/nixos/nixnuc/default.nix  | 37 +++++++++++++++++++++++++
 modules/hosts/nixos/nixnuc/secrets.yaml |  5 ++--
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix
index 5640eed..3575043 100644
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@@ -156,6 +156,27 @@ in {
       openFirewall = true;
     };
     lldpd.enable = true;
+    mealie = {
+      enable = true;
+      credentialsFile = config.sops.secrets.mealie.path;
+      listenAddress = "0.0.0.0";
+      port = 9000;
+      settings = {
+        ALLOW_SIGNUP = "false";
+        BASE_URL = "https://mealie.${home_domain}";
+        DATA_DIR = "/var/lib/mealie";
+        DB_ENGINE = "postgres";
+        POSTGRES_USER = "mealie";
+        POSTGRES_DB = "mealie";
+        POSTGRES_SERVER = "localhost";
+        POSTGRES_PORT = config.services.postgresql.settings.port;
+        SMTP_HOST = "localhost";
+        SMTP_PORT = 25;
+        SMTP_FROM_NAME = "Mealie";
+        SMTP_FROM_EMAIL = "mealie@${home_domain}";
+        SMTP_AUTH_STRATEGY = "NONE";
+      };
+    };
     nextcloud = {
       enable = true;
       hostName = "nextcloud.home.technicalissues.us";
@@ -297,6 +318,16 @@ in {
             send_timeout       600s;
           '';
         };
+        "mealie.${home_domain}" = {
+          listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
+          enableACME = true;
+          acmeRoot = null;
+          forceSSL = true;
+          locations."/".proxyPass = "http://${backend_ip}:9000";
+          extraConfig = ''
+            client_max_body_size 10M;
+          '';
+        };
         "nc.${home_domain}" = {
           listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
           enableACME = true;
@@ -358,6 +389,7 @@ in {
     };
     resolved.enable = true;
     restic.backups.daily.paths = [
+      config.services.mealie.settings.DATA_DIR
       config.services.nextcloud.home
       "${config.users.users.${username}.home}/compose-files/tandoor"
       "${config.users.users.${username}.home}/compose-files/wallabag"
@@ -407,6 +439,7 @@ in {
         owner = "${username}";
         path = "/home/${username}/.private-env";
       };
+      mealie.mode = "0444";
       nextcloud_admin_pass.owner = config.users.users.nextcloud.name;
       tandoor_db_pass.mode = "0444";
       tandoor_db_pass.path = "/orico/tandoor-recipes/.dbpass";
@@ -416,6 +449,10 @@ in {
   };
 
   systemd.services = {
+    "mealie" = {
+      requires = ["postgresql.service"];
+      after = ["postgresql.service"];
+    };
     "nextcloud-setup" = {
       requires = ["postgresql.service"];
       after = ["postgresql.service"];
diff --git a/modules/hosts/nixos/nixnuc/secrets.yaml b/modules/hosts/nixos/nixnuc/secrets.yaml
index 174ffef..f42306c 100644
--- a/modules/hosts/nixos/nixnuc/secrets.yaml
+++ b/modules/hosts/nixos/nixnuc/secrets.yaml
@@ -1,6 +1,7 @@
 tailscale_key: ENC[AES256_GCM,data:aB3KUD4QYm+ZDrjjLcU3gQ8kneVGkVYBsrkVcioOhxunal2FekLDrpKxJwNXuiwx2M5vipnGAEPO,iv:e+tPPfVYkv4U0KRGwspWb1O3ZQom/WFFGm9H9cd/KKE=,tag:ZG5z1C18bj1L7DcGzunQ0w==,type:str]
 local_git_config: ENC[AES256_GCM,data:Nqwog5C4wnRzNoS4oqaYQ4J1DIj7fUL1y/nXESquR0N7KQ+ebhvuJnM=,iv:Q6o45LZStS3k8iO7s2P6u7OrKFu5alplshZuGgeRKmk=,tag:NcLJrI9AK4eDroODX15lcA==,type:str]
 local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str]
+mealie: ENC[AES256_GCM,data:HuO2c5na5r271x98GLqYBP/ME+phH58e2scelEH7F3R+2liLRGK9xCA0ciHLJCo8,iv:bo6hTIsWfnWueRCiLcpxYoiol8oGOoPTHDgPQ7FnYqM=,tag:rHRfIv4vnIjO/eotxYmI/Q==,type:str]
 nextcloud_admin_pass: ENC[AES256_GCM,data:KztB3Tkqlt73PEO41lthGYElrbwVdfqQgT6f,iv:kRwXqGJO4AUOMq+uYzndGhscaJiyvG4ANKabHHd78YM=,tag:dP3PgKafDTv8x7huKJGDqA==,type:str]
 psitransfer_dot_env: ENC[AES256_GCM,data:bhvU0AOCjecZ62BtLw4H1DdkLeatI+uUl6L7UkdDRkBF3sayO45Z1eR4q60tflXucyTGhT8WgKFz53I+C2dn265wzojIRc3Xr4TBLyWpfJ7/dct40SckgUiRvOnrefiriWQ=,iv:DGMhDkzgeupzzTJnCdVWDPUSo2wxI3MAypKQwVfHExE=,tag:KbteGqrkqgj2XB1lvlk/yQ==,type:str]
 tandoor_db_pass: ENC[AES256_GCM,data:X0unx5jquLsUXadbF6xLjjeGY+f8Ec4kdc15JQ==,iv:XptlJHfAkF+3jbgJTqxhVReYjuVVdk3NzfPepP78DRI=,tag:3RG5P9QGCJ/fjdxWpY1xWA==,type:str]
@@ -20,8 +21,8 @@ sops:
             bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD
             PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-04T21:34:21Z"
-    mac: ENC[AES256_GCM,data:gL7TbCjZNu3yF8oyEcFr367XymzSYRvltGJPG5jK/nbztKFV72Fl2gpdprch+P67dDxDFoJL1NvDDmHt6yM0WfdDPJS/ivMlgi9Sg5ZG2S5OyBBUxDbkp/6BXwJQ9eY72ee3SmufE+cTjUNF0ANxueznHpFhXLp/1Fj9TixgHM4=,iv:s2cE9lrjNvuYT96WXOJZaAomt3VWIzHFQqPncZyydhk=,tag:MGI4OmNfEDSB8jE7wxDamQ==,type:str]
+    lastmodified: "2024-07-14T20:03:31Z"
+    mac: ENC[AES256_GCM,data:HBQLqcgvYQMgI9gsaWHeO/aaU1BAB94S/Amo2eNiFwbF4Fv75Leb+7tA/Us4WrsVpjAPCNL8rz6bB8eqqhB3z6WRZPsBaTSNcw0zD+CMevviMrTvXI2LDrQKbuKBXbUQrr++Yfwasw47XstdpeqlBsr7vwqTXN9uBiGAEN6pMyw=,iv:StSyeRw528BlMGVxDHFqth7DSWp2p2PGJv8/Ud8rKVc=,tag:TIPiIkmwzi3GpqWnSfI40A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

From 2738379a72bd24cd4dd1ebdd3d946db4ce853ccb Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Wed, 14 Aug 2024 20:57:08 -0400
Subject: [PATCH 3/9] Atuin migration from docker on mini-watcher

---
 modules/hosts/nixos/nixnuc/default.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix
index 3575043..49e3cb9 100644
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@@ -79,6 +79,7 @@ in {
       443 # https to local Nginx
       3000 # PsiTransfer in oci-container
       8080 # Tandoor in docker compose
+      8888 # Atuin
       8090 # Wallabag in docker compose
       13378 # Audiobookshelf in oci-container
     ];
@@ -126,6 +127,11 @@ in {
 
   # List services that you want to enable:
   services = {
+    atuin = {
+      enable = true;
+      host = "127.0.0.1";
+      maxHistoryLength = 2000000000;
+    };
     ##
     ## Gandi (gandi.net)
     ##
@@ -302,7 +308,7 @@ in {
           enableACME = true;
           acmeRoot = null;
           forceSSL = true;
-          locations."/".proxyPass = "http://${mini_watcher}:9999";
+          locations."/".proxyPass = "http://${backend_ip}:8888";
         };
         "immich.${home_domain}" = {
           listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];

From bfa2b12c438e5ee4dc1761bcf466df756846dcba Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Wed, 13 Nov 2024 08:24:43 -0500
Subject: [PATCH 4/9] Setup syncthing

---
 modules/hosts/nixos/nixnuc/default.nix | 35 ++++++++++++++++++--------
 modules/system/common/secrets.yaml     |  4 +--
 2 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix
index 49e3cb9..eeb331a 100644
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@@ -73,17 +73,24 @@ in {
 
   networking = {
     # Open ports in the firewall.
-    firewall.allowedTCPPorts = [
-      22 # ssh
-      80 # http to local Nginx
-      443 # https to local Nginx
-      3000 # PsiTransfer in oci-container
-      8080 # Tandoor in docker compose
-      8888 # Atuin
-      8090 # Wallabag in docker compose
-      13378 # Audiobookshelf in oci-container
-    ];
-    # firewall.allowedUDPPorts = [ ... ];
+    firewall = {
+      allowedTCPPorts = [
+        22    # ssh
+        80    # http to local Nginx
+        443   # https to local Nginx
+        3000  # PsiTransfer in oci-container
+        8080  # Tandoor in docker compose
+        8384  # Syncthing gui
+        8888  # Atuin
+        8090  # Wallabag in docker compose
+        13378 # Audiobookshelf in oci-container
+        22000 # Syncthing transfers
+      ];
+      allowedUDPPorts = [
+        21027 # Syncthing discovery
+        22000 # Syncthing transfers
+      ];
+    };
     # Or disable the firewall altogether.
     # firewall.enable = false;
 
@@ -404,6 +411,12 @@ in {
       "/orico/jellyfin/staging/downloaded-files"
       "/var/backup/postgresql"
     ];
+    syncthing = {
+      enable = true;
+      dataDir = "/orico/syncthing";
+      openDefaultPorts = true;
+      guiAddress = "0.0.0.0:8384";
+    };
     tandoor-recipes = {
       enable = true;
       address = "0.0.0.0";
diff --git a/modules/system/common/secrets.yaml b/modules/system/common/secrets.yaml
index bb0f545..e35a489 100644
--- a/modules/system/common/secrets.yaml
+++ b/modules/system/common/secrets.yaml
@@ -81,8 +81,8 @@ sops:
             dDQybkwzOUtraGk1U21VeHBkNUpLeGsKgBP+mn2AZmKf6v15JnOE4YeSUpsKMAgP
             DbbDSJBf3zgwcUECglSB9pM09ZkxM/WA8+sBPNt7/pepUfpKWfoiIA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-15T21:02:47Z"
-    mac: ENC[AES256_GCM,data:vZie4+27bytMtLHLO3cR5X6XsvVjoLWXbZ9gSyeJAg//TYDdojfCKtLatBb22oVyjjeoFKKqcHwVPv888Kpc8SwFIY7C0YxgmFbHXZMkUk4EWsolGPJ4V3p2GdWSRJkn/B9fM0TjvWiHASvtDNUNw03Rs6PT8fP0YTSzomKGR+U=,iv:5UY3+wj8h/uW/l3gkBPub+bWWt2kKabH5jErjmNp4sM=,tag:2DrAzNOS+dd3bNCs42PPbw==,type:str]
+    lastmodified: "2024-09-11T17:22:16Z"
+    mac: ENC[AES256_GCM,data:WbuN9UpP0OP69ta29VW2LlCFfyTWI3v8IiwUu3tLOxtY3gjdJLZTpaG2hBR985qjLYL3MT7eR7eWp4p99DAKupVBvA6tJl8/+N9+0W/dapcec+qv7u9wRHcFjP9wtggq66vUdGqH8IIHYuGlIhAvCbDouoXuLoFIcB2i2lYNB4Q=,iv:u+KsBgHxLgwSgFLYtY0F6HjCUbSCvNAatIIwrCGGyJg=,tag:bHO4vovTLPVK2vsQvliwzQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

From 60988e6026de84f57f23e778b6459902ce43de81 Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Wed, 13 Nov 2024 08:25:19 -0500
Subject: [PATCH 5/9] Add port for Tube Archivist in docker compose

This is just the port add - the service is not up yet
---
 modules/hosts/nixos/nixnuc/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix
index eeb331a..4d128f0 100644
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@@ -79,6 +79,7 @@ in {
         80    # http to local Nginx
         443   # https to local Nginx
         3000  # PsiTransfer in oci-container
+        8000  # Tube Archivist
         8080  # Tandoor in docker compose
         8384  # Syncthing gui
         8888  # Atuin

From 069cb2b044e82d3f633e14b8568c79646bcc264b Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Wed, 13 Nov 2024 08:25:36 -0500
Subject: [PATCH 6/9] Forgejo setup

---
 modules/hosts/nixos/nixnuc/default.nix | 31 ++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix
index 4d128f0..e524964 100644
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@@ -79,6 +79,7 @@ in {
         80    # http to local Nginx
         443   # https to local Nginx
         3000  # PsiTransfer in oci-container
+        3030  # Forgejo
         8000  # Tube Archivist
         8080  # Tandoor in docker compose
         8384  # Syncthing gui
@@ -164,6 +165,26 @@ in {
       '';
       passwordFile = "${config.sops.secrets.gandi_api.path}";
     };
+    forgejo = {
+      enable = true;
+      database.type = "postgres";
+      lfs.enable = true;
+      settings = {
+        # Add support for actions, based on act: https://github.com/nektos/act
+        actions = {
+          ENABLED = true;
+          DEFAULT_ACTIONS_URL = "github";
+        };
+        service.DISABLE_REGISTRATION = true;
+        server = {
+          DOMAIN = "git.${home_domain}";
+          HTTP_PORT = 3030;
+          LANDING_PAGE = "explore";
+          ROOT_URL = "https://git.${home_domain}/";
+        };
+      };
+      stateDir = "/orico/forgejo";
+    };
     fwupd.enable = true;
     jellyfin = {
       enable = true;
@@ -318,6 +339,16 @@ in {
           forceSSL = true;
           locations."/".proxyPass = "http://${backend_ip}:8888";
         };
+        "git.${home_domain}" = {
+          listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
+          enableACME = true;
+          acmeRoot = null;
+          forceSSL = true;
+          locations."/".proxyPass = "http://${backend_ip}:3030";
+          extraConfig = ''
+            client_max_body_size 0;
+          '';
+        };
         "immich.${home_domain}" = {
           listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
           enableACME = true;

From fdefa5e98ef48773209efa7a552aa5f3701e90c9 Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Wed, 13 Nov 2024 11:21:26 -0500
Subject: [PATCH 7/9] Customize settings a bit for Forgejo

---
 modules/hosts/nixos/nixnuc/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix
index e524964..9b1b18e 100644
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@@ -175,13 +175,20 @@ in {
           ENABLED = true;
           DEFAULT_ACTIONS_URL = "github";
         };
-        service.DISABLE_REGISTRATION = true;
+        DEFAULT.APP_NAME = "Beantown's Code";
+        repository = {
+          DEFAULT_PUSH_CREATE_PRIVATE = true;
+          ENABLE_PUSH_CREATE_ORG = true;
+          ENABLE_PUSH_CREATE_USER = true;
+        };
         server = {
           DOMAIN = "git.${home_domain}";
           HTTP_PORT = 3030;
           LANDING_PAGE = "explore";
           ROOT_URL = "https://git.${home_domain}/";
         };
+        service.DISABLE_REGISTRATION = true;
+        session.COOKIE_SECURE = true;
       };
       stateDir = "/orico/forgejo";
     };
@@ -434,6 +441,7 @@ in {
     };
     resolved.enable = true;
     restic.backups.daily.paths = [
+      config.services.forgejo.stateDir
       config.services.mealie.settings.DATA_DIR
       config.services.nextcloud.home
       "${config.users.users.${username}.home}/compose-files/tandoor"

From 3ba32a841ab21e990b53e3bb2a18f448664ca2ca Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Mon, 18 Nov 2024 22:26:09 -0500
Subject: [PATCH 8/9] Fixed port

---
 modules/hosts/nixos/nixnuc/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix
index 9b1b18e..9b0b95b 100644
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@@ -80,7 +80,7 @@ in {
         443   # https to local Nginx
         3000  # PsiTransfer in oci-container
         3030  # Forgejo
-        8000  # Tube Archivist
+        8001  # Tube Archivist
         8080  # Tandoor in docker compose
         8384  # Syncthing gui
         8888  # Atuin

From 6bdb6f094d58b3525cecaed9296f8136d7dc0e49 Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Mon, 18 Nov 2024 22:26:22 -0500
Subject: [PATCH 9/9] update neovim

---
 modules/home-manager/files/nvim/lua/plugins/lsp-config.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/home-manager/files/nvim/lua/plugins/lsp-config.lua b/modules/home-manager/files/nvim/lua/plugins/lsp-config.lua
index 8958daf..b665c2a 100644
--- a/modules/home-manager/files/nvim/lua/plugins/lsp-config.lua
+++ b/modules/home-manager/files/nvim/lua/plugins/lsp-config.lua
@@ -12,7 +12,7 @@ return {
           "lua_ls", -- lua
           "nil_ls", -- nix
           "puppet", -- puppet
-          "ruff_lsp", -- python
+          "ruff", -- python
         },
       })
     end,
@@ -59,7 +59,7 @@ return {
         cmd = { puppet_languageserver, "--feature-flags=puppetstrings" },
         settings = { puppet = { editorServices = { formatOnType = { enable = true } } } },
       })
-      lspconfig.ruff_lsp.setup({ on_attach = on_attach })
+      lspconfig.ruff.setup({ on_attach = on_attach })
     end,
   },
 }