os/kay/alina: initHEADmaster

6 files changed, 91 insertions, 18 deletions

diff --git a/flake.lock b/flake.lock
index ce3f571..bfea9dc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "alina": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746808390,
+        "narHash": "sha256-tQPWcidmCj/n8tLc8a3hmOP84BlseOSyfcjWmwckPEI=",
+        "owner": "sinanmohd",
+        "repo": "alina",
+        "rev": "772ab0f4de9f6447ff67c24ad2fb37d65615c3bd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "sinanmohd",
+        "repo": "alina",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -23,11 +43,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1743420942,
-        "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",
+        "lastModified": 1746621361,
+        "narHash": "sha256-T9vOxEqI1j1RYugV0b9dgy0AreiZ9yBDKZJYyclF0og=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",
+        "rev": "2ea3ad8a1f26a76f8a8e23fc4f7757c46ef30ee5",
         "type": "github"
       },
       "original": {
@@ -39,11 +59,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1743315132,
-        "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=",
+        "lastModified": 1746663147,
+        "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
         "owner": "NixOs",
         "repo": "nixpkgs",
-        "rev": "52faf482a3889b7619003c0daec593a1912fddc1",
+        "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
         "type": "github"
       },
       "original": {
@@ -55,6 +75,7 @@
     },
     "root": {
       "inputs": {
+        "alina": "alina",
         "home-manager": "home-manager",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
@@ -68,11 +89,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1743494586,
-        "narHash": "sha256-Rx3/NJnsl8k7N7Ggd7fuHvJkgsee/U19VgtzSGF5k0w=",
+        "lastModified": 1746485181,
+        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "49cffb88f6362d14aa893a6b8326692cff48b962",
+        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 2fe5249..c08c546 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,9 +14,14 @@
       url = "github:sinanmohd/home-manager/sway-generators";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    alina = {
+      url = "github:sinanmohd/alina";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
-  outputs = { self, nixpkgs, sops-nix, home-manager, nixos-hardware }: let
+  outputs = { self, nixpkgs, sops-nix, home-manager, nixos-hardware, alina }: let
     lib = nixpkgs.lib;
 
     makeGlobalImports = host: [
@@ -34,6 +39,7 @@
       specialArgs = { inherit nixos-hardware; };
 
       modules = [
+        alina.nixosModules.alina
         sops-nix.nixosModules.sops
 
         ./os/${host}/configuration.nix
diff --git a/os/kay/configuration.nix b/os/kay/configuration.nix
index 746676b..5370b45 100644
--- a/os/kay/configuration.nix
+++ b/os/kay/configuration.nix
@@ -19,6 +19,7 @@
     ./modules/nix-cache.nix
     ./modules/immich.nix
     ./modules/observability
+    ./modules/alina.nix
   ];
 
   boot = {
diff --git a/os/kay/modules/alina.nix b/os/kay/modules/alina.nix
new file mode 100644
index 0000000..ef6331b
--- /dev/null
+++ b/os/kay/modules/alina.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, ... }: let
+  domain = "alinafs.com";
+in {
+  sops.secrets."misc/alina" = {};
+
+  services.postgresql = {
+    ensureDatabases = [ "alina" ];
+    ensureUsers = [{
+      name = "alina";
+      ensureDBOwnership = true;
+    }];
+  };
+
+  services.alina = {
+    enable = true;
+    port = 8006;
+    environmentFile = config.sops.secrets."misc/alina".path;
+    settings.server = {
+      data = "/hdd/alina";
+      file_size_limit = 1024 * 1024 * 1024; /* 1GB */
+      public_url = "https://${domain}";
+    };
+  };
+}
diff --git a/os/kay/modules/www.nix b/os/kay/modules/www.nix
index 3903396..39e5b4b 100644
--- a/os/kay/modules/www.nix
+++ b/os/kay/modules/www.nix
@@ -226,6 +226,31 @@ in
           }";
         };
       };
+
+
+      "www.alinafs.com" = defaultOpts // {
+        useACMEHost = null;
+        enableACME = true;
+        globalRedirect = "alinafs.com/home";
+      };
+      "alinafs.com" = defaultOpts // {
+        useACMEHost = null;
+        enableACME = true;
+
+        locations = {
+          "/metrics".return = "307 /home/";
+          "/" = {
+            proxyWebsockets = true;
+            proxyPass = "http://127.0.0.1:${builtins.toString config.services.alina.port}";
+          };
+        };
+
+        extraConfig = ''
+          proxy_buffering off;
+          proxy_request_buffering off;
+          client_max_body_size 0;
+        '';
+      };
     };
   };
 }
diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml
index 7713d37..5a98d3f 100644
--- a/os/kay/secrets.yaml
+++ b/os/kay/secrets.yaml
@@ -22,11 +22,8 @@ misc:
     wireguard: ENC[AES256_GCM,data:kbUtxJv3xSmikJWgtu87TSo5N8tUb2BiH3dH3oOV36waYyXI3bp2aBeAl1k=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:BDSD9SfQuQppKT4+6Cu65w==,type:str]
     default_password: ENC[AES256_GCM,data:6I3Z4Y1r8eTVvyc=,iv:0yMAY6JfsHEkKsrVAgPxb+3So4A5xvWV4ME1Oi33TvQ=,tag:/7dUtXPrVMNkERdxlk0FOw==,type:str]
     nixbin.sinanmohd.com: ENC[AES256_GCM,data:WQDzDzOozWa73Bitex6BpE7D7KdVcgIKD1Yx92RbCoNzSa8+b33YtY92Vetu7OlH1Zw4tneKBH/hAjz4ytK1SHoFfKj9wvfdzR5L+8gRKYEwxnvcHyc5gekmAaeQr2bWyUS9PBYRRWTRLiL/5A==,iv:3hlqF2CvpnXS5oDpbW9RIERbDHPLMrgQ+TJ+q9EyrZM=,tag:U4E3b2oBqjMFXEONbz8eKw==,type:str]
+    alina: ENC[AES256_GCM,data:Mr0FK2JLSXVM3nL+HrAQflj7N0r+tEDiYz8PfI9bcKz4hfnnhSndFBPgVtMFTIfqgzX+HF28NBcMmA3qr9eGawJ6tTBy3bMPrFUjCo7oz0gW+4s=,iv:tKK50u4foAp9essD5tl5hnDSgc5ZVVVhraDzUQV/rv4=,tag:xuwA2qBbpSXGm/OFeyEoFw==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
           enc: |
@@ -46,8 +43,7 @@ sops:
             OXgwSml4bkc1dnloNUFsRGFFcXFHc2cK26l2eiKbZUkogmAXoha6HTUs3YFKixYz
             bTkpKKyOAIIin3YM975wwvkCuWNG4tbnHBHQFh5JGK2OEyLDXuV7Pg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-18T07:20:05Z"
-    mac: ENC[AES256_GCM,data:n0/qgqNEZo61lprSqE5u98F1sqWrKCLF8MIA0kBg05MDoySsppowYyClYq8KE8HVwQFmRbdl3ATUJg3DMzwkqXTi3M9ZQvDkf+f01DXMw4D1ruSwBqnUxlxy65xcQB8xAHcbptgy5erNZXRX88MwtqZrgspzZAhpdkE3UTn9kEw=,iv:iybukQKeiPudtY5I79V1J3+ItzzNEkFDRONDh1tVJrk=,tag:l+V4FIlsK/7fg6chbvRuRg==,type:str]
-    pgp: []
+    lastmodified: "2025-05-09T08:03:32Z"
+    mac: ENC[AES256_GCM,data:SJeRVT11Ps1B9ILQdgYwW8YEWPJ9gnxq4t14nTcjh5MTodifipmo6T9j3HWEZPrQjzEv4QtlxlP2HwRw5cHa+/20fA9kiZR68PAj5GTuwFaNsRBPD8qLBpZZNNWT/u+moyKJGM8hXhFc41OOaez6+ZTIpK3DPzsI3aeJdxoIaMY=,iv:NCkEJJgLOATms+iVR+tyLf6MM6SPQvsPx5+9peqdaOQ=,tag:hkTbvp0h4qSEKVjRHmp8gQ==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.2