summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--flake.lock39
-rw-r--r--flake.nix8
-rw-r--r--os/kay/configuration.nix1
-rw-r--r--os/kay/modules/alina.nix24
-rw-r--r--os/kay/modules/www.nix25
-rw-r--r--os/kay/secrets.yaml12
6 files changed, 91 insertions, 18 deletions
diff --git a/flake.lock b/flake.lock
index ce3f571..bfea9dc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,25 @@
{
"nodes": {
+ "alina": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1746808390,
+ "narHash": "sha256-tQPWcidmCj/n8tLc8a3hmOP84BlseOSyfcjWmwckPEI=",
+ "owner": "sinanmohd",
+ "repo": "alina",
+ "rev": "772ab0f4de9f6447ff67c24ad2fb37d65615c3bd",
+ "type": "github"
+ },
+ "original": {
+ "owner": "sinanmohd",
+ "repo": "alina",
+ "type": "github"
+ }
+ },
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -23,11 +43,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1743420942,
- "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",
+ "lastModified": 1746621361,
+ "narHash": "sha256-T9vOxEqI1j1RYugV0b9dgy0AreiZ9yBDKZJYyclF0og=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",
+ "rev": "2ea3ad8a1f26a76f8a8e23fc4f7757c46ef30ee5",
"type": "github"
},
"original": {
@@ -39,11 +59,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1743315132,
- "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=",
+ "lastModified": 1746663147,
+ "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOs",
"repo": "nixpkgs",
- "rev": "52faf482a3889b7619003c0daec593a1912fddc1",
+ "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
@@ -55,6 +75,7 @@
},
"root": {
"inputs": {
+ "alina": "alina",
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
@@ -68,11 +89,11 @@
]
},
"locked": {
- "lastModified": 1743494586,
- "narHash": "sha256-Rx3/NJnsl8k7N7Ggd7fuHvJkgsee/U19VgtzSGF5k0w=",
+ "lastModified": 1746485181,
+ "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "49cffb88f6362d14aa893a6b8326692cff48b962",
+ "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 2fe5249..c08c546 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,9 +14,14 @@
url = "github:sinanmohd/home-manager/sway-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
+
+ alina = {
+ url = "github:sinanmohd/alina";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
};
- outputs = { self, nixpkgs, sops-nix, home-manager, nixos-hardware }: let
+ outputs = { self, nixpkgs, sops-nix, home-manager, nixos-hardware, alina }: let
lib = nixpkgs.lib;
makeGlobalImports = host: [
@@ -34,6 +39,7 @@
specialArgs = { inherit nixos-hardware; };
modules = [
+ alina.nixosModules.alina
sops-nix.nixosModules.sops
./os/${host}/configuration.nix
diff --git a/os/kay/configuration.nix b/os/kay/configuration.nix
index 746676b..5370b45 100644
--- a/os/kay/configuration.nix
+++ b/os/kay/configuration.nix
@@ -19,6 +19,7 @@
./modules/nix-cache.nix
./modules/immich.nix
./modules/observability
+ ./modules/alina.nix
];
boot = {
diff --git a/os/kay/modules/alina.nix b/os/kay/modules/alina.nix
new file mode 100644
index 0000000..ef6331b
--- /dev/null
+++ b/os/kay/modules/alina.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, ... }: let
+ domain = "alinafs.com";
+in {
+ sops.secrets."misc/alina" = {};
+
+ services.postgresql = {
+ ensureDatabases = [ "alina" ];
+ ensureUsers = [{
+ name = "alina";
+ ensureDBOwnership = true;
+ }];
+ };
+
+ services.alina = {
+ enable = true;
+ port = 8006;
+ environmentFile = config.sops.secrets."misc/alina".path;
+ settings.server = {
+ data = "/hdd/alina";
+ file_size_limit = 1024 * 1024 * 1024; /* 1GB */
+ public_url = "https://${domain}";
+ };
+ };
+}
diff --git a/os/kay/modules/www.nix b/os/kay/modules/www.nix
index 3903396..39e5b4b 100644
--- a/os/kay/modules/www.nix
+++ b/os/kay/modules/www.nix
@@ -226,6 +226,31 @@ in
}";
};
};
+
+
+ "www.alinafs.com" = defaultOpts // {
+ useACMEHost = null;
+ enableACME = true;
+ globalRedirect = "alinafs.com/home";
+ };
+ "alinafs.com" = defaultOpts // {
+ useACMEHost = null;
+ enableACME = true;
+
+ locations = {
+ "/metrics".return = "307 /home/";
+ "/" = {
+ proxyWebsockets = true;
+ proxyPass = "http://127.0.0.1:${builtins.toString config.services.alina.port}";
+ };
+ };
+
+ extraConfig = ''
+ proxy_buffering off;
+ proxy_request_buffering off;
+ client_max_body_size 0;
+ '';
+ };
};
};
}
diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml
index 7713d37..5a98d3f 100644
--- a/os/kay/secrets.yaml
+++ b/os/kay/secrets.yaml
@@ -22,11 +22,8 @@ misc:
wireguard: ENC[AES256_GCM,data:kbUtxJv3xSmikJWgtu87TSo5N8tUb2BiH3dH3oOV36waYyXI3bp2aBeAl1k=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:BDSD9SfQuQppKT4+6Cu65w==,type:str]
default_password: ENC[AES256_GCM,data:6I3Z4Y1r8eTVvyc=,iv:0yMAY6JfsHEkKsrVAgPxb+3So4A5xvWV4ME1Oi33TvQ=,tag:/7dUtXPrVMNkERdxlk0FOw==,type:str]
nixbin.sinanmohd.com: ENC[AES256_GCM,data:WQDzDzOozWa73Bitex6BpE7D7KdVcgIKD1Yx92RbCoNzSa8+b33YtY92Vetu7OlH1Zw4tneKBH/hAjz4ytK1SHoFfKj9wvfdzR5L+8gRKYEwxnvcHyc5gekmAaeQr2bWyUS9PBYRRWTRLiL/5A==,iv:3hlqF2CvpnXS5oDpbW9RIERbDHPLMrgQ+TJ+q9EyrZM=,tag:U4E3b2oBqjMFXEONbz8eKw==,type:str]
+ alina: ENC[AES256_GCM,data:Mr0FK2JLSXVM3nL+HrAQflj7N0r+tEDiYz8PfI9bcKz4hfnnhSndFBPgVtMFTIfqgzX+HF28NBcMmA3qr9eGawJ6tTBy3bMPrFUjCo7oz0gW+4s=,iv:tKK50u4foAp9essD5tl5hnDSgc5ZVVVhraDzUQV/rv4=,tag:xuwA2qBbpSXGm/OFeyEoFw==,type:str]
sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
age:
- recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
enc: |
@@ -46,8 +43,7 @@ sops:
OXgwSml4bkc1dnloNUFsRGFFcXFHc2cK26l2eiKbZUkogmAXoha6HTUs3YFKixYz
bTkpKKyOAIIin3YM975wwvkCuWNG4tbnHBHQFh5JGK2OEyLDXuV7Pg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-03-18T07:20:05Z"
- mac: ENC[AES256_GCM,data:n0/qgqNEZo61lprSqE5u98F1sqWrKCLF8MIA0kBg05MDoySsppowYyClYq8KE8HVwQFmRbdl3ATUJg3DMzwkqXTi3M9ZQvDkf+f01DXMw4D1ruSwBqnUxlxy65xcQB8xAHcbptgy5erNZXRX88MwtqZrgspzZAhpdkE3UTn9kEw=,iv:iybukQKeiPudtY5I79V1J3+ItzzNEkFDRONDh1tVJrk=,tag:l+V4FIlsK/7fg6chbvRuRg==,type:str]
- pgp: []
+ lastmodified: "2025-05-09T08:03:32Z"
+ mac: ENC[AES256_GCM,data:SJeRVT11Ps1B9ILQdgYwW8YEWPJ9gnxq4t14nTcjh5MTodifipmo6T9j3HWEZPrQjzEv4QtlxlP2HwRw5cHa+/20fA9kiZR68PAj5GTuwFaNsRBPD8qLBpZZNNWT/u+moyKJGM8hXhFc41OOaez6+ZTIpK3DPzsI3aeJdxoIaMY=,iv:NCkEJJgLOATms+iVR+tyLf6MM6SPQvsPx5+9peqdaOQ=,tag:hkTbvp0h4qSEKVjRHmp8gQ==,type:str]
unencrypted_suffix: _unencrypted
- version: 3.9.4
+ version: 3.10.2