Vanderscycle · Vanderscycle · Jun 19, 2025 · Jun 12, 2025 · Jun 17, 2025 · Jun 17, 2025
diff --git a/.config/spacemacs/.spacemacs b/.config/spacemacs/.spacemacs
diff --git a/nix-darwin/containers/default.nix b/nix-darwin/containers/default.nix
@@ -1,6 +1,7 @@
 {
   imports = [
     ./n8n.nix
+    ./nginx.nix
     ./postgres.nix
     ./protonmail-bridge.nix
     ./redis.nix

diff --git a/nix-darwin/containers/nginx.nix b/nix-darwin/containers/nginx.nix
@@ -0,0 +1,42 @@
+{ lib, config, ... }:
+
+let
+  cfg = config.container.nginx;
+in
+{
+  options = {
+    container.nginx = {
+      enable = lib.mkEnableOption "nginx container";
+      name = lib.mkOption {
+        type = lib.types.str;
+        default = "nginx";
+      };
+      mountPoint = lib.mkOption {
+        type = lib.types.str;
+        default = "/tmp/nginx";
+      };
+      ports = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [ "8080:80" ];
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation = {
+      oci-containers = {
+        backend = "docker";
+        containers = {
+          nginx = {
+            image = "nginx:latest";
+            volumes = [
+              "${cfg.mountPoint}/html:/usr/share/nginx/html"
+              "${cfg.mountPoint}/conf:/etc/nginx/conf.d"
+            ];
+            ports = cfg.ports;
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/nix-darwin/flake.nix b/nix-darwin/flake.nix
@@ -112,7 +112,7 @@
             quadlet-nix.nixosModules.quadlet
             home-manager.nixosModules.home-manager
             {
-              home-manager.useGlobalPkgs = true;
+              # home-manager.useGlobalPkgs = true;
               home-manager.useUserPackages = true;
               home-manager.extraSpecialArgs = {
                 inherit inputs;

diff --git a/nix-darwin/flakes/monolith/configuration.nix b/nix-darwin/flakes/monolith/configuration.nix
@@ -61,6 +61,10 @@
     isNormalUser = false;
     extraGroups = [ "smbaccess" ];
   };
+  users.users.paperless = {
+    isNormalUser = false;
+    extraGroups = [ "smbaccess" ];
+  };
   users.users.${meta.username} = {
     isNormalUser = true;
     extraGroups = [
@@ -88,6 +92,7 @@
   ];
 
   # secrets
+  # if you change the secret strucutre you must first create the new secret and then rebuild and then change its reference in the config
   sops = {
     defaultSopsFile = ./secrets/secrets.yaml;
     defaultSopsFormat = "yaml";
@@ -249,6 +254,26 @@
             entryPoints = [ "web" ];
             middlewares = [ "strip-nextcloud-prefix" ];
           };
+
+          paperless-router = {
+            rule = "PathPrefix(`/paperless`)";
+            service = "paperless-service";
+            entryPoints = [ "web" ];
+            middlewares = [ "strip-paperless-prefix" ];
+          };
+
+          transmission-router = {
+            rule = "PathPrefix(`/transmission`)";
+            service = "transmission-service";
+            entryPoints = [ "web" ];
+            middlewares = [ "strip-transmission-prefix" ];
+          };
+          homepage-router = {
+            rule = "PathPrefix(`/homepage`)";
+            service = "homepage-service";
+            entryPoints = [ "web" ];
+            middlewares = [ "strip-homepage-prefix" ];
+          };
         };
 
         services = {
@@ -275,6 +300,24 @@
               { url = "http://0.0.0.0:9999"; }
             ];
           };
+
+          paperless-service = {
+            loadBalancer.servers = [
+              { url = "http://0.0.0.0:28981"; }
+            ];
+          };
+
+          transmission-service = {
+            loadBalancer.servers = [
+              { url = "http://0.0.0.0:9091"; }
+            ];
+          };
+
+          homepage-service = {
+            loadBalancer.servers = [
+              { url = "http://0.0.0.0:8082"; }
+            ];
+          };
         };
         middlewares = {
           strip-n8n-prefix = {
@@ -292,6 +335,19 @@
           strip-nextcloud-prefix = {
             stripPrefix.prefixes = [ "/nextcloud" ];
           };
+
+          strip-paperless-prefix = {
+            stripPrefix.prefixes = [ "/paperless" ];
+          };
+
+          strip-transmission-prefix = {
+            stripPrefix.prefixes = [ "/torrent" ];
+          };
+
+          # not working
+          strip-homepage-prefix = {
+            stripPrefix.prefixes = [ "/homepage" ];
+          };
         };
       };
     };
@@ -304,8 +360,6 @@
     enable = true;
     openFirewall = true;
     settings = {
-      # N8N_LISTEN_ADDRESS= "0.0.0.0";
-      # N8N_SECURE_COOKIE = false;
     };
   };
   #INFO: a way to set env vars for services
@@ -355,13 +409,37 @@
   };
   services.paperless = {
     enable = true;
+    port = 28981;
+    address = "0.0.0.0";
+    settings = {
+      # https://docs.paperless-ngx.com/configuration/
+      PAPERLESS_FORCE_SCRIPT_NAME = "/paperless";
+      PAPERLESS_STATIC_URL = "/paperless";
+      PAPERLESS_CONSUMPTION_DIR = "/mnt/rice/paperless/consume";
+      PAPERLESS_DATA_DIR = "/mnt/rice/paperless/data";
+      PAPERLESS_MEDIA_ROOT = "/mnt/rice/paperless/media";
+      PAPERLESS_STATICDIR = "/mnt/rice/paperless/static";
+      # PAPERLESS_ADMIN_USER=<username>
+      # PAPERLESS_ADMIN_MAIL=<email>
+      # PAPERLESS_ADMIN_PASSWORD=<password>
+    };
+  };
+  services.homepage-dashboard = {
+    enable = true;
+    listenPort = 8082;
+    openFirewall = true;
+    settings = {
+      "base" = "http://0.0.0.0/homepage";
+    };
   };
-
   services.transmission = {
     enable = true;
     openFirewall = true;
+    openPeerPorts = true;
     settings = {
-      "download-dir" = "/mnt/rice/famjam/transmission";
+      download-dir = "/mnt/rice/transmission";
+      rpc-port = 9091;
+      rpc-url = "/torrent/";
     };
   };
 

diff --git a/nix-darwin/flakes/monolith/fstab.nix b/nix-darwin/flakes/monolith/fstab.nix
@@ -14,6 +14,19 @@
       "defaults"
     ];
   };
+  fileSystems."/mnt/rice/paperless" = {
+    device = "//192.168.4.223/rice/paperless";
+    fsType = "cifs";
+    options = [
+      "credentials=/root/smbcreds_fam"
+      "dir_mode=0770"
+      "file_mode=0770"
+      "uid=paperless" # Set paperless as the owner
+      "gid=smbaccess"
+      "rw"
+      "nofail" # Don't fail boot if mount fails
+    ];
+  };
   # create user for read only/
   # for nextcloud (and folder specific)
 }
diff --git a/nix-darwin/home-modules/programs/spacemacs.nix b/nix-darwin/home-modules/programs/spacemacs.nix
@@ -30,8 +30,10 @@
         gcc
         libgccjit
         editorconfig-core-c
+        ispell
         proton-pass
         protonmail-bridge # for email
+        devcontainer
       ];
     };
 

diff --git a/nix-darwin/users/henri.vandersleyen/configuration.nix b/nix-darwin/users/henri.vandersleyen/configuration.nix
@@ -28,10 +28,10 @@
     };
     nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; # for nix.nix
   };
-
   nixpkgs = {
     hostPlatform = "aarch64-darwin";
     config.allowUnfree = true;
+    config.allowBroken = true; # temporary
     config.allowUnsupportedSystem = true;
   };
 
@@ -62,6 +62,7 @@
   '';
 
   # Homebrew needs to be installed on its own!
+  system.primaryUser = username;
   homebrew = {
     enable = true;
     casks = [

diff --git a/nix-darwin/users/henri/home.nix b/nix-darwin/users/henri/home.nix
@@ -52,6 +52,11 @@
         hostname = "192.168.4.129";
         user = "henri";
       };
+      macos = {
+        # ssh macos
+        hostname = "192.168.4.245";
+        user = "macos";
+      };
       factorio = {
         # ssh factorio
         hostname = "192.168.4.129";

diff --git a/nix-learning/README.org b/nix-learning/README.org
@@ -23,7 +23,6 @@ From that point on, nix is on your system and you can already use it (if you ope
 nix shell nixpkgs#cowsay
 #+end_src
 
-
 ***** Configuring system
 We will be using flakes as they are the nix equivalent of a ~Dockerfile~ and can provide multiple outputs.
 
@@ -55,71 +54,41 @@ nix run nix-darwin -- switch --flake .
 darwin-rebuild switch --flake . # --dry-run
 #+end_src
 
+One more quick demo of the on the fly pattern
+#+begin_src zsh
+nix shell nixpkgs#fzf nixpkgs#neovim
+nvim "$(fzf)"
+#+end_src
+
+You can use nix like a devcontainer
+#+begin_src zsh
+nix develop
+nix develop .#anotherEnv
+#+end_src
+
 To rollback
 #+begin_src zsh
 nix profile history --profile /nix/var/nix/profiles/system
 # or
-
 darwin-rebuild switch --list-generations
 # to undo latest
 darwin-rebuild switch --rollback
 # or revert to a specific version
 darwin-rebuild switch --switch-generation 1
 #+end_src
-***** Video references
-[[https://www.youtube.com/watch?v=Z8BL8mdzWHI][Nix is my favorite package manager to use on macOS - YouTube]]
-[[https://www.youtube.com/watch?v=iU7B76NTr2I][Nix Darwin Turned My Mac into a Fully Automated Machine - YouTube]]
+
 ***** Update
 #+begin_src bash
 nix flake update
 #+end_src
-**** Linux (non-NixOS)
-Very similar to Macos except the template is different
-#+begin_src zsh
-curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \
-  sh -s -- install --determinate
-#+end_src
-
-#+begin_src zsh
-nix flake init # creates a basic flake (hello world)
-#+end_src
-
-
-***** Configuring system
-We can only use home-manager to configure our computer. To do so we can must install it.
-[[https://nix-community.github.io/home-manager/#sec-install-standalone][Home Manager Manual]]
-
-If the nix bug infected you, I can only recommend that you move to Nix-OS
-
-That being said we will be using the following flake [[file:rocky-linux/flake.nix][rocky-nix flake]]
-
-In the aforementioned file we will
-#+begin_src zsh
-sudo nix run .#create-user-script
-sudo passwd rocky  # Set password interactively
-home-manager switch --flake .#rocky
-#+end_src
-
-***** Demo
-
- #+begin_src zsh
-   ssh rocky@192.168.4.245
-   # ensure that it has rsync on the machine
-   rsync -avz ~/Documents/dotFiles/nix-learning/rocky-linux/ rocky@192.168.4.215:~/Documents/
+*** limitation
+- not able to declare containers using ~virtualisation~ like nixos
+- not all packages are compatibles with x86_64-darwin or aarch_64-darwin
+- no systemd which is a big bummer
 
-  # applying the config
-  home-manager switch --flake .#rocky
-
-  # rollback
- home-manager generations # list all generations
- # I actually don't know how to do this
- #+end_src
-
-One more quick demo of the on the fly pattern
-#+begin_src zsh
-nix shell nixpkgs#fzf nixpkgs#neovim
-nvim "$(fzf)"
-#+end_src
+**** Video references
+[[https://www.youtube.com/watch?v=Z8BL8mdzWHI][Nix is my favorite package manager to use on macOS - YouTube]]
+[[https://www.youtube.com/watch?v=iU7B76NTr2I][Nix Darwin Turned My Mac into a Fully Automated Machine - YouTube]]
 
 *** Searching/using packages
 Nixos has an extensive package manager repository

diff --git a/nix-learning/macos/.sops.yaml b/nix-learning/macos/.sops.yaml
@@ -0,0 +1,10 @@
+# careful when changing keys
+keys:
+  - &primary age1df2u7xvze6rq5utz74ckx059wr3z97j484wc04063437h6hn4v6s9auec3
+  - &work age17jgvjp9u4wa6799e3utfqxfrq9mgkfhxxed02cpp642tm6cna9gqg4yafw
+creation_rules:
+  - path_regex: secrets/.*\.yaml$
+    key_groups:
+      - age:
+        - *primary
+        - *work