flake update

flake.lock

@@ -88,11 +88,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757508292,
+        "lastModified": 1758287904,
-        "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=",
+        "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a",
+        "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1757809953,
+        "lastModified": 1759573136,
-        "narHash": "sha256-29mlXbfAJhz9cWVrPP4STvVPDVZFCfCOmaIN5lFJa+Y=",
+        "narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "17a10049486f6698fca32097d8f52c0c895542b0",
+        "rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43",
         "type": "github"
       },
       "original": {
@@ -249,11 +249,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1759495926,
+        "lastModified": 1759661061,
-        "narHash": "sha256-FfM1dBK43RQ96J3ZZ7737VP0t0wmndvKE6N7MPf2tco=",
+        "narHash": "sha256-LAd1fNNIL19HrOm1cVeoKP5v8si932HsX1ZDwJh9O8o=",
         "ref": "refs/heads/master",
-        "rev": "e2ef49ef422ec7707b109c32349018ad4834233f",
+        "rev": "27d92a238ba9b9df117680c2080e082a2732bfc5",
-        "revCount": 1,
+        "revCount": 7,
         "type": "git",
         "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
       },
@@ -269,11 +269,11 @@
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1759115451,
+        "lastModified": 1759662326,
-        "narHash": "sha256-cjQAR33C5QLo0UIpzc5G0kJSU5nPFYxo2ZJQlusgyLQ=",
+        "narHash": "sha256-DlLJ95u+Y+dQUgYXK9w4+oXEN1tAoBTuOBbROkJFw5Y=",
         "owner": "numtide",
         "repo": "nix-ai-tools",
-        "rev": "10c57241916bd4be938d0cf9b110849db88b972e",
+        "rev": "f9b693bea48cea1dbe1f1b4471f546fe1e7a0c29",
         "type": "github"
       },
       "original": {
@@ -416,11 +416,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1757861651,
+        "lastModified": 1759661032,
-        "narHash": "sha256-7ykbxtcD1kh54j1UsgdBpI9sQKw+acGKcl1az6t3xzU=",
+        "narHash": "sha256-cqZAN2FmnUX/M42m1T9/glzcp8C+66bV/25xUB7TbAw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5816a8aa0af7a6f3148bbd0c71cbe7fcb6ec7a14",
+        "rev": "b7ffd1a8c2550781d74d6a2b48dc6bcd9da29996",
         "type": "github"
       },
       "original": {
@@ -432,11 +432,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1757545623,
+        "lastModified": 1759580034,
-        "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=",
+        "narHash": "sha256-YWo57PL7mGZU7D4WeKFMiW4ex/O6ZolUS6UNBHTZfkI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "8cd5ce828d5d1d16feff37340171a98fc3bf6526",
+        "rev": "3bcc93c5f7a4b30335d31f21e2f1281cba68c318",
         "type": "github"
       },
       "original": {
@@ -480,11 +480,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1758690382,
+        "lastModified": 1759381078,
-        "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e643668fd71b949c53f8626614b21ff71a07379d",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
         "type": "github"
       },
       "original": {
@@ -512,11 +512,11 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1757745802,
+        "lastModified": 1759381078,
-        "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
         "type": "github"
       },
       "original": {
@@ -550,11 +550,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759475326,
+        "lastModified": 1759659817,
-        "narHash": "sha256-bXXGDZQm05KmaSf/TDqAOkPK4i6Ba5y12aL6/hcJiro=",
+        "narHash": "sha256-S26D4k/9He1tLCn5ARx+3BNzK7IKBLBJWUqx9GF8X7s=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "1d38cb6e7f916b7a31f4d8ef1995ba9fbaf93380",
+        "rev": "df8713776e7e236129f7c260017e770393b4f278",
         "type": "github"
       },
       "original": {

flake.nix

@@ -23,7 +23,8 @@
     nixpkgs-master.url = "github:nixos/nixpkgs/master";
 
     m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
-
+    # m3ta-nixpkgs.url = "path:/home/m3tam3re/p/nix/nixpkgs";
+    #
     nur = {
       url = "github:nix-community/NUR";
       inputs.nixpkgs.follows = "nixpkgs";

home/common/default.nix

@@ -51,4 +51,5 @@
       warn-dirty = false;
     };
   };
+  colorScheme = inputs.nix-colors.colorSchemes.dracula;
 }

home/features/desktop/coding.nix

@@ -19,121 +19,5 @@ in {
       neovim.enable = true;
       zed.enable = true;
     };
-    # programs.zed-editor = {
-    #   enable = true;
-    #   userSettings = {
-    #     features = {
-    #       inline_prediction_provider = "zed";
-    #       edit_prediction_provider = "zed";
-    #       copilot = false;
-    #     };
-    #     telemetry = {
-    #       metrics = false;
-    #     };
-    #     lsp = {
-    #       rust_analyzer = {
-    #         binary = {path_lookup = true;};
-    #       };
-    #     };
-    #     languages = {
-    #       Nix = {
-    #         language_servers = ["nixd"];
-    #         formatter = {
-    #           external = {
-    #             command = "alejandra";
-    #             arguments = ["-q" "-"];
-    #           };
-    #         };
-    #       };
-    #       Python = {
-    #         language_servers = ["pyrefly"];
-    #         formatter = {
-    #           external = {
-    #             command = "black";
-    #             arguments = ["-"];
-    #           };
-    #         };
-    #       };
-    #     };
-    #     lsp = {
-    #       "pyrefly" = {
-    #         command = {
-    #           path = "pyrefly";
-    #           args = ["--lsp"];
-    #           env = {};
-    #         };
-    #         settings = {};
-    #       };
-    #     };
-    #     context_servers = {
-    #       "some-context-server" = {
-    #         command = {
-    #           path = "some-command";
-    #           args = ["arg-1" "arg-2"];
-    #           env = {};
-    #         };
-    #         settings = {};
-    #       };
-    #     };
-    #     assistant = {
-    #       version = "2";
-    #       default_model = {
-    #         provider = "anthropic";
-    #         model = "Claude 3.7 Sonnet";
-    #       };
-    #     };
-    #     language_models = {
-    #       anthropic = {
-    #         version = "1";
-    #         api_url = "https://api.anthropic.com";
-    #       };
-    #       openai = {
-    #         version = "1";
-    #         api_url = "https://api.openai.com/v1";
-    #       };
-    #       ollama = {
-    #         api_url = "http://localhost:11434";
-    #       };
-    #     };
-    #     ssh_connections = [
-    #       {
-    #         host = "152.53.85.162";
-    #         nickname = "m3-atlas";
-    #         args = ["-i" "~/.ssh/m3tam3re"];
-    #       }
-    #       {
-    #         host = "95.217.189.186";
-    #         port = 2222;
-    #         nickname = "self-host-playbook";
-    #         args = ["-i" "~/.ssh/self-host-playbook"];
-    #         "projects" = [
-    #           {
-    #             paths = ["/etc/nixos/current-systemconfig"];
-    #           }
-    #         ];
-    #       }
-    #       {
-    #         host = "192.168.1.152";
-    #         port = 22;
-    #         nickname = "m3-daedalus";
-    #         args = ["-i" "~/.ssh/m3tam3re"];
-    #         "projects" = [
-    #           {
-    #             paths = ["/home/m3tam3re/home-config"];
-    #           }
-    #         ];
-    #       }
-    #     ];
-    #     auto_update = false;
-    #     format_on_save = "on";
-    #     vim_mode = true;
-    #     load_direnv = "shell_hook";
-    #     theme = "Dracula";
-    #     buffer_font_family = "FiraCode Nerd Font";
-    #     ui_font_size = 16;
-    #     buffer_font_size = 16;
-    #     show_edit_predictions = true;
-    #   };
-    # };
   };
 }

home/features/desktop/theme.nix

@@ -1,9 +1,7 @@
 {
   pkgs,
-  inputs,
   ...
 }: {
-  colorScheme = inputs.nix-colors.colorSchemes.dracula;
   qt = {
     enable = true;
     platformTheme.name = "gtk";

home/m3tam3re/m3-ares.nix

@@ -10,7 +10,6 @@ with lib; {
     ../features/cli
     ../features/coding
     ../features/desktop
-    #./services/librechat.nix
   ];
 
   config = mkMerge [

home/m3tam3re/services/librechat.nix

@@ -1,18 +0,0 @@
-{
-  systemd.user.services.librechat = {
-    Unit = {
-      Description = "LibreChat Start";
-      After = ["network-online.target"];
-      Wants = ["network-online.target"];
-    };
-    Install = {WantedBy = ["default.target"];};
-    Service = {
-      Type = "oneshot";
-      RemainAfterExit = "yes";
-      WorkingDirectory = "/home/m3tam3re/p/r/ai/LibreChat";
-      ExecStart = "/run/current-system/sw/bin/podman-compose up -d";
-      ExecStop = "/run/current-system/sw/bin/podman-compose down";
-      Restart = "on-failure";
-    };
-  };
-}

hosts/common/default.nix

@@ -8,6 +8,7 @@
 }: {
   imports = [
     ./extraServices
+    ./ports.nix
     ./users
     inputs.home-manager.nixosModules.home-manager
   ];

hosts/common/ports.nix

@@ -0,0 +1,72 @@
+{config, ...}: {
+  m3ta.ports = {
+    enable = true;
+    definitions = {
+      # System services
+      ssh = 22;
+
+      # Web & proxy services
+      traefik = 80;
+      traefik-ssl = 443;
+
+      # Databases
+      postgres = 5432;
+      mysql = 3306;
+      redis = 6379;
+
+      # VPN & networking
+      wireguard = 51820;
+      tailscale = 41641;
+      headscale = 3009;
+
+      # Containers & web apps
+      gitea = 3030;
+      baserow = 3001;
+      ghost = 3002;
+      wastebin = 3003;
+      littlelink = 3004;
+      searx = 3005;
+      restreamer = 3006;
+      paperless = 3012;
+      vaultwarden = 3013;
+      slash = 3010;
+      slash-nemoti = 3016;
+      kestra = 3018;
+      outline = 3019;
+      pangolin = 3020;
+      pangolin-api = 3021;
+      pangolin-ws = 3022;
+
+      # Home automation
+      homarr = 7575;
+
+      # DNS
+      adguardhome = 53;
+    };
+
+    hostOverrides = {
+      # Host-specific overrides
+      m3-ares = {
+        # Any custom port overrides for m3-ares
+      };
+
+      m3-atlas = {
+        # Any custom port overrides for m3-atlas
+      };
+
+      m3-helios = {
+        # Any custom port overrides for m3-helios
+      };
+
+      m3-kratos = {
+        # Any custom port overrides for m3-kratos
+      };
+    };
+  };
+  environment.etc."info/all-ports.json" = {
+    text = builtins.toJSON {
+      hostname = config.networking.hostName;
+      ports = config.m3ta.ports.all; # TODO should only return actually used ports
+    };
+  };
+}

hosts/m3-ares/configuration.nix

@@ -24,14 +24,12 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.systemd-boot.memtest86.enable = true;
   boot.initrd.services.lvm.enable = false;
-  boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
+  # boot.kernelModules = [];
-  boot.kernelModules = ["v4l2loopback"];
   boot.kernelPackages = pkgs.linuxPackages_latest;
   boot.extraModprobeConfig = ''
     options kvm_intel nested=1
     options kvm_intel emulate_invalid_guest_state=0
     options kvm ignore_msrs=1
-    options v4l2loopback exclusive_caps=1 max_buffers=2
   '';
 
   networking.hostName = "m3-ares"; # Define your hostname.

hosts/m3-ares/services/postgres.nix

@@ -1,4 +1,7 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  ...
+}: {
   services.postgresql = {
     enable = true;
     package = pkgs.postgresql_17;

hosts/m3-ares/services/sound.nix

@@ -1,6 +1,4 @@
-{pkgs, ...}: {
+{
-  environment.systemPackages = with pkgs; [
-  ];
   security.rtkit.enable = true;
   services.pipewire = {
     enable = true;

hosts/m3-ares/services/tailscale.nix

@@ -1,6 +1,6 @@
 {config, ...}: {
   services.tailscale = {
-    enable = true;
+    enable = false;
     authKeyFile = config.age.secrets.tailscale-key.path;
     useRoutingFeatures = "both";
     extraUpFlags = [

hosts/m3-atlas/services/containers/baserow.nix

@@ -2,7 +2,7 @@
   virtualisation.oci-containers.containers."baserow" = {
     image = "docker.io/baserow/baserow:1.34.2";
     environmentFiles = [config.age.secrets.baserow-env.path];
-    ports = ["127.0.0.1:3001:80"];
+    ports = ["127.0.0.1:${toString (config.m3ta.ports.get "baserow")}:80"];
     volumes = ["baserow_data:/baserow/data"];
     extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.10" "--network=web"];
   };
@@ -10,7 +10,7 @@
   services.traefik.dynamicConfigOptions.http = {
     services.baserow.loadBalancer.servers = [
       {
-        url = "http://localhost:3001/";
+        url = "http://localhost:${toString (config.m3ta.ports.get "baserow")}/";
       }
     ];
 

hosts/m3-atlas/services/containers/restreamer.nix

@@ -4,7 +4,7 @@
     environmentFiles = [config.age.secrets.restreamer-env.path];
     # Modified ports to include RTMPS
     ports = [
-      "127.0.0.1:3006:8080" # Web UI
+      "127.0.0.1:${toString (config.m3ta.ports.get "restreamer")}:8080" # Web UI
       "127.0.0.1:1936:1935" # RTMP
     ];
     volumes = [
@@ -20,7 +20,7 @@
       http = {
         services.restreamer.loadBalancer.servers = [
           {
-            url = "http://localhost:3006/";
+            url = "http://localhost:${toString (config.m3ta.ports.get "restreamer")}/";
           }
         ];
 

hosts/m3-atlas/services/gitea.nix

@@ -1,10 +1,10 @@
-{
+{config, ...}: {
   services.gitea = {
     enable = true;
     settings = {
       server = {
         ROOT_URL = "https://code.m3ta.dev";
-        HTTP_PORT = 3030;
+        HTTP_PORT = config.m3ta.ports.get "gitea";
       };
       mailer.SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
       service.DISABLE_REGISTRATION = true;
@@ -21,7 +21,7 @@
   services.traefik.dynamicConfigOptions.http = {
     services.gitea.loadBalancer.servers = [
       {
-        url = "http://localhost:3030/";
+        url = "http://localhost:${toString (config.m3ta.ports.get "gitea")}/";
       }
     ];
 

hosts/m3-atlas/services/paperless.nix

@@ -1,13 +1,13 @@
 {config, ...}: {
   services.paperless = {
     enable = true;
-    port = 3012;
+    port = config.m3ta.ports.get "paperless";
     database.createLocally = true;
     passwordFile = config.age.secrets.paperless-key.path;
     configureTika = true;
     settings = {
       PAPERLESS_URL = "https://pl.m3ta.dev";
-      DATABASE_URL = "postgresql://paperless:paperless@127.0.0.1:5432/paperless";
+      DATABASE_URL = "postgresql://paperless:paperless@127.0.0.1:${toString (config.m3ta.ports.get "postgres")}/paperless";
       PAPERLESS_CONSUMER_IGNORE_PATTERN = [
         ".DS_STORE/*"
         "desktop.ini"
@@ -25,7 +25,7 @@
   services.traefik.dynamicConfigOptions.http = {
     services.paperless.loadBalancer.servers = [
       {
-        url = "http://localhost:3012/";
+        url = "http://localhost:${toString (config.m3ta.ports.get "paperless")}/";
       }
     ];
     routers.paperless = {

hosts/m3-atlas/services/postgres.nix

@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
   services.postgresql = {
     enable = true;
     enableTCPIP = true;
@@ -36,8 +40,8 @@
   };
   networking.firewall = {
     extraCommands = ''
-      iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5432 -j ACCEPT
+      iptables -A INPUT -p tcp -s 127.0.0.1 --dport ${toString (config.m3ta.ports.get "postgres")} -j ACCEPT
-      iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 5432 -j ACCEPT
+      iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport ${toString (config.m3ta.ports.get "postgres")} -j ACCEPT
     '';
   };
 }

hosts/m3-helios/services/adguard.nix

@@ -1,10 +1,10 @@
-{
+{config, ...}: {
   services.adguardhome = {
     enable = true;
     openFirewall = true;
     settings = {
       dns = {
-        port = 53;
+        port = config.m3ta.ports.get "adguardhome";
         upstream_dns = [
           "1.1.1.1"
           "8.8.8.8"
@@ -20,6 +20,6 @@
       };
     };
   };
-  networking.firewall.allowedTCPPorts = [53];
+  networking.firewall.allowedTCPPorts = [(config.m3ta.ports.get "adguardhome")];
-  networking.firewall.allowedUDPPorts = [53];
+  networking.firewall.allowedUDPPorts = [(config.m3ta.ports.get "adguardhome")];
 }

modules/nixos/default.nix

@@ -0,0 +1,3 @@
+{
+  #module = import ./module.nix;
+}