Firefox: Enable native messaging for kde-connect

home/features/desktop/common/firefox.nix

@@ -5,6 +5,8 @@
   ...
 }: {
   imports = [inputs.arkenfox.hmModules.default];
+  home.file.".mozilla/native-messaging-hosts/org.kde.plasma.browser_integration.json".source = "${pkgs.plasma5Packages.plasma-browser-integration}/lib/mozilla/native-messaging-hosts/org.kde.plasma.browser_integration.json";
+
   programs.firefox = {
     enable = true;
 
@@ -117,6 +119,7 @@
       search.default = "Searx";
 
       settings = {
+        "media.hardwaremediakeys.enabled" = false;
         "dom.security.https_only_mode" = true;
         "browser.download.panel.shown" = false;
         "browser.toolbars.bookmarks.visibility" = "always";

hosts/franz/arion/feed/arion-compose.nix

@@ -0,0 +1,45 @@
+{pkgs, ...}: {
+  project.name = "feed";
+
+  networks.dmz = {
+    name = "dmz";
+    external = true;
+  };
+
+  networks.transport = {};
+
+  services = {
+    ttrss.service = {
+      image = "wangqiru/ttrss:latest";
+      container_name = "ttrss";
+      ports = [
+        "181:80"
+      ];
+      environment = {
+        PUID = 1000;
+        PGID = 1000;
+        DB_HOST = "db";
+      };
+      env_file = [
+        "/home/ghoscht/.docker/feed/ttrss.env"
+      ];
+      restart = "always";
+      networks = [
+        "dmz"
+      ];
+    };
+  };
+  db.service = {
+    image = "postgres:13-alpine";
+    volumes = [
+      "/home/ghoscht/.docker/feed/ttrss_db:/var/lib/postgresql/data"
+    ];
+    env_file = [
+      "/home/ghoscht/.docker/feed/ttrss.env"
+    ];
+    restart = "always";
+    networks = [
+      "dmz"
+    ];
+  };
+}

hosts/franz/arion/feed/arion-pkgs.nix

@@ -0,0 +1,6 @@
+# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
+import <nixpkgs> {
+  # We specify the architecture explicitly. Use a Linux remote builder when
+  # calling arion from other platforms.
+  system = "x86_64-linux";
+}

hosts/franz/arion/feed/default.nix

@@ -0,0 +1,22 @@
+{config, ...}: let
+  vars = import ../../../../vars.nix;
+in {
+  virtualisation.arion = {
+    projects.feed.settings = {
+      imports = [./arion-compose.nix];
+    };
+  };
+
+  sops.secrets."ttrs/db_password" = {
+    owner = vars.user;
+  };
+
+  sops.templates."ttrss.env" = {
+    path = "/home/${vars.user}/.docker/feed/ttrss.env";
+    owner = vars.user;
+    mode = "0775";
+    content = ''
+      DB_PASS="${config.sops.placeholder."ttrss/db_password"}"
+    '';
+  };
+}

hosts/franz/arion/infrastructure/arion-compose.nix

@@ -43,18 +43,18 @@
         "dmz"
       ];
     };
-    cloudflared.service = {
+    # cloudflared.service = {
-      image = "cloudflare/cloudflared:latest";
+    #   image = "cloudflare/cloudflared:latest";
-      container_name = "cloudflared";
+    #   container_name = "cloudflared";
-      env_file = [
+    #   env_file = [
-        "/home/ghoscht/.docker/infrastructure/cloudflared.env"
+    #     "/home/ghoscht/.docker/infrastructure/cloudflared.env"
-      ];
+    #   ];
-      restart = "always";
+    #   restart = "always";
-      command = "tunnel --no-autoupdate --protocol http2 run";
+    #   command = "tunnel --no-autoupdate --protocol http2 run";
-      networks = [
+    #   networks = [
-        "dmz"
+    #     "dmz"
-      ];
+    #   ];
-    };
+    # };
     scrutiny.service = {
       image = "ghcr.io/analogj/scrutiny:master-omnibus";
       container_name = "scrutiny";

secrets/franz.yaml

@@ -25,6 +25,8 @@ unpackerr:
     sonarr_api_key: ENC[AES256_GCM,data:iENKLrYT7xbRrFAxN58VItZWhGfWjX1Nbu8zpFWA2ZI=,iv:WGFPGGoCvT993t9ROg1cRVPg8+qlDE92VpKfm9PNfpo=,tag:KBMggYqcUEhTg7yVaytysg==,type:str]
     radarr_api_key: ENC[AES256_GCM,data:zFMPIFc682n0wj/UOI6BUag2wVVys3EXCcYNqatExJA=,iv:NwRUIHolFyw9P0iiNrgm6EV+GAp5sSLho1NEwv5DaHw=,tag:TpapILDy8Oad5XzudcXaeQ==,type:str]
     lidarr_api_key: ENC[AES256_GCM,data:WZzb/Is7qdIq9qPEYt0FFXSucUx3qCv/isWwUyxDrB0=,iv:k0CFPUU4UmTmW0R/5sWgptbsfdLlglKze3EAyNi6t1E=,tag:aXUZd43krL9qKvs1uvJ4AA==,type:str]
+ttrss:
+    db_password: ENC[AES256_GCM,data:Yp44TDA=,iv:3eurDNE37mf2qDunCJczIyq26ttWwX9J6OhxMydEiq4=,tag:+Ce6sV40xn3VzgacEAY5NQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -40,8 +42,8 @@ sops:
             VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
             EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-06T15:02:59Z"
+    lastmodified: "2024-03-15T20:30:02Z"
-    mac: ENC[AES256_GCM,data:jWfGV2lKFoDEX+1OUzbnzYE0zqzh6+GX/X9IsZ1igg6xMW7T1sfQwKrRBHUnRO6HTDd9ppcIsRkZo/tL76mmLRiOlMrsoWD8quzkSjJrW6whxQn0acyqVhIw3KZmmet8+ICV4lIuI006zr3vffPVkDAizhrl3jXnuLBO+8yADHs=,iv:cxozu5kuLU1wXWiu0RfxYJgYUkoMyEUSmfHXrrfCMhc=,tag:rUbr/h3FKmil6zRBSG4RSw==,type:str]
+    mac: ENC[AES256_GCM,data:sdxHWMIA4KwVNVSBe/oh5LrR4W11NES3qt5HVlAvVqmpEnLfSRMXCtGXnyBk0eN8O9hW6Zi135ZBQeyrVIQlsXU55LXLfQeWBK6VdLIfLScVDmJJ5MAMMl9ExhDr7XZ5tfmMkHsLnUSz7AM0tXmmbj5uwC40NDlyXZgOxo1fV8g=,iv:c0SaijwURfAJ1k0u/hed7jtBIV+4dqHSs8cGftEOmNU=,tag:sGBse6Um0LgUbOF207ZZCQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1