chore(solidtime): Update to 0.10.0

Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/7df7ff7d8e00218376575f0acdcc5d66741351ee?narHash=sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs%3D' (2025-10-02)
  → 'github:NixOS/nixpkgs/544961dfcce86422ba200ed9a0b00dd4b1486ec5?narHash=sha256-EVAqOteLBFmd7pKkb0%2BFIUyzTF61VKi7YmvP1tw4nEw%3D' (2025-10-15)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/9fcfabe085281dd793589bdc770a2e577a3caa5d?narHash=sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU%3D' (2025-09-29)
  → 'github:Mic92/sops-nix/ab8d56e85b8be14cff9d93735951e30c3e86a437?narHash=sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E%3D' (2025-10-13)

.gitignore

@@ -0,0 +1 @@
+.idea

flake.lock

@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1759381078,
-        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
+        "lastModified": 1760524057,
+        "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
+        "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",
         "type": "github"
       },
       "original": {
@@ -48,11 +48,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1759188042,
-        "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=",
+        "lastModified": 1760393368,
+        "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d",
+        "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437",
         "type": "github"
       },
       "original": {

hosts/Binnenpost/default.nix

@@ -16,6 +16,7 @@
       apps = {
         speedtest.enable = true;
         technitiumDNS.enable = true;
+        traefik.enable = true;
       };
       virtualisation.guest.enable = true;
     };
@@ -76,6 +77,14 @@
       };
     };
 
+    virtualisation.oci-containers.containers.traefik.labels = {
+      "traefik.http.routers.roxanne.rule" = "Host(`roxanne.depeuter.dev`)";
+      "traefik.http.services.roxanne.loadbalancer.server.url" = "https://192.168.0.13:8006";
+
+      "traefik.http.routers.hugo.rule" = "Host(`hugo.depeuter.dev`)";
+      "traefik.http.services.hugo.loadbalancer.server.url" = "https://192.168.0.11:444";
+    };
+
     system.stateVersion = "24.05";
   };
 }

hosts/Development/default.nix

@@ -5,8 +5,13 @@
     homelab = {
       apps = {
         bind9.enable = true;
+        homepage = {
+          enable = true;
+          exposePort = true;
+        };
         traefik.enable = true;
         plex.enable = true;
+        solidtime.enable = true;
       };
       virtualisation.guest.enable = true;
     };

hosts/Gitea/default.nix

@@ -5,6 +5,13 @@
     homelab = {
       apps.gitea.enable = true;
       virtualisation.guest.enable = true;
+
+      users.admin = {
+        enable = true;
+        authorizedKeys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFrp6aM62Bf7bj1YM5AlAWuNrANU3N5e8+LtbbpmZPKS"
+        ];
+      };
     };
 
     networking = {

hosts/Ingress/default.nix

@@ -68,7 +68,12 @@ prefixLength = 24;
     # List services that you want to enable.
     services = {
       # Enable Nginx as a reverse proxy
-      nginx = {
+      nginx = let
+        nextcloud = {
+          host = "192.168.0.23";
+          officePort = 8080;
+        };
+      in {
         enable = true;
 
         # Use recommended settings
@@ -80,7 +85,7 @@ prefixLength = 24;
         # Only allow PFS-enabled ciphers with AES256
         sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
 
-        upstreams.docservice.servers."192.168.0.14:8080" = {};
+        upstreams.docservice.servers."${nextcloud.host}:${toString nextcloud.officePort}" = {};
 
         appendHttpConfig = ''
           map $http_x_forwarded_proto $the_scheme {
@@ -112,14 +117,14 @@ prefixLength = 24;
             forceSSL = true;
             locations = {
               "/" = {
-                proxyPass = "http://192.168.0.14";
+                proxyPass = "http://${nextcloud.host}";
                 extraConfig = ''
                   add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
                   fastcgi_request_buffering off;
                 '';
               };
               "/office/" = {
-                proxyPass = "http://192.168.0.14:8080/";
+                proxyPass = "http://${nextcloud.host}:${toString nextcloud.officePort}/";
                 priority = 500;
                 recommendedProxySettings = false;
                 extraConfig = ''
@@ -137,12 +142,6 @@ prefixLength = 24;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             '';
           };
-          "calendar.depeuter.dev" = {
-            useACMEHost = "depeuter.dev";
-            locations."/".return = "301 https://cloud.depeuter.dev/apps/calendar";
-          };
-          "tasks.depeuter.dev".locations."/".return = "301 https://cloud.depeuter.dev/apps/tasks";
-          "notes.depeuter.dev".locations."/".return = "301 https://cloud.depeuter.dev/apps/notes";
 
           "home.depeuter.dev" = {
             enableACME = true;
@@ -158,12 +157,17 @@ prefixLength = 24;
             };
           };
 
-          "jelly.depeuter.dev" = {
+          "jelly.depeuter.dev" = let
+            jellyfin = {
+              host = "192.168.0.94";
+              port = 8096;
+            };
+          in {
             enableACME = true;
             forceSSL = true;
             locations = {
               "/" = {
-                proxyPass = "http://192.168.0.94:8096";
+                proxyPass = "http://${jellyfin.host}:${toString jellyfin.port}";
                 extraConfig = ''
                   # Proxy main Jellyfin traffic
                   proxy_set_header Host $host;
@@ -178,7 +182,7 @@ prefixLength = 24;
                 '';
               };
               "/socket" = {
-                proxyPass = "http://192.168.0.91:8096";
+                proxyPass = "http://${jellyfin.host}:${toString jellyfin.port}";
                 extraConfig = ''
                   # Proxy Jellyfin Websockets traffic
                   proxy_http_version 1.1;
@@ -240,7 +244,7 @@ prefixLength = 24;
             locations = {
               "/" = {
                 proxyPass = "http://192.168.0.22:10102";
-                proxyWebSockets = true;
+                proxyWebsockets = true;
               };
               "~ ^/admin".return = 403;
             };

hosts/Vaultwarden/default.nix

@@ -9,6 +9,13 @@
         name = "Hugo's Vault";
       };
       virtualisation.guest.enable = true;
+
+      users.admin = {
+        enable = true;
+        authorizedKeys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnihoyozOCnm6T9OzL2xoMeMZckBYR2w43us68ABA93"
+        ];
+      };
     };
 
     networking = {

modules/apps/arr/default.nix

@@ -12,7 +12,16 @@ let
   PGID = toString config.users.groups.media.gid;
   UMASK = "002";
 in {
-  options.homelab.apps.arr = {
+  options.homelab.apps.arr = let
+    mkAppOption = appName: {
+      enable = lib.mkEnableOption "${appName} using Docker";
+      exposePorts = lib.mkOption {
+        type = lib.types.bool;
+        description = "Expose ${appName} port";
+        default = cfg.exposePorts;
+      };
+    };
+  in {
     enable = lib.mkEnableOption "Arr Stack using Docker";
     exposePorts = lib.mkOption {
       type = lib.types.bool;
@@ -21,46 +30,11 @@ in {
       default = ! config.homelab.apps.traefik.enable;
     };
 
-    bazarr = {
-      enable = lib.mkEnableOption "Bazarr using Docker";
-      exposePorts = lib.mkOption {
-        type = lib.types.bool;
-        description = "Expose Bazarr port";
-        default = cfg.exposePorts;
-      };
-    };
-    prowlarr = {
-      enable = lib.mkEnableOption "Prowlarr using Docker";
-      exposePorts = lib.mkOption {
-        type = lib.types.bool;
-        description = "Expose Prowlarr port";
-        default = cfg.exposePorts;
-      };
-    };
-    qbittorrent = {
-      enable = lib.mkEnableOption "qBittorrent using Docker";
-      exposePorts = lib.mkOption {
-        type = lib.types.bool;
-        description = "Expose qBittorrent port";
-        default = cfg.exposePorts;
-      };
-    };
-    radarr = {
-      enable = lib.mkEnableOption "Radarr using Docker";
-      exposePorts = lib.mkOption {
-        type = lib.types.bool;
-        description = "Expose Radarr port";
-        default = cfg.exposePorts;
-      };
-    };
-    sonarr = {
-      enable = lib.mkEnableOption "Sonarr using Docker";
-      exposePorts = lib.mkOption {
-        type = lib.types.bool;
-        description = "Expose Sonarr port";
-        default = cfg.exposePorts;
-      };
-    };
+    bazarr = mkAppOption "Bazarr";
+    prowlarr = mkAppOption "Prowlarr";
+    qbittorrent = mkAppOption "qBittorrent";
+    radarr = mkAppOption "Radarr";
+    sonarr = mkAppOption "Sonarr";
   };
 
   config = {
@@ -87,9 +61,9 @@ in {
       virtualisation.containers.enable = lib.mkIf inUse true;
     };
 
-    fileSystems = lib.mkIf inUse {
-      "/srv/bazarr-backup" = lib.mkIf cfg.bazarr.enable {
-        device = "192.168.0.11:/mnt/BIG/BACKUP/BAZARR";
+    fileSystems = let
+      mkFileSystem = device: {
+        inherit device;
         fsType = "nfs";
         options = [
           "rw"
@@ -102,75 +76,14 @@ in {
         ];
       };
 
-      "/srv/prowlarr-backup" = lib.mkIf cfg.prowlarr.enable {
-        device = "192.168.0.11:/mnt/BIG/BACKUP/PROWLARR";
-        fsType = "nfs";
-        options = [
-          "rw"
-          "auto"
-          "nfsvers=4.2"
-          "rsize=1048576" "wsize=1048576"
-          "hard"
-          "timeo=600" "retrans=2"
-          "_netdev" "nosuid" "tcp"
-        ];
-      };
-
-      "/srv/qbittorrent" = lib.mkIf cfg.qbittorrent.enable {
-        device = "192.168.0.11:/mnt/SMALL/CONFIG/QBITTORRENT";
-        fsType = "nfs";
-        options = [
-          "rw"
-          "auto"
-          "nfsvers=4.2"
-          "rsize=1048576" "wsize=1048576"
-          "hard"
-          "timeo=600" "retrans=2"
-          "_netdev" "nosuid" "tcp"
-        ];
-      };
-
-      "/srv/radarr-backup" = lib.mkIf cfg.radarr.enable {
-        device = "192.168.0.11:/mnt/BIG/BACKUP/RADARR";
-        fsType = "nfs";
-        options = [
-          "rw"
-          "auto"
-          "nfsvers=4.2"
-          "rsize=1048576" "wsize=1048576"
-          "hard"
-          "timeo=600" "retrans=2"
-          "_netdev" "nosuid" "tcp"
-        ];
-      };
-
-      "/srv/sonarr-backup" = lib.mkIf cfg.sonarr.enable {
-        device = "192.168.0.11:/mnt/BIG/BACKUP/SONARR";
-        fsType = "nfs";
-        options = [
-          "rw"
-          "auto"
-          "nfsvers=4.2"
-          "rsize=1048576" "wsize=1048576"
-          "hard"
-          "timeo=600" "retrans=2"
-          "_netdev" "nosuid" "tcp"
-        ];
-      };
-
-      "/srv/torrent" = {
-        device = "192.168.0.11:/mnt/SMALL/MEDIA/TORRENT";
-        fsType = "nfs";
-        options = [
-          "rw"
-          "auto"
-          "nfsvers=4.2"
-          "rsize=1048576" "wsize=1048576"
-          "hard"
-          "timeo=600" "retrans=2"
-          "_netdev" "nosuid" "tcp"
-        ];
-      };
+      hugoBackup = "192.168.0.11:/mnt/BIG/BACKUP";
+    in lib.mkIf inUse {
+      "/srv/bazarr-backup" = lib.mkIf cfg.bazarr.enable (mkFileSystem "${hugoBackup}/BAZARR");
+      "/srv/prowlarr-backup" = lib.mkIf cfg.bazarr.enable (mkFileSystem "${hugoBackup}/PROWLARR");
+      "/srv/qbittorrent" = lib.mkIf cfg.qbittorrent.enable (mkFileSystem "192.168.0.11:/mnt/SMALL/CONFIG/QBITTORRENT");
+      "/srv/radarr-backup" = lib.mkIf cfg.radarr.enable (mkFileSystem "${hugoBackup}/RADARR");
+      "/srv/sonarr-backup" = lib.mkIf cfg.sonarr.enable (mkFileSystem "${hugoBackup}/SONARR");
+      "/srv/torrent" = mkFileSystem "192.168.0.11:/mnt/SMALL/MEDIA/TORRENT";
     };
 
     # Make sure the Docker network exists.
@@ -195,45 +108,24 @@ in {
     };
 
     # Create a user for each app.
-    users.users = {
-      bazarr = lib.mkIf cfg.bazarr.enable {
-        uid = lib.mkForce 3003;
+    users.users = let
+      mkUser = uid: {
+        uid = lib.mkForce uid;
         isSystemUser = true;
         group = config.users.groups.media.name;
         home = "/var/empty";
         shell = null;
       };
-      prowlarr = lib.mkIf cfg.prowlarr.enable {
-        uid = lib.mkForce 3004;
-        isSystemUser = true;
-        group = config.users.groups.media.name;
-        home = "/var/empty";
-        shell = null;
-      };
-      qbittorrent = lib.mkIf cfg.qbittorrent.enable {
-        uid = lib.mkForce 3005;
-        isSystemUser = true;
-        group = config.users.groups.media.name;
+    in {
+      bazarr = lib.mkIf cfg.bazarr.enable (mkUser 3003);
+      prowlarr = lib.mkIf cfg.prowlarr.enable (mkUser 3004);
+      qbittorrent = lib.mkIf cfg.qbittorrent.enable (mkUser 3005) // {
         extraGroups = [
           config.users.groups.apps.name
         ];
-        home = "/var/empty";
-        shell = null;
-      };
-      radarr = lib.mkIf cfg.radarr.enable {
-        uid = lib.mkForce 3006;
-        isSystemUser = true;
-        group = config.users.groups.media.name;
-        home = "/var/empty";
-        shell = null;
-      };
-      sonarr = lib.mkIf cfg.sonarr.enable {
-        uid = lib.mkForce 3007;
-        isSystemUser = true;
-        group = config.users.groups.media.name;
-        home = "/var/empty";
-        shell = null;
       };
+      radarr = lib.mkIf cfg.radarr.enable (mkUser 3006);
+      sonarr = lib.mkIf cfg.sonarr.enable (mkUser 3007);
     };
 
     virtualisation.oci-containers.containers = let

modules/apps/default.nix

@@ -6,8 +6,10 @@
     ./changedetection
     ./freshrss
     ./gitea
+    ./homepage
     ./jellyfin
     ./plex
+    ./solidtime
     ./speedtest
     ./technitium-dns
     ./traefik

modules/apps/homepage/default.nix

@@ -0,0 +1,79 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.homelab.apps.homepage;
+
+  PUID = toString config.users.users.homepage.uid;
+  PGID = toString config.users.groups.apps.gid;
+
+  homepage-config = "/srv/homepage-config";
+
+  proxyNet = config.homelab.apps.traefik.sharedNetworkName;
+in {
+  options.homelab.apps.homepage = {
+    enable = lib.mkEnableOption "homepage";
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 3000;
+      description = "homepage WebUI port";
+    };
+    exposePort = lib.mkEnableOption "expose homepage port";
+  };
+
+  config = lib.mkIf cfg.enable {
+    homelab = {
+      users.apps.enable = true;
+      virtualisation.containers.enable = true;
+    };
+
+    users.users.homepage = {
+      uid = lib.mkForce 3018;
+      isSystemUser = true;
+      group = config.users.groups.apps.name;
+      home = "/var/empty";
+      shell = null;
+    };
+
+    fileSystems."${homepage-config}" = {
+      device = "192.168.0.11:/mnt/SMALL/CONFIG/HOMEPAGE";
+      fsType = "nfs";
+      options = [
+        "rw"
+        "auto"
+        "nfsvers=4.2"
+        "async" "soft" "timeo=100" "retry=50" "actimeo=1800" "lookupcache=all"
+        "nosuid" "tcp"
+      ];
+    };
+
+    virtualisation.oci-containers.containers.homepage = let
+      host = "homepage.${config.networking.domain}";
+    in {
+      hostname = "homepage";
+      image = "ghcr.io/gethomepage/homepage:v1.10.1";
+      autoStart = true;
+      user = "${toString PUID}:${toString PGID}";
+      ports = lib.mkIf cfg.exposePort [
+        "${toString cfg.port}:3000/tcp"
+      ];
+      networks = [
+        proxyNet
+      ];
+      volumes = [
+        "${homepage-config}:/app/config"
+        # "/var/run/docker.sock:/var/run/docker.sock:ro" # For docker integrations
+      ];
+      labels = {
+        "traefik.enable" = "true";
+        "traefik.docker.network" = proxyNet;
+        "traefik.http.routers.homepage.rule" = "Host(`${host}`)";
+        "traefik.http.services.homepage.loadbalancer.server.port" = toString cfg.port;
+      };
+      environment = {
+        inherit PUID PGID;
+
+        HOMEPAGE_ALLOWED_HOSTS = "${host},192.168.0.91:3000";
+      };
+    };
+  };
+}

modules/apps/solidtime/default.nix

@@ -0,0 +1,278 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.homelab.apps.solidtime;
+
+  networkName = "solidtime";
+  internalNetworkName = "solidtime-internal";
+  proxyNet = config.homelab.apps.traefiik.sharedNetworkName;
+
+  user = "1000:1000";
+
+  # dbExternalPort = ...;
+  dbInternalPort = 5432;
+
+  gotenbergPort = 3000;
+
+  inherit (config.virtualisation.oci-containers) containers;
+
+  solidtimeImageName = "solidtime/solidtime";
+  version = "0.10.0";
+  solidtimeImage = "${solidtimeImageName}:${version}";
+  solidtimeImageFile = pkgs.dockerTools.pullImage {
+    imageName = solidtimeImageName;
+    finalImageTag = version;
+    imageDigest = "sha256:817d3a366ecc39f0473d7154372afa82dd4e6e50c66d70be45804892c8421cbb";
+    sha256 = "sha256-h5aCKaquUF/EVsOHaLOHrn1HAoXZYPhAbJ+e4cmjSA8=";
+  };
+
+  volumes = [
+    "solidtime-storage:/var/www/html/storage"
+    "solidtime-logs:/var/www/html/storage/logs"
+    "solidtime-app:/var/www/html/storage/app"
+  ];
+
+  # laravel.env
+  laravelEnv = {
+    APP_NAME = "Solidtime";
+    VITE_APP_NAME = laravelEnv.APP_NAME;
+    APP_ENV = "production";
+    APP_DEBUG = "false";
+    APP_URL = "http://localhost:${toString cfg.port}";
+    APP_FORCE_HTTPS = "false";
+    APP_ENABLE_REGISTRATION = "false";
+    TRUSTED_PROXIES = "0.0.0.0/0,2000:0:0:0:0:0:0:0/3";
+
+    # Logging
+    LOG_CHANNEL = "stderr_daily";
+    LOG_LEVEL = "debug";
+
+    # Database
+    DB_CONNECTION = "pgsql";
+    DB_HOST = containers.solidtimeDb.hostname;
+    DB_PORT = toString dbInternalPort;
+    DB_SSL_MODE = "require";
+    DB_DATABASE = "solidtime";
+    DB_USERNAME = "solidtime";
+    DB_PASSWORD = "ChangeMe";
+
+    # Mail
+    #MAIL_MAILER = "smtp";
+    #MAIL_HOST = "smtp.gmail.com";
+    #MAIL_PORT = "465";
+    #MAIL_ENCRYPTION = "tls";
+    #MAIL_FROM_ADDRESS = "no-reply@time.depeuter.dev";
+    MAIL_FROM_NAME = laravelEnv.APP_NAME;
+    #MAIL_USERNAME = "kmtl.hugo@gmail.com";
+    #MAIL_PASSWORD = "fhfxoequhhqidrhd";
+
+    # Queue
+    QUEUE_CONNECTION = "database";
+
+    # File storage
+    FILESYSTEM_DISK = "local";
+    PUBLIC_FILESYSTEM_DISK = "public";
+
+    # Services
+    GOTENBERG_URL = "http://${containers.solidtimeGotenberg.hostname}:${toString gotenbergPort}";
+  };
+
+in {
+  options.homelab.apps.solidtime = {
+    enable = lib.mkEnableOption "Solidtime time tracker using Docker";
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 8000;
+      description = "Solidtime WebUI port";
+    };
+    exposePort = lib.mkEnableOption "Expose Soldtime port";
+  };
+
+  config = lib.mkIf cfg.enable {
+    homelab.virtualisation.containers.enable = true;
+
+    # Make sure the Docker network exists.
+    systemd.services = {
+      "docker-${networkName}-create-network" = {
+        description = "Create Docker network for ${networkName}";
+        requiredBy = [
+          "${containers.solidtime.serviceName}.service"
+        ];
+        serviceConfig = {
+          Type = "oneshot";
+          RemainAfterExit = true;
+        };
+        script = ''
+          if ! ${pkgs.docker}/bin/docker network ls | grep -q ${networkName}; then
+            ${pkgs.docker}/bin/docker network create ${networkName}
+          fi
+        '';
+      };
+      "docker-${internalNetworkName}-create-network" = {
+        description = "Create Docker network for ${internalNetworkName}";
+        requiredBy = [
+          "${containers.solidtime.serviceName}.service"
+          "${containers.solidtimeScheduler.serviceName}.service"
+          "${containers.solidtimeQueue.serviceName}.service"
+          "${containers.solidtimeDb.serviceName}.service"
+          "${containers.solidtimeGotenberg.serviceName}.service"
+        ];
+        serviceConfig = {
+          Type = "oneshot";
+          RemainAfterExit = true;
+        };
+        script = ''
+          if ! ${pkgs.docker}/bin/docker network ls | grep -q ${internalNetworkName}; then
+            ${pkgs.docker}/bin/docker network create ${internalNetworkName}
+          fi
+        '';
+      };
+    };
+    
+    virtualisation.oci-containers.containers = {
+      solidtime = {
+        hostname = "solidtime";
+        image = solidtimeImage;
+        imageFile = solidtimeImageFile;
+        inherit user;
+        autoStart = true;
+        dependsOn = [
+          "solidtimeDb"
+        ];
+        ports = [
+          # Open ports if you don't use Traefik
+          "${toString cfg.port}:8000"
+        ];
+        networks = [
+          networkName
+          internalNetworkName
+        ];
+        extraOptions = [
+          # Healthecks
+          # test: [ "CMD", "curl", "--fail", "http://localhost:8000/health-check/up" ]
+          ''--health-cmd=curl --fail http://localhost:8000/health-check/up''
+        ];
+        inherit volumes;
+        labels = {
+          "traefik.enable" = "true";
+          "traefik.http.routers.solidtime.rule" = "Host(`time.${config.networking.hostName}.depeuter.dev`)";
+          "traefik.http.services.solidtime.loadbalancer.server.port" = toString cfg.port;
+        };
+        environmentFiles = [
+          "/home/admin/.solidtime.env"
+        ];
+        environment = laravelEnv // {
+          CONTAINER_MODE = "http";
+        };
+      };
+      solidtimeScheduler = {
+        hostname = "scheduler";
+        image = solidtimeImage;
+        imageFile = solidtimeImageFile;
+        inherit user;
+        autoStart = true;
+        dependsOn = [
+          "solidtimeDb"
+        ];
+        networks = [
+          internalNetworkName
+        ];
+        extraOptions = [
+          # Healthchecks
+          # test: [ "CMD", "healthcheck" ]
+          ''--health-cmd="healthcheck"''
+        ];
+        inherit volumes;
+        environmentFiles = [
+          "/home/admin/.solidtime.env"
+        ];
+        environment = laravelEnv // {
+          CONTAINER_MODE = "scheduler";
+        };
+      };
+      solidtimeQueue = {
+        hostname = "queue";
+        image = solidtimeImage;
+        imageFile = solidtimeImageFile;
+        inherit user;
+        autoStart = true;
+        networks = [
+          internalNetworkName
+        ];
+        extraOptions = [
+          # Healthchecks
+          # test: [ "CMD", "healthcheck" ]
+          ''--health-cmd="healthcheck"''
+        ];
+        inherit volumes;
+        dependsOn = [
+          "solidtimeDb"
+        ];
+        environmentFiles = [
+          "/home/admin/.solidtime.env"
+        ];
+        environment = laravelEnv // {
+          CONTAINER_MODE = "worker";
+          WORKER_COMMAND = "php /var/www/html/artisan queue:work";
+        };
+      };
+      solidtimeDb = let
+        imageName = "postgres";
+        finalImageTag = "15";
+      in {
+        hostname = "database";
+        image = "${imageName}:${finalImageTag}";
+        imageFile = pkgs.dockerTools.pullImage {
+          inherit imageName finalImageTag;
+          imageDigest = "sha256:98fe06b500b5eb29e45bf8c073eb0ca399790ce17b1d586448edc4203627d342";
+          sha256 = "sha256-AZ4VkOlROX+nR/MjDjsA4xdHzmtKjiBAtsp2Q6IdOvg=";
+        };
+        autoStart = true;
+        ports = [
+          # "${toString dbExternalPort}:${toString dbInternalPort}"
+        ];
+        networks = [
+          internalNetworkName
+        ];
+        extraOptions = [
+          # Healthchecks
+          # test: - CMD - pg_isready - '-q' - '-d' - '${DB_DATABASE}' - '-U' - '${DB_USERNAME}' retries: 3 timeout: 5s
+          ''--health-cmd="pg_isready -q -d ${laravelEnv.DB_DATABASE} -U ${laravelEnv.DB_USERNAME}"''
+          "--health-retries=3"
+          "--health-timeout=5s"
+        ];
+        volumes = [
+          "solidtime-db:/var/lib/postgresql/data"
+        ];
+        environment = {
+          PGPASSWORD = laravelEnv.DB_PASSWORD;
+          POSTGRES_DB = laravelEnv.DB_DATABASE;
+          POSTGRES_USER = laravelEnv.DB_USERNAME;
+          POSTGRES_PASSWORD = laravelEnv.DB_PASSWORD;
+        };
+      };
+      solidtimeGotenberg = let
+        imageName = "gotenberg/gotenberg";
+        finalImageTag = "8.26.0";
+      in {
+        hostname = "gotenberg";
+        image = "${imageName}:${finalImageTag}";
+        imageFile = pkgs.dockerTools.pullImage {
+          inherit imageName finalImageTag;
+          imageDigest = "sha256:328551506b3dec3ff6381dd47e5cd72a44def97506908269e201a8fbfa1c12c0";
+          sha256 = "sha256-1zz4xDAgXxHUnkCVIfjHTgXb82EFEx+5am6Cu9+eZj4=";
+        };
+        autoStart = true;
+        networks = [
+          internalNetworkName
+        ];
+        extraOptions = [
+          # Healthchecks
+          # test: [ "CMD", "curl", "--silent", "--fail", "http://localhost:3000/health" ]
+          ''--health-cmd="curl --silent --fail http://localhost:${toString gotenbergPort}/health"''
+        ];
+      };
+    };
+  };
+}
+

users/admin/default.nix

@@ -3,24 +3,30 @@
 let
   cfg = config.homelab.users.admin;
 in {
-  options.homelab.users.admin.enable = lib.mkEnableOption "user System Administrator";
+  options.homelab.users.admin = {
+    enable = lib.mkEnableOption "user System Administrator";
+    authorizedKeys = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [
+        # HomeLab > NixOS > admin > ssh
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWIOOEqTy8cWKpENVbzD4p7bsQgQb/Dgpzk8i0dZ00T"
+      ];
+    };
+  };
 
   config = lib.mkIf cfg.enable {
     nix.settings.trusted-users = [
-      config.users.users.admin.name
+      config.users.users.gh0st.name
     ];
 
-    users.users.admin = {
+    users.users.gh0st = {
       description = "System Administrator";
       isNormalUser = true;
       extraGroups = [
         config.users.groups.wheel.name # Enable 'sudo' for the user.
       ];
       initialPassword = "ChangeMe";
-      openssh.authorizedKeys.keys = [
-        # HomeLab > NixOS > admin > ssh
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWIOOEqTy8cWKpENVbzD4p7bsQgQb/Dgpzk8i0dZ00T"
-      ];
+      openssh.authorizedKeys.keys = cfg.authorizedKeys;
       packages = with pkgs; [
         curl
         git

users/backup/default.nix

@@ -13,13 +13,8 @@ in {
         "docker" # Allow access to the docker socket.
       ];
       openssh.authorizedKeys.keys = [
-        # TODO ChangeMe
-
-        # Tibo-NixFat
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrG+ldRBdCeHEXrsy/qHXIJYg8xQXVuiUR0DxhFjYNg"
-
         # Hugo
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAxR813vqq5zbu1NHrIybu5Imlu3k0rDCGxHiuGEhPoVV9c5FpnKNGLCi3ctm15ZcVBX4HcponYsKRBsCzM2pI4uXjxhHkLzbss5LttFuSzv5v/QHfLW1bvyJEMBEPxguGqAydAeWrBFdI9uHBEXeb325uKxMKBZHYvvpyAQ115c1wKy1bL8BfR0LTkhsFqexRvI86q59AVrAU/KFf6RXO0T9QA6H/vyWLlIPc7Ta+tSWwQ68bMmS5Pwn8q58tOAOAd6Lpt4TqUDJSppPjLEPKyKC6ShwMdEjwmwpEG0hxfsvaU8XERyQbSbEE9sLHRA2LoEdtMx3J8nzX3AwYUNspsqIv6NQZksnVqJ8OfL45ngUFcSJ6kBsUvCZfzEUGUTJ6Js0v84NOIXxNG/ZfPsk6ArXm3dvj2TYeK8llO6wpJnMMyztmmiODWoj9tepZSij44IgVM5wdWYIK/RZoYTsCQbmvJFfB8jhyJnf/7F19Vo5+LwhmCOsQh/KEK0F1DVc= admin@Hugo"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICms6vjhE9kOlqV5GBPGInwUHAfCSVHLI2Gtzee0VXPh"
       ];
     };
   };