commit 1c8b4ca35064cf1ade9c17232312fbfd6f08295d · aylac.top/nixcfg-own-knot

+1 -1

.pre-commit-config.yaml

···

       1
       1
       -
       /nix/store/kphr3nlxcbmpc9v4fq1d136m3s816q49-pre-commit-config.json
     

       1
       1
       +
       /nix/store/gymzy28f2bhcbfpkr2j13x82ywdp66ms-pre-commit-config.json

+12 -12

flake.lock

···

       460
       460
        
           },

     

       461
       461
        
           "nixpkgs_2": {

     

       462
       462
        
             "locked": {

     

       463
       463
       -
               "lastModified": 1755027561,

     

       464
       464
       -
               "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",

     

       463
       463
       +
               "lastModified": 1755186698,

     

       464
       464
       +
               "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",

     

       465
       465
        
               "owner": "NixOS",

     

       466
       466
        
               "repo": "nixpkgs",

     

       467
       467
       -
               "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",

     

       467
       467
       +
               "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",

     

       468
       468
        
               "type": "github"

     

       469
       469
        
             },

     

       470
       470
        
             "original": {

     
···

       476
       476
        
           },

     

       477
       477
        
           "nixpkgs_3": {

     

       478
       478
        
             "locked": {

     

       479
       479
       -
               "lastModified": 1755027561,

     

       480
       480
       -
               "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",

     

       479
       479
       +
               "lastModified": 1755186698,

     

       480
       480
       +
               "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",

     

       481
       481
        
               "owner": "nixos",

     

       482
       482
        
               "repo": "nixpkgs",

     

       483
       483
       -
               "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",

     

       483
       483
       +
               "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",

     

       484
       484
        
               "type": "github"

     

       485
       485
        
             },

     

       486
       486
        
             "original": {

     
···

       496
       496
        
               "nixpkgs": "nixpkgs_3"

     

       497
       497
        
             },

     

       498
       498
        
             "locked": {

     

       499
       499
       -
               "lastModified": 1755102471,

     

       500
       500
       -
               "narHash": "sha256-ecWsZvrU/v7phSRIulxUYoCZ+i8s+mQ0ecmxxcgHUko=",

     

       499
       499
       +
               "lastModified": 1755283446,

     

       500
       500
       +
               "narHash": "sha256-mFiY1pH1M8+ior+M2vKZ2WzX/Hsff9YE+dmKSb6LQHY=",

     

       501
       501
        
               "owner": "nix-community",

     

       502
       502
        
               "repo": "NUR",

     

       503
       503
       -
               "rev": "94c6c5b9798480dc220ee2cc8b1ce93a472a8d8f",

     

       503
       503
       +
               "rev": "e6d4f72242a95eaa05631bd3424e58e3b4902e4e",

     

       504
       504
        
               "type": "github"

     

       505
       505
        
             },

     

       506
       506
        
             "original": {

     
···

       578
       578
        
           "secrets": {

     

       579
       579
        
             "flake": false,

     

       580
       580
        
             "locked": {

     

       581
       581
       -
               "lastModified": 1755237741,

     

       582
       582
       -
               "narHash": "sha256-C+CxCeKEIyqqa3LyAU6Eg0JSYiT+EH+DVMUJMBU5ymE=",

     

       581
       581
       +
               "lastModified": 1755286003,

     

       582
       582
       +
               "narHash": "sha256-ufYeGSRUzhwvrFlS8RQPDFBnLUAeJheYsfuKaOFJ/PI=",

     

       583
       583
        
               "owner": "ayla6",

     

       584
       584
        
               "repo": "secrets",

     

       585
       585
       -
               "rev": "bd19c1b8652e12d12580655fad000c44d7cad698",

     

       585
       585
       +
               "rev": "12d3ab0518ba83c274efb230c5cc3a837845e89d",

     

       586
       586
        
               "type": "github"

     

       587
       587
        
             },

     

       588
       588
        
             "original": {

+1

hosts/nanpi/secrets.nix

···

       8
       8
        
           syncthingCert.file = "${self.inputs.secrets}/ayla/syncthing/nanpi/cert.age";

     

       9
       9
        
           syncthingKey.file = "${self.inputs.secrets}/ayla/syncthing/nanpi/key.age";

     

       10
       10
        
           resticPassword.file = "${self.inputs.secrets}/restic-passwd.age";

     

       11
       11
       +
           vaultwarden.file = "${self.inputs.secrets}/vaultwarden.age";

     

       11
       12
        
         };

     

       12
       13
        
       }

+18 -3

hosts/nanpi/services.nix

···

       7
       7
        
             environmentFiles = [config.age.secrets.pds.path];

     

       8
       8
        
             pdsadmin.enable = true;

     

       9
       9
        
             settings = {

     

       10
       10
       -
               PDS_HOSTNAME = "pds.aylac.top";

     

       10
       10
       +
               PDS_HOSTNAME = config.mySnippets.aylac-top.networkMap.pds.vHost;

     

       11
       11
        
             };

     

       12
       12
        
           };

     

       13
       13
        
       

     
···

       15
       15
        
             enable = true;

     

       16
       16
        
             certificateFile = config.age.secrets.cloudflareCertificate.path;

     

       17
       17
        
             tunnels = {

     

       18
       18
       -
               "3c012d05-cc92-4598-a726-909088e6588c" = {

     

       18
       18
       +
               "efe3d484-102d-4c58-bb17-ceaede4d7a4f" = {

     

       19
       19
        
                 certificateFile = config.age.secrets.cloudflareCertificate.path;

     

       20
       20
        
                 credentialsFile = config.age.secrets.cloudflareCredentials.path;

     

       21
       21
        
                 default = "http_status:404";

     

       22
       22
        
                 ingress = {

     

       23
       23
       -
                   "pds.aylac.top" = "http://localhost:3000";

     

       23
       23
       +
                   "${config.mySnippets.aylac-top.networkMap.pds.vHost}" = "http://${config.mySnippets.aylac-top.networkMap.pds.hostName}:${toString config.mySnippets.aylac-top.networkMap.pds.port}";

     

       24
       24
       +
                   "${config.mySnippets.aylac-top.networkMap.vaultwarden.vHost}" = "http://${config.mySnippets.aylac-top.networkMap.vaultwarden.hostName}:${toString config.mySnippets.aylac-top.networkMap.vaultwarden.port}";

     

       24
       25
        
                 };

     

       25
       26
        
               };

     

       26
       27
        
             };

     
···

       54
       55
        
           #   openFirewall = true;

     

       55
       56
        
           #   inherit (config.mySnippets.tailnet.networkMap.immich) port;

     

       56
       57
        
           # };

     

       58
       58
       +
       

     

       59
       59
       +
           vaultwarden = {

     

       60
       60
       +
             enable = true;

     

       61
       61
       +
       

     

       62
       62
       +
             config = {

     

       63
       63
       +
               DOMAIN = "https://${config.mySnippets.aylac-top.networkMap.vaultwarden.vHost}";

     

       64
       64
       +
               ROCKET_ADDRESS = "0.0.0.0";

     

       65
       65
       +
               ROCKET_LOG = "critical";

     

       66
       66
       +
               ROCKET_PORT = config.mySnippets.aylac-top.networkMap.vaultwarden.port;

     

       67
       67
       +
               SIGNUPS_ALLOWED = false;

     

       68
       68
       +
             };

     

       69
       69
       +
       

     

       70
       70
       +
             environmentFile = config.age.secrets.vaultwarden.path;

     

       71
       71
       +
           };

     

       57
       72
        
       

     

       58
       73
        
           jellyfin = {

     

       59
       74
        
             enable = true;

+7 -7

modules/home/programs/firefox/betterfox/fastfox.nix

···

       39
       39
        
         "gfx.canvas.accelerated.cache-size" = 512; # default=256; Chrome=512

     

       40
       40
        
         "gfx.content.skia-font-cache-size" = 20; # default=5; Chrome=20

     

       41
       41
        
       

     

       42
       42
       -
         # "layers.gpu-process.enabled" = true;                   # DEFAULT WINDOWS

     

       43
       43
       -
         # "layers.gpu-process.force-enabled" = true;

     

       44
       44
       -
         # "layers.mlgpu.enabled" = true;                         # LINUX

     

       45
       45
       -
         # "media.hardware-video-decoding.enabled" = true;        # DEFAULT WINDOWS macOS

     

       46
       46
       -
         # "media.hardware-video-decoding.force-enabled" = true;

     

       47
       47
       -
         # "media.gpu-process-decoder" = true;                    # DEFAULT WINDOWS

     

       48
       48
       -
         # "media.ffmpeg.vaapi.enabled" = true;                   # LINUX

     

       42
       42
       +
         "layers.gpu-process.enabled" = true; # DEFAULT WINDOWS

     

       43
       43
       +
         "layers.gpu-process.force-enabled" = true;

     

       44
       44
       +
         "layers.mlgpu.enabled" = true; # LINUX

     

       45
       45
       +
         "media.hardware-video-decoding.enabled" = true; # DEFAULT WINDOWS macOS

     

       46
       46
       +
         "media.hardware-video-decoding.force-enabled" = true;

     

       47
       47
       +
         "media.gpu-process-decoder" = true; # DEFAULT WINDOWS

     

       48
       48
       +
         "media.ffmpeg.vaapi.enabled" = true; # LINUX

     

       49
       49
        
       

     

       50
       50
        
         #############################################################

     

       51
       51
        
         # SECTION: DISK CACHE

+17 -5

modules/home/programs/firefox/default.nix

···

       36
       36
        
                     consent-o-matic

     

       37
       37
        
                     ublock-origin

     

       38
       38
        
                     aria2-integration

     

       39
       39
       -
                     adaptive-tab-bar-colour

     

       40
       39
        
                     keepassxc-browser

     

       41
       40
        
                     libredirect

     

       42
       41
        
                     stylus

     
···

       47
       46
        
                     sponsorblock

     

       48
       47
        
                     search-by-image

     

       49
       48
        
                     ff2mpv

     

       49
       49
       +
                     bitwarden

     

       50
       50
        
                   ];

     

       51
       51
        
       

     

       52
       52
        
                   search = {

     
···

       59
       59
        
                       "Home Manager Options"

     

       60
       60
        
                       "NixOS Wiki"

     

       61
       61
        
                       "nixpkgs"

     

       62
       62
       -
                       "Wikipedia"

     

       62
       62
       +
                       "wikipedia"

     

       63
       63
        
                       "Wiktionary"

     

       64
       64
        
                     ];

     

       65
       65
        
                   };

     
···

       115
       115
        
                 };

     

       116
       116
        
       

     

       117
       117
        
                 userChrome = builtins.readFile self.inputs.firefox-onebar;

     

       118
       118
       +
       

     

       119
       119
       +
                 extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [

     

       120
       120
       +
                   adaptive-tab-bar-colour

     

       121
       121
       +
                 ];

     

       118
       122
        
               };

     

       119
       123
        
             })

     

       120
       124
        
       

     
···

       125
       129
        
                 settings = {

     

       126
       130
        
                   "sidebar.revamp" = true;

     

       127
       131
        
                   "sidebar.verticalTabs" = true;

     

       132
       132
       +
                   "sidebar.animation.expand-on-hover.duration-ms" = 50;

     

       133
       133
       +
                   "sidebar.expandOnHover" = false;

     

       134
       134
       +
                   "sidebar.visibility" = "expand-on-hover";

     

       135
       135
       +
                   "browser.toolbars.bookmarks.visibility" = "never";

     

       128
       136
        
                 };

     

       129
       137
        
               };

     

       130
       130
       -
             })

     

       131
       131
       -
       

     

       132
       132
       -
           (lib.mkIf

     

       138
       138
       +
             }

     

       139
       139
       +
             // lib.mkIf

     

       133
       140
        
             (config.myHome.programs.firefox.mode != "sidebar")

     

       134
       141
        
             {

     

       135
       142
        
               profiles.default = {

     

       136
       143
        
                 settings = {

     

       137
       144
        
                   "sidebar.revamp" = false;

     

       138
       145
        
                   "sidebar.verticalTabs" = false;

     

       146
       146
       +
                   "browser.toolbars.bookmarks.visibility" = "newtab";

     

       139
       147
        
                 };

     

       148
       148
       +
       

     

       149
       149
       +
                 userChrome = ''

     

       150
       150
       +
                   .tab-icon-overlay{ display: none !important; }

     

       151
       151
       +
                 '';

     

       140
       152
        
               };

     

       141
       153
        
             })

     

       142
       154
        
         ];

+7 -3

modules/home/programs/firefox/engines.nix

···

       27
       27
        
           ];

     

       28
       28
        
           icon = "https://wiki.nixos.org/favicon.ico";

     

       29
       29
        
           updateInterval = 24 * 60 * 60 * 1000; # every day

     

       30
       30
       -
           metaData.hidden = true;

     

       30
       30
       +
           #metaData.hidden = true;

     

       31
       31
        
       

     

       32
       32
        
           urls = [

     

       33
       33
        
             {

     
···

       37
       37
        
         };

     

       38
       38
        
       

     

       39
       39
        
         "nixpkgs" = {

     

       40
       40
       -
           definedAliases = ["!nix"];

     

       40
       40
       +
           definedAliases = ["!nix" "!nixpkgs"];

     

       41
       41
        
           icon = "https://search.nixos.org/favicon.png";

     

       42
       42
        
       

     

       43
       43
        
           urls = [

     
···

       58
       58
        
         };

     

       59
       59
        
       

     

       60
       60
        
         "Wiktionary" = {

     

       61
       61
       -
           definedAliases = ["!wikt"];

     

       61
       61
       +
           definedAliases = ["!wikt" "!wt"];

     

       62
       62
        
           icon = "https://en.wiktionary.org/favicon.ico";

     

       63
       63
        
           updateInterval = 24 * 60 * 60 * 1000; # every day

     

       64
       64
        
       

     
···

       67
       67
        
               template = "https://en.wiktionary.org/wiki/{searchTerms}";

     

       68
       68
        
             }

     

       69
       69
        
           ];

     

       70
       70
       +
         };

     

       71
       71
       +
       

     

       72
       72
       +
         "wikipedia" = {

     

       73
       73
       +
           definedAliases = ["!wikp" "!w"];

     

       70
       74
        
         };

     

       71
       75
        
       

     

       72
       76
        
         "bing" = {

+8

modules/nixos/profiles/backups/default.nix

···

       210
       210
        
                 repository = mkRepoA "vaultwarden";

     

       211
       211
        
               }

     

       212
       212
        
             );

     

       213
       213
       +
       

     

       214
       214
       +
             passwords = lib.mkIf (builtins.elem config.networking.hostName config.mySnippets.syncthing.folders."Passwords".devices) (

     

       215
       215
       +
               config.mySnippets.restic

     

       216
       216
       +
               // {

     

       217
       217
       +
                 paths = [config.mySnippets.syncthing.folders."Passwords".path];

     

       218
       218
       +
                 repository = mkRepoA "passwords";

     

       219
       219
       +
               }

     

       220
       220
       +
             );

     

       213
       221
        
           };

     

       214
       222
        
         };

     

       215
       223
        
       }

+19

modules/nixos/services/fail2ban/default.nix

···

       7
       7
        
       

     

       8
       8
        
         config = lib.mkIf config.myNixOS.services.fail2ban.enable {

     

       9
       9
        
           environment.etc = {

     

       10
       10
       +
             "fail2ban/filter.d/vaultwarden.conf".text = ''

     

       11
       11
       +
               [INCLUDES]

     

       12
       12
       +
               before = common.conf

     

       13
       13
       +
       

     

       14
       14
       +
               [Definition]

     

       15
       15
       +
               failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$

     

       16
       16
       +
               ignoreregex =

     

       17
       17
       +
               journalmatch = _SYSTEMD_UNIT=vaultwarden.service

     

       18
       18
       +
             '';

     

       19
       19
       +
       

     

       20
       20
       +
             "fail2ban/filter.d/vaultwarden-admin.conf".text = ''

     

       21
       21
       +
               [INCLUDES]

     

       22
       22
       +
               before = common.conf

     

       23
       23
       +
       

     

       24
       24
       +
               [Definition]

     

       25
       25
       +
               failregex = ^.*Invalid admin token\. IP: <ADDR>.*$

     

       26
       26
       +
               ignoreregex =

     

       27
       27
       +
               journalmatch = _SYSTEMD_UNIT=vaultwarden.service

     

       28
       28
       +
             '';

     

       10
       29
        
           };

     

       11
       30
        
       

     

       12
       31
        
           services.fail2ban = {

+20

modules/snippets/aylac-top/default.nix

···

       1
       1
       +
       {lib, ...}: {

     

       2
       2
       +
         options.mySnippets.aylac-top.networkMap = lib.mkOption {

     

       3
       3
       +
           type = lib.types.attrs;

     

       4
       4
       +
           description = "Hostnames, ports, and vHosts for aylac.top services.";

     

       5
       5
       +
       

     

       6
       6
       +
           default = {

     

       7
       7
       +
             pds = {

     

       8
       8
       +
               hostName = "nanpi";

     

       9
       9
       +
               port = 3000;

     

       10
       10
       +
               vHost = "pds.aylac.top";

     

       11
       11
       +
             };

     

       12
       12
       +
       

     

       13
       13
       +
             vaultwarden = {

     

       14
       14
       +
               hostName = "nanpi";

     

       15
       15
       +
               port = 8222;

     

       16
       16
       +
               vHost = "vault.aylac.top";

     

       17
       17
       +
             };

     

       18
       18
       +
           };

     

       19
       19
       +
         };

     

       20
       20
       +
       }

+1

modules/snippets/default.nix

···

       5
       5
        
           ./tailnet

     

       6
       6
        
           ./syncthing

     

       7
       7
        
           ./restic

     

       8
       8
       +
           ./aylac-top

     

       8
       9
        
         ];

     

       9
       10
        
       }

+1 -1

modules/snippets/restic/default.nix

···

       28
       28
        
               rcloneConfigFile = config.age.secrets.rclone.path;

     

       29
       29
        
       

     

       30
       30
        
               timerConfig = {

     

       31
       31
       -
                 OnCalendar = "*-*-* 00,12:00:00";

     

       31
       31
       +
                 OnCalendar = "*-*-* 02:00:00";

     

       32
       32
        
                 Persistent = true;

     

       33
       33
        
                 RandomizedDelaySec = "1200";

     

       34
       34
        
               };

+9 -5

modules/snippets/syncthing/folders.nix

···

       9
       9
        
                 devices = [

     

       10
       10
        
                   "morgana"

     

       11
       11
        
                   "m23"

     

       12
       12
       +
                   "nanpi"

     

       12
       13
        
                 ];

     

       13
       14
        
       

     

       14
       15
        
                 id = "cerbn-dj3xo";

     

       15
       15
       -
                 path = "~/Backups";

     

       16
       16
       +
                 path = "/home/ayla/Backups";

     

       16
       17
        
               };

     

       17
       18
        
       

     

       18
       19
        
               "Books" = {

     
···

       29
       30
        
                 devices = [

     

       30
       31
        
                   "morgana"

     

       31
       32
        
                   "m23"

     

       33
       33
       +
                   "nanpi"

     

       32
       34
        
                 ];

     

       33
       35
        
       

     

       34
       36
        
                 id = "dcfsw-meuwf";

     

       35
       35
       -
                 path = "~/DCIM";

     

       37
       37
       +
                 path = "/home/ayla/DCIM";

     

       36
       38
        
               };

     

       37
       39
        
       

     

       38
       40
        
               "Music" = {

     
···

       42
       44
        
                 ];

     

       43
       45
        
       

     

       44
       46
        
                 id = "pacgr-fvsd7";

     

       45
       45
       -
                 path = "~/Music";

     

       47
       47
       +
                 path = "/home/ayla/Music";

     

       46
       48
        
               };

     

       47
       49
        
       

     

       48
       50
        
               "Passwords" = {

     

       49
       51
        
                 devices = [

     

       50
       52
        
                   "morgana"

     

       51
       53
        
                   "m23"

     

       54
       54
       +
                   "nanpi"

     

       52
       55
        
                 ];

     

       53
       56
        
       

     

       54
       57
        
                 id = "mkiff-evvnj";

     

       55
       55
       -
                 path = "~/Documents/Passwords";

     

       58
       58
       +
                 path = "/home/ayla/Documents/Passwords";

     

       56
       59
        
               };

     

       57
       60
        
       

     

       58
       61
        
               "Pictures" = {

     

       59
       62
        
                 devices = [

     

       60
       63
        
                   "morgana"

     

       61
       64
        
                   "m23"

     

       65
       65
       +
                   "nanpi"

     

       62
       66
        
                 ];

     

       63
       67
        
       

     

       64
       68
        
                 id = "u5d66-bcnho";

     

       65
       65
       -
                 path = "~/Pictures";

     

       69
       69
       +
                 path = "/home/ayla/Pictures";

     

       66
       70
        
               };

     

       67
       71
        
       

     

       68
       72
        
               "Koreader Settings" = {