aylac.top / nixcfg-own-knot
forked from aylac.top/nixcfg
this repo has no description
fork atom

now with custom pds homepages that i need to improve on because this one is boring

aylac.top 72a1a3cd c4481799

options
unified split
Changed files
+82 -43
flake.lock
hosts
nanpi
glance.nix
services.nix
modules
nixos
profiles
btrfs
default.nix
services
caddy
default.nix
tailscale
default.nix
+3 -3
flake.lock 
···

       
917

       
 

       
    "secrets": {


     

       
918

       
 

       
      "flake": false,


     

       
919

       
 

       
      "locked": {


     

       
920

       
-

       
        "lastModified": 1755978140,


     

       
921

       
-

       
        "narHash": "sha256-pIYijjXyKg9dMrPX4N6R4zwBvHnEo1ehw8GW04KPavE=",


     

       
922

       
 

       
        "owner": "ayla6",


     

       
923

       
 

       
        "repo": "secrets",


     

       
924

       
-

       
        "rev": "4643f2fc96502ff02b21a0aa548761d916dcceac",


     

       
925

       
 

       
        "type": "github"


     

       
926

       
 

       
      },


     

       
927

       
 

       
      "original": {


     
···

       
917

       
 

       
    "secrets": {


     

       
918

       
 

       
      "flake": false,


     

       
919

       
 

       
      "locked": {


     

       
920

       
+

       
        "lastModified": 1756000212,


     

       
921

       
+

       
        "narHash": "sha256-NtfJH24mmiffXOilGrhFvS8H7mkQ+QeYA8iafwoRPE0=",


     

       
922

       
 

       
        "owner": "ayla6",


     

       
923

       
 

       
        "repo": "secrets",


     

       
924

       
+

       
        "rev": "b8954ab5d95c7b82b64894873c2434154ab91aa8",


     

       
925

       
 

       
        "type": "github"


     

       
926

       
 

       
      },


     

       
927

       
 

       
      "original": {
+7 -7
hosts/nanpi/glance.nix 
···

       
64

       
 

       
                      check-url = "http://${config.mySnippets.tailnet.networkMap.jellyfin.hostName}:${toString config.mySnippets.tailnet.networkMap.jellyfin.port}/web/index.html";


     

       
65

       
 

       
                      icon = "di:jellyfin";


     

       
66

       
 

       
                    }


     

       
67

       
-

       
                    #{


     

       
68

       
-

       
                    #  title = "Jellyseerr";


     

       
69

       
-

       
                    #  url = "https://${config.mySnippets.tailnet.networkMap.jellyseerr.vHost}/";


     

       
70

       
-

       
                    #  check-url = "http://${config.mySnippets.tailnet.networkMap.jellyseerr.hostName}:${toString config.mySnippets.tailnet.networkMap.jellyseerr.port}/";


     

       
71

       
-

       
                    #  icon = "di:jellyseerr";


     

       
72

       
-

       
                    #}


     

       
73

       
 

       
                    {


     

       
74

       
 

       
                      title = "Sonarr";


     

       
75

       
 

       
                      url = "https://${config.mySnippets.tailnet.networkMap.sonarr.vHost}/";


     
···

       
147

       
 

       
                      title = "audiobookshelf";


     

       
148

       
 

       
                      url = "https://${config.mySnippets.tailnet.networkMap.audiobookshelf.vHost}/";


     

       
149

       
 

       
                      check-url = "http://${config.mySnippets.tailnet.networkMap.audiobookshelf.hostName}:${toString config.mySnippets.tailnet.networkMap.audiobookshelf.port}/";


     

       
150

       
-

       
                      icon = "di:miniflux";


     

       
151

       
 

       
                    }


     

       
152

       
 

       
                  ];


     

       
153

       
 

       
                }


     
···

       
64

       
 

       
                      check-url = "http://${config.mySnippets.tailnet.networkMap.jellyfin.hostName}:${toString config.mySnippets.tailnet.networkMap.jellyfin.port}/web/index.html";


     

       
65

       
 

       
                      icon = "di:jellyfin";


     

       
66

       
 

       
                    }


     

       
67

       
+

       
                    {


     

       
68

       
+

       
                      title = "Jellyseerr";


     

       
69

       
+

       
                      url = "https://${config.mySnippets.tailnet.networkMap.jellyseerr.vHost}/";


     

       
70

       
+

       
                      check-url = "http://${config.mySnippets.tailnet.networkMap.jellyseerr.hostName}:${toString config.mySnippets.tailnet.networkMap.jellyseerr.port}/";


     

       
71

       
+

       
                      icon = "di:jellyseerr";


     

       
72

       
+

       
                    }


     

       
73

       
 

       
                    {


     

       
74

       
 

       
                      title = "Sonarr";


     

       
75

       
 

       
                      url = "https://${config.mySnippets.tailnet.networkMap.sonarr.vHost}/";


     
···

       
147

       
 

       
                      title = "audiobookshelf";


     

       
148

       
 

       
                      url = "https://${config.mySnippets.tailnet.networkMap.audiobookshelf.vHost}/";


     

       
149

       
 

       
                      check-url = "http://${config.mySnippets.tailnet.networkMap.audiobookshelf.hostName}:${toString config.mySnippets.tailnet.networkMap.audiobookshelf.port}/";


     

       
150

       
+

       
                      icon = "di:audiobookshelf";


     

       
151

       
 

       
                    }


     

       
152

       
 

       
                  ];


     

       
153

       
 

       
                }
+64 -30
hosts/nanpi/services.nix 
···

       
33

       
 

       
    in


     

       
34

       
 

       
      pkgs.lib.nameValuePair netMap.vHost "http://${netMap.hostName}:${toString netMap.port}")


     

       
35

       
 

       
    services);


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
36

       
 

       
in {


     

       
37

       
 

       
  services = {


     

       
38

       
 

       
    cloudflared = {


     
···

       
43

       
 

       
          certificateFile = config.age.secrets.cloudflareCertificate.path;


     

       
44

       
 

       
          credentialsFile = config.age.secrets.cloudflareCredentials.path;


     

       
45

       
 

       
          default = "http_status:404";


     

       
46

       
-

       
          ingress = mkCloudflareIngress [


     

       
47

       
-

       
            {name = "forgejo";}


     

       
48

       
-

       
            {name = "glance";}


     

       
49

       
-

       
            {name = "ntfy";}


     

       
50

       
-

       
            {name = "pds";}


     

       
51

       
-

       
            {name = "vaultwarden";}


     

       
52

       
-

       
          ];


     

       

       

       
     

       

       

       
     

       

       

       
     

       
53

       
 

       
        };


     

       
54

       
 

       
      };


     

       
55

       
 

       
    };


     

       
56

       
 

       



     

       
57

       
-

       
    caddy.virtualHosts = mkCaddyVHosts [


     

       
58

       
-

       
      {name = "audiobookshelf";}


     

       
59

       
-

       
      {name = "autobrr";}


     

       
60

       
-

       
      {name = "bazarr";}


     

       
61

       
-

       
      {name = "copyparty";}


     

       
62

       
-

       
      {name = "couchdb";}


     

       
63

       
-

       
      {name = "glance";}


     

       
64

       
-

       
      {


     

       
65

       
-

       
        name = "jellyfin";


     

       
66

       
-

       
        flushInterval = true;


     

       
67

       
-

       
      }


     

       
68

       
-

       
      {name = "jellyseerr";}


     

       
69

       
-

       
      {name = "karakeep";}


     

       
70

       
-

       
      {name = "miniflux";}


     

       
71

       
-

       
      {name = "prowlarr";}


     

       
72

       
-

       
      {name = "qbittorrent";}


     

       
73

       
-

       
      {name = "radarr";}


     

       
74

       
-

       
      {name = "radicale";}


     

       
75

       
-

       
      {name = "redlib";}


     

       
76

       
-

       
      {name = "sonarr";}


     

       
77

       
-

       
      {name = "webdav";}


     

       
78

       
-

       
    ];


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
79

       
 

       



     

       
80

       
 

       
    pds = {


     

       
81

       
 

       
      enable = true;


     
···

       
214

       
 

       
    };


     

       
215

       
 

       



     

       
216

       
 

       
    jellyseerr = {


     

       
217

       
-

       
      enable = false;


     

       
218

       
 

       
      inherit (config.mySnippets.tailnet.networkMap.jellyseerr) port;


     

       
219

       
 

       
      openFirewall = true;


     

       
220

       
 

       
    };


     
···

       
33

       
 

       
    in


     

       
34

       
 

       
      pkgs.lib.nameValuePair netMap.vHost "http://${netMap.hostName}:${toString netMap.port}")


     

       
35

       
 

       
    services);


     

       
36

       
+

       



     

       
37

       
+

       
  pdsHomePage = ''


     

       
38

       
+

       
    hiii this is an ATProto PDS!! You will find my (ayla) account here!!


     

       
39

       
+

       
    i should probably put some cool ass art in here or maybe an actual homepage


     

       
40

       
+

       
    but having this by itself is fun


     

       
41

       
+

       



     

       
42

       
+

       
    most API routes are under /xrpc/


     

       
43

       
+

       
  '';


     

       
44

       
 

       
in {


     

       
45

       
 

       
  services = {


     

       
46

       
 

       
    cloudflared = {


     
···

       
51

       
 

       
          certificateFile = config.age.secrets.cloudflareCertificate.path;


     

       
52

       
 

       
          credentialsFile = config.age.secrets.cloudflareCredentials.path;


     

       
53

       
 

       
          default = "http_status:404";


     

       
54

       
+

       
          ingress =


     

       
55

       
+

       
            mkCloudflareIngress [


     

       
56

       
+

       
              {name = "forgejo";}


     

       
57

       
+

       
              {name = "glance";}


     

       
58

       
+

       
              {name = "ntfy";}


     

       
59

       
+

       
              {name = "vaultwarden";}


     

       
60

       
+

       
            ]


     

       
61

       
+

       
            // {


     

       
62

       
+

       
              "${config.mySnippets.aylac-top.networkMap.pds.vHost}" = "http://${config.mySnippets.aylac-top.networkMap.pds.hostName}";


     

       
63

       
+

       
            };


     

       
64

       
 

       
        };


     

       
65

       
 

       
      };


     

       
66

       
 

       
    };


     

       
67

       
 

       



     

       
68

       
+

       
    caddy.virtualHosts =


     

       
69

       
+

       
      mkCaddyVHosts [


     

       
70

       
+

       
        {name = "audiobookshelf";}


     

       
71

       
+

       
        {name = "autobrr";}


     

       
72

       
+

       
        {name = "bazarr";}


     

       
73

       
+

       
        {name = "copyparty";}


     

       
74

       
+

       
        {name = "couchdb";}


     

       
75

       
+

       
        {name = "glance";}


     

       
76

       
+

       
        {


     

       
77

       
+

       
          name = "jellyfin";


     

       
78

       
+

       
          flushInterval = true;


     

       
79

       
+

       
        }


     

       
80

       
+

       
        {name = "jellyseerr";}


     

       
81

       
+

       
        {name = "karakeep";}


     

       
82

       
+

       
        {name = "miniflux";}


     

       
83

       
+

       
        {name = "prowlarr";}


     

       
84

       
+

       
        {name = "qbittorrent";}


     

       
85

       
+

       
        {name = "radarr";}


     

       
86

       
+

       
        {name = "radicale";}


     

       
87

       
+

       
        {name = "redlib";}


     

       
88

       
+

       
        {name = "sonarr";}


     

       
89

       
+

       
        {name = "webdav";}


     

       
90

       
+

       
      ]


     

       
91

       
+

       
      // {


     

       
92

       
+

       
        "http://${config.mySnippets.aylac-top.networkMap.pds.vHost}" = {


     

       
93

       
+

       
          extraConfig = ''


     

       
94

       
+

       
            encode zstd gzip


     

       
95

       
+

       



     

       
96

       
+

       
            handle / {


     

       
97

       
+

       
              respond "${pdsHomePage}"


     

       
98

       
+

       
            }


     

       
99

       
+

       



     

       
100

       
+

       
            handle /xrpc/app.bsky.unspecced.getAgeAssuranceState {


     

       
101

       
+

       
            	header content-type "application/json"


     

       
102

       
+

       
            	header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy"


     

       
103

       
+

       
            	header access-control-allow-origin "*"


     

       
104

       
+

       
            	respond `{"lastInitiatedAt":"2025-07-14T14:22:43.912Z","status":"assured"}` 200


     

       
105

       
+

       
            }


     

       
106

       
+

       



     

       
107

       
+

       
            handle {


     

       
108

       
+

       
              reverse_proxy ${config.mySnippets.aylac-top.networkMap.pds.hostName}:${toString config.mySnippets.aylac-top.networkMap.pds.port}


     

       
109

       
+

       
            }


     

       
110

       
+

       
          '';


     

       
111

       
+

       
        };


     

       
112

       
+

       
      };


     

       
113

       
 

       



     

       
114

       
 

       
    pds = {


     

       
115

       
 

       
      enable = true;


     
···

       
248

       
 

       
    };


     

       
249

       
 

       



     

       
250

       
 

       
    jellyseerr = {


     

       
251

       
+

       
      enable = true;


     

       
252

       
 

       
      inherit (config.mySnippets.tailnet.networkMap.jellyseerr) port;


     

       
253

       
 

       
      openFirewall = true;


     

       
254

       
 

       
    };
+3
modules/nixos/profiles/btrfs/default.nix 
···

       
94

       
 

       
          -.snapshots


     

       
95

       
 

       
          -.thunderbird


     

       
96

       
 

       
          -.zshrc


     

       

       

       
     

       

       

       
     

       

       

       
     

       
97

       
 

       
        '';


     

       
98

       
 

       



     

       
99

       
 

       
        persistentTimer = true;


     
···

       
94

       
 

       
          -.snapshots


     

       
95

       
 

       
          -.thunderbird


     

       
96

       
 

       
          -.zshrc


     

       
97

       
+

       
          -.zen


     

       
98

       
+

       
          -.steam


     

       
99

       
+

       
          -.npm


     

       
100

       
 

       
        '';


     

       
101

       
 

       



     

       
102

       
 

       
        persistentTimer = true;
+4 -2
modules/nixos/services/caddy/default.nix 
···

       
8

       
 

       
  options.myNixOS.services.caddy.enable = lib.mkEnableOption "Caddy web server.";


     

       
9

       
 

       



     

       
10

       
 

       
  config = lib.mkIf config.myNixOS.services.caddy.enable {


     

       
11

       
-

       
    age.secrets.tailscaleCaddyAuth.file = "${self.inputs.secrets}/tailscale/caddyAuth.age";


     

       

       

       
     

       
12

       
 

       
    networking.firewall.allowedTCPPorts = [80 443];


     

       
13

       
 

       



     

       
14

       
 

       
    services = {


     

       
15

       
 

       
      caddy = {


     

       
16

       
 

       
        enable = true;


     

       
17

       
 

       
        enableReload = false;


     

       
18

       
-

       
        environmentFile = config.age.secrets.tailscaleCaddyAuth.path;


     

       
19

       
 

       



     

       
20

       
 

       
        globalConfig = ''


     

       
21

       
 

       
          tailscale {


     
···

       
30

       
 

       
      };


     

       
31

       
 

       
      tailscale.permitCertUid = "caddy";


     

       
32

       
 

       
    };


     

       

       

       
     

       
33

       
 

       
  };


     

       
34

       
 

       
}


     
···

       
8

       
 

       
  options.myNixOS.services.caddy.enable = lib.mkEnableOption "Caddy web server.";


     

       
9

       
 

       



     

       
10

       
 

       
  config = lib.mkIf config.myNixOS.services.caddy.enable {


     

       
11

       
+

       
    # TS_AUTHKEY and CF_API_TOKEN are defined in this file


     

       
12

       
+

       
    age.secrets.caddy.file = "${self.inputs.secrets}/caddy.age";


     

       
13

       
 

       
    networking.firewall.allowedTCPPorts = [80 443];


     

       
14

       
 

       



     

       
15

       
 

       
    services = {


     

       
16

       
 

       
      caddy = {


     

       
17

       
 

       
        enable = true;


     

       
18

       
 

       
        enableReload = false;


     

       
19

       
+

       
        environmentFile = config.age.secrets.caddy.path;


     

       
20

       
 

       



     

       
21

       
 

       
        globalConfig = ''


     

       
22

       
 

       
          tailscale {


     
···

       
31

       
 

       
      };


     

       
32

       
 

       
      tailscale.permitCertUid = "caddy";


     

       
33

       
 

       
    };


     

       
34

       
+

       
    systemd.services.caddy.serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";


     

       
35

       
 

       
  };


     

       
36

       
 

       
}
+1 -1
modules/nixos/services/tailscale/default.nix 
···

       
35

       
 

       
      }


     

       
36

       
 

       
    ];


     

       
37

       
 

       



     

       
38

       
-

       
    age.secrets.tailscaleCaddyAuth.file = "${self.inputs.secrets}/tailscale/caddyAuth.age";


     

       
39

       
 

       



     

       
40

       
 

       
    home-manager.sharedModules = [


     

       
41

       
 

       
      {


     
···

       
35

       
 

       
      }


     

       
36

       
 

       
    ];


     

       
37

       
 

       



     

       
38

       
+

       
    age.secrets.caddy.file = "${self.inputs.secrets}/caddy.age";


     

       
39

       
 

       



     

       
40

       
 

       
    home-manager.sharedModules = [


     

       
41

       
 

       
      {