commit 82999766121c6991d52cd4e3290c7b712361bd90 · aylac.top/nixcfg-own-knot

+3 -3

flake.lock

···

       845
       845
        
           "secrets": {

     

       846
       846
        
             "flake": false,

     

       847
       847
        
             "locked": {

     

       848
       848
       -
               "lastModified": 1755423521,

     

       849
       849
       -
               "narHash": "sha256-ktRjo/fjYkXFLWpKBo35dgO5Vd8kYUbbXQvo8o95jPY=",

     

       848
       848
       +
               "lastModified": 1755538042,

     

       849
       849
       +
               "narHash": "sha256-kL2EyRZPQUUqdurdwJjtbqNhAUJ5Rmr9FnrGvgzINag=",

     

       850
       850
        
               "owner": "ayla6",

     

       851
       851
        
               "repo": "secrets",

     

       852
       852
       -
               "rev": "4a3edbeb58e6cb001eb3564c1f09195198308a9c",

     

       852
       852
       +
               "rev": "a81f823b6c21211436c2e1114534a6bb41f11462",

     

       853
       853
        
               "type": "github"

     

       854
       854
        
             },

     

       855
       855
        
             "original": {

hosts/jezebel/default.nix

···

       5
       5
        
       }: {

     

       6
       6
        
         imports = [

     

       7
       7
        
           ./secrets.nix

     

       8
       8
       +
           ./services.nix

     

       8
       9
        
           self.nixosModules.locale-en-gb

     

       9
       10
        
           "${modulesPath}/profiles/qemu-guest.nix"

     

       10
       11
        
           self.diskoConfigurations.btrfs-vps

     
···

       23
       24
        
             base.enable = true;

     

       24
       25
        
             btrfs.enable = true;

     

       25
       26
        
             server.enable = true;

     

       27
       27
       +
             backups.enable = true;

     

       26
       28
        
             vps.enable = true;

     

       27
       29
        
             autoUpgrade = {

     

       28
       30
        
               enable = true;

hosts/jezebel/secrets.nix

···

       1
       1
        
       {self, ...}: {

     

       2
       2
        
         age.secrets = {

     

       3
       3
        
           tailscaleAuthKey.file = "${self.inputs.secrets}/tailscale/auth.age";

     

       4
       4
       +
           resticPassword.file = "${self.inputs.secrets}/restic-passwd.age";

     

       5
       5
       +
           rclone.file = "${self.inputs.secrets}/rclone.age";

     

       4
       6
        
         };

     

       5
       7
        
       }

+25

hosts/jezebel/services.nix

···

       1
       1
       +
       {config, ...}: {

     

       2
       2
       +
         services = {

     

       3
       3
       +
           caddy = {

     

       4
       4
       +
             virtualHosts = {

     

       5
       5
       +
               "${config.mySnippets.tailnet.networkMap.uptime-kuma.vHost}" = {

     

       6
       6
       +
                 extraConfig = ''

     

       7
       7
       +
                   bind tailscale/uptime-kuma

     

       8
       8
       +
                   encode zstd gzip

     

       9
       9
       +
                   reverse_proxy ${config.mySnippets.tailnet.networkMap.uptime-kuma.hostName}:${toString config.mySnippets.tailnet.networkMap.uptime-kuma.port}

     

       10
       10
       +
                 '';

     

       11
       11
       +
               };

     

       12
       12
       +
             };

     

       13
       13
       +
           };

     

       14
       14
       +
       

     

       15
       15
       +
           uptime-kuma = {

     

       16
       16
       +
             enable = true;

     

       17
       17
       +
             appriseSupport = true;

     

       18
       18
       +
       

     

       19
       19
       +
             settings = {

     

       20
       20
       +
               PORT = toString config.mySnippets.aylac-top.networkMap.uptime-kuma.port;

     

       21
       21
       +
               HOST = "0.0.0.0";

     

       22
       22
       +
             };

     

       23
       23
       +
           };

     

       24
       24
       +
         };

     

       25
       25
       +
       }

+1 -1

hosts/nanpi/secrets.nix

···

       3
       3
        
           cloudflareCertificate.file = "${self.inputs.secrets}/cloudflare/certificate.age";

     

       4
       4
        
           cloudflareCredentials.file = "${self.inputs.secrets}/cloudflare/credentials.age";

     

       5
       5
        
           pds.file = "${self.inputs.secrets}/pds.age";

     

       6
       6
       +
           resticPassword.file = "${self.inputs.secrets}/restic-passwd.age";

     

       6
       7
        
           rclone.file = "${self.inputs.secrets}/rclone.age";

     

       7
       8
        
           tailscaleAuthKey.file = "${self.inputs.secrets}/tailscale/auth.age";

     

       8
       9
        
           syncthingCert.file = "${self.inputs.secrets}/ayla/syncthing/nanpi/cert.age";

     

       9
       10
        
           syncthingKey.file = "${self.inputs.secrets}/ayla/syncthing/nanpi/key.age";

     

       10
       10
       -
           resticPassword.file = "${self.inputs.secrets}/restic-passwd.age";

     

       11
       11
        
           vaultwarden.file = "${self.inputs.secrets}/vaultwarden.age";

     

       12
       12
        
         };

     

       13
       13
        
       }

hosts/nanpi/services.nix

···

       8
       8
        
             pdsadmin.enable = true;

     

       9
       9
        
             settings = {

     

       10
       10
        
               PDS_HOSTNAME = config.mySnippets.aylac-top.networkMap.pds.vHost;

     

       11
       11
       +
               # PDS_BSKY_APP_VIEW_URL = "https://bsky.zeppelin.social";

     

       12
       12
       +
               # PDS_BSKY_APP_VIEW_DID = "did:web:bsky.zeppelin.social";

     

       11
       13
        
             };

     

       12
       14
        
           };

     

       13
       15

+2 -1

modules/home/programs/chromium/default.nix

···

       42
       42
        
             package =

     

       43
       43
        
               if pkgs.stdenv.isDarwin

     

       44
       44
        
               then (pkgs.runCommand "chromium-0.0.0" {} "mkdir $out")

     

       45
       45
       -
               else pkgs.chromium;

     

       45
       45
       +
               # else pkgs.chromium;

     

       46
       46
       +
               else pkgs.ungoogled-chromium;

     

       46
       47
        
       

     

       47
       48
        
             commandLineArgs = lib.mkIf pkgs.stdenv.isLinux [

     

       48
       49
        
               "--enable-features=TouchpadOverscrollHistoryNavigation"

+1 -2

modules/nixos/services/caddy/default.nix

···

       28
       28
        
                 hash = "sha256-0GsjeeJnfLsJywWzWwJcCDk5wjTSBwzqMBY7iHjPQa8=";

     

       29
       29
        
               };

     

       30
       30
        
             };

     

       31
       31
       +
             tailscale.permitCertUid = "caddy";

     

       31
       32
        
           };

     

       32
       32
       -
       

     

       33
       33
       -
           myNixOS.replacement.services.tailscale.permitCertUid = "caddy";

     

       34
       33
        
         };

     

       35
       34
        
       }

+10 -5

modules/nixos/services/tailscale/default.nix

···

       5
       5
        
         self,

     

       6
       6
        
         ...

     

       7
       7
        
       }: {

     

       8
       8
       -
         imports = [

     

       9
       9
       -
           ./service.nix

     

       10
       10
       -
         ];

     

       11
       11
       -
       

     

       12
       8
        
         options.myNixOS.services.tailscale = {

     

       13
       9
        
           enable = lib.mkEnableOption "Tailscale VPN service";

     

       14
       10
        
       

     
···

       74
       70
        
             };

     

       75
       71
        
           };

     

       76
       72
        
       

     

       77
       77
       -
           myNixOS.replacement.services.tailscale = {

     

       73
       73
       +
           services.tailscale = {

     

       78
       74
        
             enable = true;

     

       79
       75
        
             inherit (config.myNixOS.services.tailscale) authKeyFile;

     

       80
       76
        
       

     
···

       88
       84
        
             openFirewall = true;

     

       89
       85
        
             permitCertUid = lib.mkIf config.services.caddy.enable "caddy";

     

       90
       86
        
             useRoutingFeatures = "both";

     

       87
       87
       +
           };

     

       88
       88
       +
       

     

       89
       89
       +
           # who's the devil who made it impossible for this to work dude

     

       90
       90
       +
           # this is so dirty

     

       91
       91
       +
           systemd.services.tailscaled.serviceConfig.Environment = lib.mkAfter [

     

       92
       92
       +
             "TS_NO_LOGS_NO_SUPPORT=true"

     

       93
       93
       +
           ];

     

       94
       94
       +
           networking.hosts = {

     

       95
       95
       +
             "0.0.0.0" = ["log.tailscale.com"];

     

       91
       96
        
           };

     

       92
       97
        
         };

     

       93
       98
        
       }

-256

modules/nixos/services/tailscale/service.nix

···

       1
       1
       -
       # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/tailscale.nix

     

       2
       2
       -
       {

     

       3
       3
       -
         config,

     

       4
       4
       -
         lib,

     

       5
       5
       -
         pkgs,

     

       6
       6
       -
         ...

     

       7
       7
       -
       }:

     

       8
       8
       -
       with lib; let

     

       9
       9
       -
         cfg = config.myNixOS.replacement.services.tailscale;

     

       10
       10
       -
         isNetworkd = config.networking.useNetworkd;

     

       11
       11
       -
       in {

     

       12
       12
       -
         meta.maintainers = with maintainers; [

     

       13
       13
       -
           mbaillie

     

       14
       14
       -
           mfrw

     

       15
       15
       -
         ];

     

       16
       16
       -
       

     

       17
       17
       -
         options.myNixOS.replacement.services.tailscale = {

     

       18
       18
       -
           enable = mkEnableOption "Tailscale client daemon";

     

       19
       19
       -
       

     

       20
       20
       -
           port = mkOption {

     

       21
       21
       -
             type = types.port;

     

       22
       22
       -
             default = 41641;

     

       23
       23
       -
             description = "The port to listen on for tunnel traffic (0=autoselect).";

     

       24
       24
       -
           };

     

       25
       25
       -
       

     

       26
       26
       -
           interfaceName = mkOption {

     

       27
       27
       -
             type = types.str;

     

       28
       28
       -
             default = "tailscale0";

     

       29
       29
       -
             description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.'';

     

       30
       30
       -
           };

     

       31
       31
       -
       

     

       32
       32
       -
           permitCertUid = mkOption {

     

       33
       33
       -
             type = types.nullOr types.nonEmptyStr;

     

       34
       34
       -
             default = null;

     

       35
       35
       -
             description = "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node.";

     

       36
       36
       -
           };

     

       37
       37
       -
       

     

       38
       38
       -
           disableTaildrop = mkOption {

     

       39
       39
       -
             default = false;

     

       40
       40
       -
             type = types.bool;

     

       41
       41
       -
             description = "Whether to disable the Taildrop feature for sending files between nodes.";

     

       42
       42
       -
           };

     

       43
       43
       -
       

     

       44
       44
       -
           noLogsNoSupport = mkOption {

     

       45
       45
       -
             default = true;

     

       46
       46
       -
             type = types.bool;

     

       47
       47
       -
             description = "They spam this every minute and I'm on the free tier of NextDNS so I can't let it happen.";

     

       48
       48
       -
           };

     

       49
       49
       -
       

     

       50
       50
       -
           package = lib.mkPackageOption pkgs "tailscale" {};

     

       51
       51
       -
       

     

       52
       52
       -
           openFirewall = mkOption {

     

       53
       53
       -
             default = false;

     

       54
       54
       -
             type = types.bool;

     

       55
       55
       -
             description = "Whether to open the firewall for the specified port.";

     

       56
       56
       -
           };

     

       57
       57
       -
       

     

       58
       58
       -
           useRoutingFeatures = mkOption {

     

       59
       59
       -
             type = types.enum [

     

       60
       60
       -
               "none"

     

       61
       61
       -
               "client"

     

       62
       62
       -
               "server"

     

       63
       63
       -
               "both"

     

       64
       64
       -
             ];

     

       65
       65
       -
             default = "none";

     

       66
       66
       -
             example = "server";

     

       67
       67
       -
             description = ''

     

       68
       68
       -
               Enables settings required for Tailscale's routing features like subnet routers and exit nodes.

     

       69
       69
       -
       

     

       70
       70
       -
               To use these these features, you will still need to call `sudo tailscale up` with the relevant flags like `--advertise-exit-node` and `--exit-node`.

     

       71
       71
       -
       

     

       72
       72
       -
               When set to `client` or `both`, reverse path filtering will be set to loose instead of strict.

     

       73
       73
       -
               When set to `server` or `both`, IP forwarding will be enabled.

     

       74
       74
       -
             '';

     

       75
       75
       -
           };

     

       76
       76
       -
       

     

       77
       77
       -
           authKeyFile = mkOption {

     

       78
       78
       -
             type = types.nullOr types.path;

     

       79
       79
       -
             default = null;

     

       80
       80
       -
             example = "/run/secrets/tailscale_key";

     

       81
       81
       -
             description = ''

     

       82
       82
       -
               A file containing the auth key.

     

       83
       83
       -
               Tailscale will be automatically started if provided.

     

       84
       84
       -
             '';

     

       85
       85
       -
           };

     

       86
       86
       -
       

     

       87
       87
       -
           authKeyParameters = mkOption {

     

       88
       88
       -
             type = types.submodule {

     

       89
       89
       -
               options = {

     

       90
       90
       -
                 ephemeral = mkOption {

     

       91
       91
       -
                   type = types.nullOr types.bool;

     

       92
       92
       -
                   default = null;

     

       93
       93
       -
                   description = "Whether to register as an ephemeral node.";

     

       94
       94
       -
                 };

     

       95
       95
       -
                 preauthorized = mkOption {

     

       96
       96
       -
                   type = types.nullOr types.bool;

     

       97
       97
       -
                   default = null;

     

       98
       98
       -
                   description = "Whether to skip manual device approval.";

     

       99
       99
       -
                 };

     

       100
       100
       -
                 baseURL = mkOption {

     

       101
       101
       -
                   type = types.nullOr types.str;

     

       102
       102
       -
                   default = null;

     

       103
       103
       -
                   description = "Base URL for the Tailscale API.";

     

       104
       104
       -
                 };

     

       105
       105
       -
               };

     

       106
       106
       -
             };

     

       107
       107
       -
             default = {};

     

       108
       108
       -
             description = ''

     

       109
       109
       -
               Extra parameters to pass after the auth key.

     

       110
       110
       -
               See https://tailscale.com/kb/1215/oauth-clients#registering-new-nodes-using-oauth-credentials

     

       111
       111
       -
             '';

     

       112
       112
       -
           };

     

       113
       113
       -
       

     

       114
       114
       -
           extraUpFlags = mkOption {

     

       115
       115
       -
             description = ''

     

       116
       116
       -
               Extra flags to pass to {command}`tailscale up`. Only applied if `authKeyFile` is specified.";

     

       117
       117
       -
             '';

     

       118
       118
       -
             type = types.listOf types.str;

     

       119
       119
       -
             default = [];

     

       120
       120
       -
             example = ["--ssh"];

     

       121
       121
       -
           };

     

       122
       122
       -
       

     

       123
       123
       -
           extraSetFlags = mkOption {

     

       124
       124
       -
             description = "Extra flags to pass to {command}`tailscale set`.";

     

       125
       125
       -
             type = types.listOf types.str;

     

       126
       126
       -
             default = [];

     

       127
       127
       -
             example = ["--advertise-exit-node"];

     

       128
       128
       -
           };

     

       129
       129
       -
       

     

       130
       130
       -
           extraDaemonFlags = mkOption {

     

       131
       131
       -
             description = "Extra flags to pass to {command}`tailscaled`.";

     

       132
       132
       -
             type = types.listOf types.str;

     

       133
       133
       -
             default = [];

     

       134
       134
       -
             example = ["--no-logs-no-support"];

     

       135
       135
       -
           };

     

       136
       136
       -
         };

     

       137
       137
       -
       

     

       138
       138
       -
         config = mkIf cfg.enable {

     

       139
       139
       -
           environment.systemPackages = [cfg.package]; # for the CLI

     

       140
       140
       -
           systemd = {

     

       141
       141
       -
             packages = [cfg.package];

     

       142
       142
       -
       

     

       143
       143
       -
             services = {

     

       144
       144
       -
               tailscaled = {

     

       145
       145
       -
                 after = lib.mkIf config.networking.networkmanager.enable ["NetworkManager-wait-online.service"];

     

       146
       146
       -
                 wantedBy = ["multi-user.target"];

     

       147
       147
       -
                 path =

     

       148
       148
       -
                   [

     

       149
       149
       -
                     (builtins.dirOf config.security.wrapperDir) # for `su` to use taildrive with correct access rights

     

       150
       150
       -
                     pkgs.procps # for collecting running services (opt-in feature)

     

       151
       151
       -
                     pkgs.getent # for `getent` to look up user shells

     

       152
       152
       -
                     pkgs.kmod # required to pass tailscale's v6nat check

     

       153
       153
       -
                   ]

     

       154
       154
       -
                   ++ lib.optional config.networking.resolvconf.enable config.networking.resolvconf.package;

     

       155
       155
       -
                 serviceConfig.Environment =

     

       156
       156
       -
                   [

     

       157
       157
       -
                     "PORT=${toString cfg.port}"

     

       158
       158
       -
                     ''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName} ${lib.concatStringsSep " " cfg.extraDaemonFlags}"''

     

       159
       159
       -
                   ]

     

       160
       160
       -
                   ++ lib.optional cfg.noLogsNoSupport [

     

       161
       161
       -
                     # they spam this to hell and the other configs like the one above didn't work to disable it. i'm on the nextdns freetier dude!!

     

       162
       162
       -
                     "TS_NO_LOGS_NO_SUPPORT=true"

     

       163
       163
       -
                   ]

     

       164
       164
       -
                   ++ (lib.optionals (cfg.permitCertUid != null) [

     

       165
       165
       -
                     "TS_PERMIT_CERT_UID=${cfg.permitCertUid}"

     

       166
       166
       -
                   ])

     

       167
       167
       -
                   ++ (lib.optionals cfg.disableTaildrop [

     

       168
       168
       -
                     "TS_DISABLE_TAILDROP=true"

     

       169
       169
       -
                   ]);

     

       170
       170
       -
                 # Restart tailscaled with a single `systemctl restart` at the

     

       171
       171
       -
                 # end of activation, rather than a `stop` followed by a later

     

       172
       172
       -
                 # `start`. Activation over Tailscale can hang for tens of

     

       173
       173
       -
                 # seconds in the stop+start setup, if the activation script has

     

       174
       174
       -
                 # a significant delay between the stop and start phases

     

       175
       175
       -
                 # (e.g. script blocked on another unit with a slow shutdown).

     

       176
       176
       -
                 #

     

       177
       177
       -
                 # Tailscale is aware of the correctness tradeoff involved, and

     

       178
       178
       -
                 # already makes its upstream systemd unit robust against unit

     

       179
       179
       -
                 # version mismatches on restart for compatibility with other

     

       180
       180
       -
                 # linux distros.

     

       181
       181
       -
                 stopIfChanged = false;

     

       182
       182
       -
               };

     

       183
       183
       -
               tailscaled-autoconnect = mkIf (cfg.authKeyFile != null) {

     

       184
       184
       -
                 after = ["tailscaled.service"];

     

       185
       185
       -
                 wants = ["tailscaled.service"];

     

       186
       186
       -
                 wantedBy = ["multi-user.target"];

     

       187
       187
       -
                 serviceConfig = {

     

       188
       188
       -
                   Type = "oneshot";

     

       189
       189
       -
                 };

     

       190
       190
       -
                 # https://github.com/tailscale/tailscale/blob/v1.72.1/ipn/backend.go#L24-L32

     

       191
       191
       -
                 script = let

     

       192
       192
       -
                   statusCommand = "${lib.getExe cfg.package} status --json --peers=false | ${lib.getExe pkgs.jq} -r '.BackendState'";

     

       193
       193
       -
                   paramToString = v:

     

       194
       194
       -
                     if (builtins.isBool v)

     

       195
       195
       -
                     then (lib.boolToString v)

     

       196
       196
       -
                     else (toString v);

     

       197
       197
       -
                   params = lib.pipe cfg.authKeyParameters [

     

       198
       198
       -
                     (lib.filterAttrs (_: v: v != null))

     

       199
       199
       -
                     (lib.mapAttrsToList (k: v: "${k}=${paramToString v}"))

     

       200
       200
       -
                     (builtins.concatStringsSep "&")

     

       201
       201
       -
                     (params:

     

       202
       202
       -
                       if params != ""

     

       203
       203
       -
                       then "?${params}"

     

       204
       204
       -
                       else "")

     

       205
       205
       -
                   ];

     

       206
       206
       -
                 in ''

     

       207
       207
       -
                   while [[ "$(${statusCommand})" == "NoState" ]]; do

     

       208
       208
       -
                     sleep 0.5

     

       209
       209
       -
                   done

     

       210
       210
       -
                   status=$(${statusCommand})

     

       211
       211
       -
                   if [[ "$status" == "NeedsLogin" || "$status" == "NeedsMachineAuth" ]]; then

     

       212
       212
       -
                     ${lib.getExe cfg.package} up --auth-key "$(cat ${cfg.authKeyFile})${params}" ${escapeShellArgs cfg.extraUpFlags}

     

       213
       213
       -
                   fi

     

       214
       214
       -
                 '';

     

       215
       215
       -
               };

     

       216
       216
       -
       

     

       217
       217
       -
               tailscaled-set = mkIf (cfg.extraSetFlags != []) {

     

       218
       218
       -
                 after = ["tailscaled.service"];

     

       219
       219
       -
                 wants = ["tailscaled.service"];

     

       220
       220
       -
                 wantedBy = ["multi-user.target"];

     

       221
       221
       -
                 serviceConfig = {

     

       222
       222
       -
                   Type = "oneshot";

     

       223
       223
       -
                 };

     

       224
       224
       -
                 script = ''

     

       225
       225
       -
                   ${lib.getExe cfg.package} set ${escapeShellArgs cfg.extraSetFlags}

     

       226
       226
       -
                 '';

     

       227
       227
       -
               };

     

       228
       228
       -
             };

     

       229
       229
       -
       

     

       230
       230
       -
             network.networks."50-tailscale" = mkIf isNetworkd {

     

       231
       231
       -
               matchConfig = {

     

       232
       232
       -
                 Name = cfg.interfaceName;

     

       233
       233
       -
               };

     

       234
       234
       -
               linkConfig = {

     

       235
       235
       -
                 Unmanaged = true;

     

       236
       236
       -
                 ActivationPolicy = "manual";

     

       237
       237
       -
               };

     

       238
       238
       -
             };

     

       239
       239
       -
           };

     

       240
       240
       -
       

     

       241
       241
       -
           boot.kernel.sysctl = mkIf (cfg.useRoutingFeatures == "server" || cfg.useRoutingFeatures == "both") {

     

       242
       242
       -
             "net.ipv4.conf.all.forwarding" = mkOverride 97 true;

     

       243
       243
       -
             "net.ipv6.conf.all.forwarding" = mkOverride 97 true;

     

       244
       244
       -
           };

     

       245
       245
       -
       

     

       246
       246
       -
           networking = {

     

       247
       247
       -
             firewall = {

     

       248
       248
       -
               allowedUDPPorts = mkIf cfg.openFirewall [cfg.port];

     

       249
       249
       -
               checkReversePath = mkIf (

     

       250
       250
       -
                 cfg.useRoutingFeatures == "client" || cfg.useRoutingFeatures == "both"

     

       251
       251
       -
               ) "loose";

     

       252
       252
       -
             };

     

       253
       253
       -
             dhcpcd.denyInterfaces = [cfg.interfaceName];

     

       254
       254
       -
           };

     

       255
       255
       -
         };

     

       256
       256
       -
       }

modules/snippets/aylac-top/default.nix

···

       22
       22
        
               port = 8222;

     

       23
       23
        
               vHost = "vault.aylac.top";

     

       24
       24
        
             };

     

       25
       25
       +
       

     

       26
       26
       +
             uptime-kuma = {

     

       27
       27
       +
               # Only used for status pages

     

       28
       28
       +
               hostName = "jezebel";

     

       29
       29
       +
               port = 3008;

     

       30
       30
       +
             };

     

       25
       31
        
           };

     

       26
       32
        
         };

     

       27
       33
        
       }

modules/snippets/tailnet/default.nix

···

       38
       38
        
                 port = 5232;

     

       39
       39
        
                 vHost = "radicale.${config.mySnippets.tailnet.name}";

     

       40
       40
        
               };

     

       41
       41
       +
       

     

       42
       42
       +
               uptime-kuma = {

     

       43
       43
       +
                 hostName = "jezebel";

     

       44
       44
       +
                 port = 3008;

     

       45
       45
       +
                 vHost = "uptime-kuma.${config.mySnippets.tailnet.name}";

     

       46
       46
       +
               };

     

       41
       47
        
             };

     

       42
       48
        
           };

     

       43
       49
        
         };