aylac.top / nixcfg-own-knot
forked from aylac.top/nixcfg
this repo has no description
fork atom

took karakeep off because it's heavy as shit and tried making pds-gatekeeper work and failed

aylac.top bc8dd2a6 c4290846

verified
options
unified split
Changed files
+103 -20
flake.lock
flake.nix
hosts
nanpi
default.nix
modules
flake
nixos.nix
home
snippets
firefox-based
default.nix
nixos
services
caddy
default.nix
glance
default.nix
pds
default.nix
+25 -4
flake.lock 
···

       
1005

       
1005

       
 

       
        "nixpkgs-unstable": "nixpkgs-unstable",


     

       
1006

       
1006

       
 

       
        "nur": "nur",


     

       
1007

       
1007

       
 

       
        "secrets": "secrets",


     

       
1008

       

       
-

       
        "tangled-core": "tangled-core"


     

       

       
1008

       
+

       
        "tangled-core": "tangled-core",


     

       

       
1009

       
+

       
        "tgirlpkgs": "tgirlpkgs"


     

       
1009

       
1010

       
 

       
      }


     

       
1010

       
1011

       
 

       
    },


     

       
1011

       
1012

       
 

       
    "rust-overlay": {


     
···

       
1032

       
1033

       
 

       
    "secrets": {


     

       
1033

       
1034

       
 

       
      "flake": false,


     

       
1034

       
1035

       
 

       
      "locked": {


     

       
1035

       

       
-

       
        "lastModified": 1756947975,


     

       
1036

       

       
-

       
        "narHash": "sha256-Wgu/RE90hq9PixuZnlhx7UO5QXNBLWbrMN0PZnJSGX4=",


     

       

       
1036

       
+

       
        "lastModified": 1757008448,


     

       

       
1037

       
+

       
        "narHash": "sha256-VJT0UpykwNz8P9xMbC+8CZxEXz+9badjrcXh20UIMbE=",


     

       
1037

       
1038

       
 

       
        "owner": "ayla6",


     

       
1038

       
1039

       
 

       
        "repo": "secrets",


     

       
1039

       

       
-

       
        "rev": "9075972fc860180bec1d885a2e00f9aa79944249",


     

       

       
1040

       
+

       
        "rev": "4b5ce5c5863e7b421e6a300a2be417e872ebf19f",


     

       
1040

       
1041

       
 

       
        "type": "github"


     

       
1041

       
1042

       
 

       
      },


     

       
1042

       
1043

       
 

       
      "original": {


     
···

       
1114

       
1115

       
 

       
      "original": {


     

       
1115

       
1116

       
 

       
        "type": "git",


     

       
1116

       
1117

       
 

       
        "url": "https://tangled.sh/@tangled.sh/core"


     

       

       
1118

       
+

       
      }


     

       

       
1119

       
+

       
    },


     

       

       
1120

       
+

       
    "tgirlpkgs": {


     

       

       
1121

       
+

       
      "inputs": {


     

       

       
1122

       
+

       
        "nixpkgs": [


     

       

       
1123

       
+

       
          "nixpkgs"


     

       

       
1124

       
+

       
        ]


     

       

       
1125

       
+

       
      },


     

       

       
1126

       
+

       
      "locked": {


     

       

       
1127

       
+

       
        "lastModified": 1756975169,


     

       

       
1128

       
+

       
        "narHash": "sha256-WGmLn8/KWBCXvQHv0qDtWaXEIsY7IJd0crAkebY1CDE=",


     

       

       
1129

       
+

       
        "owner": "tgirlcloud",


     

       

       
1130

       
+

       
        "repo": "pkgs",


     

       

       
1131

       
+

       
        "rev": "e37520861e648c76ee63ffad2d560bd45326bf92",


     

       

       
1132

       
+

       
        "type": "github"


     

       

       
1133

       
+

       
      },


     

       

       
1134

       
+

       
      "original": {


     

       

       
1135

       
+

       
        "owner": "tgirlcloud",


     

       

       
1136

       
+

       
        "repo": "pkgs",


     

       

       
1137

       
+

       
        "type": "github"


     

       
1117

       
1138

       
 

       
      }


     

       
1118

       
1139

       
 

       
    },


     

       
1119

       
1140

       
 

       
    "treefmt-nix": {
+5
flake.nix 
···

       
59

       
59

       
 

       
      inputs.nixpkgs.follows = "nixpkgs";


     

       
60

       
60

       
 

       
    };


     

       
61

       
61

       
 

       



     

       

       
62

       
+

       
    tgirlpkgs = {


     

       

       
63

       
+

       
      url = "github:tgirlcloud/pkgs";


     

       

       
64

       
+

       
      inputs.nixpkgs.follows = "nixpkgs";


     

       

       
65

       
+

       
    };


     

       

       
66

       
+

       



     

       
62

       
67

       
 

       
    firefox-onebar = {


     

       
63

       
68

       
 

       
      url = "https://git.gay/freeplay/Firefox-Onebar/raw/branch/waf/onebar.css";


     

       
64

       
69

       
 

       
      flake = false;
+1 -1
hosts/nanpi/default.nix 
···

       
54

       
54

       
 

       
      glance.enable = true;


     

       
55

       
55

       
 

       
      jellyfin.enable = true;


     

       
56

       
56

       
 

       
      jellyseerr.enable = true;


     

       
57

       

       
-

       
      karakeep.enable = true;


     

       

       
57

       
+

       
      karakeep.enable = false;


     

       
58

       
58

       
 

       
      miniflux.enable = true;


     

       
59

       
59

       
 

       
      ntfy.enable = true;


     

       
60

       
60

       
 

       
      pds.enable = true;
+1
modules/flake/nixos.nix 
···

       
37

       
37

       
 

       
              inputs.home-manager.nixosModules.home-manager


     

       
38

       
38

       
 

       
              inputs.lanzaboote.nixosModules.lanzaboote


     

       
39

       
39

       
 

       
              inputs.tangled-core.nixosModules.knot


     

       

       
40

       
+

       
              inputs.tgirlpkgs.nixosModules.default


     

       
40

       
41

       
 

       
              modules.hardware


     

       
41

       
42

       
 

       
              modules.nixos


     

       
42

       
43

       
 

       
              modules.snippets
+1 -1
modules/home/snippets/firefox-based/default.nix 
···

       
165

       
165

       
 

       
              steam-database


     

       
166

       
166

       
 

       
              snowflake


     

       
167

       
167

       
 

       
              sponsorblock


     

       
168

       

       
-

       
              karakeep


     

       

       
168

       
+

       
              #karakeep


     

       
169

       
169

       
 

       
              bitwarden


     

       
170

       
170

       
 

       
            ];


     

       
171

       
171
+5
modules/nixos/services/caddy/default.nix 
···

       
12

       
12

       
 

       
    age.secrets.caddy.file = "${self.inputs.secrets}/caddy.age";


     

       
13

       
13

       
 

       
    networking.firewall.allowedTCPPorts = [80 443];


     

       
14

       
14

       
 

       



     

       

       
15

       
+

       
    boot.kernel.sysctl = {


     

       

       
16

       
+

       
      "net.core.rmem_max" = 7500000;


     

       

       
17

       
+

       
      "net.core.wmem_max" = 7500000;


     

       

       
18

       
+

       
    };


     

       

       
19

       
+

       



     

       
15

       
20

       
 

       
    services = {


     

       
16

       
21

       
 

       
      caddy = {


     

       
17

       
22

       
 

       
        enable = true;
+6 -6
modules/nixos/services/glance/default.nix 
···

       
84

       
84

       
 

       
                          check-url = "http://${tailnet.networkMap.vaultwarden.hostName}:${toString tailnet.networkMap.vaultwarden.port}/";


     

       
85

       
85

       
 

       
                          icon = "di:vaultwarden";


     

       
86

       
86

       
 

       
                        }


     

       
87

       

       
-

       
                        {


     

       
88

       

       
-

       
                          title = "Karakeep";


     

       
89

       

       
-

       
                          url = "https://${tailnet.networkMap.karakeep.vHost}/";


     

       
90

       

       
-

       
                          check-url = "http://${tailnet.networkMap.karakeep.hostName}:${toString tailnet.networkMap.karakeep.port}/";


     

       
91

       

       
-

       
                          icon = "di:karakeep";


     

       
92

       

       
-

       
                        }


     

       

       
87

       
+

       
                        #{


     

       

       
88

       
+

       
                        #  title = "Karakeep";


     

       

       
89

       
+

       
                        #  url = "https://${tailnet.networkMap.karakeep.vHost}/";


     

       

       
90

       
+

       
                        #  check-url = "http://${tailnet.networkMap.karakeep.hostName}:${toString tailnet.networkMap.karakeep.port}/";


     

       

       
91

       
+

       
                        #  icon = "di:karakeep";


     

       

       
92

       
+

       
                        #}


     

       
93

       
93

       
 

       
                        {


     

       
94

       
94

       
 

       
                          title = "Jellyfin";


     

       
95

       
95

       
 

       
                          url = "https://${tailnet.networkMap.jellyfin.vHost}/";
+59 -8
modules/nixos/services/pds/default.nix 
···

       

       
1

       
+

       
# for the pds-gatekeeper https://tangled.sh/@isabelroses.com/dotfiles/blob/61ad925dc8b4537b568784971589b137df5cb948/modules/nixos/services/pds.nix


     

       
1

       
2

       
 

       
{


     

       
2

       
3

       
 

       
  config,


     

       
3

       
4

       
 

       
  lib,


     

       

       
5

       
+

       
  pkgs,


     

       

       
6

       
+

       
  self,


     

       
4

       
7

       
 

       
  ...


     

       
5

       
8

       
 

       
}: let


     

       
6

       
9

       
 

       
  name = "pds";


     

       
7

       
10

       
 

       
  cfg = config.myNixOS.services.${name};


     

       

       
11

       
+

       



     

       

       
12

       
+

       
  gk = config.containers.pds.config.services.pds-gatekeeper.settings;


     

       

       
13

       
+

       
  gkurl = "http://${gk.GATEKEEPER_HOST}:${toString gk.GATEKEEPER_PORT}";


     

       
8

       
14

       
 

       



     

       
9

       
15

       
 

       
  network = config.mySnippets.aylac-top;


     

       
10

       
16

       
 

       
  service = network.networkMap.${name};


     
···

       
40

       
46

       
 

       
          respond "${pdsHomePage}"


     

       
41

       
47

       
 

       
        }


     

       
42

       
48

       
 

       



     

       

       
49

       
+

       
        # https://gist.github.com/mary-ext/6e27b24a83838202908808ad528b3318


     

       
43

       
50

       
 

       
        handle /xrpc/app.bsky.unspecced.getAgeAssuranceState {


     

       
44

       
51

       
 

       
        	header content-type "application/json"


     

       
45

       
52

       
 

       
        	header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy"


     
···

       
47

       
54

       
 

       
        	respond `{"lastInitiatedAt":"2025-07-14T14:22:43.912Z","status":"assured"}` 200


     

       
48

       
55

       
 

       
        }


     

       
49

       
56

       
 

       



     

       

       
57

       
+

       
        # hijack the links for pds-gatekeeper


     

       

       
58

       
+

       
        #@gatekeeper {


     

       

       
59

       
+

       
        #  path /xrpc/com.atproto.server.getSession


     

       

       
60

       
+

       
        #  path /xrpc/com.atproto.server.updateEmail


     

       

       
61

       
+

       
        #  path /xrpc/com.atproto.server.createSession


     

       

       
62

       
+

       
        #  path /@atproto/oauth-provider/~api/sign-in


     

       

       
63

       
+

       
        #}


     

       

       
64

       
+

       



     

       

       
65

       
+

       
        #handle @gatekeeper {


     

       

       
66

       
+

       
        #  reverse_proxy ${gkurl}


     

       

       
67

       
+

       
        #}


     

       

       
68

       
+

       



     

       
50

       
69

       
 

       
        handle {


     

       
51

       
70

       
 

       
          reverse_proxy ${service.hostName}:${toString service.port}


     

       
52

       
71

       
 

       
        }


     
···

       
57

       
76

       
 

       
      autoStart = true;


     

       
58

       
77

       
 

       
      bindMounts."${config.age.secrets.pds.path}".isReadOnly = true;


     

       
59

       
78

       
 

       
      config = {


     

       
60

       

       
-

       
        services.bluesky-pds = {


     

       
61

       

       
-

       
          enable = true;


     

       
62

       

       
-

       
          environmentFiles = [config.age.secrets.pds.path];


     

       
63

       

       
-

       
          pdsadmin.enable = true;


     

       
64

       

       
-

       
          settings = {


     

       
65

       

       
-

       
            PDS_HOSTNAME = service.vHost;


     

       
66

       

       
-

       
            # PDS_BSKY_APP_VIEW_URL = "https://bsky.zeppelin.social";


     

       
67

       

       
-

       
            # PDS_BSKY_APP_VIEW_DID = "did:web:bsky.zeppelin.social";


     

       

       
79

       
+

       
        imports = [self.inputs.tgirlpkgs.nixosModules.default];


     

       

       
80

       
+

       



     

       

       
81

       
+

       
        services = {


     

       

       
82

       
+

       
          bluesky-pds = {


     

       

       
83

       
+

       
            enable = true;


     

       

       
84

       
+

       
            environmentFiles = [config.age.secrets.pds.path];


     

       

       
85

       
+

       
            pdsadmin.enable = true;


     

       

       
86

       
+

       
            settings = {


     

       

       
87

       
+

       
              PDS_HOSTNAME = service.vHost;


     

       

       
88

       
+

       
              PDS_PORT = service.port;


     

       

       
89

       
+

       
              # PDS_BSKY_APP_VIEW_URL = "https://bsky.zeppelin.social";


     

       

       
90

       
+

       
              # PDS_BSKY_APP_VIEW_DID = "did:web:bsky.zeppelin.social";


     

       

       
91

       
+

       



     

       

       
92

       
+

       
              # crawlers taken from the following post


     

       

       
93

       
+

       
              # <https://bsky.app/profile/billy.wales/post/3lxpd67hnks2e>


     

       

       
94

       
+

       
              PDS_CRAWLERS = lib.concatStringsSep "," [


     

       

       
95

       
+

       
                "https://bsky.network"


     

       

       
96

       
+

       
                "https://relay.cerulea.blue"


     

       

       
97

       
+

       
                "https://relay.fire.hose.cam"


     

       

       
98

       
+

       
                "https://relay2.fire.hose.cam"


     

       

       
99

       
+

       
                "https://relay3.fr.hose.cam"


     

       

       
100

       
+

       
                "https://relay.hayescmd.net"


     

       

       
101

       
+

       
              ];


     

       

       
102

       
+

       
            };


     

       

       
103

       
+

       
          };


     

       

       
104

       
+

       



     

       

       
105

       
+

       
          pds-gatekeeper = {


     

       

       
106

       
+

       
            enable = false;


     

       

       
107

       
+

       
            # we need to share a lot of secrets between pds and gatekeeper


     

       

       
108

       
+

       
            environmentFiles = [config.age.secrets.pds.path];


     

       

       
109

       
+

       



     

       

       
110

       
+

       
            settings = {


     

       

       
111

       
+

       
              GATEKEEPER_PORT = 3602;


     

       

       
112

       
+

       
              PDS_BASE_URL = "http://${service.hostName}:${toString service.port}";


     

       

       
113

       
+

       
              GATEKEEPER_TRUST_PROXY = "true";


     

       

       
114

       
+

       



     

       

       
115

       
+

       
              # make an empty file to prevent early errors due to no pds env


     

       

       
116

       
+

       
              # it really wants to load this file but with nix we don't really do it that way


     

       

       
117

       
+

       
              PDS_ENV_LOCATION = toString (pkgs.writeText "gatekeeper-pds-env" "");


     

       

       
118

       
+

       
            };


     

       
68

       
119

       
 

       
          };


     

       
69

       
120

       
 

       
        };


     

       
70

       
121